aboutsummaryrefslogtreecommitdiff
path: root/softmmu/physmem.c
AgeCommit message (Collapse)AuthorFilesLines
2021-10-28softmmu: fix for "after access" watchpointsPavel Dovgalyuk1-1/+1
Watchpoints that should fire after the memory access break an execution of the current block, try to translate current instruction into the separate block, which then causes debug interrupt. But cpu_interrupt can't be called in such block when icount is enabled, because interrupts muse be allowed explicitly. This patch sets CF_LAST_IO flag for retranslated block, allowing interrupt request for the last instruction. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <163542169727.2127597.8141772572696627329.stgit@pasha-ThinkPad-X280> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-28softmmu: remove useless condition in watchpoint checkPavel Dovgalyuk1-21/+20
cpu_check_watchpoint function checks cpu->watchpoint_hit at the entry. But then it also does the same in the middle of the function, while this field can't change. That is why this patch removes this useless condition. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <163542169094.2127597.8801843697434113110.stgit@pasha-ThinkPad-X280> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-28softmmu: fix watchpoint processing in icount modePavel Dovgalyuk1-4/+2
Watchpoint processing code restores vCPU state twice: in tb_check_watchpoint and in cpu_loop_exit_restore/cpu_restore_state. Normally it does not affect anything, but in icount mode instruction counter is incremented twice and becomes incorrect. This patch eliminates unneeded CPU state restore. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru> Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <163542168516.2127597.8781375223437124644.stgit@pasha-ThinkPad-X280> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-23softmmu/physmem.c: Fix typo in commentGreg Kurz1-1/+1
Fix the comment to match what the code is doing, as explained in the changelog of commit 86cf9e154632cb28d749db0ea47946fba8cf3f09 that introduced the change: Commit 9458a9a1df1a4c719e24512394d548c1fc7abd22 added synchronization of vCPU and migration operations through calling run_on_cpu operation. However, in replay mode this synchronization is unneeded, because I/O and vCPU threads are already synchronized. This patch disables such synchronization for record/replay mode. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: David Hildenbrand <david@redhat.com> Message-Id: <163429018454.1146856.3429437540871060739.stgit@bahia.huguette> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-09-30memory: Name all the memory listenersPeter Xu1-0/+1
Provide a name field for all the memory listeners. It can be used to identify which memory listener is which. Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Message-Id: <20210817013553.30584-2-peterx@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-09-30memory: Add RAM_PROTECTED flag to skip IOMMU mappingsSean Christopherson1-1/+2
Add a new RAMBlock flag to denote "protected" memory, i.e. memory that looks and acts like RAM but is inaccessible via normal mechanisms, including DMA. Use the flag to skip protected memory regions when mapping RAM for DMA in VFIO. Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> Signed-off-by: Yang Zhong <yang.zhong@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-08-26softmmu/physmem.c: Check return value from realpath()Peter Maydell1-0/+3
The realpath() function can return NULL on error, so we need to check for it to avoid crashing when we try to strstr() into it. This can happen if we run out of memory, or if /sys/ is not mounted, among other situations. Fixes: Coverity 1459913, 1460474 Fixes: ce317be98db0 ("exec: fetch the alignment of Linux devdax pmem character device nodes") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Jingqi Liu <jingqi.liu@intel.com> Message-id: 20210812151525.31456-1-peter.maydell@linaro.org
2021-08-26softmmu/physmem.c: Remove unneeded NULL check in qemu_ram_alloc_from_fd()Peter Maydell1-1/+1
In the alignment check added to qemu_ram_alloc_from_fd() in commit ce317be98db0dfdfa, the condition includes a check that 'mr' is not NULL. This check is unnecessary because we can assume that the caller always passes us a valid MemoryRegion, and indeed later in the function we assume mr is not NULL when we pass it to file_ram_alloc() as new_block->mr. Remove it. Fixes: Coverity 1459867 Fixes: ce317be98d ("exec: fetch the alignment of Linux devdax pmem character device nodes") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Jingqi Liu <jingqi.liu@intel.com> Message-id: 20210812150624.29139-1-peter.maydell@linaro.org
2021-08-17softmmu/physmem: fix wrong assertion in qemu_ram_alloc_internal()David Hildenbrand1-1/+0
When adding RAM_NORESERVE, we forgot to remove the old assertion when adding the updated one, most probably when reworking the patches or rebasing. We can easily crash QEMU by adding -object memory-backend-ram,id=mem0,size=500G,reserve=off to the QEMU cmdline: qemu-system-x86_64: ../softmmu/physmem.c:2146: qemu_ram_alloc_internal: Assertion `(ram_flags & ~(RAM_SHARED | RAM_RESIZEABLE | RAM_PREALLOC)) == 0' failed. Fix it by removing the old assertion. Fixes: 8dbe22c6868b ("memory: Introduce RAM_NORESERVE and wire it up in qemu_ram_mmap()") Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Pankaj Gupta <pankaj.gupta@ionos.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-id: 20210805092350.31195-1-david@redhat.com Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Peter Xu <peterx@redhat.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-08softmmu/physmem: Extend ram_block_discard_(require|disable) by two discard typesDavid Hildenbrand1-6/+48
We want to separate the two cases whereby we discard ram - uncoordinated: e.g., virito-balloon - coordinated: e.g., virtio-mem coordinated via the RamDiscardManager Reviewed-by: Pankaj Gupta <pankaj.gupta@cloud.ionos.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Alex Williamson <alex.williamson@redhat.com> Cc: Dr. David Alan Gilbert <dgilbert@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Cc: Pankaj Gupta <pankaj.gupta.linux@gmail.com> Cc: Peter Xu <peterx@redhat.com> Cc: Auger Eric <eric.auger@redhat.com> Cc: Wei Yang <richard.weiyang@linux.alibaba.com> Cc: teawater <teawaterz@linux.alibaba.com> Cc: Marek Kedzierski <mkedzier@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20210413095531.25603-12-david@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2021-07-08softmmu/physmem: Don't use atomic operations in ↵David Hildenbrand1-31/+39
ram_block_discard_(disable|require) We have users in migration context that don't hold the BQL (when finishing migration). To prepare for further changes, use a dedicated mutex instead of atomic operations. Keep using qatomic_read ("READ_ONCE") for the functions that only extract the current state (e.g., used by virtio-balloon), locking isn't necessary. While at it, split up the counter into two variables to make it easier to understand. Suggested-by: Peter Xu <peterx@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Pankaj Gupta <pankaj.gupta@cloud.ionos.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Alex Williamson <alex.williamson@redhat.com> Cc: Dr. David Alan Gilbert <dgilbert@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Cc: Pankaj Gupta <pankaj.gupta.linux@gmail.com> Cc: Peter Xu <peterx@redhat.com> Cc: Auger Eric <eric.auger@redhat.com> Cc: Wei Yang <richard.weiyang@linux.alibaba.com> Cc: teawater <teawaterz@linux.alibaba.com> Cc: Marek Kedzierski <mkedzier@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20210413095531.25603-11-david@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2021-06-15util/mmap-alloc: Support RAM_NORESERVE via MAP_NORESERVE under LinuxDavid Hildenbrand1-0/+1
Let's support RAM_NORESERVE via MAP_NORESERVE on Linux. The flag has no effect on most shared mappings - except for hugetlbfs and anonymous memory. Linux man page: "MAP_NORESERVE: Do not reserve swap space for this mapping. When swap space is reserved, one has the guarantee that it is possible to modify the mapping. When swap space is not reserved one might get SIGSEGV upon a write if no physical memory is available. See also the discussion of the file /proc/sys/vm/overcommit_memory in proc(5). In kernels before 2.6, this flag had effect only for private writable mappings." Note that the "guarantee" part is wrong with memory overcommit in Linux. Also, in Linux hugetlbfs is treated differently - we configure reservation of huge pages from the pool, not reservation of swap space (huge pages cannot be swapped). The rough behavior is [1]: a) !Hugetlbfs: 1) Without MAP_NORESERVE *or* with memory overcommit under Linux disabled ("/proc/sys/vm/overcommit_memory == 2"), the following accounting/reservation happens: For a file backed map SHARED or READ-only - 0 cost (the file is the map not swap) PRIVATE WRITABLE - size of mapping per instance For an anonymous or /dev/zero map SHARED - size of mapping PRIVATE READ-only - 0 cost (but of little use) PRIVATE WRITABLE - size of mapping per instance 2) With MAP_NORESERVE, no accounting/reservation happens. b) Hugetlbfs: 1) Without MAP_NORESERVE, huge pages are reserved. 2) With MAP_NORESERVE, no huge pages are reserved. Note: With "/proc/sys/vm/overcommit_memory == 0", we were already able to configure it for !hugetlbfs globally; this toggle now allows configuring it more fine-grained, not for the whole system. The target use case is virtio-mem, which dynamically exposes memory inside a large, sparse memory area to the VM. [1] https://www.kernel.org/doc/Documentation/vm/overcommit-accounting Reviewed-by: Peter Xu <peterx@redhat.com> Acked-by: Eduardo Habkost <ehabkost@redhat.com> for memory backend and machine core Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20210510114328.21835-10-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-06-15memory: Introduce RAM_NORESERVE and wire it up in qemu_ram_mmap()David Hildenbrand1-3/+12
Let's introduce RAM_NORESERVE, allowing mmap'ing with MAP_NORESERVE. The new flag has the following semantics: " RAM is mmap-ed with MAP_NORESERVE. When set, reserving swap space (or huge pages if applicable) is skipped: will bail out if not supported. When not set, the OS will do the reservation, if supported for the memory type. " Allow passing it into: - memory_region_init_ram_nomigrate() - memory_region_init_resizeable_ram() - memory_region_init_ram_from_file() ... and teach qemu_ram_mmap() and qemu_anon_ram_alloc() about the flag. Bail out if the flag is not supported, which is the case right now for both, POSIX and win32. We will add Linux support next and allow specifying RAM_NORESERVE via memory backends. The target use case is virtio-mem, which dynamically exposes memory inside a large, sparse memory area to the VM. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Acked-by: Eduardo Habkost <ehabkost@redhat.com> for memory backend and machine core Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20210510114328.21835-9-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-06-15util/mmap-alloc: Pass flags instead of separate bools to qemu_ram_mmap()David Hildenbrand1-3/+5
Let's pass flags instead of bools to prepare for passing other flags and update the documentation of qemu_ram_mmap(). Introduce new QEMU_MAP_ flags that abstract the mmap() PROT_ and MAP_ flag handling and simplify it. We expose only flags that are currently supported by qemu_ram_mmap(). Maybe, we'll see qemu_mmap() in the future as well that can implement these flags. Note: We don't use MAP_ flags as some flags (e.g., MAP_SYNC) are only defined for some systems and we want to always be able to identify these flags reliably inside qemu_ram_mmap() -- for example, to properly warn when some future flags are not available or effective on a system. Also, this way we can simplify PROT_ handling as well. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Acked-by: Eduardo Habkost <ehabkost@redhat.com> for memory backend and machine core Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20210510114328.21835-8-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-06-15softmmu/memory: Pass ram_flags to qemu_ram_alloc() and qemu_ram_alloc_internal()David Hildenbrand1-17/+12
Let's pass ram_flags to qemu_ram_alloc() and qemu_ram_alloc_internal(), preparing for passing additional flags. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Eduardo Habkost <ehabkost@redhat.com> for memory backend and machine core Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20210510114328.21835-7-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-06-15softmmu/physmem: Fix qemu_ram_remap() to handle shared anonymous memoryDavid Hildenbrand1-3/+3
RAM_SHARED now also properly indicates shared anonymous memory. Let's check that flag for anonymous memory as well, to restore the proper mapping. Fixes: 06329ccecfa0 ("mem: add share parameter to memory-backend-ram") Reviewed-by: Peter Xu <peterx@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20210406080126.24010-4-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-06-15softmmu/physmem: Fix ram_block_discard_range() to handle shared anonymous memoryDavid Hildenbrand1-1/+6
We can create shared anonymous memory via "-object memory-backend-ram,share=on,..." which is, for example, required by PVRDMA for mremap() to work. Shared anonymous memory is weird, though. Instead of MADV_DONTNEED, we have to use MADV_REMOVE: MADV_DONTNEED will only remove / zap all relevant page table entries of the current process, the backend storage will not get removed, resulting in no reduced memory consumption and a repopulation of previous content on next access. Shared anonymous memory is internally really just shmem, but without a fd exposed. As we cannot use fallocate() without the fd to discard the backing storage, MADV_REMOVE gets the same job done without a fd as documented in "man 2 madvise". Removing backing storage implicitly invalidates all page table entries with relevant mappings - an additional MADV_DONTNEED is not required. Fixes: 06329ccecfa0 ("mem: add share parameter to memory-backend-ram") Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20210406080126.24010-3-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-06-15softmmu/physmem: Mark shared anonymous memory RAM_SHAREDDavid Hildenbrand1-3/+7
Let's drop the "shared" parameter from ram_block_add() and properly store it in the flags of the ram block instead, such that qemu_ram_is_shared() properly succeeds on all ram blocks that were mapped MAP_SHARED. We'll use this information next to fix some cases with shared anonymous memory. Reviewed-by: Igor Kotrasinski <i.kotrasinsk@partner.samsung.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Xu <peterx@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20210406080126.24010-2-david@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-05-26replay: fix watchpoint processing for reverse debuggingPavel Dovgalyuk1-0/+10
This patch enables reverse debugging with watchpoints. Reverse continue scans the execution to find the breakpoints and watchpoints that should fire. It uses helper function replay_breakpoint() for that. But this function needs to access icount, which can't be correct in the middle of TB. Therefore, in case of watchpoint, we have to retranslate the block to allow this access. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru> Message-Id: <162072430303.827403.7379783546934958566.stgit@pasha-ThinkPad-X280> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-05-13exec: Relax range check in ram_block_discard_range()David Hildenbrand1-2/+2
We want to make use of ram_block_discard_range() in the RAM block resize callback when growing a RAM block, *before* used_length is changed. Let's relax the check. As RAM blocks always mmap the whole max_length area, we cannot corrupt unrelated data. Reviewed-by: Peter Xu <peterx@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20210429112708.12291-6-david@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-05-13migration/ram: Handle RAM block resizes during precopyDavid Hildenbrand1-2/+3
Resizing while migrating is dangerous and does not work as expected. The whole migration code works on the usable_length of ram blocks and does not expect this to change at random points in time. In the case of precopy, the ram block size must not change on the source, after syncing the RAM block list in ram_save_setup(), so as long as the guest is still running on the source. Resizing can be trigger *after* (but not during) a reset in ACPI code by the guest - hw/arm/virt-acpi-build.c:acpi_ram_update() - hw/i386/acpi-build.c:acpi_ram_update() Use the ram block notifier to get notified about resizes. Let's simply cancel migration and indicate the reason. We'll continue running on the source. No harm done. Update the documentation. Postcopy will be handled separately. Reviewed-by: Peter Xu <peterx@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20210429112708.12291-5-david@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Manual merge
2021-05-13numa: Teach ram block notifiers about resizeable ram blocksDavid Hildenbrand1-2/+10
Ram block notifiers are currently not aware of resizes. To properly handle resizes during migration, we want to teach ram block notifiers about resizeable ram. Introduce the basic infrastructure but keep using max_size in the existing notifiers. Supply the max_size when adding and removing ram blocks. Also, notify on resizes. Acked-by: Paul Durrant <paul@xen.org> Reviewed-by: Peter Xu <peterx@redhat.com> Cc: xen-devel@lists.xenproject.org Cc: haxm-team@intel.com Cc: Paul Durrant <paul@xen.org> Cc: Stefano Stabellini <sstabellini@kernel.org> Cc: Anthony Perard <anthony.perard@citrix.com> Cc: Wenchao Wang <wenchao.wang@intel.com> Cc: Colin Xu <colin.xu@intel.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20210429112708.12291-3-david@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-05-13util: vfio-helpers: Factor out and fix processing of existing ram blocksDavid Hildenbrand1-0/+5
Factor it out into common code when a new notifier is registered, just as done with the memory region notifier. This keeps logic about how to process existing ram blocks at a central place. Just like when adding a new ram block, we have to register the max_length. Ram blocks are only "fake resized". All memory (max_length) is mapped. Print the warning from inside qemu_vfio_ram_block_added(). Reviewed-by: Peter Xu <peterx@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20210429112708.12291-2-david@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-05-02Do not include exec/address-spaces.h if it's not really necessaryThomas Huth1-1/+0
Stop including exec/address-spaces.h in files that don't need it. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210416171314.2074665-5-thuth@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-05-02Do not include cpu.h if it's not really necessaryThomas Huth1-1/+0
Stop including cpu.h in files that don't need it. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210416171314.2074665-4-thuth@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-05-02Do not include sysemu/sysemu.h if it's not really necessaryThomas Huth1-1/+0
Stop including sysemu/sysemu.h in files that don't need it. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210416171314.2074665-2-thuth@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-03-17Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into ↵Peter Maydell1-1/+1
staging * add --enable/--disable-libgio to configure (Denis) * small fixes (Pavel, myself) * fuzzing update (Alexander) # gpg: Signature made Tue 16 Mar 2021 18:30:38 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini-gitlab/tags/for-upstream: qemu-timer: allow freeing a NULL timer hw/i8254: fix vmstate load scsi: fix sense code for EREMOTEIO Revert "accel: kvm: Add aligment assert for kvm_log_clear_one_slot" configure: add option to explicitly enable/disable libgio fuzz: move some DMA hooks fuzz: configure a sparse-mem device, by default memory: add a sparse memory device for fuzzing fuzz: add a am53c974 generic-fuzzer config fuzz: add instructions for building reproducers fuzz: add a script to build reproducers fuzz: don't leave orphan llvm-symbolizers around fuzz: fix the pro100 generic-fuzzer config MAINTAINERS: Cover fuzzer reproducer tests within 'Device Fuzzing' tests/qtest: Only run fuzz-virtio-scsi when virtio-scsi is available tests/qtest: Only run fuzz-megasas-test if megasas device is available Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-16fuzz: move some DMA hooksAlexander Bulekov1-1/+1
For the sparse-mem device, we want the fuzzer to populate entire DMA reads from sparse-mem, rather than hooking into the individual MMIO memory_region_dispatch_read operations. Otherwise, the fuzzer will treat each sequential read separately (and populate it with a separate pattern). Work around this by rearranging some DMA hooks. Since the fuzzer has it's own logic to skip accidentally writing to MMIO regions, we can call the DMA cb, outside the flatview_translate loop. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-15exec: Get rid of phys_mem_set_alloc()David Hildenbrand1-33/+3
As the last user is gone, we can get rid of phys_mem_set_alloc() and simplify. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Halil Pasic <pasic@linux.ibm.com> Cc: Cornelia Huck <cohuck@redhat.com> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Cc: Thomas Huth <thuth@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Cc: Peter Xu <peterx@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20210303130916.22553-3-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-03-06accel/tcg: move CF_CLUSTER calculation to curr_cflagsAlex Bennée1-1/+1
There is nothing special about this compile flag that doesn't mean we can't just compute it with curr_cflags() which we should be using when building a new set. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210224165811.11567-3-alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-02-09memory: alloc RAM from file at offsetJagannathan Raman1-5/+7
Allow RAM MemoryRegion to be created from an offset in a file, instead of allocating at offset of 0 by default. This is needed to synchronize RAM between QEMU & remote process. Signed-off-by: Jagannathan Raman <jag.raman@oracle.com> Signed-off-by: John G Johnson <john.g.johnson@oracle.com> Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 609996697ad8617e3b01df38accc5c208c24d74e.1611938319.git.jag.raman@oracle.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-02-08fuzz: ignore address_space_map is_write flagAlexander Bulekov1-2/+2
We passed an is_write flag to the fuzz_dma_read_cb function to differentiate between the mapped DMA regions that need to be populated with fuzzed data, and those that don't. We simply passed through the address_space_map is_write parameter. The goal was to cut down on unnecessarily populating mapped DMA regions, when they are not read from. Unfortunately, nothing precludes code from reading from regions mapped with is_write=true. For example, see: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg04729.html This patch removes the is_write parameter to fuzz_dma_read_cb. As a result, we will fill all mapped DMA regions with fuzzed data, ignoring the specified transfer direction. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Message-Id: <20210120060255.558535-1-alxndr@bu.edu>
2021-02-05cpu: tcg_ops: move to tcg-cpu-ops.h, keep a pointer in CPUClassClaudio Fontana1-4/+9
we cannot in principle make the TCG Operations field definitions conditional on CONFIG_TCG in code that is included by both common_ss and specific_ss modules. Therefore, what we can do safely to restrict the TCG fields to TCG-only builds, is to move all tcg cpu operations into a separate header file, which is only included by TCG, target-specific code. This leaves just a NULL pointer in the cpu.h for the non-TCG builds. This also tidies up the code in all targets a bit, having all TCG cpu operations neatly contained by a dedicated data struct. Signed-off-by: Claudio Fontana <cfontana@suse.de> Message-Id: <20210204163931.7358-16-cfontana@suse.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-02-05cpu: move debug_check_watchpoint to tcg_opsClaudio Fontana1-2/+2
commit 568496c0c0f1 ("cpu: Add callback to check architectural") and commit 3826121d9298 ("target-arm: Implement checking of fired") introduced an ARM-specific hack for cpu_check_watchpoint. Make debug_check_watchpoint optional, and move it to tcg_ops. Signed-off-by: Claudio Fontana <cfontana@suse.de> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210204163931.7358-15-cfontana@suse.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-02-05cpu: move adjust_watchpoint_address to tcg_opsClaudio Fontana1-1/+4
commit 40612000599e ("arm: Correctly handle watchpoints for BE32 CPUs") introduced this ARM-specific, TCG-specific hack to adjust the address, before checking it with cpu_check_watchpoint. Make adjust_watchpoint_address optional and move it to tcg_ops. Signed-off-by: Claudio Fontana <cfontana@suse.de> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210204163931.7358-14-cfontana@suse.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-02-05physmem: make watchpoint checking code TCG-onlyClaudio Fontana1-69/+72
cpu_check_watchpoint, watchpoint_address_matches are TCG-only. Signed-off-by: Claudio Fontana <cfontana@suse.de> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210204163931.7358-13-cfontana@suse.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-02-01memory: add readonly support to memory_region_init_ram_from_file()Stefan Hajnoczi1-7/+11
There is currently no way to open(O_RDONLY) and mmap(PROT_READ) when creating a memory region from a file. This functionality is needed since the underlying host file may not allow writing. Add a bool readonly argument to memory_region_init_ram_from_file() and the APIs it calls. Extend memory_region_init_ram_from_file() rather than introducing a memory_region_init_rom_from_file() API so that callers can easily make a choice between read/write and read-only at runtime without calling different APIs. No new RAMBlock flag is introduced for read-only because it's unclear whether RAMBlocks need to know that they are read-only. Pass a bool readonly argument instead. Both of these design decisions can be changed in the future. It just seemed like the simplest approach to me. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Liam Merwick <liam.merwick@oracle.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <20210104171320.575838-2-stefanha@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2021-01-23softmmu/physmem: Silence GCC 10 maybe-uninitialized errorPhilippe Mathieu-Daudé1-1/+1
When building with GCC 10.2 configured with --extra-cflags=-Os, we get: softmmu/physmem.c: In function 'address_space_translate_for_iotlb': softmmu/physmem.c:643:26: error: 'notifier' may be used uninitialized in this function [-Werror=maybe-uninitialized] 643 | notifier->active = true; | ^ softmmu/physmem.c:608:23: note: 'notifier' was declared here 608 | TCGIOMMUNotifier *notifier; | ^~~~~~~~ Initialize 'notifier' to silence the warning. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210117170411.4106949-1-f4bug@amsat.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-01-07util: Enhance flush_icache_range with separate data pointerRichard Henderson1-1/+1
We are shortly going to have a split rw/rx jit buffer. Depending on the host, we need to flush the dcache at the rw data pointer and flush the icache at the rx code pointer. For now, the two passed pointers are identical, so there is no effective change in behaviour. Reviewed-by: Joelle van Dyne <j@getutm.app> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-01-02util: Extract flush_icache_range to cacheflush.cRichard Henderson1-0/+1
This has been a tcg-specific function, but is also in use by hardware accelerators via physmem.c. This can cause link errors when tcg is disabled. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Joelle van Dyne <j@getutm.app> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20201214140314.18544-3-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-01-02remove TCG includes from common codePaolo Bonzini1-2/+1
Enable removing tcg/$tcg_arch from the include path when TCG is disabled. Move translate-all.h to include/exec, since stubs exist for the functions defined therein. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-12-15memory: clamp cached translation in case it points to an MMIO regionPaolo Bonzini1-0/+10
In using the address_space_translate_internal API, address_space_cache_init forgot one piece of advice that can be found in the code for address_space_translate_internal: /* MMIO registers can be expected to perform full-width accesses based only * on their address, without considering adjacent registers that could * decode to completely different MemoryRegions. When such registers * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO * regions overlap wildly. For this reason we cannot clamp the accesses * here. * * If the length is small (as is the case for address_space_ldl/stl), * everything works fine. If the incoming length is large, however, * the caller really has to do the clamping through memory_access_size. */ address_space_cache_init is exactly one such case where "the incoming length is large", therefore we need to clamp the resulting length---not to memory_access_size though, since we are not doing an access yet, but to the size of the resulting section. This ensures that subsequent accesses to the cached MemoryRegionSection will be in range. With this patch, the enclosed testcase notices that the used ring does not fit into the MSI-X table and prints a "qemu-system-x86_64: Cannot map used" error. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-15nomaintainer: Fix Lesser GPL version numberChetan Pant1-1/+1
There is no "version 2" of the "Lesser" General Public License. It is either "GPL version 2.0" or "Lesser GPL version 2.1". This patch replaces all occurrences of "Lesser GPL version 2" with "Lesser GPL version 2.1" in comment section. This patch contains all the files, whose maintainer I could not get from ‘get_maintainer.pl’ script. Signed-off-by: Chetan Pant <chetan4windows@gmail.com> Message-Id: <20201023124424.20177-1-chetan4windows@gmail.com> Reviewed-by: Thomas Huth <thuth@redhat.com> [thuth: Adapted exec.c and qdev-monitor.c to new location] Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-11-10physmem: improve ram size error messagesPankaj Gupta1-3/+3
Ram size mismatch condition logs below message. "Length mismatch: pc.ram: 0x80000000 in != 0x180000000: Invalid argument" This patch improves the readability of error messages. Removed the superflous "in" and changed "Length" to "Size". Signed-off-by: Pankaj Gupta <pankaj.gupta.linux@gmail.com> Reported-by: Li Zhang <li.zhang@cloud.ionos.com> Message-Id: <20201022111302.8105-1-pankaj.gupta.linux@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-03exec: Remove dead code (CID 1432876)Philippe Mathieu-Daudé1-9/+1
We removed the global_locking field in commit 4174495408a, leaving dead code around the 'unlocked' variable. Remove it to fix the DEADCODE issue reported by Coverity (CID 1432876). Fixes: 4174495408a ("exec: Remove MemoryRegion::global_locking field") Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20201030153752.1557776-1-philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-10-26fuzz: Add fuzzer callbacks to DMA-read functionsAlexander Bulekov1-0/+2
We should be careful to not call any functions besides fuzz_dma_read_cb. Without --enable-fuzzing, fuzz_dma_read_cb is an empty inlined function. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Message-Id: <20201023150746.107063-7-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-10-12exec: split out non-softmmu-specific partsPaolo Bonzini1-0/+3711
Over the years, most parts of exec.c that were not specific to softmmu have been moved to accel/tcg; what's left is mostly the low-level part of the memory API, which includes RAMBlock and AddressSpaceDispatch. However exec.c also hosts 4-500 lines of code for the target specific parts of the CPU QOM object, plus a few functions for user-mode emulation that do not have a better place (they are not TCG-specific so accel/tcg/user-exec.c is not a good place either). Move these parts to a new file, so that exec.c can be moved to softmmu/physmem.c. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>