From 2c1d4d15f09cf95b8f832624e7aac2916f9d1865 Mon Sep 17 00:00:00 2001 From: Stefano Stabellini Date: Mon, 17 Dec 2012 11:36:09 +0000 Subject: [PATCH 1/5] xen: implement support for secondary consoles in the console backend This patch corresponds to commit 840184a106bc24e745beda5c77e392f6cecd2bc9 from git://xenbits.xensource.com/qemu-xen-unstable.git. Signed-off-by: Stefano Stabellini --- hw/xen_console.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/hw/xen_console.c b/hw/xen_console.c index 9426d7374f..134988144b 100644 --- a/hw/xen_console.c +++ b/hw/xen_console.c @@ -184,7 +184,11 @@ static int con_init(struct XenDevice *xendev) /* setup */ dom = xs_get_domain_path(xenstore, con->xendev.dom); - snprintf(con->console, sizeof(con->console), "%s/console", dom); + if (!xendev->dev) { + snprintf(con->console, sizeof(con->console), "%s/console", dom); + } else { + snprintf(con->console, sizeof(con->console), "%s/device/console/%d", dom, xendev->dev); + } free(dom); type = xenstore_read_str(con->console, "type"); @@ -223,10 +227,16 @@ static int con_initialise(struct XenDevice *xendev) if (xenstore_read_int(con->console, "limit", &limit) == 0) con->buffer.max_capacity = limit; - con->sring = xc_map_foreign_range(xen_xc, con->xendev.dom, - XC_PAGE_SIZE, - PROT_READ|PROT_WRITE, - con->ring_ref); + if (!xendev->dev) { + con->sring = xc_map_foreign_range(xen_xc, con->xendev.dom, + XC_PAGE_SIZE, + PROT_READ|PROT_WRITE, + con->ring_ref); + } else { + con->sring = xc_gnttab_map_grant_ref(xendev->gnttabdev, con->xendev.dom, + con->ring_ref, + PROT_READ|PROT_WRITE); + } if (!con->sring) return -1; @@ -255,7 +265,11 @@ static void con_disconnect(struct XenDevice *xendev) xen_be_unbind_evtchn(&con->xendev); if (con->sring) { - munmap(con->sring, XC_PAGE_SIZE); + if (!xendev->gnttabdev) { + munmap(con->sring, XC_PAGE_SIZE); + } else { + xc_gnttab_munmap(xendev->gnttabdev, con->sring, 1); + } con->sring = NULL; } } @@ -273,7 +287,7 @@ static void con_event(struct XenDevice *xendev) struct XenDevOps xen_console_ops = { .size = sizeof(struct XenConsole), - .flags = DEVOPS_FLAG_IGNORE_STATE, + .flags = DEVOPS_FLAG_IGNORE_STATE|DEVOPS_FLAG_NEED_GNTDEV, .init = con_init, .initialise = con_initialise, .event = con_event, From 044b99c6555f562254ae70dc39f32190eecbc1f2 Mon Sep 17 00:00:00 2001 From: Stefano Stabellini Date: Mon, 17 Dec 2012 11:36:58 +0000 Subject: [PATCH 2/5] xen: fix trivial PCI passthrough MSI-X bug We are currently passing entry->data as address parameter. Pass entry->addr instead. Signed-off-by: Stefano Stabellini Tested-by: Sander Eikelenboom Xen-devel: http://marc.info/?l=xen-devel&m=135515462613715 --- hw/xen_pt_msi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/xen_pt_msi.c b/hw/xen_pt_msi.c index 680767229b..db757cd1f1 100644 --- a/hw/xen_pt_msi.c +++ b/hw/xen_pt_msi.c @@ -321,7 +321,7 @@ static int xen_pt_msix_update_one(XenPCIPassthroughState *s, int entry_nr) pirq = entry->pirq; - rc = msi_msix_setup(s, entry->data, entry->data, &pirq, true, entry_nr, + rc = msi_msix_setup(s, entry->addr, entry->data, &pirq, true, entry_nr, entry->pirq == XEN_PT_UNASSIGNED_PIRQ); if (rc) { return rc; From f1b8caf1d927f30f66054733a783651a24db4999 Mon Sep 17 00:00:00 2001 From: Sander Eikelenboom Date: Mon, 17 Dec 2012 11:37:43 +0000 Subject: [PATCH 3/5] Fix compile errors when enabling Xen debug logging. Signed-off-by: Sander Eikelenboom Acked-by: Stefano Stabellini --- hw/xen_pt.c | 5 +++-- xen-all.c | 7 ++++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/hw/xen_pt.c b/hw/xen_pt.c index 7a3846e649..7aae826d1f 100644 --- a/hw/xen_pt.c +++ b/hw/xen_pt.c @@ -671,7 +671,8 @@ static int xen_pt_initfn(PCIDevice *d) s->is_virtfn = s->real_device.is_virtfn; if (s->is_virtfn) { XEN_PT_LOG(d, "%04x:%02x:%02x.%d is a SR-IOV Virtual Function\n", - s->real_device.domain, bus, slot, func); + s->real_device.domain, s->real_device.bus, + s->real_device.dev, s->real_device.func); } /* Initialize virtualized PCI configuration (Extended 256 Bytes) */ @@ -752,7 +753,7 @@ out: memory_listener_register(&s->memory_listener, &address_space_memory); memory_listener_register(&s->io_listener, &address_space_io); XEN_PT_LOG(d, "Real physical device %02x:%02x.%d registered successfuly!\n", - bus, slot, func); + s->hostaddr.bus, s->hostaddr.slot, s->hostaddr.function); return 0; } diff --git a/xen-all.c b/xen-all.c index 046cc2ac37..d0142bdf60 100644 --- a/xen-all.c +++ b/xen-all.c @@ -292,7 +292,8 @@ static int xen_add_to_physmap(XenIOState *state, return -1; go_physmap: - DPRINTF("mapping vram to %llx - %llx\n", start_addr, start_addr + size); + DPRINTF("mapping vram to %"HWADDR_PRIx" - %"HWADDR_PRIx"\n", + start_addr, start_addr + size); pfn = phys_offset >> TARGET_PAGE_BITS; start_gpfn = start_addr >> TARGET_PAGE_BITS; @@ -365,8 +366,8 @@ static int xen_remove_from_physmap(XenIOState *state, phys_offset = physmap->phys_offset; size = physmap->size; - DPRINTF("unmapping vram to %llx - %llx, from %llx\n", - phys_offset, phys_offset + size, start_addr); + DPRINTF("unmapping vram to %"HWADDR_PRIx" - %"HWADDR_PRIx", from ", + "%"HWADDR_PRIx"\n", phys_offset, phys_offset + size, start_addr); size >>= TARGET_PAGE_BITS; start_addr >>= TARGET_PAGE_BITS; From a38648290ee277c7cb8a53eabdcdb08bb7a9f23f Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Mon, 17 Dec 2012 11:43:19 +0000 Subject: [PATCH 4/5] cpu_ioreq_pio, cpu_ioreq_move: introduce read_phys_req_item, write_phys_req_item Replace a lot of formulaic multiplications (containing casts, no less) with calls to a pair of functions. This encapsulates in a single place the operations which require care relating to integer overflow. Cc: Dongxiao Xu Signed-off-by: Ian Jackson Acked-by: Stefano Stabellini --- xen-all.c | 76 +++++++++++++++++++++++++++++++++---------------------- 1 file changed, 46 insertions(+), 30 deletions(-) diff --git a/xen-all.c b/xen-all.c index d0142bdf60..ef430ca21e 100644 --- a/xen-all.c +++ b/xen-all.c @@ -683,11 +683,45 @@ static void do_outp(pio_addr_t addr, } } +/* + * Helper functions which read/write an object from/to physical guest + * memory, as part of the implementation of an ioreq. + * + * Equivalent to + * cpu_physical_memory_rw(addr + (req->df ? -1 : +1) * req->size * i, + * val, req->size, 0/1) + * except without the integer overflow problems. + */ +static void rw_phys_req_item(hwaddr addr, + ioreq_t *req, uint32_t i, void *val, int rw) +{ + /* Do everything unsigned so overflow just results in a truncated result + * and accesses to undesired parts of guest memory, which is up + * to the guest */ + hwaddr offset = (hwaddr)req->size * i; + if (req->df) { + addr -= offset; + } else { + addr += offset; + } + cpu_physical_memory_rw(addr, val, req->size, rw); +} + +static inline void read_phys_req_item(hwaddr addr, + ioreq_t *req, uint32_t i, void *val) +{ + rw_phys_req_item(addr, req, i, val, 0); +} +static inline void write_phys_req_item(hwaddr addr, + ioreq_t *req, uint32_t i, void *val) +{ + rw_phys_req_item(addr, req, i, val, 1); +} + + static void cpu_ioreq_pio(ioreq_t *req) { - int i, sign; - - sign = req->df ? -1 : 1; + int i; if (req->dir == IOREQ_READ) { if (!req->data_is_ptr) { @@ -697,9 +731,7 @@ static void cpu_ioreq_pio(ioreq_t *req) for (i = 0; i < req->count; i++) { tmp = do_inp(req->addr, req->size); - cpu_physical_memory_write( - req->data + (sign * i * (int64_t)req->size), - (uint8_t *) &tmp, req->size); + write_phys_req_item(req->data, req, i, &tmp); } } } else if (req->dir == IOREQ_WRITE) { @@ -709,9 +741,7 @@ static void cpu_ioreq_pio(ioreq_t *req) for (i = 0; i < req->count; i++) { uint32_t tmp = 0; - cpu_physical_memory_read( - req->data + (sign * i * (int64_t)req->size), - (uint8_t*) &tmp, req->size); + read_phys_req_item(req->data, req, i, &tmp); do_outp(req->addr, req->size, tmp); } } @@ -720,22 +750,16 @@ static void cpu_ioreq_pio(ioreq_t *req) static void cpu_ioreq_move(ioreq_t *req) { - int i, sign; - - sign = req->df ? -1 : 1; + int i; if (!req->data_is_ptr) { if (req->dir == IOREQ_READ) { for (i = 0; i < req->count; i++) { - cpu_physical_memory_read( - req->addr + (sign * i * (int64_t)req->size), - (uint8_t *) &req->data, req->size); + read_phys_req_item(req->addr, req, i, &req->data); } } else if (req->dir == IOREQ_WRITE) { for (i = 0; i < req->count; i++) { - cpu_physical_memory_write( - req->addr + (sign * i * (int64_t)req->size), - (uint8_t *) &req->data, req->size); + write_phys_req_item(req->addr, req, i, &req->data); } } } else { @@ -743,21 +767,13 @@ static void cpu_ioreq_move(ioreq_t *req) if (req->dir == IOREQ_READ) { for (i = 0; i < req->count; i++) { - cpu_physical_memory_read( - req->addr + (sign * i * (int64_t)req->size), - (uint8_t*) &tmp, req->size); - cpu_physical_memory_write( - req->data + (sign * i * (int64_t)req->size), - (uint8_t*) &tmp, req->size); + read_phys_req_item(req->addr, req, i, &tmp); + write_phys_req_item(req->data, req, i, &tmp); } } else if (req->dir == IOREQ_WRITE) { for (i = 0; i < req->count; i++) { - cpu_physical_memory_read( - req->data + (sign * i * (int64_t)req->size), - (uint8_t*) &tmp, req->size); - cpu_physical_memory_write( - req->addr + (sign * i * (int64_t)req->size), - (uint8_t*) &tmp, req->size); + read_phys_req_item(req->data, req, i, &tmp); + write_phys_req_item(req->addr, req, i, &tmp); } } } From 249e7e0fff080df0eff54730f3b6459d92d61e5a Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Mon, 17 Dec 2012 11:44:02 +0000 Subject: [PATCH 5/5] cpu_ioreq_pio, cpu_ioreq_move: i should be uint32_t rather than int The current code compare i (int) with req->count (uint32_t) in a for loop, risking an infinite loop if req->count is equal to UINT_MAX. Also i is only used in comparisons or multiplications with unsigned integers. Signed-off-by: Stefano Stabellini Cc: Dongxiao Xu Cc: Stefano Stabellini Signed-off-by: Ian Jackson --- xen-all.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen-all.c b/xen-all.c index ef430ca21e..daf43b99d0 100644 --- a/xen-all.c +++ b/xen-all.c @@ -721,7 +721,7 @@ static inline void write_phys_req_item(hwaddr addr, static void cpu_ioreq_pio(ioreq_t *req) { - int i; + uint32_t i; if (req->dir == IOREQ_READ) { if (!req->data_is_ptr) { @@ -750,7 +750,7 @@ static void cpu_ioreq_pio(ioreq_t *req) static void cpu_ioreq_move(ioreq_t *req) { - int i; + uint32_t i; if (!req->data_is_ptr) { if (req->dir == IOREQ_READ) {