- 24 9月, 2015 2 次提交
-
-
由 Cornelia Huck 提交于
We allow guests to change the size of the virtqueue rings by supplying a number of buffers that is different from the number of buffers the device was initialized with. Current code has some problems, however, since reset does not reset the ringsizes to the default values (as this is not saved anywhere). Let's extend the core code to keep track of the default ringsizes and migrate them once the guest changed them for any of the virtqueues for a device. Reviewed-by: NJason Wang <jasowang@redhat.com> Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Pierre Morel 提交于
Being working on dataplane I notice something strange: virtio_queue_get_avail_size() used a 64bit size index for the calculation of the available ring size. It is quite strange but it did work with the old calculation of the avail ring, at most with performance penalty, and I wonder where I missed something. This patch let use a 16bit size as defined in virtio_ring.h Signed-off-by: NPierre Morel <pmorel@linux.vnet.ibm.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 10 9月, 2015 1 次提交
-
-
由 Cornelia Huck 提交于
Commit ef546f12 ("virtio: add feature checking helpers") introduced a helper __virtio_has_feature. We don't want to use reserved identifiers, though, so let's rename __virtio_has_feature to virtio_has_feature and virtio_has_feature to virtio_vdev_has_feature. Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 05 8月, 2015 1 次提交
-
-
由 Jason Wang 提交于
1.0 does not requires physically-contiguous pages layout for a virtqueue. So we could not infer avail and used from desc. This means we need to migrate vring.avail and vring.used when host support virtio 1.0. This fixes malfunction of virtio 1.0 device after migration. Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Cornelia Huck <cornelia.huck@de.ibm.com> Cc: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 12 6月, 2015 1 次提交
-
-
由 Juan Quintela 提交于
We create optional sections with this patch. But we already have optional subsections. Instead of having two mechanism that do the same, we can just generalize it. For subsections we just change: - Add a needed function to VMStateDescription - Remove VMStateSubsection (after removal of the needed function it is just a VMStateDescription) - Adjust the whole tree, moving the needed function to the corresponding VMStateDescription Signed-off-by: NJuan Quintela <quintela@redhat.com>
-
- 11 6月, 2015 6 次提交
-
-
由 Michael S. Tsirkin 提交于
virtio 1.0 defines config space as LE, as opposed to pre-1.0 which was native endian. Add API for transports to execute word/dword accesses in little endian format - will be useful for mmio and pci (byte access is also wrapped, for completeness). For simplicity, we still keep config in host native endian format, byteswap to LE on guest access. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Michael S. Tsirkin 提交于
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Cornelia Huck 提交于
virtio-1 allow setting of the FEATURES_OK status bit to fail if the negotiated feature bits are inconsistent: let's fail virtio_set_status() in that case and update virtio-ccw to post an error to the guest. Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Cornelia Huck 提交于
For virtio-1 devices, the driver must not attempt to set feature bits after it set FEATURES_OK in the device status. Simply reject it in that case. Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Cornelia Huck 提交于
For virtio-1 devices, we allow a more complex queue layout that doesn't require descriptor table and rings on a physically-contigous memory area: add virtio_queue_set_rings() to allow transports to set this up. Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Cornelia Huck 提交于
Add code that checks for the VERSION_1 feature bit in order to make decisions about the device's endianness. This allows us to support transitional devices. Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 04 6月, 2015 1 次提交
-
-
由 Gerd Hoffmann 提交于
Commit "019a3edb virtio: make features 64bit wide" missed a few changes, as I've noticed while trying to rebase the virtio-1 branch to latest master. This patch adds them. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 01 6月, 2015 1 次提交
-
-
由 Gerd Hoffmann 提交于
Make features 64bit wide everywhere. On migration a full 64bit guest_features field is sent if one of the high bits is set, in addition to the lower 32bit guest_features field which must stay for compatibility reasons. That way we send the lower 32 feature bits twice, but the code is simpler because we don't have to split and compose the 64bit features into two 32bit fields. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 31 5月, 2015 4 次提交
-
-
由 Jason Wang 提交于
VIRTIO_PCI_QUEUE_MAX is not only used for pci, so rename it be generic. Cc: Amit Shah <amit.shah@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Jason Wang 提交于
This patch introduces virtio_get_num_queues() which iterates the vqs array and return the number of virtqueues used by device. Signed-off-by: NJason Wang <jasowang@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Jason Wang 提交于
This patch passes error pointer to transport specific device_plugged() callback. Through this way, device_plugged() can do some transport specific check and fail. This will be uesd by following patches that check the number of virtqueues against the transport limitation. Cc: Cornelia Huck <cornelia.huck@de.ibm.com> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Alexander Graf <agraf@suse.de> Signed-off-by: NJason Wang <jasowang@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Cornelia Huck 提交于
Move host_features from the individual transport proxies into the virtio device. Transports may continue to add feature bits during device plugging. This should it make easier to offer different sets of host features for virtio-1/transitional support. Tested-by: NShannon Zhao <shannon.zhao@linaro.org> Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 28 4月, 2015 1 次提交
-
-
由 Jason Wang 提交于
Currently we will try to traverse all virtqueues to find a subset that using a specific vector. This is sub optimal when we will support hundreds or even thousands of virtqueues. So this patch introduces a method which could be used by transport to get all virtqueues that using a same vector. This is done through QLISTs and the number of QLISTs was queried through a transport specific method. When guest setting vectors, the virtqueue will be linked and helpers for traverse the list was also introduced. The first user will be virtio pci which will use this to speed up MSI-X masking and unmasking handling. Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 16 3月, 2015 1 次提交
-
-
由 Jason Wang 提交于
We don't validate the existence of handle_output which may let a buggy guest to trigger a SIGSEV easily. E.g: 1) write 10 to queue_sel to a virtio net device with only 1 queue 2) setup an arbitrary pfn 3) then notify queue 10 Fixing this by validating the existence of handle_output before. Cc: qemu-stable@nongnu.org Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NDon Koch <dkoch@verizon.com> Reviewed-by: NFam Zheng <famz@redhat.com>
-
- 26 2月, 2015 2 次提交
-
-
由 Cornelia Huck 提交于
Add a helper function for checking whether a bit is set in the guest features for a vdev as well as one that works on a feature bit set. Convert code that open-coded this: It cleans up the code and makes it easier to extend the guest feature bits. Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Michael S. Tsirkin 提交于
Drop a bunch of code duplicated from virtio_config.h and virtio_ring.h. This makes us rename event index accessors which conflict, as reusing the ones from virtio_ring.h isn't trivial. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NThomas Huth <thuth@linux.vnet.ibm.com>
-
- 06 2月, 2015 1 次提交
-
-
由 Alexander Graf 提交于
One of the annoyances of the current migration format is the fact that it's not self-describing. In fact, it's not properly describing at all. Some code randomly scattered throughout QEMU elaborates roughly how to read and write a stream of bytes. We discussed an idea during KVM Forum 2013 to add a JSON description of the migration protocol itself to the migration stream. This patch adds a section after the VM_END migration end marker that contains description data on what the device sections of the stream are composed of. This approach is backwards compatible with any QEMU version reading the stream, because QEMU just stops reading after the VM_END marker and ignores any data following it. With an additional external program this allows us to decipher the contents of any migration stream and hopefully make migration bugs easier to track down. Signed-off-by: NAlexander Graf <agraf@suse.de> Signed-off-by: NAmit Shah <amit.shah@redhat.com> Signed-off-by: NJuan Quintela <quintela@redhat.com>
-
- 02 11月, 2014 1 次提交
-
-
由 Bin Wu 提交于
The event idx in virtio is an effective way to reduce the number of interrupts and exits of the guest. When the guest puts an request into the virtio ring, it doesn't exit immediately to inform the backend. Instead, the guest checks the "avail" event idx to determine the notification. In virtqueue_pop, when a request is poped, the current avail event idx should be set to the number of vq->last_avail_idx. Signed-off-by: NBin Wu <wu.wubin@huawei.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 30 9月, 2014 1 次提交
-
-
由 Gonglei 提交于
For better code sharing, add a helper function that handles reference counting of the virtio backend for virtio proxy devices. Cc: Cornelia Huck <cornelia.huck@de.ibm.com> Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: NGonglei <arei.gonglei@huawei.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 19 9月, 2014 1 次提交
-
-
由 Michael S. Tsirkin 提交于
This reverts commit a1bc7b827e422e1ff065640d8ec5347c4aadfcd8. virtio: don't call device on !vm_running It turns out that virtio net assumes that vm_running is updated before device status callback in many places, so this change leads to asserts. Previous commit fixes the root issue that motivated a1bc7b827e422e1ff065640d8ec5347c4aadfcd8 differently, so there's no longer a need for this change. In the future, we might be able to drop checking vm_running completely, and check vm state directly. Reported-by: NDietmar Maurer <dietmar@proxmox.com> Cc: qemu-stable@nongnu.org Acked-by: NJason Wang <jasowang@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 05 9月, 2014 1 次提交
-
-
由 Michael S. Tsirkin 提交于
On vm stop, virtio changes vm_running state too soon, so callbacks can get envoked with vm_running = false; Cc: qemu-stable@nongnu.org Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 30 6月, 2014 4 次提交
-
-
由 Rusty Russell 提交于
Quoting original text from Rusty: "This is based on a simpler patch by Anthony Liguouri". Signed-off-by: NRusty Russell <rusty@rustcorp.com.au> [ add VirtIODevice * argument to most helpers, Greg Kurz <gkurz@linux.vnet.ibm.com> ] Signed-off-by: NGreg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: NThomas Huth <thuth@linux.vnet.ibm.com> Reviewed-by: NAlexander Graf <agraf@suse.de> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Greg Kurz 提交于
Some CPU families can dynamically change their endianness. This means we can have little endian ppc or big endian arm guests for example. This has an impact on legacy virtio data structures since they are target endian. We hence introduce a new property to track the endianness of each virtio device. It is reasonnably assumed that endianness won't change while the device is in use : we hence capture the device endianness when it gets reset. We migrate this property in a subsection, after the device descriptor. This means the load code must not rely on it until it is restored. As a consequence, the vring sanity checks had to be moved after the call to vmstate_load_state(). We enforce paranoia by poisoning the property at the begining of virtio_load(). Signed-off-by: NGreg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Greg Kurz 提交于
There is a need to add some more fields to VirtIODevice that should be migrated (broken status, endianness). The problem is that we do not want to break compatibility while adding a new feature... This issue has been addressed in the generic VMState code with the use of optional subsections. As a *temporary* alternative to port the whole virtio migration code to VMState, this patch mimics a similar subsectionning ability for virtio, using the VMState code. Since each virtio device is streamed in its own section, the idea is to stream subsections between the end of the device section and the start of the next sections. This allows an older QEMU to complain and exit when fed with subsections: Unknown savevm section type 5 load of migration failed Suggested-by: NAlexander Graf <agraf@suse.de> Signed-off-by: NGreg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: NAlexander Graf <agraf@suse.de> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Greg Kurz 提交于
In order to migrate virtio subsections, they should be streamed after the device itself. We need the device specific code to be called from the common migration code to achieve this. This patch introduces load and save methods for this purpose. Suggested-by: NAndreas Färber <afaerber@suse.de> Signed-off-by: NGreg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: NAlexander Graf <agraf@suse.de> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 29 6月, 2014 1 次提交
-
-
由 Dr. David Alan Gilbert 提交于
Commit 'virtio: validate config_len on load' restricted config_len loaded from the wire to match the config_len that the device had. Unfortunately, there are cases where this isn't true, the one we found it on was the wce addition in virtio-blk. Allow mismatched config-lengths: *) If the version on the wire is shorter then fine *) If the version on the wire is longer, load what we have space for and skip the rest. (This is mst@redhat.com's rework of what I originally posted) Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 19 6月, 2014 2 次提交
-
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
- 11 6月, 2014 1 次提交
-
-
由 Michael Tokarev 提交于
Suggested-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
- 12 5月, 2014 1 次提交
-
-
由 Michael S. Tsirkin 提交于
It's a loop from i < num_sg and the array is VIRTQUEUE_MAX_SIZE - so it's OK if the value read is VIRTQUEUE_MAX_SIZE. Not a big problem in practice as people don't use such big queues, but it's inelegant. Reported-by: N"Dr. David Alan Gilbert" <dgilbert@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 06 5月, 2014 4 次提交
-
-
由 Michael S. Tsirkin 提交于
Malformed input can have config_len in migration stream exceed the array size allocated on destination, the result will be heap overflow. To fix, that config_len matches on both sides. CVE-2014-0182 Reported-by: N"Dr. David Alan Gilbert" <dgilbert@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NJuan Quintela <quintela@redhat.com> -- v2: use %ix and %zx to print config_len values Signed-off-by: NJuan Quintela <quintela@redhat.com>
-
由 Michael S. Tsirkin 提交于
CVE-2013-4535 CVE-2013-4536 Both virtio-block and virtio-serial read, VirtQueueElements are read in as buffers, and passed to virtqueue_map_sg(), where num_sg is taken from the wire and can force writes to indicies beyond VIRTQUEUE_MAX_SIZE. To fix, validate num_sg. Reported-by: NMichael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Cc: Amit Shah <amit.shah@redhat.com> Signed-off-by: NJuan Quintela <quintela@redhat.com>
-
由 Michael Roth 提交于
CVE-2013-6399 vdev->queue_sel is read from the wire, and later used in the emulation code as an index into vdev->vq[]. If the value of vdev->queue_sel exceeds the length of vdev->vq[], currently allocated to be VIRTIO_PCI_QUEUE_MAX elements, subsequent PIO operations such as VIRTIO_PCI_QUEUE_PFN can be used to overrun the buffer with arbitrary data originating from the source. Fix this by failing migration if the value from the wire exceeds VIRTIO_PCI_QUEUE_MAX. Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NJuan Quintela <quintela@redhat.com>
-
由 Michael S. Tsirkin 提交于
CVE-2013-4151 QEMU 1.0 out-of-bounds buffer write in virtio_load@hw/virtio/virtio.c So we have this code since way back when: num = qemu_get_be32(f); for (i = 0; i < num; i++) { vdev->vq[i].vring.num = qemu_get_be32(f); array of vqs has size VIRTIO_PCI_QUEUE_MAX, so on invalid input this will write beyond end of buffer. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NMichael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: NJuan Quintela <quintela@redhat.com>
-
- 11 2月, 2014 1 次提交
-
-
由 Edgar E. Iglesias 提交于
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NEdgar E. Iglesias <edgar.iglesias@xilinx.com>
-