Peter Maydell [Tue, 20 Aug 2013 13:54:28 +0000 (14:54 +0100)]
target-arm: Make IRQ and FIQ gpio lines on the CPU object
Now that ARMCPU is a subclass of DeviceState, we can make the
CPU's inbound IRQ and FIQ lines be simply gpio lines, which
means we can remove the odd arm_pic shim.
We retain the arm_pic_init_cpu() function as a backwards
compatibility shim layer so we can convert the board models
to get the IRQ and FIQ lines directly from the ARMCPU
object one at a time.
Peter Maydell [Tue, 20 Aug 2013 13:54:28 +0000 (14:54 +0100)]
target-arm: Implement 'int' loglevel
The 'int' loglevel for recording interrupts and exceptions
requires support in the target-specific code. Implement
it for ARM. This improves debug logging in some situations
that were otherwise pretty opaque, such as when we fault
trying to execute at an exception vector address, which
would otherwise cause an infinite loop of taking exceptions
without any indication in the debug log of what was going on.
Aurelien Jarno [Mon, 12 Aug 2013 19:34:53 +0000 (21:34 +0200)]
mips_malta: do not raise exceptions when accessing invalid memory
Since commit c658b94f6e8c206c59d02aa6fbac285b86b53d2c, MIPS raises
exceptions when accessing invalid memory. This is not the correct
behaviour for MIPS Malta Core LV, as the GT-64120A system controller
just ignore undecoded access. This feature is used by the Linux kernel
to probe for some devices.
Emulate the correct behaviour in QEMU by adding an empty slot covering
the entire memory space decoded by the GT-64120A.
James Hogan [Thu, 8 Aug 2013 11:09:38 +0000 (12:09 +0100)]
qemu-char: fix infinite recursion connecting to monitor pty
Since commit bd5c51e (qemu-char: don't issue CHR_EVENT_OPEN in a BH), an
infinite recursion occurs when putting the monitor on a pty (-monitor
pty) and connecting a terminal to the slave port.
This is because of the qemu_chr_be_event(s, CHR_EVENT_OPENED) added to
qemu_chr_be_generic_open(). This event is captured by monitor_event()
which prints a welcome message to the character device. The flush of
that welcome message retriggers another open event in pty_chr_state()
because it checks s->connected, but only sets it to 1 after calling
qemu_chr_be_generic_open().
I've fixed this by setting s->connected = 1 before the call to
qemu_chr_be_generic_open() instead of after, so that the recursive
pty_chr_state() doesn't call it again.
An example snippet of repeating backtrace:
...
#107486 0x007aec58 in monitor_flush (mon=0xf418b0) at qemu/monitor.c:288
#107487 0x007aee7c in monitor_puts (mon=0xf418b0, str=0x1176d07 "") at qemu/monitor.c:322
#107488 0x007aef20 in monitor_vprintf (mon=0xf418b0, fmt=0x8d4820 "QEMU %s monitor - type 'help' for more information\n",
ap=0x7f432be0) at qemu/monitor.c:339
#107489 0x007aefac in monitor_printf (mon=0xf418b0, fmt=0x8d4820 "QEMU %s monitor - type 'help' for more information\n")
at qemu/monitor.c:347
#107490 0x007ba4bc in monitor_event (opaque=0xf418b0, event=2) at qemu/monitor.c:4699
#107491 0x00684c28 in qemu_chr_be_event (s=0xf37788, event=2) at qemu/qemu-char.c:108
#107492 0x00684c70 in qemu_chr_be_generic_open (s=0xf37788) at qemu/qemu-char.c:113
#107493 0x006880a4 in pty_chr_state (chr=0xf37788, connected=1) at qemu/qemu-char.c:1145
#107494 0x00687fa4 in pty_chr_update_read_handler (chr=0xf37788) at qemu/qemu-char.c:1121
#107495 0x00687c9c in pty_chr_write (chr=0xf37788, buf=0x70b3c008 <Address 0x70b3c008 out of bounds>, len=538720)
at qemu/qemu-char.c:1063
#107496 0x00684cc4 in qemu_chr_fe_write (s=0xf37788, buf=0x70b3c008 <Address 0x70b3c008 out of bounds>, len=538720)
at qemu/qemu-char.c:118
...
Marcel Apfelbaum [Sun, 11 Aug 2013 15:10:42 +0000 (18:10 +0300)]
hw/misc: don't create pvpanic device by default
This patch is based on Hu Tao's:
http://lists.nongnu.org/archive/html/qemu-devel/2013-08/msg00124.html
No need to hard-code pvpanic as part of the machine.
It can be added with "-device pvpanic" from command line (The next patch).
Anyway, for backport compatibility it is still part of 1.5
machine.
Eduardo Habkost [Fri, 9 Aug 2013 14:11:36 +0000 (11:11 -0300)]
pc: Remove PCLMULQDQ from Westmere on pc-*-1.4 and older
Commit 41cb383f42d0cb51d8e3e25e3ecebc954dd4196f made a guest-visible
change by adding the PCLMULQDQ bit to Westmere without adding
compatibility code to keep the ABI for older machine-types.
Fix it by adding the missing compat code.
If the user is listening on '[::]', then we will not have a opened a device
yet and have no way of verifying if the device is RoCE or not.
In this case, the source VM will throw an error for ALL types of
connections (both IPv4 and IPv6) if the destination machine does not have
a regular infiniband network available for use.
The only way to gaurantee that an error is thrown for broken kernels is
for the management software to choose a *specific* interface at bind time
and validate what time of hardware it is.
Unfortunately, this puts the user in a fix:
If the source VM connects with an IPv4 address without knowing that the
destination has bound to '[::]' the migration will unconditionally fail
unless the management software is not explicitly listening on the the IPv4
address while using a RoCE-based device.
If the source VM connects with an IPv6 address, then we're OK because we can
throw an error on the source (and similarly on the destination).
But in mixed environments, this will be broken for a while until it is fixed
inside linux.
We do provide a *tiny* bit of help in mixed environments, though in this patch:
We can list all of the devices in the system and check to see if all the
devices are RoCE or Infiniband.
If we detect that we have a *pure* RoCE environment, then we can safely
thrown an error even if the management sofware has specified '[::]' as the
bind address.
However, if there is are multiple hetergeneous devices, then we cannot make
this assumption and the user just has to be sure they know what they are doing.
Paolo Bonzini [Fri, 9 Aug 2013 17:35:01 +0000 (12:35 -0500)]
pc_sysfw: remove the rom_only property
With the new semantics of pc_sysfw (no -pflash implies "old-style" ROM setup,
-pflash implies "new-style" ROM setup), there is no need anymore for a compat
property. Old machines simply will never use -pflash, and thus will always
use old-style setup.
This cleans up after 9e1c2ec (which accidentally left variable
pc_sysfw_flash_vs_rom_bug_compatible behind, value always zero), and
buries dead code from commit dafb82e (which resurrected the pc_sysfw
code for pc_sysfw_flash_vs_rom_bug_compatible by mistake).
qemu-option: Guard against qemu_opts_set_defaults() misuse
Commit 6d4cd40 fixed qemu_opts_set_defaults() for an existing corner
case, but broke it for another one that can't be reached in current
code.
Quote from its commit message:
I believe [opts_parse()] attempts to do the following:
If options don't yet exist, create new options
Else, if defaults, modify the existing options
Else, if list->merge_lists, modify the existing options
Else, fail
The only caller that passes true for defaults is
qemu_opts_set_defaults().
The commit message then claims:
A straightforward call of qemu_opts_create() does exactly that.
Wrong. When !list->merge_lists, and the option string doesn't contain
id=, and options without ID exist, then we don't actually modify the
existing options, we create new ones.
Not reachable, because we never pass lists with !list->merge_lists to
qemu_opts_set_defaults().
Guard against possible (if unlikely) future misuse with assert().
Paolo Bonzini [Wed, 31 Jul 2013 06:19:52 +0000 (08:19 +0200)]
LICENSE: clarify
1) The GPL says that "if the Program does not specify a version number
of this License, you may choose any version ever published by the Free
Software Foundation". This is not true, QEMU includes parts that are
v2-only.
2) Provide a default for files with no licensing information.
3) It is not just hardware emulation that is under BSD license.
4) Restrict GPLv2-only contributions to user mode emulation (due to
code from Linux) and PCI passthrough (due to code from Neocleus).
5) The rules were initially set by Fabrice but are being amended by
other people (already in commit ee12e1f, LICENSE: There is no libqemu.a
anymore, 2011-11-15). Do not put words in his mouth.
Paolo Bonzini [Wed, 31 Jul 2013 06:19:51 +0000 (08:19 +0200)]
raw: add license header
Most of the block layer is under the BSD license, thus it is reasonable
to license block/raw.c the same way. CCed people should ACK by replying
with a Signed-off-by line.
Anthony Liguori [Mon, 12 Aug 2013 13:32:55 +0000 (08:32 -0500)]
Merge remote-tracking branch 'mst/tags/for_anthony' into staging
pci,virtio fixes for 1.6
This includes some last-minute bugfixes for 1.6.
All very small patches that also look very safe to me.
Signed-off-by: Michael S. Tsirkin <[email protected]>
# gpg: Signature made Mon 12 Aug 2013 04:28:57 AM CDT using RSA key ID D28D5469
# gpg: Can't check signature: public key not found
# By Michael S. Tsirkin (2) and others
# Via Michael S. Tsirkin
* mst/tags/for_anthony:
vhost: clear signalled_used_valid on vhost stop
virtio: clear signalled_used_valid when switching from dataplane
i82801b11: Fix i82801b11 PCI host bridge config space
pc: disable pci-info for 1.6
Anthony Liguori [Mon, 12 Aug 2013 13:32:43 +0000 (08:32 -0500)]
Merge remote-tracking branch 'pmaydell/tags/pull-arm-devs-20130812' into staging
arm-devs queue
# gpg: Signature made Mon 12 Aug 2013 05:58:14 AM CDT using RSA key ID 14360CDE
# gpg: Can't check signature: public key not found
# By Peter Maydell
# Via Peter Maydell
* pmaydell/tags/pull-arm-devs-20130812:
hw/virtio/virtio-mmio: Make QueueNumMax read 0 for unavailable queues
hw/virtio/virtio: Don't allow guests to add/remove queues
Peter Maydell [Fri, 26 Jul 2013 15:41:28 +0000 (16:41 +0100)]
hw/virtio/virtio-mmio: Make QueueNumMax read 0 for unavailable queues
The virtio-mmio spec says that QueueNumMax must read zero for queues
which are unavailable; implement this, rather than always returning
VIRTQUEUE_MAX_SIZE.
When vhost device stops, its implementation synchronizes kernel state
back to virtio.c so we can continue emulating the device
in userspace.
This patch ensures that virtio.c's signalled_used_valid flag is reset so
that userspace does not suppress guest notifications due to stale
signalled_used values.
Stefan Hajnoczi [Mon, 12 Aug 2013 09:08:09 +0000 (11:08 +0200)]
virtio: clear signalled_used_valid when switching from dataplane
When the dataplane thread stops, its vring.c implementation synchronizes
vring state back to virtio.c so we can continue emulating the virtio
device.
This patch ensures that virtio.c's signalled_used_valid flag is reset so
that we do not suppress guest notifications due to stale signalled_used
values.
The BIOS that we ship in 1.6 does not use pci info
from host (yet). Several issues turned up
(e.g. around winXP boot crashes). So it's safest to disable that
interface for 1.6 machine types for now, leave it on for 1.7
as we have enough time to fix issues if any.
Mike Qiu [Thu, 8 Aug 2013 14:45:16 +0000 (10:45 -0400)]
block: Bugfix 'format' and 'snapshot' used in drive option
When use -drive file='xxx',format=qcow2,snapshot=on the error
message "Can't use snapshot=on with driver-specific options"
can be show, and fail to start the qemu.
This should not be happened, and there is no file.driver option
in qemu command line.
Peter Maydell [Fri, 26 Jul 2013 15:41:27 +0000 (16:41 +0100)]
hw/virtio/virtio: Don't allow guests to add/remove queues
A queue size of 0 is used to indicate a nonexistent queue, so
don't allow the guest to flip a queue between zero-size and
non-zero-size. Don't permit setting of negative queue sizes
either.
Now that this code path is not triggered anymore during the tests,
revert commit b332d24a8e1290954029814d09156b06ede358e2. Booting a MIPS
target without kernel nor bios doesn't really make sense. At the same
time replace fprintf(stderr, ...) by error_report().
James Hogan [Thu, 8 Aug 2013 14:40:23 +0000 (15:40 +0100)]
tcg/mips: fix invalid op definition errors
tcg/mips/tcg-target.h defines various operations conditionally depending
upon the isa revision, however these operations are included in
mips_op_defs[] unconditionally resulting in the following runtime errors
if CONFIG_DEBUG_TCG is defined:
Invalid op definition for movcond_i32
Invalid op definition for rotl_i32
Invalid op definition for rotr_i32
Invalid op definition for deposit_i32
Invalid op definition for bswap16_i32
Invalid op definition for bswap32_i32
tcg/tcg.c:1196: tcg fatal error
Fix with ifdefs like the i386 backend does for movcond_i32.
Laszlo Ersek [Tue, 6 Aug 2013 10:37:10 +0000 (12:37 +0200)]
dump: populate guest_phys_blocks
While the machine is paused, in guest_phys_blocks_append() we register a
one-shot MemoryListener, solely for the initial collection of the valid
guest-physical memory ranges that happens at listener registration time.
For each range that is reported to guest_phys_blocks_region_add(), we
attempt to merge the range with the preceding one.
Ranges can only be joined if they are contiguous in both guest-physical
address space, and contiguous in host virtual address space.
The "maximal" ranges that remain in the end constitute the guest-physical
memory map that the dump will be based on.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=981582
Laszlo Ersek [Tue, 6 Aug 2013 10:37:09 +0000 (12:37 +0200)]
dump: introduce GuestPhysBlockList
The vmcore must use physical addresses that are visible to the guest, not
addresses that point into linear RAMBlocks. As first step, introduce the
list type into which we'll collect the physical mappings in effect at the
time of the dump.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=981582
Laszlo Ersek [Tue, 6 Aug 2013 10:37:08 +0000 (12:37 +0200)]
dump: clamp guest-provided mapping lengths to ramblock sizes
Even a trusted & clean-state guest can map more memory than what it was
given. Since the vmcore contains RAMBlocks, mapping sizes should be
clamped to RAMBlock sizes. Otherwise such oversized mappings can exceed
the entire file size, and ELF parsers might refuse even the valid portion
of the PT_LOAD entry.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=981582
Paolo Bonzini [Sun, 28 Jul 2013 12:35:54 +0000 (14:35 +0200)]
fw_cfg: the I/O port variant expects little-endian
The I/O port variant of fw_cfg is used by sparc64, which is a big-endian machine.
Firmware swaps bytes before sending them to fw_cfg, so we need to unswap them in
the device.
This is only used on sparc64 and on (little-endian) x86, so it does not affect
any other target. 32-bit Sparc and PPC all use memory-mapped fw_cfg.
Andreas Färber [Mon, 5 Aug 2013 20:59:46 +0000 (22:59 +0200)]
target-ppc: Fix POWER7+ model
Commit 03a15a5436ed7723f406f15cc3798aa9991e75b5 claimed to add a POWER7+
model but instead added a "POWER7P" model, with an unhelpful "POWER7P"
description on top. Fix this to "POWER7+" as we already have "POWER3+",
"POWER4+" and "POWER5+" and there being no reason to deviate with the
user-visible command line -cpu POWER7P from the marketing name POWER7+.
Further, don't needlessly deviate from the scheme of naming PVR constant,
QOM type and device description after the exact revision that is in fact
encoded in the PVR used.
That way, we can change the user-friendly alias -cpu POWER7+ to point to a
different revision if we so desire, while not polluting the type namespace.
This naming scheme is sensible and completely orthogonal to how PVRs may
or may not get matched to CPU types.
rom_copy failed to load roms with a "datasize" of 0.
As a result, multiboot kernels were not loaded correctly
when they contain a segment with a "file size" of 0.
Signed-off-by: Martijn van den Broek <[email protected]> Reviewed-by: Paolo Bonzini <[email protected]>
Message-id: CAG1x_oET1u3TMPu3r_zzd3ZXsTWQLiaM0zAc+RkHFCwvJjGOvg@mail.gmail.com Signed-off-by: Anthony Liguori <[email protected]>
Anthony Liguori [Wed, 7 Aug 2013 17:43:27 +0000 (12:43 -0500)]
Merge remote-tracking branch 'kwolf/for-anthony' into staging
# By Fam Zheng (8) and others
# Via Kevin Wolf
* kwolf/for-anthony:
vmdk: rename num_gtes_per_gte to num_gtes_per_gt
vmdk: use heap allocation for whole_grain
vmdk: check l1 size before opening image
vmdk: check l2 table size when opening
vmdk: check granularity field in opening
qemu-iotests: add empty test case for vmdk
qemu-iotests: add poke_file utility function
vmdk: use unsigned values for on disk header fields
vmdk: Make VMDK3Header and VmdkGrainMarker QEMU_PACKED
sheepdog: add missing .bdrv_has_zero_init
qemu-iotests: filter QEMU version in monitor banner
iov: handle EOF in iov_send_recv
ignore SIGPIPE in qemu-img and qemu-io
qemu-img: Error out for excess arguments
Andreas Färber [Fri, 2 Aug 2013 16:56:05 +0000 (18:56 +0200)]
target-i386: Fix X86CPU error handling
Error **errp argument is not for emitting warnings, it means an error
has occurred and the caller should not make any assumptions about the
state of other return values (unless otherwise documented).
Therefore cpu_x86_create() must unref the new X86CPU itself, and
pc_new_cpu() must check for an Error rather than NULL return value.
Fam Zheng [Tue, 6 Aug 2013 07:44:54 +0000 (15:44 +0800)]
vmdk: use heap allocation for whole_grain
We should never grow the stack beyond 1 MB, otherwise we'll fall off the
end. Thread stacks and coroutine stacks (1 MB) do not grow.
get_cluster_offset() allocates a big stack offset, it will fail for big
cluster images, change to heap allocated buffer.
Fam Zheng [Tue, 6 Aug 2013 07:44:53 +0000 (15:44 +0800)]
vmdk: check l1 size before opening image
L1 table size is calculated from capacity, granularity and l2 table
size. If capacity is too big or later two are too small, the L1 table
will be too big to allocate in memory. Limit it to a reasonable range.
Fam Zheng [Tue, 6 Aug 2013 07:44:51 +0000 (15:44 +0800)]
vmdk: check granularity field in opening
Granularity is used to calculate the cluster size and allocate r/w
buffer. Check the value from image before using it, so we don't abort()
for unbounded memory allocation.
Stefan Hajnoczi [Tue, 6 Aug 2013 07:44:49 +0000 (15:44 +0800)]
qemu-iotests: add poke_file utility function
The new poke_file function sets bytes at an offset in a file given a
printf-style format string. It can be used to corrupt an image file for
test coverage of error paths.
Leon Alrae [Tue, 6 Aug 2013 10:59:25 +0000 (11:59 +0100)]
target-mips: fix decoding of microMIPS POOL32Axf instructions
Fix incorrect assumption that DSP and non-DSP versions of the following
instructions have the same encoding:
MULT, MULTU, MADD, MADDU, MSUB, MSUBU, MFHI, MFLO, MTHI, MTLO.
Correct the existing (non-DSP) instructions and add DSP equivalents.
Reference:
MIPS Architecture for Programmers Volume II-B: The microMIPS32
Instruction Set
MIPS Architecture for Programmers Volume IV-e: The MIPS DSP Module for
the microMIPS32 Architecture
Liu Yuan [Tue, 6 Aug 2013 06:44:37 +0000 (14:44 +0800)]
sheepdog: add missing .bdrv_has_zero_init
Commit 3ac21627 changed the behaviour of bdrv_has_zero_init() to default
to 0. In the review for Sheepdog it turned out that enabling it is safe,
so that commit updated one BlockDriver definition of sheepdog to use
bdrv_has_zero_init_1, missed however that there are more BlockDrivers in
the driver. Fix these now.
Kevin Wolf [Mon, 5 Aug 2013 08:53:04 +0000 (10:53 +0200)]
qemu-img: Error out for excess arguments
Don't silently ignore excess arguments at the end of the command line,
but error out instead. This can catch typos like 'resize test.img + 1G',
which doesn't increase the image size by 1G as intended, but truncates
the image to 1G. Even for less dangerous commands, the old behaviour is
confusing.
semaphore: fix a hangup problem under load on NetBSD hosts.
Fix following bugs in "fallback implementation of counting semaphores
with mutex+condvar" added in c166cb72f1676855816340666c3b618beef4b976:
- waiting threads are not restarted properly if more than one threads
are waiting unblock signals in qemu_sem_timedwait()
- possible missing pthread_cond_signal(3) calls when waiting threads
are returned by ETIMEDOUT
- fix an uninitialized variable
The problem is analyzed by and fix is provided by Noriyuki Soda.
Also put additional cleanup suggested by Laszlo Ersek:
- make QemuSemaphore.count unsigned (it won't be negative)
- check a return value of in pthread_cond_wait() in qemu_sem_wait()
RDMA does not use sockets, so we cannot use many of the socket
helper functions, but we *do* use inet_parse() which gives
RDMA all the necessary details of the connection parameters.
However, when testing with libvirt, a simple IPv6 migration test failed
because we were not using getaddrinfo() properly.
Andreas Färber [Sun, 4 Aug 2013 13:05:01 +0000 (15:05 +0200)]
pxa2xx: Avoid object_get_link_property() assertion for "parent_bus"
pxa2xx_i2c_init() creates a pxa2xx-i2c-slave device on a second i2c-bus,
which has a NULL parent device. This causes an assertion in
object_get_canonical_path() when accessing pxa2xx-i2c-slave's
"parent_bus" link<bus> property in tosa and likely other PXA2xx machines.
Fix this by using the pxa2xx_i2c device, created just before, as parent.
projects / qemu.git / log