aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-05-25Correct CPACR reset value for v7 corestz-migrationPeter Maydell
In commit f0aff255700 we made cpacr_write() enforce that some CPACR bits are RAZ/WI and some are RAO/WI for ARMv7 cores. Unfortunately we forgot to also update the register's reset value. The effect was that (a) a guest that read CPACR on reset would not see ones in the RAO bits, and (b) if you did a migration before the guest did a write to the CPACR then the migration would fail because the destination would enforce the RAO bits and then complain that they didn't match the zero value from the source. Implement reset for the CPACR using a custom reset function that just calls cpacr_write(), to avoid having to duplicate the logic for which bits are RAO. This bug would affect migration for TCG CPUs which are ARMv7 with VFP but without one of Neon or VFPv3. Reported-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- This is sufficient that a save-and-reload while the romulus-bmc machine is in the bootloader will work. On the other hand if I do a save-and-reload after the kernel has started booting then we get the classic "guest hang after reload", so some state is still not being transferred somewhere (probably in a device in the machine model?)
2018-05-25target/arm: Propagate S/NS cpreg flag to/from KVM register IDPeter Maydell
In QEMU we have two encoding forms for Arm coprocessor and system registers: a 32 bit internal form which is the key into the coprocessor register hashtable, and a 64 bit form which matches the kernel's encoding for KVM_SET_ONE_REG/KVM_GET_ONE_REG ioctls. The on-the-wire migration data uses the 64 bit form. The functions cpreg_to_kvm_id() and kvm_to_cpreg_id() perform the (mostly trivial) conversion between them. Unfortunately the 64 bit form doesn't currently have any way to encode whether the register is the secure or non-secure banked version of an AArch32 register, because for KVM the guest is always running non-secure and there are no secure registers. Our conversion functions were handling this with "ignore S/NS bit when converting cpreg->kvm ID; always mark as NS when converting kvm ID->cpreg". This works for KVM, but breaks migration of guests that use TrustZone in an emulated CPU, because we end up migrating the state of the NonSecure register when we intended to migrate the Secure register. To fix this, we define an S/NS indication in the KVM ID format. This is defined in the upstream kernel headers using the KVM_REG_ARM_SECURE_MASK/SHIFT constants. Rather than converting from our existing internal form's definitions for AA64/AA32 and S/NS (which use bit 28 == 1 for AArch32, and bit 29 == 1 for NonSecure), we update the internal form to follow the KVM format (with bit 28 == 1 for Secure), and move the AA64/AA32 bit to bit 29. TODO: other problems: * TTBR0_EL3(S) AArch32 should be ALIAS, because there's a TTBR0_EL3 record in el3_cp_reginfo * TTBR1_EL3(S) AArch32 needs to not be ALIAS (even if V8) because there is no AArch64 TTBR1_EL3 to hold the state Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-25target/arm/kvm-consts.h: Define CP_REG_ARM_SECURE_MASK/SHIFTPeter Maydell
Define CP_REG_ARM_SECURE_MASK and CP_REG_ARM_SECURE_SHIFT, which track the Linux kernel header KVM_REG_ARM_COPROC_MASK/SHIFT constants. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-25target/i386/kvm.c: Remove compatibility shim for KVM_HINTS_REALTIMEPeter Maydell
Now we've updated our copy of the kernel headers we can remove the compatibility shim that handled KVM_HINTS_REALTIME not being defined. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-25Update Linux headers to 4.17-rc6Peter Maydell
Update our copy of the Linux headers to upstream 4.17-rc6 (kernel commit 771c577c23bac90597c68). Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-25target/i386/kvm.c: Handle renaming of KVM_HINTS_DEDICATEDPeter Maydell
In kernel header commit 633711e8287, the define KVM_HINTS_DEDICATED was renamed to KVM_HINTS_REALTIME. Work around this compatibility break by (a) using the new constant name, and (b) defining it if the headers don't. Part (b) can be removed once we've updated our copy of the kernel headers to a version that defines KVM_HINTS_REALTIME. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-25scripts/update-linux-headers: Handle kernel license no longer being one filePeter Maydell
The kernel has changed its license documentation, so instead of COPYING being a stand-alone file that defines the license, it refers to various other files under LICENSES/. This means we need to copy not just COPYING but also these other files to our copy of the kernel headers. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- We could copy the whole of LICENSES/ but that seems like overkill.
2018-05-25scripts/update-linux-headers: Handle __aligned_u64Peter Maydell
We'll currently replace any 'u64' with a 'uint64_t' including when it's embedded in an '__aligned_u64', creating a '__aligned_uint64_t' which doesn't exist. We need to instead expand out the kernel's definition of __aligned_u64: #define __aligned_u64 __u64 __attribute__((aligned(8))) before we convert the __u64 to uint64_t. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-25virtio-gpu-3d: Define VIRTIO_GPU_CAPSET_VIRGL2 elsewhereAlex Williamson
Commit 5643cc94ac1c ("virtio-gpu-3d: add support for second capability set (v4)") updated virtio_gpu.h with a define that does not yet(?) exist upstream resulting in build breakage every time Linux headers are updated via the standard update script. Conditionally define this within QEMU code instead to avoid future breakage. Cc: Dave Airlie <airlied@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Fixes: 5643cc94ac1c ("virtio-gpu-3d: add support for second capability set (v4)") Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-25Merge remote-tracking branch ↵Peter Maydell
'remotes/vivier2/tags/linux-user-for-2.13-pull-request' into staging This pull request includes: - fixes for some comments - netlink update and fix - rework/cleanup fo socket.h, including fixes for SPARC part. # gpg: Signature made Fri 25 May 2018 09:16:21 BST # gpg: using RSA key F30C38BD3F2FBE3C # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" # gpg: aka "Laurent Vivier <laurent@vivier.eu>" # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C * remotes/vivier2/tags/linux-user-for-2.13-pull-request: gdbstub: Clarify what gdb_handlesig() is doing linux-user: define TARGET_SO_REUSEPORT linux-user: copy sparc/sockbits.h definitions from linux linux-user: update ARCH_HAS_SOCKET_TYPES use linux-user: move ppc socket.h definitions to ppc/sockbits.h linux-user: move socket.h generic definitions to generic/sockbits.h linux-user: move sparc/sparc64 socket.h definitions to sparc/sockbits.h linux-user: move alpha socket.h definitions to alpha/sockbits.h linux-user: move mips socket.h definitions to mips/sockbits.h linux-user: Fix payload size logic in host_to_target_cmsg() linux-user: update comments to point to tcg_exec_init() linux-user: update netlink emulation linux-user: Assert on bad type in thunk_type_align() and thunk_type_size() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-25gdbstub: Clarify what gdb_handlesig() is doingPeter Maydell
gdb_handlesig()'s behaviour is not entirely obvious at first glance. Add a doc comment for it, and also add a comment explaining why it's ok for gdb_do_syscallv() to ignore gdb_handlesig()'s return value. (Coverity complains about this: CID 1390850.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20180515181958.25837-1-peter.maydell@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-05-25linux-user: define TARGET_SO_REUSEPORTLaurent Vivier
Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20180519092956.15134-9-laurent@vivier.eu>
2018-05-25linux-user: copy sparc/sockbits.h definitions from linuxLaurent Vivier
Values defined for sparc are not correct. Copy the content of "arch/sparc/include/uapi/asm/socket.h" to fix them. Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20180519092956.15134-8-laurent@vivier.eu>
2018-05-25linux-user: update ARCH_HAS_SOCKET_TYPES useLaurent Vivier
to be like in the kernel and rename it TARGET_ARCH_HAS_SOCKET_TYPES Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20180519092956.15134-7-laurent@vivier.eu>
2018-05-25linux-user: move ppc socket.h definitions to ppc/sockbits.hLaurent Vivier
Change conditional #ifdef part by #undef of the symbols redefined for PPC relative to generic/socket.h Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20180519092956.15134-6-laurent@vivier.eu>
2018-05-25linux-user: move socket.h generic definitions to generic/sockbits.hLaurent Vivier
and include the file from architectures without specific definitions Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20180519092956.15134-5-laurent@vivier.eu>
2018-05-25linux-user: move sparc/sparc64 socket.h definitions to sparc/sockbits.hLaurent Vivier
No code change. Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20180519092956.15134-4-laurent@vivier.eu>
2018-05-25linux-user: move alpha socket.h definitions to alpha/sockbits.hLaurent Vivier
No code change. Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20180519092956.15134-3-laurent@vivier.eu>
2018-05-25linux-user: move mips socket.h definitions to mips/sockbits.hLaurent Vivier
No code change. Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20180519092956.15134-2-laurent@vivier.eu>
2018-05-25linux-user: Fix payload size logic in host_to_target_cmsg()Peter Maydell
Coverity points out that there's a missing break in the switch in host_to_target_cmsg() where we update tgt_len for cmsg_level/cmsg_type combinations which require a different length for host and target (CID 1385425). To avoid duplicating the default case (target length same as host) in both switches, set that before the switch so that only the cases which want to override it need any code. This fixes a bug where we would have used the wrong length for SOL_SOCKET/SO_TIMESTAMP messages where the target and host have differently sized 'struct timeval' (ie one is 32 bit and the other is 64 bit). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20180518184715.29833-1-peter.maydell@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-05-25linux-user: update comments to point to tcg_exec_init()Igor Mammedov
cpu_init() was replaced by cpu_create() since 2.12 but comments weren't updated. So update stale comments to point that page sizes arei actually initialized by tcg_exec_init(). Also move another qemu_host_page_size related comment before tcg_exec_init() where it belongs. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <1526557877-293151-1-git-send-email-imammedo@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-05-25linux-user: update netlink emulationLaurent Vivier
Update enums with entries from linux 4.17 Translate entries that generate logs with iproute2 4.9.0 and host kernel 4.15: # ip address show Unknown host QEMU_IFLA type: 43 Unknown host QEMU_IFLA type: 43 Unknown host QEMU_IFLA type: 43 Unknown QEMU_IFLA_BR type 41 Unknown QEMU_IFLA_BR type 42 Unknown QEMU_IFLA_BR type 43 Unknown QEMU_IFLA_BR type 44 Unknown host QEMU_IFLA type: 43 Unknown QEMU_IFLA_BR type 41 Unknown QEMU_IFLA_BR type 42 Unknown QEMU_IFLA_BR type 43 Unknown QEMU_IFLA_BR type 44 Unknown host QEMU_IFLA type: 43 Signed-off-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20180516221213.11111-1-laurent@vivier.eu>
2018-05-24linux-user: Assert on bad type in thunk_type_align() and thunk_type_size()Peter Maydell
In thunk_type_align() and thunk_type_size() we currently return -1 if the value at the type_ptr isn't one of the TYPE_* values we understand. However, this should never happen, and if it does then the calling code will go confusingly wrong because none of the callsites try to handle an error return. Switch to an assertion instead, so that if this does somehow happen we'll have a nice clear backtrace of what happened rather than a weird crash or misbehaviour. This also silences various Coverity complaints about not handling the negative return value (CID 1005735, 1005736, 1005738, 1390582). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20180514174616.19601-1-peter.maydell@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2018-05-24Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180524-pull-request' ↵Peter Maydell
into staging vga: catch depth 0 hw/display: add new bochs-display device some cleanups. # gpg: Signature made Thu 24 May 2018 16:45:46 BST # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/vga-20180524-pull-request: MAINTAINERS: add vga entries bochs-display: add pcie support bochs-display: add dirty tracking support hw/display: add new bochs-display device vga-pci: use PCI_VGA_MMIO_SIZE vga: move bochs vbe defines to header file vga: catch depth 0 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-24Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
pc, pci, virtio, vhost: fixes, features Beginning of merging vDPA, new PCI ID, a new virtio balloon stat, intel iommu rework fixing a couple of security problems (no CVEs yet), fixes all over the place. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Wed 23 May 2018 15:41:32 BST # gpg: using RSA key 281F0DB8D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: (28 commits) intel-iommu: rework the page walk logic util: implement simple iova tree intel-iommu: trace domain id during page walk intel-iommu: pass in address space when page walk intel-iommu: introduce vtd_page_walk_info intel-iommu: only do page walk for MAP notifiers intel-iommu: add iommu lock intel-iommu: remove IntelIOMMUNotifierNode intel-iommu: send PSI always even if across PDEs nvdimm: fix typo in label-size definition contrib/vhost-user-blk: enable protocol feature for vhost-user-blk hw/virtio: Fix brace Werror with clang 6.0.0 libvhost-user: Send messages with no data vhost-user+postcopy: Use qemu_set_nonblock virtio: support setting memory region based host notifier vhost-user: support receiving file descriptors in slave_read vhost-user: add Net prefix to internal state structure linux-headers: add kvm header for mips linux-headers: add unistd.h on all arches update-linux-headers.sh: unistd.h, kvm consistency ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-24Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell
Block layer patches: - Generic background jobs - qemu-iotests fixes for NFS and the 'migration' group - sheepdog: Minor code simplification # gpg: Signature made Wed 23 May 2018 13:33:49 BST # gpg: using RSA key 7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: (46 commits) qemu-iotests: Test job-* with block jobs iotests: Move qmp_to_opts() to VM blockjob: Remove BlockJob.driver job: Add query-jobs QMP command job: Add lifecycle QMP commands job: Add JOB_STATUS_CHANGE QMP event job: Introduce qapi/job.json job: Move progress fields to Job job: Add job_transition_to_ready() job: Add job_is_ready() job: Add job_dismiss() job: Add job_yield() block: Cancel job in bdrv_close_all() callers job: Move completion and cancellation to Job job: Move transactions to Job job: Switch transactions to JobTxn job: Move job_finish_sync() to Job job: Move .complete callback to Job job: Add job_drain() job: Convert block_job_cancel_async() to Job ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-24Merge remote-tracking branch ↵Peter Maydell
'remotes/sstabellini-http/tags/xen-20180522-tag' into staging Xen 2018/05/22 # gpg: Signature made Tue 22 May 2018 19:44:06 BST # gpg: using RSA key 894F8F4870E1AE90 # gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>" # gpg: aka "Stefano Stabellini <sstabellini@kernel.org>" # Primary key fingerprint: D04E 33AB A51F 67BA 07D3 0AEA 894F 8F48 70E1 AE90 * remotes/sstabellini-http/tags/xen-20180522-tag: xen_disk: be consistent with use of xendev and blkdev->xendev xen_disk: use a single entry iovec xen_backend: make the xen_feature_grant_copy flag private xen_disk: remove use of grant map/unmap xen_backend: add an emulation of grant copy xen: remove other open-coded use of libxengnttab xen_disk: remove open-coded use of libxengnttab xen_backend: add grant table helpers xen: add a meaningful declaration of grant_copy_segment into xen_common.h checkpatch: generalize xen handle matching in the list of types xen-hvm: create separate function for ioreq server initialization xen_pt: Present the size of 64 bit BARs correctly configure: Add explanation for --enable-xen-pci-passthrough xen/pt: use address_space_memory object for memory region hooks xen-pvdevice: Introduce a simplistic xen-pvdevice save state Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-24Merge remote-tracking branch 'remotes/mwalle/tags/lm32-queue/20180521' into ↵Peter Maydell
staging target/lm32: BQL patch # gpg: Signature made Tue 22 May 2018 19:25:30 BST # gpg: using RSA key B458ABB0D8D378E3 # gpg: Good signature from "Michael Walle <michael@walle.cc>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 2190 3E48 4537 A7C2 90CE 3EB2 B458 ABB0 D8D3 78E3 * remotes/mwalle/tags/lm32-queue/20180521: lm32: take BQL before writing IP/IM register Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-05-24MAINTAINERS: add vga entriesGerd Hoffmann
Add entries for standard vga, virtio-gpu and cirrus. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180522165058.15404-7-kraxel@redhat.com
2018-05-24bochs-display: add pcie supportGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20180522165058.15404-6-kraxel@redhat.com
2018-05-24bochs-display: add dirty tracking supportGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20180522165058.15404-5-kraxel@redhat.com
2018-05-24hw/display: add new bochs-display deviceGerd Hoffmann
After writing up the virtual mdev device emulating a display supporting the bochs vbe dispi interface (mbochs.ko) and seeing how simple it actually is I've figured that would be useful for qemu too. So, here it is, -device bochs-display. It is basically -device VGA without legacy vga emulation. PCI bar 0 is the framebuffer, PCI bar 2 is mmio with the registers. The vga registers are simply not there though, neither in the legacy ioport location nor in the mmio bar. Consequently it is PCI class DISPLAY_OTHER not DISPLAY_VGA. So there is no text mode emulation, no weird video modes (planar, 256color palette), no memory window at 0xa0000. Just a linear framebuffer in the pci memory bar. And the amount of code to emulate this (and therefore the attack surface) is an order of magnitude smaller when compared to vga emulation. Compatibility wise it works with OVMF (latest git master). The bochs-drm.ko linux kernel module can handle it just fine too. So UEFI guests should not see any functional difference to VGA. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Tested-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20180522165058.15404-4-kraxel@redhat.com
2018-05-24vga-pci: use PCI_VGA_MMIO_SIZEGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180522165058.15404-3-kraxel@redhat.com
2018-05-24vga: move bochs vbe defines to header fileGerd Hoffmann
Create a new header file, move the bochs vbe dispi interface defines to it, so they can be used outside vga code. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20180522165058.15404-2-kraxel@redhat.com
2018-05-24vga: catch depth 0Gerd Hoffmann
depth == 0 is used to indicate 256 color modes. Our region calculation goes wrong in that case. So detect that and just take the safe code path we already have for the wraparound case. While being at it also catch depth == 15 (where our region size calculation goes wrong too). And make the comment more verbose, explaining what is going on here. Without this windows guest install might trigger an assert due to trying to check dirty bitmap outside the snapshot region. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1575541 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20180514103117.21059-1-kraxel@redhat.com
2018-05-23intel-iommu: rework the page walk logicPeter Xu
This patch fixes a potential small window that the DMA page table might be incomplete or invalid when the guest sends domain/context invalidations to a device. This can cause random DMA errors for assigned devices. This is a major change to the VT-d shadow page walking logic. It includes but is not limited to: - For each VTDAddressSpace, now we maintain what IOVA ranges we have mapped and what we have not. With that information, now we only send MAP or UNMAP when necessary. Say, we don't send MAP notifies if we know we have already mapped the range, meanwhile we don't send UNMAP notifies if we know we never mapped the range at all. - Introduce vtd_sync_shadow_page_table[_range] APIs so that we can call in any places to resync the shadow page table for a device. - When we receive domain/context invalidation, we should not really run the replay logic, instead we use the new sync shadow page table API to resync the whole shadow page table without unmapping the whole region. After this change, we'll only do the page walk once for each domain invalidations (before this, it can be multiple, depending on number of notifiers per address space). While at it, the page walking logic is also refactored to be simpler. CC: QEMU Stable <qemu-stable@nongnu.org> Reported-by: Jintack Lim <jintack@cs.columbia.edu> Tested-by: Jintack Lim <jintack@cs.columbia.edu> Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-05-23util: implement simple iova treePeter Xu
Introduce a simplest iova tree implementation based on GTree. CC: QEMU Stable <qemu-stable@nongnu.org> Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-05-23intel-iommu: trace domain id during page walkPeter Xu
This patch only modifies the trace points. Previously we were tracing page walk levels. They are redundant since we have page mask (size) already. Now we trace something much more useful which is the domain ID of the page walking. That can be very useful when we trace more than one devices on the same system, so that we can know which map is for which domain. CC: QEMU Stable <qemu-stable@nongnu.org> Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-05-23intel-iommu: pass in address space when page walkPeter Xu
We pass in the VTDAddressSpace too. It'll be used in the follow up patches. CC: QEMU Stable <qemu-stable@nongnu.org> Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-05-23intel-iommu: introduce vtd_page_walk_infoPeter Xu
During the recursive page walking of IOVA page tables, some stack variables are constant variables and never changed during the whole page walking procedure. Isolate them into a struct so that we don't need to pass those contants down the stack every time and multiple times. CC: QEMU Stable <qemu-stable@nongnu.org> Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-05-23intel-iommu: only do page walk for MAP notifiersPeter Xu
For UNMAP-only IOMMU notifiers, we don't need to walk the page tables. Fasten that procedure by skipping the page table walk. That should boost performance for UNMAP-only notifiers like vhost. CC: QEMU Stable <qemu-stable@nongnu.org> Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-05-23intel-iommu: add iommu lockPeter Xu
SECURITY IMPLICATION: this patch fixes a potential race when multiple threads access the IOMMU IOTLB cache. Add a per-iommu big lock to protect IOMMU status. Currently the only thing to be protected is the IOTLB/context cache, since that can be accessed even without BQL, e.g., in IO dataplane. Note that we don't need to protect device page tables since that's fully controlled by the guest kernel. However there is still possibility that malicious drivers will program the device to not obey the rule. In that case QEMU can't really do anything useful, instead the guest itself will be responsible for all uncertainties. CC: QEMU Stable <qemu-stable@nongnu.org> Reported-by: Fam Zheng <famz@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-05-23intel-iommu: remove IntelIOMMUNotifierNodePeter Xu
That is not really necessary. Removing that node struct and put the list entry directly into VTDAddressSpace. It simplfies the code a lot. Since at it, rename the old notifiers_list into vtd_as_with_notifiers. CC: QEMU Stable <qemu-stable@nongnu.org> Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-05-23intel-iommu: send PSI always even if across PDEsPeter Xu
SECURITY IMPLICATION: without this patch, any guest with both assigned device and a vIOMMU might encounter stale IO page mappings even if guest has already unmapped the page, which may lead to guest memory corruption. The stale mappings will only be limited to the guest's own memory range, so it should not affect the host memory or other guests on the host. During IOVA page table walking, there is a special case when the PSI covers one whole PDE (Page Directory Entry, which contains 512 Page Table Entries) or more. In the past, we skip that entry and we don't notify the IOMMU notifiers. This is not correct. We should send UNMAP notification to registered UNMAP notifiers in this case. For UNMAP only notifiers, this might cause IOTLBs cached in the devices even if they were already invalid. For MAP/UNMAP notifiers like vfio-pci, this will cause stale page mappings. This special case doesn't trigger often, but it is very easy to be triggered by nested device assignments, since in that case we'll possibly map the whole L2 guest RAM region into the device's IOVA address space (several GBs at least), which is far bigger than normal kernel driver usages of the device (tens of MBs normally). Without this patch applied to L1 QEMU, nested device assignment to L2 guests will dump some errors like: qemu-system-x86_64: VFIO_MAP_DMA: -17 qemu-system-x86_64: vfio_dma_map(0x557305420c30, 0xad000, 0x1000, 0x7f89a920d000) = -17 (File exists) CC: QEMU Stable <qemu-stable@nongnu.org> Acked-by: Jason Wang <jasowang@redhat.com> [peterx: rewrite the commit message] Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-05-23nvdimm: fix typo in label-size definitionRoss Zwisler
Signed-off-by: Ross Zwisler <ross.zwisler@linux.intel.com> Fixes: commit da6789c27c2e ("nvdimm: add a macro for property "label-size"") Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Cc: Haozhong Zhang <haozhong.zhang@intel.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-05-23contrib/vhost-user-blk: enable protocol feature for vhost-user-blkChangpeng Liu
This patch reports the protocol feature that is only advertised by QEMU if the device implements the config ops. Signed-off-by: Changpeng Liu <changpeng.liu@intel.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-05-23hw/virtio: Fix brace Werror with clang 6.0.0Richard Henderson
The warning is hw/virtio/vhost-user.c:1319:26: error: suggest braces around initialization of subobject [-Werror,-Wmissing-braces] VhostUserMsg msg = { 0 }; ^ {} While the original code is correct, and technically exactly correct as per ISO C89, both GCC and Clang support plain empty set of braces as an extension. Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-05-23libvhost-user: Send messages with no dataDr. David Alan Gilbert
The response to a VHOST_USER_POSTCOPY_ADVISE contains a fd but doesn't actually contain any data. FIx vu_message_write so that it doesn't do a 0-byte write() call, since this was ending up with rc=0 that was confusing the error handling code. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-05-23vhost-user+postcopy: Use qemu_set_nonblockDr. David Alan Gilbert
Use qemu_set_nonblock rather than a simple fcntl; cleaner and I have no reason to change other flags. Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-05-23virtio: support setting memory region based host notifierTiwei Bie
This patch introduces the support for setting memory region based host notifiers for virtio device. This is helpful when using a hardware accelerator for a virtio device, because hardware heavily depends on the notification, this will allow the guest driver in the VM to notify the hardware directly. Signed-off-by: Tiwei Bie <tiwei.bie@intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>