Wei Huang [Fri, 23 Jan 2015 20:56:04 +0000 (15:56 -0500)]
kvm_stat: Add RESET support for perf event ioctl
While running kvm_stat using tracepoint on ARM64 hardware (e.g. "kvm_stat
-1 -t"), the initial values of some kvm_userspace_exit counters were found
to be very suspecious. For instance the tracing tool showed that S390_TSCH
was called many times on ARM64 machine, which apparently was wrong.
This patch adds RESET ioctl support for perf monitoring. Before calling
ioctl to enable a perf event, this patch resets the counter first. With
this patch, the init counter values become correct on ARM64 hardware.
Example:
==== before patch ====
kvm_userspace_exit(S390_SIEIC) 1426 0
kvm_userspace_exit(S390_TSCH) 339 0
==== after patch ====
kvm_userspace_exit(S390_SIEIC) 0 0
kvm_userspace_exit(S390_TSCH) 0 0
Eduardo Habkost [Thu, 22 Jan 2015 19:22:54 +0000 (17:22 -0200)]
target-i386: Disable HLE and RTM on Haswell & Broadwell
All Haswell CPUs and some Broadwell CPUs were updated by Intel to have
the HLE and RTM features disabled. This will prevent
"-cpu Haswell,enforce" and "-cpu Broadwell,enforce" from running out of
the box on those CPUs.
Disable those features by default on Broadwell and Haswell CPU models,
starting on pc-*-2.3. Users who want to use those features can enable
them explicitly on the command-line.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
rules.mak has a rule for .S files using CPP. This will result in
errors like
CPP s390-ccw/start.asm
cc: error: unrecognized command line option '-Wbitwise'
Lets also redefine CPP in case of --enable-sparse.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 20 Jan 2015 10:07:09 +0000 (11:07 +0100)]
apic: do not dereference pointer before it is checked for NULL
Right now you only get to apic_init_reset if you have an APIC
(do_cpu_init is reached only if CPU_INTERRUPT_INIT is set and
that only happens in hw/intc/apic.c). However, this is wrong
because for example a port 92 or keyboard controller reset is
really an INIT, and that can happen also with no APIC. So
keep the check and fix the error that Coverity reported.
Reported-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Wei Huang [Wed, 21 Jan 2015 21:15:31 +0000 (16:15 -0500)]
kvm_stat: Print errno when syscall to perf_event_open() fails
kvm_stat uses syscall() to call perf_event_open(). If this function
call fails, the returned value is -1, which doesn't tell the details
of such failure (i.e. ENOSYS or EINVAL). This patch retrieves errno
and prints it when syscall() fails. The error message will look like
"Exception: perf_event_open failed, errno = 38".
Signed-off-by: Wei Huang <wei@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Jiri Slaby [Wed, 21 Jan 2015 16:48:33 +0000 (17:48 +0100)]
hw: misc, add educational driver
I am using qemu for teaching the Linux kernel at our university. I
wrote a simple PCI device that can answer to writes/reads, generate
interrupts and perform DMA. As I am dragging it locally over 2 years,
I am sending it to you now.
Paolo Bonzini [Wed, 24 Dec 2014 09:57:04 +0000 (10:57 +0100)]
qemu-timer: introduce timer_deinit
In some cases, a timer was set to NULL so that we could check if it is
initialized. Use the timer_list field instead, and add a timer_deinit
function that NULLs it.
It then makes sense that timer_del be a no-op (instead of a crasher) on
such a de-initialized timer. It avoids the need to poke at the timerlist
field to check if the timers are initialized.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 24 Oct 2014 07:50:21 +0000 (09:50 +0200)]
target-i386: make xmm_regs 512-bit wide
Right now, the AVX512 registers are split in many different fields:
xmm_regs for the low 128 bits of the first 16 registers, ymmh_regs
for the next 128 bits of the same first 16 registers, zmmh_regs
for the next 256 bits of the same first 16 registers, and finally
hi16_zmm_regs for the full 512 bits of the second 16 bit registers.
This makes it simple to move data in and out of the xsave region,
but would be a nightmare for a hypothetical TCG implementation and
leads to a proliferation of [XYZ]MM_[BWLSQD] macros. Instead,
this patch marshals data manually from the xsave region to a single
32x512-bit array, simplifying the macro jungle and clarifying which
bits are in which vmstate subsection.
The migration format is unaffected.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 24 Oct 2014 08:18:38 +0000 (10:18 +0200)]
target-i386: use vmstate_offset_sub_array for AVX registers
After the next patch, each vmstate field will extract parts of a larger
(32x512-bit) array, so we cannot check the vmstate field against the
type of the array.
While changing this, change the macros to accept the index of the first
element (which will not be 0 for Hi16_ZMM_REGS) instead of the number
of elements (which is always CPU_NB_REGS).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Kevin Wolf [Thu, 15 Jan 2015 11:26:43 +0000 (12:26 +0100)]
multiboot: Fix offset of bootloader name
This fixes a bug introduced in commit 5eba5a66 ('Add bootloader name to
multiboot implementation').
The calculation of the bootloader name offset didn't consider space
occupied by module command lines, so some unlucky module got its command
line partially overwritten with a "qemu" string.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 14 Jan 2015 16:53:55 +0000 (17:53 +0100)]
pc: fix KVM features in pc-1.3 and earlier machine types
Due to a typo, instead of disabling KVM_FEATURE_PV_EOI (bit
6) these machine types are disabling bits 1 and 2, which are
KVM_FEATURE_NOP_IO_DELAY and KVM_FEATURE_MMU_OP. Not a big deal
because they aren't very important and KVM_FEATURE_MMU_OP is
disabled anyway. The worst part is actually that KVM_FEATURE_PV_EOI
is remaining enabled.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Dinar Valeev [Wed, 21 Jan 2015 22:48:41 +0000 (23:48 +0100)]
hw/input/hid.c Fix capslock hid code
When ever USB keyboard is used, e.g. '-usbdevice keyboard' pressing
caps lock key send 0x32 hid code, which is treated as backslash.
Instead it should be 0x39 code. This affects sending uppercase keys,
as they typed whith caps lock active.
While on x86 this can be workarounded by using ps/2 protocol. On
Power it is crusial as we don't have anything else than USB.
Peter Maydell [Thu, 22 Jan 2015 11:16:20 +0000 (11:16 +0000)]
Merge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc-signed' into staging
qemu-sparc update
# gpg: Signature made Wed 21 Jan 2015 16:56:31 GMT using RSA key ID AE0F321F
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>"
* remotes/mcayland/tags/qemu-sparc-signed:
disas/sparc: Remove unused data sparc_opcode_archs[]
target-sparc: Mark gen_load_trap_state_at_tl() as !CONFIG_USER_ONLY
target-sparc: is_translating_asi() is TARGET_SPARC64 only
target-sparc: address_mask(), asi_address_mask() are TARGET_SPARC64 only
target-sparc: Remove unused gen_op_subi_cc and gen_op_addi_cc
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gerd Hoffmann [Wed, 17 Dec 2014 14:49:44 +0000 (15:49 +0100)]
monitor: add query-vnc-servers command
Add new query vnc qmp command, for the lack of better ideas just name it
"query-vnc-servers". Changes over query-vnc:
* It returns a list of vnc servers, so multiple vnc server instances
are covered.
* Each vnc server returns a list of server sockets. Followup patch
will use that to also report websockets. In case we add support for
multiple server sockets server sockets (to better support ipv4+ipv6
dualstack) we can add them to the list too.
Gerd Hoffmann [Thu, 2 Oct 2014 10:09:34 +0000 (12:09 +0200)]
vnc: track & limit connections
Also track the number of connections in "connecting" and "shared" state
(in addition to the "exclusive" state). Apply a configurable limit to
these connections.
The logic to apply the limit to connections in "shared" state is pretty
simple: When the limit is reached no new connections are allowed.
The logic to apply the limit to connections in "connecting" state (this
is the state you are in *before* successful authentication) is
slightly different: A new connect kicks out the oldest client which is
still in "connecting" state. This avoids a easy DoS by unauthenticated
users by simply opening connections until the limit is reached.
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds a display= parameter to the vnc options. This allows to
bind a vnc server instance to a specific display, allowing to create a
multiseat setup with a vnc server for each seat.
Gerd Hoffmann [Tue, 21 Oct 2014 12:50:42 +0000 (14:50 +0200)]
vnc: add display id to acl names
In case the display id is "default" (which is the one you get if you
don't explicitly assign one) we keep the old name scheme, without
display, for backward compatibility reasons.
Replace with a vnc_displays list, so we can have multiple vnc server
instances. Add vnc_server_find function to lookup a display by id.
With no id supplied return the first vnc server, for backward
compatibility reasons.
It is not possible (yet) to actually create multiple vnc server
instances.
Paolo Bonzini [Tue, 20 Jan 2015 16:23:48 +0000 (17:23 +0100)]
sb16: fix interrupt acknowledgement
SoundBlaster 16 emulation is very broken and consumes a lot of CPU, but a
small fix was suggested offlist and it is enough to fix some games. I
got Epic Pinball to work with the "SoundBlaster Clone" option.
The processing of the interrupt register is wrong due to two missing
"not"s. This causes the interrupt flag to remain set even after the
Acknowledge ports have been read (0x0e and 0x0f).
The line was introduced by commit 85571bc (audio merge (malc), 2004-11-07),
but the code might have been broken before because I did not look closely
at the huge patches from 10 years ago.
Peter Maydell [Tue, 23 Dec 2014 22:11:20 +0000 (22:11 +0000)]
target-sparc: Mark gen_load_trap_state_at_tl() as !CONFIG_USER_ONLY
The function gen_load_trap_state_at_tl() is only used in the softmmu
configs; wrap it in #ifndef CONFIG_USER_ONLY to avoid clang compiler
warnings in linux-user builds.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Peter Maydell [Tue, 23 Dec 2014 22:11:19 +0000 (22:11 +0000)]
target-sparc: is_translating_asi() is TARGET_SPARC64 only
Move the is_translating_asi() inside the TARGET_SPARC64 ifdef (and remove
the unimplemented 32-bit codepath), as it is only called from TARGET_SPARC64
code. This fixes a clang 3.4 unused-function warning.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Peter Maydell [Tue, 23 Dec 2014 22:11:18 +0000 (22:11 +0000)]
target-sparc: address_mask(), asi_address_mask() are TARGET_SPARC64 only
The address_mask() and asi_address_mask() functions are only used in
TARGET_SPARC64 configs, so guard with ifdefs to avoid warnings about
unused functions in 32-bit builds.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Peter Maydell [Tue, 23 Dec 2014 22:11:17 +0000 (22:11 +0000)]
target-sparc: Remove unused gen_op_subi_cc and gen_op_addi_cc
The functions gen_op_addi_cc() and gen_op_subi_cc() are unused; remove them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Peter Maydell [Tue, 20 Jan 2015 16:19:58 +0000 (16:19 +0000)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-misc-20150120' into staging
Miscellaneous cross-tree patches:
* load/store helper cleanup
* drop TARGET_HAS_ICE define and checks
* scripts/qapi-types.py: Add dummy member to empty structs
* cpu_ldst.h: Don't define helpers if MMU_MODE*_SUFFIX not defined
# gpg: Signature made Tue 20 Jan 2015 15:43:38 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-misc-20150120:
cpu_ldst.h: Don't define helpers if MMU_MODE*_SUFFIX not defined
cpu_ldst.h, cpu-all.h, bswap.h: Update documentation on ld/st accessors
cpu_ldst_template.h: Drop unused cpu_ldfq/stfq/ldfl/stfl accessors
cpu_ldst.h: Drop unused _raw macros, saddr() and laddr()
cpu_ldst_template.h: Use ld*_p directly rather than via ld*_raw macros
cpu_ldst.h: Use inline functions for usermode cpu_ld/st accessors
cpu_ldst.h: Remove unused very short ld*/st* defines
cpu_ldst.h: Drop unused ld/st*_kernel defines
target-mips: Don't use _raw load/store accessors
linux-user/main.c (m68k): Use get_user_u16 rather than lduw in cpu_loop
linux-user/vm86.c: Use cpu_ldl_data &c rather than plain ldl &c
bsd-user/elfload.c: Don't use ldl() or ldq_raw()
linux-user/elfload.c: Don't use _raw accessor functions
target-sparc: Don't use {ld, st}*_raw functions
monitor.c: Use ld*_p() instead of ld*_raw()
cpu_ldst.h: Remove unused ldul_ macros
exec.c: Drop TARGET_HAS_ICE define and checks
scripts/qapi-types.py: Add dummy member to empty structs
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 20 Jan 2015 15:19:35 +0000 (15:19 +0000)]
cpu_ldst.h: Don't define helpers if MMU_MODE*_SUFFIX not defined
Not all targets define a full set of suffix strings for the
NB_MMU_MODES that they have. In this situation, don't define any
helper functions for that mode, rather than defining helper functions
with no suffix at all. The MMU mode is still functional; it is merely
not directly accessible via cpu_ld*_MODE from target helper functions.
Also add an "NB_MMU_MODES >= 2" check to the definition of the mode 1
helpers -- some targets only define one MMU mode.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1421432008-6786-1-git-send-email-peter.maydell@linaro.org
Peter Maydell [Tue, 20 Jan 2015 15:19:35 +0000 (15:19 +0000)]
cpu_ldst.h, cpu-all.h, bswap.h: Update documentation on ld/st accessors
Add documentation of what the cpu_*_* accessors look like.
Correct some minor errors in the existing documentation of the
direct _p accessor family. Remove the near-duplicate comment
on the _p accessors from cpu-all.h and replace it with a reference
to the comment in bswap.h.
Peter Maydell [Tue, 20 Jan 2015 15:19:34 +0000 (15:19 +0000)]
cpu_ldst_template.h: Drop unused cpu_ldfq/stfq/ldfl/stfl accessors
The cpu_ldfq/stfq/ldfl/stfl accessors for loading and storing
float32 and float64 are completely unused, so delete them.
(The union they use for converting from the float32/float64
type to uint32_t or uint64_t is the wrong way to do it anyway:
they should be using make_float* and float*_val.)
Peter Maydell [Tue, 20 Jan 2015 15:19:34 +0000 (15:19 +0000)]
cpu_ldst_template.h: Use ld*_p directly rather than via ld*_raw macros
The ld*_raw and st*_raw macros are now only used within the code
produced by cpu_ldst_template.h, and only in three places.
Expand these out to just call the ld_p and st_p functions directly.
Note that in all the callsites the address argument is a uintptr_t,
so we can drop that part of the double-cast used in the saddr() and
laddr() macros.
Peter Maydell [Tue, 20 Jan 2015 15:19:34 +0000 (15:19 +0000)]
cpu_ldst.h: Use inline functions for usermode cpu_ld/st accessors
Use inline functions rather than macros for cpu_ld/st accessors
for the *-user configurations, as we already do for softmmu.
This has a two advantages:
* we can actually typecheck our arguments
* we don't need to leak the _raw macros everywhere
Since the _kernel functions were only used by target-i386/seg_helper.c,
put the definitions for them in that file too. (It already has the
similar template include code to define them for the softmmu case,
so it makes sense to have it deal with defining them for user-only.)
Peter Maydell [Tue, 20 Jan 2015 15:19:33 +0000 (15:19 +0000)]
linux-user/main.c (m68k): Use get_user_u16 rather than lduw in cpu_loop
In the m68k cpu_loop() use get_user_u16 to read the immediate for
the simcall rahter than lduw, to bring it into line with how other
archs do it and to remove another user of the ldl family of functions.
Peter Maydell [Tue, 20 Jan 2015 15:19:32 +0000 (15:19 +0000)]
target-sparc: Don't use {ld, st}*_raw functions
Instead of using the _raw family of ld/st accessor functions, use
cpu_*_data. All this code is CONFIG_USER_ONLY, so the two are the
same semantically, but the _raw functions are really a detail of
the implementation which has leaked into a few callsites like this one.
Peter Maydell [Tue, 20 Jan 2015 15:19:32 +0000 (15:19 +0000)]
monitor.c: Use ld*_p() instead of ld*_raw()
The monitor code for doing a memory_dump() was using ld*_raw() to do
target-CPU accesses out of a local buf[] array. The correct functions
for this purpose are ld*_p(), which take a host pointer, rather than
ld*_raw(), which take an integer representing a guest address and
are somewhat meaningless in softmmu configurations. Nobody noticed
because for softmmu the _raw functions are the same as ldl_p but
with some extra casts thrown in. Switch to using the correct functions
instead.
Peter Maydell [Tue, 20 Jan 2015 15:19:32 +0000 (15:19 +0000)]
cpu_ldst.h: Remove unused ldul_ macros
The five ldul_ macros are not used anywhere and are marked up with an XXX
comment. "ldul" is a non-standard prefix for our family of load instructions:
we don't mark 32-bit accesses for signedness because they return a 32 bit
quantity. So just delete them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1421334118-3287-2-git-send-email-peter.maydell@linaro.org
Peter Maydell [Tue, 20 Jan 2015 15:19:32 +0000 (15:19 +0000)]
exec.c: Drop TARGET_HAS_ICE define and checks
The TARGET_HAS_ICE #define is intended to indicate whether a target-*
guest CPU implementation supports the breakpoint handling. However,
all our guest CPUs have that support (the only two which do not
define TARGET_HAS_ICE are unicore32 and openrisc, and in both those
cases the bp support is present and the lack of the #define is just
a bug). So remove the #define entirely: all new guest CPU support
should include breakpoint handling as part of the basic implementation.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net>
Message-id: 1420484960-32365-1-git-send-email-peter.maydell@linaro.org
Peter Maydell [Tue, 20 Jan 2015 15:19:32 +0000 (15:19 +0000)]
scripts/qapi-types.py: Add dummy member to empty structs
Make sure that all generated C structs have at least one field; this
avoids potential issues with attempting to malloc space for
zero-length structs in C (g_malloc(sizeof struct) would return NULL).
It also avoids an incompatibility with C++ (where an empty struct is
size 1); that isn't important to us now but might be in future.
This silences clang warnings like:
./qapi-types.h:3752:1: warning: empty struct has size 0 in C, size 1 in C++ [-Wextern-c-compat]
struct Abort
^
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1419359069-16611-1-git-send-email-peter.maydell@linaro.org
Peter Maydell [Tue, 20 Jan 2015 14:34:38 +0000 (14:34 +0000)]
Merge remote-tracking branch 'remotes/sstabellini/xen-2015-01-20-v2' into staging
* remotes/sstabellini/xen-2015-01-20-v2:
xen: add a lock for the mapcache
xen: do not use __-named variables in mapcache
Xen: Use the ioreq-server API when available
Add device listener interface
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Wed, 14 Jan 2015 10:20:56 +0000 (11:20 +0100)]
xen: add a lock for the mapcache
Extend the existing dummy mapcache_lock/unlock macros to cover all of
xen-mapcache.c. This prepares for unlocked memory access, when parts
of exec.c will not be protected by the BQL.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Paul Durrant [Tue, 20 Jan 2015 11:06:19 +0000 (11:06 +0000)]
Xen: Use the ioreq-server API when available
The ioreq-server API added to Xen 4.5 offers better security than
the existing Xen/QEMU interface because the shared pages that are
used to pass emulation request/results back and forth are removed
from the guest's memory space before any requests are serviced.
This prevents the guest from mapping these pages (they are in a
well known location) and attempting to attack QEMU by synthesizing
its own request structures. Hence, this patch modifies configure
to detect whether the API is available, and adds the necessary
code to use the API if it is.
Paul Durrant [Tue, 20 Jan 2015 11:05:07 +0000 (11:05 +0000)]
Add device listener interface
The Xen ioreq-server API, introduced in Xen 4.5, requires that PCI device
models explicitly register with Xen for config space accesses. This patch
adds a listener interface into qdev-core which can be used by the Xen
interface code to monitor for arrival and departure of PCI devices.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Mon, 19 Jan 2015 13:37:05 +0000 (13:37 +0000)]
Merge remote-tracking branch 'remotes/kraxel/tags/pull-console-20150119-1' into staging
ui: add shared surface format negotiation.
# gpg: Signature made Mon 19 Jan 2015 12:47:36 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/kraxel/tags/pull-console-20150119-1:
ui/sdl2: Support shared surface for more pixman formats
ui/sdl: Support shared surface for more pixman formats
ui/gtk: Support shared surface for most pixman formats
ui/spice: Support shared surface for most pixman formats
ui/vnc: Support shared surface for most pixman formats
ui/pixman: add qemu_pixman_check_format
ui: Add dpy_gfx_check_format() to check backend shared surface support
ui: Make qemu_default_pixman_format() return 0 on unsupported formats
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
ui: Add dpy_gfx_check_format() to check backend shared surface support
This allows VGA to decide whether to use a shared surface based on
whether the UI backend supports the format or not. Backends that
don't provide the new callback fallback to native 32 bpp which
is equivalent to what was supported before.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[ kraxel: fix console check, allow only 32 bpp as fallback ]
ui: Make qemu_default_pixman_format() return 0 on unsupported formats
In order to remove the logic for detecting supported shared
pixmap formats from device models, make qemu_default_pixman_format()
capable for failing by returning 0 which is not a possible format
value rather than asserting.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Laszlo Ersek [Fri, 16 Jan 2015 11:54:30 +0000 (11:54 +0000)]
fw_cfg: fix endianness in fw_cfg_data_mem_read() / _write()
(1) Let's contemplate what device endianness means, for a memory mapped
device register (independently of QEMU -- that is, on physical hardware).
It determines the byte order that the device will put on the data bus when
the device is producing a *numerical value* for the CPU. This byte order
may differ from the CPU's own byte order, therefore when software wants to
consume the *numerical value*, it may have to swap the byte order first.
For example, suppose we have a device that exposes in a 2-byte register
the number of sheep we have to count before falling asleep. If the value
is decimal 37 (0x0025), then a big endian register will produce [0x00,
0x25], while a little endian register will produce [0x25, 0x00].
If the device register is big endian, but the CPU is little endian, the
numerical value will read as 0x2500 (decimal 9472), which software has to
byte swap before use.
However... if we ask the device about who stole our herd of sheep, and it
answers "XY", then the byte representation coming out of the register must
be [0x58, 0x59], regardless of the device register's endianness for
numeric values. And, software needs to copy these bytes into a string
field regardless of the CPU's own endianness.
(2) QEMU's device register accessor functions work with *numerical values*
exclusively, not strings:
The emulated register's read accessor function returns the numerical value
(eg. 37 decimal, 0x0025) as a *host-encoded* uint64_t. QEMU translates
this value for the guest to the endianness of the emulated device register
(which is recorded in MemoryRegionOps.endianness). Then guest code must
translate the numerical value from device register to guest CPU
endianness, before including it in any computation (see (1)).
(3) However, the data register of the fw_cfg device shall transfer strings
*only* -- that is, opaque blobs. Interpretation of any given blob is
subject to further agreement -- it can be an integer in an independently
determined byte order, or a genuine string, or an array of structs of
integers (in some byte order) and fixed size strings, and so on.
Because register emulation in QEMU is integer-preserving, not
string-preserving (see (2)), we have to jump through a few hoops.
(3a) We defined the memory mapped fw_cfg data register as
DEVICE_BIG_ENDIAN.
The particular choice is not really relevant -- we picked BE only for
consistency with the control register, which *does* transfer integers --
but our choice affects how we must host-encode values from fw_cfg strings.
(3b) Since we want the fw_cfg string "XY" to appear as the [0x58, 0x59]
array on the data register, *and* we picked DEVICE_BIG_ENDIAN, we must
compose the host (== C language) value 0x5859 in the read accessor
function.
(3c) When the guest performs the read access, the immediate uint16_t value
will be 0x5958 (in LE guests) and 0x5859 (in BE guests). However, the
uint16_t value does not matter. The only thing that matters is the byte
pattern [0x58, 0x59], which the guest code must copy into the target
string *without* any byte-swapping.
(4) Now I get to explain where I screwed up. :(
When we decided for big endian *integer* representation in the MMIO data
register -- see (3a) --, I mindlessly added an indiscriminate
byte-swizzling step to the (little endian) guest firmware.
This was a grave error -- it violates (3c) --, but I didn't realize it. I
only saw that the code I otherwise intended for fw_cfg_data_mem_read():
value = 0;
for (i = 0; i < size; ++i) {
value = (value << 8) | fw_cfg_read(s);
}
didn't produce the expected result in the guest.
In true facepalm style, instead of blaming my guest code (which violated
(3c)), I blamed my host code (which was correct). Ultimately, I coded
ldX_he_p() into fw_cfg_data_mem_read(), because that happened to work.
Obviously (...in retrospect) that was wrong. Only because my host happened
to be LE, ldX_he_p() composed the (otherwise incorrect) host value 0x5958
from the fw_cfg string "XY". And that happened to compensate for the bogus
indiscriminate byte-swizzling in my guest code.
Clearly the current code leaks the host endianness through to the guest,
which is wrong. Any device should work the same regardless of host
endianness.
The solution is to compose the host-endian representation (2) of the big
endian interpretation (3a, 3b) of the fw_cfg string, and to drop the wrong
byte-swizzling in the guest (3c).
Brown paper bag time for me.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1420024880-15416-1-git-send-email-lersek@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Ard Biesheuvel [Fri, 16 Jan 2015 11:54:29 +0000 (11:54 +0000)]
target-arm: crypto: fix BE host support
The crypto emulation code in target-arm/crypto_helper.c never worked
correctly on big endian hosts, due to the fact that it uses a union
of array types to convert between the native VFP register size (64
bits) and the types used in the algorithms (bytes and 32 bit words)
We cannot just swab between LE and BE when reading and writing the
registers, as the SHA code performs word additions, so instead, add
array accessors for the CRYPTO_STATE type whose LE and BE specific
implementations ensure that the correct array elements are referenced.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1420208303-24111-1-git-send-email-ard.biesheuvel@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 16 Jan 2015 10:16:14 +0000 (10:16 +0000)]
Merge remote-tracking branch 'remotes/amit-migration/tags/mig-2.3-1' into staging
A set of patches collected over the holidays. Mix of optimizations and
fixes.
# gpg: Signature made Fri 16 Jan 2015 07:42:00 GMT using RSA key ID 854083B6
# gpg: Good signature from "Amit Shah <amit@amitshah.net>"
# gpg: aka "Amit Shah <amit@kernel.org>"
# gpg: aka "Amit Shah <amitshah@gmx.net>"
* remotes/amit-migration/tags/mig-2.3-1:
vmstate: type-check sub-arrays
migration_cancel: shutdown migration socket
Handle bi-directional communication for fd migration
socket shutdown
Tests: QEMUSizedBuffer/QEMUBuffer
QEMUSizedBuffer: only free qsb that qemu_bufopen allocated
xbzrle: rebuild the cache_is_cached function
xbzrle: optimize XBZRLE to decrease the cache misses
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Force shutdown on migration socket on cancel to cause the cancel
to complete even if the socket is blocked on a dead network.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
Cristian Klein [Thu, 8 Jan 2015 11:11:31 +0000 (11:11 +0000)]
Handle bi-directional communication for fd migration
libvirt prefers opening the TCP connection itself, for two reasons.
First, connection failed errors can be detected easier, without having
to parse qemu's error output.
Second, libvirt might be asked to secure the transfer by tunnelling the
communication through an TLS layer.
Therefore, libvirt opens the TCP connection itself and passes an FD to qemu
using QMP and a POSIX-specific mechanism.
Hence, in order to make the reverse-path work in such cases, qemu needs to
distinguish if the transmitted FD is a socket (reverse-path available)
or not (reverse-path might not be available) and use the corresponding
abstraction.
Signed-off-by: Cristian Klein <cristian.klein@cs.umu.se> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
Add QEMUFile interface to allow a socket to be 'shut down' - i.e. any
reads/writes will fail (and any blocking read/write will be woken).
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
Yang Hongyang [Fri, 19 Dec 2014 03:38:06 +0000 (11:38 +0800)]
Tests: QEMUSizedBuffer/QEMUBuffer
Modify some of tests/test-vmstate.c due to qemu_bufopen() change.
If you create a QEMUSizedBuffer yourself, you have to explicitly
free it.
Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> Cc: Dr. David Alan Gilbert <dgilbert@redhat.com> Cc: Juan Quintela <quintela@redhat.com> Cc: Amit Shah <amit.shah@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
Yang Hongyang [Fri, 19 Dec 2014 03:38:05 +0000 (11:38 +0800)]
QEMUSizedBuffer: only free qsb that qemu_bufopen allocated
Only free qsb that qemu_bufopen allocated, and also allow
qemu_bufopen accept qsb as input for write operation. It
will make the API more logical:
1.If you create the QEMUSizedBuffer yourself, you need to
free it by using qsb_free() but not depends on other API
like qemu_fclose.
2.allow qemu_bufopen() accept QEMUSizedBuffer as input for
write operation, otherwise, it will be a little strange
for this API won't accept the second parameter.
This brings API change, since there are only 3
users of this API currently, this change only impact the
first one which will be fixed in patch 2 of this patchset,
so I think it is safe to do this change.
Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> Cc: Dr. David Alan Gilbert <dgilbert@redhat.com> Cc: Juan Quintela <quintela@redhat.com> Cc: Amit Shah <amit.shah@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
ChenLiang [Mon, 24 Nov 2014 11:55:48 +0000 (19:55 +0800)]
xbzrle: rebuild the cache_is_cached function
Rebuild the cache_is_cached function by cache_get_by_addr. And
drops the asserts because the caller is also asserting the same
thing.
Signed-off-by: ChenLiang <chenliang88@huawei.com> Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
ChenLiang [Mon, 24 Nov 2014 11:55:47 +0000 (19:55 +0800)]
xbzrle: optimize XBZRLE to decrease the cache misses
Avoid hot pages being replaced by others to remarkably decrease cache
misses
Sample results with the test program which quote from xbzrle.txt ran in
vm:(migrate bandwidth:1GE and xbzrle cache size 8MB)
the test program:
include <stdlib.h>
include <stdio.h>
int main()
{
char *buf = (char *) calloc(4096, 4096);
while (1) {
int i;
for (i = 0; i < 4096 * 4; i++) {
buf[i * 4096 / 4]++;
}
printf(".");
}
}
before this patch:
virsh qemu-monitor-command test_vm '{"execute": "query-migrate"}'
{"return":{"expected-downtime":1020,"xbzrle-cache":{"bytes":1108284,
"cache-size":8388608,"cache-miss-rate":0.987013,"pages":18297,"overflow":8,
"cache-miss":1228737},"status":"active","setup-time":10,"total-time":52398,
"ram":{"total":12466991104,"remaining":1695744,"mbps":935.559472,
"transferred":5780760580,"dirty-sync-counter":271,"duplicate":2878530,
"dirty-pages-rate":29130,"skipped":0,"normal-bytes":5748592640,
"normal":1403465}},"id":"libvirt-706"}
18k pages sent compressed in 52 seconds.
cache-miss-rate is 98.7%, totally miss.
194k pages sent compressed in 18 seconds.
The value of cache-miss-rate decrease to 48.59%.
Signed-off-by: ChenLiang <chenliang88@huawei.com> Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
Peter Maydell [Thu, 15 Jan 2015 10:08:46 +0000 (10:08 +0000)]
Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2015-01-15' into staging
trivial patches for 2015-01-15
# gpg: Signature made Thu 15 Jan 2015 08:26:26 GMT using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg: aka "Michael Tokarev <mjt@corpit.ru>"
# gpg: aka "Michael Tokarev <mjt@debian.org>"
* remotes/mjt/tags/pull-trivial-patches-2015-01-15:
vl.c: fix some alignment issues
blizzard: do not depend on VGA internals
Makefile: Remove config.status and common.env during 'make distclean'
target-openrisc: bugfix for dec_sys to decode instructions correctly
Do not hang on full PTY
misc: Fix new typos in comments
target-arm: Fix typo in comment (seperately -> separately)
target-tricore: Fix new typos
migration/qemu-file.c: Don't shift left into sign bit
translate-all: Mark map_exec() with the 'unused' attribute
tests/hd-geo-test.c: Remove unused test_image variable
vt82c686: avoid out-of-bounds read
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
David Morrison [Tue, 6 Jan 2015 17:06:18 +0000 (09:06 -0800)]
target-openrisc: bugfix for dec_sys to decode instructions correctly
Fixed the decoding of "system" instructions (starting with 0x2)
in dec_sys() in translate.c. In particular, the l.trap instruction
is now correctly decoded, which enables for singlestepping and
breakpoints to be set in GDB.
Signed-off-by: David R. Morrison <dmorrison@invlim.com> Acked-by: Jia Liu <proljc@gmail.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Stefan Weil [Sat, 3 Jan 2015 13:41:39 +0000 (14:41 +0100)]
misc: Fix new typos in comments
recieve -> receive
suprise -> surprise
Cc: Igor Mammedov <imammedo@redhat.com> Cc: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Stefan Weil [Sat, 3 Jan 2015 13:41:38 +0000 (14:41 +0100)]
target-arm: Fix typo in comment (seperately -> separately)
Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Greg Bellows <greg.bellows@linaro.org> Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
projects / qemu-xen.git / log