Commit Graph

20855 Commits

Author SHA1 Message Date
Gerd Hoffmann
0f58f68b58 usb: add usb attached scsi emulation
$subject says all.  First cut.

It's a pure UAS (usb attached scsi) emulation, without BOT (bulk-only
transport) compatibility.  If your guest can't handle it use usb-storage
instead.

The emulation works like any other scsi hba emulation (eps, lsi, virtio,
megasas, ...).  It provides just the HBA where you can attach scsi
devices as you like using '-device'.  A single scsi target with up to
256 luns is supported.

For now only usb 2.0 transport is supported.  This will change in the
future though as I plan to use this as playground when codeing up &
testing usb 3.0 transport and streams support in the qemu usb core and
the xhci emulation.

No migration support yet.  I'm planning to add usb 3.0 support first as
this probably requires saving additional state.

Special thanks go to Paolo for bringing the qemu scsi emulation into
shape, so this can be added nicely without having to touch a single line
of scsi code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-12 15:00:39 +02:00
Paolo Bonzini
8e86b93c2b scsi: add free_request callback
Most device models have a simple lifecycle for the hba_private field
and they can free it when a request is completed or cancelled.
However, in some cases it may be simpler to tie the lifetime
of hba_private to that of the included SCSIRequest.  This patch
adds a free_request callback to SCSIBusInfo that lets an HBA
device model do exactly that.

Normally, device models use req->hba_private == NULL to flag requests
that have been completed already.  Device models that use free_request
will still need to track this using a flag.  This is the reason why
"converting" existing HBAs to use free_request adds complexity and
makes little sense.  It is simply an additional convenience that is
provided by the SCSI layer.  USB-attached storage will be the first
user.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-10 13:35:05 +02:00
Anthony Liguori
9233685597 megasas: disable due to build breakage
The Buildbot has detected a new failure on builder default_i386_rhel61 while
building qemu.

Full details are available at:
 http://buildbot.b1-systems.de/qemu/builders/default_i386_rhel61/builds/304

The proper fix is non-trivial so let's disable the build by default until it's
fixed properly.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-07-09 18:16:16 -05:00
Anthony Liguori
23797df3d9 Merge remote-tracking branch 'mjt/mjt-iov2' into staging
* mjt/mjt-iov2:
  rewrite iov_send_recv() and move it to iov.c
  cleanup qemu_co_sendv(), qemu_co_recvv() and friends
  export iov_send_recv() and use it in iov_send() and iov_recv()
  rename qemu_sendv to iov_send, change proto and move declarations to iov.h
  change qemu_iovec_to_buf() to match other to,from_buf functions
  consolidate qemu_iovec_copy() and qemu_iovec_concat() and make them consistent
  allow qemu_iovec_from_buffer() to specify offset from which to start copying
  consolidate qemu_iovec_memset{,_skip}() into single function and use existing iov_memset()
  rewrite iov_* functions
  change iov_* function prototypes to be more appropriate
  virtio-serial-bus: use correct lengths in control_out() message

Conflicts:
	tests/Makefile

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-07-09 12:35:06 -05:00
Anthony Liguori
3f6e9a5fad Merge remote-tracking branch 'quintela/migration-anthony-v2' into staging
* quintela/migration-anthony-v2:
  Maintain the number of dirty pages
  dirty bitmap: abstract its use
  Exit loop if we have been there too long
  Only calculate expected_time for stage 2
  Only TCG needs TLB handling
  No need to iterate if we already are over the limit
  Add tracepoints for savevm section start/end
  Add spent time for migration
  Add migration_end function
  Add debugging infrastructure
  Add save_block_hdr function
  Add MigrationParams structure
  Add missing check for host_from_stream_offset return value for RAM_SAVE_FLAG_PAGE
2012-07-09 11:57:34 -05:00
Anthony Liguori
537cf40942 Merge remote-tracking branch 'kiszka/queues/slirp' into staging
* kiszka/queues/slirp:
  slirp: Improve error reporting of inaccessible smb directories
  slirp: Ensure smbd and shared directory exist when enable smb
  slirp: add 'cmd:' target for guestfwd
  slirp: Enforce host-side user of smb share
2012-07-09 11:56:43 -05:00
Jan Kiszka
22a61f365d slirp: Improve error reporting of inaccessible smb directories
Instead of guessing, print the error code returned by access.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2012-07-09 17:39:24 +02:00
Dunrong Huang
927d811b28 slirp: Ensure smbd and shared directory exist when enable smb
Users may pass the following parameters to qemu:
    $ qemu-kvm -net nic -net user,smb= ...
    $ qemu-kvm -net nic -net user,smb ...
    $ qemu-kvm -net nic -net user,smb=bad_directory ...

In these cases, qemu started successfully while samba server
failed to start. Users will confuse since samba server
failed silently without any indication of what it did wrong.

To avoid it, we check whether the shared directory exist and
if users have permission to access this directory when QEMU's
"built-in" SMB server is enabled.

Signed-off-by: Dunrong Huang <riegamaths@gmail.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2012-07-09 17:38:13 +02:00
Alexander Graf
b412eb61bf slirp: add 'cmd:' target for guestfwd
When using guestfwd=, Qemu only connects the virtual server's TCP port
to a single chardev. This is useless in most cases, as we usually want
to have more than a single connection from the guest to the outside world.

This patch adds a new cmd: target to guestfwd= that allows for execution
of a command on every TCP connection. This leverages the same code as
the -smb parameter, just that here the command is user defined.

Reported-by: Sascha Wilde <wilde@intevation.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2012-07-09 17:38:13 +02:00
Jan Kiszka
1cb1c5d10b slirp: Enforce host-side user of smb share
Windows 7 (and possibly other versions) cannot connect to the samba
share if the exported host directory is not world-readable. This can be
resolved by forcing the username used for access checks to the one
under which QEMU and smbd are running.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2012-07-09 17:38:13 +02:00
Anthony Liguori
715cc00ce1 Merge remote-tracking branch 'kwolf/for-anthony' into staging
* kwolf/for-anthony: (24 commits)
  block: Factor bdrv_read_unthrottled() out of guess_disk_lchs()
  qtest: Tidy up temporary files properly
  fdc: Drop broken code for user-defined floppy geometry
  fdc_test: introduce test_sense_interrupt
  fdc_test: update media_change test
  fdc: fix interrupt handling
  fdc: rewrite seek and DSKCHG bit handling
  block: introduce bdrv_swap, implement bdrv_append on top of it
  block: copy over job and dirty bitmap fields in bdrv_append
  raw: hook into blkdebug
  blkdebug: optionally tie errors to a specific sector
  blkdebug: store list of active rules
  blkdebug: pass getlength to underlying file
  blkdebug: tiny cleanup
  blkdebug: remove sync i/o events
  sheepdog: traverse pending_list from the first for each time
  sheepdog: split outstanding list into inflight and pending
  sheepdog: make sure we don't free aiocb before sending all requests
  sheepdog: use coroutine based socket functions in coroutine context
  sheepdog: restart I/O when socket becomes ready in do_co_req()
  ...
2012-07-09 10:29:40 -05:00
Markus Armbruster
07d27a442e block: Factor bdrv_read_unthrottled() out of guess_disk_lchs()
To prepare move of guess_disk_lchs() into hw/, where it poking
BlockDriverState member io_limits_enabled directly would be unclean.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 17:21:02 +02:00
Markus Armbruster
bb494a505e qtest: Tidy up temporary files properly
Each test litters /tmp with several files: a pid file and two
sockets.  Tidy up.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 17:21:02 +02:00
Anthony Liguori
fe0cb8ef84 Merge remote-tracking branch 'kraxel/usb.55' into staging
* kraxel/usb.55:
  usb-host: add trace events for iso xfers
  usb: fix interface initialization
  usb: split endpoint init and reset
  usb-redir: Correctly handle the usb_redir_babble usbredir status
  ehci: Kick async schedule on wakeup in the non companion case
  usb-ehci: Fix an assert whenever isoc transfers are used
  ehci: don't flush cache on doorbell rings.
  ehci: fix td writeback
  ehci: fix ehci_qh_do_overlay
2012-07-09 09:51:33 -05:00
Anthony Liguori
ffd6e7a072 Merge remote-tracking branch 'bonzini/scsi-next' into staging
* bonzini/scsi-next:
  scsi: Fix transfer length for READ POSITION commands.
  scsi: Add basic support for SCSI media changer commands.
  scsi: Ensure command and transfer lengths are set for all SCSI devices
  scsi: Fix LOAD_UNLOAD
  scsi: Fix data length == SCSI_SENSE_BUF_SIZE
  virtio-scsi: do not crash on adding buffers to the event queue
  megasas: LSI Megaraid SAS HBA emulation
  megasas: Add header file
  ISCSI: force use of sg for SMC and SSC devices
  ISCSI: Add SCSI passthrough via scsi-generic to libiscsi
  scsi-disk: implement READ DISC INFORMATION
  atapi: implement READ DISC INFORMATION
  scsi: add a qdev property for the disk's WWN
  scsi: simplify handling of the VPD page length field
2012-07-09 09:51:19 -05:00
Anthony Liguori
8665817e89 Merge remote-tracking branch 'stefanha/trivial-patches' into staging
* stefanha/trivial-patches:
  configure: Remove help for --disable-vnc-thread, --enable-vnc-thread
  cpu-common.h: Remove a pointless ifndef CONFIG_USER_ONLY
  cpu-common.h: Remove unnecessary guard on including targphys.h
2012-07-09 09:51:06 -05:00
Markus Armbruster
1f69c2b022 fdc: Drop broken code for user-defined floppy geometry
bdrv_get_floppy_geometry_hint() fails to store through its parameter
drive when bs has a geometry hint.  Makes fd_revalidate() assign
random crap to drv->drive.

Has been broken that way for ages.  Harmless, because:

* The only way to set a geometry hint is -drive if=none,cyls=...
  Since commit c219331e, probably unintentional.

* The only use of drv->drive is as argument to another
  bdrv_get_floppy_geometry_hint().  Which doesn't use it, since the
  geometry hint is still there.

Drop the broken code, ignore -drive parameter cyls, heads and secs for
floppies even with if=none, just like before commit c219331e.  Matches
-help, which explains cyls, heads, secs as "hard disk physical
geometry".

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:03 +02:00
Pavel Hrdina
b3ce604eea fdc_test: introduce test_sense_interrupt
Calling sense interrupt status while there is no interrupt should
return invalid command (0x80).

Read command should always returns in st0 seek_end bit set to 1.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:03 +02:00
Pavel Hrdina
59240c349c fdc_test: update media_change test
After rewrite DSKCHG bit handling the test has to be updated. Now
is needed to seek to different track to clear DSKCHG bit.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:03 +02:00
Pavel Hrdina
2fee00885a fdc: fix interrupt handling
If you call the SENSE INTERRUPT STATUS command while there is no interrupt
waiting you get as result unknown command.

Fixed status0 register handling for read/write/format commands.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:03 +02:00
Pavel Hrdina
6be01b1e0b fdc: rewrite seek and DSKCHG bit handling
This bit is cleared on every successful seek to a different track (cylinder).
The seek is also called on revalidate or on read/write/format commands which
also clear the DSKCHG bit.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:03 +02:00
Paolo Bonzini
4ddc07cac2 block: introduce bdrv_swap, implement bdrv_append on top of it
The new function can be made a bit nicer than bdrv_append.  It swaps the
whole contents, and then swaps back (using the usual t=a;a=b;b=t idiom)
the fields that need to stay on top.  Thus, it does not need explicit
bdrv_detach_dev, bdrv_iostatus_disable, etc.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:02 +02:00
Paolo Bonzini
a9fc4408e3 block: copy over job and dirty bitmap fields in bdrv_append
While these should not be in use at the time a transaction is started,
a command in the prepare phase of a transaction might have added them,
so they need to be brought over.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:02 +02:00
Paolo Bonzini
5c171afa4c raw: hook into blkdebug
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:02 +02:00
Paolo Bonzini
e4780db429 blkdebug: optionally tie errors to a specific sector
This makes blkdebug scripts more powerful, and independent of the
exact sequence of operations performed by streaming.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:02 +02:00
Paolo Bonzini
571cd43e57 blkdebug: store list of active rules
This prepares for the next patch, where some active rules may actually
not trigger depending on input to readv/writev.  Store the active rules
in a SIMPLEQ (so that it can be emptied easily with QSIMPLEQ_INIT), and
fetch the errno/once/immediately arguments from there.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:02 +02:00
Paolo Bonzini
e130225587 blkdebug: pass getlength to underlying file
This is required when using blkdebug with raw format.  Unlike qcow2/QED,
raw asks blkdebug for the length of the file, it doesn't get it from
a header.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:02 +02:00
Paolo Bonzini
368e8dd10a blkdebug: tiny cleanup
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:02 +02:00
Paolo Bonzini
820100fd15 blkdebug: remove sync i/o events
These are unused, except (by mistake more or less) in QED.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:02 +02:00
MORITA Kazutaka
7dc1cde05b sheepdog: traverse pending_list from the first for each time
The pending list can be modified in other coroutine context
sd_co_rw_vector, so we need to traverse the list from the first again
after we send the pending request.

Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:02 +02:00
MORITA Kazutaka
c292ee6a67 sheepdog: split outstanding list into inflight and pending
outstanding_list_head is used for both pending and inflight requests.
This patch splits it and improves readability.

Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:02 +02:00
MORITA Kazutaka
1d732d7d7c sheepdog: make sure we don't free aiocb before sending all requests
This patch increments the pending counter before sending requests, and
make sures that aiocb is not freed while sending them.

Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:01 +02:00
MORITA Kazutaka
b97564f4c5 sheepdog: use coroutine based socket functions in coroutine context
This removes blocking network I/Os in coroutine context.

Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:01 +02:00
MORITA Kazutaka
2dfcca3b68 sheepdog: restart I/O when socket becomes ready in do_co_req()
Currently, no one reenters the yielded coroutine.  This fixes it.

Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:01 +02:00
MORITA Kazutaka
1b6ac9985a sheepdog: fix dprintf format strings
This fixes warnings about dprintf format in debug mode.

Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:01 +02:00
Stefan Hajnoczi
04d4abe96c blockdev: warn when copy_on_read=on and readonly=on
If the image is read-only then it's not possible to copy read data into
it.  Therefore copy-on-read is automatically disabled for read-only
images.

Up until now this behavior was silent, add a warning so the user knows
why copy-on-read is not working.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:01 +02:00
Stefan Hajnoczi
206e6d8551 qcow2: preserve free_byte_offset when qcow2_alloc_bytes() fails
When qcow2_alloc_clusters() error handling code was introduced in commit
5d757b563d, the value of free_byte_offset
was clobbered in the error case.  This patch keeps free_byte_offset at 0
so we will try to allocate clusters again next time this function is
called.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:01 +02:00
Stefan Hajnoczi
b35278f754 qcow2: fix #ifdef'd qcow2_check_refcounts() callers
The DEBUG_ALLOC qcow2.h macro enables additional consistency checks
throughout the code.  This makes it easier to spot corruptions that are
introduced during development.  Since consistency check is an expensive
operation the DEBUG_ALLOC macro is used to compile checks out in normal
builds and qcow2_check_refcounts() calls missed the addition of a new
function argument.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09 15:53:01 +02:00
Gerd Hoffmann
c32da15188 usb-host: add trace events for iso xfers
Replace iso transfer fprintf's with trace points.  Also rename existing
tracepoints so they all match usb_host_iso_*.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09 11:59:55 +02:00
Gerd Hoffmann
7c37e6a4c4 usb: fix interface initialization
zero is a valid interface number, so don't use it when resetting the
endpoints.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09 11:59:55 +02:00
Gerd Hoffmann
19deaa089c usb: split endpoint init and reset
Create a new usb_ep_reset() function to reset endpoint state, without
re-initialiting the queues, so we don't unlink in-flight packets just
because usb-host has to re-parse the descriptor tables.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09 11:59:54 +02:00
Hans de Goede
adae502c0a usb-redir: Correctly handle the usb_redir_babble usbredir status
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09 11:59:54 +02:00
Hans de Goede
379521175c ehci: Kick async schedule on wakeup in the non companion case
Commit 0f588df8b3, added code
to ehci_wakeup to kick the async schedule on wakeup, but the else
was positioned wrong making it trigger for devices which are routed
to the companion rather then to the ehci controller itself.

This patch fixes this. Note that the "programming style" with using the
return at the end of the companion block matches how the companion case
is handled in the other ports ops, and is done this way for consistency.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09 11:59:54 +02:00
Hans de Goede
7341ea075c usb-ehci: Fix an assert whenever isoc transfers are used
hcd-ehci.c is missing an usb_packet_init() call for the ipacket UsbPacket
it uses for isoc transfers, triggering an assert (taking the entire vm down)
in usb_packet_setup as soon as any isoc transfers are done by a high speed
USB device.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09 11:59:54 +02:00
Gerd Hoffmann
9bc3a3a216 ehci: don't flush cache on doorbell rings.
Commit 4be23939ab makes ehci instantly
zap any unlinked queue heads when the guest rings the doorbell.

While hacking up uas support this turned out to be a problem.  The linux
kernel can unlink and instantly relink the very same queue head, thereby
killing any async packets in flight.  That alone isn't an issue yet, the
packet will canceled and resubmitted and everything is fine.  We'll run
into trouble though in case the async packet is completed already, so we
can't cancel it any more.  The transaction is simply lost then.

usb_ehci_qh_ptrs q (nil) - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95feba90a0 - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95fe515210 - QH @ 39c4f120: next 39c4f0c2 qtds 29dbce40,29dbc4e0,00000009
usb_ehci_qh_fields QH @ 39c4f120 - rl 4, mplen 512, eps 2, ep 1, dev 2
usb_ehci_packet_action q 0x7f95fe515210 p 0x7f95fdec32a0: alloc
usb_packet_state_change bus 0, port 2, ep 1, packet 0x7f95fdec32e0, state undef -> setup
usb_ehci_packet_action q 0x7f95fe515210 p 0x7f95fdec32a0: process
usb_uas_command dev 2, tag 0x2, lun 0, lun64 00000000-00000000
scsi_req_parsed target 0 lun 0 tag 2 command 42 dir 2 length 16384
scsi_req_parsed_lba target 0 lun 0 tag 2 command 42 lba 5933312
scsi_req_alloc target 0 lun 0 tag 2
scsi_req_continue target 0 lun 0 tag 2
scsi_req_data target 0 lun 0 tag 2 len 16384
usb_uas_scsi_data dev 2, tag 0x2, bytes 16384
usb_uas_write_ready dev 2, tag 0x2
usb_packet_state_change bus 0, port 2, ep 1, packet 0x7f95fdec32e0, state setup -> complete
usb_ehci_packet_action q 0x7f95fe515210 p 0x7f95fdec32a0: free
usb_ehci_qh_ptrs q 0x7f95fdec3210 - QH @ 39c4f0c0: next 39c4f002 qtds 29dbce40,00000001,00000009
usb_ehci_qh_fields QH @ 39c4f0c0 - rl 4, mplen 512, eps 2, ep 2, dev 2
usb_ehci_queue_action q 0x7f95fe5152a0: free
usb_packet_state_change bus 0, port 2, ep 2, packet 0x7f95feba9170, state async -> complete
^^^ async packets completes.
usb_ehci_packet_action q 0x7f95fdec3210 p 0x7f95feba9130: wakeup

usb_ehci_qh_ptrs q (nil) - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95feba90a0 - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95fe515210 - QH @ 39c4f120: next 39c4f002 qtds 29dbc4e0,29dbc8a0,00000009
usb_ehci_qh_fields QH @ 39c4f120 - rl 4, mplen 512, eps 2, ep 1, dev 2
usb_ehci_queue_action q 0x7f95fdec3210: free
usb_ehci_packet_action q 0x7f95fdec3210 p 0x7f95feba9130: free
^^^ endpoint #2 queue head removed from schedule, doorbell makes ehci zap the queue,
    the (completed) usb packet is freed too and gets lost.

usb_ehci_qh_ptrs q (nil) - QH @ 39c4f000: next 39c4f0c2 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95feba90a0 - QH @ 39c4f000: next 39c4f0c2 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_queue_action q 0x7f9600dff570: alloc
usb_ehci_qh_ptrs q 0x7f9600dff570 - QH @ 39c4f0c0: next 39c4f122 qtds 29dbce40,00000001,00000009
usb_ehci_qh_fields QH @ 39c4f0c0 - rl 4, mplen 512, eps 2, ep 2, dev 2
usb_ehci_packet_action q 0x7f9600dff570 p 0x7f95feba9130: alloc
usb_packet_state_change bus 0, port 2, ep 2, packet 0x7f95feba9170, state undef -> setup
usb_ehci_packet_action q 0x7f9600dff570 p 0x7f95feba9130: process
usb_packet_state_change bus 0, port 2, ep 2, packet 0x7f95feba9170, state setup -> async
usb_ehci_packet_action q 0x7f9600dff570 p 0x7f95feba9130: async
^^^ linux kernel relinked the queue head, ehci creates a new usb packet,
    but we should have delivered the completed one instead.
usb_ehci_qh_ptrs q 0x7f95fe515210 - QH @ 39c4f120: next 39c4f002 qtds 29dbc4e0,29dbc8a0,00000009
usb_ehci_qh_fields QH @ 39c4f120 - rl 4, mplen 512, eps 2, ep 1, dev 2

So instead of instantly zapping the queue we'll set a flag that the
queue needs revalidation in case we'll see it again in the schedule.
ehci then checks that the queue head fields addressing / describing the
endpoint and the qtd pointer match the cached content before reusing it.

Cc: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09 11:59:53 +02:00
Gerd Hoffmann
4ed1c57a64 ehci: fix td writeback
Only write back the dwords the hc is supposed to update.  Should not
make a difference in theory as the guest must not touch the td while
it is active to avoid races.  But it is still more correct.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09 09:57:46 +02:00
Gerd Hoffmann
a5e0139ab6 ehci: fix ehci_qh_do_overlay
Use ehci_flush_qh to make sure we touch inly the fields the hc is
allowed to touch.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09 09:57:46 +02:00
Peter Maydell
84988cf910 bitops.h: Add functions to extract and deposit bitfields
Add functions deposit32(), deposit64(), extract32() and extract64()
to extract and deposit bitfields in 32 and 64 bit words. Based on
ideas by Jia Liu and Avi Kivity.

Suggested-by: Jia Liu <proljc@gmail.com>
Suggested-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-07-07 09:07:01 +00:00
Peter Maydell
bedc2ac1a7 target-i386: make it clearer that op table accesses don't overrun
Rephrase some of the expressions used to select an entry
in the SSE op table arrays so that it's clearer that they
don't overrun the op table array size.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-07-07 09:06:15 +00:00
Peter Maydell
96d7073fb0 target-i386: Remove confusing X86_64_DEF macro
The X86_64_DEF macro is a confusing way of making some terms
in a conditional only appear if TARGET_X86_64 is defined. We
only use it in two places, and in both cases this is for making
the same test, so abstract that check out into a function
where we can use a more conventional #ifdef.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-07-07 09:05:54 +00:00