The data byte count(DBC) read from the description information is defined for
bits 21:00. Bits 30:22 are reserved and bit 31 is the Interrupt on Completion
(I) flag.
Completion interrupts are triggered after every transaction instead of on
I-flag in QEMU. tbl_entry_size is a signed integer and improperly reading the
DBC leads to a negative offset that causes sglist allocation to fail.
Signed-off-by: Reza Jelveh <reza.jelveh@tuhh.de>
Reviewed-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Replace qemu_allocate_irqs(foo, bar, 1)[0]
with qemu_allocate_irq(foo, bar, 0).
This avoids leaking the dereferenced qemu_irq *.
Cc: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
[PC Changes:
* Applied change to instance in sh4/sh7750.c
]
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Kirill Batuzov <batuzovk@ispras.ru>
[AF: Fix IRQ index in sh4/sh7750.c]
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
In order to let event defines use existing types later, instead of
redefine new ones, some old type defines for spice and vnc are changed,
and BlockErrorAction is moved from block.h to qapi schema. Note that
BlockErrorAction is not merged with BlockdevOnError.
At this point, VncInfo is not made a child of VncBasicInfo, because
VncBasicInfo has mandatory fields where VncInfo makes them optional.
Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
This pull request brings a lot of fun things. Among others we have
- e500: u-boot firmware support
- sPAPR: magic page enablement
- sPAPR: add "compat" CPU option to support older guests
- sPAPR: refactorings in preparation for VFIO
- POWER8 live migration
- mac99: expose bus frequency
- little endian core dump, gdb and disas support
- new ppc64le-linux-user target
- DFP emulation
- bug fixes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQIcBAABAgAGBQJTntTgAAoJECszeR4D/txgvNoP/R9HooeweYnZYQxuTTxCIyPZ
if1KRWj6S3jaZ74RwY7kjqYiBUKzNhqpA068v1QS/8ETjPc44V5RMKVOYoGeLNZz
DiZ+BGIp6OSAW3zILFejdi2h7H86qESu7ZFSHZli7eUVg58JUVcnsrFrqMo5ojhY
ICDbeDTitHkBESx7d93bUpecA535433FFylX1ueSj4FFeIpdhlCQsSZbal4FhxqY
74ra4phwAfHlh28K286ZCduLKih77V5dZlroT89apI2eammD+jvXeewvmYtflcQu
j/0FScSVOAplf0wqlPYM0+JAqbaX9o8ZLfzrMV+80ODdDKSFyGKeMo/PrOKJPtpk
EibFNt67nJ30yGhmVsylsQxHVsmWFumcomA0kDdGLmj4A6mqLWM/7w3PGB1pJTPS
bMvMz6O3B/ebk3wXZaMklcjLCLxCBqdYDG0/h7d+gpBLwqnF1Qgi4vv7g+MeKWtf
Z5qJvUMzaAK6LJbDqOIqYhLCtvv2eYHNqvvjkaSRD5SkRzWnzzmmB+3xfjkLllbM
C9DmcQVL4mh7SL3ELjcX7NT4rC+TWRu/el1eAreMjZT8pUyAbjyOkNGbLMqthaM7
kzrSPc9QMzLmIJPrbH9unCuTf9NP5cUndtCL3kEAkl3FPm4kqiwVvh2WSeYCa0uw
1PvTu0HNT/5NcvOkq/5L
=hi5L
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' into staging
Patch queue for ppc - 2014-06-16
This pull request brings a lot of fun things. Among others we have
- e500: u-boot firmware support
- sPAPR: magic page enablement
- sPAPR: add "compat" CPU option to support older guests
- sPAPR: refactorings in preparation for VFIO
- POWER8 live migration
- mac99: expose bus frequency
- little endian core dump, gdb and disas support
- new ppc64le-linux-user target
- DFP emulation
- bug fixes
# gpg: Signature made Mon 16 Jun 2014 12:28:32 BST using RSA key ID 03FEDC60
# gpg: Can't check signature: public key not found
* remotes/agraf/tags/signed-ppc-for-upstream: (156 commits)
spapr_pci: Advertise MSI quota
PPC: KVM: Make pv hcall endian agnostic
powerpc: use float64 for frsqrte
spapr: Add kvm-type property
spapr: Create SPAPRMachine struct
linux-user: Tell guest about big host page sizes
spapr_hcall: Add address-translation-mode-on-interrupt resource in H_SET_MODE
spapr_hcall: Split h_set_mode()
target-ppc: Enable DABRX SPR and limit it to <=POWER7
target-ppc: Enable PPR and VRSAVE SPRs migration
target-ppc: Add POWER8's Event Based Branch (EBB) control SPRs
KVM: target-ppc: Enable TM state migration
target-ppc: Add POWER8's TM SPRs
target-ppc: Add POWER8's MMCR2/MMCRS SPRs
target-ppc: Enable FSCR facility check for TAR
target-ppc: Add POWER8's FSCR SPR
target-ppc: Add POWER8's TIR SPR
target-ppc: Refactor class init for POWER7/8
target-ppc: Switch POWER7/8 classes to use correct PMU SPRs
target-ppc: Make use of gen_spr_power5p_lpar() for POWER7/8
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The macio IDE controller has some pretty nasty magic in its implementation to
allow for unaligned sector accesses. We used to handle these accesses
synchronously inside the IO callback handler.
However, the block infrastructure changed below our feet and now it's impossible
to call a synchronous block read/write from the aio callback handler of a
previous block access.
Work around that limitation by making the unaligned handling bits also go
through our asynchronous handler.
This fixes booting Mac OS X for me.
Reported-by: John Arbuckle <programmingkidx@gmail.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently the macio DMA routines assume that all DMA requests are for read/write
block transfers. This is not always the case for ATAPI, for example when
requesting a TOC where the response is generated directly in the IDE buffer.
Detect these non-block ATAPI DMA transfers (where no lba is specified in the
command) and copy the results directly into RAM as indicated by the DBDMA
descriptor. This fixes CDROM access under MorphOS.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
It's always one since commit fa510eb dropped the last drive_get_ref().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
After previous Peter patch, they are redundant. This way we don't
assign them except when needed. Once there, there were lots of case
where the ".fields" indentation was wrong:
.fields = (VMStateField []) {
and
.fields = (VMStateField []) {
Change all the combinations to:
.fields = (VMStateField[]){
The biggest problem (appart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Acked-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
After previous Peter patch, they are redundant. This way we don't
assign them except when needed. Once there, there were lots of case
where the ".fields" indentation was wrong:
.fields = (VMStateField []) {
and
.fields = (VMStateField []) {
Change all the combinations to:
.fields = (VMStateField[]){
The biggest problem (appart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
CVE-2013-4526
Within hw/ide/ahci.c, VARRAY refers to ports which is also loaded. So
we use the old version of ports to read the array but then allow any
value for ports. This can cause the code to overflow.
There's no reason to migrate ports - it never changes.
So just make sure it matches.
Reported-by: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Add U suffix to avoid shifting left into the sign bit, which
is undefined behaviour.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The SMART self test counter was incorrectly being reset to zero,
not 1. This had the effect that on every 21st SMART EXECUTE OFFLINE:
* We would write off the beginning of a dynamically allocated buffer
* We forgot the SMART history
Fix this.
Signed-off-by: Benoit Canet <benoit@irqsave.net>
Message-id: 1397336390-24664-1-git-send-email-benoit.canet@irqsave.net
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Cc: qemu-stable@nongnu.org
Acked-by: Kevin Wolf <kwolf@redhat.com>
[PMM: tweaked commit message as per suggestions from Markus]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This fixes a warning from the static code analysis (smatch).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Non-PCI AHCI support is broken due to assertion failures when trying
to convert AHCIState to a PCIDevice pointer as AHCIState can have
different container structs. Fix this by using the non-asserting object
cast and checking the returned pointer is not NULL.
The AddressSpace pointer is also being initialized to NULL and causing
dma_memory_map call to fail. Fix this by initializing to
address_space_memory for sysbus instances.
Also correct AHCI_VMSTATE to use the correct container SysbusAHCIState
for sysbus instances.
Signed-off-by: Rob Herring <rob.herring@linaro.org>
Message-id: 1392073373-3295-1-git-send-email-robherring2@gmail.com
[PMM: added linebreaks to fix overlong lines]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add 'U' suffixes to avoid undefined behaviour shifting left into
the signed bit of a signed integer type. Clang's sanitizer will
warn about this:
hw/ide/ahci.c:1210:27: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* QTest cleanups and test cases for PCI NICs
* NAND fix for "info qtree"
* Cleanup and extension of QOM machine tests
* IndustryPack test cases and conversion to QOM realize
* I2C cleanups
* Cleanups of legacy qdev properties
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJTAooJAAoJEPou0S0+fgE/SuQQALW3zvra4ZLRAQV0e8kFoyj1
vVtmLkDhnCe4cYfxxfOX91NA0rH1ts2EO1+UcnaCHJlptNWfA+8qJW69XgYpHE3c
DKQlKPL/9pV5ywY5uUw/t1UJHg2BfrLBDDM4lP+vrpwiQYq4kp24JffnhfY3l9MA
9qdkXu1HrlWoLRVGnMyGDXI8cb+5bTL+FEc6UuHl3P89/gj5BV+LDWn0QOFbAkxq
4wk+Xh6sHKcfOdq6vMCNGlTjlJnpbY43D1a8+q6hFGG8JBlpne7Oer7bse9k4uTK
q/CzyNzC0lnjjcULpa4ptRlycH0ruD9DPY7Lco9XqYd3l/c9742PmTEqN5TZseKD
XD7+hwT1tk7W8rihm8KETCP6sKlXz4w8tJiWe6IT3zwRzvXIolxxK93heQuaX73Z
HFDmvTPVLUiWF8ftKTyWZM3w+jsbSH0QSrMCIHKJrPTRWTKphx0DUP74lWjNsvGs
FFBjpAgrflLihxiuRrcLmekGn0xCTjhQWIo2GoiWTgLSEHNQQQUNO+15/kcU/vlI
hh3DJpiBKeSnUapHHL0OEK6ryeHoG95akiRjImwWVthNLk4KEuWtlhFPYBtulO5A
PA02trE4Ah769effX0ZYdNl23KbW4VxpZ8VZv+kp7RTrDKxw551HoEFJ5ja0nkvB
O1CfsE7x0GH/Rbi/Hxhu
=KRcc
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging
QOM infrastructure fixes and device conversions
* QTest cleanups and test cases for PCI NICs
* NAND fix for "info qtree"
* Cleanup and extension of QOM machine tests
* IndustryPack test cases and conversion to QOM realize
* I2C cleanups
* Cleanups of legacy qdev properties
# gpg: Signature made Mon 17 Feb 2014 22:15:37 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/qom-devices-for-peter: (49 commits)
qtest: Include system headers before user headers
qapi: Refine human printing of sizes
qdev: Use QAPI type names for properties
qdev: Add enum property types to QAPI schema
block: Handle "rechs" and "large" translation options
qdev: Remove hex8/32/64 property types
qdev: Remove most legacy printers
qdev: Use human mode in "info qtree"
qapi: Add human mode to StringOutputVisitor
qdev: Inline qdev_prop_parse()
qdev: Legacy properties are just strings
qdev: Legacy properties are now read-only
qdev: Remove legacy parsers for hex8/32/64
qdev: Sizes are now parsed by StringInputVisitor
qapi: Add size parser to StringInputVisitor
qtest: Don't segfault with invalid -qtest option
ipack: Move IndustryPack out of hw/char/
ipoctal232: QOM parent field cleanup
ipack: QOM parent field cleanup for IPackDevice
ipack: QOM parent field cleanup for IPackBus
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Replace them with uint8/32/64.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Get rid of PCIDevice specific PCIDeviceClass.no_hotplug and use
generic DeviceClass.hotpluggable field instead.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The alignment field is now set to the value that is promised to the
guest, rather than required by the host. The next patches will make
QEMU aware of the host-provided values, so make this clear.
The alignment is also not about memory buffers, but about the sectors on
the disk, change the documentation of the field.
At this point, the field is set by the device emulation, but completely
ignored by the block layer.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
This notably fix IDE CD probing on the Plan 9 operating system,
which rely on the error register set by the Execute Device
Diagnostic command to detect drive configurations.
Thanks to Rémi Pommarel for reporting this issue.
Signed-off-by: David du Colombier <0intro@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
A VT82C686B southbridge has multiple functions. We model each
function as a separate qdev. One of them need some special wiring set
up in mips_fulong2e_init() to work: the ISA bridge at 05.0.
The IDE controller at 05.1 (via-ide) has always had
cannot_instantiate_with_device_add_yet set, but there is no obvious
reason why device_add could not work for them. Drop it.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
A PIIX3/PIIX4 southbridge has multiple functions. We model each
function as a separate qdev. Two of them need some special wiring set
up in pc_init1() or mips_malta_init() to work: the ISA bridge at 01.0,
and the SMBus controller at 01.3.
The IDE controller at 01.1 (piix3-ide, piix3-ide-xen, piix4-ide) has
always had cannot_instantiate_with_device_add_yet set, but there is no
obvious reason why device_add could not work for them. Drop it.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
In an ideal world, machines can be built by wiring devices together
with configuration, not code. Unfortunately, that's not the world we
live in right now. We still have quite a few devices that need to be
wired up by code. If you try to device_add such a device, it'll fail
in sometimes mysterious ways. If you're lucky, you get an
unmysterious immediate crash.
To protect users from such badness, DeviceClass member no_user used to
make device models unavailable with -device / device_add, but that
regressed in commit 18b6dad. The device model is still omitted from
help, but is available anyway.
Attempts to fix the regression have been rejected with the argument
that the purpose of no_user isn't clear, and it's prone to misuse.
This commit clarifies no_user's purpose. Anthony suggested to rename
it cannot_instantiate_with_device_add_yet_due_to_internal_bugs, which
I shorten somewhat to keep checkpatch happy. While there, make it
bool.
Every use of cannot_instantiate_with_device_add_yet gets a FIXME
comment asking for rationale. The next few commits will clean them
all up, either by providing a rationale, or by getting rid of the use.
With that done, the regression fix is hopefully acceptable.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Replace the legacy cpu_to_be16wu() with stw_be_p().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1383669517-25598-7-git-send-email-peter.maydell@linaro.org
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
Turn PCMCIACardState into a device.
Move callbacks to new PCMCIACardClass.
Derive TYPE_MICRODRIVE from TYPE_PCMCIA_CARD.
Replace ide_init2_with_non_qdev_drives().
Signed-off-by: Othmar Pasteka <pasteka@kabsi.at>
Signed-off-by: Andreas Färber <afaerber@suse.de>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAABAgAGBQJScnrnAAoJEH8JsnLIjy/WhhsP/2No1yEGNzfhw0WLDsEGBJI7
zjG+QkRMO4q2t256SxNr84KBFJlYKBvGrx+W8xC66AdvR1feL5hmWdXAMTJovx6Z
3Qt59RI9iISZ2OEtc9FhdsC+dSdM/3qie17XuuSCqifsi4xLjIZK/s18+RnLa0t/
nRObYP4prRl0c3o1gKaUvNz2wkIqctQAIe8UQkn6R1vPC6D60m/H9dDj4Kj68HO0
ICsF4AXBR/V2a8gU36/PGexBVyfgC4HOeuN0qNSTgYOKxLuNR+SrlzzhHE+jZTs5
GASm3vg/vUgBOO1759X5T8hveO6yu8XL82l+/d5nIK4gYGORIQZT74dyV5JgQIlF
Y47d0cF28+C/fuL1jh7c+2HY5WmmJQosMi9CaCBj0lvH0k5caEjqwPeHtRBmEyu3
1wAcLQJowZrWB5ez9MjezsaL4sPCymvB/4F443xdz5V19mE41bLZGW2EIT7MXHY7
IcwLU/opx76GMOFfWVMA7jeQkjiPaqGeaQHJzdnGUzIthqyiTigQMfi5P3nXGDic
uQi+KrqP9lNpJlZk4xGQnFovHNmKZrnLhUvqOIPk7/wKMvlU6ewdzp5Fnwzqw4MW
uJ/6eBJYolMyY+q37AH3Q6ZUkwTJi9O1drCPA0Ogr/dJiCyAiOoKuL0N74VabpcD
AahXw+yYV0qh6H4YjOzW
=wGCx
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'kwolf/tags/for-anthony' into staging
Block patches for 1.7.0-rc0 (v2)
# gpg: Signature made Thu 31 Oct 2013 04:44:39 PM CET using RSA key ID C88F2FD6
# gpg: Can't check signature: public key not found
* kwolf/tags/for-anthony: (30 commits)
vmdk: Implment bdrv_get_specific_info
qapi: Add optional field 'compressed' to ImageInfo
qemu-iotests: prefill some data to test image
sheepdog: check simultaneous create in resend_aioreq
sheepdog: cancel aio requests if possible
sheepdog: make add_aio_request and send_aioreq void functions
sheepdog: try to reconnect to sheepdog after network error
coroutine: add co_aio_sleep_ns() to allow sleep in block drivers
sheepdog: reload inode outside of resend_aioreq
sheepdog: handle vdi objects in resend_aio_req
sheepdog: check return values of qemu_co_recv/send correctly
qemu-iotests: Test case for backing file deletion
qemu-iotests: drop duplicated "create_image"
qemu-iotests: Fix 051 reference output
block: Avoid unecessary drv->bdrv_getlength() calls
block: Disable BDRV_O_COPY_ON_READ for the backing file
ahci: fix win7 hang on boot
sheepdog: pass copy_policy in the request
sheepdog: explicitly set copies as type uint8_t
block: Don't copy backing file name on error
...
Message-id: 1383064269-27720-1-git-send-email-kwolf@redhat.com
Signed-off-by: Anthony Liguori <anthony@codemonkey.ws>
This includes some pretty big changes:
- pci master abort support by Marcel
- pci IRQ API rework by Marcel
- acpi generation support by myself
Everything has gone through several revisions, latest versions have been on
list for a while without any more comments, tested by several
people.
Please pull for 1.7.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQEcBAABAgAGBQJSXNO8AAoJECgfDbjSjVRp7VAH/0B73mCOiyVACGx7fazK3SGK
X8TxZWVtG5A77ISqKyrtjLAhK9DCQjEzQTbMNhXHM3Ar6crwo7nJZnQvH2Gh1X2p
34BOQSVc4rtXz5pwDIr48dBLrxeslwXub79chUs+IK1/4RSn3h3nuS3k6JVkmLJN
rcHMj4ljJmi4Hd9vOpmS1jo/a61usi36hhU7CMgcrsXzStZycBBzCozOB3VW8p1X
/iwyf91YjmNPkn9gA3/aViGjszu8jE91dkA0C+ljwvcGbs2yEl3LCWEJfsMvoh5P
2M+k0XXbHwq/P9PFMa/2/lWOo4EO4Oxa+G/6QvovJrteYnktr+E9DqjU8pCT7yI=
=CVfs
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'mst/tags/for_anthony' into staging
pci, pc, acpi fixes, enhancements
This includes some pretty big changes:
- pci master abort support by Marcel
- pci IRQ API rework by Marcel
- acpi generation support by myself
Everything has gone through several revisions, latest versions have been on
list for a while without any more comments, tested by several
people.
Please pull for 1.7.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Tue 15 Oct 2013 07:33:48 AM CEST using RSA key ID D28D5469
# gpg: Can't check signature: public key not found
* mst/tags/for_anthony: (39 commits)
ssdt-proc: update generated file
ssdt: fix PBLK length
i386: ACPI table generation code from seabios
pc: use new api to add builtin tables
acpi: add interface to access user-installed tables
hpet: add API to find it
pvpanic: add API to access io port
ich9: APIs for pc guest info
piix: APIs for pc guest info
acpi/piix: add macros for acpi property names
i386: define pc guest info
loader: allow adding ROMs in done callbacks
i386: add bios linker/loader
loader: use file path size from fw_cfg.h
acpi: ssdt pcihp: updat generated file
acpi: pre-compiled ASL files
acpi: add rules to compile ASL source
i386: add ACPI table files from seabios
q35: expose mmcfg size as a property
q35: use macro for MCFG property name
...
Message-id: 1381818560-18367-1-git-send-email-mst@redhat.com
Signed-off-by: Anthony Liguori <anthony@codemonkey.ws>
When AHCI executes an asynchronous IDE command, it checked DRDY without
checking either DRQ or BSY. This sometimes caused interrupt to be sent
before command is actually completed.
This resulted in a race condition: if guest then managed to access the
device before command has completed, it would hang waiting for an
interrupt.
This was observed with windows 7 guests.
To fix, check for DRQ or BSY in additiona to DRDY, if set,
the command is asynchronous so delay the interrupt until
asynchronous done callback is invoked.
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
pci_set_irq and the other pci irq wrappers use
PCI_INTERRUPT_PIN config register to compute device
INTx pin to assert/deassert.
An irq is allocated using pci_allocate_irq wrapper
only if is needed by non pci devices.
Removed irq related fields from state if not used anymore.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
ATM we set AHCI mode on 1st GHC write.
Spec says we should set it on reset.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
To be passed to object_initialize().
Since commit 39355c3826 the argument is
void*, so drop some superfluous (BusState *) casts or direct parent
field usages.
Signed-off-by: Andreas Färber <afaerber@suse.de>
This is an autogenerated patch using scripts/switch-timer-api.
Switch the entire code base to using the new timer API.
Note this patch may introduce some line length issues.
Signed-off-by: Alex Bligh <alex@alex.org.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Use standard QOM cast macro. Remove usage of DO_UPCAST() and
direct -> style upcasting.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The category will be used to sort the devices displayed in
the command line help.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Message-id: 1375107465-25767-4-git-send-email-marcel.a@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Fix a number of warnings for 32 bit builds (tested on MingW and Linux):
CC hw/ide/macio.o
qemu/hw/ide/macio.c: In function 'pmac_ide_atapi_transfer_cb':
qemu/hw/ide/macio.c:134:9: error: format '%lx' expects argument of type 'long unsigned int', but argument 3 has type 'hwaddr' [-Werror=format]
qemu/hw/ide/macio.c: In function 'pmac_ide_transfer_cb':
qemu/hw/ide/macio.c:215:5: error: format '%ld' expects argument of type 'long int', but argument 5 has type 'int64_t' [-Werror=format]
qemu/hw/ide/macio.c:222:9: error: format '%lx' expects argument of type 'long unsigned int', but argument 3 has type 'hwaddr' [-Werror=format]
qemu/hw/ide/macio.c:264:9: error: format '%lx' expects argument of type 'long unsigned int', but argument 3 has type 'hwaddr' [-Werror=format]
cc1: all warnings being treated as errors
make: *** [hw/ide/macio.o] Error 1
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Introduce type constant and avoid DO_UPCAST().
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
[AF: Renamed parent field]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Replace direct uses of AHCIPCIState::card with QOM casts and rename it
to parent_obj.
Acked-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Define and use standard QOM cast macro. Remove usages of DO_UPCAST()
and direct -> style upcasting.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
[AF: Renamed to TYPE_ICH9_AHCI and used typedef in pci_ich9_reset()]
Signed-off-by: Andreas Färber <afaerber@suse.de>
AHCI couldn't cope with asynchronous commands that aren't doing DMA, it
simply wouldn't complete them. Due to the bug fixed in commit f68ec837,
FLUSH commands would seem to have completed immediately even if they
were still running on the host. After the commit, they would simply hang
and never unset the BSY bit, rendering AHCI unusable on any OS sending
flushes.
This patch adds another callback for the completion of asynchronous
commands. This is what AHCI really wants to use for its command
completion logic rather than an DMA completion callback.
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
A DMA request can happen for data that hasn't been completely been
provided by the IDE core yet. For example
- DBDMA request for 0x1000 bytes
- IDE request for 1 sector
- DBDMA wants to read 0x1000 bytes (8 sectors) from bdrv
- breakage
Instead, we should truncate our bdrv request to the maximum number
of sectors we're allowed to read at that given time. Once that transfer
is through, we will fall into our recently introduced waiting logic.
- DBDMA requests for 0x1000 bytes
- IDE request for 1 sector
- DBDMA wants to read MIN(0x1000, 1 * 512) bytes
- DBDMA finishes reading, indicates to IDE core that transfer is complete
- IDE request for 7 sectors
- DBDMA finishes the DMA
Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alexander Graf <agraf@suse.de>
The DBDMA engine really just reads bytes from a producing device (IDE
in our case) and shoves these bytes into memory. It doesn't care whether
any alignment takes place or not.
Our code today however assumes that block accesses always happen on
sector (512 byte) boundaries. This is a fair assumption for most cases.
However, Mac OS X really likes to do unaligned, incomplete accesses
that it finishes with the next DMA request.
So we need to read / write the unaligned bits independent of the actual
asynchronous request, because that one can only handle 512-byte-aligned
data. We also need to cache these unaligned sectors until the next DMA
request, at which point the data might be successfully flushed from the
pipe.
Signed-off-by: Alexander Graf <agraf@suse.de>
We should only start processing DMA requests when we have data to process.
Hold off working through the DMA shuffling until the IDE core told us that
it's ready.
This is required because the guest can program the DMA engine or the IDE
transfer first. Both are legal.
Signed-off-by: Alexander Graf <agraf@suse.de>
We need to know when the IDE core starts a DMA transfer. Add a notifier
function so we have the chance to start transmitting data.
Signed-off-by: Alexander Graf <agraf@suse.de>
The macio code is basically undebuggable as it stands today, with no
debug prints anywhere whatsoever. DBDMA was better, but I needed a
few more to create reasonable logs that tell me where breakage is.
Add a DPRINTF macro in the macio source file and add a bunch of debug
prints that are all disabled by default of course.
Signed-off-by: Alexander Graf <agraf@suse.de>
On a real G3 Beige the secondary IDE bus lives on the mac-io chip, not
on some random PCI device. Move it there to become more compatible.
While at it, also clean up the IDE channel connection logic.
Signed-off-by: Alexander Graf <agraf@suse.de>
Make sure we use the correct TARGET/PRI macros in the debug statements.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
All commands are now converted to ide_cmd_table handlers, so it can be
unconditional now and the old switch block can go.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
cmd_nop handles all commands that don't really do anything in our
implementation except setting status register flags.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
As a preparation for moving all IDE commands into their own function
like in the ATAPI code, introduce a 'handler' callback to ide_cmd_table.
Commands using this new infrastructure get some things handled
automatically:
* The BSY flag is set before calling the handler (in order to avoid bugs
like the one fixed in f68ec837) and reset on completion.
* The (obsolete) DSC flag in the status register is set on completion if
the command is flagged with SET_DSC in the command table
* An IRQ is triggered on completion.
* The error register and the ERR flag in the status register are cleared
before calling the handler and on completion it is asserted that
either none or both of them are set.
No commands are converted at this point.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The DMAContext is a simple pointer to an AddressSpace that is now always
already available. Make everyone hold the address space directly,
and clean up the DMA API to use the AddressSpace directly.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* 'realize-isa.v2' of git://github.com/afaerber/qemu-cpu:
qdev: Drop FROM_QBUS() macro
isa: QOM'ify ISADevice
isa: QOM'ify ISABus
i8259: Convert PICCommonState to use QOM realizefn
kvm/i8259: QOM'ify some more
i8259: QOM'ify some more
i8254: Convert PITCommonState to QOM realizefn
kvm/i8254: QOM'ify some more
i8254: QOM'ify some more
isa: Use realizefn for ISADevice
cs4231a: QOM'ify some more
gus: QOM'ify some more
Drop ISADeviceClass::init and the resulting no-op initfn and let
children implement their own realizefn. Adapt error handling.
Split off an instance_init where sensible.
Signed-off-by: Andreas Färber <afaerber@suse.de>
The implementation of the ATA FLUSH command invokes a flush at the block
layer, which may on raw files on POSIX entail a synchronous fdatasync().
This may in some cases take so long that the SLES 11 SP1 guest driver
reports I/O errors and filesystems get corrupted or remounted read-only.
Avoid this by setting BUSY_STAT, so that the guest is made aware we are
in the middle of an operation and no ATA commands are attempted to be
processed concurrently.
Addresses BNC#637297.
Suggested-by: Gonglei (Arei) <arei.gonglei@huawei.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Commit 215e47b9 enabled TRIM by default, which revealed a bug in TRIM
support for the IDE macio emulation driver, introduced in d353fb72.
The call to dma_bdrv_io() is using a wrong opaque of type IDEState
instead of DBDMA_io. This patch fixes that.
Fixes LP#1179104
Reported-by: Michael Tokarev <mjt@tls.msk.ru>
Tested-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The device is supposed to reset the Bus Master IDE Active bit in the
status register when 0 is written to the Start/Stop Bus Master bit in
the command register.
In the common cases this happens automatically because bdrv_drain_all()
flushes the requests, but with a large PRDT it could remain set.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
An IDE bus provided by AHCI can only take a single IDE drive. If you add
a drive as slave, qemu used to accept the command line but the device
wouldn't be actually usable. Catch the situation instead and error out.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Introduce type constant and cast macro to obsolete DO_UPCAST().
Add missing braces.
Prepares for ISA realizefn.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1367093935-29091-7-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* bonzini/hw-dirs:
exec: remove useless declarations from memory-internal.h
memory: move core typedefs to qemu/typedefs.h
include: avoid useless includes of exec/ headers
sysemu: avoid proliferation of include/ subdirectories
tpm: reorganize headers and split hardware part
configure: fix TPM logic
acpi.h: make it self contained
acpi: move declarations from pc.h to acpi.h
hw: Add lost ARM core again
Fix failure to create q35 machine
Add linux-headers to QEMU_INCLUDES
arm: fix location of some include files
Conflicts:
configure
aliguori: trivial conflict in configure output
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Headers in include/exec/ are for the deepest innards of QEMU,
they should almost never be included directly.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
What is the highest addressable sector on an empty CD-ROM? Nothing is
addressable so produce an error.
This patch prevents a divide-by-zero in ide_set_sector() since
s->sectors and s->heads would be 0. Not to mention that a sector=-1
argument would be nonsense.
Note that WIN_READ_NATIVE_MAX can be triggered using hdparm -N 1024
/dev/cdrom. The LBA bit will be set to 1 though, so the only easy way
to go down the ide_set_sector() CHS code path which divides by zero is
to comment out the s->select & 0x40 case for testing.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Many of these should be cleaned up with proper qdev-/QOM-ification.
Right now there are many catch-all headers in include/hw/ARCH depending
on cpu.h, and this makes it necessary to compile these files per-target.
However, fixing this does not belong in these patches.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Because discard is now a host parameter, we can always fake it as enabled
in the guest. This is an extension of the current choice to ignore
"not supported" errors from the host when discard_granularity is set
to nonzero.
The default granularity is set to the logical block size or 4k, whichever
is largest, because cluster sizes below 4k are rarely used and 4K is a
typical block size for files.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
It was not qdev'ified before, so turn it into a SysBusDevice.
Keep mmio_ide_init_drives() around to attach the hard drive.
Signed-off-by: Andreas Färberr <afaerber@suse.de>
Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
# By Paolo Bonzini (14) and others
# Via Kevin Wolf
* kwolf/for-anthony: (24 commits)
ide: Add fall through annotations
block: Create proper size file for disk mirror
ahci: Add migration support
ahci: Change data types in preparation for migration
ahci: Remove unused AHCIDevice fields
hbitmap: add assertion on hbitmap_iter_init
mirror: do nothing on zero-sized disk
block/vdi: Check for bad signature
block/vdi: Improved return values from vdi_open
block/vdi: Improve debug output for signature
block: Use error code EMEDIUMTYPE for wrong format in some block drivers
block: Add special error code for wrong format
mirror: support arbitrarily-sized iterations
mirror: support more than one in-flight AIO operation
mirror: add buf-size argument to drive-mirror
mirror: switch mirror_iteration to AIO
mirror: allow customizing the granularity
block: allow customizing the granularity of the dirty bitmap
block: return count of dirty sectors, not chunks
mirror: perform COW if the cluster size is bigger than the granularity
...
It was not qdev'ified before. Turn it into a SysBusDevice.
Embed them into the MacIO devices.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Add comments to help static analysers detect that these cases are
intentional, and clean up some whitespace in the environment of these
comments.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Jason tested these patches by migrating Windows 7 and Fedora 17 guests
(while under I/O) on both piix with ahci attached and on q35 (which has
a built-in AHCI controller).
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The size of an int depends on the host, so in order to be able to
migrate these fields, make them either int32_t or bool, depending on the
use.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
'dma_status' and 'dma_cb' are written to, but never read.
Remove these fields in preparation for AHCI migration bits.
Signed-off-by: Jason Baron <jbaron@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The Bus Master IDE Active bit (BM_STATUS_DMAING) is not only set when
the request is still in flight, but also when it has completed and the
size of the physical memory regions in the PRDT was larger than the
transfer size.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Now that discard can take a long time, make it asynchronous.
Each LBA range entry is processed separately because discard
can be an expensive operation.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
ATA-ACS-3 says "If the two byte range length is zero, then the LBA
Range Entry shall be discarded as padding." iovecs are used as if
they are linearized, so it is incorrect to discard the rest of
this iovec.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Since 39bffca203 (qdev: register all
types natively through QEMU Object Model), TypeInfo as used in
the common, non-iterative pattern is no longer amended with information
and should therefore be const.
Fix the documented QOM examples:
sed -i 's/static TypeInfo/static const TypeInfo/g' include/qom/object.h
Since frequently the wrong examples are being copied by contributors of
new devices, fix all types in the tree:
sed -i 's/^static TypeInfo/static const TypeInfo/g' */*.c
sed -i 's/^static TypeInfo/static const TypeInfo/g' */*/*.c
This also avoids to piggy-back these changes onto real functional
changes or other refactorings.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Tray statuses should be also reseted. Some guests may lock the tray
and after reset before any kernel is loaded the tray should be unlocked.
Also if you reset the real computer the tray is closed. We should
do the same in qemu.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
If you have a guest with a media in the optical drive and you change
it, the windows guest cannot properly recognize this media change.
Windows needs to detect sense "NOT_READY with ASC_MEDIUM_NOT_PRESENT"
before we send sense "UNIT_ATTENTION with ASC_MEDIUM_MAY_HAVE_CHANGED".
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Pass qemu_sglist_init the global dma_context_memory rather than a NULL
pointer; this fixes a segfault in dma_memory_map() when the guest
starts using DMA.
Reported-by: Amadeusz Sławiński <amade@asmblr.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
When failing a request because the length of the regions described by
the PRDT was too short for the requested number of sectors, the IDE
emulation forgot to update the status register, so that the device would
keep the BSY flag set indefinitely.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Without this, s->nsector can become negative and badness happens (trying
to malloc huge amount of memory and glib calls abort())
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Now that AIOPool no longer keeps a freelist, it isn't really a "pool"
anymore. Rename it to AIOCBInfo and make it const since it no longer
needs to be modified.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
target_phys_addr_t is unwieldly, violates the C standard (_t suffixes are
reserved) and its purpose doesn't match the name (most target_phys_addr_t
addresses are not target specific). Replace it with a finger-friendly,
standards conformant hwaddr.
Outstanding patchsets can be fixed up with the command
git rebase -i --exec 'find -name "*.[ch]"
| xargs s/target_phys_addr_t/hwaddr/g' origin
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* 'trivial-patches' of git://github.com/stefanha/qemu:
versatilepb: Use symbolic indices for ARM PIC
qdev: kill bogus comment
qemu-barrier: Fix compiler version check for future gcc versions
hw: Add missing 'static' attribute for QEMUMachine
cleanup useless return sentence
qemu-sockets: Fix compiler warning (regression for MinGW)
vnc: Fix spelling (hellmen -> hellman) in comment
slirp: Fix spelling in comment (enought -> enough, insure -> ensure)
tcg/arm: Use tcg_out_mov_reg rather than inline equivalent code
cpu: Add missing 'static' attribute to qemu_global_mutex
configure: Support empty target list (--target-list=)
hw: Fix return value check for bdrv_read, bdrv_write
The entries for libhw* are no longer needed in .gitignore.
There is also no longer a difference between common-obj-y and
hw-obj-y, so one of those two macros is sufficient.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch cleans up return sentences in the end of void functions.
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
Use g_strdup rather than strdup, because the sole caller
(qdev_get_fw_dev_path_helper) assumes it gets non-NULL, and dereferences
it. Besides, in that caller, the allocated buffer is already freed with
g_free, so it's better to allocate with a matching g_strdup.
In one case, (scsi-bus.c) it was trivial, so I replaced an snprintf+
g_strdup combination with an equivalent g_strdup_printf use.
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Move the common part of IDE/SCSI/virtio error handling to the block
layer. The new function bdrv_error_action subsumes all three of
bdrv_emit_qmp_error_event, vm_stop, bdrv_iostatus_set_err.
The same scheme will be used for errors in block jobs.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Do this while we are touching this part of the code, before introducing
more uses of "int is_read".
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This will let block-stream reuse the enum. Places that used the enums
are renamed accordingly.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
We want to remove knowledge of BLOCK_ERR_STOP_ENOSPC from drivers;
drivers should only be told whether to stop/report/ignore the error.
On the other hand, we want to keep using the nicer BlockErrorAction
name in the drivers. So rename the enums, while leaving aside the
names of the enum values for now.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
While testing q35, I found that windows 7 (specifically, windows 7 ultimate
with sp1 x64), wouldn't install because it can't find the cdrom or disk drive.
The failure message is: 'A required cd/dvd device driver is missing. If you
have a driver floppy disk, CD, DVD, or USB flash drive, please insert it now.'
This can also be reproduced on piix by adding an ahci controller, and
observing that windows 7 does not see any devices behind it.
The problem is that when windows issues a HBA reset, qemu does not reset the
individual ports' PxCMD register. Windows 7 then reads back the PxCMD register
and presumably assumes that the ahci controller has already been initialized.
Windows then never sets up the PxIE register to enable interrupts, and thus it
never gets irqs back when it sends ata device inquiry commands.
This change brings qemu into ahci 1.3 specification compliance.
Section 10.4.3 HBA Reset:
"
When GHC.HR is set to '1', GHC.AE, GHC.IE, the IS register, and all port
register fields (except PxFB/PxFBU/PxCLB/PxCLBU) that are not HwInit in the
HBA's register memory space are reset.
"
I've also re-tested Fedora 16 and 17 to verify that they continue to work with
this change.
Signed-off-by: Jason Baron <jbaron@redhat.com>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Report from smatch:
hw/ide/core.c:1472 ide_exec_cmd(423) error: buffer overflow 'smart_attributes' 8 <= 29
hw/ide/core.c:1474 ide_exec_cmd(425) error: buffer overflow 'smart_attributes' 8 <= 29
hw/ide/core.c:1475 ide_exec_cmd(426) error: buffer overflow 'smart_attributes' 8 <= 29
...
The upper limit of 30 was never reached because both for loops terminated
when 'smart_attributes' reached end of list, so there was no real buffer
overflow.
Nevertheless, changing the code not only fixes the error report, but also
reduces the size of smart_attributes and simplifies the for loops.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The START STOP UNIT command will only eject/load media if
power condition is zero.
If power condition is !0 then LOEJ and START will be ignored.
From MMC (sbc contains similar wordings too)
The Power Conditions field requests the block device to be placed
in the power condition defined in
Table 558. If this field has a value other than 0h then the Start
and LoEj bits shall be ignored.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
These are normally ifdefed out and don't matter. But if you enable
them, they ought to be correct.
Signed-off-by: Matthew Ogilvie <mmogilvi_qemu@miniinfo.net>
Signed-off-by: malc <av1474@comtv.ru>
I noticed that in hw/ide/ahci:ahci_dma_rw_buf() we do not free the sglist. Thus,
I've added a call to qemu_sglist_destroy() to fix this memory leak.
In addition, I've adeed a call in qemu_sglist_destroy() to 0 all of the sglist
fields, in case there is some other codepath that tries to free the sglist.
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
While testing q35, which has its cdrom attached to the ahci controller, I found
that the Fedora 17 install would panic on boot. The panic occurs while
squashfs is trying to read from the cdrom. The errors are:
[ 8.622711] SQUASHFS error: xz_dec_run error, data probably corrupt
[ 8.625180] SQUASHFS error: squashfs_read_data failed to read block
0x20be48a
I was also able to produce corrupt data reads using an installed piix based
qemu machine, using 'dd'. I found that the corruptions were only occuring when
then read size was greater than 128k. For example, the following command
results in corrupted reads:
dd if=/dev/sr0 of=/tmp/blah bs=256k iflag=direct
The > 128k size reads exercise a different code path than 128k and below. In
ide_atapi_cmd_read_dma_cb() s->io_buffer_size is capped at 128k. Thus,
ide_atapi_cmd_read_dma_cb() is called a second time when the read is > 128k.
However, ahci_dma_rw_buf() restart the read from offset 0, instead of at 128k.
Thus, resulting in a corrupted read.
To fix this, I've introduced 'io_buffer_offset' field in IDEState to keep
track of the offset. I've also modified ahci_populate_sglist() to take a new
3rd offset argument, so that the sglist is property initialized.
I've tested this patch using 'dd' testing, and Fedora 17 now correctly boots
and installs on q35 with the cdrom ahci controller.
Signed-off-by: Jason Baron <jbaron@redhat.com>
Tested-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Legacy -drive cyls=... are now ignored completely when the drive
doesn't back a hard disk device. Before, they were first checked
against a hard disk's limits, then ignored.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
All current users (IDE, SCSI and virtio-blk) happen to share this 20
characters limit. Still, it should be left to device models. They
already enforce their limits. They have to, as the DriveInfo limit
only affects legacy -drive serial=..., not the qdev properties.
usb-storage, which doesn't limit serial number length, also uses
DriveInfo for -usbdevice. But that doesn't provide access to
DriveInfo serial.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This stuff doesn't belong to block layer, and was put there only
because a better home didn't exist then. Now it does.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
New limits straight from ATA4 6.2 Register delivered data transfer
command sector addressing.
I figure the old sector limit 63 was blindly copied from the BIOS
int 13 limit. Doesn't apply to the hardware. No idea where the old
cylinder limit comes from.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Currently, it is split between hd_geometry_guess() and
pc_cmos_init_late(). Confusing. info qtree shows the result of the
former. Also confusing.
Fold the part done in pc_cmos_init_late() into hd_geometry_guess().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
In particular, don't set disk type and geometry when a CD-ROM on bus
ide.0 has media during CMOS initialization.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This isn't quite orthodox. CHS translation is firmware configuration,
communicated via the RTC's CMOS RAM, not a property of the disk. But
it's best to treat it just like geometry anyway.
Maintain backward compatibility exactly like for geometry: fall back
to DriveInfo's translation, set with -drive trans=...
Bonus: info qtree now shows the translation. Except when it shows
"auto": that's resolved by pc_cmos_init_late(). To be addressed
shortly.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Geometry needs to be qdev properties, because it belongs to the
disk's guest part.
Maintain backward compatibility exactly like for serial: fall back to
DriveInfo's geometry, set with -drive cyls=...
Do this only for ide-hd. ide-drive is legacy. ide-cd doesn't have a
geometry.
Bonus: info qtree now shows the geometry.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Best to use the same type, to avoid unwanted truncation or sign
extension.
BlockConf can't use plain int for cyls, heads and secs, because
integer properties require an exact width.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
PC BIOS setup needs IDE geometry information. Get it directly from
the device model rather than through the block layer. In preparation
of purging geometry from the block layer, which will happen later in
this series.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
hd_geometry_guess() picks geometry and translation. Callers can get
the geometry directly, via parameters, but for translation they need
to go through the block layer.
Add a parameter for translation, so it can optionally be gotten just
like geometry. In preparation of purging translation from the block
layer, which will happen later in this series.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Commit f3d54fc4 factored it out of hw/ide.c for reuse. Sensible,
except it was put into block.c. Device-specific functionality should
be kept in device code, not the block layer. Move it to
hw/hd-geometry.c, and make stylistic changes required to keep
checkpatch.pl happy.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Not a single driver has any possibility of failure on their
exit function, let's keep it that way.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This command is not necessary for CD-ROM and DVD-ROM, but some versions of
udev trip on its absence.
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The AHCI device can provide both PCI and SysBus AHCI device
emulations. For this reason, it wasn't previously converted to use
the pci_dma_*() helper functions. Now that we have universal DMA
helper functions, this converts AHCI to use them.
The DMAContext is obtained from pci_dma_context() in the PCI case and
set to NULL in the SysBus case (i.e. we assume for now that a SysBus
AHCI has no IOMMU translation).
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
dma-helpers.c contains a number of helper functions for doing
scatter/gather DMA, and various block device related DMA. Currently,
these directly access guest memory using cpu_physical_memory_*(),
assuming no IOMMU translation.
This patch updates this code to use the new universal DMA helper
functions. qemu_sglist_init() now takes a DMAContext * to describe
the DMA address space in which the scatter/gather will take place.
We minimally update the callers qemu_sglist_init() to pass NULL
(i.e. no translation, same as current behaviour). Some of those
callers should pass something else in some cases to allow proper IOMMU
translation in future, but that will be fixed in later patches.
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
