summaryrefslogtreecommitdiffstats
path: root/dma-helpers.c
Commit message (Collapse)AuthorAgeFilesLines
* cpu-timers, icount: new modulesClaudio Fontana2020-10-051-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | refactoring of cpus.c continues with cpu timer state extraction. cpu-timers: responsible for the softmmu cpu timers state, including cpu clocks and ticks. icount: counts the TCG instructions executed. As such it is specific to the TCG accelerator. Therefore, it is built only under CONFIG_TCG. One complication is due to qtest, which uses an icount field to warp time as part of qtest (qtest_clock_warp). In order to solve this problem, provide a separate counter for qtest. This requires fixing assumptions scattered in the code that qtest_enabled() implies icount_enabled(), checking each specific case. Signed-off-by: Claudio Fontana <cfontana@suse.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> [remove redundant initialization with qemu_spice_init] Reviewed-by: Alex Bennée <alex.bennee@linaro.org> [fix lingering calls to icount_get] Signed-off-by: Claudio Fontana <cfontana@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* trace: switch position of headers to what Meson requiresPaolo Bonzini2020-08-211-1/+1
| | | | | | | | | | | | | | | | | Meson doesn't enjoy the same flexibility we have with Make in choosing the include path. In particular the tracing headers are using $(build_root)/$(<D). In order to keep the include directives unchanged, the simplest solution is to generate headers with patterns like "trace/trace-audio.h" and place forwarding headers in the source tree such that for example "audio/trace.h" includes "trace/trace-audio.h". This patch is too ugly to be applied to the Makefiles now. It's only a way to separate the changes to the tracing header files from the Meson rewrite of the tracing logic. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* icount: make dma reads deterministicPavel Dovgalyuk2020-06-171-0/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Windows guest sometimes makes DMA requests with overlapping target addresses. This leads to the following structure of iov for the block driver: addr size1 addr size2 addr size3 It means that three adjacent disk blocks should be read into the same memory buffer. Windows does not expects anything from these bytes (should it be data from the first block, or the last one, or some mix), but uses them somehow. It leads to non-determinism of the guest execution, because block driver does not preserve any order of reading. This situation was discusses in the mailing list at least twice: https://lists.gnu.org/archive/html/qemu-devel/2010-09/msg01996.html https://lists.gnu.org/archive/html/qemu-devel/2020-02/msg05185.html This patch makes such disk reads deterministic in icount mode. It splits the whole request into several parts. Parts may overlap, but SGs inside one part do not overlap. Parts that are processed later overwrite the prior ones in case of overlapping. Examples for different SG part sequences: 1) A1 1000 A2 1000 A1 1000 A3 1000 -> One request is split into two. A1 1000 A2 1000 -- A1 1000 A3 1000 2) A1 800 A2 1000 A1 1000 -> A1 800 A2 1000 -- A1 1000 Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru> Message-Id: <159117972206.12193.12939621311413561779.stgit@pasha-ThinkPad-X280> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* Avoid address_space_rw() with a constant is_write argumentPeter Maydell2020-02-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The address_space_rw() function allows either reads or writes depending on the is_write argument passed to it; this is useful when the direction of the access is determined programmatically (as for instance when handling the KVM_EXIT_MMIO exit reason). Under the hood it just calls either address_space_write() or address_space_read_full(). We also use it a lot with a constant is_write argument, though, which has two issues: * when reading "address_space_rw(..., 1)" this is less immediately clear to the reader as being a write than "address_space_write(...)" * calling address_space_rw() bypasses the optimization in address_space_read() that fast-paths reads of a fixed length This commit was produced with the included Coccinelle script scripts/coccinelle/exec_rw_const.cocci. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Message-Id: <20200218112457.22712-1-peter.maydell@linaro.org> [PMD: Update macvm_set_cr0() reported by Laurent Vivier] Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
* dma-helpers: ensure AIO callback is invoked after cancellationPaolo Bonzini2019-08-171-4/+9
| | | | | | | | | | | | | | | | | dma_aio_cancel unschedules the BH if there is one, which corresponds to the reschedule_dma case of dma_blk_cb. This can stall the DMA permanently, because dma_complete will never get invoked and therefore nobody will ever invoke the original AIO callback in dbs->common.cb. Fix this by invoking the callback (which is ensured to happen after a bdrv_aio_cancel_async, or done manually in the dbs->bh case), and add assertions to check that the DMA state machine is indeed waiting for dma_complete or reschedule_dma, but never both. Reported-by: John Snow <jsnow@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 20190729213416.1972-1-pbonzini@redhat.com Signed-off-by: John Snow <jsnow@redhat.com>
* block: explicitly acquire aiocontext in bottom halves that need itPaolo Bonzini2017-02-211-0/+2
| | | | | | | | | Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20170213135235.12274-15-pbonzini@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* trace: switch to modular code generation for sub-directoriesDaniel P. Berrange2017-01-311-1/+1
| | | | | | | | | | | | | | | Introduce rules in the top level Makefile that are able to generate trace.[ch] files in every subdirectory which has a trace-events file. The top level directory is handled specially, so instead of creating trace.h, it creates trace-root.h. This allows sub-directories to include the top level trace-root.h file, without ambiguity wrt to the trace.g file in the current sub-dir. Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20170125161417.31949-7-berrange@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* dma-helpers: explicitly pass alignment into DMA helpersMark Cave-Ayland2016-10-271-9/+12
| | | | | | | | | | | | The hard-coded default alignment is BDRV_SECTOR_SIZE, however this is not necessarily the case for all platforms. Use this as the default alignment for all current callers. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Eric Blake <eblake@redhat.com> Acked-by: John Snow <jsnow@redhat.com> Message-id: 1476445266-27503-2-git-send-email-mark.cave-ayland@ilande.co.uk Signed-off-by: John Snow <jsnow@redhat.com>
* dma-helpers: dma_blk_io() cancel supportStefan Hajnoczi2016-06-281-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Attempting to cancel a dma_blk_io() request causes an abort(3): void bdrv_aio_cancel(BlockAIOCB *acb) { ... while (acb->refcnt > 1) { if (acb->aiocb_info->get_aio_context) { aio_poll(acb->aiocb_info->get_aio_context(acb), true); } else if (acb->bs) { aio_poll(bdrv_get_aio_context(acb->bs), true); } else { abort(); } } ... } This happens because DMAAIOCB->bs is NULL and dma_aiocb_info.get_aio_context() is also NULL. This patch trivially implements dma_aiocb_info.get_aio_context() by fetching the DMAAIOCB->ctx field. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Message-id: 1466451417-27988-1-git-send-email-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* dma-helpers: change BlockBackend to opaque value in DMAIOFuncPaolo Bonzini2016-05-251-13/+35
| | | | | | | | | | | | | | | | Callers of dma_blk_io have no way to pass extra data to the DMAIOFunc, because the original callback and opaque are gone by the time DMAIOFunc is called. On the other hand, the BlockBackend is usually derived from those extra data that you could pass to the DMAIOFunc (in the next patch, that would be the SCSIRequest). So change DMAIOFunc's prototype, decoupling it from blk_aio_readv and blk_aio_writev's. The new prototype loses the BlockBackend and gains an extra opaque value which, in the case of dma_blk_readv and dma_blk_writev, is of course used for the BlockBackend. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* dma-helpers: change interface to byte-basedPaolo Bonzini2016-05-251-7/+7
| | | | | Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* ide: Switch to byte-based aio block accessEric Blake2016-05-121-7/+7
| | | | | | | | | | | | Sector-based blk_aio_readv() and blk_aio_writev() should die; switch to byte-based blk_aio_preadv() and blk_aio_pwritev() instead. The patch had to touch multiple files at once, because dma_blk_io() takes pointers to the functions, and ide_issue_trim() piggybacks on the same interface (while ignoring offset under the hood). Signed-off-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* all: Clean up includesPeter Maydell2016-02-041-0/+1
| | | | | | | | | | Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1454089805-5470-16-git-send-email-peter.maydell@linaro.org
* range: remove useless inclusionsPaolo Bonzini2015-04-301-1/+0Star
| | | | | Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
* Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell2015-04-301-9/+8Star
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - miscellaneous cleanups for TCG (Emilio) and NBD (Bogdan) - next part in the thread-safe address_space_* saga: atomic access to the bounce buffer and the map_clients list, from Fam - optional support for linking with tcmalloc, also from Fam - reapplying Peter Crosthwaite's "Respect as_translate_internal length clamp" after fixing the SPARC fallout. - build system fix from Wei Liu - small acpi-build and ioport cleanup by myself # gpg: Signature made Wed Apr 29 09:34:00 2015 BST using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (22 commits) nbd/trivial: fix type cast for ioctl translate-all: use bitmap helpers for PageDesc's bitmap target-i386: disable LINT0 after reset Makefile.target: prepend $libs_softmmu to $LIBS milkymist: do not modify libs-softmmu configure: Add support for tcmalloc exec: Respect as_translate_internal length clamp ioport: reserve the whole range of an I/O port in the AddressSpace ioport: loosen assertions on emulation of 16-bit ports ioport: remove wrong comment ide: there is only one data port gus: clean up MemoryRegionPortio sb16: remove useless mixer_write_indexw sun4m: fix slavio sysctrl and led register sizes acpi-build: remove dependency from ram_addr.h memory: add memory_region_ram_resize dma-helpers: Fix race condition of continue_after_map_failure and dma_aio_cancel exec: Notify cpu_register_map_client caller if the bounce buffer is available exec: Protect map_client_list with mutex linux-user, bsd-user: Remove two calls to cpu_exec_init_all ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * dma-helpers: Fix race condition of continue_after_map_failure and dma_aio_cancelFam Zheng2015-04-271-9/+8Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If DMA's owning thread cancels the IO while the bounce buffer's owning thread is notifying the "cpu client list", a use-after-free happens: continue_after_map_failure dma_aio_cancel ------------------------------------------------------------------ aio_bh_new qemu_bh_delete qemu_bh_schedule (use after free) Also, the old code doesn't run the bh in the right AioContext. Fix both problems by passing a QEMUBH to cpu_register_map_client. Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1426496617-10702-6-git-send-email-famz@redhat.com> [Remove unnecessary forward declaration. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* | exec.c: Make address_space_rw take transaction attributesPeter Maydell2015-04-261-1/+2
|/ | | | | | | | | | Make address_space_rw take transaction attributes, rather than always using the 'unspecified' attributes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
* hw: Convert from BlockDriverState to BlockBackend, mostlyMarkus Armbruster2014-10-201-29/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | Device models should access their block backends only through the block-backend.h API. Convert them, and drop direct includes of inappropriate headers. Just four uses of BlockDriverState are left: * The Xen paravirtual block device backend (xen_disk.c) opens images itself when set up via xenbus, bypassing blockdev.c. I figure it should go through qmp_blockdev_add() instead. * Device model "usb-storage" prompts for keys. No other device model does, and this one probably shouldn't do it, either. * ide_issue_trim_cb() uses bdrv_aio_discard() instead of blk_aio_discard() because it fishes its backend out of a BlockAIOCB, which has only the BlockDriverState. * PC87312State has an unused BlockDriverState[] member. The next two commits take care of the latter two. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* block: Rename BlockDriverCompletionFunc to BlockCompletionFuncMarkus Armbruster2014-10-201-1/+1
| | | | | | | | | | I'll use it with block backends shortly, and the name is going to fit badly there. It's a block layer thing anyway, not just a block driver thing. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* block: Rename BlockDriverAIOCB* to BlockAIOCB*Markus Armbruster2014-10-201-10/+10
| | | | | | | | | | I'll use BlockDriverAIOCB with block backends shortly, and the name is going to fit badly there. It's a block layer thing anyway, not just a block driver thing. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* block: Rename qemu_aio_release -> qemu_aio_unrefFam Zheng2014-09-221-1/+1
| | | | | | Suggested-by: Benoît Canet <benoit.canet@irqsave.net> Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* dma: Convert dma_aiocb_info.cancel to .cancel_asyncFam Zheng2014-09-221-16/+4Star
| | | | | | | Just forward the request to bdrv_aio_cancel_async. Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* block: Make the block accounting functions operate on BlockAcctStatsBenoît Canet2014-09-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the next step for decoupling block accounting functions from BlockDriverState. In a future commit the BlockAcctStats structure will be moved from BlockDriverState to the device models structures. Note that bdrv_get_stats was introduced so device models can retrieve the BlockAcctStats structure of a BlockDriverState without being aware of it's layout. This function should go away when BlockAcctStats will be embedded in the device models structures. CC: Kevin Wolf <kwolf@redhat.com> CC: Stefan Hajnoczi <stefanha@redhat.com> CC: Keith Busch <keith.busch@intel.com> CC: Anthony Liguori <aliguori@amazon.com> CC: "Michael S. Tsirkin" <mst@redhat.com> CC: Paolo Bonzini <pbonzini@redhat.com> CC: Eric Blake <eblake@redhat.com> CC: Peter Maydell <peter.maydell@linaro.org> CC: Michael Tokarev <mjt@tls.msk.ru> CC: John Snow <jsnow@redhat.com> CC: Markus Armbruster <armbru@redhat.com> CC: Alexander Graf <agraf@suse.de> CC: Max Reitz <mreitz@redhat.com> Signed-off-by: Benoît Canet <benoit.canet@nodalink.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* dma-helpers: Fix too long qiovKevin Wolf2014-07-141-0/+4
| | | | | | | | | | | | If the size of the scatter/gather list isn't a multiple of 512, the number of sectors for the block layer request is rounded down, resulting in a qiov that doesn't match the request length. Truncate the qiov to the new length of the request. This fixes the IDE qtest case /x86_64/ide/bmdma/short_prdt. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
* dma-helpers: avoid calling dma_bdrv_unmap() twiceJules Wang2014-05-231-1/+1
| | | | | | | | | Calling dma_bdrv_unmap() twice is not necessary and may cause potential problems if some code changes. Signed-off-by: Jules Wang <junqing.wang@cs2c.com.cn> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
* dma-helpers: Initialize DMAAIOCB in_cancel flagPeter Maydell2014-04-041-0/+1
| | | | | | | | | | Initialize the dbs->in_cancel flag in dma_bdrv_io(), since qemu_aio_get() does not return zero-initialized memory. Spotted by the clang sanitizer (which complained when the value loaded in dma_complete() was not valid for a bool type); this might have resulted in leaking the AIO block. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* aio / timers: Untangle include filesAlex Bligh2013-08-221-0/+1
| | | | | | | | | | include/qemu/timer.h has no need to include main-loop.h and doing so causes an issue for the next patch. Unfortunately various files assume including timers.h will pull in main-loop.h. Untangle this mess. Signed-off-by: Alex Bligh <alex@alex.org.uk> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* dma: keep a device alive while it has SGListsPaolo Bonzini2013-07-041-1/+5
| | | | | Reviewed-by: Anthony Liguori <aliguori@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* dma: eliminate DMAContextPaolo Bonzini2013-06-201-17/+7Star
| | | | | | | | | The DMAContext is a simple pointer to an AddressSpace that is now always already available. Make everyone hold the address space directly, and clean up the DMA API to use the AddressSpace directly. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* dma: eliminate old-style IOMMU supportPaolo Bonzini2013-06-201-168/+10Star
| | | | | | | | The translate function in the DMAContext is now always NULL. Remove every reference to it. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* memory: add address_space_access_validPaolo Bonzini2013-05-291-0/+5
| | | | | | | | | The old-style IOMMU lets you check whether an access is valid in a given DMAContext. There is no equivalent for AddressSpace in the memory API, implement it with a lookup of the dispatch tree. Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* softmmu: move include files to include/sysemu/Paolo Bonzini2012-12-191-1/+1
| | | | Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* misc: move include files to include/qemu/Paolo Bonzini2012-12-191-2/+2
| | | | Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* aio: rename AIOPool to AIOCBInfoStefan Hajnoczi2012-11-141-2/+2
| | | | | | | | | Now that AIOPool no longer keeps a freelist, it isn't really a "pool" anymore. Rename it to AIOCBInfo and make it const since it no longer needs to be modified. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* Rename target_phys_addr_t to hwaddrAvi Kivity2012-10-231-4/+4
| | | | | | | | | | | | | | | target_phys_addr_t is unwieldly, violates the C standard (_t suffixes are reserved) and its purpose doesn't match the name (most target_phys_addr_t addresses are not target specific). Replace it with a finger-friendly, standards conformant hwaddr. Outstanding patchsets can be fixed up with the command git rebase -i --exec 'find -name "*.[ch]" | xargs s/target_phys_addr_t/hwaddr/g' origin Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* dma: make dma access its own address spaceAvi Kivity2012-10-221-13/+12Star
| | | | | | | | | | | Instead of accessing the cpu address space, use an address space configured by the caller. Eventually all dma functionality will be folded into AddressSpace, but we have to start from something. Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Avi Kivity <avi@redhat.com>
* dma: Fix stupid typo/thinkoBenjamin Herrenschmidt2012-08-161-2/+2
| | | | | | | | | | | Hi hard a brain fart when coding that function, it will fail to "set" the memory beyond the first 512 bytes. This is in turn causing guest crashes in ibmveth (spapr_llan.c on the qemu side) due to the receive queue not being properly initialized. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* ahci: Fix sglist memleak in ahci_dma_rw_buf()Jason Baron2012-08-101-0/+1
| | | | | | | | | | | I noticed that in hw/ide/ahci:ahci_dma_rw_buf() we do not free the sglist. Thus, I've added a call to qemu_sglist_destroy() to fix this memory leak. In addition, I've adeed a call in qemu_sglist_destroy() to 0 all of the sglist fields, in case there is some other codepath that tries to free the sglist. Signed-off-by: Jason Baron <jbaron@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* Add a memory barrier to DMA functionsBenjamin Herrenschmidt2012-06-271-0/+2
| | | | | | | | | | | | | | | | | | The emulated devices can run simultaneously with the guest, so we need to be careful with ordering of load and stores done by them to the guest system memory, which need to be observed in the right order by the guest operating system. This adds a barrier call to the basic DMA read/write ops which is currently implemented as a smp_mb(), but could be later improved for more fine grained control of barriers. Additionally, a _relaxed() variant of the accessors is provided to easily convert devices who would be performance sensitive and negatively impacted by the change. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* iommu: Introduce IOMMU emulation infrastructureDavid Gibson2012-06-271-1/+171
| | | | | | | | | | | | | | | | This patch adds the basic infrastructure necessary to emulate an IOMMU visible to the guest. The DMAContext structure is extended with information and a callback describing the translation, and the various DMA functions used by devices will now perform IOMMU translation using this callback. Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Signed-off-by: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* iommu: Make sglists and dma_bdrv helpers use new universal DMA helpersDavid Gibson2012-06-271-12/+12
| | | | | | | | | | | | | | | | | | | | | | | | dma-helpers.c contains a number of helper functions for doing scatter/gather DMA, and various block device related DMA. Currently, these directly access guest memory using cpu_physical_memory_*(), assuming no IOMMU translation. This patch updates this code to use the new universal DMA helper functions. qemu_sglist_init() now takes a DMAContext * to describe the DMA address space in which the scatter/gather will take place. We minimally update the callers qemu_sglist_init() to pass NULL (i.e. no translation, same as current behaviour). Some of those callers should pass something else in some cases to allow proper IOMMU translation in future, but that will be fixed in later patches. Cc: Kevin Wolf <kwolf@redhat.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* iommu: Add universal DMA helper functionsDavid Gibson2012-06-271-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Not that long ago, every device implementation using DMA directly accessed guest memory using cpu_physical_memory_*(). This meant that adding support for a guest visible IOMMU would require changing every one of these devices to go through IOMMU translation. Shortly before qemu 1.0, I made a start on fixing this by providing helper functions for PCI DMA. These are currently just stubs which call the direct access functions, but mean that an IOMMU can be implemented in one place, rather than for every PCI device. Clearly, this doesn't help for non PCI devices, which could also be IOMMU translated on some platforms. It is also problematic for the devices which have both PCI and non-PCI version (e.g. OHCI, AHCI) - we cannot use the the pci_dma_*() functions, because they assume the presence of a PCIDevice, but we don't want to have to check between pci_dma_*() and cpu_physical_memory_*() every time we do a DMA in the device code. This patch makes the first step on addressing both these problems, by introducing new (stub) dma helper functions which can be used for any DMA capable device. These dma functions take a DMAContext *, a new (currently empty) variable describing the DMA address space in which the operation is to take place. NULL indicates untranslated DMA directly into guest physical address space. The intention is that in future non-NULL values will given information about any necessary IOMMU translation. DMA using devices must obtain a DMAContext (or, potentially, contexts) from their bus or platform. For now this patch just converts the PCI wrappers to be implemented in terms of the universal wrappers, converting other drivers can take place over time. Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro> Cc: Richard Henderson <rth@twiddle.net> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* Use DMADirection type for dma_bdrv_ioDavid Gibson2012-04-051-8/+12
| | | | | | | | | | | | | | | | Currently dma_bdrv_io() takes a 'to_dev' boolean parameter to determine the direction of DMA it is emulating. We already have a DMADirection enum designed specifically to encode DMA directions. This patch uses it for dma_bdrv_io() as well. This involves removing the DMADirection definition from the #ifdef it was inside, but since that only existed to protect the definition of dma_addr_t from places where config.h is not included, there wasn't any reason for it to be there in the first place. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* aio: move BlockDriverAIOCB to qemu-aio.hPaolo Bonzini2012-04-051-1/+0Star
| | | | | | | | And remove several block_int.h inclusions that should not be there. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* dma-helpers: add accounting wrappersPaolo Bonzini2012-02-221-0/+6
| | | | | | | The length of the transfer is already in the sglist, the wrapper simply fetches it. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* dma-helpers: add dma_buf_read and dma_buf_writePaolo Bonzini2012-02-221-0/+31
| | | | | | | | | These helpers do a full transfer from an in-memory buffer to target memory, with support for scatter/gather lists. It will be used to store the reply of an emulated command into a QEMUSGList provided by the adapter. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* dma: the passed io_func does not return NULLPaolo Bonzini2011-12-151-3/+1Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Initially found with the following semantic patch: @ type @ BlockDriverAIOCB *x; expression E; @@ x = E; - if (x == NULL) { ... } @ acb1 @ expression E, E1; @@ E1->acb = E; - if (E1->acb == NULL) { ... } @ aiocb1 @ expression E, E1; @@ E1->aiocb = E; - if (E1->aiocb == NULL) { ... } @ acb @ expression E, E1; @@ E1.acb = E; - if (E1.acb == NULL) { ... } @ aiocb @ expression E, E1; @@ E1.aiocb = E; - if (E1.aiocb == NULL) { ... } but changed manually to include an assert. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* dma-helpers: Add trace eventsKevin Wolf2011-12-051-0/+10
| | | | | Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
* Use dma_addr_t type for scatter/gather codeDavid Gibson2011-11-011-3/+2Star
| | | | | | | | | | | | | This patch uses the newly created dma_addr_t type throughout the scatter/gather handling code in dma-helpers.c whenever we need to represent a dma bus address. This makes a better distinction as to what is a bus address and what is a cpu physical address. Since we don't support IOMMUs yet, they can't be very different for now, but that will change in future, and this preliminary helps clarify what's going on. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* dma-helpers: rewrite completion/cancellationPaolo Bonzini2011-09-201-13/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes various problems with completion/cancellation: * if the io_func fails to get an AIOCB, the callback wasn't called * If DMA encounters a bounce buffer conflict, and the DMA operation is canceled before the bottom half fires, bad things happen. * memory is not unmapped after cancellation, again causing problems when doing DMA to I/O areas * cancellation could leak the iovec * the callback was missed if the I/O operation failed without returning an AIOCB and probably more that I've missed. The patch fixes them by sharing the cleanup code between completion and cancellation. The dma_bdrv_cb now returns a boolean completed/not completed flag, and the wrapper dma_continue takes care of tasks to do upon completion. Most of these are basically impossible in practice, but it is better to be tidy... Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>