Commit Graph

7196 Commits

Author SHA1 Message Date
Paolo Bonzini
bfe3d7ac6d scsi: change "removable" field to host many features
It is pointless to add a uint32_t field for every new feature.
Since we will need a new feature soon, convert accesses to "removable"
to look at bit 0 only.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-07 08:43:58 +02:00
Ronnie Sahlberg
381b634c27 scsi: Specify the xfer direction for UNMAP and ATA_PASSTHROUGH commands
scsi_cmd_xfer_mode() is used to specify the xfer direction for SCSI
commands that come in from the guest.  If the direction is set incorrectly
this will eventually cause QEMU to kernel-panic the guest.

Add UNMAP and ATAPASSTHROUGH as commands that send data to the device.

Without this change, recent kernels will send both UNMAP as well
as ATAPASSTHROUGH commands to any /dev/sg* device, which due to the
incorrect xfer direction very quickly causes the guest kernel to crash.

Example causing a crash without the patch applied:

./x86_64-softmmu/qemu-system-x86_64 -m 1024 -enable-kvm -cdrom linuxmint-12-gnome-dvd-64bit.iso -drive file=/dev/sg4,if=scsi,bus=0,unit=6

Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-04 10:39:52 +02:00
Paolo Bonzini
a5ee908562 scsi: fix WRITE SAME transfer length and direction
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-04 10:39:52 +02:00
Paolo Bonzini
31e8fd86f2 scsi: fix refcounting for reads
Recently introduced FUA support also gave us a use-after-free
of the BlockAcctCookie within a SCSIDiskReq, due to unbalanced
reference counting.

The patch fixes this by making scsi_do_read look like a combination
of scsi_*_complete + scsi_*_data.  It does both a ref (like
scsi_read_data) and an unref (like scsi_flush_complete).

Reported-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-04 10:39:52 +02:00
Paolo Bonzini
12a08998fe scsi: prevent data transfer overflow
Avoid sending more than 2GB of data, as that can cause overflows
in int32_t variables.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-04 10:39:51 +02:00
Alon Levy
ddf9f4b707 qxl: don't assert on guest create_guest_primary
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-05-03 10:45:04 +02:00
Alon Levy
4763e2cadd qxl: ioport_write: remove guest trigerrable abort
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-05-03 10:45:04 +02:00
Alon Levy
e954ea2873 qxl: qxl_add_memslot: remove guest trigerrable panics
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-05-03 10:45:04 +02:00
Alon Levy
baeae407e6 qxl: interface_notify_update: remove guest trigerrable abort
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-05-03 10:45:04 +02:00
Alon Levy
75fe0d7bf8 qxl: cleanup s/__FUNCTION__/__func__/
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-05-03 10:45:04 +02:00
Alon Levy
0b81c478cf qxl: don't abort on guest trigerrable ring indices mismatch
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-05-03 10:45:04 +02:00
Alon Levy
2fce7edf46 qxl: fix > 80 chars line
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-05-03 10:45:04 +02:00
Alon Levy
47eddfbfe0 qxl: replace panic with guest bug in qxl_track_command
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-05-03 10:45:04 +02:00
Alon Levy
fae2afb10e qxl: check for NULL return from qxl_phys2virt
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-05-03 10:45:04 +02:00
Alon Levy
4b635c59b0 hw/qxl.c: qxl_phys2virt: replace panics with guest_bug
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-05-03 10:45:04 +02:00
Stefan Weil
9cf1f002d7 hw/pc_sysfw: Fix memory leak
Valgrind reported this memory leak which occured a few times.

Test scenario:

qemu-system-i386 (no arguments), only BIOS started, terminate with
monitor command (quit).

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
2012-05-03 07:04:48 +02:00
Stefan Weil
5c878008dd qdev: Fix memory leak in function set_pci_devfn
Valgrind reported this memory leak which occured very often.

Test scenario:

qemu-system-i386 (no arguments), only BIOS started, terminate with
monitor command (quit).

v2:
Use error_free instead of g_free (hint from Andreas Färber, thanks).

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Andreas Färber <afaerber@suse.de>
2012-05-03 07:04:48 +02:00
Alexander Graf
d5b406d95b ATA: Allow WIN_SECURITY_FREEZE_LOCK as nop
When using Windows 8 with an AHCI disk drive, it issues a blue screen.
The reason is that WIN_SECURITY_FREEZE_LOCK / CFA_WEAR_LEVEL is not
supported by our ATA implementation, but Windows expects it to be there.

Since without security stuff implemented, the lock would be a nop anyway
and CFA_WEAR_LEVEL already is treated as a nop, let's just allow the cmd
for HD drives as well. That way Windows is happy.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-05-02 18:47:08 +02:00
Anthony Liguori
174210fe70 Merge remote-tracking branch 'agraf/s390-for-upstream' into staging
* agraf/s390-for-upstream:
  s390: reset avail and used index on reboot
  S390: dont call system_shutdown on disabled wait
  S390: remove default cdrom, sd-card and floppy support
  S390: support reboot for kvm on s390
  S390: reboot: reset device pages on reboot
  S390: fix error handling on kernel and initrd failures
  S390: fix kernel_commandline handling
2012-05-01 18:46:39 -05:00
Stefan Weil
5f2c23e61a ppce500_spin: Replace assert by hw_error (fixes compiler warning)
The default case in function spin_read should never be reached,
therefore the old code used assert(0) to abort QEMU.

This does not work when QEMU is compiled with macro NDEBUG defined.
In this case (and also when the compiler does not know that assert
never returns), there is a compiler warning because of the missing
return value.

Using hw_error allows an improved error message and aborts always.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
[agraf: use __func__]
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01 21:47:01 +02:00
Peter Portante
73f7821bac pseries: Fix use of global CPU state
Commit ed120055c7 (Implement PAPR VPA
functions for pSeries shared processor partitions) introduced the
deregister_dtl() function and typo "emv" as name of its argument.
This went unnoticed because the code in that function can access the
global variable "env" so that no build failure resulted.

Fix the argument to read "env". Resolves LP#986241.

Signed-off-by: Peter Portante <peter.portante@redhat.com>
Acked-by: Andreas Färber <afaerber@suse.de>
[agraf: fixed typo in commit message]
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01 21:47:00 +02:00
David Gibson
7fb0bd3473 pseries: Use the same interrupt swizzling for host bridges as p2p bridges
Currently the pseries PCI code uses a somewhat strange scheme of PCI irq
allocation - one per slot up to a maximum that's greater than the usual 4.
This scheme more or less worked, because we were able to tell the guest the
irq mapping in the device tree, however it's a bit odd and may break
assumptions in the future.  Worse, the array used to construct the dev
tree interrupt map was mis-sized, we got away with it only because it
happened that our SPAPR_PCI_NUM_LSI value was greater than 7.

This patch changes the pseries PCI code to use the same interrupt swizzling
scheme as is standardized for PCI to PCI bridges.  This makes for better
consistency, deals better with any devices which use multiple interrupt
pins and will make life easier in the future when we add passthrough of
what may be either a host bridge or a PCI to PCI bridge.  This won't break
existing guests, because they don't assume a particular mapping scheme for
host bridges, but just follow what we tell them in the device tree (also
updated to match, of course).  This patch also fixes the allocation of the
irq map.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01 21:47:00 +02:00
David Gibson
d601fac478 pseries: Implement automatic PAPR VIO address allocation
PAPR virtual IO (VIO) devices require a unique, but otherwise arbitrary,
"address" used as a token to the hypercalls which manipulate them.

Currently the pseries machine code does an ok job of allocating these
addresses when the legacy -net nic / -serial and so forth options are used
but will fail to allocate them properly when using -device.

Specifically, you can use -device if all addresses are explicitly assigned.
Without explicit assignment, only one VIO device of each type (network,
console, SCSI) will be assigned properly, any further ones will attempt
to take the same address leading to a fatal error.

This patch fixes the situation by adding a proper address allocator to the
VIO "bus" code.  This is used both by -device and the legacy options and
default devices.  Addresses can still be explicitly assigned with -device
options if desired.

This patch changes the (guest visible) numbering of VIO devices, but since
their addresses are discovered using the device tree and already differ
from the numbering found on existing PowerVM systems, this does not break
compatibility.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01 21:47:00 +02:00
Bharat Bhushan
58f90f21f4 booke:Use MMU API for creating initial mapping for secondary cpus
Initial Mapping creation for secondary CPU in SMP was missing new MMU API.

Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01 21:47:00 +02:00
Jens Freimann
4170aea1a7 s390: reset avail and used index on reboot
reset the guest vring avail/used idx fields, otherwise it's possible
that old values remain in memory which would cause a reboot to fail
with a "Guest moved used index" message

Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01 21:04:06 +02:00
Einar Lueck
ad0bbc5600 S390: remove default cdrom, sd-card and floppy support
This patch simply disables CDROM, SD card and floppy support for the
s390 virtio machine. Without this patch, a default CDROM drive would
get added which has currently no backing on s390.

Signed-off-by: Einar Lueck <elelueck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01 21:04:06 +02:00
Jens Freimann
eb3caa44b0 S390: reboot: reset device pages on reboot
This patch fixes reboot on s390 by resetting the device
page on reboot.

Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01 21:04:06 +02:00
Christian Borntraeger
118a897743 S390: fix error handling on kernel and initrd failures
If the user specifies a non-existing or non-accessable kernel or initrd
qemu does not fail, instead it ipls into the system, which then falls
into a program check loop due to the zeroed memory with no kernel.
Lets add some sanity checks.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01 21:04:06 +02:00
Christian Borntraeger
cc3c7384ac S390: fix kernel_commandline handling
The current handling of kernel parameters is broken. The pointer
is always valid, even if no -kernel or -append is specified.
We must check if the kernel rom address is valid instead,
otherwise qemu might segfault.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01 21:04:06 +02:00
Stefan Weil
1b296044b6 vga: Don't switch to 1 x 1 character text screen
Initially, vga_get_text_resolution returns a text resolution of 1 x 1
(vga register values are 0).

This is visible during MIPS Malta boot with SDL. It also occurs with the
i386 or x86_64 system emulation when it runs in single step mode:

QEMU changes the size of the SDL window to the smallest possible value
which is supported by the window manager. As this is not the calculated
size, QEMU switches to scaled mode. When the BIOS or the VGA driver sets
the normal text resolution, the window stays small and displays
microscopic characters.

Ignoring text resolutions of 1 x 1 or less avoids these problems.
A similar workaround already exists for too large resolutions.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-05-01 10:45:43 +00:00
Hervé Poussineau
6c84ce0dc7 prep: Move int-ack register from PReP to Raven PCI emulation
Register is one byte-wide (as per specification), so there is no need
to specify endianness.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
[AF: Limit access validity to size 1]
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
2012-04-30 17:15:59 +02:00
Hervé Poussineau
9357b1449a prep: Initialize PC speaker
Speaker init has been added in 506b7ddf88,
but audio subsystem init was missing.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
2012-04-28 21:15:53 +02:00
Hervé Poussineau
a527b5452e isa: Add isa_bus_from_device() method
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
2012-04-28 20:51:54 +02:00
Hervé Poussineau
c9ae703dd1 fdc: Parametrize ISA base, IRQ and DMA
Keep the PC values as defaults but allow to override them for PReP.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2012-04-28 20:51:54 +02:00
Hervé Poussineau
049a9f7b94 i82378/i82374: Do not create DMA controller twice
This fixes a crash in PReP emulation when using DMA controller to access
floppy drive.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
2012-04-28 20:51:40 +02:00
Blue Swirl
c4c50b9edd Merge branch 'target-arm.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm
* 'target-arm.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm:
  target-arm: Make SETEND respect bswap_code (BE8) setting
  target-arm: Move A9 config_base_address reset value to ARMCPU
  target-arm: Change cpu_arm_init() return type to ARMCPU
2012-04-28 08:57:56 +00:00
Peter Maydell
c5fad12fa0 target-arm: Move A9 config_base_address reset value to ARMCPU
Move the A9 config_base_address cp15 register reset value to
ARMCPU. This should become a QOM property so that the Highbank
board can set it without having to pull in cpu-qom.h, but at
least this avoids the implicit dependency on reset ordering
that the previous workaround had.

Cc: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-04-27 11:06:18 +00:00
Anthony Liguori
f5eef2cf66 Merge remote-tracking branch 'kraxel/usb.49' into staging
* kraxel/usb.49:
  usb-uhci: update irq line on reset
  usb: add serial number generator
  usb-redir: Not finding an async urb id is not an error
  usb-redir: Reset device address and speed on disconnect
  usb-redir: An interface count of 0 is a valid value
  usb-xhci: fix bit test
  usb-xhci: Use PCI DMA helper functions
  usb-host: fix zero-length packets
  usb-host: don't dereference invalid iovecs
  usb-storage: fix request canceling
  usb-ehci: Ensure frindex writes leave a valid frindex value
  usb-ehci: add missing usb_packet_init() call
  usb-ehci: remove hack
2012-04-26 15:21:52 -05:00
Anthony Liguori
0677e2777e Merge remote-tracking branch 'mst/tags/for_anthony' into staging
* mst/tags/for_anthony:
  e1000: set E1000_ICR_INT_ASSERTED only for 8257x
  e1000: link auto-negotiation emulation
  e1000: introduce bit for debugging PHY emulation
  e1000: introduce helpers to manipulate link status
  e1000: PHY loopback mode support
  e1000: conditionally raise irq at the end of MDI cycle
  e1000: introduce bits of PHY control register
  eepro100: Fix multicast regression
  virtio: order index/descriptor reads
  virtio: add missing mb() on enable notification
  virtio: add missing mb() on notification
  e1000: move reset function earlier in file
2012-04-26 15:20:33 -05:00
Anthony Liguori
d6a6922f3b Merge remote-tracking branch 'amit/master' into staging
* amit/master:
  virtio-serial-bus: Unset guest_connected at reset and driver reset
  virtio-serial-bus: fix guest_connected init before driver init
2012-04-26 15:16:24 -05:00
Anthony Liguori
1d38574fdf pc-sysfw: make sure to call qdev_init
We're not actually calling qdev_init for the pc-sysfw device.  Since we create
the canonical path during realize, this was causing an assert to trigger when
attempting to read a link pointing to pc-sysfw.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-04-26 13:14:57 -05:00
Gerd Hoffmann
aba1f24283 usb-uhci: update irq line on reset
uhci_reset() clears irq mask and irq status registers, but doesn't
update the irq line.  Which may result in suspious IRQs after uhci
reset.  Fix it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:17 +02:00
Gerd Hoffmann
9d55d1adc8 usb: add serial number generator
This patch adds a function which creates unique serial numbers for usb
devices and puts it into use.  Windows guests tend to become unhappy if
they find two identical usb devices in the system.  Effects range from
non-functional devices (with yellow exclamation mark in device manager)
to BSODs.  Handing out unique serial numbers to devices fixes this.

With this patch applied almost all emulated devices get a generated,
unique serial number.  There are two exceptions:

 * usb-storage devices will prefer a user-specified serial number
   and will only get a generated number in case the serial property
   is unset.
 * usb-hid devices keep the fixed serial number "42" as it is used
   to signal "remote wakeup actually works".
   See commit 7b074a22da

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:17 +02:00
Hans de Goede
b15cf49b78 usb-redir: Not finding an async urb id is not an error
We clear our pending async urb list on device disconnect and we may still
receive "packet complete" packets from our peer after this, which will then
refer to packet ids no longer in our list.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:17 +02:00
Hans de Goede
a0625c56e0 usb-redir: Reset device address and speed on disconnect
Without this disconnected devices look like the last redirected device
in the monitor in "info usb".

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:17 +02:00
Hans de Goede
1510168e27 usb-redir: An interface count of 0 is a valid value
An interface-count of 0 happens when a device is in unconfigured state when
it gets redirected. So we should not use 0 to detect not having received
interface info from our peer.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:17 +02:00
Lai Jiangshan
215bff17ed usb-xhci: fix bit test
use & instead of the wrong &&

Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:16 +02:00
David Gibson
59a70ccd3b usb-xhci: Use PCI DMA helper functions
Shortly before 1.0, we added helper functions / wrappers for doing PCI DMA
from individual devices.  This makes what's going on clearer and means that
when we add IOMMU support somewhere in the future, only the general PCI
code will have to change, not every device that uses PCI DMA.

However, usb-xhci is not using these wrappers, despite being a PCI only
device.  This patch remedies the situation, using the pci dma functions
instead of direct calls to cpu_physical_memory_{read,write}().  Likewise
address parameters for DMA are changed to dma_addr_t instead of
target_phys_addr_t.

[ kraxel: removed #ifdefs ]

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:16 +02:00
Gerd Hoffmann
0b377169b1 usb-host: fix zero-length packets
usb-host optimizes away zero-length packets by not entering the
processing loop at all.  Which isn't correct, we should submit a
zero-length urb to the host devicein that case.  This patch makes
sure we run the processing loop at least once.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:16 +02:00
Gerd Hoffmann
818d59dc17 usb-host: don't dereference invalid iovecs
usb-host assumes the first iovec element is always valid.
In case of a zero-length packet this isn't true though.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:16 +02:00
Gerd Hoffmann
6d7aeeeb89 usb-storage: fix request canceling
Little fix for usb packet handling on i/o cancelation.  The
usb packet pointer (s->packet) is cleared at the wrong place:
The scsi request cancel handler does it.  When a usb packet
is canceled the usb-storage emulation canceles the scsi request
if present.  In most cases there is one, so usually s->packet
is cleared as needed even with the code sitting at the wrong
place.

If there is no scsi request in flight s->packet is not cleared
though.  The usb-storage emulation will then try to complete an
usb packet which is not in flight any more and thereby trigger
an assert() in the usb core.

Fix this by clearing s->packet at the correct place, which is
the usb packet cancel header.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:16 +02:00
Hans de Goede
8a771f77e2 usb-ehci: Ensure frindex writes leave a valid frindex value
frindex is a 14 bits counter, so bits 31-14 should always be 0, and
after the commit titled "usb-ehci: frindex always is a 14 bits counter"
we rely on frindex always being a multiple of 8. I've not seen this in
practice, but theoretically a guest can write a value >= 0x4000 or a value
which is not a multiple of 8 value to frindex, this patch ensures that
things will still work when that happens.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:15 +02:00
Gerd Hoffmann
0cc6a0f19e usb-ehci: add missing usb_packet_init() call
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:15 +02:00
Gerd Hoffmann
e59a8cf1eb usb-ehci: remove hack
To answer the question in the comment removed by this patch:  I think
this was needed because several places in the ehci emulation did not
check the T bit of link entries correctly and thus might have followed
invalid references.  See commit 2a5ff735dc

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:15 +02:00
Gerd Hoffmann
ec4a804792 hda: fix codec ids
Our hda codecs exist in two variants:  With CONFIG_MIXEMU=y they expose
amplifiers for volume control to the guest, with CONFIG_MIXEMU=n they
don't.

This patch changes the codec ids, they are different now for these two
cases.  This makes sure windows guests will notice the difference.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
2012-04-26 12:54:17 +04:00
Gerd Hoffmann
2011006569 hda: add hda-micro codec
It's identical to the hda-duplex codec, except that it advertises the
input as microphone instead of line-in and the output as speaker instead
of line-out.  Some guest apps (microsoft netmeeting being one) are picky
when it comes to selecting the recording source and don't accept
line-in, so give them what they expect.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
2012-04-26 12:54:17 +04:00
Gerd Hoffmann
d0c2bbb9f0 hda: move input widgets from duplex to common
Preparing for a new user of the input widget definitions.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
2012-04-26 12:54:17 +04:00
Amit Shah
439972253a virtio-serial-bus: Unset guest_connected at reset and driver reset
When a guest driver resets the virtio status to not ready, or when qemu
is reset, reset all ports' guest_connected bit and let port users know
of this event if they have the guest_close() callback registered.

Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2012-04-25 16:44:07 +05:30
Alon Levy
62a9fbf7fd virtio-serial-bus: fix guest_connected init before driver init
guest_connected should be false before guest driver initialization, and
true after, both for multiport aware and non multiport aware drivers.

Don't set it before the guest_features are available; instead use
set_status which is called by io to VIRTIO_PCI_STATUS with
VIRTIO_CONFIG_S_DRIVER_OK by even older non multiport drivers.

[Amit: Add comment, tweak summary, only set guest_connected and not
       reset it as a side-effect.]

Signed-off-by: Alon Levy <alevy@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
2012-04-25 16:34:02 +05:30
Jason Wang
f1219091ed e1000: set E1000_ICR_INT_ASSERTED only for 8257x
E1000_ICR_INT_ASSERTED were introduced only for 8257x, so we need to
check the E1000_DEVID before setting this bit in ICS.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-04-25 10:53:48 +03:00
Jason Wang
b9d03e352c e1000: link auto-negotiation emulation
Indeed, there's nothing else except for the time spent on the
negotiation needs to be emulated. This is needed for resuming windows
guest from hibernation, as without a proper delay, qemu would send the
packet too early ( guest even does not have a proper intr handler),
which could lead windows guest hang.

This patch first introduces an array of function pointers to make it
possible to emulate per-register write behavior. Then traps the
PHY_CTRL register write and when guest want to restart the link auto
negotiation, we would down the link and mark the auto negotiation in
progress in PHY_STATUS register. After time, a timer with 500 ms (
which is the minimum timeout of auto-negotation specified in 802.3
spec). The link would be up when timer expired.

Test with resuming windows guest plus flood ping and linux ethtool
linkstatus test.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-04-25 10:53:48 +03:00
Jason Wang
f9c1cdf492 e1000: introduce bit for debugging PHY emulation
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-04-25 10:53:48 +03:00
Jason Wang
71aadd3cd2 e1000: introduce helpers to manipulate link status
This patch introduces helpers to change link status bit for phy/mac
register. This would help to reduce code duplication and would be used
by following patches.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-04-25 10:53:48 +03:00
Jason Wang
93e37d7690 e1000: PHY loopback mode support
The missing of loopback mode prevent the running of self diagnosis
program in guest. This patch adds this support.

After this patch, loopback test of ethtool were passed in guest.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-04-25 10:53:48 +03:00
Jason Wang
17fbbb0b3d e1000: conditionally raise irq at the end of MDI cycle
According to the spec:

"When set to 1b by software, it causes an Interrupt to be
asserted to indicate the end of an MDI cycle."

We need check the Interrupt Enable bit and raise irq only when it is
set.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-04-25 10:53:48 +03:00
Jason Wang
2e54cc21ad e1000: introduce bits of PHY control register
This would be used be following patches.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-04-25 10:53:47 +03:00
Stefan Weil
69f3ce78cc eepro100: Fix multicast regression
Commit 7fc8d918b9 removed code from
eepro100.c and replaced it by different code: the code in net.c
returns bits 31...26, but eepro100 needs bits 7...2.

This patch partially reverts 7fc8d918b9.
To avoid future problems, I renamed the function and changed the comment.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-04-25 10:53:47 +03:00
Michael S. Tsirkin
a821ce5933 virtio: order index/descriptor reads
virtio has the equivalent of:

	if (vq->last_avail_index != vring_avail_idx(vq)) {
		read descriptor head at vq->last_avail_index;
	}

In theory, processor can reorder descriptor head
read to happen speculatively before the index read.
this would trigger the following race:

	host descriptor head read <- reads invalid head from ring
		guest writes valid descriptor head
		guest writes avail index
	host avail index read <- observes valid index

as a result host will use an invalid head value.
This was not observed in the field by me but after
the experience with the previous two races
I think it is prudent to address this theoretical race condition.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-04-25 10:53:47 +03:00
Michael S. Tsirkin
92045d80ba virtio: add missing mb() on enable notification
This fixes an issue dual to the one fixed by
patch 'virtio: add missing mb() on notification'
and applies on top.

In this case, to enable vq kick to exit to host,
qemu writes out used flag then reads the
avail index. if these are reordered we get a race:

    host avail index read: ring is empty
    		guest avail index write
    		guest flag read: exit disabled
    host used flag write: enable exit

which results in a lost exit: host will never be notified about the
avail index update.  Again, happens in the field but only seems to
trigger on some specific hardware.

Insert an smp_mb barrier operation to ensure the correct ordering.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-04-25 10:53:47 +03:00
Michael S. Tsirkin
a281ebc11a virtio: add missing mb() on notification
During normal operation, virtio first writes a used index
and then checks whether it should interrupt the guest
by reading guest avail index/flag values.

Guest does the reverse: writes the index/flag,
then checks the used ring.

The ordering is important: if host avail flag read bypasses the used
index write, we could in effect get this timing:

host avail flag read
		guest enable interrupts: avail flag write
		guest check used ring: ring is empty
host used index write

which results in a lost interrupt: guest will never be notified
about the used ring update.

This actually can happen when using kvm with an io thread,
such that the guest vcpu and qemu run on different host cpus,
and this has actually been observed in the field
(but only seems to trigger on very specific processor types)
with userspace virtio: vhost has the necessary smp_mb()
in place to prevent the regordering, so the same workload stalls
forever waiting for an interrupt with vhost=off but works
fine with vhost=on.

Insert an smp_mb barrier operation in userspace virtio to
ensure the correct ordering.
Applying this patch fixed the race condition we have observed.
Tested on x86_64. I checked the code generated by the new macro
for i386 and ppc but didn't run virtio.

Note: mb could in theory be implemented by __sync_synchronize, but this
would make us hit old GCC bugs. Besides old GCC
not implementing __sync_synchronize at all, there were bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=36793
in this functionality as recently as in 4.3.

As we need asm for rmb,wmb anyway, it's just as well to
use it for mb.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-04-25 10:53:46 +03:00
Michael S. Tsirkin
814cd3ac37 e1000: move reset function earlier in file
Make it easier to reuse this function.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-04-25 10:40:50 +03:00
Peter Chubb
cf36b31db2 Limit ptimer rate to something achievable
If a guest sets very short timeouts, and asks for a timer to be reloaded on
timeout, QEMU can go to 100%CPU utilisation and become unresponsive,
as it is spending all its time generating timeout interrupts.  On real
hardware this doesn't matter, as the interrupts are just coalesced,
and the effect is to have the interrupt asserted all the time.

This patch is a band-aid, that prevents timeouts less than 10
microseconds from being set.  10 microseconds is a limit that was
determined empirically on a variety of machines as the shortest that
allowed QEMU to pick up a control-a c sequence to get at the monitor.

Reported-by: Anna Lyons <anna.lyons@nicta.com.au>
Signed-off-by: Peter Chubb <peter.chubb@nicta.com.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-04-24 09:50:31 -05:00
Andreas Färber
dfe47e7029 qom: Refine container_get() to allow using a custom root
Specify the root to search from as argument. This avoids hardcoding
"/machine" in some places and makes it more flexible.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-04-24 09:50:31 -05:00
Anthony Liguori
1f8bcac09a Merge remote-tracking branch 'kwolf/for-anthony' into staging
* kwolf/for-anthony: (38 commits)
  qemu-iotests: Fix test 031 for qcow2 v3 support
  qemu-iotests: Add -o and make v3 the default for qcow2
  qcow2: Zero write support
  qemu-iotests: Test backing file COW with zero clusters
  qemu-iotests: add a simple test for write_zeroes
  qcow2: Support for feature table header extension
  qcow2: Support reading zero clusters
  qcow2: Version 3 images
  qcow2: Ignore reserved bits in check_refcounts
  qcow2: Ignore reserved bits in refcount table entries
  qcow2: Simplify count_cow_clusters
  qcow2: Refactor qcow2_free_any_clusters
  qcow2: Ignore reserved bits in L1/L2 entries
  qcow2: Fail write_compressed when overwriting data
  qcow2: Ignore reserved bits in count_contiguous_clusters()
  qcow2: Ignore reserved bits in get_cluster_offset
  qcow2: Save disk size in snapshot header
  Specification for qcow2 version 3
  qcow2: Fix refcount block allocation during qcow2_alloc_cluster_at()
  iotests: Resolve test failures caused by hostname
  ...
2012-04-23 14:27:04 -05:00
Anthony Liguori
cb4c2548ea Merge remote-tracking branch 'origin/master' into staging
* origin/master:
  fix BCD mask for date (Solaris 2.5 guest hang fix)
2012-04-23 14:15:09 -05:00
Artyom Tarasenko
02f5da11d6 fix BCD mask for date (Solaris 2.5 guest hang fix)
Fix BCD mask for date. The most visible effect of this patch is
Solaris 2.5.1 doesn't hang at boot if the day of month is >21.

Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-04-23 17:01:04 +00:00
Anthony Liguori
5469963394 Merge remote-tracking branch 'origin/master' into staging
* origin/master: (27 commits)
  target-arm: Move reset handling to arm_cpu_reset
  target-arm: Drop cpu_reset_model_id()
  target-arm: Move cache ID register setup to cpu specific init fns
  target-arm: Move OMAP cp15_i_{max,min} reset to cpu_state_reset
  target-arm: Move feature register setup to per-CPU init fns
  target-arm: Move iWMMXT wCID reset to cpu_state_reset
  target-arm: Drop JTAG_ID documentation
  target-arm: Move SCTLR reset value setup to per cpu init fns
  target-arm: Move CTR setup to per cpu init fns
  target-arm: Move MVFR* setup to per cpu init fns
  target-arm: Move FPSID config to cpu init fns
  target-arm: Move feature bit settings to CPU init fns
  target-arm: Add QOM subclasses for each ARM cpu implementation
  target-arm: remind to keep arm features in sync with linux-user/elfload.c
  tci: GETPC() macro must return an uintptr_t
  gdbstub: Synchronize CPU state unconditionally in gdb_set_cpu_pc
  softfloat: make USE_SOFTFLOAT_STRUCT_TYPES compile
  target-xtensa: add tests for LOOPNEZ and LOOPGTZ
  target-xtensa: fix LOOPNEZ/LOOPGTZ translation
  qtest: add m48t59 tests for Sparc
  ...
2012-04-23 11:49:59 -05:00
Anthony Liguori
53878a132a Merge remote-tracking branch 'sstabellini/build_fix' into staging
* sstabellini/build_fix:
  xen: add a dummy xc_hvm_inject_msi for Xen < 4.2
  xen,configure: detect Xen 4.2
2012-04-23 09:58:54 -05:00
Anthony Liguori
6b03296606 Merge remote-tracking branch 'stefanha/trivial-patches' into staging
* stefanha/trivial-patches:
  Add .gitignore for tests/
  e1000: Fix spelling (segmentaion -> segmentation) in debug output
  spice-qemu-char.c: Show what name is unsupported
  pflash_cfi01: remove redundant line
  qxl: Add missing GCC_FMT_ATTR and fix format specifier
  fix block_job_set_speed name in documentation
  error.c: don't return value for void function
2012-04-23 09:58:33 -05:00
Anthony Liguori
4a1873fc8c Merge remote-tracking branch 'bonzini/scsi-next' into staging
* bonzini/scsi-next:
  scsi: add SANITIZE command
  SCSI emulation: should tell the guest that we actually support thin provisioning
  SCSI emulation: Support unmap via WRITE_SAME_10.
  scsi: advertise DPOFUA
  scsi: small refactoring of MMC mode-sense
  scsi: support FUA on reads
  scsi: add a started field to SCSIDiskReq
  scsi: force unit access on VERIFY
  scsi: add support for FUA on writes
  scsi: move scsi_flush_complete around
  scsi: make code more homogeneous in AIO callback functions
  scsi: add missing test for cancelled request
  virtio-scsi: add multiqueue capability
  virtio: add virtio_queue_get_id
  virtio-scsi: prepare migration format for multiqueue
  scsi: fix memory leak
2012-04-23 09:57:47 -05:00
Eric Benard
964c695a54 versatiblepb: add NOR flash support
- add support for the 64MB NOR CFI01 flash available at
0x34000000 on the versatilepb board
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0225d/BBAJIHEC.html

- tested with barebox bootloader

Signed-off-by: Eric Bénard <eric@eukrea.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-04-20 15:39:05 +00:00
Peter Maydell
bdac1c1e95 hw/arm_mptimer: Reset the qemu_timer at reset
On reset of the mpcore timer/watchdog block we need to
delete the qemu_timer in case it was running.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-04-20 15:38:52 +00:00
Oskar Andero
b1f05696cc versatilepb: add ds1338 rtc device
Add ds1338 rtc attached on i2c.

Signed-off-by: Oskar Andero <oskar.andero@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-04-20 15:38:52 +00:00
Oskar Andero
d1157ca418 realview: break out versatile i2c controller code
The versatile i2c controller implementation was separated to
its own file called versatile_i2c.c. This is done as a preparation
for adding i2c support to the versatilepb board.

Signed-off-by: Oskar Andero <oskar.andero@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-04-20 15:38:52 +00:00
Stefan Weil
362f5fb564 e1000: Fix spelling (segmentaion -> segmentation) in debug output
This was reported by https://bugs.launchpad.net/qemu/+bug/984476.

I also changed the case for 'error'.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-04-20 13:20:54 +01:00
Eric Bénard
4d6145488c pflash_cfi01: remove redundant line
Signed-off-by: Eric Bénard <eric@eukrea.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-04-20 13:14:53 +01:00
Stefan Weil
5f8daf2e04 qxl: Add missing GCC_FMT_ATTR and fix format specifier
val is an uint64_t, therefore %d was not correct.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-04-20 13:14:53 +01:00
Paolo Bonzini
3e46d87d66 scsi: add SANITIZE command
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 16:26:33 +02:00
Ronnie Sahlberg
f644a2904d SCSI emulation: should tell the guest that we actually support thin provisioning
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
[Actually, we should report it only if discard_granularity is nonzero.
 Older SBC drafts assigned 0 to thin provisioning and 1 to thick
 (resource-provisioned, they call it).  Newer drafts assign respectively
 1 and 2 - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 16:26:29 +02:00
Ronnie Sahlberg
c9e4d8284e SCSI emulation: Support unmap via WRITE_SAME_10.
This was added in SBC r26 in place of the reserved bits that were
present up to that version.

It is the same as WRITE_SAME_16 as far as QEMU is concerned.

Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 16:16:05 +02:00
Paolo Bonzini
6a2de0f203 scsi: advertise DPOFUA
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 16:16:05 +02:00
Paolo Bonzini
e590ecbed5 scsi: small refactoring of MMC mode-sense
Make DBD a boolean value, and force device-specific parameter to zero.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 16:16:05 +02:00
Paolo Bonzini
ac66842646 scsi: support FUA on reads
To force unit access on reads, flush the cache *before* doing the read.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 16:16:05 +02:00
Paolo Bonzini
a0e66a699e scsi: add a started field to SCSIDiskReq
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 16:16:05 +02:00
Paolo Bonzini
7f64f8e2c3 scsi: force unit access on VERIFY
Also DMA data from the host, to avoid that the host reports an
underrun.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 16:15:58 +02:00
Stefan Hajnoczi
e82dabd82e ide: convert ide_sector_write() to asynchronous I/O
The IDE PIO write sector code path uses bdrv_write() and hence can make
the guest unresponsive while the I/O request is in progress.  This patch
converts ide_sector_write() to use bdrv_aio_writev() by using the
BUSY_STAT bit to tell the guest that the request is in progress.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Tested-by: Richard Davies <richard@arachsys.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-04-19 16:03:27 +02:00
Stefan Hajnoczi
bef0fd5958 ide: convert ide_sector_read() to asynchronous I/O
The IDE PIO interface currently uses bdrv_read() to perform reads
synchronously.  Synchronous I/O in the vcpu thread is bad because it
prevents the guest from executing code - it makes the guest
unresponsive.

This patch converts IDE PIO to use bdrv_aio_readv().  We simply need to
use the BUSY_STAT status so the guest knows to wait while we are busy.

The only external user of ide_sector_read() is restart behavior on I/O
errors and it is not affected by this change.  We still need to restart
I/O in the same way.

Migration is also unaffected if I understand the code correctly.  We
continue to use the same transfer function and the BUSY_STAT status
should never be migrated since we flush I/O before migrating device
state.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Tested-by: Richard Davies <richard@arachsys.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-04-19 16:03:27 +02:00
Paolo Bonzini
7e8c49c561 scsi: add support for FUA on writes
To force unit access, add a flush operation after the actual write.
WRITE AND VERIFY commands always flush according to SBC, so do it
even though we do not perform the reread.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 15:27:20 +02:00
Paolo Bonzini
b77912a77a scsi: move scsi_flush_complete around
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 15:27:20 +02:00
Paolo Bonzini
80624c938d scsi: make code more homogeneous in AIO callback functions
First scsi_flush_complete, like scsi_dma_complete, is always called with
an active AIOCB.

Second, always test for "ret < 0" to check for errors.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 15:27:20 +02:00
Paolo Bonzini
b8aba8d7e3 scsi: add missing test for cancelled request
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 15:27:19 +02:00
Paolo Bonzini
d2ad7dd46e virtio-scsi: add multiqueue capability
Adding multiqueue is as simple as creating more than one virtqueues,
and saving the queue number for each request.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 10:31:05 +02:00
Paolo Bonzini
c80decdbd9 virtio: add virtio_queue_get_id
Serializing virtio-scsi requests needs a simple way to get from a
VirtQueue to the number of the queue.  The virtio_queue_get_id
provides this.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 10:31:05 +02:00
Paolo Bonzini
fcf104a74c virtio-scsi: prepare migration format for multiqueue
In order to restore requests correctly from a multitude of virtqueues,
we need to store the id of the request queue that each request came
from.

Do this even for single-queue, by storing a hard-coded zero, to
simplify future implementation of multiqueue.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 10:31:05 +02:00
Paolo Bonzini
b7c8c35f0a scsi: fix memory leak
scsibus_get_dev_path is leaking id if it is not NULL.  Fix it.

Reported-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 10:31:05 +02:00
Anthony Liguori
51006bbc45 Merge remote-tracking branch 'origin/master' into staging
* origin/master:
  Allow controlling volume with PulseAudio backend
  configure: pa_simple is not needed anymore
  Do not use pa_simple PulseAudio API
  audio/spice: add support for volume control
  hw/ac97: add support for volume control
  hw/ac97: the volume mask is not only 0x1f
  hw/ac97: remove USE_MIXER code
  audio: don't apply volume effect if backend has VOICE_VOLUME_CAP
  audio: add VOICE_VOLUME ctl
2012-04-18 10:06:09 -05:00
Anthony Liguori
25b9e14e78 Merge remote-tracking branch 'spice/spice.v52' into staging
* spice/spice.v52:
  qxl-render: fix broken vnc+spice since commit f934493
  qxl: set default values of vram*_size_mb to -1
  trace-events: remove unused qxl_vga_ioport_while_not_in_vga_mode
2012-04-18 07:56:18 -05:00
Alon Levy
06ddea49f8 qxl-render: fix broken vnc+spice since commit f934493
Notify any listeners such as vnc that the displaysurface has been
changed, otherwise they will segfault when first accessing the freed old
displaysurface data.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-18 12:21:53 +02:00
Alon Levy
79ce356701 qxl: set default values of vram*_size_mb to -1
The addition of those values caused a regression where not specifying
any value for the vram bar size would result in a 4096 _byte_ surface
area. This is ok for the windows driver but causes the X driver to be
unusable. Also, it's a regression. This patch returns the default
behavior of having a 64 megabyte vram BAR.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-18 12:21:53 +02:00
Stefano Stabellini
4c9f8d1b4e xen: add a dummy xc_hvm_inject_msi for Xen < 4.2
xc_hvm_inject_msi is only available on Xen >= 4.2: add a dummy
compatibility function for Xen < 4.2.

Also enable msi support only on Xen >= 4.2.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
2012-04-17 18:04:42 +00:00
Marc-André Lureau
19677a380a hw/ac97: add support for volume control
Combine output volume with Master and PCM registers values.
Use default values in mixer_reset ().
Set volume on post-load to update backend values.

v4,v5:
- fix some code style

Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
2012-04-17 16:57:58 +04:00
Marc-André Lureau
5b72392603 hw/ac97: the volume mask is not only 0x1f
It's a case by case (see Table 66. AC ?97 Baseline Audio Register Map)

Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
2012-04-17 16:57:58 +04:00
Marc-André Lureau
ed2997cdcb hw/ac97: remove USE_MIXER code
That code doesn't compile. The interesting bits for volume control are
going to be rewritten in the following patch.

Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
2012-04-17 16:57:57 +04:00
Gerd Hoffmann
c7020c9740 usb-ehci: drop assert()
Not sure what the purpose of the assert() was, in any case it is bogous.
We can arrive there if transfer descriptors passed to us from the guest
failed to pass sanity checks, i.e. it is guest-triggerable.  We deal
with that case by resetting the host controller.  Everything is ok, no
need to throw a core dump here.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:29 +02:00
Hans de Goede
714f9db06c usb-redir: Notify our peer when we reject a device due to a speed mismatch
Also cleanup (reset) our device state when we reject a device due to a
speed mismatch.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Hans de Goede
8e24283b26 usb-ehci: Drop unused sofv value
The sofv value only ever gets a value assigned and is never used (read)
anywhere, so we can just drop it.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
96dd9aac37 usb-host: rewrite usb_linux_update_endp_table
This patch carries a complete rewrite of the usb descriptor parser.
Changes / improvements:

 * We are using the USBDescriptor struct instead of hard-coded offsets
   now to access descriptor data.
 * (debug) printfs are all gone, tracepoints have been added instead.
 * We don't try (and fail) to skip over unneeded descriptors.  We parse
   them all one by one.  We keep track of which configuration, interface
   and altsetting we are looking at and use this information to figure
   which desciptors are in use and which we can ignore.
 * On parse errors we clear all endpoint information, which will
   disallow any communication with the device, except control endpoint
   messages.  This makes sure we don't end up with a silly device state
   where half of the endpoints got enabled and the other half was left
   disabled.
 * Some sanity checks have been added.

The new parser is more robust and also leaves complete device
information in the trace log if you enable the ush_host_parse_*
tracepoints.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
e36a20d329 usb: use USBDescriptor for endpoint descriptors.
Add endpoint descriptor substruct to USBDescriptor,
use it in the descriptor generator code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
feafd797ee usb: use USBDescriptor for interface descriptors.
Add interface descriptor substruct to USBDescriptor,
use it in the descriptor generator code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
0a263db17a usb: use USBDescriptor for config descriptors.
Add config descriptor substruct to USBDescriptor,
use it in the descriptor generator code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
3cfeee6177 usb: use USBDescriptor for device qualifier descriptors.
Add device qualifier substruct to USBDescriptor,
use it in the descriptor generator code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
d3f904ea7b usb: add USBDescriptor, use for device descriptors.
This patch adds a new type for the binary representation of usb
descriptors.  It is put into use for the descriptor generator code
where the struct replaces the hard-coded offsets.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Hans de Goede
58ea88d87a usb-ehci: frindex always is a 14 bits counter
frindex always is a 14 bits counter, and not a 13 bits one as we were
emulating. There are some subtle hints to this in the spec, first of all
"Table 2-12. FRINDEX - Frame Index Register" says:
"Bit 13:0 Frame Index. The value in this register increments at the end of
each time frame (e.g. micro-frame). Bits [N:3] are used for the Frame List
current index. This means that each location of the frame list is accessed
8 times (frames or micro-frames) before moving to the next index. The
following illustrates values of N based on the value of the Frame List
Size field in the USBCMD register.

USBCMD[Frame List Size]	Number Elements		 N
00b				1024		12
01b				 512		11
10b				 256		10
11b			    Reserved"

Notice how the text talks about "Bits [N:3]" are used ..., it does
NOT say that when N == 12 (our case) the counter will wrap from 8191 to 0,
or in otherwords that it is a 13 bits counter (bits 0 - 12).

The other hint is in "Table 2-10. USBSTS USB Status Register Bit Definitions":

"Bit 3 Frame List Rollover - R/WC. The Host Controller sets this bit to a one
when the Frame List Index (see Section 2.3.4) rolls over from its maximum value
to zero. The exact value at which the rollover occurs depends on the frame
list size. For example, if the frame list size (as programmed in the Frame
List Size field of the USBCMD register) is 1024, the Frame Index Register
rolls over every time FRINDEX[13] toggles. Similarly, if the size is 512,
the Host Controller sets this bit to a one every time FRINDEX[12] toggles."

Notice how this text talks about setting bit 3 when bit 13 of frindex toggles
(when there are 1024 entries, so our case), so this indicates that frindex
has a bit 13 making it a 14 bit counter.

Besides these clear hints the real proof is in the pudding. Before this
patch I could not stream data from a USB2 webcam under Windows XP, after
this cam using a USB2 webcam under Windows XP works fine, and no regressions
with other operating systems were seen.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
088351a7e5 usb-ehci: fix ehci_child_detach
Looks like a cut+paste bug from ehci_detach.  When the device itself is
detached from a ehci port (ehci_detach op) we have to clear the
device pointer for the companion port too.  When a device gets removed
from a downstream port of a usb hub (ehci_child_detach op) the ehci port
where the usb hub is plugged in is not affected.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
529f8f9fa9 usb-hub: add tracepoints
Add tracepoints to the usb hub emulation.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
f5bf14bf39 usb_packet_set_state: handle p->ep == NULL
usb_packet_set_state can be called with p->ep = NULL.  The tracepoint
there tries to log endpoint information, which leads to a segfault.
This patch makes usb_packet_set_state handle the NULL pointer properly.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
39c2057700 usb-host: add property to turn off pipelining
Add a property to usb-host to disable the bulk endpoint pipelining.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
19b89252a3 usb-host: add usb packet to request tracepoints
Add pointer to USBPacket to all tracepoints tracking requests to make it
easier to identify them when multiple requests are in flight.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
6aebe40796 usb-host: trace canceled requests
Add tracepoints to track canceled requests.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
e382e751ef usb-host: trace emulated requests
Add tracepoint to track completion of emulated control requests.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
65bb3a5c11 Add bootindex support to usb-host and usb-redir
When passing through a usb pendrive seabios will present it in the F12
boot menu and will happily boot from it.

This patch adds bootorder support so you can even make it the default
boot device.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
ee008ba626 usb-uhci: queuing fix
When we queue up usb packets we may happen to find a already queued
packet, which also might be finished at that point already.  We don't
want continue processing the packet at this point though, so lets
just signal back we've found a in-flight packet when in queuing mode.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
52b0fecdba usb-uhci: stop queue filling when we find a in-flight td
Not only QHs can form rings, but TDs too.  With the new
queuing/pipelining support we are following TD chains and
can actually walk in circles.  An assert() prevents us from
entering an endless loop then.

Fix is easy:  Just stop queuing when we figure the TD we are
about to queue up is in flight already.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
eeb0cf9abf usb/vmstate: add parent dev path
... to make vmstate id string truely unique with multiple host
controllers, i.e. move from "1/usb-ptr" to "0000:00:01.3/1/usb-ptr"
(usb tabled connected to piix3 uhci).

This obviously breaks migration.  To handle this the usb bus
property "full-path" is added.  When setting this to false old
behavior is maintained.  This way current qemu will be compatible
with old versions when started using '-M pc-$oldversion'.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:21 +02:00
Anthony Liguori
fc34e77bb3 Merge remote-tracking branch 'kiszka/queues/pending' into staging
* kiszka/queues/pending:
  vapic: Disable for pre-1.1 machines
  Kick io-thread on qemu_chr_accept_input
  pcnet: Properly handle TX requests during Link Fail
  pcnet: Clear ERR in CSR0 on stop
  signrom: Rewrite as python script

Conflicts:
	hw/pc_piix.c

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-04-16 12:56:28 -05:00
Anthony Liguori
52346e8c75 Merge remote-tracking branch 'mst/tags/for_anthony' into staging
* mst/tags/for_anthony:
  pci: fix corrupted pci conf index register by unaligned write
  acpi: explicitly account for >1 device per slot
  acpi_piix4: Re-define PCI hotplug eject register read
  acpi_piix4: Remove PCI_RMV_BASE write code
  acpi_piix4: Fix PCI hotplug race
  acpi_piix4: Disallow write to up/down PCI hotplug registers
  virtio-pci: change virtio balloon PCI class code
  ivshmem: add missing msix calls
  vhost: readd assert statement
  vhost: Fix size of dirty log sync on resize
  pc: reduce duplication in compat machine types
  piix_pci: fix typo in i400FX chipset init code
2012-04-16 12:52:22 -05:00
Anthony Liguori
8a6b8708e3 Merge remote-tracking branch 'sstabellini/for_anthony' into staging
* sstabellini/for_anthony:
  xen: introduce an event channel for buffered io event notifications
  xen-mapcache: don't unmap locked entry during mapcache invalidation
  Xen, mapcache: Fix the compute of the size of bucket.
  xen: handle backend deletion from xenstore
  Xen: Add xen-apic support and hook it up.
  Xen: basic HVM MSI injection support.
2012-04-16 12:50:12 -05:00
Jan Kiszka
9bea6a2956 vapic: Disable for pre-1.1 machines
The kvmvapic was not present in older QEMU versions, thus must be
disabled in compat machines.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2012-04-16 15:41:36 +02:00
Jan Kiszka
ef45c9147f pcnet: Properly handle TX requests during Link Fail
As long as we have no link and we aren't in internal loopback mode, no
packet must be sent. Instead, LCAR needs to be set in any active TX
descriptor and also CERR in CSR0.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2012-04-16 15:41:28 +02:00
Jan Kiszka
6655124ddd pcnet: Clear ERR in CSR0 on stop
pcnet_stop already clears any reason (BABL, CERR, MISS, MERR) why ERR
(bit 15) should be set in CRS0. So we have to clear that bit as well.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2012-04-16 15:41:24 +02:00
David Gibson
c17491b63e pseries: Fix reset of VIO network device
Currently, the PAPR VIO network device does not have a reset handler.  This
means that after a hard reset, H_REGISTER_LOGICAL_LAN will return an error
when the new guest boot attempts to initialize the device.

This patch corrects this, adding a suitable reset hook.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-04-15 20:07:58 +02:00
David Gibson
3cabba609d pseries: Reset vscsi properly
Currently the PAPR vscsi implementation does not properly clear its table
of request tags when the system is reset.  This patch adds a reset hook
to do so.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-04-15 20:02:28 +02:00
David Gibson
b1c7f725a3 pseries: Correctly use the device model reset hooks
Recently we added code to properly clean away VIO CRQs on reset  However,
this directly uses qemu_register, rather than the existing device model
reset callbacks.  This patch cleans this up by adding proper use of the
reset hook to the VIO bus model.  The existing CRQ reset code is converted
to the new method.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-04-15 20:02:28 +02:00
David Gibson
91067bf868 pseries: Remove old hcalls hook stub
Some time ago we removed all use of the 'hcalls' callback in the pseries
VIO code, which was used to workaround an ordering problem which has since
been solved properly.  However, the function pointer for the hook remains.
This patch cleans it away.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-04-15 20:02:28 +02:00
David Gibson
e2d9154dfa pseries: Remove old debug leftovers from spapr_vscsi
The PAPR VSCSI emulation contains a few lines of code which were once used
for debug but now do nothing at all.  This patch removes them.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-04-15 20:02:28 +02:00
David Gibson
92615a5ab9 pseries: Fix RTAS based config access
On the pseries platform, access to PCI config space is via RTAS calls(
which go to the hypervisor) rather than MMIO.  This means we don't use
the same code path as nearly everyone else which goes through pci_host.c
and we're missing some of the parameter checking along the way.

We do have some parameter checking in the RTAS calls, but it's not enough.
It checks for overruns, but does not check for unaligned accesses,
oversized accesses (which means the guest could trigger an assertion
failure from pci_host_config_{read,write}_common().  Worse it doesn't do
the basic checking for the number of RTAS arguments and results before
accessing them.

This patch fixes these bugs.

Cc: Michael S. Tsirkin <mst@redhat.com>

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[AF: Fix typos spotted by mst]
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-04-15 20:02:09 +02:00
David Gibson
5f2e2ba262 pseries: Consolidate hack for RTAS display-character usage
Currently the pseries machine contains not one but two somewhat ugly hacks
to allow printing of early debug messages before the guest has properly
read the device tree.

First, we special case H_PUT_TERM_CHAR so that a vtermno of 0 (usually
invalid) will look for a suitable vty and use that.  This supports Linux's
early debug code which will use H_PUT_TERM_CHAR with vtermno==0 before
reading the device tree.  Second, we support the RTAS display-character call.
This takes no vtermno so we assume the address of the default first VTY.

This patch makes things more consistent by folding the second hack into the
first.  Now, display-character uses the existing vty_lookup() function to
do the same search for a suitable VTY.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-04-15 17:07:19 +02:00
David Gibson
3b768df95a pseries: Remove unused fields from VIOsPAPRBus structure
The VIOsPAPRBus structure, used on the pseries machine contains some old
fields which are no longer used anywhere.  This patch removes them.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-04-15 17:07:19 +02:00
David Gibson
c821a43c60 pseries: Implement RTAS system-reboot call
This patch adds the PAPR defined RTAS system-reboot call to the pseries
machine emulation, providing the guest with a way to trigger a reboot.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-04-15 17:07:19 +02:00
David Gibson
8e01f355db pseries: Fix bug with reset of VIO CRQs
PAPR specifies a Command Response Queue (CRQ) mechanism used for virtual
IO, which we implement.  However, we don't correctly clean up registered
CRQs when we reset the system.

This patch adds a reset handler to fix this bug.  While we're at it, add
in some of the extra debug messages that were used to track the problem
down.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[AF: Updated hcall_dprintf()s to not duplicate the function name]
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-04-15 17:07:19 +02:00