From e3a0abfda71db1fa83be894dcff7c4871b36cc8d Mon Sep 17 00:00:00 2001 From: "Emilio G. Cota" Date: Thu, 9 Apr 2015 16:07:33 -0400 Subject: translate-all: use glib for all page descriptor allocations Since commit b7b5233a "bsd-user/mmap.c: Don't try to override g_malloc/g_free" the exception we make here for usermode has been unnecessary. Get rid of it. Signed-off-by: Emilio G. Cota Message-Id: <1428610053-26148-1-git-send-email-cota@braap.org> Signed-off-by: Paolo Bonzini --- translate-all.c | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/translate-all.c b/translate-all.c index 11763c6c3a..85f034642d 100644 --- a/translate-all.c +++ b/translate-all.c @@ -389,18 +389,6 @@ static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc) void **lp; int i; -#if defined(CONFIG_USER_ONLY) - /* We can't use g_malloc because it may recurse into a locked mutex. */ -# define ALLOC(P, SIZE) \ - do { \ - P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \ - MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \ - } while (0) -#else -# define ALLOC(P, SIZE) \ - do { P = g_malloc0(SIZE); } while (0) -#endif - /* Level 1. Always allocated. */ lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1)); @@ -412,7 +400,7 @@ static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc) if (!alloc) { return NULL; } - ALLOC(p, sizeof(void *) * V_L2_SIZE); + p = g_new0(void *, V_L2_SIZE); *lp = p; } @@ -424,12 +412,10 @@ static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc) if (!alloc) { return NULL; } - ALLOC(pd, sizeof(PageDesc) * V_L2_SIZE); + pd = g_new0(PageDesc, V_L2_SIZE); *lp = pd; } -#undef ALLOC - return pd + (index & (V_L2_SIZE - 1)); } -- cgit v1.2.1 From c2cba0ffe495b60c4cc58080281e99c7a6580d4b Mon Sep 17 00:00:00 2001 From: Fam Zheng Date: Mon, 16 Mar 2015 17:03:33 +0800 Subject: exec: Atomic access to bounce buffer There could be a race condition when two processes call address_space_map concurrently and both want to use the bounce buffer. Add an in_use flag in BounceBuffer to sync it. Signed-off-by: Fam Zheng Message-Id: <1426496617-10702-2-git-send-email-famz@redhat.com> Signed-off-by: Paolo Bonzini --- exec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/exec.c b/exec.c index 874ecfc2c6..5a1c70085c 100644 --- a/exec.c +++ b/exec.c @@ -2482,6 +2482,7 @@ typedef struct { void *buffer; hwaddr addr; hwaddr len; + bool in_use; } BounceBuffer; static BounceBuffer bounce; @@ -2570,7 +2571,7 @@ void *address_space_map(AddressSpace *as, l = len; mr = address_space_translate(as, addr, &xlat, &l, is_write); if (!memory_access_is_direct(mr, is_write)) { - if (bounce.buffer) { + if (atomic_xchg(&bounce.in_use, true)) { return NULL; } /* Avoid unbounded allocations */ @@ -2640,6 +2641,7 @@ void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len, qemu_vfree(bounce.buffer); bounce.buffer = NULL; memory_region_unref(bounce.mr); + atomic_mb_set(&bounce.in_use, false); cpu_notify_map_clients(); } -- cgit v1.2.1 From 02f4035c47b4d34cdc61780292ee288f400b9c49 Mon Sep 17 00:00:00 2001 From: Fam Zheng Date: Mon, 16 Mar 2015 17:03:34 +0800 Subject: linux-user, bsd-user: Remove two calls to cpu_exec_init_all The function is a nop for user mode, so just remove them. Signed-off-by: Fam Zheng Message-Id: <1426496617-10702-3-git-send-email-famz@redhat.com> Signed-off-by: Paolo Bonzini --- bsd-user/main.c | 1 - linux-user/main.c | 1 - 2 files changed, 2 deletions(-) diff --git a/bsd-user/main.c b/bsd-user/main.c index 1bb27548f2..5bfaf5c421 100644 --- a/bsd-user/main.c +++ b/bsd-user/main.c @@ -905,7 +905,6 @@ int main(int argc, char **argv) #endif } tcg_exec_init(0); - cpu_exec_init_all(); /* NOTE: we need to init the CPU at this stage to get qemu_host_page_size */ cpu = cpu_init(cpu_model); diff --git a/linux-user/main.c b/linux-user/main.c index a8adb0404b..3f32db0afd 100644 --- a/linux-user/main.c +++ b/linux-user/main.c @@ -3934,7 +3934,6 @@ int main(int argc, char **argv, char **envp) #endif } tcg_exec_init(0); - cpu_exec_init_all(); /* NOTE: we need to init the CPU at this stage to get qemu_host_page_size */ cpu = cpu_init(cpu_model); -- cgit v1.2.1 From 38e047b50d2bfd1df99fbbca884c9f1db0785ff4 Mon Sep 17 00:00:00 2001 From: Fam Zheng Date: Mon, 16 Mar 2015 17:03:35 +0800 Subject: exec: Protect map_client_list with mutex So that accesses from multiple threads are safe. Signed-off-by: Fam Zheng Message-Id: <1426496617-10702-4-git-send-email-famz@redhat.com> [Remove #if from cpu_exec_init_all. - Paolo] Signed-off-by: Paolo Bonzini --- exec.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/exec.c b/exec.c index 5a1c70085c..81666d3d6d 100644 --- a/exec.c +++ b/exec.c @@ -429,15 +429,6 @@ address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr, } #endif -void cpu_exec_init_all(void) -{ -#if !defined(CONFIG_USER_ONLY) - qemu_mutex_init(&ram_list.mutex); - memory_map_init(); - io_mem_init(); -#endif -} - #if !defined(CONFIG_USER_ONLY) static int cpu_common_post_load(void *opaque, int version_id) @@ -2493,6 +2484,7 @@ typedef struct MapClient { QLIST_ENTRY(MapClient) link; } MapClient; +QemuMutex map_client_list_lock; static QLIST_HEAD(map_client_list, MapClient) map_client_list = QLIST_HEAD_INITIALIZER(map_client_list); @@ -2500,12 +2492,22 @@ void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque)) { MapClient *client = g_malloc(sizeof(*client)); + qemu_mutex_lock(&map_client_list_lock); client->opaque = opaque; client->callback = callback; QLIST_INSERT_HEAD(&map_client_list, client, link); + qemu_mutex_unlock(&map_client_list_lock); return client; } +void cpu_exec_init_all(void) +{ + qemu_mutex_init(&ram_list.mutex); + memory_map_init(); + io_mem_init(); + qemu_mutex_init(&map_client_list_lock); +} + static void cpu_unregister_map_client(void *_client) { MapClient *client = (MapClient *)_client; @@ -2518,11 +2520,13 @@ static void cpu_notify_map_clients(void) { MapClient *client; + qemu_mutex_lock(&map_client_list_lock); while (!QLIST_EMPTY(&map_client_list)) { client = QLIST_FIRST(&map_client_list); client->callback(client->opaque); cpu_unregister_map_client(client); } + qemu_mutex_unlock(&map_client_list_lock); } bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write) -- cgit v1.2.1 From 33b6c2edf6214f02b9beaea61b169506c01f90aa Mon Sep 17 00:00:00 2001 From: Fam Zheng Date: Mon, 16 Mar 2015 17:03:36 +0800 Subject: exec: Notify cpu_register_map_client caller if the bounce buffer is available The caller's workflow is like if (!address_space_map()) { ... cpu_register_map_client(); } If bounce buffer became available after address_space_map() but before cpu_register_map_client(), the caller could miss it and has to wait for the next bounce buffer notify, which may never happen in the worse case. Just notify the list in cpu_register_map_client(). Signed-off-by: Fam Zheng Message-Id: <1426496617-10702-5-git-send-email-famz@redhat.com> Signed-off-by: Paolo Bonzini --- exec.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/exec.c b/exec.c index 81666d3d6d..2c87f1d6d6 100644 --- a/exec.c +++ b/exec.c @@ -2488,6 +2488,18 @@ QemuMutex map_client_list_lock; static QLIST_HEAD(map_client_list, MapClient) map_client_list = QLIST_HEAD_INITIALIZER(map_client_list); +static void cpu_unregister_map_client(void *_client); +static void cpu_notify_map_clients_locked(void) +{ + MapClient *client; + + while (!QLIST_EMPTY(&map_client_list)) { + client = QLIST_FIRST(&map_client_list); + client->callback(client->opaque); + cpu_unregister_map_client(client); + } +} + void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque)) { MapClient *client = g_malloc(sizeof(*client)); @@ -2496,6 +2508,9 @@ void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque)) client->opaque = opaque; client->callback = callback; QLIST_INSERT_HEAD(&map_client_list, client, link); + if (!atomic_read(&bounce.in_use)) { + cpu_notify_map_clients_locked(); + } qemu_mutex_unlock(&map_client_list_lock); return client; } @@ -2518,14 +2533,8 @@ static void cpu_unregister_map_client(void *_client) static void cpu_notify_map_clients(void) { - MapClient *client; - qemu_mutex_lock(&map_client_list_lock); - while (!QLIST_EMPTY(&map_client_list)) { - client = QLIST_FIRST(&map_client_list); - client->callback(client->opaque); - cpu_unregister_map_client(client); - } + cpu_notify_map_clients_locked(); qemu_mutex_unlock(&map_client_list_lock); } -- cgit v1.2.1 From e95205e1f9cd2c4262b7a7b1c992a94512c86d0e Mon Sep 17 00:00:00 2001 From: Fam Zheng Date: Mon, 16 Mar 2015 17:03:37 +0800 Subject: dma-helpers: Fix race condition of continue_after_map_failure and dma_aio_cancel If DMA's owning thread cancels the IO while the bounce buffer's owning thread is notifying the "cpu client list", a use-after-free happens: continue_after_map_failure dma_aio_cancel ------------------------------------------------------------------ aio_bh_new qemu_bh_delete qemu_bh_schedule (use after free) Also, the old code doesn't run the bh in the right AioContext. Fix both problems by passing a QEMUBH to cpu_register_map_client. Signed-off-by: Fam Zheng Reviewed-by: Paolo Bonzini Message-Id: <1426496617-10702-6-git-send-email-famz@redhat.com> [Remove unnecessary forward declaration. - Paolo] Signed-off-by: Paolo Bonzini --- dma-helpers.c | 17 ++++++++--------- exec.c | 34 +++++++++++++++++++++------------- include/exec/cpu-common.h | 3 ++- 3 files changed, 31 insertions(+), 23 deletions(-) diff --git a/dma-helpers.c b/dma-helpers.c index 6918572e18..1fddf6a11c 100644 --- a/dma-helpers.c +++ b/dma-helpers.c @@ -92,14 +92,6 @@ static void reschedule_dma(void *opaque) dma_blk_cb(dbs, 0); } -static void continue_after_map_failure(void *opaque) -{ - DMAAIOCB *dbs = (DMAAIOCB *)opaque; - - dbs->bh = qemu_bh_new(reschedule_dma, dbs); - qemu_bh_schedule(dbs->bh); -} - static void dma_blk_unmap(DMAAIOCB *dbs) { int i; @@ -161,7 +153,9 @@ static void dma_blk_cb(void *opaque, int ret) if (dbs->iov.size == 0) { trace_dma_map_wait(dbs); - cpu_register_map_client(dbs, continue_after_map_failure); + dbs->bh = aio_bh_new(blk_get_aio_context(dbs->blk), + reschedule_dma, dbs); + cpu_register_map_client(dbs->bh); return; } @@ -183,6 +177,11 @@ static void dma_aio_cancel(BlockAIOCB *acb) if (dbs->acb) { blk_aio_cancel_async(dbs->acb); } + if (dbs->bh) { + cpu_unregister_map_client(dbs->bh); + qemu_bh_delete(dbs->bh); + dbs->bh = NULL; + } } diff --git a/exec.c b/exec.c index 2c87f1d6d6..065f5e8360 100644 --- a/exec.c +++ b/exec.c @@ -2479,8 +2479,7 @@ typedef struct { static BounceBuffer bounce; typedef struct MapClient { - void *opaque; - void (*callback)(void *opaque); + QEMUBH *bh; QLIST_ENTRY(MapClient) link; } MapClient; @@ -2488,31 +2487,34 @@ QemuMutex map_client_list_lock; static QLIST_HEAD(map_client_list, MapClient) map_client_list = QLIST_HEAD_INITIALIZER(map_client_list); -static void cpu_unregister_map_client(void *_client); +static void cpu_unregister_map_client_do(MapClient *client) +{ + QLIST_REMOVE(client, link); + g_free(client); +} + static void cpu_notify_map_clients_locked(void) { MapClient *client; while (!QLIST_EMPTY(&map_client_list)) { client = QLIST_FIRST(&map_client_list); - client->callback(client->opaque); - cpu_unregister_map_client(client); + qemu_bh_schedule(client->bh); + cpu_unregister_map_client_do(client); } } -void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque)) +void cpu_register_map_client(QEMUBH *bh) { MapClient *client = g_malloc(sizeof(*client)); qemu_mutex_lock(&map_client_list_lock); - client->opaque = opaque; - client->callback = callback; + client->bh = bh; QLIST_INSERT_HEAD(&map_client_list, client, link); if (!atomic_read(&bounce.in_use)) { cpu_notify_map_clients_locked(); } qemu_mutex_unlock(&map_client_list_lock); - return client; } void cpu_exec_init_all(void) @@ -2523,12 +2525,18 @@ void cpu_exec_init_all(void) qemu_mutex_init(&map_client_list_lock); } -static void cpu_unregister_map_client(void *_client) +void cpu_unregister_map_client(QEMUBH *bh) { - MapClient *client = (MapClient *)_client; + MapClient *client; - QLIST_REMOVE(client, link); - g_free(client); + qemu_mutex_lock(&map_client_list_lock); + QLIST_FOREACH(client, &map_client_list, link) { + if (client->bh == bh) { + cpu_unregister_map_client_do(client); + break; + } + } + qemu_mutex_unlock(&map_client_list_lock); } static void cpu_notify_map_clients(void) diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h index fcc316271e..43428bd030 100644 --- a/include/exec/cpu-common.h +++ b/include/exec/cpu-common.h @@ -82,7 +82,8 @@ void *cpu_physical_memory_map(hwaddr addr, int is_write); void cpu_physical_memory_unmap(void *buffer, hwaddr len, int is_write, hwaddr access_len); -void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque)); +void cpu_register_map_client(QEMUBH *bh); +void cpu_unregister_map_client(QEMUBH *bh); bool cpu_physical_memory_is_io(hwaddr phys_addr); -- cgit v1.2.1 From 37d7c08413cd4307f53c83d43b1b06cf2701d7a7 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 23 Mar 2015 10:21:46 +0100 Subject: memory: add memory_region_ram_resize This is a simple MemoryRegion wrapper for qemu_ram_resize. Signed-off-by: Paolo Bonzini --- include/exec/memory.h | 12 ++++++++++++ memory.c | 7 +++++++ 2 files changed, 19 insertions(+) diff --git a/include/exec/memory.h b/include/exec/memory.h index 06ffa1d185..a2ea58776d 100644 --- a/include/exec/memory.h +++ b/include/exec/memory.h @@ -605,6 +605,18 @@ int memory_region_get_fd(MemoryRegion *mr); */ void *memory_region_get_ram_ptr(MemoryRegion *mr); +/* memory_region_ram_resize: Resize a RAM region. + * + * Only legal before guest might have detected the memory size: e.g. on + * incoming migration, or right after reset. + * + * @mr: a memory region created with @memory_region_init_resizeable_ram. + * @newsize: the new size the region + * @errp: pointer to Error*, to store an error if it happens. + */ +void memory_region_ram_resize(MemoryRegion *mr, ram_addr_t newsize, + Error **errp); + /** * memory_region_set_log: Turn dirty logging on or off for a region. * diff --git a/memory.c b/memory.c index ee3f2a8a95..a11e9bf08a 100644 --- a/memory.c +++ b/memory.c @@ -1452,6 +1452,13 @@ void *memory_region_get_ram_ptr(MemoryRegion *mr) return qemu_get_ram_ptr(mr->ram_addr & TARGET_PAGE_MASK); } +void memory_region_ram_resize(MemoryRegion *mr, ram_addr_t newsize, Error **errp) +{ + assert(mr->terminates); + + qemu_ram_resize(mr->ram_addr, newsize, errp); +} + static void memory_region_update_coalesced_range_as(MemoryRegion *mr, AddressSpace *as) { FlatView *view; -- cgit v1.2.1 From 339240b5cd42bd13d4f6629f2aedf8b4b07459fb Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 23 Mar 2015 10:24:16 +0100 Subject: acpi-build: remove dependency from ram_addr.h ram_addr_t is an internal interface, everyone should go through MemoryRegion. Clean it up by making rom_add_blob return a MemoryRegion* and using the new qemu_ram_resize infrastructure. Reviewed-by: Michael S. Tsirkin Signed-off-by: Paolo Bonzini --- hw/core/loader.c | 8 ++++---- hw/i386/acpi-build.c | 36 ++++++++++++++++++------------------ include/hw/loader.h | 8 +++++--- 3 files changed, 27 insertions(+), 25 deletions(-) diff --git a/hw/core/loader.c b/hw/core/loader.c index d4c441fd18..7ee675c1df 100644 --- a/hw/core/loader.c +++ b/hw/core/loader.c @@ -835,12 +835,12 @@ err: return -1; } -ram_addr_t rom_add_blob(const char *name, const void *blob, size_t len, +MemoryRegion *rom_add_blob(const char *name, const void *blob, size_t len, size_t max_len, hwaddr addr, const char *fw_file_name, FWCfgReadCallback fw_callback, void *callback_opaque) { Rom *rom; - ram_addr_t ret = RAM_ADDR_MAX; + MemoryRegion *mr = NULL; rom = g_malloc0(sizeof(*rom)); rom->name = g_strdup(name); @@ -858,7 +858,7 @@ ram_addr_t rom_add_blob(const char *name, const void *blob, size_t len, if (rom_file_has_mr) { data = rom_set_mr(rom, OBJECT(fw_cfg), devpath); - ret = memory_region_get_ram_addr(rom->mr); + mr = rom->mr; } else { data = rom->data; } @@ -867,7 +867,7 @@ ram_addr_t rom_add_blob(const char *name, const void *blob, size_t len, fw_callback, callback_opaque, data, rom->datasize); } - return ret; + return mr; } /* This function is specific for elf program because we don't need to allocate diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c index e761005efa..2aaf21a3e5 100644 --- a/hw/i386/acpi-build.c +++ b/hw/i386/acpi-build.c @@ -58,7 +58,6 @@ #include "qapi/qmp/qint.h" #include "qom/qom-qobject.h" -#include "exec/ram_addr.h" /* These are used to size the ACPI tables for -M pc-i440fx-1.7 and * -M pc-i440fx-2.0. Even if the actual amount of AML generated grows @@ -1323,13 +1322,13 @@ static inline void acpi_build_tables_cleanup(AcpiBuildTables *tables, bool mfre) typedef struct AcpiBuildState { /* Copy of table in RAM (for patching). */ - ram_addr_t table_ram; + MemoryRegion *table_mr; /* Is table patched? */ uint8_t patched; PcGuestInfo *guest_info; void *rsdp; - ram_addr_t rsdp_ram; - ram_addr_t linker_ram; + MemoryRegion *rsdp_mr; + MemoryRegion *linker_mr; } AcpiBuildState; static bool acpi_get_mcfg(AcpiMcfgInfo *mcfg) @@ -1513,15 +1512,15 @@ void acpi_build(PcGuestInfo *guest_info, AcpiBuildTables *tables) g_array_free(table_offsets, true); } -static void acpi_ram_update(ram_addr_t ram, GArray *data) +static void acpi_ram_update(MemoryRegion *mr, GArray *data) { uint32_t size = acpi_data_len(data); /* Make sure RAM size is correct - in case it got changed e.g. by migration */ - qemu_ram_resize(ram, size, &error_abort); + memory_region_ram_resize(mr, size, &error_abort); - memcpy(qemu_get_ram_ptr(ram), data->data, size); - cpu_physical_memory_set_dirty_range_nocode(ram, size); + memcpy(memory_region_get_ram_ptr(mr), data->data, size); + memory_region_set_dirty(mr, 0, size); } static void acpi_build_update(void *build_opaque, uint32_t offset) @@ -1539,15 +1538,15 @@ static void acpi_build_update(void *build_opaque, uint32_t offset) acpi_build(build_state->guest_info, &tables); - acpi_ram_update(build_state->table_ram, tables.table_data); + acpi_ram_update(build_state->table_mr, tables.table_data); if (build_state->rsdp) { memcpy(build_state->rsdp, tables.rsdp->data, acpi_data_len(tables.rsdp)); } else { - acpi_ram_update(build_state->rsdp_ram, tables.rsdp); + acpi_ram_update(build_state->rsdp_mr, tables.rsdp); } - acpi_ram_update(build_state->linker_ram, tables.linker); + acpi_ram_update(build_state->linker_mr, tables.linker); acpi_build_tables_cleanup(&tables, true); } @@ -1557,8 +1556,9 @@ static void acpi_build_reset(void *build_opaque) build_state->patched = 0; } -static ram_addr_t acpi_add_rom_blob(AcpiBuildState *build_state, GArray *blob, - const char *name, uint64_t max_size) +static MemoryRegion *acpi_add_rom_blob(AcpiBuildState *build_state, + GArray *blob, const char *name, + uint64_t max_size) { return rom_add_blob(name, blob->data, acpi_data_len(blob), max_size, -1, name, acpi_build_update, build_state); @@ -1604,12 +1604,12 @@ void acpi_setup(PcGuestInfo *guest_info) acpi_build(build_state->guest_info, &tables); /* Now expose it all to Guest */ - build_state->table_ram = acpi_add_rom_blob(build_state, tables.table_data, + build_state->table_mr = acpi_add_rom_blob(build_state, tables.table_data, ACPI_BUILD_TABLE_FILE, ACPI_BUILD_TABLE_MAX_SIZE); - assert(build_state->table_ram != RAM_ADDR_MAX); + assert(build_state->table_mr != NULL); - build_state->linker_ram = + build_state->linker_mr = acpi_add_rom_blob(build_state, tables.linker, "etc/table-loader", 0); fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_TPMLOG_FILE, @@ -1627,10 +1627,10 @@ void acpi_setup(PcGuestInfo *guest_info) fw_cfg_add_file_callback(guest_info->fw_cfg, ACPI_BUILD_RSDP_FILE, acpi_build_update, build_state, build_state->rsdp, rsdp_size); - build_state->rsdp_ram = (ram_addr_t)-1; + build_state->rsdp_mr = NULL; } else { build_state->rsdp = NULL; - build_state->rsdp_ram = acpi_add_rom_blob(build_state, tables.rsdp, + build_state->rsdp_mr = acpi_add_rom_blob(build_state, tables.rsdp, ACPI_BUILD_RSDP_FILE, 0); } diff --git a/include/hw/loader.h b/include/hw/loader.h index 4f0681b0c8..485ff8f2f1 100644 --- a/include/hw/loader.h +++ b/include/hw/loader.h @@ -68,9 +68,11 @@ extern bool rom_file_has_mr; int rom_add_file(const char *file, const char *fw_dir, hwaddr addr, int32_t bootindex, bool option_rom); -ram_addr_t rom_add_blob(const char *name, const void *blob, size_t len, - size_t max_len, hwaddr addr, const char *fw_file_name, - FWCfgReadCallback fw_callback, void *callback_opaque); +MemoryRegion *rom_add_blob(const char *name, const void *blob, size_t len, + size_t max_len, hwaddr addr, + const char *fw_file_name, + FWCfgReadCallback fw_callback, + void *callback_opaque); int rom_add_elf_program(const char *name, void *data, size_t datasize, size_t romsize, hwaddr addr); int rom_load_all(void); -- cgit v1.2.1 From 0e1cd6576c55269b6e5251dc739a7fc819f9b4a6 Mon Sep 17 00:00:00 2001 From: Mark Cave-Ayland Date: Thu, 2 Apr 2015 16:09:30 +0100 Subject: sun4m: fix slavio sysctrl and led register sizes These were being incorrectly declared as MISC_SIZE (1 byte) rather than 4 bytes and 2 bytes respectively. As a result accesses clamped to the real register size would unexpectedly fail. Signed-off-by: Mark Cave-Ayland CC: Paolo Bonzini Message-Id: <1427987370-15897-1-git-send-email-mark.cave-ayland@ilande.co.uk> Signed-off-by: Paolo Bonzini --- hw/misc/slavio_misc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hw/misc/slavio_misc.c b/hw/misc/slavio_misc.c index 50985958a4..ec50f10757 100644 --- a/hw/misc/slavio_misc.c +++ b/hw/misc/slavio_misc.c @@ -68,6 +68,7 @@ typedef struct APCState { } APCState; #define MISC_SIZE 1 +#define LED_SIZE 2 #define SYSCTRL_SIZE 4 #define AUX1_TC 0x02 @@ -452,13 +453,13 @@ static int slavio_misc_init1(SysBusDevice *sbd) /* 16 bit registers */ /* ss600mp diag LEDs */ memory_region_init_io(&s->led_iomem, OBJECT(s), &slavio_led_mem_ops, s, - "leds", MISC_SIZE); + "leds", LED_SIZE); sysbus_init_mmio(sbd, &s->led_iomem); /* 32 bit registers */ /* System control */ memory_region_init_io(&s->sysctrl_iomem, OBJECT(s), &slavio_sysctrl_mem_ops, s, - "system-control", MISC_SIZE); + "system-control", SYSCTRL_SIZE); sysbus_init_mmio(sbd, &s->sysctrl_iomem); /* AUX 1 (Misc System Functions) */ -- cgit v1.2.1 From 3337d0b2794131425d0b5cb525e67c5989f4a9dd Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 30 Mar 2015 12:34:17 +0200 Subject: sb16: remove useless mixer_write_indexw ioport.c is already able to split a 16-bit access into two 8-bit accesses to consecutive ports. Tested with Epic Pinball. Signed-off-by: Paolo Bonzini --- hw/audio/sb16.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/hw/audio/sb16.c b/hw/audio/sb16.c index 444eb9e419..b052de5f7d 100644 --- a/hw/audio/sb16.c +++ b/hw/audio/sb16.c @@ -1121,12 +1121,6 @@ static IO_WRITE_PROTO (mixer_write_datab) s->mixer_regs[s->mixer_nreg] = val; } -static IO_WRITE_PROTO (mixer_write_indexw) -{ - mixer_write_indexb (opaque, nport, val & 0xff); - mixer_write_datab (opaque, nport, (val >> 8) & 0xff); -} - static IO_READ_PROTO (mixer_read) { SB16State *s = opaque; @@ -1345,7 +1339,6 @@ static const VMStateDescription vmstate_sb16 = { static const MemoryRegionPortio sb16_ioport_list[] = { { 4, 1, 1, .write = mixer_write_indexb }, - { 4, 1, 2, .write = mixer_write_indexw }, { 5, 1, 1, .read = mixer_read, .write = mixer_write_datab }, { 6, 1, 1, .read = dsp_read, .write = dsp_write }, { 10, 1, 1, .read = dsp_read }, -- cgit v1.2.1 From 54da54e543eea8e689a625fcb3dada1b296f5d3d Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 30 Mar 2015 13:12:32 +0200 Subject: gus: clean up MemoryRegionPortio Remove 16-bit reads/writes, since ioport.c is able to synthesize them. Remove the two MIDI registers (0x300 and 0x301) from gus_portio_list1, and add the second MIDI register (0x301) to gus_portio_list2. Tested with Second Reality. Signed-off-by: Paolo Bonzini --- hw/audio/gus.c | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/hw/audio/gus.c b/hw/audio/gus.c index 4a43ce7adf..86223a9544 100644 --- a/hw/audio/gus.c +++ b/hw/audio/gus.c @@ -71,13 +71,6 @@ IO_READ_PROTO (gus_readb) return gus_read (&s->emu, nport, 1); } -IO_READ_PROTO (gus_readw) -{ - GUSState *s = opaque; - - return gus_read (&s->emu, nport, 2); -} - IO_WRITE_PROTO (gus_writeb) { GUSState *s = opaque; @@ -85,13 +78,6 @@ IO_WRITE_PROTO (gus_writeb) gus_write (&s->emu, nport, 1, val); } -IO_WRITE_PROTO (gus_writew) -{ - GUSState *s = opaque; - - gus_write (&s->emu, nport, 2, val); -} - static int write_audio (GUSState *s, int samples) { int net = 0; @@ -236,17 +222,13 @@ static const VMStateDescription vmstate_gus = { static const MemoryRegionPortio gus_portio_list1[] = { {0x000, 1, 1, .write = gus_writeb }, - {0x000, 1, 2, .write = gus_writew }, {0x006, 10, 1, .read = gus_readb, .write = gus_writeb }, - {0x006, 10, 2, .read = gus_readw, .write = gus_writew }, {0x100, 8, 1, .read = gus_readb, .write = gus_writeb }, - {0x100, 8, 2, .read = gus_readw, .write = gus_writew }, PORTIO_END_OF_LIST (), }; static const MemoryRegionPortio gus_portio_list2[] = { - {0, 1, 1, .read = gus_readb }, - {0, 1, 2, .read = gus_readw }, + {0, 2, 1, .read = gus_readb }, PORTIO_END_OF_LIST (), }; -- cgit v1.2.1 From e477317cce98c399a2299d025bcb6bf0fd69df49 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 30 Mar 2015 13:19:16 +0200 Subject: ide: there is only one data port IDE PIO data must be written, for example, at 0x1f0. You cannot do word or dword writes to 0x1f1..0x1f3 to access the data register. Adjust the ide_portio_list accordingly. Cc: John Snow Signed-off-by: Paolo Bonzini --- hw/ide/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/ide/core.c b/hw/ide/core.c index a895fd86f6..fcb908061c 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -2436,8 +2436,8 @@ void ide_init2(IDEBus *bus, qemu_irq irq) static const MemoryRegionPortio ide_portio_list[] = { { 0, 8, 1, .read = ide_ioport_read, .write = ide_ioport_write }, - { 0, 2, 2, .read = ide_data_readw, .write = ide_data_writew }, - { 0, 4, 4, .read = ide_data_readl, .write = ide_data_writel }, + { 0, 1, 2, .read = ide_data_readw, .write = ide_data_writew }, + { 0, 1, 4, .read = ide_data_readl, .write = ide_data_writel }, PORTIO_END_OF_LIST(), }; -- cgit v1.2.1 From 30476b2282c69c9ec1e44e33a4c0b5d5f4bc884e Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 30 Mar 2015 12:50:36 +0200 Subject: ioport: remove wrong comment ioport.c has not been using an alias since commit b40acf9 (ioport: Switch dispatching to memory core layer, 2013-06-24). Remove the obsolete comment. Signed-off-by: Paolo Bonzini --- ioport.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/ioport.c b/ioport.c index 783a3ae675..eb954e3460 100644 --- a/ioport.c +++ b/ioport.c @@ -239,10 +239,6 @@ static void portio_list_add_1(PortioList *piolist, mrpio->ports[i].base = start + off_low; } - /* - * Use an alias so that the callback is called with an absolute address, - * rather than an offset relative to to start + off_low. - */ memory_region_init_io(&mrpio->mr, piolist->owner, &portio_ops, mrpio, piolist->name, off_high - off_low); if (piolist->flush_coalesced_mmio) { -- cgit v1.2.1 From 147ed379838176d4780688157891c06f49403b19 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 30 Mar 2015 12:49:40 +0200 Subject: ioport: loosen assertions on emulation of 16-bit ports Right now, ioport.c assumes that the entire range specified with MemoryRegionPortio includes a region with size == 1. This however is not true for the VBE DISPI ports, which are 16-bit only. The next patch will make these regions' length equal to two, which can cause the assertions to trigger. Replace them with simple conditionals. Also, ioport.c will emulate a 16-bit ioport with two distinct reads or writes, even if one of the two accesses is out of the bounds given by the MemoryRegionPortio array. Do not do this anymore, instead discard writes to the incorrect register and read it as all-ones. This ensures that the mrp->read and mrp->write callbacks get an in-range ioport number. Signed-off-by: Paolo Bonzini --- ioport.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/ioport.c b/ioport.c index eb954e3460..090c2628ed 100644 --- a/ioport.c +++ b/ioport.c @@ -187,9 +187,14 @@ static uint64_t portio_read(void *opaque, hwaddr addr, unsigned size) data = mrp->read(mrpio->portio_opaque, mrp->base + addr); } else if (size == 2) { mrp = find_portio(mrpio, addr, 1, false); - assert(mrp); - data = mrp->read(mrpio->portio_opaque, mrp->base + addr) | - (mrp->read(mrpio->portio_opaque, mrp->base + addr + 1) << 8); + if (mrp) { + data = mrp->read(mrpio->portio_opaque, mrp->base + addr); + if (addr + 1 < mrp->offset + mrp->len) { + data |= mrp->read(mrpio->portio_opaque, mrp->base + addr + 1) << 8; + } else { + data |= 0xff00; + } + } } return data; } @@ -204,9 +209,12 @@ static void portio_write(void *opaque, hwaddr addr, uint64_t data, mrp->write(mrpio->portio_opaque, mrp->base + addr, data); } else if (size == 2) { mrp = find_portio(mrpio, addr, 1, true); - assert(mrp); - mrp->write(mrpio->portio_opaque, mrp->base + addr, data & 0xff); - mrp->write(mrpio->portio_opaque, mrp->base + addr + 1, data >> 8); + if (mrp) { + mrp->write(mrpio->portio_opaque, mrp->base + addr, data & 0xff); + if (addr + 1 < mrp->offset + mrp->len) { + mrp->write(mrpio->portio_opaque, mrp->base + addr + 1, data >> 8); + } + } } } -- cgit v1.2.1 From 4080a13c11398d684668d286da27b6f8ee668e44 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 30 Mar 2015 12:35:00 +0200 Subject: ioport: reserve the whole range of an I/O port in the AddressSpace When an I/O port is more than 1 byte long, ioport.c is currently creating "short" regions, for example 0x1ce-0x1ce for the 16-bit Bochs index port. When I/O ports are memory mapped, and thus accessed via a subpage_ops memory region, subpage_accepts gets confused because it finds a hole at 0x1cf and rejects the access. In order to fix this, modify registration of the region to cover the whole size of the I/O port. Attempts to access an invalid port will be blocked by find_portio returning NULL. This only affects the VBE DISPI regions. For all other cases, the MemoryRegionPortio entries for 2- or 4-byte accesses overlap an entry for 1-byte accesses, thus the size of the memory region is not affected. Reported-by: Zoltan Balaton Signed-off-by: Paolo Bonzini --- ioport.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ioport.c b/ioport.c index 090c2628ed..304d5d6f59 100644 --- a/ioport.c +++ b/ioport.c @@ -269,7 +269,7 @@ void portio_list_add(PortioList *piolist, /* Handle the first entry specially. */ off_last = off_low = pio_start->offset; - off_high = off_low + pio_start->len; + off_high = off_low + pio_start->len + pio_start->size - 1; count = 1; for (pio = pio_start + 1; pio->size != 0; pio++, count++) { @@ -284,10 +284,10 @@ void portio_list_add(PortioList *piolist, /* ... and start collecting anew. */ pio_start = pio; off_low = off_last; - off_high = off_low + pio->len; + off_high = off_low + pio->len + pio_start->size - 1; count = 0; } else if (off_last + pio->len > off_high) { - off_high = off_last + pio->len; + off_high = off_last + pio->len + pio_start->size - 1; } } -- cgit v1.2.1 From 23820dbfc79d1c9dce090b4c555994f2bb6a69b3 Mon Sep 17 00:00:00 2001 From: Peter Crosthwaite Date: Mon, 16 Mar 2015 22:35:54 -0700 Subject: exec: Respect as_translate_internal length clamp address_space_translate_internal will clamp the *plen length argument based on the size of the memory region being queried. The iommu walker logic in addresss_space_translate was ignoring this by discarding the post fn call value of *plen. Fix by just always using *plen as the length argument throughout the fn, removing the len local variable. This fixes a bootloader bug when a single elf section spans multiple QEMU memory regions. Signed-off-by: Peter Crosthwaite Message-Id: <1426570554-15940-1-git-send-email-peter.crosthwaite@xilinx.com> Signed-off-by: Paolo Bonzini --- exec.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/exec.c b/exec.c index 065f5e8360..4717928cff 100644 --- a/exec.c +++ b/exec.c @@ -380,7 +380,6 @@ MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr, IOMMUTLBEntry iotlb; MemoryRegionSection *section; MemoryRegion *mr; - hwaddr len = *plen; rcu_read_lock(); for (;;) { @@ -395,7 +394,7 @@ MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr, iotlb = mr->iommu_ops->translate(mr, addr, is_write); addr = ((iotlb.translated_addr & ~iotlb.addr_mask) | (addr & iotlb.addr_mask)); - len = MIN(len, (addr | iotlb.addr_mask) - addr + 1); + *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1); if (!(iotlb.perm & (1 << is_write))) { mr = &io_mem_unassigned; break; @@ -406,10 +405,9 @@ MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr, if (xen_enabled() && memory_access_is_direct(mr, is_write)) { hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr; - len = MIN(page, len); + *plen = MIN(page, *plen); } - *plen = len; *xlat = addr; rcu_read_unlock(); return mr; -- cgit v1.2.1 From 2847b46958ab0bd604e1b3fcafba0f5ba4375833 Mon Sep 17 00:00:00 2001 From: Fam Zheng Date: Thu, 26 Mar 2015 11:03:12 +0800 Subject: configure: Add support for tcmalloc This adds "--enable-tcmalloc" and "--disable-tcmalloc" to allow linking to libtcmalloc from gperftools. tcmalloc is a malloc implementation that works well with threads and is fast, so it is good for performance. It is disabled by default, because the MALLOC_PERTURB_ flag we use in tests doesn't work with tcmalloc. However we can enable tcmalloc specific heap checker and profilers later. An IOPS gain can be observed with virtio-blk-dataplane, other parts of QEMU will directly benefit from it as well: ========================================================== glibc malloc ---------------------------------------------------------- rw bs iodepth bw iops latency read 4k 1 150 38511 24 ---------------------------------------------------------- ========================================================== tcmalloc ---------------------------------------------------------- rw bs iodepth bw iops latency read 4k 1 156 39969 23 ---------------------------------------------------------- Signed-off-by: Fam Zheng Message-Id: <1427338992-27057-1-git-send-email-famz@redhat.com> Signed-off-by: Paolo Bonzini --- configure | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/configure b/configure index 6969f6f449..75a4def8b5 100755 --- a/configure +++ b/configure @@ -336,6 +336,7 @@ libssh2="" vhdx="" quorum="" numa="" +tcmalloc="no" # parse CC options first for opt do @@ -1134,6 +1135,10 @@ for opt do ;; --enable-numa) numa="yes" ;; + --disable-tcmalloc) tcmalloc="no" + ;; + --enable-tcmalloc) tcmalloc="yes" + ;; *) echo "ERROR: unknown option $opt" echo "Try '$0 --help' for more information" @@ -1407,6 +1412,8 @@ Advanced options (experts only): --enable-quorum enable quorum block filter support --disable-numa disable libnuma support --enable-numa enable libnuma support + --disable-tcmalloc disable tcmalloc support + --enable-tcmalloc enable tcmalloc support NOTE: The object files are built at the place where configure is launched EOF @@ -3330,6 +3337,22 @@ EOF fi fi +########################################## +# tcmalloc probe + +if test "$tcmalloc" = "yes" ; then + cat > $TMPC << EOF +#include +int main(void) { malloc(1); return 0; } +EOF + + if compile_prog "" "-ltcmalloc" ; then + LIBS="-ltcmalloc $LIBS" + else + feature_not_found "tcmalloc" "install gperftools devel" + fi +fi + ########################################## # signalfd probe signalfd="no" @@ -4441,6 +4464,7 @@ echo "lzo support $lzo" echo "snappy support $snappy" echo "bzip2 support $bzip2" echo "NUMA host support $numa" +echo "tcmalloc support $tcmalloc" if test "$sdl_too_old" = "yes"; then echo "-> Your SDL version is too old - please upgrade to have SDL support" -- cgit v1.2.1 From 738e4171de478da2516180c7a139f1b762443618 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 10 Mar 2015 11:17:48 +0100 Subject: milkymist: do not modify libs-softmmu This is better and prepares for the next patch. When we copy libs_softmmu's value into LIBS with a := assignment, we cannot anymore modify libs_softmmu in the Makefiles. Signed-off-by: Paolo Bonzini --- hw/display/Makefile.objs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/display/Makefile.objs b/hw/display/Makefile.objs index e73cb7d8ec..3ea106d9f3 100644 --- a/hw/display/Makefile.objs +++ b/hw/display/Makefile.objs @@ -21,7 +21,7 @@ common-obj-$(CONFIG_ZAURUS) += tc6393xb.o ifeq ($(CONFIG_MILKYMIST_TMU2),y) common-obj-y += milkymist-tmu2.o milkymist-tmu2.o-cflags := $(OPENGL_CFLAGS) -libs_softmmu += $(OPENGL_LIBS) +milkymist-tmu2.o-libs += $(OPENGL_LIBS) endif obj-$(CONFIG_OMAP) += omap_dss.o -- cgit v1.2.1 From 7398dfc7799a50097803db4796c7edb6cd7d47a1 Mon Sep 17 00:00:00 2001 From: Wei Liu Date: Mon, 9 Mar 2015 14:54:33 +0000 Subject: Makefile.target: prepend $libs_softmmu to $LIBS I discovered a problem when trying to build QEMU statically with gcc. libm is an element of LIBS while libpixman-1 is an element in libs_softmmu. Libpixman references functions in libm, so the original ordering makes linking fail. This fix is to reorder $libs_softmmu and $LIBS to make -lm appear after -lpixman-1. However I'm not quite sure if this is the right fix, hence the RFC tag. Normally QEMU is built with c++ compiler which happens to link in libm (at least this is the case with g++), so building QEMU statically normally just works and nobody notices this issue. Signed-off-by: Wei Liu Message-Id: <1425912873-21215-1-git-send-email-wei.liu2@citrix.com> Signed-off-by: Paolo Bonzini --- Makefile.target | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.target b/Makefile.target index 2262d89354..1083377403 100644 --- a/Makefile.target +++ b/Makefile.target @@ -134,7 +134,7 @@ obj-$(CONFIG_KVM) += kvm-all.o obj-y += memory.o savevm.o cputlb.o obj-y += memory_mapping.o obj-y += dump.o -LIBS+=$(libs_softmmu) +LIBS := $(libs_softmmu) $(LIBS) # xen support obj-$(CONFIG_XEN) += xen-common.o -- cgit v1.2.1 From b8eb5512fd8a115f164edbbe897cdf8884920ccb Mon Sep 17 00:00:00 2001 From: Nadav Amit Date: Mon, 13 Apr 2015 02:32:08 +0300 Subject: target-i386: disable LINT0 after reset Due to old Seabios bug, QEMU reenable LINT0 after reset. This bug is long gone and therefore this hack is no longer needed. Since it violates the specifications, it is removed. Signed-off-by: Nadav Amit Message-Id: <1428881529-29459-2-git-send-email-namit@cs.technion.ac.il> Signed-off-by: Paolo Bonzini --- hw/intc/apic_common.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c index 042e960f42..d38d24b814 100644 --- a/hw/intc/apic_common.c +++ b/hw/intc/apic_common.c @@ -243,15 +243,6 @@ static void apic_reset_common(DeviceState *dev) info->vapic_base_update(s); apic_init_reset(dev); - - if (bsp) { - /* - * LINT0 delivery mode on CPU #0 is set to ExtInt at initialization - * time typically by BIOS, so PIC interrupt can be delivered to the - * processor when local APIC is enabled. - */ - s->lvt[APIC_LVT_LINT0] = 0x700; - } } /* This function is only used for old state version 1 and 2 */ -- cgit v1.2.1 From 510a647fa27a12b66be40da4c2c098430003225c Mon Sep 17 00:00:00 2001 From: "Emilio G. Cota" Date: Wed, 22 Apr 2015 17:50:52 -0400 Subject: translate-all: use bitmap helpers for PageDesc's bitmap Here we have an open-coded byte-based bitmap implementation. Get rid of it since there's a ulong-based implementation to be used by all code. Signed-off-by: Emilio G. Cota Signed-off-by: Paolo Bonzini --- translate-all.c | 42 +++++++++--------------------------------- 1 file changed, 9 insertions(+), 33 deletions(-) diff --git a/translate-all.c b/translate-all.c index 85f034642d..65a76c5b9f 100644 --- a/translate-all.c +++ b/translate-all.c @@ -59,6 +59,7 @@ #include "exec/cputlb.h" #include "translate-all.h" +#include "qemu/bitmap.h" #include "qemu/timer.h" //#define DEBUG_TB_INVALIDATE @@ -79,7 +80,7 @@ typedef struct PageDesc { /* in order to optimize self modifying code, we count the number of lookups we do to a given page to use a bitmap */ unsigned int code_write_count; - uint8_t *code_bitmap; + unsigned long *code_bitmap; #if defined(CONFIG_USER_ONLY) unsigned long flags; #endif @@ -964,39 +965,12 @@ void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr) tcg_ctx.tb_ctx.tb_phys_invalidate_count++; } -static inline void set_bits(uint8_t *tab, int start, int len) -{ - int end, mask, end1; - - end = start + len; - tab += start >> 3; - mask = 0xff << (start & 7); - if ((start & ~7) == (end & ~7)) { - if (start < end) { - mask &= ~(0xff << (end & 7)); - *tab |= mask; - } - } else { - *tab++ |= mask; - start = (start + 8) & ~7; - end1 = end & ~7; - while (start < end1) { - *tab++ = 0xff; - start += 8; - } - if (start < end) { - mask = ~(0xff << (end & 7)); - *tab |= mask; - } - } -} - static void build_page_bitmap(PageDesc *p) { int n, tb_start, tb_end; TranslationBlock *tb; - p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8); + p->code_bitmap = bitmap_new(TARGET_PAGE_SIZE); tb = p->first_tb; while (tb != NULL) { @@ -1015,7 +989,7 @@ static void build_page_bitmap(PageDesc *p) tb_start = 0; tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK); } - set_bits(p->code_bitmap, tb_start, tb_end - tb_start); + bitmap_set(p->code_bitmap, tb_start, tb_end - tb_start); tb = tb->page_next[n]; } } @@ -1205,7 +1179,6 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end, void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len) { PageDesc *p; - int offset, b; #if 0 if (1) { @@ -1221,8 +1194,11 @@ void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len) return; } if (p->code_bitmap) { - offset = start & ~TARGET_PAGE_MASK; - b = p->code_bitmap[offset >> 3] >> (offset & 7); + unsigned int nr; + unsigned long b; + + nr = start & ~TARGET_PAGE_MASK; + b = p->code_bitmap[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG - 1)); if (b & ((1 << len) - 1)) { goto do_invalidate; } -- cgit v1.2.1 From d064d9f381b00538e41f14104b88a1ae85d78865 Mon Sep 17 00:00:00 2001 From: Bogdan Purcareata Date: Fri, 3 Apr 2015 11:01:54 +0000 Subject: nbd/trivial: fix type cast for ioctl This fixes ioctl behavior on powerpc e6500 platforms with 64bit kernel and 32bit userspace. The current type cast has no effect there and the value passed to the kernel is still 0. Probably an issue related to the compiler, since I'm assuming the same configuration works on a similar setup on x86. Also ensure consistency with previous type cast in TRACE message. Signed-off-by: Bogdan Purcareata Message-Id: <1428058914-32050-1-git-send-email-bogdan.purcareata@freescale.com> Cc: qemu-stable@nongnu.org [Fix parens as noticed by Michael. - Paolo] Signed-off-by: Paolo Bonzini --- nbd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nbd.c b/nbd.c index 91b7d56239..cb1b9bbf7c 100644 --- a/nbd.c +++ b/nbd.c @@ -681,7 +681,7 @@ int nbd_init(int fd, int csock, uint32_t flags, off_t size) TRACE("Setting size to %zd block(s)", (size_t)(size / BDRV_SECTOR_SIZE)); - if (ioctl(fd, NBD_SET_SIZE_BLOCKS, size / (size_t)BDRV_SECTOR_SIZE) < 0) { + if (ioctl(fd, NBD_SET_SIZE_BLOCKS, (size_t)(size / BDRV_SECTOR_SIZE)) < 0) { int serrno = errno; LOG("Failed setting size (in blocks)"); return -serrno; -- cgit v1.2.1