When this VMSD was introduced it's version fields were set to
sizeof(I6300State), making them essentially random from build to build,
version to version.
To fix this, we lock in a high version id and low minimum version id to
support old->new migration from all prior versions of this device's
state. This should work since the device state has not changed since
its introduction.
The potentially breaks migration from 1.5+ to 1.5, but since the
versioning was essentially random prior to this patch, new->old
migration was not consistently functional to begin with.
Reported-by: Nicholas Thomas <nick@bytemark.co.uk>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit c1990468d5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Always free them in the iscsi_aio_*_acb functions and remove the
checks in their callers. Remove ifs when the task struct was
previously dereferenced (spotted by Coverity).
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit f0d2a4d4d6)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This patch adds a new SCSI_DISK_F_NO_REMOVABLE_DEVOPS feature. By this
feature we can set that the scsi-block (scsi pass-through) device will still
be removable from the guest side, but from monitor it cannot be removed.
Cc: qemu-stable@nongnu.org
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 18e673b8f3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Issuing the READ CAPACITY(10) command in the guest will cause QEMU
to update its knowledge of the maximum accessible LBA in the disk.
The recorded maximum LBA will be wrong if the disk is bigger than
1TB, because ldl_be_p returns a signed int.
When this is fixed, a latent bug will be unmasked. If the READ
CAPACITY(10) command reported an overflow (0xFFFFFFFF), we must
not overwrite the previously-known maximum accessible LBA, or the guest
will fail to access the disk above the first 2TB.
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 53254e569f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Tray statuses should be also reset. Some guests may lock the tray and
right after resetting the guest it should be unlocked and closed. This
is done on power-on, reset and resume from suspend/hibernate on bare-metal.
This fix is already committed for IDE CD.
Check the commit a7f3d65b65.
Test results on bare-metal:
- on reset/power-on the CD-ROM tray is closed even before the monitor
is turned on
- on resume from suspend/hibernate the tray is also closed before
the monitor is turned on
From test results it seems that this behavior is OS and probably BIOS
independent.
Cc: qemu-stable@nongnu.org
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 7721c7f7c2)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Otherwise they would get passed to getaddrinfo and fail with:
address resolution failed for [::1]🔢 Name or service not known
(Broken by commit v1.4.0-736-gf17c90b)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 2330790879)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
QMP command "{ 'execute': 'cpu-add', 'arguments': { 'id': -1 }}" may cause
QEMU SIGSEGV at:
piix4_cpu_hotplug_req ()
...
g->sts[cpu_id / 8] |= (1 << (cpu_id % 8));
...
Since for PC in current implementation id should be in range [0...maxcpus)
and maxcpus is already checked, add check for lower bound and error out
on incorrect value.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 8de433cb08)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
add2_i64 was adding the lower double word to the upper double word
of each input. Fix this so we add the lower double words, then the
upper double words with carry propagation.
Cc: qemu-stable@nongnu.org
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
(cherry picked from commit 8424735710)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
If our input and output is in the same register, bswap64 tries to
undo a rotate of the input. This just ends up rotating the output.
Cc: qemu-stable@nongnu.org
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
(cherry picked from commit 82e0f9170a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The rldcl instruction doesn't have an sh field, so the minor opcode
is shifted 1 bit. We were using the XO30 macro which shifted the
minor opcode 2 bits.
Remove XO30 and add MD30 and MDS30 macros which match the
Power ISA categories.
Cc: qemu-stable@nongnu.org
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
(cherry picked from commit 8a94cfb05e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
If the user fails to specify 'chardev' or 'shm' then we cannot continue.
Exit right away so that we don't invoke shm_open(3) with a NULL pointer.
It would be nice to replace exit(1) with error returns in the PCI device
.init() function, but leave that for another patch since exit(1) is
currently used elsewhere.
Spotted by Coverity.
Cc: Cam Macdonell <cam@cs.ualberta.ca>
Cc: qemu-stable@nongnu.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit baefb8bf8e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
When splitting openSUSE's qemu and qemu-linux-user packages we noticed
that for linux-user-only builds unrelated man pages got installed.
It's surely possible to delete them before packaging, but not installing
them in the first place seems more logical.
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 8a3e8f7fd8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This patch forbid the following invalid parameters to tap:
1) fd and vhostfds were specified but vhostfd were not specified
2) vhostfds were specified but fds were not specified
3) fds and vhostfd were specified
For 1 and 2, net_init_tap_one() will still pass NULL as vhostfdname to
monitor_handle_fd_param(), which may crash the qemu.
Also remove the unnecessary has_fd check.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Stefan Hajnoczi <shajnocz@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit c87826a878)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
In two places qemu uses openpty() which is very system-dependent,
and in both places the pty is switched to raw mode as well.
Make a wrapper function which does both steps, and move all the
system-dependent complexity into a separate file, together
with static/local implementations of openpty() and cfmakeraw()
from qemu-char.c.
It is in a separate file, not part of oslib-posix.c, because
openpty() often resides in -lutil which is not linked to
every program qemu builds.
This change removes #including of <pty.h>, <termios.h>
and other rather specific system headers out of qemu-common.h,
which isn't a place for such specific headers really.
This version has been verified to build correctly on Linux,
OpenBSD, FreeBSD and OpenIndiana. On the latter it lets qemu
to be built with gtk gui which were not possible there due to
missing openpty() and cfmakeraw().
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Tested-by: Andreas Färber <andreas.faerber@web.de>
(cherry picked from commit 4efeabbbe8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini <pbonzini@redhat.com> suggested the following test case:
1. Launch a guest and wait at the GRUB boot menu:
qemu-system-x86_64 -enable-kvm -m 1024 \
-drive if=none,cache=none,file=test.img,id=foo,werror=stop,rerror=stop
-device virtio-blk-pci,drive=foo,id=virtio0,addr=4
2. Hot unplug the device:
(qemu) drive_del foo
3. Select the first boot menu entry
Without this patch the guest pauses due to ENOMEDIUM. The guest is
stuck in a continuous pause loop since the I/O request is retried and
fails immediately again when the guest is resumed.
With this patch the error is reported to the guest.
Note that this scenario actually happens sometimes during libvirt disk
hot unplug, where device_del is followed by drive_del. I/O may still be
submitted to the drive after drive_del if the guest does not process the
PCI hot unplug notification.
Reported-by: Dafna Ron <dron@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 293c51a6ee)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
PCI host bridges need to set fw_name to be discoverable
by bios for boot device selection.
In particular, seabios expects root device to be called
"/pci/@i0cf8", so let's set it up like that for Q35.
Cc: qemu-stable@nongnu.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Amos Kong <akong@redhat.com>
(cherry picked from commit 68c0e134a0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
When CHR_EVENT_OPENED was initially added, it was CHR_EVENT_RESET,
and it was issued as a bottom-half:
86e94dea5b
Which we basically used to print out a greeting/prompt for the
monitor.
AFAICT the only reason this was ever done in a BH was because in
some cases we'd modify the chr_write handler for a new chardev
backend *after* the site where we issued the reset (see:
86e94d:qemu_chr_open_stdio())
At some point this event was renamed to CHR_EVENT_OPENED, and we've
maintained the use of this BH ever since.
However, due to 9f939df955, we schedule
the BH via g_idle_add(), which is causing events to sometimes be
delivered after we've already begun processing data from backends,
leading to:
known bugs:
QMP:
session negotation resets with OPENED event, in some cases this
is causing new sessions to get sporadically reset
potential bugs:
hw/usb/redirect.c:
can_read handler checks for dev->parser != NULL, which may be
true if CLOSED BH has not been executed yet. In the past, OPENED
quiesced outstanding CLOSED events prior to us reading client
data. If it's delayed, our check may allow reads to occur even
though we haven't processed the OPENED event yet, and when we
do finally get the OPENED event, our state may get reset.
qtest.c:
can begin session before OPENED event is processed, leading to
a spurious reset of the system and irq_levels
gdbstub.c:
may start a gdb session prior to the machine being paused
To fix these, let's just drop the BH.
Since the initial reasoning for using it still applies to an extent,
work around that by deferring the delivery of CHR_EVENT_OPENED until
after the chardevs have been fully initialized, toward the end of
qmp_chardev_add() (or some cases, qemu_chr_new_from_opts()). This
defers delivery long enough that we can be assured a CharDriverState
is fully initialized before CHR_EVENT_OPENED is sent.
Also, rather than requiring each chardev to do an explicit open, do it
automatically, and allow the small few who don't desire such behavior to
suppress the OPENED-on-init behavior by setting a 'explicit_be_open'
flag.
We additionally add missing OPENED events for stdio backends on w32,
which were previously not being issued, causing us to not recieve the
banner and initial prompts for qmp/hmp.
Reported-by: Stefan Priebe <s.priebe@profihost.ag>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Message-id: 1370636393-21044-1-git-send-email-mdroth@linux.vnet.ibm.com
Cc: qemu-stable@nongnu.org
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit bd5c51ee6c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
If a stream notify function is not ready, it may re-populate the notify call-
back to indicate it should be re-polled later. This break in this usage, as
immediately following the notify() call, .notify is set to NULL. reverse the
ordering of the notify call and NULL assignment accordingly.
[PC: Reworked commit message]
Signed-off-by: Wendy Liang <jliang@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
(cherry picked from commit 4f293bd6e5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Interpretation of the ccws to register (configuration) indicators contained
a thinko: We want to disallow reading from 0, but setting the indicator
pointer to 0 is fine.
Let's fix the handling for CCW_CMD_SET{,_CONF}_IND.
Cc: qemu-stable@nongnu.org
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
(cherry picked from commit d1db1fa8df)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Recent virtio refactoring in QEMU made virtio-bus become the parent bus
of scsi-bus, and virtio-bus doesn't have get_fw_dev_path implementation,
typename will be added to fw_dev_path by default, the new fw_dev_path
could not be identified by seabios. It causes that bootindex parameter
of scsi device doesn't work.
This patch implements get_fw_dev_path() in BusClass, it will be called
if bus doesn't implement the method, tyename will be added to
fw_dev_path. If the implemented method returns NULL, nothing will be
added to fw_dev_path.
It also implements virtio_bus_get_fw_dev_path() to return NULL. Then
QEMU will still pass original style of fw_dev_path to seabios.
Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1369814202-10346-1-git-send-email-akong@redhat.com
--
v2: only add nothing to fw_dev_path when get_fw_dev_path() is
implemented and returns NULL. then it will not effect other devices
don't have get_fw_dev_path() implementation.
v3: implement default get_fw_dev_path() in BusClass
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit bbfa18fca4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
We are currently setting the PCI hole to start at HVM_BELOW_4G_RAM_END,
that is 0xf0000000.
Start the PCI hole at 0xe0000000 instead, that is the same value used by
pc_init1 and qemu-xen-traditional.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
CC: qemu-stable@nongnu.org
(cherry picked from commit 9f24a8030a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The code used to walk IA-32e page-tables, and possibly PAE page-tables,
uses the bit mask ~0xfff to get the next PML4E/PDPTE/PDE/PTE address.
However, as we use a uint64_t to store the resulting address, that mask
gets expanded to 0xfffffffffffff000 which not only ends up selecting
reserved bits but also selects the XD bit (execute-disable) which
happens to be enabled by Windows 8, causing qemu_get_ram_ptr() to abort.
This commit fixes that problem by replacing ~0xfff by a correct mask
that only selects the address bit range (ie. bits 51:12).
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit fbc2ed9518)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
git shortlog from 1.7.2.1
Asias He (2):
virtio-scsi: Pack struct virtio_scsi_{req_cmd,resp_cmd}
virtio-scsi: Set _DRIVER_OK flag before scsi target scanning
Kevin O'Connor (1):
Cache boot-fail-wait to avoid romfile access after POST.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 6683d7bc27)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This reverts commit a5519b42cf.
Breaks "make bios" in roms/ as the kconfig version in seabios doesn't
support olddefconfig. Must have been be totally untested.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 19cd090e17)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The implementation of the ATA FLUSH command invokes a flush at the block
layer, which may on raw files on POSIX entail a synchronous fdatasync().
This may in some cases take so long that the SLES 11 SP1 guest driver
reports I/O errors and filesystems get corrupted or remounted read-only.
Avoid this by setting BUSY_STAT, so that the guest is made aware we are
in the middle of an operation and no ATA commands are attempted to be
processed concurrently.
Addresses BNC#637297.
Suggested-by: Gonglei (Arei) <arei.gonglei@huawei.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit f68ec8379e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Fill unset CharDriverState->filename with the backend name, so
'info chardev' will return at least the chardev type. Don't
touch it in case the chardev init function filled it already,
like the socket+pty chardevs do for example.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 60d95386ab)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This fixes a regression introduced by:
commit 62fc403f11
Author: Igor Mammedov <imammedo@redhat.com>
Date: Mon Apr 29 18:54:13 2013 +0200
target-i386: Attach ICC bus to CPU on its creation
X86CPU should have parent bus so it could provide bus for child APIC.
The commit makes it mandatory to pass a valid ICC bus to cpu_x86_create,
but cpu_x86_init just passes NULL to it.
xen_machine_pv uses cpu_x86_init, therefore it has been broken.
This patch fixes the problem by removing the dummy CPU creation
altogether from xen_init_pv, relying on the fact that QEMU can now cope
with a machine without an emulated CPU.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
CC: imammedo@redhat.com
CC: qemu-stable@nongnu.org
(cherry picked from commit 58ee9b0ae0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Net queues support efficient "receive disable". For example, tap's file
descriptor will not be polled while its peer has receive disabled. This
saves CPU cycles for needlessly copying and then dropping packets which
the peer cannot receive.
rtl8139 is missing the qemu_flush_queued_packets() call that wakes the
queue up when receive becomes possible again.
As a result, the Windows 7 guest driver reaches a state where the
rtl8139 cannot receive packets. The driver has actually refilled the
receive buffer but we never resume reception.
The bug can be reproduced by running a large FTP 'get' inside a Windows
7 guest:
$ qemu -netdev tap,id=tap0,...
-device rtl8139,netdev=tap0
The Linux guest driver does not trigger the bug, probably due to a
different buffer management strategy.
Reported-by: Oliver Francke <oliver.francke@filoo.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 00b7ade807)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
With mapped security models like mapped-xattr and mapped-file, we save the
symlink target as file contents. Now if we ever expose a normal directory
with mapped security model and find real symlinks in export path, never
follow them and return proper error.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
(cherry picked from commit aed858ce10)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
When guest tries to chmod a block or char device file over 9pfs,
the qemu process segfaults. With 9p2000.u protocol we use wstat to
change mode bits and client don't send extension information for
chmod. We need to check for size field to check whether extension
info is present or not.
Reported-by: Michael Tokarev <mjt@tls.msk.ru>
Acked-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
(cherry picked from commit c7e587b73e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Commit e7a09b92b7 added a trace at each
memory freeing, but unfortunately inverted size and pointer when printing
them. Fix trace.
This also led to a compilation error on 32 bit hosts:
In file included from include/trace.h:4:0,
from trace/generated-events.c:3:
./trace/generated-tracers.h: In function ‘trace_qemu_anon_ram_free’:
./trace/generated-tracers.h:64:9: error: format ‘%zu’ expects argument of type
‘size_t’, but argument 3 has type ‘void *’ [-Werror=format]
./trace/generated-tracers.h:64:9: error: format ‘%p’ expects argument of type
‘void *’, but argument 4 has type ‘size_t’ [-Werror=format]
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Message-id: 1369045989-14016-1-git-send-email-hpoussin@reactos.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Commit 215e47b9 enabled TRIM by default, which revealed a bug in TRIM
support for the IDE macio emulation driver, introduced in d353fb72.
The call to dma_bdrv_io() is using a wrong opaque of type IDEState
instead of DBDMA_io. This patch fixes that.
Fixes LP#1179104
Reported-by: Michael Tokarev <mjt@tls.msk.ru>
Tested-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
First we need to clear the bit and then we set the given value.
Instruction ADDSC sets the bit and instruction ADDWC uses this bit.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This change makes sure that modifications of pos field in the DSPControl
register do not trash other bits in the register. This bug can be triggered
with the additional test case in mips32-dsp/extpdp.c in this commit.
In addition to this, this change corrects incorrect calculation of the mask
for EXTPDP.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The mask for EXTP instruction when size=31 has not been correctly
calculated.
The test (mips32-dsp/extp.c) has been extended to include the case that
triggers the issue.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
* mdroth/qga-pull-2013-05-13:
qga: unlink just created guest-file if fchmod() or fdopen() fails on it
qga: distinguish binary modes in "guest_file_open_modes" map
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This reverts commit 7161082c8d.
Reverting this patch fixes a divide-by-zero error in qemu that can be
fairly reliably triggered by doing block migration. In this case, the
configuration/error was:
source: temp/x86_64-softmmu/qemu-system-x86_64 -enable-kvm -L temp-bios
-M pc-i440fx-1.4 -m 512M -kernel boot/vmlinuz-x86_64 -initrd
boot/test-initramfs-x86_64.img.gz -vga std -append seed=1234 -drive
file=disk1.img,if=virtio -drive file=disk2.img,if=virtio -device
virtio-net-pci,netdev=net0 -netdev user,id=net0 -monitor
unix:/tmp/vm-hmp.sock,server,nowait -qmp
unix:/tmp/vm-qmp.sock,server,nowait -vnc :100
16837 Floating point exception(core dumped)
target: temp/x86_64-softmmu/qemu-system-x86_64 -enable-kvm -L temp-bios
-M pc-i440fx-1.4 -m 512M -kernel boot/vmlinuz-x86_64 -initrd
boot/test-initramfs-x86_64.img.gz -vga std -append seed=1234 -drive
file=target_disk1.img,if=virtio -drive file=target_disk2.img,if=virtio
-device virtio-net-pci,netdev=net0 -netdev user,id=net0 -incoming
unix:/tmp/migrate.sock -monitor
unix:/tmp/vm-hmp-incoming.sock,server,nowait -qmp
unix:/tmp/vm-qmp-incoming.sock,server,nowait -vnc :101
Receiving block device images
20 %
21 %
load of migration failed
This revert potentially re-introduces a bug that was present in 1.4,
but fixes a prevalent issue with block migration so we should revert
it for now and take an updated patch later.
Conflicts:
migration.c
* fixed up to remove logic introduced in 7161082c while leaving
changes in HEAD intact
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Message-id: 1368739544-31021-1-git-send-email-mdroth@linux.vnet.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
pollfds_fill() and pollfds_poll() translate GPollFD to rfds/wfds/xfds
for sockets on win32. select(2) is the underlying system call which is
used to monitor sockets for activity.
Currently file descriptors that monitor G_IO_ERR will be included in
both rfds and wfds. As a result, select(2) will report writability on
file descriptors where we only really wanted to monitor readability
(with errors).
slirp_pollfds_poll() hit this issue: UDP sockets are blocking sockets so
we hang in sorecvfrom() when G_IO_ERR is set due to the socket being
writable (we only wanted to check for readability).
This patch fixes the slirp_pollfds_poll() hang.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1368718561-7816-2-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Although we try our best to automatically detect broken versions
of Linux which assume the old broken IRQ mapping we used to implement
for our model of the Versatile PCI controller, it turns out that
some particularly new kernels manage to outwit the autodetection.
We therefore provide a property for enabling the old broken IRQ
mapping, so that if users happen to have such a kernel they can
work around its deficiencies with the command line option:
-global versatile_pci.broken-irq-mapping=1
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1368545616-22344-4-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Newer versatilepb kernels still don't get the IRQ mapping right
for the PCI controller, but they get it differently wrong (they add
a fixed +64 offset to everything they write to PCI_INTERRUPT_LINE).
Update the autodetection to handle these too, and include a more
detailed comment on the various different behaviours that might
be present.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1368545616-22344-3-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This reverts commit 5f37ef92b7.
It turns out that some kernels incorrectly depend on the
old QEMU behaviour of not putting the host PCI bridge device
where the hardware puts it, because they use a swizzling IRQ
mapping which is incorrect but happens to match up with old
broken QEMU when the slot number mod 4 is zero. Since we
start PCI devices at 11, if we put the host bridge at 29
then the first real PCI device goes at 11 and doesn't work.
Not putting the host bridge at 29 means it defaults to 11,
so the first real PCI device is at 12 and works.
Since continuing with the old behaviour doesn't cause problems
for kernels which do work with hardware, the simplest fix for
this is to revert the change.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1368545616-22344-2-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Commit 7791dba3ec broke compilation on MacOSX, because it introduced
a new include of util.h. On MacOSX this includes pwd.h which in turn
includes the system uuid/uuid.h, which causes a compile failure if
QEMU was configured without CONFIG_UUID due to a conflict between
the system header and our fallback versions:
block/vdi.c:124:20: error: static declaration of 'uuid_generate'
follows non-static declaration
static inline void uuid_generate(uuid_t out)
^
/usr/include/uuid/uuid.h:63:6: note: previous declaration is here
void uuid_generate(uuid_t out);
^
Fix this breakage by improving configure's check for uuid to work on
MacOSX (where there is no need to link in a separate libuuid).
Note that if the user explicitly runs configure with '--disable-uuid'
on MacOSX then QEMU will fail to compile.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1368563799-22755-1-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
qmp_output_get_qobject() increments the qobject's reference count. Since
we currently pass this straight into qobject_to_json() so we can feed
the data into a QMP input visitor, we never actually free the underlying
qobject when qmp_output_visitor_cleanup() is called. This causes leaks
on all of the QMP serialization tests.
Fix this by holding a pointer to the qobject and decref'ing it before
returning from qmp_deserialize().
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
qmp: fix handling of cmd with equal mark in qmp-shell
qmp-shell splits the argument and value of input command
by equal mark("="). But there are commands whose values
include equal mark themselves, and the json built by
qmp-shell will not correct. For example, when using NBD as
the target of block-backup command, the input
"block-backup target=nbd+unix:///drive0?socket=/tmp/nbd.sock"
will fail, because the json built will be as follows:
{
"execute":"block-backup",
"arguments":{"target":"nbd+unix:///drive0?socket"}
}
Fix it by joining the sections split by equal mark excluding the
first section in __build_cmd function when the length of sections
is larger than two.
Signed-off-by: zhangleiqiang <zhangleiqiang@huawei.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
The limit of qcow2 files at least depends on the cluster size. If the
image format has a cluster_size option, suggest to increase it.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This catches the situation that is described in the bug report at
https://bugs.launchpad.net/qemu/+bug/865518 and goes like this:
$ qemu-img create -f qcow2 huge.qcow2 $((1024*1024))T
Formatting 'huge.qcow2', fmt=qcow2 size=1152921504606846976 encryption=off cluster_size=65536 lazy_refcounts=off
$ qemu-io /tmp/huge.qcow2 -c "write $((1024*1024*1024*1024*1024*1024 - 1024)) 512"
Segmentation fault
With this patch applied the segfault will be avoided, however the case
will still fail, though gracefully:
$ qemu-img create -f qcow2 /tmp/huge.qcow2 $((1024*1024))T
Formatting 'huge.qcow2', fmt=qcow2 size=1152921504606846976 encryption=off cluster_size=65536 lazy_refcounts=off
qemu-img: The image size is too large for file format 'qcow2'
Note that even long before these overflow checks kick in, you get
insanely high memory usage (up to INT_MAX * sizeof(uint64_t) = 16 GB for
the L1 table), so with somewhat smaller image sizes you'll probably see
qemu aborting for a failed g_malloc().
If you need huge image sizes, you should increase the cluster size to
the maximum of 2 MB in order to get higher limits.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
We switched from qemu_memalign to mmap() but then we don't modify
qemu_vfree() to do a munmap() over free(). Which we cannot do
because qemu_vfree() frees memory allocated by qemu_{mem,block}align.
Introduce a new function that does the munmap(), luckily the size is
available in the RAMBlock.
Reported-by: Amos Kong <akong@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Message-id: 1368454796-14989-3-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch adds a small typename cache to ObjectClass. This allows
caching positive casts within each ObjectClass. Benchmarking a
PPC workload provided by Aurelien, this patch eliminates every
single g_hash_table_lookup() happening during the benchmark (which
was about 2 million per-second).
With this patch applied, I get exactly the same performance (within
the margin of error) as with --disable-qom-cast-debug.
N.B. it's safe to cache typenames only from the _assert() macros
because they are always called with string literals.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Commit 9697f5d2d3 "gtk: custom cursor support"
introduced unconditional usage of gdk_display_warp_pointer(). This function
is marked as deprecated since GTK-3.0, and triggers warning (error with -Werror)
during compilation.
Conditionally change gdk_display_warp_pointer() method usage to gdk_device_warp
usage, as suggested by compiler.
Signed-off-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
Message-id: 1368197985-44608-1-git-send-email-i.mitsyanko@gmail.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This reverts commit 9953f8822c.
While Markus's analysis is entirely correct, there are 1.6 patches
that fix the bug for real and without requiring machine type hacks.
Let's think of the children who will have to read this code, and
avoid a complicated mess of semantics that differ between <1.5,
1.5, and >1.5.
Conflicts:
hw/i386/pc_piix.c
hw/i386/pc_q35.c
include/hw/i386/pc.h
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1368189483-7915-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Cast debugging can have a substantial cost (20% or more). Instead of adding
special-cased "fast casts" in the hot paths, we can just disable it in
releases. The tracing facilities we just added make it easier to analyze
those problems that cast debugging would reveal.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368188203-3407-7-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
For leaf classes, in many cases the callbacks will simply downcast
the object back to the original class. Add this fast path to
object_class_dynamic_cast, object_dynamic_cast will inherit it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1368188203-3407-4-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
In Windows guests this may make a difference.
Since the original patch (commit c689b4f1) sought to be pedantic and to
consider theoretical corner cases of portability, we should fix it up
where it failed to come through in that pursuit.
Suggested-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
# By Dong Xu Wang (2) and others
# Via Michael Tokarev
* mjt/trivial-patches-next:
osdep.h: include sys/types.h for ssize_t definition
remove double semicolons
clean unnecessary code: don't check g_strdup arg for NULL
docs: mention AddressSpaces in docs/memory.txt
audio: update documentation after removing --audio-card-list option
m25p80.c: Sync Flash chip list with Linux
bsd-user: OS-agnostic 64-bit SYSCTL types
Message-id: 518F61B9.9050803@msgid.tls.msk.ru
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
sys/types.h is taken out from "ifdef __OpenBSD__" guard. It should be
safe for other systems, according to following survey:
http://hacks.owlfolio.org/header-survey/
This fixes build for CONFIG_IOVEC-less systems (mingw).
Signed-off-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit 98af93fde2 removed the
--audio-card-list option in configure, and commit
8f3b664f6c always compiled in
the adlib, gus and cs4231a audio cards.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Add new devices for various manufacturers, and re-sort Spansion list to
match the order in Linux, which requires chips with a non-zero extended ID
to come first.
With this commit the outstanding differences to Linux rev 55bf75b are:
- Erase size flag differences in s25sl032p, s25sl064p, s25fl016k, s25fl064k
(These devices have only some blocks that support small erase sizes.)
- Linux lacks n25q128
- Devices without a Jedec ID have been excluded
Signed-off-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Use existence of type as #ifdef condition rather than FreeBSD-specific
version check, as suggested by Patrick Welche.
Also handle the signed (CTLTYPE_S64) case identically to the unsigned
(CTLTYPE_U64) case, per later patches in the FreeBSD ports tree
(emulators/qemu-devel/files/patch-z-arm-bsd-user-001).
Signed-off-by: Ed Maste <emaste@freebsd.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Fix EFLAGS corruption by ROR r8/r16 imm instruction located at the end
of the TB, similarly to commit 089305ac for the non-immediate case.
Reported-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
When setcond2 is rewritten into setcond, the state of the destination
temp should be reset, so that a copy of the previous value is not
used instead of the result.
Reported-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
With a SPICE_DISPLAY_CAP_MONITORS_CONFIG capable client, the client needs to
know what part of the primary to use for each monitor. If the guest driver
does not support this, the server sends messages to the client for a
single monitor spanning the entire primary.
As soon as the guest calls spice_qxl_monitors_config_async once, the server
sets the red_worker driver_has_monitors_config flag and stops doing this.
This is a problem when the driver gets unloaded, for example after a reboot
or when switching to a text vc with usermode mode-setting under Linux.
To reproduce this start a multi-mon capable Linux guest which uses
usermode mode-setting and then once X has started switch to a text vc. Note
how the client window does not only not resize, if you try to resize it
manually you always keep blackborders since the aspect is wrong.
This patch calls a new spice-server method called spice_qxl_driver_unload
which clears the driver_has_monitors_config flag inside the server, thereby
fixing this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
# By Kevin Wolf (7) and Fam Zheng (3)
# Via Kevin Wolf
* kwolf/for-anthony:
qemu-iotests: fix 017 018 for vmdk
qemu-iotests: exclude vmdk and qcow from 043
qemu-iotests: exclude vmdk for test 042
qtest/ide-test: Test short and long PRDTs
qtest/ide-test: Add simple DMA read/write test case
qtest: Add IDE test case
libqos/pci: Enable bus mastering
ide: Reset BMIDEA bit when the bus master is stopped
de_DE.po: Add missing leading spaces
ahci: Don't allow creating slave drives
Message-id: 1368023344-29731-1-git-send-email-kwolf@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
There are several several issues in the current checking:
- The check was based on the minus of unsigned values which can overflow
- It was done after .{set|get}_config() which can lead crash when config_len
is zero since vdev->config is NULL
Fix this by:
- Validate the address in virtio_pci_config_{read|write}() before
.{set|get}_config
- Use addition instead minus to do the validation
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Petr Matousek <pmatouse@redhat.com>
Message-id: 1367905369-10765-1-git-send-email-jasowang@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
mask notifiers are never called without msix,
so devices with backend masking like vhost don't work.
Call mask notifiers explicitly at
startup/cleanup to make it work.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The implementation for rldcl tried to always fetch its
parameters from the opcode, even though the opcode was
already passed in in decoded and different forms.
Use the parameters instead, fixing rldcl.
Reported-by: Torbjorn Granlund <tg@gmplib.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
When running an L=1 cmp instruction on a 64bit PPC CPU with SF off, it
still behaves identical to what it does when SF is on. Remove the implicit
difference in the code.
Also, on most 32bit CPUs we should always treat the compare as 32bit
compare, as the CPU will ignore the L bit. This is not true for e500mc,
but that's up for a different patch.
Reported-by: Torbjorn Granlund <tg@gmplib.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
Corner case for INSV instruction when size=32 has not been correctly
implemented. The mask for size should be one bit wider, and preparing the
filter variable should be aware of this case too.
The test for INSV has been extended to include the case that triggers the
bug.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The emulator needs to check in hflags if DSP unit has been turned off before
it generates code for MUL_PH, MUL_S_PH, MULQ_S_W, and MULQ_RS_W.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
017 and 018 use /bin/mv to move base img from t.IMGFMG to t.IMGFMT.base
after filling data, this is not enough for vmdk, when t.IMGFMT is only a
description text file who points to t-{flat,s001,f001,...}.IMGFMT as
data extent, so testing such subformats alway fails on them.
This patch use the trick of temprorily changing TEST_IMG to avoid using
/bin/mv.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
043 tests recursive backing file by changing backing file. VMDK has not
implemented this yet, and qcow1 probably never will.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Zero sized disk is not supported by qemu vmdk driver, exclude vmdk from
the test script.
As tested on vmware-vdiskmanager and vmware workstation, zero sized disk
is not supported by vmware, either.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This tests the behaviour of the DMA engine when the given PRDT contains
physical region descriptors for either more or less bytes than the
IDE request is for.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This adds a simple IDE test case and starts by verifying that IDENTIFY
can be successfully used and return the correct serial number, version
and the WCE flag is set for cache=writeback.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The device is supposed to reset the Bus Master IDE Active bit in the
status register when 0 is written to the Start/Stop Bus Master bit in
the command register.
In the common cases this happens automatically because bdrv_drain_all()
flushes the requests, but with a large PRDT it could remain set.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
An IDE bus provided by AHCI can only take a single IDE drive. If you add
a drive as slave, qemu used to accept the command line but the device
wouldn't be actually usable. Catch the situation instead and error out.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
# By Gerd Hoffmann (3) and Hans de Goede (1)
# Via Gerd Hoffmann
* kraxel/usb.82:
xhci: handle USB_RET_BABBLE
uhci: Use an intermediate buffer for usb packet data
usb-host: add usb_host_full_speed_compat
usb-host: live migration support for the libusb version
Message-id: 1367920207-1404-1-git-send-email-kraxel@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The qemu guest agent creates a bunch of files with insecure permissions
when started in daemon mode. For example:
-rw-rw-rw- 1 root root /var/log/qemu-ga.log
-rw-rw-rw- 1 root root /var/run/qga.state
-rw-rw-rw- 1 root root /var/log/qga-fsfreeze-hook.log
In addition, at least all files created with the "guest-file-open" QMP
command, and all files created with shell output redirection (or
otherwise) by utilities invoked by the fsfreeze hook script are affected.
For now mask all file mode bits for "group" and "others" in
become_daemon().
Temporarily, for compatibility reasons, stick with the 0666 file-mode in
case of files newly created by the "guest-file-open" QMP call. Do so
without changing the umask temporarily.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Commit 32993698 (vhost: disable on tap link down) tries to disable the vhost
also when the peer's link is down. But the check was not done properly, the
vhost were only started when:
1) peer's link is not down
2) virtio-net has already been started.
Since == have a higher precedence than &&, place a brace to make sure both the
conditions were met then does the check. This fixes the crash when doing a savem
after set the link off which let qemu crash and complains:
virtio_net_save: Assertion `!n->vhost_started' failed.
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-id: 1366972060-21606-1-git-send-email-jasowang@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Eduardo Habkost (6) and others
# Via Andreas Färber
* afaerber/qom-cpu:
target-i386: n270 can MOVBE
target-i386: Introduce generic CPUID feature compat function
target-i386: Change CPUID model of 486 to 8
target-i386: Emulate X86CPU subclasses for global properties
qdev: Introduce qdev_prop_set_globals_for_type()
qdev: Let qdev_prop_parse() pass through Error
target-i386: Add "filtered-features" property to X86CPU
target-i386: Introduce X86CPU::filtered_features field
target-i386: Add "feature-words" property to X86CPU
target-i386: Use FeatureWord loop on filter_features_for_kvm()
target-i386: Add ECX information to FeatureWordInfo
Due to various unfortunate reasons we cannot reliable detect a guest
cancelling a packet as soon as it happens, instead we detect cancels
with some delay.
When packets are handled async, and we directly pass the guest memory for
the packet to the usb-device as iovec, this means that the usb-device can
write to guest-memory which the guest has already re-used for other purposes
-> not good!
This patch fixes this by adding an intermediate buffer and writing back not
only the result, but also the data, of async completed packets when scanning
the schedule.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Alloes to pass through usb2 devices on usb1 host controllers if possible.
Brings the libusb implementation to feature-parity with the linux usbfs
code, so the usb-host implementation in 1.5 (libusb) doesn't regress
compared to 1.4 (usbfs).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The Atom core (cpu name "n270" in QEMU speak) supports MOVBE. This is
needed when booting 3.8 and later linux kernels built with the MATOM
target because we require MOVBE in order to boot properly now.
Signed-off-by: Borislav Petkov <bp@suse.de>
[ehabkost: added compat code to disable MOVBE on pc-*-1.4 and older]
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Introduce x86_cpu_compat_set_features(), that can be used to set/unset
feature bits on specific CPU models for machine-type compatibility.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
* 's390-for-upstream' of git://github.com/agraf/qemu:
s390: update s390-ccw.img
S390: BIOS boot from given device
S390: Add virtio-blk boot
S390: Merging s390_ipl_cpu and s390_ipl_reset
S390: BIOS create link to src folder for .img file
S390: BIOS check for file
This changes the model number of 486 to 8 (DX4) which matches the
feature set presented, and actually has the CPUID instruction.
This adds a compatibility property, to keep model=0 on pc-*-1.4 and older.
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
[AF: Add compat_props entry]
Tested-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
After initializing the object from its x86_def_t and before setting any
additional -cpu arguments, set any global properties for the designated
subclass <name>-{i386,x86_64}-cpu.
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reuse it in qdev_prop_set_globals().
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
[AF: Renamed from qdev_prop_set_custom_globals()]
Signed-off-by: Andreas Färber <afaerber@suse.de>
This field will contain the feature bits that were filtered out because
of missing host support.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This property will be useful for libvirt, as libvirt already has logic
based on low-level feature bits (not feature names), so it will be
really easy to convert the current libvirt logic to something using the
"feature-words" property.
The property will have two main use cases:
- Checking host capabilities, by checking the features of the "host"
CPU model
- Checking which features are enabled on each CPU model
Example output:
$ ./QMP/qmp --path=/tmp/m \
qom-get --path=/machine/icc-bridge/icc/child[0] \
--property=feature-words
item[0].cpuid-register: EDX
item[0].cpuid-input-eax: 2147483658
item[0].features: 0
item[1].cpuid-register: EAX
item[1].cpuid-input-eax: 1073741825
item[1].features: 0
item[2].cpuid-register: EDX
item[2].cpuid-input-eax: 3221225473
item[2].features: 0
item[3].cpuid-register: ECX
item[3].cpuid-input-eax: 2147483649
item[3].features: 101
item[4].cpuid-register: EDX
item[4].cpuid-input-eax: 2147483649
item[4].features: 563346425
item[5].cpuid-register: EBX
item[5].cpuid-input-eax: 7
item[5].features: 0
item[5].cpuid-input-ecx: 0
item[6].cpuid-register: ECX
item[6].cpuid-input-eax: 1
item[6].features: 2155880449
item[7].cpuid-register: EDX
item[7].cpuid-input-eax: 1
item[7].features: 126614521
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Instead of open-coding the filtering code for each feature word, change
the existing code to use the feature_word_info array, that has exactly
the same CPUID eax/ecx/register values for each feature word.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
FEAT_7_0_EBX uses ECX as input, so we have to take that into account
when reporting feature word values.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Use the passed device, if there is no device, use the first applicable device.
Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
If no kernel IPL entry is specified, boot the bios and pass if available
device information for the first boot device (as given by the boot index).
The provided information will be used in the next commit from the BIOS.
Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
There is no use in have this splitted in two functions.
Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
For *.img files, there will be a link created directly to the src folder,
like for all other blobs.
Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Add a check if the BIOS blob exists before trying to load.
Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Normally, the "tap" device is polled by QEMU if a guest NIC can
receive packets. If a guest NIC is stopped during transfer (rmmod or
ifdown), it may still have packets in a queue which have to be send
to the guest before QEMU enables polling of a "tap" interface via
tap_update_fd_handler().
However the spapr_llan device was missing the qemu_flush_queued_packets()
call so the tap_send_completed() callback was never called and therefore
"tap" interface polling was not enabled ever.
The patch fixes this problem.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
We should sync params->ram_size after we fixup memory size on
a alignment boundary. Otherwise Guest would exceed the actual
memory region.
Signed-off-by: Tiejun Chen <tiejun.chen@windriver.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Recent Linux kernels save and restore the PPR across exceptions
so we need to handle it.
Signed-off-by: Anton Blanchard <anton@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Invalid and privileged SPR warnings currently print the wrong
address. While fixing that, also make it clear that we are
printing both the decimal and hexadecimal SPR number.
Before:
Trying to read invalid spr 896 380 at 0000000000000714
After:
Trying to read invalid spr 896 (0x380) at 0000000000000710
Signed-off-by: Anton Blanchard <anton@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
When running -cpu on a POWER7 system with PR KVM, we mask out the 1TB
MMU capability from the MMU type mask, but not the AMR bit.
This leads to us having a new MMU type that we don't check for in our
MMU management functions.
Add the new type, so that we don't have to worry about breakage there.
We're not going to use the TCG MMU management in that case anyway.
The long term fix for this will be to move all these MMU management
functions to class callbacks.
Signed-off-by: Alexander Graf <agraf@suse.de>
Minor SLOF fixes which are required for libvirtd to function properly:
* vio-vscsi: vscsi-report-luns can return 0
* vio-vscsi: added a proper lun parser
* SLOF: vio-vscsi: fixed bug with reported luns
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
ePAPR defines the initial values of cpu registers.
This patch initialize the GPRs as per ePAPR specification.
This resolves the issue of guest reboot/reset (guest hang on reboot).
Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com>
[agraf: add whitespace line]
Signed-off-by: Alexander Graf <agraf@suse.de>
Due to a brain outage, this message says "out-of-boards" instead of
"out-of-bounds".
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
PAPR defines LIOBNs (Logical IO Bus Numbers) to be 32-bit, and we check for
values that aren't in the code for H_PUT_TCE. This patch factors the check
into spapr_tce_find_by_liobn(), which already checks if a 32-bit LIOBN
actually exists. This will become more important as future patches add
other hypercalls which need to look up a LIOBN.
At the same time we fix the typo in the message.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
The "libtool" binary on MacOSX is not GNU libtool, and doesn't support
anything like the same set of command line options. Test whether we
have accidentally picked this up (by looking for whether it handles
the GNU --version switch), and discard it if so. The fallback machinery
for the "we don't have a libtool" case will work fine. This fixes a
failure in "make install" on MacOSX.
Reported-by: Peter Cheung <mcheung63@hotmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1367701071-6630-1-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Andreas Färber (1) and others
# Via Andreas Färber
* afaerber-or/prep-up:
prep: Make System I/O port 0092 read/write
prep: Add ELF support for -bios
prep: Fix NIP reset value
Port 0x0092 is documented as read/write, so for now return the
endianness state instead of hardcoded 0x00.
Signed-off-by: Julio Guerra <guerr@julio.in>
[AF: Extracted from larger port 0092 patch]
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
This prepares for switching from OpenHack'Ware to OpenBIOS.
While touching the error handling code, switch from aborting hw_error()
to fprintf()+exit() and suppress failing without -bios for qtest.
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
The value was changed by commit 09d9828ace
"PPC: fix hreset_vector for 60x, ...".
Change it back for prep machine to unbreak OpenHack'Ware.
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
kvm_vcpu_ioctl() returns -ETHING on error, not ETHING -- correct
an incorrect check in kvm_arch_init_vcpu(). This would not have
had any significant ill-effects -- we would just have propagated
the less useful ENOENT up to the caller rather than the more
accurate EINVAL in the unlikely case that the kernel didn't
have VFP-D32 support.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Since commit 2f7bd829db "qdev: Fix device_add bus assumptions"
it's possible to device_add bus-less device, but if such device is
unplugged it will dereference NULL parent_bus in qdev_unplug().
Fix it by taking in account that parent_bus might be NULL and
skipping bus check.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 1367587536-14964-1-git-send-email-imammedo@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Added TLS support to the VNC QEMU Websockets implementation.
VNC-TLS needs to be enabled for this feature to be used.
The required certificates are specified as in case of VNC-TLS
with the VNC parameter "x509=<path>".
If the server certificate isn't signed by a rooth authority it needs to
be manually imported in the browser because at least in case of Firefox
and Chrome there is no user dialog, the connection just gets canceled.
As a side note VEncrypt over Websocket doesn't work atm because TLS can't
be stacked in the current implementation. (It also didn't work before)
Nevertheless to my knowledge there is no HTML 5 VNC client which supports
it and the Websocket connection can be encrypted with regular TLS now so
it should be fine for most use cases.
Signed-off-by: Tim Hardeck <thardeck@suse.de>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1366727581-5772-1-git-send-email-thardeck@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
While commit c02817e5bf fixed compilation
without an installed libtool, moving the dependencies to rules.mak does
not work because the version-*-y variables are not defined yet. Building
in a clean tree thus fails.
Revert the commit and remove the dummy /bin/false assignment to LIBTOOL.
This makes the build work, at the price of slightly worse errors when
there are Makefile bugs.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1367425815-15083-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Fam Zheng (8) and others
# Via Stefan Hajnoczi
* stefanha/block:
qemu-iotests: Filter out 'adapter_type'
nbd: support large NBD requests
nbd: use g_slice_new() instead of a freelist
qemu-iotests: Filter out vmdk creation options
vmdk: add bdrv_co_write_zeroes
vmdk: store fields of VmdkMetaData in cpu endian
vmdk: change magic number to macro
vmdk: Add option to create zeroed-grain image
vmdk: add support for “zeroed‐grain” GTE
vmdk: named return code.
blockdev: Replace "undefined error" in qmp_block_resize
block: add read-only support to VHDX image format.
block: initial VHDX driver support framework - supports open and probe
block: vhdx header for the QEMU support of VHDX images
qemu: add castagnoli crc32c checksum algorithm
This patch adds a ftrace tracing backend which sends trace event to
ftrace marker file. You can effectively compare qemu trace data and
kernel(especially, kvm.ko when using KVM) trace data.
The ftrace backend is restricted to Linux only.
To try out the ftrace backend:
$ ./configure --trace-backend=ftrace
$ make
if you use KVM, enable kvm events in ftrace:
# sudo echo 1 > /sys/kernel/debug/tracing/events/kvm/enable
After running qemu by root user, you can get the trace:
# cat /sys/kernel/debug/tracing/trace
Signed-off-by: Eiichi Tsukata <eiichi.tsukata.xh@hitachi.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This patch enable us to know exit reason of KVM_RUN. It will help us
know where the trouble is caused.
Signed-off-by: Kazuya Saito <saito.kazuya@jp.fujitsu.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This patch adds tracepoints at ioctl to kvm. Tracing these ioctl is
useful for clarification whether the cause of troubles is qemu or kvm.
Signed-off-by: Kazuya Saito <saito.kazuya@jp.fujitsu.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Only tap->vhostfd were checked net_init_tap_one(), but tap->vhostfds were
forgot, this will lead qemu to ignore all fds passed by management through
vhostfds, and tries to create vhost_net device itself. Fix by adding this check
also.
Reportyed-by: Michal Privoznik <mprivozn@redhat.com>
Cc: Michal Privoznik <mprivozn@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
assign_name() creates a name MODEL.NUM, where MODEL is the client's model,
and NUM is the number of MODELs that already exist.
Markus added NIC naming for non-VLAN clients in commit 53e51d85.
commit d33d93b2 incorrectly added a judgement of net-hub. It caused
net clients created with -netdev get same names.
eg:
# qemu-upstream -device virtio-net-pci,netdev=h1 -netdev tap,id=h1 \
-device virtio-net-pci,netdev=h2 -netdev tap,id=h2 ..
(qemu) info network
virtio-net-pci.0: index=0,type=nic,model=virtio-net-pci,macaddr=52:54:00:12:34:56
\ h1: index=0,type=tap,ifname=tap0,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown
virtio-net-pci.0: index=0,type=nic,model=virtio-net-pci,macaddr=52:54:00:12:34:57
\ h2: index=0,type=tap,ifname=tap1,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown
This patch removed the check of nic-hub, and created unique names for
all net clients that have same model.
v2: update commitlog & comments
Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Filter out vmdk creation option 'adapter_type' for vmdk. So that tests
with an explicit './check -o adapter_type=XXX' will not fail.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The Linux nbd driver recently increased the maximum supported request
size up to 32 MB:
commit 078be02b80359a541928c899c2631f39628f56df
Author: Michal Belczyk <belczyk@bsd.krakow.pl>
Date: Tue Apr 30 15:28:28 2013 -0700
nbd: increase default and max request sizes
Raise the default max request size for nbd to 128KB (from 127KB) to get it
4KB aligned. This patch also allows the max request size to be increased
(via /sys/block/nbd<x>/queue/max_sectors_kb) to 32MB.
QEMU's 1 MB buffers are too small to handle these requests.
This patch allocates data buffers dynamically and allows up to 32 MB per
request.
Reported-by: Nick Thomas <nick@bytemark.co.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Use GLib's efficient slice allocator instead of open-coding the request
freelist. This patch simplifies the NBDRequest code.
Now we qemu_blockalign() the req->data buffer each time but the next
patch switches from a fixed size buffer to a dynamic size anyway.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Avoid the mini constant pool for armv7, and avoid replicating
the test for pre-v7.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Found by inspection, since the effect of the bug was simply to
send all memory ops through the slow path.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This change corrects and simplifies how discard is calculated for shift
left logical vector instructions. It is used to detect overflow and set bit
22 in the DSPControl register.
The existing tests (shll_ph.c, shll_qb.c) are extended with the corner cases
that expose incorrectness in the previous implementation.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Cover new image creation options for vmdk, so we can use '-o
zeroed_grain=XXX' and '-o subformat=XXX' to run the tests successfully.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Use special offset to write zeroes efficiently, when zeroed-grain GTE is
available. If zero-write an allocated cluster, cluster is leaked because
its offset pointer is overwritten by "0x1".
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Previously VmdkMetaData.offset is stored little endian while other
fields are cpu endian. This changes offset to cpu endian and convert
before writing to image.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Add image create option "zeroed-grain" to enable zeroed-grain GTE
feature of vmdk sparse extents. When this option is on, header version
of newly created extent will be 2 and VMDK4_FLAG_ZERO_GRAIN flag bit
will be set.
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Introduced support for zeroed-grain GTE, as specified in Virtual Disk
Format 5.0[1].
Recent VMware hosted platform products support a new “zeroed‐grain”
grain table entry (GTE). The zeroed‐grain GTE returns all zeros on
read. In other words, the zeroed‐grain GTE indicates that a grain
in the child disk is zero‐filled but does not actually occupy space
in storage. A sparse extent with zeroed‐grain GTE has the following
in its header:
* SparseExtentHeader.version = 2
* SparseExtentHeader.flags has bit 2 set
Other than the new flag and the possibly zeroed‐grain GTE, version 2
sparse extents are identical to version 1. Also, a zeroed‐grain GTE
has value 0x1 in the GT table.
[1] Virtual Disk Format 5.0, http://www.vmware.com/support/developer/vddk/vmdk_50_technote.pdf?src=vmdk
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Internal routines in vmdk.c previously return -1 on error and 0 on
success. More return values are useful for future changes such as
zeroed-grain GTE. Change all the magic `return 0` and `return -1` to
macro names:
* VMDK_OK 0
* VMDK_ERROR (-1)
* VMDK_UNALLOC (-2)
* VMDK_ZEROED (-3)
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
We have an errno value that can be displayed, so we should just do that.
An easy way to reproduce this case is to resize a raw image to a size
that is too large for the host file system.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This adds in read-only support to the VHDX image format. This supports
reads for fixed-size, and dynamic sized VHDX images.
Differencing files are still unsupported.
The image must be opened without BDRV_O_RDWR set, because we do not
yet update the headers. I.e., pass 'readonly=on' in the drive image
options from the QEMU commandline.
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This is the initial block driver framework for VHDX image support
(i.e. Hyper-V image file formats), that supports opening VHDX files, and
parsing the headers.
This commit does not yet enable:
- reading
- writing
- updating the header
- differencing files (images with parents)
- log replay / dirty logs (only clean images)
This is based on Microsoft's VHDX specification:
"VHDX Format Specification v0.95", published 4/12/2012
https://www.microsoft.com/en-us/download/details.aspx?id=29681
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This adds the Castagnoli CRC32C algorithm, using the 0x11EDC6F41
polynomial.
This is extracted from the linux kernel cryptographic crc32.c module.
The algorithm is based on:
Castagnoli93: Guy Castagnoli and Stefan Braeuer and Martin Herrman
"Optimization of Cyclic Redundancy-Check Codes with 24
and 32 Parity Bits", IEEE Transactions on Communication,
Volume 41, Number 6, June 1993
Signed-off-by: Jeff Cody <jcody@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
# By Igor Mammedov (21) and others
# Via Andreas Färber
* afaerber/qom-cpu: (29 commits)
Drop redundant resume_all_vcpus() from main()
cpus: Fix pausing TCG CPUs while in vCPU thread
target-i386: Replace cpuid_*features fields with a feature word array
target-i386: Break CPUID feature definition lines
target-i386/kvm.c: Code formatting changes
target-i386: Group together level, xlevel, xlevel2 fields
pc: Implement QEMUMachine::hot_add_cpu hook
QMP: Add cpu-add command
Add hot_add_cpu hook to QEMUMachine
target-i386: Move APIC to ICC bus
target-i386: Attach ICC bus to CPU on its creation
target-i386: Introduce ICC bus/device/bridge
cpu: Move cpu_write_elfXX_note() functions to CPUState
kvmvapic: Make dependency on sysbus.h explicit
target-i386: Replace MSI_SPACE_SIZE with APIC_SPACE_SIZE
target-i386: Do not allow to set apic-id once CPU is realized
target-i386: Introduce apic-id CPU property
target-i386: Introduce feat2prop() for CPU properties
acpi_piix4: Add infrastructure to send CPU hot-plug GPE to guest
cpu: Add helper cpu_exists(), to check if CPU with specified id exists
...
# By Andreas Färber (1) and others
# Via Michael Tokarev
* mjt/trivial-patches:
pvscsi: fix compilation on 32 bit hosts
Trivial grammar and spelling fixes
configure: Pick up libseccomp include path
VCPUs are either resumed directly via vm_start(), after the incoming
migration is done, or when a continue command is issued. We don't need
the explicit resume before entering main_loop().
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Due to a preceding while loop, no CPU would've been put into stopped
state. Reinitialize the variable.
This fixes commit d798e97456 (Allow to use
pause_all_vcpus from VCPU context) for non-KVM case.
While at it, change a 0 to false, amending commit
4fdeee7cd4 (cpu: Move stop field to
CPUState).
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This replaces the feature-bit fields on both X86CPU and x86_def_t
structs with an array.
With this, we will be able to simplify code that simply does the same
operation on all feature words (e.g. kvm_check_features_against_host(),
filter_features_for_kvm(), add_flagname_to_bitmaps(), CPU feature-bit
property lookup/registration, and the proposed "feature-words" property)
The following field replacements were made on X86CPU and x86_def_t:
(cpuid_)features -> features[FEAT_1_EDX]
(cpuid_)ext_features -> features[FEAT_1_ECX]
(cpuid_)ext2_features -> features[FEAT_8000_0001_EDX]
(cpuid_)ext3_features -> features[FEAT_8000_0001_ECX]
(cpuid_)ext4_features -> features[FEAT_C000_0001_EDX]
(cpuid_)kvm_features -> features[FEAT_KVM]
(cpuid_)svm_features -> features[FEAT_SVM]
(cpuid_)7_0_ebx_features -> features[FEAT_7_0_EBX]
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Break lines on kvm_check_features_against_host(), kvm_cpu_fill_host(),
and builtin_x86_defs, so they don't get too long once the *_features
fields are replaced by an array.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Add appropriate spaces around operators, and break line where it needs
to be broken to allow feature-words array to be introduced without
having too-long lines.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This fixes the following error:
In file included from qemu/include/trace.h:4:0,
from trace/generated-events.c:3:
./trace/generated-tracers.h: In function ‘trace_pvscsi_get_sg_list’:
./trace/generated-tracers.h:4271:9: error: format ‘%lu’ expects argument of
type ‘long unsigned int’, but argument 4 has type ‘size_t’ [-Werror=format]
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
similiar -> similar
recieve -> receive
transfered -> transferred
preperation -> preparation
Most changes are in comments, one modifies a parameter name in a function
prototype.
The spelling fixes were made using codespell.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
openSUSE 12.3 has seccomp.h in /usr/include/libseccomp-1.0.1,
so add `pkg-config --cflags libseccomp` output to QEMU_CFLAGS.
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Adds "cpu-add id=xxx" QMP command.
cpu-add's "id" argument is a CPU number in a range [0..max-cpus)
Example QMP command:
-> { "execute": "cpu-add", "arguments": { "id": 2 } }
<- { "return": {} }
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Hook should be set by machines that implement CPU hot-add
via cpu-add QMP command.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
It allows APIC to be hotplugged.
* map APIC's mmio at board level if it is present
* do not register mmio region for each APIC, since
only one is used/mapped
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
X86CPU should have parent bus so it could provide bus for child APIC.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Provides a hotpluggable bus for APIC and CPU.
* icc-bridge will serve as a parent for icc-bus and provide
mmio mapping services to child icc-devices.
* icc-device will replace SysBusDevice as a parent of APIC
and IOAPIC devices.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Allows kvmvapic to compile if sysbus.h is removed from apic_internal.h,
from which it is indirectly included.
sysbus.h will be removed from apic_internal.h after converting
APICs to ICCDevice.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Put APIC_SPACE_SIZE in a public header so that it can be
reused elsewhere later.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The property is used from board level to set APIC ID for CPUs it
creates. Do so in a new pc_new_cpu() helper, to be reused for hot-plug.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This helper replaces '_' with '-' in a uniform way.
As a side effect, even custom mappings must use '-' now.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
[AF: Split off; operate on NUL-terminated string rather than '=' delimiter]
Signed-off-by: Andreas Färber <afaerber@suse.de>
* introduce processor status bitmask visible to guest at 0xaf00 addr,
where ACPI asl code expects it
* set bit corresponding to APIC ID in processor status bitmask on
receiving CPU hot-plug notification
* trigger CPU hot-plug SCI, to notify guest about CPU hot-plug event
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Replaces an open-coded loop and hides unused CPUArchState.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Wrapper to avoid open-coded loops and to make CPUState iteration
independent of CPUArchState.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
get_arch_id() adds possibility for generic code to get a guest-visible
CPU ID without accessing CPUArchState.
If derived classes don't override it, it will return cpu_index.
Override it on target-i386 in X86CPU to return the APIC ID.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: liguang <lig.fnst@cn.fujitsu.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
It provides updated currently available CPUs count to BIOS on reboot.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Hot-add CPU event will be distributed to acpi_piix4 and rtc_cmos.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Also add a stub for it, to make possible to use it in qom/cpu.c,
which is shared with user emulators.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
It will provide stubs for *-user targets once softmmu-specific calls
are attempted from common CPU code.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Commit 14f9b664 (hw/virtio-net.c: set config size using host features) tries to
calculate config size based on the host features. But it forgets the
VIRTIO_NET_F_MAC were always set for qemu later. This will lead a zero config
len for virtio-net device when both VIRTIO_NET_F_STATUS and VIRTIO_NET_F_MQ were
disabled form command line. Then qemu will crash when user tries to read the
config of virtio-net.
Fix this by counting VIRTIO_NET_F_MAC and make sure the config at least contains
the mac address.
Cc: Jesse Larrew <jlarrew@linux.vnet.ibm.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1366874814-2658-1-git-send-email-jasowang@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
On s390 the disabled wait state indicates a state of attention.
For example Linux uses that state after a panic. Lets
put the system into panicked state.
An alternative implementation would be to state
disabled-wait <address> instead of pause in the action field.
(e.g. z/OS, z/VM and other classic OSes use the address of the
disabled wait to indicate an error code).
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-id: 6cf41156322e27e81a727b69f03728dbc225d5bb.1366945969.git.hutao@cn.fujitsu.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
pvpanic device is used to send guest panic event from guest to qemu.
When guest panic happens, pvpanic device driver will write a event
number to IO port 0x505(which is the IO port occupied by pvpanic device,
by default). On receiving the event, pvpanic device will pause guest
cpu(s), and send a qmp event QEVENT_GUEST_PANICKED.
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: b66077a40235b3531632a05a6ff373850afc7d2e.1366945969.git.hutao@cn.fujitsu.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The following error occurs when building dtc module:
CHK version_gen.h
CC libfdt/fdt.o
cc1: error: dtc: No such file or directory [-Werror]
cc1: all warnings being treated as errors
make[1]: *** [libfdt/fdt.o] Error 1
make: *** [subdir-dtc] Error 2
In rules.mak, "-I$(<D) -I$(@D)" was expanded to "-Idtc -I." when
building submodule dct. Due to the using of "-Wmissing-include-dirs,
a warning would be rarsed. To avoid it, add "-I$(<D) -I$(@D)" to
QEMU_INCLUDES instead of QEMU_CFLAGS so that QEMU_CFLAGS does not
contain the "-Idtc".
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: Blue Swirl <blauwirbel@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Dunrong Huang <riegamaths@gmail.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1367247132-19622-1-git-send-email-riegamaths@gmail.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When we try to cast an object to an unknown type, fail the cast. Today
we would simply run into an assert().
This fixes a bug on qemu-system-s390x for me that gets triggered by the
audio code looking for PCI and ISA buses.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1367326936-28539-1-git-send-email-agraf@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Multiqueue patchset conditionally add control vq only when guest negotiate the
feature. Though the spec is not clear on this but it breaks the minix guest
since it will identify the ctrl vq even if it does not support it. Though this
behavior seems a violation on the spec "If the VIRTIO_NET_F_CTRL_VQ feature bit
is negotiated, identify the control virtqueue.", to keep the backward
compatibility, always add the ctrl vq at end of the queues.
Reported-by: Aurelien Jarno <aurelien@aurel32.net>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-id: 1366874663-2566-1-git-send-email-jasowang@redhat.com
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Paolo Bonzini
# Via Paolo Bonzini
* bonzini/migration-writev:
win32: add readv/writev emulation
win32: generate console executable again
win32: move Makefile dependencies on version-obj-y to rules.mak
win32: add generic RC rules to rules.mak
Message-id: 1367230284-24612-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Commit e9d8fbf (qemu-file: do not use stdio for qemu_fdopen, 2013-03-27)
introduced a usage of writev, which mingw32 does not have. Even though
qemu_fdopen itself is not used on mingw32, the future-proof solution is
to add an implementation of it. This is simple and similar to how we
emulate sendmsg/recvmsg in util/iov.c.
Some files include osdep.h without qemu-common.h, so move the definition
of iovec to osdep.h too, and include osdep.h from qemu-common.h
unconditionally (protection against including files when NEED_CPU_H is
defined is not needed since the removal of AREG0).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Every PCI Slot in PBM has 4 directly mapped IRQ lines.
Use the IRQ routing schema 0bssnn (Bus, Slot, interrupt Number)
described in Section 19.3.3 of UltraSPARC™-IIi User's Manual.
Please note that this patch requires the OpenBIOS counterpart patch.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
- clear interrupts only on writing to the interrupt clear registers
- don't overwrite a currently active interrupt request
- use the correct addresses for the interrupt clear registers
(section 19.3.3.3 of the UltraSPARC™-IIi User’s Manual)
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
According to UltraSPARC™-IIi User’s Manual, PBM has 64 IRQ lines.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Move the slow path out of line, as the TODO's mention.
This allows the fast path to be unconditional, which can
speed up the fast path as well, depending on the core.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Work better with branch predition when we have movw+movt,
as the size of the code is the same. Perhaps re-evaluate
when we have a proper constant pool.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
The schedule was fully serial, with no possibility for dual issue.
The old schedule had a minimal issue of 7 cycles; the new schedule
has a minimal issue of 5 cycles.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Share code between qemu_ld and qemu_st to process the tlb.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Use even more primitive helper functions to avoid lots of duplicated code.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Make the code more readable by only having one copy of the magic
numbers, swapping registers as needed prior to that. Speed the
compiler by not applying the rd == rn avoidance for v6 or later.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
R12 is call clobbered, while R8 is call saved. This change
gives tcg one more call saved register for real data.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
We get to re-use the _rIN and _rIK subroutines to handle the various
combinations of add vs sub. Fold the << 21 into the opcode enum values
so that we can explicitly add TO_CPSR as desired.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
This greatly improves code generation for addition of small
negative constants.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
This greatly improves the code we can produce for deposit
without armv7 support.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
This makes it easier to verify changes to the code
generating the prologue.
[Aurelien: change the format from %i to %zu]
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
We were not allocating TCG_STATIC_CALL_ARGS_SIZE, so this meant that
any helper with more than 4 arguments would clobber the saved regs.
Realizing that we're supposed to have this memory pre-allocated means
we can clean up the tcg_out_arg functions, which were trying to do
more stack allocation.
Allocate stack memory for the TCG temporaries while we're at it.
Signed-off-by: Richard Henderson <rth@twiddle.net>
On 32-bit TCG targets, when emulating deposit_i64 with a mov_i32 +
deposit_i32, care should be taken to not overwrite the low part of
the second argument before the deposit when it is the same the
destination.
This fixes the shld instruction in qemu-system-x86_64, which in turns
fixes booting "system rescue CD version 2.8.0" on this target.
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
* 'ppc-for-upstream' of git://github.com/agraf/qemu: (30 commits)
target-ppc: add support for extended mtfsf/mtfsfi forms
target-ppc: emulate store doubleword pair instructions
target-ppc: emulate load doubleword pair instructions
target-ppc: emulate lfiwax instruction
target-ppc: emulate fcpsgn instruction
target-ppc: emulate prtyw and prtyd instructions
target-ppc: emulate cmpb instruction
target-ppc: add instruction flags for Book I 2.05
disas: Disassemble all ppc insns for the guest
target-ppc: optimize fabs, fnabs, fneg
PPC: Fix dcbz for linux-user on 970
powerpc: correctly handle fpu exceptions.
pseries: Generate device paths for VIO devices
pseries: Convert VIO code to QOM style type safe(ish) casts
target-ppc: Synchronize VPA state with KVM
pseries: Fix some small errors in XICS logic
target-ppc: Add more stubs for POWER7 PMU registers
pseries: Fixes and enhancements to L1 cache properties
pseries: Fix incorrect calculation of RMA size in certain configurations
PPC: Fix compile with profiling enabled
...
The -mwindows option is not anymore in LIBS at this point of the Makefile,
it is only in libs_softmmu. Check the right variable.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This makes the test on $(LIBTOOL) work. Otherwise, LIBTOOL
is /bin/false by the time the test is done.
Fixes Win32 compilation without a working cross-libtool.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Power ISA 2.05 adds support for extended mtfsf/mtfsfi form, with a new
W field to select the upper part of the FPCSR register.
For that the helper is changed to handle 64-bit input values and mask with
up to 16 bits. The mtfsf/mtfsfi instructions do not have the W bit
marked as invalid anymore. Instead this is checked in the helper, which
therefore needs to access to the insns/insns_flags2. They are added in
the DisasContext struct. Finally change all accesses to the opcode fields
through extract helpers, prefixed with FP for consistency.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
Needed for Power ISA version 2.05 compliance. The check for odd register
pairs is done using the invalid bits.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
Needed for Power ISA version 2.05 compliance. The check for odd register
pairs is done using the invalid bits.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
Needed for Power ISA version 2.05 compliance.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
[agraf: fix tcg debug error]
Signed-off-by: Alexander Graf <agraf@suse.de>
Needed for Power ISA version 2.05 compliance.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
Needed for Power ISA version 2.05 compliance.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
[agraf: fix 32-bit host compile, simplify code]
Signed-off-by: Alexander Graf <agraf@suse.de>
Needed for Power ISA version 2.05 compliance.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
fabs, fnabs and fneg are just flipping the bit sign of an FP register,
this can be implemented in TCG instead of using softfloat.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
The default with linux-user for dcbz on 970 is to emulate 32 byte clears.
However, redoing the dcbzl support we added a check to not honor the bit
in HID5 that sets this.
Remove the #ifdef check on linux user, so that we get 32 byte clears again.
Reported-by: Riku Voipio <riku.voipio@iki.fi>
Signed-off-by: Alexander Graf <agraf@suse.de>
Raise the exception on the first occurence, do not wait for the next
floating point operation.
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch implements a get_dev_path qdev hook for the pseries paravirtual
VIO bus. With upcoming savevm support, this will become very important for
scsi disks hanging of VIO virtual SCSI adapters. scsibus_get_dev_path
uses the get_dev_path of the parent adapter if available, but otherwise
just uses a local channel/target/lun number to identify the device. So if
two disks are present in the system having the same target and lun on
seperate VIO scsi adapters, savevm cannot distinguish them. Since the
conventional way of using VSCSI adapters is to have just one disk per
adapter, such a conflict is very likely.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Curerntly the pseries VIO device code contains quite a few explicit
uses of DO_UPCAST and plain C casts. This is (obviously) type unsafe,
and not the conventional way of doing things in the QOM model. This
patch converts the code to use the QOM convention of per-type macros
to do verified casts with OBJECT_CHECK().
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
For PAPR guests, KVM tracks the various areas registered with the
H_REGISTER_VPA hypercall. For full emulation, of course, these are tracked
within qemu. At present these values are not synchronized. This is a
problem for reset (qemu's reset of the VPA address is not pushed to KVM)
and will also be a problem for savevm / migration.
The kernel now supports accessing the VPA state via the ONE_REG interface,
this patch adds code to qemu to use that interface to keep the qemu and
KVM ideas of the VPA state synchronized.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Under certain circumstances the emulation for the pseries "XICS" interrupt
controller was clearing a pending interrupt from the XISR register, without
also clearing the corresponding priority variable. This will cause
problems later when can trigger sanity checks in the under-development
in-kernel XICS implementation.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
In addition to the performance monitor registers found on nearly all
6xx chips, the POWER7 has two additional counters (PMC5 & PMC6) and an
extra control register (MMCRA). This patch adds stub support for them to
qemu - the registers won't do anything, but with this change won't cause
illegal instruction traps accessing them. They're also registered with
their ONE_REG ids, so their value will be kept in sync with KVM where
appropriate.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
PAPR requires that the device tree's CPU nodes have several properties
with information about the L1 cache. We already create two of these
properties, but with incorrect names - "[id]cache-block-size" instead
of "[id]-cache-block-size" (note the extra hyphen).
We were also missing some of the required cache properties. This
patch adds the [id]-cache-line-size properties (which have the same
values as the block size properties in all current cases). We also
add the [id]-cache-size properties.
Adding the cache sizes requires some extra infrastructure in the
general target-ppc code to (optionally) set the cache sizes for
various CPUs. The CPU family descriptions in translate_init.c can set
these sizes - this patch adds correct information for POWER7, I'm
leaving other CPU types to people who have a physical example to
verify against. In addition, for -cpu host we take the values
advertised by the host (if available) and use those to override the
information based on PVR.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
For the pseries machine, we need to advertise to the guest the size of its
RMA - that is the amount of memory it can access with the MMU off. For HV
KVM, this is constrained by the hardware limitations on the virtual RMA of
one hash PTE per PTE group in the hash page table. We already had code to
calculate this, but it was assuming the VRMA page size was the same as the
(host) backing page size for guest RAM.
In the case of a host kernel configured for 64k base page size, but running
on hardware (or firmware) which only allows 4k pages, the hose will do all
its allocations with a 64k page size, but still use 4k hardware pages for
actual mappings. Usually that's transparent to things running under the
host, but in the case of the maximum VRMA size it's not.
This patch refines the RMA size calculation to instead use the largest
available hardware page size (as reported by the SMMU_INFO call) which is
less than or equal to the backing page size. This now gives the correct
RMA size in all cases I've tested.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
When using profiling, we rely on profile_getclock() being available
at our disposal. Somehow that function got moved from an indirect
include we used to have in translate-init.c, so that we were now
left not properly compiling anymore.
Add an explicit include to timer.h which defines profile_getclock,
so that we can compile again.
Signed-off-by: Alexander Graf <agraf@suse.de>
On -M mac99, we can run 970 CPUs. However, these CPUs define the initial
instruction pointer they start execution at as part of their bootup protocol,
so effectively it's up to the board to decide where they start.
This went unnoticed, because they used to boot at the same location our flash
was mapped to, but due to the recent reset changes our 970 CPUs want to reset
to 0x100 now, which is always a 0 instruction.
Set the initial IP to something reasonable for -M mac99.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Fabien Chouteau <chouteau@adacore.com>
Enable the KVM emulated watchdog if KVM supports (use the
capability enablement in watchdog handler). Also watchdog exit
(KVM_EXIT_WATCHDOG) handling is added.
Watchdog state machine is cleared whenever VM state changes to running.
This is to handle the cases like return from debug halt etc.
Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com>
[agraf: rebase to current code base, fix non-kvm cases]
Signed-off-by: Alexander Graf <agraf@suse.de>
Broken in b5a73f8d8a, the carry itself was
fixed in 79482e5ab3. But we still need to
produce the full 64-bit addition.
Simplify the conditions at the top of the functions for when we need a
new temporary. Only plain addition is important enough to warrent avoiding
the temporary, and the extra tcg move op that would come with it.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Tested-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
According to the different user's manuals, the vector offset for system
reset (both /HRESET and /SRESET) is 0x00100.
This patch may break support of some executables, as the power-on start
address may change. For a specific board, if the power-on start address
is different than HRESET vector (i.e. 0x00000100 or 0xfff00100), this
should be fixed in board's initialization code.
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
The overflow computation of nego and subf*o instructions has been broken
in commit ffe30937. Contrary to other targets, the instruction is subtract
from an not subtract on PowerPC.
This patch fixes the issue by using the correct argument in the xor
computation. Thanks to Peter Maydell for the hint.
With this change the PPC emulation passes the Gwenole Beauchesne
testsuite again.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
This value is not needed if we use correctly the MSR[IP] bit.
excp_prefix is always 0x00000000, except when the MSR[IP] bit is
implemented and set to 1, in that case excp_prefix is 0xfff00000.
The handling of MSR[IP] was already implemented but not used at reset
because the value of env->msr was changed "manually".
The patch uses the function hreg_store_msr() to set env->msr, this
ensures a good handling of MSR[IP] at reset, and therefore a good value
for excp_prefix.
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Older KVM versions don't support EPR which breaks guests when we announce
MPIC variants that support EPR.
Catch that case and expose only MPIC version 2.0 which tells the guest that
we don't support the EPR capability yet.
Signed-off-by: Stuart Yoder <stuart.yoder@freescale.com>
[agraf: Add comment, route cap check through kvm_ppc.c]
Signed-off-by: Alexander Graf <agraf@suse.de>
ISEL is a Power ISA 2.06 instruction and thus is available on POWER7.
Given this is trapped and emulated by the Linux kernel, I guess it went
unnoticed.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
I don't see any reason why these properties are missing.
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Note: Need to apply virtio-rng-refactoring first!
Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Make use of new kvm_s390_get_registers_partial() for kvm_handle_css_inst() and
handle_hypercall() since they only need registers from the partial set and they
are called quite frequently.
Signed-off-by: Jason J. Herne <jjherne@us.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
We want to avoid expensive register synchronization IOCTL's on the hot path so
a new kvm_s390_get_registers_partial() is introduced as a compliment to
kvm_arch_get_registers(). The new function is called on the hot path, and
kvm_arch_get_registers() is called when we need the complete runtime register
state.
kvm_arch_put_registers() is updated to only sync the partial runtime set when
we've only dirtied the partial runtime set. This is to avoid sending bad data
back to KVM if we've only partially synced the runtime register set.
Signed-off-by: Jason J. Herne <jjherne@us.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Instead of manually parsing the boot_list as character stream,
we can access the nth boot device, specified by the position in the
boot order.
Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Since we now have working firmware for s390-ccw in the tree, we can
default to it on our s390-ccw machine, rendering it more useful.
Signed-off-by: Alexander Graf <agraf@suse.de>
Now that we have all the source code ready, add a compiled blob into
the QEMU source tree, so that people without access to an s390 compiler
can run the s390-ccw firmware.
Signed-off-by: Alexander Graf <agraf@suse.de>
Ask the host about the configuration instead of guessing it.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Try to handle at least some of the errors that may happen.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
- Use tpi + tsch to get interrupts.
- Return an error if the irb indicates problems.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
stsch is the canonical way to detect devices. As a bonus, we can
abort the loop if we get cc 3, and we need to check only the valid
devices (dnv set).
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Lets fix this gcc warning:
virtio.c: In function ‘vring_send_buf’:
virtio.c:125:35: error: operation on ‘vr->next_idx’ may be undefined
[-Werror=sequence-point]
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
We have to call strip with s390-ccw.elf as input and
s390-ccw.img as output
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Lets build the s390-ccw rom if on s390. Also fix the separate build
folder case.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
dont waste cpu power on an error condition. Lets stop the guest
with a disabled wait.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch adds a makefile, so we can build our ccw firmware. Also
add the resulting binaries to .gitignore, so that nobody is annoyed
they might be in the tree.
Signed-off-by: Alexander Graf <agraf@suse.de>
On s390, there is an architected boot map format that we can read to
boot a certain entry off the disk. Implement a simple reader for this
that always boots the first (default) entry.
Signed-off-by: Alexander Graf <agraf@suse.de>
Like all great programs, we have to call between different functions in
different object files. And all of them need a common ground of defines.
Provide a file that provides these defines.
Signed-off-by: Alexander Graf <agraf@suse.de>
In order to boot, we need to be able to access a virtio-blk device through
the CCW bus. Implement support for this.
Signed-off-by: Alexander Graf <agraf@suse.de>
In order to communicate with the user, we need an I/O mechanism that he
can read. Implement SCLP ASCII support, which happens to be the default
in the s390 ccw machine.
This file is missing read support for now. It can only print messages.
Signed-off-by: Alexander Graf <agraf@suse.de>
This C file is the main driving piece of the s390 ccw firmware. It
provides a search for a workable block device, sets it as the default
to boot off of and boots from it.
Signed-off-by: Alexander Graf <agraf@suse.de>
We want to write most of our code in C, so add a small assembly
stub that jumps straight into C code for us to continue booting.
Signed-off-by: Alexander Graf <agraf@suse.de>
We have a virtio-s390 and a virtio-ccw machine in QEMU. Both use vastly
different ways to do I/O. Having the same firmware blob for both doesn't
really make any sense.
Instead, let's parametrize the firmware file name, so that we can have
different blobs for different machines.
Signed-off-by: Alexander Graf <agraf@suse.de>
Our firmware blob is always a raw file that we load at a fixed address today.
Support loading an ELF blob instead that we can map high up in memory.
This way we don't have to be so conscious about size constraints.
Signed-off-by: Alexander Graf <agraf@suse.de>
We can have different load addresses for different blobs we boot with.
Make the reset IP dynamic, so that we can handle things more flexibly.
Signed-off-by: Alexander Graf <agraf@suse.de>
# By Liu Yuan (4) and others
# Via Stefan Hajnoczi
* stefanha/block:
sheepdog: fix loadvm operation
sheepdog: resend write requests when SD_RES_READONLY is received
sheepdog: add helper function to reload inode
sheepdog: add SD_RES_READONLY result code
sheepdog: cleanup find_vdi_name
rbd: Fix use after free in rbd_open()
block: Disable driver-specific options for 1.5
sheepdog: implement .bdrv_co_is_allocated()
sheepdog: use BDRV_SECTOR_SIZE
sheepdog: add discard/trim support for sheepdog
block/ssh: Require libssh2 >= 1.2.8.
Message-id: 1366976682-10251-1-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Ed Maste (2) and others
# Via Stefan Hajnoczi
* stefanha/trivial-patches:
bsd-user: Track change in FreeBSD SYSCTL(9) types
virtio: Fix compilation without CONFIG_VHOST_SCSI
qemu-doc: Option -ignore-environment removed.
s390x: use CONFIG_INT128 to detect __uint128_t
linux-user: fix compile error due to stray colon at end of #ifdef line
Message-id: 1366975563-16216-1-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Currently the 'loadvm' opertaion works as following:
1. switch to the snapshot
2. mark current working VDI as a snapshot
3. rely on sd_create_branch to create a new working VDI based on the snapshot
This works not the same as other format as QCOW2. For e.g,
qemu > savevm # get a live snapshot snap1
qemu > savevm # snap2
qemu > loadvm 1 # This will steally create snap3 of the working VDI
Which will result in following snapshot chain:
base <-- snap1 <-- snap2 <-- snap3
^
|
working VDI
snap3 was unnecessarily created and might be annoying users.
This patch discard the unnecessary 'snap3' creation. and implement
rollback(loadvm) operation to the specified snapshot by
1. switch to the snapshot
2. delete working VDI
3. rely on sd_create_branch to create a new working VDI based on the snapshot
The snapshot chain for above example will be:
base <-- snap1 <-- snap2
^
|
working VDI
Cc: qemu-devel@nongnu.org
Cc: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Liu Yuan <tailai.ly@taobao.com>
Reviewed-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
When a snapshot is taken from out side of qemu (e.g. qemu-img
snapshot), write requests to the current vdi return SD_RES_READONLY.
In this case, the sheepdog block driver needs to update the current
inode to the latest one and resend the write requests.
Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This adds a helper function to update the current inode state with the
specified vdi object.
Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Sheepdog returns SD_RES_READONLY when qemu sends write requests to the
snapshot vdi. This adds the result code and makes sd_strerror() print
its error reason.
Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This makes 'filename' and 'tag' constant variables, and renames
'for_snapshot' to 'lock' to clear how it works.
Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Commit a9ccedc3 frees the QemuOpts for the driver-specific options
immediately, even though it still needs the filename string that is
contained there. This doesn't work. Move the deletion of the QemuOpts to
the end of the function where its content isn't needed any more.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
We don't want to commit to the API yet before everything is worked out.
Disable it for the 1.5 release. This commit is meant to be reverted
after the 1.5 release.
The disabling of the driver-specific options is achieved by applying the
old checks while parsing the command line.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The 'TRIM' command from VM that is to release underlying data storage for
better thin-provision is already supported by the Sheepdog.
This patch adds the TRIM support at QEMU part.
For older Sheepdog that doesn't support it, we return 0(success) to upper layer.
Cc: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Liu Yuan <tailai.ly@taobao.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
libssh2 >= 1.2.8 is required to enable this block device (because
that version introduced the libssh2_session_handshake call).
Change the test to use pkg-config exclusively. If the user requests
--enable-libssh2 and the minimum version is not available, then the
following error is displayed:
$ ./configure --enable-libssh2
ERROR: libssh2 >= 1.2.8 required for --enable-libssh2
If --enable-libssh2 is not specified, then the feature is silently
disabled if sufficiently new libssh2 is not available.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Target s390x uses ad-hoc macro magic to guess if the compiler
supports the GCC extension __uint128_t. This patch uses the
the dedicated macro CONFIG_INT128 defined by configure instead.
This fixes compilation with the CIL source code analyzer, which
uses GCC as a preprocessor but does not support __uint128_t.
Signed-off-by: Gabriel Kerneis <gabriel@kerneis.info>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Remove a stray colon from the end of a #ifdef line. Some versions
of gcc complain about this:
linux-user/syscall.c: In function ‘do_syscall’:
linux-user/syscall.c:7606:28: error: extra tokens at end of #ifdef directive [-Werror]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-By: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Build DTC as QEMU is built. Fixes the issue with mingw build which can't
handles DTC's default CFLAGS.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
The submodule DTC should just build and use DTC as static (the whole
motivation for using submod is lack of widespread distro support).
The .so causes build failures on some platforms, so adjust the make
target to just build the static lib.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
While reviewing some patches I found this problem where tcp_chr_accept
does not clear listen_tag when returning FALSE, leading to a double
g_source_remove of the underlying source. Not really a problem unless the id
gets re-used in between, but still something we should fix.
While at it I've also reviewed all the other code in qemu-char.c for
similar problems and found that pty_chr_timer has the same problem.
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Message-id: 1366890782-10311-1-git-send-email-hdegoede@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Libvirt has no way to probe if an option or property is supported,
This patch introduces a new qmp command to query command line
option information. hmp command isn't added because it's not needed.
Signed-off-by: Amos Kong <akong@redhat.com>
CC: Luiz Capitulino <lcapitulino@redhat.com>
CC: Osier Yang <jyang@redhat.com>
CC: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
If a guest neglected to register (secondary) indicators but still runs
with notifications enabled, we might end up writing to guest zero;
avoid this by checking for valid indicators and only writing to the
guest and generating an interrupt if indicators have been setup.
Cc: qemu-stable@nongnu.org
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Use of a flash memory device for the BIOS was added in series "[PATCH
v10 0/8] PC system flash support", commit 4732dca..1b89faf, v1.1.
Flash vs. ROM is a guest-visible difference. Thus, flash use had to
be suppressed for machine types pc-1.0 and older. This was
accomplished by adding a dummy device "pc-sysfw" with property
"rom_only":
* Non-zero rom_only means "use ROM". Default for pc-1.0 and older.
* Zero rom_only means "maybe use flash". Default for newer machines.
Not only is the dummy device ugly, it was also retroactively added to
the older machine types! Fortunately, it's not guest-visible (thus no
immediate guest ABI breakage), and has no vmstate (thus no immediate
migration breakage). Breakage occurs only if the user unwisely
enables flash by setting rom_only to zero. Patch review FAIL #1.
Why "maybe use flash"? Flash didn't (and still doesn't) work with
KVM. Therefore, rom_only=0 really means "use flash, except when KVM
is enabled, use ROM". This is a Bad Idea, because it makes enabling/
disabling KVM guest-visible. Patch review FAIL #2.
Aside: it also precludes migrating between KVM on and off, but that's
not possible for other reasons anyway.
Fix as follows:
1. Change the meaning of rom_only=0 to mean "use flash, no ifs, buts,
or maybes" for pc-i440fx-1.5 and pc-q35-1.5. Don't change anything
for older machines (to remain bug-compatible).
2. Change the default value from 0 to 1 for these machines.
Necessary, because 0 doesn't work with KVM. Once it does, we can flip
the default back to 0.
3. Don't revert the retroactive addition of device "pc-sysfw" to older
machine types. Seems not worth the trouble.
4. Add a TODO comment asking for device "pc-sysfw" to be dropped once
flash works with KVM.
Net effect is that you get a BIOS ROM again even when KVM is disabled,
just like for machines predating the introduction of flash.
To get flash instead, use "--global pc-sysfw.rom_only=0".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1365780303-26398-4-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Alon Levy (15) and others
# Via Alon Levy
* alon/libcacard_ccid.1: (28 commits)
libcacard/cac: change big switch functions to single return point
dev-smartcard-reader: empty implementation for Mechanical (fail correctly)
libcacard: move atr setting from macro to function
libcacard/vreader: add debugging messages for apdu
dev-smartcard-reader: copy atr protocol to ccid parameters
dev-smartcard-reader: change default protocol to T=0
dev-smartcard-reader: define structs for CCID_Parameter internals
ccid-card-passthru, dev-smartcard-reader: add debug environment variables
ccid-card-passthru: add atr check
libcacard: change default ATR
dev-smartcard-reader: reuse usb.h definitions
dev-smartcard-reader: support windows guest
dev-smartcard-reader: remove aborts (never triggered, but just in case)
dev-smartcard-reader: nicer debug messages
dev-smartcard-reader: white space fixes
libcacard: remove default libcoolkey loading
libcacard: remove sql: prefix
libcacard: teach vscclient to use GMainLoop for portability
libcacard: vscclient to use QemuThread for portability
libcacard: split vscclient main() from socket reading
...
Message-id: 921423767.1475937.1366790789930.JavaMail.root@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Here the virtio-rng-pci is modified for the new API. The device
virtio-rng-pci extends virtio-pci. It creates and connects a virtio-rng-device
during the init. The properties are not changed.
The virtio_pci_reset function, is removed as no longer used.
The virtio_pci_rst function, is renamed virtio_pci_reset.
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Tested-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Amit Shah <amit.shah@redhat.com>
Message-id: 1366790881-3026-4-git-send-email-fred.konrad@greensocs.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Add a linked list of keyboard handlers. Added handlers will go
to the head of the list. Removed handlers will be zapped from
the list. The head of the list will be used for events.
This fixes the keyboard-dead-after-usb-kbd-unplug issue, key events
will be re-routed to the ps/2 kbd instead of being discarded.
[ v2: fix cut+paste bug found my Markus ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1366798118-3248-3-git-send-email-kraxel@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
We don't support T=1 so we shouldn't advertise it by default.
Two independent changes:
* Default ATR
sets T=0. This gets overwritten by the client provided ATR later.
* Class descriptor
changes dwAdvertise dwProtocols.PPPP to 0x1 and dwProtocols.RRRR=0 per spec.
Signed-off-by: Alon Levy <alevy@redhat.com>
Reviewed-by: Marc-André Lureau <mlureau@redhat.com>
Introduces a new utility function: parse_debug_env to avoid code
duplication.
This overrides whatever debug value is set on the corresponding devices
from the command line, and is meant to ease the usage with any
management stack. For libvirt you can set environment variables by
extending the dom namespace, i.e:
<domain type='kvm' id='3' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
<qemu:commandline>
<qemu:env name='QEMU_CCID_PASSTHRU_DEBUG' value='4'/>
<qemu:env name='QEMU_CCID_DEBUG' value='4'/>
</qemu:commandline>
</domain>
Signed-off-by: Alon Levy <alevy@redhat.com>
Reviewed-by: Marc-André Lureau <mlureau@redhat.com>
By not advertising USB wakeup support (which we don't).
Signed-off-by: Alon Levy <alevy@redhat.com>
Reviewed-by: Marc-André Lureau <mlureau@redhat.com>
For some reason, with sql:/ prefix, the PKCS11 modules are not loaded.
This patch goes on top of Alon smartcard series.
Signed-off-by: Marc-André Lureau <mlureau@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
This version handles non-blocking sending and receiving from the
socket.
Signed-off-by: Marc-André Lureau <mlureau@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
It is needed to give that flag to the linker as well, but latest
libtool 2.4.2 still swallows that argument, so let's pass it with
libtool -Wc argument.
qemu-1.4.0/stubs/arch-query-cpu-def.c:6: undefined reference to `__stack_chk_guard'
Signed-off-by: Marc-André Lureau <mlureau@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
vscclient needs to call socket_init() for portability.
Moving to osdep.c since it has no internal dependency.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
It's a bit nicer to look for default database under
CSIDL_COMMON_APPDATA\pki\nss rather that /etc/pki/nss.
Signed-off-by: Marc-André Lureau <mlureau@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Program received signal SIGSEGV, Segmentation fault.
__strcmp_sse42 () at ../sysdeps/x86_64/multiarch/strcmp-sse42.S:164
164 movdqu (%rsi), %xmm2
(gdb) bt
at /home/elmarco/320g/src/qemu/hw/ccid-card-emulated.c:477
at /home/elmarco/320g/src/qemu/hw/ccid-card-emulated.c:503
Signed-off-by: Marc-André Lureau <mlureau@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
The VCARD_ATR_PREFIX macro adds a prefix of 6 characters only.
pcsc_scan was complaining before the patch:
+ Historical bytes: 56 43 41 52 44 5F 4E 53 53
ERROR! ATR is truncated: 2 byte(s) is/are missing
Signed-off-by: Marc-André Lureau <mlureau@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
# By Gerd Hoffmann (3) and Hans de Goede (1)
# Via Gerd Hoffmann
* kraxel/usb.81:
usb-host: raise libusbx minimum version to 1.0.13
usb: better speed mismatch error reporting
ehci_free_packet: Discard finished packets when the queue is halted
xhci: remove XHCIRing->base (unused)
Message-id: 1366705929-11251-1-git-send-email-kraxel@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Allows to remove one FIXME. Makes LIBUSB_LOG_LEVEL_WARNING build errors
go away. And starting with that version libusb has a LIBUSBX_API_VERSION
define which allows to easily #ifdef version dependencies should that
need arrive in the future.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Report the supported speeds for device and port in the error message.
Also add the speeds to the tracepoint. And while being at it drop
the redundant error message in usb_desc_attach, usb_device_attach will
report the error anyway.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
With pipelining it is possible to encounter a finished packet when cleaning
the queue due to a halt. This happens when a non stall error happens while
talking to a real device. In this case the queue on the usb-host side will
continue processing packets, and we can have completed packets waiting in
the queue after an error condition packet causing a halt.
There are 2 reasons to discard the completed packets at this point, rather
then trying to writing them back to the guest:
1) The guest expect to be able to cancel and/or change packets after the
packet with the error without doing an unlink, so writing them back may
confuse the guest.
2) Since the queue does not advance when halted, the writing back of these
packets will fail anyways since p->qtdaddr != q->qtdaddr, so the
ehci_verify_qtd call in ehci_writeback_async_complete_packet will fail.
Note that 2) means that then only functional change this patch introduces
is the printing of a warning when this scenario happens.
Note that discarding these packets means that the guest driver and the device
will get out of sync! This is unfortunate, but should not be a problem since
with a non stall error (iow an io-error) the 2 are out of sync already anyways.
Still this patch adds a warning to signal this happening.
Note that sofar this has only been seen with a DVB-T receiver, which gives
of a MPEG-2 stream, which allows for recovering from lost packets, see:
https://bugzilla.redhat.com/show_bug.cgi?id=890320
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Handle the addresses and values for {in,out}[bwl] as unsigned (ie
with strtoul), as per the protocol specification comment. This fixes
a test failure in test_i440fx_defaults on 32-bit hosts where the test
tries to write 0x80000000 and qtest was instead writing 0x7fffffff.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1366551003-16649-1-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
In certain scenario, latency induced by paging is significant and
memory locking is needed. Also, in the scenario with untrusted
guests, latency improvement due to mlock is desired.
This patch introduces a following new option to mlock guest and
qemu memory:
-realtime mlock=on|off
Signed-off-by: Satoru Moriya <satoru.moriya@hds.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1366382526-26146-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Due to a glib bug, the finalize callback is called with the GMainContext
lock held. Thus, any operation on the context from the callback will
cause recursive locking and a deadlock. This happens, for example,
when a client disconnects from a socket chardev.
The fix for this is somewhat ugly, because we need to forego polymorphism
and implement our own function to destroy IOWatchPoll sources. The
right thing to do here would be child sources, but we support older
glib versions that do not have them. Not coincidentially, glib developers
found and fixed the deadlock as part of implementing child sources.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Sander Eikelenboom <linux@eikelenboom.it>
Message-id: 1366385529-10329-5-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Even if a CharDriverState's source is blocked by the front-end,
it must not be dropped. The IOWatchPoll that wraps it will take
care of adding and removing it to the main loop. Only remove
the source when the channel is closed; and in that case, make sure
that the wrapping IOWatchPoll is removed too.
These should just be theoretical bugs.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1366385529-10329-4-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
There is no need to use a timer and pty_chr_read to detect a connected
pty. It is simpler to just call g_poll periodically and check for POLLHUP.
It is done once per second, and only if the pty is disconnected, so it
is cheap enough.
Tested with "-monitor pty" and "-serial mon:pty", both of which work
correctly and do not freeze QEMU. (How to test ptys? "socat -,raw,echo=0
/dev/pts/4,raw").
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1366385529-10329-3-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Kevin Wolf (16) and Stefan Hajnoczi (4)
# Via Kevin Wolf
* kwolf/for-anthony:
qemu-iotests: add 053 unaligned compressed image size test
block: Allow overriding backing.file.filename
block: Remove filename parameter from .bdrv_file_open()
vvfat: Use bdrv_open options instead of filename
sheepdog: Use bdrv_open options instead of filename
rbd: Use bdrv_open options instead of filename
iscsi: Use bdrv_open options instead of filename
gluster: Use bdrv_open options instead of filename
curl: Use bdrv_open options instead of filename
blkverify: Use bdrv_open options instead of filename
blkdebug: Use bdrv_open options instead of filename
raw-win32: Use bdrv_open options instead of filename
raw-posix: Use bdrv_open options instead of filename
block: Enable filename option
block: Add driver-specific options for backing files
block: Fail gracefully when using a format driver on protocol level
qemu-iotests: Fix _filter_qemu
qemu-img: do not zero-pad the compressed write buffer
qcow: allow sub-cluster compressed write to last cluster
qcow2: allow sub-cluster compressed write to last cluster
Message-id: 1366630294-18984-1-git-send-email-kwolf@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Stefan Hajnoczi
# Via Paolo Bonzini
* bonzini/nbd-next:
nbd: set TCP_NODELAY
nbd: use TCP_CORK in nbd_co_send_request()
nbd: unlock mutex in nbd_co_send_request() error path
Message-id: 1366381830-11267-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Paolo Bonzini (5) and others
# Via Paolo Bonzini
* bonzini/scsi-next:
vhost-scsi-s390: new device supporting the tcm_vhost Linux kernel module
vhost-scsi-ccw: new device supporting the tcm_vhost Linux kernel module
vhost-scsi-pci: new device supporting the tcm_vhost Linux kernel module
vhost-scsi: new device supporting the tcm_vhost Linux kernel module
virtio: simplify Makefile conditionals
virtio-scsi: create VirtIOSCSICommon
vhost: Add vhost_commit callback for SeaBIOS ROM region re-mapping
scsi: VMWare PVSCSI paravirtual device implementation
scsi: avoid assertion failure on VERIFY command
Message-id: 1366381460-6041-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Amos Kong (1) and Luiz Capitulino (1)
# Via Luiz Capitulino
* luiz/queue/qmp:
virtio-balloon: fix integer overflow in BALLOON_CHANGE QMP event
monitor: fix the wrong order of releasing keys
Message-id: 1366375833-995-1-git-send-email-lcapitulino@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Test that qemu-img convert -c works when input image length is not a
multiple of the cluster size.
Previously an error message would be produced:
qemu-img: error while compressing sector 0: Input/output error
Now that qcow2 and qcow handle this case the test passes successfully.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
If a filename is passed in the driver-specific options from the command
line, the backing file path from the image is ignored now.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
This is only to convert the internal interface that is used for passing
the "filename" to be parsed, but converting to actual fine grained
options is left for another day, as it doesn't look trivial.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
This is only to convert the internal interface that is used for passing
the "filename" to be parsed, but converting to actual fine grained
options is left for another day, as it doesn't look trivial.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
This is only to convert the internal interface that is used for passing
the "filename" to be parsed, but converting to actual fine grained
options is left for another day, as it doesn't look trivial.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
This is only to convert the internal interface that is used for passing
the "filename" to be parsed, but converting to actual fine grained
options is left for another day, as it doesn't look trivial.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
As a bonus, going through the QemuOpts QEMU_OPT_SIZE parser for the
readahead option gives us proper error reporting that the previous use
of atoi() lacked.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
This allows using the file.filename option instead of the string that
comes from -drive file=... and is passed around as a separate parameter.
The goal is to get rid of this parameter and use the options QDict more
consistently.
With this option you can access not only the top-level image, but
specify a filename for the backing file (currently only if no backing
file exists, but we'll allow overriding it later)
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Options starting in "backing." are passed to the backing file now. If
you don't need to specify the filename for the backing file, you can add
it on the command line instead of in the image file:
$ qemu-nbd -t /tmp/test.img
$ qemu-img create -f qcow2 empty.qcow2 1G
$ qemu-system-x86_64 -drive file=empty.qcow2,backing.file.driver=nbd,\
backing.file.host=localhost
Note that this doesn't override the backing filename from the image. If
the image has one, this will fail because NBD doesn't want the options
and a filename at the same time.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Specifying the wrong driver could fail an assertion:
$ qemu-system-x86_64 -drive file.driver=qcow2,file=x
qemu-system-x86_64: block.c:721: bdrv_open_common: Assertion `file !=
((void *)0)' failed.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
$QEMU_PROG happens to be 'qemu' in my setup, so this sed command
replaces a bit too much. Restrict it to the start of the line and to
when it's followed by a colon, i.e. the form used by error messages.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
bdrv_write_compressed() does not allow requests that span the end of the
device. Therefore it is useless to zero-pad the last cluster and
thereby exceed the end of the device.
Let image formats handle zero-padding the final compressed cluster, if
necessary.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Compression in qcow requires image length to be a multiple of the
cluster size. Lift this requirement by zero-padding the final cluster
when necessary. The virtual disk size is still not cluster-aligned, so
the guest cannot access the zero sectors.
Note that this is almost identical to the qcow2 version of this code.
qcow2's compression code is drawn from qcow.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Compression in qcow2 requires image length to be a multiple of the
cluster size. Lift this requirement by zero-padding the final cluster
when necessary. The virtual disk size is still not cluster-aligned, so
the guest cannot access the zero sectors.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Fix failures to compile introduced by recent console commits
1dbfa00503, 81c0d5a6) which removed is_graphic_console() and
vga_hw_update() without updating the cocoa UI backend to match.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Fixed EFLAGS corruption by ROR r8/r16 instruction located at the end of the TB.
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@gmail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Drop all the infrastructure for taddr properties (ie ones which
are 'hwaddr' sized). These are now unused, and any further desired
use would be rather questionable since device properties shouldn't
generally depend on a type that is conceptually variable based on
the target CPU. 32 or 64 bit integer properties should be used instead
as appropriate for the specific device.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* 'arm-devs.next' of git://git.linaro.org/people/pmaydell/qemu-arm:
hw/versatile_pci: Drop unnecessary vpb_pci_config_addr()
versatile_pci: Expose PCI memory space to system
arm/realview: Fix mapping of PCI regions
versatile_pci: Implement the PCI controller's control registers
versatile_pci: Implement the correct PCI IRQ mapping
versatile_pci: Put the host bridge PCI device at slot 29
versatile_pci: Use separate PCI I/O space rather than system I/O space
versatile_pci: Change to subclassing TYPE_PCI_HOST_BRIDGE
versatile_pci: Update to realize and instance init functions
versatile_pci: Expose PCI I/O region on Versatile PB
versatile_pci: Fix hardcoded tabs
* 'target-arm.next' of git://git.linaro.org/people/pmaydell/qemu-arm:
target-arm: Correctly restore FPSCR
target-arm: Add some missing CPU state fields to VMState
target-arm: port ARM CPU save/load to use VMState
target-arm: Reinsert missing return statement in ARM mode SRS decode
* 'linux-user-for-upstream' of git://git.linaro.org/people/rikuvoipio/qemu:
linux-user: fix setgroups/getgroups for non-UID16 archs
linux-user: fix undefined shift in copy_to_user_fdset
linux-user: change do_semop to return target errno when unsuccessful
The WWPN specified in configfs is passed to "-device vhost-scsi-pci".
The tgpt field of the SET_ENDPOINT ioctl is obsolete now, so it is not
available from the QEMU command-line. Instead, I hardcode it to zero.
Changes in Patch-v2:
- Add vhost_scsi_get_features() in order to determine feature bits
supports by host kernel (mst + nab)
- Re-enable usage of DEFINE_VIRTIO_COMMON_FEATURES, and allow
EVENT_IDX to be disabled by host in vhost_scsi_get_features()
- Drop unused hotplug bit in DEFINE_VHOST_SCSI_PROPERTIES
Changes in Patch-v1:
- Set event_idx=off by default (nab, thanks asias)
- Disable hotplug feature bit for v3.9 tcm_vhost kernel code, need to
re-enable in v3.10 (nab)
- Update to latest qemu.git/master HEAD
Changes in WIP-V3:
- Drop ioeventfd vhost_scsi_properties (asias, thanks stefanha)
- Add CONFIG_VHOST_SCSI (asias, thanks stefanha)
- Add hotplug feature bit
Changes in WIP-V2:
- Add backend guest masking support (nab)
- Bump ABI_VERSION to 1 (nab)
- Set up set_guest_notifiers (asias)
- Set up vs->dev.vq_index (asias)
- Drop vs->vs.vdev.{set,clear}_vhost_endpoint (asias)
- Drop VIRTIO_CONFIG_S_DRIVER check in vhost_scsi_set_status (asias)
Howto:
Use the latest seabios, at least commit b44a7be17b
git clone git://git.seabios.org/seabios.git
make
cp out/bios.bin /usr/share/qemu/bios.bin
qemu -device vhost-scsi-pci,wwpn=naa.6001405bd4e8476d,event_idx=off
...
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Asias He <asias@redhat.com>
[ Rebase on top of VirtIOSCSICommon patch, fix bugs in feature
negotiation and irqfd masking - Paolo ]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch refactors existing virtio-scsi code into VirtIOSCSICommon
in order to allow virtio_scsi_init_common() to be used by both internal
virtio_scsi_init() and external vhost-scsi-pci code.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Asias He <asias@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
# By Stefan Weil (3) and others
# Via Stefan Hajnoczi
* stefanha/trivial-patches:
m25p80: Remove bogus include of devices.h
ssh: Remove unnecessary use of strlen function.
block/ssh: Add missing gcc format attributes
linux-user: change do_semop to return target errno when unsuccessful
w64: Fix compiler warnings (wrong format specifier)
Remove unneeded type casts
virtio.h: drop unused function prototypes
bswap: fix compiler warning
Message-id: 1366371241-23430-1-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
pci: add pci test device
This adds a new device that we can use for testing PCI PIO and MMIO, with and
without ioeventfd in different configurations. FAST_MMIO will be added if/when
kvm supports it. Also included are minor cleanups in kvm APIs that it needs.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon 15 Apr 2013 05:42:24 PM CDT using RSA key ID D28D5469
# gpg: Can't check signature: public key not found
# By Michael S. Tsirkin
# Via Michael S. Tsirkin
* mst/tags/for_anthony:
pci: add pci test device
kvm: support non datamatch ioeventfd
kvm: support any size for pio eventfd
kvm: remove unused APIs
Message-id: cover.1366272004.git.mst@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Jan Kiszka (4) and Marcelo Tosatti (1)
# Via Marcelo Tosatti
* qemu-kvm/uq/master:
vmxcap: Update according to SDM of January 2013
target-i386: kvm: save/restore steal time MSR
vmxcap: Report APIC register emulation and RDTSCP control
vmxcap: Augment reported information
vmxcap: Open MSR file in unbuffered mode
Message-id: cover.1366253306.git.mtosatti@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Because dev->actual is uint32_t, the expression 'dev->actual <<
VIRTIO_BALLOON_PFN_SHIFT' is truncated to 32 bits. This overflows when
dev->actual >= 1048576.
To reproduce:
1. Start a VM with a QMP socket and 5G of RAM
2. Connect to the QMP socket, negotiate capabilities and issue:
{ "execute":"balloon", "arguments": { "value": 1073741824 } }
3. Watch for BALLOON_CHANGE QMP events, the last one will incorretly be:
{ "timestamp": { "seconds": 1366228965, "microseconds": 245466 },
"event": "BALLOON_CHANGE", "data": { "actual": 5368709120 } }
To fix it this commit casts it to ram_addr_t, which is ram_size's type.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
(qemu) sendkey ctrl_r-scroll_lock-scroll_lock
Executing this command could not let Windows guest panic, it caused by
the wrong order of releasing keys. This problem was introduced by
commit e4c8f004c5.
The right release order should be starting from last item.
Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Use the helper functions to save and restore the FPSCR, so that
we correctly propagate rounding mode and flushing behaviour into
the float_status fields. This also allows us to stop saving the
vector length/stride fields separately.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
A number of CPU state fields were accidentally omitted from
our migration state: some OMAP specific cp15 registers, and
some related to state for load/store exclusive insns. Add them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Port the ARM CPU save/load code to use VMState. Some state is
saved in a slightly different order to simplify things -- for
example arrays are saved one after the other rather than 'striped',
and we always save all 32 VFP registers even if the CPU happens
to only have 16.
Use one subsection for each feature. This means that we don't need to
bump the version field each time that a new feature gets introduced.
Signed-off-by: Juan Quintela <quintela@redhat.com>
[PMM: fixed conflicts, updated to use cpu_class_set_vmsd(), updated
with new/removed fields since original patch, changed to use custom
VMStateInfo for cpsr rather than presave/postload hooks, corrected
subsection names so vmload doesn't fail]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Since patch
81465888c5
target-arm: factor out handling of SRS instruction
the ARM mode SRS instruction has not worked in QEMU.
The problem is a missing return directive that was removed in the
refactoring, so after decoding the instruction, qemu would fall through
to generate an UNDEF exception for an illegal instruction.
Signed-off-by: Peter Chubb <peter.chubb@nicta.com.au>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Drop the vpb_pci_config_addr() function -- it is unnecessary since
the size of the memory regions means the hwaddr is always within
the 24 bit size. (This function was probably a leftover from when
read/write functions were called with absolute addresses rather
than relative ones.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Paul Brook <paul@codesourcery.com>
The VersatilePB's PCI controller exposes the PCI memory space to the
system via three regions controlled by the mapping control registers.
Implement this so that guests can actually use MMIO-BAR PCI cards.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Paul Brook <paul@codesourcery.com>
Fix the mapping of the PCI regions for the realview board, which were
all incorrect. (This was never noticed because the Linux kernel
doesn't actually include a PCI driver for the realview boards.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Paul Brook <paul@codesourcery.com>
The versatile_pci PCI controller has a set of control registers which
handle the mapping between PCI and system address spaces. Implement
these registers (though for now they have no effect since we don't
implement mapping PCI space into system memory at all).
The most natural order for our sysbus regions has the control
registers at the start, so move all the others down one.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Paul Brook <paul@codesourcery.com>
Implement the correct IRQ mapping for the Versatile PCI controller; it
differs between realview and versatile boards, but the previous QEMU
implementation was correct only for the first PCI card on a versatile
board, since we weren't swizzling IRQs based on the slot number.
Since this change would otherwise break any uses of PCI on Linux kernels
which have an equivalent bug (since they have effectively only been
tested against QEMU, not real hardware), we implement a mechanism
for automatically detecting those broken kernels and switching back
to the old mapping. This works by looking at the values the kernel
writes to the PCI_INTERRUPT_LINE register in the config space, which
is effectively the interrupt number the kernel expects the device
to be using.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
On real hardware the host bridge appears as a PCI device in slot 29,
so make QEMU put its host bridge in that slot too.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Paul Brook <paul@codesourcery.com>
Rather than overloading the system I/O space (which doesn't even make
any sense on ARM) for PCI I/O, create an memory region in the PCI
controller and use that to represent the I/O space.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Paul Brook <paul@codesourcery.com>
Change versatile_pci to subclass TYPE_PCI_HOST_BRIDGE and generally
handle PCI in a more QOM-like fashion.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Paul Brook <paul@codesourcery.com>
Update the Versatile PCI controller to use a realize function rather
than SysBusDevice::init. To reflect the fact that the 'realview_pci'
class is taking most of its implementation from 'versatile_pci' (and
to make the QOM casts work) we make 'realview_pci' a subclass of
'versatile_pci'.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Paul Brook <paul@codesourcery.com>
Comments in the QEMU source code claim that the version of the PCI
controller on the VersatilePB board doesn't support the PCI I/O
region, but this is incorrect; expose that region, map it in the
correct location, and drop the misleading comments.
This change removes the only currently implemented difference
between the realview-pci and versatile-pci models; however there
are other differences in not-yet-implemented functionality, so we
retain the distinction between the two device types.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Paul Brook <paul@codesourcery.com>
There is just one line in this source file with a hardcoded tab
indent, so just fix it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Paul Brook <paul@codesourcery.com>
I think in the early revisions of this we had an instantiation helper
for the device in devices.h. This was later removed and this header was
left over. Removed
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Now gcc will check whether format string and variable arguments match.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
do_semop() is called from two places, and one of these fails to convert
return error to target errno when semop fails. This patch changes the
function to always return target errno in case of an unsuccessful call.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
GetLastError() returns a DWORD value which is unsigned long,
so the correct format specifier is %lu.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
cpu_physical_memory_read, cpu_physical_memory_write take any pointer
as 2nd argument without needing a type cast.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The bswap functions use memcpy but the bswap.h header itself does not seem to
include it in some configuration such as cross compiling for powerpc64
on x86_64 machine.
The patch explicitly includes string.h.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This patch follows MST's recommendation to move checks for
vhost_verify_ring_mappings() -> cpu_physical_memory_map() operations
from MemoryListener->region_[add,del]() -> vhost_set_memory() into
final MemoryListener->commit() -> vhost_commit() callback.
It addresses the case where virtio-scsi vq ioport RAM re-mapping
to read-only SeaBIOS ROM triggers a cpu_physical_memory_map()
NIL MemoryRegionSection pointer failure.
Also save vhost_dev->mem_changed_[start,end]_addr values in
vhost_set_memory() for final ranges_overlap checks. (Thanks Paolo!)
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Asias He <asias@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Yan Vugenfirer <yan@daynix.com>
[ Rename files to vmw_pvscsi, fix setting of hostStatus in
pvscsi_request_cancelled - Paolo ]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
A verify command is not an actual read (we do not implement
compare mode) and thus does not have an AIOCB attached. Do
not crash in scsi_dma_complete.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
do_semop() is called from two places, and one of these fails to convert
return error to target errno when semop fails. This patch changes the
function to always return target errno in case of an unsuccessful call.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
We already had a test to add -march=i486 when needed. Make the
existing test independent of vhost-net, so that it is also used
under Win32.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Move -lm to the end of the line, so that it can be picked up as a
dependency by pixman in the static build case.
Reviewed-by: Peter Maydell <peter.maydell@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Previously, this was done for target_long/ulong, and propagated to
abi_long/ulong via a typedef. But target_long/ulong should not
have any specific alignment, it is never used to access guest
memory.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Registers are 64-bit in size for the MIPS n32 ABI. Define
target_elf_greg_t accordingly, and use the correct function
to do endian swaps.
Reviewed-by: Peter Maydell <peter.maydell@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Some fields in core dumps are 32-bit in 32-or-64 environments (ppc64abi32,
sparc32plus). Use abi_long/ulong for those.
Also, the fields of target_elf_siginfo are ints. Use tswap32 to convert them.
Reviewed-by: Peter Maydell <peter.maydell@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Configure to use the DTC submodule to build libfdt when no system libfdt
is found. Prompt to install the DTC submodule if --enable-fdt is set but
no DTC can be found.
DTC has no out-of-tree build capability, so the configure will symlink
the Makefile and scripts directory in the out of tree build directory
and pass in all the needed DTC arguments to make out of tree build happen.
Ideally we fix the DTC make to support out of tree, but did it this way to
avoid commits to DTC.
Signed-off-by: David Holsgrove <david.holsgrove@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
The cross compile CFLAGS are needed to properly build pixman (and any other
submodules). Only the EXTRA_CFLAGS set is passed to submodules not QEMU_CFLAGS,
so put the cross compile flags in EXTRA_CFLAGS instead.
Signed-off-by: Peter Crosthwaite peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
This adds reporting of VMCS shadowing, #VE, IA32_SMBASE, unrestricted
VMWRITE and fixes the range of the MSEG revision ID.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Read and write steal time MSR, so that reporting is functional across
migration.
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Parse the Basic VMX Information MSR and add the bit for the new posted
interrupts.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Python may otherwise decide to to read larger chunks, applying the seek
only on the software buffer. This will return results from the wrong
MSRs.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
This tests PAM settings for the i440fx. This test does a lot of
byte MMIO which is fairly slow with qtest today. But the test
does complete in under 2 seconds.
We don't fully emulate PAM largely because of limitations with
KVM so we #if 0 that part of the test case.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1366123521-4330-7-git-send-email-aliguori@us.ibm.com
This test compares all of the default register values against the
spec. It turns out we deviate in quite a few places. These
places are really only visible to the BIOS though which is why
this hasn't created any problems.
The deviation actually happens in the core PCI layer so I suspect
it's not a simple fix if we really care to fix it. For now, just
disable the affected checks.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1366123521-4330-6-git-send-email-aliguori@us.ibm.com
fw_cfg is needed to get the top of memory which is necessary for
doing PCI allocation and allocating RAM for DMA.
Add a PC version of fw_cfg and enough abstraction to support other
platforms.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1366123521-4330-4-git-send-email-aliguori@us.ibm.com
Currently we waitpid on the child process we spawn off that does
nothing more than system() another process. While this does not
appear to be incorrect, it's wasteful and confusing so get rid of
it.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1366123521-4330-2-git-send-email-aliguori@us.ibm.com
Management apps like libvirt don't know to pay attention to
stderr unless there is a non-zero exit status.
* migration.c (process_incoming_migration_co): Exit with non-zero
status on failure.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-id: 1366149041-626-1-git-send-email-eblake@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The existing code shows the "Bus '%s' is full" message even if name
is specified and different from bus->name (i.e. match=0).
The patch excludes unnecessary error message.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Message-id: 1366184940-13516-1-git-send-email-aik@ozlabs.ru
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Paolo Bonzini
# Via Paolo Bonzini
* bonzini/migration-writev:
qemu-file: do not use stdio for qemu_fdopen
iov: handle partial writes from sendmsg and recvmsg
iov: reorganize iov_send_recv, part 3
iov: reorganize iov_send_recv, part 2
iov: reorganize iov_send_recv, part 1
qemu-file: drop socket_put_buffer
Message-id: 1366192012-14872-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This uses system calls directly for Unix file descriptors, so that the
efficient writev_buffer can be used. Pay attention to the possibility
of partial writes in writev.
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Orit Wassermann <owasserm@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Partial writes can still happen in sendmsg and recvmsg, if a
signal is received in the middle of a write. To handle this,
retry the operation with a new offset/bytes pair.
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Orit Wassermann <owasserm@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Do not touch the "bytes" argument anymore. Instead, remember the
original length of the last iovec if we touch it, and restore it
afterwards.
This requires undoing the changes in opposite order. The previous
algorithm didn't care.
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Orit Wassermann <owasserm@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Once the initial part of the iov is dropped, it is not used anymore.
Modify iov/iovcnt directly instead of adjusting them with the "si"
variable.
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Orit Wassermann <owasserm@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Drop an unreachable fallback bus assignment to SysBus.
If no ,bus= is specified, only search busses recursively for bus type if
the DeviceClass has a bus_type specified. Handle resulting NULL cases.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1366077021-28882-1-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Using qemu_memalign only leaves the RAM zero by chance, because libc
will usually use mmap to satisfy our huge requests. But memory will
not be zero when using MALLOC_PERTURB_ with a nonzero value. In the
case of incoming migration, this breaks a recently-introduced
invariant (commit f1c7279, migration: do not sent zero pages in
bulk stage, 2013-03-26).
To fix this, use mmap ourselves to get a well-aligned, always zero
block for the RAM. Mmap-ed memory is easy to "trim" at the sides.
This also removes the need to do something special on valgrind
(see commit c2a8238a, Support running QEMU on Valgrind, 2011-10-31),
thus effectively reverts that patch.
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1365522223-20153-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Hans de Goede (5) and others
# Via Gerd Hoffmann
* spice/spice.v69:
spice-qemu-char: vmc_write: Don't write more bytes then we're asked too
spice-qemu-char: Remove intermediate buffer
spice-qemu-char: Add watch support
spice-qemu-char: Remove #ifdef-ed code for old spice-server compat
virtio-console: Remove any pending watches on close
virtio-console: Also throttle when less was written then requested
spice: (32 bit only) fix surface cmd tracking destruction
qxl: add 2000x2000 and 2048x2048 video modes
qxl: add 4k + 8k resolutions
Message-id: 1366106194-28826-1-git-send-email-kraxel@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Igor Mammedov (8) and others
# Via Andreas Färber
* afaerber/qom-cpu:
target-cris: Override do_interrupt for pre-v32 CPU cores
qdev: Set device's parent before calling realize() down inheritance chain
cpu: Pass CPUState to *cpu_synchronize_post*()
target-i386: Split out CPU creation and features parsing
target-i386/cpu.c: Coding style fixes
ioapic: Replace FROM_SYSBUS() with QOM type cast
kvmvapic: Replace FROM_SYSBUS() with QOM type cast
target-i386: Split APIC creation from initialization in x86_cpu_realizefn()
target-i386: Consolidate error propagation in x86_cpu_realizefn()
qdev: Add qdev property for bool type
target-i386: Improve -cpu ? features output
target-i386: Fix including "host" in -cpu ? output
Reimplement usb-host on top of libusb.
Reasons to do this:
(1) Largely rewritten from scratch, nice opportunity to kill historical
cruft.
(2) Offload usbfs handling to libusb.
(3) Have a single portable code base instead of bsd + linux variants.
(4) Bring usb-host support to any platform supported by libusbx.
For now this goes side-by-side to the existing code. That is only to
simplify regression testing though, at the end of the day I want remove
the old code and support libusb exclusively. Merge early in 1.5 cycle,
remove the old code after 1.5 release or something like this.
Thanks to qdev the old and new code can coexist nicely on linux. Just
use "-device usb-host-linux" to use the old linux driver instead of the
libusb one (which takes over the "usb-host" name).
The bsd driver isn't qdev'ified so it isn't that easy for bsd.
I didn't bother making it runtime switchable, so you have to rebuild
qemu with --disable-libusb to get back the old code.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Is good enougth for unique device addresses and avoids the need for any
state for device addressing. Makes live migration support easier. Also
makes device->slot lookups trivial.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Check for port reset first and skip everything else then.
Add sanity checks for PLS updates.
Add PLC notification when entering PLS_U0 state.
This gets host-initiated port resume going on win8.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
usb-serial has a qdev chardev property, and hw/qdev-properties-system.c
already contains:
static void release_chr(Object *obj, const char *name, void *opaque)
{
DeviceState *dev = DEVICE(obj);
Property *prop = opaque;
CharDriverState **ptr = qdev_get_prop_ptr(dev, prop);
CharDriverState *chr = *ptr;
if (chr) {
qemu_chr_add_handlers(chr, NULL, NULL, NULL, NULL);
qemu_chr_fe_release(chr);
}
}
So doing the qemu_chr_add_handlers(s->cs, NULL, NULL, NULL, NULL); from
the usb handle_destroy function too will lead to it being done twice.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This one took me eons to debug, but I've finally found it now, oh well.
The usage of the MIN macro in this line:
last_out = MIN(len, qemu_chr_be_can_write(scd->chr));
Causes qemu_chr_be_can_write to be called *twice*, since the MIN macro
evaluates its arguments twice (bad MIN macro, bad!). And the result of
the call can change between the 2 calls since the guest may have consumed
some data from the virtio ringbuffer between the calls!
When this happens it is possible for qemu_chr_be_can_write to return less
then len in the call made for the comparision, and then to return more then
len in the actual call for the return-value of MIN, after which we will end
up writing len data + some extra garbage, not good.
This patch fixes this by only calling qemu_chr_be_can_write once.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
virtio-serial's buffer is valid when it calls us, and we don't
access it otherwise: vmc_read is only called in response to wakeup,
or else we set datalen=0 and throttle. Then vmc_read is called back,
we return 0 (not accessing the buffer) and set the timer to unthrottle.
Also make datalen int and not ssize_t (to fit spice_chr_write signature).
HdG: Update to apply to spice-qemu-char with new gio-channel based
flowcontrol support.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
We now require spice-server to be >= 0.12.0 so this is no longer needed.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This is necessary so that we get properly woken up to write the rest.
This patch also changes the len argument to the have_data callback, to
avoid doing an unsigned signed comparison.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
No change for 64 bit arches, but for 32 bit previously we zeroed half
the surfaces cmd array, instead of all of it.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The debug printfs on every page program/read is extremely verbose. Add
a second level of debug for this.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Some of the debug printfs in m25p80 are really guest errors.
Changed over to qemu_log_mask(LOG_GUEST_ERROR accordingly.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
The uint32_t *app argument doesn't exist in real hardware. It was a hack in
xilinx_axidma/enet to fake the (secondary) control stream connection. Removed
the argument and added the second stream to axienet/dma.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Implement flow control for the RX data path from xilinx_axienet->xilinx_axidma.
On short return from axidma, then ethernet sets up the notify callback to resume
transfer from where it left off.
This also allows the ethernet to track whether there is an in progress transaction
and return false from ethernet can_receive() as appropriate.
If the DMA backs up or is disabled it waits for enablement. When the rx stream IO
region is touched, the can_push() notify function is called if set.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Add basic flow control to stream. A stream slave may return short, indicating
that it is not capable of accepting any more data at the present time. Polling
or a callback can be used via the can_push() function to determine when the
slave can receive again.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Create a separate child object to proxy the stream slave connection. This is
setup for future work where a second stream slave connection is needed. The
new child object is created at qdev init time and is linked back to the parent
(the ethernet device itself) automatically.
Stream slave masters differentiate which slave connection they are connected to
by linking to the proxy object rather than the parent.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Create a separate child object to proxy the stream slave connection. This is
setup for future work where a second stream slave connection is needed. The
new child object is created at qdev init time and is linked back to the parent
(the ethernet device itself) automatically.
Stream slave masters differentiate which slave connection they are connected to
by linking to the proxy object rather than the parent.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Explicitly make the ethernet a child of the machine. This is needed to set
and use links pre-realize. Also makes the ethernet initialization consistent
with its peer DMA.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
The prescribed transition from SysBusDevice::init to Device::realize. I'm going
with Andreas suggestion to move the sysbus foo to Object::init for early IRQ
visibility.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
The prescribed transition from SysBusDevice::init to Device::realize. Im going
with Andreas suggestion to move the sysbus foo to Object::init for early IRQ
visibility.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
DisplayChangeListener gets a new QemuConsole field, which can be set to
non-NULL before registering. This will pin the QemuConsole, so that
particular DisplayChangeListener will not follow console switches.
spice+gtk (which don't support text console input anyway) are switched
over to be pinned to console 0, which usually is the graphical display.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
xenfb informs the guest about the gui refresh interval so it can avoid
pointless work. That logic was temporarely disabled for the
DisplayState reorganization. Restore it now, with a proper interface
for it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Make gui update rate adaption code in gui_update() actually work.
Sprinkle in a tracepoint so you can see the code at work. Remove
the update rate adaption code in vnc and make vnc simply use the
generic bits instead.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Pass a single GraphicHwOps struct pointer to graphic_console_init,
instead of a bunch of function pointers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
With gui_* being moved to console.c nobody outside console.c needs
access to DisplayState fields any more. Make the struct private.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
We have a surface per QemuConsole now, so there is no need to keep
track of the QemuConsole size any more as we can query the surface
size directly at any time.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Screendumps are alot simpler as we can update non-active
QemuConsoles now. So we only need to update the QemuConsole
we want write out, then dump the DisplaySurface content into
a ppm file. Done.
No console switching needed. No special support code in the
gfx card emulation needed. Zap it all. Also move ppm_save
out of the vga code and next to the qmp_screendump function.
For now screen dumping is limited to console #0 (like it used
to be), even though it is dead simple to extend it to other
consoles. I wanna finish the console cleanup before setting
new qapi interfaces into stone.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
Go away from the global DisplaySurface, give one to each QemuConsole
instead. With this patch applied it is possible to call
graphics_hw_* functions with qemu consoles which are not the current
foreground console.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add QemuConsole parameter to vga_hw_*, so the interface allows to update
non-active consoles (the actual code can't handle this yet, see next
patch). Passing NULL is allowed and updates the active console, like
the functions do today.
While touching all vga_hw_* calls anyway rename that to the functions to
hardware-neutral graphics_hw_*
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
We have only one DisplayState, so there is no need for the "next"
linking, rip it. Also consolidate all displaystate initialization
into init_displaystate(). This function is called by vl.c after
creating the devices (and thus all QemuConsoles) and before
initializing DisplayChangeListensers (aka gtk/sdl/vnc/spice ui).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Now that all text console rendering uses pixman we can easily
switch the color tables to use pixman_color_t directly.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add helper functions to create pixman mask images for glyphs
and to render these glyphs into a pixman image.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hardcode depth to 32 bpp. It effectively was that way before because
that is the default surface depth, this just makes it explicit in the
code.
Rename depth to new_depth to make it consistent with the new_width +
new_height names. In theory we can make new_depth changeable (i.e.
allow the guest to fill in -- say -- 16 there). In practice the guests
don't try, the X-Server refuses to start if you ask it to use 16bpp
depth (via DefaultDepth in the Screen section).
Always return the correct rmask+gmask+bmask values for the given
new_depth.
Fix mode setting to also verify at new_depth to make sure we have a
correct DisplaySurface, even if the current video mode happes to be
16bpp (set by vgabios via bochs vbe interface). While being at it
switch over to use qemu_create_displaysurface_from, so the surface is
backed by guest-visible video memory and we save a memcpy.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
In vmsvga display update function, a pointer to DisplaySurface must be acquired
after a call to vmsvga_check_size since this function might replace current
DisplaySurface with a new one.
Signed-off-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
In exynos4210 display update function, we were acquiring DisplaySurface
pointer before calling screen resize function, not paying attention that resize
procedure can replace current DisplaySurface with newly allocated one.
Right thing to do is to initialize DisplaySurface AFTER a call to resize function.
Signed-off-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Instead of forwarding from cris_cpu_do_interrupt() to do_interruptv10(),
override CPUClass::do_interrupt with crisv10_cpu_do_interrupt() in the
newly introduced class_init functions.
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Currently device_set_realized() sets parent only after device was realized,
but qdev_device_add() sets it before device is realized.
Make behavior consistent and alter device_set_realized() to behave like
qdev_device_add().
It will allow to set link<> properties in realize() method in classes
inherited from DEVICE.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Move CPU creation and features parsing into a separate cpu_x86_create()
function, so that board would be able to set board-specific CPU
properties before CPU is realized.
Keep cpu_x86_init() for compatibility with the code that uses cpu_init()
and doesn't need to modify CPU properties.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
* Add braces to 'if' statements;
* Remove last TAB character from the source.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
[AF: Changed whitespace]
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
... and define type name and type cast macro for kvmvapic according
to accepted convention.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
When APIC is hotplugged during CPU hotplug, device_set_realized()
calls device_reset() on it. And if QEMU runs in KVM mode, following
call chain will fail:
apic_reset_common()
-> kvm_apic_vapic_base_update()
-> kvm_vcpu_ioctl(cpu->kvm_fd,...)
due to cpu->kvm_fd not being initialized yet.
cpu->kvm_fd is initialized during qemu_init_vcpu() but x86_cpu_apic_init()
can't be moved after it because kvm_init_vcpu() -> kvm_arch_reset_vcpu()
relies on APIC to determine if CPU is BSP for setting initial env->mp_state.
So split APIC device creation from its initialization and realize APIC
after CPU is created, when it's safe to call APIC's reset method.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: liguang <lig.fnst@cn.fujitsu.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
We were missing a bunch of feature lists. Fix this by simply dumping
the meta list feature_word_info.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
kvm_enabled() cannot be true at this point because accelerators are
initialized much later during init. Also, hiding this makes it very hard
to discover for users. Simply dump unconditionally if CONFIG_KVM is set.
Add explanation for "host" CPU type.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This device is used for kvm unit tests,
currently it supports testing performance of ioeventfd.
Using updated kvm unittest, here's an example output:
mmio-no-eventfd:pci-mem 8796
mmio-wildcard-eventfd:pci-mem 3609
mmio-datamatch-eventfd:pci-mem 3685
portio-no-eventfd:pci-io 5287
portio-wildcard-eventfd:pci-io 1762
portio-datamatch-eventfd:pci-io 1777
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* bonzini/hw-dirs:
exec: remove useless declarations from memory-internal.h
memory: move core typedefs to qemu/typedefs.h
include: avoid useless includes of exec/ headers
sysemu: avoid proliferation of include/ subdirectories
tpm: reorganize headers and split hardware part
configure: fix TPM logic
acpi.h: make it self contained
acpi: move declarations from pc.h to acpi.h
hw: Add lost ARM core again
Fix failure to create q35 machine
Add linux-headers to QEMU_INCLUDES
arm: fix location of some include files
Conflicts:
configure
aliguori: trivial conflict in configure output
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Since commit 249d41720b (qdev: Prepare
"realized" property) setting realized = true would register the device's
VMStateDescription, but realized = false would not unregister it. Fix that.
Moving the code from unparenting also revealed that we were calling
DeviceClass::init through DeviceClass::realize as interim solution but
DeviceClass::exit still at unparenting time with a realized check.
Make this symmetrical by implementing DeviceClass::unrealize to call it,
while we're setting realized = false in the unparenting path.
The only other unrealize user is mac_nvram, which can safely override it.
Thus, mark DeviceClass::exit as obsolete, new devices should implement
DeviceClass::unrealize instead.
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1366043650-9719-1-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* 'tcg-ppc64' of git://github.com/rth7680/qemu: (33 commits)
tcg-ppc64: Handle deposit of zero
tcg-ppc64: Implement mulu2/muls2_i64
tcg-ppc64: Implement add2/sub2_i64
tcg-ppc64: Use getauxval for ISA detection
tcg-ppc64: Implement movcond
tcg-ppc64: Use ISEL for setcond
tcg-ppc64: Use MFOCRF instead of MFCR
tcg-ppc64: Cleanup i32 constants to tcg_out_cmp
tcg-ppc64: Use TCGType throughout compares
tcg-ppc64: Use I constraint for mul
tcg-ppc64: Implement deposit
tcg-ppc64: Handle constant inputs for some compound logicals
tcg-ppc64: Implement compound logicals
tcg-ppc64: Implement bswap64
tcg-ppc64: Implement bswap16 and bswap32
tcg-ppc64: Implement rotates
tcg-ppc64: Streamline qemu_ld/st insn selection
tcg-ppc64: Use automatic implementation of ext32u_i64
tcg-ppc64: Improve and_i64 with constant
tcg-ppc64: Improve and_i32 with constant
...
Currently the qemu-nbd program will auto-detect the format of
any disk it is given. This behaviour is known to be insecure.
For example, if qemu-nbd initially exposes a 'raw' file to an
unprivileged app, and that app runs
'qemu-img create -f qcow2 -o backing_file=/etc/shadow /dev/nbd0'
then the next time the app is started, the qemu-nbd will now
detect it as a 'qcow2' file and expose /etc/shadow to the
unprivileged app.
The only way to avoid this is to explicitly tell qemu-nbd what
disk format to use on the command line, completely disabling
auto-detection. This patch adds a '-f' / '--format' arg for
this purpose, mirroring what is already available via qemu-img
and qemu commands.
qemu-nbd --format raw -p 9000 evil.img
will now always use raw, regardless of what format 'evil.img'
looks like it contains
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
[Use errx, not err. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The TCG optimizer does great work when inserting constants, being able
to fold the open-coded deposit expansion to just an AND or an OR. Avoid
a bit the regression caused by having the deposit opcode by expanding
deposit of zero as an AND.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Glibc 2.16 includes an easy way to get feature bits previously
buried in /proc or the program startup auxiliary vector. Use it.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
There are a few simple special cases that should be handled first.
Break these out to subroutines to avoid code duplication.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
It takes half the cycles to read one CR register instead of all 8.
This is a backward compatible addition to the ISA, so chips prior
to Power 2.00 spec will simply continue to read the entire CR register.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Nothing else in the call chain ensures that these
constants don't have garbage in the high bits.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
The optimization/bug being fixed is that tcg_out_cmp was not applying the
right type to loading a constant, in the case it can't be implemented
directly. Rather than recomputing the TCGType enum from the arch64 bool,
pass around the original TCGType throughout.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
The mul_i32 pattern was loading non-16-bit constants into a register,
when we can get the middle-end to do that for us. The mul_i64 pattern
was not considering that MULLI takes 64-bit inputs.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Since we have special code to handle and/or/xor with a constant,
apply the same to andc/orc/eqv with a constant.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Using a table to look up insns of the right width and sign.
Include support for the Power 2.06 LDBRX and STDBRX insns.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Handle constants in common code; we'll want to reuse that later.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Improve constant addition -- previously we'd emit useless addi with 0.
Use new constraints to force the driver to pull full 64-bit constants
into a register.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
We'll need a zero, and Z makes more sense for that. Make sure we
have a full compliment of signed and unsigned 16 and 32-bit tests.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
The test for using movi32 was sub-optimal for TCG_TYPE_I32, comparing
a signed 32-bit quantity against an unsigned 32-bit quantity.
When possible, use addi+oris for 32-bit unsigned constants. Otherwise,
standardize on addi+oris+ori instead of addis+ori+rldicl.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
We weren't ignoring the high 32 bits during a NE comparison.
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Headers in include/exec/ are for the deepest innards of QEMU,
they should almost never be included directly.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The TPM subsystem does not have a full front-end/back-end separation.
The sole available backend, tpm_passthrough, depends on the data
structures of the sole available frontend, tpm_tis.
However, we can at least try to split the user interface (tpm.c) from the
implementation (hw/tpm). The patches makes tpm.c not include tpm_int.h,
which is shared between tpm_tis.c and tpm_passthrough.c; instead it
moves more stuff to tpm_backend.h.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
After attaching the source, we have to remove the reference we hold
to it, because we do not hold anymore a pointer to the source.
If we do not do this, removing the source will not finalize it and
will not drop the "real" I/O watch source.
This showed up when backporting the new flow control patches to older
versions of QEMU that still used select. The whole select then failed
with EBADF (poll instead will reporting POLLNVAL on a single pollfd)
and QEMU froze.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1365600207-21685-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This fix the broken aliases, by renaming the devices.
So: * virtio-blk => virtio-blk-device.
* virtio-balloon => virtio-balloon-device.
* virtio-scsi => virtio-scsi-device.
All virtio-*-pci, virtio-*-s390, virtio-*-ccw didn't change.
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Message-id: 1365501888-14602-1-git-send-email-fred.konrad@greensocs.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Disable the Nagle algorithm to reduce latency. Note this means we must
also use TCP_CORK when sending header followed by payload to avoid
fragmenting lots of little packets. The previous patch took care of
that.
Suggested-by: Nick Thomas <nick@bytemark.co.uk>
Tested-by: Nick Thomas <nick@bytemark.co.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Use TCP_CORK to defer packet transmission until both the header and the
payload have been written.
Suggested-by: Nick Thomas <nick@bytemark.co.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The operands for MAQ_SA_W.PHL/MAQ_SA_W.PHR must in specified format.
Otherwise, the results are unpredictable. Once the operands were corrected
in the tests (part of this change), a bug in mipsdsp_mul_q15_q15 became
visible.
This change corrects the tests for MAQ_SA_W.PHL/MAQ_SA_W.PHR and fixes
sign-related issue in mipsdsp_mul_q15_q15. It also removes unnecessary
comment.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
In handling float64_muladd, if we end up doing a subtraction of the
product and c, and the 128 bit result of this subtraction happens to
have its most significant bit in bit 63, we weren't handling this
correctly when attempting to normalize to put the most significant
bit into bit 126. We would end up doing a right shift by a negative
number (undefined behaviour in C) so at best we would return an
incorrect result to the guest. MSB in bit 63 has to be handled as a
special case separately from MSB in 0..62 and MSB in 63..126. (MSB
in 127 is not possible.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
A non-native i386 or x86_64 emulator should not have TPM passthrough
support, since the TPM is only present for those hosts.
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Headers shouldn't assume another header is included,
pull in everything necessary.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Functions defined in acpi/ should be declared in
acpi.h
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This is a regression introduced by c0907c9e64. How to reproduce:
$ qemu-system-x86_64 -nodefaults -vnc :0 -M q35
qemu-system-x86_64: Unknown device 'q35-pcihost' for default sysbus
Aborted (core dumped)
Tested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
virtio/dataplane/vring.c requires the Linux headers and is built for all
targets. So we need to add the corresponding include to QEMU_INCLUDES to
avoid that outdated distribution headers are used.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The recent rearrangement of include files had some minor errors:
devices.h is not ARM specific and should not be in arm/
arm.h should be in arm/
Move these two headers to correct this.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* stefanha/block:
rbd: add an asynchronous flush
iotests: Add 'check -ssh' option to test Secure Shell block device.
block: ssh: Use libssh2_sftp_fsync (if supported by libssh2) to flush to disk.
block: Add support for Secure Shell (ssh) block device.
ide: refuse WIN_READ_NATIVE_MAX on empty device
qemu-iotests: filter QEMU_PROG in 051.out
qemu-iotests: Add test for -drive options
qemu-iotests: A few more bdrv_pread/pwrite tests
block: Introduce bdrv_pwritev() for qcow2_save_vmstate
savevm: Implement block_writev_buffer()
block: Introduce bdrv_writev_vmstate
Conflicts:
savevm.c
aliguori: add f->pos parameter to writev_buffer().
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Michal Novotny (2) and Eric Blake (1)
# Via Luiz Capitulino
* luiz/queue/qmp:
qapi: use valid JSON in schema
Revert "New QMP command query-cpu-max and HMP command cpu_max"
New cpu-max field in query-machines QMP command output
Message-id: 1365775103-18737-1-git-send-email-lcapitulino@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Paolo Bonzini
# Via Juan Quintela
* quintela/migration.next:
migration: simplify writev vs. non-writev logic
migration: drop is_write complications
migration: use a single I/O operation when writev_buffer is not defined
migration: set f->is_write and flush in add_to_iovec
Message-id: 1365512961-15623-1-git-send-email-quintela@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The existing bdrv_co_flush_to_disk implementation uses rbd_flush(),
which is sychronous and causes the main qemu thread to block until it
is complete. This results in unresponsiveness and extra latency for
the guest.
Fix this by using an asynchronous version of flush. This was added to
librbd with a special #define to indicate its presence, since it will
be backported to stable versions. Thus, there is no need to check the
version of librbd.
Implement this as bdrv_aio_flush, since it matches other aio functions
in the rbd block driver, and leave out bdrv_co_flush_to_disk when the
asynchronous version is available.
Reported-by: Oliver Francke <oliver@filoo.de>
Signed-off-by: Josh Durgin <josh.durgin@inktank.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Note in order to run these tests on ssh, you must be running a local
ssh daemon, and that daemon must accept loopback connections, and
ssh-agent has to be set up to allow logins on the local daemon. In
other words, the following command should just work without demanding
any passphrase:
ssh localhost
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
libssh2_sftp_fsync is an extension to libssh2 to support fsync(2) over
sftp, which is itself an extension of OpenSSH.
If both libssh2 and the ssh daemon support it, this will allow
bdrv_flush_to_disk to commit changes through to disk on the remote
server.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
qemu-system-x86_64 -drive file=ssh://hostname/some/image
QEMU will ssh into 'hostname' and open '/some/image' which is made
available as a standard block device.
You can specify a username (ssh://user@host/...) and/or a port number
(ssh://host:port/...). You can also use an alternate syntax using
properties (file.user, file.host, file.port, file.path).
Current limitations:
- Authentication must be done without passwords or passphrases, using
ssh-agent. Other authentication methods are not supported.
- Uses a single connection, instead of concurrent AIO with multiple
SSH connections.
This is implemented using libssh2 on the client side. The server just
requires a regular ssh daemon with sftp-server support. Most ssh
daemons on Unix/Linux systems will work out of the box.
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Cc: Stefan Hajnoczi <stefanha@gmail.com>
Cc: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
What is the highest addressable sector on an empty CD-ROM? Nothing is
addressable so produce an error.
This patch prevents a divide-by-zero in ide_set_sector() since
s->sectors and s->heads would be 0. Not to mention that a sector=-1
argument would be nonsense.
Note that WIN_READ_NATIVE_MAX can be triggered using hdparm -N 1024
/dev/cdrom. The LBA bit will be set to 1 though, so the only easy way
to go down the ide_set_sector() CHS code path which divides by zero is
to comment out the s->select & 0x40 case for testing.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Filter the name of the QEMU executable so the output can be diffed no
matter what QEMU_PROG is (e.g. qemu-system-x86_64).
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Directly pass the QEMUIOVector on instead of linearising it.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Instead of breaking up RAM state into many small chunks, pass the iovec
to the block layer for better performance.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Known bugs in to_json():
* A start byte for a three-byte sequence followed by less than two
continuation bytes is split into one-byte sequences.
* Start bytes for sequences longer than three bytes get misinterpreted
as start bytes for three-byte sequences. Continuation bytes beyond
byte three become one-byte sequences.
This means all characters outside the BMP are decoded incorrectly.
* One-byte sequences with the MSB are put into the JSON string
verbatim when char is unsigned, producing invalid UTF-8. When char
is signed, they're replaced by "\\uFFFF" instead.
This includes \xFE, \xFF, and stray continuation bytes.
* Overlong sequences are happily accepted, unless screwed up by the
bugs above.
* Likewise, sequences encoding surrogate code points or noncharacters.
* Unlike other control characters, ASCII DEL is not escaped. Except
in overlong encodings.
My rewrite fixes them as follows:
* Malformed UTF-8 sequences are replaced.
Except the overlong encoding \xC0\x80 of U+0000 is still accepted.
Permits embedding NUL characters in C strings. This trick is known
as "Modified UTF-8".
* Sequences encoding code points beyond Unicode range are replaced.
* Sequences encoding code points beyond the BMP produce a surrogate
pair.
* Sequences encoding surrogate code points are replaced.
* Sequences encoding noncharacters are replaced.
* ASCII DEL is now always escaped.
The replacement character is U+FFFD.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Test cases cover the two noncharacters in the BMP. Add tests for the
other 64 noncharacters.
Three existing test cases involve noncharacters U+FFFF and U+10FFFF.
Instead of deleting them as now duplicates, adjust them to use U+FFFC
and U+10FFFFD.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* 'mingw' of git://qemu.weilnetz.de/qemu:
qemu-timer: move timeBeginPeriod/timeEndPeriod to os-win32
Release SMP restriction on Windows
Ensure good ordering of memory instruction in cpu_exec
Check effective suspension of TCG thread
Remove static attribute to Td[0-5] and Te[0-5] tables so that they
can be used outside of aes.c. Change their type from u32 to uint32_t,
to keep the u32 udef local to aes.c. Prefix them with AES_ so that they
do not conflict with other symbols.
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This brings us a step closer to QOM'ified SH7750 SoC and
fixes b350ab75 (target-sh4: Move PVR/PRR/CVR into SuperHCPUClass)
assuming SuperHCPU type for SUPERH_CPU_GET_CLASS().
Fix Coding Style issues while at it (indentation, braces).
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Print an error message as done for the r2d machine and exit.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
* 'tci' of git://qemu.weilnetz.de/qemu:
tci: Make tcg temporaries local to tcg_qemu_tb_exec
tci: Delete unused tb_ret_addr
tci: Avoid code before declarations
tci: Use a local variable for env
tci: Use 32-bit signed offsets to loads/stores
* 'tcg-s390' of git://github.com/rth7680/qemu:
tcg-s390: Fix merge error in tgen_brcond
tcg-s390: Use all 20 bits of the offset in tcg_out_mem
tcg-s390: Use load-address for addition
tcg-s390: Cleanup argument shuffling fixme in softmmu code
tcg-s390: Use risbgz for andi
tcg-s390: Remove constraint letters for and
tcg-s390: Implement deposit opcodes
tcg-s390: Implement movcond opcodes
tcg-s390: Implement mulu2_i64 opcode
tcg-s390: Implement add2/sub2 opcodes
tcg-s390: Remove useless preprocessor conditions
tcg-s390: Properly allocate a stack frame.
tcg-s390: Fix movi
These are needed for any of the Win32 alarm timer implementations.
They are not tied to mmtimer exclusively.
Jacob tested this patch with both mmtimer and Win32 timers.
Cc: qemu-stable@nongnu.org
Tested-by: Jacob Kroon <jacob.kroon@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
The previous patches make QEMU SMP safe on Windows, we can now release
the restriction.
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
The IO thread, when it senses cpu_single_env == 0, expects exit_request
to be checked later on. A compiler scheduling constraint is not strong
enough to ensure this on modern architecture. A memory fence is needed
as well.
Signed-off-by: Olivier Hainque <hainque@adacore.com>
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
On multi-core systems, SuspendThread does not guaranty immediate thread
suspension. We add busy loop to wait for effective thread suspension
after call to ThreadSuspend().
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
This reverts commit 4d700430a2 as asked by
Luiz. The patch has been obsoleted by extending MachineInfo structure
by cpu-max field.
Signed-off-by: Michal Novotny <minovotn@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Alter the query-machines QMP command to output information about
maximum number of CPUs for each machine type with default value
set to 1 in case the number of max_cpus is not set.
Signed-off-by: Michal Novotny <minovotn@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
The CONFIG_DEBUG_EXEC define compiles out a single qemu_log_mask()
call, which is a pretty trivial cost even for something in the main
cpu_exec() loop. Having this be conditionally defined means that
'-d exec' on a non-debug build will silently do nothing. Drop the
define and the configure machinery that sets it, in favour of just
always allowing this log option to be enabled at runtime. As a
concession to the mainloopiness, we use qemu_loglevel_mask()+qemu_log()
rather than qemu_log_mask() to avoid the function call overhead.
Note that DEBUG_DISAS is always defined, so removing the
'|| defined(CONFIG_DEBUG_EXEC)' from those conditionals makes
no behavioural change for that logging.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This change makes conversion of TARGET_O_NONBLOCK and TARGET_O_CLOEXEC flags
to host flags before calling eventfd for TARGET_NR_eventfd2.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Register the CPU VMState in the correct way, via cpu_class_set_vmsd(),
rather than doing it in two different wrong ways (once by providing
cpu_save and cpu_load functions, and once by setting the vmsd field in
DeviceClass).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
We're moving away from the temporaries stored in env. Make sure we can
differentiate between temp stores and possibly bogus stores for extra
call arguments. Move TCG_AREG0 and TCG_REG_CALL_STACK out of the way
of the parameter passing registers.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off by: Stefan Weil <sw@weilnetz.de>
This only valid with c99 extensions enabled, and easy to avoid.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off by: Stefan Weil <sw@weilnetz.de>
Since we have total conversion away from global AREG0, we do not
need a global variable named "env". Retain that name as the
function parameter inside the interpreter.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off by: Stefan Weil <sw@weilnetz.de>
Since the change to tcg_exit_req, the first insn of every TB is
a load with a negative offset from env.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off by: Stefan Weil <sw@weilnetz.de>
Check f->iovcnt in add_to_iovec, f->buf_index in qemu_put_buffer/byte.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
The same QEMUFile is never used for both read and write. Simplify
the logic to simply look for presence or absence of the right ops.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
The recent patches to use vectored I/O for RAM migration caused a
regression in savevm speed. To restore previous performance,
add data to the buffer in qemu_put_buffer_async whenever writev_buffer
is not available in the QEMUFile.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
# By Paolo Bonzini
# Via Paolo Bonzini
* bonzini/hw-dirs: (35 commits)
hw: move private headers to hw/ subdirectories.
MAINTAINERS: update for source code movement
hw: move last file to hw/arm/
hw: move hw/kvm/ to hw/i386/kvm
hw: move ARM CPU cores to hw/cpu/, configure with default-configs/
hw: move other devices to hw/misc/, configure with default-configs/
hw: move NVRAM interfaces to hw/nvram/, configure with default-configs/
hw: move GPIO interfaces to hw/gpio/, configure with default-configs/
hw: move interrupt controllers to hw/intc/, configure with default-configs/
hw: move DMA controllers to hw/dma/, configure with default-configs/
hw: move VFIO and ivshmem to hw/misc/
hw: move PCI bridges to hw/pci-* or hw/ARCH
hw: move SD/MMC devices to hw/sd/, configure with default-configs/
hw: move timer devices to hw/timer/, configure with default-configs/
hw: move ISA bridges and devices to hw/isa/, configure with default-configs/
hw: move char devices to hw/char/, configure via default-configs/
hw: move more files to hw/xen/
hw: move SCSI controllers to hw/scsi/, configure via default-configs/
hw: move SSI controllers to hw/ssi/, configure via default-configs/
hw: move I2C controllers to hw/i2c/, configure via default-configs/
...
Message-id: 1365442249-18259-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Many of these should be cleaned up with proper qdev-/QOM-ification.
Right now there are many catch-all headers in include/hw/ARCH depending
on cpu.h, and this makes it necessary to compile these files per-target.
However, fixing this does not belong in these patches.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The gthread coroutine backend is broken and does not produce a working
QEMU; it is only useful for some very limited debugging situations.
Clean up the backend selection logic in configure so that it now runs
"if on windows use windows; else prefer ucontext; else sigaltstack".
To do this we refactor the configure code to separate out "test
whether we have a working ucontext", "pick a default if user didn't
specify" and "validate that user didn't specify something invalid",
rather than having all three of these run together. We also simplify
the Makefile logic so it just links in the backend the configure
script selects.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1365419487-19867-3-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
I misread the glib manual, g_source_remove does not let you re-attach
the source later. This behavior (called "blocking" the source in glib)
is present in glib's source code, but private and not available outside
glib; hence, we have to resort to re-creating the source every time.
In fact, g_source_remove and g_source_destroy are the same thing,
except g_source_destroy is O(1) while g_source_remove scans a potentially
very long list of GSources in the current main loop. Ugh. Better
use g_source_destroy explicitly, and leave "tags" to those dummies who
cannot track their pointers' lifetimes.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1365426195-12596-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Laszlo Ersek (2) and others
# Via Michael Roth
* mdroth/qga-pull-4-2-13:
qemu-ga: ga_get_fd_handle(): abort if fd_counter overflows
qga schema: document generic QERR_UNSUPPORTED
qga schema: mark optional GuestLogicalProcessor.can-offline with #optional
qga: add windows implementation for guest-set-time
qga: add windows implementation for guest-get-time
# By Gerd Hoffmann (7) and Hans de Goede (3)
# Via Gerd Hoffmann
* kraxel/usb.79:
usb-tablet: Don't claim wakeup capability for USB-2 version
usb: update docs for bus name change
usb-hub: report status changes only once
usb-hub: limit chain length
xhci: zap unused name field
xhci: remove unimplemented printfs
xhci: remove leftover debug printf
xhci: fix numintrs sanity checks
usb-redir: Add flow control support
usb-redir: Fix crash on migration with no client connected
iPXE vmxnet3 driver makes a few assumptions regarding device operation
that were missed during testing with Linux and Windows drivers.
This patch adds following logic:
1. Additional GET commands processing added
2. Max number of RX chunks should be set to 1 when driver passes 0
via corresponding shared memory field
3. Enforecement for max chunks number added
Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* 'arm-devs.next' of git://git.linaro.org/people/pmaydell/qemu-arm:
hw/nand.c: Fix nand erase operation
cadence_uart: Flush queued characters on reset
pl330: Don't inhibit ES bits on INTEN
pflash_cfi01: Implement migration support
pflash_cfi01: Drop unused 'bypass' field
hw/arm_gic_common: Use vmstate struct rather than save/load functions
arm_gic: Fix sizes of state fields in preparation for vmstate support
vmstate: Add support for two dimensional arrays
hw/onenand.c: fix migration of dynamically allocated buffer "otp"
hw/sd.c: fix migration of dynamically allocated buffer "buf"
vmstate.h: introduce VMSTATE_BUFFER_POINTER_UNSAFE macro
hw/arm_mptimer: Save the timer state
pl050: Don't send always-constant is_mouse field
hw/arm/nseries: don't print to stdout or stderr
When the TCG condition codes were re-organized last year,
we failed to update all of the "old-style" tests for unsigned.
Signed-off-by: Richard Henderson <rth@twiddle.net>
This can save one insn, if the constant has any bits in 32-63 set,
but no bits in 21-31 set. It never results in more insns.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Since we're always in 64-bit mode, load address performs a full
64-bit add. Use that for 3-address addition, as well as for
larger constant addends when we lack extended-immediates facility.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Since we have a free temporary and can always just load the constant, we
ought to do so, rather than spending the same effort constraining the const.
Signed-off-by: Richard Henderson <rth@twiddle.net>
We only support 64-bit code generation for s390x.
Don't clutter the code with ifdefs that suggest otherwise.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Set TCG_TARGET_CALL_STACK_OFFSET properly for the abi. Allocate the
standard TCG_STATIC_CALL_ARGS_SIZE. And while we're at it, allocate
space for CPU_TEMP_BUF_NLONGS.
Signed-off-by: Richard Henderson <rth@twiddle.net>
The char-flow refactoring introduced a busy-wait that depended on
an action from the VCPU thread. However, the VCPU thread could
never take that action because the busy-wait starved the VCPU thread
of the BQL because it never dropped the mutex while running select.
Paolo doesn't want to drop this optimization for fear that we will
stop detecting these busy waits. I'm afraid to keep this optimization
even with the busy-wait fixed because I think a similar problem can
occur just with heavy I/O thread load manifesting itself as VCPU pauses.
As a compromise, introduce an artificial timeout after a thousand
iterations but print a rate limited warning when this happens. This
let's us still detect when this condition occurs without it being
a fatal error.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1365169560-11012-1-git-send-email-aliguori@us.ibm.com
The character backend refactoring introduced an undesirable busy wait.
The busy wait happens if can_read returns zero and there is data available
on the character device's file descriptor. Then, the I/O watch will
fire continuously and, with TCG, the CPU thread will never run.
1) Char backend asks front end if it can write
2) Front end says no
3) poll() finds the char backend's descriptor is available
4) Goto (1)
What we really want is this (note that step 3 avoids the busy wait):
1) Char backend asks front end if it can write
2) Front end says no
3) poll() goes on without char backend's descriptor
4) Goto (1) until qemu_chr_accept_input() called
5) Char backend asks front end if it can write
6) Front end says yes
7) poll() finds the char backend's descriptor is available
8) Backend handler called
After this patch, the IOWatchPoll source and the watch source are
separated. The IOWatchPoll is simply a hook that runs during the prepare
phase on each main loop iteration. The hook adds/removes the actual
source depending on the return value from can_read.
A simple reproducer is
qemu-system-i386 -serial mon:stdio
... followed by banging on the terminal as much as you can. :) Without
this patch, emulation will hang.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1365177573-11817-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Peter Crosthwaite (2) and others
# Via Stefan Hajnoczi
* stefanha/trivial-patches:
xilinx_zynq: Cleanup ssi_create_slave
petalogix_ml605_mmu: Cleanup ssi_create_slave()
target-s390: Fix SRNMT
linux-user: Don't omit comma for strace of rt_sigaction()
test-visitor-serialization: Fix some memory leaks
# By Alex Bligh (2) and Felipe Franciosi (2)
# Via Stefano Stabellini
* sstabellini/xen-2013-04-05:
Allow xen guests to plug disks of 1 TiB or more
Introduce 64 bit integer write interface to xenstore
Xen PV backend: Disable use of O_DIRECT by default as it results in crashes.
Xen PV backend: Move call to bdrv_new from blk_init to blk_connect
# By Stefan Hajnoczi (4) and Kevin Wolf (3)
# Via Kevin Wolf
* kwolf/for-anthony:
qcow2: Fix L1 write error handling in qcow2_update_snapshot_refcount
qcow2: Return real error in qcow2_update_snapshot_refcount
block: clean up I/O throttling wait_time code
block: drop duplicated slice extension code
block: keep I/O throttling slice time constant
block: fix I/O throttling accounting blind spot
usb-storage: Forward serial number to scsi-disk
It ignored the error code, and at least the 'goto fail' is obvious
nonsense as it creates an endless loop (if the next attempt doesn't
magically succeed) and leaves the in-memory L1 table in big-endian
instead of converting it back.
In error cases, there's no point in writing an updated L1 table, so
skip this part for them.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The wait_time variable is in seconds. Reflect this in a comment and use
NANOSECONDS_PER_SECOND instead of BLOCK_IO_SLICE_TIME * 10 (which
happens to have the right value).
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-By: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The current slice is extended when an I/O request exceeds the limit.
There is no need to extend the slice every time we check a request.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-By: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
It is not necessary to adjust the slice time at runtime. We already
extend the current slice in order to carry over accounting into the next
slice. Changing the actual slice time value introduces oscillations.
The guest may experience large changes in throughput or IOPS from one
moment to the next when slice times are adjusted.
Reported-by: Benoît Canet <benoit@irqsave.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-By: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
I/O throttling relies on bdrv_acct_done() which is called when a request
completes. This leaves a blind spot since we only charge for completed
requests, not submitted requests.
For example, if there is 1 operation remaining in this time slice the
guest could submit 3 operations and they will all be submitted
successfully since they don't actually get accounted for until they
complete.
Originally we probably thought this is okay since the requests will be
accounted when the time slice is extended. In practice it causes
fluctuations since the guest can exceed its I/O limit and it will be
punished for this later on.
Account for I/O upon submission so that I/O limits are enforced
properly.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-By: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
usb-storage takes care to fetch the USB serial number from -drive
options, but it neglected to pass its own 'serial' property to the
scsi-disk it creates. With this patch, the 'serial' qdev property and
the 'serial' option in -drive behave the same and correctly apply the
serial number on both USB and SCSI level.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Usually, nand erase operation has only 2 or 3 address cycles.
We need to mask s->addr to zero unset stale high-order bytes in the nand address
before using it as the erase address.
This fixes the NAND erase operation in Linux.
[PC: Generalised to work for any number of address cycles rather than just 3]
Signed-off-by: Wendy Liang <jliang@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1364967188-26711-1-git-send-email-peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This if-else logic inhibits setting of the event status (ES) bits
when interrupts are enabled. This is incorrect. ES should be set
regardless on INTEN state. INTEN only inhibits the signalling of
events to PL330 threads, not setting of the ES register.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The current xen backend driver implementation uses int64_t variables
to store the size of the corresponding backend disk/file. It also uses
an int64_t variable to store the block size of that image. When writing
the number of sectors (file_size/block_size) to xenstore, however, it
passes these values as 32 bit signed integers. This will cause an
overflow for any disk of 1 TiB or more.
This patch changes the xen backend driver to use a 64 bit integer write
xenstore function.
Signed-off-by: Felipe Franciosi <felipe@paradoxo.org>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
The current implementation of xen_backend only provides 32 bit integer
functions to write to xenstore. This patch adds two functions that
allow writing 64 bit integers (one generic function and another for
the backend only).
This patch also fixes the size of the char arrays used to represent
these integers as strings (originally 32 bytes, however no more than
12 bytes are needed for 32 bit integers and no more than 21 bytes are
needed for 64 bit integers).
Signed-off-by: Felipe Franciosi <felipe@paradoxo.org>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Due to what is almost certainly a kernel bug, writes with O_DIRECT may
continue to reference the page after the write has been marked as
completed, particularly in the case of TCP retransmit. In other
scenarios, this "merely" risks data corruption on the write, but with
Xen pages from domU are only transiently mapped into dom0's memory,
resulting in kernel panics when they are subsequently accessed.
This brings PV devices in line with emulated devices. Removing
O_DIRECT is safe as barrier operations are now correctly passed
through.
See:
http://lists.xen.org/archives/html/xen-devel/2012-12/msg01154.html
for more details.
Signed-off-by: Alex Bligh <alex@alex.org.uk>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
This commit delays the point at which bdrv_new (and hence blk_open
on the underlying device) is called from blk_init to blk_connect.
This ensures that in an inbound live migrate, the block device is
not opened until it has been closed at the other end. This is in
preparation for supporting devices with open/close consistency
without using O_DIRECT. This commit does NOT itself change O_DIRECT
semantics.
Signed-off-by: Alex Bligh <alex@alex.org.uk>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
In preparation for switching to vmstate for migration support, fix
the sizes of various GIC state fields. In particular, we replace all
the bitfields (which VMState can't deal with) with straightforward
uint8_t values which we do bit operations on. (The bitfields made
more sense when NCPU was set differently in different situations,
but we now always model at the architectural limit of 8.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-id: 1363975375-3166-3-git-send-email-peter.maydell@linaro.org
Add support for migrating two dimensional arrays, by defining
a set of new macros VMSTATE_*_2DARRAY paralleling the existing
VMSTATE_*_ARRAY macros. 2D arrays are handled the same for actual
state serialization; the only difference is that the type check
has to change for a 2D array.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
Message-id: 1363975375-3166-2-git-send-email-peter.maydell@linaro.org
Remove various bits of printing to stdout or stderr from the
nseries code, replacing it with a qemu log message where there's
an appropriate log category, and just dropping the output for
some of the more debug-like printing.
In particular, this will get rid of the 'mipid_reset' message
you currently get from 'make check'.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-id: 1363368565-24546-1-git-send-email-peter.maydell@linaro.org
# By Luiz Capitulino
# Via Luiz Capitulino
* luiz/queue/qmp:
chardev: drop the Memory chardev driver
hmp: human-monitor-command: stop using the Memory chardev driver
Monitor: Make output buffer dynamic
qstring: add qstring_get_length()
With the recent m25p80 cleanup there is no need to use
ssi_create_slave_no_init() anymore. Just use ssi_create_slave().
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
With the recent m25p80 cleanup there is no need to use
ssi_create_slave_no_init() anymore. Just use ssi_create_slave().
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The Memory chardev driver was added because, as the Monitor's output
buffer was static, we needed a way to accumulate the output of an
HMP commmand when ran by human-monitor-command.
However, the Monitor's output buffer is now dynamic, so it's possible
for the human-monitor-command to use it instead of the Memory chardev
driver.
This commit does that change, but there are two important
observations about it:
1. We need a way to signal to the Monitor that it shouldn't call
chardev functions when flushing its output. This is done
by adding a new flag to the Monitor object called skip_flush
(which is set to true by qmp_human_monitor_command())
2. The current code has buffered semantics: QMP clients will
only see a command's output if it flushes its output with
a new-line character. This commit changes this to unbuffered,
which means that QMP clients will see a command's output
whenever the command prints anything.
I don't think this will matter in practice though, as I believe
all HMP commands print the new-line character anyway.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Commit f628926bb4 changed monitor_flush()
to retry on qemu_chr_fe_write() errors. However, the Monitor's output
buffer can keep growing while the retry is not issued and this can
cause the buffer to overflow.
To reproduce this issue, just start qemu and type on the Monitor:
(qemu) ?
This will cause an assertion to trig.
To fix this problem this commit makes the Monitor buffer dynamic,
which means that it can grow as much as needed.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Pass the 'last' parameter of print_signal() through to
print_raw_param(); this fixes a problem where we weren't printing
the comma separator for strace of rt_sigaction() when the signal
was an unnamed (ie realtime) one:
6856 rt_sigaction(230xf6fff870,0xf6fff8fc) = 0
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This patch fixes some of the memory leaks in test-visitor-serialization but not all of them.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Allow the clock_gettime() code using monotonic clock to be utilized on
more POSIX compliannt OS's. This started as a fix for OpenBSD which was
listed in one function as part of the previous hard coded list of OS's
for the functions to support but not in the other.
Signed-off-by: Brad Smith <brad@comstyle.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20130405003748.GH884@rox.home.comstyle.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The new function acpi_table_install() installs any blob the caller passes
in. In the next patches this function will be promoted from helper role to
extern.
Reimplementing the logic should make it easier to understand. It also
removes a buffer overflow when
has_header &&
cumulative_file_size < ACPI_TABLE_HDR_SIZE - ACPI_TABLE_PFX_SIZE
(In that case the g_realloc() call in the read() loop used to shrink the
"acpi_tables" array, causing an out-of-bounds read access when copying the
header out of "acpi_tables".)
The new code isn't more daring alignment-wise than its predecessor:
"acpi_table_header" is packed, and the uint32_t fields are at offsets 6,
26, and 34.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1363821803-3380-7-git-send-email-lersek@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The data is binary, not textual.
Also, acpi_table_add() abuses the "char *f" pointer -- which normally
points to file names to load -- to poke into the table. Introduce "char
unsigned *table_start" for that purpose.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1363821803-3380-3-git-send-email-lersek@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
chardev-frontends need to explictly check, increase and decrement the
avail_connections "property" of the chardev when they are not using a
qdev-chardev-property for the chardev.
This fixes things like:
qemu-kvm -chardev stdio,id=foo -device isa-serial,chardev=foo \
-mon chardev=foo
Working, where they should fail. Most of the changes here are due to
old hardware emulation code which is using serial_hds directly rather then
a qdev-chardev-property.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Message-id: 1364412581-3672-3-git-send-email-hdegoede@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Otherwise make will refuse to build updated .po files.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
While investigating why a 32 bit Windows 2003 guest wasn't able to
successfully perform a shutdown /h, it was discovered that commit
afafe4bbe0 inadvertently dropped the
initialization of the s4_val used to handle s4 shutdown.
Initialize the value as before.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Message-id: 1364928100-487-1-git-send-email-brogers@suse.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
commit 5ec01c2e96 broke "-cpu ..,enforce",
as it has moved kvm_check_features_against_host() after the
filter_features_for_kvm() call. filter_features_for_kvm() removes all
features not supported by the host, so this effectively made
kvm_check_features_against_host() impossible to fail.
This patch changes the call so we check for host feature support before
filtering the feature bits.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-id: 1364935692-24004-1-git-send-email-ehabkost@redhat.com
Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Hanweidong (1) and Stefano Stabellini (1)
# Via Stefano Stabellini
* sstabellini/xen-2013-04-03:
xen-mapcache: pass the right size argument to test_bits
xen-mapcache: replace last_address_index with a last_entry pointer
Compute the correct size for test_bits().
qemu_get_ram_ptr() and qemu_safe_ram_ptr() will call xen_map_cache()
with size is 0 if the requested address is in the RAM. Then
xen_map_cache() will pass the size 0 to test_bits() for checking if the
corresponding pfn was mapped in cache. But test_bits() will always
return 1 when size is 0 without any bit testing. Actually, for this
case, test_bits should check one bit. So this patch introduced a
__test_bit_size which is greater than 0 and a multiple of XC_PAGE_SIZE,
then test_bits can work correctly with __test_bit_size
>> XC_PAGE_SHIFT as its size.
Signed-off-by: Zhenguo Wang <wangzhenguo@huawei.com>
Signed-off-by: Weidong Han <hanweidong@huawei.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Replace last_address_index and last_address_vaddr with a single pointer
to the last MapCacheEntry used.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
At some point the default usb bus name changed from 'usb.0' to
'usb-bus.0' (probably as part of the qom conversion). Update
the usb documentation accordingly.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
If no client is connected on the src side, then we won't receive a
parser during migrate, in this case usbredir_post_load() should be a nop,
rather then to try to derefefence the NULL dev->parser pointer.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When we receive a file descriptor over a UNIX domain socket the
O_NONBLOCK flag is preserved. Clear the O_NONBLOCK flag and rely on
QEMU file descriptor users like migration, SPICE, VNC, block layer, and
others to set non-blocking only when necessary.
This change ensures we don't accidentally expose O_NONBLOCK in the QMP
API. QMP clients should not need to get the non-blocking state
"correct".
A recent real-world example was when libvirt passed a non-blocking TCP
socket for migration where we expected a blocking socket. The source
QEMU produced a corrupted migration stream since its code did not cope
with non-blocking sockets.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
socket_connect() sets non-blocking on TCP or UNIX domain sockets if a
callback function is passed. Do the same for file descriptor passing,
otherwise we could unexpectedly be using a blocking file descriptor.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
There are several code paths in net_init_socket() depending on how the
socket is created: file descriptor passing, UDP multicast, TCP, or UDP.
Some of these support both listen and connect.
Not all code paths set the socket to non-blocking. This patch addresses
the file descriptor passing and UDP cases which were missing
socket_set_nonblock(fd) calls.
I considered moving socket_set_nonblock(fd) to a central location but it
turns out the code paths are different enough to require non-blocking at
different places.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
The fcntl(fd, F_SETFL, O_NONBLOCK) flag is not specific to sockets.
Rename to qemu_set_nonblock() just like qemu_set_cloexec().
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Today we reset fd_counter if it wraps, but it's better to abort()
instead, as fd_counter should never reach INT64_MAX.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
*fixed typo: s/resonable/reasonable/
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
QOM-ified the TPM support with much code borrowed from the rng implementation.
All other TPM related code moves will be provided in a subsequent patch.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Message-id: 1364469981.24703.1.camel@d941e-10
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The current code is oddly written and have equally odd semantics.
Despite the '_all' suffix, upon EAGAIN the result will be a partial
write but instead of returning the partial write, we return EAGAIN.
Change the behavior to write as much as we can until we get an EAGAIN
returning a partial write if we do.
Reported-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1364575190-731-1-git-send-email-aliguori@us.ibm.com
vfio-pci pull request 20130401
# gpg: Signature made Mon 01 Apr 2013 02:40:45 PM CDT using RSA key ID 3BB08B22
# gpg: Can't check signature: public key not found
# By Alex Williamson
# Via Alex Williamson
* awilliam/tags/vfio-pci-for-qemu-20130401.0:
vfio: cleanup includes
vfio: Add bootindex support
vfio-pci: Move devices to D0 on reset
vfio-pci: Add extra debugging
qemu vfio-pci: Graphics device quirks
qemu vfio-pci: Add support for VGA MMIO and I/O port access
vfio-pci: Add PCIe capability mangling based on bus type
vfio-pci: Generalize PCI config mangling
linux-headers: Update to v3.9-rc2
Guests may leave devices in a low power state at reboot, but we expect
devices to be woken up for the next boot. Make this happen.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Often when debugging it's useful to be able to disable bypass paths
so no interactions with the device are missed. Add some extra debug
options to do this. Also add device info on read/write BAR accesses,
which is useful when debugging more than one assigned device. A
couple DPRINTFs also had redundant "vfio:" prefixes.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Graphics cards have a number of different backdoors. Some of these
are alternative ways to get PCI BAR addresses, some of them are
complete mirrors of PCI config space available through MMIO and
I/O port access. These quirks cover a number of ATI Radeon and
Nvidia devices. On the ATI/AMD side, this should enable HD5450
and HD7850 and hopefully a host of devices around those generations.
For Nvidia, my card selection is much more dated. A 8400gs works
well with both the Window shipped driver and the Nvidia downloaded
driver. A 7300le works as well, with the caveat that generating
the Window experience index with the Nvidia driver causes the card
to reset several times before generating a BSOD. An NVS 290 card
seems to run well with the shipped Windows driver, but generates
a BSOD with the Nvidia driver. All of the Nvidia devices work with
the Linux Nvidia proprietary driver and nouveau, the HD5450 works
with either radeon or fglrx, HD7850 works with vesa and fglrx (not
supported by radeon). Extremely limited 3D testing.
Device reset is also an issue with graphics. It's unfortunately
very common that the devices offer no means to reset the card or
doesn't seem effective. Nvidia devices are pretty good about being
able to get the device to a working state through the VGA BIOS init,
Radeon devices less so, and often require a host reboot. Work
remains to be done here.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Most VGA cards need some kind of quirk to fully operate since they
hide backdoors to get to other registers outside of PCI config space
within the registers, but this provides the base infrastructure. If
we could identity map PCI resources for assigned devices we would need
a lot fewer quirks.
To enable this, use a kernel side vfio-pci driver that incorporates
VGA support (v3.9), and use the -vga none option and add the x-vga=on
option for the vfio-pci device. The "x-" denotes this as an
experimental feature. You may also need to use a cached copy of the
VGA BIOS for your device, passing it to vfio-pci using the romfile=
option.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Windows seems to pay particular interest to the PCIe header type of
devices and will fail to load drivers if we attach Endpoint devices or
Legacy Endpoint devices to the Root Complex. We can use
pci_bus_is_express and pci_bus_is_root to determine the bus type and
mangle the type appropriately:
* Legacy PCI
* No change, capability is unmodified for compatibility.
* PCI Express
* Integrated Root Complex Endpoint -> Endpoint
* PCI Express Root Complex
* Endpoint -> Integrated Root Complex Endpoint
* Legacy Endpoint -> none, capability hidden
We also take this opportunity to explicitly limit supported devices
to Endpoints, Legacy Endpoints, and Root Complex Integrated Endpoints.
We don't currently have support for other types and users often cause
themselves problems by assigning them.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Kernel-side vfio virtualizes all of config space, but some parts are
unique to Qemu. For instance we may or may not expose the ROM BAR,
Qemu manages MSI/MSIX, and Qemu manages the multi-function bit so that
single function devices can appear as multi-function and vica versa.
Generalize this into a bitmap of Qemu emulated bits.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
valids can equals to -1 if the reg/mem string is empty. Change the
expression to have an empty xor mask in that case.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The inner loop should only change the current bit of the result, instead
of the whole result.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
pcmpXstrX instructions in "Equal each" mode force both invalid element
pair to true. It means (upper - MAX(valids, validd)) bits should be set
to 1, not (upper - MAX(valids, validd) + 1).
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Fix the order of the of the comparisons to match the "Intel 64 and
IA-32 Architectures Software Developer's Manual".
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
pcmpXstrm instructions returns their result in the XMM0 register and
not in the first operand.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
ffs1 returns the first bit set to one starting counting from the most
significant bit.
pcmpXstri returns the most significant bit set to one, starting counting
from the least significant bit.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The "Intel 64 and IA-32 Architectures Software Developer's Manual" (at
least recent versions) clearly says that the comparison is signed.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
gen_op_mov_TN_reg() loads the value in cpu_T[0], so this temporary should
be used instead of cpu_tmp0.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
# By Dunrong Huang (1) and others
# Via Stefan Hajnoczi
* stefanha/trivial-patches:
hw/tcx: Remove unused 'addr' field and the property that sets it
hw/i386/pc: format load_linux function
configure: show debug-info option in --help output
Remove the sysbus_add_memory and sysbus_del_memory functions. These
are trivial wrappers for mapping a memory region into the system
memory space, and have no users now. Sysbus devices should never map
their own memory regions anyway; the correct API for mapping an mmio
region is for the creator of the device to use sysbus_mmio_map.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-id: 1363358063-23973-6-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Make sure we set the buffer to something in the softusb_read_{dmem,pmem}
error paths, since the caller will use the buffer unconditionally.
(Newer gcc is smart enough to spot this and complain about 'may be
used uninitialized'.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1364496184-11994-1-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Don't map the pmem and dmem RAM memory regions in the milkymist-softusb
device itself. Instead just expose them as sysbus mmio regions which
the device creator can map appropriately. This allows us to drop the
pmem_base and dmem_base properties. Instead of going via
cpu_physical_memory_read/_write when the device wants to access the
RAMs, we just keep a host pointer to the memory and use that.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael Walle <michael@walle.cc>
Message-id: 1363358063-23973-5-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Just expose the register buffers memory as a standard sysbus mmio
region which the creator of the device can map, rather than
providing a qdev property which the creator has to set to the
base address and then doing the mapping in the device's own
init function.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael Walle <michael@walle.cc>
Message-id: 1363358063-23973-4-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The cross i586-mingw32msvc-gcc 4.4.4 from Debian Squeeze does not support
__sync_val_compare_and_swap by default.
Using -march=i686 fixes that and should also result in better code.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
# By Kevin Wolf (22) and Peter Lieven (1)
# Via Stefan Hajnoczi
* stefanha/block: (23 commits)
block: Fix direct use of protocols as driver for bdrv_open()
qcow2: Gather clusters in a looping loop
qcow2: Move cluster gathering to a non-looping loop
qcow2: Allow requests with multiple l2metas
qcow2: Use byte granularity in qcow2_alloc_cluster_offset()
qcow2: Prepare handle_alloc/copied() for byte granularity
qcow2: handle_copied(): Implement non-zero host_offset
qcow2: handle_copied(): Get rid of keep_clusters parameter
qcow2: handle_copied(): Get rid of nb_clusters parameter
qcow2: Factor out handle_copied()
qcow2: Clean up handle_alloc()
qcow2: Finalise interface of handle_alloc()
qcow2: handle_alloc(): Get rid of keep_clusters parameter
qcow2: handle_alloc(): Get rid of nb_clusters parameter
qcow2: Factor out handle_alloc()
qcow2: Decouple cluster allocation from cluster reuse code
qcow2: Change handle_dependency to byte granularity
qcow2: Improve check for overlapping allocations
qcow2: Handle dependencies earlier
qcow2: Remove bogus unlock of s->lock
...
# By Lluís Vilanova (7) and others
# Via Stefan Hajnoczi
* stefanha/tracing:
vl: add runstate_set tracepoint
.gitignore: rename trace/generated-tracers.dtrace
.gitignore: add trace/generated-events.[ch]
trace: rebuild generated-events.o when configuration changes
trace: [stderr] Port to generic event information and new control interface
trace: [simple] Port to generic event information and new control interface
trace: [default] Port to generic event information and new control interface
trace: [monitor] Use new event control interface
trace: Provide a detailed event control interface
trace: Provide a generic tracing event descriptor
trace: [tracetool] Explicitly identify public backends
This patch enables us to know RunState transition. It will be userful
for investigation when the trouble occured in special event such like
live migration, shutdown, suspend, and so on.
Signed-off-by: Kazuya Saito <saito.kazuya@jp.fujitsu.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
For a while the file was called trace/generated-tracers-dtrace.dtrace
but today it's called trace/generated-tracers.dtrace.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Make sure to rebuild generated-events.o when ./configure options change.
This prevents linker errors when a stale generated-events.o gets linked
with code compiled against fresh headers. For example, try building
with ./configure --enable-trace-backend=stderr followed by ./configure
--enable-trace-backend=dtrace.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The backend is forced to dump event numbers using 64 bits, as TraceEventID is
an enum.
Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This interface decouples event obtaining from interaction.
Events can be obtained through three different methods:
* identifier
* name
* simple wildcard pattern
Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Uses tracetool to generate a backend-independent tracing event description
(struct TraceEvent).
The values for such structure are generated with the non-public "events"
backend ("events-c" frontend).
The generation of the defines to check if an event is statically enabled is also
moved to the "events" backend ("events-h" frontend).
Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Public backends are those printed by "--list-backends" and thus considered valid
by the configure script.
Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
bdrv_open_common() implements direct use of protocols by copying the
pre-opened BlockDriverStates to bs using bdrv_swap(). It did however
first set some fields in bs, which end up in file after the swap. When
bdrv_open() destroys file, it appears to be open, and because it isn't,
qemu could segfault while trying to close it.
Reorder the operations to return immediately in such cases so that file
is correctly detected as closed.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Instead of just checking once in exactly this order if there are
dependendies, non-COW clusters and new allocation, this starts looping
around these. This way we can, for example, gather non-COW clusters after
new allocations as long as the host cluster offsets stay contiguous.
Once handle_dependencies() is extended so that COW areas of in-flight
allocations can be overwritten, this allows to continue with gathering
other clusters (we wouldn't be able to do that without this change
because we would have missed a possible second dependency in one of the
next clusters).
This means that in the typical sequential write case, we can combine the
COW overwrite of one cluster with the allocation of the next cluster as
soon as something like Delayed COW gets actually implemented. It is only
by avoiding splitting requests this way that Delayed COW actually starts
improving performance noticably.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This patch is mainly to separate the indentation change from the
semantic changes. All that really changes here is that everything moves
into a while loop, all 'goto done' become 'break' and at the end of the
loop a new 'break is inserted.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Instead of expecting a single l2meta, have a list of them. This allows
to still have a single I/O request for the guest data, even though
multiple l2meta may be needed in order to describe both a COW overwrite
and a new cluster allocation (typical sequential write case).
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This gets rid of the nb_clusters and keep_clusters and the associated
complicated calculations. Just advance the number of bytes that have
been processed and everything is fine.
This patch advances the variables even after the last operation even
though they aren't used any more afterwards to make things look more
uniform. A later patch will turn the whole thing into a loop and then
it actually starts making sense.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This makes handle_alloc() and handle_copied() return byte-granularity
host offsets instead of returning always the cluster start. This is
required so that qcow2_alloc_cluster_offset() can stop aligning
everything to cluster boundaries.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Look only for clusters that start at a given physical offset.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Now *bytes is used to return the length of the area that can be written
to without performing an allocation or COW.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
handle_copied() uses its bytes parameter now to determine how many
clusters it should try to find.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Things can be simplified a bit now. No semantic changes.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The interface works completely on a byte granularity now and duplicated
parameters are removed.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
handle_alloc() is now called with the offset at which the actual new
allocation starts instead of the offset at which the whole write request
starts, part of which may already be processed.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
We already communicate the same information in *bytes.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This moves some code that prepares the allocation of new clusters to
where the actual allocation happens. This is the minimum required to be
able to move it to a separate function in the next patch.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This is a more precise description of what really constitutes a
dependency. The behaviour doesn't change at this point because the COW
area of the old request is still aligned to cluster boundaries and
therefore an overlap is detected wheneven the requests touch any part of
the same cluster.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The old code detected an overlapping allocation even when the
allocations didn't actually overlap, but were only adjacent.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Handling overlapping allocations isn't just a detail of cluster
allocation. It is rather one of three ways to get the host cluster
offset for a write request:
1. If a request overlaps an in-flight allocations, the cluster offset
can be taken from there (this is what handle_dependencies will evolve
into) or the request must just wait until the allocation has
completed. Accessing the L2 is not valid in this case, it has
outdated information.
2. Outside overlapping areas, check the clusters that can be written to
as they are, with no COW involved.
3. If a COW is required, allocate new clusters
Changing the code to reflect this doesn't change the behaviour because
overlaps cannot exist for clusters that are kept in step 2. It does
however make it easier for later patches to work on clusters that belong
to an allocation that is still in flight.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The unlock wakes up the next coroutine, but the currently running
coroutine will lock it again before it yields, so this doesn't make a
lot of sense.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This should be based on the virtual disk size, not on the size of the
image.
Interesting observation: With some VM state stored in the image file,
percentages higher than 100% are possible, even though snapshots
themselves are ignored. This is a qcow2 bug to be fixed another day: The
VM state should be discarded in the active L2 tables after completing
the snapshot creation.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
commit 4d454574 "qemu-option: move standard option definitions
out of qemu-config.c" broke support for commandline option
groups that where registered during bdrv_init(). In particular
support for -iscsi options was broken since that commit.
Fix by moving the bdrv_init_with_whitelist() before command
line argument parsing.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Remove the 'addr' field from TCXState (since it is completely unused),
also the qdev property which sets it. This seems to be a relic from
many years past; devices don't need to know where they are mapped.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
"--enable-debug-info" and "--disable-debug-info" were not shown
in --help output.
Signed-off-by: Dunrong Huang <huangdr@cloud-times.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
When migrating a host with with a spice agent running the mouse becomes
non operational after the migration due to the agent state being
inconsistent between the guest and the client.
After migration the spicevmc backend on the destination has never been notified
of the (non 0) guest_connected state. Virtio-serial holds this state
information and migrates it, this patch properly propagates this information
to virtio-console and through that to interested chardev backends.
rhbz #725965
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Message-id: 1364292483-16564-11-git-send-email-hdegoede@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Most frontends can't really determine if the guest actually has the frontend
side open. So lets automatically generate fe_open / fe_close as soon as a
frontend becomes ready (as signalled by calling qemu_chr_add_handlers) /
becomes non ready (as signalled by setting all handlers to NULL).
And allow frontends which can actually determine if the guest is listening to
opt-out of this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Message-id: 1364292483-16564-5-git-send-email-hdegoede@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
GCC 4.8.0 introduces a new warning:
block/qcow2-snapshot.c: In function 'qcow2_write_snapshots’:
block/qcow2-snapshot.c:252:18: error: typedef 'qemu_build_bug_on__253'
locally defined but not used [-Werror=unused-local-typedefs]
QEMU_BUILD_BUG_ON(offsetof(QCowHeader, snapshots_offset) !=
^
cc1: all warnings being treated as errors
(Caret diagnostics aren't perfect yet with macros... :)) Work around it
with __attribute__((unused)).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1364391272-1128-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
virtio,pci,qom
Work by Alex to support VGA assignment,
pci and virtio fixes by Stefan, Jason and myself, and a
new qmp event for hotplug support by myself.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Tue 26 Mar 2013 02:02:24 PM CDT using RSA key ID D28D5469
# gpg: Can't check signature: public key not found
# By Alex Williamson (13) and others
# Via Michael S. Tsirkin
* mst/tags/for_anthony: (23 commits)
pcie: Add endpoint capability initialization wrapper
roms: switch oldnoconfig to olddefconfig
pcie: Mangle types to match topology
pci: Create and use API to determine root buses
pci: Create pci_bus_is_express helper
pci: Q35, Root Ports, and Switches create PCI Express buses
pci: Allow PCI bus creation interfaces to specify the type of bus
pci: Move PCI and PCIE type defines
pci: Create and register a new PCI Express TypeInfo
exec: assert that RAMBlock size is non-zero
pci: refuse empty ROM files
pci_bridge: Remove duplicate IRQ swizzle function
pci_bridge: Use a default map_irq function
pci: Fix INTx routing notifier recursion
pci_bridge: drop formatting from source
pci_bridge: factor out common code
pci: Teach PCI Bridges about VGA routing
pci: Add PCI VGA helpers
virtio-pci: guest notifier mask without non-irqfd
virtio-net: remove layout assumptions for mq ctrl
...
Fix the awkward API of mangling the caller specified PCIe type and
just provide an interface to initialize an endpoint device. This
will pick either a regular endpoint or integrated endpoint based on
the bus and return pcie_cap_init to doing exactly what is asked.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
When a new option is added that qemu does not know
about, the prudent thing is to use the default not
force it to "no".
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Windows will fail to start drivers for devices with an Endpoint type
PCIe capability attached to a Root Complex (code 10 - Device cannot
start). The proper type for such a device is Root Complex Integrated
Endpoint. Devices don't care which they are, so do this conversion
automatically.
This allows the Windows driver to load for nec-usb-xhci when attached
to pcie.0 of a q35 machine.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Convert q35, ioh3420, xio3130_upstream, and xio3130_downstream to
use the new TYPE_PCIE_BUS.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Move these so that we can reference them from a more common header
instead of including pci_bus.h everywhere.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This will allow us to differentiate Express and Legacy buses.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
find_ram_offset() does not handle size=0 gracefully. It hands out the
same RAMBlock offset multiple times, leading to obscure failures later
on.
Add an assert to warn early if something is incorrectly allocating a
zero size RAMBlock.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
A zero size ROM file is invalid and should produce a warning.
Attempting to use a zero size file ends up hitting an assertion
qemu_ram_set_idstr() because RAMBlocks with duplicate addresses are
allocated - due to zero size the allocator doesn't increment the next
available RAMBlock offset.
Also convert __FUNCTION__ to __func__ while we're touching this code.
There are no other __FUNCTION__ instances in pci.c anymore.
Reported-by: Milos Ivanovic <milosivanovic@orcon.net.nz>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
pci_bridge_dev_map_irq_fn() is identical to pci_swizzle_map_irq_fn(),
which is now the default for all PCI bridges. We can therefore remove
this function and the pci_bridge_map_irq() call that used it.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The PCI bridge spec defines a default swizzle for translating INTx
IRQs from secondary bus to primary. Use this by default for any
bridge that doesn't set a function.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
For some reason we recurse to fire the INTx routing notifier for each
child of a bus, for each possible device of a bus. That means that if
we add a root port, the notifier gets called for that bridge 256
times. If we add an upstream switch behind that root port, 256^2. But
of course we need a downstream switch, 256^3. This starts to be
noticeable. Stop the insanity.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
We use the same formatting for all files, it
doesn't make sense to have formatting directives only
in pci bridge header.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reuse common code in pcie_port, override the hardwired-to-0
bits per PCI Express spec.
No functional change but makes the code easier to follow.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Each PCI Bridge has a set of implied VGA regions that are enabled when
the VGA bit is set in the bridge control register. This allows VGA
devices behind bridges. Unfortunately with VGA Enable, which we
formerly allowed but didn't back, comes along some required VGA
baggage. VGA Palette Snooping is required, along with VGA 16-bit
decoding. We don't yet have support for palette snooping.
We also don't have support for 10-bit VGA aliases, the default mode, but
we enable the register, even on root ports, to avoid confusing guests.
Fortunately there's likely nothing from this century that requires these
features, so the missing bits are noted with TODOs.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Allow devices to register VGA memory regions for handling PCI spec
defined VGA I/O port and MMIO areas. PCI will attach these to the
bus address spaces and enable them according to the device command
register value.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
non-irqfd setups are currently broken with vhost:
we start up masked and nothing unmasks the interrupts.
Fix by using mask notifiers, same as the irqfd path.
Sharing irqchip/non irqchip code is always a good thing,
in this case it will help non irqchip benefit
from backend masking optimization.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Following commit 921ac5d0f3 (virtio-net:
remove layout assumptions for ctrl vq), this patch makes multiqueue ctrl
handling not rely on the layout of descriptors.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Add QOM path to device deleted event. It now becomes useful to report
it for devices which don't have an ID assigned.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
It seems more logical to have destruction flow start with the subclass
and move up to the base class. This ensures object has a valid
canonical path when destructor is called.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# By Peter Lieven (9) and others
# Via Juan Quintela
* quintela/migration.next: (22 commits)
Use qemu_put_buffer_async for guest memory pages
Add qemu_put_buffer_async
Use writev ops if available
Store the data to send also in iovec
Update bytes_xfer in qemu_put_byte
Add socket_writev_buffer function
Add QemuFileWritevBuffer QemuFileOps
migration: use XBZRLE only after bulk stage
migration: do not search dirty pages in bulk stage
migration: do not sent zero pages in bulk stage
migration: add an indicator for bulk state of ram migration
migration: search for zero instead of dup pages
bitops: unroll while loop in find_next_bit()
buffer_is_zero: use vector optimizations if possible
cutils: add a function to find non-zero content in a buffer
move vector definitions to qemu-common.h
savevm: Fix bugs in the VMSTATE_VBUFFER_MULTIPLY definition
savevm: Add VMSTATE_STRUCT_VARRAY_POINTER_UINT32
savevm: Add VMSTATE_FLOAT64 helpers
savevm: Add VMSTATE_UINTTL_EQUAL helper
...
Peter reported that rtc-test would periodically hang. It turns out
this was due to an EAGAIN occurring on qemu_chr_fe_write.
Instead of heavily refactoring qtest, just use a synchronous version
of the write operation for qemu_chr_fe_write to address this problem.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Corey Bryant (2) and others
# Via Luiz Capitulino
* luiz/queue/qmp:
New QMP command query-cpu-max and HMP command cpu_max
qmp: fix handling of boolean values in qmp-shell
QMP: TPM QMP and man page documentation updates
QMP: Remove duplicate TPM type from query-tpm
This will remove an unneeded copy of guest memory pages.
For the page header and device state we still copy the data to the
static buffer the other option is to allocate the memory on demand
which is more expensive.
Signed-off-by: Orit Wasserman <owasserm@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
This allows us to add a buffer to the iovec to send without copying it
into the static buffer, the buffer will be sent later when qemu_fflush is called.
Signed-off-by: Orit Wasserman <owasserm@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Update qemu_fflush and stdio_close to use writev ops if they are available
Use the buffers stored in the iovec.
Signed-off-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
All data is still copied into the static buffer.
Adjacent iovecs are coalesced so we send one big buffer
instead of many small buffers.
Signed-off-by: Orit Wasserman <owasserm@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
at the beginning of migration all pages are marked dirty and
in the first round a bulk migration of all pages is performed.
currently all these pages are copied to the page cache regardless
of whether they are frequently updated or not. this doesn't make sense
since most of these pages are never transferred again.
this patch changes the XBZRLE transfer to only be used after
the bulk stage has been completed. that means a page is added
to the page cache the second time it is transferred and XBZRLE
can benefit from the third time of transfer.
since the page cache is likely smaller than the number of pages
it's also likely that in the second round the page is missing in the
cache due to collisions in the bulk phase.
on the other hand a lot of unnecessary mallocs, memdups and frees
are saved.
the following results have been taken earlier while executing
the test program from docs/xbzrle.txt. (+) with the patch and (-)
without. (thanks to Eric Blake for reformatting and comments)
+ total time: 22185 milliseconds
- total time: 22410 milliseconds
Shaved 0.3 seconds, better than 1%!
+ downtime: 29 milliseconds
- downtime: 21 milliseconds
Not sure why downtime seemed worse, but probably not the end of the world.
+ transferred ram: 706034 kbytes
- transferred ram: 721318 kbytes
Fewer bytes sent - good.
+ remaining ram: 0 kbytes
- remaining ram: 0 kbytes
+ total ram: 1057216 kbytes
- total ram: 1057216 kbytes
+ duplicate: 108556 pages
- duplicate: 105553 pages
+ normal: 175146 pages
- normal: 179589 pages
+ normal bytes: 700584 kbytes
- normal bytes: 718356 kbytes
Fewer normal bytes...
+ cache size: 67108864 bytes
- cache size: 67108864 bytes
+ xbzrle transferred: 3127 kbytes
- xbzrle transferred: 630 kbytes
...and more compressed pages sent - good.
+ xbzrle pages: 117811 pages
- xbzrle pages: 21527 pages
+ xbzrle cache miss: 18750
- xbzrle cache miss: 179589
And very good improvement on the cache miss rate.
+ xbzrle overflow : 0
- xbzrle overflow : 0
Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
avoid searching for dirty pages just increment the
page offset. all pages are dirty anyway.
Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
during bulk stage of ram migration if a page is a
zero page do not send it at all.
the memory at the destination reads as zero anyway.
even if there is an madvise with QEMU_MADV_DONTNEED
at the target upon receipt of a zero page I have observed
that the target starts swapping if the memory is overcommitted.
it seems that the pages are dropped asynchronously.
this patch also updates QMP to return the number of
skipped pages in MigrationStats.
Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
the first round of ram transfer is special since all pages
are dirty and thus all memory pages are transferred to
the target. this patch adds a boolean variable to track
this stage.
Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
virtually all dup pages are zero pages. remove
the special is_dup_page() function and use the
optimized buffer_find_nonzero_offset() function
instead.
here buffer_find_nonzero_offset() is used directly
to avoid the unnecssary additional checks in
buffer_is_zero().
raw performace gain checking 1 GByte zeroed memory
over is_dup_page() is approx. 10-12% with SSE2
and 8-10% with unsigned long arithmedtic.
Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
this patch adopts the loop unrolling idea of bitmap_is_zero() to
speed up the skipping of large areas with zeros in find_next_bit().
this routine is extensively used to find dirty pages in
live migration.
testing only the find_next_bit performance on a zeroed bitfield
the loop onrolling decreased executing time by approx. 50% on x86_64.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Juan Quintela <quintela@redhat.com>
performance gain on SSE2 is approx. 20-25%. altivec
is not tested. performance for unsigned long arithmetic
is unchanged.
Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
this adds buffer_find_nonzero_offset() which is a SSE2/Altivec
optimized function that searches for non-zero content in a
buffer.
the function starts full unrolling only after the first few chunks have
been checked one by one. analyzing real memory page data has revealed
that non-zero pages are non-zero within the first 256-512 bits in
most cases. as this function is also heavily used to check for zero memory
pages this tweak has been made to avoid the high setup costs of the fully
unrolled check for non-zero pages.
due to the optimizations used in the function there are restrictions
on buffer address and search length. the function
can_use_buffer_find_nonzero_content() can be used to check if
the function can be used safely.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Juan Quintela <quintela@redhat.com>
vector optimizations will now be used at various places
not just in is_dup_page() in arch_init.c
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Juan Quintela <quintela@redhat.com>
The VMSTATE_BUFFER_MULTIPLY macro is misnamed - it actually specifies
a variably sized buffer with VMS_VBUFFER, so should be named
VMSTATE_VBUFFER_MULTIPLY. This patch fixes this (the macro had no current
users under either name).
In addition, unlike the other VMSTATE_VBUFFER variants, this macro did not
specify VMS_POINTER. This patch fixes this bug as well.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Currently the savevm code contains a VMSTATE_STRUCT_VARRAY_POINTER_INT32
helper (a variably sized array with the number of elements in an int32_t),
but not VMSTATE_STRUCT_VARRAY_POINTER_UINT32 (... with the number of
elements in a uint32_t). This patch (trivially) fixes the deficiency.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Juan Quintela <quintela@redhat.com>
The current savevm code includes VMSTATE helpers for a number of commonly
used data types, but not for the float64 type used by the internal floating
point emulation code. This patch fixes the deficiency.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Juan Quintela <quintela@redhat.com>
This adds an _EQUAL VMSTATE helper for target_ulongs, defined in terms of
VMSTATE_UINT32_EQUAL or VMSTATE_UINT64_EQUAL as appropriate.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Juan Quintela <quintela@redhat.com>
The savevm code already includes a number of *_EQUAL helpers which act as
sanity checks verifying that the configuration of the saved state matches
that of the machine we're loading into to work. Variants already exist
for 8 bit 16 bit and 32 bit integers, but not 64 bit integers. This patch
fills that hole, adding a UINT64 version.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Juan Quintela <quintela@redhat.com>
These commands return the maximum number of CPUs supported by the
currently running emulator instance, as defined in its QEMUMachine
struct.
Signed-off-by: Michal Novotny <minovotn@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
qmp-shell converts only integer arguments and the rest
is assumed to be strings which are faithfully sent as
quoted strings by json. But QEMU refuses to accept qmp
command with boolean argument whose value is escaped
as string.
Fix it by special-casing true/false keywords and store
value as corresponding boolean.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
# By Dmitry Fleytman (5) and others
# Via Stefan Hajnoczi
* stefanha/net:
net: increase buffer size to accommodate Jumbo frame pkts
VMXNET3 device implementation
Packet abstraction for VMWARE network devices
Common definitions for VMWARE devices
net: iovec checksum calculator
Checksum-related utility functions
net: use socket_set_nodelay() for -netdev socket
# By Liu Yuan (1) and Stefan Weil (1)
# Via Stefan Hajnoczi
* stefanha/block:
block: Add options QDict to bdrv_file_open() prototypes (fix MinGW build)
rbd: fix compile error
This solves, e.g., sticky ALT when selecting a GTK menu, switching to a
different window or selecting a different virtual console.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-id: 514F417A.6010908@web.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Socket buffer sizes were hard-coded to 4K for VDE and socket netdevs. Bump this
up to 68K (ala tap netdev) to handle maximum GSO packet size (64k) plus plenty
of room for the ethernet and virtio_net headers.
Originally, ran into this limitation when using -netdev UDP sockets to connect
VM-to-VM, where VM interface is configure with MTU=9000. (Using virtio_net
NIC model). Test is simple: ping -M do -s 8500 <target>. This test will
attempt to ping with unfragmented packet of given size. Without patch, size
is limited to < 4K (minus protocol hdrs). With patch, ping test works with pkt
size up to 9000 (again, minus protocol hdrs).
v2: per Stefan, increase buf size to (4096+65536) as done in tap and apply
to vde and socket netdevs.
v1: increase buf size to 12K just for -netdev UDP sockets
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
net_checksum_add_cont()
checksum calculation for scattered data with odd chunk sizes
net_raw_checksum()
checksum calculation for a buffer
Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Yan Vugenfirer <yan@daynix.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reduce -netdev socket latency by disabling the Nagle algorithm on
SOCK_STREAM sockets in net/socket.c. Since we are tunelling Ethernet
over TCP we shouldn't artificially delay outgoing packets, let the guest
decide packet scheduling.
I already get sub-millisecond -netdev socket ping times on localhost, so
there was no measurable difference in my testing. This won't hurt
though and may improve remote socket performance.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
We can compute the value in cpu_dump_state anyway, and gratuitous
modifications to eflags creates heisenbugs.
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
When starting from CC_OP_DYNAMIC, and issuing adox before adcx,
a typo used the wrong value for the resulting CC_OP.
Cc: Blue Swirl <blauwirbel@gmail.com>
Reported-by: Torbjorn Granlund <tg@gmplib.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* 'ppc-for-upstream' of git://github.com/agraf/qemu: (58 commits)
target-ppc: Use NARROW_MODE macro for tlbie
target-ppc: Use NARROW_MODE macro for addresses
target-ppc: Use NARROW_MODE macro for comparisons
target-ppc: Use NARROW_MODE macro for branches
target-ppc: Fix add and subf carry generation in narrow mode
target-ppc: Use QOM method dispatch for MMU fault handling
target-ppc: Move ppc tlb_fill implementation into mmu_helper.c
target-ppc: Split user only code out of mmu_helper.c
mmu-hash64: Implement Virtual Page Class Key Protection
mmu-hash*: Merge translate and fault handling functions
mmu-hash*: Don't use full ppc_hash{32, 64}_translate() path for get_phys_page_debug()
mmu-hash*: Correctly mask RPN from hash PTE
mmu-hash*: Clean up real address calculation
mmu-hash*: Clean up PTE flags update
mmu-hash64: Factor SLB N bit into permissions bits
mmu-hash*: Clean up permission checking
mmu-hash32: Remove nx from context structure
mmu-hash*: Don't update PTE flags when permission is denied
mmu-hash32: Don't look up page tables on BAT permission error
mmu-hash32: Cleanup BAT lookup
...
is_tcg_gen_code() checks the upper limit of TCG generated code range wrong, so
that TCG could get broken occasionally only when CONFIG_QEMU_LDST_OPTIMIZATION
enabled. The reason is code_gen_buffer_max_size does not cover the upper range
up to (TCG_MAX_OP_SIZE * OPC_BUF_SIZE), thus code_gen_buffer_max_size should be
modified to code_gen_buffer_size.
CC: qemu-stable@nongnu.org
Signed-off-by: Yeongkyoon Lee <yeongkyoon.lee@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
# By Kevin Wolf (12) and Peter Lieven (2)
# Via Kevin Wolf
* kwolf/for-anthony:
nbd: Check against invalid option combinations
nbd: Use default port if only host is specified
block: Allow omitting the file name when using driver-specific options
block: Make find_image_format safe with NULL filename
block: Rename variable to avoid shadowing
block: Introduce .bdrv_parse_filename callback
nbd: Accept -drive options for the network connection
nbd: Remove unused functions
nbd: Keep hostname and port separate
qemu-socket: Make socket_optslist public
block: Pass bdrv_file_open() options to block drivers
block: Add options QDict to bdrv_file_open() prototypes
block: complete all IOs before resizing a device
Revert "block: complete all IOs before .bdrv_truncate"
# By liguang (2) and others
# Via Stefan Hajnoczi
* stefanha/trivial-patches:
qdev: remove redundant abort()
gitignore: ignore more files
Use proper term in TCG README
serial: Fix debug format strings
Fix typos and misspellings
Advertise --libdir in configure --help output
memory: fix a bug of detection of memory region collision
MinGW: Replace setsockopt by qemu_setsocketopt
A file name may only specified if no host or socket path is specified.
The latter two may not appear at the same time either.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
The URL method already takes care to apply the default port when none is
specfied. Directly specifying driver-specific options required the port
number until now. Allow leaving it out and apply the default.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
After this patch, using -drive with an empty file name continues to open
the file if driver-specific options are used. If no driver-specific
options are specified, the semantics stay as it was: It defines a drive
without an inserted medium.
In order to achieve this, bdrv_open() must be made safe to work with a
NULL filename parameter. The assumption that is made is that only block
drivers which implement bdrv_parse_filename() support using driver
specific options and could therefore work without a filename. These
drivers must make sure to cope with NULL in their implementation of
.bdrv_open() (this is only NBD for now). For all other drivers, the
block layer code will make sure to error out before calling into their
code - they can't possibly work without a filename.
Now an NBD connection can be opened like this:
qemu-system-x86_64 -drive file.driver=nbd,file.port=1234,file.host=::1
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
In order to achieve this, the .bdrv_probe callbacks of all drivers must
cope with this. The DMG driver is the only one that bases its decision
on the filename and it needs to be changed.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
bdrv_open() uses two different variables called options. Rename one of
them to avoid confusion and to allow the outer one to be accessed
everywhere.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
If a driver needs structured data and not just a string, it can provide
a .bdrv_parse_filename callback now that parses the command line string
into separate options. Keeping this separate from .bdrv_open_filename
ensures that the preferred way of directly specifying the options always
works as well if parsing the string works.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
The existing parsers for the file name now parse everything into the
bdrv_open() options QDict. Instead of using these parsers, you can now
directly specify the options on the command line, like this:
qemu-system-x86_64 -drive file=nbd:,file.port=1234,file.host=::1
Clearly the file=... part could use further improvement, but it's a
start.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
The NBD block supports an URL syntax, for which a URL parser returns
separate hostname and port fields. It also supports the traditional qemu
syntax encoded in a filename. Until now, after parsing the URL to get
each piece of information, a new string is built to be fed to socket
functions.
Instead of building a string in the URL case that is immediately parsed
again, parse the string in both cases and use the QemuOpts interface to
qemu-sockets.c.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Allow other users to create the QemuOpts needed for inet_connect_opts().
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Specify -drive file.option=... on the command line to pass the option to
the protocol instead of the format driver.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
this patch ensures that all pending IOs are completed
before a device is resized. this is especially important
if a device is shrinked as it the bdrv_check_request()
result is invalidated.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
brdv_truncate() is also called from readv/writev commands on self-
growing file based storage. this will result in requests waiting
for theirselves to complete.
This reverts commit 9a665b2b86.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
In TCG, "target" means the host architecture for which TCG generates
the code. Using "guest" rather than "target" to make the document more
consistent.
Signed-off-by: Chen Wei-Ren <chenwj@iis.sinica.edu.tw>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The set of computations used in b5a73f8d8a
are only valid if the current word size == target_long size. This failed
to take ppc64 in 32-bit (narrow) mode into account.
Add a NARROW_MODE macro to avoid conditional compilation.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
After previous cleanups, the many scattered checks of env->mmu_model in
the ppc MMU implementation have, at least for "classic" hash MMUs been
reduced (almost) to a single switch at the top of
cpu_ppc_handle_mmu_fault().
An explicit switch is still a pretty ugly way of handling this though. Now
that Andreas Färber's CPU QOM cleanups for ppc have gone in, it's quite
straightforward to instead make the handle_mmu_fault function a QOM method
on the CPU object.
This patch implements such a scheme, initializing the method pointer at
the same time as the mmu_model variable. We need to keep the latter around
for now, because of the MMU types (BookE, 4xx, et al) which haven't been
converted to the new scheme yet, and also for a few other uses. It would
be good to clean those up eventually.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
For softmmu builds the interface from the generic code to the target
specific MMU implementation is through the tlb_fill() function. For ppc
this is currently in mem_helper.c, whereas it would make more sense in
mmu_helper.c. This patch moves it, which also allows
cpu_ppc_handle_mmu_fault() to become a local function in mmu_helper.c
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
mmu_helper.c is, for obvious reasons, almost entirely concerned with
softmmu builds of qemu. However, it does contain one stub function which
is used when CONFIG_USER_ONLY=y - the user only versoin of
cpu_ppc_handle_mmu_fault, which always triggers an exception. The entire
rest of the file is surrounded by #if !defined(CONFIG_USER_ONLY).
We clean this up by moving the user only stub into its own new file,
removing the ifdefs and building mmu_helper.c only when CONFIG_SOFTMMU
is set. This also lets us remove the #define of cpu_handle_mmu_fault to
cpu_ppc_handle_mmu_fault - that name is only used from generic code for
user only - so we just name our split user version by the generic name.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Version 2.06 of the Power architecture describes an additional page
protection mechanism. Each virtual page has a "class" (0-31) recorded in
the PTE. The AMR register contains bits which can prohibit reads and/or
writes on a class by class basis. Interestingly, the AMR is userspace
readable and writable, however user mode writes are masked by the contents
of the UAMOR which is privileged.
This patch implements this protection mechanism, along with the AMR and
UAMOR SPRs. The architecture also specifies a hypervisor-privileged AMOR
register which masks user and supervisor writes to the AMR and UAMOR. We
leave this out for now, since we don't at present model hypervisor mode
correctly in any case.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[agraf: fix 32-bit hosts]
Signed-off-by: Alexander Graf <agraf@suse.de>
ppc_hash{32,64}_handle_mmu_fault() is now the only caller of
ppc_hash{32,64{_translate(), so this patch combines them together. This
means that instead of one returning a variety of non-obvious error codes
which then get translated into the various mmu exception conditions, we can
just generate the exceptions as we discover problems in the translation
path. This also removes the last usage of mmu_ctx_hash{32,64}.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently the hash mmu versionsof get_phys_page_debug() use the same
ppc64_hash64_translate() function to do the translation logic as the normal
mm fault handler code.
That sounds like a good idea, but has some complications. The debug path
doesn't need, or even want some parts of the full translation path, like
permissions checking. Furthermore, the pte flags update included in the
normal path means that the debug call is not quite side effect free.
This patch, therefore, reimplements get_phys_page_debug as the minimal
required subset of the full translation path.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>`z
Signed-off-by: Alexander Graf <agraf@suse.de>
BEHAVIOUR CHANGE
At present we take the whole of word 1 of the hash PTE as the real page
number used to calculate the translated address. This is incorrect,
because it leaves the flags from the low bits of PTE word 1 in place in the
rpm. We mostly get away with that because the value is later masked by
TARGET_PAGE_MASK.
More recent 64-bit CPUs also have a small number of flag bits (PP0 and
KEY) in the top bits of PTE word 1. Any guest which used those bits would
fail with the current code.
This patch fixes the problem by correctly masking out the RPN field of
PTE word 1. This is safe, even for older CPUs which didn't have PP0 and
KEY, because although the RPN notionally extended to the very top of PTE
word 1, none of those CPUs actually implemented that many real address
bits.
We add analogous masking to the 32-bit code, even though it also doesn't
have the high flag bits, for consistency and clarity.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
More recent 64-bit hash MMUs support multiple page sizes, and PTEs for
large pages only include the offset of the whole large page. But the qemu
tlb only handles pages of the base size (4k) so we need to break up the
large pages into 4k pieces for the qemu tlb. To do that we have a somewhat
awkward piece of code that adds the folds address bits 4k and the page size
from the virtual address into the real address from the pte.
This patch simplifies this redefining the raddr output of
ppc_hash64_translate() to be the full real address of the faulting address,
rather than just the (4k) page offset. Computing that turns out to be
simpler, and is fine for the caller, since it already masks with
TARGET_PAGE_MASK before inserting into the qemu tlb.
The multiple page size complication doesn't exist for 32-bit hash mmus, but
we make an analogous cleanup there for consistency.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently the ppc_hash{32,64}_pte_update_flags() helper functions update a
PTE's referenced and changed bits as necessary to reflect the access. It
is somewhat long winded, though. This patch open codes them in their
(single) callers, in a simpler way.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
BEHAVIOUR CHANGE
Currently, for 64-bit hash mmu, the execute protection bit placed into the
qemu tlb is based only on the N (No execute) bit from the PTE. However,
No Execute can also be set at the segment level. We do check this on
execute faults, but this still means we could incorrectly allow execution
of code from a No Execute segment, if a prior read or write fault caused
the page to be loaded into the qemu tlb with PROT_EXEC set.
To correct this, we (re-)check the segment level no execute permission when
generating the protection bits for the qemu tlb.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently checking of PTE permission bits is split messily amongst
ppc_hash{32,64}_pp_check(), ppc_hash{32,64}_check_prot() and their callers.
This patch cleans this up to have the new function
ppc_hash{32,64}_pte_prot() compute the page permissions from the SLBE (for
64-bit) or segment register (32-bit) and the pte. A greatly simplified
version of the actual permissions check is then open coded in the callers.
The 32-bit version of ppc_hash32_pte_prot() is implemented in terms of
ppc_hash32_pp_prot(), a renamed and slightly cleaned up version of the old
ppc_hash32_pp_check(), which is also used for checking BAT permissions on
the 601.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Previous cleanups have meant the nx field of the mmu_ctx_hash32 structure
is now only used within ppc_hash32_translate(), and so it can be replaced
by a local variable.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
BEHAVIOUR CHANGE
Currently if ppc_hash{32,64}_translate() finds a PTE matching the given
virtual address, it will always update the PTE's R & C (Referenced and
Changed) bits. This happens even if the PTE's permissions mean we are
about to deny the translation.
This is clearly a bug, although we get away with it because:
a) It will only incorrectly set, never reset the bits, which should not
cause guest correctness problems.
b) Linux guests never use the R & C bits anyway.
This patch fixes the behaviour, only updating R & C when access is granted
by the PTE.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
BEHAVIOUR CHANGE
Currently, on any failure translating an address with BATs, we proceed to
normal segment and page table translation. That's incorrect if the
BAT error was due to permissions, rather than not finding a matching BAT.
We've gotten away with it because a guest would not usually put
translations for the same address in both BATs and page table. Nonetheless
this patch corrects the logic, only doing page table lookup if no BAT
is found. A matching BAT with bad permissions will now correctly trigger
an exception.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch makes a general cleanup of the ppc_hash32_get_bat() function,
renaming it to ppc_hash32_bat_lookup(). In particular, the new function
only looks for a matching BAT, with the permissions check from the old
function moved to the caller.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The code to search for a matching BAT for a virtual address is somewhat
longwinded and awkward. In particular, it relies on seperate size and
validity information being returned from the hash32_bat_size() function
(and 601 specific variant).
We simplify this by having hash32_bat_size() return instead a mask of the
virtual address bits to match, and 0 for invalid (since a BAT can never
match the entire address space).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
hash32_bat_size_prot() and its 601 variant, as the name suggests, returns
both a BAT's size - needed to search for a matching BAT - and its
permissions, only relevant once a matching BAT has been located.
There's no particular advantage to combining these, so we split these roles
into seperate functions for clarity.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
In the code for handling BATs, the hash32_bat_size_prot() and
hash32_bat_601_size_prot() functions are passed the BAT contents by
reference (pointer) for no clear reason, since they only need the values
within.
This patch removes this odd usage, and uses the resulting change to clean
up the caller slightly.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
With previous cleanups made, the 32-bit and 64-bit pte_check*() functions
are pretty trivial and only have one call site. This patch therefore
clarifies the overall code flow by folding those functions into their
call site.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch makes a general cleanup of the address mangling logic in
ppc_hash64_htab_lookup(). In particular it now avoids repeatedly switching
on the segment size. The lack of SLB and multiple segment sizes on 32-bit
means an analogous cleanup is not needed there.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
find_pte{32,64}() are poorly named, since they both find a PTE and do
permissions checking of it. This patch makes them only locate a matching
PTE, moving the permission checking and other logic to the caller. We
rename the resulting search functions ppc_hash{32,64}_htab_lookup().
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
find_pte{32,64}() are not particularly well named. They only "find" a PTE
within a given PTE group, and they also do permissions checking and other
things.
This patch makes it somewhat close to matching the name, by folding the
search of both primary and secondary hash bucket into it, along with the
various address bit shuffling to determine the right hash buckets.
In the 32-bit case we also remove the code for splitting large pages into
4k pieces for the qemu tlb, since no 32-bit hash MMUs support multiple page
sizes.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
find_pte{32,64{() do several things. First they search through a PTEG
ooking for a PTE matching our virtual address. Then they do permissions
checking and other processing on that PTE.
This patch separates the search by VA out from the rest. The search is
combined with the pte{32,64}_match() functions into new
ppc_has{32,64}_pteg_search() functions.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
BEHAVIOUR CHANGE
The ppc hash mmu hashes each virtual address to a primary and secondary
possible hash bucket (aka PTE group or PTEG) each with 8 PTEs. Then we
need a linear search through the PTEs to find the correct one for the
virtual address we're translating.
It is a programming error for the guest to insert multiple PTEs mapping the
same virtual address into a PTEG - in this case the ppc architecture says
the MMU can either act as if just one was present, or give a machine check.
Currently our code takes the first matching PTE in a PTEG if it finds a
successful translation. But if a matching PTE is found, but permission
bits don't allow the access, we keep looking through the PTEG, checking
that any other matching PTEs contain an identical translation.
That behaviour is perhaps not exactly wrong, but it's certainly not useful.
This patch changes it to always just find the first matching PTE in a PTEG.
In addition, if we get a permissions problem on the primary PTEG, we then
search the secondary PTEG. This is incorrect - a permission denying PTE
in the primary PTEG should not be overwritten by an access granting PTE in
the secondary (although again, it would be a programming error for the
guest to set up such a situation anyway). So additionally we update the
code to only search the secondary PTEG if no matching PTE is found in the
primary at all.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
On the ppc hash mmus, no-execute can be set at the segment level (on more
recent 64-bit hash mmus it can also be set at the page level). This patch
separates out this check to make it clearer what is going on, and avoiding
excessive indentation of the remaining translation code.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
This further separates the unusual case handling of direct store segments
from the main translation path by moving its logic into a helper function,
with some tiny cleanups along the way.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
At present a large chunk of ppc_hash32_translate() is taken up with an
ugly if selecting between direct store segments (hardly ever used) and
normal paged segments. This patch clarifies the flow of code by
handling direct store segments immediately then returning, leaving the
straight line code to describe the normal MMU path.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
After previous work, ppc_hash{32,64}_get_physical_address() are almost
trivial wrappers around get_segment{32,64}() which does nearly all the work of
translating an address according to the hash mmu model. Therefore combine the
two functions into one, under the better name of
ppc_hash{32,64}_translate().
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The eaddr field of mmu_ctx_hash{32,64} is effectively just used to pass the
effective address from get_segment{32,64}() to find_pte{32,64}(). Just
pass it as a normal parameter instead.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The nx field in mmu_ctx_hash64 is used in two different functions. But its
used for slightly different things in each place, and the value is never
propagated between them. In other words, it might as well be two local
variables. This patch makes it so.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
In ppc env->access_type is updated by e.g. integer load/stores with
ACCESS_INT floating point load/stores with ACCESS_FLOAT and so forth. In
hash mmu fault paths it can also b set to ACCESS_CODE for instruction
fetch accesses.
But the only place which uses anything more of the access_type than
whether it is instruction fetch or data access is the direct store segment
handling. Instruction versus data access can be more simply determined
from the rw value passed down from the top.
This changes the code to use rw in preference to checking access_type.
For the 32-bit case there is a small amount of code (for direct store
segments) that still needs the full access type. Instead of passing it
all the way down the stack, we retrieve it from the env structure, which
is where it came anyway, before this patch.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
On real hardware the ppc hash page table is stored in memory; accordingly
our mmu emulation code can read a hash page table in guest memory. But,
when paravirtualized under PAPR, the real hash page table is in host
memory, accessible to the guest only via hypercalls. We model this by
also allowing the MMU emulation code to access a specially allocated hash
page table outside the guest's memory image. At present these two options
are implemented with some ugly conditionals at each access point in the mmu
emulation code. In the implementation of the PAPR hypercalls, we assume
the external hash table.
This patch cleans things up by adding helpers to load and store from the
hash table for both 32-bit and 64-bit hash mmus. The 64-bit versions
handle both the in-guest-memory and outside guest memory cases. The 32-bit
versions only handle the in-guest-memory case since no 32-bit systems can
have an external hash table at present.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently cpu.h contains a number of definitions relating to the 64-bit
hash MMU. Some are used in the MMU emulation code, but some are only used
in the spapr MMU management hcall implementations.
This patch moves these definitions (except for a few that are needed
more widely) into mmu-hash64.h header, shared between the MMU emulation
code and the spapr hcall code. The MMU emulation code is also updated to
actually use a number of those definitions in place of hard coded
constants.
Similarly, we add new analogous definitions to mmu-hash32.h and use those
in place of many hard-coded constants in mmu-hash32.c
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[agraf: fix 32-bit hosts]
Signed-off-by: Alexander Graf <agraf@suse.de>
mmu_ctx_t is currently defined in cpu.h. However it is used for temporary
information relating to mmu translation, and is only used in mmu_helper.c
and (now) mmu-hash{32,64}.c. Furthermore it contains information which
should be specific to particular MMU types. Therefore, move its definition
to mmu_helper.c. mmu-hash{32,64}.c are converted to use new data types
private to the relevant MMUs (identical to mmu_ctx_t for now, but that will
change in future patches).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The functions for looking up BATs (Block Address Translation - essentially
a level 0 TLB) are shared between the classic 32-bit hash MMUs and the
6xx style software loaded TLB implementations.
This patch splits out a copy for the 32-bit hash MMUs, to facilitate
cleaning it up. The remaining version is left, but cleaned up slightly
to no longer deal with PowerPC 601 peculiarities (601 has a hash MMU).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The get_pteg_offset() helper function is currently shared between 32-bit
and 64-bit hash mmus, taking a parameter for the hash pte size. In the
64-bit paths, it's only called in one place, and it's a trivial
calculation. This patch, therefore, open codes it for 64-bit. The
remaining version, which is used in two places is made 32-bit only and
moved to mmu-hash32.c.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The newly separated paths for hash mmus rely on several helper functions
which are still shared with 32-bit hash mmus: pp_check(), check_prot() and
pte_update_flags(). While these don't have ugly ifdefs on the mmu type,
they're not very well thought out, so sharing them impedes cleaning up the
hash mmu paths. For now, put near-duplicate versions into mmu-hash64.c and
mmu-hash32.c, leaving the old version in mmu_helper.c for 6xx software
loaded tlb implementations. The hash 32 and software loaded
implementations are simplfied slightly, using the fact that no 32-bit CPUs
implement the 3rd page protection bit.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
cpu_get_phys_page_debug() is a trivial wrapper around
get_physical_address(). But even the signature of
get_physical_address() has some things we'd like to clean up on a
per-mmu basis, so this patch moves the test on mmu model out to
cpu_get_phys_page_debug(), moving the version for 64-bit hash MMUs out
to mmu-hash64.c and the version for 32-bit hash MMUs to mmu-hash32.c
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
cpu_ppc_handle_mmu_fault() calls get_physical_address() (whose behaviour
depends on MMU type) then, if that fails, issues an appropriate exception
- which again has a number of dependencies on MMU type.
This patch starts converting cpu_ppc_handle_mmu_fault() to have a
single switch on MMU type, calling MMU specific fault handler
functions which deal with both translation and exception delivery
appropriately for the MMU type. We convert 32-bit and 64-bit hash
MMUs to this new model, but the existing code is left in place for
other MMU types for now.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Depending on the MSR state, for 64-bit hash MMUs, get_physical_address
can either call check_physical (which has further tests for mmu type)
or get_segment64. Similarly for 32-bit hash MMUs we can either call
check_physucal or get_bat() and get_segment32().
This patch splits off the whole get_physical_addresss() path for hash
MMUs into 32-bit and 64-bit versions, handling real mode correctly for
such MMUs without going to check_physical and rechecking the mmu type.
Correspondingly, the hash MMU specific paths in check_physical() are
removed.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently get_physical_address() first checks to see if translation is
enabled in the MSR, then in the translation on case switches on the mmu
type. Except that for BookE MMUs, translation is always on, and so it
has to switch in the "translation off" case as well and do the same thing
as the translation on path for those MMUs. Plus, even translation off
doesn't behave exactly the same on the various MMU types so there are
further mmu type checks in the "translation off" path.
As a first step to cleaning this up, this patch moves the switch on mmu
type to the top level, then makes the translation on/off check just for
those mmu types where it is meaningful.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The poorly named get_segment() function handles most of the address
translation logic for hash-based MMUs. It has many ugly conditionals on
whether the MMU is 32-bit or 64-bit.
This patch splits the function into 32 and 64-bit versions, using the
switch on mmu_type that's already in the caller
(get_physical_address()) to select the right one. Most of the
original function remains in mmu_helper.c to support the 6xx software
loaded TLB implementations (cleaning those up is a project for another
day).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
32-bit and 64-bit hash MMU implementations currently share a find_pte
function. This results in a whole bunch of ugly conditionals in the shared
function, and not all that much actually shared code.
This patch separates out the 32-bit and 64-bit versions, putting then
in mmu-hash64.c and mmu-has32.c, and removes the conditionals from
both versions.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently support for both 32-bit and 64-bit hash MMUs share an
implementation of pte_check. But there are enough differences that this
means the shared function has several very ugly conditionals on "is_64b".
This patch cleans things up by separating out the 64-bit version
(putting it into mmu-hash64.c) and the 32-bit hash version (putting it
in mmu-hash32.c). Another copy remains in mmu_helper.c, which is used
for the 6xx software loaded TLB paths.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
As a first step to disentangling the handling for 64-bit hash MMUs from
the rest, we move the code handling the Segment Lookaside Buffer (SLB)
(which only exists on 64-bit hash MMUs) into a new mmu-hash64.c file.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
One LOG_MMU statement in mmu_helper.c has an odd check on the effective
address being translated. I can see no reason for this; I suspect it was
a debugging hack from long ago. This patch removes it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
This removes the never-used pte64_invalidate() function, and makes
ppcmas_tlb_check() static, since it's only used within that file.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The PowerPC 620 was the very first 64-bit PowerPC implementation, but
hardly anyone ever actually used the chips. qemu notionally supports the
620, but since we don't actually have code to implement the segment table,
the support is broken (quite likely in other ways too).
This patch, therefore, removes all remaining pieces of 620 support, to
stop it cluttering up the platforms we actually care about. This includes
removing support for the ASR register, used only on segment table based
machines.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Although the support of this register may be uncomplete, there are no
reason to prevent the debugger from reading or writing it.
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently, the pseries machine initializes the cpus, then the XICS
interrupt controller. However, to support the upcoming in-kernel XICS
implementation we will need to initialize the irq controller before the
vcpus. This patch makes the necesssary rearrangement. This means the
xics init code can no longer auto-detect the number of cpus ("interrupt
servers" in XICS terminology) and so we must pass that in explicitly from
the platform code.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Ben Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
target-ppc/kvm.c has an #ifdef on CONFIG_PSERIES, for the handling of
KVM exits due to a PAPR hypercall from the guest. However, since commit
e4c8b28cde "ppc: express FDT dependency of
pSeries and e500 boards via default-configs/", this hasn't worked properly.
That patch altered the configuration setup so that although CONFIG_PSERIES
is visible from the Makefiles, it is not visible from C files. This broke
the pseries machine when KVM is in use.
This patch makes a quick and dirty fix, by removing the CONFIG_PSERIES
dependency, replacing it with TARGET_PPC64 (since removing it entirely
leads to type mismatch errors). Technically this breaks the build when
configured with --disable-fdt, since that disables CONFIG_PSERIES on
TARGET_PPC64. However, it turns out the build was already broken in that
case, so this fixes pseries kvm without breaking anything extra. I'm
looking into how to fix that build breakage, but I don't think that need
delay applying this patch.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently the "spapr-pci-host-bridge" device has a "busname" property which
can be used to override the default assignment of qbus names for the bus
subordinate to the PHB. We use that for the default primary PCI bus, to
make libvirt happy, which expects there to be a bus named simply "pci".
The default qdev core logic would name the bus "pci.0", and the pseries
code would otherwise name it "pci@800000020000000" which is the name it
is given in the device tree based on its BUID.
The "busname" property is rather clunky though, so this patch simplifies
things by just using a special case hack for the default PHB, setting
busname to "pci" when index=0.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Commit 259186a7d2 "cpu: Move halted and
interrupt_request fields to CPUState" broke the pseries machine. That's
because it uses CPU() instead of ENV_GET_CPU() to convert from the global
first_cpu pointer (still a CPUArchState) to a CPUState. This patch fixes
the breakage.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
This fixes the build of hw/serial.c with DEBUG_SERIAL enabled.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fix various typos and misspellings. The bulk of these were found with
codespell.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Instead of adding missing type casts which are needed by MinGW for the
4th argument, the patch uses qemu_setsockopt which was invented for this
purpose.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Now that virtio-ccw and s390-virtio define all common properties
for virtio-blk, we can switch to using the generic
DEFINE_VIRTIO_BLK_PROPERTIES macro.
CC: Alexander Graf <agraf@suse.de>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
There's no reason why we wouldn't want to make the cache mode
configurable.
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
# By Gerd Hoffmann
# Via Gerd Hoffmann
* kraxel/ipxe.2:
Switch to efi-enabled nic roms by default
Add efi rom binaries
Add Makefile rules to build nic rom binaries with efi support
Update ipxe submodule to latest master
Add Makefile rules to build nic rom binaries
Seabios already added a new device type to halt booting.
Qemu can add "HALT" at the end of bootindex string, then
seabios will halt booting after trying to boot from all
selected devices.
This patch added a new boot option to configure if boot
from un-selected devices.
This option only effects when boot priority is changed by
bootindex options, the old style(-boot order=..) will still
try to boot from un-selected devices.
v2: add HALT entry in get_boot_devices_list()
v3: rebase to latest qemu upstream
Signed-off-by: Amos Kong <akong@redhat.com>
Message-id: 1363674207-31496-1-git-send-email-akong@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Stefan Hajnoczi (2) and others
# Via Kevin Wolf
* kwolf/for-anthony:
virtio-blk: Do not segfault fault if failed to initialize dataplane
qemu-iotests: add 052 BDRV_O_SNAPSHOT test
block: fix BDRV_O_SNAPSHOT protocol detection
qcow2: Fix segfault in qcow2_invalidate_cache
sheepdog: show error message for halt status
qemu_chr_fe_add_watch() can return negative errors, therefore it must
not have an unsigned return type. For consistency with other
qemu_chr_fe_* functions, this uses a standard C int instead of glib
types.
In situations where qemu_chr_fe_add_watch() is falsely assumed to have
succeeded, the serial ports would go into a state where it never becomes
ready for transmitting more data; this is fixed by this patch.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
$ ~/usr/bin/qemu-system-x86_64 -enable-kvm -m 1024 -drive if=none,id=drive0,cache=none,aio=native,format=raw,file=/root/Image/centos-6.4.raw -device virtio-blk-pci,drive=drive0,scsi=off,x-data-plane=on,config-wce=on # make dataplane fail to initialize
qemu-system-x86_64: -device virtio-blk-pci,drive=drive0,scsi=off,x-data-plane=on,config-wce=on: device is incompatible with x-data-plane, use config-wce=off
*** glibc detected *** /root/usr/bin/qemu-system-x86_64: free(): invalid pointer: 0x00007f001fef12f8 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7d776)[0x7f00153a5776]
/root/usr/bin/qemu-system-x86_64(+0x2c34ec)[0x7f001cf5b4ec]
/root/usr/bin/qemu-system-x86_64(+0x342f9a)[0x7f001cfdaf9a]
/root/usr/bin/qemu-system-x86_64(+0x33694e)[0x7f001cfce94e]
....................
(gdb) bt
#0 0x00007f3bf3a12015 in raise () from /lib64/libc.so.6
#1 0x00007f3bf3a1348b in abort () from /lib64/libc.so.6
#2 0x00007f3bf3a51a4e in __libc_message () from /lib64/libc.so.6
#3 0x00007f3bf3a57776 in malloc_printerr () from /lib64/libc.so.6
#4 0x00007f3bfb60d4ec in free_and_trace (mem=0x7f3bfe0129f8) at vl.c:2786
#5 0x00007f3bfb68cf9a in virtio_cleanup (vdev=0x7f3bfe0129f8) at /root/Develop/QEMU/qemu/hw/virtio.c:900
#6 0x00007f3bfb68094e in virtio_blk_device_init (vdev=0x7f3bfe0129f8) at /root/Develop/QEMU/qemu/hw/virtio-blk.c:666
#7 0x00007f3bfb68dadf in virtio_device_init (qdev=0x7f3bfe0129f8) at /root/Develop/QEMU/qemu/hw/virtio.c:1092
#8 0x00007f3bfb50da46 in device_realize (dev=0x7f3bfe0129f8, err=0x7fff479c9258) at hw/qdev.c:176
.............................
In virtio_blk_device_init(), the memory which vdev point to is a static
member of "struct VirtIOBlkPCI", not heap memory, and it does not
get freed. So we shoule use virtio_common_cleanup() to clean this VirtIODevice
rather than virtio_cleanup(), which attempts to free the vdev.
This error was introduced by commit 05ff686536
recently.
Signed-off-by: Dunrong Huang <huangdr@cloud-times.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Check that writes to an image opened with BDRV_O_SNAPSHOT do not modify
the underlying image file.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
realpath(3) is used to get an absolute path to the image file when
creating a -drive snapshot=on temporary qcow2. This does not work for
protocols since their filenames ("proto:foo:...") do not correspond to
file system paths.
Commit 7c96d46ec2 ("Let snapshot work with
protocols") skipped realpath(3) for protocols. Later on the "raw"
format was introduced and broke the check.
Use path_has_protocol(filename) to decide if this image uses a protocol
or a filename.
Reported-by: Richard Jones <rjones@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Need to pass an options QDict to qcow2_open() now. This fixes a segfault
on the migration target with qcow2.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Sheepdog (neither quorum nor unsafe mode) will refuse to serve IO requests when
number of alive nodes is less than that of copies specified by users. This will
return 0x19 to QEMU client which currently doesn't recognize it.
This patch adds an error description when QEMU client receives it, other than
plainly printing 'Invalid error code'
Cc: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Liu Yuan <tailai.ly@taobao.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
As the probe now actually checks for the availability of GLX, rename it
accordingly. The only user of this feature is the milkymist-tmu2 model.
Signed-off-by: Michael Walle <michael@walle.cc>
Probe for GL and GLX symbols and X11 library. This fixes a build error
where the header files are available but the libraries are not.
Signed-off-by: Michael Walle <michael@walle.cc>
The tlb data is stored within the CPU env. Therefore, the initialization
has to be done after we clear the environment. Otherwise the tlb will have
a valid entry for address 0x0.
Signed-off-by: Michael Walle <michael@walle.cc>
CPU models which have the LM32_FLAG_IGNORE_MSB flag set will shadow the
lower 2GB to the upper 2GB memory space. This will fix the debug memory
access used by qemu console and GDB to match this behaviour.
Signed-off-by: Michael Walle <michael@walle.cc>
These structures must be made public to avoid two memory allocations for
refactored virtio devices.
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Message-id: 1363624648-16906-2-git-send-email-fred.konrad@greensocs.com
Changes V4 <- V3:
* Rebased on current git.
Changes V3 <- V2:
* Style correction spotted by Andreas (virtio-scsi.h).
* Style correction for virtio-net.h.
Changes V2 <- V1:
* Move the dataplane include into the header (virtio-blk).
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Switch the few remaining ds_get_* uses in console.c over to the new
surface_* accessors.
While doing so tripped over a few leftovers from commit
a93a4a226a (code using depth == 0
as indicator for textmode rendering). Fixed them up.
Finally dropped ds_get_* helper helpers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Now that nobody depends on DisplayState in DisplayChangeListener
callbacks any more we can remove the parameter from all callbacks.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Rework DisplayStateListener callbacks to not use the DisplayState
any more. Factor out the window size handling to a separate function,
so the zoom callbacks can call that directly instead of abusing the
gd_switch DisplayStateListener callback for that.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add convinence wrappers to query DisplaySurface properties.
Simliar to ds_get_*, but operating in the DisplaySurface
not the DisplayState.
With this patch in place ui frontents can stop using DisplayState
in the rendering code paths, they can simply operate using the
DisplaySurface passed in via dpy_gfx_switch callback.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Replace the dpy_gfx_resize and dpy_gfx_setdata DisplayChangeListener
callbacks with a dpy_gfx_switch callback which notifies the ui code
when the framebuffer backing storage changes.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Decouple DisplaySurface allocation & deallocation from DisplayState.
Replace dpy_gfx_resize + dpy_gfx_setdata with a dpy_gfx_replace_surface
function.
This handles the graphic hardware emulation.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Ask the vga core to update the display. Will trigger dpy_gfx_resize
if needed. More complete than just calling dpy_gfx_resize.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
DisplayChangeListener is passed now to all DisplayChangeListenerOps
callbacks, so we can use that to access the qxl state and kill the
qxl0 global variable.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
DisplayChangeListener is passed now to all DisplayChangeListenerOps
callbacks, so we can use that to access the spice display state and
kill the sdpy global variable.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
It's broken by design. There can be multiple DisplayChangeListener
instances, so they simply can't store state in the (single) DisplayState
struct. Try 'qemu -display gtk -vnc :0', watch it crash & burn.
With DisplayChangeListenerOps having a more sane interface now we can
simply use the DisplayChangeListener pointer to get access to our
private data instead.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Split callbacks into separate Ops struct. Pass DisplayChangeListener
pointer as first argument to all callbacks. Uninline a bunch of
display functions and move them from console.h to console.c
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
All PCI nics are switched to EFI-enabled roms by default. They are
composed from three images (legacy, efi ia32 & efi x86), so classic
pxe booting will continue to work.
Exception: eepro100 is not switched, it uses a single rom for all
emulated eepro100 variants, then goes patch the rom header on the
fly with the correct PCI IDs. I doubt that will work as-is with
the efi roms.
Keep old roms for 1.4+older machine types via compat properties,
needed because the efi-enabled roms are larger so the pci rom bar
size would change.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
"make -C roms efirom" will build rom binaries with EFI support.
They are composed from three images: legacy bios, efi ia32
and efi x64. So netbooting via SeaBIOS will continue to work
like it does today, and additionally we get network support
for EFI. This target needs the EfiRom utility (shipped with
edk2) somewhere in the $PATH.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Needed for efi support.
ipxe is grown a bit, so *not* recompiling the (non-efi) pxe roms
because that would make some pxe roms larger than 64k, which in
turn would be a guest-visible change because the rom bar size
grows from 64k to 128k.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
"make -C roms pxerom" will build the ipxe roms and update
the binaries in pc-bios/, i.e. it basically documents how
the build process of our current nic roms works.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit 259186a7 "cpu: Move halted and interrupt_request fields to CPUState"
seems to have missed one instance in target-s390x/kvm.c:
/home/cohuck/git/qemu/target-s390x/kvm.c: In function ‘kvm_arch_process_async_events’:
/home/cohuck/git/qemu/target-s390x/kvm.c:319: error: ‘CPUS390XState’ has no member named ‘halted’
/home/cohuck/git/qemu/target-s390x/kvm.c:320: warning: control reaches end of non-void function
make[1]: *** [target-s390x/kvm.o] Error 1
Let's just switch to cs->halted.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Alexander Graf <agraf@suse.de>
Acked-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* 'arm-devs.next' of git://git.linaro.org/people/pmaydell/qemu-arm:
xilinx_spips: QOM styling fixes
xilinx_spips: Add missing dual-bus snoop commands
xilinx_spips: Fix bus setup conditional check
xilinx_spips: Set unused IRQs to NULL
xilinx_zynq: added pl330 to machine model
pl330: Initial version
iov: Factor out hexdumper
hw/vexpress: Set reset values for daughterboard oscillators
hw/arm_sysctl: Implement SYS_CFG_OSC function
hw/vexpress: Pass voltage sensor properties to sysctl device
hw/arm_sysctl: Implement SYS_CFG_VOLT
qdev: Implement (variable length) array properties
hw/arm_sysctl: Convert from qdev init to instance_init
hw/arm_sysctl: Implement SYS_CFG_DVIMODE as a no-op
hw/arm_sysctl: Implement SYS_CFG_MUXFPGA writes as a no-op
hw/arm_sysctl: Handle SYS_CFGCTRL in a more structured way
hw/vexpress: Pass proc_id via VEDBoardInfo
libvirt has a long-standing bug: when removing the device,
it can request removal but does not know when the
removal completes. Add an event so we can fix this in a robust way.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Fix for rndrashift_short_acc to set correct value to higher 64 bits.
This change also corrects conditions when bit 23 of the DSPControl register
is set.
The existing test files have been extended with several examples that
trigger the issues. One bug/example in the test file for EXTR_RS_W has been
found and reported by Klaus Peichl.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Implement the SYS_CFG_OSC function. Since the idea of
programmable clock rates doesn't make much sense for QEMU,
we simply allow the clock rate to be read back as written.
The number and value of the daughterboard oscillators varies
between daughterboards, so we provide an array property to
allow their reset values to be configured.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Implement the SYS_CFG_VOLT registers which return the voltage
of various supplies on motherboard and daughterboard. Since
QEMU implements a perfectly stable power supply these registers
always return a constant value. The number and value of the
daughterboard voltages is dependent on the specific daughterboard,
so we use a property array to allow the board to configure them
appropriately.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add support for declaring array properties for qdev devices.
These work by defining an initial static property 'len-arrayname'
which the user of the device should set to the desired size
of the array. When this property is set, memory is allocated
for the array elements, and dynamic properties "arrayname[0]",
"arrayname[1]"... are created so the user of the device can
then set the values of the individual array elements.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Convert this device from old-style qdev init to an instance_init
function. We don't need a realize function yet, though.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
SYS_CFG_DVIMODE allows the guest to select whether the
output DVI signal is VGA, SVGA, XGA, SGA or UXGA. Since
this makes no difference to QEMU, implement writes as a
no-op so Linux doesn't complain.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
SYS_CFG_MUXFPGA allows the guest to select whether the
video output should come from the motherboard's LCD
controller or the daughterboard's one. Since QEMU doesn't
currently support selecting the video output like this,
implement as a no-op, so Linux doesn't complain about
the register not being implemented.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The SYS_CFGCTRL register consists of separate fields
for DCC, function, site, position and device, as well
as a read/write bit. Refactor the code handling SYS_CFGCTRL
writes to make it easier to add support for functions
like SYS_CFG_OSC which support multiple device fields.
We also pull the handling out into its own function for
clarity, as there are potentially a lot of implementable
subfunctions.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Pass the daughterboard-specific proc_id property to the code that
creates the sysctl device via the VEDBoardInfo struct, rather than
by having the daughterboard init function write to a uint32_t*
argument. This is a cleaner way to pass the info around, and
is in line with the way we are going to handle voltage and
oscillator initialization.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Currently the Makefile creates TAGS for emacs with the command:
find "$(SRC_PATH)" -name '*.[hc]' -print0 | xargs -0 etags
That works only if xargs ends up invoking etags just once. If xargs runs
etags several times, as it will if there are enough files, then the later
invocations will overwrite the output from the earlier invocations. This
patch uses the etags --append option to fix the bug.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Message-id: 1363057048-21534-1-git-send-email-david@gibson.dropbear.id.au
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Stefan Hajnoczi (14) and others
# Via Stefan Hajnoczi
* stefanha/block: (28 commits)
blockdev: Fix up copyright and permission notice
qemu-iotests: use -nographic in test case 007
qemu-iotests: add tests for rebasing zero clusters
dataplane: fix hang introduced by AioContext transition
coroutine: use AioContext for CoQueue BH
threadpool: drop global thread pool
block: add bdrv_get_aio_context()
aio: add a ThreadPool instance to AioContext
threadpool: add thread_pool_new() and thread_pool_free()
threadpool: move globals into struct ThreadPool
main-loop: add qemu_get_aio_context()
sheepdog: set io_flush handler in do_co_req
sheepdog: use non-blocking fd in coroutine context
qcow2: make is_allocated return true for zero clusters
qcow2: drop unnecessary flush in qcow2_update_snapshot_refcount()
qcow2: drop flush in update_cluster_refcount()
qcow2: flush in qcow2_update_snapshot_refcount()
qcow2: set L2 cache dependency in qcow2_alloc_bytes()
qcow2: flush refcount cache correctly in qcow2_write_snapshots()
qcow2: flush refcount cache correctly in alloc_refcount_block()
...
# By Christian Borntraeger (1) and Cornelia Huck (1)
# Via Cornelia Huck
* cohuck/virtio-ccw-upstr:
virtio-ccw: Wire up virtio-rng.
virtio-ccw: remove qdev_unparent in unplug routing
Screwed up in commit 666daa68. Thanks to Kevin Wolf for reminding me
to fix this.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
A comment explains that -nographic hangs test case 007. This is no
longer the case so add -nographic. This makes the test suite faster and
more pleasant to run since no windows pop up.
I am not sure exactly when -nographic starting working for this case but
there is no fundamental reason why graphics are needed here. Make sure
the serial port is not on stdio, it would conflict with the monitor.
Also remove unnecessary trailing whitespace on these lines.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Kevin Wolf <kwolf@redhat.com>
If zero clusters are erroneously treated as unallocated, "qemu-img rebase"
will copy the backing file's contents onto the cluster.
The bug existed also in image streaming, but since the root cause was in
qcow2's is_allocated implementation it is enough to test it with qemu-img.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The bug is that the EventNotifiers do have a NULL io_flush callback.
Because _none_ of the callbacks on the dataplane AioContext have such a
callback, aio_poll will simply do nothing. Fixed by adding the callbacks:
the ioeventfd will always be polled (this can change in the future to
pause/resume the processing during live snapshots or similar operations);
the ioqueue will be polled if there are outstanding requests.
I must admit I have screwed up my testing somehow, because commit
2c20e71 does not work even if cherry-picked on top of 1.4.0, and this
patch fixes it there as well.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
CoQueue uses a BH to awake coroutines that were made ready to run again
using qemu_co_queue_next() or qemu_co_queue_restart_all(). The BH
currently runs in the iothread AioContext and would break coroutines
that run in a different AioContext.
This is a slightly tricky problem because the lifetime of the BH exceeds
that of the CoQueue. This means coroutines can be awoken after CoQueue
itself has been freed. Also, there is no qemu_co_queue_destroy()
function which we could use to handle freeing resources.
Introducing qemu_co_queue_destroy() has a ripple effect of requiring us
to also add qemu_co_mutex_destroy() and qemu_co_rwlock_destroy(), as
well as updating all callers. Avoid doing that.
We also cannot switch from BH to GIdle function because aio_poll() does
not dispatch GIdle functions. (GIdle functions make memory management
slightly easier because they free themselves.)
Finally, I don't want to move unlock_queue and unlock_bh into
AioContext. That would break encapsulation - AioContext isn't supposed
to know about CoQueue.
This patch implements a different solution: each qemu_co_queue_next() or
qemu_co_queue_restart_all() call creates a new BH and list of coroutines
to wake up. Callers tend to invoke qemu_co_queue_next() and
qemu_co_queue_restart_all() occasionally after blocking I/O, so creating
a new BH for each call shouldn't be massively inefficient.
Note that this patch does not add an interface for specifying the
AioContext. That is left to future patches which will convert CoQueue,
CoMutex, and CoRwlock to expose AioContext.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Now that each AioContext has a ThreadPool and the main loop AioContext
can be fetched with bdrv_get_aio_context(), we can eliminate the concept
of a global thread pool from thread-pool.c.
The submit functions must take a ThreadPool* argument.
block/raw-posix.c and block/raw-win32.c use
aio_get_thread_pool(bdrv_get_aio_context(bs)) to fetch the main loop's
ThreadPool.
tests/test-thread-pool.c must be updated to reflect the new
thread_pool_submit() function prototypes.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
For now bdrv_get_aio_context() is just a stub that calls
qemu_aio_get_context() since the block layer is currently tied to the
main loop AioContext.
Add the stub now so that the block layer can begin accessing its
AioContext.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
This patch adds a ThreadPool to AioContext. It's possible that some
AioContext instances will never use the ThreadPool, so defer creation
until aio_get_thread_pool().
The reason why AioContext should have the ThreadPool is because the
ThreadPool is bound to a AioContext instance where the work item's
callback function is invoked. It doesn't make sense to keep the
ThreadPool pointer anywhere other than AioContext. For example,
block/raw-posix.c can get its AioContext's ThreadPool and submit work.
Special note about headers: I used struct ThreadPool in aio.h because
there is a circular dependency if aio.h includes thread-pool.h.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
ThreadPool is tied to an AioContext through its event notifier, which
dictates in which AioContext the work item's callback function will be
invoked.
In order to support multiple AioContexts we need to support multiple
ThreadPool instances.
This patch adds the new/free functions. The free function deserves
special attention because it quiesces remaining worker threads. This
requires a new condition variable and a "stopping" flag to let workers
know they should terminate once idle.
We never needed to do this before since the global threadpool was not
explicitly destroyed until process termination.
Also stash the AioContext pointer in ThreadPool so that we can call
aio_set_event_notifier() in thread_pool_free(). We didn't need to hold
onto AioContext previously since there was no free function.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Move global variables into a struct so multiple thread pools can be
supported in the future.
This patch does not change thread-pool.h interfaces. There is still a
global thread pool and it is not yet possible to create/destroy
individual thread pools. Moving the variables into a struct first makes
later patches easier to review.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
It is very useful to get the main loop AioContext, which is a static
variable in main-loop.c.
I'm not sure whether qemu_get_aio_context() will be necessary in the
future once devices focus on using their own AioContext instead of the
main loop AioContext, but for now it allows us to refactor code to
support multiple AioContext while actually passing the main loop
AioContext.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Using a blocking socket in the coroutine context reduces the chance of
switching to other work. This patch makes the sheepdog driver use a
non-blocking fd always.
Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Otherwise, live migration of the top layer will miss zero clusters and
let the backing file show through. This also matches what is done in qed.
QCOW2_CLUSTER_ZERO clusters are invalid in v2 image files. Check this
directly in qcow2_get_cluster_offset instead of replicating the test
everywhere.
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
We already flush when the function completes. There is no need to flush
after every compressed cluster.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The update_cluster_refcount() function increments/decrements a cluster's
refcount and then returns the new refcount value.
There is no need to flush since both update_cluster_refcount() callers
already take care of this:
1. qcow2_alloc_bytes() calls update_cluster_refcount() when compressed
sectors will be appended to an existing cluster with enough free
space. qcow2_alloc_bytes() already flushes so there is no need to do
so in update_cluster_refcount().
2. qcow2_update_snapshot_refcount() sets a cache dependency on refcounts
if it needs to update L2 entries. It also flushes before completing.
Removing this flush significantly speeds up qcow2 snapshot creation:
$ qemu-img create -f qcow2 test.qcow2 -o size=50G,preallocation=metadata
$ time qemu-img snapshot -c new test.qcow2
Time drops from more than 3 minutes to under 1 second.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Users of qcow2_update_snapshot_refcount() do not flush consistently.
qcow2_snapshot_create() flushes but qcow2_snapshot_goto() and
qcow2_snapshot_delete() do not.
Solve this by moving the bdrv_flush() into
qcow2_update_snapshot_refcount().
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Compressed writes use qcow2_alloc_bytes() to allocate space with byte
granularity. The affected clusters' refcounts will be incremented but
we do not need to flush yet.
Set a L2 cache dependency on the refcount block cache, so that the
refcounts get written out before the L2 updates.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Since qcow2 metadata is cached we need to flush the caches, not just the
underlying file. Use bdrv_flush(bs) instead of bdrv_flush(bs->file).
Also add the error return path when bdrv_flush() fails and move the
flush after checking for qcow2_alloc_clusters() failure so that the
qcow2_alloc_clusters() error return value takes precedence.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
update_refcount() affects the refcount cache, it does not write to disk.
Therefore bdrv_flush(bs->file) does nothing. We need to flush the
refcount cache in order to write out the refcount updates!
While we're here also add error returns when qcow2_cache_flush() fails.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
qcow2 images now accept a boolean lazy_refcounts options. Use it like
this:
-drive file=test.qcow2,lazy_refcounts=on
If the option is specified on the command line, it overrides the default
specified by the qcow2 header flags that were set when creating the
image.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Pointing to a QemuOpts element is surprising and can lead to subtle
use-after-free errors when the QemuOpts is freed after all options are
parsed.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This adds a function that adds all entries of a QDict to a QemuOpts if
the keys are known, and leaves only the rest in the QDict.
This way a single QDict of -drive options can be processed in multiple
places (generic block layer, block driver, backing file block driver,
etc.), where each part picks the options it knows. If at the end of the
process the QDict isn't empty, the user specified an invalid option.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The options are passed down to the block drivers, which are supposed to
remove all options they have processed. Anything that is left over in
the end is an unknown option and results in an error.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* kraxel/chardev.5:
spice-qemu-char: Remove dead debugging code
spice-qemu-char: Fix name parameter issues after qapi-ifying
qemu-char.c: fix waiting for telnet connection message
Revert "hmp: Disable chardev-add and chardev-remove"
chardev: add udp support to qapi
chardev: add memory (ringbuf) support to qapi
chardev: add vc support to qapi
chardev: add spice support to qapi
chardev: add pipe support to qapi
chardev: add console support to qapi
chardev: switch pty init to qapi
chardev: switch parallel init to qapi
chardev: switch serial/tty init to qapi
chardev: add stdio support to qapi
chardev: switch file init to qapi
chardev: add braille support to qapi
chardev: add msmouse support to qapi
chardev: switch null init to qapi
chardev: add mux chardev support to qapi
chardev: add support for qapi-based chardev initialization
Conflicts:
ui/console.c
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Andreas Färber (16) and Igor Mammedov (1)
# Via Andreas Färber
* afaerber/qom-cpu:
target-lm32: Update VMStateDescription to LM32CPU
target-arm: Override do_interrupt for ARMv7-M profile
cpu: Replace do_interrupt() by CPUClass::do_interrupt method
cpu: Pass CPUState to cpu_interrupt()
exec: Pass CPUState to cpu_reset_interrupt()
cpu: Move halted and interrupt_request fields to CPUState
target-cris/helper.c: Update Coding Style
target-i386: Update VMStateDescription to X86CPU
cpu: Introduce cpu_class_set_vmsd()
cpu: Register VMStateDescription through CPUState
stubs: Add a vmstate_dummy struct for CONFIG_USER_ONLY
vmstate: Make vmstate_register() static inline
target-sh4: Move PVR/PRR/CVR into SuperHCPUClass
target-sh4: Introduce SuperHCPU subclasses
cpus: Replace open-coded CPU loop in qmp_memsave() with qemu_get_cpu()
monitor: Use qemu_get_cpu() in monitor_set_cpu()
cpu: Fix qemu_get_cpu() to return NULL if CPU not found
# By Laszlo Ersek (3) and others
# Via Michael Roth
* mdroth/qga-pull-3-11-2013:
qga: implement qmp_guest_set_vcpus() for Linux with sysfs
qga: implement qmp_guest_get_vcpus() for Linux with sysfs
qga: introduce guest-get-vcpus / guest-set-vcpus with stubs
qga: add guest-set-time command
qga: add guest-get-time command
qemu-ga: use key-value store to avoid recycling fd handles after restart
qemu-ga: make guest-sync-delimited available during fsfreeze
qemu-ga: fix confusing GAChannelMethod comparison
qga: cast to int for DWORD type
# By Peter Maydell (5) and others
# Via Riku Voipio
* riku/linux-user-for-upstream:
linux-user/syscall.c: Don't warn about unimplemented get_robust_list
linux-user: Implement accept4
linux-user: Implement sendfile and sendfile64
linux-user: make bogus negative iovec lengths fail EINVAL
linux-user: Fix layout of usage table to account for option text
linux-user: Add more sparc syscall numbers
linux-user: Support setgroups syscall with no groups
linux-user: fix futex strace of FUTEX_CLOCK_REALTIME
linux-user/syscall.c: handle FUTEX_WAIT_BITSET in do_futex
linux-user: improve print_fcntl()
linux-user: Add Alpha socket constants
Since commit d62e5f7036a018b2ad09f17ebd481bd28953d783
"chardev: add spice support to qapi"
It is impossible to set the debug parameter, so all the dprintf calls
are essentially nops. Since we've not needed the debug parameter in ages this
is not a problem, if it later turns out we do need some more debugging options
we can add more trace-points.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The strings passed in through the qapi calls are dynamic memory, since
we want to have them stick around longer then just the call to
qemu_chr_open_spice_* we need to strdup them.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
commit 01f45d986f
Author: Anthony Liguori <aliguori@us.ibm.com>
Date: Tue Mar 5 23:21:32 2013 +0530
qemu-char: move text console init to console.c
Broke vc initialization for GTK. It's a simple typo.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Current colon position in "waiting for telnet connection" message template
produces messages like:
QEMU waiting for connection on: telnet::127.0.0.16666,server
After moving a colon to the right, we will get a correct messages like:
QEMU waiting for connection on: telnet:127.0.0.1:6666,server
Signed-off-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds 'memory' support to qapi and also switches over
the memory chardev initialization to the new qapi code path.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds 'vc' support to qapi and also switches over the
vc chardev initialization to the new qapi code path.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds 'pipe' support to qapi and also switches over the
pipe chardev initialization to the new qapi code path.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds 'console' support to qapi and also switches over the
console chardev initialization to the new qapi code path.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch switches over the pty chardev initialization
to the new qapi code path.
Bonus: Taking QemuOpts out of the loop allows some nice
cleanups along the way.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds 'stdio' support to qapi and also switches over the
stdio chardev initialization to the new qapi code path.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds 'braille' support to qapi and also switches over
the braille chardev initialization to the new qapi code path.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds 'msmouse' support to qapi and also switches over
the msmouse chardev initialization to the new qapi code path.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch add support for a new way to initialize chardev devices.
Instead of calling a initialization function with a QemuOpts we will
now create a (qapi) ChardevBackend, optionally call a function to
fill ChardevBackend from QemuOpts, then go create the chardev using
the new qapi code path which is also used by chardev-add.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch allows to specify multiple directories where qemu should look
for data files. To implement that the behavior of the -L switch is
slightly different now: Instead of replacing the data directory the
path specified will be appended to the data directory list. So when
specifiying -L multiple times all directories specified will be checked,
in the order they are specified on the command line, instead of just the
last one.
Additionally the default paths are always appended to the directory
data list. This allows to specify a incomplete directory (such as the
seabios out/ directory) via -L. Anything not found there will be loaded
from the default paths, so you don't have to create a symlink farm for
all the rom blobs.
For trouble-shooting a tracepoint has been added, logging which blob
has been loaded from which location.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1362739344-8068-1-git-send-email-kraxel@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch adds support for cancelling an executing TPM command.
In Linux for example a user can cancel a command through the TPM's
sysfs 'cancel' entry using
echo "1" > /sysfs/class/misc/tpm0/device/cancel
This patch propagates the cancellation of a command inside a VM
to the host TPM's sysfs entry.
It also uses the possibility to cancel the command before QEMU VM
shutdown or reboot, which helps in preventing QEMU from hanging while
waiting for the completion of the command.
To relieve higher layers or users from having to determine the TPM's
cancel sysfs entry, the driver searches for the entry in well known
locations.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Reviewed-by: Joel Schopp <jschopp@linux.vnet.ibm.com>
Message-id: 1361987275-26289-7-git-send-email-stefanb@linux.vnet.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch is based of off version 9 of Stefan Berger's patch series
"QEMU Trusted Platform Module (TPM) integration"
and adds a new backend driver for it.
This patch adds a passthrough backend driver for passing commands sent to the
emulated TPM device directly to a TPM device opened on the host machine.
Thus it is possible to use a hardware TPM device in a system running on QEMU,
providing the ability to access a TPM in a special state (e.g. after a Trusted
Boot).
This functionality is being used in the acTvSM Trusted Virtualization Platform
which is available on [1].
Usage example:
qemu-system-x86_64 -tpmdev passthrough,id=tpm0,path=/dev/tpm0 \
-device tpm-tis,tpmdev=tpm0 \
-cdrom test.iso -boot d
Some notes about the host TPM:
The TPM needs to be enabled and activated. If that's not the case one
has to go through the BIOS/UEFI and enable and activate that TPM for TPM
commands to work as expected.
It may be necessary to boot the kernel using tpm_tis.force=1 in the boot
command line or 'modprobe tpm_tis force=1' in case of using it as a module.
Regards,
Andreas Niederl, Stefan Berger
[1] http://trustedjava.sourceforge.net/
Signed-off-by: Andreas Niederl <andreas.niederl@iaik.tugraz.at>
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Reviewed-by: Joel Schopp <jschopp@linux.vnet.ibm.com>
Message-id: 1361987275-26289-6-git-send-email-stefanb@linux.vnet.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch adds the main code of the TPM frontend driver, the TPM TIS
interface, to QEMU. The code is largely based on the previous implementation
for Xen but has been significantly extended to meet the standard's
requirements, such as the support for changing of localities and all the
functionality of the available flags.
Communication with the backend (i.e., for Xen or the libtpms-based one)
is cleanly separated through an interface which the backend driver needs
to implement.
Whenever the frontend has collected a complete packet, it will submit
a task to the backend, which then starts processing the command. Once
the result has been returned, the backend invokes a callback function
(tpm_tis_receive_cb()).
Testing the proper functioning of the different flags and localities
cannot be done from user space when running in Linux for example, since
access to the address space of the TPM TIS interface is not possible. Also
the Linux driver itself does not exercise all functionality. So, for
testing there is a fairly extensive test suite as part of the SeaBIOS patches
since from within the BIOS one can have full access to all the TPM's registers.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Reviewed-by: Joel Schopp <jschopp@linux.vnet.ibm.com>
Message-id: 1361987275-26289-3-git-send-email-stefanb@linux.vnet.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch adds support for TPM command line options.
The command line options supported here are
./qemu-... -tpmdev passthrough,path=<path to TPM device>,id=<id>
-device tpm-tis,tpmdev=<id>,id=<other id>
and
./qemu-... -tpmdev help
where the latter works similar to -soundhw help and shows a list of
available TPM backends (for example 'passthrough').
Using the type parameter, the backend is chosen, i.e., 'passthrough' for the
passthrough driver. The interpretation of the other parameters along
with determining whether enough parameters were provided is pushed into
the backend driver, which needs to implement the interface function
'create' and return a TPMDriverOpts structure if the VM can be started or
'NULL' if not enough or bad parameters were provided.
Monitor support for 'info tpm' has been added. It for example prints the
following:
(qemu) info tpm
TPM devices:
tpm0: model=tpm-tis
\ tpm0: type=passthrough,path=/dev/tpm0,cancel-path=/sys/devices/pnp0/00:09/cancel
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Reviewed-by: Joel Schopp <jschopp@linux.vnet.ibm.com>
Message-id: 1361987275-26289-2-git-send-email-stefanb@linux.vnet.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch fixes unplugging a virtio-ccw device. We no
longer need to do that in virtio-ccw since common code does now
proper handling.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Add a vmstate_lm32_cpu referencing the previous VMStateDescription as a
sub-struct and hook it up to CPUClass::vmsd. Drop cpu_{save,load}().
Acked-by: Michael Walle <michael@walle.cc>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Enable ARMCPUInfo to specify a custom class_init functions.
Introduce arm_v7m_class_init() and use it for "cortex-m3" model.
Instead of forwarding from arm_cpu_do_interrupt() to do_interrupt_v7m(),
override CPUClass::do_interrupt with arm_v7m_cpu_do_interrupt()
in arm_v7m_class_init().
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This removes a global per-target function and thus takes us one step
closer to compiling multiple targets into one executable.
It will also allow to override the interrupt handling for certain CPU
families.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Move it to qom/cpu.h to avoid issues with include order.
Change pc_acpi_smi_interrupt() opaque to X86CPU.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Move it to qom/cpu.c to avoid build failures depending on include order
of cpu-qom.h and exec/cpu-all.h.
Change opaques of various ..._irq_handler() functions to the
appropriate CPU type to facilitate using cpu_reset_interrupt().
Fix Coding Style issues while at it (missing braces, indentation).
Signed-off-by: Andreas Färber <afaerber@suse.de>
Both fields are used in VMState, thus need to be moved together.
Explicitly zero them on reset since they were located before
breakpoints.
Pass PowerPCCPU to kvmppc_handle_halt().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reindent, add missing braces and drop/adjust whitespace.
Prepares for CPUArchState-to-CPUState field movements in
cpu_cris_handle_mmu_fault(), do_interruptv10() and do_interrupt().
The remaining functions were so minor that they can be fixed in one go.
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Expose vmstate_cpu as vmstate_x86_cpu and hook it up to CPUClass::vmsd.
Adapt opaques and VMState fields to X86CPU. Drop cpu_{save,load}().
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This setter avoids redefining each VMStateDescription value to
vmstate_dummy by not referencing the value for CONFIG_USER_ONLY.
Suggested-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
In comparison to DeviceClass::vmsd, CPU VMState is split in two,
"cpu_common" and "cpu", and uses cpu_index as instance_id instead of -1.
Therefore add a CPU-specific CPUClass::vmsd field.
Unlike the legacy CPUArchState registration, rather register CPUState.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
They are never changed once initialized, and moving them to the class
will allow to inspect them before instantiating.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Store legacy name in SuperHCPUClass for -cpu ? and for case-insensitive
class lookup.
List CPUs by iterating over TYPE_SUPERH_CPU subclasses.
Signed-off-by: Andreas Färber <afaerber@suse.de>
No functional change, just less usages of first_cpu and next_cpu fields.
env is passed to cpu_memory_rw_debug(), which in turn passes it to
target-specific cpu_get_phys_page_debug(). Changing both would be a
larger refactoring, so defer that by using env_ptr for now.
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
No functional change, just a reduction of CPU loops.
The mon_cpu field is left untouched for now since changing that requires
a number of larger prerequisites, including cpu_synchronize_state() and
mon_get_cpu().
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Commit 55e5c2850 breaks CPU not found return value, and returns
CPU corresponding to the last non NULL env.
Fix it by returning CPU only if env is not NULL, otherwise CPU is
not found and function should return NULL.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Hosts hold on to handles provided by guest-file-open for periods that can
span beyond the life of the qemu-ga process that issued them. Since these
are issued starting from 0 on every restart, we run the risk of issuing
duplicate handles after restarts/reboots.
As a result, users with a stale copy of these handles may end up
reading/writing corrupted data due to their existing handles effectively
being re-assigned to an unexpected file or offset.
We unfortunately do not issue handles as strings, but as integers, so a
solution such as using UUIDs can't be implemented without introducing a
new interface.
As a workaround, we fix this by implementing a persistent key-value store
that will be used to track the value of the last handle that was issued
across restarts/reboots to avoid issuing duplicates.
The store is automatically written to the same directory we currently
set via --statedir to track fsfreeze state, and so should be applicable
for stable releases where this flag is supported.
A follow-up can use this same store for handling fsfreeze state, but
that change is cosmetic and left out for now.
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Cc: qemu-stable@nongnu.org
* fixed guest_file_handle_add() return value from uint64_t to int64_t
We currently maintain a whitelist of commands that are safe during
fsfreeze. During fsfreeze, we disable all commands that aren't part of
that whitelist.
guest-sync-delimited meets the criteria for being whitelisted, and is
also required for qemu-ga clients that rely on guest-sync-delimited for
re-syncing the channel after a timeout.
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Eric Blake <eblake@redhat.com>
In commit 7868e26e59
("qemu-ga: add initial win32 support") support was added for qemu-ga on
Windows using virtio-serial. Other channel methods (ISA serial and UNIX
domain socket) are not supported on Windows.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This patch fixes a compiler warning when cross-build:
qga/service-win32.c: In function 'printf_win_error':
qga/service-win32.c:32:5: warning: format '%d' expects argument of type 'int',
but argument 3 has type 'DWORD' [-Wformat]
Signed-off-by: Lei Li <lilei@linux.vnet.ibm.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
# By Paolo Bonzini (40) and others
# Via Juan Quintela
* quintela/migration.next: (46 commits)
page_cache: dup memory on insert
page_cache: fix memory leak
Fix cache_resize to keep old entry age
Fix page_cache leak in cache_resize
migration: inline migrate_fd_close
migration: eliminate s->migration_file
migration: move contents of migration_close to migrate_fd_cleanup
migration: move rate limiting to QEMUFile
migration: small changes around rate-limiting
migration: use qemu_ftell to compute bandwidth
migration: use QEMUFile for writing outgoing migration data
migration: use QEMUFile for migration channel lifetime
qemu-file: simplify and export qemu_ftell
qemu-file: add writable socket QEMUFile
qemu-file: check exit status when closing a pipe QEMUFile
qemu-file: fsync a writable stdio QEMUFile
migration: merge qemu_popen_cmd with qemu_popen
migration: use qemu_file_rate_limit consistently
migration: remove useless qemu_file_get_error check
migration: detect error before sleeping
...
A conflict was resolved the wrong way when merging commit 320ba5f (build:
always link device_tree.o into emulators if libfdt available, 2013-02-05).
This causes a build failure for the arm-softmmu target due to multiply
defined symbol.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1362997886-9470-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The nature of the kernel ABI for the get_robust_list and set_robust_list
syscalls means we cannot implement them in QEMU. Make get_robust_list
silently return ENOSYS rather than using the default "print message and
then fail ENOSYS" code path, in the same way we already do for
set_robust_list, and add a comment documenting why we do this.
This silences warnings which were being produced for emulating
even trivial programs like 'ls' in x86-64-on-x86-64.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Implement the accept4 syscall (which is identical to accept
but has an additional flags argument).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Implement the sendfile and sendfile64 syscalls. This implementation
passes all the LTP test cases for these syscalls.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
If the guest passes us a bogus negative length for an iovec, fail
EINVAL rather than proceeding blindly forward. This fixes some of
the error cases tests for readv and writev in the LTP.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
The linux-user usage message attempts to line up the columns in
its table by calculating the maximum width of any item in them.
However for the 'Argument' column it was only accounting for the
length of the option switch (eg "-d"), not the additional example
text (eg "item[,...]"). This currently has no adverse effects
because the widest item in the column happens to be the argumentless
"-singlestep" option, but improving the "-d" option help to read
"-d item[,...]" exceeds that limit.
Fix this by correctly calculating maxarglen as the width of the
first column text including a possible option argument, and
adjusting its uses to match.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
The page cache frees all data on finish, on resize and
if there is collision on insert. So it should be the caches
responsibility to dup the data that is stored in the cache.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Juan Quintela <quintela@redhat.com>
XBZRLE encoded migration introduced a MRU page cache
meachnism. Unfortunately, cached items where never freed in
case of a collision in the page cache on cache_insert().
This lead to out of memory conditions during XBZRLE migration
if the page cache was small and there where a lot of collisions
in the cache.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Rate limiting is now simply a byte counter; client call
qemu_file_rate_limit() manually to determine if they have to exit.
So it is possible and simple to move the functionality to QEMUFile.
This makes the remaining functionality of s->file redundant;
in the next patch we can remove it and write directly to s->migration_file.
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
This patch extracts a few small changes from the next patch, which
are unrelated to adding generic rate-limiting functionality to
QEMUFile. Make migration_set_rate_limit a simple accessor, and
use qemu_file_set_rate_limit consistently. Also fix a typo where
INT_MAX should have been SIZE_MAX.
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
As a start, use QEMUFile to store the destination and close it.
qemu_get_fd gets a file descriptor that will be used by the write
callbacks.
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Force a flush when qemu_ftell is called. This simplifies the buffer magic
(it also breaks qemu_ftell for input QEMUFiles, but we never use it).
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
There is no reason for outgoing exec migration to do popen manually
anymore (the reason used to be that we needed the FILE* to make it
non-blocking). Use qemu_popen_cmd.
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Buffering was needed because blocking writes could take a long time
and starve other threads seeking to grab the big QEMU mutex.
Now that all writes (except within _complete callbacks) are done
outside the big QEMU mutex, we do not need buffering at all.
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
This makes it possible to do blocking writes directly to the socket,
with no buffer in the middle. For RAM, only the migration_bitmap_sync()
call needs the iothread lock. For block migration, it is needed by
the block layer (including bdrv_drain_all and dirty bitmap access),
but because some code is shared between iterate and complete, all of
mig_save_device_dirty is run with the lock taken.
In the savevm case, the iterate callback runs within the big lock.
This is annoying because it complicates the rules. Luckily we do not
need to do anything about it: the RAM iterate callback does not need
the iothread lock, and block migration never runs during savevm.
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Some state is shared between the block migration code and its AIO
callbacks. Once block migration will run outside the iothread,
the block migration code and the AIO callbacks will be able to
run concurrently. Protect the critical sections with a separate
lock. Do the same for completed_sectors, which can be used from
the monitor.
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Perform final cleanup in a bottom half, and add joining the thread to
the series of cleanup actions.
migrate_fd_error remains for connection error, but it doesn't need
to cleanup anything anymore.
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Accessing s->state outside the big QEMU lock will simplify a bit the
locking/unlocking of the iothread lock.
We need to keep the lock in migrate_fd_error and migrate_fd_completed,
however, because they call migrate_fd_cleanup.
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Completion of migration is currently done with a "nested" loop that
invokes buffered_flush: migrate_fd_completed is called by
buffered_file_thread, which calls migrate_fd_cleanup, which calls
buffered_close (via qemu_fclose), which flushes the buffer.
Simplify this, by reusing the buffered_flush call of buffered_file_thread.
Then if qemu_savevm_state_complete was called, and the buffer is empty
(including the QEMUFile buffer, for which we need the previous patch), we
are done.
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Always use qemu_file_get_error to detect errors, since that is how
QEMUFile itself drops I/O after an error occurs. There is no need
to propagate and check return values all the time.
Also remove the "complete" member, since we know that it is set (via
migrate_fd_cleanup) only when the state changes.
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Remove the return value of buffered_flush, pass it via the error code
of s->file. Once this is done, the error can be retrieved simply
via migrate_fd_close's call to qemu_fclose.
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Right now, migration cannot entirely rely on QEMUFile's automatic
drop of I/O after an error, because it does its "real" I/O outside
the put_buffer callback. To fix this until buffering is gone, expose
qemu_file_set_error which we will use in buffered_flush.
Similarly, buffered_flush is not a complete flush because some data may
still reside in the QEMUFile's own buffer. This somewhat complicates the
process of closing the migration thread. Again, when buffering is gone
buffered_flush will disappear and calling qemu_fflush will not be needed;
in the meanwhile, we expose the function for use in migration.c.
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Now that the cancel callback is called consistently for all errors,
we can avoid doing its work in the other callbacks.
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
This is useful, because it lets us keep the cancellation callbacks
inside the big lock while pushing the others out.
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
The next patch will add more cases where qemu_savevm_state_cancel
needs to be called; prepare for that already, the function can be
called twice with no ill effect.
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
vm_stop_force_state does:
if (runstate_is_running()) {
vm_stop(state);
} else {
runstate_set(state);
}
migration.c does:
if (runstate_is_running()) {
vm_stop(state);
} else {
vm_stop_force_state(state);
}
The code run is the same even if we always use vm_stop_force_state in
migration.c.
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Unify the goto around the loop, with the exit condition at the end of it.
Both can be expressed as "while (ret >= 0)".
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Upstream libc has recently changed to start using
FUTEX_WAIT_BITSET instead of FUTEX_WAIT and this
is causing do_futex to return -TARGET_ENOSYS.
Pass bitset in val3 to sys_futex which will be
ignored by kernel for the FUTEX_WAIT case.
Signed-off-by: John Rigby <john.rigby@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
* origin/master: (75 commits)
tcg: Don't make exitreq flag a local temporary
Makefile: Add subdir dependency on config-devices-all.mak
make_device_config.sh: Emit dependency file to directory where included
Revert "make_device_config.sh: Fix target path in generated dependency file"
s390/virtio-ccw: remove redundant call to blockdev_mark_auto_del
s390/css: Fix subchannel detection
Allow virtio-net features for legacy s390 virtio bus
s390: virtio-ccw maintainer
s390: simplify kvm cpu init
pseries: Add compatible property to root of device tree
target-ppc: Move CPU aliases out of translate_init.c
target-ppc: Report CPU aliases for QMP
target-ppc: List alias names alongside CPU models
target-ppc: Make host CPU a subclass of the host's CPU model
PPC: xnu kernel expects FLUSH to be cleared on STOP
PPC: Fix dma interrupt
target-ppc: Fix PPC_DUMP_SPR_ACCESS build
target-ppc: Synchronize FPU state with KVM
target-ppc: Add mechanism for synchronizing SPRs with KVM
Save memory allocation in the elf loader
...
* bonzini/hw-dirs:
sh: move files referencing CPU to hw/sh4/
ppc: move more files to hw/ppc
ppc: move files referencing CPU to hw/ppc/
m68k: move files referencing CPU to hw/m68k/
i386: move files referencing CPU to hw/i386/
arm: move files referencing CPU to hw/arm/
hw: move boards and other isolated files to hw/ARCH
ppc: express FDT dependency of pSeries and e500 boards via default-configs/
build: always link device_tree.o into emulators if libfdt available
hw: include hw header files with full paths
ppc: do not use ../ in include files
vt82c686: vt82c686 is not a PCI host bridge
virtio-9p: remove PCI dependencies from hw/9pfs/
virtio-9p: use CONFIG_VIRTFS, not CONFIG_LINUX
hw: move device-hotplug.o to toplevel, compile it once
hw: move qdev-monitor.o to toplevel directory
hw: move fifo.[ch] to libqemuutil
hw: move char backends to backends/
Conflicts:
backends/baum.c
backends/msmouse.c
hw/a15mpcore.c
hw/arm/Makefile.objs
hw/arm/pic_cpu.c
hw/dataplane/event-poll.c
hw/dataplane/virtio-blk.c
include/char/baum.h
include/char/msmouse.h
qemu-char.c
vl.c
Resolve conflicts caused by header movements.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Lei Li (2) and others
# Via Stefan Hajnoczi
* stefanha/trivial-patches:
Fix the wrong description in qemu manual
pci_host: Drop write-only address_space field
rng-random: Use qemu_open / qemu_close
configure: Require at least spice-protocol-0.12.3
osdep: replace setsockopt by qemu_setsockopt
lm32: remove unused function
rtc-test: Fix test failures with recent glib
configure: Create link to icon bitmap for out-of-tree builds
# By Paolo Bonzini (4) and Peter Lieven (2)
# Via Paolo Bonzini
* bonzini/scsi-next:
scsi-disk: handle io_canceled uniformly and correctly
scsi-disk: do not complete canceled UNMAP requests
scsi: do not call scsi_read_data/scsi_write_data for a canceled request
iscsi: look for pkg-config file too
iscsi: add iscsi_truncate support
iscsi: retry read, write, flush and unmap on unit attention check conditions
The value is not actually live across basic blocks, so there's no
need for the local property. This eliminates storing the temporary
to its home location at the branch.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
What 23bf49b5ec really seemed to try to
fix is that Makefile could recurse into *-softmmu/ subdirectories before
a new *-softmmu/config-devices.mak was generated from pci.mak.
Fix this by adding a dependency on config-all-devices.mak, which in turn
has dependencies on *-softmmu/config-devices.mak.
Reported-by: Gerhard Wiesinger <lists@wiesinger.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Placing the config-devices.mak.d file alongside the config-devices.mak
file in *-softmmu/ lead to it getting included into through
*-softmmu/Makefile in addition to ./Makefile, leading to confusion.
Instead, emit it to ./%-config-devices.mak.d, where it is included.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This reverts commit 23bf49b5ec.
While *-softmmu/config-devices.mak.d is included through *.d pattern via
Makefile.target, the make_devices_config.sh call these dependencies are
for is in ./Makefile. Therefore revert to original behavior.
This should unbreak pci.mak dependencies not propagating.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* 's390-for-upstream' of git://github.com/agraf/qemu:
s390/virtio-ccw: remove redundant call to blockdev_mark_auto_del
s390/css: Fix subchannel detection
Allow virtio-net features for legacy s390 virtio bus
s390: virtio-ccw maintainer
s390: simplify kvm cpu init
* 'ppc-for-upstream' of git://github.com/agraf/qemu: (66 commits)
pseries: Add compatible property to root of device tree
target-ppc: Move CPU aliases out of translate_init.c
target-ppc: Report CPU aliases for QMP
target-ppc: List alias names alongside CPU models
target-ppc: Make host CPU a subclass of the host's CPU model
PPC: xnu kernel expects FLUSH to be cleared on STOP
PPC: Fix dma interrupt
target-ppc: Fix PPC_DUMP_SPR_ACCESS build
target-ppc: Synchronize FPU state with KVM
target-ppc: Add mechanism for synchronizing SPRs with KVM
Save memory allocation in the elf loader
pseries: Implement h_read hcall
target-ppc: Change "POWER7" CPU alias
target-ppc: Fix remaining microcontroller typos among models
target-ppc: Split model definitions out of translate_init.c
target-ppc: Update Coding Style for CPU models
target-ppc: Turn descriptive CPU model comments into device descriptions
target-ppc: Turn descriptive CPU family comments into device descriptions
target-ppc: Set remaining fields on CPU family classes
target-ppc: Register all types for TARGET_PPCEMB
...
blockdev_mark_auto_del is already called in virtio-blk-exit.
Remove the redundant call.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
We have to consider the m bit to find the real channel subsystem when
determining the last subchannel.
If we fail to take this into account, removal of a subchannel in
the middle of a big list of devices will stop device detection after
a reboot.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Enable all virtio-net features for the legacy s390 virtio bus. This also fixes
kernel BUG at /usr/src/packages/BUILD/kernel-default-3.0.58/linux-3.0/drivers/s390/kvm/kvm_virtio.c:121!
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Alexander Graf <agraf@suse.de>
Add myself as maintainer for virtio-ccw and the s390-ccw-virtio machine.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
[agraf: add myself for virtio-ccw machine]
Signed-off-by: Alexander Graf <agraf@suse.de>
There is no special code right now and the reset ioctl is done later
on in the the reset handler anyway. Lets simplify the cpu init.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently, for the pseries machine the device tree supplied by qemu to SLOF
and from there to the guest does not include a 'compatible property' at the
root level. Usually that works fine, since in this case the compatible
property doesn't really give any information not already found in the
'device_type' or 'model' properties.
However, the lack of 'compatible' confuses the bootloader install in the
SLES11 SP2 and SLES11 SP3 installers. This patch therefore adds a token
'compatible' property to work around that.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Cc: qemu-stable@nongnu.org
Signed-off-by: Alexander Graf <agraf@suse.de>
Move array of CPU aliases to cpu-models.c, alongside model definitions.
This requires to zero-terminate the aliases array since ARRAY_SIZE() can
no longer be used in translate_init.c then.
Suggested-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The QMP query-cpu-definitions implementation iterated over CPU classes
only, which were getting less and less as aliases were extracted.
Keep them in QMP as valid -cpu arguments even if not guaranteed stable.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Revert adding a separate -cpu ? output section for aliases and list them
per CPU subclass.
Requested-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This avoids assigning individual class fields and contributors
forgetting to add field assignments in KVM-only code.
ppc_cpu_class_find_by_pvr() requires the CPU model classes to be
registered, so defer host CPU type registration to kvm_arch_init().
Only register the host CPU type if there is a class with matching PVR.
This lets us drop error handling from instance_init.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
In openbios (drivers/ide.c) they are set to
0000000d 00000000 00000002 00000000
0000000e 00000000 00000003 00000000
0000000f 00000000 00000004 00000000
(The last one seems to be not implemented in qemu)
It follows convention of how they are set on real machines,
both ide and dma ones are increased
Real machine one:
http://web.archive.org/web/20090107151044/http://penguinppc.org/historical/dev-trees-html/g4_agp_500_2.html
00000013 00000001 0000000b 00000000
00000014 00000001 0000000c 00000000
00000015 00000001 0000000d 00000000
Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
A victim of the d523dd00a7 AREG0
conversion, insert the missing cpu_env arguments.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently qemu does not get and put the state of the floating point and
vector registers to KVM. This is obviously a problem for savevm, as well
as possibly being problematic for debugging of FP-using guests.
This patch fixes this by using new extensions to the ONE_REG interface to
synchronize the qemu floating point state with KVM.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently when runing under KVM on ppc, we synchronize a certain number of
vital SPRs to KVM through the SET_SREGS call. This leaves out quite a lot
of important SPRs which are maintained in KVM. It would be helpful to
have their contents in qemu for debugging purposes, and when we implement
migration it will be vital, since they include important guest state that
will need to be restored on the target.
This patch sets up for synchronization of any registers supported by the
KVM ONE_REG calls. A new variant on spr_register() allows a ONE_REG id to
be stored with the SPR information. When we set/get information to KVM
we also synchronize any SPRs so registered.
For now we set this mechanism up to synchronize a handful of important
registers that already have ONE_REG IDs, notably the DAR and DSISR.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The current elf loader uses too much memory. For example, I have a
executable with a bss section of 400 MB and I set the ram size to 512
MB. Qemu uses about 780MB of RAM (which is fine), but there's a peak at
1.6 GB during initialization (this is not fine).
This patch fixes two things:
1) do not allocate each elf program twice.
2) do not allocate memory for areas that are only zeros.
For this we need a new field in Rom: "datasize" which is the size of the
allocated data. If datasize is less than romsize, it means that the area
from datasize to romsize is filled with zeros.
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This h_call is useful for DLPAR in future amongst other things. Given an index
it fetches the corresponding PTE stored in the htab.
Signed-off-by: Erlon Cruz <erlon.cruz@br.flextronics.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Now that model definitions only reference their parent type, model
definitions are independent of the family definitions and can be
compiled independently of TCG translation.
Keep all #if defined(TODO) code local to cpu-models.c.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This gets rid of some more overly long comments that have lost most of
their purpose now that in most cases there's only two functions left per
CPU family.
The class field is inherited by the actual CPU models, so override it.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Now POWERPC_DEF_SVR() no longer sets family-specific fields itself.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Don't attempt to suppress registration of CPU types, since the criteria
is actually a property of the class and should thus become a field.
Since we can't check a field set in a class_init function before
registering the type that leads to execution of that function, guard the
-cpu class lookup instead and suppress exposing these classes in -cpu ?
and in QMP.
In case someone tries to hot-add an incompatible CPU via device_add,
error out in realize.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Instead of assigning *_<family> constants, set .parent to a family type.
Introduce a POWERPC_FAMILY() macro to keep type registration close to
its implementation. This macro will need tweaking later.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Turn the array of model definitions into a set of self-registering QOM
types with their own class_init. Unique identifiers are obtained from
the combination of PVR, SVR and family identifiers; this requires all
alias #defines to be removed from the list. Possibly there are some more
left after this commit that are not currently being compiled.
Prepares for introducing abstract intermediate CPU types for families.
Keep the right-aligned macro line breaks within 78 chars to aid
three-way merges.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
We are about to drop the redundant name field along with ppc_def_t.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Drop the #if 0'ed alternative to make it "ppc64" for TARGET_PPC64.
If we ever want to change it, we can more easily do so now.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Move definitions that were 100% identical except for the name into a
list of aliases so that we don't register duplicate CPU types.
Drop the accompanying comments since they don't really add value.
We need to support recursive lookup due to code names referencing a
generic name referencing a specific model revision.
List aliases separately for -cpu ?.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
To repurpose the POWERPC_DEF_SVR() macro outside of an array,
move the comma into the macro. No functional change.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
It is within a large TARGET_PPC64 section from 970 to 620,
so an #endif /* TARGET_PPC64 */ is confusing. Clean this up.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Commit fe828a4d4b added a new fatal error
message while QOM realize'ification was in flight.
Convert it to return an Error instead of exit()ing.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Unlike derived PVR constants mapped to CPU_POWERPC_G2LEgp3, the
"G2leGP3" model definition itself used the CPU_POWERPC_G2LEgp1 PVR.
Fixing this will allow to alias CPU_POWERPC_G2LEgp3-using types to
"G2leGP3".
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
It was defined to ..._MPC8545E_v21 rather than ..._MPC8547E_v21.
Due to both resolving to CPU_POWERPC_e500v2_v21 this did not show.
Fixing this nontheless helps with QOM'ifying CPU aliases.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently the spapr-vlan device does not supply a cleanup call for its
NetClientInfo structure. With current qemu versions, that leads to a SEGV
on exit, when net_cleanup() attempts to call the cleanup handlers on all
net clients.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Fix LP#1151450 the wrong description in qemu manual:
'qemu-system-x86_84' should be 'qemu-system-x86_64'.
Signed-off-by: Lei Li <lilei@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The address_space field of PCIHostState was only ever written, never used.
Drop it completely.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
As of 5a49d3e9 we assume SPICE_PORT_EVENT_BREAK to be defined.
However, it is defined not in 0.12.2 what we require now, but in
0.12.3. Therefore in order to prevent build failure we must
adjust our minimal requirements.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fix the compiler warning when cross build qemu-ga
for windows by using qemu_setsockopt() instead of
setsockopt().
util/osdep.c: In function 'socket_set_nodelay':
util/osdep.c:69:5: warning: passing argument 4 of 'setsockopt' from
incompatible pointer type [enabled by default]
In file included from /home/lei/qemu_b/include/sysemu/os-win32.h:30:0,
from /home/lei/qemu_b/include/qemu-common.h:46,
from util/osdep.c:48:
/usr/i686-w64-mingw32/sys-root/mingw/include/winsock2.h:990:63: note:
expected 'const char *' but argument is of type 'int *'
Signed-off-by: Lei Li <lilei@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This allows to pick up the icon when starting QEMU directly from an
out-of-tree build directory.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Always check it immediately after calling bdrv_acct_done, and
always do a "goto done" in case the "done" label has to free
some memory---as is the case for scsi_unmap_complete in the
previous patch.
This patch could fix problems that happen when a request is
split into multiple parts, and one of them is canceled. Then
the next part is fired, but the HBA's cancellation callbacks have
fired already. Whether this happens or not, depends on how the
block/ driver implements AIO cancellation. It it does a simple
bdrv_drain_all() or similar, then it will not have a problem.
If it only cancels the given AIOCB, this scenario could happen.
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Due to library conflicts, Fedora will have to put libiscsi in
/usr/lib/iscsi. Simplify configuration by using a pkg-config
file. The Fedora package will distribute one, and the patch
to add it has been sent to upstream libiscsi as well.
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
this patch adds iscsi_truncate which effectively allows for
online resizing of iscsi volumes. for this to work you have
to resize the volume on your storage and then call
block_resize command in qemu which will issue a
readcapacity16 to update the capacity.
v4:
- factor out complete readcapacity logic into a separate function
- handle capacity change check condition in readcapacity function
(this happens if the block_resize cmd is the first iscsi task
executed after a resize on the storage)
v3:
- remove switch statement in iscsi_open
- create separate patch for brdv_drain_all() in bdrv_truncate()
v2:
- add a general bdrv_drain_all() before bdrv_truncate() to avoid
in-flight AIOs while the device is truncated
- since no AIOs are in flight we can use a sync libiscsi call
to re-read the capacity
- factor out the readcapacity16 logic as it is redundant
to iscsi_open() and iscsi_truncate().
Signed-off-by: Peter Lieven <pl@kamp.de>
[allow any type of unit attention check condition in iscsi_readcapacity_sync(),
as in Message-ID: <51263A2A.6070304@dlhnet.de> - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
the storage might return a check condition status for various reasons.
(e.g. bus reset, capacity change, thin-provisioning info etc.)
currently all these informative status responses lead to an I/O error
which is populated to the guest. this patch introduces a retry mechanism
to avoid this.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* 'target-arm.next' of git://git.linaro.org/people/pmaydell/qemu-arm:
MAINTAINERS: add entry for ARM KVM guest cores
configure: Enable KVM on ARM
hw/kvm/arm_gic: Implement support for KVM in-kernel ARM GIC
target-arm: Use MemoryListener to identify GIC base address for KVM
hw/arm_gic: Convert ARM GIC classes to use init/realize
hw/arm_gic: Add presave/postload hooks
ARM KVM: save and load VFP registers from kernel
ARM: KVM: Add support for KVM on ARM architecture
target-arm: Drop CPUARMState* argument from bank_number()
linux-headers: resync from mainline to add ARM KVM headers
oslib-posix: Align to permit transparent hugepages on ARM Linux
target-arm: Don't decode RFE or SRS on M profile cores
target-arm: Factor out handling of SRS instruction
N32 is a 64-bit cpu with a 32-bit address space. We have
existing cpp defines for this situation, but weren't using them.
This does mean that the linux-user/mipsn32 directory must be
merged with the linux-user/mips64 directory, and differences
must be resolved via ifdefs.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Deleting these first makes the next patch much easier to read.
This doesn't cause any sort of compilation failure because we
have not yet enabled n32/n64 compilation. This is dead code.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Enable KVM on ARM hosts, now that all the necessary components
for it exist.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Implement support for using the KVM in-kernel GIC for ARM.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
When using an in-kernel GIC with KVM, we need to tell the kernel where
the GIC's memory mapped registers live. Do this by registering a
MemoryListener which tracks where the board model maps the A15's
private peripherals, so we can finish the GIC initialisation
when the GIC is actually mapped.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Convert the ARM GIC classes to use init/realize rather than
SysBusDevice::init. (We have to do them all in one patch to
avoid unconverted subclasses calling a nonexistent SysBusDevice
init function in the base class and crashing.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Add presave/postload hooks to the ARM GIC common base class.
These will be used by the KVM in-kernel GIC subclass to sync
state between kernel and userspace when migrating.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Add support for saving and restoring VFP register state from the
kernel. This includes a check that the KVM-created CPU has full
VFP support (as the TCG Cortex-A15 model always does), since for
the moment ARM QEMU doesn't have any way to tweak optional features
on created CPUs.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Add basic support for KVM on ARM architecture.
Signed-off-by: Christoffer Dall <cdall@cs.columbia.edu>
[PMM: Minor tweaks and code cleanup, switch to ONE_REG]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Drop the CPUARMState* argument from bank_number(), since we only
use it for passing to cpu_abort(). Use hw_error() instead.
This avoids propagating further interfaces using env pointers.
In the long term this function's callers need auditing to fix
problems where badly behaved guests can pass invalid bank numbers.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Resync QEMU's copy of the Linux kernel headers from
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit 2ef14f4. This adds the ARM KVM headers, since ARM KVM
support has just hit mainline via Russell's ARM tree.
This is not a pure sync -- I have removed by hand some changes
that would have reverted updates for s390x and ppc which have not
yet hit mainline.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
ARM Linux (like x86-64 Linux) can use transparent hugepages for
KVM if memory blocks are 2MiB aligned; set QEMU_VMALLOC_ALIGN
accordingly.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
M profile cores do not have the RFE or SRS instructions, so
correctly UNDEF these insn patterns on those cores.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Factor out the handling of the SRS instruction rather than
duplicating it between the Thumb and ARM decoders. This in
passing fixes two bugs in the Thumb decoder's SRS handling
which didn't exist in the ARM decoder:
* (LP:1079080) storing CPSR rather than SPSR (fixed in the
ARM decoder in commit c67b6b71 in 2009)
* failing to free the 'addr' TCG temp in the writeback case
Reported-by: Cesson Vincent <vcesson@stmi.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add accumulator arguments to gen_HILO and gen_muldiv, rather than
extracting the accumulator directly from ctx->opcode. The extraction
was only right for the standard encoding: MIPS16 doesn't have access
to the DSP registers, while microMIPS encodes the accumulator register
in a different field (bits 14 and 15).
Passing the accumulator register is probably an over-generalisation
for division and 64-bit multiplication, which never access anything
other than HI and LO, and which always pass 0 as the new argument.
Separating them felt a bit fussy though.
Signed-off-by: Richard Sandiford <rdsandiford@googlemail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
GCC and GAS are capable of generating traps or breaks to check for
division by zero. Additionally, GAS is capable of generating traps
or breaks to check for overflow on certain division and multiplication
operations. The Linux kernel translates these traps and breaks into
signals. This patch implements the corresponding feature in QEMU.
Signed-off-by: Meador Inge <meadori@codesourcery.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The previous implementation incorrectly used same macro to detect overflow
for addition and subtraction. This patch makes distinction between these
two, and creates separate macros. The affected routines are changed
accordingly.
This change also includes additions to the existing tests for SUBQ_S_PH and
SUBQ_S_W that would trigger the fixed issue, and it removes dead code from
the test file. The last test case in subq_s_w.c is a bug found/reported/
isolated by Klaus Peichl from Dolby.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
# By MORITA Kazutaka (5) and others
# Via Stefan Hajnoczi
* stefanha/block:
block: for HMP commit() operations on 'all', skip non-COW drives
sheepdog: add support for connecting to unix domain socket
sheepdog: use inet_connect to simplify connect code
sheepdog: accept URIs
move socket_set_nodelay to osdep.c
slirp/tcp_subr.c: fix coding style in tcp_connect
dataplane: remove EventPoll in favor of AioContext
virtio-blk: fix unplug + virsh reboot
ide/macio: Fix macio DMA initialisation.
virtio,vhost,pci,e1000
Mostly bugfixes, but also some ICH work by Laszlo.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 28 Feb 2013 07:13:56 AM CST using RSA key ID D28D5469
# gpg: Can't check signature: public key not found
# By Michael S. Tsirkin (2) and others
# Via Michael S. Tsirkin
* mst/tags/for_anthony:
Set virtio-serial device to have a default of 2 MSI vectors.
ICH9 LPC: Reset Control Register, basic implementation
Fix guest OS hang when 64bit PCI bar present
e1000: unbreak the guest network migration to 1.3
vhost: memory sync fixes
# By Jason Wang (2) and others
# Via Stefan Hajnoczi
* stefanha/net:
qmp: netdev_add is like -netdev, not -net, fix documentation
doc: document -netdev hubport
net: reduce the unnecessary memory allocation of multiqueue
tap: set IFF_ONE_QUEUE per default
tap: forbid creating multiqueue tap when hub is used
net: fix unbounded NetQueue
net: fix qemu_flush_queued_packets() in presence of a hub
During a commit of 'all' using the HMP non-live commit, the operation
is aborted and returns error on the first error enountered. When
non-COW drives are in use (e.g. ejected floppy, cdrom, or drives without
a backing parent), that means a commit all will return an error of either
-ENOMEDIUM or -ENOTSUP. This is not desirable, so for the 'all' commit
case, only attempt the commit if both bs->drv and bs->backing_hd are
present.
More succinctly: 'commit all' now means a commit on all COW drives.
This means an individual commit to a specific non-COW drive will still
return the appropriate error (-ENOMEDIUM if eject / not present, -ENOTSUP
if no backing file).
Reported-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This patch adds support for a unix domain socket for a connection
between qemu and local sheepdog server. You can use the unix domain
socket with the following syntax:
$ qemu sheepdog+unix:///<vdiname>?socket=<socket path>[#snapid]
Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This uses the form "<host>:<port>" for the representation of the
sheepdog server to use inet_connect.
Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The URI syntax is consistent with the NBD and Gluster syntax. The
syntax is
sheepdog[+tcp]://[host:port]/vdiname[#snapid|#tag]
Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
During the review of the dataplane code, the EventPoll API morphed itself
(not concidentially) into something very very similar to an AioContext.
Thus, it is trivial to convert virtio-blk-dataplane to use AioContext,
and a first baby step towards letting dataplane talk directly to the
QEMU block layer.
The only interesting note is the value-copy of EventNotifiers. At least
in my opinion this is part of the EventNotifier API and is even portable
to Windows. Of course, in this case you should not close the notifier's
underlying file descriptors or handle with event_notifier_cleanup.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
virtio-blk registers a vmstate change handler. Unfortunately this
handler is not unregistered on unplug, leading to some random
crashes if the system is restarted, e.g. via virsh reboot.
Lets unregister the vmstate change handler if the device is removed.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The gen_icount_start/end functions are now somewhat misnamed since they
are useful for generic "start/end of TB" code, used for more than just
icount. Rename them to gen_tb_start/end.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The (unsafe) function cpu_unlink_tb() is now unused, so we can simply
remove it and any code that was only used by it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Fix some of the nasty TCG race conditions and crashes by implementing
cpu_exit() as setting a flag which is checked at the start of each TB.
This avoids crashes if a thread or signal handler calls cpu_exit()
while the execution thread is itself modifying the TB graph (which
may happen in system emulation mode as well as in linux-user mode
with a multithreaded guest binary).
This fixes the crashes seen in LP:668799; however there are another
class of crashes described in LP:1098729 which stem from the fact
that in linux-user with a multithreaded guest all threads will
use and modify the same global TCG date structures (including the
generated code buffer) without any kind of locking. This means that
multithreaded guest binaries are still in the "unsupported"
category.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
If tcg_qemu_tb_exec() returns a value whose low bits don't indicate a
link to an indexed next TB, this means that the TB execution never
started (eg because the instruction counter hit zero). In this case the
guest PC has to be reset to the address of the start of the TB.
Refactor the cpu-exec code to make all tcg_qemu_tb_exec() calls pass
through a wrapper function which does this restoration if necessary.
Note that the apparent change in cpu_exec_nocache() from calling
cpu_pc_from_tb() with the old TB to calling it with the TB returned by
do_tcg_qemu_tb_exec() is safe, because in the nocache case we can
guarantee that the TB we try to execute is not linked to any others,
so the only possible returned TB is the one we started at. That is,
we should arguably previously have included in cpu_exec_nocache() an
assert(next_tb & ~TB_EXIT_MASK) == tb), since the API requires restore
from next_tb but we were using tb.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Introduce ENV_OFFSET macros which can be used in non-target-specific
code that needs to generate TCG instructions which reference CPUState
fields given the cpu_env register that TCG targets set up with a
pointer to the CPUArchState struct.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Document tcg_qemu_tb_exec(). In particular, its return value is a
combination of a pointer to the next translation block and some
extra information in the low two bits. Provide some #defines for
the values passed in these bits to improve code clarity.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Done with this script:
cd hw
for i in `find . -name '*.h' | sed 's/^..//'`; do
echo '\,^#.*include.*["<]'$i'[">], s,'$i',hw/&,'
done | sed -i -f - `find . -type f`
This is so that paths remain valid as files are moved.
Instead, files in hw/dataplane are referenced with the relative path.
We know they are not going to move to include/, and they are the only
include files that are in subdirectories _and_ move.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The situation with device-hotplug.c is similar to qdev-monitor.c.
Add a stub for pci_drive_hot_add, so that it can be compiled once,
and move it out of hw/.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
qdev-monitor.c is the only "core qdev" file that is not used in
user-mode emulation, and it does not define anything that is used
by hardware models. Remove it from the hw/ directory and
remove hw/qdev-monitor.h from hw/qdev.h too; this requires
some files to have some new explicitly includes.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Currently, M25P80 uses an object property to differentiate between flash parts.
Changed this over to use QOM sub-classes - the actual names of the different parts
are used to create a set of dynamic classes which passes the part info as class
data. The object no longer needs to search the known_devices table for itself,
instead it just gets its info from its own class.
Kept the intermediate class definition private to m25p80.c for the moment, as
the expectation is parts will only be added as new entries in the table. We can
factor out the TYPE_M25P80 abstraction into a header on a demand basis.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: e24e156d-ff96-4901-997a-e31178b08bee@VA3EHSMHS021.ehs.local
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Split the SCU in a9mpcore out into its own object definition. mpcore is now
just a container for the mpcore components.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
In QEMU emulation, there is no functional difference between the ARM mpcore
private timers and watchdogs. Removed all the distinction between the two from
arm_mptimer.c and converted it to be just the mptimer. a9mpcore and arm11mpcore
just instantiate the same mptimer object twice to get both timer and WDT.
If in the future we want to make the WDT functionally different then we can use
either QOM hierarchy to derive WDT from from mptimer, or we can add a property
"is-wdt" or some such.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The code for handling the default "unknown command state" case in
pflash_read in pflash_cfi01.c comments "reset state & treat it as
a read". However the code doesn't actually do this. Moving the
default case to the top of the switch so it can fall through into
the read case brings this file into line with pflash_cfi02 and
makes the code behave as the comments suggest.
The pflash_cfi01 code has always had this bug -- it was presumably
introduced when the original author copied the cfi02 code and
rearranged the order of the switch statement without noticing
that the default case relied on the fall-through.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Tested-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1358777318-7579-3-git-send-email-peter.maydell@linaro.org
The proper mapping between 24 hours and 12 hours modes is:
0 12 AM
1-11 1-11 AM
12 12 PM
13-23 1-11 PM
Fix code accordingly.
Signed-off-by: Antoine Mathys <barsamin@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Williamson (3):
seabios q35: Enable all PIRQn IRQs at startup
seabios q35: Add new PCI slot to irq routing function
seabios: Add a dummy PCI slot to irq mapping function
Avik Sil (1):
USB-EHCI: Fix null pointer assignment
Kevin O'Connor (4):
Update tools/acpi_extract.py to handle iasl 20130117 release.
Fix Makefile - don't reference "out/" directly, instead use "$(OUT)".
build: Don't require $(OUT) to be a sub-directory of the main
directory.
Verify CC is valid during build tests.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
These correspond very closely to the insns that we're emulating.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The virtio-serial device is expected to use 2 MSI vectors, one for
control queue and a second shared for all queues.
Signed-off-by: Gal Hammer <ghammer@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This commit does the same for the ICH9 LPC as commit 1ec4ba74 for the
PIIX3. For the present we're ignoring the Full Reset (FULL_RST) and System
Reset (SYS_RST) bits; the guest can read them back but that's it.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This patch addresses the issue fully described here:
http://lists.nongnu.org/archive/html/qemu-devel/2013-02/msg01804.html
Linux kernels prior to 2.6.36 do not disable the PCI device during
enumeration process. Since lower and higher parts of a 64bit BAR
are programmed separately this leads to qemu receiving a request to occupy
a completely wrong address region for a short period of time.
We have found that the boot process screws up completely if kvm-apic range
is overlapped even for a short period of time (it is fine for other
regions though).
This patch raises the priority of the kvm-apic memory region, so it is
never pushed out by PCI devices. The patch is quite safe as it does not
touch memory manager.
Signed-off-by: Alexey Korolev <akorolex@gmail.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
QEMU 1.3 does not emulate the link auto negotiation, so if migrate to a
1.3 machine during link auto negotiation, the guest link will be set to down.
Fix this by just disabling auto negotiation for 1.3 and older.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Edivaldo reports a problem that the array of NetClientState in NICState is too
large - MAX_QUEUE_NUM(1024) which will wastes memory even if multiqueue is not
used.
Instead of static arrays, solving this issue by allocating the queues on demand
for both the NetClientState array in NICState and VirtIONetQueue array in
VirtIONet.
Tested by myself, with single virtio-net-pci device. The memory allocation is
almost the same as when multiqueue is not merged.
Cc: Edivaldo de Araujo Pereira <edivaldoapereira@yahoo.com.br>
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
historically the kernel queues packets two times. once
at the device and second in qdisc. this is believed to cause
interface stalls if one of these queues overruns.
setting IFF_ONE_QUEUE is the default in kernels >= 3.8. the
flag is ignored since then. see kernel commit
5d097109257c03a71845729f8db6b5770c4bbedc
Signed-off-by: Peter Lieven <pl@kamp.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Obviously, hub does not support multiqueue tap. So this patch forbids creating
multiple queue tap when hub is used to prevent the crash when command line such
as "-net tap,queues=2" is used.
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
In the current implementation of qemu, running without a network
backend will cause the queue to grow unbounded when the guest is
transmitting traffic.
This patch fixes the problem by implementing bounded size NetQueue,
used with an arbitrary limit of 10000 packets, and dropping packets
when the queue is full _and_ the sender does not pass a callback.
The second condition makes sure that we never drop packets that
contains a callback (which would be tricky, because the producer
expects the callback to be run when all previous packets have been
consumed; so we cannot run it when the packet is dropped).
If documentation is correct, producers that submit a callback should
stop sending when their packet is queued, so there is no real risk
that the queue exceeds the max size by large values.
Signed-off-by: Luigi Rizzo <rizzo@iet.unipi.it>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
When frontend and backend are connected through a hub as below
(showing only one direction), and the frontend (or in general, all
output ports of the hub) cannot accept more traffic, the backend
queues packets in queue-A.
When the frontend (or in general, one output port) becomes ready again,
quemu tries to flush packets from queue-B, which is unfortunately empty.
e1000.0 <--[queue B]-- hub0port0(hub)hub0port1 <--[queue A]-- tap.0
To fix this i propose to introduce a new function net_hub_flush()
which is called when trying to flush a queue connected to a hub.
Signed-off-by: Luigi Rizzo <rizzo@iet.unipi.it>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This fixes two bugs related to memory sync during
migration:
- ram address calculation was missing the chunk
address, so the wrong page was dirtied
- one after last was used instead of the
end address of a region, which might overflow to 0
and cause us to skip the region when the region ends at
~0x0ull.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Jason Wang <jasowang@redhat.com>
Older glib doesn't implement g_poll(). Most notably the glib version in use
on SLE11 is on 2.18 which is hit by this.
We do want to use g_poll() in the source however. So on older systems, just
wrap it with functions that do exist on older versions.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Message-id: 1361835970-2889-1-git-send-email-agraf@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Switch the default for qemu_log logging output from "/tmp/qemu.log"
to stderr. This is an incompatible change in some sense, but logging
is mostly used for debugging purposes so it shouldn't affect production
use. The previous behaviour can be obtained by adding "-D /tmp/qemu.log"
to the command line.
This change requires us to:
* update all the documentation/help text (we take the opportunity
to smooth out minor inconsistencies between the phrasing in
linux-user/bsd-user/system help messages)
* make linux-user and bsd-user defer to qemu-log for the default
logging destination rather than overriding it themselves
* ensure that all logfile closing is done via qemu_log_close()
and that that function doesn't close stderr
as well as the obvious change to the behaviour of do_qemu_set_log()
when no logfile name has been specified.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1361901160-28729-1-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Add a arg to configure to switch from GTK2 (default) to
GTK3 (optional) build for QEMU.
./configure --with-gtkabi=3.0
will choose GTK3, while
./configure --with-gtkabi=2.0
will choose GTK2 (and remains the current default)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1361805646-6425-12-git-send-email-berrange@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
In GTK3 the 'expose-event' signal has been replaced by a new
'draw' signal. The only difference is that the latter will
pre-create the cairo drawing context & set the clip mask.
Since the drawing code is already structured in a nice way,
we can just wire up the 'gd_draw_event' method to the 'draw'
signal in GTK3
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1361805646-6425-10-git-send-email-berrange@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The gtk_menu_append method has long been deprecated in favour
of the gtk_menu_shell_append method. The former is now entirely
gone in GTK3, so switch all code to the latter which works on
both GTK2 and GTK3
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1361805646-6425-7-git-send-email-berrange@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The GtkVBox class is deprecated, in favour of just using the
GtkBox class directly. Eventually even GtkBox will be
deprecated in favour of GtkGrid, but that is a bigger fix
which can wait.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1361805646-6425-6-git-send-email-berrange@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The gdk_drawable_get_screen and gdk_drawable_get_display
methods don't exist in GDK3. Fortunately, even on GTK2
they are not required - we can call the equivalent
gtk_widget_get_screen/gtk_widget_get_display methods
which have existed since GTK 2.2
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1361805646-6425-3-git-send-email-berrange@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Merge of the gtk ui brought a initialitation order issue for spice:
The using_spice variable isn't set yet when checked, leading to the
default UI being activated (additionally to spice remote access).
Let's set display_remote when we find a -spice switch on the command
line, like we do for vnc.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1361804550-15858-1-git-send-email-kraxel@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Paolo Bonzini (7) and others
# Via Kevin Wolf
* kwolf/for-anthony: (22 commits)
pc: add compatibility machine types for 1.4
blockdev: enable discard by default
qemu-nbd: add --discard option
blockdev: add discard suboption to -drive
block: implement BDRV_O_UNMAP
block: complete all IOs before .bdrv_truncate
coroutine: trim down nesting level in perf_nesting test
coroutine: move pooling to common code
qemu-iotests: Test qcow2 image creation options
qemu-iotests: Add qemu-img compare test
qemu-img: Add compare subcommand
qemu-img: Add "Quiet mode" option
block: Add synchronous wrapper for bdrv_co_is_allocated_above
block: refuse negative iops and bps values
block: use Error in do_check_io_limits()
qcow2: support compressed clusters in BlockFragInfo
qemu-img: add compressed clusters to BlockFragInfo
qemu-img: fix missing space in qemu-img check output
qcow2: record fragmentation statistics during check
qcow2: introduce check_refcounts_l1/l2() flags
...
# By Juan Quintela
# Via Juan Quintela
* quintela/stats.next:
migration: calculate expected_downtime
migration: don't account sleep time for calculating bandwidth
migration: calculate end time after we have sent the data
migration: change initial value of expected_downtime
Otherwise we may start processing sockets in slirp_pollfds_poll that
were created past slirp_pollfds_fill.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
While ~T0+T1+CF = T1-T0+CF-1 is true for the low 32-bits,
it does not produce the correct carry-out to bit 33. Do
exactly what the manual says.
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
While T0+~T1+CF = T0-T1+CF-1 is true for the low 32-bits,
it does not produce the correct carry-out to bit 33. Do
exactly what the manual says.
Using the ~T1 makes the add and subtract code paths nearly
identical, so have sbc_CC use adc_CC.
Cc: Peter Maydell <peter.maydell@linaro.org>
Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
commits 49b4c31efc and
2de68a4900 reworked the implementation of adc_CC
and sub_CC. The new implementations (on the TCG_TARGET_HAS_add2_i32 code path)
are incorrect. The new logic is:
CF:NF = 0:A +/- 0:CF
CF:NF = CF:A +/- 0:B
The lower 32 bits of the intermediate result stored in NF needs to be passes
into the second addition in place of A (s/CF:A/CF:NF):
CF:NF = 0:A +/- 0:CF
CF:NF = CF:NF +/- 0:B
This patch fixes the issue.
Cc: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Correct sign-propagation before multiplication in MULQ_W helper.
The change also fixes previously incorrect expected values in the
tests for MULQ_RS.W and MULQ_S.W.
Signed-off-by: Petar Jovanovic <petarj@mips.com>
Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The change corrects sign-related issue with MULQ_S.PH. It also includes
extension to the already existing test which will trigger the issue.
Signed-off-by: Petar Jovanovic <petarj@mips.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Which means that callers need not copy data into local tmps.
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
In preparation for more efficient setting of these fields.
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
We're going to have use for this shortly in implementing other helpers.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The setjmp() function doesn't specify whether signal masks are saved and
restored; on Linux they are not, but on BSD (including MacOSX) they are.
We want to have consistent behaviour across platforms, so we should
always use "don't save/restore signal mask" (this is also generally
going to be faster). This also works around a bug in MacOSX where the
signal-restoration on longjmp() affects the signal mask for a completely
different thread, not just the mask for the thread which did the longjmp.
The most visible effect of this was that ctrl-C was ignored on MacOSX
because the CPU thread did a longjmp which resulted in its signal mask
being applied to every thread, so that all threads had SIGINT and SIGTERM
blocked.
The POSIX-sanctioned portable way to do a jump without affecting signal
masks is to siglongjmp() to a sigjmp_buf which was created by calling
sigsetjmp() with a zero savemask parameter, so change all uses of
setjmp()/longjmp() accordingly. [Technically POSIX allows sigsetjmp(buf, 0)
to save the signal mask; however the following siglongjmp() must not
restore the signal mask, so the pair can be effectively considered as
"sigjmp/longjmp which don't touch the mask".]
For Windows we provide a trivial sigsetjmp/siglongjmp in terms of
setjmp/longjmp -- this is OK because no user will ever pass a non-zero
savemask.
The setjmp() uses in tests/tcg/test-i386.c and tests/tcg/linux-test.c
are left untouched because these are self-contained singlethreaded
test programs intended to be run under QEMU's Linux emulation, so they
have neither the portability nor the multithreading issues to deal with.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Tested-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch adds SPARC ASI mappings that are used by the LEON processor.It also
corrects the MMU context register and context table pointer mask of the LEON3.
Signed-off-by: Ronald Hecht <ronald.hecht@gmx.de>
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Add explicit braces round an empty for-loop body; this fits
QEMU style and is easier to read than an inconspicuous semicolon
at the end of the line. It also silences a clang warning:
disas/i386.c:4723:49: warning: for loop has empty body [-Wempty-body]
for (i = 0; tmp[i] == '0' && tmp[i + 1]; i++);
^
disas/i386.c:4723:49: note: put the semicolon on a separate line to silence this warning [-Wempty-body]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Remove the function qemu_log_try_set_file() and its users (which
are all in TCG code generation functions for various targets).
This function was added to abstract out code which was originally
written as "if (!logfile) logfile = stderr;" in order that BUG:
case code which did an unguarded "fprintf(logfile, ...)" would
not crash if debug logging was not enabled. Since those direct
uses of logfile have also been abstracted away into qemu_log()
calls which check for a NULL logfile, there is no need for the
target-* files to mess with the user's chosen logging settings.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael Walle <michael@walle.cc>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This fixes the following compilation error:
hw/usb/hcd-xhci.c:1156:17: error: format ‘%llx’ expects argument of type
‘long long unsigned int’, but argument 4 has type ‘unsigned int’
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This adds basic guest control commands to the "Machine" menu - a nice
added-value for the GTK UI.
We use "pause" as the term for stopping the machine here. So reword also
the related caption tag.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This reduces the required translations and gives a nicer menu
with an icon.
The full screen menu item is no longer a check menu item.
A checked item is not visible in full screen mode,
so it is not needed for this special menu item.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1361561614-11180-1-git-send-email-sw@weilnetz.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This is needed for current Debian stable (Squeeze).
VTE versions before 0.26 did not support VtePty.
Lower the version requirement and use alternate code which works for Debian.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Message-id: 1361560199-28906-1-git-send-email-sw@weilnetz.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
One part of this patch reverts commit 22bc9a46, which disabled the
warning. The rest of it deals with the warning by adding a #pragma for
newer gcc and by disabling -Werror for compilers that can't deal with
the #pragma.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-id: 1361563731-13307-1-git-send-email-kwolf@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Because discard is now a host parameter, we can always fake it as enabled
in the guest. This is an extension of the current choice to ignore
"not supported" errors from the host when discard_granularity is set
to nonzero.
The default granularity is set to the logical block size or 4k, whichever
is largest, because cluster sizes below 4k are rarely used and 4K is a
typical block size for files.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Similar to --cache and --aio, this option mimics the discard suboption
of "-drive".
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Add support for BDRV_O_UNMAP from the QEMU command-line.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
It is better to present homogeneous hardware independent of the storage
technology that is chosen on the host, hence we make discard a host
parameter; the user can choose whether to pass it down to the image
format and protocol, or to ignore it.
Using DISCARD with filesystems can cause very severe fragmentation, so it
is left default-off for now. This can change later when we implement the
"anchor" operation for efficient management of preallocated files.
There is still one choice to make: whether DISCARD has an effect on the
dirty bitmap or not. I chose yes, though there is a disadvantage: if
the guest is buggy and issues discards for data that is in use, there
will be no way to migrate storage for that guest without downgrading
the machine type to an older one.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
20000 nested coroutines require 20 GB of virtual address space.
Only nest 1000 of them so that the test (only enabled with
"-m perf" on the command line) runs on 32-bit machines too.
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The coroutine pool code is duplicated between the ucontext and
sigaltstack backends, and absent from the win32 backend. But the
code can be shared easily by moving it to qemu-coroutine.c.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Just create lots of images and try out each of the creation options that
qcow2 provides (except backing_file/fmt for now)
I'm not totally happy with the behaviour of qemu-img in each of the
cases, but let's be explicit and update the test when we do change
things later.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Simple test for qemu-img compare to check it's working correctly.
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This patch adds new qemu-img subcommand that compares content of two disk
images.
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
There can be a need to turn output to stdout off. This patch adds a -q option
that enable "Quiet mode". In Quiet mode, only errors are printed out.
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
There's no synchronous wrapper for bdrv_co_is_allocated_above function
so it's not possible to check for sector allocation in an image with
a backing file.
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Negative I/O throttling iops and bps values do not make sense so reject
them with an error message.
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The do_check_io_limits() function returns false when I/O limits are
invalid but it doesn't set an Error to indicate why. The two
do_check_io_limits() callers duplicate error reporting. Solve this by
passing an Error pointer into do_check_io_limits().
Note that the two callers report slightly different errors: drive_init()
prints a custom error message while qmp_block_set_io_throttle() does
error_set(errp, QERR_INVALID_PARAMETER_COMBINATION).
QERR_INVALID_PARAMETER_COMBINATION is a generic error, see
include/qapi/qmp/qerror.h:
#define QERR_INVALID_PARAMETER_COMBINATION \
ERROR_CLASS_GENERIC_ERROR, "Invalid parameter combination"
Since it is generic we are not obliged to keep this error. Switch to
the custom error message which contains more information.
This patch prepares for adding additional checks with their own error
messages to do_check_io_limits(). The next patch adds a new check.
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Show how many clusters are compressed. This can be used to monitor how
many compressed clusters remain and whether to recompress the image.
Suggested-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The qemu-img check fragmentation printf() is missing a space before the
'=' sign. The human output is not guaranteed to be stable and we are
not aware of screen scrapers, so add the missing space.
Also fix the missing indentation of the printf() arguments.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The qemu-img check command can display fragmentation statistics:
* Total number of clusters in virtual disk
* Number of allocated clusters
* Number of fragmented clusters
This patch adds fragmentation statistics support to qcow2.
Compressed and normal clusters count as allocated. Zero clusters are
not counted as allocated unless their L2 entry has a non-zero offset
(e.g. preallocation).
Only the current L1 table counts towards the statistics - snapshots are
ignored.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The check_refcounts_l1/l2() functions have a check_copied argument to
check that the QCOW_O_COPIED flag is consistent with refcount == 1.
This should be a bool, not an int.
However, the next patch introduces qcow2 fragmentation statistics and
also needs to pass an option to check_refcounts_l1/l2(). This is a good
opportunity to use an int flags field.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This option --output=[human|json] makes qemu-img check output a human
or JSON representation at the choice of the user.
Signed-off-by: Federico Simoncelli <fsimonce@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This patch adds the support for reporting the image end offset (in
bytes). This is particularly useful after a conversion (or a rebase)
where the destination is a block device in order to find the first
unused byte at the end of the image.
Signed-off-by: Federico Simoncelli <fsimonce@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This gives us the bare amount of features we need. We can add work arounds
for older versions and lower the requirement but this should be a good
starting point.
Suggested-by: Daniel Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---
v1 -> v2
- tremendous simplification suggested by danpb
Commit 8550a02d12 added a streams
parameter to usb_wakeup and didn't update redirect.c. Fix it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
We removed the calculation in commit e4ed1541ac
Now we add it back. We need to create dirty_bytes_rate because we
can't include cpu-all.h from migration.c, and there is no other way to
include TARGET_PAGE_SIZE.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
While we are sleeping we are not sending, so we should not use that
time to estimate our bandwidth.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
0 is a very bad initial value, what we are trying to get is
max_downtime, so that is a much better estimation.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
If you're full screen, you probably expect Ctrl-Q to go to the guest,
not the host. I think restricting certain menus is the right way to
handle this generally speaking.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1361367806-4599-10-git-send-email-aliguori@us.ibm.com
A user can still enable SDL with '-sdl' or '-display sdl' but start making the
default display GTK by default.
I'd also like to deprecate the SDL display and remove it in a few releases.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1361367806-4599-9-git-send-email-aliguori@us.ibm.com
Basic menu items to enter full screen mode and zoom in/out. Unlike SDL, we
don't allow arbitrary scaling based on window resizing. The current behavior
with SDL causes a lot of problems for me.
Sometimes I accidentally resize the window a tiny bit while trying to move it
(Ubuntu's 1-pixel window decorations don't help here). After that, scaling is
now active and if the screen changes size again, badness ensues since the
aspect ratio is skewed.
Allowing zooming by 25% in and out should cover most use cases. We can add a
more flexible scaling later but for now, I think this is a more friendly
behavior.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1361367806-4599-7-git-send-email-aliguori@us.ibm.com
There is a small deviation from SDL's behavior here. Instead of Ctrl+Alt
triggering grab, we now use Ctrl-Alt-g to trigger grab.
GTK will not accept Ctrl+Alt as an accelerator since it just consists of
modifiers. Having grab as a proper accelerator is important as it allows a user
to override the accelerator for accessibility purposes.
We also are not automatically grabbing on left-click. Besides the inability to
tie mouse clicks to an accelerator, I think this behavior is hard to discover
and since it only happens depending on the guest state, it can lead to confusing
behavior.
This can be changed in the future if there's a strong resistence to dropping
left-click-to-grab, but I think we're better off dropping it.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1361367806-4599-6-git-send-email-aliguori@us.ibm.com
This enables VteTerminal to be used to render the text consoles. VteTerminal is
the same widget used by gnome-terminal which means it's VT100 emulation is as
good as they come.
It's also screen reader accessible, supports copy/paste, proper scrolling and
most of the other features you would expect from a terminal widget.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1361367806-4599-5-git-send-email-aliguori@us.ibm.com
This is minimalistic and just contains the basic widget infrastructure. The GUI
consists of a menu and a GtkNotebook. To start with, the notebook has its tabs
hidden which provides a UI that looks very similar to SDL with the exception of
the menu bar.
The menu bar allows a user to toggle the visibility of the tabs. Cairo is used
for rendering.
I used gtk-vnc as a reference. gtk-vnc solves the same basic problems as QEMU
since it was originally written as a remote display for QEMU. So for the most
part, the approach to rendering and keyboard handling should be pretty solid for
GTK.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1361367806-4599-4-git-send-email-aliguori@us.ibm.com
GTK won't build with strict-prototypes due to gtkitemfactory.h:
/* We use () here to mean unspecified arguments. This is deprecated
* as of C99, but we can't change it without breaking compatibility.
* (Note that if we are included from a C++ program () will mean
* (void) so an explicit cast will be needed.)
*/
typedef void (*GtkItemFactoryCallback) ();
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1361367806-4599-2-git-send-email-aliguori@us.ibm.com
num_interfaces only tells you how many interfaces the concrete child class has
(as defined in the TypeInfo). This means if you have a child class which defines
no interfaces of its own, but its parent has interfaces you cannot cast to those
parent interfaces.
Fixed changing the guard to check the class->interfaces list instead (which is
a complete flattened list of implemented interfaces).
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: a8c2db3b9b1f3c4bb81aca352b69e33260f36545.1361246206.git.peter.crosthwaite@xilinx.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The QOM framework will attempt the recreate a classes interface list from
scratch for each class. This means that a child class should zero out the
list of interfaces when cloned from the parent class.
Currently the list is memcpy()d from the parent to the child. As the interface
list is just a pointer to a list, this means the parent and child will share
the same list of interfaces. When the child inits, it will append its own
interfaces to the parents list. This is incorrect as the parent should not pick
up its childs interfaces.
This actually causes an infinite loop at class init time, as the child will
iterate through the parent interface list adding each itf to its own list(in
type_initialize()). As the list is (erroneously) shared, the new interface
instances for the child are appended to the parent, and the iterator never hits
the tail and loops forever.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1f58d2b629d82865dbb2fd5ba8445854049c4382.1361246206.git.peter.crosthwaite@xilinx.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
In case host and guest endianness differ the vga code first creates
a shared surface (using qemu_create_displaysurface_from), then goes
patch the surface format to indicate that the bytes must be swapped.
The switch to pixman broke that hack as the format patching isn't
propagated into the pixman image, so ui code using the pixman image
directly (such as vnc) uses the wrong format.
Fix that by adding a byteswap parameter to
qemu_create_displaysurface_from, so we'll use the correct format
when creating the surface (and the pixman image) and don't have
to patch the format afterwards.
[ v2: unbreak xen build ]
Cc: qemu-stable@nongnu.org
Cc: mark.cave-ayland@ilande.co.uk
Cc: agraf@suse.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1361349432-23884-1-git-send-email-kraxel@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The top level TODO file hasn't been touched since 2008, so it's now
an unhelpful and out of date mix of things that have already been done,
things that don't make sense any more and things which could in theory
be done but are not in practice important enough (or we'd have done
them some time in the last five years). Remove it. The bug tracking
system is probably a better place to track TODO items if we want to
do so.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1361377462-19816-1-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
AioHandler already has a GPollFD so we can directly use its
events/revents.
Add the int pollfds_idx field to AioContext so we can map g_poll(3)
results back to AioHandlers.
Reuse aio_dispatch() to invoke handlers after g_poll(3).
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1361356113-11049-10-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
We will need to loop over AioHandlers calling ->io_read()/->io_write()
when aio_poll() is converted from select(2) to g_poll(2).
Luckily the code for this already exists, extract it into the new
aio_dispatch() function.
Two small changes:
* aio_poll() checks !node->deleted to avoid calling handlers that have
been deleted.
* Fix typo 'then' -> 'them' in aio_poll() comment.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1361356113-11049-9-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Slirp uses rfds/wfds/xfds more extensively than other QEMU components.
The rarely-used out-of-band TCP data feature is used. That means we
need the full table of select(2) to g_poll(3) events:
rfds -> G_IO_IN | G_IO_HUP | G_IO_ERR
wfds -> G_IO_OUT | G_IO_ERR
xfds -> G_IO_PRI
I came up with this table by looking at Linux fs/select.c which maps
select(2) to poll(2) internally.
Another detail to watch out for are the global variables that reference
rfds/wfds/xfds during slirp_select_poll(). sofcantrcvmore() and
sofcantsendmore() use these globals to clear fd_set bits. When
sofcantrcvmore() is called, the wfds bit is cleared so that the write
handler will no longer be run for this iteration of the event loop.
This actually seems buggy to me since TCP connections can be half-closed
and we'd still want to handle data in half-duplex fashion. I think the
real intention is to avoid running the read/write handler when the
socket has been fully closed. This is indicated with the SS_NOFDREF
state bit so we now check for it before invoking the TCP write handler.
Note that UDP/ICMP code paths don't care because they are
connectionless.
Note that slirp/ has a lot of tabs and sometimes mixed tabs with spaces.
I followed the style of the surrounding code.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1361356113-11049-6-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Use g_poll(3) instead of select(2). Well, this is kind of a cheat.
It's true that we're now using g_poll(3) on POSIX hosts but the *_fill()
and *_poll() functions are still using rfds/wfds/xfds.
We've set the scene to start converting *_fill() and *_poll() functions
step-by-step until no more rfds/wfds/xfds users remain. Then we'll drop
the temporary gpollfds_from_select() and gpollfds_to_select() functions
and be left with native g_poll(2).
On Windows things are a little crazy: convert from rfds/wfds/xfds to
GPollFDs, back to rfds/wfds/xfds, call select(2), rfds/wfds/xfds back to
GPollFDs, and finally back to rfds/wfds/xfds again. This is only
temporary and keeps the Windows build working through the following
patches. We'll drop this excessive conversion later and be left with a
single GPollFDs -> select(2) -> GPollFDs sequence that allows Windows to
use select(2) while the rest of QEMU only knows about GPollFD.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1361356113-11049-3-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Test cases are scraped from Markus Kuhn's UTF-8 decoder capability and
stress test at
http://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt
Unfortunately, both JSON parser and formatter misbehave right now.
This test expects current, incorrect results. They're all clearly
marked, and are to be replaced by correct ones as the bugs get fixed.
See comments in new utf8_string() for details.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
# By Alin Tomescu (1) and others
# Via Stefan Hajnoczi
* stefanha/trivial-patches:
.gitignore: Ignore optionrom/*.asm
ppc: fix bamboo >256MB RAM initialization in hw/ppc4xx_devs.c
Add some missing qtest binaries to .gitignore
xilinx_axienet.c: Assert no error when making link
Remove forward declaration of non-existant variable
I was trying to launch a PowerPC "bamboo" machine with more than 256MB of RAM
with qemu-system-ppc -M bamboo -kernel $kernel -initrd $ramdisk -m 512, but QEMU
would just hang. However, when I used -m 256, the machine would boot.
I looked through the code in hw/ and it seems there is an error when the
RAM memory is setup (if my understanding is correct).
After patching it, the machine launched and booted successfully with 512MB of
RAM.
Signed-off-by: Alin Tomescu <tomescu.alin@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
These binaries are generated during make check on at least some
configurations, so att them to .gitignore.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This gives an awful silent failure when it doesn't work. Assert against link
creation failure.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The shift and rotate insns use movcond to set CC_OP, and thus
achieve a conditional EFLAGS setting. By discarding CC_OP in
a later flags setting insn, we can discard that movcond.
Signed-off-by: Richard Henderson <rth@twiddle.net>
We weren't computing flags for lzcnt at all. At the same time,
adjust the implementation of bsf/bsr to avoid the local branch,
using movcond instead.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Add streams support to the xhci emulation. No secondary streams yet,
only linear stream arays are supported for now.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds support for usb3 streams to the usb subsystem core.
This is just adding a streams field / parameter in a number of places.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Fix the ordering of the endpoint descriptors for superspeed endpoints:
The superspeed companion must come first, possible additional
descriptors for the endpoint after that.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
usb_packet_copy can handle combined packets now,
so it isn't needed to special-case them any more.
Also use the new usb_packet_size() function.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The code handling the "-usbdevice host:..." legacy command line
syntax is moved to the new hw/usb/host-legacy.c file.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Leave the core usb devices (usb hub, tablet, mouse, keyboard)
enabled unconditionally. Make the other ones configurable.
Exceptions:
- bluetooth: not qdevified yet, has a vl.c dependency because
of that, thus disabling isn't as easy as not linking the
object file.
- smardcard: ccid-card-emulated depends on that one *and*
CONFIG_SMARTCARD_NSS. So it isn't a one-liner and comes
as separate patch because of that.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Make it handle multiple include statements in a file:
(1) The printf needs a space so the include files will be separated.
(2) Also $f can contain multiple failes, so redirection will not work
and we have to use cat to process all files.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
As this is the first of the BMI insns to be implemented,
this carries quite a bit more baggage than normal.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Add another slot in ENV and store two of the three inputs. This lets us
do less work when carry-out is not needed, and avoids the unpredictable
CC_OP after translating these insns.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Pass the data in explicitly, rather than indirectly via env.
This avoids all sorts of unnecessary register spillage.
Signed-off-by: Richard Henderson <rth@twiddle.net>
In preparation for making this a const helper.
By using the proper types in the parameters to the helper functions,
we get to avoid quite a lot of subsequent casting.
Signed-off-by: Richard Henderson <rth@twiddle.net>
After a comparison or subtraction, the original value of the LHS will
currently be reconstructed using an addition. However, in most cases
it is already available: store it in a temp-local variable and save 1
or 2 TCG ops (2 if the result of the addition needs to be extended).
The temp-local can be declared dead as soon as the cc_op changes again,
or also before the translation block ends because gen_prepare_cc will
always make a copy before returning it. All this magic, plus copy
propagation and dead-code elimination, ensures that the temp local will
(almost) never be spilled.
Example (cmp $0x21,%rax + jbe):
Before After
----------------------------------------------------------------------------
movi_i64 tmp1,$0x21 movi_i64 tmp1,$0x21
movi_i64 cc_src,$0x21 movi_i64 cc_src,$0x21
sub_i64 cc_dst,rax,tmp1 sub_i64 cc_dst,rax,tmp1
add_i64 tmp7,cc_dst,cc_src
movi_i32 cc_op,$0x11 movi_i32 cc_op,$0x11
brcond_i64 tmp7,cc_src,leu,$0x0 discard loc11
brcond_i64 rax,cc_src,leu,$0x0
Before After
----------------------------------------------------------------------------
mov (%r14),%rbp mov (%r14),%rbp
mov %rbp,%rbx mov %rbp,%rbx
sub $0x21,%rbx sub $0x21,%rbx
lea 0x21(%rbx),%r12
movl $0x11,0xa0(%r14) movl $0x11,0xa0(%r14)
movq $0x21,0x90(%r14) movq $0x21,0x90(%r14)
mov %rbx,0x98(%r14) mov %rbx,0x98(%r14)
cmp $0x21,%r12 | cmp $0x21,%rbp
jbe ... jbe ...
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Placing the CC_OP_DYNAMIC at the join is less effective than
before the branch, as the branch will have forced global registers
to their home locations. This way we have a chance to discard
CC_SRC2 before it gets stored.
Signed-off-by: Richard Henderson <rth@twiddle.net>
A jump that ends a basic block or otherwise falls back to CC_OP_DYNAMIC
will always have to call gen_op_set_cc_op. However, not all jumps end
a basic block, so introduce a variant that does not do this.
This was partially undone earlier (i386: drop cc_op argument of gen_jcc1),
redo it now also to prepare for the introduction of src2.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Replace low-level ops with a higher-level "cmp %al, (A0)" in the case
of scas, and "cmp T0, (A0)" in the case of cmps.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
It is almost unused, and it is simpler to pass a TCG value directly
to gen_shiftd_rm_T1_T3. This value is then written to t2 without
going through a temporary register.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
This simplifies all the jump generation code. CCPrepare allows the
code to create an efficient brcond always, so there is no need to
duplicate the setcc and jcc code.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
This makes the i386 front-end able to create CCPrepare structs for all
condition, not just those that come from a single flag. In particular,
JCC_L and JCC_LE can be optimized because gen_prepare_cc is not forced
to return a result in bit 0 (unlike gen_setcc_slow).
However, for now the slow jcc operations will still go through CC
computation in a single-bit temporary, followed by a brcond if the
temporary is nonzero.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Introduce a struct that describes how to build a *cond operation
that checks for a given x86 condition code. For now, just change
gen_compute_eflags_* to return the new struct, generate code for
the CCPrepare struct, and go on as before.
[rth: Use ctz with the proper width rather than ffs.]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reconstruct the arguments for complex conditions involving CC_OP_SUBx (BE,
L, LE). In the others do it via setcond and gen_setcc_slow (which is
not that slow in many cases).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
And allow gen_setcc_slow to operate on cpu_cc_src.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
This is looking at EFLAGS, but it can do so more efficiently with
setcond.
Reviewed-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Do the switch at translation time, converting the helper templates to
TCG opcodes. In some cases CF can be computed with a single setcond,
though others it may require a little more work.
In the CC_OP_DYNAMIC case, compute the whole EFLAGS, same as for ZF/SF/PF.
Reviewed-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Make gen_compute_eflags_z and gen_compute_eflags_s able to compute the
inverted condition, and use this in gen_setcc_slow_T0. We cannot do it
yet in gen_compute_eflags_c, but prepare the code for it anyway. It is
not worthwhile for PF, as usual.
shr+and+xor could be replaced by and+setcond. I'm not doing it yet.
Reviewed-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
ZF, SF and PF can always be computed from CC_DST except in the
CC_OP_EFLAGS case (and CC_OP_DYNAMIC, which just resolves to CC_OP_EFLAGS
in gen_compute_eflags). Use setcond to compute ZF and SF.
We could also use a table lookup to compute PF.
Reviewed-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
This gets us universal coverage, rather than scattering discards
around at various places. As a bonus, we do not emit redundant
discards e.g. between sequential logic insns.
Signed-off-by: Richard Henderson <rth@twiddle.net>
This makes code more similar to the other callers of gen_eob, especially
loopz/loopnz/jcxz.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
After calling gen_compute_eflags, leave the computed value in cc_reg_src
and set cc_op to CC_OP_EFLAGS. The next few patches will remove anyway
most calls to gen_compute_eflags.
As a result of this change it is more natural to remove the register
argument from gen_compute_eflags and change all the callers.
Reviewed-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Introduce new functions to extract PF, SF, OF, ZF in addition to CF.
These provide single entry points for optimizing accesses to a single
flag.
Reviewed-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
All of the conditional calls to gen_op_set_cc_op go away, and
gen_op_set_cc_op itself gets inlined into its only remaining caller.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Use a dirty flag to know whether env->cc_op is up to date,
rather than forcing s->cc_op to DYNAMIC and losing info.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Before computing flags we need to store the cc_op to memory. Move this
to gen_compute_eflags_c and gen_compute_eflags rather than doing it all
over the place.
Alo, after computing the flags in cpu_cc_src we are in EFLAGS mode.
Set s->cc_op and discard cpu_cc_dst in gen_compute_eflags, rather than
doing it all over the place.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Discard CC_DST and set s->cc_op immediately after computing EFLAGS.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Always compute EFLAGS first since it is needed whenever
the shift is non-zero, i.e. most of the time. This makes it possible
to remove some writes of CC_OP_EFLAGS to cpu_cc_op and more importantly
removes cases where s->cc_op becomes CC_OP_DYNAMIC. Also, we can
remove cc_tmp and just modify cc_src from within the helper.
Finally, always follow gen_compute_eflags(cpu_cc_src) by setting s->cc_op
and discarding cpu_cc_dst.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
This ensures the invariant that cpu_cc_op matches s->cc_op when calling
the helpers. The next patches need this because gen_compute_eflags and
gen_compute_eflags_c will take care of setting cpu_cc_op.
Always compute EFLAGS first since it is needed whenever the shift is
non-zero, i.e. most of the time. This makes it possible to remove some
writes of CC_OP_EFLAGS to cpu_cc_op and more importantly removes cases
where s->cc_op becomes CC_OP_DYNAMIC. These are slow and we want to
avoid them: CC_OP_EFLAGS is quite efficient once we paid the initial
cost of computing the flags.
Finally, always follow gen_compute_eflags(cpu_cc_src) by setting s->cc_op
and discarding cpu_cc_dst.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
This ensures the invariant that cpu_cc_op matches s->cc_op when calling
the helpers. The next patches need this because gen_compute_eflags and
gen_compute_eflags_c will take care of setting cpu_cc_op.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
As in the gen_repz_scas/gen_repz_cmps case, delay setting
CC_OP_DYNAMIC in gen_jcc until after code generation. All of
gen_jcc1/is_fast_jcc/gen_setcc_slow_T0 now work on s->cc_op, which makes
things a bit easier to follow and to patch.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Set it to the appropriate CC_OP_SUBx constant in gen_scas/gen_cmps.
In the repz case it can be overridden to CC_OP_DYNAMIC after generating
the code.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Introduce a function that abstracts extracting an 8, 16, 32 or 64-bit value
with or without sign, generalizing gen_extu and gen_exts.
Reviewed-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
In my installation of GNU-TLS (v3.0.23) the type
gnutls_anon_server_credentials is marked deprecated, so -Werror
breaks compilation.
Simply replacing it with the newer ..._t version fixed the compilation
on my machine (Slackware 14.0). I cannot tell how far back this "new"
type goes, at least the header file in RHEL 5.0 (v1.4.1) seems to have
it already. If someone finds a broken distribution, tell me and I
insert some compat code.
Signed-off-by: Andre Przywara <andre.przywara@amd.com>
Message-id: 1350551818-14717-1-git-send-email-andre.przywara@amd.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
End tables before headings, start new ones afterwards. Fixes
incorrect indentation of headings "File system options" and "Virtual
File system pass-through options" in manual page and qemu-doc.
Normalize markup some to increase chances it survives future edits.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1360781383-28635-5-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Introduce [qtest_]{read,write}[bwlq]() libqtest functions and
corresponding QTest protocol commands to replace local versions in
libi2c-omap.c.
Also convert m48t59-test's cmos_{read,write}_mmio() to {read,write}b().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1361051043-27944-4-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
In order to convert qmp() macro to an inline function, expose a
qtest_qmpv() function, reused by qtest_qmp().
We can't apply GCC_FMT_ATTR() since fdc-test is using zero-length format
strings, which would result in warnings treated as errors.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1361051043-27944-3-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
libqtest.h provides a number of shortcut macros to avoid tests feeding
it the QTestState they operate on. Most of these can easily be turned
into static inline functions, so let's do that for clarity.
This avoids getting off-by-one error messages when passing wrong args.
Some macros had a val argument but documented @value argument. Fix this.
While touching things, enforce gtk-doc markup for return values and for
referencing types.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1361051043-27944-2-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Andreas Färber
# Via Andreas Färber
* afaerber/qom-cpu: (47 commits)
target-i386: Split command line parsing out of cpu_x86_register()
target-i386: Move cpu_x86_init()
target-lm32: Drop unused cpu_lm32_close() prototype
target-s390x: Drop unused cpu_s390x_close() prototype
spapr_hcall: Replace open-coded CPU loop with qemu_get_cpu()
ppce500_spin: Replace open-coded CPU loop with qemu_get_cpu()
e500: Replace open-coded loop with qemu_get_cpu()
cpu: Add CPUArchState pointer to CPUState
cputlb: Pass CPUState to cpu_unlink_tb()
cpu: Move current_tb field to CPUState
cpu: Move exit_request field to CPUState
cpu: Move running field to CPUState
cpu: Move host_tid field to CPUState
target-cris: Introduce CRISCPU subclasses
target-m68k: Pass M68kCPU to m68k_set_irq_level()
mcf_intc: Pass M68kCPU to mcf_intc_init()
mcf5206: Pass M68kCPU to mcf5206_init()
target-m68k: Return M68kCPU from cpu_m68k_init()
ppc405_uc: Pass PowerPCCPU to ppc40x_{core,chip,system}_reset()
target-xtensa: Move TCG initialization to XtensaCPU initfn
...
The new formulation makes better use of add-with-carry type insns
that the host may have. Use gcc's sign adjustment trick to avoid
having to perform a 128-bit negation.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Replace some x86_64 specific inline assembly with something that
all 64-bit hosts ought to optimize well. At worst this becomes
a call to the gcc __multi3 routine, which is no worse than our
implementation in util/host-utils.c.
With gcc 4.7, we get identical code generation for x86_64. We
now get native multiplication on ia64 and s390x hosts. With minor
improvements to gcc we can get it for ppc64 as well.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
In order to instantiate a CPU subtype we will need to know which type,
so move the cpu_model splitting into cpu_x86_init().
Parameters need to be set on the X86CPU instance, so move
cpu_x86_parse_featurestr() into cpu_x86_init() as well.
This leaves cpu_x86_register() operating on the model name only.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Consolidate CPU functions in cpu.c.
Allows to make cpu_x86_register() static.
No functional changes.
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The helper functions all access ppc-specific fields only so don't bother
to change arguments to PowerPCCPU and use env_ptr instead.
No functional change.
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Potentially env could be NULL whereas cpu would still be valid and
correspond to a previous env.
Wrapping this in qemu_get_cpu(), env is no longer needed, so simplify
code that existed before 55e5c28502.
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Since we still need env for ppc-specific fields, obtain it via the new
env_ptr fields to avoid "cpu" name conflicts between CPUState and
PowerPCCPU for now.
This fixes a potential issue with env being NULL at the end of the loop
but cpu still being a valid pointer corresponding to a previous env.
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The target-specific ENV_GET_CPU() macros have allowed us to navigate
from CPUArchState to CPUState. The reverse direction was not supported.
Avoid introducing CPU_GET_ENV() macros by initializing an untyped
pointer that is initialized in derived instance_init functions.
The field may not be called "env" due to it being poisoned.
Acked-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Explictly NULL it on CPU reset since it was located before breakpoints.
Change vapic_report_tpr_access() argument to CPUState. This also
resolves the use of void* for cpu.h independence.
Change vAPIC patch_instruction() argument to X86CPU.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Use class_init functions to initialize the VR in preparation for
overriding v32+ behavior there.
Move cpu_cris_init() to cpu.c and hook up a class_by_name callback.
This change leads to unknown -cpu model names no longer falling back
to a CPU with VR 32 but instead returning NULL.
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Combine this with breakpoint handler registration, guarding both with
tcg_enabled() to suppress also TCG init for qtest. Rename the handler to
xtensa_breakpoint_handler() since it needs to become global.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Normalize the "inited" logic and add a tcg_enabled() check to suppress
it for qtest.
Ensures that a QOM-created UniCore32CPU is usable.
Acked-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Split off TCG initialization from cpu_mb_init() into mb_tcg_init() to
call it from the initfn.
Ensures that a QOM-created MicroBlazeCPU is usable.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Split out TCG initialization from cpu_cris_init(). Avoid CPUCRISState
dependency for v10-specific initialization and for non-v10 by inlining
the decision into the initfn as well.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Introduce a realizefn and set realized = true in uc32_cpu_init().
Acked-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
[AF: Invoke the parent's realizefn]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Introduce realizefn and set realized = true in cpu_s390x_init().
Defer CPU reset from initfn to realizefn.
Acked-by: Richard Henderson <rth@twiddle.net>
[AF: Invoke parent's realizefn]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Introduce realizefn and set realized = true in cpu_m68k_init().
Split off GDB registration to a new m68k_cpu_init_gdb() so that it can
be called from the realizefn.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Introduce a realizefn and set realized = true in cpu_lm32_init().
Also move cpu_reset() call from initfn to realizefn.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Introduce realizefn and set realized = true from cpu_cris_init().
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Adapt ppc_cpu_realize() signature, hook it up to DeviceClass and set
realized = true in cpu_ppc_init().
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Update the openrisc_cpu_realize() signature, hook it up to
DeviceClass::realize and set realized = true in cpu_openrisc_init().
qapi/error.h is now included through qdev and no longer needed.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Jia Liu <proljc@gmail.com>
Adapt the signature of x86_cpu_realize(), hook up to
DeviceClass::realize and set realized = true in cpu_x86_init().
The QOM realizefn cannot depend on errp being non-NULL as in
cpu_x86_init(), so use a local Error to preserve error handling behavior
on APIC initialization errors.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
[AF: Invoke parent's realizefn]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Turn arm_cpu_realize() into a QOM realize function, no longer called
via cpu.h prototype. To maintain the semantics of cpu_init(), set
realized = true explicitly in cpu_arm_init().
Move GDB coprocessor registration, CPU reset and vCPU initialization
into the realizefn.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Update the alpha_cpu_realize() signature and hook up to
DeviceClass::realize. Set realized = true in cpu_alpha_init().
qapi/error.h is included through qdev now and no longer needed.
Acked-by: Richard Henderson <rth@twiddle.net>
[AF: Invoke parent's realizefn]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Use clz32 directly. Which makes slightly more sense given
that the input is type "int" and not type "long".
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
A memory size of zero is invalid, and so that edge condition
does not occur.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The use of ctz has already eliminated zero, and thus the difference
in edge conditions between the two routines is irrelevant.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Both uses of ctz have already eliminated zero, and thus the difference
in edge conditions between the two routines is irrelevant.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Add function comments to the routines, documenting the corner
cases upon which we are standardizing. Fix the few instances
of non-standard coding style.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
We will standardize on these names, rather than the similar routines
currently residing in qemu/bitops.h.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Rename the typedef CPULogItem and the public array cpu_log_items
to names that better reflect the fact that the qemu_log functionality
isn't restricted to TCG CPU debug logs any more.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The set_cpu_log() function in cpus.c is a fairly simple wrapper
which is only called from one location. Just inline the code
into vl.c, since there is no need to indirect it via cpus.c
and the handling of the error case is more appropriate to vl.c.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Rename the public-facing function cpu_set_log to qemu_set_log. This
requires us to rename the internal-only qemu_set_log() to
do_qemu_set_log().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Rename cpu_str_to_log_mask() to qemu_str_to_log_mask(), since
the qemu_log functionality is no longer restricted to TCG CPU
debug logging.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Abstract out the "print a human readable list of all the
valid log categories" functionality which is currently duplicated
in three separate places. (We leave the monitor.c help_cmd()
implementation as-is since it wants to send the message to
the monitor and add its own information.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The qemu_log() functionality is no longer specific to TCG CPU debug logs.
Rename cpu_set_log_filename() to qemu_set_log_filename() and drop the
pointless wrapper set_cpu_log_filename().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
It's worth to clean-up translation blocks variables and move them
into one context as was suggested by Swirl.
Also if we use this context directly inside tcg_ctx, then it
speeds up code generation a bit.
Signed-off-by: Evgeny Voevodin <evgenyvoevodin@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
@@ -303,11 +303,11 @@ int print_insn_lm32(bfd_vma memaddr, struct disassemble_info *info)
}
case'c':{
uint8_tcsr;
constchar*csr_name;
constLm32CsrInfo*info;
csr=(op>>21)&0x1f;
csr_name=find_csr_info(csr)->name;
if(csr_name){
fprintf_fn(stream,"%s",csr_name);
info=find_csr_info(csr);
if(info){
fprintf_fn(stream,"%s",info->name);
}else{
fprintf_fn(stream,"0x%x",csr);
}
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
