From 4f8260248c68e4599a5ce9d8d98ea9d8853f649b Mon Sep 17 00:00:00 2001 From: Jagannathan Raman Date: Tue, 5 Feb 2019 17:50:19 -0500 Subject: [PATCH 01/31] memory: Do not update coalesced IO range in the case of NOP Do not add/del coalesced IO ranges in the case where the same FlatRanges are present in both old and new FlatViews Fixes: 3ac7d43a6fbb ("memory: update coalesced_range on transaction_commit") Signed-off-by: Jagannathan Raman Message-Id: <59572a7353830be4b7aa57d79ccb7ad6b72f0dda.1549406119.git.jag.raman@oracle.com> Signed-off-by: Paolo Bonzini --- memory.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/memory.c b/memory.c index 61d66e4441..e49369d85d 100644 --- a/memory.c +++ b/memory.c @@ -932,9 +932,7 @@ static void address_space_update_topology_pass(AddressSpace *as, } else if (frold && frnew && flatrange_equal(frold, frnew)) { /* In both and unchanged (except logging may have changed) */ - if (!adding) { - flat_range_coalesced_io_del(frold, as); - } else { + if (adding) { MEMORY_LISTENER_UPDATE_REGION(frnew, as, Forward, region_nop); if (frnew->dirty_log_mask & ~frold->dirty_log_mask) { MEMORY_LISTENER_UPDATE_REGION(frnew, as, Forward, log_start, @@ -946,7 +944,6 @@ static void address_space_update_topology_pass(AddressSpace *as, frold->dirty_log_mask, frnew->dirty_log_mask); } - flat_range_coalesced_io_add(frnew, as); } ++iold; From 97575f928fe95515a4855487b233506e75675f66 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 8 Mar 2019 18:33:27 +0100 Subject: [PATCH 02/31] vfio-pci: enable by default CONFIG_VFIO_PCI was not "default y" - and once you do that, it is also important to disable it if PCI is not there. Reported-by: Alex Williamson Tested-by: Alex Williamson Signed-off-by: Paolo Bonzini --- hw/vfio/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/vfio/Kconfig b/hw/vfio/Kconfig index ebda9fdf22..34da2a3cfd 100644 --- a/hw/vfio/Kconfig +++ b/hw/vfio/Kconfig @@ -4,8 +4,9 @@ config VFIO config VFIO_PCI bool + default y select VFIO - depends on LINUX + depends on LINUX && PCI config VFIO_CCW bool From fcfd1bcc30c33795ca66b2f4f6c5bb4438e62865 Mon Sep 17 00:00:00 2001 From: David Abdurachmanov Date: Mon, 11 Mar 2019 10:12:56 +0100 Subject: [PATCH 03/31] riscv/Kconfig: enable PCI_DEVICES Re-enable PCI_DEVICES for RISC-V. The patch is based on other /Kconfig. Signed-off-by: David Abdurachmanov Fixes: 82a230d5a303 ("riscv-softmmu.mak: replace CONFIG_* with Kconfig "select" directives") Message-Id: <20190311091256.18385-1-david.abdurachmanov@gmail.com> Reviewed-by: Thomas Huth Signed-off-by: Paolo Bonzini --- hw/riscv/Kconfig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/riscv/Kconfig b/hw/riscv/Kconfig index e0ee3043a6..8c7fc1f31d 100644 --- a/hw/riscv/Kconfig +++ b/hw/riscv/Kconfig @@ -26,6 +26,9 @@ config SPIKE config RISCV_VIRT bool + imply PCI_DEVICES + imply TEST_DEVICES + select PCI select HART select SERIAL select VIRTIO_MMIO From 944b96c61072d8b8dd6b253d4b1b80de1442cc1f Mon Sep 17 00:00:00 2001 From: Li Qiang Date: Sun, 10 Mar 2019 09:02:27 -0700 Subject: [PATCH 04/31] tests: test-qgraph: fix a memory leak MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Spotted by ASAN when 'make check'. Signed-off-by: Li Qiang Message-Id: <20190310160227.103090-1-liq3ea@163.com> Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Thomas Huth Fixes: fc281c80202 Signed-off-by: Paolo Bonzini --- tests/test-qgraph.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/test-qgraph.c b/tests/test-qgraph.c index f6a6565e31..5c7e457075 100644 --- a/tests/test-qgraph.c +++ b/tests/test-qgraph.c @@ -122,7 +122,7 @@ static void check_driver(const char *driver) static void check_test(const char *test, const char *interface) { QOSGraphEdge *edge; - const char *full_name = g_strdup_printf("%s-tests/%s", interface, test); + char *full_name = g_strdup_printf("%s-tests/%s", interface, test); qos_add_test(test, interface, testfunct, NULL); g_assert_cmpint(qos_graph_has_machine(test), ==, FALSE); @@ -138,6 +138,7 @@ static void check_test(const char *test, const char *interface) g_assert_cmpint(qos_graph_get_node_availability(full_name), ==, TRUE); qos_graph_node_set_availability(full_name, FALSE); g_assert_cmpint(qos_graph_get_node_availability(full_name), ==, FALSE); + g_free(full_name); } static void count_each_test(QOSGraphNode *path, int len) From 5dc8ab361a6aed42560731eb9b4fdeff01ace948 Mon Sep 17 00:00:00 2001 From: Stefano Garzarella Date: Thu, 14 Feb 2019 19:02:16 +0100 Subject: [PATCH 05/31] hw/i386/pc: run the multiboot loader before the PVH loader Some multiboot images could be in the ELF format. In the current implementation QEMU fails because we try to load these images as a PVH image. In order to fix this issue, we should try multiboot first (we already check the multiboot magic header before to load it). If it is not a multiboot image, we can try the PVH loader. Fixes: ab969087da6 ("pvh: Boot uncompressed kernel using direct boot ABI", 2019-01-15) Reported-by: Paolo Bonzini Signed-off-by: Stefano Garzarella Message-Id: <20190214180216.246707-1-sgarzare@redhat.com> Signed-off-by: Paolo Bonzini --- hw/i386/pc.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 42128183e9..9c8f8332a9 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -1209,6 +1209,17 @@ static void load_linux(PCMachineState *pcms, if (ldl_p(header+0x202) == 0x53726448) { protocol = lduw_p(header+0x206); } else { + /* + * This could be a multiboot kernel. If it is, let's stop treating it + * like a Linux kernel. + * Note: some multiboot images could be in the ELF format (the same of + * PVH), so we try multiboot first since we check the multiboot magic + * header before to load it. + */ + if (load_multiboot(fw_cfg, f, kernel_filename, initrd_filename, + kernel_cmdline, kernel_size, header)) { + return; + } /* * Check if the file is an uncompressed kernel file (ELF) and load it, * saving the PVH entry point used by the x86/HVM direct boot ABI. @@ -1262,12 +1273,6 @@ static void load_linux(PCMachineState *pcms, return; } - /* This looks like a multiboot kernel. If it is, let's stop - treating it like a Linux kernel. */ - if (load_multiboot(fw_cfg, f, kernel_filename, initrd_filename, - kernel_cmdline, kernel_size, header)) { - return; - } protocol = 0; } From d4cef0c67ca0f7a2749e77360122273541147c55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Wed, 20 Feb 2019 01:05:53 +0100 Subject: [PATCH 06/31] block/iscsi: Restrict Linux-specific code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some Linux specific code is missing guards, leading to build failure on OSX: $ sudo brew install libiscsi $ ./configure && make [...] CC block/iscsi.o qemu/block/iscsi.c:338:24: error: 'iscsi_aiocb_info' defined but not used [-Werror=unused-const-variable=] static const AIOCBInfo iscsi_aiocb_info = { ^~~~~~~~~~~~~~~~ qemu/block/iscsi.c:168:1: error: 'iscsi_schedule_bh' defined but not used [-Werror=unused-function] iscsi_schedule_bh(IscsiAIOCB *acb) ^~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors Add guards to restrict this code for Linux. Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20190220000553.28438-1-philmd@redhat.com> Signed-off-by: Paolo Bonzini --- block/iscsi.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/block/iscsi.c b/block/iscsi.c index a0c0084837..f31c612d53 100644 --- a/block/iscsi.c +++ b/block/iscsi.c @@ -145,6 +145,8 @@ static const unsigned iscsi_retry_times[] = {8, 32, 128, 512, 2048, 8192, 32768} * unallocated. */ #define ISCSI_CHECKALLOC_THRES 64 +#ifdef __linux__ + static void iscsi_bh_cb(void *p) { @@ -172,6 +174,8 @@ iscsi_schedule_bh(IscsiAIOCB *acb) qemu_bh_schedule(acb->bh); } +#endif + static void iscsi_co_generic_bh_cb(void *opaque) { struct IscsiTask *iTask = opaque; @@ -290,6 +294,8 @@ static void iscsi_co_init_iscsitask(IscsiLun *iscsilun, struct IscsiTask *iTask) }; } +#ifdef __linux__ + /* Called (via iscsi_service) with QemuMutex held. */ static void iscsi_abort_task_cb(struct iscsi_context *iscsi, int status, void *command_data, @@ -338,6 +344,7 @@ static const AIOCBInfo iscsi_aiocb_info = { .cancel_async = iscsi_aio_cancel, }; +#endif static void iscsi_process_read(void *arg); static void iscsi_process_write(void *arg); From 06164cc402e67e64eefb79cd9a00a59d0e0d2fce Mon Sep 17 00:00:00 2001 From: Viktor Prutyanov Date: Wed, 20 Feb 2019 00:19:36 +0300 Subject: [PATCH 07/31] contrib/elf2dmp: add kernel start address checking Before this patch, if elf2dmp failed to find NT kernel PE magic in allowed virtual address range, then it assumes NULL as NT kernel address and cause segfault. This patch fix the problem described above by checking NT kernel address before futher processing. Signed-off-by: Viktor Prutyanov Message-Id: <20190219211936.6466-1-viktor.prutyanov@phystech.edu> Signed-off-by: Paolo Bonzini --- contrib/elf2dmp/main.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c index 1a45eaf565..1bfeb89ba7 100644 --- a/contrib/elf2dmp/main.c +++ b/contrib/elf2dmp/main.c @@ -524,6 +524,12 @@ int main(int argc, char *argv[]) } } + if (!nt_start_addr) { + eprintf("Failed to find NT kernel image\n"); + err = 1; + goto out_ps; + } + printf("KernBase = 0x%016"PRIx64", signature is \'%.2s\'\n", KernBase, (char *)nt_start_addr); From fd73745d1bc69a10a2a42e7a5fbbc5f2da2fb381 Mon Sep 17 00:00:00 2001 From: Alexey Kardashevskiy Date: Thu, 28 Feb 2019 15:35:03 +1100 Subject: [PATCH 08/31] configure: Enable werror for git worktrees The configure script checks multiple times whether it works in a git repository and it does this by "test -e "${source_path}/.git" in 4 cases but in one case where it tries to enable werror "-d" is used there which fails on git worktrees as .git is a file then and not a directory. This changes the test to "-e" as other occurrences. Signed-off-by: Alexey Kardashevskiy Message-Id: <20190228043503.68494-1-aik@ozlabs.ru> Signed-off-by: Paolo Bonzini --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index b354e74185..fa83e2184f 100755 --- a/configure +++ b/configure @@ -1836,7 +1836,7 @@ fi # Consult white-list to determine whether to enable werror # by default. Only enable by default for git builds if test -z "$werror" ; then - if test -d "$source_path/.git" && \ + if test -e "$source_path/.git" && \ { test "$linux" = "yes" || test "$mingw32" = "yes"; }; then werror="yes" else From 840159e48c365ca1405e513cc95099bf4f35ad9f Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Thu, 28 Feb 2019 10:23:18 +0100 Subject: [PATCH 09/31] target-i386: add kvm stubs to user-mode emulators The CPUID code will call kvm_arch_get_supported_cpuid() and, even though it is undef kvm_enabled() so it never runs for user-mode emulators, sometimes clang will not optimize it out at -O0. That could be considered a compiler bug, however at -O0 we give it a pass and just add the stubs. Reported-by: Kamil Rytarowski Tested-by: Kamil Rytarowski Signed-off-by: Paolo Bonzini --- target/i386/Makefile.objs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/i386/Makefile.objs b/target/i386/Makefile.objs index cb9c265525..48e0c28434 100644 --- a/target/i386/Makefile.objs +++ b/target/i386/Makefile.objs @@ -3,10 +3,10 @@ obj-$(CONFIG_TCG) += translate.o obj-$(CONFIG_TCG) += bpt_helper.o cc_helper.o excp_helper.o fpu_helper.o obj-$(CONFIG_TCG) += int_helper.o mem_helper.o misc_helper.o mpx_helper.o obj-$(CONFIG_TCG) += seg_helper.o smm_helper.o svm_helper.o +obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o ifeq ($(CONFIG_SOFTMMU),y) obj-y += machine.o arch_memory_mapping.o arch_dump.o monitor.o obj-$(CONFIG_KVM) += kvm.o -obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o obj-$(CONFIG_HYPERV) += hyperv.o obj-$(call lnot,$(CONFIG_HYPERV)) += hyperv-stub.o ifeq ($(CONFIG_WIN32),y) From f24c3a79a415042f6dc195f029a2ba7247d14cac Mon Sep 17 00:00:00 2001 From: Luwei Kang Date: Tue, 29 Jan 2019 18:52:59 -0500 Subject: [PATCH 10/31] i386: extended the cpuid_level when Intel PT is enabled Intel Processor Trace required CPUID[0x14] but the cpuid_level have no change when create a kvm guest with e.g. "-cpu qemu64,+intel-pt". Signed-off-by: Eduardo Habkost Signed-off-by: Luwei Kang Message-Id: <1548805979-12321-1-git-send-email-luwei.kang@intel.com> Signed-off-by: Paolo Bonzini --- hw/i386/pc.c | 1 + target/i386/cpu.c | 9 +++++++++ target/i386/cpu.h | 3 +++ 3 files changed, 13 insertions(+) diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 9c8f8332a9..c6d047b42b 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -136,6 +136,7 @@ GlobalProperty pc_compat_3_1[] = { { "Icelake-Client" "-" TYPE_X86_CPU, "mpx", "on" }, { "Icelake-Server" "-" TYPE_X86_CPU, "mpx", "on" }, { "Cascadelake-Server" "-" TYPE_X86_CPU, "stepping", "5" }, + { TYPE_X86_CPU, "x-intel-pt-auto-level", "off" }, }; const size_t pc_compat_3_1_len = G_N_ELEMENTS(pc_compat_3_1); diff --git a/target/i386/cpu.c b/target/i386/cpu.c index d3aa6a815b..d90c01a059 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -5031,6 +5031,13 @@ static void x86_cpu_expand_features(X86CPU *cpu, Error **errp) x86_cpu_adjust_feat_level(cpu, FEAT_C000_0001_EDX); x86_cpu_adjust_feat_level(cpu, FEAT_SVM); x86_cpu_adjust_feat_level(cpu, FEAT_XSAVE); + + /* Intel Processor Trace requires CPUID[0x14] */ + if ((env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_INTEL_PT) && + kvm_enabled() && cpu->intel_pt_auto_level) { + x86_cpu_adjust_level(cpu, &cpu->env.cpuid_min_level, 0x14); + } + /* SVM requires CPUID[0x8000000A] */ if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) { x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000000A); @@ -5824,6 +5831,8 @@ static Property x86_cpu_properties[] = { DEFINE_PROP_INT32("x-hv-max-vps", X86CPU, hv_max_vps, -1), DEFINE_PROP_BOOL("x-hv-synic-kvm-only", X86CPU, hyperv_synic_kvm_only, false), + DEFINE_PROP_BOOL("x-intel-pt-auto-level", X86CPU, intel_pt_auto_level, + true), DEFINE_PROP_END_OF_LIST() }; diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 95112b9118..83fb522554 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -1454,6 +1454,9 @@ struct X86CPU { /* Enable auto level-increase for all CPUID leaves */ bool full_cpuid_auto_level; + /* Enable auto level-increase for Intel Processor Trace leave */ + bool intel_pt_auto_level; + /* if true fill the top bits of the MTRR_PHYSMASKn variable range */ bool fill_mtrr_mask; From d804232dc4a5400494442b04e0a066711f4f5b44 Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Thu, 28 Feb 2019 18:59:42 +0100 Subject: [PATCH 11/31] virtio-scsi: Fix build with gcc 9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Build fails with gcc 9: CC ppc64-softmmu/hw/scsi/virtio-scsi.o hw/scsi/virtio-scsi.c: In function ‘virtio_scsi_do_tmf’: hw/scsi/virtio-scsi.c:265:39: error: taking address of packed member of ‘struct virtio_scsi_ctrl_tmf_req’ may result in an unaligned pointer value [-Werror=address-of-packed-member] 265 | virtio_tswap32s(VIRTIO_DEVICE(s), &req->req.tmf.subtype); | ^~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors All the fields in struct virtio_scsi_ctrl_tmf_req are naturally aligned, so we could in theory drop QEMU_PACKED. Unfortunately, the header file is imported from linux which already has the packed attribute. Trying to fix that in the update-linux-headers.sh script is likely to produce ugliness. Turn the call to virtio_tswap32s() into an assignment instead. Signed-off-by: Greg Kurz Message-Id: <155137678223.44753.5438092367451176318.stgit@bahia.lan> Signed-off-by: Paolo Bonzini --- hw/scsi/virtio-scsi.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c index ce99d288b0..839f120256 100644 --- a/hw/scsi/virtio-scsi.c +++ b/hw/scsi/virtio-scsi.c @@ -262,7 +262,13 @@ static int virtio_scsi_do_tmf(VirtIOSCSI *s, VirtIOSCSIReq *req) /* Here VIRTIO_SCSI_S_OK means "FUNCTION COMPLETE". */ req->resp.tmf.response = VIRTIO_SCSI_S_OK; - virtio_tswap32s(VIRTIO_DEVICE(s), &req->req.tmf.subtype); + /* + * req->req.tmf has the QEMU_PACKED attribute. Don't use virtio_tswap32s() + * to avoid compiler errors. + */ + req->req.tmf.subtype = + virtio_tswap32(VIRTIO_DEVICE(s), req->req.tmf.subtype); + switch (req->req.tmf.subtype) { case VIRTIO_SCSI_T_TMF_ABORT_TASK: case VIRTIO_SCSI_T_TMF_QUERY_TASK: From 12dd89f7006dc1208f6310600d98621e8e1ac0e6 Mon Sep 17 00:00:00 2001 From: Sven Schnelle Date: Fri, 15 Feb 2019 20:40:21 +0100 Subject: [PATCH 12/31] lsi: implement basic SBCL functionality HP-UX checks this register after sending data to the target. If there's no valid information present, it assumes the client disconnected because the kernel sent to much data. Implement at least some of the SBCL functionality that is possible without having a real SCSI bus. Signed-off-by: Sven Schnelle Message-Id: <20190215194021.20543-1-svens@stackframe.org> Signed-off-by: Paolo Bonzini --- hw/scsi/lsi53c895a.c | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index 89def1421f..8ba07f8756 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -160,6 +160,11 @@ static const char *names[] = { #define LSI_CCNTL1_DDAC 0x08 #define LSI_CCNTL1_ZMOD 0x80 +#define LSI_SBCL_ATN 0x08 +#define LSI_SBCL_BSY 0x20 +#define LSI_SBCL_ACK 0x40 +#define LSI_SBCL_REQ 0x80 + /* Enable Response to Reselection */ #define LSI_SCID_RRE 0x60 @@ -258,6 +263,7 @@ typedef struct { uint8_t sdid; uint8_t ssid; uint8_t sfbr; + uint8_t sbcl; uint8_t stest1; uint8_t stest2; uint8_t stest3; @@ -356,6 +362,7 @@ static void lsi_soft_reset(LSIState *s) s->socl = 0; s->sdid = 0; s->ssid = 0; + s->sbcl = 0; s->stest1 = 0; s->stest2 = 0; s->stest3 = 0; @@ -530,6 +537,8 @@ static void lsi_script_dma_interrupt(LSIState *s, int stat) static inline void lsi_set_phase(LSIState *s, int phase) { + s->sbcl &= ~PHASE_MASK; + s->sbcl |= phase | LSI_SBCL_REQ; s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase; } @@ -567,6 +576,7 @@ static void lsi_disconnect(LSIState *s) { s->scntl1 &= ~LSI_SCNTL1_CON; s->sstat1 &= ~PHASE_MASK; + s->sbcl = 0; } static void lsi_bad_selection(LSIState *s, uint32_t id) @@ -1265,7 +1275,9 @@ again: s->scntl1 |= LSI_SCNTL1_CON; if (insn & (1 << 3)) { s->socl |= LSI_SOCL_ATN; + s->sbcl |= LSI_SBCL_ATN; } + s->sbcl |= LSI_SBCL_BSY; lsi_set_phase(s, PHASE_MO); break; case 1: /* Disconnect */ @@ -1297,8 +1309,14 @@ again: insn & (1 << 10) ? " CC" : ""); if (insn & (1 << 3)) { s->socl |= LSI_SOCL_ATN; + s->sbcl |= LSI_SBCL_ATN; lsi_set_phase(s, PHASE_MO); } + + if (insn & (1 << 6)) { + s->sbcl |= LSI_SBCL_ACK; + } + if (insn & (1 << 9)) { qemu_log_mask(LOG_UNIMP, "lsi_scsi: Target mode not implemented\n"); @@ -1314,7 +1332,13 @@ again: insn & (1 << 10) ? " CC" : ""); if (insn & (1 << 3)) { s->socl &= ~LSI_SOCL_ATN; + s->sbcl &= ~LSI_SBCL_ATN; } + + if (insn & (1 << 6)) { + s->sbcl &= ~LSI_SBCL_ACK; + } + if (insn & (1 << 10)) s->carry = 0; break; @@ -1591,9 +1615,7 @@ static uint8_t lsi_reg_readb(LSIState *s, int offset) ret = s->ssid; break; case 0xb: /* SBCL */ - /* ??? This is not correct. However it's (hopefully) only - used for diagnostics, so should be ok. */ - ret = 0; + ret = s->sbcl; break; case 0xc: /* DSTAT */ ret = s->dstat | LSI_DSTAT_DFE; @@ -2143,7 +2165,7 @@ static int lsi_post_load(void *opaque, int version_id) static const VMStateDescription vmstate_lsi_scsi = { .name = "lsiscsi", - .version_id = 0, + .version_id = 1, .minimum_version_id = 0, .pre_save = lsi_pre_save, .post_load = lsi_post_load, @@ -2202,6 +2224,7 @@ static const VMStateDescription vmstate_lsi_scsi = { VMSTATE_UINT8(stime0, LSIState), VMSTATE_UINT8(respid0, LSIState), VMSTATE_UINT8(respid1, LSIState), + VMSTATE_UINT8_V(sbcl, LSIState, 1), VMSTATE_UINT32(mmrs, LSIState), VMSTATE_UINT32(mmws, LSIState), VMSTATE_UINT32(sfs, LSIState), From 2265e98b72df477a38271787485e2cd33df212b4 Mon Sep 17 00:00:00 2001 From: Sven Schnelle Date: Sun, 17 Feb 2019 12:37:17 +0100 Subject: [PATCH 13/31] lsi: check if SIGP bit is already set in Wait reselect If SIGP is set, the 'Wait for Reselection' command should jump immediately to the address stored in the second DWORD of the instruction. This fixes spurious hangs in the HP-UX 11.11 installer when the SIGP bit gets set by the kernel before the 'Wait for Reselection' command is executed by SCRIPTS. Signed-off-by: Sven Schnelle Tested-by: Helge Deller Message-Id: <20190217113717.7077-1-svens@stackframe.org> Signed-off-by: Paolo Bonzini --- hw/scsi/lsi53c895a.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index 8ba07f8756..bcff859bac 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -1297,8 +1297,10 @@ again: } break; case 2: /* Wait Reselect */ - if (!lsi_irq_on_rsl(s)) { - lsi_wait_reselect(s); + if (s->istat0 & LSI_ISTAT0_SIGP) { + s->dsp = s->dnad; + } else if (!lsi_irq_on_rsl(s)) { + lsi_wait_reselect(s); } break; case 3: /* Set */ From c8350ebd6789c9b7641e84d03fbf0f6dd3aacf60 Mon Sep 17 00:00:00 2001 From: David Kiarie Date: Mon, 4 Mar 2019 18:18:27 +0300 Subject: [PATCH 14/31] update copyright notice Signed-off-by: David Kiarie Message-Id: <20190304151827.1813-2-davidkiarie4@gmail.com> Signed-off-by: Paolo Bonzini --- hw/i386/amd_iommu.c | 2 +- hw/i386/amd_iommu.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c index 8ad707aba0..6eabdf9917 100644 --- a/hw/i386/amd_iommu.c +++ b/hw/i386/amd_iommu.c @@ -2,7 +2,7 @@ * QEMU emulation of AMD IOMMU (AMD-Vi) * * Copyright (C) 2011 Eduard - Gabriel Munteanu - * Copyright (C) 2015 David Kiarie, + * Copyright (C) 2015, 2016 David Kiarie Kahurani * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/hw/i386/amd_iommu.h b/hw/i386/amd_iommu.h index c52886f3ed..0ff9095f32 100644 --- a/hw/i386/amd_iommu.h +++ b/hw/i386/amd_iommu.h @@ -2,7 +2,7 @@ * QEMU emulation of an AMD IOMMU (AMD-Vi) * * Copyright (C) 2011 Eduard - Gabriel Munteanu - * Copyright (C) 2015 David Kiarie, + * Copyright (C) 2015, 2016 David Kiarie Kahurani * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by From 310b3fe9e50a59f7911f8930bc523a7a0b84bb89 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 8 Mar 2019 17:39:08 +0100 Subject: [PATCH 15/31] build: get rid of target-obj-y It is possible to specify the trace/ directory already in objs-y; there is no need to have a separate unnest-vars invocation. Signed-off-by: Paolo Bonzini --- Makefile.objs | 1 - Makefile.target | 7 ++----- trace/Makefile.objs | 4 ++-- 3 files changed, 4 insertions(+), 8 deletions(-) diff --git a/Makefile.objs b/Makefile.objs index ef65a6c12e..acc53aa0f0 100644 --- a/Makefile.objs +++ b/Makefile.objs @@ -101,7 +101,6 @@ version-obj-$(CONFIG_WIN32) += $(BUILD_DIR)/version.o ###################################################################### # tracing util-obj-y += trace/ -target-obj-y += trace/ ###################################################################### # guest agent diff --git a/Makefile.target b/Makefile.target index 40830c5646..a458506139 100644 --- a/Makefile.target +++ b/Makefile.target @@ -105,6 +105,8 @@ all: $(PROGS) stap # Dummy command so that make thinks it has done something @true +obj-y += trace/ + ######################################################### # cpu emulator library obj-y += exec.o @@ -173,13 +175,10 @@ endif # CONFIG_SOFTMMU dummy := $(call unnest-vars,,obj-y) all-obj-y := $(obj-y) -target-obj-y := block-obj-y := common-obj-y := chardev-obj-y := include $(SRC_PATH)/Makefile.objs -dummy := $(call unnest-vars,,target-obj-y) -target-obj-y-save := $(target-obj-y) dummy := $(call unnest-vars,.., \ authz-obj-y \ block-obj-y \ @@ -191,9 +190,7 @@ dummy := $(call unnest-vars,.., \ io-obj-y \ common-obj-y \ common-obj-m) -target-obj-y := $(target-obj-y-save) all-obj-y += $(common-obj-y) -all-obj-y += $(target-obj-y) all-obj-y += $(qom-obj-y) all-obj-$(CONFIG_SOFTMMU) += $(authz-obj-y) all-obj-$(CONFIG_SOFTMMU) += $(block-obj-y) $(chardev-obj-y) diff --git a/trace/Makefile.objs b/trace/Makefile.objs index afd571c3ec..c544509adf 100644 --- a/trace/Makefile.objs +++ b/trace/Makefile.objs @@ -36,7 +36,7 @@ $(obj)/generated-helpers.c-timestamp: $(SRC_PATH)/trace-events $(BUILD_DIR)/conf $(obj)/generated-helpers.o: $(obj)/generated-helpers.c -target-obj-y += generated-helpers.o +obj-y += generated-helpers.o $(obj)/generated-tcg-tracers.h: $(obj)/generated-tcg-tracers.h-timestamp @@ -55,5 +55,5 @@ $(obj)/generated-tcg-tracers.h-timestamp: $(SRC_PATH)/trace-events $(BUILD_DIR)/ util-obj-$(CONFIG_TRACE_SIMPLE) += simple.o util-obj-$(CONFIG_TRACE_FTRACE) += ftrace.o util-obj-y += control.o -target-obj-y += control-target.o +obj-y += control-target.o util-obj-y += qmp.o From f72036fad423a5c8135d3ea3c8ad6c4cc3191df4 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 15 Feb 2019 10:15:22 +0100 Subject: [PATCH 16/31] build: remove unnecessary assignments from Makefile.target It is only necessary to clear block-obj-y because Makefile.objs uses "+=" instead of "="; fix that and remove the assignment. The other variables need not be cleared at all. Signed-off-by: Paolo Bonzini --- Makefile.objs | 2 +- Makefile.target | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/Makefile.objs b/Makefile.objs index acc53aa0f0..31a84b7d41 100644 --- a/Makefile.objs +++ b/Makefile.objs @@ -13,7 +13,7 @@ authz-obj-y = authz/ ####################################################################### # block-obj-y is code used by both qemu system emulation and qemu-img -block-obj-y += nbd/ +block-obj-y = nbd/ block-obj-y += block.o blockjob.o job.o block-obj-y += block/ scsi/ block-obj-y += qemu-io-cmds.o diff --git a/Makefile.target b/Makefile.target index a458506139..441ace6369 100644 --- a/Makefile.target +++ b/Makefile.target @@ -175,9 +175,6 @@ endif # CONFIG_SOFTMMU dummy := $(call unnest-vars,,obj-y) all-obj-y := $(obj-y) -block-obj-y := -common-obj-y := -chardev-obj-y := include $(SRC_PATH)/Makefile.objs dummy := $(call unnest-vars,.., \ authz-obj-y \ From 74970d35b43036c4dbfaf4c8bef8517c2b1ec6aa Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 15 Feb 2019 10:23:00 +0100 Subject: [PATCH 17/31] build: clean trace/generated-helpers.c Signed-off-by: Paolo Bonzini --- Makefile.target | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.target b/Makefile.target index 441ace6369..d8048aab8f 100644 --- a/Makefile.target +++ b/Makefile.target @@ -222,6 +222,7 @@ clean: clean-target rm -f *.a *~ $(PROGS) rm -f $(shell find . -name '*.[od]') rm -f hmp-commands.h gdbstub-xml.c + rm -f trace/generated-helpers.c trace/generated-helpers.c-timestamp ifdef CONFIG_TRACE_SYSTEMTAP rm -f *.stp endif From b0c214ce4145e35a39362b8a3da88b4908ca7c71 Mon Sep 17 00:00:00 2001 From: Anthony PERARD Date: Wed, 16 Jan 2019 17:35:27 +0000 Subject: [PATCH 18/31] accel: Allow to build QEMU without TCG or KVM support Instead of deny build of QEMU without a default accelerator, simply report an error when the user haven't passed -accel or -machine accel= and TCG and KVM isn't builtin. ./configure already check that at least one accelerator is available. Signed-off-by: Anthony PERARD Signed-off-by: Paolo Bonzini --- accel/accel.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/accel/accel.c b/accel/accel.c index 68b6d56323..0d5b370dfd 100644 --- a/accel/accel.c +++ b/accel/accel.c @@ -91,7 +91,9 @@ void configure_accelerator(MachineState *ms, const char *progname) #elif defined(CONFIG_KVM) accel = "kvm"; #else -#error "No default accelerator available" + error_report("No accelerator selected and" + " no default accelerator available"); + exit(1); #endif } } From 02cdcc96be77a5fdcb1647eb399efef37c107986 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 7 Mar 2019 15:28:21 +0100 Subject: [PATCH 19/31] oslib-posix: Ignore fcntl("/dev/null", F_SETFL, O_NONBLOCK) failure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previous to OpenBSD 6.3 [1], fcntl(F_SETFL) is not permitted on memory devices. Trying this call sets errno to ENODEV ("not a memory device"): 19 ENODEV Operation not supported by device. An attempt was made to apply an inappropriate function to a device, for example, trying to read a write-only device such as a printer. Do not assert fcntl failures in this specific case (errno set to ENODEV) on OpenBSD. This fixes: $ lm32-softmmu/qemu-system-lm32 assertion "f != -1" failed: file "util/oslib-posix.c", line 247, function "qemu_set_nonblock" Abort trap (core dumped) [1] The fix seems https://github.com/openbsd/src/commit/c2a35b387f9d3c "fcntl(F_SETFL) invokes the FIONBIO and FIOASYNC ioctls internally, so the memory devices (/dev/null, /dev/zero, etc) need to permit them." Reviewed-by: Peter Maydell Reviewed-by: Michael S. Tsirkin Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20190307142822.8531-2-philmd@redhat.com> Signed-off-by: Paolo Bonzini --- util/oslib-posix.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/util/oslib-posix.c b/util/oslib-posix.c index 37c5854b9c..326d92dcd2 100644 --- a/util/oslib-posix.c +++ b/util/oslib-posix.c @@ -244,7 +244,19 @@ void qemu_set_nonblock(int fd) f = fcntl(fd, F_GETFL); assert(f != -1); f = fcntl(fd, F_SETFL, f | O_NONBLOCK); +#ifdef __OpenBSD__ + if (f == -1) { + /* + * Previous to OpenBSD 6.3, fcntl(F_SETFL) is not permitted on + * memory devices and sets errno to ENODEV. + * It's OK if we fail to set O_NONBLOCK on devices like /dev/null, + * because they will never block anyway. + */ + assert(errno == ENODEV); + } +#else assert(f != -1); +#endif } int socket_set_fast_reuse(int fd) From 7776ea6b49873ed18a2111e25ed8a6d94bd73db8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 7 Mar 2019 15:28:22 +0100 Subject: [PATCH 20/31] configure: Disable W^X on OpenBSD MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since OpenBSD 6.0 [1], W^X is enforced by default [2]. TCG requires WX access. Disable W^X if it is available. This fixes: # lm32-softmmu/qemu-system-lm32 Could not allocate dynamic translator buffer # sysctl kern.wxabort=1 kern.wxabort: 0 -> 1 # lm32-softmmu/qemu-system-lm32 mmap: Not supported Abort trap (core dumped) # gdb -q lm32-softmmu/qemu-system-lm32 qemu-system-lm32.core (gdb) bt #0 0x000017e3c156c50a in _thread_sys___syscall () at {standard input}:5 #1 0x000017e3c15e5d7a in *_libc_mmap (addr=Variable "addr" is not available.) at /usr/src/lib/libc/sys/mmap.c:47 #2 0x000017e17d9abc8b in alloc_code_gen_buffer () at /usr/src/qemu/accel/tcg/translate-all.c:1064 #3 0x000017e17d9abd04 in code_gen_alloc (tb_size=0) at /usr/src/qemu/accel/tcg/translate-all.c:1112 #4 0x000017e17d9abe81 in tcg_exec_init (tb_size=0) at /usr/src/qemu/accel/tcg/translate-all.c:1149 #5 0x000017e17d9897e9 in tcg_init (ms=0x17e45e456800) at /usr/src/qemu/accel/tcg/tcg-all.c:66 #6 0x000017e17d9891b8 in accel_init_machine (acc=0x17e3c3f50800, ms=0x17e45e456800) at /usr/src/qemu/accel/accel.c:63 #7 0x000017e17d989312 in configure_accelerator (ms=0x17e45e456800, progname=0x7f7fffff07b0 "lm32-softmmu/qemu-system-lm32") at /usr/src/qemu/accel/accel.c:111 #8 0x000017e17d9d8616 in main (argc=1, argv=0x7f7fffff06b8, envp=0x7f7fffff06c8) at vl.c:4325 [1] https://www.openbsd.org/faq/upgrade60.html [2] https://undeadly.org/cgi?action=article&sid=20160527203200 Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20190307142822.8531-3-philmd@redhat.com> Signed-off-by: Paolo Bonzini --- configure | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/configure b/configure index fa83e2184f..cab830a4c9 100755 --- a/configure +++ b/configure @@ -5903,6 +5903,17 @@ if test "$mingw32" = "yes" ; then done fi +# Disable OpenBSD W^X if available +if test "$tcg" = "yes" && test "$targetos" = "OpenBSD"; then + cat > $TMPC < Date: Thu, 7 Mar 2019 17:12:46 +0800 Subject: [PATCH 21/31] scsi-disk: Fix crash if request is invaild or disk is no medium Qemu will crash with the assertion error that "assert(r->req.aiocb != NULL)" in scsi_read_complete if request is invaild or disk is no medium. The error is below: qemu-kvm: hw/scsi/scsi_disk.c:299: scsi_read_complete: Assertion `r->req.aiocb != NULL' failed. This patch add a funtion scsi_read_complete_noio to fix it. Signed-off-by: Zhengui Li Message-Id: <1551949966-20092-1-git-send-email-lizhengui@huawei.com> Signed-off-by: Paolo Bonzini --- hw/scsi/scsi-disk.c | 37 ++++++++++++++++++++++++------------- 1 file changed, 24 insertions(+), 13 deletions(-) diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index d4e83aef0e..e7e865ab3b 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -296,22 +296,15 @@ static void scsi_dma_complete(void *opaque, int ret) aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); } -static void scsi_read_complete(void * opaque, int ret) +static void scsi_read_complete_noio(SCSIDiskReq *r, int ret) { - SCSIDiskReq *r = (SCSIDiskReq *)opaque; - SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); - int n; + uint32_t n; - assert(r->req.aiocb != NULL); - r->req.aiocb = NULL; - aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); - if (scsi_disk_req_check_error(r, ret, true)) { + assert(r->req.aiocb == NULL); + if (scsi_disk_req_check_error(r, ret, false)) { goto done; } - block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); - trace_scsi_disk_read_complete(r->req.tag, r->qiov.size); - n = r->qiov.size / 512; r->sector += n; r->sector_count -= n; @@ -319,6 +312,24 @@ static void scsi_read_complete(void * opaque, int ret) done: scsi_req_unref(&r->req); +} + +static void scsi_read_complete(void *opaque, int ret) +{ + SCSIDiskReq *r = (SCSIDiskReq *)opaque; + SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); + + assert(r->req.aiocb != NULL); + r->req.aiocb = NULL; + + aio_context_acquire(blk_get_aio_context(s->qdev.conf.blk)); + if (ret < 0) { + block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct); + } else { + block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct); + trace_scsi_disk_read_complete(r->req.tag, r->qiov.size); + } + scsi_read_complete_noio(r, ret); aio_context_release(blk_get_aio_context(s->qdev.conf.blk)); } @@ -395,12 +406,12 @@ static void scsi_read_data(SCSIRequest *req) scsi_req_ref(&r->req); if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { trace_scsi_disk_read_data_invalid(); - scsi_read_complete(r, -EINVAL); + scsi_read_complete_noio(r, -EINVAL); return; } if (!blk_is_available(req->dev->conf.blk)) { - scsi_read_complete(r, -ENOMEDIUM); + scsi_read_complete_noio(r, -ENOMEDIUM); return; } From 811a75ba51fccc8b365bafe8d79d6043ce0566e4 Mon Sep 17 00:00:00 2001 From: Sven Schnelle Date: Tue, 5 Mar 2019 20:55:15 +0100 Subject: [PATCH 22/31] lsi: use ldn_le_p()/stn_le_p() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of using the open-coded versions, use the helper already present as this makes the code easier to read and less error-prone. Signed-off-by: Sven Schnelle Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20190305195519.24303-2-svens@stackframe.org> --- hw/scsi/lsi53c895a.c | 24 ++++-------------------- 1 file changed, 4 insertions(+), 20 deletions(-) diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index bcff859bac..402b78507f 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -289,8 +289,7 @@ typedef struct { uint8_t sbr; uint32_t adder; - /* Script ram is stored as 32-bit words in host byteorder. */ - uint32_t script_ram[2048]; + uint8_t script_ram[2048 * sizeof(uint32_t)]; } LSIState; #define TYPE_LSI53C810 "lsi53c810" @@ -2079,29 +2078,14 @@ static void lsi_ram_write(void *opaque, hwaddr addr, uint64_t val, unsigned size) { LSIState *s = opaque; - uint32_t newval; - uint32_t mask; - int shift; - - newval = s->script_ram[addr >> 2]; - shift = (addr & 3) * 8; - mask = ((uint64_t)1 << (size * 8)) - 1; - newval &= ~(mask << shift); - newval |= val << shift; - s->script_ram[addr >> 2] = newval; + stn_le_p(s->script_ram + addr, size, val); } static uint64_t lsi_ram_read(void *opaque, hwaddr addr, unsigned size) { LSIState *s = opaque; - uint32_t val; - uint32_t mask; - - val = s->script_ram[addr >> 2]; - mask = ((uint64_t)1 << (size * 8)) - 1; - val >>= (addr & 3) * 8; - return val & mask; + return ldn_le_p(s->script_ram + addr, size); } static const MemoryRegionOps lsi_ram_ops = { @@ -2244,7 +2228,7 @@ static const VMStateDescription vmstate_lsi_scsi = { VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)), VMSTATE_UINT8(sbr, LSIState), - VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * sizeof(uint32_t)), + VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 8192), VMSTATE_END_OF_LIST() } }; From f08ec2b82a7de4f988d4def0f7c1ee69f47ceeee Mon Sep 17 00:00:00 2001 From: Sven Schnelle Date: Tue, 5 Mar 2019 20:55:16 +0100 Subject: [PATCH 23/31] lsi: use enum type for s->waiting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This makes the code easier to read - no functional change. Signed-off-by: Sven Schnelle Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20190305195519.24303-3-svens@stackframe.org> --- hw/scsi/lsi53c895a.c | 42 +++++++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index 402b78507f..c17bb4f1f1 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -194,6 +194,13 @@ typedef struct lsi_request { QTAILQ_ENTRY(lsi_request) next; } lsi_request; +enum { + LSI_NOWAIT, /* SCRIPTS are running or stopped */ + LSI_WAIT_RESELECT, /* Wait Reselect instruction has been issued */ + LSI_DMA_SCRIPTS, /* processing DMA from lsi_execute_script */ + LSI_DMA_IN_PROGRESS, /* DMA operation is in progress */ +}; + typedef struct { /*< private >*/ PCIDevice parent_obj; @@ -212,10 +219,6 @@ typedef struct { int msg_action; int msg_len; uint8_t msg[LSI_MAX_MSGIN_LEN]; - /* 0 if SCRIPTS are running or stopped. - * 1 if a Wait Reselect instruction has been issued. - * 2 if processing DMA from lsi_execute_script. - * 3 if a DMA operation is in progress. */ int waiting; SCSIBus bus; int current_lun; @@ -322,7 +325,7 @@ static void lsi_soft_reset(LSIState *s) s->msg_action = 0; s->msg_len = 0; - s->waiting = 0; + s->waiting = LSI_NOWAIT; s->dsa = 0; s->dnad = 0; s->dbc = 0; @@ -564,10 +567,10 @@ static void lsi_bad_phase(LSIState *s, int out, int new_phase) static void lsi_resume_script(LSIState *s) { if (s->waiting != 2) { - s->waiting = 0; + s->waiting = LSI_NOWAIT; lsi_execute_script(s); } else { - s->waiting = 0; + s->waiting = LSI_NOWAIT; } } @@ -744,7 +747,7 @@ static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len) Since no interrupt stacking is implemented in the emulation, it is also required that there are no pending interrupts waiting for service from the device driver. */ - if (s->waiting == 1 || + if (s->waiting == LSI_WAIT_RESELECT || (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) && !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) { /* Reselect device. */ @@ -789,7 +792,7 @@ static void lsi_transfer_data(SCSIRequest *req, uint32_t len) int out; assert(req->hba_private); - if (s->waiting == 1 || req->hba_private != s->current || + if (s->waiting == LSI_WAIT_RESELECT || req->hba_private != s->current || (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) { if (lsi_queue_req(s, req, len)) { return; @@ -803,7 +806,7 @@ static void lsi_transfer_data(SCSIRequest *req, uint32_t len) s->current->dma_len = len; s->command_complete = 1; if (s->waiting) { - if (s->waiting == 1 || s->dbc == 0) { + if (s->waiting == LSI_WAIT_RESELECT || s->dbc == 0) { lsi_resume_script(s); } else { lsi_do_dma(s, out); @@ -1093,7 +1096,7 @@ static void lsi_wait_reselect(LSIState *s) lsi_reselect(s, p); } if (s->current == NULL) { - s->waiting = 1; + s->waiting = LSI_WAIT_RESELECT; } } @@ -1202,16 +1205,16 @@ again: s->dnad64 = addr_high; switch (s->sstat1 & 0x7) { case PHASE_DO: - s->waiting = 2; + s->waiting = LSI_DMA_SCRIPTS; lsi_do_dma(s, 1); if (s->waiting) - s->waiting = 3; + s->waiting = LSI_DMA_IN_PROGRESS; break; case PHASE_DI: - s->waiting = 2; + s->waiting = LSI_DMA_SCRIPTS; lsi_do_dma(s, 0); if (s->waiting) - s->waiting = 3; + s->waiting = LSI_DMA_IN_PROGRESS; break; case PHASE_CMD: lsi_do_command(s); @@ -1278,6 +1281,7 @@ again: } s->sbcl |= LSI_SBCL_BSY; lsi_set_phase(s, PHASE_MO); + s->waiting = LSI_NOWAIT; break; case 1: /* Disconnect */ trace_lsi_execute_script_io_disconnect(); @@ -1544,7 +1548,7 @@ again: } } } - if (insn_processed > 10000 && !s->waiting) { + if (insn_processed > 10000 && s->waiting == LSI_NOWAIT) { /* Some windows drivers make the device spin waiting for a memory location to change. If we have been executed a lot of code then assume this is the case and force an unexpected device disconnect. @@ -1556,7 +1560,7 @@ again: } lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0); lsi_disconnect(s); - } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) { + } else if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) { if (s->dcntl & LSI_DCNTL_SSM) { lsi_script_dma_interrupt(s, LSI_DSTAT_SSI); } else { @@ -1887,9 +1891,9 @@ static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val) s->istat0 &= ~LSI_ISTAT0_INTF; lsi_update_irq(s); } - if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) { + if (s->waiting == LSI_WAIT_RESELECT && val & LSI_ISTAT0_SIGP) { trace_lsi_awoken(); - s->waiting = 0; + s->waiting = LSI_NOWAIT; s->dsp = s->dnad; lsi_execute_script(s); } From 4ae63d371ef4a1ebc9d07fe88ccfd4981aa1ee4b Mon Sep 17 00:00:00 2001 From: Sven Schnelle Date: Tue, 5 Mar 2019 20:55:17 +0100 Subject: [PATCH 24/31] lsi: use enum type for s->msg_action MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This makes the code easier to read - no functional change. Signed-off-by: Sven Schnelle Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20190305195519.24303-4-svens@stackframe.org> --- hw/scsi/lsi53c895a.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index c17bb4f1f1..d67584e84a 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -201,6 +201,13 @@ enum { LSI_DMA_IN_PROGRESS, /* DMA operation is in progress */ }; +enum { + LSI_MSG_ACTION_COMMAND = 0, + LSI_MSG_ACTION_DISCONNECT = 1, + LSI_MSG_ACTION_DOUT = 2, + LSI_MSG_ACTION_DIN = 3, +}; + typedef struct { /*< private >*/ PCIDevice parent_obj; @@ -214,8 +221,6 @@ typedef struct { int carry; /* ??? Should this be an a visible register somewhere? */ int status; - /* Action to take at the end of a MSG IN phase. - 0 = COMMAND, 1 = disconnect, 2 = DATA OUT, 3 = DATA IN. */ int msg_action; int msg_len; uint8_t msg[LSI_MAX_MSGIN_LEN]; @@ -323,7 +328,7 @@ static void lsi_soft_reset(LSIState *s) trace_lsi_reset(); s->carry = 0; - s->msg_action = 0; + s->msg_action = LSI_MSG_ACTION_COMMAND; s->msg_len = 0; s->waiting = LSI_NOWAIT; s->dsa = 0; @@ -686,7 +691,7 @@ static void lsi_reselect(LSIState *s, lsi_request *p) trace_lsi_reselect(id); s->scntl1 |= LSI_SCNTL1_CON; lsi_set_phase(s, PHASE_MI); - s->msg_action = p->out ? 2 : 3; + s->msg_action = p->out ? LSI_MSG_ACTION_DOUT : LSI_MSG_ACTION_DIN; s->current->dma_len = p->pending; lsi_add_msg_byte(s, 0x80); if (s->current->tag & LSI_TAG_VALID) { @@ -857,7 +862,7 @@ static void lsi_do_command(LSIState *s) lsi_add_msg_byte(s, 4); /* DISCONNECT */ /* wait data */ lsi_set_phase(s, PHASE_MI); - s->msg_action = 1; + s->msg_action = LSI_MSG_ACTION_DISCONNECT; lsi_queue_command(s); } else { /* wait command complete */ @@ -878,7 +883,7 @@ static void lsi_do_status(LSIState *s) s->sfbr = status; pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1); lsi_set_phase(s, PHASE_MI); - s->msg_action = 1; + s->msg_action = LSI_MSG_ACTION_DISCONNECT; lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */ } @@ -901,16 +906,16 @@ static void lsi_do_msgin(LSIState *s) /* ??? Check if ATN (not yet implemented) is asserted and maybe switch to PHASE_MO. */ switch (s->msg_action) { - case 0: + case LSI_MSG_ACTION_COMMAND: lsi_set_phase(s, PHASE_CMD); break; - case 1: + case LSI_MSG_ACTION_DISCONNECT: lsi_disconnect(s); break; - case 2: + case LSI_MSG_ACTION_DOUT: lsi_set_phase(s, PHASE_DO); break; - case 3: + case LSI_MSG_ACTION_DIN: lsi_set_phase(s, PHASE_DI); break; default: @@ -1062,7 +1067,7 @@ bad: qemu_log_mask(LOG_UNIMP, "Unimplemented message 0x%02x\n", msg); lsi_set_phase(s, PHASE_MI); lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */ - s->msg_action = 0; + s->msg_action = LSI_MSG_ACTION_COMMAND; } #define LSI_BUF_SIZE 4096 From 82cf2bcfe67c8802c186cfe3332efe43042e2478 Mon Sep 17 00:00:00 2001 From: Sven Schnelle Date: Tue, 5 Mar 2019 20:55:18 +0100 Subject: [PATCH 25/31] lsi: use SCSI phase names instead of numbers in trace MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This makes trace logs much easier to read, especially for people who are not fluent in SCSI. Signed-off-by: Sven Schnelle Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20190305195519.24303-5-svens@stackframe.org> --- hw/scsi/lsi53c895a.c | 31 +++++++++++++++++++++++-------- hw/scsi/trace-events | 6 +++--- 2 files changed, 26 insertions(+), 11 deletions(-) diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index d67584e84a..66f217f8f6 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -306,6 +306,22 @@ typedef struct { #define LSI53C895A(obj) \ OBJECT_CHECK(LSIState, (obj), TYPE_LSI53C895A) +static const char *scsi_phases[] = { + "DOUT", + "DIN", + "CMD", + "STATUS", + "RSVOUT", + "RSVIN", + "MSGOUT", + "MSGIN" +}; + +static const char *scsi_phase_name(int phase) +{ + return scsi_phases[phase & PHASE_MASK]; +} + static inline int lsi_irq_on_rsl(LSIState *s) { return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE); @@ -1201,8 +1217,9 @@ again: s->ia = s->dsp - 12; } if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) { - trace_lsi_execute_script_blockmove_badphase(s->sstat1 & PHASE_MASK, - (insn >> 24) & 7); + trace_lsi_execute_script_blockmove_badphase( + scsi_phase_name(s->sstat1), + scsi_phase_name(insn >> 24)); lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); break; } @@ -1234,8 +1251,8 @@ again: lsi_do_msgin(s); break; default: - qemu_log_mask(LOG_UNIMP, "lsi_scsi: Unimplemented phase %d\n", - s->sstat1 & PHASE_MASK); + qemu_log_mask(LOG_UNIMP, "lsi_scsi: Unimplemented phase %s\n", + scsi_phase_name(s->sstat1)); } s->dfifo = s->dbc & 0xff; s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3); @@ -1463,10 +1480,8 @@ again: cond = s->carry != 0; } if (cond == jmp && (insn & (1 << 17))) { - trace_lsi_execute_script_tc_compp( - (s->sstat1 & PHASE_MASK), - jmp ? '=' : '!', - ((insn >> 24) & 7)); + trace_lsi_execute_script_tc_compp(scsi_phase_name(s->sstat1), + jmp ? '=' : '!', scsi_phase_name(insn >> 24)); cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7); } if (cond == jmp && (insn & (1 << 18))) { diff --git a/hw/scsi/trace-events b/hw/scsi/trace-events index 29aaa752d1..09f3fc3086 100644 --- a/hw/scsi/trace-events +++ b/hw/scsi/trace-events @@ -268,7 +268,7 @@ lsi_memcpy(uint32_t dest, uint32_t src, int count) "memcpy dest 0x%"PRIx32" src lsi_wait_reselect(void) "Wait Reselect" lsi_execute_script(uint32_t dsp, uint32_t insn, uint32_t addr) "SCRIPTS dsp=0x%"PRIx32" opcode 0x%"PRIx32" arg 0x%"PRIx32 lsi_execute_script_blockmove_delayed(void) "Delayed select timeout" -lsi_execute_script_blockmove_badphase(uint8_t phase, uint8_t expected) "Wrong phase got %d expected %d" +lsi_execute_script_blockmove_badphase(const char *phase, const char *expected) "Wrong phase got %s expected %s" lsi_execute_script_io_alreadyreselected(void) "Already reselected, jumping to alternative address" lsi_execute_script_io_selected(uint8_t id, const char *atn) "Selected target %d%s" lsi_execute_script_io_disconnect(void) "Wait Disconnect" @@ -278,8 +278,8 @@ lsi_execute_script_io_opcode(const char *opcode, int reg, const char *opname, ui lsi_execute_script_tc_nop(void) "NOP" lsi_execute_script_tc_delayedselect_timeout(void) "Delayed select timeout" lsi_execute_script_tc_compc(int result) "Compare carry %d" -lsi_execute_script_tc_compp(uint8_t phase, int op, uint8_t insn_phase) "Compare phase %d %c= %d" -lsi_execute_script_tc_compd(uint32_t sfbr, uint8_t mask, int op, int result) "Compare data 0x%"PRIx32" & 0x%x %c= 0x%x" +lsi_execute_script_tc_compp(const char *phase, char op, const char *insn_phase) "Compare phase %s %c= %s" +lsi_execute_script_tc_compd(uint32_t sfbr, uint8_t mask, char op, int result) "Compare data 0x%"PRIx32" & 0x%x %c= 0x%x" lsi_execute_script_tc_jump(uint32_t addr) "Jump to 0x%"PRIx32 lsi_execute_script_tc_call(uint32_t addr) "Call 0x%"PRIx32 lsi_execute_script_tc_return(uint32_t addr) "Return to 0x%"PRIx32 From 07163c99a9870d38d010f3528424525d7f7505b9 Mon Sep 17 00:00:00 2001 From: Sven Schnelle Date: Tue, 5 Mar 2019 20:55:19 +0100 Subject: [PATCH 26/31] lsi: return dfifo value Code was assigning DFIFO, but didn't return the value to users. Signed-off-by: Sven Schnelle Message-Id: <20190305195519.24303-6-svens@stackframe.org> --- hw/scsi/lsi53c895a.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index 66f217f8f6..bf6b6a52f1 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -1688,7 +1688,7 @@ static uint8_t lsi_reg_readb(LSIState *s, int offset) break; CASE_GET_REG32(temp, 0x1c) case 0x20: /* DFIFO */ - ret = 0; + ret = s->dfifo; break; case 0x21: /* CTEST4 */ ret = s->ctest4; From e6c165f364c669b1357f15602ae3bd1d12357135 Mon Sep 17 00:00:00 2001 From: Sven Schnelle Date: Mon, 18 Feb 2019 18:55:28 +0100 Subject: [PATCH 27/31] lsi: 810/895A are always little endian Signed-off-by: Sven Schnelle Message-Id: <20190218175529.11237-1-svens@stackframe.org> Signed-off-by: Paolo Bonzini --- hw/scsi/lsi53c895a.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index bf6b6a52f1..da7239d94f 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -2084,14 +2084,13 @@ static uint64_t lsi_mmio_read(void *opaque, hwaddr addr, unsigned size) { LSIState *s = opaque; - return lsi_reg_readb(s, addr & 0xff); } static const MemoryRegionOps lsi_mmio_ops = { .read = lsi_mmio_read, .write = lsi_mmio_write, - .endianness = DEVICE_NATIVE_ENDIAN, + .endianness = DEVICE_LITTLE_ENDIAN, .impl = { .min_access_size = 1, .max_access_size = 1, @@ -2115,7 +2114,7 @@ static uint64_t lsi_ram_read(void *opaque, hwaddr addr, static const MemoryRegionOps lsi_ram_ops = { .read = lsi_ram_read, .write = lsi_ram_write, - .endianness = DEVICE_NATIVE_ENDIAN, + .endianness = DEVICE_LITTLE_ENDIAN, }; static uint64_t lsi_io_read(void *opaque, hwaddr addr, @@ -2135,7 +2134,7 @@ static void lsi_io_write(void *opaque, hwaddr addr, static const MemoryRegionOps lsi_io_ops = { .read = lsi_io_read, .write = lsi_io_write, - .endianness = DEVICE_NATIVE_ENDIAN, + .endianness = DEVICE_LITTLE_ENDIAN, .impl = { .min_access_size = 1, .max_access_size = 1, From 494d199727ba248c96326b4e1c97f86eb11a5ec7 Mon Sep 17 00:00:00 2001 From: Wei Yang Date: Mon, 11 Mar 2019 13:42:52 +0800 Subject: [PATCH 28/31] exec.c: refactor function flatview_add_to_dispatch() flatview_add_to_dispatch() registers page based on the condition of *section*, which may looks like this: |s|PPPPPPP|s| where s stands for subpage and P for page. The procedure of this function could be described as: - register first subpage - register page - register last subpage This means the procedure could be simplified into these three steps instead of a loop iteration. This patch refactors the function into three corresponding steps and adds some comment to clarify it. Signed-off-by: Wei Yang Message-Id: <20190311054252.6094-1-richardw.yang@linux.intel.com> [Paolo: move exit before adjustment of remain.offset_within_*, otherwise int128_get64 fails when a region is 2^64 bytes long] Signed-off-by: Paolo Bonzini --- exec.c | 50 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 32 insertions(+), 18 deletions(-) diff --git a/exec.c b/exec.c index 1d4f3784d6..86a38d3b3b 100644 --- a/exec.c +++ b/exec.c @@ -1599,35 +1599,49 @@ static void register_multipage(FlatView *fv, phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index); } +/* + * The range in *section* may look like this: + * + * |s|PPPPPPP|s| + * + * where s stands for subpage and P for page. + */ void flatview_add_to_dispatch(FlatView *fv, MemoryRegionSection *section) { - MemoryRegionSection now = *section, remain = *section; + MemoryRegionSection remain = *section; Int128 page_size = int128_make64(TARGET_PAGE_SIZE); - if (now.offset_within_address_space & ~TARGET_PAGE_MASK) { - uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space) - - now.offset_within_address_space; + /* register first subpage */ + if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) { + uint64_t left = TARGET_PAGE_ALIGN(remain.offset_within_address_space) + - remain.offset_within_address_space; + MemoryRegionSection now = remain; now.size = int128_min(int128_make64(left), now.size); register_subpage(fv, &now); - } else { - now.size = int128_zero(); - } - while (int128_ne(remain.size, now.size)) { + if (int128_eq(remain.size, now.size)) { + return; + } remain.size = int128_sub(remain.size, now.size); remain.offset_within_address_space += int128_get64(now.size); remain.offset_within_region += int128_get64(now.size); - now = remain; - if (int128_lt(remain.size, page_size)) { - register_subpage(fv, &now); - } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) { - now.size = page_size; - register_subpage(fv, &now); - } else { - now.size = int128_and(now.size, int128_neg(page_size)); - register_multipage(fv, &now); - } } + + /* register whole pages */ + if (int128_ge(remain.size, page_size)) { + MemoryRegionSection now = remain; + now.size = int128_and(now.size, int128_neg(page_size)); + register_multipage(fv, &now); + if (int128_eq(remain.size, now.size)) { + return; + } + remain.size = int128_sub(remain.size, now.size); + remain.offset_within_address_space += int128_get64(now.size); + remain.offset_within_region += int128_get64(now.size); + } + + /* register last subpage */ + register_subpage(fv, &remain); } void qemu_flush_coalesced_mmio_buffer(void) From 611dbe46093d901cf01c1b252dd39441b95d1c35 Mon Sep 17 00:00:00 2001 From: Li Qiang Date: Tue, 1 Jan 2019 23:41:14 -0800 Subject: [PATCH 29/31] qom: cpu: destroy work_mutex in cpu_common_finalize MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit 376692b9dc6(cpus: protect work list with work_mutex) initialize a work_mutex in cpu_common_initfn, however forget to destroy it. This will cause resource leak when hotunplug cpu or hotplug cpu fails. Signed-off-by: Li Qiang Message-Id: <20190102074114.26988-1-liq3ea@163.com> Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Paolo Bonzini --- qom/cpu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/qom/cpu.c b/qom/cpu.c index f5579b1cd5..a8d2958956 100644 --- a/qom/cpu.c +++ b/qom/cpu.c @@ -380,6 +380,9 @@ static void cpu_common_initfn(Object *obj) static void cpu_common_finalize(Object *obj) { + CPUState *cpu = CPU(obj); + + qemu_mutex_destroy(&cpu->work_mutex); } static int64_t cpu_common_get_arch_id(CPUState *cpu) From fd4a5fd4639bb1bfd04144fca85856d825e00ab4 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Fri, 8 Mar 2019 15:21:50 +0000 Subject: [PATCH 30/31] chardev: add support for authorization for TLS clients MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently any client which can complete the TLS handshake is able to use a chardev server. The server admin can turn on the 'verify-peer' option for the x509 creds to require the client to provide a x509 certificate. This means the client will have to acquire a certificate from the CA before they are permitted to use the chardev server. This is still a fairly low bar. This adds a 'tls-authz=OBJECT-ID' option to the socket chardev backend which takes the ID of a previously added 'QAuthZ' object instance. This will be used to validate the client's x509 distinguished name. Clients failing the check will not be permitted to use the chardev server. For example to setup authorization that only allows connection from a client whose x509 certificate distinguished name contains 'CN=fred', you would use: $QEMU -object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\ endpoint=server,verify-peer=yes \ -object authz-simple,id=authz0,identity=CN=laptop.example.com,,\ O=Example Org,,L=London,,ST=London,,C=GB \ -chardev socket,host=127.0.0.1,port=9000,server,\ tls-creds=tls0,tls-authz=authz0 \ ...other qemu args... Signed-off-by: Daniel P. Berrange Reviewed-by: Marc-André Lureau --- chardev/char-socket.c | 12 +++++++++++- chardev/char.c | 3 +++ qapi/char.json | 6 ++++++ qemu-options.hx | 10 ++++++++-- 4 files changed, 28 insertions(+), 3 deletions(-) diff --git a/chardev/char-socket.c b/chardev/char-socket.c index 6d287babfb..3916505d67 100644 --- a/chardev/char-socket.c +++ b/chardev/char-socket.c @@ -59,6 +59,7 @@ typedef struct { QIONetListener *listener; GSource *hup_source; QCryptoTLSCreds *tls_creds; + char *tls_authz; TCPChardevState state; int max_size; int do_telnetopt; @@ -807,7 +808,7 @@ static void tcp_chr_tls_init(Chardev *chr) if (s->is_listen) { tioc = qio_channel_tls_new_server( s->ioc, s->tls_creds, - NULL, /* XXX Use an ACL */ + s->tls_authz, &err); } else { tioc = qio_channel_tls_new_client( @@ -1055,6 +1056,7 @@ static void char_socket_finalize(Object *obj) if (s->tls_creds) { object_unref(OBJECT(s->tls_creds)); } + g_free(s->tls_authz); qemu_chr_be_event(chr, CHR_EVENT_CLOSED); } @@ -1242,6 +1244,11 @@ static bool qmp_chardev_validate_socket(ChardevSocket *sock, break; } + if (sock->has_tls_authz && !sock->has_tls_creds) { + error_setg(errp, "'tls_authz' option requires 'tls_creds' option"); + return false; + } + /* Validate any options which have a dependancy on client vs server */ if (!sock->has_server || sock->server) { if (sock->has_reconnect) { @@ -1320,6 +1327,7 @@ static void qmp_chardev_open_socket(Chardev *chr, } } } + s->tls_authz = g_strdup(sock->tls_authz); s->addr = addr = socket_address_flatten(sock->addr); @@ -1399,6 +1407,8 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend, sock->reconnect = qemu_opt_get_number(opts, "reconnect", 0); sock->has_tls_creds = qemu_opt_get(opts, "tls-creds"); sock->tls_creds = g_strdup(qemu_opt_get(opts, "tls-creds")); + sock->has_tls_authz = qemu_opt_get(opts, "tls-authz"); + sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz")); addr = g_new0(SocketAddressLegacy, 1); if (path) { diff --git a/chardev/char.c b/chardev/char.c index f6d61fa5f8..514cd6b0c3 100644 --- a/chardev/char.c +++ b/chardev/char.c @@ -880,6 +880,9 @@ QemuOptsList qemu_chardev_opts = { },{ .name = "tls-creds", .type = QEMU_OPT_STRING, + },{ + .name = "tls-authz", + .type = QEMU_OPT_STRING, },{ .name = "websocket", .type = QEMU_OPT_BOOL, diff --git a/qapi/char.json b/qapi/char.json index 77ed847972..a6e81ac7bc 100644 --- a/qapi/char.json +++ b/qapi/char.json @@ -248,6 +248,11 @@ # @addr: socket address to listen on (server=true) # or connect to (server=false) # @tls-creds: the ID of the TLS credentials object (since 2.6) +# @tls-authz: the ID of the QAuthZ authorization object against which +# the client's x509 distinguished name will be validated. This +# object is only resolved at time of use, so can be deleted +# and recreated on the fly while the chardev server is active. +# If missing, it will default to denying access (since 4.0) # @server: create server socket (default: true) # @wait: wait for incoming connection on server # sockets (default: false). @@ -268,6 +273,7 @@ { 'struct': 'ChardevSocket', 'data': { 'addr': 'SocketAddressLegacy', '*tls-creds': 'str', + '*tls-authz' : 'str', '*server': 'bool', '*wait': 'bool', '*nodelay': 'bool', diff --git a/qemu-options.hx b/qemu-options.hx index c74f99b265..7118d90352 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -2428,7 +2428,7 @@ DEF("chardev", HAS_ARG, QEMU_OPTION_chardev, "-chardev null,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" "-chardev socket,id=id[,host=host],port=port[,to=to][,ipv4][,ipv6][,nodelay][,reconnect=seconds]\n" " [,server][,nowait][,telnet][,websocket][,reconnect=seconds][,mux=on|off]\n" - " [,logfile=PATH][,logappend=on|off][,tls-creds=ID] (tcp)\n" + " [,logfile=PATH][,logappend=on|off][,tls-creds=ID][,tls-authz=ID] (tcp)\n" "-chardev socket,id=id,path=path[,server][,nowait][,telnet][,websocket][,reconnect=seconds]\n" " [,mux=on|off][,logfile=PATH][,logappend=on|off] (unix)\n" "-chardev udp,id=id[,host=host],port=port[,localaddr=localaddr]\n" @@ -2557,7 +2557,7 @@ The available backends are: A void device. This device will not emit any data, and will drop any data it receives. The null backend does not take any options. -@item -chardev socket,id=@var{id}[,@var{TCP options} or @var{unix options}][,server][,nowait][,telnet][,websocket][,reconnect=@var{seconds}][,tls-creds=@var{id}] +@item -chardev socket,id=@var{id}[,@var{TCP options} or @var{unix options}][,server][,nowait][,telnet][,websocket][,reconnect=@var{seconds}][,tls-creds=@var{id}][,tls-authz=@var{id}] Create a two-way stream socket, which can be either a TCP or a unix socket. A unix socket will be created if @option{path} is specified. Behaviour is @@ -2583,6 +2583,12 @@ and specifies the id of the TLS credentials to use for the handshake. The credentials must be previously created with the @option{-object tls-creds} argument. +@option{tls-auth} provides the ID of the QAuthZ authorization object against +which the client's x509 distinguished name will be validated. This object is +only resolved at time of use, so can be deleted and recreated on the fly +while the chardev server is active. If missing, it will default to denying +access. + TCP and unix socket options are given below: @table @option From 328eb60dc1a19448b36eb63901ca0b8f87ed6f57 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 11 Mar 2019 13:13:53 +0100 Subject: [PATCH 31/31] qemugdb: fix licensing qemu-gdb.py was committed after 2012-01-13, so the notice about GPL v2-only contributions does not apply. Signed-off-by: Paolo Bonzini --- scripts/qemu-gdb.py | 7 ++----- scripts/qemugdb/coroutine.py | 7 ++----- scripts/qemugdb/mtree.py | 7 ++----- scripts/qemugdb/tcg.py | 7 ++----- 4 files changed, 8 insertions(+), 20 deletions(-) diff --git a/scripts/qemu-gdb.py b/scripts/qemu-gdb.py index 690827e6fc..f2a305c42e 100644 --- a/scripts/qemu-gdb.py +++ b/scripts/qemu-gdb.py @@ -7,11 +7,8 @@ # Authors: # Avi Kivity # -# This work is licensed under the terms of the GNU GPL, version 2. See -# the COPYING file in the top-level directory. -# -# Contributions after 2012-01-13 are licensed under the terms of the -# GNU GPL, version 2 or (at your option) any later version. +# This work is licensed under the terms of the GNU GPL, version 2 or +# later. See the COPYING file in the top-level directory. # Usage: # At the (gdb) prompt, type "source scripts/qemu-gdb.py". diff --git a/scripts/qemugdb/coroutine.py b/scripts/qemugdb/coroutine.py index 81f811ac00..41e079d0e2 100644 --- a/scripts/qemugdb/coroutine.py +++ b/scripts/qemugdb/coroutine.py @@ -7,11 +7,8 @@ # Authors: # Avi Kivity # -# This work is licensed under the terms of the GNU GPL, version 2. See -# the COPYING file in the top-level directory. -# -# Contributions after 2012-01-13 are licensed under the terms of the -# GNU GPL, version 2 or (at your option) any later version. +# This work is licensed under the terms of the GNU GPL, version 2 +# or later. See the COPYING file in the top-level directory. import gdb diff --git a/scripts/qemugdb/mtree.py b/scripts/qemugdb/mtree.py index e6791b7885..3030a60d3f 100644 --- a/scripts/qemugdb/mtree.py +++ b/scripts/qemugdb/mtree.py @@ -7,11 +7,8 @@ # Authors: # Avi Kivity # -# This work is licensed under the terms of the GNU GPL, version 2. See -# the COPYING file in the top-level directory. -# -# Contributions after 2012-01-13 are licensed under the terms of the -# GNU GPL, version 2 or (at your option) any later version. +# This work is licensed under the terms of the GNU GPL, version 2 or +# later. See the COPYING file in the top-level directory. # 'qemu mtree' -- display the memory hierarchy diff --git a/scripts/qemugdb/tcg.py b/scripts/qemugdb/tcg.py index 8c7f1d7454..18880fc9a7 100644 --- a/scripts/qemugdb/tcg.py +++ b/scripts/qemugdb/tcg.py @@ -8,11 +8,8 @@ # Authors: # Alex Bennée # -# This work is licensed under the terms of the GNU GPL, version 2. See -# the COPYING file in the top-level directory. -# -# Contributions after 2012-01-13 are licensed under the terms of the -# GNU GPL, version 2 or (at your option) any later version. +# This work is licensed under the terms of the GNU GPL, version 2 or +# later. See the COPYING file in the top-level directory. # 'qemu tcg-lock-status' -- display the TCG lock status across threads