The 'qemu coroutine <coroutine-address>' GDB command prints the
backtrace for a CoroutineUContext. This is useful for peeking inside
yielded coroutines that are waiting for file descriptor events, timers,
etc.
For example:
$ gdb tests/test-coroutine
(gdb) b test_yield
(gdb) r
(gdb) b qemu_coroutine_enter
(gdb) c
(gdb) c
Continuing.
Breakpoint 2, qemu_coroutine_enter (co=0x555555c66520, opaque=0x0) at qemu-coroutine.c:103
103 {
(gdb) source scripts/qemu-gdb.py
(gdb) qemu coroutine 0x555555c66520
#0 0x000055555557a740 in qemu_coroutine_switch (from_=<optimized out>, to_=0x7ffff7f90a70, action=COROUTINE_YIELD) at coroutine-ucontext.c:177
#1 0x0000555555566af9 in yield_5_times (opaque=0x7fffffffdbb7) at tests/test-coroutine.c:107
#2 0x000055555557a7aa in coroutine_trampoline (i0=<optimized out>, i1=<optimized out>) at coroutine-ucontext.c:80
#3 0x00007ffff08de000 in __start_context () at /lib64/libc.so.6
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427409754-8556-1-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This patch simplifies thread_pool_completion_bh().
The function first checks elem->state:
if (elem->state != THREAD_DONE) {
continue;
}
It then goes on to check elem->state == THREAD_DONE although we already
know this must be the case.
The QLIST_REMOVE() is duplicated down both branches of an if-else
statement so that can be lifted out as well.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1427992762-10126-1-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Fix the length of the zero-fill for the back, which was accidentally
using the same value as for the front. This is caught by qemu-iotests
033.
For consistency, change the code for the front as well to use the length
stored in the iov (it is the same value, copied four lines above).
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: Jeff Cody <jcody@redhat.com>
This is, amongst others, required for qemu-iotests 033 to run as
intended on VHDX, which uses explicit bdrv_truncate() calls to bs->file
when allocating new blocks.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Jeff Cody <jcody@redhat.com>
This adds a regression test for some problems that the qemu-img convert
rewrite just fixed.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
The implementation of qemu-img convert is (a) messy, (b) buggy, and
(c) less efficient than possible. The changes required to beat some
sense into it are massive enough that incremental changes would only
make my and the reviewers' life harder. So throw it away and reimplement
it from scratch.
Let me give some examples what I mean by messy, buggy and inefficient:
(a) The copying logic of qemu-img convert has two separate branches for
compressed and normal target images, which roughly do the same -
except for a little code that handles actual differences between
compressed and uncompressed images, and much more code that
implements just a different set of optimisations and bugs. This is
unnecessary code duplication, and makes the code for compressed
output (unsurprisingly) suffer from bitrot.
The code for uncompressed ouput is run twice to count the the total
length for the progress bar. In the first run it just takes a
shortcut and runs only half the loop, and when it's done, it toggles
a boolean, jumps out of the loop with a backwards goto and starts
over. Works, but pretty is something different.
(b) Converting while keeping a backing file (-B option) is broken in
several ways. This includes not writing to the image file if the
input has zero clusters or data filled with zeros (ignoring that the
backing file will be visible instead).
It also doesn't correctly limit every iteration of the copy loop to
sectors of the same status so that too many sectors may be copied to
in the target image. For -B this gives an unexpected result, for
other images it just does more work than necessary.
Conversion with a compressed target completely ignores any target
backing file.
(c) qemu-img convert skips reading and writing an area if it knows from
metadata that copying isn't needed (except for the bug mentioned
above that ignores a status change in some cases). It does, however,
read from the source even if it knows that it will read zeros, and
then search for non-zero bytes in the read buffer, if it's possible
that a write might be needed.
This reimplementation of the copying core reorganises the code to remove
the duplication and have a much more obvious code flow, by essentially
splitting the copy iteration loop into three parts:
1. Find the number of contiguous sectors of the same status at the
current offset (This can also be called in a separate loop before the
copying loop in order to determine the total sectors for the progress
bar.)
2. Read sectors. If the status implies that there is no data there to
read (zero or unallocated cluster), don't do anything.
3. Write sectors depending on the status. If it's data, write it. If
we want the backing file to be visible (with -B), don't write it. If
it's zeroed, skip it if you can, otherwise use bdrv_write_zeroes() to
optimise the write at least where possible.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
This is the first step towards having fine-grained critical sections in
dataplane threads, which resolves lock ordering problems between
address_space_* functions (which need the BQL when doing MMIO, even
after we complete RCU-based dispatch) and the AioContext.
Because AioContext does not use contention callbacks anymore, the
unit test has to be changed.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1424449612-18215-4-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This is the first step in pushing down acquire/release, and will let
rfifolock drop the contention callback feature.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1424449612-18215-3-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
By using thread-local storage, aio_poll can stop using global data during
g_poll_ns. This will make it possible to drop callbacks from rfifolock.
[Moved npfd = 0 assignment to end of walking_handlers region as
suggested by Paolo. This resolves the assert(npfd == 0) assertion
failure in pollfds_cleanup().
--Stefan]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1424449612-18215-2-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Currently, throttle timers won't make any progress when VCPU is not
running, which would stall the request queue in utils, qtest, vm
suspending, and live migration, without special handling.
Block jobs are confusingly inconsistent between with and without
throttling: if user sets a bps limit, stops the vm, then start a block
job, the block job will not make any progress; in contrary, if user
unsets the bps limit, or if it's not set, the block job will run
normally.
After this patch, with the host clock, even if the VCPUs are stopped,
the throttle queues will be processed.
This patch also enables potential to add throttle to bdrv_drain_all.
Currently all requests are drained immediately. In other words whenever
it is called, IO throttling goes ineffective (examples: system reset,
migration and many block job operations.). This is a loophole that guest
could exploit. If we use the host clock, we can later just trust the
nested poll. This could be done on top.
Note that for qemu-iotests case 093, which uses qtest, we still keep vm
clock so the script can control the clock stepping in order to be
deterministic.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1427268446-6426-1-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The ffs(3) family of functions is not portable. MinGW doesn't always
provide the function.
Use ctz32() or ctz64() instead.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-10-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The lack of ffs(3) in the MinGW headers is a hint that we shouldn't rely
on it. MinGW 4.9.2 does not make it available for linking when QEMU's
./configure --enable-debug is used (release builds are fine though).
Now that all QEMU code has been switched to ctz32() there is no need for
ffs(3).
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-9-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Rewrite the loop using level &= level - 1 to clear the least significant
bit after each iteration. This simplifies the loop and makes it easy to
replace ffs(3) with ctz32().
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-8-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
ffs() cannot be replaced with ctz32() when the argument might be zero,
because ffs(0) returns 0 while ctz32(0) returns 32.
The ffs(3) call in sd_normal_command() is a special case though. It can
be converted to ctz32() + 1 because the argument is never zero:
if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
~~~~~~~~~~~~~~~
^--------------- req.arg cannot be zero
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-7-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
There are a number of ffs(3) callers that do roughly:
bit = ffs(val);
if (bit) {
do_something(bit - 1);
}
This pattern can be converted to ctz32() like this:
zeroes = ctz32(val);
if (zeroes != 32) {
do_something(zeroes);
}
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-6-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This commit was generated mechanically by coccinelle from the following
semantic patch:
@@
expression val;
@@
- (ffs(val) - 1)
+ ctz32(val)
The call sites have been audited to ensure the ffs(0) - 1 == -1 case
never occurs (due to input validation, asserts, etc). Therefore we
don't need to worry about the fact that ctz32(0) == 32.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-5-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
It is not clear from the code how a 0 parameter should be handled by the
hardware. Keep the same behavior as ffs(0) - 1 == -1.
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-4-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
It is not clear from the code how a 0 parameter should be handled by the
hardware. Keep the same behavior as ffs(0) - 1 == -1.
Cc: Andrzej Zaborowski <balrog@zabor.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-3-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The binary search in sdp_uuid_match() only works when the number of
elements to search is a power of two.
lo = record->uuid;
hi = record->uuids;
while (hi >>= 1)
if (lo[hi] <= val)
lo += hi;
return *lo == val;
I noticed that the record->uuids calculation in
sdp_service_record_build() was suspect:
record->uuids = 1 << ffs(record->uuids - 1);
Unlike most ffs(val) - 1 users, the expression is ffs(val - 1)!
Actually ffs() is the wrong function to use for power-of-2. Use
pow2ceil() to achieve the correct effect. Now the record->uuid[] array
is sized correctly and the binary search in sdp_uuid_match() should
work.
I'm not sure how to run/test this code.
Cc: Andrzej Zaborowski <balrog@zabor.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-2-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-id: 1426522925-14444-1-git-send-email-berto@igalia.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The command "virsh create" will fail in such condition: vm has two
disks: vda and vdb. vda has snapshot s1 with id "1", vdb doesn't have
s1 but has snapshot s2 with id "1". When we want to run command "virsh
create s1", del_existing_snapshots() only deletes s1 in vda, and
bdrv_snapshot_create() tries to create vdb's snapshot s1 with id "1",
but id "1" alreay exists in vdb with name "s2"!
The simplest way is call find_new_snapshot_id() unconditionally.
Signed-off-by: Yi Wang <up2wing@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJVPoMfAAoJECgHk2+YTcWmzuQQAIOf4o/0t/lV87uR1/smP+E/
mvdWm9FiaRXkc0SYrIdpNoPyyMfNnzwDocywIaMcMNEzxMe1oP/objm3yWuOpeeH
Q26oMt/phXsPBRl5vxhAQ29LxuCagDivRFyTUxa7E8/D9GKmVFE6/orwHeMfwUEs
frILNM5lCLiXk4dgeQPW9xWb8iAm/RVRWFRIya5HVh51PjjsN/iLQDtSLM5Ivvvn
Pn5+cspcjD6bjM3tGiXYJZtUdoKh/7Dc8QLHhOOGd0XGysnfEbsmNQbk5Kl62PL/
3Ug0yQWpecM5IrmPWi/Omh2YJNdTbrjsOMaLWZv2LtWl/o8mD51rPJeK9Pfym/26
dsQgcYK/0GowEOxb/PUkWoX7eNziUyKryksgtdLxyrcllO5QKhrkTibDh8UOKYwI
X6qEqrhCJ8pN6GhFJYK/2ieMajOoa3TE7WE5CenEPFyEmDqQkKWrjUyc0YZjcZ98
cHJESCyXxaetzpwt17WT+vaEwpKyj7RBBS55fuV7S6+QRpWewyvxsKcEe7nfHDPe
k7VOkG7YD0LX9dnoFGLvHbxms/QUji5K2rprvZYdA5PNywTwRsyW58XR/G1jOU2Q
oDkLL+B52A3+cBUz4n7yrP4GumvxTR9mfOGbvdKXRYHyJka74aoGecPblAVz3ew4
UTgqXmdlJzA5SzyPObcq
=t4Wd
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' into staging
X86 queue, 2015-04-27 (v2)
# gpg: Signature made Mon Apr 27 19:42:39 2015 BST using RSA key ID 984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/x86-pull-request:
target-i386: Remove AMD feature flag aliases from CPU model table
target-i386: X86CPU::xlevel2 QOM property
target-i386: Make "level" and "xlevel" properties static
qemu-config: Accept empty option values
MAINTAINERS: Change status of X86 to Maintained
MAINTAINERS: Add myself to X86
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJVPnmrAAoJECgHk2+YTcWm9fkQALwhU06fh1C3zOqW162cYnPi
omkrj89606UzbpC9/NxP1XsjJcXysjD2Dn+yZ5F4WKwHOuqRcoj9wdp/PdE1+lUt
+Dwl3+c0waVmRm91fBA71EgkENGpd1+d0BmddAKhCcoM/R1qtH/RJBVmmojHnt7g
43uAVunV2PLpnW00nug4fJZnjS/MN3d5MDyJLw0AbaLLGDojG7r9sI6UMbOK8I2l
zjCX+RUDAzf4QPPszwvwD+2JsZOSUoqNRts42FxGe1AOMvH4REBnIJZzbFoZ58lr
tqL+1vJYx6HHvvZu0/gWSD4tmQenWelhlfVIig1L02srJKLq2Zw6oq18D9QOJXdd
7a/lkM+RRCFYwBQR/74ZIFEvS5VxtJzQbxpuHAf0A5tjHzV7E97Nz7SwvuSAAdCv
aKQSKqMa5aQFxCaUK6sl7u5X08Av9o6cNg2z7Ri+hFFVXQu1JIKoNFxPH9As/gDZ
YtGSrsVDBEYHxLF70iLXWEMdxM5j5Aec1HIBYWGXA930hSXDxZYRSFnbRhiPe7HI
wArOPvk81w/DrD0Pqy+4r9emxPsiDbAn/U03VYHVoSZXl6BbHN8gMnyF+X0sZT3f
kaLQEFihzTHron7b3nzfrFsktkbrRWnxCeqVhhMn0yPCZwJV6I/MD01FcDdTe7y0
f16IYLpvqMDTDT+HUt/d
=P+kR
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/ehabkost/tags/numa-pull-request' into staging
NUMA queue, 2015-04-27
# gpg: Signature made Mon Apr 27 19:02:19 2015 BST using RSA key ID 984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/numa-pull-request:
MAINTAINERS: Add myself as NUMA code maintainer
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* memory system updates to support transaction attributes
* set user-mode and secure attributes for accesses made by ARM CPUs
* rename c1_coproc to cpacr_el1
* adjust id_aa64pfr0 when has_el3 CPU property disabled
* allow ARMv8 SCR.SMD updates
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJVPlJWAAoJEDwlJe0UNgzeX6wP/3VRL+vFcgTugqLtG5MNpWl1
FOjWikAKY6NNjddduK4e7gusy3a9NVnLJnqEfBL+9PYsWyMkDPJKgVzy+4gBl6Yy
M5kGlemzLF1Fnx0ORXRLN4MHXDnrr7JIKtscKVMIZHG4YyqkWpd/iVWu+IlB+F2e
S10QT+Djv3eAR/hu64CbdgQ+d2EzP5z84t+qIB/BMSklZ+wv/MFctotUb2LY+6xT
9Sj1s1820BJGK1prFg9yb4NKsGcmwbn490bVb5Q6t5otqwns4O1LHlVLRpN5HAXB
XReCuyaTBif1sD/iRlBTZGBdbM9p4UEPFwFDA8CEToZlRQemm7y+YZxkNgVLSVX3
SeCUuYz81kklRmC4egKeMs1l4jKmNCKvHhoO/XpEVAwlIcf/Aap/Bm31G1hB5moI
Ao0yEd9PXOinOxUSNUtmdM0CfVx7Rmja98Li4/7+GcgsyqOVO2M+dOp5dR5JUumf
YbnYxegoxAGCSvXtmGqwPOnFcIpXJ/0a4mjVx40govnYC1KEc97KA+//pFQIy8s8
cDKFYSVdpZ6VJ5M1V2fr4uUPa7phTZQDw8k7UoxzcjfL/ABQErkQG7ABcx+Q1txZ
K7pA8LtCxInn+Ah03VPya2BRpb1eC+7ycr7ezb0Vlc7XtxgRqWGesvcWAr9z+Jtm
eyr8k+QtnO9ic7Pgpt8M
=hDRI
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20150427' into staging
target-arm queue:
* memory system updates to support transaction attributes
* set user-mode and secure attributes for accesses made by ARM CPUs
* rename c1_coproc to cpacr_el1
* adjust id_aa64pfr0 when has_el3 CPU property disabled
* allow ARMv8 SCR.SMD updates
# gpg: Signature made Mon Apr 27 16:14:30 2015 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
* remotes/pmaydell/tags/pull-target-arm-20150427:
Allow ARMv8 SCR.SMD updates
target-arm: Adjust id_aa64pfr0 when has_el3 CPU property disabled
target-arm: rename c1_coproc to cpacr_el1
target-arm: Check watchpoints against CPU security state
target-arm: Use attribute info to handle user-only watchpoints
target-arm: Add user-mode transaction attribute
target-arm: Use correct memory attributes for page table walks
target-arm: Honour NS bits in page tables
Switch non-CPU callers from ld/st*_phys to address_space_ld/st*
exec.c: Capture the memory attributes for a watchpoint hit
exec.c: Add new address_space_ld*/st* functions
exec.c: Make address_space_rw take transaction attributes
exec.c: Convert subpage memory ops to _with_attrs
Add MemTxAttrs to the IOTLB
Make CPU iotlb a structure rather than a plain hwaddr
memory: Replace io_mem_read/write with memory_region_dispatch_read/write
memory: Define API for MemoryRegionOps to take attrs and return status
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When CPU vendor is AMD, the AMD feature alias bits on
CPUID[0x80000001].EDX are already automatically copied from CPUID[1].EDX
on x86_cpu_realizefn(). When CPU vendor is Intel, those bits are
reserved and should be zero. On either case, those bits shouldn't be set
in the CPU model table.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
We already have "level" and "xlevel", only "xlevel2" is missing.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Static properties require only 1 line of code, much simpler than the
existing code that requires writing new getters/setters.
As a nice side-effect, this fixes an existing bug where the setters were
incorrectly allowing the properties to be changed after the CPU was
already realized.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Currently it is impossible to set an option in a config file to an empty
string, because the parser matches only lines containing non-empty
strings between double-quotes.
As sscanf() "[" conversion specifier only matches non-empty strings, add
a special case for empty strings.
Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
"Odd Fixes" doesn't reflect the current status of target-i386. We have
people looking after it, now.
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
The "srat" and "numa" keywords will help get_maintainer.pl catch
NUMA-related code in other files too.
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
address_space_translate_internal will clamp the *plen length argument
based on the size of the memory region being queried. The iommu walker
logic in addresss_space_translate was ignoring this by discarding the
post fn call value of *plen. Fix by just always using *plen as the
length argument throughout the fn, removing the len local variable.
This fixes a bootloader bug when a single elf section spans multiple
QEMU memory regions.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-Id: <1426570554-15940-1-git-send-email-peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
When an I/O port is more than 1 byte long, ioport.c is currently
creating "short" regions, for example 0x1ce-0x1ce for the 16-bit
Bochs index port. When I/O ports are memory mapped, and thus
accessed via a subpage_ops memory region, subpage_accepts gets
confused because it finds a hole at 0x1cf and rejects the access.
In order to fix this, modify registration of the region to cover
the whole size of the I/O port. Attempts to access an invalid
port will be blocked by find_portio returning NULL.
This only affects the VBE DISPI regions. For all other cases,
the MemoryRegionPortio entries for 2- or 4-byte accesses overlap
an entry for 1-byte accesses, thus the size of the memory region
is not affected.
Reported-by: Zoltan Balaton <balaton@eik.bme.hu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Right now, ioport.c assumes that the entire range specified with
MemoryRegionPortio includes a region with size == 1. This however
is not true for the VBE DISPI ports, which are 16-bit only. The
next patch will make these regions' length equal to two, which can
cause the assertions to trigger. Replace them with simple conditionals.
Also, ioport.c will emulate a 16-bit ioport with two distinct reads
or writes, even if one of the two accesses is out of the bounds given
by the MemoryRegionPortio array. Do not do this anymore, instead
discard writes to the incorrect register and read it as all-ones.
This ensures that the mrp->read and mrp->write callbacks get an
in-range ioport number.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
ioport.c has not been using an alias since commit b40acf9 (ioport:
Switch dispatching to memory core layer, 2013-06-24). Remove the
obsolete comment.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
IDE PIO data must be written, for example, at 0x1f0. You cannot
do word or dword writes to 0x1f1..0x1f3 to access the data register.
Adjust the ide_portio_list accordingly.
Cc: John Snow <jsnow@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Remove 16-bit reads/writes, since ioport.c is able to synthesize them.
Remove the two MIDI registers (0x300 and 0x301) from gus_portio_list1,
and add the second MIDI register (0x301) to gus_portio_list2.
Tested with Second Reality.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
ioport.c is already able to split a 16-bit access into two 8-bit
accesses to consecutive ports. Tested with Epic Pinball.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
These were being incorrectly declared as MISC_SIZE (1 byte) rather than
4 bytes and 2 bytes respectively. As a result accesses clamped to the
real register size would unexpectedly fail.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1427987370-15897-1-git-send-email-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
ram_addr_t is an internal interface, everyone should go through
MemoryRegion. Clean it up by making rom_add_blob return a
MemoryRegion* and using the new qemu_ram_resize infrastructure.
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
If DMA's owning thread cancels the IO while the bounce buffer's owning thread
is notifying the "cpu client list", a use-after-free happens:
continue_after_map_failure dma_aio_cancel
------------------------------------------------------------------
aio_bh_new
qemu_bh_delete
qemu_bh_schedule (use after free)
Also, the old code doesn't run the bh in the right AioContext.
Fix both problems by passing a QEMUBH to cpu_register_map_client.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1426496617-10702-6-git-send-email-famz@redhat.com>
[Remove unnecessary forward declaration. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The caller's workflow is like
if (!address_space_map()) {
...
cpu_register_map_client();
}
If bounce buffer became available after address_space_map() but before
cpu_register_map_client(), the caller could miss it and has to wait for the
next bounce buffer notify, which may never happen in the worse case.
Just notify the list in cpu_register_map_client().
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1426496617-10702-5-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
So that accesses from multiple threads are safe.
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1426496617-10702-4-git-send-email-famz@redhat.com>
[Remove #if from cpu_exec_init_all. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The function is a nop for user mode, so just remove them.
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1426496617-10702-3-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
There could be a race condition when two processes call
address_space_map concurrently and both want to use the bounce buffer.
Add an in_use flag in BounceBuffer to sync it.
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1426496617-10702-2-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>