Except for the case of setting the IOTLB entry in TCG mode, we can avoid
the subpage dispatching handlers and do the resolution directly on
address_space_lookup_region. An IOTLB entry describes a full page, not
only the region that the first access to a sub-divided page may return.
This patch therefore introduces a special translation function,
address_space_translate_for_iotlb, that avoids the subpage resolutions.
In contrast, callers of the existing address_space_translate service
will now always receive the terminal memory region section. This will be
important for breaking the BQL and for enabling unaligned memory region.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This will be needed for some corner cases with para-virtual I/O ports.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This introduces a wrapper for phys_page_find (before we complicate
address_space_translate with IOMMU translation). This function will
also encapsulate locking and reference counting when we introduce
BQL-free dispatching.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The memory API allows a MemoryRegion's size to be 2^64, as a special
case (otherwise the size always fits in a 64 bit integer). This meant
that attempts to access address zero in a 2^64 sized region would
assert in address_space_translate():
#3 0x00007ffff3e4d192 in __GI___assert_fail#(assertion=0x555555a43f32
"!a.hi", file=0x555555a43ef0 "include/qemu/int128.h", line=18,
function=0x555555a4439f "int128_get64") at assert.c:103
#4 0x0000555555877642 in int128_get64 (a=...)
at include/qemu/int128.h:18
#5 0x00005555558782f2 in address_space_translate (as=0x55555668d140,
/addr=0, xlat=0x7fffafac9918, plen=0x7fffafac9920, is_write=false)
at exec.c:221
Fix this by doing the 'min' operation in 128 bit arithmetic
rather than 64 bit arithmetic (we know the result of the 'min'
definitely fits in 64 bits because one of the inputs did).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Manual page and qemu-doc on talk about "Bochs BIOS". We use SeaBIOS,
and it implements the feature. Replace by just "BIOS", and drop the
TODO line wondering about the Bochs reference.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1371208516-7857-7-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Option -no-fd-bootchk asks the BIOS to attempt booting from a floppy
even when the boot sector signature isn't there, by setting a bit in
RTC CMOS. It was added back in 2006 (commit 52ca8d6a).
Two years later, commit 0ecdffbb added monitor command boot_set.
Implemented by new function pc_boot_set(). It unconditionally clears
the floppy signature bit in CMOS.
Commit e0f084bf added -boot option once to automatically change the
boot order on first reset. Reuses pc_boot_set(), thus also clears the
floppy signature bit. Commit d9346e81 took care to preserve this
behavior.
Thus, -no-fd-bootchk applies to any number of boots. Except it
applies just to the first boot with -boot once, and never after
boot_set. Weird. Make it stick instead: set the bit according to
-no-fd-bootchk in pc_boot_set().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1371208516-7857-6-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1371208516-7857-5-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Option "once" sets up a different boot order just for the initial
boot. Boot order reverts back to normal on reset. Option "order"
changes the normal boot order.
The reversal is implemented by reset handler restore_boot_devices(),
which takes the boot order to revert to as argument.
restore_boot_devices() does nothing on its first call, because that
must be the initial machine reset. On its second call, it changes the
boot order back, and unregisters itself.
Because we register the handler right when -boot gets parsed, we can
revert to an incorrect normal boot order, and multiple -boot can
interact in funny ways.
Here's how things work without -boot once or order:
* boot_devices is "".
* main() passes machine->boot_order to to machine->init(), because
boot_devices is "". machine->init() configures firmware
accordingly. For PC machines, machine->boot_order is "cad", and
pc_cmos_init() writes it to RTC CMOS, where SeaBIOS picks it up.
Now consider -boot order=:
* boot_devices is "".
* -boot order= sets boot_devices to "" (no change).
* main() passes machine->boot_order to to machine->init(), because
boot_devices is "", as above.
Bug: -boot order= has no effect. Broken in commit e4ada29e.
Next, consider -boot once=a:
* boot_devices is "".
* -boot once=a registers restore_boot_devices() with argument "", and
sets boot_devices to "a".
* main() passes boot_devices "a" to machine->init(), which configures
firmware accordingly. For PC machines, pc_cmos_init() writes the
boot order to RTC CMOS.
* main() calls qemu_system_reset(). This runs reset handlers.
- restore_boot_devices() gets called with argument "". Does
nothing, because it's the first call.
* Machine boots, boot order is "a".
* Machine resets (e.g. monitor command). Reset handlers run.
- restore_boot_devices() gets called with argument "". Calls
qemu_boot_set("") to reconfigure firmware. For PC machines,
pc_boot_set() writes it into RTC CMOS. Reset handler
unregistered.
Bug: boot order reverts to "" instead of machine->boot_order. The
actual boot order depends on how firmware interprets "". Broken
in commit e4ada29e.
Next, consider -boot once=a -boot order=c:
* boot_devices is "".
* -boot once=a registers restore_boot_devices() with argument "", and
sets boot_devices to "a".
* -boot order=c sets boot_devices to "c".
* main() passes boot_devices "c" to machine->init(), which configures
firmware accordingly. For PC machines, pc_cmos_init() writes the
boot order to RTC CMOS.
* main() calls qemu_system_reset(). This runs reset handlers.
- restore_boot_devices() gets called with argument "". Does
nothing, because it's the first call.
* Machine boots, boot order is "c".
Bug: it should be "a". I figure this has always been broken.
* Machine resets (e.g. monitor command). Reset handlers run.
- restore_boot_devices() gets called with argument "". Calls
qemu_boot_set("") to reconfigure firmware. For PC machines,
pc_boot_set() writes it into RTC CMOS. Reset handler
unregistered.
Bug: boot order reverts to "" instead of "c". I figure this has
always been broken, just differently broken before commit
e4ada29e.
Next, consider -boot once=a -boot once=b -boot once=c:
* boot_devices is "".
* -boot once=a registers restore_boot_devices() with argument "", and
sets boot_devices to "a".
* -boot once=b registers restore_boot_devices() with argument "a", and
sets boot_devices to "b".
* -boot once=c registers restore_boot_devices() with argument "b", and
sets boot_devices to "c".
* main() passes boot_devices "c" to machine->init(), which configures
firmware accordingly. For PC machines, pc_cmos_init() writes the
boot order to RTC CMOS.
* main() calls qemu_system_reset(). This runs reset handlers.
- restore_boot_devices() gets called with argument "". Does
nothing, because it's the first call.
- restore_boot_devices() gets called with argument "a". Calls
qemu_boot_set("a") to reconfigure firmware. For PC machines,
pc_boot_set() writes it into RTC CMOS. Reset handler
unregistered.
- restore_boot_devices() gets called with argument "b". Calls
qemu_boot_set("b") to reconfigure firmware. For PC machines,
pc_boot_set() writes it into RTC CMOS. Reset handler
unregistered.
* Machine boots, boot order is "b".
Bug: should really be "c", because that came last, and for all other
-boot options, the last one wins. I figure this was broken some
time before commit 37905d6a, and fixed there only for a single
occurence of "once".
* Machine resets (e.g. monitor command). Reset handlers run.
- restore_boot_devices() gets called with argument "". Calls
qemu_boot_set("") to reconfigure firmware. For PC machines,
pc_boot_set() writes it into RTC CMOS. Reset handler
unregistered.
Same bug as above: boot order reverts to "" instead of
machine->boot_order.
Fix by acting upon -boot options order, once and menu only after
option parsing is complete, and the machine is known. This is how the
other -boot options work already.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1371208516-7857-4-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1371208516-7857-3-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Commit 3d3b8303 threw in some QemuOpts parsing without replacing the
existing ad hoc parser, resulting in a confusing mess. Clean it up.
Two user-visible changes:
1. Invalid options are reported more nicely. Before:
qemu: unknown boot parameter 'x' in 'x=y'
After:
qemu-system-x86_64: -boot x=y: Invalid parameter 'x'
2. If -boot is given multiple times, options accumulate, just like for
-machine. Before, only options order, once and menu accumulated.
For the other ones, all but the first -boot in non-legacy syntax
got simply ignored.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Message-id: 1371208516-7857-2-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When this VMSD was introduced it's version fields were set to
sizeof(I6300State), making them essentially random from build to build,
version to version.
To fix this, we lock in a high version id and low minimum version id to
support old->new migration from all prior versions of this device's
state. This should work since the device state has not changed since
its introduction.
The potentially breaks migration from 1.5+ to 1.5, but since the
versioning was essentially random prior to this patch, new->old
migration was not consistently functional to begin with.
Reported-by: Nicholas Thomas <nick@bytemark.co.uk>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Paolo Bonzini (3) and others
# Via Paolo Bonzini
* bonzini/scsi-next:
iscsi: reorganize iscsi_readcapacity_sync
iscsi: simplify freeing of tasks
vhost-scsi: fix k->set_guest_notifiers() NULL dereference
scsi-disk: scsi-block device for scsi pass-through should not be removable
scsi-generic: check the return value of bdrv_aio_ioctl in execute_command
scsi-generic: fix sign extension of READ CAPACITY(10) data
scsi: reset cdrom tray statuses on scsi_disk_reset
Message-id: 1371565016-2643-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Ján Tomko
# Via Paolo Bonzini
* bonzini/nbd-next:
nbd: strip braces from literal IPv6 address in URI
qemu-socket: allow hostnames starting with a digit
'default_backend' isn't always set, but 'rng' is, so use that.
$ ./x86_64-softmmu/qemu-system-x86_64 -object rng-random,id=rng0,filename=/dev/random -device virtio-rng-pci,rng=rng0
Segmentation fault (core dumped)
Regressed with virtio refactoring in 59ccd20a9a
CC: qemu-stable@nongnu.org
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Acked-by: Amit Shah <amit.shah@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Message-id: bf4505014a0a941dbd3c62068f3cf2c496b69e6a.1370023944.git.crobinso@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Avoid the goto, and use the same retry logic for the 10- and 16-
byte versions.
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Always free them in the iscsi_aio_*_acb functions and remove the
checks in their callers. Remove ifs when the task struct was
previously dereferenced (spotted by Coverity).
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Coverity picked up a copy-paste bug. In vhost_scsi_start() we check for
!k->set_guest_notifiers and error out. The check probably got copied
but instead of erroring we actually use the function pointer!
Cc: Nicholas Bellinger <nab@linux-iscsi.org>
Cc: Asias He <asias@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch adds a new SCSI_DISK_F_NO_REMOVABLE_DEVOPS feature. By this
feature we can set that the scsi-block (scsi pass-through) device will still
be removable from the guest side, but from monitor it cannot be removed.
Cc: qemu-stable@nongnu.org
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This fixes the bug introduced by this commit ad54ae80c7.
The bdrv_aio_ioctl() still could return null and we should return an error
in that case.
Cc: qemu-stable@nongnu.org
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Issuing the READ CAPACITY(10) command in the guest will cause QEMU
to update its knowledge of the maximum accessible LBA in the disk.
The recorded maximum LBA will be wrong if the disk is bigger than
1TB, because ldl_be_p returns a signed int.
When this is fixed, a latent bug will be unmasked. If the READ
CAPACITY(10) command reported an overflow (0xFFFFFFFF), we must
not overwrite the previously-known maximum accessible LBA, or the guest
will fail to access the disk above the first 2TB.
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Tray statuses should be also reset. Some guests may lock the tray and
right after resetting the guest it should be unlocked and closed. This
is done on power-on, reset and resume from suspend/hibernate on bare-metal.
This fix is already committed for IDE CD.
Check the commit a7f3d65b65.
Test results on bare-metal:
- on reset/power-on the CD-ROM tray is closed even before the monitor
is turned on
- on resume from suspend/hibernate the tray is also closed before
the monitor is turned on
From test results it seems that this behavior is OS and probably BIOS
independent.
Cc: qemu-stable@nongnu.org
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Otherwise they would get passed to getaddrinfo and fail with:
address resolution failed for [::1]🔢 Name or service not known
(Broken by commit v1.4.0-736-gf17c90b)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
According to RFC 1123 [1], hostnames can start with a digit too.
[1] http://tools.ietf.org/html/rfc1123#page-13
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Cc: qemu-stable@nongnu.org
[Use strspn, not strcspn. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This is a little strange. It is lowering the parent IRQ pin on input
when HIE is cleared. There is no such behaviour in the real hardware.
ISR changes based on interrupt pin state are already guarded on HIE
being set. So we can just delete this if in its entirety.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
When the Hardware Interrupt Enable (HIE) bit is set, software cannot
change ISR. Add write guard accordingly.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Acking a level sensitive interrupt should have no effect if the
interrupt pin is still asserted. The current implementation requires
and edge condition to occur for setting a level sensitive IRQ, which
means an ACK can clear a level sensitive interrupt, until the original
source strobes the interrupt again.
Fix by keeping track of the interrupt pin state and setting ISR based
on this every time update_irq() is called.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
For level sensitive interrupts, ISR bits are cleared when the input pin
is lowered. This is incorrect. Only software can clear ISR bits (via
IAR or direct write to ISR with !MER(2)).
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
The UART IRQ is edge sensitive, whereas the machine was registering it
as level sensitive. Fix.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
# By Luiz Capitulino
# Via Luiz Capitulino
* luiz/queue/qmp:
qerror: drop QERR_OPEN_FILE_FAILED macro
block: bdrv_reopen_prepare(): don't use QERR_OPEN_FILE_FAILED
savevm: qmp_xen_save_devices_state(): use error_setg_file_open()
dump: qmp_dump_guest_memory(): use error_setg_file_open()
cpus: use error_setg_file_open()
blockdev: use error_setg_file_open()
block: mirror_complete(): use error_setg_file_open()
rng-random: use error_setg_file_open()
error: add error_setg_file_open() helper
Message-id: 1371484631-29510-1-git-send-email-lcapitulino@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Liu Yuan (2) and others
# Via Kevin Wolf
* kwolf/for-anthony:
vmdk: Allow reading variable size descriptor files
NVMe: Initial commit for new storage interface
curl: Don't set curl options on the handle just before it's going to be deleted.
vmdk: byteswap VMDK4Header.desc_offset field
block/curl.c: Refuse to open the handle for writes.
sheepdog: support 'qemu-img snapshot -a'
sheepdog: fix snapshot tag initialization
Message-id: 1371486710-17793-1-git-send-email-kwolf@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
rotr_i32 calculates the amount to left shift and puts it into a
temporary, but then doesn't use it when doing the shift.
Cc: qemu-stable@nongnu.org
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
add2_i64 was adding the lower double word to the upper double word
of each input. Fix this so we add the lower double words, then the
upper double words with carry propagation.
Cc: qemu-stable@nongnu.org
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
If our input and output is in the same register, bswap64 tries to
undo a rotate of the input. This just ends up rotating the output.
Cc: qemu-stable@nongnu.org
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
The rldcl instruction doesn't have an sh field, so the minor opcode
is shifted 1 bit. We were using the XO30 macro which shifted the
minor opcode 2 bits.
Remove XO30 and add MD30 and MDS30 macros which match the
Power ISA categories.
Cc: qemu-stable@nongnu.org
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Richard Henderson <rth@twiddle.net>
the hard-coded 2k buffer on the stack won't allow reading big descriptor
files which can be generated when storing big images. For example 500G
vmdk splitted to 2G chunks.
Signed-off-by: Evgeny Budilovsky <evgeny.budilovsky@ravellosystems.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Initial commit for emulated Non-Volatile-Memory Express (NVMe) pci
storage device.
NVMe is an open, industry driven storage specification defining
an optimized register and command set designed to deliver the full
capabilities of non-volatile memory on PCIe SSDs. Further information
may be found on the organizations website at:
http://www.nvmexpress.org/
This commit implements the minimum from the specification to work with
existing drivers.
Cc: Keith Busch <keith.busch@gmail.com>
Signed-off-by: Keith Busch <keith.busch@intel.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(Found by Kamil Dudka)
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Cc: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Remember to byteswap VMDK4Header.desc_offset on big-endian machines.
Cc: qemu-stable@nongnu.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Just call sd_create_branch() in the snapshot_goto to rollback the image is good
enough. With this patch, 'loadvm' process for sheepdog is modified:
Suppose we have a snapshot chain A --> B --> C, we do 'loadvm A' so as to get
a new chain,
A --> B
|
V
C1
in the old code:
1 reload inode of A (in snapshot_goto)
2 read vmstate via A's vdi_id (loadvm_state)
3 delete C and create C1, reload inode of C1 (sd_create_branch on write)
with this patch applied:
1 reload inode of A, delete C and create C1 (in snapshot_goto)
2 read vmstate via C1's parent, that is A's vdi_id (loadvm_state)
This will fix the possible bug that QEMU exit between 2 and 3 in the old code
Cc: qemu-devel@nongnu.org
Cc: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Liu Yuan <namei.unix@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This is an old and obvious bug. We should pass snapshot_id to the
tag. Or simple command like 'qemu-img snapshot -a tag sheepdog:image' will fail
Cc: qemu-devel@nongnu.org
Cc: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Liu Yuan <namei.unix@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The call to drv->bdrv_reopen_prepare() can fail due to reasons
other than an open failure. Unfortunately, we can't use errno
nor -ret, cause they are not always set.
Stick to a generic error message then.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>