We are going to move the rest of hmp snapshots functions there instead
of monitor.c.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
load_vmstate() already use error_report, so be consistent. There is
an identical error message in load_vmstate() that ends in a
period. Remove it.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
We have just arrived as:
migration.c: qemu_migrate()
....
s = migrate_init() <- puts it to NULL
....
{tcp,unix}_start_outgoing_migration ->
socket_outgoing_migration
migration_channel_connect()
sets to_dst_file
if tls is enabled, we do another round through
migrate_channel_tls_connect(), but we only set it up if there is no
error. So we don't need the assignation. I am removing it to remove
in the follwing patches the knowledge about MigrationState in that two
files.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Historically the migration data channel has only needed to be
unidirectional. Thus the 'exec:' protocol was requesting an
I/O channel with O_RDONLY on incoming side, and O_WRONLY on
the outgoing side.
This is fine for classic migration, but if you then try to run
TLS over it, this fails because the TLS handshake requires a
bi-directional channel.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Both the ram bitmap and the unsent bitmap are split by RAMBlock.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
--
Fix compilation when DEBUG_POSTCOPY is enabled (thanks Hailiang)
These were used for the remove stuff.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-15-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
It was not used anymore as now there is only one type of devices.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-14-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Since we removed the previous unused devices, they are not used anymore.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-13-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
It was used only once, and now it was always int16_t.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-12-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
uint8_t has existed since ..... all this century?
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-6-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
So, remove the ifdefs.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-5-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
It was never compiled in.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-4-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Include file has never been on qemu and it has been undefined from the very beginning.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-3-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Notice that the code was supposed to be in the file ymf262.h, that has
never been on qemu source tree.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170425223739.6703-2-quintela@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The exit callback always return 0, convert it to void
Signed-off-by: Zihan Yang <tgnyang@gmail.com>
Message-id: 1493211188-24086-5-git-send-email-tgnyang@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The exit callback of DeviceClass will be removed in the future, so
convert to unrealize in the init functioin
Signed-off-by: Zihan Yang <tgnyang@gmail.com>
Message-id: 1493211188-24086-4-git-send-email-tgnyang@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The OpenRISC architecture has the Power Management Register (PMR)
special purpose register to manage cpu power states. The interesting
modes are:
* Doze Mode (DME) - Stop cpu except timer & pic - wake on interrupt
* Sleep Mode (SME) - Stop cpu and all units - wake on interrupt
* Suspend Model (SUME) - Stop cpu and all units - wake on reset
The linux kernel will set DME when idle.
This patch implements the PMR SPR and halts the qemu cpu when there is a
change to DME or SME. This means that openrisc qemu in no longer peggs
a host cpu at 100%.
In order for this to work we need to kick the CPU when timers are
expired. Update the cpu timer to kick the cpu upon each timer event.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Stafford Horne <shorne@gmail.com>
The features property has stored the exact same thing as the cpucfgr
spr. Remove the feature enum and property as it is not needed.
In order to preserve the behavior or keeping features accross reset this
patch moves cpucfgr into the non reset region of the state struct. Since
the cpucfgr is read only this means we only need to sset cpucfgr once
during class init.
Signed-off-by: Stafford Horne <shorne@gmail.com>
Previously serialization did not persist the tlb, timer, pic and other
key state items. This meant snapshotting and restoring a running os
would crash. After adding these I am able to take snapshots of a
running linux os and restore at a later time.
I am currently not trying to maintain capatibility with older versions
as I do not believe this really worked before or anyone used it.
Signed-off-by: Stafford Horne <shorne@gmail.com>
For openrisc we implement tlb state as a 2d array of tlb entry structs.
This is added to allow easy storing of state of 2d arrays.
Signed-off-by: Stafford Horne <shorne@gmail.com>
Shadow registers are part of the openrisc spec along with sr[cid], as
part of the fast context switching feature. When exceptions occur,
instead of having to save registers to the stack if enabled the CID will
increment and a new set of registers will be available.
This patch only implements shadow registers which can be used as extra
scratch registers via the mfspr and mtspr if required. This is
implemented in a way where it would be easy to add on the fast context
switching, currently cid is hardcoded to 0.
This is need for openrisc linux smp kernels to boot correctly.
Signed-off-by: Stafford Horne <shorne@gmail.com>
In openRISC we are implementing the shadow registers as a 2d array.
Using this target long method rather than direct 32-bit alternatives is
consistent with the rest of our vm state serialization logic.
Signed-off-by: Stafford Horne <shorne@gmail.com>
These are used to identify the processor in SMP system. Their
definition has been defined in verilog cores but it not yet part of the
spec but it will be soon.
The proposal for this is available:
https://openrisc.io/proposals/core-identifier-and-number-of-cores
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Stafford Horne <shorne@gmail.com>
When debugging in gdb you might want to inspect instructions in mapped
pages or in exception vectors like 0x800 etc. This was previously not
possible in qemu since the *get_phys_page_debug() routine only looked
into the data tlb.
Change to fall back to look into instruction tlb and plain physical
pages.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Stafford Horne <shorne@gmail.com>
When the "No host device provided" error occurs, the hint message
that starts with "Use -vfio-pci," makes no sense, since "-vfio-pci"
is not a valid command line parameter.
Correct this by replacing "-vfio-pci" with "-device vfio-pci".
Signed-off-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
This patch enables 8-byte writes and reads to VFIO. Such implemention
is already done but it's missing the 'case' to handle such accesses in
both vfio_region_write and vfio_region_read and the MemoryRegionOps:
impl.max_access_size and impl.min_access_size.
After this patch, 8-byte writes such as:
qemu_mutex_lock locked mutex 0x10905ad8
vfio_region_write (0001:03:00.0:region1+0xc0, 0x4140c, 4)
vfio_region_write (0001:03:00.0:region1+0xc4, 0xa0000, 4)
qemu_mutex_unlock unlocked mutex 0x10905ad8
goes like this:
qemu_mutex_lock locked mutex 0x10905ad8
vfio_region_write (0001:03:00.0:region1+0xc0, 0xbfd0008, 8)
qemu_mutex_unlock unlocked mutex 0x10905ad8
Signed-off-by: Jose Ricardo Ziviani <joserz@linux.vnet.ibm.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Sets valid.max_access_size and valid.min_access_size to ensure safe
8-byte accesses to vfio. Today, 8-byte accesses are broken into pairs
of 4-byte calls that goes unprotected:
qemu_mutex_lock locked mutex 0x10905ad8
vfio_region_write (0001:03:00.0:region1+0xc0, 0x2020c, 4)
qemu_mutex_unlock unlocked mutex 0x10905ad8
qemu_mutex_lock locked mutex 0x10905ad8
vfio_region_write (0001:03:00.0:region1+0xc4, 0xa0000, 4)
qemu_mutex_unlock unlocked mutex 0x10905ad8
which occasionally leads to:
qemu_mutex_lock locked mutex 0x10905ad8
vfio_region_write (0001:03:00.0:region1+0xc0, 0x2030c, 4)
qemu_mutex_unlock unlocked mutex 0x10905ad8
qemu_mutex_lock locked mutex 0x10905ad8
vfio_region_write (0001:03:00.0:region1+0xc0, 0x1000c, 4)
qemu_mutex_unlock unlocked mutex 0x10905ad8
qemu_mutex_lock locked mutex 0x10905ad8
vfio_region_write (0001:03:00.0:region1+0xc4, 0xb0000, 4)
qemu_mutex_unlock unlocked mutex 0x10905ad8
qemu_mutex_lock locked mutex 0x10905ad8
vfio_region_write (0001:03:00.0:region1+0xc4, 0xa0000, 4)
qemu_mutex_unlock unlocked mutex 0x10905ad8
causing strange errors in guest OS. With this patch, such accesses
are protected by the same lock guard:
qemu_mutex_lock locked mutex 0x10905ad8
vfio_region_write (0001:03:00.0:region1+0xc0, 0x2000c, 4)
vfio_region_write (0001:03:00.0:region1+0xc4, 0xb0000, 4)
qemu_mutex_unlock unlocked mutex 0x10905ad8
This happens because the 8-byte write should be broken into 4-byte
writes by memory.c:access_with_adjusted_size() in order to be under
the same lock. Today, it's done in exec.c:address_space_write_continue()
which was able to handle only 4 bytes due to a zero'ed
valid.max_access_size (see exec.c:memory_access_size()).
Signed-off-by: Jose Ricardo Ziviani <joserz@linux.vnet.ibm.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
When driving QEMU from the outside, we have basically no chance to
determine how quickly the guest OS picks up key events, so we usually
have to limit ourselves to very slow keyboard presses to make sure
the guest always has enough chance to pick them up.
This patch adds a trace events when the keyboarde queue is drained.
An external driver can use that as hint that new keys can be pressed.
Signed-off-by: Alexander Graf <agraf@suse.de>
Message-id: 1490883775-94658-1-git-send-email-agraf@suse.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
qemu_input_event_send() discards key event when the guest is paused,
but not the delay.
The delay ends up in the input queue, and qemu_input_event_send_key()
will further fill the queue with upcoming events.
VNC uses qemu_input_event_send_key_delay(), not SPICE, which results
in a different input behaviour on pause: VNC will queue the events
(except the first that is discarded), SPICE will discard all events.
Don't queue delay if paused, and provide same behaviour on SPICE and
VNC clients on resume (and potentially avoid over-allocating the
buffer queue)
Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=1444326
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20170425130520.31819-1-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Apply a limit to the number of items we accept into the keyboard queue.
Impact: Without this limit vnc clients can exhaust host memory by
sending keyboard events faster than qemu feeds them to the guest.
Fixes: CVE-2017-8379
Cc: P J P <ppandit@redhat.com>
Cc: Huawei PSIRT <PSIRT@huawei.com>
Reported-by: jiangxin1@huawei.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20170428084237.23960-1-kraxel@redhat.com