Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

ifdef BUILD_DOCS

DOCS=qemu-doc.html qemu-tech.html qemu.1 qemu-img.1 qemu-nbd.8 qemu-ga.8

DOCS+=qmp-commands.txt

ifdef CONFIG_LINUX

DOCS+=kvm_stat.1

endif

ifdef CONFIG_VIRTFS

DOCS+=fsdev/virtfs-proxy-helper.1

endif

	  $(POD2MAN) --section=8 --center=" " --release=" " qemu-ga.pod > $@, \

	  "  GEN   $@")

kvm_stat.1: scripts/kvm/kvm_stat.texi

	$(call quiet-command, \

	  perl -Ww -- $(SRC_PATH)/scripts/texi2pod.pl $< kvm_stat.pod && \

	  $(POD2MAN) --section=1 --center=" " --release=" " kvm_stat.pod > $@, \

	  "  GEN   $@")

dvi: qemu-doc.dvi qemu-tech.dvi

html: qemu-doc.html qemu-tech.html

info: qemu-doc.info qemu-tech.info

        return &acb->common;

    }

    if (acb->ioh->cmd_len > SCSI_CDB_MAX_SIZE) {

        error_report("iSCSI: ioctl error CDB exceeds max size (%d > %d)",

                     acb->ioh->cmd_len, SCSI_CDB_MAX_SIZE);

        qemu_aio_unref(acb);

        return NULL;

    }

    acb->task = malloc(sizeof(struct scsi_task));

    if (acb->task == NULL) {

        error_report("iSCSI: Failed to allocate task for scsi command. %s",

{

    ram_addr_t ram_addr;

    if (qemu_ram_addr_from_host(ptr, &ram_addr) == NULL) {

    ram_addr = qemu_ram_addr_from_host(ptr);

    if (ram_addr == RAM_ADDR_INVALID) {

        fprintf(stderr, "Bad ram pointer %p\n", ptr);

        abort();

    }

  use a boxed atomic_t type; atomic operations in QEMU are polymorphic

  and use normal C types.

- atomic_read and atomic_set in Linux give no guarantee at all;

  atomic_read and atomic_set in QEMU include a compiler barrier

  (similar to the READ_ONCE/WRITE_ONCE macros in Linux).

- most atomic read-modify-write operations in Linux return void;

  in QEMU, all of them return the old value of the variable.

- Originally, atomic_read and atomic_set in Linux gave no guarantee

  at all. Linux 4.1 updated them to implement volatile

  semantics via ACCESS_ONCE (or the more recent READ/WRITE_ONCE).

  QEMU's atomic_read/set implement, if the compiler supports it, C11

  atomic relaxed semantics, and volatile semantics otherwise.

  Both semantics prevent the compiler from doing certain transformations;

  the difference is that atomic accesses are guaranteed to be atomic,

  while volatile accesses aren't. Thus, in the volatile case we just cross

  our fingers hoping that the compiler will generate atomic accesses,

  since we assume the variables passed are machine-word sized and

  properly aligned.

  No barriers are implied by atomic_read/set in either Linux or QEMU.

- atomic read-modify-write operations in Linux are of three kinds:

         atomic_OP          returns void

         atomic_OP_return   returns new value of the variable

         atomic_fetch_OP    returns the old value of the variable

         atomic_cmpxchg     returns the old value of the variable

  In QEMU, the second kind does not exist.  Currently Linux has

  atomic_fetch_or only.  QEMU provides and, or, inc, dec, add, sub.

- different atomic read-modify-write operations in Linux imply

  a different set of memory barriers; in QEMU, all of them enforce

  sequential consistency, which means they imply full memory barriers

  before and after the operation.

- Linux does not have an equivalent of atomic_mb_read() and

  atomic_mb_set().  In particular, note that set_mb() is a little

  weaker than atomic_mb_set().

- Linux does not have an equivalent of atomic_mb_set().  In particular,

  note that smp_store_mb() is a little weaker than atomic_mb_set().

  atomic_mb_read() compiles to the same instructions as Linux's

  smp_load_acquire(), but this should be treated as an implementation

  detail.  If required, QEMU might later add atomic_load_acquire() and

  atomic_store_release() macros.

SOURCES

}

#endif /* !_WIN32 */

int qemu_get_ram_fd(ram_addr_t addr)

{

    RAMBlock *block;

    int fd;

    rcu_read_lock();

    block = qemu_get_ram_block(addr);

    fd = block->fd;

    rcu_read_unlock();

    return fd;

}

void qemu_set_ram_fd(ram_addr_t addr, int fd)

{

    RAMBlock *block;

    rcu_read_lock();

    block = qemu_get_ram_block(addr);

    block->fd = fd;

    rcu_read_unlock();

}

void *qemu_get_ram_block_host_ptr(ram_addr_t addr)

{

    RAMBlock *block;

    void *ptr;

    rcu_read_lock();

    block = qemu_get_ram_block(addr);

    ptr = ramblock_ptr(block, 0);

    rcu_read_unlock();

    return ptr;

}

/* Return a host pointer to ram allocated with qemu_ram_alloc.

 * This should not be used for general purpose DMA.  Use address_space_map

 * or address_space_rw instead. For local memory (e.g. video ram) that the

 *

 * Called within RCU critical section.

 */

void *qemu_get_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)

void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)

{

    RAMBlock *block = ram_block;

    if (block == NULL) {

        block = qemu_get_ram_block(addr);

        addr -= block->offset;

    }

    if (xen_enabled() && block->host == NULL) {

        block->host = xen_map_cache(block->offset, block->max_length, 1);

    }

    return ramblock_ptr(block, addr - block->offset);

    return ramblock_ptr(block, addr);

}

/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr

/* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr

 * but takes a size argument.

 *

 * Called within RCU critical section.

                                 hwaddr *size)

{

    RAMBlock *block = ram_block;

    ram_addr_t offset_inside_block;

    if (*size == 0) {

        return NULL;

    }

    if (block == NULL) {

        block = qemu_get_ram_block(addr);

        addr -= block->offset;

    }

    offset_inside_block = addr - block->offset;

    *size = MIN(*size, block->max_length - offset_inside_block);

    *size = MIN(*size, block->max_length - addr);

    if (xen_enabled() && block->host == NULL) {

        /* We need to check if the requested address is in the RAM

        block->host = xen_map_cache(block->offset, block->max_length, 1);

    }

    return ramblock_ptr(block, offset_inside_block);

    return ramblock_ptr(block, addr);

}

/*

 * ram_addr_t.

 */

RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,

                                   ram_addr_t *ram_addr,

                                   ram_addr_t *offset)

{

    RAMBlock *block;

    uint8_t *host = ptr;

    if (xen_enabled()) {

        ram_addr_t ram_addr;

        rcu_read_lock();

        *ram_addr = xen_ram_addr_from_mapcache(ptr);

        block = qemu_get_ram_block(*ram_addr);

        ram_addr = xen_ram_addr_from_mapcache(ptr);

        block = qemu_get_ram_block(ram_addr);

        if (block) {

            *offset = (host - block->host);

        }

    if (round_offset) {

        *offset &= TARGET_PAGE_MASK;

    }

    *ram_addr = block->offset + *offset;

    rcu_read_unlock();

    return block;

}

/* Some of the softmmu routines need to translate from a host pointer

   (typically a TLB entry) back to a ram offset.  */

MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)

ram_addr_t qemu_ram_addr_from_host(void *ptr)

{

    RAMBlock *block;

    ram_addr_t offset; /* Not used */

    block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);

    ram_addr_t offset;

    block = qemu_ram_block_from_host(ptr, false, &offset);

    if (!block) {

        return NULL;

        return RAM_ADDR_INVALID;

    }

    return block->mr;

    return block->offset + offset;

}

/* Called within RCU critical section.  */

    }

    switch (size) {

    case 1:

        stb_p(qemu_get_ram_ptr(NULL, ram_addr), val);

        stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);

        break;

    case 2:

        stw_p(qemu_get_ram_ptr(NULL, ram_addr), val);

        stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);

        break;

    case 4:

        stl_p(qemu_get_ram_ptr(NULL, ram_addr), val);

        stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);

        break;

    default:

        abort();

                                     hwaddr length)

{

    uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);

    addr += memory_region_get_ram_addr(mr);

    /* No early return if dirty_log_mask is or becomes 0, because

     * cpu_physical_memory_set_dirty_range will still call

     * xen_modified_memory.

                abort();

            }

        } else {

            addr1 += memory_region_get_ram_addr(mr);

            /* RAM case */

            ptr = qemu_get_ram_ptr(mr->ram_block, addr1);

            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);

            memcpy(ptr, buf, l);

            invalidate_and_set_dirty(mr, addr1, l);

        }

            }

        } else {

            /* RAM case */

            ptr = qemu_get_ram_ptr(mr->ram_block,

                                   memory_region_get_ram_addr(mr) + addr1);

            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);

            memcpy(buf, ptr, l);

        }

              memory_region_is_romd(mr))) {

            l = memory_access_size(mr, l, addr1);

        } else {

            addr1 += memory_region_get_ram_addr(mr);

            /* ROM/RAM case */

            ptr = qemu_get_ram_ptr(mr->ram_block, addr1);

            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);

            switch (type) {

            case WRITE_DATA:

                memcpy(ptr, buf, l);

    hwaddr done = 0;

    hwaddr l, xlat, base;

    MemoryRegion *mr, *this_mr;

    ram_addr_t raddr;

    void *ptr;

    if (len == 0) {

    }

    base = xlat;

    raddr = memory_region_get_ram_addr(mr);

    for (;;) {

        len -= l;

    memory_region_ref(mr);

    *plen = done;

    ptr = qemu_ram_ptr_length(mr->ram_block, raddr + base, plen);

    ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);

    rcu_read_unlock();

    return ptr;

        MemoryRegion *mr;

        ram_addr_t addr1;

        mr = qemu_ram_addr_from_host(buffer, &addr1);

        mr = memory_region_from_host(buffer, &addr1);

        assert(mr != NULL);

        if (is_write) {

            invalidate_and_set_dirty(mr, addr1, access_len);

#endif

    } else {

        /* RAM case */

        ptr = qemu_get_ram_ptr(mr->ram_block,

                               memory_region_get_ram_addr(mr) + addr1);

        ptr = qemu_map_ram_ptr(mr->ram_block, addr1);

        switch (endian) {

        case DEVICE_LITTLE_ENDIAN:

            val = ldl_le_p(ptr);

#endif

    } else {

        /* RAM case */

        ptr = qemu_get_ram_ptr(mr->ram_block,

                               memory_region_get_ram_addr(mr) + addr1);

        ptr = qemu_map_ram_ptr(mr->ram_block, addr1);

        switch (endian) {

        case DEVICE_LITTLE_ENDIAN:

            val = ldq_le_p(ptr);

#endif

    } else {

        /* RAM case */

        ptr = qemu_get_ram_ptr(mr->ram_block,

                               memory_region_get_ram_addr(mr) + addr1);

        ptr = qemu_map_ram_ptr(mr->ram_block, addr1);

        switch (endian) {

        case DEVICE_LITTLE_ENDIAN:

            val = lduw_le_p(ptr);

        r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);

    } else {

        addr1 += memory_region_get_ram_addr(mr);

        ptr = qemu_get_ram_ptr(mr->ram_block, addr1);

        ptr = qemu_map_ram_ptr(mr->ram_block, addr1);

        stl_p(ptr, val);

        dirty_log_mask = memory_region_get_dirty_log_mask(mr);

        dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);

        cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);

        cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,

                                            4, dirty_log_mask);

        r = MEMTX_OK;

    }

    if (result) {

        r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);

    } else {

        /* RAM case */

        addr1 += memory_region_get_ram_addr(mr);

        ptr = qemu_get_ram_ptr(mr->ram_block, addr1);

        ptr = qemu_map_ram_ptr(mr->ram_block, addr1);

        switch (endian) {

        case DEVICE_LITTLE_ENDIAN:

            stl_le_p(ptr, val);

        r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);

    } else {

        /* RAM case */

        addr1 += memory_region_get_ram_addr(mr);

        ptr = qemu_get_ram_ptr(mr->ram_block, addr1);

        ptr = qemu_map_ram_ptr(mr->ram_block, addr1);

        switch (endian) {

        case DEVICE_LITTLE_ENDIAN:

            stw_le_p(ptr, val);