aboutsummaryrefslogtreecommitdiff
path: root/hw/virtio.c
AgeCommit message (Collapse)Author
2011-07-17virtio: fix indirect descriptor buffer overflowMichael S. Tsirkin
We were previously allowing arbitrarily-long indirect descriptors, which could lead to a buffer overflow in qemu-kvm process. CVE-2011-2212 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-06-24Strip trailing '\n' from error_report()'s first argumentMarkus Armbruster
error_report() prepends location, and appends a newline. The message constructed from the arguments should not contain a newline. Fix the obvious offenders. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-06-12virtio: event index supportMichael S. Tsirkin
Add support for event_idx feature, and utilize it to reduce the number of interrupts and exits for the guest. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-06-12virtio: correctly initialize vm_runningJason Wang
Current vm_running was not explicitly initialized and its value was changed by vm state notifier, this may confuse the virtio device being hotplugged such as virtio-net with vhost backend as it may think the vm was not running. Solve this by initialize this value explicitly in virtio_common_init(). Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-06-12virtio: guard against negative vq notifiesStefan Hajnoczi
The virtio_queue_notify() function checks that the virtqueue number is less than the maximum number of virtqueues. A signed comparison is used but the virtqueue number could be negative if a buggy or malicious guest is run. This results in memory accesses outside of the virtqueue array. It is risky doing input validation in common code instead of at the guest<->host boundary. Note that virtio_queue_set_addr(), virtio_queue_get_addr(), virtio_queue_get_num(), and many other virtio functions do *not* validate the virtqueue number argument. Instead of fixing the comparison in virtio_queue_notify(), move the comparison to the virtio bindings (just like VIRTIO_PCI_QUEUE_SEL) where we have a uint32_t value and can avoid ever calling into common virtio code if the virtqueue number is invalid. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-04-15Remove unused sysemu.h include directivesBlue Swirl
Remove unused sysemu.h include directives to speed up build with the following patches. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-01-10virtio-pci: Use ioeventfd for virtqueue notifyStefan Hajnoczi
Virtqueue notify is currently handled synchronously in userspace virtio. This prevents the vcpu from executing guest code while hardware emulation code handles the notify. On systems that support KVM, the ioeventfd mechanism can be used to make virtqueue notify a lightweight exit by deferring hardware emulation to the iothread and allowing the VM to continue execution. This model is similar to how vhost receives virtqueue notifies. The result of this change is improved performance for userspace virtio devices. Virtio-blk throughput increases especially for multithreaded scenarios and virtio-net transmit throughput increases substantially. Some virtio devices are known to have guest drivers which expect a notify to be processed synchronously and spin waiting for completion. For virtio-net, this also seems to interact with the guest stack in strange ways so that TCP throughput for small message sizes (~200bytes) is harmed. Only enable ioeventfd for virtio-blk for now. Care must be taken not to interfere with vhost-net, which uses host notifiers. If the set_host_notifier() API is used by a device virtio-pci will disable virtio-ioeventfd and let the device deal with host notifiers as it wishes. Finally, there used to be a limit of 6 KVM io bus devices inside the kernel. On such a kernel, don't use ioeventfd for virtqueue host notification since the limit is reached too easily. This ensures that existing vhost-net setups (which always use ioeventfd) have ioeventfds available so they can continue to work. After migration and on VM change state (running/paused) virtio-ioeventfd will enable/disable itself. * VIRTIO_CONFIG_S_DRIVER_OK -> enable virtio-ioeventfd * !VIRTIO_CONFIG_S_DRIVER_OK -> disable virtio-ioeventfd * virtio_pci_set_host_notifier() -> disable virtio-ioeventfd * vm_change_state(running=0) -> disable virtio-ioeventfd * vm_change_state(running=1) -> enable virtio-ioeventfd Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-01-10virtio: move vmstate change tracking to coreMichael S. Tsirkin
Move tracking vmstate change from virtio-net to virtio.c as it is going to be used by virito-blk and virtio-pci for the ioeventfd support. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2010-11-24virtio: fix up VQ checksMichael S. Tsirkin
When migration triggers before a VQ is initialized, base pa is 0 and last_used_index must be 0 too: we don't have a ring to compare to. Reported-by: Juan Quintela <quintela@redhat.com> Tested-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2010-11-24virtio: Convert fprintf() to error_report()Stefan Hajnoczi
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> (cherry picked from commit cd92f4cc22fbe12a7bf60c9430731f768dc1537c)
2010-10-27virtio: sanity-check available indexMichael S. Tsirkin
Checking available index upon load instead of only when vm is running makes is easier to debug failures. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2010-10-07virtio: invoke set_status callback on resetMichael S. Tsirkin
As status is set to 0 on reset, invoke the relevant callback. This makes for a cleaner code in devices as they don't need to duplicate the code in their reset routine, as well as excercises this path a little more. In particular this makes it possible to unify vhost-net handling code with the following patch. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2010-09-09trace: Trace virtqueue operationsStefan Hajnoczi
This patch adds trace events for virtqueue operations including adding/removing buffers, notifying the guest, and receiving a notify from the guest. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2010-08-30virtio: Factor virtqueue_map_sg outKevin Wolf
Separate the mapping of requests to host memory from the descriptor iteration. The next patch will make use of it in a different context. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-05-12virtio: invoke set_features on loadMichael S. Tsirkin
After migration, vhost was not getting features acked because set_features callback was never invoked. The fix is just to invoke that callback. Reported-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: David L Stevens <dlstevens@us.ibm.com>
2010-04-01win32: Fix compiler errors from u_int64_tStefan Weil
u_int64_t raises compiler error messages: CC libhw32/virtio.o /qemu/ar7/hw/virtio.c: In function ‘virtio_queue_get_avail_size’: /qemu/ar7/hw/virtio.c:776: error: ‘u_int64_t’ undeclared (first use in this function) /qemu/ar7/hw/virtio.c:776: error: (Each undeclared identifier is reported only once /qemu/ar7/hw/virtio.c:776: error: for each function it appears in.) Replacing u_int64_t by uint64_t helps. Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-04-01virtio: notifier support + APIs for queue fieldsMichael S. Tsirkin
vhost needs physical addresses for ring and other queue fields, so add APIs for these. In particular, add binding API to set host/guest notifiers. Will be used by vhost. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-20virtio: Remove duplicate macro definition for max. virtqueues, bump up the maxAmit Shah
VIRTIO_PCI_QUEUE_MAX is redefined in hw/virtio.c. Let's just keep it in hw/virtio.h. Also, bump up the value of the maximum allowed virtqueues to 64. This is in preparation to allow multiple ports per virtio-console device. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-11virtio: add features as qdev propertiesMichael S. Tsirkin
Add feature bits as properties to virtio. This makes it possible to e.g. define machine without indirect buffer support, which is required for 0.10 compatibility, or without hardware checksum support, which is required for 0.11 compatibility. Since default values for optional features are now set by qdev, get_features callback has been modified: it sets non-optional bits, and clears bits not supported by host. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-11virtio: rename features -> guest_featuresMichael S. Tsirkin
Rename features->guest_features. This is what they are, avoid confusion with host features which we also need to keep around. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-12-12virtio: verify features on loadMichael S. Tsirkin
migrating between hosts which have different features might break silently, if the migration destination does not support some features supported by source. Prevent this from happening by comparing acked feature bits with the mask supported by the device. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-10-30qemu/virtio: make wmb compiler barrier + commentsMichael S. Tsirkin
wmb must be at least a compiler barrier, even without SMP. Further, we likely need some rmb()/mb() as well: I have not audited the code but lguest has mb(), add a comment for now. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-10-01Revert "Get rid of _t suffix"Anthony Liguori
In the very least, a change like this requires discussion on the list. The naming convention is goofy and it causes a massive merge problem. Something like this _must_ be presented on the list first so people can provide input and cope with it. This reverts commit 99a0949b720a0936da2052cb9a46db04ffc6db29. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-10-01Get rid of _t suffixmalc
Some not so obvious bits, slirp and Xen were left alone for the time being. Signed-off-by: malc <av1474@comtv.ru>
2009-09-11qemu: init all queues to NO_VECTOR valueMichael S. Tsirkin
initialize vectors for all vqs to VIRTIO_NO_VECTOR rather than 0 which is a valid vector. This fixes migration which happened before driver was loaded. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reported-by: Amit Shah <amit.shah@redhat.com> Tested-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-07-09qemu: remove control vector saveMichael S. Tsirkin
control vector is saved/restored by virtio-pci, it does not belong in virtio. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-24qemu/virtio: virtio save/load bindingsMichael S. Tsirkin
Implement bindings for virtio save/load. Use them in virtio pci. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-24qemu/virtio: virtio support for many interrupt vectorsMichael S. Tsirkin
Extend virtio to support many interrupt vectors, and rearrange code in preparation for multi-vector support (mostly move reset out to bindings, because we will have to reset the vectors in transport-specific code). Actual bindings in pci, and use in net, to follow. Load and save are not connected to bindings yet, so they are left stubbed out for now. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-22virtio: add support for indirect ring entriesMark McLoughlin
Support a new feature flag for indirect ring entries. These are ring entries which point to a table of buffer descriptors. The idea here is to increase the ring capacity by allowing a larger effective ring size whereby the ring size dictates the number of requests that may be outstanding, rather than the size of those requests. This should be most effective in the case of block I/O where we can potentially benefit by concurrently dispatching a large number of large requests. Even in the simple case of single segment block requests, this results in a threefold increase in ring capacity. Signed-off-by: Mark McLoughlin <markmc@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-22virtio: make vring_desc_*() take phys addrsMark McLoughlin
Change the vring descriptor helpers to take the physical address of the descriptor table rather than a virtqueue. This is needed in order to allow these helpers to be used with an indirect descriptor table. Signed-off-by: Mark McLoughlin <markmc@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-05-22Introduce reset notifier orderJan Kiszka
Add the parameter 'order' to qemu_register_reset and sort callbacks on registration. On system reset, callbacks with lower order will be invoked before those with higher order. Update all existing users to the standard order 0. Note: At least for x86, the existing users seem to assume that handlers are called in their registration order. Therefore, the patch preserves this property. If someone feels bored, (s)he could try to identify this dependency and express it properly on callback registration. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-05-18Separate virtio PCI codePaul Brook
Split the PCI host bindings from the VRing transport implementation. Signed-off-by: Paul Brook <paul@codesourcery.com>
2009-05-14Virtio-net qdev conversionPaul Brook
Signed-off-by: Paul Brook <paul@codesourcery.com>
2009-05-03use PCI_HEADER_TYPE.Isaku Yamahata
use symbolic value instead of 0x0e and related value. Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
2009-04-17Introduce VLANClientState::cleanup() (Mark McLoughlin)aliguori
We're currently leaking memory and file descriptors on device hot-unplug. Signed-off-by: Mark McLoughlin <markmc@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7150 c046a42c-6fe2-441c-8c8c-71466251a162
2009-04-05Fix oops on 2.6.25 guest (Rusty Russell)aliguori
I believe this is behind the following: https://bugs.edge.launchpad.net/ubuntu/jaunty/+source/linux/+bug/331128 virtio_pci in 2.6.25 didn't do feature negotiation correctly: it acked every bit. Fortunately, we can detect this. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6975 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-28Use the DMA api to map virtio elements.aliguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6904 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-20virtio: Allow guest to defer VIRTIO_F_NOTIFY_ON_EMPTY (Alex Williamson)aliguori
There may be cases where the guest does not want the avail queue interrupt, even when it's empty. For the virtio-net case, the guest may use a different buffering scheme or decide polling for used buffers is more efficient. This can be accomplished by simply checking for whether the guest has acknowledged the existing notify on empty flag. Signed-off-by: Alex Williamson <alex.williamson@hp.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6865 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-05hw: remove error handling from qemu_malloc() callers (Avi Kivity)aliguori
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6529 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-01Add and use #defines for PCI device classesblueswir1
This patch adds and uses #defines for PCI device classes and subclases, using a new pci_config_set_class() function, similar to the recently added pci_config_set_vendor_id() and pci_config_set_device_id(). Change since v1: fixed compilation of hw/sun4u.c Signed-off-by: Stuart Brady <stuart.brady@gmail.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6491 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-29Don't notify virtio devices before S_DRIVER_OK (Mark McLoughlin)aliguori
Current Linux guests oops if the host notifies of a config change before a driver has been bound to the device. It's pretty pointless for us to do notify of config changes before status is S_DRIVER_OK anyway, so let's just not do it. Signed-off-by: Mark McLoughlin <markmc@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6471 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-26Define PCI vendor and device IDs in pci.h (Stuart Brady)aliguori
This patch defines PCI vendor and device IDs in pci.h (matching those from Linux's pci_ids.h), and uses those definitions where appropriate. Change from v1: Introduces pci_config_set_vendor_id() / pci_config_set_device_id() accessors as suggested by Anthony Liguori. Signed-off-by: Stuart Brady <stuart.brady@gmail.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6442 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-11Rename fls to qemu_flsblueswir1
Fix compiler warning on OSX, reported by Andreas Faerber. git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5982 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-07Fix some new warnings introduced after r5022blueswir1
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5933 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-04Fix windows build after virtio changesaliguori
Windows does not have sys/uio.h and does not have err.h. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5877 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-04Remove TARGET_PAGE_SIZE from virtio interface (Hollis Blanchard)aliguori
TARGET_PAGE_SIZE should only be used internal to qemu, not in guest/host interfaces. The virtio frontend code in Linux uses two constants (PFN shift and vring alignment) for the interface, so update qemu to match. I've tested this with PowerPC KVM and confirmed that it fixes virtio problems when using non-TARGET_PAGE_SIZE pages in the guest. Signed-off-by: Hollis Blanchard <hollisb@us.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5871 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-04Virtio core supportaliguori
This patch adds core support for VirtIO. VirtIO is a paravirtualization framework that has been in Linux since 2.6.21. A PCI transport has been available since 2.6.25. Network drivers are also available for Windows. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5869 c046a42c-6fe2-441c-8c8c-71466251a162