qemu.git
3 years agonet: pcnet: add check to validate receive data size(CVE-2015-7504)
Prasad J Pandit [Fri, 20 Nov 2015 06:20:31 +0000 (11:50 +0530)] 
net: pcnet: add check to validate receive data size(CVE-2015-7504)

In loopback mode, pcnet_receive routine appends CRC code to the
receive buffer. If the data size given is same as the buffer size,
the appended CRC code overwrites 4 bytes after s->buffer. Added a
check to avoid that.

Reported by: Qinghao Tang <luodalongde@gmail.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
3 years agoe1000: fix hang of win2k12 shutdown with flood ping
Denis V. Lunev [Fri, 27 Nov 2015 06:48:41 +0000 (09:48 +0300)] 
e1000: fix hang of win2k12 shutdown with flood ping

e1000 driver in Win2k12 is really well rotten. It 100% hangs on shutdown
of UP VM under flood ping. The guest checks card state and reinjects
itself interrupt in a loop. This is fatal for UP machine.

There is no good way to fix this misbehavior but to kludge it. The
emulation has interrupt throttling register aka ITR which limits
interrupt rate and allows the guest to proceed this phase.
There is no problem with this kludge for Linux guests - it adjust the
value of it itself.

On the other hand according to the initial research in
    commit e9845f0985f088dd01790f4821026df0afba5795
    Author: Vincenzo Maffione <v.maffione@gmail.com>
    Date:   Fri Aug 2 18:30:52 2013 +0200

    e1000: add interrupt mitigation support

    ...

    Interrupt mitigation boosts performance when the guest suffers from
    an high interrupt rate (i.e. receiving short UDP packets at high packet
    rate). For some numerical results see the following link
    http://info.iet.unipi.it/~luigi/papers/20130520-rizzo-vm.pdf

this should also boost performance a bit.

See https://bugzilla.redhat.com/show_bug.cgi?id=874406 for additional
details.

Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Vincenzo Maffione <v.maffione@gmail.com>
CC: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
4 years agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20151027-1' into...
Peter Maydell [Tue, 27 Oct 2015 16:17:55 +0000 (16:17 +0000)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20151027-1' into staging

target-arm queue:
 * more EL2 preparation: handling for stage 2 translations
 * standardize debug macros in i.MX devices
 * improve error message in a corner case for virt board
 * disable live migration of KVM GIC if the kernel can't handle it
 * add SPSR_(ABT|UND|IRQ|FIQ) registers
 * handle non-executable page-straddling Thumb instructions
 * fix a "no 64-bit EL2" assumption in arm_excp_unmasked()

# gpg: Signature made Tue 27 Oct 2015 16:03:31 GMT using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"

* remotes/pmaydell/tags/pull-target-arm-20151027-1: (27 commits)
  target-arm: Add support for S1 + S2 MMU translations
  target-arm: Route S2 MMU faults to EL2
  target-arm: Add S2 translation to 32bit S1 PTWs
  target-arm: Add S2 translation to 64bit S1 PTWs
  target-arm: Add ARMMMUFaultInfo
  target-arm: Avoid inline for get_phys_addr
  target-arm: Add support for S2 page-table protection bits
  target-arm: Add computation of starting level for S2 PTW
  target-arm: lpae: Rename granule_sz to stride
  target-arm: lpae: Replace tsz with computed inputsize
  target-arm: Add support for AArch32 S2 negative t0sz
  target-arm: lpae: Move declaration of t0sz and t1sz
  target-arm: lpae: Make t0sz and t1sz signed integers
  target-arm: Add HPFAR_EL2
  i.MX: Standardize i.MX GPT debug
  i.MX: Standardize i.MX EPIT debug
  i.MX: Standardize i.MX FEC debug
  i.MX: Standardize i.MX CCM debug
  i.MX: Standardize i.MX AVIC debug
  i.MX: Standardize i.MX I2C debug
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: Add support for S1 + S2 MMU translations
Edgar E. Iglesias [Mon, 26 Oct 2015 13:02:07 +0000 (14:02 +0100)] 
target-arm: Add support for S1 + S2 MMU translations

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1445864527-14520-15-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: Route S2 MMU faults to EL2
Edgar E. Iglesias [Mon, 26 Oct 2015 13:02:06 +0000 (14:02 +0100)] 
target-arm: Route S2 MMU faults to EL2

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1445864527-14520-14-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: Add S2 translation to 32bit S1 PTWs
Edgar E. Iglesias [Mon, 26 Oct 2015 13:02:05 +0000 (14:02 +0100)] 
target-arm: Add S2 translation to 32bit S1 PTWs

Add support for applying S2 translation to 32bit S1
page-table walks.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1445864527-14520-13-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: Add S2 translation to 64bit S1 PTWs
Edgar E. Iglesias [Mon, 26 Oct 2015 13:02:04 +0000 (14:02 +0100)] 
target-arm: Add S2 translation to 64bit S1 PTWs

Add support for applying S2 translation to 64bit S1
page-table walks.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1445864527-14520-12-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: Add ARMMMUFaultInfo
Edgar E. Iglesias [Mon, 26 Oct 2015 13:02:03 +0000 (14:02 +0100)] 
target-arm: Add ARMMMUFaultInfo

Introduce ARMMMUFaultInfo to propagate MMU Fault information
across the MMU translation code path. This is in preparation for
adding Stage-2 translation.

No functional changes.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1445864527-14520-11-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: Avoid inline for get_phys_addr
Edgar E. Iglesias [Mon, 26 Oct 2015 13:02:02 +0000 (14:02 +0100)] 
target-arm: Avoid inline for get_phys_addr

Avoid inline for get_phys_addr() to prepare for future recursive use.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1445864527-14520-10-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: Add support for S2 page-table protection bits
Edgar E. Iglesias [Mon, 26 Oct 2015 13:02:01 +0000 (14:02 +0100)] 
target-arm: Add support for S2 page-table protection bits

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1445864527-14520-9-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: Add computation of starting level for S2 PTW
Edgar E. Iglesias [Mon, 26 Oct 2015 13:02:00 +0000 (14:02 +0100)] 
target-arm: Add computation of starting level for S2 PTW

The starting level for S2 pagetable walks is computed
differently from the S1 starting level. Implement the S2
variant.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1445864527-14520-8-git-send-email-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: lpae: Rename granule_sz to stride
Edgar E. Iglesias [Mon, 26 Oct 2015 13:01:59 +0000 (14:01 +0100)] 
target-arm: lpae: Rename granule_sz to stride

Rename granule_sz to stride to better match the reference manuals.

No functional change.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1445864527-14520-7-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: lpae: Replace tsz with computed inputsize
Edgar E. Iglesias [Mon, 26 Oct 2015 13:01:58 +0000 (14:01 +0100)] 
target-arm: lpae: Replace tsz with computed inputsize

Remove the tsz variable and introduce inputsize.
This simplifies the code a little and makes it easier to
compare with the reference manuals.

No functional change.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1445864527-14520-6-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: Add support for AArch32 S2 negative t0sz
Edgar E. Iglesias [Mon, 26 Oct 2015 13:01:57 +0000 (14:01 +0100)] 
target-arm: Add support for AArch32 S2 negative t0sz

Add support for AArch32 S2 negative t0sz. In preparation for
using 40bit IPAs on AArch32.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1445864527-14520-5-git-send-email-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: lpae: Move declaration of t0sz and t1sz
Edgar E. Iglesias [Mon, 26 Oct 2015 13:01:56 +0000 (14:01 +0100)] 
target-arm: lpae: Move declaration of t0sz and t1sz

Move declaration of t0sz and t1sz to the top of the function
avoiding a mix of code and variable declarations.

No functional change.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1445864527-14520-4-git-send-email-edgar.iglesias@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: lpae: Make t0sz and t1sz signed integers
Edgar E. Iglesias [Mon, 26 Oct 2015 13:01:55 +0000 (14:01 +0100)] 
target-arm: lpae: Make t0sz and t1sz signed integers

Make t0sz and t1sz signed integers to match tsz and to make
it easier to implement support for AArch32 negative t0sz.
t1sz is changed for consistensy.

No functional change.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1445864527-14520-3-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: Add HPFAR_EL2
Edgar E. Iglesias [Mon, 26 Oct 2015 13:01:54 +0000 (14:01 +0100)] 
target-arm: Add HPFAR_EL2

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Message-id: 1445864527-14520-2-git-send-email-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoi.MX: Standardize i.MX GPT debug
Jean-Christophe Dubois [Sun, 25 Oct 2015 14:16:26 +0000 (15:16 +0100)] 
i.MX: Standardize i.MX GPT debug

The goal is to have debug code always compiled during build.

We standardize all debug output on the following format:

[QOM_TYPE_NAME]reporting_function: debug message

We also replace IPRINTF with qemu_log_mask(). The qemu_log_mask() output
is following the same format as the above debug.

Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: b7ce7e98a051479453744aded122789531d80a44.1445781957.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoi.MX: Standardize i.MX EPIT debug
Jean-Christophe Dubois [Sun, 25 Oct 2015 14:16:24 +0000 (15:16 +0100)] 
i.MX: Standardize i.MX EPIT debug

The goal is to have debug code always compiled during build.

We standardize all debug output on the following format:

[QOM_TYPE_NAME]reporting_function: debug message

We also replace IPRINTF with qemu_log_mask(). The qemu_log_mask() output
is following the same format as the above debug.

Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 5bbad71517ca728d8865f7b9f998baa0df022794.1445781957.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoi.MX: Standardize i.MX FEC debug
Jean-Christophe Dubois [Sun, 25 Oct 2015 14:16:21 +0000 (15:16 +0100)] 
i.MX: Standardize i.MX FEC debug

The goal is to have debug code always compiled during build.

We standardize all debug output on the following format:

[QOM_TYPE_NAME]reporting_function: debug message

The qemu_log_mask() output is following the same format as the
above debug.

Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 57e565982db94fb433c32dfa17608888464d21de.1445781957.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoi.MX: Standardize i.MX CCM debug
Jean-Christophe Dubois [Sun, 25 Oct 2015 14:16:19 +0000 (15:16 +0100)] 
i.MX: Standardize i.MX CCM debug

The goal is to have debug code always compiled during build.

We standardize all debug output on the following format:

[QOM_TYPE_NAME]reporting_function: debug message

The qemu_log_mask() output is following the same format as the
above debug.

Adding some missing qemu_log_mask call for bad registers.

Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 293e08f31cbb4df84d58f693243e61e770c73b3a.1445781957.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoi.MX: Standardize i.MX AVIC debug
Jean-Christophe Dubois [Sun, 25 Oct 2015 14:16:17 +0000 (15:16 +0100)] 
i.MX: Standardize i.MX AVIC debug

The goal is to have debug code always compiled during build.

We standardize all debug output on the following format:

[QOM_TYPE_NAME]reporting_function: debug message

We also replace IPRINTF with qemu_log_mask(). The qemu_log_mask() output
is following the same format as the above debug.

Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 29885ffea2577eaf2288c1d17fd87ee951748b49.1445781957.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoi.MX: Standardize i.MX I2C debug
Jean-Christophe Dubois [Sun, 25 Oct 2015 14:16:14 +0000 (15:16 +0100)] 
i.MX: Standardize i.MX I2C debug

The goal is to have debug code always compiled during build.

We standardize all debug output on the following format:

[QOM_TYPE_NAME]reporting_function: debug message

The qemu_log_mask() output is following the same format as
the above debug.

Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 328acfe6fc09a5afdbfbfd5220e0869fd5082660.1445781957.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoi.MX: Standardize i.MX GPIO debug
Jean-Christophe Dubois [Sun, 25 Oct 2015 14:16:11 +0000 (15:16 +0100)] 
i.MX: Standardize i.MX GPIO debug

The goal is to have debug code always compiled during build.

We standardize all debug output on the following format:

[QOM_TYPE_NAME]reporting_function: debug message

The qemu_log_mask() outputis following the same format as
the above debug.

Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 4f2007adcf0f579864bb4dd8a825824e0e9098b8.1445781957.git.jcd@tribudubois.net
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoi.MX: Standardize i.MX serial debug.
Jean-Christophe Dubois [Sun, 25 Oct 2015 14:16:06 +0000 (15:16 +0100)] 
i.MX: Standardize i.MX serial debug.

The goal is to have debug code always compiled during build.

We standardize all debug output on the following format:

[QOM_TYPE_NAME]reporting_function: debug message

We also replace IPRINTF with qemu_log_mask(). The qemu_log_mask() output
is following the same format as the above debug.

Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net>
Message-id: 47b8759b251d356c633faf7ea34f897f340aea4e.1445781957.git.jcd@tribudubois.net
[PMM: Drop attempt to print the ram_addr of a memory region in
 one DPRINTF, which (a) was using the wrong format string so
 didn't build on 32-bit and (b) was incorrectly looking at a
 private field of a MemoryRegion struct]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agohw/arm/virt: don't use a15memmap directly
Andrew Jones [Tue, 27 Oct 2015 12:00:50 +0000 (12:00 +0000)] 
hw/arm/virt: don't use a15memmap directly

We should always go through VirtBoardInfo when we need the memmap.
To avoid using a15memmap directly, in this case, we need to defer
the max-cpus check from class init time to instance init time. In
class init we now use MAX_CPUMASK_BITS for max_cpus initialization,
which is the maximum QEMU supports, and also, incidentally, the
maximum KVM/gicv3 currently supports. Also, a nice side-effect of
delaying the max-cpus check is that we now get more appropriate
error messages for gicv2 machines that try to configure more than
123 cpus. Before this patch it would complain that the requested
number of cpus was greater than 123, but for gicv2 configs, it
should complain that the number is greater than 8.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Message-id: 1445189728-860-3-git-send-email-drjones@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoarm_gic_kvm: Disable live migration if not supported
Pavel Fedin [Tue, 27 Oct 2015 12:00:50 +0000 (12:00 +0000)] 
arm_gic_kvm: Disable live migration if not supported

Currently, if the kernel does not have live migration API, the migration
will still be attempted, but vGIC save/restore functions will just not do
anything. This will result in a broken machine state.

This patch fixes the problem by adding migration blocker if kernel API is
not supported.

Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: Add support for SPSR_(ABT|UND|IRQ|FIQ)
Soren Brinkmann [Tue, 27 Oct 2015 12:00:50 +0000 (12:00 +0000)] 
target-arm: Add support for SPSR_(ABT|UND|IRQ|FIQ)

Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm/translate.c: Handle non-executable page-straddling Thumb insns
Peter Maydell [Tue, 27 Oct 2015 12:00:50 +0000 (12:00 +0000)] 
target-arm/translate.c: Handle non-executable page-straddling Thumb insns

When the memory we're trying to translate code from is not executable we have
to turn this into a guest fault. In order to report the correct PC for this
fault, and to make sure it is not reported until after any other possible
faults for instructions earlier in execution, we must terminate TBs at
the end of a page, in case the next instruction is in a non-executable page.
This is simple for T16, A32 and A64 instructions, which are always aligned
to their size. However T32 instructions may be 32-bits but only 16-aligned,
so they can straddle a page boundary.

Correct the condition that checks whether the next instruction will touch
the following page, to ensure that if we're 2 bytes before the boundary
and this insn is T32 then we end the TB.

Reported-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotarget-arm: Fix "no 64-bit EL2" assumption in arm_excp_unmasked()
Peter Maydell [Tue, 27 Oct 2015 12:00:50 +0000 (12:00 +0000)] 
target-arm: Fix "no 64-bit EL2" assumption in arm_excp_unmasked()

The code in arm_excp_unmasked() suppresses the ability of PSTATE.AIF
to mask exceptions from a lower EL targeting EL2 or EL3 if the
CPU is 64-bit. This is correct for a target of EL3, but not correct
for targeting EL2. Further, we go to some effort to calculate
scr and hcr values which are not used at all for the 64-bit CPU
case.

Rearrange the code to correctly implement the 64-bit CPU logic
and keep the hcr/scr calculations in the 32-bit CPU codepath.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1444327729-4120-1-git-send-email-peter.maydell@linaro.org
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
4 years agoMerge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
Peter Maydell [Tue, 27 Oct 2015 10:10:46 +0000 (10:10 +0000)] 
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Tue 27 Oct 2015 05:47:28 GMT using RSA key ID 398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  net: free the string returned by object_get_canonical_path_component
  net: make iov_to_buf take right size argument in nc_sendv_compat()
  net: Remove duplicate data from query-rx-filter on multiqueue net devices
  vmxnet3: Do not fill stats if device is inactive
  options: Add documentation for filter-dump
  net/dump: Provide the dumping facility as a net-filter
  net/dump: Separate the NetClientState from the DumpState
  net/dump: Rework net-dump init functions
  net/dump: Add support for receive_iov function
  net: cadence_gem: Set initial MAC address

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agonet: free the string returned by object_get_canonical_path_component
Yang Hongyang [Tue, 20 Oct 2015 01:51:26 +0000 (09:51 +0800)] 
net: free the string returned by object_get_canonical_path_component

The value returned from object_get_canonical_path_component
must be freed.

Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
4 years agonet: make iov_to_buf take right size argument in nc_sendv_compat()
Yang Hongyang [Tue, 20 Oct 2015 01:51:25 +0000 (09:51 +0800)] 
net: make iov_to_buf take right size argument in nc_sendv_compat()

We want "buf, sizeof(buf)" here.  sizeof(buffer) is the size of a
pointer, which is wrong.
Thanks to Paolo for pointing it out.

Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
4 years agonet: Remove duplicate data from query-rx-filter on multiqueue net devices
Vladislav Yasevich [Mon, 19 Oct 2015 13:04:38 +0000 (09:04 -0400)] 
net: Remove duplicate data from query-rx-filter on multiqueue net devices

When responding to a query-rx-filter command on a multiqueue
netdev, qemu reports the data for each queue.  The data, however,
is not per-queue, but per device and the same data is reported
multiple times.  This causes confusion and may also cause extra
unnecessary processing when looking at the data.

Commit 638fb14169 (net: Make qmp_query_rx_filter() with name argument
more obvious) partially addresses this issue, by limiting the output
when the name is specified.  However, when the name is not specified,
the issue still persists.

Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
4 years agovmxnet3: Do not fill stats if device is inactive
Shmulik Ladkani [Thu, 15 Oct 2015 10:54:30 +0000 (13:54 +0300)] 
vmxnet3: Do not fill stats if device is inactive

Guest OS may issue VMXNET3_CMD_GET_STATS even before device was
activated (for example in linux, after insmod but prior net-dev open).

Accessing shared descriptors prior device activation is illegal as the
VMXNET3State structures have not been fully initialized.

As a result, guest memory gets corrupted and may lead to guest OS
crashes.

Fix, by not filling the stats descriptors if device is inactive.

Reported-by: Leonid Shatz <leonid.shatz@ravellosystems.com>
Acked-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Dana Rubin <dana.rubin@ravellosystems.com>
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
4 years agooptions: Add documentation for filter-dump
Thomas Huth [Tue, 13 Oct 2015 10:40:02 +0000 (12:40 +0200)] 
options: Add documentation for filter-dump

Add a short description for the filter-dump command line options.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
4 years agonet/dump: Provide the dumping facility as a net-filter
Thomas Huth [Tue, 13 Oct 2015 10:40:01 +0000 (12:40 +0200)] 
net/dump: Provide the dumping facility as a net-filter

Use the net-filter infrastructure to provide the dumping
functions for netdev devices, too.

Reviewed-by: Yang Hongyang <yanghy@cn.fujitsu.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
4 years agonet/dump: Separate the NetClientState from the DumpState
Thomas Huth [Tue, 13 Oct 2015 10:40:00 +0000 (12:40 +0200)] 
net/dump: Separate the NetClientState from the DumpState

With the upcoming dumping-via-netfilter patch, the DumpState
should not be related to NetClientState anymore, so move the
related information to a new struct called DumpNetClient.

Reviewed-by: Yang Hongyang <yanghy@cn.fujitsu.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
4 years agonet/dump: Rework net-dump init functions
Thomas Huth [Tue, 13 Oct 2015 10:39:59 +0000 (12:39 +0200)] 
net/dump: Rework net-dump init functions

Move the creation of the dump client from net_dump_init() into
net_init_dump(), so we can later use the former function for
dump via netfilter, too. Also rename net_dump_init() to
net_dump_state_init() to make it easier distinguishable from
net_init_dump().

Reviewed-by: Yang Hongyang <yanghy@cn.fujitsu.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
4 years agonet/dump: Add support for receive_iov function
Thomas Huth [Tue, 13 Oct 2015 10:39:58 +0000 (12:39 +0200)] 
net/dump: Add support for receive_iov function

Adding a proper receive_iov function to the net dump module.
This will make it easier to support the dump filter feature for
the -netdev option in later patches.

Reviewed-by: Yang Hongyang <yanghy@cn.fujitsu.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
4 years agonet: cadence_gem: Set initial MAC address
Sebastian Huber [Mon, 12 Oct 2015 08:25:01 +0000 (10:25 +0200)] 
net: cadence_gem: Set initial MAC address

Set initial MAC address to the one specified by the command line.

Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
4 years agoMerge remote-tracking branch 'remotes/sstabellini/tags/xen-2015-10-26' into staging
Peter Maydell [Mon, 26 Oct 2015 13:13:38 +0000 (13:13 +0000)] 
Merge remote-tracking branch 'remotes/sstabellini/tags/xen-2015-10-26' into staging

Xen 2015-10-26

# gpg: Signature made Mon 26 Oct 2015 11:32:50 GMT using RSA key ID 70E1AE90
# gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>"

* remotes/sstabellini/tags/xen-2015-10-26:
  xen-platform: Replace assert() with appropriate error reporting
  xen_platform: switch to realize
  Qemu/Xen: Fix early freeing MSIX MMIO memory region

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoxen-platform: Replace assert() with appropriate error reporting
Eduardo Habkost [Wed, 21 Oct 2015 15:46:50 +0000 (13:46 -0200)] 
xen-platform: Replace assert() with appropriate error reporting

Commit dbb7405d8caad0814ceddd568cb49f163a847561 made it possible to
trigger an assert using "-device xen-platform". Replace it with
appropriate error reporting.

Before:

  $ qemu-system-x86_64 -device xen-platform
  qemu-system-x86_64: hw/i386/xen/xen_platform.c:391: xen_platform_initfn: Assertion `xen_enabled()' failed.
  Aborted (core dumped)
  $

After:

  $ qemu-system-x86_64 -device xen-platform
  qemu-system-x86_64: -device xen-platform: xen-platform device requires the Xen accelerator
  $

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
4 years agoxen_platform: switch to realize
Stefano Stabellini [Wed, 21 Oct 2015 15:46:49 +0000 (13:46 -0200)] 
xen_platform: switch to realize

Use realize to initialize the xen_platform device

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
4 years agoMerge remote-tracking branch 'remotes/elmarco/tags/ivshmem-pull-request' into staging
Peter Maydell [Mon, 26 Oct 2015 11:32:20 +0000 (11:32 +0000)] 
Merge remote-tracking branch 'remotes/elmarco/tags/ivshmem-pull-request' into staging

ivshmem series

# gpg: Signature made Mon 26 Oct 2015 09:27:46 GMT using RSA key ID 75969CE5
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>"
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276  F62D DAE8 E109 7596 9CE5

* remotes/elmarco/tags/ivshmem-pull-request: (51 commits)
  doc: document ivshmem & hugepages
  ivshmem: use little-endian int64_t for the protocol
  ivshmem: use kvm irqfd for msi notifications
  ivshmem: rename MSI eventfd_table
  ivshmem: remove EventfdEntry.vector
  ivshmem: add hostmem backend
  ivshmem: use qemu_strtosz()
  ivshmem: do not keep shm_fd open
  tests: add ivshmem qtest
  qtest: add qtest_add_abrt_handler()
  msix: implement pba write (but read-only)
  contrib: remove unnecessary strdup()
  ivshmem: add check on protocol version in QEMU
  docs: update ivshmem device spec
  ivshmem-server: fix hugetlbfs support
  ivshmem-server: use a uint16 for client ID
  ivshmem-client: check the number of vectors
  contrib: add ivshmem client and server
  util: const event_notifier_get_fd() argument
  ivshmem: reset mask on device reset
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agoQemu/Xen: Fix early freeing MSIX MMIO memory region
Lan Tianyu [Sun, 11 Oct 2015 15:19:24 +0000 (23:19 +0800)] 
Qemu/Xen: Fix early freeing MSIX MMIO memory region

msix->mmio is added to XenPCIPassthroughState's object as property.
object_finalize_child_property is called for XenPCIPassthroughState's
object, which calls object_property_del_all, which is going to try to
delete msix->mmio. object_finalize_child_property() will access
msix->mmio's obj. But the whole msix struct has already been freed
by xen_pt_msix_delete. This will cause segment fault when msix->mmio
has been overwritten.

This patch is to fix the issue.

Signed-off-by: Lan Tianyu <tianyu.lan@intel.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
4 years agodoc: document ivshmem & hugepages
Marc-André Lureau [Wed, 7 Oct 2015 14:31:47 +0000 (16:31 +0200)] 
doc: document ivshmem & hugepages

Document and give some examples of hugepages support with ivshmem device
and server.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
4 years agoivshmem: use little-endian int64_t for the protocol
Marc-André Lureau [Thu, 24 Sep 2015 10:55:01 +0000 (12:55 +0200)] 
ivshmem: use little-endian int64_t for the protocol

The current ivshmem protocol uses 'long' for integers. But the
sizeof(long) depends on the host and the endianess is not defined, which
may cause portability troubles.

Instead, switch to using little-endian int64_t. This breaks the
protocol, except on x64 little-endian host where this change
should be compatible.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: use kvm irqfd for msi notifications
Marc-André Lureau [Thu, 9 Jul 2015 13:50:13 +0000 (15:50 +0200)] 
ivshmem: use kvm irqfd for msi notifications

Use irqfd for improving context switch when notifying the guest.
If the host doesn't support kvm irqfd, regular msi notifications are
still supported.

Note: the ivshmem implementation doesn't allow switching between MSI and
IO interrupts, this patch doesn't either.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agoivshmem: rename MSI eventfd_table
Marc-André Lureau [Mon, 27 Jul 2015 10:59:19 +0000 (12:59 +0200)] 
ivshmem: rename MSI eventfd_table

The array is used to have vector specific data, so use a more
descriptive name.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: remove EventfdEntry.vector
Marc-André Lureau [Fri, 24 Jul 2015 16:52:19 +0000 (18:52 +0200)] 
ivshmem: remove EventfdEntry.vector

No need to store an extra int for the vector number when it can be
computed easily by looking at the position in the array.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: add hostmem backend
Marc-André Lureau [Mon, 29 Jun 2015 22:10:16 +0000 (00:10 +0200)] 
ivshmem: add hostmem backend

Instead of handling allocation, teach ivshmem to use a memory backend.
This allows to use hugetlbfs backed memory now.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: use qemu_strtosz()
Marc-André Lureau [Mon, 29 Jun 2015 22:06:03 +0000 (00:06 +0200)] 
ivshmem: use qemu_strtosz()

Use the common qemu utility function to parse the memory size.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: do not keep shm_fd open
Marc-André Lureau [Mon, 29 Jun 2015 22:04:19 +0000 (00:04 +0200)] 
ivshmem: do not keep shm_fd open

Remove shm_fd from device state, closing it as early as possible to avoid leaks.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agotests: add ivshmem qtest
Marc-André Lureau [Wed, 2 Apr 2014 14:57:48 +0000 (16:57 +0200)] 
tests: add ivshmem qtest

Adds 4 ivshmemtests:
- single qemu instance and basic IO
- pair of instances, check memory sharing
- pair of instances with server, and MSIX
- hot plug/unplug

A temporary shm is created as well as a directory to place server
socket, both should be clear on exit and abort.

Cc: Cam Macdonell <cam@cs.ualberta.ca>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
4 years agoqtest: add qtest_add_abrt_handler()
Marc-André Lureau [Fri, 19 Jun 2015 16:45:14 +0000 (18:45 +0200)] 
qtest: add qtest_add_abrt_handler()

Allow a test to add abort handlers, use GHook for all handlers.

There is currently no way to remove a handler, but it could be
later added if needed.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agomsix: implement pba write (but read-only)
Marc-André Lureau [Fri, 26 Jun 2015 12:25:29 +0000 (14:25 +0200)] 
msix: implement pba write (but read-only)

qpci_msix_pending() writes on pba region, causing qemu to SEGV:

  Program received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7ffff7fba8c0 (LWP 25882)]
  0x0000000000000000 in ?? ()
  (gdb) bt
  #0  0x0000000000000000 in  ()
  #1  0x00005555556556c5 in memory_region_oldmmio_write_accessor (mr=0x5555579f3f80, addr=0, value=0x7fffffffbf68, size=4, shift=0, mask=4294967295, attrs=...) at /home/elmarco/src/qemu/memory.c:434
  #2  0x00005555556558e1 in access_with_adjusted_size (addr=0, value=0x7fffffffbf68, size=4, access_size_min=1, access_size_max=4, access=0x55555565563e <memory_region_oldmmio_write_accessor>, mr=0x5555579f3f80, attrs=...) at /home/elmarco/src/qemu/memory.c:506
  #3  0x00005555556581eb in memory_region_dispatch_write (mr=0x5555579f3f80, addr=0, data=0, size=4, attrs=...) at /home/elmarco/src/qemu/memory.c:1176
  #4  0x000055555560b6f9 in address_space_rw (as=0x555555eff4e0 <address_space_memory>, addr=3759147008, attrs=..., buf=0x7fffffffc1b0 "", len=4, is_write=true) at /home/elmarco/src/qemu/exec.c:2439
  #5  0x000055555560baa2 in cpu_physical_memory_rw (addr=3759147008, buf=0x7fffffffc1b0 "", len=4, is_write=1) at /home/elmarco/src/qemu/exec.c:2534
  #6  0x000055555564c005 in cpu_physical_memory_write (addr=3759147008, buf=0x7fffffffc1b0, len=4) at /home/elmarco/src/qemu/include/exec/cpu-common.h:80
  #7  0x000055555564cd9c in qtest_process_command (chr=0x55555642b890, words=0x5555578de4b0) at /home/elmarco/src/qemu/qtest.c:378
  #8  0x000055555564db77 in qtest_process_inbuf (chr=0x55555642b890, inbuf=0x55555641b340) at /home/elmarco/src/qemu/qtest.c:569
  #9  0x000055555564dc07 in qtest_read (opaque=0x55555642b890, buf=0x7fffffffc2e0 "writel 0xe0100800 0x0\n", size=22) at /home/elmarco/src/qemu/qtest.c:581
  #10 0x000055555574ce3e in qemu_chr_be_write (s=0x55555642b890, buf=0x7fffffffc2e0 "writel 0xe0100800 0x0\n", len=22) at qemu-char.c:306
  #11 0x0000555555751263 in tcp_chr_read (chan=0x55555642bcf0, cond=G_IO_IN, opaque=0x55555642b890) at qemu-char.c:2876
  #12 0x00007ffff64c9a8a in g_main_context_dispatch (context=0x55555641c400) at gmain.c:3122

(without this patch, this can be reproduced with the ivshmem qtest)

Implement an empty mmio write to avoid the crash.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
4 years agocontrib: remove unnecessary strdup()
Marc-André Lureau [Wed, 24 Jun 2015 11:33:32 +0000 (13:33 +0200)] 
contrib: remove unnecessary strdup()

getopt() optarg points to argv memory, no need to dup those values,
fixes small leaks detected by clang-analyzer.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
4 years agoivshmem: add check on protocol version in QEMU
David Marchand [Tue, 16 Jun 2015 15:43:34 +0000 (17:43 +0200)] 
ivshmem: add check on protocol version in QEMU

Send a protocol version as the first message from server, clients must
close communication if they don't support this protocol version.  Older
QEMUs should be fine with this change in the protocol since they
overrides their own vm_id on reception of an id associated to no
eventfd.

Signed-off-by: David Marchand <david.marchand@6wind.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
[use fifo_update_and_get()]
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agodocs: update ivshmem device spec
David Marchand [Mon, 8 Sep 2014 09:17:49 +0000 (11:17 +0200)] 
docs: update ivshmem device spec

Add some notes on the parts needed to use ivshmem devices: more specifically,
explain the purpose of an ivshmem server and the basic concept to use the
ivshmem devices in guests.
Move some parts of the documentation and re-organise it.

Signed-off-by: David Marchand <david.marchand@6wind.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
4 years agoivshmem-server: fix hugetlbfs support
Marc-André Lureau [Mon, 29 Jun 2015 17:53:15 +0000 (19:53 +0200)] 
ivshmem-server: fix hugetlbfs support

As pointed out on the ML by Andrew Jones, glibc no longer permits
creating POSIX shm on hugetlbfs directly. When given a hugetlbfs path,
create a shareable file there.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
4 years agoivshmem-server: use a uint16 for client ID
Marc-André Lureau [Tue, 23 Jun 2015 15:09:59 +0000 (17:09 +0200)] 
ivshmem-server: use a uint16 for client ID

In practice, the number of VM is limited to MAXUINT16 in ivshmem, so use
the same limit on the server (removes a theorical infinite loop)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem-client: check the number of vectors
Marc-André Lureau [Tue, 23 Jun 2015 14:41:58 +0000 (16:41 +0200)] 
ivshmem-client: check the number of vectors

Check the number of vectors received from the server, to avoid
out of bound array access.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agocontrib: add ivshmem client and server
David Marchand [Mon, 8 Sep 2014 09:17:48 +0000 (11:17 +0200)] 
contrib: add ivshmem client and server

When using ivshmem devices, notifications between guests can be sent as
interrupts using a ivshmem-server (typical use described in documentation).
The client is provided as a debug tool.

Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Signed-off-by: David Marchand <david.marchand@6wind.com>
[fix a valgrind warning, option and server_close() segvs, extra server
headers includes, getopt() return type, out-of-tree build, use qemu
event_notifier instead of eventfd, fix x86/osx warnings - Marc-André]
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
4 years agoutil: const event_notifier_get_fd() argument
Marc-André Lureau [Tue, 13 Oct 2015 10:12:16 +0000 (12:12 +0200)] 
util: const event_notifier_get_fd() argument

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
4 years agoivshmem: reset mask on device reset
Marc-André Lureau [Tue, 23 Jun 2015 12:13:08 +0000 (14:13 +0200)] 
ivshmem: reset mask on device reset

The interrupt mask is a state value, it should be reset, like the
interrupt status.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: error on too many eventfd received
Marc-André Lureau [Tue, 23 Jun 2015 12:07:11 +0000 (14:07 +0200)] 
ivshmem: error on too many eventfd received

The number of eventfd that can be handled per peer is limited by the
number of vectors. Return an error when receiving too many of them.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: replace 'guest' for 'peer' appropriately
Marc-André Lureau [Tue, 23 Jun 2015 11:38:46 +0000 (13:38 +0200)] 
ivshmem: replace 'guest' for 'peer' appropriately

The terms 'guest' and 'peer' are used sometime interchangeably which may
be confusing. Instead, use 'peer' for the remote instances of ivshmem
clients, and 'guest' for the local VM.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: fix pci_ivshmem_exit()
Marc-André Lureau [Tue, 23 Jun 2015 10:57:16 +0000 (12:57 +0200)] 
ivshmem: fix pci_ivshmem_exit()

Free all objects owned by the device, making sure the device is free,
fixing hot-unplug.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: add device description
Marc-André Lureau [Tue, 23 Jun 2015 11:01:40 +0000 (13:01 +0200)] 
ivshmem: add device description

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: check shm isn't already initialized
Marc-André Lureau [Tue, 23 Jun 2015 10:55:41 +0000 (12:55 +0200)] 
ivshmem: check shm isn't already initialized

The server should not change the shm, and this isn't handled by qemu and
we should should verify this in qemu.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: shmfd can be 0
Marc-André Lureau [Tue, 23 Jun 2015 10:53:42 +0000 (12:53 +0200)] 
ivshmem: shmfd can be 0

0 is a valid fd value, so change conditions and set -1 value early

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: migrate with VMStateDescription
Marc-André Lureau [Thu, 18 Jun 2015 12:05:46 +0000 (14:05 +0200)] 
ivshmem: migrate with VMStateDescription

load_state_old() is used to keep compatibility with version 0.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: use common is_power_of_2()
Marc-André Lureau [Thu, 18 Jun 2015 14:10:33 +0000 (16:10 +0200)] 
ivshmem: use common is_power_of_2()

The common version correctly checks for 0 value case.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: use common return
Marc-André Lureau [Fri, 19 Jun 2015 10:21:46 +0000 (12:21 +0200)] 
ivshmem: use common return

Both if branches return, move this out to common end.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: simplify a bit the code
Marc-André Lureau [Fri, 19 Jun 2015 10:19:55 +0000 (12:19 +0200)] 
ivshmem: simplify a bit the code

Use some more explicit variables to simplify the code.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: print error on invalid peer id
Marc-André Lureau [Tue, 23 Jun 2015 11:34:09 +0000 (13:34 +0200)] 
ivshmem: print error on invalid peer id

The server shouldn't send invalid peer id, so print an error if it's the
case.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: improve error handling
Marc-André Lureau [Thu, 18 Jun 2015 12:39:49 +0000 (14:39 +0200)] 
ivshmem: improve error handling

The test whether the chardev is an AF_UNIX socket rejects
"-chardev socket,id=chr0,path=/tmp/foo,server,nowait -device
ivshmem,chardev=chr0", but fails to explain why.

Use an explicit error on why a chardev may be rejected.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: improve debug messages
Marc-André Lureau [Thu, 18 Jun 2015 13:04:13 +0000 (15:04 +0200)] 
ivshmem: improve debug messages

Some misc improvements to ivshmem debug.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: remove max_peer field
Marc-André Lureau [Fri, 19 Jun 2015 10:17:26 +0000 (12:17 +0200)] 
ivshmem: remove max_peer field

max_peer isn't really useful, it tracks the maximum received VM id, but
that quickly matches nb_peers, the size of the peers array. Since VM
come and go, there might be sparse peers so it doesn't help much in
general to have this value around.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: initialize max_peer to -1
Marc-André Lureau [Thu, 25 Jun 2015 11:49:09 +0000 (13:49 +0200)] 
ivshmem: initialize max_peer to -1

There is no peer when device is initialized, do not let doorbell for
inexisting peer 0.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: remove useless ivshmem_update_irq() val argument
Marc-André Lureau [Thu, 18 Jun 2015 13:00:52 +0000 (15:00 +0200)] 
ivshmem: remove useless ivshmem_update_irq() val argument

val isn't used in ivshmem_update_irq() function.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: allocate eventfds in resize_peers()
Marc-André Lureau [Tue, 15 Sep 2015 15:23:07 +0000 (17:23 +0200)] 
ivshmem: allocate eventfds in resize_peers()

It simplifies a bit the code to allocate the array when setting the
number of peers instead of lazily when receiving the first vector.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: simplify around increase_dynamic_storage()
Marc-André Lureau [Tue, 15 Sep 2015 15:21:37 +0000 (17:21 +0200)] 
ivshmem: simplify around increase_dynamic_storage()

Set the number of peers and array allocation in a single place. Rename
to better reflect the function content.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: limit maximum number of peers to G_MAXUINT16
Marc-André Lureau [Tue, 15 Sep 2015 14:55:10 +0000 (16:55 +0200)] 
ivshmem: limit maximum number of peers to G_MAXUINT16

Limit the maximum number of peers to MAXUINT16. This is more realistic
and better matches the limit of the doorbell register.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: remove last exit(1)
Marc-André Lureau [Mon, 22 Jun 2015 10:55:16 +0000 (12:55 +0200)] 
ivshmem: remove last exit(1)

Failing to create a chardev shouldn't be fatal.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: more qdev conversion
Marc-André Lureau [Thu, 18 Jun 2015 12:59:28 +0000 (14:59 +0200)] 
ivshmem: more qdev conversion

Use the latest qemu device modeling API, in particular, convert to
realize to fix the error handling; right now a botched device_add
ivhsmem command kills the VM.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: remove useless doorbell field
Marc-André Lureau [Thu, 18 Jun 2015 14:17:48 +0000 (16:17 +0200)] 
ivshmem: remove useless doorbell field

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: remove superflous ivshmem_attr field
Marc-André Lureau [Thu, 18 Jun 2015 14:24:33 +0000 (16:24 +0200)] 
ivshmem: remove superflous ivshmem_attr field

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: remove unnecessary dup()
Marc-André Lureau [Mon, 22 Jun 2015 10:38:34 +0000 (12:38 +0200)] 
ivshmem: remove unnecessary dup()

qemu_chr_fe_get_msgfd() transfers ownership, there is no need to dup the
fd.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: factor out the incoming fifo handling
Marc-André Lureau [Tue, 23 Jun 2015 15:56:37 +0000 (17:56 +0200)] 
ivshmem: factor out the incoming fifo handling

Make a new function fifo_update_and_get() that can be reused by other
functions (in next commits).

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivshmem: fix number of bytes to push to fifo
Marc-André Lureau [Tue, 23 Jun 2015 15:53:46 +0000 (17:53 +0200)] 
ivshmem: fix number of bytes to push to fifo

If the fifo has 0 bytes, and the read is of size 1, the call to
fifo8_push_all() will copy off boundary data.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agoivhsmem: read do not accept more than sizeof(long)
Marc-André Lureau [Fri, 19 Jun 2015 11:00:32 +0000 (13:00 +0200)] 
ivhsmem: read do not accept more than sizeof(long)

ivshmem_read() only reads sizeof(long) from the input buffer.  Accepting
more could lead to fifo8 abort() on 32bit systems if fifo is not empty.

A following patch will change the protocol to 64-bit little-endian
instead.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agomsix: add VMSTATE_MSIX_TEST
Marc-André Lureau [Thu, 18 Jun 2015 12:05:13 +0000 (14:05 +0200)] 
msix: add VMSTATE_MSIX_TEST

ivshmem is going to use MSIX state conditionally.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agochar: add qemu_chr_free()
Marc-André Lureau [Mon, 22 Jun 2015 16:20:18 +0000 (18:20 +0200)] 
char: add qemu_chr_free()

If a chardev is allowed to be created outside of QMP, then it must be
also possible to free it. This is useful for ivshmem that creates
chardev anonymously and must be able to free them.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>
4 years agotests: Add ivshmem qtest
Andreas Färber [Sat, 10 Oct 2015 22:18:32 +0000 (00:18 +0200)] 
tests: Add ivshmem qtest

Note that it launches two instances, as sharing memory is the purpose of
ivshmem.

Cc: Cam Macdonell <cam@cs.ualberta.ca>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
[ Remove Nahanni codename, add test to pci set - Marc-André ]
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
4 years agoconfig: enable ivshmem on POSIX
Marc-André Lureau [Mon, 12 Oct 2015 13:25:55 +0000 (15:25 +0200)] 
config: enable ivshmem on POSIX

ivshmem doesn't actually require kvm, so enable it when POSIX is
enabled. (it is required however when ioeventfd is enabled)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
4 years agoMerge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Peter Maydell [Fri, 23 Oct 2015 17:14:42 +0000 (18:14 +0100)] 
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches

# gpg: Signature made Fri 23 Oct 2015 17:59:56 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream: (37 commits)
  tests: Add test case for aio_disable_external
  block: Add "drained begin/end" for internal snapshot
  block: Add "drained begin/end" for transactional blockdev-backup
  block: Add "drained begin/end" for transactional backup
  block: Add "drained begin/end" for transactional external snapshot
  block: Introduce "drained begin/end" API
  aio: introduce aio_{disable,enable}_external
  dataplane: Mark host notifiers' client type as "external"
  nbd: Mark fd handlers client type as "external"
  aio: Add "is_external" flag for event handlers
  throttle: Remove throttle_group_lock/unlock()
  blockdev: Allow more options for BB-less BDS tree
  blockdev: Pull out blockdev option extraction
  blockdev: Do not create BDS for empty drive
  block: Prepare for NULL BDS
  block: Add blk_insert_bs()
  block: Prepare remaining BB functions for NULL BDS
  block: Fail requests to empty BlockBackend
  block: Make some BB functions fall back to BBRS
  block: Add BlockBackendRootState
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 years agotests: Add test case for aio_disable_external
Fam Zheng [Fri, 23 Oct 2015 03:08:14 +0000 (11:08 +0800)] 
tests: Add test case for aio_disable_external

Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
4 years agoblock: Add "drained begin/end" for internal snapshot
Fam Zheng [Fri, 23 Oct 2015 03:08:13 +0000 (11:08 +0800)] 
block: Add "drained begin/end" for internal snapshot

This ensures the atomicity of the transaction by avoiding processing of
external requests such as those from ioeventfd.

state->bs is assigned right after bdrv_drained_begin. Because it was
used as the flag for deletion or not in abort, now we need a separate
flag - InternalSnapshotState.created.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>