Jordan Justen [Wed, 29 May 2013 08:27:26 +0000 (01:27 -0700)]
kvm: support using KVM_MEM_READONLY flag for regions
For readonly memory regions and rom devices in romd_mode,
we make use of the KVM_MEM_READONLY. A slot that uses
KVM_MEM_READONLY can be read from and code can execute from the
region, but writes will exit to qemu.
For rom devices with !romd_mode, we force the slot to be
removed so reads or writes to the region will exit to qemu.
(Note that a memory region in this state is not executable
within kvm.)
v7:
* Update for readable => romd_mode rename (5f9a5ea1)
Anthony Liguori [Wed, 29 May 2013 13:13:20 +0000 (08:13 -0500)]
Merge remote-tracking branch 'aneesh/for-upstream' into staging
# By Aneesh Kumar K.V (3) and Gabriel de Perthuis (1)
# Via Aneesh Kumar K.V
* aneesh/for-upstream:
hw/9pfs: Be robust against paths without FS_IOC_GETVERSION
hw/9pfs: Use O_NOFOLLOW when opening files on server
hw/9pfs: use O_NOFOLLOW for mapped readlink operation
hw/9pfs: Fix segfault with 9p2000.u
In MacOSX 10.6 and above the NSOpenPanel beginSheetForDirectory
method is deprecated. Use the preferred replacements instead.
We retain the original code for use on earlier MacOSX versions
because the replacement methods don't exist before 10.6.
Avoid the NSOpenPanel filename method (deprecated in MacOSX 10.6)
in favour of using the URL method and extracting the path from the
resulting NSUrl object.
Peter Maydell [Mon, 22 Apr 2013 10:29:47 +0000 (10:29 +0000)]
cocoa: Avoid deprecated CPS* functions
The functions CPSGetCurrentProcess and CPSEnableForegroundOperation
are deprecated in newer versions of MacOSX and cause warning messages
to be logged to the system log. Instead, use the new preferred method
of promoting our console process up to a graphical app with menubar
and Dock icon, which is TransformProcessType. (This function came
in with MacOSX 10.3, so there's no need to retain the old method as
we don't support anything earlier than 10.3 anyway.)
Peter Maydell [Mon, 22 Apr 2013 10:29:46 +0000 (10:29 +0000)]
cocoa: Fix leaks of NSScreen and NSConcreteMapTable
On MacOSX 10.8 QEMU provokes system log messages:
11/03/2013 17:03:29.998 qemu-system-arm[42586]: objc[42586]: Object
0x7ffbf9c2f3b0 of class NSScreen autoreleased with no pool in place - just
leaking - break on objc_autoreleaseNoPool() to debug
11/03/2013 17:03:29.999 qemu-system-arm[42586]: objc[42586]: Object
0x7ffbf9c3a010 of class NSConcreteMapTable autoreleased with no pool in
place - just leaking - break on objc_autoreleaseNoPool() to debug
This is because we call back into Cocoa from threads other than
the UI thread (specifically from the CPU thread). Since we created
these threads via the POSIX API rather than NSThread, they don't have
automatically created autorelease pools. Guard all the functions where
QEMU can call back into the Cocoa UI code with autorelease pools
so that we don't leak any Cocoa objects.
hw/9pfs: use O_NOFOLLOW for mapped readlink operation
With mapped security models like mapped-xattr and mapped-file, we save the
symlink target as file contents. Now if we ever expose a normal directory
with mapped security model and find real symlinks in export path, never
follow them and return proper error.
When guest tries to chmod a block or char device file over 9pfs,
the qemu process segfaults. With 9p2000.u protocol we use wstat to
change mode bits and client don't send extension information for
chmod. We need to check for size field to check whether extension
info is present or not.
Gerd Hoffmann [Mon, 27 May 2013 10:41:24 +0000 (12:41 +0200)]
chardev: fix "info chardev" output
Fill unset CharDriverState->filename with the backend name, so
'info chardev' will return at least the chardev type. Don't
touch it in case the chardev init function filled it already,
like the socket+pty chardevs do for example.
Peter Maydell [Thu, 23 May 2013 11:59:55 +0000 (12:59 +0100)]
target-arm: Don't use TCGv when we mean TCGv_i32
TCGv changes size depending on the compile time value of
TARGET_LONG_BITS. This is useful for generating code for MIPS style
"instructions are the same but the register width changes" CPUs, and
also for the generic bits of QEMU which operate on "width of a
virtual address" values, but mostly in the ARM target code we were
using it purely as a shorthand for "any 32 bit value".
This needs to change in preparation for AArch64 support, since an
AArch64-capable v8 core will have 64 bit virtual addresses but still
use 32 bit values for the 32 bit instruction set.
This patch mechanically converts all the occurrences of TCGv,
tcg_temp_new(), tcg_temp_free(), tcg_temp_local_new() and
TCGV_UNUSED() to their explicitly 32 bit counterparts. This is
correct for everything except the arguments to tcg_gen_qemu_{ld,st}*,
which really do need to be TCGv and so will require a 32-to-64
conversion when building the 32 bit code for AArch64. Those changes
will be in a separate patch for easier review.
Anthony Liguori [Fri, 24 May 2013 18:47:42 +0000 (13:47 -0500)]
Merge remote-tracking branch 'bonzini/iommu-for-anthony' into staging
# By Paolo Bonzini (11) and others
# Via Paolo Bonzini
* bonzini/iommu-for-anthony:
memory: clean up phys_page_find
memory: populate FlatView for new address spaces
memory: limit sections in the radix tree to the actual address space size
s390x: reduce TARGET_PHYS_ADDR_SPACE_BITS to 62
memory: fix address space initialization/destruction
memory: make memory_global_sync_dirty_bitmap take an AddressSpace
memory: do not duplicate memory_region_destructor_none
memory: Rename readable flag to romd_mode
memory: Replace open-coded memory_region_is_romd
memory: allow memory_region_find() to run on non-root memory regions
memory: assert that PhysPageEntry's ptr does not overflow
exec: eliminate stq_phys_notdirty
exec: make qemu_get_ram_ptr private
exec: eliminate qemu_put_ram_ptr
exec: remove obsolete comment
Anthony Liguori [Fri, 24 May 2013 18:47:33 +0000 (13:47 -0500)]
Merge remote-tracking branch 'stefanha/net' into staging
# By Alasdair McLeay (1) and Stefan Hajnoczi (1)
# Via Stefan Hajnoczi
* stefanha/net:
rtl8139: flush queued packets when RxBufPtr is written
net: support for bridged networking on Mac OS X
Anthony Liguori [Fri, 24 May 2013 18:47:25 +0000 (13:47 -0500)]
Merge remote-tracking branch 'stefanha/block' into staging
# By Wenchao Xia (5) and others
# Via Stefan Hajnoczi
* stefanha/block:
coroutine: stop using AioContext in CoQueue
coroutine: protect global pool with a mutex
qemu-iotests: Try creating huge qcow2 image
qcow2.py: Subcommand for changing header fields
qemu-io: Fix 'map' output
blockdev: Rename BlockdevAction -> TransactionAction
block: make all steps in qmp_transaction() as callback
block: package rollback code in qmp_transaction()
block: package committing code in qmp_transaction()
block: move input parsing code in qmp_transaction()
block: package preparation code in qmp_transaction()
Paolo Bonzini [Tue, 16 Apr 2013 13:39:51 +0000 (15:39 +0200)]
memory: populate FlatView for new address spaces
Even a new address space might have a non-empty FlatView. In order
to initialize it properly, address_space_init should (a) call
memory_region_transaction_commit after the address space is inserted
into the list; (b) force memory_region_transaction_commit to do something.
This bug was latent so far because all address spaces started empty, including
the PCI address space where the bus master region is initially disabled.
However, the target address space of an IOMMU is usually rooted at
get_system_memory(), which might not be empty at the time the IOMMU is created.
Avi Kivity [Tue, 30 Oct 2012 11:47:45 +0000 (13:47 +0200)]
memory: limit sections in the radix tree to the actual address space size
The radix tree is statically sized to fit TARGET_PHYS_ADDR_SPACE_BITS.
If a larger memory region is registered, it will overflow.
Fix by limiting any section in the radix tree to the supported size.
This problem was not observed earlier since artificial regions (containers
and aliases) are eliminated by the memory core, leaving only device regions
which have reasonable sizes. An IOMMU however cannot be eliminated by the
memory core, and may have an artificial size.
Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Avi Kivity <[email protected]>
[ Fail the build if TARGET_PHYS_ADDR_SPACE_BITS is too large - Paolo ] Signed-off-by: Paolo Bonzini <[email protected]>
Paolo Bonzini [Mon, 13 May 2013 13:54:44 +0000 (15:54 +0200)]
s390x: reduce TARGET_PHYS_ADDR_SPACE_BITS to 62
With the next patch, the memory API will complain if the
TARGET_PHYS_ADDR_SPACE_BITS gets dangerously close to an
overflow. s390x can handle up to 64 bit of physical address
space from its page tables, but we never use that much. Just
decrease the value.
Avi Kivity [Tue, 30 Oct 2012 11:47:44 +0000 (13:47 +0200)]
memory: fix address space initialization/destruction
A couple of fields were left uninitialized. This was not observed earlier
because all address spaces were statically allocated. Also free allocation
for those fields.
Jan Kiszka [Tue, 7 May 2013 17:04:25 +0000 (19:04 +0200)]
memory: Rename readable flag to romd_mode
"Readable" is a very unfortunate name for this flag because even a
rom_device region will always be readable from the guest POV. What
differs is the mapping, just like the comments had to explain already.
Also, readable could currently be understood as being a generic region
flag, but it only applies to rom_device regions.
So rename the flag and the function to modify it after the original term
"ROMD" which could also be interpreted as "ROM direct", i.e. ROM mode
with direct access. In any case, the scope of the flag is clearer now.
Paolo Bonzini [Tue, 7 May 2013 13:48:28 +0000 (15:48 +0200)]
memory: allow memory_region_find() to run on non-root memory regions
memory_region_find() is similar to registering a MemoryListener and
checking for the MemoryRegionSections that come from a particular
region. There is no reason for this to be limited to a root memory
region.
Paolo Bonzini [Tue, 7 May 2013 09:30:23 +0000 (11:30 +0200)]
memory: assert that PhysPageEntry's ptr does not overflow
While sized to 15 bits in PhysPageEntry, the ptr field is ORed into the
iotlb entries together with a page-aligned pointer. The ptr field must
not overflow into this page-aligned value, assert that it is smaller than
the page size.
Stefan Hajnoczi [Wed, 22 May 2013 12:50:18 +0000 (14:50 +0200)]
rtl8139: flush queued packets when RxBufPtr is written
Net queues support efficient "receive disable". For example, tap's file
descriptor will not be polled while its peer has receive disabled. This
saves CPU cycles for needlessly copying and then dropping packets which
the peer cannot receive.
rtl8139 is missing the qemu_flush_queued_packets() call that wakes the
queue up when receive becomes possible again.
As a result, the Windows 7 guest driver reaches a state where the
rtl8139 cannot receive packets. The driver has actually refilled the
receive buffer but we never resume reception.
The bug can be reproduced by running a large FTP 'get' inside a Windows
7 guest:
Stefan Hajnoczi [Fri, 17 May 2013 13:51:26 +0000 (15:51 +0200)]
coroutine: stop using AioContext in CoQueue
qemu_co_queue_next(&queue) arranges that the next queued coroutine is
run at a later point in time. This deferred restart is useful because
the caller may not want to transfer control yet.
This behavior was implemented using QEMUBH in the past, which meant that
CoQueue (and hence CoMutex and CoRwlock) had a dependency on the
AioContext event loop. This hidden dependency causes trouble when we
move to a world with multiple event loops - now qemu_co_queue_next()
needs to know which event loop to schedule the QEMUBH in.
After pondering how to stash AioContext I realized the best solution is
to not use AioContext at all. This patch implements the deferred
restart behavior purely in terms of coroutines and no longer uses
QEMUBH.
Here is how it works:
Each Coroutine has a wakeup queue that starts out empty. When
qemu_co_queue_next() is called, the next coroutine is added to our
wakeup queue. The wakeup queue is processed when we yield or terminate.
Stefan Hajnoczi [Fri, 17 May 2013 13:51:25 +0000 (15:51 +0200)]
coroutine: protect global pool with a mutex
The coroutine freelist is a global pool of unused coroutines. It avoids
the setup/teardown overhead associated with the coroutine lifecycle.
Since the pool is global, we need to synchronize access so that
coroutines can be used outside the BQL.
Kevin Wolf [Mon, 13 May 2013 13:31:34 +0000 (15:31 +0200)]
qemu-io: Fix 'map' output
The output of the 'map' command in qemu-io used to directly resemble
bdrv_is_allocated() and could contain many lines for small chunks that
all have the same allocation status. After this patch, they will be
coalesced into a single output line for a large chunk.
As a side effect, the command gains some error handling.
There's no reason to restrict transactions to operations related to
block devices, so rename the type now before schema introspection stops
us from doing so.
Also change the schema documentation of 'transaction' to not refer to
block devices or snapshots any more.
Wenchao Xia [Wed, 8 May 2013 10:25:16 +0000 (18:25 +0800)]
block: make all steps in qmp_transaction() as callback
Make it easier to add other operations to qmp_transaction() by using
callbacks, with external snapshots serving as an example implementation
of the callbacks.
Wenchao Xia [Wed, 8 May 2013 10:25:12 +0000 (18:25 +0800)]
block: package preparation code in qmp_transaction()
The code before really committing is moved into a function. Most
code is simply moved from qmp_transaction(), except that on fail it
just returns now. Other code such as input parsing is not touched,
to make it easier in review.
Anthony Liguori [Thu, 23 May 2013 19:16:34 +0000 (14:16 -0500)]
Merge remote-tracking branch 'luiz/queue/qmp' into staging
# By Michael Roth (10) and others
# Via Luiz Capitulino
* luiz/queue/qmp:
monitor: allow to disable the default monitor
ui/input.c: replace magic numbers with macros
qapi: add native list coverage for QMP input visitor tests
qapi: add native list coverage for QMP output visitor tests
qapi: add native list coverage for visitor serialization tests
qapi: fix visitor serialization tests for numbers/doubles
qapi: add QMP input test for large integers
json-parser: fix handling of large whole number values
qapi: enable generation of native list code
qapi: qapi-visit.py, native list support
qapi: qapi-visit.py, fix list handling for union types
qapi: qapi-types.py, native list support
Michael Roth [Fri, 10 May 2013 22:46:07 +0000 (17:46 -0500)]
qapi: fix visitor serialization tests for numbers/doubles
We never actually stored the stringified double values into the strings
before we did the comparisons. This left number/double values completely
uncovered in test-visitor-serialization tests.
Fixing this exposed a bug in our handling of large whole number values
in QEMU's JSON parser which is now fixed.
Simplify the code while we're at it by dropping the
calc_float_string_storage() craziness in favor of GStrings.
Michael Roth [Fri, 10 May 2013 22:46:06 +0000 (17:46 -0500)]
qapi: add QMP input test for large integers
Large integers previously got capped to LLONG_MAX/LLONG_MIN so we could
store them as int64_t. This could lead to silent errors occuring.
Now, we use a double to handle these cases.
Add a test to confirm that QMPInputVisitor handles this as expected if
we're expected an integer value: errors for out of range integer values
that got promoted to doubles in this fashion.
Michael Roth [Fri, 10 May 2013 22:46:05 +0000 (17:46 -0500)]
json-parser: fix handling of large whole number values
Currently our JSON parser assumes that numbers lacking a fractional
value are integers and attempts to store them as QInt/int64 values. This
breaks in the case where the number overflows/underflows int64 values (which
is still valid JSON)
Fix this by detecting such cases and using a QFloat to store the value
instead.
Michael Roth [Fri, 10 May 2013 22:46:01 +0000 (17:46 -0500)]
qapi: qapi-visit.py, fix list handling for union types
Currently we assume non-list types when generating visitor routines for
union types. This is broken, since values like ['Type'] need to mapped
to 'TypeList'.
We already have a type_name() function to handle this that we use for
generating struct visitors, so use that here as well.
Anthony Liguori [Wed, 22 May 2013 13:22:36 +0000 (08:22 -0500)]
Merge remote-tracking branch 'mjt/trivial-patches' into staging
# By Christophe Lyon (1) and others
# Via Michael Tokarev
* mjt/trivial-patches:
target-moxie: replace target_phys_addr_t with hwaddr
Rename hexdump to avoid FreeBSD libutil conflict
remove some double-includes
translate: remove redundantly included qemu/timer.h
Remove twice include of qemu-common.h
fix /proc/self/maps output
Virtio-net driver currently negotiates network offloads
on startup via features mechanism and have no ability to
disable and re-enable offloads later.
This patch introduced a new control command that allows
to configure device network offloads state dynamically.
The patch also introduces a new feature flag
VIRTIO_NET_F_CTRL_GUEST_OFFLOADS.
Lei Li [Tue, 21 May 2013 10:27:58 +0000 (18:27 +0800)]
chardev: Make the name of memory device consistent
Now we have memory char device, but the backend name of it
is a little confusion. We actually register it by 'memory', but
the description in qemu-option, the name of open functions
and the new api backend called it 'ringbuf'. It should keep
consistent. This patch named it all to 'memory'.
linux-user: Save the correct resume address for MIPS signal handling
The current ISA mode needs to be saved in bit 0 of the resume address.
If the current instruction happens to be in a branch delay slot, then
the address of the preceding jump instruction should be stored instead.
exception_resume_pc already does both of these tasks, so it is
made available and reused.
MIPS_HFLAG_BMASK in hflags is cleared, otherwise QEMU may treat the
first instruction of the signal handler as a delay slot instruction.
linux-user: Fix MIPS ISA transitions during signal handling
Processors supporting the MIPS16 or microMIPS ISAs set bit 0 in target
addresses to indicate that the target is written using a compressed ISA.
During signal handling, when jumping to or returning from a signal
handler, bit 0 of the destination PC is inspected and MIPS_HFLAG_M16 in
hflags cleared or set accordingly. Bit 0 of the PC is then cleared.
Hervé Poussineau [Mon, 20 May 2013 10:33:08 +0000 (12:33 +0200)]
osdep: fix qemu_anon_ram_free trace (+ fix compilation on 32 bit hosts)
Commit e7a09b92b70786f9e8c5fbf787e0248c6ebbe707 added a trace at each
memory freeing, but unfortunately inverted size and pointer when printing
them. Fix trace.
This also led to a compilation error on 32 bit hosts:
In file included from include/trace.h:4:0,
from trace/generated-events.c:3:
./trace/generated-tracers.h: In function ‘trace_qemu_anon_ram_free’:
./trace/generated-tracers.h:64:9: error: format ‘%zu’ expects argument of type
‘size_t’, but argument 3 has type ‘void *’ [-Werror=format]
./trace/generated-tracers.h:64:9: error: format ‘%p’ expects argument of type
‘void *’, but argument 4 has type ‘size_t’ [-Werror=format]
Lei Li [Mon, 20 May 2013 06:51:03 +0000 (14:51 +0800)]
chardev: Make consistent with udp device for new qapi backend
When register and open a chardev udp, the backend name should be udp
not dgram, and we do not have backend dgram in the chardev list. This
patch makes the new qapi udp backend consistent with the original
udp device.
Petar Jovanovic [Sat, 18 May 2013 01:53:41 +0000 (03:53 +0200)]
target-mips: fix EXTPDP and setting up pos field in the DSPControl reg
This change makes sure that modifications of pos field in the DSPControl
register do not trash other bits in the register. This bug can be triggered
with the additional test case in mips32-dsp/extpdp.c in this commit.
In addition to this, this change corrects incorrect calculation of the mask
for EXTPDP.
projects / qemu.git / log