usb->speed is the usb speed the device is actually running on in the
qemu emulation (i.e. from the guests point of view). So when plugging
usb3 devices into ehci hostadapter this is HIGH not SUPER.
To figure whenever the host talks to the device with superspeed we
have to check speedmask instead and see whenever the superspeed bit
is set there.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1445603230-11840-1-git-send-email-kraxel@redhat.com
When a device is detached, clear the suspend bit (PORTSC_SUSPEND)
in the port status register.
The specs are not *that* clear what is supposed to happen in case
a suspended device is unplugged. But the enable bit (PORTSC_PED)
is cleared, and the specs mention setting suspend with enable being
unset is undefined behavior. So clearing them both looks reasonable,
and it actually fixes the reported bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1268879
Cc: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Message-id: 1445413462-18004-1-git-send-email-kraxel@redhat.com
We now use epoxy to load opengl libraries. This means we don't need to
link opengl libraries directly if interfaces handled by epoxy. With
this, we just need epoxy headers and epoxy's *.so to build.
Tested with epoxy-1.3.1.
- sdl2/gtk/console egl stuff doesn't require other than epoxy
- milkymist-tmu2 glx stuff doesn't require other than epoxy
(lm32 test is limited, because can't find mmone-bios.bin, so just test
to load libGL with "./lm32-softmmu/qemu-system-lm32 -M milkymist,accel=qtest")
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
[ lm32 tested by kraxel ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
We have two issues with our qapi union layout:
1) Even though the QMP wire format spells the tag 'type', the
C code spells it 'kind', requiring some hacks in the generator.
2) The C struct uses an anonymous union, which places all tag
values in the same namespace as all non-variant members. This
leads to spurious collisions if a tag value matches a non-variant
member's name.
Make the conversion to the new layout for memory-related code.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1445898903-12082-21-git-send-email-eblake@redhat.com>
[Commit message tweaked slightly]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
We have two issues with our qapi union layout:
1) Even though the QMP wire format spells the tag 'type', the
C code spells it 'kind', requiring some hacks in the generator.
2) The C struct uses an anonymous union, which places all tag
values in the same namespace as all non-variant members. This
leads to spurious collisions if a tag value matches a non-variant
member's name.
Make the conversion to the new layout for input-related code.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1445898903-12082-20-git-send-email-eblake@redhat.com>
[Commit message tweaked slightly]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Version: GnuPG v1
iQEcBAABAgAGBQJWMmDMAAoJEJykq7OBq3PIHkIIAKyL9iY4EipKrtdMoWZu/Kfm
I9g4NVVqPF4QmTfYpZVxWglvBy0g0+2p1h4DQ5KheUNr7DV2uchSSsN38MWnEgH/
XTRpY858jcWx4sSAvYpz+kUVRBEtJJL8a/1aTBvYRxcbNE1X1lm72m7mm4KXGGud
PZ0fdj/UODHeoTOnMHddbs8Rs0kdHhlckl2Mfkz2dUgYAuZMK7xR7OIE7kOqWBcR
p5/I1Jq3wgmp267ZPVNS17u8Cff2PIElv0Z3Ouubixhhf+k5kvLBtgTbTJ81h7/4
NfmIRwsmAPhtnDSDXqFJ8KgwUYpGYYtPrK8DIXIWYwPdSjkIIdl1gNtc2CGyV3w=
=nA50
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging
# gpg: Signature made Thu 29 Oct 2015 18:09:16 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/block-pull-request:
block: Consider all child nodes in bdrv_requests_pending()
target-arm: xlnx-zynqmp: Add sdhci support.
sdhci: Split sdhci.h for public and internal device usage
sd.h: Move sd.h to include/hw/sd/
virtio: sync the dataplane vring state to the virtqueue before virtio_save
gdb command: qemu handlers
virtio-blk: switch off scsi-passthrough by default
ppc/spapr: add 2.4 compat props
s390x: include HW_COMPAT_* props
qemu-gdb: add $qemu_coroutine_sp and $qemu_coroutine_pc
qemu-gdb: extract parts of "qemu coroutine" implementation
qemu-gdb: allow using glibc_pointer_guard() on core dumps
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit 71c199c81d ("mips_malta: provide ememsize env variable to
kernels") changed the meaning of loaderparams.ram_size to be the whole
of RAM rather than just the low part below where the boot code is placed
for KVM, but it didn't update the PC initialisation for KVM to use
ram_low_size. Fix that now.
Fixes: 71c199c81d ("mips_malta: provide ememsize env variable to kernels")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paul Burton <paul.burton@imgtec.com>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Add two SYSBUS_SDHCI devices for xlnx-zynqmp
Signed-off-by: Sai Pavan Boddu <saipava@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Split sdhci.h into pubilc version (i.e include/hw/sd/sdhci.h) and
internal version (i.e hw/sd/sdhci-interna.h) based on register
declarations and object declaration.
Signed-off-by: Sai Pavan Boddu <saipava@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Create a sd directory under include/hw/ and move sd.h to
include/hw/sd/
Signed-off-by: Sai Pavan Boddu <saipava@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
When creating snapshot with the dataplane enabled, the snapshot file gets
not the actual state of virtqueue, because the current state is stored in
VirtIOBlockDataPlane. Therefore, before saving snapshot need to sync
the dataplane vring state to the virtqueue. The dataplane will resume its
work at the next notify virtqueue.
When snapshot loads with loadvm we get a message:
VQ 0 size 0x80 Guest index 0x15f5 inconsistent with Host index 0x0:
delta 0x15f5
error while loading state for instance 0x0 of device
'0000:00:08.0/virtio-blk'
Error -1 while loading VM state
to reproduce the error I used the following hmp commands:
savevm snap1
loadvm snap1
qemu parameters:
--enable-kvm -smp 4 -m 1024 -drive file=/var/lib/libvirt/images/centos6.4.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,aio=native -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x8,drive=drive-virtio-disk0,id=virtio-disk0 -set device.virtio-disk0.x-data-plane=on
Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Message-id: 1445859777-2982-1-git-send-email-den@openvz.org
CC: Stefan Hajnoczi <stefanha@redhat.com>
CC: "Michael S. Tsirkin" <mst@redhat.com>
CC: Kevin Wolf <kwolf@redhat.com>
CC: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Devices that are compliant with virtio-1 do not support scsi
passthrough any more (and it has not been a recommended setup
anyway for quite some time). To avoid having to switch it off
explicitly in newer qemus that turn on virtio-1 by default, let's
switch the default to scsi=false for 2.5.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Message-id: 1444991154-79217-4-git-send-email-cornelia.huck@de.ibm.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
HW_COMPAT_2_4 will become non-empty: prepare for it.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Message-id: 1444991154-79217-3-git-send-email-cornelia.huck@de.ibm.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
We want to inherit generic hw compat as well.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-id: 1444991154-79217-2-git-send-email-cornelia.huck@de.ibm.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Enable PCIe device multi-function hot-add, just ensure function 0 is added
last, then driver will get the notification to scan the slot.
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
In case user want to cancel the hot-add operation, should roll back,
device_del the added function that still don`t work.
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This reverts commit aa8580cddf.
As described in
http://article.gmane.org/gmane.comp.emulators.qemu/371432
that commit causes linux guests to crash on memory hot-unplug.
The original problem it's trying to solve has now
been addressed within virtio.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Note: virtqueue_map already validates input
so virtio-scsi does not have to.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
This also fixes a minor bug:
- virtqueue_map_sg(port->elem.out_sg, port->elem.out_addr,
- port->elem.out_num, 1);
is wrong: out_sg is not written so should not be marked dirty.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Drop use of the deprecated virtio_map_sg in virtio core.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
virtio_map_sg currently fails if one of the entries it's mapping is
contigious in GPA but not HVA address space. Introduce virtio_map which
handles this by splitting sg entries.
This new API generally turns out to be a good idea since it's harder to
misuse: at least in one case the existing one was used incorrectly.
This will still fail if there's no space left in the sg, but luckily max
queue size in use is currently 256, while max sg size is 1024, so we
should be OK even is all entries happen to cross a single DIMM boundary.
Won't work well with very small DIMM sizes, unfortunately:
e.g. this will fail with 4K DIMMs where a single
request might span a large number of DIMMs.
Let's hope these are uncommon - at least we are not breaking things.
Note: virtio-scsi calls virtio_map_sg on data loaded from network, and
validates input, asserting on failure. Copy the validating code here -
it will be dropped from virtio-scsi in a follow-up patch.
Reported-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
currently acpi_memory_plug_cb() sets is_inserting for
cold- and hot-plugged DIMMs as result ASL MHPD.MSCN()
method issues device check even for every coldplugged
DIMM. There isn't much harm in it but if we try to
unplug such DIMM, OSPM will issue device check
intstead of device eject event. So OSPM won't eject
memory module as expected and it will try to eject it
only when another memory device is hot-(un)plugged.
As a fix do not set 'is_inserting' event and do not
issue SCI for cold-plugged DIMMs as they are
enumerated and activated by OSPM during guest's boot.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
We are sending msg fields, use sizeof on these
and not on local variables which happen to
have a matching type.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The goal is to have debug code always compiled during build.
We standardize all debug output on the following format:
[QOM_TYPE_NAME]reporting_function: debug message
We also replace IPRINTF with qemu_log_mask(). The qemu_log_mask() output
is following the same format as the above debug.
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: b7ce7e98a051479453744aded122789531d80a44.1445781957.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The goal is to have debug code always compiled during build.
We standardize all debug output on the following format:
[QOM_TYPE_NAME]reporting_function: debug message
We also replace IPRINTF with qemu_log_mask(). The qemu_log_mask() output
is following the same format as the above debug.
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 5bbad71517ca728d8865f7b9f998baa0df022794.1445781957.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The goal is to have debug code always compiled during build.
We standardize all debug output on the following format:
[QOM_TYPE_NAME]reporting_function: debug message
The qemu_log_mask() output is following the same format as the
above debug.
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 57e565982db94fb433c32dfa17608888464d21de.1445781957.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The goal is to have debug code always compiled during build.
We standardize all debug output on the following format:
[QOM_TYPE_NAME]reporting_function: debug message
The qemu_log_mask() output is following the same format as the
above debug.
Adding some missing qemu_log_mask call for bad registers.
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 293e08f31cbb4df84d58f693243e61e770c73b3a.1445781957.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The goal is to have debug code always compiled during build.
We standardize all debug output on the following format:
[QOM_TYPE_NAME]reporting_function: debug message
We also replace IPRINTF with qemu_log_mask(). The qemu_log_mask() output
is following the same format as the above debug.
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 29885ffea2577eaf2288c1d17fd87ee951748b49.1445781957.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The goal is to have debug code always compiled during build.
We standardize all debug output on the following format:
[QOM_TYPE_NAME]reporting_function: debug message
The qemu_log_mask() output is following the same format as
the above debug.
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 328acfe6fc09a5afdbfbfd5220e0869fd5082660.1445781957.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The goal is to have debug code always compiled during build.
We standardize all debug output on the following format:
[QOM_TYPE_NAME]reporting_function: debug message
The qemu_log_mask() outputis following the same format as
the above debug.
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 4f2007adcf0f579864bb4dd8a825824e0e9098b8.1445781957.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The goal is to have debug code always compiled during build.
We standardize all debug output on the following format:
[QOM_TYPE_NAME]reporting_function: debug message
We also replace IPRINTF with qemu_log_mask(). The qemu_log_mask() output
is following the same format as the above debug.
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 47b8759b251d356c633faf7ea34f897f340aea4e.1445781957.git.jcd@tribudubois.net
[PMM: Drop attempt to print the ram_addr of a memory region in
one DPRINTF, which (a) was using the wrong format string so
didn't build on 32-bit and (b) was incorrectly looking at a
private field of a MemoryRegion struct]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We should always go through VirtBoardInfo when we need the memmap.
To avoid using a15memmap directly, in this case, we need to defer
the max-cpus check from class init time to instance init time. In
class init we now use MAX_CPUMASK_BITS for max_cpus initialization,
which is the maximum QEMU supports, and also, incidentally, the
maximum KVM/gicv3 currently supports. Also, a nice side-effect of
delaying the max-cpus check is that we now get more appropriate
error messages for gicv2 machines that try to configure more than
123 cpus. Before this patch it would complain that the requested
number of cpus was greater than 123, but for gicv2 configs, it
should complain that the number is greater than 8.
Signed-off-by: Andrew Jones <drjones@redhat.com>
Message-id: 1445189728-860-3-git-send-email-drjones@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Currently, if the kernel does not have live migration API, the migration
will still be attempted, but vGIC save/restore functions will just not do
anything. This will result in a broken machine state.
This patch fixes the problem by adding migration blocker if kernel API is
not supported.
Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Guest OS may issue VMXNET3_CMD_GET_STATS even before device was
activated (for example in linux, after insmod but prior net-dev open).
Accessing shared descriptors prior device activation is illegal as the
VMXNET3State structures have not been fully initialized.
As a result, guest memory gets corrupted and may lead to guest OS
crashes.
Fix, by not filling the stats descriptors if device is inactive.
Reported-by: Leonid Shatz <leonid.shatz@ravellosystems.com>
Acked-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Dana Rubin <dana.rubin@ravellosystems.com>
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Set initial MAC address to the one specified by the command line.
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Use realize to initialize the xen_platform device
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWLfISAAoJENro4Ql1lpzlHOsP/AkCzg2ontAGsZx+M1fCUn92
e0rRC14QQFkRGt1DchqWDnP5tkWkKeCi/gcyKVOHI6QcjcscxLNM3WVU0ZPw41ps
ZewbddKkDpTuv4yRGQGBe4BhcoMCYyuqfi1sfX19xqgM05SBjwk4kEGwSwZczz67
u1JSFAd4pjKj4Gfx8cLRk4GS4AyT5yvRW8GucrXKtF+Hhnk8Uq0wIvuBayHJvi9E
O40Jfg4fTU0QXYMI0keuYWhxJ12hStaUFgXANgelcuKOiUY+c3RzdFLKyL729Jf2
8PjyixxdPXKJCETCB/RxuPpS9cTifyBVL/0exVbzLvGk/W/9FTl782NxOHFEPcNc
CCnoZSEFUNtOzpvyf2K+xmbvuBYQ+5D272a7qvW1lMTgp0MvSfUMrh0qChrn/0j0
AJpAJOsf+Yverv5iY7/YcSAWbGCZWQypotPHQCd/9w0cXwQuY0V9Rm6PjSNc3SKi
3y7+5l6/sPyVBTDM6o23xd6Z9bRbliHzZd/zQEg6EYvlve2rtCJOlz5EBZAB/MTp
8SkHaKtTQVGFkw2YgF3HJGtc4EiqYwUh6vOV2CuFJO2yLhNrleKoCCXkBvtaX2ks
G3C9fr1mlqZYyAC1kDkHf6TywWkatBvSiiJLUOeWFG6CJ8c2YXuJEb8RqPcJ0j9c
pBBFeGc43sYxGIjdEQC9
=VOcb
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/elmarco/tags/ivshmem-pull-request' into staging
ivshmem series
# gpg: Signature made Mon 26 Oct 2015 09:27:46 GMT using RSA key ID 75969CE5
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>"
# gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5
* remotes/elmarco/tags/ivshmem-pull-request: (51 commits)
doc: document ivshmem & hugepages
ivshmem: use little-endian int64_t for the protocol
ivshmem: use kvm irqfd for msi notifications
ivshmem: rename MSI eventfd_table
ivshmem: remove EventfdEntry.vector
ivshmem: add hostmem backend
ivshmem: use qemu_strtosz()
ivshmem: do not keep shm_fd open
tests: add ivshmem qtest
qtest: add qtest_add_abrt_handler()
msix: implement pba write (but read-only)
contrib: remove unnecessary strdup()
ivshmem: add check on protocol version in QEMU
docs: update ivshmem device spec
ivshmem-server: fix hugetlbfs support
ivshmem-server: use a uint16 for client ID
ivshmem-client: check the number of vectors
contrib: add ivshmem client and server
util: const event_notifier_get_fd() argument
ivshmem: reset mask on device reset
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
msix->mmio is added to XenPCIPassthroughState's object as property.
object_finalize_child_property is called for XenPCIPassthroughState's
object, which calls object_property_del_all, which is going to try to
delete msix->mmio. object_finalize_child_property() will access
msix->mmio's obj. But the whole msix struct has already been freed
by xen_pt_msix_delete. This will cause segment fault when msix->mmio
has been overwritten.
This patch is to fix the issue.
Signed-off-by: Lan Tianyu <tianyu.lan@intel.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
The current ivshmem protocol uses 'long' for integers. But the
sizeof(long) depends on the host and the endianess is not defined, which
may cause portability troubles.
Instead, switch to using little-endian int64_t. This breaks the
protocol, except on x64 little-endian host where this change
should be compatible.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Use irqfd for improving context switch when notifying the guest.
If the host doesn't support kvm irqfd, regular msi notifications are
still supported.
Note: the ivshmem implementation doesn't allow switching between MSI and
IO interrupts, this patch doesn't either.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
The array is used to have vector specific data, so use a more
descriptive name.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
No need to store an extra int for the vector number when it can be
computed easily by looking at the position in the array.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Instead of handling allocation, teach ivshmem to use a memory backend.
This allows to use hugetlbfs backed memory now.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Use the common qemu utility function to parse the memory size.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Remove shm_fd from device state, closing it as early as possible to avoid leaks.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
qpci_msix_pending() writes on pba region, causing qemu to SEGV:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7fba8c0 (LWP 25882)]
0x0000000000000000 in ?? ()
(gdb) bt
#0 0x0000000000000000 in ()
#1 0x00005555556556c5 in memory_region_oldmmio_write_accessor (mr=0x5555579f3f80, addr=0, value=0x7fffffffbf68, size=4, shift=0, mask=4294967295, attrs=...) at /home/elmarco/src/qemu/memory.c:434
#2 0x00005555556558e1 in access_with_adjusted_size (addr=0, value=0x7fffffffbf68, size=4, access_size_min=1, access_size_max=4, access=0x55555565563e <memory_region_oldmmio_write_accessor>, mr=0x5555579f3f80, attrs=...) at /home/elmarco/src/qemu/memory.c:506
#3 0x00005555556581eb in memory_region_dispatch_write (mr=0x5555579f3f80, addr=0, data=0, size=4, attrs=...) at /home/elmarco/src/qemu/memory.c:1176
#4 0x000055555560b6f9 in address_space_rw (as=0x555555eff4e0 <address_space_memory>, addr=3759147008, attrs=..., buf=0x7fffffffc1b0 "", len=4, is_write=true) at /home/elmarco/src/qemu/exec.c:2439
#5 0x000055555560baa2 in cpu_physical_memory_rw (addr=3759147008, buf=0x7fffffffc1b0 "", len=4, is_write=1) at /home/elmarco/src/qemu/exec.c:2534
#6 0x000055555564c005 in cpu_physical_memory_write (addr=3759147008, buf=0x7fffffffc1b0, len=4) at /home/elmarco/src/qemu/include/exec/cpu-common.h:80
#7 0x000055555564cd9c in qtest_process_command (chr=0x55555642b890, words=0x5555578de4b0) at /home/elmarco/src/qemu/qtest.c:378
#8 0x000055555564db77 in qtest_process_inbuf (chr=0x55555642b890, inbuf=0x55555641b340) at /home/elmarco/src/qemu/qtest.c:569
#9 0x000055555564dc07 in qtest_read (opaque=0x55555642b890, buf=0x7fffffffc2e0 "writel 0xe0100800 0x0\n", size=22) at /home/elmarco/src/qemu/qtest.c:581
#10 0x000055555574ce3e in qemu_chr_be_write (s=0x55555642b890, buf=0x7fffffffc2e0 "writel 0xe0100800 0x0\n", len=22) at qemu-char.c:306
#11 0x0000555555751263 in tcp_chr_read (chan=0x55555642bcf0, cond=G_IO_IN, opaque=0x55555642b890) at qemu-char.c:2876
#12 0x00007ffff64c9a8a in g_main_context_dispatch (context=0x55555641c400) at gmain.c:3122
(without this patch, this can be reproduced with the ivshmem qtest)
Implement an empty mmio write to avoid the crash.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Send a protocol version as the first message from server, clients must
close communication if they don't support this protocol version. Older
QEMUs should be fine with this change in the protocol since they
overrides their own vm_id on reception of an id associated to no
eventfd.
Signed-off-by: David Marchand <david.marchand@6wind.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
[use fifo_update_and_get()]
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
The interrupt mask is a state value, it should be reset, like the
interrupt status.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
The number of eventfd that can be handled per peer is limited by the
number of vectors. Return an error when receiving too many of them.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
The terms 'guest' and 'peer' are used sometime interchangeably which may
be confusing. Instead, use 'peer' for the remote instances of ivshmem
clients, and 'guest' for the local VM.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Free all objects owned by the device, making sure the device is free,
fixing hot-unplug.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
The server should not change the shm, and this isn't handled by qemu and
we should should verify this in qemu.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
0 is a valid fd value, so change conditions and set -1 value early
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
load_state_old() is used to keep compatibility with version 0.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
The common version correctly checks for 0 value case.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Both if branches return, move this out to common end.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Use some more explicit variables to simplify the code.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
The server shouldn't send invalid peer id, so print an error if it's the
case.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
The test whether the chardev is an AF_UNIX socket rejects
"-chardev socket,id=chr0,path=/tmp/foo,server,nowait -device
ivshmem,chardev=chr0", but fails to explain why.
Use an explicit error on why a chardev may be rejected.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
max_peer isn't really useful, it tracks the maximum received VM id, but
that quickly matches nb_peers, the size of the peers array. Since VM
come and go, there might be sparse peers so it doesn't help much in
general to have this value around.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
There is no peer when device is initialized, do not let doorbell for
inexisting peer 0.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
val isn't used in ivshmem_update_irq() function.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
It simplifies a bit the code to allocate the array when setting the
number of peers instead of lazily when receiving the first vector.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Set the number of peers and array allocation in a single place. Rename
to better reflect the function content.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Limit the maximum number of peers to MAXUINT16. This is more realistic
and better matches the limit of the doorbell register.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Use the latest qemu device modeling API, in particular, convert to
realize to fix the error handling; right now a botched device_add
ivhsmem command kills the VM.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
qemu_chr_fe_get_msgfd() transfers ownership, there is no need to dup the
fd.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Make a new function fifo_update_and_get() that can be reused by other
functions (in next commits).
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
If the fifo has 0 bytes, and the read is of size 1, the call to
fifo8_push_all() will copy off boundary data.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
ivshmem_read() only reads sizeof(long) from the input buffer. Accepting
more could lead to fifo8 abort() on 32bit systems if fifo is not empty.
A following patch will change the protocol to 64-bit little-endian
instead.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
They will be excluded by type in the nested event loops in block layer,
so that unwanted events won't be processed there.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
All callers pass in false, and the real external ones will switch to
true in coming patches.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
blk_bs() will not necessarily return a non-NULL value any more (unless
blk_is_available() is true or it can be assumed to otherwise, e.g.
because it is called immediately after a successful blk_new_with_bs() or
blk_new_open()).
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Only call bdrv_add_key() on the BlockDriverState if it is not NULL.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The tray of an FDD is open iff there is no medium inserted (there are
only two states for an FDD: "medium inserted" or "no medium inserted").
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
sPAPR highlights:
* Allow VFIO devices on the spapr-pci-host-bridge
* Allow virtio VGA
* Safer handling of HTAB allocation
* ibm,pa-features device tree property
non-sPAPR highlights:
* Categorization of many ppc specific devices in help output
* Tweaks to MMU type constants
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWKdNsAAoJEGw4ysog2bOSDxsQAKz5SLPmHhRztR8K0BMne0FP
5Yi3zFLAkWHCDA60BUaQPy2hh6jz+EVecxPecWb+nQ/jhQBBFjpkckgorjcHz6jQ
6pUHK1vZOPSq6bmb9/r+h5Po9pX7A2ncKX+wCJfwlceE7pNauDvJDQyKSXtwigPg
IFsM+4TKrjwR7rVBHLoSKabM/2dGW0xxWpKII/xtuU6npfH15tdvadObjMfNLFcC
gfTyggRMtuZwOCAxnyIZz+6tdNGqUbIV8zmzMHoWhpaPc3MBGQA4DrtOyWsWnLL3
VoIqOAVFzR7r2OAM610SZej1jn6Nl7wJtdFIq3NVXtMp/e3xzGjEK7CsVW14wjC3
pbVPwESe3fT91y7vyZVHLoSFlh9dOs+deNGCo58crJTq7gmeg4vDQwjn5Ec2Ch8P
92uZyuhsTGQ/m0xl2QAR29dcapTXytptJugVDUvxZw78UG3xY0DicBiW43cMh22/
JwIVtlmbSyIrL+SqO5j0ylCSPSn7BtE2EjHrcyAqHTM8c6cv4JFIN4p8ZYqqILVH
LoRs6gGbrGey4QCVRDJc2w/pO21q0Xj+BIgZzcaZ8craKkCwarz5wYfJj7L8O4Hf
tzHAl4HjHQ3AZr03ejOKy40Y3CNaAAcU9mTFOq72r6LuoPoenbUh7Sm9Bo9st1Z2
cUjqLvzaL2N04ppVEwsM
=UrXv
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-next-20151023' into staging
ppc patch queue - 2015-10-23
sPAPR highlights:
* Allow VFIO devices on the spapr-pci-host-bridge
* Allow virtio VGA
* Safer handling of HTAB allocation
* ibm,pa-features device tree property
non-sPAPR highlights:
* Categorization of many ppc specific devices in help output
* Tweaks to MMU type constants
# gpg: Signature made Fri 23 Oct 2015 07:27:56 BST using RSA key ID 20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392
* remotes/dgibson/tags/ppc-next-20151023: (21 commits)
prep: do not use CPU_LOG_IOPORT, convert to tracepoints
openpic: add to misc category
macio-nvram: add to misc category
macio: add to bridge category
uninorth: add to bridge category
macio-ide: add to storage category
cuda: add to bridge category
grackle: add to bridge category
escc: add to input category
cmd646: add to storage category
adb: add to input category
ppc/spapr: Add "ibm,pa-features" property to the device-tree
ppc: Add mmu_model defines for arch 2.03 and 2.07
hw/scsi/spapr_vscsi: Remove superfluous memset
spapr_pci: Allow VFIO devices to work on the normal PCI host bridge
spapr_iommu: Provide a function to switch a TCE table to allowing VFIO
spapr_iommu: Rename vfio_accel parameter
spapr_pci: Allow PCI host bridge DMA window to be configured
spapr: Add "slb-size" property to CPU device tree nodes
spapr: Abort when HTAB of requested size isn't allocated
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Fix build breakages when using older gcc.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJWKTqnAAoJECgfDbjSjVRpqtIH/2HOjVIcONQKSt6JqcRCqplS
LUm2Y0n/iPOktzdX1PmYF3t6AXoSJ+9LYePgi691aRZR9CyqZkYiOOOT9NIqpK/I
41HxT0qjl2F8RCRQBT8WjUeZNb1XugO6yJ9y+FuNuht00F+1q/M9KjWOzLSPguWF
ri5ygKNVislca8HU//M8Cc30YwpSW2zT1QcQ2u9UQvIxWevB4AXkAz743EV+0liD
gjy9qfRU7cZgraN0fSx25jyO2oT0LZCvTJ3BZc9+K2wjdTSx+4bVzc4X/iB2c5/i
3y3Fhr2nEAjvG3j3KwRD6k1Sz6xLVWVmQSdBbgbx67Fmf8HTcX+Snjqw6V72IQc=
=NyBA
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
vhost: build fix
Fix build breakages when using older gcc.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 22 Oct 2015 20:36:07 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
* remotes/mst/tags/for_upstream:
vhost-user: fix up rhel6 build
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
These messages are disabled by default; a perfect usecase for tracepoints.
Convert them over.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
openpic is a programmable interrupt controller, so
add it to the misc category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The macio nvram is a non volatile RAM, so add it
the misc category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
macio is a bridge between the PCI bus and the Mac nvram,
IDE controller and PIC, so add it to the bridge category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Uninorth is the mac99 PCI host controller, so add
it to the bridge category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
macio-ide is an IDE controller, so add it
to the storage category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Cuda is a bridge between PowerMac system bus and the ADB controller,
real-time clock, pram and the power management unit.
So add it to the bridge category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Grackle is the PCI host controller of oldworld powermac,
so add it to the bridge category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
ESCC is a serial port controller, so add it
to the input category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
cmd646 is an IDE controller, so add it to the
storage category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The Apple Desktop Bus is used to connect a keyboard and a mouse,
so add it to the input category.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
LoPAPR defines a "ibm,pa-features" per-CPU device tree property which
describes extended features of the Processor Architecture.
This adds the property to the device tree. At the moment this is the
copy of what pHyp advertises except "I=1 (cache inhibited) Large Pages"
which is enabled for TCG and disabled when running under HV KVM host
with 4K system page size.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[aik: rebased, changed commit log, moved ci_large_pages initialization,
renamed pa_features arrays]
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
