aliguori [Wed, 5 Nov 2008 21:22:34 +0000 (21:22 +0000)]
Fix windows build after init_host_timer changes.
host_alarm_timer fires in a separate thread. The windows build current
uses SetEvent() and WaitEvent() to then notify the main thread. This is
functionally equivalent to what we're doing in Unix with pipe(). So let's
just #ifdef the pipe() code on Windows since it doesn't build there anyway.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5637 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Wed, 5 Nov 2008 20:29:45 +0000 (20:29 +0000)]
Fix alarm_timer race with select - v3 (Jan Kiszka)
Changing the default IO timeout to 5 s (#5578) made a race visible
between the alarm_timer and select() in main_loop_wait(): If the timer
fired before select was able to block, the full select() timeout could
have been applied instead of returning immediately. Since #5578, this
causes heavy problems to the Musicpal board emulation with stalls up to
5 s, but also with some older Linux guest kernels.
The following patch introduces a pipe that is written to by
host_alarm_handler and select()'ed in main_loop_wait(). This avoids
prevents that select() blocks though a timer has fired and waits for
processing.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5633 c046a42c-6fe2-441c-8c8c-71466251a162
blueswir1 [Wed, 5 Nov 2008 20:24:35 +0000 (20:24 +0000)]
SM501 emulation for R2D-SH4
This patch adds minimum emulation of SM501 multifunction device,
whose main feature is 2D graphics. It is one of the peripheral
of R2D, the SH4 evaluation board. We can see TUX printed on the
QEMU console.
aliguori [Wed, 5 Nov 2008 16:04:33 +0000 (16:04 +0000)]
Add KVM support to QEMU
This patch adds very basic KVM support. KVM is a kernel module for Linux that
allows userspace programs to make use of hardware virtualization support. It
current supports x86 hardware virtualization using Intel VT-x or AMD-V. It
also supports IA64 VT-i, PPC 440, and S390.
This patch only implements the bare minimum support to get a guest booting. It
has very little impact the rest of QEMU and attempts to integrate nicely with
the rest of QEMU.
Even though this implementation is basic, it is significantly faster than TCG.
Booting and shutting down a Linux guest:
w/TCG: 1:32.36 elapsed 84% CPU
w/KVM: 0:31.14 elapsed 59% CPU
Right now, KVM is disabled by default and must be explicitly enabled with
-enable-kvm. We can enable it by default later when we have had better
testing.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5627 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Wed, 5 Nov 2008 15:34:06 +0000 (15:34 +0000)]
Split CPUID from op_helper
KVM needs to call CPUID from outside of the TCG code. This patch
splits out the CPUID logic into a separate helper that both the op
helper and KVM can call.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5626 c046a42c-6fe2-441c-8c8c-71466251a162
edgar_igl [Tue, 4 Nov 2008 20:29:29 +0000 (20:29 +0000)]
ETRAX-FS: Make etraxfs_dmac_run local.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5624 c046a42c-6fe2-441c-8c8c-71466251a162
malc [Tue, 4 Nov 2008 14:18:13 +0000 (14:18 +0000)]
Add safety net against potential infinite loop
cpu_interrupt might be called while translating the TB, but before it
is linked into a potentially infinite loop and becomes env->current_tb.
Currently this can (and does) cause huge problems only when using
dyntick clock, with other (periodic) clocks host_alarm_handler will
eventually be executed resulting in a call to cpu_interrupt which will
reset the recursion of running TB and the damage is "only" latency.
Move addi_i64, muli_i64 and subi_i64 out of #if TCG_TARGET_REG_BITS
as both implementations are strictly identical. Use the same
optimisation (ie when imm == 0) for addi_i64 and subi_64 than the
32-bit version.
aurel32 [Sat, 1 Nov 2008 00:53:39 +0000 (00:53 +0000)]
CVE-2008-4539: fix a heap overflow in Cirrus emulation
The code in hw/cirrus_vga.c has changed a lot between CVE-2007-1320 has
been announced and the patch has been applied. As a consequence it has
wrongly applied and QEMU is still vulnerable to this bug if using VNC.
aliguori [Fri, 31 Oct 2008 18:49:55 +0000 (18:49 +0000)]
Move CharDriverState code out of vl.c
The motivating goal behind this is to allow other tools to use the CharDriver
code. This patch is pure code motion except for the Makefile changes and the
copyright/header in qemu-char.c.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5580 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Fri, 31 Oct 2008 18:44:40 +0000 (18:44 +0000)]
Move some declarations around in the QEMU CharDriver code
The goal of this series is to move the CharDriverState code out of vl.c and
into its own file, qemu-char.c. This patch moves around some declarations so
the next patch can be pure code motion.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5579 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Fri, 31 Oct 2008 18:40:25 +0000 (18:40 +0000)]
Increase default IO timeout from 10ms to 5s
With the recent changes to the main loop, we no longer have unconditional
polling. This means we can now sleep in select() for much longer than we
previously did. This patch increases our select() sleep time from 10ms to 5s
which is effectively unlimited since we're going to wake up sooner than that
in almost all circumstances.
With this patch, I see the number of wake-ups with an idle dynamic ticks guest
drop from 80 per second to about 15 times per second.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5578 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Fri, 31 Oct 2008 17:31:29 +0000 (17:31 +0000)]
Implement "info chardev" command. (Gerd Hoffmann)
This patch makes qemu keep track of the character devices in use and
implements a "info chardev" monitor command to print a list.
qemu_chr_open() sticks the devices into a linked list now. It got a new
argument (label), so there is a name for each device. It also assigns a
filename to each character device. By default it just copyes the
filename passed in. Individual drivers can fill in something else
though. qemu_chr_open_pty() sets the filename to name of the pseudo tty
allocated.
aliguori [Fri, 31 Oct 2008 17:28:00 +0000 (17:28 +0000)]
fix bdrv_aio_read API breakage in qcow2 (Andrea Arcangeli)
I noticed the qemu_aio_flush was doing nothing at all. And a flood of
cmd_writeb commands leading to a noop-invocation of qemu_aio_flush
were executed.
In short all 'memset;goto redo' places must be fixed to use the bh and
not to call the callback in the context of bdrv_aio_read or the
bdrv_aio_read model falls apart. Reading from qcow2 holes is possible
with phyisical readahead (kind of breada in linux buffer cache).
This is needed at least for scsi, ide is lucky (or it has been
band-aided against this API breakage by fixing the symptom and not the
real bug).
Same bug exists in qcow of course, can be fixed later as it's less
urgent.
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5574 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Fri, 31 Oct 2008 17:25:56 +0000 (17:25 +0000)]
Make DMA bottom-half driven (v2)
The current DMA routines are driven by a call in main_loop_wait() after every
select.
This patch converts the DMA code to be driven by a constantly rescheduled
bottom half. The advantage of using a scheduled bottom half is that we can
stop scheduling the bottom half when there no DMA channels are runnable. This
means we can potentially detect this case and sleep longer in the main loop.
The only two architectures implementing DMA_run() are cris and i386. For cris,
I converted it to a simple repeating bottom half. I've only compile tested
this as cris does not seem to work on a 64-bit host. It should be functionally
identical to the previous implementation so I expect it to work.
For x86, I've made sure to only fire the DMA bottom half if there is a DMA
channel that is runnable. The effect of this is that unless you're using sb16
or a floppy disk, the DMA bottom half never fires.
You probably should test this malc. My own benchmarks actually show slight
improvement by it's possible the change in timing could affect your demos.
Since v1, I've changed the code to use a BH instead of a timer. cris at least
seems to depend on faster than 10ms polling.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5573 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Fri, 31 Oct 2008 17:24:21 +0000 (17:24 +0000)]
Make bottom halves more robust
Bottom halves are supposed to not complete until the next iteration of the main
loop. This is very important to ensure that guests can not cause stack
overflows in the block driver code. Right now, if you attempt to schedule a
bottom half within a bottom half callback, you will enter an infinite loop.
This patch uses the same logic that we use for the IOHandler loop to make the
bottom half processing robust in list manipulation while in a callback.
This patch also introduces idle scheduling for bottom halves. qemu_bh_poll()
returns an indication of whether any bottom halves were successfully executed.
qemu_aio_wait() uses this to immediately return if a bottom half was executed
instead of waiting for a completion notification.
qemu_bh_schedule_idle() works around this by not reporting the callback has
run in the qemu_bh_poll loop. qemu_aio_wait() probably needs some refactoring
but that would require a larger code audit. idle scheduling seems like a good
compromise.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5572 c046a42c-6fe2-441c-8c8c-71466251a162
aliguori [Wed, 29 Oct 2008 14:16:31 +0000 (14:16 +0000)]
Fix restore of older snapshots for target-i386 on big endian hosts
A target_ulong may be 64-bit. Passing it to a function expecting a 32-bit
pointer is wrong and unfortunately happens to work for x86. It won't work on
big endian hosts though. Change the code to work properly on all hosts.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5570 c046a42c-6fe2-441c-8c8c-71466251a162
edgar_igl [Tue, 28 Oct 2008 00:13:15 +0000 (00:13 +0000)]
CRIS: Plug more temp leaks.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5560 c046a42c-6fe2-441c-8c8c-71466251a162
edgar_igl [Mon, 27 Oct 2008 21:10:26 +0000 (21:10 +0000)]
CRIS: Plug a few temp leaks.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5554 c046a42c-6fe2-441c-8c8c-71466251a162
edgar_igl [Mon, 27 Oct 2008 20:44:27 +0000 (20:44 +0000)]
ETRAX-FS: Process outgoing DMA channels until EOL.
For outgoing DMA channels, keep processing descriptors until hitting end
of list.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5553 c046a42c-6fe2-441c-8c8c-71466251a162
edgar_igl [Mon, 27 Oct 2008 20:24:59 +0000 (20:24 +0000)]
CRIS: Remove cpu_T.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5552 c046a42c-6fe2-441c-8c8c-71466251a162
edgar_igl [Mon, 27 Oct 2008 16:46:29 +0000 (16:46 +0000)]
CRIS: Avoid more cpu_T usage.
* Explicit operand passing to prep_alu_r.
* Avoid some more cpu_T[] usage.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5550 c046a42c-6fe2-441c-8c8c-71466251a162
edgar_igl [Mon, 27 Oct 2008 13:55:28 +0000 (13:55 +0000)]
CRIS: Avoid cpu_T[1] for move_r.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5548 c046a42c-6fe2-441c-8c8c-71466251a162
edgar_igl [Mon, 27 Oct 2008 13:52:44 +0000 (13:52 +0000)]
CRIS: Avoid using cpu_T[0] for testing condition codes.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5547 c046a42c-6fe2-441c-8c8c-71466251a162
edgar_igl [Mon, 27 Oct 2008 12:39:30 +0000 (12:39 +0000)]
CRIS: Add branch-free versions of abs, lsl, lsr and asr.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5546 c046a42c-6fe2-441c-8c8c-71466251a162
edgar_igl [Sun, 26 Oct 2008 23:18:06 +0000 (23:18 +0000)]
CRIS: Correct tcg globals allocation for 64bit hosts.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5545 c046a42c-6fe2-441c-8c8c-71466251a162
projects / qemu-xen-4.0-testing.git / log