Connecting to VNC through websocket crashes in vnc_flush() when trying
to acquire a mutex that hasn't been initialized (vnc_init_state(vs)
hasn't been called at this point).
Signed-off-by: Jorge Acereda Macia <jacereda@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Now that -vnc goes through QemuOpts we can get vnc configuration
via -readconfig too. So setting display_remote in the command
line parsing code doesn't cut it any more, we must check QemuOpts
instead to see whenever any vnc display is configured.
Reported-by: Markus Armbruster <armbru@redhat.com>
Tested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This way the generated id will be stored in -writeconfig cfg files.
Also we can make vnc_auto_assign_id() local to vnc.c.
Tested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Patch queue for ppc - 2015-03-09
This is my current patch queue for 2.3. Highlights include:
* pseries: 2.3 machine
* pseries: Export RTC via QOM
* pseries: EEH support
* mac: save/restore support
* fix POWER5 hosts
* random bug fixes
# gpg: Signature made Mon Mar 9 14:00:53 2015 GMT using RSA key ID 03FEDC60
# gpg: Good signature from "Alexander Graf <agraf@suse.de>"
# gpg: aka "Alexander Graf <alex@csgraf.de>"
* remotes/agraf/tags/signed-ppc-for-upstream: (38 commits)
target-ppc: Fix warnings from Sparse
sPAPR: Implement sPAPRPHBClass EEH callbacks
sPAPR: Implement EEH RTAS calls
target-ppc: Add versions to server CPU descriptions
PPC: Introduce the Virtual Time Base (VTB) SPR register
PPC: Remove duplicate OPENPIC defines in default-configs
ppc64-softmmu: Remove duplicated OPENPIC from config
Revert "default-configs/ppc64: add all components of i82378 SuperIO chip used by prep"
spapr_vio: Convert to realize()
openpic: convert to vmstate
openpic: switch IRQQueue queue from inline to bitmap
openpic: fix up loadvm under -M mac99
openpic: fix segfault on -M mac99 savevm
target-ppc: force update of msr bits in cpu_post_load
target-ppc: move sdr1 value change detection logic to helper_store_sdr1()
cuda.c: include adb_poll_timer in VMStateDescription
adb.c: include ADBDevice parent state in KBDState and MouseState
macio.c: include parent PCIDevice state in VMStateDescription
display cpu id dump state
Openpic: check that cpu id is within the number of cpus
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The patch implements sPAPRPHBClass EEH callbacks so that the EEH
RTAS requests can be routed to VFIO for further handling.
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The emulation for EEH RTAS requests from guest isn't covered
by QEMU yet and the patch implements them.
The patch defines constants used by EEH RTAS calls and adds
callbacks sPAPRPHBClass::{eeh_set_option, eeh_get_state, eeh_reset,
eeh_configure}, which are going to be used as follows:
* RTAS calls are received in spapr_pci.c, sanity check is done
there.
* RTAS handlers handle what they can. If there is something it
cannot handle and the corresponding sPAPRPHBClass callback is
defined, it is called.
* Those callbacks are only implemented for VFIO now. They do ioctl()
to the IOMMU container fd to complete the calls. Error codes from
that ioctl() are transferred back to the guest.
[aik: defined RTAS tokens for EEH RTAS calls]
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
5b79b1c "target-ppc: Create versionless CPU class per family if KVM" added
a dynamic CPU class registration with the name of the CPU family which
QEMU is running on. For example, this allowed specifying "-cpu POWER7"
on every version of POWER7 machine, not just the one which POWER7 was
an alias of. I.e. before 5b79b1c, "-cpu POWER7" would not work on real
POWER7 2.1 and would work on POWER7 2.3 only. The same story for POWER8.
However that patch broke POWER5+ support as POWER5+ CPU uses the same
name as the CPU class so dynamic registering of the POWER5+ class failed.
This redefines POWER5+ server CPUs by adding a version to them and adding
an alias for TCG case. KVM will use dynamically registered CPUs.
While we are here, do the same for 970 CPU.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch adds basic support for the VTB.
PowerISA:
The Virtual Time Base (VTB) is a 64-bit incrementing counter.
Virtual Time Base increments at the same rate as the Time Base until its value
becomes 0xFFFF_FFFF_FFFF_FFFF (2 64 - 1); at the next increment its value
becomes 0x0000_0000_0000_0000. There is no interrupt or other indication when
this occurs.
The operation of the Virtual Time Base has the following additional
properties.
1. Loading a GPR from the Virtual Time Base has no effect on the accuracy of
the Virtual Time Base.
2. Copying the contents of a GPR to the Virtual Time Base replaces the
contents of the Virtual Time Base with the contents of the GPR.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This reverts commit 9c9984242c as even when
it was applied, all supposedly new config options were already enabled.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Bonus fix: always set an error on failure. Some failures were silent
before, except for the generic error set by device_realize().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This is in preparation for using VMSTATE_BITMAP in a followup vmstate
migration patch.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
Issuing loadvm under -M mac99 would fail for two reasons: firstly an incorrect
version number for openpic would cause openpic_load() to abort, and secondly
a cut/paste error when restoring the IVPR and IDR registers caused subsequent
vmstate sections to become misaligned and abort early.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
A simple copy/paste error causes savevm on -M mac99 to segfault.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
Since env->msr has already been restored by the time cpu_post_load is called,
make sure that ppc_store_msr() is explicitly called with all msr bits except
MSR_TGPR marked as invalid.
This solves the issue where MSR flags aren't set correctly when restoring a VM
snapshot, in particular the internal env->excp_prefix value when MSR_EP has
been altered by a guest.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
Otherwise when cpu_post_load calls ppc_store_sdr1() when restoring a VM
snapshot the value is deemed unchanged and so the internal env->htab*
variables aren't set correctly.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Make sure that we include the adb_poll_timer when saving the VM state for
client OSs that use it, e.g. Darwin.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
The parent ADBDevice contains the device id on the ADB bus. Make sure that
this state is included in both its subclasses since some clients (such as
OpenBIOS) reprogram each device id after enumeration.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
This ensures that the macio PCI device is correctly configured when restoring
from a VM snapshot.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
When the guest switches the interrupt endian mode, which essentially
means a global machine endian switch, we want to change the VGA
framebuffer endian mode as well in order to be backward compatible
with existing guests who don't know about the new endian control
register.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
The VGA device model now supports having the framebuffer in either endian,
and can be switched between these by the guest via a register in the qext
region.
However, in some cases (e.g. LE OS on the pseries machine) we have
existing guest that don't know about the endian switch register, but other
parts of the qemu code have better information to set a default endianness
than the VGA code does of itself.
In order to allow them to set a correct default endianness in these cases,
without breaking abstraction walls, this patch exposes the VGA framebuffer
endianness via a writable QOM property.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
[agraf: use instance_init for property exposure]
Signed-off-by: Alexander Graf <agraf@suse.de>
We call try_create_xics() to create a "xics-kvm". If it fails, we
call it again to fall back to plain "xics".
try_create_xics() uses qdev_init(). qdev_init()'s error handling has
an unwanted side effect: it calls qerror_report_err(), which prints to
stderr. Looks like an error, but isn't.
In QMP context, it would stash the error in the monitor instead,
making the QMP command fail. Fortunately, it's only called from board
initialization, never in QMP context.
Clean up by cutting out the qdev_init() middle-man: set property
"realized" directly.
While there, improve the error message when we can't satisfy an
explicit user request for "xics-kvm", and exit(1) instead of abort().
Simplify the abort when we can't create "xics".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
[agraf: squash in fix for uninitialized variable from mdroth]
Signed-off-by: Alexander Graf <agraf@suse.de>
We call ppce500_init_mpic_kvm() to create a "kvm-openpic". If it
fails, we call ppce500_init_mpic_qemu() to fall back to plain
"openpic".
ppce500_init_mpic_kvm() uses qdev_init(). qdev_init()'s error
handling has an unwanted side effect: it calls qerror_report_err(),
which prints to stderr. Looks like an error, but isn't.
In QMP context, it would stash the error in the monitor instead,
making the QMP command fail. Fortunately, it's only called from board
initialization, never in QMP context.
Clean up by cutting out the qdev_init() middle-man: set property
"realized" directly.
While there, improve the error message when we can't satisfy an
explicit user request for "kvm-openpic", and exit(1) instead of
abort().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
On x86, the guest's RTC can be read with QMP, either from the RTC device's
"date" property or via the "rtc-time" property on the machine (which is an
alias to the former). This is set up in the mc146818rtc driver, and
doesn't work on other targets.
This patch adds a similar "date" property to the pseries machine's RTAS RTC
and adds a compatible alias to the machine.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The initial creation of the PAPR RTC qdev class left a wart - the rtc's
offset was left in the sPAPREnvironment structure, accessed via a global.
This patch moves it into the RTC device's own state structure, were it
belongs. This requires a small change to the migration stream format. In
order to handle incoming streams from older versions, we also need to
retain the rtc_offset field in the sPAPREnvironment structure, so that it
can be loaded into via the vmsd, then pushed into the RTC device.
Since we're changing the migration format, this also takes the opportunity
to:
* Change the rtc offset from a value in seconds to a value in
nanoseconds, allowing nanosecond offsets between host and guest
rtc time, if desired.
* Remove both the already unused "next_irq" field and now unused
"rtc_offset" field from the new version of the spapr migration
stream
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
At present the PAPR RTC isn't a "device" as such - it's accessed only via
firmware/hypervisor calls, and is handled in the sPAPR core code. This
becomes inconvenient as we extend it in various ways.
This patch makes the PAPR RTC a separate device in the qemu device model.
For now, the only piece of device state - the rtc_offset - is still kept in
the global sPAPREnvironment structure. That's clearly wrong, but leaving
it to be fixed in a following patch makes for a clearer separation between
the internal re-organization of the device, and the behavioural changes
(because the migration stream format needs to change slightly when the
offset is moved into the device's own state).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
In the 'pseries' machine the real time clock is provided by a
paravirtualized firmware interface rather than a device per se; the RTAS
get-time-of-day and set-time-of-day calls.
Out current implementations of those work directly off host time (with
an offset), not respecting options such as clock=vm which can be
specified in the -rtc command line option.
This patch reworks the RTAS RTC code to respect those options, primarily
by basing them on the qemu_clock_get_ns(rtc_clock) function instead of
directly on qemu_get_timedate() (which essentially handles host time, not
virtual rtc time).
As a bonus, this means our get-time-of-day function now also returns
nanoseconds.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The virtual RTC time is used in two places in the pseries machine. First
is in the RTAS get-time-of-day function which returns the RTC time to the
guest. Second is in the spapr events code which is used to timestamp
event messages from the hypervisor to the guest.
Currently both call qemu_get_timedate() directly, but we want to change
that so we can properly handle the various -rtc options. In preparation,
create a helper function to return the virtual RTC time.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently, the RTAS time of day functions only partially validate the
number of parameters they receive and return. Because of how the
parameters are used, this is unlikely to lead to a crash, but it's messy.
This patch adds the missing checks.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
At the moment the RTAS (firmware/hypervisor) time of day functions are
implemented in spapr_rtas.c along with a bunch of other things. Since
we're going to be expanding these a bit, move the RTAS RTC related code
out into new file spapr_rtc.c. Also add its own initialization function,
spapr_rtc_init() called from the main machine init routine.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently, vmstate.h includes helper macro variants for 8, 16 and 32-bit
unsigned integers which include a "test" function which can selectively
enable or disable the field's presence in the migration stream.
There aren't similar helpers for 64-bit unsigned integers, or any size of
signed integers. This patch remedies this.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The mc146818rtc driver exposes the current RTC date and time via the "date"
property in QOM (which is also aliased to the machine's "rtc-time"
property). Currently it uses a custom visitor function rtc_get_date to
do this.
This patch introduces new helpers to the QOM core to expose struct tm
valued properties via a getter function, so that this functionality can be
more easily duplicated in other RTC implementations.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
At the moment sPAPR only supports 512MB window for MMIO BARs. However
modern devices might want bigger 64bit BARs.
This extends MMIO window from 512MB to 62GB (aligned to
SPAPR_PCI_WINDOW_SPACING) and advertises it in 2 records in
the PHB "ranges" property. 32bit gets the space from
SPAPR_PCI_MEM_WIN_BUS_OFFSET till the end of 4GB, 64bit gets the rest
of the space. If no space is left, 64bit range is not advertised.
The MMIO space size is set to old value of 0x20000000 by default
for pseries machines older than 2.3.
The approach changes the device tree which is a guest visible change, however
it won't break migration as:
1. we do not support migration to older QEMU versions
2. migration to newer QEMU will migrate the device tree as well and since
the new layout only extends the old one and does not change address mappigns,
no breakage is expected here too.
SLOF change is required to utilize this extension.
Suggested-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The next patch will make MMIO space bigger and keep the old value for
older pseries machines.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
pseries guests can have large numbers of PCI host bridges. To avoid the
user having to specify a number of different configuration values for every
one, the device supports an "index" property which is a shorthand setting
the various window and configuration addresses from a predefined sensible
set.
There are some problems with the details at present:
* The "index" propery is signed, but negative values will create PCI
windows below where we expect, potentially colliding with other devices
* No limit is imposed on the "index" property and large values can
translate to extremely large window addresses. With PCI passthrough in
particular this can mean we exceed various mapping and physical address
limits causing the guest host bridge to not work in strange ways.
This patch addresses this, by making "index" unsigned, and imposing a
limit. Currently the limit allows indices from 0..255 which is probably
enough host bridges for the time being. It's fairly easy to extend if
we discover we need more.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
We look at two sizes specified in ISA (4K, 64K). If not found matching,
we consider it 16MB.
Without this patch we would fail to lookup address above 16MB range.
Below 16MB happened to work before because the kernel have a liner
mapping and we always looked up hash for 0xc000000000000000. The
actual real address was computed by using the 16MB offset
with the real address found with the above hash.
Without Fix:
(gdb) x/16x 0xc000000001000000
0xc000000001000000 <list_entries+453208>: Cannot access memory at address 0xc000000001000000
(gdb)
With Fix:
(gdb) x/16x 0xc000000001000000
0xc000000001000000 <list_entries+453208>: 0x00000000 0x00000000 0x00000000 0x00000000
0xc000000001000010 <list_entries+453224>: 0x00000000 0x00000000 0x00000000 0x00000000
0xc000000001000020 <list_entries+453240>: 0x00000000 0x00000000 0x00000000 0x00000000
0xc000000001000030 <list_entries+453256>: 0x00000000 0x00000000 0x00000000 0x00000000
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Instead of tweaking a TCE table device by adding there a bypass flag,
let's add an alias to RAM and IOMMU memory region, and enable/disable
those according to the selected bypass mode.
This way IOMMU memory region can have size of the actual window rather
than ram_size which is essential for upcoming DDW support.
This moves bypass logic to VIO layer and keeps @bypass flag in TCE table
for migration compatibility only. This replaces spapr_tce_set_bypass()
calls with explicit assignment to avoid confusion as the function could
do something more that just syncing the @bypass flag.
This adds a pointer to VIO device into the sPAPRTCETable struct to provide
the sPAPRTCETable device a way to update bypass mode for the VIO device.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
pci, pc, virtio fixes and cleanups
A bunch of fixes all over the place.
All of ACPI refactoring has been merged.
Legacy pci commands have been dropped.
virtio header cleanup
initial patches from virtio-1.0 branch
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* remotes/mst/tags/for_upstream: (130 commits)
acpi: drop unused code
aml-build: comment fix
acpi-build: fix typo in comment
acpi: update generated files
vhost user:support vhost user nic for non msi guests
aml-build: fix build for glib < 2.22
acpi: update generated files
Makefile.target: binary depends on config-devices
acpi-test-data: update after pci rewrite
acpi, mem-hotplug: use PC_DIMM_SLOT_PROP in acpi_memory_plug_cb().
pci-hotplug-old: Has been dead for five major releases, bury
pci: Give a few helpers internal linkage
acpi: make build_*() routines static to aml-build.c
pc: acpi: remove not used anymore ssdt-[misc|pcihp].hex.generated blobs
pc: acpi-build: drop template patching and create PCI bus tree dynamically
tests: ACPI: update pc/SSDT.bridge due to new alg of PCI tree creation
pc: acpi-build: simplify PCI bus tree generation
tests: add ACPI blobs for qemu with bridge cases
tests: bios-tables-test: add support for testing bridges
tests: ACPI test blobs update due to PCI0._CRS changes
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Conflicts:
hw/pci/pci-hotplug-old.c
* remotes/qmp-unstable/queue/qmp:
docs: add memory-hotplug.txt
qemu-options.hx: improve -m description
virtio-balloon: Add some trace events
virtio-balloon: Fix balloon not working correctly when hotplug memory
pc-dimm: add a function to calculate VM's current RAM size
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Recent changes left acpi_get_hex unused,
and clag is unhappy about it:
error: unused function 'acpi_get_hex'
Drop it, as well as some unused macros.
Signer-off-by: Michael S. Tsirkin <mst@redhat.com>
misc spice/qxl fixes.
# gpg: Signature made Wed Mar 4 13:57:42 2015 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/spice/tags/pull-spice-20150304-1:
hmp: info spice: take out webdav
hmp: info spice: Show string channel name
qxl: drop update_displaychangelistener call for secondary qxl devices
vga: refactor vram_size clamping and rounding
qxl: refactor rounding up to a nearest power of 2
spice: fix invalid memory access to vga.vram
qxl: document minimal video memory for new modes
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
xhci: generate a Transfer Event for each Transfer TRB with the IOC bit set
# gpg: Signature made Tue Mar 3 07:38:43 2015 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-usb-20150303-1:
xhci: generate a Transfer Event for each Transfer TRB with the IOC bit set
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
bootdevice: bug fixes
# gpg: Signature made Tue Mar 3 05:18:39 2015 GMT using RSA key ID DDE30FBB
# gpg: Good signature from "Gonglei <arei.gonglei@huawei.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 5178 9C82 617F 2F58 8693 63B1 BA7A 65B0 DDE3 0FBB
* remotes/gonglei/tags/bootdevice-next-20150303:
bootdevice: add check in restore_boot_order()
bootdevice: check boot order argument validation before vm running
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
TriCore RRR1, RRR2 instructions and bugfixes
# gpg: Signature made Tue Mar 3 01:12:02 2015 GMT using RSA key ID 6B69CA14
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>"
* remotes/bkoppelmann/tags/pull-tricore-20150303:
target-tricore: Add instructions of RRR1 opcode format, which have 0xc3 as first opcode
target-tricore: Add instructions of RRR1 opcode format, which have 0x43 as first opcode
target-tricore: Add instructions of RRR1 opcode format, which have 0x83 as first opcode
target-tricore: Add instructions of RRR2 opcode format
target-tricore: fix msub32_suov return wrong results
target-tricore: Fix RLC_ADDI, RLC_ADDIH using wrong microcode helper
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Ignore writes to unassigned areas of system I/O regison and return 0 for
reads. This makes drivers for unimportant unimplemented hardware blocks
happy.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Add memory hotplug options to the command-line format. Also,
add a complete command-line example and improve description.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Paulo Vital <paulo.vital@profitbricks.com>
When do memory balloon, it takes the 'ram_size' as the VM's current ram size,
But 'ram_size' is the startup configured ram size, it does not take into
account the hotplugged memory.
As a result, the balloon result will be confused.
Steps to reproduce:
(1)Start VM: qemu -m size=1024,slots=4,maxmem=8G
(2)In VM: #free -m : 1024M
(3)qmp balloon 512M
(4)In VM: #free -m : 512M
(5)hotplug pc-dimm 1G
(6)In VM: #free -m : 1512M
(7)qmp balloon 256M
(8)In VM: #free -m :1256M
We expect the VM's available ram size to be 256M after 'qmp balloon 256M'
command, but VM's real available ram size is 1256M.
For "qmp balloon" is not performance critical code, we use function
'get_current_ram_size' to get VM's current ram size.
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
The global parameter 'ram_size' does not take into account
the hotplugged memory.
In some codes, we use 'ram_size' as current VM's real RAM size,
which is not correct.
Add function 'get_current_ram_size' to calculate VM's current RAM size,
it will enumerate present memory devices and also plus ram_size.
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
# gpg: Signature made Mon Mar 2 21:45:18 2015 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/tracing-pull-request:
trace: add DTrace reserved words for .d files
unbreak dtrace tracing due to double _ in rdma names
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Obvious suggestion for the next spice-protocol
release: Add some way to #ifdef new stuff.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Currently, vhost user nic doesn't support non msi guests(like pxe stage) by default.
Vhost user nic can't fall back to qemu like normal vhost net nic does. So we should
enable it for non msi guests.
Signed-off-by: Haifeng Gao <gaohaifeng.gao@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
g_ptr_array_new_with_free_func is there since glib 2.22,
use the older g_ptr_array_foreach instead.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
If the iothread lock isn't taken by the main thread, the RCU callbacks
might run concurrently with the main thread. QEMU's not ready for that.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Tested-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
- more config options
- bootdevice, iscsi, virtio-scsi fixes
- build system patches for MinGW and config-devices.mak
- qemu_mutex_lock_iothread deadlock fixes
- another tiny patch from the record/replay series
# gpg: Signature made Mon Mar 2 09:59:14 2015 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
cpus: be more paranoid in avoiding deadlocks
cpus: fix deadlock and segfault in qemu_mutex_lock_iothread
virtio-scsi: Allocate op blocker reason before blocking
Makefile.target: binary depends on config-devices
Makefile: don't silence mak file test with V=1
Makefile: fix up parallel building under MSYS+MinGW
iscsi: Handle write protected case in reopen
Give ivshmem its own config option
Create specific config option for "platform-bus"
Add specific config options for PCI-E bridges
bootdevice: fix segment fault when booting guest with '-kernel' and '-initrd'
timer: replace time() with QEMU_CLOCK_HOST
virtio-scsi-dataplane: Call blk_set_aio_context within BQL
block: Forbid bdrv_set_aio_context outside BQL
scsi: give device a parent before setting properties
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
At the moment, when the XHCI driver in edk2
(MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf) runs on QEMU, with the options
-device nec-usb-xhci -device usb-kbd
it crashes with:
ASSERT MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c(1759):
TrsRing != ((void*) 0)
The crash hits in the following edk2 call sequence (all files under
MdeModulePkg/Bus/):
UsbEnumerateNewDev() [Usb/UsbBusDxe/UsbEnumer.c]
UsbBuildDescTable() [Usb/UsbBusDxe/UsbDesc.c]
UsbGetDevDesc() [Usb/UsbBusDxe/UsbDesc.c]
UsbCtrlGetDesc(USB_REQ_GET_DESCRIPTOR) [Usb/UsbBusDxe/UsbDesc.c]
UsbCtrlRequest() [Usb/UsbBusDxe/UsbDesc.c]
UsbHcControlTransfer() [Usb/UsbBusDxe/UsbUtility.c]
XhcControlTransfer() [Pci/XhciDxe/Xhci.c]
XhcCreateUrb() [Pci/XhciDxe/XhciSched.c]
XhcCreateTransferTrb() [Pci/XhciDxe/XhciSched.c]
XhcExecTransfer() [Pci/XhciDxe/XhciSched.c]
XhcCheckUrbResult() [Pci/XhciDxe/XhciSched.c]
//
// look for TRB_TYPE_DATA_STAGE event [1]
//
//
// Store a copy of the device descriptor, as the hub device
// needs this info to configure endpoint. [2]
//
UsbSetConfig() [Usb/UsbBusDxe/UsbDesc.c]
UsbCtrlRequest(USB_REQ_SET_CONFIG) [Usb/UsbBusDxe/UsbDesc.c]
UsbHcControlTransfer() [Usb/UsbBusDxe/UsbUtility.c]
XhcControlTransfer() [Pci/XhciDxe/Xhci.c]
XhcSetConfigCmd() [Pci/XhciDxe/XhciSched.c]
XhcInitializeEndpointContext() [Pci/XhciDxe/XhciSched.c]
//
// allocate transfer ring for the endpoint [3]
//
USBKeyboardDriverBindingStart() [Usb/UsbKbDxe/EfiKey.c]
UsbIoAsyncInterruptTransfer() [Usb/UsbBusDxe/UsbBus.c]
UsbHcAsyncInterruptTransfer() [Usb/UsbBusDxe/UsbUtility.c]
XhcAsyncInterruptTransfer() [Pci/XhciDxe/Xhci.c]
XhcCreateUrb() [Pci/XhciDxe/Xhci.c]
XhcCreateTransferTrb() [Pci/XhciDxe/XhciSched.c]
XhcSyncTrsRing() [Pci/XhciDxe/XhciSched.c]
ASSERT (TrsRing != NULL) [4]
UsbEnumerateNewDev() in the USB bus driver issues a GET_DESCRIPTOR
request, in order to determine the number of configurations that the
endpoint supports. The requests consists of three stages (three TRBs),
setup, data, and status. The length of the response is determined in [1],
namely from the transfer event that the host controller generates in
response to the request's middle stage (ie. the data stage).
If the length of the answer is correct (a full GET_DESCRIPTOR request
takes 18 bytes), then the XHCI driver that underlies the USB bus driver
"snoops" (caches) the descriptor data for later [2].
Later, the USB bus driver sends a SET_CONFIG request. The underlying XHCI
driver allocates a transfer ring for the endpoint, relying on the data
snooped and cached in step [2].
Finally, the USB keyboard driver submits an asynchronous interrupt
transfer to manage the keyboard. As part of this it asserts [4] that the
ring has been allocated in step [3].
And this ASSERT() fires. The root cause can be found in the way QEMU
handles the initial GET_DESCRIPTOR request.
Again, that request consists of three stages (TRBs, Transfer Request
Blocks), "setup", "data", and "status". The XhcCreateTransferTrb()
function sets the IOC ("Interrupt on Completion") flag in each of these
TRBs.
According to the XHCI specification, the host controller shall generate a
Transfer Event in response to *each* individual TRB of the request that
had the IOC flag set. This means that QEMU should queue three events:
setup, data, and status, for edk2's XHCI driver.
However, QEMU only generates two events:
- one for the setup (ie. 1st) stage,
- another for the status (ie. 3rd) stage.
No event is generated for the middle (ie. data) stage. The loop in QEMU's
xhci_xfer_report() function runs three times, but due to the "reported"
variable, only the first and the last TRBs elicit events, the middle (data
stage) results in no event queued.
As a consequence:
- When handling the GET_DESCRIPTOR request, XhcCheckUrbResult() in [1]
does not update the response length from zero.
- XhcControlTransfer() thinks that the response is invalid (it has zero
length payload instead of 18 bytes), hence [2] is not reached; the
device descriptor is not stashed for later, and the number of possible
configurations is left at zero.
- When handling the SET_CONFIG request, (NumConfigurations == 0) from
above prevents the allocation of the endpoint's transfer ring.
- When the keyboard driver tries to use the endpoint, the ASSERT() blows
up.
The solution is to correct the emulation in QEMU, and to generate a
transfer event whenever IOC is set in a TRB.
The patch replaces
!reported && (IOC || foo) == !reported && IOC ||
!reported && foo
with
IOC || (!reported && foo) == IOC ||
!reported && foo
which only changes how
reported && IOC
is handled. (Namely, it now generates an event.)
Tested with edk2 built for "qemu-system-aarch64 -M virt" (ie.
"ArmVirtualizationQemu.dsc", aka "AAVMF"), and guest Linux.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit 3dcadce507 added three
update_displaychangelistener call sites:
Two for primary qxl cards, when entering/leaving vga mode, which are
correct.
One for secondary qxl cards, which is wrong because we don't register
a displaychangelistener in the first place for secondary cards.
Remove it.
Reported-by: Brad Campbell <lists2009@fnarfbargle.com>
Tested-by: Brad Campbell <lists2009@fnarfbargle.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Make the code a bit more obvious.
We don't have min/max, so a general helper for clamp probably isn't
acceptable either.
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
We already have pow2floor, mirror it and use instead of a function with
similar results (same in used domain), to clarify our intent.
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
vga_common_init() doesn't allow more than 256 MiB vram size and silently
shrinks any larger value. qxl_dirty_surfaces() used the unshrinked size
via qxl->shadow_rom.surface0_area_size when accessing the memory, which
resulted in segfault.
Add a workaround for this case and an assert if it happens again.
We have to bump the vga memory limit too, because 256 MiB wouldn't have
allowed 8k (it requires more than 128 MiB).
1024 MiB doesn't work, but 512 MiB seems fine.
Proposed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
qemu_boot_set() can't fail in restore_boot_order(),
then simply assert it doesn't fail, by passing
&error_abort if boot_set_handler set.
Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Either 'once' option or 'order' option can take effect for -boot at
the same time, that is say initial startup processing can check only
one. And pc.c's set_boot_dev() fails when its boot order argument
is invalid. This patch provide a solution fix this problem:
1. If "once" is given, register reset handler to restore boot order.
2. Pass the normal boot order to machine creation. Should fail when
the normal boot order is invalid.
3. If "once" is given, set it with qemu_boot_set(). Fails when the
once boot order is invalid.
4. Start the machine.
5. On reset, the reset handler calls qemu_boot_set() to restore boot
order. Should never fail.
Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
QemuOpts: Convert various setters to Error
# gpg: Signature made Thu Feb 26 13:56:43 2015 GMT using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>"
* remotes/armbru/tags/pull-error-2015-02-26:
qtest: Use qemu_opt_set() instead of qemu_opts_parse()
pc: Use qemu_opt_set() instead of qemu_opts_parse()
qemu-sockets: Simplify setting numeric and boolean options
block: Simplify setting numeric options
qemu-img: Suppress unhelpful extra errors in convert, amend
QemuOpts: Propagate errors through opts_parse()
QemuOpts: Propagate errors through opts_do_parse()
QemuOpts: Drop qemu_opt_set(), rename qemu_opt_set_err(), fix use
block: Suppress unhelpful extra errors in bdrv_img_create()
qemu-img: Suppress unhelpful extra errors in convert, resize
QemuOpts: Convert qemu_opts_set() to Error, fix its use
QemuOpts: Convert qemu_opt_set_number() to Error, fix its use
QemuOpts: Convert qemu_opt_set_bool() to Error, fix its use
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add helpers helper_addsur_h/_ssov which adds one halfword and subtracts one
halfword, rounds / and saturates each half word independently.
Add microcode helper functions:
* gen_maddsu_h/sus_h: multiply two halfwords left justified and add to the
first one word and subtract from the second one word
/ and saturate each resulting word independetly.
* gen_maddsum_h/sums_h: multiply two halfwords in q-format left justified
and add to the first one word and subtract from
the second one word / and saturate each resulting
word independetly.
* gen_maddsur32_h/32s_h: multiply two halfwords in q-format left justified
and add to the first one word and subtract from
the second one word, round both results / and
saturate each resulting word independetly.
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Add helpers:
* madd64_q_ssov: multiply two 32 bit q-format number, add them with a
64 bit q-format number and saturate.
* madd32_q_add_ssov: add two 64 bit q-format numbers and return a 32 bit
result.
* maddr_q_ssov: multiplay two 32 bit q-format numbers, add a 32 bit
q-format number and saturate.
* maddr_q: multiplay two 32 bit q-format numbers and add a 32 bit
q-format number.
Note: madd instructions in the q format can behave strange, e.g.
0x1 + (0x80000000 * 0x80000000) << 1 for 32 bit signed values does not cause an
overflow on the guest, because all intermediate results should be handled as if
they are indefinitely precise. We handle this by inverting the overflow bit for
all cases: a + (0x80000000 * 0x80000000) << 1.
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Add helpers:
* add64_ssov: adds two 64 bit values and saturates the result.
* addr_h/_ssov: adds two halfwords with two words in q-format with rounding
/ and saturates each result independetly.
Add microcode generator:
* gen_add64_d: adds two 64 bit values.
* gen_addsub64_h: adds/subtracts one halfwords with a word and adds/
subtracts another halftword with another word.
* gen_madd_h/s_h: multiply four halfwords, add each result left justfied
to two word values / and saturate each result.
* gen_maddm_h/s_h: multiply four halfwords, add each result left justfied
to two words values in q-format / and saturate each
result.
* gen_maddr32/64_h/s_h: multiply four halfwords, add each result left
justfied to two halftwords/words values in q-format
/ and saturate each result.
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
If the signed result of the multiplication overflows, we would get a negative
value, which would result in a addition instead of a subtraction.
Now we do the overflow calculation and saturation by hand instead of using
suov32_neg.
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
This reverts commit b8a173b25c, reversing
changes made to 5de090464f.
(I applied this pull request when I should not have done so, and
am now immediately reverting it.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
DTrace on Mac OS X fails due to trace events using 'self' as an argument
name:
GEN trace/generated-tracers-dtrace.h
dtrace: failed to compile script trace/generated-tracers-dtrace.dtrace: line 1330: syntax error, unexpected DT_KEY_SELF, expecting ) near "self"
make: *** [trace/generated-tracers-dtrace.h] Error 1
Filter argument names according to the list of DTrace .d file reserved
keywords.
Note that DTrace on Mac and Linux still do not work after this patch.
There are additional build issues remaining.
Reported-by: Henk Poley <henkpoley@gmail.com>
Tested-by: Henk Poley <henkpoley@gmail.com>
Cc: Lluís Vilanova <vilanova@ac.upc.edu>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Linux v4.0-rc1 vfio-pci introduced a new virtual interrupt to allow
the kernel to request a device from the user. When signaled, QEMU
will by default attmempt to hot-unplug the device. This is a one-
shot attempt with the expectation that the kernel will continue to
poll for the device if it is not returned. Returning the device when
requested is the expected standard model of cooperative usage, but we
also add an option option to disable this feature. Initially this
opt-out is set as an experimental option because we really should
honor kernel requests for the device.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Disabling MMAP support uses the slower read/write accesses but allows to
trace all MMIO accesses, which is not good for performance, but very
useful for reverse engineering PCI drivers. This option allows to
disable MMAP per device without a compile-time change.
Signed-off-by: Samuel Pitoiset <samuel.pitoiset@gmail.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
They are not used from anywhere but common.c which is where these are
defined so make them static.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
This makes the error report more informative.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
* remotes/ehabkost/tags/x86-pull-request:
target-i386: Move APIC ID compatibility code to pc.c
target-i386: Require APIC ID to be explicitly set before CPU realize
target-i386: Set APIC ID using cpu_index on CONFIG_USER
linux-user: Check for cpu_init() errors
target-i386: Move CPUX86State.cpuid_apic_id to X86CPU.apic_id
target-i386: Simplify error handling on cpu_x86_init_user()
target-i386: Eliminate cpu_init() function
target-i386: Rename cpu_x86_init() to cpu_x86_init_user()
target-i386: Move topology.h to include/hw/i386
target-i386: Eliminate unnecessary get_cpuid_vendor() function
target-i386: Simplify listflags() function
Conflicts:
target-i386/cpu.c
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
NUMA fixes queue
# gpg: Signature made Mon Feb 23 19:28:42 2015 GMT using RSA key ID 984DC5A6
# gpg: Can't check signature: public key not found
* remotes/ehabkost/tags/numa-pull-request:
numa: Rename set_numa_modes() to numa_post_machine_init()
numa: Rename option parsing functions
numa: Move QemuOpts parsing to set_numa_nodes()
numa: Make max_numa_nodeid static
numa: Move NUMA globals to numa.c
vl.c: Remove unnecessary zero-initialization of NUMA globals
numa: Move NUMA declarations from sysemu.h to numa.h
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
For good measure, ensure that the following sequence:
thread 1 calls qemu_mutex_lock_iothread
thread 2 calls qemu_mutex_lock_iothread
VCPU thread are created
VCPU thread enters execution loop
results in the VCPU threads letting the other two threads run
and obeying iothread_requesting_mutex even if the VCPUs are
not halted. To do this, check iothread_requesting_mutex
before execution starts.
Tested-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
When two threads (other than the low-priority TCG VCPU thread)
are competing for the iothread lock, a deadlock can happen. This
is because iothread_requesting_mutex is set to false by the first
thread that gets the mutex, and then the VCPU thread might never
yield from the execution loop. If iothread_requesting_mutex is
changed from a bool to a counter, the deadlock is fixed.
However, there is another bug in qemu_mutex_lock_iothread that
can be triggered by the new call_rcu thread. The bug happens
if qemu_mutex_lock_iothread is called before the CPUs are
created. In that case, first_cpu is NULL and the caller
segfaults in qemu_mutex_lock_iothread. To fix this, just
do not do the kick if first_cpu is NULL.
Reported-by: Leon Alrae <leon.alrae@imgtec.com>
Reported-by: Andreas Gustafsson <gson@gson.org>
Tested-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
s->blocker is really only used in hw/scsi/virtio-scsi.c; the only places
where it is used in hw/scsi/virtio-scsi-dataplane.c is when it is
allocated and when it is freed. That does not make a whole lot of sense
(and is actually wrong because this leads to s->blocker potentially
being NULL when blk_op_block_all() is called in virtio-scsi.c), so move
the allocation and destruction of s->blocker to the device realization
and unrealization in virtio-scsi.c, respectively.
Case in point:
$ echo -e 'eject drv\nquit' | \
x86_64-softmmu/qemu-system-x86_64 \
-monitor stdio -machine accel=qtest -display none \
-object iothread,id=thr -device virtio-scsi-pci,iothread=thr \
-drive if=none,file=test.qcow2,format=qcow2,id=drv \
-device scsi-cd,drive=drv
Without this patch:
(qemu) eject drv
[1] 10102 done
10103 segmentation fault (core dumped)
With this patch:
(qemu) eject drv
Device 'drv' is busy: block device is in use by data plane
(qemu) quit
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <1425057113-26940-1-git-send-email-mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
relink binary whenever config-devices.mak changes:
this makes sense as we are adding/removing devices,
so binary has to be relinked to be up to date.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
more trivial changes as more code has been rewritten in C.
we also got rid of extra Scope operators.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Commit 79ca616 (v1.6.0) accidentally disabled legacy x86-only HMP
commands pci_add, pci_del: it defined CONFIG_PCI_HOTPLUG only as make
variable, not as preprocessor macro, killing the code conditional on
defined(CONFIG_PCI_HOTPLUG_OLD).
In all this time, nobody reported the loss. I only noticed it when I
tried to test some error reporting change that forced me to touch this
old crap again.
Fun: git-log hw/pci/pci-hotplug-old.c shows our faith in the backward
compatibility god has been strong enough to sacrifice at its altar
about a dozen times, but not strong enough to even once verify the
legacy feature's still there, let alone works.
Remove the commands along with the code backing them.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
build_*() routines were used for composing AML
structures manually in acpi-build.c but after
conversion to AML API they are not used outside
of aml-build.c anymore, so hide them from external
users.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Replace AML template patching with direct composing
of PCI device entries in C. It allows to simplify
PCI tree generation further and saves us about 400LOC
scattered through different files, confining tree
generation to one C function which is much easier
to deal with.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
it basicaly does the same as original approach,
* just without bus/notify tables tracking (less obscure)
which is easier to follow.
* drops unnecessary loops and bitmaps,
creating devices and notification method in the same loop.
* saves us ~100LOC
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Adds alternative ACPI table blob selection for testing
non default QEMU configurations. If blob file for test
variant is not present, fallback to default blob.
With this change implement testing with a coldplugged
bridge.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
PCI0._CRS was moved into SSDT and became the same for
PIIX4/Q35 machines.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
patch moves SMC device into SSDT and creates it only
when device is present, which makes ACPI tables smaller
in default case when device is not present.
Also it fixes wrong IO range in CRS if "iobase"
property is set to a non default value.
PS:
Testing with XP shows that current default "iobase"
used SMC device conflicts with floppy controller IO,
but it's topic for another patch and I'd leave it
to SMC device author for resolving conflict.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
CC: agraf@suse.de
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
IO port and length will be used in following patch
to correctly generate SMC ACPI device in SSDT.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
It drops empty ssdt_misc templete. It also hides
from user almost all pointer arithmetic when building
SSDT which makes resulting code a bit cleaner
and concentrating only on composing ASL construct
/i.e. a task build_ssdt() should be doing/.
Also it makes one binary blob less stored in QEMU
source tree by removing need to keep and update
hw/i386/ssdt-misc.hex.generated file here in total
saving us ~430LOC.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Drops manual hole punching in PCI0._CRS on PIIX4 machine type
for GPE0 resources. Resources will be consumed by Device(GPE0)
that is attached to PCI namespace.
There is GPE device with HID ACPI0006 since ACPI2.0
that should be used for this purpose but none of Windows
versions support it and show it as "unknown device",
so reserve resource in old fashioned way with PNP0A06
device to make windows happy and actually reserve resources.
Along with last hole _CRS layout of PIIX4 machine becomes
the same as Q35 one, so merge them together and use the same
_CRS for both machine types.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Drops manual hole punching in PCI0._CRS on PIIX4 machine type
for CPU hotplug resources.
Resources will be consumed by Device(PRES) that is attached
to PCI bus. The same way how it currently works for mem hotlpug.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Drops manual hole punching in PCI0._CRS for PIIX4 machine type.
Resources will be consumed by Device(PHPR) that cwis attached
to PCI bus. The same way how it currently works for mem hotlpug.
Manual hole in PIIX4 _CRS wasn't correct anyway since it was
legacy size 0xF while current PCIHP MMIO region is of size 0x14.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Replace template patching and runtime calculation
in _CRS() method with static _CRS defined in SSDT.
No functional change except of as mentined above
and _CRS being moved from DSDT to SSDT.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Provide the TIS 1.3 capability flags.
The interface now looks like a TIS 1.3 interface. It's fully
compatible with previous TIS 1.2 and drivers written for
TIS 1.2 continue to work.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Extend the backend to check whether the TPM_ContinueSelfTest
finished successfully and provide a flag to the TIS front-end
if it successfully finished. The TIS then sets a flag in
all localities in the STS register and keeps it until the next
reset.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Support for the XFIFO register (range) of the TIS 1.3 specification.
We support a range of 64 bytes.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Improve the access to the registers with 32 and 16 bit reads and writes.
Also enable access to a non-base register address, such as reads of the
2nd byte of a register. Map the FIFO byte access to any byte within
its 4 byte register (following specs).
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
More recent TIS specs extend the STS register to 32 bit. While
we don't store the TIS interface state, yet, we can extend it
without sideeffects.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The idea is that all other virtio devices are calling this helper
to merge properties of the proxy device. This is the only difference
in between this helper and code in inside virtio_instance_init_common.
The patch should not cause any harm as property list in generic balloon
code is empty.
This also allows to avoid some dummy errors like fixed by this
commit 91ba212088
Author: Gonglei <arei.gonglei@huawei.com>
Date: Tue Sep 30 14:10:35 2014 +0800
virtio-balloon: fix virtio-balloon child refcount in transports
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Raushaniya Maksudova <rmaksudova@parallels.com>
Revieved-by: Cornelia Huck <cornelia.huck@de.ibm.com>
CC: Christian Borntraeger <borntraeger@de.ibm.com>
CC: Anthony Liguori <aliguori@amazon.com>
CC: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This patch enables parallel building of QEMU in MSYS+MinGW environment.
Currently an attempt to build QEMU in parallel fails on generation of
version.lo (and version.o too).
The cause of the failure is that when listing prerequisites "Makefile"
references "config-host.h" by absolute path in some rules and by relative
path in others. Make cannot figure out that these references points to the
same file which leads to the race: the generation of "version.*" which
requires "$(BUILD_DIR)/config-host.h" is launched in parallel with the
generation of "config-host.h" needed by other "Makefile" targets.
This patch removes "$(BUILD_DIR)/" prefix from corresponding prerequisite
of "version.*". There is no other prerequisites "$(BUILD_DIR)/config-host.h"
found.
Also note that not every version of MSYS is able to build QEMU in parallel,
see: "http://sourceforge.net/p/mingw/bugs/1950/". The suggested version is
1.0.17.
Signed-off-by: Vasily Efimov <real@ispras.ru>
Message-Id: <1424264377-5992-1-git-send-email-real@ispras.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Currently the "platform-bus" device is included for all softmmu builds.
This bridge is intended for use on any platforms that require dynamic
creation of sysbus devices. However, at present it is used only for the
PPC E500 target, with plans for the ARM "virt" target in the immediate
future.
To avoid a not-very-useful entry appearing in "qemu -device ?" output on
other targets, this patch makes a specific config option for platform-bus
and enables it (for now) only on ppc configurations which include E500
and on ARM (which always includes the "virt" target).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <1425017077-18487-3-git-send-email-david@gibson.dropbear.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The i82801b11, ioh3420 and xio3130 PCI Express devices are currently
included in the build unconditionally.
While they could theoretically appear on any target platform with PCI-E,
they're pretty unlikely to appear on platforms that aren't Intel derived.
Therefore, to avoid presenting unlikely-to-be-relevant devices to the user,
add config options to enable these components, and enable them by default
only on x86 and arm platforms.
(Note that this patch does include these for aarch64, via its inclusion of
arm-softmmu.mak).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-Id: <1425017077-18487-2-git-send-email-david@gibson.dropbear.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch replaces time() function calls with calls to
qemu_clock_get_ns(QEMU_CLOCK_HOST). It makes such requests deterministic
in record/replay mode of icount.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Message-Id: <20150227131102.11912.89850.stgit@PASHA-ISP>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
It's not safe to call blk_set_aio_context from outside BQL because of
the bdrv_drain_all there. Let's put it in the hotplug callback which
will be called by qdev device realization for each scsi device attached
to the bus.
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1423969591-23646-3-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Even if the caller has both the old and the new AioContext's, there can
be a deadlock, due to the leading bdrv_drain_all.
Suppose there are four io threads (A, B, A0, B0) with A and B owning a
BDS for each (bs_a, bs_b); Now A wants to move bs_a to iothread A0, and
B wants to move bs_b to B0, at the same time:
iothread A iothread B
--------------------------------------------------------------------------
aio_context_acquire(A0) /* OK */ aio_context_acquire(B0) /* OK */
bdrv_set_aio_context(bs_a, A0) bdrv_set_aio_context(bs_b, B0)
-> bdrv_drain_all() -> bdrv_drain_all()
-> acquire A /* OK */ -> acquire A /* blocked */
-> acquire B /* blocked */ -> acquire B
... ...
Deadlock happens because A is waiting for B, and B is waiting for A.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1423969591-23646-2-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This mimics what is done in qdev_device_add, and lets the device be
freed in case something goes wrong. Otherwise, object_unparent returns
immediately without freeing the device, which is on the other hand left
in the parent bus's list of children.
scsi_bus_legacy_handle_cmdline then returns an error, and the HBA is
destroyed as well with object_unparent. But the lingering device that
was not removed in scsi_bus_legacy_add_drive cannot be removed now either,
and bus_unparent gets stuck in an infinite loop trying to empty the list
of children.
The right fix of course would be to assert in bus_add_child that the
device already has a bus, and remove the "safety net" that adds the
drive to the QOM tree in device_set_realized. I am not yet sure whether
that would entail changing all callers to qdev_create (as well as
isa_create and usb_create and the corresponding _try_create versions).
Reported-by: Markus Armbruster <armbru@redhat.com>
Tested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Don't convert numbers or bools to strings for use with qemu_opt_set(),
simply use qemu_opt_set_number() or qemu_opt_set_bool() instead.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Don't convert numbers to strings for use with qemu_opt_set(), simply
use qemu_opt_set_number() instead.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
img_convert() and img_amend() use qemu_opts_do_parse(), which reports
errors with qerror_report_err(). Its error messages aren't helpful
here, the caller reports one that actually makes sense. Reproducer:
$ qemu-img convert -o backing_format=raw in.img out.img
qemu-img: Invalid parameter 'backing_format'
qemu-img: Invalid options for file format 'raw'
To fix, propagate errors through qemu_opts_do_parse(). This lifts the
error reporting into callers. Drop it from img_convert() and
img_amend(), keep it in qemu_chr_parse_compat(), bdrv_img_create().
Since I'm touching qemu_opts_do_parse() anyway, write a function
comment for it.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Since I'm touching qemu_opts_parse() anyway, write a function comment
for it.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
qemu_opt_set() is a wrapper around qemu_opt_set() that reports the
error with qerror_report_err().
Most of its users assume the function can't fail. Make them use
qemu_opt_set_err() with &error_abort, so that should the assumption
ever break, it'll break noisily.
Just two users remain, in util/qemu-config.c. Switch them to
qemu_opt_set_err() as well, then rename qemu_opt_set_err() to
qemu_opt_set().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
bdrv_img_create() uses qemu_opt_set(), which reports errors with
qerror_report_err(). Its error messages aren't helpful here, the
caller reports one that actually makes sense. I don't know how to
trigger the error conditions, though.
Switch to qemu_opt_set_err() to get rid of the unwanted messages.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
add_old_style_options() for img_convert() and img_resize() use
qemu_opt_set(), which reports errors with qerror_report_err(). Its
error messages aren't helpful here, the caller reports one that
actually makes sense. Reproducer:
$ qemu-img convert -B raw in.img out.img
qemu-img: Invalid parameter 'backing_file'
qemu-img: Backing file not supported for file format 'raw'
Switch to qemu_opt_set_err() to get rid of the unwanted messages.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Return the Error object instead of reporting it with
qerror_report_err().
Change callers that assume the function can't fail to pass
&error_abort, so that should the assumption ever break, it'll break
noisily.
Turns out all callers outside its unit test assume that. We could
drop the Error ** argument, but that would make the interface less
regular, so don't.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Return the Error object instead of reporting it with
qerror_report_err().
Change callers that assume the function can't fail to pass
&error_abort, so that should the assumption ever break, it'll break
noisily.
Turns out all callers outside its unit test assume that. We could
drop the Error ** argument, but that would make the interface less
regular, so don't.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Return the Error object instead of reporting it with
qerror_report_err().
Change callers that assume the function can't fail to pass
&error_abort, so that should the assumption ever break, it'll break
noisily.
Turns out all callers outside its unit test assume that. We could
drop the Error ** argument, but that would make the interface less
regular, so don't.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
* remotes/qmp-unstable/queue/qmp:
qapi-types: add C99 index names to arrays
monitor: Fix missing err = NULL in client_migrate_info()
balloon: Fix typo
hmp: Fix warning from smatch (wrong argument in function call)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
A bunch of code moved from dsdt to ssdt,
plus we got trivial changes like 0->Zero which our test
dosn't recognize as identity yet.
Update expected files to suppress test warning.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
it will be used later to dynamically reserve MMIO region
instead of manually punching holes in PCI0._CRS
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
it replaces a static complied in DSDT MMIO region
for memory hotplug with one created at runtime
leaving only truly static memory hotplug related
ASL bits in DSDT. And replaces template patching
of MEMORY_SLOTS_NUMBER value with ASL API created
named value.
Later it also would make easier to reuse current
ACPI memory hotplug on other targets.
Also later it would be possible to move remaining
memory hotplug ASL methods into build_ssdt() and
add all memory hotplug related AML into SSDT only
when memory hotplug is enabled, further reducing
ACPI tables blob if memory hotplug isn't used.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
in addition it saves us ~330LOC and makes it one binary blob less
stored in QEMU source tree by removing need to keep and update
hw/i386/ssdt-mem.hex.generated file there.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
it replaces a static complied in DSDT MMIO region
for CPU hotplug with one created at runtime
leaving only truly static CPU hotplug related ASL
bits in DSDT.
It also puts CPU_HOTPLUG_RESOURCE_DEVICE into
PCI0 scope and reserves resources from it,
preparing for dropping manual hole punching
in PCI0._CRS.
Later it also would make easier to reuse current
ACPI CPU hotplug on other targets.
Also later it would be possible to move remaining
CPU hotplug ASL methods into build_ssdt() and
add all CPU hotplug related AML into SSDT only
when CPU hotplug is enabled, further reducing
ACPI tables blob if CPU hotplug isn't used.
impl. detail:
Windows XP can't handle /BSODs/ OperationRegion
declaration in DSDT when variable from SSDT is used
for specifying its address/length and also when
Field declared in DSDT with OperationRegion from
SSDT if DSDT is being parsed before SSDT.
But it works just fine when referencing named
fields from another table. Hence OperationRegion
and Field declaration are moved to SSDT to make
XP based editions work.
PS:
Later Windows editions seem to be fine with above
conditions.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
in addition it saves us ~400LOC and makes it
one binary blob less stored in QEMU source
tree by removing need to keep and update
hw/i386/ssdt-proc.hex.generated file there.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Drops AML template patching and allows to
save some space in SSDT if pvpanic device doesn't
exist by not including disabled device description
into SSDT. It also makes device description
smaller by replacing _STA method with named value
and dropping _INI method.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Named/Reserved{Field} definition uses PkgLength [1] encoding to specify
field length, however it doesn't include size of PkgLength field itself,
while other block objects that have explicit length of its body account
for PkgLength size while encoding it [2].
This special casing isn't mentioned in ACPI spec, but that's what 'iasl'
compiles NamedField to so add extra argument to build_prepend_pkg_length()
to allow it handle the case.
--
1. ACPI Spec 5.0, 20.2.5.2 Named Objects Encoding, page 822
2. ACPI Spec 5.0, 5.4 Definition Block Encoding
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Replaces template patching with packages composed
using AML API.
Note on behavior change:
If S3 or S4 is disabled, respective packages won't
be created and put into SSDT. Which saves us some
space in SSDT and doesn't confuse guest OS with
mangled package names as it was done originally.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* factor out ACPI const int packing out of build_append_value()
and rename build_append_value() to build_append_int_noprefix()
it will be reused for adding a plain integer value into AML.
will be used by is aml_processor() and CRS macro helpers
* extend build_append_int{_noprefix}() to support 64-bit values
it will be used PCI for generating 64bit _CRS entries
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
prepares for incremental conversion of SSDT content to AML API
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Adds for dynamic AML creation, which will be used
for piecing ASL/AML primitives together and hiding
from user/caller details about how nested context
should be closed/packed leaving less space for
mistakes and necessity to know how AML should be
encoded, allowing user to concentrate on ASL
representation instead.
For example it will allow to create AML like this:
init_aml_allocator();
...
Aml *scope = aml_scope("PCI0")
Aml *dev = aml_device("PM")
aml_append(dev, aml_name_decl("_ADR", aml_int(addr)))
aml_append(scope, dev);
...
free_aml_allocator();
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Thomas Huth noticed that some linux headers
use __inline__, change to inline to be consistent
with the rest of QEMU.
Reported-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The importing script got it right already, I just forgot to re-run it.
Reported-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Thomas Huth noticed that some linux headers
use __inline__, change to inline to be consistent
with the rest of QEMU.
Reported-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
except of shortening of lines and making code a bit more readable,
it will reduce renaming noise when changing tables blob from GArray* to
Aml* type.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
hotplugged bridges don't get bsel allocated so acpi hotplug doesn't work
for them anyway. OTOH adding them in ACPI creates a host of problems,
e.g. they can't be hot-unplugged themselves which is surprising to
users.
So let's just skip these.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Add a helper function for checking whether a bit is set in the guest
features for a vdev as well as one that works on a feature bit set.
Convert code that open-coded this: It cleans up the code and makes it
easier to extend the guest feature bits.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Add virtio_{add,clear}_feature helper functions for manipulating a
feature bits variable. This has some benefits over open coding:
- add check that the bit is in a sane range
- make it obvious at a glance what is going on
- have a central point to change when we want to extend feature bits
Convert existing code manipulating features to use the new helpers.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The only user of this function was virtio-ccw, and it should use
virtio_set_features() like everybody else: We need to make sure
that bad features are masked out properly, which this function did
not do.
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Drop duplicated macros in favor of values from
standard headers.
Tested-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Drop duplicated code. Minor codechanges were required
as geometry is a sub-structure now.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Drop a bunch of code duplicated from virtio_config.h and virtio_ring.h.
This makes us rename event index accessors which conflict,
as reusing the ones from virtio_ring.h isn't trivial.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Add files imported from linux-next (what will become linux 4.0) using
scripts/update-linux-headers.sh
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
It doesn't make sense to copy values manually:
the only issue with getting headers from linux
seems to be dealing with linux/types, we
can easily fix that automatically while importing.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
For legacy machine types, rsdp is not in RAM, so we need a copy of rsdp
for fw cfg. We previously used g_array_free with false parameter,
but this seems to confuse people.
This also wastes a bit of memory as the buffer is unused for new
machine types.
Let's just use plain g_memdup, and free original memory together with
the array.
TODO: rationalize tcpalog memory management, and get rid of the mfre
parameter.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
As comment in acpi-build.c notes, RSDP is not really immutable. So it's
really a question of whether it's in RAM, name the variable accordingly.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
This fixes multiple issues around ACPI RAM management:
RSDP and linker RAM aren't currently marked dirty
on update, so they won't be migrated correctly.
Let's handle all tables in the same way: set correct size (assert if
too big), update, mark RAM dirty.
This also drops assert checking that table size didn't change: table
size is fundamentally dynamic and depends on hw configuration,
just set the correct size and use that (memory core asserts if size is
too large).
This also means we can drop tracking table size, memory core does this
for us now.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Block size must fundamentally be a multiple of target page size.
Aligning automatically removes need to worry about the alignment
from callers.
Note: the only caller of qemu_ram_resize (acpi) already happens to have
size padded to a power of 2, but we would like to drop the padding in
ACPI core, and don't want to expose target page size knowledge to ACPI.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Paolo Bonzini <ponzini@redhat.com>
Makes sure that RSDP stays the same
/i.e. matches ACPI tables blob in source/
if guest is migrated during RSDP reading or
has been already shadowed by firmware.
Fix applies only to new machine types starting
from 2.3, so it won't break migration for old
machine types.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Linker table is build only once, so if later during
tables rebuild sizes of other ACPI tables change
pointers will be patched incorrectly due to wrong
offsets in linker. Resulting in guest not being able
to find ACPI tables.
Fix it by updating 'linker' table with the rest of
tables when firmware reads it.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
RSDT offset can change across reboots and that makes
immutable RSDP, which is build at startup, point to
incorrect place in ACPI table blob. That results in
BIOS corrupting tables and guest OS failing to find
ACPI tables.
We really should have put it in a ROM region, but
we can't change that for old machine types,
let's just set the callback and update it explicitly.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
If the maxram_size is not aligned and dimm devices were added on the
command line qemu would terminate with a rather unhelpful message:
ERROR:hw/mem/pc-dimm.c:150:pc_dimm_get_free_addr: assertion failed:
(QEMU_ALIGN_UP(address_space_size, align) == address_space_size)
In case no dimm device was originally added on the commandline qemu
exits on the assertion failure.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Produce more human readable error messages and fix few spelling
mistakes.
Also remove a redundant check for the max memory size.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Memory and CPU hot unplug are both asynchronous procedures.
When the unplug operation happens, unplug request cb is called first.
And when guest OS finished handling unplug, unplug cb will be called
to do the real removal of device.
This patch adds hotunplug cb to piix4, which memory and CPU
hot unplug will use it.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Memory and CPU hot unplug are both asynchronous procedures.
When the unplug operation happens, unplug request cb is called first.
And when guest OS finished handling unplug, unplug cb will be called
to do the real removal of device.
This patch adds hotunplug cb to ich9, which memory and CPU
hot unplug will use it.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Memory and CPU hot unplug are both asynchronous procedures.
When the unplug operation happens, unplug request cb is called first.
And when guest OS finished handling unplug, unplug cb will be called
to do the real removal of device.
This patch adds hotunplug cb to pc machine, which memory and CPU
hot unplug will use it.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Memory and CPU hot unplug are both asynchronous procedures.
They both need unplug request cb when the unplug operation happens.
This patch adds hotunplug request cb for ich9, and memory and CPU
hot unplug will share it.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Memory and CPU hot unplug are both asynchronous procedures.
They both need unplug request callback to initiate unplug operation.
Add unplug handler to pc machine that will be used by following
CPU and memory unplug patches.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Tang Chen <tangchen@cn.fujitsu.com>
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-global lets you set a nice booby-trap for yourself:
$ qemu-system-x86_64 -nodefaults -S -display none -usb -monitor stdio -global usb-mouse.usb_version=l
QEMU 2.1.94 monitor - type 'help' for more information
(qemu) device_add usb-mouse
Parameter 'usb_version' expects an int64 value or range
$ echo $?
1
Not nice. Until commit 3196270 we even abort()ed.
The same error triggers if you manage to screw up a machine type's
compat_props. To demonstrate, change HW_COMPAT_2_1's entry to
.driver = "usb-mouse",\
.property = "usb_version",\
.value = "1", \
Then run
$ qemu-system-x86_64 -usb -M pc-i440fx-2.1 -device usb-mouse
upstream-qemu: -device usb-mouse: Parameter 'usb_version' expects an int64 value or range
$ echo $?
1
One of our creatively cruel error messages.
Since this is actually a coding error, we *should* abort() here.
Replace the error by an assertion failure in this case.
But turn the fatal error into a mere warning when the faulty
GlobalProperty comes from the user. Looks like this:
$ qemu-system-x86_64 -nodefaults -S -display none -usb -monitor stdio -global usb-mouse.usb_version=l
QEMU 2.1.94 monitor - type 'help' for more information
(qemu) device_add usb-mouse
Warning: global usb-mouse.usb_version=l ignored (Parameter 'usb_version' expects an int64 value or range)
(qemu)
This is consistent with how we handle similarly unusable -global in
qdev_prop_check_globals().
You could argue that the error should make device_add fail. Would be
harder, because we're running within TypeInfo's instance_post_init()
method device_post_init(), which can't fail.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
The next commit will exploit the fact it never fails. This one makes
it obvious.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Call the new PCIDeviceClass method realize(). Default it to
pci_default_realize(), which calls old method init().
To convert a device model, make it implement realize() rather than
init().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Implement DeviceClass methods realize() and unrealize() instead of
init() and exit(). The core's initialization errors now get
propagated properly, and QMP sends them instead of an unspecific
"Device initialization failed" error. Unrealize can't fail, so no
change there.
PCIDeviceClass is unchanged: it still provides init() and exit().
Therefore, device models' errors are still not propagated.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Use build_append_namestring() instead of build_append_nameseg()
So user won't have to care whether name is NameSeg, NamePath or
NameString.
See for reference ACPI 5.0: 20.2.2 Name Objects Encoding
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
the will be later used for composing AML primitives
and all that could be reused later for ARM machines
as well.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
When bridge hotplug is disabled for old machine types,
we never free memory allocated for temporary tables.
Fix this up.
Cc: qemu-stable@nongnu.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Features for s390x/kvm
1. guest reIPL changes (Fan Zhang)
Implements subcode 5 and 6 of diag 0x308. This allows to use
/sys/firmware/[re]ipl/ccw/* and the chreipl and lsreipl tools in
Linux. In addition to the normal "change the disk" this also
allows to switch from booting an external kernel into rebooting
from a disk.
2. Memory page table walking (Thomas Huth)
Fix several page table walking functions, used in several places
like gdb server and instruction handling. Also use these functions
in several I/O related functions.
# gpg: Signature made Wed Feb 18 09:13:22 2015 GMT using RSA key ID B5A61C7C
# gpg: Good signature from "Christian Borntraeger (IBM) <borntraeger@de.ibm.com>"
* remotes/borntraeger/tags/s390x-20150218: (29 commits)
s390x/helper: Remove s390_cpu_physical_memory_map
s390x/pci: Rework memory access in zpci instruction
s390x/ioinst: Rework memory access in TPI instruction
s390x/ioinst: Rework memory access in CHSC instruction
s390x/ioinst: Rework memory access in STCRW instruction
s390x/ioinst: Rework memory access in TSCH instruction
s390x/ioinst: Set condition code in ioinst_handle_tsch() handler
s390x/ioinst: Rework memory access in STSCH instruction
s390x/ioinst: Rework memory access in SSCH instruction
s390x/ioinst: Rework memory access in MSCH instruction
s390x/css: Make schib parameter of css_do_msch const
s390x/mmu: Add function for accessing guest memory
s390x/kvm: Add function for injecting pgm access exceptions
s390x/mmu: Clean up mmu_translate_asc()
s390x/mmu: Check bit 52 in page table entry
s390x/mmu: Renaming related to the ASCE confusion
s390x/mmu: Add support for read-only regions
s390x/mmu: Fix the exception codes for illegal table entries
s390x/mmu: Fix exception types when checking the ASCEs
s390x/mmu: Fix translation exception code in lowcore
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The APIC ID compatibility code is required only for PC, and now that
x86_cpu_initfn() doesn't use x86_cpu_apic_id_from_index() anymore, that
code can be moved to pc.c.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Instead of setting APIC ID automatically when creating a X86CPU, require
the property to be set before realizing the object (which all callers of
cpu_x86_create() already do).
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
The PC CPU initialization code already sets apic-id based on the CPU
topology, and CONFIG_USER doesn't need the topology-based APIC ID
calculation code.
Make CONFIG_USER set apic-id before realizing the CPU (just like PC
already does), so we can simplify x86_cpu_initfn later. As there is no
CPU topology configuration in CONFIG_USER, just use cpu_index as the
APIC ID.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
This was the only caller of cpu_init() that was not checking for NULL
yet.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
The field doesn't need to be inside CPUState, and it is not specific for
the CPUID instruction, so move and rename it.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Instead of putting extra logic inside cpu.h, just do everything inside
cpu_x86_init_user().
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
The function is used only for CONFIG_USER, so make its purpose clear.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
This will allow the PC code to use the header, and lets us eliminate the
QEMU_INCLUDES hack inside tests/Makefile.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
The function was used in only two places. In one of them, the function
made the code less readable by requiring temporary te[bcd]x variables.
In the other one we can simply inline the existing code.
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
listflags() had lots of unnecessary complexity. Instead of printing to a
buffer that will be immediately printed, simply call the printing
function directly. Also, remove the fbits and flags arguments that were
always set to the same value. Also, there's no need to list the flags in
reverse order.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
hmp: Normalize HMP command handler names
# gpg: Signature made Wed Feb 18 10:59:44 2015 GMT using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>"
* remotes/armbru/tags/pull-monitor-2015-02-18:
hmp: Name HMP info handler functions hmp_info_SUBCOMMAND()
hmp: Name HMP command handler functions hmp_COMMAND()
hmp: Clean up declarations for long-gone info handlers
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
usb: error handling fixes from Markus, make sysbus ehci arm-only.
# gpg: Signature made Wed Feb 18 09:54:13 2015 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-usb-20150218-1:
Make sysbus EHCI devices ARM only by default
PPC: Don't use legacy -usbdevice support for setting up board
r2d: Don't use legacy -usbdevice support for setting up board
usb: Change usb_create_simple() to abort on failure
usb: Suppress bogus error when automatic usb-hub creation fails
usb: Do not prefix error_setg() messages with "Error: "
usb: Improve -usbdevice error reporting a bit
usb: usb_create() can't fail, drop useless error handling
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
tag for qga-pull-2015-02-16-v2
v2:
* generalized QAPI function definition for guest-memory-block-size
to guest-memory-block-info for future extensibility (Eric)
# gpg: Signature made Tue Feb 17 22:36:08 2015 GMT using RSA key ID F108B584
# gpg: Good signature from "Michael Roth <flukshun@gmail.com>"
# gpg: aka "Michael Roth <mdroth@utexas.edu>"
# gpg: aka "Michael Roth <mdroth@linux.vnet.ibm.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: CEAC C9E1 5534 EBAB B82D 3FA0 3353 C9CE F108 B584
* remotes/mdroth/tags/qga-pull-2015-02-16-v2-tag:
qemu-ga-win: Fail loudly on bare 'set-time'
qga: add memory block command that unsupported
qga: implement qmp_guest_get_memory_block_info() for Linux with sysfs
qga: implement qmp_guest_set_memory_blocks() for Linux with sysfs
qga: implement qmp_guest_get_memory_blocks() for Linux with sysfs
qga: introduce three guest memory block commmands with stubs
qga: implement file commands for Windows guest
guest agent: guest-file-open: refactoring
utils: drop strtok_r from envlist_parse
qga: add guest-set-user-password command
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
- vhost-scsi: add bootindex property
- RCU: fix MemoryRegion lifetime issues in PCI; document the rules;
convert of AddressSpaceDispatch and RAMList
- KVM: add kvm_exit reasons for aarch64
# gpg: Signature made Mon Feb 16 16:32:32 2015 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream: (21 commits)
Convert ram_list to RCU
exec: convert ram_list to QLIST
cosmetic changes preparing for the following patches
exec: protect mru_block with RCU
rcu: add g_free_rcu
rcu: introduce RCU-enabled QLIST
exec: RCUify AddressSpaceDispatch
exec: make iotlb RCU-friendly
exec: introduce cpu_reload_memory_map
docs: clarify memory region lifecycle
pci: split shpc_cleanup and shpc_free
pcie: remove mmconfig memory leak and wrap mmconfig update with transaction
memory: keep the owner of the AddressSpace alive until do_address_space_destroy
rcu: run RCU callbacks under the BQL
rcu: do not let RCU callbacks pile up indefinitely
vhost-scsi: set the bootable value of channel/target/lun
vhost-scsi: add a property for booting
vhost-scsi: expose the TYPE_FW_PATH_PROVIDER interface
vhost-scsi: add bootindex property
qdev: support to get a device firmware path directly
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Pull request
v2:
* Fix C11 typedef redefinitions in ahci and libqos malloc [Peter]
* Fix lx -> PRIx64 format specifiers in ahci [Peter]
# gpg: Signature made Mon Feb 16 15:45:53 2015 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/block-pull-request: (65 commits)
block: Keep bdrv_check*_request()'s return value
block: Remove "growable" from BDS
block: Clamp BlockBackend requests
qemu-io: Use BlockBackend
qemu-io: Remove "growable" option
qemu-io: Use blk_new_open() in openfile()
qemu-nbd: Use blk_new_open() in main()
qemu-img: Use BlockBackend as far as possible
qemu-img: Use blk_new_open() in img_rebase()
qemu-img: Use blk_new_open() in img_open()
block/xen: Use blk_new_open() in blk_connect()
blockdev: Use blk_new_open() in blockdev_init()
iotests: Add test for driver=qcow2, format=qcow2
block: Add Error parameter to bdrv_find_protocol()
block: Add blk_new_open()
block: Lift some BDS functions to the BlockBackend
iotests: Add test for qemu-img convert to NBD
qemu-img: Fix qemu-img convert -n
qemu-iotests: Add 093 for IO throttling
qemu-iotests: Allow caller to disable underscore convertion for qmp
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
vnc: fixup some QemuOpts conversion fallout.
# gpg: Signature made Mon Feb 16 08:13:32 2015 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-vnc-20150216-1:
vnc: fix coverity warning
ui/vnc: optimize full scanline updates
vnc: auto assian an id when calling change vnc qmp interface
vnc: introduce an wrapper for auto assign vnc id
vnc: using bool type instead of int for QEMU_OPT_BOOL
vnc: correct missing property about vnc_display
vnc: fix qemu crash when not configure vnc option
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
MIPS patches 2015-02-13
Changes:
* bug fixes, cleanups and minor improvements
# gpg: Signature made Sat Feb 14 17:01:37 2015 GMT using RSA key ID 0B29DA6B
# gpg: Can't check signature: public key not found
* remotes/lalrae/tags/mips-20150213-2:
linux-user: correct stat structure in MIPS N32
target-mips: pass 0 instead of -1 as rs in microMIPS LUI instruction
target-mips: fix broken snapshotting
target-mips: use CP0EnLo_XI instead of magic number
target-mips: ll and lld cause AdEL exception for unaligned address
target-mips: fix detection of the end of the page during translation
target-mips: Make CP0.Status.CU1 read-only for the 5Kc and 5KEc processors
isa: remove isa_mem_base variable
gt64xxx: remove isa_mem_base usage
piix4: use PCI address space instead of system memory
mips: remove isa_mem_base usage
jazz: remove usage of isa_mem_base
jazz: do not explode QEMUMachineInitArgs structure
isa: add memory space parameter to isa_bus_new
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
It's the same old loop copied five times, plus another instance where
it's clipped to two iterations and unrolled.
No external users of serial_isa_init() are left, so give it internal
linkage.
Maintainers of affected machines cc'ed.
Cc: Richard Henderson <rth@twiddle.net>
Cc: Anthony Liguori <aliguori@amazon.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
etsec_create() is a helper to create and realize the eTSEC. It's
currently unused. Similar helpers for other NICs use
qdev_init_nofail(). Match that.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
grlib_irqmp_create(), grlib_gptimer_create() and
grlib_apbuart_create() are helpers to create and realize GRLIB
devices. Their only caller leon3_generic_hw_init() doesn't check for
failure. Only the first can actually fail, and only when the caller
fails to set up a pointer property, which is a programming error.
Replace qdev_init() by qdev_init_nofail().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
isa_ide_init()'s callers don't check for failure. isa_ide_init()
looks like it could fail, but since isa_ide_realizefn() can't fail, it
actually can't. Replace its qdev_init() by qdev_init_nofail() to make
it obvious.
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This function does some initialization that needs to be done after
machine init. The function may be eventually removed if we move the
CPUState.numa_node initialization to the CPU init code, but while the
function exists, lets give it a name that makes sense.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Renaming set_numa_nodes() and numa_init_func() to parse_numa_opts() and
parse_numa() makes the purpose of those functions clearer.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
There's no need to zero-initialize globals, they are automatically
initialized to zero.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Not all sysemu.h users need the NUMA declarations, and keeping them in a
separate file makes it easier to see what are the interfaces provided by
numa.c.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
It's not easy to figure out how monitor translates
strings: most QEMU code deals with translated indexes,
these are translated using _lookup arrays,
so you need to find the array name, and find the
appropriate offset.
This patch adds C99 indexes to lookup arrays, which makes it possible to
find the correct key using simple grep, and see that the matching is
correct at a glance.
Example:
Before:
const char *MigrationCapability_lookup[] = {
"xbzrle",
"rdma-pin-all",
"auto-converge",
"zero-blocks",
NULL,
};
After:
const char *MigrationCapability_lookup[] = {
[MIGRATION_CAPABILITY_XBZRLE] = "xbzrle",
[MIGRATION_CAPABILITY_RDMA_PIN_ALL] = "rdma-pin-all",
[MIGRATION_CAPABILITY_AUTO_CONVERGE] = "auto-converge",
[MIGRATION_CAPABILITY_ZERO_BLOCKS] = "zero-blocks",
[MIGRATION_CAPABILITY_MAX] = NULL,
};
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Fix this warning:
hmp.c:414:38: warning: Using plain integer as NULL pointer
qmp_query_block expects a pointer argument, so passing false is wrong.
Cc: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
'git shortlog 8936dbb2..4c59f5d8' for seabios repo:
David Woodhouse (4):
Update EFI_COMPATIBILITY16_TABLE to match 0.98 spec update
build: use -m16 where available instead of asm(".code16gcc")
romlayout: Use .code16 not .code16gcc
vgabios: Use .code16 not .code16gcc
Gerd Hoffmann (2):
add scripts/tarball.sh
build: set LC_ALL=C
Hannes Reinecke (1):
megasas: read addional PCI I/O bar
Ian Campbell (1):
romlayout: Use "rep ; nop" not "rep nop".
Kevin O'Connor (139):
vgabios: Return from handle_1011() if handler found.
edd: Move EDD get drive parameters (int 1348) logic from disk.c to block.c.
edd: Use sectors==-1 to detect removable media.
edd: Separate out ATA and virtio specific parts of fill_edd().
cdemu: store internal cdemu fields in standard "el-torito" spec format.
Move cdemu call interface and disk_ret helper code to disk.c.
smm: Replace SMI assembler code with C code.
smm: Use a C struct to define the layout of the SMM area.
smp: Replace QEMU SMP init assembler code with C; run only in 32bit mode.
Don't enable thread preemption during S3 resume vga option rom execution.
Remove old Bochs bios fixed address string at 0xfff00.
Move most of the VAR16FIXED() defs to misc.c.
build: Avoid absolute paths during "whole-program" compiling.
Make sure handle_smi() and handle_smp() are compiled out if not enabled.
Remove the TODO file.
Abstract reset call (and possible 16bit mode switch) into reset() function.
build: Remove unused function getSectionsStart() from layoutrom.py.
build: Extract section visiting logic in layoutrom.py.
build: Refactor layoutrom.py gc() function.
build: Use customized entry point for each type of build.
build: Refactor findInit() function.
build: Rework getRelocs() to use a hash instead of categories in layoutrom.py
build: Keep segmented sections separate until final link step.
build: Use fileid instead of category to write sections in layoutrom.py.
build: Only export needed fields in LayoutInfo in layoutrom.py.
build: Get fixed address variables from 32bit compile pass (not 16bit)
build: Minor - fix comments referring to old tools/ directory.
xhci: Update the times for usb command timeouts.
ehci: Update usb command timeouts to use usb_xfer_time()
uhci: Update usb command timeouts to use usb_xfer_time()
ohci: Update usb command timeouts to use usb_xfer_time()
vgabios: Fix broken build resulting from e5749978.
boot: Change ":rom%d" boot order rom instance to ":rom%x"
Minor - remove stray tab from src/fw/smm.c.
build: Update kconfig to version in Linux 3.16.
usb: Fix usb_xfer_time() to work when called in 16bit mode.
xhci: Call usb_desc2pipe() on xhci_update_pipe().
xhci: Remove 16bit code wrappers.
xhci: Use high memory instead of low memory for internal storage.
xhci: Move root hub and setup code to top of file.
xhci: Add xhci_check_ports() and xhci_free_pipes() functions.
ehci: Move port power up from ehci_hub_detect() to check_ehci_ports().
usb-hub: Enable power to all ports prior to calling usb_enumerate().
xhci: Change xhci_hub_detect() to use connect status instead of link state.
uhci: Repeatedly poll for device detect for 100ms.
ohci: Repeatedly poll for device detect for 100ms.
ehci: Stall uhci/ohci init only until default port routing is done.
usb: Perform device detect polling on all usb controllers.
ehci: Fix bug in hub port assignment
Revert "Use the extra stack for 16bit USB and PS2 keyboard/mouse commands."
pmm: Fix entry point to support non-zero %ss
Move stack hop code below call32/call16 code in stacks.c
Add need_hop_back() call that determines if stack_hop_back is needed
Update invoke_mouse_handler() to use need_hop_back()
Update stack_hop_back() to jump to 16bit mode if called in 32bit mode.
Track when entering via call32() and use the same mode for stack_hop_back()
Simplify farcall16 code
Update reset() to use call16_back()
build: Support declaring 32bit C functions that must reside in the f-segment
Move call16() functions from romlayout.S to inline assembler in stacks.c
Break up call32() into call32() and call32_sloppy()
Fully restore 16bit state during call16_sloppy()
Implement call32 mechanism using SMIs.
Move a20 code from system.c and ps2port.h to x86.h
Backup and restore a20 on call32_sloppy()
usb: Rename ?hci_control() to ?hci_send_control()
usb: Rename usb_getFrameExp() to usb_get_period()
usb: Rename findEndPointDesc() to usb_find_desc()
usb: Rename send_default_control() to usb_send_default_control()
usb: Rename free_pipe() to usb_free_pipe()
usb: Clarify usb freelist manipulations
xhci: Change xhci_update_pipe() to xhci_realloc_pipe() and use for alloc too
uhci: Export uhci_realloc_pipe() instead of uhci_alloc_pipe()
ohci: Export ohci_realloc_pipe() instead of ohci_alloc_pipe()
ehci: Export ehci_realloc_pipe() instead of ehci_alloc_pipe()
usb: Use usb_realloc_pipe for pipe alloc, update, and free.
Use 32bit memcpy in int1587 when applicable
Don't clobber %ax on ENTRY_INTO32 macro
Create assembler macros for saving and restoring 'struct bregs'
Do full BREGS backup/restore for pmm, pnp, and irqentry_extrastack
Remove unused macro ENTRY_ST
vgabios: Don't declare custom internal BDA storage in std/bda.h
vgabios: Cache a pointer to the current mode struct in the BDA
vgabios: Don't pass vmode_g to vgafb_move_chars() / vgafb_clear_chars()
vgabios: Rename vbe_flags to flags
vgabios: Set cursor shape fixes
vgabios: Refactor get/set_cursor_shape() code
vgabios: Only init BDA device details in init_bios_area()
vgabios: Only set the dcc_index=8 if stdvga ports are available
vgabios: Move standard table definitions to std/vga.h
vgabios: Fill in available legacy modes in video_func_static at runtime
vgabios: Add support for reading framebuffer in "direct" mode
Fix PNP regression introduced in 99cb8f3e due to missed conversion
Minor - move PORT_PS2_CTRLB from hw/ps2port.h to hw/timer.c
vgabios: Support emulating text mode attributes while in graphics mode
vgabios: Add software cursor capability
Use an aligned stack offset when entering on the extra stack
Minor - comment updates in romlayout.S
Fix build issue on gcc34
pciinit: Fix build warning in mch_pci_slot_get_irq()
floppy: Make sure to yield() during floppy PIO
Minor - be consistent in placement of .code16/32 in romlayout.S
Use macros for .code16/32 mode switches in inline asm in stacks.c
Eliminate FUNCFSEG - only force portions of inline asm to f-segment
usb: Update USB hub code to support super speed hubs
Simplify README files - point to online documentation instead
sdcard: Initial support for SD cards on PCI SDHCI controllers on QEMU
Add wiki documentation to repository
docs: Don't point to repo README files
docs: Add info on MODE16/MODESEGMENT compile time flags
docs: Add page describing SeaBIOS final object linking
scsi: Move cdb_* functions above scsi_* functions
scsi: Move process_scsi_op() to hw/blockcmd.c and rename
cdrom: call scsi_process_op() instead of cdb_read()
scsi: Don't export cdb_* functions
cdrom: Break up very large read requests into smaller requests
block: Check for read/write requests over 64K
usb: Add support for OHCI bulk transfers
readserial: Enhance pipe support
docs: Add documentation on using readserial.py script
uhci: Enable "depth" tree traversal for bulk transfers
uhci: Increase bulk transfer STACKTDS to 16
vgabios: Support emulated text in gfx_read_char()
ehci: No need to support td array wrapping
ehci: Simplify fillTDbuffer() and rename
ehci: Merge ehci_send_control with ehci_send_bulk
ohci: Merge ohci_send_control with ohci_send_bulk
uhci: Merge uhci_send_control with uhci_send_bulk
xhci: Merge xhci_send_control with xhci_send_bulk
usb: Use usb_send_pipe() now that all drivers have x_send_pipe()
xhci: Move xhci_xfer_x() functions together
xhci: Merge some xhci_xfer_x() functions into xhci_send_pipe()
usb: Control transfers always have an 8 byte command size
usb: Minor - properly free memory on get_device_config() error path
checkstack: Handle callw instruction
docs: Document why v1.6.3 release came after v0.6.2
docs: Update release history with dates of stable releases
docs: There is only one VAR16 flag now
docs: Note v1.8.0 release
Marcel Apfelbaum (1):
hw/pci: reserve IO and mem for pci express downstream ports with no devices attached
Markus Armbruster (1):
boot: Fix boot order for SCSI target, lun > 9
Paolo Bonzini (5):
piix: add and use dev-piix.h
smm: complete SMM setup
smm: unify SMM handlers
vgabios: fix graphics operation with Bochs VGA in non-DISPI modes
vgabios: implement read char in graphics mode
zhanghailiang (1):
acpi: use specified macro instead of magic-number
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Some are called do_info_SUBCOMMAND() (old ones, usually), some
hmp_info_SUBCOMMAND(), some SUBCOMMAND_info(), sometimes SUBCOMMAND
pointlessly differs in spelling.
Normalize to hmp_info_SUBCOMMAND(), where SUBCOMMAND is exactly the
subcommand name with '-' replaced by '_'.
Exceptions:
* sun4m_irq_info(), sun4m_pic_info() renamed to sun4m_hmp_info_irq(),
sun4m_hmp_info_pic().
* lm32_irq_info(), lm32_pic_info() renamed to lm32_hmp_info_irq(),
lm32_hmp_info_pic().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Some are called do_COMMAND() (old ones, usually), some hmp_COMMAND(),
and sometimes COMMAND pointlessly differs in spelling.
Normalize to hmp_COMMAND(), where COMMAND is exactly the command name
with '-' replaced by '_'.
Exceptions:
* do_device_add() and client_migrate_info() *not* renamed to
hmp_device_add(), hmp_client_migrate_info(), because they're also
QMP handlers. They still need to be converted to QAPI.
* do_memory_dump(), do_physical_memory_dump(), do_ioport_read(),
do_ioport_write() renamed do hmp_* instead of hmp_x(), hmp_xp(),
hmp_i(), hmp_o(), because those names are too cryptic for my taste.
* do_info_help() renamed to hmp_info_help() instead of hmp_info(),
because it only covers help.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
A number of ARM embedded boards include EHCI USB host controllers which
appear as directly mapped devices, rather than sitting on a PCI bus.
At present code to emulate such devices is included whenever EHCI support
is included. This patch adjusts teh config options to only include them
in builds targetting ARM by default.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
It's tempting, because usbdevice_create() is so simple to use. But
there's a lot of unwanted complexity behind the simple interface.
Switch to usb_create_simple().
Cc: Alexander Graf <agraf@suse.de>
Cc: qemu-ppc@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
It's tempting, because usbdevice_create() is so simple to use. But
there's a lot of unwanted complexity behind the simple interface.
Switch to usb_create_simple().
Cc: Magnus Damm <magnus.damm@gmail.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Instead of returning null pointer. Matches pci_create_simple(),
isa_create_simple(), sysbus_create_simple(). It's unused since the
previous commit, but I'll put it to use again shortly.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
USBDevice's realize method usb_qdev_realize() automatically creates a
usb-hub when only one port is left. Creating devices in realize
methods is questionable, but works.
If usb-hub creation fails, an error is reported to stderr, but the
failure is otherwise ignored. We then create the actual device using
the last port, which may well succeed.
Example:
$ qemu -nodefaults -S -display none -machine usb=on -monitor stdio
QEMU 2.2.50 monitor - type 'help' for more information
(qemu) device_add usb-mouse
[Repeat 36 times]
(qemu) info usb
Device 0.0, Port 1, Speed 12 Mb/s, Product QEMU USB Mouse
Device 0.0, Port 2, Speed 12 Mb/s, Product QEMU USB Hub
Device 0.0, Port 2.1, Speed 12 Mb/s, Product QEMU USB Mouse
[More mice and hubs omitted...]
Device 0.0, Port 2.8.8.8.8.7, Speed 12 Mb/s, Product QEMU USB Mouse
(qemu) device_add usb-mouse
usb hub chain too deep
Failed to initialize USB device 'usb-hub'
(qemu) info usb
[...]
Device 0.0, Port 2.8.8.8.8.7, Speed 12 Mb/s, Product QEMU USB Mouse
Device 0.0, Port 2.8.8.8.8.8, Speed 12 Mb/s, Product QEMU USB Mouse
Despite the "Failed" message, the command actually succeeded.
In QMP, it's worse. When adding the 37th mouse via QMP, the command
fails with
{"error": {"class": "GenericError", "desc": "usb hub chain too deep"}}
Additionally, "Failed to initialize USB device 'usb-hub'" is reported
on stderr. Despite the command failure, the device was created. This
is wrong.
Fix by avoiding qdev_init() for usb-hub creation, so we can ignore
errors cleanly.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Because it produces beauties like
(qemu) usb_add mouse
Failed to initialize USB device 'usb-mouse': Error: tried to attach usb device QEMU USB Mouse to a bus with no free ports
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Most LegacyUSBFactory usbdevice_init() methods realize with
qdev_init_nofail(), even though their caller usbdevice_create() can
handle failure. Okay if it really can't fail (I didn't check), but
somewhat brittle.
usb_msd_init() and usb_bt_init() call qdev_init(). The latter
additionally reports an error when qdev_init() fails.
Realization failure produces multiple error reports: a specific one
from qdev_init(), and generic ones from usb_bt_init(),
usb_create_simple(), usbdevice_create() and usb_parse().
Remove realization from the usbdevice_init() methods. Realize in
usbdevice_create(), and produce exactly one error message there. You
still get another one from usb_parse().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
qerror_report_err() is a transitional interface to help with
converting existing monitor commands to QMP. It should not be used
elsewhere. Replace by error_report_err() in legacy chardev parser
qemu_chr_parse_compat(). Legacy chardev syntax is not to be used in
QMP.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
qerror_report_err() is a transitional interface to help with
converting existing monitor commands to QMP. It should not be used
elsewhere. Replace by error_report_err().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
qerror_report_err() is a transitional interface to help with
converting existing monitor commands to QMP. It should not be used
elsewhere. Replace by error_report_err() in initial startup helpers
machine_set_property() and object_create().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
qerror_report_err() is a transitional interface to help with
converting existing monitor commands to QMP. It should not be used
elsewhere. Replace by error_report_err() in initial startup helper
configure_tpm().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
qerror_report_err() is a transitional interface to help with
converting existing monitor commands to QMP. It should not be used
elsewhere. Replace by error_report_err() in initial startup helper
numa_init_func() and board setup helper
memory_region_allocate_system_memory().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
qerror_report_err() is a transitional interface to help with
converting existing monitor commands to QMP. It should not be used
elsewhere. Replace by error_report_err() in HMP command handler
hmp_host_net_add() and initial startup helpers net_init_client(),
net_init_netdev(). Keep it in QMP command handler qmp_netdev_add().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
qerror_report_err() is a transitional interface to help with
converting existing monitor commands to QMP. It should not be used
elsewhere. Replace by error_report_err() in HMP command handler
hmp_trace_event().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
monitor_handle_fd_param() is a wrapper around
monitor_handle_fd_param2() that feeds errors to qerror_report_err()
instead of returning them. qerror_report_err() is inappropriate in
many contexts. monitor_handle_fd_param() looks simpler than
monitor_handle_fd_param2(), which tempts use. Remove the temptation:
drop the wrapper and open-code the (trivial) error handling instead.
Replace the open-coded qerror_report_err() by error_report_err() in
places that already use error_report(). Turns out that's everywhere.
While there, rename monitor_handle_fd_param2() to monitor_fd_param().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
I've typed error_report("%s", error_get_pretty(ERR)) too many times
already, and I've fixed too many instances of qerror_report_err(ERR)
to error_report("%s", error_get_pretty(ERR)) as well. Capture the
pattern in a convenience function.
Since it's almost invariably followed by error_free(), stuff that into
the convenience function as well.
The next patch will put it to use.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
We get two error messages: one from monitor_handle_fd_param2(), and
another one from vhost_scsi_realize(). The second one gets suppressed
in QMP context.
That's because monitor_handle_fd_param() calls qerror_report_err().
Calling qerror_report_err() is always inappropriate in realize
methods, because it doesn't return the Error object. It either
reports the error to stderr or the human monitor, or it stores it in
the QMP monitor, where it makes the QMP command fail even when the
realize method ignores the error and succeeds. Fortunately,
vhost_scsi_realize() doesn't do that.
Fix by switching to monitor_handle_fd_param2().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Change the handler for STCRW to use the new logical memory access
functions. Since STCRW is suppressed on protection/access exceptions,
we also have to make sure to re-queue the CRW in case it could not be
written to the memory.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Change the TSCH handler to use the new logical memory access functions.
Since the channel should not be updated in case of a protection or access
exception while writing to the guest memory, the css_do_tsch() has to be
split up into two parts, one for retrieving the IRB and one for the update.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Move the setting of the condition code from kvm.c into the handler
function in ioinst.c itself, just like it has been done with the other
handlers already (TSCH has just not been changed yet since it is called
from a different dispatcher in kvm.c).
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
According to the POP specification, the parameter blocks of various
functions like the IO instructions are accessed with logical addresses.
Thus we need a function that can read or write a buffer from/to the
guest's logical address space.
This patch now provides a function that can be used to access virtual
guest memory by using the mmu_translate function of QEMU to convert
the virtual addresses to physical.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Program access exceptions are defined to deliver a translation exception
code in the low-core. Add a function trigger_access_exception() that
generates the proper program interrupt on both KVM and non-KVM systems
and switch the existing code to use it.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
We can get rid of the switch(asc) in mmu_translate_asc() by simply
selecting the right control register ASCE in the mmu_translate()
function already.
This patch is based on an original patch/idea by Ralf Hoppe.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
An Address Space Control Element (ASCE) is only the very first unit of
an s390 address translation (normally residing in one of the control
registers). The entries in the page tables are called differently.
So let's call the relevant variable pt_entry instead of asce in
mmu_translate_pte() to avoid future confusion (thus there is no
functional change in this patch, just renaming).
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
The address space bits in the translation exception code were wrong.
In fact, we can simply copy the bits from the PSW, so there's no need
for the trans_bits() function anymore.
Additionally, we now also set the fetch/store bits in the translation
exception code, so a guest can determine whether the exception occured
during a write or during a read.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
When a fault occurs during the MMU lookup in s390_cpu_get_phys_page_debug(),
the trigger_page_fault() function writes the translation exception code
into the lowcore - something you would not expect during a memory access
by the debugger. Ease this problem by adding an additional parameter to
mmu_translate() which can be used to specify whether a program check and
the translation exception code should be injected or not.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
The ACSEs have a table length field and the region entries have
table length and offset fields which must be checked during
translation to see whether the given virtual address is really
covered by the translation table.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
The current code used a wrong and very confusing way of dealing with
the table levels by introducing a "fake level above current". However,
the real problem was simply that the checks for the region/segment
invalid bit and for the matching region/segment level was done at the
wrong spot in the code - it has to be done after the first table entry
has been looked up instead (e.g. there is also no "invalid" bit in the
ASCE itself and the current "level" has to be the same as the level in
the entry that we just looked up).
Also the entries for the segment table are quite a bit different compared
to the region table entries. So this patch moves the related code into the
function mmu_translate_segment() to make it clear at which table level we
currently are and to get rid of the ugly switch-statement in the function
mmu_translate_region().
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
helper.c is quite overcrowded already, so let's move the MMU
translation to a separate file instead (like it has been done
with the other targets already).
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
The command is not implemented correctly yet. The documentation allows
to not pass any value to set, in which case the time is re-read from
RTC. However, reading CMOS on Windows is not trivial to implement. So
instead of pretending we've set the correct time, fail explicitly.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This conveys general information about guest memory blocks. Currently,
just the memory block size.
The size of a memory block is architecture dependent, it represents the logical
unit upon which memory online/offline operations are to be performed.
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
*generalized guest-get-memory-block-size to get-get-memory-block-info
for future extensibility
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
We can change guest's online/offline state of memory blocks, by using
command 'guest-set-memory-blocks'.
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
We can get guest's memory block information by using command
"guest-get-memory-blocks", the returned value contains a list of memory block
info, such as phys-index, online state, can-offline info.
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
*replaced guest-triggerable assertion with an error msg
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Introduce three new guest commands:
guest-get-memory-blocks, guest-set-memory-blocks, guest-get-memory-block-size.
With these three commands, we can support online/offline guest's memory block
(logical memory hotplug/unplug) as required from host.
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
*generalized guest-get-memory-block-size to get-get-memory-block-info
for future extensibility
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The following commands are implemented:
- guest_file_open
- guest_file_close
- guest_file_write
- guest_file_read
- guest_file_seek
- guest_file_flush
Motivation is quite simple: Windows guests should be supported with the
same set of features as Linux one. Also this patch is a prerequisite for
Windows guest-exec command support.
Signed-off-by: Olga Krishtal <okrishtal@parallels.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The problem is that mingw 4.9.1 fails to compile the code with the
following warning:
/mingw/include/string.h:88:9: note: previous declaration of 'strtok_r'
was here
char *strtok_r(char * __restrict__ _Str,
const char * __restrict__ _Delim,
char ** __restrict__ __last);
/include/sysemu/os-win32.h:83:7: warning: redundant redeclaration of
'strtok_r' [-Wredundant-decls]
char *strtok_r(char *str, const char *delim, char **saveptr);
The problem is that compiles just fine on previous versions of mingw.
Compiler version check here is not a good idea. Though fortunately
strtok_r is used only once in the code and we could simply rewrite
the code without it.
Signed-off-by: Olga Krishtal <okrishtal@parallels.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Eric Blake <eblake@redhat.com>
CC: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Add a new 'guest-set-user-password' command for changing the password
of guest OS user accounts. This command is needed to enable OpenStack
to support its API for changing the admin password of guests running
on KVM/QEMU. It is not practical to provide a command at the QEMU
level explicitly targetting administrator account password change
only, since different guest OS have different names for the admin
account. While UNIX systems use 'root', Windows systems typically
use 'Administrator' and even that can be renamed. Higher level apps
like OpenStack have the ability to figure out the correct admin
account name since they have info that QEMU/libvirt do not.
The command accepts either the clear text password string, encoded
in base64 to make it 8-bit safe in JSON:
$ echo -n "123456" | base64
MTIzNDU2
$ virsh -c qemu:///system qemu-agent-command f21x86_64 \
'{ "execute": "guest-set-user-password",
"arguments": { "crypted": false,
"username": "root",
"password": "MTIzNDU2" } }'
{"return":{}}
Or a password that has already been run though a crypt(3) like
algorithm appropriate for the guest, again then base64 encoded:
$ echo -n '$6$n01A2Tau$e...snip...DfMOP7of9AJ1I8q0' | base64
JDYkb...snip...YT2Ey
$ virsh -c qemu:///system qemu-agent-command f21x86_64 \
'{ "execute": "guest-set-user-password",
"arguments": { "crypted": true,
"username": "root",
"password": "JDYkb...snip...YT2Ey" } }'
NB windows support is desirable, but not implemented in this
patch.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Allow "unlocked" reads of the ram_list by using an RCU-enabled QLIST.
The ramlist mutex is kept. call_rcu callbacks are run with the iothread
lock taken, but that may change in the future. Writers still take the
ramlist mutex, but they no longer need to assume that the iothread lock
is taken.
Readers of the list, instead, no longer require either the iothread
or ramlist mutex, but they need to use rcu_read_lock() and
rcu_read_unlock().
One place in arch_init.c was downgrading from write side to read side
like this:
qemu_mutex_lock_iothread()
qemu_mutex_lock_ramlist()
...
qemu_mutex_unlock_iothread()
...
qemu_mutex_unlock_ramlist()
and the equivalent idiom is:
qemu_mutex_lock_ramlist()
rcu_read_lock()
...
qemu_mutex_unlock_ramlist()
...
rcu_read_unlock()
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Mike Day <ncmike@ncultra.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Add RCU-enabled variants on the existing bsd DQ facility. Each
operation has the same interface as the existing (non-RCU)
version. Also, each operation is implemented as macro.
Using the RCU-enabled QLIST, existing QLIST users will be able to
convert to RCU without using a different list interface.
Signed-off-by: Mike Day <ncmike@ncultra.org>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Note that even after this patch, most callers of address_space_*
functions must still be under the big QEMU lock, otherwise the memory
region returned by address_space_translate can disappear as soon as
address_space_translate returns. This will be fixed in the next part
of this series.
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
After the previous patch, TLBs will be flushed on every change to
the memory mapping. This patch augments that with synchronization
of the MemoryRegionSections referred to in the iotlb array.
With this change, it is guaranteed that iotlb_to_region will access
the correct memory map, even once the TLB will be accessed outside
the BQL.
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This for now is a simple TLB flush. This can change later for two
reasons:
1) an AddressSpaceDispatch will be cached in the CPUState object
2) it will not be possible to do tlb_flush once the TCG-generated code
runs outside the BQL.
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
object_unparent should not be called until the parent device is going to be
destroyed. Only remove the capability and do memory_region_del_subregion
at unrealize time. Freeing the data structures is left in shpc_free, to
be called from the instance_finalize callback.
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This memory leak was introduced inadvertently by omitting object_unparent.
A better fix is to use the new memory_region_set_size instead of destroying
and recreating the MMIO region on the fly.
Also, ensure that unmapping and remapping the region is done atomically.
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
We get two error messages: a specific one from qdev_init(), and a
generic one from qdev_init_nofail(). The specific one gets suppressed
in QMP context. qdev_init_nofail() failing there is a bug, though.
Cut out the qdev_init() middle-man: realize the device, and on error
exit with a single error message.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Now that request clamping is done in the BlockBackend, the "growable"
field can be removed from the BlockDriverState. All BDSs are now treated
as being "growable" (that is, they are allowed to grow; they are not
necessarily actually able to).
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1423162705-32065-16-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
qemu-io should behave like a guest, therefore it should use BlockBackend
to access the block layer.
There are a couple of places where that is infeasible: First, the
bdrv_debug_* functions could theoretically be mirrored in the
BlockBackend, but since these are functions internal to the block layer,
they should not be visible externally (qemu-io as a test tool is exempt
from this).
Second, bdrv_get_info() and bdrv_get_specific_info() work on a single
BDS alone, therefore they should stay BDS-specific.
Third, bdrv_is_allocated() mainly works on a single BDS as well. Some
data may be passed through from the BDS's file (if sectors which are
apparently allocated in the file are not really allocated there but just
zero).
[Fixed conflicts around block_acct_start() usage from Fam Zheng's
"qemu-io: Account IO by aio_read and aio_write" commit. Use
BlockBackend and blk_get_stats() instead of BlockDriverState.
--Stefan]
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1423162705-32065-14-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Remove "growable" option from the "open" command and from the qemu-io
command line. qemu-io is about to be converted to BlockBackend which
will make sure that no request exceeds the image size, so the only way
to keep "growable" would be to use BlockBackend if it is not given and
to directly access the BDS if it is.
qemu-io is a debugging tool, therefore removing a rarely used option
will have only a very small impact, if any. There was only one
qemu-iotest which used the option; since it is not critical, this patch
just removes it.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1423162705-32065-13-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Although qemu-img already creates BlockBackends, it does not do accesses
to the images through them. This patch converts all of the bdrv_* calls
for which this is currently possible to blk_* calls. Most of the
remaining calls will probably stay bdrv_* calls because they really do
operate on the BDS level instead of the BB level.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1423162705-32065-10-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
As part of the required changes, this fixes a bug where specifying an
invalid driver would result in the block layer probing the image format;
now it will result in an error, unless "<unset>" is specified as the
driver name. Fixing this would require further work on the xen_disk code
which does not seem worth it (at this point and for this patch).
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1423162705-32065-7-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The argument given to bdrv_find_protocol() is just a file name, which
makes it difficult for the caller to reconstruct what protocol
bdrv_find_protocol() was hoping to find. This patch adds an Error
parameter to that function to solve this issue.
Suggested-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1423162705-32065-4-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
blk_new_with_bs() creates a BlockBackend with an empty BlockDriverState
attached to it. Empty BDSs are not nice, therefore add an alternative
function which combines blk_new_with_bs() with bdrv_open().
Note: In contrast to bdrv_open() which takes a BlockDriver parameter,
blk_new_open() does not take such a parameter. This is because
bdrv_open() opens a BlockDriverState, therefore it is natural to be able
to set the BlockDriver for that BDS. The fact that bdrv_open() can open
more than a single BDS is merely some form of a byproduct.
blk_new_open() on the other hand is intended to be used to create a
whole tree of BlockDriverStates. Therefore, setting a single BlockDriver
does not make much sense. Instead, the drivers to be used for each of
the nodes must be configured through the "options" QDict; including the
driver of the root BDS.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1423162705-32065-3-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Create the blk_* counterparts for the following bdrv_* functions (which
make sense to call on the BlockBackend level):
- bdrv_co_write_zeroes()
- bdrv_write_compressed()
- bdrv_truncate()
- bdrv_nb_sectors()
- bdrv_discard()
- bdrv_load_vmstate()
- bdrv_save_vmstate()
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1423162705-32065-2-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This case utilizes qemu-io command "aio_{read,write} -q" to verify the
effectiveness of IO throttling options.
It's implemented by driving the vm timer from qtest protocol, so the
throttling timers are signaled with determinied time duration. Then we
verify the completed IO requests are within 10% error of bps and iops
limits.
"null" protocol is used as the disk backend so that no actual disk IO is
performed on host, this will make the blockstats much more
deterministic. Both "null-aio" and "null-co" are covered, which is also
a simple cross validation test for the driver code.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1422586186-9925-6-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
QMP command "block_set_io_throttle" expects underscores in parameters
instead of dashes: {iops,bps}_{rd,wr,max}.
Add optional argument conv_keys (defaults to True, backward compatible),
it will be used in IO throttling test case.
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1422586186-9925-5-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This adds scripts/qtest.py as a python library for qtest protocol.
This is a skeleton with a basic "cmd" method to execute a command,
reading and parsing of qtest output could be added later on demand.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1422586186-9925-3-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
qemu_clock_run_timers() only takes care of main_loop_tlg, we shouldn't
forget aio timer list groups.
Currently, the qemu_clock_deadline_ns_all (a few lines above) counts all
the timergroups of this clock type, including aio tlg, but we don't fire
them, so they are never cleared, which makes a dead loop.
For example, this function hangs when trying to drive throttled block
request queue with qtest clock_step.
Signed-off-by: Fam Zheng <famz@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421661103-29153-1-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
If an internal snapshot can't be saved because migration is blocked
(most commonly probably because of AHCI), we had a really bad error
message:
$ echo -e "savevm foo\nquit" | qemu -M q35 /tmp/test.qcow2 -monitor stdio
QEMU 2.2.50 monitor - type 'help' for more information
(qemu) savevm foo
Error -22 while writing VM
(qemu) quit
This patch converts qemu_savevm_state() to the Error infrastructure so
that a useful error pointing to the problematic device is produced now:
$ echo -e "savevm foo\nquit" | qemu -M q35 /tmp/test.qcow2 -monitor stdio
QEMU 2.2.50 monitor - type 'help' for more information
(qemu) savevm foo
State blocked by non-migratable device '0000:00:1f.2/ich9_ahci'
(qemu) quit
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1423574702-23072-1-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
When we tested the VM migartion between different hosts with NBD
devices, we found if we sent a cancel command after the drive_mirror
was just started, a coroutine re-enter error would occur. The stack
was as follow:
(gdb) bt
00) 0x00007fdfc744d885 in raise () from /lib64/libc.so.6
01) 0x00007fdfc744ee61 in abort () from /lib64/libc.so.6
02) 0x00007fdfca467cc5 in qemu_coroutine_enter (co=0x7fdfcaedb400, opaque=0x0)
at qemu-coroutine.c:118
03) 0x00007fdfca467f6c in qemu_co_queue_run_restart (co=0x7fdfcaedb400) at
qemu-coroutine-lock.c:59
04) 0x00007fdfca467be5 in coroutine_swap (from=0x7fdfcaf3c4e8,
to=0x7fdfcaedb400) at qemu-coroutine.c:96
05) 0x00007fdfca467cea in qemu_coroutine_enter (co=0x7fdfcaedb400, opaque=0x0)
at qemu-coroutine.c:123
06) 0x00007fdfca467f6c in qemu_co_queue_run_restart (co=0x7fdfcaedbdc0) at
qemu-coroutine-lock.c:59
07) 0x00007fdfca467be5 in coroutine_swap (from=0x7fdfcaf3c4e8,
to=0x7fdfcaedbdc0) at qemu-coroutine.c:96
08) 0x00007fdfca467cea in qemu_coroutine_enter (co=0x7fdfcaedbdc0, opaque=0x0)
at qemu-coroutine.c:123
09) 0x00007fdfca4a1fa4 in nbd_recv_coroutines_enter_all (s=0x7fdfcaef7dd0) at
block/nbd-client.c:41
10) 0x00007fdfca4a1ff9 in nbd_teardown_connection (client=0x7fdfcaef7dd0) at
block/nbd-client.c:50
11) 0x00007fdfca4a20f0 in nbd_reply_ready (opaque=0x7fdfcaef7dd0) at
block/nbd-client.c:92
12) 0x00007fdfca45ed80 in aio_dispatch (ctx=0x7fdfcae15e90) at aio-posix.c:144
13) 0x00007fdfca45ef1b in aio_poll (ctx=0x7fdfcae15e90, blocking=false) at
aio-posix.c:222
14) 0x00007fdfca448c34 in aio_ctx_dispatch (source=0x7fdfcae15e90, callback=0x0,
user_data=0x0) at async.c:212
15) 0x00007fdfc8f2f69a in g_main_context_dispatch () from
/usr/lib64/libglib-2.0.so.0
16) 0x00007fdfca45c391 in glib_pollfds_poll () at main-loop.c:190
17) 0x00007fdfca45c489 in os_host_main_loop_wait (timeout=1483677098) at
main-loop.c:235
18) 0x00007fdfca45c57b in main_loop_wait (nonblocking=0) at main-loop.c:484
19) 0x00007fdfca25f403 in main_loop () at vl.c:2249
20) 0x00007fdfca266fc2 in main (argc=42, argv=0x7ffff517d638,
envp=0x7ffff517d790) at vl.c:4814
We find the nbd_recv_coroutines_enter_all function (triggered by a cancel
command or a network connection breaking down) will enter a coroutine which
is waiting for the sending lock. If the lock is still held by another coroutine,
the entering coroutine will be added into the co_queue again. Latter, when the
lock is released, a coroutine re-enter error will occur.
This bug can be fixed simply by delaying the setting of recv_coroutine as
suggested by paolo. After applying this patch, we have tested the cancel
operation in mirror phase looply for more than 5 hous and everything is fine.
Without this patch, a coroutine re-enter error will occur in 5 minutes.
Signed-off-by: Bn Wu <wu.wubin@huawei.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1423552846-3896-1-git-send-email-wu.wubin@huawei.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
A minor sanity check to assert that the sector size is 512.
The current block layer code deeply assumes that the IDE
sector size will be 512 bytes, so we carry forward that assumption
here.
This is useful for the DMA tests, which currently assume that
a sector will always be 512 bytes.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1423158090-25580-19-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Clean up guest memory being used in ahci_clean_mem, to be
called during ahci_shutdown. With all guest memory leaks removed,
add an option to the allocator to throw an assertion if a leak
occurs.
This test adds some sanity to both the AHCI library and the
allocator.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1423158090-25580-18-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
ahci_io is a wrapper around ahci_guest_io that takes a pointer to host
memory instead, and will create a guest memory buffer and copy the data
to/from as needed and as appropriate for a read/write command, such that
after a read, the guest data will be in a host buffer, and for a write,
the data will be transmitted to guest memory prior to the block operation.
Now that we have all the syntactic sugar functions in place for AHCI,
we can convert the identify test to be very, very short.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1423158090-25580-17-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This patch adds the AHCICommand structure, and a set of functions to
operate on the structure.
ahci_command_create - Initialize and create a new AHCICommand in memory
ahci_command_free - Destroy this object.
ahci_command_set_buffer - Set where the guest memory DMA buffer is.
ahci_command_commit - Write this command to the AHCI HBA.
ahci_command_issue - Issue the committed command synchronously.
ahci_command_issue_async - Issue the committed command asynchronously.
ahci_command_wait - Wait for an asynchronous command to finish.
ahci_command_slot - Get the number of the command slot we committed to.
Helpers:
size_to_prdtl - Calculate the required minimum PRDTL size from
a buffer size.
ahci_command_find - Given an ATA command mnemonic, look it up in the
properties table to obtain info about the command.
command_header_init - Initialize the command header with sane values.
command_table_init - Initialize the command table with sane values.
[Peter Maydell <peter.maydell@linaro.org> reported the following clang
warning:
tests/libqos/ahci.c:598:3: warning: redefinition
of typedef 'AHCICommand' is a C11 feature
[-Wtypedef-redefinition]
} AHCICommand;
I have replaced typedef struct ... AHCICommand; with struct ... ;
--Stefan]
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1423158090-25580-13-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Add a structure that defines some properties of various IDE commands.
These will be used to simplify the interface to the libqos AHCI calls,
lessening the redundancy of specifying and respecifying properties of
commands to various helper functions.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1423158090-25580-12-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Add human-readable command names and other miscellaneous #defines
to help make the code more readable.
Some of these definitions are not yet used in this current series,
but for convenience and sanity they have been lumped together here,
as it's more trouble than it is worth in a test suite to hand-pick,
one-by-one, which preprocessor definitions are useful per-each test.
These definitions include:
ATA Command Mnemonics
Current expected AHCI sector size
FIS magic bytes
REG_H2D_FIS flags
Command Header flags
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1423158090-25580-10-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This patch adds a few helpers to help sanity-check the response of the
AHCI device after a command.
ahci_d2h_check_sanity inspects the D2H Register FIS,
ahci_pio_check_sanity inspects the PIO Setup FIS, and
ahci_cmd_check_sanity inspects the command header.
To support the PIO sanity check, a new structure is added for the
PIO Setup FIS type. Existing FIS types (H2D and D2H) have had their
members renamed slightly to condense reserved members into fewer
fields; and LBA fields are now represented by arrays of 8 byte chunks
instead of independent variables.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1423158090-25580-9-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
A helper that compares a given port's current interrupts and checks them
against a supplied list of expected interrupt bits, and throws an error
if they do not match.
The helper then resets the requested interrupts on this port, and asserts
that the interrupt register is now empty.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1423158090-25580-7-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Adds command header helper functions:
-ahci_command_header_set
-ahci_command_header_get,
-ahci_command_destroy, and
-ahci_cmd_pick
These helpers help to quickly manage the command header information in
the AHCI device.
ahci_command_header_set and get will store or retrieve an AHCI command
header, respectively.
ahci_cmd_pick chooses the first available but least recently used
command slot to allow us to cycle through the available command slots.
ahci_command_destroy obliterates all information contained within a
given slot's command header, and frees its associated command table,
but not its DMA buffer!
Lastly, the command table pointer fields (dba and dbau) are merged into
a single 64bit value to make managing 64bit tests simpler.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1423158090-25580-5-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The structure name is a bit of a misnomer; the structure currently named
command is actually the commandheader. A future patch in this series
will add an actual "Command" structure, so we'll rename it now before the
rest of the functions in this series try to use it.
In addition, rename the "b1" and "b2" fields
to be a unified uint16_t named "flags."
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1423158090-25580-4-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Add a helper that assists in clearing out potentially old error and FIS
information from an AHCI port's data structures. This ensures we always
start with a blank slate for interrupt and FIS receipt information.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1423158090-25580-3-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The vring.c code currently assumes that guest and host endianness match,
which is not true for a number of cases:
- emulating targets with a different endianness than the host
- bi-endian targets, where the correct endianness depends on the virtio
device
- upcoming support for the virtio-1 standard mandates little-endian
accesses even for big-endian targets and hosts
Make sure to use accessors that depend on the virtio device.
Note that dataplane now needs to be built per-target.
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Fam Zheng <famz@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1422289602-17874-2-git-send-email-cornelia.huck@de.ibm.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
With global state removed, code responsible for booting up,
verifying, and initializing the AHCI HBA is extracted and
inserted into libqos/ahci.c, which would allow for other
qtests in the future to quickly grab a meaningfully initialized
reference to an AHCI HBA.
Even without other users, functionalizing and isolating the code
assists future AHCI tests that exercise Q35 migration.
For now, libqos/ahci.o will be PC-only, but can be expanded into
something arch-agnostic in the future, if needed.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421698563-6977-16-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Instead of re-querying the AHCI device for the FB and CLB buffers, save
the pointer we gave to the device during initialization and reference
these values instead.
[Peter Maydell <peter.maydell@linaro.org> reported the following clang
compiler warnings:
tests/libqos/ahci.c:256:40: warning: format specifies type 'unsigned
long' but the argument has type 'uint64_t'
(aka 'unsigned long long') [-Wformat]
g_test_message("CLB: 0x%08lx", ahci->port[i].clb);
tests/libqos/ahci.c:264:39: warning: format specifies type 'unsigned
long' but the argument has type 'uint64_t'
(aka 'unsigned long long') [-Wformat]
g_test_message("FB: 0x%08lx", ahci->port[i].fb);
The commit moved from uint32_t to uint64_t, so PRIx64 should be used for
the format specifier.
--Stefan]
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421698563-6977-15-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
These macros were a bad idea: They relied upon certain arguments being
present locally with a specific name.
With the endgoal being to factor out AHCI helper functions outside of
the test file itself, these have to be replaced by more explicit helper
setter/getter functions.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421698563-6977-14-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Introduce a set of "static inline" register helpers that are intended to
replace the current set of macros with more functional versions that are
better suited to inclusion in libqos than porcelain macros.
As a stopgap measure before eliminating the porcelain macros, define them
to use the new functions defined in the ahci.h header.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421698563-6977-13-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Store the HBA memory base address in the new state object, to simplify
function prototypes and encourage a more functional testing style.
This causes a lot of churn, but this patch is as "simplified" as I could
get it to be. This patch is therefore fairly mechanical and straightforward:
Any case where we pass "hba_base" has been consolidated into the AHCIQState
object and we pass the one unified parameter.
Any case where we reference "ahci" and "hba_state" have been modified to use
"ahci->dev" for the PCIDevice and "ahci->hba_state" to get at the base memory
address, accordingly.
Notes:
- A needless return is removed from start_ahci_device.
- For ease of reviewing, this patch can be reproduced (mostly) by:
# Replace (ahci, hba_base) prototypes with unified parameter
's/(QPCIDevice \*ahci, void \*\?\*hba_base/(AHCIQState *ahci/'
# Replace (ahci->dev, hba_base) calls with unified parameter
's/(ahci->dev, &\?hba_base)/(ahci)/'
# Replace calls to PCI config space using "ahci" with "ahci->dev"
's/qpci_config_\(read\|write\)\(.\)(ahci,/qpci_config_\1\2(ahci->dev,/'
After these, the remaining differences are easy to review by hand.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421698563-6977-9-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Create an operations structure so that the libqos interface can be
architecture agnostic, and create a pc-specific interface to functions
like qtest_boot.
Move the libqos object in the Makefile from being ahci-test only to
being linked with all tests that utilize the libqos features.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421698563-6977-8-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
To avoid the architecture-specific implementations of the generic qtest
allocator having to know about fields within the allocator, add a
page_size setter method for users or arch specializations to use.
The allocator will assume a default page_size for general use, but it
can always be overridden.
Since this was the last instance of code directly using properties of the
QGuestAllocator object directly, modify the type to be opaque and move
the structure inside of malloc.c.
mlist_new, which was previously exported, is made static local to malloc.c,
as it has no external users.
[Peter Maydell <peter.maydell@linaro.org> reported the following clang
warning:
tests/libqos/malloc.c:35:3: warning:
redefinition of typedef 'QGuestAllocator' is a C11 feature
[-Wtypedef-redefinition]
} QGuestAllocator;
I converted typedef struct ... QGuestAllocator; to struct ...;
--Stefan]
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Marc Marí <marc.mari.barcelo@gmail.com>
Message-id: 1421698563-6977-7-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The intent of this file is to serve as a misc. utilities file to be
shared amongst tests that are utilizing libqos facilities.
In a later patch, migration test helpers will be added to libqos.c that
will allow simplified testing of migration cases where libqos is
"Just Enough OS" for migrations testing.
The addition of the AHCIQState structure will also allow us to eliminate
global variables inside of qtests to manage allocators and test instances
in a better, more functional way.
libqos.c:
- Add qtest_boot
- Add qtest_shutdown
libqos.h:
- Create QOSState structure for allocator and QTestState.
ahci-test.c:
- Move qtest_boot and qtest_shutdown to libqos.c/h
- Create AHCIQState to interface with new qtest_boot/shutdown prototypes
- Modify tests slightly to use new types.
For now, the new object file is only linked to ahci-test, because it still
relies on pc architecture specific code in libqos. The next two patches will
reorganize the code to be more general.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421698563-6977-4-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Move the list-specific initialization over into
malloc.c, to keep all of the list implementation
details within the same file.
The allocation and freeing of these structures are
now both back within the same layer.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421698563-6977-2-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Before this patch, the "opaque" pointer in an NBD BDS points to a
BDRVNBDState, which contains an NbdClientSession object, which in turn
contains a pointer to the BDS. This pointer may become invalid due to
bdrv_swap(), so drop it, and instead pass the BDS directly to the
nbd-client.c functions which then retrieve the NbdClientSession object
from there.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1423256778-3340-2-git-send-email-mreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Currently when *obj is not a TYPE_DEVICE, QEMU will abort. This patch
fixes it. When *obj is not a TYPE_DEVICE, just do not add it to hotpluggable
device list.
This patch also fixes the following issue:
1. boot QEMU using cli:
$ /opt/qemu-git-arm/bin/qemu-system-x86_64 -monitor stdio -enable-kvm \
-device virtio-scsi-pci,id=scsi0
2. device_del scsi0 via hmp using tab key(first input device_del, then press
"Tab" key).
(qemu) device_del
After step 2, QEMU will abort.
(qemu) device_del hw/core/qdev.c:930:qdev_build_hotpluggable_device_list:
Object 0x5555563a2460 is not an instance of type device
Signed-off-by: Jun Li <junmuzi@gmail.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
vnc_display_local_addr will not be called with an invalid display id.
Add assert() to silence coverity warning about a null pointer dereference.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
in case we send and update for a complete scanline increment
the y offset to avoid running to find_next_bit for that lines
twice.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Only in this way, change vnc qmp interface can take effect,
because qemu_opts_find(&qemu_vnc_opts, id) will return NULL
in vnc_display_open(), It can't connect successfully vnc
server forever.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Whenever a reboot initiated by the guest is done, the reipl parameters should
remain valid. The disk configured by the guest is to be used for
ipl'ing. External reboot/reset request (e.g. via virsh reset guest) should
completely reset the guest to the initial state, and therefore also reset the
reipl parameters, resulting in an ipl behaviour of the initially configured
guest. This could be an external kernel or a disk.
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Fan Zhang <zhangfan@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
To support dynamically updating the IPL device from inside the KVM
guest on the s390 platform, DIAG 308 instruction is intercepted
in QEMU to handle the request.
Subcode 5 allows to specify a new boot device, which is saved for
later in the s390_ipl device. This also allows to switch from an
external kernel to a boot device.
Subcode 6 retrieves boot device configuration that has been previously
set.
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Fan Zhang <zhangfan@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Simple "hello world" MIPS N32 userland program crashes with segfault due to
incorrectly defined stat structure in QEMU.
Correct "target_stat" definition to match kernel's "stat64" as in MIPS N32
there are only plain "stat" syscalls using 64-bit structure.
Reported-by: Daniel Sanders <daniel.sanders@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Tested-by: Daniel Sanders <daniel.sanders@imgtec.com>
Reviewed-by: James Hogan <james.hogan@imgtec.com>
Using rs = -1 in gen_logic_imm() for microMIPS LUI instruction is dangerous
and may bite us when implementing microMIPS R6 because in R6 AUI and LUI
are distinguished by rs value. Therefore use 0 for safety.
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Recently added CP0.BadInstr and CP0.BadInstrP registers ended up in cpu_load()
under different offset than in cpu_save(). These and all registers between were
incorrectly restored.
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
The test is supposed to terminate TB if the end of the page is reached.
However, with current implementation it may never succeed for microMIPS or
mips16.
Reported-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Maciej W. Rozycki <macro@linux-mips.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Now that isa_mem_base variable is always 0, we can remove its usage.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Create a custom address space for PCI memory region and use it for the PCI bus.
Dynamically handle PCI0 Mem0 and PCI0 Mem1 regions, as already done for PCI0 IO.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
piix4 is only used on MIPS Malta board, which gives get_system_memory()
to pci_register_bus().
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Do assorted changes in memory-mapped rtc interface.
Also fix size of ISA I/O memory region, which should be 0x10000 bytes.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Also remove address_space and address_space_io parameters, which
where always get_system_memory() and get_system_io().
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Currently, keep current behaviour by always using get_system_memory().
Also use QOM casts when possible.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Convert to linked list.
# gpg: Signature made Fri 13 Feb 2015 05:40:41 GMT using RSA key ID 4DD0279B
# gpg: Good signature from "Richard Henderson <rth7680@gmail.com>"
# gpg: aka "Richard Henderson <rth@redhat.com>"
# gpg: aka "Richard Henderson <rth@twiddle.net>"
* remotes/rth/tags/pull-tcg-20150212:
tcg: Remove unused opcodes
tcg: Implement insert_op_before
tcg: Remove opcodes instead of noping them out
tcg: Put opcodes in a linked list
tcg: Introduce tcg_op_buf_count and tcg_op_buf_full
tcg: Move emit of INDEX_op_end into gen_tb_end
tcg: Reduce ifdefs in tcg-op.c
tcg: Move some opcode generation functions out of line
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target-arm queue:
* PCIe support in virt board
* Support 32-bit guests on 64-bit KVM hosts in virt board
* Fixes to avoid C undefined behaviour
# gpg: Signature made Fri 13 Feb 2015 05:53:07 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20150213:
target-arm: A64: Avoid signed shifts in disas_ldst_pair()
target-arm: A64: Avoid left shifting negative integers in disas_pc_rel_addr
target-arm: A64: Fix handling of rotate in logic_imm_decode_wmask
target-arm: A64: Fix shifts into sign bit
target-arm: Add AArch32 guest support to KVM64
target-arm: Add 32/64-bit register sync
target-arm: Add feature parsing to virt
target-arm: Add CPU property to disable AArch64
pci: Move PCI VGA to pci.mak
arm: Add PCIe host bridge in virt machine
pci: Add generic PCIe host bridge
pci: Allocate PCIe host bridge PCI ID
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The code in logic_imm_decode_wmask attempts to rotate a mask
value within the bottom 'e' bits of the value with
mask = (mask >> r) | (mask << (e - r));
This has two issues:
* if the element size is 64 then a rotate by zero results
in a shift left by 64, which is undefined behaviour
* if the element size is smaller than 64 then this will
leave junk in the value at bit 'e' and above, which is
not valid input to bitfield_replicate(). As it happens,
the bits at bit 'e' to '2e - r' are exactly the ones
which bitfield_replicate is going to copy in there,
so this isn't a "wrong code generated" bug, but it's
confusing and if we ever put an assert in
bitfield_replicate it would fire on valid guest code.
Fix the former by not doing anything if r is zero, and
the latter by masking with bitmask64(e).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1423233250-15853-3-git-send-email-peter.maydell@linaro.org
Adds registration and get/set functions for enabling/disabling the AArch64
execution state on AArch64 CPUs. By default AArch64 execution state is enabled
on AArch64 CPUs, setting the property to off, will disable the execution state.
The below QEMU invocation would have AArch64 execution state disabled.
$ ./qemu-system-aarch64 -machine virt -cpu cortex-a57,aarch64=off
Also adds stripping of features from CPU model string in acquiring the ARM CPU
by name.
Signed-off-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1423736974-14254-2-git-send-email-greg.bellows@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Every platform that supports PCI can also spawn the Bochs VGA PCI adapter. Move
it to pci.mak to enable it for everyone.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Now that we have a working "generic" PCIe host bridge driver, we can plug
it into ARM's virt machine to always have PCIe available to normal ARM VMs.
I've successfully managed to expose a Bochs VGA device, XHCI and an e1000
into an AArch64 VM with this and they all lived happily ever after.
Signed-off-by: Alexander Graf <agraf@suse.de>
Tested-by: Claudio Fontana <claudio.fontana@huawei.com>
[PMM: Squashed in fix for off-by-one error in bus-range DT property
from Laszlo Ersek <lersek@redhat.com>]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
With simple exposure of MMFG, ioport window, mmio window and an IRQ line we
can successfully create a workable PCIe host bridge that can be mapped anywhere
and only needs to get described to the OS using whatever means it likes.
This patch implements such a "generic" host bridge. It handles 4 legacy IRQ
lines. MSIs need to be handled external to the host bridge.
This device is particularly useful for the "pci-host-ecam-generic" driver in
Linux.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Tested-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We are going to introduce a PCIe host controller that doesn't exist that
way in real hardware, but still needs to expose some PCIe root device which
has PCI IDs.
Allocate a PCI ID in the Red Hat space that we use for other devices of this
kind.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We no longer need INDEX_op_end to terminate the list, nor do we
need 5 forms of nop, since we just remove the TCGOp instead.
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Rather reserving space in the op stream for optimization,
let the optimizer add ops as necessary.
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
With the linked list scheme we need not leave nops in the stream
that we need to process later.
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
The previous setup required ops and args to be completely sequential,
and was error prone when it came to both iteration and optimization.
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
The method by which we count the number of ops emitted
is going to change. Abstract that away into some inlines.
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Almost completely eliminates the ifdefs in this file, improving
confidence in the lesser used 32-bit builds.
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Some of these functions are really quite large. We have a number of
things that ought to be circularly dependent, but we duplicated code
to break that chain for the inlines.
This saved 25% of the code size of one of the translators I examined.
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
This needs to go away sooner or later, but one complication is the
complex VFIO data structures that are modified in instance_finalize.
Take a shortcut for now.
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Always process them within a short time. Even though waiting a little
is useful, it is not okay to delay e.g. qemu_opts_del forever.
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
At present, the target is valued boot_tpgt, In addition,
channel and lun both are 0 for bootable vhost-scsi device.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Bo Su <subo7@huawei.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Because Qemu only accept an wwpn argument for vhost-scsi, we
cannot assign a tpgt. That's say tpg is transparent for Qemu, Qemu
doesn't know which tpg can boot, but vhost-scsi driver module
doesn't know too for one assigned wwpn.
At present, we assume that the first tpg can boot only, and add
a boot_tpgt property that defaults to 0. Of course, people can
pass a valid value by qemu command line.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
In the way, we can make the bootindex property take effect.
At the meanwhile, the firmware path name of vhost-scsi is
"channel@channel/vhost-scsi@target,lun".
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
commit 6b1566c (qdev: Introduce FWPathProvider interface) did a
good job for supproting to get firmware path on some different
architectures.
Moreover further more, we can use the interface to get firmware
path name for a device which isn't attached a specific bus,
such as virtio-bus, scsi-bus etc.
When the device (such as vhost-scsi) realize the TYPE_FW_PATH_PROVIDER
interface, we should introduce a new function to get the correct firmware
path name for it.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch defines the list of kvm_exit reasons for aarch64. This list is
based on the Exception Class (EC) field of HSR register. With this patch
users can trace the execution of guest VMs better. A sample output from
command "kvm_stat -1 -t" is shown as the following:
<...>
kvm_exit(WATCHPT_HYP) 0 0
kvm_exit(WFI) 9422 9361
NOTE: This patch requires TRACE_EVENT(kvm_exit) to include exit_reason
field in TP_ARGS. A patch to upstream kernel has been submitted.
Signed-off-by: Wei Huang <wei@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This fixes a compiler error which occurs if DEBUG_VFIO is defined.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
The difference between v1 and v2 is fairly subtle, simply more
deterministic behavior for unmaps. The v1 interface allows the user
to attempt to unmap sub-regions of previous mappings, returning
success with zero size if unable to comply. This was a reflection of
the underlying IOMMU API. The v2 interface requires that the user
may only unmap fully contained mappings, ie. an unmap cannot intersect
or bisect a previous mapping, but may cover multiple mappings. QEMU
never made use of the sub-region v1 support anyway, so we can support
either v1 or v2. We'll favor v2 since it's newer.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
In the case of VFIO, the unrealize callback is too early to munmap the
BARs. The munmap must be delayed until memory accesses are complete.
To do this, split vfio_unmap_bars in two. The removal step, now called
vfio_unregister_bars, remains in vfio_exitfn. The reclamation step
is vfio_unmap_bars and is moved to the instance_finalize callback.
Similarly, quirk MemoryRegions have to be removed during
vfio_unregister_bars, but freeing the data structure must be delayed
to vfio_unmap_bars.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
In order to enable out-of-BQL address space lookup, destruction of
devices needs to be split in two phases.
Unrealize is the first phase; once it complete no new accesses will
be started, but there may still be pending memory accesses can still
be completed.
The second part is freeing the device, which only happens once all memory
accesses are complete. At this point the reference count has dropped to
zero, an RCU grace period must have completed (because the RCU-protected
FlatViews hold a reference to the device via memory_region_ref). This is
when instance_finalize is called.
Freeing data belongs in an instance_finalize callback, because the
dynamically allocated memory can still be used after unrealize by the
pending memory accesses.
This starts the process by creating an instance_finalize callback and
freeing most of the dynamically-allocated data in instance_finalize.
Because instance_finalize is also called on error paths or also when
the device is actually not realized, the common code needs some changes
to be ready for this. The error path in vfio_initfn can be simplified too.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Now that vfio_put_base_device is called unconditionally at instance_finalize
time, it can be called twice if vfio_populate_device fails. This works
but it is slightly harder to follow.
Change vfio_get_device to not touch the vbasedev struct until it will
definitely succeed, moving the vfio_populate_device call back to vfio-pci.
This way, vfio_put_base_device will only be called once.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
address_space_destroy_dispatch is called from an RCU callback and hence
outside the iothread mutex (BQL). However, after address_space_destroy
no new accesses can hit the destroyed AddressSpace so it is not necessary
to observe changes to the memory map. Move the memory_listener_unregister
call earlier, to make it thread-safe again.
Reported-by: Alex Williamson <alex.williamson@redhat.com>
Fixes: 374f2981d1
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Warning from the Sparse static analysis tool:
hw/char/virtio-serial-bus.c:31:3:
warning: symbol 'vserdevices' was not declared. Should it be static?
Cc: Amit Shah <amit.shah@redhat.com>
Cc: Anthony Liguori <aliguori@amazon.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Warning from the Sparse static analysis tool:
hw/display/vga.c:2012:26: warning:
symbol 'vmstate_vga_endian' was not declared. Should it be static?
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Warning from the Sparse static analysis tool:
stubs/qtest.c:14:6:
warning: symbol 'qtest_allowed' was not declared. Should it be static?
Add the missing include statement which declares qtest_allowed.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Warnings from the Sparse static analysis tool:
hw/char/serial.c:630:26: warning: symbol
'vmstate_serial_thr_ipending' was not declared. Should it be static?
hw/char/serial.c:646:26: warning: symbol
'vmstate_serial_tsr' was not declared. Should it be static?
hw/char/serial.c:665:26: warning: symbol
'vmstate_serial_recv_fifo' was not declared. Should it be static?
hw/char/serial.c:681:26: warning: symbol
'vmstate_serial_xmit_fifo' was not declared. Should it be static?
hw/char/serial.c:697:26: warning: symbol
'vmstate_serial_fifo_timeout_timer' was not declared. Should it be static?
hw/char/serial.c:713:26: warning: symbol
'vmstate_serial_timeout_ipending' was not declared. Should it be static?
hw/char/serial.c:729:26: warning: symbol
'vmstate_serial_poll' was not declared. Should it be static?
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Warning from the Sparse static analysis tool:
target-moxie/machine.c:4:26:
warning: symbol 'vmstate_moxie_cpu' was not declared. Should it be static?
machine.h includes the missing declaration.
Cc: Anthony Green <green@moxielogic.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Warnings from the Sparse static analysis tool:
migration-rdma.c:151:12: warning:
symbol 'wrid_desc' was not declared. Should it be static?
migration-rdma.c:190:12: warning:
symbol 'control_desc' was not declared. Should it be static?
migration-rdma.c:3301:19: warning:
symbol 'rdma_read_ops' was not declared. Should it be static?
migration-rdma.c:3308:19: warning:
symbol 'rdma_write_ops' was not declared. Should it be static?
Cc: Juan Quintela <quintela@redhat.com>
Cc: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Warning from the Sparse static analysis tool:
stubs/vmstate.c:4:26: warning:
symbol 'vmstate_dummy' was not declared. Should it be static?
Cc: Juan Quintela <quintela@redhat.com>
Cc: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Warning from the Sparse static analysis tool:
disas/sh4.c:335:22: warning:
symbol 'sh_table' was not declared. Should it be static?
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The USE_MMAP code can fail, and the caller handles the failure
already. Let the !USE_MMAP code fail as well, for consistency.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
It fixes the following error:
Traceback (most recent call last):
File "./scripts/analyze-migration.py", line 584, in <module>
dump.read(dump_memory = args.memory)
File "./scripts/analyze-migration.py", line 528, in read
self.sections[section_id].read()
File "./scripts/analyze-migration.py", line 250, in read
self.file.readvar(n_valid * HASH_PTE_SIZE_64)
NameError: global name 'HASH_PTE_SIZE_64' is not defined
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
uri_resolve_relative() calls strcmp(bas->path, ref->path). However,
either argument could be null! Evidence: the code checks for null
after the comparison. Spotted by Coverity.
I suspect this was screwed up when we stole the code from libxml2.
There the conditional reads
xmlStrEqual((xmlChar *)bas->path, (xmlChar *)ref->path)
with
int
xmlStrEqual(const xmlChar *str1, const xmlChar *str2) {
if (str1 == str2) return(1);
if (str1 == NULL) return(0);
if (str2 == NULL) return(0);
do {
if (*str1++ != *str2) return(0);
} while (*str2++);
return(1);
}
Fix by replicating libxml2's logic faithfully.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Spotted by Coverity with preview checker ALLOC_FREE_MISMATCH enabled
and my "coverity: Model g_free() isn't necessarily free()" model patch
applied.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Spotted by Coverity with preview checker ALLOC_FREE_MISMATCH enabled
and my "coverity: Model g_free() isn't necessarily free()" model patch
applied.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Spotted by Coverity with preview checker ALLOC_FREE_MISMATCH enabled
and my "coverity: Model g_free() isn't necessarily free()" model patch
applied.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
get_opt_value() takes a write-only buffer, so zeroing it is pointless.
We don't do it elsewhere, either.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Fix TARGET_SI_PAD_SIZE calculation to match the way the kernel does it.
Use different TARGET_SI_PREAMBLE_SIZE for 32-bit and 64-bit targets.
Signed-off-by: Maxim Ostapenko <m.ostapenko@partner.samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The size of the stack allocated host[] array didn't account for the
terminating '\0' byte that sscanf() writes. Fix the array size.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
valgrind complains about:
==42062== 16 bytes in 1 blocks are definitely lost in loss record 387 of 1,048
==42062== at 0x402DCB2: malloc (vg_replace_malloc.c:299)
==42062== by 0x40C1BE3: g_malloc (in /usr/lib64/libglib-2.0.so.0.3800.2)
==42062== by 0x40DA133: g_slice_alloc (in /usr/lib64/libglib-2.0.so.0.3800.2)
==42062== by 0x40DB2E5: g_slist_prepend (in /usr/lib64/libglib-2.0.so.0.3800.2)
==42062== by 0x801637FF: object_class_get_list_tramp (object.c:690)
==42062== by 0x40A96C9: g_hash_table_foreach (in /usr/lib64/libglib-2.0.so.0.3800.2)
==42062== by 0x80164885: object_class_foreach (object.c:665)
==42062== by 0x80164975: object_class_get_list (object.c:698)
==42062== by 0x800100A5: machine_parse (vl.c:2447)
==42062== by 0x800100A5: main (vl.c:3756)
Lets free machines in case of mc.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
bits is checked to be 128, 192 or 256 at the beginning of the function.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Coverity complains about not checking the returned value of mkstemp. While
at it, also improve error checking for snprintf, and refine error messages
in general.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Use MIN instead of an "if" statement. Move "tb" assignment where
the value is actually used.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
All uses of TB inside cpu_exec are dominated by "tb = tb_find_fast(env)",
and there are no uses after the switch statement. So the assignment
is dead, as reported by Coverity.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The logging of the CPU state during reset is done for all architectures
nowadays (see cpu_common_reset() in qom/cpu.c), so the "x86 only" text
does not apply here anymore.
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
In abi_long do_ioctl_dm(), after lock_user() call, the code does
not call unlock_user() before going to failure return in default case.
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
In main.c, all SIG* should be TARGET_SIG*, since the relevant functions
(queue_signal() and gdb_handlesig()) expect TARGET_SIG*.
The corresponding vi command is "1,$ s/\<SIG/TARGET_SIG/g".
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
When failure occurs during locking of vec[i], we also need to unlock all
already locked vec[i] in failure processing code block before return.
Code in unlock_user() checks vec[i].iov_base for NULL, so there's no
need not check it .
If error is EFAULT when "i == 0", vec[i].iov_base is NULL, we can just
skip it, so can still use "while (--i >= 0)" loop condition.
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
monitor_parse() desugars --monitor, --qmp and -qmp-pretty to --mon.
The ID it picks can clash with a user-specified ID. When it happens,
the error message is misleading.
Reproducer:
$ qemu --mon id=compat_monitor0 --monitor stdio
Message before the patch:
duplicate chardev: compat_monitor0
There's no "duplicate chardev" here. The problem is a duplicate
monitor ID. Moreover, the message provides no clue which option
caused the problem. The patch changes the message to:
qemu: --monitor stdio: Duplicate ID 'compat_monitor0' for mon
monitor_parse() is also used for creating a default monitor, but
that's not done when the user specifies a monitor, so an ID clash is
impossible then.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Add trace calls. Convert some #ifdef DEBUG printfs to trace.
Signed-off-by: Don Koch <dkoch@verizon.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit fecd264 added a number of fall-throughs, but neglected to
properly document them as intentional. Commit d922445 cleaned that up
for many, but not all cases. Take care of the remaining ones.
Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Block patches for 2.3
# gpg: Signature made Fri 06 Feb 2015 17:14:10 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
* remotes/kevin/tags/for-upstream: (47 commits)
block/raw-posix.c: Fix raw_getlength() on Mac OS X block devices
block: Eliminate silly QERR_ macros used for encryption keys
block: New bdrv_add_key(), convert monitor to use it
blockdev: Eliminate silly QERR_BLOCK_JOB_NOT_ACTIVE macro
blockdev: Give find_block_job() an Error ** parameter
qcow2: Rewrite qcow2_alloc_bytes()
block: Give always priority to unused entries in the qcow2 L2 cache
nbd: fix max_discard/max_transfer_length
block: introduce BDRV_REQUEST_MAX_SECTORS
nbd: Improve error messages
iotests: Fix 104 for NBD
iotests: Fix 100 for nbd
iotests: Fix 083
block: fix off-by-one error in qcow and qcow2
qemu-iotests: add 116 invalid QED input file tests
qed: check for header size overflow
block/dmg: improve zeroes handling
block/dmg: support bzip2 block entry types
block/dmg: factor out block type check
block/dmg: use SectorNumber from BLKX header
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch replaces the dummy code in raw_getlength() for block devices
on OS X, which always returned LLONG_MAX, with a real implementation
that returns the actual block device size.
Signed-off-by: John Arbuckle <programmingkidx@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* mreitz/block:
block: Eliminate silly QERR_ macros used for encryption keys
block: New bdrv_add_key(), convert monitor to use it
blockdev: Eliminate silly QERR_BLOCK_JOB_NOT_ACTIVE macro
blockdev: Give find_block_job() an Error ** parameter
The QERR_ macros are leftovers from the days of "rich" error objects.
They're used with error_set() and qerror_report(), and expand into the
first *two* arguments. This trickiness has become pointless. Clean
up QERR_DEVICE_ENCRYPTED and QERR_DEVICE_NOT_ENCRYPTED.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1422524221-8566-5-git-send-email-armbru@redhat.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
qcow2_alloc_bytes() is a function with insufficient error handling and
an unnecessary goto. This patch rewrites it.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The current algorithm to replace entries from the L2 cache gives
priority to newer hits by dividing the hit count of all existing
entries by two everytime there is a cache miss.
However, if there are several cache misses the hit count of the
existing entries can easily go down to 0. This will result in those
entries being replaced even when there are others that have never been
used.
This problem is more noticeable with larger disk images and cache
sizes, since the chances of having several misses before the cache is
full are higher.
If we make sure that the hit count can never go down to 0 again,
unused entries will always have priority.
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
nbd_co_discard calls nbd_client_session_co_discard which uses uint32_t
as the length in bytes of the data to discard due to the following
definition:
struct nbd_request {
uint32_t magic;
uint32_t type;
uint64_t handle;
uint64_t from;
uint32_t len; <-- the length of data to be discarded, in bytes
} QEMU_PACKED;
Thus we should limit bl_max_discard to UINT32_MAX >> BDRV_SECTOR_BITS to
avoid overflow.
NBD read/write code uses the same structure for transfers. Fix
max_transfer_length accordingly.
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Peter Lieven <pl@kamp.de>
CC: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
we check and adjust request sizes at several places with
sometimes inconsistent checks or default values:
INT_MAX
INT_MAX >> BDRV_SECTOR_BITS
UINT_MAX >> BDRV_SECTOR_BITS
SIZE_MAX >> BDRV_SECTOR_BITS
This patches introdocues a macro for the maximal allowed sectors
per request and uses it at several places.
Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This patch makes use of the Error object for nbd_receive_negotiate() so
that errors during negotiation look nicer.
Furthermore, this patch adds an additional error message if the received
magic was wrong, but would be correct for the other protocol version,
respectively: So if an export name was specified, but the NBD server
magic corresponds to an old handshake, this condition is explicitly
signaled to the user, and vice versa.
As these messages are now part of the "Could not open image" error
message, additional filtering has to be employed in iotest 083, which
this patch does as well.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
_make_test_img sets up an NBD server, _cleanup_test_img shuts it down;
thus, _cleanup_test_img has to be called before _make_test_img is
invoked another time.
Furthermore, the pipe through _filter_test_img was unnecessary;
_make_test_img already takes care of that.
And finally, a filter is added to _filter_img_info to replace
"nbd://127.0.0.1:10810" by "TEST_DIR/t.IMGFMT", since the former is the
way to express the full image path (normally the latter) for NBD tests.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
In case of NBD, _make_test_img starts a new NBD server. Therefore,
_cleanup_test_img (which shuts that server down) has to be invoked
before the next _make_test_img call in order to make 100 work for NBD.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
As of 8f9e835fd2, probing should be
disabled in the qemu-iotests (at least when using qemu-io). This broke
083's reference output (which consisted mostly of "Could not read image
for determining its format").
This patch fixes it.
Note that one case which failed before is now successful: Disconnect
after data. This is due to qemu having read twice before (once for
probing, once for the qemu-io read command), but only once now (the
qemu-io read command). Therefore, reading is successful (which is
correct).
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This fixes an off-by-one error introduced in 9a29e18. Both qcow and
qcow2 need to make sure to leave room for string terminator '\0' for
the backing file, so the max length of the non-terminated string is
either 1023 or PATH_MAX - 1.
Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Disk images may contain large all-zeroes gaps (1.66k sectors or 812 MiB
is seen in the real world). These blocks (type 2) do not need to be
extracted into a temporary buffer, there is no need to allocate memory
for these blocks nor to check its length.
(For the test image, the maximum uncompressed size is 1054371 bytes,
probably for a bzip2-compressed block.)
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1420566495-13284-13-git-send-email-peter@lekensteyn.nl
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This patch adds support for bzip2-compressed block entries as introduced
with OS X 10.4 (source: https://en.wikipedia.org/wiki/Apple_Disk_Image).
It was tested against a 5.2G "OS X Yosemite" installation image which
stores the BLXX block in the XML property list (instead of resource
forks) and has over 5k chunks.
New configure entries are added (--enable-bzip2 / --disable-bzip2) to
control inclusion of bzip2 functionality (which requires linking against
libbz2). The help message suggests that this option is needed for DMG
files, but the tests are generic enough that other parts of QEMU can use
bzip2 if needed.
The identifiers are based on http://newosxbook.com/DMG.html.
The decompression routines are based on the zlib case, but as there is
no way to reset the decompression state (unlike zlib), memory is
allocated and deallocated for every decompression. This should not be
problematic as the decompression takes most of the time and as blocks
are typically about/over 1 MiB in size, only one allocation is done
every 2000 sectors.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: John Snow <jsnow@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1420566495-13284-12-git-send-email-peter@lekensteyn.nl
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
In preparation for adding bzip2 support, split the type check into a
separate function. Make all offsets relative to the begin of a chunk
such that it is easier to recognize the position without having to
add up all offsets. Some comments are added to describe the fields.
There is no functional change.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1420566495-13284-11-git-send-email-peter@lekensteyn.nl
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Previously the sector table parsing relied on the previous offset of
the DMG file. Now it uses the sector number from the BLKX header
(see http://newosxbook.com/DMG.html).
The implementation of dmg2img (from vu1tur) does not base the output
sector on the location of the terminator (0xffffffff) either so it
should be safe to drop this dependency on the previous state.
(It makes somehow makes sense, a terminator should halt further
processing of a block and is perhaps used to preallocate some space.)
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1420566495-13284-10-git-send-email-peter@lekensteyn.nl
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This patch addresses two issues:
- The data fork offset was not taken into account, resulting in failure
to read an InstallESD.dmg file (5164763151 bytes) which had a
non-zero DataForkOffset field.
- The offset of the previous block ("partition") was unconditionally
added to the current block because older files would start the input
offset of a new block at zero. Newer files (including vlc-2.1.5.dmg,
tuxpaint-0.9.15-macosx.dmg and OS X Yosemite [MAS].dmg) failed in
reads because these files have chunk offsets, relative to the begin
of a data fork.
Now the data offset of the mish is taken into account. While we could
check that the data_offset is within the data fork, let's not do that
here as it would only result in parse failures on invalid files (rather
than gracefully handling such bad files). dmg_read will error out if
the offset is incorrect.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1420566495-13284-9-git-send-email-peter@lekensteyn.nl
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Right now the virtual size is always reported as zero which makes it
impossible to convert between formats.
After this patch, the number of sectors will be read from the trailer
("koly" block).
To verify the behavior, the output of `dmg2img foo.dmg foo.img` was
compared against `qemu-img convert -f dmg -O raw foo.dmg foo.raw`. The
tests showed that the file contents are exactly the same, except that
QEMU creates a slightly larger file (it matches the total sectors
count).
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1420566495-13284-8-git-send-email-peter@lekensteyn.nl
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The format is simple enough to avoid using a full-blown XML parser. It
assumes that all BLKX items begin with the "mish" magic word, therefore
it is not a problem if other values get matched which are not a BLKX
block.
The offsets are based on the description at
http://newosxbook.com/DMG.html
For compatibility with glib 2.12, use g_base64_decode (which
additionally requires an extra buffer allocation) instead of
g_base64_decode_inplace (which is only available since glib 2.20).
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1420566495-13284-7-git-send-email-peter@lekensteyn.nl
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Besides the offset, also read the resource length. This length is now
used in the extracted function to verify the end of the resource fork
against "count" from the resource fork.
Instead of relying on the value of offset to conclude whether the
resource fork is available or not (info_begin==0), check the
rsrc_fork_length instead. This would allow a dmg file to begin with a
resource fork. This seemingly unnecessary restriction was found while
trying to craft a DMG file by hand.
Other changes:
- Do not require resource data offset to be 0x100 (but check that it
is within bounds though).
- Further improve boundary checking (resource data must be within
the resource fork).
- Use correct value for resource data length (spotted by John Snow)
- Consider the resource data offset when determining info_end.
This fixes an EINVAL on the tuxpaint dmg example.
The resource fork format is documented at
https://developer.apple.com/legacy/library/documentation/mac/pdf/MoreMacintoshToolbox.pdf#page=151
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 1420566495-13284-4-git-send-email-peter@lekensteyn.nl
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Extract the mish block decoder such that this can be used for other
formats in the future. A new DmgHeaderState struct is introduced to
share state while decoding.
The code is kept unchanged as much as possible, a "fail" label is added
for example where a simple return would probably do. In dmg_open, the
variable "tmp" is renamed to "rsrc_data_offset" for clarity and comments
have been added explaining various data.
Note that this patch has one subtle difference with the previous
version which should not affect functionality. In the previous code,
the end of a resource was inferred from the mish block (the offsets
would be increased by the fields). In this patch, the resource length
is used instead to avoid the need to rely on the previous offsets.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1420566495-13284-3-git-send-email-peter@lekensteyn.nl
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
DMG files have a variable length with a UDIF trailer at the end of a
file. This UDIF trailer is essential as it describes the contents of
the image. At the moment however, the start of this trailer is almost
always incorrect as bdrv_getlength() returns a multiple of the block
size (rounded up). This results in a failure to recognize DMG files,
resulting in Invalid argument (EINVAL) errors.
As there is no API to retrieve the real file size, look for the magic
header in the last two sectors to find the start of this 512-byte UDIF
trailer (the "koly" block).
The resource fork offset ("info_begin") has its offset adjusted as the
initial value of offset does not mean "end of file" anymore, but "begin
of UDIF trailer".
[Replaced error_set(errp, ERROR_CLASS_GENERIC_ERROR, ...) with
error_setg(errp, ...) as discussed with Peter.
--Stefan]
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1420566495-13284-2-git-send-email-peter@lekensteyn.nl
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Managing applications, like oVirt (http://www.ovirt.org), make extensive
use of thin-provisioned disk images.
To let the guest run smoothly and be not unnecessarily paused, oVirt sets
a disk usage threshold (so called 'high water mark') based on the occupation
of the device, and automatically extends the image once the threshold
is reached or exceeded.
In order to detect the crossing of the threshold, oVirt has no choice but
aggressively polling the QEMU monitor using the query-blockstats command.
This lead to unnecessary system load, and is made even worse under scale:
deployments with hundreds of VMs are no longer rare.
To fix this, this patch adds:
* A new monitor command `block-set-write-threshold', to set a mark for
a given block device.
* A new event `BLOCK_WRITE_THRESHOLD', to report if a block device
usage exceeds the threshold.
* A new `write_threshold' field into the `BlockDeviceInfo' structure,
to report the configured threshold.
This will allow the managing application to use smarter and more
efficient monitoring, greatly reducing the need of polling.
[Updated qemu-iotests 067 output to add the new 'write_threshold'
property. --Stefan]
[Changed g_assert_false() to !g_assert() to fix the build on older glib
versions. --Kevin]
Signed-off-by: Francesco Romani <fromani@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1421068273-692-1-git-send-email-fromani@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This patch is necessary to suppress the "probed raw" warning when
running raw over nbd tests.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
There is a bug in the recently added sys.platform test, and we no longer
run python tests, because "linux2" is the value to compare here. So do a
prefix match. According to python doc [1], the way to use sys.platform
is "unless you want to test for a specific system version, it is
therefore recommended to use the following idiom":
if sys.platform.startswith('freebsd'):
# FreeBSD-specific code here...
elif sys.platform.startswith('linux'):
# Linux-specific code here...
[1]: https://docs.python.org/2.7/library/sys.html#sys.platform
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
this adds a knob to disable request merging for debugging or benchmarks if dedired.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
this patch finally introduces multiread support to virtio-blk. While
multiwrite support was there for a long time, read support was missing.
The complete merge logic is moved into virtio-blk.c which has
been the only user of request merging ever since. This is required
to be able to merge chunks of requests and immediately invoke callbacks
for those requests. Secondly, this is required to switch to
direct invocation of coroutines which is planned at a later stage.
The following benchmarks show the performance of running fio with
4 worker threads on a local ram disk. The numbers show the average
of 10 test runs after 1 run as warmup phase.
| 4k | 64k | 4k
MB/s | rd seq | rd rand | rd seq | rd rand | wr seq | wr rand
--------------+--------+---------+--------+---------+--------+--------
master | 1221 | 1187 | 4178 | 4114 | 1745 | 1213
multiread | 1829 | 1189 | 4639 | 4110 | 1894 | 1216
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
As it was not obvious (at least for me) where the 32 comes from;
add a constant for it.
Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The commit 533ffb17a that removed qed_aiocb_info.cancel said to remove
this but didn't do it.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
do not trim requests if the driver does not supply a limit
through BlockLimits. For write zeroes we still keep a limit
for the unsupported path to avoid allocating a big bounce buffer.
Suggested-by: Kevin Wolf <kwolf@redhat.com>
Suggested-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This sequence works efficiently if FALLOC_FL_ZERO_RANGE is not supported.
Unfortunately, FALLOC_FL_ZERO_RANGE is supported on really modern systems
and only for a couple of filesystems. FALLOC_FL_PUNCH_HOLE is much more
mature.
The sequence of 2 operations FALLOC_FL_PUNCH_HOLE and 0 is necessary due
to the following reasons:
- FALLOC_FL_PUNCH_HOLE creates a hole in the file, the file becomes
sparse. In order to retain original functionality we must allocate
disk space afterwards. This is done using fallocate(0) call
- fallocate(0) without preceeding FALLOC_FL_PUNCH_HOLE will do nothing
if called above already allocated areas of the file, i.e. the content
will not be zeroed
This should increase the performance a bit for not-so-modern kernels.
CC: Max Reitz <mreitz@redhat.com>
CC: Kevin Wolf <kwolf@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
CC: Peter Lieven <pl@kamp.de>
CC: Fam Zheng <famz@redhat.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
There is a possibility that we are extending our image and thus writing
zeroes beyond the end of the file. In this case we do not need to care
about the hole to make sure that there is no data in the file under
this offset (pre-condition to fallocate(0) to work). We could simply call
fallocate(0).
This improves the performance of writing zeroes even on really old
platforms which do not have even FALLOC_FL_PUNCH_HOLE.
Before the patch do_fallocate was used when either
CONFIG_FALLOCATE_PUNCH_HOLE or CONFIG_FALLOCATE_ZERO_RANGE are defined.
Now the story is different. CONFIG_FALLOCATE is defined when Linux
fallocate is defined, posix_fallocate is completely different story
(CONFIG_POSIX_FALLOCATE). CONFIG_FALLOCATE is mandatory prerequite
for both CONFIG_FALLOCATE_PUNCH_HOLE and CONFIG_FALLOCATE_ZERO_RANGE
thus we are on the safe side.
CC: Max Reitz <mreitz@redhat.com>
CC: Kevin Wolf <kwolf@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
CC: Peter Lieven <pl@kamp.de>
CC: Fam Zheng <famz@redhat.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This efficiently writes zeroes on Linux if the kernel is capable enough.
FALLOC_FL_ZERO_RANGE correctly handles all cases, including and not
including file expansion.
CC: Kevin Wolf <kwolf@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
CC: Peter Lieven <pl@kamp.de>
CC: Fam Zheng <famz@redhat.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
move code dealing with a block device to a separate function. This will
allow to implement additional processing for ordinary files.
Please note, that xfs_code has been moved before checking for
s->has_write_zeroes as xfs_write_zeroes does not touch this flag inside.
This makes code a bit more consistent.
CC: Kevin Wolf <kwolf@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
CC: Peter Lieven <pl@kamp.de>
CC: Fam Zheng <famz@redhat.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The pattern
do {
if (fallocate(s->fd, mode, offset, len) == 0) {
return 0;
}
} while (errno == EINTR);
ret = translate_err(-errno);
will be commonly useful in next patches. Create helper for it.
CC: Kevin Wolf <kwolf@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
CC: Peter Lieven <pl@kamp.de>
CC: Fam Zheng <famz@redhat.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
actually the code
if (ret == -ENODEV || ret == -ENOSYS || ret == -EOPNOTSUPP ||
ret == -ENOTTY) {
ret = -ENOTSUP;
}
is present twice and will be added a couple more times. Create helper
for this.
CC: Kevin Wolf <kwolf@redhat.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
CC: Peter Lieven <pl@kamp.de>
CC: Fam Zheng <famz@redhat.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(With the previous atapi_dma flag recovery)
If migration happens between the ATAPI command being written and the
bmdma being started, the DMA is dropped. Eventually the guest times
out and recovers, but that can take many seconds.
(This is rare, on a pingpong reading the CD continuously I hit
this about ~1/30-1/50 migrates)
I don't think we've got enough state to be able to recover safely
at this point, so I throw a 'medium error, no seek complete'
that I'm assuming guests will try and recover from an apparently
dirty CD.
OK, it's a hack, the real solution is probably to push a lot of
ATAPI state into the migration stream, but this is a fix that
works with no stream changes. Tested only on Linux (both RHEL5
(pre-libata) and RHEL7).
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
If a migration happens just after the guest has kicked
off an ATAPI command and kicked off DMA, we lose the atapi_dma
flag, and the destination tries to complete the command as PIO
rather than DMA. This upsets Linux; modern libata based kernels
stumble and recover OK, older kernels end up passing bad data
to userspace.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Expand out STATUS_PARAM wherever it is used and delete the definition.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
# gpg: Signature made Fri 06 Feb 2015 14:10:40 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/net-pull-request:
monitor: more accurate completion for host_net_remove()
net: del hub port when peer is deleted
net: remove the wrong comment in net_init_hubport()
monitor: print hub port name during info network
rtl8139: simplify timer logic
MAINTAINERS: add Jason Wang as net subsystem maintainer
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Pavel Dovgalyuk reports that TimerExpire and the timer are not restored
correctly on the receiving end of migration.
It is not clear to me whether this is really the case, but we can take
the occasion to get rid of the complicated code that computes PCSTimeout
on the fly upon changes to IntrStatus/IntrMask. Just always keep a
timer running, it will fire every ~130 seconds at most if the interrupt
is masked with TimerInt != 0.
This makes rtl8139_set_next_tctr_time idempotent (when the virtual clock
is stopped between two calls, as is the case during migration).
Tested with Frediano's qtest.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421765099-26190-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
# gpg: Signature made Fri 06 Feb 2015 13:45:06 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/tracing-pull-request:
trace: Print PID and time in stderr traces
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When debugging migration it's useful to know the PID of
each trace message so you can figure out if it came from the source
or the destination.
Printing the time makes it easy to do latency measurements or timings
between trace points.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 1421746875-9962-1-git-send-email-dgilbert@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
migration/next for 20150205
# gpg: Signature made Thu 05 Feb 2015 16:17:08 GMT using RSA key ID 5872D723
# gpg: Can't check signature: public key not found
* remotes/juanquintela/tags/migration/20150205:
fix mc146818rtc wrong subsection name to avoid vmstate_subsection_load() fail
Tracify migration/rdma.c
Add migration stream analyzation script
migration: Append JSON description of migration stream
qemu-file: Add fast ftell code path
QJSON: Add JSON writer
Print errors in some of the early migration failure cases.
Migration: Add lots of trace events
savevm: Convert fprintf to error_report
vmstate-static-checker: update whitelist
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
coverity: Improve and extend model
# gpg: Signature made Thu 05 Feb 2015 16:20:49 GMT using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>"
* remotes/armbru/tags/pull-cov-model-2015-02-05:
MAINTAINERS: Add myself as Coverity model maintainer
coverity: Model g_free() isn't necessarily free()
coverity: Model GLib string allocation partially
coverity: Improve model for GLib memory allocation
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
fix mc146818rtc wrong subsection name to avoid vmstate_subsection_load() fail
during incoming migration or loadvm.
Signed-off-by: Zhang Haoyu <zhanghy@sangfor.com.cn>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Turn all the D/DD/DDDPRINTFs into trace events
Turn most of the fprintf(stderr, into error_report
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
This patch adds a python tool to the scripts directory that can read
a dumped migration stream if it contains the JSON description of the
device states. I constructs a human readable JSON stream out of it.
It's very simple to use:
$ qemu-system-x86_64
(qemu) migrate "exec:cat > mig"
$ ./scripts/analyze_migration.py -f mig
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
One of the annoyances of the current migration format is the fact that
it's not self-describing. In fact, it's not properly describing at all.
Some code randomly scattered throughout QEMU elaborates roughly how to
read and write a stream of bytes.
We discussed an idea during KVM Forum 2013 to add a JSON description of
the migration protocol itself to the migration stream. This patch
adds a section after the VM_END migration end marker that contains
description data on what the device sections of the stream are composed of.
This approach is backwards compatible with any QEMU version reading the
stream, because QEMU just stops reading after the VM_END marker and ignores
any data following it.
With an additional external program this allows us to decipher the
contents of any migration stream and hopefully make migration bugs easier
to track down.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
For ftell we flush the output buffer to ensure that we don't have anything
lingering in our internal buffers. This is a very safe thing to do.
However, with the dynamic size measurement that the dynamic vmstate
description will bring this would turn out quite slow.
Instead, we can fast path this specific measurement and just take the
internal buffers into account when telling the kernel our position.
I'm sure I overlooked some corner cases where this doesn't work, so
instead of tuning the safe, existing version, this patch adds a fast
variant of ftell that gets used by the dynamic vmstate description code
which isn't critical when it fails.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
To support programmatic JSON assembly while keeping the code that generates it
readable, this patch introduces a simple JSON writer. It emits JSON serially
into a buffer in memory.
The nice thing about this writer is its simplicity and low memory overhead.
Unlike the QMP JSON writer, this one does not need to spawn QObjects for every
element it wants to represent.
This is a prerequisite for the migration stream format description generator.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Mostly on the load side, so that when we get a complaint about
a migration failure we can figure out what it didn't like.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Commit 22382bb96c renamed the
'hw_cursor_x' and 'hw_cursor_y' fields in cirrus_vga. Update the static
checker's whitelist to allow matching against the old and new names.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Memory allocated with GLib needs to be freed with GLib. Freeing it
with free() instead of g_free() is a common error. Harmless when
g_free() is a trivial wrapper around free(), which is commonly the
case. But model the difference anyway.
In a local scan, this flags four ALLOC_FREE_MISMATCH. Requires
--enable ALLOC_FREE_MISMATCH, because the checker is still preview.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Without a model, Coverity can't know that the result of g_strdup()
needs to be fed to g_free().
One way to get such a model is to scan GLib, build a derived model
file with cov-collect-models, and use that when scanning QEMU.
Unfortunately, the Coverity Scan service we use doesn't support that.
Thus, we're stuck with the other way: write a user model. Doing that
for all of GLib is hardly practical. I'm doing it for the "String
Utility Functions" we actually use that return dynamically allocated
strings.
In a local scan, this flags 20 additional RESOURCE_LEAKs. The ones I
checked look genuine.
It also loses a NULL_RETURNS about ppce500_init() using
qemu_find_file() without error checking. I don't understand why.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
In current versions of GLib, g_new() may expand into g_malloc_n().
When it does, Coverity can't see the memory allocation, because we
don't model g_malloc_n(). Similarly for g_new0(), g_renew(),
g_try_new(), g_try_new0(), g_try_renew().
Model g_malloc_n(), g_malloc0_n(), g_realloc_n(). Model
g_try_malloc_n(), g_try_malloc0_n(), g_try_realloc_n() by adding
indeterminate out of memory conditions on top.
To avoid undue duplication, replace the existing models for g_malloc()
& friends by trivial wrappers around g_malloc_n() & friends.
In a local scan, this flags four additional RESOURCE_LEAKs and one
NULL_RETURNS.
The NULL_RETURNS is a false positive: Coverity can now see that
g_try_malloc(l1_sz * sizeof(uint64_t)) in
qcow2_check_metadata_overlap() may return NULL, but is too stupid to
recognize that a loop executing l1_sz times won't be entered then.
Three out of the four RESOURCE_LEAKs appear genuine. The false
positive is in ppce500_prep_device_tree(): the pointer dies, but a
pointer to a struct member escapes, and we get the pointer back for
freeing with container_of(). Too funky for Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
target-arm queue:
* refactor/clean up armv7m_init()
* some initial cleanup in the direction of supporting 64-bit EL3
* fix broken synchronization of registers between QEMU and KVM
for 32-bit ARM hosts (which among other things broke memory
access via gdbstub)
* fix flush-to-zero handling in FMULX, FRECPS, FRSQRTS and FRECPE
* don't crash QEMU for UNPREDICTABLE BFI insns in A32 encoding
* explain why virt board's device-to-transport mapping code is
the way it is
* implement mmu_idx values which match the architectural
distinctions, and introduce the concept of a translation
regime to get_phys_addr() rather than incorrectly looking
at the current CPU state
* update to upstream VIXL 1.7 (gives us correct code addresses
when dissassembling pc-relative references)
* sync system register state between KVM and QEMU for 64-bit ARM
* support virtio on big-endian guests by implementing the
"which endian is the guest now?" CPU method
# gpg: Signature made Thu 05 Feb 2015 14:02:16 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20150205: (28 commits)
target-arm: fix for exponent comparison in recpe_f64
target-arm: Guest cpu endianness determination for virtio KVM ARM/ARM64
target-arm: KVM64: Get and Sync up guest register state like kvm32.
disas/arm-a64.cc: Tell libvixl correct code addresses
disas/libvixl: Update to upstream VIXL 1.7
target-arm: Fix brace style in reindented code
target-arm: Reindent ancient page-table-walk code
target-arm: Use mmu_idx in get_phys_addr()
target-arm: Pass mmu_idx to get_phys_addr()
target-arm: Split AArch64 cases out of ats_write()
target-arm: Don't define any MMU_MODE*_SUFFIXes
target-arm: Use correct mmu_idx for unprivileged loads and stores
target-arm: Define correct mmu_idx values and pass them in TB flags
target-arm/translate-a64: Fix wrong mmu_idx usage for LDT/STT
target-arm: Make arm_current_el() return sensible values for M profile
cpu_ldst.h: Allow NB_MMU_MODES to be 7
hw/arm/virt: explain device-to-transport mapping in create_virtio_devices()
target-arm: check that LSB <= MSB in BFI instruction
target-arm: Squash input denormals in FRECPS and FRSQRTS
Fix FMULX not squashing denormalized inputs when FZ is set.
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
f64 exponent in HELPER(recpe_f64) should be compared to 2045 rather than 1023
(FPRecipEstimate in ARMV8 spec). This fixes incorrect underflow handling when
flushing denormals to zero in the FRECPE instructions operating on 64-bit
values.
Signed-off-by: Ildar Isaev <ild@inbox.ru>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch implements a fucntion pointer "virtio_is_big_endian"
from "CPUClass" structure for arm/arm64.
Function arm_cpu_is_big_endian() is added to determine and
return the guest cpu endianness to virtio.
This is required for running cross endian guests with virtio on ARM/ARM64.
Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>
Message-id: 1423130382-18640-3-git-send-email-pranavkumar@linaro.org
[PMM: check CPSR_E in env->cpsr_uncached, not env->pstate.]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This patch adds:
1. Call write_kvmstate_to_list() and write_list_to_cpustate()
in kvm_arch_get_registers() to sync guest register state.
2. Call write_list_to_kvmstate() in kvm_arch_put_registers()
to sync guest register state.
These changes are already there for kvm32 in target-arm/kvm32.c.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>
Message-id: 1423130382-18640-2-git-send-email-pranavkumar@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
disassembling relative branches in code which doesn't reside at
what the guest CPU would think its execution address is. Use
the new MapCodeAddress() API to tell libvixl where the code is
from the guest CPU's point of view so it can get the target
addresses right.
Previous disassembly:
0x0000000040000000: 580000c0 ldr x0, pc+24 (addr 0x7f6cb7020434)
0x0000000040000004: aa1f03e1 mov x1, xzr
0x0000000040000008: aa1f03e2 mov x2, xzr
0x000000004000000c: aa1f03e3 mov x3, xzr
0x0000000040000010: 58000084 ldr x4, pc+16 (addr 0x7f6cb702042c)
0x0000000040000014: d61f0080 br x4
Fixed disassembly:
0x0000000040000000: 580000c0 ldr x0, pc+24 (addr 0x40000018)
0x0000000040000004: aa1f03e1 mov x1, xzr
0x0000000040000008: aa1f03e2 mov x2, xzr
0x000000004000000c: aa1f03e3 mov x3, xzr
0x0000000040000010: 58000084 ldr x4, pc+16 (addr 0x40000020)
0x0000000040000014: d61f0080 br x4
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1422274779-13359-3-git-send-email-peter.maydell@linaro.org
A few of the oldest parts of the page-table-walk code have broken indent
(either hardcoded tabs or two-spaces). Reindent these sections.
For ease of review, this patch does not touch the brace style and
so is a whitespace-only change.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Now we have the mmu_idx in get_phys_addr(), use it correctly to
determine the behaviour of virtual to physical address translations,
rather than using just an is_user flag and the current CPU state.
Some TODO comments have been added to indicate where changes will
need to be made to add EL2 and 64-bit EL3 support.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Make all the callers of get_phys_addr() pass it the correct
mmu_idx rather than just a simple "is_user" flag. This includes
properly decoding the AT/ATS system instructions; we include the
logic for handling all the opc1/opc2 cases because we'll need
them later for supporting EL2/EL3, even if we don't have the
regdef stanzas yet.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Instead of simply reusing ats_write() as the handler for both AArch32
and AArch64 address translation operations, use a different function
for each with the common code in a third function. This is necessary
because the semantics for selecting the right translation regime are
different; we are only getting away with sharing currently because
we don't support EL2 and only support EL3 in AArch32.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
target-arm doesn't use any of the MMU-mode specific cpu ldst
accessor functions. Suppress their generation by not defining
any of the MMU_MODE*_SUFFIX macros. ("user" and "kernel" are
too simplistic as descriptions of indexes 0 and 1 anyway.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
The MMU index to use for unprivileged loads and stores is more
complicated than we currently implement:
* for A64, it should be "if at EL1, access as if EL0; otherwise
access at current EL"
* for A32/T32, it should be "if EL2, UNPREDICTABLE; otherwise
access as if at EL0".
In both cases, if we want to make the access for Secure EL0
this is not the same mmu_idx as for Non-Secure EL0.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
We currently claim that for ARM the mmu_idx should simply be the current
exception level. However this isn't actually correct -- secure EL0 and EL1
should have separate indexes from non-secure EL0 and EL1 since their
VA->PA mappings may differ. We also will want an index for stage 2
translations when we properly support EL2.
Define and document all seven mmu index values that we require, and
pass the mmu index in the TB flags rather than exception level or
priv/user bit.
This change doesn't update the get_phys_addr() code, so our page
table walking still assumes a simplistic "user or priv?" model for
the moment.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
---
This leaves some odd gaps in the TB flags usage. I will circle
back and clean this up later (including moving the other common
flags like the singlestep ones to the top of the flags word),
but I didn't want to bloat this patchseries further.
The LDT/STT (load/store unprivileged) instruction decode was using
the wrong MMU index value. This meant that instead of these insns
being "always access as if user-mode regardless of current privilege"
they were "always access as if kernel-mode regardless of current
privilege". This went unnoticed because AArch64 Linux doesn't use
these instructions.
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
---
I'm not counting this as a security issue because I'm assuming
nobody treats TCG guests as a security boundary (certainly I
would not recommend doing so...)
Although M profile doesn't have the same concept of exception level
as A profile, it does have a notion of privileged versus not, which
we currently track in the privmode TB flag. Support returning this
information if arm_current_el() is called on an M profile core, so
that we can identify the correct MMU index to use (and put the MMU
index in the TB flags) without having to special-case M profile.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Support guest CPUs which need 7 MMU index values.
Add a comment about what would be required to raise the limit
further (trivial for 8, TCG backend rework for 9 or more).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
The documentation states that if LSB > MSB in BFI instruction behaviour
is unpredictable. Currently QEMU crashes because of assertion failure in
this case:
tcg/tcg-op.h:2061: tcg_gen_deposit_i32: Assertion `len <= 32' failed.
While assertion failure may meet the "unpredictable" definition this
behaviour is undesirable because it allows an unprivileged guest program
to crash the emulator with the OS and other programs.
This patch addresses the issue by throwing illegal instruction exception
if LSB > MSB. Only ARM decoder is affected because Thumb decoder already
has this check in place.
To reproduce issue run the following program
int main(void) {
asm volatile (".long 0x07c00c12" :: );
return 0;
}
compiled with
gcc -marm -static badop_arm.c -o badop_arm
Signed-off-by: Kirill Batuzov <batuzovk@ispras.ru>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The helper functions for FRECPS and FRSQRTS have special case
handling that includes checks for zero inputs, so squash input
denormals if necessary before those checks. This fixes incorrect
output when the FPCR DZ bit is set to enable squashing of input
denormals.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com>
While FMULX returns a 2.0f float when two operators are infinity and
zero, those operators should be unpacked from raw inputs first. Inconsistent
cases would occur when operators are denormalized floats in flush-to-zero
mode. A wrong codepath will be entered and 2.0f will not be returned
without this patch.
Fix by checking whether inputs need to be flushed before running into
different codepaths.
Signed-off-by: Xiangyu Hu <libhu.so@gmail.com>
Message-id: 1422459650-12490-1-git-send-email-libhu.so@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add assertion checking when cpreg structures are registered that they
either forbid raw-access attempts or at least make an attempt at
handling them. Also add an assert in the raw-accessor-of-last-resort,
to avoid silently doing a read or write from offset zero, which is
actually AArch32 CPU register r0.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1422282372-13735-3-git-send-email-peter.maydell@linaro.org
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
We currently mark ARM coprocessor/system register definitions with
the flag ARM_CP_NO_MIGRATE for two different reasons:
1) register is an alias on to state that's also visible via
some other register, and that other register is the one
responsible for migrating the state
2) register is not actually state at all (for instance the TLB
or cache maintenance operation "registers") and it makes no
sense to attempt to migrate it or otherwise access the raw state
This works fine for identifying which registers should be ignored
when performing migration, but we also use the same functions for
synchronizing system register state between QEMU and the kernel
when using KVM. In this case we don't want to try to sync state
into registers in category 2, but we do want to sync into registers
in category 1, because the kernel might have picked a different
one of the aliases as its choice for which one to expose for
migration. (In particular, on 32 bit hosts the kernel will
expose the state in the AArch32 version of the register, but
TCG's convention is to mark the AArch64 version as the version
to migrate, even if the CPU being emulated happens to be 32 bit,
so almost all system registers will hit this issue now that we've
added AArch64 system emulation.)
Fix this by splitting the NO_MIGRATE flag in two (ALIAS and NO_RAW)
corresponding to the two different reasons we might not want to
migrate a register. When setting up the TCG list of registers to
migrate we honour both flags; when populating the list from KVM,
only ignore registers which are NO_RAW.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Bellows <greg.bellows@linaro.org>
Message-id: 1422282372-13735-2-git-send-email-peter.maydell@linaro.org
[PMM: changed ARM_CP_NO_MIGRATE to ARM_CP_ALIAS on new SP_EL1 and
SP_EL2 reginfo stanzas since there was a (semantic) merge conflict
with the patchset that added those]
qmp hmp balloon: Cleanups around error reporting
# gpg: Signature made Thu 05 Feb 2015 07:15:11 GMT using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>"
* remotes/armbru/tags/pull-error-2015-02-05:
balloon: Eliminate silly QERR_ macros
balloon: Factor out common "is balloon active" test
balloon: Inline qemu_balloon(), qemu_balloon_status()
qmp: Eliminate silly QERR_COMMAND_NOT_FOUND macro
qmp: Simplify recognition of capability negotiation command
qmp: Clean up qmp_query_spice() #ifndef !CONFIG_SPICE dummy
hmp: Compile hmp_info_spice() only with CONFIG_SPICE
qmp hmp: Improve error messages when SPICE is not in use
qmp hmp: Factor out common "using spice" test
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Jason Wang will be co-maintaining the QEMU net subsystem with me. He
has contributed improvements and reviewed patches over the past years as
part of working on virtio-net and virtualized networking.
Jason has already been backing me up with patch reviews. For the time
being I will continue to submit pull requests.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Commit d8d9581460 added explicit object_unparent() calls for
dynamically allocated MemoryRegions. The VFIOMSIXInfo structure also
contains such a MemoryRegion, covering the mmap'd region of a PCI BAR
above the MSI-X table. This structure is freed as part of the class
exit function and therefore also needs an explicit object_unparent().
Failing to do this results in random segfaults due to fields within
the structure, often the class pointer, being reclaimed and corrupted
by the time object_finalize_child_property() is called for the object.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-stable@nongnu.org # 2.2
This patch fixes the bug with borrow_in being set incorrectly, but it
also simplifies the logic to be much more plain, improving speed. It
fixes both the 32-bit SLB* and 64-bit SLBG*.
The SLBG* change has been well-tested. I haven't tested the SLB* change
explicitly, but the code was copy-pasted from the tested code.
The error of these functions' current implementations would not likely
be triggered by compiler-generated code, since the only error was in the
state of the carry/borrow flag. Compilers rarely generate an
instruction sequence such as carry-set -> carry-set-and-use ->
carry-use.
(With Paolo's fix and mine, there are still a couple of failures from
GMP's testsuite, but they are almost surely due to incorrect code
generation from gcc 4.9. But since this gcc is running under qemu, it
might be qemu bugs. I intend to investigate this.)
Signed-off-by: Torbjorn Granlund <torbjorng@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
The variables s390_opformats and s390_num_opformats are unused and
provoke clang warnings:
disas/s390.c:849:33: warning: variable 's390_opformats' is not needed and will not be emitted [-Wunneeded-internal-declaration]
static const struct s390_opcode s390_opformats[] =
^
disas/s390.c:875:18: warning: unused variable 's390_num_opformats' [-Wunused-const-variable]
static const int s390_num_opformats =
^
Delete them, since QEMU doesn't use them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1419373100-17690-3-git-send-email-peter.maydell@linaro.org
Signed-off-by: Richard Henderson <rth@twiddle.net>
The function check_privileged() is only used in the softmmu configs;
wrap it in an #ifndef CONFIG_USER_ONLY to avoid clang warnings on the
linux-user builds.
[rth: Remove inline marker too; it was only there to prevent exactly
this warning in GCC.]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1419373100-17690-2-git-send-email-peter.maydell@linaro.org
Signed-off-by: Richard Henderson <rth@twiddle.net>
The implementation had been incomplete, as we did not store the
machine type. Note that the machine_type member is still unset
during initialization, so this has no effect yet.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Some bugfixes and cleanups for s390x, both in the new pci code and
in old code.
# gpg: Signature made Tue 03 Feb 2015 13:01:04 GMT using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
* remotes/cohuck/tags/s390x-20150203:
pc-bios/s390-ccw: update binary
pc-bios/s390-ccw: fix sparse warnings
s390x/ipl: Improved code indentation in s390_ipl_init()
s390x/kvm: unknown DIAGNOSE code should give a specification exception
s390x/kvm: Fix diag-308 register decoding
s390x/pci: fix dma notifications in rpcit instruction
s390x/pci: check for invalid function handle
s390x/pci: avoid sign extension in stpcifc
s390: Plug memory leak on s390_pci_generate_event() error path
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
As described in CP programming services an unimplemented DIAGNOSE
function should return a specification exception. Today we give the
guest an operation exception.
As both exception types are suppressing and Linux as a guest does not
care about the type of program check in its exception table handler
as long as both types have the same kind of error handling (nullifying,
terminating, suppressing etc.) this was unnoticed.
Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
The virtual I/O address range passed to rpcit instruction might not
map to consecutive physical guest pages. For this we have to translate
and create mapping notifications for each vioa page separately.
Signed-off-by: Yi Min Zhao <zyimin@cn.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
broken guest may provide 0 (invalid) function handle to zpci
instructions. Since we use function handle 0 to indicate an empty
slot in the PHB we have to add an additional check to spot this
kind of error.
Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
This patch avoids sign extension and fixes a data conversion
bug in stpcifc. Both issues where found by Coverity.
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
The important bits here are the first part of RCU.
v1->v2 changes are the new qemu-thread patch to fix Mac OS X,
and cleaning up warnings.
v2->v3 removed the patch to enable modules by default.
# gpg: Signature made Mon 02 Feb 2015 19:28:03 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
scsi: Fix scsi_req_cancel_async for no aiocb req
cpu-exec: simplify init_delay_params
cpu-exec: simplify align_clocks
memory: avoid ref/unref in memory_region_find
memory: protect current_map by RCU
memory: remove assertion on memory_region_destroy
rcu: add call_rcu
rcu: allow nesting of rcu_read_lock/rcu_read_unlock
rcu: add rcutorture
rcu: add rcu library
qemu-thread: fix qemu_event without futexes
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
scsi_req_cancel_complete is responsible for releasing the request, so we
shouldn't skip it in any case. This doesn't affect the only existing
caller, virtio-scsi, but is useful for other devices once they use it.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
With the introduction of QEMU_CLOCK_VIRTUAL_RT, the computation of
sc->diff_clk can be simplified nicely:
qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) -
qemu_clock_get_ns(QEMU_CLOCK_REALTIME) +
cpu_get_clock_offset()
= qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) -
(qemu_clock_get_ns(QEMU_CLOCK_REALTIME) - cpu_get_clock_offset())
= qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) -
(qemu_clock_get_ns(QEMU_CLOCK_REALTIME) + timers_state.cpu_clock_offset)
= qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) -
qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL_RT)
Cc: Sebastian Tanase <sebastian.tanase@openwide.fr>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
sc->diff_clk is already equal to sleep_delay (split in a second and a
nanosecond part). If you subtract sleep_delay - rem_delay, the result
is exactly rem_delay.
Cc: Sebastian Tanase <sebastian.tanase@openwide.fr>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Do the entire lookup under RCU, which avoids atomic operations
in flatview_ref and flatview_unref.
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Replace the flat_view_mutex with RCU, avoiding futex contention for
dataplane on large systems and many iothreads.
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Now that memory_region_destroy can be called from an RCU callback,
checking the BQL-protected global memory_region_transaction_depth
does not make much sense.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Asynchronous callbacks provided by call_rcu are particularly important
for QEMU, because the BQL makes it hard to use synchronize_rcu.
In addition, the current RCU implementation is not particularly friendly
to multiple concurrent synchronize_rcu callers, making call_rcu even
more important.
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This includes a (mangled) copy of the liburcu code. The main changes
are: 1) removing dependencies on many other header files in liburcu; 2)
removing for simplicity the tentative busy waiting in synchronize_rcu,
which has limited performance effects; 3) replacing futexes in
synchronize_rcu with QemuEvents for Win32 portability. The API is
the same as liburcu, so it should be possible in the future to require
liburcu on POSIX systems for example and use our copy only on Windows.
Among the various versions available I chose urcu-mb, which is the
least invasive implementation even though it does not have the
fastest rcu_read_{lock,unlock} implementation. The urcu flavor can
be changed later, after benchmarking.
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This had a possible deadlock that was visible with rcutorture.
qemu_event_set qemu_event_wait
----------------------------------------------------------------
cmpxchg reads FREE, writes BUSY
futex_wait: pthread_mutex_lock
futex_wait: value == BUSY
xchg reads BUSY, writes SET
futex_wake: pthread_cond_broadcast
futex_wait: pthread_cond_wait
<deadlock>
The fix is simply to avoid condvar tricks and do the obvious locking
around pthread_cond_broadcast:
qemu_event_set qemu_event_wait
----------------------------------------------------------------
cmpxchg reads FREE, writes BUSY
futex_wait: pthread_mutex_lock
futex_wait: value == BUSY
xchg reads BUSY, writes SET
futex_wake: pthread_mutex_lock
(blocks)
futex_wait: pthread_cond_wait
(mutex unlocked)
futex_wake: pthread_cond_broadcast
futex_wake: pthread_mutex_unlock
futex_wait: pthread_mutex_unlock
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Revert the parts of commits b645bb4885 and 5a6932d51d which are still
in the codebase and under a SoftFloat-2b license.
Reimplement support for architectures where the most significant bit
in the mantissa is 1 for a signaling NaN rather than a quiet NaN,
by adding handling for SNAN_BIT_IS_ONE being set to the functions
which test values for NaN-ness.
This includes restoring the bugfixes lost in the reversion where
some of the float*_is_quiet_nan() functions were returning true
for both signaling and quiet NaNs.
[This is a mechanical squashing together of two separate "revert"
and "reimplement" patches.]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421073508-23909-4-git-send-email-peter.maydell@linaro.org
Revert the remaining portions of commits 75d62a5856 and 3430b0be36
which are under a SoftFloat-2b license, ie the functions
uint64_to_float32() and uint64_to_float64(). (The float64_to_uint64()
and float64_to_uint64_round_to_zero() functions were completely
rewritten in commits fb3ea83aa and 0a87a3107d so can stay.)
Reimplement from scratch the uint64_to_float64() and uint64_to_float32()
conversion functions.
[This is a mechanical squashing together of two separate "revert"
and "reimplement" patches.]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421073508-23909-3-git-send-email-peter.maydell@linaro.org
This commit applies the changes to master which correspond to
replacing commit 158142c2c2 with a set of changes made by:
* taking the SoftFloat-2a release
* mechanically transforming the block comment style
* reapplying Fabrice's original changes from 158142c2c2
This commit was created by:
diff -u 158142c2c2 import-sf-2a
patch -p1 --fuzz 10 <../relicense-patch.txt
(where import-sf-2a is the branch resulting from the changes above).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421073508-23909-2-git-send-email-peter.maydell@linaro.org
The QERR_ macros are leftovers from the days of "rich" error objects.
They're used with error_set() and qerror_report(), and expand into the
first *two* arguments. This trickiness has become pointless. Clean
up the balloon ones.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
... and simplify a bit. Permits factoring out common error checks in
the next commit.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
The QERR_ macros are leftovers from the days of "rich" error objects.
They're used with error_set() and qerror_report(), and expand into the
first *two* arguments. This trickiness has become pointless. Clean
this one up.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
QMP command query-spice exists only #ifdef CONFIG_SPICE. Due to QAPI
limitations, we need a dummy function anyway, but it's unreachable.
Our current dummy function goes out of its way to produce the exact
same error as the QMP core does for unknown commands. Cute, but both
unclean and unnecessary. Replace by straight abort().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
It's dead code when CONFIG_SPICE is off. If it wasn't, it would crash
dereferencing the null pointer returned by the qmp_query_spice()
dummy in qmp.c.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Commit 7572150 adopted QERR_DEVICE_NOT_ACTIVE for the purpose,
probably because adding another error seemed cumbersome overkill.
Produces "No spice device has been activated", which is awkward.
We've since abandoned our quest for "rich" error objects. Time to
undo the damage to this error message. Replace it by "SPICE is not in
use".
Keep the stupid DeviceNotActive ErrorClass for compatibility, even
though Libvirt doesn't use it.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Into qemu_using_spice(). For want of a better place, put it next the
existing monitor command handler dummies in qemu-spice.h.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
linux-user updates since last pull request
# gpg: Signature made Tue 27 Jan 2015 20:52:54 GMT using RSA key ID DE3C9BC0
# gpg: Good signature from "Riku Voipio <riku.voipio@iki.fi>"
# gpg: aka "Riku Voipio <riku.voipio@linaro.org>"
* remotes/riku/tags/pull-linux-user-20150127:
linux-user: support target-to-host SCM_CREDENTIALS
linux-user: Fix broken m68k signal handling on 64 bit hosts
mips64-linux-user: Fix definition of struct sigaltstack
linux-user: Fix ioctl cmd type mismatch on 64-bit targets
linux-user: translate resource also for prlimit64
linux-user/signal.c: Remove unnecessary wrapper copy_siginfo_to_user
linux-user/main.c: Mark end_exclusive() as possibly unused
linux-user/main.c: Call cpu_exec_start/end on all target archs
linux-user/arm/nwfpe: Delete unused aCC array
linux-user/alpha: Add define for NR_shmat to enable shmat syscall
linux-user/signal.c: Remove current_exec_domain_sig()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When passing ancillary data through a unix socket, handle
credentials properly instead of doing a simple copy and
issuing a warning.
Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
The m68k signal frame setup code which writes the signal return
trampoline code to the stack was assuming that a 'long' was 32 bits;
on 64 bit systems this meant we would end up writing the 32 bit
(2 insn) trampoline sequence to retaddr+4,retaddr+6 instead of
the intended retaddr+0,retaddr+2, resulting in a guest crash when
it tried to execute the invalid zero-bytes at retaddr+0.
Fix by using uint32_t instead; also use uint16_t rather than short
for consistency. This fixes bug LP:1404690.
Reported-by: Michel Boaventura
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Without this fix, qemu segfaults when emulating the sigaltstack syscall,
because it incorrectly treats the ss_flags field as 64 bits rather than 32
bits.
Signed-off-by: Ed Swierk <eswierk@skyportsystems.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
linux-user passes the cmd argument of the ioctl syscall as a signed long,
but compares it to an unsigned int when iterating through the ioctl_entries
list. When the cmd is a large value like 0x80047476 (TARGET_TIOCSWINSZ on
mips64) it gets sign-extended to 0xffffffff80047476, causing the comparison
to fail and resulting in lots of spurious "Unsupported ioctl" errors.
Changing the target_cmd field in the ioctl_entries list to a signed int
causes those values to be sign-extended as well during the comparison.
Signed-off-by: Ed Swierk <eswierk@skyportsystems.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
The resource argument is translated from host to target for
[gs]etprlimit but not for prlimit64. Fix this.
Signed-off-by: Felix Janda <felix.janda@posteo.de>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
The function copy_siginfo_to_user() just calls tswap_siginfo(), so
call the latter function directly and delete the wrapper function.
The wrapper is actually misleading since it implies that the
semantics are like the kernel function with the same name which
copies the data to a guest user-space address. In fact tswap_siginfo()
just does data-structure conversion between two structures whose
addresses are host addresses (the copy to userspace is handled
in QEMU by the lock_user/unlock_user calls).
This also fixes clang complaints about the wrapper being unused
in some configs.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
The function end_exclusive() isn't used on all targets; mark it as
such to avoid a clang warning.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
The start_exclusive() infrastructure is used on all target
architectures, even if only to do the "stop all CPUs before
dumping core" in force_sig(), so be consistent and call
cpu_exec_start/end in the main loop of every target.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
The aCC array in fpopcode.c is completely unused in QEMU; delete
it (silencing a clang warning).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
For historical reasons, the define for the shmat() syscall on Alpha is
NR_osf_shmat; however it has the same semantics as this syscall does
on all other architectures, so define TARGET_NR_shmat as well so that
QEMU's code for the syscall is enabled.
This patch brings our behaviour on the LTP shmat tests into line
with that for ARM (still not a perfect pass rate but not "this syscall
is completely broken" as we had before).
(Problem detected via a clang warning that the do_shmat() function
was unused on Alpha.)
Cc: Richard Henderson <rth@twiddle.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Remove the function current_exec_domain_sig(), which always returns
its argument. This was intended as a stub for supporting the kernel's
exec_domain handling, but:
* we don't have any of the other code for execution domains
* in the kernel this handling is architecture-specific, not generic
* we only call this function in the x86, ppc and sh4 signal code paths,
and the PPC one is wrong anyway because the PPC kernel doesn't
have this signal-remapping code
So it's best to simply delete the function; any future attempt to
implement exec domains will be better served by adding the correct
code from scratch based on the kernel sources at that time.
This change also fixes some clang warnings about the function being
defined but not used for some target architectures.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
pci, pc, virtio fixes and cleanups
A bunch of fixes all over the place. Also, beginning to generalize acpi build
code for reuse by ARM.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Tue 27 Jan 2015 13:12:25 GMT using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
pc-dimm: Add Error argument to pc_existing_dimms_capacity
pc-dimm: Make pc_existing_dimms_capacity global
pc: Fix DIMMs capacity calculation
smbios: Don't report unknown CPU speed (fix SVVP regression)
smbios: Fix dimm size calculation when RAM is multiple of 16GB
bios-linker-loader: move source to common location
bios-linker-loader: move header to common location
virtio: fix feature bit checks
bios-tables-test: split piix4 and q35 tests
acpi: build_append_nameseg(): add padding if necessary
acpi: update generated hex files
acpi-test: update expected DSDT
pc: acpi: fix WindowsXP BSOD when memory hotplug is enabled
pci: Split pcie_host_mmcfg_map()
Add some trace calls to pci.c.
ich9: add disable_s3, disable_s4, s4_val properties
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Now that pc_existing_dimms_capacity() is an API, include Error pointer
as an argument and modify the caller appropriately.
Suggested-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Move pc_existing_dimms_capacity() to pc-dimm.c since it would be needed
by PowerPC memory hotplug code too.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
pc_existing_dimms_capacity() is returning DIMMs count rather than capacity.
Fix this to return the capacity. Also consider only realized devices for
capacity calculation.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
SVVP requires processor speed on Type 4 structures to not be unknown.
This was fixed in SeaBIOS 0.5.0 (in 2009), but the bug was reintroduced
in QEMU 2.1.
Revert to old behavior and report CPU speed as 2000 MHz instead of
unknown.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
The Memory Device size calculation logic is broken when the RAM size is
a multiple of 16GB, making the size of the last entry be 0 instead of
16GB. Fix the logic to handle that case correctly.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
There are plans to use bios linker by MIPS, ARM.
It's only used by ACPI ATM, so put it in hw/acpi
and make it depend on CONFIG_ACPI.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
According to ACPI spec NameSeg shorter than 4 characters
must be padded up to 4 characters with "_" symbol.
ACPI 5.0: 20.2.2 "Name Objects Encoding"
Do it in build_append_nameseg() so that caller shouldn't know
or care about it.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Previous patch
pc: acpi: fix WindowsXP BSOD when memory hotplug is enabled
changed DSDT, update hex files for non-iasl builds.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Previous patch
pc: acpi: fix WindowsXP BSOD when memory hotplug is enabled
changed DSDT, update expected test files.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
tricore bugfixes and RR1, RR2, RRPW and RRR insn
# gpg: Signature made Tue 27 Jan 2015 12:02:06 GMT using RSA key ID 6B69CA14
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>"
* remotes/bkoppelmann/tags/pull-tricore-20150127:
target-tricore: Add instructions of RRR opcode format
target-tricore: Add instructions of RRPW opcode format
target-tricore: Add instructions of RR2 opcode format
target-tricore: Add instructions of RR1 opcode format, that have 0x93 as first opcode
target-tricore: split up suov32 into suov32_pos and suov32_neg
target-tricore: Fix bugs found by coverity
target-tricore: calculate av bits before saturation
target-tricore: Several translator and cpu model fixes
target-tricore: Add missing ULL suffix on 64 bit constant
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add microcode generator function gen_cond_sub.
Add helper functions:
* ixmax/ixmin: search for the max/min value and its related index in a
vector of 16-bit values.
* pack: dack two data registers into an IEEE-754 single precision floating
point format number.
* dvadj: divide-adjust the result after dvstep instructions.
* dvstep: divide a reg by a divisor, producing 8-bits of quotient at a time.
OPCM_32_RRR_FLOAT -> OPCM_32_RRR_DIVIDE
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Richard Henderson <rth@twiddle.net>
suov checks unsigned for an overflow and an underflow, after some arithmetic
operations and saturates the result to either max_uint32 or 0. So far we
handled this by expanding to the next bigger data type and compare whether
the result is > max_uint32 or < 0.
However this approach can fail for an 32 bit multiplication, if both operands of
the multiplication are 0x80000000. This sets the sign bit of the 64 bit integer
and would result in a false saturation to 0.
Since unsigned operations, e.g add, sub, mul always result in either a positive
or negative overflow, we split the functions for suov32 up into two functions
(suov32_pos, suov32_neg) for each case.
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
This fixes one bug and one false positive found by coverity. The bug is,
that gen_mtcr was missing a mask to check the flag, which resulted in dead code.
The false positive is a intentional missing break for a jump and link address
insn followed by a jump and link insn. This adds a fall through comment to avoid
the false positive in the future.
Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
64 bit mac instructions calculated the av bits after the saturation, which
resulted in a wrong PSW. This moves the av bit calculation before the
saturation.
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Fix tc1796 cpu model using wrong ISA version.
Fix cond_add sometimes writing back wrong result.
Fix RCR_SEL and RCR_SELN using wrong registers for result and cond.
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Add a missing ULL suffix to a 64 bit constant: this suppresses a
compiler warning from mingw32 gcc.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
ACPI parser in XP considers PNP0A06 devices of CPU and
memory hotplug as duplicates. Adding unique _UID
to CPU hotplug device fixes BSOD.
Cc: qemu-stable@nongnu.org
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The mmcfg space is a memory region that allows access to PCI config space
in the PCIe world. To maintain abstraction layers, I would like to expose
the mmcfg space as a sysbus mmio region rather than have it mapped straight
into the system's memory address space though.
So this patch splits the initialization of the mmcfg space from the actual
mapping, allowing us to only have an mmfg memory region without the map.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
PIIX4 has disable_s3 and disable_s4 properties to enable or disable PM
functions. Add such properties to the ICH9 chipset as well for the Q35
machine type.
S3 / S4 are not guaranteed to always work (needs work in the guest as
well as QEMU for things to work properly), and disabling advertising of
these features ensures guests don't go into zombie state if something
isn't working right.
The defaults are kept the same as in PIIX4: both S3 and S4 are enabled
by default.
These can be disabled via the cmdline:
... -global ICH9-LPC.disable_s3=1 -global ICH9-LPC.disable_s4=1
Note: some guests can fake hibernation by writing a hibernate image and
doing a shutdown instead of S4 if S4 isn't available; there's nothing we
can do guests to stop doing this, and this patch can't affect that
functionality.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
qemu-timer.c was including a lot more headers than it needed to,
presumably for historical reasons. In particular, it included
ui/console.h; this now tries to pull in <pixman.h>, which will
cause a compilation failure in --disable-tools --disable-system
configurations when running "make check" (which builds qemu-timer.c,
even though the linux-user binaries themselves don't need it).
Fix this build failure by trimming down the set of included
headers severely -- we only really need main-loop.h and timer.h.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1421770600-17525-1-git-send-email-peter.maydell@linaro.org
xen_get_vmport_regs_pfn should take a xen_pfn_t argument, not an
unsigned long argument (in fact xen_pfn_t is defined as uint64_t on
ARM).
Also use xc_hvm_param_get instead of the deprecated xc_get_hvm_param.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Don Slutz <dslutz@verizon.com>
- Many fixes from the floor as usual
- New "edu" device (v1->v2: fix 32-bit compilation)
- Disabling HLE and RTM on Haswell & Broadwell
- kvm_stat updates
- Added --enable-modules to Travis, in preparation for switching
the default
# gpg: Signature made Mon 26 Jan 2015 11:44:40 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini/tags/for-upstream:
kvm_stat: Add RESET support for perf event ioctl
target-i386: Disable HLE and RTM on Haswell & Broadwell
sparse: Fix build with sparse on .S files
exec: fix madvise of NULL pointer
.travis.yml: Add "--enable-modules"
apic: do not dereference pointer before it is checked for NULL
kvm_stat: Print errno when syscall to perf_event_open() fails
kvm_stat: Update exit reasons to the latest defintion
kvm_stat: Add aarch64 support
hw: misc, add educational driver
vmstate: accept QEMUTimer in VMSTATE_TIMER*, add VMSTATE_TIMER_PTR*
qemu-timer: introduce timer_deinit
qemu-timer: add timer_init and timer_init_ns/us/ms
target-i386: make xmm_regs 512-bit wide
target-i386: use vmstate_offset_sub_array for AVX registers
tests/multiboot: Add test for modules
multiboot: Fix offset of bootloader name
tests/multiboot: Update reference output
pc: fix KVM features in pc-1.3 and earlier machine types
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
While running kvm_stat using tracepoint on ARM64 hardware (e.g. "kvm_stat
-1 -t"), the initial values of some kvm_userspace_exit counters were found
to be very suspecious. For instance the tracing tool showed that S390_TSCH
was called many times on ARM64 machine, which apparently was wrong.
This patch adds RESET ioctl support for perf monitoring. Before calling
ioctl to enable a perf event, this patch resets the counter first. With
this patch, the init counter values become correct on ARM64 hardware.
Example:
==== before patch ====
kvm_userspace_exit(S390_SIEIC) 1426 0
kvm_userspace_exit(S390_TSCH) 339 0
==== after patch ====
kvm_userspace_exit(S390_SIEIC) 0 0
kvm_userspace_exit(S390_TSCH) 0 0
Signed-off-by: Wei Huang <wei@redhat.com>
All Haswell CPUs and some Broadwell CPUs were updated by Intel to have
the HLE and RTM features disabled. This will prevent
"-cpu Haswell,enforce" and "-cpu Broadwell,enforce" from running out of
the box on those CPUs.
Disable those features by default on Broadwell and Haswell CPU models,
starting on pc-*-2.3. Users who want to use those features can enable
them explicitly on the command-line.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
rules.mak has a rule for .S files using CPP. This will result in
errors like
CPP s390-ccw/start.asm
cc: error: unrecognized command line option '-Wbitwise'
Lets also redefine CPP in case of --enable-sparse.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Coverity flags this as "dereference after null check". Not quite a
dereference, since it will just EFAULT, but still nice to fix.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Right now you only get to apic_init_reset if you have an APIC
(do_cpu_init is reached only if CPU_INTERRUPT_INIT is set and
that only happens in hw/intc/apic.c). However, this is wrong
because for example a port 92 or keyboard controller reset is
really an INIT, and that can happen also with no APIC. So
keep the check and fix the error that Coverity reported.
Reported-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
kvm_stat uses syscall() to call perf_event_open(). If this function
call fails, the returned value is -1, which doesn't tell the details
of such failure (i.e. ENOSYS or EINVAL). This patch retrieves errno
and prints it when syscall() fails. The error message will look like
"Exception: perf_event_open failed, errno = 38".
Signed-off-by: Wei Huang <wei@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch updates the exit reasons for x86_vmx, x86_svm, and userspace
to the latest definition.
Signed-off-by: Wei Huang <wei@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch enables aarch64 support for kvm_stat. The platform detection
is based on OS uname.
Signed-off-by: Wei Huang <wei@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
I am using qemu for teaching the Linux kernel at our university. I
wrote a simple PCI device that can answer to writes/reads, generate
interrupts and perform DMA. As I am dragging it locally over 2 years,
I am sending it to you now.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
[Fix 32-bit compilation. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
In some cases, a timer was set to NULL so that we could check if it is
initialized. Use the timer_list field instead, and add a timer_deinit
function that NULLs it.
It then makes sense that timer_del be a no-op (instead of a crasher) on
such a de-initialized timer. It avoids the need to poke at the timerlist
field to check if the timers are initialized.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Right now, the AVX512 registers are split in many different fields:
xmm_regs for the low 128 bits of the first 16 registers, ymmh_regs
for the next 128 bits of the same first 16 registers, zmmh_regs
for the next 256 bits of the same first 16 registers, and finally
hi16_zmm_regs for the full 512 bits of the second 16 bit registers.
This makes it simple to move data in and out of the xsave region,
but would be a nightmare for a hypothetical TCG implementation and
leads to a proliferation of [XYZ]MM_[BWLSQD] macros. Instead,
this patch marshals data manually from the xsave region to a single
32x512-bit array, simplifying the macro jungle and clarifying which
bits are in which vmstate subsection.
The migration format is unaffected.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
After the next patch, each vmstate field will extract parts of a larger
(32x512-bit) array, so we cannot check the vmstate field against the
type of the array.
While changing this, change the macros to accept the index of the first
element (which will not be 0 for Hi16_ZMM_REGS) instead of the number
of elements (which is always CPU_NB_REGS).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This test case is meant to detect corruptions of the Multiboot modules
as well as the multiboot modules list and the module command lines.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This fixes a bug introduced in commit 5eba5a66 ('Add bootloader name to
multiboot implementation').
The calculation of the bootloader name offset didn't consider space
occupied by module command lines, so some unlucky module got its command
line partially overwritten with a "qemu" string.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The changes look okay (larger PCI hole, some rounding differences), so
just update the reference output of the test case.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Due to a typo, instead of disabling KVM_FEATURE_PV_EOI (bit
6) these machine types are disabling bits 1 and 2, which are
KVM_FEATURE_NOP_IO_DELAY and KVM_FEATURE_MMU_OP. Not a big deal
because they aren't very important and KVM_FEATURE_MMU_OP is
disabled anyway. The worst part is actually that KVM_FEATURE_PV_EOI
is remaining enabled.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Block patches for 2.3
# gpg: Signature made Fri 23 Jan 2015 17:53:06 GMT using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
* remotes/kevin/tags/for-upstream:
iotests: Lower 064's memory usage
block: vhdx - force FileOffsetMB field to '0' for certain block states
block: update string sizes for filename,backing_file,exact_filename
block: mirror - change string allocation to 2-bytes
block: remove unused variable in bdrv_commit
block: qapi - move string allocation from stack to the heap
block: vmdk - move string allocations from stack to the heap
block: vmdk - make ret variable usage clear
iotests: Add tests for more corruption cases
qcow2: Add two more unalignment checks
virtio-blk: Use blk_aio_ioctl
virtio-blk: Pass req to virtio_blk_handle_scsi_req
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Test 064 reads a lot of data at once which currently results in qemu-io
having to allocate up to about 1 GB of memory (958 MB, to be exact).
This patch lowers that amount to 128 MB by making the test read smaller
chunks.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Message-id: 1422025185-25229-1-git-send-email-mreitz@redhat.com
The v1.0.0 spec calls out PAYLOAD_BLOCK_ZERO FileOffsetMB field as being
'reserved'. In practice, this means that Hyper-V will fail to read a
disk image with PAYLOAD_BLOCK_ZERO block states with a FileOffsetMB
value other than 0.
The other states that indicate a block that is not there
(PAYLOAD_BLOCK_UNDEFINED, PAYLOAD_BLOCK_NOT_PRESENT,
PAYLOAD_BLOCK_UNMAPPED) have multiple options for what FileOffsetMB may
be set to, and '0' is explicitly called out as an option.
For all the above states, we will also just set the FileOffsetMB value
to 0.
Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: a9fe92f53f07e6ab1693811e4312c0d1e958500b.1421787566.git.jcody@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
The string field entries 'filename', 'backing_file', and
'exact_filename' in the BlockDriverState struct are defined as 1024
bytes.
However, many places that use these values accept a maximum of PATH_MAX
bytes, so we have a mixture of 1024 byte and PATH_MAX byte allocations.
This patch makes the BlockDriverStruct field string sizes match usage.
This patch also does a few fixes related to the size that needs to
happen now:
* the block qapi driver is updated to use PATH_MAX bytes
* the qcow and qcow2 drivers have an additional safety check
* the block vvfat driver is updated to use PATH_MAX bytes
for the size of backing_file, for systems where PATH_MAX is < 1024
bytes.
* qemu-img uses PATH_MAX rather than 1024. These instances were not
changed to be dynamically allocated, however, as the extra
temporary 3K in stack usage for qemu-img does not seem worrisome.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The backing_filename string in mirror_run() is only used to check
for a NULL string, so we don't need to allocate 1024 bytes (or, later,
PATH_MAX bytes), when we only need to copy the first 2 characters.
We technically only need 1 byte, as we are just checking for NULL, but
since backing_filename[] is populated by bdrv_get_backing_filename(), a
string size of 1 will always only return '\0';
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
As Stefan pointed out, the variable 'filename' in bdrv_commit is unused,
despite being maintained in previous patches.
With this patch, get rid of the variable for good.
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Rather than declaring 'backing_filename2' on the stack in
bdrv_query_image_info(), dynamically allocate it on the heap.
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Functions 'vmdk_parse_extents' and 'vmdk_create' allocate several
PATH_MAX sized arrays on the stack. Make these dynamically allocated.
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Keep the variable 'ret' something that is returned by the function it is
defined in. For the return value of 'sscanf', use a more meaningful
variable name.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This adds checks for unaligned L2 table offsets and unaligned data
cluster offsets (actually the preallocated offsets for zero clusters) to
the zero cluster expansion function.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Use the asynchronous interface of ioctl. This will not make the VM
unresponsive if the ioctl takes a long time.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
In preparation for calling blk_aio_ioctl. Also make the function static
as no other files need it.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
seccomp branch queue
# gpg: Signature made Fri 23 Jan 2015 13:11:05 GMT using RSA key ID 12F8BD2F
# gpg: Can't check signature: public key not found
* remotes/otubo/tags/pull-seccomp-20150123:
seccomp: add mlockall to whitelist
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
qemu-sparc update
# gpg: Signature made Wed 21 Jan 2015 16:56:31 GMT using RSA key ID AE0F321F
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>"
* remotes/mcayland/tags/qemu-sparc-signed:
disas/sparc: Remove unused data sparc_opcode_archs[]
target-sparc: Mark gen_load_trap_state_at_tl() as !CONFIG_USER_ONLY
target-sparc: is_translating_asi() is TARGET_SPARC64 only
target-sparc: address_mask(), asi_address_mask() are TARGET_SPARC64 only
target-sparc: Remove unused gen_op_subi_cc and gen_op_addi_cc
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add new query vnc qmp command, for the lack of better ideas just name it
"query-vnc-servers". Changes over query-vnc:
* It returns a list of vnc servers, so multiple vnc server instances
are covered.
* Each vnc server returns a list of server sockets. Followup patch
will use that to also report websockets. In case we add support for
multiple server sockets server sockets (to better support ipv4+ipv6
dualstack) we can add them to the list too.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Also track the number of connections in "connecting" and "shared" state
(in addition to the "exclusive" state). Apply a configurable limit to
these connections.
The logic to apply the limit to connections in "shared" state is pretty
simple: When the limit is reached no new connections are allowed.
The logic to apply the limit to connections in "connecting" state (this
is the state you are in *before* successful authentication) is
slightly different: A new connect kicks out the oldest client which is
still in "connecting" state. This avoids a easy DoS by unauthenticated
users by simply opening connections until the limit is reached.
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds a display= parameter to the vnc options. This allows to
bind a vnc server instance to a specific display, allowing to create a
multiseat setup with a vnc server for each seat.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch switches vnc over to QemuOpts, and it (more or less
as side effect) allows multiple vnc server instances.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
In case the display id is "default" (which is the one you get if you
don't explicitly assign one) we keep the old name scheme, without
display, for backward compatibility reasons.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
DisplayState isn't used anywhere, drop it. Add the vnc server ID as
parameter instead, so it is possible to specify the server instance.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Replace with a vnc_displays list, so we can have multiple vnc server
instances. Add vnc_server_find function to lookup a display by id.
With no id supplied return the first vnc server, for backward
compatibility reasons.
It is not possible (yet) to actually create multiple vnc server
instances.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Teach qemu to set up a Spice server with a UNIX socket using the
following arguments -spice unix,addr=path.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
SoundBlaster 16 emulation is very broken and consumes a lot of CPU, but a
small fix was suggested offlist and it is enough to fix some games. I
got Epic Pinball to work with the "SoundBlaster Clone" option.
The processing of the interrupt register is wrong due to two missing
"not"s. This causes the interrupt flag to remain set even after the
Acknowledge ports have been read (0x0e and 0x0f).
The line was introduced by commit 85571bc (audio merge (malc), 2004-11-07),
but the code might have been broken before because I did not look closely
at the huge patches from 10 years ago.
Reported-by: Joshua Bair <j_bair@bellsouth.net>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Remove sparc_opcode_archs and the macros which use it, because we don't
use them in QEMU and they provoke clang warnings:
disas/sparc.c:307:39: warning: unused variable 'sparc_opcode_archs' [-Wunused-const-variable]
static const struct sparc_opcode_arch sparc_opcode_archs[] =
^
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
The function gen_load_trap_state_at_tl() is only used in the softmmu
configs; wrap it in #ifndef CONFIG_USER_ONLY to avoid clang compiler
warnings in linux-user builds.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Move the is_translating_asi() inside the TARGET_SPARC64 ifdef (and remove
the unimplemented 32-bit codepath), as it is only called from TARGET_SPARC64
code. This fixes a clang 3.4 unused-function warning.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
The address_mask() and asi_address_mask() functions are only used in
TARGET_SPARC64 configs, so guard with ifdefs to avoid warnings about
unused functions in 32-bit builds.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
