Igor Mammedov [Mon, 29 Apr 2013 17:03:01 +0000 (19:03 +0200)]
target-i386: Move APIC to ICC bus
It allows APIC to be hotplugged.
* map APIC's mmio at board level if it is present
* do not register mmio region for each APIC, since
only one is used/mapped
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 53a89e262bd3e97b2da3afec0a60e5466770ae8c)
Igor Mammedov [Thu, 25 Apr 2013 14:05:30 +0000 (16:05 +0200)]
kvmvapic: Make dependency on sysbus.h explicit
Allows kvmvapic to compile if sysbus.h is removed from apic_internal.h,
from which it is indirectly included.
sysbus.h will be removed from apic_internal.h after converting
APICs to ICCDevice.
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 5f8df3ce6e0a057ec23cea74b6e629e59e085ac4)
Igor Mammedov [Mon, 29 Apr 2013 16:54:13 +0000 (18:54 +0200)]
target-i386: Attach ICC bus to CPU on its creation
X86CPU should have parent bus so it could provide bus for child APIC.
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 62fc403f11523169eb4264de31279745f48e3ecc)
Igor Mammedov [Mon, 29 Apr 2013 15:02:50 +0000 (17:02 +0200)]
target-i386: Introduce ICC bus/device/bridge
Provides a hotpluggable bus for APIC and CPU.
* icc-bridge will serve as a parent for icc-bus and provide
mmio mapping services to child icc-devices.
* icc-device will replace SysBusDevice as a parent of APIC
and IOAPIC devices.
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit f0513d2c0156799e0c75a108ab9a049eea4f9607)
Peter Maydell [Fri, 15 Mar 2013 14:34:19 +0000 (14:34 +0000)]
sysbus: make SysBusDeviceClass::init optional
Make the SysBusDeviceClass::init optional, for devices which
genuinely don't need to do anything here. In particular, simple
devices which can do all their initialization in their
instance_init method don't need either a DeviceClass::realize
or SysBusDeviceClass::init method.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1363358063-23973-2-git-send-email-peter.maydell@linaro.org Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 4ce5dae88ecf2bafa0cd663de7e923728b1b3672)
Eduardo Habkost [Tue, 23 Oct 2012 23:41:52 +0000 (21:41 -0200)]
Create qemu-types.h for struct typedefs
Instead of keeping all those struct typedefs in qemu-common.h, move it
to a header that can be safely included by other headers, containing
only the struct typedefs and not pulling in other dependencies.
Also, move some of the qdev-core.h typedefs to the new file, too, so
other headers don't need to include qdev-core.h only because of
DeviceState and other typedefs.
This will help us remove qemu-common.h dependencies from some headers
later.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 394e1bb79591c2fbfc873e5ccc38e92a3ba992cf)
Eduardo Habkost [Tue, 23 Oct 2012 23:37:20 +0000 (21:37 -0200)]
qga/channel-posix.c: Include headers it needs
Include:
- <errno.h> for errno
- <unistd.h> & <fcntl.h> for fcntl()
- <stdlib.h> for exit()
- "osdep.h" for qemu_open()
Some of those headers were probably being included by accident because
some other headers were including qemu-common.h, but those headers
should eventually stop including qemu-common.h.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 4d4922c339abf67e47c79068d343ed41a020b8e2)
Eduardo Habkost [Tue, 23 Oct 2012 23:35:44 +0000 (21:35 -0200)]
qapi/qmp-registry.c: Include headers it needs
Include:
- <glib.h> for g_malloc0()
- <string.h> for strcmp()
Some of those headers were probably being included by accident because
some other headers were including qemu-common.h, but those headers
should eventually stop including qemu-common.h.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit ccff63cac4f0d391187c9ee9aa2cab754df80c41)
Igor Mammedov [Thu, 25 Apr 2013 14:05:29 +0000 (16:05 +0200)]
target-i386: Replace MSI_SPACE_SIZE with APIC_SPACE_SIZE
Put APIC_SPACE_SIZE in a public header so that it can be
reused elsewhere later.
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit baaeda08ff34ad17150b50a6f52d0faec9f3db36)
Igor Mammedov [Fri, 26 Apr 2013 16:04:32 +0000 (18:04 +0200)]
target-i386: Introduce feat2prop() for CPU properties
This helper replaces '_' with '-' in a uniform way.
As a side effect, even custom mappings must use '-' now.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
[AF: Split off; operate on NUL-terminated string rather than '=' delimiter] Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 72ac2e876ddc6158f5b6d5f758d4e38c436010ed)
Igor Mammedov [Thu, 25 Apr 2013 14:05:25 +0000 (16:05 +0200)]
acpi_piix4: Add infrastructure to send CPU hot-plug GPE to guest
* introduce processor status bitmask visible to guest at 0xaf00 addr,
where ACPI asl code expects it
* set bit corresponding to APIC ID in processor status bitmask on
receiving CPU hot-plug notification
* trigger CPU hot-plug SCI, to notify guest about CPU hot-plug event
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit b8622725cf0196f672f272922b0941dc8ba1c408)
Igor Mammedov [Thu, 25 Apr 2013 14:05:24 +0000 (16:05 +0200)]
cpu: Add helper cpu_exists(), to check if CPU with specified id exists
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 69e5ff067ae724155fd7465119ee6db5721288b6)
Igor Mammedov [Tue, 23 Apr 2013 08:29:39 +0000 (10:29 +0200)]
cpu: Introduce CPU hot-plug notifier
Hot-add CPU event will be distributed to acpi_piix4 and rtc_cmos.
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 066e9b2710be887f435e0e899fa71f1f4314f702)
Igor Mammedov [Tue, 23 Apr 2013 08:29:38 +0000 (10:29 +0200)]
cpu: Resume CPU from DeviceClass::realize() if hot-plugged
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 6afb4721f3e45da727110470a61aafcd6682395e)
Igor Mammedov [Thu, 11 Apr 2013 14:51:40 +0000 (16:51 +0200)]
target-i386: Split out CPU creation and features parsing
Move CPU creation and features parsing into a separate cpu_x86_create()
function, so that board would be able to set board-specific CPU
properties before CPU is realized.
Keep cpu_x86_init() for compatibility with the code that uses cpu_init()
and doesn't need to modify CPU properties.
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 7f833247df4b68719413b5dccc5f84944f442cb3)
Andreas Färber [Wed, 16 Jan 2013 02:41:47 +0000 (03:41 +0100)]
target-i386: Update X86CPU to QOM realizefn
Adapt the signature of x86_cpu_realize(), hook up to
DeviceClass::realize and set realized = true in cpu_x86_init().
The QOM realizefn cannot depend on errp being non-NULL as in
cpu_x86_init(), so use a local Error to preserve error handling behavior
on APIC initialization errors.
Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
[AF: Invoke parent's realizefn] Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from commit 2b6f294cacd9f4e133a7813d22e1b4e87ac6b2a3)
Anthony PERARD [Mon, 1 Jul 2013 15:19:10 +0000 (16:19 +0100)]
qdev: Prepare "realized" property
Introduce the QOM realizefn suggested by Anthony.
Detailed documentation is supplied in the qdev header.
For now this implements a default DeviceClass::realize callback that
just wraps DeviceClass::init, which it deprecates.
Once all devices have been converted to DeviceClass::realize,
DeviceClass::init is to be removed.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de> Cc: Anthony Liguori <anthony@codemonkey.ws> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 249d41720b7dfbb5951b430b9eefdbee7464f515)
Andreas Färber [Wed, 9 Jan 2013 02:58:10 +0000 (03:58 +0100)]
qdev: Fold state enum into bool realized
Whether the device was initialized or not is QOM-level information and
currently unused. Drop it from device. This leaves the boolean state of
whether or not DeviceClass::init was called or not, a.k.a. "realized".
Suggested-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 7983c8a335dd09fec49f99a44d4404aa87828c0a)
Igor Mammedov [Thu, 25 Apr 2013 14:05:25 +0000 (16:05 +0200)]
acpi_piix4: Add infrastructure to send CPU hot-plug GPE to guest
* introduce processor status bitmask visible to guest at 0xaf00 addr,
where ACPI asl code expects it
* set bit corresponding to APIC ID in processor status bitmask on
receiving CPU hot-plug notification
* trigger CPU hot-plug SCI, to notify guest about CPU hot-plug event
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from QEMU commit b8622725cf0196f672f272922b0941dc8ba1c408)
The function piix4_cpu_hotplug_req() has been modified to take an integer
instead of a CPU object.
There was a cpu_added_notifier in the original commit, this haven't
been back-ported, as it can't be used.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Wrapper to avoid open-coded loops and to make CPUState iteration
independent of CPUArchState.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from QEMU commit d6b9e0d60cc511eca210834428bb74508cff3d33) Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Igor Mammedov [Tue, 23 Apr 2013 08:29:41 +0000 (10:29 +0200)]
cpu: Introduce get_arch_id() method and override it for X86CPU
get_arch_id() adds possibility for generic code to get a guest-visible
CPU ID without accessing CPUArchState.
If derived classes don't override it, it will return cpu_index.
Override it on target-i386 in X86CPU to return the APIC ID.
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: liguang <lig.fnst@cn.fujitsu.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
(cherry picked from QEMU commit 997395d3888fcde6ce41535a8208d7aa919d824b) Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
xen: start PCI hole at 0xe0000000 (same as pc_init1 and qemu-xen-traditional)
We are currently setting the PCI hole to start at HVM_BELOW_4G_RAM_END,
that is 0xf0000000.
Start the PCI hole at 0xe0000000 instead, that is the same value used by
pc_init1 and qemu-xen-traditional.
The current xen backend driver implementation uses int64_t variables
to store the size of the corresponding backend disk/file. It also uses
an int64_t variable to store the block size of that image. When writing
the number of sectors (file_size/block_size) to xenstore, however, it
passes these values as 32 bit signed integers. This will cause an
overflow for any disk of 1 TiB or more.
This patch changes the xen backend driver to use a 64 bit integer write
xenstore function.
Introduce 64 bit integer write interface to xenstore
The current implementation of xen_backend only provides 32 bit integer
functions to write to xenstore. This patch adds two functions that
allow writing 64 bit integers (one generic function and another for
the backend only).
This patch also fixes the size of the char arrays used to represent
these integers as strings (originally 32 bytes, however no more than
12 bytes are needed for 32 bit integers and no more than 21 bytes are
needed for 64 bit integers).
Alex Bligh [Fri, 5 Apr 2013 15:45:15 +0000 (15:45 +0000)]
Xen PV backend: Disable use of O_DIRECT by default as it results in crashes.
Due to what is almost certainly a kernel bug, writes with O_DIRECT may
continue to reference the page after the write has been marked as
completed, particularly in the case of TCP retransmit. In other
scenarios, this "merely" risks data corruption on the write, but with
Xen pages from domU are only transiently mapped into dom0's memory,
resulting in kernel panics when they are subsequently accessed.
This brings PV devices in line with emulated devices. Removing
O_DIRECT is safe as barrier operations are now correctly passed
through.
See:
http://lists.xen.org/archives/html/xen-devel/2012-12/msg01154.html
for more details.
Alex Bligh [Fri, 5 Apr 2013 15:45:10 +0000 (15:45 +0000)]
Xen PV backend: Move call to bdrv_new from blk_init to blk_connect
This commit delays the point at which bdrv_new (and hence blk_open
on the underlying device) is called from blk_init to blk_connect.
This ensures that in an inbound live migrate, the block device is
not opened until it has been closed at the other end. This is in
preparation for supporting devices with open/close consistency
without using O_DIRECT. This commit does NOT itself change O_DIRECT
semantics.
xen-mapcache: pass the right size argument to test_bits
Compute the correct size for test_bits().
qemu_get_ram_ptr() and qemu_safe_ram_ptr() will call xen_map_cache()
with size is 0 if the requested address is in the RAM. Then
xen_map_cache() will pass the size 0 to test_bits() for checking if the
corresponding pfn was mapped in cache. But test_bits() will always
return 1 when size is 0 without any bit testing. Actually, for this
case, test_bits should check one bit. So this patch introduced a
__test_bit_size which is greater than 0 and a multiple of XC_PAGE_SIZE,
then test_bits can work correctly with __test_bit_size
>> XC_PAGE_SHIFT as its size.
Alex Bligh [Mon, 11 Mar 2013 14:02:49 +0000 (14:02 +0000)]
xen: Disable use of O_DIRECT by default as it results in crashes.
Due to what is almost certainly a kernel bug, writes with O_DIRECT may
continue to reference the page after the write has been marked as
completed, particularly in the case of TCP retransmit. In other
scenarios, this "merely" risks data corruption on the write, but with
Xen pages from domU are only transiently mapped into dom0's memory,
resulting in kernel panics when they are subsequently accessed.
This brings PV devices in line with emulated devices. Removing
O_DIRECT is safe as barrier operations are now correctly passed
through.
See:
http://lists.xen.org/archives/html/xen-devel/2012-12/msg01154.html
for more details.
Signed-off-by: Alex Bligh <alex@alex.org.uk> Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
The pointer arithmetic there is safe, but ugly. Coverity grouses
about it. However, the actual comparison is off by one: <= end
instead of < end. Fix by rewriting the check in a cleaner way.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit bc5f92e5db6f303e73387278e32f8669f0abf0e5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Roger Pau Monne [Mon, 14 Jan 2013 18:26:53 +0000 (18:26 +0000)]
xen_disk: fix memory leak
On ioreq_release the full ioreq was memset to 0, loosing all the data
and memory allocations inside the QEMUIOVector, which leads to a
memory leak. Create a new function to specifically reset ioreq.
Reported-by: Maik Wessler <maik.wessler@yahoo.com> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
(cherry picked from commit 282c6a2f292705f823554447ca0b7731b6f81a97)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Maydell [Thu, 17 Jan 2013 20:04:16 +0000 (20:04 +0000)]
tcg/target-arm: Add missing parens to assertions
Silence a (legitimate) complaint about missing parentheses:
tcg/arm/tcg-target.c: In function ‘tcg_out_qemu_ld’:
tcg/arm/tcg-target.c:1148:5: error: suggest parentheses around
comparison in operand of ‘&’ [-Werror=parentheses]
tcg/arm/tcg-target.c: In function ‘tcg_out_qemu_st’:
tcg/arm/tcg-target.c:1357:5: error: suggest parentheses around
comparison in operand of ‘&’ [-Werror=parentheses]
which meant that we would mistakenly always assert if running
a QEMU built with debug enabled on ARM.
Signed-off-by: Peter Maydell <peter.maydelL@linaro.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 5256a7208a7c2af19baf8f99bd4f06632f9f9ba9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Kevin Wolf [Wed, 16 Jan 2013 20:20:00 +0000 (21:20 +0100)]
win32-aio: Fix memory leak
The buffer is allocated for both reads and writes, and obviously it
should be freed even if an error occurs.
Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit e8bccad5ac6095b5af7946cd72d9aacb57f7c0a3)
Conflicts:
block/win32-aio.c
*addressed conflict due to buggy g_free() still in use instead of
qemu_vfree() as it is upstream (via commit 7479acdb)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Kevin Wolf [Wed, 16 Jan 2013 20:19:59 +0000 (21:19 +0100)]
win32-aio: Fix vectored reads
Copying data in the right direction really helps a lot!
Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit bcbbd234d42f1111e42b91376db61922d42e7e9e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Kevin Wolf [Wed, 16 Jan 2013 18:25:51 +0000 (19:25 +0100)]
aio: Fix return value of aio_poll()
aio_poll() must return true if any work is still pending, even if it
didn't make progress, so that bdrv_drain_all() doesn't stop waiting too
early. The possibility of stopping early occasionally lead to a failed
assertion in bdrv_drain_all(), when some in-flight request was missed
and the function didn't really drain all requests.
In order to make that change, the return value as specified in the
function comment must change for blocking = false; fortunately, the
return value of blocking = false callers is only used in test cases, so
this change shouldn't cause any trouble.
Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 2ea9b58f0bc62445b7ace2381b4c4db7d5597e19)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Roger Pau Monne [Mon, 14 Jan 2013 18:28:19 +0000 (18:28 +0000)]
xen_disk: add persistent grant support to xen_disk backend
This protocol extension reuses the same set of grant pages for all
transactions between the front/back drivers, avoiding expensive tlb
flushes, grant table lock contention and switches between userspace
and kernel space. The full description of the protocol can be found in
the public blkif.h header.
Roger Pau Monne [Mon, 14 Jan 2013 18:26:53 +0000 (18:26 +0000)]
xen_disk: fix memory leak
On ioreq_release the full ioreq was memset to 0, loosing all the data
and memory allocations inside the QEMUIOVector, which leads to a
memory leak. Create a new function to specifically reset ioreq.
Paolo Bonzini [Thu, 10 Jan 2013 14:28:35 +0000 (15:28 +0100)]
raw-posix: fix bdrv_aio_ioctl
When the raw-posix aio=thread code was moved from posix-aio-compat.c
to block/raw-posix.c, there was an unintended change to the ioctl code.
The code used to return the ioctl command, which posix_aio_read()
would later morph into a zero. This hack is not necessary anymore,
and in fact breaks scsi-generic (which expects a zero return code).
Remove it.
Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit b608c8dc02c78ee95455a0989bdf1b41c768b2ef)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Alex Williamson [Tue, 8 Jan 2013 21:10:03 +0000 (14:10 -0700)]
vfio-pci: Loosen sanity checks to allow future features
VFIO_PCI_NUM_REGIONS and VFIO_PCI_NUM_IRQS should never have been
used in this manner as it locks a specific kernel implementation.
Future features may introduce new regions or interrupt entries
(VGA may add legacy ranges, AER might add an IRQ for error
signalling). Fix this before it gets us into trouble.
Alex Williamson [Mon, 7 Jan 2013 04:30:31 +0000 (21:30 -0700)]
pci-assign: Enable MSIX on device to match guest
When a guest enables MSIX on a device we evaluate the MSIX vector
table, typically find no unmasked vectors and don't switch the device
to MSIX mode. This generally works fine and the device will be
switched once the guest enables and therefore unmasks a vector.
Unfortunately some drivers enable MSIX, then use interfaces to send
commands between VF & PF or PF & firmware that act based on the host
state of the device. These therefore may break when MSIX is managed
lazily. This change re-enables the previous test used to enable MSIX
(see qemu-kvm a6b402c9), which basically guesses whether a vector
will be used based on the data field of the vector table.
Cc: qemu-stable@nongnu.org Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit feb9a2ab4b0260d8d680a7ffd25063dafc7ec628)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Alex Williamson [Tue, 8 Jan 2013 21:09:03 +0000 (14:09 -0700)]
vfio-pci: Make host MSI-X enable track guest
Guests typically enable MSI-X with all of the vectors in the MSI-X
vector table masked. Only when the vector is enabled does the vector
get unmasked, resulting in a vector_use callback. These two points,
enable and unmask, correspond to pci_enable_msix() and request_irq()
for Linux guests. Some drivers rely on VF/PF or PF/fw communication
channels that expect the physical state of the device to match the
guest visible state of the device. They don't appreciate lazily
enabling MSI-X on the physical device.
To solve this, enable MSI-X with a single vector when the MSI-X
capability is enabled and immediate disable the vector. This leaves
the physical device in exactly the same state between host and guest.
Furthermore, the brief gap where we enable vector 0, it fires into
userspace, not KVM, so the guest doesn't get spurious interrupts.
Ideally we could call VFIO_DEVICE_SET_IRQS with the right parameters
to enable MSI-X with zero vectors, but this will currently return an
error as the Linux MSI-X interfaces do not allow it.
Max Filippov [Wed, 19 Dec 2012 20:04:09 +0000 (00:04 +0400)]
target-xtensa: fix search_pc for the last TB opcode
Zero out tcg_ctx.gen_opc_instr_start for instructions representing the
last guest opcode in the TB.
Cc: qemu-stable@nongnu.org Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 36f25d2537c40c6c47f4abee5d31a24863d1adf7)
*modified to use older global version of gen_opc_instr_start
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Tue, 20 Nov 2012 11:48:19 +0000 (12:48 +0100)]
buffered_file: do not send more than s->bytes_xfer bytes per tick
Sending more was possible if the buffer was large.
Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit bde54c08b4854aceee3dee25121a2b835cb81166)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Wed, 12 Dec 2012 11:54:43 +0000 (12:54 +0100)]
migration: fix migration_bitmap leak
Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit 244eaa7514a944b36273eb8428f32da8e9124fcf)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Discard packets longer than 16384 when !SBP to match the hardware behavior.
Signed-off-by: Michael Contreras <michael@inetric.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 2c0331f4f7d241995452b99afaf0aab00493334a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Uri Lublin [Wed, 12 Dec 2012 16:30:47 +0000 (18:30 +0200)]
qxl+vnc: register a vm state change handler for dummy spice_server
When qxl + vnc are used, a dummy spice_server is initialized.
The spice_server has to be told when the VM runstate changes,
which is what this patch does.
Without it, from qxl_send_events(), the following error message is shown:
qxl_send_events: spice-server bug: guest stopped, ignoring
Cc: qemu-stable@nongnu.org Signed-off-by: Uri Lublin <uril@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 938b8a36b65e44c44ca29245437f8d7ac0f826e8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
With MMU option xtensa architecture has two TLBs: ITLB and DTLB. ITLB is
only used for code access, DTLB is only for data. However TLB entries in
both TLBs have attribute field controlling write and exec access. These
bits need to be properly masked off depending on TLB type before being
used as tlb_set_page prot argument. Otherwise the following happens:
(1) ITLB entry for some PFN gets invalidated
(2) DTLB entry for the same PFN gets updated, attributes allow code
execution
(3) code at the page with that PFN is executed (possible due to step 2),
entry for the TB is written into the jump cache
(4) QEMU TLB entry for the PFN gets replaced with an entry for some
other PFN
(5) code in the TB from step 3 is executed (possible due to jump cache)
and it accesses data, for which there's no DTLB entry, causing DTLB
miss exception
(6) re-translation of the TB from step 5 is attempted, but there's no
QEMU TLB entry nor xtensa ITLB entry for that PFN, which causes ITLB
miss exception at the TB start address
(7) ITLB miss exception is handled by the guest, but execution is
resumed from the beginning of the faulting TB (the point where ITLB
miss occured), not from the point where DTLB miss occured, which is
wrong.
With that fix the above scenario causes ITLB miss exception (that used
to be step 7) at step 3, right at the beginning of the TB.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Cc: qemu-stable@nongnu.org Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 659f807c0a700317a7a0fae7a6e6ebfe68bfbbc4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Gerd Hoffmann [Fri, 14 Dec 2012 07:54:24 +0000 (07:54 +0000)]
pixman: fix vnc tight png/jpeg support
This patch adds an x argument to qemu_pixman_linebuf_fill so it can
also be used to convert a partial scanline. Then fix tight + png/jpeg
encoding by passing in the x+y offset, so the data is read from the
correct screen location instead of the upper left corner.
Cc: 1087974@bugs.launchpad.net Cc: qemu-stable@nongnu.org Reported-by: Tim Hardeneck <thardeck@suse.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit bc210eb163b162ff2e94e5c8f4307715731257f8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Kevin O'Connor (6):
floppy: Minor - reduce handle_0e code size when CONFIG_FLOPPY is disabled.
vga: Minor comment spelling fix.
Don't recursively evaluate CFLAGS variables.
Don't use gcc's -combine option.
Add compile checking phase to build.
acpi: Use prt_slot() macro to describe irq pins of first PCI device.
Laszlo Ersek (1):
maininit(): print machine UUID under seabios version message
Alex Williamson [Mon, 10 Dec 2012 18:30:03 +0000 (11:30 -0700)]
vfio-pci: Don't use kvm_irqchip_in_kernel
kvm_irqchip_in_kernel() has an architecture specific meaning, so
we shouldn't be using it to determine whether to enabled KVM INTx
bypass. kvm_irqfds_enabled() seems most appropriate. Also use this
to protect our other call to kvm_check_extension() as that explodes
when KVM isn't enabled.
Petar Jovanovic [Tue, 4 Dec 2012 23:29:10 +0000 (00:29 +0100)]
target-mips: Fix incorrect shift for SHILO and SHILOV
helper_shilo has not been shifting an accumulator value correctly for negative
values in 'shift' field. Minor optimization for shift=0 case.
This change also adds tests that will trigger issue and check for regressions.
Signed-off-by: Petar Jovanovic <petarj@mips.com> Reviewed-by: Richard Henderson <rth@twiddle.net> Reviewed-by: Eric Johnson <ericj@mips.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 19e6c50d2d843220efbdd3b2db21d83c122c364a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Petar Jovanovic [Mon, 26 Nov 2012 15:13:21 +0000 (16:13 +0100)]
target-mips: Fix incorrect code and test for INSV
Content of register rs should be shifted for pos before applying a mask.
This change contains both fix for the instruction and to the existing test.
Signed-off-by: Petar Jovanovic <petarj@mips.com> Reviewed-by: Eric Johnson <ericj@mips.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 34f5606ee101f82a247d09d05644ad2a63c8e342)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
David Gibson [Tue, 4 Dec 2012 00:38:39 +0000 (11:38 +1100)]
migration: Fix madvise breakage if host and guest have different page sizes
madvise(DONTNEED) will throw away the contents of the whole page at the
given address, even if the given length is less than the page size. One
can argue about whether that's the correct behaviour, but that's what it's
done for a long time in Linux at least.
That means that the madvise() in ram_load(), on a setup where
TARGET_PAGE_SIZE is smaller than the host page size, can throw away data
in guest pages adjacent to the one it's actually processing right now,
leading to guest memory corruption on an incoming migration.
This patch therefore, disables the madvise() if the host page size is
larger than TARGET_PAGE_SIZE. This means we don't get the benefits of that
madvise() in this case, but a more complete fix is more difficult to
accomplish. This at least fixes the guest memory corruption.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reported-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 45e6cee42b98d10e2e14885ab656541a9ffd5187)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
David Gibson [Tue, 4 Dec 2012 00:38:38 +0000 (11:38 +1100)]
Fix off-by-1 error in RAM migration code
The code for migrating (or savevm-ing) memory pages starts off by creating
a dirty bitmap and filling it with 1s. Except, actually, because bit
addresses are 0-based it fills every bit except bit 0 with 1s and puts an
extra 1 beyond the end of the bitmap, potentially corrupting unrelated
memory. Oops. This patch fixes it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 7ec81e56edc2b2007ce0ae3982aa5c18af9546ab)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Brad Smith [Fri, 28 Dec 2012 06:38:11 +0000 (01:38 -0500)]
Disable semaphores fallback code for OpenBSD
Disable the semaphores fallback code for OpenBSD as modern OpenBSD
releases now have sem_timedwait().
Signed-off-by: Brad Smith <brad@comstyle.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 927fa909d5d5cf8c07673cd16a6d3bdc81250bc0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Brad Smith [Fri, 28 Dec 2012 06:00:26 +0000 (01:00 -0500)]
Fix semaphores fallback code
As reported in bug 1087114 the semaphores fallback code is broken which
results in QEMU crashing and making QEMU unusable.
This patch is from Paolo.
This needs to be back ported to the 1.3 stable tree as well.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Brad Smith <brad@comstyle.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit a795ef8dcb8cbadffc996c41ff38927a97645234)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Replace a lot of formulaic multiplications (containing casts, no less)
with calls to a pair of functions. This encapsulates in a single
place the operations which require care relating to integer overflow.
e1000: Discard packets that are too long if !SBP and !LPE
The e1000_receive function for the e1000 needs to discard packets longer than
1522 bytes if the SBP and LPE flags are disabled. The linux driver assumes
this behavior and allocates memory based on this assumption.
Signed-off-by: Michael Contreras <michael@inetric.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Fri, 30 Nov 2012 16:24:24 +0000 (10:24 -0600)]
Merge remote-tracking branch 'kwolf/for-anthony' into staging
* kwolf/for-anthony:
coroutine-sigaltstack.c: Use stack_t, not struct sigaltstack
stream: fix ratelimit_set_speed
atapi: make change media detection for guests easier
Documentation: Update image format information
Documentation: Update block cache mode information
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Fri, 30 Nov 2012 16:20:21 +0000 (10:20 -0600)]
Merge remote-tracking branch 'kraxel/usb.73' into staging
* kraxel/usb.73:
ehci-sysbus: Attach DMA context.
usb: fail usbdevice_create() when there is no USB bus
usb: tag usb host adapters as not hotpluggable.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
projects / people / aperard / qemu-dm.git / log