aliguori [Sat, 8 Nov 2008 16:27:07 +0000 (16:27 +0000)]
Use an option rom instead of boot sector for -kernel
Generate an option rom instead of using a hijacked boot sector for kernel
booting. This just requires adding a small option ROM header and a few more
instructions to the boot sector to take over the int19 vector and run our
boot code.
A disk is no longer needed when using -kernel on x86.
aurel32 [Fri, 7 Nov 2008 14:00:24 +0000 (14:00 +0000)]
target-alpha: fix locked loads/stores
Fix reading of cpu_lock in gen_qemu_stql_c, original patch from Laurent
Desnogues.
A new flag was added to gen_store_mem to allocate local temps instead
of temps; this flag should be set when the tcg_gen_qemu_store callback
uses brcond before using the temps or else liveness analysis will get
rid of the temps.
This also adds lock printing in cpu_dump_state which can help
debug.
malc [Thu, 6 Nov 2008 18:54:46 +0000 (18:54 +0000)]
Fix interrupt exclusion via SSTEP_NOIRQ
Commit #5620 revealed an issue of the SSTEP_NOIRQ masking that was
applied on all interrupt sources (including internal ones) when single
stepping through the guest. Due to that commit, we now ended up in an
infinite loop when CPU_INTERRUPT_EXIT was pending on SSTEP resume. That
was due to #5620 eating all TBs while CPU_INTERRUPT_EXIT is pending, but
SSTEP_NOIRQ preventing CPU_INTERRUPT_EXIT to be processed.
What SSTEP_NOIRQ should actually do is to block the delivery of all
external, guest visible interrupts. With the fix below applied, single
stepping now works again.
aurel32 [Thu, 6 Nov 2008 09:16:57 +0000 (09:16 +0000)]
target-alpha: Fix ret instruction
Hopefully pine doesn't corrupt this patch, I've had problems recently.
For an alpha "ret" instruction, of the type
ret $26
The return was being ignored. This is because in translate.c
register $26 (the return address) was being over-written with the current
PC before it could be jumped to. Thus the ret was ignored.
This patch just re-orders things so the return address is processed before
it is over-written with the current PC.
aliguori [Wed, 5 Nov 2008 21:22:34 +0000 (21:22 +0000)]
Fix windows build after init_host_timer changes.
host_alarm_timer fires in a separate thread. The windows build current
uses SetEvent() and WaitEvent() to then notify the main thread. This is
functionally equivalent to what we're doing in Unix with pipe(). So let's
just #ifdef the pipe() code on Windows since it doesn't build there anyway.
aliguori [Wed, 5 Nov 2008 20:29:45 +0000 (20:29 +0000)]
Fix alarm_timer race with select - v3 (Jan Kiszka)
Changing the default IO timeout to 5 s (#5578) made a race visible
between the alarm_timer and select() in main_loop_wait(): If the timer
fired before select was able to block, the full select() timeout could
have been applied instead of returning immediately. Since #5578, this
causes heavy problems to the Musicpal board emulation with stalls up to
5 s, but also with some older Linux guest kernels.
The following patch introduces a pipe that is written to by
host_alarm_handler and select()'ed in main_loop_wait(). This avoids
prevents that select() blocks though a timer has fired and waits for
processing.
blueswir1 [Wed, 5 Nov 2008 20:24:35 +0000 (20:24 +0000)]
SM501 emulation for R2D-SH4
This patch adds minimum emulation of SM501 multifunction device,
whose main feature is 2D graphics. It is one of the peripheral
of R2D, the SH4 evaluation board. We can see TUX printed on the
QEMU console.
aliguori [Wed, 5 Nov 2008 16:04:33 +0000 (16:04 +0000)]
Add KVM support to QEMU
This patch adds very basic KVM support. KVM is a kernel module for Linux that
allows userspace programs to make use of hardware virtualization support. It
current supports x86 hardware virtualization using Intel VT-x or AMD-V. It
also supports IA64 VT-i, PPC 440, and S390.
This patch only implements the bare minimum support to get a guest booting. It
has very little impact the rest of QEMU and attempts to integrate nicely with
the rest of QEMU.
Even though this implementation is basic, it is significantly faster than TCG.
Booting and shutting down a Linux guest:
w/TCG: 1:32.36 elapsed 84% CPU
w/KVM: 0:31.14 elapsed 59% CPU
Right now, KVM is disabled by default and must be explicitly enabled with
-enable-kvm. We can enable it by default later when we have had better
testing.
aliguori [Wed, 5 Nov 2008 15:34:06 +0000 (15:34 +0000)]
Split CPUID from op_helper
KVM needs to call CPUID from outside of the TCG code. This patch
splits out the CPUID logic into a separate helper that both the op
helper and KVM can call.
malc [Tue, 4 Nov 2008 14:18:13 +0000 (14:18 +0000)]
Add safety net against potential infinite loop
cpu_interrupt might be called while translating the TB, but before it
is linked into a potentially infinite loop and becomes env->current_tb.
Currently this can (and does) cause huge problems only when using
dyntick clock, with other (periodic) clocks host_alarm_handler will
eventually be executed resulting in a call to cpu_interrupt which will
reset the recursion of running TB and the damage is "only" latency.
Move addi_i64, muli_i64 and subi_i64 out of #if TCG_TARGET_REG_BITS
as both implementations are strictly identical. Use the same
optimisation (ie when imm == 0) for addi_i64 and subi_64 than the
32-bit version.
aurel32 [Sat, 1 Nov 2008 00:53:39 +0000 (00:53 +0000)]
CVE-2008-4539: fix a heap overflow in Cirrus emulation
The code in hw/cirrus_vga.c has changed a lot between CVE-2007-1320 has
been announced and the patch has been applied. As a consequence it has
wrongly applied and QEMU is still vulnerable to this bug if using VNC.
aliguori [Fri, 31 Oct 2008 18:49:55 +0000 (18:49 +0000)]
Move CharDriverState code out of vl.c
The motivating goal behind this is to allow other tools to use the CharDriver
code. This patch is pure code motion except for the Makefile changes and the
copyright/header in qemu-char.c.
aliguori [Fri, 31 Oct 2008 18:44:40 +0000 (18:44 +0000)]
Move some declarations around in the QEMU CharDriver code
The goal of this series is to move the CharDriverState code out of vl.c and
into its own file, qemu-char.c. This patch moves around some declarations so
the next patch can be pure code motion.
aliguori [Fri, 31 Oct 2008 18:40:25 +0000 (18:40 +0000)]
Increase default IO timeout from 10ms to 5s
With the recent changes to the main loop, we no longer have unconditional
polling. This means we can now sleep in select() for much longer than we
previously did. This patch increases our select() sleep time from 10ms to 5s
which is effectively unlimited since we're going to wake up sooner than that
in almost all circumstances.
With this patch, I see the number of wake-ups with an idle dynamic ticks guest
drop from 80 per second to about 15 times per second.
aliguori [Fri, 31 Oct 2008 17:31:29 +0000 (17:31 +0000)]
Implement "info chardev" command. (Gerd Hoffmann)
This patch makes qemu keep track of the character devices in use and
implements a "info chardev" monitor command to print a list.
qemu_chr_open() sticks the devices into a linked list now. It got a new
argument (label), so there is a name for each device. It also assigns a
filename to each character device. By default it just copyes the
filename passed in. Individual drivers can fill in something else
though. qemu_chr_open_pty() sets the filename to name of the pseudo tty
allocated.
aliguori [Fri, 31 Oct 2008 17:28:00 +0000 (17:28 +0000)]
fix bdrv_aio_read API breakage in qcow2 (Andrea Arcangeli)
I noticed the qemu_aio_flush was doing nothing at all. And a flood of
cmd_writeb commands leading to a noop-invocation of qemu_aio_flush
were executed.
In short all 'memset;goto redo' places must be fixed to use the bh and
not to call the callback in the context of bdrv_aio_read or the
bdrv_aio_read model falls apart. Reading from qcow2 holes is possible
with phyisical readahead (kind of breada in linux buffer cache).
This is needed at least for scsi, ide is lucky (or it has been
band-aided against this API breakage by fixing the symptom and not the
real bug).
Same bug exists in qcow of course, can be fixed later as it's less
urgent.
aliguori [Fri, 31 Oct 2008 17:25:56 +0000 (17:25 +0000)]
Make DMA bottom-half driven (v2)
The current DMA routines are driven by a call in main_loop_wait() after every
select.
This patch converts the DMA code to be driven by a constantly rescheduled
bottom half. The advantage of using a scheduled bottom half is that we can
stop scheduling the bottom half when there no DMA channels are runnable. This
means we can potentially detect this case and sleep longer in the main loop.
The only two architectures implementing DMA_run() are cris and i386. For cris,
I converted it to a simple repeating bottom half. I've only compile tested
this as cris does not seem to work on a 64-bit host. It should be functionally
identical to the previous implementation so I expect it to work.
For x86, I've made sure to only fire the DMA bottom half if there is a DMA
channel that is runnable. The effect of this is that unless you're using sb16
or a floppy disk, the DMA bottom half never fires.
You probably should test this malc. My own benchmarks actually show slight
improvement by it's possible the change in timing could affect your demos.
Since v1, I've changed the code to use a BH instead of a timer. cris at least
seems to depend on faster than 10ms polling.
aliguori [Fri, 31 Oct 2008 17:24:21 +0000 (17:24 +0000)]
Make bottom halves more robust
Bottom halves are supposed to not complete until the next iteration of the main
loop. This is very important to ensure that guests can not cause stack
overflows in the block driver code. Right now, if you attempt to schedule a
bottom half within a bottom half callback, you will enter an infinite loop.
This patch uses the same logic that we use for the IOHandler loop to make the
bottom half processing robust in list manipulation while in a callback.
This patch also introduces idle scheduling for bottom halves. qemu_bh_poll()
returns an indication of whether any bottom halves were successfully executed.
qemu_aio_wait() uses this to immediately return if a bottom half was executed
instead of waiting for a completion notification.
qemu_bh_schedule_idle() works around this by not reporting the callback has
run in the qemu_bh_poll loop. qemu_aio_wait() probably needs some refactoring
but that would require a larger code audit. idle scheduling seems like a good
compromise.
aliguori [Wed, 29 Oct 2008 14:16:31 +0000 (14:16 +0000)]
Fix restore of older snapshots for target-i386 on big endian hosts
A target_ulong may be 64-bit. Passing it to a function expecting a 32-bit
pointer is wrong and unfortunately happens to work for x86. It won't work on
big endian hosts though. Change the code to work properly on all hosts.
projects / qemu.git / log