aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-11-01exec.c: ensure all AddressSpaceDispatch updates under RCUAlex Bennée
The memory_dispatch field is meant to be protected by RCU so we should use the correct primitives when accessing it. This race was flagged up by the ThreadSanitizer. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20161021153418.21571-1-alex.bennee@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-11-01tests: send error_report to test logPaolo Bonzini
Implement error_vprintf to send the output of error_report to the test log. This silences test-vmstate. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1477326663-67817-3-git-send-email-pbonzini@redhat.com>
2016-11-01qemu-error: remove dependency of stubs on monitorPaolo Bonzini
Leave the implementation of error_vprintf and error_vprintf_unless_qmp (the latter now trivially wrapped by error_printf_unless_qmp) to libqemustub.a and monitor.c. This has two advantages: it lets us remove the monitor_printf and monitor_vprintf stubs, and it lets tests provide a different implementation of the functions that uses g_test_message. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1477326663-67817-2-git-send-email-pbonzini@redhat.com>
2016-11-01nbd: Use CoQueue for free_sema instead of CoMutexChanglong Xie
NBD is using the CoMutex in a way that wasn't anticipated. For example, if there are N(N=26, MAX_NBD_REQUESTS=16) nbd write requests, so we will invoke nbd_client_co_pwritev N times. ---------------------------------------------------------------------------------------- time request Actions 1 1 in_flight=1, Coroutine=C1 2 2 in_flight=2, Coroutine=C2 ... 15 15 in_flight=15, Coroutine=C15 16 16 in_flight=16, Coroutine=C16, free_sema->holder=C16, mutex->locked=true 17 17 in_flight=16, Coroutine=C17, queue C17 into free_sema->queue 18 18 in_flight=16, Coroutine=C18, queue C18 into free_sema->queue ... 26 N in_flight=16, Coroutine=C26, queue C26 into free_sema->queue ---------------------------------------------------------------------------------------- Once nbd client recieves request No.16' reply, we will re-enter C16. It's ok, because it's equal to 'free_sema->holder'. ---------------------------------------------------------------------------------------- time request Actions 27 16 in_flight=15, Coroutine=C16, free_sema->holder=C16, mutex->locked=false ---------------------------------------------------------------------------------------- Then nbd_coroutine_end invokes qemu_co_mutex_unlock what will pop coroutines from free_sema->queue's head and enter C17. More free_sema->holder is C17 now. ---------------------------------------------------------------------------------------- time request Actions 28 17 in_flight=16, Coroutine=C17, free_sema->holder=C17, mutex->locked=true ---------------------------------------------------------------------------------------- In above scenario, we only recieves request No.16' reply. As time goes by, nbd client will almostly recieves replies from requests 1 to 15 rather than request 17 who owns C17. In this case, we will encounter assert "mutex->holder == self" failed since Kevin's commit 0e438cdc "coroutine: Let CoMutex remember who holds it". For example, if nbd client recieves request No.15' reply, qemu will stop unexpectedly: ---------------------------------------------------------------------------------------- time request Actions 29 15(most case) in_flight=15, Coroutine=C15, free_sema->holder=C17, mutex->locked=false ---------------------------------------------------------------------------------------- Per Paolo's suggestion "The simplest fix is to change it to CoQueue, which is like a condition variable", this patch replaces CoMutex with CoQueue. Cc: Wen Congyang <wency@cn.fujitsu.com> Reported-by: zhanghailiang <zhang.zhanghailiang@huawei.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Changlong Xie <xiecl.fnst@cn.fujitsu.com> Message-Id: <1476267508-19499-1-git-send-email-xiecl.fnst@cn.fujitsu.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-11-01checkpatch: tweak "struct should normally be const" warningPaolo Bonzini
Avoid triggering on typedef struct BlockJobDriver BlockJobDriver; or struct BlockJobDriver { Cc: John Snow <jsnow@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-11-01Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into stagingPeter Maydell
This pull request mostly contains some more fixes to prevent buggy guests from breaking QEMU. # gpg: Signature made Tue 01 Nov 2016 11:26:42 GMT # gpg: using DSA key 0x02FC3AEB0101DBC2 # gpg: Good signature from "Greg Kurz <groug@kaod.org>" # gpg: aka "Greg Kurz <groug@free.fr>" # gpg: aka "Greg Kurz <gkurz@fr.ibm.com>" # gpg: aka "Greg Kurz <gkurz@linux.vnet.ibm.com>" # gpg: aka "Gregory Kurz (Groug) <groug@free.fr>" # gpg: aka "Gregory Kurz (Cimai Technology) <gkurz@cimai.com>" # gpg: aka "Gregory Kurz (Meiosys Technology) <gkurz@meiosys.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 2BD4 3B44 535E C0A7 9894 DBA2 02FC 3AEB 0101 DBC2 * remotes/gkurz/tags/for-upstream: 9pfs: drop excessive error message from virtfs_reset() 9pfs: don't BUG_ON() if fid is already opened 9pfs: xattrcreate requires non-opened fids 9pfs: limit xattr size in xattrcreate 9pfs: fix integer overflow issue in xattr read/write 9pfs: convert 'len/copied_len' field in V9fsXattr to the type of uint64_t 9pfs: add xattrwalk_fid field in V9fsXattr struct Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-11-01Merge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2016-10-31-tag' ↵Peter Maydell
into staging qemu-ga patch queue for 2.8 * add guest-fstrim support for w32 * add support for using virtio-vsock as the communication channel # gpg: Signature made Tue 01 Nov 2016 00:55:40 GMT # gpg: using RSA key 0x3353C9CEF108B584 # gpg: Good signature from "Michael Roth <flukshun@gmail.com>" # gpg: aka "Michael Roth <mdroth@utexas.edu>" # gpg: aka "Michael Roth <mdroth@linux.vnet.ibm.com>" # Primary key fingerprint: CEAC C9E1 5534 EBAB B82D 3FA0 3353 C9CE F108 B584 * remotes/mdroth/tags/qga-pull-2016-10-31-tag: qga: add vsock-listen method sockets: add AF_VSOCK support qga: drop unnecessary GA_CHANNEL_UNIX_LISTEN checks qga: drop unused sockaddr in accept(2) call qga: minimal support for fstrim for Windows guests Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-11-01Merge remote-tracking branch 'remotes/rth/tags/pull-sparc-20161031-2' into ↵Peter Maydell
staging target-sparc updates for atomics and alignment # gpg: Signature made Mon 31 Oct 2016 20:47:57 GMT # gpg: using RSA key 0xAD1270CC4DD0279B # gpg: Good signature from "Richard Henderson <rth7680@gmail.com>" # gpg: aka "Richard Henderson <rth@redhat.com>" # gpg: aka "Richard Henderson <rth@twiddle.net>" # Primary key fingerprint: 9CB1 8DDA F8E8 49AD 2AFC 16A4 AD12 70CC 4DD0 279B * remotes/rth/tags/pull-sparc-20161031-2: target-sparc: Use tcg_gen_atomic_cmpxchg_tl target-sparc: Use tcg_gen_atomic_xchg_tl target-sparc: Remove MMU_MODE*_SUFFIX target-sparc: Allow 4-byte alignment on fp mem ops target-sparc: Implement ldqf and stqf inline target-sparc: Remove asi helper code handled inline target-sparc: Implement BCOPY/BFILL inline target-sparc: Implement cas_asi/casx_asi inline target-sparc: Implement ldstub_asi inline target-sparc: Implement swap_asi inline target-sparc: Handle more twinx asis target-sparc: Use MMU_PHYS_IDX for bypass asis target-sparc: Add MMU_PHYS_IDX target-sparc: Introduce cpu_raise_exception_ra target-sparc: Use overalignment flags for twinx and block asis Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-11-019pfs: drop excessive error message from virtfs_reset()Greg Kurz
The virtfs_reset() function is called either when the virtio-9p device gets reset, or when the client starts a new 9P session. In both cases, if it finds fids from a previous session, the following is printed in the monitor: 9pfs:virtfs_reset: One or more uncluncked fids found during reset For example, if a linux guest with a mounted 9P share is reset from the monitor with system_reset, the message will be printed. This is excessive since these fids are now clunked and the state is clean. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Eric Blake <eblake@redhat.com>
2016-11-019pfs: don't BUG_ON() if fid is already openedGreg Kurz
A buggy or malicious guest could pass the id of an already opened fid and cause QEMU to abort. Let's return EINVAL to the guest instead. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Eric Blake <eblake@redhat.com>
2016-11-019pfs: xattrcreate requires non-opened fidsGreg Kurz
The xattrcreate operation only makes sense on a freshly cloned fid actually, since any open state would be leaked because of the fid_type change. This is indeed what the linux kernel client does: fid = clone_fid(fid); [...] retval = p9_client_xattrcreate(fid, name, value_len, flags); This patch also reverts commit ff55e94d23ae since we are sure that a fid with type P9_FID_NONE doesn't have a previously allocated xattr. Signed-off-by: Greg Kurz <groug@kaod.org>
2016-11-019pfs: limit xattr size in xattrcreateGreg Kurz
We shouldn't allow guests to create extended attribute with arbitrary sizes. On linux hosts, the limit is XATTR_SIZE_MAX. Let's use it. Signed-off-by: Greg Kurz <groug@kaod.org>
2016-11-019pfs: fix integer overflow issue in xattr read/writeLi Qiang
The v9fs_xattr_read() and v9fs_xattr_write() are passed a guest originated offset: they must ensure this offset does not go beyond the size of the extended attribute that was set in v9fs_xattrcreate(). Unfortunately, the current code implement these checks with unsafe calculations on 32 and 64 bit values, which may allow a malicious guest to cause OOB access anyway. Fix this by comparing the offset and the xattr size, which are both uint64_t, before trying to compute the effective number of bytes to read or write. Suggested-by: Greg Kurz <groug@kaod.org> Signed-off-by: Li Qiang <liqiang6-s@360.cn> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-By: Guido Günther <agx@sigxcpu.org> Signed-off-by: Greg Kurz <groug@kaod.org>
2016-11-019pfs: convert 'len/copied_len' field in V9fsXattr to the type of uint64_tLi Qiang
The 'len' in V9fsXattr comes from the 'size' argument in setxattr() function in guest. The setxattr() function's declaration is this: int setxattr(const char *path, const char *name, const void *value, size_t size, int flags); and 'size' is treated as u64 in linux kernel client code: int p9_client_xattrcreate(struct p9_fid *fid, const char *name, u64 attr_size, int flags) So the 'len' should have an type of 'uint64_t'. The 'copied_len' in V9fsXattr is used to account for copied bytes, it should also have an type of 'uint64_t'. Suggested-by: Greg Kurz <groug@kaod.org> Signed-off-by: Li Qiang <liqiang6-s@360.cn> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: Greg Kurz <groug@kaod.org>
2016-11-019pfs: add xattrwalk_fid field in V9fsXattr structLi Qiang
Currently, 9pfs sets the 'copied_len' field in V9fsXattr to -1 to tag xattr walk fid. As the 'copied_len' is also used to account for copied bytes, this may make confusion. This patch add a bool 'xattrwalk_fid' to tag the xattr walk fid. Suggested-by: Greg Kurz <groug@kaod.org> Signed-off-by: Li Qiang <liqiang6-s@360.cn> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: Greg Kurz <groug@kaod.org>
2016-11-01Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-signed' ↵Peter Maydell
into staging Update OpenBIOS images # gpg: Signature made Mon 31 Oct 2016 20:19:53 GMT # gpg: using RSA key 0x5BC2C56FAE0F321F # gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" # Primary key fingerprint: CC62 1AB9 8E82 200D 915C C9C4 5BC2 C56F AE0F 321F * remotes/mcayland/tags/qemu-openbios-signed: Update OpenBIOS images to 1dc4f16 built from submodule. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-11-01migration: fix compiler warning on uninitialized variableJeff Cody
Some older GCC versions (e.g. 4.4.7) report a warning on an uninitialized variable for 'request', even though all possible code paths that reference 'request' will be initialized. To appease these versions, initialize the variable to 0. Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Jeff Cody <jcody@redhat.com> Reviewed-by: zhanghailiang <zhang.zhanghailiang@huawei.com> Message-id: 259818682e41b95ae60f1423b87954a3fe377639.1477950393.git.jcody@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-31qga: add vsock-listen methodStefan Hajnoczi
Add AF_VSOCK (virtio-vsock) support as an alternative to virtio-serial. $ qemu-system-x86_64 -device vhost-vsock-pci,guest-cid=3 ... (guest)# qemu-ga -m vsock-listen -p 3:1234 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2016-10-31sockets: add AF_VSOCK supportStefan Hajnoczi
Add the AF_VSOCK address family so that qemu-ga will be able to use virtio-vsock. The AF_VSOCK address family uses <cid, port> address tuples. The cid is the unique identifier comparable to an IP address. AF_VSOCK does not use name resolution so it's easy to convert between struct sockaddr_vm and strings. This patch defines a VsockSocketAddress instead of trying to piggy-back on InetSocketAddress. This is cleaner in the long run since it avoids lots of IPv4 vs IPv6 vs vsock special casing. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> * treat trailing commas as garbage when parsing (Eric Blake) * add configure check instead of checking AF_VSOCK directly Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2016-10-31qga: drop unnecessary GA_CHANNEL_UNIX_LISTEN checksStefan Hajnoczi
Throughout the code there are c->listen_channel checks which manage the listen socket file descriptor (waiting for accept(2), closing the file descriptor, etc). These checks are currently preceded by explicit c->method == GA_CHANNEL_UNIX_LISTEN checks. Explicit GA_CHANNEL_UNIX_LISTEN checks are not necessary since serial channel types do not create the listen channel (c->listen_channel). As more listen channel types are added, explicitly checking all of them becomes messy. Rely on c->listen_channel to determine whether or not a listen socket file descriptor is used. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2016-10-31qga: drop unused sockaddr in accept(2) callStefan Hajnoczi
ga_channel_listen_accept() is currently hard-coded to support only AF_UNIX because the struct sockaddr_un type is used. This function should work with any address family. Drop the sockaddr since the client address is unused and is an optional argument to accept(2). Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2016-10-31qga: minimal support for fstrim for Windows guestsDenis V. Lunev
Unfortunately, there is no public Windows API to start trimming the filesystem. The only viable way here is to call 'defrag.exe /L' for each volume. This is working since Win8 and Win2k12. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: Denis Plotnikov <dplotnikov@virtuozzo.com> CC: Michael Roth <mdroth@linux.vnet.ibm.com> CC: Stefan Weil <sw@weilnetz.de> CC: Marc-André Lureau <marcandre.lureau@gmail.com> * check g_utf16_to_utf8() return value for GError handling instead of GError directly (Marc-André) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2016-10-31target-sparc: Use tcg_gen_atomic_cmpxchg_tlRichard Henderson
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-10-31target-sparc: Use tcg_gen_atomic_xchg_tlRichard Henderson
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-10-31target-sparc: Remove MMU_MODE*_SUFFIXRichard Henderson
The functions that these generate are no longer used. Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-10-31target-sparc: Allow 4-byte alignment on fp mem opsRichard Henderson
The cpu is allowed to require stricter alignment on these 8- and 16-byte operations, and the OS is required to fix up the accesses as necessary, so the previous code was not wrong. However, we can easily handle this misalignment for all direct 8-byte operations and for direct 16-byte loads. We must retain 16-byte alignment for 16-byte stores, so that we don't have to probe for writability of a second page before performing the first of two 8-byte stores. We also retain 8-byte alignment for no-fault loads, since they are rare and it's not worth extending the helpers for this. Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-10-31target-sparc: Implement ldqf and stqf inlineRichard Henderson
At the same time, fix a problem with stqf_asi, when a write might access two pages. Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-10-31target-sparc: Remove asi helper code handled inlineRichard Henderson
Now that we never call out to helpers when direct accesses can handle an asi, remove the corresponding code in those helpers. For ldda, this removes the entire helper. Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-10-31target-sparc: Implement BCOPY/BFILL inlineRichard Henderson
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-10-31Update OpenBIOS images to 1dc4f16 built from submodule.Mark Cave-Ayland
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2016-10-31Merge remote-tracking branch ↵Peter Maydell
'remotes/ehabkost/tags/x86-and-machine-pull-request' into staging x86 and machine queue, 2016-10-31 # gpg: Signature made Mon 31 Oct 2016 18:29:18 GMT # gpg: using RSA key 0x2807936F984DC5A6 # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" # Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6 * remotes/ehabkost/tags/x86-and-machine-pull-request: target-i386: Print warning when mixing [+-]foo and foo=(on|off) tests: Remove unneeded "-vnc none" option Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-31target-i386: Print warning when mixing [+-]foo and foo=(on|off)Eduardo Habkost
Print a warning when mixing [+-]foo and foo=(on|off) in the -cpu argument in a way that will break in the future. Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-10-31Merge remote-tracking branch 'remotes/awilliam/tags/vfio-updates-20161031.0' ↵Peter Maydell
into staging VFIO updates 2016-10-31 - Replace skip_dump with ram_device to denote device memory and mark as non-direct to avoid memcpy to MMIO - fixes RTL (Alex Williamson) - Skip zero-length sparse mmaps - avoids unnecessary warning (Alex Williamson) - Clear BARs on reset so guest doesn't assume programming on return from S3 (Ido Yariv) - Enable sub-page MMIO mmaps - performance improvement for devices with smaller BARs, iff both host and guest map them to full, aligned pages (Yongji Xie) # gpg: Signature made Mon 31 Oct 2016 17:26:47 GMT # gpg: using RSA key 0x239B9B6E3BB08B22 # gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>" # gpg: aka "Alex Williamson <alex@shazbot.org>" # gpg: aka "Alex Williamson <alwillia@redhat.com>" # gpg: aka "Alex Williamson <alex.l.williamson@gmail.com>" # Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B 8A90 239B 9B6E 3BB0 8B22 * remotes/awilliam/tags/vfio-updates-20161031.0: vfio: Add support for mmapping sub-page MMIO BARs vfio/pci: fix out-of-sync BAR information on reset vfio: Handle zero-length sparse mmap ranges memory: Don't use memcpy for ram_device regions memory: Replace skip_dump flag with "ram_device" Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-31Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell
Block layer patches # gpg: Signature made Mon 31 Oct 2016 16:10:07 GMT # gpg: using RSA key 0x7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: (29 commits) qapi: allow blockdev-add for NFS block/nfs: Introduce runtime_opts in NFS block: Mention replication in BlockdevDriver enum docs qemu-iotests: test 'offset' and 'size' options in raw driver raw_bsd: add offset and size options qemu-iotests: Test the 'base-node' parameter of 'block-stream' block: Add 'base-node' parameter to the 'block-stream' command qemu-iotests: Test streaming to a Quorum child qemu-iotests: Add iotests.supports_quorum() qemu-iotests: Test block-stream and block-commit in parallel qemu-iotests: Test overlapping stream and commit operations qemu-iotests: Test block-stream operations in parallel qemu-iotests: Test streaming to an intermediate layer docs: Document how to stream to an intermediate layer block: Add QMP support for streaming to an intermediate layer block: Support streaming to an intermediate layer block: Block all intermediate nodes in commit_active_start() block: Block all nodes involved in the block-commit operation block: Check blockers in all nodes involved in a block-commit job block: Use block_job_add_bdrv() in backup_start() ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-31tests: Remove unneeded "-vnc none" optionEduardo Habkost
Some tests use the "-vnc none" option without any clear reason, making those tests break when --disable-vnc is specified on ./configure. Remove the unnecessary option. Reviewed-by: John Snow <jsnow@redhat.com> Tested-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-10-31vfio: Add support for mmapping sub-page MMIO BARsYongji Xie
Now the kernel commit 05f0c03fbac1 ("vfio-pci: Allow to mmap sub-page MMIO BARs if the mmio page is exclusive") allows VFIO to mmap sub-page BARs. This is the corresponding QEMU patch. With those patches applied, we could passthrough sub-page BARs to guest, which can help to improve IO performance for some devices. In this patch, we expand MemoryRegions of these sub-page MMIO BARs to PAGE_SIZE in vfio_pci_write_config(), so that the BARs could be passed to KVM ioctl KVM_SET_USER_MEMORY_REGION with a valid size. The expanding size will be recovered when the base address of sub-page BAR is changed and not page aligned any more in guest. And we also set the priority of these BARs' memory regions to zero in case of overlap with BARs which share the same page with sub-page BARs in guest. Signed-off-by: Yongji Xie <xyjxie@linux.vnet.ibm.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2016-10-31vfio/pci: fix out-of-sync BAR information on resetIdo Yariv
When a PCI device is reset, pci_do_device_reset resets all BAR addresses in the relevant PCIDevice's config buffer. The VFIO configuration space stays untouched, so the guest OS may choose to skip restoring the BAR addresses as they would seem intact. The PCI device may be left non-operational. One example of such a scenario is when the guest exits S3. Fix this by resetting the BAR addresses in the VFIO configuration space as well. Signed-off-by: Ido Yariv <ido@wizery.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2016-10-31vfio: Handle zero-length sparse mmap rangesAlex Williamson
As reported in the link below, user has a PCI device with a 4KB BAR which contains the MSI-X table. This seems to hit a corner case in the kernel where the region reports being mmap capable, but the sparse mmap information reports a zero sized range. It's not entirely clear that the kernel is incorrect in doing this, but regardless, we need to handle it. To do this, fill our mmap array only with non-zero sized sparse mmap entries and add an error return from the function so we can tell the difference between nr_mmaps being zero based on sparse mmap info vs lack of sparse mmap info. NB, this doesn't actually change the behavior of the device, it only removes the scary "Failed to mmap ... Performance may be slow" error message. We cannot currently create an mmap over the MSI-X table. Link: http://lists.nongnu.org/archive/html/qemu-discuss/2016-10/msg00009.html Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2016-10-31memory: Don't use memcpy for ram_device regionsAlex Williamson
With a vfio assigned device we lay down a base MemoryRegion registered as an IO region, giving us read & write accessors. If the region supports mmap, we lay down a higher priority sub-region MemoryRegion on top of the base layer initialized as a RAM device pointer to the mmap. Finally, if we have any quirks for the device (ie. address ranges that need additional virtualization support), we put another IO sub-region on top of the mmap MemoryRegion. When this is flattened, we now potentially have sub-page mmap MemoryRegions exposed which cannot be directly mapped through KVM. This is as expected, but a subtle detail of this is that we end up with two different access mechanisms through QEMU. If we disable the mmap MemoryRegion, we make use of the IO MemoryRegion and service accesses using pread and pwrite to the vfio device file descriptor. If the mmap MemoryRegion is enabled and results in one of these sub-page gaps, QEMU handles the access as RAM, using memcpy to the mmap. Using either pread/pwrite or the mmap directly should be correct, but using memcpy causes us problems. I expect that not only does memcpy not necessarily honor the original width and alignment in performing a copy, but it potentially also uses processor instructions not intended for MMIO spaces. It turns out that this has been a problem for Realtek NIC assignment, which has such a quirk that creates a sub-page mmap MemoryRegion access. To resolve this, we disable memory_access_is_direct() for ram_device regions since QEMU assumes that it can use memcpy for those regions. Instead we access through MemoryRegionOps, which replaces the memcpy with simple de-references of standard sizes to the host memory. With this patch we attempt to provide unrestricted access to the RAM device, allowing byte through qword access as well as unaligned access. The assumption here is that accesses initiated by the VM are driven by a device specific driver, which knows the device capabilities. If unaligned accesses are not supported by the device, we don't want them to work in a VM by performing multiple aligned accesses to compose the unaligned access. A down-side of this philosophy is that the xp command from the monitor attempts to use the largest available access weidth, unaware of the underlying device. Using memcpy had this same restriction, but at least now an operator can dump individual registers, even if blocks of device memory may result in access widths beyond the capabilities of a given device (RTL NICs only support up to dword). Reported-by: Thorsten Kohfeldt <thorsten.kohfeldt@gmx.de> Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-31memory: Replace skip_dump flag with "ram_device"Alex Williamson
Setting skip_dump on a MemoryRegion allows us to modify one specific code path, but the restriction we're trying to address encompasses more than that. If we have a RAM MemoryRegion backed by a physical device, it not only restricts our ability to dump that region, but also affects how we should manipulate it. Here we recognize that MemoryRegions do not change to sometimes allow dumps and other times not, so we replace setting the skip_dump flag with a new initializer so that we know exactly the type of region to which we're applying this behavior. Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-31qapi: allow blockdev-add for NFSAshijeet Acharya
Introduce new object 'BlockdevOptionsNFS' in qapi/block-core.json to support blockdev-add for NFS network protocol driver. Also make a new struct NFSServer to support tcp connection. Signed-off-by: Ashijeet Acharya <ashijeetacharya@gmail.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-10-31block/nfs: Introduce runtime_opts in NFSAshijeet Acharya
Make NFS block driver use various fine grained runtime_opts. Set .bdrv_parse_filename() to nfs_parse_filename() and introduce two new functions nfs_parse_filename() and nfs_parse_uri() to help parsing the URI. Add a new option "server" which then accepts a new struct NFSServer. Signed-off-by: Ashijeet Acharya <ashijeetacharya@gmail.com> [ kwolf: Fixed client->path ] Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-10-31block: Mention replication in BlockdevDriver enum docsEric Blake
Missed in commit 82ac554. Signed-off-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-10-31qemu-iotests: test 'offset' and 'size' options in raw driverTomáš Golembiovský
Signed-off-by: Tomáš Golembiovský <tgolembi@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-10-31raw_bsd: add offset and size optionsTomáš Golembiovský
Added two new options 'offset' and 'size'. This makes it possible to use only part of the file as a device. This can be used e.g. to limit the access only to single partition in a disk image or use a disk inside a tar archive (like OVA). When 'size' is specified we do our best to honour it. Signed-off-by: Tomáš Golembiovský <tgolembi@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-10-31qemu-iotests: Test the 'base-node' parameter of 'block-stream'Alberto Garcia
The block-stream command has traditionally used the 'base' parameter to indicate the image to copy the data from. This test checks that the 'base-node' parameter can also be used for the same purpose. Signed-off-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-10-31block: Add 'base-node' parameter to the 'block-stream' commandAlberto Garcia
The way to specify the node from which to copy data in the block-stream operation is by using the 'base' parameter. This parameter however takes a file name, not a node name. Since we want to be able to perform this operation using only node names, this patch adds a new 'base-node' parameter. Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-10-31qemu-iotests: Test streaming to a Quorum childAlberto Garcia
Quorum children are special in the sense that they're not directly attached to a block backend but they're not used as backing images either. However the intermediate block streaming code supports streaming to them. This is a test case for that scenario. Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-10-31qemu-iotests: Add iotests.supports_quorum()Alberto Garcia
There's many tests that need Quorum support in order to run. At the moment each test implements its own check to see if Quorum is enabled. This patch centralizes all those checks in a new function called iotests.supports_quorum(). Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-10-31qemu-iotests: Test block-stream and block-commit in parallelAlberto Garcia
As with test_stream_parallel(), we allow mixing block-stream and block-commit operations in the same backing chain as long as there's no overlap among the involved nodes. Signed-off-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>