Ian Jackson [Thu, 6 Sep 2012 16:05:30 +0000 (17:05 +0100)]
Disable qemu monitor by default. The qemu monitor is an overly
powerful feature which must be protected from untrusted (guest)
administrators.
Neither xl nor xend expect qemu to produce this monitor unless it is
explicitly requested.
This is a security problem, XSA-19. Previously it was CVE-2007-0998
in Red Hat but we haven't dealt with it in upstream. We hope to have
a new CVE for it here but we don't have one yet.
Change tap device mac address to prevent change of bridge's mac
Qemu tap device is created with random mac address and then add to
bridge. Due to linux kernel handlig, bridge change its mac address to
tap mac in case tap m ac is lower than bridge one. This can lead to
short network breakage for dom0 a nd guests.
This patch set tap device mac adress to FE:FF:FF:FF:FF:FF to ensure
tap device mac is always higher then bridge one.
(In xen-unstable this is handled by the hotplug scripts, not
qemu-ifup, so the change there is to xen-unstable.hg.)
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> Cc: Ian Campbell <Ian.Campbell@citrix.com> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Jackson [Wed, 9 Jun 2010 16:10:59 +0000 (17:10 +0100)]
Fix read-only image file handling
Hi,
this is the patch for qemu-xen-3.4-testing to fix the read-only
image file handling since the image file was always treated as
read-write which means that all the HVM guests were able to
write to all the disk images available in domain configuration
file no matter what the mode of the image was defined. This
patch fixes this functionality to honor the O_RDONLY in the
BDRV_O_ACCESS flag in block.c and also fixes the IDE and SCSI
interfaces that uses it.
It's been tested on RHEL-5 with xen-3.4-testing version of
upstream xen with xen-3.4-testing qemu implementation. The
patch is applicable to qemu-xen-unstable.git as well with no
modifications.
When you want to mount an image that is set as read-only in the
domain configuration file but you omit to set mode to read-only
it results into I/O errors when processing the requests.
Remounting as read-only or unmounting and remounting using the
`mount /dev/* /path/to/mount -o ro` shall do the mounting the
correct way, i.e. with no I/O errors, so make sure you mount
those disks as read-only otherwise you can be getting errors like:
end_request: I/O error, dev hdb, sector 52
Buffer I/O error on device hdb1, logical block 1
lost page write due to I/O error on hdb1
and for IDE devices you'll be getting several additional DeviceFault
errors since mounting the device read-write (default setting) writes
some data onto a disk at the mount-time.
For SCSI devices the DATA PROTECT request sense has been added
as found at: http://en.wikipedia.org/wiki/SCSI_Request_Sense_Command
Ian Jackson [Fri, 21 May 2010 14:46:55 +0000 (15:46 +0100)]
Wait for frontend state Connected before connecting the backend
The frontend of the framebuffer set a value (request-abs-pointer) and go
to the state Connected. The backend must read this value only when the
frontend has the state Connected.
From: Anthony PERARD <anthony.perard@citrix.com> Tested-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
(cherry picked from commit 805ed3b20492d2f4bb465bfda65cedd286e23209)
Ian Jackson [Tue, 13 Apr 2010 11:07:33 +0000 (12:07 +0100)]
passthrough: fix segmentation fault after hotplug pass-through device
This patch fixed the QEMU segmentation fault after hotplug
pass-through devices with MSI-X for many times.
There is a wrong boundary check in cpu_register_io_memory that uses
io_index rather than io_mem_nb. After many times of hotplug of MSI-X
pass-through device, io_mem_read[] got extended to overwrite mmio_cnt,
then cause QEMU segmentation fault.
This fix sync with upstream QEMU code in exec.c, and free unused
io_mem_XXX element after hot removal.
Ian Jackson [Thu, 8 Apr 2010 15:56:24 +0000 (16:56 +0100)]
passthrough: fix header type register emulation
This patch fixes the emulation of latency timer and header type.
The change set of cc1a204423475ff7a918b11d78b9ae637f320e23
deleted the header type register emulation.
On the other hand, the change set of ec5e52d5cb2e6f8851c345b7c3095fe2030fff9c
tries to update header type emulation, however it wrongly
touches latency timer emulation part.
I think this was caused by mis-merging. This patch sorts it out.
Cc: Dexuan Cui <dexuan.cui@intel.com> Cc: Masaki Kanno <kanno.masaki@jp.fujitsu.com> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com> Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp> Acked-by: Simon Horman <horms@verge.net.au>
(cherry picked from commit 7b4b8f46343223f67d952f6284d65de4d79e40f0)
Ian Jackson [Wed, 24 Mar 2010 17:15:12 +0000 (17:15 +0000)]
Add sanity check for vcpu config
Currently Xen/Qemu support max 128 vcpus. To avoid mis-setting
at config file, this patch add sanity check for vcpu config.
1. maxvcpus and vcpus should no more than HVM_MAX_VCPUS (128)
2. vcpus should no more than maxvcpus.
Ian Jackson [Thu, 18 Mar 2010 16:50:44 +0000 (16:50 +0000)]
Allow changing CD for /dev/xvdX devices.
We found the issue being not able to change CD on the HVM-Domain.
It is possible on the /dev/hdc device,
but it is impossible on the/dev/xvdc device.
We want to work it as all /dev/xvdX devices on the HVM-domain
as well as on the PV-domain.
Signed-off-by: Takanori Kasai <kasai.takanori@jp.fujitsu.com>
The execution method is as follows.
----------------------------------------------------------------------
Domain configuration file:
disk = ["tap:aio:/<guest image file>,xvda,w", ",xvdc:cdrom,r"]
Operation that assign CD:
# xm block-configure <domain> file:<iso image> xvdc:cdrom r
Operation that releases CD
# xm block-configure <domain> '' xvdc:cdrom r
----------------------------------------------------------------------
Ian Jackson [Thu, 18 Mar 2010 16:45:51 +0000 (16:45 +0000)]
Fix vcpu hotplug bug: get correct vcpu_avail bitmap
Currently qemu has a bug: When maxvcpus > 64, qemu will get wrong
vcpu bitmap (s->cpus_sts[i]) since it only get bitmap from a long variable.
This patch, cooperate with another xend python patch, is to fix this bug.
This patch get hex string from xend, transfer it to correct vcpu_avail bitmap
which saved at an uint32_t array.
Signed-off-By: Liu, Jinsong <jinsong.liu@intel.com>
(This is [PATCH 2/2], the other half is in xen-unstable.hg)
Ian Jackson [Tue, 9 Mar 2010 17:55:41 +0000 (17:55 +0000)]
Enable sound
This enables sound emulation by fixing the missing feature in configure.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Contributed-by: Christian Motschke <christian@motschke.de>
(Trivial 3-line patch supplied without S-o-b from contributor.)
Ian Jackson [Mon, 1 Mar 2010 16:14:50 +0000 (16:14 +0000)]
passthrough: gfx_passthru: warning when vgabios rom has invalid checksum
In the native environment, the VGABIOS, the expansion ROM on the
graphics card, is placed into the 0C0000h address space, and then
executed. Of course, the checksum of the ROM must be valid.
After this initialization, the system BIOS, the actual BIOS of the M/B,
can resize the expansion ROM code to reduce the amount of occupied
space. If the system BIOS resizes it, a new checksum must be calculated
and stored in the ROM image that is on the RAM.
So, normally, shadowed VGABIOS, that is placed in 0C0000h, is already
modified and its checksum must be recalculated.
Qemu-dm copies 0C0000h's contents of the dom0 to guest's 0C0000h.
Guest re-uses dom0's used-up VGABIOS.
The problem that I mentioned is about this recalculated checksum.
System BIOS must guarantee the checksum after the resizing, but,
some M/B does not.
However, after adjusting the checksum, guest seems to work, and
current qemu-dm does so. The buggy system BIOS might just forgets
to recalculate.
Signed-off-by: Noboru Iwamatsu <n_iwamatsu@jp.fujitsu.com> Acked-by: Weidong Han <weidong.han@intel.com>
Ian Jackson [Tue, 16 Feb 2010 16:09:06 +0000 (16:09 +0000)]
passthrough: magic protocol passthrough fix fix
The previous changeset 60b80e3ee319e908069d1603e5b73f815acdffac had a
bug qemu-xen-unstable, in that test_pci_slot is only in 3.4-testing.
This patch makes it use the new devfn-based interface.
Contributed-by: Stefano Stabellini <Stefano.Stabellini@eu.citrix.com> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Jackson [Mon, 15 Feb 2010 14:08:53 +0000 (14:08 +0000)]
passthrough: magic ioport protocol no longer unplugs passthrough NICs
On Fri, 12 Feb 2010, Zhai, Edwin wrote:
> [bugs:]
>
> 1. Pass-through NICs are also unplugged, although them have different
> path with vnif and emulated NIC.
You are right, that is a bug and this patch should fix it.
Ian Jackson [Thu, 4 Feb 2010 17:04:48 +0000 (17:04 +0000)]
passthrough: support Intel IGD passthrough with VT-D
Some registers of Intel IGD are mapped in host bridge, so it needs to
passthrough these registers of physical host bridge to guest because
emulated host bridge in guest doesn't have these mappings.
Some VBIOSs and drivers ssume the IGD BDF (bus:device:function) is
always 00:02.0, so this patch reserves 00:02.0 for assigned IGD in
guest.
(Patch modified slightly by Ian Jackson.)
Signed-off-by: Weidong Han <weidong.han@intel.com> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Jackson [Mon, 1 Feb 2010 16:33:52 +0000 (16:33 +0000)]
Fix lost serial TX interrupts. Report receive overruns.
This patch corrects emulation errors in QEMU's 16550 uart emulation,
which cause compatibility issues with FreeBSD's uart(9) driver.
o Implement receive overrun status. The FreeBSD uart(9) driver
relies on this status in it's probe routine to determine the size
of the FIFO supported.
o As per the 16550 spec, do not overwrite the RX FIFO on an RX overrun.
o Do not allow TX or RX FIFO overruns to increment the data valid count
beyond the size of the FIFO.
o For reads of the IIR register, only clear the "TX holding register
empty" (THRE) interrupt if the read reports this interrupt. This
is required by the specification and avoids losing TX interrupts
when other, higher priority interrupts (usually RX) are reported first.
This patch also includes a fix for a second cause of lost TX interrupts,
which was submitted by Jergen Lock, and is already in the latest QEMU.
o If a receive interrupt is suppressed due to the FIFO not yet filling
to its interrupt threshold, do not also supress any pending THRE
interrupt.
A version of this patch, against the latest QEMU, has also been submitted
to the qemu-devel mailing list.
Ian Jackson [Mon, 4 Jan 2010 17:49:06 +0000 (17:49 +0000)]
passthrough: Fix MSI-x devices assignment.
Currenlty, assigned MSI-x devices fails to
work due to incorrect table_offset_adjust setting.
The last field msix_entryof struct pt_msix_info is
a variable-size array, so there shouldn't be any field
after it, otherwise they maybe destroyed
when access msix_entry.
Ian Jackson [Mon, 4 Jan 2010 17:48:14 +0000 (17:48 +0000)]
passthrough: always use hw intx and always get it from the same place
The assumption that function zero always uses INTA tuns out not
to be true in the wild. This leaves us with three options.
1) Always use INTA
This was the case before multi-function pass-through was possible.
But with the advent of multi-function pass-through this may lead
to excessive virtual GSI sharing.
2) Fix emulation to use INTA for function zero
3) Always use the hardware value for INTx
There doesn't seem to be much between 2) and 3) but the latter seems
slightly cleaner so I advocate that approach.
Cc: Tom Rotenberg <tom.rotenberg@gmail.com> Cc: Edwin Zhai <edwin.zhai@intel.com> Signed-off-by: Simon Horman <horms@verge.net.au>
[patch 2/2] qemu-xen: pass-through: always use hw intx
From:
[patch 0/2] qemu-xen: pass-through: always use hw intx
pass-through: always use hw intx and always get it from the same place
The assumption that function zero always uses INTA tuns out not
to be true in the wild. This leaves us with three options.
1) Always use INTA
This was the case before multi-function pass-through was possible.
But with the advent of multi-function pass-through this may lead
to excessive virtual GSI sharing.
2) Fix emulation to use INTA for function zero
3) Always use the hardware value for INTx
There doesn't seem to be much between 2) and 3) but the latter seems
slightly cleaner so I advocate that approach.
Ian Jackson [Mon, 4 Jan 2010 17:47:03 +0000 (17:47 +0000)]
passthrough: move pci_read_intx() and pci_intx()
Move pci_read_intx() and pci_intx() to above pt_irqpin_reg_init().
This is requred for a subsequent patch where pt_irqpin_reg_init()
calls pci_read_intx().
Cc: Tom Rotenberg <tom.rotenberg@gmail.com> Cc: Edwin Zhai <edwin.zhai@intel.com> Signed-off-by: Simon Horman <horms@verge.net.au>
[patch 1/2] qemu-xen: pass-through: move pci_read_intx() and pci_intx()
From:
[patch 0/2] qemu-xen: pass-through: always use hw intx
pass-through: always use hw intx and always get it from the same place
The assumption that function zero always uses INTA tuns out not
to be true in the wild. This leaves us with three options.
1) Always use INTA
This was the case before multi-function pass-through was possible.
But with the advent of multi-function pass-through this may lead
to excessive virtual GSI sharing.
2) Fix emulation to use INTA for function zero
3) Always use the hardware value for INTx
There doesn't seem to be much between 2) and 3) but the latter seems
slightly cleaner so I advocate that approach.
Ian Jackson [Mon, 4 Jan 2010 17:12:44 +0000 (17:12 +0000)]
HVM vcpu add/remove: qemu logic for vcpu add/revmoe
-- at qemu side, get vcpu_avail which used for original cpu avail map;
-- setup gpe ioread/iowrite at qmeu;
-- setup vcpu add/remove user interface through monitor;
-- setup SCI logic;
Ian Jackson [Mon, 4 Jan 2010 16:21:55 +0000 (16:21 +0000)]
implement cdrom eject from the guest
Hi all,
this patch allows a guest to eject the cdrom: when qemu detects that a
cdrom eject request ahs been issued by the guest, it writes eject to the
corresponding xenstore frontend, so that the toolstack can take care of
removing the current cdrom frontend\backend couple and create an empty one
instead.
Ian Jackson [Mon, 4 Jan 2010 16:21:02 +0000 (16:21 +0000)]
stubdom: fix cdrom changing
Hi all,
the current code to change a cdrom doesn't work with stubdoms:
- media_filename set at boot time doesn't have the proper
value (that in the stubdom case is the frontend path and not the
filename);
- when a cdrom watch event is triggered, the code to decide whether the
new cdrom is valid and different from the current cdrom doesn't work for
stubdoms;
both issues are fixed by this patch, in particular now media_filename
consistently holds the frontend path for stubdoms while bs->filename
holds the filename (like in the normal qemu case) to allow comparisons
with the old cdrom filename.
If pt_find_reg_grp() fails and returns NULL, it will jump to out:,
but at this time reg is still NULL (pt_find_reg() is not reached)
which leads to a NULL dereference.
This patch fixes it.
Submitted-By: Qing He <qing.he@intel.com> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Jackson [Fri, 6 Nov 2009 18:11:50 +0000 (18:11 +0000)]
passthough: add no_wb option for pci conf write
Current pt_pci_write_config always writes back to real pci conf
space. However, in the case of MSI address and data registers,
if guest changes the affinity of the interrupt, stale data will
be written to these registers. This is particularly a problem
if Xen uses per-CPU vector, where the interrupt in question fails
to work. This patch fixes this by adding an option to disable the
write back of certain controls.
Ian Jackson [Fri, 6 Nov 2009 18:10:44 +0000 (18:10 +0000)]
Enlarge the size of the global mmio_space mmio[].
With the Multi-Function passthrough, we're actually able to assign more than
32 functions to guest, so we should enlarge the MAX_MMIO. 1024 should be big
enough.
Ian Jackson [Thu, 29 Oct 2009 13:00:31 +0000 (13:00 +0000)]
Extend max vcpu number for HVM guest
Reduce size of Xen-qemu shared ioreq structure to 32 bytes. This has two
advantages:
1. We can support up to 128 VCPUs with a single shared page
2. If/when we want to go beyond 128 VCPUs, a whole number of ioreq_t
structures will pack into a single shared page, so a multi-page array will
have no ioreq_t straddling a page boundary
Also, while modifying qemu, replace a 32-entry vcpu-indexed array with a
dynamically-allocated array.
Ian Jackson [Wed, 21 Oct 2009 15:42:15 +0000 (16:42 +0100)]
passthrough: fix security issue with stubdoms
this patch series fixes the outstanding security problem with stubdoms
and pci passthrough.
The idea is to allow mmio, irq and ioport remapping not only if the
current domain IS_PRIV_FOR but also if the current domain has
permissions over those mmio areas, irqs and ioports.
This way a stubdom can only remap resources that currently "owns".
This patch series also moves the de\assign_device hypercalls from the
list of hypercalls made by qemu\stubdom to xend.
The two patches must be applied at the same time otherwise pci
passthrough won't work for HVM guests.
[PATCH 2 of 2] qemu: do not call xc_assign_device
This patch removes the call to xc_assign_device from qemu.
Ian Jackson [Wed, 7 Oct 2009 14:57:18 +0000 (15:57 +0100)]
block: Clean up after deleting BHs
Commit 6a7ad299 ("Call qemu_bh_delete at bdrv_aio_bh_cb") deletes emulated
aio bottom halves to prevent endless accumulation. However, it leaves a
stale ->bh pointer, which is then waited on when the aio is reused.
Zeroing the pointer fixes the issue, allowing vmdk format images to be used.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
[ Backported from 6bbff9a0b495918309074ac60375be5f9dc868b3
by Stefano Stabellini. ]
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Jackson [Wed, 7 Oct 2009 14:53:58 +0000 (15:53 +0100)]
Call qemu_bh_delete at bdrv_aio_bh_cb.
Also replave qemu_bh_cancel with qemu_bh_delete in bdrv_aio_cancel_em.
Otherwise the bh will live forever in the bh list.
Signed-off-by: Dor Laor <dor@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
[ Backported from 6bbff9a0b495918309074ac60375be5f9dc868b3
by Stefano Stabellini. ]
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Kevin Wolf [Fri, 8 May 2009 12:47:24 +0000 (14:47 +0200)]
Improve block range checks
This patch makes the range checks for block requests more strict: It fixes a
potential integer overflow and checks for negative offsets. Also, it adds the
check for compressed writes.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit fbb7b4e0804d2168f24142eebf7552adde1968dc)
Ian Jackson [Wed, 7 Oct 2009 14:51:55 +0000 (15:51 +0100)]
check for bs->drv in bdrv_flush (Christoph Hellwig)
All the bdrv_ helpers should check for bs->drv being zero as that means
there is no backend image open. bdrv_flush fails to perform that check
and can thus cause NULL pointer dereferences.
Found using qemu-io.
Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6943 c046a42c-6fe2-441c-8c8c-71466251a162
Ian Jackson [Wed, 7 Oct 2009 14:49:32 +0000 (15:49 +0100)]
Fix DMA API when handling an immediate error from block layer (Avi Kivity)
The block layer may signal an immediate error on an asynchronous request
by returning NULL. The DMA API did not handle this correctly, returning
an AIO request which would never complete (and which would crash if
cancelled).
Fix by detecting the failure and propagating it.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6893 c046a42c-6fe2-441c-8c8c-71466251a162
If a bounced vectored aio fails immediately (the inner aio submission
returning NULL) then the bounce handler erronously returns an aio
request which will never be completed (and which crashes when cancelled).
Fix by detecting that the inner request has failed and propagating the
error.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6892 c046a42c-6fe2-441c-8c8c-71466251a162
(cherry picked from commit c240b9af599d20e06a58090366be682684bd8555)
aliguori [Fri, 20 Mar 2009 18:26:12 +0000 (18:26 +0000)]
Use vectored aiocb storage to store vector translation state (Avi Kivity)
Now that we have a dedicated acb pool for vector translation acbs, we can
store the vector translation state in the acbs instead of in an external
structure.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6873 c046a42c-6fe2-441c-8c8c-71466251a162
(cherry picked from commit 3fb94d56c6adc96ffc4a81b58c752cc4ccfae39c)
aliguori [Fri, 20 Mar 2009 18:26:07 +0000 (18:26 +0000)]
Implement cancellation method for dma async I/O (Avi Kivity)
Move the dma helpers to a private aio pool, and implement a cancellation
method for them. Should prevent issues when cancelling I/O while dma is
in progress.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6872 c046a42c-6fe2-441c-8c8c-71466251a162
(cherry picked from commit 6512a2a7106480c19183d6466a6845bc9bdf6ec0)
Ian Jackson [Wed, 7 Oct 2009 14:36:19 +0000 (15:36 +0100)]
Refactor aio callback allocation to use an aiocb pool (Avi Kivity)
Move the AIOCB allocation code to use a dedicate structure, AIOPool. AIOCB
specific information, such as the AIOCB size and cancellation routine, is
moved into the pool.
At present, there is exactly one pool per block format driver, maintaining
the status quo.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6870 c046a42c-6fe2-441c-8c8c-71466251a162
Ian Jackson [Wed, 23 Sep 2009 14:07:47 +0000 (15:07 +0100)]
allow logdirty commands while paused (unbreaks 60dbe1+8f09f4)
60dbe1+8f09f4 breaks HVM live migration: 60dbe1 causes xc_save to
attempt to disable logdirty mode while qemu is paused. 8f09f4 disables
most commands, including logdirty, while the domain is paused. So
xc_save times out waiting for qemu to respond to the logdirty disable
command, and live migration fails. Logdirty commands issued while
paused should not affect the stability of ioemu.
Ian Jackson [Fri, 18 Sep 2009 15:41:42 +0000 (16:41 +0100)]
passthrough: basic graphics passthrough support
basic gfx passthrough support:
- add a vga type for gfx passthrough
- retrieve VGA bios from host 0xC0000, then load it to guest 0xC0000
- register/unregister legacy VGA I/O ports and MMIOs for passthroughed gfx
Signed-off-by: Ben Lin <ben.y.lin@intel.com> Signed-off-by: Weidong Han <weidong.han@intel.com> Acked-by: Jean Guyader <jean.guyader@critix.com> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Jackson [Fri, 18 Sep 2009 15:32:58 +0000 (16:32 +0100)]
pxe: Don't look for PXE ROMs when running as a DM
Searching for PXE ROMs in attached NICs is unnecessary as the ROM
that is used is included in the hvmloader binary. In the case where
there are only pass-through NICs it will cause the boot to fail
as the NICs are not known to qemu-xen at the time that this check is made.
In other words, without this change PXE boot from a pass-through
device will fail.
This has likely been broken since I changed around the pass-through
code so that devices passed-through at boot-time are handled by hot-plug.
Ian Jackson [Fri, 18 Sep 2009 15:31:56 +0000 (16:31 +0100)]
fix a compilation error if not defined MAPCACHE (eg ia64)
60dbe1d43827cf9a57b619a8736da2319489d432 cannot be compiled on ia64:
exec-dm.c: In function 'cpu_physical_memory_map':
exec-dm.c:805: error: 'l' undeclared (first use in this function)
This patch fixes it.
Ian Jackson [Fri, 4 Sep 2009 15:25:35 +0000 (16:25 +0100)]
fix HVM log dirty issue
These patches fix some issues for HVM log dirty in qemu:
* Add necessary logging dirty in qemu to avoid guest error with
intensive disk access when live migration
* Take place of shared memory between qemu and migration tools by new
added hypercall, which is clean and simple
Signed-Off-By: Zhai, Edwin <edwin.zhai@intel.com>
Also revert commit 32710fbdc75e055f73a63d246737ce615b9109e9.
"[stubdom] fix the crash of HVM live migration with intensive disk access"
as this is the proper fix. -iwj
Ian Jackson [Fri, 4 Sep 2009 15:19:54 +0000 (16:19 +0100)]
Fix to eject cdrom on HVM Domain
We tried to eject cdrom(/dev/hdc) on HVM Domain.
But, cdrom media are not ejected from the cdrom device on HostOS.
The module to eject the cdrom device has already been implemented in
qemu-dm.
But, all devices are opened as raw device for VBD.
Therefore, the module to eject the cdrom device is not work.
The cdrom device was corrected to open as a physical device on HostOS.
When eject is executed on HVM Domain, cdrom media are ejected from the
cdrom device on HostOS.
This patch corrected the problem. Signed-off-by: Takanori Kasai <kasai.takanori@jp.fujitsu.com>
Ian Jackson [Fri, 4 Sep 2009 15:17:39 +0000 (16:17 +0100)]
ignore xenstore events while paused
when qemu is paused it shouldn't try to handle xenstore events,
especially because when xend removes nodes on xenstore some
spurious events could be generated causing qemu to exit unexpectedly.
Ian Jackson [Fri, 4 Sep 2009 15:15:27 +0000 (16:15 +0100)]
disable log-throttling in xen_platform after boot
currently log throttling in xen_platform can be disabled only if a
particular key is present on xenstore at boot time.
Obviously this requirement makes it difficult to use.
This patch fixes the issue creating a watch on xenstore on the node
/local/domain/$DOMID/log-throttling
so whenever a developer wants to disable log throttling, he just has to
write 0 to /local/domain/$DOMID/log-throttling at any moment after boot.
Ian Jackson [Fri, 4 Sep 2009 15:13:52 +0000 (16:13 +0100)]
remove check on ram_size
the initial check on the ram_size in qemu is completely unnecessary and
it is even broken on systems where dom0 is 32 bits while xen is 64 bits.
This patch solves the problem removing the check.
Ian Jackson [Fri, 4 Sep 2009 15:12:28 +0000 (16:12 +0100)]
fix qemu memory leak in block interface
the qemu block interface leaks memory every time a read or write request
is issued, this patch fixes it.
This is also the bug that is causing stubdomains to crash under high
disk IO.
Ian Jackson [Fri, 4 Sep 2009 15:10:46 +0000 (16:10 +0100)]
[stubdom] fix the crash of HVM live migration with intensive disk access
Intensive disk access, e.g. sum of big file, during HVM live migration would
cause guest error even file system crash. Guest dmesg said
"attempt to access beyond end of device
hda1: rw=0, want=10232032112, limit=10474317"
Current map cache used by qemu dma doesn't mark the page dirty, so that these
pages(probably holding DMA data struct) are not transferred in the last
iteration during live migration.
This patch fixes it, and also merges the qemu's original dirty bitmap used by
other devices such as vga.
add per domain low level xenstore functions [PATCH 2/3]
add per domain low level xenstore functions (read/chmod/write/watch).
broke the stubdom build because minios's fork/version of libxenstore
does not have the xenstore chmod operation. As xenstore_dom_chmod
is not currently used in stubdom, #if it out.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Jackson [Tue, 4 Aug 2009 14:35:46 +0000 (15:35 +0100)]
fix vnc screen corruption bugs and viewer exits
I have been having problems with display corruption using raw
encoding.
I have also been having issues with the vncviewer client exiting with
"rect too big".
These problems appear when there are rapid changes to the framebuffer
contents. [I've been using "find /" in my tests to generate a lot of text
output.]
The root cause of both problems appears to be the changing of
the underlying framebuffer data during the creation of the update.
[Hextile makes multiple passes over the data and gets badly
confused if the data changes..]
The attached patch pulls the pixel data from the "stable" old_data
buffer rather than directly from the (changing) display surface.
Submitted-by: Andrew Thomas <andrew.thomas@oracle.com> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Jackson [Tue, 4 Aug 2009 14:28:14 +0000 (15:28 +0100)]
passthrough: support the assignment of the VF of Intel 82599 10GbE Controller
The datasheet is available at
http://download.intel.com/design/network/datashts/82599_datasheet.pdf
See 'Table 9.7. VF PCIe Configuration Space' of the datasheet, the PCI
Express Capability Structure of the VF of Intel 82599 10GbE Controller looks
trivial, e.g., the PCI Express Capabilities Register is 0, so the Capability
Version is 0 and pt_pcie_size_init() would fail.
We should not try to expose the PCIe cap of the device to guest.
Ian Jackson [Tue, 4 Aug 2009 14:25:30 +0000 (15:25 +0100)]
passthrough: Use physical INTX for virtual PCI functions
Allow virtual functions to use the legacy interrupt pin of the
corresponding physical device. This is already half-implemented
by the code that uses pci_read_intx() in pass-through.c. This fills
in a missing piece.
An alternate solution is to reverse the previously applied pci_read_intx()
code and revert to always using INTA. However, that seems likely to lead to
excessive sharing of interrupt pins when multi-function pass-through is
used.
Tested-by: Tom Rotenberg <tom.rotenberg@gmail.com> Signed-off-by: Simon Horman <horms@verge.net.au>
Ian Jackson [Tue, 4 Aug 2009 14:23:43 +0000 (15:23 +0100)]
add two missing cirrus_update_memory_access
the cirrus emulation code misses two calls to
cirrus_update_memory_access; this fact together with the condition on the
call to cirrus_update_memory_access in cirrus_bitblt_reset can cause
segfaults in qemu.
Ian Jackson [Tue, 21 Jul 2009 15:08:24 +0000 (16:08 +0100)]
use XC_PAGE_SIZE in xenfbfront (fix stubdom build on NetBSD)
Apropos of a report from Christoph Egger about misuse of PAGE_SIZE in
xenfbfront; change references to XC_PAGE_SIZE which is correct in our
context. This fix suggested by Stefano Stabillini.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Jackson [Tue, 21 Jul 2009 14:33:30 +0000 (15:33 +0100)]
passthrough: Fix pci bar remapping when guest probes width with all-1 BAR
When guest code tries to get the block size of mmio, it will write all "1"s
into pci bar register and then qemu will return all "0"s to the don't care
bits in the emulated bar register to indicate the block size to guest code.
In this case, we should not create p2m mapping in pt_bar_reg_write() and
pt_exp_rom_bar_reg_write(). Attached patch fixes this issue, additional
comment can be found in the patch.
Ian Jackson [Mon, 20 Jul 2009 11:26:39 +0000 (12:26 +0100)]
pass-through: pt_reset_interrupt_and_io_mapping(): use hw INTX
This fixes a few things that I missed in previous patches:
* Use the hw INTX rather than INTA in pt_reset_interrupt_and_io_mapping()
This is consistent with other uses of pci_intx()
* Remove now inaccurate "/* fix virtual interrupt pin to INTA# */" comments
* Use PCI_SLOT()
Ian Jackson [Thu, 9 Jul 2009 14:33:48 +0000 (15:33 +0100)]
portability fixes for qemu-ifup
Attached patch applies portability fixes to ioemu's qemu-ifup script:
- rename qemu-ifup to qemu-ifup-Linux
- add qemu-ifup-NetBSD for NetBSD
- Build system picks the right one and installs just that under the
conventional name.
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
Ian Jackson [Wed, 8 Jul 2009 14:52:31 +0000 (15:52 +0100)]
Always treat floppy images as raw
The fix for the image format guessing vulnerability breaks raw floppy
images. In our environment it is difficult to apply the same
configuration change as envisaged upstream, so instead we arrange to
always treat a floppy image as raw.
Two-line patch supplied by James Harper <james.harper@bendigoit.com.au> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
(cherry picked from commit f2ce5c35f60bb606bd3ddb55c361bb8a9aad5c5c)
[ Also originally committed as 342846c1eecc972fcfae84d9d1ae65a318101792
Mistakenly dropped from qemu-xen-unstable.git and now reapplied.
Thanks to report from James Harper. -iwj ]
Ian Jackson [Tue, 30 Jun 2009 14:22:14 +0000 (15:22 +0100)]
cpu_unregister_map_client: fix memory leak
fix memory leak in cpu_unregister_map_client() and cpu_notify_map_clients().
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
[ Picked out of qemu-devel submission for exec.c, because we have a
clone-and-hack of the cpu_*map* code :-( -iwj ]
Ian Jackson [Thu, 25 Jun 2009 17:33:09 +0000 (18:33 +0100)]
passthrough: multi-function PCI in ACPI: rename slot to devfn
This is a companion to the previous patch "qemu-xen: pass-through:
multi-function PCI in ACPI". It does not make any functional changes,
rather it just renames slot to devfn as appropriate.
Cc: Dexuan Cui <dexuan.cui@intel.com> Cc: Masaki Kanno <kanno.masaki@jp.fujitsu.com> Signed-off-by: Simon Horman <horms@verge.net.au>
[7/8; cross-compatibility issues with xen-unstable.hg]
Ian Jackson [Thu, 25 Jun 2009 17:32:29 +0000 (18:32 +0100)]
passthrough: multi-function PCI in ACPI
This changes the interface beween qemu-xen and the ACPI portion
of hvmlader. As such it breaks compatibility with older
hvmloaders and a companion patch to hvmloader is needed.
There is a subsequent "noise" companion to this change
which changes slot to devfn as appropriate.
Cc: Dexuan Cui <dexuan.cui@intel.com> Cc: Masaki Kanno <kanno.masaki@jp.fujitsu.com> Signed-off-by: Simon Horman <horms@verge.net.au>
[6/8; cross-compatibility issues with xen-unstable.hg]
Ian Jackson [Thu, 25 Jun 2009 17:32:01 +0000 (18:32 +0100)]
passthrough: Add AUTO_PHP_DEVFN_MULTI
Up until now there has been a signle magic value that xend can pass to
qemu-xen to signify that qemu-xen should choose a devfn for a pass-through
function.
When supporting multi-function devices in guests, it is useful for xend to
be able to sepcify if a function is to appear in a guest as a
single-function deveice, or as part of a multi-function device.
By adding AUTO_PHP_DEVFN_MULTI to suplement the existing AUTO_PHP_DEVFN,
this patch achieves that goal.
This patch does not break compatibility with xend as the value chosen for
AUTO_PHP_DEVFN_MULTI could never validly be sent by xend up until now.
However, there is a companion change to xend in order to make use of this
feature.
Cc: Dexuan Cui <dexuan.cui@intel.com> Cc: Masaki Kanno <kanno.masaki@jp.fujitsu.com> Signed-off-by: Simon Horman <horms@verge.net.au>
[5/8; cross-compatibility issues with xen-unstable.hg]
Ian Jackson [Thu, 25 Jun 2009 17:31:24 +0000 (18:31 +0100)]
passthrough: rename slot to devfn
This is the noisy companion to the previous patch "qemu-xen: pass-through:
use devfn instead of slots as the unit for pass-through". It just renames
slot to devfn in various places.
Cc: Dexuan Cui <dexuan.cui@intel.com> Cc: Masaki Kanno <kanno.masaki@jp.fujitsu.com> Signed-off-by: Simon Horman <horms@verge.net.au>
[4/8; cross-compatibility issues with xen-unstable.hg]
Ian Jackson [Thu, 25 Jun 2009 17:30:25 +0000 (18:30 +0100)]
passthrough: use devfn instead of slots as the unit for pass-through
This is part of support for multi-function PCI devices in guests
Instead of reading a slot number from xend, read a devfn.
This and subsequent other changes will allow xend to ask
for more than one function to be inserted into a single slot -
by specifying which function of the slot should be used.
This is a minimal patch for this change. A subsequent
patch that has a lot of noise to rename slot to devfn follows.
This patch breaks compatibility with xend and corresponding
patches to xend are required.
Cc: Dexuan Cui <dexuan.cui@intel.com> Cc: Masaki Kanno <kanno.masaki@jp.fujitsu.com> Signed-off-by: Simon Horman <horms@verge.net.au>
[3/8; cross-compatibility issues with xen-unstable.hg]
Ian Jackson [Thu, 25 Jun 2009 17:26:00 +0000 (18:26 +0100)]
passthrough: Read the interrupt pin from hardware
Preparation for multi-fucntion devices in guests.
Up until now guests have only seen devices with one function,
so it is both safe and sensible to always use INTA. But if
if multiple functions appear, it makes sense to use
the interrupt pin specified by the hardware.
Cc: Dexuan Cui <dexuan.cui@intel.com> Cc: Masaki Kanno <kanno.masaki@jp.fujitsu.com> Cc: Yuji Shimada <shimada-yxb@necst.nec.co.jp> Signed-off-by: Simon Horman <horms@verge.net.au>
[1/8; cross-compatibility issues with xen-unstable.hg]
Ian Jackson [Thu, 18 Jun 2009 14:23:53 +0000 (15:23 +0100)]
hw/piix4acpi.c: cleanup logging
this is a simple cleanup patch for logging in piix4acpi: it replaces all
the calls to fprintf with calls to a specific logging function that has
3 simple logging levels.
Ian Jackson [Thu, 18 Jun 2009 14:22:16 +0000 (15:22 +0100)]
implement qemu_chr_open_pty for stubdoms
this is an updated version of the patch "implement qemu_chr_open_pty for
stubdoms": qemu_chr_open_pty is now based on posix_openpt instead of
openpty(void).
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
[ This depends on the corresponding minios change, which is
19790:01ad2654815a ]
Ian Jackson [Thu, 18 Jun 2009 13:53:58 +0000 (14:53 +0100)]
xs_rm xenstore command from xend after we read it
in xenstore_process_dm_command_event(), xs_rm the
command node after we read it.
As Ian Jackson pointed out: "when we start processing a command we
should delete it from xenstore immediately, so that future watch
triggerings either don't see the command or actually see genuine new
invocations".
The patch is used to overcome a race condition that occurs after
changeset 19679: ec2bc4b9fa32 (xend: hot-plug PCI devices at
boot-time) and could break the device assignment of hvm guest:
ioemu's xs_watch() fires the 'command' for the 1st time and xend's
signalDeviceModel('pci-ins',...) fires it for the 2nd time -- without
the patch, the 2nd time watch handling would try to invoke
xenstore_process_dm_command_event() again and since the 'parameter'
node has been changed to hold vslot by ioemu, the second time would
fail and set 'parameter' to "no free hotplug slots" at the end of the
2nd handling; and, if xend runs slower, xend would treat the
'parameter' of the 2nd time as that of the 1st time and destroy the
guest.
Ian Jackson [Tue, 16 Jun 2009 17:14:30 +0000 (18:14 +0100)]
qemu: implement support for secondary consoles in the console backend
[PATCH 5 of 5] qemu: implement support for secondary
This patch adds support for secondary consoles in the console backend.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
[ Patches 1-3 are to xen-unstable but do not have compatibility
implications, we believe. Patch 4 is awaiting revision. -iwj ]
Ian Jackson [Wed, 3 Jun 2009 14:39:26 +0000 (15:39 +0100)]
pass-through: only parse single BDFs.
As of "qemu-xen: hot-plug PCI devices at boot-time", the BDF string
that is parsed always contains a single bdf, not multiple bdf's delimited
by a '-'.
projects / qemu-xen-4.0-testing.git / log