[Qemu-devel] [PATCH] fix off-by-one error in pci_piix3_xen_ide_unplug
Fix off-by-one error when unplugging disks, which would otherwise leave the
last ATA disk plugged, with obvious consequences. Also rewrite loop to be more
readable.
Signed-off-by: James Harper james.har...@ejbdigital.com.au
diff --git a/hw/ide/piix.c b/hw/ide/piix.c
index 574b9c1..b0172fb 100644
--- a/hw/ide/piix.c
+++ b/hw/ide/piix.c
@@ -171,11 +171,11 @@ int pci_piix3_xen_ide_unplug(DeviceState *dev)
{
PCIIDEState *pci_ide;
DriveInfo *di;
-int i = 0;
+int i;
pci_ide = PCI_IDE(dev);
-for (; i 3; i++) {
+for (i = 0; i 4; i++) {
di = drive_get_by_index(IF_IDE, i);
if (di != NULL !di-media_cd) {
BlockBackend *blk = blk_by_legacy_dinfo(di);
Re: [Qemu-devel] [PATCH v2] hw/virtio/vring/event_idx: fix the vring_avail_event error
On Fri, Oct 31, 2014 at 10:57:55AM +, Stefan Hajnoczi wrote: On Fri, Oct 31, 2014 at 12:40:16AM +, Bin Wu wrote: The event idx in virtio is an effective way to reduce the number of interrupts and exits of the guest. When the guest puts an request into the virtio ring, it doesn't exit immediately to inform the backend. Instead, the guest checks the avail event idx to determine the notification. In virtqueue_pop, when a request is poped, the current avail event idx should be set to the number of vq-last_avail_idx. Signed-off-by: Bin Wu wu.wu...@huawei.com --- V2 - V1: update the same code in hw/virtio/dataplane/vring.c (Stefan) --- hw/virtio/dataplane/vring.c | 8 hw/virtio/virtio.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) Reviewed-by: Stefan Hajnoczi stefa...@redhat.com By the way, did you see that kernel drivers/vhost/vhost.c doesn't update the field for each pop? Instead it only updates when notify is re-enabled. I wonder if that approach is better than what QEMU does. Stefan Yes you should not move event idx if you don't want events.
Re: [Qemu-devel] [PATCH RESEND] vfio: migration to trace points
On Fri, 2014-10-31 at 13:44 +, Eric Auger wrote:
This patch removes all DPRINTF and replace them by trace points.
A few DPRINTF used in error cases were transformed into error_report.
Signed-off-by: Eric Auger eric.au...@linaro.org
---
I've already got this one:
http://lists.gnu.org/archive/html/qemu-devel/2014-10/msg02323.html
- __func__ is removed since trace point name does the same job
- HWADDR_PRIx were replaced by PRIx64
- this transformation just is tested compiled on PCI.
qemu configured with --enable-trace-backends=stderr
- in future, format strings and calls may be simplified by using a single
name argument instead of domain, bus, slot, function.
v1 (RFC) - v2 (PATCH):
- restore original format strings since parsing now is OK after
commit f9bbba9,
[PATCH v2] trace: tighten up trace-events regex to fix bad parse
---
hw/misc/vfio.c | 403
+
trace-events | 75 ++-
2 files changed, 280 insertions(+), 198 deletions(-)
diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c
index 75bfa1c..cdf4922 100644
--- a/hw/misc/vfio.c
+++ b/hw/misc/vfio.c
@@ -40,15 +40,7 @@
#include sysemu/kvm.h
#include sysemu/sysemu.h
#include hw/misc/vfio.h
-
-/* #define DEBUG_VFIO */
-#ifdef DEBUG_VFIO
-#define DPRINTF(fmt, ...) \
-do { fprintf(stderr, vfio: fmt, ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) \
-do { } while (0)
-#endif
+#include trace.h
/* Extra debugging, trap acceleration paths for more logging */
#define VFIO_ALLOW_MMAP 1
@@ -365,9 +357,9 @@ static void vfio_intx_interrupt(void *opaque)
return;
}
-DPRINTF(%s(%04x:%02x:%02x.%x) Pin %c\n, __func__, vdev-host.domain,
-vdev-host.bus, vdev-host.slot, vdev-host.function,
-'A' + vdev-intx.pin);
+trace_vfio_intx_interrupt(vdev-host.domain, vdev-host.bus,
+ vdev-host.slot, vdev-host.function,
+ 'A' + vdev-intx.pin);
vdev-intx.pending = true;
pci_irq_assert(vdev-pdev);
@@ -384,8 +376,8 @@ static void vfio_eoi(VFIODevice *vdev)
return;
}
-DPRINTF(%s(%04x:%02x:%02x.%x) EOI\n, __func__, vdev-host.domain,
-vdev-host.bus, vdev-host.slot, vdev-host.function);
+trace_vfio_eoi(vdev-host.domain, vdev-host.bus,
+ vdev-host.slot, vdev-host.function);
vdev-intx.pending = false;
pci_irq_deassert(vdev-pdev);
@@ -454,9 +446,8 @@ static void vfio_enable_intx_kvm(VFIODevice *vdev)
vdev-intx.kvm_accel = true;
-DPRINTF(%s(%04x:%02x:%02x.%x) KVM INTx accel enabled\n,
-__func__, vdev-host.domain, vdev-host.bus,
-vdev-host.slot, vdev-host.function);
+trace_vfio_enable_intx_kvm(vdev-host.domain, vdev-host.bus,
+ vdev-host.slot, vdev-host.function);
return;
@@ -508,9 +499,8 @@ static void vfio_disable_intx_kvm(VFIODevice *vdev)
/* If we've missed an event, let it re-fire through QEMU */
vfio_unmask_intx(vdev);
-DPRINTF(%s(%04x:%02x:%02x.%x) KVM INTx accel disabled\n,
-__func__, vdev-host.domain, vdev-host.bus,
-vdev-host.slot, vdev-host.function);
+trace_vfio_disable_intx_kvm(vdev-host.domain, vdev-host.bus,
+vdev-host.slot, vdev-host.function);
#endif
}
@@ -529,9 +519,9 @@ static void vfio_update_irq(PCIDevice *pdev)
return; /* Nothing changed */
}
-DPRINTF(%s(%04x:%02x:%02x.%x) IRQ moved %d - %d\n, __func__,
-vdev-host.domain, vdev-host.bus, vdev-host.slot,
-vdev-host.function, vdev-intx.route.irq, route.irq);
+trace_vfio_update_irq(vdev-host.domain, vdev-host.bus,
+ vdev-host.slot, vdev-host.function,
+ vdev-intx.route.irq, route.irq);
vfio_disable_intx_kvm(vdev);
@@ -606,8 +596,8 @@ static int vfio_enable_intx(VFIODevice *vdev)
vdev-interrupt = VFIO_INT_INTx;
-DPRINTF(%s(%04x:%02x:%02x.%x)\n, __func__, vdev-host.domain,
-vdev-host.bus, vdev-host.slot, vdev-host.function);
+trace_vfio_enable_intx(vdev-host.domain, vdev-host.bus,
+ vdev-host.slot, vdev-host.function);
return 0;
}
@@ -629,8 +619,8 @@ static void vfio_disable_intx(VFIODevice *vdev)
vdev-interrupt = VFIO_INT_NONE;
-DPRINTF(%s(%04x:%02x:%02x.%x)\n, __func__, vdev-host.domain,
-vdev-host.bus, vdev-host.slot, vdev-host.function);
+trace_vfio_disable_intx(vdev-host.domain, vdev-host.bus,
+vdev-host.slot, vdev-host.function);
}
/*
@@ -657,9 +647,9 @@ static void vfio_msi_interrupt(void *opaque)
abort();
}
-DPRINTF(%s(%04x:%02x:%02x.%x) vector %d 0x%PRIx64/0x%x\n, __func__,
-vdev-host.domain,
Re: [Qemu-devel] [PATCH v8 15/27] target-arm: make CSSELR banked
On 30 October 2014 21:28, Greg Bellows greg.bell...@linaro.org wrote: From: Fabian Aggeler aggel...@ethz.ch Rename CSSELR (cache size selection register) and add secure instance (AArch32). Signed-off-by: Fabian Aggeler aggel...@ethz.ch Signed-off-by: Greg Bellows greg.bell...@linaro.org Reviewed-by: Peter Maydell peter.mayd...@linaro.org assuming you make the obvious update now the ARM_CP_SECSTATE_TEST macro has been removed. thanks -- PMM
[Qemu-devel] [PATCH v7 12/16] hw/arm/sysbus-fdt: enable vfio-calxeda-xgmac dynamic instantiation
vfio-calxeda-xgmac now can be instantiated using the -device option.
The node creation function generates a very basic dt node composed
of the compat, reg and interrupts properties
Signed-off-by: Eric Auger eric.au...@linaro.org
---
v6 - v7:
- compat string re-formatting removed since compat string is not exposed
anymore as a user option
- VFIO IRQ kick-off removed from sysbus-fdt and moved to VFIO platform
device
---
hw/arm/sysbus-fdt.c | 88 +
1 file changed, 88 insertions(+)
diff --git a/hw/arm/sysbus-fdt.c b/hw/arm/sysbus-fdt.c
index d5476f1..f8b310b 100644
--- a/hw/arm/sysbus-fdt.c
+++ b/hw/arm/sysbus-fdt.c
@@ -27,6 +27,8 @@
#include hw/platform-bus.h
#include sysemu/sysemu.h
#include hw/platform-bus.h
+#include hw/vfio/vfio-platform.h
+#include hw/vfio/vfio-calxeda-xgmac.h
/*
* internal struct that contains the information to create dynamic
@@ -54,8 +56,11 @@ typedef struct NodeCreationPair {
int (*add_fdt_node_fn)(SysBusDevice *sbdev, void *opaque);
} NodeCreationPair;
+static int add_basic_vfio_fdt_node(SysBusDevice *sbdev, void *opaque);
+
/* list of supported dynamic sysbus devices */
NodeCreationPair add_fdt_node_functions[] = {
+{TYPE_VFIO_CALXEDA_XGMAC, add_basic_vfio_fdt_node},
{, NULL}, /*last element*/
};
@@ -86,6 +91,89 @@ static int add_fdt_node(SysBusDevice *sbdev, void *opaque)
}
/**
+ * add_basic_vfio_fdt_node - generates the most basic node for a VFIO node
+ *
+ * set properties are:
+ * - compatible string
+ * - regs
+ * - interrupts
+ */
+static int add_basic_vfio_fdt_node(SysBusDevice *sbdev, void *opaque)
+{
+PlatformBusFdtData *data = opaque;
+PlatformBusDevice *pbus = data-pbus;
+void *fdt = data-fdt;
+const char *parent_node = data-pbus_node_name;
+int compat_str_len;
+char *nodename;
+int i, ret;
+uint32_t *irq_attr;
+uint64_t *reg_attr;
+uint64_t mmio_base;
+uint64_t irq_number;
+VFIOPlatformDevice *vdev = VFIO_PLATFORM_DEVICE(sbdev);
+VFIODevice *vbasedev = vdev-vbasedev;
+Object *obj = OBJECT(sbdev);
+
+mmio_base = object_property_get_int(obj, mmio[0], NULL);
+
+nodename = g_strdup_printf(%s/%s@% PRIx64, parent_node,
+ vbasedev-name,
+ mmio_base);
+
+qemu_fdt_add_subnode(fdt, nodename);
+
+compat_str_len = strlen(vdev-compat) + 1;
+qemu_fdt_setprop(fdt, nodename, compatible,
+ vdev-compat, compat_str_len);
+
+reg_attr = g_new(uint64_t, vbasedev-num_regions*4);
+
+for (i = 0; i vbasedev-num_regions; i++) {
+mmio_base = platform_bus_get_mmio_addr(pbus, sbdev, i);
+reg_attr[4*i] = 1;
+reg_attr[4*i+1] = mmio_base;
+reg_attr[4*i+2] = 1;
+reg_attr[4*i+3] = memory_region_size(vdev-regions[i]-mem);
+}
+
+ret = qemu_fdt_setprop_sized_cells_from_array(fdt, nodename, reg,
+ vbasedev-num_regions*2, reg_attr);
+if (ret 0) {
+error_report(could not set reg property of node %s, nodename);
+goto fail;
+}
+
+irq_attr = g_new(uint32_t, vbasedev-num_irqs*3);
+
+for (i = 0; i vbasedev-num_irqs; i++) {
+irq_number = platform_bus_get_irqn(pbus, sbdev , i)
+ + data-irq_start;
+irq_attr[3*i] = cpu_to_be32(0);
+irq_attr[3*i+1] = cpu_to_be32(irq_number);
+irq_attr[3*i+2] = cpu_to_be32(0x4);
+}
+
+ ret = qemu_fdt_setprop(fdt, nodename, interrupts,
+ irq_attr, vbasedev-num_irqs*3*sizeof(uint32_t));
+if (ret 0) {
+error_report(could not set interrupts property of node %s,
+ nodename);
+goto fail;
+}
+
+g_free(nodename);
+g_free(irq_attr);
+g_free(reg_attr);
+
+return 0;
+
+fail:
+
+ return -1;
+}
+
+/**
* add_all_platform_bus_fdt_nodes - create all the platform bus nodes
*
* builds the parent platform bus node and all the nodes of dynamic
--
1.8.3.2
Re: [Qemu-devel] [PATCH v8 13/27] target-arm: add SCTLR_EL3 and make SCTLR banked
On 30 October 2014 21:28, Greg Bellows greg.bell...@linaro.org wrote:
From: Fabian Aggeler aggel...@ethz.ch
Implements SCTLR_EL3 and uses secure/non-secure instance when
needed.
Signed-off-by: Fabian Aggeler aggel...@ethz.ch
Signed-off-by: Greg Bellows greg.bell...@linaro.org
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index e0b82a6..18f4726 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -109,7 +109,7 @@ static void arm_cpu_reset(CPUState *s)
#if defined(CONFIG_USER_ONLY)
env-pstate = PSTATE_MODE_EL0t;
/* Userspace expects access to DC ZVA, CTL_EL0 and the cache ops */
-env-cp15.c1_sys |= SCTLR_UCT | SCTLR_UCI | SCTLR_DZE;
+env-cp15.sctlr_el[1] |= SCTLR_UCT | SCTLR_UCI | SCTLR_DZE;
/* and to the FP/Neon instructions */
env-cp15.c1_coproc = deposit64(env-cp15.c1_coproc, 20, 2, 3);
#else
@@ -167,7 +167,8 @@ static void arm_cpu_reset(CPUState *s)
env-thumb = initial_pc 1;
}
-if (env-cp15.c1_sys SCTLR_V) {
+if (!arm_feature(env, ARM_FEATURE_V8)
+ (A32_BANKED_CURRENT_REG_GET(env, sctlr) SCTLR_V)) {
env-regs[15] = 0x;
Why has this condition had an if not v8 added to it? The v8
spec doesn't drop support for hivecs as far as I can tell...
Patch looks good otherwise.
-- PMM
Re: [Qemu-devel] [PATCH v8 02/27] target-arm: add async excp target_el function
Thanks for the comments, responses inline.
On 31 October 2014 06:56, Peter Maydell peter.mayd...@linaro.org wrote:
On 30 October 2014 21:28, Greg Bellows greg.bell...@linaro.org wrote:
Adds a dedicated function and a lookup table for determining the target
exception level of IRQ and FIQ exceptions. The lookup table is taken
from the
ARMv7 and ARMv8 specification exception routing tables.
Signed-off-by: Greg Bellows greg.bell...@linaro.org
---
v7 - v8
- Added target EL lookup table
- Rework arm_phys_excp_target_el to use an EL lookup table rather than
conditionals.
v5 - v6
- Removed unneeded arm_phys_excp_target_el() function prototype.
- Removed unneeded arm_phys_excp_target_el() USER_ONLY function.
- Fixed up arm_phys_excp_target_el() function definition to be static.
- Globally replace Aarch# with AArch#
v4 - v5
- Simplify target EL function including removal of mode which was unused
- Merged with patch that plugs in the use of the function
v3 - v4
- Fixed arm_phys_excp_target_el() 0/0/0 case to return excp_mode when
EL2
rather than ABORT.
---
target-arm/helper.c | 111
++--
1 file changed, 91 insertions(+), 20 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index c47487a..e610466 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -3761,6 +3761,94 @@ void switch_mode(CPUARMState *env, int mode)
env-spsr = env-banked_spsr[i];
}
+/* Physical Interrupt Target EL Lookup Table
+ *
+ * [ From ARM ARM section G1.13.4 (Table G1-15) ]
+ *
+ * The below multi-dimensional table is used for looking up the target
+ * exception level given numerous condition criteria. Specifically, the
+ * target EL is based on SCR and HCR routing controls as well as the
+ * currently executing EL and secure state.
+ *
+ *Dimensions:
+ *target_el_table[2][2][2][2][2][4]
+ *| | | | | +--- Current EL
+ *| | | | +-- Non-secure(0)/Secure(1)
+ *| | | +- HCR mask override
+ *| | + SCR exec state control
+ *| +--- SCR mask override
+ *+-- 32-bit(0)/64-bit(1) EL3
+ *
+ *The table values are as such:
+ *0-3 = EL0-EL3
+ * -1 = Cannot occur
+ *
+ * In the case of exceptions not being taken, EL1 is returned. These
cases
+ * will be caught by the checks for target being = current.
This could use rephrasing to make it clearer why returning 1 is ok:
The ARM ARM tables include some entries indicating 'exception not taken'.
These are for the cases where we are currently at EL3 and the
exception is not routed to EL3 by the SCR, or where we are currently
at EL2 and the exception is not routed to EL3 or EL2. We can therefore
put '1' in those entries in our array, and rely on the check for
target EL = current EL in the caller to ensure that the exception
is not taken.
Added to v9.
+ *
+ *SCR HCR
+ * 64 EA AMO From
+ *BIT IRQ IMO Non-secure Secure
+ *EL3 FIQ RW FMO EL0 EL1 EL2 EL3 EL0 EL1 EL2 EL3
+ */
+const int8_t target_el_table[2][2][2][2][2][4] = {
+/* 0 0 0 0 */{ 1, 1, 2, -1 },{ 3, 3, -1, 3 },},
+ {/* 0 0 0 1 */{ 2, 2, 2, -1 },{ 3, 3, -1, 3 },},},
+ {{/* 0 0 1 0 */{ 1, 1, 2, -1 },{ 3, 3, -1, 3 },},
+ {/* 0 0 1 1 */{ 2, 2, 2, -1 },{ 3, 3, -1, 3 },},},},
+ {{{/* 0 1 0 0 */{ 3, 3, 3, -1 },{ 3, 3, -1, 3 },},
+ {/* 0 1 0 1 */{ 3, 3, 3, -1 },{ 3, 3, -1, 3 },},},
+ {{/* 0 1 1 0 */{ 3, 3, 3, -1 },{ 3, 3, -1, 3 },},
+ {/* 0 1 1 1 */{ 3, 3, 3, -1 },{ 3, 3, -1, 3 },},},},},
Your entries for 32-bit EL3, exception from Secure EL1 should all
read -1, not 3 -- it's not possible to have current_el be 1
in this case (this is why table G1-15 has a - in those entries).
Hmmm... I copied directly from the table and remember having two columns of
-1, so I'm not sure where the 3s came from, but you are right. Fixed in v9.
+/* 1 0 0 0 */{ 1, 1, 2, -1 },{ 1, 1, -1, 1 },},
+ {/* 1 0 0 1 */{ 2, 2, 2, -1 },{ 1, 1, -1, 1 },},},
+ {{/* 1 0 1 0 */{ 1, 1, 1, -1 },{ 1, 1, -1, 1 },},
+ {/* 1 0 1 1 */{ 2, 2, 2, -1 },{ 1, 1, -1, 1 },},},},
+ {{{/* 1 1 0 0 */{ 3, 3, 3, -1 },{ 3, 3, -1, 3 },},
+ {/* 1 1 0 1 */{ 3, 3, 3, -1 },{ 3, 3, -1, 3 },},},
+ {{/* 1 1 1 0 */{ 3, 3, 3, -1 },{ 3, 3, -1, 3 },},
+ {/* 1 1 1 1 */{ 3, 3, 3, -1 },{ 3, 3, -1, 3 },},},},},
+};
+
+/*
+ * Determine the target EL for physical exceptions
+ */
+static inline uint32_t
[Qemu-devel] [PATCH v2 RESEND] vfio: migration to trace points
This patch removes all DPRINTF and replace them by trace points.
A few DPRINTF used in error cases were transformed into error_report.
Signed-off-by: Eric Auger eric.au...@linaro.org
---
- __func__ is removed since trace point name does the same job
- HWADDR_PRIx were replaced by PRIx64
- this transformation just is tested compiled on PCI.
qemu configured with --enable-trace-backends=stderr
- in future, format strings and calls may be simplified by using a single
name argument instead of domain, bus, slot, function.
v1 (RFC) - v2 (PATCH):
- restore original format strings since parsing now is OK after
commit f9bbba9,
[PATCH v2] trace: tighten up trace-events regex to fix bad parse
---
hw/misc/vfio.c | 403 +
trace-events | 75 ++-
2 files changed, 280 insertions(+), 198 deletions(-)
diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c
index 75bfa1c..cdf4922 100644
--- a/hw/misc/vfio.c
+++ b/hw/misc/vfio.c
@@ -40,15 +40,7 @@
#include sysemu/kvm.h
#include sysemu/sysemu.h
#include hw/misc/vfio.h
-
-/* #define DEBUG_VFIO */
-#ifdef DEBUG_VFIO
-#define DPRINTF(fmt, ...) \
-do { fprintf(stderr, vfio: fmt, ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) \
-do { } while (0)
-#endif
+#include trace.h
/* Extra debugging, trap acceleration paths for more logging */
#define VFIO_ALLOW_MMAP 1
@@ -365,9 +357,9 @@ static void vfio_intx_interrupt(void *opaque)
return;
}
-DPRINTF(%s(%04x:%02x:%02x.%x) Pin %c\n, __func__, vdev-host.domain,
-vdev-host.bus, vdev-host.slot, vdev-host.function,
-'A' + vdev-intx.pin);
+trace_vfio_intx_interrupt(vdev-host.domain, vdev-host.bus,
+ vdev-host.slot, vdev-host.function,
+ 'A' + vdev-intx.pin);
vdev-intx.pending = true;
pci_irq_assert(vdev-pdev);
@@ -384,8 +376,8 @@ static void vfio_eoi(VFIODevice *vdev)
return;
}
-DPRINTF(%s(%04x:%02x:%02x.%x) EOI\n, __func__, vdev-host.domain,
-vdev-host.bus, vdev-host.slot, vdev-host.function);
+trace_vfio_eoi(vdev-host.domain, vdev-host.bus,
+ vdev-host.slot, vdev-host.function);
vdev-intx.pending = false;
pci_irq_deassert(vdev-pdev);
@@ -454,9 +446,8 @@ static void vfio_enable_intx_kvm(VFIODevice *vdev)
vdev-intx.kvm_accel = true;
-DPRINTF(%s(%04x:%02x:%02x.%x) KVM INTx accel enabled\n,
-__func__, vdev-host.domain, vdev-host.bus,
-vdev-host.slot, vdev-host.function);
+trace_vfio_enable_intx_kvm(vdev-host.domain, vdev-host.bus,
+ vdev-host.slot, vdev-host.function);
return;
@@ -508,9 +499,8 @@ static void vfio_disable_intx_kvm(VFIODevice *vdev)
/* If we've missed an event, let it re-fire through QEMU */
vfio_unmask_intx(vdev);
-DPRINTF(%s(%04x:%02x:%02x.%x) KVM INTx accel disabled\n,
-__func__, vdev-host.domain, vdev-host.bus,
-vdev-host.slot, vdev-host.function);
+trace_vfio_disable_intx_kvm(vdev-host.domain, vdev-host.bus,
+vdev-host.slot, vdev-host.function);
#endif
}
@@ -529,9 +519,9 @@ static void vfio_update_irq(PCIDevice *pdev)
return; /* Nothing changed */
}
-DPRINTF(%s(%04x:%02x:%02x.%x) IRQ moved %d - %d\n, __func__,
-vdev-host.domain, vdev-host.bus, vdev-host.slot,
-vdev-host.function, vdev-intx.route.irq, route.irq);
+trace_vfio_update_irq(vdev-host.domain, vdev-host.bus,
+ vdev-host.slot, vdev-host.function,
+ vdev-intx.route.irq, route.irq);
vfio_disable_intx_kvm(vdev);
@@ -606,8 +596,8 @@ static int vfio_enable_intx(VFIODevice *vdev)
vdev-interrupt = VFIO_INT_INTx;
-DPRINTF(%s(%04x:%02x:%02x.%x)\n, __func__, vdev-host.domain,
-vdev-host.bus, vdev-host.slot, vdev-host.function);
+trace_vfio_enable_intx(vdev-host.domain, vdev-host.bus,
+ vdev-host.slot, vdev-host.function);
return 0;
}
@@ -629,8 +619,8 @@ static void vfio_disable_intx(VFIODevice *vdev)
vdev-interrupt = VFIO_INT_NONE;
-DPRINTF(%s(%04x:%02x:%02x.%x)\n, __func__, vdev-host.domain,
-vdev-host.bus, vdev-host.slot, vdev-host.function);
+trace_vfio_disable_intx(vdev-host.domain, vdev-host.bus,
+vdev-host.slot, vdev-host.function);
}
/*
@@ -657,9 +647,9 @@ static void vfio_msi_interrupt(void *opaque)
abort();
}
-DPRINTF(%s(%04x:%02x:%02x.%x) vector %d 0x%PRIx64/0x%x\n, __func__,
-vdev-host.domain, vdev-host.bus, vdev-host.slot,
-vdev-host.function, nr, msg.address, msg.data);
+trace_vfio_msi_interrupt(vdev-host.domain, vdev-host.bus,
+ vdev-host.slot, vdev-host.function,
+ nr, msg.address, msg.data);
[Qemu-devel] [PATCH v7 05/16] hw/vfio/pci: split vfio_get_device
vfio_get_device now takes a VFIODevice as argument. The function is split
into 2 parts: vfio_get_device which is generic and vfio_populate_device
which is bus specific.
3 new fields are introduced in VFIODevice to store dev_info.
vfio_put_base_device is created.
---
v5-v6:
- simplifies the split for vfio_get_device:
vfio_check_device, vfio_populate_regions, vfio_populate_interrupts
are now gathered into a unique specialization function dubbed
vfio_populate_device
v4-v5:
- cleanup up of error handling and get/put operations in
vfio_check_device, vfio_populate_regions, vfio_populate_interrupts and
vfio_get_device.
- correct misuse of errno
- vfio_populate_regions always returns 0
- VFIODevice .name deallocation done in vfio_put_device instead of
vfio_put_base_device
- vfio_put_base_device done at vfio_get_device level.
Signed-off-by: Eric Auger eric.au...@linaro.org
---
hw/vfio/pci.c | 130 +++---
trace-events | 10 ++---
2 files changed, 83 insertions(+), 57 deletions(-)
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 186dfd0..0ee6f7f 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -205,12 +205,16 @@ typedef struct VFIODevice {
bool reset_works;
bool needs_reset;
VFIODeviceOps *ops;
+unsigned int num_irqs;
+unsigned int num_regions;
+unsigned int flags;
} VFIODevice;
struct VFIODeviceOps {
bool (*vfio_compute_needs_reset)(VFIODevice *vdev);
int (*vfio_hot_reset_multi)(VFIODevice *vdev);
void (*vfio_eoi)(VFIODevice *vdev);
+int (*vfio_populate_device)(VFIODevice *vdev);
};
typedef struct VFIOPCIDevice {
@@ -297,6 +301,8 @@ static uint32_t vfio_pci_read_config(PCIDevice *pdev,
uint32_t addr, int len);
static void vfio_pci_write_config(PCIDevice *pdev, uint32_t addr,
uint32_t val, int len);
static void vfio_mmap_set_enabled(VFIOPCIDevice *vdev, bool enabled);
+static void vfio_put_base_device(VFIODevice *vbasedev);
+static int vfio_populate_device(VFIODevice *vbasedev);
/*
* Common VFIO interrupt disable
@@ -3611,6 +3617,7 @@ static VFIODeviceOps vfio_pci_ops = {
.vfio_compute_needs_reset = vfio_pci_compute_needs_reset,
.vfio_hot_reset_multi = vfio_pci_hot_reset_multi,
.vfio_eoi = vfio_eoi,
+.vfio_populate_device = vfio_populate_device,
};
static void vfio_reset_handler(void *opaque)
@@ -3952,70 +3959,45 @@ static void vfio_put_group(VFIOGroup *group)
}
}
-static int vfio_get_device(VFIOGroup *group, const char *name,
- VFIOPCIDevice *vdev)
+static int vfio_populate_device(VFIODevice *vbasedev)
{
-struct vfio_device_info dev_info = { .argsz = sizeof(dev_info) };
+VFIOPCIDevice *vdev = container_of(vbasedev, VFIOPCIDevice, vbasedev);
struct vfio_region_info reg_info = { .argsz = sizeof(reg_info) };
struct vfio_irq_info irq_info = { .argsz = sizeof(irq_info) };
-int ret, i;
-
-ret = ioctl(group-fd, VFIO_GROUP_GET_DEVICE_FD, name);
-if (ret 0) {
-error_report(vfio: error getting device %s from group %d: %m,
- name, group-groupid);
-error_printf(Verify all devices in group %d are bound to vfio-pci
- or pci-stub and not already in use\n, group-groupid);
-return ret;
-}
-
-vdev-vbasedev.fd = ret;
-vdev-vbasedev.group = group;
-QLIST_INSERT_HEAD(group-device_list, vdev-vbasedev, next);
+int i, ret = -1;
/* Sanity check device */
-ret = ioctl(vdev-vbasedev.fd, VFIO_DEVICE_GET_INFO, dev_info);
-if (ret) {
-error_report(vfio: error getting device info: %m);
-goto error;
-}
-
-trace_vfio_get_device_irq(name, dev_info.flags,
- dev_info.num_regions, dev_info.num_irqs);
-
-if (!(dev_info.flags VFIO_DEVICE_FLAGS_PCI)) {
+if (!(vbasedev-flags VFIO_DEVICE_FLAGS_PCI)) {
error_report(vfio: Um, this isn't a PCI device);
goto error;
}
-vdev-vbasedev.reset_works = !!(dev_info.flags VFIO_DEVICE_FLAGS_RESET);
-
-if (dev_info.num_regions VFIO_PCI_CONFIG_REGION_INDEX + 1) {
+if (vbasedev-num_regions VFIO_PCI_CONFIG_REGION_INDEX + 1) {
error_report(vfio: unexpected number of io regions %u,
- dev_info.num_regions);
+ vbasedev-num_regions);
goto error;
}
-if (dev_info.num_irqs VFIO_PCI_MSIX_IRQ_INDEX + 1) {
-error_report(vfio: unexpected number of irqs %u, dev_info.num_irqs);
+if (vbasedev-num_irqs VFIO_PCI_MSIX_IRQ_INDEX + 1) {
+error_report(vfio: unexpected number of irqs %u, vbasedev-num_irqs);
goto error;
}
for (i = VFIO_PCI_BAR0_REGION_INDEX; i VFIO_PCI_ROM_REGION_INDEX; i++) {
reg_info.index = i;
-ret = ioctl(vdev-vbasedev.fd, VFIO_DEVICE_GET_REGION_INFO, reg_info);
+ret = ioctl(vbasedev-fd, VFIO_DEVICE_GET_REGION_INFO,
[Qemu-devel] [PATCH v7 09/16] hw/vfio/platform: add vfio-platform support
Minimal VFIO platform implementation supporting - register space user mapping, - IRQ assignment based on eventfds handled on qemu side. irqfd kernel acceleration comes in a subsequent patch. Signed-off-by: Kim Phillips kim.phill...@linaro.org Signed-off-by: Eric Auger eric.au...@linaro.org --- v6 - v7: - compat is not exposed anymore as a user option. Rationale is the vfio device became abstract and a specialization is needed anyway. The derived device must set the compat string. - in v6 vfio_start_irq_injection was exposed in vfio-platform.h. A new function dubbed vfio_register_irq_starter replaces it. It registers a machine init done notifier that programs starts all dynamic VFIO device IRQs. This function is supposed to be called by the machine file. A set of static helper routines are added too. It must be called before the creation of the platform bus device. v5 - v6: - vfio_device property renamed into host property - correct error handling of VFIO_DEVICE_GET_IRQ_INFO ioctl and remove PCI related comment - remove declaration of vfio_setup_irqfd and irqfd_allowed property.Both belong to next patch (irqfd) - remove declaration of vfio_intp_interrupt in vfio-platform.h - functions that can be static get this characteristic - remove declarations of vfio_region_ops, vfio_memory_listener, group_list, vfio_address_spaces. All are moved to vfio-common.h - remove vfio_put_device declaration and definition - print_regions removed. code moved into vfio_populate_regions - replace DPRINTF by trace events - new helper routine to set the trigger eventfd - dissociate intp init from the injection enablement: vfio_enable_intp renamed into vfio_init_intp and new function named vfio_start_eventfd_injection - injection start moved to vfio_start_irq_injection (not anymore in vfio_populate_interrupt) - new start_irq_fn field in VFIOPlatformDevice corresponding to the function that will be used for starting injection - user handled eventfd: x add mutex to protect IRQ state list manipulation, x correct misleading comment in vfio_intp_interrupt. x Fix bugs thanks to fake interrupt modality - VFIOPlatformDeviceClass becomes abstract - add error_setg in vfio_platform_realize v4 - v5: - vfio-plaform.h included first - cleanup error handling in *populate*, vfio_get_device, vfio_enable_intp - vfio_put_device not called anymore - add some includes to follow vfio policy v3 - v4: [Eric Auger] - merge of vfio: Add initial IRQ support in platform device to get a full functional patch although perfs are limited. - removal of unrealize function since I currently understand it is only used with device hot-plug feature. v2 - v3: [Eric Auger] - further factorization between PCI and platform (VFIORegion, VFIODevice). same level of functionality. = v2: [Kim Philipps] - Initial Creation of the device supporting register space mapping --- hw/vfio/Makefile.objs | 1 + hw/vfio/platform.c | 672 include/hw/vfio/vfio-common.h | 1 + include/hw/vfio/vfio-platform.h | 87 ++ trace-events| 12 + 5 files changed, 773 insertions(+) create mode 100644 hw/vfio/platform.c create mode 100644 include/hw/vfio/vfio-platform.h diff --git a/hw/vfio/Makefile.objs b/hw/vfio/Makefile.objs index e31f30e..c5c76fe 100644 --- a/hw/vfio/Makefile.objs +++ b/hw/vfio/Makefile.objs @@ -1,4 +1,5 @@ ifeq ($(CONFIG_LINUX), y) obj-$(CONFIG_SOFTMMU) += common.o obj-$(CONFIG_PCI) += pci.o +obj-$(CONFIG_SOFTMMU) += platform.o endif diff --git a/hw/vfio/platform.c b/hw/vfio/platform.c new file mode 100644 index 000..9f66610 --- /dev/null +++ b/hw/vfio/platform.c @@ -0,0 +1,672 @@ +/* + * vfio based device assignment support - platform devices + * + * Copyright Linaro Limited, 2014 + * + * Authors: + * Kim Phillips kim.phill...@linaro.org + * + * This work is licensed under the terms of the GNU GPL, version 2. See + * the COPYING file in the top-level directory. + * + * Based on vfio based PCI device assignment support: + * Copyright Red Hat, Inc. 2012 + */ + +#include linux/vfio.h +#include sys/ioctl.h + +#include hw/vfio/vfio-platform.h +#include qemu/error-report.h +#include qemu/range.h +#include sysemu/sysemu.h +#include exec/memory.h +#include qemu/queue.h +#include hw/sysbus.h +#include trace.h +#include hw/platform-bus.h + +static void vfio_intp_interrupt(VFIOINTp *intp); +typedef void (*eventfd_user_side_handler_t)(VFIOINTp *intp); +static int vfio_set_trigger_eventfd(VFIOINTp *intp, +eventfd_user_side_handler_t handler); + +/* + * Functions only used when eventfd are handled on user-side + * ie. without irqfd + */ + +/** + * vfio_platform_eoi - IRQ completion routine + * @vbasedev: the VFIO device + * + * de-asserts the active virtual IRQ and unmask the physical IRQ + * (masked by the VFIO driver). Handle pending IRQs if any. + * eoi function is called on the first access
[Qemu-devel] [PATCH v7 04/16] hw/vfio/pci: Introduce VFIORegion
This structure is going to be shared by VFIOPCIDevice and
VFIOPlatformDevice. VFIOBAR includes it.
vfio_eoi becomes an ops of VFIODevice specialized by parent device.
This makes possible to transform vfio_bar_write/read into generic
vfio_region_write/read that will be used by VFIOPlatformDevice too.
vfio_mmap_bar becomes vfio_map_region
Signed-off-by: Eric Auger eric.au...@linaro.org
---
v4-v5:
- remove fd field from VFIORegion
- change error_report format string in vfio_region_write/read
- remove #ifdef DEBUG_VFIO in the same function
- correct missing initialization of bar region's vbasedev field
- change Object * parameter name of vfio_mmap_region and remove
useless OBJECT()
Conflicts:
hw/vfio/pci.c
---
hw/vfio/pci.c | 193 ++
trace-events | 4 +-
2 files changed, 103 insertions(+), 94 deletions(-)
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 0531744..186dfd0 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -78,15 +78,19 @@ typedef struct VFIOQuirk {
} data;
} VFIOQuirk;
-typedef struct VFIOBAR {
-off_t fd_offset; /* offset of BAR within device fd */
-int fd; /* device fd, allows us to pass VFIOBAR as opaque data */
+typedef struct VFIORegion {
+struct VFIODevice *vbasedev;
+off_t fd_offset; /* offset of region within device fd */
MemoryRegion mem; /* slow, read/write access */
MemoryRegion mmap_mem; /* direct mapped access */
void *mmap;
size_t size;
uint32_t flags; /* VFIO region flags (rd/wr/mmap) */
-uint8_t nr; /* cache the BAR number for debug */
+uint8_t nr; /* cache the region number for debug */
+} VFIORegion;
+
+typedef struct VFIOBAR {
+VFIORegion region;
bool ioport;
bool mem64;
QLIST_HEAD(, VFIOQuirk) quirks;
@@ -206,6 +210,7 @@ typedef struct VFIODevice {
struct VFIODeviceOps {
bool (*vfio_compute_needs_reset)(VFIODevice *vdev);
int (*vfio_hot_reset_multi)(VFIODevice *vdev);
+void (*vfio_eoi)(VFIODevice *vdev);
};
typedef struct VFIOPCIDevice {
@@ -389,8 +394,10 @@ static void vfio_intx_interrupt(void *opaque)
}
}
-static void vfio_eoi(VFIOPCIDevice *vdev)
+static void vfio_eoi(VFIODevice *vbasedev)
{
+VFIOPCIDevice *vdev = container_of(vbasedev, VFIOPCIDevice, vbasedev);
+
if (!vdev-intx.pending) {
return;
}
@@ -400,7 +407,7 @@ static void vfio_eoi(VFIOPCIDevice *vdev)
vdev-intx.pending = false;
pci_irq_deassert(vdev-pdev);
-vfio_unmask_irqindex(vdev-vbasedev, VFIO_PCI_INTX_IRQ_INDEX);
+vfio_unmask_irqindex(vbasedev, VFIO_PCI_INTX_IRQ_INDEX);
}
static void vfio_enable_intx_kvm(VFIOPCIDevice *vdev)
@@ -553,7 +560,7 @@ static void vfio_update_irq(PCIDevice *pdev)
vfio_enable_intx_kvm(vdev);
/* Re-enable the interrupt in cased we missed an EOI */
-vfio_eoi(vdev);
+vfio_eoi(vdev-vbasedev);
}
static int vfio_enable_intx(VFIOPCIDevice *vdev)
@@ -1090,10 +1097,11 @@ static void vfio_update_msi(VFIOPCIDevice *vdev)
/*
* IO Port/MMIO - Beware of the endians, VFIO is always little endian
*/
-static void vfio_bar_write(void *opaque, hwaddr addr,
- uint64_t data, unsigned size)
+static void vfio_region_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
{
-VFIOBAR *bar = opaque;
+VFIORegion *region = opaque;
+VFIODevice *vbasedev = region-vbasedev;
union {
uint8_t byte;
uint16_t word;
@@ -1116,20 +1124,14 @@ static void vfio_bar_write(void *opaque, hwaddr addr,
break;
}
-if (pwrite(bar-fd, buf, size, bar-fd_offset + addr) != size) {
-error_report(%s(,0x%HWADDR_PRIx, 0x%PRIx64, %d) failed: %m,
- __func__, addr, data, size);
+if (pwrite(vbasedev-fd, buf, size, region-fd_offset + addr) != size) {
+error_report(%s(%s:region%d+0x%HWADDR_PRIx, 0x%PRIx64
+ ,%d) failed: %m,
+ __func__, vbasedev-name, region-nr,
+ addr, data, size);
}
-#ifdef DEBUG_VFIO
-{
-VFIOPCIDevice *vdev = container_of(bar, VFIOPCIDevice, bars[bar-nr]);
-
-trace_vfio_bar_write(vdev-host.domain, vdev-host.bus,
- vdev-host.slot, vdev-host.function,
- region-nr, addr, data, size);
-}
-#endif
+trace_vfio_region_write(vbasedev-name, region-nr, addr, data, size);
/*
* A read or write to a BAR always signals an INTx EOI. This will
@@ -1139,13 +1141,14 @@ static void vfio_bar_write(void *opaque, hwaddr addr,
* which access will service the interrupt, so we're potentially
* getting quite a few host interrupts per guest interrupt.
*/
-vfio_eoi(container_of(bar, VFIOPCIDevice, bars[bar-nr]));
+vbasedev-ops-vfio_eoi(vbasedev);
}
-static uint64_t vfio_bar_read(void *opaque,
- hwaddr addr, unsigned size)
+static
[Qemu-devel] [PATCH v7 11/16] hw/arm/virt: add support for VFIO devices
VFIO devices are dynamic sysbus devices. They could already be instantiated. However for them to be functional, IRQ injection must be programmed and started. This programming must happen after the sysbus devices are attached to the platform bus and IRQ are bound. Only at that time the GSI they are connected to are identified and irqfd can be programmed. Binding happens in a machine init done notifier registered by the platform bus init. The IRQ start is done in another notifier that must be registered before the platform bus creation. This patchs adds the registration of the IRQ start notifier in machvirt. Signed-off-by: Eric Auger eric.au...@linaro.org --- The registration of the IRQ start notifier could also happen in the platform bus. --- hw/arm/virt.c | 9 + 1 file changed, 9 insertions(+) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 3a09d58..911dbfc 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -44,6 +44,7 @@ #include qemu/error-report.h #include hw/arm/sysbus-fdt.h #include hw/platform-bus.h +#include hw/vfio/vfio-platform.h #define NUM_VIRTIO_TRANSPORTS 32 @@ -546,6 +547,14 @@ static void create_platform_bus(VirtBoardInfo *vbi, qemu_irq *pic, MemoryRegion *sysmem = get_system_memory(); /* + * Registers a notifier that starts VFIO IRQ injection. The notifier + * must be registered before the platform bus device creation. This + * latter registers another notifier that binds the dynamic sysbus + * devices to the platform bus. + */ +vfio_register_irq_starter(system_params-platform_bus_first_irq); + +/* * register the notifier that will update the device tree with * the platform bus and device tree nodes. Must be done before * the instantiation of the platform bus device that registers -- 1.8.3.2
[Qemu-devel] [PATCH v7 13/16] hw/vfio/platform: Add irqfd support
This patch aims at optimizing IRQ handling using irqfd framework.
Instead of handling the eventfds on user-side they are handled on
kernel side using
- the KVM irqfd framework,
- the VFIO driver virqfd framework.
the virtual IRQ completion is trapped at interrupt controller
This removes the need for fast/slow path swap.
Overall this brings significant performance improvements.
it depends on host kernel KVM irqfd.
Signed-off-by: Alvise Rigo a.r...@virtualopensystems.com
Signed-off-by: Eric Auger eric.au...@linaro.org
---
v5 - v6
- rely on kvm_irqfds_enabled() and kvm_resamplefds_enabled()
- guard KVM code with #ifdef CONFIG_KVM
v3 - v4:
[Alvise Rigo]
Use of VFIO Platform driver v6 unmask/virqfd feature and removal
of resamplefd handler. Physical IRQ unmasking is now done in
VFIO driver.
v3:
[Eric Auger]
initial support with resamplefd handled on QEMU side since the
unmask was not supported on VFIO platform driver v5.
Conflicts:
hw/vfio/platform.c
---
hw/vfio/platform.c | 96 +
include/hw/vfio/vfio-platform.h | 1 +
trace-events| 2 +
3 files changed, 99 insertions(+)
diff --git a/hw/vfio/platform.c b/hw/vfio/platform.c
index 9f66610..bdd5c93 100644
--- a/hw/vfio/platform.c
+++ b/hw/vfio/platform.c
@@ -25,6 +25,7 @@
#include hw/sysbus.h
#include trace.h
#include hw/platform-bus.h
+#include sysemu/kvm.h
static void vfio_intp_interrupt(VFIOINTp *intp);
typedef void (*eventfd_user_side_handler_t)(VFIOINTp *intp);
@@ -236,6 +237,83 @@ static int vfio_start_eventfd_injection(VFIOINTp *intp)
}
/*
+ * Functions used for irqfd
+ */
+
+#ifdef CONFIG_KVM
+
+/**
+ * vfio_set_resample_eventfd - sets the resamplefd for an IRQ
+ * @intp: the IRQ struct pointer
+ * programs the VFIO driver to unmask this IRQ when the
+ * intp-unmask eventfd is triggered
+ */
+static int vfio_set_resample_eventfd(VFIOINTp *intp)
+{
+VFIODevice *vbasedev = intp-vdev-vbasedev;
+struct vfio_irq_set *irq_set;
+int argsz, ret;
+int32_t *pfd;
+
+argsz = sizeof(*irq_set) + sizeof(*pfd);
+irq_set = g_malloc0(argsz);
+irq_set-argsz = argsz;
+irq_set-flags = VFIO_IRQ_SET_DATA_EVENTFD | VFIO_IRQ_SET_ACTION_UNMASK;
+irq_set-index = intp-pin;
+irq_set-start = 0;
+irq_set-count = 1;
+pfd = (int32_t *)irq_set-data;
+*pfd = event_notifier_get_fd(intp-unmask);
+qemu_set_fd_handler(*pfd, NULL, NULL, intp);
+ret = ioctl(vbasedev-fd, VFIO_DEVICE_SET_IRQS, irq_set);
+g_free(irq_set);
+if (ret 0) {
+error_report(vfio: Failed to set resample eventfd: %m);
+qemu_set_fd_handler(*pfd, NULL, NULL, NULL);
+}
+return ret;
+}
+
+/**
+ * vfio_start_irqfd_injection - starts irqfd injection for an IRQ
+ * programs VFIO driver with both the trigger and resamplefd
+ * programs KVM with the gsi, trigger resample eventfds
+ */
+static int vfio_start_irqfd_injection(VFIOINTp *intp)
+{
+struct kvm_irqfd irqfd = {
+.fd = event_notifier_get_fd(intp-interrupt),
+.resamplefd = event_notifier_get_fd(intp-unmask),
+.gsi = intp-virtualID,
+.flags = KVM_IRQFD_FLAG_RESAMPLE,
+};
+
+if (kvm_vm_ioctl(kvm_state, KVM_IRQFD, irqfd)) {
+error_report(vfio: Error: Failed to assign the irqfd: %m);
+goto fail_irqfd;
+}
+if (vfio_set_trigger_eventfd(intp, NULL) 0) {
+goto fail_vfio;
+}
+if (vfio_set_resample_eventfd(intp) 0) {
+goto fail_vfio;
+}
+
+intp-kvm_accel = true;
+trace_vfio_platform_start_irqfd_injection(intp-pin, intp-virtualID,
+ irqfd.fd, irqfd.resamplefd);
+return 0;
+
+fail_vfio:
+irqfd.flags = KVM_IRQFD_FLAG_DEASSIGN;
+kvm_vm_ioctl(kvm_state, KVM_IRQFD, irqfd);
+fail_irqfd:
+return -1;
+}
+
+#endif
+
+/*
* Functions used whatever the injection method
*/
@@ -314,6 +392,13 @@ static VFIOINTp *vfio_init_intp(VFIODevice *vbasedev,
unsigned int index)
error_report(vfio: Error: trigger event_notifier_init failed );
return NULL;
}
+/* Get an eventfd for resample/unmask */
+ret = event_notifier_init(intp-unmask, 0);
+if (ret) {
+g_free(intp);
+error_report(vfio: Error: resample event_notifier_init failed eoi);
+return NULL;
+}
/* store the new intp in qlist */
QLIST_INSERT_HEAD(vdev-intp_list, intp, next);
@@ -542,7 +627,17 @@ static void vfio_platform_realize(DeviceState *dev, Error
**errp)
vbasedev-type = VFIO_DEVICE_TYPE_PLATFORM;
vbasedev-ops = vfio_platform_ops;
+
+#ifdef CONFIG_KVM
+if (kvm_irqfds_enabled() kvm_resamplefds_enabled()
+vdev-irqfd_allowed) {
+vdev-start_irq_fn = vfio_start_irqfd_injection;
+} else {
+vdev-start_irq_fn = vfio_start_eventfd_injection;
+}
+#else
vdev-start_irq_fn = vfio_start_eventfd_injection;
+#endif
trace_vfio_platform_realize(vbasedev-name, vdev-compat);
@@
Re: [Qemu-devel] [PATCH v8 14/27] target-arm: respect SCR.FW, SCR.AW and SCTLR.NMFI
On 30 October 2014 21:28, Greg Bellows greg.bell...@linaro.org wrote:
From: Fabian Aggeler aggel...@ethz.ch
bits when modifying CPSR.
I prefer it if we don't continue sentences from the subject
line into the main commit message body like this, it makes
them rather odd to read.
Signed-off-by: Fabian Aggeler aggel...@ethz.ch
Signed-off-by: Greg Bellows greg.bell...@linaro.org
---
v7 - v8
- Fixed incorrect use of env-uncached_cpsr A/I/F to use env-daif instead.
- Removed incorrect statement about SPSR to CPSR copies being affected by
SCR.AW/FW.
- Fix typo in comment.
- Simpified cpsr_write logic
v3 - v4
- Fixed up conditions for ignoring CPSR.A/F updates by isolating to v7 and
checking for the existence of EL3 and non-existence of EL2.
---
target-arm/helper.c | 47 ---
1 file changed, 44 insertions(+), 3 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 466459b..03e6b62 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -3666,9 +3666,6 @@ void cpsr_write(CPUARMState *env, uint32_t val,
uint32_t mask)
env-GE = (val 16) 0xf;
}
-env-daif = ~(CPSR_AIF mask);
-env-daif |= val CPSR_AIF mask;
-
if ((env-uncached_cpsr ^ val) mask CPSR_M) {
if (bad_mode_switch(env, val CPSR_M)) {
/* Attempt to switch to an invalid mode: this is UNPREDICTABLE.
@@ -3680,6 +3677,50 @@ void cpsr_write(CPUARMState *env, uint32_t val,
uint32_t mask)
switch_mode(env, val CPSR_M);
}
}
+
You've put this code hunk below the section of this function
which updates the mode bits in the CPU state. That means we'll
do the arm_is_secure() and BANKED_CURRENT_REG_GET below as
if from the mode we're going to, not the mode we started out in.
This is wrong -- compare the CPSRWriteByInstr pseudocode function,
which updates the mode field as the last thing it does.
+/* In a V7 implementation that includes the security extensions but does
+ * not include Virtualization Extensions the SCR.FW and SCR.AW bits
control
+ * whether non-secure software is allowed to change the CPSR_F and CPSR_A
+ * bits respectively.
+ *
+ * In a V8 implementation, it is permitted for privileged software to
+ * change the CPSR A/F bits regardless of the SCR.AW/FW bits.
+ */
+if (!arm_feature(env, ARM_FEATURE_V8)
+arm_feature(env, ARM_FEATURE_EL3)
+!arm_feature(env, ARM_FEATURE_EL2)
+!arm_is_secure(env)) {
+if (!(env-cp15.scr_el3 SCR_AW)) {
+qemu_log_mask(LOG_GUEST_ERROR,
+ Ignoring attempt to switch CPSR_A flag from
+ non-secure world with SCR.AW bit clear\n);
This logging is now incorrect, because it will trigger even if the
guest wasn't attempting to change the value of CPSR.A. You could
either just drop the logging or alternatively only log
if ((env-daif ^ val) mask CPSR_A)
I guess.
+mask = ~CPSR_A;
+}
+
+if (!(env-cp15.scr_el3 SCR_FW)) {
+qemu_log_mask(LOG_GUEST_ERROR,
+ Ignoring attempt to switch CPSR_F flag from
+ non-secure world with SCR.FW bit clear\n);
+mask = ~CPSR_F;
+}
+
+/* Check whether non-maskable FIQ (NMFI) support is enabled.
+ * If this bit is set software is not allowed to mask
+ * FIQs, but is allowed to set CPSR_F to 0.
+ */
+if ((A32_BANKED_CURRENT_REG_GET(env, sctlr) SCTLR_NMFI)
+(val CPSR_F)) {
+qemu_log_mask(LOG_GUEST_ERROR,
+ Ignoring attempt to enable CPSR_F flag
+ (non-maskable FIQ [NMFI] support
+ enabled)\n);
+mask = ~CPSR_F;
+}
+}
+
+env-daif = ~(CPSR_AIF mask);
+env-daif |= val CPSR_AIF mask;
+
mask = ~CACHED_CPSR_BITS;
env-uncached_cpsr = (env-uncached_cpsr ~mask) | (val mask);
}
--
1.8.3.2
thanks
-- PMM
[Qemu-devel] [PATCH v4 0/6] machvirt dynamic sysbus device instantiation
This patch series enables machvirt to dynamically instantiate sysbus devices from command line (using -device option). All those sysbus devices are plugged onto a platform bus. This latter device is instantiated in machvirt and takes care of the binding of children sysbus devices on a machine init done notifier. The device tree node generation for children dynamic sysbus device also happens on a subsequent notifier that must be executed after the above one. machvirt registers that notifier before the platform bus creation to make sure notifiers are executed in the right order: dt generation after actual QOM binding. Very few sysbus devices are supposed to be instantiated that way. VFIO devices belong to them. Node creation really is architecture specific. On ARM the dynamic sysbus device node creation is implemented in a new C module, hw/arm/sysbus-fdt.c and not in the machine file. This series applies on top of Alex Graf's series [PATCH v3 0/7] Dynamic sysbus device allocation support http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04860.html Machvirt transformations and sysbus-fdt are largely inspired from Alex work. The patch series can be found at: http://git.linaro.org/people/eric.auger/qemu.git (branch vfio_integ_v7) Best Regards Eric v3 - v4: - dyn_sysbus_binding removed since binding stuff now are implemented by the platform bus device - due to a change in ARM load_dtb implementation using rom_add_blob_fixed, the dt no more is generated in a reset notifier but is generated on a machine init done notifier - the augmented device tree is not generated from scratch anymore but is added using a modify_dtb function. This required some small change in boot.c - the case where the user provides a dtb file now is handled - some cleanup in virt additions - implement a list of dyanmically instantiable devices in sysbus-fdt v2 - v3: - patch now applies on top of Alex full patchset - dyn_sysbus_devtree: add arm_prefix to emphasize the fact those functions are arm specific; arm_sysbus_device_create_devtree becomes static - load_dtb renamed into arm_load_dtb - add copyright in hw/arm/dyn_sysbus_devtree.c v1 - v2: - device node generation no more in sysbus device but in dyn_sysbus_devtree - VFIO region shrinked to 4MB and relocated in machvirt to avoid PCI shrink (dynamic vfio-mmio support might come latter) - platform_bus_base removed from PlatformDevtreeData Eric Auger (6): hw/arm/boot: load_dtb becomes non static arm_load_dtb hw/arm/boot: dtb start and limit moved in arm_boot_info hw/arm/boot: do not free VirtBoardInfo fdt in arm_load_dtb hw/arm: add a new modify_dtb_opaque field in arm_boot_info hw/arm/sysbus-fdt: helpers for platform bus nodes addition hw/arm/virt: add dynamic sysbus device support hw/arm/Makefile.objs| 1 + hw/arm/boot.c | 48 +++- hw/arm/sysbus-fdt.c | 181 hw/arm/virt.c | 59 +++ include/hw/arm/arm.h| 7 ++ include/hw/arm/sysbus-fdt.h | 50 6 files changed, 326 insertions(+), 20 deletions(-) create mode 100644 hw/arm/sysbus-fdt.c create mode 100644 include/hw/arm/sysbus-fdt.h -- 1.8.3.2
[Qemu-devel] [PATCH v7 16/16] hw/vfio/platform: add forwarded irq support
Tests whether the forwarded IRQ modality is available.
In the positive device IRQs are forwarded. This control is
achieved with KVM-VFIO device. with such a modality injection
still is handled through irqfds. However end of interrupt is
not trapped anymore. As soon as the guest completes its virtual
IRQ, the corresponding physical IRQ is completed and the same
physical IRQ can hit again.
A new x-forward property enables to force forwarding off although
enabled by the kernel.
Signed-off-by: Eric Auger eric.au...@linaro.org
---
hw/vfio/platform.c | 52 +
include/hw/vfio/vfio-platform.h | 2 ++
trace-events| 1 +
3 files changed, 55 insertions(+)
diff --git a/hw/vfio/platform.c b/hw/vfio/platform.c
index bdd5c93..f7ed209 100644
--- a/hw/vfio/platform.c
+++ b/hw/vfio/platform.c
@@ -237,6 +237,52 @@ static int vfio_start_eventfd_injection(VFIOINTp *intp)
}
/*
+ * Functions used with forwarding capability
+ */
+
+#ifdef CONFIG_KVM
+
+static bool has_kvm_vfio_forward_capability(void)
+{
+struct kvm_device_attr attr = {
+ .group = KVM_DEV_VFIO_DEVICE,
+ .attr = KVM_DEV_VFIO_DEVICE_FORWARD_IRQ};
+
+if (ioctl(vfio_kvm_device_fd, KVM_HAS_DEVICE_ATTR, attr) == 0) {
+return true;
+} else {
+return false;
+}
+}
+
+static int vfio_set_forwarding(VFIOINTp *intp)
+{
+int ret;
+struct kvm_device_attr attr = {
+ .group = KVM_DEV_VFIO_DEVICE,
+ .attr = KVM_DEV_VFIO_DEVICE_FORWARD_IRQ};
+
+intp-fwd_irq = g_malloc0(sizeof(*intp-fwd_irq));
+intp-fwd_irq-fd = intp-vdev-vbasedev.fd;
+intp-fwd_irq-index = intp-pin;
+intp-fwd_irq-gsi = intp-virtualID;
+
+attr.addr = (uint64_t)(unsigned long)intp-fwd_irq;
+
+if (ioctl(vfio_kvm_device_fd, KVM_SET_DEVICE_ATTR, attr)) {
+error_report(Failed to forward IRQ %d through KVM VFIO device,
+ intp-pin);
+g_free(intp-fwd_irq);
+return -errno;
+}
+trace_vfio_start_fwd_injection(intp-pin);
+
+return ret;
+}
+
+#endif
+
+/*
* Functions used for irqfd
*/
@@ -288,6 +334,11 @@ static int vfio_start_irqfd_injection(VFIOINTp *intp)
.flags = KVM_IRQFD_FLAG_RESAMPLE,
};
+if (has_kvm_vfio_forward_capability()
+ intp-vdev-forward_allowed) {
+vfio_set_forwarding(intp);
+}
+
if (kvm_vm_ioctl(kvm_state, KVM_IRQFD, irqfd)) {
error_report(vfio: Error: Failed to assign the irqfd: %m);
goto fail_irqfd;
@@ -737,6 +788,7 @@ static Property vfio_platform_dev_properties[] = {
DEFINE_PROP_UINT32(mmap-timeout-ms, VFIOPlatformDevice,
mmap_timeout, 1100),
DEFINE_PROP_BOOL(x-irqfd, VFIOPlatformDevice, irqfd_allowed, true),
+DEFINE_PROP_BOOL(x-forward, VFIOPlatformDevice, forward_allowed, true),
DEFINE_PROP_END_OF_LIST(),
};
diff --git a/include/hw/vfio/vfio-platform.h b/include/hw/vfio/vfio-platform.h
index 26ddba7..d22eb0e 100644
--- a/include/hw/vfio/vfio-platform.h
+++ b/include/hw/vfio/vfio-platform.h
@@ -42,6 +42,7 @@ typedef struct VFIOINTp {
bool kvm_accel; /* set when QEMU bypass through KVM enabled */
uint8_t pin; /* index */
uint8_t virtualID; /* virtual IRQ */
+struct kvm_arch_forwarded_irq *fwd_irq;
} VFIOINTp;
typedef int (*start_irq_fn_t)(VFIOINTp *intp);
@@ -59,6 +60,7 @@ typedef struct VFIOPlatformDevice {
start_irq_fn_t start_irq_fn;
QemuMutex intp_mutex;
bool irqfd_allowed; /* debug option to force irqfd on/off */
+bool forward_allowed; /* debug option to force forwarding on/off */
} VFIOPlatformDevice;
diff --git a/trace-events b/trace-events
index a05ed80..df3b71b 100644
--- a/trace-events
+++ b/trace-events
@@ -1429,6 +1429,7 @@ vfio_get_device(const char * name, unsigned int flags,
unsigned int num_regions,
vfio_put_base_device(int fd) close vdev-fd=%d
# hw/vfio/platform.c
+vfio_start_fwd_injection(int pin) forwarding set for IRQ pin %d
vfio_platform_eoi(int pin, int fd) EOI IRQ pin %d (fd=%d)
vfio_platform_mmap_set_enabled(bool enabled) fast path = %d
vfio_platform_intp_mmap_enable(int pin) IRQ #%d still active, stay in slow
path
--
1.8.3.2
[Qemu-devel] [PATCH v7 14/16] linux-headers: Update KVM headers from linux-next tag ToBeFilled
Syncup KVM related linux headers from linux-next tree using
scripts/update-linux-headers.sh.
Integrate updated KVM-VFIO API related to forwarded IRQ
Signed-off-by: Eric Auger eric.au...@linaro.org
---
linux-headers/linux/kvm.h | 9 +
1 file changed, 9 insertions(+)
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index 2669938..239b380 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -947,6 +947,12 @@ struct kvm_device_attr {
__u64 addr; /* userspace address of attr data */
};
+struct kvm_arch_forwarded_irq {
+__u32 fd; /* file desciptor of the VFIO device */
+__u32 index; /* VFIO device IRQ index */
+__u32 gsi; /* gsi, ie. virtual IRQ number */
+};
+
#define KVM_DEV_TYPE_FSL_MPIC_20 1
#define KVM_DEV_TYPE_FSL_MPIC_42 2
#define KVM_DEV_TYPE_XICS 3
@@ -954,6 +960,9 @@ struct kvm_device_attr {
#define KVM_DEV_VFIO_GROUP1
#define KVM_DEV_VFIO_GROUP_ADD 1
#define KVM_DEV_VFIO_GROUP_DEL 2
+#define KVM_DEV_VFIO_DEVICE 2
+#define KVM_DEV_VFIO_DEVICE_FORWARD_IRQ 1
+#define KVM_DEV_VFIO_DEVICE_UNFORWARD_IRQ2
#define KVM_DEV_TYPE_ARM_VGIC_V2 5
#define KVM_DEV_TYPE_FLIC 6
--
1.8.3.2
[Qemu-devel] [PATCH v7 08/16] hw/vfio: create common module
A new common module is created. It implements all functions
that have no device specificity (PCI, Platform).
This patch only consists in move (no functional changes)
Signed-off-by: Kim Phillips kim.phill...@linaro.org
Signed-off-by: Eric Auger eric.au...@linaro.org
---
v6 - v7:
- integrate Revert vfio: Make BARs native endian
- remove VFIO_DEVICE_TYPE_PLATFORM in vfio-common.h,
will come in next patch
v5 - v6:
- follow all evolutions of original PCI code from v5 to V6
- move declaration of vfio_region_ops, vfio_memory_listener,
vfio_group_list, vfio_address_spaces into vfio-common.h
v4 - v5:
- integrate sPAPR/IOMMU: Fix TCE entry permission
- VFIOdevice .name dealloc removed from vfio_put_base_device
- add some includes according to vfio inclusion policy
v3 - v4:
[Eric Auger]
move done after all PCI modifications to anticipate for
VFIO Platform needs. Purpose is to alleviate the whole
review process.
= v3
First split done by Kim Phillips
Conflicts:
hw/vfio/pci.c
---
hw/vfio/Makefile.objs |1 +
hw/vfio/common.c | 958 ++
hw/vfio/pci.c | 1028 +
include/hw/vfio/vfio-common.h | 151 ++
trace-events |1 +
5 files changed, 1112 insertions(+), 1027 deletions(-)
create mode 100644 hw/vfio/common.c
create mode 100644 include/hw/vfio/vfio-common.h
diff --git a/hw/vfio/Makefile.objs b/hw/vfio/Makefile.objs
index 31c7dab..e31f30e 100644
--- a/hw/vfio/Makefile.objs
+++ b/hw/vfio/Makefile.objs
@@ -1,3 +1,4 @@
ifeq ($(CONFIG_LINUX), y)
+obj-$(CONFIG_SOFTMMU) += common.o
obj-$(CONFIG_PCI) += pci.o
endif
diff --git a/hw/vfio/common.c b/hw/vfio/common.c
new file mode 100644
index 000..fbd9e7f
--- /dev/null
+++ b/hw/vfio/common.c
@@ -0,0 +1,958 @@
+/*
+ * generic functions used by VFIO devices
+ *
+ * Copyright Red Hat, Inc. 2012
+ *
+ * Authors:
+ * Alex Williamson alex.william...@redhat.com
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ * Based on qemu-kvm device-assignment:
+ * Adapted for KVM by Qumranet.
+ * Copyright (c) 2007, Neocleus, Alex Novik (a...@neocleus.com)
+ * Copyright (c) 2007, Neocleus, Guy Zana (g...@neocleus.com)
+ * Copyright (C) 2008, Qumranet, Amit Shah (amit.s...@qumranet.com)
+ * Copyright (C) 2008, Red Hat, Amit Shah (amit.s...@redhat.com)
+ * Copyright (C) 2008, IBM, Muli Ben-Yehuda (m...@il.ibm.com)
+ */
+
+#include sys/ioctl.h
+#include sys/mman.h
+#include linux/vfio.h
+
+#include hw/vfio/vfio-common.h
+#include hw/vfio/vfio.h
+#include exec/address-spaces.h
+#include exec/memory.h
+#include hw/hw.h
+#include qemu/error-report.h
+#include sysemu/kvm.h
+#include trace.h
+
+struct vfio_group_head vfio_group_list =
+QLIST_HEAD_INITIALIZER(vfio_address_spaces);
+struct vfio_as_head vfio_address_spaces =
+QLIST_HEAD_INITIALIZER(vfio_address_spaces);
+
+#ifdef CONFIG_KVM
+/*
+ * We have a single VFIO pseudo device per KVM VM. Once created it lives
+ * for the life of the VM. Closing the file descriptor only drops our
+ * reference to it and the device's reference to kvm. Therefore once
+ * initialized, this file descriptor is only released on QEMU exit and
+ * we'll re-use it should another vfio device be attached before then.
+ */
+static int vfio_kvm_device_fd = -1;
+#endif
+
+/*
+ * Common VFIO interrupt disable
+ */
+void vfio_disable_irqindex(VFIODevice *vbasedev, int index)
+{
+struct vfio_irq_set irq_set = {
+.argsz = sizeof(irq_set),
+.flags = VFIO_IRQ_SET_DATA_NONE | VFIO_IRQ_SET_ACTION_TRIGGER,
+.index = index,
+.start = 0,
+.count = 0,
+};
+
+ioctl(vbasedev-fd, VFIO_DEVICE_SET_IRQS, irq_set);
+}
+
+void vfio_unmask_irqindex(VFIODevice *vbasedev, int index)
+{
+struct vfio_irq_set irq_set = {
+.argsz = sizeof(irq_set),
+.flags = VFIO_IRQ_SET_DATA_NONE | VFIO_IRQ_SET_ACTION_UNMASK,
+.index = index,
+.start = 0,
+.count = 1,
+};
+
+ioctl(vbasedev-fd, VFIO_DEVICE_SET_IRQS, irq_set);
+}
+
+void vfio_mask_irqindex(VFIODevice *vbasedev, int index)
+{
+struct vfio_irq_set irq_set = {
+.argsz = sizeof(irq_set),
+.flags = VFIO_IRQ_SET_DATA_NONE | VFIO_IRQ_SET_ACTION_MASK,
+.index = index,
+.start = 0,
+.count = 1,
+};
+
+ioctl(vbasedev-fd, VFIO_DEVICE_SET_IRQS, irq_set);
+}
+
+/*
+ * IO Port/MMIO - Beware of the endians, VFIO is always little endian
+ */
+void vfio_region_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+VFIORegion *region = opaque;
+VFIODevice *vbasedev = region-vbasedev;
+union {
+uint8_t byte;
+uint16_t word;
+uint32_t dword;
+uint64_t qword;
+} buf;
+
+switch (size) {
+case 1:
+buf.byte = data;
+break;
+case 2:
+buf.word =
Re: [Qemu-devel] [PATCH 4/4] qmp: Add optional switch query-nodes in query-blockstats
On 10/28/2014 11:04 PM, Fam Zheng wrote:
This bool option will allow query all the node names. It iterates all
the BDSes that are assigned a name, also in this case don't query up the
backing chain.
Signed-off-by: Fam Zheng f...@redhat.com
---
block/qapi.c | 20 +---
hmp.c| 2 +-
qapi/block-core.json | 4 +++-
qmp-commands.hx | 2 +-
4 files changed, 18 insertions(+), 10 deletions(-)
-BlockStatsList *qmp_query_blockstats(Error **errp)
+BlockStatsList *qmp_query_blockstats(bool has_query_nodes,
+ bool query_nodes,
+ Error **errp)
{
BlockStatsList *head = NULL, **p_next = head;
BlockDriverState *bs = NULL;
- while ((bs = bdrv_next(bs))) {
+/* Just to be safe if query_nodes is not always intialized */
s/intialized/initialized/
+query_nodes = query_nodes has_query_nodes;
If things aren't initialized (was true a while ago, but we recently
fixed that to ensure 0 initialization, although no one yet really relies
on the guarantee), then valgrind could complain of a branch on an uninit
memory location. Idiomatically, this is usually written:
query_nodes = has_query_nodes query_nodes;
to pacify valgrind if we hadn't zero-initialized; although logically,
the result is identical, so I don't care if you leave it.
+++ b/qapi/block-core.json
@@ -434,7 +434,9 @@
#
# Since: 0.14.0
##
-{ 'command': 'query-blockstats', 'returns': ['BlockStats'] }
+{ 'command': 'query-blockstats',
+ 'data': {'*query-nodes': 'bool' },
+ 'returns': ['BlockStats'] }
Max correctly pointed out that this is missing documentation.
The idea looks sane; it will visit all named nodes (whether or not those
nodes are also reachable from named devices), and omit any unnamed nodes
(right now, libvirt would have to be taught to name nodes, or Jeff's
patch to auto-name nodes will avoid that problem).
Hmm, I wonder - if we are adding an optional parameter that controls
what to iterate over, should we also add an optional parameter that says
to limit the output to a given input name? Then again, we don't have
very many existing query-* commands that filter, and at any rate, adding
such a filter should be its own patch.
--
Eric Blake eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
[Qemu-devel] [Bug 1387881] Re: qemu fails to recognize full virtualization
Also please show the results of: dpkg -l | grep qemu Does a reboot or a 'rmmod kvm_intel kvm; modprobe kvm kvm_intel' fix it? You said earlier (in irc) that 'sudo apt-get install qemu-kvm' fixes it. Is that still the case? ** Also affects: qemu (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1387881 Title: qemu fails to recognize full virtualization Status in QEMU: New Status in “linux” package in Ubuntu: Incomplete Status in “qemu” package in Ubuntu: New Bug description: System: 14.04 qemu - 2.0.0+dfsg-2ubuntu1.6 virtinst 0.600.4-3ubuntu2 Command: virt-install --name juju-bootstrap --ram=2048 --vcpus=1 --hvm \ --virt-type=kvm --pxe --boot network,hd --os-variant=ubuntutrusty \ --graphics vnc --noautoconsole --os-type=linux --accelerate \ --disk=/var/lib/libvirt/images/juju-bootstrap.qcow2,bus=virtio,format=qcow2,cache=none,sparse=true,size=20 \ --network=bridge=br0,model=virtio Error: ERROR Host does not support virtualization type 'hvm' Diagnostics: $ sudo kvm -vnc :1 -monitor stdio [sudo] password for cscloud: QEMU 2.0.0 monitor - type 'help' for more information (qemu) KVM internal error. Suberror: 1 emulation failure EAX= EBX=4001 ECX=0030 EDX=0cfd ESI= EDI= EBP= ESP=6fcc EIP=0fedb30c EFL=0002 [---] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0010 00409300 DPL=0 DS [-WA] CS =0008 00c09a00 DPL=0 CS32 [-R-] SS =0010 00409200 DPL=0 DS [-W-] DS =0010 00409300 DPL=0 DS [-WA] FS =0010 00c09300 DPL=0 DS [-WA] GS =0010 00c09300 DPL=0 DS [-WA] LDT= 8200 DPL=0 LDT TR = 8b00 DPL=0 TSS32-busy GDT= 000f6688 0037 IDT= 000f66c6 CR0=6011 CR2= CR3= CR4= DR0= DR1= DR2= DR3= DR6=0ff0 DR7=0400 EFER= Code=00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 info kvm kvm support: enabled (qemu) lsmod|grep kvm kvm_intel 143109 0 kvm 451552 1 kvm_intel $ dmesg|grep -i kvm [5.722167] kvm: Nested Virtualization enabled [5.722190] kvm: Nested Paging enabled --- I haven't been able to get much out of libvirt as the kvm instance never starts. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1387881/+subscriptions
[Qemu-devel] [PATCH v4 5/6] hw/arm/sysbus-fdt: helpers for platform bus nodes addition
This new C module will be used by ARM machine files to generate
platform bus node and their dynamic sysbus device tree nodes.
Dynamic sysbus device node addition is done in a machine init
done notifier. arm_register_platform_bus_fdt_creator does the
registration of this latter and is supposed to be called by
ARM machine files that support platform bus and their dynamic
sysbus. Addition of dynamic sysbus nodes is done only if the
user did not provide any dtb.
Signed-off-by: Alexander Graf ag...@suse.de
Signed-off-by: Eric Auger eric.au...@linaro.org
---
v3 - v4:
- dyn_sysbus_devtree.c renamed into sysbus-fdt.c
- use new PlatformBusDevice object
- the dtb upgrade is done through modify_dtb. Before the fdt
was recreated from scratch. When the user provided a dtb this
latter was overwritten which was not correct.
- an array contains the association between device type names
and their node creation function
- I must aknowledge I did not find any cleaner way to implement
a FDT_BUILDER interface, as suggested by Paolo. The class method
would need to be initialized somewhere and since it cannot
happen in the device itself - according to Alex Peter comments -,
I don't see when I shall associate the device type and its
interface implementation.
v2 - v3:
- add arm_ prefix
- arm_sysbus_device_create_devtree becomes static
v1 - v2:
- Code moved in an arch specific file to accomodate architecture
dependent specificities.
- remove platform_bus_base from PlatformDevtreeData
v1: code originally written by Alex Graf in e500.c and reused for
ARM [Eric Auger]
---
hw/arm/Makefile.objs| 1 +
hw/arm/sysbus-fdt.c | 181
include/hw/arm/sysbus-fdt.h | 50
3 files changed, 232 insertions(+)
create mode 100644 hw/arm/sysbus-fdt.c
create mode 100644 include/hw/arm/sysbus-fdt.h
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 6088e53..0cc63e1 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -3,6 +3,7 @@ obj-$(CONFIG_DIGIC) += digic_boards.o
obj-y += integratorcp.o kzm.o mainstone.o musicpal.o nseries.o
obj-y += omap_sx1.o palm.o realview.o spitz.o stellaris.o
obj-y += tosa.o versatilepb.o vexpress.o virt.o xilinx_zynq.o z2.o
+obj-y += sysbus-fdt.o
obj-y += armv7m.o exynos4210.o pxa2xx.o pxa2xx_gpio.o pxa2xx_pic.o
obj-$(CONFIG_DIGIC) += digic.o
diff --git a/hw/arm/sysbus-fdt.c b/hw/arm/sysbus-fdt.c
new file mode 100644
index 000..d5476f1
--- /dev/null
+++ b/hw/arm/sysbus-fdt.c
@@ -0,0 +1,181 @@
+/*
+ * ARM Platform Bus device tree generation helpers
+ *
+ * Copyright (c) 2014 Linaro Limited
+ *
+ * Authors:
+ * Alex Graf ag...@suse.de
+ * Eric Auger eric.au...@linaro.org
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program. If not, see http://www.gnu.org/licenses/.
+ *
+ */
+
+#include hw/arm/sysbus-fdt.h
+#include qemu/error-report.h
+#include sysemu/device_tree.h
+#include hw/platform-bus.h
+#include sysemu/sysemu.h
+#include hw/platform-bus.h
+
+/*
+ * internal struct that contains the information to create dynamic
+ * sysbus device node
+ */
+typedef struct PlatformBusFdtData {
+void *fdt; /* device tree handle */
+int irq_start; /* index of the first IRQ usable by platform bus devices */
+const char *pbus_node_name; /* name of the platform bus node */
+PlatformBusDevice *pbus;
+} PlatformBusFdtData;
+
+/*
+ * struct used when calling the machine init done notifier
+ * that constructs the fdt nodes of platform bus devices
+ */
+typedef struct PlatformBusFdtNotifierParams {
+ARMPlatformBusFdtParams *fdt_params;
+Notifier notifier;
+} PlatformBusFdtNotifierParams;
+
+/* struct that associates a device type name and a node creation function */
+typedef struct NodeCreationPair {
+const char *typename;
+int (*add_fdt_node_fn)(SysBusDevice *sbdev, void *opaque);
+} NodeCreationPair;
+
+/* list of supported dynamic sysbus devices */
+NodeCreationPair add_fdt_node_functions[] = {
+{, NULL}, /*last element*/
+};
+
+/**
+ * add_fdt_node - add the device tree node of a dynamic sysbus device
+ *
+ * @sbdev: handle to the sysbus device
+ * @opaque: handle to the PlatformBusFdtData
+ *
+ * Checks the sysbus type belongs to the list of device types that
+ * are dynamically instantiable and in the positive call the node
+ * creation function.
+ */
+static int add_fdt_node(SysBusDevice *sbdev, void *opaque)
+{
+int i;
+
+for (i = 0; i
[Qemu-devel] [Bug 1387881] Re: qemu fails to recognize full virtualization
** Changed in: linux (Ubuntu) Importance: Undecided = High ** Tags added: kernel-da-key trusty -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1387881 Title: qemu fails to recognize full virtualization Status in QEMU: New Status in “linux” package in Ubuntu: Incomplete Bug description: System: 14.04 qemu - 2.0.0+dfsg-2ubuntu1.6 virtinst 0.600.4-3ubuntu2 Command: virt-install --name juju-bootstrap --ram=2048 --vcpus=1 --hvm \ --virt-type=kvm --pxe --boot network,hd --os-variant=ubuntutrusty \ --graphics vnc --noautoconsole --os-type=linux --accelerate \ --disk=/var/lib/libvirt/images/juju-bootstrap.qcow2,bus=virtio,format=qcow2,cache=none,sparse=true,size=20 \ --network=bridge=br0,model=virtio Error: ERROR Host does not support virtualization type 'hvm' Diagnostics: $ sudo kvm -vnc :1 -monitor stdio [sudo] password for cscloud: QEMU 2.0.0 monitor - type 'help' for more information (qemu) KVM internal error. Suberror: 1 emulation failure EAX= EBX=4001 ECX=0030 EDX=0cfd ESI= EDI= EBP= ESP=6fcc EIP=0fedb30c EFL=0002 [---] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0010 00409300 DPL=0 DS [-WA] CS =0008 00c09a00 DPL=0 CS32 [-R-] SS =0010 00409200 DPL=0 DS [-W-] DS =0010 00409300 DPL=0 DS [-WA] FS =0010 00c09300 DPL=0 DS [-WA] GS =0010 00c09300 DPL=0 DS [-WA] LDT= 8200 DPL=0 LDT TR = 8b00 DPL=0 TSS32-busy GDT= 000f6688 0037 IDT= 000f66c6 CR0=6011 CR2= CR3= CR4= DR0= DR1= DR2= DR3= DR6=0ff0 DR7=0400 EFER= Code=00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 info kvm kvm support: enabled (qemu) lsmod|grep kvm kvm_intel 143109 0 kvm 451552 1 kvm_intel $ dmesg|grep -i kvm [5.722167] kvm: Nested Virtualization enabled [5.722190] kvm: Nested Paging enabled --- I haven't been able to get much out of libvirt as the kvm instance never starts. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1387881/+subscriptions
[Qemu-devel] [Bug 921208] Re: win7/x64 installer hangs on startup with 0x0000005d.
I tried running qemu-system-x86 -cpu qemu64 with tcg and kvm, and compared cpu flags. There are 2 flags present in kvm case which are not present in tcg case: de and x2apic, all other flags are identical (nx is present in both). But enabling these two flags explicitly does not help, win still BSODs the same way. Except when I enable only x2apic, it displays the BSOD in much larger font... ;) -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/921208 Title: win7/x64 installer hangs on startup with 0x005d. Status in QEMU: Confirmed Status in “qemu” package in Ubuntu: Triaged Bug description: hi, during booting win7/x64 installer i'm observing a bsod with 0x005d ( msdn: unsupported_processor ). used command line: qemu-system-x86_64 -m 2048 -hda w7-system.img -cdrom win7_x64.iso -boot d adding '-machine accel=kvm' instead of default tcg accel helps to boot. installed software: qemu-1.0 linux-3.2.1 glibc-2.14.1 gcc-4.6.2 hw cpu: processor : 0..7 vendor_id : GenuineIntel cpu family : 6 model : 42 model name : Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz stepping: 7 microcode : 0x14 cpu MHz : 1995.739 cache size : 6144 KB physical id : 0 siblings: 8 core id : 3 cpu cores : 4 apicid : 7 initial apicid : 7 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer xsave avx lahf_lm ida arat epb xsaveopt pln pts dts tpr_shadow vnmi flexpriority ept vpid bogomips: 3992.23 clflush size: 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/921208/+subscriptions
[Qemu-devel] [PATCH v4 1/6] hw/arm/boot: load_dtb becomes non static arm_load_dtb
load_dtb is renamed into arm_load_dtb and becomes non static.
it will be used by machvirt for dynamic instantiation of
platform devices
Signed-off-by: Eric Auger eric.au...@linaro.org
---
v2 - v3:
load_dtb renamed into arm_load_dtb
Conflicts:
hw/arm/boot.c
---
hw/arm/boot.c| 12 ++--
include/hw/arm/arm.h | 2 ++
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index bffbea5..f5714ea 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -313,7 +313,7 @@ static void set_kernel_args_old(const struct arm_boot_info
*info)
}
/**
- * load_dtb() - load a device tree binary image into memory
+ * arm_load_dtb() - load a device tree binary image into memory
* @addr: the address to load the image at
* @binfo: struct describing the boot environment
* @addr_limit: upper limit of the available memory area at @addr
@@ -330,8 +330,8 @@ static void set_kernel_args_old(const struct arm_boot_info
*info)
* 0 if the image size exceeds the limit,
* -1 on errors.
*/
-static int load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
-hwaddr addr_limit)
+int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
+ hwaddr addr_limit)
{
void *fdt = NULL;
int size, rc;
@@ -504,7 +504,7 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info
*info)
/* If we have a device tree blob, but no kernel to supply it to,
* copy it to the base of RAM for a bootloader to pick up.
*/
-if (load_dtb(info-loader_start, info, 0) 0) {
+if (arm_load_dtb(info-loader_start, info, 0) 0) {
exit(1);
}
}
@@ -572,7 +572,7 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info
*info)
if (elf_low_addr info-loader_start) {
elf_low_addr = 0;
}
-if (load_dtb(info-loader_start, info, elf_low_addr) 0) {
+if (arm_load_dtb(info-loader_start, info, elf_low_addr) 0) {
exit(1);
}
}
@@ -637,7 +637,7 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info
*info)
*/
hwaddr dtb_start = QEMU_ALIGN_UP(info-initrd_start + initrd_size,
4096);
-if (load_dtb(dtb_start, info, 0) 0) {
+if (arm_load_dtb(dtb_start, info, 0) 0) {
exit(1);
}
fixupcontext[FIXUP_ARGPTR] = dtb_start;
diff --git a/include/hw/arm/arm.h b/include/hw/arm/arm.h
index cefc9e6..5fdae7b 100644
--- a/include/hw/arm/arm.h
+++ b/include/hw/arm/arm.h
@@ -68,6 +68,8 @@ struct arm_boot_info {
hwaddr entry;
};
void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info);
+int arm_load_dtb(hwaddr addr, const struct arm_boot_info *binfo,
+ hwaddr addr_limit);
/* Multiplication factor to convert from system clock ticks to qemu timer
ticks. */
--
1.8.3.2
[Qemu-devel] [PATCH v2 09/16] hw/intc/arm_gic: Make ICCBPR/GICC_BPR banked
From: Fabian Aggeler aggel...@ethz.ch
This register is banked in GICs with Security Extensions. Storing the
non-secure copy of BPR in the abpr, which is an alias to the non-secure
copy for secure access. ABPR itself is only accessible from secure state
if the GIC implements Security Extensions.
Signed-off-by: Fabian Aggeler aggel...@ethz.ch
---
v1 - v2
- Fix ABPR read handling when security extensions are not present
- Fix BPR write to take into consideration the minimum value written to ABPR
and restrict BPR-ABPR mirroring to GICv2 and up.
- Fix ABPR write to take into consideration the minumum value written
- Fix ABPR write condition break-down to include mirroring of ABPR writes to
BPR.
---
hw/intc/arm_gic.c| 54
include/hw/intc/arm_gic_common.h | 11 +---
2 files changed, 57 insertions(+), 8 deletions(-)
diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
index 3c0414f..3761d12 100644
--- a/hw/intc/arm_gic.c
+++ b/hw/intc/arm_gic.c
@@ -840,7 +840,12 @@ static uint32_t gic_cpu_read(GICState *s, int cpu, int
offset)
case 0x04: /* Priority mask */
return s-priority_mask[cpu];
case 0x08: /* Binary Point */
-return s-bpr[cpu];
+if (s-security_extn ns_access()) {
+/* BPR is banked. Non-secure copy stored in ABPR. */
+return s-abpr[cpu];
+} else {
+return s-bpr[cpu];
+}
case 0x0c: /* Acknowledge */
return gic_acknowledge_irq(s, cpu);
case 0x14: /* Running Priority */
@@ -848,7 +853,14 @@ static uint32_t gic_cpu_read(GICState *s, int cpu, int
offset)
case 0x18: /* Highest Pending Interrupt */
return s-current_pending[cpu];
case 0x1c: /* Aliased Binary Point */
-return s-abpr[cpu];
+if (!s-security_extn || (s-security_extn ns_access())) {
+/* If Security Extensions are present ABPR is a secure register,
+ * only accessible from secure state.
+ */
+return 0;
+} else {
+return s-abpr[cpu];
+}
case 0xd0: case 0xd4: case 0xd8: case 0xdc:
return s-apr[(offset - 0xd0) / 4][cpu];
default:
@@ -867,13 +879,45 @@ static void gic_cpu_write(GICState *s, int cpu, int
offset, uint32_t value)
s-priority_mask[cpu] = (value 0xff);
break;
case 0x08: /* Binary Point */
-s-bpr[cpu] = (value 0x7);
+if (s-security_extn ns_access()) {
+/* BPR is banked. Non-secure copy stored in ABPR. */
+/* The non-secure (ABPR) must not be below an implementation
+ * defined minimum value between 1-4.
+ * NOTE: BPR_MIN is currently set to 0, which is always true given
+ * the value is unsigned, so no check is necessary.
+ */
+s-abpr[cpu] = (GIC_MIN_ABPR = (value 0x7))
+? (value 0x7) : GIC_MIN_ABPR;
+} else {
+s-bpr[cpu] = (value 0x7);
+if (s-revision = 2) {
+/* On GICv2 without sec ext, GICC_ABPR is an alias of GICC_BPR
+ * so mirror the write.
+ */
+ s-abpr[cpu] = s-bpr[cpu];
+}
+}
break;
case 0x10: /* End Of Interrupt */
return gic_complete_irq(s, cpu, value 0x3ff);
case 0x1c: /* Aliased Binary Point */
-if (s-revision = 2) {
-s-abpr[cpu] = (value 0x7);
+/* This register only exists on GICv2 or GICv1 w/security. Writes when
+ * the register is not implemented (no sec ext) are ignored.
+ */
+if (s-security_extn) {
+if (!ns_access()) {
+s-abpr[cpu] = (GIC_MIN_ABPR = (value 0x7))
+? (value 0x7) : GIC_MIN_ABPR;
+}
+} else {
+if (s-revision = 2) {
+/* In a GICv2 impl without the security extension, the
+ * GICC_ABPR is an alias to GICC_BPR, so mirror the write.
+ */
+s-abpr[cpu] = (GIC_MIN_ABPR = (value 0x7))
+? (value 0x7) : GIC_MIN_ABPR;
+s-bpr[cpu] = s-abpr[cpu];
+}
}
break;
case 0xd0: case 0xd4: case 0xd8: case 0xdc:
diff --git a/include/hw/intc/arm_gic_common.h b/include/hw/intc/arm_gic_common.h
index 1daa672..3b0459a 100644
--- a/include/hw/intc/arm_gic_common.h
+++ b/include/hw/intc/arm_gic_common.h
@@ -36,6 +36,9 @@
#define MAX_NR_GROUP_PRIO 128
#define GIC_NR_APRS (MAX_NR_GROUP_PRIO / 32)
+#define GIC_MIN_BPR 0
+#define GIC_MIN_ABPR (GIC_MIN_BPR + 1)
+
typedef struct gic_irq_state {
/* The enable bits are only banked for per-cpu interrupts. */
uint8_t enabled;
@@ -78,9 +81,11 @@ typedef struct GICState {
uint16_t running_priority[GIC_NCPU];
uint16_t current_pending[GIC_NCPU];
-/* We present the GICv2 without
Re: [Qemu-devel] [PULL 0/5] vmware-vga: add rectangle verification (CVE-2014-3689)
On 29 October 2014 11:56, Gerd Hoffmann kra...@redhat.com wrote: Hi, After three revisions now finally the pull req for the CVE-2014-3689 fixes. please pull, Gerd The following changes since commit 3e9418e160cd8901c83a3c88967158084f5b5c03: Revert main-loop.c: Handle SIGINT, SIGHUP and SIGTERM synchronously (2014-10-27 15:05:09 +) are available in the git repository at: git://git.kraxel.org/qemu tags/pull-cve-2014-3689-20141029-1 for you to fetch changes up to bd9ccd8517e83b7c33a9167815dbfffb30d70b13: vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect (2014-10-29 12:01:30 +0100) vmware-vga: add rectangle verification (CVE-2014-3689) Applied, thanks. -- PMM
[Qemu-devel] [PATCH v8 00/27] target-arm: add Security Extensions for CPUs
Version 8 of the ARM processor security extension (TrustZone) support. This patchset includes changes to support the processor security extensions on ARMv7 aarch32 with hooks for later enabling v8 aarch64/32. Patches 1-6 of version 7 have already been accepted and committed. Summary of changes from v7 - v8: - Reworked exception maskign and target EL functions to use table lookups instead of extensive conditionals. - Moved and renamed use_secure_reg to access_secure_reg - Redo fieldoffset definitions to eliminate #defines - Consolidated common secure v7/v8 CP regs - Removed NSACR read/write functions - Fixed SDER and added SDER32_EL3 - Made MVBAR a 32-bit field - Fixed CPSR write logic - Fixed various code and commit comments - Fixed CSSELR CP definition to use OPC0 Fabian Aggeler (20): target-arm: add banked register accessors target-arm: add CPREG secure state support target-arm: insert AArch32 cpregs twice into hashtable target-arm: move AArch32 SCR into security reglist target-arm: implement IRQ/FIQ routing to Monitor mode target-arm: add NSACR register target-arm: add MVBAR support target-arm: add SCTLR_EL3 and make SCTLR banked target-arm: respect SCR.FW, SCR.AW and SCTLR.NMFI target-arm: make CSSELR banked target-arm: add TTBR0_EL3 and make TTBR0/1 banked target-arm: add TCR_EL3 and make TTBCR banked target-arm: make c2_mask and c2_base_mask banked target-arm: make DACR banked target-arm: make IFSR banked target-arm: make DFSR banked target-arm: make IFAR/DFAR banked target-arm: make PAR banked target-arm: make c13 cp regs banked (FCSEIDR, ...) target-arm: add cpu feature EL3 to CPUs with Security Extensions Greg Bellows (5): target-arm: extend async excp masking target-arm: add async excp target_el function target-arm: add secure state bit to CPREG hash target-arm: make VBAR banked target-arm: make MAIR0/1 banked Sergey Fedorov (2): target-arm: add non-secure Translation Block flag target-arm: add SDER definition hw/arm/pxa2xx.c | 8 +- linux-user/aarch64/target_cpu.h | 2 +- linux-user/arm/target_cpu.h | 2 +- linux-user/main.c | 72 ++--- target-arm/cpu.c| 11 +- target-arm/cpu.h| 525 target-arm/helper.c | 655 +--- target-arm/internals.h | 2 +- target-arm/op_helper.c | 4 +- target-arm/translate.c | 17 +- target-arm/translate.h | 1 + 11 files changed, 1015 insertions(+), 284 deletions(-) -- 1.8.3.2
[Qemu-devel] [PATCH v8 13/27] target-arm: add SCTLR_EL3 and make SCTLR banked
From: Fabian Aggeler aggel...@ethz.ch
Implements SCTLR_EL3 and uses secure/non-secure instance when
needed.
Signed-off-by: Fabian Aggeler aggel...@ethz.ch
Signed-off-by: Greg Bellows greg.bell...@linaro.org
---
v5 - v6
- Changed _el field variants to be array based
- Consolidate SCTLR and SCTLR_EL1 reginfo entries
---
hw/arm/pxa2xx.c| 2 +-
target-arm/cpu.c | 5 ++--
target-arm/cpu.h | 10 ++-
target-arm/helper.c| 72 +-
target-arm/op_helper.c | 2 +-
5 files changed, 56 insertions(+), 35 deletions(-)
diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index 693dfec..11d51af 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -273,7 +273,7 @@ static void pxa2xx_pwrmode_write(CPUARMState *env, const
ARMCPRegInfo *ri,
case 3:
s-cpu-env.uncached_cpsr = ARM_CPU_MODE_SVC;
s-cpu-env.daif = PSTATE_A | PSTATE_F | PSTATE_I;
-s-cpu-env.cp15.c1_sys = 0;
+s-cpu-env.cp15.sctlr_ns = 0;
s-cpu-env.cp15.c1_coproc = 0;
s-cpu-env.cp15.ttbr0_el1 = 0;
s-cpu-env.cp15.c3 = 0;
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index e0b82a6..18f4726 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -109,7 +109,7 @@ static void arm_cpu_reset(CPUState *s)
#if defined(CONFIG_USER_ONLY)
env-pstate = PSTATE_MODE_EL0t;
/* Userspace expects access to DC ZVA, CTL_EL0 and the cache ops */
-env-cp15.c1_sys |= SCTLR_UCT | SCTLR_UCI | SCTLR_DZE;
+env-cp15.sctlr_el[1] |= SCTLR_UCT | SCTLR_UCI | SCTLR_DZE;
/* and to the FP/Neon instructions */
env-cp15.c1_coproc = deposit64(env-cp15.c1_coproc, 20, 2, 3);
#else
@@ -167,7 +167,8 @@ static void arm_cpu_reset(CPUState *s)
env-thumb = initial_pc 1;
}
-if (env-cp15.c1_sys SCTLR_V) {
+if (!arm_feature(env, ARM_FEATURE_V8)
+ (A32_BANKED_CURRENT_REG_GET(env, sctlr) SCTLR_V)) {
env-regs[15] = 0x;
}
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 596bfae..8acc2b0 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -178,7 +178,15 @@ typedef struct CPUARMState {
struct {
uint32_t c0_cpuid;
uint64_t c0_cssel; /* Cache size selection. */
-uint64_t c1_sys; /* System control register. */
+union { /* System control register. */
+struct {
+uint64_t _unused_sctlr;
+uint64_t sctlr_ns;
+uint64_t hsctlr;
+uint64_t sctlr_s;
+};
+uint64_t sctlr_el[4];
+};
uint64_t c1_coproc; /* Coprocessor access register. */
uint32_t c1_xscaleauxcr; /* XScale auxiliary control register. */
uint64_t sder; /* Secure debug enable register. */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 3c56d8f..466459b 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1908,7 +1908,7 @@ static void aa64_fpsr_write(CPUARMState *env, const
ARMCPRegInfo *ri,
static CPAccessResult aa64_daif_access(CPUARMState *env, const ARMCPRegInfo
*ri)
{
-if (arm_current_el(env) == 0 !(env-cp15.c1_sys SCTLR_UMA)) {
+if (arm_current_el(env) == 0 !(env-cp15.sctlr_el[1] SCTLR_UMA)) {
return CP_ACCESS_TRAP;
}
return CP_ACCESS_OK;
@@ -1926,7 +1926,7 @@ static CPAccessResult aa64_cacheop_access(CPUARMState
*env,
/* Cache invalidate/clean: NOP, but EL0 must UNDEF unless
* SCTLR_EL1.UCI is set.
*/
-if (arm_current_el(env) == 0 !(env-cp15.c1_sys SCTLR_UCI)) {
+if (arm_current_el(env) == 0 !(env-cp15.sctlr_el[1] SCTLR_UCI)) {
return CP_ACCESS_TRAP;
}
return CP_ACCESS_OK;
@@ -2003,7 +2003,7 @@ static CPAccessResult aa64_zva_access(CPUARMState *env,
const ARMCPRegInfo *ri)
/* We don't implement EL2, so the only control on DC ZVA is the
* bit in the SCTLR which can prohibit access for EL0.
*/
-if (arm_current_el(env) == 0 !(env-cp15.c1_sys SCTLR_DZE)) {
+if (arm_current_el(env) == 0 !(env-cp15.sctlr_el[1] SCTLR_DZE)) {
return CP_ACCESS_TRAP;
}
return CP_ACCESS_OK;
@@ -2042,6 +2042,24 @@ static void spsel_write(CPUARMState *env, const
ARMCPRegInfo *ri, uint64_t val)
update_spsel(env, val);
}
+static void sctlr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+uint64_t value)
+{
+ARMCPU *cpu = arm_env_get_cpu(env);
+
+if (raw_read(env, ri) == value) {
+/* Skip the TLB flush if nothing actually changed; Linux likes
+ * to do a lot of pointless SCTLR writes.
+ */
+return;
+}
+
+raw_write(env, ri, value);
+/* ??? Lots of these bits are not implemented. */
+/* This may enable/disable the MMU, so do a TLB flush. */
+tlb_flush(CPU(cpu), 1);
+}
+
static const ARMCPRegInfo v8_cp_reginfo[] = {
/* Minimal set of EL0-visible registers. This will need to be expanded
* significantly
[Qemu-devel] [PATCH v2 13/16] hw/intc/arm_gic: Change behavior of IAR writes
From: Fabian Aggeler aggel...@ethz.ch
Grouping (GICv2) and Security Extensions change the behavior of IAR
reads. Acknowledging Group0 interrupts is only allowed from Secure
state and acknowledging Group1 interrupts from Secure state is only
allowed if AckCtl bit is set.
Signed-off-by: Fabian Aggeler aggel...@ethz.ch
---
v1 - v2
- Fix issue in gic_acknowledge_irq() where the GICC_CTLR_S_ACK_CTL flag is
applied without first checking whether the read is secure or non-secure.
Secure reads of IAR when AckCtl is 0 return a spurious ID of 1022, but
non-secure ignores the flag.
---
hw/intc/arm_gic.c | 25 +
1 file changed, 25 insertions(+)
diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
index 2d83225..7eb72df 100644
--- a/hw/intc/arm_gic.c
+++ b/hw/intc/arm_gic.c
@@ -190,11 +190,36 @@ uint32_t gic_acknowledge_irq(GICState *s, int cpu)
int ret, irq, src;
int cm = 1 cpu;
irq = s-current_pending[cpu];
+bool isGrp0;
if (irq == 1023
|| GIC_GET_PRIORITY(irq, cpu) = s-running_priority[cpu]) {
DPRINTF(ACK no pending IRQ\n);
return 1023;
}
+
+if (s-revision = 2 || s-security_extn) {
+isGrp0 = GIC_TEST_GROUP0(irq, (1 cpu));
+if ((isGrp0 (!s-enabled_grp[0]
+|| !(s-cpu_control[cpu][0] GICC_CTLR_S_EN_GRP0)))
+ || (!isGrp0 (!s-enabled_grp[1]
+|| !(s-cpu_control[cpu][1] GICC_CTLR_NS_EN_GRP1 {
+return 1023;
+}
+
+if ((s-revision = 2 !s-security_extn)
+|| (s-security_extn !ns_access())) {
+if (!isGrp0 !ns_access()
+!(s-cpu_control[cpu][0] GICC_CTLR_S_ACK_CTL)) {
+DPRINTF(Read of IAR ignored for Group1 interrupt %d
+(AckCtl disabled)\n, irq);
+return 1022;
+}
+} else if (s-security_extn ns_access() isGrp0) {
+DPRINTF(Non-secure read of IAR ignored for Group0 interrupt %d\n,
+irq);
+return 1023;
+}
+}
s-last_active[irq][cpu] = s-running_irq[cpu];
if (s-revision == REV_11MPCORE || s-revision == REV_NVIC) {
--
1.8.3.2
Re: [Qemu-devel] [PATCH 3/5] target-arm/translate.c: Don't use IS_M()
Peter Maydell peter.mayd...@linaro.org writes:
Instead of using IS_M(), use arm_dc_feature(s, ARM_FEATURE_M), so we
don't need to pass CPUARMState pointers around the decoder.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
I almost wondered if it was killing of the IS_M macro and making direct
calls in cpu.h and helper.c.
Anyway:
Reviewed-by: Alex Bennée alex.ben...@linaro.org
---
target-arm/translate.c | 19 +++
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 08ce5b0..5119fb9 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -7574,8 +7574,9 @@ static void disas_arm_insn(CPUARMState * env,
DisasContext *s)
s-pc += 4;
/* M variants do not implement ARM mode. */
-if (IS_M(env))
+if (arm_dc_feature(s, ARM_FEATURE_M)) {
goto illegal_op;
+}
cond = insn 28;
if (cond == 0xf){
/* In ARMv3 and v4 the NV condition is UNPREDICTABLE; we
@@ -9300,7 +9301,7 @@ static int disas_thumb2_insn(CPUARMState *env,
DisasContext *s, uint16_t insn_hw
/* Load/store multiple, RFE, SRS. */
if (((insn 23) 1) == ((insn 24) 1)) {
/* RFE, SRS: not available in user mode or on M profile */
-if (IS_USER(s) || IS_M(env)) {
+if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
goto illegal_op;
}
if (insn (1 20)) {
@@ -9804,7 +9805,7 @@ static int disas_thumb2_insn(CPUARMState *env,
DisasContext *s, uint16_t insn_hw
op = (insn 20) 7;
switch (op) {
case 0: /* msr cpsr. */
-if (IS_M(env)) {
+if (arm_dc_feature(s, ARM_FEATURE_M)) {
tmp = load_reg(s, rn);
addr = tcg_const_i32(insn 0xff);
gen_helper_v7m_msr(cpu_env, addr, tmp);
@@ -9815,8 +9816,9 @@ static int disas_thumb2_insn(CPUARMState *env,
DisasContext *s, uint16_t insn_hw
}
/* fall through */
case 1: /* msr spsr. */
-if (IS_M(env))
+if (arm_dc_feature(s, ARM_FEATURE_M)) {
goto illegal_op;
+}
tmp = load_reg(s, rn);
if (gen_set_psr(s,
msr_mask(env, s, (insn 8) 0xf, op == 1),
@@ -9884,7 +9886,7 @@ static int disas_thumb2_insn(CPUARMState *env,
DisasContext *s, uint16_t insn_hw
break;
case 6: /* mrs cpsr. */
tmp = tcg_temp_new_i32();
-if (IS_M(env)) {
+if (arm_dc_feature(s, ARM_FEATURE_M)) {
addr = tcg_const_i32(insn 0xff);
gen_helper_v7m_mrs(tmp, cpu_env, addr);
tcg_temp_free_i32(addr);
@@ -9895,8 +9897,9 @@ static int disas_thumb2_insn(CPUARMState *env,
DisasContext *s, uint16_t insn_hw
break;
case 7: /* mrs spsr. */
/* Not accessible in user mode. */
-if (IS_USER(s) || IS_M(env))
+if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
goto illegal_op;
+}
tmp = load_cpu_field(spsr);
store_reg(s, rd, tmp);
break;
@@ -10851,7 +10854,7 @@ static void disas_thumb_insn(CPUARMState *env,
DisasContext *s)
if (IS_USER(s)) {
break;
}
-if (IS_M(env)) {
+if (arm_dc_feature(s, ARM_FEATURE_M)) {
tmp = tcg_const_i32((insn (1 4)) != 0);
/* FAULTMASK */
if (insn 1) {
@@ -11123,7 +11126,7 @@ static inline void
gen_intermediate_code_internal(ARMCPU *cpu,
break;
}
#else
-if (dc-pc = 0xfff0 IS_M(env)) {
+if (dc-pc = 0xfff0 arm_dc_feature(dc, ARM_FEATURE_M)) {
/* We always get here via a jump, so know we are not in a
conditional execution block. */
gen_exception_internal(EXCP_EXCEPTION_EXIT);
--
Alex Bennée
[Qemu-devel] [PATCH v8 15/27] target-arm: make CSSELR banked
From: Fabian Aggeler aggel...@ethz.ch
Rename CSSELR (cache size selection register) and add secure
instance (AArch32).
Signed-off-by: Fabian Aggeler aggel...@ethz.ch
Signed-off-by: Greg Bellows greg.bell...@linaro.org
---
v7 - v8
- Fix CSSELR CP register definition to use .opc0 rather than .cp.
v5 - v6
- Changed _el field variants to be array based
- Switch to use distinct CPREG secure flags.
- Merged CSSELR and CSSELR_EL1 reginfo entries
v4 - v5
- Changed to use the CCSIDR cpreg bank flag to select the csselr bank instead
of the A32_BANKED macro. This more accurately uses the secure state bank
matching the CCSIDR.
---
target-arm/cpu.h| 10 +-
target-arm/helper.c | 14 +++---
2 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 8acc2b0..3b776a1 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -177,7 +177,15 @@ typedef struct CPUARMState {
/* System control coprocessor (cp15) */
struct {
uint32_t c0_cpuid;
-uint64_t c0_cssel; /* Cache size selection. */
+union { /* Cache size selection */
+struct {
+uint64_t _unused_csselr0;
+uint64_t csselr_ns;
+uint64_t _unused_csselr1;
+uint64_t csselr_s;
+};
+uint64_t csselr_el[4];
+};
union { /* System control register. */
struct {
uint64_t _unused_sctlr;
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 03e6b62..f6a9b66 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -776,7 +776,14 @@ static void scr_write(CPUARMState *env, const ARMCPRegInfo
*ri, uint64_t value)
static uint64_t ccsidr_read(CPUARMState *env, const ARMCPRegInfo *ri)
{
ARMCPU *cpu = arm_env_get_cpu(env);
-return cpu-ccsidr[env-cp15.c0_cssel];
+
+/* Acquire the CSSELR index from the bank corresponding to the CCSIDR
+ * bank
+ */
+uint32_t index = A32_BANKED_REG_GET(env, csselr,
+ ARM_CP_SECSTATE_TEST(ri, ARM_CP_SECSTATE_S));
+
+return cpu-ccsidr[index];
}
static void csselr_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -903,8 +910,9 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
.access = PL1_R, .readfn = ccsidr_read, .type = ARM_CP_NO_MIGRATE },
{ .name = CSSELR, .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .crn = 0, .crm = 0, .opc1 = 2, .opc2 = 0,
- .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c0_cssel),
- .writefn = csselr_write, .resetvalue = 0 },
+ .access = PL1_RW, .writefn = csselr_write, .resetvalue = 0,
+ .bank_fieldoffsets = { offsetof(CPUARMState, cp15.csselr_s),
+ offsetof(CPUARMState, cp15.csselr_ns) } },
/* Auxiliary ID register: this actually has an IMPDEF value but for now
* just RAZ for all cores:
*/
--
1.8.3.2
Re: [Qemu-devel] [PATCH RFC 2/2] block: Warn on insecure format probing
Can you add something like: -drive ...,format=unsafe-probe so it does the probing anyway, even though we know it's unsafe? This will minimize the churn needed in libguestfs to make this work. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into KVM guests. http://libguestfs.org/virt-v2v
[Qemu-devel] [PATCH v8 26/27] target-arm: make MAIR0/1 banked
Added CP register info entries for the ARMv7 MAIR0/1 secure banks.
Signed-off-by: Greg Bellows greg.bell...@linaro.org
---
v5 - v6
- Changed _el field variants to be array based
---
target-arm/cpu.h| 12 +++-
target-arm/helper.c | 8 +---
2 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 348ce73..1a76fc6 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -305,7 +305,17 @@ typedef struct CPUARMState {
uint32_t c9_pmxevtyper; /* perf monitor event type */
uint32_t c9_pmuserenr; /* perf monitor user enable */
uint32_t c9_pminten; /* perf monitor interrupt enables */
-uint64_t mair_el1;
+union { /* Memory attribute redirection */
+struct {
+uint64_t _unused_mair_0;
+uint32_t mair0_ns;
+uint32_t mair1_ns;
+uint64_t _unused_mair_1;
+uint32_t mair0_s;
+uint32_t mair1_s;
+};
+uint64_t mair_el[4];
+};
union { /* vector base address register */
struct {
uint64_t _unused_vbar;
diff --git a/target-arm/helper.c b/target-arm/helper.c
index d782897..fd5f074 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -939,7 +939,7 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
*/
{ .name = MAIR_EL1, .state = ARM_CP_STATE_AA64,
.opc0 = 3, .opc1 = 0, .crn = 10, .crm = 2, .opc2 = 0,
- .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.mair_el1),
+ .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.mair_el[1]),
.resetvalue = 0 },
/* For non-long-descriptor page tables these are PRRR and NMRR;
* regardless they still act as reads-as-written for QEMU.
@@ -948,11 +948,13 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
*/
{ .name = MAIR0, .state = ARM_CP_STATE_AA32, .type = ARM_CP_OVERRIDE,
.cp = 15, .opc1 = 0, .crn = 10, .crm = 2, .opc2 = 0, .access = PL1_RW,
- .fieldoffset = offsetoflow32(CPUARMState, cp15.mair_el1),
+ .bank_fieldoffsets = { offsetof(CPUARMState, cp15.mair0_s),
+ offsetof(CPUARMState, cp15.mair0_ns) },
.resetfn = arm_cp_reset_ignore },
{ .name = MAIR1, .state = ARM_CP_STATE_AA32, .type = ARM_CP_OVERRIDE,
.cp = 15, .opc1 = 0, .crn = 10, .crm = 2, .opc2 = 1, .access = PL1_RW,
- .fieldoffset = offsetofhigh32(CPUARMState, cp15.mair_el1),
+ .bank_fieldoffsets = { offsetof(CPUARMState, cp15.mair1_s),
+ offsetof(CPUARMState, cp15.mair1_ns) },
.resetfn = arm_cp_reset_ignore },
{ .name = ISR_EL1, .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .opc1 = 0, .crn = 12, .crm = 1, .opc2 = 0,
--
1.8.3.2
[Qemu-devel] Print Memory Address Range
Hello I am new to qemu development. I wanted to print the corresponding addresses involved when a memory has been assigned to a virtual machine. For example, when i invoke the following command qemu-system-i386 ubuntu.img -m 1G I need to be able to print the virtual addresses and physical addresses involved. Like above 1G memory involved: Guest Virtual Addr = 0x12345678..to 0x87654321.. Guest Physical Addr = 0x23456781..to 0x74536733..(This is the one that gets mapped to host virtual memory if my understanding is right). Note: Above numbers are just for explanation. When I looked into the source code of qemu, I see that this size whatever we are mentioning in the command here is assigned as a part of |ram_addr_t| block. But I am not able to find as how to proceed to find the corresponding addresses for this size. Once I find the addresses, I need to perform the encryption of the contents present at this location. Kindly help me in this regard at the earliest.
[Qemu-devel] [PATCH v8 19/27] target-arm: make DACR banked
From: Fabian Aggeler aggel...@ethz.ch
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
DACR has a secure and a non-secure instance.
Signed-off-by: Fabian Aggeler aggel...@ethz.ch
Signed-off-by: Greg Bellows greg.bell...@linaro.org
---
hw/arm/pxa2xx.c | 2 +-
target-arm/cpu.h| 13 +++--
target-arm/helper.c | 19 +++
3 files changed, 23 insertions(+), 11 deletions(-)
diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index 641b148..ac13d0b 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -276,7 +276,7 @@ static void pxa2xx_pwrmode_write(CPUARMState *env, const
ARMCPRegInfo *ri,
s-cpu-env.cp15.sctlr_ns = 0;
s-cpu-env.cp15.c1_coproc = 0;
s-cpu-env.cp15.ttbr0_el[1] = 0;
-s-cpu-env.cp15.c3 = 0;
+s-cpu-env.cp15.dacr_ns = 0;
s-pm_regs[PSSR 2] |= 0x8; /* Set STS */
s-pm_regs[RCSR 2] |= 0x8; /* Set GPR */
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 6e9f1c3..6d39af1 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -236,8 +236,17 @@ typedef struct CPUARMState {
};
uint32_t c2_data; /* MPU data cachable bits. */
uint32_t c2_insn; /* MPU instruction cachable bits. */
-uint32_t c3; /* MMU domain access control register
-MPU write buffer control. */
+union { /* MMU domain access control register
+ * MPU write buffer control.
+ */
+struct {
+uint32_t dacr_ns;
+uint32_t dacr_s;
+};
+struct {
+uint32_t dacr32_el2;
+};
+};
uint32_t pmsav5_data_ap; /* PMSAv5 MPU data access permissions */
uint32_t pmsav5_insn_ap; /* PMSAv5 MPU insn access permissions */
uint64_t hcr_el2; /* Hypervisor configuration register */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 27eaf9c..eaae534 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -437,8 +437,10 @@ static const ARMCPRegInfo not_v8_cp_reginfo[] = {
/* MMU Domain access control / MPU write buffer control */
{ .name = DACR, .cp = 15,
.crn = 3, .crm = CP_ANY, .opc1 = CP_ANY, .opc2 = CP_ANY,
- .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c3),
- .resetvalue = 0, .writefn = dacr_write, .raw_writefn = raw_write, },
+ .access = PL1_RW, .resetvalue = 0,
+ .writefn = dacr_write, .raw_writefn = raw_write,
+ .bank_fieldoffsets = { offsetof(CPUARMState, cp15.dacr_s),
+ offsetof(CPUARMState, cp15.dacr_ns) } },
/* ??? This covers not just the impdef TLB lockdown registers but also
* some v7VMSA registers relating to TEX remap, so it is overly broad.
*/
@@ -2256,10 +2258,11 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
{ .name = DCCISW, .cp = 15, .opc1 = 0, .crn = 7, .crm = 14, .opc2 = 2,
.type = ARM_CP_NOP, .access = PL1_W },
/* MMU Domain access control / MPU write buffer control */
-{ .name = DACR, .cp = 15,
- .opc1 = 0, .crn = 3, .crm = 0, .opc2 = 0,
- .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c3),
- .resetvalue = 0, .writefn = dacr_write, .raw_writefn = raw_write, },
+{ .name = DACR, .cp = 15, .opc1 = 0, .crn = 3, .crm = 0, .opc2 = 0,
+ .access = PL1_RW, .resetvalue = 0,
+ .writefn = dacr_write, .raw_writefn = raw_write,
+ .bank_fieldoffsets = { offsetof(CPUARMState, cp15.dacr_s),
+ offsetof(CPUARMState, cp15.dacr_ns) } },
{ .name = ELR_EL1, .state = ARM_CP_STATE_AA64,
.type = ARM_CP_NO_MIGRATE,
.opc0 = 3, .opc1 = 0, .crn = 4, .crm = 0, .opc2 = 1,
@@ -4494,7 +4497,7 @@ static int get_phys_addr_v5(CPUARMState *env, uint32_t
address, int access_type,
desc = ldl_phys(cs-as, table);
type = (desc 3);
domain = (desc 5) 0x0f;
-domain_prot = (env-cp15.c3 (domain * 2)) 3;
+domain_prot = (A32_BANKED_CURRENT_REG_GET(env, dacr) (domain * 2)) 3;
if (type == 0) {
/* Section translation fault. */
code = 5;
@@ -4606,7 +4609,7 @@ static int get_phys_addr_v6(CPUARMState *env, uint32_t
address, int access_type,
/* Page or Section. */
domain = (desc 5) 0x0f;
}
-domain_prot = (env-cp15.c3 (domain * 2)) 3;
+domain_prot = (A32_BANKED_CURRENT_REG_GET(env, dacr) (domain * 2)) 3;
if (domain_prot == 0 || domain_prot == 2) {
if (type != 1) {
code = 9; /* Section domain fault. */
--
1.8.3.2
[Qemu-devel] [PATCH v2 04/16] hw/intc/arm_gic: Add Security Extensions property
From: Fabian Aggeler aggel...@ethz.ch
The existing implementation does not support Security Extensions mentioned
in the GICv1 and GICv2 architecture specification. Security Extensions are
not available on all GICs. This property makes it possible to enable Security
Extensions.
It also makes GICD_TYPER/ICDICTR.SecurityExtn RAO for GICs which implement
Security Extensions.
Signed-off-by: Fabian Aggeler aggel...@ethz.ch
---
v1 - v2
- Change GICState security extension property from a uint8 type to bool
---
hw/intc/arm_gic.c| 5 -
hw/intc/arm_gic_common.c | 1 +
include/hw/intc/arm_gic_common.h | 1 +
3 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
index ea05f8f..0ee7778 100644
--- a/hw/intc/arm_gic.c
+++ b/hw/intc/arm_gic.c
@@ -298,7 +298,10 @@ static uint32_t gic_dist_readb(void *opaque, hwaddr offset)
if (offset == 0)
return s-enabled;
if (offset == 4)
-return ((s-num_irq / 32) - 1) | ((NUM_CPU(s) - 1) 5);
+/* Interrupt Controller Type Register */
+return ((s-num_irq / 32) - 1)
+| ((NUM_CPU(s) - 1) 5)
+| (s-security_extn 10);
if (offset 0x08)
return 0;
if (offset = 0x80) {
diff --git a/hw/intc/arm_gic_common.c b/hw/intc/arm_gic_common.c
index 18b01ba..e35049d 100644
--- a/hw/intc/arm_gic_common.c
+++ b/hw/intc/arm_gic_common.c
@@ -149,6 +149,7 @@ static Property arm_gic_common_properties[] = {
* (Internally, 0x also indicates not a GIC but an NVIC.)
*/
DEFINE_PROP_UINT32(revision, GICState, revision, 1),
+DEFINE_PROP_BOOL(security-extn, GICState, security_extn, 0),
DEFINE_PROP_END_OF_LIST(),
};
diff --git a/include/hw/intc/arm_gic_common.h b/include/hw/intc/arm_gic_common.h
index 01c6f24..7825134 100644
--- a/include/hw/intc/arm_gic_common.h
+++ b/include/hw/intc/arm_gic_common.h
@@ -105,6 +105,7 @@ typedef struct GICState {
MemoryRegion cpuiomem[GIC_NCPU + 1]; /* CPU interfaces */
uint32_t num_irq;
uint32_t revision;
+bool security_extn;
int dev_fd; /* kvm device fd if backed by kvm vgic support */
} GICState;
--
1.8.3.2
[Qemu-devel] [PATCH v8 17/27] target-arm: add TCR_EL3 and make TTBCR banked
From: Fabian Aggeler aggel...@ethz.ch
Adds TCR_EL3 system register and makes existing TTBCR banked. Adjust
translation functions to use TCR/TTBCR instance depending on CPU state.
Signed-off-by: Fabian Aggeler aggel...@ethz.ch
Signed-off-by: Greg Bellows greg.bell...@linaro.org
---
v5 - v6
- Changed _el field variants to be array based
v4 - v5
- Changed c2_mask updates to use the TTBCR cpreg bank flag for selcting the
secure bank instead of the A32_BANKED_CURRENT macro. This more accurately
chooses the correct bank matching that of the TTBCR being accessed.
---
target-arm/cpu.h | 10 +-
target-arm/helper.c| 48 +++-
target-arm/internals.h | 2 +-
3 files changed, 45 insertions(+), 15 deletions(-)
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index fe96869..f125bdd 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -217,7 +217,15 @@ typedef struct CPUARMState {
};
uint64_t ttbr1_el[4];
};
-uint64_t c2_control; /* MMU translation table base control. */
+union { /* MMU translation table base control. */
+struct {
+uint64_t _unused_ttbcr_0;
+uint64_t ttbcr_ns;
+uint64_t _unused_ttbcr_1;
+uint64_t ttbcr_s;
+};
+uint64_t tcr_el[4];
+};
uint32_t c2_mask; /* MMU translation table base selection mask. */
uint32_t c2_base_mask; /* MMU translation table base 0 mask. */
uint32_t c2_data; /* MPU data cachable bits. */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 598f0d1..896b40d 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1659,11 +1659,12 @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
.opc0 = 3, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 2,
.access = PL1_RW, .writefn = vmsa_tcr_el1_write,
.resetfn = vmsa_ttbcr_reset, .raw_writefn = raw_write,
- .fieldoffset = offsetof(CPUARMState, cp15.c2_control) },
+ .fieldoffset = offsetof(CPUARMState, cp15.tcr_el[1]) },
{ .name = TTBCR, .cp = 15, .crn = 2, .crm = 0, .opc1 = 0, .opc2 = 2,
.access = PL1_RW, .type = ARM_CP_NO_MIGRATE, .writefn = vmsa_ttbcr_write,
.resetfn = arm_cp_reset_ignore, .raw_writefn = vmsa_ttbcr_raw_write,
- .fieldoffset = offsetoflow32(CPUARMState, cp15.c2_control) },
+ .bank_fieldoffsets = { offsetoflow32(CPUARMState, cp15.ttbcr_s),
+ offsetoflow32(CPUARMState, cp15.ttbcr_ns) } },
/* 64-bit FAR; this entry also gives us the AArch32 DFAR */
{ .name = FAR_EL1, .state = ARM_CP_STATE_BOTH,
.opc0 = 3, .crn = 6, .crm = 0, .opc1 = 0, .opc2 = 0,
@@ -2349,6 +2350,11 @@ static const ARMCPRegInfo v8_el3_cp_reginfo[] = {
.opc0 = 3, .crn = 2, .crm = 0, .opc1 = 6, .opc2 = 0,
.access = PL3_RW, .writefn = vmsa_ttbr_write, .resetvalue = 0,
.fieldoffset = offsetof(CPUARMState, cp15.ttbr0_el[3]) },
+{ .name = TCR_EL3, .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .crn = 2, .crm = 0, .opc1 = 6, .opc2 = 2,
+ .access = PL3_RW, .writefn = vmsa_tcr_el1_write,
+ .resetfn = vmsa_ttbcr_reset, .raw_writefn = raw_write,
+ .fieldoffset = offsetof(CPUARMState, cp15.tcr_el[3]) },
{ .name = ELR_EL3, .state = ARM_CP_STATE_AA64,
.type = ARM_CP_NO_MIGRATE,
.opc0 = 3, .opc1 = 6, .crn = 4, .crm = 0, .opc2 = 1,
@@ -4435,13 +4441,13 @@ static bool get_level1_table_address(CPUARMState *env,
uint32_t *table,
* table registers.
*/
if (address env-cp15.c2_mask) {
-if ((env-cp15.c2_control TTBCR_PD1)) {
+if (A32_BANKED_CURRENT_REG_GET(env, ttbcr) TTBCR_PD1) {
/* Translation table walk disabled for TTBR1 */
return false;
}
*table = A32_BANKED_CURRENT_REG_GET(env, ttbr1) 0xc000;
} else {
-if ((env-cp15.c2_control TTBCR_PD0)) {
+if (A32_BANKED_CURRENT_REG_GET(env, ttbcr) TTBCR_PD0) {
/* Translation table walk disabled for TTBR0 */
return false;
}
@@ -4701,13 +4707,29 @@ static int get_phys_addr_lpae(CPUARMState *env,
target_ulong address,
int32_t va_size = 32;
int32_t tbi = 0;
uint32_t cur_el = arm_current_el(env);
+uint64_t tcr;
-if (arm_el_is_aa64(env, 1)) {
+if (arm_el_is_aa64(env, 3)) {
+switch (cur_el) {
+case 3:
+tcr = env-cp15.tcr_el[3];
+break;
+case 1:
+case 0:
+default:
+tcr = env-cp15.tcr_el[1];
+}
+
+} else {
+tcr = A32_BANKED_CURRENT_REG_GET(env, ttbcr);
+}
+
+if (arm_el_is_aa64(env, 1) (cur_el == 0 || cur_el == 1)) {
va_size = 64;
if (extract64(address, 55, 1))
-tbi = extract64(env-cp15.c2_control, 38, 1);
+tbi = extract64(tcr, 38, 1);
else
-tbi = extract64(env-cp15.c2_control, 37, 1);
+
Re: [Qemu-devel] [PATCH v8 08/27] target-arm: move AArch32 SCR into security reglist
On 30 October 2014 21:28, Greg Bellows greg.bell...@linaro.org wrote: From: Fabian Aggeler aggel...@ethz.ch Define a new ARM CP register info list for the ARMv7 Security Extension feature. Register that list only for ARM cores with Security Extension/EL3 support. Moving AArch32 SCR into Security Extension register group. Signed-off-by: Sergey Fedorov s.fedo...@samsung.com Signed-off-by: Fabian Aggeler aggel...@ethz.ch Signed-off-by: Greg Bellows greg.bell...@linaro.org I have a feeling we might find we can just merge v8_el3_cp_reginfo and el3_cp_reginfo together, but we can always do that later. Reviewed-by: Peter Maydell peter.mayd...@linaro.org thanks -- PMM
[Qemu-devel] [PATCH v8 09/27] target-arm: implement IRQ/FIQ routing to Monitor mode
From: Fabian Aggeler aggel...@ethz.ch
SCR.{IRQ/FIQ} bits allow to route IRQ/FIQ exceptions to monitor CPU
mode. When taking IRQ exception to monitor mode FIQ exception is
additionally masked.
Signed-off-by: Sergey Fedorov s.fedo...@samsung.com
Signed-off-by: Fabian Aggeler aggel...@ethz.ch
Signed-off-by: Greg Bellows greg.bell...@linaro.org
---
target-arm/helper.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 3fdd3c2..e73756d 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -4227,12 +4227,21 @@ void arm_cpu_do_interrupt(CPUState *cs)
/* Disable IRQ and imprecise data aborts. */
mask = CPSR_A | CPSR_I;
offset = 4;
+if (env-cp15.scr_el3 SCR_IRQ) {
+/* IRQ routed to monitor mode */
+new_mode = ARM_CPU_MODE_MON;
+mask |= CPSR_F;
+}
break;
case EXCP_FIQ:
new_mode = ARM_CPU_MODE_FIQ;
addr = 0x1c;
/* Disable FIQ, IRQ and imprecise data aborts. */
mask = CPSR_A | CPSR_I | CPSR_F;
+if (env-cp15.scr_el3 SCR_FIQ) {
+/* FIQ routed to monitor mode */
+new_mode = ARM_CPU_MODE_MON;
+}
offset = 4;
break;
case EXCP_SMC:
--
1.8.3.2
Re: [Qemu-devel] Bug in recent postcopy patch
* Gary Hook (gary.h...@nimboxx.com) wrote: On 10/30/14, 3:08 PM, Dr. David Alan Gilbert dgilb...@redhat.com wrote: I posted another thread asking about migration failure due to a copy taking too long, but got no traction. In the case where the problem raises its head we have turned tunneling on. A tiny VM (2GB in size) migrates fine using the same procedure. Again, no shared storage. Is the guest that doesn't migrate idle or is it busily changing lots of memory? Quite idle. Boot the VM, no need to start a workload, try to migrate. Failure. Also, very large VMs will fail to migrate (non-tunneled). This _seems_ to also be related to the amount of time required to copy everything from A to B. Again, tunneling seems to more quickly expose this issue as it increases the amount of time required to copy the qcow2 file over the network. I will add here that I¹ve watched the qcow2 file grow, made a copy of it (on the receiving end) before it gets deleted, and been able to start a VM using the file. It would seem to be copasetic. I need to add tracing code to the emulator, in a way that doesn¹t rely upon command line options or environment variables. I don¹t see any such facility at this point. Specifically, I want to begin by watching what is going through the monitor (I.e. Return values from qemu-system-x86_64 and why there are complaints.) Unless you have any clear explanation as to why the emulator is throwing an error, could you suggest any areas I may want to focus my efforts? No I don't, but there again I've not done any block stuff, and it sounds like your problem is mostly related to moving the image file (which I thought libvirt preferred to do using NBD underneath now, but again, I'm not a block guy). Thanks for the report. Thank you for your time and ownership. No problem; note the postcopy code is still quite young, so don't be too surprised if you hit other issues. Of course; it¹s fresh out of the oven. But the migration of VMs using non-shared storage is not (tunneled or otherwise), and that¹s really what I am focused on. Again, much appreciation. Dave Gary -- Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
Re: [Qemu-devel] [PATCH 1/4] block: Add bdrv_next_node
On 10/28/2014 11:04 PM, Fam Zheng wrote: Similar to bdrv_next, this traverses through graph_bdrv_states. Will be useful to enumerate all the named nodes. Signed-off-by: Fam Zheng f...@redhat.com --- block.c | 8 include/block/block.h | 1 + 2 files changed, 9 insertions(+) Reviewed-by: Eric Blake ebl...@redhat.com -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature
[Qemu-devel] [PATCH 3/4] gtk: Install vc accelerators on parent window
So they are usable when we hide the menubar in upcoming patches. This
has the accelerator text caveat as the fullscreen bit in the previous
patch.
Signed-off-by: Cole Robinson crobi...@redhat.com
---
ui/gtk.c | 22 +++---
1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/ui/gtk.c b/ui/gtk.c
index af8b2d0..552a73b 100644
--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -1020,6 +1020,12 @@ static void gd_menu_switch_vc(GtkMenuItem *item, void
*opaque)
}
}
+static void gd_accel_switch_vc(void *opaque)
+{
+VirtualConsole *vc = opaque;
+gtk_check_menu_item_set_active(GTK_CHECK_MENU_ITEM(vc-menu_item), TRUE);
+}
+
static void gd_menu_show_tabs(GtkMenuItem *item, void *opaque)
{
GtkDisplayState *s = opaque;
@@ -1407,19 +1413,21 @@ static gboolean gd_focus_out_event(GtkWidget *widget,
static GSList *gd_vc_menu_init(GtkDisplayState *s, VirtualConsole *vc,
int idx, GSList *group, GtkWidget *view_menu)
{
-char path[32];
-
-snprintf(path, sizeof(path), QEMU/View/VC%d, idx);
-
vc-menu_item = gtk_radio_menu_item_new_with_mnemonic(group, vc-label);
-group = gtk_radio_menu_item_get_group(GTK_RADIO_MENU_ITEM(vc-menu_item));
-gtk_menu_item_set_accel_path(GTK_MENU_ITEM(vc-menu_item), path);
-gtk_accel_map_add_entry(path, GDK_KEY_1 + idx, HOTKEY_MODIFIERS);
+gtk_accel_group_connect(s-accel_group, GDK_KEY_1 + idx,
+HOTKEY_MODIFIERS, 0,
+g_cclosure_new_swap(G_CALLBACK(gd_accel_switch_vc), vc, NULL));
+#if GTK_CHECK_VERSION(3, 8, 0)
+gtk_accel_label_set_accel(
+GTK_ACCEL_LABEL(gtk_bin_get_child(GTK_BIN(vc-menu_item))),
+GDK_KEY_1 + idx, HOTKEY_MODIFIERS);
+#endif
g_signal_connect(vc-menu_item, activate,
G_CALLBACK(gd_menu_switch_vc), s);
gtk_menu_shell_append(GTK_MENU_SHELL(view_menu), vc-menu_item);
+group = gtk_radio_menu_item_get_group(GTK_RADIO_MENU_ITEM(vc-menu_item));
return group;
}
--
2.1.0
[Qemu-devel] [PATCH v7 15/16] hw/vfio/common: vfio_kvm_device_fd moved in the common header
the device is now used in platform for forwarded IRQ setup
Signed-off-by: Eric Auger eric.au...@linaro.org
---
hw/vfio/common.c | 3 ++-
include/hw/vfio/vfio-common.h | 5 +
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index fbd9e7f..99ff89a 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -44,9 +44,10 @@ struct vfio_as_head vfio_address_spaces =
* initialized, this file descriptor is only released on QEMU exit and
* we'll re-use it should another vfio device be attached before then.
*/
-static int vfio_kvm_device_fd = -1;
+int vfio_kvm_device_fd = -1;
#endif
+
/*
* Common VFIO interrupt disable
*/
diff --git a/include/hw/vfio/vfio-common.h b/include/hw/vfio/vfio-common.h
index 83c7876..0ae0153 100644
--- a/include/hw/vfio/vfio-common.h
+++ b/include/hw/vfio/vfio-common.h
@@ -41,6 +41,11 @@
#define VFIO_ALLOW_KVM_MSI 1
#define VFIO_ALLOW_KVM_MSIX 1
+#ifdef CONFIG_KVM
+extern int vfio_kvm_device_fd;
+#endif
+
+
enum {
VFIO_DEVICE_TYPE_PCI = 0,
VFIO_DEVICE_TYPE_PLATFORM = 1,
--
1.8.3.2
Re: [Qemu-devel] [PATCH RFC 2/2] block: Warn on insecure format probing
Am 31.10.2014 um 12:24 hat Stefan Hajnoczi geschrieben: On Thu, Oct 30, 2014 at 10:36:35AM +0100, Kevin Wolf wrote: Am 30.10.2014 um 10:27 hat Stefan Hajnoczi geschrieben: The guest may legitimately use raw devices that contain image format data. Imagine tools similar to libguestfs. It's perfectly okay for them to lay out image format data onto a raw device. Probing is the problem, not putting image format data onto a raw device. Agreed, that's why any restrictions only apply when probing was used to detect a raw image. If you want to do anything exotic like storing a qcow2 image for nested virt on a disk that is a raw image in the host, then making sure to pass format=raw shouldn't be too much. Because at that point the solution is way over-engineered. Probing checks should be in the QEMU command-line code, not sprinkled across the codebase and even at run-time. Isn't Markus approach much simpler and cleaner? I don't think so. My code isn't sprinkled across the codebase, it has the checks right where the problem arises, in the raw block driver. It's with Markus's approach that we'll have to have code in many different places as I showed. Its fundamental assumption that there is always a filename string and the filename isn't passed in some QDict option is simply wrong. Specifying the image is driver-dependent and therefore you'd have to add functionality to each driver in order to get the filename extension (or the information that there isn't anything close enough to a filename). The only argument brought up so far that I can reasonably buy is that in the unlikely case of the restrictions applying it may be surprising for the user to see requests failing. To address this, we could print a warning when an image is opened in the restricted raw mode. This way the user knows what's going on, and at the same time we still effectively protect them instead of only printing a warning without real protection. Kevin pgpS3bV8vpuyN.pgp Description: PGP signature
Re: [Qemu-devel] [PATCH v8 06/27] target-arm: add secure state bit to CPREG hash
On 31 October 2014 12:28, Peter Maydell peter.mayd...@linaro.org wrote: On 30 October 2014 21:28, Greg Bellows greg.bell...@linaro.org wrote: static void add_cpreg_to_hashtable(ARMCPU *cpu, const ARMCPRegInfo *r, void *opaque, int state, - int crm, int opc1, int opc2) + int crm, int opc1, int opc2, int nsbit) Again, I think I'd rather we put 'nsbit' after 'state' rather than at the end. Also you probably want 'bool ns' rather than 'int nsbit'. ...actually, what you want here is int secstate and pass in either ARM_CP_SECSTATE_S or ARM_CP_SECSTATE_NS. (This matches the way the 'state' parameter takes one of the ARM_CP_STATE_* values.) -- PMM
[Qemu-devel] [PATCH v8 25/27] target-arm: make c13 cp regs banked (FCSEIDR, ...)
From: Fabian Aggeler aggel...@ethz.ch
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
FCSEIDR, CONTEXTIDR, TPIDRURW, TPIDRURO and TPIDRPRW have a secure
and a non-secure instance.
Signed-off-by: Fabian Aggeler aggel...@ethz.ch
Signed-off-by: Greg Bellows greg.bell...@linaro.org
---
v6 - v7
- Fix linux-user/arm/target-cpu.h to use array based tpidr_el.
- Fix linux-user/main.c to use array based tpidrro_el.
- Remove tab identified by checkpatch failure.
- FIx linux-user/aarch64/target_cpu.h to use array based tpidr_el.
v5 - v6
- Changed _el field variants to be array based
- Rework data layout for correct aliasing
- Merged CONTEXTIDR and CONTEXTIDR_EL1 reginfo entries
v3 - v4
- Fix tpidrprw mapping
---
linux-user/aarch64/target_cpu.h | 2 +-
linux-user/arm/target_cpu.h | 2 +-
linux-user/main.c | 72 -
target-arm/cpu.h| 35 +---
target-arm/helper.c | 37 -
target-arm/op_helper.c | 2 +-
6 files changed, 91 insertions(+), 59 deletions(-)
diff --git a/linux-user/aarch64/target_cpu.h b/linux-user/aarch64/target_cpu.h
index 21560ef..b5593dc 100644
--- a/linux-user/aarch64/target_cpu.h
+++ b/linux-user/aarch64/target_cpu.h
@@ -32,7 +32,7 @@ static inline void cpu_set_tls(CPUARMState *env, target_ulong
newtls)
/* Note that AArch64 Linux keeps the TLS pointer in TPIDR; this is
* different from AArch32 Linux, which uses TPIDRRO.
*/
-env-cp15.tpidr_el0 = newtls;
+env-cp15.tpidr_el[0] = newtls;
}
#endif
diff --git a/linux-user/arm/target_cpu.h b/linux-user/arm/target_cpu.h
index 39d65b6..d8a534d 100644
--- a/linux-user/arm/target_cpu.h
+++ b/linux-user/arm/target_cpu.h
@@ -29,7 +29,7 @@ static inline void cpu_clone_regs(CPUARMState *env,
target_ulong newsp)
static inline void cpu_set_tls(CPUARMState *env, target_ulong newtls)
{
-env-cp15.tpidrro_el0 = newtls;
+env-cp15.tpidrro_el[0] = newtls;
}
#endif
diff --git a/linux-user/main.c b/linux-user/main.c
index 483eb3f..4f2bae2 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -564,7 +564,7 @@ do_kernel_trap(CPUARMState *env)
end_exclusive();
break;
case 0x0fe0: /* __kernel_get_tls */
-env-regs[0] = env-cp15.tpidrro_el0;
+env-regs[0] = env-cp15.tpidrro_el[0];
break;
case 0x0f60: /* __kernel_cmpxchg64 */
arm_kernel_cmpxchg64_helper(env);
@@ -2804,7 +2804,7 @@ void cpu_loop(CPUCRISState *env)
CPUState *cs = CPU(cris_env_get_cpu(env));
int trapnr, ret;
target_siginfo_t info;
-
+
while (1) {
trapnr = cpu_cris_exec (env);
switch (trapnr) {
@@ -2822,13 +2822,13 @@ void cpu_loop(CPUCRISState *env)
/* just indicate that signals should be handled asap */
break;
case EXCP_BREAK:
-ret = do_syscall(env,
- env-regs[9],
- env-regs[10],
- env-regs[11],
- env-regs[12],
- env-regs[13],
- env-pregs[7],
+ret = do_syscall(env,
+ env-regs[9],
+ env-regs[10],
+ env-regs[11],
+ env-regs[12],
+ env-regs[13],
+ env-pregs[7],
env-pregs[11],
0, 0);
env-regs[10] = ret;
@@ -2863,7 +2863,7 @@ void cpu_loop(CPUMBState *env)
CPUState *cs = CPU(mb_env_get_cpu(env));
int trapnr, ret;
target_siginfo_t info;
-
+
while (1) {
trapnr = cpu_mb_exec (env);
switch (trapnr) {
@@ -2884,13 +2884,13 @@ void cpu_loop(CPUMBState *env)
/* Return address is 4 bytes after the call. */
env-regs[14] += 4;
env-sregs[SR_PC] = env-regs[14];
-ret = do_syscall(env,
- env-regs[12],
- env-regs[5],
- env-regs[6],
- env-regs[7],
- env-regs[8],
- env-regs[9],
+ret = do_syscall(env,
+ env-regs[12],
+ env-regs[5],
+ env-regs[6],
+ env-regs[7],
+ env-regs[8],
+ env-regs[9],
env-regs[10],
0, 0);
env-regs[3] = ret;
@@ -3424,7 +3424,7 @@ void stop_all_tasks(void)
void init_task_state(TaskState *ts)
{
int i;
-
+
ts-used = 1;
ts-first_free = ts-sigqueue_table;
for (i = 0; i MAX_SIGQUEUE_SIZE - 1; i++) {
@@ -4271,23 +4271,23
[Qemu-devel] [PATCH 2/4] gtk: Install fullscreen accelerator on toplevel window
Instead of installing it on the menu. This will be needed to keep the
fullscreen keyboard shortcut working when we hide the menu (in future
patches).
On gtk 3.8, this has the unfortunate side effect of no longer listing
the key combo in the UI. We could manually change the label in that case,
but it will look visually out of place, and I'm not sure if anyone really
cares.
Signed-off-by: Cole Robinson crobi...@redhat.com
---
ui/gtk.c | 18 ++
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/ui/gtk.c b/ui/gtk.c
index 97ac4c9..af8b2d0 100644
--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -1123,6 +1123,12 @@ static void gd_menu_full_screen(GtkMenuItem *item, void
*opaque)
gd_update_cursor(vc);
}
+static void gd_accel_full_screen(void *opaque)
+{
+GtkDisplayState *s = opaque;
+gtk_menu_item_activate(GTK_MENU_ITEM(s-full_screen_item));
+}
+
static void gd_menu_zoom_in(GtkMenuItem *item, void *opaque)
{
GtkDisplayState *s = opaque;
@@ -1704,10 +1710,14 @@ static GtkWidget *gd_create_menu_view(GtkDisplayState
*s)
gtk_menu_set_accel_group(GTK_MENU(view_menu), s-accel_group);
s-full_screen_item = gtk_menu_item_new_with_mnemonic(_(_Fullscreen));
-gtk_menu_item_set_accel_path(GTK_MENU_ITEM(s-full_screen_item),
- QEMU/View/Full Screen);
-gtk_accel_map_add_entry(QEMU/View/Full Screen, GDK_KEY_f,
-HOTKEY_MODIFIERS);
+
+gtk_accel_group_connect(s-accel_group, GDK_KEY_f, HOTKEY_MODIFIERS, 0,
+g_cclosure_new_swap(G_CALLBACK(gd_accel_full_screen), s, NULL));
+#if GTK_CHECK_VERSION(3, 8, 0)
+gtk_accel_label_set_accel(
+GTK_ACCEL_LABEL(gtk_bin_get_child(GTK_BIN(s-full_screen_item))),
+GDK_KEY_f, HOTKEY_MODIFIERS);
+#endif
gtk_menu_shell_append(GTK_MENU_SHELL(view_menu), s-full_screen_item);
separator = gtk_separator_menu_item_new();
--
2.1.0
[Qemu-devel] [PATCH v7 10/16] hw/vfio: calxeda xgmac device
The platform device class has become abstract. The device can be be
instantiated on command line using such option.
-device vfio-calxeda-xgmac,host=fff51000.ethernet
Signed-off-by: Eric Auger eric.au...@linaro.org
---
v5 - v6
- back again following Alex Graf advises
- fix a bug related to compat override
v4 - v5:
removed since device tree was moved to hw/arm/dyn_sysbus_devtree.c
v4: creation for device tree specialization
---
hw/vfio/Makefile.objs| 1 +
hw/vfio/calxeda_xgmac.c | 54
include/hw/vfio/vfio-calxeda-xgmac.h | 41 +++
3 files changed, 96 insertions(+)
create mode 100644 hw/vfio/calxeda_xgmac.c
create mode 100644 include/hw/vfio/vfio-calxeda-xgmac.h
diff --git a/hw/vfio/Makefile.objs b/hw/vfio/Makefile.objs
index c5c76fe..913ab14 100644
--- a/hw/vfio/Makefile.objs
+++ b/hw/vfio/Makefile.objs
@@ -2,4 +2,5 @@ ifeq ($(CONFIG_LINUX), y)
obj-$(CONFIG_SOFTMMU) += common.o
obj-$(CONFIG_PCI) += pci.o
obj-$(CONFIG_SOFTMMU) += platform.o
+obj-$(CONFIG_SOFTMMU) += calxeda_xgmac.o
endif
diff --git a/hw/vfio/calxeda_xgmac.c b/hw/vfio/calxeda_xgmac.c
new file mode 100644
index 000..199e076
--- /dev/null
+++ b/hw/vfio/calxeda_xgmac.c
@@ -0,0 +1,54 @@
+/*
+ * calxeda xgmac example VFIO device
+ *
+ * Copyright Linaro Limited, 2014
+ *
+ * Authors:
+ * Eric Auger eric.au...@linaro.org
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#include hw/vfio/vfio-calxeda-xgmac.h
+
+static void calxeda_xgmac_realize(DeviceState *dev, Error **errp)
+{
+VFIOPlatformDevice *vdev = VFIO_PLATFORM_DEVICE(dev);
+VFIOCalxedaXgmacDeviceClass *k = VFIO_CALXEDA_XGMAC_DEVICE_GET_CLASS(dev);
+
+vdev-compat = g_strdup(calxeda,hb-xgmac);
+
+k-parent_realize(dev, errp);
+}
+
+static const VMStateDescription vfio_platform_vmstate = {
+.name = TYPE_VFIO_CALXEDA_XGMAC,
+.unmigratable = 1,
+};
+
+static void vfio_calxeda_xgmac_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+VFIOCalxedaXgmacDeviceClass *vcxc =
+VFIO_CALXEDA_XGMAC_DEVICE_CLASS(klass);
+vcxc-parent_realize = dc-realize;
+dc-realize = calxeda_xgmac_realize;
+dc-desc = VFIO Calxeda XGMAC;
+}
+
+static const TypeInfo vfio_calxeda_xgmac_dev_info = {
+.name = TYPE_VFIO_CALXEDA_XGMAC,
+.parent = TYPE_VFIO_PLATFORM,
+.instance_size = sizeof(VFIOCalxedaXgmacDevice),
+.class_init = vfio_calxeda_xgmac_class_init,
+.class_size = sizeof(VFIOCalxedaXgmacDeviceClass),
+};
+
+static void register_calxeda_xgmac_dev_type(void)
+{
+type_register_static(vfio_calxeda_xgmac_dev_info);
+}
+
+type_init(register_calxeda_xgmac_dev_type)
diff --git a/include/hw/vfio/vfio-calxeda-xgmac.h
b/include/hw/vfio/vfio-calxeda-xgmac.h
new file mode 100644
index 000..1529cf5
--- /dev/null
+++ b/include/hw/vfio/vfio-calxeda-xgmac.h
@@ -0,0 +1,41 @@
+/*
+ * VFIO calxeda xgmac device
+ *
+ * Copyright Linaro Limited, 2014
+ *
+ * Authors:
+ * Eric Auger eric.au...@linaro.org
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef HW_VFIO_VFIO_CALXEDA_XGMAC_H
+#define HW_VFIO_VFIO_CALXEDA_XGMAC_H
+
+#include hw/vfio/vfio-platform.h
+
+#define TYPE_VFIO_CALXEDA_XGMAC vfio-calxeda-xgmac
+
+typedef struct VFIOCalxedaXgmacDevice {
+VFIOPlatformDevice vdev;
+} VFIOCalxedaXgmacDevice;
+
+typedef struct VFIOCalxedaXgmacDeviceClass {
+/* private */
+VFIOPlatformDeviceClass parent_class;
+/* public */
+DeviceRealize parent_realize;
+} VFIOCalxedaXgmacDeviceClass;
+
+#define VFIO_CALXEDA_XGMAC_DEVICE(obj) \
+ OBJECT_CHECK(VFIOCalxedaXgmacDevice, (obj), TYPE_VFIO_CALXEDA_XGMAC)
+#define VFIO_CALXEDA_XGMAC_DEVICE_CLASS(klass) \
+ OBJECT_CLASS_CHECK(VFIOCalxedaXgmacDeviceClass, (klass), \
+TYPE_VFIO_CALXEDA_XGMAC)
+#define VFIO_CALXEDA_XGMAC_DEVICE_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(VFIOCalxedaXgmacDeviceClass, (obj), \
+ TYPE_VFIO_CALXEDA_XGMAC)
+
+#endif
--
1.8.3.2
[Qemu-devel] [PATCH v8 10/27] target-arm: add NSACR register
From: Fabian Aggeler aggel...@ethz.ch
Implements NSACR register with corresponding read/write functions
for ARMv7 and ARMv8.
Signed-off-by: Sergey Fedorov s.fedo...@samsung.com
Signed-off-by: Fabian Aggeler aggel...@ethz.ch
Signed-off-by: Greg Bellows greg.bell...@linaro.org
---
v7 - v8
- Update naming from c1_nsacr to nsacr to match other registers being changed.
- Remove NSACR read/write functions
v4 - v5
- Changed to use renamed arm_current_el()
---
target-arm/cpu.h| 6 ++
target-arm/helper.c | 3 +++
2 files changed, 9 insertions(+)
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 6bb7d39..88e22fb 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -181,6 +181,7 @@ typedef struct CPUARMState {
uint64_t c1_sys; /* System control register. */
uint64_t c1_coproc; /* Coprocessor access register. */
uint32_t c1_xscaleauxcr; /* XScale auxiliary control register. */
+uint32_t nsacr; /* Non-secure access control register. */
uint64_t ttbr0_el1; /* MMU translation table base 0. */
uint64_t ttbr1_el1; /* MMU translation table base 1. */
uint64_t c2_control; /* MMU translation table base control. */
@@ -634,6 +635,11 @@ static inline void xpsr_write(CPUARMState *env, uint32_t
val, uint32_t mask)
#define SCR_AARCH32_MASK (0x3fff ~(SCR_RW | SCR_ST))
#define SCR_AARCH64_MASK (0x3fff ~SCR_NET)
+#define NSACR_NSTRCDIS (1U 20)
+#define NSACR_RFR (1U 19)
+#define NSACR_NSASEDIS (1U 15)
+#define NSACR_NSD32DIS (1U 14)
+
/* Return the current FPSCR value. */
uint32_t vfp_get_fpscr(CPUARMState *env);
void vfp_set_fpscr(CPUARMState *env, uint32_t val);
diff --git a/target-arm/helper.c b/target-arm/helper.c
index e73756d..3c12eb3 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2344,6 +2344,9 @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
.cp = 15, .crn = 1, .crm = 1, .opc1 = 0, .opc2 = 0,
.access = PL3_RW, .resetvalue = 0, .writefn = scr_write,
.fieldoffset = offsetoflow32(CPUARMState, cp15.scr_el3) },
+{ .name = NSACR, .cp = 15, .crn = 1, .crm = 1, .opc1 = 0, .opc2 = 2,
+ .access = PL3_RW | PL1_R, .resetvalue = 0,
+ .fieldoffset = offsetof(CPUARMState, cp15.nsacr) },
REGINFO_SENTINEL
};
--
1.8.3.2
[Qemu-devel] [PATCH v8 20/27] target-arm: make IFSR banked
From: Fabian Aggeler aggel...@ethz.ch
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
IFSR has a secure and a non-secure instance.
Signed-off-by: Fabian Aggeler aggel...@ethz.ch
Signed-off-by: Greg Bellows greg.bell...@linaro.org
---
target-arm/cpu.h| 10 +-
target-arm/helper.c | 9 +
2 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 6d39af1..c44649e 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -251,7 +251,15 @@ typedef struct CPUARMState {
uint32_t pmsav5_insn_ap; /* PMSAv5 MPU insn access permissions */
uint64_t hcr_el2; /* Hypervisor configuration register */
uint64_t scr_el3; /* Secure configuration register. */
-uint32_t ifsr_el2; /* Fault status registers. */
+union { /* Fault status registers. */
+struct {
+uint32_t ifsr_ns;
+uint32_t ifsr_s;
+};
+struct {
+uint32_t ifsr32_el2;
+};
+};
uint64_t esr_el[4];
uint32_t c6_region[8]; /* MPU base/size registers. */
uint64_t far_el[4]; /* Fault address registers. */
diff --git a/target-arm/helper.c b/target-arm/helper.c
index eaae534..de355f5 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1653,8 +1653,9 @@ static const ARMCPRegInfo vmsa_cp_reginfo[] = {
.fieldoffset = offsetoflow32(CPUARMState, cp15.esr_el[1]),
.resetfn = arm_cp_reset_ignore, },
{ .name = IFSR, .cp = 15, .crn = 5, .crm = 0, .opc1 = 0, .opc2 = 1,
- .access = PL1_RW,
- .fieldoffset = offsetof(CPUARMState, cp15.ifsr_el2), .resetvalue = 0, },
+ .access = PL1_RW, .resetvalue = 0,
+ .bank_fieldoffsets = { offsetof(CPUARMState, cp15.ifsr_s),
+ offsetof(CPUARMState, cp15.ifsr_ns) } },
{ .name = ESR_EL1, .state = ARM_CP_STATE_AA64,
.opc0 = 3, .crn = 5, .crm = 2, .opc1 = 0, .opc2 = 0,
.access = PL1_RW,
@@ -4297,11 +4298,11 @@ void arm_cpu_do_interrupt(CPUState *cs)
env-exception.fsr = 2;
/* Fall through to prefetch abort. */
case EXCP_PREFETCH_ABORT:
-env-cp15.ifsr_el2 = env-exception.fsr;
+A32_BANKED_CURRENT_REG_SET(env, ifsr, env-exception.fsr);
env-cp15.far_el[1] = deposit64(env-cp15.far_el[1], 32, 32,
env-exception.vaddress);
qemu_log_mask(CPU_LOG_INT, ...with IFSR 0x%x IFAR 0x%x\n,
- env-cp15.ifsr_el2, (uint32_t)env-exception.vaddress);
+ env-exception.fsr, (uint32_t)env-exception.vaddress);
new_mode = ARM_CPU_MODE_ABT;
addr = 0x0c;
mask = CPSR_A | CPSR_I;
--
1.8.3.2
[Qemu-devel] [PATCH v7 06/16] hw/vfio/pci: rename group_list into vfio_group_list
better fit in the rest of the namespace
Signed-off-by: Eric Auger eric.au...@linaro.org
---
hw/vfio/pci.c | 22 +++---
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 0ee6f7f..2216bd4 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -283,7 +283,7 @@ static const VFIORomBlacklistEntry romblacklist[] = {
#define MSIX_CAP_LENGTH 12
static QLIST_HEAD(, VFIOGroup)
-group_list = QLIST_HEAD_INITIALIZER(group_list);
+vfio_group_list = QLIST_HEAD_INITIALIZER(vfio_group_list);
#ifdef CONFIG_KVM
/*
@@ -3454,7 +3454,7 @@ static int vfio_pci_hot_reset(VFIOPCIDevice *vdev, bool
single)
continue;
}
-QLIST_FOREACH(group, group_list, next) {
+QLIST_FOREACH(group, vfio_group_list, next) {
if (group-groupid == devices[i].group_id) {
break;
}
@@ -3501,7 +3501,7 @@ static int vfio_pci_hot_reset(VFIOPCIDevice *vdev, bool
single)
/* Determine how many group fds need to be passed */
count = 0;
-QLIST_FOREACH(group, group_list, next) {
+QLIST_FOREACH(group, vfio_group_list, next) {
for (i = 0; i info-count; i++) {
if (group-groupid == devices[i].group_id) {
count++;
@@ -3515,7 +3515,7 @@ static int vfio_pci_hot_reset(VFIOPCIDevice *vdev, bool
single)
fds = reset-group_fds[0];
/* Fill in group fds */
-QLIST_FOREACH(group, group_list, next) {
+QLIST_FOREACH(group, vfio_group_list, next) {
for (i = 0; i info-count; i++) {
if (group-groupid == devices[i].group_id) {
fds[reset-count++] = group-fd;
@@ -3550,7 +3550,7 @@ out:
continue;
}
-QLIST_FOREACH(group, group_list, next) {
+QLIST_FOREACH(group, vfio_group_list, next) {
if (group-groupid == devices[i].group_id) {
break;
}
@@ -3625,13 +3625,13 @@ static void vfio_reset_handler(void *opaque)
VFIOGroup *group;
VFIODevice *vbasedev;
-QLIST_FOREACH(group, group_list, next) {
+QLIST_FOREACH(group, vfio_group_list, next) {
QLIST_FOREACH(vbasedev, group-device_list, next) {
vbasedev-ops-vfio_compute_needs_reset(vbasedev);
}
}
-QLIST_FOREACH(group, group_list, next) {
+QLIST_FOREACH(group, vfio_group_list, next) {
QLIST_FOREACH(vbasedev, group-device_list, next) {
if (vbasedev-needs_reset) {
vbasedev-ops-vfio_hot_reset_multi(vbasedev);
@@ -3880,7 +3880,7 @@ static VFIOGroup *vfio_get_group(int groupid,
AddressSpace *as)
char path[32];
struct vfio_group_status status = { .argsz = sizeof(status) };
-QLIST_FOREACH(group, group_list, next) {
+QLIST_FOREACH(group, vfio_group_list, next) {
if (group-groupid == groupid) {
/* Found it. Now is it already in the right context? */
if (group-container-space-as == as) {
@@ -3922,11 +3922,11 @@ static VFIOGroup *vfio_get_group(int groupid,
AddressSpace *as)
goto close_fd_exit;
}
-if (QLIST_EMPTY(group_list)) {
+if (QLIST_EMPTY(vfio_group_list)) {
qemu_register_reset(vfio_reset_handler, NULL);
}
-QLIST_INSERT_HEAD(group_list, group, next);
+QLIST_INSERT_HEAD(vfio_group_list, group, next);
vfio_kvm_device_add_group(group);
@@ -3954,7 +3954,7 @@ static void vfio_put_group(VFIOGroup *group)
close(group-fd);
g_free(group);
-if (QLIST_EMPTY(group_list)) {
+if (QLIST_EMPTY(vfio_group_list)) {
qemu_unregister_reset(vfio_reset_handler, NULL);
}
}
--
1.8.3.2
Re: [Qemu-devel] [PATCH RFC 2/2] block: Warn on insecure format probing
On Thu, Oct 30, 2014 at 01:49:22PM +0100, Markus Armbruster wrote: Kevin Wolf kw...@redhat.com writes: Am 29.10.2014 um 14:54 hat Markus Armbruster geschrieben: Anthony tried something similar (commit 79368c8), but couldn't get it right (commit 8b33d9e). The discussion back then: http://patchwork.ozlabs.org/patch/58980/ The problem with Anthony's code was that he didn't handle a qiov correctly that had unaligned members. With today's block layer, this is not a big deal to implement correctly. We're running coroutines instead of AIO callbacks and we don't have to do all the manual qiov fixing magic that Anthony had in his patch, util/iov.c provides all you need. I'll send out an RFC series that implements this. I'm strongly opposed to this idea. Me too. Meddling with the guest is wrong and just adds a new problem! It is perfectly okay for backup appliances, nested virtualization, or disk management appliances to write image format headers to raw disks. I'm am 100% against trying to detect the guest writing image format headers to raw disks. Probing is not a guest problem. It is a QEMU problem. Fix QEMU, don't cripple the guest. Stefan pgpbO0t7U9yOz.pgp Description: PGP signature
Re: [Qemu-devel] [PULL 0/2] vnc patch queue
On 28 October 2014 10:59, Gerd Hoffmann kra...@redhat.com wrote: Hi, Here comes the vnc patch queue with two fixes. please pull, Gerd The following changes since commit 3e9418e160cd8901c83a3c88967158084f5b5c03: Revert main-loop.c: Handle SIGINT, SIGHUP and SIGTERM synchronously (2014-10-27 15:05:09 +) are available in the git repository at: git://git.kraxel.org/qemu tags/pull-vnc-20141028-1 for you to fetch changes up to 9d6b20704734fe1ab789400806ebd54f579d50a2: vnc: return directly if no vnc client connected (2014-10-28 11:51:04 +0100) vnc: return directly if no vnc client connected vnc: sanitize bits_per_pixel from the client (CVE-2014-7815) Applied, thanks. -- PMM
[Qemu-devel] [PATCH v7 00/16] KVM platform device passthrough
This RFC series aims at enabling KVM platform device passthrough. It implements a VFIO platform device, derived from VFIO PCI device. The VFIO platform device uses the host VFIO platform driver which must be bound to the assigned device prior to the QEMU system start. - the guest can directly access the device register space - assigned device IRQs are transparently routed to the guest by QEMU/KVM (3 methods currently are supported: user-level eventfd handling, irqfd, forwarded IRQs) - iommu is transparently programmed to prevent the device from accessing physical pages outside of the guest address space This patch series is made of the following patch file groups: 1-8) PCI modifications to prepare for platform device introduction 9-12) VFIO platform device without irqfd support 13) VFIO platform device with irqfd support 14-16) VFIO platform device with IRQ forwarding support Each group is independent and should be separately upstreamable. Dependency List: QEMU dependencies: [1] [PATCH v3 0/7] Dynamic sysbus device allocation support, Alex Graf http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04860.html [2] [PATCH v4] machvirt dynamic sysbus device instantiation, Eric Auger [3] [PATCH v3 0/2] actual checks of KVM_CAP_IRQFD and KVM_CAP_IRQFD_RESAMPLE, Eric Auger http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg00589.html [4] [PATCH v2] vfio: migration to trace points, Eric Auger https://patchwork.ozlabs.org/patch/394785/ Kernel Dependencies: [5] [PATCH v9 00/19] VFIO support for platform and AMBA devices on ARM http://comments.gmane.org/gmane.linux.kernel.iommu/7096 [6] [PATCH v3] ARM: KVM: add irqfd support, Eric Auger https://lkml.org/lkml/2014/9/1/141 [8] [RFC v2 0/9] KVM-VFIO IRQ forward control, Eric Auger https://lkml.org/lkml/2014/9/1/344 [9] [RFC PATCH 0/9] ARM: Forwarding physical interrupts to a guest VM, Marc Zyngier http://lwn.net/Articles/603514/ - kernel pieces can be found at: http://git.linaro.org/people/eric.auger/linux.git (branch 3.17rc7-v8) - QEMU pieces can be found at: http://git.linaro.org/people/eric.auger/qemu.git (branch vfio_integ_v7) The patch series was tested on Calxeda Midway (ARMv7) where one xgmac is assigned to KVM host while the second one is assigned to the guest. Reworked PCI device is not tested. Wiki for Calxeda Midway setup: https://wiki.linaro.org/LEG/Engineering/Virtualization/Platform_Device_Passthrough_on_Midway History: v6-v7: - fake injection test modality removed - VFIO_DEVICE_TYPE_PLATFORM only introduced with VFIO platform - new helper functions to start VFIO IRQ on machine init done notifier (introduced in hw/vfio/platform: add vfio-platform support and notifier registration invoked in hw/arm/virt: add support for VFIO devices). vfio_start_irq_injection is replaced by vfio_register_irq_starter. v5-v6: - rebase on 2.1rc5 PCI code - forwarded IRQ first integraton - vfio_device property renamed into host property - split IRQ setup in different functions that match the 3 supported injection techniques (user handled eventfd, irqfd, forwarded IRQ): removes dynamic switch between injection methods - introduce fake interrupts as a test modality: x makes possible to test multiple IRQ user-side handling. x this is a test feature only: enable to trigger a fd as if the real physical IRQ hit. No virtual IRQ is injected into the guest but handling is simulated so that the state machine can be tested - user handled eventfd: x add mutex to protect IRQ state list manipulation, x correct misleading comment in vfio_intp_interrupt. x Fix bugs using fake interrupt modality - irqfd no more advertised in this patchset (handled in [3]) - VFIOPlatformDeviceClass becomes abstract and Calxeda xgmac device and class is re-introduced (as per v4) - all DPRINTF removed in platform and replaced by trace-points - corrects compilation with configure --disable-kvm - simplifies the split for vfio_get_device and introduce a unique specialized function named vfio_populate_device - group_list renamed into vfio_group_list - hw/arm/dyn_sysbus_devtree.c currently only support vfio-calxeda-xgmac instantiation. Needs to be specialized for other VFIO devices - fix 2 bugs in dyn_sysbus_devtree(reg_attr index and compat) v4-v5: - rebase on v2.1.0 PCI code - take into account Alex Williamson comments on PCI code rework - trace updates in vfio_region_write/read - remove fd from VFIORegion - get/put ckeanup - bug fix: bar region's vbasedev field duly initialization - misc cleanups in platform device - device tree node generation removed from device and handled in hw/arm/dyn_sysbus_devtree.c - remove hw/vfio: add an example calxeda_xgmac: with removal of device tree node generation we do not have so many things to implement in that derived device yet. May be re-introduced later on if needed typically for reset/migration. - no GSI routing table anymore v3-v4 changes (Eric Auger,
[Qemu-devel] [PATCH v8 27/27] target-arm: add cpu feature EL3 to CPUs with Security Extensions
From: Fabian Aggeler aggel...@ethz.ch Set ARM_FEATURE_EL3 feature for CPUs that implement Security Extensions. Signed-off-by: Fabian Aggeler aggel...@ethz.ch Signed-off-by: Greg Bellows greg.bell...@linaro.org --- target-arm/cpu.c | 4 1 file changed, 4 insertions(+) diff --git a/target-arm/cpu.c b/target-arm/cpu.c index a711834..d76b47e 100644 --- a/target-arm/cpu.c +++ b/target-arm/cpu.c @@ -610,6 +610,7 @@ static void arm1176_initfn(Object *obj) set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS); set_feature(cpu-env, ARM_FEATURE_CACHE_DIRTY_REG); set_feature(cpu-env, ARM_FEATURE_CACHE_BLOCK_OPS); +set_feature(cpu-env, ARM_FEATURE_EL3); cpu-midr = 0x410fb767; cpu-reset_fpsid = 0x410120b5; cpu-mvfr0 = 0x; @@ -696,6 +697,7 @@ static void cortex_a8_initfn(Object *obj) set_feature(cpu-env, ARM_FEATURE_NEON); set_feature(cpu-env, ARM_FEATURE_THUMB2EE); set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS); +set_feature(cpu-env, ARM_FEATURE_EL3); cpu-midr = 0x410fc080; cpu-reset_fpsid = 0x410330c0; cpu-mvfr0 = 0x0222; @@ -763,6 +765,7 @@ static void cortex_a9_initfn(Object *obj) set_feature(cpu-env, ARM_FEATURE_VFP_FP16); set_feature(cpu-env, ARM_FEATURE_NEON); set_feature(cpu-env, ARM_FEATURE_THUMB2EE); +set_feature(cpu-env, ARM_FEATURE_EL3); /* Note that A9 supports the MP extensions even for * A9UP and single-core A9MP (which are both different * and valid configurations; we don't model A9UP). @@ -830,6 +833,7 @@ static void cortex_a15_initfn(Object *obj) set_feature(cpu-env, ARM_FEATURE_DUMMY_C15_REGS); set_feature(cpu-env, ARM_FEATURE_CBAR_RO); set_feature(cpu-env, ARM_FEATURE_LPAE); +set_feature(cpu-env, ARM_FEATURE_EL3); cpu-kvm_target = QEMU_KVM_ARM_TARGET_CORTEX_A15; cpu-midr = 0x412fc0f1; cpu-reset_fpsid = 0x410430f0; -- 1.8.3.2
[Qemu-devel] [PATCH 1/4] gtk: Grab accel_group from GtkDisplayState
Rather than needlessly pass it around
Signed-off-by: Cole Robinson crobi...@redhat.com
---
ui/gtk.c | 21 +
1 file changed, 9 insertions(+), 12 deletions(-)
diff --git a/ui/gtk.c b/ui/gtk.c
index a5f6869..97ac4c9 100644
--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -1605,13 +1605,13 @@ static void gd_connect_signals(GtkDisplayState *s)
G_CALLBACK(gd_change_page), s);
}
-static GtkWidget *gd_create_menu_machine(GtkDisplayState *s, GtkAccelGroup
*accel_group)
+static GtkWidget *gd_create_menu_machine(GtkDisplayState *s)
{
GtkWidget *machine_menu;
GtkWidget *separator;
machine_menu = gtk_menu_new();
-gtk_menu_set_accel_group(GTK_MENU(machine_menu), accel_group);
+gtk_menu_set_accel_group(GTK_MENU(machine_menu), s-accel_group);
s-pause_item = gtk_check_menu_item_new_with_mnemonic(_(_Pause));
gtk_menu_shell_append(GTK_MENU_SHELL(machine_menu), s-pause_item);
@@ -1692,7 +1692,7 @@ static GSList *gd_vc_gfx_init(GtkDisplayState *s,
VirtualConsole *vc,
return group;
}
-static GtkWidget *gd_create_menu_view(GtkDisplayState *s, GtkAccelGroup
*accel_group)
+static GtkWidget *gd_create_menu_view(GtkDisplayState *s)
{
GSList *group = NULL;
GtkWidget *view_menu;
@@ -1701,7 +1701,7 @@ static GtkWidget *gd_create_menu_view(GtkDisplayState *s,
GtkAccelGroup *accel_g
int vc;
view_menu = gtk_menu_new();
-gtk_menu_set_accel_group(GTK_MENU(view_menu), accel_group);
+gtk_menu_set_accel_group(GTK_MENU(view_menu), s-accel_group);
s-full_screen_item = gtk_menu_item_new_with_mnemonic(_(_Fullscreen));
gtk_menu_item_set_accel_path(GTK_MENU_ITEM(s-full_screen_item),
@@ -1783,11 +1783,9 @@ static GtkWidget *gd_create_menu_view(GtkDisplayState
*s, GtkAccelGroup *accel_g
static void gd_create_menus(GtkDisplayState *s)
{
-GtkAccelGroup *accel_group;
-
-accel_group = gtk_accel_group_new();
-s-machine_menu = gd_create_menu_machine(s, accel_group);
-s-view_menu = gd_create_menu_view(s, accel_group);
+s-accel_group = gtk_accel_group_new();
+s-machine_menu = gd_create_menu_machine(s);
+s-view_menu = gd_create_menu_view(s);
s-machine_menu_item = gtk_menu_item_new_with_mnemonic(_(_Machine));
gtk_menu_item_set_submenu(GTK_MENU_ITEM(s-machine_menu_item),
@@ -1798,9 +1796,8 @@ static void gd_create_menus(GtkDisplayState *s)
gtk_menu_item_set_submenu(GTK_MENU_ITEM(s-view_menu_item), s-view_menu);
gtk_menu_shell_append(GTK_MENU_SHELL(s-menu_bar), s-view_menu_item);
-g_object_set_data(G_OBJECT(s-window), accel_group, accel_group);
-gtk_window_add_accel_group(GTK_WINDOW(s-window), accel_group);
-s-accel_group = accel_group;
+g_object_set_data(G_OBJECT(s-window), accel_group, s-accel_group);
+gtk_window_add_accel_group(GTK_WINDOW(s-window), s-accel_group);
}
static void gd_set_keycode_type(GtkDisplayState *s)
--
2.1.0
Re: [Qemu-devel] [PATCH] Simple performance logging and network limiting based on trace option
On Thu, Oct 30, 2014 at 03:05:11PM +0100, harald Schieche wrote:
Missing commit description:
What problem are you trying to solve?
I want to log the storage (iops per second) and
network speed (packets and bandwidth per second)
QEMU offers the query-blockstats QMP command to poll I/O statistics for
block devices.
Nowadays a lot of KVM users bypass the QEMU network subsystem and use
the vhost-net Linux host kernel module instead. That is the
highest-performance and most actively developed networking path. Are
you sure you don't want to use vhost-net?
I want to limit the network traffic to a specific bandwidth.
You can use the host kernel's firewall or traffic shaping features to do
that when using a tap device (most common production configuration).
For example, libvirt offers this feature and uses tc under the hood.
It is simplest to have unconditional trace events and calculate
latencies during trace file analysis. That way no arbitrary constants
like 1 second are hard-coded into QEMU.
We already have an unconditional trace event (paio_submit) but maybe there
are too many calls of it.
If you add the BlockDriverState *bs pointer to the paio_submit call,
then you can distinguish between drives.
However, tracing is not mean as a stable interface for building other
features. Trace events can change and are mainly used for interactive
or ad-hoc instrumentation.
If you build a tool on top of trace events, be prepared to actively
maintain it as the set of trace events evolves over time. It's not a
stable ABI.
diff --git a/net/queue.c b/net/queue.c
index f948318..2b0fef7 100644
--- a/net/queue.c
+++ b/net/queue.c
@@ -23,7 +23,9 @@
#include net/queue.h
#include qemu/queue.h
+#include qemu/timer.h
#include net/net.h
+#include trace.h
/* The delivery handler may only return zero if it will call
* qemu_net_queue_flush() when it determines that it is once again able
@@ -58,6 +60,15 @@ struct NetQueue {
unsigned delivering : 1;
};
+static int64_t bandwidth_limit; /* maximum number of bits per second
*/
Throttling should be per-device, not global.
Maybe this would be better. But this patch should be most simple.
Everything in the network subsystem is per-NetClientState. It doesn't
make sense to introduce global state just because it's easier.
+static int64_t limit_network_performance(int64_t start_clock,
+ int64_t bytes)
+{
+int64_t clock = get_clock();
+int64_t sleep_usecs = 0;
+if (bandwidth_limit 0) {
+sleep_usecs = (bytes * 8 * 100LL) / bandwidth_limit -
+ (clock - start_clock) / 1000LL;
+}
+if (sleep_usecs 0) {
+usleep(sleep_usecs);
This does more than limit the network performance, it can also freeze
the guest.
QEMU is event-driven. The event loop thread is not allowed to block or
sleep - otherwise the vcpu threads will block when they try to acquire
the QEMU global mutex.
Yes, it freezes the guest. That's not fine, but simple.
I won't merge this approach.
pgpDtTgkfyPaQ.pgp
Description: PGP signature
[Qemu-devel] [Bug 1387881] Re: qemu fails to recognize full virtualization
This is a package dependency issue and not a kernel issue. Once davidpbritton installed 'qemu-kvm' he was able to install using virt- install just fine. So overall either the packages davidpbritton was installing weren't sufficient to use qemu with KVM, or we have a dependency problem in the Ubuntu packaging. ** Changed in: linux (Ubuntu) Status: Incomplete = Invalid -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1387881 Title: qemu fails to recognize full virtualization Status in QEMU: New Status in “linux” package in Ubuntu: Invalid Status in “qemu” package in Ubuntu: New Bug description: System: 14.04 qemu - 2.0.0+dfsg-2ubuntu1.6 virtinst 0.600.4-3ubuntu2 Command: virt-install --name juju-bootstrap --ram=2048 --vcpus=1 --hvm \ --virt-type=kvm --pxe --boot network,hd --os-variant=ubuntutrusty \ --graphics vnc --noautoconsole --os-type=linux --accelerate \ --disk=/var/lib/libvirt/images/juju-bootstrap.qcow2,bus=virtio,format=qcow2,cache=none,sparse=true,size=20 \ --network=bridge=br0,model=virtio Error: ERROR Host does not support virtualization type 'hvm' Diagnostics: $ sudo kvm -vnc :1 -monitor stdio [sudo] password for cscloud: QEMU 2.0.0 monitor - type 'help' for more information (qemu) KVM internal error. Suberror: 1 emulation failure EAX= EBX=4001 ECX=0030 EDX=0cfd ESI= EDI= EBP= ESP=6fcc EIP=0fedb30c EFL=0002 [---] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0010 00409300 DPL=0 DS [-WA] CS =0008 00c09a00 DPL=0 CS32 [-R-] SS =0010 00409200 DPL=0 DS [-W-] DS =0010 00409300 DPL=0 DS [-WA] FS =0010 00c09300 DPL=0 DS [-WA] GS =0010 00c09300 DPL=0 DS [-WA] LDT= 8200 DPL=0 LDT TR = 8b00 DPL=0 TSS32-busy GDT= 000f6688 0037 IDT= 000f66c6 CR0=6011 CR2= CR3= CR4= DR0= DR1= DR2= DR3= DR6=0ff0 DR7=0400 EFER= Code=00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 info kvm kvm support: enabled (qemu) lsmod|grep kvm kvm_intel 143109 0 kvm 451552 1 kvm_intel $ dmesg|grep -i kvm [5.722167] kvm: Nested Virtualization enabled [5.722190] kvm: Nested Paging enabled --- I haven't been able to get much out of libvirt as the kvm instance never starts. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1387881/+subscriptions
[Qemu-devel] [PATCH v8 14/27] target-arm: respect SCR.FW, SCR.AW and SCTLR.NMFI
From: Fabian Aggeler aggel...@ethz.ch
bits when modifying CPSR.
Signed-off-by: Fabian Aggeler aggel...@ethz.ch
Signed-off-by: Greg Bellows greg.bell...@linaro.org
---
v7 - v8
- Fixed incorrect use of env-uncached_cpsr A/I/F to use env-daif instead.
- Removed incorrect statement about SPSR to CPSR copies being affected by
SCR.AW/FW.
- Fix typo in comment.
- Simpified cpsr_write logic
v3 - v4
- Fixed up conditions for ignoring CPSR.A/F updates by isolating to v7 and
checking for the existence of EL3 and non-existence of EL2.
---
target-arm/helper.c | 47 ---
1 file changed, 44 insertions(+), 3 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 466459b..03e6b62 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -3666,9 +3666,6 @@ void cpsr_write(CPUARMState *env, uint32_t val, uint32_t
mask)
env-GE = (val 16) 0xf;
}
-env-daif = ~(CPSR_AIF mask);
-env-daif |= val CPSR_AIF mask;
-
if ((env-uncached_cpsr ^ val) mask CPSR_M) {
if (bad_mode_switch(env, val CPSR_M)) {
/* Attempt to switch to an invalid mode: this is UNPREDICTABLE.
@@ -3680,6 +3677,50 @@ void cpsr_write(CPUARMState *env, uint32_t val, uint32_t
mask)
switch_mode(env, val CPSR_M);
}
}
+
+/* In a V7 implementation that includes the security extensions but does
+ * not include Virtualization Extensions the SCR.FW and SCR.AW bits control
+ * whether non-secure software is allowed to change the CPSR_F and CPSR_A
+ * bits respectively.
+ *
+ * In a V8 implementation, it is permitted for privileged software to
+ * change the CPSR A/F bits regardless of the SCR.AW/FW bits.
+ */
+if (!arm_feature(env, ARM_FEATURE_V8)
+arm_feature(env, ARM_FEATURE_EL3)
+!arm_feature(env, ARM_FEATURE_EL2)
+!arm_is_secure(env)) {
+if (!(env-cp15.scr_el3 SCR_AW)) {
+qemu_log_mask(LOG_GUEST_ERROR,
+ Ignoring attempt to switch CPSR_A flag from
+ non-secure world with SCR.AW bit clear\n);
+mask = ~CPSR_A;
+}
+
+if (!(env-cp15.scr_el3 SCR_FW)) {
+qemu_log_mask(LOG_GUEST_ERROR,
+ Ignoring attempt to switch CPSR_F flag from
+ non-secure world with SCR.FW bit clear\n);
+mask = ~CPSR_F;
+}
+
+/* Check whether non-maskable FIQ (NMFI) support is enabled.
+ * If this bit is set software is not allowed to mask
+ * FIQs, but is allowed to set CPSR_F to 0.
+ */
+if ((A32_BANKED_CURRENT_REG_GET(env, sctlr) SCTLR_NMFI)
+(val CPSR_F)) {
+qemu_log_mask(LOG_GUEST_ERROR,
+ Ignoring attempt to enable CPSR_F flag
+ (non-maskable FIQ [NMFI] support
+ enabled)\n);
+mask = ~CPSR_F;
+}
+}
+
+env-daif = ~(CPSR_AIF mask);
+env-daif |= val CPSR_AIF mask;
+
mask = ~CACHED_CPSR_BITS;
env-uncached_cpsr = (env-uncached_cpsr ~mask) | (val mask);
}
--
1.8.3.2
Re: [Qemu-devel] [PULL 0/2] Xen tree 2014-10-30
On 30 October 2014 14:21, Stefano Stabellini stefano.stabell...@eu.citrix.com wrote: The following changes since commit cbd5ac699173b684e678d66df3aea33df81fd89f: virtio: link the rng backend through an alias property (2014-10-30 12:59:27 +) are available in the git repository at: git://xenbits.xen.org/people/sstabellini/qemu-dm.git xen-2014-10-30 for you to fetch changes up to d4f9e806c20607cafe7bb0d9eba14ccb160390a1: fix off-by-one error in pci_piix3_xen_ide_unplug (2014-10-30 14:16:39 +) Applied, thanks. -- PMM
[Qemu-devel] [PATCH RESEND] vfio: migration to trace points
This patch removes all DPRINTF and replace them by trace points.
A few DPRINTF used in error cases were transformed into error_report.
Signed-off-by: Eric Auger eric.au...@linaro.org
---
- __func__ is removed since trace point name does the same job
- HWADDR_PRIx were replaced by PRIx64
- this transformation just is tested compiled on PCI.
qemu configured with --enable-trace-backends=stderr
- in future, format strings and calls may be simplified by using a single
name argument instead of domain, bus, slot, function.
v1 (RFC) - v2 (PATCH):
- restore original format strings since parsing now is OK after
commit f9bbba9,
[PATCH v2] trace: tighten up trace-events regex to fix bad parse
---
hw/misc/vfio.c | 403 +
trace-events | 75 ++-
2 files changed, 280 insertions(+), 198 deletions(-)
diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c
index 75bfa1c..cdf4922 100644
--- a/hw/misc/vfio.c
+++ b/hw/misc/vfio.c
@@ -40,15 +40,7 @@
#include sysemu/kvm.h
#include sysemu/sysemu.h
#include hw/misc/vfio.h
-
-/* #define DEBUG_VFIO */
-#ifdef DEBUG_VFIO
-#define DPRINTF(fmt, ...) \
-do { fprintf(stderr, vfio: fmt, ## __VA_ARGS__); } while (0)
-#else
-#define DPRINTF(fmt, ...) \
-do { } while (0)
-#endif
+#include trace.h
/* Extra debugging, trap acceleration paths for more logging */
#define VFIO_ALLOW_MMAP 1
@@ -365,9 +357,9 @@ static void vfio_intx_interrupt(void *opaque)
return;
}
-DPRINTF(%s(%04x:%02x:%02x.%x) Pin %c\n, __func__, vdev-host.domain,
-vdev-host.bus, vdev-host.slot, vdev-host.function,
-'A' + vdev-intx.pin);
+trace_vfio_intx_interrupt(vdev-host.domain, vdev-host.bus,
+ vdev-host.slot, vdev-host.function,
+ 'A' + vdev-intx.pin);
vdev-intx.pending = true;
pci_irq_assert(vdev-pdev);
@@ -384,8 +376,8 @@ static void vfio_eoi(VFIODevice *vdev)
return;
}
-DPRINTF(%s(%04x:%02x:%02x.%x) EOI\n, __func__, vdev-host.domain,
-vdev-host.bus, vdev-host.slot, vdev-host.function);
+trace_vfio_eoi(vdev-host.domain, vdev-host.bus,
+ vdev-host.slot, vdev-host.function);
vdev-intx.pending = false;
pci_irq_deassert(vdev-pdev);
@@ -454,9 +446,8 @@ static void vfio_enable_intx_kvm(VFIODevice *vdev)
vdev-intx.kvm_accel = true;
-DPRINTF(%s(%04x:%02x:%02x.%x) KVM INTx accel enabled\n,
-__func__, vdev-host.domain, vdev-host.bus,
-vdev-host.slot, vdev-host.function);
+trace_vfio_enable_intx_kvm(vdev-host.domain, vdev-host.bus,
+ vdev-host.slot, vdev-host.function);
return;
@@ -508,9 +499,8 @@ static void vfio_disable_intx_kvm(VFIODevice *vdev)
/* If we've missed an event, let it re-fire through QEMU */
vfio_unmask_intx(vdev);
-DPRINTF(%s(%04x:%02x:%02x.%x) KVM INTx accel disabled\n,
-__func__, vdev-host.domain, vdev-host.bus,
-vdev-host.slot, vdev-host.function);
+trace_vfio_disable_intx_kvm(vdev-host.domain, vdev-host.bus,
+vdev-host.slot, vdev-host.function);
#endif
}
@@ -529,9 +519,9 @@ static void vfio_update_irq(PCIDevice *pdev)
return; /* Nothing changed */
}
-DPRINTF(%s(%04x:%02x:%02x.%x) IRQ moved %d - %d\n, __func__,
-vdev-host.domain, vdev-host.bus, vdev-host.slot,
-vdev-host.function, vdev-intx.route.irq, route.irq);
+trace_vfio_update_irq(vdev-host.domain, vdev-host.bus,
+ vdev-host.slot, vdev-host.function,
+ vdev-intx.route.irq, route.irq);
vfio_disable_intx_kvm(vdev);
@@ -606,8 +596,8 @@ static int vfio_enable_intx(VFIODevice *vdev)
vdev-interrupt = VFIO_INT_INTx;
-DPRINTF(%s(%04x:%02x:%02x.%x)\n, __func__, vdev-host.domain,
-vdev-host.bus, vdev-host.slot, vdev-host.function);
+trace_vfio_enable_intx(vdev-host.domain, vdev-host.bus,
+ vdev-host.slot, vdev-host.function);
return 0;
}
@@ -629,8 +619,8 @@ static void vfio_disable_intx(VFIODevice *vdev)
vdev-interrupt = VFIO_INT_NONE;
-DPRINTF(%s(%04x:%02x:%02x.%x)\n, __func__, vdev-host.domain,
-vdev-host.bus, vdev-host.slot, vdev-host.function);
+trace_vfio_disable_intx(vdev-host.domain, vdev-host.bus,
+vdev-host.slot, vdev-host.function);
}
/*
@@ -657,9 +647,9 @@ static void vfio_msi_interrupt(void *opaque)
abort();
}
-DPRINTF(%s(%04x:%02x:%02x.%x) vector %d 0x%PRIx64/0x%x\n, __func__,
-vdev-host.domain, vdev-host.bus, vdev-host.slot,
-vdev-host.function, nr, msg.address, msg.data);
+trace_vfio_msi_interrupt(vdev-host.domain, vdev-host.bus,
+ vdev-host.slot, vdev-host.function,
+ nr, msg.address, msg.data);
[Qemu-devel] [PATCH v8 07/27] target-arm: insert AArch32 cpregs twice into hashtable
From: Fabian Aggeler aggel...@ethz.ch
Prepare for cp register banking by inserting every cp register twice,
once for secure world and once for non-secure world.
Signed-off-by: Fabian Aggeler aggel...@ethz.ch
Signed-off-by: Greg Bellows greg.bell...@linaro.org
---
v7 - v8
- Updated define registers asserts to allow either a non-zero fieldoffset or
non-zero bank_fieldoffsets.
- Updated CP register hashing to always set the register fieldoffset when
banked register offsets are specified.
v5 - v6
- Fixed NS-bit number in the CPREG hash lookup from 27 to 29.
- Switched to dedicated CPREG secure flags.
- Fixed disablement of reset and migration of common 32/64-bit registers.
- Globally replace Aarch# with AArch#
v4 - v5
- Added use of ARM CP secure/non-secure bank flags during register processing
in define_one_arm_cp_reg_with_opaque(). We now only register the specified
bank if only one flag is specified, otherwise we register both a secure and
non-secure instance.
---
target-arm/helper.c | 98 -
1 file changed, 82 insertions(+), 16 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 959a46e..c1c6303 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -3296,22 +3296,62 @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const
ARMCPRegInfo *r,
uint32_t *key = g_new(uint32_t, 1);
ARMCPRegInfo *r2 = g_memdup(r, sizeof(ARMCPRegInfo));
int is64 = (r-type ARM_CP_64BIT) ? 1 : 0;
-if (r-state == ARM_CP_STATE_BOTH state == ARM_CP_STATE_AA32) {
-/* The AArch32 view of a shared register sees the lower 32 bits
- * of a 64 bit backing field. It is not migratable as the AArch64
- * view handles that. AArch64 also handles reset.
- * We assume it is a cp15 register if the .cp field is left unset.
+
+if (r-bank_fieldoffsets[0] r-bank_fieldoffsets[1]) {
+/* Register is banked (using both entries in array).
+ * Overwriting fieldoffset as the array is only used to define
+ * banked registers but later only fieldoffset is used.
*/
-if (r2-cp == 0) {
-r2-cp = 15;
+r2-fieldoffset = r-bank_fieldoffsets[nsbit];
+}
+
+if (state == ARM_CP_STATE_AA32) {
+/* Clear the secure state flags and set based on incoming nsbit */
+r2-secure = ~(ARM_CP_SECSTATE_S | ARM_CP_SECSTATE_NS);
+r2-secure |= ARM_CP_SECSTATE_S nsbit;
+
+if (r-bank_fieldoffsets[0] r-bank_fieldoffsets[1]) {
+/* If the register is banked and V8 is enabled then we don't need
+ * to migrate or reset the AArch32 version of the banked
+ * registers as this will be handled through the AArch64 view.
+ * If v7 then we don't need to migrate or reset the AArch32
+ * non-secure bank as this will be handled through the AArch64
+ * view. In this case the secure bank is not mirrored, so we must
+ * preserve it's reset criteria and allow it to be migrated.
+ *
+ * The exception to the above is cpregs with a crn of 13
+ * (specifically FCSEIDR and CONTEXTIDR) in which case there may
+ * not be an AArch64 equivalent for one or either bank so migration
+ * and reset must be preserved.
+ */
+if (r-state == ARM_CP_STATE_BOTH) {
+if ((arm_feature(cpu-env, ARM_FEATURE_V8) r-crn != 13) ||
+nsbit) {
+r2-type |= ARM_CP_NO_MIGRATE;
+r2-resetfn = arm_cp_reset_ignore;
+}
+}
+} else if (!nsbit) {
+/* The register is not banked so we only want to allow migration of
+ * the non-secure instance.
+ */
+r2-type |= ARM_CP_NO_MIGRATE;
+r2-resetfn = arm_cp_reset_ignore;
}
-r2-type |= ARM_CP_NO_MIGRATE;
-r2-resetfn = arm_cp_reset_ignore;
+
+if (r-state == ARM_CP_STATE_BOTH) {
+/* We assume it is a cp15 register if the .cp field is left unset.
+ */
+if (r2-cp == 0) {
+r2-cp = 15;
+}
+
#ifdef HOST_WORDS_BIGENDIAN
-if (r2-fieldoffset) {
-r2-fieldoffset += sizeof(uint32_t);
-}
+if (r2-fieldoffset) {
+r2-fieldoffset += sizeof(uint32_t);
+}
#endif
+}
}
if (state == ARM_CP_STATE_AA64) {
/* To allow abbreviation of ARMCPRegInfo
@@ -3460,10 +3500,14 @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
*/
if (!(r-type (ARM_CP_SPECIAL|ARM_CP_CONST))) {
if (r-access PL3_R) {
-assert(r-fieldoffset || r-readfn);
+assert((r-fieldoffset ||
+ (r-bank_fieldoffsets[0] r-bank_fieldoffsets[1])) ||
+ r-readfn);
}
if (r-access PL3_W) {
-
Re: [Qemu-devel] [PULL 0/5] usb patch queue.
On 28 October 2014 10:50, Gerd Hoffmann kra...@redhat.com wrote: Hi, Here is the usb patch queue, with some libcacard fixes, a uhci cleanup and a new property for xhci. please pull, Gerd The following changes since commit 3e9418e160cd8901c83a3c88967158084f5b5c03: Revert main-loop.c: Handle SIGINT, SIGHUP and SIGTERM synchronously (2014-10-27 15:05:09 +) are available in the git repository at: git://git.kraxel.org/qemu tags/pull-usb-20141028-1 for you to fetch changes up to a65e4ef90f0fb437b8e74e250a6f94aa4ecfa25c: uhci: remove useless DEBUG (2014-10-28 11:38:18 +0100) Fixes for libcacard (usb smartcard emulation), xhci and uhci. Applied, thanks. -- PMM
Re: [Qemu-devel] [PATCH v8 18/27] target-arm: make c2_mask and c2_base_mask banked
On 30 October 2014 21:28, Greg Bellows greg.bell...@linaro.org wrote:
From: Fabian Aggeler aggel...@ethz.ch
Since TTBCR is banked we will bank c2_mask and c2_base_mask too. This
avoids recalculating them on switches from secure to non-secure world.
These fields are part of our TTBCR internal representation; we
should bank the whole TTBCR in one patch, not split over two.
Signed-off-by: Fabian Aggeler aggel...@ethz.ch
Signed-off-by: Greg Bellows greg.bell...@linaro.org
---
v5 - v6
- Switch to use distinct CPREG secure flags
v4 - v5
- Changed c2_mask updates to use the TTBCR cpreg bank flag for selcting the
secure bank instead of the A32_BANKED_CURRENT macro. This more accurately
chooses the correct bank matching that of the TTBCR being accessed.
---
target-arm/cpu.h| 10 --
target-arm/helper.c | 24 ++--
2 files changed, 26 insertions(+), 8 deletions(-)
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index f125bdd..6e9f1c3 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -226,8 +226,14 @@ typedef struct CPUARMState {
};
uint64_t tcr_el[4];
};
-uint32_t c2_mask; /* MMU translation table base selection mask. */
-uint32_t c2_base_mask; /* MMU translation table base 0 mask. */
+struct { /* MMU translation table base selection mask. */
+uint32_t c2_mask_ns;
+uint32_t c2_mask_s;
+};
+struct { /* MMU translation table base 0 mask. */
+uint32_t c2_base_mask_ns;
+uint32_t c2_base_mask_s;
+};
I think we should actually have:
typedef struct {
uint64_t raw_ttbcr;
uint32_t mask;
uint32_t base_mask;
} TTBCR;
and then have TTBCR ttbcr[2];
and not use the BANKED_REG_SET/GET macros here...
uint32_t c2_data; /* MPU data cachable bits. */
uint32_t c2_insn; /* MPU instruction cachable bits. */
uint32_t c3; /* MMU domain access control register
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 896b40d..27eaf9c 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -1584,8 +1584,14 @@ static void vmsa_ttbcr_raw_write(CPUARMState *env,
const ARMCPRegInfo *ri,
* and the c2_mask and c2_base_mask values are meaningless.
*/
raw_write(env, ri, value);
-env-cp15.c2_mask = ~(((uint32_t)0xu) maskshift);
-env-cp15.c2_base_mask = ~((uint32_t)0x3fffu maskshift);
+
+/* Update the masks corresponding to the the TTBCR bank being written */
+A32_BANKED_REG_SET(env, c2_mask,
+ ARM_CP_SECSTATE_TEST(ri, ARM_CP_SECSTATE_S),
+ ~(((uint32_t)0xu) maskshift));
+A32_BANKED_REG_SET(env, c2_base_mask,
+ ARM_CP_SECSTATE_TEST(ri, ARM_CP_SECSTATE_S),
+ ~((uint32_t)0x3fffu maskshift));
... so this turns into:
TTBCR t = env-cp15.ttbcr[ri-secure];
t-raw_ttbcr = value;
t-mask = ~(((uint32_t)0xu) maskshift);
t-base_mask = ~((uint32_t)0x3fffu maskshift);
(XXX did we make ri-secure be a 0/1 or is it 1/2 ? anyway you get the idea.)
}
static void vmsa_ttbcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -1604,9 +1610,15 @@ static void vmsa_ttbcr_write(CPUARMState *env, const
ARMCPRegInfo *ri,
static void vmsa_ttbcr_reset(CPUARMState *env, const ARMCPRegInfo *ri)
{
-env-cp15.c2_base_mask = 0xc000u;
+/* Rest both the TTBCR as well as the masks corresponding to the bank of
+ * the TTBCR being reset.
+ */
+A32_BANKED_REG_SET(env, c2_base_mask,
+ ARM_CP_SECSTATE_TEST(ri, ARM_CP_SECSTATE_S),
+ 0xc000u);
+A32_BANKED_REG_SET(env, c2_mask,
+ ARM_CP_SECSTATE_TEST(ri, ARM_CP_SECSTATE_S), 0);
raw_write(env, ri, 0);
-env-cp15.c2_mask = 0;
Similarly this will be much cleaner.
}
static void vmsa_tcr_el1_write(CPUARMState *env, const ARMCPRegInfo *ri,
@@ -4440,7 +4452,7 @@ static bool get_level1_table_address(CPUARMState *env,
uint32_t *table,
* AArch32 there is a secure and non-secure instance of the translation
* table registers.
*/
-if (address env-cp15.c2_mask) {
+if (address A32_BANKED_CURRENT_REG_GET(env, c2_mask)) {
if (A32_BANKED_CURRENT_REG_GET(env, ttbcr) TTBCR_PD1) {
/* Translation table walk disabled for TTBR1 */
return false;
@@ -4452,7 +4464,7 @@ static bool get_level1_table_address(CPUARMState *env,
uint32_t *table,
return false;
}
*table = A32_BANKED_CURRENT_REG_GET(env, ttbr0)
- env-cp15.c2_base_mask;
+ A32_BANKED_CURRENT_REG_GET(env, c2_base_mask);
}
and again here you can get a pointer to the correct TTBCR
struct and just reference it.
*table |= (address 18) 0x3ffc;
[Qemu-devel] [PATCH v3 1/2] KVM_CAP_IRQFD and KVM_CAP_IRQFD_RESAMPLE checks
Compute kvm_irqfds_allowed by checking the KVM_CAP_IRQFD extension.
Remove direct settings in architecture specific files.
Add a new kvm_resamplefds_allowed variable, initialized by
checking the KVM_CAP_IRQFD_RESAMPLE extension. Add a corresponding
kvm_resamplefds_enabled() function.
A special notice for s390 where KVM_CAP_IRQFD was not immediatly
advirtised when irqfd capability was introduced in the kernel.
KVM_CAP_IRQ_ROUTING was advertised instead.
This was fixed in KVM: s390: announce irqfd capability,
ebc3226202d5956a5963185222982d435378b899 whereas irqfd support
was brought in 84223598778ba08041f4297fda485df83414d57e,
KVM: s390: irq routing for adapter interrupts. Both commits
first appear in 3.15 so there should not be any kernel
version impacted by this QEMU modification.
Signed-off-by: Eric Auger eric.au...@linaro.org
---
v2-v3:
- changed the commit message only
---
hw/intc/openpic_kvm.c | 1 -
hw/intc/xics_kvm.c| 1 -
include/sysemu/kvm.h | 10 ++
kvm-all.c | 7 +++
target-i386/kvm.c | 1 -
target-s390x/kvm.c| 1 -
6 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/hw/intc/openpic_kvm.c b/hw/intc/openpic_kvm.c
index e3bce04..6cef3b1 100644
--- a/hw/intc/openpic_kvm.c
+++ b/hw/intc/openpic_kvm.c
@@ -229,7 +229,6 @@ static void kvm_openpic_realize(DeviceState *dev, Error
**errp)
kvm_irqchip_add_irq_route(kvm_state, i, 0, i);
}
-kvm_irqfds_allowed = true;
kvm_msi_via_irqfd_allowed = true;
kvm_gsi_routing_allowed = true;
diff --git a/hw/intc/xics_kvm.c b/hw/intc/xics_kvm.c
index 20b19e9..c15453f 100644
--- a/hw/intc/xics_kvm.c
+++ b/hw/intc/xics_kvm.c
@@ -448,7 +448,6 @@ static void xics_kvm_realize(DeviceState *dev, Error **errp)
}
kvm_kernel_irqchip = true;
-kvm_irqfds_allowed = true;
kvm_msi_via_irqfd_allowed = true;
kvm_gsi_direct_mapping = true;
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index b0cd657..a23ddab 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -45,6 +45,7 @@ extern bool kvm_async_interrupts_allowed;
extern bool kvm_halt_in_kernel_allowed;
extern bool kvm_eventfds_allowed;
extern bool kvm_irqfds_allowed;
+extern bool kvm_resamplefds_allowed;
extern bool kvm_msi_via_irqfd_allowed;
extern bool kvm_gsi_routing_allowed;
extern bool kvm_gsi_direct_mapping;
@@ -102,6 +103,15 @@ extern bool kvm_readonly_mem_allowed;
#define kvm_irqfds_enabled() (kvm_irqfds_allowed)
/**
+ * kvm_resamplefds_enabled:
+ *
+ * Returns: true if we can use resamplefds to inject interrupts into
+ * a KVM CPU (ie the kernel supports resamplefds and we are running
+ * with a configuration where it is meaningful to use them).
+ */
+#define kvm_resamplefds_enabled() (kvm_resamplefds_allowed)
+
+/**
* kvm_msi_via_irqfd_enabled:
*
* Returns: true if we can route a PCI MSI (Message Signaled Interrupt)
diff --git a/kvm-all.c b/kvm-all.c
index 44a5e72..0a3139f 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -120,6 +120,7 @@ bool kvm_async_interrupts_allowed;
bool kvm_halt_in_kernel_allowed;
bool kvm_eventfds_allowed;
bool kvm_irqfds_allowed;
+bool kvm_resamplefds_allowed;
bool kvm_msi_via_irqfd_allowed;
bool kvm_gsi_routing_allowed;
bool kvm_gsi_direct_mapping;
@@ -1566,6 +1567,12 @@ static int kvm_init(MachineState *ms)
kvm_eventfds_allowed =
(kvm_check_extension(s, KVM_CAP_IOEVENTFD) 0);
+kvm_irqfds_allowed =
+(kvm_check_extension(s, KVM_CAP_IRQFD) 0);
+
+kvm_resamplefds_allowed =
+(kvm_check_extension(s, KVM_CAP_IRQFD_RESAMPLE) 0);
+
ret = kvm_arch_init(s);
if (ret 0) {
goto err;
diff --git a/target-i386/kvm.c b/target-i386/kvm.c
index ccf36e8..3a3dfc4 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
@@ -2563,7 +2563,6 @@ void kvm_arch_init_irq_routing(KVMState *s)
* irqchip, so we can use irqfds, and on x86 we know
* we can use msi via irqfd and GSI routing.
*/
-kvm_irqfds_allowed = true;
kvm_msi_via_irqfd_allowed = true;
kvm_gsi_routing_allowed = true;
}
diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index 5b10a25..9ae1958 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -1294,7 +1294,6 @@ void kvm_arch_init_irq_routing(KVMState *s)
* have to override the common code kvm_halt_in_kernel_allowed setting.
*/
if (kvm_check_extension(s, KVM_CAP_IRQ_ROUTING)) {
-kvm_irqfds_allowed = true;
kvm_gsi_routing_allowed = true;
kvm_halt_in_kernel_allowed = false;
}
--
1.8.3.2
Re: [Qemu-devel] [PATCH 3/4] raw: Prohibit dangerous writes for probed images
Am 30.10.2014 um 15:27 hat Eric Blake geschrieben:
On 10/30/2014 06:26 AM, Kevin Wolf wrote:
The other differences of this patch to the old one are that it doesn't
silently write something different than the guest requested by zeroing
out some bytes (it fails the request instead) and that it doesn't
maintain a list of signatures in the raw driver (it calls the usual
probe function instead).
Signed-off-by: Kevin Wolf kw...@redhat.com
---
block.c | 5 +++--
+
+drv = bdrv_probe_all(buf, 512, NULL);
+if (drv != bs-drv) {
+ret = -EPERM;
+goto fail;
+}
So, what happens when this returns -EPERM? If the guest is configured
to halt on write errors, does this halt the guest and send an event to
management? How does it compare to the case of halting on ENOSPACE? Is
this particular failure mode something that the host should be able to
easily distinguish from other failure modes?
This -EPERM is returned the same way as error that come directly from
the kernel, so the usual werror/rerror rules apply. It can easily be
distinguished from ENOSPC (nospace=false in the QMP event,
io-status=failed in BlockInfo for query-block), but it looks the same as
a regular I/O error.
But I definitely like that you only do this failure on probed images,
and that a user that requests an explicit raw format will never trip up.
Right, a management tool should always be passing the format explicitly
and shouldn't need to deal with this error case at all.
Kevin
pgpjNbC4kmbU3.pgp
Description: PGP signature
Re: [Qemu-devel] [PATCH v8 12/27] target-arm: add MVBAR support
On 30 October 2014 21:28, Greg Bellows greg.bell...@linaro.org wrote: From: Fabian Aggeler aggel...@ethz.ch Use MVBAR register as exception vector base address for exceptions taken to CPU monitor mode. Signed-off-by: Sergey Fedorov s.fedo...@samsung.com Signed-off-by: Fabian Aggeler aggel...@ethz.ch Signed-off-by: Greg Bellows greg.bell...@linaro.org If you put the cp/opc fields in the right order, then Reviewed-by: Peter Maydell peter.mayd...@linaro.org (I shan't mention field ordering again but you can assume it applies to all the other patches in this series too.) thanks -- PMM
[Qemu-devel] [PATCH] target-i386: Remove unused model_features_t struct
The struct is not used anymore and can be removed.
Signed-off-by: Eduardo Habkost ehabk...@redhat.com
---
target-i386/cpu.c | 8
1 file changed, 8 deletions(-)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index e194601..e4ccee1 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -442,14 +442,6 @@ const char *get_register_name_32(unsigned int reg)
return x86_reg_info_32[reg].name;
}
-/* collects per-function cpuid data
- */
-typedef struct model_features_t {
-uint32_t *guest_feat;
-uint32_t *host_feat;
-FeatureWord feat_word;
-} model_features_t;
-
/* KVM-specific features that are automatically added to all CPU models
* when KVM is enabled.
*/
--
1.9.3
[Qemu-devel] [PATCH v7 03/16] hw/vfio/pci: introduce VFIODevice
Introduce the VFIODevice struct that is going to be shared by
VFIOPCIDevice and VFIOPlatformDevice.
Additional fields will be added there later on for review
convenience.
the group's device_list becomes a list of VFIODevice
This obliges to rework the reset_handler which becomes generic and
calls VFIODevice ops that are specialized in each parent object.
Also functions that iterate on this list must take care that the
devices can be something else than VFIOPCIDevice. The type is used
to discriminate them.
we profit from this step to change the prototype of
vfio_unmask_intx, vfio_mask_intx, vfio_disable_irqindex which now
apply to VFIODevice. They are renamed as *_irqindex.
The index is passed as parameter to anticipate their usage for
platform IRQs
Signed-off-by: Eric Auger eric.au...@linaro.org
---
v4-v5:
- fix style issues
- in vfio_initfn, rework allocation of vdev-vbasedev.name and
replace snprintf by g_strdup_printf
---
hw/vfio/pci.c | 241 +++---
1 file changed, 147 insertions(+), 94 deletions(-)
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 93181bf..0531744 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -48,6 +48,11 @@
#define VFIO_ALLOW_KVM_MSI 1
#define VFIO_ALLOW_KVM_MSIX 1
+enum {
+VFIO_DEVICE_TYPE_PCI = 0,
+VFIO_DEVICE_TYPE_PLATFORM = 1,
+};
+
struct VFIOPCIDevice;
typedef struct VFIOQuirk {
@@ -185,9 +190,27 @@ typedef struct VFIOMSIXInfo {
void *mmap;
} VFIOMSIXInfo;
+typedef struct VFIODeviceOps VFIODeviceOps;
+
+typedef struct VFIODevice {
+QLIST_ENTRY(VFIODevice) next;
+struct VFIOGroup *group;
+char *name;
+int fd;
+int type;
+bool reset_works;
+bool needs_reset;
+VFIODeviceOps *ops;
+} VFIODevice;
+
+struct VFIODeviceOps {
+bool (*vfio_compute_needs_reset)(VFIODevice *vdev);
+int (*vfio_hot_reset_multi)(VFIODevice *vdev);
+};
+
typedef struct VFIOPCIDevice {
PCIDevice pdev;
-int fd;
+VFIODevice vbasedev;
VFIOINTx intx;
unsigned int config_size;
uint8_t *emulated_config_bits; /* QEMU emulated bits, little-endian */
@@ -203,20 +226,16 @@ typedef struct VFIOPCIDevice {
VFIOBAR bars[PCI_NUM_REGIONS - 1]; /* No ROM */
VFIOVGA vga; /* 0xa, 0x3b0, 0x3c0 */
PCIHostDeviceAddress host;
-QLIST_ENTRY(VFIOPCIDevice) next;
-struct VFIOGroup *group;
EventNotifier err_notifier;
uint32_t features;
#define VFIO_FEATURE_ENABLE_VGA_BIT 0
#define VFIO_FEATURE_ENABLE_VGA (1 VFIO_FEATURE_ENABLE_VGA_BIT)
int32_t bootindex;
uint8_t pm_cap;
-bool reset_works;
bool has_vga;
bool pci_aer;
bool has_flr;
bool has_pm_reset;
-bool needs_reset;
bool rom_read_failed;
} VFIOPCIDevice;
@@ -224,7 +243,7 @@ typedef struct VFIOGroup {
int fd;
int groupid;
VFIOContainer *container;
-QLIST_HEAD(, VFIOPCIDevice) device_list;
+QLIST_HEAD(, VFIODevice) device_list;
QLIST_ENTRY(VFIOGroup) next;
QLIST_ENTRY(VFIOGroup) container_next;
} VFIOGroup;
@@ -277,7 +296,7 @@ static void vfio_mmap_set_enabled(VFIOPCIDevice *vdev, bool
enabled);
/*
* Common VFIO interrupt disable
*/
-static void vfio_disable_irqindex(VFIOPCIDevice *vdev, int index)
+static void vfio_disable_irqindex(VFIODevice *vbasedev, int index)
{
struct vfio_irq_set irq_set = {
.argsz = sizeof(irq_set),
@@ -287,37 +306,37 @@ static void vfio_disable_irqindex(VFIOPCIDevice *vdev,
int index)
.count = 0,
};
-ioctl(vdev-fd, VFIO_DEVICE_SET_IRQS, irq_set);
+ioctl(vbasedev-fd, VFIO_DEVICE_SET_IRQS, irq_set);
}
/*
* INTx
*/
-static void vfio_unmask_intx(VFIOPCIDevice *vdev)
+static void vfio_unmask_irqindex(VFIODevice *vbasedev, int index)
{
struct vfio_irq_set irq_set = {
.argsz = sizeof(irq_set),
.flags = VFIO_IRQ_SET_DATA_NONE | VFIO_IRQ_SET_ACTION_UNMASK,
-.index = VFIO_PCI_INTX_IRQ_INDEX,
+.index = index,
.start = 0,
.count = 1,
};
-ioctl(vdev-fd, VFIO_DEVICE_SET_IRQS, irq_set);
+ioctl(vbasedev-fd, VFIO_DEVICE_SET_IRQS, irq_set);
}
#ifdef CONFIG_KVM /* Unused outside of CONFIG_KVM code */
-static void vfio_mask_intx(VFIOPCIDevice *vdev)
+static void vfio_mask_irqindex(VFIODevice *vbasedev, int index)
{
struct vfio_irq_set irq_set = {
.argsz = sizeof(irq_set),
.flags = VFIO_IRQ_SET_DATA_NONE | VFIO_IRQ_SET_ACTION_MASK,
-.index = VFIO_PCI_INTX_IRQ_INDEX,
+.index = index,
.start = 0,
.count = 1,
};
-ioctl(vdev-fd, VFIO_DEVICE_SET_IRQS, irq_set);
+ioctl(vbasedev-fd, VFIO_DEVICE_SET_IRQS, irq_set);
}
#endif
@@ -381,7 +400,7 @@ static void vfio_eoi(VFIOPCIDevice *vdev)
vdev-intx.pending = false;
pci_irq_deassert(vdev-pdev);
-vfio_unmask_intx(vdev);
+vfio_unmask_irqindex(vdev-vbasedev, VFIO_PCI_INTX_IRQ_INDEX);
}
static void vfio_enable_intx_kvm(VFIOPCIDevice *vdev)
@@ -404,7
Re: [Qemu-devel] [PATCH 1/3] qmp: Add command 'blockdev-backup'
Am 11.09.2014 um 07:05 hat Fam Zheng geschrieben:
Similar to drive-backup, but this command uses a device id as target
instead of creating/opening an image file.
Also add blocker on target bs, since the target is also a named device
now.
Add check and report error for bs == target which became possible but is
an illegal case with introduction of blockdev-backup.
Signed-off-by: Fam Zheng f...@redhat.com
diff --git a/qapi/block-core.json b/qapi/block-core.json
index a685d02..b953c7b 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -669,6 +669,40 @@
'*on-target-error': 'BlockdevOnError' } }
##
+# @BlockdevBackup
+#
+# @device: the name of the device which should be copied.
+#
+# @target: the name of the backup target device.
Both of these are either a BlockBackend ID or a BDS node-name, right? Do
we have a standard way of expressing this? name of the device isn't
quite clear.
+# @sync: what parts of the disk image should be copied to the destination
+#(all the disk, only the sectors allocated in the topmost image, or
+#only new I/O).
+#
+# @speed: #optional the maximum speed, in bytes per second.
+#
+# @on-source-error: #optional the action to take on an error on the source,
+# default 'report'. 'stop' and 'enospc' can only be used
+# if the block device supports io-status (see BlockInfo).
+#
+# @on-target-error: #optional the action to take on an error on the target,
+# default 'report' (no limitations, since this applies to
+# a different block device than @device).
+#
+# Note that @on-source-error and @on-target-error only affect background I/O.
+# If an error occurs during a guest write request, the device's rerror/werror
+# actions will be used.
+#
+# Since: 2.2
+##
+{ 'type': 'BlockdevBackup',
+ 'data': { 'device': 'str', 'target': 'str',
+'sync': 'MirrorSyncMode',
+'*speed': 'int',
+'*on-source-error': 'BlockdevOnError',
+'*on-target-error': 'BlockdevOnError' } }
Kevin
Re: [Qemu-devel] [PATCH 1/5] target-arm/translate.c: Use arm_dc_feature() in ENABLE_ARCH_ macros
Peter Maydell peter.mayd...@linaro.org writes:
All the places where we use the ENABLE_ARCH_* and ARCH() macros have a
DisasContext* s, so switch them over to use arm_dc_feature() rather than
arm_feature() so we don't need to pass the CPUARMState* env around too.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
Reviewed-by: Alex Bennée alex.ben...@linaro.org
---
target-arm/translate.c | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/target-arm/translate.c b/target-arm/translate.c
index 1d52e47..f69e5ef 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -38,16 +38,16 @@
#include trace-tcg.h
-#define ENABLE_ARCH_4Tarm_feature(env, ARM_FEATURE_V4T)
-#define ENABLE_ARCH_5 arm_feature(env, ARM_FEATURE_V5)
+#define ENABLE_ARCH_4Tarm_dc_feature(s, ARM_FEATURE_V4T)
+#define ENABLE_ARCH_5 arm_dc_feature(s, ARM_FEATURE_V5)
/* currently all emulated v5 cores are also v5TE, so don't bother */
-#define ENABLE_ARCH_5TE arm_feature(env, ARM_FEATURE_V5)
+#define ENABLE_ARCH_5TE arm_dc_feature(s, ARM_FEATURE_V5)
#define ENABLE_ARCH_5J0
-#define ENABLE_ARCH_6 arm_feature(env, ARM_FEATURE_V6)
-#define ENABLE_ARCH_6K arm_feature(env, ARM_FEATURE_V6K)
-#define ENABLE_ARCH_6T2 arm_feature(env, ARM_FEATURE_THUMB2)
-#define ENABLE_ARCH_7 arm_feature(env, ARM_FEATURE_V7)
-#define ENABLE_ARCH_8 arm_feature(env, ARM_FEATURE_V8)
+#define ENABLE_ARCH_6 arm_dc_feature(s, ARM_FEATURE_V6)
+#define ENABLE_ARCH_6K arm_dc_feature(s, ARM_FEATURE_V6K)
+#define ENABLE_ARCH_6T2 arm_dc_feature(s, ARM_FEATURE_THUMB2)
+#define ENABLE_ARCH_7 arm_dc_feature(s, ARM_FEATURE_V7)
+#define ENABLE_ARCH_8 arm_dc_feature(s, ARM_FEATURE_V8)
#define ARCH(x) do { if (!ENABLE_ARCH_##x) goto illegal_op; } while(0)
--
Alex Bennée
[Qemu-devel] [PATCH v7 02/16] hw/vfio/pci: Rename VFIODevice into VFIOPCIDevice
This prepares for the introduction of VFIOPlatformDevice
Signed-off-by: Eric Auger eric.au...@linaro.org
---
hw/vfio/pci.c | 210 +-
1 file changed, 106 insertions(+), 104 deletions(-)
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 8514b9e..93181bf 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -48,11 +48,11 @@
#define VFIO_ALLOW_KVM_MSI 1
#define VFIO_ALLOW_KVM_MSIX 1
-struct VFIODevice;
+struct VFIOPCIDevice;
typedef struct VFIOQuirk {
MemoryRegion mem;
-struct VFIODevice *vdev;
+struct VFIOPCIDevice *vdev;
QLIST_ENTRY(VFIOQuirk) next;
struct {
uint32_t base_offset:TARGET_PAGE_BITS;
@@ -123,7 +123,7 @@ typedef struct VFIOMSIVector {
*/
EventNotifier interrupt;
EventNotifier kvm_interrupt;
-struct VFIODevice *vdev; /* back pointer to device */
+struct VFIOPCIDevice *vdev; /* back pointer to device */
int virq;
bool use;
} VFIOMSIVector;
@@ -185,7 +185,7 @@ typedef struct VFIOMSIXInfo {
void *mmap;
} VFIOMSIXInfo;
-typedef struct VFIODevice {
+typedef struct VFIOPCIDevice {
PCIDevice pdev;
int fd;
VFIOINTx intx;
@@ -203,7 +203,7 @@ typedef struct VFIODevice {
VFIOBAR bars[PCI_NUM_REGIONS - 1]; /* No ROM */
VFIOVGA vga; /* 0xa, 0x3b0, 0x3c0 */
PCIHostDeviceAddress host;
-QLIST_ENTRY(VFIODevice) next;
+QLIST_ENTRY(VFIOPCIDevice) next;
struct VFIOGroup *group;
EventNotifier err_notifier;
uint32_t features;
@@ -218,13 +218,13 @@ typedef struct VFIODevice {
bool has_pm_reset;
bool needs_reset;
bool rom_read_failed;
-} VFIODevice;
+} VFIOPCIDevice;
typedef struct VFIOGroup {
int fd;
int groupid;
VFIOContainer *container;
-QLIST_HEAD(, VFIODevice) device_list;
+QLIST_HEAD(, VFIOPCIDevice) device_list;
QLIST_ENTRY(VFIOGroup) next;
QLIST_ENTRY(VFIOGroup) container_next;
} VFIOGroup;
@@ -268,16 +268,16 @@ static QLIST_HEAD(, VFIOGroup)
static int vfio_kvm_device_fd = -1;
#endif
-static void vfio_disable_interrupts(VFIODevice *vdev);
+static void vfio_disable_interrupts(VFIOPCIDevice *vdev);
static uint32_t vfio_pci_read_config(PCIDevice *pdev, uint32_t addr, int len);
static void vfio_pci_write_config(PCIDevice *pdev, uint32_t addr,
uint32_t val, int len);
-static void vfio_mmap_set_enabled(VFIODevice *vdev, bool enabled);
+static void vfio_mmap_set_enabled(VFIOPCIDevice *vdev, bool enabled);
/*
* Common VFIO interrupt disable
*/
-static void vfio_disable_irqindex(VFIODevice *vdev, int index)
+static void vfio_disable_irqindex(VFIOPCIDevice *vdev, int index)
{
struct vfio_irq_set irq_set = {
.argsz = sizeof(irq_set),
@@ -293,7 +293,7 @@ static void vfio_disable_irqindex(VFIODevice *vdev, int
index)
/*
* INTx
*/
-static void vfio_unmask_intx(VFIODevice *vdev)
+static void vfio_unmask_intx(VFIOPCIDevice *vdev)
{
struct vfio_irq_set irq_set = {
.argsz = sizeof(irq_set),
@@ -307,7 +307,7 @@ static void vfio_unmask_intx(VFIODevice *vdev)
}
#ifdef CONFIG_KVM /* Unused outside of CONFIG_KVM code */
-static void vfio_mask_intx(VFIODevice *vdev)
+static void vfio_mask_intx(VFIOPCIDevice *vdev)
{
struct vfio_irq_set irq_set = {
.argsz = sizeof(irq_set),
@@ -338,7 +338,7 @@ static void vfio_mask_intx(VFIODevice *vdev)
*/
static void vfio_intx_mmap_enable(void *opaque)
{
-VFIODevice *vdev = opaque;
+VFIOPCIDevice *vdev = opaque;
if (vdev-intx.pending) {
timer_mod(vdev-intx.mmap_timer,
@@ -351,7 +351,7 @@ static void vfio_intx_mmap_enable(void *opaque)
static void vfio_intx_interrupt(void *opaque)
{
-VFIODevice *vdev = opaque;
+VFIOPCIDevice *vdev = opaque;
if (!event_notifier_test_and_clear(vdev-intx.interrupt)) {
return;
@@ -370,7 +370,7 @@ static void vfio_intx_interrupt(void *opaque)
}
}
-static void vfio_eoi(VFIODevice *vdev)
+static void vfio_eoi(VFIOPCIDevice *vdev)
{
if (!vdev-intx.pending) {
return;
@@ -384,7 +384,7 @@ static void vfio_eoi(VFIODevice *vdev)
vfio_unmask_intx(vdev);
}
-static void vfio_enable_intx_kvm(VFIODevice *vdev)
+static void vfio_enable_intx_kvm(VFIOPCIDevice *vdev)
{
#ifdef CONFIG_KVM
struct kvm_irqfd irqfd = {
@@ -462,7 +462,7 @@ fail:
#endif
}
-static void vfio_disable_intx_kvm(VFIODevice *vdev)
+static void vfio_disable_intx_kvm(VFIOPCIDevice *vdev)
{
#ifdef CONFIG_KVM
struct kvm_irqfd irqfd = {
@@ -506,7 +506,7 @@ static void vfio_disable_intx_kvm(VFIODevice *vdev)
static void vfio_update_irq(PCIDevice *pdev)
{
-VFIODevice *vdev = DO_UPCAST(VFIODevice, pdev, pdev);
+VFIOPCIDevice *vdev = DO_UPCAST(VFIOPCIDevice, pdev, pdev);
PCIINTxRoute route;
if (vdev-interrupt != VFIO_INT_INTx) {
@@ -537,7 +537,7 @@ static void vfio_update_irq(PCIDevice *pdev)
vfio_eoi(vdev);
}
-static int vfio_enable_intx(VFIODevice
[Qemu-devel] [PATCH v7 01/16] vfio: move hw/misc/vfio.c to hw/vfio/pci.c Move vfio.h into include/hw/vfio
From: Kim Phillips kim.phill...@linaro.org
This is done in preparation for the addition of VFIO platform
device support.
Signed-off-by: Kim Phillips kim.phill...@linaro.org
---
LICENSE | 2 +-
MAINTAINERS | 2 +-
hw/Makefile.objs | 1 +
hw/misc/Makefile.objs| 1 -
hw/ppc/spapr_pci_vfio.c | 2 +-
hw/vfio/Makefile.objs| 3 +++
hw/{misc/vfio.c = vfio/pci.c} | 2 +-
include/hw/{misc = vfio}/vfio.h | 0
8 files changed, 8 insertions(+), 5 deletions(-)
create mode 100644 hw/vfio/Makefile.objs
rename hw/{misc/vfio.c = vfio/pci.c} (99%)
rename include/hw/{misc = vfio}/vfio.h (100%)
diff --git a/LICENSE b/LICENSE
index da70e94..0e0b4b9 100644
--- a/LICENSE
+++ b/LICENSE
@@ -11,7 +11,7 @@ option) any later version.
As of July 2013, contributions under version 2 of the GNU General Public
License (and no later version) are only accepted for the following files
-or directories: bsd-user/, linux-user/, hw/misc/vfio.c, hw/xen/xen_pt*.
+or directories: bsd-user/, linux-user/, hw/vfio/, hw/xen/xen_pt*.
3) The Tiny Code Generator (TCG) is released under the BSD license
(see license headers in files).
diff --git a/MAINTAINERS b/MAINTAINERS
index 94366ef..3f2db91 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -656,7 +656,7 @@ F: hw/usb/dev-serial.c
VFIO
M: Alex Williamson alex.william...@redhat.com
S: Supported
-F: hw/misc/vfio.c
+F: hw/vfio/*
vhost
M: Michael S. Tsirkin m...@redhat.com
diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index 52a1464..73afa41 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -26,6 +26,7 @@ devices-dirs-$(CONFIG_SOFTMMU) += ssi/
devices-dirs-$(CONFIG_SOFTMMU) += timer/
devices-dirs-$(CONFIG_TPM) += tpm/
devices-dirs-$(CONFIG_SOFTMMU) += usb/
+devices-dirs-$(CONFIG_SOFTMMU) += vfio/
devices-dirs-$(CONFIG_VIRTIO) += virtio/
devices-dirs-$(CONFIG_SOFTMMU) += watchdog/
devices-dirs-$(CONFIG_SOFTMMU) += xen/
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index 979e532..e47fea8 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -21,7 +21,6 @@ common-obj-$(CONFIG_MACIO) += macio/
ifeq ($(CONFIG_PCI), y)
obj-$(CONFIG_KVM) += ivshmem.o
-obj-$(CONFIG_LINUX) += vfio.o
endif
obj-$(CONFIG_REALVIEW) += arm_sysctl.o
diff --git a/hw/ppc/spapr_pci_vfio.c b/hw/ppc/spapr_pci_vfio.c
index d3bddf2..144912b 100644
--- a/hw/ppc/spapr_pci_vfio.c
+++ b/hw/ppc/spapr_pci_vfio.c
@@ -20,7 +20,7 @@
#include hw/ppc/spapr.h
#include hw/pci-host/spapr.h
#include linux/vfio.h
-#include hw/misc/vfio.h
+#include hw/vfio/vfio.h
static Property spapr_phb_vfio_properties[] = {
DEFINE_PROP_INT32(iommu, sPAPRPHBVFIOState, iommugroupid, -1),
diff --git a/hw/vfio/Makefile.objs b/hw/vfio/Makefile.objs
new file mode 100644
index 000..31c7dab
--- /dev/null
+++ b/hw/vfio/Makefile.objs
@@ -0,0 +1,3 @@
+ifeq ($(CONFIG_LINUX), y)
+obj-$(CONFIG_PCI) += pci.o
+endif
diff --git a/hw/misc/vfio.c b/hw/vfio/pci.c
similarity index 99%
rename from hw/misc/vfio.c
rename to hw/vfio/pci.c
index cdf4922..8514b9e 100644
--- a/hw/misc/vfio.c
+++ b/hw/vfio/pci.c
@@ -39,8 +39,8 @@
#include qemu/range.h
#include sysemu/kvm.h
#include sysemu/sysemu.h
-#include hw/misc/vfio.h
#include trace.h
+#include hw/vfio/vfio.h
/* Extra debugging, trap acceleration paths for more logging */
#define VFIO_ALLOW_MMAP 1
diff --git a/include/hw/misc/vfio.h b/include/hw/vfio/vfio.h
similarity index 100%
rename from include/hw/misc/vfio.h
rename to include/hw/vfio/vfio.h
--
1.8.3.2
Re: [Qemu-devel] [PATCH 00/17] RFC: userfault v2
On 2014/10/31 13:17, Andres Lagar-Cavilla wrote: On Thu, Oct 30, 2014 at 9:38 PM, zhanghailiang zhang.zhanghaili...@huawei.com wrote: On 2014/10/31 11:29, zhanghailiang wrote: On 2014/10/31 10:23, Peter Feiner wrote: On Thu, Oct 30, 2014 at 07:31:48PM +0800, zhanghailiang wrote: On 2014/10/30 1:46, Andrea Arcangeli wrote: On Mon, Oct 27, 2014 at 05:32:51PM +0800, zhanghailiang wrote: I want to confirm a question: Can we support distinguishing between writing and reading memory for userfault? That is, we can decide whether writing a page, reading a page or both trigger userfault. Mail is going to be long enough already so I'll just assume tracking dirty memory in userland (instead of doing it in kernel) is worthy feature to have here. I'll open that can of worms :-) [...] Er, maybe i didn't describe clearly. What i really need for live memory snapshot is only wrprotect fault, like kvm's dirty tracing mechanism, *only tracing write action*. So, what i need for userfault is supporting only wrprotect fault. i don't want to get notification for non present reading faults, it will influence VM's performance and the efficiency of doing snapshot. Given that you do care about performance Zhanghailiang, I don't think that a userfault handler is a good place to track dirty memory. Every dirtying write will block on the userfault handler, which is an expensively slow proposition compared to an in-kernel approach. Agreed, but for doing live memory snapshot (VM is running when do snapsphot), we have to do this (block the write action), because we have to save the page before it is dirtied by writing action. This is the difference, compared to pre-copy migration. Again;) For snapshot, i don't use its dirty tracing ability, i just use it to block write action, and save page, and then i will remove its write protect. You could do a CoW in the kernel, post a notification, keep going, and expose an interface for user-space to mmap the preserved copy. Getting the life-cycle of the preserved page(s) right is tricky, but doable. Anyway, it's easy to hand-wave without knowing your specific requirements. Yes, what i need is very much like user-space COW feature, but i don't want to modify any code of kvm to relize COW, usefault is a more generic way and more grace. Besides, I'm not an expert in kernel:( Opening the discussion a bit, this does look similar to the xen-access interface, in which a xen domain vcpu could be stopped in its tracks Right;) while user-space was notified (and acknowledged) a variety of scenarios: page was written to, page was read from, vcpu is attempting to execute from page, etc. Very applicable to anti-viruses right away, for example you can enforce W^X properties on pages. I don't know that Andrea wants to open the game so broadly for userfault, and the code right now is very specific to triggering on pte_none(), but that's a nice reward down this road. I hope he will consider it. IMHO, it is a good extension for userfault (write fault);) Best Regards, zhanghailiang Also, i think this feature will benefit for migration of ivshmem and vhost-scsi which have no dirty-page-tracing now. I do agree wholeheartedly with you here. Manually tracking non-guest writes adds to the complexity of device emulation code. A central fault-driven means for dirty tracking writes from the guest and host would be a welcome simplification to implementing pre-copy migration. Indeed, that's exactly what I'm working on! I'm using the softdirty bit, which was introduced recently for CRIU migration, to replace the use of KVM's dirty logging and manual dirty tracking by the VMM during pre-copy migration. See Great! Do you plan to issue your patches to community? I mean is your work based on qemu? or an independent tool (CRIU migration?) for live-migration? Maybe i could fix the migration problem for ivshmem in qemu now, based on softdirty mechanism. Documentation/vm/soft-dirty.txt and pagemap.txt in case you aren't familiar. To I have read them cursorily, it is useful for pre-copy indeed. But it seems that it can not meet my need for snapshot. make softdirty usable for live migration, I've added an API to atomically test-and-clear the bit and write protect the page. How can i find the API? Is it been merged in kernel's master branch already? Thanks, zhanghailiang -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html .
Re: [Qemu-devel] [PATCH v8 07/27] target-arm: insert AArch32 cpregs twice into hashtable
On 30 October 2014 21:28, Greg Bellows greg.bell...@linaro.org wrote:
From: Fabian Aggeler aggel...@ethz.ch
Prepare for cp register banking by inserting every cp register twice,
once for secure world and once for non-secure world.
Signed-off-by: Fabian Aggeler aggel...@ethz.ch
Signed-off-by: Greg Bellows greg.bell...@linaro.org
---
v7 - v8
- Updated define registers asserts to allow either a non-zero fieldoffset or
non-zero bank_fieldoffsets.
- Updated CP register hashing to always set the register fieldoffset when
banked register offsets are specified.
v5 - v6
- Fixed NS-bit number in the CPREG hash lookup from 27 to 29.
- Switched to dedicated CPREG secure flags.
- Fixed disablement of reset and migration of common 32/64-bit registers.
- Globally replace Aarch# with AArch#
v4 - v5
- Added use of ARM CP secure/non-secure bank flags during register processing
in define_one_arm_cp_reg_with_opaque(). We now only register the specified
bank if only one flag is specified, otherwise we register both a secure and
non-secure instance.
---
target-arm/helper.c | 98
-
1 file changed, 82 insertions(+), 16 deletions(-)
diff --git a/target-arm/helper.c b/target-arm/helper.c
index 959a46e..c1c6303 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -3296,22 +3296,62 @@ static void add_cpreg_to_hashtable(ARMCPU *cpu, const
ARMCPRegInfo *r,
uint32_t *key = g_new(uint32_t, 1);
ARMCPRegInfo *r2 = g_memdup(r, sizeof(ARMCPRegInfo));
int is64 = (r-type ARM_CP_64BIT) ? 1 : 0;
-if (r-state == ARM_CP_STATE_BOTH state == ARM_CP_STATE_AA32) {
-/* The AArch32 view of a shared register sees the lower 32 bits
- * of a 64 bit backing field. It is not migratable as the AArch64
- * view handles that. AArch64 also handles reset.
- * We assume it is a cp15 register if the .cp field is left unset.
+
+if (r-bank_fieldoffsets[0] r-bank_fieldoffsets[1]) {
+/* Register is banked (using both entries in array).
+ * Overwriting fieldoffset as the array is only used to define
+ * banked registers but later only fieldoffset is used.
*/
-if (r2-cp == 0) {
-r2-cp = 15;
+r2-fieldoffset = r-bank_fieldoffsets[nsbit];
+}
+
+if (state == ARM_CP_STATE_AA32) {
+/* Clear the secure state flags and set based on incoming nsbit */
+r2-secure = ~(ARM_CP_SECSTATE_S | ARM_CP_SECSTATE_NS);
+r2-secure |= ARM_CP_SECSTATE_S nsbit;
This bitmanipulation looks like leftover from when these were in 'state';
r2-secure = secstate;
should be sufficient (and you might as well put this down below the
'r2-state = state' assignment, since it's harmless to do it for all
regdefs including 64 bit ones).
+
+if (r-bank_fieldoffsets[0] r-bank_fieldoffsets[1]) {
+/* If the register is banked and V8 is enabled then we don't need
+ * to migrate or reset the AArch32 version of the banked
+ * registers as this will be handled through the AArch64 view.
+ * If v7 then we don't need to migrate or reset the AArch32
+ * non-secure bank as this will be handled through the AArch64
+ * view. In this case the secure bank is not mirrored, so we
must
+ * preserve it's reset criteria and allow it to be migrated.
+ *
+ * The exception to the above is cpregs with a crn of 13
+ * (specifically FCSEIDR and CONTEXTIDR) in which case there may
+ * not be an AArch64 equivalent for one or either bank so
migration
+ * and reset must be preserved.
+ */
I'm not sure what this paragraph is trying to say. The AArch64 equivalent
of CONTEXTIDR(NS) is CONTEXTIDR_EL1. In v8 FCSEIDR is a constant RAZ/WI
register, so migration and reset aren't relevant anyway.
In any case, if we only have a couple of special case registers where
this bank handling doesn't work, I suggest that we should handle them
by having two separate reginfo structs for the S and NS versions,
rather than special casing a specific crn value here.
+if (r-state == ARM_CP_STATE_BOTH) {
+if ((arm_feature(cpu-env, ARM_FEATURE_V8) r-crn != 13)
||
+nsbit) {
+r2-type |= ARM_CP_NO_MIGRATE;
+r2-resetfn = arm_cp_reset_ignore;
+}
+}
+} else if (!nsbit) {
+/* The register is not banked so we only want to allow migration
of
+ * the non-secure instance.
+ */
+r2-type |= ARM_CP_NO_MIGRATE;
+r2-resetfn = arm_cp_reset_ignore;
}
-r2-type |= ARM_CP_NO_MIGRATE;
-r2-resetfn = arm_cp_reset_ignore;
+
+if (r-state == ARM_CP_STATE_BOTH) {
+/* We assume
[Qemu-devel] [PATCH v7 07/16] hw/vfio/pci: use name field in format strings
Signed-off-by: Eric Auger eric.au...@linaro.org
Conflicts:
trace-events
---
hw/vfio/pci.c | 213 --
trace-events | 109 --
2 files changed, 116 insertions(+), 206 deletions(-)
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 2216bd4..6584425 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -387,9 +387,7 @@ static void vfio_intx_interrupt(void *opaque)
return;
}
-trace_vfio_intx_interrupt(vdev-host.domain, vdev-host.bus,
- vdev-host.slot, vdev-host.function,
- 'A' + vdev-intx.pin);
+trace_vfio_intx_interrupt(vdev-vbasedev.name, 'A' + vdev-intx.pin);
vdev-intx.pending = true;
pci_irq_assert(vdev-pdev);
@@ -408,8 +406,7 @@ static void vfio_eoi(VFIODevice *vbasedev)
return;
}
-trace_vfio_eoi(vdev-host.domain, vdev-host.bus,
- vdev-host.slot, vdev-host.function);
+trace_vfio_eoi(vbasedev-name);
vdev-intx.pending = false;
pci_irq_deassert(vdev-pdev);
@@ -478,8 +475,7 @@ static void vfio_enable_intx_kvm(VFIOPCIDevice *vdev)
vdev-intx.kvm_accel = true;
-trace_vfio_enable_intx_kvm(vdev-host.domain, vdev-host.bus,
- vdev-host.slot, vdev-host.function);
+trace_vfio_enable_intx_kvm(vdev-vbasedev.name);
return;
@@ -531,8 +527,7 @@ static void vfio_disable_intx_kvm(VFIOPCIDevice *vdev)
/* If we've missed an event, let it re-fire through QEMU */
vfio_unmask_irqindex(vdev-vbasedev, VFIO_PCI_INTX_IRQ_INDEX);
-trace_vfio_disable_intx_kvm(vdev-host.domain, vdev-host.bus,
-vdev-host.slot, vdev-host.function);
+trace_vfio_disable_intx_kvm(vdev-vbasedev.name);
#endif
}
@@ -551,8 +546,7 @@ static void vfio_update_irq(PCIDevice *pdev)
return; /* Nothing changed */
}
-trace_vfio_update_irq(vdev-host.domain, vdev-host.bus,
- vdev-host.slot, vdev-host.function,
+trace_vfio_update_irq(vdev-vbasedev.name,
vdev-intx.route.irq, route.irq);
vfio_disable_intx_kvm(vdev);
@@ -628,8 +622,7 @@ static int vfio_enable_intx(VFIOPCIDevice *vdev)
vdev-interrupt = VFIO_INT_INTx;
-trace_vfio_enable_intx(vdev-host.domain, vdev-host.bus,
- vdev-host.slot, vdev-host.function);
+trace_vfio_enable_intx(vdev-vbasedev.name);
return 0;
}
@@ -651,8 +644,7 @@ static void vfio_disable_intx(VFIOPCIDevice *vdev)
vdev-interrupt = VFIO_INT_NONE;
-trace_vfio_disable_intx(vdev-host.domain, vdev-host.bus,
-vdev-host.slot, vdev-host.function);
+trace_vfio_disable_intx(vdev-vbasedev.name);
}
/*
@@ -679,9 +671,7 @@ static void vfio_msi_interrupt(void *opaque)
abort();
}
-trace_vfio_msi_interrupt(vdev-host.domain, vdev-host.bus,
- vdev-host.slot, vdev-host.function,
- nr, msg.address, msg.data);
+trace_vfio_msi_interrupt(vbasedev-name, nr, msg.address, msg.data);
#endif
if (vdev-interrupt == VFIO_INT_MSIX) {
@@ -788,9 +778,7 @@ static int vfio_msix_vector_do_use(PCIDevice *pdev,
unsigned int nr,
VFIOMSIVector *vector;
int ret;
-trace_vfio_msix_vector_do_use(vdev-host.domain, vdev-host.bus,
- vdev-host.slot, vdev-host.function,
- nr);
+trace_vfio_msix_vector_do_use(vdev-vbasedev.name, nr);
vector = vdev-msi_vectors[nr];
@@ -876,9 +864,7 @@ static void vfio_msix_vector_release(PCIDevice *pdev,
unsigned int nr)
VFIOPCIDevice *vdev = DO_UPCAST(VFIOPCIDevice, pdev, pdev);
VFIOMSIVector *vector = vdev-msi_vectors[nr];
-trace_vfio_msix_vector_release(vdev-host.domain, vdev-host.bus,
- vdev-host.slot, vdev-host.function,
- nr);
+trace_vfio_msix_vector_release(vdev-vbasedev.name, nr);
/*
* There are still old guests that mask and unmask vectors on every
@@ -941,8 +927,7 @@ static void vfio_enable_msix(VFIOPCIDevice *vdev)
error_report(vfio: msix_set_vector_notifiers failed);
}
-trace_vfio_enable_msix(vdev-host.domain, vdev-host.bus,
- vdev-host.slot, vdev-host.function);
+trace_vfio_enable_msix(vdev-vbasedev.name);
}
static void vfio_enable_msi(VFIOPCIDevice *vdev)
@@ -1018,9 +1003,7 @@ retry:
return;
}
-trace_vfio_enable_msi(vdev-host.domain, vdev-host.bus,
- vdev-host.slot, vdev-host.function,
- vdev-nr_vectors);
+trace_vfio_enable_msi(vdev-vbasedev.name, vdev-nr_vectors);
}
static void vfio_disable_msi_common(VFIOPCIDevice *vdev)
@@ -1070,8 +1053,7 @@ static void vfio_disable_msix(VFIOPCIDevice *vdev)
Re: [Qemu-devel] [PATCH RFC 05/11] virtio: introduce legacy virtio devices
On Tue, 28 Oct 2014 16:40:18 +0100
Greg Kurz gk...@linux.vnet.ibm.com wrote:
On Tue, 7 Oct 2014 16:40:01 +0200
Cornelia Huck cornelia.h...@de.ibm.com wrote:
Introduce a helper function to indicate whether a virtio device is
operating in legacy or virtio standard mode.
It may be used to make decisions about the endianess of virtio accesses
and other virtio-1 specific changes, enabling us to support transitional
devices.
Reviewed-by: Thomas Huth th...@linux.vnet.ibm.com
Signed-off-by: Cornelia Huck cornelia.h...@de.ibm.com
---
hw/virtio/virtio.c|6 +-
include/hw/virtio/virtio-access.h |4
include/hw/virtio/virtio.h| 13 +++--
3 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 7aaa953..e6ae3a0 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -883,7 +883,11 @@ static bool virtio_device_endian_needed(void *opaque)
VirtIODevice *vdev = opaque;
assert(vdev-device_endian != VIRTIO_DEVICE_ENDIAN_UNKNOWN);
-return vdev-device_endian != virtio_default_endian();
+if (virtio_device_is_legacy(vdev)) {
+return vdev-device_endian != virtio_default_endian();
+}
+/* Devices conforming to VIRTIO 1.0 or later are always LE. */
+return vdev-device_endian != VIRTIO_DEVICE_ENDIAN_LITTLE;
}
Shouldn't we have some code doing the following somewhere ?
if (!virtio_device_is_legacy(vdev)) {
vdev-device_endian = VIRTIO_DEVICE_ENDIAN_LITTLE;
}
also, since virtio-1 is LE only, do we expect device_endian to
be different from VIRTIO_DEVICE_ENDIAN_LITTLE ?
device_endian should not depend on whether the device is legacy or not.
virtio_is_big_endian always returns false for virtio-1 devices, though.
[Qemu-devel] [PATCH] vdi: wrapped uuid_unparse() in #ifdef
Wrapped uuid_unparse() in #ifdef to avoid -Wunused-function on clang 3.4 or
later.
Signed-off-by: SeokYeon Hwang syeon.hw...@samsung.com
---
block/vdi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/block/vdi.c b/block/vdi.c
index 19701ee..e1d211c 100644
--- a/block/vdi.c
+++ b/block/vdi.c
@@ -137,12 +137,14 @@ static inline int uuid_is_null(const uuid_t uu)
return memcmp(uu, null_uuid, sizeof(uuid_t)) == 0;
}
+# if defined(CONFIG_VDI_DEBUG)
static inline void uuid_unparse(const uuid_t uu, char *out)
{
snprintf(out, 37, UUID_FMT,
uu[0], uu[1], uu[2], uu[3], uu[4], uu[5], uu[6], uu[7],
uu[8], uu[9], uu[10], uu[11], uu[12], uu[13], uu[14], uu[15]);
}
+# endif
#endif
typedef struct {
--
2.1.0
Re: [Qemu-devel] [PATCH] hw/arm/realview.c: Fix memory leak in realview_init()
On 31 October 2014 10:42, Nikita Belov zod...@ispras.ru wrote: On 2014-10-29 19:03, Peter Maydell wrote: We leak all of the MemoryRegions we allocate here, because we don't have a persistent state struct to keep them in. This doesn't really matter much because they're generally needed for the lifetime of the QEMU process anyway, and we only call board init functions once. So why worry about ram_lo in particular (and why this board in particular)? Indeed, generally we need memory regions for the lifetime of QEMU, but 'mem_lo' is different. It may not be used at all. We use 'ram_lo' only when a condition is true, in other case we will lose this pointer. Because of that if the condition is false we have memory leak immediately (not when QEMU exits). No, ram_lo is exactly the same as the other memory regions here: we allocate it in this function, we don't keep any kind of pointer to it after we leave this function, and we rely on it being freed on QEMU exit. The fact that we don't happen to use ram_lo in all cases is irrelevant. This isn't any more of a bug than the similar code for any of the other memory regions in this board or in many of our other boards. I don't think there's any point changing this code unless you want to refactor the board so it is a proper subclass of MachineState with its own state structure to hold the MemoryRegion pointers in. thanks -- PMM
Re: [Qemu-devel] [Linaro-acpi] [RFC PATCH 0/7] hw/arm/virt: Dynamic ACPI v5.1 table generation
On Thu, Oct 30, 2014 at 05:52:44PM +, Peter Maydell wrote: On 30 October 2014 17:43, Alexander Spyridakis a.spyrida...@virtualopensystems.com wrote: Currently, the virt machine model generates Device Tree information dynamically based on the existing devices in the system. This patch series extends the same concept but for ACPI information instead. A total of seven tables have been implemented in this patch series, which is the minimum for a basic ARM support. The set of generated tables are: - RSDP - XSDT - MADT - GTDT - FADT - FACS - DSDT The tables are created in standalone buffers, taking into account the needed information passed from the virt machine model. When the generation is finalized, the individual buffers are compacted to a single ACPI binary blob, where it is injected on the guest memory space in a fixed location. The guest kernel can find the ACPI tables by providing to it the physical address of the ACPI blob (e.g. acpi_rsdp=0x4700 boot argument). (Sorry, I should have waited for the cover letter to arrive before replying.) I think this is definitely the wrong approach. We already have to generate device tree information for the hardware we have, and having an equivalent parallel infrastructure for generating ACPI as well seems like it would be a tremendous mess. We should support guests that require ACPI by having QEMU boot a UEFI bios blob and have that UEFI code generate ACPI tables based on the DTB we hand it. (Chances seem good that any guest that wants ACPI is going to want UEFI runtime services anyway.) Depending on why people want ACPI in a guest environment, generating ACPI tables from a DTB might not be possible (e.g. if they want to use AML for some reason). So the important question is _why_ the guest needs to see an ACPI environment. What exactly can ACPI provide to the guest that DT does not already provide, and why is that necessary? What infrastrucutre is needed for that use case? Translating DT tables into the equivalent ACPI tables seems like a waste of effort unless it enables something we can't do at the moment. Thanks, Mark.
Re: [Qemu-devel] [Qemu-trivial] [PATCH v2] dump: fix use-after-free for s-fd
Michael Tokarev m...@tls.msk.ru writes: 30.10.2014 10:10, Markus Armbruster wrote: [] I'm afraid the commit message is a bit misleading. Let's examine what exactly happens. dump_iterate() dumps blocks in a loop. Eventually, get_next_block() returns no more. We then call dump_completed(). But we neglect to break the loop! Broken in commit 4c7e251a. Because of that, we dump the last block again. This attempts to write to s-fd, which fails if we're lucky. The error makes dump_iterate() return unsuccessfully. It's the only way it can ever return. Theoretical: if we're not so lucky, something else has opened something for writing and got the same fd. dump_iterate() then keeps looping, messing up the something else's output, until a write fails, or the process mercifully terminates. Is this correct? If yes, let's use this commit message: dump: Fix dump-guest-memory termination and use-after-close dump_iterate() dumps blocks in a loop. Eventually, get_next_block() returns no more. We then call dump_completed(). But we neglect to break the loop! Broken in commit 4c7e251a. Because of that, we dump the last block again. This attempts to write to s-fd, which fails if we're lucky. The error makes dump_iterate() return failure. It's the only way it can ever return. Theoretical: if we're not so lucky, something else has opened something for writing and got the same fd. dump_iterate() then keeps looping, messing up the something else's output, until a write fails, or the process mercifully terminates. The obvious fix is to restore the return lost in commit 4c7e251a. But the root cause of the bug is needlessly opaque loop control. Replace it by a clean do ... while loop. This makes the badly chosen return values of get_next_block() more visible. Cleaning that up is outside the scope of this bug fix. You can then add my R-by. So I'm applying this -- which is your patch and your commit message, and I really wonder why this is Reviewed-by and not Signed-off-by, with your authorship? It really should be... You can add mine in addition to Gonglei's. Signed-off-by: Markus Armbruster arm...@redhat.com
[Qemu-devel] [PATCH v4 6/6] hw/arm/virt: add dynamic sysbus device support
Allows sysbus devices to be instantiated from command line by
using -device option. Machvirt creates a platform bus at init.
The dynamic sysbus devices are attached to a platform bus device.
The platform bus device registers a machine init done notifier
whose role will be to bind the dynamic sysbus devices. Indeed
dynamic sysbus devices are created after machine init.
machvirt also registers a notifier that will start the VFIO
dynamic device IRQ handling.
Signed-off-by: Alexander Graf ag...@suse.de
Signed-off-by: Eric Auger eric.au...@linaro.org
---
v3 - v4:
- use platform bus object, instantiated in create_platform_bus
- device tree generation for platform bus and children dynamic
sysbus devices is no more handled at reset but in a
machine_init_done_notifier (due to the change in implementaion
of ARM load dtb using rom_add_blob_fixed).
- device tree enhancement now takes into account the case of
user provided dtb. Before the user dtb was overwritten which
was wrong. However in case the dtb is provided by the user,
dynamic sysbus nodes are not added there.
- renaming of MACHVIRT_PLATFORM defines
- MACHVIRT_PLATFORM_PAGE_SHIFT and SIZE_PAGES not needed anymore,
hence removed.
- DynSysbusParams struct renamed into ARMPlatformBusSystemParams
and above params removed.
- separation of dt creation and QEMU binding is not mandated anymore
since the device tree is not created from scratch anymore. Instead
the modify_dtb function is used.
- create_platform_bus registers another machine init done notifier
to start VFIO IRQ handling. This latter executes after the
dynamic sysbus device binding.
v2 - v3:
- renaming of arm_platform_bus_create_devtree and arm_load_dtb
- add copyright in hw/arm/dyn_sysbus_devtree.c
v1 - v2:
- remove useless vfio-platform.h include file
- s/MACHVIRT_PLATFORM_HOLE/MACHVIRT_PLATFORM_SIZE
- use dyn_sysbus_binding and dyn_sysbus_devtree
- dynamic sysbus platform buse size shrinked to 4MB and
moved between RTC and MMIO
v1:
Inspired from what Alex Graf did in ppc e500
https://lists.gnu.org/archive/html/qemu-ppc/2014-07/msg00012.html
Conflicts:
hw/arm/sysbus-fdt.c
---
hw/arm/virt.c | 59 +++
1 file changed, 59 insertions(+)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 78f618d..3a09d58 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -42,6 +42,8 @@
#include exec/address-spaces.h
#include qemu/bitops.h
#include qemu/error-report.h
+#include hw/arm/sysbus-fdt.h
+#include hw/platform-bus.h
#define NUM_VIRTIO_TRANSPORTS 32
@@ -59,6 +61,11 @@
#define GIC_FDT_IRQ_PPI_CPU_START 8
#define GIC_FDT_IRQ_PPI_CPU_WIDTH 8
+#define PLATFORM_BUS_BASE 0x940
+#define PLATFORM_BUS_SIZE (4ULL * 1024 * 1024)
+#define PLATFORM_BUS_FIRST_IRQ48
+#define PLATFORM_BUS_NUM_IRQS 20
+
enum {
VIRT_FLASH,
VIRT_MEM,
@@ -68,6 +75,7 @@ enum {
VIRT_UART,
VIRT_MMIO,
VIRT_RTC,
+VIRT_PLATFORM_BUS,
};
typedef struct MemMapEntry {
@@ -107,6 +115,7 @@ static const MemMapEntry a15memmap[] = {
[VIRT_GIC_CPU] ={ 0x0801, 0x0001 },
[VIRT_UART] = { 0x0900, 0x1000 },
[VIRT_RTC] ={ 0x0901, 0x1000 },
+[VIRT_PLATFORM_BUS] = {PLATFORM_BUS_BASE , PLATFORM_BUS_SIZE},
[VIRT_MMIO] = { 0x0a00, 0x0200 },
/* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */
/* 0x1000 .. 0x4000 reserved for PCI */
@@ -117,6 +126,14 @@ static const int a15irqmap[] = {
[VIRT_UART] = 1,
[VIRT_RTC] = 2,
[VIRT_MMIO] = 16, /* ...to 16 + NUM_VIRTIO_TRANSPORTS - 1 */
+[VIRT_PLATFORM_BUS] = PLATFORM_BUS_FIRST_IRQ,
+};
+
+ARMPlatformBusSystemParams platform_bus_params = {
+.platform_bus_base = PLATFORM_BUS_BASE,
+.platform_bus_size = PLATFORM_BUS_SIZE,
+.platform_bus_first_irq = PLATFORM_BUS_FIRST_IRQ,
+.platform_bus_num_irqs = PLATFORM_BUS_NUM_IRQS,
};
static VirtBoardInfo machines[] = {
@@ -519,6 +536,45 @@ static void create_flash(const VirtBoardInfo *vbi)
g_free(nodename);
}
+static void create_platform_bus(VirtBoardInfo *vbi, qemu_irq *pic,
+ARMPlatformBusSystemParams *system_params)
+{
+DeviceState *dev;
+SysBusDevice *s;
+int i;
+ARMPlatformBusFdtParams *fdt_params = g_new(ARMPlatformBusFdtParams, 1);
+MemoryRegion *sysmem = get_system_memory();
+
+/*
+ * register the notifier that will update the device tree with
+ * the platform bus and device tree nodes. Must be done before
+ * the instantiation of the platform bus device that registers
+ * the notifier that instantiates the dynamic sysbus devices
+ */
+fdt_params-system_params = system_params;
+fdt_params-binfo = vbi-bootinfo;
+fdt_params-intc = /intc;
+arm_register_platform_bus_fdt_creator(fdt_params);
+
+dev = qdev_create(NULL, TYPE_PLATFORM_BUS_DEVICE);
+dev-id =
[Qemu-devel] [RFC PATCH 3/7] hw/arm/virt-acpi: Generate RSDP and XSDT, add helper functions
RSDP points to XSDT which in turn points to other tables.
In the case of RSDP things are straightforward as we can point
to XSDT just by adding the binary blob base address plus the size
of RSDP.
For XSDT we traverse the table array and point every other table
by calculating their size (exception being FACS and DSDT which
are pointed from FADT).
Finally implement a common header and checksum helper functions
for usage in all generated ACPI tables.
Signed-off-by: Alexander Spyridakis a.spyrida...@virtualopensystems.com
Signed-off-by: Alvise Rigo a.r...@virtualopensystems.com
---
hw/arm/virt-acpi.c | 93 +++--
include/hw/acpi/acpi-defs.h | 9 +
include/hw/arm/virt-acpi.h | 6 +++
3 files changed, 104 insertions(+), 4 deletions(-)
diff --git a/hw/arm/virt-acpi.c b/hw/arm/virt-acpi.c
index 5c8df45..0d7bb99 100644
--- a/hw/arm/virt-acpi.c
+++ b/hw/arm/virt-acpi.c
@@ -21,16 +21,101 @@
static void *acpi_table[NUM_ACPI_TABLES];
static int acpi_size[NUM_ACPI_TABLES];
+/*
+ * Many of the ACPI tables use the same header structure
+ * This is a common function to fill such information.
+ */
+static void acpi_fill_common_header_data(void *table, const char *signature,
+ uint8_t revision, int length)
+{
+AcpiTableHeader *h = (AcpiTableHeader *)table;
+
+memcpy(h-signature, signature, sizeof(h-signature));
+memcpy(h-oem_id, ACPI_VIRT_QEMU_STR_4, sizeof(h-oem_id));
+memcpy(h-oem_table_id, ACPI_VIRT_MACH_STR_8, sizeof(h-oem_table_id));
+h-revision = revision;
+h-length = cpu_to_le32(length);
+}
+
+/*
+ * Called at the very end of an ACPI table.
+ * Adding all the data bytes, plus the checksum should equal to zero.
+ */
+static void acpi_do_checksum(void *table, uint32_t length, uint8_t *checksum)
+{
+uint8_t sum, *ptr;
+
+sum = 0;
+ptr = table;
+
+*checksum = 0;
+while (length--) {
+sum = (uint8_t)(sum + (*ptr++));
+}
+
+ptr = table;
+*checksum = (uint8_t) (0xff - sum + 1);
+}
+
static void acpi_create_rsdp(void)
{
-acpi_table[RSDP] = NULL;
-acpi_size[RSDP] = 0;
+AcpiRsdpDescriptor *rsdp;
+
+rsdp = g_malloc0(sizeof(*rsdp));
+
+/* Set table header information */
+memcpy(rsdp-signature, RSD PTR , sizeof(rsdp-signature));
+memcpy(rsdp-oem_id, ACPI_VIRT_QEMU_STR_6, sizeof(rsdp-oem_id));
+rsdp-length = cpu_to_le32(sizeof(*rsdp));
+rsdp-revision = 0x02;
+
+/* Point to XSDT */
+rsdp-xsdt_physical_address = cpu_to_le64(ACPI_BASE_ADDRESS +
rsdp-length);
+
+/* Calculate normal and extended checksum */
+acpi_do_checksum(rsdp,
+offsetof(AcpiRsdpDescriptor, length), rsdp-checksum);
+acpi_do_checksum(rsdp, rsdp-length, rsdp-extended_checksum);
+
+acpi_table[RSDP] = (void *)rsdp;
+acpi_size[RSDP] = rsdp-length;
}
static void acpi_create_xsdt(void)
{
-acpi_table[XSDT] = NULL;
-acpi_size[XSDT] = 0;
+AcpiXsdtDescriptor *xsdt;
+int i, xsdt_size;
+
+/*
+ * The final size of XSDT is the table size plus the number
+ * of pointed tables multiplied by the table_offset_entry size.
+ *
+ * The initial xsdt table size already includes one pointed table and
+ * assuming that FADT is the last pointed table we can calculate the
+ * total based on that.
+ */
+xsdt_size = sizeof(*xsdt) +
+((FADT - (XSDT + 1)) * sizeof(xsdt-table_offset_entry));
+xsdt = g_malloc0(xsdt_size);
+
+/* Set table header information */
+acpi_fill_common_header_data(xsdt, XSDT, 1, xsdt_size);
+
+/* Point first table included by default in the xsdt structure */
+xsdt-table_offset_entry[0] = cpu_to_le64(
+ACPI_BASE_ADDRESS + acpi_size[RSDP] + xsdt-length);
+
+/* Point all other tables (excluding FACS and DSDT) */
+for (i = XSDT; i FADT - 1; i++) {
+xsdt-table_offset_entry[i] =
+xsdt-table_offset_entry[i - 1] + acpi_size[i + 1];
+}
+
+/* Calculate checksum */
+acpi_do_checksum(xsdt, xsdt-length, xsdt-checksum);
+
+acpi_table[XSDT] = (void *)xsdt;
+acpi_size[XSDT] = xsdt-length;
}
static void acpi_create_madt(uint32_t smp_cpus,
diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
index c4468f8..779f872 100644
--- a/include/hw/acpi/acpi-defs.h
+++ b/include/hw/acpi/acpi-defs.h
@@ -88,6 +88,15 @@ struct AcpiTableHeader /* ACPI common table header */
typedef struct AcpiTableHeader AcpiTableHeader;
/*
+ * Extended System Description Table (XSDT)
+ */
+struct AcpiXsdtDescriptor {
+ACPI_TABLE_HEADER_DEF
+uint64_t table_offset_entry[1]; /* Array of pointers to ACPI tables */
+} QEMU_PACKED;
+typedef struct AcpiXsdtDescriptor AcpiXsdtDescriptor;
+
+/*
* ACPI 1.0 Fixed ACPI Description Table (FADT)
*/
struct AcpiFadtDescriptorRev1
diff --git a/include/hw/arm/virt-acpi.h b/include/hw/arm/virt-acpi.h
index 5098118..66a73eb 100644
--- a/include/hw/arm/virt-acpi.h
Re: [Qemu-devel] [PATCH] hw/arm/realview.c: Fix memory leak in realview_init()
On 2014-10-29 19:03, Peter Maydell wrote:
On 29 October 2014 14:03, Nikita Belov zod...@ispras.ru wrote:
Variable 'ram_lo' is allocated unconditionally, but used only in some
cases.
When it is unused pointer will be lost at function exit, resulting in
a
memory leak. Free memory in this case.
Valgrind output:
==16879== 240 bytes in 1 blocks are definitely lost in loss record
6,033 of 7,018
==16879==at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16879==by 0x33D2CE: malloc_and_trace (vl.c:2804)
==16879==by 0x509E610: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==16879==by 0x288836: realview_init (realview.c:55)
==16879==by 0x28988C: realview_pb_a8_init (realview.c:375)
==16879==by 0x341426: main (vl.c:4413)
Signed-off-by: Nikita Belov zod...@ispras.ru
---
hw/arm/realview.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/arm/realview.c b/hw/arm/realview.c
index af65aa4..673a540 100644
--- a/hw/arm/realview.c
+++ b/hw/arm/realview.c
@@ -141,6 +141,8 @@ static void realview_init(MachineState *machine,
error_abort);
vmstate_register_ram_global(ram_lo);
memory_region_add_subregion(sysmem, 0x2000, ram_lo);
+} else {
+g_free(ram_lo);
}
memory_region_init_ram(ram_hi, NULL, realview.highmem,
ram_size,
We leak all of the MemoryRegions we allocate here, because we
don't have a persistent state struct to keep them in. This
doesn't really matter much because they're generally needed
for the lifetime of the QEMU process anyway, and we only call
board init functions once. So why worry about ram_lo in
particular (and why this board in particular)?
thanks
-- PMM
Indeed, generally we need memory regions for the lifetime of QEMU, but
'mem_lo'
is different. It may not be used at all. We use 'ram_lo' only when a
condition is
true, in other case we will lose this pointer. Because of that if the
condition is
false we have memory leak immediately (not when QEMU exits).
Semantically the touched code looks like this:
if (/* condition */) {
/* ... */
memory_region_init_ram(ram_lo, NULL, realview.lowmem,
low_ram_size);
vmstate_register_ram_global(ram_lo);
memory_region_add_subregion(sysmem, 0x2000, ram_lo);
+ } else {
+ g_free(ram_lo);
}
/* ram_lo is not used any more */
and why this board in particular?
I just memory leak where I found it.
[Qemu-devel] [PATCH v4 4/6] hw/arm: add a new modify_dtb_opaque field in arm_boot_info
This field can be used by any modify_dtb() function to pass
additional arguments requested to build the modified dtb. This
is needed for creating the platform bus dynamic sysbus nodes.
Signed-off-by: Eric Auger eric.au...@linaro.org
---
include/hw/arm/arm.h | 4
1 file changed, 4 insertions(+)
diff --git a/include/hw/arm/arm.h b/include/hw/arm/arm.h
index 5f1ecb7..ff776fa 100644
--- a/include/hw/arm/arm.h
+++ b/include/hw/arm/arm.h
@@ -68,6 +68,10 @@ struct arm_boot_info {
hwaddr dtb_start; /* start address of the dtb */
hwaddr dtb_limit; /* upper RAM limit the dtb cannot overshoot */
hwaddr entry;
+/* in case modify_dtb requires additional parameters to create the
+ * the new nodes, use following opaque
+ */
+void *modify_dtb_opaque;
};
void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info);
int arm_load_dtb(const struct arm_boot_info *binfo);
--
1.8.3.2
[Qemu-devel] [PATCH 0/2] tap: add cleanup logic avoiding leaking fd
From: Gonglei arei.gong...@huawei.com Gonglei (2): tap: remove close(fd) tap: fix possible fd leak net/tap.c | 13 + 1 file changed, 9 insertions(+), 4 deletions(-) -- 1.7.12.4
Re: [Qemu-devel] [PATCH 5/5] target-arm/translate.c: Don't pass CPUARMState * to disas_arm_insn()
Peter Maydell peter.mayd...@linaro.org writes:
Refactor to avoid passing a CPUARMState * to disas_arm_insn(). To do this
we move the read insn from memory code to the callsite and pass the
insn to the function instead.
snip
-static void disas_arm_insn(CPUARMState * env, DisasContext *s)
+static void disas_arm_insn(DisasContext *s, unsigned int insn)
I note that in the aarch64 code we used the unambiguous uint32_t for the
insn type. I'm hard pressed to imagine it actually breaking anything
though.
{
-unsigned int cond, insn, val, op1, i, shift, rm, rs, rn, rd, sh;
+unsigned int cond, val, op1, i, shift, rm, rs, rn, rd, sh;
TCGv_i32 tmp;
TCGv_i32 tmp2;
TCGv_i32 tmp3;
TCGv_i32 addr;
TCGv_i64 tmp64;
-insn = arm_ldl_code(env, s-pc, s-bswap_code);
-s-pc += 4;
-
/* M variants do not implement ARM mode. */
if (arm_dc_feature(s, ARM_FEATURE_M)) {
goto illegal_op;
@@ -11199,7 +11196,9 @@ static inline void
gen_intermediate_code_internal(ARMCPU *cpu,
}
}
} else {
-disas_arm_insn(env, dc);
+unsigned int insn = arm_ldl_code(env, dc-pc, dc-bswap_code);
+dc-pc += 4;
+disas_arm_insn(dc, insn);
}
if (dc-condjmp !dc-is_jmp) {
Anyway looks fine:
Reviewed-by: Alex Bennée alex.ben...@linaro.org
--
Alex Bennée
[Qemu-devel] [PATCH 2/2] tap: fix possible fd leak
From: Gonglei arei.gong...@huawei.com
In hotplugging scenario, taking those true branch, the file
handler do not be closed. Adding cleanup logic for them.
Signed-off-by: Gonglei arei.gong...@huawei.com
---
net/tap.c | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/net/tap.c b/net/tap.c
index 7bcd4c7..3cfbee8 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -796,7 +796,7 @@ int net_init_tap(const NetClientOptions *opts, const char
*name,
if (net_init_tap_one(tap, peer, bridge, name, ifname,
script, downscript, vhostfdname,
vnet_hdr, fd)) {
-return -1;
+goto fail;
}
} else {
if (tap-has_vhostfds) {
@@ -823,7 +823,7 @@ int net_init_tap(const NetClientOptions *opts, const char
*name,
if (queues 1 i == 0 !tap-has_ifname) {
if (tap_fd_get_ifname(fd, ifname)) {
error_report(Fail to get ifname);
-return -1;
+goto fail;
}
}
@@ -831,12 +831,18 @@ int net_init_tap(const NetClientOptions *opts, const char
*name,
i = 1 ? no : script,
i = 1 ? no : downscript,
vhostfdname, vnet_hdr, fd)) {
-return -1;
+goto fail;
}
}
}
return 0;
+
+fail:
+if (fd != -1) {
+close(fd);
+}
+return -1;
}
VHostNetState *tap_get_vhost_net(NetClientState *nc)
--
1.7.12.4
Re: [Qemu-devel] [RFC PATCH 0/7] hw/arm/virt: Dynamic ACPI v5.1 table generation
On 30 October 2014 17:43, Alexander Spyridakis a.spyrida...@virtualopensystems.com wrote: Currently, the virt machine model generates Device Tree information dynamically based on the existing devices in the system. This patch series extends the same concept but for ACPI information instead. A total of seven tables have been implemented in this patch series, which is the minimum for a basic ARM support. The set of generated tables are: - RSDP - XSDT - MADT - GTDT - FADT - FACS - DSDT The tables are created in standalone buffers, taking into account the needed information passed from the virt machine model. When the generation is finalized, the individual buffers are compacted to a single ACPI binary blob, where it is injected on the guest memory space in a fixed location. The guest kernel can find the ACPI tables by providing to it the physical address of the ACPI blob (e.g. acpi_rsdp=0x4700 boot argument). (Sorry, I should have waited for the cover letter to arrive before replying.) I think this is definitely the wrong approach. We already have to generate device tree information for the hardware we have, and having an equivalent parallel infrastructure for generating ACPI as well seems like it would be a tremendous mess. We should support guests that require ACPI by having QEMU boot a UEFI bios blob and have that UEFI code generate ACPI tables based on the DTB we hand it. (Chances seem good that any guest that wants ACPI is going to want UEFI runtime services anyway.) thanks -- PMM
Re: [Qemu-devel] [PATCH 3/4] pidfile: stop making pidfile error a special case
31.10.2014 10:58, Gonglei wrote: On 2014/10/31 15:41, Michael Tokarev wrote: [] +exit(len == 1 status == 0 ? 0 : 1); ...it is checked here, note the 'len == 1' part of the condition. If len != 1, the original code exit with 1, after your changes, it will exit with 0. Right? with len != 1, the condition 'len == 1 status == 0 ? 0 : 1' Ok. That's will be great if you can modify it to (len == 1 status == 0 ) ? 0 : 1 Well, ? operator has lowest precedence in C, and || is higher, and == is even higher. That's the basic rules of the language. So I don't really see why... ;) The comment however should clear all confusion, hopefully. evaluates to 1. Maybe I can add a comment here: +/* only exit successfully if our child actually + * wrote a one-byte zero to our pipe */ +exit(len == 1 status == 0 ? 0 : 1); See the result at http://git.corpit.ru/?p=qemu.git;a=shortlog;h=refs/heads/trivial-patches-next
[Qemu-devel] [PATCH 1/2] migration: Implement a multiple compress threads feature to accelerate live migration
From: Li Liang liang.z...@intel.com
Instead of sending the guest memory directly, this solution compress the
ram page before sending, after receiving, the data will be decompressed.
This feature can help to reduce the data transferred about 60%, this
is very useful when the network bandwidth is limited, and the migration
time can also be reduced about 80%. The feature is off by default,
fllowing the document docs/multiple-compression-threads.txt for
information to use it.
Signed-off-by: Li Liang liang.z...@intel.com
---
arch_init.c | 435 --
hmp-commands.hx | 56 ++
hmp.c | 57 ++
hmp.h | 6 +
include/migration/migration.h | 12 +-
include/migration/qemu-file.h | 1 +
migration.c | 99 ++
monitor.c | 21 ++
qapi-schema.json | 84 +++-
qmp-commands.hx | 131 +
10 files changed, 886 insertions(+), 16 deletions(-)
diff --git a/arch_init.c b/arch_init.c
index 88a5ba0..04730a7 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -24,6 +24,7 @@
#include stdint.h
#include stdarg.h
#include stdlib.h
+#include zlib.h
#ifndef _WIN32
#include sys/types.h
#include sys/mman.h
@@ -126,6 +127,7 @@ static uint64_t bitmap_sync_count;
#define RAM_SAVE_FLAG_CONTINUE 0x20
#define RAM_SAVE_FLAG_XBZRLE 0x40
/* 0x80 is reserved in migration.h start with 0x100 next */
+#define RAM_SAVE_FLAG_COMPRESS_PAGE0x100
static struct defconfig_file {
const char *filename;
@@ -332,6 +334,177 @@ static uint64_t migration_dirty_pages;
static uint32_t last_version;
static bool ram_bulk_stage;
+#define COMPRESS_BUF_SIZE (TARGET_PAGE_SIZE + 16)
+#define MIG_BUF_SIZE (COMPRESS_BUF_SIZE + 256 + 16)
+struct MigBuf {
+int buf_index;
+uint8_t buf[MIG_BUF_SIZE];
+};
+
+typedef struct MigBuf MigBuf;
+
+static void migrate_put_byte(MigBuf *f, int v)
+{
+f-buf[f-buf_index] = v;
+f-buf_index++;
+}
+
+static void migrate_put_be16(MigBuf *f, unsigned int v)
+{
+migrate_put_byte(f, v 8);
+migrate_put_byte(f, v);
+}
+
+static void migrate_put_be32(MigBuf *f, unsigned int v)
+{
+migrate_put_byte(f, v 24);
+migrate_put_byte(f, v 16);
+migrate_put_byte(f, v 8);
+migrate_put_byte(f, v);
+}
+
+static void migrate_put_be64(MigBuf *f, uint64_t v)
+{
+migrate_put_be32(f, v 32);
+migrate_put_be32(f, v);
+}
+
+static void migrate_put_buffer(MigBuf *f, const uint8_t *buf, int size)
+{
+int l;
+
+while (size 0) {
+l = MIG_BUF_SIZE - f-buf_index;
+if (l size) {
+l = size;
+}
+memcpy(f-buf + f-buf_index, buf, l);
+f-buf_index += l;
+buf += l;
+size -= l;
+}
+}
+
+static size_t migrate_save_block_hdr(MigBuf *f, RAMBlock *block,
+ram_addr_t offset, int cont, int flag)
+{
+size_t size;
+
+migrate_put_be64(f, offset | cont | flag);
+size = 8;
+
+if (!cont) {
+migrate_put_byte(f, strlen(block-idstr));
+migrate_put_buffer(f, (uint8_t *)block-idstr,
+strlen(block-idstr));
+size += 1 + strlen(block-idstr);
+}
+return size;
+}
+
+static int migrate_qemu_add_compress(MigBuf *f, const uint8_t *p,
+int size, int level)
+{
+uLong blen = COMPRESS_BUF_SIZE;
+if (compress2(f-buf + f-buf_index + sizeof(int), blen, (Bytef *)p,
+size, level) != Z_OK) {
+printf(compress failed!\n);
+return 0;
+}
+migrate_put_be32(f, blen);
+f-buf_index += blen;
+return blen + sizeof(int);
+}
+
+enum {
+COM_DONE = 0,
+COM_START,
+};
+
+static int compress_thread_count = 1;
+static int decompress_thread_count = 1;
+
+struct compress_param {
+int state;
+MigBuf migbuf;
+RAMBlock *block;
+ram_addr_t offset;
+bool last_stage;
+int ret;
+int bytes_sent;
+uint8_t *p;
+int cont;
+bool bulk_stage;
+};
+
+typedef struct compress_param compress_param;
+compress_param *comp_param;
+
+struct decompress_param {
+int state;
+void *des;
+uint8 compbuf[COMPRESS_BUF_SIZE];
+int len;
+};
+typedef struct decompress_param decompress_param;
+
+static decompress_param *decomp_param;
+bool incomming_migration_done;
+static bool quit_thread;
+
+static int save_compress_ram_page(compress_param *param);
+
+
+static void *do_data_compress(void *opaque)
+{
+compress_param *param = opaque;
+while (!quit_thread) {
+if (param-state == COM_START) {
+save_compress_ram_page(param);
+param-state = COM_DONE;
+ } else {
+ g_usleep(1);
+ }
+}
+
+return NULL;
+}
+
+
+void migrate_compress_threads_join(MigrationState *s)
+{
+int i;
+if (!migrate_use_compress()) {
+return;
+}
+quit_thread = true;
+for (i = 0; i compress_thread_count; i++) {
+
Re: [Qemu-devel] [PATCH 2/5] target-arm/translate.c: Use arm_dc_feature() rather than arm_feature()
Peter Maydell peter.mayd...@linaro.org writes:
Use arm_dc_feature() rather than arm_feature() to avoid using
CPUARMState unnecessarily.
Signed-off-by: Peter Maydell peter.mayd...@linaro.org
Reviewed-by: Alex Bennée alex.ben...@linaro.org
---
target-arm/translate.c | 140
-
1 file changed, 80 insertions(+), 60 deletions(-)
diff --git a/target-arm/translate.c b/target-arm/translate.c
index f69e5ef..08ce5b0 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -2619,7 +2619,7 @@ static int disas_dsp_insn(CPUARMState *env,
DisasContext *s, uint32_t insn)
#define VFP_SREG(insn, bigbit, smallbit) \
((VFP_REG_SHR(insn, bigbit - 1) 0x1e) | (((insn) (smallbit)) 1))
#define VFP_DREG(reg, insn, bigbit, smallbit) do { \
-if (arm_feature(env, ARM_FEATURE_VFP3)) { \
+if (arm_dc_feature(s, ARM_FEATURE_VFP3)) { \
reg = (((insn) (bigbit)) 0x0f) \
| (((insn) ((smallbit) - 4)) 0x10); \
} else { \
@@ -2970,7 +2970,7 @@ static int disas_vfp_v8_insn(CPUARMState *env,
DisasContext *s, uint32_t insn)
{
uint32_t rd, rn, rm, dp = extract32(insn, 8, 1);
-if (!arm_feature(env, ARM_FEATURE_V8)) {
+if (!arm_dc_feature(s, ARM_FEATURE_V8)) {
return 1;
}
@@ -3010,8 +3010,9 @@ static int disas_vfp_insn(CPUARMState * env,
DisasContext *s, uint32_t insn)
TCGv_i32 tmp;
TCGv_i32 tmp2;
-if (!arm_feature(env, ARM_FEATURE_VFP))
+if (!arm_dc_feature(s, ARM_FEATURE_VFP)) {
return 1;
+}
/* FIXME: this access check should not take precedence over UNDEF
* for invalid encodings; we will generate incorrect syndrome information
@@ -3055,8 +3056,9 @@ static int disas_vfp_insn(CPUARMState * env,
DisasContext *s, uint32_t insn)
if (insn 0xf)
return 1;
if (insn 0x00c00060
- !arm_feature(env, ARM_FEATURE_NEON))
+ !arm_dc_feature(s, ARM_FEATURE_NEON)) {
return 1;
+}
pass = (insn 21) 1;
if (insn (1 22)) {
@@ -3151,8 +3153,9 @@ static int disas_vfp_insn(CPUARMState * env,
DisasContext *s, uint32_t insn)
VFP3 restricts all id registers to privileged
accesses. */
if (IS_USER(s)
- arm_feature(env, ARM_FEATURE_VFP3))
+ arm_dc_feature(s, ARM_FEATURE_VFP3)) {
return 1;
+}
tmp = load_cpu_field(vfp.xregs[rn]);
break;
case ARM_VFP_FPEXC:
@@ -3164,8 +3167,9 @@ static int disas_vfp_insn(CPUARMState * env,
DisasContext *s, uint32_t insn)
case ARM_VFP_FPINST2:
/* Not present in VFP3. */
if (IS_USER(s)
-|| arm_feature(env, ARM_FEATURE_VFP3))
+|| arm_dc_feature(s, ARM_FEATURE_VFP3)) {
return 1;
+}
tmp = load_cpu_field(vfp.xregs[rn]);
break;
case ARM_VFP_FPSCR:
@@ -3178,15 +3182,16 @@ static int disas_vfp_insn(CPUARMState * env,
DisasContext *s, uint32_t insn)
}
break;
case ARM_VFP_MVFR2:
-if (!arm_feature(env, ARM_FEATURE_V8)) {
+if (!arm_dc_feature(s, ARM_FEATURE_V8)) {
return 1;
}
/* fall through */
case ARM_VFP_MVFR0:
case ARM_VFP_MVFR1:
if (IS_USER(s)
-|| !arm_feature(env, ARM_FEATURE_MVFR))
+|| !arm_dc_feature(s, ARM_FEATURE_MVFR)) {
return 1;
+}
tmp = load_cpu_field(vfp.xregs[rn]);
break;
default:
@@ -3367,8 +3372,8 @@ static int disas_vfp_insn(CPUARMState * env,
DisasContext *s, uint32_t insn)
* UNPREDICTABLE if bit 8 is set prior to ARMv8
* (we choose to UNDEF)
*/
-if ((dp !arm_feature(env, ARM_FEATURE_V8)) ||
-!arm_feature(env, ARM_FEATURE_VFP_FP16)) {
+if ((dp !arm_dc_feature(s, ARM_FEATURE_V8)) ||
+!arm_dc_feature(s, ARM_FEATURE_VFP_FP16)) {
[Qemu-devel] [RFC PATCH 4/7] hw/arm/virt-acpi: Generate FACS and FADT, update ACPI headers
FADT points to FACS and DSDT and additionally, in the case of mach
virt, it is also used to set the Hardware Reduced bit and enable PSCI
SMP booting through HVC. For FACS the table is created as a mockup,
as with the Hardware Reduced bit set it will not be used.
Update the header definitions for FADT and FACS taking into account
the new additions of ACPI v5.1 in `include/hw/acpi/acpi-defs.h`
Signed-off-by: Alexander Spyridakis a.spyrida...@virtualopensystems.com
Signed-off-by: Alvise Rigo a.r...@virtualopensystems.com
---
hw/arm/virt-acpi.c | 41 +++--
include/hw/acpi/acpi-defs.h | 141 ++--
2 files changed, 134 insertions(+), 48 deletions(-)
diff --git a/hw/arm/virt-acpi.c b/hw/arm/virt-acpi.c
index 0d7bb99..aca0434 100644
--- a/hw/arm/virt-acpi.c
+++ b/hw/arm/virt-acpi.c
@@ -133,14 +133,47 @@ static void acpi_create_gtdt(const struct acpi_gtdt_info
*irqs)
static void acpi_create_fadt(void)
{
-acpi_table[FADT] = NULL;
-acpi_size[FADT] = 0;
+AcpiFacpDescriptorRev5_1 *fadt;
+hwaddr facs_offset;
+int i;
+
+fadt = g_malloc0(sizeof(*fadt));
+acpi_fill_common_header_data(fadt, FACP, 5, sizeof(*fadt));
+
+/* Hardware Reduced = 1 and use PSCI 0.2+ and with HVC */
+fadt-flags = cpu_to_le32(1 ACPI_FADT_F_HW_REDUCED_ACPI);
+fadt-arm_boot_flags = cpu_to_le16((1 ACPI_FADT_ARM_USE_PSCI_G_0_2) |
+ (1 ACPI_FADT_ARM_PSCI_USE_HVC));
+
+/* ACPI v5.1 (fadt-revision.fadt-minor_revision) */
+fadt-minor_revision = 0x1;
+
+acpi_size[FADT] = fadt-length;
+
+/* Calculate FACS and DSDT table offsets */
+for (i = RSDP, facs_offset = 0; i FACS; ++i) {
+facs_offset += acpi_size[i];
+}
+fadt-Xfacs = cpu_to_le64(ACPI_BASE_ADDRESS + facs_offset);
+fadt-Xdsdt = cpu_to_le64(fadt-Xfacs + acpi_size[FACS]);
+
+acpi_do_checksum(fadt, fadt-length, fadt-checksum);
+
+acpi_table[FADT] = (void *)fadt;
}
static void acpi_create_facs(void)
{
-acpi_table[FACS] = NULL;
-acpi_size[FACS] = 0;
+AcpiFacsDescriptorRev5_1 *facs;
+
+facs = g_malloc0(sizeof(*facs));
+
+memcpy(facs-signature, FACS, sizeof(facs-signature));
+facs-length = cpu_to_le32(sizeof(*facs));
+facs-version = 0x02;
+
+acpi_table[FACS] = (void *)facs;
+acpi_size[FACS] = facs-length;
}
static void acpi_create_dsdt(int smp_cpus, const struct acpi_dsdt_info *info)
diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
index 779f872..ebbd2d0 100644
--- a/include/hw/acpi/acpi-defs.h
+++ b/include/hw/acpi/acpi-defs.h
@@ -97,46 +97,49 @@ struct AcpiXsdtDescriptor {
typedef struct AcpiXsdtDescriptor AcpiXsdtDescriptor;
/*
- * ACPI 1.0 Fixed ACPI Description Table (FADT)
+ * ACPI Fixed ACPI Description Table (FADT)
*/
+#define ACPI_FADT_COMMON_DEF /* FADT common definition */ \
+ACPI_TABLE_HEADER_DEF/* ACPI common table header */ \
+uint32_t firmware_ctrl; /* Physical address of FACS */ \
+uint32_t dsdt; /* Physical address of DSDT */ \
+uint8_t model; /* System Interrupt Model */ \
+uint8_t reserved1; /* Reserved */ \
+uint16_t sci_int;/* System vector of SCI interrupt */ \
+uint32_t smi_cmd;/* Port address of SMI command port */ \
+uint8_t acpi_enable;/* Value to write to smi_cmd to enable
ACPI */ \
+uint8_t acpi_disable; /* Value to write to smi_cmd to disable
ACPI */ \
+uint8_t S4bios_req; /* Value to write to SMI CMD to enter
S4BIOS state */ \
+uint8_t reserved2; /* Reserved - must be zero */ \
+uint32_t pm1a_evt_blk; /* Port address of Power Mgt 1a
acpi_event Reg Blk */ \
+uint32_t pm1b_evt_blk; /* Port address of Power Mgt 1b
acpi_event Reg Blk */ \
+uint32_t pm1a_cnt_blk; /* Port address of Power Mgt 1a Control
Reg Blk */ \
+uint32_t pm1b_cnt_blk; /* Port address of Power Mgt 1b Control
Reg Blk */ \
+uint32_t pm2_cnt_blk;/* Port address of Power Mgt 2 Control
Reg Blk */ \
+uint32_t pm_tmr_blk; /* Port address of Power Mgt Timer Ctrl
Reg Blk */ \
+uint32_t gpe0_blk; /* Port addr of General Purpose
acpi_event 0 Reg Blk */ \
+uint32_t gpe1_blk; /* Port addr of General Purpose
acpi_event 1 Reg Blk */ \
+uint8_t pm1_evt_len;/* Byte length of ports at pm1_x_evt_blk
*/ \
+uint8_t pm1_cnt_len;/* Byte length of ports at pm1_x_cnt_blk
*/ \
+uint8_t pm2_cnt_len;/* Byte Length of ports at pm2_cnt_blk */
\
+uint8_t pm_tmr_len; /* Byte Length of ports at pm_tm_blk */ \
+uint8_t gpe0_blk_len; /* Byte Length of ports at gpe0_blk */ \
+uint8_t gpe1_blk_len; /* Byte Length of ports at gpe1_blk */ \
+uint8_t
[Qemu-devel] [PATCH] block: changed to proper enum type
To fix compiler warning on clang 3.4, changed to proper enum type.
Signed-off-by: SeokYeon Hwang syeon.hw...@samsung.com
---
block.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/block.c b/block.c
index 88f6d9b..50845a4 100644
--- a/block.c
+++ b/block.c
@@ -3540,10 +3540,10 @@ static void send_qmp_error_event(BlockDriverState *bs,
BlockErrorAction action,
bool is_read, int error)
{
-BlockErrorAction ac;
+IoOperationType operation;
-ac = is_read ? IO_OPERATION_TYPE_READ : IO_OPERATION_TYPE_WRITE;
-qapi_event_send_block_io_error(bdrv_get_device_name(bs), ac, action,
+operation = is_read ? IO_OPERATION_TYPE_READ : IO_OPERATION_TYPE_WRITE;
+qapi_event_send_block_io_error(bdrv_get_device_name(bs), operation, action,
bdrv_iostatus_is_enabled(bs),
error == ENOSPC, strerror(error),
error_abort);
--
2.1.0
[Qemu-devel] [PATCH v3 2/2] vfio: use kvm_resamplefds_enabled()
Use the kvm_resamplefds_enabled function
Signed-off-by: Eric Auger eric.au...@linaro.org
---
hw/misc/vfio.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c
index b5e7981..75bfa1c 100644
--- a/hw/misc/vfio.c
+++ b/hw/misc/vfio.c
@@ -406,7 +406,7 @@ static void vfio_enable_intx_kvm(VFIODevice *vdev)
if (!VFIO_ALLOW_KVM_INTX || !kvm_irqfds_enabled() ||
vdev-intx.route.mode != PCI_INTX_ENABLED ||
-!kvm_check_extension(kvm_state, KVM_CAP_IRQFD_RESAMPLE)) {
+!kvm_resamplefds_enabled()) {
return;
}
@@ -568,8 +568,7 @@ static int vfio_enable_intx(VFIODevice *vdev)
* Only conditional to avoid generating error messages on platforms
* where we won't actually use the result anyway.
*/
-if (kvm_irqfds_enabled()
-kvm_check_extension(kvm_state, KVM_CAP_IRQFD_RESAMPLE)) {
+if (kvm_irqfds_enabled() kvm_resamplefds_enabled()) {
vdev-intx.route = pci_device_route_intx_to_irq(vdev-pdev,
vdev-intx.pin);
}
--
1.8.3.2
[Qemu-devel] [Bug 921208] Re: win7/x64 installer hangs on startup with 0x0000005d.
This prob is still present in current (2.1) qemu, and it is NOT solved by -cpu kvm64,+nx -- win bluescreens the same way. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/921208 Title: win7/x64 installer hangs on startup with 0x005d. Status in QEMU: Confirmed Status in “qemu” package in Ubuntu: Triaged Bug description: hi, during booting win7/x64 installer i'm observing a bsod with 0x005d ( msdn: unsupported_processor ). used command line: qemu-system-x86_64 -m 2048 -hda w7-system.img -cdrom win7_x64.iso -boot d adding '-machine accel=kvm' instead of default tcg accel helps to boot. installed software: qemu-1.0 linux-3.2.1 glibc-2.14.1 gcc-4.6.2 hw cpu: processor : 0..7 vendor_id : GenuineIntel cpu family : 6 model : 42 model name : Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz stepping: 7 microcode : 0x14 cpu MHz : 1995.739 cache size : 6144 KB physical id : 0 siblings: 8 core id : 3 cpu cores : 4 apicid : 7 initial apicid : 7 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer xsave avx lahf_lm ida arat epb xsaveopt pln pts dts tpr_shadow vnmi flexpriority ept vpid bogomips: 3992.23 clflush size: 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/921208/+subscriptions
Re: [Qemu-devel] [PATCH RFC 01/10] pci: Convert core to realize
On Tue, 2014-10-28 at 10:38 +0100, Markus Armbruster wrote:
Gonglei arei.gong...@huawei.com writes:
On 2014/10/28 15:35, Markus Armbruster wrote:
Implement DeviceClass methods realize() and unrealize() instead of
init() and exit(). The core's initialization errors now get
propagated properly, and QMP sends them instead of an unspecific
Device initialization failed error. Unrealize can't fail, so no
change there.
PCIDeviceClass is unchanged: it still provides init() and exit().
Therefore, device models' errors are still not propagated.
Signed-off-by: Markus Armbruster arm...@redhat.com
---
hw/pci/pci.c | 91
+++-
1 file changed, 47 insertions(+), 44 deletions(-)
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index cd7a403..aef95c3 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
[...]
void pci_register_bar(PCIDevice *pci_dev, int region_num,
@@ -1742,10 +1747,11 @@ PCIDevice *pci_find_device(PCIBus *bus, int
bus_num, uint8_t devfn)
return bus-devices[devfn];
}
-static int pci_qdev_init(DeviceState *qdev)
+static void pci_qdev_realize(DeviceState *qdev, Error **errp)
{
PCIDevice *pci_dev = (PCIDevice *)qdev;
PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(pci_dev);
+Error *local_err = NULL;
PCIBus *bus;
int rc;
bool is_default_rom;
@@ -1758,15 +1764,16 @@ static int pci_qdev_init(DeviceState *qdev)
bus = PCI_BUS(qdev_get_parent_bus(qdev));
pci_dev = do_pci_register_device(pci_dev, bus,
object_get_typename(OBJECT(qdev)),
- pci_dev-devfn);
+ pci_dev-devfn, errp);
if (pci_dev == NULL)
-return -1;
+return;
Maybe we can use '{}' for if statement follow Qemu's coding style.
I suggest adding a trivial patch on top of Markus's series
Thanks,
Marcel
scripts/checkpatch.pl is happy with the patch as is.
I prefer to add braces only when I touch the conditional.
Naturally, I also add them when a maintainer asks me to :)
if (pc-init) {
rc = pc-init(pci_dev);
if (rc != 0) {
do_pci_unregister_device(pci_dev);
-return rc;
+error_setg(errp, Device initialization failed);
+return;
}
}
[...]
Thanks!
Re: [Qemu-devel] [PATCH 4/4] os-posix: reorder parent notification for -daemonize
On 2014/10/30 23:07, Michael Tokarev wrote: Put success parent reporting in os_setup_post() to after all other initializers which may also fail, to the very end, so more possible failure cases are reported properly to the calling process. Signed-off-by: Michael Tokarev m...@tls.msk.ru --- os-posix.c | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) Reviewed-by: Gonglei arei.gong...@huawei.com Best regards, -Gonglei
Re: [Qemu-devel] [PATCH v8 10/27] target-arm: add NSACR register
On 30 October 2014 21:28, Greg Bellows greg.bell...@linaro.org wrote:
From: Fabian Aggeler aggel...@ethz.ch
Implements NSACR register with corresponding read/write functions
for ARMv7 and ARMv8.
Signed-off-by: Sergey Fedorov s.fedo...@samsung.com
Signed-off-by: Fabian Aggeler aggel...@ethz.ch
Signed-off-by: Greg Bellows greg.bell...@linaro.org
---
v7 - v8
- Update naming from c1_nsacr to nsacr to match other registers being changed.
- Remove NSACR read/write functions
v4 - v5
- Changed to use renamed arm_current_el()
---
target-arm/cpu.h| 6 ++
target-arm/helper.c | 3 +++
2 files changed, 9 insertions(+)
diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 6bb7d39..88e22fb 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -181,6 +181,7 @@ typedef struct CPUARMState {
uint64_t c1_sys; /* System control register. */
uint64_t c1_coproc; /* Coprocessor access register. */
uint32_t c1_xscaleauxcr; /* XScale auxiliary control register. */
+uint32_t nsacr; /* Non-secure access control register. */
uint64_t ttbr0_el1; /* MMU translation table base 0. */
uint64_t ttbr1_el1; /* MMU translation table base 1. */
uint64_t c2_control; /* MMU translation table base control. */
@@ -634,6 +635,11 @@ static inline void xpsr_write(CPUARMState *env, uint32_t
val, uint32_t mask)
#define SCR_AARCH32_MASK (0x3fff ~(SCR_RW | SCR_ST))
#define SCR_AARCH64_MASK (0x3fff ~SCR_NET)
+#define NSACR_NSTRCDIS (1U 20)
+#define NSACR_RFR (1U 19)
+#define NSACR_NSASEDIS (1U 15)
+#define NSACR_NSD32DIS (1U 14)
Not sure there's much point defining bit constants we don't use
(these don't match the v8 bits anyway).
+
/* Return the current FPSCR value. */
uint32_t vfp_get_fpscr(CPUARMState *env);
void vfp_set_fpscr(CPUARMState *env, uint32_t val);
diff --git a/target-arm/helper.c b/target-arm/helper.c
index e73756d..3c12eb3 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2344,6 +2344,9 @@ static const ARMCPRegInfo el3_cp_reginfo[] = {
.cp = 15, .crn = 1, .crm = 1, .opc1 = 0, .opc2 = 0,
.access = PL3_RW, .resetvalue = 0, .writefn = scr_write,
.fieldoffset = offsetoflow32(CPUARMState, cp15.scr_el3) },
+{ .name = NSACR, .cp = 15, .crn = 1, .crm = 1, .opc1 = 0, .opc2 = 2,
+ .access = PL3_RW | PL1_R, .resetvalue = 0,
+ .fieldoffset = offsetof(CPUARMState, cp15.nsacr) },
PL1_R implies PL3_R, so you can write the access value as
PL3_W | PL1_R.
It would be good to have a comment
/* TODO: implement trapping of secure EL1 reads and writes to EL3. */
REGINFO_SENTINEL
};
--
1.8.3.2
Otherwise
Reviewed-by: Peter Maydell peter.mayd...@linaro.org
thanks
-- PMM
Re: [Qemu-devel] [PATCH 3/4] pidfile: stop making pidfile error a special case
31.10.2014 10:33, Gonglei wrote:
[]
While at it, fix wrong identation in os_daemonize().
s/identation/identification/
No, the original word was the right one.
Sorry, I can't find 'identation' both dictionary and Google.
Your meaning 'indentation'?
Damn. I missed that one. It is indentation inedeed :)
(but not identification).
[]
do {
len = read(fds[0], status, 1);
} while (len 0 errno == EINTR);
-if (len != 1) {
-exit(1);
-}
Does this check need to be removed?
Yes, because...
-else if (status == 1) {
-fprintf(stderr, Could not acquire pidfile\n);
-exit(1);
-} else {
-exit(0);
-}
-} else if (pid 0) {
-exit(1);
-}
+
+exit(len == 1 status == 0 ? 0 : 1);
...it is checked here, note the 'len == 1' part of the condition.
If len != 1, the original code exit with 1, after your changes,
it will exit with 0. Right?
with len != 1, the condition 'len == 1 status == 0 ? 0 : 1'
evaluates to 1. Maybe I can add a comment here:
+/* only exit successfully if our child actually
+ * wrote a one-byte zero to our pipe */
+exit(len == 1 status == 0 ? 0 : 1);
See the result at
http://git.corpit.ru/?p=qemu.git;a=shortlog;h=refs/heads/trivial-patches-next
Thanks,
/mjt
