From c9b7d9ec21dfca716f0bb3b68dee75660d86629c Mon Sep 17 00:00:00 2001 From: Denis Plotnikov Date: Fri, 14 Feb 2020 10:46:48 +0300 Subject: virtio: increase virtqueue size for virtio-scsi and virtio-blk The goal is to reduce the amount of requests issued by a guest on 1M reads/writes. This rises the performance up to 4% on that kind of disk access pattern. The maximum chunk size to be used for the guest disk accessing is limited with seg_max parameter, which represents the max amount of pices in the scatter-geather list in one guest disk request. Since seg_max is virqueue_size dependent, increasing the virtqueue size increases seg_max, which, in turn, increases the maximum size of data to be read/write from a guest disk. More details in the original problem statment: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03721.html Suggested-by: Denis V. Lunev Signed-off-by: Denis Plotnikov Message-id: 20200214074648.958-1-dplotnikov@virtuozzo.com Signed-off-by: Stefan Hajnoczi --- hw/block/virtio-blk.c | 2 +- hw/core/machine.c | 2 ++ hw/scsi/virtio-scsi.c | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c index 09f46ed..142863a 100644 --- a/hw/block/virtio-blk.c +++ b/hw/block/virtio-blk.c @@ -1272,7 +1272,7 @@ static Property virtio_blk_properties[] = { DEFINE_PROP_BIT("request-merging", VirtIOBlock, conf.request_merging, 0, true), DEFINE_PROP_UINT16("num-queues", VirtIOBlock, conf.num_queues, 1), - DEFINE_PROP_UINT16("queue-size", VirtIOBlock, conf.queue_size, 128), + DEFINE_PROP_UINT16("queue-size", VirtIOBlock, conf.queue_size, 256), DEFINE_PROP_BOOL("seg-max-adjust", VirtIOBlock, conf.seg_max_adjust, true), DEFINE_PROP_LINK("iothread", VirtIOBlock, conf.iothread, TYPE_IOTHREAD, IOThread *), diff --git a/hw/core/machine.c b/hw/core/machine.c index 84812a1..ce403cc 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -28,6 +28,8 @@ #include "hw/mem/nvdimm.h" GlobalProperty hw_compat_4_2[] = { + { "virtio-blk-device", "queue-size", "128"}, + { "virtio-scsi-device", "virtqueue_size", "128"}, { "virtio-blk-device", "x-enable-wce-if-config-wce", "off" }, { "virtio-blk-device", "seg-max-adjust", "off"}, { "virtio-scsi-device", "seg_max_adjust", "off"}, diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c index 3b61563..472bbd2 100644 --- a/hw/scsi/virtio-scsi.c +++ b/hw/scsi/virtio-scsi.c @@ -965,7 +965,7 @@ static void virtio_scsi_device_unrealize(DeviceState *dev, Error **errp) static Property virtio_scsi_properties[] = { DEFINE_PROP_UINT32("num_queues", VirtIOSCSI, parent_obj.conf.num_queues, 1), DEFINE_PROP_UINT32("virtqueue_size", VirtIOSCSI, - parent_obj.conf.virtqueue_size, 128), + parent_obj.conf.virtqueue_size, 256), DEFINE_PROP_BOOL("seg_max_adjust", VirtIOSCSI, parent_obj.conf.seg_max_adjust, true), DEFINE_PROP_UINT32("max_sectors", VirtIOSCSI, parent_obj.conf.max_sectors, -- cgit v1.1 From f25c0b547916962d0b1be260b5b643287bea0851 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Tue, 18 Feb 2020 18:27:08 +0000 Subject: aio-posix: avoid reacquiring rcu_read_lock() when polling The first rcu_read_lock/unlock() is expensive. Nested calls are cheap. This optimization increases IOPS from 73k to 162k with a Linux guest that has 2 virtio-blk,num-queues=1 and 99 virtio-blk,num-queues=32 devices. Signed-off-by: Stefan Hajnoczi Reviewed-by: Paolo Bonzini Message-id: 20200218182708.914552-1-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi --- util/aio-posix.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/util/aio-posix.c b/util/aio-posix.c index a4977f5..f67f5b3 100644 --- a/util/aio-posix.c +++ b/util/aio-posix.c @@ -15,6 +15,7 @@ #include "qemu/osdep.h" #include "block/block.h" +#include "qemu/rcu.h" #include "qemu/rcu_queue.h" #include "qemu/sockets.h" #include "qemu/cutils.h" @@ -514,6 +515,16 @@ static bool run_poll_handlers_once(AioContext *ctx, int64_t *timeout) bool progress = false; AioHandler *node; + /* + * Optimization: ->io_poll() handlers often contain RCU read critical + * sections and we therefore see many rcu_read_lock() -> rcu_read_unlock() + * -> rcu_read_lock() -> ... sequences with expensive memory + * synchronization primitives. Make the entire polling loop an RCU + * critical section because nested rcu_read_lock()/rcu_read_unlock() calls + * are cheap. + */ + RCU_READ_LOCK_GUARD(); + QLIST_FOREACH_RCU(node, &ctx->aio_handlers, node) { if (!node->deleted && node->io_poll && aio_node_check(ctx, node->is_external) && -- cgit v1.1 From 8c3570e33954d26675ec6fd224ede02763dfbd1d Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Thu, 20 Feb 2020 11:38:28 +0100 Subject: rcu_queue: add QSLIST functions QSLIST is the only family of lists for which we do not have RCU-friendly accessors, add them. Signed-off-by: Paolo Bonzini Reviewed-by: Stefan Hajnoczi Message-id: 20200220103828.24525-1-pbonzini@redhat.com Signed-off-by: Stefan Hajnoczi --- include/qemu/queue.h | 15 +++++++++++++-- include/qemu/rcu_queue.h | 47 +++++++++++++++++++++++++++++++++++++++++++++++ tests/Makefile.include | 2 ++ tests/test-rcu-list.c | 16 ++++++++++++++++ tests/test-rcu-slist.c | 2 ++ 5 files changed, 80 insertions(+), 2 deletions(-) create mode 100644 tests/test-rcu-slist.c diff --git a/include/qemu/queue.h b/include/qemu/queue.h index 19425f9..fcecb70 100644 --- a/include/qemu/queue.h +++ b/include/qemu/queue.h @@ -211,9 +211,20 @@ struct { \ (head)->slh_first = (head)->slh_first->field.sle_next; \ } while (/*CONSTCOND*/0) -#define QSLIST_REMOVE_AFTER(slistelm, field) do { \ +#define QSLIST_REMOVE_AFTER(slistelm, field) do { \ (slistelm)->field.sle_next = \ - QSLIST_NEXT(QSLIST_NEXT((slistelm), field), field); \ + QSLIST_NEXT(QSLIST_NEXT((slistelm), field), field); \ +} while (/*CONSTCOND*/0) + +#define QSLIST_REMOVE(head, elm, type, field) do { \ + if ((head)->slh_first == (elm)) { \ + QSLIST_REMOVE_HEAD((head), field); \ + } else { \ + struct type *curelm = (head)->slh_first; \ + while (curelm->field.sle_next != (elm)) \ + curelm = curelm->field.sle_next; \ + curelm->field.sle_next = curelm->field.sle_next->field.sle_next; \ + } \ } while (/*CONSTCOND*/0) #define QSLIST_FOREACH(var, head, field) \ diff --git a/include/qemu/rcu_queue.h b/include/qemu/rcu_queue.h index 2d386f3..558961c 100644 --- a/include/qemu/rcu_queue.h +++ b/include/qemu/rcu_queue.h @@ -262,6 +262,53 @@ extern "C" { (var) && ((next) = atomic_rcu_read(&(var)->field.tqe_next), 1); \ (var) = (next)) +/* + * RCU singly-linked list + */ + +/* Singly-linked list access methods */ +#define QSLIST_EMPTY_RCU(head) (atomic_read(&(head)->slh_first) == NULL) +#define QSLIST_FIRST_RCU(head) atomic_rcu_read(&(head)->slh_first) +#define QSLIST_NEXT_RCU(elm, field) atomic_rcu_read(&(elm)->field.sle_next) + +/* Singly-linked list functions */ +#define QSLIST_INSERT_HEAD_RCU(head, elm, field) do { \ + (elm)->field.sle_next = (head)->slh_first; \ + atomic_rcu_set(&(head)->slh_first, (elm)); \ +} while (/*CONSTCOND*/0) + +#define QSLIST_INSERT_AFTER_RCU(head, listelm, elm, field) do { \ + (elm)->field.sle_next = (listelm)->field.sle_next; \ + atomic_rcu_set(&(listelm)->field.sle_next, (elm)); \ +} while (/*CONSTCOND*/0) + +#define QSLIST_REMOVE_HEAD_RCU(head, field) do { \ + atomic_set(&(head)->slh_first, (head)->slh_first->field.sle_next); \ +} while (/*CONSTCOND*/0) + +#define QSLIST_REMOVE_RCU(head, elm, type, field) do { \ + if ((head)->slh_first == (elm)) { \ + QSLIST_REMOVE_HEAD_RCU((head), field); \ + } else { \ + struct type *curr = (head)->slh_first; \ + while (curr->field.sle_next != (elm)) { \ + curr = curr->field.sle_next; \ + } \ + atomic_set(&curr->field.sle_next, \ + curr->field.sle_next->field.sle_next); \ + } \ +} while (/*CONSTCOND*/0) + +#define QSLIST_FOREACH_RCU(var, head, field) \ + for ((var) = atomic_rcu_read(&(head)->slh_first); \ + (var); \ + (var) = atomic_rcu_read(&(var)->field.sle_next)) + +#define QSLIST_FOREACH_SAFE_RCU(var, head, field, next) \ + for ((var) = atomic_rcu_read(&(head)->slh_first); \ + (var) && ((next) = atomic_rcu_read(&(var)->field.sle_next), 1); \ + (var) = (next)) + #ifdef __cplusplus } #endif diff --git a/tests/Makefile.include b/tests/Makefile.include index 2f1cafe..edcbd47 100644 --- a/tests/Makefile.include +++ b/tests/Makefile.include @@ -98,6 +98,7 @@ check-unit-y += tests/rcutorture$(EXESUF) check-unit-y += tests/test-rcu-list$(EXESUF) check-unit-y += tests/test-rcu-simpleq$(EXESUF) check-unit-y += tests/test-rcu-tailq$(EXESUF) +check-unit-y += tests/test-rcu-slist$(EXESUF) check-unit-y += tests/test-qdist$(EXESUF) check-unit-y += tests/test-qht$(EXESUF) check-unit-y += tests/test-qht-par$(EXESUF) @@ -415,6 +416,7 @@ tests/rcutorture$(EXESUF): tests/rcutorture.o $(test-util-obj-y) tests/test-rcu-list$(EXESUF): tests/test-rcu-list.o $(test-util-obj-y) tests/test-rcu-simpleq$(EXESUF): tests/test-rcu-simpleq.o $(test-util-obj-y) tests/test-rcu-tailq$(EXESUF): tests/test-rcu-tailq.o $(test-util-obj-y) +tests/test-rcu-slist$(EXESUF): tests/test-rcu-slist.o $(test-util-obj-y) tests/test-qdist$(EXESUF): tests/test-qdist.o $(test-util-obj-y) tests/test-qht$(EXESUF): tests/test-qht.o $(test-util-obj-y) tests/test-qht-par$(EXESUF): tests/test-qht-par.o tests/qht-bench$(EXESUF) $(test-util-obj-y) diff --git a/tests/test-rcu-list.c b/tests/test-rcu-list.c index 6f07647..1442c0c 100644 --- a/tests/test-rcu-list.c +++ b/tests/test-rcu-list.c @@ -93,6 +93,8 @@ struct list_element { QSIMPLEQ_ENTRY(list_element) entry; #elif TEST_LIST_TYPE == 3 QTAILQ_ENTRY(list_element) entry; +#elif TEST_LIST_TYPE == 4 + QSLIST_ENTRY(list_element) entry; #else #error Invalid TEST_LIST_TYPE #endif @@ -144,6 +146,20 @@ static QTAILQ_HEAD(, list_element) Q_list_head; #define TEST_LIST_INSERT_HEAD_RCU QTAILQ_INSERT_HEAD_RCU #define TEST_LIST_FOREACH_RCU QTAILQ_FOREACH_RCU #define TEST_LIST_FOREACH_SAFE_RCU QTAILQ_FOREACH_SAFE_RCU + +#elif TEST_LIST_TYPE == 4 +static QSLIST_HEAD(, list_element) Q_list_head; + +#define TEST_NAME "qslist" +#define TEST_LIST_REMOVE_RCU(el, f) \ + QSLIST_REMOVE_RCU(&Q_list_head, el, list_element, f) + +#define TEST_LIST_INSERT_AFTER_RCU(list_el, el, f) \ + QSLIST_INSERT_AFTER_RCU(&Q_list_head, list_el, el, f) + +#define TEST_LIST_INSERT_HEAD_RCU QSLIST_INSERT_HEAD_RCU +#define TEST_LIST_FOREACH_RCU QSLIST_FOREACH_RCU +#define TEST_LIST_FOREACH_SAFE_RCU QSLIST_FOREACH_SAFE_RCU #else #error Invalid TEST_LIST_TYPE #endif diff --git a/tests/test-rcu-slist.c b/tests/test-rcu-slist.c new file mode 100644 index 0000000..868e1e4 --- /dev/null +++ b/tests/test-rcu-slist.c @@ -0,0 +1,2 @@ +#define TEST_LIST_TYPE 4 +#include "test-rcu-list.c" -- cgit v1.1 From 8c6b0356b53977bcfdea5299db07884915425b0c Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Fri, 21 Feb 2020 09:39:51 +0000 Subject: util/async: make bh_aio_poll() O(1) The ctx->first_bh list contains all created BHs, including those that are not scheduled. The list is iterated by the event loop and therefore has O(n) time complexity with respected to the number of created BHs. Rewrite BHs so that only scheduled or deleted BHs are enqueued. Only BHs that actually require action will be iterated. One semantic change is required: qemu_bh_delete() enqueues the BH and therefore invokes aio_notify(). The tests/test-aio.c:test_source_bh_delete_from_cb() test case assumed that g_main_context_iteration(NULL, false) returns false after qemu_bh_delete() but it now returns true for one iteration. Fix up the test case. This patch makes aio_compute_timeout() and aio_bh_poll() drop from a CPU profile reported by perf-top(1). Previously they combined to 9% CPU utilization when AioContext polling is commented out and the guest has 2 virtio-blk,num-queues=1 and 99 virtio-blk,num-queues=32 devices. Signed-off-by: Stefan Hajnoczi Reviewed-by: Paolo Bonzini Message-id: 20200221093951.1414693-1-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi --- include/block/aio.h | 20 ++++- tests/test-aio.c | 3 +- util/async.c | 237 ++++++++++++++++++++++++++++++---------------------- 3 files changed, 158 insertions(+), 102 deletions(-) diff --git a/include/block/aio.h b/include/block/aio.h index 7ba9bd7..1a2ce9c 100644 --- a/include/block/aio.h +++ b/include/block/aio.h @@ -51,6 +51,19 @@ struct ThreadPool; struct LinuxAioState; struct LuringState; +/* + * Each aio_bh_poll() call carves off a slice of the BH list, so that newly + * scheduled BHs are not processed until the next aio_bh_poll() call. All + * active aio_bh_poll() calls chain their slices together in a list, so that + * nested aio_bh_poll() calls process all scheduled bottom halves. + */ +typedef QSLIST_HEAD(, QEMUBH) BHList; +typedef struct BHListSlice BHListSlice; +struct BHListSlice { + BHList bh_list; + QSIMPLEQ_ENTRY(BHListSlice) next; +}; + struct AioContext { GSource source; @@ -91,8 +104,11 @@ struct AioContext { */ QemuLockCnt list_lock; - /* Anchor of the list of Bottom Halves belonging to the context */ - struct QEMUBH *first_bh; + /* Bottom Halves pending aio_bh_poll() processing */ + BHList bh_list; + + /* Chained BH list slices for each nested aio_bh_poll() call */ + QSIMPLEQ_HEAD(, BHListSlice) bh_slice_list; /* Used by aio_notify. * diff --git a/tests/test-aio.c b/tests/test-aio.c index 86fb73b..8a46078 100644 --- a/tests/test-aio.c +++ b/tests/test-aio.c @@ -615,7 +615,8 @@ static void test_source_bh_delete_from_cb(void) g_assert_cmpint(data1.n, ==, data1.max); g_assert(data1.bh == NULL); - g_assert(!g_main_context_iteration(NULL, false)); + assert(g_main_context_iteration(NULL, false)); + assert(!g_main_context_iteration(NULL, false)); } static void test_source_bh_delete_from_cb_many(void) diff --git a/util/async.c b/util/async.c index c192a24..b94518b 100644 --- a/util/async.c +++ b/util/async.c @@ -29,6 +29,7 @@ #include "block/thread-pool.h" #include "qemu/main-loop.h" #include "qemu/atomic.h" +#include "qemu/rcu_queue.h" #include "block/raw-aio.h" #include "qemu/coroutine_int.h" #include "trace.h" @@ -36,16 +37,76 @@ /***********************************************************/ /* bottom halves (can be seen as timers which expire ASAP) */ +/* QEMUBH::flags values */ +enum { + /* Already enqueued and waiting for aio_bh_poll() */ + BH_PENDING = (1 << 0), + + /* Invoke the callback */ + BH_SCHEDULED = (1 << 1), + + /* Delete without invoking callback */ + BH_DELETED = (1 << 2), + + /* Delete after invoking callback */ + BH_ONESHOT = (1 << 3), + + /* Schedule periodically when the event loop is idle */ + BH_IDLE = (1 << 4), +}; + struct QEMUBH { AioContext *ctx; QEMUBHFunc *cb; void *opaque; - QEMUBH *next; - bool scheduled; - bool idle; - bool deleted; + QSLIST_ENTRY(QEMUBH) next; + unsigned flags; }; +/* Called concurrently from any thread */ +static void aio_bh_enqueue(QEMUBH *bh, unsigned new_flags) +{ + AioContext *ctx = bh->ctx; + unsigned old_flags; + + /* + * The memory barrier implicit in atomic_fetch_or makes sure that: + * 1. idle & any writes needed by the callback are done before the + * locations are read in the aio_bh_poll. + * 2. ctx is loaded before the callback has a chance to execute and bh + * could be freed. + */ + old_flags = atomic_fetch_or(&bh->flags, BH_PENDING | new_flags); + if (!(old_flags & BH_PENDING)) { + QSLIST_INSERT_HEAD_ATOMIC(&ctx->bh_list, bh, next); + } + + aio_notify(ctx); +} + +/* Only called from aio_bh_poll() and aio_ctx_finalize() */ +static QEMUBH *aio_bh_dequeue(BHList *head, unsigned *flags) +{ + QEMUBH *bh = QSLIST_FIRST_RCU(head); + + if (!bh) { + return NULL; + } + + QSLIST_REMOVE_HEAD(head, next); + + /* + * The atomic_and is paired with aio_bh_enqueue(). The implicit memory + * barrier ensures that the callback sees all writes done by the scheduling + * thread. It also ensures that the scheduling thread sees the cleared + * flag before bh->cb has run, and thus will call aio_notify again if + * necessary. + */ + *flags = atomic_fetch_and(&bh->flags, + ~(BH_PENDING | BH_SCHEDULED | BH_IDLE)); + return bh; +} + void aio_bh_schedule_oneshot(AioContext *ctx, QEMUBHFunc *cb, void *opaque) { QEMUBH *bh; @@ -55,15 +116,7 @@ void aio_bh_schedule_oneshot(AioContext *ctx, QEMUBHFunc *cb, void *opaque) .cb = cb, .opaque = opaque, }; - qemu_lockcnt_lock(&ctx->list_lock); - bh->next = ctx->first_bh; - bh->scheduled = 1; - bh->deleted = 1; - /* Make sure that the members are ready before putting bh into list */ - smp_wmb(); - ctx->first_bh = bh; - qemu_lockcnt_unlock(&ctx->list_lock); - aio_notify(ctx); + aio_bh_enqueue(bh, BH_SCHEDULED | BH_ONESHOT); } QEMUBH *aio_bh_new(AioContext *ctx, QEMUBHFunc *cb, void *opaque) @@ -75,12 +128,6 @@ QEMUBH *aio_bh_new(AioContext *ctx, QEMUBHFunc *cb, void *opaque) .cb = cb, .opaque = opaque, }; - qemu_lockcnt_lock(&ctx->list_lock); - bh->next = ctx->first_bh; - /* Make sure that the members are ready before putting bh into list */ - smp_wmb(); - ctx->first_bh = bh; - qemu_lockcnt_unlock(&ctx->list_lock); return bh; } @@ -89,91 +136,56 @@ void aio_bh_call(QEMUBH *bh) bh->cb(bh->opaque); } -/* Multiple occurrences of aio_bh_poll cannot be called concurrently. - * The count in ctx->list_lock is incremented before the call, and is - * not affected by the call. - */ +/* Multiple occurrences of aio_bh_poll cannot be called concurrently. */ int aio_bh_poll(AioContext *ctx) { - QEMUBH *bh, **bhp, *next; - int ret; - bool deleted = false; - - ret = 0; - for (bh = atomic_rcu_read(&ctx->first_bh); bh; bh = next) { - next = atomic_rcu_read(&bh->next); - /* The atomic_xchg is paired with the one in qemu_bh_schedule. The - * implicit memory barrier ensures that the callback sees all writes - * done by the scheduling thread. It also ensures that the scheduling - * thread sees the zero before bh->cb has run, and thus will call - * aio_notify again if necessary. - */ - if (atomic_xchg(&bh->scheduled, 0)) { + BHListSlice slice; + BHListSlice *s; + int ret = 0; + + QSLIST_MOVE_ATOMIC(&slice.bh_list, &ctx->bh_list); + QSIMPLEQ_INSERT_TAIL(&ctx->bh_slice_list, &slice, next); + + while ((s = QSIMPLEQ_FIRST(&ctx->bh_slice_list))) { + QEMUBH *bh; + unsigned flags; + + bh = aio_bh_dequeue(&s->bh_list, &flags); + if (!bh) { + QSIMPLEQ_REMOVE_HEAD(&ctx->bh_slice_list, next); + continue; + } + + if ((flags & (BH_SCHEDULED | BH_DELETED)) == BH_SCHEDULED) { /* Idle BHs don't count as progress */ - if (!bh->idle) { + if (!(flags & BH_IDLE)) { ret = 1; } - bh->idle = 0; aio_bh_call(bh); } - if (bh->deleted) { - deleted = true; + if (flags & (BH_DELETED | BH_ONESHOT)) { + g_free(bh); } } - /* remove deleted bhs */ - if (!deleted) { - return ret; - } - - if (qemu_lockcnt_dec_if_lock(&ctx->list_lock)) { - bhp = &ctx->first_bh; - while (*bhp) { - bh = *bhp; - if (bh->deleted && !bh->scheduled) { - *bhp = bh->next; - g_free(bh); - } else { - bhp = &bh->next; - } - } - qemu_lockcnt_inc_and_unlock(&ctx->list_lock); - } return ret; } void qemu_bh_schedule_idle(QEMUBH *bh) { - bh->idle = 1; - /* Make sure that idle & any writes needed by the callback are done - * before the locations are read in the aio_bh_poll. - */ - atomic_mb_set(&bh->scheduled, 1); + aio_bh_enqueue(bh, BH_SCHEDULED | BH_IDLE); } void qemu_bh_schedule(QEMUBH *bh) { - AioContext *ctx; - - ctx = bh->ctx; - bh->idle = 0; - /* The memory barrier implicit in atomic_xchg makes sure that: - * 1. idle & any writes needed by the callback are done before the - * locations are read in the aio_bh_poll. - * 2. ctx is loaded before scheduled is set and the callback has a chance - * to execute. - */ - if (atomic_xchg(&bh->scheduled, 1) == 0) { - aio_notify(ctx); - } + aio_bh_enqueue(bh, BH_SCHEDULED); } - /* This func is async. */ void qemu_bh_cancel(QEMUBH *bh) { - atomic_mb_set(&bh->scheduled, 0); + atomic_and(&bh->flags, ~BH_SCHEDULED); } /* This func is async.The bottom half will do the delete action at the finial @@ -181,21 +193,16 @@ void qemu_bh_cancel(QEMUBH *bh) */ void qemu_bh_delete(QEMUBH *bh) { - bh->scheduled = 0; - bh->deleted = 1; + aio_bh_enqueue(bh, BH_DELETED); } -int64_t -aio_compute_timeout(AioContext *ctx) +static int64_t aio_compute_bh_timeout(BHList *head, int timeout) { - int64_t deadline; - int timeout = -1; QEMUBH *bh; - for (bh = atomic_rcu_read(&ctx->first_bh); bh; - bh = atomic_rcu_read(&bh->next)) { - if (bh->scheduled) { - if (bh->idle) { + QSLIST_FOREACH_RCU(bh, head, next) { + if ((bh->flags & (BH_SCHEDULED | BH_DELETED)) == BH_SCHEDULED) { + if (bh->flags & BH_IDLE) { /* idle bottom halves will be polled at least * every 10ms */ timeout = 10000000; @@ -207,6 +214,28 @@ aio_compute_timeout(AioContext *ctx) } } + return timeout; +} + +int64_t +aio_compute_timeout(AioContext *ctx) +{ + BHListSlice *s; + int64_t deadline; + int timeout = -1; + + timeout = aio_compute_bh_timeout(&ctx->bh_list, timeout); + if (timeout == 0) { + return 0; + } + + QSIMPLEQ_FOREACH(s, &ctx->bh_slice_list, next) { + timeout = aio_compute_bh_timeout(&s->bh_list, timeout); + if (timeout == 0) { + return 0; + } + } + deadline = timerlistgroup_deadline_ns(&ctx->tlg); if (deadline == 0) { return 0; @@ -237,15 +266,24 @@ aio_ctx_check(GSource *source) { AioContext *ctx = (AioContext *) source; QEMUBH *bh; + BHListSlice *s; atomic_and(&ctx->notify_me, ~1); aio_notify_accept(ctx); - for (bh = ctx->first_bh; bh; bh = bh->next) { - if (bh->scheduled) { + QSLIST_FOREACH_RCU(bh, &ctx->bh_list, next) { + if ((bh->flags & (BH_SCHEDULED | BH_DELETED)) == BH_SCHEDULED) { return true; } } + + QSIMPLEQ_FOREACH(s, &ctx->bh_slice_list, next) { + QSLIST_FOREACH_RCU(bh, &s->bh_list, next) { + if ((bh->flags & (BH_SCHEDULED | BH_DELETED)) == BH_SCHEDULED) { + return true; + } + } + } return aio_pending(ctx) || (timerlistgroup_deadline_ns(&ctx->tlg) == 0); } @@ -265,6 +303,8 @@ static void aio_ctx_finalize(GSource *source) { AioContext *ctx = (AioContext *) source; + QEMUBH *bh; + unsigned flags; thread_pool_free(ctx->thread_pool); @@ -287,18 +327,15 @@ aio_ctx_finalize(GSource *source) assert(QSLIST_EMPTY(&ctx->scheduled_coroutines)); qemu_bh_delete(ctx->co_schedule_bh); - qemu_lockcnt_lock(&ctx->list_lock); - assert(!qemu_lockcnt_count(&ctx->list_lock)); - while (ctx->first_bh) { - QEMUBH *next = ctx->first_bh->next; + /* There must be no aio_bh_poll() calls going on */ + assert(QSIMPLEQ_EMPTY(&ctx->bh_slice_list)); + while ((bh = aio_bh_dequeue(&ctx->bh_list, &flags))) { /* qemu_bh_delete() must have been called on BHs in this AioContext */ - assert(ctx->first_bh->deleted); + assert(flags & BH_DELETED); - g_free(ctx->first_bh); - ctx->first_bh = next; + g_free(bh); } - qemu_lockcnt_unlock(&ctx->list_lock); aio_set_event_notifier(ctx, &ctx->notifier, false, NULL, NULL); event_notifier_cleanup(&ctx->notifier); @@ -445,6 +482,8 @@ AioContext *aio_context_new(Error **errp) AioContext *ctx; ctx = (AioContext *) g_source_new(&aio_source_funcs, sizeof(AioContext)); + QSLIST_INIT(&ctx->bh_list); + QSIMPLEQ_INIT(&ctx->bh_slice_list); aio_context_setup(ctx); ret = event_notifier_init(&ctx->notifier, false); -- cgit v1.1 From ff29ed3a331d0cd26bcd30f7cd6c0c96c7d44eed Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Fri, 14 Feb 2020 17:17:08 +0000 Subject: aio-posix: fix use after leaving scope in aio_poll() epoll_handler is a stack variable and must not be accessed after it goes out of scope: if (aio_epoll_check_poll(ctx, pollfds, npfd, timeout)) { AioHandler epoll_handler; ... add_pollfd(&epoll_handler); ret = aio_epoll(ctx, pollfds, npfd, timeout); } ... ... /* if we have any readable fds, dispatch event */ if (ret > 0) { for (i = 0; i < npfd; i++) { nodes[i]->pfd.revents = pollfds[i].revents; } } nodes[0] is &epoll_handler, which has already gone out of scope. There is no need to use pollfds[] for epoll. We don't need an AioHandler for the epoll fd. Signed-off-by: Stefan Hajnoczi Reviewed-by: Sergio Lopez Message-id: 20200214171712.541358-2-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi --- util/aio-posix.c | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/util/aio-posix.c b/util/aio-posix.c index f67f5b3..c964627 100644 --- a/util/aio-posix.c +++ b/util/aio-posix.c @@ -105,17 +105,18 @@ static void aio_epoll_update(AioContext *ctx, AioHandler *node, bool is_new) } } -static int aio_epoll(AioContext *ctx, GPollFD *pfds, - unsigned npfd, int64_t timeout) +static int aio_epoll(AioContext *ctx, int64_t timeout) { + GPollFD pfd = { + .fd = ctx->epollfd, + .events = G_IO_IN | G_IO_OUT | G_IO_HUP | G_IO_ERR, + }; AioHandler *node; int i, ret = 0; struct epoll_event events[128]; - assert(npfd == 1); - assert(pfds[0].fd == ctx->epollfd); if (timeout > 0) { - ret = qemu_poll_ns(pfds, npfd, timeout); + ret = qemu_poll_ns(&pfd, 1, timeout); } if (timeout <= 0 || ret > 0) { ret = epoll_wait(ctx->epollfd, events, @@ -669,13 +670,8 @@ bool aio_poll(AioContext *ctx, bool blocking) /* wait until next event */ if (aio_epoll_check_poll(ctx, pollfds, npfd, timeout)) { - AioHandler epoll_handler; - - epoll_handler.pfd.fd = ctx->epollfd; - epoll_handler.pfd.events = G_IO_IN | G_IO_OUT | G_IO_HUP | G_IO_ERR; - npfd = 0; - add_pollfd(&epoll_handler); - ret = aio_epoll(ctx, pollfds, npfd, timeout); + npfd = 0; /* pollfds[] is not being used */ + ret = aio_epoll(ctx, timeout); } else { ret = qemu_poll_ns(pollfds, npfd, timeout); } -- cgit v1.1 From ca8c6b22754b0f17818b1d1910d31f0aa1a49cc7 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Fri, 14 Feb 2020 17:17:09 +0000 Subject: aio-posix: don't pass ns timeout to epoll_wait() Don't pass the nanosecond timeout into epoll_wait(), which expects milliseconds. The epoll_wait() timeout value does not matter if qemu_poll_ns() determined that the poll fd is ready, but passing a value in the wrong units is still ugly. Pass a 0 timeout to epoll_wait() instead. Signed-off-by: Stefan Hajnoczi Reviewed-by: Sergio Lopez Message-id: 20200214171712.541358-3-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi --- util/aio-posix.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/util/aio-posix.c b/util/aio-posix.c index c964627..58765e5 100644 --- a/util/aio-posix.c +++ b/util/aio-posix.c @@ -117,6 +117,9 @@ static int aio_epoll(AioContext *ctx, int64_t timeout) if (timeout > 0) { ret = qemu_poll_ns(&pfd, 1, timeout); + if (ret > 0) { + timeout = 0; + } } if (timeout <= 0 || ret > 0) { ret = epoll_wait(ctx->epollfd, events, -- cgit v1.1 From 195ed8cb365edeb0d0a70a2ffdeb7a073f9a8117 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Fri, 14 Feb 2020 17:17:10 +0000 Subject: qemu/queue.h: add QLIST_SAFE_REMOVE() QLIST_REMOVE() assumes the element is in a list. It also leaves the element's linked list pointers dangling. Introduce a safe version of QLIST_REMOVE() and convert open-coded instances of this pattern. Signed-off-by: Stefan Hajnoczi Reviewed-by: Sergio Lopez Message-id: 20200214171712.541358-4-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi --- block.c | 5 +---- chardev/spice.c | 4 +--- include/qemu/queue.h | 14 ++++++++++++++ 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/block.c b/block.c index 308a91c..1bdb9c6 100644 --- a/block.c +++ b/block.c @@ -2636,10 +2636,7 @@ BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs, static void bdrv_detach_child(BdrvChild *child) { - if (child->next.le_prev) { - QLIST_REMOVE(child, next); - child->next.le_prev = NULL; - } + QLIST_SAFE_REMOVE(child, next); bdrv_replace_child(child, NULL); diff --git a/chardev/spice.c b/chardev/spice.c index 241e2b7..bf7ea1e 100644 --- a/chardev/spice.c +++ b/chardev/spice.c @@ -216,9 +216,7 @@ static void char_spice_finalize(Object *obj) vmc_unregister_interface(s); - if (s->next.le_prev) { - QLIST_REMOVE(s, next); - } + QLIST_SAFE_REMOVE(s, next); g_free((char *)s->sin.subtype); g_free((char *)s->sin.portname); diff --git a/include/qemu/queue.h b/include/qemu/queue.h index fcecb70..60e794a 100644 --- a/include/qemu/queue.h +++ b/include/qemu/queue.h @@ -144,6 +144,20 @@ struct { \ *(elm)->field.le_prev = (elm)->field.le_next; \ } while (/*CONSTCOND*/0) +/* + * Like QLIST_REMOVE() but safe to call when elm is not in a list + */ +#define QLIST_SAFE_REMOVE(elm, field) do { \ + if ((elm)->field.le_prev != NULL) { \ + if ((elm)->field.le_next != NULL) \ + (elm)->field.le_next->field.le_prev = \ + (elm)->field.le_prev; \ + *(elm)->field.le_prev = (elm)->field.le_next; \ + (elm)->field.le_next = NULL; \ + (elm)->field.le_prev = NULL; \ + } \ +} while (/*CONSTCOND*/0) + #define QLIST_FOREACH(var, head, field) \ for ((var) = ((head)->lh_first); \ (var); \ -- cgit v1.1 From 4749079ce033a94784cbe20a661abeac598ff057 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Fri, 14 Feb 2020 17:17:11 +0000 Subject: aio-posix: make AioHandler deletion O(1) It is not necessary to scan all AioHandlers for deletion. Keep a list of deleted handlers instead of scanning the full list of all handlers. The AioHandler->deleted field can be dropped. Let's check if the handler has been inserted into the deleted list instead. Add a new QLIST_IS_INSERTED() API for this check. Signed-off-by: Stefan Hajnoczi Reviewed-by: Sergio Lopez Message-id: 20200214171712.541358-5-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi --- include/block/aio.h | 6 +++++- include/qemu/queue.h | 3 +++ util/aio-posix.c | 53 ++++++++++++++++++++++++++++++++++------------------ 3 files changed, 43 insertions(+), 19 deletions(-) diff --git a/include/block/aio.h b/include/block/aio.h index 1a2ce9c..9dd61ce 100644 --- a/include/block/aio.h +++ b/include/block/aio.h @@ -42,6 +42,7 @@ void qemu_aio_unref(void *p); void qemu_aio_ref(void *p); typedef struct AioHandler AioHandler; +typedef QLIST_HEAD(, AioHandler) AioHandlerList; typedef void QEMUBHFunc(void *opaque); typedef bool AioPollFn(void *opaque); typedef void IOHandler(void *opaque); @@ -71,7 +72,10 @@ struct AioContext { QemuRecMutex lock; /* The list of registered AIO handlers. Protected by ctx->list_lock. */ - QLIST_HEAD(, AioHandler) aio_handlers; + AioHandlerList aio_handlers; + + /* The list of AIO handlers to be deleted. Protected by ctx->list_lock. */ + AioHandlerList deleted_aio_handlers; /* Used to avoid unnecessary event_notifier_set calls in aio_notify; * accessed with atomic primitives. If this field is 0, everything diff --git a/include/qemu/queue.h b/include/qemu/queue.h index 60e794a..294db54 100644 --- a/include/qemu/queue.h +++ b/include/qemu/queue.h @@ -158,6 +158,9 @@ struct { \ } \ } while (/*CONSTCOND*/0) +/* Is elm in a list? */ +#define QLIST_IS_INSERTED(elm, field) ((elm)->field.le_prev != NULL) + #define QLIST_FOREACH(var, head, field) \ for ((var) = ((head)->lh_first); \ (var); \ diff --git a/util/aio-posix.c b/util/aio-posix.c index 58765e5..b5cfdbd 100644 --- a/util/aio-posix.c +++ b/util/aio-posix.c @@ -32,10 +32,10 @@ struct AioHandler AioPollFn *io_poll; IOHandler *io_poll_begin; IOHandler *io_poll_end; - int deleted; void *opaque; bool is_external; QLIST_ENTRY(AioHandler) node; + QLIST_ENTRY(AioHandler) node_deleted; }; #ifdef CONFIG_EPOLL_CREATE1 @@ -68,7 +68,7 @@ static bool aio_epoll_try_enable(AioContext *ctx) QLIST_FOREACH_RCU(node, &ctx->aio_handlers, node) { int r; - if (node->deleted || !node->pfd.events) { + if (QLIST_IS_INSERTED(node, node_deleted) || !node->pfd.events) { continue; } event.events = epoll_events_from_pfd(node->pfd.events); @@ -196,9 +196,11 @@ static AioHandler *find_aio_handler(AioContext *ctx, int fd) AioHandler *node; QLIST_FOREACH(node, &ctx->aio_handlers, node) { - if (node->pfd.fd == fd) - if (!node->deleted) + if (node->pfd.fd == fd) { + if (!QLIST_IS_INSERTED(node, node_deleted)) { return node; + } + } } return NULL; @@ -217,7 +219,7 @@ static bool aio_remove_fd_handler(AioContext *ctx, AioHandler *node) /* If a read is in progress, just mark the node as deleted */ if (qemu_lockcnt_count(&ctx->list_lock)) { - node->deleted = 1; + QLIST_INSERT_HEAD_RCU(&ctx->deleted_aio_handlers, node, node_deleted); node->pfd.revents = 0; return false; } @@ -359,7 +361,7 @@ static void poll_set_started(AioContext *ctx, bool started) QLIST_FOREACH_RCU(node, &ctx->aio_handlers, node) { IOHandler *fn; - if (node->deleted) { + if (QLIST_IS_INSERTED(node, node_deleted)) { continue; } @@ -416,6 +418,26 @@ bool aio_pending(AioContext *ctx) return result; } +static void aio_free_deleted_handlers(AioContext *ctx) +{ + AioHandler *node; + + if (QLIST_EMPTY_RCU(&ctx->deleted_aio_handlers)) { + return; + } + if (!qemu_lockcnt_dec_if_lock(&ctx->list_lock)) { + return; /* we are nested, let the parent do the freeing */ + } + + while ((node = QLIST_FIRST_RCU(&ctx->deleted_aio_handlers))) { + QLIST_REMOVE(node, node); + QLIST_REMOVE(node, node_deleted); + g_free(node); + } + + qemu_lockcnt_inc_and_unlock(&ctx->list_lock); +} + static bool aio_dispatch_handlers(AioContext *ctx) { AioHandler *node, *tmp; @@ -427,7 +449,7 @@ static bool aio_dispatch_handlers(AioContext *ctx) revents = node->pfd.revents & node->pfd.events; node->pfd.revents = 0; - if (!node->deleted && + if (!QLIST_IS_INSERTED(node, node_deleted) && (revents & (G_IO_IN | G_IO_HUP | G_IO_ERR)) && aio_node_check(ctx, node->is_external) && node->io_read) { @@ -438,21 +460,13 @@ static bool aio_dispatch_handlers(AioContext *ctx) progress = true; } } - if (!node->deleted && + if (!QLIST_IS_INSERTED(node, node_deleted) && (revents & (G_IO_OUT | G_IO_ERR)) && aio_node_check(ctx, node->is_external) && node->io_write) { node->io_write(node->opaque); progress = true; } - - if (node->deleted) { - if (qemu_lockcnt_dec_if_lock(&ctx->list_lock)) { - QLIST_REMOVE(node, node); - g_free(node); - qemu_lockcnt_inc_and_unlock(&ctx->list_lock); - } - } } return progress; @@ -463,6 +477,7 @@ void aio_dispatch(AioContext *ctx) qemu_lockcnt_inc(&ctx->list_lock); aio_bh_poll(ctx); aio_dispatch_handlers(ctx); + aio_free_deleted_handlers(ctx); qemu_lockcnt_dec(&ctx->list_lock); timerlistgroup_run_timers(&ctx->tlg); @@ -530,7 +545,7 @@ static bool run_poll_handlers_once(AioContext *ctx, int64_t *timeout) RCU_READ_LOCK_GUARD(); QLIST_FOREACH_RCU(node, &ctx->aio_handlers, node) { - if (!node->deleted && node->io_poll && + if (!QLIST_IS_INSERTED(node, node_deleted) && node->io_poll && aio_node_check(ctx, node->is_external) && node->io_poll(node->opaque)) { /* @@ -664,7 +679,7 @@ bool aio_poll(AioContext *ctx, bool blocking) if (!aio_epoll_enabled(ctx)) { QLIST_FOREACH_RCU(node, &ctx->aio_handlers, node) { - if (!node->deleted && node->pfd.events + if (!QLIST_IS_INSERTED(node, node_deleted) && node->pfd.events && aio_node_check(ctx, node->is_external)) { add_pollfd(node); } @@ -741,6 +756,8 @@ bool aio_poll(AioContext *ctx, bool blocking) progress |= aio_dispatch_handlers(ctx); } + aio_free_deleted_handlers(ctx); + qemu_lockcnt_dec(&ctx->list_lock); progress |= timerlistgroup_run_timers(&ctx->tlg); -- cgit v1.1 From 7391d34c3cca09c0bb0140275839c6619b86ec0f Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Fri, 14 Feb 2020 17:17:12 +0000 Subject: aio-posix: make AioHandler dispatch O(1) with epoll File descriptor monitoring is O(1) with epoll(7), but aio_dispatch_handlers() still scans all AioHandlers instead of dispatching just those that are ready. This makes aio_poll() O(n) with respect to the total number of registered handlers. Add a local ready_list to aio_poll() so that each nested aio_poll() builds a list of handlers ready to be dispatched. Since file descriptor polling is level-triggered, nested aio_poll() calls also see fds that were ready in the parent but not yet dispatched. This guarantees that nested aio_poll() invocations will dispatch all fds, even those that became ready before the nested invocation. Since only handlers ready to be dispatched are placed onto the ready_list, the new aio_dispatch_ready_handlers() function provides O(1) dispatch. Note that AioContext polling is still O(n) and currently cannot be fully disabled. This still needs to be fixed before aio_poll() is fully O(1). Signed-off-by: Stefan Hajnoczi Reviewed-by: Sergio Lopez Message-id: 20200214171712.541358-6-stefanha@redhat.com [Fix compilation error on macOS where there is no epoll(87). The aio_epoll() prototype was out of date and aio_add_ready_list() needed to be moved outside the ifdef. --Stefan] Signed-off-by: Stefan Hajnoczi --- util/aio-posix.c | 110 +++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 78 insertions(+), 32 deletions(-) diff --git a/util/aio-posix.c b/util/aio-posix.c index b5cfdbd..9e1befc 100644 --- a/util/aio-posix.c +++ b/util/aio-posix.c @@ -35,9 +35,20 @@ struct AioHandler void *opaque; bool is_external; QLIST_ENTRY(AioHandler) node; + QLIST_ENTRY(AioHandler) node_ready; /* only used during aio_poll() */ QLIST_ENTRY(AioHandler) node_deleted; }; +/* Add a handler to a ready list */ +static void add_ready_handler(AioHandlerList *ready_list, + AioHandler *node, + int revents) +{ + QLIST_SAFE_REMOVE(node, node_ready); /* remove from nested parent's list */ + node->pfd.revents = revents; + QLIST_INSERT_HEAD(ready_list, node, node_ready); +} + #ifdef CONFIG_EPOLL_CREATE1 /* The fd number threshold to switch to epoll */ @@ -105,7 +116,8 @@ static void aio_epoll_update(AioContext *ctx, AioHandler *node, bool is_new) } } -static int aio_epoll(AioContext *ctx, int64_t timeout) +static int aio_epoll(AioContext *ctx, AioHandlerList *ready_list, + int64_t timeout) { GPollFD pfd = { .fd = ctx->epollfd, @@ -130,11 +142,13 @@ static int aio_epoll(AioContext *ctx, int64_t timeout) } for (i = 0; i < ret; i++) { int ev = events[i].events; + int revents = (ev & EPOLLIN ? G_IO_IN : 0) | + (ev & EPOLLOUT ? G_IO_OUT : 0) | + (ev & EPOLLHUP ? G_IO_HUP : 0) | + (ev & EPOLLERR ? G_IO_ERR : 0); + node = events[i].data.ptr; - node->pfd.revents = (ev & EPOLLIN ? G_IO_IN : 0) | - (ev & EPOLLOUT ? G_IO_OUT : 0) | - (ev & EPOLLHUP ? G_IO_HUP : 0) | - (ev & EPOLLERR ? G_IO_ERR : 0); + add_ready_handler(ready_list, node, revents); } } out: @@ -172,8 +186,8 @@ static void aio_epoll_update(AioContext *ctx, AioHandler *node, bool is_new) { } -static int aio_epoll(AioContext *ctx, GPollFD *pfds, - unsigned npfd, int64_t timeout) +static int aio_epoll(AioContext *ctx, AioHandlerList *ready_list, + int64_t timeout) { assert(false); } @@ -438,36 +452,63 @@ static void aio_free_deleted_handlers(AioContext *ctx) qemu_lockcnt_inc_and_unlock(&ctx->list_lock); } -static bool aio_dispatch_handlers(AioContext *ctx) +static bool aio_dispatch_handler(AioContext *ctx, AioHandler *node) { - AioHandler *node, *tmp; bool progress = false; + int revents; - QLIST_FOREACH_SAFE_RCU(node, &ctx->aio_handlers, node, tmp) { - int revents; + revents = node->pfd.revents & node->pfd.events; + node->pfd.revents = 0; - revents = node->pfd.revents & node->pfd.events; - node->pfd.revents = 0; + if (!QLIST_IS_INSERTED(node, node_deleted) && + (revents & (G_IO_IN | G_IO_HUP | G_IO_ERR)) && + aio_node_check(ctx, node->is_external) && + node->io_read) { + node->io_read(node->opaque); - if (!QLIST_IS_INSERTED(node, node_deleted) && - (revents & (G_IO_IN | G_IO_HUP | G_IO_ERR)) && - aio_node_check(ctx, node->is_external) && - node->io_read) { - node->io_read(node->opaque); - - /* aio_notify() does not count as progress */ - if (node->opaque != &ctx->notifier) { - progress = true; - } - } - if (!QLIST_IS_INSERTED(node, node_deleted) && - (revents & (G_IO_OUT | G_IO_ERR)) && - aio_node_check(ctx, node->is_external) && - node->io_write) { - node->io_write(node->opaque); + /* aio_notify() does not count as progress */ + if (node->opaque != &ctx->notifier) { progress = true; } } + if (!QLIST_IS_INSERTED(node, node_deleted) && + (revents & (G_IO_OUT | G_IO_ERR)) && + aio_node_check(ctx, node->is_external) && + node->io_write) { + node->io_write(node->opaque); + progress = true; + } + + return progress; +} + +/* + * If we have a list of ready handlers then this is more efficient than + * scanning all handlers with aio_dispatch_handlers(). + */ +static bool aio_dispatch_ready_handlers(AioContext *ctx, + AioHandlerList *ready_list) +{ + bool progress = false; + AioHandler *node; + + while ((node = QLIST_FIRST(ready_list))) { + QLIST_SAFE_REMOVE(node, node_ready); + progress = aio_dispatch_handler(ctx, node) || progress; + } + + return progress; +} + +/* Slower than aio_dispatch_ready_handlers() but only used via glib */ +static bool aio_dispatch_handlers(AioContext *ctx) +{ + AioHandler *node, *tmp; + bool progress = false; + + QLIST_FOREACH_SAFE_RCU(node, &ctx->aio_handlers, node, tmp) { + progress = aio_dispatch_handler(ctx, node) || progress; + } return progress; } @@ -639,6 +680,7 @@ static bool try_poll_mode(AioContext *ctx, int64_t *timeout) bool aio_poll(AioContext *ctx, bool blocking) { + AioHandlerList ready_list = QLIST_HEAD_INITIALIZER(ready_list); AioHandler *node; int i; int ret = 0; @@ -689,7 +731,7 @@ bool aio_poll(AioContext *ctx, bool blocking) /* wait until next event */ if (aio_epoll_check_poll(ctx, pollfds, npfd, timeout)) { npfd = 0; /* pollfds[] is not being used */ - ret = aio_epoll(ctx, timeout); + ret = aio_epoll(ctx, &ready_list, timeout); } else { ret = qemu_poll_ns(pollfds, npfd, timeout); } @@ -744,7 +786,11 @@ bool aio_poll(AioContext *ctx, bool blocking) /* if we have any readable fds, dispatch event */ if (ret > 0) { for (i = 0; i < npfd; i++) { - nodes[i]->pfd.revents = pollfds[i].revents; + int revents = pollfds[i].revents; + + if (revents) { + add_ready_handler(&ready_list, nodes[i], revents); + } } } @@ -753,7 +799,7 @@ bool aio_poll(AioContext *ctx, bool blocking) progress |= aio_bh_poll(ctx); if (ret > 0) { - progress |= aio_dispatch_handlers(ctx); + progress |= aio_dispatch_ready_handlers(ctx, &ready_list); } aio_free_deleted_handlers(ctx); -- cgit v1.1 From bac068e0648c1f5c37f6a0a9423b8aa55e8c09c2 Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:10:57 -0500 Subject: softmmu: move vl.c to softmmu/ Move vl.c to a separate directory, similar to linux-user/ Update the chechpatch and get_maintainer scripts, since they relied on /vl.c for top_of_tree checks. Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny Message-id: 20200220041118.23264-2-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- MAINTAINERS | 2 +- Makefile.objs | 2 - Makefile.target | 1 + scripts/checkpatch.pl | 2 +- scripts/get_maintainer.pl | 3 +- softmmu/Makefile.objs | 2 + softmmu/vl.c | 4447 +++++++++++++++++++++++++++++++++++++++++++++ vl.c | 4447 --------------------------------------------- 8 files changed, 4454 insertions(+), 4452 deletions(-) create mode 100644 softmmu/Makefile.objs create mode 100644 softmmu/vl.c delete mode 100644 vl.c diff --git a/MAINTAINERS b/MAINTAINERS index 1740a4f..6e26d2e 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -2031,7 +2031,7 @@ F: include/qemu/main-loop.h F: include/sysemu/runstate.h F: util/main-loop.c F: util/qemu-timer.c -F: vl.c +F: softmmu/vl.c F: qapi/run-state.json Human Monitor (HMP) diff --git a/Makefile.objs b/Makefile.objs index 26b9cff..8a1cbe8 100644 --- a/Makefile.objs +++ b/Makefile.objs @@ -58,8 +58,6 @@ common-obj-y += ui/ common-obj-m += ui/ common-obj-y += dma-helpers.o -common-obj-y += vl.o -vl.o-cflags := $(GPROF_CFLAGS) $(SDL_CFLAGS) common-obj-$(CONFIG_TPM) += tpm.o common-obj-y += backends/ diff --git a/Makefile.target b/Makefile.target index 6e61f60..06c36d1 100644 --- a/Makefile.target +++ b/Makefile.target @@ -160,6 +160,7 @@ obj-y += qapi/ obj-y += memory.o obj-y += memory_mapping.o obj-y += migration/ram.o +obj-y += softmmu/ LIBS := $(libs_softmmu) $(LIBS) # Hardware support diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 11512a8..b27e4ff 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -462,7 +462,7 @@ sub top_of_kernel_tree { my @tree_check = ( "COPYING", "MAINTAINERS", "Makefile", "README.rst", "docs", "VERSION", - "vl.c" + "linux-user", "softmmu" ); foreach my $check (@tree_check) { diff --git a/scripts/get_maintainer.pl b/scripts/get_maintainer.pl index 27991eb..271f5ff 100755 --- a/scripts/get_maintainer.pl +++ b/scripts/get_maintainer.pl @@ -795,7 +795,8 @@ sub top_of_tree { && (-f "${lk_path}Makefile") && (-d "${lk_path}docs") && (-f "${lk_path}VERSION") - && (-f "${lk_path}vl.c")) { + && (-d "${lk_path}linux-user/") + && (-d "${lk_path}softmmu/")) { return 1; } return 0; diff --git a/softmmu/Makefile.objs b/softmmu/Makefile.objs new file mode 100644 index 0000000..d80a5ff --- /dev/null +++ b/softmmu/Makefile.objs @@ -0,0 +1,2 @@ +obj-y += vl.o +vl.o-cflags := $(GPROF_CFLAGS) $(SDL_CFLAGS) diff --git a/softmmu/vl.c b/softmmu/vl.c new file mode 100644 index 0000000..794f2e5 --- /dev/null +++ b/softmmu/vl.c @@ -0,0 +1,4447 @@ +/* + * QEMU System Emulator + * + * Copyright (c) 2003-2008 Fabrice Bellard + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "qemu/osdep.h" +#include "qemu-common.h" +#include "qemu/units.h" +#include "hw/qdev-properties.h" +#include "qapi/error.h" +#include "qemu-version.h" +#include "qemu/cutils.h" +#include "qemu/help_option.h" +#include "qemu/uuid.h" +#include "sysemu/reset.h" +#include "sysemu/runstate.h" +#include "sysemu/seccomp.h" +#include "sysemu/tcg.h" + +#ifdef CONFIG_SDL +#if defined(__APPLE__) || defined(main) +#include +int qemu_main(int argc, char **argv, char **envp); +int main(int argc, char **argv) +{ + return qemu_main(argc, argv, NULL); +} +#undef main +#define main qemu_main +#endif +#endif /* CONFIG_SDL */ + +#ifdef CONFIG_COCOA +#undef main +#define main qemu_main +#endif /* CONFIG_COCOA */ + + +#include "qemu/error-report.h" +#include "qemu/sockets.h" +#include "sysemu/accel.h" +#include "hw/usb.h" +#include "hw/isa/isa.h" +#include "hw/scsi/scsi.h" +#include "hw/display/vga.h" +#include "sysemu/watchdog.h" +#include "hw/firmware/smbios.h" +#include "hw/acpi/acpi.h" +#include "hw/xen/xen.h" +#include "hw/loader.h" +#include "monitor/qdev.h" +#include "net/net.h" +#include "net/slirp.h" +#include "monitor/monitor.h" +#include "ui/console.h" +#include "ui/input.h" +#include "sysemu/sysemu.h" +#include "sysemu/numa.h" +#include "exec/gdbstub.h" +#include "qemu/timer.h" +#include "chardev/char.h" +#include "qemu/bitmap.h" +#include "qemu/log.h" +#include "sysemu/blockdev.h" +#include "hw/block/block.h" +#include "migration/misc.h" +#include "migration/snapshot.h" +#include "migration/global_state.h" +#include "sysemu/tpm.h" +#include "sysemu/dma.h" +#include "hw/audio/soundhw.h" +#include "audio/audio.h" +#include "sysemu/cpus.h" +#include "migration/colo.h" +#include "migration/postcopy-ram.h" +#include "sysemu/kvm.h" +#include "sysemu/hax.h" +#include "qapi/qobject-input-visitor.h" +#include "qemu/option.h" +#include "qemu/config-file.h" +#include "qemu-options.h" +#include "qemu/main-loop.h" +#ifdef CONFIG_VIRTFS +#include "fsdev/qemu-fsdev.h" +#endif +#include "sysemu/qtest.h" + +#include "disas/disas.h" + +#include "trace-root.h" +#include "trace/control.h" +#include "qemu/plugin.h" +#include "qemu/queue.h" +#include "sysemu/arch_init.h" + +#include "ui/qemu-spice.h" +#include "qapi/string-input-visitor.h" +#include "qapi/opts-visitor.h" +#include "qapi/clone-visitor.h" +#include "qom/object_interfaces.h" +#include "hw/semihosting/semihost.h" +#include "crypto/init.h" +#include "sysemu/replay.h" +#include "qapi/qapi-events-run-state.h" +#include "qapi/qapi-visit-block-core.h" +#include "qapi/qapi-visit-ui.h" +#include "qapi/qapi-commands-block-core.h" +#include "qapi/qapi-commands-run-state.h" +#include "qapi/qapi-commands-ui.h" +#include "qapi/qmp/qerror.h" +#include "sysemu/iothread.h" +#include "qemu/guest-random.h" + +#define MAX_VIRTIO_CONSOLES 1 + +static const char *data_dir[16]; +static int data_dir_idx; +const char *bios_name = NULL; +enum vga_retrace_method vga_retrace_method = VGA_RETRACE_DUMB; +int display_opengl; +const char* keyboard_layout = NULL; +ram_addr_t ram_size; +const char *mem_path = NULL; +int mem_prealloc = 0; /* force preallocation of physical target memory */ +bool enable_mlock = false; +bool enable_cpu_pm = false; +int nb_nics; +NICInfo nd_table[MAX_NICS]; +int autostart; +static enum { + RTC_BASE_UTC, + RTC_BASE_LOCALTIME, + RTC_BASE_DATETIME, +} rtc_base_type = RTC_BASE_UTC; +static time_t rtc_ref_start_datetime; +static int rtc_realtime_clock_offset; /* used only with QEMU_CLOCK_REALTIME */ +static int rtc_host_datetime_offset = -1; /* valid & used only with + RTC_BASE_DATETIME */ +QEMUClockType rtc_clock; +int vga_interface_type = VGA_NONE; +static DisplayOptions dpy; +static int num_serial_hds; +static Chardev **serial_hds; +Chardev *parallel_hds[MAX_PARALLEL_PORTS]; +int win2k_install_hack = 0; +int singlestep = 0; +int acpi_enabled = 1; +int no_hpet = 0; +int fd_bootchk = 1; +static int no_reboot; +int no_shutdown = 0; +int graphic_rotate = 0; +const char *watchdog; +QEMUOptionRom option_rom[MAX_OPTION_ROMS]; +int nb_option_roms; +int old_param = 0; +const char *qemu_name; +int alt_grab = 0; +int ctrl_grab = 0; +unsigned int nb_prom_envs = 0; +const char *prom_envs[MAX_PROM_ENVS]; +int boot_menu; +bool boot_strict; +uint8_t *boot_splash_filedata; +int only_migratable; /* turn it off unless user states otherwise */ +bool wakeup_suspend_enabled; + +int icount_align_option; + +/* The bytes in qemu_uuid are in the order specified by RFC4122, _not_ in the + * little-endian "wire format" described in the SMBIOS 2.6 specification. + */ +QemuUUID qemu_uuid; +bool qemu_uuid_set; + +static NotifierList exit_notifiers = + NOTIFIER_LIST_INITIALIZER(exit_notifiers); + +static NotifierList machine_init_done_notifiers = + NOTIFIER_LIST_INITIALIZER(machine_init_done_notifiers); + +bool xen_allowed; +uint32_t xen_domid; +enum xen_mode xen_mode = XEN_EMULATE; +bool xen_domid_restrict; + +static int has_defaults = 1; +static int default_serial = 1; +static int default_parallel = 1; +static int default_monitor = 1; +static int default_floppy = 1; +static int default_cdrom = 1; +static int default_sdcard = 1; +static int default_vga = 1; +static int default_net = 1; + +static struct { + const char *driver; + int *flag; +} default_list[] = { + { .driver = "isa-serial", .flag = &default_serial }, + { .driver = "isa-parallel", .flag = &default_parallel }, + { .driver = "isa-fdc", .flag = &default_floppy }, + { .driver = "floppy", .flag = &default_floppy }, + { .driver = "ide-cd", .flag = &default_cdrom }, + { .driver = "ide-hd", .flag = &default_cdrom }, + { .driver = "ide-drive", .flag = &default_cdrom }, + { .driver = "scsi-cd", .flag = &default_cdrom }, + { .driver = "scsi-hd", .flag = &default_cdrom }, + { .driver = "VGA", .flag = &default_vga }, + { .driver = "isa-vga", .flag = &default_vga }, + { .driver = "cirrus-vga", .flag = &default_vga }, + { .driver = "isa-cirrus-vga", .flag = &default_vga }, + { .driver = "vmware-svga", .flag = &default_vga }, + { .driver = "qxl-vga", .flag = &default_vga }, + { .driver = "virtio-vga", .flag = &default_vga }, + { .driver = "ati-vga", .flag = &default_vga }, + { .driver = "vhost-user-vga", .flag = &default_vga }, +}; + +static QemuOptsList qemu_rtc_opts = { + .name = "rtc", + .head = QTAILQ_HEAD_INITIALIZER(qemu_rtc_opts.head), + .merge_lists = true, + .desc = { + { + .name = "base", + .type = QEMU_OPT_STRING, + },{ + .name = "clock", + .type = QEMU_OPT_STRING, + },{ + .name = "driftfix", + .type = QEMU_OPT_STRING, + }, + { /* end of list */ } + }, +}; + +static QemuOptsList qemu_option_rom_opts = { + .name = "option-rom", + .implied_opt_name = "romfile", + .head = QTAILQ_HEAD_INITIALIZER(qemu_option_rom_opts.head), + .desc = { + { + .name = "bootindex", + .type = QEMU_OPT_NUMBER, + }, { + .name = "romfile", + .type = QEMU_OPT_STRING, + }, + { /* end of list */ } + }, +}; + +static QemuOptsList qemu_machine_opts = { + .name = "machine", + .implied_opt_name = "type", + .merge_lists = true, + .head = QTAILQ_HEAD_INITIALIZER(qemu_machine_opts.head), + .desc = { + /* + * no elements => accept any + * sanity checking will happen later + * when setting machine properties + */ + { } + }, +}; + +static QemuOptsList qemu_accel_opts = { + .name = "accel", + .implied_opt_name = "accel", + .head = QTAILQ_HEAD_INITIALIZER(qemu_accel_opts.head), + .desc = { + /* + * no elements => accept any + * sanity checking will happen later + * when setting accelerator properties + */ + { } + }, +}; + +static QemuOptsList qemu_boot_opts = { + .name = "boot-opts", + .implied_opt_name = "order", + .merge_lists = true, + .head = QTAILQ_HEAD_INITIALIZER(qemu_boot_opts.head), + .desc = { + { + .name = "order", + .type = QEMU_OPT_STRING, + }, { + .name = "once", + .type = QEMU_OPT_STRING, + }, { + .name = "menu", + .type = QEMU_OPT_BOOL, + }, { + .name = "splash", + .type = QEMU_OPT_STRING, + }, { + .name = "splash-time", + .type = QEMU_OPT_NUMBER, + }, { + .name = "reboot-timeout", + .type = QEMU_OPT_NUMBER, + }, { + .name = "strict", + .type = QEMU_OPT_BOOL, + }, + { /*End of list */ } + }, +}; + +static QemuOptsList qemu_add_fd_opts = { + .name = "add-fd", + .head = QTAILQ_HEAD_INITIALIZER(qemu_add_fd_opts.head), + .desc = { + { + .name = "fd", + .type = QEMU_OPT_NUMBER, + .help = "file descriptor of which a duplicate is added to fd set", + },{ + .name = "set", + .type = QEMU_OPT_NUMBER, + .help = "ID of the fd set to add fd to", + },{ + .name = "opaque", + .type = QEMU_OPT_STRING, + .help = "free-form string used to describe fd", + }, + { /* end of list */ } + }, +}; + +static QemuOptsList qemu_object_opts = { + .name = "object", + .implied_opt_name = "qom-type", + .head = QTAILQ_HEAD_INITIALIZER(qemu_object_opts.head), + .desc = { + { } + }, +}; + +static QemuOptsList qemu_tpmdev_opts = { + .name = "tpmdev", + .implied_opt_name = "type", + .head = QTAILQ_HEAD_INITIALIZER(qemu_tpmdev_opts.head), + .desc = { + /* options are defined in the TPM backends */ + { /* end of list */ } + }, +}; + +static QemuOptsList qemu_realtime_opts = { + .name = "realtime", + .head = QTAILQ_HEAD_INITIALIZER(qemu_realtime_opts.head), + .desc = { + { + .name = "mlock", + .type = QEMU_OPT_BOOL, + }, + { /* end of list */ } + }, +}; + +static QemuOptsList qemu_overcommit_opts = { + .name = "overcommit", + .head = QTAILQ_HEAD_INITIALIZER(qemu_overcommit_opts.head), + .desc = { + { + .name = "mem-lock", + .type = QEMU_OPT_BOOL, + }, + { + .name = "cpu-pm", + .type = QEMU_OPT_BOOL, + }, + { /* end of list */ } + }, +}; + +static QemuOptsList qemu_msg_opts = { + .name = "msg", + .head = QTAILQ_HEAD_INITIALIZER(qemu_msg_opts.head), + .desc = { + { + .name = "timestamp", + .type = QEMU_OPT_BOOL, + }, + { /* end of list */ } + }, +}; + +static QemuOptsList qemu_name_opts = { + .name = "name", + .implied_opt_name = "guest", + .merge_lists = true, + .head = QTAILQ_HEAD_INITIALIZER(qemu_name_opts.head), + .desc = { + { + .name = "guest", + .type = QEMU_OPT_STRING, + .help = "Sets the name of the guest.\n" + "This name will be displayed in the SDL window caption.\n" + "The name will also be used for the VNC server", + }, { + .name = "process", + .type = QEMU_OPT_STRING, + .help = "Sets the name of the QEMU process, as shown in top etc", + }, { + .name = "debug-threads", + .type = QEMU_OPT_BOOL, + .help = "When enabled, name the individual threads; defaults off.\n" + "NOTE: The thread names are for debugging and not a\n" + "stable API.", + }, + { /* End of list */ } + }, +}; + +static QemuOptsList qemu_mem_opts = { + .name = "memory", + .implied_opt_name = "size", + .head = QTAILQ_HEAD_INITIALIZER(qemu_mem_opts.head), + .merge_lists = true, + .desc = { + { + .name = "size", + .type = QEMU_OPT_SIZE, + }, + { + .name = "slots", + .type = QEMU_OPT_NUMBER, + }, + { + .name = "maxmem", + .type = QEMU_OPT_SIZE, + }, + { /* end of list */ } + }, +}; + +static QemuOptsList qemu_icount_opts = { + .name = "icount", + .implied_opt_name = "shift", + .merge_lists = true, + .head = QTAILQ_HEAD_INITIALIZER(qemu_icount_opts.head), + .desc = { + { + .name = "shift", + .type = QEMU_OPT_STRING, + }, { + .name = "align", + .type = QEMU_OPT_BOOL, + }, { + .name = "sleep", + .type = QEMU_OPT_BOOL, + }, { + .name = "rr", + .type = QEMU_OPT_STRING, + }, { + .name = "rrfile", + .type = QEMU_OPT_STRING, + }, { + .name = "rrsnapshot", + .type = QEMU_OPT_STRING, + }, + { /* end of list */ } + }, +}; + +static QemuOptsList qemu_fw_cfg_opts = { + .name = "fw_cfg", + .implied_opt_name = "name", + .head = QTAILQ_HEAD_INITIALIZER(qemu_fw_cfg_opts.head), + .desc = { + { + .name = "name", + .type = QEMU_OPT_STRING, + .help = "Sets the fw_cfg name of the blob to be inserted", + }, { + .name = "file", + .type = QEMU_OPT_STRING, + .help = "Sets the name of the file from which " + "the fw_cfg blob will be loaded", + }, { + .name = "string", + .type = QEMU_OPT_STRING, + .help = "Sets content of the blob to be inserted from a string", + }, + { /* end of list */ } + }, +}; + +/** + * Get machine options + * + * Returns: machine options (never null). + */ +QemuOpts *qemu_get_machine_opts(void) +{ + return qemu_find_opts_singleton("machine"); +} + +const char *qemu_get_vm_name(void) +{ + return qemu_name; +} + +static void res_free(void) +{ + g_free(boot_splash_filedata); + boot_splash_filedata = NULL; +} + +static int default_driver_check(void *opaque, QemuOpts *opts, Error **errp) +{ + const char *driver = qemu_opt_get(opts, "driver"); + int i; + + if (!driver) + return 0; + for (i = 0; i < ARRAY_SIZE(default_list); i++) { + if (strcmp(default_list[i].driver, driver) != 0) + continue; + *(default_list[i].flag) = 0; + } + return 0; +} + +/***********************************************************/ +/* QEMU state */ + +static RunState current_run_state = RUN_STATE_PRECONFIG; + +/* We use RUN_STATE__MAX but any invalid value will do */ +static RunState vmstop_requested = RUN_STATE__MAX; +static QemuMutex vmstop_lock; + +typedef struct { + RunState from; + RunState to; +} RunStateTransition; + +static const RunStateTransition runstate_transitions_def[] = { + /* from -> to */ + { RUN_STATE_PRECONFIG, RUN_STATE_PRELAUNCH }, + /* Early switch to inmigrate state to allow -incoming CLI option work + * as it used to. TODO: delay actual switching to inmigrate state to + * the point after machine is built and remove this hack. + */ + { RUN_STATE_PRECONFIG, RUN_STATE_INMIGRATE }, + + { RUN_STATE_DEBUG, RUN_STATE_RUNNING }, + { RUN_STATE_DEBUG, RUN_STATE_FINISH_MIGRATE }, + { RUN_STATE_DEBUG, RUN_STATE_PRELAUNCH }, + + { RUN_STATE_INMIGRATE, RUN_STATE_INTERNAL_ERROR }, + { RUN_STATE_INMIGRATE, RUN_STATE_IO_ERROR }, + { RUN_STATE_INMIGRATE, RUN_STATE_PAUSED }, + { RUN_STATE_INMIGRATE, RUN_STATE_RUNNING }, + { RUN_STATE_INMIGRATE, RUN_STATE_SHUTDOWN }, + { RUN_STATE_INMIGRATE, RUN_STATE_SUSPENDED }, + { RUN_STATE_INMIGRATE, RUN_STATE_WATCHDOG }, + { RUN_STATE_INMIGRATE, RUN_STATE_GUEST_PANICKED }, + { RUN_STATE_INMIGRATE, RUN_STATE_FINISH_MIGRATE }, + { RUN_STATE_INMIGRATE, RUN_STATE_PRELAUNCH }, + { RUN_STATE_INMIGRATE, RUN_STATE_POSTMIGRATE }, + { RUN_STATE_INMIGRATE, RUN_STATE_COLO }, + + { RUN_STATE_INTERNAL_ERROR, RUN_STATE_PAUSED }, + { RUN_STATE_INTERNAL_ERROR, RUN_STATE_FINISH_MIGRATE }, + { RUN_STATE_INTERNAL_ERROR, RUN_STATE_PRELAUNCH }, + + { RUN_STATE_IO_ERROR, RUN_STATE_RUNNING }, + { RUN_STATE_IO_ERROR, RUN_STATE_FINISH_MIGRATE }, + { RUN_STATE_IO_ERROR, RUN_STATE_PRELAUNCH }, + + { RUN_STATE_PAUSED, RUN_STATE_RUNNING }, + { RUN_STATE_PAUSED, RUN_STATE_FINISH_MIGRATE }, + { RUN_STATE_PAUSED, RUN_STATE_POSTMIGRATE }, + { RUN_STATE_PAUSED, RUN_STATE_PRELAUNCH }, + { RUN_STATE_PAUSED, RUN_STATE_COLO}, + + { RUN_STATE_POSTMIGRATE, RUN_STATE_RUNNING }, + { RUN_STATE_POSTMIGRATE, RUN_STATE_FINISH_MIGRATE }, + { RUN_STATE_POSTMIGRATE, RUN_STATE_PRELAUNCH }, + + { RUN_STATE_PRELAUNCH, RUN_STATE_RUNNING }, + { RUN_STATE_PRELAUNCH, RUN_STATE_FINISH_MIGRATE }, + { RUN_STATE_PRELAUNCH, RUN_STATE_INMIGRATE }, + + { RUN_STATE_FINISH_MIGRATE, RUN_STATE_RUNNING }, + { RUN_STATE_FINISH_MIGRATE, RUN_STATE_PAUSED }, + { RUN_STATE_FINISH_MIGRATE, RUN_STATE_POSTMIGRATE }, + { RUN_STATE_FINISH_MIGRATE, RUN_STATE_PRELAUNCH }, + { RUN_STATE_FINISH_MIGRATE, RUN_STATE_COLO}, + + { RUN_STATE_RESTORE_VM, RUN_STATE_RUNNING }, + { RUN_STATE_RESTORE_VM, RUN_STATE_PRELAUNCH }, + + { RUN_STATE_COLO, RUN_STATE_RUNNING }, + + { RUN_STATE_RUNNING, RUN_STATE_DEBUG }, + { RUN_STATE_RUNNING, RUN_STATE_INTERNAL_ERROR }, + { RUN_STATE_RUNNING, RUN_STATE_IO_ERROR }, + { RUN_STATE_RUNNING, RUN_STATE_PAUSED }, + { RUN_STATE_RUNNING, RUN_STATE_FINISH_MIGRATE }, + { RUN_STATE_RUNNING, RUN_STATE_RESTORE_VM }, + { RUN_STATE_RUNNING, RUN_STATE_SAVE_VM }, + { RUN_STATE_RUNNING, RUN_STATE_SHUTDOWN }, + { RUN_STATE_RUNNING, RUN_STATE_WATCHDOG }, + { RUN_STATE_RUNNING, RUN_STATE_GUEST_PANICKED }, + { RUN_STATE_RUNNING, RUN_STATE_COLO}, + + { RUN_STATE_SAVE_VM, RUN_STATE_RUNNING }, + + { RUN_STATE_SHUTDOWN, RUN_STATE_PAUSED }, + { RUN_STATE_SHUTDOWN, RUN_STATE_FINISH_MIGRATE }, + { RUN_STATE_SHUTDOWN, RUN_STATE_PRELAUNCH }, + + { RUN_STATE_DEBUG, RUN_STATE_SUSPENDED }, + { RUN_STATE_RUNNING, RUN_STATE_SUSPENDED }, + { RUN_STATE_SUSPENDED, RUN_STATE_RUNNING }, + { RUN_STATE_SUSPENDED, RUN_STATE_FINISH_MIGRATE }, + { RUN_STATE_SUSPENDED, RUN_STATE_PRELAUNCH }, + { RUN_STATE_SUSPENDED, RUN_STATE_COLO}, + + { RUN_STATE_WATCHDOG, RUN_STATE_RUNNING }, + { RUN_STATE_WATCHDOG, RUN_STATE_FINISH_MIGRATE }, + { RUN_STATE_WATCHDOG, RUN_STATE_PRELAUNCH }, + { RUN_STATE_WATCHDOG, RUN_STATE_COLO}, + + { RUN_STATE_GUEST_PANICKED, RUN_STATE_RUNNING }, + { RUN_STATE_GUEST_PANICKED, RUN_STATE_FINISH_MIGRATE }, + { RUN_STATE_GUEST_PANICKED, RUN_STATE_PRELAUNCH }, + + { RUN_STATE__MAX, RUN_STATE__MAX }, +}; + +static bool runstate_valid_transitions[RUN_STATE__MAX][RUN_STATE__MAX]; + +bool runstate_check(RunState state) +{ + return current_run_state == state; +} + +bool runstate_store(char *str, size_t size) +{ + const char *state = RunState_str(current_run_state); + size_t len = strlen(state) + 1; + + if (len > size) { + return false; + } + memcpy(str, state, len); + return true; +} + +static void runstate_init(void) +{ + const RunStateTransition *p; + + memset(&runstate_valid_transitions, 0, sizeof(runstate_valid_transitions)); + for (p = &runstate_transitions_def[0]; p->from != RUN_STATE__MAX; p++) { + runstate_valid_transitions[p->from][p->to] = true; + } + + qemu_mutex_init(&vmstop_lock); +} + +/* This function will abort() on invalid state transitions */ +void runstate_set(RunState new_state) +{ + assert(new_state < RUN_STATE__MAX); + + trace_runstate_set(current_run_state, RunState_str(current_run_state), + new_state, RunState_str(new_state)); + + if (current_run_state == new_state) { + return; + } + + if (!runstate_valid_transitions[current_run_state][new_state]) { + error_report("invalid runstate transition: '%s' -> '%s'", + RunState_str(current_run_state), + RunState_str(new_state)); + abort(); + } + + current_run_state = new_state; +} + +int runstate_is_running(void) +{ + return runstate_check(RUN_STATE_RUNNING); +} + +bool runstate_needs_reset(void) +{ + return runstate_check(RUN_STATE_INTERNAL_ERROR) || + runstate_check(RUN_STATE_SHUTDOWN); +} + +StatusInfo *qmp_query_status(Error **errp) +{ + StatusInfo *info = g_malloc0(sizeof(*info)); + + info->running = runstate_is_running(); + info->singlestep = singlestep; + info->status = current_run_state; + + return info; +} + +bool qemu_vmstop_requested(RunState *r) +{ + qemu_mutex_lock(&vmstop_lock); + *r = vmstop_requested; + vmstop_requested = RUN_STATE__MAX; + qemu_mutex_unlock(&vmstop_lock); + return *r < RUN_STATE__MAX; +} + +void qemu_system_vmstop_request_prepare(void) +{ + qemu_mutex_lock(&vmstop_lock); +} + +void qemu_system_vmstop_request(RunState state) +{ + vmstop_requested = state; + qemu_mutex_unlock(&vmstop_lock); + qemu_notify_event(); +} + +/***********************************************************/ +/* RTC reference time/date access */ +static time_t qemu_ref_timedate(QEMUClockType clock) +{ + time_t value = qemu_clock_get_ms(clock) / 1000; + switch (clock) { + case QEMU_CLOCK_REALTIME: + value -= rtc_realtime_clock_offset; + /* fall through */ + case QEMU_CLOCK_VIRTUAL: + value += rtc_ref_start_datetime; + break; + case QEMU_CLOCK_HOST: + if (rtc_base_type == RTC_BASE_DATETIME) { + value -= rtc_host_datetime_offset; + } + break; + default: + assert(0); + } + return value; +} + +void qemu_get_timedate(struct tm *tm, int offset) +{ + time_t ti = qemu_ref_timedate(rtc_clock); + + ti += offset; + + switch (rtc_base_type) { + case RTC_BASE_DATETIME: + case RTC_BASE_UTC: + gmtime_r(&ti, tm); + break; + case RTC_BASE_LOCALTIME: + localtime_r(&ti, tm); + break; + } +} + +int qemu_timedate_diff(struct tm *tm) +{ + time_t seconds; + + switch (rtc_base_type) { + case RTC_BASE_DATETIME: + case RTC_BASE_UTC: + seconds = mktimegm(tm); + break; + case RTC_BASE_LOCALTIME: + { + struct tm tmp = *tm; + tmp.tm_isdst = -1; /* use timezone to figure it out */ + seconds = mktime(&tmp); + break; + } + default: + abort(); + } + + return seconds - qemu_ref_timedate(QEMU_CLOCK_HOST); +} + +static void configure_rtc_base_datetime(const char *startdate) +{ + time_t rtc_start_datetime; + struct tm tm; + + if (sscanf(startdate, "%d-%d-%dT%d:%d:%d", &tm.tm_year, &tm.tm_mon, + &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) == 6) { + /* OK */ + } else if (sscanf(startdate, "%d-%d-%d", + &tm.tm_year, &tm.tm_mon, &tm.tm_mday) == 3) { + tm.tm_hour = 0; + tm.tm_min = 0; + tm.tm_sec = 0; + } else { + goto date_fail; + } + tm.tm_year -= 1900; + tm.tm_mon--; + rtc_start_datetime = mktimegm(&tm); + if (rtc_start_datetime == -1) { + date_fail: + error_report("invalid datetime format"); + error_printf("valid formats: " + "'2006-06-17T16:01:21' or '2006-06-17'\n"); + exit(1); + } + rtc_host_datetime_offset = rtc_ref_start_datetime - rtc_start_datetime; + rtc_ref_start_datetime = rtc_start_datetime; +} + +static void configure_rtc(QemuOpts *opts) +{ + const char *value; + + /* Set defaults */ + rtc_clock = QEMU_CLOCK_HOST; + rtc_ref_start_datetime = qemu_clock_get_ms(QEMU_CLOCK_HOST) / 1000; + rtc_realtime_clock_offset = qemu_clock_get_ms(QEMU_CLOCK_REALTIME) / 1000; + + value = qemu_opt_get(opts, "base"); + if (value) { + if (!strcmp(value, "utc")) { + rtc_base_type = RTC_BASE_UTC; + } else if (!strcmp(value, "localtime")) { + Error *blocker = NULL; + rtc_base_type = RTC_BASE_LOCALTIME; + error_setg(&blocker, QERR_REPLAY_NOT_SUPPORTED, + "-rtc base=localtime"); + replay_add_blocker(blocker); + } else { + rtc_base_type = RTC_BASE_DATETIME; + configure_rtc_base_datetime(value); + } + } + value = qemu_opt_get(opts, "clock"); + if (value) { + if (!strcmp(value, "host")) { + rtc_clock = QEMU_CLOCK_HOST; + } else if (!strcmp(value, "rt")) { + rtc_clock = QEMU_CLOCK_REALTIME; + } else if (!strcmp(value, "vm")) { + rtc_clock = QEMU_CLOCK_VIRTUAL; + } else { + error_report("invalid option value '%s'", value); + exit(1); + } + } + value = qemu_opt_get(opts, "driftfix"); + if (value) { + if (!strcmp(value, "slew")) { + object_register_sugar_prop("mc146818rtc", + "lost_tick_policy", + "slew"); + } else if (!strcmp(value, "none")) { + /* discard is default */ + } else { + error_report("invalid option value '%s'", value); + exit(1); + } + } +} + +static int parse_name(void *opaque, QemuOpts *opts, Error **errp) +{ + const char *proc_name; + + if (qemu_opt_get(opts, "debug-threads")) { + qemu_thread_naming(qemu_opt_get_bool(opts, "debug-threads", false)); + } + qemu_name = qemu_opt_get(opts, "guest"); + + proc_name = qemu_opt_get(opts, "process"); + if (proc_name) { + os_set_proc_name(proc_name); + } + + return 0; +} + +bool defaults_enabled(void) +{ + return has_defaults; +} + +#ifndef _WIN32 +static int parse_add_fd(void *opaque, QemuOpts *opts, Error **errp) +{ + int fd, dupfd, flags; + int64_t fdset_id; + const char *fd_opaque = NULL; + AddfdInfo *fdinfo; + + fd = qemu_opt_get_number(opts, "fd", -1); + fdset_id = qemu_opt_get_number(opts, "set", -1); + fd_opaque = qemu_opt_get(opts, "opaque"); + + if (fd < 0) { + error_setg(errp, "fd option is required and must be non-negative"); + return -1; + } + + if (fd <= STDERR_FILENO) { + error_setg(errp, "fd cannot be a standard I/O stream"); + return -1; + } + + /* + * All fds inherited across exec() necessarily have FD_CLOEXEC + * clear, while qemu sets FD_CLOEXEC on all other fds used internally. + */ + flags = fcntl(fd, F_GETFD); + if (flags == -1 || (flags & FD_CLOEXEC)) { + error_setg(errp, "fd is not valid or already in use"); + return -1; + } + + if (fdset_id < 0) { + error_setg(errp, "set option is required and must be non-negative"); + return -1; + } + +#ifdef F_DUPFD_CLOEXEC + dupfd = fcntl(fd, F_DUPFD_CLOEXEC, 0); +#else + dupfd = dup(fd); + if (dupfd != -1) { + qemu_set_cloexec(dupfd); + } +#endif + if (dupfd == -1) { + error_setg(errp, "error duplicating fd: %s", strerror(errno)); + return -1; + } + + /* add the duplicate fd, and optionally the opaque string, to the fd set */ + fdinfo = monitor_fdset_add_fd(dupfd, true, fdset_id, !!fd_opaque, fd_opaque, + &error_abort); + g_free(fdinfo); + + return 0; +} + +static int cleanup_add_fd(void *opaque, QemuOpts *opts, Error **errp) +{ + int fd; + + fd = qemu_opt_get_number(opts, "fd", -1); + close(fd); + + return 0; +} +#endif + +/***********************************************************/ +/* QEMU Block devices */ + +#define HD_OPTS "media=disk" +#define CDROM_OPTS "media=cdrom" +#define FD_OPTS "" +#define PFLASH_OPTS "" +#define MTD_OPTS "" +#define SD_OPTS "" + +static int drive_init_func(void *opaque, QemuOpts *opts, Error **errp) +{ + BlockInterfaceType *block_default_type = opaque; + + return drive_new(opts, *block_default_type, errp) == NULL; +} + +static int drive_enable_snapshot(void *opaque, QemuOpts *opts, Error **errp) +{ + if (qemu_opt_get(opts, "snapshot") == NULL) { + qemu_opt_set(opts, "snapshot", "on", &error_abort); + } + return 0; +} + +static void default_drive(int enable, int snapshot, BlockInterfaceType type, + int index, const char *optstr) +{ + QemuOpts *opts; + DriveInfo *dinfo; + + if (!enable || drive_get_by_index(type, index)) { + return; + } + + opts = drive_add(type, index, NULL, optstr); + if (snapshot) { + drive_enable_snapshot(NULL, opts, NULL); + } + + dinfo = drive_new(opts, type, &error_abort); + dinfo->is_default = true; + +} + +typedef struct BlockdevOptionsQueueEntry { + BlockdevOptions *bdo; + Location loc; + QSIMPLEQ_ENTRY(BlockdevOptionsQueueEntry) entry; +} BlockdevOptionsQueueEntry; + +typedef QSIMPLEQ_HEAD(, BlockdevOptionsQueueEntry) BlockdevOptionsQueue; + +static void configure_blockdev(BlockdevOptionsQueue *bdo_queue, + MachineClass *machine_class, int snapshot) +{ + /* + * If the currently selected machine wishes to override the + * units-per-bus property of its default HBA interface type, do so + * now. + */ + if (machine_class->units_per_default_bus) { + override_max_devs(machine_class->block_default_type, + machine_class->units_per_default_bus); + } + + /* open the virtual block devices */ + while (!QSIMPLEQ_EMPTY(bdo_queue)) { + BlockdevOptionsQueueEntry *bdo = QSIMPLEQ_FIRST(bdo_queue); + + QSIMPLEQ_REMOVE_HEAD(bdo_queue, entry); + loc_push_restore(&bdo->loc); + qmp_blockdev_add(bdo->bdo, &error_fatal); + loc_pop(&bdo->loc); + qapi_free_BlockdevOptions(bdo->bdo); + g_free(bdo); + } + if (snapshot) { + qemu_opts_foreach(qemu_find_opts("drive"), drive_enable_snapshot, + NULL, NULL); + } + if (qemu_opts_foreach(qemu_find_opts("drive"), drive_init_func, + &machine_class->block_default_type, &error_fatal)) { + /* We printed help */ + exit(0); + } + + default_drive(default_cdrom, snapshot, machine_class->block_default_type, 2, + CDROM_OPTS); + default_drive(default_floppy, snapshot, IF_FLOPPY, 0, FD_OPTS); + default_drive(default_sdcard, snapshot, IF_SD, 0, SD_OPTS); + +} + +static QemuOptsList qemu_smp_opts = { + .name = "smp-opts", + .implied_opt_name = "cpus", + .merge_lists = true, + .head = QTAILQ_HEAD_INITIALIZER(qemu_smp_opts.head), + .desc = { + { + .name = "cpus", + .type = QEMU_OPT_NUMBER, + }, { + .name = "sockets", + .type = QEMU_OPT_NUMBER, + }, { + .name = "dies", + .type = QEMU_OPT_NUMBER, + }, { + .name = "cores", + .type = QEMU_OPT_NUMBER, + }, { + .name = "threads", + .type = QEMU_OPT_NUMBER, + }, { + .name = "maxcpus", + .type = QEMU_OPT_NUMBER, + }, + { /*End of list */ } + }, +}; + +static void realtime_init(void) +{ + if (enable_mlock) { + if (os_mlock() < 0) { + error_report("locking memory failed"); + exit(1); + } + } +} + + +static void configure_msg(QemuOpts *opts) +{ + error_with_timestamp = qemu_opt_get_bool(opts, "timestamp", false); +} + + +/***********************************************************/ +/* USB devices */ + +static int usb_device_add(const char *devname) +{ + USBDevice *dev = NULL; + + if (!machine_usb(current_machine)) { + return -1; + } + + dev = usbdevice_create(devname); + if (!dev) + return -1; + + return 0; +} + +static int usb_parse(const char *cmdline) +{ + int r; + r = usb_device_add(cmdline); + if (r < 0) { + error_report("could not add USB device '%s'", cmdline); + } + return r; +} + +/***********************************************************/ +/* machine registration */ + +MachineState *current_machine; + +static MachineClass *find_machine(const char *name, GSList *machines) +{ + GSList *el; + + for (el = machines; el; el = el->next) { + MachineClass *mc = el->data; + + if (!strcmp(mc->name, name) || !g_strcmp0(mc->alias, name)) { + return mc; + } + } + + return NULL; +} + +static MachineClass *find_default_machine(GSList *machines) +{ + GSList *el; + + for (el = machines; el; el = el->next) { + MachineClass *mc = el->data; + + if (mc->is_default) { + return mc; + } + } + + return NULL; +} + +static int machine_help_func(QemuOpts *opts, MachineState *machine) +{ + ObjectProperty *prop; + ObjectPropertyIterator iter; + + if (!qemu_opt_has_help_opt(opts)) { + return 0; + } + + object_property_iter_init(&iter, OBJECT(machine)); + while ((prop = object_property_iter_next(&iter))) { + if (!prop->set) { + continue; + } + + printf("%s.%s=%s", MACHINE_GET_CLASS(machine)->name, + prop->name, prop->type); + if (prop->description) { + printf(" (%s)\n", prop->description); + } else { + printf("\n"); + } + } + + return 1; +} + +struct VMChangeStateEntry { + VMChangeStateHandler *cb; + void *opaque; + QTAILQ_ENTRY(VMChangeStateEntry) entries; + int priority; +}; + +static QTAILQ_HEAD(, VMChangeStateEntry) vm_change_state_head; + +/** + * qemu_add_vm_change_state_handler_prio: + * @cb: the callback to invoke + * @opaque: user data passed to the callback + * @priority: low priorities execute first when the vm runs and the reverse is + * true when the vm stops + * + * Register a callback function that is invoked when the vm starts or stops + * running. + * + * Returns: an entry to be freed using qemu_del_vm_change_state_handler() + */ +VMChangeStateEntry *qemu_add_vm_change_state_handler_prio( + VMChangeStateHandler *cb, void *opaque, int priority) +{ + VMChangeStateEntry *e; + VMChangeStateEntry *other; + + e = g_malloc0(sizeof(*e)); + e->cb = cb; + e->opaque = opaque; + e->priority = priority; + + /* Keep list sorted in ascending priority order */ + QTAILQ_FOREACH(other, &vm_change_state_head, entries) { + if (priority < other->priority) { + QTAILQ_INSERT_BEFORE(other, e, entries); + return e; + } + } + + QTAILQ_INSERT_TAIL(&vm_change_state_head, e, entries); + return e; +} + +VMChangeStateEntry *qemu_add_vm_change_state_handler(VMChangeStateHandler *cb, + void *opaque) +{ + return qemu_add_vm_change_state_handler_prio(cb, opaque, 0); +} + +void qemu_del_vm_change_state_handler(VMChangeStateEntry *e) +{ + QTAILQ_REMOVE(&vm_change_state_head, e, entries); + g_free(e); +} + +void vm_state_notify(int running, RunState state) +{ + VMChangeStateEntry *e, *next; + + trace_vm_state_notify(running, state, RunState_str(state)); + + if (running) { + QTAILQ_FOREACH_SAFE(e, &vm_change_state_head, entries, next) { + e->cb(e->opaque, running, state); + } + } else { + QTAILQ_FOREACH_REVERSE_SAFE(e, &vm_change_state_head, entries, next) { + e->cb(e->opaque, running, state); + } + } +} + +static ShutdownCause reset_requested; +static ShutdownCause shutdown_requested; +static int shutdown_signal; +static pid_t shutdown_pid; +static int powerdown_requested; +static int debug_requested; +static int suspend_requested; +static bool preconfig_exit_requested = true; +static WakeupReason wakeup_reason; +static NotifierList powerdown_notifiers = + NOTIFIER_LIST_INITIALIZER(powerdown_notifiers); +static NotifierList suspend_notifiers = + NOTIFIER_LIST_INITIALIZER(suspend_notifiers); +static NotifierList wakeup_notifiers = + NOTIFIER_LIST_INITIALIZER(wakeup_notifiers); +static NotifierList shutdown_notifiers = + NOTIFIER_LIST_INITIALIZER(shutdown_notifiers); +static uint32_t wakeup_reason_mask = ~(1 << QEMU_WAKEUP_REASON_NONE); + +ShutdownCause qemu_shutdown_requested_get(void) +{ + return shutdown_requested; +} + +ShutdownCause qemu_reset_requested_get(void) +{ + return reset_requested; +} + +static int qemu_shutdown_requested(void) +{ + return atomic_xchg(&shutdown_requested, SHUTDOWN_CAUSE_NONE); +} + +static void qemu_kill_report(void) +{ + if (!qtest_driver() && shutdown_signal) { + if (shutdown_pid == 0) { + /* This happens for eg ^C at the terminal, so it's worth + * avoiding printing an odd message in that case. + */ + error_report("terminating on signal %d", shutdown_signal); + } else { + char *shutdown_cmd = qemu_get_pid_name(shutdown_pid); + + error_report("terminating on signal %d from pid " FMT_pid " (%s)", + shutdown_signal, shutdown_pid, + shutdown_cmd ? shutdown_cmd : ""); + g_free(shutdown_cmd); + } + shutdown_signal = 0; + } +} + +static ShutdownCause qemu_reset_requested(void) +{ + ShutdownCause r = reset_requested; + + if (r && replay_checkpoint(CHECKPOINT_RESET_REQUESTED)) { + reset_requested = SHUTDOWN_CAUSE_NONE; + return r; + } + return SHUTDOWN_CAUSE_NONE; +} + +static int qemu_suspend_requested(void) +{ + int r = suspend_requested; + if (r && replay_checkpoint(CHECKPOINT_SUSPEND_REQUESTED)) { + suspend_requested = 0; + return r; + } + return false; +} + +static WakeupReason qemu_wakeup_requested(void) +{ + return wakeup_reason; +} + +static int qemu_powerdown_requested(void) +{ + int r = powerdown_requested; + powerdown_requested = 0; + return r; +} + +static int qemu_debug_requested(void) +{ + int r = debug_requested; + debug_requested = 0; + return r; +} + +void qemu_exit_preconfig_request(void) +{ + preconfig_exit_requested = true; +} + +/* + * Reset the VM. Issue an event unless @reason is SHUTDOWN_CAUSE_NONE. + */ +void qemu_system_reset(ShutdownCause reason) +{ + MachineClass *mc; + + mc = current_machine ? MACHINE_GET_CLASS(current_machine) : NULL; + + cpu_synchronize_all_states(); + + if (mc && mc->reset) { + mc->reset(current_machine); + } else { + qemu_devices_reset(); + } + if (reason && reason != SHUTDOWN_CAUSE_SUBSYSTEM_RESET) { + qapi_event_send_reset(shutdown_caused_by_guest(reason), reason); + } + cpu_synchronize_all_post_reset(); +} + +/* + * Wake the VM after suspend. + */ +static void qemu_system_wakeup(void) +{ + MachineClass *mc; + + mc = current_machine ? MACHINE_GET_CLASS(current_machine) : NULL; + + if (mc && mc->wakeup) { + mc->wakeup(current_machine); + } +} + +void qemu_system_guest_panicked(GuestPanicInformation *info) +{ + qemu_log_mask(LOG_GUEST_ERROR, "Guest crashed"); + + if (current_cpu) { + current_cpu->crash_occurred = true; + } + qapi_event_send_guest_panicked(GUEST_PANIC_ACTION_PAUSE, + !!info, info); + vm_stop(RUN_STATE_GUEST_PANICKED); + if (!no_shutdown) { + qapi_event_send_guest_panicked(GUEST_PANIC_ACTION_POWEROFF, + !!info, info); + qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_PANIC); + } + + if (info) { + if (info->type == GUEST_PANIC_INFORMATION_TYPE_HYPER_V) { + qemu_log_mask(LOG_GUEST_ERROR, "\nHV crash parameters: (%#"PRIx64 + " %#"PRIx64" %#"PRIx64" %#"PRIx64" %#"PRIx64")\n", + info->u.hyper_v.arg1, + info->u.hyper_v.arg2, + info->u.hyper_v.arg3, + info->u.hyper_v.arg4, + info->u.hyper_v.arg5); + } else if (info->type == GUEST_PANIC_INFORMATION_TYPE_S390) { + qemu_log_mask(LOG_GUEST_ERROR, " on cpu %d: %s\n" + "PSW: 0x%016" PRIx64 " 0x%016" PRIx64"\n", + info->u.s390.core, + S390CrashReason_str(info->u.s390.reason), + info->u.s390.psw_mask, + info->u.s390.psw_addr); + } + qapi_free_GuestPanicInformation(info); + } +} + +void qemu_system_guest_crashloaded(GuestPanicInformation *info) +{ + qemu_log_mask(LOG_GUEST_ERROR, "Guest crash loaded"); + + qapi_event_send_guest_crashloaded(GUEST_PANIC_ACTION_RUN, + !!info, info); + + if (info) { + qapi_free_GuestPanicInformation(info); + } +} + +void qemu_system_reset_request(ShutdownCause reason) +{ + if (no_reboot && reason != SHUTDOWN_CAUSE_SUBSYSTEM_RESET) { + shutdown_requested = reason; + } else { + reset_requested = reason; + } + cpu_stop_current(); + qemu_notify_event(); +} + +static void qemu_system_suspend(void) +{ + pause_all_vcpus(); + notifier_list_notify(&suspend_notifiers, NULL); + runstate_set(RUN_STATE_SUSPENDED); + qapi_event_send_suspend(); +} + +void qemu_system_suspend_request(void) +{ + if (runstate_check(RUN_STATE_SUSPENDED)) { + return; + } + suspend_requested = 1; + cpu_stop_current(); + qemu_notify_event(); +} + +void qemu_register_suspend_notifier(Notifier *notifier) +{ + notifier_list_add(&suspend_notifiers, notifier); +} + +void qemu_system_wakeup_request(WakeupReason reason, Error **errp) +{ + trace_system_wakeup_request(reason); + + if (!runstate_check(RUN_STATE_SUSPENDED)) { + error_setg(errp, + "Unable to wake up: guest is not in suspended state"); + return; + } + if (!(wakeup_reason_mask & (1 << reason))) { + return; + } + runstate_set(RUN_STATE_RUNNING); + wakeup_reason = reason; + qemu_notify_event(); +} + +void qemu_system_wakeup_enable(WakeupReason reason, bool enabled) +{ + if (enabled) { + wakeup_reason_mask |= (1 << reason); + } else { + wakeup_reason_mask &= ~(1 << reason); + } +} + +void qemu_register_wakeup_notifier(Notifier *notifier) +{ + notifier_list_add(&wakeup_notifiers, notifier); +} + +void qemu_register_wakeup_support(void) +{ + wakeup_suspend_enabled = true; +} + +bool qemu_wakeup_suspend_enabled(void) +{ + return wakeup_suspend_enabled; +} + +void qemu_system_killed(int signal, pid_t pid) +{ + shutdown_signal = signal; + shutdown_pid = pid; + no_shutdown = 0; + + /* Cannot call qemu_system_shutdown_request directly because + * we are in a signal handler. + */ + shutdown_requested = SHUTDOWN_CAUSE_HOST_SIGNAL; + qemu_notify_event(); +} + +void qemu_system_shutdown_request(ShutdownCause reason) +{ + trace_qemu_system_shutdown_request(reason); + replay_shutdown_request(reason); + shutdown_requested = reason; + qemu_notify_event(); +} + +static void qemu_system_powerdown(void) +{ + qapi_event_send_powerdown(); + notifier_list_notify(&powerdown_notifiers, NULL); +} + +static void qemu_system_shutdown(ShutdownCause cause) +{ + qapi_event_send_shutdown(shutdown_caused_by_guest(cause), cause); + notifier_list_notify(&shutdown_notifiers, &cause); +} + +void qemu_system_powerdown_request(void) +{ + trace_qemu_system_powerdown_request(); + powerdown_requested = 1; + qemu_notify_event(); +} + +void qemu_register_powerdown_notifier(Notifier *notifier) +{ + notifier_list_add(&powerdown_notifiers, notifier); +} + +void qemu_register_shutdown_notifier(Notifier *notifier) +{ + notifier_list_add(&shutdown_notifiers, notifier); +} + +void qemu_system_debug_request(void) +{ + debug_requested = 1; + qemu_notify_event(); +} + +static bool main_loop_should_exit(void) +{ + RunState r; + ShutdownCause request; + + if (preconfig_exit_requested) { + if (runstate_check(RUN_STATE_PRECONFIG)) { + runstate_set(RUN_STATE_PRELAUNCH); + } + preconfig_exit_requested = false; + return true; + } + if (qemu_debug_requested()) { + vm_stop(RUN_STATE_DEBUG); + } + if (qemu_suspend_requested()) { + qemu_system_suspend(); + } + request = qemu_shutdown_requested(); + if (request) { + qemu_kill_report(); + qemu_system_shutdown(request); + if (no_shutdown) { + vm_stop(RUN_STATE_SHUTDOWN); + } else { + return true; + } + } + request = qemu_reset_requested(); + if (request) { + pause_all_vcpus(); + qemu_system_reset(request); + resume_all_vcpus(); + /* + * runstate can change in pause_all_vcpus() + * as iothread mutex is unlocked + */ + if (!runstate_check(RUN_STATE_RUNNING) && + !runstate_check(RUN_STATE_INMIGRATE) && + !runstate_check(RUN_STATE_FINISH_MIGRATE)) { + runstate_set(RUN_STATE_PRELAUNCH); + } + } + if (qemu_wakeup_requested()) { + pause_all_vcpus(); + qemu_system_wakeup(); + notifier_list_notify(&wakeup_notifiers, &wakeup_reason); + wakeup_reason = QEMU_WAKEUP_REASON_NONE; + resume_all_vcpus(); + qapi_event_send_wakeup(); + } + if (qemu_powerdown_requested()) { + qemu_system_powerdown(); + } + if (qemu_vmstop_requested(&r)) { + vm_stop(r); + } + return false; +} + +static void main_loop(void) +{ +#ifdef CONFIG_PROFILER + int64_t ti; +#endif + while (!main_loop_should_exit()) { +#ifdef CONFIG_PROFILER + ti = profile_getclock(); +#endif + main_loop_wait(false); +#ifdef CONFIG_PROFILER + dev_time += profile_getclock() - ti; +#endif + } +} + +static void version(void) +{ + printf("QEMU emulator version " QEMU_FULL_VERSION "\n" + QEMU_COPYRIGHT "\n"); +} + +static void help(int exitcode) +{ + version(); + printf("usage: %s [options] [disk_image]\n\n" + "'disk_image' is a raw hard disk image for IDE hard disk 0\n\n", + error_get_progname()); + +#define QEMU_OPTIONS_GENERATE_HELP +#include "qemu-options-wrapper.h" + + printf("\nDuring emulation, the following keys are useful:\n" + "ctrl-alt-f toggle full screen\n" + "ctrl-alt-n switch to virtual console 'n'\n" + "ctrl-alt toggle mouse and keyboard grab\n" + "\n" + "When using -nographic, press 'ctrl-a h' to get some help.\n" + "\n" + QEMU_HELP_BOTTOM "\n"); + + exit(exitcode); +} + +#define HAS_ARG 0x0001 + +typedef struct QEMUOption { + const char *name; + int flags; + int index; + uint32_t arch_mask; +} QEMUOption; + +static const QEMUOption qemu_options[] = { + { "h", 0, QEMU_OPTION_h, QEMU_ARCH_ALL }, +#define QEMU_OPTIONS_GENERATE_OPTIONS +#include "qemu-options-wrapper.h" + { NULL }, +}; + +typedef struct VGAInterfaceInfo { + const char *opt_name; /* option name */ + const char *name; /* human-readable name */ + /* Class names indicating that support is available. + * If no class is specified, the interface is always available */ + const char *class_names[2]; +} VGAInterfaceInfo; + +static const VGAInterfaceInfo vga_interfaces[VGA_TYPE_MAX] = { + [VGA_NONE] = { + .opt_name = "none", + .name = "no graphic card", + }, + [VGA_STD] = { + .opt_name = "std", + .name = "standard VGA", + .class_names = { "VGA", "isa-vga" }, + }, + [VGA_CIRRUS] = { + .opt_name = "cirrus", + .name = "Cirrus VGA", + .class_names = { "cirrus-vga", "isa-cirrus-vga" }, + }, + [VGA_VMWARE] = { + .opt_name = "vmware", + .name = "VMWare SVGA", + .class_names = { "vmware-svga" }, + }, + [VGA_VIRTIO] = { + .opt_name = "virtio", + .name = "Virtio VGA", + .class_names = { "virtio-vga" }, + }, + [VGA_QXL] = { + .opt_name = "qxl", + .name = "QXL VGA", + .class_names = { "qxl-vga" }, + }, + [VGA_TCX] = { + .opt_name = "tcx", + .name = "TCX framebuffer", + .class_names = { "SUNW,tcx" }, + }, + [VGA_CG3] = { + .opt_name = "cg3", + .name = "CG3 framebuffer", + .class_names = { "cgthree" }, + }, + [VGA_XENFB] = { + .opt_name = "xenfb", + .name = "Xen paravirtualized framebuffer", + }, +}; + +static bool vga_interface_available(VGAInterfaceType t) +{ + const VGAInterfaceInfo *ti = &vga_interfaces[t]; + + assert(t < VGA_TYPE_MAX); + return !ti->class_names[0] || + object_class_by_name(ti->class_names[0]) || + object_class_by_name(ti->class_names[1]); +} + +static const char * +get_default_vga_model(const MachineClass *machine_class) +{ + if (machine_class->default_display) { + return machine_class->default_display; + } else if (vga_interface_available(VGA_CIRRUS)) { + return "cirrus"; + } else if (vga_interface_available(VGA_STD)) { + return "std"; + } + + return NULL; +} + +static void select_vgahw(const MachineClass *machine_class, const char *p) +{ + const char *opts; + int t; + + if (g_str_equal(p, "help")) { + const char *def = get_default_vga_model(machine_class); + + for (t = 0; t < VGA_TYPE_MAX; t++) { + const VGAInterfaceInfo *ti = &vga_interfaces[t]; + + if (vga_interface_available(t) && ti->opt_name) { + printf("%-20s %s%s\n", ti->opt_name, ti->name ?: "", + g_str_equal(ti->opt_name, def) ? " (default)" : ""); + } + } + exit(0); + } + + assert(vga_interface_type == VGA_NONE); + for (t = 0; t < VGA_TYPE_MAX; t++) { + const VGAInterfaceInfo *ti = &vga_interfaces[t]; + if (ti->opt_name && strstart(p, ti->opt_name, &opts)) { + if (!vga_interface_available(t)) { + error_report("%s not available", ti->name); + exit(1); + } + vga_interface_type = t; + break; + } + } + if (t == VGA_TYPE_MAX) { + invalid_vga: + error_report("unknown vga type: %s", p); + exit(1); + } + while (*opts) { + const char *nextopt; + + if (strstart(opts, ",retrace=", &nextopt)) { + opts = nextopt; + if (strstart(opts, "dumb", &nextopt)) + vga_retrace_method = VGA_RETRACE_DUMB; + else if (strstart(opts, "precise", &nextopt)) + vga_retrace_method = VGA_RETRACE_PRECISE; + else goto invalid_vga; + } else goto invalid_vga; + opts = nextopt; + } +} + +static void parse_display_qapi(const char *optarg) +{ + DisplayOptions *opts; + Visitor *v; + + v = qobject_input_visitor_new_str(optarg, "type", &error_fatal); + + visit_type_DisplayOptions(v, NULL, &opts, &error_fatal); + QAPI_CLONE_MEMBERS(DisplayOptions, &dpy, opts); + + qapi_free_DisplayOptions(opts); + visit_free(v); +} + +DisplayOptions *qmp_query_display_options(Error **errp) +{ + return QAPI_CLONE(DisplayOptions, &dpy); +} + +static void parse_display(const char *p) +{ + const char *opts; + + if (is_help_option(p)) { + qemu_display_help(); + exit(0); + } + + if (strstart(p, "sdl", &opts)) { + /* + * sdl DisplayType needs hand-crafted parser instead of + * parse_display_qapi() due to some options not in + * DisplayOptions, specifically: + * - frame + * Already deprecated. + * - ctrl_grab + alt_grab + * Not clear yet what happens to them long-term. Should + * replaced by something better or deprecated and dropped. + */ + dpy.type = DISPLAY_TYPE_SDL; + while (*opts) { + const char *nextopt; + + if (strstart(opts, ",alt_grab=", &nextopt)) { + opts = nextopt; + if (strstart(opts, "on", &nextopt)) { + alt_grab = 1; + } else if (strstart(opts, "off", &nextopt)) { + alt_grab = 0; + } else { + goto invalid_sdl_args; + } + } else if (strstart(opts, ",ctrl_grab=", &nextopt)) { + opts = nextopt; + if (strstart(opts, "on", &nextopt)) { + ctrl_grab = 1; + } else if (strstart(opts, "off", &nextopt)) { + ctrl_grab = 0; + } else { + goto invalid_sdl_args; + } + } else if (strstart(opts, ",window_close=", &nextopt)) { + opts = nextopt; + dpy.has_window_close = true; + if (strstart(opts, "on", &nextopt)) { + dpy.window_close = true; + } else if (strstart(opts, "off", &nextopt)) { + dpy.window_close = false; + } else { + goto invalid_sdl_args; + } + } else if (strstart(opts, ",show-cursor=", &nextopt)) { + opts = nextopt; + dpy.has_show_cursor = true; + if (strstart(opts, "on", &nextopt)) { + dpy.show_cursor = true; + } else if (strstart(opts, "off", &nextopt)) { + dpy.show_cursor = false; + } else { + goto invalid_sdl_args; + } + } else if (strstart(opts, ",gl=", &nextopt)) { + opts = nextopt; + dpy.has_gl = true; + if (strstart(opts, "on", &nextopt)) { + dpy.gl = DISPLAYGL_MODE_ON; + } else if (strstart(opts, "core", &nextopt)) { + dpy.gl = DISPLAYGL_MODE_CORE; + } else if (strstart(opts, "es", &nextopt)) { + dpy.gl = DISPLAYGL_MODE_ES; + } else if (strstart(opts, "off", &nextopt)) { + dpy.gl = DISPLAYGL_MODE_OFF; + } else { + goto invalid_sdl_args; + } + } else { + invalid_sdl_args: + error_report("invalid SDL option string"); + exit(1); + } + opts = nextopt; + } + } else if (strstart(p, "vnc", &opts)) { + /* + * vnc isn't a (local) DisplayType but a protocol for remote + * display access. + */ + if (*opts == '=') { + vnc_parse(opts + 1, &error_fatal); + } else { + error_report("VNC requires a display argument vnc="); + exit(1); + } + } else { + parse_display_qapi(p); + } +} + +char *qemu_find_file(int type, const char *name) +{ + int i; + const char *subdir; + char *buf; + + /* Try the name as a straight path first */ + if (access(name, R_OK) == 0) { + trace_load_file(name, name); + return g_strdup(name); + } + + switch (type) { + case QEMU_FILE_TYPE_BIOS: + subdir = ""; + break; + case QEMU_FILE_TYPE_KEYMAP: + subdir = "keymaps/"; + break; + default: + abort(); + } + + for (i = 0; i < data_dir_idx; i++) { + buf = g_strdup_printf("%s/%s%s", data_dir[i], subdir, name); + if (access(buf, R_OK) == 0) { + trace_load_file(name, buf); + return buf; + } + g_free(buf); + } + return NULL; +} + +static void qemu_add_data_dir(const char *path) +{ + int i; + + if (path == NULL) { + return; + } + if (data_dir_idx == ARRAY_SIZE(data_dir)) { + return; + } + for (i = 0; i < data_dir_idx; i++) { + if (strcmp(data_dir[i], path) == 0) { + return; /* duplicate */ + } + } + data_dir[data_dir_idx++] = g_strdup(path); +} + +static inline bool nonempty_str(const char *str) +{ + return str && *str; +} + +static int parse_fw_cfg(void *opaque, QemuOpts *opts, Error **errp) +{ + gchar *buf; + size_t size; + const char *name, *file, *str; + FWCfgState *fw_cfg = (FWCfgState *) opaque; + + if (fw_cfg == NULL) { + error_setg(errp, "fw_cfg device not available"); + return -1; + } + name = qemu_opt_get(opts, "name"); + file = qemu_opt_get(opts, "file"); + str = qemu_opt_get(opts, "string"); + + /* we need name and either a file or the content string */ + if (!(nonempty_str(name) && (nonempty_str(file) || nonempty_str(str)))) { + error_setg(errp, "invalid argument(s)"); + return -1; + } + if (nonempty_str(file) && nonempty_str(str)) { + error_setg(errp, "file and string are mutually exclusive"); + return -1; + } + if (strlen(name) > FW_CFG_MAX_FILE_PATH - 1) { + error_setg(errp, "name too long (max. %d char)", + FW_CFG_MAX_FILE_PATH - 1); + return -1; + } + if (strncmp(name, "opt/", 4) != 0) { + warn_report("externally provided fw_cfg item names " + "should be prefixed with \"opt/\""); + } + if (nonempty_str(str)) { + size = strlen(str); /* NUL terminator NOT included in fw_cfg blob */ + buf = g_memdup(str, size); + } else { + GError *err = NULL; + if (!g_file_get_contents(file, &buf, &size, &err)) { + error_setg(errp, "can't load %s: %s", file, err->message); + g_error_free(err); + return -1; + } + } + /* For legacy, keep user files in a specific global order. */ + fw_cfg_set_order_override(fw_cfg, FW_CFG_ORDER_OVERRIDE_USER); + fw_cfg_add_file(fw_cfg, name, buf, size); + fw_cfg_reset_order_override(fw_cfg); + return 0; +} + +static int device_help_func(void *opaque, QemuOpts *opts, Error **errp) +{ + return qdev_device_help(opts); +} + +static int device_init_func(void *opaque, QemuOpts *opts, Error **errp) +{ + DeviceState *dev; + + dev = qdev_device_add(opts, errp); + if (!dev && *errp) { + error_report_err(*errp); + return -1; + } else if (dev) { + object_unref(OBJECT(dev)); + } + return 0; +} + +static int chardev_init_func(void *opaque, QemuOpts *opts, Error **errp) +{ + Error *local_err = NULL; + + if (!qemu_chr_new_from_opts(opts, NULL, &local_err)) { + if (local_err) { + error_propagate(errp, local_err); + return -1; + } + exit(0); + } + return 0; +} + +#ifdef CONFIG_VIRTFS +static int fsdev_init_func(void *opaque, QemuOpts *opts, Error **errp) +{ + return qemu_fsdev_add(opts, errp); +} +#endif + +static int mon_init_func(void *opaque, QemuOpts *opts, Error **errp) +{ + return monitor_init_opts(opts, errp); +} + +static void monitor_parse(const char *optarg, const char *mode, bool pretty) +{ + static int monitor_device_index = 0; + QemuOpts *opts; + const char *p; + char label[32]; + + if (strstart(optarg, "chardev:", &p)) { + snprintf(label, sizeof(label), "%s", p); + } else { + snprintf(label, sizeof(label), "compat_monitor%d", + monitor_device_index); + opts = qemu_chr_parse_compat(label, optarg, true); + if (!opts) { + error_report("parse error: %s", optarg); + exit(1); + } + } + + opts = qemu_opts_create(qemu_find_opts("mon"), label, 1, &error_fatal); + qemu_opt_set(opts, "mode", mode, &error_abort); + qemu_opt_set(opts, "chardev", label, &error_abort); + if (!strcmp(mode, "control")) { + qemu_opt_set_bool(opts, "pretty", pretty, &error_abort); + } else { + assert(pretty == false); + } + monitor_device_index++; +} + +struct device_config { + enum { + DEV_USB, /* -usbdevice */ + DEV_SERIAL, /* -serial */ + DEV_PARALLEL, /* -parallel */ + DEV_DEBUGCON, /* -debugcon */ + DEV_GDB, /* -gdb, -s */ + DEV_SCLP, /* s390 sclp */ + } type; + const char *cmdline; + Location loc; + QTAILQ_ENTRY(device_config) next; +}; + +static QTAILQ_HEAD(, device_config) device_configs = + QTAILQ_HEAD_INITIALIZER(device_configs); + +static void add_device_config(int type, const char *cmdline) +{ + struct device_config *conf; + + conf = g_malloc0(sizeof(*conf)); + conf->type = type; + conf->cmdline = cmdline; + loc_save(&conf->loc); + QTAILQ_INSERT_TAIL(&device_configs, conf, next); +} + +static int foreach_device_config(int type, int (*func)(const char *cmdline)) +{ + struct device_config *conf; + int rc; + + QTAILQ_FOREACH(conf, &device_configs, next) { + if (conf->type != type) + continue; + loc_push_restore(&conf->loc); + rc = func(conf->cmdline); + loc_pop(&conf->loc); + if (rc) { + return rc; + } + } + return 0; +} + +static int serial_parse(const char *devname) +{ + int index = num_serial_hds; + char label[32]; + + if (strcmp(devname, "none") == 0) + return 0; + snprintf(label, sizeof(label), "serial%d", index); + serial_hds = g_renew(Chardev *, serial_hds, index + 1); + + serial_hds[index] = qemu_chr_new_mux_mon(label, devname, NULL); + if (!serial_hds[index]) { + error_report("could not connect serial device" + " to character backend '%s'", devname); + return -1; + } + num_serial_hds++; + return 0; +} + +Chardev *serial_hd(int i) +{ + assert(i >= 0); + if (i < num_serial_hds) { + return serial_hds[i]; + } + return NULL; +} + +int serial_max_hds(void) +{ + return num_serial_hds; +} + +static int parallel_parse(const char *devname) +{ + static int index = 0; + char label[32]; + + if (strcmp(devname, "none") == 0) + return 0; + if (index == MAX_PARALLEL_PORTS) { + error_report("too many parallel ports"); + exit(1); + } + snprintf(label, sizeof(label), "parallel%d", index); + parallel_hds[index] = qemu_chr_new_mux_mon(label, devname, NULL); + if (!parallel_hds[index]) { + error_report("could not connect parallel device" + " to character backend '%s'", devname); + return -1; + } + index++; + return 0; +} + +static int debugcon_parse(const char *devname) +{ + QemuOpts *opts; + + if (!qemu_chr_new_mux_mon("debugcon", devname, NULL)) { + error_report("invalid character backend '%s'", devname); + exit(1); + } + opts = qemu_opts_create(qemu_find_opts("device"), "debugcon", 1, NULL); + if (!opts) { + error_report("already have a debugcon device"); + exit(1); + } + qemu_opt_set(opts, "driver", "isa-debugcon", &error_abort); + qemu_opt_set(opts, "chardev", "debugcon", &error_abort); + return 0; +} + +static gint machine_class_cmp(gconstpointer a, gconstpointer b) +{ + const MachineClass *mc1 = a, *mc2 = b; + int res; + + if (mc1->family == NULL) { + if (mc2->family == NULL) { + /* Compare standalone machine types against each other; they sort + * in increasing order. + */ + return strcmp(object_class_get_name(OBJECT_CLASS(mc1)), + object_class_get_name(OBJECT_CLASS(mc2))); + } + + /* Standalone machine types sort after families. */ + return 1; + } + + if (mc2->family == NULL) { + /* Families sort before standalone machine types. */ + return -1; + } + + /* Families sort between each other alphabetically increasingly. */ + res = strcmp(mc1->family, mc2->family); + if (res != 0) { + return res; + } + + /* Within the same family, machine types sort in decreasing order. */ + return strcmp(object_class_get_name(OBJECT_CLASS(mc2)), + object_class_get_name(OBJECT_CLASS(mc1))); +} + +static MachineClass *machine_parse(const char *name, GSList *machines) +{ + MachineClass *mc; + GSList *el; + + if (is_help_option(name)) { + printf("Supported machines are:\n"); + machines = g_slist_sort(machines, machine_class_cmp); + for (el = machines; el; el = el->next) { + MachineClass *mc = el->data; + if (mc->alias) { + printf("%-20s %s (alias of %s)\n", mc->alias, mc->desc, mc->name); + } + printf("%-20s %s%s%s\n", mc->name, mc->desc, + mc->is_default ? " (default)" : "", + mc->deprecation_reason ? " (deprecated)" : ""); + } + exit(0); + } + + mc = find_machine(name, machines); + if (!mc) { + error_report("unsupported machine type"); + error_printf("Use -machine help to list supported machines\n"); + exit(1); + } + return mc; +} + +void qemu_add_exit_notifier(Notifier *notify) +{ + notifier_list_add(&exit_notifiers, notify); +} + +void qemu_remove_exit_notifier(Notifier *notify) +{ + notifier_remove(notify); +} + +static void qemu_run_exit_notifiers(void) +{ + notifier_list_notify(&exit_notifiers, NULL); +} + +static const char *pid_file; +static Notifier qemu_unlink_pidfile_notifier; + +static void qemu_unlink_pidfile(Notifier *n, void *data) +{ + if (pid_file) { + unlink(pid_file); + } +} + +bool machine_init_done; + +void qemu_add_machine_init_done_notifier(Notifier *notify) +{ + notifier_list_add(&machine_init_done_notifiers, notify); + if (machine_init_done) { + notify->notify(notify, NULL); + } +} + +void qemu_remove_machine_init_done_notifier(Notifier *notify) +{ + notifier_remove(notify); +} + +static void qemu_run_machine_init_done_notifiers(void) +{ + machine_init_done = true; + notifier_list_notify(&machine_init_done_notifiers, NULL); +} + +static const QEMUOption *lookup_opt(int argc, char **argv, + const char **poptarg, int *poptind) +{ + const QEMUOption *popt; + int optind = *poptind; + char *r = argv[optind]; + const char *optarg; + + loc_set_cmdline(argv, optind, 1); + optind++; + /* Treat --foo the same as -foo. */ + if (r[1] == '-') + r++; + popt = qemu_options; + for(;;) { + if (!popt->name) { + error_report("invalid option"); + exit(1); + } + if (!strcmp(popt->name, r + 1)) + break; + popt++; + } + if (popt->flags & HAS_ARG) { + if (optind >= argc) { + error_report("requires an argument"); + exit(1); + } + optarg = argv[optind++]; + loc_set_cmdline(argv, optind - 2, 2); + } else { + optarg = NULL; + } + + *poptarg = optarg; + *poptind = optind; + + return popt; +} + +static MachineClass *select_machine(void) +{ + GSList *machines = object_class_get_list(TYPE_MACHINE, false); + MachineClass *machine_class = find_default_machine(machines); + const char *optarg; + QemuOpts *opts; + Location loc; + + loc_push_none(&loc); + + opts = qemu_get_machine_opts(); + qemu_opts_loc_restore(opts); + + optarg = qemu_opt_get(opts, "type"); + if (optarg) { + machine_class = machine_parse(optarg, machines); + } + + if (!machine_class) { + error_report("No machine specified, and there is no default"); + error_printf("Use -machine help to list supported machines\n"); + exit(1); + } + + loc_pop(&loc); + g_slist_free(machines); + return machine_class; +} + +static int object_parse_property_opt(Object *obj, + const char *name, const char *value, + const char *skip, Error **errp) +{ + Error *local_err = NULL; + + if (g_str_equal(name, skip)) { + return 0; + } + + object_property_parse(obj, value, name, &local_err); + + if (local_err) { + error_propagate(errp, local_err); + return -1; + } + + return 0; +} + +static int machine_set_property(void *opaque, + const char *name, const char *value, + Error **errp) +{ + g_autofree char *qom_name = g_strdup(name); + char *p; + + for (p = qom_name; *p; p++) { + if (*p == '_') { + *p = '-'; + } + } + + /* Legacy options do not correspond to MachineState properties. */ + if (g_str_equal(qom_name, "accel")) { + return 0; + } + if (g_str_equal(qom_name, "igd-passthru")) { + object_register_sugar_prop(ACCEL_CLASS_NAME("xen"), qom_name, value); + return 0; + } + if (g_str_equal(qom_name, "kvm-shadow-mem") || + g_str_equal(qom_name, "kernel-irqchip")) { + object_register_sugar_prop(ACCEL_CLASS_NAME("kvm"), qom_name, value); + return 0; + } + + return object_parse_property_opt(opaque, name, value, "type", errp); +} + +/* + * Initial object creation happens before all other + * QEMU data types are created. The majority of objects + * can be created at this point. The rng-egd object + * cannot be created here, as it depends on the chardev + * already existing. + */ +static bool object_create_initial(const char *type, QemuOpts *opts) +{ + if (user_creatable_print_help(type, opts)) { + exit(0); + } + + /* + * Objects should not be made "delayed" without a reason. If you + * add one, state the reason in a comment! + */ + + /* Reason: rng-egd property "chardev" */ + if (g_str_equal(type, "rng-egd")) { + return false; + } + +#if defined(CONFIG_VHOST_USER) && defined(CONFIG_LINUX) + /* Reason: cryptodev-vhost-user property "chardev" */ + if (g_str_equal(type, "cryptodev-vhost-user")) { + return false; + } +#endif + + /* + * Reason: filter-* property "netdev" etc. + */ + if (g_str_equal(type, "filter-buffer") || + g_str_equal(type, "filter-dump") || + g_str_equal(type, "filter-mirror") || + g_str_equal(type, "filter-redirector") || + g_str_equal(type, "colo-compare") || + g_str_equal(type, "filter-rewriter") || + g_str_equal(type, "filter-replay")) { + return false; + } + + /* Memory allocation by backends needs to be done + * after configure_accelerator() (due to the tcg_enabled() + * checks at memory_region_init_*()). + * + * Also, allocation of large amounts of memory may delay + * chardev initialization for too long, and trigger timeouts + * on software that waits for a monitor socket to be created + * (e.g. libvirt). + */ + if (g_str_has_prefix(type, "memory-backend-")) { + return false; + } + + return true; +} + + +/* + * The remainder of object creation happens after the + * creation of chardev, fsdev, net clients and device data types. + */ +static bool object_create_delayed(const char *type, QemuOpts *opts) +{ + return !object_create_initial(type, opts); +} + + +static void set_memory_options(uint64_t *ram_slots, ram_addr_t *maxram_size, + MachineClass *mc) +{ + uint64_t sz; + const char *mem_str; + const ram_addr_t default_ram_size = mc->default_ram_size; + QemuOpts *opts = qemu_find_opts_singleton("memory"); + Location loc; + + loc_push_none(&loc); + qemu_opts_loc_restore(opts); + + sz = 0; + mem_str = qemu_opt_get(opts, "size"); + if (mem_str) { + if (!*mem_str) { + error_report("missing 'size' option value"); + exit(EXIT_FAILURE); + } + + sz = qemu_opt_get_size(opts, "size", ram_size); + + /* Fix up legacy suffix-less format */ + if (g_ascii_isdigit(mem_str[strlen(mem_str) - 1])) { + uint64_t overflow_check = sz; + + sz *= MiB; + if (sz / MiB != overflow_check) { + error_report("too large 'size' option value"); + exit(EXIT_FAILURE); + } + } + } + + /* backward compatibility behaviour for case "-m 0" */ + if (sz == 0) { + sz = default_ram_size; + } + + sz = QEMU_ALIGN_UP(sz, 8192); + ram_size = sz; + if (ram_size != sz) { + error_report("ram size too large"); + exit(EXIT_FAILURE); + } + + /* store value for the future use */ + qemu_opt_set_number(opts, "size", ram_size, &error_abort); + *maxram_size = ram_size; + + if (qemu_opt_get(opts, "maxmem")) { + uint64_t slots; + + sz = qemu_opt_get_size(opts, "maxmem", 0); + slots = qemu_opt_get_number(opts, "slots", 0); + if (sz < ram_size) { + error_report("invalid value of -m option maxmem: " + "maximum memory size (0x%" PRIx64 ") must be at least " + "the initial memory size (0x" RAM_ADDR_FMT ")", + sz, ram_size); + exit(EXIT_FAILURE); + } else if (slots && sz == ram_size) { + error_report("invalid value of -m option maxmem: " + "memory slots were specified but maximum memory size " + "(0x%" PRIx64 ") is equal to the initial memory size " + "(0x" RAM_ADDR_FMT ")", sz, ram_size); + exit(EXIT_FAILURE); + } + + *maxram_size = sz; + *ram_slots = slots; + } else if (qemu_opt_get(opts, "slots")) { + error_report("invalid -m option value: missing 'maxmem' option"); + exit(EXIT_FAILURE); + } + + loc_pop(&loc); +} + +static int global_init_func(void *opaque, QemuOpts *opts, Error **errp) +{ + GlobalProperty *g; + + g = g_malloc0(sizeof(*g)); + g->driver = qemu_opt_get(opts, "driver"); + g->property = qemu_opt_get(opts, "property"); + g->value = qemu_opt_get(opts, "value"); + qdev_prop_register_global(g); + return 0; +} + +static int qemu_read_default_config_file(void) +{ + int ret; + + ret = qemu_read_config_file(CONFIG_QEMU_CONFDIR "/qemu.conf"); + if (ret < 0 && ret != -ENOENT) { + return ret; + } + + return 0; +} + +static void user_register_global_props(void) +{ + qemu_opts_foreach(qemu_find_opts("global"), + global_init_func, NULL, NULL); +} + +static int do_configure_icount(void *opaque, QemuOpts *opts, Error **errp) +{ + configure_icount(opts, errp); + return 0; +} + +static int accelerator_set_property(void *opaque, + const char *name, const char *value, + Error **errp) +{ + return object_parse_property_opt(opaque, name, value, "accel", errp); +} + +static int do_configure_accelerator(void *opaque, QemuOpts *opts, Error **errp) +{ + bool *p_init_failed = opaque; + const char *acc = qemu_opt_get(opts, "accel"); + AccelClass *ac = accel_find(acc); + AccelState *accel; + int ret; + + if (!ac) { + *p_init_failed = true; + error_report("invalid accelerator %s", acc); + return 0; + } + accel = ACCEL(object_new_with_class(OBJECT_CLASS(ac))); + object_apply_compat_props(OBJECT(accel)); + qemu_opt_foreach(opts, accelerator_set_property, + accel, + &error_fatal); + + ret = accel_init_machine(accel, current_machine); + if (ret < 0) { + *p_init_failed = true; + error_report("failed to initialize %s: %s", + acc, strerror(-ret)); + return 0; + } + + return 1; +} + +static void configure_accelerators(const char *progname) +{ + const char *accel; + bool init_failed = false; + + qemu_opts_foreach(qemu_find_opts("icount"), + do_configure_icount, NULL, &error_fatal); + + accel = qemu_opt_get(qemu_get_machine_opts(), "accel"); + if (QTAILQ_EMPTY(&qemu_accel_opts.head)) { + char **accel_list, **tmp; + + if (accel == NULL) { + /* Select the default accelerator */ + bool have_tcg = accel_find("tcg"); + bool have_kvm = accel_find("kvm"); + + if (have_tcg && have_kvm) { + if (g_str_has_suffix(progname, "kvm")) { + /* If the program name ends with "kvm", we prefer KVM */ + accel = "kvm:tcg"; + } else { + accel = "tcg:kvm"; + } + } else if (have_kvm) { + accel = "kvm"; + } else if (have_tcg) { + accel = "tcg"; + } else { + error_report("No accelerator selected and" + " no default accelerator available"); + exit(1); + } + } + accel_list = g_strsplit(accel, ":", 0); + + for (tmp = accel_list; *tmp; tmp++) { + /* + * Filter invalid accelerators here, to prevent obscenities + * such as "-machine accel=tcg,,thread=single". + */ + if (accel_find(*tmp)) { + qemu_opts_parse_noisily(qemu_find_opts("accel"), *tmp, true); + } else { + init_failed = true; + error_report("invalid accelerator %s", *tmp); + } + } + g_strfreev(accel_list); + } else { + if (accel != NULL) { + error_report("The -accel and \"-machine accel=\" options are incompatible"); + exit(1); + } + } + + if (!qemu_opts_foreach(qemu_find_opts("accel"), + do_configure_accelerator, &init_failed, &error_fatal)) { + if (!init_failed) { + error_report("no accelerator found"); + } + exit(1); + } + + if (init_failed) { + AccelClass *ac = ACCEL_GET_CLASS(current_accel()); + error_report("falling back to %s", ac->name); + } + + if (use_icount && !(tcg_enabled() || qtest_enabled())) { + error_report("-icount is not allowed with hardware virtualization"); + exit(1); + } +} + +int main(int argc, char **argv, char **envp) +{ + int i; + int snapshot, linux_boot; + const char *initrd_filename; + const char *kernel_filename, *kernel_cmdline; + const char *boot_order = NULL; + const char *boot_once = NULL; + DisplayState *ds; + QemuOpts *opts, *machine_opts; + QemuOpts *icount_opts = NULL, *accel_opts = NULL; + QemuOptsList *olist; + int optind; + const char *optarg; + const char *loadvm = NULL; + MachineClass *machine_class; + const char *cpu_option; + const char *vga_model = NULL; + const char *qtest_chrdev = NULL; + const char *qtest_log = NULL; + const char *incoming = NULL; + bool userconfig = true; + bool nographic = false; + int display_remote = 0; + const char *log_mask = NULL; + const char *log_file = NULL; + char *trace_file = NULL; + ram_addr_t maxram_size; + uint64_t ram_slots = 0; + FILE *vmstate_dump_file = NULL; + Error *main_loop_err = NULL; + Error *err = NULL; + bool list_data_dirs = false; + char *dir, **dirs; + BlockdevOptionsQueue bdo_queue = QSIMPLEQ_HEAD_INITIALIZER(bdo_queue); + QemuPluginList plugin_list = QTAILQ_HEAD_INITIALIZER(plugin_list); + + os_set_line_buffering(); + + error_init(argv[0]); + module_call_init(MODULE_INIT_TRACE); + + qemu_init_cpu_list(); + qemu_init_cpu_loop(); + + qemu_mutex_lock_iothread(); + + atexit(qemu_run_exit_notifiers); + qemu_init_exec_dir(argv[0]); + + module_call_init(MODULE_INIT_QOM); + + qemu_add_opts(&qemu_drive_opts); + qemu_add_drive_opts(&qemu_legacy_drive_opts); + qemu_add_drive_opts(&qemu_common_drive_opts); + qemu_add_drive_opts(&qemu_drive_opts); + qemu_add_drive_opts(&bdrv_runtime_opts); + qemu_add_opts(&qemu_chardev_opts); + qemu_add_opts(&qemu_device_opts); + qemu_add_opts(&qemu_netdev_opts); + qemu_add_opts(&qemu_nic_opts); + qemu_add_opts(&qemu_net_opts); + qemu_add_opts(&qemu_rtc_opts); + qemu_add_opts(&qemu_global_opts); + qemu_add_opts(&qemu_mon_opts); + qemu_add_opts(&qemu_trace_opts); + qemu_plugin_add_opts(); + qemu_add_opts(&qemu_option_rom_opts); + qemu_add_opts(&qemu_machine_opts); + qemu_add_opts(&qemu_accel_opts); + qemu_add_opts(&qemu_mem_opts); + qemu_add_opts(&qemu_smp_opts); + qemu_add_opts(&qemu_boot_opts); + qemu_add_opts(&qemu_add_fd_opts); + qemu_add_opts(&qemu_object_opts); + qemu_add_opts(&qemu_tpmdev_opts); + qemu_add_opts(&qemu_realtime_opts); + qemu_add_opts(&qemu_overcommit_opts); + qemu_add_opts(&qemu_msg_opts); + qemu_add_opts(&qemu_name_opts); + qemu_add_opts(&qemu_numa_opts); + qemu_add_opts(&qemu_icount_opts); + qemu_add_opts(&qemu_semihosting_config_opts); + qemu_add_opts(&qemu_fw_cfg_opts); + module_call_init(MODULE_INIT_OPTS); + + runstate_init(); + precopy_infrastructure_init(); + postcopy_infrastructure_init(); + monitor_init_globals(); + + if (qcrypto_init(&err) < 0) { + error_reportf_err(err, "cannot initialize crypto: "); + exit(1); + } + + QTAILQ_INIT(&vm_change_state_head); + os_setup_early_signal_handling(); + + cpu_option = NULL; + snapshot = 0; + + nb_nics = 0; + + bdrv_init_with_whitelist(); + + autostart = 1; + + /* first pass of option parsing */ + optind = 1; + while (optind < argc) { + if (argv[optind][0] != '-') { + /* disk image */ + optind++; + } else { + const QEMUOption *popt; + + popt = lookup_opt(argc, argv, &optarg, &optind); + switch (popt->index) { + case QEMU_OPTION_nouserconfig: + userconfig = false; + break; + } + } + } + + if (userconfig) { + if (qemu_read_default_config_file() < 0) { + exit(1); + } + } + + /* second pass of option parsing */ + optind = 1; + for(;;) { + if (optind >= argc) + break; + if (argv[optind][0] != '-') { + loc_set_cmdline(argv, optind, 1); + drive_add(IF_DEFAULT, 0, argv[optind++], HD_OPTS); + } else { + const QEMUOption *popt; + + popt = lookup_opt(argc, argv, &optarg, &optind); + if (!(popt->arch_mask & arch_type)) { + error_report("Option not supported for this target"); + exit(1); + } + switch(popt->index) { + case QEMU_OPTION_cpu: + /* hw initialization will check this */ + cpu_option = optarg; + break; + case QEMU_OPTION_hda: + case QEMU_OPTION_hdb: + case QEMU_OPTION_hdc: + case QEMU_OPTION_hdd: + drive_add(IF_DEFAULT, popt->index - QEMU_OPTION_hda, optarg, + HD_OPTS); + break; + case QEMU_OPTION_blockdev: + { + Visitor *v; + BlockdevOptionsQueueEntry *bdo; + + v = qobject_input_visitor_new_str(optarg, "driver", + &error_fatal); + + bdo = g_new(BlockdevOptionsQueueEntry, 1); + visit_type_BlockdevOptions(v, NULL, &bdo->bdo, + &error_fatal); + visit_free(v); + loc_save(&bdo->loc); + QSIMPLEQ_INSERT_TAIL(&bdo_queue, bdo, entry); + break; + } + case QEMU_OPTION_drive: + if (drive_def(optarg) == NULL) { + exit(1); + } + break; + case QEMU_OPTION_set: + if (qemu_set_option(optarg) != 0) + exit(1); + break; + case QEMU_OPTION_global: + if (qemu_global_option(optarg) != 0) + exit(1); + break; + case QEMU_OPTION_mtdblock: + drive_add(IF_MTD, -1, optarg, MTD_OPTS); + break; + case QEMU_OPTION_sd: + drive_add(IF_SD, -1, optarg, SD_OPTS); + break; + case QEMU_OPTION_pflash: + drive_add(IF_PFLASH, -1, optarg, PFLASH_OPTS); + break; + case QEMU_OPTION_snapshot: + { + Error *blocker = NULL; + snapshot = 1; + error_setg(&blocker, QERR_REPLAY_NOT_SUPPORTED, + "-snapshot"); + replay_add_blocker(blocker); + } + break; + case QEMU_OPTION_numa: + opts = qemu_opts_parse_noisily(qemu_find_opts("numa"), + optarg, true); + if (!opts) { + exit(1); + } + break; + case QEMU_OPTION_display: + parse_display(optarg); + break; + case QEMU_OPTION_nographic: + olist = qemu_find_opts("machine"); + qemu_opts_parse_noisily(olist, "graphics=off", false); + nographic = true; + dpy.type = DISPLAY_TYPE_NONE; + break; + case QEMU_OPTION_curses: +#ifdef CONFIG_CURSES + dpy.type = DISPLAY_TYPE_CURSES; +#else + error_report("curses or iconv support is disabled"); + exit(1); +#endif + break; + case QEMU_OPTION_portrait: + graphic_rotate = 90; + break; + case QEMU_OPTION_rotate: + graphic_rotate = strtol(optarg, (char **) &optarg, 10); + if (graphic_rotate != 0 && graphic_rotate != 90 && + graphic_rotate != 180 && graphic_rotate != 270) { + error_report("only 90, 180, 270 deg rotation is available"); + exit(1); + } + break; + case QEMU_OPTION_kernel: + qemu_opts_set(qemu_find_opts("machine"), 0, "kernel", optarg, + &error_abort); + break; + case QEMU_OPTION_initrd: + qemu_opts_set(qemu_find_opts("machine"), 0, "initrd", optarg, + &error_abort); + break; + case QEMU_OPTION_append: + qemu_opts_set(qemu_find_opts("machine"), 0, "append", optarg, + &error_abort); + break; + case QEMU_OPTION_dtb: + qemu_opts_set(qemu_find_opts("machine"), 0, "dtb", optarg, + &error_abort); + break; + case QEMU_OPTION_cdrom: + drive_add(IF_DEFAULT, 2, optarg, CDROM_OPTS); + break; + case QEMU_OPTION_boot: + opts = qemu_opts_parse_noisily(qemu_find_opts("boot-opts"), + optarg, true); + if (!opts) { + exit(1); + } + break; + case QEMU_OPTION_fda: + case QEMU_OPTION_fdb: + drive_add(IF_FLOPPY, popt->index - QEMU_OPTION_fda, + optarg, FD_OPTS); + break; + case QEMU_OPTION_no_fd_bootchk: + fd_bootchk = 0; + break; + case QEMU_OPTION_netdev: + default_net = 0; + if (net_client_parse(qemu_find_opts("netdev"), optarg) == -1) { + exit(1); + } + break; + case QEMU_OPTION_nic: + default_net = 0; + if (net_client_parse(qemu_find_opts("nic"), optarg) == -1) { + exit(1); + } + break; + case QEMU_OPTION_net: + default_net = 0; + if (net_client_parse(qemu_find_opts("net"), optarg) == -1) { + exit(1); + } + break; +#ifdef CONFIG_LIBISCSI + case QEMU_OPTION_iscsi: + opts = qemu_opts_parse_noisily(qemu_find_opts("iscsi"), + optarg, false); + if (!opts) { + exit(1); + } + break; +#endif + case QEMU_OPTION_audio_help: + audio_legacy_help(); + exit (0); + break; + case QEMU_OPTION_audiodev: + audio_parse_option(optarg); + break; + case QEMU_OPTION_soundhw: + select_soundhw (optarg); + break; + case QEMU_OPTION_h: + help(0); + break; + case QEMU_OPTION_version: + version(); + exit(0); + break; + case QEMU_OPTION_m: + opts = qemu_opts_parse_noisily(qemu_find_opts("memory"), + optarg, true); + if (!opts) { + exit(EXIT_FAILURE); + } + break; +#ifdef CONFIG_TPM + case QEMU_OPTION_tpmdev: + if (tpm_config_parse(qemu_find_opts("tpmdev"), optarg) < 0) { + exit(1); + } + break; +#endif + case QEMU_OPTION_mempath: + mem_path = optarg; + break; + case QEMU_OPTION_mem_prealloc: + mem_prealloc = 1; + break; + case QEMU_OPTION_d: + log_mask = optarg; + break; + case QEMU_OPTION_D: + log_file = optarg; + break; + case QEMU_OPTION_DFILTER: + qemu_set_dfilter_ranges(optarg, &error_fatal); + break; + case QEMU_OPTION_seed: + qemu_guest_random_seed_main(optarg, &error_fatal); + break; + case QEMU_OPTION_s: + add_device_config(DEV_GDB, "tcp::" DEFAULT_GDBSTUB_PORT); + break; + case QEMU_OPTION_gdb: + add_device_config(DEV_GDB, optarg); + break; + case QEMU_OPTION_L: + if (is_help_option(optarg)) { + list_data_dirs = true; + } else { + qemu_add_data_dir(optarg); + } + break; + case QEMU_OPTION_bios: + qemu_opts_set(qemu_find_opts("machine"), 0, "firmware", optarg, + &error_abort); + break; + case QEMU_OPTION_singlestep: + singlestep = 1; + break; + case QEMU_OPTION_S: + autostart = 0; + break; + case QEMU_OPTION_k: + keyboard_layout = optarg; + break; + case QEMU_OPTION_vga: + vga_model = optarg; + default_vga = 0; + break; + case QEMU_OPTION_g: + { + const char *p; + int w, h, depth; + p = optarg; + w = strtol(p, (char **)&p, 10); + if (w <= 0) { + graphic_error: + error_report("invalid resolution or depth"); + exit(1); + } + if (*p != 'x') + goto graphic_error; + p++; + h = strtol(p, (char **)&p, 10); + if (h <= 0) + goto graphic_error; + if (*p == 'x') { + p++; + depth = strtol(p, (char **)&p, 10); + if (depth != 1 && depth != 2 && depth != 4 && + depth != 8 && depth != 15 && depth != 16 && + depth != 24 && depth != 32) + goto graphic_error; + } else if (*p == '\0') { + depth = graphic_depth; + } else { + goto graphic_error; + } + + graphic_width = w; + graphic_height = h; + graphic_depth = depth; + } + break; + case QEMU_OPTION_echr: + { + char *r; + term_escape_char = strtol(optarg, &r, 0); + if (r == optarg) + printf("Bad argument to echr\n"); + break; + } + case QEMU_OPTION_monitor: + default_monitor = 0; + if (strncmp(optarg, "none", 4)) { + monitor_parse(optarg, "readline", false); + } + break; + case QEMU_OPTION_qmp: + monitor_parse(optarg, "control", false); + default_monitor = 0; + break; + case QEMU_OPTION_qmp_pretty: + monitor_parse(optarg, "control", true); + default_monitor = 0; + break; + case QEMU_OPTION_mon: + opts = qemu_opts_parse_noisily(qemu_find_opts("mon"), optarg, + true); + if (!opts) { + exit(1); + } + default_monitor = 0; + break; + case QEMU_OPTION_chardev: + opts = qemu_opts_parse_noisily(qemu_find_opts("chardev"), + optarg, true); + if (!opts) { + exit(1); + } + break; + case QEMU_OPTION_fsdev: + olist = qemu_find_opts("fsdev"); + if (!olist) { + error_report("fsdev support is disabled"); + exit(1); + } + opts = qemu_opts_parse_noisily(olist, optarg, true); + if (!opts) { + exit(1); + } + break; + case QEMU_OPTION_virtfs: { + QemuOpts *fsdev; + QemuOpts *device; + const char *writeout, *sock_fd, *socket, *path, *security_model, + *multidevs; + + olist = qemu_find_opts("virtfs"); + if (!olist) { + error_report("virtfs support is disabled"); + exit(1); + } + opts = qemu_opts_parse_noisily(olist, optarg, true); + if (!opts) { + exit(1); + } + + if (qemu_opt_get(opts, "fsdriver") == NULL || + qemu_opt_get(opts, "mount_tag") == NULL) { + error_report("Usage: -virtfs fsdriver,mount_tag=tag"); + exit(1); + } + fsdev = qemu_opts_create(qemu_find_opts("fsdev"), + qemu_opts_id(opts) ?: + qemu_opt_get(opts, "mount_tag"), + 1, NULL); + if (!fsdev) { + error_report("duplicate or invalid fsdev id: %s", + qemu_opt_get(opts, "mount_tag")); + exit(1); + } + + writeout = qemu_opt_get(opts, "writeout"); + if (writeout) { +#ifdef CONFIG_SYNC_FILE_RANGE + qemu_opt_set(fsdev, "writeout", writeout, &error_abort); +#else + error_report("writeout=immediate not supported " + "on this platform"); + exit(1); +#endif + } + qemu_opt_set(fsdev, "fsdriver", + qemu_opt_get(opts, "fsdriver"), &error_abort); + path = qemu_opt_get(opts, "path"); + if (path) { + qemu_opt_set(fsdev, "path", path, &error_abort); + } + security_model = qemu_opt_get(opts, "security_model"); + if (security_model) { + qemu_opt_set(fsdev, "security_model", security_model, + &error_abort); + } + socket = qemu_opt_get(opts, "socket"); + if (socket) { + qemu_opt_set(fsdev, "socket", socket, &error_abort); + } + sock_fd = qemu_opt_get(opts, "sock_fd"); + if (sock_fd) { + qemu_opt_set(fsdev, "sock_fd", sock_fd, &error_abort); + } + + qemu_opt_set_bool(fsdev, "readonly", + qemu_opt_get_bool(opts, "readonly", 0), + &error_abort); + multidevs = qemu_opt_get(opts, "multidevs"); + if (multidevs) { + qemu_opt_set(fsdev, "multidevs", multidevs, &error_abort); + } + device = qemu_opts_create(qemu_find_opts("device"), NULL, 0, + &error_abort); + qemu_opt_set(device, "driver", "virtio-9p-pci", &error_abort); + qemu_opt_set(device, "fsdev", + qemu_opts_id(fsdev), &error_abort); + qemu_opt_set(device, "mount_tag", + qemu_opt_get(opts, "mount_tag"), &error_abort); + break; + } + case QEMU_OPTION_serial: + add_device_config(DEV_SERIAL, optarg); + default_serial = 0; + if (strncmp(optarg, "mon:", 4) == 0) { + default_monitor = 0; + } + break; + case QEMU_OPTION_watchdog: + if (watchdog) { + error_report("only one watchdog option may be given"); + return 1; + } + watchdog = optarg; + break; + case QEMU_OPTION_watchdog_action: + if (select_watchdog_action(optarg) == -1) { + error_report("unknown -watchdog-action parameter"); + exit(1); + } + break; + case QEMU_OPTION_parallel: + add_device_config(DEV_PARALLEL, optarg); + default_parallel = 0; + if (strncmp(optarg, "mon:", 4) == 0) { + default_monitor = 0; + } + break; + case QEMU_OPTION_debugcon: + add_device_config(DEV_DEBUGCON, optarg); + break; + case QEMU_OPTION_loadvm: + loadvm = optarg; + break; + case QEMU_OPTION_full_screen: + dpy.has_full_screen = true; + dpy.full_screen = true; + break; + case QEMU_OPTION_alt_grab: + alt_grab = 1; + break; + case QEMU_OPTION_ctrl_grab: + ctrl_grab = 1; + break; + case QEMU_OPTION_no_quit: + dpy.has_window_close = true; + dpy.window_close = false; + break; + case QEMU_OPTION_sdl: +#ifdef CONFIG_SDL + dpy.type = DISPLAY_TYPE_SDL; + break; +#else + error_report("SDL support is disabled"); + exit(1); +#endif + case QEMU_OPTION_pidfile: + pid_file = optarg; + break; + case QEMU_OPTION_win2k_hack: + win2k_install_hack = 1; + break; + case QEMU_OPTION_acpitable: + opts = qemu_opts_parse_noisily(qemu_find_opts("acpi"), + optarg, true); + if (!opts) { + exit(1); + } + acpi_table_add(opts, &error_fatal); + break; + case QEMU_OPTION_smbios: + opts = qemu_opts_parse_noisily(qemu_find_opts("smbios"), + optarg, false); + if (!opts) { + exit(1); + } + smbios_entry_add(opts, &error_fatal); + break; + case QEMU_OPTION_fwcfg: + opts = qemu_opts_parse_noisily(qemu_find_opts("fw_cfg"), + optarg, true); + if (opts == NULL) { + exit(1); + } + break; + case QEMU_OPTION_preconfig: + preconfig_exit_requested = false; + break; + case QEMU_OPTION_enable_kvm: + olist = qemu_find_opts("machine"); + qemu_opts_parse_noisily(olist, "accel=kvm", false); + break; + case QEMU_OPTION_M: + case QEMU_OPTION_machine: + olist = qemu_find_opts("machine"); + opts = qemu_opts_parse_noisily(olist, optarg, true); + if (!opts) { + exit(1); + } + break; + case QEMU_OPTION_no_kvm: + olist = qemu_find_opts("machine"); + qemu_opts_parse_noisily(olist, "accel=tcg", false); + break; + case QEMU_OPTION_accel: + accel_opts = qemu_opts_parse_noisily(qemu_find_opts("accel"), + optarg, true); + optarg = qemu_opt_get(accel_opts, "accel"); + if (!optarg || is_help_option(optarg)) { + printf("Accelerators supported in QEMU binary:\n"); + GSList *el, *accel_list = object_class_get_list(TYPE_ACCEL, + false); + for (el = accel_list; el; el = el->next) { + gchar *typename = g_strdup(object_class_get_name( + OBJECT_CLASS(el->data))); + /* omit qtest which is used for tests only */ + if (g_strcmp0(typename, ACCEL_CLASS_NAME("qtest")) && + g_str_has_suffix(typename, ACCEL_CLASS_SUFFIX)) { + gchar **optname = g_strsplit(typename, + ACCEL_CLASS_SUFFIX, 0); + printf("%s\n", optname[0]); + g_strfreev(optname); + } + g_free(typename); + } + g_slist_free(accel_list); + exit(0); + } + if (optarg && strchr(optarg, ':')) { + error_report("Don't use ':' with -accel, " + "use -M accel=... for now instead"); + exit(1); + } + break; + case QEMU_OPTION_usb: + olist = qemu_find_opts("machine"); + qemu_opts_parse_noisily(olist, "usb=on", false); + break; + case QEMU_OPTION_usbdevice: + error_report("'-usbdevice' is deprecated, please use " + "'-device usb-...' instead"); + olist = qemu_find_opts("machine"); + qemu_opts_parse_noisily(olist, "usb=on", false); + add_device_config(DEV_USB, optarg); + break; + case QEMU_OPTION_device: + if (!qemu_opts_parse_noisily(qemu_find_opts("device"), + optarg, true)) { + exit(1); + } + break; + case QEMU_OPTION_smp: + if (!qemu_opts_parse_noisily(qemu_find_opts("smp-opts"), + optarg, true)) { + exit(1); + } + break; + case QEMU_OPTION_vnc: + vnc_parse(optarg, &error_fatal); + break; + case QEMU_OPTION_no_acpi: + acpi_enabled = 0; + break; + case QEMU_OPTION_no_hpet: + no_hpet = 1; + break; + case QEMU_OPTION_no_reboot: + no_reboot = 1; + break; + case QEMU_OPTION_no_shutdown: + no_shutdown = 1; + break; + case QEMU_OPTION_show_cursor: + warn_report("The -show-cursor option is deprecated, " + "use -display {sdl,gtk},show-cursor=on instead"); + dpy.has_show_cursor = true; + dpy.show_cursor = true; + break; + case QEMU_OPTION_uuid: + if (qemu_uuid_parse(optarg, &qemu_uuid) < 0) { + error_report("failed to parse UUID string: wrong format"); + exit(1); + } + qemu_uuid_set = true; + break; + case QEMU_OPTION_option_rom: + if (nb_option_roms >= MAX_OPTION_ROMS) { + error_report("too many option ROMs"); + exit(1); + } + opts = qemu_opts_parse_noisily(qemu_find_opts("option-rom"), + optarg, true); + if (!opts) { + exit(1); + } + option_rom[nb_option_roms].name = qemu_opt_get(opts, "romfile"); + option_rom[nb_option_roms].bootindex = + qemu_opt_get_number(opts, "bootindex", -1); + if (!option_rom[nb_option_roms].name) { + error_report("Option ROM file is not specified"); + exit(1); + } + nb_option_roms++; + break; + case QEMU_OPTION_semihosting: + qemu_semihosting_enable(); + break; + case QEMU_OPTION_semihosting_config: + if (qemu_semihosting_config_options(optarg) != 0) { + exit(1); + } + break; + case QEMU_OPTION_name: + opts = qemu_opts_parse_noisily(qemu_find_opts("name"), + optarg, true); + if (!opts) { + exit(1); + } + break; + case QEMU_OPTION_prom_env: + if (nb_prom_envs >= MAX_PROM_ENVS) { + error_report("too many prom variables"); + exit(1); + } + prom_envs[nb_prom_envs] = optarg; + nb_prom_envs++; + break; + case QEMU_OPTION_old_param: + old_param = 1; + break; + case QEMU_OPTION_rtc: + opts = qemu_opts_parse_noisily(qemu_find_opts("rtc"), optarg, + false); + if (!opts) { + exit(1); + } + break; + case QEMU_OPTION_tb_size: +#ifndef CONFIG_TCG + error_report("TCG is disabled"); + exit(1); +#endif + warn_report("The -tb-size option is deprecated, use -accel tcg,tb-size instead"); + object_register_sugar_prop(ACCEL_CLASS_NAME("tcg"), "tb-size", optarg); + break; + case QEMU_OPTION_icount: + icount_opts = qemu_opts_parse_noisily(qemu_find_opts("icount"), + optarg, true); + if (!icount_opts) { + exit(1); + } + break; + case QEMU_OPTION_incoming: + if (!incoming) { + runstate_set(RUN_STATE_INMIGRATE); + } + incoming = optarg; + break; + case QEMU_OPTION_only_migratable: + only_migratable = 1; + break; + case QEMU_OPTION_nodefaults: + has_defaults = 0; + break; + case QEMU_OPTION_xen_domid: + if (!(xen_available())) { + error_report("Option not supported for this target"); + exit(1); + } + xen_domid = atoi(optarg); + break; + case QEMU_OPTION_xen_attach: + if (!(xen_available())) { + error_report("Option not supported for this target"); + exit(1); + } + xen_mode = XEN_ATTACH; + break; + case QEMU_OPTION_xen_domid_restrict: + if (!(xen_available())) { + error_report("Option not supported for this target"); + exit(1); + } + xen_domid_restrict = true; + break; + case QEMU_OPTION_trace: + g_free(trace_file); + trace_file = trace_opt_parse(optarg); + break; + case QEMU_OPTION_plugin: + qemu_plugin_opt_parse(optarg, &plugin_list); + break; + case QEMU_OPTION_readconfig: + { + int ret = qemu_read_config_file(optarg); + if (ret < 0) { + error_report("read config %s: %s", optarg, + strerror(-ret)); + exit(1); + } + break; + } + case QEMU_OPTION_spice: + olist = qemu_find_opts("spice"); + if (!olist) { + error_report("spice support is disabled"); + exit(1); + } + opts = qemu_opts_parse_noisily(olist, optarg, false); + if (!opts) { + exit(1); + } + display_remote++; + break; + case QEMU_OPTION_writeconfig: + { + FILE *fp; + if (strcmp(optarg, "-") == 0) { + fp = stdout; + } else { + fp = fopen(optarg, "w"); + if (fp == NULL) { + error_report("open %s: %s", optarg, + strerror(errno)); + exit(1); + } + } + qemu_config_write(fp); + if (fp != stdout) { + fclose(fp); + } + break; + } + case QEMU_OPTION_qtest: + qtest_chrdev = optarg; + break; + case QEMU_OPTION_qtest_log: + qtest_log = optarg; + break; + case QEMU_OPTION_sandbox: + olist = qemu_find_opts("sandbox"); + if (!olist) { +#ifndef CONFIG_SECCOMP + error_report("-sandbox support is not enabled " + "in this QEMU binary"); +#endif + exit(1); + } + + opts = qemu_opts_parse_noisily(olist, optarg, true); + if (!opts) { + exit(1); + } + break; + case QEMU_OPTION_add_fd: +#ifndef _WIN32 + opts = qemu_opts_parse_noisily(qemu_find_opts("add-fd"), + optarg, false); + if (!opts) { + exit(1); + } +#else + error_report("File descriptor passing is disabled on this " + "platform"); + exit(1); +#endif + break; + case QEMU_OPTION_object: + opts = qemu_opts_parse_noisily(qemu_find_opts("object"), + optarg, true); + if (!opts) { + exit(1); + } + break; + case QEMU_OPTION_realtime: + warn_report("'-realtime mlock=...' is deprecated, please use " + "'-overcommit mem-lock=...' instead"); + opts = qemu_opts_parse_noisily(qemu_find_opts("realtime"), + optarg, false); + if (!opts) { + exit(1); + } + /* Don't override the -overcommit option if set */ + enable_mlock = enable_mlock || + qemu_opt_get_bool(opts, "mlock", true); + break; + case QEMU_OPTION_overcommit: + opts = qemu_opts_parse_noisily(qemu_find_opts("overcommit"), + optarg, false); + if (!opts) { + exit(1); + } + /* Don't override the -realtime option if set */ + enable_mlock = enable_mlock || + qemu_opt_get_bool(opts, "mem-lock", false); + enable_cpu_pm = qemu_opt_get_bool(opts, "cpu-pm", false); + break; + case QEMU_OPTION_msg: + opts = qemu_opts_parse_noisily(qemu_find_opts("msg"), optarg, + false); + if (!opts) { + exit(1); + } + configure_msg(opts); + break; + case QEMU_OPTION_dump_vmstate: + if (vmstate_dump_file) { + error_report("only one '-dump-vmstate' " + "option may be given"); + exit(1); + } + vmstate_dump_file = fopen(optarg, "w"); + if (vmstate_dump_file == NULL) { + error_report("open %s: %s", optarg, strerror(errno)); + exit(1); + } + break; + case QEMU_OPTION_enable_sync_profile: + qsp_enable(); + break; + case QEMU_OPTION_nouserconfig: + /* Nothing to be parsed here. Especially, do not error out below. */ + break; + default: + if (os_parse_cmd_args(popt->index, optarg)) { + error_report("Option not supported in this build"); + exit(1); + } + } + } + } + /* + * Clear error location left behind by the loop. + * Best done right after the loop. Do not insert code here! + */ + loc_set_none(); + + user_register_global_props(); + + replay_configure(icount_opts); + + if (incoming && !preconfig_exit_requested) { + error_report("'preconfig' and 'incoming' options are " + "mutually exclusive"); + exit(EXIT_FAILURE); + } + + configure_rtc(qemu_find_opts_singleton("rtc")); + + machine_class = select_machine(); + object_set_machine_compat_props(machine_class->compat_props); + + set_memory_options(&ram_slots, &maxram_size, machine_class); + + os_daemonize(); + rcu_disable_atfork(); + + if (pid_file && !qemu_write_pidfile(pid_file, &err)) { + error_reportf_err(err, "cannot create PID file: "); + exit(1); + } + + qemu_unlink_pidfile_notifier.notify = qemu_unlink_pidfile; + qemu_add_exit_notifier(&qemu_unlink_pidfile_notifier); + + if (qemu_init_main_loop(&main_loop_err)) { + error_report_err(main_loop_err); + exit(1); + } + +#ifdef CONFIG_SECCOMP + olist = qemu_find_opts_err("sandbox", NULL); + if (olist) { + qemu_opts_foreach(olist, parse_sandbox, NULL, &error_fatal); + } +#endif + + qemu_opts_foreach(qemu_find_opts("name"), + parse_name, NULL, &error_fatal); + +#ifndef _WIN32 + qemu_opts_foreach(qemu_find_opts("add-fd"), + parse_add_fd, NULL, &error_fatal); + + qemu_opts_foreach(qemu_find_opts("add-fd"), + cleanup_add_fd, NULL, &error_fatal); +#endif + + current_machine = MACHINE(object_new_with_class(OBJECT_CLASS(machine_class))); + if (machine_help_func(qemu_get_machine_opts(), current_machine)) { + exit(0); + } + object_property_add_child(object_get_root(), "machine", + OBJECT(current_machine), &error_abort); + object_property_add_child(container_get(OBJECT(current_machine), + "/unattached"), + "sysbus", OBJECT(sysbus_get_default()), + NULL); + + if (machine_class->minimum_page_bits) { + if (!set_preferred_target_page_bits(machine_class->minimum_page_bits)) { + /* This would be a board error: specifying a minimum smaller than + * a target's compile-time fixed setting. + */ + g_assert_not_reached(); + } + } + + cpu_exec_init_all(); + + if (machine_class->hw_version) { + qemu_set_hw_version(machine_class->hw_version); + } + + if (cpu_option && is_help_option(cpu_option)) { + list_cpus(cpu_option); + exit(0); + } + + if (!trace_init_backends()) { + exit(1); + } + trace_init_file(trace_file); + + /* Open the logfile at this point and set the log mask if necessary. + */ + qemu_set_log_filename(log_file, &error_fatal); + if (log_mask) { + int mask; + mask = qemu_str_to_log_mask(log_mask); + if (!mask) { + qemu_print_log_usage(stdout); + exit(1); + } + qemu_set_log(mask); + } else { + qemu_set_log(0); + } + + /* add configured firmware directories */ + dirs = g_strsplit(CONFIG_QEMU_FIRMWAREPATH, G_SEARCHPATH_SEPARATOR_S, 0); + for (i = 0; dirs[i] != NULL; i++) { + qemu_add_data_dir(dirs[i]); + } + g_strfreev(dirs); + + /* try to find datadir relative to the executable path */ + dir = os_find_datadir(); + qemu_add_data_dir(dir); + g_free(dir); + + /* add the datadir specified when building */ + qemu_add_data_dir(CONFIG_QEMU_DATADIR); + + /* -L help lists the data directories and exits. */ + if (list_data_dirs) { + for (i = 0; i < data_dir_idx; i++) { + printf("%s\n", data_dir[i]); + } + exit(0); + } + + /* machine_class: default to UP */ + machine_class->max_cpus = machine_class->max_cpus ?: 1; + machine_class->min_cpus = machine_class->min_cpus ?: 1; + machine_class->default_cpus = machine_class->default_cpus ?: 1; + + /* default to machine_class->default_cpus */ + current_machine->smp.cpus = machine_class->default_cpus; + current_machine->smp.max_cpus = machine_class->default_cpus; + current_machine->smp.cores = 1; + current_machine->smp.threads = 1; + + machine_class->smp_parse(current_machine, + qemu_opts_find(qemu_find_opts("smp-opts"), NULL)); + + /* sanity-check smp_cpus and max_cpus against machine_class */ + if (current_machine->smp.cpus < machine_class->min_cpus) { + error_report("Invalid SMP CPUs %d. The min CPUs " + "supported by machine '%s' is %d", + current_machine->smp.cpus, + machine_class->name, machine_class->min_cpus); + exit(1); + } + if (current_machine->smp.max_cpus > machine_class->max_cpus) { + error_report("Invalid SMP CPUs %d. The max CPUs " + "supported by machine '%s' is %d", + current_machine->smp.max_cpus, + machine_class->name, machine_class->max_cpus); + exit(1); + } + + /* + * Get the default machine options from the machine if it is not already + * specified either by the configuration file or by the command line. + */ + if (machine_class->default_machine_opts) { + qemu_opts_set_defaults(qemu_find_opts("machine"), + machine_class->default_machine_opts, 0); + } + + /* process plugin before CPUs are created, but once -smp has been parsed */ + if (qemu_plugin_load_list(&plugin_list)) { + exit(1); + } + + qemu_opts_foreach(qemu_find_opts("device"), + default_driver_check, NULL, NULL); + qemu_opts_foreach(qemu_find_opts("global"), + default_driver_check, NULL, NULL); + + if (!vga_model && !default_vga) { + vga_interface_type = VGA_DEVICE; + } + if (!has_defaults || machine_class->no_serial) { + default_serial = 0; + } + if (!has_defaults || machine_class->no_parallel) { + default_parallel = 0; + } + if (!has_defaults || machine_class->no_floppy) { + default_floppy = 0; + } + if (!has_defaults || machine_class->no_cdrom) { + default_cdrom = 0; + } + if (!has_defaults || machine_class->no_sdcard) { + default_sdcard = 0; + } + if (!has_defaults) { + default_monitor = 0; + default_net = 0; + default_vga = 0; + } + + if (is_daemonized()) { + if (!preconfig_exit_requested) { + error_report("'preconfig' and 'daemonize' options are " + "mutually exclusive"); + exit(EXIT_FAILURE); + } + + /* According to documentation and historically, -nographic redirects + * serial port, parallel port and monitor to stdio, which does not work + * with -daemonize. We can redirect these to null instead, but since + * -nographic is legacy, let's just error out. + * We disallow -nographic only if all other ports are not redirected + * explicitly, to not break existing legacy setups which uses + * -nographic _and_ redirects all ports explicitly - this is valid + * usage, -nographic is just a no-op in this case. + */ + if (nographic + && (default_parallel || default_serial || default_monitor)) { + error_report("-nographic cannot be used with -daemonize"); + exit(1); + } +#ifdef CONFIG_CURSES + if (dpy.type == DISPLAY_TYPE_CURSES) { + error_report("curses display cannot be used with -daemonize"); + exit(1); + } +#endif + } + + if (nographic) { + if (default_parallel) + add_device_config(DEV_PARALLEL, "null"); + if (default_serial && default_monitor) { + add_device_config(DEV_SERIAL, "mon:stdio"); + } else { + if (default_serial) + add_device_config(DEV_SERIAL, "stdio"); + if (default_monitor) + monitor_parse("stdio", "readline", false); + } + } else { + if (default_serial) + add_device_config(DEV_SERIAL, "vc:80Cx24C"); + if (default_parallel) + add_device_config(DEV_PARALLEL, "vc:80Cx24C"); + if (default_monitor) + monitor_parse("vc:80Cx24C", "readline", false); + } + +#if defined(CONFIG_VNC) + if (!QTAILQ_EMPTY(&(qemu_find_opts("vnc")->head))) { + display_remote++; + } +#endif + if (dpy.type == DISPLAY_TYPE_DEFAULT && !display_remote) { + if (!qemu_display_find_default(&dpy)) { + dpy.type = DISPLAY_TYPE_NONE; +#if defined(CONFIG_VNC) + vnc_parse("localhost:0,to=99,id=default", &error_abort); +#endif + } + } + if (dpy.type == DISPLAY_TYPE_DEFAULT) { + dpy.type = DISPLAY_TYPE_NONE; + } + + if ((alt_grab || ctrl_grab) && dpy.type != DISPLAY_TYPE_SDL) { + error_report("-alt-grab and -ctrl-grab are only valid " + "for SDL, ignoring option"); + } + if (dpy.has_window_close && + (dpy.type != DISPLAY_TYPE_GTK && dpy.type != DISPLAY_TYPE_SDL)) { + error_report("-no-quit is only valid for GTK and SDL, " + "ignoring option"); + } + + qemu_display_early_init(&dpy); + qemu_console_early_init(); + + if (dpy.has_gl && dpy.gl != DISPLAYGL_MODE_OFF && display_opengl == 0) { +#if defined(CONFIG_OPENGL) + error_report("OpenGL is not supported by the display"); +#else + error_report("OpenGL support is disabled"); +#endif + exit(1); + } + + page_size_init(); + socket_init(); + + qemu_opts_foreach(qemu_find_opts("object"), + user_creatable_add_opts_foreach, + object_create_initial, &error_fatal); + + qemu_opts_foreach(qemu_find_opts("chardev"), + chardev_init_func, NULL, &error_fatal); + /* now chardevs have been created we may have semihosting to connect */ + qemu_semihosting_connect_chardevs(); + +#ifdef CONFIG_VIRTFS + qemu_opts_foreach(qemu_find_opts("fsdev"), + fsdev_init_func, NULL, &error_fatal); +#endif + + if (qemu_opts_foreach(qemu_find_opts("device"), + device_help_func, NULL, NULL)) { + exit(0); + } + + /* + * Note: we need to create block backends before + * machine_set_property(), so machine properties can refer to + * them. + */ + configure_blockdev(&bdo_queue, machine_class, snapshot); + + machine_opts = qemu_get_machine_opts(); + qemu_opt_foreach(machine_opts, machine_set_property, current_machine, + &error_fatal); + current_machine->ram_size = ram_size; + current_machine->maxram_size = maxram_size; + current_machine->ram_slots = ram_slots; + + /* + * Note: uses machine properties such as kernel-irqchip, must run + * after machine_set_property(). + */ + configure_accelerators(argv[0]); + + /* + * Beware, QOM objects created before this point miss global and + * compat properties. + * + * Global properties get set up by qdev_prop_register_global(), + * called from user_register_global_props(), and certain option + * desugaring. Also in CPU feature desugaring (buried in + * parse_cpu_option()), which happens below this point, but may + * only target the CPU type, which can only be created after + * parse_cpu_option() returned the type. + * + * Machine compat properties: object_set_machine_compat_props(). + * Accelerator compat props: object_set_accelerator_compat_props(), + * called from configure_accelerator(). + */ + + if (!qtest_enabled() && machine_class->deprecation_reason) { + error_report("Machine type '%s' is deprecated: %s", + machine_class->name, machine_class->deprecation_reason); + } + + /* + * Note: creates a QOM object, must run only after global and + * compat properties have been set up. + */ + migration_object_init(); + + if (qtest_chrdev) { + qtest_server_init(qtest_chrdev, qtest_log, &error_fatal); + } + + machine_opts = qemu_get_machine_opts(); + kernel_filename = qemu_opt_get(machine_opts, "kernel"); + initrd_filename = qemu_opt_get(machine_opts, "initrd"); + kernel_cmdline = qemu_opt_get(machine_opts, "append"); + bios_name = qemu_opt_get(machine_opts, "firmware"); + + opts = qemu_opts_find(qemu_find_opts("boot-opts"), NULL); + if (opts) { + boot_order = qemu_opt_get(opts, "order"); + if (boot_order) { + validate_bootdevices(boot_order, &error_fatal); + } + + boot_once = qemu_opt_get(opts, "once"); + if (boot_once) { + validate_bootdevices(boot_once, &error_fatal); + } + + boot_menu = qemu_opt_get_bool(opts, "menu", boot_menu); + boot_strict = qemu_opt_get_bool(opts, "strict", false); + } + + if (!boot_order) { + boot_order = machine_class->default_boot_order; + } + + if (!kernel_cmdline) { + kernel_cmdline = ""; + current_machine->kernel_cmdline = (char *)kernel_cmdline; + } + + linux_boot = (kernel_filename != NULL); + + if (!linux_boot && *kernel_cmdline != '\0') { + error_report("-append only allowed with -kernel option"); + exit(1); + } + + if (!linux_boot && initrd_filename != NULL) { + error_report("-initrd only allowed with -kernel option"); + exit(1); + } + + if (semihosting_enabled() && !semihosting_get_argc() && kernel_filename) { + /* fall back to the -kernel/-append */ + semihosting_arg_fallback(kernel_filename, kernel_cmdline); + } + + /* spice needs the timers to be initialized by this point */ + qemu_spice_init(); + + cpu_ticks_init(); + + if (default_net) { + QemuOptsList *net = qemu_find_opts("net"); + qemu_opts_set(net, NULL, "type", "nic", &error_abort); +#ifdef CONFIG_SLIRP + qemu_opts_set(net, NULL, "type", "user", &error_abort); +#endif + } + + if (net_init_clients(&err) < 0) { + error_report_err(err); + exit(1); + } + + qemu_opts_foreach(qemu_find_opts("object"), + user_creatable_add_opts_foreach, + object_create_delayed, &error_fatal); + + tpm_init(); + + if (!xen_enabled()) { + /* On 32-bit hosts, QEMU is limited by virtual address space */ + if (ram_size > (2047 << 20) && HOST_LONG_BITS == 32) { + error_report("at most 2047 MB RAM can be simulated"); + exit(1); + } + } + + blk_mig_init(); + ram_mig_init(); + dirty_bitmap_mig_init(); + + qemu_opts_foreach(qemu_find_opts("mon"), + mon_init_func, NULL, &error_fatal); + + /* connect semihosting console input if requested */ + qemu_semihosting_console_init(); + + if (foreach_device_config(DEV_SERIAL, serial_parse) < 0) + exit(1); + if (foreach_device_config(DEV_PARALLEL, parallel_parse) < 0) + exit(1); + if (foreach_device_config(DEV_DEBUGCON, debugcon_parse) < 0) + exit(1); + + /* If no default VGA is requested, the default is "none". */ + if (default_vga) { + vga_model = get_default_vga_model(machine_class); + } + if (vga_model) { + select_vgahw(machine_class, vga_model); + } + + if (watchdog) { + i = select_watchdog(watchdog); + if (i > 0) + exit (i == 1 ? 1 : 0); + } + + /* This checkpoint is required by replay to separate prior clock + reading from the other reads, because timer polling functions query + clock values from the log. */ + replay_checkpoint(CHECKPOINT_INIT); + qdev_machine_init(); + + current_machine->boot_order = boot_order; + + /* parse features once if machine provides default cpu_type */ + current_machine->cpu_type = machine_class->default_cpu_type; + if (cpu_option) { + current_machine->cpu_type = parse_cpu_option(cpu_option); + } + parse_numa_opts(current_machine); + + /* do monitor/qmp handling at preconfig state if requested */ + main_loop(); + + audio_init_audiodevs(); + + /* from here on runstate is RUN_STATE_PRELAUNCH */ + machine_run_board_init(current_machine); + + realtime_init(); + + soundhw_init(); + + if (hax_enabled()) { + hax_sync_vcpus(); + } + + qemu_opts_foreach(qemu_find_opts("fw_cfg"), + parse_fw_cfg, fw_cfg_find(), &error_fatal); + + /* init USB devices */ + if (machine_usb(current_machine)) { + if (foreach_device_config(DEV_USB, usb_parse) < 0) + exit(1); + } + + /* init generic devices */ + rom_set_order_override(FW_CFG_ORDER_OVERRIDE_DEVICE); + qemu_opts_foreach(qemu_find_opts("device"), + device_init_func, NULL, &error_fatal); + + cpu_synchronize_all_post_init(); + + rom_reset_order_override(); + + /* Did we create any drives that we failed to create a device for? */ + drive_check_orphaned(); + + /* Don't warn about the default network setup that you get if + * no command line -net or -netdev options are specified. There + * are two cases that we would otherwise complain about: + * (1) board doesn't support a NIC but the implicit "-net nic" + * requested one + * (2) CONFIG_SLIRP not set, in which case the implicit "-net nic" + * sets up a nic that isn't connected to anything. + */ + if (!default_net && (!qtest_enabled() || has_defaults)) { + net_check_clients(); + } + + if (boot_once) { + qemu_boot_set(boot_once, &error_fatal); + qemu_register_reset(restore_boot_order, g_strdup(boot_order)); + } + + /* init local displays */ + ds = init_displaystate(); + qemu_display_init(ds, &dpy); + + /* must be after terminal init, SDL library changes signal handlers */ + os_setup_signal_handling(); + + /* init remote displays */ +#ifdef CONFIG_VNC + qemu_opts_foreach(qemu_find_opts("vnc"), + vnc_init_func, NULL, &error_fatal); +#endif + + if (using_spice) { + qemu_spice_display_init(); + } + + if (foreach_device_config(DEV_GDB, gdbserver_start) < 0) { + exit(1); + } + + qdev_machine_creation_done(); + + /* TODO: once all bus devices are qdevified, this should be done + * when bus is created by qdev.c */ + /* + * TODO: If we had a main 'reset container' that the whole system + * lived in, we could reset that using the multi-phase reset + * APIs. For the moment, we just reset the sysbus, which will cause + * all devices hanging off it (and all their child buses, recursively) + * to be reset. Note that this will *not* reset any Device objects + * which are not attached to some part of the qbus tree! + */ + qemu_register_reset(resettable_cold_reset_fn, sysbus_get_default()); + qemu_run_machine_init_done_notifiers(); + + if (rom_check_and_register_reset() != 0) { + error_report("rom check and register reset failed"); + exit(1); + } + + replay_start(); + + /* This checkpoint is required by replay to separate prior clock + reading from the other reads, because timer polling functions query + clock values from the log. */ + replay_checkpoint(CHECKPOINT_RESET); + qemu_system_reset(SHUTDOWN_CAUSE_NONE); + register_global_state(); + if (loadvm) { + Error *local_err = NULL; + if (load_snapshot(loadvm, &local_err) < 0) { + error_report_err(local_err); + autostart = 0; + exit(1); + } + } + if (replay_mode != REPLAY_MODE_NONE) { + replay_vmstate_init(); + } + + qdev_prop_check_globals(); + if (vmstate_dump_file) { + /* dump and exit */ + dump_vmstate_json_to_file(vmstate_dump_file); + return 0; + } + + if (incoming) { + Error *local_err = NULL; + qemu_start_incoming_migration(incoming, &local_err); + if (local_err) { + error_reportf_err(local_err, "-incoming %s: ", incoming); + exit(1); + } + } else if (autostart) { + vm_start(); + } + + accel_setup_post(current_machine); + os_setup_post(); + + main_loop(); + + gdbserver_cleanup(); + + /* + * cleaning up the migration object cancels any existing migration + * try to do this early so that it also stops using devices. + */ + migration_shutdown(); + + /* + * We must cancel all block jobs while the block layer is drained, + * or cancelling will be affected by throttling and thus may block + * for an extended period of time. + * vm_shutdown() will bdrv_drain_all(), so we may as well include + * it in the drained section. + * We do not need to end this section, because we do not want any + * requests happening from here on anyway. + */ + bdrv_drain_all_begin(); + + /* No more vcpu or device emulation activity beyond this point */ + vm_shutdown(); + replay_finish(); + + job_cancel_sync_all(); + bdrv_close_all(); + + res_free(); + + /* vhost-user must be cleaned up before chardevs. */ + tpm_cleanup(); + net_cleanup(); + audio_cleanup(); + monitor_cleanup(); + qemu_chr_cleanup(); + user_creatable_cleanup(); + /* TODO: unref root container, check all devices are ok */ + + return 0; +} diff --git a/vl.c b/vl.c deleted file mode 100644 index 794f2e5..0000000 --- a/vl.c +++ /dev/null @@ -1,4447 +0,0 @@ -/* - * QEMU System Emulator - * - * Copyright (c) 2003-2008 Fabrice Bellard - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL - * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -#include "qemu/osdep.h" -#include "qemu-common.h" -#include "qemu/units.h" -#include "hw/qdev-properties.h" -#include "qapi/error.h" -#include "qemu-version.h" -#include "qemu/cutils.h" -#include "qemu/help_option.h" -#include "qemu/uuid.h" -#include "sysemu/reset.h" -#include "sysemu/runstate.h" -#include "sysemu/seccomp.h" -#include "sysemu/tcg.h" - -#ifdef CONFIG_SDL -#if defined(__APPLE__) || defined(main) -#include -int qemu_main(int argc, char **argv, char **envp); -int main(int argc, char **argv) -{ - return qemu_main(argc, argv, NULL); -} -#undef main -#define main qemu_main -#endif -#endif /* CONFIG_SDL */ - -#ifdef CONFIG_COCOA -#undef main -#define main qemu_main -#endif /* CONFIG_COCOA */ - - -#include "qemu/error-report.h" -#include "qemu/sockets.h" -#include "sysemu/accel.h" -#include "hw/usb.h" -#include "hw/isa/isa.h" -#include "hw/scsi/scsi.h" -#include "hw/display/vga.h" -#include "sysemu/watchdog.h" -#include "hw/firmware/smbios.h" -#include "hw/acpi/acpi.h" -#include "hw/xen/xen.h" -#include "hw/loader.h" -#include "monitor/qdev.h" -#include "net/net.h" -#include "net/slirp.h" -#include "monitor/monitor.h" -#include "ui/console.h" -#include "ui/input.h" -#include "sysemu/sysemu.h" -#include "sysemu/numa.h" -#include "exec/gdbstub.h" -#include "qemu/timer.h" -#include "chardev/char.h" -#include "qemu/bitmap.h" -#include "qemu/log.h" -#include "sysemu/blockdev.h" -#include "hw/block/block.h" -#include "migration/misc.h" -#include "migration/snapshot.h" -#include "migration/global_state.h" -#include "sysemu/tpm.h" -#include "sysemu/dma.h" -#include "hw/audio/soundhw.h" -#include "audio/audio.h" -#include "sysemu/cpus.h" -#include "migration/colo.h" -#include "migration/postcopy-ram.h" -#include "sysemu/kvm.h" -#include "sysemu/hax.h" -#include "qapi/qobject-input-visitor.h" -#include "qemu/option.h" -#include "qemu/config-file.h" -#include "qemu-options.h" -#include "qemu/main-loop.h" -#ifdef CONFIG_VIRTFS -#include "fsdev/qemu-fsdev.h" -#endif -#include "sysemu/qtest.h" - -#include "disas/disas.h" - -#include "trace-root.h" -#include "trace/control.h" -#include "qemu/plugin.h" -#include "qemu/queue.h" -#include "sysemu/arch_init.h" - -#include "ui/qemu-spice.h" -#include "qapi/string-input-visitor.h" -#include "qapi/opts-visitor.h" -#include "qapi/clone-visitor.h" -#include "qom/object_interfaces.h" -#include "hw/semihosting/semihost.h" -#include "crypto/init.h" -#include "sysemu/replay.h" -#include "qapi/qapi-events-run-state.h" -#include "qapi/qapi-visit-block-core.h" -#include "qapi/qapi-visit-ui.h" -#include "qapi/qapi-commands-block-core.h" -#include "qapi/qapi-commands-run-state.h" -#include "qapi/qapi-commands-ui.h" -#include "qapi/qmp/qerror.h" -#include "sysemu/iothread.h" -#include "qemu/guest-random.h" - -#define MAX_VIRTIO_CONSOLES 1 - -static const char *data_dir[16]; -static int data_dir_idx; -const char *bios_name = NULL; -enum vga_retrace_method vga_retrace_method = VGA_RETRACE_DUMB; -int display_opengl; -const char* keyboard_layout = NULL; -ram_addr_t ram_size; -const char *mem_path = NULL; -int mem_prealloc = 0; /* force preallocation of physical target memory */ -bool enable_mlock = false; -bool enable_cpu_pm = false; -int nb_nics; -NICInfo nd_table[MAX_NICS]; -int autostart; -static enum { - RTC_BASE_UTC, - RTC_BASE_LOCALTIME, - RTC_BASE_DATETIME, -} rtc_base_type = RTC_BASE_UTC; -static time_t rtc_ref_start_datetime; -static int rtc_realtime_clock_offset; /* used only with QEMU_CLOCK_REALTIME */ -static int rtc_host_datetime_offset = -1; /* valid & used only with - RTC_BASE_DATETIME */ -QEMUClockType rtc_clock; -int vga_interface_type = VGA_NONE; -static DisplayOptions dpy; -static int num_serial_hds; -static Chardev **serial_hds; -Chardev *parallel_hds[MAX_PARALLEL_PORTS]; -int win2k_install_hack = 0; -int singlestep = 0; -int acpi_enabled = 1; -int no_hpet = 0; -int fd_bootchk = 1; -static int no_reboot; -int no_shutdown = 0; -int graphic_rotate = 0; -const char *watchdog; -QEMUOptionRom option_rom[MAX_OPTION_ROMS]; -int nb_option_roms; -int old_param = 0; -const char *qemu_name; -int alt_grab = 0; -int ctrl_grab = 0; -unsigned int nb_prom_envs = 0; -const char *prom_envs[MAX_PROM_ENVS]; -int boot_menu; -bool boot_strict; -uint8_t *boot_splash_filedata; -int only_migratable; /* turn it off unless user states otherwise */ -bool wakeup_suspend_enabled; - -int icount_align_option; - -/* The bytes in qemu_uuid are in the order specified by RFC4122, _not_ in the - * little-endian "wire format" described in the SMBIOS 2.6 specification. - */ -QemuUUID qemu_uuid; -bool qemu_uuid_set; - -static NotifierList exit_notifiers = - NOTIFIER_LIST_INITIALIZER(exit_notifiers); - -static NotifierList machine_init_done_notifiers = - NOTIFIER_LIST_INITIALIZER(machine_init_done_notifiers); - -bool xen_allowed; -uint32_t xen_domid; -enum xen_mode xen_mode = XEN_EMULATE; -bool xen_domid_restrict; - -static int has_defaults = 1; -static int default_serial = 1; -static int default_parallel = 1; -static int default_monitor = 1; -static int default_floppy = 1; -static int default_cdrom = 1; -static int default_sdcard = 1; -static int default_vga = 1; -static int default_net = 1; - -static struct { - const char *driver; - int *flag; -} default_list[] = { - { .driver = "isa-serial", .flag = &default_serial }, - { .driver = "isa-parallel", .flag = &default_parallel }, - { .driver = "isa-fdc", .flag = &default_floppy }, - { .driver = "floppy", .flag = &default_floppy }, - { .driver = "ide-cd", .flag = &default_cdrom }, - { .driver = "ide-hd", .flag = &default_cdrom }, - { .driver = "ide-drive", .flag = &default_cdrom }, - { .driver = "scsi-cd", .flag = &default_cdrom }, - { .driver = "scsi-hd", .flag = &default_cdrom }, - { .driver = "VGA", .flag = &default_vga }, - { .driver = "isa-vga", .flag = &default_vga }, - { .driver = "cirrus-vga", .flag = &default_vga }, - { .driver = "isa-cirrus-vga", .flag = &default_vga }, - { .driver = "vmware-svga", .flag = &default_vga }, - { .driver = "qxl-vga", .flag = &default_vga }, - { .driver = "virtio-vga", .flag = &default_vga }, - { .driver = "ati-vga", .flag = &default_vga }, - { .driver = "vhost-user-vga", .flag = &default_vga }, -}; - -static QemuOptsList qemu_rtc_opts = { - .name = "rtc", - .head = QTAILQ_HEAD_INITIALIZER(qemu_rtc_opts.head), - .merge_lists = true, - .desc = { - { - .name = "base", - .type = QEMU_OPT_STRING, - },{ - .name = "clock", - .type = QEMU_OPT_STRING, - },{ - .name = "driftfix", - .type = QEMU_OPT_STRING, - }, - { /* end of list */ } - }, -}; - -static QemuOptsList qemu_option_rom_opts = { - .name = "option-rom", - .implied_opt_name = "romfile", - .head = QTAILQ_HEAD_INITIALIZER(qemu_option_rom_opts.head), - .desc = { - { - .name = "bootindex", - .type = QEMU_OPT_NUMBER, - }, { - .name = "romfile", - .type = QEMU_OPT_STRING, - }, - { /* end of list */ } - }, -}; - -static QemuOptsList qemu_machine_opts = { - .name = "machine", - .implied_opt_name = "type", - .merge_lists = true, - .head = QTAILQ_HEAD_INITIALIZER(qemu_machine_opts.head), - .desc = { - /* - * no elements => accept any - * sanity checking will happen later - * when setting machine properties - */ - { } - }, -}; - -static QemuOptsList qemu_accel_opts = { - .name = "accel", - .implied_opt_name = "accel", - .head = QTAILQ_HEAD_INITIALIZER(qemu_accel_opts.head), - .desc = { - /* - * no elements => accept any - * sanity checking will happen later - * when setting accelerator properties - */ - { } - }, -}; - -static QemuOptsList qemu_boot_opts = { - .name = "boot-opts", - .implied_opt_name = "order", - .merge_lists = true, - .head = QTAILQ_HEAD_INITIALIZER(qemu_boot_opts.head), - .desc = { - { - .name = "order", - .type = QEMU_OPT_STRING, - }, { - .name = "once", - .type = QEMU_OPT_STRING, - }, { - .name = "menu", - .type = QEMU_OPT_BOOL, - }, { - .name = "splash", - .type = QEMU_OPT_STRING, - }, { - .name = "splash-time", - .type = QEMU_OPT_NUMBER, - }, { - .name = "reboot-timeout", - .type = QEMU_OPT_NUMBER, - }, { - .name = "strict", - .type = QEMU_OPT_BOOL, - }, - { /*End of list */ } - }, -}; - -static QemuOptsList qemu_add_fd_opts = { - .name = "add-fd", - .head = QTAILQ_HEAD_INITIALIZER(qemu_add_fd_opts.head), - .desc = { - { - .name = "fd", - .type = QEMU_OPT_NUMBER, - .help = "file descriptor of which a duplicate is added to fd set", - },{ - .name = "set", - .type = QEMU_OPT_NUMBER, - .help = "ID of the fd set to add fd to", - },{ - .name = "opaque", - .type = QEMU_OPT_STRING, - .help = "free-form string used to describe fd", - }, - { /* end of list */ } - }, -}; - -static QemuOptsList qemu_object_opts = { - .name = "object", - .implied_opt_name = "qom-type", - .head = QTAILQ_HEAD_INITIALIZER(qemu_object_opts.head), - .desc = { - { } - }, -}; - -static QemuOptsList qemu_tpmdev_opts = { - .name = "tpmdev", - .implied_opt_name = "type", - .head = QTAILQ_HEAD_INITIALIZER(qemu_tpmdev_opts.head), - .desc = { - /* options are defined in the TPM backends */ - { /* end of list */ } - }, -}; - -static QemuOptsList qemu_realtime_opts = { - .name = "realtime", - .head = QTAILQ_HEAD_INITIALIZER(qemu_realtime_opts.head), - .desc = { - { - .name = "mlock", - .type = QEMU_OPT_BOOL, - }, - { /* end of list */ } - }, -}; - -static QemuOptsList qemu_overcommit_opts = { - .name = "overcommit", - .head = QTAILQ_HEAD_INITIALIZER(qemu_overcommit_opts.head), - .desc = { - { - .name = "mem-lock", - .type = QEMU_OPT_BOOL, - }, - { - .name = "cpu-pm", - .type = QEMU_OPT_BOOL, - }, - { /* end of list */ } - }, -}; - -static QemuOptsList qemu_msg_opts = { - .name = "msg", - .head = QTAILQ_HEAD_INITIALIZER(qemu_msg_opts.head), - .desc = { - { - .name = "timestamp", - .type = QEMU_OPT_BOOL, - }, - { /* end of list */ } - }, -}; - -static QemuOptsList qemu_name_opts = { - .name = "name", - .implied_opt_name = "guest", - .merge_lists = true, - .head = QTAILQ_HEAD_INITIALIZER(qemu_name_opts.head), - .desc = { - { - .name = "guest", - .type = QEMU_OPT_STRING, - .help = "Sets the name of the guest.\n" - "This name will be displayed in the SDL window caption.\n" - "The name will also be used for the VNC server", - }, { - .name = "process", - .type = QEMU_OPT_STRING, - .help = "Sets the name of the QEMU process, as shown in top etc", - }, { - .name = "debug-threads", - .type = QEMU_OPT_BOOL, - .help = "When enabled, name the individual threads; defaults off.\n" - "NOTE: The thread names are for debugging and not a\n" - "stable API.", - }, - { /* End of list */ } - }, -}; - -static QemuOptsList qemu_mem_opts = { - .name = "memory", - .implied_opt_name = "size", - .head = QTAILQ_HEAD_INITIALIZER(qemu_mem_opts.head), - .merge_lists = true, - .desc = { - { - .name = "size", - .type = QEMU_OPT_SIZE, - }, - { - .name = "slots", - .type = QEMU_OPT_NUMBER, - }, - { - .name = "maxmem", - .type = QEMU_OPT_SIZE, - }, - { /* end of list */ } - }, -}; - -static QemuOptsList qemu_icount_opts = { - .name = "icount", - .implied_opt_name = "shift", - .merge_lists = true, - .head = QTAILQ_HEAD_INITIALIZER(qemu_icount_opts.head), - .desc = { - { - .name = "shift", - .type = QEMU_OPT_STRING, - }, { - .name = "align", - .type = QEMU_OPT_BOOL, - }, { - .name = "sleep", - .type = QEMU_OPT_BOOL, - }, { - .name = "rr", - .type = QEMU_OPT_STRING, - }, { - .name = "rrfile", - .type = QEMU_OPT_STRING, - }, { - .name = "rrsnapshot", - .type = QEMU_OPT_STRING, - }, - { /* end of list */ } - }, -}; - -static QemuOptsList qemu_fw_cfg_opts = { - .name = "fw_cfg", - .implied_opt_name = "name", - .head = QTAILQ_HEAD_INITIALIZER(qemu_fw_cfg_opts.head), - .desc = { - { - .name = "name", - .type = QEMU_OPT_STRING, - .help = "Sets the fw_cfg name of the blob to be inserted", - }, { - .name = "file", - .type = QEMU_OPT_STRING, - .help = "Sets the name of the file from which " - "the fw_cfg blob will be loaded", - }, { - .name = "string", - .type = QEMU_OPT_STRING, - .help = "Sets content of the blob to be inserted from a string", - }, - { /* end of list */ } - }, -}; - -/** - * Get machine options - * - * Returns: machine options (never null). - */ -QemuOpts *qemu_get_machine_opts(void) -{ - return qemu_find_opts_singleton("machine"); -} - -const char *qemu_get_vm_name(void) -{ - return qemu_name; -} - -static void res_free(void) -{ - g_free(boot_splash_filedata); - boot_splash_filedata = NULL; -} - -static int default_driver_check(void *opaque, QemuOpts *opts, Error **errp) -{ - const char *driver = qemu_opt_get(opts, "driver"); - int i; - - if (!driver) - return 0; - for (i = 0; i < ARRAY_SIZE(default_list); i++) { - if (strcmp(default_list[i].driver, driver) != 0) - continue; - *(default_list[i].flag) = 0; - } - return 0; -} - -/***********************************************************/ -/* QEMU state */ - -static RunState current_run_state = RUN_STATE_PRECONFIG; - -/* We use RUN_STATE__MAX but any invalid value will do */ -static RunState vmstop_requested = RUN_STATE__MAX; -static QemuMutex vmstop_lock; - -typedef struct { - RunState from; - RunState to; -} RunStateTransition; - -static const RunStateTransition runstate_transitions_def[] = { - /* from -> to */ - { RUN_STATE_PRECONFIG, RUN_STATE_PRELAUNCH }, - /* Early switch to inmigrate state to allow -incoming CLI option work - * as it used to. TODO: delay actual switching to inmigrate state to - * the point after machine is built and remove this hack. - */ - { RUN_STATE_PRECONFIG, RUN_STATE_INMIGRATE }, - - { RUN_STATE_DEBUG, RUN_STATE_RUNNING }, - { RUN_STATE_DEBUG, RUN_STATE_FINISH_MIGRATE }, - { RUN_STATE_DEBUG, RUN_STATE_PRELAUNCH }, - - { RUN_STATE_INMIGRATE, RUN_STATE_INTERNAL_ERROR }, - { RUN_STATE_INMIGRATE, RUN_STATE_IO_ERROR }, - { RUN_STATE_INMIGRATE, RUN_STATE_PAUSED }, - { RUN_STATE_INMIGRATE, RUN_STATE_RUNNING }, - { RUN_STATE_INMIGRATE, RUN_STATE_SHUTDOWN }, - { RUN_STATE_INMIGRATE, RUN_STATE_SUSPENDED }, - { RUN_STATE_INMIGRATE, RUN_STATE_WATCHDOG }, - { RUN_STATE_INMIGRATE, RUN_STATE_GUEST_PANICKED }, - { RUN_STATE_INMIGRATE, RUN_STATE_FINISH_MIGRATE }, - { RUN_STATE_INMIGRATE, RUN_STATE_PRELAUNCH }, - { RUN_STATE_INMIGRATE, RUN_STATE_POSTMIGRATE }, - { RUN_STATE_INMIGRATE, RUN_STATE_COLO }, - - { RUN_STATE_INTERNAL_ERROR, RUN_STATE_PAUSED }, - { RUN_STATE_INTERNAL_ERROR, RUN_STATE_FINISH_MIGRATE }, - { RUN_STATE_INTERNAL_ERROR, RUN_STATE_PRELAUNCH }, - - { RUN_STATE_IO_ERROR, RUN_STATE_RUNNING }, - { RUN_STATE_IO_ERROR, RUN_STATE_FINISH_MIGRATE }, - { RUN_STATE_IO_ERROR, RUN_STATE_PRELAUNCH }, - - { RUN_STATE_PAUSED, RUN_STATE_RUNNING }, - { RUN_STATE_PAUSED, RUN_STATE_FINISH_MIGRATE }, - { RUN_STATE_PAUSED, RUN_STATE_POSTMIGRATE }, - { RUN_STATE_PAUSED, RUN_STATE_PRELAUNCH }, - { RUN_STATE_PAUSED, RUN_STATE_COLO}, - - { RUN_STATE_POSTMIGRATE, RUN_STATE_RUNNING }, - { RUN_STATE_POSTMIGRATE, RUN_STATE_FINISH_MIGRATE }, - { RUN_STATE_POSTMIGRATE, RUN_STATE_PRELAUNCH }, - - { RUN_STATE_PRELAUNCH, RUN_STATE_RUNNING }, - { RUN_STATE_PRELAUNCH, RUN_STATE_FINISH_MIGRATE }, - { RUN_STATE_PRELAUNCH, RUN_STATE_INMIGRATE }, - - { RUN_STATE_FINISH_MIGRATE, RUN_STATE_RUNNING }, - { RUN_STATE_FINISH_MIGRATE, RUN_STATE_PAUSED }, - { RUN_STATE_FINISH_MIGRATE, RUN_STATE_POSTMIGRATE }, - { RUN_STATE_FINISH_MIGRATE, RUN_STATE_PRELAUNCH }, - { RUN_STATE_FINISH_MIGRATE, RUN_STATE_COLO}, - - { RUN_STATE_RESTORE_VM, RUN_STATE_RUNNING }, - { RUN_STATE_RESTORE_VM, RUN_STATE_PRELAUNCH }, - - { RUN_STATE_COLO, RUN_STATE_RUNNING }, - - { RUN_STATE_RUNNING, RUN_STATE_DEBUG }, - { RUN_STATE_RUNNING, RUN_STATE_INTERNAL_ERROR }, - { RUN_STATE_RUNNING, RUN_STATE_IO_ERROR }, - { RUN_STATE_RUNNING, RUN_STATE_PAUSED }, - { RUN_STATE_RUNNING, RUN_STATE_FINISH_MIGRATE }, - { RUN_STATE_RUNNING, RUN_STATE_RESTORE_VM }, - { RUN_STATE_RUNNING, RUN_STATE_SAVE_VM }, - { RUN_STATE_RUNNING, RUN_STATE_SHUTDOWN }, - { RUN_STATE_RUNNING, RUN_STATE_WATCHDOG }, - { RUN_STATE_RUNNING, RUN_STATE_GUEST_PANICKED }, - { RUN_STATE_RUNNING, RUN_STATE_COLO}, - - { RUN_STATE_SAVE_VM, RUN_STATE_RUNNING }, - - { RUN_STATE_SHUTDOWN, RUN_STATE_PAUSED }, - { RUN_STATE_SHUTDOWN, RUN_STATE_FINISH_MIGRATE }, - { RUN_STATE_SHUTDOWN, RUN_STATE_PRELAUNCH }, - - { RUN_STATE_DEBUG, RUN_STATE_SUSPENDED }, - { RUN_STATE_RUNNING, RUN_STATE_SUSPENDED }, - { RUN_STATE_SUSPENDED, RUN_STATE_RUNNING }, - { RUN_STATE_SUSPENDED, RUN_STATE_FINISH_MIGRATE }, - { RUN_STATE_SUSPENDED, RUN_STATE_PRELAUNCH }, - { RUN_STATE_SUSPENDED, RUN_STATE_COLO}, - - { RUN_STATE_WATCHDOG, RUN_STATE_RUNNING }, - { RUN_STATE_WATCHDOG, RUN_STATE_FINISH_MIGRATE }, - { RUN_STATE_WATCHDOG, RUN_STATE_PRELAUNCH }, - { RUN_STATE_WATCHDOG, RUN_STATE_COLO}, - - { RUN_STATE_GUEST_PANICKED, RUN_STATE_RUNNING }, - { RUN_STATE_GUEST_PANICKED, RUN_STATE_FINISH_MIGRATE }, - { RUN_STATE_GUEST_PANICKED, RUN_STATE_PRELAUNCH }, - - { RUN_STATE__MAX, RUN_STATE__MAX }, -}; - -static bool runstate_valid_transitions[RUN_STATE__MAX][RUN_STATE__MAX]; - -bool runstate_check(RunState state) -{ - return current_run_state == state; -} - -bool runstate_store(char *str, size_t size) -{ - const char *state = RunState_str(current_run_state); - size_t len = strlen(state) + 1; - - if (len > size) { - return false; - } - memcpy(str, state, len); - return true; -} - -static void runstate_init(void) -{ - const RunStateTransition *p; - - memset(&runstate_valid_transitions, 0, sizeof(runstate_valid_transitions)); - for (p = &runstate_transitions_def[0]; p->from != RUN_STATE__MAX; p++) { - runstate_valid_transitions[p->from][p->to] = true; - } - - qemu_mutex_init(&vmstop_lock); -} - -/* This function will abort() on invalid state transitions */ -void runstate_set(RunState new_state) -{ - assert(new_state < RUN_STATE__MAX); - - trace_runstate_set(current_run_state, RunState_str(current_run_state), - new_state, RunState_str(new_state)); - - if (current_run_state == new_state) { - return; - } - - if (!runstate_valid_transitions[current_run_state][new_state]) { - error_report("invalid runstate transition: '%s' -> '%s'", - RunState_str(current_run_state), - RunState_str(new_state)); - abort(); - } - - current_run_state = new_state; -} - -int runstate_is_running(void) -{ - return runstate_check(RUN_STATE_RUNNING); -} - -bool runstate_needs_reset(void) -{ - return runstate_check(RUN_STATE_INTERNAL_ERROR) || - runstate_check(RUN_STATE_SHUTDOWN); -} - -StatusInfo *qmp_query_status(Error **errp) -{ - StatusInfo *info = g_malloc0(sizeof(*info)); - - info->running = runstate_is_running(); - info->singlestep = singlestep; - info->status = current_run_state; - - return info; -} - -bool qemu_vmstop_requested(RunState *r) -{ - qemu_mutex_lock(&vmstop_lock); - *r = vmstop_requested; - vmstop_requested = RUN_STATE__MAX; - qemu_mutex_unlock(&vmstop_lock); - return *r < RUN_STATE__MAX; -} - -void qemu_system_vmstop_request_prepare(void) -{ - qemu_mutex_lock(&vmstop_lock); -} - -void qemu_system_vmstop_request(RunState state) -{ - vmstop_requested = state; - qemu_mutex_unlock(&vmstop_lock); - qemu_notify_event(); -} - -/***********************************************************/ -/* RTC reference time/date access */ -static time_t qemu_ref_timedate(QEMUClockType clock) -{ - time_t value = qemu_clock_get_ms(clock) / 1000; - switch (clock) { - case QEMU_CLOCK_REALTIME: - value -= rtc_realtime_clock_offset; - /* fall through */ - case QEMU_CLOCK_VIRTUAL: - value += rtc_ref_start_datetime; - break; - case QEMU_CLOCK_HOST: - if (rtc_base_type == RTC_BASE_DATETIME) { - value -= rtc_host_datetime_offset; - } - break; - default: - assert(0); - } - return value; -} - -void qemu_get_timedate(struct tm *tm, int offset) -{ - time_t ti = qemu_ref_timedate(rtc_clock); - - ti += offset; - - switch (rtc_base_type) { - case RTC_BASE_DATETIME: - case RTC_BASE_UTC: - gmtime_r(&ti, tm); - break; - case RTC_BASE_LOCALTIME: - localtime_r(&ti, tm); - break; - } -} - -int qemu_timedate_diff(struct tm *tm) -{ - time_t seconds; - - switch (rtc_base_type) { - case RTC_BASE_DATETIME: - case RTC_BASE_UTC: - seconds = mktimegm(tm); - break; - case RTC_BASE_LOCALTIME: - { - struct tm tmp = *tm; - tmp.tm_isdst = -1; /* use timezone to figure it out */ - seconds = mktime(&tmp); - break; - } - default: - abort(); - } - - return seconds - qemu_ref_timedate(QEMU_CLOCK_HOST); -} - -static void configure_rtc_base_datetime(const char *startdate) -{ - time_t rtc_start_datetime; - struct tm tm; - - if (sscanf(startdate, "%d-%d-%dT%d:%d:%d", &tm.tm_year, &tm.tm_mon, - &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) == 6) { - /* OK */ - } else if (sscanf(startdate, "%d-%d-%d", - &tm.tm_year, &tm.tm_mon, &tm.tm_mday) == 3) { - tm.tm_hour = 0; - tm.tm_min = 0; - tm.tm_sec = 0; - } else { - goto date_fail; - } - tm.tm_year -= 1900; - tm.tm_mon--; - rtc_start_datetime = mktimegm(&tm); - if (rtc_start_datetime == -1) { - date_fail: - error_report("invalid datetime format"); - error_printf("valid formats: " - "'2006-06-17T16:01:21' or '2006-06-17'\n"); - exit(1); - } - rtc_host_datetime_offset = rtc_ref_start_datetime - rtc_start_datetime; - rtc_ref_start_datetime = rtc_start_datetime; -} - -static void configure_rtc(QemuOpts *opts) -{ - const char *value; - - /* Set defaults */ - rtc_clock = QEMU_CLOCK_HOST; - rtc_ref_start_datetime = qemu_clock_get_ms(QEMU_CLOCK_HOST) / 1000; - rtc_realtime_clock_offset = qemu_clock_get_ms(QEMU_CLOCK_REALTIME) / 1000; - - value = qemu_opt_get(opts, "base"); - if (value) { - if (!strcmp(value, "utc")) { - rtc_base_type = RTC_BASE_UTC; - } else if (!strcmp(value, "localtime")) { - Error *blocker = NULL; - rtc_base_type = RTC_BASE_LOCALTIME; - error_setg(&blocker, QERR_REPLAY_NOT_SUPPORTED, - "-rtc base=localtime"); - replay_add_blocker(blocker); - } else { - rtc_base_type = RTC_BASE_DATETIME; - configure_rtc_base_datetime(value); - } - } - value = qemu_opt_get(opts, "clock"); - if (value) { - if (!strcmp(value, "host")) { - rtc_clock = QEMU_CLOCK_HOST; - } else if (!strcmp(value, "rt")) { - rtc_clock = QEMU_CLOCK_REALTIME; - } else if (!strcmp(value, "vm")) { - rtc_clock = QEMU_CLOCK_VIRTUAL; - } else { - error_report("invalid option value '%s'", value); - exit(1); - } - } - value = qemu_opt_get(opts, "driftfix"); - if (value) { - if (!strcmp(value, "slew")) { - object_register_sugar_prop("mc146818rtc", - "lost_tick_policy", - "slew"); - } else if (!strcmp(value, "none")) { - /* discard is default */ - } else { - error_report("invalid option value '%s'", value); - exit(1); - } - } -} - -static int parse_name(void *opaque, QemuOpts *opts, Error **errp) -{ - const char *proc_name; - - if (qemu_opt_get(opts, "debug-threads")) { - qemu_thread_naming(qemu_opt_get_bool(opts, "debug-threads", false)); - } - qemu_name = qemu_opt_get(opts, "guest"); - - proc_name = qemu_opt_get(opts, "process"); - if (proc_name) { - os_set_proc_name(proc_name); - } - - return 0; -} - -bool defaults_enabled(void) -{ - return has_defaults; -} - -#ifndef _WIN32 -static int parse_add_fd(void *opaque, QemuOpts *opts, Error **errp) -{ - int fd, dupfd, flags; - int64_t fdset_id; - const char *fd_opaque = NULL; - AddfdInfo *fdinfo; - - fd = qemu_opt_get_number(opts, "fd", -1); - fdset_id = qemu_opt_get_number(opts, "set", -1); - fd_opaque = qemu_opt_get(opts, "opaque"); - - if (fd < 0) { - error_setg(errp, "fd option is required and must be non-negative"); - return -1; - } - - if (fd <= STDERR_FILENO) { - error_setg(errp, "fd cannot be a standard I/O stream"); - return -1; - } - - /* - * All fds inherited across exec() necessarily have FD_CLOEXEC - * clear, while qemu sets FD_CLOEXEC on all other fds used internally. - */ - flags = fcntl(fd, F_GETFD); - if (flags == -1 || (flags & FD_CLOEXEC)) { - error_setg(errp, "fd is not valid or already in use"); - return -1; - } - - if (fdset_id < 0) { - error_setg(errp, "set option is required and must be non-negative"); - return -1; - } - -#ifdef F_DUPFD_CLOEXEC - dupfd = fcntl(fd, F_DUPFD_CLOEXEC, 0); -#else - dupfd = dup(fd); - if (dupfd != -1) { - qemu_set_cloexec(dupfd); - } -#endif - if (dupfd == -1) { - error_setg(errp, "error duplicating fd: %s", strerror(errno)); - return -1; - } - - /* add the duplicate fd, and optionally the opaque string, to the fd set */ - fdinfo = monitor_fdset_add_fd(dupfd, true, fdset_id, !!fd_opaque, fd_opaque, - &error_abort); - g_free(fdinfo); - - return 0; -} - -static int cleanup_add_fd(void *opaque, QemuOpts *opts, Error **errp) -{ - int fd; - - fd = qemu_opt_get_number(opts, "fd", -1); - close(fd); - - return 0; -} -#endif - -/***********************************************************/ -/* QEMU Block devices */ - -#define HD_OPTS "media=disk" -#define CDROM_OPTS "media=cdrom" -#define FD_OPTS "" -#define PFLASH_OPTS "" -#define MTD_OPTS "" -#define SD_OPTS "" - -static int drive_init_func(void *opaque, QemuOpts *opts, Error **errp) -{ - BlockInterfaceType *block_default_type = opaque; - - return drive_new(opts, *block_default_type, errp) == NULL; -} - -static int drive_enable_snapshot(void *opaque, QemuOpts *opts, Error **errp) -{ - if (qemu_opt_get(opts, "snapshot") == NULL) { - qemu_opt_set(opts, "snapshot", "on", &error_abort); - } - return 0; -} - -static void default_drive(int enable, int snapshot, BlockInterfaceType type, - int index, const char *optstr) -{ - QemuOpts *opts; - DriveInfo *dinfo; - - if (!enable || drive_get_by_index(type, index)) { - return; - } - - opts = drive_add(type, index, NULL, optstr); - if (snapshot) { - drive_enable_snapshot(NULL, opts, NULL); - } - - dinfo = drive_new(opts, type, &error_abort); - dinfo->is_default = true; - -} - -typedef struct BlockdevOptionsQueueEntry { - BlockdevOptions *bdo; - Location loc; - QSIMPLEQ_ENTRY(BlockdevOptionsQueueEntry) entry; -} BlockdevOptionsQueueEntry; - -typedef QSIMPLEQ_HEAD(, BlockdevOptionsQueueEntry) BlockdevOptionsQueue; - -static void configure_blockdev(BlockdevOptionsQueue *bdo_queue, - MachineClass *machine_class, int snapshot) -{ - /* - * If the currently selected machine wishes to override the - * units-per-bus property of its default HBA interface type, do so - * now. - */ - if (machine_class->units_per_default_bus) { - override_max_devs(machine_class->block_default_type, - machine_class->units_per_default_bus); - } - - /* open the virtual block devices */ - while (!QSIMPLEQ_EMPTY(bdo_queue)) { - BlockdevOptionsQueueEntry *bdo = QSIMPLEQ_FIRST(bdo_queue); - - QSIMPLEQ_REMOVE_HEAD(bdo_queue, entry); - loc_push_restore(&bdo->loc); - qmp_blockdev_add(bdo->bdo, &error_fatal); - loc_pop(&bdo->loc); - qapi_free_BlockdevOptions(bdo->bdo); - g_free(bdo); - } - if (snapshot) { - qemu_opts_foreach(qemu_find_opts("drive"), drive_enable_snapshot, - NULL, NULL); - } - if (qemu_opts_foreach(qemu_find_opts("drive"), drive_init_func, - &machine_class->block_default_type, &error_fatal)) { - /* We printed help */ - exit(0); - } - - default_drive(default_cdrom, snapshot, machine_class->block_default_type, 2, - CDROM_OPTS); - default_drive(default_floppy, snapshot, IF_FLOPPY, 0, FD_OPTS); - default_drive(default_sdcard, snapshot, IF_SD, 0, SD_OPTS); - -} - -static QemuOptsList qemu_smp_opts = { - .name = "smp-opts", - .implied_opt_name = "cpus", - .merge_lists = true, - .head = QTAILQ_HEAD_INITIALIZER(qemu_smp_opts.head), - .desc = { - { - .name = "cpus", - .type = QEMU_OPT_NUMBER, - }, { - .name = "sockets", - .type = QEMU_OPT_NUMBER, - }, { - .name = "dies", - .type = QEMU_OPT_NUMBER, - }, { - .name = "cores", - .type = QEMU_OPT_NUMBER, - }, { - .name = "threads", - .type = QEMU_OPT_NUMBER, - }, { - .name = "maxcpus", - .type = QEMU_OPT_NUMBER, - }, - { /*End of list */ } - }, -}; - -static void realtime_init(void) -{ - if (enable_mlock) { - if (os_mlock() < 0) { - error_report("locking memory failed"); - exit(1); - } - } -} - - -static void configure_msg(QemuOpts *opts) -{ - error_with_timestamp = qemu_opt_get_bool(opts, "timestamp", false); -} - - -/***********************************************************/ -/* USB devices */ - -static int usb_device_add(const char *devname) -{ - USBDevice *dev = NULL; - - if (!machine_usb(current_machine)) { - return -1; - } - - dev = usbdevice_create(devname); - if (!dev) - return -1; - - return 0; -} - -static int usb_parse(const char *cmdline) -{ - int r; - r = usb_device_add(cmdline); - if (r < 0) { - error_report("could not add USB device '%s'", cmdline); - } - return r; -} - -/***********************************************************/ -/* machine registration */ - -MachineState *current_machine; - -static MachineClass *find_machine(const char *name, GSList *machines) -{ - GSList *el; - - for (el = machines; el; el = el->next) { - MachineClass *mc = el->data; - - if (!strcmp(mc->name, name) || !g_strcmp0(mc->alias, name)) { - return mc; - } - } - - return NULL; -} - -static MachineClass *find_default_machine(GSList *machines) -{ - GSList *el; - - for (el = machines; el; el = el->next) { - MachineClass *mc = el->data; - - if (mc->is_default) { - return mc; - } - } - - return NULL; -} - -static int machine_help_func(QemuOpts *opts, MachineState *machine) -{ - ObjectProperty *prop; - ObjectPropertyIterator iter; - - if (!qemu_opt_has_help_opt(opts)) { - return 0; - } - - object_property_iter_init(&iter, OBJECT(machine)); - while ((prop = object_property_iter_next(&iter))) { - if (!prop->set) { - continue; - } - - printf("%s.%s=%s", MACHINE_GET_CLASS(machine)->name, - prop->name, prop->type); - if (prop->description) { - printf(" (%s)\n", prop->description); - } else { - printf("\n"); - } - } - - return 1; -} - -struct VMChangeStateEntry { - VMChangeStateHandler *cb; - void *opaque; - QTAILQ_ENTRY(VMChangeStateEntry) entries; - int priority; -}; - -static QTAILQ_HEAD(, VMChangeStateEntry) vm_change_state_head; - -/** - * qemu_add_vm_change_state_handler_prio: - * @cb: the callback to invoke - * @opaque: user data passed to the callback - * @priority: low priorities execute first when the vm runs and the reverse is - * true when the vm stops - * - * Register a callback function that is invoked when the vm starts or stops - * running. - * - * Returns: an entry to be freed using qemu_del_vm_change_state_handler() - */ -VMChangeStateEntry *qemu_add_vm_change_state_handler_prio( - VMChangeStateHandler *cb, void *opaque, int priority) -{ - VMChangeStateEntry *e; - VMChangeStateEntry *other; - - e = g_malloc0(sizeof(*e)); - e->cb = cb; - e->opaque = opaque; - e->priority = priority; - - /* Keep list sorted in ascending priority order */ - QTAILQ_FOREACH(other, &vm_change_state_head, entries) { - if (priority < other->priority) { - QTAILQ_INSERT_BEFORE(other, e, entries); - return e; - } - } - - QTAILQ_INSERT_TAIL(&vm_change_state_head, e, entries); - return e; -} - -VMChangeStateEntry *qemu_add_vm_change_state_handler(VMChangeStateHandler *cb, - void *opaque) -{ - return qemu_add_vm_change_state_handler_prio(cb, opaque, 0); -} - -void qemu_del_vm_change_state_handler(VMChangeStateEntry *e) -{ - QTAILQ_REMOVE(&vm_change_state_head, e, entries); - g_free(e); -} - -void vm_state_notify(int running, RunState state) -{ - VMChangeStateEntry *e, *next; - - trace_vm_state_notify(running, state, RunState_str(state)); - - if (running) { - QTAILQ_FOREACH_SAFE(e, &vm_change_state_head, entries, next) { - e->cb(e->opaque, running, state); - } - } else { - QTAILQ_FOREACH_REVERSE_SAFE(e, &vm_change_state_head, entries, next) { - e->cb(e->opaque, running, state); - } - } -} - -static ShutdownCause reset_requested; -static ShutdownCause shutdown_requested; -static int shutdown_signal; -static pid_t shutdown_pid; -static int powerdown_requested; -static int debug_requested; -static int suspend_requested; -static bool preconfig_exit_requested = true; -static WakeupReason wakeup_reason; -static NotifierList powerdown_notifiers = - NOTIFIER_LIST_INITIALIZER(powerdown_notifiers); -static NotifierList suspend_notifiers = - NOTIFIER_LIST_INITIALIZER(suspend_notifiers); -static NotifierList wakeup_notifiers = - NOTIFIER_LIST_INITIALIZER(wakeup_notifiers); -static NotifierList shutdown_notifiers = - NOTIFIER_LIST_INITIALIZER(shutdown_notifiers); -static uint32_t wakeup_reason_mask = ~(1 << QEMU_WAKEUP_REASON_NONE); - -ShutdownCause qemu_shutdown_requested_get(void) -{ - return shutdown_requested; -} - -ShutdownCause qemu_reset_requested_get(void) -{ - return reset_requested; -} - -static int qemu_shutdown_requested(void) -{ - return atomic_xchg(&shutdown_requested, SHUTDOWN_CAUSE_NONE); -} - -static void qemu_kill_report(void) -{ - if (!qtest_driver() && shutdown_signal) { - if (shutdown_pid == 0) { - /* This happens for eg ^C at the terminal, so it's worth - * avoiding printing an odd message in that case. - */ - error_report("terminating on signal %d", shutdown_signal); - } else { - char *shutdown_cmd = qemu_get_pid_name(shutdown_pid); - - error_report("terminating on signal %d from pid " FMT_pid " (%s)", - shutdown_signal, shutdown_pid, - shutdown_cmd ? shutdown_cmd : ""); - g_free(shutdown_cmd); - } - shutdown_signal = 0; - } -} - -static ShutdownCause qemu_reset_requested(void) -{ - ShutdownCause r = reset_requested; - - if (r && replay_checkpoint(CHECKPOINT_RESET_REQUESTED)) { - reset_requested = SHUTDOWN_CAUSE_NONE; - return r; - } - return SHUTDOWN_CAUSE_NONE; -} - -static int qemu_suspend_requested(void) -{ - int r = suspend_requested; - if (r && replay_checkpoint(CHECKPOINT_SUSPEND_REQUESTED)) { - suspend_requested = 0; - return r; - } - return false; -} - -static WakeupReason qemu_wakeup_requested(void) -{ - return wakeup_reason; -} - -static int qemu_powerdown_requested(void) -{ - int r = powerdown_requested; - powerdown_requested = 0; - return r; -} - -static int qemu_debug_requested(void) -{ - int r = debug_requested; - debug_requested = 0; - return r; -} - -void qemu_exit_preconfig_request(void) -{ - preconfig_exit_requested = true; -} - -/* - * Reset the VM. Issue an event unless @reason is SHUTDOWN_CAUSE_NONE. - */ -void qemu_system_reset(ShutdownCause reason) -{ - MachineClass *mc; - - mc = current_machine ? MACHINE_GET_CLASS(current_machine) : NULL; - - cpu_synchronize_all_states(); - - if (mc && mc->reset) { - mc->reset(current_machine); - } else { - qemu_devices_reset(); - } - if (reason && reason != SHUTDOWN_CAUSE_SUBSYSTEM_RESET) { - qapi_event_send_reset(shutdown_caused_by_guest(reason), reason); - } - cpu_synchronize_all_post_reset(); -} - -/* - * Wake the VM after suspend. - */ -static void qemu_system_wakeup(void) -{ - MachineClass *mc; - - mc = current_machine ? MACHINE_GET_CLASS(current_machine) : NULL; - - if (mc && mc->wakeup) { - mc->wakeup(current_machine); - } -} - -void qemu_system_guest_panicked(GuestPanicInformation *info) -{ - qemu_log_mask(LOG_GUEST_ERROR, "Guest crashed"); - - if (current_cpu) { - current_cpu->crash_occurred = true; - } - qapi_event_send_guest_panicked(GUEST_PANIC_ACTION_PAUSE, - !!info, info); - vm_stop(RUN_STATE_GUEST_PANICKED); - if (!no_shutdown) { - qapi_event_send_guest_panicked(GUEST_PANIC_ACTION_POWEROFF, - !!info, info); - qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_PANIC); - } - - if (info) { - if (info->type == GUEST_PANIC_INFORMATION_TYPE_HYPER_V) { - qemu_log_mask(LOG_GUEST_ERROR, "\nHV crash parameters: (%#"PRIx64 - " %#"PRIx64" %#"PRIx64" %#"PRIx64" %#"PRIx64")\n", - info->u.hyper_v.arg1, - info->u.hyper_v.arg2, - info->u.hyper_v.arg3, - info->u.hyper_v.arg4, - info->u.hyper_v.arg5); - } else if (info->type == GUEST_PANIC_INFORMATION_TYPE_S390) { - qemu_log_mask(LOG_GUEST_ERROR, " on cpu %d: %s\n" - "PSW: 0x%016" PRIx64 " 0x%016" PRIx64"\n", - info->u.s390.core, - S390CrashReason_str(info->u.s390.reason), - info->u.s390.psw_mask, - info->u.s390.psw_addr); - } - qapi_free_GuestPanicInformation(info); - } -} - -void qemu_system_guest_crashloaded(GuestPanicInformation *info) -{ - qemu_log_mask(LOG_GUEST_ERROR, "Guest crash loaded"); - - qapi_event_send_guest_crashloaded(GUEST_PANIC_ACTION_RUN, - !!info, info); - - if (info) { - qapi_free_GuestPanicInformation(info); - } -} - -void qemu_system_reset_request(ShutdownCause reason) -{ - if (no_reboot && reason != SHUTDOWN_CAUSE_SUBSYSTEM_RESET) { - shutdown_requested = reason; - } else { - reset_requested = reason; - } - cpu_stop_current(); - qemu_notify_event(); -} - -static void qemu_system_suspend(void) -{ - pause_all_vcpus(); - notifier_list_notify(&suspend_notifiers, NULL); - runstate_set(RUN_STATE_SUSPENDED); - qapi_event_send_suspend(); -} - -void qemu_system_suspend_request(void) -{ - if (runstate_check(RUN_STATE_SUSPENDED)) { - return; - } - suspend_requested = 1; - cpu_stop_current(); - qemu_notify_event(); -} - -void qemu_register_suspend_notifier(Notifier *notifier) -{ - notifier_list_add(&suspend_notifiers, notifier); -} - -void qemu_system_wakeup_request(WakeupReason reason, Error **errp) -{ - trace_system_wakeup_request(reason); - - if (!runstate_check(RUN_STATE_SUSPENDED)) { - error_setg(errp, - "Unable to wake up: guest is not in suspended state"); - return; - } - if (!(wakeup_reason_mask & (1 << reason))) { - return; - } - runstate_set(RUN_STATE_RUNNING); - wakeup_reason = reason; - qemu_notify_event(); -} - -void qemu_system_wakeup_enable(WakeupReason reason, bool enabled) -{ - if (enabled) { - wakeup_reason_mask |= (1 << reason); - } else { - wakeup_reason_mask &= ~(1 << reason); - } -} - -void qemu_register_wakeup_notifier(Notifier *notifier) -{ - notifier_list_add(&wakeup_notifiers, notifier); -} - -void qemu_register_wakeup_support(void) -{ - wakeup_suspend_enabled = true; -} - -bool qemu_wakeup_suspend_enabled(void) -{ - return wakeup_suspend_enabled; -} - -void qemu_system_killed(int signal, pid_t pid) -{ - shutdown_signal = signal; - shutdown_pid = pid; - no_shutdown = 0; - - /* Cannot call qemu_system_shutdown_request directly because - * we are in a signal handler. - */ - shutdown_requested = SHUTDOWN_CAUSE_HOST_SIGNAL; - qemu_notify_event(); -} - -void qemu_system_shutdown_request(ShutdownCause reason) -{ - trace_qemu_system_shutdown_request(reason); - replay_shutdown_request(reason); - shutdown_requested = reason; - qemu_notify_event(); -} - -static void qemu_system_powerdown(void) -{ - qapi_event_send_powerdown(); - notifier_list_notify(&powerdown_notifiers, NULL); -} - -static void qemu_system_shutdown(ShutdownCause cause) -{ - qapi_event_send_shutdown(shutdown_caused_by_guest(cause), cause); - notifier_list_notify(&shutdown_notifiers, &cause); -} - -void qemu_system_powerdown_request(void) -{ - trace_qemu_system_powerdown_request(); - powerdown_requested = 1; - qemu_notify_event(); -} - -void qemu_register_powerdown_notifier(Notifier *notifier) -{ - notifier_list_add(&powerdown_notifiers, notifier); -} - -void qemu_register_shutdown_notifier(Notifier *notifier) -{ - notifier_list_add(&shutdown_notifiers, notifier); -} - -void qemu_system_debug_request(void) -{ - debug_requested = 1; - qemu_notify_event(); -} - -static bool main_loop_should_exit(void) -{ - RunState r; - ShutdownCause request; - - if (preconfig_exit_requested) { - if (runstate_check(RUN_STATE_PRECONFIG)) { - runstate_set(RUN_STATE_PRELAUNCH); - } - preconfig_exit_requested = false; - return true; - } - if (qemu_debug_requested()) { - vm_stop(RUN_STATE_DEBUG); - } - if (qemu_suspend_requested()) { - qemu_system_suspend(); - } - request = qemu_shutdown_requested(); - if (request) { - qemu_kill_report(); - qemu_system_shutdown(request); - if (no_shutdown) { - vm_stop(RUN_STATE_SHUTDOWN); - } else { - return true; - } - } - request = qemu_reset_requested(); - if (request) { - pause_all_vcpus(); - qemu_system_reset(request); - resume_all_vcpus(); - /* - * runstate can change in pause_all_vcpus() - * as iothread mutex is unlocked - */ - if (!runstate_check(RUN_STATE_RUNNING) && - !runstate_check(RUN_STATE_INMIGRATE) && - !runstate_check(RUN_STATE_FINISH_MIGRATE)) { - runstate_set(RUN_STATE_PRELAUNCH); - } - } - if (qemu_wakeup_requested()) { - pause_all_vcpus(); - qemu_system_wakeup(); - notifier_list_notify(&wakeup_notifiers, &wakeup_reason); - wakeup_reason = QEMU_WAKEUP_REASON_NONE; - resume_all_vcpus(); - qapi_event_send_wakeup(); - } - if (qemu_powerdown_requested()) { - qemu_system_powerdown(); - } - if (qemu_vmstop_requested(&r)) { - vm_stop(r); - } - return false; -} - -static void main_loop(void) -{ -#ifdef CONFIG_PROFILER - int64_t ti; -#endif - while (!main_loop_should_exit()) { -#ifdef CONFIG_PROFILER - ti = profile_getclock(); -#endif - main_loop_wait(false); -#ifdef CONFIG_PROFILER - dev_time += profile_getclock() - ti; -#endif - } -} - -static void version(void) -{ - printf("QEMU emulator version " QEMU_FULL_VERSION "\n" - QEMU_COPYRIGHT "\n"); -} - -static void help(int exitcode) -{ - version(); - printf("usage: %s [options] [disk_image]\n\n" - "'disk_image' is a raw hard disk image for IDE hard disk 0\n\n", - error_get_progname()); - -#define QEMU_OPTIONS_GENERATE_HELP -#include "qemu-options-wrapper.h" - - printf("\nDuring emulation, the following keys are useful:\n" - "ctrl-alt-f toggle full screen\n" - "ctrl-alt-n switch to virtual console 'n'\n" - "ctrl-alt toggle mouse and keyboard grab\n" - "\n" - "When using -nographic, press 'ctrl-a h' to get some help.\n" - "\n" - QEMU_HELP_BOTTOM "\n"); - - exit(exitcode); -} - -#define HAS_ARG 0x0001 - -typedef struct QEMUOption { - const char *name; - int flags; - int index; - uint32_t arch_mask; -} QEMUOption; - -static const QEMUOption qemu_options[] = { - { "h", 0, QEMU_OPTION_h, QEMU_ARCH_ALL }, -#define QEMU_OPTIONS_GENERATE_OPTIONS -#include "qemu-options-wrapper.h" - { NULL }, -}; - -typedef struct VGAInterfaceInfo { - const char *opt_name; /* option name */ - const char *name; /* human-readable name */ - /* Class names indicating that support is available. - * If no class is specified, the interface is always available */ - const char *class_names[2]; -} VGAInterfaceInfo; - -static const VGAInterfaceInfo vga_interfaces[VGA_TYPE_MAX] = { - [VGA_NONE] = { - .opt_name = "none", - .name = "no graphic card", - }, - [VGA_STD] = { - .opt_name = "std", - .name = "standard VGA", - .class_names = { "VGA", "isa-vga" }, - }, - [VGA_CIRRUS] = { - .opt_name = "cirrus", - .name = "Cirrus VGA", - .class_names = { "cirrus-vga", "isa-cirrus-vga" }, - }, - [VGA_VMWARE] = { - .opt_name = "vmware", - .name = "VMWare SVGA", - .class_names = { "vmware-svga" }, - }, - [VGA_VIRTIO] = { - .opt_name = "virtio", - .name = "Virtio VGA", - .class_names = { "virtio-vga" }, - }, - [VGA_QXL] = { - .opt_name = "qxl", - .name = "QXL VGA", - .class_names = { "qxl-vga" }, - }, - [VGA_TCX] = { - .opt_name = "tcx", - .name = "TCX framebuffer", - .class_names = { "SUNW,tcx" }, - }, - [VGA_CG3] = { - .opt_name = "cg3", - .name = "CG3 framebuffer", - .class_names = { "cgthree" }, - }, - [VGA_XENFB] = { - .opt_name = "xenfb", - .name = "Xen paravirtualized framebuffer", - }, -}; - -static bool vga_interface_available(VGAInterfaceType t) -{ - const VGAInterfaceInfo *ti = &vga_interfaces[t]; - - assert(t < VGA_TYPE_MAX); - return !ti->class_names[0] || - object_class_by_name(ti->class_names[0]) || - object_class_by_name(ti->class_names[1]); -} - -static const char * -get_default_vga_model(const MachineClass *machine_class) -{ - if (machine_class->default_display) { - return machine_class->default_display; - } else if (vga_interface_available(VGA_CIRRUS)) { - return "cirrus"; - } else if (vga_interface_available(VGA_STD)) { - return "std"; - } - - return NULL; -} - -static void select_vgahw(const MachineClass *machine_class, const char *p) -{ - const char *opts; - int t; - - if (g_str_equal(p, "help")) { - const char *def = get_default_vga_model(machine_class); - - for (t = 0; t < VGA_TYPE_MAX; t++) { - const VGAInterfaceInfo *ti = &vga_interfaces[t]; - - if (vga_interface_available(t) && ti->opt_name) { - printf("%-20s %s%s\n", ti->opt_name, ti->name ?: "", - g_str_equal(ti->opt_name, def) ? " (default)" : ""); - } - } - exit(0); - } - - assert(vga_interface_type == VGA_NONE); - for (t = 0; t < VGA_TYPE_MAX; t++) { - const VGAInterfaceInfo *ti = &vga_interfaces[t]; - if (ti->opt_name && strstart(p, ti->opt_name, &opts)) { - if (!vga_interface_available(t)) { - error_report("%s not available", ti->name); - exit(1); - } - vga_interface_type = t; - break; - } - } - if (t == VGA_TYPE_MAX) { - invalid_vga: - error_report("unknown vga type: %s", p); - exit(1); - } - while (*opts) { - const char *nextopt; - - if (strstart(opts, ",retrace=", &nextopt)) { - opts = nextopt; - if (strstart(opts, "dumb", &nextopt)) - vga_retrace_method = VGA_RETRACE_DUMB; - else if (strstart(opts, "precise", &nextopt)) - vga_retrace_method = VGA_RETRACE_PRECISE; - else goto invalid_vga; - } else goto invalid_vga; - opts = nextopt; - } -} - -static void parse_display_qapi(const char *optarg) -{ - DisplayOptions *opts; - Visitor *v; - - v = qobject_input_visitor_new_str(optarg, "type", &error_fatal); - - visit_type_DisplayOptions(v, NULL, &opts, &error_fatal); - QAPI_CLONE_MEMBERS(DisplayOptions, &dpy, opts); - - qapi_free_DisplayOptions(opts); - visit_free(v); -} - -DisplayOptions *qmp_query_display_options(Error **errp) -{ - return QAPI_CLONE(DisplayOptions, &dpy); -} - -static void parse_display(const char *p) -{ - const char *opts; - - if (is_help_option(p)) { - qemu_display_help(); - exit(0); - } - - if (strstart(p, "sdl", &opts)) { - /* - * sdl DisplayType needs hand-crafted parser instead of - * parse_display_qapi() due to some options not in - * DisplayOptions, specifically: - * - frame - * Already deprecated. - * - ctrl_grab + alt_grab - * Not clear yet what happens to them long-term. Should - * replaced by something better or deprecated and dropped. - */ - dpy.type = DISPLAY_TYPE_SDL; - while (*opts) { - const char *nextopt; - - if (strstart(opts, ",alt_grab=", &nextopt)) { - opts = nextopt; - if (strstart(opts, "on", &nextopt)) { - alt_grab = 1; - } else if (strstart(opts, "off", &nextopt)) { - alt_grab = 0; - } else { - goto invalid_sdl_args; - } - } else if (strstart(opts, ",ctrl_grab=", &nextopt)) { - opts = nextopt; - if (strstart(opts, "on", &nextopt)) { - ctrl_grab = 1; - } else if (strstart(opts, "off", &nextopt)) { - ctrl_grab = 0; - } else { - goto invalid_sdl_args; - } - } else if (strstart(opts, ",window_close=", &nextopt)) { - opts = nextopt; - dpy.has_window_close = true; - if (strstart(opts, "on", &nextopt)) { - dpy.window_close = true; - } else if (strstart(opts, "off", &nextopt)) { - dpy.window_close = false; - } else { - goto invalid_sdl_args; - } - } else if (strstart(opts, ",show-cursor=", &nextopt)) { - opts = nextopt; - dpy.has_show_cursor = true; - if (strstart(opts, "on", &nextopt)) { - dpy.show_cursor = true; - } else if (strstart(opts, "off", &nextopt)) { - dpy.show_cursor = false; - } else { - goto invalid_sdl_args; - } - } else if (strstart(opts, ",gl=", &nextopt)) { - opts = nextopt; - dpy.has_gl = true; - if (strstart(opts, "on", &nextopt)) { - dpy.gl = DISPLAYGL_MODE_ON; - } else if (strstart(opts, "core", &nextopt)) { - dpy.gl = DISPLAYGL_MODE_CORE; - } else if (strstart(opts, "es", &nextopt)) { - dpy.gl = DISPLAYGL_MODE_ES; - } else if (strstart(opts, "off", &nextopt)) { - dpy.gl = DISPLAYGL_MODE_OFF; - } else { - goto invalid_sdl_args; - } - } else { - invalid_sdl_args: - error_report("invalid SDL option string"); - exit(1); - } - opts = nextopt; - } - } else if (strstart(p, "vnc", &opts)) { - /* - * vnc isn't a (local) DisplayType but a protocol for remote - * display access. - */ - if (*opts == '=') { - vnc_parse(opts + 1, &error_fatal); - } else { - error_report("VNC requires a display argument vnc="); - exit(1); - } - } else { - parse_display_qapi(p); - } -} - -char *qemu_find_file(int type, const char *name) -{ - int i; - const char *subdir; - char *buf; - - /* Try the name as a straight path first */ - if (access(name, R_OK) == 0) { - trace_load_file(name, name); - return g_strdup(name); - } - - switch (type) { - case QEMU_FILE_TYPE_BIOS: - subdir = ""; - break; - case QEMU_FILE_TYPE_KEYMAP: - subdir = "keymaps/"; - break; - default: - abort(); - } - - for (i = 0; i < data_dir_idx; i++) { - buf = g_strdup_printf("%s/%s%s", data_dir[i], subdir, name); - if (access(buf, R_OK) == 0) { - trace_load_file(name, buf); - return buf; - } - g_free(buf); - } - return NULL; -} - -static void qemu_add_data_dir(const char *path) -{ - int i; - - if (path == NULL) { - return; - } - if (data_dir_idx == ARRAY_SIZE(data_dir)) { - return; - } - for (i = 0; i < data_dir_idx; i++) { - if (strcmp(data_dir[i], path) == 0) { - return; /* duplicate */ - } - } - data_dir[data_dir_idx++] = g_strdup(path); -} - -static inline bool nonempty_str(const char *str) -{ - return str && *str; -} - -static int parse_fw_cfg(void *opaque, QemuOpts *opts, Error **errp) -{ - gchar *buf; - size_t size; - const char *name, *file, *str; - FWCfgState *fw_cfg = (FWCfgState *) opaque; - - if (fw_cfg == NULL) { - error_setg(errp, "fw_cfg device not available"); - return -1; - } - name = qemu_opt_get(opts, "name"); - file = qemu_opt_get(opts, "file"); - str = qemu_opt_get(opts, "string"); - - /* we need name and either a file or the content string */ - if (!(nonempty_str(name) && (nonempty_str(file) || nonempty_str(str)))) { - error_setg(errp, "invalid argument(s)"); - return -1; - } - if (nonempty_str(file) && nonempty_str(str)) { - error_setg(errp, "file and string are mutually exclusive"); - return -1; - } - if (strlen(name) > FW_CFG_MAX_FILE_PATH - 1) { - error_setg(errp, "name too long (max. %d char)", - FW_CFG_MAX_FILE_PATH - 1); - return -1; - } - if (strncmp(name, "opt/", 4) != 0) { - warn_report("externally provided fw_cfg item names " - "should be prefixed with \"opt/\""); - } - if (nonempty_str(str)) { - size = strlen(str); /* NUL terminator NOT included in fw_cfg blob */ - buf = g_memdup(str, size); - } else { - GError *err = NULL; - if (!g_file_get_contents(file, &buf, &size, &err)) { - error_setg(errp, "can't load %s: %s", file, err->message); - g_error_free(err); - return -1; - } - } - /* For legacy, keep user files in a specific global order. */ - fw_cfg_set_order_override(fw_cfg, FW_CFG_ORDER_OVERRIDE_USER); - fw_cfg_add_file(fw_cfg, name, buf, size); - fw_cfg_reset_order_override(fw_cfg); - return 0; -} - -static int device_help_func(void *opaque, QemuOpts *opts, Error **errp) -{ - return qdev_device_help(opts); -} - -static int device_init_func(void *opaque, QemuOpts *opts, Error **errp) -{ - DeviceState *dev; - - dev = qdev_device_add(opts, errp); - if (!dev && *errp) { - error_report_err(*errp); - return -1; - } else if (dev) { - object_unref(OBJECT(dev)); - } - return 0; -} - -static int chardev_init_func(void *opaque, QemuOpts *opts, Error **errp) -{ - Error *local_err = NULL; - - if (!qemu_chr_new_from_opts(opts, NULL, &local_err)) { - if (local_err) { - error_propagate(errp, local_err); - return -1; - } - exit(0); - } - return 0; -} - -#ifdef CONFIG_VIRTFS -static int fsdev_init_func(void *opaque, QemuOpts *opts, Error **errp) -{ - return qemu_fsdev_add(opts, errp); -} -#endif - -static int mon_init_func(void *opaque, QemuOpts *opts, Error **errp) -{ - return monitor_init_opts(opts, errp); -} - -static void monitor_parse(const char *optarg, const char *mode, bool pretty) -{ - static int monitor_device_index = 0; - QemuOpts *opts; - const char *p; - char label[32]; - - if (strstart(optarg, "chardev:", &p)) { - snprintf(label, sizeof(label), "%s", p); - } else { - snprintf(label, sizeof(label), "compat_monitor%d", - monitor_device_index); - opts = qemu_chr_parse_compat(label, optarg, true); - if (!opts) { - error_report("parse error: %s", optarg); - exit(1); - } - } - - opts = qemu_opts_create(qemu_find_opts("mon"), label, 1, &error_fatal); - qemu_opt_set(opts, "mode", mode, &error_abort); - qemu_opt_set(opts, "chardev", label, &error_abort); - if (!strcmp(mode, "control")) { - qemu_opt_set_bool(opts, "pretty", pretty, &error_abort); - } else { - assert(pretty == false); - } - monitor_device_index++; -} - -struct device_config { - enum { - DEV_USB, /* -usbdevice */ - DEV_SERIAL, /* -serial */ - DEV_PARALLEL, /* -parallel */ - DEV_DEBUGCON, /* -debugcon */ - DEV_GDB, /* -gdb, -s */ - DEV_SCLP, /* s390 sclp */ - } type; - const char *cmdline; - Location loc; - QTAILQ_ENTRY(device_config) next; -}; - -static QTAILQ_HEAD(, device_config) device_configs = - QTAILQ_HEAD_INITIALIZER(device_configs); - -static void add_device_config(int type, const char *cmdline) -{ - struct device_config *conf; - - conf = g_malloc0(sizeof(*conf)); - conf->type = type; - conf->cmdline = cmdline; - loc_save(&conf->loc); - QTAILQ_INSERT_TAIL(&device_configs, conf, next); -} - -static int foreach_device_config(int type, int (*func)(const char *cmdline)) -{ - struct device_config *conf; - int rc; - - QTAILQ_FOREACH(conf, &device_configs, next) { - if (conf->type != type) - continue; - loc_push_restore(&conf->loc); - rc = func(conf->cmdline); - loc_pop(&conf->loc); - if (rc) { - return rc; - } - } - return 0; -} - -static int serial_parse(const char *devname) -{ - int index = num_serial_hds; - char label[32]; - - if (strcmp(devname, "none") == 0) - return 0; - snprintf(label, sizeof(label), "serial%d", index); - serial_hds = g_renew(Chardev *, serial_hds, index + 1); - - serial_hds[index] = qemu_chr_new_mux_mon(label, devname, NULL); - if (!serial_hds[index]) { - error_report("could not connect serial device" - " to character backend '%s'", devname); - return -1; - } - num_serial_hds++; - return 0; -} - -Chardev *serial_hd(int i) -{ - assert(i >= 0); - if (i < num_serial_hds) { - return serial_hds[i]; - } - return NULL; -} - -int serial_max_hds(void) -{ - return num_serial_hds; -} - -static int parallel_parse(const char *devname) -{ - static int index = 0; - char label[32]; - - if (strcmp(devname, "none") == 0) - return 0; - if (index == MAX_PARALLEL_PORTS) { - error_report("too many parallel ports"); - exit(1); - } - snprintf(label, sizeof(label), "parallel%d", index); - parallel_hds[index] = qemu_chr_new_mux_mon(label, devname, NULL); - if (!parallel_hds[index]) { - error_report("could not connect parallel device" - " to character backend '%s'", devname); - return -1; - } - index++; - return 0; -} - -static int debugcon_parse(const char *devname) -{ - QemuOpts *opts; - - if (!qemu_chr_new_mux_mon("debugcon", devname, NULL)) { - error_report("invalid character backend '%s'", devname); - exit(1); - } - opts = qemu_opts_create(qemu_find_opts("device"), "debugcon", 1, NULL); - if (!opts) { - error_report("already have a debugcon device"); - exit(1); - } - qemu_opt_set(opts, "driver", "isa-debugcon", &error_abort); - qemu_opt_set(opts, "chardev", "debugcon", &error_abort); - return 0; -} - -static gint machine_class_cmp(gconstpointer a, gconstpointer b) -{ - const MachineClass *mc1 = a, *mc2 = b; - int res; - - if (mc1->family == NULL) { - if (mc2->family == NULL) { - /* Compare standalone machine types against each other; they sort - * in increasing order. - */ - return strcmp(object_class_get_name(OBJECT_CLASS(mc1)), - object_class_get_name(OBJECT_CLASS(mc2))); - } - - /* Standalone machine types sort after families. */ - return 1; - } - - if (mc2->family == NULL) { - /* Families sort before standalone machine types. */ - return -1; - } - - /* Families sort between each other alphabetically increasingly. */ - res = strcmp(mc1->family, mc2->family); - if (res != 0) { - return res; - } - - /* Within the same family, machine types sort in decreasing order. */ - return strcmp(object_class_get_name(OBJECT_CLASS(mc2)), - object_class_get_name(OBJECT_CLASS(mc1))); -} - -static MachineClass *machine_parse(const char *name, GSList *machines) -{ - MachineClass *mc; - GSList *el; - - if (is_help_option(name)) { - printf("Supported machines are:\n"); - machines = g_slist_sort(machines, machine_class_cmp); - for (el = machines; el; el = el->next) { - MachineClass *mc = el->data; - if (mc->alias) { - printf("%-20s %s (alias of %s)\n", mc->alias, mc->desc, mc->name); - } - printf("%-20s %s%s%s\n", mc->name, mc->desc, - mc->is_default ? " (default)" : "", - mc->deprecation_reason ? " (deprecated)" : ""); - } - exit(0); - } - - mc = find_machine(name, machines); - if (!mc) { - error_report("unsupported machine type"); - error_printf("Use -machine help to list supported machines\n"); - exit(1); - } - return mc; -} - -void qemu_add_exit_notifier(Notifier *notify) -{ - notifier_list_add(&exit_notifiers, notify); -} - -void qemu_remove_exit_notifier(Notifier *notify) -{ - notifier_remove(notify); -} - -static void qemu_run_exit_notifiers(void) -{ - notifier_list_notify(&exit_notifiers, NULL); -} - -static const char *pid_file; -static Notifier qemu_unlink_pidfile_notifier; - -static void qemu_unlink_pidfile(Notifier *n, void *data) -{ - if (pid_file) { - unlink(pid_file); - } -} - -bool machine_init_done; - -void qemu_add_machine_init_done_notifier(Notifier *notify) -{ - notifier_list_add(&machine_init_done_notifiers, notify); - if (machine_init_done) { - notify->notify(notify, NULL); - } -} - -void qemu_remove_machine_init_done_notifier(Notifier *notify) -{ - notifier_remove(notify); -} - -static void qemu_run_machine_init_done_notifiers(void) -{ - machine_init_done = true; - notifier_list_notify(&machine_init_done_notifiers, NULL); -} - -static const QEMUOption *lookup_opt(int argc, char **argv, - const char **poptarg, int *poptind) -{ - const QEMUOption *popt; - int optind = *poptind; - char *r = argv[optind]; - const char *optarg; - - loc_set_cmdline(argv, optind, 1); - optind++; - /* Treat --foo the same as -foo. */ - if (r[1] == '-') - r++; - popt = qemu_options; - for(;;) { - if (!popt->name) { - error_report("invalid option"); - exit(1); - } - if (!strcmp(popt->name, r + 1)) - break; - popt++; - } - if (popt->flags & HAS_ARG) { - if (optind >= argc) { - error_report("requires an argument"); - exit(1); - } - optarg = argv[optind++]; - loc_set_cmdline(argv, optind - 2, 2); - } else { - optarg = NULL; - } - - *poptarg = optarg; - *poptind = optind; - - return popt; -} - -static MachineClass *select_machine(void) -{ - GSList *machines = object_class_get_list(TYPE_MACHINE, false); - MachineClass *machine_class = find_default_machine(machines); - const char *optarg; - QemuOpts *opts; - Location loc; - - loc_push_none(&loc); - - opts = qemu_get_machine_opts(); - qemu_opts_loc_restore(opts); - - optarg = qemu_opt_get(opts, "type"); - if (optarg) { - machine_class = machine_parse(optarg, machines); - } - - if (!machine_class) { - error_report("No machine specified, and there is no default"); - error_printf("Use -machine help to list supported machines\n"); - exit(1); - } - - loc_pop(&loc); - g_slist_free(machines); - return machine_class; -} - -static int object_parse_property_opt(Object *obj, - const char *name, const char *value, - const char *skip, Error **errp) -{ - Error *local_err = NULL; - - if (g_str_equal(name, skip)) { - return 0; - } - - object_property_parse(obj, value, name, &local_err); - - if (local_err) { - error_propagate(errp, local_err); - return -1; - } - - return 0; -} - -static int machine_set_property(void *opaque, - const char *name, const char *value, - Error **errp) -{ - g_autofree char *qom_name = g_strdup(name); - char *p; - - for (p = qom_name; *p; p++) { - if (*p == '_') { - *p = '-'; - } - } - - /* Legacy options do not correspond to MachineState properties. */ - if (g_str_equal(qom_name, "accel")) { - return 0; - } - if (g_str_equal(qom_name, "igd-passthru")) { - object_register_sugar_prop(ACCEL_CLASS_NAME("xen"), qom_name, value); - return 0; - } - if (g_str_equal(qom_name, "kvm-shadow-mem") || - g_str_equal(qom_name, "kernel-irqchip")) { - object_register_sugar_prop(ACCEL_CLASS_NAME("kvm"), qom_name, value); - return 0; - } - - return object_parse_property_opt(opaque, name, value, "type", errp); -} - -/* - * Initial object creation happens before all other - * QEMU data types are created. The majority of objects - * can be created at this point. The rng-egd object - * cannot be created here, as it depends on the chardev - * already existing. - */ -static bool object_create_initial(const char *type, QemuOpts *opts) -{ - if (user_creatable_print_help(type, opts)) { - exit(0); - } - - /* - * Objects should not be made "delayed" without a reason. If you - * add one, state the reason in a comment! - */ - - /* Reason: rng-egd property "chardev" */ - if (g_str_equal(type, "rng-egd")) { - return false; - } - -#if defined(CONFIG_VHOST_USER) && defined(CONFIG_LINUX) - /* Reason: cryptodev-vhost-user property "chardev" */ - if (g_str_equal(type, "cryptodev-vhost-user")) { - return false; - } -#endif - - /* - * Reason: filter-* property "netdev" etc. - */ - if (g_str_equal(type, "filter-buffer") || - g_str_equal(type, "filter-dump") || - g_str_equal(type, "filter-mirror") || - g_str_equal(type, "filter-redirector") || - g_str_equal(type, "colo-compare") || - g_str_equal(type, "filter-rewriter") || - g_str_equal(type, "filter-replay")) { - return false; - } - - /* Memory allocation by backends needs to be done - * after configure_accelerator() (due to the tcg_enabled() - * checks at memory_region_init_*()). - * - * Also, allocation of large amounts of memory may delay - * chardev initialization for too long, and trigger timeouts - * on software that waits for a monitor socket to be created - * (e.g. libvirt). - */ - if (g_str_has_prefix(type, "memory-backend-")) { - return false; - } - - return true; -} - - -/* - * The remainder of object creation happens after the - * creation of chardev, fsdev, net clients and device data types. - */ -static bool object_create_delayed(const char *type, QemuOpts *opts) -{ - return !object_create_initial(type, opts); -} - - -static void set_memory_options(uint64_t *ram_slots, ram_addr_t *maxram_size, - MachineClass *mc) -{ - uint64_t sz; - const char *mem_str; - const ram_addr_t default_ram_size = mc->default_ram_size; - QemuOpts *opts = qemu_find_opts_singleton("memory"); - Location loc; - - loc_push_none(&loc); - qemu_opts_loc_restore(opts); - - sz = 0; - mem_str = qemu_opt_get(opts, "size"); - if (mem_str) { - if (!*mem_str) { - error_report("missing 'size' option value"); - exit(EXIT_FAILURE); - } - - sz = qemu_opt_get_size(opts, "size", ram_size); - - /* Fix up legacy suffix-less format */ - if (g_ascii_isdigit(mem_str[strlen(mem_str) - 1])) { - uint64_t overflow_check = sz; - - sz *= MiB; - if (sz / MiB != overflow_check) { - error_report("too large 'size' option value"); - exit(EXIT_FAILURE); - } - } - } - - /* backward compatibility behaviour for case "-m 0" */ - if (sz == 0) { - sz = default_ram_size; - } - - sz = QEMU_ALIGN_UP(sz, 8192); - ram_size = sz; - if (ram_size != sz) { - error_report("ram size too large"); - exit(EXIT_FAILURE); - } - - /* store value for the future use */ - qemu_opt_set_number(opts, "size", ram_size, &error_abort); - *maxram_size = ram_size; - - if (qemu_opt_get(opts, "maxmem")) { - uint64_t slots; - - sz = qemu_opt_get_size(opts, "maxmem", 0); - slots = qemu_opt_get_number(opts, "slots", 0); - if (sz < ram_size) { - error_report("invalid value of -m option maxmem: " - "maximum memory size (0x%" PRIx64 ") must be at least " - "the initial memory size (0x" RAM_ADDR_FMT ")", - sz, ram_size); - exit(EXIT_FAILURE); - } else if (slots && sz == ram_size) { - error_report("invalid value of -m option maxmem: " - "memory slots were specified but maximum memory size " - "(0x%" PRIx64 ") is equal to the initial memory size " - "(0x" RAM_ADDR_FMT ")", sz, ram_size); - exit(EXIT_FAILURE); - } - - *maxram_size = sz; - *ram_slots = slots; - } else if (qemu_opt_get(opts, "slots")) { - error_report("invalid -m option value: missing 'maxmem' option"); - exit(EXIT_FAILURE); - } - - loc_pop(&loc); -} - -static int global_init_func(void *opaque, QemuOpts *opts, Error **errp) -{ - GlobalProperty *g; - - g = g_malloc0(sizeof(*g)); - g->driver = qemu_opt_get(opts, "driver"); - g->property = qemu_opt_get(opts, "property"); - g->value = qemu_opt_get(opts, "value"); - qdev_prop_register_global(g); - return 0; -} - -static int qemu_read_default_config_file(void) -{ - int ret; - - ret = qemu_read_config_file(CONFIG_QEMU_CONFDIR "/qemu.conf"); - if (ret < 0 && ret != -ENOENT) { - return ret; - } - - return 0; -} - -static void user_register_global_props(void) -{ - qemu_opts_foreach(qemu_find_opts("global"), - global_init_func, NULL, NULL); -} - -static int do_configure_icount(void *opaque, QemuOpts *opts, Error **errp) -{ - configure_icount(opts, errp); - return 0; -} - -static int accelerator_set_property(void *opaque, - const char *name, const char *value, - Error **errp) -{ - return object_parse_property_opt(opaque, name, value, "accel", errp); -} - -static int do_configure_accelerator(void *opaque, QemuOpts *opts, Error **errp) -{ - bool *p_init_failed = opaque; - const char *acc = qemu_opt_get(opts, "accel"); - AccelClass *ac = accel_find(acc); - AccelState *accel; - int ret; - - if (!ac) { - *p_init_failed = true; - error_report("invalid accelerator %s", acc); - return 0; - } - accel = ACCEL(object_new_with_class(OBJECT_CLASS(ac))); - object_apply_compat_props(OBJECT(accel)); - qemu_opt_foreach(opts, accelerator_set_property, - accel, - &error_fatal); - - ret = accel_init_machine(accel, current_machine); - if (ret < 0) { - *p_init_failed = true; - error_report("failed to initialize %s: %s", - acc, strerror(-ret)); - return 0; - } - - return 1; -} - -static void configure_accelerators(const char *progname) -{ - const char *accel; - bool init_failed = false; - - qemu_opts_foreach(qemu_find_opts("icount"), - do_configure_icount, NULL, &error_fatal); - - accel = qemu_opt_get(qemu_get_machine_opts(), "accel"); - if (QTAILQ_EMPTY(&qemu_accel_opts.head)) { - char **accel_list, **tmp; - - if (accel == NULL) { - /* Select the default accelerator */ - bool have_tcg = accel_find("tcg"); - bool have_kvm = accel_find("kvm"); - - if (have_tcg && have_kvm) { - if (g_str_has_suffix(progname, "kvm")) { - /* If the program name ends with "kvm", we prefer KVM */ - accel = "kvm:tcg"; - } else { - accel = "tcg:kvm"; - } - } else if (have_kvm) { - accel = "kvm"; - } else if (have_tcg) { - accel = "tcg"; - } else { - error_report("No accelerator selected and" - " no default accelerator available"); - exit(1); - } - } - accel_list = g_strsplit(accel, ":", 0); - - for (tmp = accel_list; *tmp; tmp++) { - /* - * Filter invalid accelerators here, to prevent obscenities - * such as "-machine accel=tcg,,thread=single". - */ - if (accel_find(*tmp)) { - qemu_opts_parse_noisily(qemu_find_opts("accel"), *tmp, true); - } else { - init_failed = true; - error_report("invalid accelerator %s", *tmp); - } - } - g_strfreev(accel_list); - } else { - if (accel != NULL) { - error_report("The -accel and \"-machine accel=\" options are incompatible"); - exit(1); - } - } - - if (!qemu_opts_foreach(qemu_find_opts("accel"), - do_configure_accelerator, &init_failed, &error_fatal)) { - if (!init_failed) { - error_report("no accelerator found"); - } - exit(1); - } - - if (init_failed) { - AccelClass *ac = ACCEL_GET_CLASS(current_accel()); - error_report("falling back to %s", ac->name); - } - - if (use_icount && !(tcg_enabled() || qtest_enabled())) { - error_report("-icount is not allowed with hardware virtualization"); - exit(1); - } -} - -int main(int argc, char **argv, char **envp) -{ - int i; - int snapshot, linux_boot; - const char *initrd_filename; - const char *kernel_filename, *kernel_cmdline; - const char *boot_order = NULL; - const char *boot_once = NULL; - DisplayState *ds; - QemuOpts *opts, *machine_opts; - QemuOpts *icount_opts = NULL, *accel_opts = NULL; - QemuOptsList *olist; - int optind; - const char *optarg; - const char *loadvm = NULL; - MachineClass *machine_class; - const char *cpu_option; - const char *vga_model = NULL; - const char *qtest_chrdev = NULL; - const char *qtest_log = NULL; - const char *incoming = NULL; - bool userconfig = true; - bool nographic = false; - int display_remote = 0; - const char *log_mask = NULL; - const char *log_file = NULL; - char *trace_file = NULL; - ram_addr_t maxram_size; - uint64_t ram_slots = 0; - FILE *vmstate_dump_file = NULL; - Error *main_loop_err = NULL; - Error *err = NULL; - bool list_data_dirs = false; - char *dir, **dirs; - BlockdevOptionsQueue bdo_queue = QSIMPLEQ_HEAD_INITIALIZER(bdo_queue); - QemuPluginList plugin_list = QTAILQ_HEAD_INITIALIZER(plugin_list); - - os_set_line_buffering(); - - error_init(argv[0]); - module_call_init(MODULE_INIT_TRACE); - - qemu_init_cpu_list(); - qemu_init_cpu_loop(); - - qemu_mutex_lock_iothread(); - - atexit(qemu_run_exit_notifiers); - qemu_init_exec_dir(argv[0]); - - module_call_init(MODULE_INIT_QOM); - - qemu_add_opts(&qemu_drive_opts); - qemu_add_drive_opts(&qemu_legacy_drive_opts); - qemu_add_drive_opts(&qemu_common_drive_opts); - qemu_add_drive_opts(&qemu_drive_opts); - qemu_add_drive_opts(&bdrv_runtime_opts); - qemu_add_opts(&qemu_chardev_opts); - qemu_add_opts(&qemu_device_opts); - qemu_add_opts(&qemu_netdev_opts); - qemu_add_opts(&qemu_nic_opts); - qemu_add_opts(&qemu_net_opts); - qemu_add_opts(&qemu_rtc_opts); - qemu_add_opts(&qemu_global_opts); - qemu_add_opts(&qemu_mon_opts); - qemu_add_opts(&qemu_trace_opts); - qemu_plugin_add_opts(); - qemu_add_opts(&qemu_option_rom_opts); - qemu_add_opts(&qemu_machine_opts); - qemu_add_opts(&qemu_accel_opts); - qemu_add_opts(&qemu_mem_opts); - qemu_add_opts(&qemu_smp_opts); - qemu_add_opts(&qemu_boot_opts); - qemu_add_opts(&qemu_add_fd_opts); - qemu_add_opts(&qemu_object_opts); - qemu_add_opts(&qemu_tpmdev_opts); - qemu_add_opts(&qemu_realtime_opts); - qemu_add_opts(&qemu_overcommit_opts); - qemu_add_opts(&qemu_msg_opts); - qemu_add_opts(&qemu_name_opts); - qemu_add_opts(&qemu_numa_opts); - qemu_add_opts(&qemu_icount_opts); - qemu_add_opts(&qemu_semihosting_config_opts); - qemu_add_opts(&qemu_fw_cfg_opts); - module_call_init(MODULE_INIT_OPTS); - - runstate_init(); - precopy_infrastructure_init(); - postcopy_infrastructure_init(); - monitor_init_globals(); - - if (qcrypto_init(&err) < 0) { - error_reportf_err(err, "cannot initialize crypto: "); - exit(1); - } - - QTAILQ_INIT(&vm_change_state_head); - os_setup_early_signal_handling(); - - cpu_option = NULL; - snapshot = 0; - - nb_nics = 0; - - bdrv_init_with_whitelist(); - - autostart = 1; - - /* first pass of option parsing */ - optind = 1; - while (optind < argc) { - if (argv[optind][0] != '-') { - /* disk image */ - optind++; - } else { - const QEMUOption *popt; - - popt = lookup_opt(argc, argv, &optarg, &optind); - switch (popt->index) { - case QEMU_OPTION_nouserconfig: - userconfig = false; - break; - } - } - } - - if (userconfig) { - if (qemu_read_default_config_file() < 0) { - exit(1); - } - } - - /* second pass of option parsing */ - optind = 1; - for(;;) { - if (optind >= argc) - break; - if (argv[optind][0] != '-') { - loc_set_cmdline(argv, optind, 1); - drive_add(IF_DEFAULT, 0, argv[optind++], HD_OPTS); - } else { - const QEMUOption *popt; - - popt = lookup_opt(argc, argv, &optarg, &optind); - if (!(popt->arch_mask & arch_type)) { - error_report("Option not supported for this target"); - exit(1); - } - switch(popt->index) { - case QEMU_OPTION_cpu: - /* hw initialization will check this */ - cpu_option = optarg; - break; - case QEMU_OPTION_hda: - case QEMU_OPTION_hdb: - case QEMU_OPTION_hdc: - case QEMU_OPTION_hdd: - drive_add(IF_DEFAULT, popt->index - QEMU_OPTION_hda, optarg, - HD_OPTS); - break; - case QEMU_OPTION_blockdev: - { - Visitor *v; - BlockdevOptionsQueueEntry *bdo; - - v = qobject_input_visitor_new_str(optarg, "driver", - &error_fatal); - - bdo = g_new(BlockdevOptionsQueueEntry, 1); - visit_type_BlockdevOptions(v, NULL, &bdo->bdo, - &error_fatal); - visit_free(v); - loc_save(&bdo->loc); - QSIMPLEQ_INSERT_TAIL(&bdo_queue, bdo, entry); - break; - } - case QEMU_OPTION_drive: - if (drive_def(optarg) == NULL) { - exit(1); - } - break; - case QEMU_OPTION_set: - if (qemu_set_option(optarg) != 0) - exit(1); - break; - case QEMU_OPTION_global: - if (qemu_global_option(optarg) != 0) - exit(1); - break; - case QEMU_OPTION_mtdblock: - drive_add(IF_MTD, -1, optarg, MTD_OPTS); - break; - case QEMU_OPTION_sd: - drive_add(IF_SD, -1, optarg, SD_OPTS); - break; - case QEMU_OPTION_pflash: - drive_add(IF_PFLASH, -1, optarg, PFLASH_OPTS); - break; - case QEMU_OPTION_snapshot: - { - Error *blocker = NULL; - snapshot = 1; - error_setg(&blocker, QERR_REPLAY_NOT_SUPPORTED, - "-snapshot"); - replay_add_blocker(blocker); - } - break; - case QEMU_OPTION_numa: - opts = qemu_opts_parse_noisily(qemu_find_opts("numa"), - optarg, true); - if (!opts) { - exit(1); - } - break; - case QEMU_OPTION_display: - parse_display(optarg); - break; - case QEMU_OPTION_nographic: - olist = qemu_find_opts("machine"); - qemu_opts_parse_noisily(olist, "graphics=off", false); - nographic = true; - dpy.type = DISPLAY_TYPE_NONE; - break; - case QEMU_OPTION_curses: -#ifdef CONFIG_CURSES - dpy.type = DISPLAY_TYPE_CURSES; -#else - error_report("curses or iconv support is disabled"); - exit(1); -#endif - break; - case QEMU_OPTION_portrait: - graphic_rotate = 90; - break; - case QEMU_OPTION_rotate: - graphic_rotate = strtol(optarg, (char **) &optarg, 10); - if (graphic_rotate != 0 && graphic_rotate != 90 && - graphic_rotate != 180 && graphic_rotate != 270) { - error_report("only 90, 180, 270 deg rotation is available"); - exit(1); - } - break; - case QEMU_OPTION_kernel: - qemu_opts_set(qemu_find_opts("machine"), 0, "kernel", optarg, - &error_abort); - break; - case QEMU_OPTION_initrd: - qemu_opts_set(qemu_find_opts("machine"), 0, "initrd", optarg, - &error_abort); - break; - case QEMU_OPTION_append: - qemu_opts_set(qemu_find_opts("machine"), 0, "append", optarg, - &error_abort); - break; - case QEMU_OPTION_dtb: - qemu_opts_set(qemu_find_opts("machine"), 0, "dtb", optarg, - &error_abort); - break; - case QEMU_OPTION_cdrom: - drive_add(IF_DEFAULT, 2, optarg, CDROM_OPTS); - break; - case QEMU_OPTION_boot: - opts = qemu_opts_parse_noisily(qemu_find_opts("boot-opts"), - optarg, true); - if (!opts) { - exit(1); - } - break; - case QEMU_OPTION_fda: - case QEMU_OPTION_fdb: - drive_add(IF_FLOPPY, popt->index - QEMU_OPTION_fda, - optarg, FD_OPTS); - break; - case QEMU_OPTION_no_fd_bootchk: - fd_bootchk = 0; - break; - case QEMU_OPTION_netdev: - default_net = 0; - if (net_client_parse(qemu_find_opts("netdev"), optarg) == -1) { - exit(1); - } - break; - case QEMU_OPTION_nic: - default_net = 0; - if (net_client_parse(qemu_find_opts("nic"), optarg) == -1) { - exit(1); - } - break; - case QEMU_OPTION_net: - default_net = 0; - if (net_client_parse(qemu_find_opts("net"), optarg) == -1) { - exit(1); - } - break; -#ifdef CONFIG_LIBISCSI - case QEMU_OPTION_iscsi: - opts = qemu_opts_parse_noisily(qemu_find_opts("iscsi"), - optarg, false); - if (!opts) { - exit(1); - } - break; -#endif - case QEMU_OPTION_audio_help: - audio_legacy_help(); - exit (0); - break; - case QEMU_OPTION_audiodev: - audio_parse_option(optarg); - break; - case QEMU_OPTION_soundhw: - select_soundhw (optarg); - break; - case QEMU_OPTION_h: - help(0); - break; - case QEMU_OPTION_version: - version(); - exit(0); - break; - case QEMU_OPTION_m: - opts = qemu_opts_parse_noisily(qemu_find_opts("memory"), - optarg, true); - if (!opts) { - exit(EXIT_FAILURE); - } - break; -#ifdef CONFIG_TPM - case QEMU_OPTION_tpmdev: - if (tpm_config_parse(qemu_find_opts("tpmdev"), optarg) < 0) { - exit(1); - } - break; -#endif - case QEMU_OPTION_mempath: - mem_path = optarg; - break; - case QEMU_OPTION_mem_prealloc: - mem_prealloc = 1; - break; - case QEMU_OPTION_d: - log_mask = optarg; - break; - case QEMU_OPTION_D: - log_file = optarg; - break; - case QEMU_OPTION_DFILTER: - qemu_set_dfilter_ranges(optarg, &error_fatal); - break; - case QEMU_OPTION_seed: - qemu_guest_random_seed_main(optarg, &error_fatal); - break; - case QEMU_OPTION_s: - add_device_config(DEV_GDB, "tcp::" DEFAULT_GDBSTUB_PORT); - break; - case QEMU_OPTION_gdb: - add_device_config(DEV_GDB, optarg); - break; - case QEMU_OPTION_L: - if (is_help_option(optarg)) { - list_data_dirs = true; - } else { - qemu_add_data_dir(optarg); - } - break; - case QEMU_OPTION_bios: - qemu_opts_set(qemu_find_opts("machine"), 0, "firmware", optarg, - &error_abort); - break; - case QEMU_OPTION_singlestep: - singlestep = 1; - break; - case QEMU_OPTION_S: - autostart = 0; - break; - case QEMU_OPTION_k: - keyboard_layout = optarg; - break; - case QEMU_OPTION_vga: - vga_model = optarg; - default_vga = 0; - break; - case QEMU_OPTION_g: - { - const char *p; - int w, h, depth; - p = optarg; - w = strtol(p, (char **)&p, 10); - if (w <= 0) { - graphic_error: - error_report("invalid resolution or depth"); - exit(1); - } - if (*p != 'x') - goto graphic_error; - p++; - h = strtol(p, (char **)&p, 10); - if (h <= 0) - goto graphic_error; - if (*p == 'x') { - p++; - depth = strtol(p, (char **)&p, 10); - if (depth != 1 && depth != 2 && depth != 4 && - depth != 8 && depth != 15 && depth != 16 && - depth != 24 && depth != 32) - goto graphic_error; - } else if (*p == '\0') { - depth = graphic_depth; - } else { - goto graphic_error; - } - - graphic_width = w; - graphic_height = h; - graphic_depth = depth; - } - break; - case QEMU_OPTION_echr: - { - char *r; - term_escape_char = strtol(optarg, &r, 0); - if (r == optarg) - printf("Bad argument to echr\n"); - break; - } - case QEMU_OPTION_monitor: - default_monitor = 0; - if (strncmp(optarg, "none", 4)) { - monitor_parse(optarg, "readline", false); - } - break; - case QEMU_OPTION_qmp: - monitor_parse(optarg, "control", false); - default_monitor = 0; - break; - case QEMU_OPTION_qmp_pretty: - monitor_parse(optarg, "control", true); - default_monitor = 0; - break; - case QEMU_OPTION_mon: - opts = qemu_opts_parse_noisily(qemu_find_opts("mon"), optarg, - true); - if (!opts) { - exit(1); - } - default_monitor = 0; - break; - case QEMU_OPTION_chardev: - opts = qemu_opts_parse_noisily(qemu_find_opts("chardev"), - optarg, true); - if (!opts) { - exit(1); - } - break; - case QEMU_OPTION_fsdev: - olist = qemu_find_opts("fsdev"); - if (!olist) { - error_report("fsdev support is disabled"); - exit(1); - } - opts = qemu_opts_parse_noisily(olist, optarg, true); - if (!opts) { - exit(1); - } - break; - case QEMU_OPTION_virtfs: { - QemuOpts *fsdev; - QemuOpts *device; - const char *writeout, *sock_fd, *socket, *path, *security_model, - *multidevs; - - olist = qemu_find_opts("virtfs"); - if (!olist) { - error_report("virtfs support is disabled"); - exit(1); - } - opts = qemu_opts_parse_noisily(olist, optarg, true); - if (!opts) { - exit(1); - } - - if (qemu_opt_get(opts, "fsdriver") == NULL || - qemu_opt_get(opts, "mount_tag") == NULL) { - error_report("Usage: -virtfs fsdriver,mount_tag=tag"); - exit(1); - } - fsdev = qemu_opts_create(qemu_find_opts("fsdev"), - qemu_opts_id(opts) ?: - qemu_opt_get(opts, "mount_tag"), - 1, NULL); - if (!fsdev) { - error_report("duplicate or invalid fsdev id: %s", - qemu_opt_get(opts, "mount_tag")); - exit(1); - } - - writeout = qemu_opt_get(opts, "writeout"); - if (writeout) { -#ifdef CONFIG_SYNC_FILE_RANGE - qemu_opt_set(fsdev, "writeout", writeout, &error_abort); -#else - error_report("writeout=immediate not supported " - "on this platform"); - exit(1); -#endif - } - qemu_opt_set(fsdev, "fsdriver", - qemu_opt_get(opts, "fsdriver"), &error_abort); - path = qemu_opt_get(opts, "path"); - if (path) { - qemu_opt_set(fsdev, "path", path, &error_abort); - } - security_model = qemu_opt_get(opts, "security_model"); - if (security_model) { - qemu_opt_set(fsdev, "security_model", security_model, - &error_abort); - } - socket = qemu_opt_get(opts, "socket"); - if (socket) { - qemu_opt_set(fsdev, "socket", socket, &error_abort); - } - sock_fd = qemu_opt_get(opts, "sock_fd"); - if (sock_fd) { - qemu_opt_set(fsdev, "sock_fd", sock_fd, &error_abort); - } - - qemu_opt_set_bool(fsdev, "readonly", - qemu_opt_get_bool(opts, "readonly", 0), - &error_abort); - multidevs = qemu_opt_get(opts, "multidevs"); - if (multidevs) { - qemu_opt_set(fsdev, "multidevs", multidevs, &error_abort); - } - device = qemu_opts_create(qemu_find_opts("device"), NULL, 0, - &error_abort); - qemu_opt_set(device, "driver", "virtio-9p-pci", &error_abort); - qemu_opt_set(device, "fsdev", - qemu_opts_id(fsdev), &error_abort); - qemu_opt_set(device, "mount_tag", - qemu_opt_get(opts, "mount_tag"), &error_abort); - break; - } - case QEMU_OPTION_serial: - add_device_config(DEV_SERIAL, optarg); - default_serial = 0; - if (strncmp(optarg, "mon:", 4) == 0) { - default_monitor = 0; - } - break; - case QEMU_OPTION_watchdog: - if (watchdog) { - error_report("only one watchdog option may be given"); - return 1; - } - watchdog = optarg; - break; - case QEMU_OPTION_watchdog_action: - if (select_watchdog_action(optarg) == -1) { - error_report("unknown -watchdog-action parameter"); - exit(1); - } - break; - case QEMU_OPTION_parallel: - add_device_config(DEV_PARALLEL, optarg); - default_parallel = 0; - if (strncmp(optarg, "mon:", 4) == 0) { - default_monitor = 0; - } - break; - case QEMU_OPTION_debugcon: - add_device_config(DEV_DEBUGCON, optarg); - break; - case QEMU_OPTION_loadvm: - loadvm = optarg; - break; - case QEMU_OPTION_full_screen: - dpy.has_full_screen = true; - dpy.full_screen = true; - break; - case QEMU_OPTION_alt_grab: - alt_grab = 1; - break; - case QEMU_OPTION_ctrl_grab: - ctrl_grab = 1; - break; - case QEMU_OPTION_no_quit: - dpy.has_window_close = true; - dpy.window_close = false; - break; - case QEMU_OPTION_sdl: -#ifdef CONFIG_SDL - dpy.type = DISPLAY_TYPE_SDL; - break; -#else - error_report("SDL support is disabled"); - exit(1); -#endif - case QEMU_OPTION_pidfile: - pid_file = optarg; - break; - case QEMU_OPTION_win2k_hack: - win2k_install_hack = 1; - break; - case QEMU_OPTION_acpitable: - opts = qemu_opts_parse_noisily(qemu_find_opts("acpi"), - optarg, true); - if (!opts) { - exit(1); - } - acpi_table_add(opts, &error_fatal); - break; - case QEMU_OPTION_smbios: - opts = qemu_opts_parse_noisily(qemu_find_opts("smbios"), - optarg, false); - if (!opts) { - exit(1); - } - smbios_entry_add(opts, &error_fatal); - break; - case QEMU_OPTION_fwcfg: - opts = qemu_opts_parse_noisily(qemu_find_opts("fw_cfg"), - optarg, true); - if (opts == NULL) { - exit(1); - } - break; - case QEMU_OPTION_preconfig: - preconfig_exit_requested = false; - break; - case QEMU_OPTION_enable_kvm: - olist = qemu_find_opts("machine"); - qemu_opts_parse_noisily(olist, "accel=kvm", false); - break; - case QEMU_OPTION_M: - case QEMU_OPTION_machine: - olist = qemu_find_opts("machine"); - opts = qemu_opts_parse_noisily(olist, optarg, true); - if (!opts) { - exit(1); - } - break; - case QEMU_OPTION_no_kvm: - olist = qemu_find_opts("machine"); - qemu_opts_parse_noisily(olist, "accel=tcg", false); - break; - case QEMU_OPTION_accel: - accel_opts = qemu_opts_parse_noisily(qemu_find_opts("accel"), - optarg, true); - optarg = qemu_opt_get(accel_opts, "accel"); - if (!optarg || is_help_option(optarg)) { - printf("Accelerators supported in QEMU binary:\n"); - GSList *el, *accel_list = object_class_get_list(TYPE_ACCEL, - false); - for (el = accel_list; el; el = el->next) { - gchar *typename = g_strdup(object_class_get_name( - OBJECT_CLASS(el->data))); - /* omit qtest which is used for tests only */ - if (g_strcmp0(typename, ACCEL_CLASS_NAME("qtest")) && - g_str_has_suffix(typename, ACCEL_CLASS_SUFFIX)) { - gchar **optname = g_strsplit(typename, - ACCEL_CLASS_SUFFIX, 0); - printf("%s\n", optname[0]); - g_strfreev(optname); - } - g_free(typename); - } - g_slist_free(accel_list); - exit(0); - } - if (optarg && strchr(optarg, ':')) { - error_report("Don't use ':' with -accel, " - "use -M accel=... for now instead"); - exit(1); - } - break; - case QEMU_OPTION_usb: - olist = qemu_find_opts("machine"); - qemu_opts_parse_noisily(olist, "usb=on", false); - break; - case QEMU_OPTION_usbdevice: - error_report("'-usbdevice' is deprecated, please use " - "'-device usb-...' instead"); - olist = qemu_find_opts("machine"); - qemu_opts_parse_noisily(olist, "usb=on", false); - add_device_config(DEV_USB, optarg); - break; - case QEMU_OPTION_device: - if (!qemu_opts_parse_noisily(qemu_find_opts("device"), - optarg, true)) { - exit(1); - } - break; - case QEMU_OPTION_smp: - if (!qemu_opts_parse_noisily(qemu_find_opts("smp-opts"), - optarg, true)) { - exit(1); - } - break; - case QEMU_OPTION_vnc: - vnc_parse(optarg, &error_fatal); - break; - case QEMU_OPTION_no_acpi: - acpi_enabled = 0; - break; - case QEMU_OPTION_no_hpet: - no_hpet = 1; - break; - case QEMU_OPTION_no_reboot: - no_reboot = 1; - break; - case QEMU_OPTION_no_shutdown: - no_shutdown = 1; - break; - case QEMU_OPTION_show_cursor: - warn_report("The -show-cursor option is deprecated, " - "use -display {sdl,gtk},show-cursor=on instead"); - dpy.has_show_cursor = true; - dpy.show_cursor = true; - break; - case QEMU_OPTION_uuid: - if (qemu_uuid_parse(optarg, &qemu_uuid) < 0) { - error_report("failed to parse UUID string: wrong format"); - exit(1); - } - qemu_uuid_set = true; - break; - case QEMU_OPTION_option_rom: - if (nb_option_roms >= MAX_OPTION_ROMS) { - error_report("too many option ROMs"); - exit(1); - } - opts = qemu_opts_parse_noisily(qemu_find_opts("option-rom"), - optarg, true); - if (!opts) { - exit(1); - } - option_rom[nb_option_roms].name = qemu_opt_get(opts, "romfile"); - option_rom[nb_option_roms].bootindex = - qemu_opt_get_number(opts, "bootindex", -1); - if (!option_rom[nb_option_roms].name) { - error_report("Option ROM file is not specified"); - exit(1); - } - nb_option_roms++; - break; - case QEMU_OPTION_semihosting: - qemu_semihosting_enable(); - break; - case QEMU_OPTION_semihosting_config: - if (qemu_semihosting_config_options(optarg) != 0) { - exit(1); - } - break; - case QEMU_OPTION_name: - opts = qemu_opts_parse_noisily(qemu_find_opts("name"), - optarg, true); - if (!opts) { - exit(1); - } - break; - case QEMU_OPTION_prom_env: - if (nb_prom_envs >= MAX_PROM_ENVS) { - error_report("too many prom variables"); - exit(1); - } - prom_envs[nb_prom_envs] = optarg; - nb_prom_envs++; - break; - case QEMU_OPTION_old_param: - old_param = 1; - break; - case QEMU_OPTION_rtc: - opts = qemu_opts_parse_noisily(qemu_find_opts("rtc"), optarg, - false); - if (!opts) { - exit(1); - } - break; - case QEMU_OPTION_tb_size: -#ifndef CONFIG_TCG - error_report("TCG is disabled"); - exit(1); -#endif - warn_report("The -tb-size option is deprecated, use -accel tcg,tb-size instead"); - object_register_sugar_prop(ACCEL_CLASS_NAME("tcg"), "tb-size", optarg); - break; - case QEMU_OPTION_icount: - icount_opts = qemu_opts_parse_noisily(qemu_find_opts("icount"), - optarg, true); - if (!icount_opts) { - exit(1); - } - break; - case QEMU_OPTION_incoming: - if (!incoming) { - runstate_set(RUN_STATE_INMIGRATE); - } - incoming = optarg; - break; - case QEMU_OPTION_only_migratable: - only_migratable = 1; - break; - case QEMU_OPTION_nodefaults: - has_defaults = 0; - break; - case QEMU_OPTION_xen_domid: - if (!(xen_available())) { - error_report("Option not supported for this target"); - exit(1); - } - xen_domid = atoi(optarg); - break; - case QEMU_OPTION_xen_attach: - if (!(xen_available())) { - error_report("Option not supported for this target"); - exit(1); - } - xen_mode = XEN_ATTACH; - break; - case QEMU_OPTION_xen_domid_restrict: - if (!(xen_available())) { - error_report("Option not supported for this target"); - exit(1); - } - xen_domid_restrict = true; - break; - case QEMU_OPTION_trace: - g_free(trace_file); - trace_file = trace_opt_parse(optarg); - break; - case QEMU_OPTION_plugin: - qemu_plugin_opt_parse(optarg, &plugin_list); - break; - case QEMU_OPTION_readconfig: - { - int ret = qemu_read_config_file(optarg); - if (ret < 0) { - error_report("read config %s: %s", optarg, - strerror(-ret)); - exit(1); - } - break; - } - case QEMU_OPTION_spice: - olist = qemu_find_opts("spice"); - if (!olist) { - error_report("spice support is disabled"); - exit(1); - } - opts = qemu_opts_parse_noisily(olist, optarg, false); - if (!opts) { - exit(1); - } - display_remote++; - break; - case QEMU_OPTION_writeconfig: - { - FILE *fp; - if (strcmp(optarg, "-") == 0) { - fp = stdout; - } else { - fp = fopen(optarg, "w"); - if (fp == NULL) { - error_report("open %s: %s", optarg, - strerror(errno)); - exit(1); - } - } - qemu_config_write(fp); - if (fp != stdout) { - fclose(fp); - } - break; - } - case QEMU_OPTION_qtest: - qtest_chrdev = optarg; - break; - case QEMU_OPTION_qtest_log: - qtest_log = optarg; - break; - case QEMU_OPTION_sandbox: - olist = qemu_find_opts("sandbox"); - if (!olist) { -#ifndef CONFIG_SECCOMP - error_report("-sandbox support is not enabled " - "in this QEMU binary"); -#endif - exit(1); - } - - opts = qemu_opts_parse_noisily(olist, optarg, true); - if (!opts) { - exit(1); - } - break; - case QEMU_OPTION_add_fd: -#ifndef _WIN32 - opts = qemu_opts_parse_noisily(qemu_find_opts("add-fd"), - optarg, false); - if (!opts) { - exit(1); - } -#else - error_report("File descriptor passing is disabled on this " - "platform"); - exit(1); -#endif - break; - case QEMU_OPTION_object: - opts = qemu_opts_parse_noisily(qemu_find_opts("object"), - optarg, true); - if (!opts) { - exit(1); - } - break; - case QEMU_OPTION_realtime: - warn_report("'-realtime mlock=...' is deprecated, please use " - "'-overcommit mem-lock=...' instead"); - opts = qemu_opts_parse_noisily(qemu_find_opts("realtime"), - optarg, false); - if (!opts) { - exit(1); - } - /* Don't override the -overcommit option if set */ - enable_mlock = enable_mlock || - qemu_opt_get_bool(opts, "mlock", true); - break; - case QEMU_OPTION_overcommit: - opts = qemu_opts_parse_noisily(qemu_find_opts("overcommit"), - optarg, false); - if (!opts) { - exit(1); - } - /* Don't override the -realtime option if set */ - enable_mlock = enable_mlock || - qemu_opt_get_bool(opts, "mem-lock", false); - enable_cpu_pm = qemu_opt_get_bool(opts, "cpu-pm", false); - break; - case QEMU_OPTION_msg: - opts = qemu_opts_parse_noisily(qemu_find_opts("msg"), optarg, - false); - if (!opts) { - exit(1); - } - configure_msg(opts); - break; - case QEMU_OPTION_dump_vmstate: - if (vmstate_dump_file) { - error_report("only one '-dump-vmstate' " - "option may be given"); - exit(1); - } - vmstate_dump_file = fopen(optarg, "w"); - if (vmstate_dump_file == NULL) { - error_report("open %s: %s", optarg, strerror(errno)); - exit(1); - } - break; - case QEMU_OPTION_enable_sync_profile: - qsp_enable(); - break; - case QEMU_OPTION_nouserconfig: - /* Nothing to be parsed here. Especially, do not error out below. */ - break; - default: - if (os_parse_cmd_args(popt->index, optarg)) { - error_report("Option not supported in this build"); - exit(1); - } - } - } - } - /* - * Clear error location left behind by the loop. - * Best done right after the loop. Do not insert code here! - */ - loc_set_none(); - - user_register_global_props(); - - replay_configure(icount_opts); - - if (incoming && !preconfig_exit_requested) { - error_report("'preconfig' and 'incoming' options are " - "mutually exclusive"); - exit(EXIT_FAILURE); - } - - configure_rtc(qemu_find_opts_singleton("rtc")); - - machine_class = select_machine(); - object_set_machine_compat_props(machine_class->compat_props); - - set_memory_options(&ram_slots, &maxram_size, machine_class); - - os_daemonize(); - rcu_disable_atfork(); - - if (pid_file && !qemu_write_pidfile(pid_file, &err)) { - error_reportf_err(err, "cannot create PID file: "); - exit(1); - } - - qemu_unlink_pidfile_notifier.notify = qemu_unlink_pidfile; - qemu_add_exit_notifier(&qemu_unlink_pidfile_notifier); - - if (qemu_init_main_loop(&main_loop_err)) { - error_report_err(main_loop_err); - exit(1); - } - -#ifdef CONFIG_SECCOMP - olist = qemu_find_opts_err("sandbox", NULL); - if (olist) { - qemu_opts_foreach(olist, parse_sandbox, NULL, &error_fatal); - } -#endif - - qemu_opts_foreach(qemu_find_opts("name"), - parse_name, NULL, &error_fatal); - -#ifndef _WIN32 - qemu_opts_foreach(qemu_find_opts("add-fd"), - parse_add_fd, NULL, &error_fatal); - - qemu_opts_foreach(qemu_find_opts("add-fd"), - cleanup_add_fd, NULL, &error_fatal); -#endif - - current_machine = MACHINE(object_new_with_class(OBJECT_CLASS(machine_class))); - if (machine_help_func(qemu_get_machine_opts(), current_machine)) { - exit(0); - } - object_property_add_child(object_get_root(), "machine", - OBJECT(current_machine), &error_abort); - object_property_add_child(container_get(OBJECT(current_machine), - "/unattached"), - "sysbus", OBJECT(sysbus_get_default()), - NULL); - - if (machine_class->minimum_page_bits) { - if (!set_preferred_target_page_bits(machine_class->minimum_page_bits)) { - /* This would be a board error: specifying a minimum smaller than - * a target's compile-time fixed setting. - */ - g_assert_not_reached(); - } - } - - cpu_exec_init_all(); - - if (machine_class->hw_version) { - qemu_set_hw_version(machine_class->hw_version); - } - - if (cpu_option && is_help_option(cpu_option)) { - list_cpus(cpu_option); - exit(0); - } - - if (!trace_init_backends()) { - exit(1); - } - trace_init_file(trace_file); - - /* Open the logfile at this point and set the log mask if necessary. - */ - qemu_set_log_filename(log_file, &error_fatal); - if (log_mask) { - int mask; - mask = qemu_str_to_log_mask(log_mask); - if (!mask) { - qemu_print_log_usage(stdout); - exit(1); - } - qemu_set_log(mask); - } else { - qemu_set_log(0); - } - - /* add configured firmware directories */ - dirs = g_strsplit(CONFIG_QEMU_FIRMWAREPATH, G_SEARCHPATH_SEPARATOR_S, 0); - for (i = 0; dirs[i] != NULL; i++) { - qemu_add_data_dir(dirs[i]); - } - g_strfreev(dirs); - - /* try to find datadir relative to the executable path */ - dir = os_find_datadir(); - qemu_add_data_dir(dir); - g_free(dir); - - /* add the datadir specified when building */ - qemu_add_data_dir(CONFIG_QEMU_DATADIR); - - /* -L help lists the data directories and exits. */ - if (list_data_dirs) { - for (i = 0; i < data_dir_idx; i++) { - printf("%s\n", data_dir[i]); - } - exit(0); - } - - /* machine_class: default to UP */ - machine_class->max_cpus = machine_class->max_cpus ?: 1; - machine_class->min_cpus = machine_class->min_cpus ?: 1; - machine_class->default_cpus = machine_class->default_cpus ?: 1; - - /* default to machine_class->default_cpus */ - current_machine->smp.cpus = machine_class->default_cpus; - current_machine->smp.max_cpus = machine_class->default_cpus; - current_machine->smp.cores = 1; - current_machine->smp.threads = 1; - - machine_class->smp_parse(current_machine, - qemu_opts_find(qemu_find_opts("smp-opts"), NULL)); - - /* sanity-check smp_cpus and max_cpus against machine_class */ - if (current_machine->smp.cpus < machine_class->min_cpus) { - error_report("Invalid SMP CPUs %d. The min CPUs " - "supported by machine '%s' is %d", - current_machine->smp.cpus, - machine_class->name, machine_class->min_cpus); - exit(1); - } - if (current_machine->smp.max_cpus > machine_class->max_cpus) { - error_report("Invalid SMP CPUs %d. The max CPUs " - "supported by machine '%s' is %d", - current_machine->smp.max_cpus, - machine_class->name, machine_class->max_cpus); - exit(1); - } - - /* - * Get the default machine options from the machine if it is not already - * specified either by the configuration file or by the command line. - */ - if (machine_class->default_machine_opts) { - qemu_opts_set_defaults(qemu_find_opts("machine"), - machine_class->default_machine_opts, 0); - } - - /* process plugin before CPUs are created, but once -smp has been parsed */ - if (qemu_plugin_load_list(&plugin_list)) { - exit(1); - } - - qemu_opts_foreach(qemu_find_opts("device"), - default_driver_check, NULL, NULL); - qemu_opts_foreach(qemu_find_opts("global"), - default_driver_check, NULL, NULL); - - if (!vga_model && !default_vga) { - vga_interface_type = VGA_DEVICE; - } - if (!has_defaults || machine_class->no_serial) { - default_serial = 0; - } - if (!has_defaults || machine_class->no_parallel) { - default_parallel = 0; - } - if (!has_defaults || machine_class->no_floppy) { - default_floppy = 0; - } - if (!has_defaults || machine_class->no_cdrom) { - default_cdrom = 0; - } - if (!has_defaults || machine_class->no_sdcard) { - default_sdcard = 0; - } - if (!has_defaults) { - default_monitor = 0; - default_net = 0; - default_vga = 0; - } - - if (is_daemonized()) { - if (!preconfig_exit_requested) { - error_report("'preconfig' and 'daemonize' options are " - "mutually exclusive"); - exit(EXIT_FAILURE); - } - - /* According to documentation and historically, -nographic redirects - * serial port, parallel port and monitor to stdio, which does not work - * with -daemonize. We can redirect these to null instead, but since - * -nographic is legacy, let's just error out. - * We disallow -nographic only if all other ports are not redirected - * explicitly, to not break existing legacy setups which uses - * -nographic _and_ redirects all ports explicitly - this is valid - * usage, -nographic is just a no-op in this case. - */ - if (nographic - && (default_parallel || default_serial || default_monitor)) { - error_report("-nographic cannot be used with -daemonize"); - exit(1); - } -#ifdef CONFIG_CURSES - if (dpy.type == DISPLAY_TYPE_CURSES) { - error_report("curses display cannot be used with -daemonize"); - exit(1); - } -#endif - } - - if (nographic) { - if (default_parallel) - add_device_config(DEV_PARALLEL, "null"); - if (default_serial && default_monitor) { - add_device_config(DEV_SERIAL, "mon:stdio"); - } else { - if (default_serial) - add_device_config(DEV_SERIAL, "stdio"); - if (default_monitor) - monitor_parse("stdio", "readline", false); - } - } else { - if (default_serial) - add_device_config(DEV_SERIAL, "vc:80Cx24C"); - if (default_parallel) - add_device_config(DEV_PARALLEL, "vc:80Cx24C"); - if (default_monitor) - monitor_parse("vc:80Cx24C", "readline", false); - } - -#if defined(CONFIG_VNC) - if (!QTAILQ_EMPTY(&(qemu_find_opts("vnc")->head))) { - display_remote++; - } -#endif - if (dpy.type == DISPLAY_TYPE_DEFAULT && !display_remote) { - if (!qemu_display_find_default(&dpy)) { - dpy.type = DISPLAY_TYPE_NONE; -#if defined(CONFIG_VNC) - vnc_parse("localhost:0,to=99,id=default", &error_abort); -#endif - } - } - if (dpy.type == DISPLAY_TYPE_DEFAULT) { - dpy.type = DISPLAY_TYPE_NONE; - } - - if ((alt_grab || ctrl_grab) && dpy.type != DISPLAY_TYPE_SDL) { - error_report("-alt-grab and -ctrl-grab are only valid " - "for SDL, ignoring option"); - } - if (dpy.has_window_close && - (dpy.type != DISPLAY_TYPE_GTK && dpy.type != DISPLAY_TYPE_SDL)) { - error_report("-no-quit is only valid for GTK and SDL, " - "ignoring option"); - } - - qemu_display_early_init(&dpy); - qemu_console_early_init(); - - if (dpy.has_gl && dpy.gl != DISPLAYGL_MODE_OFF && display_opengl == 0) { -#if defined(CONFIG_OPENGL) - error_report("OpenGL is not supported by the display"); -#else - error_report("OpenGL support is disabled"); -#endif - exit(1); - } - - page_size_init(); - socket_init(); - - qemu_opts_foreach(qemu_find_opts("object"), - user_creatable_add_opts_foreach, - object_create_initial, &error_fatal); - - qemu_opts_foreach(qemu_find_opts("chardev"), - chardev_init_func, NULL, &error_fatal); - /* now chardevs have been created we may have semihosting to connect */ - qemu_semihosting_connect_chardevs(); - -#ifdef CONFIG_VIRTFS - qemu_opts_foreach(qemu_find_opts("fsdev"), - fsdev_init_func, NULL, &error_fatal); -#endif - - if (qemu_opts_foreach(qemu_find_opts("device"), - device_help_func, NULL, NULL)) { - exit(0); - } - - /* - * Note: we need to create block backends before - * machine_set_property(), so machine properties can refer to - * them. - */ - configure_blockdev(&bdo_queue, machine_class, snapshot); - - machine_opts = qemu_get_machine_opts(); - qemu_opt_foreach(machine_opts, machine_set_property, current_machine, - &error_fatal); - current_machine->ram_size = ram_size; - current_machine->maxram_size = maxram_size; - current_machine->ram_slots = ram_slots; - - /* - * Note: uses machine properties such as kernel-irqchip, must run - * after machine_set_property(). - */ - configure_accelerators(argv[0]); - - /* - * Beware, QOM objects created before this point miss global and - * compat properties. - * - * Global properties get set up by qdev_prop_register_global(), - * called from user_register_global_props(), and certain option - * desugaring. Also in CPU feature desugaring (buried in - * parse_cpu_option()), which happens below this point, but may - * only target the CPU type, which can only be created after - * parse_cpu_option() returned the type. - * - * Machine compat properties: object_set_machine_compat_props(). - * Accelerator compat props: object_set_accelerator_compat_props(), - * called from configure_accelerator(). - */ - - if (!qtest_enabled() && machine_class->deprecation_reason) { - error_report("Machine type '%s' is deprecated: %s", - machine_class->name, machine_class->deprecation_reason); - } - - /* - * Note: creates a QOM object, must run only after global and - * compat properties have been set up. - */ - migration_object_init(); - - if (qtest_chrdev) { - qtest_server_init(qtest_chrdev, qtest_log, &error_fatal); - } - - machine_opts = qemu_get_machine_opts(); - kernel_filename = qemu_opt_get(machine_opts, "kernel"); - initrd_filename = qemu_opt_get(machine_opts, "initrd"); - kernel_cmdline = qemu_opt_get(machine_opts, "append"); - bios_name = qemu_opt_get(machine_opts, "firmware"); - - opts = qemu_opts_find(qemu_find_opts("boot-opts"), NULL); - if (opts) { - boot_order = qemu_opt_get(opts, "order"); - if (boot_order) { - validate_bootdevices(boot_order, &error_fatal); - } - - boot_once = qemu_opt_get(opts, "once"); - if (boot_once) { - validate_bootdevices(boot_once, &error_fatal); - } - - boot_menu = qemu_opt_get_bool(opts, "menu", boot_menu); - boot_strict = qemu_opt_get_bool(opts, "strict", false); - } - - if (!boot_order) { - boot_order = machine_class->default_boot_order; - } - - if (!kernel_cmdline) { - kernel_cmdline = ""; - current_machine->kernel_cmdline = (char *)kernel_cmdline; - } - - linux_boot = (kernel_filename != NULL); - - if (!linux_boot && *kernel_cmdline != '\0') { - error_report("-append only allowed with -kernel option"); - exit(1); - } - - if (!linux_boot && initrd_filename != NULL) { - error_report("-initrd only allowed with -kernel option"); - exit(1); - } - - if (semihosting_enabled() && !semihosting_get_argc() && kernel_filename) { - /* fall back to the -kernel/-append */ - semihosting_arg_fallback(kernel_filename, kernel_cmdline); - } - - /* spice needs the timers to be initialized by this point */ - qemu_spice_init(); - - cpu_ticks_init(); - - if (default_net) { - QemuOptsList *net = qemu_find_opts("net"); - qemu_opts_set(net, NULL, "type", "nic", &error_abort); -#ifdef CONFIG_SLIRP - qemu_opts_set(net, NULL, "type", "user", &error_abort); -#endif - } - - if (net_init_clients(&err) < 0) { - error_report_err(err); - exit(1); - } - - qemu_opts_foreach(qemu_find_opts("object"), - user_creatable_add_opts_foreach, - object_create_delayed, &error_fatal); - - tpm_init(); - - if (!xen_enabled()) { - /* On 32-bit hosts, QEMU is limited by virtual address space */ - if (ram_size > (2047 << 20) && HOST_LONG_BITS == 32) { - error_report("at most 2047 MB RAM can be simulated"); - exit(1); - } - } - - blk_mig_init(); - ram_mig_init(); - dirty_bitmap_mig_init(); - - qemu_opts_foreach(qemu_find_opts("mon"), - mon_init_func, NULL, &error_fatal); - - /* connect semihosting console input if requested */ - qemu_semihosting_console_init(); - - if (foreach_device_config(DEV_SERIAL, serial_parse) < 0) - exit(1); - if (foreach_device_config(DEV_PARALLEL, parallel_parse) < 0) - exit(1); - if (foreach_device_config(DEV_DEBUGCON, debugcon_parse) < 0) - exit(1); - - /* If no default VGA is requested, the default is "none". */ - if (default_vga) { - vga_model = get_default_vga_model(machine_class); - } - if (vga_model) { - select_vgahw(machine_class, vga_model); - } - - if (watchdog) { - i = select_watchdog(watchdog); - if (i > 0) - exit (i == 1 ? 1 : 0); - } - - /* This checkpoint is required by replay to separate prior clock - reading from the other reads, because timer polling functions query - clock values from the log. */ - replay_checkpoint(CHECKPOINT_INIT); - qdev_machine_init(); - - current_machine->boot_order = boot_order; - - /* parse features once if machine provides default cpu_type */ - current_machine->cpu_type = machine_class->default_cpu_type; - if (cpu_option) { - current_machine->cpu_type = parse_cpu_option(cpu_option); - } - parse_numa_opts(current_machine); - - /* do monitor/qmp handling at preconfig state if requested */ - main_loop(); - - audio_init_audiodevs(); - - /* from here on runstate is RUN_STATE_PRELAUNCH */ - machine_run_board_init(current_machine); - - realtime_init(); - - soundhw_init(); - - if (hax_enabled()) { - hax_sync_vcpus(); - } - - qemu_opts_foreach(qemu_find_opts("fw_cfg"), - parse_fw_cfg, fw_cfg_find(), &error_fatal); - - /* init USB devices */ - if (machine_usb(current_machine)) { - if (foreach_device_config(DEV_USB, usb_parse) < 0) - exit(1); - } - - /* init generic devices */ - rom_set_order_override(FW_CFG_ORDER_OVERRIDE_DEVICE); - qemu_opts_foreach(qemu_find_opts("device"), - device_init_func, NULL, &error_fatal); - - cpu_synchronize_all_post_init(); - - rom_reset_order_override(); - - /* Did we create any drives that we failed to create a device for? */ - drive_check_orphaned(); - - /* Don't warn about the default network setup that you get if - * no command line -net or -netdev options are specified. There - * are two cases that we would otherwise complain about: - * (1) board doesn't support a NIC but the implicit "-net nic" - * requested one - * (2) CONFIG_SLIRP not set, in which case the implicit "-net nic" - * sets up a nic that isn't connected to anything. - */ - if (!default_net && (!qtest_enabled() || has_defaults)) { - net_check_clients(); - } - - if (boot_once) { - qemu_boot_set(boot_once, &error_fatal); - qemu_register_reset(restore_boot_order, g_strdup(boot_order)); - } - - /* init local displays */ - ds = init_displaystate(); - qemu_display_init(ds, &dpy); - - /* must be after terminal init, SDL library changes signal handlers */ - os_setup_signal_handling(); - - /* init remote displays */ -#ifdef CONFIG_VNC - qemu_opts_foreach(qemu_find_opts("vnc"), - vnc_init_func, NULL, &error_fatal); -#endif - - if (using_spice) { - qemu_spice_display_init(); - } - - if (foreach_device_config(DEV_GDB, gdbserver_start) < 0) { - exit(1); - } - - qdev_machine_creation_done(); - - /* TODO: once all bus devices are qdevified, this should be done - * when bus is created by qdev.c */ - /* - * TODO: If we had a main 'reset container' that the whole system - * lived in, we could reset that using the multi-phase reset - * APIs. For the moment, we just reset the sysbus, which will cause - * all devices hanging off it (and all their child buses, recursively) - * to be reset. Note that this will *not* reset any Device objects - * which are not attached to some part of the qbus tree! - */ - qemu_register_reset(resettable_cold_reset_fn, sysbus_get_default()); - qemu_run_machine_init_done_notifiers(); - - if (rom_check_and_register_reset() != 0) { - error_report("rom check and register reset failed"); - exit(1); - } - - replay_start(); - - /* This checkpoint is required by replay to separate prior clock - reading from the other reads, because timer polling functions query - clock values from the log. */ - replay_checkpoint(CHECKPOINT_RESET); - qemu_system_reset(SHUTDOWN_CAUSE_NONE); - register_global_state(); - if (loadvm) { - Error *local_err = NULL; - if (load_snapshot(loadvm, &local_err) < 0) { - error_report_err(local_err); - autostart = 0; - exit(1); - } - } - if (replay_mode != REPLAY_MODE_NONE) { - replay_vmstate_init(); - } - - qdev_prop_check_globals(); - if (vmstate_dump_file) { - /* dump and exit */ - dump_vmstate_json_to_file(vmstate_dump_file); - return 0; - } - - if (incoming) { - Error *local_err = NULL; - qemu_start_incoming_migration(incoming, &local_err); - if (local_err) { - error_reportf_err(local_err, "-incoming %s: ", incoming); - exit(1); - } - } else if (autostart) { - vm_start(); - } - - accel_setup_post(current_machine); - os_setup_post(); - - main_loop(); - - gdbserver_cleanup(); - - /* - * cleaning up the migration object cancels any existing migration - * try to do this early so that it also stops using devices. - */ - migration_shutdown(); - - /* - * We must cancel all block jobs while the block layer is drained, - * or cancelling will be affected by throttling and thus may block - * for an extended period of time. - * vm_shutdown() will bdrv_drain_all(), so we may as well include - * it in the drained section. - * We do not need to end this section, because we do not want any - * requests happening from here on anyway. - */ - bdrv_drain_all_begin(); - - /* No more vcpu or device emulation activity beyond this point */ - vm_shutdown(); - replay_finish(); - - job_cancel_sync_all(); - bdrv_close_all(); - - res_free(); - - /* vhost-user must be cleaned up before chardevs. */ - tpm_cleanup(); - net_cleanup(); - audio_cleanup(); - monitor_cleanup(); - qemu_chr_cleanup(); - user_creatable_cleanup(); - /* TODO: unref root container, check all devices are ok */ - - return 0; -} -- cgit v1.1 From 7b73386222626608f843ca4773426dce4ebcc73a Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:10:58 -0500 Subject: softmmu: split off vl.c:main() into main.c A program might rely on functions implemented in vl.c, but implement its own main(). By placing main into a separate source file, there are no complaints about duplicate main()s when linking against vl.o. For example, the virtual-device fuzzer uses a main() provided by libfuzzer, and needs to perform some initialization before running the softmmu initialization. Now, main simply calls three vl.c functions which handle the guest initialization, main loop and cleanup. Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny Message-id: 20200220041118.23264-3-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- MAINTAINERS | 1 + Makefile.target | 2 +- include/sysemu/sysemu.h | 4 ++++ softmmu/Makefile.objs | 1 + softmmu/main.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++++ softmmu/vl.c | 36 +++++++++------------------------ 6 files changed, 69 insertions(+), 28 deletions(-) create mode 100644 softmmu/main.c diff --git a/MAINTAINERS b/MAINTAINERS index 6e26d2e..969329f 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -2032,6 +2032,7 @@ F: include/sysemu/runstate.h F: util/main-loop.c F: util/qemu-timer.c F: softmmu/vl.c +F: softmmu/main.c F: qapi/run-state.json Human Monitor (HMP) diff --git a/Makefile.target b/Makefile.target index 06c36d1..6f4dd72 100644 --- a/Makefile.target +++ b/Makefile.target @@ -203,7 +203,7 @@ endif COMMON_LDADDS = ../libqemuutil.a # build either PROG or PROGW -$(QEMU_PROG_BUILD): $(all-obj-y) $(COMMON_LDADDS) +$(QEMU_PROG_BUILD): $(all-obj-y) $(COMMON_LDADDS) $(softmmu-main-y) $(call LINK, $(filter-out %.mak, $^)) ifdef CONFIG_DARWIN $(call quiet-command,Rez -append $(SRC_PATH)/pc-bios/qemu.rsrc -o $@,"REZ","$(TARGET_DIR)$@") diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h index c0678c1..dec64fc 100644 --- a/include/sysemu/sysemu.h +++ b/include/sysemu/sysemu.h @@ -115,6 +115,10 @@ QemuOpts *qemu_get_machine_opts(void); bool defaults_enabled(void); +void qemu_init(int argc, char **argv, char **envp); +void qemu_main_loop(void); +void qemu_cleanup(void); + extern QemuOptsList qemu_legacy_drive_opts; extern QemuOptsList qemu_common_drive_opts; extern QemuOptsList qemu_drive_opts; diff --git a/softmmu/Makefile.objs b/softmmu/Makefile.objs index d80a5ff..dd15c24 100644 --- a/softmmu/Makefile.objs +++ b/softmmu/Makefile.objs @@ -1,2 +1,3 @@ +softmmu-main-y = softmmu/main.o obj-y += vl.o vl.o-cflags := $(GPROF_CFLAGS) $(SDL_CFLAGS) diff --git a/softmmu/main.c b/softmmu/main.c new file mode 100644 index 0000000..7adc530 --- /dev/null +++ b/softmmu/main.c @@ -0,0 +1,53 @@ +/* + * QEMU System Emulator + * + * Copyright (c) 2003-2020 Fabrice Bellard + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "qemu/osdep.h" +#include "qemu-common.h" +#include "sysemu/sysemu.h" + +#ifdef CONFIG_SDL +#if defined(__APPLE__) || defined(main) +#include +int main(int argc, char **argv) +{ + return qemu_main(argc, argv, NULL); +} +#undef main +#define main qemu_main +#endif +#endif /* CONFIG_SDL */ + +#ifdef CONFIG_COCOA +#undef main +#define main qemu_main +#endif /* CONFIG_COCOA */ + +int main(int argc, char **argv, char **envp) +{ + qemu_init(argc, argv, envp); + qemu_main_loop(); + qemu_cleanup(); + + return 0; +} diff --git a/softmmu/vl.c b/softmmu/vl.c index 794f2e5..080d3b5 100644 --- a/softmmu/vl.c +++ b/softmmu/vl.c @@ -36,25 +36,6 @@ #include "sysemu/seccomp.h" #include "sysemu/tcg.h" -#ifdef CONFIG_SDL -#if defined(__APPLE__) || defined(main) -#include -int qemu_main(int argc, char **argv, char **envp); -int main(int argc, char **argv) -{ - return qemu_main(argc, argv, NULL); -} -#undef main -#define main qemu_main -#endif -#endif /* CONFIG_SDL */ - -#ifdef CONFIG_COCOA -#undef main -#define main qemu_main -#endif /* CONFIG_COCOA */ - - #include "qemu/error-report.h" #include "qemu/sockets.h" #include "sysemu/accel.h" @@ -1670,7 +1651,7 @@ static bool main_loop_should_exit(void) return false; } -static void main_loop(void) +void qemu_main_loop(void) { #ifdef CONFIG_PROFILER int64_t ti; @@ -2805,7 +2786,7 @@ static void configure_accelerators(const char *progname) } } -int main(int argc, char **argv, char **envp) +void qemu_init(int argc, char **argv, char **envp) { int i; int snapshot, linux_boot; @@ -3357,7 +3338,7 @@ int main(int argc, char **argv, char **envp) case QEMU_OPTION_watchdog: if (watchdog) { error_report("only one watchdog option may be given"); - return 1; + exit(1); } watchdog = optarg; break; @@ -4269,7 +4250,7 @@ int main(int argc, char **argv, char **envp) parse_numa_opts(current_machine); /* do monitor/qmp handling at preconfig state if requested */ - main_loop(); + qemu_main_loop(); audio_init_audiodevs(); @@ -4387,7 +4368,7 @@ int main(int argc, char **argv, char **envp) if (vmstate_dump_file) { /* dump and exit */ dump_vmstate_json_to_file(vmstate_dump_file); - return 0; + exit(0); } if (incoming) { @@ -4404,8 +4385,11 @@ int main(int argc, char **argv, char **envp) accel_setup_post(current_machine); os_setup_post(); - main_loop(); + return; +} +void qemu_cleanup(void) +{ gdbserver_cleanup(); /* @@ -4442,6 +4426,4 @@ int main(int argc, char **argv, char **envp) qemu_chr_cleanup(); user_creatable_cleanup(); /* TODO: unref root container, check all devices are ok */ - - return 0; } -- cgit v1.1 From 46a07579ebb081493618bfa00ef8e241cd0dcc4f Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:10:59 -0500 Subject: module: check module wasn't already initialized MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The virtual-device fuzzer must initialize QOM, prior to running vl:qemu_init, so that it can use the qos_graph to identify the arguments required to initialize a guest for libqos-assisted fuzzing. This change prevents errors when vl:qemu_init tries to (re)initialize the previously initialized QOM module. Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny Reviewed-by: Philippe Mathieu-Daudé Message-id: 20200220041118.23264-4-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- util/module.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/util/module.c b/util/module.c index 8c5315a..236a7bb 100644 --- a/util/module.c +++ b/util/module.c @@ -30,6 +30,7 @@ typedef struct ModuleEntry typedef QTAILQ_HEAD(, ModuleEntry) ModuleTypeList; static ModuleTypeList init_type_list[MODULE_INIT_MAX]; +static bool modules_init_done[MODULE_INIT_MAX]; static ModuleTypeList dso_init_list; @@ -91,11 +92,17 @@ void module_call_init(module_init_type type) ModuleTypeList *l; ModuleEntry *e; + if (modules_init_done[type]) { + return; + } + l = find_type(type); QTAILQ_FOREACH(e, l, node) { e->init(); } + + modules_init_done[type] = true; } #ifdef CONFIG_MODULES -- cgit v1.1 From e785e50a5eb37e143bbe68b1693753b9bcfba005 Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:00 -0500 Subject: fuzz: add FUZZ_TARGET module type Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny Message-id: 20200220041118.23264-5-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- include/qemu/module.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/qemu/module.h b/include/qemu/module.h index 65ba596..684753d 100644 --- a/include/qemu/module.h +++ b/include/qemu/module.h @@ -46,6 +46,7 @@ typedef enum { MODULE_INIT_TRACE, MODULE_INIT_XEN_BACKEND, MODULE_INIT_LIBQOS, + MODULE_INIT_FUZZ_TARGET, MODULE_INIT_MAX } module_init_type; @@ -56,7 +57,8 @@ typedef enum { #define xen_backend_init(function) module_init(function, \ MODULE_INIT_XEN_BACKEND) #define libqos_init(function) module_init(function, MODULE_INIT_LIBQOS) - +#define fuzz_target_init(function) module_init(function, \ + MODULE_INIT_FUZZ_TARGET) #define block_module_load_one(lib) module_load_one("block-", lib) #define ui_module_load_one(lib) module_load_one("ui-", lib) #define audio_module_load_one(lib) module_load_one("audio-", lib) -- cgit v1.1 From e731d083e34b4dbebf0870c137df4405e4ae8319 Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:01 -0500 Subject: qtest: add qtest_server_send abstraction qtest_server_send is a function pointer specifying the handler used to transmit data to the qtest client. In the standard configuration, this calls the CharBackend handler, but now it is possible for other types of handlers, e.g direct-function calls if the qtest client and server exist within the same process (inproc) Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny Acked-by: Thomas Huth Message-id: 20200220041118.23264-6-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- include/sysemu/qtest.h | 3 +++ qtest.c | 18 ++++++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/include/sysemu/qtest.h b/include/sysemu/qtest.h index 5ed09c8..e2f1047 100644 --- a/include/sysemu/qtest.h +++ b/include/sysemu/qtest.h @@ -26,4 +26,7 @@ bool qtest_driver(void); void qtest_server_init(const char *qtest_chrdev, const char *qtest_log, Error **errp); +void qtest_server_set_send_handler(void (*send)(void *, const char *), + void *opaque); + #endif diff --git a/qtest.c b/qtest.c index 587dcbb..8a4ba59 100644 --- a/qtest.c +++ b/qtest.c @@ -43,6 +43,8 @@ static GString *inbuf; static int irq_levels[MAX_IRQ]; static qemu_timeval start_time; static bool qtest_opened; +static void (*qtest_server_send)(void*, const char*); +static void *qtest_server_send_opaque; #define FMT_timeval "%ld.%06ld" @@ -229,8 +231,10 @@ static void GCC_FMT_ATTR(1, 2) qtest_log_send(const char *fmt, ...) va_end(ap); } -static void do_qtest_send(CharBackend *chr, const char *str, size_t len) +static void qtest_server_char_be_send(void *opaque, const char *str) { + size_t len = strlen(str); + CharBackend* chr = (CharBackend *)opaque; qemu_chr_fe_write_all(chr, (uint8_t *)str, len); if (qtest_log_fp && qtest_opened) { fprintf(qtest_log_fp, "%s", str); @@ -239,7 +243,7 @@ static void do_qtest_send(CharBackend *chr, const char *str, size_t len) static void qtest_send(CharBackend *chr, const char *str) { - do_qtest_send(chr, str, strlen(str)); + qtest_server_send(qtest_server_send_opaque, str); } static void GCC_FMT_ATTR(2, 3) qtest_sendf(CharBackend *chr, @@ -784,6 +788,16 @@ void qtest_server_init(const char *qtest_chrdev, const char *qtest_log, Error ** qemu_chr_fe_set_echo(&qtest_chr, true); inbuf = g_string_new(""); + + if (!qtest_server_send) { + qtest_server_set_send_handler(qtest_server_char_be_send, &qtest_chr); + } +} + +void qtest_server_set_send_handler(void (*send)(void*, const char*), void *opaque) +{ + qtest_server_send = send; + qtest_server_send_opaque = opaque; } bool qtest_driver(void) -- cgit v1.1 From 075334810b3c795c7120eecaf18945befbb816c6 Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:02 -0500 Subject: libqtest: add a layer of abstraction to send/recv This makes it simple to swap the transport functions for qtest commands to and from the qtest client. For example, now it is possible to directly pass qtest commands to a server handler that exists within the same process, without the standard way of writing to a file descriptor. Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny Message-id: 20200220041118.23264-7-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- tests/qtest/libqtest.c | 48 +++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 9 deletions(-) diff --git a/tests/qtest/libqtest.c b/tests/qtest/libqtest.c index 76c9f8e..e5056a1 100644 --- a/tests/qtest/libqtest.c +++ b/tests/qtest/libqtest.c @@ -35,6 +35,15 @@ #define SOCKET_TIMEOUT 50 #define SOCKET_MAX_FDS 16 + +typedef void (*QTestSendFn)(QTestState *s, const char *buf); +typedef GString* (*QTestRecvFn)(QTestState *); + +typedef struct QTestClientTransportOps { + QTestSendFn send; /* for sending qtest commands */ + QTestRecvFn recv_line; /* for receiving qtest command responses */ +} QTestTransportOps; + struct QTestState { int fd; @@ -45,6 +54,7 @@ struct QTestState bool big_endian; bool irq_level[MAX_IRQ]; GString *rx; + QTestTransportOps ops; }; static GHookList abrt_hooks; @@ -52,6 +62,14 @@ static struct sigaction sigact_old; static int qtest_query_target_endianness(QTestState *s); +static void qtest_client_socket_send(QTestState*, const char *buf); +static void socket_send(int fd, const char *buf, size_t size); + +static GString *qtest_client_socket_recv_line(QTestState *); + +static void qtest_client_set_tx_handler(QTestState *s, QTestSendFn send); +static void qtest_client_set_rx_handler(QTestState *s, QTestRecvFn recv); + static int init_socket(const char *socket_path) { struct sockaddr_un addr; @@ -234,6 +252,9 @@ QTestState *qtest_init_without_qmp_handshake(const char *extra_args) sock = init_socket(socket_path); qmpsock = init_socket(qmp_socket_path); + qtest_client_set_rx_handler(s, qtest_client_socket_recv_line); + qtest_client_set_tx_handler(s, qtest_client_socket_send); + qtest_add_abrt_handler(kill_qemu_hook_func, s); command = g_strdup_printf("exec %s " @@ -379,13 +400,9 @@ static void socket_send(int fd, const char *buf, size_t size) } } -static void socket_sendf(int fd, const char *fmt, va_list ap) +static void qtest_client_socket_send(QTestState *s, const char *buf) { - gchar *str = g_strdup_vprintf(fmt, ap); - size_t size = strlen(str); - - socket_send(fd, str, size); - g_free(str); + socket_send(s->fd, buf, strlen(buf)); } static void GCC_FMT_ATTR(2, 3) qtest_sendf(QTestState *s, const char *fmt, ...) @@ -393,8 +410,11 @@ static void GCC_FMT_ATTR(2, 3) qtest_sendf(QTestState *s, const char *fmt, ...) va_list ap; va_start(ap, fmt); - socket_sendf(s->fd, fmt, ap); + gchar *str = g_strdup_vprintf(fmt, ap); va_end(ap); + + s->ops.send(s, str); + g_free(str); } /* Sends a message and file descriptors to the socket. @@ -431,7 +451,7 @@ static void socket_send_fds(int socket_fd, int *fds, size_t fds_num, g_assert_cmpint(ret, >, 0); } -static GString *qtest_recv_line(QTestState *s) +static GString *qtest_client_socket_recv_line(QTestState *s) { GString *line; size_t offset; @@ -468,7 +488,7 @@ static gchar **qtest_rsp(QTestState *s, int expected_args) int i; redo: - line = qtest_recv_line(s); + line = s->ops.recv_line(s); words = g_strsplit(line->str, " ", 0); g_string_free(line, TRUE); @@ -1337,3 +1357,13 @@ void qmp_assert_error_class(QDict *rsp, const char *class) qobject_unref(rsp); } + +static void qtest_client_set_tx_handler(QTestState *s, + QTestSendFn send) +{ + s->ops.send = send; +} +static void qtest_client_set_rx_handler(QTestState *s, QTestRecvFn recv) +{ + s->ops.recv_line = recv; +} -- cgit v1.1 From ca5d464151c72695a960d0f493f2fe7c083e468f Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:03 -0500 Subject: libqtest: make bufwrite rely on the TransportOps When using qtest "in-process" communication, qtest_sendf directly calls a function in the server (qtest.c). Previously, bufwrite used socket_send, which bypasses the TransportOps enabling the call into qtest.c. This change replaces the socket_send calls with ops->send, maintaining the benefits of the direct socket_send call, while adding support for in-process qtest calls. Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny Message-id: 20200220041118.23264-8-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- tests/qtest/libqtest.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++++-- tests/qtest/libqtest.h | 4 +++ 2 files changed, 73 insertions(+), 2 deletions(-) diff --git a/tests/qtest/libqtest.c b/tests/qtest/libqtest.c index e5056a1..49075b5 100644 --- a/tests/qtest/libqtest.c +++ b/tests/qtest/libqtest.c @@ -37,10 +37,18 @@ typedef void (*QTestSendFn)(QTestState *s, const char *buf); +typedef void (*ExternalSendFn)(void *s, const char *buf); typedef GString* (*QTestRecvFn)(QTestState *); typedef struct QTestClientTransportOps { QTestSendFn send; /* for sending qtest commands */ + + /* + * use external_send to send qtest command strings through functions which + * do not accept a QTestState as the first parameter. + */ + ExternalSendFn external_send; + QTestRecvFn recv_line; /* for receiving qtest command responses */ } QTestTransportOps; @@ -1078,8 +1086,8 @@ void qtest_bufwrite(QTestState *s, uint64_t addr, const void *data, size_t size) bdata = g_base64_encode(data, size); qtest_sendf(s, "b64write 0x%" PRIx64 " 0x%zx ", addr, size); - socket_send(s->fd, bdata, strlen(bdata)); - socket_send(s->fd, "\n", 1); + s->ops.send(s, bdata); + s->ops.send(s, "\n"); qtest_rsp(s, 0); g_free(bdata); } @@ -1367,3 +1375,62 @@ static void qtest_client_set_rx_handler(QTestState *s, QTestRecvFn recv) { s->ops.recv_line = recv; } +/* A type-safe wrapper for s->send() */ +static void send_wrapper(QTestState *s, const char *buf) +{ + s->ops.external_send(s, buf); +} + +static GString *qtest_client_inproc_recv_line(QTestState *s) +{ + GString *line; + size_t offset; + char *eol; + + eol = strchr(s->rx->str, '\n'); + offset = eol - s->rx->str; + line = g_string_new_len(s->rx->str, offset); + g_string_erase(s->rx, 0, offset + 1); + return line; +} + +QTestState *qtest_inproc_init(QTestState **s, bool log, const char* arch, + void (*send)(void*, const char*)) +{ + QTestState *qts; + qts = g_new0(QTestState, 1); + *s = qts; /* Expose qts early on, since the query endianness relies on it */ + qts->wstatus = 0; + for (int i = 0; i < MAX_IRQ; i++) { + qts->irq_level[i] = false; + } + + qtest_client_set_rx_handler(qts, qtest_client_inproc_recv_line); + + /* send() may not have a matching protoype, so use a type-safe wrapper */ + qts->ops.external_send = send; + qtest_client_set_tx_handler(qts, send_wrapper); + + qts->big_endian = qtest_query_target_endianness(qts); + + /* + * Set a dummy path for QTEST_QEMU_BINARY. Doesn't need to exist, but this + * way, qtest_get_arch works for inproc qtest. + */ + gchar *bin_path = g_strconcat("/qemu-system-", arch, NULL); + setenv("QTEST_QEMU_BINARY", bin_path, 0); + g_free(bin_path); + + return qts; +} + +void qtest_client_inproc_recv(void *opaque, const char *str) +{ + QTestState *qts = *(QTestState **)opaque; + + if (!qts->rx) { + qts->rx = g_string_new(NULL); + } + g_string_append(qts->rx, str); + return; +} diff --git a/tests/qtest/libqtest.h b/tests/qtest/libqtest.h index c9e21e0..f5cf93c 100644 --- a/tests/qtest/libqtest.h +++ b/tests/qtest/libqtest.h @@ -729,4 +729,8 @@ bool qtest_probe_child(QTestState *s); */ void qtest_set_expected_status(QTestState *s, int status); +QTestState *qtest_inproc_init(QTestState **s, bool log, const char* arch, + void (*send)(void*, const char*)); + +void qtest_client_inproc_recv(void *opaque, const char *str); #endif -- cgit v1.1 From 0bd9aef89ba941b41773d9dbfa94433c2b7d00de Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:04 -0500 Subject: qtest: add in-process incoming command handler The handler allows a qtest client to send commands to the server by directly calling a function, rather than using a file/CharBackend Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny Message-id: 20200220041118.23264-9-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- include/sysemu/qtest.h | 1 + qtest.c | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/include/sysemu/qtest.h b/include/sysemu/qtest.h index e2f1047..eedd366 100644 --- a/include/sysemu/qtest.h +++ b/include/sysemu/qtest.h @@ -28,5 +28,6 @@ void qtest_server_init(const char *qtest_chrdev, const char *qtest_log, Error ** void qtest_server_set_send_handler(void (*send)(void *, const char *), void *opaque); +void qtest_server_inproc_recv(void *opaque, const char *buf); #endif diff --git a/qtest.c b/qtest.c index 8a4ba59..43bb90f 100644 --- a/qtest.c +++ b/qtest.c @@ -804,3 +804,16 @@ bool qtest_driver(void) { return qtest_chr.chr != NULL; } + +void qtest_server_inproc_recv(void *dummy, const char *buf) +{ + static GString *gstr; + if (!gstr) { + gstr = g_string_new(NULL); + } + g_string_append(gstr, buf); + if (gstr->str[gstr->len - 1] == '\n') { + qtest_process_inbuf(NULL, gstr); + g_string_truncate(gstr, 0); + } +} -- cgit v1.1 From 39397a9a76eb02ad8a772f43446fdb3344093c35 Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:05 -0500 Subject: libqos: rename i2c_send and i2c_recv The names i2c_send and i2c_recv collide with functions defined in hw/i2c/core.c. This causes an error when linking against libqos and softmmu simultaneously (for example when using qtest inproc). Rename the libqos functions to avoid this. Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny Acked-by: Thomas Huth Message-id: 20200220041118.23264-10-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- tests/qtest/libqos/i2c.c | 10 +++++----- tests/qtest/libqos/i2c.h | 4 ++-- tests/qtest/pca9552-test.c | 10 +++++----- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/qtest/libqos/i2c.c b/tests/qtest/libqos/i2c.c index 156114e..38f800d 100644 --- a/tests/qtest/libqos/i2c.c +++ b/tests/qtest/libqos/i2c.c @@ -10,12 +10,12 @@ #include "libqos/i2c.h" #include "libqtest.h" -void i2c_send(QI2CDevice *i2cdev, const uint8_t *buf, uint16_t len) +void qi2c_send(QI2CDevice *i2cdev, const uint8_t *buf, uint16_t len) { i2cdev->bus->send(i2cdev->bus, i2cdev->addr, buf, len); } -void i2c_recv(QI2CDevice *i2cdev, uint8_t *buf, uint16_t len) +void qi2c_recv(QI2CDevice *i2cdev, uint8_t *buf, uint16_t len) { i2cdev->bus->recv(i2cdev->bus, i2cdev->addr, buf, len); } @@ -23,8 +23,8 @@ void i2c_recv(QI2CDevice *i2cdev, uint8_t *buf, uint16_t len) void i2c_read_block(QI2CDevice *i2cdev, uint8_t reg, uint8_t *buf, uint16_t len) { - i2c_send(i2cdev, ®, 1); - i2c_recv(i2cdev, buf, len); + qi2c_send(i2cdev, ®, 1); + qi2c_recv(i2cdev, buf, len); } void i2c_write_block(QI2CDevice *i2cdev, uint8_t reg, @@ -33,7 +33,7 @@ void i2c_write_block(QI2CDevice *i2cdev, uint8_t reg, uint8_t *cmd = g_malloc(len + 1); cmd[0] = reg; memcpy(&cmd[1], buf, len); - i2c_send(i2cdev, cmd, len + 1); + qi2c_send(i2cdev, cmd, len + 1); g_free(cmd); } diff --git a/tests/qtest/libqos/i2c.h b/tests/qtest/libqos/i2c.h index 945b65b..c65f087 100644 --- a/tests/qtest/libqos/i2c.h +++ b/tests/qtest/libqos/i2c.h @@ -47,8 +47,8 @@ struct QI2CDevice { void *i2c_device_create(void *i2c_bus, QGuestAllocator *alloc, void *addr); void add_qi2c_address(QOSGraphEdgeOptions *opts, QI2CAddress *addr); -void i2c_send(QI2CDevice *dev, const uint8_t *buf, uint16_t len); -void i2c_recv(QI2CDevice *dev, uint8_t *buf, uint16_t len); +void qi2c_send(QI2CDevice *dev, const uint8_t *buf, uint16_t len); +void qi2c_recv(QI2CDevice *dev, uint8_t *buf, uint16_t len); void i2c_read_block(QI2CDevice *dev, uint8_t reg, uint8_t *buf, uint16_t len); diff --git a/tests/qtest/pca9552-test.c b/tests/qtest/pca9552-test.c index 4b800d3..d80ed93 100644 --- a/tests/qtest/pca9552-test.c +++ b/tests/qtest/pca9552-test.c @@ -32,22 +32,22 @@ static void receive_autoinc(void *obj, void *data, QGuestAllocator *alloc) pca9552_init(i2cdev); - i2c_send(i2cdev, ®, 1); + qi2c_send(i2cdev, ®, 1); /* PCA9552_LS0 */ - i2c_recv(i2cdev, &resp, 1); + qi2c_recv(i2cdev, &resp, 1); g_assert_cmphex(resp, ==, 0x54); /* PCA9552_LS1 */ - i2c_recv(i2cdev, &resp, 1); + qi2c_recv(i2cdev, &resp, 1); g_assert_cmphex(resp, ==, 0x55); /* PCA9552_LS2 */ - i2c_recv(i2cdev, &resp, 1); + qi2c_recv(i2cdev, &resp, 1); g_assert_cmphex(resp, ==, 0x55); /* PCA9552_LS3 */ - i2c_recv(i2cdev, &resp, 1); + qi2c_recv(i2cdev, &resp, 1); g_assert_cmphex(resp, ==, 0x54); } -- cgit v1.1 From 92ecf9be906edfbde10f651b9165e51c600924fc Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:06 -0500 Subject: libqos: split qos-test and libqos makefile vars MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Most qos-related objects were specified in the qos-test-obj-y variable. qos-test-obj-y also included qos-test.o which defines a main(). This made it difficult to repurpose qos-test-obj-y to link anything beside tests/qos-test against libqos. This change separates objects that are libqos-specific and ones that are qos-test specific into different variables. Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny Reviewed-by: Stefan Hajnoczi Reviewed-by: Philippe Mathieu-Daudé Message-id: 20200220041118.23264-11-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- tests/qtest/Makefile.include | 71 ++++++++++++++++++++++---------------------- 1 file changed, 36 insertions(+), 35 deletions(-) diff --git a/tests/qtest/Makefile.include b/tests/qtest/Makefile.include index eb0f23b..838618e 100644 --- a/tests/qtest/Makefile.include +++ b/tests/qtest/Makefile.include @@ -157,52 +157,53 @@ check-qtest-s390x-y += migration-test # libqos / qgraph : libqgraph-obj-y = tests/qtest/libqos/qgraph.o -libqos-obj-y = $(libqgraph-obj-y) tests/qtest/libqos/pci.o tests/qtest/libqos/fw_cfg.o -libqos-obj-y += tests/qtest/libqos/malloc.o -libqos-obj-y += tests/qtest/libqos/libqos.o -libqos-spapr-obj-y = $(libqos-obj-y) tests/qtest/libqos/malloc-spapr.o +libqos-core-obj-y = $(libqgraph-obj-y) tests/qtest/libqos/pci.o tests/qtest/libqos/fw_cfg.o +libqos-core-obj-y += tests/qtest/libqos/malloc.o +libqos-core-obj-y += tests/qtest/libqos/libqos.o +libqos-spapr-obj-y = $(libqos-core-obj-y) tests/qtest/libqos/malloc-spapr.o libqos-spapr-obj-y += tests/qtest/libqos/libqos-spapr.o libqos-spapr-obj-y += tests/qtest/libqos/rtas.o libqos-spapr-obj-y += tests/qtest/libqos/pci-spapr.o -libqos-pc-obj-y = $(libqos-obj-y) tests/qtest/libqos/pci-pc.o +libqos-pc-obj-y = $(libqos-core-obj-y) tests/qtest/libqos/pci-pc.o libqos-pc-obj-y += tests/qtest/libqos/malloc-pc.o tests/qtest/libqos/libqos-pc.o libqos-pc-obj-y += tests/qtest/libqos/ahci.o libqos-usb-obj-y = $(libqos-spapr-obj-y) $(libqos-pc-obj-y) tests/qtest/libqos/usb.o # qos devices: -qos-test-obj-y = tests/qtest/qos-test.o $(libqgraph-obj-y) -qos-test-obj-y += $(libqos-pc-obj-y) $(libqos-spapr-obj-y) -qos-test-obj-y += tests/qtest/libqos/e1000e.o -qos-test-obj-y += tests/qtest/libqos/i2c.o -qos-test-obj-y += tests/qtest/libqos/i2c-imx.o -qos-test-obj-y += tests/qtest/libqos/i2c-omap.o -qos-test-obj-y += tests/qtest/libqos/sdhci.o -qos-test-obj-y += tests/qtest/libqos/tpci200.o -qos-test-obj-y += tests/qtest/libqos/virtio.o -qos-test-obj-$(CONFIG_VIRTFS) += tests/qtest/libqos/virtio-9p.o -qos-test-obj-y += tests/qtest/libqos/virtio-balloon.o -qos-test-obj-y += tests/qtest/libqos/virtio-blk.o -qos-test-obj-y += tests/qtest/libqos/virtio-mmio.o -qos-test-obj-y += tests/qtest/libqos/virtio-net.o -qos-test-obj-y += tests/qtest/libqos/virtio-pci.o -qos-test-obj-y += tests/qtest/libqos/virtio-pci-modern.o -qos-test-obj-y += tests/qtest/libqos/virtio-rng.o -qos-test-obj-y += tests/qtest/libqos/virtio-scsi.o -qos-test-obj-y += tests/qtest/libqos/virtio-serial.o +libqos-obj-y = $(libqgraph-obj-y) +libqos-obj-y += $(libqos-pc-obj-y) $(libqos-spapr-obj-y) +libqos-obj-y += tests/qtest/libqos/e1000e.o +libqos-obj-y += tests/qtest/libqos/i2c.o +libqos-obj-y += tests/qtest/libqos/i2c-imx.o +libqos-obj-y += tests/qtest/libqos/i2c-omap.o +libqos-obj-y += tests/qtest/libqos/sdhci.o +libqos-obj-y += tests/qtest/libqos/tpci200.o +libqos-obj-y += tests/qtest/libqos/virtio.o +libqos-obj-$(CONFIG_VIRTFS) += tests/qtest/libqos/virtio-9p.o +libqos-obj-y += tests/qtest/libqos/virtio-balloon.o +libqos-obj-y += tests/qtest/libqos/virtio-blk.o +libqos-obj-y += tests/qtest/libqos/virtio-mmio.o +libqos-obj-y += tests/qtest/libqos/virtio-net.o +libqos-obj-y += tests/qtest/libqos/virtio-pci.o +libqos-obj-y += tests/qtest/libqos/virtio-pci-modern.o +libqos-obj-y += tests/qtest/libqos/virtio-rng.o +libqos-obj-y += tests/qtest/libqos/virtio-scsi.o +libqos-obj-y += tests/qtest/libqos/virtio-serial.o # qos machines: -qos-test-obj-y += tests/qtest/libqos/aarch64-xlnx-zcu102-machine.o -qos-test-obj-y += tests/qtest/libqos/arm-imx25-pdk-machine.o -qos-test-obj-y += tests/qtest/libqos/arm-n800-machine.o -qos-test-obj-y += tests/qtest/libqos/arm-raspi2-machine.o -qos-test-obj-y += tests/qtest/libqos/arm-sabrelite-machine.o -qos-test-obj-y += tests/qtest/libqos/arm-smdkc210-machine.o -qos-test-obj-y += tests/qtest/libqos/arm-virt-machine.o -qos-test-obj-y += tests/qtest/libqos/arm-xilinx-zynq-a9-machine.o -qos-test-obj-y += tests/qtest/libqos/ppc64_pseries-machine.o -qos-test-obj-y += tests/qtest/libqos/x86_64_pc-machine.o +libqos-obj-y += tests/qtest/libqos/aarch64-xlnx-zcu102-machine.o +libqos-obj-y += tests/qtest/libqos/arm-imx25-pdk-machine.o +libqos-obj-y += tests/qtest/libqos/arm-n800-machine.o +libqos-obj-y += tests/qtest/libqos/arm-raspi2-machine.o +libqos-obj-y += tests/qtest/libqos/arm-sabrelite-machine.o +libqos-obj-y += tests/qtest/libqos/arm-smdkc210-machine.o +libqos-obj-y += tests/qtest/libqos/arm-virt-machine.o +libqos-obj-y += tests/qtest/libqos/arm-xilinx-zynq-a9-machine.o +libqos-obj-y += tests/qtest/libqos/ppc64_pseries-machine.o +libqos-obj-y += tests/qtest/libqos/x86_64_pc-machine.o # qos tests: +qos-test-obj-y += tests/qtest/qos-test.o qos-test-obj-y += tests/qtest/ac97-test.o qos-test-obj-y += tests/qtest/ds1338-test.o qos-test-obj-y += tests/qtest/e1000-test.o @@ -234,7 +235,7 @@ check-unit-y += tests/test-qgraph$(EXESUF) tests/test-qgraph$(EXESUF): tests/test-qgraph.o $(libqgraph-obj-y) check-qtest-generic-y += qos-test -tests/qtest/qos-test$(EXESUF): $(qos-test-obj-y) +tests/qtest/qos-test$(EXESUF): $(qos-test-obj-y) $(libqos-obj-y) # QTest dependencies: tests/qtest/qmp-test$(EXESUF): tests/qtest/qmp-test.o -- cgit v1.1 From f62a0bff6a5266e7d434de2e1b01fb1f925a9796 Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:07 -0500 Subject: libqos: move useful qos-test funcs to qos_external MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The moved functions are not specific to qos-test and might be useful elsewhere. For example the virtual-device fuzzer makes use of them for qos-assisted fuzz-targets. Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Darren Kenny Message-id: 20200220041118.23264-12-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- tests/qtest/Makefile.include | 1 + tests/qtest/libqos/qos_external.c | 168 ++++++++++++++++++++++++++++++++++++++ tests/qtest/libqos/qos_external.h | 28 +++++++ tests/qtest/qos-test.c | 132 +----------------------------- 4 files changed, 198 insertions(+), 131 deletions(-) create mode 100644 tests/qtest/libqos/qos_external.c create mode 100644 tests/qtest/libqos/qos_external.h diff --git a/tests/qtest/Makefile.include b/tests/qtest/Makefile.include index 838618e..e769c1a 100644 --- a/tests/qtest/Makefile.include +++ b/tests/qtest/Makefile.include @@ -172,6 +172,7 @@ libqos-usb-obj-y = $(libqos-spapr-obj-y) $(libqos-pc-obj-y) tests/qtest/libqos/u # qos devices: libqos-obj-y = $(libqgraph-obj-y) libqos-obj-y += $(libqos-pc-obj-y) $(libqos-spapr-obj-y) +libqos-obj-y += tests/qtest/libqos/qos_external.o libqos-obj-y += tests/qtest/libqos/e1000e.o libqos-obj-y += tests/qtest/libqos/i2c.o libqos-obj-y += tests/qtest/libqos/i2c-imx.o diff --git a/tests/qtest/libqos/qos_external.c b/tests/qtest/libqos/qos_external.c new file mode 100644 index 0000000..398556d --- /dev/null +++ b/tests/qtest/libqos/qos_external.c @@ -0,0 +1,168 @@ +/* + * libqos driver framework + * + * Copyright (c) 2018 Emanuele Giuseppe Esposito + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License version 2 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see + */ + +#include "qemu/osdep.h" +#include +#include "libqtest.h" +#include "qapi/qmp/qdict.h" +#include "qapi/qmp/qbool.h" +#include "qapi/qmp/qstring.h" +#include "qemu/module.h" +#include "qapi/qmp/qlist.h" +#include "libqos/malloc.h" +#include "libqos/qgraph.h" +#include "libqos/qgraph_internal.h" +#include "libqos/qos_external.h" + + + +void apply_to_node(const char *name, bool is_machine, bool is_abstract) +{ + char *machine_name = NULL; + if (is_machine) { + const char *arch = qtest_get_arch(); + machine_name = g_strconcat(arch, "/", name, NULL); + name = machine_name; + } + qos_graph_node_set_availability(name, true); + if (is_abstract) { + qos_delete_cmd_line(name); + } + g_free(machine_name); +} + +/** + * apply_to_qlist(): using QMP queries QEMU for a list of + * machines and devices available, and sets the respective node + * as true. If a node is found, also all its produced and contained + * child are marked available. + * + * See qos_graph_node_set_availability() for more info + */ +void apply_to_qlist(QList *list, bool is_machine) +{ + const QListEntry *p; + const char *name; + bool abstract; + QDict *minfo; + QObject *qobj; + QString *qstr; + QBool *qbool; + + for (p = qlist_first(list); p; p = qlist_next(p)) { + minfo = qobject_to(QDict, qlist_entry_obj(p)); + qobj = qdict_get(minfo, "name"); + qstr = qobject_to(QString, qobj); + name = qstring_get_str(qstr); + + qobj = qdict_get(minfo, "abstract"); + if (qobj) { + qbool = qobject_to(QBool, qobj); + abstract = qbool_get_bool(qbool); + } else { + abstract = false; + } + + apply_to_node(name, is_machine, abstract); + qobj = qdict_get(minfo, "alias"); + if (qobj) { + qstr = qobject_to(QString, qobj); + name = qstring_get_str(qstr); + apply_to_node(name, is_machine, abstract); + } + } +} + +QGuestAllocator *get_machine_allocator(QOSGraphObject *obj) +{ + return obj->get_driver(obj, "memory"); +} + +/** + * allocate_objects(): given an array of nodes @arg, + * walks the path invoking all constructors and + * passing the corresponding parameter in order to + * continue the objects allocation. + * Once the test is reached, return the object it consumes. + * + * Since the machine and QEDGE_CONSUMED_BY nodes allocate + * memory in the constructor, g_test_queue_destroy is used so + * that after execution they can be safely free'd. (The test's + * ->before callback is also welcome to use g_test_queue_destroy). + * + * Note: as specified in walk_path() too, @arg is an array of + * char *, where arg[0] is a pointer to the command line + * string that will be used to properly start QEMU when executing + * the test, and the remaining elements represent the actual objects + * that will be allocated. + */ +void *allocate_objects(QTestState *qts, char **path, QGuestAllocator **p_alloc) +{ + int current = 0; + QGuestAllocator *alloc; + QOSGraphObject *parent = NULL; + QOSGraphEdge *edge; + QOSGraphNode *node; + void *edge_arg; + void *obj; + + node = qos_graph_get_node(path[current]); + g_assert(node->type == QNODE_MACHINE); + + obj = qos_machine_new(node, qts); + qos_object_queue_destroy(obj); + + alloc = get_machine_allocator(obj); + if (p_alloc) { + *p_alloc = alloc; + } + + for (;;) { + if (node->type != QNODE_INTERFACE) { + qos_object_start_hw(obj); + parent = obj; + } + + /* follow edge and get object for next node constructor */ + current++; + edge = qos_graph_get_edge(path[current - 1], path[current]); + node = qos_graph_get_node(path[current]); + + if (node->type == QNODE_TEST) { + g_assert(qos_graph_edge_get_type(edge) == QEDGE_CONSUMED_BY); + return obj; + } + + switch (qos_graph_edge_get_type(edge)) { + case QEDGE_PRODUCES: + obj = parent->get_driver(parent, path[current]); + break; + + case QEDGE_CONSUMED_BY: + edge_arg = qos_graph_edge_get_arg(edge); + obj = qos_driver_new(node, obj, alloc, edge_arg); + qos_object_queue_destroy(obj); + break; + + case QEDGE_CONTAINS: + obj = parent->get_device(parent, path[current]); + break; + } + } +} + diff --git a/tests/qtest/libqos/qos_external.h b/tests/qtest/libqos/qos_external.h new file mode 100644 index 0000000..7b44930 --- /dev/null +++ b/tests/qtest/libqos/qos_external.h @@ -0,0 +1,28 @@ +/* + * libqos driver framework + * + * Copyright (c) 2018 Emanuele Giuseppe Esposito + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License version 2 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see + */ + +#ifndef QOS_EXTERNAL_H +#define QOS_EXTERNAL_H +#include "libqos/qgraph.h" + +void apply_to_node(const char *name, bool is_machine, bool is_abstract); +void apply_to_qlist(QList *list, bool is_machine); +QGuestAllocator *get_machine_allocator(QOSGraphObject *obj); +void *allocate_objects(QTestState *qts, char **path, QGuestAllocator **p_alloc); + +#endif diff --git a/tests/qtest/qos-test.c b/tests/qtest/qos-test.c index fd70d73..ad193f4 100644 --- a/tests/qtest/qos-test.c +++ b/tests/qtest/qos-test.c @@ -27,65 +27,11 @@ #include "libqos/malloc.h" #include "libqos/qgraph.h" #include "libqos/qgraph_internal.h" +#include "libqos/qos_external.h" static char *old_path; -static void apply_to_node(const char *name, bool is_machine, bool is_abstract) -{ - char *machine_name = NULL; - if (is_machine) { - const char *arch = qtest_get_arch(); - machine_name = g_strconcat(arch, "/", name, NULL); - name = machine_name; - } - qos_graph_node_set_availability(name, true); - if (is_abstract) { - qos_delete_cmd_line(name); - } - g_free(machine_name); -} -/** - * apply_to_qlist(): using QMP queries QEMU for a list of - * machines and devices available, and sets the respective node - * as true. If a node is found, also all its produced and contained - * child are marked available. - * - * See qos_graph_node_set_availability() for more info - */ -static void apply_to_qlist(QList *list, bool is_machine) -{ - const QListEntry *p; - const char *name; - bool abstract; - QDict *minfo; - QObject *qobj; - QString *qstr; - QBool *qbool; - - for (p = qlist_first(list); p; p = qlist_next(p)) { - minfo = qobject_to(QDict, qlist_entry_obj(p)); - qobj = qdict_get(minfo, "name"); - qstr = qobject_to(QString, qobj); - name = qstring_get_str(qstr); - - qobj = qdict_get(minfo, "abstract"); - if (qobj) { - qbool = qobject_to(QBool, qobj); - abstract = qbool_get_bool(qbool); - } else { - abstract = false; - } - - apply_to_node(name, is_machine, abstract); - qobj = qdict_get(minfo, "alias"); - if (qobj) { - qstr = qobject_to(QString, qobj); - name = qstring_get_str(qstr); - apply_to_node(name, is_machine, abstract); - } - } -} /** * qos_set_machines_devices_available(): sets availability of qgraph @@ -129,10 +75,6 @@ static void qos_set_machines_devices_available(void) qobject_unref(response); } -static QGuestAllocator *get_machine_allocator(QOSGraphObject *obj) -{ - return obj->get_driver(obj, "memory"); -} static void restart_qemu_or_continue(char *path) { @@ -159,78 +101,6 @@ void qos_invalidate_command_line(void) old_path = NULL; } -/** - * allocate_objects(): given an array of nodes @arg, - * walks the path invoking all constructors and - * passing the corresponding parameter in order to - * continue the objects allocation. - * Once the test is reached, return the object it consumes. - * - * Since the machine and QEDGE_CONSUMED_BY nodes allocate - * memory in the constructor, g_test_queue_destroy is used so - * that after execution they can be safely free'd. (The test's - * ->before callback is also welcome to use g_test_queue_destroy). - * - * Note: as specified in walk_path() too, @arg is an array of - * char *, where arg[0] is a pointer to the command line - * string that will be used to properly start QEMU when executing - * the test, and the remaining elements represent the actual objects - * that will be allocated. - */ -static void *allocate_objects(QTestState *qts, char **path, QGuestAllocator **p_alloc) -{ - int current = 0; - QGuestAllocator *alloc; - QOSGraphObject *parent = NULL; - QOSGraphEdge *edge; - QOSGraphNode *node; - void *edge_arg; - void *obj; - - node = qos_graph_get_node(path[current]); - g_assert(node->type == QNODE_MACHINE); - - obj = qos_machine_new(node, qts); - qos_object_queue_destroy(obj); - - alloc = get_machine_allocator(obj); - if (p_alloc) { - *p_alloc = alloc; - } - - for (;;) { - if (node->type != QNODE_INTERFACE) { - qos_object_start_hw(obj); - parent = obj; - } - - /* follow edge and get object for next node constructor */ - current++; - edge = qos_graph_get_edge(path[current - 1], path[current]); - node = qos_graph_get_node(path[current]); - - if (node->type == QNODE_TEST) { - g_assert(qos_graph_edge_get_type(edge) == QEDGE_CONSUMED_BY); - return obj; - } - - switch (qos_graph_edge_get_type(edge)) { - case QEDGE_PRODUCES: - obj = parent->get_driver(parent, path[current]); - break; - - case QEDGE_CONSUMED_BY: - edge_arg = qos_graph_edge_get_arg(edge); - obj = qos_driver_new(node, obj, alloc, edge_arg); - qos_object_queue_destroy(obj); - break; - - case QEDGE_CONTAINS: - obj = parent->get_device(parent, path[current]); - break; - } - } -} /* The argument to run_one_test, which is the test function that is registered * with GTest, is a vector of strings. The first item is the initial command -- cgit v1.1 From 5f6fd09a9729d31225b6eaec5df05d19a5bdfda4 Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:08 -0500 Subject: fuzz: add fuzzer skeleton tests/fuzz/fuzz.c serves as the entry point for the virtual-device fuzzer. Namely, libfuzzer invokes the LLVMFuzzerInitialize and LLVMFuzzerTestOneInput functions, both of which are defined in this file. This change adds a "FuzzTarget" struct, along with the fuzz_add_target function, which should be used to define new fuzz targets. Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny Message-id: 20200220041118.23264-13-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- MAINTAINERS | 8 ++ tests/qtest/fuzz/Makefile.include | 6 ++ tests/qtest/fuzz/fuzz.c | 179 ++++++++++++++++++++++++++++++++++++++ tests/qtest/fuzz/fuzz.h | 95 ++++++++++++++++++++ 4 files changed, 288 insertions(+) create mode 100644 tests/qtest/fuzz/Makefile.include create mode 100644 tests/qtest/fuzz/fuzz.c create mode 100644 tests/qtest/fuzz/fuzz.h diff --git a/MAINTAINERS b/MAINTAINERS index 969329f..195dd58 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -2184,6 +2184,14 @@ F: qtest.c F: accel/qtest.c F: tests/qtest/ +Device Fuzzing +M: Alexander Bulekov +R: Paolo Bonzini +R: Bandan Das +R: Stefan Hajnoczi +S: Maintained +F: tests/qtest/fuzz/ + Register API M: Alistair Francis S: Maintained diff --git a/tests/qtest/fuzz/Makefile.include b/tests/qtest/fuzz/Makefile.include new file mode 100644 index 0000000..8632bb8 --- /dev/null +++ b/tests/qtest/fuzz/Makefile.include @@ -0,0 +1,6 @@ +QEMU_PROG_FUZZ=qemu-fuzz-$(TARGET_NAME)$(EXESUF) + +fuzz-obj-y += tests/qtest/libqtest.o +fuzz-obj-y += tests/qtest/fuzz/fuzz.o # Fuzzer skeleton + +FUZZ_CFLAGS += -I$(SRC_PATH)/tests -I$(SRC_PATH)/tests/qtest diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c new file mode 100644 index 0000000..0d78ac8 --- /dev/null +++ b/tests/qtest/fuzz/fuzz.c @@ -0,0 +1,179 @@ +/* + * fuzzing driver + * + * Copyright Red Hat Inc., 2019 + * + * Authors: + * Alexander Bulekov + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + * + */ + +#include "qemu/osdep.h" + +#include + +#include "sysemu/qtest.h" +#include "sysemu/runstate.h" +#include "sysemu/sysemu.h" +#include "qemu/main-loop.h" +#include "tests/qtest/libqtest.h" +#include "tests/qtest/libqos/qgraph.h" +#include "fuzz.h" + +#define MAX_EVENT_LOOPS 10 + +typedef struct FuzzTargetState { + FuzzTarget *target; + QSLIST_ENTRY(FuzzTargetState) target_list; +} FuzzTargetState; + +typedef QSLIST_HEAD(, FuzzTargetState) FuzzTargetList; + +static const char *fuzz_arch = TARGET_NAME; + +static FuzzTargetList *fuzz_target_list; +static FuzzTarget *fuzz_target; +static QTestState *fuzz_qts; + + + +void flush_events(QTestState *s) +{ + int i = MAX_EVENT_LOOPS; + while (g_main_context_pending(NULL) && i-- > 0) { + main_loop_wait(false); + } +} + +static QTestState *qtest_setup(void) +{ + qtest_server_set_send_handler(&qtest_client_inproc_recv, &fuzz_qts); + return qtest_inproc_init(&fuzz_qts, false, fuzz_arch, + &qtest_server_inproc_recv); +} + +void fuzz_add_target(const FuzzTarget *target) +{ + FuzzTargetState *tmp; + FuzzTargetState *target_state; + if (!fuzz_target_list) { + fuzz_target_list = g_new0(FuzzTargetList, 1); + } + + QSLIST_FOREACH(tmp, fuzz_target_list, target_list) { + if (g_strcmp0(tmp->target->name, target->name) == 0) { + fprintf(stderr, "Error: Fuzz target name %s already in use\n", + target->name); + abort(); + } + } + target_state = g_new0(FuzzTargetState, 1); + target_state->target = g_new0(FuzzTarget, 1); + *(target_state->target) = *target; + QSLIST_INSERT_HEAD(fuzz_target_list, target_state, target_list); +} + + + +static void usage(char *path) +{ + printf("Usage: %s --fuzz-target=FUZZ_TARGET [LIBFUZZER ARGUMENTS]\n", path); + printf("where FUZZ_TARGET is one of:\n"); + FuzzTargetState *tmp; + if (!fuzz_target_list) { + fprintf(stderr, "Fuzz target list not initialized\n"); + abort(); + } + QSLIST_FOREACH(tmp, fuzz_target_list, target_list) { + printf(" * %s : %s\n", tmp->target->name, + tmp->target->description); + } + exit(0); +} + +static FuzzTarget *fuzz_get_target(char* name) +{ + FuzzTargetState *tmp; + if (!fuzz_target_list) { + fprintf(stderr, "Fuzz target list not initialized\n"); + abort(); + } + + QSLIST_FOREACH(tmp, fuzz_target_list, target_list) { + if (strcmp(tmp->target->name, name) == 0) { + return tmp->target; + } + } + return NULL; +} + + +/* Executed for each fuzzing-input */ +int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size) +{ + /* + * Do the pre-fuzz-initialization before the first fuzzing iteration, + * instead of before the actual fuzz loop. This is needed since libfuzzer + * may fork off additional workers, prior to the fuzzing loop, and if + * pre_fuzz() sets up e.g. shared memory, this should be done for the + * individual worker processes + */ + static int pre_fuzz_done; + if (!pre_fuzz_done && fuzz_target->pre_fuzz) { + fuzz_target->pre_fuzz(fuzz_qts); + pre_fuzz_done = true; + } + + fuzz_target->fuzz(fuzz_qts, Data, Size); + return 0; +} + +/* Executed once, prior to fuzzing */ +int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) +{ + + char *target_name; + + /* Initialize qgraph and modules */ + qos_graph_init(); + module_call_init(MODULE_INIT_FUZZ_TARGET); + module_call_init(MODULE_INIT_QOM); + module_call_init(MODULE_INIT_LIBQOS); + + if (*argc <= 1) { + usage(**argv); + } + + /* Identify the fuzz target */ + target_name = (*argv)[1]; + if (!strstr(target_name, "--fuzz-target=")) { + usage(**argv); + } + + target_name += strlen("--fuzz-target="); + + fuzz_target = fuzz_get_target(target_name); + if (!fuzz_target) { + usage(**argv); + } + + fuzz_qts = qtest_setup(); + + if (fuzz_target->pre_vm_init) { + fuzz_target->pre_vm_init(); + } + + /* Run QEMU's softmmu main with the fuzz-target dependent arguments */ + const char *init_cmdline = fuzz_target->get_init_cmdline(fuzz_target); + + /* Split the runcmd into an argv and argc */ + wordexp_t result; + wordexp(init_cmdline, &result, 0); + + qemu_init(result.we_wordc, result.we_wordv, NULL); + + return 0; +} diff --git a/tests/qtest/fuzz/fuzz.h b/tests/qtest/fuzz/fuzz.h new file mode 100644 index 0000000..03901d4 --- /dev/null +++ b/tests/qtest/fuzz/fuzz.h @@ -0,0 +1,95 @@ +/* + * fuzzing driver + * + * Copyright Red Hat Inc., 2019 + * + * Authors: + * Alexander Bulekov + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + * + */ + +#ifndef FUZZER_H_ +#define FUZZER_H_ + +#include "qemu/osdep.h" +#include "qemu/units.h" +#include "qapi/error.h" + +#include "tests/qtest/libqtest.h" + +/** + * A libfuzzer fuzzing target + * + * The QEMU fuzzing binary is built with all available targets, each + * with a unique @name that can be specified on the command-line to + * select which target should run. + * + * A target must implement ->fuzz() to process a random input. If QEMU + * crashes in ->fuzz() then libfuzzer will record a failure. + * + * Fuzzing targets are registered with fuzz_add_target(): + * + * static const FuzzTarget fuzz_target = { + * .name = "my-device-fifo", + * .description = "Fuzz the FIFO buffer registers of my-device", + * ... + * }; + * + * static void register_fuzz_target(void) + * { + * fuzz_add_target(&fuzz_target); + * } + * fuzz_target_init(register_fuzz_target); + */ +typedef struct FuzzTarget { + const char *name; /* target identifier (passed to --fuzz-target=)*/ + const char *description; /* help text */ + + + /* + * returns the arg-list that is passed to qemu/softmmu init() + * Cannot be NULL + */ + const char* (*get_init_cmdline)(struct FuzzTarget *); + + /* + * will run once, prior to running qemu/softmmu init. + * eg: set up shared-memory for communication with the child-process + * Can be NULL + */ + void(*pre_vm_init)(void); + + /* + * will run once, after QEMU has been initialized, prior to the fuzz-loop. + * eg: detect the memory map + * Can be NULL + */ + void(*pre_fuzz)(QTestState *); + + /* + * accepts and executes an input from libfuzzer. this is repeatedly + * executed during the fuzzing loop. Its should handle setup, input + * execution and cleanup. + * Cannot be NULL + */ + void(*fuzz)(QTestState *, const unsigned char *, size_t); + +} FuzzTarget; + +void flush_events(QTestState *); +void reboot(QTestState *); + +/* + * makes a copy of *target and adds it to the target-list. + * i.e. fine to set up target on the caller's stack + */ +void fuzz_add_target(const FuzzTarget *target); + +int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size); +int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp); + +#endif + -- cgit v1.1 From a028edeaa6f1c154f06e16440e46b0f876a64077 Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:09 -0500 Subject: exec: keep ram block across fork when using qtest Ram blocks were marked MADV_DONTFORK breaking fuzzing-tests which execute each test-input in a forked process. Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny Message-id: 20200220041118.23264-14-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- exec.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/exec.c b/exec.c index 8e9cc3b..c930040 100644 --- a/exec.c +++ b/exec.c @@ -35,6 +35,7 @@ #include "sysemu/kvm.h" #include "sysemu/sysemu.h" #include "sysemu/tcg.h" +#include "sysemu/qtest.h" #include "qemu/timer.h" #include "qemu/config-file.h" #include "qemu/error-report.h" @@ -2305,8 +2306,15 @@ static void ram_block_add(RAMBlock *new_block, Error **errp, bool shared) if (new_block->host) { qemu_ram_setup_dump(new_block->host, new_block->max_length); qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE); - /* MADV_DONTFORK is also needed by KVM in absence of synchronous MMU */ - qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK); + /* + * MADV_DONTFORK is also needed by KVM in absence of synchronous MMU + * Configure it unless the machine is a qtest server, in which case + * KVM is not used and it may be forked (eg for fuzzing purposes). + */ + if (!qtest_enabled()) { + qemu_madvise(new_block->host, new_block->max_length, + QEMU_MADV_DONTFORK); + } ram_block_notify_add(new_block->host, new_block->max_length); } } -- cgit v1.1 From d6919e4cb65230b0c8081eb072893d4e8a191a59 Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:10 -0500 Subject: main: keep rcu_atfork callback enabled for qtest The qtest-based fuzzer makes use of forking to reset-state between tests. Keep the callback enabled, so the call_rcu thread gets created within the child process. Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny Acked-by: Stefan Hajnoczi Message-id: 20200220041118.23264-15-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- softmmu/vl.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/softmmu/vl.c b/softmmu/vl.c index 080d3b5..92c7b3a 100644 --- a/softmmu/vl.c +++ b/softmmu/vl.c @@ -3782,7 +3782,17 @@ void qemu_init(int argc, char **argv, char **envp) set_memory_options(&ram_slots, &maxram_size, machine_class); os_daemonize(); - rcu_disable_atfork(); + + /* + * If QTest is enabled, keep the rcu_atfork enabled, since system processes + * may be forked testing purposes (e.g. fork-server based fuzzing) The fork + * should happen before a signle cpu instruction is executed, to prevent + * deadlocks. See commit 73c6e40, rcu: "completely disable pthread_atfork + * callbacks as soon as possible" + */ + if (!qtest_enabled()) { + rcu_disable_atfork(); + } if (pid_file && !qemu_write_pidfile(pid_file, &err)) { error_reportf_err(err, "cannot create PID file: "); -- cgit v1.1 From cb06fdad05f3e546a4e20f1f3c0127f9ae53de1a Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:11 -0500 Subject: fuzz: support for fork-based fuzzing. fork() is a simple way to ensure that state does not leak in between fuzzing runs. Unfortunately, the fuzzer mutation engine relies on bitmaps which contain coverage information for each fuzzing run, and these bitmaps should be copied from the child to the parent(where the mutation occurs). These bitmaps are created through compile-time instrumentation and they are not shared with fork()-ed processes, by default. To address this, we create a shared memory region, adjust its size and map it _over_ the counter region. Furthermore, libfuzzer doesn't generally expose the globals that specify the location of the counters/coverage bitmap. As a workaround, we rely on a custom linker script which forces all of the bitmaps we care about to be placed in a contiguous region, which is easy to locate and mmap over. Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny Message-id: 20200220041118.23264-16-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- tests/qtest/fuzz/Makefile.include | 5 ++++ tests/qtest/fuzz/fork_fuzz.c | 55 +++++++++++++++++++++++++++++++++++++++ tests/qtest/fuzz/fork_fuzz.h | 23 ++++++++++++++++ tests/qtest/fuzz/fork_fuzz.ld | 37 ++++++++++++++++++++++++++ 4 files changed, 120 insertions(+) create mode 100644 tests/qtest/fuzz/fork_fuzz.c create mode 100644 tests/qtest/fuzz/fork_fuzz.h create mode 100644 tests/qtest/fuzz/fork_fuzz.ld diff --git a/tests/qtest/fuzz/Makefile.include b/tests/qtest/fuzz/Makefile.include index 8632bb8..a90915d 100644 --- a/tests/qtest/fuzz/Makefile.include +++ b/tests/qtest/fuzz/Makefile.include @@ -2,5 +2,10 @@ QEMU_PROG_FUZZ=qemu-fuzz-$(TARGET_NAME)$(EXESUF) fuzz-obj-y += tests/qtest/libqtest.o fuzz-obj-y += tests/qtest/fuzz/fuzz.o # Fuzzer skeleton +fuzz-obj-y += tests/qtest/fuzz/fork_fuzz.o FUZZ_CFLAGS += -I$(SRC_PATH)/tests -I$(SRC_PATH)/tests/qtest + +# Linker Script to force coverage-counters into known regions which we can mark +# shared +FUZZ_LDFLAGS += -Xlinker -T$(SRC_PATH)/tests/qtest/fuzz/fork_fuzz.ld diff --git a/tests/qtest/fuzz/fork_fuzz.c b/tests/qtest/fuzz/fork_fuzz.c new file mode 100644 index 0000000..2bd0851 --- /dev/null +++ b/tests/qtest/fuzz/fork_fuzz.c @@ -0,0 +1,55 @@ +/* + * Fork-based fuzzing helpers + * + * Copyright Red Hat Inc., 2019 + * + * Authors: + * Alexander Bulekov + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + * + */ + +#include "qemu/osdep.h" +#include "fork_fuzz.h" + + +void counter_shm_init(void) +{ + char *shm_path = g_strdup_printf("/qemu-fuzz-cntrs.%d", getpid()); + int fd = shm_open(shm_path, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR); + g_free(shm_path); + + if (fd == -1) { + perror("Error: "); + exit(1); + } + if (ftruncate(fd, &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START) == -1) { + perror("Error: "); + exit(1); + } + /* Copy what's in the counter region to the shm.. */ + void *rptr = mmap(NULL , + &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START, + PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); + memcpy(rptr, + &__FUZZ_COUNTERS_START, + &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START); + + munmap(rptr, &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START); + + /* And map the shm over the counter region */ + rptr = mmap(&__FUZZ_COUNTERS_START, + &__FUZZ_COUNTERS_END - &__FUZZ_COUNTERS_START, + PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, fd, 0); + + close(fd); + + if (!rptr) { + perror("Error: "); + exit(1); + } +} + + diff --git a/tests/qtest/fuzz/fork_fuzz.h b/tests/qtest/fuzz/fork_fuzz.h new file mode 100644 index 0000000..9ecb8b5 --- /dev/null +++ b/tests/qtest/fuzz/fork_fuzz.h @@ -0,0 +1,23 @@ +/* + * Fork-based fuzzing helpers + * + * Copyright Red Hat Inc., 2019 + * + * Authors: + * Alexander Bulekov + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + * + */ + +#ifndef FORK_FUZZ_H +#define FORK_FUZZ_H + +extern uint8_t __FUZZ_COUNTERS_START; +extern uint8_t __FUZZ_COUNTERS_END; + +void counter_shm_init(void); + +#endif + diff --git a/tests/qtest/fuzz/fork_fuzz.ld b/tests/qtest/fuzz/fork_fuzz.ld new file mode 100644 index 0000000..b23a59f --- /dev/null +++ b/tests/qtest/fuzz/fork_fuzz.ld @@ -0,0 +1,37 @@ +/* We adjust linker script modification to place all of the stuff that needs to + * persist across fuzzing runs into a contiguous seciton of memory. Then, it is + * easy to re-map the counter-related memory as shared. +*/ + +SECTIONS +{ + .data.fuzz_start : ALIGN(4K) + { + __FUZZ_COUNTERS_START = .; + __start___sancov_cntrs = .; + *(_*sancov_cntrs); + __stop___sancov_cntrs = .; + + /* Lowest stack counter */ + *(__sancov_lowest_stack); + } + .data.fuzz_ordered : + { + /* Coverage counters. They're not necessary for fuzzing, but are useful + * for analyzing the fuzzing performance + */ + __start___llvm_prf_cnts = .; + *(*llvm_prf_cnts); + __stop___llvm_prf_cnts = .; + + /* Internal Libfuzzer TracePC object which contains the ValueProfileMap */ + FuzzerTracePC*(.bss*); + } + .data.fuzz_end : ALIGN(4K) + { + __FUZZ_COUNTERS_END = .; + } +} +/* Dont overwrite the SECTIONS in the default linker script. Instead insert the + * above into the default script */ +INSERT AFTER .data; -- cgit v1.1 From 275ab39d86974aab8bbce14b1a0c488653cc72d2 Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:12 -0500 Subject: fuzz: add support for qos-assisted fuzz targets Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny Message-id: 20200220041118.23264-17-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- tests/qtest/fuzz/Makefile.include | 2 + tests/qtest/fuzz/qos_fuzz.c | 234 ++++++++++++++++++++++++++++++++++++++ tests/qtest/fuzz/qos_fuzz.h | 33 ++++++ 3 files changed, 269 insertions(+) create mode 100644 tests/qtest/fuzz/qos_fuzz.c create mode 100644 tests/qtest/fuzz/qos_fuzz.h diff --git a/tests/qtest/fuzz/Makefile.include b/tests/qtest/fuzz/Makefile.include index a90915d..e3bdd33 100644 --- a/tests/qtest/fuzz/Makefile.include +++ b/tests/qtest/fuzz/Makefile.include @@ -1,8 +1,10 @@ QEMU_PROG_FUZZ=qemu-fuzz-$(TARGET_NAME)$(EXESUF) fuzz-obj-y += tests/qtest/libqtest.o +fuzz-obj-y += $(libqos-obj-y) fuzz-obj-y += tests/qtest/fuzz/fuzz.o # Fuzzer skeleton fuzz-obj-y += tests/qtest/fuzz/fork_fuzz.o +fuzz-obj-y += tests/qtest/fuzz/qos_fuzz.o FUZZ_CFLAGS += -I$(SRC_PATH)/tests -I$(SRC_PATH)/tests/qtest diff --git a/tests/qtest/fuzz/qos_fuzz.c b/tests/qtest/fuzz/qos_fuzz.c new file mode 100644 index 0000000..bbb1747 --- /dev/null +++ b/tests/qtest/fuzz/qos_fuzz.c @@ -0,0 +1,234 @@ +/* + * QOS-assisted fuzzing helpers + * + * Copyright (c) 2018 Emanuele Giuseppe Esposito + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License version 2 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see + */ + +#include "qemu/osdep.h" +#include "qemu/units.h" +#include "qapi/error.h" +#include "qemu-common.h" +#include "exec/memory.h" +#include "exec/address-spaces.h" +#include "sysemu/sysemu.h" +#include "qemu/main-loop.h" + +#include "tests/qtest/libqtest.h" +#include "tests/qtest/libqos/malloc.h" +#include "tests/qtest/libqos/qgraph.h" +#include "tests/qtest/libqos/qgraph_internal.h" +#include "tests/qtest/libqos/qos_external.h" + +#include "fuzz.h" +#include "qos_fuzz.h" + +#include "qapi/qapi-commands-machine.h" +#include "qapi/qapi-commands-qom.h" +#include "qapi/qmp/qlist.h" + + +void *fuzz_qos_obj; +QGuestAllocator *fuzz_qos_alloc; + +static const char *fuzz_target_name; +static char **fuzz_path_vec; + +/* + * Replaced the qmp commands with direct qmp_marshal calls. + * Probably there is a better way to do this + */ +static void qos_set_machines_devices_available(void) +{ + QDict *req = qdict_new(); + QObject *response; + QDict *args = qdict_new(); + QList *lst; + Error *err = NULL; + + qmp_marshal_query_machines(NULL, &response, &err); + assert(!err); + lst = qobject_to(QList, response); + apply_to_qlist(lst, true); + + qobject_unref(response); + + + qdict_put_str(req, "execute", "qom-list-types"); + qdict_put_str(args, "implements", "device"); + qdict_put_bool(args, "abstract", true); + qdict_put_obj(req, "arguments", (QObject *) args); + + qmp_marshal_qom_list_types(args, &response, &err); + assert(!err); + lst = qobject_to(QList, response); + apply_to_qlist(lst, false); + qobject_unref(response); + qobject_unref(req); +} + +static char **current_path; + +void *qos_allocate_objects(QTestState *qts, QGuestAllocator **p_alloc) +{ + return allocate_objects(qts, current_path + 1, p_alloc); +} + +static const char *qos_build_main_args(void) +{ + char **path = fuzz_path_vec; + QOSGraphNode *test_node; + GString *cmd_line = g_string_new(path[0]); + void *test_arg; + + if (!path) { + fprintf(stderr, "QOS Path not found\n"); + abort(); + } + + /* Before test */ + current_path = path; + test_node = qos_graph_get_node(path[(g_strv_length(path) - 1)]); + test_arg = test_node->u.test.arg; + if (test_node->u.test.before) { + test_arg = test_node->u.test.before(cmd_line, test_arg); + } + /* Prepend the arguments that we need */ + g_string_prepend(cmd_line, + TARGET_NAME " -display none -machine accel=qtest -m 64 "); + return cmd_line->str; +} + +/* + * This function is largely a copy of qos-test.c:walk_path. Since walk_path + * is itself a callback, its a little annoying to add another argument/layer of + * indirection + */ +static void walk_path(QOSGraphNode *orig_path, int len) +{ + QOSGraphNode *path; + QOSGraphEdge *edge; + + /* etype set to QEDGE_CONSUMED_BY so that machine can add to the command line */ + QOSEdgeType etype = QEDGE_CONSUMED_BY; + + /* twice QOS_PATH_MAX_ELEMENT_SIZE since each edge can have its arg */ + char **path_vec = g_new0(char *, (QOS_PATH_MAX_ELEMENT_SIZE * 2)); + int path_vec_size = 0; + + char *after_cmd, *before_cmd, *after_device; + GString *after_device_str = g_string_new(""); + char *node_name = orig_path->name, *path_str; + + GString *cmd_line = g_string_new(""); + GString *cmd_line2 = g_string_new(""); + + path = qos_graph_get_node(node_name); /* root */ + node_name = qos_graph_edge_get_dest(path->path_edge); /* machine name */ + + path_vec[path_vec_size++] = node_name; + path_vec[path_vec_size++] = qos_get_machine_type(node_name); + + for (;;) { + path = qos_graph_get_node(node_name); + if (!path->path_edge) { + break; + } + + node_name = qos_graph_edge_get_dest(path->path_edge); + + /* append node command line + previous edge command line */ + if (path->command_line && etype == QEDGE_CONSUMED_BY) { + g_string_append(cmd_line, path->command_line); + g_string_append(cmd_line, after_device_str->str); + g_string_truncate(after_device_str, 0); + } + + path_vec[path_vec_size++] = qos_graph_edge_get_name(path->path_edge); + /* detect if edge has command line args */ + after_cmd = qos_graph_edge_get_after_cmd_line(path->path_edge); + after_device = qos_graph_edge_get_extra_device_opts(path->path_edge); + before_cmd = qos_graph_edge_get_before_cmd_line(path->path_edge); + edge = qos_graph_get_edge(path->name, node_name); + etype = qos_graph_edge_get_type(edge); + + if (before_cmd) { + g_string_append(cmd_line, before_cmd); + } + if (after_cmd) { + g_string_append(cmd_line2, after_cmd); + } + if (after_device) { + g_string_append(after_device_str, after_device); + } + } + + path_vec[path_vec_size++] = NULL; + g_string_append(cmd_line, after_device_str->str); + g_string_free(after_device_str, true); + + g_string_append(cmd_line, cmd_line2->str); + g_string_free(cmd_line2, true); + + /* + * here position 0 has /, position 1 has . + * The path must not have the , qtest_add_data_func adds it. + */ + path_str = g_strjoinv("/", path_vec + 1); + + /* Check that this is the test we care about: */ + char *test_name = strrchr(path_str, '/') + 1; + if (strcmp(test_name, fuzz_target_name) == 0) { + /* + * put arch/machine in position 1 so run_one_test can do its work + * and add the command line at position 0. + */ + path_vec[1] = path_vec[0]; + path_vec[0] = g_string_free(cmd_line, false); + + fuzz_path_vec = path_vec; + } else { + g_free(path_vec); + } + + g_free(path_str); +} + +static const char *qos_get_cmdline(FuzzTarget *t) +{ + /* + * Set a global variable that we use to identify the qos_path for our + * fuzz_target + */ + fuzz_target_name = t->name; + qos_set_machines_devices_available(); + qos_graph_foreach_test_path(walk_path); + return qos_build_main_args(); +} + +void fuzz_add_qos_target( + FuzzTarget *fuzz_opts, + const char *interface, + QOSGraphTestOptions *opts + ) +{ + qos_add_test(fuzz_opts->name, interface, NULL, opts); + fuzz_opts->get_init_cmdline = qos_get_cmdline; + fuzz_add_target(fuzz_opts); +} + +void qos_init_path(QTestState *s) +{ + fuzz_qos_obj = qos_allocate_objects(s , &fuzz_qos_alloc); +} diff --git a/tests/qtest/fuzz/qos_fuzz.h b/tests/qtest/fuzz/qos_fuzz.h new file mode 100644 index 0000000..477f11b --- /dev/null +++ b/tests/qtest/fuzz/qos_fuzz.h @@ -0,0 +1,33 @@ +/* + * QOS-assisted fuzzing helpers + * + * Copyright Red Hat Inc., 2019 + * + * Authors: + * Alexander Bulekov + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#ifndef _QOS_FUZZ_H_ +#define _QOS_FUZZ_H_ + +#include "tests/qtest/fuzz/fuzz.h" +#include "tests/qtest/libqos/qgraph.h" + +int qos_fuzz(const unsigned char *Data, size_t Size); +void qos_setup(void); + +extern void *fuzz_qos_obj; +extern QGuestAllocator *fuzz_qos_alloc; + +void fuzz_add_qos_target( + FuzzTarget *fuzz_opts, + const char *interface, + QOSGraphTestOptions *opts + ); + +void qos_init_path(QTestState *); + +#endif -- cgit v1.1 From c621dc3e01c425de7da6ad82fc275e764d64e5f5 Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:13 -0500 Subject: fuzz: add target/fuzz makefile rules Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny Reviewed-by: Stefan Hajnoczi Message-id: 20200220041118.23264-18-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- Makefile | 15 ++++++++++++++- Makefile.target | 16 ++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b5a7377..18e82cc 100644 --- a/Makefile +++ b/Makefile @@ -477,7 +477,7 @@ config-host.h-timestamp: config-host.mak qemu-options.def: $(SRC_PATH)/qemu-options.hx $(SRC_PATH)/scripts/hxtool $(call quiet-command,sh $(SRC_PATH)/scripts/hxtool -h < $< > $@,"GEN","$@") -TARGET_DIRS_RULES := $(foreach t, all clean install, $(addsuffix /$(t), $(TARGET_DIRS))) +TARGET_DIRS_RULES := $(foreach t, all fuzz clean install, $(addsuffix /$(t), $(TARGET_DIRS))) SOFTMMU_ALL_RULES=$(filter %-softmmu/all, $(TARGET_DIRS_RULES)) $(SOFTMMU_ALL_RULES): $(authz-obj-y) @@ -490,6 +490,15 @@ ifdef DECOMPRESS_EDK2_BLOBS $(SOFTMMU_ALL_RULES): $(edk2-decompressed) endif +SOFTMMU_FUZZ_RULES=$(filter %-softmmu/fuzz, $(TARGET_DIRS_RULES)) +$(SOFTMMU_FUZZ_RULES): $(authz-obj-y) +$(SOFTMMU_FUZZ_RULES): $(block-obj-y) +$(SOFTMMU_FUZZ_RULES): $(chardev-obj-y) +$(SOFTMMU_FUZZ_RULES): $(crypto-obj-y) +$(SOFTMMU_FUZZ_RULES): $(io-obj-y) +$(SOFTMMU_FUZZ_RULES): config-all-devices.mak +$(SOFTMMU_FUZZ_RULES): $(edk2-decompressed) + .PHONY: $(TARGET_DIRS_RULES) # The $(TARGET_DIRS_RULES) are of the form SUBDIR/GOAL, so that # $(dir $@) yields the sub-directory, and $(notdir $@) yields the sub-goal @@ -540,6 +549,9 @@ subdir-slirp: slirp/all $(filter %/all, $(TARGET_DIRS_RULES)): libqemuutil.a $(common-obj-y) \ $(qom-obj-y) +$(filter %/fuzz, $(TARGET_DIRS_RULES)): libqemuutil.a $(common-obj-y) \ + $(qom-obj-y) $(crypto-user-obj-$(CONFIG_USER_ONLY)) + ROM_DIRS = $(addprefix pc-bios/, $(ROMS)) ROM_DIRS_RULES=$(foreach t, all clean, $(addsuffix /$(t), $(ROM_DIRS))) # Only keep -O and -g cflags @@ -549,6 +561,7 @@ $(ROM_DIRS_RULES): .PHONY: recurse-all recurse-clean recurse-install recurse-all: $(addsuffix /all, $(TARGET_DIRS) $(ROM_DIRS)) +recurse-fuzz: $(addsuffix /fuzz, $(TARGET_DIRS) $(ROM_DIRS)) recurse-clean: $(addsuffix /clean, $(TARGET_DIRS) $(ROM_DIRS)) recurse-install: $(addsuffix /install, $(TARGET_DIRS)) $(addsuffix /install, $(TARGET_DIRS)): all diff --git a/Makefile.target b/Makefile.target index 6f4dd72..2d43dc5 100644 --- a/Makefile.target +++ b/Makefile.target @@ -228,6 +228,22 @@ ifdef CONFIG_TRACE_SYSTEMTAP rm -f *.stp endif +ifdef CONFIG_FUZZ +include $(SRC_PATH)/tests/qtest/fuzz/Makefile.include +include $(SRC_PATH)/tests/qtest/Makefile.include + +fuzz: fuzz-vars +fuzz-vars: QEMU_CFLAGS := $(FUZZ_CFLAGS) $(QEMU_CFLAGS) +fuzz-vars: QEMU_LDFLAGS := $(FUZZ_LDFLAGS) $(QEMU_LDFLAGS) +fuzz-vars: $(QEMU_PROG_FUZZ) +dummy := $(call unnest-vars,, fuzz-obj-y) + + +$(QEMU_PROG_FUZZ): config-devices.mak $(all-obj-y) $(COMMON_LDADDS) $(fuzz-obj-y) + $(call LINK, $(filter-out %.mak, $^)) + +endif + install: all ifneq ($(PROGS),) $(call install-prog,$(PROGS),$(DESTDIR)$(bindir)) -- cgit v1.1 From adc28027ffd9c028e42e1048385334461f65bb40 Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:14 -0500 Subject: fuzz: add configure flag --enable-fuzzing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Darren Kenny Message-id: 20200220041118.23264-19-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- configure | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/configure b/configure index d57261e..48d6f89 100755 --- a/configure +++ b/configure @@ -505,6 +505,7 @@ debug_mutex="no" libpmem="" default_devices="yes" plugins="no" +fuzzing="no" supported_cpu="no" supported_os="no" @@ -635,6 +636,15 @@ int main(void) { return 0; } EOF } +write_c_fuzzer_skeleton() { + cat > $TMPC < +#include +int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); +int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { return 0; } +EOF +} + if check_define __linux__ ; then targetos="Linux" elif check_define _WIN32 ; then @@ -1558,6 +1568,10 @@ for opt do ;; --disable-containers) use_containers="no" ;; + --enable-fuzzing) fuzzing=yes + ;; + --disable-fuzzing) fuzzing=no + ;; *) echo "ERROR: unknown option $opt" echo "Try '$0 --help' for more information" @@ -6073,6 +6087,15 @@ EOF fi ########################################## +# checks for fuzzer +if test "$fuzzing" = "yes" ; then + write_c_fuzzer_skeleton + if compile_prog "$CPU_CFLAGS -Werror -fsanitize=address,fuzzer" ""; then + have_fuzzer=yes + fi +fi + +########################################## # check for libpmem if test "$libpmem" != "no"; then @@ -6666,6 +6689,7 @@ echo "libpmem support $libpmem" echo "libudev $libudev" echo "default devices $default_devices" echo "plugin support $plugins" +echo "fuzzing support $fuzzing" if test "$supported_cpu" = "no"; then echo @@ -7504,6 +7528,16 @@ fi if test "$sheepdog" = "yes" ; then echo "CONFIG_SHEEPDOG=y" >> $config_host_mak fi +if test "$fuzzing" = "yes" ; then + if test "$have_fuzzer" = "yes"; then + FUZZ_LDFLAGS=" -fsanitize=address,fuzzer" + FUZZ_CFLAGS=" -fsanitize=address,fuzzer" + CFLAGS=" -fsanitize=address,fuzzer-no-link" + else + error_exit "Your compiler doesn't support -fsanitize=address,fuzzer" + exit 1 + fi +fi if test "$plugins" = "yes" ; then echo "CONFIG_PLUGIN=y" >> $config_host_mak @@ -7605,6 +7639,11 @@ if test "$libudev" != "no"; then echo "CONFIG_LIBUDEV=y" >> $config_host_mak echo "LIBUDEV_LIBS=$libudev_libs" >> $config_host_mak fi +if test "$fuzzing" != "no"; then + echo "CONFIG_FUZZ=y" >> $config_host_mak + echo "FUZZ_CFLAGS=$FUZZ_CFLAGS" >> $config_host_mak + echo "FUZZ_LDFLAGS=$FUZZ_LDFLAGS" >> $config_host_mak +fi if test "$edk2_blobs" = "yes" ; then echo "DECOMPRESS_EDK2_BLOBS=y" >> $config_host_mak -- cgit v1.1 From 04f713242d1fdb9cc03c0bff76f0750f7c8903a0 Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:15 -0500 Subject: fuzz: add i440fx fuzz targets These three targets should simply fuzz reads/writes to a couple ioports, but they mostly serve as examples of different ways to write targets. They demonstrate using qtest and qos for fuzzing, as well as using rebooting and forking to reset state, or not resetting it at all. Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny Message-id: 20200220041118.23264-20-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- tests/qtest/fuzz/Makefile.include | 3 + tests/qtest/fuzz/i440fx_fuzz.c | 193 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 196 insertions(+) create mode 100644 tests/qtest/fuzz/i440fx_fuzz.c diff --git a/tests/qtest/fuzz/Makefile.include b/tests/qtest/fuzz/Makefile.include index e3bdd33..38b8cdd 100644 --- a/tests/qtest/fuzz/Makefile.include +++ b/tests/qtest/fuzz/Makefile.include @@ -6,6 +6,9 @@ fuzz-obj-y += tests/qtest/fuzz/fuzz.o # Fuzzer skeleton fuzz-obj-y += tests/qtest/fuzz/fork_fuzz.o fuzz-obj-y += tests/qtest/fuzz/qos_fuzz.o +# Targets +fuzz-obj-y += tests/qtest/fuzz/i440fx_fuzz.o + FUZZ_CFLAGS += -I$(SRC_PATH)/tests -I$(SRC_PATH)/tests/qtest # Linker Script to force coverage-counters into known regions which we can mark diff --git a/tests/qtest/fuzz/i440fx_fuzz.c b/tests/qtest/fuzz/i440fx_fuzz.c new file mode 100644 index 0000000..ab5f112 --- /dev/null +++ b/tests/qtest/fuzz/i440fx_fuzz.c @@ -0,0 +1,193 @@ +/* + * I440FX Fuzzing Target + * + * Copyright Red Hat Inc., 2019 + * + * Authors: + * Alexander Bulekov + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" + +#include "qemu/main-loop.h" +#include "tests/qtest/libqtest.h" +#include "tests/qtest/libqos/pci.h" +#include "tests/qtest/libqos/pci-pc.h" +#include "fuzz.h" +#include "fuzz/qos_fuzz.h" +#include "fuzz/fork_fuzz.h" + + +#define I440FX_PCI_HOST_BRIDGE_CFG 0xcf8 +#define I440FX_PCI_HOST_BRIDGE_DATA 0xcfc + +/* + * the input to the fuzzing functions below is a buffer of random bytes. we + * want to convert these bytes into a sequence of qtest or qos calls. to do + * this we define some opcodes: + */ +enum action_id { + WRITEB, + WRITEW, + WRITEL, + READB, + READW, + READL, + ACTION_MAX +}; + +static void i440fx_fuzz_qtest(QTestState *s, + const unsigned char *Data, size_t Size) { + /* + * loop over the Data, breaking it up into actions. each action has an + * opcode, address offset and value + */ + typedef struct QTestFuzzAction { + uint8_t opcode; + uint8_t addr; + uint32_t value; + } QTestFuzzAction; + QTestFuzzAction a; + + while (Size >= sizeof(a)) { + /* make a copy of the action so we can normalize the values in-place */ + memcpy(&a, Data, sizeof(a)); + /* select between two i440fx Port IO addresses */ + uint16_t addr = a.addr % 2 ? I440FX_PCI_HOST_BRIDGE_CFG : + I440FX_PCI_HOST_BRIDGE_DATA; + switch (a.opcode % ACTION_MAX) { + case WRITEB: + qtest_outb(s, addr, (uint8_t)a.value); + break; + case WRITEW: + qtest_outw(s, addr, (uint16_t)a.value); + break; + case WRITEL: + qtest_outl(s, addr, (uint32_t)a.value); + break; + case READB: + qtest_inb(s, addr); + break; + case READW: + qtest_inw(s, addr); + break; + case READL: + qtest_inl(s, addr); + break; + } + /* Move to the next operation */ + Size -= sizeof(a); + Data += sizeof(a); + } + flush_events(s); +} + +static void i440fx_fuzz_qos(QTestState *s, + const unsigned char *Data, size_t Size) { + /* + * Same as i440fx_fuzz_qtest, but using QOS. devfn is incorporated into the + * value written over Port IO + */ + typedef struct QOSFuzzAction { + uint8_t opcode; + uint8_t offset; + int devfn; + uint32_t value; + } QOSFuzzAction; + + static QPCIBus *bus; + if (!bus) { + bus = qpci_new_pc(s, fuzz_qos_alloc); + } + + QOSFuzzAction a; + while (Size >= sizeof(a)) { + memcpy(&a, Data, sizeof(a)); + switch (a.opcode % ACTION_MAX) { + case WRITEB: + bus->config_writeb(bus, a.devfn, a.offset, (uint8_t)a.value); + break; + case WRITEW: + bus->config_writew(bus, a.devfn, a.offset, (uint16_t)a.value); + break; + case WRITEL: + bus->config_writel(bus, a.devfn, a.offset, (uint32_t)a.value); + break; + case READB: + bus->config_readb(bus, a.devfn, a.offset); + break; + case READW: + bus->config_readw(bus, a.devfn, a.offset); + break; + case READL: + bus->config_readl(bus, a.devfn, a.offset); + break; + } + Size -= sizeof(a); + Data += sizeof(a); + } + flush_events(s); +} + +static void i440fx_fuzz_qos_fork(QTestState *s, + const unsigned char *Data, size_t Size) { + if (fork() == 0) { + i440fx_fuzz_qos(s, Data, Size); + _Exit(0); + } else { + wait(NULL); + } +} + +static const char *i440fx_qtest_argv = TARGET_NAME " -machine accel=qtest" + "-m 0 -display none"; +static const char *i440fx_argv(FuzzTarget *t) +{ + return i440fx_qtest_argv; +} + +static void fork_init(void) +{ + counter_shm_init(); +} + +static void register_pci_fuzz_targets(void) +{ + /* Uses simple qtest commands and reboots to reset state */ + fuzz_add_target(&(FuzzTarget){ + .name = "i440fx-qtest-reboot-fuzz", + .description = "Fuzz the i440fx using raw qtest commands and" + "rebooting after each run", + .get_init_cmdline = i440fx_argv, + .fuzz = i440fx_fuzz_qtest}); + + /* Uses libqos and forks to prevent state leakage */ + fuzz_add_qos_target(&(FuzzTarget){ + .name = "i440fx-qos-fork-fuzz", + .description = "Fuzz the i440fx using raw qtest commands and" + "rebooting after each run", + .pre_vm_init = &fork_init, + .fuzz = i440fx_fuzz_qos_fork,}, + "i440FX-pcihost", + &(QOSGraphTestOptions){} + ); + + /* + * Uses libqos. Doesn't do anything to reset state. Note that if we were to + * reboot after each run, we would also have to redo the qos-related + * initialization (qos_init_path) + */ + fuzz_add_qos_target(&(FuzzTarget){ + .name = "i440fx-qos-noreset-fuzz", + .description = "Fuzz the i440fx using raw qtest commands and" + "rebooting after each run", + .fuzz = i440fx_fuzz_qos,}, + "i440FX-pcihost", + &(QOSGraphTestOptions){} + ); +} + +fuzz_target_init(register_pci_fuzz_targets); -- cgit v1.1 From b1db8c63169f2139af9f26c884e5e2abd27dd290 Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:16 -0500 Subject: fuzz: add virtio-net fuzz target The virtio-net fuzz target feeds inputs to all three virtio-net virtqueues, and uses forking to avoid leaking state between fuzz runs. Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny Message-id: 20200220041118.23264-21-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- tests/qtest/fuzz/Makefile.include | 1 + tests/qtest/fuzz/virtio_net_fuzz.c | 198 +++++++++++++++++++++++++++++++++++++ 2 files changed, 199 insertions(+) create mode 100644 tests/qtest/fuzz/virtio_net_fuzz.c diff --git a/tests/qtest/fuzz/Makefile.include b/tests/qtest/fuzz/Makefile.include index 38b8cdd..7738577 100644 --- a/tests/qtest/fuzz/Makefile.include +++ b/tests/qtest/fuzz/Makefile.include @@ -8,6 +8,7 @@ fuzz-obj-y += tests/qtest/fuzz/qos_fuzz.o # Targets fuzz-obj-y += tests/qtest/fuzz/i440fx_fuzz.o +fuzz-obj-y += tests/qtest/fuzz/virtio_net_fuzz.o FUZZ_CFLAGS += -I$(SRC_PATH)/tests -I$(SRC_PATH)/tests/qtest diff --git a/tests/qtest/fuzz/virtio_net_fuzz.c b/tests/qtest/fuzz/virtio_net_fuzz.c new file mode 100644 index 0000000..d08a47e --- /dev/null +++ b/tests/qtest/fuzz/virtio_net_fuzz.c @@ -0,0 +1,198 @@ +/* + * virtio-net Fuzzing Target + * + * Copyright Red Hat Inc., 2019 + * + * Authors: + * Alexander Bulekov + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" + +#include "standard-headers/linux/virtio_config.h" +#include "tests/qtest/libqtest.h" +#include "tests/qtest/libqos/virtio-net.h" +#include "fuzz.h" +#include "fork_fuzz.h" +#include "qos_fuzz.h" + + +#define QVIRTIO_NET_TIMEOUT_US (30 * 1000 * 1000) +#define QVIRTIO_RX_VQ 0 +#define QVIRTIO_TX_VQ 1 +#define QVIRTIO_CTRL_VQ 2 + +static int sockfds[2]; +static bool sockfds_initialized; + +static void virtio_net_fuzz_multi(QTestState *s, + const unsigned char *Data, size_t Size, bool check_used) +{ + typedef struct vq_action { + uint8_t queue; + uint8_t length; + uint8_t write; + uint8_t next; + uint8_t rx; + } vq_action; + + uint32_t free_head = 0; + + QGuestAllocator *t_alloc = fuzz_qos_alloc; + + QVirtioNet *net_if = fuzz_qos_obj; + QVirtioDevice *dev = net_if->vdev; + QVirtQueue *q; + vq_action vqa; + while (Size >= sizeof(vqa)) { + memcpy(&vqa, Data, sizeof(vqa)); + Data += sizeof(vqa); + Size -= sizeof(vqa); + + q = net_if->queues[vqa.queue % 3]; + + vqa.length = vqa.length >= Size ? Size : vqa.length; + + /* + * Only attempt to write incoming packets, when using the socket + * backend. Otherwise, always place the input on a virtqueue. + */ + if (vqa.rx && sockfds_initialized) { + write(sockfds[0], Data, vqa.length); + } else { + vqa.rx = 0; + uint64_t req_addr = guest_alloc(t_alloc, vqa.length); + /* + * If checking used ring, ensure that the fuzzer doesn't trigger + * trivial asserion failure on zero-zied buffer + */ + qtest_memwrite(s, req_addr, Data, vqa.length); + + + free_head = qvirtqueue_add(s, q, req_addr, vqa.length, + vqa.write, vqa.next); + qvirtqueue_add(s, q, req_addr, vqa.length, vqa.write , vqa.next); + qvirtqueue_kick(s, dev, q, free_head); + } + + /* Run the main loop */ + qtest_clock_step(s, 100); + flush_events(s); + + /* Wait on used descriptors */ + if (check_used && !vqa.rx) { + gint64 start_time = g_get_monotonic_time(); + /* + * normally, we could just use qvirtio_wait_used_elem, but since we + * must manually run the main-loop for all the bhs to run, we use + * this hack with flush_events(), to run the main_loop + */ + while (!vqa.rx && q != net_if->queues[QVIRTIO_RX_VQ]) { + uint32_t got_desc_idx; + /* Input led to a virtio_error */ + if (dev->bus->get_status(dev) & VIRTIO_CONFIG_S_NEEDS_RESET) { + break; + } + if (dev->bus->get_queue_isr_status(dev, q) && + qvirtqueue_get_buf(s, q, &got_desc_idx, NULL)) { + g_assert_cmpint(got_desc_idx, ==, free_head); + break; + } + g_assert(g_get_monotonic_time() - start_time + <= QVIRTIO_NET_TIMEOUT_US); + + /* Run the main loop */ + qtest_clock_step(s, 100); + flush_events(s); + } + } + Data += vqa.length; + Size -= vqa.length; + } +} + +static void virtio_net_fork_fuzz(QTestState *s, + const unsigned char *Data, size_t Size) +{ + if (fork() == 0) { + virtio_net_fuzz_multi(s, Data, Size, false); + flush_events(s); + _Exit(0); + } else { + wait(NULL); + } +} + +static void virtio_net_fork_fuzz_check_used(QTestState *s, + const unsigned char *Data, size_t Size) +{ + if (fork() == 0) { + virtio_net_fuzz_multi(s, Data, Size, true); + flush_events(s); + _Exit(0); + } else { + wait(NULL); + } +} + +static void virtio_net_pre_fuzz(QTestState *s) +{ + qos_init_path(s); + counter_shm_init(); +} + +static void *virtio_net_test_setup_socket(GString *cmd_line, void *arg) +{ + int ret = socketpair(PF_UNIX, SOCK_STREAM, 0, sockfds); + g_assert_cmpint(ret, !=, -1); + fcntl(sockfds[0], F_SETFL, O_NONBLOCK); + sockfds_initialized = true; + g_string_append_printf(cmd_line, " -netdev socket,fd=%d,id=hs0 ", + sockfds[1]); + return arg; +} + +static void *virtio_net_test_setup_user(GString *cmd_line, void *arg) +{ + g_string_append_printf(cmd_line, " -netdev user,id=hs0 "); + return arg; +} + +static void register_virtio_net_fuzz_targets(void) +{ + fuzz_add_qos_target(&(FuzzTarget){ + .name = "virtio-net-socket", + .description = "Fuzz the virtio-net virtual queues. Fuzz incoming " + "traffic using the socket backend", + .pre_fuzz = &virtio_net_pre_fuzz, + .fuzz = virtio_net_fork_fuzz,}, + "virtio-net", + &(QOSGraphTestOptions){.before = virtio_net_test_setup_socket} + ); + + fuzz_add_qos_target(&(FuzzTarget){ + .name = "virtio-net-socket-check-used", + .description = "Fuzz the virtio-net virtual queues. Wait for the " + "descriptors to be used. Timeout may indicate improperly handled " + "input", + .pre_fuzz = &virtio_net_pre_fuzz, + .fuzz = virtio_net_fork_fuzz_check_used,}, + "virtio-net", + &(QOSGraphTestOptions){.before = virtio_net_test_setup_socket} + ); + fuzz_add_qos_target(&(FuzzTarget){ + .name = "virtio-net-slirp", + .description = "Fuzz the virtio-net virtual queues with the slirp " + " backend. Warning: May result in network traffic emitted from the " + " process. Run in an isolated network environment.", + .pre_fuzz = &virtio_net_pre_fuzz, + .fuzz = virtio_net_fork_fuzz,}, + "virtio-net", + &(QOSGraphTestOptions){.before = virtio_net_test_setup_user} + ); +} + +fuzz_target_init(register_virtio_net_fuzz_targets); -- cgit v1.1 From 472a07a6e2bd410f5679cd8a16384a6d3f474679 Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:17 -0500 Subject: fuzz: add virtio-scsi fuzz target The virtio-scsi fuzz target sets up and fuzzes the available virtio-scsi queues. After an element is placed on a queue, the fuzzer can select whether to perform a kick, or continue adding elements. Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny Message-id: 20200220041118.23264-22-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- tests/qtest/fuzz/Makefile.include | 1 + tests/qtest/fuzz/virtio_scsi_fuzz.c | 213 ++++++++++++++++++++++++++++++++++++ 2 files changed, 214 insertions(+) create mode 100644 tests/qtest/fuzz/virtio_scsi_fuzz.c diff --git a/tests/qtest/fuzz/Makefile.include b/tests/qtest/fuzz/Makefile.include index 7738577..cde3e96 100644 --- a/tests/qtest/fuzz/Makefile.include +++ b/tests/qtest/fuzz/Makefile.include @@ -9,6 +9,7 @@ fuzz-obj-y += tests/qtest/fuzz/qos_fuzz.o # Targets fuzz-obj-y += tests/qtest/fuzz/i440fx_fuzz.o fuzz-obj-y += tests/qtest/fuzz/virtio_net_fuzz.o +fuzz-obj-y += tests/qtest/fuzz/virtio_scsi_fuzz.o FUZZ_CFLAGS += -I$(SRC_PATH)/tests -I$(SRC_PATH)/tests/qtest diff --git a/tests/qtest/fuzz/virtio_scsi_fuzz.c b/tests/qtest/fuzz/virtio_scsi_fuzz.c new file mode 100644 index 0000000..3b95247 --- /dev/null +++ b/tests/qtest/fuzz/virtio_scsi_fuzz.c @@ -0,0 +1,213 @@ +/* + * virtio-serial Fuzzing Target + * + * Copyright Red Hat Inc., 2019 + * + * Authors: + * Alexander Bulekov + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" + +#include "tests/qtest/libqtest.h" +#include "libqos/virtio-scsi.h" +#include "libqos/virtio.h" +#include "libqos/virtio-pci.h" +#include "standard-headers/linux/virtio_ids.h" +#include "standard-headers/linux/virtio_pci.h" +#include "standard-headers/linux/virtio_scsi.h" +#include "fuzz.h" +#include "fork_fuzz.h" +#include "qos_fuzz.h" + +#define PCI_SLOT 0x02 +#define PCI_FN 0x00 +#define QVIRTIO_SCSI_TIMEOUT_US (1 * 1000 * 1000) + +#define MAX_NUM_QUEUES 64 + +/* Based on tests/virtio-scsi-test.c */ +typedef struct { + int num_queues; + QVirtQueue *vq[MAX_NUM_QUEUES + 2]; +} QVirtioSCSIQueues; + +static QVirtioSCSIQueues *qvirtio_scsi_init(QVirtioDevice *dev, uint64_t mask) +{ + QVirtioSCSIQueues *vs; + uint64_t feat; + int i; + + vs = g_new0(QVirtioSCSIQueues, 1); + + feat = qvirtio_get_features(dev); + if (mask) { + feat &= ~QVIRTIO_F_BAD_FEATURE | mask; + } else { + feat &= ~(QVIRTIO_F_BAD_FEATURE | (1ull << VIRTIO_RING_F_EVENT_IDX)); + } + qvirtio_set_features(dev, feat); + + vs->num_queues = qvirtio_config_readl(dev, 0); + + for (i = 0; i < vs->num_queues + 2; i++) { + vs->vq[i] = qvirtqueue_setup(dev, fuzz_qos_alloc, i); + } + + qvirtio_set_driver_ok(dev); + + return vs; +} + +static void virtio_scsi_fuzz(QTestState *s, QVirtioSCSIQueues* queues, + const unsigned char *Data, size_t Size) +{ + /* + * Data is a sequence of random bytes. We split them up into "actions", + * followed by data: + * [vqa][dddddddd][vqa][dddd][vqa][dddddddddddd] ... + * The length of the data is specified by the preceding vqa.length + */ + typedef struct vq_action { + uint8_t queue; + uint8_t length; + uint8_t write; + uint8_t next; + uint8_t kick; + } vq_action; + + /* Keep track of the free head for each queue we interact with */ + bool vq_touched[MAX_NUM_QUEUES + 2] = {0}; + uint32_t free_head[MAX_NUM_QUEUES + 2]; + + QGuestAllocator *t_alloc = fuzz_qos_alloc; + + QVirtioSCSI *scsi = fuzz_qos_obj; + QVirtioDevice *dev = scsi->vdev; + QVirtQueue *q; + vq_action vqa; + while (Size >= sizeof(vqa)) { + /* Copy the action, so we can normalize length, queue and flags */ + memcpy(&vqa, Data, sizeof(vqa)); + + Data += sizeof(vqa); + Size -= sizeof(vqa); + + vqa.queue = vqa.queue % queues->num_queues; + /* Cap length at the number of remaining bytes in data */ + vqa.length = vqa.length >= Size ? Size : vqa.length; + vqa.write = vqa.write & 1; + vqa.next = vqa.next & 1; + vqa.kick = vqa.kick & 1; + + + q = queues->vq[vqa.queue]; + + /* Copy the data into ram, and place it on the virtqueue */ + uint64_t req_addr = guest_alloc(t_alloc, vqa.length); + qtest_memwrite(s, req_addr, Data, vqa.length); + if (vq_touched[vqa.queue] == 0) { + vq_touched[vqa.queue] = 1; + free_head[vqa.queue] = qvirtqueue_add(s, q, req_addr, vqa.length, + vqa.write, vqa.next); + } else { + qvirtqueue_add(s, q, req_addr, vqa.length, vqa.write , vqa.next); + } + + if (vqa.kick) { + qvirtqueue_kick(s, dev, q, free_head[vqa.queue]); + free_head[vqa.queue] = 0; + } + Data += vqa.length; + Size -= vqa.length; + } + /* In the end, kick each queue we interacted with */ + for (int i = 0; i < MAX_NUM_QUEUES + 2; i++) { + if (vq_touched[i]) { + qvirtqueue_kick(s, dev, queues->vq[i], free_head[i]); + } + } +} + +static void virtio_scsi_fork_fuzz(QTestState *s, + const unsigned char *Data, size_t Size) +{ + QVirtioSCSI *scsi = fuzz_qos_obj; + static QVirtioSCSIQueues *queues; + if (!queues) { + queues = qvirtio_scsi_init(scsi->vdev, 0); + } + if (fork() == 0) { + virtio_scsi_fuzz(s, queues, Data, Size); + flush_events(s); + _Exit(0); + } else { + wait(NULL); + } +} + +static void virtio_scsi_with_flag_fuzz(QTestState *s, + const unsigned char *Data, size_t Size) +{ + QVirtioSCSI *scsi = fuzz_qos_obj; + static QVirtioSCSIQueues *queues; + + if (fork() == 0) { + if (Size >= sizeof(uint64_t)) { + queues = qvirtio_scsi_init(scsi->vdev, *(uint64_t *)Data); + virtio_scsi_fuzz(s, queues, + Data + sizeof(uint64_t), Size - sizeof(uint64_t)); + flush_events(s); + } + _Exit(0); + } else { + wait(NULL); + } +} + +static void virtio_scsi_pre_fuzz(QTestState *s) +{ + qos_init_path(s); + counter_shm_init(); +} + +static void *virtio_scsi_test_setup(GString *cmd_line, void *arg) +{ + g_string_append(cmd_line, + " -drive file=blkdebug::null-co://," + "file.image.read-zeroes=on," + "if=none,id=dr1,format=raw,file.align=4k " + "-device scsi-hd,drive=dr1,lun=0,scsi-id=1"); + return arg; +} + + +static void register_virtio_scsi_fuzz_targets(void) +{ + fuzz_add_qos_target(&(FuzzTarget){ + .name = "virtio-scsi-fuzz", + .description = "Fuzz the virtio-scsi virtual queues, forking" + "for each fuzz run", + .pre_vm_init = &counter_shm_init, + .pre_fuzz = &virtio_scsi_pre_fuzz, + .fuzz = virtio_scsi_fork_fuzz,}, + "virtio-scsi", + &(QOSGraphTestOptions){.before = virtio_scsi_test_setup} + ); + + fuzz_add_qos_target(&(FuzzTarget){ + .name = "virtio-scsi-flags-fuzz", + .description = "Fuzz the virtio-scsi virtual queues, forking" + "for each fuzz run (also fuzzes the virtio flags)", + .pre_vm_init = &counter_shm_init, + .pre_fuzz = &virtio_scsi_pre_fuzz, + .fuzz = virtio_scsi_with_flag_fuzz,}, + "virtio-scsi", + &(QOSGraphTestOptions){.before = virtio_scsi_test_setup} + ); +} + +fuzz_target_init(register_virtio_scsi_fuzz_targets); -- cgit v1.1 From e5c59355ae9f724777c61c859292ec9db2c8c2ab Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Wed, 19 Feb 2020 23:11:18 -0500 Subject: fuzz: add documentation to docs/devel/ Signed-off-by: Alexander Bulekov Reviewed-by: Stefan Hajnoczi Reviewed-by: Darren Kenny Message-id: 20200220041118.23264-23-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- docs/devel/fuzzing.txt | 116 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100644 docs/devel/fuzzing.txt diff --git a/docs/devel/fuzzing.txt b/docs/devel/fuzzing.txt new file mode 100644 index 0000000..324d2cd --- /dev/null +++ b/docs/devel/fuzzing.txt @@ -0,0 +1,116 @@ += Fuzzing = + +== Introduction == + +This document describes the virtual-device fuzzing infrastructure in QEMU and +how to use it to implement additional fuzzers. + +== Basics == + +Fuzzing operates by passing inputs to an entry point/target function. The +fuzzer tracks the code coverage triggered by the input. Based on these +findings, the fuzzer mutates the input and repeats the fuzzing. + +To fuzz QEMU, we rely on libfuzzer. Unlike other fuzzers such as AFL, libfuzzer +is an _in-process_ fuzzer. For the developer, this means that it is their +responsibility to ensure that state is reset between fuzzing-runs. + +== Building the fuzzers == + +NOTE: If possible, build a 32-bit binary. When forking, the 32-bit fuzzer is +much faster, since the page-map has a smaller size. This is due to the fact that +AddressSanitizer mmaps ~20TB of memory, as part of its detection. This results +in a large page-map, and a much slower fork(). + +To build the fuzzers, install a recent version of clang: +Configure with (substitute the clang binaries with the version you installed): + + CC=clang-8 CXX=clang++-8 /path/to/configure --enable-fuzzing + +Fuzz targets are built similarly to system/softmmu: + + make i386-softmmu/fuzz + +This builds ./i386-softmmu/qemu-fuzz-i386 + +The first option to this command is: --fuzz_taget=FUZZ_NAME +To list all of the available fuzzers run qemu-fuzz-i386 with no arguments. + +eg: + ./i386-softmmu/qemu-fuzz-i386 --fuzz-target=virtio-net-fork-fuzz + +Internally, libfuzzer parses all arguments that do not begin with "--". +Information about these is available by passing -help=1 + +Now the only thing left to do is wait for the fuzzer to trigger potential +crashes. + +== Adding a new fuzzer == +Coverage over virtual devices can be improved by adding additional fuzzers. +Fuzzers are kept in tests/qtest/fuzz/ and should be added to +tests/qtest/fuzz/Makefile.include + +Fuzzers can rely on both qtest and libqos to communicate with virtual devices. + +1. Create a new source file. For example ``tests/qtest/fuzz/foo-device-fuzz.c``. + +2. Write the fuzzing code using the libqtest/libqos API. See existing fuzzers +for reference. + +3. Register the fuzzer in ``tests/fuzz/Makefile.include`` by appending the +corresponding object to fuzz-obj-y + +Fuzzers can be more-or-less thought of as special qtest programs which can +modify the qtest commands and/or qtest command arguments based on inputs +provided by libfuzzer. Libfuzzer passes a byte array and length. Commonly the +fuzzer loops over the byte-array interpreting it as a list of qtest commands, +addresses, or values. + += Implementation Details = + +== The Fuzzer's Lifecycle == + +The fuzzer has two entrypoints that libfuzzer calls. libfuzzer provides it's +own main(), which performs some setup, and calls the entrypoints: + +LLVMFuzzerInitialize: called prior to fuzzing. Used to initialize all of the +necessary state + +LLVMFuzzerTestOneInput: called for each fuzzing run. Processes the input and +resets the state at the end of each run. + +In more detail: + +LLVMFuzzerInitialize parses the arguments to the fuzzer (must start with two +dashes, so they are ignored by libfuzzer main()). Currently, the arguments +select the fuzz target. Then, the qtest client is initialized. If the target +requires qos, qgraph is set up and the QOM/LIBQOS modules are initialized. +Then the QGraph is walked and the QEMU cmd_line is determined and saved. + +After this, the vl.c:qemu__main is called to set up the guest. There are +target-specific hooks that can be called before and after qemu_main, for +additional setup(e.g. PCI setup, or VM snapshotting). + +LLVMFuzzerTestOneInput: Uses qtest/qos functions to act based on the fuzz +input. It is also responsible for manually calling the main loop/main_loop_wait +to ensure that bottom halves are executed and any cleanup required before the +next input. + +Since the same process is reused for many fuzzing runs, QEMU state needs to +be reset at the end of each run. There are currently two implemented +options for resetting state: +1. Reboot the guest between runs. + Pros: Straightforward and fast for simple fuzz targets. + Cons: Depending on the device, does not reset all device state. If the + device requires some initialization prior to being ready for fuzzing + (common for QOS-based targets), this initialization needs to be done after + each reboot. + Example target: i440fx-qtest-reboot-fuzz +2. Run each test case in a separate forked process and copy the coverage + information back to the parent. This is fairly similar to AFL's "deferred" + fork-server mode [3] + Pros: Relatively fast. Devices only need to be initialized once. No need + to do slow reboots or vmloads. + Cons: Not officially supported by libfuzzer. Does not work well for devices + that rely on dedicated threads. + Example target: virtio-net-fork-fuzz -- cgit v1.1