system/qemu
system/qemu
1
0
Fork 0
mirror of https://gitlab.com/qemu-project/qemu synced 2024-11-05 20:35:44 +00:00
Code Issues Projects Releases Packages Wiki Activity
No description
24474 commits 50 branches 393 tags 413 MiB
C 82.6%
C++ 6.6%
Python 3.4%
Dylan 2.9%
Shell 1.6%
Other 2.7%
Find a file
Laszlo Ersek 1ec4ba7416 PIIX3: reset the VM when the Reset Control Register's RCPU bit gets set 
Traditional PCI config space access is achieved by writing a 32 bit
  value to io port 0xcf8 to identify the bus, device, function and config
  register. Port 0xcfc then contains the register in question. But if you
  write the appropriate pair of magic values to 0xcf9, the machine will
  reboot. Spectacular! And not standardised in any way (certainly not part
  of the PCI spec), so different chipsets may have different requirements.
  Booo.

In the PIIX3 spec, IO port 0xcf9 is specified as the Reset Control
Register. Bit 1 (System Reset, SRST) would normally differentiate between
soft reset and hard reset, but we ignore the difference beyond allowing
the guest to read it back.

RHBZ reference: 890459

This patch introduces the following overlap between the preexistent
"pci-conf-idx" region and the "piix3-reset-control" region just being
added. Partial output from "info mtree":

  I/O
  0000000000000000-000000000000ffff (prio 0, RW): io
    0000000000000cf8-0000000000000cfb (prio 0, RW): pci-conf-idx
    0000000000000cf9-0000000000000cf9 (prio 1, RW): piix3-reset-control

I sanity-checked the patch by booting a RHEL-6.3 guest and found no
problems. I summoned gdb and set a breakpoint on rcr_write() in order to
gather a bit more confidence. Relevant frames of the stack:

  kvm_handle_io (port=3321, data=0x7f3f5f3de000, direction=1, size=1,
                 count=1)                                 [kvm-all.c:1422]
    cpu_outb (addr=3321, val=6 '\006')                      [ioport.c:289]
      ioport_write (index=0, address=3321, data=6)           [ioport.c:83]
        ioport_writeb_thunk (opaque=0x7f3f622c4680, addr=3321, data=6)
                                                            [ioport.c:212]
          memory_region_iorange_write (iorange=0x7f3f622c4680, offset=0,
                                       width=1, data=6)     [memory.c:439]
            access_with_adjusted_size (addr=0, value=0x7f3f531fbac0,
                                       size=1, access_size_min=1,
                                       access_size_max=4,
                                       access=0x7f3f5f6e0f90
                                           <memory_region_write_accessor>,
                                       opaque=0x7f3f6227b668)
                                                            [memory.c:364]
              memory_region_write_accessor (opaque=0x7f3f6227b668, addr=0,
                                            value=0x7f3f531fbac0, size=1,
                                            shift=0, mask=255)
                                                            [memory.c:334]
                rcr_write (opaque=0x7f3f6227afb0, addr=0, val=6, len=1)
                                                       [hw/piix_pci.c:498]

The dispatch happens in ioport_write(); "index=0" means byte-wide access:

    static void ioport_write(int index, uint32_t address, uint32_t data)
    {
        static IOPortWriteFunc * const default_func[3] = {
            default_ioport_writeb,
            default_ioport_writew,
            default_ioport_writel
        };
        IOPortWriteFunc *func = ioport_write_table[index][address];
        if (!func)
            func = default_func[index];
        func(ioport_opaque[address], address, data);
    }

The "ioport_write_table" and "ioport_opaque" arrays describe the flattened
IO port space. The first array is less interesting (it selects a thunk
function). The "ioport_opaque" array is interesting because it decides how
writing to the port is implemented ultimately.

4-byte wide access to 0xcf8 (pci-conf-idx):

  (gdb) print ioport_write_table[2][0xcf8]
  $1 = (IOPortWriteFunc *) 0x7f3f5f6d99ba <ioport_writel_thunk>

  (gdb) print \
        ((struct MemoryRegionIORange*)ioport_opaque[0xcf8])->mr->ops.write
  $2 = (void (*)(void *, hwaddr, uint64_t, unsigned int))
       0x7f3f5f5575cb <pci_host_config_write>

1-byte wide access to 0xcf9 (piix3-reset-control):

  (gdb) print ioport_write_table[0][0xcf9]
  $3 = (IOPortWriteFunc *) 0x7f3f5f6d98d0 <ioport_writeb_thunk>

  (gdb) print \
        ((struct MemoryRegionIORange*)ioport_opaque[0xcf9])->mr->ops.write
  $4 = (void (*)(void *, hwaddr, uint64_t, unsigned int))
       0x7f3f5f6b42f1 <rcr_write>

The higher priority of "piix3-reset-control" ensures that the 0xcf9
entries in ioport_write_table / ioport_opaque will always belong to it,
independently of its relative registration order versus "pci-conf-idx".

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2013-01-30 01:31:09 +02:00
audio audio: Replace non-portable asprintf in debug code by g_strdup_printf 2013-01-16 12:03:26 -06:00
backends Make all static TypeInfos const 2013-01-10 15:11:53 -06:00
block mirror: do nothing on zero-sized disk 2013-01-25 18:18:35 +01:00
bsd-user bsd-user: avoid conflict with qemu_vmalloc 2013-01-26 13:18:27 +00:00
default-configs Add TEWS TPCI200 IndustryPack emulation 2013-01-14 13:26:12 -06:00
disas build: remove universal-obj-y 2013-01-26 13:15:35 +00:00
docs docs: document virtio-balloon stats 2013-01-25 10:49:46 -02:00
fpu softfloat: Handle float_muladd_negate_c when product is zero 2013-01-26 13:22:09 +00:00
fsdev build: remove extra-obj-y 2013-01-26 13:15:37 +00:00
gdb-xml
hw PIIX3: reset the VM when the Reset Control Register's RCPU bit gets set 2013-01-30 01:31:09 +02:00
include Merge remote-tracking branch 'afaerber/qom-cpu' into staging 2013-01-28 14:48:03 -06:00
ldscripts build: create ldscripts/ 2012-12-19 08:29:06 +01:00
libcacard build: fold trace-obj-y into libqemuutil.a 2013-01-12 18:42:51 +01:00
linux-headers Update Linux kernel headers 2013-01-18 19:06:57 +01:00
linux-user alpha-linux-user: Correct select 2013-01-16 08:15:16 -08:00
net HMP: add QDict to info callback handler 2013-01-17 10:24:52 -02:00
pc-bios seabios: update to 1.7.2 release 2013-01-21 09:17:16 +01:00
pixman@97336fad32 qapi: move include files to include/qobject/ 2012-12-19 08:31:31 +01:00
qapi build: move base QAPI files to libqemuutil.a 2013-01-12 18:42:51 +01:00
qga qemu-ga: Plug leaks on qmp_guest_network_get_interfaces() error paths 2013-01-28 13:46:54 -06:00
QMP
qobject build: move qobject files to qobject/ and libqemuutil.a 2013-01-12 18:42:50 +01:00
qom qom: Introduce object_class_is_abstract() 2013-01-27 23:33:34 +01:00
roms seabios: update to 1.7.2 release 2013-01-21 09:17:16 +01:00
scripts Merge remote-tracking branch 'qemu-kvm/uq/master' into staging 2013-01-29 16:57:41 -06:00
slirp slirp: remove unused field tt 2013-01-12 12:26:16 +00:00
stubs stubs: fully replace qemu-tool.c and qemu-user.c 2013-01-12 17:19:08 +01:00
sysconfigs/target
target-alpha target-alpha: Catch attempt to instantiate abstract type in cpu_init() 2013-01-27 23:33:34 +01:00
target-arm target-arm: Catch attempt to instantiate abstract type in cpu_init() 2013-01-27 23:33:34 +01:00
target-cris target-cris: Fix typo in D_LOG() macro 2013-01-24 11:28:15 +01:00
target-i386 Merge remote-tracking branch 'qemu-kvm/uq/master' into staging 2013-01-29 16:57:41 -06:00
target-lm32 cpu: Move cpu_index field to CPUState 2013-01-15 04:09:13 +01:00
target-m68k target-m68k: Use type_register() instead of type_register_static() 2013-01-28 16:57:56 +01:00
target-microblaze target-microblaze: Drop unused cpu_mb_close() prototype 2013-01-21 13:36:55 +01:00
target-mips exec: Return CPUState from qemu_get_cpu() 2013-01-15 04:09:14 +01:00
target-openrisc target-openrisc: Use type_register() instead of type_register_static() 2013-01-28 16:57:56 +01:00
target-ppc cpu: Add model resolution support to CPUClass 2013-01-27 14:52:04 +01:00
target-s390x kvm: Create kvm_arch_vcpu_id() function 2013-01-27 14:34:26 +01:00
target-sh4 cpu: Move cpu_index field to CPUState 2013-01-15 04:09:13 +01:00
target-sparc cpu: Move cpu_index field to CPUState 2013-01-15 04:09:13 +01:00
target-unicore32 target-unicore32: Use type_register() instead of type_register_static() 2013-01-28 16:57:56 +01:00
target-xtensa target-xtensa: fix search_pc for the last TB opcode 2012-12-22 12:09:24 +00:00
tcg tcg/target-arm: Add missing parens to assertions 2013-01-19 10:27:45 +00:00
tests Merge remote-tracking branch 'afaerber/qom-cpu' into staging 2013-01-28 14:48:03 -06:00
trace Makefile: clean timestamp generation rule 2013-01-30 01:31:08 +02:00
ui vnc: fix possible uninitialized removals 2013-01-21 13:33:12 -06:00
util Merge remote-tracking branch 'kwolf/for-anthony' into staging 2013-01-28 14:46:45 -06:00
.exrc
.gitignore Add libcacard/trace/generated-tracers.c to .gitignore 2013-01-15 10:34:54 +01:00
.gitmodules
.mailmap
aio-posix.c aio: Fix return value of aio_poll() 2013-01-17 10:51:42 +01:00
aio-win32.c aio: Fix return value of aio_poll() 2013-01-17 10:51:42 +01:00
arch_init.c Protect migration_bitmap_sync() with the ramlist lock 2013-01-17 13:27:07 +01:00
async.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
balloon.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
block-migration.c block: allow customizing the granularity of the dirty bitmap 2013-01-25 18:18:34 +01:00
block.c block: allow customizing the granularity of the dirty bitmap 2013-01-25 18:18:34 +01:00
blockdev-nbd.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
blockdev.c Merge remote-tracking branch 'kwolf/for-anthony' into staging 2013-01-28 14:46:45 -06:00
blockjob.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
bt-host.c softmmu: move remaining include files to include/ subdirectories 2012-12-19 08:32:46 +01:00
bt-vhci.c softmmu: move remaining include files to include/ subdirectories 2012-12-19 08:32:46 +01:00
Changelog
cmd.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
cmd.h
CODING_STYLE
configure link seccomp only with softmmu targets 2013-01-26 13:19:57 +00:00
COPYING
COPYING.LIB
coroutine-gthread.c block: move include files to include/block/ 2012-12-19 08:31:31 +01:00
coroutine-sigaltstack.c block: move include files to include/block/ 2012-12-19 08:31:31 +01:00
coroutine-ucontext.c gcc: rename CONFIG_PRAGMA_DISABLE_UNUSED_BUT_SET to CONFIG_PRAGMA_DIAGNOSTIC_AVAILABLE 2013-01-12 12:42:53 +00:00
coroutine-win32.c block: move include files to include/block/ 2012-12-19 08:31:31 +01:00
cpu-exec.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
cpus.c kvm: Pass CPUState to kvm_on_sigbus_vcpu() 2013-01-28 16:57:56 +01:00
cputlb.c exec: move include files to include/exec/ 2012-12-19 08:31:31 +01:00
device_tree.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
disas.c monitor: move include files to include/monitor/ 2012-12-19 08:31:32 +01:00
dma-helpers.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
dump-stub.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
dump.c exec: change RAM list to a TAILQ 2012-12-20 23:08:47 +01:00
exec.c Replace non-portable asprintf by g_strdup_printf 2013-01-19 10:24:43 +00:00
gdbstub.c cpu: Move cpu_index field to CPUState 2013-01-15 04:09:13 +01:00
HACKING HACKING: List areas where we may rely on impdef C behaviour 2012-12-08 14:27:40 +00:00
hmp-commands.hx QAPI: Introduce memchar-read QMP command 2013-01-25 11:46:50 -02:00
hmp.c Merge remote-tracking branch 'kwolf/for-anthony' into staging 2013-01-28 14:46:45 -06:00
hmp.h QAPI: Introduce memchar-read QMP command 2013-01-25 11:46:50 -02:00
iohandler.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
ioport.c exec: move include files to include/exec/ 2012-12-19 08:31:31 +01:00
kvm-all.c kvm: Pass CPUState to kvm_on_sigbus_vcpu() 2013-01-28 16:57:56 +01:00
kvm-stub.c kvm: Pass CPUState to kvm_on_sigbus_vcpu() 2013-01-28 16:57:56 +01:00
LICENSE
main-loop.c Check return values from g_poll and select 2013-01-09 11:03:05 -06:00
MAINTAINERS ppc: Move Mac machines to hw/ppc/ 2013-01-25 22:02:53 +01:00
Makefile build: remove *.lo, *.a, *.la files from all subdirectories on make clean 2013-01-26 13:30:00 +00:00
Makefile.objs build: remove extra-obj-y 2013-01-26 13:15:37 +00:00
Makefile.target build: remove universal-obj-y 2013-01-26 13:15:35 +00:00
memory.c memory: introduce memory_region_test_and_clear_dirty 2012-12-20 23:09:39 +01:00
memory_mapping-stub.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
memory_mapping.c exec: change RAM list to a TAILQ 2012-12-20 23:08:47 +01:00
migration-exec.c migration: make writes blocking 2012-12-20 23:09:25 +01:00
migration-fd.c migration: make writes blocking 2012-12-20 23:09:25 +01:00
migration-tcp.c migration: make writes blocking 2012-12-20 23:09:25 +01:00
migration-unix.c migration: make writes blocking 2012-12-20 23:09:25 +01:00
migration.c migration: remove argument to qemu_savevm_state_cancel 2013-01-17 13:54:52 +01:00
monitor.c HMP: add sub command table to info 2013-01-17 10:24:52 -02:00
nbd.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
os-posix.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
os-win32.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
page_cache.c migration: move include files to include/migration/ 2012-12-19 08:31:32 +01:00
qapi-schema-test.json
qapi-schema.json Merge remote-tracking branch 'kwolf/for-anthony' into staging 2013-01-28 14:46:45 -06:00
qdict-test-data.txt
qemu-bridge-helper.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
qemu-char.c Merge remote-tracking branch 'luiz/queue/qmp' into staging 2013-01-28 14:41:25 -06:00
qemu-coroutine-io.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
qemu-coroutine-lock.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
qemu-coroutine-sleep.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
qemu-coroutine.c block: move include files to include/block/ 2012-12-19 08:31:31 +01:00
qemu-doc.texi
qemu-img-cmds.hx
qemu-img.c qemu-img: report size overflow error message 2013-01-02 16:08:56 +01:00
qemu-img.texi
qemu-io.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
qemu-log.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
qemu-nbd.c block: move include files to include/block/ 2012-12-19 08:31:31 +01:00
qemu-nbd.texi
qemu-options-wrapper.h
qemu-options.h
qemu-options.hx qemu-char: Add new char backend CirMemCharDriver 2013-01-25 11:23:06 -02:00
qemu-seccomp.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
qemu-tech.texi
qemu-timer.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
qemu.sasl
qmp-commands.hx Merge remote-tracking branch 'kwolf/for-anthony' into staging 2013-01-28 14:46:45 -06:00
qmp.c softmmu: move remaining include files to include/ subdirectories 2012-12-19 08:32:46 +01:00
qtest.c softmmu: move remaining include files to include/ subdirectories 2012-12-19 08:32:46 +01:00
readline.c readline: avoid memcpy() of overlapping regions 2013-01-08 10:00:26 +01:00
README
rules.mak rules/mak: make clean should blow away timestamp files 2013-01-30 01:31:08 +02:00
savevm.c Merge remote-tracking branch 'quintela/thread.next' into staging 2013-01-21 13:22:43 -06:00
spice-qemu-char.c Merge remote-tracking branch 'bonzini/header-dirs' into staging 2012-12-19 17:15:39 -06:00
tcg-runtime.c
tci.c exec: move include files to include/exec/ 2012-12-19 08:31:31 +01:00
thread-pool.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
thunk.c exec: move include files to include/exec/ 2012-12-19 08:31:31 +01:00
TODO
trace-events mirror: support arbitrarily-sized iterations 2013-01-25 18:18:35 +01:00
translate-all.c translate-all.c: Use tb1->phys_hash_next directly in tb_remove 2012-12-22 12:06:24 +00:00
translate-all.h exec: move TB handling to translate-all.c 2012-12-16 08:28:41 +00:00
user-exec.c Merge remote-tracking branch 'bonzini/header-dirs' into staging 2012-12-19 17:15:39 -06:00
VERSION Open up 1.4 development branch 2012-12-03 14:08:40 -06:00
version.rc
vl.c fw_cfg: Splash image loader can overrun a stack variable, fix 2013-01-26 13:23:33 +00:00
xen-all.c xen: Simplify halting of first CPU 2013-01-15 04:09:14 +01:00
xen-mapcache.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
xen-stub.c exec: move include files to include/exec/ 2012-12-19 08:31:31 +01:00

README 

Read the documentation in qemu-doc.html or on http://wiki.qemu.org

- QEMU team