Fixes crash in i386 when user emulation base address is non-zero.
21797 rt_sigreturn(8,1082124603,1,0,1082126048,1082126248)Exit reason and status: signal 11
Signed-off-by: Mike McCormack <mj.mccormack@samsung.com>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
These FPU states are properly maintained by KVM but not yet by TCG. So
far we unconditionally set them to 0 in the guest which may cause
state corruptions, though not with modern guests.
To avoid breaking backward migration, use a conditional subsection that
is only written if any of the three fields is non-zero. The guest's
FNINIT clears them frequently, and cleared IA32_MISC_ENABLE MSR[2]
reduces the probability of non-zero values further so that this
subsection is not expected to restrict migration in any common scenario.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Introduce a new emulated PCI device, specific to fully virtualized Xen
guests. The device is necessary for PV on HVM drivers to work.
Signed-off-by: Steven Smith <ssmith@xensource.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Compared to the last version I only added a comment to the code.
- remove i440FX-xen and i440fx_write_config_xen
we don't need to intercept pci config writes to i440FX anymore;
- introduce PIIX3-xen and piix3_write_config_xen
we do need to intercept pci config write to the PCI-ISA bridge to update
the PCI link routing;
- set the number of PIIX3-xen interrupts line to 128;
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Xen can only do dirty bit tracking for one memory region, so we should
explicitly avoid trying to track anything but the vga vram region.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
If the cirrus_vga PCI BAR is unmapped than we should not only reset
map_addr but also lfb_addr, otherwise we'll keep trying to map
the old lfb_addr in map_linear_vram.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Use qemu_invalidate_entry in cpu_physical_memory_unmap.
Do not lock mapcache entries in qemu_get_ram_ptr if the address falls in
the ramblock with offset == 0. We don't need to do that because the
callers of qemu_get_ram_ptr either try to map an entire block, other
from the main ramblock, or until the end of a page to implement a single
read or write in the main ramblock.
If we don't lock mapcache entries in qemu_get_ram_ptr we don't need to
call qemu_invalidate_entry in qemu_put_ram_ptr anymore because we can
leave with few long lived block mappings requested by devices.
Also move the call to qemu_ram_addr_from_mapcache at the beginning of
qemu_ram_addr_from_host.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Introduce qemu_ram_ptr_length that takes an address and a size as
parameters rather than just an address.
Refactor cpu_physical_memory_map so that we call qemu_ram_ptr_length only
once rather than calling qemu_get_ram_ptr one time per page.
This is not only more efficient but also tries to simplify the logic of
the function.
Currently we are relying on the fact that all the pages are mapped
contiguously in qemu's address space: we have a check to make sure that
the virtual address returned by qemu_get_ram_ptr from the second call on
is consecutive. Now we are making this more explicit replacing all the
calls to qemu_get_ram_ptr with a single call to qemu_ram_ptr_length
passing a size argument.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
CC: agraf@suse.de
CC: anthony@codemonkey.ws
Signed-off-by: Alexander Graf <agraf@suse.de>
Replace xen_map_block with qemu_map_cache with the appropriate locking
and size parameters.
Replace xen_unmap_block with qemu_invalidate_entry.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
There is no need for qemu_map_cache_unlock, just use
qemu_invalidate_entry instead.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Fix the implementation of qemu_map_cache: correctly support size
arguments different from 0 or MCACHE_BUCKET_SIZE.
The new implementation supports locked mapcache entries with size
multiple of MCACHE_BUCKET_SIZE. qemu_invalidate_entry can correctly
find and unmap these "large" mapcache entries given that the virtual
address passed to qemu_invalidate_entry is the same returned by
qemu_map_cache when the locked mapcache entry was created.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch introduces phys memory client for Xen.
Only sync dirty_bitmap and set_memory are actually implemented.
migration_log will stay empty for the moment.
Xen can only log one range for bit change, so only the range in the
first call will be synced.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This function will be used to support sync dirty bitmap.
This come with a check against every Xen release, and special
implementation for Xen version that doesn't have this specific call.
This function will not be usable with Xen 3.3 because the behavior is
different.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
In case we load the vmstate during incoming migration, we start from a
clean, default machine state as we went through system reset before. But
if we load from a snapshot, the machine can be in any state. That can
cause troubles if loading an older image which does not carry all state
information the executing QEMU requires. Hardly any device takes care of
this scenario.
However, fixing this is trivial. We just need to issue a system reset
during loadvm as well.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
This allows qemu_system_reset to be issued silently for internal
purposes, ie. without sending out a monitor event. Convert the system
reset after startup to the silent mode.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
The declaration of function error_set() should use macro GCC_FMT_ATTR
instead of gcc's format printf attribute.
For w32/w64, both declarations are different and GCC_FMT_ATTR is needed.
Compilation for w64 even failed with the original code because mingw64
defines a macro for printf.
GCC_FMT_ATTR requires qemu-common.h, so add it in error.c
(it's also included by error_int.h but too late).
Remove assert.h which is included by qemu-common.h.
Cc: Luiz Capitulino <lcapitulino@redhat.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Our MAINTAINERS file format matches Linux so
get the utility to parse it from there.
Updated as of linux 3.0-rc3
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
As pci id initialization is moved to common layer,
some initialization function can be empty.
So don't call init method if NULL.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The 9118 ethernet controller interrupt line is active low unless
the IRQ config register is programmed to set both the IRQ_POL
(polarity: active-high) and IRQ_TYPE (type: push-pull) bits:
implement support for inverting the irq output in other configurations.
This also requires that we support setting the bits in the first
place, and that we correctly preserve them across software reset.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
BeOS and Haiku on i386 use long for 32-bit types, including pid_t.
Using %d with pid_t therefore results in a warning.
Unfortunately POSIX:2008 does not define a PRId* string for pid_t.
In some places pid_t was previously casted to long and %ld hardcoded.
The predecessor of this patch added another upcast for the simpletrace
filename but was not applied to date.
Since new uses of pid_t with %d keep creeping in, let's instead define
an OS-dependent format string and use that consistently.
Cc: Stefan Hajnoczi <stefanha@gmail.com>
Cc: Blue Swirl <blauwirbel@gmail.com>
Cc: Ingo Weinhold <ingo_weinhold@gmx.de>
Cc: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Register the smc91c111 reset function as a qdev reset function.
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* 'cocoa-for-upstream' of git://repo.or.cz/qemu/afaerber:
Darwin: Fix compilation warning regarding the deprecated daemon() function
cocoa: Avoid warning related to multiple handleEvent: definitions
cocoa: Revert dependency on VNC
cocoa: Provide central qemu_main() prototype
Fix libfdt warnings on Darwin
configure: Fix check for fdatasync()
Remove warning in printf due to type mismatch
Cocoa: avoid displaying window when command-line contains '-h' or '-help'
Fix compilation warning due to incorrectly specified type
cocoa: do not create a spurious window for -version
Add command line support for logging to a location other than /tmp/qemu.log.
With logging enabled (command line option -d), the log is written to
the hard-coded path /tmp/qemu.log. This patch adds support for writing
the log to a different location by passing the -D option.
Signed-off-by: Matthew Fernandez <matthew.fernandez@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Without this, qemu segfaults when a BH handler first deletes its BH and
then calls another function which involves a nested qemu_bh_poll() call.
This can be reproduced by generating an I/O error (e.g. with blkdebug) on
an IDE device and using rerror/werror=stop to stop the VM. When continuing
the VM, qemu segfaults.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Clearing the error status flag was missing for restarting flushes. Now that the
error status is separate from the BM status register, we can simply set it to 0
after restarting the request. This ensures that we never forget to clear a bit.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Add support for TRIM sub function of the data set management command,
and wire it up to the qemu discard infrastructure.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Replace the is_read flag with a dma_cmd flag to allow the dma and
restart logic to handler other commands like TRIM.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Make dma_bdrv_io available for drivers, and pass an explicit I/O function
instead of hardcoding bdrv_aio_readv/bdrv_aio_writev. This is required
to implement non-READ/WRITE dma commands in the ide driver, e.g. the
upcoming TRIM support.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
When a failed PIO request caused the VM to stop, we still need to transfer the
PIO state even though DRQ=0 at this point.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
When adding the werror=stop mode, some flags were added to s->status
which are used to determine what kind of operation should be restarted
when the VM is continued.
Unfortunately, it turns out that s->status is in fact a device register
and as such is visible to the guest (some of the abused bits are even
writable for the guest).
For migration we keep on using the old VMState field (renamed to
migration_compat_status) if the status register doesn't use any of the
previously abused bits. If it does, we use a subsection with a clean copy of
the status register.
The error status is always sent in a subsection if there is any error. It can't
use the old field because errors happen even without PCI.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
If qcow2_cache_put returns an error during cluster allocation and the
allocation fails, it must be removed from the list of in-flight allocations.
Otherwise we'd get a loop in the list when the ACB is used for the next
allocation.
Luckily, this qcow2_cache_put shouldn't fail anyway because the L2 table is
only read, so that qcow2_cache_put doesn't even involve I/O.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
bdrv_aio_* must not call the callback before returning to its caller. In vdi,
this could happen in some error cases. This starts the real requests processing
in a BH to avoid this situation.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
bdrv_aio_* must not call the callback before returning to its caller. In qcow,
this could happen in some error cases. This starts the real requests processing
in a BH to avoid this situation.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
bdrv_aio_* must not call the callback before returning to its caller. In qcow2,
this could happen in some error cases. This starts the real requests processing
in a BH to avoid this situation.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This patchset enables a new CPU feature SMEP (Supervisor Mode Execution
Protection) in QEMU-KVM. SMEP prevents kernel from executing code in application.
Updated Intel SDM describes this CPU feature. The document will be published soon.
SMEP is identified by CPUID leaf 7 EBX[7], which is 0 before. Get the right value by query KVM kernel module, so that guest can get SMEP through CPUID.
Signed-off-by: Yang, Wei <wei.y.yang@intel.com>
Singed-off-by: Shan, Haitao <haitao.shan@intel.com>
Singed-off-by: Li, Xin <xin.li@intel.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
When KVM is running on VIA CPU with host cpu's model, the
feautures of VIA CPU will be passed into kvm guest by calling
the CPUID instruction for Centaur.
Signed-off-by: BrillyWu<brillywu@viatech.com.cn>
Signed-off-by: KaryJin<karyjin@viatech.com.cn>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
ccid_initfn() allocates CCIDBus dynamically, but there is no exit
callback to free it.
Fix by getting rid of the allocation.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
