* stefanha/net:
e1000: pre-initialize RAH/RAL registers
net: Reject non-netdevs in qmp_netdev_del()
net: use "socket" model name for UDP sockets
e1000: drop check_rxov, always treat RX ring with RDH == RDT as empty
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* qemu-kvm/uq/master: (28 commits)
update-linux-headers.sh: Handle new kernel uapi/ directories
target-i386: kvm_cpu_fill_host: use GET_SUPPORTED_CPUID
target-i386: cpu: make -cpu host/check/enforce code KVM-specific
target-i386: make cpu_x86_fill_host() void
Emulate qemu-kvms -no-kvm option
Issue warning when deprecated -tdf option is used
Issue warning when deprecated drive parameter boot=on|off is used
Use global properties to emulate -no-kvm-pit-reinjection
Issue warning when deprecated -no-kvm-pit is used
Use machine options to emulate -no-kvm-irqchip
cirrus_vga: allow configurable vram size
target-i386: Add missing kvm cpuid feature name
i386: cpu: add missing CPUID[EAX=7,ECX=0] flag names
i386: kvm: filter CPUID leaf 7 based on GET_SUPPORTED_CPUID, too
i386: kvm: reformat filter_features_for_kvm() code
i386: kvm: filter CPUID feature words earlier, on cpu.c
i386: kvm: mask cpuid_ext4_features bits earlier
i386: kvm: mask cpuid_kvm_features earlier
i386: kvm: x2apic is not supported without in-kernel irqchip
i386: kvm: set CPUID_EXT_TSC_DEADLINE_TIMER on kvm_arch_get_supported_cpuid()
...
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
To avoid continually having to bump the initrd load address
to account for larger kernel images, put the initrd halfway
through RAM. This allows large kernels on new boards with lots
of RAM to work OK, without breaking existing usecases for
boards with only 32MB of RAM.
Note that this change fixes in passing a bug where we were
passing an overly large max_size to load_image_targphys()
for the initrd, which meant that we wouldn't correctly refuse
to load an enormous initrd that didn't actually fit into RAM.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Tested-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
* 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf:
pseries: Cleanup duplications of ics_valid_irq() code
pseries: Clean up inconsistent variable name in xics.c
target-ppc: Extend FPU state for newer POWER CPUs
target-ppc: Rework storage of VPA registration state
Revert "PPC: pseries: Remove hack for PIO window"
* 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm: (28 commits)
hw/sd.c: add SD card save/load support
vmstate: Add support for saving/loading bitmaps
hw/sd.c: Fix erase for high capacity cards
pflash_cfi01: Fix debug mode printfery
pflash_cfi0x: QOMified
pflash_cfi01: remove unused total_len field
pflash_cfi0x: remove unused base field
hw/versatile_i2c: Use LOG_GUEST_ERROR
hw/arm_l2x0: Use LOG_GUEST_ERROR
hw/arm_sysctl: Use LOG_GUEST_ERROR
hw/armv7m_nvic: Use LOG_GUEST_ERROR and LOG_UNIMP
hw/arm_timer: Use LOG_GUEST_ERROR and LOG_UNIMP
hw/arm_gic: Use LOG_GUEST_ERROR
hw/arm11mpcore: Use LOG_GUEST_ERROR rather than hw_error()
hw/pl190: Use LOG_UNIMP rather than hw_error()
hw/pl110: Use LOG_GUEST_ERROR rather than hw_error()
hw/pl080: Use LOG_GUEST_ERROR and LOG_UNIMP
hw/pl061: Use LOG_GUEST_ERROR
hw/pl050: Use LOG_GUEST_ERROR
hw/exynos4_boards: Don't prematurely explode QEMUMachineInitArgs
...
This follows the logic of host-linux: If a 2.0 device has no ISO
endpoint and no interrupt endpoint with a packet size > 64, we can
attach it also to an 1.1 host controller. In case the redir server does
not report endpoint sizes, play safe and remove the 1.1 compatibility as
well. Moreover, if we detect a conflicting change in the configuration
after the device was already attached, it will be disconnected
immediately.
HdG: Several small cleanups and fixes
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
So that the client gets a notification about us disconnecting the device.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Older versions (anything but the latest) of Linux usbfs + libusb(x),
will submit larger (bulk) transfers split into multiple 16k submissions,
which means that rather then all tds getting linked into the queue in
one atomic operarion they get linked in a bunch at a time, which could
cause problems if:
1) We scan the queue while libusb is in the middle of submitting a split
bulk transfer
2) While this bulk transfer is pending we migrate to another host.
The problem is that after 2, the new host will rescan the queue and
combine the packets in one large transfer, where as 1) has caused the
original host to see them as 2 transfers. This patch fixes this by stopping
combinging if we detect a 16k transfer with its int_req flag set.
This should not adversely effect performance for other cases as:
1) Linux never sets the interrupt flag on packets other then the last
2) Windows does set the in_req flag on each td, but will submit large
transfers in 20k tds thus never triggering the check
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Currently we only do pipelining for output endpoints, since to properly
support short-not-ok semantics we can only have one outstanding input
packet. Since the ehci and uhci controllers have a limited per td packet
size guests will split large input transfers to into multiple packets,
and since we don't pipeline these, this comes with a serious performance
penalty.
This patch adds helper functions to (re-)combine packets which belong to 1
transfer at the guest device-driver level into 1 large transger. This can be
used by (redirection) usb-devices to enable pipelining for input endpoints.
This patch will combine packets together until a transfer terminating packet
is encountered. A terminating packet is a packet which meets one or more of
the following conditions:
1) The packet size is *not* a multiple of the endpoint max packet size
2) The packet does *not* have its short-not-ok flag set
3) The packet has its interrupt-on-complete flag set
The short-not-ok flag of the combined packet is that of the terminating packet.
Multiple combined packets may be submitted to the device, if the combined
packets do not have their short-not-ok flag set, enabling true pipelining.
If a combined packet does have its short-not-ok flag set the queue will
wait with submitting further packets to the device until that packet has
completed.
Once enabled in the usb-redir and ehci code, this improves the speed (MB/s)
of a Linux guest reading from a USB mass storage device by a factor of
1.2 - 1.5.
And the main reason why I started working on this, when reading from a pl2303
USB<->serial converter, it combines the previous 4 packets submitted per
device-driver level read into 1 big read, reducing the number of packets / sec
by a factor 4, and it allows to have multiple reads outstanding. This allows
for much better latency tolerance without the pl2303's internal buffer
overflowing (which was happening at 115200 bps, without serial flow control).
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
My recent uhci cleanup series has introduced a regression, where
qemu sometimes crashes on a device disconnect. The problem is that
the uhci code never checked for a device not / no longer existing, instead
it was relying on usb_handle_packet accepting a NULL device.
But since we now pass usb_handle_packet q->ep->dev, rather then just
a local dev variable, we crash as q->ep == NULL due to the device no longer
existing.
This patch fixes this. Note that this patch also improves over
the old behavior were we would:
1) create a queue for the device
2) create an async for the packet
3) have usb_handle_packet fail
4) destroy the async
5) wait for the queue to be idle for 32 frames
6) destroy the queue
Which was rather sub-optimal.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Kills the ugly "switch (device_id) { ... }" struct and makes it easier
to figure what the differences between the uhci variants are.
Need our own DeviceClass struct for that so we can allocate some space
to store UHCIInfo.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Guard against re-definition of EHCI_DEBUG. Allows for turning on of debug info
from configure (using --qemu-extra-cflags="-DEHCI_DEBUG=1") rather than source
code hacking.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Seperate the PCI stuff from the EHCI components. Extracted the PCIDevice
out into a new wrapper struct to make EHCIState non-PCI-specific. Seperated
tho non PCI init component out into a seperate "common" init function.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Pull the DMAContext for the PCI DMA out at device init time and put it into
the device state. Use dma_memory_read/write() instead of pci specific versions.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The capabilities register and operational register offsets can vary from one
EHCI implementation to the next. Parameterise accordingly.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Factor out the code which checks whenever a usb device is attached
to the port in question. No functional change.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Rename the function for xhci_port_* naming scheme, also drop
the xhci parameter as port carries a pointer to xhci anyway.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add {get,set}_field macros (simliar to ehci) to read and update
some bits of a word. Put them into use for updating pls (port
link state) values. Also add a enum for pls values.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
With both text (curses) and graphics (vnc/sdl/spice/...) display active
vga text mode emulation fails to update both correctly. Depending on
whenever vga_update_text() or vga_draw_text() happens to be called first
only the text display or only the graphics display will see display
resolution changes and full redraws.
Fix it by calling both text/gfx resize functions in both code paths and
keep track of full screen redraws needed in VGACommonState fields.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Stop abusing displaysurface fields for text mode displays.
(bpp = 0, width = cols, height = lines).
Add flags to displaystate indicating whenever text mode display
(curses) or gfx mode displays (sdl, vnc, ...) are present.
Add separate displaychangelistener callbacks for text / gfx mode
resize & updates.
This allows to enable gfx and txt diplays at the same time and also
paves the way for more cleanups in the future.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When adding DisplayChangeListeners the set_mouse and cursor_define
callbacks have been left in DisplayState for some reason. Fix it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
A couple of places in xics.c open-coded the same logic as is already
implemented in ics_valid_irq(). This patch fixes the code duplication.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Throughout xics.c 'nr' is used to refer to a global interrupt number, and
'server' is used to refer to an interrupt server number (i.e. CPU number).
Except in icp_set_mfrr(), where 'nr' is used as a server number. Fix this
confusing inconsistency.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
This reverts commit a178274efa.
Contrary to that commit's message, the users of old_portio are not all
gone. In particular VGA still uses it via portio_list_add().
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Some guest operating systems' drivers (Mac OS X in particular) fail to
properly initialize the Receive Address registers (probably expecting
them to be pre-initialized by an earlier component, such as a specific
proprietary BIOS). This patch pre-initializes the RA registers, allowing
OS X networking to function properly. Other guest operating systems are
not affected, and free to (re)initialize these registers during boot.
[According to the datasheet the Address Valid bits in the RA registers
are cleared on PCI or software reset. This patch adds the NIC's MAC
address and sets Address Valid on reset. So we diverge from real
hardware behavior here. -- Stefan]
Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Real HW always treats RX ring with RDH == RDT as empty.
Emulation is supposed to behave the same.
Reported-by: Chris Webb <chris.webb@elastichosts.com>
Reported-by: Richard Davies <richard.davies@elastichosts.com>
Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
For target-mips also change the return type to bool.
Make include paths for cpu-qom.h consistent for alpha and unicore32.
Signed-off-by: Andreas Färber <afaerber@suse.de>
[AF: Updated new target-openrisc function accordingly]
Acked-by: Richard Henderson <rth@twiddle.net> (for alpha)
Allow RAM size to be configurable for cirrus, to allow migration
compatibility from qemu-kvm.
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Adapt emulate_spapr_hypercall() accordingly.
Needed for changing spapr_hypercall() argument type to PowerPCCPU.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Needed for changing cpu_has_work() argument type to CPUState.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Needed for changing qemu_cpu_kick() argument type to CPUState and
for moving halted field into CPUState.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Change return type to bool, move to include/qemu/cpu.h and
add documentation.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
[AF: Updated new caller qemu_in_vcpu_thread()]
Simplifies the call in apic_sipi() again and needed for moving halted
field to CPUState.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Prepares for using a link<> property to connect APIC with CPU and for
changing the CPU APIs to CPUState.
Resolve Coding Style warnings by moving the closing parenthesis of
foreach_apic() macro to next line.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
This prepares for changing the variable type from void*.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
(L)APIC is a part of cpu [1] so move APIC initialization inside of
x86_cpu object. Since cpu_model and override flags currently specify
whether APIC should be created or not, APIC creation&initialization is
moved into x86_cpu_apic_init() which is called from x86_cpu_realize().
[1] - all x86 cpus have integrated APIC if we overlook existence of i486,
and it's more convenient to model after majority of them.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
* 'qspi.2' of git://developer.petalogix.com/public/qemu:
xilinx_zynq: added QSPI controller
xilinx_spips: Generalised to model QSPI
m25p80: Support for Quad SPI
Start introducing AioContext, which will let us remove globals from
aio.c/async.c, and introduce multiple I/O threads.
The bottom half functions now take an additional AioContext argument.
A bottom half is created with a specific AioContext that remains the
same throughout the lifetime. qemu_bh_new is just a wrapper that
uses a global context.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch updates SD card model to support save/load of card's state.
Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Standard capacity cards SDSC use byte unit address while SDHC and SDXC cards use
block unit address (512 bytes) when setting ERASE_START and ERASE_END with CMD32
and CMD33, we have to account for this.
Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This DPRINTF was throwing a warning due to a missing cast.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
QOMified the pflash_cfi0x so machine models can connect them up in custom ways.
Kept the pflash_cfi0x_register functions as is. They can still be used to
create a flash straight onto system memory.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This field is completely unused.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This field is completely unused. The base address should also be abstracted
away from the device anyway. Removed.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Use LOG_GUEST_ERROR to report guest accesses to bad register
offsets, and LOG_UNIMP for access to the unimplemented
test registers.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Don't explode QEMUMachineInitArgs in every realview init
function; just pass it to the common realview_init() code
instead.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Implement byte/halfword read and write for the NVIC SCB_SHPRx
(System Handler Priority Registers). Do this by removing SHPR word access
from nvic_readl/writel and adding common code to hande all access
sizes in nvic_sysreg_read/write.
Because the "nvic_state *s" variable now needs to be declared in
nvic_sysreg_read/write, the "void *opaque" parameter of
nvic_readl/writel is changed to "nvic_state *s".
Signed-off-by: Andre Beckus <mikemail98-qemu@yahoo.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* 's390-for-upstream' of git://repo.or.cz/qemu/agraf:
s390: sclp ascii console support
s390: sclp signal quiesce support
s390: sclp event support
s390: sclp base support
s390: use sync regs for register transfer
s390/kvm_stat: correct sys_perf_event_open syscall number
s390x: fix -initrd in virtio machine
This includes infrastructure patches that don't do much by themselves
but should help vfio and q35 make progress.
Also included is rework of virtio-net to use iovec APIs
for vector access - helpful to make it more secure
and in preparation for a new feature that will allow
arbitrary s/g layout for guests.
Also included is a pci bridge bugfix by Avi.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAABAgAGBQJQjrGtAAoJECgfDbjSjVRpoRUH/iW2wYfnPtgjIF2gSBmdlmLK
m5uLSuayHdiNXfjXeNJRySQDu4HZU3K9fDnU+HIMUUmvx/jgaMIbSQZ1gayqQhf8
T1WH21wkkSTEnW0y9t+C3NtRzdK6AbQ1Jy/TqgP++tjT0w54QkoGKEnX3mvvNoDv
xdT+dYcpzMFLZ2KaimP73EwILMMR45iRTPhrjSN2wlwCPPnNcg1Jt0Atb6pYveja
1/46ZY+VxNgRtVSNhnV8xeyyJgwPOrUReKlrqD67YQAeMbzqrel9XDBJuZ3kScWt
vv2AQ0Fe8GMkMkbNaQ0mFh6pXQ2arTAYb8sb6PColCLOn5yNqFz95YGebG36gxk=
=HP23
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'mst/tags/for_anthony' into staging
virtio,pci infrastructure
This includes infrastructure patches that don't do much by themselves
but should help vfio and q35 make progress.
Also included is rework of virtio-net to use iovec APIs
for vector access - helpful to make it more secure
and in preparation for a new feature that will allow
arbitrary s/g layout for guests.
Also included is a pci bridge bugfix by Avi.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* mst/tags/for_anthony: (25 commits)
pci: avoid destroying bridge address space windows in a transaction
virtio-net: enable mrg buf header in tap on linux
virtio-net: test peer header support at init time
virtio-net: minor code simplification
virtio-net: simplify rx code
virtio-net: switch tx to safe iov functions
virtio-net: first s/g is always at start of buf
virtio-net: refactor receive_hdr
virtio-net: use safe iov operations for rx
virtio-net: avoid sg copy
iov: add iov_cpy
virtio-net: track host/guest header length
pcie: Convert PCIExpressHost to use the QOM.
pcie: pass pcie window size to pcie_host_mmcfg_update()
pci: Add class 0xc05 as 'SMBus'
pci: introduce pci_swizzle_map_irq_fn() for standardized interrupt pin swizzle
pci_ids: add intel 82801BA pci-to-pci bridge id
pci: pci capability must be in PCI space
pci: make each capability DWORD aligned
qemu: enable PV EOI for qemu 1.3
...
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This code adds console support by implementing SCLP's ASCII Console
Data event. This is the same console as LPARs ASCII console or z/VMs
sysascii.
The console can be specified manually with something like
-chardev stdio,id=charconsole0 -device sclpconsole,chardev=charconsole0,id=console0
Newer kernels will autodetect that console and prefer that over virtio
console.
When data is received from the character layer it creates a service
interrupt to trigger a Read Event Data command from the guest that will
pick up the received character byte-stream.
When characters are echo'ed by the linux guest a Write Event Data occurs
which is forwarded by the Event Facility to the console that supports
a corresponding mask value.
Console resizing is not supported.
The character layer byte-stream is buffered using a fixed size iov
buffer.
Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This implements the sclp signal quiesce event via the SCLP Event
Facility.
This allows to gracefully shutdown a guest by using system_powerdown
notifiers. It creates a service interrupt that will trigger a
Read Event Data command from the guest. This code will then add an
event that is interpreted by linux guests as ctrl-alt-del.
Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Several SCLP features are considered to be events. Those events don't
provide SCLP commands on their own, instead they are all based on
Read Event Data, Write Event Data, Write Event Mask and the service
interrupt. Follow-on patches will provide SCLP's Signal Quiesce (via
system_powerdown) and the ASCII console.
Further down the road the sclp line mode console and configuration
change events (e.g. cpu hotplug) can be implemented.
Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This adds a more generic infrastructure for handling Service-Call
requests on s390. Currently we only support a small subset of Read
SCP Info directly in target-s390x. This patch provides the base
infrastructure for supporting more commands and moves Read SCP
Info.
In the future we could add additional commands for hotplug, call
home and event handling.
Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
When using -initrd in the virtio machine, we need to indicate the initrd
start and size inside the kernel image. These parameters need to be stored
in native endianness.
Signed-off-by: Alexander Graf <agraf@suse.de>
Acked-by: Richard Henderson <rth@twiddle.net>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Calling memory_region_destroy() in a transaction is illegal (and aborts),
as until the transaction is committed, the region remains live.
Fix by moving destruction until after the transaction commits. This requires
having an extra set of regions, so the new and old regions can coexist.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Modern linux supports arbitrary header size,
which makes it possible to pass mrg buf header
to tap directly without iovec mangling.
Use this capability when it is there.
This removes the need to deal with it in
vhost-net as we do now.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
There's no reason to query header support at random
times: at load or feature query.
Driver also might not query functions.
Cleaner to do it at device init.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Remove code duplication using guest header length that we track.
Drop specific layout requirement for rx buffers: things work
using generic iovec functions in any case.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Now that we know host hdr length, we don't need to
duplicate the logic in receive_hdr: caller can
figure out the offset itself.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Avoid magling iov manually: use safe iov operations
for processing packets incoming to guest.
This also removes the requirement for virtio header to
fit the first s/g entry exactly.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Avoid tweaking iovec during receive. This removes
the need to copy the vector.
Note: we currently have an evil cast in work_around_broken_dhclient
and unfortunately this patch does not fix it - just
pushes the evil cast to another place.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Calling memory_region_destroy() in a transaction is illegal (and aborts),
as until the transaction is committed, the region remains live.
Fix by moving destruction until after the transaction commits. This requires
having an extra set of regions, so the new and old regions can coexist.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Let's use PCIExpressHost with QOM.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This allows q35 to pass/set the size of the pcie window in its update routine.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
[jbaron@redhat.com: add PCI_CLASS_SERIAL_SMBUS definition]
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Introduce pci_swizzle_map_irq_fn() for interrupt pin swizzle which is
standardized. PCI bridge swizzle is common logic, by introducing
this function duplicated swizzle logic will be avoided later.
[jbaron@redhat.com: drop opaque argument]
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Adds pci id constants which will be used by q35.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
pci capability must be in PCI space.
It can't lay in PCIe extended config space.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
PCI spec (see e.g. 6.7 Capabilities List in spec rev 3.0)
requires that each capability is DWORD aligned.
Ensure this when allocating space by rounding size up to 4.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Enable KVM PV EOI by default. You can still disable it with
-kvm_pv_eoi cpu flag. To avoid breaking cross-version migration,
enable only for qemu 1.3 (or in the future, newer) machine type.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Rather than assert, simply return PCI_INTX_DISABLED when we don't
have a pci_route_irq_fn. PIIX already returns DISABLED for an
invalid pin, so users already deal with this state. Users of this
interface should only be acting on an ENABLED or INVERTED return
value (though we really have no support for INVERTED). Also
complain loudly when we hit this so we don't forget it's missing.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jan Kiszka <jan.kiszka@siemens.com>
pci-assign only uses a subset of the flexibility msi_get_message()
provides, but it's still worthwhile to use it.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
vfio-pci and pci-assign both do this on their own for setting up
direct MSI injection through KVM. Provide a helper function for
this in MSI code.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* kraxel/usb.68: (36 commits)
xhci: fix usb name in caps
xhci: make number of interrupters and slots configurable
xhci: allow disabling interrupters
xhci: flush endpoint context unconditinally
xhci: fix function name in error message
uhci: Use only one queue for ctrl endpoints
uhci: Retry to fill the queue while waiting for td completion
uhci: Always mark a queue valid when we encounter it
uhci: When the guest marks a pending td non-active, cancel the queue
uhci: Detect guest td re-use
uhci: Verify queue has not been changed by guest
uhci: Immediately free queues on device disconnect
uhci: Store ep in UHCIQueue
uhci: Make uhci_fill_queue() actually operate on an UHCIQueue
uhci: Add uhci_read_td() helper function
uhci: Rename UHCIAsync->td to UHCIAsync->td_addr
uhci: Move emptying of the queue's asyncs' queue to uhci_queue_free
uhci: Drop unnecessary forward declaration of some static functions
uhci: Don't retry on error
uhci: cleanup: Add an unlink call to uhci_async_cancel()
...
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
On PPC, we don't have PIO. So usually PIO space behind a PCI bridge is
accessible via MMIO. Do this mapping explicitly by mapping the PIO space
of our PCI bus into a memory region that lives in memory space.
Signed-off-by: Alexander Graf <agraf@suse.de>
At present, using 'system_powerdown' from the monitor or otherwise
instructing qemu to (cleanly) shut down a pseries guest will not work,
because we did not have a method of signalling the shutdown request to the
guest.
PAPR does include a usable mechanism for this, though it is rather more
involved than the equivalent on x86. This involves sending an EPOW
(Environmental and POwer Warning) event through the PAPR event and error
logging mechanism, which also has a number of other functions.
This patch implements just enough of the event/error logging functionality
to be able to send a shutdown event to the guest. At least with modern
guest kernels and a userspace that is up and running, this means that
system_powerdown from the qemu monitor should now work correctly on pseries
guests.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
With PAPR guests, hypercalls allow registration of the Virtual Processor
Area (VPA), SLB shadow and dispatch trace log (DTL), each of which allow
for certain communication between the guest and hypervisor. Currently, we
store the addresses of the three areas and the size of the dtl in
CPUPPCState.
The SLB shadow and DTL are variable sized, with the size being retrieved
from within the registered memory area at the hypercall time. This size
can later be overwritten with other information, however, so we need to
save the size as of registration time. We already do this for the DTL,
but not for the SLB shadow, so this patch fixes that.
In addition, we change the storage of the VPA information to use fixed
size integer types which will make life easier for syncing this data with
KVM, which we will need in future.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently the pseries machine code allows a callback to be registered
for a hypercall number twice, as long as it's the same callback the second
time. We don't test for duplicate registrations of RTAS callbacks at all
so it will effectively be last registratiojn wins.
This was originally done because it was awkward to ensure that the
registration happened exactly once, but the code has since been
restructured so that's no longer the case.
Duplicate registration of a hypercall or RTAS call could well suggest
a duplicate initialization which could cause other problems, so this patch
makes duplicate registrations a bug, to prevent the old behaviour from
hiding other bugs.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
When -usb option is used, global varible usb_enabled is set.
And all the plaform will create one USB controller according
to this variable. In fact, global varibles make code hard
to read.
So this patch is to remove global variable usb_enabled and
add USB option in machine options. All the plaforms will get
USB option value from machine options.
USB option of machine options will be set either by:
* -usb
* -machine type=pseries,usb=on
Both these ways can work now. They both set USB option in
machine options. In the future, the first way will be removed.
Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
it was wrongly using serial_hds[0] instead of serial_hds[1]
Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Device tree properties need to be specified in big endian. Fix the
bamboo memory size property accordingly.
Signed-off-by: Alexander Graf <agraf@suse.de>
CC: qemu-stable@nongnu.org
Added the QSPI controller to the Zynq. 4 SPI devices are attached to allow
modelling of the different geometries. E.G. Dual parallel and dual stacked
mode can both be tested with this one arrangement.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Extended the xilinx spips controller to model QSPI as well. Paremeterised the
operational difference with the normal spi controller (num_ss_bits, width of the
tx/rx fifo heads etc.). Multiple bus functionality is modelled (needed for QSPI
dual parallel mode. LQSPI is modelled.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Added the Quad mode read and write commands. Data remains serialized on a
single wire, i.e. the quad mode instructions just behave the same as single
mode, with the expection of modelling the varying number of dummy/mode bytes
between the address bytes and the first data word.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Remove xtensa_sim_init that only explodes machine init args, rename
sim_init to xtensa_sim_init.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Don't explode QEMUMachineInitArgs before passing it to lx_init.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
For secondary interrupters this is explicitly allowed in the specs.
For the primary interrupter behavior is undefined, lets be friendly
and allow disabling too.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Not updating the endpoint context in case the state didn't change is
wrong. Other context fields might have changed, for example the
dequeue pointer in response to a CR_SET_TR_DEQUEUE command.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
ctrl endpoints use different pids for different phases of a control
transfer, this patch makes us use only one queue for a ctrl ep, rather
then 3.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
If the guest is using multiple transfers to try and keep the usb bus busy /
used at maximum efficiency, currently we would see / do the following:
1) submit transfer 1 to the device
2) submit transfer 2 to the device
3) report transfer 1 completion to guest
4) report transfer 2 completion to guest
5) submit transfer 1 to the device
6) report transfer 1 completion to guest
7) submit transfer 2 to the device
8) report transfer 2 completion to guest
etc.
So after the initial submission we would effectively only have 1 transfer
in flight, rather then 2. This is caused by us not checking the queue for
addition of new transfers by the guest (ie the resubmission of a recently
finished transfer), while waiting for a pending transfer to complete.
This patch does add a check for this, changing the sequence to:
1) submit transfer 1 to the device
2) submit transfer 2 to the device
3) report transfer 1 completion to guest
4) submit transfer 1 to the device
5) report transfer 2 completion to guest
6) submit transfer 2 to the device
etc.
Thus keeping 2 transfers in flight (most of the time, and always 1),
as intended by the guest.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Before this patch we would not mark a queue valid when its head was a
non-active td. This causes us to misbehave in the following scenario:
1) queue with multiple input transfers queued
2) We hit some latency issue, causing qemu to get behind processing frames
3) When qemu gets to run again, it notices the first transfer ends short,
marking the head td non-active
4) It now processes 32+ frames in a row without giving the guest a chance
to run since it is behind
5) valid is decreased to 0, causing the queue to get cancelled also cancelling
already queued up further input transfers
6) guest gets to run, notices the inactive td, cleanups up further tds
from the short transfer, and lets the queue continue at the first td of
the next input transfer
7) we re-start the queue, issuing the second input transfer for the *second*
time, and any data read by the first time we issued it has been lost
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
A td can be reused by the guest in a different queue, before we notice
the original queue has been unlinked. So search for tds by addr only, detect
guest td reuse, and cancel the original queue, this is necessary to keep our
packet ids unique.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
According to the spec a guest can unlink a qh, and then as soon as frindex
has changed by 1 since the unlink, assume it is idle and re-use it. However
for various reasons, we cannot simply consider a qh as unlinked if we've not
seen it for 1 frame. This means that it is possible for a guest to re-use /
restart the queue while we still see its old state. This patch adds a safety
check for this, and "early" retires queues when they were changed by the guest.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
There is no need to just cancel any in-flight packets, and then wait
for validate-end to clean things up, we can simply clean things up
immediately on device removal.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This avoids the need to repeatedly lookup the device, and ep.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
And move its calling point to handle_td, this removes the ep_ret ugliness,
and prepates the way for further cleanups in the follow-up patches in this
patch-set.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
We use the name td both to refer to a UHCI_TD read from guest memory as
well as to refer to the guest address where a td is stored, switch over
to always use td_addr in the second case for consistency.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Cleanup: all callers of uhci_queue_free first unconditionally cancel
all remaining asyncs in the queue, so lets move this to uhci_queue_free().
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Since we are either dealing with emulated devices, where retrying is
not going to help, or with redirected devices where the host OS will
have already retried, don't bother retrying on failed transfers.
Also move some common/indentical code out of all the error cases
into the generic error path.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
All callers of uhci_async_cancel() call uhci_async_unlink() first, so
lets move the unlink call to uhci_async_cancel()
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
No devices ever return async for isoc endpoints and the core
already enforces this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
ehci was already testing for this, and we depend in various places
on no devices doing this, so lets move the check for this to the
usb core.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
After a short-not-ok packet ending short, we should not advance the queue.
Move enforcing this to the core, rather then handling it in the hcd code.
This may result in the queue now actually containing multiple input packets
(which would not happen before), and this requires special handling in
combination with pipelining, so disable pipleining for input endpoints
(for now).
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
hcds which queue up more then one packet at once (uhci, ehci and xhci),
must clear the queue after an error which has caused the queue to halt.
Currently this is handled as a special case inside the hcd code, this
patch instead adds an USB_RET_REMOVE_FROM_QUEUE packet result code, teaches
the 3 hcds about this and moves the clearing of the queue on a halt into
the USB core.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This can be used by usb-device code which wishes to process an entire endpoint
queue at once, to do this the usb-device code returns USB_RET_ADD_TO_QUEUE
from its handle_data class method and defines a flush_ep_queue class method
to call when the hcd is done queuing up packets.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
If the guest is using multiple transfers to try and keep the usb bus busy /
used at maximum efficiency, currently we would see / do the following:
1) submit transfer 1 to the device
2) submit transfer 2 to the device
3) report transfer 1 completion to guest
4) report transfer 2 completion to guest
5) submit transfer 1 to the device
6) report transfer 1 completion to guest
7) submit transfer 2 to the device
8) report transfer 2 completion to guest
etc.
So after the initial submission we would effectively only have 1 transfer
in flight, rather then 2. This is caused by us not checking the queue for
addition of new transfers by the guest (ie the resubmission of a recently
finished transfer), while waiting for a pending transfer to complete.
This patch does add a check for this, changing the sequence to:
1) submit transfer 1 to the device
2) submit transfer 2 to the device
3) report transfer 1 completion to guest
4) submit transfer 1 to the device
5) report transfer 2 completion to guest
6) submit transfer 2 to the device
etc.
Thus keeping 2 transfers in flight (most of the time, and always 1),
as intended by the guest.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
For ctrl endpoints Windows (atleast Win7) creates circular td lists, so far
these were not a problem because we would stop filling the queue if altnext
was set. Since further patches in this patchset remove the altnext check this
does become a problem and we need detection for going in circles.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Often the guest will queue up new packets in response to a packet, in the
async schedule with its IOC flag set, completing. By speeding up the
frame-timer, we notice these new packets earlier. This increases the
speed (MB/s) of a Linux guest reading from a USB mass storage device by a
factor of 1.15 on top of the "Improve latency of interrupt delivery"
speed-ups, both with and without input pipelining enabled.
I've not tested the speed-up of this patch without the
"Improve latency of interrupt delivery" patch.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
While doing various performance tests of reading from USB mass storage devices
I noticed the following::
1) When an async handled packet completes, we don't immediately report an
interrupt to the guest, instead we wait for the frame-timer to run and
report it from there
2) If 1) has been fixed and an async handled packet takes a while to complete,
then async_stepdown will become a high value, which means that there
will be a large latency before any new packets queued by the guest in
response to the interrupt get seen
1) was done deliberately as part of commit f0ad01f92:
http://www.kraxel.org/cgit/qemu/commit/?h=usb.57&id=f0ad01f92ca02eee7cadbfd225c5de753ebd5fce
Since setting the interrupt immediately on async packet completion was causing
issues with Linux guests, I believe this recently fixed Linux bug explains
why this is happening:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=361aabf395e4a23cf554cf4ec0c0c6963b8beb01
Note that we can *not* count on this fix being present in all Linux guests!
I was hoping that the recently added support for Interrupt Threshold Control
would fix the issues with Linux guests, but adding a simple ehci_commit_irq()
call to ehci_async_bh() still caused problems with Linux guests.
The problem is, that when doing ehci_commit_irq() from ehci_async_bh(),
the "old" frindex value is used to calculate usbsts_frindex, and when
the frame-timer then runs possibly very shortly after ehci_async_bh(),
it increases the frame-timer, and thus any interrupts raised from that
frame-timer run, will also get reported to the guest immediately, rather
then being delayed to the next frame-timer run.
Luckily the solution for this is simple, this means that we need to
increase frindex before calling ehci_commit_irq() from ehci_async_bh(),
which in the end boils down to simple calling ehci_frame_timer() instead
of ehci_async_bh() from the bh.
This may seem like it causes a lot of extra work to be done, but this
is not true. Any work done from the frame-timer processing the periodic
schedule is work which then does not need to be done the next time the
frame timer runs, also the frame-timer will re-arm itself at (possibly)
a later time then it was armed for saving a vmexit at that time.
As an additional advantage moving to simply calling the frame-timer also
fixes 2) as the packet completion will set async_stepdown to 0, and the
re-arming of the timer with an async_stepdown of 0 ensures that any
newly queued up packets get seen in a reasonable amount of time.
This improves the speed (MB/s) of a Linux guest reading from a USB mass
storage device by a factor of 1.5 - 1.7 with input pipelining disabled,
and by a factor of 1.8 with input pipelining enabled.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
According to 4.15.1.2 an interrupt must be raised when a short packet
is received. If we don't do this it may take a significant time for
the guest to notice a short trasnfer has completed, since only the last td
will have its IOC flag set, and a short transfer may complete in an earlier
packet.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This field is used in some places to track the tbytes field of the token, but
in other places the field is used directly, use it directly everywhere for
consistency.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Rather then having a special check to start queuing after the first packet,
and then another check for the other packets in uhci_fill_queue(), simply
check the previous packet beforehand in uhci_fill_queue()
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Packets with an invalid pid, or which were cancelled have
usb_packet_map() called on them on init, but not usb_packet_unmap()
before being freed.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
target_phys_addr_t is unwieldly, violates the C standard (_t suffixes are
reserved) and its purpose doesn't match the name (most target_phys_addr_t
addresses are not target specific). Replace it with a finger-friendly,
standards conformant hwaddr.
Outstanding patchsets can be fixed up with the command
git rebase -i --exec 'find -name "*.[ch]"
| xargs s/target_phys_addr_t/hwaddr/g' origin
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* qemu-kvm/memory/urgent:
memory: abort if a memory region is destroyed during a transaction
i440fx: avoid destroying memory regions within a transaction
memory: Make eventfd adhere to device endianness
Add multiport serial card implementation, with two variants, one
featuring two and one featuring four ports.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Split serial.c into serial.c, serial.h and serial-isa.c. While being at
creating a serial.h header file move the serial prototypes from pc.h to
the new serial.h. The latter leads to s/pc.h/serial.h/ in tons of
boards which just want the serial bits from pc.h
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* quintela/migration-next-20121017: (41 commits)
cpus: create qemu_in_vcpu_thread()
savevm: make qemu_file_put_notify() return errors
savevm: un-export qemu_file_set_error()
block-migration: handle errors with the return codes correctly
block-migration: Switch meaning of return value
block-migration: make flush_blks() return errors
buffered_file: buffered_put_buffer() don't need to set last_error
savevm: Only qemu_fflush() can generate errors
savevm: make qemu_fill_buffer() be consistent
savevm: unexport qemu_ftell()
savevm: unfold qemu_fclose_internal()
savevm: make qemu_fflush() return an error code
savevm: Remove qemu_fseek()
virtio-net: use qemu_get_buffer() in a temp buffer
savevm: unexport qemu_fflush
migration: make migrate_fd_wait_for_unfreeze() return errors
buffered_file: make buffered_flush return the error code
buffered_file: callers of buffered_flush() already check for errors
buffered_file: We can access directly to bandwidth_limit
buffered_file: unfold migrate_fd_close
...
* qemu-kvm/memory/dma: (23 commits)
pci: honor PCI_COMMAND_MASTER
pci: give each device its own address space
memory: add address_space_destroy()
dma: make dma access its own address space
memory: per-AddressSpace dispatch
s390: avoid reaching into memory core internals
memory: use AddressSpace for MemoryListener filtering
memory: move tcg flush into a tcg memory listener
memory: move address_space_memory and address_space_io out of memory core
memory: manage coalesced mmio via a MemoryListener
xen: drop no-op MemoryListener callbacks
kvm: drop no-op MemoryListener callbacks
xen_pt: drop no-op MemoryListener callbacks
vfio: drop no-op MemoryListener callbacks
memory: drop no-op MemoryListener callbacks
memory: provide defaults for MemoryListener operations
memory: maintain a list of address spaces
memory: export AddressSpace
memory: prepare AddressSpace for exporting
xen_pt: use separate MemoryListeners for memory and I/O
...
Currently we ignore PCI_COMMAND_MASTER completely: DMA succeeds even when
the bit is clear.
Honor PCI_COMMAND_MASTER by inserting a memory region into the device's
bus master address space, and tying its enable status to PCI_COMMAND_MASTER.
Tested using
setpci -s 03 COMMAND=3
while a ping was running on a NIC in slot 3. The kernel (Linux) detected
the stall and recovered after the command
setpci -s 03 COMMAND=7
was issued.
Signed-off-by: Avi Kivity <avi@redhat.com>
Accesses from different devices can resolve differently
(depending on bridge settings, iommus, and PCI_COMMAND_MASTER), so
set up an address space for each device.
Currently iommus are expressed outside the memory API, so this doesn't
work if an iommu is present.
Signed-off-by: Avi Kivity <avi@redhat.com>
Instead of accessing the cpu address space, use an address space
configured by the caller.
Eventually all dma functionality will be folded into AddressSpace,
but we have to start from something.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Using the AddressSpace type reduces confusion, as you can't accidentally
supply the MemoryRegion you're interested in.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Use LOG_GUEST_ERROR rather than hw_error or direct fprintf.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Use LOG_UNIMP and LOG_GUEST_ERROR where appropriate rather
than hw_error().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Use the new LOG_UNIMP and LOG_GUEST_ERROR logging types rather
than hw_error().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
If the guest attempts an offset to a nonexistent register, just
log this via LOG_GUEST_ERROR rather than killing QEMU with a hw_error.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Use the new LOG_UNIMP tracing to report unimplemented
features.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Rather than a mix of direct printing to stderr and aborting
via hw_error(), use LOG_UNIMP and LOG_GUEST_ERROR.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Add an include of qemu-log.h to hw.h, so that device model
code has access to these logging functions without the need
to directly include qemu-log.h.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This should help us to:
- More easily add or remove machine initialization arguments without
having to change every single machine init function;
- More easily make mechanical changes involving the machine init
functions in the future;
- Let machine initialization forward the init arguments to other
functions more easily.
This change was half-mechanical process: first the struct was added with
the local ram_size, boot_device, kernel_*, initrd_*, and cpu_model local
variable initialization to all functions. Then the compiler helped me
locate the local variables that are unused, so they could be removed.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch adds a mmio bar to the qemu standard vga which allows to
access the standard vga registers and bochs dispi interface registers
via mmio.
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
qemu_fseek() is known to be wrong. Would be removed on the next
commit. This code should never been used (value has been
MAC_TABLE_ENTRIES since 2009).
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Calling memory_region_destroy() within a transaction is illegal, since
the memory API is allowed to continue to dispatch to a region until the
transaction commits. 440fx does that however when managing PAM registers.
This bug is benign, since the regions are all aliases (which the memory
core tends to throw anyway), and since we don't do concurrent dispatch yet,
but instead of relying on that, tighten ship ahead of the coming concurrency
storm.
Fix by having a predefined set of regions, of which one will be enabled at
any time.
Signed-off-by: Avi Kivity <avi@redhat.com>
Using an unfiltered memory listener will cause regions to be reported
fails multiple times if we have more than two address spaces. Use a separate
listener for memory and I/O, and utilize MemoryListener's address space
filtering to fix this.
Signed-off-by: Avi Kivity <avi@redhat.com>
Needed for changing qemu_cpu_kick() argument type to CPUState.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Needed for changing cpu_kick_irq() argument type to SPARCCPU.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Needed for changing qemu_cpu_kick() argument type to CPUState.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Needed for changing cpu_kick_irq() argument type to SPARCCPU.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* pmaydell/arm-devs.for-upstream:
arm_gic: Rename gic_state to GICState
zynq_slcr: Fixed ResetValues enum
versatilepb: add gpio pl061 support
hw/ds1338: Implement state save/restore
hw/ds1338: Remove 'now' field from state struct
hw/ds1338: Recapture current time when register pointer wraps around
hw/ds1338: Fix mishandling of register pointer
hw/arm_gic.c: Fix improper DPRINTF output.
cadence_ttc: Fix 'clear on read' behavior
* kraxel/usb.67:
uhci: Raise interrupt when requested even for non active tds
usb-redir: Don't make migration fail in none seamless case
usb-redir: Change usbredir_open_chardev into usbredir_create_parser
* stefanha/net:
net: consolidate NetClientState header files into one
virtio-net: update nc.link_down in virtio_net_load()
e1000: update nc.link_down in e1000_post_load()
rtl8139: implement 8139cp link status
* spice/spice.v61:
qxl: set default revision to 4
spice: raise requirement to 0.12
hw/qxl: qxl_dirty_surfaces: use uintptr_t
hw/qxl: fix condition for exiting guest_bug
hw/qxl: exit on failure to register qxl interface
qxl: fix range check for rev3 io commands.
qxl/update_area_io: cleanup invalid parameters handling
qxl: always update displaysurface on resize
Rename the gic_state struct to match QEMU's coding style conventions
for structure names, since the impending KVM-for-ARM patches will
create another subclass of it. This patch was created using:
sed -i 's/gic_state/GICState/g' hw/arm_gic.c hw/arm_gic_common.c \
hw/arm_gic_internal.h hw/armv7m_nvic.c
Acked-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
There is a gap in the reset region of the address space at offset 0x208. This
throws out all these enum values by one when translating them to address offsets.
Fixed by putting the corresponding gap in the enum as well.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Implement state save/restore for the DS1338. This requires
the usual minor adjustment of types in the state struct to
get fixed-width ones with vmstate macros.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The 'struct tm now' field in the state structure is in fact only
ever used as a temporary (the actual RTC state is held in 'offset').
Remove it from the state structure in favour of using local variables
to avoid confusion about whether it needs to be saved on migration.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The DS1338 datasheet documents that the current time is captured into
the secondary registers when the register pointer wraps round to zero
as well as at a START condition. Implement this.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Correct several deficiencies in the handling of the register pointer:
* it should wrap around after 0x3f, not 0xff
* guard against the caller handing us an out of range pointer
(on h/w this can never happen, because only a 7 bit value is
transferred over the I2C bus)
* there was confusion over whether nvram[] holds only the 56 bytes
of guest-accessible NVRAM, or also the secondary registers
which hold the value of the clock captured at the start of a
multibyte read. Correct to consistently be the latter, by fixing
the array size and the offset used for NVRAM writes.
* ds1338_send was attempting to use 'data' as both the data and
the register offset simultaneously, which meant that writes to
any register were broken; fix to use the register pointer.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
s->cpu_enabled is an array, so s->cpu_enabled ? "En" : "Dis" returns
"En" always. We should use s->cpu_enabled[cpu] here.
Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
A missing call to qemu_set_irq() when reading the IRQ register
required SW to write to the IRQ register to acknowledge an
interrupt. With this patch the behavior is fixed:
- Reading the interrupt register clears it and updates the timers
interrupt status
- Writes to the interrupt register are ignored
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
According to the spec we must raise an interrupt when one is requested
even for non active tds.
Linux depends on this, for bulk transfers it runs an inactivity timer
to work around a bug in early uhci revisions, when we take longer then
200 ms to process a packet, this timer goes of, and as part of the
handling Linux then unlinks the qh, and relinks it after the frindex
has increased by atleast 1, the problem is Linux only checks for the
frindex increases on an interrupt, and we don't send that, causing
the qh to go inactive for more then 32 frames, at which point we
consider the packet cancelled.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Instead simple disconnect the device like host redirection does on
migration.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Added helper function to automatically connect SPI slaves based on the QOM child
nodes of a device. A SSI master device can call this routine to automatically
hook-up all child nodes to its SPI bus.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Added the two SPI controllers to the zynq machine model. Attached two SPI flash
devices to each controller.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Added device model for the Xilinx Zynq SPI controller (SPIPS).
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Added SPI controller to the reference design, with two n25q128 spi-flashes
connected.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Removed the explicit SSI mux and wired the CS line directly up to the SSI
devices.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Allow multiple qdev_init_gpio_in() calls for the one device. The first call will
define GPIOs 0-N-1, the next GPIOs N- ... . Allows different GPIOs to be handled
with different handlers. Needed when two levels of the QOM class heirachy both
define GPIO functionality, as a single GPIO handler with an index selecter is
not possible.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Slave creation function that can be used to create an SSI slave without
qdev_init() being called. This give machine models a chance to set properties.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Added default CS behaviour for SSI slaves. SSI devices can set a property
to enable CS behaviour which will create a GPIO on the device which is the
CS. Tristating of the bus on SSI transfers is implemented.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Removed assertion that only one device is attached to the SSI bus.
When multiple devices are attached, all slaves have their transfer function
called for transfers. Each device is responsible for knowing whether or not its
CS is active, and if not returning 0. The returned data is the logical or of
all responses from the (mulitple) devices.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
DO_UPCAST is supposed to translate from the first member of a struct to
that struct, not from arbitrary ones. And it (usually) breaks the build
when neglecting this rule. Use container_of to fix the build breakage
and likely also the runtime behavior.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
aw: runtime behavior is actually the same, but clearly misuse of DO_UPCAST
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Blue Swirl reports that Clang doesn't like the structure we define to
avoid dynamic allocation for a number of calls to VFIO_DEVICE_SET_IRQS.
Adding an element after a variable sized type is a GNU extension.
Switch back to dynamic allocation, which really isn't a problem since
this is only done on interrupt setup changes.
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Take what we've learned from pci-assign and apply it to vfio-pci.
On reset, disable previous interrupt config, perform a device
reset if available, re-enable INTx, and disable memory regions on
the device to prevent continuing DMA.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
This was a misinterpretation of the spec, hardware doesn't get to
specify how many were actually enabled through this field.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
We try to do lazy initialization of MSIX since we don't actually need
to setup anything until MSIX vectors start getting used. This leads
to problems if MSIX is enabled, but never used (we can end up trying
to re-enable INTx while it's still enabled). We also run into
problems trying to expand our reset function to tear down interrupts
as we can then get vector release notifications after we've released
data structures. By making explicit initialization and teardown we
can avoid both of these problems and behave more similar to bare
metal.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Occasionally we get regions added that overlap with existing mappings.
These always seems to be in the VGA ROM range. VFIO returns EBUSY
for these mapping attempts. We can try a little harder and assume
that the latest mapping is correct by removing any overlapping ranges
and retrying the original request.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
We can't afford the overhead of switching out and back into mmap mode
around each interrupt, but we can do it lazily via a timer. On INTx
interrupt, disable the mmap'd memory regions and set a timer. On
every interrupt, push the timer out. If the timer expires and the
interrupt is no longer pending, switch back to mmap mode.
This has the benefit that things like graphics cards, which rarely or
never, fire an interrupt don't need manual user intervention to add
the x-intx=off parameter. They'll just remain in mmap mode until they
trigger an interrupt, and if they don't continue to regularly fire
interrupts, they'll switch back.
The default timeout is tuned for network cards so that a ping is just
enough to keep them in non-mmap mode, where they have much better
latency. It is tunable with an experimental option,
x-intx-mmap-timeout-ms. A value of 0 keeps the device in non-mmap
mode after the first interrupt.
It's possible we could look at the class code of devices and come up
with reasonable per-class defaults based on expected interrupt
frequency and latency. None of this is used for MSI interrupts and
also won't be used if we can bypass through KVM.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
nc.link_down could not be migrated, this patch updates link_down in
virtio_post_load() to keep it coincident with real link status.
Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
This patch introduced e1000_post_load(), it will be called in the end of
migration. nc.link_down could not be migrated, this patch updates
link_down in e1000_post_load() to keep it coincident with real link
status.
Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
Add a link status chang callback and change the link status bit in BMSR
& MSR accordingly. Tested in Linux/Windows guests.
The link status bit of MediaStatus is infered from BasicModeStatus,
they are inverse.
nc.link_down could not be migrated, this patch updates link_down in
rtl8139_post_load() to keep it coincident with real link status.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
With the next qemu version (1.3) we are going to bump the qxl device
revision to 4. The new features available require a recent spice-server
version, so raise up the bar. Otherwise we would end up with different
qxl revisions depending on the spice-server version installed, which
would be a major PITA when it comes to compat properties.
Clear out a big bunch of #ifdefs which are not needed any more.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
As suggested by Paolo Bonzini, to avoid possible integer overflow issues.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This prevents a segfault later on when the device reset handler
tries to access a NULL ssd.worker since interface_attach_worker has
not been called.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Enables QXL_IO_FLUSH_SURFACES_ASYNC and QXL_IO_FLUSH_RELEASE
which are part of the qxl rev3 feature set.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This cleans up two additions of almost the same code in commits
511b13e2c9 and ccc2960d65. While at it, make error paths
consistent (always use 'break' instead of 'return').
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Cc: Dunrong Huang <riegamaths@gmail.com>
Cc: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Don't try to be clever and skip displaysurface reinitialization in case
the size hasn't changed. Other parameters might have changed
nevertheless, for example depth or stride, resulting in rendering being
broken then.
Trigger: boot linux guest with vesafb, start X11, make sure both vesafb
and X11 use the display same resolution. Then watch X11 screen being
upside down.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* 'trivial-patches' of git://github.com/stefanha/qemu:
versatilepb: Use symbolic indices for ARM PIC
qdev: kill bogus comment
qemu-barrier: Fix compiler version check for future gcc versions
hw: Add missing 'static' attribute for QEMUMachine
cleanup useless return sentence
qemu-sockets: Fix compiler warning (regression for MinGW)
vnc: Fix spelling (hellmen -> hellman) in comment
slirp: Fix spelling in comment (enought -> enough, insure -> ensure)
tcg/arm: Use tcg_out_mov_reg rather than inline equivalent code
cpu: Add missing 'static' attribute to qemu_global_mutex
configure: Support empty target list (--target-list=)
hw: Fix return value check for bdrv_read, bdrv_write
* 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf: (35 commits)
PPC: KVM: Fix BAT put
PPC: e500: Only expose even TLB sizes in initial TLB
ppc/pseries: Reset VPA registration on CPU reset
pseries: Don't test for MSR_PR for hypercalls under KVM
PPC: e500: calculate initrd_base like dt_base
PPC: e500: increase DTC_LOAD_PAD
device tree: simplify dumpdtb code
fdt: move dumpdtb interpretation code to device_tree.c
target-ppc: Remove unused power_mode field from cpu state
pseries: Set hash table size based on RAM size
pseries: Remove unnecessary locking from PAPR hash table hcalls
ppc405_uc: Fix buffer overflow
target-ppc: KVM: Fix some kernel version edge cases for kvmppc_reset_htab()
pseries: Fix semantics of RTAS int-on, int-off and set-xive functions
pseries: Rework implementation of TCE bypass
pseries: Remove never used flags field from spapr vio devices
pseries: Remove XICS irq type enum type
pseries: Remove C bitfields from xics code
pseries: Small cleanup to H_CEDE implementation
pseries: Fix XICS reset
...
Now that all machines call isa_vga_init() or pci_vga_init(), some unused
code can be removed.
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The CONFIG_SPICE is now tested in vl.c and thus not needed anymore.
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
As a bonus it allows new vga card types (including none).
Acked-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Keep the case to prevent some vga card to be selected.
Cc: Alexander Graf <agraf@suse.de>
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
As a bonus it allows new vga card types (including none).
Acked-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This remove the fallback to std-vga in case, as availability of the
requested vga device is now tested in vl.c, and returns an error message
to the user.
Acked-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This function create a ISA VGA device according to the value of
vga_interface_type. It returns a ISADevice (and not a DeviceState).
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This function create a PCI VGA device according to the value of
vga_interface_type. It returns a PCIDevice (and not a DeviceState).
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This better explains what is this function about. Adjust all callers.
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This better explains what is this function about. Adjust all callers.
Cc: Alexander Graf <agraf@suse.de>
Cc: Andreas Färber <andreas.faerber@web.de>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: Anthony Liguori <aliguori@us.ibm.com>
Acked-by: Richard Henderson <rth@twiddle.net>
Acked-by: Blue Swirl <blauwirbel@gmail.com>
Acked-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The entries for libhw* are no longer needed in .gitignore.
There is also no longer a difference between common-obj-y and
hw-obj-y, so one of those two macros is sufficient.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
It is more readable, and all other code does it like that, too.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
When the DeviceInfo code was removed, the comment describing
qdev_subclass_init() was left in the code by mistake. Remove it.
Cc: qemu-trivial@nongnu.org
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
It was missing for leon3 and mips_fulong2e.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
This patch cleans up return sentences in the end of void functions.
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
Implement the century byte in the RTC emulation, and test that it works.
This leads to some annoying compatibility code because we need to treat
a value of 2000 for the base_year property as "use the century byte
properly" (which would be a value of 0).
The century byte will now be always-zero, rather than always-20,
for the MIPS Magnum machine whose base_year is 1980. Commit 42fc73a
(Support epoch of 1980 in RTC emulation for MIPS Magnum, 2009-01-24)
correctly said:
With an epoch of 1980 and a year of 2009, one could argue that [the
century byte] should hold either 0, 1, 19 or 20. NT 3.50 on MIPS
does not read the century byte.
so I picked the simplest and most sensible implementation which is to
return 0 for 1980-2079, 1 for 2080-2179 and so on.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
QEMU's attempt to implement the century byte cover two possible places
for the byte. A common one on modern chipsets is 0x32, but QEMU also
stores the value in 0x37 (apparently for IBM PS/2 compatibility---it's
only been 25 years). To simplify the implementation of the century
byte, store it only at 0x32 but remap transparently 0x37 to 0x32 when
reading and writing from CMOS.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Adjust all uses s/strzcpy/strncpy/ and mark these uses
of strncpy as "ok".
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Don't use strncpy when the source string is known to fit
in the destination buffer. Use equivalent memcpy.
We could even use strcpy, here, but some static analyzers
warn about that, so don't add new uses.
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
In all of these cases, the uses of strncpy were unnecessary, since
at each point of use we know that the NUL-terminated source bytes
fit in the destination buffer. Use memcpy in place of strncpy.
Acked-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
In bt_hci_name_req a failed snprintf could return len larger than
sizeof(params.name), which means the following memset call would
have a "length" value of (size_t)-1, -2, etc... Sounds scary.
But currently, one can deduce that there is no problem:
strlen(slave->lmp_name) is guaranteed to be smaller than
CHANGE_LOCAL_NAME_CP_SIZE, which is the same as sizeof(params.name),
so this cannot happen. Regardless, there is no justification for
using snprintf+memset. Use pstrcpy instead.
Also, in bt_hci_event_complete_read_local_name, use pstrcpy in place
of unwarranted strncpy.
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Actually do what the comment says, using pstrcpy NUL-terminate:
strncpy does not always do that.
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
v9fs_add_dir_node and qemu_v9fs_synth_add_file used strncpy
to form node->name, which requires NUL-termination, but
strncpy does not ensure NUL-termination.
Use pstrcpy, which does.
Acked-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Use g_strdup rather than strdup, because the sole caller
(qdev_get_fw_dev_path_helper) assumes it gets non-NULL, and dereferences
it. Besides, in that caller, the allocated buffer is already freed with
g_free, so it's better to allocate with a matching g_strdup.
In one case, (scsi-bus.c) it was trivial, so I replaced an snprintf+
g_strdup combination with an equivalent g_strdup_printf use.
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Those functions return -errno in case of an error.
The old code would typically only detect EPERM (1) errors.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
* sstabellini/xen-2012-10-03:
xen: Set the vram dirty when an error occur.
exec, memory: Call to xen_modified_memory.
exec: Introduce helper to set dirty flags.
xen: Introduce xen_modified_memory.
QMP, Introduce xen-set-global-dirty-log command.
qemu/xen: Add 64 bits big bar support on qemu
xen: Fix, no unplug of pt device by platform device.
* kwolf/for-anthony: (30 commits)
qemu-iotests: add tests for streaming error handling
qemu-iotests: map underscore to dash in QMP argument names
blkdebug: process all set_state rules in the old state
stream: add on-error argument
block: introduce block job error
iostatus: reorganize io error code
iostatus: change is_read to a bool
iostatus: move BlockdevOnError declaration to QAPI
iostatus: rename BlockErrorAction, BlockQMPEventAction
qemu-iotests: add test for pausing a streaming operation
qmp: add block-job-pause and block-job-resume
block: add support for job pause/resume
qmp: add 'busy' member to BlockJobInfo
block: add block_job_query
block: move job APIs to separate files
block: fix documentation of block_job_cancel_sync
qerror/block: introduce QERR_BLOCK_JOB_NOT_ACTIVE
qemu-iotests: add initial tests for live block commit
QAPI: add command for live block commit, 'block-commit'
block: helper function, to find the base image of a chain
...
* qmp/queue/qmp:
block: live snapshot documentation tweaks
input: index_from_key(): drop unused code
qmp: qmp_send_key(): accept key codes in hex
input: qmp_send_key(): simplify
hmp: dump-guest-memory: hardcode protocol argument to "file:"
qmp: dump-guest-memory: don't spin if non-blocking fd would block
qmp: dump-guest-memory: improve schema doc (again)
qapi: convert add_client
monitor: add Error * argument to monitor_get_fd
pci-assign: use monitor_handle_fd_param
qapi: add "unix" to the set of reserved words
qapi: do not protect enum values from namespace pollution
Add qemu-ga-client script
Support settimeout in QEMUMonitorProtocol
Make negotiation optional in QEMUMonitorProtocol
* mst/tags/for_anthony:
virtio-serial-bus: let chardev know the exact number of bytes requested
virtio: Introduce virtqueue_get_avail_bytes()
virtio: use unsigned int for counting bytes in vq
iov: add const annotation
virtio-net: fix used len for tx
virtio: don't mark unaccessed memory as dirty
* kraxel/usb.66:
usb: Fix usb_packet_map() in the presence of IOMMUs
usb-redir: Adjust pkg-config check for usbredirparser .pc file rename (v2)
ehci: Fix interrupt packet MULT handling
xhci: create a memory region for each port
xhci: route string & usb hub support
xhci: tweak limits
compat: turn off msi/msix on xhci for old machine types
add pc-1.3 machine type
Conflicts:
hw/pc_piix.c
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The hassle and compile time overhead of maintaining both 32-bit and 64-bit
capable source isn't worth the tiny performance advantage which is seen on
a minority of configurations. Switch to compiling libhw only once, with
target_phys_addr_t unconditionally typedefed to uint64_t.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When booting our e500 machine, we automatically generate a big TLB entry
in TLB1 that covers all of the code we need to run in there until the guest
can handle its TLB on its own.
However, e500v2 can only handle MAS1.0 sizes. However, we keep our TLB
information in MAS2.0 layout, which means we have twice as many TLB sizes
to choose from. That also means we can run into a situation where we try
to add a TLB size that could not fit into the MAS1.0 size bits.
Fix it by making sure we always have the lower bit set to 0. That way we
are always guaranteed to have MAS1.0 compatible TLB size information.
Signed-off-by: Alexander Graf <agraf@suse.de>
PAPR hypercalls should only be invoked from the guest kernel, not guest
user programs, that is, with MSR[PR]=0. Currently we check this in
spapr_hypercall, returning H_PRIVILEGE if MSR[PR]=1.
However, under KVM the state of MSR[PR] is already checked by the host
kernel before passing the hypercall to qemu, making this check redundant.
Worse, however, we don't generally synchronize KVM and qemu state on the
hypercall path, meaning that qemu could incorrectly reject a hypercall
because it has a stale MSR value.
This patch fixes the problem by moving the privilege test exclusively to
the TCG hypercall path.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
CC: qemu-stable@nongnu.org
Signed-off-by: Alexander Graf <agraf@suse.de>
While investigating dtb pad issues, I noticed that initrd_base wasn't taking
loadaddr into account the way dt_base was. This seems wrong.
Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
An allowance of 5 MiB for BSS is not enough for Linux kernels with certain
debug options enabled (not sure exactly which one caused it, but I'd guess
lockdep). The kernel I ran into this with had a BSS of around 6.4 MB.
Unfortunately, uImage does not give us enough information to determine the
actual BSS size. Increase the allowance to 18 MiB to give us plenty of
room. Eventually this should be more intelligent, possibly packing
initrd+dtb at the end of guest RAM.
Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently the pseries machine code always attempts to set the size of the
guests's hash page table to 16MB. However, because of the way the POWER
MMU works, a suitable hash page table size should really depend on memory
size. 16MB will be excessive for guests with <1GB and RAM, and may not be
enough for guests with >2GB of RAM (depending on guest page size and
other factors).
The usual given rule of thumb is that the hash table should be 1/64 of
the size of memory, but in fact the Linux guests we are aiming at don't
really need that much. This patch, therefore, changes the hash table
allocation code to aim for 1/128 of the size of RAM (rounding up). When
using KVM, this size may still be adjusted by the host kernel if it is
unable to allocate a suitable (contiguous) table.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
In the paravirtualized environment provided by PAPR, there is a standard
locking scheme so that hypercalls updating the hash page table from
different guest threads don't corrupt the haah table state. We implement
this HVLOCK bit in out page table hypercalls. However, it is not necessary
in our case, since the hypercalls all run in the qemu environment under the
big qemu lock.
Therefore, this patch removes the locking code. This has the additional
advantage of freeing up a hash PTE bit which will be useful for migration
support.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Report from smatch:
ppc405_uc.c:209 dcr_read_pob(12) error: buffer overflow 'pob->besr' 2 <= 2
ppc405_uc.c:232 dcr_write_pob(12) error: buffer overflow 'pob->besr' 2 <= 2
The old code reads and writes besr[POB0_BESR1 - POB0_BESR0] or besr[2]
which is one too much.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently the ibm,int-on and ibm,int-off RTAS functions are implemented as
no-ops. This is because when implemented as specified in PAPR they caused
Linux (which calls both int-on/off and set-xive) to end up with interrupts
masked when they should not be. Since Linux's set-xive calls make the
int-on/off calls redundant, making them nops worked around the problem.
In fact, the problem was caused because there was a subtle bug in set-xive,
PAPR specifies that as well as updating the current priority, it also needs
to update the saved priority used by int-on/off. With this bug fixed the
problem goes away. This patch implements this more correct fix.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
On the pseries machine the IOMMU (aka TCE tables) is always active for all
PCI and VIO devices. Mostly to simplify the SLOF firmware, we implement an
extension which allows the IOMMU to be temporarily disabled for certain
devices.
Currently this is implemented by setting the device's DMAContext pointer to
NULL (thus reverting to qemu's default no-IOMMU DMA behaviour), then
replacing it when bypass mode is disabled.
This approach causes a bunch of complications though. It complexifies the
management of the DMAContext lifetimes, it's problematic for savevm/loadvm,
and it means that while bypass is active we have nowhere to store the
device's LIOBN (Logical IO Bus Number, used to identify DMA address
spaces). At present we regenerate the LIOBN from other address information
but this restricts how we can allocate LIOBNs.
This patch gives up on this approach, replacing it with the much simpler
one of having a 'bypass' boolean flag in the TCE state structure.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The general device state structure for PAPR VIO emulated devices includes a
'flags' field which was never used. This patch removes it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently the XICS interrupt controller emulation uses a custom enum to
specify whether a given interrupt is level-sensitive or message-triggered.
This enum makes life awkward for saving the state, and isn't particularly
useful since there are only two possibilities. This patch replaces the
enum with a simple bool.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The XICS interrupt controller emulation uses some C bitfield variables in
its internal state structure. This makes like awkward for saving the state
because we don't have easy VMSTATE helpers for bitfields.
This patch removes the bitfields, instead using explicit bit masking in a
single status variable.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The H_CEDE hypercall implementation for the pseries machine doesn't trigger
quite the right path in the main cpu exec loop. We should set exit_request
to pop up one extra level and recheck state, and we should set the
exception_index to EXCP_HLT (H_CEDE is roughly equivalent to the hlt
instruction on x86).
In practice, this doesn't really matter except for KVM, and KVM implements
H_CEDE internally so we never hit this code path. But we might as well
get it right, just in case it matters some day.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The XICS interrupt controller used on the pseries machine currently has no
reset handler. We can get away with this under some circumstances, but
it's not correct, and can cause failures if the XICS happens to be in the
wrong state at the time of reset.
This patch adds a hook to properly reset the XICS state.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The emulated PCI host bridge on the pseries machine incorporates an IOMMU
(PAPR TCE table). Currently the mappings in this IOMMU are not cleared
when we reset the system. This patch fixes this bug. To do this it adds
a new reset function to the IOMMU emulation code. The VIO devices already
reset their TCE tables, but they do so by destroying and re-creating their
DMA context. This doesn't work for the PCI host bridge, because the
infrastructure for PCI IOMMUs has already copied/cached the DMA pointer
context into the subordinate PCI device structures.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
When we reset the system, the reset method for VIO bus devices resets
the state of their request queue (if present) as it should. However
it was not resetting the state of their TCE table (DMA translation) if
present. It was also not resetting the state of the per-device signal
mask set with H_VIO_SIGNAL. This patch corrects both bugs, and also
removes some small code duplication in the reset paths.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
This adds support for then new "reset htab" ioctl which allows qemu
to properly cleanup the MMU hash table when the guest is reset. With
the corresponding kernel support, reset of a guest now works properly.
This also paves the way for indicating a different size hash table
to the kernel and for the kernel to be able to impose limits on
the requested size.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
A number of things need to occur during reset of the PAPR
paravirtualized platform in a specific order. For example, the hash
table needs to be cleared before the CPUs are reset, so that they
initialize their register state correctly, and the CPUs need to have
their main reset called before we set up the entry point state on the
boot cpu. We also need to have the main qdev reset happen before the
creation and installation of the device tree for the new boot, because
we need the state of the devices settled to correctly construct the
device tree.
We currently do the pseries once-per-reset initializations done from a
reset handler. However we can't adequately control when this handler
is called during the reset - in particular we can't guarantee it
happens after all the qdev resets (since qdevs might be registered
after the machine init function has executed).
This patch uses the new QEMUMachine reset method to to fix this
problem, ensuring the various order dependent reset steps happen in
the correct order.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The current pseries machine init function iterates over the CPUs at several
points, doing various bits of initialization. This is messy; these can
and should be merged into a single iteration doing all the necessary per
cpu initialization. Worse, some of these initializations were setting up
state which should be set on every reset, not just at machine init time.
A few of the initializations simply weren't necessary at all.
This patch, therefore, moves those things that need to be to the
per-cpu reset handler, and combines the remainder into two loops over
the cpus (which also creates them). The second loop is for setting up
hash table information, and will be removed in a subsequent patch also
making other fixes to the hash table setup.
This exposes a bug in our start-cpu RTAS routine (called by the guest to
start up CPUs other than CPU0) under kvm. Previously, this function did
not make a call to ensure that it's changes to the new cpu's state were
pushed into KVM in-kernel state. We sort-of got away with this because
some of the initializations had already placed the secondary CPUs into the
right starting state for the sorts of Linux guests we've been running.
Nonetheless the start-cpu RTAS call's behaviour was not correct and could
easily have been broken by guest changes. This patch also fixes it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This function is to be used during live migration. Every write access to the
guest memory should call this funcion so the Xen tools knows which pages are
dirty.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Currently it is assumed PCI device BAR access < 4G memory. If there is such a
device whose BAR size is larger than 4G, it must access > 4G memory address.
This patch enable the 64bits big BAR support on qemu.
Signed-off-by: Xudong Hao <xudong.hao@intel.com>
Signed-off-by: Xiantao Zhang <xiantao.zhang@intel.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
The Xen platform device will unplug any NICs if requested by the guest (PVonHVM)
including a NIC that would have been passthrough. This patch makes sure that a
passthrough device will not be unplug.
Reported-by: "Zhang, Yang Z" <yang.z.zhang@intel.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
We cannot cast directly from pointer to uint64.
Cc: Alex Williamson <alex.williamson@redhat.com>
Cc: Alex Barcelo <abarcelo@ac.upc.edu>
Reported-by: Alex Barcelo <abarcelo@ac.upc.edu>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Enabled for all softmmu guests supporting PCI on Linux hosts. Note
that currently only x86 hosts have the kernel side VFIO IOMMU support
for this. PPC (g3beige) is the only non-x86 guest known to work.
ARM (veratile) hangs in firmware, others untested.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This adds the core of the QEMU VFIO-based PCI device assignment driver.
To make use of this driver, enable CONFIG_VFIO, CONFIG_VFIO_IOMMU_TYPE1,
and CONFIG_VFIO_PCI in your host Linux kernel config. Load the vfio-pci
module. To assign device 0000:05:00.0 to a guest, do the following:
for dev in $(ls /sys/bus/pci/devices/0000:05:00.0/iommu_group/devices); do
vendor=$(cat /sys/bus/pci/devices/$dev/vendor)
device=$(cat /sys/bus/pci/devices/$dev/device)
if [ -e /sys/bus/pci/devices/$dev/driver ]; then
echo $dev > /sys/bus/pci/devices/$dev/driver/unbind
fi
echo $vendor $device > /sys/bus/pci/drivers/vfio-pci/new_id
done
See Documentation/vfio.txt in the Linux kernel tree for further
description of IOMMU groups and VFIO.
Then launch qemu including the option:
-device vfio-pci,host=0000:05:00.0
Legacy PCI interrupts (INTx) currently makes use of a kludge where we
trap BAR accesses and assume the access is in response to an interrupt,
therefore de-asserting and unmasking the interrupt. It's not quite as
targetted as using the EOI for this, but it's self contained and seems
to work across all architectures. The side-effect is a significant
performance slow-down for device in INTx mode. Some devices, like
graphics cards, don't really use their interrupt, so this can be turned
off with the x-intx=off option, which disables INTx alltogether. This
should be considered an experimental option until we refine this code.
Both MSI and MSI-X are supported and avoid these issues.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Move the common part of IDE/SCSI/virtio error handling to the block
layer. The new function bdrv_error_action subsumes all three of
bdrv_emit_qmp_error_event, vm_stop, bdrv_iostatus_set_err.
The same scheme will be used for errors in block jobs.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Do this while we are touching this part of the code, before introducing
more uses of "int is_read".
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This will let block-stream reuse the enum. Places that used the enums
are renamed accordingly.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
We want to remove knowledge of BLOCK_ERR_STOP_ENOSPC from drivers;
drivers should only be told whether to stop/report/ignore the error.
On the other hand, we want to keep using the nicer BlockErrorAction
name in the drivers. So rename the enums, while leaving aside the
names of the enum values for now.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Using the virtqueue_avail_bytes() function had an unnecessarily
crippling effect on the number of bytes needed by the guest as reported
to the chardev layer in the can_read() callback.
Using the new virtqueue_get_avail_bytes() function will let us advertise
the exact number of bytes we can send to the guest.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The current virtqueue_avail_bytes() is oddly named, and checks if a
particular number of bytes are available in a vq. A better API is to
fetch the number of bytes available in the vq, and let the caller do
what's interesting with the numbers.
Introduce virtqueue_get_avail_bytes(), which returns the number of bytes
for buffers marked for both, in as well as out. virtqueue_avail_bytes()
is made a wrapper over this new function.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The virtqueue_avail_bytes() function counts bytes in an int. Use an
unsigned int instead.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
offset of accessed buffer is calculated using iov_length, so it
can exceed accessed len. If that happens
math in len - offset wraps around, and size becomes wrong.
As real value is 0, so this is harmless but unnecessary.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This patch adds modelling of the two NOR flash banks found on the
Versatile Express motherboard. Tested with U-Boot running on an emulated
Versatile Express, with either A9 or A15 CoreTile.
Signed-off-by: Francesco Lavra <francescolavra.fl@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
In the A series memory map (implemented in the Cortex A15 CoreTile), the
first NOR flash bank (flash 0) is mapped to address 0x08000000, while
address 0x00000000 can be configured as alias to either the first or the
second flash bank. This patch fixes the definition of flash 0 address,
and for simplicity removes the alias definition.
Signed-off-by: Francesco Lavra <francescolavra.fl@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When setting up the NVIC memory regions the memory range
0x100..0xcff is aliased to an IO memory region that belongs
to the ARM GIC. This aliased region should be added to the
NVIC memory container, but the actual GIC IO memory region
was being added instead. This mixup was causing the wrong
IO memory access functions to be called when accessing parts
of the NVIC memory.
Signed-off-by: Meador Inge <meadori@codesourcery.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reading VECTADDR was causing us to set the current priority to
the wrong value, the most obvious effect of which was that we
would return the vector for the wrong interrupt as the result
of the read.
Signed-off-by: Brendan Fennell <bfennell@skynet.ie>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
There is no need to open-code the choice between a file descriptor
number or a named one. Just use monitor_handle_fd_param, which
also takes care of printing the error message.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
With the IOMMU infrastructure introduced before 1.2, we need to use
dma_memory_map() to obtain a qemu pointer to memory from an IO bus address.
However, dma_memory_map() alters the given length to reflect the length
over which the used DMA translation is valid - which could be either more
or less than the requested length.
usb_packet_map() does not correctly handle these cases, simply failing if
dma_memory_map() alters the requested length. If dma_memory_map()
increased the length, we just need to use the requested length for the
qemu_iovec_add(). However, if it decreased the length, it means that a
single DMA translation is not valid for the whole sglist element, and so
we need to loop, splitting it up into multiple iovec entries for each
piece with a DMA translation (in practice >2 pieces is unlikely).
This patch implements the correct behaviour
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
There are several issues with our handling of the MULT epcap field
of interrupt qhs, which this patch fixes.
1) When we don't execute a transaction because of the transaction counter
being 0, p->async stays EHCI_ASYNC_NONE, and the next time we process the
same qtd we hit an assert in ehci_state_fetchqtd because of this. Even though
I believe that this is caused by 3 below, this patch still removes the assert,
as that can still happen without 3, when multiple packets are queued for the
same interrupt ep.
2) We only *check* the transaction counter from ehci_state_execute, any
packets queued up by fill_queue bypass this check. This is fixed by not calling
fill_queue for interrupt packets.
3) Some versions of Windows set the MULT field of the qh to 0, which is a
clear violation of the EHCI spec, but still they do it. This means that we
will never execute a qtd for these, making interrupt ep-s on USB-2 devices
not work, and after recent changes, triggering 1).
So far we've stored the transaction counter in our copy of the mult field,
but with this beginnig at 0 already when dealing with these version of windows
this won't work. So this patch adds a transact_ctr field to our qh struct,
and sets this to the MULT field value on fetchqh. When the MULT field value
is 0, we set it to 4. Assuming that windows gets way with setting it to 0,
by the actual hardware going horizontal on a 1 -> 0 transition, which will
give it 4 transactions (MULT goes from 0 - 3).
Note that we cannot stop on detecting the 1 -> 0 transition, as our decrement
of the transaction counter, and checking for it are done in 2 different places.
Reported-by: Shawn Starr <shawn.starr@rogers.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Set maxports to 15. This is what the usb3 route string can handle.
Set maxslots to 64. This is more than the number of root ports we
can have, but with additional hubs you can end up with more devices.
Set maxintrs (aka msi vectors) to 16. Should be enougth, especially
considering that vectors are a limited ressource. Linux guests use
only three at the moment.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Added an option to let qemu transfer a configuration file to bios,
"etc/boot-fail-wait", which could be specified by command
-boot reboot-timeout=T
T have a max value of 0xffff, unit is ms.
With this option, guest will wait for a given time if not find
bootabled device, then reboot. If reboot-timeout is '-1', guest
will not reboot, qemu passes '-1' to bios by default.
This feature need the new seabios's support.
Seabios pulls the value from the fwcfg "file" interface, this
interface is used because SeaBIOS needs a reliable way of
obtaining a name, value size, and value. It in no way requires
that there be a real file on the user's host machine.
Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch adds a "use64" property which will make the ivshmem driver
register a 64bit memory bar when set, so you have something to play with
when testing 64bit pci bits. It also allows to have quite big shared
memory regions, like this:
[root@fedora ~]# lspci -vs1:1
01:01.0 RAM memory: Red Hat, Inc Device 1110
Subsystem: Red Hat, Inc Device 1100
Physical Slot: 1-1
Flags: fast devsel
Memory at fd400000 (32-bit, non-prefetchable) [disabled] [size=256]
Memory at 8040000000 (64-bit, prefetchable) [size=1G]
[ v5: rebase, update compat property for post-1.2 merge ]
[ v4: rebase & adapt to latest master again ]
[ v3: rebase & adapt to latest master ]
[ v2: default to on as suggested by avi,
turn off for pc-$old using compat property ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Cam Macdonell <cam@cs.ualberta.ca>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
In addition, there is no need to allocate an extra irq just for
rising SCI in irq handler. Just rise SCI right from notifier
handler instead.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* stefanha/trivial-patches:
w32: Always use standard instead of native format strings
net/socket: Fix compiler warning (regression for MinGW)
linux-user: Remove redundant null check and replace free by g_free
qemu-timer: simplify qemu_run_timers
TextConsole: saturate escape parameter in TTY_STATE_CSI
curses: don't initialize curses when qemu is daemonized
dtrace backend: add function to reserved words
pflash_cfi01: Fix warning caused by unreachable code
ioh3420: Remove unreachable code
lm4549: Fix buffer overflow
cadence_uart: Fix buffer overflow
qemu-sockets: Fix potential memory leak
qemu-ga: Remove unreachable code after g_error
target-i386: Allow tsc-frequency to be larger then 2.147G
* bonzini/scsi-next:
SCSI: Standard INQUIRY data should report HiSup flag as set.
scsi-disk: use scsi_data_cdb_length
scsi: introduce scsi_cdb_length and scsi_data_cdb_length
scsi-disk: fix check for out-of-range LBA
scsi-disk: introduce check_lba_range
iSCSI: We dont need to explicitely call qemu_notify_event() any more
iSCSI: We need to support SG_IO also from iscsi_ioctl()
Report from smatch:
hw/pflash_cfi01.c:431 pflash_write(180) info: ignoring unreachable code.
Instead of removing the return statement after the switch statement,
the patch replaces the return statements in the switch statement by
break statements. Other switch statements in the same code do it also
like that.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
Report from smatch:
hw/ioh3420.c:128 ioh3420_initfn(35) info: ignoring unreachable code.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
Report from smatch:
lm4549.c:234 lm4549_write_samples(14) error:
buffer overflow 's->buffer' 1024 <= 1024
There must be enough space to add two entries starting with index
s->buffer_level, therefore the old check was wrong.
[Peter Maydell <peter.maydell@linaro.org> clarifies the nature of the
analyser warning:
I don't object to making the change to placate the analyser,
but I don't think this is actually a buffer overrun. We always
add and remove samples from the buffer two at a time, so it's
not possible to get here with s->buffer_level == BUFFER_SIZE-1
(which is the only case where the old and new conditions
give different answers).]
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
Report from smatch:
hw/cadence_uart.c:413 uart_read(13) error: buffer overflow 's->r' 18 <= 18
This fixes read access to s->r[R_MAX] which is behind the limits of s->r.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
* 'usb.65' of git://git.kraxel.org/qemu:
uhci: Don't queue up packets after one with the SPD flag set
usb-redir: Revert usb-redir part of commit 93bfef4c
usb-redir: Add chardev open / close debug logging
usb-redir: Add support for migration
usb-redir: Store max_packet_size in endp_data
usb-redir: Add an already_in_flight packet-id queue
usb-redir: Change cancelled packet code into a generic packet-id queue
ehci: Walk async schedule before and after migration
ehci: Don't set seen to 0 when removing unseen queue-heads
configure: usbredir fixes
ehci: Don't process too much frames in 1 timer tick (v2)
ehci: Fix interrupts stopping when Interrupt Threshold Control is 8
ehci: switch to new-style memory ops
usb-host: allow emulated (non-async) control requests without USBPacket
QEMU as far as I know only reports LUN numbers using the modes that
are described in SAM4.
As such, since all LUN numbers generated by the SCSI emulation in QEMU
follow SAM4, we should set the HiSup bit in the standard INQUIRY data
to indicate such.
From SAM4:
4.6.3 LUNs overview
All LUN formats described in this standard are hierarchical in
structure even when only a single level in that hierarchy is used.
The HISUP bit shall be set to one in the standard INQUIRY data
(see SPC-4) when any LUN format described in this standard is used.
Non-hierarchical formats are outside the scope of this standard.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
This fix is needed to correctly handle 0-block read and writes.
Without it, a 0-block access at LBA 0 would underflow.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Drop the private reimplementation of ctz32() from pflash_cfi0[12]
in favour of using the standard version from host-utils.h.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
pflash_cfi01 announces a version number of 1.1, which implies
"Protection Register Information" and "Burst Read information"
sections, which are not provided.
Decrease the version number to 1.0 so that only the "Protection
Register Information" section is needed.
Set the number of protection fields (0x3f) to 0x01, as 0x00 means 256
protections field, which makes the CFI table bigger than the current
implementation, causing some kernels to fail to read it.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
There was a missing include of qemu-log and a variable name in a printf was out
of date.
Signed-off-by: Chris Wulff <crwulff@gmail.com>
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Assert that the ethernet and dma controller are sucessfully linked to their
peers.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
The "frequency" qdev prop matches the "clock-frequency" property in Xilinx EDK.
Renamed "frequency" -> "clock-frequency" accordingly.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
* kwolf/for-anthony:
block: Don't forget to delete temporary file
Don't require encryption password for 'qemu-img info' command
qemu-img: Add json output option to the info command.
qapi: Add SnapshotInfo and ImageInfo.
ahci: properly reset PxCMD on HBA reset
block: fix block tray status
vdi: Fix warning from clang
block/curl: Fix wrong free statement
ide: Fix error messages from static code analysis (no real error)
ATAPI: STARTSTOPUNIT only eject/load media if powercondition is 0
sheepdog: fix savevm and loadvm
* stefanha/trivial-patches:
configure: fix seccomp check
arch_init.c: add missing '%' symbols before PRIu64 in debug printfs
kvm: Fix warning from static code analysis
qapi: Fix enumeration typo error
console: Clean up bytes per pixel calculation
Fix copy&paste typos in documentation comments
linux-user: Remove #if 0'd cpu_get_real_ticks() definition
ui: Fix spelling in comment (ressource -> resource)
Spelling fixes in comments and macro names (ressource -> resource)
Fix spelling (licenced -> licensed) in GPL
Spelling fixes in comments and documentation
srp: Don't use QEMU_PACKED for single elements of a structured type
* stefanha/net:
net: EAGAIN handling for net/socket.c TCP
net: EAGAIN handling for net/socket.c UDP
net: asynchronous send/receive infrastructure for net/socket.c
net: broadcast hub packets if at least one port can receive
net: fix usbnet_receive() packet drops
net: clean up usbnet_receive()
net: add -netdev options to man page
net: do not report queued packets as sent
net: add receive_disabled logic to iov delivery path
eepro100: Fix network hang when rx buffers run out
xen: flush queue when getting an event
e1000: flush queue whenever can_receive can go from false to true
net: notify iothread after flushing queue
* qemu-kvm/uq/master:
kvm: Rename irqchip_inject_ioctl to irq_set_ioctl
kvm: Stop flushing coalesced MMIO on vmexit
VGA: Flush coalesced MMIO on related MMIO/PIO accesses
memory: Flush coalesced MMIO on mapping and state changes
memory: Fold memory_region_update_topology into memory_region_transaction_commit
memory: Use transaction_begin/commit also for single-step operations
memory: Flush coalesced MMIO on selected region access
kvm-all.c: Move init of irqchip_inject_ioctl out of kvm_irqchip_create()
update-linux-headers.sh: Don't hard code list of architectures
We have debugcon these days to listen on those ports that receive debug
messages. Also drop the others that have no effect anymore.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Now that CONFIG_TCG_PASS_AREG0 is enabled for all targets,
remove dead code and support for !CONFIG_TCG_PASS_AREG0 case.
Remove dyngen-exec.h and all references to it. Although included by
hw/spapr_hcall.c, it does not seem to use it.
Remove unused HELPER_CFLAGS.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
The USB network interface has a single buffer which the guest reads
from. This patch prevents multiple calls to usbnet_receive() from
clobbering the input buffer. Instead we queue packets until buffer
space becomes available again.
This is inspired by virtio-net and e1000 rxbuf handling.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
The USB network interface has two code paths depending on whether or not
RNDIS mode is enabled. Refactor usbnet_receive() so that there is a
common path throughout the function instead of duplicating everything
across if (is_rndis(s)) ... else ... code paths.
Clean up coding style and 80 character line wrap along the way.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
This is reported by QA. When installing os with pxe, after the initial
kernel and initrd are loaded, the procedure tries to copy files from install
server to local harddisk, the network becomes stall because of running out of
receive descriptor.
[Whitespace fixes and removed qemu_notify_event() because Paolo's
earlier net patches have moved it into qemu_flush_queued_packets().
Additional info:
I can reproduce the network hang with a tap device doing a iPXE HTTP
boot as follows:
$ qemu -enable-kvm -m 1024 \
-netdev tap,id=netdev0,script=no,downscript=no \
-device i82559er,netdev=netdev0,romfile=80861209.rom \
-drive if=virtio,cache=none,file=test.img
iPXE> ifopen net0
iPXE> config # set static network configuration
iPXE> kernel http://mirror.bytemark.co.uk/fedora/linux/releases/17/Fedora/x86_64/os/images/pxeboot/vmlinuz
I needed a vanilla iPXE ROM to get to the iPXE prompt. I think the boot
prompt has been disabled in the ROMs that ship with QEMU to reduce boot
time.
During the vmlinuz HTTP download there is a network hang. hw/eepro100.c
has reached the end of the rx descriptor list. When the iPXE driver
replenishes the rx descriptor list we don't kick the QEMU net subsystem
and event loop, thereby leaving the tap netdev without its file
descriptor in select(2).
Stefan Hajnoczi <stefanha@gmail.com>]
Signed-off-by: Bo Yang <boyang@suse.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
xen does not have a register that, when written, will cause can_receive
to go from false to true. However, flushing the queue can be attempted
whenever the front-end raises its side of the Xen event channel. There
is a single event channel for tx and rx.
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
When the guests replenish the receive ring buffer, the network device
should flush its queue of pending packets. This is done with
qemu_flush_queued_packets.
e1000's can_receive can go from false to true when RCTL or RDT are
modified.
Reported-by: Luigi Rizzo <rizzo@iet.unipi.it>
Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Cc: Jan Kiszka <jan.kiszka@siemens.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
virtio-net has code to flush the queue and notify the iothread
whenever new receive buffers are added by the guest. That is
fine, and indeed we need to do the same in all other drivers.
However, notifying the iothread should be work for the network
subsystem. And since we are at it we can add a little smartness:
if some of the queued packets already could not be delivered,
there is no need to notify the iothread.
Reported-by: Luigi Rizzo <rizzo@iet.unipi.it>
Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Cc: Jan Kiszka <jan.kiszka@siemens.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Macro XEN_HOST_PCI_RESOURCE_BUFFER_SIZE is only used locally,
so the change should be safe.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
These wrong spellings were detected by codespell:
* successully -> successfully
* alot -> a lot
* wanna -> want to
* infomation -> information
* occured -> occurred
["also is" -> "is also" and "ressources" -> "resources" suggested by
Peter Maydell <peter.maydell@linaro.org>]
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
QEMU_PACKED results in a MinGW compiler warning when it is
used for single structure elements:
warning: 'gcc_struct' attribute ignored
Using QEMU_PACKED for the whole structure avoids the compiler warning
without changing the memory layout.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Don't queue up packets after a packet with the SPD (short packet detect)
flag set. Since we won't know if the packet will actually be short until it
has completed, and if it is short we should stop the queue.
This fixes a miniature photoframe emulating a USB cdrom with the windows
software for it not working.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit 93bfef4c6e makes qemu-devices
which report the qemu version string to the guest in some way use a
qemu_get_version function which reports a machine-specific version string.
However usb-redir does not expose the qemu version to the guest, only to
the usbredir-host as part of the initial handshake. This can then be logged
on the usbredir-host side for debugging purposes and is otherwise completely
unused! For debugging purposes it is important to have the real qemu version
in there, rather then the machine-specific version.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
So that we've a place to migrate it to / from to allow restoring it after
migration.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
After a live migration, the usb-hcd will re-queue all packets by
walking over the schedule in the guest memory again, but requests which
were encountered on the migration source before will already be in flight,
so these should *not* be re-send to the usbredir-host.
This patch adds an already in flight packet ud queue, which will be filled by
the source before migration and then moved over to the migration dest, any
async handled packets are then checked against this queue to avoid sending
the same packet to the usbredir-host twice.
Signed-off-by: Hans de Goede <hdegoede@redhat,com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When removing unseen queue-heads from the async queue list, we should not
set the seen flag to 0, as this may cause them to be removed by
ehci_queues_rip_unused() during the next call to ehci_advance_async_state()
if the timer is late or running at a low frequency.
Note:
1) This *may* have caused the instant unlink / relinks described in commit
9bc3a3a216
2) Rather then putting more if-s inside ehci_queues_rip_unused, this patch
instead introduces a new ehci_queues_rip_unseen function.
3) This patch also makes it save to call ehci_queues_rip_unseen() multiple
times, which gets used in the folluw up patch titled:
"ehci: Walk async schedule before and after migration"
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Until now we used only the agent to change the monitor count and each
monitor resolution. This patch introduces the qemu part of using the
device as the mediator instead of the agent via virtio-serial.
Spice (>=0.11.5) calls the new QXLInterface::client_monitors_config,
which returns wether the interrupt is enabled, and if so and given a non
NULL monitors config will
generate an interrupt QXL_INTERRUPT_CLIENT_MONITORS_CONFIG with crc
checksum for the guest to verify a second call hasn't interfered.
The maximal number of monitors is limited on the QXLRom to 64.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add two new trace events:
qxl_send_events(int qid, uint32_t events) "%d %d"
qxl_set_guest_bug(int qid) "%d"
Change qxl_io_unexpected_vga_mode parameters to be equivalent to those
of qxl_io_write for easier grouping under a single systemtap probe.
Change d to qxl in one place.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
While testing q35, I found that windows 7 (specifically, windows 7 ultimate
with sp1 x64), wouldn't install because it can't find the cdrom or disk drive.
The failure message is: 'A required cd/dvd device driver is missing. If you
have a driver floppy disk, CD, DVD, or USB flash drive, please insert it now.'
This can also be reproduced on piix by adding an ahci controller, and
observing that windows 7 does not see any devices behind it.
The problem is that when windows issues a HBA reset, qemu does not reset the
individual ports' PxCMD register. Windows 7 then reads back the PxCMD register
and presumably assumes that the ahci controller has already been initialized.
Windows then never sets up the PxIE register to enable interrupts, and thus it
never gets irqs back when it sends ata device inquiry commands.
This change brings qemu into ahci 1.3 specification compliance.
Section 10.4.3 HBA Reset:
"
When GHC.HR is set to '1', GHC.AE, GHC.IE, the IS register, and all port
register fields (except PxFB/PxFBU/PxCLB/PxCLBU) that are not HwInit in the
HBA's register memory space are reset.
"
I've also re-tested Fedora 16 and 17 to verify that they continue to work with
this change.
Signed-off-by: Jason Baron <jbaron@redhat.com>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Report from smatch:
hw/ide/core.c:1472 ide_exec_cmd(423) error: buffer overflow 'smart_attributes' 8 <= 29
hw/ide/core.c:1474 ide_exec_cmd(425) error: buffer overflow 'smart_attributes' 8 <= 29
hw/ide/core.c:1475 ide_exec_cmd(426) error: buffer overflow 'smart_attributes' 8 <= 29
...
The upper limit of 30 was never reached because both for loops terminated
when 'smart_attributes' reached end of list, so there was no real buffer
overflow.
Nevertheless, changing the code not only fixes the error report, but also
reduces the size of smart_attributes and simplifies the for loops.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The START STOP UNIT command will only eject/load media if
power condition is zero.
If power condition is !0 then LOEJ and START will be ignored.
From MMC (sbc contains similar wordings too)
The Power Conditions field requests the block device to be placed
in the power condition defined in
Table 558. If this field has a value other than 0h then the Start
and LoEj bits shall be ignored.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The Linux ehci isoc scheduling code fills the entire schedule ahead of
time minus 80 frames. If we make a large jump in where we are in the
schedule, ie 40 frames, then the scheduler all of a sudden will only have
40 frames left to work in, causing it to fail packet submissions
with error -27 (-EFBIG).
Changes in v2:
-Don't hardcode a maximum number of frames to process in one tick, instead:
-Process a minimum number of frames to ensure we do eventually catch up
-Stop (after the minimum number) when the guest has requested an irq
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
If Interrupt Threshold Control is 8 or a multiple of 8, then
s->usbsts_frindex can become exactly 0x4000, at which point
(s->usbsts_frindex > s->frindex) will never become true, as
s->usbsts_frindex will not be lowered / reset in this case.
This patch fixes this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Also register different memory regions for capabilities,
operational registers and port status registers. Create
separate tracepoints for operational regs and port status
regs. Ditch a bunch of sanity checks because the memory
core will do this for us now.
Offloading the byte, word and dword access handling to the
memory core also has the side effect of fixing ehci register
access on bigendian hosts.
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add back a call to qxl_spice_destroy_surface_wait_complete() in qxl_spice_destroy_surface_wait(),
that was removed by commit c480bb7da4
It is needed to complete surface-removal cleanup, for non async.
For async, qxl_spice_destroy_surface_wait_complete is called upon operation completion.
Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
xhci needs this for USB_REQ_SET_ADDRESS due to the way
usb addressing is handled by the xhci hardware.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The recent introduction of set_client_capabilities has broken
(seamless) migration by trying to call qxl_send_events pre (seamless
incoming) and post (*) migration, triggering the following assert:
qxl_send_events: Assertion `qemu_spice_display_is_running(&d->ssd)' failed.
The solution is easy, pre migration the guest will have already received
the client caps on the migration source side, and post migration there no
longer is a guest, so we can simply ignore the set_client_capabilities call
in both those scenarios.
*) Post migration, so not fatal for to the migration itself, but still a crash
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
In preparation of stopping to flush coalesced MMIO unconditionally on
vmexits, mark VGA MMIO and PIO regions as synchronous /wrt coalesced
MMIO and flush the buffer explicitly on PIO accesses that do not use
generic memory regions yet.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
... and register subregions instead, so we offload the dispatching
to the the memory subsystem which is designed to handle it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Move all state belonging to the (single) interrupter into a separate
struct. First step in adding support for multiple interrupters.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Split xhci_irq_update into a function which handles intx updates
(including lowering the irq line once the guests acks the interrupt)
and one which is used for raising an irq only.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Drop custom write_config function which isn't needed any more.
Make the msi property a bit property so it accepts 'on' & 'off'.
Enable MSI by default.
TODO: add compat property to disable on old machine types.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add support for building superspeed endpoint companion descriptors,
create them for superspeed usb devices.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch changes the way xhci ports are linked to USBPorts. The fixed
1:1 relationship between xhci ports and USBPorts is gone. Now each
USBPort represents a physical plug which has usually two xhci ports
assigned: one usb2 and ond usb3 port. usb devices show up at one or the
other, depending on whenever they support superspeed or not.
This patch also makes the number of usb2 and usb3 ports runtime
configurable by adding 'p2' and 'p3' properties. It is allowed to
have different numbers of usb2 and usb3 ports. Specifying p2=4,p3=2
will give you an xhci adapter which supports all speeds on physical
ports 1+2 and usb2 only on ports 3+4.
Change the register layout to be a bit more sparse and also not depend
on the number of ports. Useful when for making the number of ports
runtime-configurable.
This patch splits the xhci_xfer_data function into three.
The xhci_xfer_data function used to do does two things:
(1) copy transfer data between guest memory and a temporary buffer.
(2) report transfer results to the guest using events.
Now we three functions to handle this:
(1) xhci_xfer_map creates a scatter list for the transfer and
uses that (instead of the temporary buffer) to build a
USBPacket.
(2) xhci_xfer_unmap undoes the mapping.
(3) xhci_xfer_report sends out events.
The patch also fixes reporting of transaction errors which must be
reported unconditinally, not only in case the guest asks for it
using the ISP flag.
[ v2: fix warning ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
original xhci code (the one which used libusb directly) used to use
'background transfers' for iso streams. In upstream qemu the iso
stream buffering is handled by usb-host & usb-redir, so we will
never ever need this. It has been left in as reference, but is dead
code anyway. Rip it out.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Windows users need to know that they have to use the Baum driver to make
the qemu braille device work.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
In order for redirection to work properly when redirecting to an emulated
XHCI controller, the usb-redir-host must support both
usb_redir_cap_ep_info_max_packet_size and usb_redir_cap_64bits_ids,
reject any devices redirected to an XHCI controller when these are not
supported.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This is needed for usb-redir to work properly with the xhci emulation.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This gives us support for 64 bit ids which is needed for using XHCI with
the new hcd generated ids.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Babble is the appropriate error in this case (rather then signalling a stall).
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This is a preparation patch for completely getting rid of the async-packet
struct in usb-redir, instead relying on the (new) per ep queues in the
qemu usb core.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The shadow copy only serves as an extra check (besides the packet-id) to
ensure the packet we get back is a reply to the packet we think it is.
This check has never triggered in all the time usb-redir is in use now,
and since the verified data in the returned packet-header is not used
otherwise, removing the check does not open any possibilities for the
usbredirhost to confuse us.
This is a preparation patch for completely getting rid of the async-packet
struct in usb-redir, instead relying on the (new) per ep queues in the
qemu usb core.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This is a preparation patch for completely getting rid of the async-packet
struct in usb-redir, instead relying on the (new) per ep queues in the
qemu usb core.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
There is no need for this, and doing so means that a backend trying to
write immediately after an open event will see qemu_chr_be_can_write
returning 0, which not all backends handle well as there is no wakeup
mechanism to detect when the frontend does become writable.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
USB_RET_NAK is not a valid response for async handled packets (and will
trigger an assert as such).
Also drop the warning when receiving a status of cancelled for packets not
cancelled by qemu itself, this can happen when a device gets unredirected
by the usbredir-host while transfers are pending.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Since my previous comment said "Should never happen", I tried changing the
next line to an assert(0), which did not go well, which as the new comments
explains is logical if you think about it for a moment.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
USB_RET_PROCERR can be triggered by the guest (by for example requesting more
then BUFFSIZE bytes), so don't assert on it.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Currently each time we try to execute a NAK-ed packet we redo
ehci_init_transfer, and usb_packet_map, re-allocing (without freeing) the
sg list every time.
This patch fixes this, it does this by introducing another async state, so
that we also properly cleanup a NAK-ed packet on cancel.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
make qemu_queue_{cancel,reset} return the number of packets released,
so the caller can figure whenever there have been active packets even
though there shouldn't have been any. Add tracepoint to log this.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reported packets which have completed before being cancelled as such to the
host. Note that the new code path this patch adds is untested since it I've
been unable to actually trigger the race which needs this code path.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
-combine the qh check with the check for devaddr changes
-also ensure that p gets set to NULL when the queue gets cancelled on
devaddr change, which was not done properly before this patch
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
This reverts commit 9bc3a3a216, which got
added to fix an issue where the real, underlying cause was not stopping
the ep queue on an error.
Now that the underlying cause is fixed by the "usb: Halt ep queue and
cancel pending packets on a packet error" patch, the "don't flush" fix
is no longer needed.
Not only is it not needed, it causes us to see cancellations (unlinks)
done by the Linux EHCI driver too late, which in combination with the new
usb-core packet-id generation where qtd addresses are used as ids, causes
duplicate ids for in flight packets.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
This can happen with usb-redir live-migration when the packet gets re-queued
after the migration and the original queuing from the migration source side
has already finished.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This way the hcd can re-use the same packet to retry without needing
to re-init it.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
If an (emulated) usb-device tries to write more data to a packet then
its iov len, this will trigger an assert in usb_packet_copy(), and if
a driver somehow circumvents that check and writes more data to the
iov then there is space, we have a much bigger problem then not correctly
reporting babble to the guest.
In practice babble will only happen with (real) redirected devices, and there
both the usb-host os and the qemu usb-device code already check for it.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch makes rtc_set_time and rtc_set_cmos work without reading
s->current_tm. In the case of rtc_set_time I introduce a new
function that retrieves the time and stores into a given struct tm
(not hard-coded to s->current_tm). In the case of rtc_set_cmos, the
current time is similarly taken from a struct tm rather than
s->current_tm.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch limits further the usage of a periodic timer. It computes the
time of the next alarm, and uses it to skip all intermediate occurrences
of the timer.
Cc: Yang Zhang <yang.z.zhang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The first update cycle begins one-half seconds after divider
reset is removed. This feature is useful for testing.
Signed-off-by: Yang Zhang <yang.z.zhang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Calculate guest RTC based on the time of the last update, instead of
using timers. The formula is
(base_rtc + guest_time_now - guest_time_last_update + offset)
Base_rtc is the RTC value when the RTC was last updated.
Guest_time_now is the guest time when the access happens.
Guest_time_last_update was the guest time when the RTC was last updated.
Offset is used when divider reset happens or the set bit is toggled.
The timer is kept in order to signal interrupts, but it only needs to
run when either UF or AF is cleared. When the bits are both set, the
timer does not run.
UIP is now synthesized when reading register A. If the timer is not set,
or if there is more than one second before it (as is the case at the
end of this series), the leading edge of UIP is computed and the rising
edge occurs 220us later. If the update timer occurs within one second,
however, the rising edge of the AF and UF bits should coincide withe
the falling edge of UIP. We do not know exactly when this will happen
because there could be delays in the servicing of the timer. Hence, in
this case reading register A only computes for the rising edge of UIP,
and latches the bit until the timer is fired and clears it.
Signed-off-by: Yang Zhang <yang.z.zhang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
If an interrupt flag is already set when the interrupt becomes enabled,
raise an interrupt immediately, and vice versa if interrupts become
disabled.
Signed-off-by: Yang Zhang <yang.z.zhang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Yang Zhang <yang.z.zhang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Changing the DM (binary/BCD) and 24/12 control bit doesn't affect the internal
registers. It only indicates what format is used for those registers.
Signed-off-by: Yang Zhang <yang.z.zhang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* qemu-kvm/uq/master:
kvm: i386: Add classic PCI device assignment
kvm: i386: Add services required for PCI device assignment
kvm: Introduce kvm_has_intx_set_mask
kvm: Introduce kvm_irqchip_update_msi_route
kvm: Clean up irqfd API
qemu: Use valgrind annotations to mark kvm guest memory as defined
* mst/tags/for_anthony:
vhost: Pass device path to vhost_dev_init()
monitor: Rename+move net_handle_fd_param -> monitor_handle_fd_param
pcie_aer: clear cmask for Advanced Error Interrupt Message Number
pcie: drop version_id field for live migration
qemu: add .exrc
* 'spice.v59' of git://anongit.freedesktop.org/spice/qemu:
Remove #ifdef QXL_COMMAND_FLAG_COMPAT_16BPP
qxl: Add set_client_capabilities() interface to QXLInterface
spice: make number of surfaces runtime-configurable.
configure: print spice-protocol and spice-server versions
qxl: add QXL_IO_MONITORS_CONFIG_ASYNC
qxl: disallow unknown revisions
qxl/update_area_io: guest_bug on invalid parameters
spice: increase the verbosity of spice section in "qemu --help"
spice: adding seamless-migration option to the command line
spice: add 'migrated' flag to spice info
spice migration: add QEVENT_SPICE_MIGRATE_COMPLETED
spice: notify on vm state change only via spice_server_vm_start/stop
spice: notify spice server on vm start/stop
spice: abort on invalid streaming cmdline params
Report from smatch:
hw/wm8750.c:369 wm8750_tx(12) error: buffer overflow 's->i2c_data' 2 <= 2
It looks like the preprocessor statements were simply misplaced.
Replace also __FUNCTION__ by __func__ to please checkpatch.pl.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This adds PCI device assignment for i386 targets using the classic KVM
interfaces. This version is 100% identical to what is being maintained
in qemu-kvm for several years and is supported by libvirt as well. It is
expected to remain relevant for another couple of years until kernels
without full-features and performance-wise equivalent VFIO support are
obsolete.
A refactoring to-do that should be done in-tree is to model MSI and
MSI-X support via the generic PCI layer, similar to what VFIO is already
doing for MSI-X. This should improve the correctness and clean up the
code from duplicate logic.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Acked-by: Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
No need to expose the fd-based interface, everyone will already be fine
with the more handy EventNotifier variant. Rename the latter to clarify
that we are still talking about irqfds here.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
The old arithmetic assumed 32 physical address bits which is no longer
true for ARM since 3cc0cd61f4.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The lan9118 emulation tries to compute the multicast index by calling
directly the crc32() function from zlib, but fails to get the correct
result.
Use the common compute_mcast_idx() function instead, which gives the
correct result. This fixes IPv6 support.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Find a hopefully proper patch attached. Take it or leave it.
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Henning Schild <henning@hennsch.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The path to /dev/vhost-net is currently hardcoded in vhost_dev_init().
This needs to be changed so that /dev/vhost-scsi can be used. Pass in
the device path instead of hardcoding it.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The Advanced Error Interrupt Message Number (bits 31:27 of the Root
Error Status Register) is updated when the number of msi messages assigned to a
device changes. Migration of windows 7 on q35 chipset failed because the check
in get_pci_config_device() fails due to cmask being set on these bits. Its valid
to update these bits and we must restore this state across migration.
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
While testing q35 live migration, I found that the migration would abort with
the following error: "Unknown savevm section type 76".
The error is due to this check failing in 'vmstate_load_state()':
while(field->name) {
if ((field->field_exists &&
field->field_exists(opaque, version_id)) ||
(!field->field_exists &&
field->version_id <= version_id)) {
The VMSTATE_PCIE_DEVICE() currently has a 'version_id' set to 2. However,
'version_id' in the above check is 1. And thus we fail to load the pcie device
field. Further the code returns to 'qemu_loadvm_state()' which produces the
error that I saw.
I'm proposing to fix this by simply dropping the 'version_id' field from
VMSTATE_PCIE_DEVICE(). VMSTATE_PCI_DEVICE() defines no such field and further
the vmstate_pcie_device that VMSTATE_PCI_DEVICE() refers to is already
versioned. Thus, any versioning issues could be detected at the vmsd level.
Taking a step back, I think that the 'field->version_id' should be compared
against a saved version number for the field not the 'version_id'. Futhermore,
once vmstate_load_state() is called recursively on another vmsd, the check of:
if (version_id > vmsd->version_id) {
return -EINVAL;
}
Will never fail since version_id is always equal to vmsd->version_id. So I'm
wondering why we aren't storing the vmsd version id of the source in the
migration stream?
This patch also renames the 'name' field of vmstate_pcie_device from:
PCIDevice -> PCIEDevice to differentiate it from vmstate_pci_device.
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Fix the spelling of 'palette' used in various local variables,
structure members and comments.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Avoids confusion with the global ppm_save() defined in hw/vga.c.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
All devices that register a screen dump callback via
graphic_console_init() are updated.
The new argument is not used in this commit. Error handling will
be added to each device individually later.
This change is a preparation to convert the screendump command
to the QAPI.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
We require spice >= 0.8 now, so this flag is always present.
Signed-off-by: Soren Sandmann <ssp@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This new interface lets spice server inform the guest whether
(a) a client is connected
(b) what capabilities the client has
There is a fixed number (464) of bits reserved for capabilities, and
when the capabilities bits change, the QXL_INTERRUPT_CLIENT interrupt
is generated.
Signed-off-by: Soren Sandmann <ssp@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Revision bumped to 4 for new IO support, enabled for spice-server >=
0.11.1. New io enabled if revision is 4. Revision can be set to 4.
[ kraxel: 3 continues to be the default revision. Once we have a new
stable spice-server release and the qemu patches to enable
the new bits merged we'll go flip the switch and make rev4
the default ]
This io calls the corresponding new spice api
spice_qxl_monitors_config_async to let spice-server read a new guest set
monitors config and notify the client.
On migration reissue spice_qxl_monitors_config_async.
RHBZ: 770842
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
fixup
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Kick next scsi transfer from request release callback instead of command
completion callback, otherwise we might get stuck in case scsi_req_unref()
doesn't release the request instantly due to someone else holding a
reference too.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
One of the recent changes (likely the addition of queuing support) has broken
interrupt endpoints, this patch fixes this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
ehci_state_executing does not need to check for p->usb_status == USB_RET_ASYNC
or USB_RET_PROCERR, since ehci_execute_complete already does a similar check
and will trigger an assert if either value is encountered.
USB_RET_ASYNC should never be the packet status when execute_complete runs
for obvious reasons, and USB_RET_PROCERR is only used by ehci_state_execute /
ehci_execute not by ehci_state_executing / ehci_execute_complete.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
ehci_qh_do_overlay() already calls ehci_flush_qh() before it returns, calling
it twice is useless.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
After the "ehci: Print a warning when a queue unexpectedly contains packets
on cancel" commit. Under certain reproducable conditions I was getting the
following message: "EHCI: Warning queue not empty on queue reset".
After aprox. 8 hours of debugging I've finally found the cause. The Linux EHCI
driver has an IAAD watchdog, to work around certain EHCI hardware sometimes
not acknowledging the doorbell at all. This watchdog has a timeout of 10 ms,
which is less then the time between 2 runs through the async schedule when
async_stepdown is at its highest value.
Thus the watchdog can trigger, after which Linux clears the IAAD bit and
re-uses the QH. IOW we were not properly detecting the unlink of the qh, due
to us missing (ignoring for more then 10 ms) the IAAD command, which triggered
the warning.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
This patch adds IDs to usb packets. Those IDs are (a) supposed to be
unique for the lifecycle of a packet (from packet setup until the packet
is either completed or canceled) and (b) stable across migration.
uhci, ohci, ehci and xhci use the guest physical address of the transfer
descriptor for this.
musb needs a different approach because there is no transfer descriptor.
But musb also doesn't support pipelining, so we have never more than one
packet per endpoint in flight. So we go create an ID based on endpoint
and device address.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
For controllers which queue up more then 1 packet at a time, we must halt the
ep queue, and inside the controller code cancel all pending packets on an
error.
There are multiple reasons for this:
1) Guests expect the controllers to halt ep queues on error, so that they
get the opportunity to cancel transfers which the scheduled after the failing
one, before processing continues
2) Not cancelling queued up packets after a failed transfer also messes up
the controller state machine, in the case of EHCI causing the following
assert to trigger: "assert(p->qtdaddr == q->qtdaddr)" at hcd-ehci.c:2075
3) For bulk endpoints with pipelining enabled (redirection to a real USB
device), we must cancel all the transfers after this a failed one so that:
a) If they've completed already, they are not processed further causing more
stalls to be reported, originating from the same failed transfer
b) If still in flight, they are cancelled before the guest does
a clear stall, otherwise the guest and device can loose sync!
Note this patch only touches the ehci and uhci controller changes, since AFAIK
no other controllers actually queue up multiple transfer. If I'm wrong on this
other controllers need to be updated too!
Also note that this patch was heavily tested with the ehci code, where I had
a reproducer for a device causing a transfer to fail. The uhci code is not
tested with actually failing transfers and could do with a thorough review!
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Without the patch bus properties are are not in line with the other
properties:
[ ... ]
dev: fw_cfg, id ""
ctl_iobase = 0x510
data_iobase = 0x511
irq 0
mmio ffffffffffffffff/0000000000000002
mmio ffffffffffffffff/0000000000000001
[ ... ]
With the patch applied everything is lined up properly:
[ ... ]
dev: fw_cfg, id ""
ctl_iobase = 0x510
data_iobase = 0x511
irq 0
mmio ffffffffffffffff/0000000000000002
mmio ffffffffffffffff/0000000000000001
[ ... ]
Needed to make the autotest qtree parser happy.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The facility to use/unuse vectors dynamically is helpful
for virtio but little else: everyone just seems to use
vectors in their init function.
Avoid clearing msix vector use info on reset and load.
For virtio, clear it explicitly.
This should fix regressions reported with ivshmem - though
I didn't test this, I verified that virtio keeps
working like it did.
Tested-by: Cam Macdonell <cam@cs.ualberta.ca>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The bug causes Windows + OVMF hang after reboot since OVMF
checks PMREGMISC to see if IO space is enabled and skip
configuration if it is.
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
setup_ioeventfds() is unnecessary and actually causes a segfault when used
ioeventfd=on is used on the command-line. Since ioeventfds are handled within
the memory API, it can be removed.
Signed-off-by: Cam Macdonell <cam@cs.ualberta.ca>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Add the missing .class_size definition to the arm_gic_info TypeInfo.
This fixes the memory corruption and possible segfault that otherwise
results when the class struct is allocated at too small a size and
the class init function writes off the end of it.
Reported-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Commit 0384783 (scsi-block: remove properties that are not relevant for
passthrough, 2012-07-09) removed one property that should have been
left there, "bootindex".
It also did not touch scsi-generic, while it should have.
Fix both problems.
Reported-by: Alexandre DERUMIER <aderumier@odiso.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
SeaBIOS will issue requests for more than 64k when loading a CD-ROM
image into memory. Support the TCHI register from the AMD PCscsi
spec.
Acked-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Add a 'hba_serial' property to the megasas driver. Originally
it would be using a pointer value which would break migration.
Reported-by: Stefan Weil <sw@weilnetz.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch provides a way to optionally suppress spurious interrupts,
as a workaround for systems described below:
Some old operating systems do not handle spurious interrupts well,
and qemu tends to generate them significantly more often than
real hardware.
Examples:
- Microport UNIX System V/386 v 2.1 (ca 1987)
(The main problem I'm fixing: Without this patch, it panics
sporadically when accessing the hard disk.)
- AT&T UNIX System V/386 Release 4.0 Version 2.1a (ca 1991)
See screenshot in "QEMU Official OS Support List":
http://www.claunia.com/qemu/objectManager.php?sClass=application&iId=9
(I don't have this system to test.)
- A report about OS/2 boot lockup from 2004 by Hampa Hug:
http://lists.nongnu.org/archive/html/qemu-devel/2004-09/msg00367.html
(My patch was partially inspired by his.)
Also: http://lists.nongnu.org/archive/html/qemu-devel/2005-06/msg00243.html
(I don't have this system to test.)
Signed-off-by: Matthew Ogilvie <mmogilvi_qemu@miniinfo.net>
Signed-off-by: malc <av1474@comtv.ru>
This patch adds some optional compatibility hacks (default
disabled) to allow Microport UNIX to function under qemu.
I've tried to structure it to be easy to add more hacks for other
old CGA programs, if anyone ever needs them.
Microport UNIX System V/386 v 2.1 (ca 1987) tries to program
the CGA registers directly with neither the assistance of BIOS, nor
with proper handling of EGA/VGA-only registers. Note that it didn't
work on real VGA hardware, either (although in that case, the most
obvious problems seemed to be out-of-range hsync and/or vsync
signalling, rather than the issues in this patch).
Eventually real MDA and/or CGA support might provide an alternative to
this patch, although a hybrid approach like this patch might still
be useful in marginal cases.
Signed-off-by: Matthew Ogilvie <mmogilvi_qemu@miniinfo.net>
Signed-off-by: malc <av1474@comtv.ru>
These are normally ifdefed out and don't matter. But if you enable
them, they ought to be correct.
Signed-off-by: Matthew Ogilvie <mmogilvi_qemu@miniinfo.net>
Signed-off-by: malc <av1474@comtv.ru>
We do not register ioeventfds unless the IVSHMEM_IOEVENTFD feature
is set. The same feature must be checked before releasing the eventfds.
Regression introduced by commit 563027c (ivshmem: use EventNotifier and
memory API, 2012-07-05).
Reported-by: Cam Macdonnell <cam@cs.ualberta.ca>
Tested-by: Cam Macdonnell <cam@cs.ualberta.ca>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
object_deinit is only called when the reference count goes to zero,
and yet tries to do an object_unparent. Now, object_unparent
either does nothing or it will decrease the reference count.
Because we know the reference count is zero, the object_unparent
call in object_deinit is useless.
Instead, we need to disconnect the object from its parent just
before we remove the last reference apart from the parent's. This
happens in object_delete. Once we do this, all calls to
object_unparent peppered through QEMU can go away.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This allows any QEMU binary to be executed with:
$QEMU_BINARY -M none -qmp stdio
Without errors from missing options that are required by various boards. This
also provides a mode that we can use in the future to construct machines
entirely through QMP commands.
Cc: Daniel Berrange <berrange@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* kwolf/for-anthony:
virtio-blk: hide VIRTIO_BLK_F_CONFIG_WCE from old machine types
Documentation: Warn against qemu-img on active image
vmdk: Read footer for streamOptimized images
vmdk: Fix header structure
Conflicts:
hw/virtio-blk.c
* kraxel/usb.59:
ehci: Fix setting of halt bit from usbcmd register updates
ehci: fix Interrupt Threshold Control implementation
usb: update uas product id
usb: async control xfer fixup
Adopt the QOM parent field name and enforce QOM-style access via casts.
Don't just typedef PCIHostState, either use it directly or embed it.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Use PCIHostState and PCI_HOST_BRIDGE() where appropriate.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The preceding commits fixed misuses of FROM_SYSBUS() that led people to
add a bogus busdev field. For qdev the field order was less relevant but
for QOM the PCIHostState field (including the SysBusDevice actually
initialized with a value) must be placed first within the state struct.
To facilitate accessing the PCIHostState fields, derive all PCI host
bridges from TYPE_PCI_HOST_BRIDGE rather than TYPE_SYS_BUS_DEVICE.
We can now access PCIHostState QOM-style, with PCI_HOST_BRIDGE() macro.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Wanpeng Li <liwanp@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Introduce type constants and cast macros.
Avoid accessing parent fields directly.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Introduce type constant. Introduce cast macro to drop bogus busdev field
that would've broken SYS_BUS_DEVICE(). Avoid accessing parent fields
directly.
Free the identifier phb as acronym for PCI_HOST_BRIDGE.
Updated against conflicting merge from branch 'agraf/ppc-for-upstream'
(0d16fdd732), which removed busdev field
differently, moved some code around and added new occurrences of 'phb'.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Introduce type constant and cast macro. Avoid accessing parent fields
directly.
Also add missing space and braces.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Introduce type constant and cast macro. Avoid accessing parent fields
directly.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Introduce type constant and cast macro. Avoid accessing its parent field
directly.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Introduce type constant. Introduce cast macro to drop dummy busdev field
used with FROM_SYSBUS() macro that would've broken SYS_BUS_DEVICE().
Avoid accessing DeviceState indirectly through PCIHostState.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Introduce type constant. Introduce cast macro to drop dummy busdev field
used with FROM_SYSBUS() that would've broken SYS_BUS_DEVICE().
Avoid accessing parent fields directly.
Drop no-op reset function.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Introduce type constant. Introduce cast macro and drop dummy busdev
field used with FROM_SYSBUS() that would've broken SYS_BUS_DEVICE().
Avoid accessing parent fields directly.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Introduce type constant. Avoid accessing DeviceState or SysBusDevice
indirectly through PCIHostState field.
Drop global state by passing BonitoState as opaque and adding the IRQs
and a pointer to PCIBonitoState to its state.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Introduce type constant and cast macro. Don't access DeviceState
or PCIHostState indirectly through parent fields.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
During the QOM migration they were amended with further info but this is
no longer the case. All static TypeInfos can be const these days.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
QEMU has a policy of keeping a stable guest device ABI. When new guest device
features are introduced they must not change hardware info seen by existing
guests. This is important because operating systems or applications may
"fingerprint" the hardware and refuse to run when the hardware changes. To
always get the latest guest device ABI, run with x86 machine type "pc".
This patch hides the new VIRTIO_BLK_F_CONFIG_WCE virtio feature bit from
existing machine types. Only pc-1.2 and later will expose this feature
by default.
For more info on the VIRTIO_BLK_F_CONFIG_WCE feature bit, see:
commit 13e3dce068
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu Aug 9 16:07:19 2012 +0200
virtio-blk: support VIRTIO_BLK_F_CONFIG_WCE
Also rename VIRTIO_BLK_F_WCACHE to VIRTIO_BLK_F_WCE for consistency with
the spec.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Anthony Liguori <aliguori@us.ibm.com> reported:
This broke qemu-test because it changed the pc-1.0 machine type:
Setting guest RANDOM seed to 47167
*** Running tests ***
Running test /tests/finger-print.sh... OK
--- fingerprints/pc-1.0.x86_64 2011-12-18 13:08:40.000000000 -0600
+++ fingerprint.txt 2012-08-12 13:30:48.000000000 -0500
@@ -55,7 +55,7 @@
/sys/bus/pci/devices/0000:00:06.0/subsystem_device=0x0002
/sys/bus/pci/devices/0000:00:06.0/class=0x010000
/sys/bus/pci/devices/0000:00:06.0/revision=0x00
-/sys/bus/pci/devices/0000:00:06.0/virtio/host-features=0x710006d4
+/sys/bus/pci/devices/0000:00:06.0/virtio/host-features=0x71000ed4
/sys/class/dmi/id/bios_vendor=Bochs
/sys/class/dmi/id/bios_date=01/01/2007
/sys/class/dmi/id/bios_version=Bochs
Guest fingerprint changed for pc-1.0!
Reported-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This MMIO area is an entry gate to legacy PC ISA devices, addressed via
PIO over there. Quite a few of the PIO ports have side effects on access
like starting/stopping timers that must be executed properly ordered
/wrt the CPU. So we have to remove the coalescing mark.
Acked-by: Hervé Poussineau <hpoussin@reactos.org>
Acked-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Hotplug and parameter change are new in 1.2, disable them via compat
properties for pc-1.1 and earlier.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
pc_cmos_init() always claims 640KiB base memory, and ram_size - 1MiB
extended memory. The latter can underflow to "lots of extended
memory". Fix both, and clean up some.
Note: SeaBIOS currently requires 1MiB of RAM, and doesn't check
whether it got enough.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
hw/scsi-bus.c:758: warning: ‘xfer’ may be used uninitialized in this
function
Isn't true, but older gcc versions (for example 4.1 as shipped in rhel5)
are not clever enougth to figure, so sprinkle in a default: line to make
them happy.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Use g_strdup_printf() instead.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
QEMU has a policy of keeping a stable guest device ABI. When new guest device
features are introduced they must not change hardware info seen by existing
guests. This is important because operating systems or applications may
"fingerprint" the hardware and refuse to run when the hardware changes. To
always get the latest guest device ABI, run with x86 machine type "pc".
This patch hides the new VIRTIO_BLK_F_CONFIG_WCE virtio feature bit from
existing machine types. Only pc-1.2 and later will expose this feature
by default.
For more info on the VIRTIO_BLK_F_CONFIG_WCE feature bit, see:
commit 13e3dce068
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu Aug 9 16:07:19 2012 +0200
virtio-blk: support VIRTIO_BLK_F_CONFIG_WCE
Also rename VIRTIO_BLK_F_WCACHE to VIRTIO_BLK_F_WCE for consistency with
the spec.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Anthony Liguori <aliguori@us.ibm.com> reported:
This broke qemu-test because it changed the pc-1.0 machine type:
Setting guest RANDOM seed to 47167
*** Running tests ***
Running test /tests/finger-print.sh... OK
--- fingerprints/pc-1.0.x86_64 2011-12-18 13:08:40.000000000 -0600
+++ fingerprint.txt 2012-08-12 13:30:48.000000000 -0500
@@ -55,7 +55,7 @@
/sys/bus/pci/devices/0000:00:06.0/subsystem_device=0x0002
/sys/bus/pci/devices/0000:00:06.0/class=0x010000
/sys/bus/pci/devices/0000:00:06.0/revision=0x00
-/sys/bus/pci/devices/0000:00:06.0/virtio/host-features=0x710006d4
+/sys/bus/pci/devices/0000:00:06.0/virtio/host-features=0x71000ed4
/sys/class/dmi/id/bios_vendor=Bochs
/sys/class/dmi/id/bios_date=01/01/2007
/sys/class/dmi/id/bios_version=Bochs
Guest fingerprint changed for pc-1.0!
Reported-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
qemu_system_reset() function always performs the same basic actions on
all machines. This includes running all the reset handler hooks,
however the order in which these will run is not always easily predictable.
This patch splits the core of qemu_system_reset() - the invocation of
the reset handlers - out into a new qemu_devices_reset() function.
qemu_system_reset() will usually call qemu_devices_reset(), but that
can be now overriden by a new reset method in the QEMUMachine
structure.
Individual machines can use this reset method, if necessary, to
perform any extra, machine specific initializations which have to
occur before or after the bulk of the reset handlers. It's expected
that the method will call qemu_devices_reset() at some point, but if
the machine has really strange ordering requirements between devices
resets it could even override that with it's own reset sequence (with
great care, obviously).
For a specific example of when this might be needed: a number of
machines (but not PC) load images specified with -kernel or -initrd
directly into the machine RAM before booting the guest. This mostly
works at the moment, but to make this actually safe requires that this
load occurs after peripheral devices are reset - otherwise they could
have active DMAs in progress which would clobber the in memory images.
Some machines (notably pseries) also have other entry conditions which
need to be set up as the last thing before executing in guest space -
some of this could be considered "emulated firmware" in the sense that
the actions of the firmware are emulated directly by qemu rather than
by executing a firmware image within the guest. When the platform's
firmware to OS interface is sufficiently well specified, this saves
time both in implementing the "firmware" and executing it.
aliguori: don't unconditionally dereference current_machine
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The pseries machine already supports the -vga std option, creating a
graphics adapter. However, this is not very useful without being able to
add a keyboard and mouse as well. This patch addresses this by adding
a USB interface when requested, and automatically adding a USB keyboard
and mouse when VGA is enabled.
This is a stop gap measure to get usable graphics mode on pseries while
waiting for Li Zhang's rework of USB options to go in after 1.2.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This fixes linux guests started without any USB devices not seeing newly
plugged devices until "lsusb" is done inside the guest.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
First, not all interrupts are subject to Interrupt Threshold Control,
some of them must be delivered without delay.
Second, Interrupt Threshold Control state must be part of vmstate,
otherwise we might loose IRQs on migration.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Pick other product id to fix clash with audio.
Current usage list (after applying this patch):
46f4:0001 -- usb-storage
46f4:0002 -- usb-audio
46f4:0003 -- usb-uas
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Need to clear p->result after copying setup data using usb_packet_copy()
because we'll reuse the USBPacket for the data transfer.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
We can't however replace the built-in IDE controller, as the one in
pc87312 is only single-channel and can use only IRQ 14. Therefore the
pc87312's IDE function gets disabled via the config property.
PReP emulation also gains a parallel port emulation this way.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
[AF: Use TYPE_PC87312 constant, add to ppc64-softmmu and to MAINTAINERS]
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
This provides floppy and IDE controllers as well as serial and parallel
ports. However, dynamic configuration of devices is not yet supported.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
[AF: QOM'ify, split out header, create CharDriverState if absent]
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
* agraf/ppc-for-upstream: (24 commits)
openpic: Added BRR1 register
pseries: Update SLOF firmware image
pseries dma: DMA window params added to PHB and DT population changed
pseries: Add PCI MSI/MSI-X support
pseries: Add trace event for PCI irqs
pseries: Export find_phb() utility function for PCI code
pseries: added allocator for a block of IRQs
pseries: Separate PCI RTAS setup from common from emulation specific PCI setup
pseries: Rework irq assignment to avoid carrying qemu_irqs around
pseries: Remove extraneous prints
pseries: Update SLOF
PPC: spapr: Remove global variable
PPC: spapr: Rework VGA select logic
xbzrle: fix compilation on ppc32
spapr: Add support for -vga option
Add one new file vga-pci.h and cleanup on all platforms
Revert "PPC: e500: Use new MPIC dt format"
ppc: Fix bug in handling of PAPR hypercall exits
PPC: e500: add generic e500 platform
PPC: e500: split mpc8544ds machine from generic e500 code
...
* stefanha/trivial-patches:
ivshmem, qdev-monitor: fix order of qerror parameters
iov_send_recv(): Handle zero bytes case even if OS does not
framebuffer: Fix spelling in comment (leight -> height)
Spelling fix in comment (peripherans -> peripherals)
docs: Fix spelling (propery -> property)
trace: Fix "Qemu" -> "QEMU"
cputlb.c: Fix out of date comment
ehci: fix assertion typo
Makefile: Avoid explicit list of directories in clean target
Linux mpic driver uses (changes may be in pipeline to get upstreamed soon)
BRR1. This patch adds the support to emulate readonly FSL BRR1 register.
Currently QEMU does not fully emulate any version on MPIC, so the MPIC
Major number and Minor number are set to 0.
Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Previously the only PCI bus supported was the emulated PCI bus with
fixed DMA window with start at 0 and size 1GB. As we are going to support
PCI pass through which DMA window properties are set by the host
kernel, we have to support DMA windows with parameters other than default.
This patch adds:
1. DMA window properties to sPAPRPHBState: LIOBN (bus id), start,
size of the window.
2. An additional function spapr_dma_dt() to populate DMA window
properties in the device tree which simply accepts all the parameters
and does not try to guess what kind of IOMMU is given to it.
The original spapr_dma_dt() is renamed to spapr_tcet_dma_dt().
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch implements MSI and MSI-X support for the pseries PCI host
bridge. To do this it adds:
* A "config_space_address to msi_table" map, since the MSI RTAS calls
take a PCI config space address as an identifier.
* A MSIX memory region to catch msi_notify()/msix_notiry() from
virtio-pci and pass them to the guest via qemu_irq_pulse().
* RTAS call "ibm,change-msi" which sets up MSI vectors for a
device. Note that this call may configure and return lesser number of
vectors than requested.
* RTAS call "ibm,query-interrupt-source-number" which translates MSI
vector to interrupt controller (XICS) IRQ number.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[agraf: fix error case ndev < 0]
Signed-off-by: Alexander Graf <agraf@suse.de>
This adds a trace event in the pseries PCI specific set_irq() function to
assist in debugging.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[agraf: add trace.h include]
Signed-off-by: Alexander Graf <agraf@suse.de>
The pseries PCI code makes use of an internal find_dev() function which
locates a PCIDevice * given a (platform specific) bus ID and device
address. Internally this needs to first locate the host bridge on which
the device resides based on the bus ID. This patch exposes that host
bridge lookup as a separate function, which we will need later in the MSI
and VFIO code.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[agraf: drop trace.h inclusion]
Signed-off-by: Alexander Graf <agraf@suse.de>
The patch adds a simple helper which allocates a consecutive sequence
of IRQs calling spapr_allocate_irq for each and checks that allocated
IRQs go consequently.
The patch is required for upcoming support of MSI/MSIX on POWER.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently the RTAS functions for handling PCI are registered from the
class init code for the PCI host bridge. That sort of makes sense
now, but will break in the future when vfio gives us multiple types of
host bridge for pseries (emulated and pass-through, at least). The
RTAS functions will be common across all host bridge types (and will
call out to different places internally depending on the type).
So, this patch moves the RTAS registration into its own function
called direct from the machine setup code.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently, the interfaces in the pseries machine code for assignment
and setup of interrupts pass around qemu_irq objects. That was done
in an attempt not to be too closely linked to the specific XICS
interrupt controller. However interactions with the device tree setup
made that attempt rather futile, and XICS is part of the PAPR spec
anyway, so this really just meant we had to carry both the qemu_irq
pointers and the XICS irq numbers around.
This mess will just get worse when we add upcoming PCI MSI support,
since that will require tracking a bunch more interrupt. Therefore,
this patch reworks the spapr code to just use XICS irq numbers
(roughly equivalent to GSIs on x86) and only retrieve the qemu_irq
pointers from the XICS code when we need them (a trivial lookup).
This is a reworked and generalized version of an earlier spapr_pci
specific patch from Alexey Kardashevskiy.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[agraf: fix checkpath warning]
Signed-off-by: Alexander Graf <agraf@suse.de>
The pseries machine prints several messages to stderr whenever it starts up
and another whenever the vm is reset. It's not normal for qemu machines to
do this though, so this patch removes them. We can put them back
conditional on a DEBUG symbol if we really need them in future.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
When selecting our VGA adapter, we want to:
* fail completely when we can't satisfy the user's request
* support -nographic where no VGA adapter should be spawned
This patch reworks the logic so we fulfill the two conditions above.
Signed-off-by: Alexander Graf <agraf@suse.de>
Also instanciate the USB keyboard and mouse when that option is used
(you can still use -device to create individual devices without all
the defaults)
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com>
[agraf: remove USB bits]
Signed-off-by: Alexander Graf <agraf@suse.de>
Functions pci_vga_init() and pci_cirrus_vga_init() are declared
in pc.h. That prevents other platforms (e.g. sPAPR) to use them.
This patch is to create one new file vga-pci.h and move the
declarations to vga-pci.h, so that they can be shared by
all platforms. This patch also cleans up on all platforms.
Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This reverts commit 518c7fb44f. It breaks
new Linux guests with SMP, because IPIs get mapped to large vectors which
our MPIC emulation does not implement.
Conflicts:
hw/ppc/e500.c
This gives the kernel a paravirtualized machine to target, without
requiring both sides to pretend to be targeting a specific board
that likely has little to do with the host in KVM scenarios. This
avoids the need to add new boards to QEMU, just to be able to
run KVM on new CPUs.
Signed-off-by: Scott Wood <scottwood@freescale.com>
[agraf: conditionalize on CONFIG_FDT]
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently the only mpc8544ds-ism that is factored out is
toplevel compatible and model. In the future the generic e500
code is expected to become more generic.
Signed-off-by: Scott Wood <scottwood@freescale.com>
[agraf: conditionalize on CONFIG_FDT]
Signed-off-by: Alexander Graf <agraf@suse.de>
No functional changes -- machine is still outwardly mpc8544ds.
The references that are not changed contain mpc8544 hardware details that
need to be parameterized if/when a different e500 platform wants to
change them.
Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Rename the file (with no changes other than fixing up the header paths)
in preparation for refactoring into a generic e500 platform. Also move
it into the newly created ppc/ directory.
Signed-off-by: Scott Wood <scottwood@freescale.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
[agraf: conditionalize on CONFIG_FDT]
Signed-off-by: Alexander Graf <agraf@suse.de>
spapr_populate_pci_devices() populates the device tree only with bus
properties and has nothing to do with the devices on it as PCI BAR
allocation is done by the system firmware (SLOF).
New name - spapr_populate_pci_dt() - describes the functionality better.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
The PCIHostState struct already contains SysBusDevice so
the one in sPAPRPHBState has to go.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
Now that the QERR_ macros no longer contain a json dictionary,
the order of some parameters needs to be fixed for them to appear
correctly.
Signed-off-by: Alberto Garcia <agarcia@igalia.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
We need at least 1M of RAM to map the option ROM. Otherwise, we will
corrupt host memory or even crash:
$ qemu-system-x86_64 -nodefaults --enable-kvm -vnc :0 -m 640k
Segmentation fault (core dumped)
Reported-and-tested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
0cdd3d1444 fixed reading back the counter load time from the kernel
while assuming the kernel would always update its load time on writing
the state. That is only true for channel 1, and so pit_get_channel_info
returned wrong output pin states for high counter values.
Fix this by applying the offset also on kvm_pit_put. Now we also need to
update the offset when we write the state while the VM is stopped as it
keeps on changing in that state.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
To prepare the final fix for clock calibration issues with the in-kernel
PIT, we want to cache the offset between vmclock and the clock used by
the in-kernel PIT. So far, we only need to update it when the VM state
changes between running and stopped because we only read the in-kernel
PIT state while the VM is running.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
* qmp/queue/qmp: (48 commits)
target-ppc: add implementation of query-cpu-definitions (v2)
target-i386: add implementation of query-cpu-definitions (v2)
qapi: add query-cpu-definitions command (v2)
compiler: add macro for GCC weak symbols
qapi: add query-machines command
qapi: mark QOM commands stable
qmp: introduce device-list-properties command
qmp: add SUSPEND_DISK event
qmp: qmp-events.txt: add missing doc for the SUSPEND event
qmp: qmp-events.txt: put events in alphabetical order
qmp: emit the WAKEUP event when the guest is put to run
qmp: don't emit the RESET event on wakeup from S3
scripts: qapi-commands.py: qmp-commands.h: include qdict.h
docs: writing-qmp-commands.txt: update error section
error, qerror: drop QDict member
qerror: drop qerror_table and qerror_format()
error, qerror: pass desc string to error calls
error: drop error_get_qobject()/error_set_qobject()
qemu-ga: switch to the new error format on the wire
qmp: switch to the new error format on the wire
...
* pmaydell/arm-devs.next:
arm: Move some ARM devices into libhw
ssd0323: abort() instead of exit(1) on error.
hw/sd.c: make sd_wp_addr() return bool
hw/sd.c: make sd_dataready() return bool
hw/sd.c: convert binary variables to bool
hw/sd.c: introduce wrapper for conversion address to wp group
hw/sd.c: make sd_wp_addr() accept 64 bit address argument
hw/sd.c: convert wp_groups in SDState to bitfield
armv7m: Guard against no -kernel argument
hw/armv7m_nvic: Fix incorrect default for num-irqs property
Emitted when the guest makes a request to enter S4 state.
There are three possible ways of having this event, as described here:
http://lists.gnu.org/archive/html/qemu-devel/2012-07/msg02307.html
I've decided to add a new event and make it indepedent of SHUTDOWN.
This means that the SHUTDOWN event will eventually follow the
SUSPEND_DISK event.
I've choosen this way because of two reasons:
1. Having an indepedent event makes it possible to query for its
existence by using query-events
2. In the future, we may allow the user to change what QEMU should
do as a result of the guest entering S4. So it's a good idea to
keep both events separated
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Avoids some unnecessary dependencies on cpu.h and prepares for
a future armeb-softmmu where most machines would not be built.
Defer touching the SoC devices since most have implicit or explicit
dependencies on the CPU.
Signed-off-by: Andreas Färber <andreas.faerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* qemu-kvm/uq/master:
kvm: Add documentation comment for kvm_irqchip_in_kernel()
kvm: Decouple 'GSI routing' from 'kernel irqchip'
kvm: Decouple 'MSI routing via irqfds' from 'kernel irqchip'
kvm: Decouple 'irqfds usable' from 'kernel irqchip'
kvm: Move kvm_allows_irq0_override() to target-i386, fix return type
kvm: Rename kvm_irqchip_set_irq() to kvm_set_irq()
kvm: Decouple 'async interrupt delivery' from 'kernel irqchip'
configure: Don't implicitly hardcode list of KVM architectures
kvm: Check if smp_cpus exceeds max cpus supported by kvm
To be more consistent with the newer ways of error signalling. That and SIGABT
is easier to debug with than exit(1).
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
For the sake of code clarity
Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Several members of SDState have type int when they actually are binary variables.
Change type of these variables to bool to improve code readability. Change SD API
to be in consistency with new variables type.
Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add wrapper function sd_addr_to_wpnum() to replace long address-->wg_group
conversion line.
Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Currently sd_wp_addr() accepts 32 bit address arguments therefore implicitly
restricting SD card address range. Change address argument type to uint64_t.
Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Representing each group write protection flag with only one bit instead of int
variable significantly reduces memory consumption.
Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
A -kernel argument must be specified for this machine. Guard against no -kernel
argument. Previously gave an unhelpful "bad address" error message.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Tested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Fix an incorrect default value for the num-irqs property (we were
attempting to override it from the default set by the parent class
but not succeeding, which meant that the lm3s6965evb model would
assert on startup attempting to wire up nonexistent irq lines).
Instead of trying to override the parent's Property array, we
define an instance_init function which runs after default setup
but before user property setting and can just fix up the default
value in the gic_state struct.
Reported-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Tested-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Re-implemented the interconnect between the Xilinx AXI ethernet and DMA
controllers. A QOM interface "stream" is created, for the two stream interfaces.
As per Edgars request, this is designed to be more generic than AXI-stream,
so in the future we may see more clients of this interface beyond AXI stream.
This is based primarily on Paolos original refactoring of the interconnect.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter A.G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
* kwolf/for-anthony:
qemu-iotests: skip 039 with ./check -nocache
block: add BLOCK_O_CHECK for qemu-img check
qcow2: mark image clean after repair succeeds
qed: mark image clean after repair succeeds
blockdev: flip default cache mode from writethrough to writeback
virtio-blk: disable write cache if not negotiated
virtio-blk: support VIRTIO_BLK_F_CONFIG_WCE
qemu-iotests: Save some sed processes
ahci: Fix sglist memleak in ahci_dma_rw_buf()
ahci: Fix ahci cdrom read corruptions for reads > 128k
virtio-blk: fix use-after-free while handling scsi commands
* bonzini/scsi-next:
scsi-disk: add support for the UNMAP command
scsi-disk: improve out-of-range LBA detection for WRITE SAME
scsi-disk: more assertions and resets for aiocb
virtio-scsi: do not compare 32-bit QEMU tags against 64-bit virtio-scsi tags
iscsi: Pick default initiator-name based on the name of the VM
iscsi: reorganize code for parse_initiator_name
iscsi: do not leak initiator_name
This patch sets is_default to 1 for puv3 machine, so that
find_default_machine() returns puv3 machine.
Thanks Dunrong for pointing it out.
Cc: Dunrong Huang <riegamaths@gmail.com>
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch adds puv3 dma (Direct Memory Access) support,
include dma device simulation for kernel booting.
v1->v2: Add initialization to ret in puv3_dma_read.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch adds puv3 pm (power management) support,
include pm device simulation for kernel booting.
Thank Blue Swirl for pointing out the missing "break".
v1->v2: Add initialization to ret in puv3_pm_read.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch adds puv3 gpio (General Purpose Input/Output) support,
include gpio device simulation and its interrupt support.
v1->v2: Add initialization to ret in puv3_gpio_read.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch adds puv3 ostimer support, include os timer
device simulation and ptimer support in puv3 machine.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch adds puv3 interrupt support, include interrupt controler
device simulation and interrupt handler in puv3 machine.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch only add puv3 soc/board support, which introduces puv3
machine description, and specifies console type.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch adds unicore32-softmmu build support, include configure,
makefile, arch_init, and all missing functions needed by softmmu.
Although all missing functions are empty, unicore32-softmmu could
be build successfully.
By 20120804: change QEMU_ARCH_UNICORE32 to 0x4000
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
If the guest does not support flushes, we should run in writethrough mode.
The setting is temporary until the next reset, so that for example the
BIOS will run in writethrough mode while Linux will run with a writeback
cache.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Also rename VIRTIO_BLK_F_WCACHE to VIRTIO_BLK_F_WCE for consistency with
the spec.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
I noticed that in hw/ide/ahci:ahci_dma_rw_buf() we do not free the sglist. Thus,
I've added a call to qemu_sglist_destroy() to fix this memory leak.
In addition, I've adeed a call in qemu_sglist_destroy() to 0 all of the sglist
fields, in case there is some other codepath that tries to free the sglist.
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
While testing q35, which has its cdrom attached to the ahci controller, I found
that the Fedora 17 install would panic on boot. The panic occurs while
squashfs is trying to read from the cdrom. The errors are:
[ 8.622711] SQUASHFS error: xz_dec_run error, data probably corrupt
[ 8.625180] SQUASHFS error: squashfs_read_data failed to read block
0x20be48a
I was also able to produce corrupt data reads using an installed piix based
qemu machine, using 'dd'. I found that the corruptions were only occuring when
then read size was greater than 128k. For example, the following command
results in corrupted reads:
dd if=/dev/sr0 of=/tmp/blah bs=256k iflag=direct
The > 128k size reads exercise a different code path than 128k and below. In
ide_atapi_cmd_read_dma_cb() s->io_buffer_size is capped at 128k. Thus,
ide_atapi_cmd_read_dma_cb() is called a second time when the read is > 128k.
However, ahci_dma_rw_buf() restart the read from offset 0, instead of at 128k.
Thus, resulting in a corrupted read.
To fix this, I've introduced 'io_buffer_offset' field in IDEState to keep
track of the offset. I've also modified ahci_populate_sglist() to take a new
3rd offset argument, so that the sglist is property initialized.
I've tested this patch using 'dd' testing, and Fedora 17 now correctly boots
and installs on q35 with the cdrom ahci controller.
Signed-off-by: Jason Baron <jbaron@redhat.com>
Tested-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The scsi passthrough handler falls through after completing a
request into the failure path, resulting in a use after free.
Reproducible by running a guest with aio=native on a block device.
Reported-by: Stefan Priebe <s.priebe@profihost.ag>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This fixes the following error:
$ qemu-system-xtensa -cpu help
Segmentation fault
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This makes usable default for -cpu option both for qemu-system-xtensa
and qemu-system-xtensaeb fixing the following error:
$ qemu-system-xtensaeb -M sim
Unable to find CPU definition
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Tested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
LOAD_UNLOAD and START_STOP have same value, so the table
entry is initialized twice. Spotted by Clang compiler.
Remove LOAD_UNLOAD entry since START_STOP entry already
represents both.
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The qemu_irq for Terminal Count (TC) line between FDC and Slavio misc
device was created only after use, spotted by Clang compiler. Also,
it was not created if the FDC didn't exist.
Rearrange code to fix order. Always create the TC line.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Difference with AMD PCscsi is that DC-390 contains a EEPROM,
and that a romfile is available to add INT13 support.
This has been successfully tested on:
- MS DOS 6.22 (using DC390 ASPI driver)
- MS Windows 98 SE (using DC390 driver)
- MS Windows NT 3.1 (using DC390 driver)
- MS Windows NT 4.0 (using DC390 driver)
- hard disk and cdrom boot
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This reverts commit 0883c5159f.
Those stubs were only used by PCI ESP emulation, which is now
not compiled on architectures which have no PCI bus support.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
sparc machines loose ability to instanciate PCI ESP SCSI adapter,
which is not a big loose as they don't have PCI bus support.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The unmap command can reuse the same infrastructure as MODE SELECT
for reading the descriptor list into memory. The descriptors are
processed sequentially.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Leaving the aiocb to a non-NULL value leads to an assertion failure when
rerror/werror are set to stop or enospc, and the operation is retried.
scsi-disk checks that the aiocb member is NULL before filling it.
This patch correctly resets the aiocb to NULL values everywhere,
and adds the dual assertion that the aiocb was non-NULL before
calling bdrv_acct_done.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Decouple another x86-specific assumption about what irqchips imply.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Avi Kivity <avi@redhat.com>
kvm_allows_irq0_override() is a totally x86 specific concept:
move it to the target-specific source file where it belongs.
This means we need a new header file for the prototype:
kvm_i386.h, in line with the existing kvm_ppc.h.
While we are moving it, fix the return type to be 'bool' rather
than 'int'.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Avi Kivity <avi@redhat.com>
Rename the function kvm_irqchip_set_irq() to kvm_set_irq(),
since it can be used for sending (asynchronous) interrupts whether
there is a full irqchip model in the kernel or not. (We don't
include 'async' in the function name since asynchronous is the
normal case.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Avi Kivity <avi@redhat.com>
This patch fixes a problem in handling task management functions
in virtio-scsi. The cause of the problem is a mismatch between
the size of the tag in QEMU (32-bit) and virtio-scsi (64-bit).
Changing the QEMU size is hard because the migration format
uses 32 bits to store the tag; so just don't use the QEMU tag
(virtio-scsi only uses the tag for task management functions
anyway) and look up the full 64-bit tag in the hba_private field.
The reproducer is a bit obscure. If you cause an I/O timeout
(for example with rerror=stop and doing 'cont' on the monitor
continuously without fixing the error), sooner or later the
guest will try to abort the command and reissue it. At this
point, QEMU will report _two_ errors instead of one when you
hit 'c', because the first error has not been canceled correctly.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit 5931065907 is incomplete,
we'll arrive in the scsi command complete callback in CSW state
and must handle that case correctly.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Legacy -drive cyls=... are now ignored completely when the drive
doesn't back a hard disk device. Before, they were first checked
against a hard disk's limits, then ignored.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Commit b1f416aa8d breaks vhost_net
because it always registers the virtio_pci_host_notifier_read() handler
function on the ioeventfd, even when vhost_net.ko is using the ioeventfd.
The result is both QEMU and vhost_net.ko polling on the same eventfd
and the virtio_net.ko guest driver seeing inconsistent results:
# ifconfig eth0 192.168.0.1 netmask 255.255.255.0
virtio_net virtio0: output:id 0 is not a head!
To fix this, proceed the same as we do for irqfd: add a parameter to
virtio_queue_set_host_notifier_fd_handler and in that case only set
the notifier, not the handler.
Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Tested-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* bonzini/scsi-next:
scsi: add support for ATA_PASSTHROUGH_xx scsi command
esp: add missing const on TypeInfo structures
esp: enable for all PCI machines
Revert "megasas: disable due to build breakage"
megasas: static SAS addresses
scsi-disk: fix compilation with DEBUG_SCSI
megasas: Update function megasys_scsi_uninit
SCSI: STARTSTOPUNIT only eject/load media if powercondition is 0
SCSI: Update the sense code for PREVENT REMOVAL errors
Correct the command names of opcode 0x85 and 0xa1, and calculate
their xfer size from CDB.
Signed-off-by: Cong Meng <mc@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* stefanha/net:
net: add the support for -netdev socket, listen
net: fix the coding style
hub: add the support for hub own flow control
net: determine if packets can be sent before net queue deliver packets
net: cleanup deliver/deliver_iov func pointers
net: Make "info network" output more readable info
net: Rename qemu_del_vlan_client() to qemu_del_net_client()
net: Rename vc local variables to nc
net: Rename VLANClientState to NetClientState
net: Rename non_vlan_clients to net_clients
net: Remove VLANState
net: Remove vlan code from net.c
net: Convert qdev_prop_vlan to peer with hub
net: Drop vlan argument to qemu_new_net_client()
hub: Check that hubs are configured correctly
net: Look up 'vlan' net clients using hubs
net: Use hubs for the vlan feature
net: Add a hub net client
net: Add interface to bridge when SIOCBRADDIF isn't available
This patch introduces a new property 'sas_address' which
allows the user to specify the SAS address for the HBA.
The default address is following the NAA locally assigned
identifier format with the locally assigned address
0x525400 as used eg for the MAC addresses.
The lower bytes are set to the pci address which
will ensure uniqueness for the local machine.
The port addresses are now calculated based on the magic
number 0x1221 (which is found in real hardware, too) plus
the device number.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Andreas Faerber <afaerber@suse.de>
Cc: Anthony Liguori <anthony@codemonkey.ws>
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit f90c2bcdbc changed
PCIUnregisterFunc, therefore the function prototype
needs an update.
megasas.o is currently not linked, so this bug was not
detected by the buildbots.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The START STOP UNIT command will only eject/load media if
power condition is zero.
If power condition is !0 then LOEJ and START will be ignored.
From MMC (sbc contains similar wordings too)
The Power Conditions field requests the block device to be placed
in the power condition defined in
Table 558. If this field has a value other than 0h then the Start
and LoEj bits shall be ignored.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Change the sense codes for failures to eject a device that is locked
by PREVENT_ALLOW_MEDIUM_REMOVAL from
the generic MEDIA_LOAD_OR_EJECT_FAILED to the more specific
MEDIUM_REMOVAL_PREVENTED.
The second sense code is more accurate, and is also listed in MMC annex F
for the recommended sense codes for MMC devices while the first sense code is not.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
For command line options which permit '?' meaning 'please list the
permitted values', add support for 'help' as a synonym, by abstracting
the check out into a helper function.
This change means that in some cases where we were being lazy in
our string parsing, "?junk" will now be rejected as an invalid option
rather than being (undocumentedly) treated the same way as "?".
Update the documentation to use 'help' rather than '?', since '?'
is a shell metacharacter and thus prone to fail confusingly if there
is a single character filename in the current working directory and
the '?' has not been escaped. It's therefore better to steer users
towards 'help', though '?' is retained for backwards compatibility.
We do not, however, update the output of the system emulator's -help
(or any documentation autogenerated from the qemu-options.hx which
is the source of the -help text) because libvirt parses our -help
output and will break. At a later date when QEMU provides a better
interface so libvirt can avoid having to do this, we can update the
-help text too.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Moving reset callback into cpu object from board level and
resetting cpu at the end of x86_cpu_realize() will allow properly
create cpu object during run-time (hotplug) without calling reset externaly.
When reset over QOM hierarchy is implemented, reset callback
should be removed.
v2:
- leave cpu_reset in pc_new_cpu() for now, it's to be cleaned up when APIC
init is moved in cpu.c
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
MP initialization protocol differs between cpu families, and for P6 and
onward models it is up to CPU to decide if it will be BSP using this
protocol, so try to model this. However there is no point in implementing
MP initialization protocol in qemu. Thus first CPU is always marked as BSP.
This patch:
- moves decision to designate BSP from board into cpu, making cpu
self-sufficient in this regard. Later it will allow to cleanup hw/pc.c
and remove cpu_reset and wrappers from there.
- stores flag that CPU is BSP in IA32_APIC_BASE to model behavior
described in Inted SDM vol 3a part 1 chapter 8.4.1
- uses MSR_IA32_APICBASE_BSP flag in apic_base for checking if cpu is BSP
patch is based on Jan Kiszka's proposal:
http://thread.gmane.org/gmane.comp.emulators.qemu/100806
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
xen_pt_unregister_device is used as PCIUnregisterFunc, so it should
match the type.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Another step in moving the vlan feature out of net core. Users only
deal with NetClientState and therefore qemu_del_vlan_client() should be
named qemu_del_net_client().
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Now that VLANClientState has been renamed to NetClientState all 'vc'
local variables should be 'nc'. Much of the code already used 'nc' but
there are places where 'vc' needs to be renamed.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
The vlan feature is no longer part of net core. Rename VLANClientState
to NetClientState because net clients are not explicitly associated with
a vlan at all, instead they have a peer net client to which they are
connected.
This patch is a mechanical search-and-replace except for a few
whitespace fixups where changing VLANClientState to NetClientState
misaligned whitespace.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
VLANState is no longer used and can be removed.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
The vlan implementation in net.c has been replaced by hubs so we can
remove the code.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Instead of using VLANState use net/hub.h to support the vlan qdev
property. The vlan qdev property becomes an alias for the peer qdev
property but is represented as a VLAN ID number. When a VLAN ID is
selected the device will really peer with a hub port.
Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
For 9p we can get the attach request multiple times for the
same export. So don't adding migration blocker for every
attach request.
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
* bonzini/scsi-next: (32 commits)
virtio-scsi: enable MSI-X support
virtio-scsi: add ioeventfd support
virtio-scsi: report parameter change events
virtio-scsi: do not report dropped events after reset
virtio-scsi: Report missed events
virtio-scsi: Implement hotplug support for virtio-scsi
scsi: report parameter changes to HBA drivers
scsi-disk: report resized disk via sense codes
scsi: establish precedence levels for unit attention
scsi: introduce hotplug() and hot_unplug() interfaces for SCSI bus
scsi: add tracepoint for scsi_req_cancel
scsi-disk: removable hard disks support load/eject
scsi-disk: Fail medium writes with proper sense for readonly LUNs
scsi-disk: improve the lba-out-of-range tests for read/write/verify
scsi-disk: rd/wr/vr-protect !=0 is an error
scsi-disk: support toggling the write cache
scsi-disk: parse MODE SELECT commands and parameters
scsi-disk: fix changeable values for MODE_PAGE_R_W_ERROR
scsi-disk: adjust offsets in MODE SENSE by 2
scsi-disk: support emulated TO_DEV requests
...
Drop a duplicate definition of the 'disabled' property from
the escc qdev property list: this redefinition is currently
effectively ignored but will become an error. (The duplication
was inadvertently introduced in 2009 in commit ec02f7dec2.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Andreas Frber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
While virtio-scsi does support multiqueue, the default number of
interrupt vectors is not enough to actually enable usage of
multiple queues in the driver; this is because with only 2
vectors the driver will not be able to use a separate
interrupt for each request queue. Derive the desired number
of vectors from the number of request queues.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Probably due to bad merge months ago, virtio-scsi-pci did not have
ioeventfd support. Fix this and enable it by default, as is the
case for other virtio-pci devices.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
When an event is reported but no buffers are present in the event vq,
we can set a flag and report a dummy event as soon as one is added.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Implement the hotplug() and hot_unplug() interfaces in virtio-scsi, by signal
the virtio_scsi.ko in guest kernel via event virtual queue.
The counterpart patch of virtio_scsi.ko will be sent soon in another thread.
Signed-off-by: Sen Wang <senwang@linux.vnet.ibm.com>
Signed-off-by: Cong Meng <mc@linux.vnet.ibm.com>
[ Add memset, fix LUN field, placate checkpatch - Paolo ]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Linux will not use these, but a very similar mechanism will be used to
report the condition via virtio-scsi events.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
When a device is resized, we will report a unit attention condition
for CAPACITY DATA HAS CHANGED. However, we should ensure that this
condition does not override a more important unit attention condition.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Add two interfaces hotplug() and hot_unplug() to scsi bus info.
The scsi bus can implement these two interfaces to signal the HBA driver
of guest kernel to add/remove the scsi device in question.
Signed-off-by: Sen Wang <senwang@linux.vnet.ibm.com>
Signed-off-by: Cong Meng <mc@linux.vnet.ibm.com>
[ Fixed braces and indentation - Paolo ]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Support for the LOEJ bit of the START/STOP UNIT command right now is
limited to CD-ROMs. This is wrong, since removable hard disks (in the
real world: SD card readers) also support it in pretty much the same way.
Without the LOEJ bit, START/STOP UNIT does nothing for all devices.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Add sense code for DATA_PROTECT/WRITE_PROTECTED and return this error
for any WRITE*/WRITE_VERIFY* calls if the device is readonly=on,
i.e. write-protected
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Improve the tests for the LBA to cover more cases.
For the 16 byte opcodes, the lba is a uint64, so we need to check is to
make sure that we do not wrap. For example if an opcode would specify
the LBA:0xffffffffffffffff and LEN:2 then lba+len would wrap to 1.
Also verify that ALL requested blocks are available, not just the first one.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The QEMU SCSI emulation does not support protection information,
so any READ/WRITE/VERIFY commands that has the protect bits set to
non-zero should fail with ILLEGAL_REQUEST/INVALID_FIELD_IN_CDB
From SCSI SBC :
If the logical unit does not support protection information,
then the device server should terminate the command with CHECK CONDITION
status with the sense key set to ILLEGAL REQUEST and the additional sense
code set to INVALID FIELD IN CDB.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
[ Rebase after scsi_dma_reqops introduction - Paolo ]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Finally, this uses the "plumbing" in the previous patch to
add support for toggling the WCE bit of the caching mode page.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This adds the bulk of the parsing code for MODE SELECT, including
breaking out changes to different mode pages, and checking that only
changeable values are modified.
In order to report errors correctly two passes are made through the
parameters; the first only looks for errors, the second actually
applies the changes to the mode page.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This will make offsets the same when implementing MODE SELECT. This is
because MODE SELECT has to deal with both 2-byte and 4-byte headers.
Unfortunately, this means that the offsets are now off by two compared
to the descriptions in the SCSI specs, which include the header.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This adds the implementation of write_data for the emulated
command case. The first time through it asks for more data,
the second time it finishes the processing of the command.
MODE SELECT and MODE SELECT(10) can now be re-enabled, but they
will not do much.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The previous patch only separated the send_command callback.
Use different implementations also for read_data and write_data.
The latter is still unreachable, so it aborts for now.
read_data passes the data buffer that was prepared and completes
the command.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Only checks for present medium were still done in scsi_send_command
for emulated commands. So move those to scsi_disk_emulate_command
and return different SCSIReqOps depending on the kind of command.
Checks for present medium can be done unconditionally for the
scsi_disk_dma_reqops case.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
We want to use separate SCSIReqOps for emulated commands needing an
allocated buffer vs. those that are zerocopy when the HBA supports
S/G lists. Ensure that all of the former are in scsi_disk_emulate_command.
Commands that do not have any parameters are more similar to emulated
commands, so also move them, even if they do I/O.
Finally, MODE SELECT and MODE SELECT(10) are broken because we do not
yet support passing parameter data _to_ emulated commands, so disable
them.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
By making discard asynchronous, we can reuse all the error handling
code that is used for other commands.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch adds two new properties vendor and product to SCSI disks.
These options let the user customize the inquiry data returned by the
disk.
Signed-off-by: Yan Vugenfirer <yan@ravellosystems.com>
Signed-off-by: Dmitry Fleytman <dmitry.fleytman@ravellosystems.com>
[ Use vendor and product property names, avoid "if" statements. - PB ]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
scsi-block is a passthrough device and does not allow customization
of vendor, product, removable, DPOFUA, block size or any other piece of
information. Thus, drop DEFINE_SCSI_DISK_PROPERTIES() from the
list of qdev properties.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Simplify the code by checking against req->hba_private directly,
and asserting that it is non-NULL before a command is completed
or canceled.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
By first resetting the devices, lsi_soft_reset will find the queue
already cleared so there is no need to do that forcibly (which may also
leak SCSIRequests, and/or worse due to dangling references to the
lsi_request in the hba_private field).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
scsi_req_abort is for terminating a command with a non-zero status.
The ABORT task management function is invoked by scsi_req_cancel.
In fact, ABORTED_COMMAND is a sense key, not a SAM status code.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
trace_megasas_dcmd_dump_frame() takes 9 arguments, which is
rather much. Plus the trace infrastructure doesn't support
it. As we can get the information via other means it's pointless
to have it in the driver, so rather use some proper trace
point here and remove the old one.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Cc: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* stefanha/net:
remove unused QemuOpts parameter from net init functions
convert net_init_bridge() to NetClientOptions
convert net_init_tap() to NetClientOptions
convert net_init_vde() to NetClientOptions
convert net_init_socket() to NetClientOptions
convert net_init_slirp() to NetClientOptions
convert net_init_dump() to NetClientOptions
convert net_init_nic() to NetClientOptions
convert net_client_init() to OptsVisitor
hw, net: "net_client_type" -> "NetClientOptionsKind" (qapi-generated)
qapi schema: add Netdev types
qapi schema: remove trailing whitespace
qapi: introduce OptsVisitor
expose QemuOpt and QemuOpts struct definitions to interested parties
qapi: introduce "size" type
qapi: generate C types for fixed-width integers
qapi: add test case for deallocating traversal of incomplete structure
qapi: fix error propagation
MAINTAINERS: Replace net maintainer Mark McLoughlin with Stefan Hajnoczi
* stefanha/trivial-patches:
Fix some more Qemus in documentation and help text
qdev: Fix Open Firmware comment
cpus.c: Make all_cpu_threads_idle() static
Use macro QEMU_PACKED for new packed structures
Recognize PCID feature
powerpc pci: fixed packing of ranges[]
Commit 0d936928ef removed code,
but left the related comment at a location where it no longer
belongs to.
The patch moves the comment to the correct callback and improves the text.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Since commit 541dc0d47f,
some new packed structures were added without using QEMU_PACKED.
QEMU_PACKED is needed for compilations with MinGW.
For other platforms nothing changes.
The code was fixed using this command:
git grep -la '__attribute__ ((packed))'|xargs perl -pi -e 's/__attribute__ \(\(packed\)\)/QEMU_PACKED/'
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
By default mingw-gcc is trying to pack structures the way to
preserve binary compatibility with MS Visual C what leads to
incorrect and unexpected padding in the PCI bus ranges property of
the sPAPR PHB.
The patch replaces __attribute__((packed)) with more strict QEMU_PACKED
which actually is __attribute__((gcc_struct, packed)) on Windows.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Tested-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Now that we have LPAE support and can handle passing 64 bit
RAM sizes to Linux via the device tree, we can lift the
restriction in the Versatile Express A15 daughterboard model
on not having more than 2GB of RAM. Allow up to 30GB, which
is the maximum that can fit in the address map before running
into the (unmodelled) aliases of the first 2GB.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Support the case where the device tree blob specifies that
#address-cells and #size-cells are greater than 1. (This
is needed for device trees which can handle 64 bit physical
addresses and thus total RAM sizes over 4GB.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
The legacy ATAGS format for passing information to the kernel only
allows RAM sizes which fit in 32 bits; enforce this restriction
rather than silently doing something weird.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Clean up the mix of getting the RAM size from the global ram_size
and from the ram_size field in the arm_boot_info structure, so
that we always use the structure field.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Make the RAM size in arm_boot_info a uint64_t so it can express
the larger RAM sizes that may be seen in LPAE systems.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Add a missing guard that meant we would segfault if the guest read
UARTDR on a PL011 serial device which had no chr backend connected.
(This didn't happen for Linux guests because Linux reads the flags
register and doesn't try to read the UART if it's empty.)
Reported-by: Christian Müller <christian.mueller@heig-vd.ch>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Added (msi|msix)_set_message() function for whoever might
want to use them.
Currently msi_notify()/msix_notify() write to these vectors to
signal the guest about an interrupt so the correct values have to
written there by the guest or QEMU.
For example, POWER guest never initializes MSI/MSIX vectors, instead
it uses RTAS hypercalls. So in order to support MSIX for virtio-pci on
POWER we have to initialize MSI/MSIX message from QEMU.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This per-device notifier shall be triggered by any interrupt router
along the path of a device's legacy interrupt signal on routing changes.
For simplicity reasons and as this is a slow path anyway, no further
details on the routing changes are provided. Instead, the callback is
expected to use pci_device_route_intx_to_irq to check the effect of the
change.
Will be used by KVM PCI device assignment and VFIO.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Device assigned on KVM needs to know the mode
(enabled/inverted/disabled) and the IRQ number that a given device
triggers in the attached interrupt controller.
Add a PCI IRQ path discovery function that walks from a given device to
the host bridge, and gets this information. For
this purpose, a host bridge callback function is introduced:
route_intx_to_irq. It is so far only implemented by the PIIX3, other
host bridges can be added later on as required.
Will be used for KVM PCI device assignment and VFIO.
Based on patch by Jan Kiszka, with minor tweaks.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* kwolf/for-anthony: (41 commits)
fdc-test: Clean up a bit
fdc-test: introduce test_relative_seek
fdc: fix relative seek
qemu-iotests: Valgrind support
coroutine-ucontext: Help valgrind understand coroutines
qemu-io: Fix memory leaks
hw/block-common: Factor out fall back to legacy -drive cyls=...
blockdev: Don't limit DriveInfo serial to 20 characters
hw/block-common: Factor out fall back to legacy -drive serial=...
hw/block-common: Move BlockConf & friends from block.h
Relax IDE CHS limits from 16383,16,63 to 65535,16,255
blockdev: Drop redundant CHS validation for if=ide
hd-geometry: Compute BIOS CHS translation in one place
qtest: Test we don't put hard disk info into CMOS for a CD-ROM
ide pc: Put hard disk info into CMOS only for hard disks
block: Geometry and translation hints are now useless, purge them
qtest: Cover qdev property for BIOS CHS translation
ide: qdev property for BIOS CHS translation
qdev: New property type chs-translation
qdev: Collect private helpers in one place
...
* qemu-kvm/uq/master:
virtio: move common irqfd handling out of virtio-pci
virtio: move common ioeventfd handling out of virtio-pci
event_notifier: add event_notifier_set_handler
memory: pass EventNotifier, not eventfd
ivshmem: wrap ivshmem_del_eventfd loops with transaction
ivshmem: use EventNotifier and memory API
event_notifier: add event_notifier_init_fd
event_notifier: remove event_notifier_test
event_notifier: add event_notifier_set
apic: Defer interrupt updates to VCPU thread
apic: Reevaluate pending interrupts on LVT_LINT0 changes
apic: Resolve potential endless loop around apic_update_irq
kvm: expose tsc deadline timer feature to guest
kvm_pv_eoi: add flag support
kvm: Don't abort on kvm_irqchip_add_msi_route()
qdev_prop_set_string uses object_property_set_str, which takes
a const char * for the value. Lets propagate the constness
into qdev_prop_set_string.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
All current users (IDE, SCSI and virtio-blk) happen to share this 20
characters limit. Still, it should be left to device models. They
already enforce their limits. They have to, as the DriveInfo limit
only affects legacy -drive serial=..., not the qdev properties.
usb-storage, which doesn't limit serial number length, also uses
DriveInfo for -usbdevice. But that doesn't provide access to
DriveInfo serial.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This stuff doesn't belong to block layer, and was put there only
because a better home didn't exist then. Now it does.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
New limits straight from ATA4 6.2 Register delivered data transfer
command sector addressing.
I figure the old sector limit 63 was blindly copied from the BIOS
int 13 limit. Doesn't apply to the hardware. No idea where the old
cylinder limit comes from.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Currently, it is split between hd_geometry_guess() and
pc_cmos_init_late(). Confusing. info qtree shows the result of the
former. Also confusing.
Fold the part done in pc_cmos_init_late() into hd_geometry_guess().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
In particular, don't set disk type and geometry when a CD-ROM on bus
ide.0 has media during CMOS initialization.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
There are two producers of these hints: drive_init() on behalf of
-drive, and hd_geometry_guess().
The only consumer of the hint is hd_geometry_guess().
The callers of hd_geometry_guess() call it only when drive_init()
didn't set the hints. Therefore, drive_init()'s hints are never used.
Thus, hd_geometry_guess() only ever sees hints it produced itself in a
prior call. Only the first call computes something, subsequent calls
just repeat the first call's results. However, hd_geometry_guess() is
never called more than once: the device models don't, and the block
device is destroyed on unplug. Thus, dropping the repeat feature
doesn't break anything now.
If a block device wasn't destroyed on unplug and could be reused with
a new device, then repeating old results would be wrong. Thus,
dropping the repeat feature prevents future breakage.
This renders the hints unused. Purge them from the block layer.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This isn't quite orthodox. CHS translation is firmware configuration,
communicated via the RTC's CMOS RAM, not a property of the disk. But
it's best to treat it just like geometry anyway.
Maintain backward compatibility exactly like for geometry: fall back
to DriveInfo's translation, set with -drive trans=...
Bonus: info qtree now shows the translation. Except when it shows
"auto": that's resolved by pc_cmos_init_late(). To be addressed
shortly.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Just code motion, with one long line wrapped to keep checkpatch.pl
happy.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Geometry needs to be qdev properties, because it belongs to the
disk's guest part.
Maintain backward compatibility exactly like for serial: fall back to
DriveInfo's geometry, set with -drive cyls=...
Do this only for ide-hd. ide-drive is legacy. ide-cd doesn't have a
geometry.
Bonus: info qtree now shows the geometry.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Geometry needs to be qdev properties, because it belongs to the
disk's guest part.
Maintain backward compatibility exactly like for serial: fall back to
DriveInfo's geometry, set with -drive cyls=...
Bonus: info qtree now shows the geometry.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Geometry needs to be qdev properties, because it belongs to the
disk's guest part.
Maintain backward compatibility exactly like for serial: fall back to
DriveInfo's geometry, set with -drive cyls=...
Do this only for scsi-hd. scsi-disk is legacy. scsi-cd doesn't have
a geometry. scsi-block should get geometry from the host disk.
Bonus: info qtree now shows the geometry.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Best to use the same type, to avoid unwanted truncation or sign
extension.
BlockConf can't use plain int for cyls, heads and secs, because
integer properties require an exact width.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
PC BIOS setup needs IDE geometry information. Get it directly from
the device model rather than through the block layer. In preparation
of purging geometry from the block layer, which will happen later in
this series.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
hd_geometry_guess() picks geometry and translation. Callers can get
the geometry directly, via parameters, but for translation they need
to go through the block layer.
Add a parameter for translation, so it can optionally be gotten just
like geometry. In preparation of purging translation from the block
layer, which will happen later in this series.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
When hd_geometry_guess() picks a geometry, it also picks the
appropriate translation, but only when the prior translation hint is
BIOS_ATA_TRANSLATION_AUTO. Looks wrong, because such a prior
translation would be passed to the BIOS whether it's suitable for the
geometry or not.
Fortunately, that can't happen. There are just two ways for the
translation hint to get set to something other than
BIOS_ATA_TRANSLATION_AUTO: drive_init() on behalf of -drive trans=...,
and hd_geometry_guess(). Both set it only when they also set a valid
geometry hint, i.e. one with a non-zero number of cylinders.
Since hd_geometry_guess() returns right away when it finds a valid
geometry hint, translation can only be BIOS_ATA_TRANSLATION_AUTO in
the remainder of the function.
Assert this, and simplify accordingly.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Commit f3d54fc4 factored it out of hw/ide.c for reuse. Sensible,
except it was put into block.c. Device-specific functionality should
be kept in device code, not the block layer. Move it to
hw/hd-geometry.c, and make stylistic changes required to keep
checkpatch.pl happy.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Commit 5bbdbb46 moved it to block.c because "other geometry guessing
functions already reside in block.c". Device-specific functionality
should be kept in device code, not the block layer. Move it back.
Disk geometry guessing is still in block.c. To be moved out in a
later patch series.
Bonus: the floppy type used in pc_cmos_init() now obviously matches
the one in the FDrive. Before, we relied on
bdrv_get_floppy_geometry_hint() picking the same type both in
fd_revalidate() and in pc_cmos_init().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Let the text cursor blink at 1.875 Hz, the original VGA cursor
frequency. No timer is used, instead we rely on the fact that the
display is updated periodically.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Switch a format string from %x to TARGET_PRIxPHYS so that it will
continue to work even if target_phys_addr_t is changed
to 64 bits in the future.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Use the new TARGET_PRIxPHYS macro to avoid the need to define an
OMAP_FMT_plx macro whose expansion depends directly on
TARGET_PHYS_ADDR_BITS.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The PCI version is supported in lots of Operating Systems,
and has been successfully tested on:
- MS DOS 6.22 (using DC390 driver)
- MS Windows 3.11 (using DC390 driver)
- MS Windows 98 SE (using default driver)
- MS Windows NT 3.1 (using DC390 driver)
- MS Windows NT 4.0 (using default driver)
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The same mechanism is already in place for some select commands.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Suggested by blue swirl. Patch is on top of Paolo's
scsi-next tree.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Move down the expire time calculation down in the frame timer, to the
point where the timer is actually reloaded. This way we'll notice any
async_stepdown changes (especially resetting to 0 due to usb activity).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
With the async schedule being kicked from other places than the frame
timer (commit 0f588df8b3) it may happen
that we call ehci_commit_interrupt() more than once per frame.
Move the call from the async schedule handler to the frame timer to
restore old irq behavior, which is more correct. Fixes regressions
with some linux kernel versions.
TODO: implement full Interrupt Threshold Control support.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
$subject says all: when loading old (v1) vmstate which doesn't contain
expire_time initialize it with a reasonable default (current time).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
$subject says all. First cut.
It's a pure UAS (usb attached scsi) emulation, without BOT (bulk-only
transport) compatibility. If your guest can't handle it use usb-storage
instead.
The emulation works like any other scsi hba emulation (eps, lsi, virtio,
megasas, ...). It provides just the HBA where you can attach scsi
devices as you like using '-device'. A single scsi target with up to
256 luns is supported.
For now only usb 2.0 transport is supported. This will change in the
future though as I plan to use this as playground when codeing up &
testing usb 3.0 transport and streams support in the qemu usb core and
the xhci emulation.
No migration support yet. I'm planning to add usb 3.0 support first as
this probably requires saving additional state.
Special thanks go to Paolo for bringing the qemu scsi emulation into
shape, so this can be added nicely without having to touch a single line
of scsi code.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
All transports can use the same event handler for the irqfd, though the
exact mechanics of the assignment will be specific. Note that there
are three states: handled by the kernel, handled in userspace, disabled.
This also lets virtio use event_notifier_set_handler.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
All transports can use the same event handler for the ioeventfd, though
the exact setup (address/memory region) will be specific.
This lets virtio use event_notifier_set_handler.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Under Win32, EventNotifiers will not have event_notifier_get_fd, so we
cannot call it in common code such as hw/virtio-pci.c. Pass a pointer to
the notifier, and only retrieve the file descriptor in kvm-specific code.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
All of ivshmem's usage of eventfd now has a corresponding API in
EventNotifier. Simplify the code by using it, and also use the
memory API consistently to set up and tear down the ioeventfds.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Add a missing cast to avoid gcc complaining about format string
errors when printing an expression based on a target_phys_addr_t.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Chubb <peter.chubb@nicta.com.au>
Most device models have a simple lifecycle for the hba_private field
and they can free it when a request is completed or cancelled.
However, in some cases it may be simpler to tie the lifetime
of hba_private to that of the included SCSIRequest. This patch
adds a free_request callback to SCSIBusInfo that lets an HBA
device model do exactly that.
Normally, device models use req->hba_private == NULL to flag requests
that have been completed already. Device models that use free_request
will still need to track this using a flag. This is the reason why
"converting" existing HBAs to use free_request adds complexity and
makes little sense. It is simply an additional convenience that is
provided by the SCSI layer. USB-attached storage will be the first
user.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
KVM performs TPR raising asynchronously to QEMU, specifically outside
QEMU's global lock. When an interrupt is injected into the APIC and TPR
is checked to decide if this can be delivered, a stale TPR value may be
used, causing spurious interrupts in the end.
Fix this by deferring apic_update_irq to the context of the target VCPU.
We introduce a new interrupt flag for this, CPU_INTERRUPT_POLL. When it
is set, the VCPU calls apic_poll_irq before checking for further pending
interrupts. To avoid special-casing KVM, we also implement this logic
for TCG mode.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
When the guest modifies the LVT_LINT0 register, we need to check if some
pending PIC interrupt can now be delivered.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Commit d96e173769 refactored the reinjection of pending PIC interrupts.
However, it missed the potential loop of apic_update_irq ->
apic_deliver_pic_intr -> apic_local_deliver -> apic_set_irq ->
apic_update_irq that /could/ occur if LINT0 is injected as APIC_DM_FIXED
and that vector is currently blocked via TPR.
Resolve this by reinjecting only where it matters: inside
apic_get_interrupt. This function may clear a vector while a
PIC-originated reason still exists.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
* mjt/mjt-iov2:
rewrite iov_send_recv() and move it to iov.c
cleanup qemu_co_sendv(), qemu_co_recvv() and friends
export iov_send_recv() and use it in iov_send() and iov_recv()
rename qemu_sendv to iov_send, change proto and move declarations to iov.h
change qemu_iovec_to_buf() to match other to,from_buf functions
consolidate qemu_iovec_copy() and qemu_iovec_concat() and make them consistent
allow qemu_iovec_from_buffer() to specify offset from which to start copying
consolidate qemu_iovec_memset{,_skip}() into single function and use existing iov_memset()
rewrite iov_* functions
change iov_* function prototypes to be more appropriate
virtio-serial-bus: use correct lengths in control_out() message
Conflicts:
tests/Makefile
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* kwolf/for-anthony: (24 commits)
block: Factor bdrv_read_unthrottled() out of guess_disk_lchs()
qtest: Tidy up temporary files properly
fdc: Drop broken code for user-defined floppy geometry
fdc_test: introduce test_sense_interrupt
fdc_test: update media_change test
fdc: fix interrupt handling
fdc: rewrite seek and DSKCHG bit handling
block: introduce bdrv_swap, implement bdrv_append on top of it
block: copy over job and dirty bitmap fields in bdrv_append
raw: hook into blkdebug
blkdebug: optionally tie errors to a specific sector
blkdebug: store list of active rules
blkdebug: pass getlength to underlying file
blkdebug: tiny cleanup
blkdebug: remove sync i/o events
sheepdog: traverse pending_list from the first for each time
sheepdog: split outstanding list into inflight and pending
sheepdog: make sure we don't free aiocb before sending all requests
sheepdog: use coroutine based socket functions in coroutine context
sheepdog: restart I/O when socket becomes ready in do_co_req()
...
* kraxel/usb.55:
usb-host: add trace events for iso xfers
usb: fix interface initialization
usb: split endpoint init and reset
usb-redir: Correctly handle the usb_redir_babble usbredir status
ehci: Kick async schedule on wakeup in the non companion case
usb-ehci: Fix an assert whenever isoc transfers are used
ehci: don't flush cache on doorbell rings.
ehci: fix td writeback
ehci: fix ehci_qh_do_overlay
* bonzini/scsi-next:
scsi: Fix transfer length for READ POSITION commands.
scsi: Add basic support for SCSI media changer commands.
scsi: Ensure command and transfer lengths are set for all SCSI devices
scsi: Fix LOAD_UNLOAD
scsi: Fix data length == SCSI_SENSE_BUF_SIZE
virtio-scsi: do not crash on adding buffers to the event queue
megasas: LSI Megaraid SAS HBA emulation
megasas: Add header file
ISCSI: force use of sg for SMC and SSC devices
ISCSI: Add SCSI passthrough via scsi-generic to libiscsi
scsi-disk: implement READ DISC INFORMATION
atapi: implement READ DISC INFORMATION
scsi: add a qdev property for the disk's WWN
scsi: simplify handling of the VPD page length field
bdrv_get_floppy_geometry_hint() fails to store through its parameter
drive when bs has a geometry hint. Makes fd_revalidate() assign
random crap to drv->drive.
Has been broken that way for ages. Harmless, because:
* The only way to set a geometry hint is -drive if=none,cyls=...
Since commit c219331e, probably unintentional.
* The only use of drv->drive is as argument to another
bdrv_get_floppy_geometry_hint(). Which doesn't use it, since the
geometry hint is still there.
Drop the broken code, ignore -drive parameter cyls, heads and secs for
floppies even with if=none, just like before commit c219331e. Matches
-help, which explains cyls, heads, secs as "hard disk physical
geometry".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
If you call the SENSE INTERRUPT STATUS command while there is no interrupt
waiting you get as result unknown command.
Fixed status0 register handling for read/write/format commands.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This bit is cleared on every successful seek to a different track (cylinder).
The seek is also called on revalidate or on read/write/format commands which
also clear the DSKCHG bit.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Replace iso transfer fprintf's with trace points. Also rename existing
tracepoints so they all match usb_host_iso_*.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Create a new usb_ep_reset() function to reset endpoint state, without
re-initialiting the queues, so we don't unlink in-flight packets just
because usb-host has to re-parse the descriptor tables.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit 0f588df8b3, added code
to ehci_wakeup to kick the async schedule on wakeup, but the else
was positioned wrong making it trigger for devices which are routed
to the companion rather then to the ehci controller itself.
This patch fixes this. Note that the "programming style" with using the
return at the end of the companion block matches how the companion case
is handled in the other ports ops, and is done this way for consistency.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
hcd-ehci.c is missing an usb_packet_init() call for the ipacket UsbPacket
it uses for isoc transfers, triggering an assert (taking the entire vm down)
in usb_packet_setup as soon as any isoc transfers are done by a high speed
USB device.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit 4be23939ab makes ehci instantly
zap any unlinked queue heads when the guest rings the doorbell.
While hacking up uas support this turned out to be a problem. The linux
kernel can unlink and instantly relink the very same queue head, thereby
killing any async packets in flight. That alone isn't an issue yet, the
packet will canceled and resubmitted and everything is fine. We'll run
into trouble though in case the async packet is completed already, so we
can't cancel it any more. The transaction is simply lost then.
usb_ehci_qh_ptrs q (nil) - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95feba90a0 - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95fe515210 - QH @ 39c4f120: next 39c4f0c2 qtds 29dbce40,29dbc4e0,00000009
usb_ehci_qh_fields QH @ 39c4f120 - rl 4, mplen 512, eps 2, ep 1, dev 2
usb_ehci_packet_action q 0x7f95fe515210 p 0x7f95fdec32a0: alloc
usb_packet_state_change bus 0, port 2, ep 1, packet 0x7f95fdec32e0, state undef -> setup
usb_ehci_packet_action q 0x7f95fe515210 p 0x7f95fdec32a0: process
usb_uas_command dev 2, tag 0x2, lun 0, lun64 00000000-00000000
scsi_req_parsed target 0 lun 0 tag 2 command 42 dir 2 length 16384
scsi_req_parsed_lba target 0 lun 0 tag 2 command 42 lba 5933312
scsi_req_alloc target 0 lun 0 tag 2
scsi_req_continue target 0 lun 0 tag 2
scsi_req_data target 0 lun 0 tag 2 len 16384
usb_uas_scsi_data dev 2, tag 0x2, bytes 16384
usb_uas_write_ready dev 2, tag 0x2
usb_packet_state_change bus 0, port 2, ep 1, packet 0x7f95fdec32e0, state setup -> complete
usb_ehci_packet_action q 0x7f95fe515210 p 0x7f95fdec32a0: free
usb_ehci_qh_ptrs q 0x7f95fdec3210 - QH @ 39c4f0c0: next 39c4f002 qtds 29dbce40,00000001,00000009
usb_ehci_qh_fields QH @ 39c4f0c0 - rl 4, mplen 512, eps 2, ep 2, dev 2
usb_ehci_queue_action q 0x7f95fe5152a0: free
usb_packet_state_change bus 0, port 2, ep 2, packet 0x7f95feba9170, state async -> complete
^^^ async packets completes.
usb_ehci_packet_action q 0x7f95fdec3210 p 0x7f95feba9130: wakeup
usb_ehci_qh_ptrs q (nil) - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95feba90a0 - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95fe515210 - QH @ 39c4f120: next 39c4f002 qtds 29dbc4e0,29dbc8a0,00000009
usb_ehci_qh_fields QH @ 39c4f120 - rl 4, mplen 512, eps 2, ep 1, dev 2
usb_ehci_queue_action q 0x7f95fdec3210: free
usb_ehci_packet_action q 0x7f95fdec3210 p 0x7f95feba9130: free
^^^ endpoint #2 queue head removed from schedule, doorbell makes ehci zap the queue,
the (completed) usb packet is freed too and gets lost.
usb_ehci_qh_ptrs q (nil) - QH @ 39c4f000: next 39c4f0c2 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95feba90a0 - QH @ 39c4f000: next 39c4f0c2 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_queue_action q 0x7f9600dff570: alloc
usb_ehci_qh_ptrs q 0x7f9600dff570 - QH @ 39c4f0c0: next 39c4f122 qtds 29dbce40,00000001,00000009
usb_ehci_qh_fields QH @ 39c4f0c0 - rl 4, mplen 512, eps 2, ep 2, dev 2
usb_ehci_packet_action q 0x7f9600dff570 p 0x7f95feba9130: alloc
usb_packet_state_change bus 0, port 2, ep 2, packet 0x7f95feba9170, state undef -> setup
usb_ehci_packet_action q 0x7f9600dff570 p 0x7f95feba9130: process
usb_packet_state_change bus 0, port 2, ep 2, packet 0x7f95feba9170, state setup -> async
usb_ehci_packet_action q 0x7f9600dff570 p 0x7f95feba9130: async
^^^ linux kernel relinked the queue head, ehci creates a new usb packet,
but we should have delivered the completed one instead.
usb_ehci_qh_ptrs q 0x7f95fe515210 - QH @ 39c4f120: next 39c4f002 qtds 29dbc4e0,29dbc8a0,00000009
usb_ehci_qh_fields QH @ 39c4f120 - rl 4, mplen 512, eps 2, ep 1, dev 2
So instead of instantly zapping the queue we'll set a flag that the
queue needs revalidation in case we'll see it again in the schedule.
ehci then checks that the queue head fields addressing / describing the
endpoint and the qtd pointer match the cached content before reusing it.
Cc: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Only write back the dwords the hc is supposed to update. Should not
make a difference in theory as the guest must not touch the td while
it is active to avoid races. But it is still more correct.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
BARs are registered in init functions from memory regions created
by the drivers. Exit functions destroy those memory regions.
By unregistering the io regions after exit(), we're calling
memory_region_del_subregion on freed memory. Don't do that. The
option rom comes along for the ride because it's more symmetric
to how it's created.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Not a single driver has any possibility of failure on their
exit function, let's keep it that way.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Make the state fields rx_desc_addr and tx_desc_addr uint32_t;
this matches the VMStateDescription, and also conforms to how
hardware works: the registers don't magically become larger
if the device is attached to a CPU with a larger physical
address size. It also fixes a compile failure if the
target_phys_addr_t type is changed to 64 bits.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Board support for Kyoto Micro's KZM-ARM11-01, an evaluation board built
around the Freescale i.MX31.
Signed-off-by: Philip O'Sullivan <philipo@ok-labs.com>
Signed-off-by: Peter Chubb <peter.chubb@nicta.com.au>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Implement the Freescale i.MX31 advanced vectored interrupt controller, at least
to the extent it is used by Linux 3.x
Vectors are not implemented.
Signed-off-by: Philip O'Sullivan <philipo@ok-labs.com>
Signed-off-by: Peter Chubb <peter.chubb@nicta.com.au>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Implement the timers on the Freescale i.MX31 SoC.
This is not a complete implementation, but gives enough for
Linux to boot and run. In particular external triggers, which are
not useful under QEMU, are not implemented.
Signed-off-by: Philip O'Sullivan <philipo@ok-labs.com>
Signed-off-by: Peter Chubb <peter.chubb@nicta.com.au>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
For Linux to be able to work out how fast its clocks are going, so
that timer ticks come approximately at the right time, it needs to
be able to query the clock control module (CCM).
This is the start of a CCM implementation. It currently knows only about
the MCU, HSP and IPG clocks --- i.e., the ones used to feed the periodic
and general purpose timers.
Signed-off-by: Peter Chubb <peter.chubb@nicta.com.au>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Implement the Freescale i.MX UART. This uart is used in a variety of
SoCs, including some by Motorola, as well as in the Freescale i.MX
series.
This patch gives only a `bare-bones' implementation, enough to run Linux
or OKL4, but that's about it.
Signed-off-by: Philip O'Sullivan <philipo@ok-labs.com>
Signed-off-by: Peter Chubb <peter.chubb@nicta.com.au>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We want to mirror whole IROM and should pass zero instead of
EXYNOS4210_IROM_BASE_ADDR (though it equals to zero too) since
memory_region_init_alias takes an offset within an original
region as an argument.
Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
START/STOP bit was not cleaned correctly.
Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
After some long period of time Linux kernel hanged due to
ptimer_get_count may return 0 before timer interrupt occurs,
thus, causing FRC to jump back in time
Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The transfer length depends on the specific service action
code, as defined in the SCSI stream commands spec section 7.7.
Up to now only the extended form was supported.
Signed-off-by: Christian Hoff <christian.hoff@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This adds basic support for SCSI media changer commands.
Not all commands are supported as of now, but enough to cover
basic functionality.
Signed-off-by: Christian Hoff <christian.hoff@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
scsi-generic relies on those values to be correct, so it is important that
those values are initialized properly for all device types.
Reported-by: Christian Hoff <christian.hoff@de.ibm.com>
Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Change operation code of LOAD_UNLOAD command to 0x1b as described in
section 7.3 of the SCSI Stream Commands spec.
Signed-off-by: Christian Hoff <christian.hoff@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Fix the edge case where the sense data length is exactly the same
as SCSI_SENSE_BUF_SIZE.
This makes SCSI requests work that use all of the available 95 byte
sense data.
Signed-off-by: Christian Hoff <christian.hoff@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The event queue is not supported yet and the handler does not
have to do much anyway when buffers are added. However, the
handler is called unconditionally by the virtio layer, and this
results in a crash as soon as buffers are added to the event
queue because we pass NULL.
Reported-by: Bryan Venteicher <bryanv@daemoninthecloset.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch adds an emulation for the LSI Megaraid SAS 8708EM2 HBA.
I've tested it to work with Linux, Windows Vista, and Windows7.
Signed-off-by: Hannes Reinecke <hare@suse.de>
[ Squashed trivial changes from Andreas Faerber, rebased over IOMMU
and QBus changes - Paolo ]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Update iscsi to allow passthrough of SG_IO scsi commands when the iscsi
device is forced to be scsi-generic.
Implement both bdrv_ioctl() and bdrv_aio_ioctl() in the iscsi backend,
emulate the SG_IO ioctl and pass the SCSI commands across to the
iscsi target.
This allows end-to-end passthrough of SCSI all the way from the guest,
to qemu, via scsi-generic, then libiscsi all the way to the iscsi target.
To activate this you need to specify that the iscsi lun should be treated
as a scsi-generic device.
Example:
-device lsi -device scsi-generic,drive=MyISCSI \
-drive file=iscsi://10.1.1.125/iqn.ronnie.test/1,if=none,id=MyISCSI
Note, you can currently not boot a qemu guest from a scsi device.
Note,
This only works when the host is linux, since the emulation relies on
definitions of SG_IO from the scsi-generic implementation in the
linux kernel.
It should be fairly easy to re-implement some structures similar enough
for non-linux hosts to do the same style of passthrough via a fake
scsi generic layer and libiscsi if need be.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This command is not necessary for CD-ROM and DVD-ROM, but some versions of
udev trip on its absence.
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This command is not necessary for CD-ROM and DVD-ROM, but some versions of
udev trip on its absence.
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Currently the pseries machine emulation does not support DMA for emulated
PCI devices, because the PAPR spec always requires a (guest visible,
paravirtualized) IOMMU which was not implemented. Now that we have
infrastructure for IOMMU emulation, we can correct this and allow PCI DMA
for pseries.
With the existing PAPR IOMMU code used for VIO devices, this is almost
trivial. We use a single DMAContext for each (virtual) PCI host bridge,
which is the usual configuration on real PAPR machines (which often have
_many_ PCI host bridges).
Cc: Alex Graf <agraf@suse.de>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch adds some hooks to let PCI devices and busses use the new IOMMU
infrastructure. When IOMMU support is enabled, each PCI device now
contains a DMAContext * which is used by the pci_dma_*() wrapper functions.
By default, the contexts are initialized to NULL, assuming no IOMMU.
However the platform or host bridge code which sets up the PCI bus can use
pci_setup_iommu() to set a function which will determine the correct
DMAContext for a given PCI device.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The pseries platform already contains an IOMMU implementation, since it is
essential for the platform's paravirtualized VIO devices. This IOMMU
support is currently built into the implementation of the VIO "bus" and
the various VIO devices.
This patch converts this code to make use of the new common IOMMU
infrastructure.
We don't yet handle synchronization of map/unmap callbacks vs. invalidations,
this will require some complex interaction with the kernel and is not a
major concern at this stage.
Cc: Alex Graf <agraf@suse.de>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch adds the basic infrastructure necessary to emulate an IOMMU
visible to the guest. The DMAContext structure is extended with
information and a callback describing the translation, and the various
DMA functions used by devices will now perform IOMMU translation using
this callback.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The USB UHCI and EHCI drivers were converted some time ago to use the
pci_dma_*() helper functions. However, this conversion was not complete
because in some places both these drivers do DMA via the usb_packet_map()
function in usb-libhw.c. That function directly used
cpu_physical_memory_map().
Now that the sglist code uses DMA wrappers properly, we can convert the
functions in usb-libhw.c, thus conpleting the conversion of UHCI and EHCI
to use the DMA wrappers.
Note that usb_packet_map() invokes dma_memory_map() with a NULL invalidate
callback function. When IOMMU support is added, this will mean that
usb_packet_map() and the corresponding usb_packet_unmap() must be called in
close proximity without dropping the qemu device lock - otherwise the guest
might invalidate IOMMU mappings while they are still in use by the device
code.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The AHCI device can provide both PCI and SysBus AHCI device
emulations. For this reason, it wasn't previously converted to use
the pci_dma_*() helper functions. Now that we have universal DMA
helper functions, this converts AHCI to use them.
The DMAContext is obtained from pci_dma_context() in the PCI case and
set to NULL in the SysBus case (i.e. we assume for now that a SysBus
AHCI has no IOMMU translation).
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
dma-helpers.c contains a number of helper functions for doing
scatter/gather DMA, and various block device related DMA. Currently,
these directly access guest memory using cpu_physical_memory_*(),
assuming no IOMMU translation.
This patch updates this code to use the new universal DMA helper
functions. qemu_sglist_init() now takes a DMAContext * to describe
the DMA address space in which the scatter/gather will take place.
We minimally update the callers qemu_sglist_init() to pass NULL
(i.e. no translation, same as current behaviour). Some of those
callers should pass something else in some cases to allow proper IOMMU
translation in future, but that will be fixed in later patches.
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The OHCI device emulation can provide both PCI and SysBus OHCI
implementations. Because of this, it was not previously converted to
use the PCI DMA helper functions.
This patch converts it to use the new universal DMA helper functions.
In the PCI case, it obtains its DMAContext from pci_dma_context(), in
the SysBus case, it uses NULL - i.e. assumes for now that there will
be no IOMMU translation for a SysBus OHCI.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Not that long ago, every device implementation using DMA directly
accessed guest memory using cpu_physical_memory_*(). This meant that
adding support for a guest visible IOMMU would require changing every
one of these devices to go through IOMMU translation.
Shortly before qemu 1.0, I made a start on fixing this by providing
helper functions for PCI DMA. These are currently just stubs which
call the direct access functions, but mean that an IOMMU can be
implemented in one place, rather than for every PCI device.
Clearly, this doesn't help for non PCI devices, which could also be
IOMMU translated on some platforms. It is also problematic for the
devices which have both PCI and non-PCI version (e.g. OHCI, AHCI) - we
cannot use the the pci_dma_*() functions, because they assume the
presence of a PCIDevice, but we don't want to have to check between
pci_dma_*() and cpu_physical_memory_*() every time we do a DMA in the
device code.
This patch makes the first step on addressing both these problems, by
introducing new (stub) dma helper functions which can be used for any
DMA capable device.
These dma functions take a DMAContext *, a new (currently empty)
variable describing the DMA address space in which the operation is to
take place. NULL indicates untranslated DMA directly into guest
physical address space. The intention is that in future non-NULL
values will given information about any necessary IOMMU translation.
DMA using devices must obtain a DMAContext (or, potentially, contexts)
from their bus or platform. For now this patch just converts the PCI
wrappers to be implemented in terms of the universal wrappers,
converting other drivers can take place over time.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
A while back, we introduced the dma_addr_t type, which is supposed to
be used for bus visible memory addresses. At present, this is an
alias for target_phys_addr_t, but this will change when we eventually
add support for guest visible IOMMUs.
There are some instances of target_phys_addr_t in the code now which
should really be dma_addr_t, but can't be trivially converted due to
missing features which this patch corrects.
* We add DMA_ADDR_BITS analagous to TARGET_PHYS_ADDR_BITS. This is
important where we need to make a compile-time (#if) based on the
size of dma_addr_t.
* We add a new helper macro to create device properties which take a
dma_addr_t, currently an alias to DEFINE_PROP_TADDR().
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Commit ff71f2e8ca prevent the possible
crash during initialization of linux driver by checking the operating
mode.This seems too strict as:
- the real card could still work in mode other than normal
- some buggy driver who does not set correct opmode after eeprom
access
So, considering rx ring address were reset to zero (which could be
safely trated as an address not intened to DMA to), in order to
both letting old guest work and preventing the unexpected DMA to
guest, we can forbid packet receiving when rx ring address is zero.
Tested-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
From Markus:
Before:
$ qemu-system-x86_64 -display none -drive if=ide
qemu-system-x86_64: Device needs media, but drive is empty
qemu-system-x86_64: Initialization of device ide-hd failed
[Exit 1 ]
After:
$ qemu-system-x86_64 -display none -drive if=ide
qemu-system-x86_64: Device needs media, but drive is empty
Segmentation fault (core dumped)
[Exit 139 (SIGSEGV)]
This error always existed as qdev_init() frees the object. But QOM
goes a bit further and purposefully sets the class pointer to NULL to
help find use-after-free. It worked :-)
Cc: Andreas Faerber <afaerber@suse.de>
Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* stefanha/trivial-patches:
tci: Support INDEX_op_bswap64_i64
target-i386: Use QEMU instead of Qemu
Makefile.hw: avoid overly large 'make clean' rm command
configure: Fix typo
arm_gic: Send dbg msgs to stderr not stdout
checkpatch: Add QEMU specific rule
qemu-config: Use QEMU instead of Qemu
libqtest: Fix socket_accept() to pass address_len
Makefile.user: Define CONFIG_USER_ONLY for libuser/
Makefile: Remove macro qapi-dir
Makefile: Remove BUILD_DIR from qapi-dir
Install 'bepo' keymap already included in Qemu source
* kraxel/usb.54:
uhci: fix uhci_async_cancel_all
usb-host: live migration support
usb-host: attach only to running guest
ehci: tracing improvements
usb: restore USBDevice->attached on vmload
ehci: add live migration support
* 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf: (72 commits)
PPC: BookE206: Bump MAS2 to 64bit
PPC: BookE: Support 32 and 64 bit wide MAS2
PPC: Extract SPR dump generation into its own function
PPC: Add e5500 CPU target
PPC: BookE: Make ivpr selectable by CPU type
PPC: BookE: Implement EPR SPR
PPC: Add support for MSR_CM
PPC: Add some booke SPR defines
uImage: increase the gzip load size
PPC: e500: allow users to set the /compatible property via -machine
dt: make setprop argument static
PPC: e500: Refactor serial dt generation
dt: Add global option to set phandle start offset
PPC: e500: Extend address/size of / to 64bit
PPC: e500: Define addresses as always 64bit
PPC: e500: Use new SOC dt format
PPC: e500: Use new MPIC dt format
Revert "dt: temporarily disable subtree creation failure check"
PPC: e500: enable manual loading of dtb blob
PPC: e500: dt: use target_phys_addr_t for ramsize
...
* 's390-for-upstream' of git://repo.or.cz/qemu/agraf:
s390: stop target cpu on sigp initial reset
s390: make kvm_stat work on s390
kvm: Update kernel headers
s390x: fix s390 virtio aliases
* 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm:
arm_boot: Conditionalised DTB command line update
cadence_ttc: changed master clock frequency
cadence_gem: avoid stack-writing buffer-overrun
hw/a9mpcore: Fix compilation failure if physaddrs are 64 bit
hw/omap.h: Drop broken MEM_VERBOSE tracing
hw/armv7m_nvic: Make the NVIC a freestanding class
hw/arm_gic: Move CPU interface memory region setup into arm_gic_init
hw/arm_gic.c: Make NVIC interrupt numbering a runtime setting
hw/arm_gic: Make CPU target registers RAZ/WI on uniprocessor
hw/arm_gic: Add qdev property for GIC revision
hw/armv7m_nvic: Use MemoryRegions for NVIC specific registers
hw/arm_gic: Move NVIC specific reset to armv7m_nvic_reset
hw/arm_gic: Remove the special casing of NCPU for the NVIC
hw/arm_gic: Remove NVIC ifdefs from gic_state struct
arm_boot: Fix typos in comment
ARM: Exynos4210 IRQ: Introduce new IRQ gate functionality.
On the e500 series, accessing SPR_EPR magically turns into an access at
that CPU's IACK register on the MPIC. Implement that logic to get kernels
that make use of that feature work.
Signed-off-by: Alexander Graf <agraf@suse.de>
Recent u-boot has different defines for its gzip extract buffer, but the
common ground seems to be 64MB. So let's bump it up to that, enabling me
to load my test image again ;).
Signed-off-by: Alexander Graf <agraf@suse.de>
Device trees usually have a node /compatible, which indicate which machine
type we're looking at. For quick prototyping, it can be very useful to change
the contents of that node via the command line.
Thus, introduce a new option to -machine called dt_compatible, which when
set changes the /compatible contents to its value.
Signed-off-by: Alexander Graf <agraf@suse.de>
When generating serial port device tree nodes, we duplicate quite a bit
of code, because there are 2 of them in the mpc8544ds board we emulate.
Shove the generating code into a function, so we duplicate less code.
Signed-off-by: Alexander Graf <agraf@suse.de>
We want to be able to support >= 4GB of RAM. To do so, we need to be able
to tell the guest OS how much RAM it has.
However, that information today is capped to 32bit. So let's extend the
offset and size fields to 64bit, so we can fit in big addresses and even
one day - if we wish to do so - map devices above 32bit.
Signed-off-by: Alexander Graf <agraf@suse.de>
Every time we use an address constant, it needs to potentially fit into
a 64bit physical address space. So let's define things accordingly.
Signed-off-by: Alexander Graf <agraf@suse.de>
Due to popular demand, let's clean up the soc node a bit and use
more recent dt notions.
Requested-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Due to popular demand, we're updating the way we generate the MPIC
node and interrupt lines based on what the current state of art is.
Requested-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
We want to be able to override the automatically created device tree
by using the -dtb option. Implement this for the mpc8544ds machine.
Signed-off-by: Alexander Graf <agraf@suse.de>
We're passing the ram size as uint32_t, capping it to 32 bits atm.
Change to target_phys_addr_t (uint64_t) to make sure we have all
the bits.
Signed-off-by: Alexander Graf <agraf@suse.de>
We have a nice 64bit helper to ease the device tree generation and
make the code more readable when creating 64bit 2-cell parameters.
Use it when generating the device tree.
Signed-off-by: Alexander Graf <agraf@suse.de>
Now that we are dynamically creating the dtb, it's really useful to
be able to dump the created blob for debugging.
This patch implements a -machine dumpdtb=<file> option for e500 that
dumps the dtb exactly in the form the guest would get it to disk. It
can then be analyzed by dtc to get information about the guest
configuration.
Signed-off-by: Alexander Graf <agraf@suse.de>
Now that all of the device tree bits are generated during runtime, we
can get rid of the device tree blob and instead start from scratch with
an empty device tree.
Signed-off-by: Alexander Graf <agraf@suse.de>
Now that we're moving all of the device tree generation from an external
pre-execution generated blob to runtime generation using libfdt, we absolutely
must have libfdt around.
This requirement was there before already, as the only way to not require libfdt
with e500 was to not use -kernel, which was the only way to boot the mpc8544ds
machine. This patch only manifests said requirement in the build system.
Signed-off-by: Alexander Graf <agraf@suse.de>
This adds a qemu-specific hypervisor call to the pseries machine
which allows to do what amounts to memmove, memcpy and xor over
regions of physical memory such as the framebuffer.
This is the simplest way to get usable framebuffer speed from
SLOF since the framebuffer isn't mapped in the VRMA and so would
otherwise require an hcall per 8 bytes access.
The performance is still not great but usable, and can be improved
with a more complex implementation of the hcall itself if needed.
This also adds some documentation for the qemu-specific hypercalls
that we add to PAPR along with a new qemu,hypertas-functions property
that mirrors ibm,hypertas-functions and provides some discoverability
for the new calls.
Note: I chose note to advertise H_RTAS to the guest via that mechanism.
This is done on purpose, the guest uses the normal RTAS interfaces
provided by qemu (including SLOF) which internally calls H_RTAS.
We might in the future implement part (or even all) of RTAS inside the
guest like IBM's firmware does and replace H_RTAS with some finer grained
set of private hypercalls.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
We were incorrectly g_free'ing an object that isn't allocated
in one error path and failed to release it completely in another
This fixes qemu crashes with some cases of IO errors.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
The core tcg/kvm code for ppc64 now has at least the outline
capability to support pagesizes beyond the standard 4k and 16MB. The
CPUState is initialized with information advertising the available
pagesizes and their correct encodings, and under the right KVM setup
this will be populated with page sizes beyond the standard.
Obviously guests can't use the extra page sizes unless they know
they're present. For the pseries machine, at least, there is a
defined method for conveying exactly this information, the
"ibm-segment-page-sizes" property in the guest device tree.
This patch generates this property using the supported page size
information that's already in the CPUState.
Signed-off-by: Nishanth Aravamudan <nacc@us.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
The initial TLB entry is supposed to help us run the guest -kernel payload.
This means the guest needs to be able to access its own memory, the initrd
memory and the device tree.
So far we only statically reserved a TLB entry from [0;256M[. This patch
fixes it to span from [0;dt_end[, allowing the guest payload to access
everything initially.
Reported-by: Stuart Yoder <stuart.yoder@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Old size: 8 MB (traditional upstream qemu value).
New size: 16 MB (traditional qemu-kvm value).
Also adds compat properties so old machine types
keep the old default values.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
In preperation for supporting a larger framebuffer for multiple monitors
on a single card, add a property to qxl vgamem_size_mb, and corresponding
byte sized vgamem_size, and use instead of VGA_RAM_SIZE.
[ kraxel: simplify property handling, add sanity checks ]
[ kraxel: fix mode copying ]
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Zap the global VGA_RAM_SIZE #define, make the vga ram size configurable
for standard vga and vmware vga. cirrus and qxl are left with a fixed
size (and private VGA_RAM_SIZE #define) for now.
qxl needs some non-trivial adjustments in the mode list handling deal
with a runtime-configurable size, which calls for a separate qxl patch.
cirrus emulates cards which have 2 MB (isa) and 4 MB (pci), so I guess
it would make sense to use these sizes. That change would break
migration though, so I left it fixed at 8 MB size. Making it
configurabls is pretty pointless for cirrus as we have to match real
hardware.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The vgabios will check whenever any given video mode will fit into the
given video memory before adding it to the list of available modes, so
there is no need to keep xmax * ymax * 32bpp lower than VGA_RAM_SIZE.
Lets raise the limits a bit. Should be good for a few years, display
sizes are not growing that fast.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
soft_reset is called from any of:
* QXL_IO_RESET
* vga io
* pci reset handler
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested with linux guest. Not sure how to check actual performance affect
of this. Checked with the previously send traceevent that the kvm ioctl
to start/stop dirty logging is being called.
(KVM_SET_USER_MEMORY_REGION).
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Convert uses of FLOPPY_ERROR to either FLOPPY_DPRINTF
(for implemented cases) or to use LOG_UNIMP (unimplemented).
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
A more complete history can be found here:
git://xenbits.xensource.com/qemu-xen-unstable.git
Signed-off-by: Jiang Yunhong <yunhong.jiang@intel.com>
Signed-off-by: Shan Haitao <haitao.shan@intel.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
This patch move the msi definition from apic.c to apic-msidef.h. So it can be
used also by other .c files.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
A more complete history can be found here:
git://xenbits.xensource.com/qemu-xen-unstable.git
Signed-off-by: Allen Kay <allen.m.kay@intel.com>
Signed-off-by: Guy Zana <guy@neocleus.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
A more complete history can be found here:
git://xenbits.xensource.com/qemu-xen-unstable.git
Signed-off-by: Allen Kay <allen.m.kay@intel.com>
Signed-off-by: Guy Zana <guy@neocleus.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
This new property will be used to specify a host pci device address.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
The purpose is to have a more generic pci_for_each_device by passing an extra
argument to the function called on every device.
This patch will be used in a next patch.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
We are using this in our quirk lookup provided by patch
titled: Introduce Xen PCI Passthrough, PCI config space helpers.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
The timer was deadlocking when the interval was set too low. It would cause a
flood of timer events and the CPU would halt indefinately. This is a known issue
and theres a generic workaround in place in ptimer on ptimer_set_limit(),
however the Xilinx timer uses ptimer_set_count() instead of set_limit. Changed
the call to set_count() to an equivalent call of set_limit() instead, which
brings the workaround into play.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
The Xilinx timer does not interact with the qemu_timer API, so dont include it.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
In the next release of Xen (4.2), xs.h became deprecated.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Because xs.h will be remove in future release of Xen, this patch removes the
extra includes of this headers.
Also, it removes the extra includes of xenctrl.h and xen/io/xenbus.h as there
already are in xen_common.h.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
We update the QTAILQ in the loop, thus we must use the SAFE version
to make sure we don't touch the queue struct after freeing it.
https://bugzilla.novell.com/show_bug.cgi?id=766310
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
QEMU exposes its version to the guest's hardware and in some cases that is wrong
(e.g. Windows prints messages about driver updates when you switch
the QEMU version).
There is a new field now on the struct QEmuMachine, hw_version, which may
contain the version that the specific machine should report. If that field is
set, then that machine will report that version to the guest.
Signed-off-by: Crístian Viana <vianac@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch adds two things. First it allows QEMU to distinguish between
regular powerdown and S4 powerdown. Later separate QMP notification will
be added for S4 powerdown. Second it allows S3/S4 states to be disabled
from QEMU command line. Some guests known to be broken with regards to
power management, but allow to use it anyway. Using new properties
management will be able to disable S3/S4 for such guests.
Supported system state are passed to a firmware using new fw_cfg file.
The file contains 6 byte array. Each byte represents one system
state. If byte at offset X has its MSB set it means that system state
X is supported and to enter it guest should use the value from lowest 3
bits.
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
I think I understand enough of what's going on in these rules to ensure this is
right. But I could certainly use a second or third opinion...
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The DTB command line should only be overwritten if the user provides a command
line with -append. Otherwise whatever command line was in the DTB should stay
unchanged.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Change the timer clock frequency to 133MHz which is correct. the old 2.5MHz
value was for the pre-silicon emulation platform.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Use sizeof(rxbuf)-size (not sizeof(rxbuf-size)) as the number
of bytes to clear. The latter would always clear 4 or 8
bytes, possibly writing beyond the end of that stack buffer.
Alternatively, depending on the value of the "size" parameter,
it could fail to initialize the end of "rxbuf".
Spotted by coverity.
Signed-off-by: Jim Meyering <meyering@redhat.com>
Reviewed-by: Peter A.G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add a cast to a logging printf to avoid a compilation failure
if target_phys_addr_t is a 64 bit type. (This is better than
using TARGET_FMT_plx because we really don't need a full
16 digit hex string to print the offset into a device.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Remove the MEM_VERBOSE tracing option from omap.h. This worked by
intercepting cpu_register_io_memory() calls; it has been broken
since cpu_register_io_memory() was removed in favour of the
MemoryRegion API.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Rearrange the GIC and NVIC so both are straightforward
subclasses of a common class, rather than having the NVIC
source file textually include arm_gic.c.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Remove more NVIC ifdefs by moving the code to setup the CPU interface
memory regions into the GIC specific arm_gic_init() function rather
than the gic_init() function. Rename the latter to more closely
reflect what it's now actually doing.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Make the minor tweaks to interrupt numbering used by the NVIC
a runtime setting rather than a compile time one, so we can
drop more NVIC ifdefs.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The GIC spec says that the CPU target registers should RAZ/WI
for uniprocessor implementations. Implement this, which also
conveniently lets us drop an NVIC ifdef.
Annoyingly, the 11MPCore's GIC is the odd one out, since
it always has these registers, even in uniprocessor configs.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
GIC behaviour can be different between revision 1 and
2 of the architectural GIC specification; we also have
to handle the legacy 11MPCore GIC, which is different
again in some places. Introduce a qdev property so we
can behave appropriately.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Implement the NVIC specific register areas using a set of
overlaid MemoryRegions in a container, rather than by having
the arm_gic read/write functions use special purpose callbacks.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Move the NVIC specific bits of reset to the NVIC's own
reset function, rather than using ifdefs in the common
arm_gic reset.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Drop the special casing of NCPU=1 for the NVIC. This slightly
increases the amount of memory used by its state structure,
but removes some ifdeffery and means we can safely move the
GIC state into a common subclass structure.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Remove some NVIC ifdefs from the gic_state struct and its
state save/load functions. This means there are some fields
in it which are present for the NVIC but not used, but means
it always has the same layout and can be pulled out into a
common subclass.
Note that the addition of irq_target[] to the save/load
struct for the NVIC requires a vmstate version bump.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
mimicing -> mimicking
thei -> the
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
New IRQ gate consists of n_in input qdev gpio lines and one
output sysbus IRQ line. The output IRQ level is formed as OR
between all gpio inputs.
Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* afaerber-or/qom-next-2: (22 commits)
qom: Push error reporting to object_property_find()
qdev: Remove qdev_prop_exists()
qbus: Initialize in standard way
qbus: Make child devices links
qdev: Connect busses with their parent devices
qdev: Convert busses to QEMU Object Model
qdev: Move SysBus initialization to sysbus.c
qdev: Use wrapper for qdev_get_path
qdev: Remove qdev_prop_set_defaults
qdev: Clean up global properties
qdev: Move bus properties to abstract superclasses
qdev: Move bus properties to a separate global
qdev: Push "type" property up to Object
arm_l2x0: Rename "type" property to "cache-type"
m48t59: Rename "type" property to "model"
qom: Assert that public types have a non-NULL parent field
qom: Drop type_register_static_alias() macro
qom: Make Object a type
qom: Add class_base_init
qom: Add object_child_foreach()
...
* qmp/queue/qmp:
build: install qmp-commands.txt
Add rate limiting of RTC_CHANGE, BALLOON_CHANGE & WATCHDOG events
Add event notification for guest balloon changes
Fix some more license versions (GPL2+ instead of GPL2)
monitor: Fix memory leak with readline completion
qmp: do not include monitor.h from qapi-types-core.h
qmp: include monitor.h when needed
kvm: add missing include files
* kwolf/for-anthony: (39 commits)
qemu-iotests: add 036 autoclear feature bit test
qemu-iotests: add qcow2.py set-feature-bit command
fdc-test: introduced qtest read_without_media
fdc: fix implied seek while there is no media in drive
qcow2: fix autoclear image header update
xen: Don't peek behind the BlockDriverState abstraction
xen: Don't change -drive if=xen device name during machine init
block: Replace bdrv_get_format() by bdrv_get_format_name()
qemu-img: document qed format on qemu-img man page
qemu-iotests: COW with many AIO requests on the same cluster
qemu-iotests: Some backing file COW tests
qcow2: Fix avail_sectors in cluster allocation code
qcow2: Simplify calculation for COW area at the end
qcow2: always operate caches in writeback mode
ide: support enable/disable write cache
block: always open drivers in writeback mode
block: add bdrv_set_enable_write_cache
block: copy enable_write_cache in bdrv_append
savevm: flush after saving vm state
block: flush in writethrough mode after writes
...
* mst/tags/for_anthony:
pci_bridge_dev: fix error path in pci_bridge_dev_initfn()
qdev: release parent properties on dc->init failure
msi: Use msi/msix_present more consistently
msi: Invoke msi/msix_write_config from PCI core
msi: Guard msi/msix_write_config with msi_present
msi: Invoke msi/msix_reset from PCI core
msi: Guard msi_reset with msi_present
ahci: Clean up reset functions
intel-hda: Fix reset of MSI function
ahci: Fix reset of MSI function
rtl8139: honor RxOverflow flag in can_receive method
shpc: unparent device before free
Some of the virtio devices have the same frontend name, but actually
implement different devices behind the scenes through aliases.
The indicator which device type to use is the architecture. On s390, we
want s390 virtio devices. On everything else, we want PCI devices.
Reflect this in the alias selection code. This way we fix commands like
-device virtio-blk on s390x which with this patch applied select the
correct virtio-blk-s390 device rather than virtio-blk-pci.
Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Avoids duplicated error_set().
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[AF: Also drop error_set() in object_property_del().]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Can be replaced everywhere with object_property_find().
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Move code to an initfn and finalizer.
Replace do_qbus_create_inplace() with qbus_realize().
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Make qbus children show up as link<> properties. There is no stable
addressing for qbus children so we use an unstable naming convention.
This is okay in QOM though because the composition name is expected to
be what's stable.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This makes SysBus part of the root hierarchy and all busses children of
their respective parent DeviceState.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This is far less interesting than it sounds. We simply add an Object to each
BusState and then register the types appropriately. Most of the interesting
refactoring will follow in the next patches.
Since we're changing fundamental type names (BusInfo -> BusClass), it all needs
to convert at once. Fortunately, not a lot of code is affected.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[AF: Made all new bus TypeInfos static const.]
[AF: Made qbus_free() call object_delete(), required {qom,glib}_allocated]
Signed-off-by: Andreas Färber <afaerber@suse.de>
TYPE_SYSTEM_BUS will be local to hw/sysbus.c, so move existing references
to main_system_bus and system_bus_info there.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This makes it easier to remove it from BusInfo.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[AF: Drop now unnecessary NULL initialization in scsibus_get_dev_path()]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Instead, qdev_property_add_static can set the default.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Now that global properties do not depend on buses anymore, set
them directly in the device instance_init function.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
In qdev, each bus in practice identified an abstract superclass, but
this was mostly hidden. In QOM, instead, these abstract classes are
explicit so we can move bus properties there.
All bus property walks are removed, and all device property walks
are changed to look along the class hierarchy instead.
We would have duplicates if class A defines some properties and its
subclass B does not define any, because class_b->props will be
left equal to class_a->props.
The solution here is to reintroduce the class_base_init TypeInfo
callback, that was present in one of the early QOM versions but
removed (on my request...) before committing.
This breaks global bus properties, an obscure feature when used
with the command-line which is actually useful and used when used by
backwards-compatible machine types. So this patch also adjusts the
global bus properties in hw/pc_piix.c to refer to the abstract class.
Globals and other properties must be modified in the same patch to
avoid complications related to initialization ordering.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Simple code movement in order to simplify future refactoring.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Now that Object is a type, add an instance_init function and push
the "type" property from qdev to there.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Resolves a name conflict with the qdev "type" property that is about to
be moved to Object.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
This resolves a name conflict with the qdev "type" property that is
about to move into Object.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[AF: Add braces missing in original code.]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Finally, complete the fully specified interface. msix_add_config()
gets folded into msix_init() because we now have quite a few parameters
to pass and rolling it in let's us error earlier, avoiding the ugly
unwind exit path. msix_mmio_setup() also gets rolled in, just because
it's redundant to rediscover offsets when we already have them for
such a tiny function.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
These don't have to be contiguous. Size them to only what
they need and use separate MemoryRegions for the vector
table and PBA.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
MSIX, like PCI, is little endian. Specifying native is wrong here,
but we need to check the rest of the file to determine if it's
as simple as flipping this macro.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
What's this doing so far from msix_mmio_ops?
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Trivial conversion, failed to have an uninit before and after.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
msi_init() takes over a BAR without really specifying or allowing
specification of how it does so. Instead, let's split it into
two interfaces, one fully specified, and one trivially easy. This
implements the latter. msix_init_exclusive_bar() takes over
allocating and filling a PCI BAR _exclusively_ for the use of MSIX.
When used, the matching msi_uninit_exclusive_bar() should be used
to tear it down.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
msix.h calls the PCIDevice * parameter "dev" almost everywhere except
the msix_write_config declaration. Fix the inconsistency.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
No user in sight for msix_bar_size.
bar_size for all users is aligned, let's simply
require this instead of trying to fix up invalid input.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
After setting a balloon target value, applications have to
continually poll 'query-balloon' to determine whether the
guest has reacted to this request. The virtio-balloon backend
knows exactly when the guest has reacted though, and thus it
is possible to emit a JSON event to tell the mgmt application
whenever the guest balloon changes.
This introduces a new 'qemu_balloon_changed()' API which is
to be called by balloon driver backends, whenever they have
a change in balloon value. This takes the 'actual' balloon
value, as would be found in the BalloonInfo struct.
The qemu_balloon_change API emits a JSON monitor event which
looks like:
{"timestamp": {"seconds": 1337162462, "microseconds": 814521},
"event": "BALLOON_CHANGE", "data": {"actual": 944766976}}
* balloon.c, balloon.h: Introduce qemu_balloon_changed() for
emitting balloon change events on the monitor
* hw/virtio-balloon.c: Invoke qemu_balloon_changed() whenever
the guest changes the balloon actual value
* monitor.c, monitor.h: Define QEVENT_BALLOON_CHANGE
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Acked-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
The Windows uses 'READ' command at the start of an instalation
without checking the 'dir' register. We have to abort the transfer
with an abnormal termination if there is no media in the drive.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
First offender is xen_config_dev_blk()'s use of disk->bdrv->filename.
Get the filename from disk->opts instead. Same result, except for
snapshots: there, we now get the filename specified by the user
instead of the name of the temporary image created by bdrv_open().
Should be an improvement.
Second offender is blk_init()'s use of blkdev->bs->drv->format_name.
Simply use the appropriate interface to get the format name.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
A "top" BlockDriverState has a non-empty device_name. If the user
doesn't specify one with -drive parameter id, the system supplies a
default name.
xen_config_dev_blk() changes this name, during machine initialization.
Naughty. Don't do that.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Enabling or disabling the write cache is done with the SET FEATURES
command. The command can be issued with sg_sat_set_features from
sg3-utils.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Use the appropriate interface instead.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This should fix the following build failure:
/home/buildbot/slave-public/block_mingw32/build/hw/xtensa_lx60.c: In function 'lx_init':
/home/buildbot/slave-public/block_mingw32/build/hw/xtensa_lx60.c:212: warning: implicit declaration of function 'drive_get'
/home/buildbot/slave-public/block_mingw32/build/hw/xtensa_lx60.c:212: warning: nested extern declaration of 'drive_get'
/home/buildbot/slave-public/block_mingw32/build/hw/xtensa_lx60.c:212: error: 'IF_PFLASH' undeclared (first use in this function)
/home/buildbot/slave-public/block_mingw32/build/hw/xtensa_lx60.c:212: error: (Each undeclared identifier is reported only once
/home/buildbot/slave-public/block_mingw32/build/hw/xtensa_lx60.c:212: error: for each function it appears in.)
/home/buildbot/slave-public/block_mingw32/build/hw/xtensa_lx60.c:216: error: dereferencing pointer to incomplete type
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Changed device name to xlnx,axi-dma. This is the exact name of the device in the
Xilinx EDK development tools.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Changed device name to xlnx,axi-ethernet. This is the exact name of the
device in the xilinx EDK development tools.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Even though the xilinx tools do have C_ on all params by default, drop this
for consistency with all the other xilinx IP (I.E. param names are the xilinx
names without the C_ prefix)
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Changed device name to xlnx,xps-ethernetlite. This is the exact name of the
device in the xilinx EDK development tools.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Changed "txpingpong" prop to "tx-ping-pong". Same for rx. This is done to
make the property name exactly match what is output by the xilinx tools for
this IP.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Changed device name to xlnx,xps-intc. This is the exact name of the device
in the xilinx EDK development tools.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Changed device name to xlnx,xps-timer. This is the exact name of the device
in the xilinx EDK development tools.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
The configurable property for this IP in the Xilinx tools is a boolean switch
"one-timer-only" that flicks this timer from being dual channel to single.
Updated QEMU to work the same way for better match with the IP core and its TRM.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Added a reasonable default frequency for the xilinx timer (the 62MHz from
s3adsp machine model).
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Changed device name to xlnx,xps-uartlite. This is the exact name of the device
in the xilinx EDK development tools.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
The axidma irq orders are reversed in both the device model and the instantion.
Undid both reversal (for no net change). Also needs to be reversed for
consistency with Xilinx tools IRQ listing.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Speeds up the build.
xilinx_ethlite uses tswap32() and is thus target-dependent.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Currently, we do not properly cleanup, if pci_bridge_dev_initfn
fails to initialize properly. Make sure to call pci_bridge_exitfn()
in the error path.
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
While looking into hot-plugging bridges, I can create a qemu segfault via:
$ device_add pci-bridge
Bridge chassis not specified. Each bridge is required to be assigned a unique chassis id > 0.
**
ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0)
I'm proposing to fix this by adding a call to 'object_unparent()', before the
call to qdev_free(). I see there is already a precedent for this usage pattern as
seen in qdev_simple_unplug_cb():
/* can be used as ->unplug() callback for the simple cases */
int qdev_simple_unplug_cb(DeviceState *dev)
{
/* just zap it */
object_unparent(OBJECT(dev));
qdev_free(dev);
return 0;
}
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
qemu_iovec_concat() is currently a wrapper for
qemu_iovec_copy(), use the former (with extra
"0" arg) in a few places where it is used.
Change skip argument of qemu_iovec_copy() from
uint64_t to size_t, since size of qiov itself
is size_t, so there's no way to skip larger
sizes. Rename it to soffset, to make it clear
that the offset is applied to src.
Also change the only usage of uint64_t in
hw/9pfs/virtio-9p.c, in v9fs_init_qiov_from_pdu() -
all callers of it actually uses size_t too,
not uint64_t.
One added restriction: as for all other iovec-related
functions, soffset must point inside src.
Order of argumens is already good:
qemu_iovec_memset(QEMUIOVector *qiov, size_t offset,
int c, size_t bytes)
vs:
qemu_iovec_concat(QEMUIOVector *dst,
QEMUIOVector *src,
size_t soffset, size_t sbytes)
(note soffset is after _src_ not dst, since it applies to src;
for memset it applies to qiov).
Note that in many places where this function is used,
the previous call is qemu_iovec_reset(), which means
many callers actually want copy (replacing dst content),
not concat. So we may want to add a wrapper like
qemu_iovec_copy() with the same arguments but which
calls qemu_iovec_reset() before _concat().
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
* afaerber-or/qom-cpu-3a: (27 commits)
target-s390x: Pass S390CPU to s390_cpu_restart()
s390-virtio: Let s390_cpu_addr2state() return S390CPU
s390-virtio: Use cpu_s390x_init() to obtain S390CPU
target-s390x: Let cpu_s390x_init() return S390CPU
xen_machine_pv: Use cpu_x86_init() to obtain X86CPU
arm_pic: Pass ARMCPU to arm_pic_init_cpu()
arm_boot: Pass ARMCPU to arm_load_kernel()
xilinx_zynq: Use cpu_arm_init() to obtain ARMCPU
pxa2xx_gpio: Store ARMCPU in PXA2xxGPIOInfo
pxa2xx_pic: Store ARMCPU in PXA2xxPICState
pxa2xx: Pass ARMCPU to pxa2xx_pic_init()
exynos4210: Use cpu_arm_init() to store ARMCPU
vexpress: Use cpu_arm_init() to obtain ARMCPU
realview: Use cpu_arm_init() to obtain ARMCPU
arm_boot: Pass ARMCPU to arm_boot_info::secondary_cpu_reset_hook()
arm_boot: Pass ARMCPU to arm_boot_info::write_secondary_boot()
versatilepb: Use cpu_arm_init() to obtain ARMCPU
musicpal: Use cpu_arm_init() to obtain ARMCPU
integratorcp: Use cpu_arm_init() to obtain ARMCPU
strongarm: Use cpu_arm_init() to store ARMCPU in StrongARMState
...
* afaerber-or/qom-next-1:
target-i386: Use uint32 visitor for [x]level properties
qdev: Remove PropertyInfo range checking
qdev: Switch property accessors to fixed-width visitor interfaces
qdev: Use int32_t container for devfn property
qapi: Add String visitor coverage to serialization unit tests
qapi: String visitor, use %f representation for floats
qapi: Unit tests for visitor-based serialization
qapi: Add Visitor interfaces for uint*_t and int*_t
Due to a offset between the clock used to generate the in-kernel
count_load_time (CLOCK_MONOTONIC) and the clock used for processing this
in userspace (vm_clock), reading back the output of PIT channel 2 via
port 0x61 was broken. One use cases that suffered from it was the CPU
frequency calibration of SeaBIOS, which also affected IDE/AHCI timeouts.
This fixes it by calibrating the offset between both clocks on
kvm_pit_get and adjusting the kernel value before saving it in the
userspace state. As the calibration only works while the vm_clock is
running, we cache the in-kernel state across stopped phases.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Legacy (non-pvops) gntdev drivers may require this to be done when the
number of grants intended to be used simultaneously exceeds a certain
driver specific default limit.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
kvm_put_apic_state's attempt to clear *kapic before setting its
bits cleared sizeof(void*) bytes (no more than 8) rather than the
intended 1024 (KVM_APIC_REG_SIZE) bytes. Spotted by coverity.
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Needed for moving halted field to CPUState.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Tested-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Pass it through to arm_pic_cpu_handler().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Igor Mitsyanko <i.mitsyanko@samsung.com> (for exynos)
In particular this simplifies the &s->mpu->cpu->env expression again.
first_cpu and ->next_cpu are expected to be QOM'ified later.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Igor Mitsyanko <i.mitsyanko@samsung.com> (for exynos)
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Prepares for moving halted field into CPUState.
Add missing braces.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Prepares for moving halted field to CPUState.
Add missing braces.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Cleans up after storing ARMCPU in PXA2xxState.
Prepares for storing ARMCPU in PXA2xxPICState.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Needed for arm_pic_init_cpu().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Adapt exynos4210 and highbank accordingly.
The parameter itself is unused.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Igor Mitsyanko <i.mitsyanko@samsung.com> (for exynos)
omap_mpu_state_s::env was renamed to cpu while changing its type.
With n800_s::cpu of type omap_mpu_state_s* this leads to s->cpu->cpu.
Rename the field to "mpu" to avoid this ugliness.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
The file is located in target-ppc/, not hw/.
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Anthony Liguori <anthony@codemonkey.ws>
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Range checking in PropertyInfo is now used only for pci_devfn
properties and some error reporting. Remove all code that implements
it in the various property types, and the now unused fields.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[AF: Fix blocksize min/max for 32-bit hosts by using const int64_t.]
Signed-off-by: Andreas Färber <afaerber@suse.de>
This introduces {get,set}_uint{8,16,32,64}() functions for the
respective qdev types.
TADDR and VLAN are switched to explicit int64, BLOCKSIZE to uint16.
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Valid range for devfn is -1 to 255 (-1 for automatic assignment). We do
not currently validate this due to devfn being stored as a uint32_t.
This can lead to segfaults and other strange behavior.
We could technically just cast it to int32_t to implement the checking,
but this will not work for visitor-based setting where we may do additional
bounds-checking based on target container type, which is int32_t for this
case.
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This adds visitor interfaces for fixed-width integers types.
Implementing these in visitors is optional, otherwise we fall back to
visit_type_int() (int64_t) with some additional bounds checking to avoid
integer overflows for cases where the value fetched exceeds the bounds
of our target C type.
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[LE: exclude negative values in uint*_t Visitor interfaces]
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
[AF: Merged fix by Laszlo]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reorder arguments to be more natural, readable and
consistent with other iov_* functions, and change
argument names, from:
iov_from_buf(iov, iov_cnt, buf, iov_off, size)
to
iov_from_buf(iov, iov_cnt, offset, buf, bytes)
The result becomes natural English:
copy data to this `iov' vector with `iov_cnt'
elements starting at byte offset `offset'
from memory buffer `buf', processing `bytes'
bytes max.
(Try to read the original prototype this way).
Also change iov_clear() to more general iov_memset()
(it uses memset() internally anyway).
While at it, add comments to the header file
describing what the routines actually does.
The patch only renames argumens in the header, but
keeps old names in the implementation. The next
patch will touch actual code to match.
Now, it might look wrong to pay so much attention
to so small things. But we've so many badly designed
interfaces already so the whole thing becomes rather
confusing or error prone. One example of this is
previous commit and small discussion which emerged
from it, with an outcome that the utility functions
like these aren't well-understdandable, leading to
strange usage cases. That's why I paid quite some
attention to this set of functions and a few
others in subsequent patches.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Original code has one thing to process (cur_len), requests to
convert from iovec to buf another thing (len which is actually max_len),
and processes something else (copied). Whole thing is very difficult
to understand, even if it does a right thing. The iov_to_buf()
conversion in this case will always return cur_len, because it is
the length of the iovec it was asked to process, and the size we
asked to convert is the same or larger, and iov_to_buf() will stop
at reaching either iov or buf.
Make the code saner by doing the only sane thing: dropping `copied'
which is always the same as `cur_len' but just introduces questions.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Also this functions is better invoked by the core than by each and every
device. This allows to drop the config_write callbacks from ich and
intel-hda.
CC: Alexander Graf <agraf@suse.de>
CC: Gerd Hoffmann <kraxel@redhat.com>
CC: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Terminate msi/msix_write_config early if support is not enabled. This
allows to remove checks at the caller site if MSI is optional.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
There is no point in pushing this burden to the devices, they tend to
forget to call them (like intel-hda, ahci, xhci did). Instead, reset
functions are now called from pci_device_reset. They do nothing if
MSI/MSI-X is not in use.
CC: Alexander Graf <agraf@suse.de>
CC: Gerd Hoffmann <kraxel@redhat.com>
CC: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Properly register reset functions via the device class.
CC: Alexander Graf <agraf@suse.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Call msi_reset on device reset as still required by the core.
CC: Gerd Hoffmann <kraxel@redhat.com>
CC: qemu-stable@nongnu.org
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Call msi_reset on device reset as still required by the core.
CC: Alexander Graf <agraf@suse.de>
CC: qemu-stable@nongnu.org
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Some drivers (Linux' 8139too among them) rely on the NIC
injecting an interrupt in the event of a receive buffer overflow
and, accordingly, set the RxOverflow bit in the interrupt
mask. Unfortunately rtl8139's can_receive method ignores the
RxOverflow flag, which may lead to a situation where rtl8139
stops receiving packets (can_receive returns 0) when the receive
buffer becomes full.
If the driver eventually read from the receive buffer or reset
the card the emulator could recover from this situation. However
some implementations only do this upon receiving an interrupt
with either RxOK or RxOverflow set in the ISR; interrupt that
will never come because QEMU's flow control mechanisms would
prevent rtl8139 from receiving any packet.
Letting packets go through when the overflow interrupt is enabled
makes the QEMU emulator compliant to the spec and solves the
problem.
This patch should fix a relatively common (in our experience)
network stall observed when running enterprise distros with
rtl8139 as the NIC; in some cases the 8139too device driver gets
loaded and when under heavy load the network eventually stops
working.
Reported-by: Hayato Kakuta <kakuta.hayato@oss.ntt.co.jp>
Tested-by: Hayato Kakuta <kakuta.hayato@oss.ntt.co.jp>
Acked-by: Igor Kovalenko <igor.v.kovalenko@gmail.com>
Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Move the framecount check out of the loop and use the new
ehci_update_frindex function to skip frames if needed.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Adapt the frame timer sleeps according to the actual needs. With the
periodic schedule being active we'll have to wakeup 1000 times per
second and go check for work. In case only the async schedule is active
we can be more lazy though. When idle ehci will increate the sleep time
step by step, so qemu has to wake up less frequently. When we'll see
transactions on the bus or the guest fiddles with the schedule
enable/disable bits we'll return to a 1000 Hz wakeup rate and full
speed. With both schedules disabled we stop wakeups altogether.
This patch also drops the freq property (configures wakeup rate
manually) which is obsoleted by this patch.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When the enable bits for controller / async schedule / periodic schedule
change just make sure we kick the frame timer and let
ehci_advance_periodic_state and ehci_advance_async_state handle the
controller state changes.
This will make ehci set USBSTS_HALT when the controller shutdown is
actually done, once both schedules are in inactive state and the
USBSTS_PSS and USBSTS_ASS bits are clear.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Update the status register in the ehci_set_state function, to make sure
the guest-visible register is in sync with our internal schedule state.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add helper functions to query whenever the async / periodic schedule
is enabled or not. Put them into use too.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Check for the reset bit first when processing USBCMD register writes.
Also break out of the switch, there is no need to check the other bits.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When a packet completes which happens to be part of the async schedule
kick the async bottom half for processing,
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Keep track whenever a EHCIQueue is part of the async or periodic
schedule. This way we don't have to pass around the async flag
everywhere but can look it up from the EHCIQueue struct when needed.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add packet queuing. Follow the qTD chain to see if there are more
packets we can submit. Improves performance on larger transfers,
especially with usb-host, as we don't have to wait for a packet to
finish before sending the next one to the host for processing.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Keep a USBDevice pointer in EHCIQueue so we don't have to lookup the
device on each usb packet submission.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This way it is possible to use ehci_execute to submit others than the
first EHCIPacket of the EHCIQueue.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add a separate EHCIPacket struct and move fields over from EHCIQueue.
Preparing for supporting multiple packets per queue being in flight at
the same time. No functional changes yet.
Fix some codestyle issues along the way.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Properly register reset function via the device class.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Repace the running buffer pointer (scsi_buf) with a buffer offset
field (scsi_off). The later is alot easier to live-migrate.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Factor out packet completion to a separate function which
cares to get the MSDState->packet update right.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
usb-storage can't handle requests in one go as the data transfer can be
splitted into lots of usb packets. Because of that there can be
normal in-flight requests at savevm time and we need to handle that.
With other scsi hba's this happens only in case i/o is stopped due to
errors and there are pending requests which need to be restarted
(req->retry = true).
So, first we need to save req->retry and then handle the req->retry =
false case. Write requests are handled fine already. For read requests
we have to save the buffer as we will not restart the request (and thus
not refill the buffer) on the target host.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The multifunction ich9 ehci controller with uhci companions uses a
different interrupt pin for each function. The three uhci devices
get pins A, B and C, whereas ehci uses pin D. This way the guest
can assign different IRQ lines to each controller.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Cancel transactions before saving vmstate is pretty pointless and just
causes disruptions. We need to cancel them before *loading* vmstate,
but in that case uhci_reset() handles it already and no special action
is needed.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add a property for the uhci bandwidth. Can be used to make uhci
emulation run faster than real hardware.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Schedule bottom half on completion of async packets instead of calling
uhci_process_frame directly. This way we run uhci_process_frame only
once in case multiple packets finish in a row. Also check whenever
there is bandwidth left before scheduling uhci_process_frame.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
uhci_process_frame() can be invoked multiple times per frame, so
accounting usb bandwith in a local variable doesn't fly, use a variable
in UHCIState instead. Also check the limit more frequently.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This completes the move to nested Makefiles for virtio and a few
other files that were not part of obj-TARGET-y, but still were
compiled separately for each target.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
After this patch, the libhw* directories will have a hierarchy
that mimics the source tree. This is useful because we do have
a couple of files there that are in the top source directory.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch starts converting the hw/ directory. Some files in hw/
are compiled once, some twice (32-/64-bit), some once per target.
Each category is moved in a separate patch.
After this patch, the files that are compiled once will show the
same hierarchy in the build tree as they do in the source tree,
for example hw/qdev.o instead of just qdev.o.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* qmp/queue/qmp: (29 commits)
Add 'query-events' command to QMP to query async events
qapi: convert netdev_del
qapi: convert netdev_add
net: net_client_init(): use error_set()
net: purge the monitor object from all init functions
qemu-config: introduce qemu_find_opts_err()
qemu-config: find_list(): use error_set()
qerror: introduce QERR_INVALID_OPTION_GROUP
qemu-option: qemu_opts_from_qdict(): use error_set()
qemu-option: introduce qemu_opt_set_err()
qemu-option: opt_set(): use error_set()
qemu-option: qemu_opts_validate(): use error_set()
qemu-option: qemu_opt_parse(): use error_set()
qemu-option: parse_option_size(): use error_set()
qemu-option: parse_option_bool(): use error_set()
qemu-option: parse_option_number(): use error_set()
qemu-option: qemu_opts_create(): use error_set()
introduce a new monitor command 'dump-guest-memory' to dump guest's memory
make gdb_id() generally avialable and rename it to cpu_index()
target-i386: Add API to get note's size
...
* afaerber-or/qom-cpu-3: (74 commits)
Kill off cpu_state_reset()
linux-user: Use cpu_reset() after cpu_init() / cpu_copy()
bsd-user: Use cpu_reset() in after cpu_init()
leon3: Store SPARCCPU in ResetData
leon3: Use cpu_sparc_init() to obtain SPARCCPU
sun4u: Store SPARCCPU in ResetData
sun4u: Let cpu_devinit() return SPARCCPU
sun4u: Use cpu_sparc_init() to obtain SPARCCPU
sun4m: Pass SPARCCPU to {main,secondary}_cpu_reset()
sun4m: Use cpu_sparc_init() to obtain SPARCCPU
target-sparc: Let cpu_sparc_init() return SPARCCPU
cpu-exec: Use cpu_reset() in cpu_exec() for TARGET_PPC
virtex_ml507: Pass PowerPCCPU to main_cpu_reset()
virtex_ml507: Let ppc440_init_xilinx() return PowerPCCPU
virtex_ml507: Use cpu_ppc_init() to obtain PowerPCCPU
ppc_prep: Pass PowerPCCPU to ppc_prep_reset()
ppc_prep: Use cpu_ppc_init() to obtain PowerPCCPU
ppc_oldworld: Pass PowerPCCPU to ppc_heathrow_reset()
ppc_oldworld: Use cpu_ppc_init() to obtain PowerPCCPU
ppc_newworld: Pass PowerPCCPU to ppc_core99_reset()
...
Allows us to use cpu_reset() in place of cpu_state_reset() in
main_cpu_reset().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Blue Swirl <blauwirbel@gmail.com>
We can now use cpu_reset() in place of cpu_state_reset() in
main_cpu_reset().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Blue Swirl <blauwirbel@gmail.com>
Adapt e500 mpc8544ds machine accordingly.
Turn cpu_init() into a static inline function returning CPUPPCState for
backwards compatibility.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Alexander Graf <agraf@suse.de>
Allows us to use cpu_reset() in place of cpu_state_reset().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Hervé Poussineau <hpoussin@reactos.org>
Allows us to use cpu_reset() in place of cpu_state_reset().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Needed for pc_cpu_reset().
Also change return type to X86CPU.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Allows us to use cpu_reset() in place of cpu_state_reset() in
main_cpu_reset().
Also pass it through to its reset callbacks, while at it.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Allows us to use cpu_reset() in place of cpu_state_reset().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Allows us to use cpu_reset() in place of cpu_state_reset().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Allows us to use cpu_reset() in place of cpu_state_reset().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Allows us to use cpu_reset() in place of cpu_state_reset().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Allows us to use cpu_reset() in place of cpu_state_reset() in
main_cpu_reset().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael Walle <michael@walle.cc>
Allows us to use cpu_reset() in place of cpu_state_reset() in
main_cpu_reset().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael Walle <michael@walle.cc>
Allows us to use cpu_reset() in place of cpu_state_reset().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Allows us to use cpu_reset() in place of cpu_state_reset().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Fix tab indentations of comments, add braces, use cpu_reset().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Also use cpu_reset() in place of cpu_state_reset().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Callers are changed to use qerror_report_err() to keep their QError
semantics.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-By: Laszlo Ersek <lersek@redhat.com>
The only backend that really uses it is the socket one, which calls
monitor_get_fd(). But it can use 'cur_mon' instead.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-By: Laszlo Ersek <lersek@redhat.com>
This commit converts qemu_opts_create() from qerror_report() to
error_set().
Currently, most calls to qemu_opts_create() can't fail, so most
callers don't need any changes.
The two cases where code checks for qemu_opts_create() erros are:
1. Initialization code in vl.c. All of them print their own
error messages directly to stderr, no need to pass the Error
object
2. The functions opts_parse(), qemu_opts_from_qdict() and
qemu_chr_parse_compat() make use of the error information and
they can be called from HMP or QMP. In this case, to allow for
incremental conversion, we propagate the error up using
qerror_report_err(), which keeps the QError semantics
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-By: Laszlo Ersek <lersek@redhat.com>
This reverts commit ff71f2e8ca. This is because
the linux 8139cp driver would leave the card in "Config Register Write Enable"
mode after the eeprom were read or write ( which is unexpected in the spec
). Also a physical 8139 card can still DMA into host memory in modes other than
Normal mode, so we need revert this commit to align with the behavior of
physical card.
The issue of 8139cp driver should be fixed in linux seperately.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* qemu-kvm/uq/master:
virtio/vhost: Add support for KVM in-kernel MSI injection
msix: Add msix_nr_vectors_allocated
kvm: Enable use of kvm_irqchip_in_kernel in hwlib code
kvm: Introduce kvm_irqchip_add/remove_irqfd
kvm: Make kvm_irqchip_commit_routes an internal service
kvm: Publicize kvm_irqchip_release_virq
kvm: Introduce kvm_irqchip_add_msi_route
kvm: Rename kvm_irqchip_add_route to kvm_irqchip_add_irq_route
msix: Introduce vector notifiers
msix: Invoke msix_handle_mask_update on msix_mask_all
msix: Factor out msix_get_message
kvm: update vmxcap for EPT A/D, INVPCID, RDRAND, VMFUNC
kvm: Enable in-kernel irqchip support by default
kvm: Add support for direct MSI injections
kvm: Update kernel headers
kvm: x86: Wire up MSI support for in-kernel irqchip
pc: Enable MSI support at APIC level
kvm: Introduce basic MSI support for in-kernel irqchips
Introduce MSIMessage structure
kvm: Refactor KVMState::max_gsi to gsi_count
As in the SATA and AHCI specifications, a FIS is 5 Dwords of 4 bytes
each, which comes to 20 bytes (decimal), not 0x20.
Signed-off-by: Daniel Verkamp <daniel@drv.nu>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Currently the sector value for the geometry is masked, even if the
user usesa command line parameter that explicitely gives a number.
This breaks dasd devices on s390. A dasd device can have
a physical block size of 4096 (== same for logical block size)
and a typcial geometry of 15 heads and 12 sectors per cyl.
The ibm partition detection relies on a correct geometry
reported by the device. Unfortunately the current code changes
12 to 8. This would be necessary if the total size is
not a multiple of logical sector size, but for dasd this
is not the case.
This patch checks the device size and only applies sector
mask if necessary.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
CC: Christoph Hellwig <hch@lst.de>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The local variables ret, i are only used if __linux__ is defined.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Start VM with 8 multiple-function block devs, hot-removing
those block devs by 'device_del ...' would cause qemu abort.
| (qemu) device_del virti0-0-0
| (qemu) **
|ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0)
It's a regression introduced by commit 57c9fafe
The whole PCI slot should be removed once. Currently only one func
is cleaned in pci_unplug_device(), if you try to remove a single
func by monitor cmd.
free_qdev() are called for all functions in slot,
but unparent_delete() is only called for one
function.
Signed-off-by: XXXX
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The previous multiboot load code did not treat the case where
load_end_addr was 0 specially. The multiboot specification says the
following:
* load_end_addr
Contains the physical address of the end of the data segment.
(load_end_addr - load_addr) specifies how much data to load. This
implies that the text and data segments must be consecutive in the
OS image; this is true for existing a.out executable formats. If
this field is zero, the boot loader assumes that the text and data
segments occupy the whole OS image file.
Signed-off-by: Scott Moser <smoser@ubuntu.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
With pc-0.12, we map the video RAM both through the PCI BAR (the guest does
this) and through a fixed mapping at 0xe0000000. The memory API doesn't allow
this double map, and aborts.
Fix by using an alias.
Reported-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* sstabellini/for_1.1_rc3:
Call xc_domain_shutdown with the reboot flag when the guest requests a reboot.
xen: Fix PV-on-HVM
xen_disk: properly update stats in ioreq_release()
xen_disk: use bdrv_aio_flush instead of bdrv_flush
xen_disk: remove syncwrite option
xen: disable rtc_clock
xen: do not initialize the interval timer and PCSPK emulator
* kwolf/for-anthony:
fdc-test: introduced qtest no_media_on_start and cmos qtest for floppy
fdc: fix media detection
fdc: floppy drive should be visible after start without media
qemu-iotests: mark 035 qcow2-only
qcow2: Check qcow2_alloc_clusters_at() return value
sheepdog: use heap instead of stack for BDRVSheepdogState
sheepdog: return -errno on error
sheepdog: mark image as snapshot when tag is specified
qemu-img: Explain how rebase operation can be used to perform a 'diff' operation.
qcow2: don't leak buffer for unexpected qcow_version in header
We have to set up 'media_changed' after guest start so floppy driver
could detect that there is no media in drive. For this purpose we call
'fdctrl_change_cb' instead of 'fd_revalidate' in 'fdctrl_connect_drives'.
'fd_revalidate' is called inside 'fdctrl_change_cb'.
We still have to set default drive geometry in 'fd_revalidate' even
if there is no media in drive. When you try to open (windows) or mount (linux)
floppy the driver tries to seek on track 1. Linux guest stuck in loop then
kernel crashes and windows guest prints error message.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
If you start guest with floppy drive but without media inserted, guest
still should see floppy drive pressent.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
When DEBUG_ES1370 is defined, the compiler shows these warnings:
hw/es1370.c: In function ?es1370_update_voices?:
hw/es1370.c:414: warning: format ?%d? expects type ?int?, but argument 3 has type ?size_t?
hw/es1370.c: In function ?es1370_writel?:
hw/es1370.c:582: warning: format ?%d? expects type ?int?, but argument 3 has type ?long int?
hw/es1370.c:592: warning: format ?%d? expects type ?int?, but argument 3 has type ?long int?
hw/es1370.c:609: warning: format ?%d? expects type ?int?, but argument 3 has type ?long int?
hw/es1370.c: In function ?es1370_readl?:
hw/es1370.c:751: warning: suggest braces around empty body in an ?if? statement
Fix the format strings and add the missing braces.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: malc <av1474@comtv.ru>
In the context of PV-on-HVM under Xen, the emulated nics are supposed to be
unplug before the guest drivers are initialized, when the guest write to a
specific IO port.
Without this patch, the guest end up with two nics with the same MAC, the
emulated nic and the PV nic.
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The str allocated in visit_type_str was not freed.
The visit_type_str function is an input visitor(<QMP/String/etc>-to-native)
here, it will allocate memory for caller, so the caller is responsible for
freeing the memory.
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: dunrong huang <riegamaths@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
VIRTIO_BLK_F_SCSI is supposed to mean whether the host can *parse*
SCSI requests, not *execute* them. You could run QEMU with scsi=on
and a file-backed disk, and QEMU would fail all SCSI requests even
though it advertises VIRTIO_BLK_F_SCSI.
Because we need to do this to fix a migration compatibility problem
related to how QEMU is invoked by management, we must do this
unconditionally even on older machine types. This more or less assumes
that no one ever invoked QEMU with scsi=off.
Here is how testing goes:
- old QEMU, scsi=on -> new QEMU, scsi=on
- new QEMU, scsi=on -> old QEMU, scsi=on
- old QEMU, scsi=off -> new QEMU, scsi=on
- new QEMU, scsi=off -> old QEMU, scsi=on
ok (new QEMU has VIRTIO_BLK_F_SCSI, adding host features is fine)
- old QEMU, scsi=off -> new QEMU, scsi=off
ok (new QEMU has VIRTIO_BLK_F_SCSI, adding host features is fine)
- old QEMU, scsi=on -> new QEMU, scsi=off
ok, bug fixed
- new QEMU, scsi=on -> old QEMU, scsi=off
doesn't work (same as: old QEMU, scsi=on -> old QEMU, scsi=off)
- new QEMU, scsi=off -> old QEMU, scsi=off
broken by the patch
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
We will have to add another field to the virtio-blk configuration in
the next patch. Avoid a proliferation of arguments to virtio_blk_init.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Move it from virtio_blk_exit_pci to virtio_blk_exit.
This is included here because the next patch removes proxy->block.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Linux really looks only at scsi->errors for SG_IO requests; it does
not look at the virtio request status at all. Because of this, when
a SG_IO request is failed early with virtio_blk_req_complete(req,
VIRTIO_BLK_S_UNSUPP), without writing hdr.status, it will look like
a success to the guest.
This is their bug, but we can make it safe for older guests now by
forcing scsi->errors to have a non-zero value whenever a request
has to be failed.
But if we fix the bug in the guest driver, we will have another problem
because QEMU returns VIRTIO_BLK_S_IOERR if the status is non-zero, and
Linux translates that to -EIO. Rather, the guest should succeed the
request and pass the non-zero status via the userspace-provided SG_IO
structure. So, remove the case where virtio_blk_handle_scsi can
return VIRTIO_BLK_S_IOERR.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Allow load_image_targphys to load files on systems with more than 2G of
emulated memory by changing the max_sz parameter from an int to an
uint64_t.
Reviewed-by: Andreas F=E4rber <afaerber@suse.de>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Make use of the new vector notifier to track changes of the MSI-X
configuration of virtio PCI devices. On enabling events, we establish
the required virtual IRQ to MSI-X message route and link the signaling
eventfd file descriptor to this vIRQ line. That way, vhost-generated
interrupts can be directly delivered to an in-kernel MSI-X consumer like
the x86 APIC.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Analogously to msi_nr_vectors_allocated, add a service for MSI-X. Will
be used by the virtio-pci layer.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Automatically commit route changes after kvm_add_routing_entry and
kvm_irqchip_release_virq. There is no performance relevant use case for
which collecting multiple route changes is beneficial. This makes
kvm_irqchip_commit_routes an internal service which assert()s that the
corresponding IOCTL will always succeed.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
We will add kvm_irqchip_add_msi_route, so let's make the difference
clearer.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Vector notifiers shall be triggered by the MSI/MSI-X core whenever a
relevant configuration change is programmed by the guest. In case of
MSI-X, changes are reported when the effective mask (global &&
per-vector) alters its state. On unmask, the current vector
configuration is included in the event report. This allows users - e.g.
virtio-pci layer - to transfer this information to external MSI-X
routing subsystems - like vhost + KVM in-kernel irqchip.
This implementation only provides MSI-X support, but extension to MSI is
feasible and will be provided later on when adding support for KVM PCI
device assignment.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
In preparation of firing vector notifiers on mask changes, call
msix_handle_mask_update also from msix_mask_all. So far, this will have
no real effect.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
This helper will also be used by the upcoming config notifier.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
There are no outside references to virtio_portio.
Add missing 'static' specifier.
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Initrd load address is too low, it conflicts with kernel load
address:
rom: requested regions overlap (rom phdr #0: /tmp/vmlinux-debian-6.0.4-sparc64. free=0x0000000000742519, addr=0x0000000000400000)
rom loading failed
Fix by making the initrd address variable, load initrd after kernel
image. Use 64 bit variables instead of longs or 32 bit types.
Tested-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: John V. Baboval <john.baboval@virtualcomputer.com>
Signed-off-by: Tom Goetz <tom.goetz@virtualcomputer.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
In the context of PV-on-HVM under Xen, the emulated nics are supposed to be
unplug before the guest drivers are initialized, when the guest write to a
specific IO port.
Without this patch, the guest end up with two nics with the same MAC, the
emulated nic and the PV nic.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
While for the "normal" case (called from blk_send_response_all())
decrementing requests_finished is correct, doing so in the parse error
case is wrong; requests_inflight needs to be decremented instead.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Use bdrv_aio_flush instead of bdrv_flush.
Make sure to call bdrv_aio_writev/readv after the presync bdrv_aio_flush is fully
completed and make sure to call the postsync bdrv_aio_flush after
bdrv_aio_writev/readv is fully completed.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
This patch removes a dead option.
The same can be achieved removing BDRV_O_NOCACHE and BDRV_O_CACHE_WB
from the flags passed to bdrv_open.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
PIT and PCSPK are emulated by the hypervisor so we don't need to emulate
them in Qemu: this patch prevents Qemu from waking up needlessly at
PIT_FREQ on Xen.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Catch writes to the MSI MMIO region in the KVM APIC and forward them to
the kernel. Provide the kernel support GSI routing, this allows to
enable MSI support also for in-kernel irqchip mode.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Push msi_supported enabling to the APIC implementations where we can
encapsulate the decision more cleanly, hiding the details from the
generic code.
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Will be used for generating and distributing MSI messages, both in
emulation mode and under KVM.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
* sweil/for-1.1:
qemu-doc: Use QEMU instead of qemu for product name
qemu-doc: Fix executable name in examples
qemu-doc: Add missing parameter in description of -D option
configure: Use QEMU instead of Qemu
fix some common typos
qemu-timer: Fix wrong error message
Since most property types do not have a parse property now, this was
broken. Fix it by looking at the setter instead.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Acked-by: Andreas F=E4rber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Most important here is to update our internal endpoint state so we know
the endpoint isn't in halted state any more. Without this usb-host
tries to clear halt again with the next data transfer submitted. Doing
this twice is (a) not correct and (b) confuses some usb devices,
rendering them non-functional in the guest.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
These were identified using: http://github.com/lyda/misspell-check
and run like this to create a bourne shell script using GNU sed's
-i option:
git ls-files|grep -vF .bin | misspellings -f - |grep -v '^ERROR:' |perl \
-pe 's/^(.*?)\[(\d+)\]: (\w+) -> "(.*?)"$/sed -i '\''${2}s!$3!$4!'\'' $1/'
Manually eliding the FP, "rela->real" and resolving "addres" to
address (not "adders") we get this:
sed -i '450s!thru!through!' Changelog
sed -i '260s!neccessary!necessary!' coroutine-sigaltstack.c
sed -i '54s!miniscule!minuscule!' disas.c
sed -i '1094s!thru!through!' hw/usb/hcd-ehci.c
sed -i '1095s!thru!through!' hw/usb/hcd-ehci.c
sed -i '21s!unecessary!unnecessary!' qapi-schema-guest.json
sed -i '307s!explictly!explicitly!' qemu-ga.c
sed -i '490s!preceeding!preceding!' qga/commands-posix.c
sed -i '792s!addres!address!' qga/commands-posix.c
sed -i '6s!beeing!being!' tests/tcg/test-mmap.c
Also, manually fix "arithmentic", spotted by Peter Maydell:
sed -i 's!arithmentic!arithmetic!' coroutine-sigaltstack.c
Signed-off-by: Jim Meyering <meyering@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
We have the following simplified callgraph in mips_fulong2e_init():
cpu_init() => cpu_mips_init()
object_new()
mips_cpu_initfn()
cpu_exec_init()
register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
cpu_save, cpu_load, env)
register_savevm(NULL, "cpu", 0, 3, cpu_save, cpu_load, env)
CPU_SAVE_VERSION is defined as 3 in target-mips/cpu.h.
fulong2e instantiates one CPU, so its cpu_index is 0.
Thus the two are fully identical.
Therefore just remove the second call in fulong2e.
Signed-off-by: Juan Quintela <quintela@redhat.com>
[AF: Extend explanation in commit message]
Signed-off-by: Andreas Färber <afaerber@suse.de>
This was erroneously dropped in d6c730086c
(pc: reduce duplication in compat machine types).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
ptr properties have neither a get/set or a print/parse which means that when
they're added they aren't treated as static or legacy properties.
Just assume properties like this are legacy properties and treat them as such.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Otherwise, non-string properties without a legacy counterpart are missed.
Also fix error propagation in object_property_print() itself.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Similarly to PCI interrupt mappings, the OBIO ones have to be initialized.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* kwolf/for-anthony:
fdc: simplify media change handling
qcow2: lock on prealloc
block: make bdrv_create adopt coroutine
qcow2: Limit COW to where it's needed
sheepdog: switch to writethrough mode if cluster doesn't support flush
* bonzini/scsi-next:
scsi: Add assertion for use-after-free errors
scsi: remove useless debug messages
scsi: set VALID bit to 0 in fixed format sense data
scsi: do not require a minimum allocation length for REQUEST SENSE
scsi: do not require a minimum allocation length for INQUIRY
scsi: parse 16-byte tape CDBs
scsi: do not report bogus overruns for commands in the 0x00-0x1F range
scsi-disk: add dpofua property
scsi: change "removable" field to host many features
scsi: Specify the xfer direction for UNMAP and ATA_PASSTHROUGH commands
scsi: fix WRITE SAME transfer length and direction
scsi: fix refcounting for reads
scsi: prevent data transfer overflow
ISCSI: Add support for thin-provisioning via discard/UNMAP and bigger LUNs
Commit afe0a59535 added byte reads for TxStatus/TxAddr, but
broke 32-bit reads; the mask generation
(1 << (8 * size)) - 1
is unspecified in C for size >= sizeof(int), and in fact returns 0
on x86.
Fix by using a larger type.
Fixes (at least) Fedora 9 i386 with -machine kernel_irqchip=on. I
didn't see it with the qemu APIC implementation; may be due to timing
or (more likely) a tester error.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This also (partly) fixes IBM OS/2 Warp 4.0 floppy installation, where
not all floppies have the same format (2x80x18 for the first ones,
2x80x23 for the next ones).
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The Linux AC97 driver tests this bit to decide wether or not to show
an External amplifier toggle control.
This patch was also tested with a Windows XP guest without any issues.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
The Linux ac97 drivers does a number of register read/write tests to
see how much resolution a volume control actually has.
This patch takes this into account by masking out any bits written to
a volume control reg which should not be there according to the spec.
After this the Linux ac97 driver correctly uses a range of 0 - 0x1f for
the PCM out volume, as stated in the spec, and we can fix the FIXME
in update_combined_volume_out().
This patch was also tested with a Windows XP guest without any issues.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
After commit 19677a380a70348134ed7650b294522617eb03fc:
"hw/ac97: add support for volume control"
We are (correctly) using AC97_Record_Gain_Mute and not AC97_Line_In_Volume_Mute
for recording volume, but various places in hw/ac97 were still assumimg that
we are using AC97_Line_In_Volume_Mute for record volume control, this patch
fixes this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
The Linux ac97 driver tries to see if optional things like video input
volume control are available in 2 ways:
1) See if the mute bit is set after reset, if it is no further tests are done
2) If the mute bit is not set it does a write/read test of the mute bit
This patch changes our ac97 to conform to what the Linux driver expects, it
initializes registers for things which we don't emulate to 0 (so the mute bit
is not set) and makes them read only.
This causes Linux to now longer show the following (functionless)
controls in alsamixer:
Master Mono vol + mute
3d Control toggle
PCM out pre / post 3d select
Surround toggle
CD vol + mute
Mic vol + mute
Mic boost toggle
Mic mic1 / mic2 select
Video vol + mute
Phone vol + mute
Beep mono vol + mute
Aux vol + mute
Mono "output mic" / "mix" select
Sigmatel 4 speaker stereo toggle
Sigmatel ADC 6Db att toggle
Sigmatel DAC 6Db att toggle
This patch was also tested with a Windows XP guest and there it also makes
a number of functionless mixer controls go away.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
The QEMU emulation which is currently used with Raspberry PI images
(qemu-system-arm -M versatilepb ...) accesses memory which was freed.
Valgrind output (extract):
==17857== Invalid write of size 4
==17857== at 0x24EB06: scsi_req_unref (scsi-bus.c:1273)
==17857== by 0x24FFAE: scsi_read_complete (scsi-disk.c:277)
==17857== by 0x152ACC: bdrv_co_em_bh (block.c:3363)
==17857== by 0x13D49C: qemu_bh_poll (async.c:71)
==17857== by 0x211A8C: main_loop_wait (main-loop.c:503)
==17857== by 0x207954: main_loop (vl.c:1555)
==17857== by 0x20E9C9: main (vl.c:3653)
==17857== Address 0x1c54383c is 12 bytes inside a block of size 260 free'd
==17857== at 0x4824B3A: free (vg_replace_malloc.c:366)
==17857== by 0x20ADFA: free_and_trace (vl.c:2250)
==17857== by 0x4899FC5: g_free (in /lib/libglib-2.0.so.0.2400.1)
==17857== by 0x24EB3B: scsi_req_unref (scsi-bus.c:1277)
==17857== by 0x24F003: scsi_req_complete (scsi-bus.c:1383)
==17857== by 0x25022A: scsi_read_data (scsi-disk.c:334)
==17857== by 0x24EB9F: scsi_req_continue (scsi-bus.c:1289)
==17857== by 0x1C7787: lsi_do_dma (lsi53c895a.c:575)
==17857== by 0x1C8CDA: lsi_execute_script (lsi53c895a.c:1147)
==17857== by 0x1C74EA: lsi_resume_script (lsi53c895a.c:510)
==17857== by 0x1C7ECD: lsi_transfer_data (lsi53c895a.c:746)
==17857== by 0x24EC90: scsi_req_data (scsi-bus.c:1307)
(There are some more similar messages.)
This patch adds an assertion which also detects those errors:
Calling scsi_req_unref is not allowed when the previous call
of that function has decremented refcount to 0, because in this
case req was freed.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Optional inquiry information is declared obsolete in the latest versions
of the standard; invalid CDBs or unsupported VPD pages are supported
can be diagnosed with trace_scsi_inquiry.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The requirements on the REQUEST SENSE buffer size are not in my copy of SPC
(SPC-4 r27) and not observed by LIO. Rip them out.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The requirements on the INQUIRY buffer size are not in my copy of SPC
(SPC-4 r27) and not observed by LIO. Rip them out.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The transfer length for these commands is different from the transfer
length of the corresponding disk commands, so parse it specially.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Interpreting cdb[4] == 0 as a request to transfer 256 blocks is only
needed for READ_6 and WRITE_6. No other command in that range needs
that special-casing, and the resulting overrun breaks scsi-testsuite's
attempt to use command 2 as a known-invalid command.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Linux expects REQ_FUA to be advertised only if WRITE+FUA is faster than
WRITE+SYNCHRONIZE CACHE, so we should not set the DPOFUA bit. However,
it is useful to have it for testing purposes, so add a qdev property to
set it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
It is pointless to add a uint32_t field for every new feature.
Since we will need a new feature soon, convert accesses to "removable"
to look at bit 0 only.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
scsi_cmd_xfer_mode() is used to specify the xfer direction for SCSI
commands that come in from the guest. If the direction is set incorrectly
this will eventually cause QEMU to kernel-panic the guest.
Add UNMAP and ATAPASSTHROUGH as commands that send data to the device.
Without this change, recent kernels will send both UNMAP as well
as ATAPASSTHROUGH commands to any /dev/sg* device, which due to the
incorrect xfer direction very quickly causes the guest kernel to crash.
Example causing a crash without the patch applied:
./x86_64-softmmu/qemu-system-x86_64 -m 1024 -enable-kvm -cdrom linuxmint-12-gnome-dvd-64bit.iso -drive file=/dev/sg4,if=scsi,bus=0,unit=6
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Recently introduced FUA support also gave us a use-after-free
of the BlockAcctCookie within a SCSIDiskReq, due to unbalanced
reference counting.
The patch fixes this by making scsi_do_read look like a combination
of scsi_*_complete + scsi_*_data. It does both a ref (like
scsi_read_data) and an unref (like scsi_flush_complete).
Reported-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Valgrind reported this memory leak which occured a few times.
Test scenario:
qemu-system-i386 (no arguments), only BIOS started, terminate with
monitor command (quit).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Valgrind reported this memory leak which occured very often.
Test scenario:
qemu-system-i386 (no arguments), only BIOS started, terminate with
monitor command (quit).
v2:
Use error_free instead of g_free (hint from Andreas Färber, thanks).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Andreas Färber <afaerber@suse.de>
When using Windows 8 with an AHCI disk drive, it issues a blue screen.
The reason is that WIN_SECURITY_FREEZE_LOCK / CFA_WEAR_LEVEL is not
supported by our ATA implementation, but Windows expects it to be there.
Since without security stuff implemented, the lock would be a nop anyway
and CFA_WEAR_LEVEL already is treated as a nop, let's just allow the cmd
for HD drives as well. That way Windows is happy.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* agraf/s390-for-upstream:
s390: reset avail and used index on reboot
S390: dont call system_shutdown on disabled wait
S390: remove default cdrom, sd-card and floppy support
S390: support reboot for kvm on s390
S390: reboot: reset device pages on reboot
S390: fix error handling on kernel and initrd failures
S390: fix kernel_commandline handling
The default case in function spin_read should never be reached,
therefore the old code used assert(0) to abort QEMU.
This does not work when QEMU is compiled with macro NDEBUG defined.
In this case (and also when the compiler does not know that assert
never returns), there is a compiler warning because of the missing
return value.
Using hw_error allows an improved error message and aborts always.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
[agraf: use __func__]
Signed-off-by: Alexander Graf <agraf@suse.de>
Commit ed120055c7 (Implement PAPR VPA
functions for pSeries shared processor partitions) introduced the
deregister_dtl() function and typo "emv" as name of its argument.
This went unnoticed because the code in that function can access the
global variable "env" so that no build failure resulted.
Fix the argument to read "env". Resolves LP#986241.
Signed-off-by: Peter Portante <peter.portante@redhat.com>
Acked-by: Andreas Färber <afaerber@suse.de>
[agraf: fixed typo in commit message]
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently the pseries PCI code uses a somewhat strange scheme of PCI irq
allocation - one per slot up to a maximum that's greater than the usual 4.
This scheme more or less worked, because we were able to tell the guest the
irq mapping in the device tree, however it's a bit odd and may break
assumptions in the future. Worse, the array used to construct the dev
tree interrupt map was mis-sized, we got away with it only because it
happened that our SPAPR_PCI_NUM_LSI value was greater than 7.
This patch changes the pseries PCI code to use the same interrupt swizzling
scheme as is standardized for PCI to PCI bridges. This makes for better
consistency, deals better with any devices which use multiple interrupt
pins and will make life easier in the future when we add passthrough of
what may be either a host bridge or a PCI to PCI bridge. This won't break
existing guests, because they don't assume a particular mapping scheme for
host bridges, but just follow what we tell them in the device tree (also
updated to match, of course). This patch also fixes the allocation of the
irq map.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
PAPR virtual IO (VIO) devices require a unique, but otherwise arbitrary,
"address" used as a token to the hypercalls which manipulate them.
Currently the pseries machine code does an ok job of allocating these
addresses when the legacy -net nic / -serial and so forth options are used
but will fail to allocate them properly when using -device.
Specifically, you can use -device if all addresses are explicitly assigned.
Without explicit assignment, only one VIO device of each type (network,
console, SCSI) will be assigned properly, any further ones will attempt
to take the same address leading to a fatal error.
This patch fixes the situation by adding a proper address allocator to the
VIO "bus" code. This is used both by -device and the legacy options and
default devices. Addresses can still be explicitly assigned with -device
options if desired.
This patch changes the (guest visible) numbering of VIO devices, but since
their addresses are discovered using the device tree and already differ
from the numbering found on existing PowerVM systems, this does not break
compatibility.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Initial Mapping creation for secondary CPU in SMP was missing new MMU API.
Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
reset the guest vring avail/used idx fields, otherwise it's possible
that old values remain in memory which would cause a reboot to fail
with a "Guest moved used index" message
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch simply disables CDROM, SD card and floppy support for the
s390 virtio machine. Without this patch, a default CDROM drive would
get added which has currently no backing on s390.
Signed-off-by: Einar Lueck <elelueck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch fixes reboot on s390 by resetting the device
page on reboot.
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
If the user specifies a non-existing or non-accessable kernel or initrd
qemu does not fail, instead it ipls into the system, which then falls
into a program check loop due to the zeroed memory with no kernel.
Lets add some sanity checks.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
The current handling of kernel parameters is broken. The pointer
is always valid, even if no -kernel or -append is specified.
We must check if the kernel rom address is valid instead,
otherwise qemu might segfault.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Initially, vga_get_text_resolution returns a text resolution of 1 x 1
(vga register values are 0).
This is visible during MIPS Malta boot with SDL. It also occurs with the
i386 or x86_64 system emulation when it runs in single step mode:
QEMU changes the size of the SDL window to the smallest possible value
which is supported by the window manager. As this is not the calculated
size, QEMU switches to scaled mode. When the BIOS or the VGA driver sets
the normal text resolution, the window stays small and displays
microscopic characters.
Ignoring text resolutions of 1 x 1 or less avoids these problems.
A similar workaround already exists for too large resolutions.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Register is one byte-wide (as per specification), so there is no need
to specify endianness.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
[AF: Limit access validity to size 1]
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Speaker init has been added in 506b7ddf88,
but audio subsystem init was missing.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Keep the PC values as defaults but allow to override them for PReP.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
This fixes a crash in PReP emulation when using DMA controller to access
floppy drive.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
* 'target-arm.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm:
target-arm: Make SETEND respect bswap_code (BE8) setting
target-arm: Move A9 config_base_address reset value to ARMCPU
target-arm: Change cpu_arm_init() return type to ARMCPU
Move the A9 config_base_address cp15 register reset value to
ARMCPU. This should become a QOM property so that the Highbank
board can set it without having to pull in cpu-qom.h, but at
least this avoids the implicit dependency on reset ordering
that the previous workaround had.
Cc: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
* kraxel/usb.49:
usb-uhci: update irq line on reset
usb: add serial number generator
usb-redir: Not finding an async urb id is not an error
usb-redir: Reset device address and speed on disconnect
usb-redir: An interface count of 0 is a valid value
usb-xhci: fix bit test
usb-xhci: Use PCI DMA helper functions
usb-host: fix zero-length packets
usb-host: don't dereference invalid iovecs
usb-storage: fix request canceling
usb-ehci: Ensure frindex writes leave a valid frindex value
usb-ehci: add missing usb_packet_init() call
usb-ehci: remove hack
* mst/tags/for_anthony:
e1000: set E1000_ICR_INT_ASSERTED only for 8257x
e1000: link auto-negotiation emulation
e1000: introduce bit for debugging PHY emulation
e1000: introduce helpers to manipulate link status
e1000: PHY loopback mode support
e1000: conditionally raise irq at the end of MDI cycle
e1000: introduce bits of PHY control register
eepro100: Fix multicast regression
virtio: order index/descriptor reads
virtio: add missing mb() on enable notification
virtio: add missing mb() on notification
e1000: move reset function earlier in file
We're not actually calling qdev_init for the pc-sysfw device. Since we create
the canonical path during realize, this was causing an assert to trigger when
attempting to read a link pointing to pc-sysfw.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
uhci_reset() clears irq mask and irq status registers, but doesn't
update the irq line. Which may result in suspious IRQs after uhci
reset. Fix it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds a function which creates unique serial numbers for usb
devices and puts it into use. Windows guests tend to become unhappy if
they find two identical usb devices in the system. Effects range from
non-functional devices (with yellow exclamation mark in device manager)
to BSODs. Handing out unique serial numbers to devices fixes this.
With this patch applied almost all emulated devices get a generated,
unique serial number. There are two exceptions:
* usb-storage devices will prefer a user-specified serial number
and will only get a generated number in case the serial property
is unset.
* usb-hid devices keep the fixed serial number "42" as it is used
to signal "remote wakeup actually works".
See commit 7b074a22da
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
We clear our pending async urb list on device disconnect and we may still
receive "packet complete" packets from our peer after this, which will then
refer to packet ids no longer in our list.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Without this disconnected devices look like the last redirected device
in the monitor in "info usb".
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
An interface-count of 0 happens when a device is in unconfigured state when
it gets redirected. So we should not use 0 to detect not having received
interface info from our peer.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Shortly before 1.0, we added helper functions / wrappers for doing PCI DMA
from individual devices. This makes what's going on clearer and means that
when we add IOMMU support somewhere in the future, only the general PCI
code will have to change, not every device that uses PCI DMA.
However, usb-xhci is not using these wrappers, despite being a PCI only
device. This patch remedies the situation, using the pci dma functions
instead of direct calls to cpu_physical_memory_{read,write}(). Likewise
address parameters for DMA are changed to dma_addr_t instead of
target_phys_addr_t.
[ kraxel: removed #ifdefs ]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
usb-host optimizes away zero-length packets by not entering the
processing loop at all. Which isn't correct, we should submit a
zero-length urb to the host devicein that case. This patch makes
sure we run the processing loop at least once.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
usb-host assumes the first iovec element is always valid.
In case of a zero-length packet this isn't true though.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Little fix for usb packet handling on i/o cancelation. The
usb packet pointer (s->packet) is cleared at the wrong place:
The scsi request cancel handler does it. When a usb packet
is canceled the usb-storage emulation canceles the scsi request
if present. In most cases there is one, so usually s->packet
is cleared as needed even with the code sitting at the wrong
place.
If there is no scsi request in flight s->packet is not cleared
though. The usb-storage emulation will then try to complete an
usb packet which is not in flight any more and thereby trigger
an assert() in the usb core.
Fix this by clearing s->packet at the correct place, which is
the usb packet cancel header.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
frindex is a 14 bits counter, so bits 31-14 should always be 0, and
after the commit titled "usb-ehci: frindex always is a 14 bits counter"
we rely on frindex always being a multiple of 8. I've not seen this in
practice, but theoretically a guest can write a value >= 0x4000 or a value
which is not a multiple of 8 value to frindex, this patch ensures that
things will still work when that happens.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
To answer the question in the comment removed by this patch: I think
this was needed because several places in the ehci emulation did not
check the T bit of link entries correctly and thus might have followed
invalid references. See commit 2a5ff735dc
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Our hda codecs exist in two variants: With CONFIG_MIXEMU=y they expose
amplifiers for volume control to the guest, with CONFIG_MIXEMU=n they
don't.
This patch changes the codec ids, they are different now for these two
cases. This makes sure windows guests will notice the difference.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
It's identical to the hda-duplex codec, except that it advertises the
input as microphone instead of line-in and the output as speaker instead
of line-out. Some guest apps (microsoft netmeeting being one) are picky
when it comes to selecting the recording source and don't accept
line-in, so give them what they expect.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
When a guest driver resets the virtio status to not ready, or when qemu
is reset, reset all ports' guest_connected bit and let port users know
of this event if they have the guest_close() callback registered.
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
guest_connected should be false before guest driver initialization, and
true after, both for multiport aware and non multiport aware drivers.
Don't set it before the guest_features are available; instead use
set_status which is called by io to VIRTIO_PCI_STATUS with
VIRTIO_CONFIG_S_DRIVER_OK by even older non multiport drivers.
[Amit: Add comment, tweak summary, only set guest_connected and not
reset it as a side-effect.]
Signed-off-by: Alon Levy <alevy@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
E1000_ICR_INT_ASSERTED were introduced only for 8257x, so we need to
check the E1000_DEVID before setting this bit in ICS.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Indeed, there's nothing else except for the time spent on the
negotiation needs to be emulated. This is needed for resuming windows
guest from hibernation, as without a proper delay, qemu would send the
packet too early ( guest even does not have a proper intr handler),
which could lead windows guest hang.
This patch first introduces an array of function pointers to make it
possible to emulate per-register write behavior. Then traps the
PHY_CTRL register write and when guest want to restart the link auto
negotiation, we would down the link and mark the auto negotiation in
progress in PHY_STATUS register. After time, a timer with 500 ms (
which is the minimum timeout of auto-negotation specified in 802.3
spec). The link would be up when timer expired.
Test with resuming windows guest plus flood ping and linux ethtool
linkstatus test.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This patch introduces helpers to change link status bit for phy/mac
register. This would help to reduce code duplication and would be used
by following patches.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The missing of loopback mode prevent the running of self diagnosis
program in guest. This patch adds this support.
After this patch, loopback test of ethtool were passed in guest.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
According to the spec:
"When set to 1b by software, it causes an Interrupt to be
asserted to indicate the end of an MDI cycle."
We need check the Interrupt Enable bit and raise irq only when it is
set.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Commit 7fc8d918b9 removed code from
eepro100.c and replaced it by different code: the code in net.c
returns bits 31...26, but eepro100 needs bits 7...2.
This patch partially reverts 7fc8d918b9.
To avoid future problems, I renamed the function and changed the comment.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
virtio has the equivalent of:
if (vq->last_avail_index != vring_avail_idx(vq)) {
read descriptor head at vq->last_avail_index;
}
In theory, processor can reorder descriptor head
read to happen speculatively before the index read.
this would trigger the following race:
host descriptor head read <- reads invalid head from ring
guest writes valid descriptor head
guest writes avail index
host avail index read <- observes valid index
as a result host will use an invalid head value.
This was not observed in the field by me but after
the experience with the previous two races
I think it is prudent to address this theoretical race condition.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This fixes an issue dual to the one fixed by
patch 'virtio: add missing mb() on notification'
and applies on top.
In this case, to enable vq kick to exit to host,
qemu writes out used flag then reads the
avail index. if these are reordered we get a race:
host avail index read: ring is empty
guest avail index write
guest flag read: exit disabled
host used flag write: enable exit
which results in a lost exit: host will never be notified about the
avail index update. Again, happens in the field but only seems to
trigger on some specific hardware.
Insert an smp_mb barrier operation to ensure the correct ordering.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
During normal operation, virtio first writes a used index
and then checks whether it should interrupt the guest
by reading guest avail index/flag values.
Guest does the reverse: writes the index/flag,
then checks the used ring.
The ordering is important: if host avail flag read bypasses the used
index write, we could in effect get this timing:
host avail flag read
guest enable interrupts: avail flag write
guest check used ring: ring is empty
host used index write
which results in a lost interrupt: guest will never be notified
about the used ring update.
This actually can happen when using kvm with an io thread,
such that the guest vcpu and qemu run on different host cpus,
and this has actually been observed in the field
(but only seems to trigger on very specific processor types)
with userspace virtio: vhost has the necessary smp_mb()
in place to prevent the regordering, so the same workload stalls
forever waiting for an interrupt with vhost=off but works
fine with vhost=on.
Insert an smp_mb barrier operation in userspace virtio to
ensure the correct ordering.
Applying this patch fixed the race condition we have observed.
Tested on x86_64. I checked the code generated by the new macro
for i386 and ppc but didn't run virtio.
Note: mb could in theory be implemented by __sync_synchronize, but this
would make us hit old GCC bugs. Besides old GCC
not implementing __sync_synchronize at all, there were bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=36793
in this functionality as recently as in 4.3.
As we need asm for rmb,wmb anyway, it's just as well to
use it for mb.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
If a guest sets very short timeouts, and asks for a timer to be reloaded on
timeout, QEMU can go to 100%CPU utilisation and become unresponsive,
as it is spending all its time generating timeout interrupts. On real
hardware this doesn't matter, as the interrupts are just coalesced,
and the effect is to have the interrupt asserted all the time.
This patch is a band-aid, that prevents timeouts less than 10
microseconds from being set. 10 microseconds is a limit that was
determined empirically on a variety of machines as the shortest that
allowed QEMU to pick up a control-a c sequence to get at the monitor.
Reported-by: Anna Lyons <anna.lyons@nicta.com.au>
Signed-off-by: Peter Chubb <peter.chubb@nicta.com.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Specify the root to search from as argument. This avoids hardcoding
"/machine" in some places and makes it more flexible.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* kwolf/for-anthony: (38 commits)
qemu-iotests: Fix test 031 for qcow2 v3 support
qemu-iotests: Add -o and make v3 the default for qcow2
qcow2: Zero write support
qemu-iotests: Test backing file COW with zero clusters
qemu-iotests: add a simple test for write_zeroes
qcow2: Support for feature table header extension
qcow2: Support reading zero clusters
qcow2: Version 3 images
qcow2: Ignore reserved bits in check_refcounts
qcow2: Ignore reserved bits in refcount table entries
qcow2: Simplify count_cow_clusters
qcow2: Refactor qcow2_free_any_clusters
qcow2: Ignore reserved bits in L1/L2 entries
qcow2: Fail write_compressed when overwriting data
qcow2: Ignore reserved bits in count_contiguous_clusters()
qcow2: Ignore reserved bits in get_cluster_offset
qcow2: Save disk size in snapshot header
Specification for qcow2 version 3
qcow2: Fix refcount block allocation during qcow2_alloc_cluster_at()
iotests: Resolve test failures caused by hostname
...
Fix BCD mask for date. The most visible effect of this patch is
Solaris 2.5.1 doesn't hang at boot if the day of month is >21.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* origin/master: (27 commits)
target-arm: Move reset handling to arm_cpu_reset
target-arm: Drop cpu_reset_model_id()
target-arm: Move cache ID register setup to cpu specific init fns
target-arm: Move OMAP cp15_i_{max,min} reset to cpu_state_reset
target-arm: Move feature register setup to per-CPU init fns
target-arm: Move iWMMXT wCID reset to cpu_state_reset
target-arm: Drop JTAG_ID documentation
target-arm: Move SCTLR reset value setup to per cpu init fns
target-arm: Move CTR setup to per cpu init fns
target-arm: Move MVFR* setup to per cpu init fns
target-arm: Move FPSID config to cpu init fns
target-arm: Move feature bit settings to CPU init fns
target-arm: Add QOM subclasses for each ARM cpu implementation
target-arm: remind to keep arm features in sync with linux-user/elfload.c
tci: GETPC() macro must return an uintptr_t
gdbstub: Synchronize CPU state unconditionally in gdb_set_cpu_pc
softfloat: make USE_SOFTFLOAT_STRUCT_TYPES compile
target-xtensa: add tests for LOOPNEZ and LOOPGTZ
target-xtensa: fix LOOPNEZ/LOOPGTZ translation
qtest: add m48t59 tests for Sparc
...
* stefanha/trivial-patches:
Add .gitignore for tests/
e1000: Fix spelling (segmentaion -> segmentation) in debug output
spice-qemu-char.c: Show what name is unsupported
pflash_cfi01: remove redundant line
qxl: Add missing GCC_FMT_ATTR and fix format specifier
fix block_job_set_speed name in documentation
error.c: don't return value for void function
* bonzini/scsi-next:
scsi: add SANITIZE command
SCSI emulation: should tell the guest that we actually support thin provisioning
SCSI emulation: Support unmap via WRITE_SAME_10.
scsi: advertise DPOFUA
scsi: small refactoring of MMC mode-sense
scsi: support FUA on reads
scsi: add a started field to SCSIDiskReq
scsi: force unit access on VERIFY
scsi: add support for FUA on writes
scsi: move scsi_flush_complete around
scsi: make code more homogeneous in AIO callback functions
scsi: add missing test for cancelled request
virtio-scsi: add multiqueue capability
virtio: add virtio_queue_get_id
virtio-scsi: prepare migration format for multiqueue
scsi: fix memory leak
On reset of the mpcore timer/watchdog block we need to
delete the qemu_timer in case it was running.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The versatile i2c controller implementation was separated to
its own file called versatile_i2c.c. This is done as a preparation
for adding i2c support to the versatilepb board.
Signed-off-by: Oskar Andero <oskar.andero@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This was reported by https://bugs.launchpad.net/qemu/+bug/984476.
I also changed the case for 'error'.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Eric Bénard <eric@eukrea.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
val is an uint64_t, therefore %d was not correct.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
[Actually, we should report it only if discard_granularity is nonzero.
Older SBC drafts assigned 0 to thin provisioning and 1 to thick
(resource-provisioned, they call it). Newer drafts assign respectively
1 and 2 - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This was added in SBC r26 in place of the reserved bits that were
present up to that version.
It is the same as WRITE_SAME_16 as far as QEMU is concerned.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The IDE PIO write sector code path uses bdrv_write() and hence can make
the guest unresponsive while the I/O request is in progress. This patch
converts ide_sector_write() to use bdrv_aio_writev() by using the
BUSY_STAT bit to tell the guest that the request is in progress.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Tested-by: Richard Davies <richard@arachsys.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The IDE PIO interface currently uses bdrv_read() to perform reads
synchronously. Synchronous I/O in the vcpu thread is bad because it
prevents the guest from executing code - it makes the guest
unresponsive.
This patch converts IDE PIO to use bdrv_aio_readv(). We simply need to
use the BUSY_STAT status so the guest knows to wait while we are busy.
The only external user of ide_sector_read() is restart behavior on I/O
errors and it is not affected by this change. We still need to restart
I/O in the same way.
Migration is also unaffected if I understand the code correctly. We
continue to use the same transfer function and the BUSY_STAT status
should never be migrated since we flush I/O before migrating device
state.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Tested-by: Richard Davies <richard@arachsys.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
To force unit access, add a flush operation after the actual write.
WRITE AND VERIFY commands always flush according to SBC, so do it
even though we do not perform the reread.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
First scsi_flush_complete, like scsi_dma_complete, is always called with
an active AIOCB.
Second, always test for "ret < 0" to check for errors.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Adding multiqueue is as simple as creating more than one virtqueues,
and saving the queue number for each request.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Serializing virtio-scsi requests needs a simple way to get from a
VirtQueue to the number of the queue. The virtio_queue_get_id
provides this.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
In order to restore requests correctly from a multitude of virtqueues,
we need to store the id of the request queue that each request came
from.
Do this even for single-queue, by storing a hard-coded zero, to
simplify future implementation of multiqueue.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
scsibus_get_dev_path is leaking id if it is not NULL. Fix it.
Reported-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* origin/master:
Allow controlling volume with PulseAudio backend
configure: pa_simple is not needed anymore
Do not use pa_simple PulseAudio API
audio/spice: add support for volume control
hw/ac97: add support for volume control
hw/ac97: the volume mask is not only 0x1f
hw/ac97: remove USE_MIXER code
audio: don't apply volume effect if backend has VOICE_VOLUME_CAP
audio: add VOICE_VOLUME ctl
Notify any listeners such as vnc that the displaysurface has been
changed, otherwise they will segfault when first accessing the freed old
displaysurface data.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The addition of those values caused a regression where not specifying
any value for the vram bar size would result in a 4096 _byte_ surface
area. This is ok for the windows driver but causes the X driver to be
unusable. Also, it's a regression. This patch returns the default
behavior of having a 64 megabyte vram BAR.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
xc_hvm_inject_msi is only available on Xen >= 4.2: add a dummy
compatibility function for Xen < 4.2.
Also enable msi support only on Xen >= 4.2.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Combine output volume with Master and PCM registers values.
Use default values in mixer_reset ().
Set volume on post-load to update backend values.
v4,v5:
- fix some code style
Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
It's a case by case (see Table 66. AC ?97 Baseline Audio Register Map)
Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
That code doesn't compile. The interesting bits for volume control are
going to be rewritten in the following patch.
Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
Not sure what the purpose of the assert() was, in any case it is bogous.
We can arrive there if transfer descriptors passed to us from the guest
failed to pass sanity checks, i.e. it is guest-triggerable. We deal
with that case by resetting the host controller. Everything is ok, no
need to throw a core dump here.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Also cleanup (reset) our device state when we reject a device due to a
speed mismatch.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The sofv value only ever gets a value assigned and is never used (read)
anywhere, so we can just drop it.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch carries a complete rewrite of the usb descriptor parser.
Changes / improvements:
* We are using the USBDescriptor struct instead of hard-coded offsets
now to access descriptor data.
* (debug) printfs are all gone, tracepoints have been added instead.
* We don't try (and fail) to skip over unneeded descriptors. We parse
them all one by one. We keep track of which configuration, interface
and altsetting we are looking at and use this information to figure
which desciptors are in use and which we can ignore.
* On parse errors we clear all endpoint information, which will
disallow any communication with the device, except control endpoint
messages. This makes sure we don't end up with a silly device state
where half of the endpoints got enabled and the other half was left
disabled.
* Some sanity checks have been added.
The new parser is more robust and also leaves complete device
information in the trace log if you enable the ush_host_parse_*
tracepoints.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds a new type for the binary representation of usb
descriptors. It is put into use for the descriptor generator code
where the struct replaces the hard-coded offsets.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
frindex always is a 14 bits counter, and not a 13 bits one as we were
emulating. There are some subtle hints to this in the spec, first of all
"Table 2-12. FRINDEX - Frame Index Register" says:
"Bit 13:0 Frame Index. The value in this register increments at the end of
each time frame (e.g. micro-frame). Bits [N:3] are used for the Frame List
current index. This means that each location of the frame list is accessed
8 times (frames or micro-frames) before moving to the next index. The
following illustrates values of N based on the value of the Frame List
Size field in the USBCMD register.
USBCMD[Frame List Size] Number Elements N
00b 1024 12
01b 512 11
10b 256 10
11b Reserved"
Notice how the text talks about "Bits [N:3]" are used ..., it does
NOT say that when N == 12 (our case) the counter will wrap from 8191 to 0,
or in otherwords that it is a 13 bits counter (bits 0 - 12).
The other hint is in "Table 2-10. USBSTS USB Status Register Bit Definitions":
"Bit 3 Frame List Rollover - R/WC. The Host Controller sets this bit to a one
when the Frame List Index (see Section 2.3.4) rolls over from its maximum value
to zero. The exact value at which the rollover occurs depends on the frame
list size. For example, if the frame list size (as programmed in the Frame
List Size field of the USBCMD register) is 1024, the Frame Index Register
rolls over every time FRINDEX[13] toggles. Similarly, if the size is 512,
the Host Controller sets this bit to a one every time FRINDEX[12] toggles."
Notice how this text talks about setting bit 3 when bit 13 of frindex toggles
(when there are 1024 entries, so our case), so this indicates that frindex
has a bit 13 making it a 14 bit counter.
Besides these clear hints the real proof is in the pudding. Before this
patch I could not stream data from a USB2 webcam under Windows XP, after
this cam using a USB2 webcam under Windows XP works fine, and no regressions
with other operating systems were seen.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Looks like a cut+paste bug from ehci_detach. When the device itself is
detached from a ehci port (ehci_detach op) we have to clear the
device pointer for the companion port too. When a device gets removed
from a downstream port of a usb hub (ehci_child_detach op) the ehci port
where the usb hub is plugged in is not affected.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
usb_packet_set_state can be called with p->ep = NULL. The tracepoint
there tries to log endpoint information, which leads to a segfault.
This patch makes usb_packet_set_state handle the NULL pointer properly.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add pointer to USBPacket to all tracepoints tracking requests to make it
easier to identify them when multiple requests are in flight.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When passing through a usb pendrive seabios will present it in the F12
boot menu and will happily boot from it.
This patch adds bootorder support so you can even make it the default
boot device.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When we queue up usb packets we may happen to find a already queued
packet, which also might be finished at that point already. We don't
want continue processing the packet at this point though, so lets
just signal back we've found a in-flight packet when in queuing mode.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Not only QHs can form rings, but TDs too. With the new
queuing/pipelining support we are following TD chains and
can actually walk in circles. An assert() prevents us from
entering an endless loop then.
Fix is easy: Just stop queuing when we figure the TD we are
about to queue up is in flight already.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
... to make vmstate id string truely unique with multiple host
controllers, i.e. move from "1/usb-ptr" to "0000:00:01.3/1/usb-ptr"
(usb tabled connected to piix3 uhci).
This obviously breaks migration. To handle this the usb bus
property "full-path" is added. When setting this to false old
behavior is maintained. This way current qemu will be compatible
with old versions when started using '-M pc-$oldversion'.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* kiszka/queues/pending:
vapic: Disable for pre-1.1 machines
Kick io-thread on qemu_chr_accept_input
pcnet: Properly handle TX requests during Link Fail
pcnet: Clear ERR in CSR0 on stop
signrom: Rewrite as python script
Conflicts:
hw/pc_piix.c
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* sstabellini/for_anthony:
xen: introduce an event channel for buffered io event notifications
xen-mapcache: don't unmap locked entry during mapcache invalidation
Xen, mapcache: Fix the compute of the size of bucket.
xen: handle backend deletion from xenstore
Xen: Add xen-apic support and hook it up.
Xen: basic HVM MSI injection support.
As long as we have no link and we aren't in internal loopback mode, no
packet must be sent. Instead, LCAR needs to be set in any active TX
descriptor and also CERR in CSR0.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
pcnet_stop already clears any reason (BABL, CERR, MISS, MERR) why ERR
(bit 15) should be set in CRS0. So we have to clear that bit as well.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Currently, the PAPR VIO network device does not have a reset handler. This
means that after a hard reset, H_REGISTER_LOGICAL_LAN will return an error
when the new guest boot attempts to initialize the device.
This patch corrects this, adding a suitable reset hook.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Currently the PAPR vscsi implementation does not properly clear its table
of request tags when the system is reset. This patch adds a reset hook
to do so.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Recently we added code to properly clean away VIO CRQs on reset However,
this directly uses qemu_register, rather than the existing device model
reset callbacks. This patch cleans this up by adding proper use of the
reset hook to the VIO bus model. The existing CRQ reset code is converted
to the new method.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Some time ago we removed all use of the 'hcalls' callback in the pseries
VIO code, which was used to workaround an ordering problem which has since
been solved properly. However, the function pointer for the hook remains.
This patch cleans it away.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The PAPR VSCSI emulation contains a few lines of code which were once used
for debug but now do nothing at all. This patch removes them.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
On the pseries platform, access to PCI config space is via RTAS calls(
which go to the hypervisor) rather than MMIO. This means we don't use
the same code path as nearly everyone else which goes through pci_host.c
and we're missing some of the parameter checking along the way.
We do have some parameter checking in the RTAS calls, but it's not enough.
It checks for overruns, but does not check for unaligned accesses,
oversized accesses (which means the guest could trigger an assertion
failure from pci_host_config_{read,write}_common(). Worse it doesn't do
the basic checking for the number of RTAS arguments and results before
accessing them.
This patch fixes these bugs.
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[AF: Fix typos spotted by mst]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Currently the pseries machine contains not one but two somewhat ugly hacks
to allow printing of early debug messages before the guest has properly
read the device tree.
First, we special case H_PUT_TERM_CHAR so that a vtermno of 0 (usually
invalid) will look for a suitable vty and use that. This supports Linux's
early debug code which will use H_PUT_TERM_CHAR with vtermno==0 before
reading the device tree. Second, we support the RTAS display-character call.
This takes no vtermno so we assume the address of the default first VTY.
This patch makes things more consistent by folding the second hack into the
first. Now, display-character uses the existing vty_lookup() function to
do the same search for a suitable VTY.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The VIOsPAPRBus structure, used on the pseries machine contains some old
fields which are no longer used anywhere. This patch removes them.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This patch adds the PAPR defined RTAS system-reboot call to the pseries
machine emulation, providing the guest with a way to trigger a reboot.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
PAPR specifies a Command Response Queue (CRQ) mechanism used for virtual
IO, which we implement. However, we don't correctly clean up registered
CRQs when we reset the system.
This patch adds a reset handler to fix this bug. While we're at it, add
in some of the extra debug messages that were used to track the problem
down.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[AF: Updated hcall_dprintf()s to not duplicate the function name]
Signed-off-by: Andreas Färber <afaerber@suse.de>
The pseries machine code has a number of debug messages for debugging PAPR
hypercalls, dependent on DEBUG_SPAPR_HCALLS. This patch cleans these
messages up a bit, by adding __func__ to the hcall_dprintf() macro and
simplifying up a number of the individual messages accordingly.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Commit d0ed8076cb converted the PCI config access to the memory
API, but also inadvertantly changed it to accept unaligned writes,
and corrupt the index register in the process. This causes a regression
booting NetBSD.
Fix by ignoring unaligned or non-dword writes.
https://bugs.launchpad.net/qemu/+bug/897771
Reported-by: Andreas Gustafsson <gson@gson.org>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Slot present bit is cleared apparently for each device. Hotplug and non
hotplug devices should not mix normally, and we only set the bit when we
add a device so it should all work out, but it's more robust to
explicitly account for more than one device per slot.
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The PCI hotplug eject register has always returned 0, so let's redefine
it as a hotplug feature register. The existing model of using separate
up & down read-only registers and an eject via write to this register
becomes the base implementation. As we make use of new interfaces we'll
set bits here to allow the BIOS and AML implementation to optimize for
the platform implementation.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Clarify this register as read-only and remove write code. No
change in existing behavior.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
As Michael Tsirkin demonstrated, current PCI hotplug is vulnerable
to a few races. The first is a race with other hotplug operations
because we clear the up & down registers at each event. If a new
event comes before the last is processed, up/down is cleared and
the event is lost.
To fix this for the down register, we create a life cycle for
the event request that starts with the hot unplug request in
piix4_device_hotplug() and ends when the device is ejected.
This allows us to mask and clear individual bits, preserving them
against races. For the up register, we have no clear end point
for when the event is finished. We could modify the BIOS to
acknowledge the bit and clear it, but this creates BIOS compatibiliy
issues without offering a complete solution. Instead we note that
gratuitous ACPI device checks are not harmful, which allows us to
issue a device check for every slot. We know which slots are present
and we know which slots are hotpluggable, so we can easily reduce
this to a more manageable set for the guest.
The other race Michael noted was that an unplug request followed
by reset may also lose the eject notification, which may also
result in the eject request being lost which a subsequent add
or remove. Once we're in reset, the device is unused and we can
flush the queue of device removals ourselves. Previously if a
device_del was issued to a guest without ACPI PCI hotplug support,
it was necessary to shutdown the guest to recover the device.
With this, a guest reboot is sufficient.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The write side of these registers is never used and actually can't be
used as defined because any read/modify/write sequence from the guest
potentially races with qemu. Drop the write support and define these
as read-only registers.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm:
hw/arm_gic: Remove stray hardcoded tab
hw/arm_gic: gic_set_pending_private() is NVIC only
hw/arm_gic: Use NVIC instead of LEGACY_INCLUDED_GIC define
hw/arm_gic: Make gic_reset a sysbus reset function
hw/arm11mpcore: Convert to using sysbus GIC device
hw/exynos4210_gic: Convert to using sysbus GIC
hw/realview_gic: switch to sysbus GIC
hw/a9mpcore: Switch to using sysbus GIC
hw/a15mpcore: switch to using sysbus GIC
hw/arm_gic: Make the GIC its own sysbus device
hw/arm_gic: Expose PPI inputs as gpio inputs
hw/arm_gic: Move gic_get_current_cpu into arm_gic.c
hw/arm_gic: Move NCPU definition to arm_gic.c
hw/exynos4210_combiner.c: Drop excessive read/write access check.
ARM: Exynos4210: Drop gic_cpu_write() after initialization.
Fix bit test in Exynos4210 UART emulation to use & instead of &&
The function gic_set_pending_private() is now used by the NVIC
only (for the GIC we now set PPI interrupts via gpio lines and
gic_set_irq()). So make it #ifdef NVIC and remove the 'attribute
unused' annotation.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Now all the A profile cores have been switched to use the standalone
sysbus GIC, the only remaining code which #includes arm_gic.c is
the v7M NVIC. The coupling is much closer here so it's not so
easily disentangled. For now, add a comment about how arm_gic.c
is compiled, and assume that the NVIC always includes arm_gic.c
and the non-NVIC GIC is always compiled standalone.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Make gic_reset a sysbus reset function, so we actually
reset the GIC on system reset rather than only at init.
For the NVIC this requires us also to implement reset
of the SysTick.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Convert the Exynos GIC code to use the standalone sysbus
GIC device.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Evgeny Voevodin <e.voevodin@samsung.com>
Switch the a9mpcore to using the sysbus GIC device rather
than having the a9mp private memory region device subclass
the GIC.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compile arm_gic.c as a standalone C file to produce a self contained
sysbus GIC device. Support the legacy usage by #include of the .c file
by making those users #define LEGACY_INCLUDED_GIC, so we can convert
them one by one.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Evgeny Voevodin <e.voevodin@samsung.com>
Expose the Private Peripheral Interrupt inputs as GPIO inputs.
The layout of the GPIO array is thus:
[0..N-1] SPIs
[N..N+31] PPIs for CPU 0
[N+32..N+63] PPIs for CPU 1
...
Treating PPIs as being another kind of input line is in line with the
GIC architecture specification, where they are clearly described that
way. The 11MPCore TRM is a bit more ambiguous, but there is no practical
difference between "set PPI X as pending" and "0->1 transition on a
PPI input line configured as edge triggered", and PPIs are always
edge triggered, so this change won't affect behaviour.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Move the gic_get_current_cpu() function into arm_gic.c.
There are only two implementations: (1) "get the index
of the currently executing CPU", used by all multicore
GICs, and (2) "always 0", used by all GICs instantiated
with a single CPU interface (the Realview board GIC and
the v7M NVIC). So we can move this into the main GIC
source file.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Evgeny Voevodin <e.voevodin@samsung.com>
Move the NCPU definition to arm_gic.c: the maximum number
of CPU interfaces is defined by the GIC architecture specification
to be 8, so we don't need to have this #define in each of the
sources files which currently includes arm_gic.c.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Evgeny Voevodin <e.voevodin@samsung.com>
Access to reserved area at offset higher than 0x3c is allowed in
External Combiner. Samsung Galaxy Kernel implements this. So, drop
excessive checks in read/write functions.
Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Remove gic_cpu_write() call after initialization that was emulating
functionality of earliest SOC bootloader which enables external
GIC CPU1 interface. Instead introduce Exynos4210-specific secondary
CPU bootloader, which enables both Internal and External GIC CPU1
interfaces.
Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Often when a guest is stopped from the qemu console, it will report spurious
soft lockup warnings on resume. There are kernel patches being discussed that
will give the host the ability to tell the guest that it is being stopped and
should ignore the soft lockup warning that generates. This patch uses the qemu
Notifier system to tell the guest it is about to be stopped.
Signed-off-by: Eric B Munson <emunson@mgebm.net>
Signed-off-by: Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
We use a 2 byte ioeventfd for virtio memory,
add support for this.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Commit afe0a59535 ("rtl8139: support byte
read to TxStatus registers") reused rtl8139_TxStatus_read() for reading
TxAddr registers. It relies on the fact that TxStatus[] and TxAddr[]
are adjacent.
This causes a gcc warning because the compiler can detect that array
access is out-of-bounds:
hw/rtl8139.c:2501:27: error: array subscript is above array bounds [-Werror=array-bounds]
This patch refactors the function so that we don't rely on out-of-bounds
accesses.
Cc: Jason Wang <jasonwang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Currently the virtio balloon device, when using the virtio-pci interface
advertises itself with PCI class code MEMORY_RAM. This is wrong; the
balloon is vaguely related to memory, but is nothing like a PCI memory
device in the meaning of the class code, and this code is not required
or suggested by the virtio PCI specification.
Worse, this patch causes problems on the pseries machine, because the
firmware, seeing this class code, advertises the device as memory in the
device tree, and then a guest kernel bug causes it to see this "memory"
before the real system memory, leading to a crash in early boot.
This patch fixes the problem by removing the bogus PCI class code on the
balloon device. The backwards compatibility PC machines get new compat
properties so that they don't change.
Cc: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
ivshmem used msix but didn't call it on either reset or
config write paths. This used to partically work since
guests don't use all of msi-x configuration fields,
and reset is rarely used, but the patch 'msix: track function masked
in pci device state' broke that. Fix by adding appropriate calls.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reported-by: Cam Macdonell <cam@cs.ualberta.ca>
Tested-by: Cam Macdonell <cam@cs.ualberta.ca>
It's clear from the surrounding code that
start < end so it's enough to assert end < log_size.
However, it's better to make this explicit in case
we refactor the code again.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
When the vhost log is resized, we want to sync up to
the size of the old log. With that end address in place,
ignore regions that start after then end rather than
hitting assert.
This also addresses the following crash report:
When migrating a vm using vhost-net we hit the following assertion:
qemu-kvm: /usr/src/packages/BUILD/qemu-kvm-0.15.1/hw/vhost.c:30:
vhost_dev_sync_region: Assertion `start / (0x1000 * (8 *
sizeof(vhost_log_chunk_t))) < dev->log_size' failed.
The cases which the end < start check is intended to catch, such as
for vga video memory, will also likely trigger the assertion.
Reorder the code to handle this correctly.
Reported-by: Josh Durgin <josh.durgin@dreamhost.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Make it easier to add compat properties, by
adding macros for properties duplicated across
machine types.
Note: there could be bugs in compat properties,
this patch does not attempt to address them,
the code is bug for bug identical to the original.
Tested by: generated a preprocessed file, sorted and
compared to sorted original.
Lightly tested on x86_64.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
There is a typo in i440FX init code. This is causing problems when
somebody wants to access the 64bit PCI range.
Signed-off-by: Alexey Korolev <alexey.korolev@endace.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* commit 'ff71f2e8cacefae99179993204172bc65e4303df': (21 commits)
rtl8139: do the network/host communication only in normal operating mode
rtl8139: correctly check the opmode
net: move compute_mcast_idx() to net.h
rtl8139: support byte read to TxStatus registers
rtl8139: remove unused marco
rtl8139: limit transmission buffer size in c+ mode
pci_regs: Add PCI_EXP_TYPE_PCIE_BRIDGE
virtio-net: add DATA_VALID flag
pci_bridge: upper 32 bit are long registers
pci: fix bridge IO/BASE
pcie: drop functionality moved to core
pci: set memory type for memory behind the bridge
pci: add standard bridge device
slotid: add slot id capability
shpc: standard hot plug controller
pci_bridge: user-friendly default bus name
pci: make another unused extern function static
pci: don't export an internal function
pci_regs: Fix value of PCI_EXP_TYPE_RC_EC.
pci: Do not check if a bus exist in pci_parse_devaddr.
...
* kwolf/for-anthony: (46 commits)
qed: remove incoming live migration blocker
qed: honor BDRV_O_INCOMING for incoming live migration
migration: clear BDRV_O_INCOMING flags on end of incoming live migration
qed: add bdrv_invalidate_cache to be called after incoming live migration
blockdev: open images with BDRV_O_INCOMING on incoming live migration
block: add a function to clear incoming live migration flags
block: Add new BDRV_O_INCOMING flag to notice incoming live migration
block stream: close unused files and update ->backing_hd
qemu-iotests: Fix call syntax for qemu-io
qemu-iotests: Fix call syntax for qemu-img
qemu-iotests: Test unknown qcow2 header extensions
qemu-iotests: qcow2.py
sheepdog: fix send req helpers
sheepdog: implement SD_OP_FLUSH_VDI operation
block: bdrv_append() fixes
qed: track dirty flag status
qemu-img: add dirty flag status
qed: image fragmentation statistics
qemu-img: add image fragmentation statistics
block: document job API
...
This FIXME has already been actioned. Deleted comment.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
It currently uses qerror_report(), but next commit will convert
the drive_del command to the QAPI and this requires using
error_set().
One particularity of qerror_report() is that it knows when it's
running on monitor context or command-line context and prints the
error message accordingly. error_set() doesn't do this, so we
have to be careful not to drop error messages.
qdev_unplug() has three kinds of usages:
1. It's called when hot adding a device fails, to undo anything
that has been done before hitting the error
2. It's called by function monitor functions like device_del(),
to unplug a device
3. It's used by xen_platform.c in a way that doesn't _seem_ to
be in monitor context
Only item 2 can print an error message to the user, this commit
maintains that.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
The official spelling is QEMU.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
[blauwirbel@gmail.com: fixed comment style in hw/sun4m.c]
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Currently dma_bdrv_io() takes a 'to_dev' boolean parameter to
determine the direction of DMA it is emulating. We already have a
DMADirection enum designed specifically to encode DMA directions.
This patch uses it for dma_bdrv_io() as well. This involves removing
the DMADirection definition from the #ifdef it was inside, but since that
only existed to protect the definition of dma_addr_t from places where
config.h is not included, there wasn't any reason for it to be there in
the first place.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Storage interfaces like virtio-blk can be configured with block size
information so that the guest can take advantage of efficient I/O
request sizes.
According to the SCSI Block Commands (SBC) standard a device's block
size is "almost always greater than one byte and may be a multiple of
512 bytes". QEMU currently has a 512 byte minimum block size because
the block layer functions work at that granularity. Furthermore, the
block size should be a power of 2 because QEMU calculates bitmasks from
the value.
Introduce a "blocksize" property type so devices can enforce these
constraints on block size values. If the constraints are relaxed in the
future then this property can be updated.
Introduce the new PropertyValueNotPowerOf2 QError so QMP clients know
exactly why a block size value was rejected.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Allow the user to specify a disk's World Wide Name.
Linux guests can address disks by their unique World Wide Name number
(e.g. /dev/disk/by-id/wwn-0x5001517959123522). This patch adds support
for assigning a World Wide Name number to a virtual IDE disk.
Cc: kwolf@redhat.com
Signed-off-by: Floris Bos <dev@noc-ps.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
strncpy may not null-terminate the destination string.
Cc: kwolf@redhat.com
Signed-off-by: Floris Bos <dev@noc-ps.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Allow the user to override the default disk model name "QEMU HARDDISK".
Some Linux distributions use the /dev/disk/by-id/scsi-SATA_name-of-disk-
model_serial addressing scheme when refering to partitions in /etc/fstab
and elsewhere. This causes problems when starting a disk image taken from
an existing physical server under qemu, because when running under qemu
name-of-disk-model is always "QEMU HARDDISK".
This patch introduces a model=s option which in combination with the
existing serial=s option can be used to fake the disk the operating
system was previously on, allowing the OS to boot properly.
Cc: kwolf@redhat.com
Signed-off-by: Floris Bos <dev@noc-ps.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
And remove several block_int.h inclusions that should not be there.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The vector interrupt has higher priority than interrupt_level_n.
Also check only interrupt_level_n concurency when TL > 0, the traps of
other types may be nested.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Don't produce stray irq 5, don't overwrite ivec_data if still busy with
processing of the previous interrupt.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
A strong limitation of QOM right now is that unconverted ports
(e.g. all...) do not give a canonical path to devices that are
part of the board. This in turn makes it impossible to replace
PROP_PTR with a QOM link for example.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
We want the composition tree to to be in order by the time we call
qdev_init, so that a single set of the toplevel realize property can
propagate all the way down the composition tree.
This is not the case so far. Unfortunately, this is incompatible
with calling qdev_init in the constructor wrappers for devices,
so for now we need to unattach some devices that are created through
those wrappers. This will be fixed by removing qdev_init and instead
setting the toplevel realize property after machine init.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This is QOM "mkdir -p". It is useful when referring to
container objects such as "/machine".
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
We never actually clear the TEMT (transmit sending register empty) flag when
populating the TSR. We set the flag, but since it's never cleared, setting it
is sort of pointless..
I found this with a unit test case.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
I'm not sure if the retry logic has ever worked when not using FIFO mode. I
found this while writing a test case although code inspection confirms it is
definitely broken.
The TSR retry logic will never actually happen because it is guarded by an
'if (s->tsr_rety > 0)' but this is the only place that can ever make the
variable greater than zero. That effectively makes the retry logic an 'if (0)'.
I believe this is a typo and the intention was >= 0. Once this is fixed though,
I see double transmits with my test case. This is because in the non FIFO
case, serial_xmit may get invoked while LSR.THRE is still high because the
character was processed but the retransmit timer was still active.
We can handle this by simply checking for LSR.THRE and returning early. It's
possible that the FIFO paths also need some attention.
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This bug existed since the first commit. Fortunately, the affected
registers have no functionality in qemu. This will only prevent the
following warning:
milkymist_vgafb: write access to unknown register 0x00000034
Signed-off-by: Michael Walle <michael@walle.cc>
The new version introduces the following new registers:
- SoC clock frequency: read-only of system clock used on the SoC
- debug scratchpad: 8 bit scratchpad register
- debug write lock: write once register, without any function on QEMU
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Since /i440fx/piix3 is being removed from the composition tree, the
IO-APIC is placed under /i440fx. This is wrong and should be changed
as soon as the /i440fx/piix3 path is put back.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This lets the user specify the desired semantics. By default, the RTC
will follow adjustments from the host's NTP client, and will remain in
sync when the virtual machine is stopped. The previous behavior, which
provides determinism with both icount and qtest, remains available with
"-rtc clock=vm".
pl031 supports migration, so we need to convert the time base from
rtc_clock to vm_clock and back for backwards compatibility. (The
rtc_clock may not be synchronized on the two machines, especially with
savevm/loadvm, so the conversion is needed anyway. And since any time
base will do, why not pick the one base that is backwards compatible).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This lets the user specify the desired semantics. By default, the RTC
will follow adjustments from the host's NTP client. "-rtc clock=vm" will
improve determinism with both icount and qtest. Finally, the previous
behavior is available with "-rtc clock=rt".
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The output of the pulse generator needs to be deterministic when
running in -icount mode, and to remain constant whenever the VM is
stopped. So the right clock to use is vm_clock.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* sstabellini/disk_io:
xen_disk: when using AIO flush after the operation is completed
xen_disk: open disk with BDRV_O_NOCACHE | BDRV_O_CACHE_WB | BDRV_O_NATIVE_AIO
We need to detach the blkdev from the BlockDriverState before calling
bdrv_delete.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
The first console has a different location compared to other PV devices
(console, rather than device/console/0) and doesn't obey the xenstore
state protocol. We already special case the first console in con_init
and con_initialise, we should also do it in con_disconnect.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Commit 45efb16124 optimized a bit too
much. We can skip the vga_invalidate_display() in case no console
switch happened because we don't need a full redraw then. We can *not*
skip vga_hw_update() though, because the screen content will be stale
then in case nobody else calls vga_hw_update().
Trigger: vga textmode with vnc display and no client connected.
Reported-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Tested-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* sstabellini/saverestore-8:
xen: do not allocate RAM during INMIGRATE runstate
xen mapcache: check if memory region has moved.
xen: record physmap changes to xenstore
Set runstate to INMIGRATE earlier
Introduce "xen-save-devices-state"
cirrus_vga: do not reset videoram
Conflicts:
qapi-schema.json
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* stefanha/trivial-patches:
qemu-ga: for w32, fix leaked handle ov.hEvent in ga_channel_write()
ioapic: fix build with DEBUG_IOAPIC
.gitignore: add qemu-bridge-helper and option rom build products
cleanup obsolete typedef
monitor: Remove unused bool field 'qapi' in mon_cmd_t struct
ds1338: Add missing break statement
vnc: Fix packed boolean struct members
Remove type field in ModuleEntry as it's not used
* bonzini/scsi-next:
scsi: add get_dev_path
virtio-scsi: call unregister_savevm properly
scsi: copy serial number into VPD page 0x83
scsi-cd: check ready condition before processing several commands
get rid of CONFIG_VIRTIO_SCSI
Currently QEMU passes the qdev device id to the guest in an ASCII-string
designator in page 0x83. While this is fine, it does not match what
real hardware does; usually the ASCII-string designator there hosts
another copy of the serial number (there can be other designators,
for example with a world-wide name). Do the same for QEMU SCSI
disks.
ATAPI does not support VPD pages, so it does not matter there.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is more or less obvious. What it caused is less obvious:
SCSI CD drives failed to eject under Linux, though for example the
"change" command worked okay. This happens because of the autoclose
option in the Linux CD-ROM driver.
The actual chain of events is quite complex and somehow involves
udev helpers; the actual command that matters is READ TOC, though
honestly it's not really clear to me how because it should always be
invoked after autoclose, not before.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* qemu-kvm/memory/urgent: (42 commits)
memory: check for watchpoints when getting code ram_addr
exec: fix write tlb entry misused as iotlb
Sparc: avoid AREG0 wrappers for memory access helpers
Sparc: avoid AREG0 for memory access helpers
TCG: add 5 arg helpers to def-helper.h
softmmu templates: optionally pass CPUState to memory access functions
i386: Remove REGPARM
sparc64: implement PCI and ISA irqs
sparc: reset CPU state on reset
apb: use normal PCI device header for PBM device
w64: Fix data type of next_tb and tcg_qemu_tb_exec
softfloat: fix for C99
vmstate: fix varrays with uint32_t indexes
Fix large memory chunks allocation with tcg_malloc.
hw/pxa2xx.c: Fix handling of pxa2xx_i2c variable offset within region
hw/pxa2xx_lcd.c: drop target_phys_addr_t usage in device state
hw/pxa2xx_dma.c: drop target_phys_addr_t usage in device state
ARM: Remove unnecessary subpage workarounds
malta: Fix display for LED array
malta: Use symbolic hardware addresses
...
Fix compilation failures on 32 bit hosts (cast from pointer to
integer of different size; %ld expects 'long int' not uint64_t).
Reported-by: Steve Langasek <steve.langasek@canonical.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
dprint is still used for qxl_init_common one time prints.
also switched parts of spice-display.c over, mainly all the callbacks to
spice server.
All qxl device trace events start with the qxl device id.
Signed-off-by: Alon Levy <alevy@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
If pipe creation fails, exit, don't log and continue. Fix indentation at
the same time.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
ioapic.c:198: error: format ‘%08x’ expects type ‘unsigned int’, but argument 3 has type ‘uint64_t’
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Without the break statement, case 5 sets month and year from the same
data. This does not look correct.
The missing break was reported by splint.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Generate correct trap for external interrupts. Map PCI and ISA IRQs to
RIC/UltraSPARC-IIi interrupt vectors.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm:
hw/pxa2xx.c: Fix handling of pxa2xx_i2c variable offset within region
hw/pxa2xx_lcd.c: drop target_phys_addr_t usage in device state
hw/pxa2xx_dma.c: drop target_phys_addr_t usage in device state
ARM: Remove unnecessary subpage workarounds
hw/omap_i2c: Convert to qdev
* 'malta' of git://qemu.weilnetz.de/qemu:
malta: Fix display for LED array
malta: Use symbolic hardware addresses
malta: Always allocate flash memory
malta: Clean allocation of bios region alias
The qdev property release function frees any string properties. This was
resulting in a double free during hot unplug.
It manifests in network devices because block devices have a NULL romfile
property by default.
Cc: Michael Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The pxa2xx I2C controller can have its registers at an arbitrary offset
within the MemoryRegion it creates. We use this to create two controllers,
one which covers a region of size 0x10000 with registers starting at an
offset 0x1600 into that region, and a second one which covers a region
of size just 0x100 with the registers starting at the base of the region.
The implementation of this offsetting uses two qdev properties, "offset"
(which sets the offset which must be subtracted from the address to
get the offset into the actual register bank) and "size", which is the
size of the MemoryRegion. We were actually using "offset" for two
purposes: firstly the required one of handling the registers not being
at the base of the MemoryRegion, and secondly as a workaround for a
deficiency of QEMU. Until commit 5312bd8b3, if a MemoryRegion was mapped
at a non-page boundary, the address passed into the read and write
functions would be the offset from the start of the page, not the
offset from the start of the MemoryRegion. So when calculating the value
to set the "offset" qdev property we included a rounding to a page
boundary.
Following commit 5312bd8b3 MemoryRegion read/write functions are now
correctly passed the offset from the base of the region, and our
workaround now means we're subtracting too much from addresses, resulting
in warnings like "pxa2xx_i2c_read: Bad register 0xffffff90".
The fix for this is simply to remove the rounding to a page boundary;
this allows us to slightly simplify the expression since
base - (base & (~region_size)) == base & region_size
The qdev property "offset" itself must remain because it is still
performing its primary job of handling register banks not being at
the base of the MemoryRegion.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Pxa2xx LCD controller is intended to work with 32-bit bus and it has no knowledge
of system's physical address size, so it should not use target_phys_addr_t in it's
state. Convert three variables in DMAChannel state from target_phys_addr_t to uint32_t,
use VMSTATE_UINT32 instead of VMSTATE_UINTTL for these variables.
We can do this safely because:
1) pxa2xx has 32-bit physical address;
2) rest of the code in file never assumes converted variables to have any size
different from uint32_t;
3) we shouldn't have used VMSTATE_UINTTL in the first place because this macro
is for target_ulong type (which can be different from target_phys_addr_t).
Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Pxa2xx DMA controller is a 32-bit device and it has no knowledge of system's
physical address size, so it should not use target_phys_addr_t in it's state.
Convert variables descr, src and dest from type target_phys_addr_t to uint32_t,
use VMSTATE_UINT32 instead of VMSTATE_UINTTL for these variables.
We can do this safely because:
1) pxa2xx actually has 32-bit physical address size;
2) rest of the code in file never assumes descr, src and dest variables to have
size different from uint32_t;
3) we shouldn't have used VMSTATE_UINTTL in the first place because this macro
is for target_ulong type (which can be different from target_phys_addr_t).
Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
In the ARM per-CPU peripherals (GIC, private timers, SCU, etc),
remove workarounds for subpage memory region read/write functions
being passed offsets from the start of the page rather than the
start of the region. Following commit 5312bd8b3 the masking off
of high bits of the address offset is now harmless but unnecessary.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
According the spec, the card works in network/host communication mode only when
both EEM1 and EEM0 are unset in 93C46 Command Register (normal op
mode). So this patch check these bits before trying to receive packets.
As some guest driver (such as linux, see cp_init_hw() in 8139cp.c)
allocate rx ring after the recevier were enabled, this would cause our
emulation codes tries to dma into guest memory when the rx descriptor
is not properly configured. This patch fixes this.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
According to the spec, only when opmode is "Config. Register Write
Enable" could driver write to CONFIG0,1,3,4 and bits 13,12,8 of BMCR.
Currently, we allow modifying to those registers also when 8139 is in
"Auto-load" mode and "93C46 (93C56) Programming" mode. This patch
fixes this.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Some drivers (such as win7) use byte read for TxStatus registers, so we need to
support this to let guest driver behave correctly.
For writing, only double-word access is allowed by spec.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The tx buffer would be re-allocated for tx descriptor with big size
and without LS bit set, this would make guest driver could easily let
qemu to allocate unlimited.
In linux host, a glib failure were easy to be triggered:
GLib-ERROR **: gmem.c:176: failed to allocate 18446744071562067968 bytes
This patch fix this by adding a limit. As the spec didn't tell the maximum size
of buffer allowed, stick it to current CP_TX_BUFFER_SIZE (65536).
Changes from V1:
Drop the while statement and s->cplus_txbuffer check.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
commit 5caef97a16010f818ea8b950e2ee24ba876643ad introduced
a regression: we do not make IO base/limit upper 16
bit registers writeable, so we should report a 16 bit
IO range type, not a 32 bit one.
Note that PCI_PREF_RANGE_TYPE_32 is 0x0, but PCI_IO_RANGE_TYPE_32 is 0x1.
In particular, this broke sparc64.
Note: this just reverts to behaviour prior to the commit above.
Making PCI_IO_BASE_UPPER16 and PCI_IO_LIMIT_UPPER16
registers writeable should, and seems to, work just as well, but
as no system seems to actually be interested in 32 bit IO,
let's not make unnecessary changes.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
As we make upper bits in IO and prefetcheable memory
registers writeable, we should declare support
for 64 bit prefetcheable memory and 32 bit io
in the bridge.
This changes the default for apb, dec, but I'm guessing
they got the defaults wrong by accident.
Alternatively, we could let bridges declare lack of
64 bit support and make the upper bits read-only zero.
Reported-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This adds support for a standard pci to pci bridge,
enabling support for more than 32 PCI devices in the system.
Device hotplug is supported by means of SHPC controller.
For guests with an SHPC driver, this allows robust hotplug
and even hotplug of nested bridges, up to 31 devices
per bridge.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This capability makes it possible for the guest to
report a unique chassis identifier to the user.
The spec also recommends making chassis indentifier
persist in eeprom.
This isn't implemented.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This adds support for SHPC interface, as defined by PCI Standard
Hot-Plug Controller and Subsystem Specification, Rev 1.0
http://www.pcisig.com/specifications/conventional/pci_hot_plug/SHPC_10
Only SHPC intergrated with a PCI-to-PCI bridge is supported,
SHPC integrated with a host bridge would need more work.
All main SHPC features are supported:
- MRL sensor
- Attention button
- Attention indicator
- Power indicator
Wake on hotplug and serr generation are stubbed out but unused
as we don't have interfaces to generate these events ATM.
One issue that isn't completely resolved is that qemu currently
expects an "eject" interface, which SHPC does not provide: it merely
removes the power to device and it's up to the user to remove the device
from slot. This patch works around that by ejecting the device
when power is removed and power LED goes off.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The 8-LED array was already implemented in the first commit to Malta,
but this implementation was incomplete.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
The patch adds definitions of some hardware addresses and uses these
definitions.
It also replaces the type of all addresses from signed to unsigned values.
This is only a cosmetic change because addresses are unsigned values,
the functions called also expect unsigned values,
and we need no sign extension here.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
There is no reason why there should not be a flash memory when the
Malta emulation is started with a Linux kernel. When flash memory
is always available, the code is simpler, and it can be better tested.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Convert the omap_i2c device to qdev.
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
[Riku Voipio: Fixes and restructuring patchset]
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
[Peter Maydell: More fixes and cleanups for upstream submission]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
For a pci bridge device, if we don't override
the name with custom code, the bus will be addressed as
<id>.0, where id is the id specified by the user.
Since PCI Bridge devices have a single bus each, we don't need
the index: address the bus using the parent device name.
This is better since this way users don't care about
our internal bus/device distinctions.
As far as I could see, we only have built-in
bridges at this point which always override the
name. So this change will only affect ioh3420.c.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Value check in PCI Express Base Specification rev 1.1
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Actually, pci_parse_devaddr checks if the dom/bus of the PCI address exist. But
this should be the jobs of a caller. In fact, the two callers of this function
will try to retrieve the PCIBus related to the devaddr and return an error if
they cannot.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
After commit 5312bd8b31 we got memory region relative offsets into our mmio
callbacks instead of page boundary based offsets.
This broke the OpenPIC emulation which expected offsets to be on page boundary
and substracted its region offset manually.
This patch gets rid of that manual substraction and lets the memory api do its
magic instead.
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently, the function spapr_create_phb() uses its parameters to
initialize the correct memory windows for the new PCI Host Bridge
(PHB). This is not the way things are supposed to be done with qdevs,
and means you can't create extra PHBs easily using -device.
Since pSeries machines can and do have many PHBs with various
configurations, this is a real limitation, not just a theoretical.
This patch, therefore, alters the PHB initialization code to use qdev
properties to set these parameters of the new bridge, moving most of
the code from spapr_create_phb() to spapr_phb_init().
While we're at it, we change the naming of each PCI bus and its
associated memory regions to be less arbitrary and make it easier to
relate the guest and qemu views of memory to each other.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
The pseries "xics" interrupt controller, like most interrupt
controllers can support both message (i.e. edge sensitive) interrupts
and level sensitive interrupts, but it needs to know which are which.
When I implemented the xics emulation for qemu, the only devices we
supported were the PAPR virtual IO devices. These devices only use
message interrupts, so they were the only ones I implemented in xics.
Since then, however, we have added support for PCI devices, which use
level sensitive interrupts. It turns out the message interrupt logic
still actually works most of the time for these, but there are
circumstances where we can lost interrupts due to the incorrect
interrupt logic.
This patch, therefore, implements the correct xics level-sensitive
interrupt logic. The type of the interrupt is set when a device
allocates a new xics interrupt.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The sPAPR PCI code defines a PCI device "spapr-pci-host-bridge-pci" which
is never used. This came over from the earlier bridge driver we used as
a template. Some other bridges appear on their own PCI bus as a device,
but that is not true of pSeries bridges, which are pure host to PCI with
no visible presence on the PCI side.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The 'bars' constant array was used in experimental device allocation code
which is no longer necessary now that we always run the SLOF firmware.
This patch removes the now redundant variable.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
spin_rw_ops is only used in hw/ppce500_spin.c.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
When trying to run a ppc405 guest, it segfaults quite quickly, trying to
access timers that weren't initialized. Initialize them properly instead.
Reported-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Scripted conversion:
for file in hw/xtensa_*.[hc]; do
sed -i "s/CPUState/CPUXtensaState/g" $file
done
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Scripted conversion:
for file in hw/sun4m.c hw/sun4u.c hw/grlib.h hw/leon3.c; do
sed -i "s/CPUState/CPUSPARCState/g" $file
done
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Scripted conversion:
for file in hw/sh.h hw/shix.c hw/r2d.c; do
sed -i "s/CPUState/CPUSH4State/g" $file
done
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Scripted conversion:
for file in hw/s390-*.[hc]; do
sed -i "s/CPUState/CPUS390XState/g" $file
done
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Scripted conversion:
for file in hw/ppc*.[hc] hw/mpc8544_guts.c hw/spapr*.[hc] hw/virtex_ml507.c hw/xics.c; do
sed -i "s/CPUState/CPUPPCState/g" $file
done
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Scripted conversion:
for file in hw/mips_*.[hc]; do
sed -i "s/CPUState/CPUMIPSState/g" $file
done
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Scripted conversion:
for file in hw/microblaze_*.[hc] hw/petalogix_ml605_mmu.c hw/petalogix_s3adsp1800_mmu.c; do
sed -i "s/CPUState/CPUMBState/g" $file
done
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Scripted conversion:
for file in hw/an5206.c hw/dummy_m68k.c hw/mcf.h hw/mcf5206.c hw/mcf5208.c hw/mcf_intc.c; do
sed -i "s/CPUState/CPUM68KState/g" $file
done
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Scripted conversion:
for file in hw/lm32_boards.c hw/milkymist.c; do
sed -i "s/CPUState/CPULM32State/g" $file
done
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Scripted conversion:
for file in hw/apic.h hw/kvm/apic.c hw/kvmvapic.c hw/pc.c hw/vmport.c hw/xen_machine_pv.c; do
sed -i "s/CPUState/CPUX86State/g" $file
done
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Scripted conversion:
for file in hw/cris-boot.[hc] hw/cris_pic_cpu.c hw/axis_dev88.c hw/etraxfs.h hw/etraxfs_ser.c; do
sed -i "s/CPUState/CPUCRISState/g" $file
done
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>
Scripted conversion:
for file in hw/alpha_*.[hc]; do
sed -i "s/CPUState/CPUAlphaState/g" $file
done
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Anthony Liguori <aliguori@us.ibm.com>
pc.h and apic.h are not needed; apic.h would drag in x86 CPUState and
is now included directly for TARGET_I386.
isa.h is already #included from mc146818rtc.h.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Frees the identifier cpu_reset for QOM CPUs (manual rename).
Don't hide the parameter type behind explicit casts, use static
functions with strongly typed argument to indirect.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
On ppc405ep there is a register that allows for software to reset the
core, but not the whole system. Implement this reset using a reset
interrupt.
This gets rid of a bunch of #if 0'ed code.
Reported-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The kvmvapic code remaps a section of ROM as RAM to allow the guest to
maintain state there. It is careful to align the section size to a page
boundary, to avoid creating subpages, but neglects to do the same for
the start address. These leads to an assert later on when the memory
core tries to create a page which is half RAM and half ROM.
Fix by aligning the start address to a page boundary.
This can be triggered by running qemu-system-x86_64 -enable-kvm -vga none.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* kraxel/usb.44:
Endian fix an assertion in usb-msd
uhci: alloc can't fail, drop check.
uhci: new uhci_handle_td return code for tds still in flight
uhci: renumber uhci_handle_td return codes
uhci: use enum for uhci_handle_td return codes
uhci: tracing support
uhci: cancel on schedule stop.
uhci: fix uhci_async_cancel_all
uhci: pass addr to uhci_async_alloc
usb: improve packet state sanity checks
usb-ohci: DMA writeback bug fixes
usb-ehci: drop unused isoch_pause variable
usb: zap hw/ush-{ohic,uhci}.h + init wrappers
usb: the big rename
Currently, the "kvmclock" type is only registered when kvm_enabled().
This breaks when moving type registration to before command line
parsing (so that QOM types can be used for CPU and machine).
Since the QOM classes are lazy-initialized anyway and kvmclock_create()
has another kvm_enabled() check, simply drop the KVM check in
kvmclock_register_types().
kvm-i8259, kvm-apic and kvm-ioapic do not suffer from such a check.
Reviewed-by: please.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
There is no need to set the videoram to 0xff in cirrus_reset, because it
is the BIOS' job.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Avi Kivity <avi@redhat.com>
This fixes a broken endian assumption in an assertion in usb-msd.
Cc: Gerd Hoffman <kraxel@redhat.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Step #2 (separate for better bisectability): renumber so the silly '-1'
goes away. Pick a range which doesn't overlap the old values.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add a new function to check whenever the packet state is as expected,
log more informations in case it isn't.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch fixes two bugs in the OHCI device where the device writes
back data to system memory that should be exclusively under the
control of the guest side driver.
In OHCI specification Section 5.2.7, it mentioned "In all cases, Host
Controller Driver is responsible for the insertion and removal of all
Endpoint Descriptors in the various Host Controller Endpoint
Descriptor lists". In the ohci_frame_boundary(), ohci_put_hcca()
writes the entire hcca back including the interrupt ED lists which
should be under driver control. This violates the specification and
can race with a host driver updating that list at the same time.
In the OHCI Spec Section 4.6, Transfer Descriptor Queue Processing, it
mentioned "Since the TD pointed to by TailP is not accessed by the HC,
the Host Controller Driver can initialize that TD and link at least
one other to it without creating a coherency or synchronization
problem". While the function ohci_put_ed() writes the entire endpoint
descriptor back including the TailP which should under driver
control. This violate the specification and can race with a host
driver updating the TD list at the same time.
In each case the solution is to make sure we don't write data which is
under driver control.
Cc: Gerd Hoffman <kraxel@redhat.com>
Signed-off-by: Wei Yang <weiyang@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Remove the uhci and ohci init wrappers, which all wrapped a
pci_create_simple() one-liner. Switch callsites to call
pci_create_simple directly. Remove the header files where
the wrappers where declared.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reorganize usb source files. Create a new hw/usb/ directory and move
all usb source code to that place. Also make filenames a bit more
descriptive. Host adapters are prefixed with "hch-" now, usb device
emulations are prefixed with "dev-". Fixup paths Makefile and include
paths to make it compile. No code changes.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* stefanha/tracing:
vga: add trace event for ppm_save
console: add some trace events
maintainers: Add docs/tracing.txt to Tracing
docs: correct ./configure line in tracing.txt
trace: make trace_thread_create() use its function arg
tracetool: Omit useless QEMU_*_ENABLED() check
trace: Provide a per-event status define for conditional compilation
These were stored as NULL due to wrong cut-and-paste from set_pointer.
Reported-by: Gerhard Wiesinger <lists@wiesinger.com>
Tested-by: Gerhard Wiesinger <lists@wiesinger.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Most MemoryRegionOps already had the const attribute.
This patch adds it to the remaining ones.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* stefanha/trivial-patches:
configure: Quote the configure args printed in config.log
osdep: Remove local definition of macro offsetof
libcacard: Spelling and grammar fixes in documentation
Spelling fixes in comments (it's -> its)
vnc: Add break statement
libcacard: Use format specifier %u instead of %d for unsigned values
Fix sign of sscanf format specifiers
block/vmdk: Fix warning from splint (comparision of unsigned value)
qmp: Fix spelling fourty -> forty
qom: Fix spelling in documentation
sh7750: Remove redundant 'struct' from MemoryRegionOps
* qemu-kvm/uq/master:
kvm: fill in padding to help valgrind
kvm: x86: Add user space part for in-kernel i8254
kvm: Add kvm_has_pit_state2 helper
i8254: Open-code timer restore
i8254: Factor out base class for KVM reuse
* kraxel/usb.42:
xhci: fix port status
xhci: fix control xfers
usb: add shortcut for control transfers
usb-host: enable pipelineing for bulk endpoints.
usb: add pipelining option to usb endpoints
usb: queue can have async packets
uhci_fill_queue: zap debug printf
usb: add USB_RET_IOERROR
usb: return BABBLE rather then NAK when we receive too much data
usb-ehci: Cleanup itd error handling
usb-ehci: Fix and simplify nakcnt handling
usb-ehci: Remove dead nakcnt code
usb-ehci: Fix cerr tracking
usb-ehci: Any packet completion except for NAK should set the interrupt
usb-ehci: Rip the queues when the async or period schedule is halted
usb-ehci: Drop cached qhs when the doorbell gets rung
usb-ehci: always call ehci_queues_rip_unused for period queues
usb-ehci: split our qh queue into async and periodic queues
usb-ehci: Never follow table entries with the T-bit set
usb-redir: Set ep type and interface
* it's -> its (fixed for all files)
* dont -> don't (only fixed in a line which was touched by the previous fix)
* distrub -> disturb (fixed in the same line)
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
The 'struct' is not needed, and all other MemoryRegionOps don't use it.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Don't signal port status change if the usb device isn't in attached
state. Happens with usb-host devices with the pass-through device
being plugged out at the host.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Use the new, direct control transfer submission method instead of
bypassing the usb core by calling usb_device_handle_control directly.
The later fails for async control transfers.
This patch gets xhci + usb-host combo going.
Add a more direct code path to submit control transfers. Instead of
feeding three usb packets (setup, data, ack) to usb_handle_packet and
have the do_token_* functions in usb.c poke the control transfer
parameters out of it just submit a single packet carrying the actual
data with the control xfer parameters filled into USBPacket->parameters.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
With this patch applied USB drivers can enable pipelining per endpoint.
With pipelining enabled the usb core will continue submitting packets
even when there are still async transfers in flight instead of passing
them on one by one.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This can happen today in case the ->complete() callback queues up the
next packet. Also we'll support pipelining soon, which allows to have
multiple packets per queue in flight (aka ASYNC) state.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
We already have USB_RET_NAK, but that means that a device does not want
to send/receive right now. But with host / network redirection we can
actually have a transaction fail due to some io error, rather then ie
the device just not having any data atm.
This patch adds a new error code named USB_RET_IOERROR for this, and uses
it were appropriate.
Notes:
-Currently all usb-controllers handle this the same as NODEV, but that
may change in the future, OHCI could indicate a CRC error instead for example.
-This patch does not touch hw/usb-musb.c, that is because the code in there
handles STALL and NAK specially and has a if status < 0 generic catch all
for all other errors
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
All error statuses except for NAK are handled in a switch case, move the
handling of NAK into the same switch case.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The nakcnt code in ehci_execute_complete() marked transactions as finished
when a packet completed with a result of USB_RET_NAK, but USB_RET_NAK
means that the device cannot receive / send data at that time and that
the transaction should be retried later, which is also what the usb-uhci
and usb-ohci code does.
Note that there already was some special code in place to handle this
for interrupt endpoints in the form of doing a return from
ehci_execute_complete() when reload == 0, but that for bulk transactions
this was not handled correctly (where as for example the usb-ccid device does
return USB_RET_NAK for bulk packets).
Besides that the code in ehci_execute_complete() decrement nakcnt by 1
on a packet result of USB_RET_NAK, but
-since the transaction got marked as finished,
nakcnt would never be decremented again
-there is no code checking for nakcnt becoming 0
-there is no use in re-trying the transaction within the same usb frame /
usb-ehci frame-timer call, since the status of emulated devices won't change
as long as the usb-ehci frame-timer is running
So we should simply set the nakcnt to 0 when we get a USB_RET_NAK, thus
claiming that we've tried reload times (or as many times as possible if
reload is 0).
Besides the code in ehci_execute_complete() handling USB_RET_NAK there
was also code handling it in ehci_state_executing(), which calls
ehci_execute_complete(), and then does its own handling on top of the handling
in ehci_execute_complete(), this code would decrement nakcnt *again* (if not
already 0), or restore the reload value (which was never changed) on success.
Since the double decrement was wrong to begin with, and is no longer needed
now that we set nakcnt directly to 0 on USB_RET_NAK, and the restore of reload
is not needed either, this patch simply removes all nakcnt handling from
ehci_state_executing().
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch removes 2 bits of dead nakcnt code:
1) usb_ehci_execute calls ehci_qh_do_overlay which does:
nakcnt = reload;
and then has a block of code which is conditional on:
if (reload && !nakcnt) {
which ofcourse is never true now as nakcnt == reload.
2) ehci_state_fetchqh does:
nakcnt = reload;
but before nakcnt is ever used ehci_state_fetchqh is always followed
by a ehci_qh_do_overlay call which also does:
nakcnt = reload;
So doing this from ehci_state_fetchqh is redundant.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
cerr should only be decremented on errors which cause XactErr to be set, and
when that happens the failing transaction should be retried until cerr reaches
0 and only then should USBSTS_ERRINT be set (and inactive cleared and
USBSTS_INT set if requested).
Since we don't have any hardware level errors (and in case of redirection
the real hardware has already retried), re-trying makes no sense, so
immediately set cerr to 0 on errors which set XactErr.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
As clearly stated in the 2.3.2 of the EHCI spec, any time USBERRINT get
sets then if the td has its IOC bit set USBINT should be set as well.
This means that for any status except for USB_RET_NAK we should set
USBINT if the IOC bit is set.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The purpose of the IAAD bit / the doorbell is to make the ehci controller
forget about cached qhs, this is mainly used when cancelling transactions,
the qh is unlinked from the async schedule and then the doorbell gets rung,
once the doorbell is acked by the controller the hcd knows that the qh is
no longer in use and that it can do something else with the memory, such
as re-use it for a new qh! But we keep our struct representing this qh around
for circa 250 ms. This allows for a (mightily large) race window where the
following could happen:
-hcd submits a qh at address 0xdeadbeef
-our ehci code sees the qh, sends a request to a usb-device, gets a result
of USB_RET_ASYNC, sets the async_state of the qh to EHCI_ASYNC_INFLIGHT
-hcd unlinks the qh at address 0xdeadbeef
-hcd rings the doorbell, wait for us to ack it
-hcd re-uses the qh at address 0xdeadbeef
-our ehci code sees the qh, looks in the async_queue, sees there already is
a qh at address 0xdeadbeef there with async_state of EHCI_ASYNC_INFLIGHT,
does nothing
-the *original* (which the hcd thinks it has cancelled) transaction finishes
-our ehci code sees the qh on yet another pass through the async list,
looks in the async_queue, sees there already is a qh at address 0xdeadbeef
there with async_state of EHCI_ASYNC_COMPLETED, and finished the transaction
with the results of the *original* transaction.
Not good (tm), this patch fixes this race by removing all qhs which have not
been seen during the last cycle through the async list immidiately when the
doorbell is rung.
Note this patch does not fix any actually observed problem, but upon
reading of the EHCI spec it became apparent to me that the above race could
happen and the usb-ehci behavior from before this patch is not good.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Before this patch USB 2 devices with interrupt endpoints were not working
properly. The problem is that to avoid loops we stop processing as soon
as we encounter a queue-head (qh) we've already seen since qhs can be linked
in a circular fashion, this is tracked by the seen flag in our qh struct.
The resetting of the seen flag is done from ehci_queues_rip_unused which
before this patch was only called when executing the statemachine for the
async schedule.
But packets for interrupt endpoints are part of the periodic schedule! So what
would happen is that when there were no ctrl or bulk packets for a USB 2
device with an interrupt endpoint, the async schedule would become non
active, then ehci_queues_rip_unused would no longer get called and when
processing the qhs for the interrupt endpoints from the periodic schedule
their seen bit would still be 1 and they would be skipped.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
qhs can be part of both the async and the periodic schedule, as is shown
in later patches in this series it is useful to keep track of the qhs on
a per schedule basis.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Before this patch the T-bit was not checked in 2 places, while it should be.
Once we properly check the T-bit everywhere we no longer need the weird
entry < 0x1000 and entry > 0x1000 checks, so this patch removes them.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This provides the required user space stubs to enable the in-kernel
i8254 emulation of KVM.
The in-kernel model supports lost tick compensation according to the
"delay" policy. This is enabled by default and can be switched off via a
device property.
Depending on the feature set of the host kernel (before 2.6.32), we may
have to disable the HPET or lack sound output from the PC speaker.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Same as for the APIC: To enable migration between accelerated and
non-accelerated models, we need to arm the channel 0 timer only inside
the emulated PIT model. The common code just saves/restores that timer
to the the next_transition_time field.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Applying the concept used for the *PICs once again: establish a base
class for the i8254 that can be used both by the current user space
emulation and the upcoming KVM in-kernel version. We share most of the
public interface of the i8254, specifically to the pcspk, vmstate, reset
and certain init parts.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Xilinx zynq-7000 machine model. Also includes device model for the zynq-specific
system level control register (SLCR) module.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Device model for cadence gem ethernet controller.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: John Linn <john.linn@xilinx.com>
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Implemented cadence Triple Timer Counter (TCC)
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: John Linn <john.linn@xilinx.com>
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Implemented cadence UART serial controller
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: John Linn <john.linn@xilinx.com>
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Use the -dtb argument for passing is a custom dtb rather than the old
hardcoded "mb.dtb"
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
defined macros for the addresses of the peripherals in machine model
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
This belongs in the machine specific reset function
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
factored out the copy-pasted common boot code from the two microblaze platforms
into a dedicated microblaze bootloader (microblaze_boot.o).
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
This reworks the image loading on s390.
Newer kernels will not always have a 0dd0 (basr 13,0) at address 0x10000.
We must not rely on specific code at certain addresses. This check was
introduced to warn users that tried to load vmlinux, since ELF loading
was not supported. Lets wire that up. If elf loading fails, we assume
that this is a standard kernel image and load that via load_image_targphys.
This patch also changes all other users of load_image to
load_image_targphys to be consistent. (the elf loader registers the kernel
as rom).
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
* 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm:
hw/arm11mpcore: Fix broken realview_mpcore/arm11mpcore_priv properties
arm: add device tree support
arm: make sure that number of irqs can be represented in GICD_TYPER.
arm: clean up GIC constants
Fix confusion in the Property arrays for the "arm11mpcore_priv"
(per-CPU devices for the ARM11MPcore CPU) and "realview_mpcore"
(realview-eb board specific device encapsulating CPU and some
extra interrupt controllers) -- the num-irq property was defined
on the wrong device and the mpcore_rirq_properties were defined
as offsets in the wrong structure. The effect was that the
realview-eb-mpcore machine would abort on startup trying to
allocate an insane amount of memory. (This bug was introduced in
the QOM conversion in commit 999e12bb.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
If compiled with CONFIG_FDT, allow user to specify a device tree file using
the -dtb argument. If the machine supports it then the dtb will be loaded
into memory and passed to the kernel on boot.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
[Peter Maydell: Use machine opt rather than global to pass dtb filename]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We currently assume that the number of interrupts (ITLinesNumber in
the architecture reference manual) is divisible by 32, since we
present it to the guest when it reads GICD_TYPER (in gic_dist_readb())
as (N / 32) - 1.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Interrupts numbers 0-31 are private to the processor interface, 32-1019 are
general interrupts. Add GIC_INTERNAL and substitute everywhere.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
[Peter Maydell: converted some tabs to spaces]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* qemu-kvm/memory/core: (30 commits)
memory: allow phys_map tree paths to terminate early
memory: unify PhysPageEntry::node and ::leaf
memory: change phys_page_set() to set multiple pages
memory: switch phys_page_set() to a recursive implementation
memory: replace phys_page_find_alloc() with phys_page_set()
memory: simplify multipage/subpage registration
memory: give phys_page_find() its own tree search loop
memory: make phys_page_find() return a MemoryRegionSection
memory: move tlb flush to MemoryListener commit callback
memory: unify the two branches of cpu_register_physical_memory_log()
memory: fix RAM subpages in newly initialized pages
memory: compress phys_map node pointers to 16 bits
memory: store MemoryRegionSection pointers in phys_map
memory: unify phys_map last level with intermediate levels
memory: remove first level of l1_phys_map
memory: change memory registration to rebuild the memory map on each change
memory: support stateless memory listeners
memory: split memory listener for the two address spaces
xen: ignore I/O memory regions
memory: allow MemoryListeners to observe a specific address space
...
* qemu-kvm/uq/master:
pc-bios: update kvmvapic.bin
kvmvapic: Use optionrom helpers
optionsrom: Reserve space for checksum
kvmvapic: Simplify mp/up_set_tpr
kvmvapic: Introduce TPR access optimization for Windows guests
kvmvapic: Add option ROM
target-i386: Add infrastructure for reporting TPR MMIO accesses
Allow to use pause_all_vcpus from VCPU context
Process pending work while waiting for initial kick-off in TCG mode
Remove useless casts from cpu iterators
kvm: Set cpu_single_env only once
kvm: Synchronize cpu state in kvm_arch_stop_on_emulation_error()
* kwolf/for-anthony: (27 commits)
qemu-img: fix segment fault when the image format is qed
qemu-io: fix segment fault when the image format is qed
qemu-tool: revert cpu_get_clock() abort(3)
qemu-iotests: Test rebase with short backing file
qemu-iotests: 026: Reduce output changes for cache=none qcow2
qemu-iotests: Filter out DOS line endings
test: add image streaming tests
qemu-iotests: add iotests Python module
qemu-iotests: export TEST_DIR for non-bash tests
QMP: Add qmp command for blockdev-group-snapshot-sync
qapi: Introduce blockdev-group-snapshot-sync command
qcow2: Reject too large header extensions
qcow2: Fix offset in qcow2_read_extensions
block: drop aio_multiwrite in BlockDriver
block: remove unused fields in BlockDriverState
qcow2: Fix build with DEBUG_EXT enabled
ide: fail I/O to empty disk
fdc: DIR (Digital Input Register) should return status of current drive...
fdc: fix seek command, which shouldn't check tracks
fdc: check if media rate is correct before doing any transfer
...
* kraxel/usb.39: (21 commits)
usb: Resolve warnings about unassigned bus on usb device creation
usb-redir: Return USB_RET_NAK when we've no data for an interrupt endpoint
usb-redir: Limit return values returned by iso packets
usb-redir: Let the usb-host know about our device filtering
usb-redir: Always clear device state on filter reject
usb-redir: Fix printing of device version
ehci: drop old stuff
usb-ehci: Handle ISO packets failing with an error other then NAK
libcacard: fix reported ATR length
usb-ccid: advertise SELF_POWERED
libcacard: link with glib for g_strndup
usb-desc: fix user trigerrable segfaults (!config)
usb-ehci: sanity-check iso xfers
usb: add tracepoint for usb packet state changes.
usb-xhci: enable packet queuing
usb-uhci: implement packet queuing
usb-uhci: process uhci_handle_td return code via switch.
usb-uhci: add UHCIQueue
usb-uhci: cleanup UHCIAsync allocation & initialization.
usb-ehci: fix reset
...
Requesting a read or a write operation on an empty disk can lead
to QEMU dumping core.
Also fix a few braces here and there.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The seek command just sends step pulses to the drive and doesn't care if
there is a medium inserted of if it is banging the head against the drive.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The programmed rate has to be the same as the required rate for the
floppy format ; if that's not the case, the transfer should abort.
This check can be disabled by using the 'check_media_rate' property.
Save media rate value only if media rate check is enabled.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Set it to true for current Qemu versions, and false for previous ones
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Floppies must be read at a specific transfer rate, depending of its own format.
Update floppy description table to include required transfer rate.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
DIR and CCR registers share the same address ; DIR is read-only
while CCR is write-only
CCR register is used to change media transfer rate, which will be
checked in following changes.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
A real floppy doesn't attempt to write to read-only media either.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
In fact, only three control commands generate an interrupt:
read_id, recalibrate and seek
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This bit must be active while a command is currently executed.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Floppies can be simple or double-sided. However, current code
was only taking the common case into account (ie 2 sides).
This repairs single-sided floppies, which where totally broken
before this patch : for track > 0, wrong sector number was
calculated, and data was read/written at wrong place on
underlying device.
Fortunately, only some 360 kB floppies are single-sided, so
this bug was probably not seen much.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Current memory listeners are incremental; that is, they are expected to
maintain their own state, and receive callbacks for changes to that state.
This patch adds support for stateless listeners; these work by receiving
a ->begin() callback (which tells them that new state is coming), a
sequence of ->region_add() and ->region_nop() callbacks, and then a
->commit() callback which signifies the end of the new state. They should
ignore ->region_del() callbacks.
Signed-off-by: Avi Kivity <avi@redhat.com>
This allows reverse iteration, which in turns allows consistent ordering
among multiple listeners:
l1->add
l2->add
l2->del
l1->del
Signed-off-by: Avi Kivity <avi@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Although qxl creates a shared displaysurface when the qxl surface is
upright and doesn't need to be flipped there is no guarantee that the
surface doesn't become unshared for some reason. Rename qxl_flip to
qxl_blit and fix it to handle both flip and non-flip cases.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds an 64bit pci bar for vram. It is turned off by default.
It can be enabled by setting the size of the 64bit bar to be larger than
the 32bit bar. Both 32bit and 64bit bar refer to the same memory. Only
the first part of the memory is available via 32bit bar.
The intention is to allow large vram sizes for 64bit guests, by allowing
the vram bar being mapped above 4G, so we don't have to squeeze it into
the pci I/O window below 4G.
With vram_size_mb=16 and vram64_size_mb=256 it looks like this:
00:02.0 VGA compatible controller: Red Hat, Inc. Device 0100 (rev 02) (prog-if 00 [VGA controller])
Subsystem: Red Hat, Inc Device 1100
Physical Slot: 2
Flags: fast devsel, IRQ 10
Memory at f8000000 (32-bit, non-prefetchable) [size=64M]
Memory at fc000000 (32-bit, non-prefetchable) [size=16M]
Memory at fd020000 (32-bit, non-prefetchable) [size=8K]
I/O ports at c5a0 [size=32]
Memory at ffe0000000 (64-bit, prefetchable) [size=256M]
Expansion ROM at fd000000 [disabled] [size=64K]
[ mapping above 4G needs patched seabios:
http://www.kraxel.org/cgit/seabios/commit/?h=pci64 ]
When creating an USB device the old way, there is no way to specify the
target bus. Thus the warning issued by usb_create makes no sense and
rather confuses our users.
Resolve this by passing a bus reference to the usbdevice_init handler
and letting those handlers forward it to usb_create.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Before this patch the ehci code was not checking for any other errors other
then USB_RET_NAK. This causes 2 problems:
1) Other errors are not reported to the guest.
2) When transactions with the ITD_XACT_IOC bit set completing with another
error would not result in USBSTS_INT getting set.
I hit this problem when unplugging devices while iso data was streaming from
the device to the guest. When this happens it takes a while for the guest to
process the unplugging and remove ISO transactions from the ehci schedule, in
the mean time these transactions would complete with a result of USB_RET_NODEV,
which was not handled. This lead to the Linux guest's usb subsystem "hanging",
that is it would no longer see new usb devices getting plugged in and running
for example lsusb would lead to a stuck (D state) lsusb process. This patch
fixes this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Before commit ed5a83ddd8 each device
provided it's own response to USB_REQ_GET_STATUS, but after it that
response was based on bmAttributes, which was errounously set for
usb-ccid as 0xa0 and not 0xe0.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Check for dev->config being NULL in two places:
USB_REQ_GET_CONFIGURATION and USB_REQ_GET_STATUS.
The behavior of USB_REQ_GET_STATUS is unspecified in the Default state,
that corresponds to dev->config being NULL (it defaults to NULL and is
reset whenever a SET_CONFIGURATION with value 0, or attachment). I
implemented it to correspond with the state before
ed5a83ddd8, the commit moving SET_STATUS
to usb-desc; if dev->config is not set we return whatever is in the
first configuration.
The behavior of USB_REQ_GET_CONFIGURATION is also undefined before any
SET_CONFIGURATION, but here we just return 0 (same as specified for the
Address state).
A win7 guest failed to initialize the device before this patch,
segfaulting when GET_STATUS was called with dev->config == NULL. With
this patch the passthrough device still doesn't work but the failure is
unrelated.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds a sanity check to itd processing to make sure the
endpoint addressed by the guest is actually an iso endpoint. Also
verify that usb drivers don't return USB_RET_ASYNC which is illegal for
iso xfers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When a usb device is busy processing a packet (and returns
USB_RET_ASYNC), continue walking the transfer descriptor list
and process them to fill the request queue.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Restruct the uhci_handle_td return code processing to make the
control flow more clear and the code more readable.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
UHCIAsync structs (in-flight requests) grouped in UHCIQueue now.
Each (active) usb endpoint gets its own UHCIQueue.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Two reset fixes:
* pick up s->usbcmd value after ehci_reset call to make sure it
keeps the reset value and doesn't get rubbish filled in when
val is written back to the mmio register array later on.
* make sure the frame timer is zapped on reset.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Activate usb hid pointer devices (mouse+tablet) unconditionally
on polls, even if we NAK the poll due to lack of new events.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
RHBZ# 747011
Removes the last user of QXL_SYNC when using update drivers that use the
_ASYNC io ports.
The last user is qxl_render_update, it is called both by qxl_hw_update
which is the vga_hw_update_ptr passed to graphic_console_init, and by
qxl_hw_screen_dump.
At the same time the QXLRect area being passed to the red_worker thread
is passed as a copy, as part of the QXLCookie.
The implementation uses interface_update_area_complete with a bh to make
sure dpy_update and qxl_flip are called from the io thread, otherwise
the vga->ds->surface.data can change under our feet.
With this patch sdl+spice works fine. But spice by itself doesn't
produce the expected screendumps unless repeated a few times, due to
ppm_save being called before update_area (rendering done in spice server
thread) having a chance to complete. Fixed by next patch, but see commit
message for problem introduced by it.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested on linux and windows guests. For negative stride, qxl_flip copies
directly to vga->ds->surface->data, for positive it's reallocated to
share qxl->guest_primary.data
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
drop all ifdefs on SPICE_INTERFACE_QXL_MINOR >= 1 as a result,
any check for SPICE_SERVER_VERSION that is now always satisfied,
and SPICE_INTERFACE_CORE_MINOR >= 3 tests, because
0.8.2 has SPICE_INTERFACE_QXL_MINOR == 1 and
SPICE_INTERFACE_CORE_MINOR == 3.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
It was never used. Introduced in
5ff4e36c80
qxl: async io support using new spice api
But not used even then.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
These days one just needs to specify the romfile in PCiDeviceInfo and
everything magically works. It also allows to disable pxe rom loading
via "romfile=<emptystring>" like it is possible for all other nics.
[ v2: rebased & adapted to qom changes ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
switch console only if needed, also pass down whenever the console was
switched or not because a displaysurface redraw is only needed in case
the console was switched.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The code in console.c verifies whenever a screen_dump function
pointer is present before calling it, so there is no need to supply an
dummy function. Remove them. Also report an error to notify the user
that he didn't got a screenshot.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The displaychangelistener isn't needed at all, we can simply save the
image when vga_hw_update is done instead of hooking into the update
process.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Make the acpi timer wake up the guest.
Guests can enable/disable this via acpi too.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Make the rtc wake up the guest when the alarm fires.
Add acpi windup to property support RTC_EN, so guests
can enable and disable this.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Add a 'wakeup' property to the serial port. It is off by default. When
enabled any incoming character on the serial line will wake up the
guest. Useful for guests which have a serial console configured.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch adds wakeup support to ps/2 emulation. Any key press on the
ps/2 keyboard will wakeup the guest. Likewise any mouse button press
will wakeup the guest. Mouse moves are ignored, so the guest will not
wakeup in case your mouse crosses the vnc window of a suspended guest by
accident.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch switches pc s3 suspend over to the new infrastructure.
The cmos_s3 qemu_irq is killed, the new notifier is used instead.
The xen hack goes away with that too, the hypercall can simply be
done in a notifier function now.
This patch also makes the guest actually stay suspended instead
of leaving suspend instantly, so it is useful for more than just
testing whenever the suspend/resume cycle actually works.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Do APCIREGS->pm1.evt.en updates using the new acpi_pm1_evt_write_en
function, so the acpi code will see those updates.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Pretty pointless, can easily be reached via ACPIREGS now.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
All those acpi structs are not independent from each other.
Various acpi functions expecting multiple acpi structs passed
in are a clean indicator for that ;)
So this patch bundles all acpi structs in the new ACPIREGS
struct, then use it everythere pass around acpi state.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Group all structs at the top of hw/acpi.h.
Just moving around lines, no code changes.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* qmp/queue/qmp:
qmp: add DEVICE_TRAY_MOVED event
ide: drop ide_tray_state_post_load()
block: Don't call bdrv_eject() if the tray state didn't change
block: bdrv_eject(): Make eject_flag a real bool
block: Rename bdrv_mon_event() & BlockMonEventAction
The commit's purpose is laudable:
The only way for chardev drivers to communicate an error was to
return a NULL pointer, which resulted in an error message that
said _that_ something went wrong, but not _why_.
It attempts to achieve it by changing the interface to return 0/-errno
and update qemu_chr_open_opts() to use strerror() to display a more
helpful error message. Unfortunately, it has serious flaws:
1. Backends "socket" and "udp" return bogus error codes, because
qemu_chr_open_socket() and qemu_chr_open_udp() assume that
unix_listen_opts(), unix_connect_opts(), inet_listen_opts(),
inet_connect_opts() and inet_dgram_opts() fail with errno set
appropriately. That assumption is wrong, and the commit turns
unspecific error messages into misleading error messages. For
instance:
$ qemu-system-x86_64 -nodefaults -vnc :0 -chardev socket,id=bar,host=xxx
inet_connect: host and/or port not specified
chardev: opening backend "socket" failed: No such file or directory
ENOENT is what happens to be in my errno when the backend returns
-errno. Let's put ERANGE there just for giggles:
$ qemu-system-x86_64 -nodefaults -vnc :0 -chardev socket,id=bar,host=xxx -drive if=none,iops=99999999999999999999
inet_connect: host and/or port not specified
chardev: opening backend "socket" failed: Numerical result out of range
Worse: when errno happens to be zero, return -errno erroneously
signals success, and qemu_chr_new_from_opts() dies dereferencing
uninitialized chr. I observe this with "-serial unix:".
2. All qemu_chr_open_opts() knows about the error is an errno error
code. That's simply not enough for a decent message. For instance,
when inet_dgram() can't resolve the parameter host, which errno code
should it use? What if it can't resolve parameter localaddr?
Clue: many backends already report errors in their open methods.
Let's revert the flawed commit along with its dependencies, and fix up
the silent error paths instead.
This reverts commit 6e1db57b2a.
Conflicts:
console.c
hw/baum.c
qemu-char.c
This reverts commit aad04cd024.
The parts of commit db418a0a "Add stdio char device on windows" that
depend on the reverted change fixed up.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The conditions for detecting no free target or LUN were wrong.
The LUN loop was followed by an "if" condition that is never
true, because the loop is exited as soon as lun becomes equal
to bus->info->max_lun, and never becomes greater than it.
The target loop had a wrong condition (<= instead of <). Once
this is fixed, the loop would fail in the same way as the LUN
loop.
The fix is to see whether scsi_device_find returned the device with the
last (channel, target, LUN) pair, and fail if so.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This is used to sync the physical tray state after migration when
using CD-ROM passthrough. However, migrating when using passthrough
is broken anyway and shouldn't be supported...
So, drop this function as it causes a problem with the DEVICE_TRAY_MOVED
event, which is going to be introduced by the next commit.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
It's not needed. Besides we can then assume that bdrv_eject() is
only called when there's a tray state change, which is useful to
the DEVICE_TRAY_MOVED event (going to be added in a future
commit).
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
They are QMP events, not monitor events. Rename them accordingly.
Also, move bdrv_emit_qmp_error_event() up in the file. A new event will
be added soon and it's good to have them next each other.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Some simplifications in I/O functions are possible because
Jazz LED only registers one byte of I/O.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
As we make upper bits in IO and prefetcheable memory
registers writeable, we should declare support
for 64 bit prefetcheable memory and 32 bit io
in the bridge.
This changes the default for apb, dec, but I'm guessing
they got the defaults wrong by accident.
Alternatively, we could let bridges declare lack of
64 bit support and make the upper bits read-only zero.
With this applied, we can drop these bits
from express code.
Reported-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Could someone familiar with apb,dec ack this please?
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
pci_regs.h specifies many registers by mask +
shifted register values.
There's always some duplication when using such:
for example to override device type, we would need:
pci_word_test_and_clear_mask(cap + PCI_EXP_FLAGS,
PCI_EXP_FLAGS_TYPE);
pci_word_test_and_set_mask(cap + PCI_EXP_FLAGS,
PCI_EXP_TYPE_ENDPOINT << (ffs(PCI_EXP_FLAGS_TYPE) - 1));
Getting such registers also uses some duplication:
word = pci_get_word(cap + PCI_EXP_FLAGS) & PCI_EXP_FLAGS_TYPE;
if ((word >> ffs((PCI_EXP_FLAGS_TYPE) - 1)) == PCI_EXP_TYPE_ENDPOINT)
Add API to access such registers in one line:
pci_set_word_by_mask(cap + PCI_EXP_FLAGS, PCI_EXP_FLAGS_TYPE,
PCI_EXP_TYPE_ENDPOINT)
and
word = pci_get_word_by_mask(cap + PCI_EXP_FLAGS, PCI_EXP_FLAGS_TYPE)
if (word == PCI_EXP_TYPE_ENDPOINT)
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Now, the pc-sysfw:rom_only property will default
to false which enables flash by default.
All pc types below pc-1.1 set rom_only to true.
This prevents flash from being enabled on these
pc machine types.
For pc-1.1 rom_only will use the default (false),
which will allow flash to be used for pc-1.1.
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Flash can be enabled by calling pc_system_firmware_init
with the system_flash_enabled parameter being non-zero.
If system_flash_enabled is zero, then the older qemu
rom creation method will be used.
If flash is enabled and a pflash image is found, then
it is used for the system firmware image.
If flash is enabled and a pflash image is not initially
found, then a read-only pflash device is created using
the -bios filename.
KVM cannot execute from a pflash region currently.
Therefore, when KVM is enabled, the old rom based
initialization method is used.
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Setup a pc-sysfw device type. It contains a single
property of 'rom_only' which is defaulted to enabled.
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Scatter/gather functionality uses the newly added DMA helpers. The
device can choose between doing DMA itself, or calling scsi_req_data
as usual, which will use the newly added DMA helpers to copy piecewise
to/from the destination area(s).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
With the upcoming sglist support, HBAs will not see any transfer_data
call and will not have a way to detect short transfers. So pass the
residual amount of data upon command completion.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
More qdev printers could have been removed in the previous series, and
object_property_parse also made several parsers unnecessary. In fact,
the new code is even more robust with respect to overflows, so clean
them up!
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
object_property_parse lets us drop the legacy setters when their task
is done just as well by the string visitors.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Hex properties are an obstacle to removal of old qdev string parsing, but
even here we can lay down the foundations for future simplification. In
general, they are rarely used and their printed form is more interesting
than the parsing. For example you'd usually set isa-serial.index
instead of isa-serial.iobase. And luckily our main client, libvirt
only cares about few of these, and always sets them with a 0x prefix.
So the series stops accepting bare hexadecimal numbers, preparing for
making legacy properties read-only in 1.3 or so. The read side will
stay as long as "info qtree" is with us.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Visitors allow a limited form of polymorphism. Exploit it to support
setting the non-legacy PCI address property both as a DD.F string
and as an 8-bit integer.
The 8-bit integer form is just too clumsy, it is unlikely that we will
ever drop it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Add two properties to specify bar sizes in megabytes instead of bytes,
which is alot more user-friendly.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
There is no reason to require a minimum size of 16 MB for the vram.
Lower the limit to 4096 (one page). Make it disapper completely would
break guests.
We used to assure the guest surfaces were saved before migration by
setting the whole vram dirty. This patch sets dirty only the areas
that are actually used in the vram.
Signed-off-by: Yonit Halperin <yhalperi@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch fixes the local qxl renderer to not kick spice-server
in case the vm is stopped. First it is largely pointless because
we ask spice-server to process all not-yet processed commands when
the vm is stopped, so there isn't much do do anyway. Second we
avoid triggering an assert in spice-server.
The patch makes sure we still honor redraw requests, even if we don't
ask spice-server for updates. This is needed to handle displaysurface
changes with a stopped vm correctly.
With this patch applied it is possible to take screen shots (via
screendump monitor command) from a qxl gpu even in case the guest
is stopped.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This enables acceleration for MMIO-based TPR registers accesses of
32-bit Windows guest systems. It is mostly useful with KVM enabled,
either on older Intel CPUs (without flexpriority feature, can also be
manually disabled for testing) or any current AMD processor.
The approach introduced here is derived from the original version of
qemu-kvm. It was refactored, documented, and extended by support for
user space APIC emulation, both with and without KVM acceleration. The
VMState format was kept compatible, so was the ABI to the option ROM
that implements the guest-side para-virtualized driver service. This
enables seamless migration from qemu-kvm to upstream or, one day,
between KVM and TCG mode.
The basic concept goes like this:
- VAPIC PV interface consisting of I/O port 0x7e and (for KVM in-kernel
irqchip) a vmcall hypercall is registered
- VAPIC option ROM is loaded into guest
- option ROM activates TPR MMIO access reporting via port 0x7e
- TPR accesses are trapped and patched in the guest to call into option
ROM instead, VAPIC support is enabled
- option ROM TPR helpers track state in memory and invoke hypercall to
poll for pending IRQs if required
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
This will allow the APIC core to file a TPR access report. Depending on
the accelerator and kernel irqchip mode, it will either be delivered
right away or queued for later reporting.
In TCG mode, we can restart the triggering instruction and can therefore
forward the event directly. KVM does not allows us to restart, so we
postpone the delivery of events recording in the user space APIC until
the current instruction is completed.
Note that KVM without in-kernel irqchip will report the address after
the instruction that triggered the access.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
When an input line is handled as level-triggered, it will immediately
raise an IRQ on the output of a PIC again that goes through an init
reset. So only clear the edge-triggered inputs from IRR in that
scenario.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Instead of providing 4 individual query functions for mode, gate, output
and initial counter state, introduce a service that queries all
information at once. This comes with tiny additional costs for
pcspk_callback but with a much cleaner interface. Also, it will simplify
the implementation of the KVM in-kernel PIT model.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Convert the PC speaker device to a qdev ISA model. Move the public
interface to a dedicated header file at this chance.
CC: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When the HPET enters legacy mode, the IRQ output of the PIT is
suppressed and replaced by the HPET timer 0. But the current code to
emulate this was broken in many ways. It reset the PIT state after
re-enabling, it worked against a stale static PIT structure, and it did
not properly saved/restored the IRQ output mask in the PIT vmstate.
This patch solves the PIT IRQ control in a different way. On x86, it
both redirects the PIT IRQ to the HPET, just like the RTC. But it also
keeps the control line from the HPET to the PIT. This allows to disable
the PIT QEMU timer when it is not needed. The PIT's view on the control
line state is now saved in the same format that qemu-kvm is already
using.
Note that, in contrast to the suppressed RTC IRQ line, we do not need to
save/restore the PIT line state in the HPET. As we trigger a PIT IRQ
update via the control line, the line state is reconstructed on mode
switch.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
HPET legacy emulation will require control over the PIT IRQ output. To
enable this, add support for an alternative IRQ output object to the PIT
factory function. If the isa_irq number is < 0, this object will be
used.
This also removes the IRQ number property from the PIT class as we now
use a generic GPIO output pin that is connected by the factory function.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Move the public interface of the PIT into its own header file and update
all users.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
In legacy mode, the HPET suppresses the RTC interrupt delivery via IRQ
8 but keeps track of the RTC output level and applies it when legacy
mode is turned off again. This value has to be preserved across save/
restore as it cannot be reconstructed otherwise.
To document that a raised rtc_irq_level won't survive a vmload without
a hpet/rtc_irq_level subsection, add an explicit clearing to the reset
handler.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Avoid changing the IRQ level to high on reset as it may trigger spurious
events. Instead, open-code the effects of pit_load_count(0) in the reset
handler.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Since QOM'ification, qdev_try_create() uses object_new() internally,
which asserts "type != NULL" when the type is not registered.
This was revealed by the combination of kvmclock's kvm_enabled() check
and early QOM type registration.
Check whether the class exists before calling object_new(), so that
the caller (e.g., qdev_create) can fail gracefully, telling us which
device could not be created.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Anthony Liguori <aliguori@codemonkey.ws>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* stefanha/trivial-patches:
linux-user: brk() debugging
virtio: Remove unneeded g_free() check in virtio_cleanup()
net: remove extra spaces in help messages
fmopl: Fix typo in function name
vl.c: Fix typo in variable name
ide: fix compilation errors when DEBUG_IDE is set
cpu-exec.c: Correct comment about this file and indentation cleanup
CODING_STYLE: Clarify style for enum and function type names
linux-user: fail execve() if env/args too big
Fix a typo in pl031_interrupt() which meant we were setting a bit
in the interrupt mask rather than the interrupt status register
and thus not actually raising an interrupt. This fix allows the
rtctest program from the kernel's Documentation/rtc.txt to pass
rather than hanging.
Reported-by: Daniel Forsgren <daniel.forsgren@enea.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Andreas Färber <afaerber@suse.de>
The primecell.h header now only has the definitions of constants
indicating the usage of the arm_sysctl GPIO lines; remove obsolete
includes of it from source files which don't care about those GPIO
lines.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Remove an obsolete declaration of pl080_init(), which has been
incorrect since the conversion of pl080 to qdev back in 2009.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Drop the legacy init function arm_sysctl_init(), since it has no
users left any more. This allows us to drop the awkward '1' from
the actual device init function.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Andreas Färber <afaerber@suse.de>
Add the vexpress-a15 machine, and the A-Series memory map it uses.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
The arm_boot secondary boot loader code needs the address of
the GIC CPU interface. Obtaining this from the base address
of the private peripheral region was possible for A9 and 11MPcore,
but the A15 puts the GIC CPU interface in a different place.
So make boards pass in the GIC CPU interface address directly.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Instantiate the CLCD on the vexpress motherboard as well as one on
the daughterboard -- the A15 daughterboard does not have a CLCD
and so relies on the motherboard one.
At the moment QEMU doesn't provide infrastructure for selecting
which display device gets to actually show graphics -- the first
one registered is it. Fortunately this works for the major use
case (Linux): if the daughterboard has a CLCD it will come first
and be used, otherwise we fall back to the motherboard CLCD.
So we don't (currently) need to implement the control register
which allows software to tell the mux which video output to pass
through to the outside world.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Factor out daughterboard specifics into a data structure and
daughterboard initialization function, in preparation for adding
vexpress-a15 support.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
On real Versatile Express hardware, the boot ROM puts the secondary
CPU bootcode/holding pen in SRAM. We can therefore rely on Linux not
trashing this memory until secondary CPUs have booted up, and can
put our QEMU-specific pen code in the same place. This allows us to
drop the odd "hack" RAM page we were using before.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Pull the addresses used for mapping motherboard peripherals into
memory out into a table. This will allow us to simply provide a
second table to implement the "Cortex-A Series" memory map used by
the A15 variant of Versatile Express, as well as the current
"Legacy" map used by A9.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Add a model of the Cortex-A15 memory mapped private peripheral
space. This is fairly simple because the only memory mapped
bit of the A15 is the GIC.
Note that we don't currently model a VGIC and therefore don't
map the VGIC related bits of the GIC.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Exynos4210 display controller (FIMD) has 5 hardware windows with alpha and
chroma key blending functions.
Signed-off-by: Mitsyanko Igor <i.mitsyanko@samsung.com>
Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
SMDKC210 uses lan9215 chip, but lan9118 in 16-bit mode seems to
be enough.
Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Patch adds basic model for Exynos4210 SoC PMU.
This model implements PMU registers just as a bulk of memory. Currently,
the only reason this device exists is that secondary CPU boot loader
uses PMU INFORM5 register as a holding pen.
Signed-off-by: Maksim Kozlov <m.kozlov@samsung.com>
Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add basic support of exynos4210 UART
Signed-off-by: Maksim Kozlov <m.kozlov@samsung.com>
Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add initial support of NURI and SMDKC210 boards
Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The parameters initrd_size and base are already included
in the info parameter, so there is no need to pass them
separately.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>,
I noticed some unused code in the twl92230, probably from before
qdev-ification. This patch makes the machine use the chip's pwrbtn
signal.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
* kraxel/usb.38: (28 commits)
xhci: handle USB_RET_NAK
xhci: remote wakeup support
xhci: kill port arg from xhci_setup_packet
xhci: stop on errors
xhci: add trb type name lookup support.
xhci: signal low- and fullspeed support
usb: add USBBusOps->wakeup_endpoint
usb: pass USBEndpoint to usb_wakeup
usb: maintain async packet list per endpoint
usb: Set USBEndpoint in usb_packet_setup().
usb: add USBEndpoint->{nr,pid}
usb: USBPacket: add status, rename owner -> ep
usb: fold usb_generic_handle_packet into usb_handle_packet
usb: kill handle_packet callback
usb-xhci: switch to usb_find_device()
usb-musb: switch to usb_find_device()
usb-ohci: switch to usb_find_device()
usb-ehci: switch to usb_find_device()
usb-uhci: switch to usb_find_device()
usb: handle dev == NULL in usb_handle_packet()
...
* kwolf/for-anthony:
AHCI: Masking of IRQs actually masks them
sheepdog: fix co_recv coroutine context
AHCI: Fix port reset race
rewrite QEMU_BUILD_BUG_ON
qcow2: Keep unknown header extension when rewriting header
qcow2: Update whole header at once
vpc: Round up image size during fixed image creation
vpc: Add support for Fixed Disk type
iSCSI: add configuration variables for iSCSI
qemu-io: add write -z option for bdrv_co_write_zeroes
qed: add .bdrv_co_write_zeroes() support
qed: replace is_write with flags field
block: perform zero-detection during copy-on-read
block: add .bdrv_co_write_zeroes() interface
cutils: extract buffer_is_zero() from qemu-img.c
Otherwise we end up with a dangling reference which causes qdev_free() to fail.
Reported-by: Michael Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Replace device_init() with generalized type_init().
While at it, unify naming convention: type_init([$prefix_]register_types)
Also, type_init() is a function, so add preceding blank line where
necessary and don't put a semicolon after the closing brace.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Anthony Liguori <anthony@codemonkey.ws>
Cc: malc <av1474@comtv.ru>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
qdev_prop_set_* functions are always called by machine init functions
that should know what they're doing, so they abort on error. Still,
an assert(!errp) does not aid debugging. Print an error before aborting.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
SPARC and PPC set properties to NULL. This can be done with an
empty string value.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The conversion to memory regions broke lazy ROMD switching by forgetting
to update the rom_mode state variable.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This fixes the regression introduced by cd7a45c95e: We lost the or'ing
with the full_update flag.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Add a field to XHCITransfer to correctly keep track of NAK'ed usb
packets. Retry transfers when the endpoint is kicked again. Implement
wakeup_endpoint bus op so we can kick the endpoint when needed.
With this patch applied the emulated hid devices are working correctly
when hooked up to xhci. usb-tabled without polling, yay!
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add usb bus op which is called whenever a usb endpoint becomes ready,
so the host adapter emulation can react on that event.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Devices must specify which endpoint has data to transfer now.
The plan is to use the usb_wakeup() not only for remove wakeup support,
but for "data ready" signaling in general, so we can move away from
constant polling to event driven usb device emulation.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Maintain a list of async packets per endpoint. With the current code
the list will never receive more than a single item. I think you can
guess what the future plan is though ;)
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
With the separation of the device lookup (via usb_find_device) and
packet processing we can lookup device and endpoint before setting up
the usb packet. So we can initialize USBPacket->ep early and keep it
valid for the whole lifecycle of the USBPacket. Also the devaddr and
devep fields are not needed any more.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add a "nr" and "pid" fields to USBEndpoint so you can easily figure the
endpoint number and direction of any given endpoint.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add enum to track the status of USBPackets, use that instead of the
owner pointer to figure whenever a usb packet is currently in flight
or not. Add some more packet status sanity checks. Also rename the
USBEndpoint pointer from "owner" to "ep".
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
There is no reason to have a separate usb_generic_handle_packet function
any more, fold it into usb_handle_packet(). Also call the do_token_*
functions which handle control transfer emulation for control pipe
packets only.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
All drivers except usb-hub use usb_generic_handle_packet. The only
reason the usb hub has its own function is that it used to be called
with packets which are intended for downstream devices. With the new,
separate device lookup step this doesn't happen any more, so the need
for a different handle_packet callback is gone.
So we can kill the handle_packet callback and just call
usb_generic_handle_packet directly. The special hub handling in
usb_handle_packet() can go away for the same reason.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Allow passing in a NULL pointer, return USB_RET_NODEV in that case.
Removes the burden to to a NULL pointer check from the callers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Implement the find_device callback for the usb hub. It'll loop over all
ports, calling usb_find_device for all enabled ports until it finds a
matching device.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add usb_find_device(). This function will check whenever a device with
a specific address is connected to the specified port. Usually this
will just check state and address of the device hooked up to the port,
but in case of a hub it will ask the hub to check all hub ports for a
matching device.
This patch doesn't put the code into use yet, see the following patches
for details.
The master plan is to separate device lookup and packet processing.
Right now the usb code simply walks all devices, calls
usb_handle_packet() on each until one accepts the packet (by returning
something different that USB_RET_NODEV). I want to have a device lookup
first, then call usb_handle_packet() once, for the device which actually
processes the packet.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The USB subsystem pipes internal reset notifications through
usb_handle_packet() with a special magic PID. This indirection
is a pretty pointless excercise as it ends up being handled by
usb_generic_handle_packet anyway.
Replace the USB_MSG_RESET with a usb_device_reset() function
which can be called directly. Also rename the existing usb_reset()
function to usb_port_reset() to avoid confusion.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The USB subsystem pipes internal attach/detach notifications through
usb_handle_packet() with a special magic PID. This indirection is a
pretty pointless excercise as it ends up being handled by
usb_generic_handle_packet anyway. Remove it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
According to the EHCI spec port ownership should revert to the EHCI controller
on device disconnect. This fixes the problem of a port getting stuck on USB 1
when using redirection and plugging in a USB 2 device after a USB 1 device
has been redirected.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The OS is allowed to make the UHCI Controller run in circles. That is
usually done to serve multiple connected USB devices in a robin-round
fashion, so the available USB bandwidth is evenly distributed between
devices.
The uhci emulation handles this in a very poor way though. When it
figures it runs in circles it stops processing unconditionally, so
it usually processes at most a single transfer desriptor per queue,
even if there are multiple transfer descriptors are queued up.
This patch makes uhci act in a more sophisticated way. It keeps track
of successful processed transfer descriptors and transfered bytes. Then
it will stop processing when there is nothing to do (no transfer
descriptor was completed the last round) or when the transfered data
reaches the usb bandwidth limit.
Result is that the usb-storage devices connected to uhci are ten times
faster, mkfs.vfat time for a 64M stick goes down from five seconds to
a half second. Reason for this is that we are now processing up to 20
transfer descriptors (with 64 bytes each) per frame instead of a single
one.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When masking IRQ lines, we should actually mask them out and not declare
them active anymore. Once we mask them in again, they are allowed to trigger
again.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
bdrv_aio_cancel() can trigger bdrv_aio_flush() which makes all aio
that is currently in flight finish. So what we do is:
port reset
detect ncq in flight
cancel ncq
delete ncq sg list
at which point we have double freed the sg list. Instead, with this
patch we do:
port reset
detect ncq in flight
cancel ncq
check if we are really still in flight
delete ncq sg list
which makes things work and gets rid of the race.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The ARM devboard models (vexpress-a9, realview, versatilepb, etc)
were accidentally trying to set one of the arm_sysctl properties
after device init. This has now become a fatal error; set the property
before device init where it should be done instead.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Also in case of loading pre-vmstate machines, we also need to open-code
the reading of the timer expires value and instead call the post_load
callback to apply it (or not). This fixes loading of legacy states into
the KVM APIC.
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
To both avoid that kvm_irqchip_in_kernel always has to be paired with
kvm_enabled and that the former ends up in a function call, implement it
like the latter. This means keeping the state in a global variable and
defining kvm_irqchip_in_kernel as a preprocessor macro.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
* aneesh/for-upstream:
hw/9pfs: Remove O_NOATIME flag from 9pfs open() calls in readonly mode
hw/9pfs: Update MAINTAINERS file
fsdev: Fix parameter parsing for proxy helper
hw/9pfs: Fix crash when mounting with synthfs
hw/9pfs: Preserve S_ISGID
hw/9pfs: Add new security model mapped-file.
Similarly, use the object properties also to set the default
values of the qdev properties. This requires reordering
registration and initialization.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
qdev_prop_set is not needed anymore except for hacks, simplify it and
inline it.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Do not poke anymore in the struct when accessing qdev properties.
Instead, ask the object to set the right value.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Drop the special free callback. Instead, register a "regular"
release method in the non-legacy property.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Pointer properties (except for PROP_PTR of course) should not need a
legacy counterpart. In the future, relative paths will ensure that
QEMU will support the same syntax as now for drives etc..
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
PCI addresses are set with qdev_prop_uint32. Thus we make the QOM
property accept a device and function encoded in an 8-bit integer,
instead of the magic dd.f hex string.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Also generalize the code so that we can have more enum properties
in the future.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
We need the print method to put double quotes, but parsing is not special.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
In some cases, a legacy property does need a special print method
but not a special parse method. In this case, we can reuse the get/set
from the static (non-legacy) property.
If neither parse nor print is needed, though, do not register the
legacy property at all. The previous patch ensures that the right
fallback will be used.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
There's no need to call into ->parse and ->print manually. The
QOM legacy properties do that for us.
Furthermore, in some cases legacy and static properties have exactly
the same behavior, and we could drop the legacy properties right away.
Add an appropriate fallback to prepare for this.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Standard VGA does not use vga_draw_cursor_line_* functions.
Move the template to cirrus_vga_template.h.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Instead of each device knowing or guessing the guest page size,
just pass the desired size of dirtied memory area.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This is mostly code movement although not entirely. This makes properties part
of the Object base class which means that we can now start using Object in a
meaningful way outside of qdev.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
I'm sure the intentions were good here, but there's no reason this should be in
qdev. Move it to qemu-char where it belongs.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Note that the FIXME gets fixed in series 4/4. We need to convert BusState to
QOM before we can make parent_bus a link.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This gets us closer to being able to object_new() a qdev type and have a
functioning object verses having to call qdev_create().
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Limit them to the device_add functionality. Device aliases were a hack based
on the fact that virtio was modeled the wrong way. The mechanism for aliasing
is very limited in that only one alias can exist for any device.
We have to support it for the purposes of compatibility but we only need to
support it in device_add so restrict it to that piece of code.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---
v1 -> v2
- Use a table for aliases (Paolo)
This was done in a mostly automated fashion. I did it in three steps and then
rebased it into a single step which avoids repeatedly touching every file in
the tree.
The first step was a sed-based addition of the parent type to the subclass
registration functions.
The second step was another sed-based removal of subclass registration functions
while also adding virtual functions from the base class into a class_init
function as appropriate.
Finally, a python script was used to convert the DeviceInfo structures and
qdev_register_subclass functions to TypeInfo structures, class_init functions,
and type_register_static calls.
We are almost fully converted to QOM after this commit.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This allows us to drop per-Device registration functions by allowing the
class_init functions to overload qdev methods.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Now DeviceInfo is no longer used after object construction. All of the
relevant members have been moved to DeviceClass.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
We can probably model USBHidDevice as a base class to get even better code
sharing but for now, just use a common function to initialize the common class
members.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Bugfix after reboot when vmmouse was enabled and another OS which uses e.g. PS/2
mouse.
Details:
When a guest activated the vmmouse followed by a reboot the vmmouse was still
enabled and the PS/2 mouse was therefore unsusable. When another guest is then
booted without vmmouse support (e.g. PS/2 mouse) the mouse is not working.
Reason is that VMMouse has priority and disables all other mouse entities
and therefore must be disabled on reset.
Testscenario:
1.) Boot e.g. OS with VMMouse support (e.g. Windows with VMMouse tools)
2.) reboot
3.) Boot e.g. OS without VMMouse support (e.g. DOS) => PS/2 mouse doesn't work
any more. Fixes that issue.
Testscenario 2 by Jan Kiszka <jan.kiszka@siemens.com>:
Confirm that this patch fixes a real issue. Setup: qemu.git,
opensuse 11.4 guest, SDL graphic, system_reset while guest is using the
vmmouse. Without the patch, the vmmouse become unusable after the
reboot. Also, the mouse stays in absolute mode even before X starts again.
Fixed by:
Disabling the vmmouse in its reset handler.
Tested-by: Andreas F=E4rber <afaerber@suse.de>
Signed-off-by: Gerhard Wiesinger <lists@wiesinger.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Allow to configure the MC146818 RTC via the new lost tick policy
property and replace rtc_td_hack with this mechanism.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Potentially tick-generating timer devices will gain a common property:
lock_tick_policy. It allows to encode 4 different ways how to deal with
tick events the guest did not process in time:
discard - ignore lost ticks (e.g. if the guest compensates for them
already)
delay - replay all lost ticks in a row once the guest accepts them
again
merge - if multiple ticks are lost, all of them are merged into one
which is replayed once the guest accepts it again
slew - lost ticks are gradually replayed at a higher frequency than
the original tick
Not all timer device will need to support all modes. However, all need
to accept the configuration via this common property.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This lets the RTC get adjustments from the host NTP client.
The watchdog still uses the vm_clock. The previous behavior is
available with "-rtc clock=vm".
Cc: Andreas Färber <afaerber@suse.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch implements the RX channel of GRLIB UART with a FIFO to
improve data rate.
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
When 2c74c2cb4b added support for
the 'readonly' flag against 9p filesystems, it also made QEMU
add the O_NOATIME flag as a side-effect.
The O_NOATIME flag, however, may only be set by the file owner,
or a user with CAP_FOWNER capability. QEMU cannot assume that
this is the case for filesytems exported to QEMU.
eg, run QEMU as non-root, and attempt to pass the host OS
filesystem through to the guest OS with readonly enable.
The result is that the guest OS cannot open any files at
all.
If O_NOATIME is really required, it should be optionally
enabled via a separate QEMU command line flag.
* hw/9pfs/virtio-9p.c: Remove O_NOATIME
Acked-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
In passthrough security model in local fs driver, after a file creation
chown and chmod are done to set the file credentials and mode as requested
by 9p client. But if there was a request to create a file with S_ISGID
bit, doing chown on that file resets the S_ISGID bit. So first call
chown and then invoking chmod with proper mode bit retains the S_ISGID
(if present/requested)
This resulted in LTP mknod02, mknod03, mknod05, open10 test case
failures. This patch fixes this issue.
man 2 chown
When the owner or group of an executable file are changed by an unprivileged
user the S_ISUID and S_ISGID mode bits are cleared. POSIX does not specify
whether this also should happen when root does the chown(); the Linux behavior
depends on the kernel version.
Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Commit 999e12bbe8 (sysbus: apic: ioapic:
convert to QEMU Object Model) introduced two typos, one of which broke
the mac99 machine.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This converts three devices because apic and ioapic are subclasses of sysbus.
Converting subclasses independently of their base class is prohibitively hard.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Add -pcihost to SysBus devices to resolve name conflicts,
and clarify PCI vs. Internal PCI.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This converts two types because smbus is implemented as a subclass of i2c. It's
extremely difficult to convert these two independently.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This converts two devices at once because PIC subclasses ISA and converting
subclasses independently is extremely hard.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
These are various small stylistic changes which help make things more
consistent such that the automated conversion script can be simpler.
It's not necessary to agree or disagree with these style changes because all
of this code is going to be rewritten by the patch monkey script anyway.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Since we are still dynamically creating TypeInfo, we need to chain the
class_init function in order to be able to make use of it within subclasses of
TYPE_DEVICE.
This will disappear once we register TypeInfos directly.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
In order to introduce inheritance while still using the qdev registration
interfaces, we need to be able to use a parent other than TYPE_DEVICE. Add a
new interface that allows this.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Right now, DeviceInfo acts as the class for qdev. In order to switch to a
proper ObjectClass derivative, we need to ween all of the callers off of
interacting directly with the info pointer.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This is a very shallow integration. We register a TYPE_DEVICE but only use
QOM as basically a memory allocator. This will make all devices show up as
QOM objects but they will all carry the TYPE_DEVICE.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---
v1 -> v2
- update for new location of object.h
* pmaydell/arm-devs.for-upstream:
arm: SoC model for Calxeda Highbank
arm_boot: support board IDs more than 16 bits wide
arm: add secondary cpu boot callbacks to arm_boot.c
ahci: add support for non-PCI based controllers
Add xgmac ethernet model
A device reset does not affect the link state, only set_link does.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
A device reset does not affect the link state, only set_link does.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
By using strncasecmp, we allow for arbitrary characters after the
"on"/"off" string. Fix this by switching to strcasecmp.
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Limit the return value (corresponding to the length of the buffer to be
DMAed back to the intiator) to the value in req->cmd.xfer, which is the
amount of data that the initiator expects. Eliminate now-duplicate code
that does this guarding in the functions for individual commands.
Without this, the SCRIPTS code in the emulated LSI device eventually
raises a DMA interrupt for a data overrun when an INQUIRY command whose
buflen exceeds req->cmd.xfer is processed. It's the responsibility of
the client to provide a request buffer and allocation length that are
large enough for the result of the command.
Signed-off-by: Thomas Higdon <thigdon@akamai.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
There already exists a virtio_blk_handle_write trace event as well as
completion events. Add the virtio_blk_handle_read event so it's easy to
trace virtio-blk requests for both read and write operations.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Adds support for Calxeda's Highbank SoC.
Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Support passing a board ID value to the kernel in r1
that is more than 16 bits wide. This is needed to pass
the '-1 == invalid' value for boards which only support
device tree booting.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Create two functions, write_secondary_boot() and secondary_cpu_reset_hook(),
to allow platforms more control of how secondary CPUs are brought up. The
new functions default to NULL and aren't called unless they are populated
so there are no changes to existing platform models.
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add support for ahci on sysbus.
Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This adds very basic support for the xgmac ethernet core. Missing things
include:
- statistics counters
- WoL support
- rx checksum offload
- chained descriptors (only linear descriptor ring)
- broadcast and multicast handling
Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Remove target dependencies and compile Cirrus VGA in hwlib.
Address masking can be removed since memory API handles that now.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Instead of each target knowing or guessing the guest page size,
just pass the desired size of dirtied memory area.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* qemu-kvm/uq/master:
kvm: Activate in-kernel irqchip support
kvm: x86: Add user space part for in-kernel IOAPIC
kvm: x86: Add user space part for in-kernel i8259
kvm: x86: Add user space part for in-kernel APIC
kvm: x86: Establish IRQ0 override control
kvm: Introduce core services for in-kernel irqchip support
memory: Introduce memory_region_init_reservation
ioapic: Factor out base class for KVM reuse
ioapic: Drop post-load irr initialization
i8259: Factor out base class for KVM reuse
i8259: Completely privatize PicState
apic: Open-code timer save/restore
apic: Factor out base class for KVM reuse
apic: Introduce apic_report_irq_delivered
apic: Inject external NMI events via LINT1
apic: Stop timer on reset
kvm: Move kvmclock into hw/kvm folder
msi: Generalize msix_supported to msi_supported
hyper-v: initialize Hyper-V CPUID leaves.
hyper-v: introduce Hyper-V support infrastructure.
Conflicts:
Makefile.target
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Improve VGA selection logic, push check for device availabilty to vl.c.
Create the devices at board level unconditionally.
Remove now unused pci_try_create*() functions.
Make PCI VGA devices optional.
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Rename SysBus device from 'grackle' to 'grackle-pcihost' to resolve a
name conflict.
Also mark both devices as no_user.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Alexander Graf <agraf@suse.de>
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
We call pci_host_config_{read,write}_common() which perform PCI config
accesses. However they don't do all limit checking the way we expect
it to.
So let's introduce a small wrapper around them, making them behave the
way we would without touching generic code.
This patch is based on a patch by David Gibson which put this logic into
the generic code.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently on the pseries machine the SLOF firmware is used normally,
but we bypass it when -kernel is specified. Having these two
different boot paths can cause some confusion.
In particular at present we need to "probe" the (emulated) PCI bus and
produce device tree nodes for the PCI devices in qemu, for the -kernel
case. In the SLOF case, it takes the device tree from qemu adds some
stuff to it then passes it on to the kernel.
It's been decided that a better approach is to always boot through
SLOF, even when using -kernel. WIth this approach we can leave PCI
probing and device node creation to SLOF in all cases which removes a
bunch of code in qemu, and avoids iterating the PCI devices from the
machine specific init code which we're not supposed to do.
This patch changes qemu to always boot through SLOF, and not to create
PCI nodes. Simultaneously it updates the included version of SLOF
(submodule and binary image) to one which supports (and requires) the
new approach.
The new SLOF version also includes a number of unrelated enhancements:
support for booting from virtio-pci devices and e1000, greatly
improved FCode support and many bugfixes. It also makes SLOF ready to
be used even when specifying a kernel on the qemu command line.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The pseries machine expects a para-virtualized guest and so supplies RTAS
functions (via a hypercall) for performing PCI config space access.
Currently the implementation of these calls into
pci_default_{read,write}_config(). However this would be incorrect for
any PCI device which overrides the default config read/write functions.
AFAICT there's only one such device today, but we should still get it
right. In addition the pci_host_config_{read,write}_common() functions
which do correctly do this dispatch, perform bounds checking on the config
space address, lack of which currently leads to an exploitable bug.
This patch corrects the problem.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
On the pseries machine (which expexts a paravirtualized guest), guest
access to PCI config space is via host-provided RTAS functions. This
patch extends these RTAS functions to permit access to PCI extended
config space, as specified in PAPR.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Back when I made patches introducing dma_addr_t and various PCI DMA
wrapper functions, I made a mistake. The bmdma_addr_{read,write} functions
need to take target_phys_addr_t not dma_addr_t, since they are assigned
to MemoryRegionOps callbacks.
This patch corrects my error.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
load_image_targphys() gets passed a max size for the file, but doesn't
enforce it at all. Add a check and return -1 (error) if the file is
too big, without loading it. Fix the bracing style in the function
while we're at it.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
When accessing the device specific virtio config space, we memcpy
the data into a variable in QEMU. At that point we're basically
pulling host endianness into the game which is a really bad idea.
So instead, let's use the target specific load/store helpers for
memory pointers which fetch things in target endianness. The whole
array is already populated in target endianness anyways
(see virtio-blk).
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
The virtio config area in PIO space is a bit special. The initial
header is little endian but the rest (device specific) is guest
native endian.
The PIO accessors for PCI on machines that don't have native IO ports
assume that all PIO is little endian, which works fine for everything
except the above.
A complicated way to fix it would be to split the BAR into two memory
regions with different endianess settings, but this isn't practical
to do, besides, the PIO code doesn't honor region endianness anyway
(I have a patch for that too but it isn't necessary at this stage).
So I decided to go for the quick fix instead which consists of
reverting the swap in virtio-pci in selected places, hoping that when
we eventually do a "v2" of the virtio protocols, we sort that out once
and for all using a fixed endian setting for everything.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
[agraf: keep virtio in libhw and determine endianness through a
helper function in exec.c]
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Now that we have the SoC init function in the same file, let's integrate
it with the board initialization.
While at it, also make use of the newly qdev'ified PCI host controller.
Signed-off-by: Alexander Graf <agraf@suse.de>
The separation of ppc440 and ppc440_bamboo makes some sense, since ppc440
is the SoC while ppc440_bamboo is the actual board. But the separation
makes things harder for us for no good reason, so let's just fold them
in together with each other.
Signed-off-by: Alexander Graf <agraf@suse.de>
Due to popular demand, this qdevifies the PCI host controller of 4xx SoCs
the same way as e500.
We have to introduce a small stub function for pci init that will be
removed in a later patch, once we qdev'ified the board, to keep the build
working.
Signed-off-by: Alexander Graf <agraf@suse.de>
Today we're exposing a Virtex 440 CPU to the guest despite the fact
that we're telling the guest that we're running on a 440EP one in the
device tree.
So let's better default to a real 440EP to make things synced again.
Signed-off-by: Alexander Graf <agraf@suse.de>
When running a 440 target, we currently get invalid irq_num values (-1)
which completely confuse the IRQ setting code.
This is most likely due to the missing qdev conversion.
While this shouldn't happen in the first place and should really rather
be fixed by converting the target, I dislike segfaults. So for now, let's
just print a warning and ignore invalid irq_num values.
Signed-off-by: Alexander Graf <agraf@suse.de>
Back in the day when the bamboo target got introduced, the initial TLB was
dictated by KVM. TCG has been missing initial TLB values ever since, rendering
the target unusable for TCG usage.
This patch adds linear TLB maps the way Linux expects them, making the target
work.
Signed-off-by: Alexander Graf <agraf@suse.de>
To be able to support CPU reset, we need to put all register initialization
and initial state into a CPU reset hook instead of a function that is only
called once on bootup.
This is a preparation step for the initial TLB setting code and brings bamboo
more in line with what e500 and virtex already do.
Signed-off-by: Alexander Graf <agraf@suse.de>
When using TCG with a BookE PowerPC core, we need to explicitly initialize
the BookE timers with the correct frequencies.
This was missing for 440EP, since that code came from KVM and was never used
with TCG.
Signed-off-by: Alexander Graf <agraf@suse.de>
Speaker I/O, ISA bus, i8259 PIC, RTC and DMA are no longer set up
individually by the machine. Effectively, no-op speaker I/O is replaced
by pcspk; PIT and i82374 DMA are introduced.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Remove related dead, alternative code.
Wire up PCI host bridge IRQs via GPIO-in IRQs of PCI->ISA bridge.
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Alexander Graf <agraf@suse.de>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Prepare Intel 82378 emulation for use by PReP platforms.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Create ISA bus in this device (suggested by Markus).
Rebase onto Memory API, mark memory ops as Little Endian.
Add VMState. Provide access to i8259 IRQs via qdev GPIOs.
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Alexander Graf <agraf@suse.de>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Prepare Intel 82374 emulation for use by Intel 82378 PCI->ISA bridge.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Confine to CONFIG_I82374. Add VMState.
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
Drop pci_prep_init() in favor of extended device state. Inspired by
patches from Hervé and Alex.
Assign the 4 IRQs from the board after device instantiation. This moves
the knowledge out of prep_pci and allows for future machines with
different IRQ wiring (IBM 40P). Suggested by Alex.
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
Cc: Hervé Poussineau <hpoussin@reactos.org>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>
Convert to new-style read/write callbacks.
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Alexander Graf <agraf@suse.de>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Avi Kivity <avi@redhat.com>
Cc: Benoît Canet <benoit.canet@gmail.com>
The prep PowerPC CPU is Big Endian. An explicit byte swap therefore
effectively becomes Little Endian.
Remove explicit byte swaps and mark as Little Endian.
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
Cc: Michael S. Tsirkin <mst@redhat.com>
Move initialization of vendor ID, etc. to PCIDeviceInfo.
Introduce VMState.
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
Cc: Hervé Poussineau <hpoussin@reactos.org>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>
This simplifies the code later when the i8259 moves to the i82378
PCI->ISA bridge and happens to fix a SysBus m48t59 io_base issue
introduced by commit 0fb56ffc5e (m48t59:
drop obsolete address base arithmetic). Suggested by Hervé and Jan.
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Hervé Poussineau <hpoussin@reactos.org>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Blue Swirl <blauwirbel@gmail.com>
Since 0c90c52fab (ppc_prep: convert to memory
API) OHW was "Trying to execute code outside RAM or ROM at 0xfff00700".
The BIOS MemoryRegion is created with a fixed size of 1 MiB.
Ensure that the full size can be accessed since the exception
vectors are located at 0xfff00000 and the BIOS may want to use them.
It thereby no longer depends on the actual BIOS binary size.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Avi Kivity <avi@redhat.com>
Cc: Alexander Graf <agraf@suse.de>
* stefanha/trivial-patches:
Makefile: Remove generated headers on clean
Makefile: Exclude tests/Makefile in unconfigured tree
lm32: Fix mixup of uint32 and uint32_t
tests: Silence gtester in Makefile
qemu-tool: Fix mixup of int64 and int64_t
* pmaydell/arm-devs.for-upstream:
arm: make the number of GIC interrupts configurable
hw/lan9118: Add save/load support
arm: Remove incorrect comment in arm_timer
vexpress, realview: Add (dummy) L2 cache controller
* kraxel/usb.37:
usb-redir: Improve some debugging messages
usb-redir: Try to keep our buffer size near the target size
usb-redir: Pre-fill our isoc input buffer before sending pkts to the host
usb-redir: Dynamically adjust iso buffering size based on ep interval
usb-redir: Clear iso / irq error when stopping the stream
usb: link packets to endpoints not devices
usb: add max_packet_size to USBEndpoint
usb/debug: add usb_ep_dump
usb-desc: USBEndpoint support
usb: add ifnum to USBEndpoint
usb: add USBEndpoint
xhci: Initial xHCI implementation
usb: add audio device model
usb-desc: audio endpoint support
usb: track altsetting in USBDevice
usb: track configuration and interface count in USBDevice.
usb-host: rip out legacy procfs support
This introduces the KVM-accelerated IOAPIC model 'kvm-ioapic' and
extends the IRQ routing setup by the 0->2 redirection when needed.
The kvm-ioapic model has a property that allows to define its GSI base
for injecting interrupts into the kernel model. This will allow to
disentangle PIC and IOAPIC pins for chipsets that support more
sophisticated IRQ routes than the PIIX3. So far the base is kept at 0,
i.e. PIC and IOAPIC share pins 0..15.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Introduce the alternative 'kvm-i8259' device model that exploits KVM
in-kernel acceleration.
The PIIX3 initialization code is furthermore extended by KVM specific
IRQ route setup. GSI injection differs in KVM mode from the user space
model. As we can dispatch ISA-range IRQs to both IOAPIC and PIC inside
the kernel, we do not need to inject them separately. This is reflected
by a KVM-specific GSI handler.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
This introduces the alternative APIC device which makes use of KVM's
in-kernel device model. External NMI injection via LINT1 is emulated by
checking the current state of the in-kernel APIC, only injecting a NMI
into the VCPU if LINT1 is unmasked and configured to DM_NMI.
MSI is not yet supported, so we disable this when the in-kernel model is
in use.
CC: Lai Jiangshan <laijs@cn.fujitsu.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
KVM is forced to disable the IRQ0 override when we run with in-kernel
irqchip but without IRQ routing support of the kernel. Set the fwcfg
value correspondingly. This aligns us with qemu-kvm.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Split up the IOAPIC analogously to APIC and i8259. KVM will share the
IOAPICCommonState, the vmstate, reset logic and certain init parts with
the user space model.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
As all devices undergo a reset prior to vmloa, and the reset value of
irr is 0, we do not need to do this clearing for older vmstates
explicitly. Dropping this redundant code will also make KVM integration
a bit simpler.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Analogously to the APIC, we will reuse some parts of the user space
i8259 model for KVM. The base class provides a common device state, the
vmstate, the property list, a reset core and some shared init bits.
This also introduces a common helper to instantiate a single i8259 chip
from the cascade-creating i8259_init function.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Use DeviceState instead of PicState in the public i8259 API. This is
cleaner and allows to reorganize the PIC data structures for KVM reuse.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
To enable migration between accelerated and non-accelerated APIC models,
we will need to handle the timer saving and restoring specially and can
no longer rely on the automatics of VMSTATE_TIMER. Specifically,
accelerated model will not start any QEMUTimer.
This patch therefore factors out the generic bits into apic_next_timer
and use a post-load callback to implemented model-specific logic.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
The KVM in-kernel APIC model will reuse parts of the user space model
while providing the same frontend view to guest and most management
interfaces.
Factor out an APIC base class to encapsulate those parts that will be
shared by user space and KVM model. This class offers callback hooks for
init, base/tpr setting, and the external NMI delivery that will be
set via APICCommonInfo structure and implemented specifically in the
subclasses.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
On real hardware, NMI button events are injected via the LINT1 line of
the APICs. E.g. kdump expect this wiring and gets upset if the per-APIC
LINT1 mask is not respected, i.e. if NMIs are injected to VCPUs that
should not receive them. Change the APIC emulation code to reflect this.
Based on qemu-kvm patch by Lai Jiangshan.
CC: Lai Jiangshan <laijs@cn.fujitsu.com>
Reported-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
All LVTs are masked on reset, so the timer becomes ineffective. Letting
it tick nevertheless is harmless, but will at least create a spurious
trace event.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
More KVM-specific devices will come, so let's start with moving the
kvmclock into a dedicated folder.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Rename msix_supported to msi_supported and control MSI and MSI-X
activation this way. That was likely to original intention for this
flag, but MSI support came after MSI-X.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Commit d23948b15a (lm32: add Milkymist
VGAFB support) introduced a stray usage of the softfloat uint32 type.
Use uint32_t instead.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael Walle <michael@walle.cc>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
This enable us to do passthrough equivalent security model on NFS directory.
NFS server mostly do root squashing and don't support xattr. Hence we cannot
use 'passthrough' or 'mapped' security model
Also added "mapped-xattr" security to indicate earlier "mapped" security model
Older name is still supported.
POSIX rules regarding ctime update on chmod are not followed by this security model.
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Increase the maximum number of GIC interrupts for a9mp and a11mp to 1020,
and create a configurable property for each defaulting to 96 and 64
(respectively) so that device modelers can set the value appropriately
for their SoC. Other ARM processors also set their maximum number of
used IRQs appropriately.
Set the maximum theoretical number of GIC interrupts to 1020 and
update the save/restore code to only use the appropriate number for
each SoC.
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
[Peter Maydell: fixed minor whitespace snafu]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The current comment says that the arm_timers are restricted to between
32 KHz and 1 MHz, but sp804 TRM does not specify those limits.
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Instantiate the L2 cache controller on the ARM devboards which have one,
since we have a dummy model of it now. Note that the only non-MP board
with an L2x0 is the PB1176, which we don't model.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add USBEndpoint for the control endpoint to USBDevices. Link async
packets to the USBEndpoint instead of the USBDevice.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Start maintaining endpoint state at USBDevice level. Add USBEndpoint
struct and some helper functions to deal with it. For now it contains
the endpoint type only. Moved over some bits from usb-linux.c
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Based on the implementation from Hector Martin <hector@marcansoft.com>
Hectors's implementation completely sidestepped the qemu usb system and
used libusb directly for usb device pass through. So I've ripped out
the libusb bits (or left them in disabled, as reference for further
coding) and hooked up the qemu subsystem instead. That work is not
complete yet though, partly due to limitations of the qemu usb
subsystem. Nevertheless I think it is better to continue development
in-tree, especially as the qemu usb bits need a bunch of improvements
too for decent usb 3.0 support.
Current state:
- usb-storage emulation should work ok.
- Devices which need constant polling (HID emulation like usb-tablet)
are known to not work.
- ISO xfers are not implemented yet.
- superspeed ports are not implemented yet.
- usb pass-through is completely untested so far.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The secondary CPU bootloader in arm_boot.c holds secondary CPUs in a
pen until the primary CPU releases them. Make boards specify the
address to be polled to determine whether to leave the pen (it was
previously hardcoded to 0x10000030, which is a Versatile Express/
Realview specific system register address).
Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
u-boot uses single automatic scans and polling in
pxa2xx_keypad driver, so clear KPC_AS bit immediately
and update keys state even if KPC_AS and KPC_ASACT are
cleared.
Signed-off-by: Vasily Khoruzhick <anarsoul@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Pallete entry size for 16bpp format is 2 bytes, not 4
Signed-off-by: Vasily Khoruzhick <anarsoul@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Obviously, linking the RTC device state to the PIIX does not belong into
the common path that is shared with the isapc.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
All files under GPLv2 will get GPLv2+ changes starting tomorrow.
event_notifier.c and exec-obsolete.h were only ever touched by Red Hat
employees and can be relicensed now.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
qdev is now equipped (thanks to the last commit) to disassociate
chardevs from the qdev devices on the devices going away. So doing it
in the virtio-console driver is not necessary.
Since that was the only thing being done in the qdev exit method, drop
it entirely.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When a device is removed, remove the association with a chardev, if any,
so that the chardev can be re-used later for other devices.
Reported-by: Qunfang Zhang <qzhang@redhat.com>
Fix-suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
QEMU does have a "scsi" option (to be used like -device
virtio-blk-pci,drive=foo,scsi=off). However, it only
masks the feature bit, and does not reject the command
if a malicious guest disregards the feature bits and
issues a request.
Without this patch, using scsi=off does not protect you
from CVE-2011-4127.
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When an rtc interrupt is reinjected immediately after being acked,
other interrupts should not be reinjected, so do clear their bits.
Also, if the periodic interrupts have been disabled before acking,
do not reinject, as the guest might get very confused!
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Hours in 12-hour mode are in the 1-12 range, not 0-11.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Commit 8eb0283 broken device_del by having too overzealous reference counting
checks. Move the reference count checks to qdev_free(), make sure to remove
the parent link on free, and decrement the reference count on property removal.
Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
These comments are used by static code analysis tools and in code reviews
to avoid false warnings because of missing break statements.
The case statements handled here were reported by coverity.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
The RFBI_READ/RFBI_STATUS code incorrectly uses chip[0] when it should
be using chip[1]. Andrzej Zaborowski <balrog@zabor.org> confirmed this
bug since I don't know this code well.
Reported-by: Dr David Alan Gilbert <davidagilbert@uk.ibm.com>
Reviewed-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
This brings a usb audio device to qemu. Output only, fixed at
16bit stereo @ 480000 Hz. Based on a patch from
H. Peter Anvin <hpa@linux.intel.com>
Usage: add '-device usb-audio' to your qemu command line.
Works sorta ok on a idle machine. Known issues:
* Is *very* sensitive to latencies.
* Burns quite some CPU due to usb polling.
In short: It brings the qemu usb emulation to its limits. Enjoy!
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add support for audio endpoints which have two more fields in the
descriptor. Also add support for extra class specific endpoint
descriptors.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Move fields from USBHostDevice to USBDevice.
Add bits to usb-desc.c to fill them for emulated devices too.
Also allow to set configuration 0 (== None) for emulated devices.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
ppm_save() spends upwards of 50% of its time doing divisions. Replace them
with shifts.
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
- Send EOP flags to the out channels.
- Send data descriptor metadata to the out channels.
Signed-off-by: Lars Persson <larper@axis.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Coverity says that the division by sizeof(*s->rate) might be wrong.
I think that coverity is right.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Coverity complained about local variable key which was only partially
initiated. Only key.st_value was set. As this was also the only part
of key which was used in function symfind, the code could be optimized
by directly passing a pointer to orig_addr.
In bsd-user/elfload.c, fix ec822001a2
was missing. This was a simple replacement of > by >= in symfind, so
I fixed it here without creating an additional patch.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Use the new memory mutator API to simplify the flash remap code;
this allows us to drop the flash_mapped flag.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Fix the sense of the REMAP bit: 0 should mean "map flash",
1 should mean "map RAM".
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
* 's390-next' of git://repo.or.cz/qemu/agraf:
s390: fix cpu hotplug / cpu activity on interrupts
s390x: add TR function for EXECUTE
Expose drive_add on all architectures
Add generic drive hotplugging
Compile device-hotplug on all targets
[S390] Add hotplug support
vhost memory management doesn't care about non-memory (e.g. PIO) or non-RAM
regions. Adjust the filtering to reflect that, and move it earlier so it
applies to mem_sections too.
Signed-off-by: Avi Kivity <avi@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
A memset() used to delete an entry in an array did not take into account
the array element's size.
Signed-off-by: Avi Kivity <avi@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
MemoryListener::region_add() gives us a slice of a MemoryRegion, not a
region. Adjust the userspace address to reflect that.
Signed-off-by: Avi Kivity <avi@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
* 'ppc-next' of git://repo.or.cz/qemu/agraf:
PPC: Add description for the Freescale e500mc core.
pseries: Check for duplicate addresses on the spapr-vio bus
pseries: Populate "/chosen/linux,stdout-path" in the FDT
pseries: Add a routine to find a stable "default" vty and use it
pseries: Emit device tree nodes in reg order
pseries: FDT NUMA extensions to support multi-node guests
pseries: Remove hcalls callback
kvm-ppc: halt secondary cpus when guest reset
console: Fix segfault on screendump without VGA adapter
PPC: monitor: add ability to dump SLB entries
color_reg is expected to hold 32 bit values, so it was too small.
This bug was reported by coverity:
hw/sm501.c:624:
result_independent_of_operands:
color_reg >> 16 is 0 regardless of the values of its operands.
This occurs as the bitwise first operand of '&'.
Cc: Shin-ichiro Kawasaki <kawasaki@juno.dti.ne.jp>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Commit 5632ae46d5 passes the address
of i8259 to qemu_irq_proxy. i8259 is an auto variable with undefined
value outside of mips_malta_init.
This made the interrupt proxy unusable: either QEMU crashes, or
the interrupt handler was not called.
Ethernet for example no longer worked with MIPS Malta.
v2:
While v1 used a static variable for i8259, this patch introduces
a qdev for the malta machine. i8259 is now part of the device status.
This is a minimal qdev implementation to keep the patch small.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
* stefanha/trivial-patches:
qemu-nbd: drop loop which can never loop
Make python mandatory
net/socket.c: Fix fd leak in net_socket_listen_init() error paths
gdbstub: Fix fd leak in gdbserver_open() error path
configure: Fix test for supported host CPU type
configure: CONFIG_QEMU_INTERP_PREFIX only for user mode
scsi virtio-blk usb-msd: Clean up device init error messages
Strip trailing '\n' from error_report()'s first argument (again)
qemu-options.hx: fix tls-channel help text
Fix a compile failure on 32 bit hosts (integer constant is too large
for 'unsigned long' type) by correcting a typo where the mask used
for filling in the second f_fsid word had too many 'F's in it.
Also drop the 'L' suffix that allowed this typo to go undetected on
64 bit hosts.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Replace
error_report("DEVICE-NAME: MESSAGE");
by just
error_report("MESSAGE");
in block device init functions.
DEVICE-NAME is bogus in some cases: it's "scsi-disk" for device
scsi-hd and scsi-cd, "virtio-blk-pci" for virtio-blk-s390, and
"usb-msd" for usb-storage.
There is no real need to put a device name in the message, because
error_report() points to the offending command line option already:
$ qemu-system-x86_64 --nodefaults --enable-kvm -vnc :0 -S -monitor stdio -usb -device virtio-blk-pci
upstream-qemu: -device virtio-blk-pci: virtio-blk-pci: drive property not set
upstream-qemu: -device virtio-blk-pci: Device 'virtio-blk-pci' could not be initialized
And for a monitor command, it's obvious anyway:
$ qemu-system-x86_64 --nodefaults --enable-kvm -vnc :0 -S -monitor stdio -usb
(qemu) device_add virtio-blk-pci
virtio-blk-pci: drive property not set
Device 'virtio-blk-pci' could not be initialized
Reported-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Commit 6daf194d got rid of them, but Hans and Gerd added some more
lately. Tracked down with this Coccinelle semantic patch:
@r@
expression fmt;
position p;
@@
error_report(fmt, ...)@p
@script:python@
fmt << r.fmt;
p << r.p;
@@
if "\\n" in str(fmt):
print "%s:%s:%s:%s" % (p[0].file, p[0].line, p[0].column, fmt)
Signed-off-by: Markus Armbruster <armbru@redhat.com>
* aneesh/for-upstream:
hw/9pfs: Add support to use named socket for proxy FS
hw/9pfs: man page for proxy helper
hw/9pfs: Documentation changes related to proxy fs
hw/9pfs: Proxy getversion
hw/9pfs: xattr interfaces in proxy filesystem driver
hw/9pfs: File ownership and others
hw/9pfs: Add stat/readlink/statfs for proxy FS
hw/9pfs: Create other filesystem objects
hw/9pfs: Open and create files
hw/9pfs: File system helper process for qemu 9p proxy FS
hw/9pfs: Add new proxy filesystem driver
hw/9pfs: Add validation to {un}marshal code
hw/9pfs: Move pdu_marshal/unmarshal code to a seperate file
hw/9pfs: Move opt validation to FsDriver callback
* kraxel/usb.33:
usb-ohci: td.cbp incorrectly updated near page end
usb-host: properly release port on unplug & exit
usb-storage: cancel I/O on reset
Fix parse of usb device description with multiple configurations
The current code that updates the cbp value after a transfer looks like this:
td.cbp += ret;
if ((td.cbp & 0xfff) + ret > 0xfff) {
<handle page overflow>
because the 'ret' value is effectively added twice the check may fire too early
when the overflow hasn't happened yet.
Below is one of the possible changes that correct the behavior:
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When resetting the usb-storage device we'll have to carefully cancel
and clear any requests which might be in flight, otherwise we'll confuse
the state machine.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* pmaydell/arm-devs.for-upstream:
add L2x0/PL310 cache controller device
arm: add dummy gic security registers
arm: Set frequencies for arm_timer
arm: add missing scu registers
hw/omap_gpmc: Fix region map/unmap when configuring prefetch engine
hw/omap1.c: Drop unused includes
hw/omap1.c: Separate dpll_ctl from omap_mpu_state
hw/omap1.c: Separate PWT from omap_mpu_state
hw/omap1.c: Separate PWL from omap_mpu_state
hw/omap1.c: omap_mpuio_init() need not be public
hw/pl110.c: Add post-load hook to invalidate display
hw/pl181.c: Add save/load support
Add option to use named socket for communicating between proxy helper
and qemu proxy FS. Access to socket can be given by using command line
options -u and -g.
Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Add proxy getversion to get generation number
Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Add interfaces to open and create files for proxy file system driver.
Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Provide root privilege access to QEMU 9p proxy filesystem using socket
communication.
Proxy helper is started by root user as:
~ # virtfs-proxy-helper -f|--fd <socket descriptor> -p|--path <path-to-share>
Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Add new proxy filesystem driver to add root privilege to qemu process.
It needs a helper process to be started by root user.
Following command line can be used to utilize proxy filesystem driver
-virtfs proxy,id=<id>,mount_tag=<tag>,socket_fd=<socket-fd>
Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Move p9 marshaling/unmarshaling code to a separate file so that
proxy filesytem driver can use these calls. Also made marshaling
code generic to accept "struct iovec" instead of V9fsPDU.
Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
This remove all conditional code from common code path and
make opt validation a FSDriver callback.
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
This is just a dummy device for ARM L2 cache controllers, based on the
pl310. The cache type parameter can be defined by a property value
and has a meaningful default.
Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
[Peter Maydell: removed stray blank line at end]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Implement handling for the RAZ/WI gic security registers.
Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Use qdev properties to allow board modelers to set the frequencies
for the sp804 timer. Each of the sp804's timers can have an
individual frequency. The timers default to 1MHz.
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add power control register to a9mpcore
Signed-off-by: Rob Herring <rob.herring@calxeda.com>
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When configuring the prefetch engine (and also when resetting from
a state where the prefetch engine was enabled) be careful to adhere
to the "unmap/change config fields/map" ordering, to avoid trying
to delete the wrong MemoryRegions. This fixes an assertion failure
in some cases.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reported-by: Alexander Graf <agraf@suse.de>
Tested-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
[Riku Voipio: Fixes and restructuring patchset]
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
[Peter Maydell: More fixes and cleanups for upstream submission]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
[Riku Voipio: Fixes and restructuring patchset]
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
[Peter Maydell: More fixes and cleanups for upstream submission]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Currently creating a memory region automatically registers it for
live migration. This differs from other state (which is enumerated
in a VMStateDescription structure) and ties the live migration code
into the memory core.
Decouple the two by introducing a separate API, vmstate_register_ram(),
for registering a RAM block for migration. Currently the same
implementation is reused, but later it can be moved into a separate list,
and registrations can be moved to VMStateDescription blocks.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
[Riku Voipio: Fixes and restructuring patchset]
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
[Peter Maydell: More fixes and cleanups for upstream submission]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add a post-load hook which invalidates the display. In particular, if we
don't do this and the display size we've just reloaded is larger than
the default then we will segfault trying to read off the end of the buffer.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The monitor command for hotplugging is in i386 specific code. This is just
plain wrong, as S390 just learned how to do hotplugging too and needs to
get drives for that.
So let's add a generic copy to generic code that handles drive_add in a
way that doesn't have pci dependencies. All pci specific code can then
be handled in a pci specific function.
Signed-off-by: Alexander Graf <agraf@suse.de>
---
v1 -> v2:
- align generic drive_add to pci specific one
- rework to split between generic and pci code
v2 -> v3:
- remove comment
I just submitted a few patches that enable the s390 virtio bus to receive
a hotplug add event. This patch implements the qemu side of it, so that new
hotplug events can be submitted to the guest.
Signed-off-by: Alexander Graf <agraf@suse.de>
---
v1 -> v2:
- make s390 virtio hoplug code emulate-capable
* qemu-kvm/memory/page_desc: (22 commits)
Remove cpu_get_physical_page_desc()
sparc: avoid cpu_get_physical_page_desc()
virtio-balloon: avoid cpu_get_physical_page_desc()
vhost: avoid cpu_get_physical_page_desc()
kvm: avoid cpu_get_physical_page_desc()
memory: remove CPUPhysMemoryClient
xen: convert to MemoryListener API
memory: temporarily add memory_region_get_ram_addr()
xen, vga: add API for registering the framebuffer
vhost: convert to MemoryListener API
kvm: convert to MemoryListener API
kvm: switch kvm slots to use host virtual address instead of ram_addr_t
memory: add API for observing updates to the physical memory map
memory: replace cpu_physical_sync_dirty_bitmap() with a memory API
framebuffer: drop use of cpu_physical_sync_dirty_bitmap()
loader: remove calls to cpu_get_physical_page_desc()
framebuffer: drop use of cpu_get_physical_page_desc()
memory: introduce memory_region_find()
memory: add memory_region_is_logging()
memory: add memory_region_is_rom()
...
Check that devices on the spapr vio bus aren't given duplicate
addresses. Currently we will not run with duplicate devices, the
fdt code will spot it, but the error reporting is not great. With
this patch we can report the error nicely in terms of the device
names given by the user.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
There is a device tree property "/chosen/linux,stdout-path" which indicates
which device should be used as stdout - ie. "the console".
Currently we don't specify anything, which means both firmware and Linux
choose something arbitrarily. Use the routine we added in the last patch
to pick a default vty and specify it as stdout.
Currently SLOF doesn't use the property, but we are hoping to update it
to do so.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
In vty_lookup() we have a special case for supporting early debug in
the kernel. This accepts reg == 0 as a special case to mean "any vty".
We implement this by searching the vtys on the bus and returning the
first we find. This means that the vty we chose depends on the order
the vtys are specified on the QEMU command line - because that determines
the order of the vtys on the bus.
We'd rather the command line order was irrelevant, so instead return
the vty with the lowest reg value. This is still a guess as to what the
user really means, but it is at least stable WRT command line ordering.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
[agraf] fix braces
Although in theory the device tree has no inherent ordering, in practice
the order of nodes in the device tree does effect the order that devices
are detected by software.
Currently the ordering is determined by the order the devices appear on
the QEMU command line. Although that does give the user control over the
ordering, it is fragile, especially when the user does not generate the
command line manually - eg. when using libvirt etc.
So order the device tree based on the reg value, ie. the address of on
the VIO bus of the devices. This gives us a sane and stable ordering.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
[agraf] add braces
Add NUMA specific properties to guest's device tree to boot a multi-node
guests. This patch adds the following properties:
ibm,associativity
ibm,architecture-vec-5
ibm,associativity-reference-points
With this, it becomes possible to use -numa option on pseries targets.
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
For forgotten historical reasons, PAPR hypercalls for specific virtual IO
devices (oh which there are quite a number) are registered via a callback
in the VIOsPAPRDeviceInfo structure.
This is kind of ugly, so this patch instead registers hypercalls from
device_init() functions for each device type. This works just as well,
and is cleaner.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
When guest reset, we need to halt secondary cpus until guest kick them.
This already works for tcg. The patch add the support for kvm.
Signed-off-by: Liu Yu <yu.liu@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
[agraf: remove in-kernel irqchip code]
when I tried qemu with -virtio-console pty the guest hangs and attaching
on /dev/pts/<x> does not return anything if the attachment is too late.
This results in pty_chr_write() returning 0, which causes the port to
get throttled. This results in the guest getting frozen as the
guest->host virtio_console writes don't return until the host releases
the vq element back to the guest.
For the virtio-serial use case we don't want to lose data but for the
console case we better drop data instead of "killing" the guest
console. If we get chardev->frontend notification and a better behaving
virtio-console we can revert this fix.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
* aneesh/for-upstream:
scripts/analyse-9p-simpletrace.py: Add symbolic names for 9p operations.
hw/9pfs: iattr_valid flags are kernel internal flags map them to 9p values.
hw/9pfs: Use the correct signed type for different variables
hw/9pfs: replace iovec manipulation with QEMUIOVector
qemu-kvm passes numa/SRAT topology information for smp_cpus to SeaBIOS. However
SeaBIOS always expects to setup max_cpus number of SRAT cpu entries
(MaxCountCPUs variable in build_srat function of Seabios). When qemu-kvm runs
with smp_cpus != max_cpus (e.g. -smp 2,maxcpus=4), Seabios will mistakenly use
memory SRAT info for setting up CPU SRAT entries for the offline CPUs. Wrong
SRAT memory entries are also created. This breaks NUMA in a guest.
Fix by setting up SRAT info for max_cpus in qemu-kvm.
Signed-off-by: Vasilis Liaskovitis <vasilis.liaskovitis@profitbricks.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
There's no need to check if ports can accept any incoming data from the
guest each time the guest sends data. Check if the port implements such
functionality during port initialisation.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The earlier code really was a hack: initialising class methods in an
object init function as noted by Anthony.
The motivation for that was to not have the virtio-serial-bus call into
the callback functions if there was no chardev backend registered.
However, that really wasn't a worthwhile optimisation, and definitely
not one that was well-implemented. Get rid of it.
Reported-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
For the callback functions invoked by the virtio-serial-bus code, check
if we have chardev backends registered before we call into the chardev
functions.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reported-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Kernel internal values can change, add protocol values for these constant and
use them.
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
The v9fs_read() and v9fs_write() functions rely on iovec[] manipulation
code should be replaced with QEMUIOVector to avoid duplicating code.
In the future it may be possible to make the code even more concise by
using QEMUIOVector consistently across virtio and 9pfs.
The "v" format specifier for pdu_marshal() and pdu_unmarshal() is
dropped since it does not actually pack/unpack anything. The specifier
was also not implemented to update the offset variable and could only be
used at the end of a format string, another sign that this shouldn't
really be a format specifier. Instead, see the new
v9fs_init_qiov_from_pdu() function.
This change avoids a possible iovec[] buffer overflow when indirect
vrings are used since the number of vectors is now limited by the
underlying VirtQueueElement and cannot be out-of-bounds.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Response format r6 includes a subset of the status bits;
clear the clear-on-read bits which are read by an r6 response.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Fix some bugs in our implementation of the APP_CMD status bit:
* the response to an ACMD should have APP_CMD set, not cleared
* if an illegal ACMD is sent then the next command should be
handled as a normal command
This requires that we split "card is expecting an ACMD" from
the state of the APP_CMD status bit (the latter indicates
both "expecting ACMD" and "that was an ACMD").
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Correct how we handle the type B ("cleared on valid command")
status bits. In particular, the CURRENT_STATE bits in a response
should be the state of the card when it received that command,
not the state when it received the preceding command. (This is
one of the issues noted in LP:597641.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
App commands in an invalid state should set ILLEGAL_COMMAND, not
merely return a zero response.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Handle returning CRC and locked-card errors in the same code path
we use for other responses. This makes no difference in behaviour
but means that these error responses will be printed by the debug
logging code.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Add an extra sd_illegal value to the sd_rsp_type_t enum so that
sd_app_command() and sd_normal_command() can tell sd_do_command()
that the command was illegal. This is needed so we can do things
like reset certain status bits only on receipt of a valid command.
For the moment, just use it to pull out the setting of the
ILLEGAL_COMMAND status bit into sd_do_command().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Fix a typo that meant that ADDRESS_ERRORs setting or clearing write
protection would clear every other bit in the status register.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
If we fail to validate the CRC for an SD command we should be setting
COM_CRC_ERROR, not clearing it. (This bug actually has no effect currently
because sd_req_crc_validate() always returns success.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Add a clarifying comment about what the CARD_STATUS_[ABC]
macros are defining.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Fix bugs in the code determining whether to accept a command when the
SD card is locked. Most notably, we had the condition completely
reversed, so we would accept all the commands we should refuse and
refuse all the commands we should accept. Correct this by refactoring
the enormous if () clause into a separate function.
We had also missed ACMD42 off the list of commands which are accepted
in locked state: add it.
This is one of the two problems reported in LP:597641.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Now that all sysbus MMIO regions are MemoryRegions, mmio[n].memory
is never NULL, and we can remove some unnecessary conditionals.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori