Hello,
the real world issue is that the hardware allows sends up to 2600 bytes,
and for some reason FreeBSD sometimes sends frames larger than the
ethernet frame size (102+1460 is the maximum I have seen so far),
overflowing the on-stack tx buffer of the driver.
Independent of that, the code should avoid allowing the guest to
overwrite the stack.
This is a minimal patch to fix the issue (you could leave out the size
change of the buf array as well, networking still seems to work either
way). Obviously there are better ways to handle it, but a proper fix IMO
would involve first getting rid of the code duplication and given the
number of patches pending for that code I see no point in working on that now.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
If a flash file of size smaller than the flash size is specified in
the -pflash option, the block driver returns error. But the
pflash_cfi0x ignores the error. This results in a flash content of all
zeroes. And the simulation aborts while executing code.
This patch adds the checks for errors from bdrv_read and escalates it
to the calling code.
Signed-off-by: Vijay Kumar B. <vijaykumar@bravegnu.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
cpu_synchronize_state() is a little unreadable since the 'modified'
argument isn't self-explanatory. Simplify it by making it always
synchronize the kernel state into qemu, and automatically flush the
registers back to the kernel if they've been synchronized on this
exit.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
-watchdog NAME is now equivalent to -device NAME, except it treats
option argument '?' specially, and supports only one watchdog.
A side effect is that a device created with -watchdog may now receive
a different PCI address.
i6300esb is now available on any machine with a PCI bus, not just PCs.
ib700 is still PC only, but that could be changed easily.
The only remaining use of struct WatchdogTimerModel and
watchdog_add_model() is supporting '-watchdog ?'. Should be replaced
by searching device_info_list for watchdog devices when we can
identify them there.
Also fixes ib700 not to use vm_clock before it is initialized: in
wdt_ib700_init(), called from register_watchdogs(), which runs before
init_timers(). The bug made ib700_write_enable_reg() crash in
qemu_del_timer().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The bdrv_aio_{read,write} routines can return a NULL pointer when the
I/O submission fails. Currently we ignore this and will wait forever
for an I/O completion and leading to a hang of the guest.
I can easily reproduce this using the native Linux AIO patch, but it's
also possible using normal pthreads-based AIO.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Now that do have a nicer interface to work against we can add Linux native
AIO support. It's an extremly thing layer just setting up an iocb for
the io_submit system call in the submission path, and registering an
eventfd with the qemu poll handler to do complete the iocbs directly
from there.
This started out based on Anthony's earlier AIO patch, but after
estimated 42,000 rewrites and just as many build system changes
there's not much left of it.
To enable native kernel aio use the aio=native sub-command on the
drive command line. I have also added an option to qemu-io to
test the aio support without needing a guest.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Currently the raw-posix.c code contains a lot of knowledge about the
asynchronous I/O scheme that is mostly implemented in posix-aio-compat.c.
All this code does not really belong here and is getting a bit in the
way of implementing native AIO on Linux.
So instead move all the guts of the AIO implementation into
posix-aio-compat.c (which might need a better name, btw).
There's now a very small interface between the AIO providers and raw-posix.c:
- an init routine is called from raw_open_common to return an AIO context
for this drive. An AIO implementation may either re-use one context
for all drives, or use a different one for each as the Linux native
AIO support will do.
- an submit routine is called from the aio_reav/writev methods to submit
an AIO request
There are no indirect calls involved in this interface as we need to
decide which one to call manually. We will only call the Linux AIO native
init function if we were requested to by vl.c, and we will only call
the native submit function if we are asked to and the request is properly
aligned. That's also the reason why the alignment check actually does
the inverse move and now goes into raw-posix.c.
The old posix-aio-compat.h headers is removed now that most of it's
content is private to posix-aio-compat.c, and instead we add a new
block/raw-posix-aio.h headers is created containing only the tiny interface
between raw-posix.c and the AIO implementation.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
It isn't obvious what 'dvq' stands for. Since it's the output queue and
the corresponding input queue is called 'ivq', call this 'ovq'
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Remove some redundant definitions for PCI classes:
PCI_CLASS_SERIAL_OTHER already exists as PCI_CLASS_COMMUNICATION_OTHER
and PCI_CLASS_PROCESSOR_CO is redefined.
PCI_CLASS_SERIAL_OTHER is not used anywhere.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This uses a run_after_load() function, and VMSTATE_PCI_DEVICE()
It could be made smaller changing the type of pm_io_space_update()
to return an int.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This uses a variant of buffer, with extra checks. Also uses the new
support for cheking that a read value is less or equal than a field.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
We read the saved value and check that it is less or equal than the one
stored in the structure.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch adds support for static sized buffer and typecheks that the buffer is right.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch add supports for variable sized arrays whose size is
another field of the state.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
We read the saved value and check that it is the same that the one
is stored in the structure.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch adds support for saving one VMStateDescription from other
VMStateDescription.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch adds support for saving arrays inside the struct
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch adds support for saving pointers to values
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch introduces VMState infrastructure, to convert the save/load
functions of devices to a table approach. This new approach has the
following advantages:
- it is type-safe
- you can't have load/save functions out of sync
- will allows us to have new interesting commands, like dump <device>, that
shows all its internal state.
- Just now, the only added type is arrays, but we can add structures.
- Uses old load_state() function for loading old state.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
do_loadvm() is now called from the monitor.
load_vmstate() is called by do_loadvm() and when -loadvm command line is used.
Command line don't have to play games with vmstop()/vmstart()
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This introduces a qemu-img create option for qcow2 which allows the metadata to
be preallocated, i.e. clusters are reserved in the refcount table and L1/L2
tables, but no data is written to them. Metadata is quite small, so this
happens in almost no time.
Especially with qcow2 on virtio this helps to gain a bit of performance during
the initial writes. However, as soon as create a snapshot, we're back to the
normal slow speed, obviously. So this isn't the real fix, but kind of a cheat
while we're still having trouble with qcow2 on virtio.
Note that the option is disabled by default and needs to be specified
explicitly using qemu-img create -f qcow2 -o preallocation=metadata.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Now with isa-bus maintaining the isa irqs we can move the
isa_connect_irq() calls into isa_create_simple().
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Introduce isa_reserve_irq() which marks an irq reserved and returns
the appropriate qemu_irq entry from the i8259 table.
isa_reserve_irq() is a temporary interface to be used to allocate ISA
IRQs for devices which have not yet been converted to qdev, and for
special cases which are not suited for qdev conversions, such as the
'ferr'.
This patch goes on top of Gerd Hoffmann's which makes isa-bus.c own
the ISA irq table.
[ added isa-bus.o to some targets to fix build failures -- kraxel ]
Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Changes:
(1) make isa-bus maintain isa irqs, complain when allocating
already taken irqs.
(2) note that (1) works only for isa devices converted to qdev
already (floppy and ps2/kbd/mouse right now), so more work
is needed to make this really useful.
(3) split floppy init into isa and sysbus versions.
(4) add sysbus->isa bridge & fix -M isapc breakage.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Bug fix for segfault when run as i82551 HW:
Use Extended TBD only when HW supports it (i82558 and up).
Added assertions to guard from such buffer overflow
Introduce the MAX_TCB_BYTE_COUNT macro
Allocate buf big enough as HW needs (MAX_ETH_FRAME_SIZE -> MAX_TCB_BYTE_COUNT)
I don't feel 100% OK with the "s->device >= i82558B" condition
since it relies on the numeric (hex) value of those defines, which currently
is correct, but changes (which I don't forsee now) might break it.
Signed-off-by: Naphtali Sprei <nsprei@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Suppress the following compiler warning emitted by at least gcc version 4.2.1 (SUSE Linux)
and gcc version 3.4.5 (mingw32 special):
hw/pci-hotplug.c: In function 'pci_device_hot_add':
hw/pci-hotplug.c:102: warning: 'dinfo' may be used uninitialized in this function
hw/pci-hotplug.c:102: note: 'dinfo' was declared here
Signed-off-by: Sebastian Herbszt <herbszt@gmx.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* The code for option '-static' was wrong, so image creation
always created static images.
* Static images created with qemu-img did not set header entry
blocks_allocated.
* The size of the block map must be rounded to the next multiple
of SECTOR_SIZE, otherwise the block map is only read partially
for block map sizes which are not a multiple of SECTOR_SIZE.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
In addition to the TCG based qemu64 type let's introduce a kvm64 CPU type,
which is the least common denominator of all KVM-capable x86-CPUs
(based on Intel Pentium 4 Prescott). It can be used as a base type
for migration.
Signed-off-by: Andre Przywara <andre.przywara@amd.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The CPUID level determines how many CPUID leafs are exposed to the guest.
Some features (like multi-core) cannot be propagated without the proper
level, but guests maybe confused by bogus entries in some leafs.
So add level= and xlevel= to the list of -cpu options to allow the user to
override the default settings. While at it, merge unnecessary local
variables into one and allow hexadecimal arguments.
Signed-off-by: Andre Przywara <andre.przywara@amd.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Controlled by the enhanced -smp option set the CPUID bits to present the
guest the desired topology. This is vendor specific, but (with the exception
of the CMP_LEGACY bit) not conflicting, so we set all bits everytime.
There is no real multithreading support for AMD CPUs, so report cores
instead.
Signed-off-by: Andre Przywara <andre.przywara@amd.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Intel CPUs store the number of cores in CPUID leaf 4. So push
the maxleaf value to 4 to allow the guests access to this leaf.
Signed-off-by: Andre Przywara <andre.przywara@amd.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
For injecting multi-core and multi-threading CPU topology into guests
extend the -smp syntax to accommodate cores and threads specification.
Syntax: -smp smp_value[,cores=nr_cores][,threads=nr_threads]\
[,socket=nr_sockets][,maxcpus=max_cpus]
smp_value is the legacy value specifying the total number of vCPUs for
the guest. If you specify one of cores, threads or sockets this value
can be omitted. Missing values will be computed to fulfill:
smp_value = nr_cores * nr_threads * nr_sockets
where it will favour sockets over cores over threads (to mimic the
current behavior, which will only inject multiple sockets.)
So -smp 4,threads=2 will inject two sockets with 2 threads each,
-smp cores=4 is an abbreviation for -smp 4,cores=4,threads=1,sockets=1.
If max_cpus (the number of hotpluggable CPUs) is omitted, it will
be set to smp_value.
Signed-off-by: Andre Przywara <andre.przywara@amd.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Once there, move to a proper test to see if we are going to use it or not
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Extra error message is only given if --enable-kvm was given
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>