RE: [Qemu-devel] Potential sparc32 MMU bug
While working on getting SunOS to boot under qemu, I ran into a very odd bug, and I'm not sure whose fault it is. Excellent, there are not too many Sparc developers! The SunOS bootloader tries to install trap 0 by writing to the trap table. The trap table is in the .text (read-only) section of the OpenBIOS ROM. The bug is that the write to the read-only section silently fails -- it doesn't cause an interrupt in the VM. It looks like the VM believes all of the ROM is rwx (based on my examination of cpu_sparc_handle_mmu_fault). I presume the write fails because of Linux's memory protection (since the OpenBIOS ELF is mmap'd). But I'm not sure why the disallowed write doesn't cause _something_ to happen. Should qemu be catching the failed write and passing it on to the VM? Does qemu need to tell the VM's MMU which portions of the loaded ROM are read-only? Or does OpenBIOS need to inform the VM's MMU that the loaded .text section is read-only? I presume it's something OpenBIOS should be doing, but that mailing list is very very quiet, and I figured I'd make sure it wasn't an underlying qemu bug. How should qemu be handling this? What parts of qemu should I look at next? OpenBIOS programs the MMU as the first thing in startup, please see arch/sparc32/head.S. It maps the .text area of ROM with 1:1 mapping, the protection is RWX despite the comment saying that it's execute-only (sorry). This explains why the fault does not happen. In OpenBIOS, .data is not used at all, only .rodata and .bss, so changing just the ELF directive does not help but the ROM should be copied to RAM. Qemu is correct (unless writes to ROM on real Sparc hardware cause MMU/IOMMU faults), but OpenBIOS should be modified. We should continue this in OpenBIOS mailing list as this is not related to Qemu. _ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] qemu/audio alsaaudio.c audio.c audio.h audio_te...
CVSROOT:/sources/qemu Module name:qemu Changes by: Thiemo Seufer 07/02/17 22:19:29 Modified files: audio : alsaaudio.c audio.c audio.h audio_template.h coreaudio.c mixeng.c mixeng.h wavaudio.c wavcapture.c Log message: Qemu support for S32 and U32 alsa output, by Vassili Karpov. CVSWeb URLs: http://cvs.savannah.gnu.org/viewcvs/qemu/audio/alsaaudio.c?cvsroot=qemu&r1=1.7&r2=1.8 http://cvs.savannah.gnu.org/viewcvs/qemu/audio/audio.c?cvsroot=qemu&r1=1.15&r2=1.16 http://cvs.savannah.gnu.org/viewcvs/qemu/audio/audio.h?cvsroot=qemu&r1=1.8&r2=1.9 http://cvs.savannah.gnu.org/viewcvs/qemu/audio/audio_template.h?cvsroot=qemu&r1=1.8&r2=1.9 http://cvs.savannah.gnu.org/viewcvs/qemu/audio/coreaudio.c?cvsroot=qemu&r1=1.7&r2=1.8 http://cvs.savannah.gnu.org/viewcvs/qemu/audio/mixeng.c?cvsroot=qemu&r1=1.4&r2=1.5 http://cvs.savannah.gnu.org/viewcvs/qemu/audio/mixeng.h?cvsroot=qemu&r1=1.2&r2=1.3 http://cvs.savannah.gnu.org/viewcvs/qemu/audio/wavaudio.c?cvsroot=qemu&r1=1.9&r2=1.10 http://cvs.savannah.gnu.org/viewcvs/qemu/audio/wavcapture.c?cvsroot=qemu&r1=1.7&r2=1.8 ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] qemu/linux-user syscall.c
CVSROOT:/sources/qemu Module name:qemu Changes by: Thiemo Seufer 07/02/17 22:25:41 Modified files: linux-user : syscall.c Log message: Userland mount syscall emulation, by Kirill A. Shutemov. CVSWeb URLs: http://cvs.savannah.gnu.org/viewcvs/qemu/linux-user/syscall.c?cvsroot=qemu&r1=1.86&r2=1.87 ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] qemu vl.c
CVSROOT:/sources/qemu Module name:qemu Changes by: Thiemo Seufer 07/02/17 22:54:49 Modified files: . : vl.c Log message: Solaris tap device, by Sittichai Palingsong. CVSWeb URLs: http://cvs.savannah.gnu.org/viewcvs/qemu/vl.c?cvsroot=qemu&r1=1.250&r2=1.251 ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
Re: [Qemu-devel] Audio
malc wrote: > Hello, > > At http://www.boblycat.org/~malc/code/patches/qemu/ you will find latest > (21_aqemu) audio patch. Please send the audio patch split per device to the mailing list. Thiemo ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] qemu qemu-doc.texi vl.c vl.h hw/parallel.c
CVSROOT:/sources/qemu Module name:qemu Changes by: Thiemo Seufer 07/02/17 23:44:43 Modified files: . : qemu-doc.texi vl.c vl.h hw : parallel.c Log message: Parport EPP support for Linux, by Marko Kohtala. CVSWeb URLs: http://cvs.savannah.gnu.org/viewcvs/qemu/qemu-doc.texi?cvsroot=qemu&r1=1.129&r2=1.130 http://cvs.savannah.gnu.org/viewcvs/qemu/vl.c?cvsroot=qemu&r1=1.251&r2=1.252 http://cvs.savannah.gnu.org/viewcvs/qemu/vl.h?cvsroot=qemu&r1=1.185&r2=1.186 http://cvs.savannah.gnu.org/viewcvs/qemu/hw/parallel.c?cvsroot=qemu&r1=1.4&r2=1.5 ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] qemu/hw pckbd.c
CVSROOT:/sources/qemu Module name:qemu Changes by: Thiemo Seufer 07/02/18 00:08:44 Modified files: hw : pckbd.c Log message: PS/2 interface - Allow custom IO ports + IRQ, by Herve Poussineau. CVSWeb URLs: http://cvs.savannah.gnu.org/viewcvs/qemu/hw/pckbd.c?cvsroot=qemu&r1=1.15&r2=1.16 ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] qemu/hw mips_malta.c mips_r4k.c
CVSROOT:/sources/qemu Module name:qemu Changes by: Thiemo Seufer 07/02/18 00:10:59 Modified files: hw : mips_malta.c mips_r4k.c Log message: Add PS/2 keyboard to MIPS R4K, by Herve Poussineau. CVSWeb URLs: http://cvs.savannah.gnu.org/viewcvs/qemu/hw/mips_malta.c?cvsroot=qemu&r1=1.7&r2=1.8 http://cvs.savannah.gnu.org/viewcvs/qemu/hw/mips_r4k.c?cvsroot=qemu&r1=1.33&r2=1.34 ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] qemu/target-mips helper.c op.c op_helper.c
CVSROOT:/sources/qemu Module name:qemu Changes by: Thiemo Seufer 07/02/18 00:19:08 Modified files: target-mips: helper.c op.c op_helper.c Log message: Fix sign-extension of VPN field in TLB, by Herve Poussineau. CVSWeb URLs: http://cvs.savannah.gnu.org/viewcvs/qemu/target-mips/helper.c?cvsroot=qemu&r1=1.24&r2=1.25 http://cvs.savannah.gnu.org/viewcvs/qemu/target-mips/op.c?cvsroot=qemu&r1=1.22&r2=1.23 http://cvs.savannah.gnu.org/viewcvs/qemu/target-mips/op_helper.c?cvsroot=qemu&r1=1.28&r2=1.29 ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] [PATCH 0/3] Make BOOTP work with slirp
The following patch series allows for BOOTP to be used with slirp. The original patch was written by Erwan Velu. With the full series, you can do: qemu -hda /path/to/disk.img -boot n -tftp ~/tftpdir -bootp /pxelinux.0 And the guest will boot from ~/tftpdir/pxelinux.0. Regards, Anthony Liguori ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] [PATCH 1/3] Add OACK support to slirp TFTP server
Specifically, this patch adds tsize handling which is needed for PXELinux.
Regards,
Anthony Liguori
diff -r 153828edbad3 slirp/tftp.c
--- a/slirp/tftp.c Thu Feb 15 16:37:56 2007 -0600
+++ b/slirp/tftp.c Thu Feb 15 21:37:26 2007 -0600
@@ -120,6 +120,45 @@ static int tftp_read_data(struct tftp_se
return bytes_read;
}
+static int tftp_send_oack(struct tftp_session *spt,
+ const char *key, uint32_t value,
+ struct tftp_t *recv_tp)
+{
+struct sockaddr_in saddr, daddr;
+struct mbuf *m;
+struct tftp_t *tp;
+int n = 0;
+
+m = m_get();
+
+if (!m)
+ return -1;
+
+memset(m->m_data, 0, m->m_size);
+
+m->m_data += if_maxlinkhdr;
+tp = (void *)m->m_data;
+m->m_data += sizeof(struct udpiphdr);
+
+tp->tp_op = htons(TFTP_OACK);
+n += sprintf(tp->x.tp_buf + n, "%s", key) + 1;
+n += sprintf(tp->x.tp_buf + n, "%u", value) + 1;
+
+saddr.sin_addr = recv_tp->ip.ip_dst;
+saddr.sin_port = recv_tp->udp.uh_dport;
+
+daddr.sin_addr = spt->client_ip;
+daddr.sin_port = spt->client_port;
+
+m->m_len = sizeof(struct tftp_t) - 514 + n -
+sizeof(struct ip) - sizeof(struct udphdr);
+udp_output2(NULL, m, &saddr, &daddr, IPTOS_LOWDELAY);
+
+return 0;
+}
+
+
+
static int tftp_send_error(struct tftp_session *spt,
u_int16_t errorcode, const char *msg,
struct tftp_t *recv_tp)
@@ -273,6 +312,8 @@ static void tftp_handle_rrq(struct tftp_
return;
}
+ k += 6;/* skipping octet*/
+
/* do sanity checks on the filename */
if ((spt->filename[0] != '/')
@@ -297,6 +338,48 @@ static void tftp_handle_rrq(struct tftp_
return;
}
+ if (src[n - 1] != 0) {
+ tftp_send_error(spt, 2, "Access violation", tp);
+ return;
+ }
+
+ while (k < n) {
+ const char *key, *value;
+
+ key = src + k;
+ k += strlen(key) + 1;
+
+ if (k >= n) {
+ tftp_send_error(spt, 2, "Access violation", tp);
+ return;
+ }
+
+ value = src + k;
+ k += strlen(value) + 1;
+
+ if (strcmp(key, "tsize") == 0) {
+ int tsize = atoi(value);
+ struct stat stat_p;
+
+ if (tsize == 0 && tftp_prefix) {
+ char buffer[1024];
+ int len;
+
+ len = snprintf(buffer, sizeof(buffer), "%s/%s",
+ tftp_prefix, spt->filename);
+
+ if (stat(buffer, &stat_p) == 0)
+ tsize = stat_p.st_size;
+ else {
+ tftp_send_error(spt, 1, "File not found", tp);
+ return;
+ }
+ }
+
+ tftp_send_oack(spt, "tsize", tsize, tp);
+ }
+ }
+
tftp_send_data(spt, 1, tp);
}
diff -r 153828edbad3 slirp/tftp.h
--- a/slirp/tftp.h Thu Feb 15 16:37:56 2007 -0600
+++ b/slirp/tftp.h Thu Feb 15 16:37:57 2007 -0600
@@ -9,6 +9,7 @@
#define TFTP_DATA 3
#define TFTP_ACK4
#define TFTP_ERROR 5
+#define TFTP_OACK 6
#define TFTP_FILENAME_MAX 512
___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] [PATCH 2/3] Add -bootp option for slip
The following patch adds a -bootp option. This option takes a filename
that will be advertised as the BOOTP filename.
Regards,
Anthony Liguori
diff -r ea5eb79ade8d slirp/bootp.c
--- a/slirp/bootp.c Thu Feb 15 16:49:28 2007 -0600
+++ b/slirp/bootp.c Thu Feb 15 16:49:30 2007 -0600
@@ -38,6 +38,8 @@ typedef struct {
BOOTPClient bootp_clients[NB_ADDR];
+const char *bootp_filename;
+
static const uint8_t rfc1533_cookie[] = { RFC1533_COOKIE };
#ifdef DEBUG
@@ -168,6 +170,10 @@ static void bootp_reply(struct bootp_t *
goto new_addr;
}
}
+
+if (bootp_filename)
+snprintf(rbp->bp_file, sizeof(rbp->bp_file), "%s", bootp_filename);
+
dprintf("offered addr=%08x\n", ntohl(daddr.sin_addr.s_addr));
saddr.sin_addr.s_addr = htonl(ntohl(special_addr.s_addr) | CTL_ALIAS);
diff -r ea5eb79ade8d vl.c
--- a/vl.c Thu Feb 15 16:49:28 2007 -0600
+++ b/vl.c Thu Feb 15 16:57:07 2007 -0600
@@ -6488,6 +6488,7 @@ void help(void)
"\n"
#ifdef CONFIG_SLIRP
"-tftp prefixallow tftp access to files starting with prefix [-net user]\n"
+ "-bootp file advertise file in BOOTP replies\n"
#ifndef _WIN32
"-smb dirallow SMB access to files in 'dir' [-net user]\n"
#endif
@@ -6576,6 +6577,7 @@ enum {
QEMU_OPTION_net,
QEMU_OPTION_tftp,
+QEMU_OPTION_bootp,
QEMU_OPTION_smb,
QEMU_OPTION_redir,
@@ -6652,6 +6654,7 @@ const QEMUOption qemu_options[] = {
{ "net", HAS_ARG, QEMU_OPTION_net},
#ifdef CONFIG_SLIRP
{ "tftp", HAS_ARG, QEMU_OPTION_tftp },
+{ "bootp", HAS_ARG, QEMU_OPTION_bootp },
#ifndef _WIN32
{ "smb", HAS_ARG, QEMU_OPTION_smb },
#endif
@@ -7185,6 +7188,9 @@ int main(int argc, char **argv)
case QEMU_OPTION_tftp:
tftp_prefix = optarg;
break;
+case QEMU_OPTION_bootp:
+bootp_filename = optarg;
+break;
#ifndef _WIN32
case QEMU_OPTION_smb:
net_slirp_smb(optarg);
diff -r ea5eb79ade8d vl.h
--- a/vl.h Thu Feb 15 16:49:28 2007 -0600
+++ b/vl.h Thu Feb 15 16:49:30 2007 -0600
@@ -163,6 +163,7 @@ extern int no_quit;
extern int no_quit;
extern int semihosting_enabled;
extern int autostart;
+extern const char *bootp_filename;
#define MAX_OPTION_ROMS 16
extern const char *option_rom[MAX_OPTION_ROMS];
diff -r ea5eb79ade8d qemu-doc.texi
--- a/qemu-doc.texi Thu Feb 15 16:49:28 2007 -0600
+++ b/qemu-doc.texi Thu Feb 15 16:57:23 2007 -0600
@@ -445,6 +445,16 @@ guest must be configured in binary mode
guest must be configured in binary mode (use the command @code{bin} of
the Unix TFTP client). The host IP address on the guest is as usual
10.0.2.2.
+
[EMAIL PROTECTED] -bootp file
+When using the user mode network stack, broadcast @var{file} as the BOOTP
+filename. In conjunction with @option{-tftp}, this can be used to network boot
+a guest from a local directory.
+
+Example (using pxelinux):
[EMAIL PROTECTED]
+qemu -hda linux.img -boot n -tftp /path/to/tftp/files -bootp /pxelinux.0
[EMAIL PROTECTED] example
@item -smb dir
When using the user mode network stack, activate a built-in SMB
___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] [PATCH 3/3] Change -tftp option to take a root directory
This patch changes the -tftp option to take a root directory instead of
a prefix. I know it's common for a TFTP server to take a prefix but
it's easier typing wise to expose files as being part of a root. For
example, without this patch, to PXE boot:
qemu -hda disk.img -tftp /home/anthony/tftpboot -bootp
/home/anthony/tftpboot/pxelinux.0
With the patch:
qemu -hda disk.img -tftp /home/anthony/tftpboot -bootp /pxelinux.0
Also helps deal with the fact that TFTP filenames are limited to 512
characters.
Regards,
Anthony Liguori
diff -r 91f98dfbdc3f qemu-doc.texi
--- a/qemu-doc.texi Thu Feb 15 21:22:02 2007 -0600
+++ b/qemu-doc.texi Thu Feb 15 21:22:03 2007 -0600
@@ -438,13 +438,12 @@ override the default configuration (@opt
override the default configuration (@option{-net nic -net user}) which
is activated if no @option{-net} options are provided.
[EMAIL PROTECTED] -tftp prefix
[EMAIL PROTECTED] -tftp dir
When using the user mode network stack, activate a built-in TFTP
-server. All filenames beginning with @var{prefix} can be downloaded
-from the host to the guest using a TFTP client. The TFTP client on the
-guest must be configured in binary mode (use the command @code{bin} of
-the Unix TFTP client). The host IP address on the guest is as usual
-10.0.2.2.
+server. The files in @var{dir} will be exposed as the root of a TFTP server.
+The TFTP client on the guest must be configured in binary mode (use the command
[EMAIL PROTECTED] of the Unix TFTP client). The host IP address on the guest is as
+usual 10.0.2.2.
@item -bootp file
When using the user mode network stack, broadcast @var{file} as the BOOTP
diff -r 91f98dfbdc3f slirp/tftp.c
--- a/slirp/tftp.c Thu Feb 15 21:22:02 2007 -0600
+++ b/slirp/tftp.c Thu Feb 15 21:22:03 2007 -0600
@@ -102,8 +102,15 @@ static int tftp_read_data(struct tftp_se
{
int fd;
int bytes_read = 0;
-
- fd = open(spt->filename, O_RDONLY | O_BINARY);
+ char buffer[1024];
+ int n;
+
+ n = snprintf(buffer, sizeof(buffer), "%s/%s",
+ tftp_prefix, spt->filename);
+ if (n >= sizeof(buffer))
+return -1;
+
+ fd = open(buffer, O_RDONLY | O_BINARY);
if (fd < 0) {
return -1;
@@ -328,8 +335,7 @@ static void tftp_handle_rrq(struct tftp_
/* only allow exported prefixes */
- if (!tftp_prefix
- || (strncmp(spt->filename, tftp_prefix, strlen(tftp_prefix)) != 0)) {
+ if (!tftp_prefix) {
tftp_send_error(spt, 2, "Access violation", tp);
return;
}
diff -r 91f98dfbdc3f vl.c
--- a/vl.c Thu Feb 15 21:22:02 2007 -0600
+++ b/vl.c Thu Feb 15 21:22:03 2007 -0600
@@ -6487,7 +6487,7 @@ void help(void)
"is provided, the default is '-net nic -net user'\n"
"\n"
#ifdef CONFIG_SLIRP
- "-tftp prefixallow tftp access to files starting with prefix [-net user]\n"
+ "-tftp dir allow tftp access to files in dir [-net user]\n"
"-bootp file advertise file in BOOTP replies\n"
#ifndef _WIN32
"-smb dirallow SMB access to files in 'dir' [-net user]\n"
___
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
[Qemu-devel] Counting Instructions and Looking for Conditional Branches
I am wondering if anyone knows where in the QEMU source code I can create a counter to count the number of executed instructions? In addition, where I can place an IF statement to see if a conditional branch instruction is about to execute. I need to do this to create a basic block vector for SimPoint. I have found that the function cpu-exec in cpu-exec.c is probably going to be involved, but I would appreciate any help in narrowing things down. Basically, all I need to do is at every instruction I increase a counter. Then, I see if that instruction is a conditional branch. If it is, I print some characters to a file, and reset the counter. I would greatly appreciate any help. ~Shane ___ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
