aboutsummaryrefslogtreecommitdiff
path: root/exec.c
AgeCommit message (Collapse)Author
2015-04-30Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
- miscellaneous cleanups for TCG (Emilio) and NBD (Bogdan) - next part in the thread-safe address_space_* saga: atomic access to the bounce buffer and the map_clients list, from Fam - optional support for linking with tcmalloc, also from Fam - reapplying Peter Crosthwaite's "Respect as_translate_internal length clamp" after fixing the SPARC fallout. - build system fix from Wei Liu - small acpi-build and ioport cleanup by myself # gpg: Signature made Wed Apr 29 09:34:00 2015 BST using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (22 commits) nbd/trivial: fix type cast for ioctl translate-all: use bitmap helpers for PageDesc's bitmap target-i386: disable LINT0 after reset Makefile.target: prepend $libs_softmmu to $LIBS milkymist: do not modify libs-softmmu configure: Add support for tcmalloc exec: Respect as_translate_internal length clamp ioport: reserve the whole range of an I/O port in the AddressSpace ioport: loosen assertions on emulation of 16-bit ports ioport: remove wrong comment ide: there is only one data port gus: clean up MemoryRegionPortio sb16: remove useless mixer_write_indexw sun4m: fix slavio sysctrl and led register sizes acpi-build: remove dependency from ram_addr.h memory: add memory_region_ram_resize dma-helpers: Fix race condition of continue_after_map_failure and dma_aio_cancel exec: Notify cpu_register_map_client caller if the bounce buffer is available exec: Protect map_client_list with mutex linux-user, bsd-user: Remove two calls to cpu_exec_init_all ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-04-27exec: Respect as_translate_internal length clampPeter Crosthwaite
address_space_translate_internal will clamp the *plen length argument based on the size of the memory region being queried. The iommu walker logic in addresss_space_translate was ignoring this by discarding the post fn call value of *plen. Fix by just always using *plen as the length argument throughout the fn, removing the len local variable. This fixes a bootloader bug when a single elf section spans multiple QEMU memory regions. Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Message-Id: <1426570554-15940-1-git-send-email-peter.crosthwaite@xilinx.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27dma-helpers: Fix race condition of continue_after_map_failure and dma_aio_cancelFam Zheng
If DMA's owning thread cancels the IO while the bounce buffer's owning thread is notifying the "cpu client list", a use-after-free happens: continue_after_map_failure dma_aio_cancel ------------------------------------------------------------------ aio_bh_new qemu_bh_delete qemu_bh_schedule (use after free) Also, the old code doesn't run the bh in the right AioContext. Fix both problems by passing a QEMUBH to cpu_register_map_client. Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1426496617-10702-6-git-send-email-famz@redhat.com> [Remove unnecessary forward declaration. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27exec: Notify cpu_register_map_client caller if the bounce buffer is availableFam Zheng
The caller's workflow is like if (!address_space_map()) { ... cpu_register_map_client(); } If bounce buffer became available after address_space_map() but before cpu_register_map_client(), the caller could miss it and has to wait for the next bounce buffer notify, which may never happen in the worse case. Just notify the list in cpu_register_map_client(). Signed-off-by: Fam Zheng <famz@redhat.com> Message-Id: <1426496617-10702-5-git-send-email-famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27exec: Protect map_client_list with mutexFam Zheng
So that accesses from multiple threads are safe. Signed-off-by: Fam Zheng <famz@redhat.com> Message-Id: <1426496617-10702-4-git-send-email-famz@redhat.com> [Remove #if from cpu_exec_init_all. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-27exec: Atomic access to bounce bufferFam Zheng
There could be a race condition when two processes call address_space_map concurrently and both want to use the bounce buffer. Add an in_use flag in BounceBuffer to sync it. Signed-off-by: Fam Zheng <famz@redhat.com> Message-Id: <1426496617-10702-2-git-send-email-famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-04-26exec.c: Capture the memory attributes for a watchpoint hitPeter Maydell
Capture the memory attributes for the transaction which triggered a watchpoint; this allows CPU specific code to implement features like ARM's "user-mode only WPs also hit for LDRT/STRT accesses made from privileged code". This change also correctly passes through the memory attributes to the underlying device when a watchpoint access doesn't hit. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2015-04-26exec.c: Add new address_space_ld*/st* functionsPeter Maydell
Add new address_space_ld*/st* functions which allow transaction attributes and error reporting for basic load and stores. These are named to be in line with the address_space_read/write/rw buffer operations. The existing ld/st*_phys functions are now wrappers around the new functions. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2015-04-26exec.c: Make address_space_rw take transaction attributesPeter Maydell
Make address_space_rw take transaction attributes, rather than always using the 'unspecified' attributes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2015-04-26exec.c: Convert subpage memory ops to _with_attrsPeter Maydell
Convert the subpage memory ops to _with_attrs; this will allow us to pass the attributes through to the underlying access functions. (Nothing uses the attributes yet.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2015-04-26memory: Replace io_mem_read/write with memory_region_dispatch_read/writePeter Maydell
Rather than retaining io_mem_read/write as simple wrappers around the memory_region_dispatch_read/write functions, make the latter public and change all the callers to use them, since we need to touch all the callsites anyway to add MemTxAttrs and MemTxResult support. Delete io_mem_read and io_mem_write entirely. (All the callers currently pass MEMTXATTRS_UNSPECIFIED and convert the return value back to bool or ignore it.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
2015-04-01Revert "exec: Respect as_tranlsate_internal length clamp"Paolo Bonzini
This reverts commit c3c1bb99d1c11978d9ce94d1bdcf0705378c1459. It causes problems with boards that declare memory regions shorter than the registers they contain. Reported-by: Zoltan Balaton <balaton@eik.bme.hu> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-03-26exec: avoid possible overwriting of mmaped area in qemu_ram_remapPaolo Bonzini
It is not necessary to munmap an area before remapping it with MAP_FIXED; if the memory region specified by addr and len overlaps pages of any existing mapping, then the overlapped part of the existing mapping will be discarded. On the other hand, if QEMU does munmap the pages, there is a small probability that another mmap sneaks in and catches the just-freed portion of the address space. In effect, munmap followed by mmap(MAP_FIXED) is a use-after-free error, and Coverity flags it as such. Fix it. Reviewed-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-03-18exec: Respect as_tranlsate_internal length clampPeter Crosthwaite
address_space_translate_internal will clamp the *plen length argument based on the size of the memory region being queried. The iommu walker logic in addresss_space_translate was ignoring this by discarding the post fn call value of *plen. Fix by just always using *plen as the length argument throughout the fn, removing the len local variable. This fixes a bootloader bug when a single elf section spans multiple QEMU memory regions. Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Message-Id: <1426570554-15940-1-git-send-email-peter.crosthwaite@xilinx.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-03-12Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
misc fixes and cleanups A bunch of fixes all over the place, some of the bugs fixed are actually regressions. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Wed Mar 11 17:48:30 2015 GMT using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: (25 commits) virtio-scsi: remove empty wrapper for cmd virtio-scsi: clean out duplicate cdb field virtio-scsi: fix cdb/sense size uapi/virtio_scsi: allow overriding CDB/SENSE size virtio-scsi: drop duplicate CDB/SENSE SIZE exec: don't include hw/boards for linux-user acpi: specify format for build_append_namestring MAINTAINERS: drop aliguori@amazon.com tpm: Move memory subregion function into realize function virtio-pci: Convert to realize() pci: Convert pci_nic_init() to Error to avoid qdev_init() machine: query mem-merge machine property machine: query dump-guest-core machine property hw/boards: make it safe to include for linux-user machine: query phandle-start machine property machine: query kvm-shadow-mem machine property kvm: add machine state to kvm_arch_init machine: query kernel-irqchip property machine: allowed/required kernel-irqchip support machine: replace qemu opts with iommu property ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-11exec: don't include hw/boards for linux-userMichael S. Tsirkin
As noted by Andreas, hw/boards.h shouldn't be used outside softmmu code. Include it conditionally, and drop the (now unnecessary) ifdef guards in hw/boards.h Reported-by: Andreas Färber <afaerber@suse.de> Cc: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Andreas Färber <afaerber@suse.de>
2015-03-11machine: query mem-merge machine propertyMarcel Apfelbaum
Running qemu-bin ... -machine pc,mem-merge=on leads to crash: x86_64-softmmu/qemu-system-x86_64 -machine pc,dump-guest-core=on qemu-system-x86_64: qemu/util/qemu-option.c:387: qemu_opt_get_bool_helper: Assertion `opt->desc && opt->desc->type == QEMU_OPT_BOOL' failed. Aborted (core dumped) This happens because the commit e79d5a6 ("machine: remove qemu_machine_opts global list") removed the global option descriptions and moved them to MachineState's QOM properties. Fix this by querying machine properties through designated wrappers. Signed-off-by: Marcel Apfelbaum <marcel@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-03-11machine: query dump-guest-core machine propertyMarcel Apfelbaum
Running qemu-bin ... -machine pc,dump-guest-core=on leads to crash: x86_64-softmmu/qemu-system-x86_64 -machine pc,dump-guest-core=on qemu-system-x86_64: qemu/util/qemu-option.c:387: qemu_opt_get_bool_helper: Assertion `opt->desc && opt->desc->type == QEMU_OPT_BOOL' failed. Aborted (core dumped) This happens because the commit e79d5a6 ("machine: remove qemu_machine_opts global list") removed the global option descriptions and moved them to MachineState's QOM properties. Fix this by querying machine properties through designated wrappers. Signed-off-by: Marcel Apfelbaum <marcel@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-03-10Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
- scsi: improvements to error reporting and conversion to realize, Coverity/sparse fix for iscsi driver - RCU fallout: fix -daemonize and s390x system emulation - KVM: kvm_stat improvements and new man page - x86: SYSRET fix for VxWorks # gpg: Signature made Tue Mar 10 10:18:45 2015 GMT using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: x86: fix SS selector in SYSRET scsi: Convert remaining PCI HBAs to realize() scsi: Improve error reporting for invalid drive property hw: Propagate errors through qdev_prop_set_drive() scsi: Clean up duplicated error in legacy if=scsi code cpus: initialize cpu->memory_dispatch rcu: handle forks safely qemu-thread: do not use PTHREAD_MUTEX_ERRORCHECK kvm_stat: add kvm_stat.1 man page kvm_stat: add column headers to text UI iscsi: Fix check for username Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-10cpus: initialize cpu->memory_dispatchPaolo Bonzini
This fixes a NULL pointer dereference in s390x-softmmu. On pretty much all other architectures, creating an MMIO region calls cpu_reload_memory_map. On s390, however, there are no MMIO regions and everything is done via hypercalls. Fixes: 9d82b5a792236db31a75b9db5c93af69ac07c7c5 Reported-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-03-10Remove superfluous '\n' around error_report()Gonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-02-26exec: round up size on MR resizeMichael S. Tsirkin
Block size must fundamentally be a multiple of target page size. Aligning automatically removes need to worry about the alignment from callers. Note: the only caller of qemu_ram_resize (acpi) already happens to have size padded to a power of 2, but we would like to drop the padding in ACPI core, and don't want to expose target page size knowledge to ACPI. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Paolo Bonzini <ponzini@redhat.com>
2015-02-16Convert ram_list to RCUMike Day
Allow "unlocked" reads of the ram_list by using an RCU-enabled QLIST. The ramlist mutex is kept. call_rcu callbacks are run with the iothread lock taken, but that may change in the future. Writers still take the ramlist mutex, but they no longer need to assume that the iothread lock is taken. Readers of the list, instead, no longer require either the iothread or ramlist mutex, but they need to use rcu_read_lock() and rcu_read_unlock(). One place in arch_init.c was downgrading from write side to read side like this: qemu_mutex_lock_iothread() qemu_mutex_lock_ramlist() ... qemu_mutex_unlock_iothread() ... qemu_mutex_unlock_ramlist() and the equivalent idiom is: qemu_mutex_lock_ramlist() rcu_read_lock() ... qemu_mutex_unlock_ramlist() ... rcu_read_unlock() Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Mike Day <ncmike@ncultra.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-02-16exec: convert ram_list to QLISTMike Day
QLIST has RCU-friendly primitives, so switch to it. Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Mike Day <ncmike@ncultra.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-02-16cosmetic changes preparing for the following patchesMike Day
Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Mike Day <ncmike@ncultra.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-02-16exec: protect mru_block with RCUPaolo Bonzini
Hence, freeing a RAMBlock has to be switched to call_rcu. Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-02-16exec: RCUify AddressSpaceDispatchPaolo Bonzini
Note that even after this patch, most callers of address_space_* functions must still be under the big QEMU lock, otherwise the memory region returned by address_space_translate can disappear as soon as address_space_translate returns. This will be fixed in the next part of this series. Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-02-16exec: make iotlb RCU-friendlyPaolo Bonzini
After the previous patch, TLBs will be flushed on every change to the memory mapping. This patch augments that with synchronization of the MemoryRegionSections referred to in the iotlb array. With this change, it is guaranteed that iotlb_to_region will access the correct memory map, even once the TLB will be accessed outside the BQL. Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-02-16exec: introduce cpu_reload_memory_mapPaolo Bonzini
This for now is a simple TLB flush. This can change later for two reasons: 1) an AddressSpaceDispatch will be cached in the CPUState object 2) it will not be possible to do tlb_flush once the TCG-generated code runs outside the BQL. Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-02-10memory: unregister AddressSpace MemoryListener within BQLPaolo Bonzini
address_space_destroy_dispatch is called from an RCU callback and hence outside the iothread mutex (BQL). However, after address_space_destroy no new accesses can hit the destroyed AddressSpace so it is not necessary to observe changes to the memory map. Move the memory_listener_unregister call earlier, to make it thread-safe again. Reported-by: Alex Williamson <alex.williamson@redhat.com> Fixes: 374f2981d1f10bc4307f250f24b2a7ddb9b14be0 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2015-01-26exec: fix madvise of NULL pointerPaolo Bonzini
Coverity flags this as "dereference after null check". Not quite a dereference, since it will just EFAULT, but still nice to fix. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-20exec.c: Drop TARGET_HAS_ICE define and checksPeter Maydell
The TARGET_HAS_ICE #define is intended to indicate whether a target-* guest CPU implementation supports the breakpoint handling. However, all our guest CPUs have that support (the only two which do not define TARGET_HAS_ICE are unicore32 and openrisc, and in both those cases the bp support is present and the lack of the #define is just a bug). So remove the #define entirely: all new guest CPU support should include breakpoint handling as part of the basic implementation. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Message-id: 1420484960-32365-1-git-send-email-peter.maydell@linaro.org
2015-01-10Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
pc: resizeable ROM blocks This makes ROM blocks resizeable. This infrastructure is required for other functionality we have queued. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Thu 08 Jan 2015 11:19:24 GMT using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: acpi-build: make ROMs RAM blocks resizeable memory: API to allocate resizeable RAM MR arch_init: support resizing on incoming migration exec: qemu_ram_alloc_resizeable, qemu_ram_resize exec: split length -> used_length/max_length exec: cpu_physical_memory_set/clear_dirty_range memory: add memory_region_set_size Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-01-08exec: qemu_ram_alloc_resizeable, qemu_ram_resizeMichael S. Tsirkin
Add API to allocate "resizeable" RAM. This looks just like regular RAM generally, but has a special property that only a portion of it (used_length) is actually used, and migrated. This used_length size can change across reboots. Follow up patches will change used_length for such blocks at migration, making it easier to extend devices using such RAM (notably ACPI, but in the future thinkably other ROMs) without breaking migration compatibility or wasting ROM (guest) memory. Device is notified on resize, so it can adjust if necessary. qemu_ram_alloc_resizeable allocates this memory, qemu_ram_resize resizes it. Note: nothing prevents making all RAM resizeable in this way. However, reviewers felt that only enabling this selectively will make some class of errors easier to detect. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-08exec: split length -> used_length/max_lengthMichael S. Tsirkin
This patch allows us to distinguish between two length values for each block: max_length - length of memory block that was allocated used_length - length of block used by QEMU/guest Currently, we set used_length - max_length, unconditionally. Follow-up patches allow used_length <= max_length. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-08exec: cpu_physical_memory_set/clear_dirty_rangeMichael S. Tsirkin
Make cpu_physical_memory_set/clear_dirty_range behave symmetrically. To clear range for a given client type only, add cpu_physical_memory_clear_dirty_range_type. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2014-12-22exec: allows 8-byte accesses in subpage_opsPaolo Bonzini
Otherwise fw_cfg accesses are split into 4-byte ones before they reach the fw_cfg ops / handlers. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1419250305-31062-6-git-send-email-pbonzini@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-20exec: change default exception_index value for migration to -1Paolo Bonzini
In QEMU 2.2 the exception_index value was added to the migration stream through a subsection. The default was set to 0, which is wrong and should have been -1. However, 2.2 does not have commit e511b4d (cpu-exec: reset exception_index correctly, 2014-11-26), hence in 2.2 the exception_index is never used and is set to -1 on the next call to cpu_exec. So we can change the migration stream to make the default -1. The effects are: - 2.2.1 -> 2.2.0: cpu->exception_index set incorrectly to 0 if it were -1 on the source; then reset to -1 in cpu_exec. This is TCG only; KVM does not use exception_index. - 2.2.0 -> 2.2.1: cpu->exception_index set incorrectly to -1 if it were 0 on the source; but it would be reset to -1 in cpu_exec anyway. This is TCG only; KVM does not use exception_index. - 2.2.1 -> 2.1: two bugs fixed: 1) can migrate backwards if cpu->exception_index is set to -1; 2) should not migrate backwards (but 2.2.0 allows it) if cpu->exception_index is set to 0 - 2.2.0 -> 2.3.0: 2.2.0 will send the subsection unnecessarily if exception_index is -1, but that is not a problem. 2.3.0 will set cpu->exception_index to -1 if it is 0 on the source, but this would be anyway a problem for 2.2.0 -> 2.2.x migration (due to lack of commit e511b4d in 2.2.x) so we can ignore it - 2.2.1 -> 2.3.0: everything works. In addition, play it safe and never send the subsection unless TCG is in use. KVM does not use exception_index (PPC KVM stores values in it for use in the subsequent call to ppc_cpu_do_interrupt, but does not need it as soon as kvm_handle_debug returns). Xen and qtest do not run any code for the CPU at all. Reported-by: Igor Mammedov <imammedo@redhat.com> Tested-by: Laurent Desnogues <laurent.desnogues@gmail.com> Tested-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1418989994-17244-3-git-send-email-pbonzini@redhat.com Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-12-16exec: add wrapper for host pointer accessMichael S. Tsirkin
host pointer accesses force pointer math, let's add a wrapper to make them safer. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Amos Kong <akong@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
2014-11-23memory: expose alignment used for allocating RAM as MemoryRegion APIIgor Mammedov
introduce memory_region_get_alignment() that returns underlying memory block alignment or 0 if it's not relevant/implemented for backend. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-11-18exec: Handle multipage ranges in invalidate_and_set_dirty()Peter Maydell
The code in invalidate_and_set_dirty() needs to handle addr/length combinations which cross guest physical page boundaries. This can happen, for example, when disk I/O reads large blocks into guest RAM which previously held code that we have cached translations for. Unfortunately we were only checking the clean/dirty status of the first page in the range, and then were calling a tb_invalidate function which only handles ranges that don't cross page boundaries. Fix the function to deal with multipage ranges. The symptoms of this bug were that guest code would misbehave (eg segfault), in particular after a guest reboot but potentially any time the guest reused a page of its physical RAM for new code. Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1416167061-13203-1-git-send-email-peter.maydell@linaro.org
2014-09-19exec.c: fix setting 1-byte-long watchpointsMax Filippov
With commit 05068c0dfb5b 'exec.c: Relax restrictions on watchpoint length and alignment' it's no longer possible to set 1-byte-long watchpoint because of incorrect address range check. Fix that by changing condition that checks for address wraparound. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1411016616-29879-1-git-send-email-jcmvbkbc@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-09-15Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into stagingPeter Maydell
* remotes/qmp-unstable/queue/qmp: exec: file_ram_alloc(): print error when prealloc fails monitor: fix debug print compiling error Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-09-12Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
- Memory: improve error reporting and avoid crashes on hotplug - Build: fixing block/iscsi.so and ranlib warnings on Mac OS X - Migration fixes for x86 - The odd KVM patch. # gpg: Signature made Thu 11 Sep 2014 11:21:10 BST using RSA key ID 9B4D86F2 # gpg: Good signature from "Paolo Bonzini <pbonzini@redhat.com>" # gpg: aka "Paolo Bonzini <bonzini@gnu.org>" * remotes/bonzini/tags/for-upstream: (21 commits) gdbstub: init mon_chr through qemu_chr_alloc pckbd: adding new fields to vmstate mc146818rtc: add missed field to vmstate piix: do not set irq while loading vmstate serial: fixing vmstate for save/restore parallel: adding vmstate for save/restore fdc: adding vmstate for save/restore cpu: init vmstate for ticks and clock offset apic_common: vapic_paddr synchronization fix vl: use QLIST_FOREACH_SAFE to visit change state handlers exec: add parameter errp to gethugepagesize exec: report error when memory < hpagesize hostmem-ram: don't exit qemu if size of memory-backend-ram is way too big memory: add parameter errp to memory_region_init_rom_device memory: add parameter errp to memory_region_init_ram exec: add parameter errp to qemu_ram_alloc and qemu_ram_alloc_from_ptr rules.mak: Fix DSO build by pulling in archive symbols util: Don't link host-utils.o if it's empty util: Move general qemu_getauxval to util/getauxval.c trace: Only link generated-tracers.o with "simple" backend ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-09-12exec: file_ram_alloc(): print error when prealloc failsLuiz Capitulino
If memory allocation fails when using the -mem-prealloc command-line option, QEMU exits without printing any error information to the user: # qemu [...] -m 1G -mem-prealloc -mem-path /dev/hugepages # echo $? 1 This commit adds an error message, so that we print instead: # qemu [...] -m 1G -mem-prealloc -mem-path /dev/hugepages qemu: unable to map backing store for hugepages: Cannot allocate memory Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2014-09-12exec.c: Record watchpoint fault address and directionPeter Maydell
When we check whether we've hit a watchpoint we know the address that we were attempting to access and whether it was a read or a write. Record this information in the CPUWatchpoint struct so that target-specific code can report it to the guest. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-09-12exec.c: Provide full set of dummy wp remove functions in user-modePeter Maydell
We already provide dummy versions of the cpu_watchpoint_insert and cpu_watchpoint_remove_all functions when CONFIG_USER_ONLY is defined. Complete the set by providing cpu_watchpoint_remove and cpu_watchpoint_remove_by_ref as well. This allows target-* code using these functions to avoid some ifdeffery. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-09-12exec.c: Relax restrictions on watchpoint length and alignmentPeter Maydell
The current implementation of watchpoints requires that they have a power of 2 length which is not greater than TARGET_PAGE_SIZE and that their address is a multiple of their length. Watchpoints on ARM don't fit these restrictions, so change the implementation so they can be relaxed. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net>
2014-09-09exec: add parameter errp to gethugepagesizeHu Tao
Add parameter errp to gethugepagesize thus callers can handle errors. If user adds a memory-backend-file object using object_add command, specifying a non-existing directory for property mem-path, qemu will core dump with message: /nonexistingdir: No such file or directory Bad ram offset fffffffffffff000 Aborted (core dumped) This patch fixes the problem. With this patch, qemu reports an error message like: qemu-system-x86_64: -object memory-backend-file,mem-path=/nonexistingdir,id=mem-file0,size=128M: failed to get page size of file /nonexistingdir: No such file or directory Signed-off-by: Hu Tao <hutao@cn.fujitsu.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-09-09exec: report error when memory < hpagesizeHu Tao
Report an error when memory < hpagesize in file_ram_alloc() so callers can handle the error. If user adds a memory-backend-file object using object_add command, specifying a size that is less than huge page size, qemu will core dump with message: Bad ram offset fffffffffffff000 Aborted (core dumped) This patch fixes the problem. With this patch, qemu reports error message like: qemu-system-x86_64: -object memory-backend-file,mem-path=/hugepages,id=mem-file0,size=1M: memory size 0x100000 must be equal to or larger than huge page size 0x200000 Signed-off-by: Hu Tao <hutao@cn.fujitsu.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>