From da87dd7bd70f71ceaf9ff40d7cdb8394a7dc4bf5 Mon Sep 17 00:00:00 2001 From: Mark Cave-Ayland Date: Sat, 2 Nov 2013 16:03:50 +0000 Subject: [PATCH 01/11] sun4m: Add FCode ROM for TCX framebuffer Upstream OpenBIOS now implements SBus probing in order to determine the contents of a physical bus slot, which is required to allow OpenBIOS to identify the framebuffer without help from the fw_cfg interface. SBus probing works by detecting the presence of an FCode program (effectively tokenised Forth) at the base address of each slot, and if present executes it so that it creates its own device node in the OpenBIOS device tree. The FCode ROM is generated as part of the OpenBIOS build and should generally be updated at the same time. Signed-off-by: Mark Cave-Ayland CC: Blue Swirl CC: Bob Breuer CC: Artyom Tarasenko Signed-off-by: Paolo Bonzini --- Makefile | 2 +- hw/display/tcx.c | 26 +++++++++++++++++++++++++- hw/sparc/sun4m.c | 17 ++++++++++------- pc-bios/QEMU,tcx.bin | Bin 0 -> 1242 bytes pc-bios/README | 4 ++-- 5 files changed, 38 insertions(+), 11 deletions(-) create mode 100644 pc-bios/QEMU,tcx.bin diff --git a/Makefile b/Makefile index 3321b98167..bdff4e4684 100644 --- a/Makefile +++ b/Makefile @@ -293,7 +293,7 @@ ifdef INSTALL_BLOBS BLOBS=bios.bin sgabios.bin vgabios.bin vgabios-cirrus.bin \ vgabios-stdvga.bin vgabios-vmware.bin vgabios-qxl.bin \ acpi-dsdt.aml q35-acpi-dsdt.aml \ -ppc_rom.bin openbios-sparc32 openbios-sparc64 openbios-ppc \ +ppc_rom.bin openbios-sparc32 openbios-sparc64 openbios-ppc QEMU,tcx.bin \ pxe-e1000.rom pxe-eepro100.rom pxe-ne2k_pci.rom \ pxe-pcnet.rom pxe-rtl8139.rom pxe-virtio.rom \ efi-e1000.rom efi-eepro100.rom efi-ne2k_pci.rom \ diff --git a/hw/display/tcx.c b/hw/display/tcx.c index 24876d33ef..873b82c8db 100644 --- a/hw/display/tcx.c +++ b/hw/display/tcx.c @@ -25,8 +25,12 @@ #include "qemu-common.h" #include "ui/console.h" #include "ui/pixel_ops.h" +#include "hw/loader.h" #include "hw/sysbus.h" +#define TCX_ROM_FILE "QEMU,tcx.bin" +#define FCODE_MAX_ROM_SIZE 0x10000 + #define MAXX 1024 #define MAXY 768 #define TCX_DAC_NREGS 16 @@ -43,6 +47,8 @@ typedef struct TCXState { QemuConsole *con; uint8_t *vram; uint32_t *vram24, *cplane; + hwaddr prom_addr; + MemoryRegion rom; MemoryRegion vram_mem; MemoryRegion vram_8bit; MemoryRegion vram_24bit; @@ -529,14 +535,31 @@ static int tcx_init1(SysBusDevice *dev) { TCXState *s = TCX(dev); ram_addr_t vram_offset = 0; - int size; + int size, ret; uint8_t *vram_base; + char *fcode_filename; memory_region_init_ram(&s->vram_mem, OBJECT(s), "tcx.vram", s->vram_size * (1 + 4 + 4)); vmstate_register_ram_global(&s->vram_mem); vram_base = memory_region_get_ram_ptr(&s->vram_mem); + /* FCode ROM */ + memory_region_init_ram(&s->rom, NULL, "tcx.prom", FCODE_MAX_ROM_SIZE); + vmstate_register_ram_global(&s->rom); + memory_region_set_readonly(&s->rom, true); + sysbus_init_mmio(dev, &s->rom); + + fcode_filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, TCX_ROM_FILE); + if (fcode_filename) { + ret = load_image_targphys(fcode_filename, s->prom_addr, + FCODE_MAX_ROM_SIZE); + if (ret < 0 || ret > FCODE_MAX_ROM_SIZE) { + fprintf(stderr, "tcx: could not load prom '%s'\n", TCX_ROM_FILE); + return -1; + } + } + /* 8-bit plane */ s->vram = vram_base; size = s->vram_size; @@ -598,6 +621,7 @@ static Property tcx_properties[] = { DEFINE_PROP_UINT16("width", TCXState, width, -1), DEFINE_PROP_UINT16("height", TCXState, height, -1), DEFINE_PROP_UINT16("depth", TCXState, depth, -1), + DEFINE_PROP_HEX64("prom_addr", TCXState, prom_addr, -1), DEFINE_PROP_END_OF_LIST(), }; diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c index a0d366cbbc..94f79508d8 100644 --- a/hw/sparc/sun4m.c +++ b/hw/sparc/sun4m.c @@ -537,24 +537,27 @@ static void tcx_init(hwaddr addr, int vram_size, int width, qdev_prop_set_uint16(dev, "width", width); qdev_prop_set_uint16(dev, "height", height); qdev_prop_set_uint16(dev, "depth", depth); + qdev_prop_set_uint64(dev, "prom_addr", addr); qdev_init_nofail(dev); s = SYS_BUS_DEVICE(dev); + /* FCode ROM */ + sysbus_mmio_map(s, 0, addr); /* 8-bit plane */ - sysbus_mmio_map(s, 0, addr + 0x00800000ULL); + sysbus_mmio_map(s, 1, addr + 0x00800000ULL); /* DAC */ - sysbus_mmio_map(s, 1, addr + 0x00200000ULL); + sysbus_mmio_map(s, 2, addr + 0x00200000ULL); /* TEC (dummy) */ - sysbus_mmio_map(s, 2, addr + 0x00700000ULL); + sysbus_mmio_map(s, 3, addr + 0x00700000ULL); /* THC 24 bit: NetBSD writes here even with 8-bit display: dummy */ - sysbus_mmio_map(s, 3, addr + 0x00301000ULL); + sysbus_mmio_map(s, 4, addr + 0x00301000ULL); if (depth == 24) { /* 24-bit plane */ - sysbus_mmio_map(s, 4, addr + 0x02000000ULL); + sysbus_mmio_map(s, 5, addr + 0x02000000ULL); /* Control plane */ - sysbus_mmio_map(s, 5, addr + 0x0a000000ULL); + sysbus_mmio_map(s, 6, addr + 0x0a000000ULL); } else { /* THC 8 bit (dummy) */ - sysbus_mmio_map(s, 4, addr + 0x00300000ULL); + sysbus_mmio_map(s, 5, addr + 0x00300000ULL); } } diff --git a/pc-bios/QEMU,tcx.bin b/pc-bios/QEMU,tcx.bin new file mode 100644 index 0000000000000000000000000000000000000000..a8ddd70ef35355c30d7cffd2e1b57f877572a3ca GIT binary patch literal 1242 zcmZ8hxl-Fu6xFkZeQXTK&j!qn**AgB64rt)Bt;q~lNw`zm4NNY!htH3naNM2fFJOT zMvP0-C0(jantVh4Aoo6xa1s^oY*+VceZQe4G)@2MLG!<*wdh7l>uTIJS~6X!TIGUW zshM@VXjRM)cF`?Cvpk3g+5cZyvh4GctJ2Vej2Eq{TQUo_TT@n;tP8trnS~qIYFqk) zhb|xDvgIM-Bg7c>5oUxB{jz0fba;q04NWkK6PaYvO+-5+l3=3g9(st(aMT+_eL-Xp zS>Pzi&MgtCBH2T+^VJL^bn4@j?(SHjQ2t zEd|kX5Un&ln11eFgno#yNaaORNP4`hK87&@6QdZ1DI_M4RXBxdg)^8_IFChzOIT5u z!H~jk^eF7dpu!m93VUHFOd`c7!;W<>44SysnK-5@CNQb6GjUewc`PVg!m`57#Dvmm z3@GeO>{B`k$=I2g^K&Acmyyeps%e))F}jGnFQY6gS1##059<%KZ1A#4ALEvvdw%>e zkM;3d>ucn+a#3-zc;??@>%~icn>x1s1!}qNqZ=E@Jz|~I4&9}}KNB09WbFFb#!gG( z`1PwdEAHuaNXTf>u2nBiZp5&MJs<0L2Wf2?yV!gb1@TtAqctg`C&i*;)oQ{(7a~XE zGJ7O0vf^`tn(q6E@`Zp-oWd%49H*SWGpTE=LIxx+u6Fj88kfi)y3SM>-x)J=C9 ztj2gsy-=+$&+!Cmg8JiU3z3m K?1|A9_O(BcTLJ$7 literal 0 HcmV?d00001 diff --git a/pc-bios/README b/pc-bios/README index 1501cf14b4..a110125a97 100644 --- a/pc-bios/README +++ b/pc-bios/README @@ -11,8 +11,8 @@ firmware implementation. The goal is to implement a 100% IEEE 1275-1994 (referred to as Open Firmware) compliant firmware. The included images for PowerPC (for 32 and 64 bit PPC CPUs), - Sparc32 and Sparc64 are built from OpenBIOS SVN revision - 1229. + Sparc32 (including QEMU,tcx.bin) and Sparc64 are built from OpenBIOS SVN + revision 1229. - SLOF (Slimline Open Firmware) is a free IEEE 1275 Open Firmware implementation for certain IBM POWER hardware. The sources are at From 45d285abd7028ac72418c1a22f9298bb898fbfb8 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 21 Oct 2013 21:03:06 +0100 Subject: [PATCH 02/11] configure: Explicitly set ARFLAGS so we can build with GNU Make 4.0 Our rules.mak adds '-rR' to MAKEFLAGS to indicate that we will be explicitly specifying everything and not relying on any default variables or rules. However we were accidentally relying on the default ARFLAGS ("rv"). This went unnoticed because of a bug in GNU Make 3.82 and earlier which meant that adding -rR to MAKEFLAGS only affected submakes, not the currently running instance. Explicitly set ARFLAGS in config-host.mak, in the same way we handle CFLAGS and LDFLAGS; this will allow us to work with Make 4.0. Thanks to Paul Smith for analyzing this bug for us. Cc: qemu-stable@nongnu.org Reported-by: Ken Moffat Signed-off-by: Peter Maydell Signed-off-by: Paolo Bonzini --- configure | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configure b/configure index 508f6a574c..ad12688551 100755 --- a/configure +++ b/configure @@ -325,6 +325,9 @@ query_pkg_config() { pkg_config=query_pkg_config sdl_config="${SDL_CONFIG-${cross_prefix}sdl-config}" +# If the user hasn't specified ARFLAGS, default to 'rv', just as make does. +ARFLAGS="${ARFLAGS-rv}" + # default flags for all hosts QEMU_CFLAGS="-fno-strict-aliasing $QEMU_CFLAGS" QEMU_CFLAGS="-Wall -Wundef -Wwrite-strings -Wmissing-prototypes $QEMU_CFLAGS" @@ -3695,6 +3698,7 @@ echo "C compiler $cc" echo "Host C compiler $host_cc" echo "C++ compiler $cxx" echo "Objective-C compiler $objcc" +echo "ARFLAGS $ARFLAGS" echo "CFLAGS $CFLAGS" echo "QEMU_CFLAGS $QEMU_CFLAGS" echo "LDFLAGS $LDFLAGS" @@ -4276,6 +4280,7 @@ echo "HOST_CC=$host_cc" >> $config_host_mak echo "CXX=$cxx" >> $config_host_mak echo "OBJCC=$objcc" >> $config_host_mak echo "AR=$ar" >> $config_host_mak +echo "ARFLAGS=$ARFLAGS" >> $config_host_mak echo "AS=$as" >> $config_host_mak echo "CPP=$cpp" >> $config_host_mak echo "OBJCOPY=$objcopy" >> $config_host_mak From 7839ff593be03a7de3c6760e0b50c565ea751d36 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 4 Nov 2013 14:30:48 +0100 Subject: [PATCH 03/11] pc: get rid of builtin pvpanic for "-M pc-1.5" This causes two slight backwards-incompatibilities between "-M pc-1.5" and 1.5's "-M pc": (1) a fw_cfg file is removed with this patch. This is only a problem if migration stops the virtual machine exactly during fw_cfg enumeration. (2) after migration, a VM created without an explicit "-device pvpanic" will stop reporting panics to management. The first problem only occurs if migration is done at a very, very early point (and I'm not sure it can happen in practice for reasonable-size VMs, since it will likely take more time to send the RAM to destination, than it will take for BIOS to scan fw_cfg). The second problem only occurs if the guest panics _and_ has a guest driver _and_ management knows to look at the crash event, so it is mostly theoretical at this point in time. Thus keep the code simple, and pretend it was never broken. Reviewed-by: Eric Blake Signed-off-by: Paolo Bonzini --- hw/i386/pc_piix.c | 7 ------- hw/i386/pc_q35.c | 7 ------- hw/misc/pvpanic.c | 5 ----- include/hw/i386/pc.h | 1 - 4 files changed, 20 deletions(-) diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index 094c4212e6..2111f0192c 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -57,7 +57,6 @@ static const int ide_iobase[MAX_IDE_BUS] = { 0x1f0, 0x170 }; static const int ide_iobase2[MAX_IDE_BUS] = { 0x3f6, 0x376 }; static const int ide_irq[MAX_IDE_BUS] = { 14, 15 }; -static bool has_pvpanic; static bool has_pci_info; static bool has_acpi_build = true; @@ -229,10 +228,6 @@ static void pc_init1(QEMUMachineInitArgs *args, if (pci_enabled) { pc_pci_device_init(pci_bus); } - - if (has_pvpanic) { - pvpanic_init(isa_bus); - } } static void pc_init_pci(QEMUMachineInitArgs *args) @@ -250,13 +245,11 @@ static void pc_compat_1_6(QEMUMachineInitArgs *args) static void pc_compat_1_5(QEMUMachineInitArgs *args) { pc_compat_1_6(args); - has_pvpanic = true; } static void pc_compat_1_4(QEMUMachineInitArgs *args) { pc_compat_1_5(args); - has_pvpanic = false; x86_cpu_compat_set_features("n270", FEAT_1_ECX, 0, CPUID_EXT_MOVBE); x86_cpu_compat_set_features("Westmere", FEAT_1_ECX, 0, CPUID_EXT_PCLMULQDQ); } diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c index 1af8e2b943..600fc02ebe 100644 --- a/hw/i386/pc_q35.c +++ b/hw/i386/pc_q35.c @@ -47,7 +47,6 @@ /* ICH9 AHCI has 6 ports */ #define MAX_SATA_PORTS 6 -static bool has_pvpanic; static bool has_pci_info; static bool has_acpi_build = true; @@ -216,10 +215,6 @@ static void pc_q35_init(QEMUMachineInitArgs *args) if (pci_enabled) { pc_pci_device_init(host_bus); } - - if (has_pvpanic) { - pvpanic_init(isa_bus); - } } static void pc_compat_1_6(QEMUMachineInitArgs *args) @@ -232,13 +227,11 @@ static void pc_compat_1_6(QEMUMachineInitArgs *args) static void pc_compat_1_5(QEMUMachineInitArgs *args) { pc_compat_1_6(args); - has_pvpanic = true; } static void pc_compat_1_4(QEMUMachineInitArgs *args) { pc_compat_1_5(args); - has_pvpanic = false; x86_cpu_compat_set_features("n270", FEAT_1_ECX, 0, CPUID_EXT_MOVBE); x86_cpu_compat_set_features("Westmere", FEAT_1_ECX, 0, CPUID_EXT_PCLMULQDQ); } diff --git a/hw/misc/pvpanic.c b/hw/misc/pvpanic.c index 226e2983d3..5377feed69 100644 --- a/hw/misc/pvpanic.c +++ b/hw/misc/pvpanic.c @@ -112,11 +112,6 @@ static void pvpanic_isa_realizefn(DeviceState *dev, Error **errp) isa_register_ioport(d, &s->io, s->ioport); } -void pvpanic_init(ISABus *bus) -{ - isa_create_simple(bus, TYPE_ISA_PVPANIC_DEVICE); -} - #define PVPANIC_IOPORT_PROP "ioport" uint16_t pvpanic_port(void) diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index 57e8d16180..09652fb22c 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -235,7 +235,6 @@ void pc_system_firmware_init(MemoryRegion *rom_memory, bool isapc_ram_fw); /* pvpanic.c */ -void pvpanic_init(ISABus *bus); uint16_t pvpanic_port(void); /* e820 types */ From 392a4d5b9a1860aae82429d09321dac302d70396 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 22 Oct 2013 10:58:41 +0100 Subject: [PATCH 04/11] atomic.h: Fix build with clang clang defines __ATOMIC_SEQ_CST but its implementation of the __atomic_exchange() builtin differs from that of gcc. Move the __clang__ branch of the ifdef ladder to the top and fix its implementation (there is no such builtin as __sync_exchange), so we can compile with clang again. Signed-off-by: Peter Maydell Signed-off-by: Paolo Bonzini --- include/qemu/atomic.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/qemu/atomic.h b/include/qemu/atomic.h index 0aa8913301..492bce1c1b 100644 --- a/include/qemu/atomic.h +++ b/include/qemu/atomic.h @@ -168,14 +168,14 @@ #endif #ifndef atomic_xchg -#ifdef __ATOMIC_SEQ_CST +#if defined(__clang__) +#define atomic_xchg(ptr, i) __sync_swap(ptr, i) +#elif defined(__ATOMIC_SEQ_CST) #define atomic_xchg(ptr, i) ({ \ typeof(*ptr) _new = (i), _old; \ __atomic_exchange(ptr, &_new, &_old, __ATOMIC_SEQ_CST); \ _old; \ }) -#elif defined __clang__ -#define atomic_xchg(ptr, i) __sync_exchange(ptr, i) #else /* __sync_lock_test_and_set() is documented to be an acquire barrier only. */ #define atomic_xchg(ptr, i) (smp_mb(), __sync_lock_test_and_set(ptr, i)) From 8d07d6c46597a885eb38d99cc6fff399ce69cd21 Mon Sep 17 00:00:00 2001 From: Alex Williamson Date: Tue, 12 Nov 2013 11:53:24 -0700 Subject: [PATCH 05/11] vfio-pci: Fix multifunction=on When an assigned device is initialized it copies the device config space into the emulated config space. Unfortunately multifunction is setup prior to the device initfn and gets clobbered. We need to restore it just like pci-assign does. Cc: qemu-stable@nongnu.org Signed-off-by: Alex Williamson Signed-off-by: Paolo Bonzini --- hw/misc/vfio.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c index fe95e03d1d..f7f8a19ee8 100644 --- a/hw/misc/vfio.c +++ b/hw/misc/vfio.c @@ -3568,6 +3568,13 @@ static int vfio_initfn(PCIDevice *pdev) vdev->emulated_config_bits[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_MULTI_FUNCTION; + /* Restore or clear multifunction, this is always controlled by QEMU */ + if (vdev->pdev.cap_present & QEMU_PCI_CAP_MULTIFUNCTION) { + vdev->pdev.config[PCI_HEADER_TYPE] |= PCI_HEADER_TYPE_MULTI_FUNCTION; + } else { + vdev->pdev.config[PCI_HEADER_TYPE] &= ~PCI_HEADER_TYPE_MULTI_FUNCTION; + } + /* * Clear host resource mapping info. If we choose not to register a * BAR, such as might be the case with the option ROM, we can get From 2140cfa51d59177815f5b82e94ac48fb24909aba Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Wed, 13 Nov 2013 23:09:07 +0000 Subject: [PATCH 06/11] target-i386: Fix build by providing stub kvm_arch_get_supported_cpuid() Fix build failures with clang when KVM is not enabled by providing a stub version of kvm_arch_get_supported_cpuid(). We retain the compile time check that this function isn't called when CONFIG_KVM is not set by guarding the stub with ifndef __OPTIMIZE__ (we assume that an optimizing build will do sufficient constant folding and dead code elimination to remove the calls before linking). Signed-off-by: Peter Maydell Signed-off-by: Paolo Bonzini --- target-i386/kvm-stub.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/target-i386/kvm-stub.c b/target-i386/kvm-stub.c index 11429c461e..2b9e8011fb 100644 --- a/target-i386/kvm-stub.c +++ b/target-i386/kvm-stub.c @@ -16,3 +16,15 @@ bool kvm_allows_irq0_override(void) { return 1; } + +#ifndef __OPTIMIZE__ +/* This function is only called inside conditionals which we + * rely on the compiler to optimize out when CONFIG_KVM is not + * defined. + */ +uint32_t kvm_arch_get_supported_cpuid(KVMState *env, uint32_t function, + uint32_t index, int reg) +{ + abort(); +} +#endif From 60aad298cb6de52f2716b2e82e1353ea9de95fd6 Mon Sep 17 00:00:00 2001 From: Amos Kong Date: Thu, 21 Nov 2013 16:42:50 +0800 Subject: [PATCH 07/11] rng-egd: remove redundant free We didn't set default chr_name, the free is redundant. Signed-off-by: Amos Kong Signed-off-by: Paolo Bonzini --- backends/rng-egd.c | 1 - 1 file changed, 1 deletion(-) diff --git a/backends/rng-egd.c b/backends/rng-egd.c index 9e5a5366f7..6f56f9e4e4 100644 --- a/backends/rng-egd.c +++ b/backends/rng-egd.c @@ -167,7 +167,6 @@ static void rng_egd_set_chardev(Object *obj, const char *value, Error **errp) if (b->opened) { error_set(errp, QERR_PERMISSION_DENIED); } else { - g_free(s->chr_name); s->chr_name = g_strdup(value); } } From fbdcec5c487685b46e78f1e40a236ebf83f862fa Mon Sep 17 00:00:00 2001 From: Amos Kong Date: Thu, 21 Nov 2013 16:42:51 +0800 Subject: [PATCH 08/11] rng-egd: offset the point when repeatedly read from the buffer The buffer content might be read out more than once, currently we just repeatedly read the first data block, buffer offset is missing. Cc: qemu-stable@nongnu.org Signed-off-by: Amos Kong Signed-off-by: Paolo Bonzini --- backends/rng-egd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/backends/rng-egd.c b/backends/rng-egd.c index 6f56f9e4e4..25bb3b453b 100644 --- a/backends/rng-egd.c +++ b/backends/rng-egd.c @@ -91,12 +91,14 @@ static int rng_egd_chr_can_read(void *opaque) static void rng_egd_chr_read(void *opaque, const uint8_t *buf, int size) { RngEgd *s = RNG_EGD(opaque); + size_t buf_offset = 0; while (size > 0 && s->requests) { RngRequest *req = s->requests->data; int len = MIN(size, req->size - req->offset); - memcpy(req->data + req->offset, buf, len); + memcpy(req->data + req->offset, buf + buf_offset, len); + buf_offset += len; req->offset += len; size -= len; From b5fc314bcbb80f76b8deaf23a4c45767b87f750b Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Wed, 20 Nov 2013 12:54:02 +0100 Subject: [PATCH 09/11] target-i386: yield to another VCPU on PAUSE After commit b1bbfe7 (aio / timers: On timer modification, qemu_notify or aio_notify, 2013-08-21) FreeBSD guests report a huge slowdown. The problem shows up as soon as FreeBSD turns out its periodic (~1 ms) tick, but the timers are only the trigger for a pre-existing problem. Before the offending patch, setting a timer did a timer_settime system call. After, setting the timer exits the event loop (which uses poll) and reenters it with a new deadline. This does not cause any slowdown; the difference is between one system call (timer_settime and a signal delivery (SIGALRM) before the patch, and two system calls afterwards (write to a pipe or eventfd + calling poll again when re-entering the event loop). Unfortunately, the exit/enter causes the main loop to grab the iothread lock, which in turns kicks the VCPU thread out of execution. This causes TCG to execute the next VCPU in its round-robin scheduling of VCPUS. When the second VCPU is mostly unused, FreeBSD runs a "pause" instruction in its idle loop which only burns cycles without any progress. As soon as the timer tick expires, the first VCPU runs the interrupt handler but very soon it sets it again---and QEMU then goes back doing nothing in the second VCPU. The fix is to make the pause instruction do "cpu_loop_exit". Reported-by: Luigi Rizzo Reviewed-by: Richard Henderson Signed-off-by: Paolo Bonzini --- target-i386/helper.h | 1 + target-i386/misc_helper.c | 22 ++++++++++++++++++++-- target-i386/translate.c | 5 ++++- 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/target-i386/helper.h b/target-i386/helper.h index d6974dfd6b..3775abeba7 100644 --- a/target-i386/helper.h +++ b/target-i386/helper.h @@ -58,6 +58,7 @@ DEF_HELPER_2(sysret, void, env, int) DEF_HELPER_2(hlt, void, env, int) DEF_HELPER_2(monitor, void, env, tl) DEF_HELPER_2(mwait, void, env, int) +DEF_HELPER_2(pause, void, env, int) DEF_HELPER_1(debug, void, env) DEF_HELPER_1(reset_rf, void, env) DEF_HELPER_3(raise_interrupt, void, env, int, int) diff --git a/target-i386/misc_helper.c b/target-i386/misc_helper.c index 93933fd162..b6307ca386 100644 --- a/target-i386/misc_helper.c +++ b/target-i386/misc_helper.c @@ -566,6 +566,15 @@ void helper_rdmsr(CPUX86State *env) } #endif +static void do_pause(X86CPU *cpu) +{ + CPUX86State *env = &cpu->env; + + /* Just let another CPU run. */ + env->exception_index = EXCP_INTERRUPT; + cpu_loop_exit(env); +} + static void do_hlt(X86CPU *cpu) { CPUState *cs = CPU(cpu); @@ -611,13 +620,22 @@ void helper_mwait(CPUX86State *env, int next_eip_addend) cs = CPU(cpu); /* XXX: not complete but not completely erroneous */ if (cs->cpu_index != 0 || CPU_NEXT(cs) != NULL) { - /* more than one CPU: do not sleep because another CPU may - wake this one */ + do_pause(cpu); } else { do_hlt(cpu); } } +void helper_pause(CPUX86State *env, int next_eip_addend) +{ + X86CPU *cpu = x86_env_get_cpu(env); + + cpu_svm_check_intercept_param(env, SVM_EXIT_PAUSE, 0); + env->eip += next_eip_addend; + + do_pause(cpu); +} + void helper_debug(CPUX86State *env) { env->exception_index = EXCP_DEBUG; diff --git a/target-i386/translate.c b/target-i386/translate.c index eb0ea93dbb..ecf16b389b 100644 --- a/target-i386/translate.c +++ b/target-i386/translate.c @@ -7224,7 +7224,10 @@ static target_ulong disas_insn(CPUX86State *env, DisasContext *s, goto do_xchg_reg_eax; } if (prefixes & PREFIX_REPZ) { - gen_svm_check_intercept(s, pc_start, SVM_EXIT_PAUSE); + gen_update_cc_op(s); + gen_jmp_im(pc_start - s->cs_base); + gen_helper_pause(cpu_env, tcg_const_i32(s->pc - pc_start)); + s->is_jmp = DISAS_TB_JUMP; } break; case 0x9b: /* fwait */ From b6a06e72ef5e66e539012f63fca52c161c0d2496 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9=20Poussineau?= Date: Mon, 4 Nov 2013 23:26:17 +0100 Subject: [PATCH 10/11] mips jazz: do not raise data bus exception when accessing invalid addresses MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit MIPS Jazz chipset doesn't seem to raise data bus exceptions on invalid accesses. However, there is no easy way to prevent them. Creating a big memory region for the whole address space doesn't prevent memory core to directly call unassigned_mem_read/write which in turn call cpu->do_unassigned_access, which (for MIPS CPU) raise an data bus exception. This fixes a MIPS Jazz regression introduced in c658b94f6e8c206c59d02aa6fbac285b86b53d2c. Signed-off-by: Hervé Poussineau Signed-off-by: Paolo Bonzini --- hw/mips/mips_jazz.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c index 49bdd024ed..5f6dd9f588 100644 --- a/hw/mips/mips_jazz.c +++ b/hw/mips/mips_jazz.c @@ -108,6 +108,18 @@ static void cpu_request_exit(void *opaque, int irq, int level) } } +static CPUUnassignedAccess real_do_unassigned_access; +static void mips_jazz_do_unassigned_access(CPUState *cpu, hwaddr addr, + bool is_write, bool is_exec, + int opaque, unsigned size) +{ + if (!is_exec) { + /* ignore invalid access (ie do not raise exception) */ + return; + } + (*real_do_unassigned_access)(cpu, addr, is_write, is_exec, opaque, size); +} + static void mips_jazz_init(MemoryRegion *address_space, MemoryRegion *address_space_io, ram_addr_t ram_size, @@ -117,6 +129,7 @@ static void mips_jazz_init(MemoryRegion *address_space, char *filename; int bios_size, n; MIPSCPU *cpu; + CPUClass *cc; CPUMIPSState *env; qemu_irq *rc4030, *i8259; rc4030_dma *dmas; @@ -154,6 +167,17 @@ static void mips_jazz_init(MemoryRegion *address_space, env = &cpu->env; qemu_register_reset(main_cpu_reset, cpu); + /* Chipset returns 0 in invalid reads and do not raise data exceptions. + * However, we can't simply add a global memory region to catch + * everything, as memory core directly call unassigned_mem_read/write + * on some invalid accesses, which call do_unassigned_access on the + * CPU, which raise an exception. + * Handle that case by hijacking the do_unassigned_access method on + * the CPU, and do not raise exceptions for data access. */ + cc = CPU_GET_CLASS(cpu); + real_do_unassigned_access = cc->do_unassigned_access; + cc->do_unassigned_access = mips_jazz_do_unassigned_access; + /* allocate RAM */ memory_region_init_ram(ram, NULL, "mips_jazz.ram", ram_size); vmstate_register_ram_global(ram); From d607a52364e7bfc1cd6d3e425b898e86be4e525d Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Sun, 17 Nov 2013 19:19:52 +0100 Subject: [PATCH 11/11] qga: Fix compiler warnings (missing format attribute, wrong format strings) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gcc 4.8.2 reports this warning when extra warnings are enabled (-Wextra): CC qga/commands.o qga/commands.c: In function ‘slog’: qga/commands.c:28:5: error: function might be possible candidate for ‘gnu_printf’ format attribute [-Werror=suggest-attribute=format] g_logv("syslog", G_LOG_LEVEL_INFO, fmt, ap); ^ gcc 4.8.2 reports this warning when slog is declared with the gnu_printf format attribute: qga/commands-posix.c: In function ‘qmp_guest_file_open’: qga/commands-posix.c:404:5: warning: format ‘%d’ expects argument of type ‘int’, but argument 2 has type ‘int64_t’ [-Wformat=] slog("guest-file-open, handle: %d", handle); ^ On 32 bit hosts there are three more warnings which are also fixed here. Signed-off-by: Stefan Weil Signed-off-by: Paolo Bonzini --- qga/commands-posix.c | 8 ++++---- qga/guest-agent-core.h | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/qga/commands-posix.c b/qga/commands-posix.c index 10682f58dc..8100bee67e 100644 --- a/qga/commands-posix.c +++ b/qga/commands-posix.c @@ -401,7 +401,7 @@ int64_t qmp_guest_file_open(const char *path, bool has_mode, const char *mode, E return -1; } - slog("guest-file-open, handle: %d", handle); + slog("guest-file-open, handle: %" PRId64, handle); return handle; } @@ -410,7 +410,7 @@ void qmp_guest_file_close(int64_t handle, Error **err) GuestFileHandle *gfh = guest_file_handle_find(handle, err); int ret; - slog("guest-file-close called, handle: %ld", handle); + slog("guest-file-close called, handle: %" PRId64, handle); if (!gfh) { return; } @@ -451,7 +451,7 @@ struct GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count, read_count = fread(buf, 1, count, fh); if (ferror(fh)) { error_setg_errno(err, errno, "failed to read file"); - slog("guest-file-read failed, handle: %ld", handle); + slog("guest-file-read failed, handle: %" PRId64, handle); } else { buf[read_count] = 0; read_data = g_malloc0(sizeof(GuestFileRead)); @@ -496,7 +496,7 @@ GuestFileWrite *qmp_guest_file_write(int64_t handle, const char *buf_b64, write_count = fwrite(buf, 1, count, fh); if (ferror(fh)) { error_setg_errno(err, errno, "failed to write to file"); - slog("guest-file-write failed, handle: %ld", handle); + slog("guest-file-write failed, handle: %" PRId64, handle); } else { write_data = g_malloc0(sizeof(GuestFileWrite)); write_data->count = write_count; diff --git a/qga/guest-agent-core.h b/qga/guest-agent-core.h index 624a559d94..e422208b4e 100644 --- a/qga/guest-agent-core.h +++ b/qga/guest-agent-core.h @@ -29,7 +29,7 @@ GACommandState *ga_command_state_new(void); bool ga_logging_enabled(GAState *s); void ga_disable_logging(GAState *s); void ga_enable_logging(GAState *s); -void slog(const gchar *fmt, ...); +void GCC_FMT_ATTR(1, 2) slog(const gchar *fmt, ...); void ga_set_response_delimited(GAState *s); bool ga_is_frozen(GAState *s); void ga_set_frozen(GAState *s);