Little fix for usb packet handling on i/o cancelation. The
usb packet pointer (s->packet) is cleared at the wrong place:
The scsi request cancel handler does it. When a usb packet
is canceled the usb-storage emulation canceles the scsi request
if present. In most cases there is one, so usually s->packet
is cleared as needed even with the code sitting at the wrong
place.
If there is no scsi request in flight s->packet is not cleared
though. The usb-storage emulation will then try to complete an
usb packet which is not in flight any more and thereby trigger
an assert() in the usb core.
Fix this by clearing s->packet at the correct place, which is
the usb packet cancel header.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
frindex is a 14 bits counter, so bits 31-14 should always be 0, and
after the commit titled "usb-ehci: frindex always is a 14 bits counter"
we rely on frindex always being a multiple of 8. I've not seen this in
practice, but theoretically a guest can write a value >= 0x4000 or a value
which is not a multiple of 8 value to frindex, this patch ensures that
things will still work when that happens.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
To answer the question in the comment removed by this patch: I think
this was needed because several places in the ehci emulation did not
check the T bit of link entries correctly and thus might have followed
invalid references. See commit 2a5ff735dc
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Our hda codecs exist in two variants: With CONFIG_MIXEMU=y they expose
amplifiers for volume control to the guest, with CONFIG_MIXEMU=n they
don't.
This patch changes the codec ids, they are different now for these two
cases. This makes sure windows guests will notice the difference.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
It's identical to the hda-duplex codec, except that it advertises the
input as microphone instead of line-in and the output as speaker instead
of line-out. Some guest apps (microsoft netmeeting being one) are picky
when it comes to selecting the recording source and don't accept
line-in, so give them what they expect.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
When a guest driver resets the virtio status to not ready, or when qemu
is reset, reset all ports' guest_connected bit and let port users know
of this event if they have the guest_close() callback registered.
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
guest_connected should be false before guest driver initialization, and
true after, both for multiport aware and non multiport aware drivers.
Don't set it before the guest_features are available; instead use
set_status which is called by io to VIRTIO_PCI_STATUS with
VIRTIO_CONFIG_S_DRIVER_OK by even older non multiport drivers.
[Amit: Add comment, tweak summary, only set guest_connected and not
reset it as a side-effect.]
Signed-off-by: Alon Levy <alevy@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
E1000_ICR_INT_ASSERTED were introduced only for 8257x, so we need to
check the E1000_DEVID before setting this bit in ICS.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Indeed, there's nothing else except for the time spent on the
negotiation needs to be emulated. This is needed for resuming windows
guest from hibernation, as without a proper delay, qemu would send the
packet too early ( guest even does not have a proper intr handler),
which could lead windows guest hang.
This patch first introduces an array of function pointers to make it
possible to emulate per-register write behavior. Then traps the
PHY_CTRL register write and when guest want to restart the link auto
negotiation, we would down the link and mark the auto negotiation in
progress in PHY_STATUS register. After time, a timer with 500 ms (
which is the minimum timeout of auto-negotation specified in 802.3
spec). The link would be up when timer expired.
Test with resuming windows guest plus flood ping and linux ethtool
linkstatus test.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This patch introduces helpers to change link status bit for phy/mac
register. This would help to reduce code duplication and would be used
by following patches.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The missing of loopback mode prevent the running of self diagnosis
program in guest. This patch adds this support.
After this patch, loopback test of ethtool were passed in guest.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
According to the spec:
"When set to 1b by software, it causes an Interrupt to be
asserted to indicate the end of an MDI cycle."
We need check the Interrupt Enable bit and raise irq only when it is
set.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Commit 7fc8d918b9 removed code from
eepro100.c and replaced it by different code: the code in net.c
returns bits 31...26, but eepro100 needs bits 7...2.
This patch partially reverts 7fc8d918b9.
To avoid future problems, I renamed the function and changed the comment.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
virtio has the equivalent of:
if (vq->last_avail_index != vring_avail_idx(vq)) {
read descriptor head at vq->last_avail_index;
}
In theory, processor can reorder descriptor head
read to happen speculatively before the index read.
this would trigger the following race:
host descriptor head read <- reads invalid head from ring
guest writes valid descriptor head
guest writes avail index
host avail index read <- observes valid index
as a result host will use an invalid head value.
This was not observed in the field by me but after
the experience with the previous two races
I think it is prudent to address this theoretical race condition.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This fixes an issue dual to the one fixed by
patch 'virtio: add missing mb() on notification'
and applies on top.
In this case, to enable vq kick to exit to host,
qemu writes out used flag then reads the
avail index. if these are reordered we get a race:
host avail index read: ring is empty
guest avail index write
guest flag read: exit disabled
host used flag write: enable exit
which results in a lost exit: host will never be notified about the
avail index update. Again, happens in the field but only seems to
trigger on some specific hardware.
Insert an smp_mb barrier operation to ensure the correct ordering.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
During normal operation, virtio first writes a used index
and then checks whether it should interrupt the guest
by reading guest avail index/flag values.
Guest does the reverse: writes the index/flag,
then checks the used ring.
The ordering is important: if host avail flag read bypasses the used
index write, we could in effect get this timing:
host avail flag read
guest enable interrupts: avail flag write
guest check used ring: ring is empty
host used index write
which results in a lost interrupt: guest will never be notified
about the used ring update.
This actually can happen when using kvm with an io thread,
such that the guest vcpu and qemu run on different host cpus,
and this has actually been observed in the field
(but only seems to trigger on very specific processor types)
with userspace virtio: vhost has the necessary smp_mb()
in place to prevent the regordering, so the same workload stalls
forever waiting for an interrupt with vhost=off but works
fine with vhost=on.
Insert an smp_mb barrier operation in userspace virtio to
ensure the correct ordering.
Applying this patch fixed the race condition we have observed.
Tested on x86_64. I checked the code generated by the new macro
for i386 and ppc but didn't run virtio.
Note: mb could in theory be implemented by __sync_synchronize, but this
would make us hit old GCC bugs. Besides old GCC
not implementing __sync_synchronize at all, there were bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=36793
in this functionality as recently as in 4.3.
As we need asm for rmb,wmb anyway, it's just as well to
use it for mb.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
If a guest sets very short timeouts, and asks for a timer to be reloaded on
timeout, QEMU can go to 100%CPU utilisation and become unresponsive,
as it is spending all its time generating timeout interrupts. On real
hardware this doesn't matter, as the interrupts are just coalesced,
and the effect is to have the interrupt asserted all the time.
This patch is a band-aid, that prevents timeouts less than 10
microseconds from being set. 10 microseconds is a limit that was
determined empirically on a variety of machines as the shortest that
allowed QEMU to pick up a control-a c sequence to get at the monitor.
Reported-by: Anna Lyons <anna.lyons@nicta.com.au>
Signed-off-by: Peter Chubb <peter.chubb@nicta.com.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Specify the root to search from as argument. This avoids hardcoding
"/machine" in some places and makes it more flexible.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* kwolf/for-anthony: (38 commits)
qemu-iotests: Fix test 031 for qcow2 v3 support
qemu-iotests: Add -o and make v3 the default for qcow2
qcow2: Zero write support
qemu-iotests: Test backing file COW with zero clusters
qemu-iotests: add a simple test for write_zeroes
qcow2: Support for feature table header extension
qcow2: Support reading zero clusters
qcow2: Version 3 images
qcow2: Ignore reserved bits in check_refcounts
qcow2: Ignore reserved bits in refcount table entries
qcow2: Simplify count_cow_clusters
qcow2: Refactor qcow2_free_any_clusters
qcow2: Ignore reserved bits in L1/L2 entries
qcow2: Fail write_compressed when overwriting data
qcow2: Ignore reserved bits in count_contiguous_clusters()
qcow2: Ignore reserved bits in get_cluster_offset
qcow2: Save disk size in snapshot header
Specification for qcow2 version 3
qcow2: Fix refcount block allocation during qcow2_alloc_cluster_at()
iotests: Resolve test failures caused by hostname
...
Fix BCD mask for date. The most visible effect of this patch is
Solaris 2.5.1 doesn't hang at boot if the day of month is >21.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* origin/master: (27 commits)
target-arm: Move reset handling to arm_cpu_reset
target-arm: Drop cpu_reset_model_id()
target-arm: Move cache ID register setup to cpu specific init fns
target-arm: Move OMAP cp15_i_{max,min} reset to cpu_state_reset
target-arm: Move feature register setup to per-CPU init fns
target-arm: Move iWMMXT wCID reset to cpu_state_reset
target-arm: Drop JTAG_ID documentation
target-arm: Move SCTLR reset value setup to per cpu init fns
target-arm: Move CTR setup to per cpu init fns
target-arm: Move MVFR* setup to per cpu init fns
target-arm: Move FPSID config to cpu init fns
target-arm: Move feature bit settings to CPU init fns
target-arm: Add QOM subclasses for each ARM cpu implementation
target-arm: remind to keep arm features in sync with linux-user/elfload.c
tci: GETPC() macro must return an uintptr_t
gdbstub: Synchronize CPU state unconditionally in gdb_set_cpu_pc
softfloat: make USE_SOFTFLOAT_STRUCT_TYPES compile
target-xtensa: add tests for LOOPNEZ and LOOPGTZ
target-xtensa: fix LOOPNEZ/LOOPGTZ translation
qtest: add m48t59 tests for Sparc
...
* stefanha/trivial-patches:
Add .gitignore for tests/
e1000: Fix spelling (segmentaion -> segmentation) in debug output
spice-qemu-char.c: Show what name is unsupported
pflash_cfi01: remove redundant line
qxl: Add missing GCC_FMT_ATTR and fix format specifier
fix block_job_set_speed name in documentation
error.c: don't return value for void function
* bonzini/scsi-next:
scsi: add SANITIZE command
SCSI emulation: should tell the guest that we actually support thin provisioning
SCSI emulation: Support unmap via WRITE_SAME_10.
scsi: advertise DPOFUA
scsi: small refactoring of MMC mode-sense
scsi: support FUA on reads
scsi: add a started field to SCSIDiskReq
scsi: force unit access on VERIFY
scsi: add support for FUA on writes
scsi: move scsi_flush_complete around
scsi: make code more homogeneous in AIO callback functions
scsi: add missing test for cancelled request
virtio-scsi: add multiqueue capability
virtio: add virtio_queue_get_id
virtio-scsi: prepare migration format for multiqueue
scsi: fix memory leak
On reset of the mpcore timer/watchdog block we need to
delete the qemu_timer in case it was running.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The versatile i2c controller implementation was separated to
its own file called versatile_i2c.c. This is done as a preparation
for adding i2c support to the versatilepb board.
Signed-off-by: Oskar Andero <oskar.andero@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This was reported by https://bugs.launchpad.net/qemu/+bug/984476.
I also changed the case for 'error'.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Eric Bénard <eric@eukrea.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
val is an uint64_t, therefore %d was not correct.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
[Actually, we should report it only if discard_granularity is nonzero.
Older SBC drafts assigned 0 to thin provisioning and 1 to thick
(resource-provisioned, they call it). Newer drafts assign respectively
1 and 2 - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This was added in SBC r26 in place of the reserved bits that were
present up to that version.
It is the same as WRITE_SAME_16 as far as QEMU is concerned.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The IDE PIO write sector code path uses bdrv_write() and hence can make
the guest unresponsive while the I/O request is in progress. This patch
converts ide_sector_write() to use bdrv_aio_writev() by using the
BUSY_STAT bit to tell the guest that the request is in progress.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Tested-by: Richard Davies <richard@arachsys.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The IDE PIO interface currently uses bdrv_read() to perform reads
synchronously. Synchronous I/O in the vcpu thread is bad because it
prevents the guest from executing code - it makes the guest
unresponsive.
This patch converts IDE PIO to use bdrv_aio_readv(). We simply need to
use the BUSY_STAT status so the guest knows to wait while we are busy.
The only external user of ide_sector_read() is restart behavior on I/O
errors and it is not affected by this change. We still need to restart
I/O in the same way.
Migration is also unaffected if I understand the code correctly. We
continue to use the same transfer function and the BUSY_STAT status
should never be migrated since we flush I/O before migrating device
state.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Tested-by: Richard Davies <richard@arachsys.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
To force unit access, add a flush operation after the actual write.
WRITE AND VERIFY commands always flush according to SBC, so do it
even though we do not perform the reread.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
First scsi_flush_complete, like scsi_dma_complete, is always called with
an active AIOCB.
Second, always test for "ret < 0" to check for errors.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Adding multiqueue is as simple as creating more than one virtqueues,
and saving the queue number for each request.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Serializing virtio-scsi requests needs a simple way to get from a
VirtQueue to the number of the queue. The virtio_queue_get_id
provides this.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
In order to restore requests correctly from a multitude of virtqueues,
we need to store the id of the request queue that each request came
from.
Do this even for single-queue, by storing a hard-coded zero, to
simplify future implementation of multiqueue.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
scsibus_get_dev_path is leaking id if it is not NULL. Fix it.
Reported-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* origin/master:
Allow controlling volume with PulseAudio backend
configure: pa_simple is not needed anymore
Do not use pa_simple PulseAudio API
audio/spice: add support for volume control
hw/ac97: add support for volume control
hw/ac97: the volume mask is not only 0x1f
hw/ac97: remove USE_MIXER code
audio: don't apply volume effect if backend has VOICE_VOLUME_CAP
audio: add VOICE_VOLUME ctl
Notify any listeners such as vnc that the displaysurface has been
changed, otherwise they will segfault when first accessing the freed old
displaysurface data.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The addition of those values caused a regression where not specifying
any value for the vram bar size would result in a 4096 _byte_ surface
area. This is ok for the windows driver but causes the X driver to be
unusable. Also, it's a regression. This patch returns the default
behavior of having a 64 megabyte vram BAR.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
xc_hvm_inject_msi is only available on Xen >= 4.2: add a dummy
compatibility function for Xen < 4.2.
Also enable msi support only on Xen >= 4.2.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Combine output volume with Master and PCM registers values.
Use default values in mixer_reset ().
Set volume on post-load to update backend values.
v4,v5:
- fix some code style
Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
It's a case by case (see Table 66. AC ?97 Baseline Audio Register Map)
Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
That code doesn't compile. The interesting bits for volume control are
going to be rewritten in the following patch.
Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
Not sure what the purpose of the assert() was, in any case it is bogous.
We can arrive there if transfer descriptors passed to us from the guest
failed to pass sanity checks, i.e. it is guest-triggerable. We deal
with that case by resetting the host controller. Everything is ok, no
need to throw a core dump here.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Also cleanup (reset) our device state when we reject a device due to a
speed mismatch.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The sofv value only ever gets a value assigned and is never used (read)
anywhere, so we can just drop it.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch carries a complete rewrite of the usb descriptor parser.
Changes / improvements:
* We are using the USBDescriptor struct instead of hard-coded offsets
now to access descriptor data.
* (debug) printfs are all gone, tracepoints have been added instead.
* We don't try (and fail) to skip over unneeded descriptors. We parse
them all one by one. We keep track of which configuration, interface
and altsetting we are looking at and use this information to figure
which desciptors are in use and which we can ignore.
* On parse errors we clear all endpoint information, which will
disallow any communication with the device, except control endpoint
messages. This makes sure we don't end up with a silly device state
where half of the endpoints got enabled and the other half was left
disabled.
* Some sanity checks have been added.
The new parser is more robust and also leaves complete device
information in the trace log if you enable the ush_host_parse_*
tracepoints.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds a new type for the binary representation of usb
descriptors. It is put into use for the descriptor generator code
where the struct replaces the hard-coded offsets.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
frindex always is a 14 bits counter, and not a 13 bits one as we were
emulating. There are some subtle hints to this in the spec, first of all
"Table 2-12. FRINDEX - Frame Index Register" says:
"Bit 13:0 Frame Index. The value in this register increments at the end of
each time frame (e.g. micro-frame). Bits [N:3] are used for the Frame List
current index. This means that each location of the frame list is accessed
8 times (frames or micro-frames) before moving to the next index. The
following illustrates values of N based on the value of the Frame List
Size field in the USBCMD register.
USBCMD[Frame List Size] Number Elements N
00b 1024 12
01b 512 11
10b 256 10
11b Reserved"
Notice how the text talks about "Bits [N:3]" are used ..., it does
NOT say that when N == 12 (our case) the counter will wrap from 8191 to 0,
or in otherwords that it is a 13 bits counter (bits 0 - 12).
The other hint is in "Table 2-10. USBSTS USB Status Register Bit Definitions":
"Bit 3 Frame List Rollover - R/WC. The Host Controller sets this bit to a one
when the Frame List Index (see Section 2.3.4) rolls over from its maximum value
to zero. The exact value at which the rollover occurs depends on the frame
list size. For example, if the frame list size (as programmed in the Frame
List Size field of the USBCMD register) is 1024, the Frame Index Register
rolls over every time FRINDEX[13] toggles. Similarly, if the size is 512,
the Host Controller sets this bit to a one every time FRINDEX[12] toggles."
Notice how this text talks about setting bit 3 when bit 13 of frindex toggles
(when there are 1024 entries, so our case), so this indicates that frindex
has a bit 13 making it a 14 bit counter.
Besides these clear hints the real proof is in the pudding. Before this
patch I could not stream data from a USB2 webcam under Windows XP, after
this cam using a USB2 webcam under Windows XP works fine, and no regressions
with other operating systems were seen.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Looks like a cut+paste bug from ehci_detach. When the device itself is
detached from a ehci port (ehci_detach op) we have to clear the
device pointer for the companion port too. When a device gets removed
from a downstream port of a usb hub (ehci_child_detach op) the ehci port
where the usb hub is plugged in is not affected.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
usb_packet_set_state can be called with p->ep = NULL. The tracepoint
there tries to log endpoint information, which leads to a segfault.
This patch makes usb_packet_set_state handle the NULL pointer properly.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add pointer to USBPacket to all tracepoints tracking requests to make it
easier to identify them when multiple requests are in flight.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When passing through a usb pendrive seabios will present it in the F12
boot menu and will happily boot from it.
This patch adds bootorder support so you can even make it the default
boot device.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When we queue up usb packets we may happen to find a already queued
packet, which also might be finished at that point already. We don't
want continue processing the packet at this point though, so lets
just signal back we've found a in-flight packet when in queuing mode.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Not only QHs can form rings, but TDs too. With the new
queuing/pipelining support we are following TD chains and
can actually walk in circles. An assert() prevents us from
entering an endless loop then.
Fix is easy: Just stop queuing when we figure the TD we are
about to queue up is in flight already.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
... to make vmstate id string truely unique with multiple host
controllers, i.e. move from "1/usb-ptr" to "0000:00:01.3/1/usb-ptr"
(usb tabled connected to piix3 uhci).
This obviously breaks migration. To handle this the usb bus
property "full-path" is added. When setting this to false old
behavior is maintained. This way current qemu will be compatible
with old versions when started using '-M pc-$oldversion'.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* kiszka/queues/pending:
vapic: Disable for pre-1.1 machines
Kick io-thread on qemu_chr_accept_input
pcnet: Properly handle TX requests during Link Fail
pcnet: Clear ERR in CSR0 on stop
signrom: Rewrite as python script
Conflicts:
hw/pc_piix.c
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* sstabellini/for_anthony:
xen: introduce an event channel for buffered io event notifications
xen-mapcache: don't unmap locked entry during mapcache invalidation
Xen, mapcache: Fix the compute of the size of bucket.
xen: handle backend deletion from xenstore
Xen: Add xen-apic support and hook it up.
Xen: basic HVM MSI injection support.
As long as we have no link and we aren't in internal loopback mode, no
packet must be sent. Instead, LCAR needs to be set in any active TX
descriptor and also CERR in CSR0.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
pcnet_stop already clears any reason (BABL, CERR, MISS, MERR) why ERR
(bit 15) should be set in CRS0. So we have to clear that bit as well.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Currently, the PAPR VIO network device does not have a reset handler. This
means that after a hard reset, H_REGISTER_LOGICAL_LAN will return an error
when the new guest boot attempts to initialize the device.
This patch corrects this, adding a suitable reset hook.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Currently the PAPR vscsi implementation does not properly clear its table
of request tags when the system is reset. This patch adds a reset hook
to do so.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Recently we added code to properly clean away VIO CRQs on reset However,
this directly uses qemu_register, rather than the existing device model
reset callbacks. This patch cleans this up by adding proper use of the
reset hook to the VIO bus model. The existing CRQ reset code is converted
to the new method.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Some time ago we removed all use of the 'hcalls' callback in the pseries
VIO code, which was used to workaround an ordering problem which has since
been solved properly. However, the function pointer for the hook remains.
This patch cleans it away.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The PAPR VSCSI emulation contains a few lines of code which were once used
for debug but now do nothing at all. This patch removes them.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
On the pseries platform, access to PCI config space is via RTAS calls(
which go to the hypervisor) rather than MMIO. This means we don't use
the same code path as nearly everyone else which goes through pci_host.c
and we're missing some of the parameter checking along the way.
We do have some parameter checking in the RTAS calls, but it's not enough.
It checks for overruns, but does not check for unaligned accesses,
oversized accesses (which means the guest could trigger an assertion
failure from pci_host_config_{read,write}_common(). Worse it doesn't do
the basic checking for the number of RTAS arguments and results before
accessing them.
This patch fixes these bugs.
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[AF: Fix typos spotted by mst]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Currently the pseries machine contains not one but two somewhat ugly hacks
to allow printing of early debug messages before the guest has properly
read the device tree.
First, we special case H_PUT_TERM_CHAR so that a vtermno of 0 (usually
invalid) will look for a suitable vty and use that. This supports Linux's
early debug code which will use H_PUT_TERM_CHAR with vtermno==0 before
reading the device tree. Second, we support the RTAS display-character call.
This takes no vtermno so we assume the address of the default first VTY.
This patch makes things more consistent by folding the second hack into the
first. Now, display-character uses the existing vty_lookup() function to
do the same search for a suitable VTY.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The VIOsPAPRBus structure, used on the pseries machine contains some old
fields which are no longer used anywhere. This patch removes them.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This patch adds the PAPR defined RTAS system-reboot call to the pseries
machine emulation, providing the guest with a way to trigger a reboot.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
PAPR specifies a Command Response Queue (CRQ) mechanism used for virtual
IO, which we implement. However, we don't correctly clean up registered
CRQs when we reset the system.
This patch adds a reset handler to fix this bug. While we're at it, add
in some of the extra debug messages that were used to track the problem
down.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[AF: Updated hcall_dprintf()s to not duplicate the function name]
Signed-off-by: Andreas Färber <afaerber@suse.de>
The pseries machine code has a number of debug messages for debugging PAPR
hypercalls, dependent on DEBUG_SPAPR_HCALLS. This patch cleans these
messages up a bit, by adding __func__ to the hcall_dprintf() macro and
simplifying up a number of the individual messages accordingly.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Commit d0ed8076cb converted the PCI config access to the memory
API, but also inadvertantly changed it to accept unaligned writes,
and corrupt the index register in the process. This causes a regression
booting NetBSD.
Fix by ignoring unaligned or non-dword writes.
https://bugs.launchpad.net/qemu/+bug/897771
Reported-by: Andreas Gustafsson <gson@gson.org>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Slot present bit is cleared apparently for each device. Hotplug and non
hotplug devices should not mix normally, and we only set the bit when we
add a device so it should all work out, but it's more robust to
explicitly account for more than one device per slot.
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The PCI hotplug eject register has always returned 0, so let's redefine
it as a hotplug feature register. The existing model of using separate
up & down read-only registers and an eject via write to this register
becomes the base implementation. As we make use of new interfaces we'll
set bits here to allow the BIOS and AML implementation to optimize for
the platform implementation.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Clarify this register as read-only and remove write code. No
change in existing behavior.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
As Michael Tsirkin demonstrated, current PCI hotplug is vulnerable
to a few races. The first is a race with other hotplug operations
because we clear the up & down registers at each event. If a new
event comes before the last is processed, up/down is cleared and
the event is lost.
To fix this for the down register, we create a life cycle for
the event request that starts with the hot unplug request in
piix4_device_hotplug() and ends when the device is ejected.
This allows us to mask and clear individual bits, preserving them
against races. For the up register, we have no clear end point
for when the event is finished. We could modify the BIOS to
acknowledge the bit and clear it, but this creates BIOS compatibiliy
issues without offering a complete solution. Instead we note that
gratuitous ACPI device checks are not harmful, which allows us to
issue a device check for every slot. We know which slots are present
and we know which slots are hotpluggable, so we can easily reduce
this to a more manageable set for the guest.
The other race Michael noted was that an unplug request followed
by reset may also lose the eject notification, which may also
result in the eject request being lost which a subsequent add
or remove. Once we're in reset, the device is unused and we can
flush the queue of device removals ourselves. Previously if a
device_del was issued to a guest without ACPI PCI hotplug support,
it was necessary to shutdown the guest to recover the device.
With this, a guest reboot is sufficient.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The write side of these registers is never used and actually can't be
used as defined because any read/modify/write sequence from the guest
potentially races with qemu. Drop the write support and define these
as read-only registers.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm:
hw/arm_gic: Remove stray hardcoded tab
hw/arm_gic: gic_set_pending_private() is NVIC only
hw/arm_gic: Use NVIC instead of LEGACY_INCLUDED_GIC define
hw/arm_gic: Make gic_reset a sysbus reset function
hw/arm11mpcore: Convert to using sysbus GIC device
hw/exynos4210_gic: Convert to using sysbus GIC
hw/realview_gic: switch to sysbus GIC
hw/a9mpcore: Switch to using sysbus GIC
hw/a15mpcore: switch to using sysbus GIC
hw/arm_gic: Make the GIC its own sysbus device
hw/arm_gic: Expose PPI inputs as gpio inputs
hw/arm_gic: Move gic_get_current_cpu into arm_gic.c
hw/arm_gic: Move NCPU definition to arm_gic.c
hw/exynos4210_combiner.c: Drop excessive read/write access check.
ARM: Exynos4210: Drop gic_cpu_write() after initialization.
Fix bit test in Exynos4210 UART emulation to use & instead of &&
The function gic_set_pending_private() is now used by the NVIC
only (for the GIC we now set PPI interrupts via gpio lines and
gic_set_irq()). So make it #ifdef NVIC and remove the 'attribute
unused' annotation.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Now all the A profile cores have been switched to use the standalone
sysbus GIC, the only remaining code which #includes arm_gic.c is
the v7M NVIC. The coupling is much closer here so it's not so
easily disentangled. For now, add a comment about how arm_gic.c
is compiled, and assume that the NVIC always includes arm_gic.c
and the non-NVIC GIC is always compiled standalone.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Make gic_reset a sysbus reset function, so we actually
reset the GIC on system reset rather than only at init.
For the NVIC this requires us also to implement reset
of the SysTick.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Convert the Exynos GIC code to use the standalone sysbus
GIC device.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Evgeny Voevodin <e.voevodin@samsung.com>
Switch the a9mpcore to using the sysbus GIC device rather
than having the a9mp private memory region device subclass
the GIC.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compile arm_gic.c as a standalone C file to produce a self contained
sysbus GIC device. Support the legacy usage by #include of the .c file
by making those users #define LEGACY_INCLUDED_GIC, so we can convert
them one by one.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Evgeny Voevodin <e.voevodin@samsung.com>
Expose the Private Peripheral Interrupt inputs as GPIO inputs.
The layout of the GPIO array is thus:
[0..N-1] SPIs
[N..N+31] PPIs for CPU 0
[N+32..N+63] PPIs for CPU 1
...
Treating PPIs as being another kind of input line is in line with the
GIC architecture specification, where they are clearly described that
way. The 11MPCore TRM is a bit more ambiguous, but there is no practical
difference between "set PPI X as pending" and "0->1 transition on a
PPI input line configured as edge triggered", and PPIs are always
edge triggered, so this change won't affect behaviour.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Move the gic_get_current_cpu() function into arm_gic.c.
There are only two implementations: (1) "get the index
of the currently executing CPU", used by all multicore
GICs, and (2) "always 0", used by all GICs instantiated
with a single CPU interface (the Realview board GIC and
the v7M NVIC). So we can move this into the main GIC
source file.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Evgeny Voevodin <e.voevodin@samsung.com>
Move the NCPU definition to arm_gic.c: the maximum number
of CPU interfaces is defined by the GIC architecture specification
to be 8, so we don't need to have this #define in each of the
sources files which currently includes arm_gic.c.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Evgeny Voevodin <e.voevodin@samsung.com>
Access to reserved area at offset higher than 0x3c is allowed in
External Combiner. Samsung Galaxy Kernel implements this. So, drop
excessive checks in read/write functions.
Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Remove gic_cpu_write() call after initialization that was emulating
functionality of earliest SOC bootloader which enables external
GIC CPU1 interface. Instead introduce Exynos4210-specific secondary
CPU bootloader, which enables both Internal and External GIC CPU1
interfaces.
Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Often when a guest is stopped from the qemu console, it will report spurious
soft lockup warnings on resume. There are kernel patches being discussed that
will give the host the ability to tell the guest that it is being stopped and
should ignore the soft lockup warning that generates. This patch uses the qemu
Notifier system to tell the guest it is about to be stopped.
Signed-off-by: Eric B Munson <emunson@mgebm.net>
Signed-off-by: Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
We use a 2 byte ioeventfd for virtio memory,
add support for this.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Commit afe0a59535 ("rtl8139: support byte
read to TxStatus registers") reused rtl8139_TxStatus_read() for reading
TxAddr registers. It relies on the fact that TxStatus[] and TxAddr[]
are adjacent.
This causes a gcc warning because the compiler can detect that array
access is out-of-bounds:
hw/rtl8139.c:2501:27: error: array subscript is above array bounds [-Werror=array-bounds]
This patch refactors the function so that we don't rely on out-of-bounds
accesses.
Cc: Jason Wang <jasonwang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Currently the virtio balloon device, when using the virtio-pci interface
advertises itself with PCI class code MEMORY_RAM. This is wrong; the
balloon is vaguely related to memory, but is nothing like a PCI memory
device in the meaning of the class code, and this code is not required
or suggested by the virtio PCI specification.
Worse, this patch causes problems on the pseries machine, because the
firmware, seeing this class code, advertises the device as memory in the
device tree, and then a guest kernel bug causes it to see this "memory"
before the real system memory, leading to a crash in early boot.
This patch fixes the problem by removing the bogus PCI class code on the
balloon device. The backwards compatibility PC machines get new compat
properties so that they don't change.
Cc: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
ivshmem used msix but didn't call it on either reset or
config write paths. This used to partically work since
guests don't use all of msi-x configuration fields,
and reset is rarely used, but the patch 'msix: track function masked
in pci device state' broke that. Fix by adding appropriate calls.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reported-by: Cam Macdonell <cam@cs.ualberta.ca>
Tested-by: Cam Macdonell <cam@cs.ualberta.ca>
It's clear from the surrounding code that
start < end so it's enough to assert end < log_size.
However, it's better to make this explicit in case
we refactor the code again.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
When the vhost log is resized, we want to sync up to
the size of the old log. With that end address in place,
ignore regions that start after then end rather than
hitting assert.
This also addresses the following crash report:
When migrating a vm using vhost-net we hit the following assertion:
qemu-kvm: /usr/src/packages/BUILD/qemu-kvm-0.15.1/hw/vhost.c:30:
vhost_dev_sync_region: Assertion `start / (0x1000 * (8 *
sizeof(vhost_log_chunk_t))) < dev->log_size' failed.
The cases which the end < start check is intended to catch, such as
for vga video memory, will also likely trigger the assertion.
Reorder the code to handle this correctly.
Reported-by: Josh Durgin <josh.durgin@dreamhost.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Make it easier to add compat properties, by
adding macros for properties duplicated across
machine types.
Note: there could be bugs in compat properties,
this patch does not attempt to address them,
the code is bug for bug identical to the original.
Tested by: generated a preprocessed file, sorted and
compared to sorted original.
Lightly tested on x86_64.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
There is a typo in i440FX init code. This is causing problems when
somebody wants to access the 64bit PCI range.
Signed-off-by: Alexey Korolev <alexey.korolev@endace.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* commit 'ff71f2e8cacefae99179993204172bc65e4303df': (21 commits)
rtl8139: do the network/host communication only in normal operating mode
rtl8139: correctly check the opmode
net: move compute_mcast_idx() to net.h
rtl8139: support byte read to TxStatus registers
rtl8139: remove unused marco
rtl8139: limit transmission buffer size in c+ mode
pci_regs: Add PCI_EXP_TYPE_PCIE_BRIDGE
virtio-net: add DATA_VALID flag
pci_bridge: upper 32 bit are long registers
pci: fix bridge IO/BASE
pcie: drop functionality moved to core
pci: set memory type for memory behind the bridge
pci: add standard bridge device
slotid: add slot id capability
shpc: standard hot plug controller
pci_bridge: user-friendly default bus name
pci: make another unused extern function static
pci: don't export an internal function
pci_regs: Fix value of PCI_EXP_TYPE_RC_EC.
pci: Do not check if a bus exist in pci_parse_devaddr.
...
* kwolf/for-anthony: (46 commits)
qed: remove incoming live migration blocker
qed: honor BDRV_O_INCOMING for incoming live migration
migration: clear BDRV_O_INCOMING flags on end of incoming live migration
qed: add bdrv_invalidate_cache to be called after incoming live migration
blockdev: open images with BDRV_O_INCOMING on incoming live migration
block: add a function to clear incoming live migration flags
block: Add new BDRV_O_INCOMING flag to notice incoming live migration
block stream: close unused files and update ->backing_hd
qemu-iotests: Fix call syntax for qemu-io
qemu-iotests: Fix call syntax for qemu-img
qemu-iotests: Test unknown qcow2 header extensions
qemu-iotests: qcow2.py
sheepdog: fix send req helpers
sheepdog: implement SD_OP_FLUSH_VDI operation
block: bdrv_append() fixes
qed: track dirty flag status
qemu-img: add dirty flag status
qed: image fragmentation statistics
qemu-img: add image fragmentation statistics
block: document job API
...
This FIXME has already been actioned. Deleted comment.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
It currently uses qerror_report(), but next commit will convert
the drive_del command to the QAPI and this requires using
error_set().
One particularity of qerror_report() is that it knows when it's
running on monitor context or command-line context and prints the
error message accordingly. error_set() doesn't do this, so we
have to be careful not to drop error messages.
qdev_unplug() has three kinds of usages:
1. It's called when hot adding a device fails, to undo anything
that has been done before hitting the error
2. It's called by function monitor functions like device_del(),
to unplug a device
3. It's used by xen_platform.c in a way that doesn't _seem_ to
be in monitor context
Only item 2 can print an error message to the user, this commit
maintains that.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
The official spelling is QEMU.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
[blauwirbel@gmail.com: fixed comment style in hw/sun4m.c]
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Currently dma_bdrv_io() takes a 'to_dev' boolean parameter to
determine the direction of DMA it is emulating. We already have a
DMADirection enum designed specifically to encode DMA directions.
This patch uses it for dma_bdrv_io() as well. This involves removing
the DMADirection definition from the #ifdef it was inside, but since that
only existed to protect the definition of dma_addr_t from places where
config.h is not included, there wasn't any reason for it to be there in
the first place.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Storage interfaces like virtio-blk can be configured with block size
information so that the guest can take advantage of efficient I/O
request sizes.
According to the SCSI Block Commands (SBC) standard a device's block
size is "almost always greater than one byte and may be a multiple of
512 bytes". QEMU currently has a 512 byte minimum block size because
the block layer functions work at that granularity. Furthermore, the
block size should be a power of 2 because QEMU calculates bitmasks from
the value.
Introduce a "blocksize" property type so devices can enforce these
constraints on block size values. If the constraints are relaxed in the
future then this property can be updated.
Introduce the new PropertyValueNotPowerOf2 QError so QMP clients know
exactly why a block size value was rejected.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Allow the user to specify a disk's World Wide Name.
Linux guests can address disks by their unique World Wide Name number
(e.g. /dev/disk/by-id/wwn-0x5001517959123522). This patch adds support
for assigning a World Wide Name number to a virtual IDE disk.
Cc: kwolf@redhat.com
Signed-off-by: Floris Bos <dev@noc-ps.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
strncpy may not null-terminate the destination string.
Cc: kwolf@redhat.com
Signed-off-by: Floris Bos <dev@noc-ps.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Allow the user to override the default disk model name "QEMU HARDDISK".
Some Linux distributions use the /dev/disk/by-id/scsi-SATA_name-of-disk-
model_serial addressing scheme when refering to partitions in /etc/fstab
and elsewhere. This causes problems when starting a disk image taken from
an existing physical server under qemu, because when running under qemu
name-of-disk-model is always "QEMU HARDDISK".
This patch introduces a model=s option which in combination with the
existing serial=s option can be used to fake the disk the operating
system was previously on, allowing the OS to boot properly.
Cc: kwolf@redhat.com
Signed-off-by: Floris Bos <dev@noc-ps.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
And remove several block_int.h inclusions that should not be there.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The vector interrupt has higher priority than interrupt_level_n.
Also check only interrupt_level_n concurency when TL > 0, the traps of
other types may be nested.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Don't produce stray irq 5, don't overwrite ivec_data if still busy with
processing of the previous interrupt.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
A strong limitation of QOM right now is that unconverted ports
(e.g. all...) do not give a canonical path to devices that are
part of the board. This in turn makes it impossible to replace
PROP_PTR with a QOM link for example.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
We want the composition tree to to be in order by the time we call
qdev_init, so that a single set of the toplevel realize property can
propagate all the way down the composition tree.
This is not the case so far. Unfortunately, this is incompatible
with calling qdev_init in the constructor wrappers for devices,
so for now we need to unattach some devices that are created through
those wrappers. This will be fixed by removing qdev_init and instead
setting the toplevel realize property after machine init.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This is QOM "mkdir -p". It is useful when referring to
container objects such as "/machine".
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
We never actually clear the TEMT (transmit sending register empty) flag when
populating the TSR. We set the flag, but since it's never cleared, setting it
is sort of pointless..
I found this with a unit test case.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
I'm not sure if the retry logic has ever worked when not using FIFO mode. I
found this while writing a test case although code inspection confirms it is
definitely broken.
The TSR retry logic will never actually happen because it is guarded by an
'if (s->tsr_rety > 0)' but this is the only place that can ever make the
variable greater than zero. That effectively makes the retry logic an 'if (0)'.
I believe this is a typo and the intention was >= 0. Once this is fixed though,
I see double transmits with my test case. This is because in the non FIFO
case, serial_xmit may get invoked while LSR.THRE is still high because the
character was processed but the retransmit timer was still active.
We can handle this by simply checking for LSR.THRE and returning early. It's
possible that the FIFO paths also need some attention.
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This bug existed since the first commit. Fortunately, the affected
registers have no functionality in qemu. This will only prevent the
following warning:
milkymist_vgafb: write access to unknown register 0x00000034
Signed-off-by: Michael Walle <michael@walle.cc>
The new version introduces the following new registers:
- SoC clock frequency: read-only of system clock used on the SoC
- debug scratchpad: 8 bit scratchpad register
- debug write lock: write once register, without any function on QEMU
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Since /i440fx/piix3 is being removed from the composition tree, the
IO-APIC is placed under /i440fx. This is wrong and should be changed
as soon as the /i440fx/piix3 path is put back.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This lets the user specify the desired semantics. By default, the RTC
will follow adjustments from the host's NTP client, and will remain in
sync when the virtual machine is stopped. The previous behavior, which
provides determinism with both icount and qtest, remains available with
"-rtc clock=vm".
pl031 supports migration, so we need to convert the time base from
rtc_clock to vm_clock and back for backwards compatibility. (The
rtc_clock may not be synchronized on the two machines, especially with
savevm/loadvm, so the conversion is needed anyway. And since any time
base will do, why not pick the one base that is backwards compatible).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This lets the user specify the desired semantics. By default, the RTC
will follow adjustments from the host's NTP client. "-rtc clock=vm" will
improve determinism with both icount and qtest. Finally, the previous
behavior is available with "-rtc clock=rt".
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The output of the pulse generator needs to be deterministic when
running in -icount mode, and to remain constant whenever the VM is
stopped. So the right clock to use is vm_clock.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* sstabellini/disk_io:
xen_disk: when using AIO flush after the operation is completed
xen_disk: open disk with BDRV_O_NOCACHE | BDRV_O_CACHE_WB | BDRV_O_NATIVE_AIO
We need to detach the blkdev from the BlockDriverState before calling
bdrv_delete.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
The first console has a different location compared to other PV devices
(console, rather than device/console/0) and doesn't obey the xenstore
state protocol. We already special case the first console in con_init
and con_initialise, we should also do it in con_disconnect.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Commit 45efb16124 optimized a bit too
much. We can skip the vga_invalidate_display() in case no console
switch happened because we don't need a full redraw then. We can *not*
skip vga_hw_update() though, because the screen content will be stale
then in case nobody else calls vga_hw_update().
Trigger: vga textmode with vnc display and no client connected.
Reported-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Tested-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* sstabellini/saverestore-8:
xen: do not allocate RAM during INMIGRATE runstate
xen mapcache: check if memory region has moved.
xen: record physmap changes to xenstore
Set runstate to INMIGRATE earlier
Introduce "xen-save-devices-state"
cirrus_vga: do not reset videoram
Conflicts:
qapi-schema.json
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* stefanha/trivial-patches:
qemu-ga: for w32, fix leaked handle ov.hEvent in ga_channel_write()
ioapic: fix build with DEBUG_IOAPIC
.gitignore: add qemu-bridge-helper and option rom build products
cleanup obsolete typedef
monitor: Remove unused bool field 'qapi' in mon_cmd_t struct
ds1338: Add missing break statement
vnc: Fix packed boolean struct members
Remove type field in ModuleEntry as it's not used
* bonzini/scsi-next:
scsi: add get_dev_path
virtio-scsi: call unregister_savevm properly
scsi: copy serial number into VPD page 0x83
scsi-cd: check ready condition before processing several commands
get rid of CONFIG_VIRTIO_SCSI
Currently QEMU passes the qdev device id to the guest in an ASCII-string
designator in page 0x83. While this is fine, it does not match what
real hardware does; usually the ASCII-string designator there hosts
another copy of the serial number (there can be other designators,
for example with a world-wide name). Do the same for QEMU SCSI
disks.
ATAPI does not support VPD pages, so it does not matter there.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is more or less obvious. What it caused is less obvious:
SCSI CD drives failed to eject under Linux, though for example the
"change" command worked okay. This happens because of the autoclose
option in the Linux CD-ROM driver.
The actual chain of events is quite complex and somehow involves
udev helpers; the actual command that matters is READ TOC, though
honestly it's not really clear to me how because it should always be
invoked after autoclose, not before.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* qemu-kvm/memory/urgent: (42 commits)
memory: check for watchpoints when getting code ram_addr
exec: fix write tlb entry misused as iotlb
Sparc: avoid AREG0 wrappers for memory access helpers
Sparc: avoid AREG0 for memory access helpers
TCG: add 5 arg helpers to def-helper.h
softmmu templates: optionally pass CPUState to memory access functions
i386: Remove REGPARM
sparc64: implement PCI and ISA irqs
sparc: reset CPU state on reset
apb: use normal PCI device header for PBM device
w64: Fix data type of next_tb and tcg_qemu_tb_exec
softfloat: fix for C99
vmstate: fix varrays with uint32_t indexes
Fix large memory chunks allocation with tcg_malloc.
hw/pxa2xx.c: Fix handling of pxa2xx_i2c variable offset within region
hw/pxa2xx_lcd.c: drop target_phys_addr_t usage in device state
hw/pxa2xx_dma.c: drop target_phys_addr_t usage in device state
ARM: Remove unnecessary subpage workarounds
malta: Fix display for LED array
malta: Use symbolic hardware addresses
...
Fix compilation failures on 32 bit hosts (cast from pointer to
integer of different size; %ld expects 'long int' not uint64_t).
Reported-by: Steve Langasek <steve.langasek@canonical.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
dprint is still used for qxl_init_common one time prints.
also switched parts of spice-display.c over, mainly all the callbacks to
spice server.
All qxl device trace events start with the qxl device id.
Signed-off-by: Alon Levy <alevy@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
If pipe creation fails, exit, don't log and continue. Fix indentation at
the same time.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
ioapic.c:198: error: format ‘%08x’ expects type ‘unsigned int’, but argument 3 has type ‘uint64_t’
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Without the break statement, case 5 sets month and year from the same
data. This does not look correct.
The missing break was reported by splint.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Generate correct trap for external interrupts. Map PCI and ISA IRQs to
RIC/UltraSPARC-IIi interrupt vectors.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm:
hw/pxa2xx.c: Fix handling of pxa2xx_i2c variable offset within region
hw/pxa2xx_lcd.c: drop target_phys_addr_t usage in device state
hw/pxa2xx_dma.c: drop target_phys_addr_t usage in device state
ARM: Remove unnecessary subpage workarounds
hw/omap_i2c: Convert to qdev
* 'malta' of git://qemu.weilnetz.de/qemu:
malta: Fix display for LED array
malta: Use symbolic hardware addresses
malta: Always allocate flash memory
malta: Clean allocation of bios region alias
The qdev property release function frees any string properties. This was
resulting in a double free during hot unplug.
It manifests in network devices because block devices have a NULL romfile
property by default.
Cc: Michael Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The pxa2xx I2C controller can have its registers at an arbitrary offset
within the MemoryRegion it creates. We use this to create two controllers,
one which covers a region of size 0x10000 with registers starting at an
offset 0x1600 into that region, and a second one which covers a region
of size just 0x100 with the registers starting at the base of the region.
The implementation of this offsetting uses two qdev properties, "offset"
(which sets the offset which must be subtracted from the address to
get the offset into the actual register bank) and "size", which is the
size of the MemoryRegion. We were actually using "offset" for two
purposes: firstly the required one of handling the registers not being
at the base of the MemoryRegion, and secondly as a workaround for a
deficiency of QEMU. Until commit 5312bd8b3, if a MemoryRegion was mapped
at a non-page boundary, the address passed into the read and write
functions would be the offset from the start of the page, not the
offset from the start of the MemoryRegion. So when calculating the value
to set the "offset" qdev property we included a rounding to a page
boundary.
Following commit 5312bd8b3 MemoryRegion read/write functions are now
correctly passed the offset from the base of the region, and our
workaround now means we're subtracting too much from addresses, resulting
in warnings like "pxa2xx_i2c_read: Bad register 0xffffff90".
The fix for this is simply to remove the rounding to a page boundary;
this allows us to slightly simplify the expression since
base - (base & (~region_size)) == base & region_size
The qdev property "offset" itself must remain because it is still
performing its primary job of handling register banks not being at
the base of the MemoryRegion.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Pxa2xx LCD controller is intended to work with 32-bit bus and it has no knowledge
of system's physical address size, so it should not use target_phys_addr_t in it's
state. Convert three variables in DMAChannel state from target_phys_addr_t to uint32_t,
use VMSTATE_UINT32 instead of VMSTATE_UINTTL for these variables.
We can do this safely because:
1) pxa2xx has 32-bit physical address;
2) rest of the code in file never assumes converted variables to have any size
different from uint32_t;
3) we shouldn't have used VMSTATE_UINTTL in the first place because this macro
is for target_ulong type (which can be different from target_phys_addr_t).
Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Pxa2xx DMA controller is a 32-bit device and it has no knowledge of system's
physical address size, so it should not use target_phys_addr_t in it's state.
Convert variables descr, src and dest from type target_phys_addr_t to uint32_t,
use VMSTATE_UINT32 instead of VMSTATE_UINTTL for these variables.
We can do this safely because:
1) pxa2xx actually has 32-bit physical address size;
2) rest of the code in file never assumes descr, src and dest variables to have
size different from uint32_t;
3) we shouldn't have used VMSTATE_UINTTL in the first place because this macro
is for target_ulong type (which can be different from target_phys_addr_t).
Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
In the ARM per-CPU peripherals (GIC, private timers, SCU, etc),
remove workarounds for subpage memory region read/write functions
being passed offsets from the start of the page rather than the
start of the region. Following commit 5312bd8b3 the masking off
of high bits of the address offset is now harmless but unnecessary.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
According the spec, the card works in network/host communication mode only when
both EEM1 and EEM0 are unset in 93C46 Command Register (normal op
mode). So this patch check these bits before trying to receive packets.
As some guest driver (such as linux, see cp_init_hw() in 8139cp.c)
allocate rx ring after the recevier were enabled, this would cause our
emulation codes tries to dma into guest memory when the rx descriptor
is not properly configured. This patch fixes this.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
