aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2015-10-27vmxnet3: Do not fill stats if device is inactiveShmulik Ladkani
Guest OS may issue VMXNET3_CMD_GET_STATS even before device was activated (for example in linux, after insmod but prior net-dev open). Accessing shared descriptors prior device activation is illegal as the VMXNET3State structures have not been fully initialized. As a result, guest memory gets corrupted and may lead to guest OS crashes. Fix, by not filling the stats descriptors if device is inactive. Reported-by: Leonid Shatz <leonid.shatz@ravellosystems.com> Acked-by: Dmitry Fleytman <dmitry@daynix.com> Signed-off-by: Dana Rubin <dana.rubin@ravellosystems.com> Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-10-27net: cadence_gem: Set initial MAC addressSebastian Huber
Set initial MAC address to the one specified by the command line. Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de> Reviewed-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-10-26Merge remote-tracking branch 'remotes/sstabellini/tags/xen-2015-10-26' into ↵Peter Maydell
staging Xen 2015-10-26 # gpg: Signature made Mon 26 Oct 2015 11:32:50 GMT using RSA key ID 70E1AE90 # gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>" * remotes/sstabellini/tags/xen-2015-10-26: xen-platform: Replace assert() with appropriate error reporting xen_platform: switch to realize Qemu/Xen: Fix early freeing MSIX MMIO memory region Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-10-26xen-platform: Replace assert() with appropriate error reportingEduardo Habkost
Commit dbb7405d8caad0814ceddd568cb49f163a847561 made it possible to trigger an assert using "-device xen-platform". Replace it with appropriate error reporting. Before: $ qemu-system-x86_64 -device xen-platform qemu-system-x86_64: hw/i386/xen/xen_platform.c:391: xen_platform_initfn: Assertion `xen_enabled()' failed. Aborted (core dumped) $ After: $ qemu-system-x86_64 -device xen-platform qemu-system-x86_64: -device xen-platform: xen-platform device requires the Xen accelerator $ Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-10-26xen_platform: switch to realizeStefano Stabellini
Use realize to initialize the xen_platform device Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-10-26Merge remote-tracking branch 'remotes/elmarco/tags/ivshmem-pull-request' ↵Peter Maydell
into staging ivshmem series # gpg: Signature made Mon 26 Oct 2015 09:27:46 GMT using RSA key ID 75969CE5 # gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" # gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5 * remotes/elmarco/tags/ivshmem-pull-request: (51 commits) doc: document ivshmem & hugepages ivshmem: use little-endian int64_t for the protocol ivshmem: use kvm irqfd for msi notifications ivshmem: rename MSI eventfd_table ivshmem: remove EventfdEntry.vector ivshmem: add hostmem backend ivshmem: use qemu_strtosz() ivshmem: do not keep shm_fd open tests: add ivshmem qtest qtest: add qtest_add_abrt_handler() msix: implement pba write (but read-only) contrib: remove unnecessary strdup() ivshmem: add check on protocol version in QEMU docs: update ivshmem device spec ivshmem-server: fix hugetlbfs support ivshmem-server: use a uint16 for client ID ivshmem-client: check the number of vectors contrib: add ivshmem client and server util: const event_notifier_get_fd() argument ivshmem: reset mask on device reset ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-10-26Qemu/Xen: Fix early freeing MSIX MMIO memory regionLan Tianyu
msix->mmio is added to XenPCIPassthroughState's object as property. object_finalize_child_property is called for XenPCIPassthroughState's object, which calls object_property_del_all, which is going to try to delete msix->mmio. object_finalize_child_property() will access msix->mmio's obj. But the whole msix struct has already been freed by xen_pt_msix_delete. This will cause segment fault when msix->mmio has been overwritten. This patch is to fix the issue. Signed-off-by: Lan Tianyu <tianyu.lan@intel.com> Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-10-26ivshmem: use little-endian int64_t for the protocolMarc-André Lureau
The current ivshmem protocol uses 'long' for integers. But the sizeof(long) depends on the host and the endianess is not defined, which may cause portability troubles. Instead, switch to using little-endian int64_t. This breaks the protocol, except on x64 little-endian host where this change should be compatible. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-26ivshmem: use kvm irqfd for msi notificationsMarc-André Lureau
Use irqfd for improving context switch when notifying the guest. If the host doesn't support kvm irqfd, regular msi notifications are still supported. Note: the ivshmem implementation doesn't allow switching between MSI and IO interrupts, this patch doesn't either. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-10-26ivshmem: rename MSI eventfd_tableMarc-André Lureau
The array is used to have vector specific data, so use a more descriptive name. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-26ivshmem: remove EventfdEntry.vectorMarc-André Lureau
No need to store an extra int for the vector number when it can be computed easily by looking at the position in the array. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-26ivshmem: add hostmem backendMarc-André Lureau
Instead of handling allocation, teach ivshmem to use a memory backend. This allows to use hugetlbfs backed memory now. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-26ivshmem: use qemu_strtosz()Marc-André Lureau
Use the common qemu utility function to parse the memory size. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-26ivshmem: do not keep shm_fd openMarc-André Lureau
Remove shm_fd from device state, closing it as early as possible to avoid leaks. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24msix: implement pba write (but read-only)Marc-André Lureau
qpci_msix_pending() writes on pba region, causing qemu to SEGV: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffff7fba8c0 (LWP 25882)] 0x0000000000000000 in ?? () (gdb) bt #0 0x0000000000000000 in () #1 0x00005555556556c5 in memory_region_oldmmio_write_accessor (mr=0x5555579f3f80, addr=0, value=0x7fffffffbf68, size=4, shift=0, mask=4294967295, attrs=...) at /home/elmarco/src/qemu/memory.c:434 #2 0x00005555556558e1 in access_with_adjusted_size (addr=0, value=0x7fffffffbf68, size=4, access_size_min=1, access_size_max=4, access=0x55555565563e <memory_region_oldmmio_write_accessor>, mr=0x5555579f3f80, attrs=...) at /home/elmarco/src/qemu/memory.c:506 #3 0x00005555556581eb in memory_region_dispatch_write (mr=0x5555579f3f80, addr=0, data=0, size=4, attrs=...) at /home/elmarco/src/qemu/memory.c:1176 #4 0x000055555560b6f9 in address_space_rw (as=0x555555eff4e0 <address_space_memory>, addr=3759147008, attrs=..., buf=0x7fffffffc1b0 "", len=4, is_write=true) at /home/elmarco/src/qemu/exec.c:2439 #5 0x000055555560baa2 in cpu_physical_memory_rw (addr=3759147008, buf=0x7fffffffc1b0 "", len=4, is_write=1) at /home/elmarco/src/qemu/exec.c:2534 #6 0x000055555564c005 in cpu_physical_memory_write (addr=3759147008, buf=0x7fffffffc1b0, len=4) at /home/elmarco/src/qemu/include/exec/cpu-common.h:80 #7 0x000055555564cd9c in qtest_process_command (chr=0x55555642b890, words=0x5555578de4b0) at /home/elmarco/src/qemu/qtest.c:378 #8 0x000055555564db77 in qtest_process_inbuf (chr=0x55555642b890, inbuf=0x55555641b340) at /home/elmarco/src/qemu/qtest.c:569 #9 0x000055555564dc07 in qtest_read (opaque=0x55555642b890, buf=0x7fffffffc2e0 "writel 0xe0100800 0x0\n", size=22) at /home/elmarco/src/qemu/qtest.c:581 #10 0x000055555574ce3e in qemu_chr_be_write (s=0x55555642b890, buf=0x7fffffffc2e0 "writel 0xe0100800 0x0\n", len=22) at qemu-char.c:306 #11 0x0000555555751263 in tcp_chr_read (chan=0x55555642bcf0, cond=G_IO_IN, opaque=0x55555642b890) at qemu-char.c:2876 #12 0x00007ffff64c9a8a in g_main_context_dispatch (context=0x55555641c400) at gmain.c:3122 (without this patch, this can be reproduced with the ivshmem qtest) Implement an empty mmio write to avoid the crash. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-10-24ivshmem: add check on protocol version in QEMUDavid Marchand
Send a protocol version as the first message from server, clients must close communication if they don't support this protocol version. Older QEMUs should be fine with this change in the protocol since they overrides their own vm_id on reception of an id associated to no eventfd. Signed-off-by: David Marchand <david.marchand@6wind.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> [use fifo_update_and_get()] Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: reset mask on device resetMarc-André Lureau
The interrupt mask is a state value, it should be reset, like the interrupt status. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: error on too many eventfd receivedMarc-André Lureau
The number of eventfd that can be handled per peer is limited by the number of vectors. Return an error when receiving too many of them. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: replace 'guest' for 'peer' appropriatelyMarc-André Lureau
The terms 'guest' and 'peer' are used sometime interchangeably which may be confusing. Instead, use 'peer' for the remote instances of ivshmem clients, and 'guest' for the local VM. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: fix pci_ivshmem_exit()Marc-André Lureau
Free all objects owned by the device, making sure the device is free, fixing hot-unplug. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: add device descriptionMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: check shm isn't already initializedMarc-André Lureau
The server should not change the shm, and this isn't handled by qemu and we should should verify this in qemu. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: shmfd can be 0Marc-André Lureau
0 is a valid fd value, so change conditions and set -1 value early Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: migrate with VMStateDescriptionMarc-André Lureau
load_state_old() is used to keep compatibility with version 0. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: use common is_power_of_2()Marc-André Lureau
The common version correctly checks for 0 value case. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: use common returnMarc-André Lureau
Both if branches return, move this out to common end. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: simplify a bit the codeMarc-André Lureau
Use some more explicit variables to simplify the code. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: print error on invalid peer idMarc-André Lureau
The server shouldn't send invalid peer id, so print an error if it's the case. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: improve error handlingMarc-André Lureau
The test whether the chardev is an AF_UNIX socket rejects "-chardev socket,id=chr0,path=/tmp/foo,server,nowait -device ivshmem,chardev=chr0", but fails to explain why. Use an explicit error on why a chardev may be rejected. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: improve debug messagesMarc-André Lureau
Some misc improvements to ivshmem debug. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: remove max_peer fieldMarc-André Lureau
max_peer isn't really useful, it tracks the maximum received VM id, but that quickly matches nb_peers, the size of the peers array. Since VM come and go, there might be sparse peers so it doesn't help much in general to have this value around. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: initialize max_peer to -1Marc-André Lureau
There is no peer when device is initialized, do not let doorbell for inexisting peer 0. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: remove useless ivshmem_update_irq() val argumentMarc-André Lureau
val isn't used in ivshmem_update_irq() function. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: allocate eventfds in resize_peers()Marc-André Lureau
It simplifies a bit the code to allocate the array when setting the number of peers instead of lazily when receiving the first vector. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: simplify around increase_dynamic_storage()Marc-André Lureau
Set the number of peers and array allocation in a single place. Rename to better reflect the function content. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: limit maximum number of peers to G_MAXUINT16Marc-André Lureau
Limit the maximum number of peers to MAXUINT16. This is more realistic and better matches the limit of the doorbell register. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: remove last exit(1)Marc-André Lureau
Failing to create a chardev shouldn't be fatal. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: more qdev conversionMarc-André Lureau
Use the latest qemu device modeling API, in particular, convert to realize to fix the error handling; right now a botched device_add ivhsmem command kills the VM. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: remove useless doorbell fieldMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: remove superflous ivshmem_attr fieldMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: remove unnecessary dup()Marc-André Lureau
qemu_chr_fe_get_msgfd() transfers ownership, there is no need to dup the fd. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: factor out the incoming fifo handlingMarc-André Lureau
Make a new function fifo_update_and_get() that can be reused by other functions (in next commits). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivshmem: fix number of bytes to push to fifoMarc-André Lureau
If the fifo has 0 bytes, and the read is of size 1, the call to fifo8_push_all() will copy off boundary data. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-24ivhsmem: read do not accept more than sizeof(long)Marc-André Lureau
ivshmem_read() only reads sizeof(long) from the input buffer. Accepting more could lead to fifo8 abort() on 32bit systems if fifo is not empty. A following patch will change the protocol to 64-bit little-endian instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
2015-10-23dataplane: Mark host notifiers' client type as "external"Fam Zheng
They will be excluded by type in the nested event loops in block layer, so that unwanted events won't be processed there. Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-10-23aio: Add "is_external" flag for event handlersFam Zheng
All callers pass in false, and the real external ones will switch to true in coming patches. Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-10-23block: Prepare for NULL BDSMax Reitz
blk_bs() will not necessarily return a non-NULL value any more (unless blk_is_available() is true or it can be assumed to otherwise, e.g. because it is called immediately after a successful blk_new_with_bs() or blk_new_open()). Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-10-23hw/usb-storage: Check whether BB is insertedMax Reitz
Only call bdrv_add_key() on the BlockDriverState if it is not NULL. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-10-23hw/block/fdc: Implement tray statusMax Reitz
The tray of an FDD is open iff there is no medium inserted (there are only two states for an FDD: "medium inserted" or "no medium inserted"). Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-10-23Merge remote-tracking branch 'remotes/dgibson/tags/ppc-next-20151023' into ↵Peter Maydell
staging ppc patch queue - 2015-10-23 sPAPR highlights: * Allow VFIO devices on the spapr-pci-host-bridge * Allow virtio VGA * Safer handling of HTAB allocation * ibm,pa-features device tree property non-sPAPR highlights: * Categorization of many ppc specific devices in help output * Tweaks to MMU type constants # gpg: Signature made Fri 23 Oct 2015 07:27:56 BST using RSA key ID 20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-next-20151023: (21 commits) prep: do not use CPU_LOG_IOPORT, convert to tracepoints openpic: add to misc category macio-nvram: add to misc category macio: add to bridge category uninorth: add to bridge category macio-ide: add to storage category cuda: add to bridge category grackle: add to bridge category escc: add to input category cmd646: add to storage category adb: add to input category ppc/spapr: Add "ibm,pa-features" property to the device-tree ppc: Add mmu_model defines for arch 2.03 and 2.07 hw/scsi/spapr_vscsi: Remove superfluous memset spapr_pci: Allow VFIO devices to work on the normal PCI host bridge spapr_iommu: Provide a function to switch a TCE table to allowing VFIO spapr_iommu: Rename vfio_accel parameter spapr_pci: Allow PCI host bridge DMA window to be configured spapr: Add "slb-size" property to CPU device tree nodes spapr: Abort when HTAB of requested size isn't allocated ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>