--- /dev/null
+#!/usr/bin/env python3
+#
+# check-dco.py: validate all commits are signed off
+#
+# Copyright (C) 2020 Red Hat, Inc.
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+import os
+import os.path
+import sys
+import subprocess
+
+namespace = "qemu-project"
+if len(sys.argv) >= 2:
+ namespace = sys.argv[1]
+
+cwd = os.getcwd()
+reponame = os.path.basename(cwd)
+repourl = "https://gitlab.com/%s/%s.git" % (namespace, reponame)
+
+subprocess.check_call(["git", "remote", "add", "check-dco", repourl])
+subprocess.check_call(["git", "fetch", "check-dco", "master"],
+ stdout=subprocess.DEVNULL,
+ stderr=subprocess.DEVNULL)
+
+ancestor = subprocess.check_output(["git", "merge-base",
+ "check-dco/master", "HEAD"],
+ universal_newlines=True)
+
+ancestor = ancestor.strip()
+
+subprocess.check_call(["git", "remote", "rm", "check-dco"])
+
+errors = False
+
+print("\nChecking for 'Signed-off-by: NAME <EMAIL>' " +
+ "on all commits since %s...\n" % ancestor)
+
+log = subprocess.check_output(["git", "log", "--format=%H %s",
+ ancestor + "..."],
+ universal_newlines=True)
+
+if log == "":
+ commits = []
+else:
+ commits = [[c[0:40], c[41:]] for c in log.strip().split("\n")]
+
+for sha, subject in commits:
+
+ msg = subprocess.check_output(["git", "show", "-s", sha],
+ universal_newlines=True)
+ lines = msg.strip().split("\n")
+
+ print("🔍 %s %s" % (sha, subject))
+ sob = False
+ for line in lines:
+ if "Signed-off-by:" in line:
+ sob = True
+ if "localhost" in line:
+ print(" ❌ FAIL: bad email in %s" % line)
+ errors = True
+
+ if not sob:
+ print(" ❌ FAIL missing Signed-off-by tag")
+ errors = True
+
+if errors:
+ print("""
+
+❌ ERROR: One or more commits are missing a valid Signed-off-By tag.
+
+
+This project requires all contributors to assert that their contributions
+are provided in compliance with the terms of the Developer's Certificate
+of Origin 1.1 (DCO):
+
+ https://developercertificate.org/
+
+To indicate acceptance of the DCO every commit must have a tag
+
+ Signed-off-by: REAL NAME <EMAIL>
+
+This can be achieved by passing the "-s" flag to the "git commit" command.
+
+To bulk update all commits on current branch "git rebase" can be used:
+
+ git rebase -i master -x 'git commit --amend --no-edit -s'
+
+""")
+
+ sys.exit(1)
+
+sys.exit(0)
--- /dev/null
+#!/usr/bin/env python3
+#
+# check-patch.py: run checkpatch.pl across all commits in a branch
+#
+# Copyright (C) 2020 Red Hat, Inc.
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+import os
+import os.path
+import sys
+import subprocess
+
+namespace = "qemu-project"
+if len(sys.argv) >= 2:
+ namespace = sys.argv[1]
+
+cwd = os.getcwd()
+reponame = os.path.basename(cwd)
+repourl = "https://gitlab.com/%s/%s.git" % (namespace, reponame)
+
+# GitLab CI environment does not give us any direct info about the
+# base for the user's branch. We thus need to figure out a common
+# ancestor between the user's branch and current git master.
+subprocess.check_call(["git", "remote", "add", "check-patch", repourl])
+subprocess.check_call(["git", "fetch", "check-patch", "master"],
+ stdout=subprocess.DEVNULL,
+ stderr=subprocess.DEVNULL)
+
+ancestor = subprocess.check_output(["git", "merge-base",
+ "check-patch/master", "HEAD"],
+ universal_newlines=True)
+
+ancestor = ancestor.strip()
+
+subprocess.check_call(["git", "remote", "rm", "check-patch"])
+
+errors = False
+
+print("\nChecking all commits since %s...\n" % ancestor)
+
+ret = subprocess.run(["scripts/checkpatch.pl", ancestor + "..."])
+
+if ret.returncode != 0:
+ print(" ❌ FAIL one or more commits failed scripts/checkpatch.pl")
+ sys.exit(1)
+
+sys.exit(0)
paths:
- ${CI_PROJECT_DIR}/avocado-cache
policy: pull-push
+ artifacts:
+ paths:
+ - build/tests/results/latest/results.xml
+ reports:
+ junit: build/tests/results/latest/results.xml
before_script:
- mkdir -p ~/.config/avocado
- echo "[datadir.paths]" > ~/.config/avocado/avocado.conf
fi
after_script:
- cd build
- - python3 -c 'import json; r = json.load(open("tests/results/latest/results.json")); [print(t["logfile"]) for t in r["tests"] if t["status"] not in ("PASS", "SKIP")]' | xargs cat
+ - python3 -c 'import json; r = json.load(open("tests/results/latest/results.json")); [print(t["logfile"]) for t in r["tests"] if t["status"] not in ("PASS", "SKIP", "CANCEL")]' | xargs cat
- du -chs ${CI_PROJECT_DIR}/avocado-cache
build-system-ubuntu:
- ./check -raw 001 002 003 004 005 008 009 010 011 012 021 025 032 033 048
052 063 077 086 101 104 106 113 148 150 151 152 157 159 160 163
170 171 183 184 192 194 197 208 215 221 222 226 227 236 253 277
- - ./check -qcow2 028 051 056 057 058 065 067 068 082 085 091 095 096 102 122
+ - ./check -qcow2 028 051 056 057 058 065 068 082 085 091 095 096 102 122
124 132 139 142 144 145 151 152 155 157 165 194 196 197 200 202
208 209 215 216 218 222 227 234 246 247 248 250 254 255 257 258
260 261 262 263 264 270 272 273 277 279
| grep -v slirp); do
grep "LLVMFuzzerTestOneInput" ${fuzzer} > /dev/null 2>&1 || continue ;
echo Testing ${fuzzer} ... ;
- "${fuzzer}" -runs=1000 -seed=1 || exit 1 ;
+ "${fuzzer}" -runs=1 -seed=1 || exit 1 ;
done
# Unrelated to fuzzer: run some tests with -fsanitize=address
- cd build-oss-fuzz && make check-qtest-i386 check-unit
variables:
IMAGE: centos7
MAKE_CHECK_ARGS: check
+
+
+check-patch:
+ stage: build
+ image: $CI_REGISTRY_IMAGE/qemu/centos8:latest
+ script: .gitlab-ci.d/check-patch.py
+ except:
+ variables:
+ - $CI_PROJECT_NAMESPACE == 'qemu-project' && $CI_COMMIT_BRANCH == 'master'
+ variables:
+ GIT_DEPTH: 1000
+ allow_failure: true
+
+check-dco:
+ stage: build
+ image: $CI_REGISTRY_IMAGE/qemu/centos8:latest
+ script: .gitlab-ci.d/check-dco.py
+ except:
+ variables:
+ - $CI_PROJECT_NAMESPACE == 'qemu-project' && $CI_COMMIT_BRANCH == 'master'
+ variables:
+ GIT_DEPTH: 1000
S: Maintained
F: softmmu/cpus.c
F: cpus-common.c
-F: exec.c
F: accel/tcg/
F: accel/stubs/tcg-stub.c
F: scripts/decodetree.py
M: Eduardo Habkost <ehabkost@redhat.com>
M: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
S: Supported
+F: cpu.c
F: hw/core/cpu.c
F: hw/core/machine-qmp-cmds.c
F: hw/core/machine.c
R: Gerd Hoffmann <kraxel@redhat.com>
S: Supported
F: docs/specs/fw_cfg.txt
-F: hw/nvram/fw_cfg.c
+F: hw/nvram/fw_cfg*.c
F: stubs/fw_cfg.c
F: include/hw/nvram/fw_cfg.h
F: include/standard-headers/linux/qemu_fw_cfg.h
M: Alistair Francis <alistair.francis@wdc.com>
R: David Gibson <david@gibson.dropbear.id.au>
S: Maintained
-F: device_tree.c
+F: softmmu/device_tree.c
F: include/sysemu/device_tree.h
Dump
F: include/exec/memory.h
F: include/exec/ram_addr.h
F: include/exec/ramblock.h
+F: softmmu/dma-helpers.c
F: softmmu/ioport.c
F: softmmu/memory.c
+F: softmmu/physmem.c
F: include/exec/memory-internal.h
-F: exec.c
F: scripts/coccinelle/memory-region-housekeeping.cocci
SPICE
F: include/qom/
F: qapi/qom.json
F: qapi/qdev.json
-F: qdev-monitor.c
+F: scripts/coccinelle/qom-parent-type.cocci
+F: softmmu/qdev-monitor.c
F: qom/
F: tests/check-qom-interface.c
F: tests/check-qom-proplist.c
F: softmmu/qtest.c
F: accel/qtest/
F: tests/qtest/
-X: tests/qtest/bios-tables-test-allowed-diff.h
+X: tests/qtest/bios-tables-test*
Device Fuzzing
M: Alexander Bulekov <alxndr@bu.edu>
Seccomp
M: Eduardo Otubo <otubo@redhat.com>
S: Supported
-F: qemu-seccomp.c
+F: softmmu/qemu-seccomp.c
F: include/sysemu/seccomp.h
Cryptography
Bootdevice
M: Gonglei <arei.gonglei@huawei.com>
S: Maintained
-F: bootdevice.c
+F: softmmu/bootdevice.c
Quorum
M: Alberto Garcia <berto@igalia.com>
S: Maintained
F: .gitlab-ci.yml
F: .gitlab-ci.d/crossbuilds.yml
+F: .gitlab-ci.d/*py
Guest Test Compilation Support
M: Alex Bennée <alex.bennee@linaro.org>
-authz_ss = ss.source_set()
authz_ss.add(genh)
authz_ss.add(files(
'base.c',
))
authz_ss.add(when: ['CONFIG_AUTH_PAM', pam], if_true: files('pamacct.c'))
-
-authz_ss = authz_ss.apply(config_host, strict: false)
-libauthz = static_library('authz', authz_ss.sources() + genh,
- dependencies: [authz_ss.dependencies()],
- name_suffix: 'fa',
- build_by_default: false)
-
-authz = declare_dependency(link_whole: libauthz,
- dependencies: qom)
+++ /dev/null
-/*
- * QEMU Boot Device Implement
- *
- * Copyright (c) 2014 HUAWEI TECHNOLOGIES CO., LTD.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-#include "qemu/osdep.h"
-#include "qapi/error.h"
-#include "sysemu/sysemu.h"
-#include "qapi/visitor.h"
-#include "qemu/error-report.h"
-#include "sysemu/reset.h"
-#include "hw/qdev-core.h"
-#include "hw/boards.h"
-
-typedef struct FWBootEntry FWBootEntry;
-
-struct FWBootEntry {
- QTAILQ_ENTRY(FWBootEntry) link;
- int32_t bootindex;
- DeviceState *dev;
- char *suffix;
-};
-
-static QTAILQ_HEAD(, FWBootEntry) fw_boot_order =
- QTAILQ_HEAD_INITIALIZER(fw_boot_order);
-static QEMUBootSetHandler *boot_set_handler;
-static void *boot_set_opaque;
-
-void qemu_register_boot_set(QEMUBootSetHandler *func, void *opaque)
-{
- boot_set_handler = func;
- boot_set_opaque = opaque;
-}
-
-void qemu_boot_set(const char *boot_order, Error **errp)
-{
- Error *local_err = NULL;
-
- if (!boot_set_handler) {
- error_setg(errp, "no function defined to set boot device list for"
- " this architecture");
- return;
- }
-
- validate_bootdevices(boot_order, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
-
- boot_set_handler(boot_set_opaque, boot_order, errp);
-}
-
-void validate_bootdevices(const char *devices, Error **errp)
-{
- /* We just do some generic consistency checks */
- const char *p;
- int bitmap = 0;
-
- for (p = devices; *p != '\0'; p++) {
- /* Allowed boot devices are:
- * a-b: floppy disk drives
- * c-f: IDE disk drives
- * g-m: machine implementation dependent drives
- * n-p: network devices
- * It's up to each machine implementation to check if the given boot
- * devices match the actual hardware implementation and firmware
- * features.
- */
- if (*p < 'a' || *p > 'p') {
- error_setg(errp, "Invalid boot device '%c'", *p);
- return;
- }
- if (bitmap & (1 << (*p - 'a'))) {
- error_setg(errp, "Boot device '%c' was given twice", *p);
- return;
- }
- bitmap |= 1 << (*p - 'a');
- }
-}
-
-void restore_boot_order(void *opaque)
-{
- char *normal_boot_order = opaque;
- static int first = 1;
-
- /* Restore boot order and remove ourselves after the first boot */
- if (first) {
- first = 0;
- return;
- }
-
- if (boot_set_handler) {
- qemu_boot_set(normal_boot_order, &error_abort);
- }
-
- qemu_unregister_reset(restore_boot_order, normal_boot_order);
- g_free(normal_boot_order);
-}
-
-void check_boot_index(int32_t bootindex, Error **errp)
-{
- FWBootEntry *i;
-
- if (bootindex >= 0) {
- QTAILQ_FOREACH(i, &fw_boot_order, link) {
- if (i->bootindex == bootindex) {
- error_setg(errp, "The bootindex %d has already been used",
- bootindex);
- return;
- }
- }
- }
-}
-
-void del_boot_device_path(DeviceState *dev, const char *suffix)
-{
- FWBootEntry *i;
-
- if (dev == NULL) {
- return;
- }
-
- QTAILQ_FOREACH(i, &fw_boot_order, link) {
- if ((!suffix || !g_strcmp0(i->suffix, suffix)) &&
- i->dev == dev) {
- QTAILQ_REMOVE(&fw_boot_order, i, link);
- g_free(i->suffix);
- g_free(i);
-
- break;
- }
- }
-}
-
-void add_boot_device_path(int32_t bootindex, DeviceState *dev,
- const char *suffix)
-{
- FWBootEntry *node, *i;
-
- if (bootindex < 0) {
- del_boot_device_path(dev, suffix);
- return;
- }
-
- assert(dev != NULL || suffix != NULL);
-
- del_boot_device_path(dev, suffix);
-
- node = g_malloc0(sizeof(FWBootEntry));
- node->bootindex = bootindex;
- node->suffix = g_strdup(suffix);
- node->dev = dev;
-
- QTAILQ_FOREACH(i, &fw_boot_order, link) {
- if (i->bootindex == bootindex) {
- error_report("Two devices with same boot index %d", bootindex);
- exit(1);
- } else if (i->bootindex < bootindex) {
- continue;
- }
- QTAILQ_INSERT_BEFORE(i, node, link);
- return;
- }
- QTAILQ_INSERT_TAIL(&fw_boot_order, node, link);
-}
-
-DeviceState *get_boot_device(uint32_t position)
-{
- uint32_t counter = 0;
- FWBootEntry *i = NULL;
- DeviceState *res = NULL;
-
- if (!QTAILQ_EMPTY(&fw_boot_order)) {
- QTAILQ_FOREACH(i, &fw_boot_order, link) {
- if (counter == position) {
- res = i->dev;
- break;
- }
- counter++;
- }
- }
- return res;
-}
-
-static char *get_boot_device_path(DeviceState *dev, bool ignore_suffixes,
- const char *suffix)
-{
- char *devpath = NULL, *s = NULL, *d, *bootpath;
-
- if (dev) {
- devpath = qdev_get_fw_dev_path(dev);
- assert(devpath);
- }
-
- if (!ignore_suffixes) {
- if (dev) {
- d = qdev_get_own_fw_dev_path_from_handler(dev->parent_bus, dev);
- if (d) {
- assert(!suffix);
- s = d;
- } else {
- s = g_strdup(suffix);
- }
- } else {
- s = g_strdup(suffix);
- }
- }
-
- bootpath = g_strdup_printf("%s%s",
- devpath ? devpath : "",
- s ? s : "");
- g_free(devpath);
- g_free(s);
-
- return bootpath;
-}
-
-/*
- * This function returns null terminated string that consist of new line
- * separated device paths.
- *
- * memory pointed by "size" is assigned total length of the array in bytes
- *
- */
-char *get_boot_devices_list(size_t *size)
-{
- FWBootEntry *i;
- size_t total = 0;
- char *list = NULL;
- MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
- bool ignore_suffixes = mc->ignore_boot_device_suffixes;
-
- QTAILQ_FOREACH(i, &fw_boot_order, link) {
- char *bootpath;
- size_t len;
-
- bootpath = get_boot_device_path(i->dev, ignore_suffixes, i->suffix);
-
- if (total) {
- list[total-1] = '\n';
- }
- len = strlen(bootpath) + 1;
- list = g_realloc(list, total + len);
- memcpy(&list[total], bootpath, len);
- total += len;
- g_free(bootpath);
- }
-
- *size = total;
-
- if (boot_strict && *size > 0) {
- list[total-1] = '\n';
- list = g_realloc(list, total + 5);
- memcpy(&list[total], "HALT", 5);
- *size = total + 5;
- }
- return list;
-}
-
-typedef struct {
- int32_t *bootindex;
- const char *suffix;
- DeviceState *dev;
-} BootIndexProperty;
-
-static void device_get_bootindex(Object *obj, Visitor *v, const char *name,
- void *opaque, Error **errp)
-{
- BootIndexProperty *prop = opaque;
- visit_type_int32(v, name, prop->bootindex, errp);
-}
-
-static void device_set_bootindex(Object *obj, Visitor *v, const char *name,
- void *opaque, Error **errp)
-{
- BootIndexProperty *prop = opaque;
- int32_t boot_index;
- Error *local_err = NULL;
-
- if (!visit_type_int32(v, name, &boot_index, errp)) {
- return;
- }
- /* check whether bootindex is present in fw_boot_order list */
- check_boot_index(boot_index, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
- /* change bootindex to a new one */
- *prop->bootindex = boot_index;
-
- add_boot_device_path(*prop->bootindex, prop->dev, prop->suffix);
-}
-
-static void property_release_bootindex(Object *obj, const char *name,
- void *opaque)
-
-{
- BootIndexProperty *prop = opaque;
-
- del_boot_device_path(prop->dev, prop->suffix);
- g_free(prop);
-}
-
-void device_add_bootindex_property(Object *obj, int32_t *bootindex,
- const char *name, const char *suffix,
- DeviceState *dev)
-{
- BootIndexProperty *prop = g_malloc0(sizeof(*prop));
-
- prop->bootindex = bootindex;
- prop->suffix = suffix;
- prop->dev = dev;
-
- object_property_add(obj, name, "int32",
- device_get_bootindex,
- device_set_bootindex,
- property_release_bootindex,
- prop);
-
- /* initialize devices' bootindex property to -1 */
- object_property_set_int(obj, name, -1, NULL);
-}
-
-typedef struct FWLCHSEntry FWLCHSEntry;
-
-struct FWLCHSEntry {
- QTAILQ_ENTRY(FWLCHSEntry) link;
- DeviceState *dev;
- char *suffix;
- uint32_t lcyls;
- uint32_t lheads;
- uint32_t lsecs;
-};
-
-static QTAILQ_HEAD(, FWLCHSEntry) fw_lchs =
- QTAILQ_HEAD_INITIALIZER(fw_lchs);
-
-void add_boot_device_lchs(DeviceState *dev, const char *suffix,
- uint32_t lcyls, uint32_t lheads, uint32_t lsecs)
-{
- FWLCHSEntry *node;
-
- if (!lcyls && !lheads && !lsecs) {
- return;
- }
-
- assert(dev != NULL || suffix != NULL);
-
- node = g_malloc0(sizeof(FWLCHSEntry));
- node->suffix = g_strdup(suffix);
- node->dev = dev;
- node->lcyls = lcyls;
- node->lheads = lheads;
- node->lsecs = lsecs;
-
- QTAILQ_INSERT_TAIL(&fw_lchs, node, link);
-}
-
-void del_boot_device_lchs(DeviceState *dev, const char *suffix)
-{
- FWLCHSEntry *i;
-
- if (dev == NULL) {
- return;
- }
-
- QTAILQ_FOREACH(i, &fw_lchs, link) {
- if ((!suffix || !g_strcmp0(i->suffix, suffix)) &&
- i->dev == dev) {
- QTAILQ_REMOVE(&fw_lchs, i, link);
- g_free(i->suffix);
- g_free(i);
-
- break;
- }
- }
-}
-
-char *get_boot_devices_lchs_list(size_t *size)
-{
- FWLCHSEntry *i;
- size_t total = 0;
- char *list = NULL;
-
- QTAILQ_FOREACH(i, &fw_lchs, link) {
- char *bootpath;
- char *chs_string;
- size_t len;
-
- bootpath = get_boot_device_path(i->dev, false, i->suffix);
- chs_string = g_strdup_printf("%s %" PRIu32 " %" PRIu32 " %" PRIu32,
- bootpath, i->lcyls, i->lheads, i->lsecs);
-
- if (total) {
- list[total - 1] = '\n';
- }
- len = strlen(chs_string) + 1;
- list = g_realloc(list, total + len);
- memcpy(&list[total], chs_string, len);
- total += len;
- g_free(chs_string);
- g_free(bootpath);
- }
-
- *size = total;
-
- return list;
-}
-chardev_ss = ss.source_set()
chardev_ss.add(files(
'char-fe.c',
'char-file.c',
))
chardev_ss = chardev_ss.apply(config_host, strict: false)
-libchardev = static_library('chardev', chardev_ss.sources() + genh,
- name_suffix: 'fa',
- build_by_default: false)
-
-chardev = declare_dependency(link_whole: libchardev)
softmmu_ss.add(files('chardev-sysemu.c', 'msmouse.c', 'wctablet.c', 'testdev.c'))
softmmu_ss.add(when: ['CONFIG_SPICE', spice], if_true: files('spice.c'))
-Db_pie=$(if test "$pie" = yes; then echo true; else echo false; fi) \
-Db_staticpic=$(if test "$pie" = yes; then echo true; else echo false; fi) \
-Db_coverage=$(if test "$gcov" = yes; then echo true; else echo false; fi) \
- -Dmalloc=$malloc -Dmalloc_trim=$malloc_trim -Dsparse=$sparse \
- -Dkvm=$kvm -Dhax=$hax -Dwhpx=$whpx -Dhvf=$hvf \
- -Dxen=$xen -Dxen_pci_passthrough=$xen_pci_passthrough -Dtcg=$tcg \
- -Dcocoa=$cocoa -Dmpath=$mpath -Dsdl=$sdl -Dsdl_image=$sdl_image \
- -Dvnc=$vnc -Dvnc_sasl=$vnc_sasl -Dvnc_jpeg=$vnc_jpeg -Dvnc_png=$vnc_png \
- -Dgettext=$gettext -Dxkbcommon=$xkbcommon -Du2f=$u2f \
- -Dcapstone=$capstone -Dslirp=$slirp -Dfdt=$fdt \
+ -Dmalloc=$malloc -Dmalloc_trim=$malloc_trim -Dsparse=$sparse \
+ -Dkvm=$kvm -Dhax=$hax -Dwhpx=$whpx -Dhvf=$hvf \
+ -Dxen=$xen -Dxen_pci_passthrough=$xen_pci_passthrough -Dtcg=$tcg \
+ -Dcocoa=$cocoa -Dmpath=$mpath -Dsdl=$sdl -Dsdl_image=$sdl_image \
+ -Dvnc=$vnc -Dvnc_sasl=$vnc_sasl -Dvnc_jpeg=$vnc_jpeg -Dvnc_png=$vnc_png \
+ -Dgettext=$gettext -Dxkbcommon=$xkbcommon -Du2f=$u2f \
+ -Dcapstone=$capstone -Dslirp=$slirp -Dfdt=$fdt \
$cross_arg \
"$PWD" "$source_path"
--- /dev/null
+/*
+ * Target-specific parts of the CPU object
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qapi/error.h"
+
+#include "exec/target_page.h"
+#include "hw/qdev-core.h"
+#include "hw/qdev-properties.h"
+#include "qemu/error-report.h"
+#include "migration/vmstate.h"
+#ifdef CONFIG_USER_ONLY
+#include "qemu.h"
+#else
+#include "exec/address-spaces.h"
+#endif
+#include "sysemu/tcg.h"
+#include "sysemu/kvm.h"
+#include "sysemu/replay.h"
+#include "translate-all.h"
+#include "exec/log.h"
+
+uintptr_t qemu_host_page_size;
+intptr_t qemu_host_page_mask;
+
+#ifndef CONFIG_USER_ONLY
+static int cpu_common_post_load(void *opaque, int version_id)
+{
+ CPUState *cpu = opaque;
+
+ /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
+ version_id is increased. */
+ cpu->interrupt_request &= ~0x01;
+ tlb_flush(cpu);
+
+ /* loadvm has just updated the content of RAM, bypassing the
+ * usual mechanisms that ensure we flush TBs for writes to
+ * memory we've translated code from. So we must flush all TBs,
+ * which will now be stale.
+ */
+ tb_flush(cpu);
+
+ return 0;
+}
+
+static int cpu_common_pre_load(void *opaque)
+{
+ CPUState *cpu = opaque;
+
+ cpu->exception_index = -1;
+
+ return 0;
+}
+
+static bool cpu_common_exception_index_needed(void *opaque)
+{
+ CPUState *cpu = opaque;
+
+ return tcg_enabled() && cpu->exception_index != -1;
+}
+
+static const VMStateDescription vmstate_cpu_common_exception_index = {
+ .name = "cpu_common/exception_index",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .needed = cpu_common_exception_index_needed,
+ .fields = (VMStateField[]) {
+ VMSTATE_INT32(exception_index, CPUState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static bool cpu_common_crash_occurred_needed(void *opaque)
+{
+ CPUState *cpu = opaque;
+
+ return cpu->crash_occurred;
+}
+
+static const VMStateDescription vmstate_cpu_common_crash_occurred = {
+ .name = "cpu_common/crash_occurred",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .needed = cpu_common_crash_occurred_needed,
+ .fields = (VMStateField[]) {
+ VMSTATE_BOOL(crash_occurred, CPUState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+const VMStateDescription vmstate_cpu_common = {
+ .name = "cpu_common",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .pre_load = cpu_common_pre_load,
+ .post_load = cpu_common_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(halted, CPUState),
+ VMSTATE_UINT32(interrupt_request, CPUState),
+ VMSTATE_END_OF_LIST()
+ },
+ .subsections = (const VMStateDescription*[]) {
+ &vmstate_cpu_common_exception_index,
+ &vmstate_cpu_common_crash_occurred,
+ NULL
+ }
+};
+#endif
+
+void cpu_exec_unrealizefn(CPUState *cpu)
+{
+ CPUClass *cc = CPU_GET_CLASS(cpu);
+
+ tlb_destroy(cpu);
+ cpu_list_remove(cpu);
+
+#ifdef CONFIG_USER_ONLY
+ assert(cc->vmsd == NULL);
+#else
+ if (cc->vmsd != NULL) {
+ vmstate_unregister(NULL, cc->vmsd, cpu);
+ }
+ if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
+ vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
+ }
+ tcg_iommu_free_notifier_list(cpu);
+#endif
+}
+
+Property cpu_common_props[] = {
+#ifndef CONFIG_USER_ONLY
+ /* Create a memory property for softmmu CPU object,
+ * so users can wire up its memory. (This can't go in hw/core/cpu.c
+ * because that file is compiled only once for both user-mode
+ * and system builds.) The default if no link is set up is to use
+ * the system address space.
+ */
+ DEFINE_PROP_LINK("memory", CPUState, memory, TYPE_MEMORY_REGION,
+ MemoryRegion *),
+#endif
+ DEFINE_PROP_BOOL("start-powered-off", CPUState, start_powered_off, false),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+void cpu_exec_initfn(CPUState *cpu)
+{
+ cpu->as = NULL;
+ cpu->num_ases = 0;
+
+#ifndef CONFIG_USER_ONLY
+ cpu->thread_id = qemu_get_thread_id();
+ cpu->memory = get_system_memory();
+ object_ref(OBJECT(cpu->memory));
+#endif
+}
+
+void cpu_exec_realizefn(CPUState *cpu, Error **errp)
+{
+ CPUClass *cc = CPU_GET_CLASS(cpu);
+ static bool tcg_target_initialized;
+
+ cpu_list_add(cpu);
+
+ if (tcg_enabled() && !tcg_target_initialized) {
+ tcg_target_initialized = true;
+ cc->tcg_initialize();
+ }
+ tlb_init(cpu);
+
+ qemu_plugin_vcpu_init_hook(cpu);
+
+#ifdef CONFIG_USER_ONLY
+ assert(cc->vmsd == NULL);
+#else /* !CONFIG_USER_ONLY */
+ if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
+ vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
+ }
+ if (cc->vmsd != NULL) {
+ vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
+ }
+
+ tcg_iommu_init_notifier_list(cpu);
+#endif
+}
+
+const char *parse_cpu_option(const char *cpu_option)
+{
+ ObjectClass *oc;
+ CPUClass *cc;
+ gchar **model_pieces;
+ const char *cpu_type;
+
+ model_pieces = g_strsplit(cpu_option, ",", 2);
+ if (!model_pieces[0]) {
+ error_report("-cpu option cannot be empty");
+ exit(1);
+ }
+
+ oc = cpu_class_by_name(CPU_RESOLVING_TYPE, model_pieces[0]);
+ if (oc == NULL) {
+ error_report("unable to find CPU model '%s'", model_pieces[0]);
+ g_strfreev(model_pieces);
+ exit(EXIT_FAILURE);
+ }
+
+ cpu_type = object_class_get_name(oc);
+ cc = CPU_CLASS(oc);
+ cc->parse_features(cpu_type, model_pieces[1], &error_fatal);
+ g_strfreev(model_pieces);
+ return cpu_type;
+}
+
+#if defined(CONFIG_USER_ONLY)
+void tb_invalidate_phys_addr(target_ulong addr)
+{
+ mmap_lock();
+ tb_invalidate_phys_page_range(addr, addr + 1);
+ mmap_unlock();
+}
+
+static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
+{
+ tb_invalidate_phys_addr(pc);
+}
+#else
+void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr, MemTxAttrs attrs)
+{
+ ram_addr_t ram_addr;
+ MemoryRegion *mr;
+ hwaddr l = 1;
+
+ if (!tcg_enabled()) {
+ return;
+ }
+
+ RCU_READ_LOCK_GUARD();
+ mr = address_space_translate(as, addr, &addr, &l, false, attrs);
+ if (!(memory_region_is_ram(mr)
+ || memory_region_is_romd(mr))) {
+ return;
+ }
+ ram_addr = memory_region_get_ram_addr(mr) + addr;
+ tb_invalidate_phys_page_range(ram_addr, ram_addr + 1);
+}
+
+static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
+{
+ /*
+ * There may not be a virtual to physical translation for the pc
+ * right now, but there may exist cached TB for this pc.
+ * Flush the whole TB cache to force re-translation of such TBs.
+ * This is heavyweight, but we're debugging anyway.
+ */
+ tb_flush(cpu);
+}
+#endif
+
+/* Add a breakpoint. */
+int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
+ CPUBreakpoint **breakpoint)
+{
+ CPUBreakpoint *bp;
+
+ bp = g_malloc(sizeof(*bp));
+
+ bp->pc = pc;
+ bp->flags = flags;
+
+ /* keep all GDB-injected breakpoints in front */
+ if (flags & BP_GDB) {
+ QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
+ } else {
+ QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
+ }
+
+ breakpoint_invalidate(cpu, pc);
+
+ if (breakpoint) {
+ *breakpoint = bp;
+ }
+ return 0;
+}
+
+/* Remove a specific breakpoint. */
+int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
+{
+ CPUBreakpoint *bp;
+
+ QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
+ if (bp->pc == pc && bp->flags == flags) {
+ cpu_breakpoint_remove_by_ref(cpu, bp);
+ return 0;
+ }
+ }
+ return -ENOENT;
+}
+
+/* Remove a specific breakpoint by reference. */
+void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
+{
+ QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
+
+ breakpoint_invalidate(cpu, breakpoint->pc);
+
+ g_free(breakpoint);
+}
+
+/* Remove all matching breakpoints. */
+void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
+{
+ CPUBreakpoint *bp, *next;
+
+ QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
+ if (bp->flags & mask) {
+ cpu_breakpoint_remove_by_ref(cpu, bp);
+ }
+ }
+}
+
+/* enable or disable single step mode. EXCP_DEBUG is returned by the
+ CPU loop after each instruction */
+void cpu_single_step(CPUState *cpu, int enabled)
+{
+ if (cpu->singlestep_enabled != enabled) {
+ cpu->singlestep_enabled = enabled;
+ if (kvm_enabled()) {
+ kvm_update_guest_debug(cpu, 0);
+ } else {
+ /* must flush all the translated code to avoid inconsistencies */
+ /* XXX: only flush what is necessary */
+ tb_flush(cpu);
+ }
+ }
+}
+
+void cpu_abort(CPUState *cpu, const char *fmt, ...)
+{
+ va_list ap;
+ va_list ap2;
+
+ va_start(ap, fmt);
+ va_copy(ap2, ap);
+ fprintf(stderr, "qemu: fatal: ");
+ vfprintf(stderr, fmt, ap);
+ fprintf(stderr, "\n");
+ cpu_dump_state(cpu, stderr, CPU_DUMP_FPU | CPU_DUMP_CCOP);
+ if (qemu_log_separate()) {
+ FILE *logfile = qemu_log_lock();
+ qemu_log("qemu: fatal: ");
+ qemu_log_vprintf(fmt, ap2);
+ qemu_log("\n");
+ log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
+ qemu_log_flush();
+ qemu_log_unlock(logfile);
+ qemu_log_close();
+ }
+ va_end(ap2);
+ va_end(ap);
+ replay_finish();
+#if defined(CONFIG_USER_ONLY)
+ {
+ struct sigaction act;
+ sigfillset(&act.sa_mask);
+ act.sa_handler = SIG_DFL;
+ act.sa_flags = 0;
+ sigaction(SIGABRT, &act, NULL);
+ }
+#endif
+ abort();
+}
+
+/* physical memory access (slow version, mainly for debug) */
+#if defined(CONFIG_USER_ONLY)
+int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
+ void *ptr, target_ulong len, bool is_write)
+{
+ int flags;
+ target_ulong l, page;
+ void * p;
+ uint8_t *buf = ptr;
+
+ while (len > 0) {
+ page = addr & TARGET_PAGE_MASK;
+ l = (page + TARGET_PAGE_SIZE) - addr;
+ if (l > len)
+ l = len;
+ flags = page_get_flags(page);
+ if (!(flags & PAGE_VALID))
+ return -1;
+ if (is_write) {
+ if (!(flags & PAGE_WRITE))
+ return -1;
+ /* XXX: this code should not depend on lock_user */
+ if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
+ return -1;
+ memcpy(p, buf, l);
+ unlock_user(p, addr, l);
+ } else {
+ if (!(flags & PAGE_READ))
+ return -1;
+ /* XXX: this code should not depend on lock_user */
+ if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
+ return -1;
+ memcpy(buf, p, l);
+ unlock_user(p, addr, 0);
+ }
+ len -= l;
+ buf += l;
+ addr += l;
+ }
+ return 0;
+}
+#endif
+
+bool target_words_bigendian(void)
+{
+#if defined(TARGET_WORDS_BIGENDIAN)
+ return true;
+#else
+ return false;
+#endif
+}
+
+void page_size_init(void)
+{
+ /* NOTE: we can always suppose that qemu_host_page_size >=
+ TARGET_PAGE_SIZE */
+ if (qemu_host_page_size == 0) {
+ qemu_host_page_size = qemu_real_host_page_size;
+ }
+ if (qemu_host_page_size < TARGET_PAGE_SIZE) {
+ qemu_host_page_size = TARGET_PAGE_SIZE;
+ }
+ qemu_host_page_mask = -(intptr_t)qemu_host_page_size;
+}
-crypto_ss = ss.source_set()
crypto_ss.add(genh)
crypto_ss.add(files(
'afsplit.c',
endif
-crypto_ss = crypto_ss.apply(config_host, strict: false)
-libcrypto = static_library('crypto', crypto_ss.sources() + genh,
- dependencies: [crypto_ss.dependencies()],
- name_suffix: 'fa',
- build_by_default: false)
-
-crypto = declare_dependency(link_whole: libcrypto,
- dependencies: [authz, qom])
-
util_ss.add(files('aes.c'))
util_ss.add(files('init.c'))
+++ /dev/null
-/*
- * Functions to help device tree manipulation using libfdt.
- * It also provides functions to read entries from device tree proc
- * interface.
- *
- * Copyright 2008 IBM Corporation.
- * Authors: Jerone Young <jyoung5@us.ibm.com>
- * Hollis Blanchard <hollisb@us.ibm.com>
- *
- * This work is licensed under the GNU GPL license version 2 or later.
- *
- */
-
-#include "qemu/osdep.h"
-
-#ifdef CONFIG_LINUX
-#include <dirent.h>
-#endif
-
-#include "qapi/error.h"
-#include "qemu/error-report.h"
-#include "qemu/option.h"
-#include "qemu/bswap.h"
-#include "sysemu/device_tree.h"
-#include "sysemu/sysemu.h"
-#include "hw/loader.h"
-#include "hw/boards.h"
-#include "qemu/config-file.h"
-
-#include <libfdt.h>
-
-#define FDT_MAX_SIZE 0x100000
-
-void *create_device_tree(int *sizep)
-{
- void *fdt;
- int ret;
-
- *sizep = FDT_MAX_SIZE;
- fdt = g_malloc0(FDT_MAX_SIZE);
- ret = fdt_create(fdt, FDT_MAX_SIZE);
- if (ret < 0) {
- goto fail;
- }
- ret = fdt_finish_reservemap(fdt);
- if (ret < 0) {
- goto fail;
- }
- ret = fdt_begin_node(fdt, "");
- if (ret < 0) {
- goto fail;
- }
- ret = fdt_end_node(fdt);
- if (ret < 0) {
- goto fail;
- }
- ret = fdt_finish(fdt);
- if (ret < 0) {
- goto fail;
- }
- ret = fdt_open_into(fdt, fdt, *sizep);
- if (ret) {
- error_report("Unable to copy device tree in memory");
- exit(1);
- }
-
- return fdt;
-fail:
- error_report("%s Couldn't create dt: %s", __func__, fdt_strerror(ret));
- exit(1);
-}
-
-void *load_device_tree(const char *filename_path, int *sizep)
-{
- int dt_size;
- int dt_file_load_size;
- int ret;
- void *fdt = NULL;
-
- *sizep = 0;
- dt_size = get_image_size(filename_path);
- if (dt_size < 0) {
- error_report("Unable to get size of device tree file '%s'",
- filename_path);
- goto fail;
- }
- if (dt_size > INT_MAX / 2 - 10000) {
- error_report("Device tree file '%s' is too large", filename_path);
- goto fail;
- }
-
- /* Expand to 2x size to give enough room for manipulation. */
- dt_size += 10000;
- dt_size *= 2;
- /* First allocate space in qemu for device tree */
- fdt = g_malloc0(dt_size);
-
- dt_file_load_size = load_image_size(filename_path, fdt, dt_size);
- if (dt_file_load_size < 0) {
- error_report("Unable to open device tree file '%s'",
- filename_path);
- goto fail;
- }
-
- ret = fdt_open_into(fdt, fdt, dt_size);
- if (ret) {
- error_report("Unable to copy device tree in memory");
- goto fail;
- }
-
- /* Check sanity of device tree */
- if (fdt_check_header(fdt)) {
- error_report("Device tree file loaded into memory is invalid: %s",
- filename_path);
- goto fail;
- }
- *sizep = dt_size;
- return fdt;
-
-fail:
- g_free(fdt);
- return NULL;
-}
-
-#ifdef CONFIG_LINUX
-
-#define SYSFS_DT_BASEDIR "/proc/device-tree"
-
-/**
- * read_fstree: this function is inspired from dtc read_fstree
- * @fdt: preallocated fdt blob buffer, to be populated
- * @dirname: directory to scan under SYSFS_DT_BASEDIR
- * the search is recursive and the tree is searched down to the
- * leaves (property files).
- *
- * the function asserts in case of error
- */
-static void read_fstree(void *fdt, const char *dirname)
-{
- DIR *d;
- struct dirent *de;
- struct stat st;
- const char *root_dir = SYSFS_DT_BASEDIR;
- const char *parent_node;
-
- if (strstr(dirname, root_dir) != dirname) {
- error_report("%s: %s must be searched within %s",
- __func__, dirname, root_dir);
- exit(1);
- }
- parent_node = &dirname[strlen(SYSFS_DT_BASEDIR)];
-
- d = opendir(dirname);
- if (!d) {
- error_report("%s cannot open %s", __func__, dirname);
- exit(1);
- }
-
- while ((de = readdir(d)) != NULL) {
- char *tmpnam;
-
- if (!g_strcmp0(de->d_name, ".")
- || !g_strcmp0(de->d_name, "..")) {
- continue;
- }
-
- tmpnam = g_strdup_printf("%s/%s", dirname, de->d_name);
-
- if (lstat(tmpnam, &st) < 0) {
- error_report("%s cannot lstat %s", __func__, tmpnam);
- exit(1);
- }
-
- if (S_ISREG(st.st_mode)) {
- gchar *val;
- gsize len;
-
- if (!g_file_get_contents(tmpnam, &val, &len, NULL)) {
- error_report("%s not able to extract info from %s",
- __func__, tmpnam);
- exit(1);
- }
-
- if (strlen(parent_node) > 0) {
- qemu_fdt_setprop(fdt, parent_node,
- de->d_name, val, len);
- } else {
- qemu_fdt_setprop(fdt, "/", de->d_name, val, len);
- }
- g_free(val);
- } else if (S_ISDIR(st.st_mode)) {
- char *node_name;
-
- node_name = g_strdup_printf("%s/%s",
- parent_node, de->d_name);
- qemu_fdt_add_subnode(fdt, node_name);
- g_free(node_name);
- read_fstree(fdt, tmpnam);
- }
-
- g_free(tmpnam);
- }
-
- closedir(d);
-}
-
-/* load_device_tree_from_sysfs: extract the dt blob from host sysfs */
-void *load_device_tree_from_sysfs(void)
-{
- void *host_fdt;
- int host_fdt_size;
-
- host_fdt = create_device_tree(&host_fdt_size);
- read_fstree(host_fdt, SYSFS_DT_BASEDIR);
- if (fdt_check_header(host_fdt)) {
- error_report("%s host device tree extracted into memory is invalid",
- __func__);
- exit(1);
- }
- return host_fdt;
-}
-
-#endif /* CONFIG_LINUX */
-
-static int findnode_nofail(void *fdt, const char *node_path)
-{
- int offset;
-
- offset = fdt_path_offset(fdt, node_path);
- if (offset < 0) {
- error_report("%s Couldn't find node %s: %s", __func__, node_path,
- fdt_strerror(offset));
- exit(1);
- }
-
- return offset;
-}
-
-char **qemu_fdt_node_unit_path(void *fdt, const char *name, Error **errp)
-{
- char *prefix = g_strdup_printf("%s@", name);
- unsigned int path_len = 16, n = 0;
- GSList *path_list = NULL, *iter;
- const char *iter_name;
- int offset, len, ret;
- char **path_array;
-
- offset = fdt_next_node(fdt, -1, NULL);
-
- while (offset >= 0) {
- iter_name = fdt_get_name(fdt, offset, &len);
- if (!iter_name) {
- offset = len;
- break;
- }
- if (!strcmp(iter_name, name) || g_str_has_prefix(iter_name, prefix)) {
- char *path;
-
- path = g_malloc(path_len);
- while ((ret = fdt_get_path(fdt, offset, path, path_len))
- == -FDT_ERR_NOSPACE) {
- path_len += 16;
- path = g_realloc(path, path_len);
- }
- path_list = g_slist_prepend(path_list, path);
- n++;
- }
- offset = fdt_next_node(fdt, offset, NULL);
- }
- g_free(prefix);
-
- if (offset < 0 && offset != -FDT_ERR_NOTFOUND) {
- error_setg(errp, "%s: abort parsing dt for %s node units: %s",
- __func__, name, fdt_strerror(offset));
- for (iter = path_list; iter; iter = iter->next) {
- g_free(iter->data);
- }
- g_slist_free(path_list);
- return NULL;
- }
-
- path_array = g_new(char *, n + 1);
- path_array[n--] = NULL;
-
- for (iter = path_list; iter; iter = iter->next) {
- path_array[n--] = iter->data;
- }
-
- g_slist_free(path_list);
-
- return path_array;
-}
-
-char **qemu_fdt_node_path(void *fdt, const char *name, const char *compat,
- Error **errp)
-{
- int offset, len, ret;
- const char *iter_name;
- unsigned int path_len = 16, n = 0;
- GSList *path_list = NULL, *iter;
- char **path_array;
-
- offset = fdt_node_offset_by_compatible(fdt, -1, compat);
-
- while (offset >= 0) {
- iter_name = fdt_get_name(fdt, offset, &len);
- if (!iter_name) {
- offset = len;
- break;
- }
- if (!name || !strcmp(iter_name, name)) {
- char *path;
-
- path = g_malloc(path_len);
- while ((ret = fdt_get_path(fdt, offset, path, path_len))
- == -FDT_ERR_NOSPACE) {
- path_len += 16;
- path = g_realloc(path, path_len);
- }
- path_list = g_slist_prepend(path_list, path);
- n++;
- }
- offset = fdt_node_offset_by_compatible(fdt, offset, compat);
- }
-
- if (offset < 0 && offset != -FDT_ERR_NOTFOUND) {
- error_setg(errp, "%s: abort parsing dt for %s/%s: %s",
- __func__, name, compat, fdt_strerror(offset));
- for (iter = path_list; iter; iter = iter->next) {
- g_free(iter->data);
- }
- g_slist_free(path_list);
- return NULL;
- }
-
- path_array = g_new(char *, n + 1);
- path_array[n--] = NULL;
-
- for (iter = path_list; iter; iter = iter->next) {
- path_array[n--] = iter->data;
- }
-
- g_slist_free(path_list);
-
- return path_array;
-}
-
-int qemu_fdt_setprop(void *fdt, const char *node_path,
- const char *property, const void *val, int size)
-{
- int r;
-
- r = fdt_setprop(fdt, findnode_nofail(fdt, node_path), property, val, size);
- if (r < 0) {
- error_report("%s: Couldn't set %s/%s: %s", __func__, node_path,
- property, fdt_strerror(r));
- exit(1);
- }
-
- return r;
-}
-
-int qemu_fdt_setprop_cell(void *fdt, const char *node_path,
- const char *property, uint32_t val)
-{
- int r;
-
- r = fdt_setprop_cell(fdt, findnode_nofail(fdt, node_path), property, val);
- if (r < 0) {
- error_report("%s: Couldn't set %s/%s = %#08x: %s", __func__,
- node_path, property, val, fdt_strerror(r));
- exit(1);
- }
-
- return r;
-}
-
-int qemu_fdt_setprop_u64(void *fdt, const char *node_path,
- const char *property, uint64_t val)
-{
- val = cpu_to_be64(val);
- return qemu_fdt_setprop(fdt, node_path, property, &val, sizeof(val));
-}
-
-int qemu_fdt_setprop_string(void *fdt, const char *node_path,
- const char *property, const char *string)
-{
- int r;
-
- r = fdt_setprop_string(fdt, findnode_nofail(fdt, node_path), property, string);
- if (r < 0) {
- error_report("%s: Couldn't set %s/%s = %s: %s", __func__,
- node_path, property, string, fdt_strerror(r));
- exit(1);
- }
-
- return r;
-}
-
-const void *qemu_fdt_getprop(void *fdt, const char *node_path,
- const char *property, int *lenp, Error **errp)
-{
- int len;
- const void *r;
-
- if (!lenp) {
- lenp = &len;
- }
- r = fdt_getprop(fdt, findnode_nofail(fdt, node_path), property, lenp);
- if (!r) {
- error_setg(errp, "%s: Couldn't get %s/%s: %s", __func__,
- node_path, property, fdt_strerror(*lenp));
- }
- return r;
-}
-
-uint32_t qemu_fdt_getprop_cell(void *fdt, const char *node_path,
- const char *property, int *lenp, Error **errp)
-{
- int len;
- const uint32_t *p;
-
- if (!lenp) {
- lenp = &len;
- }
- p = qemu_fdt_getprop(fdt, node_path, property, lenp, errp);
- if (!p) {
- return 0;
- } else if (*lenp != 4) {
- error_setg(errp, "%s: %s/%s not 4 bytes long (not a cell?)",
- __func__, node_path, property);
- *lenp = -EINVAL;
- return 0;
- }
- return be32_to_cpu(*p);
-}
-
-uint32_t qemu_fdt_get_phandle(void *fdt, const char *path)
-{
- uint32_t r;
-
- r = fdt_get_phandle(fdt, findnode_nofail(fdt, path));
- if (r == 0) {
- error_report("%s: Couldn't get phandle for %s: %s", __func__,
- path, fdt_strerror(r));
- exit(1);
- }
-
- return r;
-}
-
-int qemu_fdt_setprop_phandle(void *fdt, const char *node_path,
- const char *property,
- const char *target_node_path)
-{
- uint32_t phandle = qemu_fdt_get_phandle(fdt, target_node_path);
- return qemu_fdt_setprop_cell(fdt, node_path, property, phandle);
-}
-
-uint32_t qemu_fdt_alloc_phandle(void *fdt)
-{
- static int phandle = 0x0;
-
- /*
- * We need to find out if the user gave us special instruction at
- * which phandle id to start allocating phandles.
- */
- if (!phandle) {
- phandle = machine_phandle_start(current_machine);
- }
-
- if (!phandle) {
- /*
- * None or invalid phandle given on the command line, so fall back to
- * default starting point.
- */
- phandle = 0x8000;
- }
-
- return phandle++;
-}
-
-int qemu_fdt_nop_node(void *fdt, const char *node_path)
-{
- int r;
-
- r = fdt_nop_node(fdt, findnode_nofail(fdt, node_path));
- if (r < 0) {
- error_report("%s: Couldn't nop node %s: %s", __func__, node_path,
- fdt_strerror(r));
- exit(1);
- }
-
- return r;
-}
-
-int qemu_fdt_add_subnode(void *fdt, const char *name)
-{
- char *dupname = g_strdup(name);
- char *basename = strrchr(dupname, '/');
- int retval;
- int parent = 0;
-
- if (!basename) {
- g_free(dupname);
- return -1;
- }
-
- basename[0] = '\0';
- basename++;
-
- if (dupname[0]) {
- parent = findnode_nofail(fdt, dupname);
- }
-
- retval = fdt_add_subnode(fdt, parent, basename);
- if (retval < 0) {
- error_report("FDT: Failed to create subnode %s: %s", name,
- fdt_strerror(retval));
- exit(1);
- }
-
- g_free(dupname);
- return retval;
-}
-
-void qemu_fdt_dumpdtb(void *fdt, int size)
-{
- const char *dumpdtb = qemu_opt_get(qemu_get_machine_opts(), "dumpdtb");
-
- if (dumpdtb) {
- /* Dump the dtb to a file and quit */
- if (g_file_set_contents(dumpdtb, fdt, size, NULL)) {
- info_report("dtb dumped to %s. Exiting.", dumpdtb);
- exit(0);
- }
- error_report("%s: Failed dumping dtb to %s", __func__, dumpdtb);
- exit(1);
- }
-}
-
-int qemu_fdt_setprop_sized_cells_from_array(void *fdt,
- const char *node_path,
- const char *property,
- int numvalues,
- uint64_t *values)
-{
- uint32_t *propcells;
- uint64_t value;
- int cellnum, vnum, ncells;
- uint32_t hival;
- int ret;
-
- propcells = g_new0(uint32_t, numvalues * 2);
-
- cellnum = 0;
- for (vnum = 0; vnum < numvalues; vnum++) {
- ncells = values[vnum * 2];
- if (ncells != 1 && ncells != 2) {
- ret = -1;
- goto out;
- }
- value = values[vnum * 2 + 1];
- hival = cpu_to_be32(value >> 32);
- if (ncells > 1) {
- propcells[cellnum++] = hival;
- } else if (hival != 0) {
- ret = -1;
- goto out;
- }
- propcells[cellnum++] = cpu_to_be32(value);
- }
-
- ret = qemu_fdt_setprop(fdt, node_path, property, propcells,
- cellnum * sizeof(uint32_t));
-out:
- g_free(propcells);
- return ret;
-}
+++ /dev/null
-/*
- * DMA helper functions
- *
- * Copyright (c) 2009 Red Hat
- *
- * This work is licensed under the terms of the GNU General Public License
- * (GNU GPL), version 2 or later.
- */
-
-#include "qemu/osdep.h"
-#include "sysemu/block-backend.h"
-#include "sysemu/dma.h"
-#include "trace/trace-root.h"
-#include "qemu/thread.h"
-#include "qemu/main-loop.h"
-#include "sysemu/cpu-timers.h"
-#include "qemu/range.h"
-
-/* #define DEBUG_IOMMU */
-
-int dma_memory_set(AddressSpace *as, dma_addr_t addr, uint8_t c, dma_addr_t len)
-{
- dma_barrier(as, DMA_DIRECTION_FROM_DEVICE);
-
-#define FILLBUF_SIZE 512
- uint8_t fillbuf[FILLBUF_SIZE];
- int l;
- bool error = false;
-
- memset(fillbuf, c, FILLBUF_SIZE);
- while (len > 0) {
- l = len < FILLBUF_SIZE ? len : FILLBUF_SIZE;
- error |= address_space_write(as, addr, MEMTXATTRS_UNSPECIFIED,
- fillbuf, l);
- len -= l;
- addr += l;
- }
-
- return error;
-}
-
-void qemu_sglist_init(QEMUSGList *qsg, DeviceState *dev, int alloc_hint,
- AddressSpace *as)
-{
- qsg->sg = g_malloc(alloc_hint * sizeof(ScatterGatherEntry));
- qsg->nsg = 0;
- qsg->nalloc = alloc_hint;
- qsg->size = 0;
- qsg->as = as;
- qsg->dev = dev;
- object_ref(OBJECT(dev));
-}
-
-void qemu_sglist_add(QEMUSGList *qsg, dma_addr_t base, dma_addr_t len)
-{
- if (qsg->nsg == qsg->nalloc) {
- qsg->nalloc = 2 * qsg->nalloc + 1;
- qsg->sg = g_realloc(qsg->sg, qsg->nalloc * sizeof(ScatterGatherEntry));
- }
- qsg->sg[qsg->nsg].base = base;
- qsg->sg[qsg->nsg].len = len;
- qsg->size += len;
- ++qsg->nsg;
-}
-
-void qemu_sglist_destroy(QEMUSGList *qsg)
-{
- object_unref(OBJECT(qsg->dev));
- g_free(qsg->sg);
- memset(qsg, 0, sizeof(*qsg));
-}
-
-typedef struct {
- BlockAIOCB common;
- AioContext *ctx;
- BlockAIOCB *acb;
- QEMUSGList *sg;
- uint32_t align;
- uint64_t offset;
- DMADirection dir;
- int sg_cur_index;
- dma_addr_t sg_cur_byte;
- QEMUIOVector iov;
- QEMUBH *bh;
- DMAIOFunc *io_func;
- void *io_func_opaque;
-} DMAAIOCB;
-
-static void dma_blk_cb(void *opaque, int ret);
-
-static void reschedule_dma(void *opaque)
-{
- DMAAIOCB *dbs = (DMAAIOCB *)opaque;
-
- assert(!dbs->acb && dbs->bh);
- qemu_bh_delete(dbs->bh);
- dbs->bh = NULL;
- dma_blk_cb(dbs, 0);
-}
-
-static void dma_blk_unmap(DMAAIOCB *dbs)
-{
- int i;
-
- for (i = 0; i < dbs->iov.niov; ++i) {
- dma_memory_unmap(dbs->sg->as, dbs->iov.iov[i].iov_base,
- dbs->iov.iov[i].iov_len, dbs->dir,
- dbs->iov.iov[i].iov_len);
- }
- qemu_iovec_reset(&dbs->iov);
-}
-
-static void dma_complete(DMAAIOCB *dbs, int ret)
-{
- trace_dma_complete(dbs, ret, dbs->common.cb);
-
- assert(!dbs->acb && !dbs->bh);
- dma_blk_unmap(dbs);
- if (dbs->common.cb) {
- dbs->common.cb(dbs->common.opaque, ret);
- }
- qemu_iovec_destroy(&dbs->iov);
- qemu_aio_unref(dbs);
-}
-
-static void dma_blk_cb(void *opaque, int ret)
-{
- DMAAIOCB *dbs = (DMAAIOCB *)opaque;
- dma_addr_t cur_addr, cur_len;
- void *mem;
-
- trace_dma_blk_cb(dbs, ret);
-
- dbs->acb = NULL;
- dbs->offset += dbs->iov.size;
-
- if (dbs->sg_cur_index == dbs->sg->nsg || ret < 0) {
- dma_complete(dbs, ret);
- return;
- }
- dma_blk_unmap(dbs);
-
- while (dbs->sg_cur_index < dbs->sg->nsg) {
- cur_addr = dbs->sg->sg[dbs->sg_cur_index].base + dbs->sg_cur_byte;
- cur_len = dbs->sg->sg[dbs->sg_cur_index].len - dbs->sg_cur_byte;
- mem = dma_memory_map(dbs->sg->as, cur_addr, &cur_len, dbs->dir);
- /*
- * Make reads deterministic in icount mode. Windows sometimes issues
- * disk read requests with overlapping SGs. It leads
- * to non-determinism, because resulting buffer contents may be mixed
- * from several sectors. This code splits all SGs into several
- * groups. SGs in every group do not overlap.
- */
- if (mem && icount_enabled() && dbs->dir == DMA_DIRECTION_FROM_DEVICE) {
- int i;
- for (i = 0 ; i < dbs->iov.niov ; ++i) {
- if (ranges_overlap((intptr_t)dbs->iov.iov[i].iov_base,
- dbs->iov.iov[i].iov_len, (intptr_t)mem,
- cur_len)) {
- dma_memory_unmap(dbs->sg->as, mem, cur_len,
- dbs->dir, cur_len);
- mem = NULL;
- break;
- }
- }
- }
- if (!mem)
- break;
- qemu_iovec_add(&dbs->iov, mem, cur_len);
- dbs->sg_cur_byte += cur_len;
- if (dbs->sg_cur_byte == dbs->sg->sg[dbs->sg_cur_index].len) {
- dbs->sg_cur_byte = 0;
- ++dbs->sg_cur_index;
- }
- }
-
- if (dbs->iov.size == 0) {
- trace_dma_map_wait(dbs);
- dbs->bh = aio_bh_new(dbs->ctx, reschedule_dma, dbs);
- cpu_register_map_client(dbs->bh);
- return;
- }
-
- if (!QEMU_IS_ALIGNED(dbs->iov.size, dbs->align)) {
- qemu_iovec_discard_back(&dbs->iov,
- QEMU_ALIGN_DOWN(dbs->iov.size, dbs->align));
- }
-
- aio_context_acquire(dbs->ctx);
- dbs->acb = dbs->io_func(dbs->offset, &dbs->iov,
- dma_blk_cb, dbs, dbs->io_func_opaque);
- aio_context_release(dbs->ctx);
- assert(dbs->acb);
-}
-
-static void dma_aio_cancel(BlockAIOCB *acb)
-{
- DMAAIOCB *dbs = container_of(acb, DMAAIOCB, common);
-
- trace_dma_aio_cancel(dbs);
-
- assert(!(dbs->acb && dbs->bh));
- if (dbs->acb) {
- /* This will invoke dma_blk_cb. */
- blk_aio_cancel_async(dbs->acb);
- return;
- }
-
- if (dbs->bh) {
- cpu_unregister_map_client(dbs->bh);
- qemu_bh_delete(dbs->bh);
- dbs->bh = NULL;
- }
- if (dbs->common.cb) {
- dbs->common.cb(dbs->common.opaque, -ECANCELED);
- }
-}
-
-static AioContext *dma_get_aio_context(BlockAIOCB *acb)
-{
- DMAAIOCB *dbs = container_of(acb, DMAAIOCB, common);
-
- return dbs->ctx;
-}
-
-static const AIOCBInfo dma_aiocb_info = {
- .aiocb_size = sizeof(DMAAIOCB),
- .cancel_async = dma_aio_cancel,
- .get_aio_context = dma_get_aio_context,
-};
-
-BlockAIOCB *dma_blk_io(AioContext *ctx,
- QEMUSGList *sg, uint64_t offset, uint32_t align,
- DMAIOFunc *io_func, void *io_func_opaque,
- BlockCompletionFunc *cb,
- void *opaque, DMADirection dir)
-{
- DMAAIOCB *dbs = qemu_aio_get(&dma_aiocb_info, NULL, cb, opaque);
-
- trace_dma_blk_io(dbs, io_func_opaque, offset, (dir == DMA_DIRECTION_TO_DEVICE));
-
- dbs->acb = NULL;
- dbs->sg = sg;
- dbs->ctx = ctx;
- dbs->offset = offset;
- dbs->align = align;
- dbs->sg_cur_index = 0;
- dbs->sg_cur_byte = 0;
- dbs->dir = dir;
- dbs->io_func = io_func;
- dbs->io_func_opaque = io_func_opaque;
- dbs->bh = NULL;
- qemu_iovec_init(&dbs->iov, sg->nsg);
- dma_blk_cb(dbs, 0);
- return &dbs->common;
-}
-
-
-static
-BlockAIOCB *dma_blk_read_io_func(int64_t offset, QEMUIOVector *iov,
- BlockCompletionFunc *cb, void *cb_opaque,
- void *opaque)
-{
- BlockBackend *blk = opaque;
- return blk_aio_preadv(blk, offset, iov, 0, cb, cb_opaque);
-}
-
-BlockAIOCB *dma_blk_read(BlockBackend *blk,
- QEMUSGList *sg, uint64_t offset, uint32_t align,
- void (*cb)(void *opaque, int ret), void *opaque)
-{
- return dma_blk_io(blk_get_aio_context(blk), sg, offset, align,
- dma_blk_read_io_func, blk, cb, opaque,
- DMA_DIRECTION_FROM_DEVICE);
-}
-
-static
-BlockAIOCB *dma_blk_write_io_func(int64_t offset, QEMUIOVector *iov,
- BlockCompletionFunc *cb, void *cb_opaque,
- void *opaque)
-{
- BlockBackend *blk = opaque;
- return blk_aio_pwritev(blk, offset, iov, 0, cb, cb_opaque);
-}
-
-BlockAIOCB *dma_blk_write(BlockBackend *blk,
- QEMUSGList *sg, uint64_t offset, uint32_t align,
- void (*cb)(void *opaque, int ret), void *opaque)
-{
- return dma_blk_io(blk_get_aio_context(blk), sg, offset, align,
- dma_blk_write_io_func, blk, cb, opaque,
- DMA_DIRECTION_TO_DEVICE);
-}
-
-
-static uint64_t dma_buf_rw(uint8_t *ptr, int32_t len, QEMUSGList *sg,
- DMADirection dir)
-{
- uint64_t resid;
- int sg_cur_index;
-
- resid = sg->size;
- sg_cur_index = 0;
- len = MIN(len, resid);
- while (len > 0) {
- ScatterGatherEntry entry = sg->sg[sg_cur_index++];
- int32_t xfer = MIN(len, entry.len);
- dma_memory_rw(sg->as, entry.base, ptr, xfer, dir);
- ptr += xfer;
- len -= xfer;
- resid -= xfer;
- }
-
- return resid;
-}
-
-uint64_t dma_buf_read(uint8_t *ptr, int32_t len, QEMUSGList *sg)
-{
- return dma_buf_rw(ptr, len, sg, DMA_DIRECTION_FROM_DEVICE);
-}
-
-uint64_t dma_buf_write(uint8_t *ptr, int32_t len, QEMUSGList *sg)
-{
- return dma_buf_rw(ptr, len, sg, DMA_DIRECTION_TO_DEVICE);
-}
-
-void dma_acct_start(BlockBackend *blk, BlockAcctCookie *cookie,
- QEMUSGList *sg, enum BlockAcctType type)
-{
- block_acct_start(blk_get_stats(blk), cookie, sg->size, type);
-}
atomics
stable-process
testing
+ qtest
decodetree
secure-coding-practices
tcg
--- /dev/null
+========================================
+QTest Device Emulation Testing Framework
+========================================
+
+QTest is a device emulation testing framework. It can be very useful to test
+device models; it could also control certain aspects of QEMU (such as virtual
+clock stepping), with a special purpose "qtest" protocol. Refer to
+:ref:`qtest-protocol` for more details of the protocol.
+
+QTest cases can be executed with
+
+.. code::
+
+ make check-qtest
+
+The QTest library is implemented by ``tests/qtest/libqtest.c`` and the API is
+defined in ``tests/qtest/libqtest.h``.
+
+Consider adding a new QTest case when you are introducing a new virtual
+hardware, or extending one if you are adding functionalities to an existing
+virtual device.
+
+On top of libqtest, a higher level library, ``libqos``, was created to
+encapsulate common tasks of device drivers, such as memory management and
+communicating with system buses or devices. Many virtual device tests use
+libqos instead of directly calling into libqtest.
+
+Steps to add a new QTest case are:
+
+1. Create a new source file for the test. (More than one file can be added as
+ necessary.) For example, ``tests/qtest/foo-test.c``.
+
+2. Write the test code with the glib and libqtest/libqos API. See also existing
+ tests and the library headers for reference.
+
+3. Register the new test in ``tests/qtest/meson.build``. Add the test
+ executable name to an appropriate ``qtests_*`` variable. There is
+ one variable per architecture, plus ``qtests_generic`` for tests
+ that can be run for all architectures. For example::
+
+ qtests_generic = [
+ ...
+ 'foo-test',
+ ...
+ ]
+
+4. If the test has more than one source file or needs to be linked with any
+ dependency other than ``qemuutil`` and ``qos``, list them in the ``qtests``
+ dictionary. For example a test that needs to use the ``QIO`` library
+ will have an entry like::
+
+ {
+ ...
+ 'foo-test': [io],
+ ...
+ }
+
+Debugging a QTest failure is slightly harder than the unit test because the
+tests look up QEMU program names in the environment variables, such as
+``QTEST_QEMU_BINARY`` and ``QTEST_QEMU_IMG``, and also because it is not easy
+to attach gdb to the QEMU process spawned from the test. But manual invoking
+and using gdb on the test is still simple to do: find out the actual command
+from the output of
+
+.. code::
+
+ make check-qtest V=1
+
+which you can run manually.
+
+
+.. _qtest-protocol:
+
+QTest Protocol
+--------------
+
+.. kernel-doc:: softmmu/qtest.c
+ :doc: QTest Protocol
+
+
+libqtest API reference
+----------------------
+
+.. kernel-doc:: tests/qtest/libqos/libqtest.h
test. The test code should be organized with the glib testing framework.
Copying and modifying an existing test is usually a good idea.
-3. Add the test to ``tests/Makefile.include``. First, name the unit test
- program and add it to ``$(check-unit-y)``; then add a rule to build the
- executable. For example:
+3. Add the test to ``tests/meson.build``. The unit tests are listed in a
+ dictionary called ``tests``. The values are any additional sources and
+ dependencies to be linked with the test. For a simple test whose source
+ is in ``tests/foo-test.c``, it is enough to add an entry like::
-.. code::
-
- check-unit-y += tests/foo-test$(EXESUF)
- tests/foo-test$(EXESUF): tests/foo-test.o $(test-util-obj-y)
- ...
+ {
+ ...
+ 'foo-test': [],
+ ...
+ }
Since unit tests don't require environment variables, the simplest way to debug
a unit test failure is often directly invoking it or even running it under
QTest is a device emulation testing framework. It can be very useful to test
device models; it could also control certain aspects of QEMU (such as virtual
-clock stepping), with a special purpose "qtest" protocol. Refer to the
-documentation in ``qtest.c`` for more details of the protocol.
+clock stepping), with a special purpose "qtest" protocol. Refer to
+:doc:`qtest` for more details.
QTest cases can be executed with
make check-qtest
-The QTest library is implemented by ``tests/qtest/libqtest.c`` and the API is
-defined in ``tests/qtest/libqtest.h``.
-
-Consider adding a new QTest case when you are introducing a new virtual
-hardware, or extending one if you are adding functionalities to an existing
-virtual device.
-
-On top of libqtest, a higher level library, ``libqos``, was created to
-encapsulate common tasks of device drivers, such as memory management and
-communicating with system buses or devices. Many virtual device tests use
-libqos instead of directly calling into libqtest.
-
-Steps to add a new QTest case are:
-
-1. Create a new source file for the test. (More than one file can be added as
- necessary.) For example, ``tests/qtest/foo-test.c``.
-
-2. Write the test code with the glib and libqtest/libqos API. See also existing
- tests and the library headers for reference.
-
-3. Register the new test in ``tests/qtest/Makefile.include``. Add the test
- executable name to an appropriate ``check-qtest-*-y`` variable. For example:
-
- ``check-qtest-generic-y = tests/qtest/foo-test$(EXESUF)``
-
-4. Add object dependencies of the executable in the Makefile, including the
- test source file(s) and other interesting objects. For example:
-
- ``tests/qtest/foo-test$(EXESUF): tests/qtest/foo-test.o $(libqos-obj-y)``
-
-Debugging a QTest failure is slightly harder than the unit test because the
-tests look up QEMU program names in the environment variables, such as
-``QTEST_QEMU_BINARY`` and ``QTEST_QEMU_IMG``, and also because it is not easy
-to attach gdb to the QEMU process spawned from the test. But manual invoking
-and using gdb on the test is still simple to do: find out the actual command
-from the output of
-
-.. code::
-
- make check-qtest V=1
-
-which you can run manually.
-
QAPI schema tests
-----------------
System emulator CPUS
--------------------
+``moxie`` CPU (since 5.2.0)
+'''''''''''''''''''''''''''
+
+The ``moxie`` guest CPU support is deprecated and will be removed in
+a future version of QEMU. It's unclear whether anybody is still using
+CPU emulation in QEMU, and there are no test images available to make
+sure that the code is still working.
+
``compat`` property of server class POWER CPUs (since 5.0)
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Listen on vhost-user UNIX domain socket at PATH.
+.. option:: --socket-group=GROUP
+
+ Set the vhost-user UNIX domain socket gid to GROUP.
+
.. option:: --fd=FDNUM
Accept connections from vhost-user UNIX domain socket file descriptor FDNUM.
+++ /dev/null
-/*
- * Virtual page mapping
- *
- * Copyright (c) 2003 Fabrice Bellard
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "qemu/osdep.h"
-#include "qemu-common.h"
-#include "qapi/error.h"
-
-#include "qemu/cutils.h"
-#include "cpu.h"
-#include "exec/exec-all.h"
-#include "exec/target_page.h"
-#include "tcg/tcg.h"
-#include "hw/qdev-core.h"
-#include "hw/qdev-properties.h"
-#if !defined(CONFIG_USER_ONLY)
-#include "hw/boards.h"
-#include "hw/xen/xen.h"
-#endif
-#include "sysemu/kvm.h"
-#include "sysemu/sysemu.h"
-#include "sysemu/tcg.h"
-#include "sysemu/qtest.h"
-#include "qemu/timer.h"
-#include "qemu/config-file.h"
-#include "qemu/error-report.h"
-#include "qemu/qemu-print.h"
-#if defined(CONFIG_USER_ONLY)
-#include "qemu.h"
-#else /* !CONFIG_USER_ONLY */
-#include "exec/memory.h"
-#include "exec/ioport.h"
-#include "sysemu/dma.h"
-#include "sysemu/hostmem.h"
-#include "sysemu/hw_accel.h"
-#include "exec/address-spaces.h"
-#include "sysemu/xen-mapcache.h"
-#include "trace/trace-root.h"
-
-#ifdef CONFIG_FALLOCATE_PUNCH_HOLE
-#include <linux/falloc.h>
-#endif
-
-#endif
-#include "qemu/rcu_queue.h"
-#include "qemu/main-loop.h"
-#include "translate-all.h"
-#include "sysemu/replay.h"
-
-#include "exec/memory-internal.h"
-#include "exec/ram_addr.h"
-#include "exec/log.h"
-
-#include "qemu/pmem.h"
-
-#include "migration/vmstate.h"
-
-#include "qemu/range.h"
-#ifndef _WIN32
-#include "qemu/mmap-alloc.h"
-#endif
-
-#include "monitor/monitor.h"
-
-#ifdef CONFIG_LIBDAXCTL
-#include <daxctl/libdaxctl.h>
-#endif
-
-//#define DEBUG_SUBPAGE
-
-#if !defined(CONFIG_USER_ONLY)
-/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
- * are protected by the ramlist lock.
- */
-RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
-
-static MemoryRegion *system_memory;
-static MemoryRegion *system_io;
-
-AddressSpace address_space_io;
-AddressSpace address_space_memory;
-
-static MemoryRegion io_mem_unassigned;
-#endif
-
-uintptr_t qemu_host_page_size;
-intptr_t qemu_host_page_mask;
-
-#if !defined(CONFIG_USER_ONLY)
-
-typedef struct PhysPageEntry PhysPageEntry;
-
-struct PhysPageEntry {
- /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
- uint32_t skip : 6;
- /* index into phys_sections (!skip) or phys_map_nodes (skip) */
- uint32_t ptr : 26;
-};
-
-#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
-
-/* Size of the L2 (and L3, etc) page tables. */
-#define ADDR_SPACE_BITS 64
-
-#define P_L2_BITS 9
-#define P_L2_SIZE (1 << P_L2_BITS)
-
-#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
-
-typedef PhysPageEntry Node[P_L2_SIZE];
-
-typedef struct PhysPageMap {
- struct rcu_head rcu;
-
- unsigned sections_nb;
- unsigned sections_nb_alloc;
- unsigned nodes_nb;
- unsigned nodes_nb_alloc;
- Node *nodes;
- MemoryRegionSection *sections;
-} PhysPageMap;
-
-struct AddressSpaceDispatch {
- MemoryRegionSection *mru_section;
- /* This is a multi-level map on the physical address space.
- * The bottom level has pointers to MemoryRegionSections.
- */
- PhysPageEntry phys_map;
- PhysPageMap map;
-};
-
-#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
-typedef struct subpage_t {
- MemoryRegion iomem;
- FlatView *fv;
- hwaddr base;
- uint16_t sub_section[];
-} subpage_t;
-
-#define PHYS_SECTION_UNASSIGNED 0
-
-static void io_mem_init(void);
-static void memory_map_init(void);
-static void tcg_log_global_after_sync(MemoryListener *listener);
-static void tcg_commit(MemoryListener *listener);
-
-/**
- * CPUAddressSpace: all the information a CPU needs about an AddressSpace
- * @cpu: the CPU whose AddressSpace this is
- * @as: the AddressSpace itself
- * @memory_dispatch: its dispatch pointer (cached, RCU protected)
- * @tcg_as_listener: listener for tracking changes to the AddressSpace
- */
-struct CPUAddressSpace {
- CPUState *cpu;
- AddressSpace *as;
- struct AddressSpaceDispatch *memory_dispatch;
- MemoryListener tcg_as_listener;
-};
-
-struct DirtyBitmapSnapshot {
- ram_addr_t start;
- ram_addr_t end;
- unsigned long dirty[];
-};
-
-#endif
-
-#if !defined(CONFIG_USER_ONLY)
-
-static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
-{
- static unsigned alloc_hint = 16;
- if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
- map->nodes_nb_alloc = MAX(alloc_hint, map->nodes_nb + nodes);
- map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
- alloc_hint = map->nodes_nb_alloc;
- }
-}
-
-static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
-{
- unsigned i;
- uint32_t ret;
- PhysPageEntry e;
- PhysPageEntry *p;
-
- ret = map->nodes_nb++;
- p = map->nodes[ret];
- assert(ret != PHYS_MAP_NODE_NIL);
- assert(ret != map->nodes_nb_alloc);
-
- e.skip = leaf ? 0 : 1;
- e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
- for (i = 0; i < P_L2_SIZE; ++i) {
- memcpy(&p[i], &e, sizeof(e));
- }
- return ret;
-}
-
-static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
- hwaddr *index, uint64_t *nb, uint16_t leaf,
- int level)
-{
- PhysPageEntry *p;
- hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
-
- if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
- lp->ptr = phys_map_node_alloc(map, level == 0);
- }
- p = map->nodes[lp->ptr];
- lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
-
- while (*nb && lp < &p[P_L2_SIZE]) {
- if ((*index & (step - 1)) == 0 && *nb >= step) {
- lp->skip = 0;
- lp->ptr = leaf;
- *index += step;
- *nb -= step;
- } else {
- phys_page_set_level(map, lp, index, nb, leaf, level - 1);
- }
- ++lp;
- }
-}
-
-static void phys_page_set(AddressSpaceDispatch *d,
- hwaddr index, uint64_t nb,
- uint16_t leaf)
-{
- /* Wildly overreserve - it doesn't matter much. */
- phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
-
- phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
-}
-
-/* Compact a non leaf page entry. Simply detect that the entry has a single child,
- * and update our entry so we can skip it and go directly to the destination.
- */
-static void phys_page_compact(PhysPageEntry *lp, Node *nodes)
-{
- unsigned valid_ptr = P_L2_SIZE;
- int valid = 0;
- PhysPageEntry *p;
- int i;
-
- if (lp->ptr == PHYS_MAP_NODE_NIL) {
- return;
- }
-
- p = nodes[lp->ptr];
- for (i = 0; i < P_L2_SIZE; i++) {
- if (p[i].ptr == PHYS_MAP_NODE_NIL) {
- continue;
- }
-
- valid_ptr = i;
- valid++;
- if (p[i].skip) {
- phys_page_compact(&p[i], nodes);
- }
- }
-
- /* We can only compress if there's only one child. */
- if (valid != 1) {
- return;
- }
-
- assert(valid_ptr < P_L2_SIZE);
-
- /* Don't compress if it won't fit in the # of bits we have. */
- if (P_L2_LEVELS >= (1 << 6) &&
- lp->skip + p[valid_ptr].skip >= (1 << 6)) {
- return;
- }
-
- lp->ptr = p[valid_ptr].ptr;
- if (!p[valid_ptr].skip) {
- /* If our only child is a leaf, make this a leaf. */
- /* By design, we should have made this node a leaf to begin with so we
- * should never reach here.
- * But since it's so simple to handle this, let's do it just in case we
- * change this rule.
- */
- lp->skip = 0;
- } else {
- lp->skip += p[valid_ptr].skip;
- }
-}
-
-void address_space_dispatch_compact(AddressSpaceDispatch *d)
-{
- if (d->phys_map.skip) {
- phys_page_compact(&d->phys_map, d->map.nodes);
- }
-}
-
-static inline bool section_covers_addr(const MemoryRegionSection *section,
- hwaddr addr)
-{
- /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
- * the section must cover the entire address space.
- */
- return int128_gethi(section->size) ||
- range_covers_byte(section->offset_within_address_space,
- int128_getlo(section->size), addr);
-}
-
-static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr addr)
-{
- PhysPageEntry lp = d->phys_map, *p;
- Node *nodes = d->map.nodes;
- MemoryRegionSection *sections = d->map.sections;
- hwaddr index = addr >> TARGET_PAGE_BITS;
- int i;
-
- for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
- if (lp.ptr == PHYS_MAP_NODE_NIL) {
- return §ions[PHYS_SECTION_UNASSIGNED];
- }
- p = nodes[lp.ptr];
- lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
- }
-
- if (section_covers_addr(§ions[lp.ptr], addr)) {
- return §ions[lp.ptr];
- } else {
- return §ions[PHYS_SECTION_UNASSIGNED];
- }
-}
-
-/* Called from RCU critical section */
-static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
- hwaddr addr,
- bool resolve_subpage)
-{
- MemoryRegionSection *section = qatomic_read(&d->mru_section);
- subpage_t *subpage;
-
- if (!section || section == &d->map.sections[PHYS_SECTION_UNASSIGNED] ||
- !section_covers_addr(section, addr)) {
- section = phys_page_find(d, addr);
- qatomic_set(&d->mru_section, section);
- }
- if (resolve_subpage && section->mr->subpage) {
- subpage = container_of(section->mr, subpage_t, iomem);
- section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
- }
- return section;
-}
-
-/* Called from RCU critical section */
-static MemoryRegionSection *
-address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
- hwaddr *plen, bool resolve_subpage)
-{
- MemoryRegionSection *section;
- MemoryRegion *mr;
- Int128 diff;
-
- section = address_space_lookup_region(d, addr, resolve_subpage);
- /* Compute offset within MemoryRegionSection */
- addr -= section->offset_within_address_space;
-
- /* Compute offset within MemoryRegion */
- *xlat = addr + section->offset_within_region;
-
- mr = section->mr;
-
- /* MMIO registers can be expected to perform full-width accesses based only
- * on their address, without considering adjacent registers that could
- * decode to completely different MemoryRegions. When such registers
- * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
- * regions overlap wildly. For this reason we cannot clamp the accesses
- * here.
- *
- * If the length is small (as is the case for address_space_ldl/stl),
- * everything works fine. If the incoming length is large, however,
- * the caller really has to do the clamping through memory_access_size.
- */
- if (memory_region_is_ram(mr)) {
- diff = int128_sub(section->size, int128_make64(addr));
- *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
- }
- return section;
-}
-
-/**
- * address_space_translate_iommu - translate an address through an IOMMU
- * memory region and then through the target address space.
- *
- * @iommu_mr: the IOMMU memory region that we start the translation from
- * @addr: the address to be translated through the MMU
- * @xlat: the translated address offset within the destination memory region.
- * It cannot be %NULL.
- * @plen_out: valid read/write length of the translated address. It
- * cannot be %NULL.
- * @page_mask_out: page mask for the translated address. This
- * should only be meaningful for IOMMU translated
- * addresses, since there may be huge pages that this bit
- * would tell. It can be %NULL if we don't care about it.
- * @is_write: whether the translation operation is for write
- * @is_mmio: whether this can be MMIO, set true if it can
- * @target_as: the address space targeted by the IOMMU
- * @attrs: transaction attributes
- *
- * This function is called from RCU critical section. It is the common
- * part of flatview_do_translate and address_space_translate_cached.
- */
-static MemoryRegionSection address_space_translate_iommu(IOMMUMemoryRegion *iommu_mr,
- hwaddr *xlat,
- hwaddr *plen_out,
- hwaddr *page_mask_out,
- bool is_write,
- bool is_mmio,
- AddressSpace **target_as,
- MemTxAttrs attrs)
-{
- MemoryRegionSection *section;
- hwaddr page_mask = (hwaddr)-1;
-
- do {
- hwaddr addr = *xlat;
- IOMMUMemoryRegionClass *imrc = memory_region_get_iommu_class_nocheck(iommu_mr);
- int iommu_idx = 0;
- IOMMUTLBEntry iotlb;
-
- if (imrc->attrs_to_index) {
- iommu_idx = imrc->attrs_to_index(iommu_mr, attrs);
- }
-
- iotlb = imrc->translate(iommu_mr, addr, is_write ?
- IOMMU_WO : IOMMU_RO, iommu_idx);
-
- if (!(iotlb.perm & (1 << is_write))) {
- goto unassigned;
- }
-
- addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
- | (addr & iotlb.addr_mask));
- page_mask &= iotlb.addr_mask;
- *plen_out = MIN(*plen_out, (addr | iotlb.addr_mask) - addr + 1);
- *target_as = iotlb.target_as;
-
- section = address_space_translate_internal(
- address_space_to_dispatch(iotlb.target_as), addr, xlat,
- plen_out, is_mmio);
-
- iommu_mr = memory_region_get_iommu(section->mr);
- } while (unlikely(iommu_mr));
-
- if (page_mask_out) {
- *page_mask_out = page_mask;
- }
- return *section;
-
-unassigned:
- return (MemoryRegionSection) { .mr = &io_mem_unassigned };
-}
-
-/**
- * flatview_do_translate - translate an address in FlatView
- *
- * @fv: the flat view that we want to translate on
- * @addr: the address to be translated in above address space
- * @xlat: the translated address offset within memory region. It
- * cannot be @NULL.
- * @plen_out: valid read/write length of the translated address. It
- * can be @NULL when we don't care about it.
- * @page_mask_out: page mask for the translated address. This
- * should only be meaningful for IOMMU translated
- * addresses, since there may be huge pages that this bit
- * would tell. It can be @NULL if we don't care about it.
- * @is_write: whether the translation operation is for write
- * @is_mmio: whether this can be MMIO, set true if it can
- * @target_as: the address space targeted by the IOMMU
- * @attrs: memory transaction attributes
- *
- * This function is called from RCU critical section
- */
-static MemoryRegionSection flatview_do_translate(FlatView *fv,
- hwaddr addr,
- hwaddr *xlat,
- hwaddr *plen_out,
- hwaddr *page_mask_out,
- bool is_write,
- bool is_mmio,
- AddressSpace **target_as,
- MemTxAttrs attrs)
-{
- MemoryRegionSection *section;
- IOMMUMemoryRegion *iommu_mr;
- hwaddr plen = (hwaddr)(-1);
-
- if (!plen_out) {
- plen_out = &plen;
- }
-
- section = address_space_translate_internal(
- flatview_to_dispatch(fv), addr, xlat,
- plen_out, is_mmio);
-
- iommu_mr = memory_region_get_iommu(section->mr);
- if (unlikely(iommu_mr)) {
- return address_space_translate_iommu(iommu_mr, xlat,
- plen_out, page_mask_out,
- is_write, is_mmio,
- target_as, attrs);
- }
- if (page_mask_out) {
- /* Not behind an IOMMU, use default page size. */
- *page_mask_out = ~TARGET_PAGE_MASK;
- }
-
- return *section;
-}
-
-/* Called from RCU critical section */
-IOMMUTLBEntry address_space_get_iotlb_entry(AddressSpace *as, hwaddr addr,
- bool is_write, MemTxAttrs attrs)
-{
- MemoryRegionSection section;
- hwaddr xlat, page_mask;
-
- /*
- * This can never be MMIO, and we don't really care about plen,
- * but page mask.
- */
- section = flatview_do_translate(address_space_to_flatview(as), addr, &xlat,
- NULL, &page_mask, is_write, false, &as,
- attrs);
-
- /* Illegal translation */
- if (section.mr == &io_mem_unassigned) {
- goto iotlb_fail;
- }
-
- /* Convert memory region offset into address space offset */
- xlat += section.offset_within_address_space -
- section.offset_within_region;
-
- return (IOMMUTLBEntry) {
- .target_as = as,
- .iova = addr & ~page_mask,
- .translated_addr = xlat & ~page_mask,
- .addr_mask = page_mask,
- /* IOTLBs are for DMAs, and DMA only allows on RAMs. */
- .perm = IOMMU_RW,
- };
-
-iotlb_fail:
- return (IOMMUTLBEntry) {0};
-}
-
-/* Called from RCU critical section */
-MemoryRegion *flatview_translate(FlatView *fv, hwaddr addr, hwaddr *xlat,
- hwaddr *plen, bool is_write,
- MemTxAttrs attrs)
-{
- MemoryRegion *mr;
- MemoryRegionSection section;
- AddressSpace *as = NULL;
-
- /* This can be MMIO, so setup MMIO bit. */
- section = flatview_do_translate(fv, addr, xlat, plen, NULL,
- is_write, true, &as, attrs);
- mr = section.mr;
-
- if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
- hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
- *plen = MIN(page, *plen);
- }
-
- return mr;
-}
-
-typedef struct TCGIOMMUNotifier {
- IOMMUNotifier n;
- MemoryRegion *mr;
- CPUState *cpu;
- int iommu_idx;
- bool active;
-} TCGIOMMUNotifier;
-
-static void tcg_iommu_unmap_notify(IOMMUNotifier *n, IOMMUTLBEntry *iotlb)
-{
- TCGIOMMUNotifier *notifier = container_of(n, TCGIOMMUNotifier, n);
-
- if (!notifier->active) {
- return;
- }
- tlb_flush(notifier->cpu);
- notifier->active = false;
- /* We leave the notifier struct on the list to avoid reallocating it later.
- * Generally the number of IOMMUs a CPU deals with will be small.
- * In any case we can't unregister the iommu notifier from a notify
- * callback.
- */
-}
-
-static void tcg_register_iommu_notifier(CPUState *cpu,
- IOMMUMemoryRegion *iommu_mr,
- int iommu_idx)
-{
- /* Make sure this CPU has an IOMMU notifier registered for this
- * IOMMU/IOMMU index combination, so that we can flush its TLB
- * when the IOMMU tells us the mappings we've cached have changed.
- */
- MemoryRegion *mr = MEMORY_REGION(iommu_mr);
- TCGIOMMUNotifier *notifier;
- int i;
-
- for (i = 0; i < cpu->iommu_notifiers->len; i++) {
- notifier = g_array_index(cpu->iommu_notifiers, TCGIOMMUNotifier *, i);
- if (notifier->mr == mr && notifier->iommu_idx == iommu_idx) {
- break;
- }
- }
- if (i == cpu->iommu_notifiers->len) {
- /* Not found, add a new entry at the end of the array */
- cpu->iommu_notifiers = g_array_set_size(cpu->iommu_notifiers, i + 1);
- notifier = g_new0(TCGIOMMUNotifier, 1);
- g_array_index(cpu->iommu_notifiers, TCGIOMMUNotifier *, i) = notifier;
-
- notifier->mr = mr;
- notifier->iommu_idx = iommu_idx;
- notifier->cpu = cpu;
- /* Rather than trying to register interest in the specific part
- * of the iommu's address space that we've accessed and then
- * expand it later as subsequent accesses touch more of it, we
- * just register interest in the whole thing, on the assumption
- * that iommu reconfiguration will be rare.
- */
- iommu_notifier_init(¬ifier->n,
- tcg_iommu_unmap_notify,
- IOMMU_NOTIFIER_UNMAP,
- 0,
- HWADDR_MAX,
- iommu_idx);
- memory_region_register_iommu_notifier(notifier->mr, ¬ifier->n,
- &error_fatal);
- }
-
- if (!notifier->active) {
- notifier->active = true;
- }
-}
-
-static void tcg_iommu_free_notifier_list(CPUState *cpu)
-{
- /* Destroy the CPU's notifier list */
- int i;
- TCGIOMMUNotifier *notifier;
-
- for (i = 0; i < cpu->iommu_notifiers->len; i++) {
- notifier = g_array_index(cpu->iommu_notifiers, TCGIOMMUNotifier *, i);
- memory_region_unregister_iommu_notifier(notifier->mr, ¬ifier->n);
- g_free(notifier);
- }
- g_array_free(cpu->iommu_notifiers, true);
-}
-
-/* Called from RCU critical section */
-MemoryRegionSection *
-address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
- hwaddr *xlat, hwaddr *plen,
- MemTxAttrs attrs, int *prot)
-{
- MemoryRegionSection *section;
- IOMMUMemoryRegion *iommu_mr;
- IOMMUMemoryRegionClass *imrc;
- IOMMUTLBEntry iotlb;
- int iommu_idx;
- AddressSpaceDispatch *d =
- qatomic_rcu_read(&cpu->cpu_ases[asidx].memory_dispatch);
-
- for (;;) {
- section = address_space_translate_internal(d, addr, &addr, plen, false);
-
- iommu_mr = memory_region_get_iommu(section->mr);
- if (!iommu_mr) {
- break;
- }
-
- imrc = memory_region_get_iommu_class_nocheck(iommu_mr);
-
- iommu_idx = imrc->attrs_to_index(iommu_mr, attrs);
- tcg_register_iommu_notifier(cpu, iommu_mr, iommu_idx);
- /* We need all the permissions, so pass IOMMU_NONE so the IOMMU
- * doesn't short-cut its translation table walk.
- */
- iotlb = imrc->translate(iommu_mr, addr, IOMMU_NONE, iommu_idx);
- addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
- | (addr & iotlb.addr_mask));
- /* Update the caller's prot bits to remove permissions the IOMMU
- * is giving us a failure response for. If we get down to no
- * permissions left at all we can give up now.
- */
- if (!(iotlb.perm & IOMMU_RO)) {
- *prot &= ~(PAGE_READ | PAGE_EXEC);
- }
- if (!(iotlb.perm & IOMMU_WO)) {
- *prot &= ~PAGE_WRITE;
- }
-
- if (!*prot) {
- goto translate_fail;
- }
-
- d = flatview_to_dispatch(address_space_to_flatview(iotlb.target_as));
- }
-
- assert(!memory_region_is_iommu(section->mr));
- *xlat = addr;
- return section;
-
-translate_fail:
- return &d->map.sections[PHYS_SECTION_UNASSIGNED];
-}
-#endif
-
-#if !defined(CONFIG_USER_ONLY)
-
-static int cpu_common_post_load(void *opaque, int version_id)
-{
- CPUState *cpu = opaque;
-
- /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
- version_id is increased. */
- cpu->interrupt_request &= ~0x01;
- tlb_flush(cpu);
-
- /* loadvm has just updated the content of RAM, bypassing the
- * usual mechanisms that ensure we flush TBs for writes to
- * memory we've translated code from. So we must flush all TBs,
- * which will now be stale.
- */
- tb_flush(cpu);
-
- return 0;
-}
-
-static int cpu_common_pre_load(void *opaque)
-{
- CPUState *cpu = opaque;
-
- cpu->exception_index = -1;
-
- return 0;
-}
-
-static bool cpu_common_exception_index_needed(void *opaque)
-{
- CPUState *cpu = opaque;
-
- return tcg_enabled() && cpu->exception_index != -1;
-}
-
-static const VMStateDescription vmstate_cpu_common_exception_index = {
- .name = "cpu_common/exception_index",
- .version_id = 1,
- .minimum_version_id = 1,
- .needed = cpu_common_exception_index_needed,
- .fields = (VMStateField[]) {
- VMSTATE_INT32(exception_index, CPUState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-static bool cpu_common_crash_occurred_needed(void *opaque)
-{
- CPUState *cpu = opaque;
-
- return cpu->crash_occurred;
-}
-
-static const VMStateDescription vmstate_cpu_common_crash_occurred = {
- .name = "cpu_common/crash_occurred",
- .version_id = 1,
- .minimum_version_id = 1,
- .needed = cpu_common_crash_occurred_needed,
- .fields = (VMStateField[]) {
- VMSTATE_BOOL(crash_occurred, CPUState),
- VMSTATE_END_OF_LIST()
- }
-};
-
-const VMStateDescription vmstate_cpu_common = {
- .name = "cpu_common",
- .version_id = 1,
- .minimum_version_id = 1,
- .pre_load = cpu_common_pre_load,
- .post_load = cpu_common_post_load,
- .fields = (VMStateField[]) {
- VMSTATE_UINT32(halted, CPUState),
- VMSTATE_UINT32(interrupt_request, CPUState),
- VMSTATE_END_OF_LIST()
- },
- .subsections = (const VMStateDescription*[]) {
- &vmstate_cpu_common_exception_index,
- &vmstate_cpu_common_crash_occurred,
- NULL
- }
-};
-
-void cpu_address_space_init(CPUState *cpu, int asidx,
- const char *prefix, MemoryRegion *mr)
-{
- CPUAddressSpace *newas;
- AddressSpace *as = g_new0(AddressSpace, 1);
- char *as_name;
-
- assert(mr);
- as_name = g_strdup_printf("%s-%d", prefix, cpu->cpu_index);
- address_space_init(as, mr, as_name);
- g_free(as_name);
-
- /* Target code should have set num_ases before calling us */
- assert(asidx < cpu->num_ases);
-
- if (asidx == 0) {
- /* address space 0 gets the convenience alias */
- cpu->as = as;
- }
-
- /* KVM cannot currently support multiple address spaces. */
- assert(asidx == 0 || !kvm_enabled());
-
- if (!cpu->cpu_ases) {
- cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
- }
-
- newas = &cpu->cpu_ases[asidx];
- newas->cpu = cpu;
- newas->as = as;
- if (tcg_enabled()) {
- newas->tcg_as_listener.log_global_after_sync = tcg_log_global_after_sync;
- newas->tcg_as_listener.commit = tcg_commit;
- memory_listener_register(&newas->tcg_as_listener, as);
- }
-}
-
-AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
-{
- /* Return the AddressSpace corresponding to the specified index */
- return cpu->cpu_ases[asidx].as;
-}
-#endif
-
-void cpu_exec_unrealizefn(CPUState *cpu)
-{
- CPUClass *cc = CPU_GET_CLASS(cpu);
-
- tlb_destroy(cpu);
- cpu_list_remove(cpu);
-
- if (cc->vmsd != NULL) {
- vmstate_unregister(NULL, cc->vmsd, cpu);
- }
- if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
- vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
- }
-#ifndef CONFIG_USER_ONLY
- tcg_iommu_free_notifier_list(cpu);
-#endif
-}
-
-Property cpu_common_props[] = {
-#ifndef CONFIG_USER_ONLY
- /* Create a memory property for softmmu CPU object,
- * so users can wire up its memory. (This can't go in hw/core/cpu.c
- * because that file is compiled only once for both user-mode
- * and system builds.) The default if no link is set up is to use
- * the system address space.
- */
- DEFINE_PROP_LINK("memory", CPUState, memory, TYPE_MEMORY_REGION,
- MemoryRegion *),
-#endif
- DEFINE_PROP_BOOL("start-powered-off", CPUState, start_powered_off, false),
- DEFINE_PROP_END_OF_LIST(),
-};
-
-void cpu_exec_initfn(CPUState *cpu)
-{
- cpu->as = NULL;
- cpu->num_ases = 0;
-
-#ifndef CONFIG_USER_ONLY
- cpu->thread_id = qemu_get_thread_id();
- cpu->memory = system_memory;
- object_ref(OBJECT(cpu->memory));
-#endif
-}
-
-void cpu_exec_realizefn(CPUState *cpu, Error **errp)
-{
- CPUClass *cc = CPU_GET_CLASS(cpu);
- static bool tcg_target_initialized;
-
- cpu_list_add(cpu);
-
- if (tcg_enabled() && !tcg_target_initialized) {
- tcg_target_initialized = true;
- cc->tcg_initialize();
- }
- tlb_init(cpu);
-
- qemu_plugin_vcpu_init_hook(cpu);
-
-#ifdef CONFIG_USER_ONLY
- assert(cc->vmsd == NULL);
-#else /* !CONFIG_USER_ONLY */
- if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
- vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
- }
- if (cc->vmsd != NULL) {
- vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
- }
-
- cpu->iommu_notifiers = g_array_new(false, true, sizeof(TCGIOMMUNotifier *));
-#endif
-}
-
-const char *parse_cpu_option(const char *cpu_option)
-{
- ObjectClass *oc;
- CPUClass *cc;
- gchar **model_pieces;
- const char *cpu_type;
-
- model_pieces = g_strsplit(cpu_option, ",", 2);
- if (!model_pieces[0]) {
- error_report("-cpu option cannot be empty");
- exit(1);
- }
-
- oc = cpu_class_by_name(CPU_RESOLVING_TYPE, model_pieces[0]);
- if (oc == NULL) {
- error_report("unable to find CPU model '%s'", model_pieces[0]);
- g_strfreev(model_pieces);
- exit(EXIT_FAILURE);
- }
-
- cpu_type = object_class_get_name(oc);
- cc = CPU_CLASS(oc);
- cc->parse_features(cpu_type, model_pieces[1], &error_fatal);
- g_strfreev(model_pieces);
- return cpu_type;
-}
-
-#if defined(CONFIG_USER_ONLY)
-void tb_invalidate_phys_addr(target_ulong addr)
-{
- mmap_lock();
- tb_invalidate_phys_page_range(addr, addr + 1);
- mmap_unlock();
-}
-
-static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
-{
- tb_invalidate_phys_addr(pc);
-}
-#else
-void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr, MemTxAttrs attrs)
-{
- ram_addr_t ram_addr;
- MemoryRegion *mr;
- hwaddr l = 1;
-
- if (!tcg_enabled()) {
- return;
- }
-
- RCU_READ_LOCK_GUARD();
- mr = address_space_translate(as, addr, &addr, &l, false, attrs);
- if (!(memory_region_is_ram(mr)
- || memory_region_is_romd(mr))) {
- return;
- }
- ram_addr = memory_region_get_ram_addr(mr) + addr;
- tb_invalidate_phys_page_range(ram_addr, ram_addr + 1);
-}
-
-static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
-{
- /*
- * There may not be a virtual to physical translation for the pc
- * right now, but there may exist cached TB for this pc.
- * Flush the whole TB cache to force re-translation of such TBs.
- * This is heavyweight, but we're debugging anyway.
- */
- tb_flush(cpu);
-}
-#endif
-
-#ifndef CONFIG_USER_ONLY
-/* Add a watchpoint. */
-int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
- int flags, CPUWatchpoint **watchpoint)
-{
- CPUWatchpoint *wp;
- vaddr in_page;
-
- /* forbid ranges which are empty or run off the end of the address space */
- if (len == 0 || (addr + len - 1) < addr) {
- error_report("tried to set invalid watchpoint at %"
- VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
- return -EINVAL;
- }
- wp = g_malloc(sizeof(*wp));
-
- wp->vaddr = addr;
- wp->len = len;
- wp->flags = flags;
-
- /* keep all GDB-injected watchpoints in front */
- if (flags & BP_GDB) {
- QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
- } else {
- QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
- }
-
- in_page = -(addr | TARGET_PAGE_MASK);
- if (len <= in_page) {
- tlb_flush_page(cpu, addr);
- } else {
- tlb_flush(cpu);
- }
-
- if (watchpoint)
- *watchpoint = wp;
- return 0;
-}
-
-/* Remove a specific watchpoint. */
-int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
- int flags)
-{
- CPUWatchpoint *wp;
-
- QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
- if (addr == wp->vaddr && len == wp->len
- && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
- cpu_watchpoint_remove_by_ref(cpu, wp);
- return 0;
- }
- }
- return -ENOENT;
-}
-
-/* Remove a specific watchpoint by reference. */
-void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
-{
- QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
-
- tlb_flush_page(cpu, watchpoint->vaddr);
-
- g_free(watchpoint);
-}
-
-/* Remove all matching watchpoints. */
-void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
-{
- CPUWatchpoint *wp, *next;
-
- QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
- if (wp->flags & mask) {
- cpu_watchpoint_remove_by_ref(cpu, wp);
- }
- }
-}
-
-/* Return true if this watchpoint address matches the specified
- * access (ie the address range covered by the watchpoint overlaps
- * partially or completely with the address range covered by the
- * access).
- */
-static inline bool watchpoint_address_matches(CPUWatchpoint *wp,
- vaddr addr, vaddr len)
-{
- /* We know the lengths are non-zero, but a little caution is
- * required to avoid errors in the case where the range ends
- * exactly at the top of the address space and so addr + len
- * wraps round to zero.
- */
- vaddr wpend = wp->vaddr + wp->len - 1;
- vaddr addrend = addr + len - 1;
-
- return !(addr > wpend || wp->vaddr > addrend);
-}
-
-/* Return flags for watchpoints that match addr + prot. */
-int cpu_watchpoint_address_matches(CPUState *cpu, vaddr addr, vaddr len)
-{
- CPUWatchpoint *wp;
- int ret = 0;
-
- QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
- if (watchpoint_address_matches(wp, addr, len)) {
- ret |= wp->flags;
- }
- }
- return ret;
-}
-#endif /* !CONFIG_USER_ONLY */
-
-/* Add a breakpoint. */
-int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
- CPUBreakpoint **breakpoint)
-{
- CPUBreakpoint *bp;
-
- bp = g_malloc(sizeof(*bp));
-
- bp->pc = pc;
- bp->flags = flags;
-
- /* keep all GDB-injected breakpoints in front */
- if (flags & BP_GDB) {
- QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
- } else {
- QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
- }
-
- breakpoint_invalidate(cpu, pc);
-
- if (breakpoint) {
- *breakpoint = bp;
- }
- return 0;
-}
-
-/* Remove a specific breakpoint. */
-int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
-{
- CPUBreakpoint *bp;
-
- QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
- if (bp->pc == pc && bp->flags == flags) {
- cpu_breakpoint_remove_by_ref(cpu, bp);
- return 0;
- }
- }
- return -ENOENT;
-}
-
-/* Remove a specific breakpoint by reference. */
-void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
-{
- QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
-
- breakpoint_invalidate(cpu, breakpoint->pc);
-
- g_free(breakpoint);
-}
-
-/* Remove all matching breakpoints. */
-void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
-{
- CPUBreakpoint *bp, *next;
-
- QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
- if (bp->flags & mask) {
- cpu_breakpoint_remove_by_ref(cpu, bp);
- }
- }
-}
-
-/* enable or disable single step mode. EXCP_DEBUG is returned by the
- CPU loop after each instruction */
-void cpu_single_step(CPUState *cpu, int enabled)
-{
- if (cpu->singlestep_enabled != enabled) {
- cpu->singlestep_enabled = enabled;
- if (kvm_enabled()) {
- kvm_update_guest_debug(cpu, 0);
- } else {
- /* must flush all the translated code to avoid inconsistencies */
- /* XXX: only flush what is necessary */
- tb_flush(cpu);
- }
- }
-}
-
-void cpu_abort(CPUState *cpu, const char *fmt, ...)
-{
- va_list ap;
- va_list ap2;
-
- va_start(ap, fmt);
- va_copy(ap2, ap);
- fprintf(stderr, "qemu: fatal: ");
- vfprintf(stderr, fmt, ap);
- fprintf(stderr, "\n");
- cpu_dump_state(cpu, stderr, CPU_DUMP_FPU | CPU_DUMP_CCOP);
- if (qemu_log_separate()) {
- FILE *logfile = qemu_log_lock();
- qemu_log("qemu: fatal: ");
- qemu_log_vprintf(fmt, ap2);
- qemu_log("\n");
- log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
- qemu_log_flush();
- qemu_log_unlock(logfile);
- qemu_log_close();
- }
- va_end(ap2);
- va_end(ap);
- replay_finish();
-#if defined(CONFIG_USER_ONLY)
- {
- struct sigaction act;
- sigfillset(&act.sa_mask);
- act.sa_handler = SIG_DFL;
- act.sa_flags = 0;
- sigaction(SIGABRT, &act, NULL);
- }
-#endif
- abort();
-}
-
-#if !defined(CONFIG_USER_ONLY)
-/* Called from RCU critical section */
-static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
-{
- RAMBlock *block;
-
- block = qatomic_rcu_read(&ram_list.mru_block);
- if (block && addr - block->offset < block->max_length) {
- return block;
- }
- RAMBLOCK_FOREACH(block) {
- if (addr - block->offset < block->max_length) {
- goto found;
- }
- }
-
- fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
- abort();
-
-found:
- /* It is safe to write mru_block outside the iothread lock. This
- * is what happens:
- *
- * mru_block = xxx
- * rcu_read_unlock()
- * xxx removed from list
- * rcu_read_lock()
- * read mru_block
- * mru_block = NULL;
- * call_rcu(reclaim_ramblock, xxx);
- * rcu_read_unlock()
- *
- * qatomic_rcu_set is not needed here. The block was already published
- * when it was placed into the list. Here we're just making an extra
- * copy of the pointer.
- */
- ram_list.mru_block = block;
- return block;
-}
-
-static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
-{
- CPUState *cpu;
- ram_addr_t start1;
- RAMBlock *block;
- ram_addr_t end;
-
- assert(tcg_enabled());
- end = TARGET_PAGE_ALIGN(start + length);
- start &= TARGET_PAGE_MASK;
-
- RCU_READ_LOCK_GUARD();
- block = qemu_get_ram_block(start);
- assert(block == qemu_get_ram_block(end - 1));
- start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
- CPU_FOREACH(cpu) {
- tlb_reset_dirty(cpu, start1, length);
- }
-}
-
-/* Note: start and end must be within the same ram block. */
-bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
- ram_addr_t length,
- unsigned client)
-{
- DirtyMemoryBlocks *blocks;
- unsigned long end, page, start_page;
- bool dirty = false;
- RAMBlock *ramblock;
- uint64_t mr_offset, mr_size;
-
- if (length == 0) {
- return false;
- }
-
- end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
- start_page = start >> TARGET_PAGE_BITS;
- page = start_page;
-
- WITH_RCU_READ_LOCK_GUARD() {
- blocks = qatomic_rcu_read(&ram_list.dirty_memory[client]);
- ramblock = qemu_get_ram_block(start);
- /* Range sanity check on the ramblock */
- assert(start >= ramblock->offset &&
- start + length <= ramblock->offset + ramblock->used_length);
-
- while (page < end) {
- unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
- unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
- unsigned long num = MIN(end - page,
- DIRTY_MEMORY_BLOCK_SIZE - offset);
-
- dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
- offset, num);
- page += num;
- }
-
- mr_offset = (ram_addr_t)(start_page << TARGET_PAGE_BITS) - ramblock->offset;
- mr_size = (end - start_page) << TARGET_PAGE_BITS;
- memory_region_clear_dirty_bitmap(ramblock->mr, mr_offset, mr_size);
- }
-
- if (dirty && tcg_enabled()) {
- tlb_reset_dirty_range_all(start, length);
- }
-
- return dirty;
-}
-
-DirtyBitmapSnapshot *cpu_physical_memory_snapshot_and_clear_dirty
- (MemoryRegion *mr, hwaddr offset, hwaddr length, unsigned client)
-{
- DirtyMemoryBlocks *blocks;
- ram_addr_t start = memory_region_get_ram_addr(mr) + offset;
- unsigned long align = 1UL << (TARGET_PAGE_BITS + BITS_PER_LEVEL);
- ram_addr_t first = QEMU_ALIGN_DOWN(start, align);
- ram_addr_t last = QEMU_ALIGN_UP(start + length, align);
- DirtyBitmapSnapshot *snap;
- unsigned long page, end, dest;
-
- snap = g_malloc0(sizeof(*snap) +
- ((last - first) >> (TARGET_PAGE_BITS + 3)));
- snap->start = first;
- snap->end = last;
-
- page = first >> TARGET_PAGE_BITS;
- end = last >> TARGET_PAGE_BITS;
- dest = 0;
-
- WITH_RCU_READ_LOCK_GUARD() {
- blocks = qatomic_rcu_read(&ram_list.dirty_memory[client]);
-
- while (page < end) {
- unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
- unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
- unsigned long num = MIN(end - page,
- DIRTY_MEMORY_BLOCK_SIZE - offset);
-
- assert(QEMU_IS_ALIGNED(offset, (1 << BITS_PER_LEVEL)));
- assert(QEMU_IS_ALIGNED(num, (1 << BITS_PER_LEVEL)));
- offset >>= BITS_PER_LEVEL;
-
- bitmap_copy_and_clear_atomic(snap->dirty + dest,
- blocks->blocks[idx] + offset,
- num);
- page += num;
- dest += num >> BITS_PER_LEVEL;
- }
- }
-
- if (tcg_enabled()) {
- tlb_reset_dirty_range_all(start, length);
- }
-
- memory_region_clear_dirty_bitmap(mr, offset, length);
-
- return snap;
-}
-
-bool cpu_physical_memory_snapshot_get_dirty(DirtyBitmapSnapshot *snap,
- ram_addr_t start,
- ram_addr_t length)
-{
- unsigned long page, end;
-
- assert(start >= snap->start);
- assert(start + length <= snap->end);
-
- end = TARGET_PAGE_ALIGN(start + length - snap->start) >> TARGET_PAGE_BITS;
- page = (start - snap->start) >> TARGET_PAGE_BITS;
-
- while (page < end) {
- if (test_bit(page, snap->dirty)) {
- return true;
- }
- page++;
- }
- return false;
-}
-
-/* Called from RCU critical section */
-hwaddr memory_region_section_get_iotlb(CPUState *cpu,
- MemoryRegionSection *section)
-{
- AddressSpaceDispatch *d = flatview_to_dispatch(section->fv);
- return section - d->map.sections;
-}
-#endif /* defined(CONFIG_USER_ONLY) */
-
-#if !defined(CONFIG_USER_ONLY)
-
-static int subpage_register(subpage_t *mmio, uint32_t start, uint32_t end,
- uint16_t section);
-static subpage_t *subpage_init(FlatView *fv, hwaddr base);
-
-static void *(*phys_mem_alloc)(size_t size, uint64_t *align, bool shared) =
- qemu_anon_ram_alloc;
-
-/*
- * Set a custom physical guest memory alloator.
- * Accelerators with unusual needs may need this. Hopefully, we can
- * get rid of it eventually.
- */
-void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align, bool shared))
-{
- phys_mem_alloc = alloc;
-}
-
-static uint16_t phys_section_add(PhysPageMap *map,
- MemoryRegionSection *section)
-{
- /* The physical section number is ORed with a page-aligned
- * pointer to produce the iotlb entries. Thus it should
- * never overflow into the page-aligned value.
- */
- assert(map->sections_nb < TARGET_PAGE_SIZE);
-
- if (map->sections_nb == map->sections_nb_alloc) {
- map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
- map->sections = g_renew(MemoryRegionSection, map->sections,
- map->sections_nb_alloc);
- }
- map->sections[map->sections_nb] = *section;
- memory_region_ref(section->mr);
- return map->sections_nb++;
-}
-
-static void phys_section_destroy(MemoryRegion *mr)
-{
- bool have_sub_page = mr->subpage;
-
- memory_region_unref(mr);
-
- if (have_sub_page) {
- subpage_t *subpage = container_of(mr, subpage_t, iomem);
- object_unref(OBJECT(&subpage->iomem));
- g_free(subpage);
- }
-}
-
-static void phys_sections_free(PhysPageMap *map)
-{
- while (map->sections_nb > 0) {
- MemoryRegionSection *section = &map->sections[--map->sections_nb];
- phys_section_destroy(section->mr);
- }
- g_free(map->sections);
- g_free(map->nodes);
-}
-
-static void register_subpage(FlatView *fv, MemoryRegionSection *section)
-{
- AddressSpaceDispatch *d = flatview_to_dispatch(fv);
- subpage_t *subpage;
- hwaddr base = section->offset_within_address_space
- & TARGET_PAGE_MASK;
- MemoryRegionSection *existing = phys_page_find(d, base);
- MemoryRegionSection subsection = {
- .offset_within_address_space = base,
- .size = int128_make64(TARGET_PAGE_SIZE),
- };
- hwaddr start, end;
-
- assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
-
- if (!(existing->mr->subpage)) {
- subpage = subpage_init(fv, base);
- subsection.fv = fv;
- subsection.mr = &subpage->iomem;
- phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
- phys_section_add(&d->map, &subsection));
- } else {
- subpage = container_of(existing->mr, subpage_t, iomem);
- }
- start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
- end = start + int128_get64(section->size) - 1;
- subpage_register(subpage, start, end,
- phys_section_add(&d->map, section));
-}
-
-
-static void register_multipage(FlatView *fv,
- MemoryRegionSection *section)
-{
- AddressSpaceDispatch *d = flatview_to_dispatch(fv);
- hwaddr start_addr = section->offset_within_address_space;
- uint16_t section_index = phys_section_add(&d->map, section);
- uint64_t num_pages = int128_get64(int128_rshift(section->size,
- TARGET_PAGE_BITS));
-
- assert(num_pages);
- phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
-}
-
-/*
- * The range in *section* may look like this:
- *
- * |s|PPPPPPP|s|
- *
- * where s stands for subpage and P for page.
- */
-void flatview_add_to_dispatch(FlatView *fv, MemoryRegionSection *section)
-{
- MemoryRegionSection remain = *section;
- Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
-
- /* register first subpage */
- if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
- uint64_t left = TARGET_PAGE_ALIGN(remain.offset_within_address_space)
- - remain.offset_within_address_space;
-
- MemoryRegionSection now = remain;
- now.size = int128_min(int128_make64(left), now.size);
- register_subpage(fv, &now);
- if (int128_eq(remain.size, now.size)) {
- return;
- }
- remain.size = int128_sub(remain.size, now.size);
- remain.offset_within_address_space += int128_get64(now.size);
- remain.offset_within_region += int128_get64(now.size);
- }
-
- /* register whole pages */
- if (int128_ge(remain.size, page_size)) {
- MemoryRegionSection now = remain;
- now.size = int128_and(now.size, int128_neg(page_size));
- register_multipage(fv, &now);
- if (int128_eq(remain.size, now.size)) {
- return;
- }
- remain.size = int128_sub(remain.size, now.size);
- remain.offset_within_address_space += int128_get64(now.size);
- remain.offset_within_region += int128_get64(now.size);
- }
-
- /* register last subpage */
- register_subpage(fv, &remain);
-}
-
-void qemu_flush_coalesced_mmio_buffer(void)
-{
- if (kvm_enabled())
- kvm_flush_coalesced_mmio_buffer();
-}
-
-void qemu_mutex_lock_ramlist(void)
-{
- qemu_mutex_lock(&ram_list.mutex);
-}
-
-void qemu_mutex_unlock_ramlist(void)
-{
- qemu_mutex_unlock(&ram_list.mutex);
-}
-
-void ram_block_dump(Monitor *mon)
-{
- RAMBlock *block;
- char *psize;
-
- RCU_READ_LOCK_GUARD();
- monitor_printf(mon, "%24s %8s %18s %18s %18s\n",
- "Block Name", "PSize", "Offset", "Used", "Total");
- RAMBLOCK_FOREACH(block) {
- psize = size_to_str(block->page_size);
- monitor_printf(mon, "%24s %8s 0x%016" PRIx64 " 0x%016" PRIx64
- " 0x%016" PRIx64 "\n", block->idstr, psize,
- (uint64_t)block->offset,
- (uint64_t)block->used_length,
- (uint64_t)block->max_length);
- g_free(psize);
- }
-}
-
-#ifdef __linux__
-/*
- * FIXME TOCTTOU: this iterates over memory backends' mem-path, which
- * may or may not name the same files / on the same filesystem now as
- * when we actually open and map them. Iterate over the file
- * descriptors instead, and use qemu_fd_getpagesize().
- */
-static int find_min_backend_pagesize(Object *obj, void *opaque)
-{
- long *hpsize_min = opaque;
-
- if (object_dynamic_cast(obj, TYPE_MEMORY_BACKEND)) {
- HostMemoryBackend *backend = MEMORY_BACKEND(obj);
- long hpsize = host_memory_backend_pagesize(backend);
-
- if (host_memory_backend_is_mapped(backend) && (hpsize < *hpsize_min)) {
- *hpsize_min = hpsize;
- }
- }
-
- return 0;
-}
-
-static int find_max_backend_pagesize(Object *obj, void *opaque)
-{
- long *hpsize_max = opaque;
-
- if (object_dynamic_cast(obj, TYPE_MEMORY_BACKEND)) {
- HostMemoryBackend *backend = MEMORY_BACKEND(obj);
- long hpsize = host_memory_backend_pagesize(backend);
-
- if (host_memory_backend_is_mapped(backend) && (hpsize > *hpsize_max)) {
- *hpsize_max = hpsize;
- }
- }
-
- return 0;
-}
-
-/*
- * TODO: We assume right now that all mapped host memory backends are
- * used as RAM, however some might be used for different purposes.
- */
-long qemu_minrampagesize(void)
-{
- long hpsize = LONG_MAX;
- Object *memdev_root = object_resolve_path("/objects", NULL);
-
- object_child_foreach(memdev_root, find_min_backend_pagesize, &hpsize);
- return hpsize;
-}
-
-long qemu_maxrampagesize(void)
-{
- long pagesize = 0;
- Object *memdev_root = object_resolve_path("/objects", NULL);
-
- object_child_foreach(memdev_root, find_max_backend_pagesize, &pagesize);
- return pagesize;
-}
-#else
-long qemu_minrampagesize(void)
-{
- return qemu_real_host_page_size;
-}
-long qemu_maxrampagesize(void)
-{
- return qemu_real_host_page_size;
-}
-#endif
-
-#ifdef CONFIG_POSIX
-static int64_t get_file_size(int fd)
-{
- int64_t size;
-#if defined(__linux__)
- struct stat st;
-
- if (fstat(fd, &st) < 0) {
- return -errno;
- }
-
- /* Special handling for devdax character devices */
- if (S_ISCHR(st.st_mode)) {
- g_autofree char *subsystem_path = NULL;
- g_autofree char *subsystem = NULL;
-
- subsystem_path = g_strdup_printf("/sys/dev/char/%d:%d/subsystem",
- major(st.st_rdev), minor(st.st_rdev));
- subsystem = g_file_read_link(subsystem_path, NULL);
-
- if (subsystem && g_str_has_suffix(subsystem, "/dax")) {
- g_autofree char *size_path = NULL;
- g_autofree char *size_str = NULL;
-
- size_path = g_strdup_printf("/sys/dev/char/%d:%d/size",
- major(st.st_rdev), minor(st.st_rdev));
-
- if (g_file_get_contents(size_path, &size_str, NULL, NULL)) {
- return g_ascii_strtoll(size_str, NULL, 0);
- }
- }
- }
-#endif /* defined(__linux__) */
-
- /* st.st_size may be zero for special files yet lseek(2) works */
- size = lseek(fd, 0, SEEK_END);
- if (size < 0) {
- return -errno;
- }
- return size;
-}
-
-static int64_t get_file_align(int fd)
-{
- int64_t align = -1;
-#if defined(__linux__) && defined(CONFIG_LIBDAXCTL)
- struct stat st;
-
- if (fstat(fd, &st) < 0) {
- return -errno;
- }
-
- /* Special handling for devdax character devices */
- if (S_ISCHR(st.st_mode)) {
- g_autofree char *path = NULL;
- g_autofree char *rpath = NULL;
- struct daxctl_ctx *ctx;
- struct daxctl_region *region;
- int rc = 0;
-
- path = g_strdup_printf("/sys/dev/char/%d:%d",
- major(st.st_rdev), minor(st.st_rdev));
- rpath = realpath(path, NULL);
-
- rc = daxctl_new(&ctx);
- if (rc) {
- return -1;
- }
-
- daxctl_region_foreach(ctx, region) {
- if (strstr(rpath, daxctl_region_get_path(region))) {
- align = daxctl_region_get_align(region);
- break;
- }
- }
- daxctl_unref(ctx);
- }
-#endif /* defined(__linux__) && defined(CONFIG_LIBDAXCTL) */
-
- return align;
-}
-
-static int file_ram_open(const char *path,
- const char *region_name,
- bool *created,
- Error **errp)
-{
- char *filename;
- char *sanitized_name;
- char *c;
- int fd = -1;
-
- *created = false;
- for (;;) {
- fd = open(path, O_RDWR);
- if (fd >= 0) {
- /* @path names an existing file, use it */
- break;
- }
- if (errno == ENOENT) {
- /* @path names a file that doesn't exist, create it */
- fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
- if (fd >= 0) {
- *created = true;
- break;
- }
- } else if (errno == EISDIR) {
- /* @path names a directory, create a file there */
- /* Make name safe to use with mkstemp by replacing '/' with '_'. */
- sanitized_name = g_strdup(region_name);
- for (c = sanitized_name; *c != '\0'; c++) {
- if (*c == '/') {
- *c = '_';
- }
- }
-
- filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
- sanitized_name);
- g_free(sanitized_name);
-
- fd = mkstemp(filename);
- if (fd >= 0) {
- unlink(filename);
- g_free(filename);
- break;
- }
- g_free(filename);
- }
- if (errno != EEXIST && errno != EINTR) {
- error_setg_errno(errp, errno,
- "can't open backing store %s for guest RAM",
- path);
- return -1;
- }
- /*
- * Try again on EINTR and EEXIST. The latter happens when
- * something else creates the file between our two open().
- */
- }
-
- return fd;
-}
-
-static void *file_ram_alloc(RAMBlock *block,
- ram_addr_t memory,
- int fd,
- bool truncate,
- Error **errp)
-{
- void *area;
-
- block->page_size = qemu_fd_getpagesize(fd);
- if (block->mr->align % block->page_size) {
- error_setg(errp, "alignment 0x%" PRIx64
- " must be multiples of page size 0x%zx",
- block->mr->align, block->page_size);
- return NULL;
- } else if (block->mr->align && !is_power_of_2(block->mr->align)) {
- error_setg(errp, "alignment 0x%" PRIx64
- " must be a power of two", block->mr->align);
- return NULL;
- }
- block->mr->align = MAX(block->page_size, block->mr->align);
-#if defined(__s390x__)
- if (kvm_enabled()) {
- block->mr->align = MAX(block->mr->align, QEMU_VMALLOC_ALIGN);
- }
-#endif
-
- if (memory < block->page_size) {
- error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
- "or larger than page size 0x%zx",
- memory, block->page_size);
- return NULL;
- }
-
- memory = ROUND_UP(memory, block->page_size);
-
- /*
- * ftruncate is not supported by hugetlbfs in older
- * hosts, so don't bother bailing out on errors.
- * If anything goes wrong with it under other filesystems,
- * mmap will fail.
- *
- * Do not truncate the non-empty backend file to avoid corrupting
- * the existing data in the file. Disabling shrinking is not
- * enough. For example, the current vNVDIMM implementation stores
- * the guest NVDIMM labels at the end of the backend file. If the
- * backend file is later extended, QEMU will not be able to find
- * those labels. Therefore, extending the non-empty backend file
- * is disabled as well.
- */
- if (truncate && ftruncate(fd, memory)) {
- perror("ftruncate");
- }
-
- area = qemu_ram_mmap(fd, memory, block->mr->align,
- block->flags & RAM_SHARED, block->flags & RAM_PMEM);
- if (area == MAP_FAILED) {
- error_setg_errno(errp, errno,
- "unable to map backing store for guest RAM");
- return NULL;
- }
-
- block->fd = fd;
- return area;
-}
-#endif
-
-/* Allocate space within the ram_addr_t space that governs the
- * dirty bitmaps.
- * Called with the ramlist lock held.
- */
-static ram_addr_t find_ram_offset(ram_addr_t size)
-{
- RAMBlock *block, *next_block;
- ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
-
- assert(size != 0); /* it would hand out same offset multiple times */
-
- if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
- return 0;
- }
-
- RAMBLOCK_FOREACH(block) {
- ram_addr_t candidate, next = RAM_ADDR_MAX;
-
- /* Align blocks to start on a 'long' in the bitmap
- * which makes the bitmap sync'ing take the fast path.
- */
- candidate = block->offset + block->max_length;
- candidate = ROUND_UP(candidate, BITS_PER_LONG << TARGET_PAGE_BITS);
-
- /* Search for the closest following block
- * and find the gap.
- */
- RAMBLOCK_FOREACH(next_block) {
- if (next_block->offset >= candidate) {
- next = MIN(next, next_block->offset);
- }
- }
-
- /* If it fits remember our place and remember the size
- * of gap, but keep going so that we might find a smaller
- * gap to fill so avoiding fragmentation.
- */
- if (next - candidate >= size && next - candidate < mingap) {
- offset = candidate;
- mingap = next - candidate;
- }
-
- trace_find_ram_offset_loop(size, candidate, offset, next, mingap);
- }
-
- if (offset == RAM_ADDR_MAX) {
- fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
- (uint64_t)size);
- abort();
- }
-
- trace_find_ram_offset(size, offset);
-
- return offset;
-}
-
-static unsigned long last_ram_page(void)
-{
- RAMBlock *block;
- ram_addr_t last = 0;
-
- RCU_READ_LOCK_GUARD();
- RAMBLOCK_FOREACH(block) {
- last = MAX(last, block->offset + block->max_length);
- }
- return last >> TARGET_PAGE_BITS;
-}
-
-static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
-{
- int ret;
-
- /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
- if (!machine_dump_guest_core(current_machine)) {
- ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
- if (ret) {
- perror("qemu_madvise");
- fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
- "but dump_guest_core=off specified\n");
- }
- }
-}
-
-const char *qemu_ram_get_idstr(RAMBlock *rb)
-{
- return rb->idstr;
-}
-
-void *qemu_ram_get_host_addr(RAMBlock *rb)
-{
- return rb->host;
-}
-
-ram_addr_t qemu_ram_get_offset(RAMBlock *rb)
-{
- return rb->offset;
-}
-
-ram_addr_t qemu_ram_get_used_length(RAMBlock *rb)
-{
- return rb->used_length;
-}
-
-bool qemu_ram_is_shared(RAMBlock *rb)
-{
- return rb->flags & RAM_SHARED;
-}
-
-/* Note: Only set at the start of postcopy */
-bool qemu_ram_is_uf_zeroable(RAMBlock *rb)
-{
- return rb->flags & RAM_UF_ZEROPAGE;
-}
-
-void qemu_ram_set_uf_zeroable(RAMBlock *rb)
-{
- rb->flags |= RAM_UF_ZEROPAGE;
-}
-
-bool qemu_ram_is_migratable(RAMBlock *rb)
-{
- return rb->flags & RAM_MIGRATABLE;
-}
-
-void qemu_ram_set_migratable(RAMBlock *rb)
-{
- rb->flags |= RAM_MIGRATABLE;
-}
-
-void qemu_ram_unset_migratable(RAMBlock *rb)
-{
- rb->flags &= ~RAM_MIGRATABLE;
-}
-
-/* Called with iothread lock held. */
-void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
-{
- RAMBlock *block;
-
- assert(new_block);
- assert(!new_block->idstr[0]);
-
- if (dev) {
- char *id = qdev_get_dev_path(dev);
- if (id) {
- snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
- g_free(id);
- }
- }
- pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
-
- RCU_READ_LOCK_GUARD();
- RAMBLOCK_FOREACH(block) {
- if (block != new_block &&
- !strcmp(block->idstr, new_block->idstr)) {
- fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
- new_block->idstr);
- abort();
- }
- }
-}
-
-/* Called with iothread lock held. */
-void qemu_ram_unset_idstr(RAMBlock *block)
-{
- /* FIXME: arch_init.c assumes that this is not called throughout
- * migration. Ignore the problem since hot-unplug during migration
- * does not work anyway.
- */
- if (block) {
- memset(block->idstr, 0, sizeof(block->idstr));
- }
-}
-
-size_t qemu_ram_pagesize(RAMBlock *rb)
-{
- return rb->page_size;
-}
-
-/* Returns the largest size of page in use */
-size_t qemu_ram_pagesize_largest(void)
-{
- RAMBlock *block;
- size_t largest = 0;
-
- RAMBLOCK_FOREACH(block) {
- largest = MAX(largest, qemu_ram_pagesize(block));
- }
-
- return largest;
-}
-
-static int memory_try_enable_merging(void *addr, size_t len)
-{
- if (!machine_mem_merge(current_machine)) {
- /* disabled by the user */
- return 0;
- }
-
- return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
-}
-
-/* Only legal before guest might have detected the memory size: e.g. on
- * incoming migration, or right after reset.
- *
- * As memory core doesn't know how is memory accessed, it is up to
- * resize callback to update device state and/or add assertions to detect
- * misuse, if necessary.
- */
-int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
-{
- const ram_addr_t unaligned_size = newsize;
-
- assert(block);
-
- newsize = HOST_PAGE_ALIGN(newsize);
-
- if (block->used_length == newsize) {
- /*
- * We don't have to resize the ram block (which only knows aligned
- * sizes), however, we have to notify if the unaligned size changed.
- */
- if (unaligned_size != memory_region_size(block->mr)) {
- memory_region_set_size(block->mr, unaligned_size);
- if (block->resized) {
- block->resized(block->idstr, unaligned_size, block->host);
- }
- }
- return 0;
- }
-
- if (!(block->flags & RAM_RESIZEABLE)) {
- error_setg_errno(errp, EINVAL,
- "Length mismatch: %s: 0x" RAM_ADDR_FMT
- " in != 0x" RAM_ADDR_FMT, block->idstr,
- newsize, block->used_length);
- return -EINVAL;
- }
-
- if (block->max_length < newsize) {
- error_setg_errno(errp, EINVAL,
- "Length too large: %s: 0x" RAM_ADDR_FMT
- " > 0x" RAM_ADDR_FMT, block->idstr,
- newsize, block->max_length);
- return -EINVAL;
- }
-
- cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
- block->used_length = newsize;
- cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
- DIRTY_CLIENTS_ALL);
- memory_region_set_size(block->mr, unaligned_size);
- if (block->resized) {
- block->resized(block->idstr, unaligned_size, block->host);
- }
- return 0;
-}
-
-/*
- * Trigger sync on the given ram block for range [start, start + length]
- * with the backing store if one is available.
- * Otherwise no-op.
- * @Note: this is supposed to be a synchronous op.
- */
-void qemu_ram_msync(RAMBlock *block, ram_addr_t start, ram_addr_t length)
-{
- /* The requested range should fit in within the block range */
- g_assert((start + length) <= block->used_length);
-
-#ifdef CONFIG_LIBPMEM
- /* The lack of support for pmem should not block the sync */
- if (ramblock_is_pmem(block)) {
- void *addr = ramblock_ptr(block, start);
- pmem_persist(addr, length);
- return;
- }
-#endif
- if (block->fd >= 0) {
- /**
- * Case there is no support for PMEM or the memory has not been
- * specified as persistent (or is not one) - use the msync.
- * Less optimal but still achieves the same goal
- */
- void *addr = ramblock_ptr(block, start);
- if (qemu_msync(addr, length, block->fd)) {
- warn_report("%s: failed to sync memory range: start: "
- RAM_ADDR_FMT " length: " RAM_ADDR_FMT,
- __func__, start, length);
- }
- }
-}
-
-/* Called with ram_list.mutex held */
-static void dirty_memory_extend(ram_addr_t old_ram_size,
- ram_addr_t new_ram_size)
-{
- ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
- DIRTY_MEMORY_BLOCK_SIZE);
- ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
- DIRTY_MEMORY_BLOCK_SIZE);
- int i;
-
- /* Only need to extend if block count increased */
- if (new_num_blocks <= old_num_blocks) {
- return;
- }
-
- for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
- DirtyMemoryBlocks *old_blocks;
- DirtyMemoryBlocks *new_blocks;
- int j;
-
- old_blocks = qatomic_rcu_read(&ram_list.dirty_memory[i]);
- new_blocks = g_malloc(sizeof(*new_blocks) +
- sizeof(new_blocks->blocks[0]) * new_num_blocks);
-
- if (old_num_blocks) {
- memcpy(new_blocks->blocks, old_blocks->blocks,
- old_num_blocks * sizeof(old_blocks->blocks[0]));
- }
-
- for (j = old_num_blocks; j < new_num_blocks; j++) {
- new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
- }
-
- qatomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
-
- if (old_blocks) {
- g_free_rcu(old_blocks, rcu);
- }
- }
-}
-
-static void ram_block_add(RAMBlock *new_block, Error **errp, bool shared)
-{
- RAMBlock *block;
- RAMBlock *last_block = NULL;
- ram_addr_t old_ram_size, new_ram_size;
- Error *err = NULL;
-
- old_ram_size = last_ram_page();
-
- qemu_mutex_lock_ramlist();
- new_block->offset = find_ram_offset(new_block->max_length);
-
- if (!new_block->host) {
- if (xen_enabled()) {
- xen_ram_alloc(new_block->offset, new_block->max_length,
- new_block->mr, &err);
- if (err) {
- error_propagate(errp, err);
- qemu_mutex_unlock_ramlist();
- return;
- }
- } else {
- new_block->host = phys_mem_alloc(new_block->max_length,
- &new_block->mr->align, shared);
- if (!new_block->host) {
- error_setg_errno(errp, errno,
- "cannot set up guest memory '%s'",
- memory_region_name(new_block->mr));
- qemu_mutex_unlock_ramlist();
- return;
- }
- memory_try_enable_merging(new_block->host, new_block->max_length);
- }
- }
-
- new_ram_size = MAX(old_ram_size,
- (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
- if (new_ram_size > old_ram_size) {
- dirty_memory_extend(old_ram_size, new_ram_size);
- }
- /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
- * QLIST (which has an RCU-friendly variant) does not have insertion at
- * tail, so save the last element in last_block.
- */
- RAMBLOCK_FOREACH(block) {
- last_block = block;
- if (block->max_length < new_block->max_length) {
- break;
- }
- }
- if (block) {
- QLIST_INSERT_BEFORE_RCU(block, new_block, next);
- } else if (last_block) {
- QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
- } else { /* list is empty */
- QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
- }
- ram_list.mru_block = NULL;
-
- /* Write list before version */
- smp_wmb();
- ram_list.version++;
- qemu_mutex_unlock_ramlist();
-
- cpu_physical_memory_set_dirty_range(new_block->offset,
- new_block->used_length,
- DIRTY_CLIENTS_ALL);
-
- if (new_block->host) {
- qemu_ram_setup_dump(new_block->host, new_block->max_length);
- qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
- /*
- * MADV_DONTFORK is also needed by KVM in absence of synchronous MMU
- * Configure it unless the machine is a qtest server, in which case
- * KVM is not used and it may be forked (eg for fuzzing purposes).
- */
- if (!qtest_enabled()) {
- qemu_madvise(new_block->host, new_block->max_length,
- QEMU_MADV_DONTFORK);
- }
- ram_block_notify_add(new_block->host, new_block->max_length);
- }
-}
-
-#ifdef CONFIG_POSIX
-RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
- uint32_t ram_flags, int fd,
- Error **errp)
-{
- RAMBlock *new_block;
- Error *local_err = NULL;
- int64_t file_size, file_align;
-
- /* Just support these ram flags by now. */
- assert((ram_flags & ~(RAM_SHARED | RAM_PMEM)) == 0);
-
- if (xen_enabled()) {
- error_setg(errp, "-mem-path not supported with Xen");
- return NULL;
- }
-
- if (kvm_enabled() && !kvm_has_sync_mmu()) {
- error_setg(errp,
- "host lacks kvm mmu notifiers, -mem-path unsupported");
- return NULL;
- }
-
- if (phys_mem_alloc != qemu_anon_ram_alloc) {
- /*
- * file_ram_alloc() needs to allocate just like
- * phys_mem_alloc, but we haven't bothered to provide
- * a hook there.
- */
- error_setg(errp,
- "-mem-path not supported with this accelerator");
- return NULL;
- }
-
- size = HOST_PAGE_ALIGN(size);
- file_size = get_file_size(fd);
- if (file_size > 0 && file_size < size) {
- error_setg(errp, "backing store size 0x%" PRIx64
- " does not match 'size' option 0x" RAM_ADDR_FMT,
- file_size, size);
- return NULL;
- }
-
- file_align = get_file_align(fd);
- if (file_align > 0 && mr && file_align > mr->align) {
- error_setg(errp, "backing store align 0x%" PRIx64
- " is larger than 'align' option 0x%" PRIx64,
- file_align, mr->align);
- return NULL;
- }
-
- new_block = g_malloc0(sizeof(*new_block));
- new_block->mr = mr;
- new_block->used_length = size;
- new_block->max_length = size;
- new_block->flags = ram_flags;
- new_block->host = file_ram_alloc(new_block, size, fd, !file_size, errp);
- if (!new_block->host) {
- g_free(new_block);
- return NULL;
- }
-
- ram_block_add(new_block, &local_err, ram_flags & RAM_SHARED);
- if (local_err) {
- g_free(new_block);
- error_propagate(errp, local_err);
- return NULL;
- }
- return new_block;
-
-}
-
-
-RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
- uint32_t ram_flags, const char *mem_path,
- Error **errp)
-{
- int fd;
- bool created;
- RAMBlock *block;
-
- fd = file_ram_open(mem_path, memory_region_name(mr), &created, errp);
- if (fd < 0) {
- return NULL;
- }
-
- block = qemu_ram_alloc_from_fd(size, mr, ram_flags, fd, errp);
- if (!block) {
- if (created) {
- unlink(mem_path);
- }
- close(fd);
- return NULL;
- }
-
- return block;
-}
-#endif
-
-static
-RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
- void (*resized)(const char*,
- uint64_t length,
- void *host),
- void *host, bool resizeable, bool share,
- MemoryRegion *mr, Error **errp)
-{
- RAMBlock *new_block;
- Error *local_err = NULL;
-
- size = HOST_PAGE_ALIGN(size);
- max_size = HOST_PAGE_ALIGN(max_size);
- new_block = g_malloc0(sizeof(*new_block));
- new_block->mr = mr;
- new_block->resized = resized;
- new_block->used_length = size;
- new_block->max_length = max_size;
- assert(max_size >= size);
- new_block->fd = -1;
- new_block->page_size = qemu_real_host_page_size;
- new_block->host = host;
- if (host) {
- new_block->flags |= RAM_PREALLOC;
- }
- if (resizeable) {
- new_block->flags |= RAM_RESIZEABLE;
- }
- ram_block_add(new_block, &local_err, share);
- if (local_err) {
- g_free(new_block);
- error_propagate(errp, local_err);
- return NULL;
- }
- return new_block;
-}
-
-RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
- MemoryRegion *mr, Error **errp)
-{
- return qemu_ram_alloc_internal(size, size, NULL, host, false,
- false, mr, errp);
-}
-
-RAMBlock *qemu_ram_alloc(ram_addr_t size, bool share,
- MemoryRegion *mr, Error **errp)
-{
- return qemu_ram_alloc_internal(size, size, NULL, NULL, false,
- share, mr, errp);
-}
-
-RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
- void (*resized)(const char*,
- uint64_t length,
- void *host),
- MemoryRegion *mr, Error **errp)
-{
- return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true,
- false, mr, errp);
-}
-
-static void reclaim_ramblock(RAMBlock *block)
-{
- if (block->flags & RAM_PREALLOC) {
- ;
- } else if (xen_enabled()) {
- xen_invalidate_map_cache_entry(block->host);
-#ifndef _WIN32
- } else if (block->fd >= 0) {
- qemu_ram_munmap(block->fd, block->host, block->max_length);
- close(block->fd);
-#endif
- } else {
- qemu_anon_ram_free(block->host, block->max_length);
- }
- g_free(block);
-}
-
-void qemu_ram_free(RAMBlock *block)
-{
- if (!block) {
- return;
- }
-
- if (block->host) {
- ram_block_notify_remove(block->host, block->max_length);
- }
-
- qemu_mutex_lock_ramlist();
- QLIST_REMOVE_RCU(block, next);
- ram_list.mru_block = NULL;
- /* Write list before version */
- smp_wmb();
- ram_list.version++;
- call_rcu(block, reclaim_ramblock, rcu);
- qemu_mutex_unlock_ramlist();
-}
-
-#ifndef _WIN32
-void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
-{
- RAMBlock *block;
- ram_addr_t offset;
- int flags;
- void *area, *vaddr;
-
- RAMBLOCK_FOREACH(block) {
- offset = addr - block->offset;
- if (offset < block->max_length) {
- vaddr = ramblock_ptr(block, offset);
- if (block->flags & RAM_PREALLOC) {
- ;
- } else if (xen_enabled()) {
- abort();
- } else {
- flags = MAP_FIXED;
- if (block->fd >= 0) {
- flags |= (block->flags & RAM_SHARED ?
- MAP_SHARED : MAP_PRIVATE);
- area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
- flags, block->fd, offset);
- } else {
- /*
- * Remap needs to match alloc. Accelerators that
- * set phys_mem_alloc never remap. If they did,
- * we'd need a remap hook here.
- */
- assert(phys_mem_alloc == qemu_anon_ram_alloc);
-
- flags |= MAP_PRIVATE | MAP_ANONYMOUS;
- area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
- flags, -1, 0);
- }
- if (area != vaddr) {
- error_report("Could not remap addr: "
- RAM_ADDR_FMT "@" RAM_ADDR_FMT "",
- length, addr);
- exit(1);
- }
- memory_try_enable_merging(vaddr, length);
- qemu_ram_setup_dump(vaddr, length);
- }
- }
- }
-}
-#endif /* !_WIN32 */
-
-/* Return a host pointer to ram allocated with qemu_ram_alloc.
- * This should not be used for general purpose DMA. Use address_space_map
- * or address_space_rw instead. For local memory (e.g. video ram) that the
- * device owns, use memory_region_get_ram_ptr.
- *
- * Called within RCU critical section.
- */
-void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
-{
- RAMBlock *block = ram_block;
-
- if (block == NULL) {
- block = qemu_get_ram_block(addr);
- addr -= block->offset;
- }
-
- if (xen_enabled() && block->host == NULL) {
- /* We need to check if the requested address is in the RAM
- * because we don't want to map the entire memory in QEMU.
- * In that case just map until the end of the page.
- */
- if (block->offset == 0) {
- return xen_map_cache(addr, 0, 0, false);
- }
-
- block->host = xen_map_cache(block->offset, block->max_length, 1, false);
- }
- return ramblock_ptr(block, addr);
-}
-
-/* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
- * but takes a size argument.
- *
- * Called within RCU critical section.
- */
-static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
- hwaddr *size, bool lock)
-{
- RAMBlock *block = ram_block;
- if (*size == 0) {
- return NULL;
- }
-
- if (block == NULL) {
- block = qemu_get_ram_block(addr);
- addr -= block->offset;
- }
- *size = MIN(*size, block->max_length - addr);
-
- if (xen_enabled() && block->host == NULL) {
- /* We need to check if the requested address is in the RAM
- * because we don't want to map the entire memory in QEMU.
- * In that case just map the requested area.
- */
- if (block->offset == 0) {
- return xen_map_cache(addr, *size, lock, lock);
- }
-
- block->host = xen_map_cache(block->offset, block->max_length, 1, lock);
- }
-
- return ramblock_ptr(block, addr);
-}
-
-/* Return the offset of a hostpointer within a ramblock */
-ram_addr_t qemu_ram_block_host_offset(RAMBlock *rb, void *host)
-{
- ram_addr_t res = (uint8_t *)host - (uint8_t *)rb->host;
- assert((uintptr_t)host >= (uintptr_t)rb->host);
- assert(res < rb->max_length);
-
- return res;
-}
-
-/*
- * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
- * in that RAMBlock.
- *
- * ptr: Host pointer to look up
- * round_offset: If true round the result offset down to a page boundary
- * *ram_addr: set to result ram_addr
- * *offset: set to result offset within the RAMBlock
- *
- * Returns: RAMBlock (or NULL if not found)
- *
- * By the time this function returns, the returned pointer is not protected
- * by RCU anymore. If the caller is not within an RCU critical section and
- * does not hold the iothread lock, it must have other means of protecting the
- * pointer, such as a reference to the region that includes the incoming
- * ram_addr_t.
- */
-RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
- ram_addr_t *offset)
-{
- RAMBlock *block;
- uint8_t *host = ptr;
-
- if (xen_enabled()) {
- ram_addr_t ram_addr;
- RCU_READ_LOCK_GUARD();
- ram_addr = xen_ram_addr_from_mapcache(ptr);
- block = qemu_get_ram_block(ram_addr);
- if (block) {
- *offset = ram_addr - block->offset;
- }
- return block;
- }
-
- RCU_READ_LOCK_GUARD();
- block = qatomic_rcu_read(&ram_list.mru_block);
- if (block && block->host && host - block->host < block->max_length) {
- goto found;
- }
-
- RAMBLOCK_FOREACH(block) {
- /* This case append when the block is not mapped. */
- if (block->host == NULL) {
- continue;
- }
- if (host - block->host < block->max_length) {
- goto found;
- }
- }
-
- return NULL;
-
-found:
- *offset = (host - block->host);
- if (round_offset) {
- *offset &= TARGET_PAGE_MASK;
- }
- return block;
-}
-
-/*
- * Finds the named RAMBlock
- *
- * name: The name of RAMBlock to find
- *
- * Returns: RAMBlock (or NULL if not found)
- */
-RAMBlock *qemu_ram_block_by_name(const char *name)
-{
- RAMBlock *block;
-
- RAMBLOCK_FOREACH(block) {
- if (!strcmp(name, block->idstr)) {
- return block;
- }
- }
-
- return NULL;
-}
-
-/* Some of the softmmu routines need to translate from a host pointer
- (typically a TLB entry) back to a ram offset. */
-ram_addr_t qemu_ram_addr_from_host(void *ptr)
-{
- RAMBlock *block;
- ram_addr_t offset;
-
- block = qemu_ram_block_from_host(ptr, false, &offset);
- if (!block) {
- return RAM_ADDR_INVALID;
- }
-
- return block->offset + offset;
-}
-
-/* Generate a debug exception if a watchpoint has been hit. */
-void cpu_check_watchpoint(CPUState *cpu, vaddr addr, vaddr len,
- MemTxAttrs attrs, int flags, uintptr_t ra)
-{
- CPUClass *cc = CPU_GET_CLASS(cpu);
- CPUWatchpoint *wp;
-
- assert(tcg_enabled());
- if (cpu->watchpoint_hit) {
- /*
- * We re-entered the check after replacing the TB.
- * Now raise the debug interrupt so that it will
- * trigger after the current instruction.
- */
- qemu_mutex_lock_iothread();
- cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
- qemu_mutex_unlock_iothread();
- return;
- }
-
- addr = cc->adjust_watchpoint_address(cpu, addr, len);
- QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
- if (watchpoint_address_matches(wp, addr, len)
- && (wp->flags & flags)) {
- if (replay_running_debug()) {
- /*
- * Don't process the watchpoints when we are
- * in a reverse debugging operation.
- */
- replay_breakpoint();
- return;
- }
- if (flags == BP_MEM_READ) {
- wp->flags |= BP_WATCHPOINT_HIT_READ;
- } else {
- wp->flags |= BP_WATCHPOINT_HIT_WRITE;
- }
- wp->hitaddr = MAX(addr, wp->vaddr);
- wp->hitattrs = attrs;
- if (!cpu->watchpoint_hit) {
- if (wp->flags & BP_CPU &&
- !cc->debug_check_watchpoint(cpu, wp)) {
- wp->flags &= ~BP_WATCHPOINT_HIT;
- continue;
- }
- cpu->watchpoint_hit = wp;
-
- mmap_lock();
- tb_check_watchpoint(cpu, ra);
- if (wp->flags & BP_STOP_BEFORE_ACCESS) {
- cpu->exception_index = EXCP_DEBUG;
- mmap_unlock();
- cpu_loop_exit_restore(cpu, ra);
- } else {
- /* Force execution of one insn next time. */
- cpu->cflags_next_tb = 1 | curr_cflags();
- mmap_unlock();
- if (ra) {
- cpu_restore_state(cpu, ra, true);
- }
- cpu_loop_exit_noexc(cpu);
- }
- }
- } else {
- wp->flags &= ~BP_WATCHPOINT_HIT;
- }
- }
-}
-
-static MemTxResult flatview_read(FlatView *fv, hwaddr addr,
- MemTxAttrs attrs, void *buf, hwaddr len);
-static MemTxResult flatview_write(FlatView *fv, hwaddr addr, MemTxAttrs attrs,
- const void *buf, hwaddr len);
-static bool flatview_access_valid(FlatView *fv, hwaddr addr, hwaddr len,
- bool is_write, MemTxAttrs attrs);
-
-static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
- unsigned len, MemTxAttrs attrs)
-{
- subpage_t *subpage = opaque;
- uint8_t buf[8];
- MemTxResult res;
-
-#if defined(DEBUG_SUBPAGE)
- printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
- subpage, len, addr);
-#endif
- res = flatview_read(subpage->fv, addr + subpage->base, attrs, buf, len);
- if (res) {
- return res;
- }
- *data = ldn_p(buf, len);
- return MEMTX_OK;
-}
-
-static MemTxResult subpage_write(void *opaque, hwaddr addr,
- uint64_t value, unsigned len, MemTxAttrs attrs)
-{
- subpage_t *subpage = opaque;
- uint8_t buf[8];
-
-#if defined(DEBUG_SUBPAGE)
- printf("%s: subpage %p len %u addr " TARGET_FMT_plx
- " value %"PRIx64"\n",
- __func__, subpage, len, addr, value);
-#endif
- stn_p(buf, len, value);
- return flatview_write(subpage->fv, addr + subpage->base, attrs, buf, len);
-}
-
-static bool subpage_accepts(void *opaque, hwaddr addr,
- unsigned len, bool is_write,
- MemTxAttrs attrs)
-{
- subpage_t *subpage = opaque;
-#if defined(DEBUG_SUBPAGE)
- printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
- __func__, subpage, is_write ? 'w' : 'r', len, addr);
-#endif
-
- return flatview_access_valid(subpage->fv, addr + subpage->base,
- len, is_write, attrs);
-}
-
-static const MemoryRegionOps subpage_ops = {
- .read_with_attrs = subpage_read,
- .write_with_attrs = subpage_write,
- .impl.min_access_size = 1,
- .impl.max_access_size = 8,
- .valid.min_access_size = 1,
- .valid.max_access_size = 8,
- .valid.accepts = subpage_accepts,
- .endianness = DEVICE_NATIVE_ENDIAN,
-};
-
-static int subpage_register(subpage_t *mmio, uint32_t start, uint32_t end,
- uint16_t section)
-{
- int idx, eidx;
-
- if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
- return -1;
- idx = SUBPAGE_IDX(start);
- eidx = SUBPAGE_IDX(end);
-#if defined(DEBUG_SUBPAGE)
- printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
- __func__, mmio, start, end, idx, eidx, section);
-#endif
- for (; idx <= eidx; idx++) {
- mmio->sub_section[idx] = section;
- }
-
- return 0;
-}
-
-static subpage_t *subpage_init(FlatView *fv, hwaddr base)
-{
- subpage_t *mmio;
-
- /* mmio->sub_section is set to PHYS_SECTION_UNASSIGNED with g_malloc0 */
- mmio = g_malloc0(sizeof(subpage_t) + TARGET_PAGE_SIZE * sizeof(uint16_t));
- mmio->fv = fv;
- mmio->base = base;
- memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
- NULL, TARGET_PAGE_SIZE);
- mmio->iomem.subpage = true;
-#if defined(DEBUG_SUBPAGE)
- printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
- mmio, base, TARGET_PAGE_SIZE);
-#endif
-
- return mmio;
-}
-
-static uint16_t dummy_section(PhysPageMap *map, FlatView *fv, MemoryRegion *mr)
-{
- assert(fv);
- MemoryRegionSection section = {
- .fv = fv,
- .mr = mr,
- .offset_within_address_space = 0,
- .offset_within_region = 0,
- .size = int128_2_64(),
- };
-
- return phys_section_add(map, §ion);
-}
-
-MemoryRegionSection *iotlb_to_section(CPUState *cpu,
- hwaddr index, MemTxAttrs attrs)
-{
- int asidx = cpu_asidx_from_attrs(cpu, attrs);
- CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
- AddressSpaceDispatch *d = qatomic_rcu_read(&cpuas->memory_dispatch);
- MemoryRegionSection *sections = d->map.sections;
-
- return §ions[index & ~TARGET_PAGE_MASK];
-}
-
-static void io_mem_init(void)
-{
- memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
- NULL, UINT64_MAX);
-}
-
-AddressSpaceDispatch *address_space_dispatch_new(FlatView *fv)
-{
- AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
- uint16_t n;
-
- n = dummy_section(&d->map, fv, &io_mem_unassigned);
- assert(n == PHYS_SECTION_UNASSIGNED);
-
- d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
-
- return d;
-}
-
-void address_space_dispatch_free(AddressSpaceDispatch *d)
-{
- phys_sections_free(&d->map);
- g_free(d);
-}
-
-static void do_nothing(CPUState *cpu, run_on_cpu_data d)
-{
-}
-
-static void tcg_log_global_after_sync(MemoryListener *listener)
-{
- CPUAddressSpace *cpuas;
-
- /* Wait for the CPU to end the current TB. This avoids the following
- * incorrect race:
- *
- * vCPU migration
- * ---------------------- -------------------------
- * TLB check -> slow path
- * notdirty_mem_write
- * write to RAM
- * mark dirty
- * clear dirty flag
- * TLB check -> fast path
- * read memory
- * write to RAM
- *
- * by pushing the migration thread's memory read after the vCPU thread has
- * written the memory.
- */
- if (replay_mode == REPLAY_MODE_NONE) {
- /*
- * VGA can make calls to this function while updating the screen.
- * In record/replay mode this causes a deadlock, because
- * run_on_cpu waits for rr mutex. Therefore no races are possible
- * in this case and no need for making run_on_cpu when
- * record/replay is not enabled.
- */
- cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
- run_on_cpu(cpuas->cpu, do_nothing, RUN_ON_CPU_NULL);
- }
-}
-
-static void tcg_commit(MemoryListener *listener)
-{
- CPUAddressSpace *cpuas;
- AddressSpaceDispatch *d;
-
- assert(tcg_enabled());
- /* since each CPU stores ram addresses in its TLB cache, we must
- reset the modified entries */
- cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
- cpu_reloading_memory_map();
- /* The CPU and TLB are protected by the iothread lock.
- * We reload the dispatch pointer now because cpu_reloading_memory_map()
- * may have split the RCU critical section.
- */
- d = address_space_to_dispatch(cpuas->as);
- qatomic_rcu_set(&cpuas->memory_dispatch, d);
- tlb_flush(cpuas->cpu);
-}
-
-static void memory_map_init(void)
-{
- system_memory = g_malloc(sizeof(*system_memory));
-
- memory_region_init(system_memory, NULL, "system", UINT64_MAX);
- address_space_init(&address_space_memory, system_memory, "memory");
-
- system_io = g_malloc(sizeof(*system_io));
- memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
- 65536);
- address_space_init(&address_space_io, system_io, "I/O");
-}
-
-MemoryRegion *get_system_memory(void)
-{
- return system_memory;
-}
-
-MemoryRegion *get_system_io(void)
-{
- return system_io;
-}
-
-#endif /* !defined(CONFIG_USER_ONLY) */
-
-/* physical memory access (slow version, mainly for debug) */
-#if defined(CONFIG_USER_ONLY)
-int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
- void *ptr, target_ulong len, bool is_write)
-{
- int flags;
- target_ulong l, page;
- void * p;
- uint8_t *buf = ptr;
-
- while (len > 0) {
- page = addr & TARGET_PAGE_MASK;
- l = (page + TARGET_PAGE_SIZE) - addr;
- if (l > len)
- l = len;
- flags = page_get_flags(page);
- if (!(flags & PAGE_VALID))
- return -1;
- if (is_write) {
- if (!(flags & PAGE_WRITE))
- return -1;
- /* XXX: this code should not depend on lock_user */
- if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
- return -1;
- memcpy(p, buf, l);
- unlock_user(p, addr, l);
- } else {
- if (!(flags & PAGE_READ))
- return -1;
- /* XXX: this code should not depend on lock_user */
- if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
- return -1;
- memcpy(buf, p, l);
- unlock_user(p, addr, 0);
- }
- len -= l;
- buf += l;
- addr += l;
- }
- return 0;
-}
-
-#else
-
-static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
- hwaddr length)
-{
- uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
- addr += memory_region_get_ram_addr(mr);
-
- /* No early return if dirty_log_mask is or becomes 0, because
- * cpu_physical_memory_set_dirty_range will still call
- * xen_modified_memory.
- */
- if (dirty_log_mask) {
- dirty_log_mask =
- cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
- }
- if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
- assert(tcg_enabled());
- tb_invalidate_phys_range(addr, addr + length);
- dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
- }
- cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
-}
-
-void memory_region_flush_rom_device(MemoryRegion *mr, hwaddr addr, hwaddr size)
-{
- /*
- * In principle this function would work on other memory region types too,
- * but the ROM device use case is the only one where this operation is
- * necessary. Other memory regions should use the
- * address_space_read/write() APIs.
- */
- assert(memory_region_is_romd(mr));
-
- invalidate_and_set_dirty(mr, addr, size);
-}
-
-static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
-{
- unsigned access_size_max = mr->ops->valid.max_access_size;
-
- /* Regions are assumed to support 1-4 byte accesses unless
- otherwise specified. */
- if (access_size_max == 0) {
- access_size_max = 4;
- }
-
- /* Bound the maximum access by the alignment of the address. */
- if (!mr->ops->impl.unaligned) {
- unsigned align_size_max = addr & -addr;
- if (align_size_max != 0 && align_size_max < access_size_max) {
- access_size_max = align_size_max;
- }
- }
-
- /* Don't attempt accesses larger than the maximum. */
- if (l > access_size_max) {
- l = access_size_max;
- }
- l = pow2floor(l);
-
- return l;
-}
-
-static bool prepare_mmio_access(MemoryRegion *mr)
-{
- bool unlocked = !qemu_mutex_iothread_locked();
- bool release_lock = false;
-
- if (unlocked) {
- qemu_mutex_lock_iothread();
- unlocked = false;
- release_lock = true;
- }
- if (mr->flush_coalesced_mmio) {
- if (unlocked) {
- qemu_mutex_lock_iothread();
- }
- qemu_flush_coalesced_mmio_buffer();
- if (unlocked) {
- qemu_mutex_unlock_iothread();
- }
- }
-
- return release_lock;
-}
-
-/* Called within RCU critical section. */
-static MemTxResult flatview_write_continue(FlatView *fv, hwaddr addr,
- MemTxAttrs attrs,
- const void *ptr,
- hwaddr len, hwaddr addr1,
- hwaddr l, MemoryRegion *mr)
-{
- uint8_t *ram_ptr;
- uint64_t val;
- MemTxResult result = MEMTX_OK;
- bool release_lock = false;
- const uint8_t *buf = ptr;
-
- for (;;) {
- if (!memory_access_is_direct(mr, true)) {
- release_lock |= prepare_mmio_access(mr);
- l = memory_access_size(mr, l, addr1);
- /* XXX: could force current_cpu to NULL to avoid
- potential bugs */
- val = ldn_he_p(buf, l);
- result |= memory_region_dispatch_write(mr, addr1, val,
- size_memop(l), attrs);
- } else {
- /* RAM case */
- ram_ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l, false);
- memcpy(ram_ptr, buf, l);
- invalidate_and_set_dirty(mr, addr1, l);
- }
-
- if (release_lock) {
- qemu_mutex_unlock_iothread();
- release_lock = false;
- }
-
- len -= l;
- buf += l;
- addr += l;
-
- if (!len) {
- break;
- }
-
- l = len;
- mr = flatview_translate(fv, addr, &addr1, &l, true, attrs);
- }
-
- return result;
-}
-
-/* Called from RCU critical section. */
-static MemTxResult flatview_write(FlatView *fv, hwaddr addr, MemTxAttrs attrs,
- const void *buf, hwaddr len)
-{
- hwaddr l;
- hwaddr addr1;
- MemoryRegion *mr;
- MemTxResult result = MEMTX_OK;
-
- l = len;
- mr = flatview_translate(fv, addr, &addr1, &l, true, attrs);
- result = flatview_write_continue(fv, addr, attrs, buf, len,
- addr1, l, mr);
-
- return result;
-}
-
-/* Called within RCU critical section. */
-MemTxResult flatview_read_continue(FlatView *fv, hwaddr addr,
- MemTxAttrs attrs, void *ptr,
- hwaddr len, hwaddr addr1, hwaddr l,
- MemoryRegion *mr)
-{
- uint8_t *ram_ptr;
- uint64_t val;
- MemTxResult result = MEMTX_OK;
- bool release_lock = false;
- uint8_t *buf = ptr;
-
- for (;;) {
- if (!memory_access_is_direct(mr, false)) {
- /* I/O case */
- release_lock |= prepare_mmio_access(mr);
- l = memory_access_size(mr, l, addr1);
- result |= memory_region_dispatch_read(mr, addr1, &val,
- size_memop(l), attrs);
- stn_he_p(buf, l, val);
- } else {
- /* RAM case */
- ram_ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l, false);
- memcpy(buf, ram_ptr, l);
- }
-
- if (release_lock) {
- qemu_mutex_unlock_iothread();
- release_lock = false;
- }
-
- len -= l;
- buf += l;
- addr += l;
-
- if (!len) {
- break;
- }
-
- l = len;
- mr = flatview_translate(fv, addr, &addr1, &l, false, attrs);
- }
-
- return result;
-}
-
-/* Called from RCU critical section. */
-static MemTxResult flatview_read(FlatView *fv, hwaddr addr,
- MemTxAttrs attrs, void *buf, hwaddr len)
-{
- hwaddr l;
- hwaddr addr1;
- MemoryRegion *mr;
-
- l = len;
- mr = flatview_translate(fv, addr, &addr1, &l, false, attrs);
- return flatview_read_continue(fv, addr, attrs, buf, len,
- addr1, l, mr);
-}
-
-MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
- MemTxAttrs attrs, void *buf, hwaddr len)
-{
- MemTxResult result = MEMTX_OK;
- FlatView *fv;
-
- if (len > 0) {
- RCU_READ_LOCK_GUARD();
- fv = address_space_to_flatview(as);
- result = flatview_read(fv, addr, attrs, buf, len);
- }
-
- return result;
-}
-
-MemTxResult address_space_write(AddressSpace *as, hwaddr addr,
- MemTxAttrs attrs,
- const void *buf, hwaddr len)
-{
- MemTxResult result = MEMTX_OK;
- FlatView *fv;
-
- if (len > 0) {
- RCU_READ_LOCK_GUARD();
- fv = address_space_to_flatview(as);
- result = flatview_write(fv, addr, attrs, buf, len);
- }
-
- return result;
-}
-
-MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
- void *buf, hwaddr len, bool is_write)
-{
- if (is_write) {
- return address_space_write(as, addr, attrs, buf, len);
- } else {
- return address_space_read_full(as, addr, attrs, buf, len);
- }
-}
-
-void cpu_physical_memory_rw(hwaddr addr, void *buf,
- hwaddr len, bool is_write)
-{
- address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
- buf, len, is_write);
-}
-
-enum write_rom_type {
- WRITE_DATA,
- FLUSH_CACHE,
-};
-
-static inline MemTxResult address_space_write_rom_internal(AddressSpace *as,
- hwaddr addr,
- MemTxAttrs attrs,
- const void *ptr,
- hwaddr len,
- enum write_rom_type type)
-{
- hwaddr l;
- uint8_t *ram_ptr;
- hwaddr addr1;
- MemoryRegion *mr;
- const uint8_t *buf = ptr;
-
- RCU_READ_LOCK_GUARD();
- while (len > 0) {
- l = len;
- mr = address_space_translate(as, addr, &addr1, &l, true, attrs);
-
- if (!(memory_region_is_ram(mr) ||
- memory_region_is_romd(mr))) {
- l = memory_access_size(mr, l, addr1);
- } else {
- /* ROM/RAM case */
- ram_ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
- switch (type) {
- case WRITE_DATA:
- memcpy(ram_ptr, buf, l);
- invalidate_and_set_dirty(mr, addr1, l);
- break;
- case FLUSH_CACHE:
- flush_icache_range((uintptr_t)ram_ptr, (uintptr_t)ram_ptr + l);
- break;
- }
- }
- len -= l;
- buf += l;
- addr += l;
- }
- return MEMTX_OK;
-}
-
-/* used for ROM loading : can write in RAM and ROM */
-MemTxResult address_space_write_rom(AddressSpace *as, hwaddr addr,
- MemTxAttrs attrs,
- const void *buf, hwaddr len)
-{
- return address_space_write_rom_internal(as, addr, attrs,
- buf, len, WRITE_DATA);
-}
-
-void cpu_flush_icache_range(hwaddr start, hwaddr len)
-{
- /*
- * This function should do the same thing as an icache flush that was
- * triggered from within the guest. For TCG we are always cache coherent,
- * so there is no need to flush anything. For KVM / Xen we need to flush
- * the host's instruction cache at least.
- */
- if (tcg_enabled()) {
- return;
- }
-
- address_space_write_rom_internal(&address_space_memory,
- start, MEMTXATTRS_UNSPECIFIED,
- NULL, len, FLUSH_CACHE);
-}
-
-typedef struct {
- MemoryRegion *mr;
- void *buffer;
- hwaddr addr;
- hwaddr len;
- bool in_use;
-} BounceBuffer;
-
-static BounceBuffer bounce;
-
-typedef struct MapClient {
- QEMUBH *bh;
- QLIST_ENTRY(MapClient) link;
-} MapClient;
-
-QemuMutex map_client_list_lock;
-static QLIST_HEAD(, MapClient) map_client_list
- = QLIST_HEAD_INITIALIZER(map_client_list);
-
-static void cpu_unregister_map_client_do(MapClient *client)
-{
- QLIST_REMOVE(client, link);
- g_free(client);
-}
-
-static void cpu_notify_map_clients_locked(void)
-{
- MapClient *client;
-
- while (!QLIST_EMPTY(&map_client_list)) {
- client = QLIST_FIRST(&map_client_list);
- qemu_bh_schedule(client->bh);
- cpu_unregister_map_client_do(client);
- }
-}
-
-void cpu_register_map_client(QEMUBH *bh)
-{
- MapClient *client = g_malloc(sizeof(*client));
-
- qemu_mutex_lock(&map_client_list_lock);
- client->bh = bh;
- QLIST_INSERT_HEAD(&map_client_list, client, link);
- if (!qatomic_read(&bounce.in_use)) {
- cpu_notify_map_clients_locked();
- }
- qemu_mutex_unlock(&map_client_list_lock);
-}
-
-void cpu_exec_init_all(void)
-{
- qemu_mutex_init(&ram_list.mutex);
- /* The data structures we set up here depend on knowing the page size,
- * so no more changes can be made after this point.
- * In an ideal world, nothing we did before we had finished the
- * machine setup would care about the target page size, and we could
- * do this much later, rather than requiring board models to state
- * up front what their requirements are.
- */
- finalize_target_page_bits();
- io_mem_init();
- memory_map_init();
- qemu_mutex_init(&map_client_list_lock);
-}
-
-void cpu_unregister_map_client(QEMUBH *bh)
-{
- MapClient *client;
-
- qemu_mutex_lock(&map_client_list_lock);
- QLIST_FOREACH(client, &map_client_list, link) {
- if (client->bh == bh) {
- cpu_unregister_map_client_do(client);
- break;
- }
- }
- qemu_mutex_unlock(&map_client_list_lock);
-}
-
-static void cpu_notify_map_clients(void)
-{
- qemu_mutex_lock(&map_client_list_lock);
- cpu_notify_map_clients_locked();
- qemu_mutex_unlock(&map_client_list_lock);
-}
-
-static bool flatview_access_valid(FlatView *fv, hwaddr addr, hwaddr len,
- bool is_write, MemTxAttrs attrs)
-{
- MemoryRegion *mr;
- hwaddr l, xlat;
-
- while (len > 0) {
- l = len;
- mr = flatview_translate(fv, addr, &xlat, &l, is_write, attrs);
- if (!memory_access_is_direct(mr, is_write)) {
- l = memory_access_size(mr, l, addr);
- if (!memory_region_access_valid(mr, xlat, l, is_write, attrs)) {
- return false;
- }
- }
-
- len -= l;
- addr += l;
- }
- return true;
-}
-
-bool address_space_access_valid(AddressSpace *as, hwaddr addr,
- hwaddr len, bool is_write,
- MemTxAttrs attrs)
-{
- FlatView *fv;
- bool result;
-
- RCU_READ_LOCK_GUARD();
- fv = address_space_to_flatview(as);
- result = flatview_access_valid(fv, addr, len, is_write, attrs);
- return result;
-}
-
-static hwaddr
-flatview_extend_translation(FlatView *fv, hwaddr addr,
- hwaddr target_len,
- MemoryRegion *mr, hwaddr base, hwaddr len,
- bool is_write, MemTxAttrs attrs)
-{
- hwaddr done = 0;
- hwaddr xlat;
- MemoryRegion *this_mr;
-
- for (;;) {
- target_len -= len;
- addr += len;
- done += len;
- if (target_len == 0) {
- return done;
- }
-
- len = target_len;
- this_mr = flatview_translate(fv, addr, &xlat,
- &len, is_write, attrs);
- if (this_mr != mr || xlat != base + done) {
- return done;
- }
- }
-}
-
-/* Map a physical memory region into a host virtual address.
- * May map a subset of the requested range, given by and returned in *plen.
- * May return NULL if resources needed to perform the mapping are exhausted.
- * Use only for reads OR writes - not for read-modify-write operations.
- * Use cpu_register_map_client() to know when retrying the map operation is
- * likely to succeed.
- */
-void *address_space_map(AddressSpace *as,
- hwaddr addr,
- hwaddr *plen,
- bool is_write,
- MemTxAttrs attrs)
-{
- hwaddr len = *plen;
- hwaddr l, xlat;
- MemoryRegion *mr;
- void *ptr;
- FlatView *fv;
-
- if (len == 0) {
- return NULL;
- }
-
- l = len;
- RCU_READ_LOCK_GUARD();
- fv = address_space_to_flatview(as);
- mr = flatview_translate(fv, addr, &xlat, &l, is_write, attrs);
-
- if (!memory_access_is_direct(mr, is_write)) {
- if (qatomic_xchg(&bounce.in_use, true)) {
- *plen = 0;
- return NULL;
- }
- /* Avoid unbounded allocations */
- l = MIN(l, TARGET_PAGE_SIZE);
- bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
- bounce.addr = addr;
- bounce.len = l;
-
- memory_region_ref(mr);
- bounce.mr = mr;
- if (!is_write) {
- flatview_read(fv, addr, MEMTXATTRS_UNSPECIFIED,
- bounce.buffer, l);
- }
-
- *plen = l;
- return bounce.buffer;
- }
-
-
- memory_region_ref(mr);
- *plen = flatview_extend_translation(fv, addr, len, mr, xlat,
- l, is_write, attrs);
- ptr = qemu_ram_ptr_length(mr->ram_block, xlat, plen, true);
-
- return ptr;
-}
-
-/* Unmaps a memory region previously mapped by address_space_map().
- * Will also mark the memory as dirty if is_write is true. access_len gives
- * the amount of memory that was actually read or written by the caller.
- */
-void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
- bool is_write, hwaddr access_len)
-{
- if (buffer != bounce.buffer) {
- MemoryRegion *mr;
- ram_addr_t addr1;
-
- mr = memory_region_from_host(buffer, &addr1);
- assert(mr != NULL);
- if (is_write) {
- invalidate_and_set_dirty(mr, addr1, access_len);
- }
- if (xen_enabled()) {
- xen_invalidate_map_cache_entry(buffer);
- }
- memory_region_unref(mr);
- return;
- }
- if (is_write) {
- address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
- bounce.buffer, access_len);
- }
- qemu_vfree(bounce.buffer);
- bounce.buffer = NULL;
- memory_region_unref(bounce.mr);
- qatomic_mb_set(&bounce.in_use, false);
- cpu_notify_map_clients();
-}
-
-void *cpu_physical_memory_map(hwaddr addr,
- hwaddr *plen,
- bool is_write)
-{
- return address_space_map(&address_space_memory, addr, plen, is_write,
- MEMTXATTRS_UNSPECIFIED);
-}
-
-void cpu_physical_memory_unmap(void *buffer, hwaddr len,
- bool is_write, hwaddr access_len)
-{
- return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
-}
-
-#define ARG1_DECL AddressSpace *as
-#define ARG1 as
-#define SUFFIX
-#define TRANSLATE(...) address_space_translate(as, __VA_ARGS__)
-#define RCU_READ_LOCK(...) rcu_read_lock()
-#define RCU_READ_UNLOCK(...) rcu_read_unlock()
-#include "memory_ldst.c.inc"
-
-int64_t address_space_cache_init(MemoryRegionCache *cache,
- AddressSpace *as,
- hwaddr addr,
- hwaddr len,
- bool is_write)
-{
- AddressSpaceDispatch *d;
- hwaddr l;
- MemoryRegion *mr;
-
- assert(len > 0);
-
- l = len;
- cache->fv = address_space_get_flatview(as);
- d = flatview_to_dispatch(cache->fv);
- cache->mrs = *address_space_translate_internal(d, addr, &cache->xlat, &l, true);
-
- mr = cache->mrs.mr;
- memory_region_ref(mr);
- if (memory_access_is_direct(mr, is_write)) {
- /* We don't care about the memory attributes here as we're only
- * doing this if we found actual RAM, which behaves the same
- * regardless of attributes; so UNSPECIFIED is fine.
- */
- l = flatview_extend_translation(cache->fv, addr, len, mr,
- cache->xlat, l, is_write,
- MEMTXATTRS_UNSPECIFIED);
- cache->ptr = qemu_ram_ptr_length(mr->ram_block, cache->xlat, &l, true);
- } else {
- cache->ptr = NULL;
- }
-
- cache->len = l;
- cache->is_write = is_write;
- return l;
-}
-
-void address_space_cache_invalidate(MemoryRegionCache *cache,
- hwaddr addr,
- hwaddr access_len)
-{
- assert(cache->is_write);
- if (likely(cache->ptr)) {
- invalidate_and_set_dirty(cache->mrs.mr, addr + cache->xlat, access_len);
- }
-}
-
-void address_space_cache_destroy(MemoryRegionCache *cache)
-{
- if (!cache->mrs.mr) {
- return;
- }
-
- if (xen_enabled()) {
- xen_invalidate_map_cache_entry(cache->ptr);
- }
- memory_region_unref(cache->mrs.mr);
- flatview_unref(cache->fv);
- cache->mrs.mr = NULL;
- cache->fv = NULL;
-}
-
-/* Called from RCU critical section. This function has the same
- * semantics as address_space_translate, but it only works on a
- * predefined range of a MemoryRegion that was mapped with
- * address_space_cache_init.
- */
-static inline MemoryRegion *address_space_translate_cached(
- MemoryRegionCache *cache, hwaddr addr, hwaddr *xlat,
- hwaddr *plen, bool is_write, MemTxAttrs attrs)
-{
- MemoryRegionSection section;
- MemoryRegion *mr;
- IOMMUMemoryRegion *iommu_mr;
- AddressSpace *target_as;
-
- assert(!cache->ptr);
- *xlat = addr + cache->xlat;
-
- mr = cache->mrs.mr;
- iommu_mr = memory_region_get_iommu(mr);
- if (!iommu_mr) {
- /* MMIO region. */
- return mr;
- }
-
- section = address_space_translate_iommu(iommu_mr, xlat, plen,
- NULL, is_write, true,
- &target_as, attrs);
- return section.mr;
-}
-
-/* Called from RCU critical section. address_space_read_cached uses this
- * out of line function when the target is an MMIO or IOMMU region.
- */
-MemTxResult
-address_space_read_cached_slow(MemoryRegionCache *cache, hwaddr addr,
- void *buf, hwaddr len)
-{
- hwaddr addr1, l;
- MemoryRegion *mr;
-
- l = len;
- mr = address_space_translate_cached(cache, addr, &addr1, &l, false,
- MEMTXATTRS_UNSPECIFIED);
- return flatview_read_continue(cache->fv,
- addr, MEMTXATTRS_UNSPECIFIED, buf, len,
- addr1, l, mr);
-}
-
-/* Called from RCU critical section. address_space_write_cached uses this
- * out of line function when the target is an MMIO or IOMMU region.
- */
-MemTxResult
-address_space_write_cached_slow(MemoryRegionCache *cache, hwaddr addr,
- const void *buf, hwaddr len)
-{
- hwaddr addr1, l;
- MemoryRegion *mr;
-
- l = len;
- mr = address_space_translate_cached(cache, addr, &addr1, &l, true,
- MEMTXATTRS_UNSPECIFIED);
- return flatview_write_continue(cache->fv,
- addr, MEMTXATTRS_UNSPECIFIED, buf, len,
- addr1, l, mr);
-}
-
-#define ARG1_DECL MemoryRegionCache *cache
-#define ARG1 cache
-#define SUFFIX _cached_slow
-#define TRANSLATE(...) address_space_translate_cached(cache, __VA_ARGS__)
-#define RCU_READ_LOCK() ((void)0)
-#define RCU_READ_UNLOCK() ((void)0)
-#include "memory_ldst.c.inc"
-
-/* virtual memory access for debug (includes writing to ROM) */
-int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
- void *ptr, target_ulong len, bool is_write)
-{
- hwaddr phys_addr;
- target_ulong l, page;
- uint8_t *buf = ptr;
-
- cpu_synchronize_state(cpu);
- while (len > 0) {
- int asidx;
- MemTxAttrs attrs;
- MemTxResult res;
-
- page = addr & TARGET_PAGE_MASK;
- phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
- asidx = cpu_asidx_from_attrs(cpu, attrs);
- /* if no physical page mapped, return an error */
- if (phys_addr == -1)
- return -1;
- l = (page + TARGET_PAGE_SIZE) - addr;
- if (l > len)
- l = len;
- phys_addr += (addr & ~TARGET_PAGE_MASK);
- if (is_write) {
- res = address_space_write_rom(cpu->cpu_ases[asidx].as, phys_addr,
- attrs, buf, l);
- } else {
- res = address_space_read(cpu->cpu_ases[asidx].as, phys_addr,
- attrs, buf, l);
- }
- if (res != MEMTX_OK) {
- return -1;
- }
- len -= l;
- buf += l;
- addr += l;
- }
- return 0;
-}
-
-/*
- * Allows code that needs to deal with migration bitmaps etc to still be built
- * target independent.
- */
-size_t qemu_target_page_size(void)
-{
- return TARGET_PAGE_SIZE;
-}
-
-int qemu_target_page_bits(void)
-{
- return TARGET_PAGE_BITS;
-}
-
-int qemu_target_page_bits_min(void)
-{
- return TARGET_PAGE_BITS_MIN;
-}
-#endif
-
-bool target_words_bigendian(void)
-{
-#if defined(TARGET_WORDS_BIGENDIAN)
- return true;
-#else
- return false;
-#endif
-}
-
-#ifndef CONFIG_USER_ONLY
-bool cpu_physical_memory_is_io(hwaddr phys_addr)
-{
- MemoryRegion*mr;
- hwaddr l = 1;
- bool res;
-
- RCU_READ_LOCK_GUARD();
- mr = address_space_translate(&address_space_memory,
- phys_addr, &phys_addr, &l, false,
- MEMTXATTRS_UNSPECIFIED);
-
- res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
- return res;
-}
-
-int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
-{
- RAMBlock *block;
- int ret = 0;
-
- RCU_READ_LOCK_GUARD();
- RAMBLOCK_FOREACH(block) {
- ret = func(block, opaque);
- if (ret) {
- break;
- }
- }
- return ret;
-}
-
-/*
- * Unmap pages of memory from start to start+length such that
- * they a) read as 0, b) Trigger whatever fault mechanism
- * the OS provides for postcopy.
- * The pages must be unmapped by the end of the function.
- * Returns: 0 on success, none-0 on failure
- *
- */
-int ram_block_discard_range(RAMBlock *rb, uint64_t start, size_t length)
-{
- int ret = -1;
-
- uint8_t *host_startaddr = rb->host + start;
-
- if (!QEMU_PTR_IS_ALIGNED(host_startaddr, rb->page_size)) {
- error_report("ram_block_discard_range: Unaligned start address: %p",
- host_startaddr);
- goto err;
- }
-
- if ((start + length) <= rb->used_length) {
- bool need_madvise, need_fallocate;
- if (!QEMU_IS_ALIGNED(length, rb->page_size)) {
- error_report("ram_block_discard_range: Unaligned length: %zx",
- length);
- goto err;
- }
-
- errno = ENOTSUP; /* If we are missing MADVISE etc */
-
- /* The logic here is messy;
- * madvise DONTNEED fails for hugepages
- * fallocate works on hugepages and shmem
- */
- need_madvise = (rb->page_size == qemu_host_page_size);
- need_fallocate = rb->fd != -1;
- if (need_fallocate) {
- /* For a file, this causes the area of the file to be zero'd
- * if read, and for hugetlbfs also causes it to be unmapped
- * so a userfault will trigger.
- */
-#ifdef CONFIG_FALLOCATE_PUNCH_HOLE
- ret = fallocate(rb->fd, FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
- start, length);
- if (ret) {
- ret = -errno;
- error_report("ram_block_discard_range: Failed to fallocate "
- "%s:%" PRIx64 " +%zx (%d)",
- rb->idstr, start, length, ret);
- goto err;
- }
-#else
- ret = -ENOSYS;
- error_report("ram_block_discard_range: fallocate not available/file"
- "%s:%" PRIx64 " +%zx (%d)",
- rb->idstr, start, length, ret);
- goto err;
-#endif
- }
- if (need_madvise) {
- /* For normal RAM this causes it to be unmapped,
- * for shared memory it causes the local mapping to disappear
- * and to fall back on the file contents (which we just
- * fallocate'd away).
- */
-#if defined(CONFIG_MADVISE)
- ret = madvise(host_startaddr, length, MADV_DONTNEED);
- if (ret) {
- ret = -errno;
- error_report("ram_block_discard_range: Failed to discard range "
- "%s:%" PRIx64 " +%zx (%d)",
- rb->idstr, start, length, ret);
- goto err;
- }
-#else
- ret = -ENOSYS;
- error_report("ram_block_discard_range: MADVISE not available"
- "%s:%" PRIx64 " +%zx (%d)",
- rb->idstr, start, length, ret);
- goto err;
-#endif
- }
- trace_ram_block_discard_range(rb->idstr, host_startaddr, length,
- need_madvise, need_fallocate, ret);
- } else {
- error_report("ram_block_discard_range: Overrun block '%s' (%" PRIu64
- "/%zx/" RAM_ADDR_FMT")",
- rb->idstr, start, length, rb->used_length);
- }
-
-err:
- return ret;
-}
-
-bool ramblock_is_pmem(RAMBlock *rb)
-{
- return rb->flags & RAM_PMEM;
-}
-
-#endif
-
-void page_size_init(void)
-{
- /* NOTE: we can always suppose that qemu_host_page_size >=
- TARGET_PAGE_SIZE */
- if (qemu_host_page_size == 0) {
- qemu_host_page_size = qemu_real_host_page_size;
- }
- if (qemu_host_page_size < TARGET_PAGE_SIZE) {
- qemu_host_page_size = TARGET_PAGE_SIZE;
- }
- qemu_host_page_mask = -(intptr_t)qemu_host_page_size;
-}
-
-#if !defined(CONFIG_USER_ONLY)
-
-static void mtree_print_phys_entries(int start, int end, int skip, int ptr)
-{
- if (start == end - 1) {
- qemu_printf("\t%3d ", start);
- } else {
- qemu_printf("\t%3d..%-3d ", start, end - 1);
- }
- qemu_printf(" skip=%d ", skip);
- if (ptr == PHYS_MAP_NODE_NIL) {
- qemu_printf(" ptr=NIL");
- } else if (!skip) {
- qemu_printf(" ptr=#%d", ptr);
- } else {
- qemu_printf(" ptr=[%d]", ptr);
- }
- qemu_printf("\n");
-}
-
-#define MR_SIZE(size) (int128_nz(size) ? (hwaddr)int128_get64( \
- int128_sub((size), int128_one())) : 0)
-
-void mtree_print_dispatch(AddressSpaceDispatch *d, MemoryRegion *root)
-{
- int i;
-
- qemu_printf(" Dispatch\n");
- qemu_printf(" Physical sections\n");
-
- for (i = 0; i < d->map.sections_nb; ++i) {
- MemoryRegionSection *s = d->map.sections + i;
- const char *names[] = { " [unassigned]", " [not dirty]",
- " [ROM]", " [watch]" };
-
- qemu_printf(" #%d @" TARGET_FMT_plx ".." TARGET_FMT_plx
- " %s%s%s%s%s",
- i,
- s->offset_within_address_space,
- s->offset_within_address_space + MR_SIZE(s->mr->size),
- s->mr->name ? s->mr->name : "(noname)",
- i < ARRAY_SIZE(names) ? names[i] : "",
- s->mr == root ? " [ROOT]" : "",
- s == d->mru_section ? " [MRU]" : "",
- s->mr->is_iommu ? " [iommu]" : "");
-
- if (s->mr->alias) {
- qemu_printf(" alias=%s", s->mr->alias->name ?
- s->mr->alias->name : "noname");
- }
- qemu_printf("\n");
- }
-
- qemu_printf(" Nodes (%d bits per level, %d levels) ptr=[%d] skip=%d\n",
- P_L2_BITS, P_L2_LEVELS, d->phys_map.ptr, d->phys_map.skip);
- for (i = 0; i < d->map.nodes_nb; ++i) {
- int j, jprev;
- PhysPageEntry prev;
- Node *n = d->map.nodes + i;
-
- qemu_printf(" [%d]\n", i);
-
- for (j = 0, jprev = 0, prev = *n[0]; j < ARRAY_SIZE(*n); ++j) {
- PhysPageEntry *pe = *n + j;
-
- if (pe->ptr == prev.ptr && pe->skip == prev.skip) {
- continue;
- }
-
- mtree_print_phys_entries(jprev, j, prev.skip, prev.ptr);
-
- jprev = j;
- prev = *pe;
- }
-
- if (jprev != ARRAY_SIZE(*n)) {
- mtree_print_phys_entries(jprev, j, prev.skip, prev.ptr);
- }
- }
-}
-
-/*
- * If positive, discarding RAM is disabled. If negative, discarding RAM is
- * required to work and cannot be disabled.
- */
-static int ram_block_discard_disabled;
-
-int ram_block_discard_disable(bool state)
-{
- int old;
-
- if (!state) {
- qatomic_dec(&ram_block_discard_disabled);
- return 0;
- }
-
- do {
- old = qatomic_read(&ram_block_discard_disabled);
- if (old < 0) {
- return -EBUSY;
- }
- } while (qatomic_cmpxchg(&ram_block_discard_disabled,
- old, old + 1) != old);
- return 0;
-}
-
-int ram_block_discard_require(bool state)
-{
- int old;
-
- if (!state) {
- qatomic_inc(&ram_block_discard_disabled);
- return 0;
- }
-
- do {
- old = qatomic_read(&ram_block_discard_disabled);
- if (old > 0) {
- return -EBUSY;
- }
- } while (qatomic_cmpxchg(&ram_block_discard_disabled,
- old, old - 1) != old);
- return 0;
-}
-
-bool ram_block_discard_is_disabled(void)
-{
- return qatomic_read(&ram_block_discard_disabled) > 0;
-}
-
-bool ram_block_discard_is_required(void)
-{
- return qatomic_read(&ram_block_discard_disabled) < 0;
-}
-
-#endif
}
}
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- err = qdev_walk_children(kid->child,
- pre_devfn, pre_busfn,
- post_devfn, post_busfn, opaque);
- if (err < 0) {
- return err;
+ WITH_RCU_READ_LOCK_GUARD() {
+ QTAILQ_FOREACH_RCU(kid, &bus->children, sibling) {
+ err = qdev_walk_children(kid->child,
+ pre_devfn, pre_busfn,
+ post_devfn, post_busfn, opaque);
+ if (err < 0) {
+ return err;
+ }
}
}
BusState *bus = BUS(obj);
BusChild *kid;
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- cb(OBJECT(kid->child), opaque, type);
+ WITH_RCU_READ_LOCK_GUARD() {
+ QTAILQ_FOREACH_RCU(kid, &bus->children, sibling) {
+ cb(OBJECT(kid->child), opaque, type);
+ }
}
}
/* TODO: recursive realization */
} else if (!value && bus->realized) {
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- DeviceState *dev = kid->child;
- qdev_unrealize(dev);
+ WITH_RCU_READ_LOCK_GUARD() {
+ QTAILQ_FOREACH_RCU(kid, &bus->children, sibling) {
+ DeviceState *dev = kid->child;
+ qdev_unrealize(dev);
+ }
}
if (bc->unrealize) {
bc->unrealize(bus);
'qdev-clock.c',
)
-libhwcore = static_library('hwcore', sources: hwcore_files + genh,
- name_suffix: 'fa',
- build_by_default: false)
-hwcore = declare_dependency(link_whole: libhwcore)
-common_ss.add(hwcore)
-
common_ss.add(files('cpu.c'))
common_ss.add(when: 'CONFIG_FITLOADER', if_true: files('loader-fit.c'))
common_ss.add(when: 'CONFIG_GENERIC_LOADER', if_true: files('generic-loader.c'))
return dc->vmsd;
}
+static void bus_free_bus_child(BusChild *kid)
+{
+ object_unref(OBJECT(kid->child));
+ g_free(kid);
+}
+
static void bus_remove_child(BusState *bus, DeviceState *child)
{
BusChild *kid;
char name[32];
snprintf(name, sizeof(name), "child[%d]", kid->index);
- QTAILQ_REMOVE(&bus->children, kid, sibling);
+ QTAILQ_REMOVE_RCU(&bus->children, kid, sibling);
bus->num_children--;
/* This gives back ownership of kid->child back to us. */
object_property_del(OBJECT(bus), name);
- object_unref(OBJECT(kid->child));
- g_free(kid);
- return;
+
+ /* free the bus kid, when it is safe to do so*/
+ call_rcu(kid, bus_free_bus_child, rcu);
+ break;
}
}
}
kid->child = child;
object_ref(OBJECT(kid->child));
- QTAILQ_INSERT_HEAD(&bus->children, kid, sibling);
+ QTAILQ_INSERT_HEAD_RCU(&bus->children, kid, sibling);
/* This transfers ownership of kid->child to the property. */
snprintf(name, sizeof(name), "child[%d]", kid->index);
0);
}
-void qdev_set_parent_bus(DeviceState *dev, BusState *bus)
+static bool bus_check_address(BusState *bus, DeviceState *child, Error **errp)
+{
+ BusClass *bc = BUS_GET_CLASS(bus);
+ return !bc->check_address || bc->check_address(bus, child, errp);
+}
+
+bool qdev_set_parent_bus(DeviceState *dev, BusState *bus, Error **errp)
{
BusState *old_parent_bus = dev->parent_bus;
DeviceClass *dc = DEVICE_GET_CLASS(dev);
assert(dc->bus_type && object_dynamic_cast(OBJECT(bus), dc->bus_type));
+ if (!bus_check_address(bus, dev, errp)) {
+ return false;
+ }
+
if (old_parent_bus) {
trace_qdev_update_parent_bus(dev, object_get_typename(OBJECT(dev)),
old_parent_bus, object_get_typename(OBJECT(old_parent_bus)),
object_unref(OBJECT(old_parent_bus));
object_unref(OBJECT(dev));
}
+ return true;
}
DeviceState *qdev_new(const char *name)
assert(!dev->realized && !dev->parent_bus);
if (bus) {
- qdev_set_parent_bus(dev, bus);
+ if (!qdev_set_parent_bus(dev, bus, errp)) {
+ return false;
+ }
} else {
assert(!DEVICE_GET_CLASS(dev)->bus_type);
}
DeviceState *ret;
BusState *child;
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- DeviceState *dev = kid->child;
+ WITH_RCU_READ_LOCK_GUARD() {
+ QTAILQ_FOREACH_RCU(kid, &bus->children, sibling) {
+ DeviceState *dev = kid->child;
- if (dev->id && strcmp(dev->id, id) == 0) {
- return dev;
- }
+ if (dev->id && strcmp(dev->id, id) == 0) {
+ return dev;
+ }
- QLIST_FOREACH(child, &dev->child_bus, sibling) {
- ret = qdev_find_recursive(child, id);
- if (ret) {
- return ret;
+ QLIST_FOREACH(child, &dev->child_bus, sibling) {
+ ret = qdev_find_recursive(child, id);
+ if (ret) {
+ return ret;
+ }
}
}
}
}
}
+ qatomic_store_release(&dev->realized, value);
+
} else if (!value && dev->realized) {
+
+ /*
+ * Change the value so that any concurrent users are aware
+ * that the device is going to be unrealized
+ *
+ * TODO: change .realized property to enum that states
+ * each phase of the device realization/unrealization
+ */
+
+ qatomic_set(&dev->realized, value);
+ /*
+ * Ensure that concurrent users see this update prior to
+ * any other changes done by unrealize.
+ */
+ smp_wmb();
+
QLIST_FOREACH(bus, &dev->child_bus, sibling) {
qbus_unrealize(bus);
}
}
assert(local_err == NULL);
- dev->realized = value;
return;
child_realize_fail:
error_setg(errp, "virtio_net: couldn't find primary bus");
return false;
}
- qdev_set_parent_bus(n->primary_dev, n->primary_bus);
+ qdev_set_parent_bus(n->primary_dev, n->primary_bus, &error_abort);
n->primary_should_be_hidden = false;
if (!qemu_opt_set_bool(n->primary_device_opts,
"partially_hotplugged", true, errp)) {
--- /dev/null
+/*
+ * QEMU Firmware configuration device emulation (QOM interfaces)
+ *
+ * Copyright 2020 Red Hat, Inc.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "hw/nvram/fw_cfg.h"
+
+static const TypeInfo fw_cfg_data_generator_interface_info = {
+ .parent = TYPE_INTERFACE,
+ .name = TYPE_FW_CFG_DATA_GENERATOR_INTERFACE,
+ .class_size = sizeof(FWCfgDataGeneratorClass),
+};
+
+static void fw_cfg_register_interfaces(void)
+{
+ type_register_static(&fw_cfg_data_generator_interface_info);
+}
+
+type_init(fw_cfg_register_interfaces)
.class_init = fw_cfg_mem_class_init,
};
-static const TypeInfo fw_cfg_data_generator_interface_info = {
- .parent = TYPE_INTERFACE,
- .name = TYPE_FW_CFG_DATA_GENERATOR_INTERFACE,
- .class_size = sizeof(FWCfgDataGeneratorClass),
-};
-
static void fw_cfg_register_types(void)
{
type_register_static(&fw_cfg_info);
type_register_static(&fw_cfg_io_info);
type_register_static(&fw_cfg_mem_info);
- type_register_static(&fw_cfg_data_generator_interface_info);
}
type_init(fw_cfg_register_types)
+# QOM interfaces must be available anytime QOM is used.
+qom_ss.add(files('fw_cfg-interface.c'))
+
softmmu_ss.add(files('fw_cfg.c'))
softmmu_ss.add(when: 'CONFIG_CHRP_NVRAM', if_true: files('chrp_nvram.c'))
softmmu_ss.add(when: 'CONFIG_DS1225Y', if_true: files('ds1225y.c'))
static uint8_t *scsi_target_alloc_buf(SCSIRequest *req, size_t len);
static void scsi_target_free_buf(SCSIRequest *req);
-static Property scsi_props[] = {
- DEFINE_PROP_UINT32("channel", SCSIDevice, channel, 0),
- DEFINE_PROP_UINT32("scsi-id", SCSIDevice, id, -1),
- DEFINE_PROP_UINT32("lun", SCSIDevice, lun, -1),
- DEFINE_PROP_END_OF_LIST(),
-};
+static int next_scsi_bus;
-static void scsi_bus_class_init(ObjectClass *klass, void *data)
+static SCSIDevice *do_scsi_device_find(SCSIBus *bus,
+ int channel, int id, int lun,
+ bool include_unrealized)
{
- BusClass *k = BUS_CLASS(klass);
- HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(klass);
+ BusChild *kid;
+ SCSIDevice *retval = NULL;
- k->get_dev_path = scsibus_get_dev_path;
- k->get_fw_dev_path = scsibus_get_fw_dev_path;
- hc->unplug = qdev_simple_device_unplug_cb;
+ QTAILQ_FOREACH_RCU(kid, &bus->qbus.children, sibling) {
+ DeviceState *qdev = kid->child;
+ SCSIDevice *dev = SCSI_DEVICE(qdev);
+
+ if (dev->channel == channel && dev->id == id) {
+ if (dev->lun == lun) {
+ retval = dev;
+ break;
+ }
+
+ /*
+ * If we don't find exact match (channel/bus/lun),
+ * we will return the first device which matches channel/bus
+ */
+
+ if (!retval) {
+ retval = dev;
+ }
+ }
+ }
+
+ /*
+ * This function might run on the IO thread and we might race against
+ * main thread hot-plugging the device.
+ * We assume that as soon as .realized is set to true we can let
+ * the user access the device.
+ */
+
+ if (retval && !include_unrealized &&
+ !qatomic_load_acquire(&retval->qdev.realized)) {
+ retval = NULL;
+ }
+
+ return retval;
}
-static const TypeInfo scsi_bus_info = {
- .name = TYPE_SCSI_BUS,
- .parent = TYPE_BUS,
- .instance_size = sizeof(SCSIBus),
- .class_init = scsi_bus_class_init,
- .interfaces = (InterfaceInfo[]) {
- { TYPE_HOTPLUG_HANDLER },
- { }
+SCSIDevice *scsi_device_find(SCSIBus *bus, int channel, int id, int lun)
+{
+ RCU_READ_LOCK_GUARD();
+ return do_scsi_device_find(bus, channel, id, lun, false);
+}
+
+SCSIDevice *scsi_device_get(SCSIBus *bus, int channel, int id, int lun)
+{
+ SCSIDevice *d;
+ RCU_READ_LOCK_GUARD();
+ d = do_scsi_device_find(bus, channel, id, lun, false);
+ if (d) {
+ object_ref(d);
}
-};
-static int next_scsi_bus;
+ return d;
+}
static void scsi_device_realize(SCSIDevice *s, Error **errp)
{
}
}
-static void scsi_qdev_realize(DeviceState *qdev, Error **errp)
+static bool scsi_bus_is_address_free(SCSIBus *bus,
+ int channel, int target, int lun,
+ SCSIDevice **p_dev)
{
- SCSIDevice *dev = SCSI_DEVICE(qdev);
- SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, dev->qdev.parent_bus);
SCSIDevice *d;
- Error *local_err = NULL;
+
+ RCU_READ_LOCK_GUARD();
+ d = do_scsi_device_find(bus, channel, target, lun, true);
+ if (d && d->lun == lun) {
+ if (p_dev) {
+ *p_dev = d;
+ }
+ return false;
+ }
+ if (p_dev) {
+ *p_dev = NULL;
+ }
+ return true;
+}
+
+static bool scsi_bus_check_address(BusState *qbus, DeviceState *qdev, Error **errp)
+{
+ SCSIDevice *dev = SCSI_DEVICE(qdev);
+ SCSIBus *bus = SCSI_BUS(qbus);
if (dev->channel > bus->info->max_channel) {
error_setg(errp, "bad scsi channel id: %d", dev->channel);
- return;
+ return false;
}
if (dev->id != -1 && dev->id > bus->info->max_target) {
error_setg(errp, "bad scsi device id: %d", dev->id);
- return;
+ return false;
}
if (dev->lun != -1 && dev->lun > bus->info->max_lun) {
error_setg(errp, "bad scsi device lun: %d", dev->lun);
- return;
+ return false;
+ }
+
+ if (dev->id != -1 && dev->lun != -1) {
+ SCSIDevice *d;
+ if (!scsi_bus_is_address_free(bus, dev->channel, dev->id, dev->lun, &d)) {
+ error_setg(errp, "lun already used by '%s'", d->qdev.id);
+ return false;
+ }
}
+ return true;
+}
+
+static void scsi_qdev_realize(DeviceState *qdev, Error **errp)
+{
+ SCSIDevice *dev = SCSI_DEVICE(qdev);
+ SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, dev->qdev.parent_bus);
+ bool is_free;
+ Error *local_err = NULL;
+
if (dev->id == -1) {
int id = -1;
if (dev->lun == -1) {
dev->lun = 0;
}
do {
- d = scsi_device_find(bus, dev->channel, ++id, dev->lun);
- } while (d && d->lun == dev->lun && id < bus->info->max_target);
- if (d && d->lun == dev->lun) {
+ is_free = scsi_bus_is_address_free(bus, dev->channel, ++id, dev->lun, NULL);
+ } while (!is_free && id < bus->info->max_target);
+ if (!is_free) {
error_setg(errp, "no free target");
return;
}
} else if (dev->lun == -1) {
int lun = -1;
do {
- d = scsi_device_find(bus, dev->channel, dev->id, ++lun);
- } while (d && d->lun == lun && lun < bus->info->max_lun);
- if (d && d->lun == lun) {
+ is_free = scsi_bus_is_address_free(bus, dev->channel, dev->id, ++lun, NULL);
+ } while (!is_free && lun < bus->info->max_lun);
+ if (!is_free) {
error_setg(errp, "no free lun");
return;
}
dev->lun = lun;
- } else {
- d = scsi_device_find(bus, dev->channel, dev->id, dev->lun);
- assert(d);
- if (d->lun == dev->lun && dev != d) {
- error_setg(errp, "lun already used by '%s'", d->qdev.id);
- return;
- }
}
QTAILQ_INIT(&dev->requests);
static void store_lun(uint8_t *outbuf, int lun)
{
if (lun < 256) {
+ /* Simple logical unit addressing method*/
+ outbuf[0] = 0;
outbuf[1] = lun;
- return;
+ } else {
+ /* Flat space addressing method */
+ outbuf[0] = 0x40 | (lun >> 8);
+ outbuf[1] = (lun & 255);
}
- outbuf[1] = (lun & 255);
- outbuf[0] = (lun >> 8) | 0x40;
}
static bool scsi_target_emulate_report_luns(SCSITargetReq *r)
{
BusChild *kid;
- int i, len, n;
int channel, id;
- bool found_lun0;
+ uint8_t tmp[8] = {0};
+ int len = 0;
+ GByteArray *buf;
if (r->req.cmd.xfer < 16) {
return false;
if (r->req.cmd.buf[2] > 2) {
return false;
}
+
+ /* reserve space for 63 LUNs*/
+ buf = g_byte_array_sized_new(512);
+
channel = r->req.dev->channel;
id = r->req.dev->id;
- found_lun0 = false;
- n = 0;
- QTAILQ_FOREACH(kid, &r->req.bus->qbus.children, sibling) {
- DeviceState *qdev = kid->child;
- SCSIDevice *dev = SCSI_DEVICE(qdev);
- if (dev->channel == channel && dev->id == id) {
- if (dev->lun == 0) {
- found_lun0 = true;
- }
- n += 8;
- }
- }
- if (!found_lun0) {
- n += 8;
- }
+ /* add size (will be updated later to correct value */
+ g_byte_array_append(buf, tmp, 8);
+ len += 8;
- scsi_target_alloc_buf(&r->req, n + 8);
+ /* add LUN0 */
+ g_byte_array_append(buf, tmp, 8);
+ len += 8;
- len = MIN(n + 8, r->req.cmd.xfer & ~7);
- memset(r->buf, 0, len);
- stl_be_p(&r->buf[0], n);
- i = found_lun0 ? 8 : 16;
- QTAILQ_FOREACH(kid, &r->req.bus->qbus.children, sibling) {
- DeviceState *qdev = kid->child;
- SCSIDevice *dev = SCSI_DEVICE(qdev);
+ WITH_RCU_READ_LOCK_GUARD() {
+ QTAILQ_FOREACH_RCU(kid, &r->req.bus->qbus.children, sibling) {
+ DeviceState *qdev = kid->child;
+ SCSIDevice *dev = SCSI_DEVICE(qdev);
- if (dev->channel == channel && dev->id == id) {
- store_lun(&r->buf[i], dev->lun);
- i += 8;
+ if (dev->channel == channel && dev->id == id && dev->lun != 0) {
+ store_lun(tmp, dev->lun);
+ g_byte_array_append(buf, tmp, 8);
+ len += 8;
+ }
}
}
- assert(i == n + 8);
- r->len = len;
+
+ r->buf_len = len;
+ r->buf = g_byte_array_free(buf, FALSE);
+ r->len = MIN(len, r->req.cmd.xfer & ~7);
+
+ /* store the LUN list length */
+ stl_be_p(&r->buf[0], len - 8);
return true;
}
qdev_fw_name(dev), d->id, d->lun);
}
-SCSIDevice *scsi_device_find(SCSIBus *bus, int channel, int id, int lun)
-{
- BusChild *kid;
- SCSIDevice *target_dev = NULL;
-
- QTAILQ_FOREACH_REVERSE(kid, &bus->qbus.children, sibling) {
- DeviceState *qdev = kid->child;
- SCSIDevice *dev = SCSI_DEVICE(qdev);
-
- if (dev->channel == channel && dev->id == id) {
- if (dev->lun == lun) {
- return dev;
- }
- target_dev = dev;
- }
- }
- return target_dev;
-}
-
/* SCSI request list. For simplicity, pv points to the whole device */
static int put_scsi_requests(QEMUFile *f, void *pv, size_t size,
}
};
+static Property scsi_props[] = {
+ DEFINE_PROP_UINT32("channel", SCSIDevice, channel, 0),
+ DEFINE_PROP_UINT32("scsi-id", SCSIDevice, id, -1),
+ DEFINE_PROP_UINT32("lun", SCSIDevice, lun, -1),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
static void scsi_device_class_init(ObjectClass *klass, void *data)
{
DeviceClass *k = DEVICE_CLASS(klass);
.instance_init = scsi_dev_instance_init,
};
+static void scsi_bus_class_init(ObjectClass *klass, void *data)
+{
+ BusClass *k = BUS_CLASS(klass);
+ HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(klass);
+
+ k->get_dev_path = scsibus_get_dev_path;
+ k->get_fw_dev_path = scsibus_get_fw_dev_path;
+ k->check_address = scsi_bus_check_address;
+ hc->unplug = qdev_simple_device_unplug_cb;
+}
+
+static const TypeInfo scsi_bus_info = {
+ .name = TYPE_SCSI_BUS,
+ .parent = TYPE_BUS,
+ .instance_size = sizeof(SCSIBus),
+ .class_init = scsi_bus_class_init,
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_HOTPLUG_HANDLER },
+ { }
+ }
+};
+
static void scsi_register_types(void)
{
type_register_static(&scsi_bus_info);
return ((lun[2] << 8) | lun[3]) & 0x3FFF;
}
-static inline SCSIDevice *virtio_scsi_device_find(VirtIOSCSI *s, uint8_t *lun)
+static inline SCSIDevice *virtio_scsi_device_get(VirtIOSCSI *s, uint8_t *lun)
{
if (lun[0] != 1) {
return NULL;
if (lun[2] != 0 && !(lun[2] >= 0x40 && lun[2] < 0x80)) {
return NULL;
}
- return scsi_device_find(&s->bus, 0, lun[1], virtio_scsi_get_lun(lun));
+ return scsi_device_get(&s->bus, 0, lun[1], virtio_scsi_get_lun(lun));
}
void virtio_scsi_init_req(VirtIOSCSI *s, VirtQueue *vq, VirtIOSCSIReq *req)
* case of async cancellation. */
static int virtio_scsi_do_tmf(VirtIOSCSI *s, VirtIOSCSIReq *req)
{
- SCSIDevice *d = virtio_scsi_device_find(s, req->req.tmf.lun);
+ SCSIDevice *d = virtio_scsi_device_get(s, req->req.tmf.lun);
SCSIRequest *r, *next;
BusChild *kid;
int target;
case VIRTIO_SCSI_T_TMF_I_T_NEXUS_RESET:
target = req->req.tmf.lun[1];
s->resetting++;
- QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
- d = SCSI_DEVICE(kid->child);
- if (d->channel == 0 && d->id == target) {
- qdev_reset_all(&d->qdev);
- }
+
+ rcu_read_lock();
+ QTAILQ_FOREACH_RCU(kid, &s->bus.qbus.children, sibling) {
+ SCSIDevice *d1 = SCSI_DEVICE(kid->child);
+ if (d1->channel == 0 && d1->id == target) {
+ qdev_reset_all(&d1->qdev);
+ }
}
+ rcu_read_unlock();
+
s->resetting--;
break;
break;
}
+ object_unref(OBJECT(d));
return ret;
incorrect_lun:
req->resp.tmf.response = VIRTIO_SCSI_S_INCORRECT_LUN;
+ object_unref(OBJECT(d));
return ret;
fail:
req->resp.tmf.response = VIRTIO_SCSI_S_BAD_TARGET;
+ object_unref(OBJECT(d));
return ret;
}
}
}
- d = virtio_scsi_device_find(s, req->req.cmd.lun);
+ d = virtio_scsi_device_get(s, req->req.cmd.lun);
if (!d) {
req->resp.cmd.response = VIRTIO_SCSI_S_BAD_TARGET;
virtio_scsi_complete_cmd_req(req);
req->sreq->cmd.xfer > req->qsgl.size)) {
req->resp.cmd.response = VIRTIO_SCSI_S_OVERRUN;
virtio_scsi_complete_cmd_req(req);
+ object_unref(OBJECT(d));
return -ENOBUFS;
}
scsi_req_ref(req->sreq);
blk_io_plug(d->conf.blk);
+ object_unref(OBJECT(d));
return 0;
}
#include "hw/qdev-core.h"
#include "hw/sd/sd.h"
#include "qemu/module.h"
+#include "qapi/error.h"
#include "trace.h"
static inline const char *sdbus_name(SDBus *sdbus)
readonly = sc->get_readonly(card);
sdbus_set_inserted(from, false);
- qdev_set_parent_bus(DEVICE(card), &to->qbus);
+ qdev_set_parent_bus(DEVICE(card), &to->qbus, &error_abort);
sdbus_set_inserted(to, true);
sdbus_set_readonly(to, readonly);
}
void tcg_flush_softmmu_tlb(CPUState *cs);
+void tcg_iommu_init_notifier_list(CPUState *cpu);
+void tcg_iommu_free_notifier_list(CPUState *cpu);
+
#if !defined(CONFIG_USER_ONLY)
enum device_endian {
OBJECT_DECLARE_SIMPLE_TYPE(VmGenIdState, VMGENID)
struct VmGenIdState {
- DeviceClass parent_obj;
+ DeviceState parent_obj;
QemuUUID guid; /* The 128-bit GUID seen by the guest */
uint8_t vmgenid_addr_le[8]; /* Address of the GUID (little-endian) */
};
typedef struct fw_cfg_vmcoreinfo FWCfgVMCoreInfo;
struct VMCoreInfoState {
- DeviceClass parent_obj;
+ DeviceState parent_obj;
bool has_vmcoreinfo;
FWCfgVMCoreInfo vmcoreinfo;
#include "qemu/queue.h"
#include "qemu/bitmap.h"
+#include "qemu/rcu.h"
+#include "qemu/rcu_queue.h"
#include "qom/object.h"
#include "hw/hotplug.h"
#include "hw/resettable.h"
/**
* DeviceState:
* @realized: Indicates whether the device has been fully constructed.
+ * When accessed outsize big qemu lock, must be accessed with
+ * atomic_load_acquire()
* @reset: ResettableState for the device; handled by Resettable interface.
*
* This structure should not be accessed directly. We declare it here
/* FIXME first arg should be BusState */
void (*print_dev)(Monitor *mon, DeviceState *dev, int indent);
char *(*get_dev_path)(DeviceState *dev);
+
/*
* This callback is used to create Open Firmware device path in accordance
* with OF spec http://forthworks.com/standards/of1275.pdf. Individual bus
* bindings can be found at http://playground.sun.com/1275/bindings/.
*/
char *(*get_fw_dev_path)(DeviceState *dev);
+
void (*reset)(BusState *bus);
+
+ /*
+ * Return whether the device can be added to @bus,
+ * based on the address that was set (via device properties)
+ * before realize. If not, on return @errp contains the
+ * human-readable error message.
+ */
+ bool (*check_address)(BusState *bus, DeviceState *dev, Error **errp);
+
BusRealize realize;
BusUnrealize unrealize;
};
typedef struct BusChild {
+ struct rcu_head rcu;
DeviceState *child;
int index;
QTAILQ_ENTRY(BusChild) sibling;
int max_index;
bool realized;
int num_children;
+
+ /*
+ * children is a RCU QTAILQ, thus readers must use RCU to access it,
+ * and writers must hold the big qemu lock
+ */
+
QTAILQ_HEAD(, BusChild) children;
QLIST_ENTRY(BusState) sibling;
ResettableState reset;
Object *qdev_get_machine(void);
/* FIXME: make this a link<> */
-void qdev_set_parent_bus(DeviceState *dev, BusState *bus);
+bool qdev_set_parent_bus(DeviceState *dev, BusState *bus, Error **errp);
extern bool qdev_hotplug;
extern bool qdev_hot_removed;
int scsi_SG_IO_FROM_DEV(BlockBackend *blk, uint8_t *cmd, uint8_t cmd_size,
uint8_t *buf, uint8_t buf_size);
SCSIDevice *scsi_device_find(SCSIBus *bus, int channel, int target, int lun);
+SCSIDevice *scsi_device_get(SCSIBus *bus, int channel, int target, int lun);
/* scsi-generic.c. */
extern const SCSIReqOps scsi_generic_req_ops;
OBJECT_DECLARE_TYPE(CanHostState, CanHostClass, CAN_HOST)
struct CanHostState {
- ObjectClass oc;
+ Object oc;
CanBusState *bus;
CanBusClientState bus_client;
-io_ss = ss.source_set()
io_ss.add(genh)
io_ss.add(files(
'channel-buffer.c',
'net-listener.c',
'task.c',
))
-
-io_ss = io_ss.apply(config_host, strict: false)
-libio = static_library('io', io_ss.sources() + genh,
- dependencies: [io_ss.dependencies()],
- link_with: libqemuutil,
- name_suffix: 'fa',
- build_by_default: false)
-
-io = declare_dependency(link_whole: libio, dependencies: [crypto, qom])
kvm_targets = ['s390x-softmmu']
elif cpu in ['ppc', 'ppc64']
kvm_targets = ['ppc-softmmu', 'ppc64-softmmu']
+elif cpu in ['mips', 'mips64']
+ kvm_targets = ['mips-softmmu', 'mipsel-softmmu', 'mips64-softmmu', 'mips64el-softmmu']
else
kvm_targets = []
endif
endif
endif
-# Create config-host.h
+#################
+# config-host.h #
+#################
config_host_data.set('CONFIG_COCOA', cocoa.found())
config_host_data.set('CONFIG_LIBUDEV', libudev.found())
endif
endforeach
+########################
+# Target configuration #
+########################
+
minikconf = find_program('scripts/minikconf.py')
config_all = {}
config_all_devices = {}
'CONFIG_ALL': true,
}
-# Submodules
+##############
+# Submodules #
+##############
capstone = not_found
capstone_opt = get_option('capstone')
config_host_data.set('CONFIG_FDT', fdt.found())
config_host_data.set('CONFIG_SLIRP', slirp.found())
-genh += configure_file(output: 'config-host.h', configuration: config_host_data)
+#####################
+# Generated sources #
+#####################
-# Generators
+genh += configure_file(output: 'config-host.h', configuration: config_host_data)
hxtool = find_program('scripts/hxtool')
shaderinclude = find_program('scripts/shaderinclude.pl')
meson.source_root() / 'docs/sphinx/qmp_lexer.py',
qapi_gen_depends ]
-# Collect sourcesets.
+###################
+# Collect sources #
+###################
-util_ss = ss.source_set()
-stub_ss = ss.source_set()
-trace_ss = ss.source_set()
-block_ss = ss.source_set()
+authz_ss = ss.source_set()
blockdev_ss = ss.source_set()
-qmp_ss = ss.source_set()
-common_ss = ss.source_set()
-softmmu_ss = ss.source_set()
-user_ss = ss.source_set()
+block_ss = ss.source_set()
bsd_user_ss = ss.source_set()
+chardev_ss = ss.source_set()
+common_ss = ss.source_set()
+crypto_ss = ss.source_set()
+io_ss = ss.source_set()
linux_user_ss = ss.source_set()
-specific_ss = ss.source_set()
+qmp_ss = ss.source_set()
+qom_ss = ss.source_set()
+softmmu_ss = ss.source_set()
specific_fuzz_ss = ss.source_set()
+specific_ss = ss.source_set()
+stub_ss = ss.source_set()
+trace_ss = ss.source_set()
+user_ss = ss.source_set()
+util_ss = ss.source_set()
modules = {}
hw_arch = {}
modulecommon = declare_dependency(link_whole: libmodulecommon, compile_args: '-DBUILD_DSO')
endif
-# Build targets from sourcesets
-
stub_ss = stub_ss.apply(config_all, strict: false)
util_ss.add_all(trace_ss)
# os-win32.c does not
blockdev_ss.add(when: 'CONFIG_POSIX', if_true: files('os-posix.c'))
softmmu_ss.add(when: 'CONFIG_WIN32', if_true: [files('os-win32.c')])
-
softmmu_ss.add_all(blockdev_ss)
-softmmu_ss.add(files(
- 'bootdevice.c',
- 'dma-helpers.c',
- 'qdev-monitor.c',
-), sdl)
-
-softmmu_ss.add(when: 'CONFIG_TPM', if_true: files('tpm.c'))
-softmmu_ss.add(when: 'CONFIG_SECCOMP', if_true: [files('qemu-seccomp.c'), seccomp])
-softmmu_ss.add(when: fdt, if_true: files('device_tree.c'))
common_ss.add(files('cpus-common.c'))
subdir('softmmu')
common_ss.add(capstone)
-specific_ss.add(files('disas.c', 'exec.c', 'gdbstub.c'), capstone, libpmem, libdaxctl)
+specific_ss.add(files('cpu.c', 'disas.c', 'gdbstub.c'), capstone)
specific_ss.add(files('exec-vary.c'))
specific_ss.add(when: 'CONFIG_TCG', if_true: files(
'fpu/softfloat.c',
subdir('tests/qtest/libqos')
subdir('tests/qtest/fuzz')
+########################
+# Library dependencies #
+########################
+
block_mods = []
softmmu_mods = []
foreach d, list : modules
capture: true,
command: [undefsym, nm, '@INPUT@'])
+qom_ss = qom_ss.apply(config_host, strict: false)
+libqom = static_library('qom', qom_ss.sources() + genh,
+ dependencies: [qom_ss.dependencies()],
+ name_suffix: 'fa')
+
+qom = declare_dependency(link_whole: libqom)
+
+authz_ss = authz_ss.apply(config_host, strict: false)
+libauthz = static_library('authz', authz_ss.sources() + genh,
+ dependencies: [authz_ss.dependencies()],
+ name_suffix: 'fa',
+ build_by_default: false)
+
+authz = declare_dependency(link_whole: libauthz,
+ dependencies: qom)
+
+crypto_ss = crypto_ss.apply(config_host, strict: false)
+libcrypto = static_library('crypto', crypto_ss.sources() + genh,
+ dependencies: [crypto_ss.dependencies()],
+ name_suffix: 'fa',
+ build_by_default: false)
+
+crypto = declare_dependency(link_whole: libcrypto,
+ dependencies: [authz, qom])
+
+io_ss = io_ss.apply(config_host, strict: false)
+libio = static_library('io', io_ss.sources() + genh,
+ dependencies: [io_ss.dependencies()],
+ link_with: libqemuutil,
+ name_suffix: 'fa',
+ build_by_default: false)
+
+io = declare_dependency(link_whole: libio, dependencies: [crypto, qom])
+
+libmigration = static_library('migration', sources: migration_files + genh,
+ name_suffix: 'fa',
+ build_by_default: false)
+migration = declare_dependency(link_with: libmigration,
+ dependencies: [zlib, qom, io])
+softmmu_ss.add(migration)
+
block_ss = block_ss.apply(config_host, strict: false)
libblock = static_library('block', block_ss.sources() + genh,
dependencies: block_ss.dependencies(),
qmp = declare_dependency(link_whole: [libqmp])
+libchardev = static_library('chardev', chardev_ss.sources() + genh,
+ name_suffix: 'fa',
+ build_by_default: false)
+
+chardev = declare_dependency(link_whole: libchardev)
+
+libhwcore = static_library('hwcore', sources: hwcore_files + genh,
+ name_suffix: 'fa',
+ build_by_default: false)
+hwcore = declare_dependency(link_whole: libhwcore)
+common_ss.add(hwcore)
+
+###########
+# Targets #
+###########
+
foreach m : block_mods + softmmu_mods
shared_module(m.name(),
name_prefix: '',
alias_target('installer', nsis)
endif
+#########################
+# Configuration summary #
+#########################
+
summary_info = {}
summary_info += {'Install prefix': config_host['prefix']}
summary_info += {'BIOS directory': config_host['qemu_datadir']}
struct DirtyRateInfo *info = g_malloc0(sizeof(DirtyRateInfo));
if (qatomic_read(&CalculatingState) == DIRTY_RATE_STATUS_MEASURED) {
+ info->has_dirty_rate = true;
info->dirty_rate = dirty_rate;
- } else {
- info->dirty_rate = -1;
}
info->status = CalculatingState;
return info;
}
-static void reset_dirtyrate_stat(void)
+static void init_dirtyrate_stat(int64_t start_time, int64_t calc_time)
{
DirtyStat.total_dirty_samples = 0;
DirtyStat.total_sample_count = 0;
DirtyStat.total_block_mem_MB = 0;
DirtyStat.dirty_rate = -1;
- DirtyStat.start_time = 0;
- DirtyStat.calc_time = 0;
+ DirtyStat.start_time = start_time;
+ DirtyStat.calc_time = calc_time;
}
static void update_dirtyrate_stat(struct RamblockDirtyInfo *info)
int64_t initial_time;
rcu_register_thread();
- reset_dirtyrate_stat();
rcu_read_lock();
initial_time = qemu_clock_get_ms(QEMU_CLOCK_REALTIME);
if (!record_ramblock_hash_info(&block_dinfo, config, &block_count)) {
{
struct DirtyRateConfig config = *(struct DirtyRateConfig *)arg;
int ret;
+ int64_t start_time;
+ int64_t calc_time;
ret = dirtyrate_set_state(&CalculatingState, DIRTY_RATE_STATUS_UNSTARTED,
DIRTY_RATE_STATUS_MEASURING);
return NULL;
}
+ start_time = qemu_clock_get_ms(QEMU_CLOCK_REALTIME) / 1000;
+ calc_time = config.sample_period_seconds;
+ init_dirtyrate_stat(start_time, calc_time);
+
calculate_dirtyrate(config);
ret = dirtyrate_set_state(&CalculatingState, DIRTY_RATE_STATUS_MEASURING,
'qemu-file.c',
'qjson.c',
)
-
-libmigration = static_library('migration', sources: migration_files + genh,
- name_suffix: 'fa',
- build_by_default: false)
-migration = declare_dependency(link_with: libmigration,
- dependencies: [zlib, qom, io])
-softmmu_ss.add(migration)
+softmmu_ss.add(migration_files)
softmmu_ss.add(files(
'block-dirty-bitmap.c',
+++ /dev/null
-qemu-plugins-ld.symbols
-qemu-plugins-ld64.symbols
#
# Information about current dirty page rate of vm.
#
-# @dirty-rate: @dirtyrate describing the dirty page rate of vm
-# in units of MB/s.
-# If this field returns '-1', it means querying has not
-# yet started or completed.
+# @dirty-rate: an estimate of the dirty page rate of the VM in units of
+# MB/s, present only when estimating the rate has completed.
#
# @status: status containing dirtyrate query status includes
# 'unstarted' or 'measuring' or 'measured'
#
##
{ 'struct': 'DirtyRateInfo',
- 'data': {'dirty-rate': 'int64',
+ 'data': {'*dirty-rate': 'int64',
'status': 'DirtyRateStatus',
'start-time': 'int64',
'calc-time': 'int64'} }
+++ /dev/null
-/*
- * Dynamic device configuration and creation.
- *
- * Copyright (c) 2009 CodeSourcery
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "qemu/osdep.h"
-#include "hw/sysbus.h"
-#include "monitor/hmp.h"
-#include "monitor/monitor.h"
-#include "monitor/qdev.h"
-#include "sysemu/arch_init.h"
-#include "qapi/error.h"
-#include "qapi/qapi-commands-qdev.h"
-#include "qapi/qmp/qdict.h"
-#include "qapi/qmp/qerror.h"
-#include "qemu/config-file.h"
-#include "qemu/error-report.h"
-#include "qemu/help_option.h"
-#include "qemu/option.h"
-#include "qemu/qemu-print.h"
-#include "qemu/option_int.h"
-#include "sysemu/block-backend.h"
-#include "sysemu/sysemu.h"
-#include "migration/misc.h"
-#include "migration/migration.h"
-#include "qemu/cutils.h"
-#include "hw/clock.h"
-
-/*
- * Aliases were a bad idea from the start. Let's keep them
- * from spreading further.
- */
-typedef struct QDevAlias
-{
- const char *typename;
- const char *alias;
- uint32_t arch_mask;
-} QDevAlias;
-
-/* Please keep this table sorted by typename. */
-static const QDevAlias qdev_alias_table[] = {
- { "AC97", "ac97" }, /* -soundhw name */
- { "e1000", "e1000-82540em" },
- { "ES1370", "es1370" }, /* -soundhw name */
- { "ich9-ahci", "ahci" },
- { "lsi53c895a", "lsi" },
- { "virtio-9p-ccw", "virtio-9p", QEMU_ARCH_S390X },
- { "virtio-9p-pci", "virtio-9p", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
- { "virtio-balloon-ccw", "virtio-balloon", QEMU_ARCH_S390X },
- { "virtio-balloon-pci", "virtio-balloon",
- QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
- { "virtio-blk-ccw", "virtio-blk", QEMU_ARCH_S390X },
- { "virtio-blk-pci", "virtio-blk", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
- { "virtio-gpu-ccw", "virtio-gpu", QEMU_ARCH_S390X },
- { "virtio-gpu-pci", "virtio-gpu", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
- { "virtio-input-host-ccw", "virtio-input-host", QEMU_ARCH_S390X },
- { "virtio-input-host-pci", "virtio-input-host",
- QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
- { "virtio-iommu-pci", "virtio-iommu", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
- { "virtio-keyboard-ccw", "virtio-keyboard", QEMU_ARCH_S390X },
- { "virtio-keyboard-pci", "virtio-keyboard",
- QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
- { "virtio-mouse-ccw", "virtio-mouse", QEMU_ARCH_S390X },
- { "virtio-mouse-pci", "virtio-mouse", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
- { "virtio-net-ccw", "virtio-net", QEMU_ARCH_S390X },
- { "virtio-net-pci", "virtio-net", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
- { "virtio-rng-ccw", "virtio-rng", QEMU_ARCH_S390X },
- { "virtio-rng-pci", "virtio-rng", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
- { "virtio-scsi-ccw", "virtio-scsi", QEMU_ARCH_S390X },
- { "virtio-scsi-pci", "virtio-scsi", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
- { "virtio-serial-ccw", "virtio-serial", QEMU_ARCH_S390X },
- { "virtio-serial-pci", "virtio-serial", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
- { "virtio-tablet-ccw", "virtio-tablet", QEMU_ARCH_S390X },
- { "virtio-tablet-pci", "virtio-tablet", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
- { }
-};
-
-static const char *qdev_class_get_alias(DeviceClass *dc)
-{
- const char *typename = object_class_get_name(OBJECT_CLASS(dc));
- int i;
-
- for (i = 0; qdev_alias_table[i].typename; i++) {
- if (qdev_alias_table[i].arch_mask &&
- !(qdev_alias_table[i].arch_mask & arch_type)) {
- continue;
- }
-
- if (strcmp(qdev_alias_table[i].typename, typename) == 0) {
- return qdev_alias_table[i].alias;
- }
- }
-
- return NULL;
-}
-
-static bool qdev_class_has_alias(DeviceClass *dc)
-{
- return (qdev_class_get_alias(dc) != NULL);
-}
-
-static void qdev_print_devinfo(DeviceClass *dc)
-{
- qemu_printf("name \"%s\"", object_class_get_name(OBJECT_CLASS(dc)));
- if (dc->bus_type) {
- qemu_printf(", bus %s", dc->bus_type);
- }
- if (qdev_class_has_alias(dc)) {
- qemu_printf(", alias \"%s\"", qdev_class_get_alias(dc));
- }
- if (dc->desc) {
- qemu_printf(", desc \"%s\"", dc->desc);
- }
- if (!dc->user_creatable) {
- qemu_printf(", no-user");
- }
- qemu_printf("\n");
-}
-
-static void qdev_print_devinfos(bool show_no_user)
-{
- static const char *cat_name[DEVICE_CATEGORY_MAX + 1] = {
- [DEVICE_CATEGORY_BRIDGE] = "Controller/Bridge/Hub",
- [DEVICE_CATEGORY_USB] = "USB",
- [DEVICE_CATEGORY_STORAGE] = "Storage",
- [DEVICE_CATEGORY_NETWORK] = "Network",
- [DEVICE_CATEGORY_INPUT] = "Input",
- [DEVICE_CATEGORY_DISPLAY] = "Display",
- [DEVICE_CATEGORY_SOUND] = "Sound",
- [DEVICE_CATEGORY_MISC] = "Misc",
- [DEVICE_CATEGORY_CPU] = "CPU",
- [DEVICE_CATEGORY_MAX] = "Uncategorized",
- };
- GSList *list, *elt;
- int i;
- bool cat_printed;
-
- module_load_qom_all();
- list = object_class_get_list_sorted(TYPE_DEVICE, false);
-
- for (i = 0; i <= DEVICE_CATEGORY_MAX; i++) {
- cat_printed = false;
- for (elt = list; elt; elt = elt->next) {
- DeviceClass *dc = OBJECT_CLASS_CHECK(DeviceClass, elt->data,
- TYPE_DEVICE);
- if ((i < DEVICE_CATEGORY_MAX
- ? !test_bit(i, dc->categories)
- : !bitmap_empty(dc->categories, DEVICE_CATEGORY_MAX))
- || (!show_no_user
- && !dc->user_creatable)) {
- continue;
- }
- if (!cat_printed) {
- qemu_printf("%s%s devices:\n", i ? "\n" : "", cat_name[i]);
- cat_printed = true;
- }
- qdev_print_devinfo(dc);
- }
- }
-
- g_slist_free(list);
-}
-
-static int set_property(void *opaque, const char *name, const char *value,
- Error **errp)
-{
- Object *obj = opaque;
-
- if (strcmp(name, "driver") == 0)
- return 0;
- if (strcmp(name, "bus") == 0)
- return 0;
-
- if (!object_property_parse(obj, name, value, errp)) {
- return -1;
- }
- return 0;
-}
-
-static const char *find_typename_by_alias(const char *alias)
-{
- int i;
-
- for (i = 0; qdev_alias_table[i].alias; i++) {
- if (qdev_alias_table[i].arch_mask &&
- !(qdev_alias_table[i].arch_mask & arch_type)) {
- continue;
- }
-
- if (strcmp(qdev_alias_table[i].alias, alias) == 0) {
- return qdev_alias_table[i].typename;
- }
- }
-
- return NULL;
-}
-
-static DeviceClass *qdev_get_device_class(const char **driver, Error **errp)
-{
- ObjectClass *oc;
- DeviceClass *dc;
- const char *original_name = *driver;
-
- oc = module_object_class_by_name(*driver);
- if (!oc) {
- const char *typename = find_typename_by_alias(*driver);
-
- if (typename) {
- *driver = typename;
- oc = module_object_class_by_name(*driver);
- }
- }
-
- if (!object_class_dynamic_cast(oc, TYPE_DEVICE)) {
- if (*driver != original_name) {
- error_setg(errp, "'%s' (alias '%s') is not a valid device model"
- " name", original_name, *driver);
- } else {
- error_setg(errp, "'%s' is not a valid device model name", *driver);
- }
- return NULL;
- }
-
- if (object_class_is_abstract(oc)) {
- error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "driver",
- "non-abstract device type");
- return NULL;
- }
-
- dc = DEVICE_CLASS(oc);
- if (!dc->user_creatable ||
- (qdev_hotplug && !dc->hotpluggable)) {
- error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "driver",
- "pluggable device type");
- return NULL;
- }
-
- return dc;
-}
-
-
-int qdev_device_help(QemuOpts *opts)
-{
- Error *local_err = NULL;
- const char *driver;
- ObjectPropertyInfoList *prop_list;
- ObjectPropertyInfoList *prop;
- GPtrArray *array;
- int i;
-
- driver = qemu_opt_get(opts, "driver");
- if (driver && is_help_option(driver)) {
- qdev_print_devinfos(false);
- return 1;
- }
-
- if (!driver || !qemu_opt_has_help_opt(opts)) {
- return 0;
- }
-
- if (!object_class_by_name(driver)) {
- const char *typename = find_typename_by_alias(driver);
-
- if (typename) {
- driver = typename;
- }
- }
-
- prop_list = qmp_device_list_properties(driver, &local_err);
- if (local_err) {
- goto error;
- }
-
- if (prop_list) {
- qemu_printf("%s options:\n", driver);
- } else {
- qemu_printf("There are no options for %s.\n", driver);
- }
- array = g_ptr_array_new();
- for (prop = prop_list; prop; prop = prop->next) {
- g_ptr_array_add(array,
- object_property_help(prop->value->name,
- prop->value->type,
- prop->value->default_value,
- prop->value->description));
- }
- g_ptr_array_sort(array, (GCompareFunc)qemu_pstrcmp0);
- for (i = 0; i < array->len; i++) {
- qemu_printf("%s\n", (char *)array->pdata[i]);
- }
- g_ptr_array_set_free_func(array, g_free);
- g_ptr_array_free(array, true);
- qapi_free_ObjectPropertyInfoList(prop_list);
- return 1;
-
-error:
- error_report_err(local_err);
- return 1;
-}
-
-static Object *qdev_get_peripheral(void)
-{
- static Object *dev;
-
- if (dev == NULL) {
- dev = container_get(qdev_get_machine(), "/peripheral");
- }
-
- return dev;
-}
-
-static Object *qdev_get_peripheral_anon(void)
-{
- static Object *dev;
-
- if (dev == NULL) {
- dev = container_get(qdev_get_machine(), "/peripheral-anon");
- }
-
- return dev;
-}
-
-static void qbus_error_append_bus_list_hint(DeviceState *dev,
- Error *const *errp)
-{
- BusState *child;
- const char *sep = " ";
-
- error_append_hint(errp, "child buses at \"%s\":",
- dev->id ? dev->id : object_get_typename(OBJECT(dev)));
- QLIST_FOREACH(child, &dev->child_bus, sibling) {
- error_append_hint(errp, "%s\"%s\"", sep, child->name);
- sep = ", ";
- }
- error_append_hint(errp, "\n");
-}
-
-static void qbus_error_append_dev_list_hint(BusState *bus,
- Error *const *errp)
-{
- BusChild *kid;
- const char *sep = " ";
-
- error_append_hint(errp, "devices at \"%s\":", bus->name);
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- DeviceState *dev = kid->child;
- error_append_hint(errp, "%s\"%s\"", sep,
- object_get_typename(OBJECT(dev)));
- if (dev->id) {
- error_append_hint(errp, "/\"%s\"", dev->id);
- }
- sep = ", ";
- }
- error_append_hint(errp, "\n");
-}
-
-static BusState *qbus_find_bus(DeviceState *dev, char *elem)
-{
- BusState *child;
-
- QLIST_FOREACH(child, &dev->child_bus, sibling) {
- if (strcmp(child->name, elem) == 0) {
- return child;
- }
- }
- return NULL;
-}
-
-static DeviceState *qbus_find_dev(BusState *bus, char *elem)
-{
- BusChild *kid;
-
- /*
- * try to match in order:
- * (1) instance id, if present
- * (2) driver name
- * (3) driver alias, if present
- */
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- DeviceState *dev = kid->child;
- if (dev->id && strcmp(dev->id, elem) == 0) {
- return dev;
- }
- }
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- DeviceState *dev = kid->child;
- if (strcmp(object_get_typename(OBJECT(dev)), elem) == 0) {
- return dev;
- }
- }
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- DeviceState *dev = kid->child;
- DeviceClass *dc = DEVICE_GET_CLASS(dev);
-
- if (qdev_class_has_alias(dc) &&
- strcmp(qdev_class_get_alias(dc), elem) == 0) {
- return dev;
- }
- }
- return NULL;
-}
-
-static inline bool qbus_is_full(BusState *bus)
-{
- BusClass *bus_class = BUS_GET_CLASS(bus);
- return bus_class->max_dev && bus->num_children >= bus_class->max_dev;
-}
-
-/*
- * Search the tree rooted at @bus for a bus.
- * If @name, search for a bus with that name. Note that bus names
- * need not be unique. Yes, that's screwed up.
- * Else search for a bus that is a subtype of @bus_typename.
- * If more than one exists, prefer one that can take another device.
- * Return the bus if found, else %NULL.
- */
-static BusState *qbus_find_recursive(BusState *bus, const char *name,
- const char *bus_typename)
-{
- BusChild *kid;
- BusState *pick, *child, *ret;
- bool match;
-
- assert(name || bus_typename);
- if (name) {
- match = !strcmp(bus->name, name);
- } else {
- match = !!object_dynamic_cast(OBJECT(bus), bus_typename);
- }
-
- if (match && !qbus_is_full(bus)) {
- return bus; /* root matches and isn't full */
- }
-
- pick = match ? bus : NULL;
-
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- DeviceState *dev = kid->child;
- QLIST_FOREACH(child, &dev->child_bus, sibling) {
- ret = qbus_find_recursive(child, name, bus_typename);
- if (ret && !qbus_is_full(ret)) {
- return ret; /* a descendant matches and isn't full */
- }
- if (ret && !pick) {
- pick = ret;
- }
- }
- }
-
- /* root or a descendant matches, but is full */
- return pick;
-}
-
-static BusState *qbus_find(const char *path, Error **errp)
-{
- DeviceState *dev;
- BusState *bus;
- char elem[128];
- int pos, len;
-
- /* find start element */
- if (path[0] == '/') {
- bus = sysbus_get_default();
- pos = 0;
- } else {
- if (sscanf(path, "%127[^/]%n", elem, &len) != 1) {
- assert(!path[0]);
- elem[0] = len = 0;
- }
- bus = qbus_find_recursive(sysbus_get_default(), elem, NULL);
- if (!bus) {
- error_setg(errp, "Bus '%s' not found", elem);
- return NULL;
- }
- pos = len;
- }
-
- for (;;) {
- assert(path[pos] == '/' || !path[pos]);
- while (path[pos] == '/') {
- pos++;
- }
- if (path[pos] == '\0') {
- break;
- }
-
- /* find device */
- if (sscanf(path+pos, "%127[^/]%n", elem, &len) != 1) {
- g_assert_not_reached();
- elem[0] = len = 0;
- }
- pos += len;
- dev = qbus_find_dev(bus, elem);
- if (!dev) {
- error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
- "Device '%s' not found", elem);
- qbus_error_append_dev_list_hint(bus, errp);
- return NULL;
- }
-
- assert(path[pos] == '/' || !path[pos]);
- while (path[pos] == '/') {
- pos++;
- }
- if (path[pos] == '\0') {
- /* last specified element is a device. If it has exactly
- * one child bus accept it nevertheless */
- if (dev->num_child_bus == 1) {
- bus = QLIST_FIRST(&dev->child_bus);
- break;
- }
- if (dev->num_child_bus) {
- error_setg(errp, "Device '%s' has multiple child buses",
- elem);
- qbus_error_append_bus_list_hint(dev, errp);
- } else {
- error_setg(errp, "Device '%s' has no child bus", elem);
- }
- return NULL;
- }
-
- /* find bus */
- if (sscanf(path+pos, "%127[^/]%n", elem, &len) != 1) {
- g_assert_not_reached();
- elem[0] = len = 0;
- }
- pos += len;
- bus = qbus_find_bus(dev, elem);
- if (!bus) {
- error_setg(errp, "Bus '%s' not found", elem);
- qbus_error_append_bus_list_hint(dev, errp);
- return NULL;
- }
- }
-
- if (qbus_is_full(bus)) {
- error_setg(errp, "Bus '%s' is full", path);
- return NULL;
- }
- return bus;
-}
-
-void qdev_set_id(DeviceState *dev, const char *id)
-{
- if (id) {
- dev->id = id;
- }
-
- if (dev->id) {
- object_property_add_child(qdev_get_peripheral(), dev->id,
- OBJECT(dev));
- } else {
- static int anon_count;
- gchar *name = g_strdup_printf("device[%d]", anon_count++);
- object_property_add_child(qdev_get_peripheral_anon(), name,
- OBJECT(dev));
- g_free(name);
- }
-}
-
-static int is_failover_device(void *opaque, const char *name, const char *value,
- Error **errp)
-{
- if (strcmp(name, "failover_pair_id") == 0) {
- QemuOpts *opts = (QemuOpts *)opaque;
-
- if (qdev_should_hide_device(opts)) {
- return 1;
- }
- }
-
- return 0;
-}
-
-static bool should_hide_device(QemuOpts *opts)
-{
- if (qemu_opt_foreach(opts, is_failover_device, opts, NULL) == 0) {
- return false;
- }
- return true;
-}
-
-DeviceState *qdev_device_add(QemuOpts *opts, Error **errp)
-{
- DeviceClass *dc;
- const char *driver, *path;
- DeviceState *dev = NULL;
- BusState *bus = NULL;
- bool hide;
-
- driver = qemu_opt_get(opts, "driver");
- if (!driver) {
- error_setg(errp, QERR_MISSING_PARAMETER, "driver");
- return NULL;
- }
-
- /* find driver */
- dc = qdev_get_device_class(&driver, errp);
- if (!dc) {
- return NULL;
- }
-
- /* find bus */
- path = qemu_opt_get(opts, "bus");
- if (path != NULL) {
- bus = qbus_find(path, errp);
- if (!bus) {
- return NULL;
- }
- if (!object_dynamic_cast(OBJECT(bus), dc->bus_type)) {
- error_setg(errp, "Device '%s' can't go on %s bus",
- driver, object_get_typename(OBJECT(bus)));
- return NULL;
- }
- } else if (dc->bus_type != NULL) {
- bus = qbus_find_recursive(sysbus_get_default(), NULL, dc->bus_type);
- if (!bus || qbus_is_full(bus)) {
- error_setg(errp, "No '%s' bus found for device '%s'",
- dc->bus_type, driver);
- return NULL;
- }
- }
- hide = should_hide_device(opts);
-
- if ((hide || qdev_hotplug) && bus && !qbus_is_hotpluggable(bus)) {
- error_setg(errp, QERR_BUS_NO_HOTPLUG, bus->name);
- return NULL;
- }
-
- if (hide) {
- return NULL;
- }
-
- if (!migration_is_idle()) {
- error_setg(errp, "device_add not allowed while migrating");
- return NULL;
- }
-
- /* create device */
- dev = qdev_new(driver);
-
- /* Check whether the hotplug is allowed by the machine */
- if (qdev_hotplug && !qdev_hotplug_allowed(dev, errp)) {
- goto err_del_dev;
- }
-
- if (!bus && qdev_hotplug && !qdev_get_machine_hotplug_handler(dev)) {
- /* No bus, no machine hotplug handler --> device is not hotpluggable */
- error_setg(errp, "Device '%s' can not be hotplugged on this machine",
- driver);
- goto err_del_dev;
- }
-
- qdev_set_id(dev, qemu_opts_id(opts));
-
- /* set properties */
- if (qemu_opt_foreach(opts, set_property, dev, errp)) {
- goto err_del_dev;
- }
-
- dev->opts = opts;
- if (!qdev_realize(DEVICE(dev), bus, errp)) {
- dev->opts = NULL;
- goto err_del_dev;
- }
- return dev;
-
-err_del_dev:
- if (dev) {
- object_unparent(OBJECT(dev));
- object_unref(OBJECT(dev));
- }
- return NULL;
-}
-
-
-#define qdev_printf(fmt, ...) monitor_printf(mon, "%*s" fmt, indent, "", ## __VA_ARGS__)
-static void qbus_print(Monitor *mon, BusState *bus, int indent);
-
-static void qdev_print_props(Monitor *mon, DeviceState *dev, Property *props,
- int indent)
-{
- if (!props)
- return;
- for (; props->name; props++) {
- char *value;
- char *legacy_name = g_strdup_printf("legacy-%s", props->name);
-
- if (object_property_get_type(OBJECT(dev), legacy_name, NULL)) {
- value = object_property_get_str(OBJECT(dev), legacy_name, NULL);
- } else {
- value = object_property_print(OBJECT(dev), props->name, true,
- NULL);
- }
- g_free(legacy_name);
-
- if (!value) {
- continue;
- }
- qdev_printf("%s = %s\n", props->name,
- *value ? value : "<null>");
- g_free(value);
- }
-}
-
-static void bus_print_dev(BusState *bus, Monitor *mon, DeviceState *dev, int indent)
-{
- BusClass *bc = BUS_GET_CLASS(bus);
-
- if (bc->print_dev) {
- bc->print_dev(mon, dev, indent);
- }
-}
-
-static void qdev_print(Monitor *mon, DeviceState *dev, int indent)
-{
- ObjectClass *class;
- BusState *child;
- NamedGPIOList *ngl;
- NamedClockList *ncl;
-
- qdev_printf("dev: %s, id \"%s\"\n", object_get_typename(OBJECT(dev)),
- dev->id ? dev->id : "");
- indent += 2;
- QLIST_FOREACH(ngl, &dev->gpios, node) {
- if (ngl->num_in) {
- qdev_printf("gpio-in \"%s\" %d\n", ngl->name ? ngl->name : "",
- ngl->num_in);
- }
- if (ngl->num_out) {
- qdev_printf("gpio-out \"%s\" %d\n", ngl->name ? ngl->name : "",
- ngl->num_out);
- }
- }
- QLIST_FOREACH(ncl, &dev->clocks, node) {
- qdev_printf("clock-%s%s \"%s\" freq_hz=%e\n",
- ncl->output ? "out" : "in",
- ncl->alias ? " (alias)" : "",
- ncl->name,
- CLOCK_PERIOD_TO_HZ(1.0 * clock_get(ncl->clock)));
- }
- class = object_get_class(OBJECT(dev));
- do {
- qdev_print_props(mon, dev, DEVICE_CLASS(class)->props_, indent);
- class = object_class_get_parent(class);
- } while (class != object_class_by_name(TYPE_DEVICE));
- bus_print_dev(dev->parent_bus, mon, dev, indent);
- QLIST_FOREACH(child, &dev->child_bus, sibling) {
- qbus_print(mon, child, indent);
- }
-}
-
-static void qbus_print(Monitor *mon, BusState *bus, int indent)
-{
- BusChild *kid;
-
- qdev_printf("bus: %s\n", bus->name);
- indent += 2;
- qdev_printf("type %s\n", object_get_typename(OBJECT(bus)));
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
- DeviceState *dev = kid->child;
- qdev_print(mon, dev, indent);
- }
-}
-#undef qdev_printf
-
-void hmp_info_qtree(Monitor *mon, const QDict *qdict)
-{
- if (sysbus_get_default())
- qbus_print(mon, sysbus_get_default(), 0);
-}
-
-void hmp_info_qdm(Monitor *mon, const QDict *qdict)
-{
- qdev_print_devinfos(true);
-}
-
-void qmp_device_add(QDict *qdict, QObject **ret_data, Error **errp)
-{
- QemuOpts *opts;
- DeviceState *dev;
-
- opts = qemu_opts_from_qdict(qemu_find_opts("device"), qdict, errp);
- if (!opts) {
- return;
- }
- if (!monitor_cur_is_qmp() && qdev_device_help(opts)) {
- qemu_opts_del(opts);
- return;
- }
- dev = qdev_device_add(opts, errp);
- if (!dev) {
- qemu_opts_del(opts);
- return;
- }
- object_unref(OBJECT(dev));
-}
-
-static DeviceState *find_device_state(const char *id, Error **errp)
-{
- Object *obj;
-
- if (id[0] == '/') {
- obj = object_resolve_path(id, NULL);
- } else {
- char *root_path = object_get_canonical_path(qdev_get_peripheral());
- char *path = g_strdup_printf("%s/%s", root_path, id);
-
- g_free(root_path);
- obj = object_resolve_path_type(path, TYPE_DEVICE, NULL);
- g_free(path);
- }
-
- if (!obj) {
- error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
- "Device '%s' not found", id);
- return NULL;
- }
-
- if (!object_dynamic_cast(obj, TYPE_DEVICE)) {
- error_setg(errp, "%s is not a hotpluggable device", id);
- return NULL;
- }
-
- return DEVICE(obj);
-}
-
-void qdev_unplug(DeviceState *dev, Error **errp)
-{
- DeviceClass *dc = DEVICE_GET_CLASS(dev);
- HotplugHandler *hotplug_ctrl;
- HotplugHandlerClass *hdc;
- Error *local_err = NULL;
-
- if (dev->parent_bus && !qbus_is_hotpluggable(dev->parent_bus)) {
- error_setg(errp, QERR_BUS_NO_HOTPLUG, dev->parent_bus->name);
- return;
- }
-
- if (!dc->hotpluggable) {
- error_setg(errp, QERR_DEVICE_NO_HOTPLUG,
- object_get_typename(OBJECT(dev)));
- return;
- }
-
- if (!migration_is_idle() && !dev->allow_unplug_during_migration) {
- error_setg(errp, "device_del not allowed while migrating");
- return;
- }
-
- qdev_hot_removed = true;
-
- hotplug_ctrl = qdev_get_hotplug_handler(dev);
- /* hotpluggable device MUST have HotplugHandler, if it doesn't
- * then something is very wrong with it */
- g_assert(hotplug_ctrl);
-
- /* If device supports async unplug just request it to be done,
- * otherwise just remove it synchronously */
- hdc = HOTPLUG_HANDLER_GET_CLASS(hotplug_ctrl);
- if (hdc->unplug_request) {
- hotplug_handler_unplug_request(hotplug_ctrl, dev, &local_err);
- } else {
- hotplug_handler_unplug(hotplug_ctrl, dev, &local_err);
- if (!local_err) {
- object_unparent(OBJECT(dev));
- }
- }
- error_propagate(errp, local_err);
-}
-
-void qmp_device_del(const char *id, Error **errp)
-{
- DeviceState *dev = find_device_state(id, errp);
- if (dev != NULL) {
- if (dev->pending_deleted_event) {
- error_setg(errp, "Device %s is already in the "
- "process of unplug", id);
- return;
- }
-
- qdev_unplug(dev, errp);
- }
-}
-
-void hmp_device_add(Monitor *mon, const QDict *qdict)
-{
- Error *err = NULL;
-
- qmp_device_add((QDict *)qdict, NULL, &err);
- hmp_handle_error(mon, err);
-}
-
-void hmp_device_del(Monitor *mon, const QDict *qdict)
-{
- const char *id = qdict_get_str(qdict, "id");
- Error *err = NULL;
-
- qmp_device_del(id, &err);
- hmp_handle_error(mon, err);
-}
-
-BlockBackend *blk_by_qdev_id(const char *id, Error **errp)
-{
- DeviceState *dev;
- BlockBackend *blk;
-
- dev = find_device_state(id, errp);
- if (dev == NULL) {
- return NULL;
- }
-
- blk = blk_by_dev(dev);
- if (!blk) {
- error_setg(errp, "Device does not have a block device backend");
- }
- return blk;
-}
-
-void qdev_machine_init(void)
-{
- qdev_get_peripheral_anon();
- qdev_get_peripheral();
-}
-
-QemuOptsList qemu_device_opts = {
- .name = "device",
- .implied_opt_name = "driver",
- .head = QTAILQ_HEAD_INITIALIZER(qemu_device_opts.head),
- .desc = {
- /*
- * no elements => accept any
- * sanity checking will happen later
- * when setting device properties
- */
- { /* end of list */ }
- },
-};
-
-QemuOptsList qemu_global_opts = {
- .name = "global",
- .head = QTAILQ_HEAD_INITIALIZER(qemu_global_opts.head),
- .desc = {
- {
- .name = "driver",
- .type = QEMU_OPT_STRING,
- },{
- .name = "property",
- .type = QEMU_OPT_STRING,
- },{
- .name = "value",
- .type = QEMU_OPT_STRING,
- },
- { /* end of list */ }
- },
-};
-
-int qemu_global_option(const char *str)
-{
- char driver[64], property[64];
- QemuOpts *opts;
- int rc, offset;
-
- rc = sscanf(str, "%63[^.=].%63[^=]%n", driver, property, &offset);
- if (rc == 2 && str[offset] == '=') {
- opts = qemu_opts_create(&qemu_global_opts, NULL, 0, &error_abort);
- qemu_opt_set(opts, "driver", driver, &error_abort);
- qemu_opt_set(opts, "property", property, &error_abort);
- qemu_opt_set(opts, "value", str + offset + 1, &error_abort);
- return 0;
- }
-
- opts = qemu_opts_parse_noisily(&qemu_global_opts, str, false);
- if (!opts) {
- return -1;
- }
-
- return 0;
-}
+++ /dev/null
-/*
- * QEMU seccomp mode 2 support with libseccomp
- *
- * Copyright IBM, Corp. 2012
- *
- * Authors:
- * Eduardo Otubo <eotubo@br.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2. See
- * the COPYING file in the top-level directory.
- *
- * Contributions after 2012-01-13 are licensed under the terms of the
- * GNU GPL, version 2 or (at your option) any later version.
- */
-
-#include "qemu/osdep.h"
-#include "qapi/error.h"
-#include "qemu/config-file.h"
-#include "qemu/option.h"
-#include "qemu/module.h"
-#include <sys/prctl.h>
-#include <seccomp.h>
-#include "sysemu/seccomp.h"
-#include <linux/seccomp.h>
-
-/* For some architectures (notably ARM) cacheflush is not supported until
- * libseccomp 2.2.3, but configure enforces that we are using a more recent
- * version on those hosts, so it is OK for this check to be less strict.
- */
-#if SCMP_VER_MAJOR >= 3
- #define HAVE_CACHEFLUSH
-#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 2
- #define HAVE_CACHEFLUSH
-#endif
-
-struct QemuSeccompSyscall {
- int32_t num;
- uint8_t set;
- uint8_t narg;
- const struct scmp_arg_cmp *arg_cmp;
-};
-
-const struct scmp_arg_cmp sched_setscheduler_arg[] = {
- /* was SCMP_A1(SCMP_CMP_NE, SCHED_IDLE), but expanded due to GCC 4.x bug */
- { .arg = 1, .op = SCMP_CMP_NE, .datum_a = SCHED_IDLE }
-};
-
-static const struct QemuSeccompSyscall blacklist[] = {
- /* default set of syscalls to blacklist */
- { SCMP_SYS(reboot), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(swapon), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(swapoff), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(syslog), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(mount), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(umount), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(kexec_load), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(afs_syscall), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(break), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(ftime), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(getpmsg), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(gtty), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(lock), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(mpx), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(prof), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(profil), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(putpmsg), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(security), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(stty), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(tuxcall), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(ulimit), QEMU_SECCOMP_SET_DEFAULT },
- { SCMP_SYS(vserver), QEMU_SECCOMP_SET_DEFAULT },
- /* obsolete */
- { SCMP_SYS(readdir), QEMU_SECCOMP_SET_OBSOLETE },
- { SCMP_SYS(_sysctl), QEMU_SECCOMP_SET_OBSOLETE },
- { SCMP_SYS(bdflush), QEMU_SECCOMP_SET_OBSOLETE },
- { SCMP_SYS(create_module), QEMU_SECCOMP_SET_OBSOLETE },
- { SCMP_SYS(get_kernel_syms), QEMU_SECCOMP_SET_OBSOLETE },
- { SCMP_SYS(query_module), QEMU_SECCOMP_SET_OBSOLETE },
- { SCMP_SYS(sgetmask), QEMU_SECCOMP_SET_OBSOLETE },
- { SCMP_SYS(ssetmask), QEMU_SECCOMP_SET_OBSOLETE },
- { SCMP_SYS(sysfs), QEMU_SECCOMP_SET_OBSOLETE },
- { SCMP_SYS(uselib), QEMU_SECCOMP_SET_OBSOLETE },
- { SCMP_SYS(ustat), QEMU_SECCOMP_SET_OBSOLETE },
- /* privileged */
- { SCMP_SYS(setuid), QEMU_SECCOMP_SET_PRIVILEGED },
- { SCMP_SYS(setgid), QEMU_SECCOMP_SET_PRIVILEGED },
- { SCMP_SYS(setpgid), QEMU_SECCOMP_SET_PRIVILEGED },
- { SCMP_SYS(setsid), QEMU_SECCOMP_SET_PRIVILEGED },
- { SCMP_SYS(setreuid), QEMU_SECCOMP_SET_PRIVILEGED },
- { SCMP_SYS(setregid), QEMU_SECCOMP_SET_PRIVILEGED },
- { SCMP_SYS(setresuid), QEMU_SECCOMP_SET_PRIVILEGED },
- { SCMP_SYS(setresgid), QEMU_SECCOMP_SET_PRIVILEGED },
- { SCMP_SYS(setfsuid), QEMU_SECCOMP_SET_PRIVILEGED },
- { SCMP_SYS(setfsgid), QEMU_SECCOMP_SET_PRIVILEGED },
- /* spawn */
- { SCMP_SYS(fork), QEMU_SECCOMP_SET_SPAWN },
- { SCMP_SYS(vfork), QEMU_SECCOMP_SET_SPAWN },
- { SCMP_SYS(execve), QEMU_SECCOMP_SET_SPAWN },
- /* resource control */
- { SCMP_SYS(getpriority), QEMU_SECCOMP_SET_RESOURCECTL },
- { SCMP_SYS(setpriority), QEMU_SECCOMP_SET_RESOURCECTL },
- { SCMP_SYS(sched_setparam), QEMU_SECCOMP_SET_RESOURCECTL },
- { SCMP_SYS(sched_getparam), QEMU_SECCOMP_SET_RESOURCECTL },
- { SCMP_SYS(sched_setscheduler), QEMU_SECCOMP_SET_RESOURCECTL,
- ARRAY_SIZE(sched_setscheduler_arg), sched_setscheduler_arg },
- { SCMP_SYS(sched_getscheduler), QEMU_SECCOMP_SET_RESOURCECTL },
- { SCMP_SYS(sched_setaffinity), QEMU_SECCOMP_SET_RESOURCECTL },
- { SCMP_SYS(sched_getaffinity), QEMU_SECCOMP_SET_RESOURCECTL },
- { SCMP_SYS(sched_get_priority_max), QEMU_SECCOMP_SET_RESOURCECTL },
- { SCMP_SYS(sched_get_priority_min), QEMU_SECCOMP_SET_RESOURCECTL },
-};
-
-static inline __attribute__((unused)) int
-qemu_seccomp(unsigned int operation, unsigned int flags, void *args)
-{
-#ifdef __NR_seccomp
- return syscall(__NR_seccomp, operation, flags, args);
-#else
- errno = ENOSYS;
- return -1;
-#endif
-}
-
-static uint32_t qemu_seccomp_get_action(int set)
-{
- switch (set) {
- case QEMU_SECCOMP_SET_DEFAULT:
- case QEMU_SECCOMP_SET_OBSOLETE:
- case QEMU_SECCOMP_SET_PRIVILEGED:
- case QEMU_SECCOMP_SET_SPAWN: {
-#if defined(SECCOMP_GET_ACTION_AVAIL) && defined(SCMP_ACT_KILL_PROCESS) && \
- defined(SECCOMP_RET_KILL_PROCESS)
- static int kill_process = -1;
- if (kill_process == -1) {
- uint32_t action = SECCOMP_RET_KILL_PROCESS;
-
- if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) {
- kill_process = 1;
- } else {
- kill_process = 0;
- }
- }
- if (kill_process == 1) {
- return SCMP_ACT_KILL_PROCESS;
- }
-#endif
- return SCMP_ACT_TRAP;
- }
-
- case QEMU_SECCOMP_SET_RESOURCECTL:
- return SCMP_ACT_ERRNO(EPERM);
-
- default:
- g_assert_not_reached();
- }
-}
-
-
-static int seccomp_start(uint32_t seccomp_opts, Error **errp)
-{
- int rc = -1;
- unsigned int i = 0;
- scmp_filter_ctx ctx;
-
- ctx = seccomp_init(SCMP_ACT_ALLOW);
- if (ctx == NULL) {
- error_setg(errp, "failed to initialize seccomp context");
- goto seccomp_return;
- }
-
- rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1);
- if (rc != 0) {
- error_setg_errno(errp, -rc,
- "failed to set seccomp thread synchronization");
- goto seccomp_return;
- }
-
- for (i = 0; i < ARRAY_SIZE(blacklist); i++) {
- uint32_t action;
- if (!(seccomp_opts & blacklist[i].set)) {
- continue;
- }
-
- action = qemu_seccomp_get_action(blacklist[i].set);
- rc = seccomp_rule_add_array(ctx, action, blacklist[i].num,
- blacklist[i].narg, blacklist[i].arg_cmp);
- if (rc < 0) {
- error_setg_errno(errp, -rc,
- "failed to add seccomp blacklist rules");
- goto seccomp_return;
- }
- }
-
- rc = seccomp_load(ctx);
- if (rc < 0) {
- error_setg_errno(errp, -rc,
- "failed to load seccomp syscall filter in kernel");
- }
-
- seccomp_return:
- seccomp_release(ctx);
- return rc < 0 ? -1 : 0;
-}
-
-#ifdef CONFIG_SECCOMP
-int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp)
-{
- if (qemu_opt_get_bool(opts, "enable", false)) {
- uint32_t seccomp_opts = QEMU_SECCOMP_SET_DEFAULT
- | QEMU_SECCOMP_SET_OBSOLETE;
- const char *value = NULL;
-
- value = qemu_opt_get(opts, "obsolete");
- if (value) {
- if (g_str_equal(value, "allow")) {
- seccomp_opts &= ~QEMU_SECCOMP_SET_OBSOLETE;
- } else if (g_str_equal(value, "deny")) {
- /* this is the default option, this if is here
- * to provide a little bit of consistency for
- * the command line */
- } else {
- error_setg(errp, "invalid argument for obsolete");
- return -1;
- }
- }
-
- value = qemu_opt_get(opts, "elevateprivileges");
- if (value) {
- if (g_str_equal(value, "deny")) {
- seccomp_opts |= QEMU_SECCOMP_SET_PRIVILEGED;
- } else if (g_str_equal(value, "children")) {
- seccomp_opts |= QEMU_SECCOMP_SET_PRIVILEGED;
-
- /* calling prctl directly because we're
- * not sure if host has CAP_SYS_ADMIN set*/
- if (prctl(PR_SET_NO_NEW_PRIVS, 1)) {
- error_setg(errp, "failed to set no_new_privs aborting");
- return -1;
- }
- } else if (g_str_equal(value, "allow")) {
- /* default value */
- } else {
- error_setg(errp, "invalid argument for elevateprivileges");
- return -1;
- }
- }
-
- value = qemu_opt_get(opts, "spawn");
- if (value) {
- if (g_str_equal(value, "deny")) {
- seccomp_opts |= QEMU_SECCOMP_SET_SPAWN;
- } else if (g_str_equal(value, "allow")) {
- /* default value */
- } else {
- error_setg(errp, "invalid argument for spawn");
- return -1;
- }
- }
-
- value = qemu_opt_get(opts, "resourcecontrol");
- if (value) {
- if (g_str_equal(value, "deny")) {
- seccomp_opts |= QEMU_SECCOMP_SET_RESOURCECTL;
- } else if (g_str_equal(value, "allow")) {
- /* default value */
- } else {
- error_setg(errp, "invalid argument for resourcecontrol");
- return -1;
- }
- }
-
- if (seccomp_start(seccomp_opts, errp) < 0) {
- return -1;
- }
- }
-
- return 0;
-}
-
-static QemuOptsList qemu_sandbox_opts = {
- .name = "sandbox",
- .implied_opt_name = "enable",
- .head = QTAILQ_HEAD_INITIALIZER(qemu_sandbox_opts.head),
- .desc = {
- {
- .name = "enable",
- .type = QEMU_OPT_BOOL,
- },
- {
- .name = "obsolete",
- .type = QEMU_OPT_STRING,
- },
- {
- .name = "elevateprivileges",
- .type = QEMU_OPT_STRING,
- },
- {
- .name = "spawn",
- .type = QEMU_OPT_STRING,
- },
- {
- .name = "resourcecontrol",
- .type = QEMU_OPT_STRING,
- },
- { /* end of list */ }
- },
-};
-
-static void seccomp_register(void)
-{
- bool add = false;
-
- /* FIXME: use seccomp_api_get() >= 2 check when released */
-
-#if defined(SECCOMP_FILTER_FLAG_TSYNC)
- int check;
-
- /* check host TSYNC capability, it returns errno == ENOSYS if unavailable */
- check = qemu_seccomp(SECCOMP_SET_MODE_FILTER,
- SECCOMP_FILTER_FLAG_TSYNC, NULL);
- if (check < 0 && errno == EFAULT) {
- add = true;
- }
-#endif
-
- if (add) {
- qemu_add_opts(&qemu_sandbox_opts);
- }
-}
-opts_init(seccomp_register);
-#endif
-qom_ss = ss.source_set()
qom_ss.add(genh)
qom_ss.add(files(
'container.c',
qmp_ss.add(files('qom-qmp-cmds.c'))
softmmu_ss.add(files('qom-hmp-cmds.c'))
-
-qom_ss = qom_ss.apply(config_host, strict: false)
-libqom = static_library('qom', qom_ss.sources() + genh,
- dependencies: [qom_ss.dependencies()],
- name_suffix: 'fa')
-
-qom = declare_dependency(link_whole: libqom)
import sys
-def get_local_staging_branch_commit():
+class CommunicationFailure(Exception):
+ """Failed to communicate to gitlab.com APIs."""
+
+
+class NoPipelineFound(Exception):
+ """Communication is successfull but pipeline is not found."""
+
+
+def get_local_branch_commit(branch='staging'):
"""
Returns the commit sha1 for the *local* branch named "staging"
"""
- result = subprocess.run(['git', 'rev-parse', 'staging'],
+ result = subprocess.run(['git', 'rev-parse', branch],
stdin=subprocess.DEVNULL,
stdout=subprocess.PIPE,
stderr=subprocess.DEVNULL,
cwd=os.path.dirname(__file__),
universal_newlines=True).stdout.strip()
- if result == 'staging':
- raise ValueError("There's no local branch named 'staging'")
+ if result == branch:
+ raise ValueError("There's no local branch named '%s'" % branch)
if len(result) != 40:
- raise ValueError("Branch staging HEAD doesn't look like a sha1")
+ raise ValueError("Branch '%s' HEAD doesn't look like a sha1" % branch)
return result
connection.request('GET', url=url)
response = connection.getresponse()
if response.code != http.HTTPStatus.OK:
- raise ValueError("Failed to receive a successful response")
+ raise CommunicationFailure("Failed to receive a successful response")
json_response = json.loads(response.read())
# As far as I can tell, there should be only one pipeline for the same
# project + commit. If this assumption is false, we can add further
# filters to the url, such as username, and order_by.
if not json_response:
- raise ValueError("No pipeline found")
+ raise NoPipelineFound("No pipeline found")
return json_response[0]
start = time.time()
while True:
if time.time() >= (start + timeout):
- print("Waiting on the pipeline timed out")
+ msg = ("Timeout (-t/--timeout) of %i seconds reached, "
+ "won't wait any longer for the pipeline to complete")
+ msg %= timeout
+ print(msg)
return False
- status = get_pipeline_status(project_id, commit_sha)
- if status['status'] == 'running':
+ try:
+ status = get_pipeline_status(project_id, commit_sha)
+ except NoPipelineFound:
+ print('Pipeline has not been found, it may not have been created yet.')
+ time.sleep(1)
+ continue
+
+ pipeline_status = status['status']
+ status_to_wait = ('created', 'waiting_for_resource', 'preparing',
+ 'pending', 'running')
+ if pipeline_status in status_to_wait:
+ print('%s...' % pipeline_status)
time.sleep(interval)
- print('running...')
continue
- if status['status'] == 'success':
+ if pipeline_status == 'success':
return True
msg = "Pipeline failed, check: %s" % status['web_url']
return False
-def main():
- """
- Script entry point
- """
+def create_parser():
parser = argparse.ArgumentParser(
prog='pipeline-status',
description='check or wait on a pipeline status')
'for https://gitlab.com/qemu-project/qemu, that '
'is, "%(default)s"'))
try:
- default_commit = get_local_staging_branch_commit()
+ default_commit = get_local_branch_commit()
commit_required = False
except ValueError:
default_commit = ''
parser.add_argument('--verbose', action='store_true', default=False,
help=('A minimal verbosity level that prints the '
'overall result of the check/wait'))
+ return parser
+def main():
+ """
+ Script entry point
+ """
+ parser = create_parser()
args = parser.parse_args()
-
+ success = False
try:
if args.wait:
success = wait_on_pipeline_success(
args.commit)
success = status['status'] == 'success'
except Exception as error: # pylint: disable=W0703
- success = False
if args.verbose:
print("ERROR: %s" % error.args[0])
+ except KeyboardInterrupt:
+ if args.verbose:
+ print("Exiting on user's request")
if success:
if args.verbose:
--- /dev/null
+// Highlight object declarations that don't look like object class but
+// accidentally inherit from it.
+
+@match@
+identifier obj_t, fld;
+type parent_t =~ ".*Class$";
+@@
+struct obj_t {
+ parent_t fld;
+ ...
+};
+
+@script:python filter depends on match@
+obj_t << match.obj_t;
+@@
+is_class_obj = obj_t.endswith('Class')
+cocci.include_match(not is_class_obj)
+
+@replacement depends on filter@
+identifier match.obj_t, match.fld;
+type match.parent_t;
+@@
+struct obj_t {
+* parent_t fld;
+ ...
+};
if [ -z "$pkgversion" ]; then
cd "$dir"
if [ -e .git ]; then
- pkgversion=$(git describe --match 'v*' --dirty | echo "")
+ pkgversion=$(git describe --match 'v*' --dirty) || :
fi
fi
--- /dev/null
+/*
+ * QEMU Boot Device Implement
+ *
+ * Copyright (c) 2014 HUAWEI TECHNOLOGIES CO., LTD.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "sysemu/sysemu.h"
+#include "qapi/visitor.h"
+#include "qemu/error-report.h"
+#include "sysemu/reset.h"
+#include "hw/qdev-core.h"
+#include "hw/boards.h"
+
+typedef struct FWBootEntry FWBootEntry;
+
+struct FWBootEntry {
+ QTAILQ_ENTRY(FWBootEntry) link;
+ int32_t bootindex;
+ DeviceState *dev;
+ char *suffix;
+};
+
+static QTAILQ_HEAD(, FWBootEntry) fw_boot_order =
+ QTAILQ_HEAD_INITIALIZER(fw_boot_order);
+static QEMUBootSetHandler *boot_set_handler;
+static void *boot_set_opaque;
+
+void qemu_register_boot_set(QEMUBootSetHandler *func, void *opaque)
+{
+ boot_set_handler = func;
+ boot_set_opaque = opaque;
+}
+
+void qemu_boot_set(const char *boot_order, Error **errp)
+{
+ Error *local_err = NULL;
+
+ if (!boot_set_handler) {
+ error_setg(errp, "no function defined to set boot device list for"
+ " this architecture");
+ return;
+ }
+
+ validate_bootdevices(boot_order, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+
+ boot_set_handler(boot_set_opaque, boot_order, errp);
+}
+
+void validate_bootdevices(const char *devices, Error **errp)
+{
+ /* We just do some generic consistency checks */
+ const char *p;
+ int bitmap = 0;
+
+ for (p = devices; *p != '\0'; p++) {
+ /* Allowed boot devices are:
+ * a-b: floppy disk drives
+ * c-f: IDE disk drives
+ * g-m: machine implementation dependent drives
+ * n-p: network devices
+ * It's up to each machine implementation to check if the given boot
+ * devices match the actual hardware implementation and firmware
+ * features.
+ */
+ if (*p < 'a' || *p > 'p') {
+ error_setg(errp, "Invalid boot device '%c'", *p);
+ return;
+ }
+ if (bitmap & (1 << (*p - 'a'))) {
+ error_setg(errp, "Boot device '%c' was given twice", *p);
+ return;
+ }
+ bitmap |= 1 << (*p - 'a');
+ }
+}
+
+void restore_boot_order(void *opaque)
+{
+ char *normal_boot_order = opaque;
+ static int first = 1;
+
+ /* Restore boot order and remove ourselves after the first boot */
+ if (first) {
+ first = 0;
+ return;
+ }
+
+ if (boot_set_handler) {
+ qemu_boot_set(normal_boot_order, &error_abort);
+ }
+
+ qemu_unregister_reset(restore_boot_order, normal_boot_order);
+ g_free(normal_boot_order);
+}
+
+void check_boot_index(int32_t bootindex, Error **errp)
+{
+ FWBootEntry *i;
+
+ if (bootindex >= 0) {
+ QTAILQ_FOREACH(i, &fw_boot_order, link) {
+ if (i->bootindex == bootindex) {
+ error_setg(errp, "The bootindex %d has already been used",
+ bootindex);
+ return;
+ }
+ }
+ }
+}
+
+void del_boot_device_path(DeviceState *dev, const char *suffix)
+{
+ FWBootEntry *i;
+
+ if (dev == NULL) {
+ return;
+ }
+
+ QTAILQ_FOREACH(i, &fw_boot_order, link) {
+ if ((!suffix || !g_strcmp0(i->suffix, suffix)) &&
+ i->dev == dev) {
+ QTAILQ_REMOVE(&fw_boot_order, i, link);
+ g_free(i->suffix);
+ g_free(i);
+
+ break;
+ }
+ }
+}
+
+void add_boot_device_path(int32_t bootindex, DeviceState *dev,
+ const char *suffix)
+{
+ FWBootEntry *node, *i;
+
+ if (bootindex < 0) {
+ del_boot_device_path(dev, suffix);
+ return;
+ }
+
+ assert(dev != NULL || suffix != NULL);
+
+ del_boot_device_path(dev, suffix);
+
+ node = g_malloc0(sizeof(FWBootEntry));
+ node->bootindex = bootindex;
+ node->suffix = g_strdup(suffix);
+ node->dev = dev;
+
+ QTAILQ_FOREACH(i, &fw_boot_order, link) {
+ if (i->bootindex == bootindex) {
+ error_report("Two devices with same boot index %d", bootindex);
+ exit(1);
+ } else if (i->bootindex < bootindex) {
+ continue;
+ }
+ QTAILQ_INSERT_BEFORE(i, node, link);
+ return;
+ }
+ QTAILQ_INSERT_TAIL(&fw_boot_order, node, link);
+}
+
+DeviceState *get_boot_device(uint32_t position)
+{
+ uint32_t counter = 0;
+ FWBootEntry *i = NULL;
+ DeviceState *res = NULL;
+
+ if (!QTAILQ_EMPTY(&fw_boot_order)) {
+ QTAILQ_FOREACH(i, &fw_boot_order, link) {
+ if (counter == position) {
+ res = i->dev;
+ break;
+ }
+ counter++;
+ }
+ }
+ return res;
+}
+
+static char *get_boot_device_path(DeviceState *dev, bool ignore_suffixes,
+ const char *suffix)
+{
+ char *devpath = NULL, *s = NULL, *d, *bootpath;
+
+ if (dev) {
+ devpath = qdev_get_fw_dev_path(dev);
+ assert(devpath);
+ }
+
+ if (!ignore_suffixes) {
+ if (dev) {
+ d = qdev_get_own_fw_dev_path_from_handler(dev->parent_bus, dev);
+ if (d) {
+ assert(!suffix);
+ s = d;
+ } else {
+ s = g_strdup(suffix);
+ }
+ } else {
+ s = g_strdup(suffix);
+ }
+ }
+
+ bootpath = g_strdup_printf("%s%s",
+ devpath ? devpath : "",
+ s ? s : "");
+ g_free(devpath);
+ g_free(s);
+
+ return bootpath;
+}
+
+/*
+ * This function returns null terminated string that consist of new line
+ * separated device paths.
+ *
+ * memory pointed by "size" is assigned total length of the array in bytes
+ *
+ */
+char *get_boot_devices_list(size_t *size)
+{
+ FWBootEntry *i;
+ size_t total = 0;
+ char *list = NULL;
+ MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
+ bool ignore_suffixes = mc->ignore_boot_device_suffixes;
+
+ QTAILQ_FOREACH(i, &fw_boot_order, link) {
+ char *bootpath;
+ size_t len;
+
+ bootpath = get_boot_device_path(i->dev, ignore_suffixes, i->suffix);
+
+ if (total) {
+ list[total-1] = '\n';
+ }
+ len = strlen(bootpath) + 1;
+ list = g_realloc(list, total + len);
+ memcpy(&list[total], bootpath, len);
+ total += len;
+ g_free(bootpath);
+ }
+
+ *size = total;
+
+ if (boot_strict && *size > 0) {
+ list[total-1] = '\n';
+ list = g_realloc(list, total + 5);
+ memcpy(&list[total], "HALT", 5);
+ *size = total + 5;
+ }
+ return list;
+}
+
+typedef struct {
+ int32_t *bootindex;
+ const char *suffix;
+ DeviceState *dev;
+} BootIndexProperty;
+
+static void device_get_bootindex(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ BootIndexProperty *prop = opaque;
+ visit_type_int32(v, name, prop->bootindex, errp);
+}
+
+static void device_set_bootindex(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ BootIndexProperty *prop = opaque;
+ int32_t boot_index;
+ Error *local_err = NULL;
+
+ if (!visit_type_int32(v, name, &boot_index, errp)) {
+ return;
+ }
+ /* check whether bootindex is present in fw_boot_order list */
+ check_boot_index(boot_index, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+ /* change bootindex to a new one */
+ *prop->bootindex = boot_index;
+
+ add_boot_device_path(*prop->bootindex, prop->dev, prop->suffix);
+}
+
+static void property_release_bootindex(Object *obj, const char *name,
+ void *opaque)
+
+{
+ BootIndexProperty *prop = opaque;
+
+ del_boot_device_path(prop->dev, prop->suffix);
+ g_free(prop);
+}
+
+void device_add_bootindex_property(Object *obj, int32_t *bootindex,
+ const char *name, const char *suffix,
+ DeviceState *dev)
+{
+ BootIndexProperty *prop = g_malloc0(sizeof(*prop));
+
+ prop->bootindex = bootindex;
+ prop->suffix = suffix;
+ prop->dev = dev;
+
+ object_property_add(obj, name, "int32",
+ device_get_bootindex,
+ device_set_bootindex,
+ property_release_bootindex,
+ prop);
+
+ /* initialize devices' bootindex property to -1 */
+ object_property_set_int(obj, name, -1, NULL);
+}
+
+typedef struct FWLCHSEntry FWLCHSEntry;
+
+struct FWLCHSEntry {
+ QTAILQ_ENTRY(FWLCHSEntry) link;
+ DeviceState *dev;
+ char *suffix;
+ uint32_t lcyls;
+ uint32_t lheads;
+ uint32_t lsecs;
+};
+
+static QTAILQ_HEAD(, FWLCHSEntry) fw_lchs =
+ QTAILQ_HEAD_INITIALIZER(fw_lchs);
+
+void add_boot_device_lchs(DeviceState *dev, const char *suffix,
+ uint32_t lcyls, uint32_t lheads, uint32_t lsecs)
+{
+ FWLCHSEntry *node;
+
+ if (!lcyls && !lheads && !lsecs) {
+ return;
+ }
+
+ assert(dev != NULL || suffix != NULL);
+
+ node = g_malloc0(sizeof(FWLCHSEntry));
+ node->suffix = g_strdup(suffix);
+ node->dev = dev;
+ node->lcyls = lcyls;
+ node->lheads = lheads;
+ node->lsecs = lsecs;
+
+ QTAILQ_INSERT_TAIL(&fw_lchs, node, link);
+}
+
+void del_boot_device_lchs(DeviceState *dev, const char *suffix)
+{
+ FWLCHSEntry *i;
+
+ if (dev == NULL) {
+ return;
+ }
+
+ QTAILQ_FOREACH(i, &fw_lchs, link) {
+ if ((!suffix || !g_strcmp0(i->suffix, suffix)) &&
+ i->dev == dev) {
+ QTAILQ_REMOVE(&fw_lchs, i, link);
+ g_free(i->suffix);
+ g_free(i);
+
+ break;
+ }
+ }
+}
+
+char *get_boot_devices_lchs_list(size_t *size)
+{
+ FWLCHSEntry *i;
+ size_t total = 0;
+ char *list = NULL;
+
+ QTAILQ_FOREACH(i, &fw_lchs, link) {
+ char *bootpath;
+ char *chs_string;
+ size_t len;
+
+ bootpath = get_boot_device_path(i->dev, false, i->suffix);
+ chs_string = g_strdup_printf("%s %" PRIu32 " %" PRIu32 " %" PRIu32,
+ bootpath, i->lcyls, i->lheads, i->lsecs);
+
+ if (total) {
+ list[total - 1] = '\n';
+ }
+ len = strlen(chs_string) + 1;
+ list = g_realloc(list, total + len);
+ memcpy(&list[total], chs_string, len);
+ total += len;
+ g_free(chs_string);
+ g_free(bootpath);
+ }
+
+ *size = total;
+
+ return list;
+}
--- /dev/null
+/*
+ * Functions to help device tree manipulation using libfdt.
+ * It also provides functions to read entries from device tree proc
+ * interface.
+ *
+ * Copyright 2008 IBM Corporation.
+ * Authors: Jerone Young <jyoung5@us.ibm.com>
+ * Hollis Blanchard <hollisb@us.ibm.com>
+ *
+ * This work is licensed under the GNU GPL license version 2 or later.
+ *
+ */
+
+#include "qemu/osdep.h"
+
+#ifdef CONFIG_LINUX
+#include <dirent.h>
+#endif
+
+#include "qapi/error.h"
+#include "qemu/error-report.h"
+#include "qemu/option.h"
+#include "qemu/bswap.h"
+#include "sysemu/device_tree.h"
+#include "sysemu/sysemu.h"
+#include "hw/loader.h"
+#include "hw/boards.h"
+#include "qemu/config-file.h"
+
+#include <libfdt.h>
+
+#define FDT_MAX_SIZE 0x100000
+
+void *create_device_tree(int *sizep)
+{
+ void *fdt;
+ int ret;
+
+ *sizep = FDT_MAX_SIZE;
+ fdt = g_malloc0(FDT_MAX_SIZE);
+ ret = fdt_create(fdt, FDT_MAX_SIZE);
+ if (ret < 0) {
+ goto fail;
+ }
+ ret = fdt_finish_reservemap(fdt);
+ if (ret < 0) {
+ goto fail;
+ }
+ ret = fdt_begin_node(fdt, "");
+ if (ret < 0) {
+ goto fail;
+ }
+ ret = fdt_end_node(fdt);
+ if (ret < 0) {
+ goto fail;
+ }
+ ret = fdt_finish(fdt);
+ if (ret < 0) {
+ goto fail;
+ }
+ ret = fdt_open_into(fdt, fdt, *sizep);
+ if (ret) {
+ error_report("Unable to copy device tree in memory");
+ exit(1);
+ }
+
+ return fdt;
+fail:
+ error_report("%s Couldn't create dt: %s", __func__, fdt_strerror(ret));
+ exit(1);
+}
+
+void *load_device_tree(const char *filename_path, int *sizep)
+{
+ int dt_size;
+ int dt_file_load_size;
+ int ret;
+ void *fdt = NULL;
+
+ *sizep = 0;
+ dt_size = get_image_size(filename_path);
+ if (dt_size < 0) {
+ error_report("Unable to get size of device tree file '%s'",
+ filename_path);
+ goto fail;
+ }
+ if (dt_size > INT_MAX / 2 - 10000) {
+ error_report("Device tree file '%s' is too large", filename_path);
+ goto fail;
+ }
+
+ /* Expand to 2x size to give enough room for manipulation. */
+ dt_size += 10000;
+ dt_size *= 2;
+ /* First allocate space in qemu for device tree */
+ fdt = g_malloc0(dt_size);
+
+ dt_file_load_size = load_image_size(filename_path, fdt, dt_size);
+ if (dt_file_load_size < 0) {
+ error_report("Unable to open device tree file '%s'",
+ filename_path);
+ goto fail;
+ }
+
+ ret = fdt_open_into(fdt, fdt, dt_size);
+ if (ret) {
+ error_report("Unable to copy device tree in memory");
+ goto fail;
+ }
+
+ /* Check sanity of device tree */
+ if (fdt_check_header(fdt)) {
+ error_report("Device tree file loaded into memory is invalid: %s",
+ filename_path);
+ goto fail;
+ }
+ *sizep = dt_size;
+ return fdt;
+
+fail:
+ g_free(fdt);
+ return NULL;
+}
+
+#ifdef CONFIG_LINUX
+
+#define SYSFS_DT_BASEDIR "/proc/device-tree"
+
+/**
+ * read_fstree: this function is inspired from dtc read_fstree
+ * @fdt: preallocated fdt blob buffer, to be populated
+ * @dirname: directory to scan under SYSFS_DT_BASEDIR
+ * the search is recursive and the tree is searched down to the
+ * leaves (property files).
+ *
+ * the function asserts in case of error
+ */
+static void read_fstree(void *fdt, const char *dirname)
+{
+ DIR *d;
+ struct dirent *de;
+ struct stat st;
+ const char *root_dir = SYSFS_DT_BASEDIR;
+ const char *parent_node;
+
+ if (strstr(dirname, root_dir) != dirname) {
+ error_report("%s: %s must be searched within %s",
+ __func__, dirname, root_dir);
+ exit(1);
+ }
+ parent_node = &dirname[strlen(SYSFS_DT_BASEDIR)];
+
+ d = opendir(dirname);
+ if (!d) {
+ error_report("%s cannot open %s", __func__, dirname);
+ exit(1);
+ }
+
+ while ((de = readdir(d)) != NULL) {
+ char *tmpnam;
+
+ if (!g_strcmp0(de->d_name, ".")
+ || !g_strcmp0(de->d_name, "..")) {
+ continue;
+ }
+
+ tmpnam = g_strdup_printf("%s/%s", dirname, de->d_name);
+
+ if (lstat(tmpnam, &st) < 0) {
+ error_report("%s cannot lstat %s", __func__, tmpnam);
+ exit(1);
+ }
+
+ if (S_ISREG(st.st_mode)) {
+ gchar *val;
+ gsize len;
+
+ if (!g_file_get_contents(tmpnam, &val, &len, NULL)) {
+ error_report("%s not able to extract info from %s",
+ __func__, tmpnam);
+ exit(1);
+ }
+
+ if (strlen(parent_node) > 0) {
+ qemu_fdt_setprop(fdt, parent_node,
+ de->d_name, val, len);
+ } else {
+ qemu_fdt_setprop(fdt, "/", de->d_name, val, len);
+ }
+ g_free(val);
+ } else if (S_ISDIR(st.st_mode)) {
+ char *node_name;
+
+ node_name = g_strdup_printf("%s/%s",
+ parent_node, de->d_name);
+ qemu_fdt_add_subnode(fdt, node_name);
+ g_free(node_name);
+ read_fstree(fdt, tmpnam);
+ }
+
+ g_free(tmpnam);
+ }
+
+ closedir(d);
+}
+
+/* load_device_tree_from_sysfs: extract the dt blob from host sysfs */
+void *load_device_tree_from_sysfs(void)
+{
+ void *host_fdt;
+ int host_fdt_size;
+
+ host_fdt = create_device_tree(&host_fdt_size);
+ read_fstree(host_fdt, SYSFS_DT_BASEDIR);
+ if (fdt_check_header(host_fdt)) {
+ error_report("%s host device tree extracted into memory is invalid",
+ __func__);
+ exit(1);
+ }
+ return host_fdt;
+}
+
+#endif /* CONFIG_LINUX */
+
+static int findnode_nofail(void *fdt, const char *node_path)
+{
+ int offset;
+
+ offset = fdt_path_offset(fdt, node_path);
+ if (offset < 0) {
+ error_report("%s Couldn't find node %s: %s", __func__, node_path,
+ fdt_strerror(offset));
+ exit(1);
+ }
+
+ return offset;
+}
+
+char **qemu_fdt_node_unit_path(void *fdt, const char *name, Error **errp)
+{
+ char *prefix = g_strdup_printf("%s@", name);
+ unsigned int path_len = 16, n = 0;
+ GSList *path_list = NULL, *iter;
+ const char *iter_name;
+ int offset, len, ret;
+ char **path_array;
+
+ offset = fdt_next_node(fdt, -1, NULL);
+
+ while (offset >= 0) {
+ iter_name = fdt_get_name(fdt, offset, &len);
+ if (!iter_name) {
+ offset = len;
+ break;
+ }
+ if (!strcmp(iter_name, name) || g_str_has_prefix(iter_name, prefix)) {
+ char *path;
+
+ path = g_malloc(path_len);
+ while ((ret = fdt_get_path(fdt, offset, path, path_len))
+ == -FDT_ERR_NOSPACE) {
+ path_len += 16;
+ path = g_realloc(path, path_len);
+ }
+ path_list = g_slist_prepend(path_list, path);
+ n++;
+ }
+ offset = fdt_next_node(fdt, offset, NULL);
+ }
+ g_free(prefix);
+
+ if (offset < 0 && offset != -FDT_ERR_NOTFOUND) {
+ error_setg(errp, "%s: abort parsing dt for %s node units: %s",
+ __func__, name, fdt_strerror(offset));
+ for (iter = path_list; iter; iter = iter->next) {
+ g_free(iter->data);
+ }
+ g_slist_free(path_list);
+ return NULL;
+ }
+
+ path_array = g_new(char *, n + 1);
+ path_array[n--] = NULL;
+
+ for (iter = path_list; iter; iter = iter->next) {
+ path_array[n--] = iter->data;
+ }
+
+ g_slist_free(path_list);
+
+ return path_array;
+}
+
+char **qemu_fdt_node_path(void *fdt, const char *name, const char *compat,
+ Error **errp)
+{
+ int offset, len, ret;
+ const char *iter_name;
+ unsigned int path_len = 16, n = 0;
+ GSList *path_list = NULL, *iter;
+ char **path_array;
+
+ offset = fdt_node_offset_by_compatible(fdt, -1, compat);
+
+ while (offset >= 0) {
+ iter_name = fdt_get_name(fdt, offset, &len);
+ if (!iter_name) {
+ offset = len;
+ break;
+ }
+ if (!name || !strcmp(iter_name, name)) {
+ char *path;
+
+ path = g_malloc(path_len);
+ while ((ret = fdt_get_path(fdt, offset, path, path_len))
+ == -FDT_ERR_NOSPACE) {
+ path_len += 16;
+ path = g_realloc(path, path_len);
+ }
+ path_list = g_slist_prepend(path_list, path);
+ n++;
+ }
+ offset = fdt_node_offset_by_compatible(fdt, offset, compat);
+ }
+
+ if (offset < 0 && offset != -FDT_ERR_NOTFOUND) {
+ error_setg(errp, "%s: abort parsing dt for %s/%s: %s",
+ __func__, name, compat, fdt_strerror(offset));
+ for (iter = path_list; iter; iter = iter->next) {
+ g_free(iter->data);
+ }
+ g_slist_free(path_list);
+ return NULL;
+ }
+
+ path_array = g_new(char *, n + 1);
+ path_array[n--] = NULL;
+
+ for (iter = path_list; iter; iter = iter->next) {
+ path_array[n--] = iter->data;
+ }
+
+ g_slist_free(path_list);
+
+ return path_array;
+}
+
+int qemu_fdt_setprop(void *fdt, const char *node_path,
+ const char *property, const void *val, int size)
+{
+ int r;
+
+ r = fdt_setprop(fdt, findnode_nofail(fdt, node_path), property, val, size);
+ if (r < 0) {
+ error_report("%s: Couldn't set %s/%s: %s", __func__, node_path,
+ property, fdt_strerror(r));
+ exit(1);
+ }
+
+ return r;
+}
+
+int qemu_fdt_setprop_cell(void *fdt, const char *node_path,
+ const char *property, uint32_t val)
+{
+ int r;
+
+ r = fdt_setprop_cell(fdt, findnode_nofail(fdt, node_path), property, val);
+ if (r < 0) {
+ error_report("%s: Couldn't set %s/%s = %#08x: %s", __func__,
+ node_path, property, val, fdt_strerror(r));
+ exit(1);
+ }
+
+ return r;
+}
+
+int qemu_fdt_setprop_u64(void *fdt, const char *node_path,
+ const char *property, uint64_t val)
+{
+ val = cpu_to_be64(val);
+ return qemu_fdt_setprop(fdt, node_path, property, &val, sizeof(val));
+}
+
+int qemu_fdt_setprop_string(void *fdt, const char *node_path,
+ const char *property, const char *string)
+{
+ int r;
+
+ r = fdt_setprop_string(fdt, findnode_nofail(fdt, node_path), property, string);
+ if (r < 0) {
+ error_report("%s: Couldn't set %s/%s = %s: %s", __func__,
+ node_path, property, string, fdt_strerror(r));
+ exit(1);
+ }
+
+ return r;
+}
+
+const void *qemu_fdt_getprop(void *fdt, const char *node_path,
+ const char *property, int *lenp, Error **errp)
+{
+ int len;
+ const void *r;
+
+ if (!lenp) {
+ lenp = &len;
+ }
+ r = fdt_getprop(fdt, findnode_nofail(fdt, node_path), property, lenp);
+ if (!r) {
+ error_setg(errp, "%s: Couldn't get %s/%s: %s", __func__,
+ node_path, property, fdt_strerror(*lenp));
+ }
+ return r;
+}
+
+uint32_t qemu_fdt_getprop_cell(void *fdt, const char *node_path,
+ const char *property, int *lenp, Error **errp)
+{
+ int len;
+ const uint32_t *p;
+
+ if (!lenp) {
+ lenp = &len;
+ }
+ p = qemu_fdt_getprop(fdt, node_path, property, lenp, errp);
+ if (!p) {
+ return 0;
+ } else if (*lenp != 4) {
+ error_setg(errp, "%s: %s/%s not 4 bytes long (not a cell?)",
+ __func__, node_path, property);
+ *lenp = -EINVAL;
+ return 0;
+ }
+ return be32_to_cpu(*p);
+}
+
+uint32_t qemu_fdt_get_phandle(void *fdt, const char *path)
+{
+ uint32_t r;
+
+ r = fdt_get_phandle(fdt, findnode_nofail(fdt, path));
+ if (r == 0) {
+ error_report("%s: Couldn't get phandle for %s: %s", __func__,
+ path, fdt_strerror(r));
+ exit(1);
+ }
+
+ return r;
+}
+
+int qemu_fdt_setprop_phandle(void *fdt, const char *node_path,
+ const char *property,
+ const char *target_node_path)
+{
+ uint32_t phandle = qemu_fdt_get_phandle(fdt, target_node_path);
+ return qemu_fdt_setprop_cell(fdt, node_path, property, phandle);
+}
+
+uint32_t qemu_fdt_alloc_phandle(void *fdt)
+{
+ static int phandle = 0x0;
+
+ /*
+ * We need to find out if the user gave us special instruction at
+ * which phandle id to start allocating phandles.
+ */
+ if (!phandle) {
+ phandle = machine_phandle_start(current_machine);
+ }
+
+ if (!phandle) {
+ /*
+ * None or invalid phandle given on the command line, so fall back to
+ * default starting point.
+ */
+ phandle = 0x8000;
+ }
+
+ return phandle++;
+}
+
+int qemu_fdt_nop_node(void *fdt, const char *node_path)
+{
+ int r;
+
+ r = fdt_nop_node(fdt, findnode_nofail(fdt, node_path));
+ if (r < 0) {
+ error_report("%s: Couldn't nop node %s: %s", __func__, node_path,
+ fdt_strerror(r));
+ exit(1);
+ }
+
+ return r;
+}
+
+int qemu_fdt_add_subnode(void *fdt, const char *name)
+{
+ char *dupname = g_strdup(name);
+ char *basename = strrchr(dupname, '/');
+ int retval;
+ int parent = 0;
+
+ if (!basename) {
+ g_free(dupname);
+ return -1;
+ }
+
+ basename[0] = '\0';
+ basename++;
+
+ if (dupname[0]) {
+ parent = findnode_nofail(fdt, dupname);
+ }
+
+ retval = fdt_add_subnode(fdt, parent, basename);
+ if (retval < 0) {
+ error_report("FDT: Failed to create subnode %s: %s", name,
+ fdt_strerror(retval));
+ exit(1);
+ }
+
+ g_free(dupname);
+ return retval;
+}
+
+void qemu_fdt_dumpdtb(void *fdt, int size)
+{
+ const char *dumpdtb = qemu_opt_get(qemu_get_machine_opts(), "dumpdtb");
+
+ if (dumpdtb) {
+ /* Dump the dtb to a file and quit */
+ if (g_file_set_contents(dumpdtb, fdt, size, NULL)) {
+ info_report("dtb dumped to %s. Exiting.", dumpdtb);
+ exit(0);
+ }
+ error_report("%s: Failed dumping dtb to %s", __func__, dumpdtb);
+ exit(1);
+ }
+}
+
+int qemu_fdt_setprop_sized_cells_from_array(void *fdt,
+ const char *node_path,
+ const char *property,
+ int numvalues,
+ uint64_t *values)
+{
+ uint32_t *propcells;
+ uint64_t value;
+ int cellnum, vnum, ncells;
+ uint32_t hival;
+ int ret;
+
+ propcells = g_new0(uint32_t, numvalues * 2);
+
+ cellnum = 0;
+ for (vnum = 0; vnum < numvalues; vnum++) {
+ ncells = values[vnum * 2];
+ if (ncells != 1 && ncells != 2) {
+ ret = -1;
+ goto out;
+ }
+ value = values[vnum * 2 + 1];
+ hival = cpu_to_be32(value >> 32);
+ if (ncells > 1) {
+ propcells[cellnum++] = hival;
+ } else if (hival != 0) {
+ ret = -1;
+ goto out;
+ }
+ propcells[cellnum++] = cpu_to_be32(value);
+ }
+
+ ret = qemu_fdt_setprop(fdt, node_path, property, propcells,
+ cellnum * sizeof(uint32_t));
+out:
+ g_free(propcells);
+ return ret;
+}
--- /dev/null
+/*
+ * DMA helper functions
+ *
+ * Copyright (c) 2009 Red Hat
+ *
+ * This work is licensed under the terms of the GNU General Public License
+ * (GNU GPL), version 2 or later.
+ */
+
+#include "qemu/osdep.h"
+#include "sysemu/block-backend.h"
+#include "sysemu/dma.h"
+#include "trace/trace-root.h"
+#include "qemu/thread.h"
+#include "qemu/main-loop.h"
+#include "sysemu/cpu-timers.h"
+#include "qemu/range.h"
+
+/* #define DEBUG_IOMMU */
+
+int dma_memory_set(AddressSpace *as, dma_addr_t addr, uint8_t c, dma_addr_t len)
+{
+ dma_barrier(as, DMA_DIRECTION_FROM_DEVICE);
+
+#define FILLBUF_SIZE 512
+ uint8_t fillbuf[FILLBUF_SIZE];
+ int l;
+ bool error = false;
+
+ memset(fillbuf, c, FILLBUF_SIZE);
+ while (len > 0) {
+ l = len < FILLBUF_SIZE ? len : FILLBUF_SIZE;
+ error |= address_space_write(as, addr, MEMTXATTRS_UNSPECIFIED,
+ fillbuf, l);
+ len -= l;
+ addr += l;
+ }
+
+ return error;
+}
+
+void qemu_sglist_init(QEMUSGList *qsg, DeviceState *dev, int alloc_hint,
+ AddressSpace *as)
+{
+ qsg->sg = g_malloc(alloc_hint * sizeof(ScatterGatherEntry));
+ qsg->nsg = 0;
+ qsg->nalloc = alloc_hint;
+ qsg->size = 0;
+ qsg->as = as;
+ qsg->dev = dev;
+ object_ref(OBJECT(dev));
+}
+
+void qemu_sglist_add(QEMUSGList *qsg, dma_addr_t base, dma_addr_t len)
+{
+ if (qsg->nsg == qsg->nalloc) {
+ qsg->nalloc = 2 * qsg->nalloc + 1;
+ qsg->sg = g_realloc(qsg->sg, qsg->nalloc * sizeof(ScatterGatherEntry));
+ }
+ qsg->sg[qsg->nsg].base = base;
+ qsg->sg[qsg->nsg].len = len;
+ qsg->size += len;
+ ++qsg->nsg;
+}
+
+void qemu_sglist_destroy(QEMUSGList *qsg)
+{
+ object_unref(OBJECT(qsg->dev));
+ g_free(qsg->sg);
+ memset(qsg, 0, sizeof(*qsg));
+}
+
+typedef struct {
+ BlockAIOCB common;
+ AioContext *ctx;
+ BlockAIOCB *acb;
+ QEMUSGList *sg;
+ uint32_t align;
+ uint64_t offset;
+ DMADirection dir;
+ int sg_cur_index;
+ dma_addr_t sg_cur_byte;
+ QEMUIOVector iov;
+ QEMUBH *bh;
+ DMAIOFunc *io_func;
+ void *io_func_opaque;
+} DMAAIOCB;
+
+static void dma_blk_cb(void *opaque, int ret);
+
+static void reschedule_dma(void *opaque)
+{
+ DMAAIOCB *dbs = (DMAAIOCB *)opaque;
+
+ assert(!dbs->acb && dbs->bh);
+ qemu_bh_delete(dbs->bh);
+ dbs->bh = NULL;
+ dma_blk_cb(dbs, 0);
+}
+
+static void dma_blk_unmap(DMAAIOCB *dbs)
+{
+ int i;
+
+ for (i = 0; i < dbs->iov.niov; ++i) {
+ dma_memory_unmap(dbs->sg->as, dbs->iov.iov[i].iov_base,
+ dbs->iov.iov[i].iov_len, dbs->dir,
+ dbs->iov.iov[i].iov_len);
+ }
+ qemu_iovec_reset(&dbs->iov);
+}
+
+static void dma_complete(DMAAIOCB *dbs, int ret)
+{
+ trace_dma_complete(dbs, ret, dbs->common.cb);
+
+ assert(!dbs->acb && !dbs->bh);
+ dma_blk_unmap(dbs);
+ if (dbs->common.cb) {
+ dbs->common.cb(dbs->common.opaque, ret);
+ }
+ qemu_iovec_destroy(&dbs->iov);
+ qemu_aio_unref(dbs);
+}
+
+static void dma_blk_cb(void *opaque, int ret)
+{
+ DMAAIOCB *dbs = (DMAAIOCB *)opaque;
+ dma_addr_t cur_addr, cur_len;
+ void *mem;
+
+ trace_dma_blk_cb(dbs, ret);
+
+ dbs->acb = NULL;
+ dbs->offset += dbs->iov.size;
+
+ if (dbs->sg_cur_index == dbs->sg->nsg || ret < 0) {
+ dma_complete(dbs, ret);
+ return;
+ }
+ dma_blk_unmap(dbs);
+
+ while (dbs->sg_cur_index < dbs->sg->nsg) {
+ cur_addr = dbs->sg->sg[dbs->sg_cur_index].base + dbs->sg_cur_byte;
+ cur_len = dbs->sg->sg[dbs->sg_cur_index].len - dbs->sg_cur_byte;
+ mem = dma_memory_map(dbs->sg->as, cur_addr, &cur_len, dbs->dir);
+ /*
+ * Make reads deterministic in icount mode. Windows sometimes issues
+ * disk read requests with overlapping SGs. It leads
+ * to non-determinism, because resulting buffer contents may be mixed
+ * from several sectors. This code splits all SGs into several
+ * groups. SGs in every group do not overlap.
+ */
+ if (mem && icount_enabled() && dbs->dir == DMA_DIRECTION_FROM_DEVICE) {
+ int i;
+ for (i = 0 ; i < dbs->iov.niov ; ++i) {
+ if (ranges_overlap((intptr_t)dbs->iov.iov[i].iov_base,
+ dbs->iov.iov[i].iov_len, (intptr_t)mem,
+ cur_len)) {
+ dma_memory_unmap(dbs->sg->as, mem, cur_len,
+ dbs->dir, cur_len);
+ mem = NULL;
+ break;
+ }
+ }
+ }
+ if (!mem)
+ break;
+ qemu_iovec_add(&dbs->iov, mem, cur_len);
+ dbs->sg_cur_byte += cur_len;
+ if (dbs->sg_cur_byte == dbs->sg->sg[dbs->sg_cur_index].len) {
+ dbs->sg_cur_byte = 0;
+ ++dbs->sg_cur_index;
+ }
+ }
+
+ if (dbs->iov.size == 0) {
+ trace_dma_map_wait(dbs);
+ dbs->bh = aio_bh_new(dbs->ctx, reschedule_dma, dbs);
+ cpu_register_map_client(dbs->bh);
+ return;
+ }
+
+ if (!QEMU_IS_ALIGNED(dbs->iov.size, dbs->align)) {
+ qemu_iovec_discard_back(&dbs->iov,
+ QEMU_ALIGN_DOWN(dbs->iov.size, dbs->align));
+ }
+
+ aio_context_acquire(dbs->ctx);
+ dbs->acb = dbs->io_func(dbs->offset, &dbs->iov,
+ dma_blk_cb, dbs, dbs->io_func_opaque);
+ aio_context_release(dbs->ctx);
+ assert(dbs->acb);
+}
+
+static void dma_aio_cancel(BlockAIOCB *acb)
+{
+ DMAAIOCB *dbs = container_of(acb, DMAAIOCB, common);
+
+ trace_dma_aio_cancel(dbs);
+
+ assert(!(dbs->acb && dbs->bh));
+ if (dbs->acb) {
+ /* This will invoke dma_blk_cb. */
+ blk_aio_cancel_async(dbs->acb);
+ return;
+ }
+
+ if (dbs->bh) {
+ cpu_unregister_map_client(dbs->bh);
+ qemu_bh_delete(dbs->bh);
+ dbs->bh = NULL;
+ }
+ if (dbs->common.cb) {
+ dbs->common.cb(dbs->common.opaque, -ECANCELED);
+ }
+}
+
+static AioContext *dma_get_aio_context(BlockAIOCB *acb)
+{
+ DMAAIOCB *dbs = container_of(acb, DMAAIOCB, common);
+
+ return dbs->ctx;
+}
+
+static const AIOCBInfo dma_aiocb_info = {
+ .aiocb_size = sizeof(DMAAIOCB),
+ .cancel_async = dma_aio_cancel,
+ .get_aio_context = dma_get_aio_context,
+};
+
+BlockAIOCB *dma_blk_io(AioContext *ctx,
+ QEMUSGList *sg, uint64_t offset, uint32_t align,
+ DMAIOFunc *io_func, void *io_func_opaque,
+ BlockCompletionFunc *cb,
+ void *opaque, DMADirection dir)
+{
+ DMAAIOCB *dbs = qemu_aio_get(&dma_aiocb_info, NULL, cb, opaque);
+
+ trace_dma_blk_io(dbs, io_func_opaque, offset, (dir == DMA_DIRECTION_TO_DEVICE));
+
+ dbs->acb = NULL;
+ dbs->sg = sg;
+ dbs->ctx = ctx;
+ dbs->offset = offset;
+ dbs->align = align;
+ dbs->sg_cur_index = 0;
+ dbs->sg_cur_byte = 0;
+ dbs->dir = dir;
+ dbs->io_func = io_func;
+ dbs->io_func_opaque = io_func_opaque;
+ dbs->bh = NULL;
+ qemu_iovec_init(&dbs->iov, sg->nsg);
+ dma_blk_cb(dbs, 0);
+ return &dbs->common;
+}
+
+
+static
+BlockAIOCB *dma_blk_read_io_func(int64_t offset, QEMUIOVector *iov,
+ BlockCompletionFunc *cb, void *cb_opaque,
+ void *opaque)
+{
+ BlockBackend *blk = opaque;
+ return blk_aio_preadv(blk, offset, iov, 0, cb, cb_opaque);
+}
+
+BlockAIOCB *dma_blk_read(BlockBackend *blk,
+ QEMUSGList *sg, uint64_t offset, uint32_t align,
+ void (*cb)(void *opaque, int ret), void *opaque)
+{
+ return dma_blk_io(blk_get_aio_context(blk), sg, offset, align,
+ dma_blk_read_io_func, blk, cb, opaque,
+ DMA_DIRECTION_FROM_DEVICE);
+}
+
+static
+BlockAIOCB *dma_blk_write_io_func(int64_t offset, QEMUIOVector *iov,
+ BlockCompletionFunc *cb, void *cb_opaque,
+ void *opaque)
+{
+ BlockBackend *blk = opaque;
+ return blk_aio_pwritev(blk, offset, iov, 0, cb, cb_opaque);
+}
+
+BlockAIOCB *dma_blk_write(BlockBackend *blk,
+ QEMUSGList *sg, uint64_t offset, uint32_t align,
+ void (*cb)(void *opaque, int ret), void *opaque)
+{
+ return dma_blk_io(blk_get_aio_context(blk), sg, offset, align,
+ dma_blk_write_io_func, blk, cb, opaque,
+ DMA_DIRECTION_TO_DEVICE);
+}
+
+
+static uint64_t dma_buf_rw(uint8_t *ptr, int32_t len, QEMUSGList *sg,
+ DMADirection dir)
+{
+ uint64_t resid;
+ int sg_cur_index;
+
+ resid = sg->size;
+ sg_cur_index = 0;
+ len = MIN(len, resid);
+ while (len > 0) {
+ ScatterGatherEntry entry = sg->sg[sg_cur_index++];
+ int32_t xfer = MIN(len, entry.len);
+ dma_memory_rw(sg->as, entry.base, ptr, xfer, dir);
+ ptr += xfer;
+ len -= xfer;
+ resid -= xfer;
+ }
+
+ return resid;
+}
+
+uint64_t dma_buf_read(uint8_t *ptr, int32_t len, QEMUSGList *sg)
+{
+ return dma_buf_rw(ptr, len, sg, DMA_DIRECTION_FROM_DEVICE);
+}
+
+uint64_t dma_buf_write(uint8_t *ptr, int32_t len, QEMUSGList *sg)
+{
+ return dma_buf_rw(ptr, len, sg, DMA_DIRECTION_TO_DEVICE);
+}
+
+void dma_acct_start(BlockBackend *blk, BlockAcctCookie *cookie,
+ QEMUSGList *sg, enum BlockAcctType type)
+{
+ block_acct_start(blk_get_stats(blk), cookie, sg->size, type);
+}
'balloon.c',
'cpus.c',
'cpu-throttle.c',
+ 'physmem.c',
'ioport.c',
'memory.c',
'memory_mapping.c',
specific_ss.add(when: ['CONFIG_SOFTMMU', 'CONFIG_TCG'], if_true: [files(
'icount.c'
)])
+
+softmmu_ss.add(files(
+ 'bootdevice.c',
+ 'dma-helpers.c',
+ 'qdev-monitor.c',
+), sdl, libpmem, libdaxctl)
+
+softmmu_ss.add(when: 'CONFIG_TPM', if_true: files('tpm.c'))
+softmmu_ss.add(when: 'CONFIG_SECCOMP', if_true: [files('qemu-seccomp.c'), seccomp])
+softmmu_ss.add(when: fdt, if_true: files('device_tree.c'))
--- /dev/null
+/*
+ * RAM allocation and memory access
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qapi/error.h"
+
+#include "qemu/cutils.h"
+#include "cpu.h"
+#include "exec/exec-all.h"
+#include "exec/target_page.h"
+#include "tcg/tcg.h"
+#include "hw/qdev-core.h"
+#include "hw/qdev-properties.h"
+#include "hw/boards.h"
+#include "hw/xen/xen.h"
+#include "sysemu/kvm.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/tcg.h"
+#include "sysemu/qtest.h"
+#include "qemu/timer.h"
+#include "qemu/config-file.h"
+#include "qemu/error-report.h"
+#include "qemu/qemu-print.h"
+#include "exec/memory.h"
+#include "exec/ioport.h"
+#include "sysemu/dma.h"
+#include "sysemu/hostmem.h"
+#include "sysemu/hw_accel.h"
+#include "exec/address-spaces.h"
+#include "sysemu/xen-mapcache.h"
+#include "trace/trace-root.h"
+
+#ifdef CONFIG_FALLOCATE_PUNCH_HOLE
+#include <linux/falloc.h>
+#endif
+
+#include "qemu/rcu_queue.h"
+#include "qemu/main-loop.h"
+#include "translate-all.h"
+#include "sysemu/replay.h"
+
+#include "exec/memory-internal.h"
+#include "exec/ram_addr.h"
+#include "exec/log.h"
+
+#include "qemu/pmem.h"
+
+#include "migration/vmstate.h"
+
+#include "qemu/range.h"
+#ifndef _WIN32
+#include "qemu/mmap-alloc.h"
+#endif
+
+#include "monitor/monitor.h"
+
+#ifdef CONFIG_LIBDAXCTL
+#include <daxctl/libdaxctl.h>
+#endif
+
+//#define DEBUG_SUBPAGE
+
+/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
+ * are protected by the ramlist lock.
+ */
+RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
+
+static MemoryRegion *system_memory;
+static MemoryRegion *system_io;
+
+AddressSpace address_space_io;
+AddressSpace address_space_memory;
+
+static MemoryRegion io_mem_unassigned;
+
+typedef struct PhysPageEntry PhysPageEntry;
+
+struct PhysPageEntry {
+ /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
+ uint32_t skip : 6;
+ /* index into phys_sections (!skip) or phys_map_nodes (skip) */
+ uint32_t ptr : 26;
+};
+
+#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
+
+/* Size of the L2 (and L3, etc) page tables. */
+#define ADDR_SPACE_BITS 64
+
+#define P_L2_BITS 9
+#define P_L2_SIZE (1 << P_L2_BITS)
+
+#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
+
+typedef PhysPageEntry Node[P_L2_SIZE];
+
+typedef struct PhysPageMap {
+ struct rcu_head rcu;
+
+ unsigned sections_nb;
+ unsigned sections_nb_alloc;
+ unsigned nodes_nb;
+ unsigned nodes_nb_alloc;
+ Node *nodes;
+ MemoryRegionSection *sections;
+} PhysPageMap;
+
+struct AddressSpaceDispatch {
+ MemoryRegionSection *mru_section;
+ /* This is a multi-level map on the physical address space.
+ * The bottom level has pointers to MemoryRegionSections.
+ */
+ PhysPageEntry phys_map;
+ PhysPageMap map;
+};
+
+#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
+typedef struct subpage_t {
+ MemoryRegion iomem;
+ FlatView *fv;
+ hwaddr base;
+ uint16_t sub_section[];
+} subpage_t;
+
+#define PHYS_SECTION_UNASSIGNED 0
+
+static void io_mem_init(void);
+static void memory_map_init(void);
+static void tcg_log_global_after_sync(MemoryListener *listener);
+static void tcg_commit(MemoryListener *listener);
+
+/**
+ * CPUAddressSpace: all the information a CPU needs about an AddressSpace
+ * @cpu: the CPU whose AddressSpace this is
+ * @as: the AddressSpace itself
+ * @memory_dispatch: its dispatch pointer (cached, RCU protected)
+ * @tcg_as_listener: listener for tracking changes to the AddressSpace
+ */
+struct CPUAddressSpace {
+ CPUState *cpu;
+ AddressSpace *as;
+ struct AddressSpaceDispatch *memory_dispatch;
+ MemoryListener tcg_as_listener;
+};
+
+struct DirtyBitmapSnapshot {
+ ram_addr_t start;
+ ram_addr_t end;
+ unsigned long dirty[];
+};
+
+static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
+{
+ static unsigned alloc_hint = 16;
+ if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
+ map->nodes_nb_alloc = MAX(alloc_hint, map->nodes_nb + nodes);
+ map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
+ alloc_hint = map->nodes_nb_alloc;
+ }
+}
+
+static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
+{
+ unsigned i;
+ uint32_t ret;
+ PhysPageEntry e;
+ PhysPageEntry *p;
+
+ ret = map->nodes_nb++;
+ p = map->nodes[ret];
+ assert(ret != PHYS_MAP_NODE_NIL);
+ assert(ret != map->nodes_nb_alloc);
+
+ e.skip = leaf ? 0 : 1;
+ e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
+ for (i = 0; i < P_L2_SIZE; ++i) {
+ memcpy(&p[i], &e, sizeof(e));
+ }
+ return ret;
+}
+
+static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
+ hwaddr *index, uint64_t *nb, uint16_t leaf,
+ int level)
+{
+ PhysPageEntry *p;
+ hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
+
+ if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
+ lp->ptr = phys_map_node_alloc(map, level == 0);
+ }
+ p = map->nodes[lp->ptr];
+ lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
+
+ while (*nb && lp < &p[P_L2_SIZE]) {
+ if ((*index & (step - 1)) == 0 && *nb >= step) {
+ lp->skip = 0;
+ lp->ptr = leaf;
+ *index += step;
+ *nb -= step;
+ } else {
+ phys_page_set_level(map, lp, index, nb, leaf, level - 1);
+ }
+ ++lp;
+ }
+}
+
+static void phys_page_set(AddressSpaceDispatch *d,
+ hwaddr index, uint64_t nb,
+ uint16_t leaf)
+{
+ /* Wildly overreserve - it doesn't matter much. */
+ phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
+
+ phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
+}
+
+/* Compact a non leaf page entry. Simply detect that the entry has a single child,
+ * and update our entry so we can skip it and go directly to the destination.
+ */
+static void phys_page_compact(PhysPageEntry *lp, Node *nodes)
+{
+ unsigned valid_ptr = P_L2_SIZE;
+ int valid = 0;
+ PhysPageEntry *p;
+ int i;
+
+ if (lp->ptr == PHYS_MAP_NODE_NIL) {
+ return;
+ }
+
+ p = nodes[lp->ptr];
+ for (i = 0; i < P_L2_SIZE; i++) {
+ if (p[i].ptr == PHYS_MAP_NODE_NIL) {
+ continue;
+ }
+
+ valid_ptr = i;
+ valid++;
+ if (p[i].skip) {
+ phys_page_compact(&p[i], nodes);
+ }
+ }
+
+ /* We can only compress if there's only one child. */
+ if (valid != 1) {
+ return;
+ }
+
+ assert(valid_ptr < P_L2_SIZE);
+
+ /* Don't compress if it won't fit in the # of bits we have. */
+ if (P_L2_LEVELS >= (1 << 6) &&
+ lp->skip + p[valid_ptr].skip >= (1 << 6)) {
+ return;
+ }
+
+ lp->ptr = p[valid_ptr].ptr;
+ if (!p[valid_ptr].skip) {
+ /* If our only child is a leaf, make this a leaf. */
+ /* By design, we should have made this node a leaf to begin with so we
+ * should never reach here.
+ * But since it's so simple to handle this, let's do it just in case we
+ * change this rule.
+ */
+ lp->skip = 0;
+ } else {
+ lp->skip += p[valid_ptr].skip;
+ }
+}
+
+void address_space_dispatch_compact(AddressSpaceDispatch *d)
+{
+ if (d->phys_map.skip) {
+ phys_page_compact(&d->phys_map, d->map.nodes);
+ }
+}
+
+static inline bool section_covers_addr(const MemoryRegionSection *section,
+ hwaddr addr)
+{
+ /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
+ * the section must cover the entire address space.
+ */
+ return int128_gethi(section->size) ||
+ range_covers_byte(section->offset_within_address_space,
+ int128_getlo(section->size), addr);
+}
+
+static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr addr)
+{
+ PhysPageEntry lp = d->phys_map, *p;
+ Node *nodes = d->map.nodes;
+ MemoryRegionSection *sections = d->map.sections;
+ hwaddr index = addr >> TARGET_PAGE_BITS;
+ int i;
+
+ for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
+ if (lp.ptr == PHYS_MAP_NODE_NIL) {
+ return §ions[PHYS_SECTION_UNASSIGNED];
+ }
+ p = nodes[lp.ptr];
+ lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
+ }
+
+ if (section_covers_addr(§ions[lp.ptr], addr)) {
+ return §ions[lp.ptr];
+ } else {
+ return §ions[PHYS_SECTION_UNASSIGNED];
+ }
+}
+
+/* Called from RCU critical section */
+static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
+ hwaddr addr,
+ bool resolve_subpage)
+{
+ MemoryRegionSection *section = qatomic_read(&d->mru_section);
+ subpage_t *subpage;
+
+ if (!section || section == &d->map.sections[PHYS_SECTION_UNASSIGNED] ||
+ !section_covers_addr(section, addr)) {
+ section = phys_page_find(d, addr);
+ qatomic_set(&d->mru_section, section);
+ }
+ if (resolve_subpage && section->mr->subpage) {
+ subpage = container_of(section->mr, subpage_t, iomem);
+ section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
+ }
+ return section;
+}
+
+/* Called from RCU critical section */
+static MemoryRegionSection *
+address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
+ hwaddr *plen, bool resolve_subpage)
+{
+ MemoryRegionSection *section;
+ MemoryRegion *mr;
+ Int128 diff;
+
+ section = address_space_lookup_region(d, addr, resolve_subpage);
+ /* Compute offset within MemoryRegionSection */
+ addr -= section->offset_within_address_space;
+
+ /* Compute offset within MemoryRegion */
+ *xlat = addr + section->offset_within_region;
+
+ mr = section->mr;
+
+ /* MMIO registers can be expected to perform full-width accesses based only
+ * on their address, without considering adjacent registers that could
+ * decode to completely different MemoryRegions. When such registers
+ * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
+ * regions overlap wildly. For this reason we cannot clamp the accesses
+ * here.
+ *
+ * If the length is small (as is the case for address_space_ldl/stl),
+ * everything works fine. If the incoming length is large, however,
+ * the caller really has to do the clamping through memory_access_size.
+ */
+ if (memory_region_is_ram(mr)) {
+ diff = int128_sub(section->size, int128_make64(addr));
+ *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
+ }
+ return section;
+}
+
+/**
+ * address_space_translate_iommu - translate an address through an IOMMU
+ * memory region and then through the target address space.
+ *
+ * @iommu_mr: the IOMMU memory region that we start the translation from
+ * @addr: the address to be translated through the MMU
+ * @xlat: the translated address offset within the destination memory region.
+ * It cannot be %NULL.
+ * @plen_out: valid read/write length of the translated address. It
+ * cannot be %NULL.
+ * @page_mask_out: page mask for the translated address. This
+ * should only be meaningful for IOMMU translated
+ * addresses, since there may be huge pages that this bit
+ * would tell. It can be %NULL if we don't care about it.
+ * @is_write: whether the translation operation is for write
+ * @is_mmio: whether this can be MMIO, set true if it can
+ * @target_as: the address space targeted by the IOMMU
+ * @attrs: transaction attributes
+ *
+ * This function is called from RCU critical section. It is the common
+ * part of flatview_do_translate and address_space_translate_cached.
+ */
+static MemoryRegionSection address_space_translate_iommu(IOMMUMemoryRegion *iommu_mr,
+ hwaddr *xlat,
+ hwaddr *plen_out,
+ hwaddr *page_mask_out,
+ bool is_write,
+ bool is_mmio,
+ AddressSpace **target_as,
+ MemTxAttrs attrs)
+{
+ MemoryRegionSection *section;
+ hwaddr page_mask = (hwaddr)-1;
+
+ do {
+ hwaddr addr = *xlat;
+ IOMMUMemoryRegionClass *imrc = memory_region_get_iommu_class_nocheck(iommu_mr);
+ int iommu_idx = 0;
+ IOMMUTLBEntry iotlb;
+
+ if (imrc->attrs_to_index) {
+ iommu_idx = imrc->attrs_to_index(iommu_mr, attrs);
+ }
+
+ iotlb = imrc->translate(iommu_mr, addr, is_write ?
+ IOMMU_WO : IOMMU_RO, iommu_idx);
+
+ if (!(iotlb.perm & (1 << is_write))) {
+ goto unassigned;
+ }
+
+ addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
+ | (addr & iotlb.addr_mask));
+ page_mask &= iotlb.addr_mask;
+ *plen_out = MIN(*plen_out, (addr | iotlb.addr_mask) - addr + 1);
+ *target_as = iotlb.target_as;
+
+ section = address_space_translate_internal(
+ address_space_to_dispatch(iotlb.target_as), addr, xlat,
+ plen_out, is_mmio);
+
+ iommu_mr = memory_region_get_iommu(section->mr);
+ } while (unlikely(iommu_mr));
+
+ if (page_mask_out) {
+ *page_mask_out = page_mask;
+ }
+ return *section;
+
+unassigned:
+ return (MemoryRegionSection) { .mr = &io_mem_unassigned };
+}
+
+/**
+ * flatview_do_translate - translate an address in FlatView
+ *
+ * @fv: the flat view that we want to translate on
+ * @addr: the address to be translated in above address space
+ * @xlat: the translated address offset within memory region. It
+ * cannot be @NULL.
+ * @plen_out: valid read/write length of the translated address. It
+ * can be @NULL when we don't care about it.
+ * @page_mask_out: page mask for the translated address. This
+ * should only be meaningful for IOMMU translated
+ * addresses, since there may be huge pages that this bit
+ * would tell. It can be @NULL if we don't care about it.
+ * @is_write: whether the translation operation is for write
+ * @is_mmio: whether this can be MMIO, set true if it can
+ * @target_as: the address space targeted by the IOMMU
+ * @attrs: memory transaction attributes
+ *
+ * This function is called from RCU critical section
+ */
+static MemoryRegionSection flatview_do_translate(FlatView *fv,
+ hwaddr addr,
+ hwaddr *xlat,
+ hwaddr *plen_out,
+ hwaddr *page_mask_out,
+ bool is_write,
+ bool is_mmio,
+ AddressSpace **target_as,
+ MemTxAttrs attrs)
+{
+ MemoryRegionSection *section;
+ IOMMUMemoryRegion *iommu_mr;
+ hwaddr plen = (hwaddr)(-1);
+
+ if (!plen_out) {
+ plen_out = &plen;
+ }
+
+ section = address_space_translate_internal(
+ flatview_to_dispatch(fv), addr, xlat,
+ plen_out, is_mmio);
+
+ iommu_mr = memory_region_get_iommu(section->mr);
+ if (unlikely(iommu_mr)) {
+ return address_space_translate_iommu(iommu_mr, xlat,
+ plen_out, page_mask_out,
+ is_write, is_mmio,
+ target_as, attrs);
+ }
+ if (page_mask_out) {
+ /* Not behind an IOMMU, use default page size. */
+ *page_mask_out = ~TARGET_PAGE_MASK;
+ }
+
+ return *section;
+}
+
+/* Called from RCU critical section */
+IOMMUTLBEntry address_space_get_iotlb_entry(AddressSpace *as, hwaddr addr,
+ bool is_write, MemTxAttrs attrs)
+{
+ MemoryRegionSection section;
+ hwaddr xlat, page_mask;
+
+ /*
+ * This can never be MMIO, and we don't really care about plen,
+ * but page mask.
+ */
+ section = flatview_do_translate(address_space_to_flatview(as), addr, &xlat,
+ NULL, &page_mask, is_write, false, &as,
+ attrs);
+
+ /* Illegal translation */
+ if (section.mr == &io_mem_unassigned) {
+ goto iotlb_fail;
+ }
+
+ /* Convert memory region offset into address space offset */
+ xlat += section.offset_within_address_space -
+ section.offset_within_region;
+
+ return (IOMMUTLBEntry) {
+ .target_as = as,
+ .iova = addr & ~page_mask,
+ .translated_addr = xlat & ~page_mask,
+ .addr_mask = page_mask,
+ /* IOTLBs are for DMAs, and DMA only allows on RAMs. */
+ .perm = IOMMU_RW,
+ };
+
+iotlb_fail:
+ return (IOMMUTLBEntry) {0};
+}
+
+/* Called from RCU critical section */
+MemoryRegion *flatview_translate(FlatView *fv, hwaddr addr, hwaddr *xlat,
+ hwaddr *plen, bool is_write,
+ MemTxAttrs attrs)
+{
+ MemoryRegion *mr;
+ MemoryRegionSection section;
+ AddressSpace *as = NULL;
+
+ /* This can be MMIO, so setup MMIO bit. */
+ section = flatview_do_translate(fv, addr, xlat, plen, NULL,
+ is_write, true, &as, attrs);
+ mr = section.mr;
+
+ if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
+ hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
+ *plen = MIN(page, *plen);
+ }
+
+ return mr;
+}
+
+typedef struct TCGIOMMUNotifier {
+ IOMMUNotifier n;
+ MemoryRegion *mr;
+ CPUState *cpu;
+ int iommu_idx;
+ bool active;
+} TCGIOMMUNotifier;
+
+static void tcg_iommu_unmap_notify(IOMMUNotifier *n, IOMMUTLBEntry *iotlb)
+{
+ TCGIOMMUNotifier *notifier = container_of(n, TCGIOMMUNotifier, n);
+
+ if (!notifier->active) {
+ return;
+ }
+ tlb_flush(notifier->cpu);
+ notifier->active = false;
+ /* We leave the notifier struct on the list to avoid reallocating it later.
+ * Generally the number of IOMMUs a CPU deals with will be small.
+ * In any case we can't unregister the iommu notifier from a notify
+ * callback.
+ */
+}
+
+static void tcg_register_iommu_notifier(CPUState *cpu,
+ IOMMUMemoryRegion *iommu_mr,
+ int iommu_idx)
+{
+ /* Make sure this CPU has an IOMMU notifier registered for this
+ * IOMMU/IOMMU index combination, so that we can flush its TLB
+ * when the IOMMU tells us the mappings we've cached have changed.
+ */
+ MemoryRegion *mr = MEMORY_REGION(iommu_mr);
+ TCGIOMMUNotifier *notifier;
+ int i;
+
+ for (i = 0; i < cpu->iommu_notifiers->len; i++) {
+ notifier = g_array_index(cpu->iommu_notifiers, TCGIOMMUNotifier *, i);
+ if (notifier->mr == mr && notifier->iommu_idx == iommu_idx) {
+ break;
+ }
+ }
+ if (i == cpu->iommu_notifiers->len) {
+ /* Not found, add a new entry at the end of the array */
+ cpu->iommu_notifiers = g_array_set_size(cpu->iommu_notifiers, i + 1);
+ notifier = g_new0(TCGIOMMUNotifier, 1);
+ g_array_index(cpu->iommu_notifiers, TCGIOMMUNotifier *, i) = notifier;
+
+ notifier->mr = mr;
+ notifier->iommu_idx = iommu_idx;
+ notifier->cpu = cpu;
+ /* Rather than trying to register interest in the specific part
+ * of the iommu's address space that we've accessed and then
+ * expand it later as subsequent accesses touch more of it, we
+ * just register interest in the whole thing, on the assumption
+ * that iommu reconfiguration will be rare.
+ */
+ iommu_notifier_init(¬ifier->n,
+ tcg_iommu_unmap_notify,
+ IOMMU_NOTIFIER_UNMAP,
+ 0,
+ HWADDR_MAX,
+ iommu_idx);
+ memory_region_register_iommu_notifier(notifier->mr, ¬ifier->n,
+ &error_fatal);
+ }
+
+ if (!notifier->active) {
+ notifier->active = true;
+ }
+}
+
+void tcg_iommu_free_notifier_list(CPUState *cpu)
+{
+ /* Destroy the CPU's notifier list */
+ int i;
+ TCGIOMMUNotifier *notifier;
+
+ for (i = 0; i < cpu->iommu_notifiers->len; i++) {
+ notifier = g_array_index(cpu->iommu_notifiers, TCGIOMMUNotifier *, i);
+ memory_region_unregister_iommu_notifier(notifier->mr, ¬ifier->n);
+ g_free(notifier);
+ }
+ g_array_free(cpu->iommu_notifiers, true);
+}
+
+void tcg_iommu_init_notifier_list(CPUState *cpu)
+{
+ cpu->iommu_notifiers = g_array_new(false, true, sizeof(TCGIOMMUNotifier *));
+}
+
+/* Called from RCU critical section */
+MemoryRegionSection *
+address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
+ hwaddr *xlat, hwaddr *plen,
+ MemTxAttrs attrs, int *prot)
+{
+ MemoryRegionSection *section;
+ IOMMUMemoryRegion *iommu_mr;
+ IOMMUMemoryRegionClass *imrc;
+ IOMMUTLBEntry iotlb;
+ int iommu_idx;
+ AddressSpaceDispatch *d =
+ qatomic_rcu_read(&cpu->cpu_ases[asidx].memory_dispatch);
+
+ for (;;) {
+ section = address_space_translate_internal(d, addr, &addr, plen, false);
+
+ iommu_mr = memory_region_get_iommu(section->mr);
+ if (!iommu_mr) {
+ break;
+ }
+
+ imrc = memory_region_get_iommu_class_nocheck(iommu_mr);
+
+ iommu_idx = imrc->attrs_to_index(iommu_mr, attrs);
+ tcg_register_iommu_notifier(cpu, iommu_mr, iommu_idx);
+ /* We need all the permissions, so pass IOMMU_NONE so the IOMMU
+ * doesn't short-cut its translation table walk.
+ */
+ iotlb = imrc->translate(iommu_mr, addr, IOMMU_NONE, iommu_idx);
+ addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
+ | (addr & iotlb.addr_mask));
+ /* Update the caller's prot bits to remove permissions the IOMMU
+ * is giving us a failure response for. If we get down to no
+ * permissions left at all we can give up now.
+ */
+ if (!(iotlb.perm & IOMMU_RO)) {
+ *prot &= ~(PAGE_READ | PAGE_EXEC);
+ }
+ if (!(iotlb.perm & IOMMU_WO)) {
+ *prot &= ~PAGE_WRITE;
+ }
+
+ if (!*prot) {
+ goto translate_fail;
+ }
+
+ d = flatview_to_dispatch(address_space_to_flatview(iotlb.target_as));
+ }
+
+ assert(!memory_region_is_iommu(section->mr));
+ *xlat = addr;
+ return section;
+
+translate_fail:
+ return &d->map.sections[PHYS_SECTION_UNASSIGNED];
+}
+
+void cpu_address_space_init(CPUState *cpu, int asidx,
+ const char *prefix, MemoryRegion *mr)
+{
+ CPUAddressSpace *newas;
+ AddressSpace *as = g_new0(AddressSpace, 1);
+ char *as_name;
+
+ assert(mr);
+ as_name = g_strdup_printf("%s-%d", prefix, cpu->cpu_index);
+ address_space_init(as, mr, as_name);
+ g_free(as_name);
+
+ /* Target code should have set num_ases before calling us */
+ assert(asidx < cpu->num_ases);
+
+ if (asidx == 0) {
+ /* address space 0 gets the convenience alias */
+ cpu->as = as;
+ }
+
+ /* KVM cannot currently support multiple address spaces. */
+ assert(asidx == 0 || !kvm_enabled());
+
+ if (!cpu->cpu_ases) {
+ cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
+ }
+
+ newas = &cpu->cpu_ases[asidx];
+ newas->cpu = cpu;
+ newas->as = as;
+ if (tcg_enabled()) {
+ newas->tcg_as_listener.log_global_after_sync = tcg_log_global_after_sync;
+ newas->tcg_as_listener.commit = tcg_commit;
+ memory_listener_register(&newas->tcg_as_listener, as);
+ }
+}
+
+AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
+{
+ /* Return the AddressSpace corresponding to the specified index */
+ return cpu->cpu_ases[asidx].as;
+}
+
+/* Add a watchpoint. */
+int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
+ int flags, CPUWatchpoint **watchpoint)
+{
+ CPUWatchpoint *wp;
+ vaddr in_page;
+
+ /* forbid ranges which are empty or run off the end of the address space */
+ if (len == 0 || (addr + len - 1) < addr) {
+ error_report("tried to set invalid watchpoint at %"
+ VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
+ return -EINVAL;
+ }
+ wp = g_malloc(sizeof(*wp));
+
+ wp->vaddr = addr;
+ wp->len = len;
+ wp->flags = flags;
+
+ /* keep all GDB-injected watchpoints in front */
+ if (flags & BP_GDB) {
+ QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
+ } else {
+ QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
+ }
+
+ in_page = -(addr | TARGET_PAGE_MASK);
+ if (len <= in_page) {
+ tlb_flush_page(cpu, addr);
+ } else {
+ tlb_flush(cpu);
+ }
+
+ if (watchpoint)
+ *watchpoint = wp;
+ return 0;
+}
+
+/* Remove a specific watchpoint. */
+int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
+ int flags)
+{
+ CPUWatchpoint *wp;
+
+ QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
+ if (addr == wp->vaddr && len == wp->len
+ && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
+ cpu_watchpoint_remove_by_ref(cpu, wp);
+ return 0;
+ }
+ }
+ return -ENOENT;
+}
+
+/* Remove a specific watchpoint by reference. */
+void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
+{
+ QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
+
+ tlb_flush_page(cpu, watchpoint->vaddr);
+
+ g_free(watchpoint);
+}
+
+/* Remove all matching watchpoints. */
+void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
+{
+ CPUWatchpoint *wp, *next;
+
+ QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
+ if (wp->flags & mask) {
+ cpu_watchpoint_remove_by_ref(cpu, wp);
+ }
+ }
+}
+
+/* Return true if this watchpoint address matches the specified
+ * access (ie the address range covered by the watchpoint overlaps
+ * partially or completely with the address range covered by the
+ * access).
+ */
+static inline bool watchpoint_address_matches(CPUWatchpoint *wp,
+ vaddr addr, vaddr len)
+{
+ /* We know the lengths are non-zero, but a little caution is
+ * required to avoid errors in the case where the range ends
+ * exactly at the top of the address space and so addr + len
+ * wraps round to zero.
+ */
+ vaddr wpend = wp->vaddr + wp->len - 1;
+ vaddr addrend = addr + len - 1;
+
+ return !(addr > wpend || wp->vaddr > addrend);
+}
+
+/* Return flags for watchpoints that match addr + prot. */
+int cpu_watchpoint_address_matches(CPUState *cpu, vaddr addr, vaddr len)
+{
+ CPUWatchpoint *wp;
+ int ret = 0;
+
+ QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
+ if (watchpoint_address_matches(wp, addr, len)) {
+ ret |= wp->flags;
+ }
+ }
+ return ret;
+}
+
+/* Called from RCU critical section */
+static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
+{
+ RAMBlock *block;
+
+ block = qatomic_rcu_read(&ram_list.mru_block);
+ if (block && addr - block->offset < block->max_length) {
+ return block;
+ }
+ RAMBLOCK_FOREACH(block) {
+ if (addr - block->offset < block->max_length) {
+ goto found;
+ }
+ }
+
+ fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
+ abort();
+
+found:
+ /* It is safe to write mru_block outside the iothread lock. This
+ * is what happens:
+ *
+ * mru_block = xxx
+ * rcu_read_unlock()
+ * xxx removed from list
+ * rcu_read_lock()
+ * read mru_block
+ * mru_block = NULL;
+ * call_rcu(reclaim_ramblock, xxx);
+ * rcu_read_unlock()
+ *
+ * qatomic_rcu_set is not needed here. The block was already published
+ * when it was placed into the list. Here we're just making an extra
+ * copy of the pointer.
+ */
+ ram_list.mru_block = block;
+ return block;
+}
+
+static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
+{
+ CPUState *cpu;
+ ram_addr_t start1;
+ RAMBlock *block;
+ ram_addr_t end;
+
+ assert(tcg_enabled());
+ end = TARGET_PAGE_ALIGN(start + length);
+ start &= TARGET_PAGE_MASK;
+
+ RCU_READ_LOCK_GUARD();
+ block = qemu_get_ram_block(start);
+ assert(block == qemu_get_ram_block(end - 1));
+ start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
+ CPU_FOREACH(cpu) {
+ tlb_reset_dirty(cpu, start1, length);
+ }
+}
+
+/* Note: start and end must be within the same ram block. */
+bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
+ ram_addr_t length,
+ unsigned client)
+{
+ DirtyMemoryBlocks *blocks;
+ unsigned long end, page, start_page;
+ bool dirty = false;
+ RAMBlock *ramblock;
+ uint64_t mr_offset, mr_size;
+
+ if (length == 0) {
+ return false;
+ }
+
+ end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
+ start_page = start >> TARGET_PAGE_BITS;
+ page = start_page;
+
+ WITH_RCU_READ_LOCK_GUARD() {
+ blocks = qatomic_rcu_read(&ram_list.dirty_memory[client]);
+ ramblock = qemu_get_ram_block(start);
+ /* Range sanity check on the ramblock */
+ assert(start >= ramblock->offset &&
+ start + length <= ramblock->offset + ramblock->used_length);
+
+ while (page < end) {
+ unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
+ unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
+ unsigned long num = MIN(end - page,
+ DIRTY_MEMORY_BLOCK_SIZE - offset);
+
+ dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
+ offset, num);
+ page += num;
+ }
+
+ mr_offset = (ram_addr_t)(start_page << TARGET_PAGE_BITS) - ramblock->offset;
+ mr_size = (end - start_page) << TARGET_PAGE_BITS;
+ memory_region_clear_dirty_bitmap(ramblock->mr, mr_offset, mr_size);
+ }
+
+ if (dirty && tcg_enabled()) {
+ tlb_reset_dirty_range_all(start, length);
+ }
+
+ return dirty;
+}
+
+DirtyBitmapSnapshot *cpu_physical_memory_snapshot_and_clear_dirty
+ (MemoryRegion *mr, hwaddr offset, hwaddr length, unsigned client)
+{
+ DirtyMemoryBlocks *blocks;
+ ram_addr_t start = memory_region_get_ram_addr(mr) + offset;
+ unsigned long align = 1UL << (TARGET_PAGE_BITS + BITS_PER_LEVEL);
+ ram_addr_t first = QEMU_ALIGN_DOWN(start, align);
+ ram_addr_t last = QEMU_ALIGN_UP(start + length, align);
+ DirtyBitmapSnapshot *snap;
+ unsigned long page, end, dest;
+
+ snap = g_malloc0(sizeof(*snap) +
+ ((last - first) >> (TARGET_PAGE_BITS + 3)));
+ snap->start = first;
+ snap->end = last;
+
+ page = first >> TARGET_PAGE_BITS;
+ end = last >> TARGET_PAGE_BITS;
+ dest = 0;
+
+ WITH_RCU_READ_LOCK_GUARD() {
+ blocks = qatomic_rcu_read(&ram_list.dirty_memory[client]);
+
+ while (page < end) {
+ unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
+ unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
+ unsigned long num = MIN(end - page,
+ DIRTY_MEMORY_BLOCK_SIZE - offset);
+
+ assert(QEMU_IS_ALIGNED(offset, (1 << BITS_PER_LEVEL)));
+ assert(QEMU_IS_ALIGNED(num, (1 << BITS_PER_LEVEL)));
+ offset >>= BITS_PER_LEVEL;
+
+ bitmap_copy_and_clear_atomic(snap->dirty + dest,
+ blocks->blocks[idx] + offset,
+ num);
+ page += num;
+ dest += num >> BITS_PER_LEVEL;
+ }
+ }
+
+ if (tcg_enabled()) {
+ tlb_reset_dirty_range_all(start, length);
+ }
+
+ memory_region_clear_dirty_bitmap(mr, offset, length);
+
+ return snap;
+}
+
+bool cpu_physical_memory_snapshot_get_dirty(DirtyBitmapSnapshot *snap,
+ ram_addr_t start,
+ ram_addr_t length)
+{
+ unsigned long page, end;
+
+ assert(start >= snap->start);
+ assert(start + length <= snap->end);
+
+ end = TARGET_PAGE_ALIGN(start + length - snap->start) >> TARGET_PAGE_BITS;
+ page = (start - snap->start) >> TARGET_PAGE_BITS;
+
+ while (page < end) {
+ if (test_bit(page, snap->dirty)) {
+ return true;
+ }
+ page++;
+ }
+ return false;
+}
+
+/* Called from RCU critical section */
+hwaddr memory_region_section_get_iotlb(CPUState *cpu,
+ MemoryRegionSection *section)
+{
+ AddressSpaceDispatch *d = flatview_to_dispatch(section->fv);
+ return section - d->map.sections;
+}
+
+static int subpage_register(subpage_t *mmio, uint32_t start, uint32_t end,
+ uint16_t section);
+static subpage_t *subpage_init(FlatView *fv, hwaddr base);
+
+static void *(*phys_mem_alloc)(size_t size, uint64_t *align, bool shared) =
+ qemu_anon_ram_alloc;
+
+/*
+ * Set a custom physical guest memory alloator.
+ * Accelerators with unusual needs may need this. Hopefully, we can
+ * get rid of it eventually.
+ */
+void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align, bool shared))
+{
+ phys_mem_alloc = alloc;
+}
+
+static uint16_t phys_section_add(PhysPageMap *map,
+ MemoryRegionSection *section)
+{
+ /* The physical section number is ORed with a page-aligned
+ * pointer to produce the iotlb entries. Thus it should
+ * never overflow into the page-aligned value.
+ */
+ assert(map->sections_nb < TARGET_PAGE_SIZE);
+
+ if (map->sections_nb == map->sections_nb_alloc) {
+ map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
+ map->sections = g_renew(MemoryRegionSection, map->sections,
+ map->sections_nb_alloc);
+ }
+ map->sections[map->sections_nb] = *section;
+ memory_region_ref(section->mr);
+ return map->sections_nb++;
+}
+
+static void phys_section_destroy(MemoryRegion *mr)
+{
+ bool have_sub_page = mr->subpage;
+
+ memory_region_unref(mr);
+
+ if (have_sub_page) {
+ subpage_t *subpage = container_of(mr, subpage_t, iomem);
+ object_unref(OBJECT(&subpage->iomem));
+ g_free(subpage);
+ }
+}
+
+static void phys_sections_free(PhysPageMap *map)
+{
+ while (map->sections_nb > 0) {
+ MemoryRegionSection *section = &map->sections[--map->sections_nb];
+ phys_section_destroy(section->mr);
+ }
+ g_free(map->sections);
+ g_free(map->nodes);
+}
+
+static void register_subpage(FlatView *fv, MemoryRegionSection *section)
+{
+ AddressSpaceDispatch *d = flatview_to_dispatch(fv);
+ subpage_t *subpage;
+ hwaddr base = section->offset_within_address_space
+ & TARGET_PAGE_MASK;
+ MemoryRegionSection *existing = phys_page_find(d, base);
+ MemoryRegionSection subsection = {
+ .offset_within_address_space = base,
+ .size = int128_make64(TARGET_PAGE_SIZE),
+ };
+ hwaddr start, end;
+
+ assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
+
+ if (!(existing->mr->subpage)) {
+ subpage = subpage_init(fv, base);
+ subsection.fv = fv;
+ subsection.mr = &subpage->iomem;
+ phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
+ phys_section_add(&d->map, &subsection));
+ } else {
+ subpage = container_of(existing->mr, subpage_t, iomem);
+ }
+ start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
+ end = start + int128_get64(section->size) - 1;
+ subpage_register(subpage, start, end,
+ phys_section_add(&d->map, section));
+}
+
+
+static void register_multipage(FlatView *fv,
+ MemoryRegionSection *section)
+{
+ AddressSpaceDispatch *d = flatview_to_dispatch(fv);
+ hwaddr start_addr = section->offset_within_address_space;
+ uint16_t section_index = phys_section_add(&d->map, section);
+ uint64_t num_pages = int128_get64(int128_rshift(section->size,
+ TARGET_PAGE_BITS));
+
+ assert(num_pages);
+ phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
+}
+
+/*
+ * The range in *section* may look like this:
+ *
+ * |s|PPPPPPP|s|
+ *
+ * where s stands for subpage and P for page.
+ */
+void flatview_add_to_dispatch(FlatView *fv, MemoryRegionSection *section)
+{
+ MemoryRegionSection remain = *section;
+ Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
+
+ /* register first subpage */
+ if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
+ uint64_t left = TARGET_PAGE_ALIGN(remain.offset_within_address_space)
+ - remain.offset_within_address_space;
+
+ MemoryRegionSection now = remain;
+ now.size = int128_min(int128_make64(left), now.size);
+ register_subpage(fv, &now);
+ if (int128_eq(remain.size, now.size)) {
+ return;
+ }
+ remain.size = int128_sub(remain.size, now.size);
+ remain.offset_within_address_space += int128_get64(now.size);
+ remain.offset_within_region += int128_get64(now.size);
+ }
+
+ /* register whole pages */
+ if (int128_ge(remain.size, page_size)) {
+ MemoryRegionSection now = remain;
+ now.size = int128_and(now.size, int128_neg(page_size));
+ register_multipage(fv, &now);
+ if (int128_eq(remain.size, now.size)) {
+ return;
+ }
+ remain.size = int128_sub(remain.size, now.size);
+ remain.offset_within_address_space += int128_get64(now.size);
+ remain.offset_within_region += int128_get64(now.size);
+ }
+
+ /* register last subpage */
+ register_subpage(fv, &remain);
+}
+
+void qemu_flush_coalesced_mmio_buffer(void)
+{
+ if (kvm_enabled())
+ kvm_flush_coalesced_mmio_buffer();
+}
+
+void qemu_mutex_lock_ramlist(void)
+{
+ qemu_mutex_lock(&ram_list.mutex);
+}
+
+void qemu_mutex_unlock_ramlist(void)
+{
+ qemu_mutex_unlock(&ram_list.mutex);
+}
+
+void ram_block_dump(Monitor *mon)
+{
+ RAMBlock *block;
+ char *psize;
+
+ RCU_READ_LOCK_GUARD();
+ monitor_printf(mon, "%24s %8s %18s %18s %18s\n",
+ "Block Name", "PSize", "Offset", "Used", "Total");
+ RAMBLOCK_FOREACH(block) {
+ psize = size_to_str(block->page_size);
+ monitor_printf(mon, "%24s %8s 0x%016" PRIx64 " 0x%016" PRIx64
+ " 0x%016" PRIx64 "\n", block->idstr, psize,
+ (uint64_t)block->offset,
+ (uint64_t)block->used_length,
+ (uint64_t)block->max_length);
+ g_free(psize);
+ }
+}
+
+#ifdef __linux__
+/*
+ * FIXME TOCTTOU: this iterates over memory backends' mem-path, which
+ * may or may not name the same files / on the same filesystem now as
+ * when we actually open and map them. Iterate over the file
+ * descriptors instead, and use qemu_fd_getpagesize().
+ */
+static int find_min_backend_pagesize(Object *obj, void *opaque)
+{
+ long *hpsize_min = opaque;
+
+ if (object_dynamic_cast(obj, TYPE_MEMORY_BACKEND)) {
+ HostMemoryBackend *backend = MEMORY_BACKEND(obj);
+ long hpsize = host_memory_backend_pagesize(backend);
+
+ if (host_memory_backend_is_mapped(backend) && (hpsize < *hpsize_min)) {
+ *hpsize_min = hpsize;
+ }
+ }
+
+ return 0;
+}
+
+static int find_max_backend_pagesize(Object *obj, void *opaque)
+{
+ long *hpsize_max = opaque;
+
+ if (object_dynamic_cast(obj, TYPE_MEMORY_BACKEND)) {
+ HostMemoryBackend *backend = MEMORY_BACKEND(obj);
+ long hpsize = host_memory_backend_pagesize(backend);
+
+ if (host_memory_backend_is_mapped(backend) && (hpsize > *hpsize_max)) {
+ *hpsize_max = hpsize;
+ }
+ }
+
+ return 0;
+}
+
+/*
+ * TODO: We assume right now that all mapped host memory backends are
+ * used as RAM, however some might be used for different purposes.
+ */
+long qemu_minrampagesize(void)
+{
+ long hpsize = LONG_MAX;
+ Object *memdev_root = object_resolve_path("/objects", NULL);
+
+ object_child_foreach(memdev_root, find_min_backend_pagesize, &hpsize);
+ return hpsize;
+}
+
+long qemu_maxrampagesize(void)
+{
+ long pagesize = 0;
+ Object *memdev_root = object_resolve_path("/objects", NULL);
+
+ object_child_foreach(memdev_root, find_max_backend_pagesize, &pagesize);
+ return pagesize;
+}
+#else
+long qemu_minrampagesize(void)
+{
+ return qemu_real_host_page_size;
+}
+long qemu_maxrampagesize(void)
+{
+ return qemu_real_host_page_size;
+}
+#endif
+
+#ifdef CONFIG_POSIX
+static int64_t get_file_size(int fd)
+{
+ int64_t size;
+#if defined(__linux__)
+ struct stat st;
+
+ if (fstat(fd, &st) < 0) {
+ return -errno;
+ }
+
+ /* Special handling for devdax character devices */
+ if (S_ISCHR(st.st_mode)) {
+ g_autofree char *subsystem_path = NULL;
+ g_autofree char *subsystem = NULL;
+
+ subsystem_path = g_strdup_printf("/sys/dev/char/%d:%d/subsystem",
+ major(st.st_rdev), minor(st.st_rdev));
+ subsystem = g_file_read_link(subsystem_path, NULL);
+
+ if (subsystem && g_str_has_suffix(subsystem, "/dax")) {
+ g_autofree char *size_path = NULL;
+ g_autofree char *size_str = NULL;
+
+ size_path = g_strdup_printf("/sys/dev/char/%d:%d/size",
+ major(st.st_rdev), minor(st.st_rdev));
+
+ if (g_file_get_contents(size_path, &size_str, NULL, NULL)) {
+ return g_ascii_strtoll(size_str, NULL, 0);
+ }
+ }
+ }
+#endif /* defined(__linux__) */
+
+ /* st.st_size may be zero for special files yet lseek(2) works */
+ size = lseek(fd, 0, SEEK_END);
+ if (size < 0) {
+ return -errno;
+ }
+ return size;
+}
+
+static int64_t get_file_align(int fd)
+{
+ int64_t align = -1;
+#if defined(__linux__) && defined(CONFIG_LIBDAXCTL)
+ struct stat st;
+
+ if (fstat(fd, &st) < 0) {
+ return -errno;
+ }
+
+ /* Special handling for devdax character devices */
+ if (S_ISCHR(st.st_mode)) {
+ g_autofree char *path = NULL;
+ g_autofree char *rpath = NULL;
+ struct daxctl_ctx *ctx;
+ struct daxctl_region *region;
+ int rc = 0;
+
+ path = g_strdup_printf("/sys/dev/char/%d:%d",
+ major(st.st_rdev), minor(st.st_rdev));
+ rpath = realpath(path, NULL);
+
+ rc = daxctl_new(&ctx);
+ if (rc) {
+ return -1;
+ }
+
+ daxctl_region_foreach(ctx, region) {
+ if (strstr(rpath, daxctl_region_get_path(region))) {
+ align = daxctl_region_get_align(region);
+ break;
+ }
+ }
+ daxctl_unref(ctx);
+ }
+#endif /* defined(__linux__) && defined(CONFIG_LIBDAXCTL) */
+
+ return align;
+}
+
+static int file_ram_open(const char *path,
+ const char *region_name,
+ bool *created,
+ Error **errp)
+{
+ char *filename;
+ char *sanitized_name;
+ char *c;
+ int fd = -1;
+
+ *created = false;
+ for (;;) {
+ fd = open(path, O_RDWR);
+ if (fd >= 0) {
+ /* @path names an existing file, use it */
+ break;
+ }
+ if (errno == ENOENT) {
+ /* @path names a file that doesn't exist, create it */
+ fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
+ if (fd >= 0) {
+ *created = true;
+ break;
+ }
+ } else if (errno == EISDIR) {
+ /* @path names a directory, create a file there */
+ /* Make name safe to use with mkstemp by replacing '/' with '_'. */
+ sanitized_name = g_strdup(region_name);
+ for (c = sanitized_name; *c != '\0'; c++) {
+ if (*c == '/') {
+ *c = '_';
+ }
+ }
+
+ filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
+ sanitized_name);
+ g_free(sanitized_name);
+
+ fd = mkstemp(filename);
+ if (fd >= 0) {
+ unlink(filename);
+ g_free(filename);
+ break;
+ }
+ g_free(filename);
+ }
+ if (errno != EEXIST && errno != EINTR) {
+ error_setg_errno(errp, errno,
+ "can't open backing store %s for guest RAM",
+ path);
+ return -1;
+ }
+ /*
+ * Try again on EINTR and EEXIST. The latter happens when
+ * something else creates the file between our two open().
+ */
+ }
+
+ return fd;
+}
+
+static void *file_ram_alloc(RAMBlock *block,
+ ram_addr_t memory,
+ int fd,
+ bool truncate,
+ Error **errp)
+{
+ void *area;
+
+ block->page_size = qemu_fd_getpagesize(fd);
+ if (block->mr->align % block->page_size) {
+ error_setg(errp, "alignment 0x%" PRIx64
+ " must be multiples of page size 0x%zx",
+ block->mr->align, block->page_size);
+ return NULL;
+ } else if (block->mr->align && !is_power_of_2(block->mr->align)) {
+ error_setg(errp, "alignment 0x%" PRIx64
+ " must be a power of two", block->mr->align);
+ return NULL;
+ }
+ block->mr->align = MAX(block->page_size, block->mr->align);
+#if defined(__s390x__)
+ if (kvm_enabled()) {
+ block->mr->align = MAX(block->mr->align, QEMU_VMALLOC_ALIGN);
+ }
+#endif
+
+ if (memory < block->page_size) {
+ error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
+ "or larger than page size 0x%zx",
+ memory, block->page_size);
+ return NULL;
+ }
+
+ memory = ROUND_UP(memory, block->page_size);
+
+ /*
+ * ftruncate is not supported by hugetlbfs in older
+ * hosts, so don't bother bailing out on errors.
+ * If anything goes wrong with it under other filesystems,
+ * mmap will fail.
+ *
+ * Do not truncate the non-empty backend file to avoid corrupting
+ * the existing data in the file. Disabling shrinking is not
+ * enough. For example, the current vNVDIMM implementation stores
+ * the guest NVDIMM labels at the end of the backend file. If the
+ * backend file is later extended, QEMU will not be able to find
+ * those labels. Therefore, extending the non-empty backend file
+ * is disabled as well.
+ */
+ if (truncate && ftruncate(fd, memory)) {
+ perror("ftruncate");
+ }
+
+ area = qemu_ram_mmap(fd, memory, block->mr->align,
+ block->flags & RAM_SHARED, block->flags & RAM_PMEM);
+ if (area == MAP_FAILED) {
+ error_setg_errno(errp, errno,
+ "unable to map backing store for guest RAM");
+ return NULL;
+ }
+
+ block->fd = fd;
+ return area;
+}
+#endif
+
+/* Allocate space within the ram_addr_t space that governs the
+ * dirty bitmaps.
+ * Called with the ramlist lock held.
+ */
+static ram_addr_t find_ram_offset(ram_addr_t size)
+{
+ RAMBlock *block, *next_block;
+ ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
+
+ assert(size != 0); /* it would hand out same offset multiple times */
+
+ if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
+ return 0;
+ }
+
+ RAMBLOCK_FOREACH(block) {
+ ram_addr_t candidate, next = RAM_ADDR_MAX;
+
+ /* Align blocks to start on a 'long' in the bitmap
+ * which makes the bitmap sync'ing take the fast path.
+ */
+ candidate = block->offset + block->max_length;
+ candidate = ROUND_UP(candidate, BITS_PER_LONG << TARGET_PAGE_BITS);
+
+ /* Search for the closest following block
+ * and find the gap.
+ */
+ RAMBLOCK_FOREACH(next_block) {
+ if (next_block->offset >= candidate) {
+ next = MIN(next, next_block->offset);
+ }
+ }
+
+ /* If it fits remember our place and remember the size
+ * of gap, but keep going so that we might find a smaller
+ * gap to fill so avoiding fragmentation.
+ */
+ if (next - candidate >= size && next - candidate < mingap) {
+ offset = candidate;
+ mingap = next - candidate;
+ }
+
+ trace_find_ram_offset_loop(size, candidate, offset, next, mingap);
+ }
+
+ if (offset == RAM_ADDR_MAX) {
+ fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
+ (uint64_t)size);
+ abort();
+ }
+
+ trace_find_ram_offset(size, offset);
+
+ return offset;
+}
+
+static unsigned long last_ram_page(void)
+{
+ RAMBlock *block;
+ ram_addr_t last = 0;
+
+ RCU_READ_LOCK_GUARD();
+ RAMBLOCK_FOREACH(block) {
+ last = MAX(last, block->offset + block->max_length);
+ }
+ return last >> TARGET_PAGE_BITS;
+}
+
+static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
+{
+ int ret;
+
+ /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
+ if (!machine_dump_guest_core(current_machine)) {
+ ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
+ if (ret) {
+ perror("qemu_madvise");
+ fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
+ "but dump_guest_core=off specified\n");
+ }
+ }
+}
+
+const char *qemu_ram_get_idstr(RAMBlock *rb)
+{
+ return rb->idstr;
+}
+
+void *qemu_ram_get_host_addr(RAMBlock *rb)
+{
+ return rb->host;
+}
+
+ram_addr_t qemu_ram_get_offset(RAMBlock *rb)
+{
+ return rb->offset;
+}
+
+ram_addr_t qemu_ram_get_used_length(RAMBlock *rb)
+{
+ return rb->used_length;
+}
+
+bool qemu_ram_is_shared(RAMBlock *rb)
+{
+ return rb->flags & RAM_SHARED;
+}
+
+/* Note: Only set at the start of postcopy */
+bool qemu_ram_is_uf_zeroable(RAMBlock *rb)
+{
+ return rb->flags & RAM_UF_ZEROPAGE;
+}
+
+void qemu_ram_set_uf_zeroable(RAMBlock *rb)
+{
+ rb->flags |= RAM_UF_ZEROPAGE;
+}
+
+bool qemu_ram_is_migratable(RAMBlock *rb)
+{
+ return rb->flags & RAM_MIGRATABLE;
+}
+
+void qemu_ram_set_migratable(RAMBlock *rb)
+{
+ rb->flags |= RAM_MIGRATABLE;
+}
+
+void qemu_ram_unset_migratable(RAMBlock *rb)
+{
+ rb->flags &= ~RAM_MIGRATABLE;
+}
+
+/* Called with iothread lock held. */
+void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
+{
+ RAMBlock *block;
+
+ assert(new_block);
+ assert(!new_block->idstr[0]);
+
+ if (dev) {
+ char *id = qdev_get_dev_path(dev);
+ if (id) {
+ snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
+ g_free(id);
+ }
+ }
+ pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
+
+ RCU_READ_LOCK_GUARD();
+ RAMBLOCK_FOREACH(block) {
+ if (block != new_block &&
+ !strcmp(block->idstr, new_block->idstr)) {
+ fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
+ new_block->idstr);
+ abort();
+ }
+ }
+}
+
+/* Called with iothread lock held. */
+void qemu_ram_unset_idstr(RAMBlock *block)
+{
+ /* FIXME: arch_init.c assumes that this is not called throughout
+ * migration. Ignore the problem since hot-unplug during migration
+ * does not work anyway.
+ */
+ if (block) {
+ memset(block->idstr, 0, sizeof(block->idstr));
+ }
+}
+
+size_t qemu_ram_pagesize(RAMBlock *rb)
+{
+ return rb->page_size;
+}
+
+/* Returns the largest size of page in use */
+size_t qemu_ram_pagesize_largest(void)
+{
+ RAMBlock *block;
+ size_t largest = 0;
+
+ RAMBLOCK_FOREACH(block) {
+ largest = MAX(largest, qemu_ram_pagesize(block));
+ }
+
+ return largest;
+}
+
+static int memory_try_enable_merging(void *addr, size_t len)
+{
+ if (!machine_mem_merge(current_machine)) {
+ /* disabled by the user */
+ return 0;
+ }
+
+ return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
+}
+
+/* Only legal before guest might have detected the memory size: e.g. on
+ * incoming migration, or right after reset.
+ *
+ * As memory core doesn't know how is memory accessed, it is up to
+ * resize callback to update device state and/or add assertions to detect
+ * misuse, if necessary.
+ */
+int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
+{
+ const ram_addr_t unaligned_size = newsize;
+
+ assert(block);
+
+ newsize = HOST_PAGE_ALIGN(newsize);
+
+ if (block->used_length == newsize) {
+ /*
+ * We don't have to resize the ram block (which only knows aligned
+ * sizes), however, we have to notify if the unaligned size changed.
+ */
+ if (unaligned_size != memory_region_size(block->mr)) {
+ memory_region_set_size(block->mr, unaligned_size);
+ if (block->resized) {
+ block->resized(block->idstr, unaligned_size, block->host);
+ }
+ }
+ return 0;
+ }
+
+ if (!(block->flags & RAM_RESIZEABLE)) {
+ error_setg_errno(errp, EINVAL,
+ "Length mismatch: %s: 0x" RAM_ADDR_FMT
+ " in != 0x" RAM_ADDR_FMT, block->idstr,
+ newsize, block->used_length);
+ return -EINVAL;
+ }
+
+ if (block->max_length < newsize) {
+ error_setg_errno(errp, EINVAL,
+ "Length too large: %s: 0x" RAM_ADDR_FMT
+ " > 0x" RAM_ADDR_FMT, block->idstr,
+ newsize, block->max_length);
+ return -EINVAL;
+ }
+
+ cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
+ block->used_length = newsize;
+ cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
+ DIRTY_CLIENTS_ALL);
+ memory_region_set_size(block->mr, unaligned_size);
+ if (block->resized) {
+ block->resized(block->idstr, unaligned_size, block->host);
+ }
+ return 0;
+}
+
+/*
+ * Trigger sync on the given ram block for range [start, start + length]
+ * with the backing store if one is available.
+ * Otherwise no-op.
+ * @Note: this is supposed to be a synchronous op.
+ */
+void qemu_ram_msync(RAMBlock *block, ram_addr_t start, ram_addr_t length)
+{
+ /* The requested range should fit in within the block range */
+ g_assert((start + length) <= block->used_length);
+
+#ifdef CONFIG_LIBPMEM
+ /* The lack of support for pmem should not block the sync */
+ if (ramblock_is_pmem(block)) {
+ void *addr = ramblock_ptr(block, start);
+ pmem_persist(addr, length);
+ return;
+ }
+#endif
+ if (block->fd >= 0) {
+ /**
+ * Case there is no support for PMEM or the memory has not been
+ * specified as persistent (or is not one) - use the msync.
+ * Less optimal but still achieves the same goal
+ */
+ void *addr = ramblock_ptr(block, start);
+ if (qemu_msync(addr, length, block->fd)) {
+ warn_report("%s: failed to sync memory range: start: "
+ RAM_ADDR_FMT " length: " RAM_ADDR_FMT,
+ __func__, start, length);
+ }
+ }
+}
+
+/* Called with ram_list.mutex held */
+static void dirty_memory_extend(ram_addr_t old_ram_size,
+ ram_addr_t new_ram_size)
+{
+ ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
+ DIRTY_MEMORY_BLOCK_SIZE);
+ ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
+ DIRTY_MEMORY_BLOCK_SIZE);
+ int i;
+
+ /* Only need to extend if block count increased */
+ if (new_num_blocks <= old_num_blocks) {
+ return;
+ }
+
+ for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
+ DirtyMemoryBlocks *old_blocks;
+ DirtyMemoryBlocks *new_blocks;
+ int j;
+
+ old_blocks = qatomic_rcu_read(&ram_list.dirty_memory[i]);
+ new_blocks = g_malloc(sizeof(*new_blocks) +
+ sizeof(new_blocks->blocks[0]) * new_num_blocks);
+
+ if (old_num_blocks) {
+ memcpy(new_blocks->blocks, old_blocks->blocks,
+ old_num_blocks * sizeof(old_blocks->blocks[0]));
+ }
+
+ for (j = old_num_blocks; j < new_num_blocks; j++) {
+ new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
+ }
+
+ qatomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
+
+ if (old_blocks) {
+ g_free_rcu(old_blocks, rcu);
+ }
+ }
+}
+
+static void ram_block_add(RAMBlock *new_block, Error **errp, bool shared)
+{
+ RAMBlock *block;
+ RAMBlock *last_block = NULL;
+ ram_addr_t old_ram_size, new_ram_size;
+ Error *err = NULL;
+
+ old_ram_size = last_ram_page();
+
+ qemu_mutex_lock_ramlist();
+ new_block->offset = find_ram_offset(new_block->max_length);
+
+ if (!new_block->host) {
+ if (xen_enabled()) {
+ xen_ram_alloc(new_block->offset, new_block->max_length,
+ new_block->mr, &err);
+ if (err) {
+ error_propagate(errp, err);
+ qemu_mutex_unlock_ramlist();
+ return;
+ }
+ } else {
+ new_block->host = phys_mem_alloc(new_block->max_length,
+ &new_block->mr->align, shared);
+ if (!new_block->host) {
+ error_setg_errno(errp, errno,
+ "cannot set up guest memory '%s'",
+ memory_region_name(new_block->mr));
+ qemu_mutex_unlock_ramlist();
+ return;
+ }
+ memory_try_enable_merging(new_block->host, new_block->max_length);
+ }
+ }
+
+ new_ram_size = MAX(old_ram_size,
+ (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
+ if (new_ram_size > old_ram_size) {
+ dirty_memory_extend(old_ram_size, new_ram_size);
+ }
+ /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
+ * QLIST (which has an RCU-friendly variant) does not have insertion at
+ * tail, so save the last element in last_block.
+ */
+ RAMBLOCK_FOREACH(block) {
+ last_block = block;
+ if (block->max_length < new_block->max_length) {
+ break;
+ }
+ }
+ if (block) {
+ QLIST_INSERT_BEFORE_RCU(block, new_block, next);
+ } else if (last_block) {
+ QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
+ } else { /* list is empty */
+ QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
+ }
+ ram_list.mru_block = NULL;
+
+ /* Write list before version */
+ smp_wmb();
+ ram_list.version++;
+ qemu_mutex_unlock_ramlist();
+
+ cpu_physical_memory_set_dirty_range(new_block->offset,
+ new_block->used_length,
+ DIRTY_CLIENTS_ALL);
+
+ if (new_block->host) {
+ qemu_ram_setup_dump(new_block->host, new_block->max_length);
+ qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
+ /*
+ * MADV_DONTFORK is also needed by KVM in absence of synchronous MMU
+ * Configure it unless the machine is a qtest server, in which case
+ * KVM is not used and it may be forked (eg for fuzzing purposes).
+ */
+ if (!qtest_enabled()) {
+ qemu_madvise(new_block->host, new_block->max_length,
+ QEMU_MADV_DONTFORK);
+ }
+ ram_block_notify_add(new_block->host, new_block->max_length);
+ }
+}
+
+#ifdef CONFIG_POSIX
+RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
+ uint32_t ram_flags, int fd,
+ Error **errp)
+{
+ RAMBlock *new_block;
+ Error *local_err = NULL;
+ int64_t file_size, file_align;
+
+ /* Just support these ram flags by now. */
+ assert((ram_flags & ~(RAM_SHARED | RAM_PMEM)) == 0);
+
+ if (xen_enabled()) {
+ error_setg(errp, "-mem-path not supported with Xen");
+ return NULL;
+ }
+
+ if (kvm_enabled() && !kvm_has_sync_mmu()) {
+ error_setg(errp,
+ "host lacks kvm mmu notifiers, -mem-path unsupported");
+ return NULL;
+ }
+
+ if (phys_mem_alloc != qemu_anon_ram_alloc) {
+ /*
+ * file_ram_alloc() needs to allocate just like
+ * phys_mem_alloc, but we haven't bothered to provide
+ * a hook there.
+ */
+ error_setg(errp,
+ "-mem-path not supported with this accelerator");
+ return NULL;
+ }
+
+ size = HOST_PAGE_ALIGN(size);
+ file_size = get_file_size(fd);
+ if (file_size > 0 && file_size < size) {
+ error_setg(errp, "backing store size 0x%" PRIx64
+ " does not match 'size' option 0x" RAM_ADDR_FMT,
+ file_size, size);
+ return NULL;
+ }
+
+ file_align = get_file_align(fd);
+ if (file_align > 0 && mr && file_align > mr->align) {
+ error_setg(errp, "backing store align 0x%" PRIx64
+ " is larger than 'align' option 0x%" PRIx64,
+ file_align, mr->align);
+ return NULL;
+ }
+
+ new_block = g_malloc0(sizeof(*new_block));
+ new_block->mr = mr;
+ new_block->used_length = size;
+ new_block->max_length = size;
+ new_block->flags = ram_flags;
+ new_block->host = file_ram_alloc(new_block, size, fd, !file_size, errp);
+ if (!new_block->host) {
+ g_free(new_block);
+ return NULL;
+ }
+
+ ram_block_add(new_block, &local_err, ram_flags & RAM_SHARED);
+ if (local_err) {
+ g_free(new_block);
+ error_propagate(errp, local_err);
+ return NULL;
+ }
+ return new_block;
+
+}
+
+
+RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
+ uint32_t ram_flags, const char *mem_path,
+ Error **errp)
+{
+ int fd;
+ bool created;
+ RAMBlock *block;
+
+ fd = file_ram_open(mem_path, memory_region_name(mr), &created, errp);
+ if (fd < 0) {
+ return NULL;
+ }
+
+ block = qemu_ram_alloc_from_fd(size, mr, ram_flags, fd, errp);
+ if (!block) {
+ if (created) {
+ unlink(mem_path);
+ }
+ close(fd);
+ return NULL;
+ }
+
+ return block;
+}
+#endif
+
+static
+RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
+ void (*resized)(const char*,
+ uint64_t length,
+ void *host),
+ void *host, bool resizeable, bool share,
+ MemoryRegion *mr, Error **errp)
+{
+ RAMBlock *new_block;
+ Error *local_err = NULL;
+
+ size = HOST_PAGE_ALIGN(size);
+ max_size = HOST_PAGE_ALIGN(max_size);
+ new_block = g_malloc0(sizeof(*new_block));
+ new_block->mr = mr;
+ new_block->resized = resized;
+ new_block->used_length = size;
+ new_block->max_length = max_size;
+ assert(max_size >= size);
+ new_block->fd = -1;
+ new_block->page_size = qemu_real_host_page_size;
+ new_block->host = host;
+ if (host) {
+ new_block->flags |= RAM_PREALLOC;
+ }
+ if (resizeable) {
+ new_block->flags |= RAM_RESIZEABLE;
+ }
+ ram_block_add(new_block, &local_err, share);
+ if (local_err) {
+ g_free(new_block);
+ error_propagate(errp, local_err);
+ return NULL;
+ }
+ return new_block;
+}
+
+RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
+ MemoryRegion *mr, Error **errp)
+{
+ return qemu_ram_alloc_internal(size, size, NULL, host, false,
+ false, mr, errp);
+}
+
+RAMBlock *qemu_ram_alloc(ram_addr_t size, bool share,
+ MemoryRegion *mr, Error **errp)
+{
+ return qemu_ram_alloc_internal(size, size, NULL, NULL, false,
+ share, mr, errp);
+}
+
+RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
+ void (*resized)(const char*,
+ uint64_t length,
+ void *host),
+ MemoryRegion *mr, Error **errp)
+{
+ return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true,
+ false, mr, errp);
+}
+
+static void reclaim_ramblock(RAMBlock *block)
+{
+ if (block->flags & RAM_PREALLOC) {
+ ;
+ } else if (xen_enabled()) {
+ xen_invalidate_map_cache_entry(block->host);
+#ifndef _WIN32
+ } else if (block->fd >= 0) {
+ qemu_ram_munmap(block->fd, block->host, block->max_length);
+ close(block->fd);
+#endif
+ } else {
+ qemu_anon_ram_free(block->host, block->max_length);
+ }
+ g_free(block);
+}
+
+void qemu_ram_free(RAMBlock *block)
+{
+ if (!block) {
+ return;
+ }
+
+ if (block->host) {
+ ram_block_notify_remove(block->host, block->max_length);
+ }
+
+ qemu_mutex_lock_ramlist();
+ QLIST_REMOVE_RCU(block, next);
+ ram_list.mru_block = NULL;
+ /* Write list before version */
+ smp_wmb();
+ ram_list.version++;
+ call_rcu(block, reclaim_ramblock, rcu);
+ qemu_mutex_unlock_ramlist();
+}
+
+#ifndef _WIN32
+void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
+{
+ RAMBlock *block;
+ ram_addr_t offset;
+ int flags;
+ void *area, *vaddr;
+
+ RAMBLOCK_FOREACH(block) {
+ offset = addr - block->offset;
+ if (offset < block->max_length) {
+ vaddr = ramblock_ptr(block, offset);
+ if (block->flags & RAM_PREALLOC) {
+ ;
+ } else if (xen_enabled()) {
+ abort();
+ } else {
+ flags = MAP_FIXED;
+ if (block->fd >= 0) {
+ flags |= (block->flags & RAM_SHARED ?
+ MAP_SHARED : MAP_PRIVATE);
+ area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
+ flags, block->fd, offset);
+ } else {
+ /*
+ * Remap needs to match alloc. Accelerators that
+ * set phys_mem_alloc never remap. If they did,
+ * we'd need a remap hook here.
+ */
+ assert(phys_mem_alloc == qemu_anon_ram_alloc);
+
+ flags |= MAP_PRIVATE | MAP_ANONYMOUS;
+ area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
+ flags, -1, 0);
+ }
+ if (area != vaddr) {
+ error_report("Could not remap addr: "
+ RAM_ADDR_FMT "@" RAM_ADDR_FMT "",
+ length, addr);
+ exit(1);
+ }
+ memory_try_enable_merging(vaddr, length);
+ qemu_ram_setup_dump(vaddr, length);
+ }
+ }
+ }
+}
+#endif /* !_WIN32 */
+
+/* Return a host pointer to ram allocated with qemu_ram_alloc.
+ * This should not be used for general purpose DMA. Use address_space_map
+ * or address_space_rw instead. For local memory (e.g. video ram) that the
+ * device owns, use memory_region_get_ram_ptr.
+ *
+ * Called within RCU critical section.
+ */
+void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
+{
+ RAMBlock *block = ram_block;
+
+ if (block == NULL) {
+ block = qemu_get_ram_block(addr);
+ addr -= block->offset;
+ }
+
+ if (xen_enabled() && block->host == NULL) {
+ /* We need to check if the requested address is in the RAM
+ * because we don't want to map the entire memory in QEMU.
+ * In that case just map until the end of the page.
+ */
+ if (block->offset == 0) {
+ return xen_map_cache(addr, 0, 0, false);
+ }
+
+ block->host = xen_map_cache(block->offset, block->max_length, 1, false);
+ }
+ return ramblock_ptr(block, addr);
+}
+
+/* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
+ * but takes a size argument.
+ *
+ * Called within RCU critical section.
+ */
+static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
+ hwaddr *size, bool lock)
+{
+ RAMBlock *block = ram_block;
+ if (*size == 0) {
+ return NULL;
+ }
+
+ if (block == NULL) {
+ block = qemu_get_ram_block(addr);
+ addr -= block->offset;
+ }
+ *size = MIN(*size, block->max_length - addr);
+
+ if (xen_enabled() && block->host == NULL) {
+ /* We need to check if the requested address is in the RAM
+ * because we don't want to map the entire memory in QEMU.
+ * In that case just map the requested area.
+ */
+ if (block->offset == 0) {
+ return xen_map_cache(addr, *size, lock, lock);
+ }
+
+ block->host = xen_map_cache(block->offset, block->max_length, 1, lock);
+ }
+
+ return ramblock_ptr(block, addr);
+}
+
+/* Return the offset of a hostpointer within a ramblock */
+ram_addr_t qemu_ram_block_host_offset(RAMBlock *rb, void *host)
+{
+ ram_addr_t res = (uint8_t *)host - (uint8_t *)rb->host;
+ assert((uintptr_t)host >= (uintptr_t)rb->host);
+ assert(res < rb->max_length);
+
+ return res;
+}
+
+/*
+ * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
+ * in that RAMBlock.
+ *
+ * ptr: Host pointer to look up
+ * round_offset: If true round the result offset down to a page boundary
+ * *ram_addr: set to result ram_addr
+ * *offset: set to result offset within the RAMBlock
+ *
+ * Returns: RAMBlock (or NULL if not found)
+ *
+ * By the time this function returns, the returned pointer is not protected
+ * by RCU anymore. If the caller is not within an RCU critical section and
+ * does not hold the iothread lock, it must have other means of protecting the
+ * pointer, such as a reference to the region that includes the incoming
+ * ram_addr_t.
+ */
+RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
+ ram_addr_t *offset)
+{
+ RAMBlock *block;
+ uint8_t *host = ptr;
+
+ if (xen_enabled()) {
+ ram_addr_t ram_addr;
+ RCU_READ_LOCK_GUARD();
+ ram_addr = xen_ram_addr_from_mapcache(ptr);
+ block = qemu_get_ram_block(ram_addr);
+ if (block) {
+ *offset = ram_addr - block->offset;
+ }
+ return block;
+ }
+
+ RCU_READ_LOCK_GUARD();
+ block = qatomic_rcu_read(&ram_list.mru_block);
+ if (block && block->host && host - block->host < block->max_length) {
+ goto found;
+ }
+
+ RAMBLOCK_FOREACH(block) {
+ /* This case append when the block is not mapped. */
+ if (block->host == NULL) {
+ continue;
+ }
+ if (host - block->host < block->max_length) {
+ goto found;
+ }
+ }
+
+ return NULL;
+
+found:
+ *offset = (host - block->host);
+ if (round_offset) {
+ *offset &= TARGET_PAGE_MASK;
+ }
+ return block;
+}
+
+/*
+ * Finds the named RAMBlock
+ *
+ * name: The name of RAMBlock to find
+ *
+ * Returns: RAMBlock (or NULL if not found)
+ */
+RAMBlock *qemu_ram_block_by_name(const char *name)
+{
+ RAMBlock *block;
+
+ RAMBLOCK_FOREACH(block) {
+ if (!strcmp(name, block->idstr)) {
+ return block;
+ }
+ }
+
+ return NULL;
+}
+
+/* Some of the softmmu routines need to translate from a host pointer
+ (typically a TLB entry) back to a ram offset. */
+ram_addr_t qemu_ram_addr_from_host(void *ptr)
+{
+ RAMBlock *block;
+ ram_addr_t offset;
+
+ block = qemu_ram_block_from_host(ptr, false, &offset);
+ if (!block) {
+ return RAM_ADDR_INVALID;
+ }
+
+ return block->offset + offset;
+}
+
+/* Generate a debug exception if a watchpoint has been hit. */
+void cpu_check_watchpoint(CPUState *cpu, vaddr addr, vaddr len,
+ MemTxAttrs attrs, int flags, uintptr_t ra)
+{
+ CPUClass *cc = CPU_GET_CLASS(cpu);
+ CPUWatchpoint *wp;
+
+ assert(tcg_enabled());
+ if (cpu->watchpoint_hit) {
+ /*
+ * We re-entered the check after replacing the TB.
+ * Now raise the debug interrupt so that it will
+ * trigger after the current instruction.
+ */
+ qemu_mutex_lock_iothread();
+ cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
+ qemu_mutex_unlock_iothread();
+ return;
+ }
+
+ addr = cc->adjust_watchpoint_address(cpu, addr, len);
+ QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
+ if (watchpoint_address_matches(wp, addr, len)
+ && (wp->flags & flags)) {
+ if (replay_running_debug()) {
+ /*
+ * Don't process the watchpoints when we are
+ * in a reverse debugging operation.
+ */
+ replay_breakpoint();
+ return;
+ }
+ if (flags == BP_MEM_READ) {
+ wp->flags |= BP_WATCHPOINT_HIT_READ;
+ } else {
+ wp->flags |= BP_WATCHPOINT_HIT_WRITE;
+ }
+ wp->hitaddr = MAX(addr, wp->vaddr);
+ wp->hitattrs = attrs;
+ if (!cpu->watchpoint_hit) {
+ if (wp->flags & BP_CPU &&
+ !cc->debug_check_watchpoint(cpu, wp)) {
+ wp->flags &= ~BP_WATCHPOINT_HIT;
+ continue;
+ }
+ cpu->watchpoint_hit = wp;
+
+ mmap_lock();
+ tb_check_watchpoint(cpu, ra);
+ if (wp->flags & BP_STOP_BEFORE_ACCESS) {
+ cpu->exception_index = EXCP_DEBUG;
+ mmap_unlock();
+ cpu_loop_exit_restore(cpu, ra);
+ } else {
+ /* Force execution of one insn next time. */
+ cpu->cflags_next_tb = 1 | curr_cflags();
+ mmap_unlock();
+ if (ra) {
+ cpu_restore_state(cpu, ra, true);
+ }
+ cpu_loop_exit_noexc(cpu);
+ }
+ }
+ } else {
+ wp->flags &= ~BP_WATCHPOINT_HIT;
+ }
+ }
+}
+
+static MemTxResult flatview_read(FlatView *fv, hwaddr addr,
+ MemTxAttrs attrs, void *buf, hwaddr len);
+static MemTxResult flatview_write(FlatView *fv, hwaddr addr, MemTxAttrs attrs,
+ const void *buf, hwaddr len);
+static bool flatview_access_valid(FlatView *fv, hwaddr addr, hwaddr len,
+ bool is_write, MemTxAttrs attrs);
+
+static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
+ unsigned len, MemTxAttrs attrs)
+{
+ subpage_t *subpage = opaque;
+ uint8_t buf[8];
+ MemTxResult res;
+
+#if defined(DEBUG_SUBPAGE)
+ printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
+ subpage, len, addr);
+#endif
+ res = flatview_read(subpage->fv, addr + subpage->base, attrs, buf, len);
+ if (res) {
+ return res;
+ }
+ *data = ldn_p(buf, len);
+ return MEMTX_OK;
+}
+
+static MemTxResult subpage_write(void *opaque, hwaddr addr,
+ uint64_t value, unsigned len, MemTxAttrs attrs)
+{
+ subpage_t *subpage = opaque;
+ uint8_t buf[8];
+
+#if defined(DEBUG_SUBPAGE)
+ printf("%s: subpage %p len %u addr " TARGET_FMT_plx
+ " value %"PRIx64"\n",
+ __func__, subpage, len, addr, value);
+#endif
+ stn_p(buf, len, value);
+ return flatview_write(subpage->fv, addr + subpage->base, attrs, buf, len);
+}
+
+static bool subpage_accepts(void *opaque, hwaddr addr,
+ unsigned len, bool is_write,
+ MemTxAttrs attrs)
+{
+ subpage_t *subpage = opaque;
+#if defined(DEBUG_SUBPAGE)
+ printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
+ __func__, subpage, is_write ? 'w' : 'r', len, addr);
+#endif
+
+ return flatview_access_valid(subpage->fv, addr + subpage->base,
+ len, is_write, attrs);
+}
+
+static const MemoryRegionOps subpage_ops = {
+ .read_with_attrs = subpage_read,
+ .write_with_attrs = subpage_write,
+ .impl.min_access_size = 1,
+ .impl.max_access_size = 8,
+ .valid.min_access_size = 1,
+ .valid.max_access_size = 8,
+ .valid.accepts = subpage_accepts,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static int subpage_register(subpage_t *mmio, uint32_t start, uint32_t end,
+ uint16_t section)
+{
+ int idx, eidx;
+
+ if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
+ return -1;
+ idx = SUBPAGE_IDX(start);
+ eidx = SUBPAGE_IDX(end);
+#if defined(DEBUG_SUBPAGE)
+ printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
+ __func__, mmio, start, end, idx, eidx, section);
+#endif
+ for (; idx <= eidx; idx++) {
+ mmio->sub_section[idx] = section;
+ }
+
+ return 0;
+}
+
+static subpage_t *subpage_init(FlatView *fv, hwaddr base)
+{
+ subpage_t *mmio;
+
+ /* mmio->sub_section is set to PHYS_SECTION_UNASSIGNED with g_malloc0 */
+ mmio = g_malloc0(sizeof(subpage_t) + TARGET_PAGE_SIZE * sizeof(uint16_t));
+ mmio->fv = fv;
+ mmio->base = base;
+ memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
+ NULL, TARGET_PAGE_SIZE);
+ mmio->iomem.subpage = true;
+#if defined(DEBUG_SUBPAGE)
+ printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
+ mmio, base, TARGET_PAGE_SIZE);
+#endif
+
+ return mmio;
+}
+
+static uint16_t dummy_section(PhysPageMap *map, FlatView *fv, MemoryRegion *mr)
+{
+ assert(fv);
+ MemoryRegionSection section = {
+ .fv = fv,
+ .mr = mr,
+ .offset_within_address_space = 0,
+ .offset_within_region = 0,
+ .size = int128_2_64(),
+ };
+
+ return phys_section_add(map, §ion);
+}
+
+MemoryRegionSection *iotlb_to_section(CPUState *cpu,
+ hwaddr index, MemTxAttrs attrs)
+{
+ int asidx = cpu_asidx_from_attrs(cpu, attrs);
+ CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
+ AddressSpaceDispatch *d = qatomic_rcu_read(&cpuas->memory_dispatch);
+ MemoryRegionSection *sections = d->map.sections;
+
+ return §ions[index & ~TARGET_PAGE_MASK];
+}
+
+static void io_mem_init(void)
+{
+ memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
+ NULL, UINT64_MAX);
+}
+
+AddressSpaceDispatch *address_space_dispatch_new(FlatView *fv)
+{
+ AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
+ uint16_t n;
+
+ n = dummy_section(&d->map, fv, &io_mem_unassigned);
+ assert(n == PHYS_SECTION_UNASSIGNED);
+
+ d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
+
+ return d;
+}
+
+void address_space_dispatch_free(AddressSpaceDispatch *d)
+{
+ phys_sections_free(&d->map);
+ g_free(d);
+}
+
+static void do_nothing(CPUState *cpu, run_on_cpu_data d)
+{
+}
+
+static void tcg_log_global_after_sync(MemoryListener *listener)
+{
+ CPUAddressSpace *cpuas;
+
+ /* Wait for the CPU to end the current TB. This avoids the following
+ * incorrect race:
+ *
+ * vCPU migration
+ * ---------------------- -------------------------
+ * TLB check -> slow path
+ * notdirty_mem_write
+ * write to RAM
+ * mark dirty
+ * clear dirty flag
+ * TLB check -> fast path
+ * read memory
+ * write to RAM
+ *
+ * by pushing the migration thread's memory read after the vCPU thread has
+ * written the memory.
+ */
+ if (replay_mode == REPLAY_MODE_NONE) {
+ /*
+ * VGA can make calls to this function while updating the screen.
+ * In record/replay mode this causes a deadlock, because
+ * run_on_cpu waits for rr mutex. Therefore no races are possible
+ * in this case and no need for making run_on_cpu when
+ * record/replay is not enabled.
+ */
+ cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
+ run_on_cpu(cpuas->cpu, do_nothing, RUN_ON_CPU_NULL);
+ }
+}
+
+static void tcg_commit(MemoryListener *listener)
+{
+ CPUAddressSpace *cpuas;
+ AddressSpaceDispatch *d;
+
+ assert(tcg_enabled());
+ /* since each CPU stores ram addresses in its TLB cache, we must
+ reset the modified entries */
+ cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
+ cpu_reloading_memory_map();
+ /* The CPU and TLB are protected by the iothread lock.
+ * We reload the dispatch pointer now because cpu_reloading_memory_map()
+ * may have split the RCU critical section.
+ */
+ d = address_space_to_dispatch(cpuas->as);
+ qatomic_rcu_set(&cpuas->memory_dispatch, d);
+ tlb_flush(cpuas->cpu);
+}
+
+static void memory_map_init(void)
+{
+ system_memory = g_malloc(sizeof(*system_memory));
+
+ memory_region_init(system_memory, NULL, "system", UINT64_MAX);
+ address_space_init(&address_space_memory, system_memory, "memory");
+
+ system_io = g_malloc(sizeof(*system_io));
+ memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
+ 65536);
+ address_space_init(&address_space_io, system_io, "I/O");
+}
+
+MemoryRegion *get_system_memory(void)
+{
+ return system_memory;
+}
+
+MemoryRegion *get_system_io(void)
+{
+ return system_io;
+}
+
+static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
+ hwaddr length)
+{
+ uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
+ addr += memory_region_get_ram_addr(mr);
+
+ /* No early return if dirty_log_mask is or becomes 0, because
+ * cpu_physical_memory_set_dirty_range will still call
+ * xen_modified_memory.
+ */
+ if (dirty_log_mask) {
+ dirty_log_mask =
+ cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
+ }
+ if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
+ assert(tcg_enabled());
+ tb_invalidate_phys_range(addr, addr + length);
+ dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
+ }
+ cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
+}
+
+void memory_region_flush_rom_device(MemoryRegion *mr, hwaddr addr, hwaddr size)
+{
+ /*
+ * In principle this function would work on other memory region types too,
+ * but the ROM device use case is the only one where this operation is
+ * necessary. Other memory regions should use the
+ * address_space_read/write() APIs.
+ */
+ assert(memory_region_is_romd(mr));
+
+ invalidate_and_set_dirty(mr, addr, size);
+}
+
+static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
+{
+ unsigned access_size_max = mr->ops->valid.max_access_size;
+
+ /* Regions are assumed to support 1-4 byte accesses unless
+ otherwise specified. */
+ if (access_size_max == 0) {
+ access_size_max = 4;
+ }
+
+ /* Bound the maximum access by the alignment of the address. */
+ if (!mr->ops->impl.unaligned) {
+ unsigned align_size_max = addr & -addr;
+ if (align_size_max != 0 && align_size_max < access_size_max) {
+ access_size_max = align_size_max;
+ }
+ }
+
+ /* Don't attempt accesses larger than the maximum. */
+ if (l > access_size_max) {
+ l = access_size_max;
+ }
+ l = pow2floor(l);
+
+ return l;
+}
+
+static bool prepare_mmio_access(MemoryRegion *mr)
+{
+ bool unlocked = !qemu_mutex_iothread_locked();
+ bool release_lock = false;
+
+ if (unlocked) {
+ qemu_mutex_lock_iothread();
+ unlocked = false;
+ release_lock = true;
+ }
+ if (mr->flush_coalesced_mmio) {
+ if (unlocked) {
+ qemu_mutex_lock_iothread();
+ }
+ qemu_flush_coalesced_mmio_buffer();
+ if (unlocked) {
+ qemu_mutex_unlock_iothread();
+ }
+ }
+
+ return release_lock;
+}
+
+/* Called within RCU critical section. */
+static MemTxResult flatview_write_continue(FlatView *fv, hwaddr addr,
+ MemTxAttrs attrs,
+ const void *ptr,
+ hwaddr len, hwaddr addr1,
+ hwaddr l, MemoryRegion *mr)
+{
+ uint8_t *ram_ptr;
+ uint64_t val;
+ MemTxResult result = MEMTX_OK;
+ bool release_lock = false;
+ const uint8_t *buf = ptr;
+
+ for (;;) {
+ if (!memory_access_is_direct(mr, true)) {
+ release_lock |= prepare_mmio_access(mr);
+ l = memory_access_size(mr, l, addr1);
+ /* XXX: could force current_cpu to NULL to avoid
+ potential bugs */
+ val = ldn_he_p(buf, l);
+ result |= memory_region_dispatch_write(mr, addr1, val,
+ size_memop(l), attrs);
+ } else {
+ /* RAM case */
+ ram_ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l, false);
+ memcpy(ram_ptr, buf, l);
+ invalidate_and_set_dirty(mr, addr1, l);
+ }
+
+ if (release_lock) {
+ qemu_mutex_unlock_iothread();
+ release_lock = false;
+ }
+
+ len -= l;
+ buf += l;
+ addr += l;
+
+ if (!len) {
+ break;
+ }
+
+ l = len;
+ mr = flatview_translate(fv, addr, &addr1, &l, true, attrs);
+ }
+
+ return result;
+}
+
+/* Called from RCU critical section. */
+static MemTxResult flatview_write(FlatView *fv, hwaddr addr, MemTxAttrs attrs,
+ const void *buf, hwaddr len)
+{
+ hwaddr l;
+ hwaddr addr1;
+ MemoryRegion *mr;
+ MemTxResult result = MEMTX_OK;
+
+ l = len;
+ mr = flatview_translate(fv, addr, &addr1, &l, true, attrs);
+ result = flatview_write_continue(fv, addr, attrs, buf, len,
+ addr1, l, mr);
+
+ return result;
+}
+
+/* Called within RCU critical section. */
+MemTxResult flatview_read_continue(FlatView *fv, hwaddr addr,
+ MemTxAttrs attrs, void *ptr,
+ hwaddr len, hwaddr addr1, hwaddr l,
+ MemoryRegion *mr)
+{
+ uint8_t *ram_ptr;
+ uint64_t val;
+ MemTxResult result = MEMTX_OK;
+ bool release_lock = false;
+ uint8_t *buf = ptr;
+
+ for (;;) {
+ if (!memory_access_is_direct(mr, false)) {
+ /* I/O case */
+ release_lock |= prepare_mmio_access(mr);
+ l = memory_access_size(mr, l, addr1);
+ result |= memory_region_dispatch_read(mr, addr1, &val,
+ size_memop(l), attrs);
+ stn_he_p(buf, l, val);
+ } else {
+ /* RAM case */
+ ram_ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l, false);
+ memcpy(buf, ram_ptr, l);
+ }
+
+ if (release_lock) {
+ qemu_mutex_unlock_iothread();
+ release_lock = false;
+ }
+
+ len -= l;
+ buf += l;
+ addr += l;
+
+ if (!len) {
+ break;
+ }
+
+ l = len;
+ mr = flatview_translate(fv, addr, &addr1, &l, false, attrs);
+ }
+
+ return result;
+}
+
+/* Called from RCU critical section. */
+static MemTxResult flatview_read(FlatView *fv, hwaddr addr,
+ MemTxAttrs attrs, void *buf, hwaddr len)
+{
+ hwaddr l;
+ hwaddr addr1;
+ MemoryRegion *mr;
+
+ l = len;
+ mr = flatview_translate(fv, addr, &addr1, &l, false, attrs);
+ return flatview_read_continue(fv, addr, attrs, buf, len,
+ addr1, l, mr);
+}
+
+MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
+ MemTxAttrs attrs, void *buf, hwaddr len)
+{
+ MemTxResult result = MEMTX_OK;
+ FlatView *fv;
+
+ if (len > 0) {
+ RCU_READ_LOCK_GUARD();
+ fv = address_space_to_flatview(as);
+ result = flatview_read(fv, addr, attrs, buf, len);
+ }
+
+ return result;
+}
+
+MemTxResult address_space_write(AddressSpace *as, hwaddr addr,
+ MemTxAttrs attrs,
+ const void *buf, hwaddr len)
+{
+ MemTxResult result = MEMTX_OK;
+ FlatView *fv;
+
+ if (len > 0) {
+ RCU_READ_LOCK_GUARD();
+ fv = address_space_to_flatview(as);
+ result = flatview_write(fv, addr, attrs, buf, len);
+ }
+
+ return result;
+}
+
+MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
+ void *buf, hwaddr len, bool is_write)
+{
+ if (is_write) {
+ return address_space_write(as, addr, attrs, buf, len);
+ } else {
+ return address_space_read_full(as, addr, attrs, buf, len);
+ }
+}
+
+void cpu_physical_memory_rw(hwaddr addr, void *buf,
+ hwaddr len, bool is_write)
+{
+ address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
+ buf, len, is_write);
+}
+
+enum write_rom_type {
+ WRITE_DATA,
+ FLUSH_CACHE,
+};
+
+static inline MemTxResult address_space_write_rom_internal(AddressSpace *as,
+ hwaddr addr,
+ MemTxAttrs attrs,
+ const void *ptr,
+ hwaddr len,
+ enum write_rom_type type)
+{
+ hwaddr l;
+ uint8_t *ram_ptr;
+ hwaddr addr1;
+ MemoryRegion *mr;
+ const uint8_t *buf = ptr;
+
+ RCU_READ_LOCK_GUARD();
+ while (len > 0) {
+ l = len;
+ mr = address_space_translate(as, addr, &addr1, &l, true, attrs);
+
+ if (!(memory_region_is_ram(mr) ||
+ memory_region_is_romd(mr))) {
+ l = memory_access_size(mr, l, addr1);
+ } else {
+ /* ROM/RAM case */
+ ram_ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
+ switch (type) {
+ case WRITE_DATA:
+ memcpy(ram_ptr, buf, l);
+ invalidate_and_set_dirty(mr, addr1, l);
+ break;
+ case FLUSH_CACHE:
+ flush_icache_range((uintptr_t)ram_ptr, (uintptr_t)ram_ptr + l);
+ break;
+ }
+ }
+ len -= l;
+ buf += l;
+ addr += l;
+ }
+ return MEMTX_OK;
+}
+
+/* used for ROM loading : can write in RAM and ROM */
+MemTxResult address_space_write_rom(AddressSpace *as, hwaddr addr,
+ MemTxAttrs attrs,
+ const void *buf, hwaddr len)
+{
+ return address_space_write_rom_internal(as, addr, attrs,
+ buf, len, WRITE_DATA);
+}
+
+void cpu_flush_icache_range(hwaddr start, hwaddr len)
+{
+ /*
+ * This function should do the same thing as an icache flush that was
+ * triggered from within the guest. For TCG we are always cache coherent,
+ * so there is no need to flush anything. For KVM / Xen we need to flush
+ * the host's instruction cache at least.
+ */
+ if (tcg_enabled()) {
+ return;
+ }
+
+ address_space_write_rom_internal(&address_space_memory,
+ start, MEMTXATTRS_UNSPECIFIED,
+ NULL, len, FLUSH_CACHE);
+}
+
+typedef struct {
+ MemoryRegion *mr;
+ void *buffer;
+ hwaddr addr;
+ hwaddr len;
+ bool in_use;
+} BounceBuffer;
+
+static BounceBuffer bounce;
+
+typedef struct MapClient {
+ QEMUBH *bh;
+ QLIST_ENTRY(MapClient) link;
+} MapClient;
+
+QemuMutex map_client_list_lock;
+static QLIST_HEAD(, MapClient) map_client_list
+ = QLIST_HEAD_INITIALIZER(map_client_list);
+
+static void cpu_unregister_map_client_do(MapClient *client)
+{
+ QLIST_REMOVE(client, link);
+ g_free(client);
+}
+
+static void cpu_notify_map_clients_locked(void)
+{
+ MapClient *client;
+
+ while (!QLIST_EMPTY(&map_client_list)) {
+ client = QLIST_FIRST(&map_client_list);
+ qemu_bh_schedule(client->bh);
+ cpu_unregister_map_client_do(client);
+ }
+}
+
+void cpu_register_map_client(QEMUBH *bh)
+{
+ MapClient *client = g_malloc(sizeof(*client));
+
+ qemu_mutex_lock(&map_client_list_lock);
+ client->bh = bh;
+ QLIST_INSERT_HEAD(&map_client_list, client, link);
+ if (!qatomic_read(&bounce.in_use)) {
+ cpu_notify_map_clients_locked();
+ }
+ qemu_mutex_unlock(&map_client_list_lock);
+}
+
+void cpu_exec_init_all(void)
+{
+ qemu_mutex_init(&ram_list.mutex);
+ /* The data structures we set up here depend on knowing the page size,
+ * so no more changes can be made after this point.
+ * In an ideal world, nothing we did before we had finished the
+ * machine setup would care about the target page size, and we could
+ * do this much later, rather than requiring board models to state
+ * up front what their requirements are.
+ */
+ finalize_target_page_bits();
+ io_mem_init();
+ memory_map_init();
+ qemu_mutex_init(&map_client_list_lock);
+}
+
+void cpu_unregister_map_client(QEMUBH *bh)
+{
+ MapClient *client;
+
+ qemu_mutex_lock(&map_client_list_lock);
+ QLIST_FOREACH(client, &map_client_list, link) {
+ if (client->bh == bh) {
+ cpu_unregister_map_client_do(client);
+ break;
+ }
+ }
+ qemu_mutex_unlock(&map_client_list_lock);
+}
+
+static void cpu_notify_map_clients(void)
+{
+ qemu_mutex_lock(&map_client_list_lock);
+ cpu_notify_map_clients_locked();
+ qemu_mutex_unlock(&map_client_list_lock);
+}
+
+static bool flatview_access_valid(FlatView *fv, hwaddr addr, hwaddr len,
+ bool is_write, MemTxAttrs attrs)
+{
+ MemoryRegion *mr;
+ hwaddr l, xlat;
+
+ while (len > 0) {
+ l = len;
+ mr = flatview_translate(fv, addr, &xlat, &l, is_write, attrs);
+ if (!memory_access_is_direct(mr, is_write)) {
+ l = memory_access_size(mr, l, addr);
+ if (!memory_region_access_valid(mr, xlat, l, is_write, attrs)) {
+ return false;
+ }
+ }
+
+ len -= l;
+ addr += l;
+ }
+ return true;
+}
+
+bool address_space_access_valid(AddressSpace *as, hwaddr addr,
+ hwaddr len, bool is_write,
+ MemTxAttrs attrs)
+{
+ FlatView *fv;
+ bool result;
+
+ RCU_READ_LOCK_GUARD();
+ fv = address_space_to_flatview(as);
+ result = flatview_access_valid(fv, addr, len, is_write, attrs);
+ return result;
+}
+
+static hwaddr
+flatview_extend_translation(FlatView *fv, hwaddr addr,
+ hwaddr target_len,
+ MemoryRegion *mr, hwaddr base, hwaddr len,
+ bool is_write, MemTxAttrs attrs)
+{
+ hwaddr done = 0;
+ hwaddr xlat;
+ MemoryRegion *this_mr;
+
+ for (;;) {
+ target_len -= len;
+ addr += len;
+ done += len;
+ if (target_len == 0) {
+ return done;
+ }
+
+ len = target_len;
+ this_mr = flatview_translate(fv, addr, &xlat,
+ &len, is_write, attrs);
+ if (this_mr != mr || xlat != base + done) {
+ return done;
+ }
+ }
+}
+
+/* Map a physical memory region into a host virtual address.
+ * May map a subset of the requested range, given by and returned in *plen.
+ * May return NULL if resources needed to perform the mapping are exhausted.
+ * Use only for reads OR writes - not for read-modify-write operations.
+ * Use cpu_register_map_client() to know when retrying the map operation is
+ * likely to succeed.
+ */
+void *address_space_map(AddressSpace *as,
+ hwaddr addr,
+ hwaddr *plen,
+ bool is_write,
+ MemTxAttrs attrs)
+{
+ hwaddr len = *plen;
+ hwaddr l, xlat;
+ MemoryRegion *mr;
+ void *ptr;
+ FlatView *fv;
+
+ if (len == 0) {
+ return NULL;
+ }
+
+ l = len;
+ RCU_READ_LOCK_GUARD();
+ fv = address_space_to_flatview(as);
+ mr = flatview_translate(fv, addr, &xlat, &l, is_write, attrs);
+
+ if (!memory_access_is_direct(mr, is_write)) {
+ if (qatomic_xchg(&bounce.in_use, true)) {
+ *plen = 0;
+ return NULL;
+ }
+ /* Avoid unbounded allocations */
+ l = MIN(l, TARGET_PAGE_SIZE);
+ bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
+ bounce.addr = addr;
+ bounce.len = l;
+
+ memory_region_ref(mr);
+ bounce.mr = mr;
+ if (!is_write) {
+ flatview_read(fv, addr, MEMTXATTRS_UNSPECIFIED,
+ bounce.buffer, l);
+ }
+
+ *plen = l;
+ return bounce.buffer;
+ }
+
+
+ memory_region_ref(mr);
+ *plen = flatview_extend_translation(fv, addr, len, mr, xlat,
+ l, is_write, attrs);
+ ptr = qemu_ram_ptr_length(mr->ram_block, xlat, plen, true);
+
+ return ptr;
+}
+
+/* Unmaps a memory region previously mapped by address_space_map().
+ * Will also mark the memory as dirty if is_write is true. access_len gives
+ * the amount of memory that was actually read or written by the caller.
+ */
+void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
+ bool is_write, hwaddr access_len)
+{
+ if (buffer != bounce.buffer) {
+ MemoryRegion *mr;
+ ram_addr_t addr1;
+
+ mr = memory_region_from_host(buffer, &addr1);
+ assert(mr != NULL);
+ if (is_write) {
+ invalidate_and_set_dirty(mr, addr1, access_len);
+ }
+ if (xen_enabled()) {
+ xen_invalidate_map_cache_entry(buffer);
+ }
+ memory_region_unref(mr);
+ return;
+ }
+ if (is_write) {
+ address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
+ bounce.buffer, access_len);
+ }
+ qemu_vfree(bounce.buffer);
+ bounce.buffer = NULL;
+ memory_region_unref(bounce.mr);
+ qatomic_mb_set(&bounce.in_use, false);
+ cpu_notify_map_clients();
+}
+
+void *cpu_physical_memory_map(hwaddr addr,
+ hwaddr *plen,
+ bool is_write)
+{
+ return address_space_map(&address_space_memory, addr, plen, is_write,
+ MEMTXATTRS_UNSPECIFIED);
+}
+
+void cpu_physical_memory_unmap(void *buffer, hwaddr len,
+ bool is_write, hwaddr access_len)
+{
+ return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
+}
+
+#define ARG1_DECL AddressSpace *as
+#define ARG1 as
+#define SUFFIX
+#define TRANSLATE(...) address_space_translate(as, __VA_ARGS__)
+#define RCU_READ_LOCK(...) rcu_read_lock()
+#define RCU_READ_UNLOCK(...) rcu_read_unlock()
+#include "memory_ldst.c.inc"
+
+int64_t address_space_cache_init(MemoryRegionCache *cache,
+ AddressSpace *as,
+ hwaddr addr,
+ hwaddr len,
+ bool is_write)
+{
+ AddressSpaceDispatch *d;
+ hwaddr l;
+ MemoryRegion *mr;
+
+ assert(len > 0);
+
+ l = len;
+ cache->fv = address_space_get_flatview(as);
+ d = flatview_to_dispatch(cache->fv);
+ cache->mrs = *address_space_translate_internal(d, addr, &cache->xlat, &l, true);
+
+ mr = cache->mrs.mr;
+ memory_region_ref(mr);
+ if (memory_access_is_direct(mr, is_write)) {
+ /* We don't care about the memory attributes here as we're only
+ * doing this if we found actual RAM, which behaves the same
+ * regardless of attributes; so UNSPECIFIED is fine.
+ */
+ l = flatview_extend_translation(cache->fv, addr, len, mr,
+ cache->xlat, l, is_write,
+ MEMTXATTRS_UNSPECIFIED);
+ cache->ptr = qemu_ram_ptr_length(mr->ram_block, cache->xlat, &l, true);
+ } else {
+ cache->ptr = NULL;
+ }
+
+ cache->len = l;
+ cache->is_write = is_write;
+ return l;
+}
+
+void address_space_cache_invalidate(MemoryRegionCache *cache,
+ hwaddr addr,
+ hwaddr access_len)
+{
+ assert(cache->is_write);
+ if (likely(cache->ptr)) {
+ invalidate_and_set_dirty(cache->mrs.mr, addr + cache->xlat, access_len);
+ }
+}
+
+void address_space_cache_destroy(MemoryRegionCache *cache)
+{
+ if (!cache->mrs.mr) {
+ return;
+ }
+
+ if (xen_enabled()) {
+ xen_invalidate_map_cache_entry(cache->ptr);
+ }
+ memory_region_unref(cache->mrs.mr);
+ flatview_unref(cache->fv);
+ cache->mrs.mr = NULL;
+ cache->fv = NULL;
+}
+
+/* Called from RCU critical section. This function has the same
+ * semantics as address_space_translate, but it only works on a
+ * predefined range of a MemoryRegion that was mapped with
+ * address_space_cache_init.
+ */
+static inline MemoryRegion *address_space_translate_cached(
+ MemoryRegionCache *cache, hwaddr addr, hwaddr *xlat,
+ hwaddr *plen, bool is_write, MemTxAttrs attrs)
+{
+ MemoryRegionSection section;
+ MemoryRegion *mr;
+ IOMMUMemoryRegion *iommu_mr;
+ AddressSpace *target_as;
+
+ assert(!cache->ptr);
+ *xlat = addr + cache->xlat;
+
+ mr = cache->mrs.mr;
+ iommu_mr = memory_region_get_iommu(mr);
+ if (!iommu_mr) {
+ /* MMIO region. */
+ return mr;
+ }
+
+ section = address_space_translate_iommu(iommu_mr, xlat, plen,
+ NULL, is_write, true,
+ &target_as, attrs);
+ return section.mr;
+}
+
+/* Called from RCU critical section. address_space_read_cached uses this
+ * out of line function when the target is an MMIO or IOMMU region.
+ */
+MemTxResult
+address_space_read_cached_slow(MemoryRegionCache *cache, hwaddr addr,
+ void *buf, hwaddr len)
+{
+ hwaddr addr1, l;
+ MemoryRegion *mr;
+
+ l = len;
+ mr = address_space_translate_cached(cache, addr, &addr1, &l, false,
+ MEMTXATTRS_UNSPECIFIED);
+ return flatview_read_continue(cache->fv,
+ addr, MEMTXATTRS_UNSPECIFIED, buf, len,
+ addr1, l, mr);
+}
+
+/* Called from RCU critical section. address_space_write_cached uses this
+ * out of line function when the target is an MMIO or IOMMU region.
+ */
+MemTxResult
+address_space_write_cached_slow(MemoryRegionCache *cache, hwaddr addr,
+ const void *buf, hwaddr len)
+{
+ hwaddr addr1, l;
+ MemoryRegion *mr;
+
+ l = len;
+ mr = address_space_translate_cached(cache, addr, &addr1, &l, true,
+ MEMTXATTRS_UNSPECIFIED);
+ return flatview_write_continue(cache->fv,
+ addr, MEMTXATTRS_UNSPECIFIED, buf, len,
+ addr1, l, mr);
+}
+
+#define ARG1_DECL MemoryRegionCache *cache
+#define ARG1 cache
+#define SUFFIX _cached_slow
+#define TRANSLATE(...) address_space_translate_cached(cache, __VA_ARGS__)
+#define RCU_READ_LOCK() ((void)0)
+#define RCU_READ_UNLOCK() ((void)0)
+#include "memory_ldst.c.inc"
+
+/* virtual memory access for debug (includes writing to ROM) */
+int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
+ void *ptr, target_ulong len, bool is_write)
+{
+ hwaddr phys_addr;
+ target_ulong l, page;
+ uint8_t *buf = ptr;
+
+ cpu_synchronize_state(cpu);
+ while (len > 0) {
+ int asidx;
+ MemTxAttrs attrs;
+ MemTxResult res;
+
+ page = addr & TARGET_PAGE_MASK;
+ phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
+ asidx = cpu_asidx_from_attrs(cpu, attrs);
+ /* if no physical page mapped, return an error */
+ if (phys_addr == -1)
+ return -1;
+ l = (page + TARGET_PAGE_SIZE) - addr;
+ if (l > len)
+ l = len;
+ phys_addr += (addr & ~TARGET_PAGE_MASK);
+ if (is_write) {
+ res = address_space_write_rom(cpu->cpu_ases[asidx].as, phys_addr,
+ attrs, buf, l);
+ } else {
+ res = address_space_read(cpu->cpu_ases[asidx].as, phys_addr,
+ attrs, buf, l);
+ }
+ if (res != MEMTX_OK) {
+ return -1;
+ }
+ len -= l;
+ buf += l;
+ addr += l;
+ }
+ return 0;
+}
+
+/*
+ * Allows code that needs to deal with migration bitmaps etc to still be built
+ * target independent.
+ */
+size_t qemu_target_page_size(void)
+{
+ return TARGET_PAGE_SIZE;
+}
+
+int qemu_target_page_bits(void)
+{
+ return TARGET_PAGE_BITS;
+}
+
+int qemu_target_page_bits_min(void)
+{
+ return TARGET_PAGE_BITS_MIN;
+}
+
+bool cpu_physical_memory_is_io(hwaddr phys_addr)
+{
+ MemoryRegion*mr;
+ hwaddr l = 1;
+ bool res;
+
+ RCU_READ_LOCK_GUARD();
+ mr = address_space_translate(&address_space_memory,
+ phys_addr, &phys_addr, &l, false,
+ MEMTXATTRS_UNSPECIFIED);
+
+ res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
+ return res;
+}
+
+int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
+{
+ RAMBlock *block;
+ int ret = 0;
+
+ RCU_READ_LOCK_GUARD();
+ RAMBLOCK_FOREACH(block) {
+ ret = func(block, opaque);
+ if (ret) {
+ break;
+ }
+ }
+ return ret;
+}
+
+/*
+ * Unmap pages of memory from start to start+length such that
+ * they a) read as 0, b) Trigger whatever fault mechanism
+ * the OS provides for postcopy.
+ * The pages must be unmapped by the end of the function.
+ * Returns: 0 on success, none-0 on failure
+ *
+ */
+int ram_block_discard_range(RAMBlock *rb, uint64_t start, size_t length)
+{
+ int ret = -1;
+
+ uint8_t *host_startaddr = rb->host + start;
+
+ if (!QEMU_PTR_IS_ALIGNED(host_startaddr, rb->page_size)) {
+ error_report("ram_block_discard_range: Unaligned start address: %p",
+ host_startaddr);
+ goto err;
+ }
+
+ if ((start + length) <= rb->used_length) {
+ bool need_madvise, need_fallocate;
+ if (!QEMU_IS_ALIGNED(length, rb->page_size)) {
+ error_report("ram_block_discard_range: Unaligned length: %zx",
+ length);
+ goto err;
+ }
+
+ errno = ENOTSUP; /* If we are missing MADVISE etc */
+
+ /* The logic here is messy;
+ * madvise DONTNEED fails for hugepages
+ * fallocate works on hugepages and shmem
+ */
+ need_madvise = (rb->page_size == qemu_host_page_size);
+ need_fallocate = rb->fd != -1;
+ if (need_fallocate) {
+ /* For a file, this causes the area of the file to be zero'd
+ * if read, and for hugetlbfs also causes it to be unmapped
+ * so a userfault will trigger.
+ */
+#ifdef CONFIG_FALLOCATE_PUNCH_HOLE
+ ret = fallocate(rb->fd, FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
+ start, length);
+ if (ret) {
+ ret = -errno;
+ error_report("ram_block_discard_range: Failed to fallocate "
+ "%s:%" PRIx64 " +%zx (%d)",
+ rb->idstr, start, length, ret);
+ goto err;
+ }
+#else
+ ret = -ENOSYS;
+ error_report("ram_block_discard_range: fallocate not available/file"
+ "%s:%" PRIx64 " +%zx (%d)",
+ rb->idstr, start, length, ret);
+ goto err;
+#endif
+ }
+ if (need_madvise) {
+ /* For normal RAM this causes it to be unmapped,
+ * for shared memory it causes the local mapping to disappear
+ * and to fall back on the file contents (which we just
+ * fallocate'd away).
+ */
+#if defined(CONFIG_MADVISE)
+ ret = madvise(host_startaddr, length, MADV_DONTNEED);
+ if (ret) {
+ ret = -errno;
+ error_report("ram_block_discard_range: Failed to discard range "
+ "%s:%" PRIx64 " +%zx (%d)",
+ rb->idstr, start, length, ret);
+ goto err;
+ }
+#else
+ ret = -ENOSYS;
+ error_report("ram_block_discard_range: MADVISE not available"
+ "%s:%" PRIx64 " +%zx (%d)",
+ rb->idstr, start, length, ret);
+ goto err;
+#endif
+ }
+ trace_ram_block_discard_range(rb->idstr, host_startaddr, length,
+ need_madvise, need_fallocate, ret);
+ } else {
+ error_report("ram_block_discard_range: Overrun block '%s' (%" PRIu64
+ "/%zx/" RAM_ADDR_FMT")",
+ rb->idstr, start, length, rb->used_length);
+ }
+
+err:
+ return ret;
+}
+
+bool ramblock_is_pmem(RAMBlock *rb)
+{
+ return rb->flags & RAM_PMEM;
+}
+
+static void mtree_print_phys_entries(int start, int end, int skip, int ptr)
+{
+ if (start == end - 1) {
+ qemu_printf("\t%3d ", start);
+ } else {
+ qemu_printf("\t%3d..%-3d ", start, end - 1);
+ }
+ qemu_printf(" skip=%d ", skip);
+ if (ptr == PHYS_MAP_NODE_NIL) {
+ qemu_printf(" ptr=NIL");
+ } else if (!skip) {
+ qemu_printf(" ptr=#%d", ptr);
+ } else {
+ qemu_printf(" ptr=[%d]", ptr);
+ }
+ qemu_printf("\n");
+}
+
+#define MR_SIZE(size) (int128_nz(size) ? (hwaddr)int128_get64( \
+ int128_sub((size), int128_one())) : 0)
+
+void mtree_print_dispatch(AddressSpaceDispatch *d, MemoryRegion *root)
+{
+ int i;
+
+ qemu_printf(" Dispatch\n");
+ qemu_printf(" Physical sections\n");
+
+ for (i = 0; i < d->map.sections_nb; ++i) {
+ MemoryRegionSection *s = d->map.sections + i;
+ const char *names[] = { " [unassigned]", " [not dirty]",
+ " [ROM]", " [watch]" };
+
+ qemu_printf(" #%d @" TARGET_FMT_plx ".." TARGET_FMT_plx
+ " %s%s%s%s%s",
+ i,
+ s->offset_within_address_space,
+ s->offset_within_address_space + MR_SIZE(s->mr->size),
+ s->mr->name ? s->mr->name : "(noname)",
+ i < ARRAY_SIZE(names) ? names[i] : "",
+ s->mr == root ? " [ROOT]" : "",
+ s == d->mru_section ? " [MRU]" : "",
+ s->mr->is_iommu ? " [iommu]" : "");
+
+ if (s->mr->alias) {
+ qemu_printf(" alias=%s", s->mr->alias->name ?
+ s->mr->alias->name : "noname");
+ }
+ qemu_printf("\n");
+ }
+
+ qemu_printf(" Nodes (%d bits per level, %d levels) ptr=[%d] skip=%d\n",
+ P_L2_BITS, P_L2_LEVELS, d->phys_map.ptr, d->phys_map.skip);
+ for (i = 0; i < d->map.nodes_nb; ++i) {
+ int j, jprev;
+ PhysPageEntry prev;
+ Node *n = d->map.nodes + i;
+
+ qemu_printf(" [%d]\n", i);
+
+ for (j = 0, jprev = 0, prev = *n[0]; j < ARRAY_SIZE(*n); ++j) {
+ PhysPageEntry *pe = *n + j;
+
+ if (pe->ptr == prev.ptr && pe->skip == prev.skip) {
+ continue;
+ }
+
+ mtree_print_phys_entries(jprev, j, prev.skip, prev.ptr);
+
+ jprev = j;
+ prev = *pe;
+ }
+
+ if (jprev != ARRAY_SIZE(*n)) {
+ mtree_print_phys_entries(jprev, j, prev.skip, prev.ptr);
+ }
+ }
+}
+
+/*
+ * If positive, discarding RAM is disabled. If negative, discarding RAM is
+ * required to work and cannot be disabled.
+ */
+static int ram_block_discard_disabled;
+
+int ram_block_discard_disable(bool state)
+{
+ int old;
+
+ if (!state) {
+ qatomic_dec(&ram_block_discard_disabled);
+ return 0;
+ }
+
+ do {
+ old = qatomic_read(&ram_block_discard_disabled);
+ if (old < 0) {
+ return -EBUSY;
+ }
+ } while (qatomic_cmpxchg(&ram_block_discard_disabled,
+ old, old + 1) != old);
+ return 0;
+}
+
+int ram_block_discard_require(bool state)
+{
+ int old;
+
+ if (!state) {
+ qatomic_inc(&ram_block_discard_disabled);
+ return 0;
+ }
+
+ do {
+ old = qatomic_read(&ram_block_discard_disabled);
+ if (old > 0) {
+ return -EBUSY;
+ }
+ } while (qatomic_cmpxchg(&ram_block_discard_disabled,
+ old, old - 1) != old);
+ return 0;
+}
+
+bool ram_block_discard_is_disabled(void)
+{
+ return qatomic_read(&ram_block_discard_disabled) > 0;
+}
+
+bool ram_block_discard_is_required(void)
+{
+ return qatomic_read(&ram_block_discard_disabled) < 0;
+}
--- /dev/null
+/*
+ * Dynamic device configuration and creation.
+ *
+ * Copyright (c) 2009 CodeSourcery
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "monitor/hmp.h"
+#include "monitor/monitor.h"
+#include "monitor/qdev.h"
+#include "sysemu/arch_init.h"
+#include "qapi/error.h"
+#include "qapi/qapi-commands-qdev.h"
+#include "qapi/qmp/qdict.h"
+#include "qapi/qmp/qerror.h"
+#include "qemu/config-file.h"
+#include "qemu/error-report.h"
+#include "qemu/help_option.h"
+#include "qemu/option.h"
+#include "qemu/qemu-print.h"
+#include "qemu/option_int.h"
+#include "sysemu/block-backend.h"
+#include "sysemu/sysemu.h"
+#include "migration/misc.h"
+#include "migration/migration.h"
+#include "qemu/cutils.h"
+#include "hw/clock.h"
+
+/*
+ * Aliases were a bad idea from the start. Let's keep them
+ * from spreading further.
+ */
+typedef struct QDevAlias
+{
+ const char *typename;
+ const char *alias;
+ uint32_t arch_mask;
+} QDevAlias;
+
+/* Please keep this table sorted by typename. */
+static const QDevAlias qdev_alias_table[] = {
+ { "AC97", "ac97" }, /* -soundhw name */
+ { "e1000", "e1000-82540em" },
+ { "ES1370", "es1370" }, /* -soundhw name */
+ { "ich9-ahci", "ahci" },
+ { "lsi53c895a", "lsi" },
+ { "virtio-9p-ccw", "virtio-9p", QEMU_ARCH_S390X },
+ { "virtio-9p-pci", "virtio-9p", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+ { "virtio-balloon-ccw", "virtio-balloon", QEMU_ARCH_S390X },
+ { "virtio-balloon-pci", "virtio-balloon",
+ QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+ { "virtio-blk-ccw", "virtio-blk", QEMU_ARCH_S390X },
+ { "virtio-blk-pci", "virtio-blk", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+ { "virtio-gpu-ccw", "virtio-gpu", QEMU_ARCH_S390X },
+ { "virtio-gpu-pci", "virtio-gpu", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+ { "virtio-input-host-ccw", "virtio-input-host", QEMU_ARCH_S390X },
+ { "virtio-input-host-pci", "virtio-input-host",
+ QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+ { "virtio-iommu-pci", "virtio-iommu", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+ { "virtio-keyboard-ccw", "virtio-keyboard", QEMU_ARCH_S390X },
+ { "virtio-keyboard-pci", "virtio-keyboard",
+ QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+ { "virtio-mouse-ccw", "virtio-mouse", QEMU_ARCH_S390X },
+ { "virtio-mouse-pci", "virtio-mouse", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+ { "virtio-net-ccw", "virtio-net", QEMU_ARCH_S390X },
+ { "virtio-net-pci", "virtio-net", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+ { "virtio-rng-ccw", "virtio-rng", QEMU_ARCH_S390X },
+ { "virtio-rng-pci", "virtio-rng", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+ { "virtio-scsi-ccw", "virtio-scsi", QEMU_ARCH_S390X },
+ { "virtio-scsi-pci", "virtio-scsi", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+ { "virtio-serial-ccw", "virtio-serial", QEMU_ARCH_S390X },
+ { "virtio-serial-pci", "virtio-serial", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+ { "virtio-tablet-ccw", "virtio-tablet", QEMU_ARCH_S390X },
+ { "virtio-tablet-pci", "virtio-tablet", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+ { }
+};
+
+static const char *qdev_class_get_alias(DeviceClass *dc)
+{
+ const char *typename = object_class_get_name(OBJECT_CLASS(dc));
+ int i;
+
+ for (i = 0; qdev_alias_table[i].typename; i++) {
+ if (qdev_alias_table[i].arch_mask &&
+ !(qdev_alias_table[i].arch_mask & arch_type)) {
+ continue;
+ }
+
+ if (strcmp(qdev_alias_table[i].typename, typename) == 0) {
+ return qdev_alias_table[i].alias;
+ }
+ }
+
+ return NULL;
+}
+
+static bool qdev_class_has_alias(DeviceClass *dc)
+{
+ return (qdev_class_get_alias(dc) != NULL);
+}
+
+static void qdev_print_devinfo(DeviceClass *dc)
+{
+ qemu_printf("name \"%s\"", object_class_get_name(OBJECT_CLASS(dc)));
+ if (dc->bus_type) {
+ qemu_printf(", bus %s", dc->bus_type);
+ }
+ if (qdev_class_has_alias(dc)) {
+ qemu_printf(", alias \"%s\"", qdev_class_get_alias(dc));
+ }
+ if (dc->desc) {
+ qemu_printf(", desc \"%s\"", dc->desc);
+ }
+ if (!dc->user_creatable) {
+ qemu_printf(", no-user");
+ }
+ qemu_printf("\n");
+}
+
+static void qdev_print_devinfos(bool show_no_user)
+{
+ static const char *cat_name[DEVICE_CATEGORY_MAX + 1] = {
+ [DEVICE_CATEGORY_BRIDGE] = "Controller/Bridge/Hub",
+ [DEVICE_CATEGORY_USB] = "USB",
+ [DEVICE_CATEGORY_STORAGE] = "Storage",
+ [DEVICE_CATEGORY_NETWORK] = "Network",
+ [DEVICE_CATEGORY_INPUT] = "Input",
+ [DEVICE_CATEGORY_DISPLAY] = "Display",
+ [DEVICE_CATEGORY_SOUND] = "Sound",
+ [DEVICE_CATEGORY_MISC] = "Misc",
+ [DEVICE_CATEGORY_CPU] = "CPU",
+ [DEVICE_CATEGORY_MAX] = "Uncategorized",
+ };
+ GSList *list, *elt;
+ int i;
+ bool cat_printed;
+
+ module_load_qom_all();
+ list = object_class_get_list_sorted(TYPE_DEVICE, false);
+
+ for (i = 0; i <= DEVICE_CATEGORY_MAX; i++) {
+ cat_printed = false;
+ for (elt = list; elt; elt = elt->next) {
+ DeviceClass *dc = OBJECT_CLASS_CHECK(DeviceClass, elt->data,
+ TYPE_DEVICE);
+ if ((i < DEVICE_CATEGORY_MAX
+ ? !test_bit(i, dc->categories)
+ : !bitmap_empty(dc->categories, DEVICE_CATEGORY_MAX))
+ || (!show_no_user
+ && !dc->user_creatable)) {
+ continue;
+ }
+ if (!cat_printed) {
+ qemu_printf("%s%s devices:\n", i ? "\n" : "", cat_name[i]);
+ cat_printed = true;
+ }
+ qdev_print_devinfo(dc);
+ }
+ }
+
+ g_slist_free(list);
+}
+
+static int set_property(void *opaque, const char *name, const char *value,
+ Error **errp)
+{
+ Object *obj = opaque;
+
+ if (strcmp(name, "driver") == 0)
+ return 0;
+ if (strcmp(name, "bus") == 0)
+ return 0;
+
+ if (!object_property_parse(obj, name, value, errp)) {
+ return -1;
+ }
+ return 0;
+}
+
+static const char *find_typename_by_alias(const char *alias)
+{
+ int i;
+
+ for (i = 0; qdev_alias_table[i].alias; i++) {
+ if (qdev_alias_table[i].arch_mask &&
+ !(qdev_alias_table[i].arch_mask & arch_type)) {
+ continue;
+ }
+
+ if (strcmp(qdev_alias_table[i].alias, alias) == 0) {
+ return qdev_alias_table[i].typename;
+ }
+ }
+
+ return NULL;
+}
+
+static DeviceClass *qdev_get_device_class(const char **driver, Error **errp)
+{
+ ObjectClass *oc;
+ DeviceClass *dc;
+ const char *original_name = *driver;
+
+ oc = module_object_class_by_name(*driver);
+ if (!oc) {
+ const char *typename = find_typename_by_alias(*driver);
+
+ if (typename) {
+ *driver = typename;
+ oc = module_object_class_by_name(*driver);
+ }
+ }
+
+ if (!object_class_dynamic_cast(oc, TYPE_DEVICE)) {
+ if (*driver != original_name) {
+ error_setg(errp, "'%s' (alias '%s') is not a valid device model"
+ " name", original_name, *driver);
+ } else {
+ error_setg(errp, "'%s' is not a valid device model name", *driver);
+ }
+ return NULL;
+ }
+
+ if (object_class_is_abstract(oc)) {
+ error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "driver",
+ "non-abstract device type");
+ return NULL;
+ }
+
+ dc = DEVICE_CLASS(oc);
+ if (!dc->user_creatable ||
+ (qdev_hotplug && !dc->hotpluggable)) {
+ error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "driver",
+ "pluggable device type");
+ return NULL;
+ }
+
+ return dc;
+}
+
+
+int qdev_device_help(QemuOpts *opts)
+{
+ Error *local_err = NULL;
+ const char *driver;
+ ObjectPropertyInfoList *prop_list;
+ ObjectPropertyInfoList *prop;
+ GPtrArray *array;
+ int i;
+
+ driver = qemu_opt_get(opts, "driver");
+ if (driver && is_help_option(driver)) {
+ qdev_print_devinfos(false);
+ return 1;
+ }
+
+ if (!driver || !qemu_opt_has_help_opt(opts)) {
+ return 0;
+ }
+
+ if (!object_class_by_name(driver)) {
+ const char *typename = find_typename_by_alias(driver);
+
+ if (typename) {
+ driver = typename;
+ }
+ }
+
+ prop_list = qmp_device_list_properties(driver, &local_err);
+ if (local_err) {
+ goto error;
+ }
+
+ if (prop_list) {
+ qemu_printf("%s options:\n", driver);
+ } else {
+ qemu_printf("There are no options for %s.\n", driver);
+ }
+ array = g_ptr_array_new();
+ for (prop = prop_list; prop; prop = prop->next) {
+ g_ptr_array_add(array,
+ object_property_help(prop->value->name,
+ prop->value->type,
+ prop->value->default_value,
+ prop->value->description));
+ }
+ g_ptr_array_sort(array, (GCompareFunc)qemu_pstrcmp0);
+ for (i = 0; i < array->len; i++) {
+ qemu_printf("%s\n", (char *)array->pdata[i]);
+ }
+ g_ptr_array_set_free_func(array, g_free);
+ g_ptr_array_free(array, true);
+ qapi_free_ObjectPropertyInfoList(prop_list);
+ return 1;
+
+error:
+ error_report_err(local_err);
+ return 1;
+}
+
+static Object *qdev_get_peripheral(void)
+{
+ static Object *dev;
+
+ if (dev == NULL) {
+ dev = container_get(qdev_get_machine(), "/peripheral");
+ }
+
+ return dev;
+}
+
+static Object *qdev_get_peripheral_anon(void)
+{
+ static Object *dev;
+
+ if (dev == NULL) {
+ dev = container_get(qdev_get_machine(), "/peripheral-anon");
+ }
+
+ return dev;
+}
+
+static void qbus_error_append_bus_list_hint(DeviceState *dev,
+ Error *const *errp)
+{
+ BusState *child;
+ const char *sep = " ";
+
+ error_append_hint(errp, "child buses at \"%s\":",
+ dev->id ? dev->id : object_get_typename(OBJECT(dev)));
+ QLIST_FOREACH(child, &dev->child_bus, sibling) {
+ error_append_hint(errp, "%s\"%s\"", sep, child->name);
+ sep = ", ";
+ }
+ error_append_hint(errp, "\n");
+}
+
+static void qbus_error_append_dev_list_hint(BusState *bus,
+ Error *const *errp)
+{
+ BusChild *kid;
+ const char *sep = " ";
+
+ error_append_hint(errp, "devices at \"%s\":", bus->name);
+ QTAILQ_FOREACH(kid, &bus->children, sibling) {
+ DeviceState *dev = kid->child;
+ error_append_hint(errp, "%s\"%s\"", sep,
+ object_get_typename(OBJECT(dev)));
+ if (dev->id) {
+ error_append_hint(errp, "/\"%s\"", dev->id);
+ }
+ sep = ", ";
+ }
+ error_append_hint(errp, "\n");
+}
+
+static BusState *qbus_find_bus(DeviceState *dev, char *elem)
+{
+ BusState *child;
+
+ QLIST_FOREACH(child, &dev->child_bus, sibling) {
+ if (strcmp(child->name, elem) == 0) {
+ return child;
+ }
+ }
+ return NULL;
+}
+
+static DeviceState *qbus_find_dev(BusState *bus, char *elem)
+{
+ BusChild *kid;
+
+ /*
+ * try to match in order:
+ * (1) instance id, if present
+ * (2) driver name
+ * (3) driver alias, if present
+ */
+ QTAILQ_FOREACH(kid, &bus->children, sibling) {
+ DeviceState *dev = kid->child;
+ if (dev->id && strcmp(dev->id, elem) == 0) {
+ return dev;
+ }
+ }
+ QTAILQ_FOREACH(kid, &bus->children, sibling) {
+ DeviceState *dev = kid->child;
+ if (strcmp(object_get_typename(OBJECT(dev)), elem) == 0) {
+ return dev;
+ }
+ }
+ QTAILQ_FOREACH(kid, &bus->children, sibling) {
+ DeviceState *dev = kid->child;
+ DeviceClass *dc = DEVICE_GET_CLASS(dev);
+
+ if (qdev_class_has_alias(dc) &&
+ strcmp(qdev_class_get_alias(dc), elem) == 0) {
+ return dev;
+ }
+ }
+ return NULL;
+}
+
+static inline bool qbus_is_full(BusState *bus)
+{
+ BusClass *bus_class = BUS_GET_CLASS(bus);
+ return bus_class->max_dev && bus->num_children >= bus_class->max_dev;
+}
+
+/*
+ * Search the tree rooted at @bus for a bus.
+ * If @name, search for a bus with that name. Note that bus names
+ * need not be unique. Yes, that's screwed up.
+ * Else search for a bus that is a subtype of @bus_typename.
+ * If more than one exists, prefer one that can take another device.
+ * Return the bus if found, else %NULL.
+ */
+static BusState *qbus_find_recursive(BusState *bus, const char *name,
+ const char *bus_typename)
+{
+ BusChild *kid;
+ BusState *pick, *child, *ret;
+ bool match;
+
+ assert(name || bus_typename);
+ if (name) {
+ match = !strcmp(bus->name, name);
+ } else {
+ match = !!object_dynamic_cast(OBJECT(bus), bus_typename);
+ }
+
+ if (match && !qbus_is_full(bus)) {
+ return bus; /* root matches and isn't full */
+ }
+
+ pick = match ? bus : NULL;
+
+ QTAILQ_FOREACH(kid, &bus->children, sibling) {
+ DeviceState *dev = kid->child;
+ QLIST_FOREACH(child, &dev->child_bus, sibling) {
+ ret = qbus_find_recursive(child, name, bus_typename);
+ if (ret && !qbus_is_full(ret)) {
+ return ret; /* a descendant matches and isn't full */
+ }
+ if (ret && !pick) {
+ pick = ret;
+ }
+ }
+ }
+
+ /* root or a descendant matches, but is full */
+ return pick;
+}
+
+static BusState *qbus_find(const char *path, Error **errp)
+{
+ DeviceState *dev;
+ BusState *bus;
+ char elem[128];
+ int pos, len;
+
+ /* find start element */
+ if (path[0] == '/') {
+ bus = sysbus_get_default();
+ pos = 0;
+ } else {
+ if (sscanf(path, "%127[^/]%n", elem, &len) != 1) {
+ assert(!path[0]);
+ elem[0] = len = 0;
+ }
+ bus = qbus_find_recursive(sysbus_get_default(), elem, NULL);
+ if (!bus) {
+ error_setg(errp, "Bus '%s' not found", elem);
+ return NULL;
+ }
+ pos = len;
+ }
+
+ for (;;) {
+ assert(path[pos] == '/' || !path[pos]);
+ while (path[pos] == '/') {
+ pos++;
+ }
+ if (path[pos] == '\0') {
+ break;
+ }
+
+ /* find device */
+ if (sscanf(path+pos, "%127[^/]%n", elem, &len) != 1) {
+ g_assert_not_reached();
+ elem[0] = len = 0;
+ }
+ pos += len;
+ dev = qbus_find_dev(bus, elem);
+ if (!dev) {
+ error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
+ "Device '%s' not found", elem);
+ qbus_error_append_dev_list_hint(bus, errp);
+ return NULL;
+ }
+
+ assert(path[pos] == '/' || !path[pos]);
+ while (path[pos] == '/') {
+ pos++;
+ }
+ if (path[pos] == '\0') {
+ /* last specified element is a device. If it has exactly
+ * one child bus accept it nevertheless */
+ if (dev->num_child_bus == 1) {
+ bus = QLIST_FIRST(&dev->child_bus);
+ break;
+ }
+ if (dev->num_child_bus) {
+ error_setg(errp, "Device '%s' has multiple child buses",
+ elem);
+ qbus_error_append_bus_list_hint(dev, errp);
+ } else {
+ error_setg(errp, "Device '%s' has no child bus", elem);
+ }
+ return NULL;
+ }
+
+ /* find bus */
+ if (sscanf(path+pos, "%127[^/]%n", elem, &len) != 1) {
+ g_assert_not_reached();
+ elem[0] = len = 0;
+ }
+ pos += len;
+ bus = qbus_find_bus(dev, elem);
+ if (!bus) {
+ error_setg(errp, "Bus '%s' not found", elem);
+ qbus_error_append_bus_list_hint(dev, errp);
+ return NULL;
+ }
+ }
+
+ if (qbus_is_full(bus)) {
+ error_setg(errp, "Bus '%s' is full", path);
+ return NULL;
+ }
+ return bus;
+}
+
+void qdev_set_id(DeviceState *dev, const char *id)
+{
+ if (id) {
+ dev->id = id;
+ }
+
+ if (dev->id) {
+ object_property_add_child(qdev_get_peripheral(), dev->id,
+ OBJECT(dev));
+ } else {
+ static int anon_count;
+ gchar *name = g_strdup_printf("device[%d]", anon_count++);
+ object_property_add_child(qdev_get_peripheral_anon(), name,
+ OBJECT(dev));
+ g_free(name);
+ }
+}
+
+static int is_failover_device(void *opaque, const char *name, const char *value,
+ Error **errp)
+{
+ if (strcmp(name, "failover_pair_id") == 0) {
+ QemuOpts *opts = (QemuOpts *)opaque;
+
+ if (qdev_should_hide_device(opts)) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+static bool should_hide_device(QemuOpts *opts)
+{
+ if (qemu_opt_foreach(opts, is_failover_device, opts, NULL) == 0) {
+ return false;
+ }
+ return true;
+}
+
+DeviceState *qdev_device_add(QemuOpts *opts, Error **errp)
+{
+ DeviceClass *dc;
+ const char *driver, *path;
+ DeviceState *dev = NULL;
+ BusState *bus = NULL;
+ bool hide;
+
+ driver = qemu_opt_get(opts, "driver");
+ if (!driver) {
+ error_setg(errp, QERR_MISSING_PARAMETER, "driver");
+ return NULL;
+ }
+
+ /* find driver */
+ dc = qdev_get_device_class(&driver, errp);
+ if (!dc) {
+ return NULL;
+ }
+
+ /* find bus */
+ path = qemu_opt_get(opts, "bus");
+ if (path != NULL) {
+ bus = qbus_find(path, errp);
+ if (!bus) {
+ return NULL;
+ }
+ if (!object_dynamic_cast(OBJECT(bus), dc->bus_type)) {
+ error_setg(errp, "Device '%s' can't go on %s bus",
+ driver, object_get_typename(OBJECT(bus)));
+ return NULL;
+ }
+ } else if (dc->bus_type != NULL) {
+ bus = qbus_find_recursive(sysbus_get_default(), NULL, dc->bus_type);
+ if (!bus || qbus_is_full(bus)) {
+ error_setg(errp, "No '%s' bus found for device '%s'",
+ dc->bus_type, driver);
+ return NULL;
+ }
+ }
+ hide = should_hide_device(opts);
+
+ if ((hide || qdev_hotplug) && bus && !qbus_is_hotpluggable(bus)) {
+ error_setg(errp, QERR_BUS_NO_HOTPLUG, bus->name);
+ return NULL;
+ }
+
+ if (hide) {
+ return NULL;
+ }
+
+ if (!migration_is_idle()) {
+ error_setg(errp, "device_add not allowed while migrating");
+ return NULL;
+ }
+
+ /* create device */
+ dev = qdev_new(driver);
+
+ /* Check whether the hotplug is allowed by the machine */
+ if (qdev_hotplug && !qdev_hotplug_allowed(dev, errp)) {
+ goto err_del_dev;
+ }
+
+ if (!bus && qdev_hotplug && !qdev_get_machine_hotplug_handler(dev)) {
+ /* No bus, no machine hotplug handler --> device is not hotpluggable */
+ error_setg(errp, "Device '%s' can not be hotplugged on this machine",
+ driver);
+ goto err_del_dev;
+ }
+
+ qdev_set_id(dev, qemu_opts_id(opts));
+
+ /* set properties */
+ if (qemu_opt_foreach(opts, set_property, dev, errp)) {
+ goto err_del_dev;
+ }
+
+ dev->opts = opts;
+ if (!qdev_realize(DEVICE(dev), bus, errp)) {
+ dev->opts = NULL;
+ goto err_del_dev;
+ }
+ return dev;
+
+err_del_dev:
+ if (dev) {
+ object_unparent(OBJECT(dev));
+ object_unref(OBJECT(dev));
+ }
+ return NULL;
+}
+
+
+#define qdev_printf(fmt, ...) monitor_printf(mon, "%*s" fmt, indent, "", ## __VA_ARGS__)
+static void qbus_print(Monitor *mon, BusState *bus, int indent);
+
+static void qdev_print_props(Monitor *mon, DeviceState *dev, Property *props,
+ int indent)
+{
+ if (!props)
+ return;
+ for (; props->name; props++) {
+ char *value;
+ char *legacy_name = g_strdup_printf("legacy-%s", props->name);
+
+ if (object_property_get_type(OBJECT(dev), legacy_name, NULL)) {
+ value = object_property_get_str(OBJECT(dev), legacy_name, NULL);
+ } else {
+ value = object_property_print(OBJECT(dev), props->name, true,
+ NULL);
+ }
+ g_free(legacy_name);
+
+ if (!value) {
+ continue;
+ }
+ qdev_printf("%s = %s\n", props->name,
+ *value ? value : "<null>");
+ g_free(value);
+ }
+}
+
+static void bus_print_dev(BusState *bus, Monitor *mon, DeviceState *dev, int indent)
+{
+ BusClass *bc = BUS_GET_CLASS(bus);
+
+ if (bc->print_dev) {
+ bc->print_dev(mon, dev, indent);
+ }
+}
+
+static void qdev_print(Monitor *mon, DeviceState *dev, int indent)
+{
+ ObjectClass *class;
+ BusState *child;
+ NamedGPIOList *ngl;
+ NamedClockList *ncl;
+
+ qdev_printf("dev: %s, id \"%s\"\n", object_get_typename(OBJECT(dev)),
+ dev->id ? dev->id : "");
+ indent += 2;
+ QLIST_FOREACH(ngl, &dev->gpios, node) {
+ if (ngl->num_in) {
+ qdev_printf("gpio-in \"%s\" %d\n", ngl->name ? ngl->name : "",
+ ngl->num_in);
+ }
+ if (ngl->num_out) {
+ qdev_printf("gpio-out \"%s\" %d\n", ngl->name ? ngl->name : "",
+ ngl->num_out);
+ }
+ }
+ QLIST_FOREACH(ncl, &dev->clocks, node) {
+ qdev_printf("clock-%s%s \"%s\" freq_hz=%e\n",
+ ncl->output ? "out" : "in",
+ ncl->alias ? " (alias)" : "",
+ ncl->name,
+ CLOCK_PERIOD_TO_HZ(1.0 * clock_get(ncl->clock)));
+ }
+ class = object_get_class(OBJECT(dev));
+ do {
+ qdev_print_props(mon, dev, DEVICE_CLASS(class)->props_, indent);
+ class = object_class_get_parent(class);
+ } while (class != object_class_by_name(TYPE_DEVICE));
+ bus_print_dev(dev->parent_bus, mon, dev, indent);
+ QLIST_FOREACH(child, &dev->child_bus, sibling) {
+ qbus_print(mon, child, indent);
+ }
+}
+
+static void qbus_print(Monitor *mon, BusState *bus, int indent)
+{
+ BusChild *kid;
+
+ qdev_printf("bus: %s\n", bus->name);
+ indent += 2;
+ qdev_printf("type %s\n", object_get_typename(OBJECT(bus)));
+ QTAILQ_FOREACH(kid, &bus->children, sibling) {
+ DeviceState *dev = kid->child;
+ qdev_print(mon, dev, indent);
+ }
+}
+#undef qdev_printf
+
+void hmp_info_qtree(Monitor *mon, const QDict *qdict)
+{
+ if (sysbus_get_default())
+ qbus_print(mon, sysbus_get_default(), 0);
+}
+
+void hmp_info_qdm(Monitor *mon, const QDict *qdict)
+{
+ qdev_print_devinfos(true);
+}
+
+void qmp_device_add(QDict *qdict, QObject **ret_data, Error **errp)
+{
+ QemuOpts *opts;
+ DeviceState *dev;
+
+ opts = qemu_opts_from_qdict(qemu_find_opts("device"), qdict, errp);
+ if (!opts) {
+ return;
+ }
+ if (!monitor_cur_is_qmp() && qdev_device_help(opts)) {
+ qemu_opts_del(opts);
+ return;
+ }
+ dev = qdev_device_add(opts, errp);
+
+ /*
+ * Drain all pending RCU callbacks. This is done because
+ * some bus related operations can delay a device removal
+ * (in this case this can happen if device is added and then
+ * removed due to a configuration error)
+ * to a RCU callback, but user might expect that this interface
+ * will finish its job completely once qmp command returns result
+ * to the user
+ */
+ drain_call_rcu();
+
+ if (!dev) {
+ qemu_opts_del(opts);
+ return;
+ }
+ object_unref(OBJECT(dev));
+}
+
+static DeviceState *find_device_state(const char *id, Error **errp)
+{
+ Object *obj;
+
+ if (id[0] == '/') {
+ obj = object_resolve_path(id, NULL);
+ } else {
+ char *root_path = object_get_canonical_path(qdev_get_peripheral());
+ char *path = g_strdup_printf("%s/%s", root_path, id);
+
+ g_free(root_path);
+ obj = object_resolve_path_type(path, TYPE_DEVICE, NULL);
+ g_free(path);
+ }
+
+ if (!obj) {
+ error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
+ "Device '%s' not found", id);
+ return NULL;
+ }
+
+ if (!object_dynamic_cast(obj, TYPE_DEVICE)) {
+ error_setg(errp, "%s is not a hotpluggable device", id);
+ return NULL;
+ }
+
+ return DEVICE(obj);
+}
+
+void qdev_unplug(DeviceState *dev, Error **errp)
+{
+ DeviceClass *dc = DEVICE_GET_CLASS(dev);
+ HotplugHandler *hotplug_ctrl;
+ HotplugHandlerClass *hdc;
+ Error *local_err = NULL;
+
+ if (dev->parent_bus && !qbus_is_hotpluggable(dev->parent_bus)) {
+ error_setg(errp, QERR_BUS_NO_HOTPLUG, dev->parent_bus->name);
+ return;
+ }
+
+ if (!dc->hotpluggable) {
+ error_setg(errp, QERR_DEVICE_NO_HOTPLUG,
+ object_get_typename(OBJECT(dev)));
+ return;
+ }
+
+ if (!migration_is_idle() && !dev->allow_unplug_during_migration) {
+ error_setg(errp, "device_del not allowed while migrating");
+ return;
+ }
+
+ qdev_hot_removed = true;
+
+ hotplug_ctrl = qdev_get_hotplug_handler(dev);
+ /* hotpluggable device MUST have HotplugHandler, if it doesn't
+ * then something is very wrong with it */
+ g_assert(hotplug_ctrl);
+
+ /* If device supports async unplug just request it to be done,
+ * otherwise just remove it synchronously */
+ hdc = HOTPLUG_HANDLER_GET_CLASS(hotplug_ctrl);
+ if (hdc->unplug_request) {
+ hotplug_handler_unplug_request(hotplug_ctrl, dev, &local_err);
+ } else {
+ hotplug_handler_unplug(hotplug_ctrl, dev, &local_err);
+ if (!local_err) {
+ object_unparent(OBJECT(dev));
+ }
+ }
+ error_propagate(errp, local_err);
+}
+
+void qmp_device_del(const char *id, Error **errp)
+{
+ DeviceState *dev = find_device_state(id, errp);
+ if (dev != NULL) {
+ if (dev->pending_deleted_event) {
+ error_setg(errp, "Device %s is already in the "
+ "process of unplug", id);
+ return;
+ }
+
+ qdev_unplug(dev, errp);
+ }
+}
+
+void hmp_device_add(Monitor *mon, const QDict *qdict)
+{
+ Error *err = NULL;
+
+ qmp_device_add((QDict *)qdict, NULL, &err);
+ hmp_handle_error(mon, err);
+}
+
+void hmp_device_del(Monitor *mon, const QDict *qdict)
+{
+ const char *id = qdict_get_str(qdict, "id");
+ Error *err = NULL;
+
+ qmp_device_del(id, &err);
+ hmp_handle_error(mon, err);
+}
+
+BlockBackend *blk_by_qdev_id(const char *id, Error **errp)
+{
+ DeviceState *dev;
+ BlockBackend *blk;
+
+ dev = find_device_state(id, errp);
+ if (dev == NULL) {
+ return NULL;
+ }
+
+ blk = blk_by_dev(dev);
+ if (!blk) {
+ error_setg(errp, "Device does not have a block device backend");
+ }
+ return blk;
+}
+
+void qdev_machine_init(void)
+{
+ qdev_get_peripheral_anon();
+ qdev_get_peripheral();
+}
+
+QemuOptsList qemu_device_opts = {
+ .name = "device",
+ .implied_opt_name = "driver",
+ .head = QTAILQ_HEAD_INITIALIZER(qemu_device_opts.head),
+ .desc = {
+ /*
+ * no elements => accept any
+ * sanity checking will happen later
+ * when setting device properties
+ */
+ { /* end of list */ }
+ },
+};
+
+QemuOptsList qemu_global_opts = {
+ .name = "global",
+ .head = QTAILQ_HEAD_INITIALIZER(qemu_global_opts.head),
+ .desc = {
+ {
+ .name = "driver",
+ .type = QEMU_OPT_STRING,
+ },{
+ .name = "property",
+ .type = QEMU_OPT_STRING,
+ },{
+ .name = "value",
+ .type = QEMU_OPT_STRING,
+ },
+ { /* end of list */ }
+ },
+};
+
+int qemu_global_option(const char *str)
+{
+ char driver[64], property[64];
+ QemuOpts *opts;
+ int rc, offset;
+
+ rc = sscanf(str, "%63[^.=].%63[^=]%n", driver, property, &offset);
+ if (rc == 2 && str[offset] == '=') {
+ opts = qemu_opts_create(&qemu_global_opts, NULL, 0, &error_abort);
+ qemu_opt_set(opts, "driver", driver, &error_abort);
+ qemu_opt_set(opts, "property", property, &error_abort);
+ qemu_opt_set(opts, "value", str + offset + 1, &error_abort);
+ return 0;
+ }
+
+ opts = qemu_opts_parse_noisily(&qemu_global_opts, str, false);
+ if (!opts) {
+ return -1;
+ }
+
+ return 0;
+}
--- /dev/null
+/*
+ * QEMU seccomp mode 2 support with libseccomp
+ *
+ * Copyright IBM, Corp. 2012
+ *
+ * Authors:
+ * Eduardo Otubo <eotubo@br.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu/config-file.h"
+#include "qemu/option.h"
+#include "qemu/module.h"
+#include <sys/prctl.h>
+#include <seccomp.h>
+#include "sysemu/seccomp.h"
+#include <linux/seccomp.h>
+
+/* For some architectures (notably ARM) cacheflush is not supported until
+ * libseccomp 2.2.3, but configure enforces that we are using a more recent
+ * version on those hosts, so it is OK for this check to be less strict.
+ */
+#if SCMP_VER_MAJOR >= 3
+ #define HAVE_CACHEFLUSH
+#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 2
+ #define HAVE_CACHEFLUSH
+#endif
+
+struct QemuSeccompSyscall {
+ int32_t num;
+ uint8_t set;
+ uint8_t narg;
+ const struct scmp_arg_cmp *arg_cmp;
+};
+
+const struct scmp_arg_cmp sched_setscheduler_arg[] = {
+ /* was SCMP_A1(SCMP_CMP_NE, SCHED_IDLE), but expanded due to GCC 4.x bug */
+ { .arg = 1, .op = SCMP_CMP_NE, .datum_a = SCHED_IDLE }
+};
+
+static const struct QemuSeccompSyscall blacklist[] = {
+ /* default set of syscalls to blacklist */
+ { SCMP_SYS(reboot), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(swapon), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(swapoff), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(syslog), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(mount), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(umount), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(kexec_load), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(afs_syscall), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(break), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(ftime), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(getpmsg), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(gtty), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(lock), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(mpx), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(prof), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(profil), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(putpmsg), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(security), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(stty), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(tuxcall), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(ulimit), QEMU_SECCOMP_SET_DEFAULT },
+ { SCMP_SYS(vserver), QEMU_SECCOMP_SET_DEFAULT },
+ /* obsolete */
+ { SCMP_SYS(readdir), QEMU_SECCOMP_SET_OBSOLETE },
+ { SCMP_SYS(_sysctl), QEMU_SECCOMP_SET_OBSOLETE },
+ { SCMP_SYS(bdflush), QEMU_SECCOMP_SET_OBSOLETE },
+ { SCMP_SYS(create_module), QEMU_SECCOMP_SET_OBSOLETE },
+ { SCMP_SYS(get_kernel_syms), QEMU_SECCOMP_SET_OBSOLETE },
+ { SCMP_SYS(query_module), QEMU_SECCOMP_SET_OBSOLETE },
+ { SCMP_SYS(sgetmask), QEMU_SECCOMP_SET_OBSOLETE },
+ { SCMP_SYS(ssetmask), QEMU_SECCOMP_SET_OBSOLETE },
+ { SCMP_SYS(sysfs), QEMU_SECCOMP_SET_OBSOLETE },
+ { SCMP_SYS(uselib), QEMU_SECCOMP_SET_OBSOLETE },
+ { SCMP_SYS(ustat), QEMU_SECCOMP_SET_OBSOLETE },
+ /* privileged */
+ { SCMP_SYS(setuid), QEMU_SECCOMP_SET_PRIVILEGED },
+ { SCMP_SYS(setgid), QEMU_SECCOMP_SET_PRIVILEGED },
+ { SCMP_SYS(setpgid), QEMU_SECCOMP_SET_PRIVILEGED },
+ { SCMP_SYS(setsid), QEMU_SECCOMP_SET_PRIVILEGED },
+ { SCMP_SYS(setreuid), QEMU_SECCOMP_SET_PRIVILEGED },
+ { SCMP_SYS(setregid), QEMU_SECCOMP_SET_PRIVILEGED },
+ { SCMP_SYS(setresuid), QEMU_SECCOMP_SET_PRIVILEGED },
+ { SCMP_SYS(setresgid), QEMU_SECCOMP_SET_PRIVILEGED },
+ { SCMP_SYS(setfsuid), QEMU_SECCOMP_SET_PRIVILEGED },
+ { SCMP_SYS(setfsgid), QEMU_SECCOMP_SET_PRIVILEGED },
+ /* spawn */
+ { SCMP_SYS(fork), QEMU_SECCOMP_SET_SPAWN },
+ { SCMP_SYS(vfork), QEMU_SECCOMP_SET_SPAWN },
+ { SCMP_SYS(execve), QEMU_SECCOMP_SET_SPAWN },
+ /* resource control */
+ { SCMP_SYS(getpriority), QEMU_SECCOMP_SET_RESOURCECTL },
+ { SCMP_SYS(setpriority), QEMU_SECCOMP_SET_RESOURCECTL },
+ { SCMP_SYS(sched_setparam), QEMU_SECCOMP_SET_RESOURCECTL },
+ { SCMP_SYS(sched_getparam), QEMU_SECCOMP_SET_RESOURCECTL },
+ { SCMP_SYS(sched_setscheduler), QEMU_SECCOMP_SET_RESOURCECTL,
+ ARRAY_SIZE(sched_setscheduler_arg), sched_setscheduler_arg },
+ { SCMP_SYS(sched_getscheduler), QEMU_SECCOMP_SET_RESOURCECTL },
+ { SCMP_SYS(sched_setaffinity), QEMU_SECCOMP_SET_RESOURCECTL },
+ { SCMP_SYS(sched_getaffinity), QEMU_SECCOMP_SET_RESOURCECTL },
+ { SCMP_SYS(sched_get_priority_max), QEMU_SECCOMP_SET_RESOURCECTL },
+ { SCMP_SYS(sched_get_priority_min), QEMU_SECCOMP_SET_RESOURCECTL },
+};
+
+static inline __attribute__((unused)) int
+qemu_seccomp(unsigned int operation, unsigned int flags, void *args)
+{
+#ifdef __NR_seccomp
+ return syscall(__NR_seccomp, operation, flags, args);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+static uint32_t qemu_seccomp_get_action(int set)
+{
+ switch (set) {
+ case QEMU_SECCOMP_SET_DEFAULT:
+ case QEMU_SECCOMP_SET_OBSOLETE:
+ case QEMU_SECCOMP_SET_PRIVILEGED:
+ case QEMU_SECCOMP_SET_SPAWN: {
+#if defined(SECCOMP_GET_ACTION_AVAIL) && defined(SCMP_ACT_KILL_PROCESS) && \
+ defined(SECCOMP_RET_KILL_PROCESS)
+ static int kill_process = -1;
+ if (kill_process == -1) {
+ uint32_t action = SECCOMP_RET_KILL_PROCESS;
+
+ if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) {
+ kill_process = 1;
+ } else {
+ kill_process = 0;
+ }
+ }
+ if (kill_process == 1) {
+ return SCMP_ACT_KILL_PROCESS;
+ }
+#endif
+ return SCMP_ACT_TRAP;
+ }
+
+ case QEMU_SECCOMP_SET_RESOURCECTL:
+ return SCMP_ACT_ERRNO(EPERM);
+
+ default:
+ g_assert_not_reached();
+ }
+}
+
+
+static int seccomp_start(uint32_t seccomp_opts, Error **errp)
+{
+ int rc = -1;
+ unsigned int i = 0;
+ scmp_filter_ctx ctx;
+
+ ctx = seccomp_init(SCMP_ACT_ALLOW);
+ if (ctx == NULL) {
+ error_setg(errp, "failed to initialize seccomp context");
+ goto seccomp_return;
+ }
+
+ rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1);
+ if (rc != 0) {
+ error_setg_errno(errp, -rc,
+ "failed to set seccomp thread synchronization");
+ goto seccomp_return;
+ }
+
+ for (i = 0; i < ARRAY_SIZE(blacklist); i++) {
+ uint32_t action;
+ if (!(seccomp_opts & blacklist[i].set)) {
+ continue;
+ }
+
+ action = qemu_seccomp_get_action(blacklist[i].set);
+ rc = seccomp_rule_add_array(ctx, action, blacklist[i].num,
+ blacklist[i].narg, blacklist[i].arg_cmp);
+ if (rc < 0) {
+ error_setg_errno(errp, -rc,
+ "failed to add seccomp blacklist rules");
+ goto seccomp_return;
+ }
+ }
+
+ rc = seccomp_load(ctx);
+ if (rc < 0) {
+ error_setg_errno(errp, -rc,
+ "failed to load seccomp syscall filter in kernel");
+ }
+
+ seccomp_return:
+ seccomp_release(ctx);
+ return rc < 0 ? -1 : 0;
+}
+
+#ifdef CONFIG_SECCOMP
+int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp)
+{
+ if (qemu_opt_get_bool(opts, "enable", false)) {
+ uint32_t seccomp_opts = QEMU_SECCOMP_SET_DEFAULT
+ | QEMU_SECCOMP_SET_OBSOLETE;
+ const char *value = NULL;
+
+ value = qemu_opt_get(opts, "obsolete");
+ if (value) {
+ if (g_str_equal(value, "allow")) {
+ seccomp_opts &= ~QEMU_SECCOMP_SET_OBSOLETE;
+ } else if (g_str_equal(value, "deny")) {
+ /* this is the default option, this if is here
+ * to provide a little bit of consistency for
+ * the command line */
+ } else {
+ error_setg(errp, "invalid argument for obsolete");
+ return -1;
+ }
+ }
+
+ value = qemu_opt_get(opts, "elevateprivileges");
+ if (value) {
+ if (g_str_equal(value, "deny")) {
+ seccomp_opts |= QEMU_SECCOMP_SET_PRIVILEGED;
+ } else if (g_str_equal(value, "children")) {
+ seccomp_opts |= QEMU_SECCOMP_SET_PRIVILEGED;
+
+ /* calling prctl directly because we're
+ * not sure if host has CAP_SYS_ADMIN set*/
+ if (prctl(PR_SET_NO_NEW_PRIVS, 1)) {
+ error_setg(errp, "failed to set no_new_privs aborting");
+ return -1;
+ }
+ } else if (g_str_equal(value, "allow")) {
+ /* default value */
+ } else {
+ error_setg(errp, "invalid argument for elevateprivileges");
+ return -1;
+ }
+ }
+
+ value = qemu_opt_get(opts, "spawn");
+ if (value) {
+ if (g_str_equal(value, "deny")) {
+ seccomp_opts |= QEMU_SECCOMP_SET_SPAWN;
+ } else if (g_str_equal(value, "allow")) {
+ /* default value */
+ } else {
+ error_setg(errp, "invalid argument for spawn");
+ return -1;
+ }
+ }
+
+ value = qemu_opt_get(opts, "resourcecontrol");
+ if (value) {
+ if (g_str_equal(value, "deny")) {
+ seccomp_opts |= QEMU_SECCOMP_SET_RESOURCECTL;
+ } else if (g_str_equal(value, "allow")) {
+ /* default value */
+ } else {
+ error_setg(errp, "invalid argument for resourcecontrol");
+ return -1;
+ }
+ }
+
+ if (seccomp_start(seccomp_opts, errp) < 0) {
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+static QemuOptsList qemu_sandbox_opts = {
+ .name = "sandbox",
+ .implied_opt_name = "enable",
+ .head = QTAILQ_HEAD_INITIALIZER(qemu_sandbox_opts.head),
+ .desc = {
+ {
+ .name = "enable",
+ .type = QEMU_OPT_BOOL,
+ },
+ {
+ .name = "obsolete",
+ .type = QEMU_OPT_STRING,
+ },
+ {
+ .name = "elevateprivileges",
+ .type = QEMU_OPT_STRING,
+ },
+ {
+ .name = "spawn",
+ .type = QEMU_OPT_STRING,
+ },
+ {
+ .name = "resourcecontrol",
+ .type = QEMU_OPT_STRING,
+ },
+ { /* end of list */ }
+ },
+};
+
+static void seccomp_register(void)
+{
+ bool add = false;
+
+ /* FIXME: use seccomp_api_get() >= 2 check when released */
+
+#if defined(SECCOMP_FILTER_FLAG_TSYNC)
+ int check;
+
+ /* check host TSYNC capability, it returns errno == ENOSYS if unavailable */
+ check = qemu_seccomp(SECCOMP_SET_MODE_FILTER,
+ SECCOMP_FILTER_FLAG_TSYNC, NULL);
+ if (check < 0 && errno == EFAULT) {
+ add = true;
+ }
+#endif
+
+ if (add) {
+ qemu_add_opts(&qemu_sandbox_opts);
+ }
+}
+opts_init(seccomp_register);
+#endif
#define FMT_timeval "%ld.%06ld"
/**
- * QTest Protocol
+ * DOC: QTest Protocol
*
* Line based protocol, request/response based. Server can send async messages
* so clients should always handle many async messages before the response
* comes in.
*
* Valid requests
+ * ^^^^^^^^^^^^^^
*
* Clock management:
+ * """""""""""""""""
*
* The qtest client is completely in charge of the QEMU_CLOCK_VIRTUAL. qtest commands
* let you adjust the value of the clock (monotonically). All the commands
* return the current value of the clock in nanoseconds.
*
+ * .. code-block:: none
+ *
* > clock_step
* < OK VALUE
*
- * Advance the clock to the next deadline. Useful when waiting for
- * asynchronous events.
+ * Advance the clock to the next deadline. Useful when waiting for
+ * asynchronous events.
+ *
+ * .. code-block:: none
*
* > clock_step NS
* < OK VALUE
*
- * Advance the clock by NS nanoseconds.
+ * Advance the clock by NS nanoseconds.
+ *
+ * .. code-block:: none
*
* > clock_set NS
* < OK VALUE
*
- * Advance the clock to NS nanoseconds (do nothing if it's already past).
+ * Advance the clock to NS nanoseconds (do nothing if it's already past).
*
* PIO and memory access:
+ * """"""""""""""""""""""
+ *
+ * .. code-block:: none
*
* > outb ADDR VALUE
* < OK
*
+ * .. code-block:: none
+ *
* > outw ADDR VALUE
* < OK
*
+ * .. code-block:: none
+ *
* > outl ADDR VALUE
* < OK
*
+ * .. code-block:: none
+ *
* > inb ADDR
* < OK VALUE
*
+ * .. code-block:: none
+ *
* > inw ADDR
* < OK VALUE
*
+ * .. code-block:: none
+ *
* > inl ADDR
* < OK VALUE
*
+ * .. code-block:: none
+ *
* > writeb ADDR VALUE
* < OK
*
+ * .. code-block:: none
+ *
* > writew ADDR VALUE
* < OK
*
+ * .. code-block:: none
+ *
* > writel ADDR VALUE
* < OK
*
+ * .. code-block:: none
+ *
* > writeq ADDR VALUE
* < OK
*
+ * .. code-block:: none
+ *
* > readb ADDR
* < OK VALUE
*
+ * .. code-block:: none
+ *
* > readw ADDR
* < OK VALUE
*
+ * .. code-block:: none
+ *
* > readl ADDR
* < OK VALUE
*
+ * .. code-block:: none
+ *
* > readq ADDR
* < OK VALUE
*
+ * .. code-block:: none
+ *
* > read ADDR SIZE
* < OK DATA
*
+ * .. code-block:: none
+ *
* > write ADDR SIZE DATA
* < OK
*
+ * .. code-block:: none
+ *
* > b64read ADDR SIZE
* < OK B64_DATA
*
+ * .. code-block:: none
+ *
* > b64write ADDR SIZE B64_DATA
* < OK
*
+ * .. code-block:: none
+ *
* > memset ADDR SIZE VALUE
* < OK
*
* If the sizes do not match, the data will be truncated.
*
* IRQ management:
+ * """""""""""""""
+ *
+ * .. code-block:: none
*
* > irq_intercept_in QOM-PATH
* < OK
*
+ * .. code-block:: none
+ *
* > irq_intercept_out QOM-PATH
* < OK
*
* Attach to the gpio-in (resp. gpio-out) pins exported by the device at
* QOM-PATH. When the pin is triggered, one of the following async messages
- * will be printed to the qtest stream:
+ * will be printed to the qtest stream::
*
* IRQ raise NUM
* IRQ lower NUM
* NUM=0 even though it is remapped to GSI 2).
*
* Setting interrupt level:
+ * """"""""""""""""""""""""
+ *
+ * .. code-block:: none
*
* > set_irq_in QOM-PATH NAME NUM LEVEL
* < OK
*
- * where NAME is the name of the irq/gpio list, NUM is an IRQ number and
- * LEVEL is an signed integer IRQ level.
+ * where NAME is the name of the irq/gpio list, NUM is an IRQ number and
+ * LEVEL is an signed integer IRQ level.
*
* Forcibly set the given interrupt pin to the given level.
*
--- /dev/null
+/*
+ * TPM configuration
+ *
+ * Copyright (C) 2011-2013 IBM Corporation
+ *
+ * Authors:
+ * Stefan Berger <stefanb@us.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * Based on net.c
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+#include "qapi/qapi-commands-tpm.h"
+#include "qapi/qmp/qerror.h"
+#include "sysemu/tpm_backend.h"
+#include "sysemu/tpm.h"
+#include "qemu/config-file.h"
+#include "qemu/error-report.h"
+
+static QLIST_HEAD(, TPMBackend) tpm_backends =
+ QLIST_HEAD_INITIALIZER(tpm_backends);
+
+static const TPMBackendClass *
+tpm_be_find_by_type(enum TpmType type)
+{
+ ObjectClass *oc;
+ char *typename = g_strdup_printf("tpm-%s", TpmType_str(type));
+
+ oc = object_class_by_name(typename);
+ g_free(typename);
+
+ if (!object_class_dynamic_cast(oc, TYPE_TPM_BACKEND)) {
+ return NULL;
+ }
+
+ return TPM_BACKEND_CLASS(oc);
+}
+
+/*
+ * Walk the list of available TPM backend drivers and display them on the
+ * screen.
+ */
+static void tpm_display_backend_drivers(void)
+{
+ bool got_one = false;
+ int i;
+
+ for (i = 0; i < TPM_TYPE__MAX; i++) {
+ const TPMBackendClass *bc = tpm_be_find_by_type(i);
+ if (!bc) {
+ continue;
+ }
+ if (!got_one) {
+ error_printf("Supported TPM types (choose only one):\n");
+ got_one = true;
+ }
+ error_printf("%12s %s\n", TpmType_str(i), bc->desc);
+ }
+ if (!got_one) {
+ error_printf("No TPM backend types are available\n");
+ }
+}
+
+/*
+ * Find the TPM with the given Id
+ */
+TPMBackend *qemu_find_tpm_be(const char *id)
+{
+ TPMBackend *drv;
+
+ if (id) {
+ QLIST_FOREACH(drv, &tpm_backends, list) {
+ if (!strcmp(drv->id, id)) {
+ return drv;
+ }
+ }
+ }
+
+ return NULL;
+}
+
+static int tpm_init_tpmdev(void *dummy, QemuOpts *opts, Error **errp)
+{
+ /*
+ * Use of error_report() in a function with an Error ** parameter
+ * is suspicious. It is okay here. The parameter only exists to
+ * make the function usable with qemu_opts_foreach(). It is not
+ * actually used.
+ */
+ const char *value;
+ const char *id;
+ const TPMBackendClass *be;
+ TPMBackend *drv;
+ Error *local_err = NULL;
+ int i;
+
+ if (!QLIST_EMPTY(&tpm_backends)) {
+ error_report("Only one TPM is allowed.");
+ return 1;
+ }
+
+ id = qemu_opts_id(opts);
+ if (id == NULL) {
+ error_report(QERR_MISSING_PARAMETER, "id");
+ return 1;
+ }
+
+ value = qemu_opt_get(opts, "type");
+ if (!value) {
+ error_report(QERR_MISSING_PARAMETER, "type");
+ tpm_display_backend_drivers();
+ return 1;
+ }
+
+ i = qapi_enum_parse(&TpmType_lookup, value, -1, NULL);
+ be = i >= 0 ? tpm_be_find_by_type(i) : NULL;
+ if (be == NULL) {
+ error_report(QERR_INVALID_PARAMETER_VALUE,
+ "type", "a TPM backend type");
+ tpm_display_backend_drivers();
+ return 1;
+ }
+
+ /* validate backend specific opts */
+ if (!qemu_opts_validate(opts, be->opts, &local_err)) {
+ error_report_err(local_err);
+ return 1;
+ }
+
+ drv = be->create(opts);
+ if (!drv) {
+ return 1;
+ }
+
+ drv->id = g_strdup(id);
+ QLIST_INSERT_HEAD(&tpm_backends, drv, list);
+
+ return 0;
+}
+
+/*
+ * Walk the list of TPM backend drivers that are in use and call their
+ * destroy function to have them cleaned up.
+ */
+void tpm_cleanup(void)
+{
+ TPMBackend *drv, *next;
+
+ QLIST_FOREACH_SAFE(drv, &tpm_backends, list, next) {
+ QLIST_REMOVE(drv, list);
+ object_unref(OBJECT(drv));
+ }
+}
+
+/*
+ * Initialize the TPM. Process the tpmdev command line options describing the
+ * TPM backend.
+ */
+int tpm_init(void)
+{
+ if (qemu_opts_foreach(qemu_find_opts("tpmdev"),
+ tpm_init_tpmdev, NULL, NULL)) {
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ * Parse the TPM configuration options.
+ * To display all available TPM backends the user may use '-tpmdev help'
+ */
+int tpm_config_parse(QemuOptsList *opts_list, const char *optarg)
+{
+ QemuOpts *opts;
+
+ if (!strcmp(optarg, "help")) {
+ tpm_display_backend_drivers();
+ return -1;
+ }
+ opts = qemu_opts_parse_noisily(opts_list, optarg, true);
+ if (!opts) {
+ return -1;
+ }
+ return 0;
+}
+
+/*
+ * Walk the list of active TPM backends and collect information about them.
+ */
+TPMInfoList *qmp_query_tpm(Error **errp)
+{
+ TPMBackend *drv;
+ TPMInfoList *info, *head = NULL, *cur_item = NULL;
+
+ QLIST_FOREACH(drv, &tpm_backends, list) {
+ if (!drv->tpmif) {
+ continue;
+ }
+
+ info = g_new0(TPMInfoList, 1);
+ info->value = tpm_backend_query_tpm(drv);
+
+ if (!cur_item) {
+ head = cur_item = info;
+ } else {
+ cur_item->next = info;
+ cur_item = info;
+ }
+ }
+
+ return head;
+}
+
+TpmTypeList *qmp_query_tpm_types(Error **errp)
+{
+ unsigned int i = 0;
+ TpmTypeList *head = NULL, *prev = NULL, *cur_item;
+
+ for (i = 0; i < TPM_TYPE__MAX; i++) {
+ if (!tpm_be_find_by_type(i)) {
+ continue;
+ }
+ cur_item = g_new0(TpmTypeList, 1);
+ cur_item->value = i;
+
+ if (prev) {
+ prev->next = cur_item;
+ }
+ if (!head) {
+ head = cur_item;
+ }
+ prev = cur_item;
+ }
+
+ return head;
+}
+TpmModelList *qmp_query_tpm_models(Error **errp)
+{
+ TpmModelList *head = NULL, *prev = NULL, *cur_item;
+ GSList *e, *l = object_class_get_list(TYPE_TPM_IF, false);
+
+ for (e = l; e; e = e->next) {
+ TPMIfClass *c = TPM_IF_CLASS(e->data);
+
+ cur_item = g_new0(TpmModelList, 1);
+ cur_item->value = c->model;
+
+ if (prev) {
+ prev->next = cur_item;
+ }
+ if (!head) {
+ head = cur_item;
+ }
+ prev = cur_item;
+ }
+ g_slist_free(l);
+
+ return head;
+}
uint8_t *boot_splash_filedata;
int only_migratable; /* turn it off unless user states otherwise */
bool wakeup_suspend_enabled;
-
int icount_align_option;
+static const char *qtest_chrdev;
+static const char *qtest_log;
/* The bytes in qemu_uuid are in the order specified by RFC4122, _not_ in the
* little-endian "wire format" described in the SMBIOS 2.6 specification.
AccelClass *ac = accel_find(acc);
AccelState *accel;
int ret;
+ bool qtest_with_kvm;
+
+ qtest_with_kvm = g_str_equal(acc, "kvm") && qtest_chrdev != NULL;
if (!ac) {
*p_init_failed = true;
- error_report("invalid accelerator %s", acc);
+ if (!qtest_with_kvm) {
+ error_report("invalid accelerator %s", acc);
+ }
return 0;
}
accel = ACCEL(object_new_with_class(OBJECT_CLASS(ac)));
ret = accel_init_machine(accel, current_machine);
if (ret < 0) {
*p_init_failed = true;
- error_report("failed to initialize %s: %s",
- acc, strerror(-ret));
+ if (!qtest_with_kvm || ret != -ENOENT) {
+ error_report("failed to initialize %s: %s", acc, strerror(-ret));
+ }
return 0;
}
exit(1);
}
- if (init_failed) {
+ if (init_failed && !qtest_chrdev) {
AccelClass *ac = ACCEL_GET_CLASS(current_accel());
error_report("falling back to %s", ac->name);
}
MachineClass *machine_class;
const char *cpu_option;
const char *vga_model = NULL;
- const char *qtest_chrdev = NULL;
- const char *qtest_log = NULL;
const char *incoming = NULL;
bool userconfig = true;
bool nographic = false;
+++ /dev/null
-atomic_add-bench
-benchmark-crypto-cipher
-benchmark-crypto-hash
-benchmark-crypto-hmac
-check-*
-!check-*.c
-!check-*.sh
-fp/*.out
-qht-bench
-rcutorture
-test-*
-!test-*.c
-!test-*.py
-!docker/test-*
-test-qapi-commands.[ch]
-test-qapi-init-commands.[ch]
-include/test-qapi-commands-sub-module.[ch]
-test-qapi-commands-sub-sub-module.[ch]
-test-qapi-emit-events.[ch]
-test-qapi-events.[ch]
-include/test-qapi-events-sub-module.[ch]
-test-qapi-events-sub-sub-module.[ch]
-test-qapi-types.[ch]
-include/test-qapi-types-sub-module.[ch]
-test-qapi-types-sub-sub-module.[ch]
-test-qapi-visit.[ch]
-include/test-qapi-visit-sub-module.[ch]
-test-qapi-visit-sub-sub-module.[ch]
-test-qapi-introspect.[ch]
-*-test
-qapi-schema/*.test.*
-vm/*.img
+++ /dev/null
-fp-test
-fp-bench
+++ /dev/null
-initrd-stress.img
-stress
+++ /dev/null
-*.bin
-*.elf
-test.out
+++ /dev/null
-check.log
-check.time*
-common.env
-*.out.bad
-*.notrun
-socket_scm_helper
-
-# ignore everything in the scratch directory
-scratch/
+++ /dev/null
-#!/usr/bin/env bash
-#
-# Test automatic deletion of BDSes created by -drive/drive_add
-#
-# Copyright (C) 2013 Red Hat, Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-# creator
-owner=kwolf@redhat.com
-
-seq=`basename $0`
-echo "QA output created by $seq"
-
-status=1 # failure is the default!
-
-# get standard environment, filters and checks
-. ./common.rc
-. ./common.filter
-
-_supported_fmt qcow2
-_supported_proto file
-# Because anything other than 16 would change the output of query-block,
-# and external data files would change the output of
-# query-named-block-nodes
-_unsupported_imgopts 'refcount_bits=\([^1]\|.\([^6]\|$\)\)' data_file
-
-do_run_qemu()
-{
- echo Testing: "$@"
- $QEMU -nographic -qmp-pretty stdio -serial none "$@"
- echo
-}
-
-# Remove QMP events from (pretty-printed) output. Doesn't handle
-# nested dicts correctly, but we don't get any of those in this test.
-_filter_qmp_events()
-{
- tr '\n' '\t' | sed -e \
- 's/{\s*"timestamp":\s*{[^}]*},\s*"event":[^,}]*\(,\s*"data":\s*{[^}]*}\)\?\s*}\s*//g' \
- | tr '\t' '\n'
-}
-
-run_qemu()
-{
- do_run_qemu "$@" 2>&1 | _filter_testdir | _filter_qmp | _filter_qemu \
- | _filter_actual_image_size \
- | _filter_generated_node_ids | _filter_qmp_events \
- | _filter_img_info
-}
-
-size=128M
-
-_make_test_img $size
-
-echo
-echo === -drive/-device and device_del ===
-echo
-
-run_qemu -drive file=$TEST_IMG,format=$IMGFMT,if=none,id=disk -device virtio-blk,drive=disk,id=virtio0 <<EOF
-{ "execute": "qmp_capabilities" }
-{ "execute": "query-block" }
-{ "execute": "device_del", "arguments": { "id": "virtio0" } }
-{ "execute": "system_reset" }
-{ "execute": "query-block" }
-{ "execute": "quit" }
-EOF
-
-echo
-echo === -drive/device_add and device_del ===
-echo
-
-run_qemu -drive file=$TEST_IMG,format=$IMGFMT,if=none,id=disk <<EOF
-{ "execute": "qmp_capabilities" }
-{ "execute": "query-block" }
-{ "execute": "device_add",
- "arguments": { "driver": "virtio-blk", "drive": "disk",
- "id": "virtio0" } }
-{ "execute": "device_del", "arguments": { "id": "virtio0" } }
-{ "execute": "system_reset" }
-{ "execute": "query-block" }
-{ "execute": "quit" }
-EOF
-
-echo
-echo === drive_add/device_add and device_del ===
-echo
-
-run_qemu <<EOF
-{ "execute": "qmp_capabilities" }
-{ "execute": "human-monitor-command",
- "arguments": { "command-line": "drive_add 0 file=$TEST_IMG,format=$IMGFMT,if=none,id=disk" } }
-{ "execute": "query-block" }
-{ "execute": "device_add",
- "arguments": { "driver": "virtio-blk", "drive": "disk",
- "id": "virtio0" } }
-{ "execute": "device_del", "arguments": { "id": "virtio0" } }
-{ "execute": "system_reset" }
-{ "execute": "query-block" }
-{ "execute": "quit" }
-EOF
-
-echo
-echo === blockdev_add/device_add and device_del ===
-echo
-
-run_qemu <<EOF
-{ "execute": "qmp_capabilities" }
-{ "execute": "blockdev-add",
- "arguments": {
- "driver": "$IMGFMT",
- "node-name": "disk",
- "file": {
- "driver": "file",
- "filename": "$TEST_IMG"
- }
- }
- }
-{ "execute": "query-named-block-nodes" }
-{ "execute": "device_add",
- "arguments": { "driver": "virtio-blk", "drive": "disk",
- "id": "virtio0" } }
-{ "execute": "device_del", "arguments": { "id": "virtio0" } }
-{ "execute": "system_reset" }
-{ "execute": "query-named-block-nodes" }
-{ "execute": "quit" }
-EOF
-
-echo
-echo === Empty drive with -device and device_del ===
-echo
-
-run_qemu -device virtio-scsi -device scsi-cd,id=cd0 <<EOF
-{ "execute": "qmp_capabilities" }
-{ "execute": "query-block" }
-{ "execute": "device_del", "arguments": { "id": "cd0" } }
-{ "execute": "system_reset" }
-{ "execute": "query-block" }
-{ "execute": "quit" }
-EOF
-
-# success, all done
-echo "*** done"
-rm -f $seq.full
-status=0
+++ /dev/null
-QA output created by 067
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728
-
-=== -drive/-device and device_del ===
-
-Testing: -drive file=TEST_DIR/t.IMGFMT,format=IMGFMT,if=none,id=disk -device virtio-blk,drive=disk,id=virtio0
-{
- QMP_VERSION
-}
-{
- "return": {
- }
-}
-{
- "return": [
- {
- "io-status": "ok",
- "device": "disk",
- "locked": false,
- "removable": false,
- "inserted": {
- "iops_rd": 0,
- "detect_zeroes": "off",
- "image": {
- "virtual-size": 134217728,
- "filename": "TEST_DIR/t.IMGFMT",
- "cluster-size": 65536,
- "format": "IMGFMT",
- "actual-size": SIZE,
- "dirty-flag": false
- },
- "iops_wr": 0,
- "ro": false,
- "node-name": "NODE_NAME",
- "backing_file_depth": 0,
- "drv": "IMGFMT",
- "iops": 0,
- "bps_wr": 0,
- "write_threshold": 0,
- "encrypted": false,
- "bps": 0,
- "bps_rd": 0,
- "cache": {
- "no-flush": false,
- "direct": false,
- "writeback": true
- },
- "file": "TEST_DIR/t.IMGFMT",
- "encryption_key_missing": false
- },
- "qdev": "/machine/peripheral/virtio0/virtio-backend",
- "type": "unknown"
- }
- ]
-}
-{
- "return": {
- }
-}
-{
- "return": {
- }
-}
-{
- "return": [
- ]
-}
-{
- "return": {
- }
-}
-
-=== -drive/device_add and device_del ===
-
-Testing: -drive file=TEST_DIR/t.IMGFMT,format=IMGFMT,if=none,id=disk
-{
- QMP_VERSION
-}
-{
- "return": {
- }
-}
-{
- "return": [
- {
- "device": "disk",
- "locked": false,
- "removable": true,
- "inserted": {
- "iops_rd": 0,
- "detect_zeroes": "off",
- "image": {
- "virtual-size": 134217728,
- "filename": "TEST_DIR/t.IMGFMT",
- "cluster-size": 65536,
- "format": "IMGFMT",
- "actual-size": SIZE,
- "dirty-flag": false
- },
- "iops_wr": 0,
- "ro": false,
- "node-name": "NODE_NAME",
- "backing_file_depth": 0,
- "drv": "IMGFMT",
- "iops": 0,
- "bps_wr": 0,
- "write_threshold": 0,
- "encrypted": false,
- "bps": 0,
- "bps_rd": 0,
- "cache": {
- "no-flush": false,
- "direct": false,
- "writeback": true
- },
- "file": "TEST_DIR/t.IMGFMT",
- "encryption_key_missing": false
- },
- "type": "unknown"
- }
- ]
-}
-{
- "return": {
- }
-}
-{
- "return": {
- }
-}
-{
- "return": {
- }
-}
-{
- "return": [
- ]
-}
-{
- "return": {
- }
-}
-
-=== drive_add/device_add and device_del ===
-
-Testing:
-{
- QMP_VERSION
-}
-{
- "return": {
- }
-}
-{
- "return": "OK\r\n"
-}
-{
- "return": [
- {
- "device": "disk",
- "locked": false,
- "removable": true,
- "inserted": {
- "iops_rd": 0,
- "detect_zeroes": "off",
- "image": {
- "virtual-size": 134217728,
- "filename": "TEST_DIR/t.IMGFMT",
- "cluster-size": 65536,
- "format": "IMGFMT",
- "actual-size": SIZE,
- "dirty-flag": false
- },
- "iops_wr": 0,
- "ro": false,
- "node-name": "NODE_NAME",
- "backing_file_depth": 0,
- "drv": "IMGFMT",
- "iops": 0,
- "bps_wr": 0,
- "write_threshold": 0,
- "encrypted": false,
- "bps": 0,
- "bps_rd": 0,
- "cache": {
- "no-flush": false,
- "direct": false,
- "writeback": true
- },
- "file": "TEST_DIR/t.IMGFMT",
- "encryption_key_missing": false
- },
- "type": "unknown"
- }
- ]
-}
-{
- "return": {
- }
-}
-{
- "return": {
- }
-}
-{
- "return": {
- }
-}
-{
- "return": [
- ]
-}
-{
- "return": {
- }
-}
-
-=== blockdev_add/device_add and device_del ===
-
-Testing:
-{
- QMP_VERSION
-}
-{
- "return": {
- }
-}
-{
- "return": {
- }
-}
-{
- "return": [
- {
- "iops_rd": 0,
- "detect_zeroes": "off",
- "image": {
- "virtual-size": 134217728,
- "filename": "TEST_DIR/t.IMGFMT",
- "cluster-size": 65536,
- "format": "IMGFMT",
- "actual-size": SIZE,
- "dirty-flag": false
- },
- "iops_wr": 0,
- "ro": false,
- "node-name": "disk",
- "backing_file_depth": 0,
- "drv": "IMGFMT",
- "iops": 0,
- "bps_wr": 0,
- "write_threshold": 0,
- "encrypted": false,
- "bps": 0,
- "bps_rd": 0,
- "cache": {
- "no-flush": false,
- "direct": false,
- "writeback": true
- },
- "file": "TEST_DIR/t.IMGFMT",
- "encryption_key_missing": false
- },
- {
- "iops_rd": 0,
- "detect_zeroes": "off",
- "image": {
- "virtual-size": 197120,
- "filename": "TEST_DIR/t.IMGFMT",
- "format": "file",
- "actual-size": SIZE,
- "dirty-flag": false
- },
- "iops_wr": 0,
- "ro": false,
- "node-name": "NODE_NAME",
- "backing_file_depth": 0,
- "drv": "file",
- "iops": 0,
- "bps_wr": 0,
- "write_threshold": 0,
- "encrypted": false,
- "bps": 0,
- "bps_rd": 0,
- "cache": {
- "no-flush": false,
- "direct": false,
- "writeback": true
- },
- "file": "TEST_DIR/t.IMGFMT",
- "encryption_key_missing": false
- }
- ]
-}
-{
- "return": {
- }
-}
-{
- "return": {
- }
-}
-{
- "return": {
- }
-}
-{
- "return": [
- {
- "iops_rd": 0,
- "detect_zeroes": "off",
- "image": {
- "virtual-size": 134217728,
- "filename": "TEST_DIR/t.IMGFMT",
- "cluster-size": 65536,
- "format": "IMGFMT",
- "actual-size": SIZE,
- "dirty-flag": false
- },
- "iops_wr": 0,
- "ro": false,
- "node-name": "disk",
- "backing_file_depth": 0,
- "drv": "IMGFMT",
- "iops": 0,
- "bps_wr": 0,
- "write_threshold": 0,
- "encrypted": false,
- "bps": 0,
- "bps_rd": 0,
- "cache": {
- "no-flush": false,
- "direct": false,
- "writeback": true
- },
- "file": "TEST_DIR/t.IMGFMT",
- "encryption_key_missing": false
- },
- {
- "iops_rd": 0,
- "detect_zeroes": "off",
- "image": {
- "virtual-size": 197120,
- "filename": "TEST_DIR/t.IMGFMT",
- "format": "file",
- "actual-size": SIZE,
- "dirty-flag": false
- },
- "iops_wr": 0,
- "ro": false,
- "node-name": "NODE_NAME",
- "backing_file_depth": 0,
- "drv": "file",
- "iops": 0,
- "bps_wr": 0,
- "write_threshold": 0,
- "encrypted": false,
- "bps": 0,
- "bps_rd": 0,
- "cache": {
- "no-flush": false,
- "direct": false,
- "writeback": true
- },
- "file": "TEST_DIR/t.IMGFMT",
- "encryption_key_missing": false
- }
- ]
-}
-{
- "return": {
- }
-}
-
-=== Empty drive with -device and device_del ===
-
-Testing: -device virtio-scsi -device scsi-cd,id=cd0
-{
- QMP_VERSION
-}
-{
- "return": {
- }
-}
-{
- "return": [
- {
- "io-status": "ok",
- "device": "",
- "locked": false,
- "removable": true,
- "qdev": "cd0",
- "tray_open": false,
- "type": "unknown"
- }
- ]
-}
-{
- "return": {
- }
-}
-{
- "return": {
- }
-}
-{
- "return": [
- ]
-}
-{
- "return": {
- }
-}
-*** done
064 rw quick
065 rw quick
066 rw auto quick
-067 rw quick
+# 067 was removed, do not reuse
068 rw quick
069 rw auto quick
070 rw quick
*/
/*
- * How to add or update the tests:
+ * How to add or update the tests or commit changes that affect ACPI tables:
* Contributor:
* 1. add empty files for new tables, if any, under tests/data/acpi
* 2. list any changed files in tests/qtest/bios-tables-test-allowed-diff.h
* $(SRC_PATH)/tests/data/acpi/rebuild-expected-aml.sh
* 6. Now commit any changes to the expected binary, include diff from step 4
* in commit log.
+ * Expected binary updates needs to be a separate patch from the code that
+ * introduces changes to ACPI tables. It lets the maintainer drop
+ * and regenerate binary updates in case of merge conflicts. Further, a code
+ * change is easily reviewable but a binary blob is not (without doing a
+ * disassembly).
* 7. Before sending patches to the list (Contributor)
* or before doing a pull request (Maintainer), make sure
* tests/qtest/bios-tables-test-allowed-diff.h is empty - this will ensure
#include "qapi/qmp/qdict.h"
#include "qapi/qmp/qstring.h"
-static void device_del_start(QTestState *qtest, const char *id)
+static void device_del(QTestState *qtest, const char *id)
{
- qtest_qmp_send(qtest,
- "{'execute': 'device_del', 'arguments': { 'id': %s } }", id);
-}
+ QDict *resp;
-static void device_del_finish(QTestState *qtest)
-{
- QDict *resp = qtest_qmp_receive(qtest);
+ resp = qtest_qmp(qtest,
+ "{'execute': 'device_del', 'arguments': { 'id': %s } }", id);
g_assert(qdict_haskey(resp, "return"));
qobject_unref(resp);
}
-static void device_del_request(QTestState *qtest, const char *id)
-{
- device_del_start(qtest, id);
- device_del_finish(qtest);
-}
-
static void system_reset(QTestState *qtest)
{
QDict *resp;
* be processed. However during system reset, the removal will be
* handled, removing the device.
*/
- device_del_request(qtest, "dev0");
+ device_del(qtest, "dev0");
system_reset(qtest);
wait_device_deleted_event(qtest, "dev0");
{
QTestState *qtest = qtest_initf("-device virtio-balloon-ccw,id=dev0");
- /*
- * The DEVICE_DELETED events will be sent before the command
- * completes.
- */
- device_del_start(qtest, "dev0");
+ device_del(qtest, "dev0");
wait_device_deleted_event(qtest, "dev0");
- device_del_finish(qtest);
qtest_quit(qtest);
}
"-device power9_v2.0-spapr-cpu-core,core-id=1,id=dev0");
/* similar to test_pci_unplug_request */
- device_del_request(qtest, "dev0");
+ device_del(qtest, "dev0");
system_reset(qtest);
wait_device_deleted_event(qtest, "dev0");
"-device pc-dimm,id=dev0,memdev=mem0");
/* similar to test_pci_unplug_request */
- device_del_request(qtest, "dev0");
+ device_del(qtest, "dev0");
system_reset(qtest);
wait_device_deleted_event(qtest, "dev0");
qtest = qtest_initf("-device spapr-pci-host-bridge,index=1,id=dev0");
/* similar to test_pci_unplug_request */
- device_del_request(qtest, "dev0");
+ device_del(qtest, "dev0");
system_reset(qtest);
wait_device_deleted_event(qtest, "dev0");
#include "libqos/libqtest.h"
#include "libqos/virtio.h"
#include "qapi/qmp/qdict.h"
+#include "qapi/qmp/qlist.h"
-/* TODO actually test the results and get rid of this */
-#define qmp_discard_response(q, ...) qobject_unref(qtest_qmp(q, __VA_ARGS__))
+static bool look_for_drive0(QTestState *qts, const char *command, const char *key)
+{
+ QDict *response;
+ QList *ret;
+ QListEntry *entry;
+ bool found;
+
+ response = qtest_qmp(qts, "{'execute': %s}", command);
+ g_assert(response && qdict_haskey(response, "return"));
+ ret = qdict_get_qlist(response, "return");
+
+ found = false;
+ QLIST_FOREACH_ENTRY(ret, entry) {
+ QDict *entry_dict = qobject_to(QDict, entry->value);
+ if (!strcmp(qdict_get_str(entry_dict, key), "drive0")) {
+ found = true;
+ break;
+ }
+ }
+
+ qobject_unref(response);
+ return found;
+}
+
+static bool has_drive(QTestState *qts)
+{
+ return look_for_drive0(qts, "query-block", "device");
+}
+
+static bool has_blockdev(QTestState *qts)
+{
+ return look_for_drive0(qts, "query-named-block-nodes", "node-name");
+}
+
+static void blockdev_add_with_media(QTestState *qts)
+{
+ QDict *response;
+
+ response = qtest_qmp(qts,
+ "{ 'execute': 'blockdev-add',"
+ " 'arguments': {"
+ " 'driver': 'raw',"
+ " 'node-name': 'drive0',"
+ " 'file': {"
+ " 'driver': 'null-co',"
+ " 'read-zeroes': true"
+ " }"
+ " }"
+ "}");
+
+ g_assert(response);
+ g_assert(qdict_haskey(response, "return"));
+ qobject_unref(response);
+ g_assert(has_blockdev(qts));
+}
static void drive_add(QTestState *qts)
{
char *resp = qtest_hmp(qts, "drive_add 0 if=none,id=drive0");
g_assert_cmpstr(resp, ==, "OK\r\n");
+ g_assert(has_drive(qts));
+ g_free(resp);
+}
+
+static void drive_add_with_media(QTestState *qts)
+{
+ char *resp = qtest_hmp(qts,
+ "drive_add 0 if=none,id=drive0,file=null-co://,"
+ "file.read-zeroes=on,format=raw");
+
+ g_assert_cmpstr(resp, ==, "OK\r\n");
+ g_assert(has_drive(qts));
g_free(resp);
}
static void drive_del(QTestState *qts)
{
- char *resp = qtest_hmp(qts, "drive_del drive0");
+ char *resp;
+ g_assert(has_drive(qts));
+ resp = qtest_hmp(qts, "drive_del drive0");
g_assert_cmpstr(resp, ==, "");
+ g_assert(!has_drive(qts));
g_free(resp);
}
-static void device_del(QTestState *qts)
+/*
+ * qvirtio_get_dev_type:
+ * Returns: the preferred virtio bus/device type for the current architecture.
+ * TODO: delete this
+ */
+static const char *qvirtio_get_dev_type(void)
+{
+ const char *arch = qtest_get_arch();
+
+ if (g_str_equal(arch, "arm") || g_str_equal(arch, "aarch64")) {
+ return "device"; /* for virtio-mmio */
+ } else if (g_str_equal(arch, "s390x")) {
+ return "ccw";
+ } else {
+ return "pci";
+ }
+}
+
+static void device_add(QTestState *qts)
{
QDict *response;
+ char driver[32];
+ snprintf(driver, sizeof(driver), "virtio-blk-%s",
+ qvirtio_get_dev_type());
- /* Complication: ignore DEVICE_DELETED event */
- qmp_discard_response(qts, "{'execute': 'device_del',"
+ response = qtest_qmp(qts, "{'execute': 'device_add',"
+ " 'arguments': {"
+ " 'driver': %s,"
+ " 'drive': 'drive0',"
+ " 'id': 'dev0'"
+ "}}", driver);
+ g_assert(response);
+ g_assert(qdict_haskey(response, "return"));
+ qobject_unref(response);
+}
+
+static void device_del(QTestState *qts, bool and_reset)
+{
+ QDict *response;
+
+ response = qtest_qmp(qts, "{'execute': 'device_del',"
" 'arguments': { 'id': 'dev0' } }");
- response = qtest_qmp_receive(qts);
g_assert(response);
g_assert(qdict_haskey(response, "return"));
qobject_unref(response);
+
+ if (and_reset) {
+ response = qtest_qmp(qts, "{'execute': 'system_reset' }");
+ g_assert(response);
+ g_assert(qdict_haskey(response, "return"));
+ qobject_unref(response);
+ }
+
+ qtest_qmp_eventwait(qts, "DEVICE_DELETED");
}
static void test_drive_without_dev(void)
qtest_quit(qts);
}
-/*
- * qvirtio_get_dev_type:
- * Returns: the preferred virtio bus/device type for the current architecture.
- * TODO: delete this
- */
-static const char *qvirtio_get_dev_type(void)
-{
- const char *arch = qtest_get_arch();
-
- if (g_str_equal(arch, "arm") || g_str_equal(arch, "aarch64")) {
- return "device"; /* for virtio-mmio */
- } else if (g_str_equal(arch, "s390x")) {
- return "ccw";
- } else {
- return "pci";
- }
-}
-
static void test_after_failed_device_add(void)
{
char driver[32];
* Doing it in this order takes notoriously tricky special paths
*/
drive_del(qts);
- device_del(qts);
+ device_del(qts, false);
+ g_assert(!has_drive(qts));
+
+ qtest_quit(qts);
+}
+
+static void test_cli_device_del(void)
+{
+ QTestState *qts;
+
+ /*
+ * -drive/-device and device_del. Start with a drive used by a
+ * device that unplugs after reset.
+ */
+ qts = qtest_initf("-drive if=none,id=drive0,file=null-co://,"
+ "file.read-zeroes=on,format=raw"
+ " -device virtio-blk-%s,drive=drive0,id=dev0",
+ qvirtio_get_dev_type());
+
+ device_del(qts, true);
+ g_assert(!has_drive(qts));
+
+ qtest_quit(qts);
+}
+
+static void test_empty_device_del(void)
+{
+ QTestState *qts;
+
+ /* device_del with no drive plugged. */
+ qts = qtest_initf("-device virtio-scsi-%s -device scsi-cd,id=dev0",
+ qvirtio_get_dev_type());
+
+ device_del(qts, false);
+ qtest_quit(qts);
+}
+
+static void test_device_add_and_del(void)
+{
+ QTestState *qts;
+
+ /*
+ * -drive/device_add and device_del. Start with a drive used by a
+ * device that unplugs after reset.
+ */
+ qts = qtest_init("-drive if=none,id=drive0,file=null-co://,"
+ "file.read-zeroes=on,format=raw");
+
+ device_add(qts);
+ device_del(qts, true);
+ g_assert(!has_drive(qts));
+
+ qtest_quit(qts);
+}
+
+static void test_drive_add_device_add_and_del(void)
+{
+ QTestState *qts;
+
+ qts = qtest_init("");
+
+ /*
+ * drive_add/device_add and device_del. The drive is used by a
+ * device that unplugs after reset.
+ */
+ drive_add_with_media(qts);
+ device_add(qts);
+ device_del(qts, true);
+ g_assert(!has_drive(qts));
+
+ qtest_quit(qts);
+}
+
+static void test_blockdev_add_device_add_and_del(void)
+{
+ QTestState *qts;
+
+ qts = qtest_init("");
+
+ /*
+ * blockdev_add/device_add and device_del. The it drive is used by a
+ * device that unplugs after reset, but it doesn't go away.
+ */
+ blockdev_add_with_media(qts);
+ device_add(qts);
+ device_del(qts, true);
+ g_assert(has_blockdev(qts));
qtest_quit(qts);
}
if (qvirtio_get_dev_type() != NULL) {
qtest_add_func("/drive_del/after_failed_device_add",
test_after_failed_device_add);
- qtest_add_func("/blockdev/drive_del_device_del",
+ qtest_add_func("/drive_del/drive_del_device_del",
test_drive_del_device_del);
+ qtest_add_func("/device_del/drive/cli_device",
+ test_cli_device_del);
+ qtest_add_func("/device_del/drive/device_add",
+ test_device_add_and_del);
+ qtest_add_func("/device_del/drive/drive_add_device_add",
+ test_drive_add_device_add_and_del);
+ qtest_add_func("/device_del/empty",
+ test_empty_device_del);
+ qtest_add_func("/device_del/blockdev",
+ test_blockdev_add_device_add_and_del);
}
return g_test_run();
--- /dev/null
+/*
+ * QTest testcase for fuzz case
+ *
+ * Copyright (c) 2020 Li Qiang <liq3ea@gmail.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+
+#include "libqos/libqtest.h"
+
+/*
+ * This used to trigger the assert in scsi_dma_complete
+ * https://bugs.launchpad.net/qemu/+bug/1878263
+ */
+static void test_lp1878263_megasas_zero_iov_cnt(void)
+{
+ QTestState *s;
+
+ s = qtest_init("-nographic -monitor none -serial none "
+ "-M q35 -device megasas -device scsi-cd,drive=null0 "
+ "-blockdev driver=null-co,read-zeroes=on,node-name=null0");
+ qtest_outl(s, 0xcf8, 0x80001818);
+ qtest_outl(s, 0xcfc, 0xc101);
+ qtest_outl(s, 0xcf8, 0x8000181c);
+ qtest_outl(s, 0xcf8, 0x80001804);
+ qtest_outw(s, 0xcfc, 0x7);
+ qtest_outl(s, 0xcf8, 0x8000186a);
+ qtest_writeb(s, 0x14, 0xfe);
+ qtest_writeb(s, 0x0, 0x02);
+ qtest_outb(s, 0xc1c0, 0x17);
+ qtest_quit(s);
+}
+
+int main(int argc, char **argv)
+{
+ const char *arch = qtest_get_arch();
+
+ g_test_init(&argc, &argv, NULL);
+
+ if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
+ qtest_add_func("fuzz/test_lp1878263_megasas_zero_iov_cnt",
+ test_lp1878263_megasas_zero_iov_cnt);
+ }
+
+ return g_test_run();
+}
/**
* qtest_initf:
- * @fmt...: Format for creating other arguments to pass to QEMU, formatted
+ * @fmt: Format for creating other arguments to pass to QEMU, formatted
* like sprintf().
*
* Convenience wrapper around qtest_init().
* @s: #QTestState instance to operate on.
* @fds: array of file descriptors
* @fds_num: number of elements in @fds
- * @fmt...: QMP message to send to qemu, formatted like
+ * @fmt: QMP message to send to qemu, formatted like
* qobject_from_jsonf_nofail(). See parse_escape() for what's
* supported after '%'.
*
/**
* qtest_qmp:
* @s: #QTestState instance to operate on.
- * @fmt...: QMP message to send to qemu, formatted like
+ * @fmt: QMP message to send to qemu, formatted like
* qobject_from_jsonf_nofail(). See parse_escape() for what's
* supported after '%'.
*
/**
* qtest_qmp_send:
* @s: #QTestState instance to operate on.
- * @fmt...: QMP message to send to qemu, formatted like
+ * @fmt: QMP message to send to qemu, formatted like
* qobject_from_jsonf_nofail(). See parse_escape() for what's
* supported after '%'.
*
/**
* qtest_qmp_send_raw:
* @s: #QTestState instance to operate on.
- * @fmt...: text to send, formatted like sprintf()
+ * @fmt: text to send, formatted like sprintf()
*
* Sends text to the QMP monitor verbatim. Need not be valid JSON;
* this is useful for negative tests.
GCC_FMT_ATTR(2, 0);
/**
- * qtest_receive:
+ * qtest_qmp_receive_dict:
* @s: #QTestState instance to operate on.
*
* Reads a QMP message from QEMU and returns the response.
*/
+QDict *qtest_qmp_receive_dict(QTestState *s);
+
+/**
+ * qtest_qmp_receive:
+ * @s: #QTestState instance to operate on.
+ *
+ * Reads a QMP message from QEMU and returns the response.
+ * Buffers all the events received meanwhile, until a
+ * call to qtest_qmp_eventwait
+ */
QDict *qtest_qmp_receive(QTestState *s);
/**
* qtest_qmp_eventwait:
* @s: #QTestState instance to operate on.
- * @s: #event event to wait for.
+ * @event: event to wait for.
*
* Continuously polls for QMP responses until it receives the desired event.
*/
/**
* qtest_qmp_eventwait_ref:
* @s: #QTestState instance to operate on.
- * @s: #event event to wait for.
+ * @event: event to wait for.
*
* Continuously polls for QMP responses until it receives the desired event.
* Returns a copy of the event for further investigation.
QDict *qtest_qmp_eventwait_ref(QTestState *s, const char *event);
/**
- * qtest_qmp_receive_success:
- * @s: #QTestState instance to operate on
- * @event_cb: Event callback
- * @opaque: Argument for @event_cb
+ * qtest_qmp_event_ref:
+ * @s: #QTestState instance to operate on.
+ * @event: event to return.
+ *
+ * Removes non-matching events from the buffer that was set by
+ * qtest_qmp_receive, until an event bearing the given name is found,
+ * and returns it.
+ * If no event matches, clears the buffer and returns NULL.
*
- * Poll QMP messages until a command success response is received.
- * If @event_cb, call it for each event received, passing @opaque,
- * the event's name and data.
- * Return the success response's "return" member.
*/
-QDict *qtest_qmp_receive_success(QTestState *s,
- void (*event_cb)(void *opaque,
- const char *name,
- QDict *data),
- void *opaque);
+QDict *qtest_qmp_event_ref(QTestState *s, const char *event);
/**
* qtest_hmp:
* @s: #QTestState instance to operate on.
- * @fmt...: HMP command to send to QEMU, formats arguments like sprintf().
+ * @fmt: HMP command to send to QEMU, formats arguments like sprintf().
*
* Send HMP command to QEMU via QMP's human-monitor-command.
* QMP events are discarded.
/**
* qtest_qmp_assert_success:
* @qts: QTestState instance to operate on
- * @fmt...: QMP message to send to qemu, formatted like
+ * @fmt: QMP message to send to qemu, formatted like
* qobject_from_jsonf_nofail(). See parse_escape() for what's
* supported after '%'.
*
* @qts: QTestState instance to operate on
* @driver: Name of the device that should be added
* @id: Identification string
- * @fmt...: QMP message to send to qemu, formatted like
+ * @fmt: QMP message to send to qemu, formatted like
* qobject_from_jsonf_nofail(). See parse_escape() for what's
* supported after '%'.
*
bool irq_level[MAX_IRQ];
GString *rx;
QTestTransportOps ops;
+ GList *pending_events;
};
static GHookList abrt_hooks;
g_test_message("starting QEMU: %s", command);
+ s->pending_events = NULL;
s->wstatus = 0;
s->expected_status = 0;
s->qemu_pid = fork();
close(s->fd);
close(s->qmp_fd);
g_string_free(s->rx, true);
+
+ for (GList *it = s->pending_events; it != NULL; it = it->next) {
+ qobject_unref((QDict *)it->data);
+ }
+
+ g_list_free(s->pending_events);
+
g_free(s);
}
}
QDict *qtest_qmp_receive(QTestState *s)
+{
+ while (true) {
+ QDict *response = qtest_qmp_receive_dict(s);
+
+ if (!qdict_get_try_str(response, "event")) {
+ return response;
+ }
+ /* Stash the event for a later consumption */
+ s->pending_events = g_list_prepend(s->pending_events, response);
+ }
+}
+
+QDict *qtest_qmp_receive_dict(QTestState *s)
{
return qmp_fd_receive(s->qmp_fd);
}
va_end(ap);
}
-QDict *qtest_qmp_eventwait_ref(QTestState *s, const char *event)
+QDict *qtest_qmp_event_ref(QTestState *s, const char *event)
{
+ GList *next = NULL;
QDict *response;
+ for (GList *it = s->pending_events; it != NULL; it = next) {
+
+ next = it->next;
+ response = (QDict *)it->data;
+
+ s->pending_events = g_list_remove_link(s->pending_events, it);
+
+ if (!strcmp(qdict_get_str(response, "event"), event)) {
+ return response;
+ }
+ qobject_unref(response);
+ }
+ return NULL;
+}
+
+QDict *qtest_qmp_eventwait_ref(QTestState *s, const char *event)
+{
+ QDict *response = qtest_qmp_event_ref(s, event);
+
+ if (response) {
+ return response;
+ }
+
for (;;) {
- response = qtest_qmp_receive(s);
+ response = qtest_qmp_receive_dict(s);
if ((qdict_haskey(response, "event")) &&
(strcmp(qdict_get_str(response, "event"), event) == 0)) {
return response;
" 'arguments': {'command-line': %s}}",
cmd);
ret = g_strdup(qdict_get_try_str(resp, "return"));
- while (ret == NULL && qdict_get_try_str(resp, "event")) {
- /* Ignore asynchronous QMP events */
- qobject_unref(resp);
- resp = qtest_qmp_receive(s);
- ret = g_strdup(qdict_get_try_str(resp, "return"));
- }
g_assert(ret);
qobject_unref(resp);
g_free(cmd);
qobject_unref(response);
}
-QDict *qtest_qmp_receive_success(QTestState *s,
- void (*event_cb)(void *opaque,
- const char *event,
- QDict *data),
- void *opaque)
-{
- QDict *response, *ret, *data;
- const char *event;
-
- for (;;) {
- response = qtest_qmp_receive(s);
- g_assert(!qdict_haskey(response, "error"));
- ret = qdict_get_qdict(response, "return");
- if (ret) {
- break;
- }
- event = qdict_get_str(response, "event");
- data = qdict_get_qdict(response, "data");
- if (event_cb) {
- event_cb(opaque, event, data);
- }
- qobject_unref(response);
- }
-
- qobject_ref(ret);
- qobject_unref(response);
- return ret;
-}
-
/*
* Generic hot-plugging test via the device_add QMP commands.
*/
qobject_unref(args);
}
-static void device_deleted_cb(void *opaque, const char *name, QDict *data)
-{
- bool *got_event = opaque;
-
- g_assert_cmpstr(name, ==, "DEVICE_DELETED");
- *got_event = true;
-}
/*
* Generic hot-unplugging test via the device_del QMP command.
* and this one:
*
* {"return": {}}
- *
- * But the order of arrival may vary - so we've got to detect both.
*/
void qtest_qmp_device_del(QTestState *qts, const char *id)
{
- bool got_event = false;
QDict *rsp;
- qtest_qmp_send(qts, "{'execute': 'device_del', 'arguments': {'id': %s}}",
- id);
- rsp = qtest_qmp_receive_success(qts, device_deleted_cb, &got_event);
+ rsp = qtest_qmp(qts, "{'execute': 'device_del', 'arguments': {'id': %s}}",
+ id);
+
+ g_assert(qdict_haskey(rsp, "return"));
qobject_unref(rsp);
- if (!got_event) {
- rsp = qtest_qmp_receive(qts);
- g_assert_cmpstr(qdict_get_try_str(rsp, "event"),
- ==, "DEVICE_DELETED");
- qobject_unref(rsp);
- }
+ qtest_qmp_eventwait(qts, "DEVICE_DELETED");
}
bool qmp_rsp_is_err(QDict *rsp)
{
QTestState *qts;
qts = g_new0(QTestState, 1);
+ qts->pending_events = NULL;
*s = qts; /* Expose qts early on, since the query endianness relies on it */
qts->wstatus = 0;
for (int i = 0; i < MAX_IRQ; i++) {
'bios-tables-test',
'rtc-test',
'i440fx-test',
+ 'fuzz-test',
'fw_cfg-test',
'device-plug-test',
'drive_del-test',
qtests_ppc = \
(config_all_devices.has_key('CONFIG_ISA_TESTDEV') ? ['endianness-test'] : []) + \
(config_all_devices.has_key('CONFIG_M48T59') ? ['m48t59-test'] : []) + \
- ['boot-order-test', 'prom-env-test', 'drive_del-test', 'boot-serial-test'] \
+ ['boot-order-test', 'prom-env-test', 'boot-serial-test'] \
qtests_ppc64 = \
(config_all_devices.has_key('CONFIG_PSERIES') ? ['device-plug-test'] : []) + \
(config_all_devices.has_key('CONFIG_USB_UHCI') ? ['usb-hcd-uhci-test'] : []) + \
(config_all_devices.has_key('CONFIG_USB_XHCI_NEC') ? ['usb-hcd-xhci-test'] : []) + \
(config_host.has_key('CONFIG_POSIX') ? ['test-filter-mirror'] : []) + \
- qtests_pci + ['migration-test', 'numa-test', 'cpu-plug-test']
+ qtests_pci + ['migration-test', 'numa-test', 'cpu-plug-test', 'drive_del-test']
qtests_sh4 = (config_all_devices.has_key('CONFIG_ISA_TESTDEV') ? ['endianness-test'] : [])
qtests_sh4eb = (config_all_devices.has_key('CONFIG_ISA_TESTDEV') ? ['endianness-test'] : [])
qos_test_ss.add(when: 'CONFIG_VIRTFS', if_true: files('virtio-9p-test.c'))
qos_test_ss.add(when: 'CONFIG_VHOST_USER', if_true: files('vhost-user-test.c'))
-extra_qtest_deps = {
- 'bios-tables-test': [io],
- 'ivshmem-test': [rt],
- 'qos-test': [chardev, io],
- 'tpm-crb-swtpm-test': [io],
- 'tpm-crb-test': [io],
- 'tpm-tis-swtpm-test': [io],
- 'tpm-tis-test': [io],
- 'tpm-tis-device-swtpm-test': [io],
- 'tpm-tis-device-test': [io],
-}
-extra_qtest_srcs = {
- 'bios-tables-test': files('boot-sector.c', 'acpi-utils.c', 'tpm-emu.c'),
- 'pxe-test': files('boot-sector.c'),
+tpmemu_files = ['tpm-emu.c', 'tpm-util.c', 'tpm-tests.c']
+
+qtests = {
+ 'bios-tables-test': [io, 'boot-sector.c', 'acpi-utils.c', 'tpm-emu.c'],
'cdrom-test': files('boot-sector.c'),
- 'migration-test': files('migration-helpers.c'),
- 'ivshmem-test': files('../../contrib/ivshmem-server/ivshmem-server.c'),
'dbus-vmstate-test': files('migration-helpers.c') + dbus_vmstate1,
+ 'ivshmem-test': [rt, '../../contrib/ivshmem-server/ivshmem-server.c'],
+ 'migration-test': files('migration-helpers.c'),
+ 'pxe-test': files('boot-sector.c'),
+ 'qos-test': [chardev, io, qos_test_ss.apply(config_host, strict: false).sources()],
+ 'tpm-crb-swtpm-test': [io, tpmemu_files],
+ 'tpm-crb-test': [io, tpmemu_files],
+ 'tpm-tis-swtpm-test': [io, tpmemu_files, 'tpm-tis-util.c'],
+ 'tpm-tis-test': [io, tpmemu_files, 'tpm-tis-util.c'],
+ 'tpm-tis-device-swtpm-test': [io, tpmemu_files, 'tpm-tis-util.c'],
+ 'tpm-tis-device-test': [io, tpmemu_files, 'tpm-tis-util.c'],
'vmgenid-test': files('boot-sector.c', 'acpi-utils.c'),
- 'tpm-crb-swtpm-test': files('tpm-emu.c', 'tpm-util.c', 'tpm-tests.c'),
- 'tpm-crb-test': files('tpm-emu.c', 'tpm-util.c', 'tpm-tests.c'),
- 'tpm-tis-device-swtpm-test': files('tpm-emu.c', 'tpm-util.c', 'tpm-tis-util.c', 'tpm-tests.c'),
- 'tpm-tis-device-test': files('tpm-emu.c', 'tpm-util.c', 'tpm-tis-util.c', 'tpm-tests.c'),
- 'tpm-tis-swtpm-test': files('tpm-emu.c', 'tpm-util.c', 'tpm-tis-util.c', 'tpm-tests.c'),
- 'tpm-tis-test': files('tpm-emu.c', 'tpm-util.c', 'tpm-tis-util.c', 'tpm-tests.c'),
- 'qos-test': qos_test_ss.apply(config_host, strict: false).sources()
}
-
qtest_executables = {}
foreach dir : target_dirs
if not dir.endswith('-softmmu')
target_base = dir.split('-')[0]
qtest_emulator = emulators['qemu-system-' + target_base]
- qtests = get_variable('qtests_' + target_base, []) + qtests_generic
+ target_qtests = get_variable('qtests_' + target_base, []) + qtests_generic
test_deps = []
qtest_env = environment()
qtest_env.set('G_TEST_DBUS_DAEMON', meson.source_root() / 'tests/dbus-vmstate-daemon.sh')
qtest_env.set('QTEST_QEMU_BINARY', './qemu-system-' + target_base)
- foreach test : qtests
+ foreach test : target_qtests
# Executables are shared across targets, declare them only the first time we
# encounter them
if not qtest_executables.has_key(test)
+ src = [test + '.c']
+ deps = [qemuutil, qos]
+ if test in qtests
+ # use a sourceset to quickly separate sources and deps
+ test_ss = ss.source_set()
+ test_ss.add(qtests[test])
+ src += test_ss.all_sources()
+ deps += test_ss.all_dependencies()
+ endif
qtest_executables += {
- test: executable(test,
- files(test + '.c') + extra_qtest_srcs.get(test, []),
- dependencies: [qemuutil, qos] + extra_qtest_deps.get(test, []))
+ test: executable(test, src, dependencies: deps)
}
endif
# FIXME: missing dependency on the emulator binary and qemu-img
bool got_stop;
-static void stop_cb(void *opaque, const char *name, QDict *data)
+static void check_stop_event(QTestState *who)
{
- if (!strcmp(name, "STOP")) {
+ QDict *event = qtest_qmp_event_ref(who, "STOP");
+ if (event) {
got_stop = true;
+ qobject_unref(event);
}
}
QDict *wait_command_fd(QTestState *who, int fd, const char *command, ...)
{
va_list ap;
+ QDict *resp;
va_start(ap, command);
qtest_qmp_vsend_fds(who, &fd, 1, command, ap);
va_end(ap);
- return qtest_qmp_receive_success(who, stop_cb, NULL);
+ resp = qtest_qmp_receive(who);
+ check_stop_event(who);
+
+ g_assert(!qdict_haskey(resp, "error"));
+ g_assert(qdict_haskey(resp, "return"));
+
+ return qdict_get_qdict(resp, "return");
}
/*
QDict *wait_command(QTestState *who, const char *command, ...)
{
va_list ap;
+ QDict *resp;
va_start(ap, command);
- qtest_qmp_vsend(who, command, ap);
+ resp = qtest_vqmp(who, command, ap);
va_end(ap);
- return qtest_qmp_receive_success(who, stop_cb, NULL);
+ check_stop_event(who);
+
+ g_assert(!qdict_haskey(resp, "error"));
+ g_assert(qdict_haskey(resp, "return"));
+
+ return qdict_get_qdict(resp, "return");
}
/*
unsigned end_address;
static bool uffd_feature_thread_id;
+/* A downtime where the test really should converge */
+#define CONVERGE_DOWNTIME 1000
+
#if defined(__linux__)
#include <sys/syscall.h>
#include <sys/vfs.h>
wait_for_migration_pass(from);
- /* 300 ms should converge */
- migrate_set_parameter_int(from, "downtime-limit", 300);
+ migrate_set_parameter_int(from, "downtime-limit", CONVERGE_DOWNTIME);
if (!got_stop) {
qtest_qmp_eventwait(from, "STOP");
migrate_qmp(from, uri, "{}");
+ wait_for_migration_pass(from);
+ /* Make sure we have 2 passes, so the xbzrle cache gets a workout */
wait_for_migration_pass(from);
- /* 300ms should converge */
- migrate_set_parameter_int(from, "downtime-limit", 300);
+ /* 1000ms should converge */
+ migrate_set_parameter_int(from, "downtime-limit", 1000);
if (!got_stop) {
qtest_qmp_eventwait(from, "STOP");
wait_for_migration_pass(from);
- /* 300ms should converge */
- migrate_set_parameter_int(from, "downtime-limit", 300);
+ migrate_set_parameter_int(from, "downtime-limit", CONVERGE_DOWNTIME);
if (!got_stop) {
qtest_qmp_eventwait(from, "STOP");
wait_for_migration_pass(from);
- /* 300ms should converge */
- migrate_set_parameter_int(from, "downtime-limit", 300);
+ migrate_set_parameter_int(from, "downtime-limit", CONVERGE_DOWNTIME);
if (!got_stop) {
qtest_qmp_eventwait(from, "STOP");
wait_for_migration_pass(from);
- /* 300ms it should converge */
- migrate_set_parameter_int(from, "downtime-limit", 300);
+ migrate_set_parameter_int(from, "downtime-limit", CONVERGE_DOWNTIME);
if (!got_stop) {
qtest_qmp_eventwait(from, "STOP");
qtest_outb(qts, 0x505, 0x1);
- response = qtest_qmp_receive(qts);
- g_assert(qdict_haskey(response, "event"));
- g_assert_cmpstr(qdict_get_str(response, "event"), ==, "GUEST_PANICKED");
+ response = qtest_qmp_eventwait_ref(qts, "GUEST_PANICKED");
g_assert(qdict_haskey(response, "data"));
data = qdict_get_qdict(response, "data");
g_assert(qdict_haskey(data, "action"));
/* syntax error */
qtest_qmp_send_raw(qts, "{]\n");
- resp = qtest_qmp_receive(qts);
+ resp = qtest_qmp_receive_dict(qts);
qmp_expect_error_and_unref(resp, "GenericError");
assert_recovered(qts);
/* lexical error: impossible byte outside string */
qtest_qmp_send_raw(qts, "{\xFF");
- resp = qtest_qmp_receive(qts);
+ resp = qtest_qmp_receive_dict(qts);
qmp_expect_error_and_unref(resp, "GenericError");
assert_recovered(qts);
/* lexical error: funny control character outside string */
qtest_qmp_send_raw(qts, "{\x01");
- resp = qtest_qmp_receive(qts);
+ resp = qtest_qmp_receive_dict(qts);
qmp_expect_error_and_unref(resp, "GenericError");
assert_recovered(qts);
/* lexical error: impossible byte in string */
qtest_qmp_send_raw(qts, "{'bad \xFF");
- resp = qtest_qmp_receive(qts);
+ resp = qtest_qmp_receive_dict(qts);
qmp_expect_error_and_unref(resp, "GenericError");
assert_recovered(qts);
/* lexical error: control character in string */
qtest_qmp_send_raw(qts, "{'execute': 'nonexistent', 'id':'\n");
- resp = qtest_qmp_receive(qts);
+ resp = qtest_qmp_receive_dict(qts);
qmp_expect_error_and_unref(resp, "GenericError");
assert_recovered(qts);
/* lexical error: interpolation */
qtest_qmp_send_raw(qts, "%%p");
- resp = qtest_qmp_receive(qts);
+ resp = qtest_qmp_receive_dict(qts);
qmp_expect_error_and_unref(resp, "GenericError");
assert_recovered(qts);
qts = qtest_init_without_qmp_handshake(common_args);
/* Test greeting */
- resp = qtest_qmp_receive(qts);
+ resp = qtest_qmp_receive_dict(qts);
q = qdict_get_qdict(resp, "QMP");
g_assert(q);
test_version(qdict_get(q, "version"));
static void recv_cmd_id(QTestState *s, const char *id)
{
- QDict *resp = qtest_qmp_receive(s);
+ QDict *resp = qtest_qmp_receive_dict(s);
g_assert_cmpstr(qdict_get_try_str(resp, "id"), ==, id);
qobject_unref(resp);
qts = qtest_init_without_qmp_handshake(common_args);
/* Check the greeting message. */
- resp = qtest_qmp_receive(qts);
+ resp = qtest_qmp_receive_dict(qts);
q = qdict_get_qdict(resp, "QMP");
g_assert(q);
capabilities = qdict_get_qlist(q, "capabilities");
break;
}
- clock_step(1000000000);
+ clock_step(NANOSECONDS_PER_SECOND);
}
g_assert(get_irq(RTC_ISA_IRQ));
void tpm_util_wait_for_migration_complete(QTestState *who)
{
while (true) {
+ QDict *rsp;
QDict *rsp_return;
bool completed;
const char *status;
- qtest_qmp_send(who, "{ 'execute': 'query-migrate' }");
- rsp_return = qtest_qmp_receive_success(who, NULL, NULL);
+ rsp = qtest_qmp(who, "{ 'execute': 'query-migrate' }");
+ g_assert(qdict_haskey(rsp, "return"));
+ rsp_return = qdict_get_qdict(rsp, "return");
+
+ g_assert(!qdict_haskey(rsp_return, "error"));
status = qdict_get_str(rsp_return, "status");
completed = strcmp(status, "completed") == 0;
g_assert_cmpstr(status, !=, "failed");
# in the tests/venv Python virtual environment. For more info,
# refer to: https://pip.pypa.io/en/stable/user_guide/#id1
avocado-framework==81.0
-pycdlib==1.9.0
+pycdlib==1.11.0
+++ /dev/null
-# These are build artefacts which only appear when you are doing
-# builds directly in the source tree.
-config-*.mak
-*-softmmu/
-*-linux-user/
+++ /dev/null
-Build
-Conf
-log
size_t bufsize;
int error;
char *vu_socket_path;
+ char *vu_socket_group;
int vu_listen_fd;
int vu_socketfd;
struct fv_VuDev *virtio_dev;
LL_OPTION("--debug", debug, 1),
LL_OPTION("allow_root", deny_others, 1),
LL_OPTION("--socket-path=%s", vu_socket_path, 0),
+ LL_OPTION("--socket-group=%s", vu_socket_group, 0),
LL_OPTION("--fd=%d", vu_listen_fd, 0),
LL_OPTION("--thread-pool-size=%d", thread_pool_size, 0),
FUSE_OPT_END
"fuse: --socket-path and --fd cannot be given together\n");
goto out4;
}
+ if (se->vu_socket_group && !se->vu_socket_path) {
+ fuse_log(FUSE_LOG_ERR,
+ "fuse: --socket-group can only be used with --socket-path\n");
+ goto out4;
+ }
se->bufsize = FUSE_MAX_MAX_PAGES * getpagesize() + FUSE_BUFFER_HEADER_SIZE;
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/un.h>
+#include <sys/types.h>
+#include <grp.h>
#include <unistd.h>
#include "contrib/libvhost-user/libvhost-user.h"
/*
* Unfortunately bind doesn't let you set the mask on the socket,
- * so set umask to 077 and restore it later.
+ * so set umask appropriately and restore it later.
*/
- old_umask = umask(0077);
+ if (se->vu_socket_group) {
+ old_umask = umask(S_IROTH | S_IWOTH | S_IXOTH);
+ } else {
+ old_umask = umask(S_IRGRP | S_IWGRP | S_IXGRP |
+ S_IROTH | S_IWOTH | S_IXOTH);
+ }
if (bind(listen_sock, (struct sockaddr *)&un, addr_len) == -1) {
fuse_log(FUSE_LOG_ERR, "vhost socket bind: %m\n");
close(listen_sock);
umask(old_umask);
return -1;
}
+ if (se->vu_socket_group) {
+ struct group *g = getgrnam(se->vu_socket_group);
+ if (g) {
+ if (!chown(se->vu_socket_path, -1, g->gr_gid)) {
+ fuse_log(FUSE_LOG_WARNING,
+ "vhost socket failed to set group to %s (%d)\n",
+ se->vu_socket_group, g->gr_gid);
+ }
+ }
+ }
umask(old_umask);
if (listen(listen_sock, 1) == -1) {
struct lo_inode *inode;
int ifd;
int res;
- int fd;
+ int fd = -1;
inode = lo_inode(req, ino);
if (!inode) {
static void setup_namespaces(struct lo_data *lo, struct fuse_session *se)
{
pid_t child;
- char template[] = "virtiofsd-XXXXXX";
- char *tmpdir;
/*
* Create a new pid namespace for *child* processes. We'll have to
exit(1);
}
- tmpdir = mkdtemp(template);
- if (!tmpdir) {
- fuse_log(FUSE_LOG_ERR, "tmpdir(%s): %m\n", template);
- exit(1);
- }
-
- if (mount("/proc/self/fd", tmpdir, NULL, MS_BIND, NULL) < 0) {
- fuse_log(FUSE_LOG_ERR, "mount(/proc/self/fd, %s, MS_BIND): %m\n",
- tmpdir);
+ /*
+ * We only need /proc/self/fd. Prevent ".." from accessing parent
+ * directories of /proc/self/fd by bind-mounting it over /proc. Since / was
+ * previously remounted with MS_REC | MS_SLAVE this mount change only
+ * affects our process.
+ */
+ if (mount("/proc/self/fd", "/proc", NULL, MS_BIND, NULL) < 0) {
+ fuse_log(FUSE_LOG_ERR, "mount(/proc/self/fd, MS_BIND): %m\n");
exit(1);
}
- /* Now we can get our /proc/self/fd directory file descriptor */
- lo->proc_self_fd = open(tmpdir, O_PATH);
+ /* Get the /proc (actually /proc/self/fd, see above) file descriptor */
+ lo->proc_self_fd = open("/proc", O_PATH);
if (lo->proc_self_fd == -1) {
- fuse_log(FUSE_LOG_ERR, "open(%s, O_PATH): %m\n", tmpdir);
+ fuse_log(FUSE_LOG_ERR, "open(/proc, O_PATH): %m\n");
exit(1);
}
-
- if (umount2(tmpdir, MNT_DETACH) < 0) {
- fuse_log(FUSE_LOG_ERR, "umount2(%s, MNT_DETACH): %m\n", tmpdir);
- exit(1);
- }
-
- if (rmdir(tmpdir) < 0) {
- fuse_log(FUSE_LOG_ERR, "rmdir(%s): %m\n", tmpdir);
- }
}
/*
/* Don't mask creation mode, kernel already did that */
umask(0);
+ qemu_init_exec_dir(argv[0]);
+
pthread_mutex_init(&lo.mutex, NULL);
lo.inodes = g_hash_table_new(lo_key_hash, lo_key_equal);
lo.root.fd = -1;
+++ /dev/null
-/*
- * TPM configuration
- *
- * Copyright (C) 2011-2013 IBM Corporation
- *
- * Authors:
- * Stefan Berger <stefanb@us.ibm.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- *
- * Based on net.c
- */
-
-#include "qemu/osdep.h"
-
-#include "qapi/error.h"
-#include "qapi/qapi-commands-tpm.h"
-#include "qapi/qmp/qerror.h"
-#include "sysemu/tpm_backend.h"
-#include "sysemu/tpm.h"
-#include "qemu/config-file.h"
-#include "qemu/error-report.h"
-
-static QLIST_HEAD(, TPMBackend) tpm_backends =
- QLIST_HEAD_INITIALIZER(tpm_backends);
-
-static const TPMBackendClass *
-tpm_be_find_by_type(enum TpmType type)
-{
- ObjectClass *oc;
- char *typename = g_strdup_printf("tpm-%s", TpmType_str(type));
-
- oc = object_class_by_name(typename);
- g_free(typename);
-
- if (!object_class_dynamic_cast(oc, TYPE_TPM_BACKEND)) {
- return NULL;
- }
-
- return TPM_BACKEND_CLASS(oc);
-}
-
-/*
- * Walk the list of available TPM backend drivers and display them on the
- * screen.
- */
-static void tpm_display_backend_drivers(void)
-{
- bool got_one = false;
- int i;
-
- for (i = 0; i < TPM_TYPE__MAX; i++) {
- const TPMBackendClass *bc = tpm_be_find_by_type(i);
- if (!bc) {
- continue;
- }
- if (!got_one) {
- error_printf("Supported TPM types (choose only one):\n");
- got_one = true;
- }
- error_printf("%12s %s\n", TpmType_str(i), bc->desc);
- }
- if (!got_one) {
- error_printf("No TPM backend types are available\n");
- }
-}
-
-/*
- * Find the TPM with the given Id
- */
-TPMBackend *qemu_find_tpm_be(const char *id)
-{
- TPMBackend *drv;
-
- if (id) {
- QLIST_FOREACH(drv, &tpm_backends, list) {
- if (!strcmp(drv->id, id)) {
- return drv;
- }
- }
- }
-
- return NULL;
-}
-
-static int tpm_init_tpmdev(void *dummy, QemuOpts *opts, Error **errp)
-{
- /*
- * Use of error_report() in a function with an Error ** parameter
- * is suspicious. It is okay here. The parameter only exists to
- * make the function usable with qemu_opts_foreach(). It is not
- * actually used.
- */
- const char *value;
- const char *id;
- const TPMBackendClass *be;
- TPMBackend *drv;
- Error *local_err = NULL;
- int i;
-
- if (!QLIST_EMPTY(&tpm_backends)) {
- error_report("Only one TPM is allowed.");
- return 1;
- }
-
- id = qemu_opts_id(opts);
- if (id == NULL) {
- error_report(QERR_MISSING_PARAMETER, "id");
- return 1;
- }
-
- value = qemu_opt_get(opts, "type");
- if (!value) {
- error_report(QERR_MISSING_PARAMETER, "type");
- tpm_display_backend_drivers();
- return 1;
- }
-
- i = qapi_enum_parse(&TpmType_lookup, value, -1, NULL);
- be = i >= 0 ? tpm_be_find_by_type(i) : NULL;
- if (be == NULL) {
- error_report(QERR_INVALID_PARAMETER_VALUE,
- "type", "a TPM backend type");
- tpm_display_backend_drivers();
- return 1;
- }
-
- /* validate backend specific opts */
- if (!qemu_opts_validate(opts, be->opts, &local_err)) {
- error_report_err(local_err);
- return 1;
- }
-
- drv = be->create(opts);
- if (!drv) {
- return 1;
- }
-
- drv->id = g_strdup(id);
- QLIST_INSERT_HEAD(&tpm_backends, drv, list);
-
- return 0;
-}
-
-/*
- * Walk the list of TPM backend drivers that are in use and call their
- * destroy function to have them cleaned up.
- */
-void tpm_cleanup(void)
-{
- TPMBackend *drv, *next;
-
- QLIST_FOREACH_SAFE(drv, &tpm_backends, list, next) {
- QLIST_REMOVE(drv, list);
- object_unref(OBJECT(drv));
- }
-}
-
-/*
- * Initialize the TPM. Process the tpmdev command line options describing the
- * TPM backend.
- */
-int tpm_init(void)
-{
- if (qemu_opts_foreach(qemu_find_opts("tpmdev"),
- tpm_init_tpmdev, NULL, NULL)) {
- return -1;
- }
-
- return 0;
-}
-
-/*
- * Parse the TPM configuration options.
- * To display all available TPM backends the user may use '-tpmdev help'
- */
-int tpm_config_parse(QemuOptsList *opts_list, const char *optarg)
-{
- QemuOpts *opts;
-
- if (!strcmp(optarg, "help")) {
- tpm_display_backend_drivers();
- return -1;
- }
- opts = qemu_opts_parse_noisily(opts_list, optarg, true);
- if (!opts) {
- return -1;
- }
- return 0;
-}
-
-/*
- * Walk the list of active TPM backends and collect information about them.
- */
-TPMInfoList *qmp_query_tpm(Error **errp)
-{
- TPMBackend *drv;
- TPMInfoList *info, *head = NULL, *cur_item = NULL;
-
- QLIST_FOREACH(drv, &tpm_backends, list) {
- if (!drv->tpmif) {
- continue;
- }
-
- info = g_new0(TPMInfoList, 1);
- info->value = tpm_backend_query_tpm(drv);
-
- if (!cur_item) {
- head = cur_item = info;
- } else {
- cur_item->next = info;
- cur_item = info;
- }
- }
-
- return head;
-}
-
-TpmTypeList *qmp_query_tpm_types(Error **errp)
-{
- unsigned int i = 0;
- TpmTypeList *head = NULL, *prev = NULL, *cur_item;
-
- for (i = 0; i < TPM_TYPE__MAX; i++) {
- if (!tpm_be_find_by_type(i)) {
- continue;
- }
- cur_item = g_new0(TpmTypeList, 1);
- cur_item->value = i;
-
- if (prev) {
- prev->next = cur_item;
- }
- if (!head) {
- head = cur_item;
- }
- prev = cur_item;
- }
-
- return head;
-}
-TpmModelList *qmp_query_tpm_models(Error **errp)
-{
- TpmModelList *head = NULL, *prev = NULL, *cur_item;
- GSList *e, *l = object_class_get_list(TYPE_TPM_IF, false);
-
- for (e = l; e; e = e->next) {
- TPMIfClass *c = TPM_IF_CLASS(e->data);
-
- cur_item = g_new0(TpmModelList, 1);
- cur_item->value = c->model;
-
- if (prev) {
- prev->next = cur_item;
- }
- if (!head) {
- head = cur_item;
- }
- prev = cur_item;
- }
- g_slist_free(l);
-
- return head;
-}
projects / mirror_qemu.git / commitdiff