aliguori [Tue, 9 Dec 2008 20:09:57 +0000 (20:09 +0000)]
KVM: Coalesced MMIO support
MMIO exits are more expensive in KVM or Xen than in QEMU because they
involve, at least, privilege transitions. However, MMIO write
operations can be effectively batched if those writes do not have side
effects.
Good examples of this include VGA pixel operations when in a planar
mode. As it turns out, we can get a nice boost in other areas too.
Laurent mentioned a 9.7% performance boost in iperf with the coalesced
MMIO changes for the e1000 when he originally posted this work for KVM.
aliguori [Tue, 9 Dec 2008 19:59:09 +0000 (19:59 +0000)]
Disable KVM support if the kernel modules have broken memory slot handling
Prior to kvm-80, memory slot deletion was broken in the KVM kernel
modules. In kvm-81, a new capability is introduced to signify that this
problem has been fixed.
Since we rely on being able to delete memory slots, refuse to work with
any kernel module that does not have this capability present.
aurel32 [Mon, 8 Dec 2008 18:12:26 +0000 (18:12 +0000)]
linux-user: Fix h2g usage in page_find_alloc
Paul's comment on my first approach to fix the h2g usage in
page_find_alloc finally open my eyes about what the code is actually
supposed to do:
With the help of h2g_valid we can no cleanly check if a freshly allocate
page (for host usage) is guest-reachable and, in case it is, mark it
reserved in the guest's address range.
aurel32 [Mon, 8 Dec 2008 18:12:11 +0000 (18:12 +0000)]
linux-user: Safety belt for h2g
h2g can only work on 64-bit hosts if the provided address is mappable to
the guest range. Neglecting this was already the source for several
bugs. Instrument the macro so that it will trigger earlier in the
future (at least as long as we have this kind of mapping mechanism).
aurel32 [Mon, 8 Dec 2008 18:11:21 +0000 (18:11 +0000)]
target-ppc: memory load/store rework
Rework the memory load/store:
- Unify load/store functions for 32-bit and 64-bit CPU
- Don't swap values twice for bit-reverse load/store functions
in little endian mode.
- On a 64-bit CPU in 32-bit mode, do the address truncation for
address computation instead of every load store. Truncate the
address when incrementing the address (if needed)
- Cache writes to access_types.
- Add a few missing calls to gen_set_access_type()
aurel32 [Sun, 7 Dec 2008 22:46:49 +0000 (22:46 +0000)]
SH4: SCI improvement
This patch simply implement one register of SH4's SCI := Serial Communication Interface.
R2D evaluation board uses SCI for SPI connection. So, Linux kernel for R2D with
default configuration causes a QEMU assertion failure when it initializes SPI driver.
This patch avoids it and reduces the kernel config modification work for QEMU.
Completing SCI implementation task is left. Other board support is desirable to confirm
this task, which uses SCI for a serial terminal.
aurel32 [Sun, 7 Dec 2008 22:46:31 +0000 (22:46 +0000)]
SH4: Implement FD bit
SH4 manual say that if a floating point instruction is executed while
FD bit in the status register is 1, an exception should be raised. QEMU
presently does not do that, so the kernel does not initialize FP state
for any thread, nor does it save/restore FP state. The most apparent
consequence is that while recent gcc/libc expect double-precision mode
to be set by kernel, they run in single-precision mode, and all FP code
produces wrong values.
This patch fixes this. It also fixes a couple of places where PC was
not updated before handling an exception, although both those places
deal with invalid instruction and don't lead to any user-visible bugs.
aurel32 [Sun, 7 Dec 2008 20:35:00 +0000 (20:35 +0000)]
Some cleanups after dyngen removal
1. hostregs_helper.h: fix comment
2. translate-all.c: rename dyngen_code(_search_pc) to
tcg_gen_code(_search_pc)
3. tcg.c:
- rename dyngen_table_op_count to tcg_table_op_count
- no need to generate a log of dyngen ops generated
- rename dyngen_code(_search_pc) to tcg_gen_code(_search_pc)
4. tcg.h: rename dyngen_code(_search_pc) to
tcg_gen_code(_search_pc)
balrog [Sun, 7 Dec 2008 19:39:58 +0000 (19:39 +0000)]
SH4: Eliminate P4 to A7 mangling (Takashi YOSHII).
Main purpose of this is to delete
*physical = address & 0x1fffffff;
at target-sh4/helper.c:449, using new mmio rule introduced by #5849
This masking is a nice trick to realize P4/A7 duality of SH registers.
But, IMHO, it is logically wrong.
Most of SH4 cpu control registers in P4 area(0xfc000000...0xffffffff) have
one more address called A7 which is usually P4 address with upper 3bits masked.
This is an address only appears in TLB's physical address part.
Current code use trick writing drivers as if they are really in A7
(that's why you see many *_A7 in hw/sh*.c), and using translation P4 to A7.
balrog [Sun, 7 Dec 2008 19:33:15 +0000 (19:33 +0000)]
SH: improve the way sh7750 registers io memory (Takashi YOSHII).
Fixes to be needed for commit #5849 "Change MMIO callbacks..."
hw/sh7750.c:
- Divide region of CPU control registers to avoid overlapping
to peripheral modules.
- Delete unused var "icr", which had moved to hw/sh_intc.c.
hw/sm501.c:
- Merge non page aligned palette registers into the region of
control registers.
balrog [Sun, 7 Dec 2008 19:20:43 +0000 (19:20 +0000)]
SH: r2d pci support (Takashi YOSHII).
This patch adds pci support to sh/r2d board.
This is the first user of PCIC support I formerly sent.
PCIC actually is inside of chip with CPU core on SH7751.
But, this code is written as if SH7750 and PCIC are on board.
I care little about physical device boundary, but fitting with qemu's
design.
This patch also adds some BSC (Bus State Controller) registers,
because PCI device driver software have to accesses them.
balrog [Sun, 7 Dec 2008 18:41:42 +0000 (18:41 +0000)]
sh4: mmio based CF support on r2d board (Takashi YOSHII).
This patch adds emulation for a CompactFlash on sh4/r2d board.
The device is CF, but wired to be worked as True-IDE mode, and connected
directly to SH bus. So, this code is to support generally mmio based
IDEs which are supported by "pata_platform" driver in linux kernel.
aurel32 [Sun, 7 Dec 2008 18:15:45 +0000 (18:15 +0000)]
Some cleanups after dyngen removal
this patch removes some now unused things after dyngen removal.
1. dyngen-exec.h: op_param, op _jmp and some associated macros
are now unused;
2. Makefile.target: tcg-dyngen is not needed anymore
2. tcg/tcg-op.h, tcg/tcg-opc.h: gen-op.h is dead
3. tcg.c:
- INDEX_op_end is now the first op
- CONFIG_DYNGEN_OP is never defined
4. tcg.h: dyngen_op not needed anymore
5. exec-all.h: remove some ASM macros.
aurel32 [Sun, 7 Dec 2008 18:15:23 +0000 (18:15 +0000)]
slirp: fix CVE 2007-5729
The emulated network cards in QEMU allows local users to execute arbitrary
code by writing Ethernet frames with a size larger than the slirp's default
MTU, which triggers a heap-based buffer overflow in the slirp library.
balrog [Sun, 7 Dec 2008 13:32:09 +0000 (13:32 +0000)]
Patch holes in ARM translation (Laurent Desnogues).
- gen_set_CF_bit31: use the right value to set carry flag
- shifter_out_im: remove a spurious semi-colon
- add a break for VSHRN, VRSHRN, VQSHRN, VQRSHRN
size 2 case
- sbfx, ubfx are v6t2 instructions
The correct cps user mode behaviour is unclear so it's left out from the
commit until ARM decides it.
balrog [Sun, 7 Dec 2008 03:12:54 +0000 (03:12 +0000)]
SCSI: Handle inquiry commands of varying length (Justin Chevrier).
Openserver 5.0.5 sends an Inquiry command to the emulated SCSI disk
expecting a response length of 40 bytes. Currently the response to an
Inquiry command is hardcoded to 36 bytes. When receiving a response of
length 36 instead of 40 Openserver panics.
Modifications to original patch based on feedback from Ryan Harper and Paul
Brook. Thanks guys.
Basically after each DMA transfer the Openserver driver would issue an
empty (0) SCRIPTS opcode. As the opcode is essentially a NOP it has no
second DWORD and therefore the DSP should only be incremented by 4 bytes
instead of the 8 bytes we currently do.
Note the 2nd DWORD after the empty opcode; the next opcode in the DMA
transfer sequence. As can be expected the address after that has the next
DMA address to use.
After the attached patch the DMA transfer is able to complete successfully:
blueswir1 [Fri, 5 Dec 2008 17:53:21 +0000 (17:53 +0000)]
sys-queue.h defines _SYS_QUEUE_H_ which is also defined by
the <sys/queue.h> system header. <sys/disk.h> uses SLIST_ENTRY
on NetBSD, which doesn't exist in sys-queue.h. Therefore,
include <sys/queue.h> before including sys-queue.h.
aliguori [Thu, 4 Dec 2008 22:36:38 +0000 (22:36 +0000)]
do boundary check based on absolute value (Glauber Costa)
For backward operations, dstpitch and srcpitch can
be negative. This leads BLTUNSAFE macro into an
overflow, and as a result, it avoids performing
operations that are perfectly valid.
The visible effect that led to that patch was the gnome-panel
bar in Fedora10. Before this patch, you could see garbage
clobbering a big portion of the bar.
aliguori [Thu, 4 Dec 2008 21:39:21 +0000 (21:39 +0000)]
Use writeback caching by default with qcow2
qcow2 writes a cluster reference count on every cluster update. This causes
performance to crater when using anything but cache=writeback. This is most
noticeable when using savevm. Right now, qcow2 isn't a reliable format
regardless of the type of cache your using because metadata is not updated in
the correct order. Considering this, I think it's somewhat reasonable to use
writeback caching by default with qcow2 files.
It at least avoids the massive performance regression for users until we sort
out the issues in qcow2.
aurel32 [Thu, 4 Dec 2008 21:34:52 +0000 (21:34 +0000)]
Fix RTC initial date computation
qemu_get_clock() returns a structure containing the time the user wants
to be set (either UTC time, a local time, or a given date). Use mktimegm()
instead of mktime() to convert it into POSIX time without taking the host
timezone into account.
aliguori [Thu, 4 Dec 2008 20:33:06 +0000 (20:33 +0000)]
Add virtio-balloon support
This adds a VirtIO based balloon driver. It uses madvise() to actually balloon
the memory when possible.
Until 2.6.27, KVM forced memory pinning so we must disable ballooning unless the
kernel actually supports it when using KVM. It's always safe when using TCG.
aliguori [Thu, 4 Dec 2008 20:19:35 +0000 (20:19 +0000)]
Add ballooning infrastructure.
Balloon devices allow you to ask the guest to allocate memory. This allows you
to release that memory. It's mostly useful for freeing up large chunks of
memory from cooperative guests.
aliguori [Thu, 4 Dec 2008 19:58:45 +0000 (19:58 +0000)]
Remove TARGET_PAGE_SIZE from virtio interface (Hollis Blanchard)
TARGET_PAGE_SIZE should only be used internal to qemu, not in guest/host
interfaces. The virtio frontend code in Linux uses two constants (PFN shift
and vring alignment) for the interface, so update qemu to match.
I've tested this with PowerPC KVM and confirmed that it fixes virtio problems
when using non-TARGET_PAGE_SIZE pages in the guest.
aliguori [Thu, 4 Dec 2008 19:38:57 +0000 (19:38 +0000)]
Virtio core support
This patch adds core support for VirtIO. VirtIO is a paravirtualization
framework that has been in Linux since 2.6.21. A PCI transport has been
available since 2.6.25. Network drivers are also available for Windows.
projects / qemu.git / log