Klaus Stengel [Sat, 27 Oct 2012 17:53:39 +0000 (19:53 +0200)]
slirp: Add domain-search option to slirp's DHCP server
This patch will allow the user to include the domain-search option in
replies from the built-in DHCP server. The domain suffixes can be
specified by adding dnssearch= entries to the "-net user" parameter.
LWIP can generate packets with a source of 0.0.0.0, which triggers an
assertion failure in arp_table_add(). Instead of crashing, simply return
to avoid adding an invalid ARP table entry.
Anthony Liguori [Wed, 14 Nov 2012 14:53:03 +0000 (08:53 -0600)]
Merge remote-tracking branch 'kraxel/pixman.v5' into staging
* kraxel/pixman.v5:
pixman: cleanup properly on make distclean
pixman: add licensing info
pixman: build internal version early
pixman: pass cflags, add -fPIC
pixman: disable gtk
pixman: set --host for cross builds
pixman: add output dir to include path
Anthony Liguori [Wed, 14 Nov 2012 14:51:06 +0000 (08:51 -0600)]
Merge remote-tracking branch 'bonzini/nbd-next' into staging
* bonzini/nbd-next:
nbd: fixes to read-only handling
hmp: add NBD server commands
nbd: disallow nbd-server-add before nbd-server-start
nbd: force read-only export for read-only devices
nbd: fix nbd_server_stop crash when no server was running
nbd: accept URIs
nbd: accept relative path to Unix socket
qemu-nbd: initialize main loop before block layer
Anthony Liguori [Wed, 14 Nov 2012 14:50:45 +0000 (08:50 -0600)]
Merge remote-tracking branch 'bonzini/scsi-next' into staging
* bonzini/scsi-next:
virtio-scsi: use dma_context_memory
dma: Define dma_context_memory and use in sysbus-ohci
megasas: Correct target/lun mapping
scsi-disk: flush cache after disabling it
megasas: do not include block_int.h
scsi: remove superfluous call to scsi_device_set_ua
virtio-scsi: factor checks for VIRTIO_SCSI_S_DRIVER_OK when reporting events
scsi: do not return short responses for emulated commands
Anthony Liguori [Wed, 14 Nov 2012 14:50:18 +0000 (08:50 -0600)]
Merge remote-tracking branch 'kraxel/usb.70' into staging
* kraxel/usb.70:
ehci: fix migration
xhci: Fix some DMA host endian bugs
usb/combined-packet: Move freeing of combined to usb_combined_packet_remove()
xhci: Add support for packets with both data and an error status
ehci: Add support for packets with both data and an error status
ehci: Get rid of the magical PROC_ERR status
usb-redir: Allow packets to have both data and an error-status
usb: split packet result into actual_length + status
Alex Williamson [Tue, 13 Nov 2012 19:27:40 +0000 (12:27 -0700)]
vfio-pci: Add KVM INTx acceleration
This makes use of the new level irqfd support enabling bypass of qemu
userspace both on INTx injection and unmask. This significantly
boosts the performance of devices making use of legacy interrupts (ex.
~60% better netperf TCP_RR scores for an e1000e assigned to a Linux
guest and booted with pci=nomsi). This also avoids flipping mmaps on
and off to simulate EOIs, so greatly improves performance of device
access in addition to interrupt latency.
Paolo Bonzini [Tue, 13 Nov 2012 09:34:17 +0000 (10:34 +0100)]
nbd: fixes to read-only handling
We do not need BLKROSET if the kernel supports setting flags.
Also, always do BLKROSET even for a read-write export, otherwise
the read-only state remains "sticky" after the invocation of
"qemu-nbd -r".
Paolo Bonzini [Mon, 12 Nov 2012 12:30:10 +0000 (13:30 +0100)]
aio: fix aio_ctx_prepare with idle bottom halves
Commit ed2aec4867f0d5f5de496bb765347b5d0cfe113d changed the return
value of aio_ctx_prepare from false to true when only idle bottom
halves are available. This broke PC old-style DMA, which uses them.
Fix this by making aio_ctx_prepare return true only when non-idle
bottom halves are scheduled to run.
Peter Maydell [Mon, 29 Oct 2012 01:34:32 +0000 (11:34 +1000)]
dma: Define dma_context_memory and use in sysbus-ohci
Define a new global dma_context_memory which is a DMAContext corresponding
to the global address_space_memory AddressSpace. This can be used by
sysbus peripherals like sysbus-ohci which need to do DMA.
In particular, use it in the sysbus-ohci device, which fixes a
segfault when attempting to use that device.
Hannes Reinecke [Mon, 12 Nov 2012 14:42:42 +0000 (15:42 +0100)]
megasas: Correct target/lun mapping
The structure to reference a logical drive has an unused field,
which can be used to carry the lun ID. This enabled seabios to
establish the proper target/LUN mapping.
Paolo Bonzini [Wed, 31 Oct 2012 16:14:41 +0000 (17:14 +0100)]
scsi-disk: flush cache after disabling it
SBC says that "if an application client changes the WCE bit from one to
zero via a MODE SELECT command, then the device server shall write
any data in volatile cache to non-volatile medium before completing
the command".
Paolo Bonzini [Wed, 10 Oct 2012 10:18:03 +0000 (12:18 +0200)]
scsi: do not return short responses for emulated commands
The inquiry command, for the case of VPD=1, was returning short
responses; the number of returned bytes was just the number of bytes
in the request, without padding to the specified allocation length
with zero bytes. This is usually harmless, but it is a violation
of the SCSI specification.
To fix this, always pad with zero bytes to r->cmd.xfer in
scsi_disk_emulate_command, and return at most r->buflen bytes
(the size of the buffer for command data) rather than at most
buflen bytes (the number of bytes that was filled in).
Before this patch, "strace sg_inq -p0x83 /dev/sda" would report a
non-zero resid value. After this patch, it reports resid=0.
Eric Johnson [Sat, 10 Nov 2012 03:40:51 +0000 (19:40 -0800)]
target-mips: Fix seg fault for LUI when MIPS_DEBUG_DISAS==1.
The call to gen_logic_imm for OPC_LUI passes -1 for rs. This
causes the MIPS_DEBUG statement to seg fault due to the deference
of regnames[rs]. This patch fixes that.
Signed-off-by: Eric Johnson <[email protected]> Signed-off-by: Aurelien Jarno <[email protected]>
(aurel32: replaced static string formating by a static string)
Catalin Patulea [Mon, 29 Oct 2012 07:45:51 +0000 (03:45 -0400)]
tests/tcg: new test for i386 FPREM and FPREM1
This is setting the stage for a cleanup of FPREM and FPREM1 helpers while being
sure that they behave same as bare metal.
The test constructs operands using combinations of corner cases for the
floating-point bitfields and prints operands, result and FPU status word for
FPREM and FPREM1. The outputs can then be compared between bare metal and QEMU.
The 'run-test-i386-fprem' make target does just that.
Jan Kiszka [Mon, 5 Nov 2012 15:45:56 +0000 (16:45 +0100)]
memory: Reintroduce dirty flag to optimize changes on disabled regions
Cirrus is triggering this, e.g. during Win2k boot: Changes only on
disabled regions require no topology update when transaction depth drops
to 0 again.
BALATON Zoltan [Sun, 4 Nov 2012 17:41:59 +0000 (18:41 +0100)]
vmware_vga: Add back some info in local state partially reverting aa32b38c
Keep saving display surface parameters at init and using these cached
values instead of getting them when needed. Not sure why this is
needed (maybe due to the interaction with the vga device) but not
doing this broke the Xorg vmware driver at least.
Jan Kiszka [Sun, 4 Nov 2012 08:16:55 +0000 (09:16 +0100)]
kvmvapic: Fix TB invalidation after instruction patching
Since 0b57e287, cpu_memory_rw_debug already triggers a TB invalidation.
As it doesn't (and cannot) set is_cpu_write_access=1 but "consumes" the
currently executed TB, the tb_invalidate_phys_page_range call from
patch_instruction didn't work anymore.
Fix this by open-coding the required bits to restore the CPU state from
the current TB position before patching and resume execution on the
patched instruction afterward.
David Gibson [Mon, 5 Nov 2012 03:29:01 +0000 (14:29 +1100)]
xhci: Fix some DMA host endian bugs
The xhci device does correct endian switches on the results of some DMAs
but not all. In particular, there are many DMAs of what are essentially
arrays of 32-bit integers which never get byteswapped. This causes them
to be interpreted incorrectly on big-endian hosts, since (as per the xhci
spec) these arrays are always little-endian in guest memory.
This patch adds some helper functions to fix these bugs. This may not be
all the endian bugs in the xhci code, but it's certainly some of them and
the Linux guest xhci driver certainly gets further with these fixes.
Hans de Goede [Thu, 1 Nov 2012 16:15:01 +0000 (17:15 +0100)]
usb: split packet result into actual_length + status
Since with the ehci and xhci controllers a single packet can be larger
then maxpacketsize, it is possible for the result of a single packet
to be both having transferred some data as well as the transfer to have
an error.
An example would be an input transfer from a bulk endpoint successfully
receiving 1 or more maxpacketsize packets from the device, followed
by a packet signalling halt.
While already touching all the devices and controllers handle_packet /
handle_data / handle_control code, also change the return type of
these functions to void, solely storing the status in the packet. To
make the code paths for regular versus async packet handling more
uniform.
This patch unfortunately is somewhat invasive, since makeing the qemu
usb core deal with this requires changes everywhere. This patch only
prepares the usb core for this, all the hcd / device changes are done
in such a way that there are no functional changes.
This patch has been tested with uhci and ehci hcds, together with usb-audio,
usb-hid and usb-storage devices, as well as with usb-redir redirection
with a wide variety of real devices.
Note that there is usually no need to directly set packet->actual_length
form devices handle_data callback, as that is done by usb_packet_copy()
malc [Mon, 5 Nov 2012 17:47:04 +0000 (21:47 +0400)]
tcg/ppc32: Use trampolines to trim the code size for mmu slow path accessors
mmu access looks something like:
<check tlb>
if miss goto slow_path
<fast path>
done:
...
; end of the TB
slow_path:
<pre process>
mr r3, r27 ; move areg0 to r3
; (r3 holds the first argument for all the PPC32 ABIs)
<call mmu_helper>
b $+8
.long done
<post process>
b done
On ppc32 <call mmu_helper> is:
(SysV and Darwin)
mmu_helper is most likely not within direct branching distance from
the call site, necessitating
a. moving 32 bit offset of mmu_helper into a GPR ; 8 bytes
b. moving GPR to CTR/LR ; 4 bytes
c. (finally) branching to CTR/LR ; 4 bytes
(PowerOpen (AIX))
a. moving 32 bit offset of mmu_helper's TOC into a GPR1 ; 8 bytes
b. loading 32 bit function pointer into GPR2 ; 4 bytes
c. moving GPR2 to CTR/LR ; 4 bytes
d. loading 32 bit small area pointer into R2 ; 4 bytes
e. (finally) branching to CTR/LR ; 4 bytes
call - 4 bytes (trampoline is within code gen buffer
and most likely accessible via
direct branch)
embedded retaddr - 4 bytes
Total overhead - 8 bytes
In the end the icache pressure is decreased by 20/28 bytes at the cost
of an extra jump to trampoline and adjusting LR (to skip over embedded
retaddr) once inside.
Gerd Hoffmann [Fri, 2 Nov 2012 08:37:27 +0000 (09:37 +0100)]
spice: fix initialization order
Register displaychangelistener last, after spice is fully initialized,
otherwise we may hit NULL pointer dereferences when qemu starts calling
our callbacks.
Gerd Hoffmann [Tue, 30 Oct 2012 13:55:12 +0000 (14:55 +0100)]
qxl: call dpy_gfx_resize when entering vga mode
When entering vga mode the display size likely changes,
notify all displaychangelisteners about this.
Probably went unnoticed for a while as one if the first
things the guest does after leaving qxl native mode and
entering qxl vga mode is to set the vga video mode. But
there is still a small window where qemu can operate on
stale data, leading to crashes now and then.
Alon Levy [Mon, 15 Oct 2012 12:54:03 +0000 (14:54 +0200)]
hw/qxl: guest bug on primary create with stride %4 != 0
Due to usage of pixman for rendering on all spice surfaces we have
pixman's requirement that the stride be word aligned. A guest not
honoring that can crash spice and qemu with it due to failure to create
a surface (in spice-server). Avoid this early on in primary surface
creation and offscreen surface creation.
Recently windows guests got odd width support which triggers a non word
aligned primary surface in 16bit color depth. Off screen surfaces have
always been word aligned, but doesn't hurt to check them here too.
Blue Swirl [Sat, 3 Nov 2012 18:48:35 +0000 (18:48 +0000)]
target-mips: use ULL for 64 bit constants
Fix build on a 32 bit host:
CC mips-softmmu/target-mips/dsp_helper.o
/src/qemu/target-mips/dsp_helper.c: In function 'helper_dextr_rs_w':
/src/qemu/target-mips/dsp_helper.c:3556: error: integer constant is too large for 'long' type
/src/qemu/target-mips/dsp_helper.c: In function 'helper_extr_s_h':
/src/qemu/target-mips/dsp_helper.c:3656: error: integer constant is too large for 'long' type
BALATON Zoltan [Sat, 3 Nov 2012 11:47:08 +0000 (12:47 +0100)]
vmware_vga: Allow simple drivers to work without using the fifo
Postpone stopping the dirty log to the point where the command fifo is
configured to allow drivers which don't use the fifo to work too.
(Without this the picture rendered into the vram never got to the
screen and the DIRECT_VRAM option meant to support this case was
removed a year ago.)
BALATON Zoltan [Sat, 3 Nov 2012 11:47:08 +0000 (12:47 +0100)]
vmware_vga: Return a value for FB_SIZE before the device is enabled
According to the documentation drivers using this device should read
FB_SIZE before enabling the device to know what memory to map. This
would not work if we return 0 before enabled. The docs also mention
reading SVGA_REG_DEPTH but not writing it. (Only SVGA_REG_BITS_PER_PIXEL
can be written but we don't really support that either.)
Blue Swirl [Sat, 3 Nov 2012 12:55:05 +0000 (12:55 +0000)]
Merge branch 'trivial-patches' of git://github.com/stefanha/qemu
* 'trivial-patches' of git://github.com/stefanha/qemu:
pc: Drop redundant test for ROM memory region
exec: make some functions static
target-ppc: make some functions static
ppc: add missing static
vnc: add missing static
vl.c: add missing static
target-sparc: make do_unaligned_access static
m68k: Return semihosting errno values correctly
cadence_uart: More debug information
Yeongkyoon Lee [Wed, 31 Oct 2012 07:04:25 +0000 (16:04 +0900)]
tcg: Optimize qemu_ld/st by generating slow paths at the end of a block
Add optimized TCG qemu_ld/st generation which locates the code of TLB miss
cases at the end of a block after generating the other IRs.
Currently, this optimization supports only i386 and x86_64 hosts.
Yeongkyoon Lee [Wed, 31 Oct 2012 07:04:24 +0000 (16:04 +0900)]
tcg: Add extended GETPC mechanism for MMU helpers with ldst optimization
Add GETPC_EXT which is used by MMU helpers to selectively calculate the code
address of accessing guest memory when called from a qemu_ld/st optimized code
or a C function. Currently, it supports only i386 and x86-64 hosts.
Peter Maydell [Mon, 29 Oct 2012 12:05:11 +0000 (12:05 +0000)]
target-m68k/m68k-semi.c: Log when put_user for returning values fails
Abstract out the use of put_user for returning semihosting call results,
so that we can log when a guest erroneously attempts a semihosting call
with an unwritable argument block.
Paolo Bonzini [Fri, 2 Nov 2012 14:43:24 +0000 (15:43 +0100)]
vl: delay thread initialization after daemonization
Commit ac4119c (chardev: Use timer instead of bottom-half to postpone
open event, 2012-10-12) moved the alarm timer initialization to an earlier
point but failed to consider that it depends on qemu_init_main_loop.
Later, commit 1c53786 (vl: init main loop earlier, 2012-10-30) fixed
this, but left -daemonize in two different ways. First, timers need to
be reinitialized after forking. Second, the global mutex was being held
by the parent, and thus dropped after forking.
The first is now fixed using pthread_atfork. For the second part,
make sure that the global mutex is not taken before daemonization,
and similarly delay qemu_thread_self.
Anthony Liguori [Fri, 2 Nov 2012 18:06:28 +0000 (13:06 -0500)]
Merge remote-tracking branch 'bonzini/migr-coroutine' into staging
Signed-off-by: Anthony Liguori <[email protected]>
* bonzini/migr-coroutine:
migration: move process_incoming_migration to a coroutine
migration: handle EAGAIN while reading QEMUFile
migration: move qemu_fclose to process_incoming_migration
migration: close socket QEMUFile from socket_close
migration: xxx_close will only be called once
migration: use closesocket, not close
migration: use migrate_fd_close in migrate_fd_cleanup
migration: clean up server sockets and handlers before invoking process_incoming_migration
migration: replace qemu_stdio_fd with qemu_get_fd
migration: add qemu_get_fd
migration: consolidate QEMUFile methods in a single QEMUFileOps struct
migration: unify stdio-based QEMUFile operations
Paolo Bonzini [Tue, 7 Aug 2012 09:07:59 +0000 (11:07 +0200)]
migration: handle EAGAIN while reading QEMUFile
This will never happen right now (the assertion would fail). The
next patch will set the socket or pipe in non-blocking mode, thus
enabling this part of the code.
Coroutines can just stop whenever they want with qemu_coroutine_yield.
As soon as select tells the main loop that the migration stream is
readable, the coroutine is re-entered directly in qemu_get_buffer,
where it will read more data and pass it to the loading routines.
Paolo Bonzini [Thu, 27 Sep 2012 11:25:45 +0000 (13:25 +0200)]
migration: use migrate_fd_close in migrate_fd_cleanup
migrate_fd_cleanup will usually close the file descriptor via
buffered_file_close's call to migrate_fd_close. However, in the case
of s->file == NULL it is "inlining" migrate_fd_close (almost: there is a
direct close() instead of using s->close(s)). To fix the inconsistency
and clean up the code, allow multiple calls to migrate_fd_close and use
the function in migrate_fd_cleanup.
projects / qemu.git / log