In case of BP_STOP_BEFORE_ACCESS watchpoint check_watchpoint intends to
signal EXCP_DEBUG exception on exit from cpu loop, but later overwrites
exception code by the cpu_resume_from_signal call.
Use cpu_loop_exit with BP_STOP_BEFORE_ACCESS watchpoints.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
ICOUNT SR gets incremented on every instruction completion provided that
CINTLEVEL at the beginning of the instruction execution is lower than
ICOUNTLEVEL.
When ICOUNT would increment to 0 a debug exception is raised if
CINTLEVEL is lower than DEBUGLEVEL.
See ISA, 4.7.7.5 for more details.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Add IBREAKA/IBREAKENABLE SRs and implement debug exception, BREAK and
BREAK.N instructions and IBREAK breakpoints.
IBREAK breakpoint address is considered constant for TB lifetime.
On IBREAKA/IBREAKENABLE change corresponding TBs are invalidated.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
DEBUGCAUSE SR holds information about the most recent debug exception.
See ISA, 4.7.7 for more details.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Use OPTION_ROM_START/END from the common header file, add comment to
init code.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Always add a byte before the final 512-bytes alignment to reserve the
space for the ROM checksum.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
The CH registers is only written, never read. So we can remove these
operations and, in case of up_set_tpr, also the ECX push/pop.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
This enables acceleration for MMIO-based TPR registers accesses of
32-bit Windows guest systems. It is mostly useful with KVM enabled,
either on older Intel CPUs (without flexpriority feature, can also be
manually disabled for testing) or any current AMD processor.
The approach introduced here is derived from the original version of
qemu-kvm. It was refactored, documented, and extended by support for
user space APIC emulation, both with and without KVM acceleration. The
VMState format was kept compatible, so was the ABI to the option ROM
that implements the guest-side para-virtualized driver service. This
enables seamless migration from qemu-kvm to upstream or, one day,
between KVM and TCG mode.
The basic concept goes like this:
- VAPIC PV interface consisting of I/O port 0x7e and (for KVM in-kernel
irqchip) a vmcall hypercall is registered
- VAPIC option ROM is loaded into guest
- option ROM activates TPR MMIO access reporting via port 0x7e
- TPR accesses are trapped and patched in the guest to call into option
ROM instead, VAPIC support is enabled
- option ROM TPR helpers track state in memory and invoke hypercall to
poll for pending IRQs if required
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
This imports and builds the original VAPIC option ROM of qemu-kvm.
Its interaction with QEMU is described in the commit that introduces the
corresponding device model.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
This will allow the APIC core to file a TPR access report. Depending on
the accelerator and kernel irqchip mode, it will either be delivered
right away or queued for later reporting.
In TCG mode, we can restart the triggering instruction and can therefore
forward the event directly. KVM does not allows us to restart, so we
postpone the delivery of events recording in the user space APIC until
the current instruction is completed.
Note that KVM without in-kernel irqchip will report the address after
the instruction that triggered the access.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
In order to perform critical manipulations on the VM state in the
context of a VCPU, specifically code patching, stopping and resuming of
all VCPUs may be necessary. resume_all_vcpus is already compatible, now
enable pause_all_vcpus for this use case by stopping the calling context
before starting to wait for the whole gang.
CC: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
When the TCG thread is started but not yet the machine, we wait in
qemu_tcg_cpu_thread_fn on tcg_halt_cond. To allow run_on_cpu already at
this time, we need to process pending request in that loop.
CC: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
As we have thread-local cpu_single_env now and KVM uses exactly one
thread per VCPU, we can drop the cpu_single_env updates from the loop
and initialize this variable only once during setup.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
TLB_TEMPLATE macro specifies TLB geometry in the core configuration.
Make TLB_TEMPLATE available for region protection core variants,
defining 1 way ITLB and DTLB with 8 entries each.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Trying to interact with a stopped guest will queue up the events,
then send them all at once when the guest continues running, with
a high chance to have them cause unwanted actions.
Avoid that by only injecting the input events only when the guest
is in running state.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When an input line is handled as level-triggered, it will immediately
raise an IRQ on the output of a PIC again that goes through an init
reset. So only clear the edge-triggered inputs from IRR in that
scenario.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Instead of providing 4 individual query functions for mode, gate, output
and initial counter state, introduce a service that queries all
information at once. This comes with tiny additional costs for
pcspk_callback but with a much cleaner interface. Also, it will simplify
the implementation of the KVM in-kernel PIT model.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Convert the PC speaker device to a qdev ISA model. Move the public
interface to a dedicated header file at this chance.
CC: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When the HPET enters legacy mode, the IRQ output of the PIT is
suppressed and replaced by the HPET timer 0. But the current code to
emulate this was broken in many ways. It reset the PIT state after
re-enabling, it worked against a stale static PIT structure, and it did
not properly saved/restored the IRQ output mask in the PIT vmstate.
This patch solves the PIT IRQ control in a different way. On x86, it
both redirects the PIT IRQ to the HPET, just like the RTC. But it also
keeps the control line from the HPET to the PIT. This allows to disable
the PIT QEMU timer when it is not needed. The PIT's view on the control
line state is now saved in the same format that qemu-kvm is already
using.
Note that, in contrast to the suppressed RTC IRQ line, we do not need to
save/restore the PIT line state in the HPET. As we trigger a PIT IRQ
update via the control line, the line state is reconstructed on mode
switch.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
HPET legacy emulation will require control over the PIT IRQ output. To
enable this, add support for an alternative IRQ output object to the PIT
factory function. If the isa_irq number is < 0, this object will be
used.
This also removes the IRQ number property from the PIT class as we now
use a generic GPIO output pin that is connected by the factory function.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Move the public interface of the PIT into its own header file and update
all users.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
In legacy mode, the HPET suppresses the RTC interrupt delivery via IRQ
8 but keeps track of the RTC output level and applies it when legacy
mode is turned off again. This value has to be preserved across save/
restore as it cannot be reconstructed otherwise.
To document that a raised rtc_irq_level won't survive a vmload without
a hpet/rtc_irq_level subsection, add an explicit clearing to the reset
handler.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Avoid changing the IRQ level to high on reset as it may trigger spurious
events. Instead, open-code the effects of pit_load_count(0) in the reset
handler.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Currently when disabling login in VNC, the password is cleared out and the
authentication protocol is forced to AUTH_VNC. If you're using a stronger
authentication protocol, this has the effect of downgrading your security
protocol.
Fix this by only changing the authentication protocol if the current
authentication protocol is AUTH_NONE. That ensures we're never downgrading.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
--
NB. This patch is derived from one posted by Anthony last year, which got
accidentally lost after Luiz took over the QMP series work
https://lists.gnu.org/archive/html/qemu-devel/2011-09/msg00392.html
v1 -> v2
- Make sure to not demote when changing password (Daniel)
v2 -> v3
- Rebase to latest GIT master wrt QMP changes
Since QOM'ification, qdev_try_create() uses object_new() internally,
which asserts "type != NULL" when the type is not registered.
This was revealed by the combination of kvmclock's kvm_enabled() check
and early QOM type registration.
Check whether the class exists before calling object_new(), so that
the caller (e.g., qdev_create) can fail gracefully, telling us which
device could not be created.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Anthony Liguori <aliguori@codemonkey.ws>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Remove the OpenBSD workaround for the curses probe. This has not been
necessary for 5 releases now.
Signed-off-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
libcacard is only used by system emulation.
Only define libcacard_libs/cflags once.
Signed-off-by: Paul Brook <paul@codesourcery.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The main advantage of circular lists (the fact that the head node
has the same memory layout as any other node) is completely negated
by the implementation in qemu-queue.h. Not surprisingly, nobody
uses QCIRCLEQ. While this might change if RCU is ever adopted by
QEMU, the QLIST is also RCU-friendly and in fact it is used in a
RCU-like manner by 9pfs already. So, just kill QCIRCLEQ.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Notifiers do not need to access both ends of the list, and using
a QLIST also simplifies the API.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* stefanha/trivial-patches:
linux-user: brk() debugging
virtio: Remove unneeded g_free() check in virtio_cleanup()
net: remove extra spaces in help messages
fmopl: Fix typo in function name
vl.c: Fix typo in variable name
ide: fix compilation errors when DEBUG_IDE is set
cpu-exec.c: Correct comment about this file and indentation cleanup
CODING_STYLE: Clarify style for enum and function type names
linux-user: fail execve() if env/args too big
When qemu-nbd becomes a daemon it calls daemon(3) with
nochdir=0, so daemon(3) changes current directory to /.
But at this time, qemu-nbd did not open any user-specified
files yet, so by changing current directory, all non-absolute
paths becomes wrong. The solution is to pass nochdir=1 to
daemon(3) function, and to chdir("/") after all init has
been performed, before entering the main loop, -- just like
a good daemon should do.
This patch is applicable for -stable.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Fix a typo in pl031_interrupt() which meant we were setting a bit
in the interrupt mask rather than the interrupt status register
and thus not actually raising an interrupt. This fix allows the
rtctest program from the kernel's Documentation/rtc.txt to pass
rather than hanging.
Reported-by: Daniel Forsgren <daniel.forsgren@enea.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Andreas Färber <afaerber@suse.de>
The primecell.h header now only has the definitions of constants
indicating the usage of the arm_sysctl GPIO lines; remove obsolete
includes of it from source files which don't care about those GPIO
lines.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Remove an obsolete declaration of pl080_init(), which has been
incorrect since the conversion of pl080 to qdev back in 2009.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Drop the legacy init function arm_sysctl_init(), since it has no
users left any more. This allows us to drop the awkward '1' from
the actual device init function.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Andreas Färber <afaerber@suse.de>
Add the vexpress-a15 machine, and the A-Series memory map it uses.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
The arm_boot secondary boot loader code needs the address of
the GIC CPU interface. Obtaining this from the base address
of the private peripheral region was possible for A9 and 11MPcore,
but the A15 puts the GIC CPU interface in a different place.
So make boards pass in the GIC CPU interface address directly.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
