[Qemu-devel] How to make shadow memory for a process? and how to trace the data propation from the instruction level in QEMU?
Hi, I am a newbie of QEMU. I want to use the QEMU for the dynamic analysis of malware, usually called “taint analysis”. The main idea is to tag data from some specific sources, for example, network packets, files in a harddisk, and user inputs and so on, and then trace the propagation of the tagged data in the system. Once the tagged data is maliciously used, an alarm is raised. To build an analysis environment, I need to solve the following problems: (1)Make the shadow memory for each process under analysis. How can I make the shadow memory in QEMU? I think I can partition the memory of QEMU into two blocks, one for the process under analysis, the other for the process’s shadow memory. Is that right? (2)Tracing propagation of tagged data is implemented in the instruction level. That is to say, for example, if the source operand of an instruction is tagged, then the destination operand of the instruction is also tagged. How can I implement the idea? Should I modify the instruction translation functions to add code for tagging and recompile QEMU? (3)In the process of analyzing malware, two types of semantic information should be combined. One from the OS, including process information, stack information, heap information and so on; the other from the QEMU, including mostly the tag propagation information. The question is, how can I code to relate both of the information? That is to say, how to make QEMU receive information from OS, and how to make OS receive information from QEMU? Sorry for writing so much, and thank you very much for your time! I am a newbie of QEMU, and you need ONLY BRIEFLY tell me what do read, where to search, or how to try, if the answer is too complex. Of course, detailed instructions are VERY MUCH WELCOMED! Thank you very much in advance! Best regards F. Zhang
[Qemu-devel] Re: [PATCH] virtio-9p: fix build on !CONFIG_UTIMENSAT v2
* Hidetoshi Seto (seto.hideto...@jp.fujitsu.com) wrote:
> +/*
> + * Fallback: use utimes() instead of utimensat().
> + * See commit 74bc02b2d2272dc88fb98d43e631eb154717f517 for known problem.
> + */
> +struct timeval tv[2];
> +int i;
> +
> +for (i = 0; i < 2; i++) {
> +if (times[i].tv_nsec == UTIME_OMIT || times[i].tv_nsec == UTIME_NOW)
> {
> +tv[i].tv_sec = 0;
> +tv[i].tv_usec = 0;
I don't think this is accurate in either case. It will set the
atime, mtime, or both to 0.
For UTIME_NOW (in both) we'd simply pass NULL to utimes(2). For
UTIME_OMIT (in both) we'd simply skip the call to utimes(2) altogether.
The harder part is a mixed mode (i.e. the truncate fix mentioned in the
above commit). I think the only way to handle UTIME_NOW in one is to
call gettimeofday (or clock_gettime for better resolution) to find out
what current time is. And for UTIME_OMIT call stat to find out what the
current setting is and reset to that value. Both of those cases can
possibly zero out the extra precision (providing only seconds
resolution).
thanks,
-chris
[Qemu-devel] Re: Cannot not unplug cold-plugged devices
On Sat, Nov 13, 2010 at 10:59:15PM +0200, Michael S. Tsirkin wrote: > On Fri, Nov 12, 2010 at 09:50:30PM +0900, Isaku Yamahata wrote: > > On Fri, Nov 12, 2010 at 01:26:30PM +0200, Michael S. Tsirkin wrote: > > > No, I am just trying to understand why is hotplug event dangerous. > > > We still get it if we do device add before starting the VM, right? > > > > I'm not sure if it's safe to call enable/disable_device() and > > pm_update_sci() before starting VM. > > So I'd like to avoid to call them instead of making sure it. > > If someone else ensures its safety, I'm willing to eliminate the if clause. > > Well I don't think it's dangerous. Why? > I guess it makes sense for whatever is supplied on qemu command line > to not cause a hotplug event. But, those functions inject a hot plug event into a guest. -- yamahata
[Qemu-devel] Issue with block/vmdk
I tried to boot the vmdk generated by the Haiku build system here but it aborted. It seems the header has the capacity field set to 0, to mean that there is no embedded grain directory if I understand the vbox sources... At least the same image boots perfectly in VBox. If anyone wants to test : http://haiku-files.org/vmware/ any image should do. They are generated by: http://dev.haiku-os.org/browser/haiku/trunk/src/tools/vmdkimage/vmdkimage.cpp#L303 The mention in vbox: http://www.virtualbox.org/browser/trunk/src/VBox/Storage/VMDK.cpp#L2796 I might have a closer look at some point but I don't know when. François.
[Qemu-devel] [PATCH] pci: split config update for dev assignment
Device assignment in qemu-kvm wants to update
config array without any side-efects.
Make it easier to do so.
Signed-off-by: Michael S. Tsirkin
---
Alex, I think your work on dev assignment will be easier if I apply
this on qemu.kvm. Right? Let me know.
hw/pci.c | 12 ++--
1 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/hw/pci.c b/hw/pci.c
index 8f6fcf8..30e1603 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -996,10 +996,10 @@ uint32_t pci_default_read_config(PCIDevice *d,
return le32_to_cpu(val);
}
-void pci_default_write_config(PCIDevice *d, uint32_t addr, uint32_t val, int l)
+static void pci_update_config(PCIDevice *d, uint32_t addr, uint32_t val, int l)
{
-int i, was_irq_disabled = pci_irq_disabled(d);
uint32_t config_size = pci_config_size(d);
+int i;
for (i = 0; i < l && addr + i < config_size; val >>= 8, ++i) {
uint8_t wmask = d->wmask[addr + i];
@@ -1008,6 +1008,14 @@ void pci_default_write_config(PCIDevice *d, uint32_t
addr, uint32_t val, int l)
d->config[addr + i] = (d->config[addr + i] & ~wmask) | (val & wmask);
d->config[addr + i] &= ~(val & w1cmask); /* W1C: Write 1 to Clear */
}
+}
+
+void pci_default_write_config(PCIDevice *d, uint32_t addr, uint32_t val, int l)
+{
+int was_irq_disabled = pci_irq_disabled(d);
+
+pci_update_config(d, addr, val, l);
+
if (ranges_overlap(addr, l, PCI_BASE_ADDRESS_0, 24) ||
ranges_overlap(addr, l, PCI_ROM_ADDRESS, 4) ||
ranges_overlap(addr, l, PCI_ROM_ADDRESS1, 4) ||
--
1.7.3.2.91.g446ac
[Qemu-devel] Re: [PATCH v2 1/9] pci: pci_default_cap_write_config ignores wmask
On Fri, Nov 12, 2010 at 10:46:10AM -0700, Alex Williamson wrote:
> Make use of wmask, just like the rest of config space.
>
> Signed-off-by: Alex Williamson
Hmm, this will create conflicts on merging with qemu.kvm
which already has w1mask in same function.
I'll apply a patch splitting mask use to a separate function
to make life easier for you.
> ---
>
> hw/pci.c | 22 ++
> 1 files changed, 10 insertions(+), 12 deletions(-)
>
> diff --git a/hw/pci.c b/hw/pci.c
> index 92aaa85..4bc5882 100644
> --- a/hw/pci.c
> +++ b/hw/pci.c
> @@ -1175,13 +1175,15 @@ uint32_t pci_default_read_config(PCIDevice *d,
> return pci_read_config(d, address, len);
> }
>
> -static void pci_write_config(PCIDevice *pci_dev,
> - uint32_t address, uint32_t val, int len)
> +static void pci_write_config_with_mask(PCIDevice *d, uint32_t addr,
> + uint32_t val, int l)
> {
> int i;
> -for (i = 0; i < len; i++) {
> -pci_dev->config[address + i] = val & 0xff;
> -val >>= 8;
> +uint32_t config_size = pci_config_size(d);
> +
> +for (i = 0; i < l && addr + i < config_size; val >>= 8, ++i) {
> +uint8_t wmask = d->wmask[addr + i];
> +d->config[addr + i] = (d->config[addr + i] & ~wmask) | (val & wmask);
> }
> }
>
> @@ -1202,23 +1204,19 @@ uint32_t pci_default_cap_read_config(PCIDevice
> *pci_dev,
> void pci_default_cap_write_config(PCIDevice *pci_dev,
>uint32_t address, uint32_t val, int len)
> {
> -pci_write_config(pci_dev, address, val, len);
> +pci_write_config_with_mask(pci_dev, address, val, len);
> }
>
> void pci_default_write_config(PCIDevice *d, uint32_t addr, uint32_t val, int
> l)
> {
> -int i, was_irq_disabled = pci_irq_disabled(d);
> -uint32_t config_size = pci_config_size(d);
> +int was_irq_disabled = pci_irq_disabled(d);
>
> if (pci_access_cap_config(d, addr, l)) {
> d->cap.config_write(d, addr, val, l);
> return;
> }
>
> -for (i = 0; i < l && addr + i < config_size; val >>= 8, ++i) {
> -uint8_t wmask = d->wmask[addr + i];
> -d->config[addr + i] = (d->config[addr + i] & ~wmask) | (val & wmask);
> -}
> +pci_write_config_with_mask(d, addr, val, l);
>
> #ifdef CONFIG_KVM_DEVICE_ASSIGNMENT
> if (kvm_enabled() && kvm_irqchip_in_kernel() &&
[Qemu-devel] Re: [PATCH v2 9/9] pci: Store capability offsets in PCIDevice
On Fri, Nov 12, 2010 at 10:47:21AM -0700, Alex Williamson wrote:
> This not only makes pci_find_capability a directly lookup, but also
> allows us to better track added capabilities and avoids the proliferation
> of random additional capability offset markers.
>
> Signed-off-by: Alex Williamson
There shouldn't be any need to store offsets
separately as find_capability gives you the value,
and duplicating same data in two places is bad
as we need to keep them in sync now.
We track offset to msi and msix capabilities as an optimization:
because they are used on data path. I can't see why would
we need to optimize any other capability like this.
> ---
>
> hw/msix.c | 15 +++
> hw/pci.c | 20 ++--
> hw/pci.h |5 +++--
> 3 files changed, 28 insertions(+), 12 deletions(-)
>
> diff --git a/hw/msix.c b/hw/msix.c
> index b98b34a..060f27b 100644
> --- a/hw/msix.c
> +++ b/hw/msix.c
> @@ -204,7 +204,6 @@ static int msix_add_config(struct PCIDevice *pdev,
> unsigned short nentries,
> pci_set_long(config + MSIX_PBA_OFFSET, (bar_size +
> MSIX_PAGE_PENDING) |
> bar_nr);
> }
> -pdev->msix_cap = config_offset;
> /* Make flags bit writeable. */
> pdev->wmask[config_offset + MSIX_CONTROL_OFFSET] |= MSIX_ENABLE_MASK |
> MSIX_MASKALL_MASK;
> @@ -253,7 +252,8 @@ static void msix_clr_pending(PCIDevice *dev, int vector)
>
> static int msix_function_masked(PCIDevice *dev)
> {
> -return dev->config[dev->msix_cap + MSIX_CONTROL_OFFSET] &
> MSIX_MASKALL_MASK;
> +return dev->config[dev->caps[PCI_CAP_ID_MSIX] +
> + MSIX_CONTROL_OFFSET] & MSIX_MASKALL_MASK;
> }
>
> static int msix_is_masked(PCIDevice *dev, int vector)
> @@ -275,7 +275,7 @@ static void msix_handle_mask_update(PCIDevice *dev, int
> vector)
> void msix_write_config(PCIDevice *dev, uint32_t addr,
> uint32_t val, int len)
> {
> -unsigned enable_pos = dev->msix_cap + MSIX_CONTROL_OFFSET;
> +unsigned enable_pos = dev->caps[PCI_CAP_ID_MSIX] + MSIX_CONTROL_OFFSET;
> int vector;
>
> if (!range_covers_byte(addr, len, enable_pos)) {
> @@ -334,7 +334,7 @@ static CPUReadMemoryFunc * const msix_mmio_read[] = {
> void msix_mmio_map(PCIDevice *d, int region_num,
> pcibus_t addr, pcibus_t size, int type)
> {
> -uint8_t *config = d->config + d->msix_cap;
> +uint8_t *config = d->config + d->caps[PCI_CAP_ID_MSIX];
> uint32_t table = pci_get_long(config + MSIX_TABLE_OFFSET);
> uint32_t offset = table & ~(MSIX_PAGE_SIZE - 1);
> /* TODO: for assigned devices, we'll want to make it possible to map
> @@ -437,7 +437,6 @@ int msix_uninit(PCIDevice *dev)
> if (!(dev->cap_present & QEMU_PCI_CAP_MSIX))
> return 0;
> pci_del_capability(dev, PCI_CAP_ID_MSIX, MSIX_CAP_LENGTH);
> -dev->msix_cap = 0;
> msix_free_irq_entries(dev);
> dev->msix_entries_nr = 0;
> cpu_unregister_io_memory(dev->msix_mmio_index);
> @@ -493,7 +492,7 @@ int msix_present(PCIDevice *dev)
> int msix_enabled(PCIDevice *dev)
> {
> return (dev->cap_present & QEMU_PCI_CAP_MSIX) &&
> -(dev->config[dev->msix_cap + MSIX_CONTROL_OFFSET] &
> +(dev->config[dev->caps[PCI_CAP_ID_MSIX] + MSIX_CONTROL_OFFSET] &
> MSIX_ENABLE_MASK);
> }
>
> @@ -534,8 +533,8 @@ void msix_reset(PCIDevice *dev)
> if (!(dev->cap_present & QEMU_PCI_CAP_MSIX))
> return;
> msix_free_irq_entries(dev);
> -dev->config[dev->msix_cap + MSIX_CONTROL_OFFSET] &=
> - ~dev->wmask[dev->msix_cap + MSIX_CONTROL_OFFSET];
> +dev->config[dev->caps[PCI_CAP_ID_MSIX] + MSIX_CONTROL_OFFSET] &=
> + ~dev->wmask[dev->caps[PCI_CAP_ID_MSIX] + MSIX_CONTROL_OFFSET];
> memset(dev->msix_table_page, 0, MSIX_PAGE_SIZE);
> msix_mask_all(dev, dev->msix_entries_nr);
> }
> diff --git a/hw/pci.c b/hw/pci.c
> index bc25be7..773afa5 100644
> --- a/hw/pci.c
> +++ b/hw/pci.c
> @@ -1990,15 +1990,24 @@ int pci_add_capability_at_offset(PCIDevice *pdev,
> uint8_t cap_id,
> {
> uint8_t i, *config = pdev->config + offset;
>
> +/* Check overlap with existing capabilities, valid cap, already added */
> for (i = 0; i < size; i++) {
> if (pdev->config_map[offset + i]) {
> return -EFAULT;
> }
> }
>
> +if (!cap_id || cap_id > PCI_CAP_ID_MAX) {
> +return -EINVAL;
> +}
> +
> +if (pdev->caps[cap_id]) {
> +return -EFAULT;
> +}
> +
> config[PCI_CAP_LIST_ID] = cap_id;
> config[PCI_CAP_LIST_NEXT] = pdev->config[PCI_CAPABILITY_LIST];
> -pdev->config[PCI_CAPABILITY_LIST] = offset;
> +pdev->caps[cap_id] = pdev->config[PCI_CAPABILITY_LIST] = offset;
> memset(pdev->config_map + offset, cap_id, size);
> /* Make capability read-only by default */
> memset(pdev->wmask + offset, 0, size);
> @@ -2033,6 +2042,7 @@ void pci_del_capability(PCIDevice *pdev, uint8_t
[Qemu-devel] Re: Cannot not unplug cold-plugged devices
On Fri, Nov 12, 2010 at 09:50:30PM +0900, Isaku Yamahata wrote: > On Fri, Nov 12, 2010 at 01:26:30PM +0200, Michael S. Tsirkin wrote: > > No, I am just trying to understand why is hotplug event dangerous. > > We still get it if we do device add before starting the VM, right? > > I'm not sure if it's safe to call enable/disable_device() and > pm_update_sci() before starting VM. > So I'd like to avoid to call them instead of making sure it. > If someone else ensures its safety, I'm willing to eliminate the if clause. Well I don't think it's dangerous. I guess it makes sense for whatever is supplied on qemu command line to not cause a hotplug event. > -- > yamahata
[Qemu-devel] State of EHCI emulation for QEMU
Hi all, as you may know, there is an experimental git repository at git://git.kiszka.org/qemu.git ehci that contains (primarily) David's work on an EHCI model for QEMU, infrequently merges with latest git by me. As both David and I are short on time ATM to drive this towards mainline integration, I'd like to motivate some more contributions. But first of all a summary of its state: - works OK for mass storage device pass-through - gives quite decent performance this way (I've once installed a complete Linux distro onto an USB disk this way) - reported to fail when passing through certain other host device types (e.g. the iPhone) - lacks integration with UHCI (currently, only EHCI is provided by that tree, breaking USB 1.1 devices) David furthermore provided the following to-dos: - lacks periodic frames support - lacks isochronous traffic support - lacks split transactions support - NAK/reload support is kludgy at best - throttle interrupt rate based on OS settings Regarding integration with UHCI: David once posted an RFC patch that basically establishes the foundation for fixed device-to-controller assignment [1][2]. Most real implementations do dynamic hand-over between EHCI and UHCI, however, the spec allows static assignment as well (which simplifies the implementation in QEMU). Would be really nice to see this upstream rather sooner than later. I think the major blocking point is just the companion controller integration, then we would already be able to use it with USB disks/sticks. So, if anyone is interested in picking up some open task, every contribution is welcome! Jan [1] http://thread.gmane.org/gmane.comp.emulators.qemu/77130 [2] http://thread.gmane.org/gmane.comp.emulators.qemu/76072 signature.asc Description: OpenPGP digital signature
[Qemu-devel] [Bug 643430] Re: system_powerdown is working in qemu-kvm with KVM enabled for FreeBSD guests
The updated bios.bin works fine for me, thanks. -- system_powerdown is working in qemu-kvm with KVM enabled for FreeBSD guests https://bugs.launchpad.net/bugs/643430 You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. Status in QEMU: New Status in Debian GNU/Linux: New Bug description: system_powerdown stops working in qemu-kvm for FreeBSD guests if KVM is enabled. How to reproduce: 1. qemu -cdrom ~/.VirtualBox/libvirt/FreeBSD-8.1-RELEASE-i386-bootonly.iso 2. Enter system_powerdown in the qemu console 3. Nothing happens. Adding --no-kvm option makes system_powerdown work: 1. qemu --no-kvm -cdrom ~/.VirtualBox/libvirt/FreeBSD-8.1-RELEASE-i386-bootonly.iso 2. system_powerdown 3. FreeBSD installer shows the shutdown dialog as expected Tested on FreeBSD 6.4, 7.2, and 8.0 with qemu-kvm 0.12.5 and older versions.
[Qemu-devel] Re: [SeaBIOS] [PATCH] fix virtio-blk failure after reboot
On Tue, Nov 09, 2010 at 08:46:43AM +0200, Gleb Natapov wrote: > On Mon, Nov 08, 2010 at 06:59:37PM -0500, Kevin O'Connor wrote: > > On Wed, Sep 15, 2010 at 06:31:44PM +0200, Gleb Natapov wrote: > > > vring_virtqueue should be zeroed otherwise old values will be reused > > > after reboot. > > > > > > Signed-off-by: Gleb Natapov > > > diff --git a/src/virtio-blk.c b/src/virtio-blk.c > > > index 34d7863..7a25826 100644 > > > --- a/src/virtio-blk.c > > > +++ b/src/virtio-blk.c > > > @@ -109,6 +109,7 @@ init_virtio_blk(u16 bdf) > > > goto fail; > > > } > > > memset(vdrive_g, 0, sizeof(*vdrive_g)); > > > +memset(vq, 0, sizeof(*vq)); > > > vdrive_g->drive.type = DTYPE_VIRTIO; > > > vdrive_g->drive.cntl_id = bdf; > > > vdrive_g->vq = vq; > > > > This didn't make it into SeaBIOS v0.6.1. Should we add this to the > > stable branch as v0.6.1.2? Any other bugfixes that need to go in to > > the stable branch (maybe Isaku's pci overflow patches)? > > > Yes. Please add it to stable branch. I added it and tagged it as v0.6.1.2. -Kevin
[Qemu-devel] Re: [SeaBIOS] [PATCH v3 0/2] pciinit: fix overflow when bar allocation
On Thu, Oct 28, 2010 at 03:54:34PM +0900, Isaku Yamahata wrote: > Changes v2 -> v3: > - use [first, last] instead of [start, end) > > Changes v1 -> v2: > - add comment. > > Patch description: > This patch set fixes PCI bar allocation when bar overflow occured. > I checked if pmm_alloc facility can be used, but it doesn't suit for > pci bar allocation. So I resulted in new API, pci_region which > encapsulates region allocation and overflow checks. > The first patch introduces pci_region, and the second patch fixes > the overflow case with pci_region. Thanks. I've committed these. I put them on the master branch - I can also place them on the stable branch if they're needed there. -Kevin
Re: [Qemu-devel] Log Console Output to File
Hi, A bit more on this - as I have been trying to get it working ... :-). The command you provided did work if I use /dev/tty in place of stdio (i.e. -serial /dev/tty) ... except that it only "starts" to work once I have a login prompt in QEMU (and then also in my command window). I'm trying to capture all the Linux boot info / messages prior to that. Any idea how to get this info to show up in my console window (where I'm executing qemu from)? Thanks! On Thu, Nov 11, 2010 03:17 PM, Stefan Weil wrote: > Am 11.11.2010 21:37, schrieb Russell Morris: > > Hi, > > > > Thanks for the pointer! I tried this, but I get an error message, as > > follows ... > > *chardev: opening backent "stdio" failed* > > *qemu: could not open serial device 'stdio': Inappropriate ioctl for > > device.* > > > > Thoughts? > > Hi, > > I assume that you tried this (as it was suggested by an earlier mail): > > qemu -serial stdio -nographic ... > > This results in an error message for me, too: > > chardev: opening backend "stdio" failed > qemu: could not open serial device 'stdio': No such file or directory > > Try this variant (which works for me): > > qemu -nographic ... > > It will redirect the serial output (first serial port) of your guest os to > standard output, so you can write it to a file with the usual methods, > for example this one: > > qemu -nographic ... | tee log.txt > > Regards > > Stefan Weil > >
Re: [Qemu-devel] [PATCH] usb-linux: allow multiple devices with matching IDs
On Wed, Nov 10, 2010 at 6:01 PM, Markus Armbruster wrote:
> Grazvydas Ignotas writes:
>
>> Right now if we pass through multiple USB devices with matching vendor
>> and product IDs, only first one is passed to guest, as the code thinks
>> second device is already attached. The only way to get those devices
>> working is to specify bus.addr which is inconvenient if devices are
>> frequently replugged on host, because the address changes after replug.
>>
>> Fix this by checking bus.addr before assuming the device is already
>> attached. This way -usbdevice host:1234:1234 -usbdevice host:1234:1234
>> will pass through 2 devices correctly.
>>
>> Signed-off-by: Grazvydas Ignotas
>> ---
>> usb-linux.c | 8 ++--
>> 1 files changed, 6 insertions(+), 2 deletions(-)
>>
>> diff --git a/usb-linux.c b/usb-linux.c
>> index c3c38ec..b5f1396 100644
>> --- a/usb-linux.c
>> +++ b/usb-linux.c
>> @@ -1464,9 +1464,13 @@ static int usb_host_auto_scan(void *opaque, int
>> bus_num, int addr,
>> }
>> /* We got a match */
>>
>> - /* Already attached ? */
>> if (s->fd != -1) {
>> - return 0;
>> + /* Already attached? */
>> + if (s->bus_num == bus_num && s->addr == addr)
>> + return 0;
>> +
>> + /* Not attached but needs another hostdev */
>> + continue;
>> }
>> DPRINTF("husb: auto open: bus_num %d addr %d\n", bus_num, addr);
>
> Did you test that filtering by bus and addr still works?
>
Yes. However it still acts strange when one of those 2 devices is
unplugged, so you can drop this patch for now I guess.
Re: [Qemu-devel] No Virtual Console
That's the problem - thanks!!! Now I just need to figure out how to log all the Linux boot info to a file. Take care, ... Russell On Fri, Nov 12, 2010 12:03 PM, Mulyadi Santosa wrote: > On Fri, Nov 12, 2010 at 16:49, wrote: > > Yes - that's it! The SDL window. I can't get it to show up ... any ideas? > > make sure you have "SDL" package installed. Also, if you compile Qemu > by your own, please install "SDL-devel" package before ./configure and > make. > > -- > regards, > > Mulyadi Santosa > Freelance Linux trainer and consultant > > blog: the-hydra.blogspot.com > training: mulyaditraining.blogspot.com >
Re: [Qemu-devel] [PATCH 1/2] Delete useless 'extern' qualifiers for functions
Am 13.11.2010 13:49, schrieb Blue Swirl: 'extern' qualifier is useless for function declarations. Delete them. Signed-off-by: Blue Swirl --- cache-utils.h | 2 +- cmd.h | 36 darwin-user/commpage.c | 2 +- darwin-user/syscall.c | 24 +- dis-asm.h | 85 +++ envlist.h | 14 +++--- exec-all.h | 2 +- fpu/softfloat-native.c | 4 +- fsdev/qemu-fsdev.h | 6 +- hw/file-op-9p.h | 2 +- hw/hw.h | 21 +- hw/mips.h | 2 +- hw/s390-virtio-bus.h | 16 +++ hw/virtio-9p-xattr.h | 17 hw/virtio-9p.h | 4 +- hw/watchdog.h | 8 ++-- linux-user/arm/nwfpe/fpa11.h | 6 +- linux-user/arm/nwfpe/fpopcode.h | 4 +- linux-user/syscall.c | 10 ++-- m68k-dis.c | 11 ++--- osdep.c | 2 +- qemu-common.h | 2 +- slirp/slirp.h | 10 ++-- target-s390x/cpu.h | 6 +- tests/cris/sys.h | 4 +- tests/runcom.c | 4 +- ui/cocoa.m | 6 +- ui/d3des.h | 8 ++-- ui/x_keymap.h | 4 +- 29 files changed, 158 insertions(+), 164 deletions(-) extern qualifiers in *.c files are very useful: They should be replaced by include statements (this makes it possible to check whether declaration and implementation match). Without 'extern', they are difficult to detect, with 'extern' this is easy. So either replace those extern declarations by an include statement (best solution), or don't touch the 'extern' there, or add a comment which can be easily found (XXX or TODO). Regards Stefan
[Qemu-devel] [PATCH 2/2] Replace 'extern inline' with 'static inline'
Signed-off-by: Blue Swirl
---
tests/cris/check_abs.c |5 +++--
tests/cris/check_addc.c |3 ++-
tests/cris/check_addcm.c |6 --
tests/cris/check_bound.c |9 ++---
tests/cris/check_ftag.c | 12
tests/cris/check_int64.c |6 --
tests/cris/check_lz.c|2 +-
tests/cris/check_swap.c |2 +-
tests/cris/crisutils.h | 20 ++--
tests/hello-i386.c |4 ++--
10 files changed, 41 insertions(+), 28 deletions(-)
diff --git a/tests/cris/check_abs.c b/tests/cris/check_abs.c
index 3966c87..9770a8d 100644
--- a/tests/cris/check_abs.c
+++ b/tests/cris/check_abs.c
@@ -4,13 +4,14 @@
#include "sys.h"
#include "crisutils.h"
-extern inline int cris_abs(int n) {
+static inline int cris_abs(int n)
+{
int r;
asm ("abs\t%1, %0\n" : "=r" (r) : "r" (n));
return r;
}
-extern inline void
+static inline void
verify_abs(int val, int res,
const int n, const int z, const int v, const int c)
{
diff --git a/tests/cris/check_addc.c b/tests/cris/check_addc.c
index e407855..facd1be 100644
--- a/tests/cris/check_addc.c
+++ b/tests/cris/check_addc.c
@@ -4,7 +4,8 @@
#include "sys.h"
#include "crisutils.h"
-extern inline int cris_addc(int a, const int b) {
+static inline int cris_addc(int a, const int b)
+{
asm ("addc\t%1, %0\n" : "+r" (a) : "r" (b));
return a;
}
diff --git a/tests/cris/check_addcm.c b/tests/cris/check_addcm.c
index 9ffea29..7928bc9 100644
--- a/tests/cris/check_addcm.c
+++ b/tests/cris/check_addcm.c
@@ -5,13 +5,15 @@
#include "crisutils.h"
/* need to avoid acr as source here. */
-extern inline int cris_addc_m(int a, const int *b) {
+static inline int cris_addc_m(int a, const int *b)
+{
asm volatile ("addc [%1], %0\n" : "+r" (a) : "r" (b));
return a;
}
/* 'b' is a crisv32 constrain to avoid postinc with $acr. */
-extern inline int cris_addc_pi_m(int a, int **b) {
+static inline int cris_addc_pi_m(int a, int **b)
+{
asm volatile ("addc [%1+], %0\n" : "+r" (a), "+b" (*b));
return a;
}
diff --git a/tests/cris/check_bound.c b/tests/cris/check_bound.c
index 411d2ad..e883175 100644
--- a/tests/cris/check_bound.c
+++ b/tests/cris/check_bound.c
@@ -4,19 +4,22 @@
#include "sys.h"
#include "crisutils.h"
-extern inline int cris_bound_b(int v, int b) {
+static inline int cris_bound_b(int v, int b)
+{
int r = v;
asm ("bound.b\t%1, %0\n" : "+r" (r) : "ri" (b));
return r;
}
-extern inline int cris_bound_w(int v, int b) {
+static inline int cris_bound_w(int v, int b)
+{
int r = v;
asm ("bound.w\t%1, %0\n" : "+r" (r) : "ri" (b));
return r;
}
-extern inline int cris_bound_d(int v, int b) {
+static inline int cris_bound_d(int v, int b)
+{
int r = v;
asm ("bound.d\t%1, %0\n" : "+r" (r) : "ri" (b));
return r;
diff --git a/tests/cris/check_ftag.c b/tests/cris/check_ftag.c
index 40d1507..908773a 100644
--- a/tests/cris/check_ftag.c
+++ b/tests/cris/check_ftag.c
@@ -4,19 +4,23 @@
#include "sys.h"
#include "crisutils.h"
-extern inline void cris_ftag_i(unsigned int x) {
+static inline void cris_ftag_i(unsigned int x)
+{
register unsigned int v asm("$r10") = x;
asm ("ftagi\t[%0]\n" : : "r" (v) );
}
-extern inline void cris_ftag_d(unsigned int x) {
+static inline void cris_ftag_d(unsigned int x)
+{
register unsigned int v asm("$r10") = x;
asm ("ftagd\t[%0]\n" : : "r" (v) );
}
-extern inline void cris_fidx_i(unsigned int x) {
+static inline void cris_fidx_i(unsigned int x)
+{
register unsigned int v asm("$r10") = x;
asm ("fidxi\t[%0]\n" : : "r" (v) );
}
-extern inline void cris_fidx_d(unsigned int x) {
+static inline void cris_fidx_d(unsigned int x)
+{
register unsigned int v asm("$r10") = x;
asm ("fidxd\t[%0]\n" : : "r" (v) );
}
diff --git a/tests/cris/check_int64.c b/tests/cris/check_int64.c
index 99ca6f1..fc60017 100644
--- a/tests/cris/check_int64.c
+++ b/tests/cris/check_int64.c
@@ -5,11 +5,13 @@
#include "crisutils.h"
-extern inline int64_t add64(const int64_t a, const int64_t b) {
+static inline int64_t add64(const int64_t a, const int64_t b)
+{
return a + b;
}
-extern inline int64_t sub64(const int64_t a, const int64_t b) {
+static inline int64_t sub64(const int64_t a, const int64_t b)
+{
return a - b;
}
diff --git a/tests/cris/check_lz.c b/tests/cris/check_lz.c
index 7b30a26..69c2e6d 100644
--- a/tests/cris/check_lz.c
+++ b/tests/cris/check_lz.c
@@ -3,7 +3,7 @@
#include
#include "sys.h"
-extern inline int cris_lz(int x)
+static inline int cris_lz(int x)
{
int r;
asm ("lz\t%1, %0\n" : "=r" (r) : "r" (x));
diff --git a/tests/cris/check_swap.c b/tests/cris/check_swap.c
index 824a685..f851cbc 100644
--- a/tests/cris/check_swap.c
+++ b/tests/cris/check_swap.c
@@ -9,7 +9,7 @@
#define B 2
#define R 1
-extern inline int cris_swap(const int mode, int x)
+static inline int cris_
[Qemu-devel] [PATCH 1/2] Delete useless 'extern' qualifiers for functions
'extern' qualifier is useless for function declarations. Delete
them.
Signed-off-by: Blue Swirl
---
cache-utils.h |2 +-
cmd.h | 36
darwin-user/commpage.c |2 +-
darwin-user/syscall.c | 24 +-
dis-asm.h | 85 +++
envlist.h | 14 +++---
exec-all.h |2 +-
fpu/softfloat-native.c |4 +-
fsdev/qemu-fsdev.h |6 +-
hw/file-op-9p.h |2 +-
hw/hw.h | 21 +-
hw/mips.h |2 +-
hw/s390-virtio-bus.h| 16 +++
hw/virtio-9p-xattr.h| 17
hw/virtio-9p.h |4 +-
hw/watchdog.h |8 ++--
linux-user/arm/nwfpe/fpa11.h|6 +-
linux-user/arm/nwfpe/fpopcode.h |4 +-
linux-user/syscall.c| 10 ++--
m68k-dis.c | 11 ++---
osdep.c |2 +-
qemu-common.h |2 +-
slirp/slirp.h | 10 ++--
target-s390x/cpu.h |6 +-
tests/cris/sys.h|4 +-
tests/runcom.c |4 +-
ui/cocoa.m |6 +-
ui/d3des.h |8 ++--
ui/x_keymap.h |4 +-
29 files changed, 158 insertions(+), 164 deletions(-)
diff --git a/cache-utils.h b/cache-utils.h
index b45fde4..0b65907 100644
--- a/cache-utils.h
+++ b/cache-utils.h
@@ -9,7 +9,7 @@ struct qemu_cache_conf {
extern struct qemu_cache_conf qemu_cache_conf;
-extern void qemu_cache_utils_init(char **envp);
+void qemu_cache_utils_init(char **envp);
/* mildly adjusted code from tcg-dyngen.c */
static inline void flush_icache_range(unsigned long start, unsigned long stop)
diff --git a/cmd.h b/cmd.h
index cbe9549..b763b19 100644
--- a/cmd.h
+++ b/cmd.h
@@ -38,33 +38,33 @@ typedef struct cmdinfo {
extern cmdinfo_t *cmdtab;
extern int ncmds;
-extern voidhelp_init(void);
-extern voidquit_init(void);
+void help_init(void);
+void quit_init(void);
typedef int (*argsfunc_t)(int index);
typedef int (*checkfunc_t)(const cmdinfo_t *ci);
-extern voidadd_command(const cmdinfo_t *ci);
-extern voidadd_user_command(char *optarg);
-extern voidadd_args_command(argsfunc_t af);
-extern voidadd_check_command(checkfunc_t cf);
+void add_command(const cmdinfo_t *ci);
+void add_user_command(char *optarg);
+void add_args_command(argsfunc_t af);
+void add_check_command(checkfunc_t cf);
-extern const cmdinfo_t *find_command(const char *cmd);
+const cmdinfo_t *find_command(const char *cmd);
-extern voidcommand_loop(void);
-extern int command_usage(const cmdinfo_t *ci);
-extern int command(const cmdinfo_t *ci, int argc, char **argv);
+void command_loop(void);
+int command_usage(const cmdinfo_t *ci);
+int command(const cmdinfo_t *ci, int argc, char **argv);
/* from input.h */
-extern char**breakline(char *input, int *count);
-extern voiddoneline(char *input, char **vec);
-extern char*fetchline(void);
+char **breakline(char *input, int *count);
+void doneline(char *input, char **vec);
+char *fetchline(void);
-extern long long cvtnum(char *s);
-extern voidcvtstr(double value, char *str, size_t sz);
+long long cvtnum(char *s);
+void cvtstr(double value, char *str, size_t sz);
-extern struct timeval tsub(struct timeval t1, struct timeval t2);
-extern double tdiv(double value, struct timeval tv);
+struct timeval tsub(struct timeval t1, struct timeval t2);
+double tdiv(double value, struct timeval tv);
enum {
DEFAULT_TIME= 0x0,
@@ -72,7 +72,7 @@ enum {
VERBOSE_FIXED_TIME = 0x2
};
-extern voidtimestr(struct timeval *tv, char *str, size_t sz, int flags);
+void timestr(struct timeval *tv, char *str, size_t sz, int flags);
extern char *progname;
diff --git a/darwin-user/commpage.c b/darwin-user/commpage.c
index f6aa71e..2b3a3b3 100644
--- a/darwin-user/commpage.c
+++ b/darwin-user/commpage.c
@@ -279,7 +279,7 @@ void do_add_atomic_word32(void *cpu_env, int num)
void do_cgettimeofday(void *cpu_env, int num, uint32_t arg1)
{
#ifdef TARGET_I386
-extern int __commpage_gettimeofday(struct timeval *);
+int __commpage_gettimeofday(struct timeval *);
DPRINTF("commpage: gettimeofday(0x%x)\n", arg1);
struct timeval *time = (struct timeval *)arg1;
int ret = __commpage_gettimeofday(time);
diff --git a/darwin-user/syscall.c b/darwin-user/syscall.c
index 060acc8..d173ef0 100644
--- a/darwin-user/syscall.c
+++ b/darwin-user/syscall.c
@@ -309,9 +309,9 @@ static inline uint32_t target_mach_msg_trap(
mach_msg_header_t *hdr, uint32_t options, uint32_t send_size,
uint32_t rcv_size, uint32_t rcv_name, uint32_t tim
[Qemu-devel] [PATCH 0/2] Fix uses of 'extern' qualifier for functions
Blue Swirl (2): Delete useless 'extern' qualifiers for functions Replace 'extern inline' with 'static inline' cache-utils.h |2 +- cmd.h | 36 darwin-user/commpage.c |2 +- darwin-user/syscall.c | 24 +- dis-asm.h | 85 +++ envlist.h | 14 +++--- exec-all.h |2 +- fpu/softfloat-native.c |4 +- fsdev/qemu-fsdev.h |6 +- hw/file-op-9p.h |2 +- hw/hw.h | 21 +- hw/mips.h |2 +- hw/s390-virtio-bus.h| 16 +++ hw/virtio-9p-xattr.h| 17 hw/virtio-9p.h |4 +- hw/watchdog.h |8 ++-- linux-user/arm/nwfpe/fpa11.h|6 +- linux-user/arm/nwfpe/fpopcode.h |4 +- linux-user/syscall.c| 10 ++-- m68k-dis.c | 11 ++--- osdep.c |2 +- qemu-common.h |2 +- slirp/slirp.h | 10 ++-- target-s390x/cpu.h |6 +- tests/cris/check_abs.c |5 +- tests/cris/check_addc.c |3 +- tests/cris/check_addcm.c|6 ++- tests/cris/check_bound.c|9 +++- tests/cris/check_ftag.c | 12 -- tests/cris/check_int64.c|6 ++- tests/cris/check_lz.c |2 +- tests/cris/check_swap.c |2 +- tests/cris/crisutils.h | 20 +- tests/cris/sys.h|4 +- tests/hello-i386.c |4 +- tests/runcom.c |4 +- ui/cocoa.m |6 +- ui/d3des.h |8 ++-- ui/x_keymap.h |4 +- 39 files changed, 199 insertions(+), 192 deletions(-)
Re: [Qemu-devel] virtio-blk broken after system reset
Am 13.11.2010 11:54, Stefan Hajnoczi wrote: > On Sat, Nov 13, 2010 at 10:09 AM, Jan Kiszka wrote: >> Am 13.11.2010 11:01, Michael Tokarev wrote: >>> Why it is trying to print things to stderr is a different >>> matter, it should be using a proper error-reporting routine, >>> but this is a different story. >> >> Jep. Even worse: the above message is not dumped to the console as the >> stream isn't flushed on exit. > > stderr is normally unbuffered. Are you running via libvirt? No, I was wrong. I probably missed the output as it does not issue a newline. Jan signature.asc Description: OpenPGP digital signature
Re: [Qemu-devel] virtio-blk broken after system reset
On Sat, Nov 13, 2010 at 10:09 AM, Jan Kiszka wrote:
> Am 13.11.2010 11:01, Michael Tokarev wrote:
>> 13.11.2010 10:51, Jan Kiszka wrote:
>>> Am 13.11.2010 08:49, Stefan Hajnoczi wrote:
On Fri, Nov 12, 2010 at 10:02 PM, Jan Kiszka wrote:
> Hi,
>
> both after hard and guest-initiated reset, something is seriously broken
> with virtio block devices. If I reset my Linux guest while still in
> grub, the bios will simply fail to read from the disk after the reboot.
> If I
> reset after Linux touched the device, qemu terminates:
>
> Breakpoint 1, 0x74b945b0 in _exit () from /lib64/libc.so.6
> (gdb) bt
> #0 0x74b945b0 in _exit () from /lib64/libc.so.6
> #1 0x74b2948d in __run_exit_handlers () from /lib64/libc.so.6
> #2 0x74b29535 in exit () from /lib64/libc.so.6
> #3 0x00568da3 in virtqueue_num_heads (vq=0x17040e0, idx=0) at
> /data/qemu/hw/virtio.c:258
> #4 0x00569511 in virtqueue_pop (vq=0x17040e0, elem=0x17cea58) at
> /data/qemu/hw/virtio.c:388
> #5 0x00419e31 in virtio_blk_get_request (s=0x1704010) at
> /data/qemu/hw/virtio-blk.c:132
> #6 virtio_blk_handle_output (vdev=0x1704010, vq=)
> at /data/qemu/hw/virtio-blk.c:369
>
>> []
>>> And what about the guest-triggerable qemu exit above?
>>
>> There are _lots_ of guest-triggerable qemu exits out there.
>>
>> static int virtqueue_num_heads(VirtQueue *vq, unsigned int idx)
>> {
>> uint16_t num_heads = vring_avail_idx(vq) - idx;
>>
>> /* Check it isn't doing very strange things with descriptor numbers. */
>> if (num_heads > vq->vring.num) {
>> fprintf(stderr, "Guest moved used index from %u to %u",
>> idx, vring_avail_idx(vq));
>> exit(1);
>> }
>>
>> return num_heads;
>> }
>>
>> This is done when guest behaves insanely (or qemu thinks it does).
>> On a real hw similar behavour most likely will lead to a system
>> lockup, qemu just exits.
>
> There is also real hw out there that goes into an error state if it's
> misprogrammed.
>
> I think we have to remove all those premature exits. They also prevent
> handing the device inside the guest to an untrusted driver (relevant
> once we have IOMMU emulation).
Interesting point about IOMMU.
>> Why it is trying to print things to stderr is a different
>> matter, it should be using a proper error-reporting routine,
>> but this is a different story.
>
> Jep. Even worse: the above message is not dumped to the console as the
> stream isn't flushed on exit.
stderr is normally unbuffered. Are you running via libvirt?
Stefan
Re: [Qemu-devel] virtio-blk broken after system reset
Am 13.11.2010 11:01, Michael Tokarev wrote:
> 13.11.2010 10:51, Jan Kiszka wrote:
>> Am 13.11.2010 08:49, Stefan Hajnoczi wrote:
>>> On Fri, Nov 12, 2010 at 10:02 PM, Jan Kiszka wrote:
Hi,
both after hard and guest-initiated reset, something is seriously broken
with virtio block devices. If I reset my Linux guest while still in
grub, the bios will simply fail to read from the disk after the reboot. If
I
reset after Linux touched the device, qemu terminates:
Breakpoint 1, 0x74b945b0 in _exit () from /lib64/libc.so.6
(gdb) bt
#0 0x74b945b0 in _exit () from /lib64/libc.so.6
#1 0x74b2948d in __run_exit_handlers () from /lib64/libc.so.6
#2 0x74b29535 in exit () from /lib64/libc.so.6
#3 0x00568da3 in virtqueue_num_heads (vq=0x17040e0, idx=0) at
/data/qemu/hw/virtio.c:258
#4 0x00569511 in virtqueue_pop (vq=0x17040e0, elem=0x17cea58) at
/data/qemu/hw/virtio.c:388
#5 0x00419e31 in virtio_blk_get_request (s=0x1704010) at
/data/qemu/hw/virtio-blk.c:132
#6 virtio_blk_handle_output (vdev=0x1704010, vq=) at
/data/qemu/hw/virtio-blk.c:369
> []
>> And what about the guest-triggerable qemu exit above?
>
> There are _lots_ of guest-triggerable qemu exits out there.
>
> static int virtqueue_num_heads(VirtQueue *vq, unsigned int idx)
> {
> uint16_t num_heads = vring_avail_idx(vq) - idx;
>
> /* Check it isn't doing very strange things with descriptor numbers. */
> if (num_heads > vq->vring.num) {
> fprintf(stderr, "Guest moved used index from %u to %u",
> idx, vring_avail_idx(vq));
> exit(1);
> }
>
> return num_heads;
> }
>
> This is done when guest behaves insanely (or qemu thinks it does).
> On a real hw similar behavour most likely will lead to a system
> lockup, qemu just exits.
There is also real hw out there that goes into an error state if it's
misprogrammed.
I think we have to remove all those premature exits. They also prevent
handing the device inside the guest to an untrusted driver (relevant
once we have IOMMU emulation).
>
> Why it is trying to print things to stderr is a different
> matter, it should be using a proper error-reporting routine,
> but this is a different story.
Jep. Even worse: the above message is not dumped to the console as the
stream isn't flushed on exit.
Jan
signature.asc
Description: OpenPGP digital signature
Re: [Qemu-devel] virtio-blk broken after system reset
13.11.2010 10:51, Jan Kiszka wrote:
> Am 13.11.2010 08:49, Stefan Hajnoczi wrote:
>> On Fri, Nov 12, 2010 at 10:02 PM, Jan Kiszka wrote:
>>> Hi,
>>>
>>> both after hard and guest-initiated reset, something is seriously broken
>>> with virtio block devices. If I reset my Linux guest while still in
>>> grub, the bios will simply fail to read from the disk after the reboot. If I
>>> reset after Linux touched the device, qemu terminates:
>>>
>>> Breakpoint 1, 0x74b945b0 in _exit () from /lib64/libc.so.6
>>> (gdb) bt
>>> #0 0x74b945b0 in _exit () from /lib64/libc.so.6
>>> #1 0x74b2948d in __run_exit_handlers () from /lib64/libc.so.6
>>> #2 0x74b29535 in exit () from /lib64/libc.so.6
>>> #3 0x00568da3 in virtqueue_num_heads (vq=0x17040e0, idx=0) at
>>> /data/qemu/hw/virtio.c:258
>>> #4 0x00569511 in virtqueue_pop (vq=0x17040e0, elem=0x17cea58) at
>>> /data/qemu/hw/virtio.c:388
>>> #5 0x00419e31 in virtio_blk_get_request (s=0x1704010) at
>>> /data/qemu/hw/virtio-blk.c:132
>>> #6 virtio_blk_handle_output (vdev=0x1704010, vq=) at
>>> /data/qemu/hw/virtio-blk.c:369
>>>
[]
> And what about the guest-triggerable qemu exit above?
There are _lots_ of guest-triggerable qemu exits out there.
static int virtqueue_num_heads(VirtQueue *vq, unsigned int idx)
{
uint16_t num_heads = vring_avail_idx(vq) - idx;
/* Check it isn't doing very strange things with descriptor numbers. */
if (num_heads > vq->vring.num) {
fprintf(stderr, "Guest moved used index from %u to %u",
idx, vring_avail_idx(vq));
exit(1);
}
return num_heads;
}
This is done when guest behaves insanely (or qemu thinks it does).
On a real hw similar behavour most likely will lead to a system
lockup, qemu just exits.
Why it is trying to print things to stderr is a different
matter, it should be using a proper error-reporting routine,
but this is a different story.
Speaking of the bios bug, I included the fix to debian qemu-kvm
package quite some time ago (19 Aug 2010), it is included since
0.12.5+dfsg-2 debian release. This one:
http://git.debian.org/?p=collab-maint/qemu-kvm.git;a=commit;h=5533a3e87fd19f35a580c8178ce59da72708c63a
/mjt
