Commit Graph

8664 Commits

Author SHA1 Message Date
Hans de Goede
a552a966f1 usb: Add packet combining functions
Currently we only do pipelining for output endpoints, since to properly
support short-not-ok semantics we can only have one outstanding input
packet. Since the ehci and uhci controllers have a limited per td packet
size guests will split large input transfers to into multiple packets,
and since we don't pipeline these, this comes with a serious performance
penalty.

This patch adds helper functions to (re-)combine packets which belong to 1
transfer at the guest device-driver level into 1 large transger. This can be
used by (redirection) usb-devices to enable pipelining for input endpoints.

This patch will combine packets together until a transfer terminating packet
is encountered. A terminating packet is a packet which meets one or more of
the following conditions:
1) The packet size is *not* a multiple of the endpoint max packet size
2) The packet does *not* have its short-not-ok flag set
3) The packet has its interrupt-on-complete flag set

The short-not-ok flag of the combined packet is that of the terminating packet.
Multiple combined packets may be submitted to the device, if the combined
packets do not have their short-not-ok flag set, enabling true pipelining.

If a combined packet does have its short-not-ok flag set the queue will
wait with submitting further packets to the device until that packet has
completed.

Once enabled in the usb-redir and ehci code, this improves the speed (MB/s)
of a Linux guest reading from a USB mass storage device by a factor of
1.2 - 1.5.

And the main reason why I started working on this, when reading from a pl2303
USB<->serial converter, it combines the previous 4 packets submitted per
device-driver level read into 1 big read, reducing the number of packets / sec
by a factor 4, and it allows to have multiple reads outstanding. This allows
for much better latency tolerance without the pl2303's internal buffer
overflowing (which was happening at 115200 bps, without serial flow control).

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:58 +01:00
Hans de Goede
7f102ebeb5 uhci: Don't crash on device disconnect
My recent uhci cleanup series has introduced a regression, where
qemu sometimes crashes on a device disconnect. The problem is that
the uhci code never checked for a device not / no longer existing, instead
it was relying on usb_handle_packet accepting a NULL device.

But since we now pass usb_handle_packet q->ep->dev, rather then just
a local dev variable, we crash as q->ep == NULL due to the device no longer
existing.

This patch fixes this. Note that this patch also improves over
the old behavior were we would:
1) create a queue for the device
2) create an async for the packet
3) have usb_handle_packet fail
4) destroy the async
5) wait for the queue to be idle for 32 frames
6) destroy the queue

Which was rather sub-optimal.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:58 +01:00
Hans de Goede
faccca000f uhci: Add a uhci_handle_td_error() helper function
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:58 +01:00
Gerd Hoffmann
bb4d2b2f0a usb/ehci-pci: add helper to create ich9 usb controllers
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:58 +01:00
Gerd Hoffmann
ba07630c79 usb/ehci-pci: add ich9 00:1a.* variant
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:58 +01:00
Gerd Hoffmann
df01318777 usb/ehci-pci: dynamic type generation
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:57 +01:00
Gerd Hoffmann
74625ea27c uhci: add ich9 00:1a.* variants
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:57 +01:00
Gerd Hoffmann
8f3f90b0c7 uhci: stick irq routing info into UHCIInfo too.
Kills the ugly "switch (device_id) { ... }" struct and makes it easier
to figure what the differences between the uhci variants are.

Need our own DeviceClass struct for that so we can allocate some space
to store UHCIInfo.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:57 +01:00
Gerd Hoffmann
2c2e852509 uhci: dynamic type generation
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:57 +01:00
Peter Crosthwaite
892776ce02 xilinx_zynq: add USB controllers
Add the two usb controllers in Zynq.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:57 +01:00
Gerd Hoffmann
b12f32c408 pixman: switch screendump function.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 14:00:04 +01:00
Gerd Hoffmann
1fd2510a37 vga: stop direct access to DisplaySurface fields.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 14:00:04 +01:00
Gerd Hoffmann
b6e9f63711 qxl: stop direct access to DisplaySurface fields.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 14:00:04 +01:00
Gerd Hoffmann
e433785a76 usb/ehci: add sysbus variant
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:10 +01:00
Gerd Hoffmann
0bf96f9457 usb/ehci: split into multiple source files
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:10 +01:00
Peter Crosthwaite
569c7fc840 usb/ehci: Guard definition of EHCI_DEBUG
Guard against re-definition of EHCI_DEBUG. Allows for turning on of debug info
from configure (using --qemu-extra-cflags="-DEHCI_DEBUG=1") rather than source
code hacking.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:10 +01:00
Peter Crosthwaite
5010d4dc61 usb/ehci: seperate out PCIisms
Seperate the PCI stuff from the EHCI components. Extracted the PCIDevice
out into a new wrapper struct to make EHCIState non-PCI-specific. Seperated
tho non PCI init component out into a seperate "common" init function.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:10 +01:00
Peter Crosthwaite
7ae6ce0258 usb/ehci: Abstract away PCI DMA API
Pull the DMAContext for the PCI DMA out at device init time and put it into
the device state. Use dma_memory_read/write() instead of pci specific versions.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Peter Crosthwaite
27a11324e0 usb/ehci: parameterise the register region offsets
The capabilities register and operational register offsets can vary from one
EHCI implementation to the next. Parameterise accordingly.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Gerd Hoffmann
0bc85da69e xhci: allow address slot being called multiple times
win8 guests do that for some reason ...

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Gerd Hoffmann
4f47f0f82e xhci: add port trace points
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Gerd Hoffmann
b62b08282d xhci: set pls in xhci_port_update & xhci_port_reset
Set the port link state to the correct values in xhci_port_update and
xhci_port_reset functions.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Gerd Hoffmann
40030130d1 xhci: add xhci_port_reset
Move port reset logic to its own function.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Gerd Hoffmann
f705a36280 xhci: add xhci_port_notify
Create a function to notify the guest about port
status changes and put it into use.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Gerd Hoffmann
6a32f80f05 xhci: add xhci_port_have_device
Factor out the code which checks whenever a usb device is attached
to the port in question.  No functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Gerd Hoffmann
f321402785 xhci: s/xhci_update_port/xhci_port_update/
Rename the function for xhci_port_* naming scheme, also drop
the xhci parameter as port carries a pointer to xhci anyway.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Gerd Hoffmann
85e05d825f xhci: add {get,set}_field macros & enum for pls
Add {get,set}_field macros (simliar to ehci) to read and update
some bits of a word.  Put them into use for updating pls (port
link state) values.  Also add a enum for pls values.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Gerd Hoffmann
9678aedd8e vga: fix text mode updating
With both text (curses) and graphics (vnc/sdl/spice/...) display active
vga text mode emulation fails to update both correctly.  Depending on
whenever vga_update_text() or vga_draw_text() happens to be called first
only the text display or only the graphics display will see display
resolution changes and full redraws.

Fix it by calling both text/gfx resize functions in both code paths and
keep track of full screen redraws needed in VGACommonState fields.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:06 +01:00
Gerd Hoffmann
a93a4a226a console: untangle gfx & txt updates
Stop abusing displaysurface fields for text mode displays.
(bpp = 0, width = cols, height = lines).

Add flags to displaystate indicating whenever text mode display
(curses) or gfx mode displays (sdl, vnc, ...) are present.

Add separate displaychangelistener callbacks for text / gfx mode
resize & updates.

This allows to enable gfx and txt diplays at the same time and also
paves the way for more cleanups in the future.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:06 +01:00
Gerd Hoffmann
bf2fde70fe console: move set_mouse + cursor_define callbacks
When adding DisplayChangeListeners the set_mouse and cursor_define
callbacks have been left in DisplayState for some reason.  Fix it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:05 +01:00
Gerd Hoffmann
87e487a14b console: QLIST-ify display change listeners.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:05 +01:00
David Gibson
1ecbbab469 pseries: Cleanup duplications of ics_valid_irq() code
A couple of places in xics.c open-coded the same logic as is already
implemented in ics_valid_irq().  This patch fixes the code duplication.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-11-01 13:02:22 +01:00
David Gibson
bf0175de6c pseries: Clean up inconsistent variable name in xics.c
Throughout xics.c 'nr' is used to refer to a global interrupt number, and
'server' is used to refer to an interrupt server number (i.e. CPU number).
Except in icp_set_mfrr(), where 'nr' is used as a server number.  Fix this
confusing inconsistency.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-11-01 13:02:22 +01:00
David Gibson
a3cfa18eb0 Revert "PPC: pseries: Remove hack for PIO window"
This reverts commit a178274efa.

Contrary to that commit's message, the users of old_portio are not all
gone.  In particular VGA still uses it via portio_list_add().

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-11-01 13:02:21 +01:00
Gabriel L. Somlo
372254c6e5 e1000: pre-initialize RAH/RAL registers
Some guest operating systems' drivers (Mac OS X in particular) fail to
properly initialize the Receive Address registers (probably expecting
them to be pre-initialized by an earlier component, such as a specific
proprietary BIOS). This patch pre-initializes the RA registers, allowing
OS X networking to function properly. Other guest operating systems are
not affected, and free to (re)initialize these registers during boot.

[According to the datasheet the Address Valid bits in the RA registers
are cleared on PCI or software reset.  This patch adds the NIC's MAC
address and sets Address Valid on reset.  So we diverge from real
hardware behavior here. -- Stefan]

Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2012-11-01 12:02:17 +01:00
Dmitry Fleytman
e5b8b0d4ba e1000: drop check_rxov, always treat RX ring with RDH == RDT as empty
Real HW always treats RX ring with RDH == RDT as empty.
Emulation is supposed to behave the same.

Reported-by: Chris Webb <chris.webb@elastichosts.com>
Reported-by: Richard Davies <richard.davies@elastichosts.com>
Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2012-11-01 10:59:59 +01:00
Paolo Bonzini
f563a5d7a8 Merge remote-tracking branch 'origin/master' into threadpool
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-10-31 10:42:51 +01:00
Andreas Färber
f100f0b38f cpus: Pass CPUState to run_on_cpu()
CPUArchState is no longer needed.

Move the declaration to include/qemu/cpu.h and add documentation.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-10-31 04:12:23 +01:00
Andreas Färber
3993c6bddf cpus: Pass CPUState to [qemu_]cpu_has_work()
For target-mips also change the return type to bool.

Make include paths for cpu-qom.h consistent for alpha and unicore32.

Signed-off-by: Andreas Färber <afaerber@suse.de>
[AF: Updated new target-openrisc function accordingly]
Acked-by: Richard Henderson <rth@twiddle.net> (for alpha)
2012-10-31 04:11:37 +01:00
Marcelo Tosatti
19403a68fb cirrus_vga: allow configurable vram size
Allow RAM size to be configurable for cirrus, to allow migration
compatibility from qemu-kvm.

Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2012-10-30 23:39:50 -02:00
Andreas Färber
b13ce26d3e spapr: Pass PowerPCCPU to hypercalls
Needed for changing cpu_has_work() argument type to CPUState,
used in h_cede().

Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-10-31 01:02:46 +01:00
Andreas Färber
aa100fa4c9 spapr: Pass PowerPCCPU to spapr_hypercall()
Needed for changing the hypercall handlers' argument type to PowerPCCPU.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-10-31 01:02:45 +01:00
Andreas Färber
1b14670a38 target-ppc: Pass PowerPCCPU to cpu_ppc_hypercall
Adapt emulate_spapr_hypercall() accordingly.

Needed for changing spapr_hypercall() argument type to PowerPCCPU.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-10-31 01:02:45 +01:00
Andreas Färber
79bbf20bca xtensa_pic: Pass XtensaCPU to xtensa_ccompare_cb()
Needed for changing cpu_has_work() argument type to CPUState.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
2012-10-31 01:02:45 +01:00
Andreas Färber
c08d7424d6 cpus: Pass CPUState to qemu_cpu_kick()
CPUArchState is no longer needed there.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-10-31 01:02:45 +01:00
Andreas Färber
a096124571 ppc: Pass PowerPCCPU to {ppc6xx,ppc970,power7,ppc40x,ppce500}_set_irq()
Needed for changing qemu_cpu_kick() argument type to CPUState and
for moving halted field into CPUState.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-10-31 01:02:45 +01:00
Andreas Färber
f324e7667a cpu: Move stopped field to CPUState
Change its type to bool.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-10-31 01:02:44 +01:00
Andreas Färber
b6444a42c0 ppce500_spin: Store PowerPCCPU in SpinKick
Needed for moving stopped field to CPUState.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-10-31 01:02:44 +01:00
Andreas Färber
60e82579c7 cpus: Pass CPUState to qemu_cpu_is_self()
Change return type to bool, move to include/qemu/cpu.h and
add documentation.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
[AF: Updated new caller qemu_in_vcpu_thread()]
2012-10-31 01:02:39 +01:00
Andreas Färber
e9f9d6b165 target-i386: Pass X86CPU to cpu_x86_load_seg_cache_sipi()
Simplifies the call in apic_sipi() again and needed for moving halted
field to CPUState.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
2012-10-30 22:38:37 +01:00
Andreas Färber
60671e583c apic: Store X86CPU in APICCommonState
Prepares for using a link<> property to connect APIC with CPU and for
changing the CPU APIs to CPUState.

Resolve Coding Style warnings by moving the closing parenthesis of
foreach_apic() macro to next line.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
2012-10-30 22:38:37 +01:00
Andreas Färber
449994eb58 target-i386: Inline APIC cpu_env property setting
This prepares for changing the variable type from void*.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
2012-10-30 22:38:37 +01:00
Igor Mammedov
bdeec80217 target-i386: Initialize APIC at CPU level
(L)APIC is a part of cpu [1] so move APIC initialization inside of
x86_cpu object. Since cpu_model and override flags currently specify
whether APIC should be created or not, APIC creation&initialization is
moved into x86_cpu_apic_init() which is called from x86_cpu_realize().

[1] - all x86 cpus have integrated APIC if we overlook existence of i486,
and it's more convenient to model after majority of them.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-10-30 22:38:37 +01:00
Blue Swirl
742a40229d Merge branch 'qspi.2' of git://developer.petalogix.com/public/qemu
* 'qspi.2' of git://developer.petalogix.com/public/qemu:
  xilinx_zynq: added QSPI controller
  xilinx_spips: Generalised to model QSPI
  m25p80: Support for Quad SPI
2012-10-30 18:35:18 +00:00
Paolo Bonzini
f627aab1cc aio: introduce AioContext, move bottom halves there
Start introducing AioContext, which will let us remove globals from
aio.c/async.c, and introduce multiple I/O threads.

The bottom half functions now take an additional AioContext argument.
A bottom half is created with a specific AioContext that remains the
same throughout the lifetime.  qemu_bh_new is just a wrapper that
uses a global context.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-10-30 09:30:53 +01:00
Igor Mitsyanko
50a5be6c3d hw/sd.c: add SD card save/load support
This patch updates SD card model to support save/load of card's state.

Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:12 +00:00
Igor Mitsyanko
f2d189d384 hw/sd.c: Fix erase for high capacity cards
Standard capacity cards SDSC use byte unit address while SDHC and SDXC cards use
block unit address (512 bytes) when setting ERASE_START and ERASE_END with CMD32
and CMD33, we have to account for this.

Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:12 +00:00
Peter Crosthwaite
fc5b64d082 pflash_cfi01: Fix debug mode printfery
This DPRINTF was throwing a warning due to a missing cast.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:11 +00:00
Peter Crosthwaite
368a354f02 pflash_cfi0x: QOMified
QOMified the pflash_cfi0x so machine models can connect them up in custom ways.

Kept the pflash_cfi0x_register functions as is. They can still be used to
create a flash straight onto system memory.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:11 +00:00
Peter Crosthwaite
be65f89992 pflash_cfi01: remove unused total_len field
This field is completely unused.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:11 +00:00
Peter Crosthwaite
b7dff23a48 pflash_cfi0x: remove unused base field
This field is completely unused. The base address should also be abstracted
away from the device anyway. Removed.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:11 +00:00
Peter Maydell
5170d661dc hw/versatile_i2c: Use LOG_GUEST_ERROR
Use LOG_GUEST_ERROR to report bad guest accesses.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:11 +00:00
Peter Maydell
a35d4e4223 hw/arm_l2x0: Use LOG_GUEST_ERROR
Use LOG_GUEST_ERROR to report bad guest accesses.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:10 +00:00
Peter Maydell
0c896f0662 hw/arm_sysctl: Use LOG_GUEST_ERROR
Use LOG_GUEST_ERROR to report bad guest accesses.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:10 +00:00
Peter Maydell
e72e3ffc3d hw/armv7m_nvic: Use LOG_GUEST_ERROR and LOG_UNIMP
Use LOG_GUEST_ERROR and LOG_UNIMP rather than hw_error() where
appropriate.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:10 +00:00
Peter Maydell
edb94a41e3 hw/arm_timer: Use LOG_GUEST_ERROR and LOG_UNIMP
Use LOG_GUEST_ERROR to report guest accesses to bad register
offsets, and LOG_UNIMP for access to the unimplemented
test registers.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:10 +00:00
Peter Maydell
8c8dc39fa6 hw/arm_gic: Use LOG_GUEST_ERROR
Use LOG_GUEST_ERROR to report guest accesses to bad offsets.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:10 +00:00
Peter Maydell
f9fe7bdad8 hw/arm11mpcore: Use LOG_GUEST_ERROR rather than hw_error()
Use LOG_GUEST_ERROR to report guest accesses to bad offsets.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:09 +00:00
Peter Maydell
2d746989bf hw/pl190: Use LOG_UNIMP rather than hw_error()
Use LOG_UNIMP to report attempts to use the unimplemented test mode.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:09 +00:00
Peter Maydell
375cb56029 hw/pl110: Use LOG_GUEST_ERROR rather than hw_error()
Use LOG_GUEST_ERROR to report guest accesses to invalid register
offsets.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:09 +00:00
Peter Maydell
df37416218 hw/pl080: Use LOG_GUEST_ERROR and LOG_UNIMP
Use LOG_GUEST_ERROR and LOG_UNIMP in preference to hw_error().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:09 +00:00
Peter Maydell
abff909c94 hw/pl061: Use LOG_GUEST_ERROR
Use LOG_GUEST_ERROR to report guest attempts to access bad register offsets.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:09 +00:00
Peter Maydell
fbfecf43e9 hw/pl050: Use LOG_GUEST_ERROR
Use LOG_GUEST_ERROR for reporting guest attempts to access invalid register
offsets.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:08 +00:00
Peter Maydell
7f0f774003 hw/exynos4_boards: Don't prematurely explode QEMUMachineInitArgs
Don't explode QEMUMachineInitArgs before passing it to
exynos4_boards_init_common().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:08 +00:00
Peter Maydell
6efa6d5038 hw/mainstone: Don't prematurely explode QEMUMachineInitArgs
Don't explode QEMUMachineInitArgs before passing it to mainstone_init().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:08 +00:00
Peter Maydell
462b69bba3 hw/nseries: Don't prematurely explode QEMUMachineInitArgs
Don't explode QEMUMachineInitArgs before passing it to n8x0_init().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:08 +00:00
Peter Maydell
6952625da8 hw/omap_sx1: Don't prematurely explode QEMUMachineInitArgs
Don't explode QEMUMachineInitArgs before passing it to the
omap_sx1 common init function.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:08 +00:00
Peter Maydell
72a9f5b7c3 hw/spitz: Don't prematurely explode QEMUMachineInitArgs
Don't explode QEMUMachineInitArgs before calling common init function.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:07 +00:00
Peter Maydell
1b523b5bfc hw/versatilepb: Don't prematurely explode QEMUMachineInitArgs
Don't explode QEMUMachineInitArgs before passing it to the common
versatile init function.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:07 +00:00
Peter Maydell
db4ff6f111 hw/realview.c: Don't prematurely explode QEMUMachineInitArgs
Don't explode QEMUMachineInitArgs in every realview init
function; just pass it to the common realview_init() code
instead.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:07 +00:00
Peter Maydell
f3cdbc329f hw/vexpress.c: Don't prematurely explode QEMUMachineInitArgs
Don't explode QEMUMachineInitArgs before passing it to the vexpress
common init function.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:07 +00:00
Andre Beckus
0e8153dde7 hw/armv7m_nvic: Implement byte/halfword access for NVIC SCB_SHPRx registers
Implement byte/halfword read and write for the NVIC SCB_SHPRx
(System Handler Priority Registers).  Do this by removing SHPR word access
from nvic_readl/writel and adding common code to hande all access
sizes in nvic_sysreg_read/write.

Because the "nvic_state *s" variable now needs to be declared in
nvic_sysreg_read/write, the "void *opaque" parameter of
nvic_readl/writel is changed to "nvic_state *s".

Signed-off-by: Andre Beckus <mikemail98-qemu@yahoo.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:07 +00:00
Aurelien Jarno
38c4718392 Merge branch 's390-for-upstream' of git://repo.or.cz/qemu/agraf
* 's390-for-upstream' of git://repo.or.cz/qemu/agraf:
  s390: sclp ascii console support
  s390: sclp signal quiesce support
  s390: sclp event support
  s390: sclp base support
  s390: use sync regs for register transfer
  s390/kvm_stat: correct sys_perf_event_open syscall number
  s390x: fix -initrd in virtio machine
2012-10-30 00:35:43 +01:00
Anthony Liguori
233926fafa virtio,pci infrastructure
This includes infrastructure patches that don't do much by themselves
 but should help vfio and q35 make progress.
 Also included is rework of virtio-net to use iovec APIs
 for vector access - helpful to make it more secure
 and in preparation for a new feature that will allow
 arbitrary s/g layout for guests.
 Also included is a pci bridge bugfix by Avi.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQEcBAABAgAGBQJQjrGtAAoJECgfDbjSjVRpoRUH/iW2wYfnPtgjIF2gSBmdlmLK
 m5uLSuayHdiNXfjXeNJRySQDu4HZU3K9fDnU+HIMUUmvx/jgaMIbSQZ1gayqQhf8
 T1WH21wkkSTEnW0y9t+C3NtRzdK6AbQ1Jy/TqgP++tjT0w54QkoGKEnX3mvvNoDv
 xdT+dYcpzMFLZ2KaimP73EwILMMR45iRTPhrjSN2wlwCPPnNcg1Jt0Atb6pYveja
 1/46ZY+VxNgRtVSNhnV8xeyyJgwPOrUReKlrqD67YQAeMbzqrel9XDBJuZ3kScWt
 vv2AQ0Fe8GMkMkbNaQ0mFh6pXQ2arTAYb8sb6PColCLOn5yNqFz95YGebG36gxk=
 =HP23
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'mst/tags/for_anthony' into staging

virtio,pci infrastructure

This includes infrastructure patches that don't do much by themselves
but should help vfio and q35 make progress.
Also included is rework of virtio-net to use iovec APIs
for vector access - helpful to make it more secure
and in preparation for a new feature that will allow
arbitrary s/g layout for guests.
Also included is a pci bridge bugfix by Avi.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

* mst/tags/for_anthony: (25 commits)
  pci: avoid destroying bridge address space windows in a transaction
  virtio-net: enable mrg buf header in tap on linux
  virtio-net: test peer header support at init time
  virtio-net: minor code simplification
  virtio-net: simplify rx code
  virtio-net: switch tx to safe iov functions
  virtio-net: first s/g is always at start of buf
  virtio-net: refactor receive_hdr
  virtio-net: use safe iov operations for rx
  virtio-net: avoid sg copy
  iov: add iov_cpy
  virtio-net: track host/guest header length
  pcie: Convert PCIExpressHost to use the QOM.
  pcie: pass pcie window size to pcie_host_mmcfg_update()
  pci: Add class 0xc05 as 'SMBus'
  pci: introduce pci_swizzle_map_irq_fn() for standardized interrupt pin swizzle
  pci_ids: add intel 82801BA pci-to-pci bridge id
  pci: pci capability must be in PCI space
  pci: make each capability DWORD aligned
  qemu: enable PV EOI for qemu 1.3
  ...

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-29 14:31:47 -05:00
Heinz Graalfs
130c57c036 s390: sclp ascii console support
This code adds console support  by implementing SCLP's ASCII Console
Data event. This is the same console as LPARs ASCII console or z/VMs
sysascii.

The console can be specified manually with something like
-chardev stdio,id=charconsole0 -device sclpconsole,chardev=charconsole0,id=console0

Newer kernels will autodetect that console and prefer that over virtio
console.

When data is received from the character layer it creates a service
interrupt to trigger a Read Event Data command from the guest that will
pick up the received character byte-stream.
When characters are echo'ed by the linux guest a Write Event Data occurs
which is forwarded by the Event Facility to the console that supports
a corresponding mask value.
Console resizing is not supported.
The character layer byte-stream is buffered using a fixed size iov
buffer.

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 19:41:56 +01:00
Heinz Graalfs
ab9074b559 s390: sclp signal quiesce support
This implements the sclp signal quiesce event via the SCLP Event
Facility.
This allows to gracefully shutdown a guest by using system_powerdown
notifiers. It creates a service interrupt that will trigger a
Read Event Data command from the guest. This code will then add an
event that is interpreted by linux guests as ctrl-alt-del.

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 19:41:56 +01:00
Heinz Graalfs
559a17a143 s390: sclp event support
Several SCLP features are considered to be events. Those events don't
provide SCLP commands on their own, instead they are all based on
Read Event Data, Write Event Data, Write Event Mask and the service
interrupt. Follow-on patches will provide SCLP's Signal Quiesce (via
system_powerdown) and the ASCII console.
Further down the road the sclp line mode console and configuration
change events (e.g. cpu hotplug) can be implemented.

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 19:41:56 +01:00
Heinz Graalfs
f6c98f9286 s390: sclp base support
This adds a more generic infrastructure for handling Service-Call
requests on s390. Currently we only support a small subset of Read
SCP Info directly in target-s390x. This patch provides the base
infrastructure for supporting more commands and moves Read SCP
Info.
In the future we could add additional commands for hotplug, call
home and event handling.

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 19:41:55 +01:00
Alexander Graf
235a3f0bed s390x: fix -initrd in virtio machine
When using -initrd in the virtio machine, we need to indicate the initrd
start and size inside the kernel image. These parameters need to be stored
in native endianness.

Signed-off-by: Alexander Graf <agraf@suse.de>
Acked-by: Richard Henderson <rth@twiddle.net>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
2012-10-29 19:41:55 +01:00
Avi Kivity
523a59f596 pci: avoid destroying bridge address space windows in a transaction
Calling memory_region_destroy() in a transaction is illegal (and aborts),
as until the transaction is committed, the region remains live.

Fix by moving destruction until after the transaction commits.  This requires
having an extra set of regions, so the new and old regions can coexist.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 18:39:49 +02:00
Michael S. Tsirkin
ff3a8066e6 virtio-net: enable mrg buf header in tap on linux
Modern linux supports arbitrary header size,
which makes it possible to pass mrg buf header
to tap directly without iovec mangling.
Use this capability when it is there.

This removes the need to deal with it in
vhost-net as we do now.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 18:25:23 +02:00
Michael S. Tsirkin
6e371ab867 virtio-net: test peer header support at init time
There's no reason to query header support at random
times: at load or feature query.
Driver also might not query functions.
Cleaner to do it at device init.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 18:25:23 +02:00
Michael S. Tsirkin
e043ebc6f9 virtio-net: minor code simplification
During packet filtering, we can now use host hdr len
to offset incoming buffer unconditionally.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 18:25:23 +02:00
Michael S. Tsirkin
7b80d08efc virtio-net: simplify rx code
Remove code duplication using guest header length that we track.
Drop specific layout requirement for rx buffers: things work
using generic iovec functions in any case.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 18:25:23 +02:00
Michael S. Tsirkin
14761f9cf7 virtio-net: switch tx to safe iov functions
Avoid mangling iovec manually: use safe iov_*
functions.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 18:25:23 +02:00
Michael S. Tsirkin
c8d28e7e33 virtio-net: first s/g is always at start of buf
We know offset is 0, assert that.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 18:25:23 +02:00
Michael S. Tsirkin
280598b7a5 virtio-net: refactor receive_hdr
Now that we know host hdr length, we don't need to
duplicate the logic in receive_hdr: caller can
figure out the offset itself.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 18:25:23 +02:00
Michael S. Tsirkin
63c5872873 virtio-net: use safe iov operations for rx
Avoid magling iov manually: use safe iov operations
for processing packets incoming to guest.
This also removes the requirement for virtio header to
fit the first s/g entry exactly.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 18:25:23 +02:00
Michael S. Tsirkin
22cc84db6e virtio-net: avoid sg copy
Avoid tweaking iovec during receive. This removes
the need to copy the vector.
Note: we currently have an evil cast in work_around_broken_dhclient
and unfortunately this patch does not fix it - just
pushes the evil cast to another place.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 18:25:23 +02:00
Michael S. Tsirkin
e35e23f655 virtio-net: track host/guest header length
Tracking these in device state instead of
re-calculating on each packet. No functional
changes.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 18:25:22 +02:00
Avi Kivity
b308c82cbd pci: avoid destroying bridge address space windows in a transaction
Calling memory_region_destroy() in a transaction is illegal (and aborts),
as until the transaction is committed, the region remains live.

Fix by moving destruction until after the transaction commits.  This requires
having an extra set of regions, so the new and old regions can coexist.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-29 11:18:46 -05:00
Jason Baron
bc927e488c pcie: Convert PCIExpressHost to use the QOM.
Let's use PCIExpressHost with QOM.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 17:59:45 +02:00
Jason Baron
c702ddb8da pcie: pass pcie window size to pcie_host_mmcfg_update()
This allows q35 to pass/set the size of the pcie window in its update routine.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 17:59:45 +02:00
Jan Kiszka
f774856990 pci: Add class 0xc05 as 'SMBus'
[jbaron@redhat.com: add PCI_CLASS_SERIAL_SMBUS definition]
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 17:59:06 +02:00
Isaku Yamahata
91e5615984 pci: introduce pci_swizzle_map_irq_fn() for standardized interrupt pin swizzle
Introduce pci_swizzle_map_irq_fn() for interrupt pin swizzle which is
standardized. PCI bridge swizzle is common logic, by introducing
this function duplicated swizzle logic will be avoided later.

[jbaron@redhat.com: drop opaque argument]
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 17:59:06 +02:00
Isaku Yamahata
9e38f56183 pci_ids: add intel 82801BA pci-to-pci bridge id
Adds pci id constants which will be used by q35.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 17:59:06 +02:00
Isaku Yamahata
b56d701f1d pci: pci capability must be in PCI space
pci capability must be in PCI space.
It can't lay in PCIe extended config space.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 17:59:06 +02:00
Michael S. Tsirkin
e26631b746 pci: make each capability DWORD aligned
PCI spec (see e.g. 6.7 Capabilities List in spec rev 3.0)
requires that each capability is DWORD aligned.
Ensure this when allocating space by rounding size up to 4.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 17:59:06 +02:00
Michael S. Tsirkin
dc59944bc9 qemu: enable PV EOI for qemu 1.3
Enable KVM PV EOI by default. You can still disable it with
-kvm_pv_eoi cpu flag. To avoid breaking cross-version migration,
enable only for qemu 1.3 (or in the future, newer) machine type.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 17:59:06 +02:00
Alex Williamson
05c0621e64 pci: Return PCI_INTX_DISABLED when no bus INTx routing support
Rather than assert, simply return PCI_INTX_DISABLED when we don't
have a pci_route_irq_fn.  PIIX already returns DISABLED for an
invalid pin, so users already deal with this state.  Users of this
interface should only be acting on an ENABLED or INVERTED return
value (though we really have no support for INVERTED).  Also
complain loudly when we hit this so we don't forget it's missing.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jan Kiszka <jan.kiszka@siemens.com>
2012-10-29 17:59:06 +02:00
Alex Williamson
2b199f9318 pci-assign: Use msi_get_message()
pci-assign only uses a subset of the flexibility msi_get_message()
provides, but it's still worthwhile to use it.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 17:59:06 +02:00
Alex Williamson
39b9bc626a msi: Add msi_get_message()
vfio-pci and pci-assign both do this on their own for setting up
direct MSI injection through KVM.  Provide a helper function for
this in MSI code.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 17:59:06 +02:00
Alex Williamson
4774d7b258 pci-assign: Use pci_intx_route_changed()
Replace open coded version

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 17:59:06 +02:00
Alex Williamson
d6e65d54f0 pci: Helper function for testing if an INTx route changed
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-10-29 17:59:06 +02:00
Anthony Liguori
6b0e6468e3 Merge remote-tracking branch 'kraxel/usb.68' into staging
* kraxel/usb.68: (36 commits)
  xhci: fix usb name in caps
  xhci: make number of interrupters and slots configurable
  xhci: allow disabling interrupters
  xhci: flush endpoint context unconditinally
  xhci: fix function name in error message
  uhci: Use only one queue for ctrl endpoints
  uhci: Retry to fill the queue while waiting for td completion
  uhci: Always mark a queue valid when we encounter it
  uhci: When the guest marks a pending td non-active, cancel the queue
  uhci: Detect guest td re-use
  uhci: Verify queue has not been changed by guest
  uhci: Immediately free queues on device disconnect
  uhci: Store ep in UHCIQueue
  uhci: Make uhci_fill_queue() actually operate on an UHCIQueue
  uhci: Add uhci_read_td() helper function
  uhci: Rename UHCIAsync->td to UHCIAsync->td_addr
  uhci: Move emptying of the queue's asyncs' queue to uhci_queue_free
  uhci: Drop unnecessary forward declaration of some static functions
  uhci: Don't retry on error
  uhci: cleanup: Add an unlink call to uhci_async_cancel()
  ...

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-29 10:34:29 -05:00
Alexander Graf
a178274efa PPC: pseries: Remove hack for PIO window
Now that all users of old_portio are gone, we can remove the hack
that enabled us to support them.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:56 +01:00
Alexander Graf
a1bc20dfbb PPC: e500: Map PIO space into core memory region
On PPC, we don't have PIO. So usually PIO space behind a PCI bridge is
accessible via MMIO. Do this mapping explicitly by mapping the PIO space
of our PCI bus into a memory region that lives in memory space.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:56 +01:00
Alexander Graf
626c7a171e xen_platform: convert PIO to new memory api read/write
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:56 +01:00
Alexander Graf
360d613e52 vmport: convert PIO to new memory api read/write
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:55 +01:00
Alexander Graf
5ec3a23e6c serial: convert PIO to new memory api read/write
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:55 +01:00
Alexander Graf
1bebb0ad17 rtl8139: convert PIO to new memory api read/write
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:55 +01:00
Alexander Graf
d540bfe0e7 pckbd: convert PIO to new memory api read/write
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:55 +01:00
Alexander Graf
93ef419282 pc port92: convert PIO to new memory api read/write
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:55 +01:00
Alexander Graf
0da8c842b7 mc146818rtc: convert PIO to new memory api read/write
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:55 +01:00
Alexander Graf
087bd055ac m48t59: convert PIO to new memory api read/write
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:55 +01:00
Alexander Graf
0505bcdec8 i8254: convert PIO to new memory api read/write
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:55 +01:00
Alexander Graf
f3726fd78d es1370: convert PIO to new memory api read/write
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:55 +01:00
Alexander Graf
df6db5b32a virtio-pci: convert PIO to new memory api read/write
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:54 +01:00
Alexander Graf
d6a6d362aa ac97: convert PIO to new memory api read/write
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:54 +01:00
David Gibson
74d042e5ce pseries: Implement qemu initiated shutdowns using EPOW events
At present, using 'system_powerdown' from the monitor or otherwise
instructing qemu to (cleanly) shut down a pseries guest will not work,
because we did not have a method of signalling the shutdown request to the
guest.

PAPR does include a usable mechanism for this, though it is rather more
involved than the equivalent on x86.  This involves sending an EPOW
(Environmental and POwer Warning) event through the PAPR event and error
logging mechanism, which also has a number of other functions.

This patch implements just enough of the event/error logging functionality
to be able to send a shutdown event to the guest.  At least with modern
guest kernels and a userspace that is up and running, this means that
system_powerdown from the qemu monitor should now work correctly on pseries
guests.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:54 +01:00
David Gibson
1bfb37d1e0 target-ppc: Rework storage of VPA registration state
With PAPR guests, hypercalls allow registration of the Virtual Processor
Area (VPA), SLB shadow and dispatch trace log (DTL), each of which allow
for certain communication between the guest and hypervisor.  Currently, we
store the addresses of the three areas and the size of the dtl in
CPUPPCState.

The SLB shadow and DTL are variable sized, with the size being retrieved
from within the registered memory area at the hypercall time.  This size
can later be overwritten with other information, however, so we need to
save the size as of registration time.  We already do this for the DTL,
but not for the SLB shadow, so this patch fixes that.

In addition, we change the storage of the VPA information to use fixed
size integer types which will make life easier for syncing this data with
KVM, which we will need in future.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:54 +01:00
David Gibson
c89d52997c pseries: Don't allow duplicate registration of hcalls or RTAS calls
Currently the pseries machine code allows a callback to be registered
for a hypercall number twice, as long as it's the same callback the second
time.  We don't test for duplicate registrations of RTAS callbacks at all
so it will effectively be last registratiojn wins.

This was originally done because it was awkward to ensure that the
registration happened exactly once, but the code has since been
restructured so that's no longer the case.

Duplicate registration of a hypercall or RTAS call could well suggest
a duplicate initialization which could cause other problems, so this patch
makes duplicate registrations a bug, to prevent the old behaviour from
hiding other bugs.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:54 +01:00
zhlcindy@gmail.com
094b287f0b Add USB option in machine options
When -usb option is used, global varible usb_enabled is set.
And all the plaform will create one USB controller according
to this variable. In fact, global varibles make code hard
to read.

So this patch is to remove global variable usb_enabled and
add USB option in machine options. All the plaforms will get
USB option value from machine options.

USB option of machine options will be set either by:
  * -usb
  * -machine type=pseries,usb=on

Both these ways can work now. They both set USB option in
machine options. In the future, the first way will be removed.

Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:54 +01:00
Bharat Bhushan
59de4f98d1 e500: Fix serial initialization
it was wrongly using serial_hds[0] instead of serial_hds[1]

Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-29 11:45:54 +01:00
Alexander Graf
5232fa59b1 PPC: Bamboo: Fix memory size DT property
Device tree properties need to be specified in big endian. Fix the
bamboo memory size property accordingly.

Signed-off-by: Alexander Graf <agraf@suse.de>
CC: qemu-stable@nongnu.org
2012-10-29 11:45:54 +01:00
Peter Crosthwaite
7b482bcfa9 xilinx_zynq: added QSPI controller
Added the QSPI controller to the Zynq. 4 SPI devices are attached to allow
modelling of the different geometries. E.G. Dual parallel and dual stacked
mode can both be tested with this one arrangement.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
2012-10-29 16:38:26 +10:00
Peter Crosthwaite
f12411440b xilinx_spips: Generalised to model QSPI
Extended the xilinx spips controller to model QSPI as well. Paremeterised the
operational difference with the normal spi controller (num_ss_bits, width of the
tx/rx fifo heads etc.). Multiple bus functionality is modelled (needed for QSPI
dual parallel mode. LQSPI is modelled.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
2012-10-29 16:38:26 +10:00
Peter Crosthwaite
419336a9f9 m25p80: Support for Quad SPI
Added the Quad mode read and write commands. Data remains serialized on a
single wire, i.e. the quad mode instructions just behave the same as single
mode, with the expection of modelling the varying number of dummy/mode bytes
between the address bytes and the first data word.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
2012-10-29 16:38:26 +10:00
Max Filippov
50cd721482 hw/xtensa_sim: get rid of intermediate xtensa_sim_init
Remove xtensa_sim_init that only explodes machine init args, rename
sim_init to xtensa_sim_init.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-27 15:04:00 +00:00
Max Filippov
d64ed08eec hw/xtensa_lx60: don't prematurely explode QEMUMachineInitArgs
Don't explode QEMUMachineInitArgs before passing it to lx_init.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-27 15:03:59 +00:00
Gerd Hoffmann
0ebfb144e8 xhci: fix usb name in caps
Used to be "UTB" not "USB".

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 14:38:12 +02:00
Gerd Hoffmann
91062ae00f xhci: make number of interrupters and slots configurable
Add properties to tweak the numbers of available interrupters and slots.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 14:37:34 +02:00
Gerd Hoffmann
e099ad4b7e xhci: allow disabling interrupters
For secondary interrupters this is explicitly allowed in the specs.
For the primary interrupter behavior is undefined, lets be friendly
and allow disabling too.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 14:35:55 +02:00
Gerd Hoffmann
3f973ee84e xhci: flush endpoint context unconditinally
Not updating the endpoint context in case the state didn't change is
wrong.  Other context fields might have changed, for example the
dequeue pointer in response to a CR_SET_TR_DEQUEUE command.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 14:35:47 +02:00
Gerd Hoffmann
79a8af3509 xhci: fix function name in error message
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 14:35:39 +02:00
Hans de Goede
6fe30910ab uhci: Use only one queue for ctrl endpoints
ctrl endpoints use different pids for different phases of a control
transfer, this patch makes us use only one queue for a ctrl ep, rather
then 3.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:12 +02:00
Hans de Goede
8928c9c43d uhci: Retry to fill the queue while waiting for td completion
If the guest is using multiple transfers to try and keep the usb bus busy /
used at maximum efficiency, currently we would see / do the following:

1) submit transfer 1 to the device
2) submit transfer 2 to the device
3) report transfer 1 completion to guest
4) report transfer 2 completion to guest
5) submit transfer 1 to the device
6) report transfer 1 completion to guest
7) submit transfer 2 to the device
8) report transfer 2 completion to guest
etc.

So after the initial submission we would effectively only have 1 transfer
in flight, rather then 2. This is caused by us not checking the queue for
addition of new transfers by the guest (ie the resubmission of a recently
finished transfer), while waiting for a pending transfer to complete.
This patch does add a check for this, changing the sequence to:

1) submit transfer 1 to the device
2) submit transfer 2 to the device
3) report transfer 1 completion to guest
4) submit transfer 1 to the device
5) report transfer 2 completion to guest
6) submit transfer 2 to the device
etc.

Thus keeping 2 transfers in flight (most of the time, and always 1),
as intended by the guest.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:12 +02:00
Hans de Goede
3905097ea8 uhci: Always mark a queue valid when we encounter it
Before this patch we would not mark a queue valid when its head was a
non-active td. This causes us to misbehave in the following scenario:

1) queue with multiple input transfers queued
2) We hit some latency issue, causing qemu to get behind processing frames
3) When qemu gets to run again, it notices the first transfer ends short,
   marking the head td non-active
4) It now processes 32+ frames in a row without giving the guest a chance
   to run since it is behind
5) valid is decreased to 0, causing the queue to get cancelled also cancelling
   already queued up further input transfers
6) guest gets to run, notices the inactive td, cleanups up further tds
   from the short transfer, and lets the queue continue at the first td of
   the next input transfer
7) we re-start the queue, issuing the second input transfer for the *second*
   time, and any data read by the first time we issued it has been lost

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:12 +02:00
Hans de Goede
420ca987d5 uhci: When the guest marks a pending td non-active, cancel the queue
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:12 +02:00
Hans de Goede
8c75a899f8 uhci: Detect guest td re-use
A td can be reused by the guest in a different queue, before we notice
the original queue has been unlinked. So search for tds by addr only, detect
guest td reuse, and cancel the original queue, this is necessary to keep our
packet ids unique.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:11 +02:00
Hans de Goede
66a08cbe6a uhci: Verify queue has not been changed by guest
According to the spec a guest can unlink a qh, and then as soon as frindex
has changed by 1 since the unlink, assume it is idle and re-use it. However
for various reasons, we cannot simply consider a qh as unlinked if we've not
seen it for 1 frame. This means that it is possible for a guest to re-use /
restart the queue while we still see its old state. This patch adds a safety
check for this, and "early" retires queues when they were changed by the guest.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:11 +02:00
Hans de Goede
5ad23e873c uhci: Immediately free queues on device disconnect
There is no need to just cancel any in-flight packets, and then wait
for validate-end to clean things up, we can simply clean things up
immediately on device removal.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:11 +02:00
Hans de Goede
11d15e402b uhci: Store ep in UHCIQueue
This avoids the need to repeatedly lookup the device, and ep.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:11 +02:00
Hans de Goede
a4f30cd766 uhci: Make uhci_fill_queue() actually operate on an UHCIQueue
And move its calling point to handle_td, this removes the ep_ret ugliness,
and prepates the way for further cleanups in the follow-up patches in this
patch-set.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:11 +02:00
Hans de Goede
963a68b54f uhci: Add uhci_read_td() helper function
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:11 +02:00
Hans de Goede
1f250cc772 uhci: Rename UHCIAsync->td to UHCIAsync->td_addr
We use the name td both to refer to a UHCI_TD read from guest memory as
well as to refer to the guest address where a td is stored, switch over
to always use td_addr in the second case for consistency.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:11 +02:00
Hans de Goede
4050737726 uhci: Move emptying of the queue's asyncs' queue to uhci_queue_free
Cleanup: all callers of uhci_queue_free first unconditionally cancel
all remaining asyncs in the queue, so lets move this to uhci_queue_free().

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:11 +02:00
Hans de Goede
3c87c76d1a uhci: Drop unnecessary forward declaration of some static functions
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:11 +02:00
Hans de Goede
a89e255b0c uhci: Don't retry on error
Since we are either dealing with emulated devices, where retrying is
not going to help, or with redirected devices where the host OS will
have already retried, don't bother retrying on failed transfers.

Also move some common/indentical code out of all the error cases
into the generic error path.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:10 +02:00
Hans de Goede
2f2ee2689f uhci: cleanup: Add an unlink call to uhci_async_cancel()
All callers of uhci_async_cancel() call uhci_async_unlink() first, so
lets move the unlink call to uhci_async_cancel()

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:10 +02:00
Hans de Goede
5b352ed537 uhci: No need to handle async completion of isoc packets
No devices ever return async for isoc endpoints and the core
already enforces this.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:10 +02:00
Hans de Goede
aaac74343d usb: Enforce iso endpoints never returing USB_RET_ASYNC
ehci was already testing for this, and we depend in various places
on no devices doing this, so lets move the check for this to the
usb core.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:10 +02:00
Hans de Goede
a6fb2ddb14 usb: Add an int_req flag to USBPacket
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:10 +02:00
Hans de Goede
6ba43f1f6b usb: Move short-not-ok handling to the core
After a short-not-ok packet ending short, we should not advance the queue.
Move enforcing this to the core, rather then handling it in the hcd code.

This may result in the queue now actually containing multiple input packets
(which would not happen before), and this requires special handling in
combination with pipelining, so disable pipleining for input endpoints
(for now).

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:10 +02:00
Hans de Goede
0cae7b1a00 usb: Move clearing of queue on halt to the core
hcds which queue up more then one packet at once (uhci, ehci and xhci),
must clear the queue after an error which has caused the queue to halt.

Currently this is handled as a special case inside the hcd code, this
patch instead adds an USB_RET_REMOVE_FROM_QUEUE packet result code, teaches
the 3 hcds about this and moves the clearing of the queue on a halt into
the USB core.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:10 +02:00
Hans de Goede
36dfe324fd usb: Add USB_RET_ADD_TO_QUEUE packet result code
This can be used by usb-device code which wishes to process an entire endpoint
queue at once, to do this the usb-device code returns USB_RET_ADD_TO_QUEUE
from its handle_data class method and defines a flush_ep_queue class method
to call when the hcd is done queuing up packets.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:09 +02:00
Hans de Goede
d0ff81b871 usb: Rename __usb_packet_complete to usb_packet_complete_one
And make it available for use outside of core.c

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:09 +02:00
Hans de Goede
3151f2096d xhci: Add a xhci_ep_nuke_one_xfer helper function
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:09 +02:00
Hans de Goede
b4ea866499 ehci: Retry to fill the queue while waiting for td completion
If the guest is using multiple transfers to try and keep the usb bus busy /
used at maximum efficiency, currently we would see / do the following:

1) submit transfer 1 to the device
2) submit transfer 2 to the device
3) report transfer 1 completion to guest
4) report transfer 2 completion to guest
5) submit transfer 1 to the device
6) report transfer 1 completion to guest
7) submit transfer 2 to the device
8) report transfer 2 completion to guest
etc.

So after the initial submission we would effectively only have 1 transfer
in flight, rather then 2. This is caused by us not checking the queue for
addition of new transfers by the guest (ie the resubmission of a recently
finished transfer), while waiting for a pending transfer to complete.
This patch does add a check for this, changing the sequence to:

1) submit transfer 1 to the device
2) submit transfer 2 to the device
3) report transfer 1 completion to guest
4) submit transfer 1 to the device
5) report transfer 2 completion to guest
6) submit transfer 2 to the device
etc.

Thus keeping 2 transfers in flight (most of the time, and always 1),
as intended by the guest.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:09 +02:00
Hans de Goede
e3a36bce1d ehci: Detect going in circles when filling the queue
For ctrl endpoints Windows (atleast Win7) creates circular td lists, so far
these were not a problem because we would stop filling the queue if altnext
was set. Since further patches in this patchset remove the altnext check this
does become a problem and we need detection for going in circles.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:09 +02:00
Hans de Goede
44272b0f88 ehci: Speed up the timer of raising int from the async schedule
Often the guest will queue up new packets in response to a packet, in the
async schedule with its IOC flag set, completing. By speeding up the
frame-timer, we notice these new packets earlier. This increases the
speed (MB/s) of a Linux guest reading from a USB mass storage device by a
factor of 1.15 on top of the "Improve latency of interrupt delivery"
speed-ups, both with and without input pipelining enabled.

I've not tested the speed-up of this patch without the
"Improve latency of interrupt delivery" patch.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:09 +02:00
Hans de Goede
0262f65aaa ehci: Improve latency of interrupt delivery and async schedule scanning
While doing various performance tests of reading from USB mass storage devices
I noticed the following::
1) When an async handled packet completes, we don't immediately report an
   interrupt to the guest, instead we wait for the frame-timer to run and
   report it from there
2) If 1) has been fixed and an async handled packet takes a while to complete,
   then async_stepdown will become a high value, which means that there
   will be a large latency before any new packets queued by the guest in
   response to the interrupt get seen

1) was done deliberately as part of commit f0ad01f92:
http://www.kraxel.org/cgit/qemu/commit/?h=usb.57&id=f0ad01f92ca02eee7cadbfd225c5de753ebd5fce
Since setting the interrupt immediately on async packet completion was causing
issues with Linux guests, I believe this recently fixed Linux bug explains
why this is happening:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=361aabf395e4a23cf554cf4ec0c0c6963b8beb01

Note that we can *not* count on this fix being present in all Linux guests!

I was hoping that the recently added support for Interrupt Threshold Control
would fix the issues with Linux guests, but adding a simple ehci_commit_irq()
call to ehci_async_bh() still caused problems with Linux guests.

The problem is, that when doing ehci_commit_irq() from ehci_async_bh(),
the "old" frindex value is used to calculate usbsts_frindex, and when
the frame-timer then runs possibly very shortly after ehci_async_bh(),
it increases the frame-timer, and thus any interrupts raised from that
frame-timer run, will also get reported to the guest immediately, rather
then being delayed to the next frame-timer run.

Luckily the solution for this is simple, this means that we need to
increase frindex before calling ehci_commit_irq() from ehci_async_bh(),
which in the end boils down to simple calling ehci_frame_timer() instead
of ehci_async_bh() from the bh.

This may seem like it causes a lot of extra work to be done, but this
is not true. Any work done from the frame-timer processing the periodic
schedule is work which then does not need to be done the next time the
frame timer runs, also the frame-timer will re-arm itself at (possibly)
a later time then it was armed for saving a vmexit at that time.

As an additional advantage moving to simply calling the frame-timer also
fixes 2) as the packet completion will set async_stepdown to 0, and the
re-arming of the timer with an async_stepdown of 0 ensures that any
newly queued up packets get seen in a reasonable amount of time.

This improves the speed (MB/s) of a Linux guest reading from a USB mass
storage device by a factor of 1.5 - 1.7 with input pipelining disabled,
and by a factor of 1.8 with input pipelining enabled.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:09 +02:00
Hans de Goede
cf08a8a1f6 ehci: Set int flag on a short input packet
According to 4.15.1.2 an interrupt must be raised when a short packet
is received. If we don't do this it may take a significant time for
the guest to notice a short trasnfer has completed, since only the last td
will have its IOC flag set, and a short transfer may complete in an earlier
packet.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:09 +02:00
Hans de Goede
549a3c3d96 ehci: Get rid of packet tbytes field
This field is used in some places to track the tbytes field of the token, but
in other places the field is used directly, use it directly everywhere for
consistency.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:09 +02:00
Hans de Goede
7c2eaca4ef uhci: Move checks to continue queuing to uhci_fill_queue()
Rather then having a special check to start queuing after the first packet,
and then another check for the other packets in uhci_fill_queue(), simply
check the previous packet beforehand in uhci_fill_queue()

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:08 +02:00
Hans de Goede
00a0770de3 uhci: Properly unmap packets on cancel / invalid pid
Packets with an invalid pid, or which were cancelled have
usb_packet_map() called on them on init, but not usb_packet_unmap()
before being freed.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:08 +02:00
Avi Kivity
a8170e5e97 Rename target_phys_addr_t to hwaddr
target_phys_addr_t is unwieldly, violates the C standard (_t suffixes are
reserved) and its purpose doesn't match the name (most target_phys_addr_t
addresses are not target specific).  Replace it with a finger-friendly,
standards conformant hwaddr.

Outstanding patchsets can be fixed up with the command

  git rebase -i --exec 'find -name "*.[ch]"
                        | xargs s/target_phys_addr_t/hwaddr/g' origin

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-23 08:58:25 -05:00
Anthony Liguori
50d2b4d93f Merge remote-tracking branch 'qemu-kvm/memory/urgent' into staging
* qemu-kvm/memory/urgent:
  memory: abort if a memory region is destroyed during a transaction
  i440fx: avoid destroying memory regions within a transaction
  memory: Make eventfd adhere to device endianness
2012-10-22 14:49:18 -05:00
Anthony Liguori
248bbe7493 Merge remote-tracking branch 'awilliam/tags/vfio-pci-for-qemu-20121017.0' into staging
* awilliam/tags/vfio-pci-for-qemu-20121017.0:
  vfio-pci: Mark non-migratable
  vfio-pci: Fix debug build
2012-10-22 14:48:23 -05:00
Gerd Hoffmann
da124e62de usb-serial: only expose device in guest when the chardev is open
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-22 13:26:42 -05:00
Gerd Hoffmann
70330fb3da usb-serial: don't magically zap chardev on umplug
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-22 13:26:42 -05:00
Gerd Hoffmann
90734e02bd serial: add pci-serial documentation
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-22 13:26:42 -05:00
Gerd Hoffmann
d66bbea4e0 serial: add 2x + 4x pci variant
Add multiport serial card implementation, with two variants, one
featuring two and one featuring four ports.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-22 13:26:42 -05:00
Gerd Hoffmann
419ad67208 serial: add pci variant
So we get a hot-pluggable 16550 uart.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-22 13:26:42 -05:00
Gerd Hoffmann
488cb996cd serial: split serial.c
Split serial.c into serial.c, serial.h and serial-isa.c.  While being at
creating a serial.h header file move the serial prototypes from pc.h to
the new serial.h.  The latter leads to s/pc.h/serial.h/ in tons of
boards which just want the serial bits from pc.h

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-22 13:26:42 -05:00
Anthony Liguori
f526f3c315 Merge remote-tracking branch 'quintela/migration-next-20121017' into staging
* quintela/migration-next-20121017: (41 commits)
  cpus: create qemu_in_vcpu_thread()
  savevm: make qemu_file_put_notify() return errors
  savevm: un-export qemu_file_set_error()
  block-migration: handle errors with the return codes correctly
  block-migration:  Switch meaning of return value
  block-migration: make flush_blks() return errors
  buffered_file: buffered_put_buffer() don't need to set last_error
  savevm: Only qemu_fflush() can generate errors
  savevm: make qemu_fill_buffer() be consistent
  savevm: unexport qemu_ftell()
  savevm: unfold qemu_fclose_internal()
  savevm: make qemu_fflush() return an error code
  savevm: Remove qemu_fseek()
  virtio-net: use qemu_get_buffer() in a temp buffer
  savevm: unexport qemu_fflush
  migration: make migrate_fd_wait_for_unfreeze() return errors
  buffered_file: make buffered_flush return the error code
  buffered_file: callers of buffered_flush() already check for errors
  buffered_file: We can access directly to bandwidth_limit
  buffered_file: unfold migrate_fd_close
  ...
2012-10-22 13:26:23 -05:00
Anthony Liguori
d3e2efc5b5 Merge remote-tracking branch 'qemu-kvm/memory/dma' into staging
* qemu-kvm/memory/dma: (23 commits)
  pci: honor PCI_COMMAND_MASTER
  pci: give each device its own address space
  memory: add address_space_destroy()
  dma: make dma access its own address space
  memory: per-AddressSpace dispatch
  s390: avoid reaching into memory core internals
  memory: use AddressSpace for MemoryListener filtering
  memory: move tcg flush into a tcg memory listener
  memory: move address_space_memory and address_space_io out of memory core
  memory: manage coalesced mmio via a MemoryListener
  xen: drop no-op MemoryListener callbacks
  kvm: drop no-op MemoryListener callbacks
  xen_pt: drop no-op MemoryListener callbacks
  vfio: drop no-op MemoryListener callbacks
  memory: drop no-op MemoryListener callbacks
  memory: provide defaults for MemoryListener operations
  memory: maintain a list of address spaces
  memory: export AddressSpace
  memory: prepare AddressSpace for exporting
  xen_pt: use separate MemoryListeners for memory and I/O
  ...
2012-10-22 13:26:07 -05:00
Avi Kivity
1c380f9460 pci: honor PCI_COMMAND_MASTER
Currently we ignore PCI_COMMAND_MASTER completely: DMA succeeds even when
the bit is clear.

Honor PCI_COMMAND_MASTER by inserting a memory region into the device's
bus master address space, and tying its enable status to PCI_COMMAND_MASTER.

Tested using

  setpci -s 03 COMMAND=3

while a ping was running on a NIC in slot 3.  The kernel (Linux) detected
the stall and recovered after the command

  setpci -s 03 COMMAND=7

was issued.

Signed-off-by: Avi Kivity <avi@redhat.com>
2012-10-22 14:50:08 +02:00
Avi Kivity
817dcc5368 pci: give each device its own address space
Accesses from different devices can resolve differently
(depending on bridge settings, iommus, and PCI_COMMAND_MASTER), so
set up an address space for each device.

Currently iommus are expressed outside the memory API, so this doesn't
work if an iommu is present.

Signed-off-by: Avi Kivity <avi@redhat.com>
2012-10-22 14:50:08 +02:00
Avi Kivity
b90600eed3 dma: make dma access its own address space
Instead of accessing the cpu address space, use an address space
configured by the caller.

Eventually all dma functionality will be folded into AddressSpace,
but we have to start from something.

Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
2012-10-22 14:50:08 +02:00
Avi Kivity
f6790af6bc memory: use AddressSpace for MemoryListener filtering
Using the AddressSpace type reduces confusion, as you can't accidentally
supply the MemoryRegion you're interested in.

Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
2012-10-22 14:50:07 +02:00
Peter Maydell
a5089c0501 hw/pl031: Use LOG_GUEST_ERROR
Use LOG_GUEST_ERROR rather than hw_error or direct fprintf.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-20 07:56:22 +00:00
Peter Maydell
af83c32bd4 hw/pl022: Use LOG_UNIMP and LOG_GUEST_ERROR
Use LOG_UNIMP and LOG_GUEST_ERROR where appropriate rather
than hw_error().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-20 07:56:22 +00:00
Peter Maydell
6d5433e00a hw/pl011: Use LOG_UNIMP and LOG_GUEST_ERROR
Use the new LOG_UNIMP and LOG_GUEST_ERROR logging types rather
than hw_error().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-20 07:56:22 +00:00
Peter Maydell
fd271e81aa hw/pl190: Use LOG_GUEST_ERROR
If the guest attempts an offset to a nonexistent register, just
log this via LOG_GUEST_ERROR rather than killing QEMU with a hw_error.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-20 07:56:22 +00:00
Peter Maydell
b1d9df9021 hw/pl041: Use LOG_UNIMP
Use the new LOG_UNIMP tracing to report unimplemented
features.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-20 07:56:22 +00:00
Peter Maydell
9351d70829 hw/pl181: Use LOG_UNIMP and LOG_GUEST_ERROR
Rather than a mix of direct printing to stderr and aborting
via hw_error(), use LOG_UNIMP and LOG_GUEST_ERROR.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-20 07:56:22 +00:00
Peter Maydell
051c02b6c9 hw/hw.h: Add include of qemu-log.h
Add an include of qemu-log.h to hw.h, so that device model
code has access to these logging functions without the need
to directly include qemu-log.h.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-20 07:56:22 +00:00
Eduardo Habkost
5f072e1f30 create struct for machine initialization arguments
This should help us to:
- More easily add or remove machine initialization arguments without
  having to change every single machine init function;
- More easily make mechanical changes involving the machine init
  functions in the future;
- Let machine initialization forward the init arguments to other
  functions more easily.

This change was half-mechanical process: first the struct was added with
the local ram_size, boot_device, kernel_*, initrd_*, and cpu_model local
variable initialization to all functions. Then the compiler helped me
locate the local variables that are unused, so they could be removed.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-20 07:53:28 +00:00
Gerd Hoffmann
a96d8bea8e vga: remove CONFIG_BOCHS_VBE
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-20 07:52:54 +00:00
Gerd Hoffmann
cc22824860 vga: add specs for standard vga
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-20 07:52:54 +00:00
Gerd Hoffmann
803ff052b6 vga: add mmio bar to standard vga
This patch adds a mmio bar to the qemu standard vga which allows to
access the standard vga registers and bochs dispi interface registers
via mmio.

Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-20 07:52:54 +00:00
Gerd Hoffmann
0d0302e203 vga: fix indention
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-20 07:52:54 +00:00
Alex Williamson
d9f0e63898 vfio-pci: Mark non-migratable
We haven't magically fixed this yet.  Toss in a description too.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2012-10-17 11:20:14 -06:00
Alex Williamson
a011b10e0c vfio-pci: Fix debug build
Stray variable from before MSI-X rework

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2012-10-17 11:20:11 -06:00
Juan Quintela
e398d61b47 virtio-net: use qemu_get_buffer() in a temp buffer
qemu_fseek() is known to be wrong.  Would be removed on the next
commit.  This code should never been used (value has been
MAC_TABLE_ENTRIES since 2009).

Signed-off-by: Juan Quintela <quintela@redhat.com>

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2012-10-17 18:34:59 +02:00
Avi Kivity
2725aec701 i440fx: avoid destroying memory regions within a transaction
Calling memory_region_destroy() within a transaction is illegal, since
the memory API is allowed to continue to dispatch to a region until the
transaction commits.  440fx does that however when managing PAM registers.

This bug is benign, since the regions are all aliases (which the memory
core tends to throw anyway), and since we don't do concurrent dispatch yet,
but instead of relying on that, tighten ship ahead of the coming concurrency
storm.

Fix by having a predefined set of regions, of which one will be enabled at
any time.

Signed-off-by: Avi Kivity <avi@redhat.com>
2012-10-17 17:10:04 +02:00
Avi Kivity
6381fc188c xen_pt: drop no-op MemoryListener callbacks
Removes quite a bit of useless code.

Signed-off-by: Avi Kivity <avi@redhat.com>
2012-10-15 11:43:07 +02:00
Avi Kivity
e71e602cb5 vfio: drop no-op MemoryListener callbacks
Removes quite a bit of useless code.

Signed-off-by: Avi Kivity <avi@redhat.com>
2012-10-15 11:43:07 +02:00
Avi Kivity
12b40e471f xen_pt: use separate MemoryListeners for memory and I/O
Using an unfiltered memory listener will cause regions to be reported
fails multiple times if we have more than two address spaces.  Use a separate
listener for memory and I/O, and utilize MemoryListener's address space
filtering to fix this.

Signed-off-by: Avi Kivity <avi@redhat.com>
2012-10-15 11:43:06 +02:00
Avi Kivity
0fada67420 vhost: use MemoryListener filtering to only monitor RAM address space
Instead of checking manually, let the listener filter for us.  This prepares
us for DMA address spaces.

Signed-off-by: Avi Kivity <avi@redhat.com>
2012-10-15 11:43:06 +02:00
Andreas Färber
b64ba4b232 sun4u: Pass SPARCCPU to cpu_set_ivec_irq()
Needed for moving halted field to CPUState.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-13 10:44:13 +00:00
Andreas Färber
ce18c558f0 sun4u: Pass SPARCCPU to cpu_kick_irq()
Needed for changing qemu_cpu_kick() argument type to CPUState.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-13 10:44:13 +00:00
Andreas Färber
6b678e1f9b sun4u: Pass SPARCCPU to {,s,hs}tick_irq() and cpu_timer_create()
Needed for changing cpu_kick_irq() argument type to SPARCCPU.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-13 10:44:13 +00:00
Andreas Färber
38c66cf281 sun4m: Pass SPARCCPU to cpu_kick_irq()
Needed for changing qemu_cpu_kick() argument type to CPUState.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-13 10:44:13 +00:00
Andreas Färber
e0bbf9b573 sun4m: Pass SPARCCPU to cpu_set_irq()
Needed for changing cpu_kick_irq() argument type to SPARCCPU.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-10-13 10:44:13 +00:00
Anthony Liguori
ae72f3f539 Merge remote-tracking branch 'pmaydell/arm-devs.for-upstream' into staging
* pmaydell/arm-devs.for-upstream:
  arm_gic: Rename gic_state to GICState
  zynq_slcr: Fixed ResetValues enum
  versatilepb: add gpio pl061 support
  hw/ds1338: Implement state save/restore
  hw/ds1338: Remove 'now' field from state struct
  hw/ds1338: Recapture current time when register pointer wraps around
  hw/ds1338: Fix mishandling of register pointer
  hw/arm_gic.c: Fix improper DPRINTF output.
  cadence_ttc: Fix 'clear on read' behavior
2012-10-12 11:20:14 -05:00
Anthony Liguori
628cc97df7 Merge remote-tracking branch 'kraxel/usb.67' into staging
* kraxel/usb.67:
  uhci: Raise interrupt when requested even for non active tds
  usb-redir: Don't make migration fail in none seamless case
  usb-redir: Change usbredir_open_chardev into usbredir_create_parser
2012-10-12 09:14:32 -05:00
Anthony Liguori
557e01a3f9 Merge remote-tracking branch 'awilliam/tags/vfio-pci-for-qemu-20121008.0' into staging
* awilliam/tags/vfio-pci-for-qemu-20121008.0:
  vfio-pci: Fix BAR->VFIODevice translation in
  vfio-pci: Clang cleanup
  vfio-pci: Cleanup on INTx setup failure
  vfio-pci: Extend reset
  vfio-pci: Remove setting of MSI qsize
  vfio-pci: Use uintptr_t for void* cast
  vfio-pci: Don't peak at msi_supported
  vfio-pci: Roll the header into the .c file
  vfio-pci: No spurious MSIs
  vfio-pci: Rework MSIX setup/teardown
  vfio-pci: Unmap and retry DMA mapping
  vfio-pci: Re-order map/unmap
  vfio-pci: Update slow path INTx algorithm
2012-10-12 09:14:14 -05:00
Anthony Liguori
4336ef7a55 Merge remote-tracking branch 'stefanha/net' into staging
* stefanha/net:
  net: consolidate NetClientState header files into one
  virtio-net: update nc.link_down in virtio_net_load()
  e1000: update nc.link_down in e1000_post_load()
  rtl8139: implement 8139cp link status
2012-10-12 09:14:04 -05:00
Anthony Liguori
3f42ac89ba Merge remote-tracking branch 'spice/spice.v61' into staging
* spice/spice.v61:
  qxl: set default revision to 4
  spice: raise requirement to 0.12
  hw/qxl: qxl_dirty_surfaces: use uintptr_t
  hw/qxl: fix condition for exiting guest_bug
  hw/qxl: exit on failure to register qxl interface
  qxl: fix range check for rev3 io commands.
  qxl/update_area_io: cleanup invalid parameters handling
  qxl: always update displaysurface on resize
2012-10-12 09:13:58 -05:00
Peter Maydell
fae1528675 arm_gic: Rename gic_state to GICState
Rename the gic_state struct to match QEMU's coding style conventions
for structure names, since the impending KVM-for-ARM patches will
create another subclass of it. This patch was created using:
  sed -i 's/gic_state/GICState/g' hw/arm_gic.c hw/arm_gic_common.c \
    hw/arm_gic_internal.h hw/armv7m_nvic.c

Acked-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-12 11:54:39 +01:00
Peter A. G. Crosthwaite
fa2ddcb4f5 zynq_slcr: Fixed ResetValues enum
There is a gap in the reset region of the address space at offset 0x208. This
throws out all these enum values by one when translating them to address offsets.
Fixed by putting the corresponding gap in the enum as well.

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-12 11:54:39 +01:00
Jean-Christophe PLAGNIOL-VILLARD
853e65e0b4 versatilepb: add gpio pl061 support
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-12 11:54:39 +01:00
Peter Maydell
f4741402ab hw/ds1338: Implement state save/restore
Implement state save/restore for the DS1338. This requires
the usual minor adjustment of types in the state struct to
get fixed-width ones with vmstate macros.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-12 11:54:38 +01:00
Peter Maydell
7f7fd0f2e4 hw/ds1338: Remove 'now' field from state struct
The 'struct tm now' field in the state structure is in fact only
ever used as a temporary (the actual RTC state is held in 'offset').
Remove it from the state structure in favour of using local variables
to avoid confusion about whether it needs to be saved on migration.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-12 11:54:38 +01:00
Peter Maydell
35b87a8613 hw/ds1338: Recapture current time when register pointer wraps around
The DS1338 datasheet documents that the current time is captured into
the secondary registers when the register pointer wraps round to zero
as well as at a START condition. Implement this.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-12 11:54:38 +01:00
Peter Maydell
ba4906a9b6 hw/ds1338: Fix mishandling of register pointer
Correct several deficiencies in the handling of the register pointer:
 * it should wrap around after 0x3f, not 0xff
 * guard against the caller handing us an out of range pointer
   (on h/w this can never happen, because only a 7 bit value is
   transferred over the I2C bus)
 * there was confusion over whether nvram[] holds only the 56 bytes
   of guest-accessible NVRAM, or also the secondary registers
   which hold the value of the clock captured at the start of a
   multibyte read. Correct to consistently be the latter, by fixing
   the array size and the offset used for NVRAM writes.
 * ds1338_send was attempting to use 'data' as both the data and
   the register offset simultaneously, which meant that writes to
   any register were broken; fix to use the register pointer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-12 11:54:38 +01:00
Evgeny Voevodin
9ab1b6053f hw/arm_gic.c: Fix improper DPRINTF output.
s->cpu_enabled is an array, so s->cpu_enabled ? "En" : "Dis" returns
"En" always. We should use s->cpu_enabled[cpu] here.

Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-12 11:54:37 +01:00
Soren Brinkmann
884285bf64 cadence_ttc: Fix 'clear on read' behavior
A missing call to qemu_set_irq() when reading the IRQ register
required SW to write to the IRQ register to acknowledge an
interrupt. With this patch the behavior is fixed:
 - Reading the interrupt register clears it and updates the timers
   interrupt status
 - Writes to the interrupt register are ignored

Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-12 11:54:37 +01:00
Hans de Goede
883bca776d uhci: Raise interrupt when requested even for non active tds
According to the spec we must raise an interrupt when one is requested
even for non active tds.

Linux depends on this, for bulk transfers it runs an inactivity timer
to work around a bug in early uhci revisions, when we take longer then
200 ms to process a packet, this timer goes of, and as part of the
handling Linux then unlinks the qh, and relinks it after the frindex
has increased by atleast 1, the problem is Linux only checks for the
frindex increases on an interrupt, and we don't send that, causing
the qh to go inactive for more then 32 frames, at which point we
consider the packet cancelled.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-11 09:33:33 +02:00
Hans de Goede
5c16f76781 usb-redir: Don't make migration fail in none seamless case
Instead simple disconnect the device like host redirection does on
migration.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-11 09:32:10 +02:00
Hans de Goede
dbbf01958e usb-redir: Change usbredir_open_chardev into usbredir_create_parser
As we need to create the parser at more places.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-11 09:32:10 +02:00
Peter Crosthwaite
b4ae3cfa57 ssi: Add slave autoconnect helper
Added helper function to automatically connect SPI slaves based on the QOM child
nodes of a device. A SSI master device can call this routine to automatically
hook-up all child nodes to its SPI bus.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-10 11:13:32 +10:00
Peter A. G. Crosthwaite
559d489f13 xilinx_zynq: Added SPI controllers + flashes
Added the two SPI controllers to the zynq machine model. Attached two SPI flash
devices to each controller.

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-10 11:13:32 +10:00
Peter A. G. Crosthwaite
94befa454d xilinx_spips: Xilinx Zynq SPI cntrlr device model
Added device model for the Xilinx Zynq SPI controller (SPIPS).

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-10 11:13:32 +10:00
Peter A. G. Crosthwaite
acd3b6be32 petalogix-ml605: added SPI controller with n25q128
Added SPI controller to the reference design, with two n25q128 spi-flashes
connected.

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-10 11:13:32 +10:00
Peter A. G. Crosthwaite
929d1b52c4 xilinx_spi: Initial impl. of Xilinx SPI controller
Device model for xilinx XPS SPI controller (v2.0)

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
2012-10-10 11:13:32 +10:00
Peter A. G. Crosthwaite
82a2499011 m25p80: Initial implementation of SPI flash device
Added device model for m25p80 style SPI flash family.

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
2012-10-10 11:13:32 +10:00
Peter A. G. Crosthwaite
a3578d4a51 hw: Added generic FIFO API.
Added a FIFO API that can be used to create and operate byte FIFOs.

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
2012-10-10 11:13:32 +10:00
Peter A. G. Crosthwaite
8120e7144b stellaris: Removed SSI mux
Removed the explicit SSI mux and wired the CS line directly up to the SSI
devices.

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
2012-10-10 11:13:32 +10:00
Peter A. G. Crosthwaite
1e5b31e6bd qdev: allow multiple qdev_init_gpio_in() calls
Allow multiple qdev_init_gpio_in() calls for the one device. The first call will
define GPIOs 0-N-1, the next GPIOs N- ... . Allows different GPIOs to be handled
with different handlers. Needed when two levels of the QOM class heirachy both
define GPIO functionality, as a single GPIO handler with an index selecter is
not possible.

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-10 11:13:32 +10:00
Peter A. G. Crosthwaite
74687e40b0 ssi: Added create_slave_no_init()
Slave creation function that can be used to create an SSI slave without
qdev_init() being called. This give machine models a chance to set properties.

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-10 11:13:31 +10:00
Peter A. G. Crosthwaite
6653095331 ssi: Implemented CS behaviour
Added default CS behaviour for SSI slaves. SSI devices can set a property
to enable CS behaviour which will create a GPIO on the device which is the
CS. Tristating of the bus on SSI transfers is implemented.

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-10 11:13:31 +10:00
Peter A. G. Crosthwaite
b4a76e84f4 ssi: Support for multiple attached devices
Removed assertion that only one device is attached to the SSI bus.

When multiple devices are attached, all slaves have their transfer function
called for transfers. Each device is responsible for knowing whether or not its
CS is active, and if not returning 0. The returned data is the logical or of
all responses from the (mulitple) devices.

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-10 11:13:31 +10:00
Jan Kiszka
3a4f2816fa vfio-pci: Fix BAR->VFIODevice translation in
DO_UPCAST is supposed to translate from the first member of a struct to
that struct, not from arbitrary ones. And it (usually) breaks the build
when neglecting this rule. Use container_of to fix the build breakage
and likely also the runtime behavior.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
aw: runtime behavior is actually the same, but clearly misuse of DO_UPCAST
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2012-10-08 08:45:31 -06:00
Alex Williamson
1a40313381 vfio-pci: Clang cleanup
Blue Swirl reports that Clang doesn't like the structure we define to
avoid dynamic allocation for a number of calls to VFIO_DEVICE_SET_IRQS.
Adding an element after a variable sized type is a GNU extension.
Switch back to dynamic allocation, which really isn't a problem since
this is only done on interrupt setup changes.

Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2012-10-08 08:45:31 -06:00
Alex Williamson
ce59af2dba vfio-pci: Cleanup on INTx setup failure
Missing some unwind code.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2012-10-08 08:45:30 -06:00
Alex Williamson
5834a83f48 vfio-pci: Extend reset
Take what we've learned from pci-assign and apply it to vfio-pci.
On reset, disable previous interrupt config, perform a device
reset if available, re-enable INTx, and disable memory regions on
the device to prevent continuing DMA.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2012-10-08 08:45:30 -06:00
Alex Williamson
9b1e45c8f1 vfio-pci: Remove setting of MSI qsize
This was a misinterpretation of the spec, hardware doesn't get to
specify how many were actually enabled through this field.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2012-10-08 08:45:30 -06:00
Alex Williamson
5976cdd58b vfio-pci: Use uintptr_t for void* cast
We don't seem to run into any sign extension problems, but
unsigned looks more correct.

Signed-off-by: Alex williamson <alex.williamson@redhat.com>
2012-10-08 08:45:30 -06:00
Alex Williamson
e43b9a5a4f vfio-pci: Don't peak at msi_supported
Let the init function fail, just don't warn for -ENOTSUP.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2012-10-08 08:45:30 -06:00
Alex Williamson
5c97e5eba6 vfio-pci: Roll the header into the .c file
It's only ~100 lines and nobody else should be using this.
Suggested by Michael Tsirkin.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2012-10-08 08:45:30 -06:00
Alex Williamson
98cd5a5eaf vfio-pci: No spurious MSIs
FreeBSD doesn't like these spurious MSIs, remove them as they're
mostly paranoia anyway.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2012-10-08 08:45:29 -06:00
Alex Williamson
fd704adc47 vfio-pci: Rework MSIX setup/teardown
We try to do lazy initialization of MSIX since we don't actually need
to setup anything until MSIX vectors start getting used.  This leads
to problems if MSIX is enabled, but never used (we can end up trying
to re-enable INTx while it's still enabled).  We also run into
problems trying to expand our reset function to tear down interrupts
as we can then get vector release notifications after we've released
data structures.  By making explicit initialization and teardown we
can avoid both of these problems and behave more similar to bare
metal.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2012-10-08 08:45:29 -06:00
Alex Williamson
12af134487 vfio-pci: Unmap and retry DMA mapping
Occasionally we get regions added that overlap with existing mappings.
These always seems to be in the VGA ROM range.  VFIO returns EBUSY
for these mapping attempts.  We can try a little harder and assume
that the latest mapping is correct by removing any overlapping ranges
and retrying the original request.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2012-10-08 08:45:29 -06:00
Alex Williamson
af6bc27e39 vfio-pci: Re-order map/unmap
This cleans up the next patch that calls unmap from map.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2012-10-08 08:45:29 -06:00
Alex Williamson
ea486926b0 vfio-pci: Update slow path INTx algorithm
We can't afford the overhead of switching out and back into mmap mode
around each interrupt, but we can do it lazily via a timer.  On INTx
interrupt, disable the mmap'd memory regions and set a timer.  On
every interrupt, push the timer out.  If the timer expires and the
interrupt is no longer pending, switch back to mmap mode.

This has the benefit that things like graphics cards, which rarely or
never, fire an interrupt don't need manual user intervention to add
the x-intx=off parameter.  They'll just remain in mmap mode until they
trigger an interrupt, and if they don't continue to regularly fire
interrupts, they'll switch back.

The default timeout is tuned for network cards so that a ping is just
enough to keep them in non-mmap mode, where they have much better
latency.  It is tunable with an experimental option,
x-intx-mmap-timeout-ms.  A value of 0 keeps the device in non-mmap
mode after the first interrupt.

It's possible we could look at the class code of devices and come up
with reasonable per-class defaults based on expected interrupt
frequency and latency.  None of this is used for MSI interrupts and
also won't be used if we can bypass through KVM.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2012-10-08 08:45:29 -06:00
Amos Kong
9899148110 virtio-net: update nc.link_down in virtio_net_load()
nc.link_down could not be migrated, this patch updates link_down in
virtio_post_load() to keep it coincident with real link status.

Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-10-08 13:59:40 +02:00
Amos Kong
e4b8236440 e1000: update nc.link_down in e1000_post_load()
This patch introduced e1000_post_load(), it will be called in the end of
migration. nc.link_down could not be migrated, this patch updates
link_down in e1000_post_load() to keep it coincident with real link
status.

Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-10-08 13:59:40 +02:00
Jason Wang
9e12c5aff2 rtl8139: implement 8139cp link status
Add a link status chang callback and change the link status bit in BMSR
& MSR accordingly. Tested in Linux/Windows guests.

The link status bit of MediaStatus is infered from BasicModeStatus,
they are inverse.

nc.link_down could not be migrated, this patch updates link_down in
rtl8139_post_load() to keep it coincident with real link status.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-10-08 13:59:39 +02:00
Gerd Hoffmann
591af14359 qxl: set default revision to 4
Set qxl pci revision to 4 (for pc-1.3+) so guests know
spice-server 0.12 features are available.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-08 12:15:17 +02:00
Gerd Hoffmann
67be6726b6 spice: raise requirement to 0.12
With the next qemu version (1.3) we are going to bump the qxl device
revision to 4.  The new features available require a recent spice-server
version, so raise up the bar.  Otherwise we would end up with different
qxl revisions depending on the spice-server version installed, which
would be a major PITA when it comes to compat properties.

Clear out a big bunch of #ifdefs which are not needed any more.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-08 12:15:17 +02:00
Alon Levy
c5825ac6c8 hw/qxl: qxl_dirty_surfaces: use uintptr_t
As suggested by Paolo Bonzini, to avoid possible integer overflow issues.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-08 12:15:17 +02:00
Alon Levy
d96aafca05 hw/qxl: fix condition for exiting guest_bug
Reported and suggested by Paolo Bonzini, thanks.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-08 12:15:17 +02:00
Alon Levy
e25a0651f4 hw/qxl: exit on failure to register qxl interface
This prevents a segfault later on when the device reset handler
tries to access a NULL ssd.worker since interface_attach_worker has
not been called.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-08 12:15:17 +02:00
Gerd Hoffmann
ffe01e599f qxl: fix range check for rev3 io commands.
Enables QXL_IO_FLUSH_SURFACES_ASYNC and QXL_IO_FLUSH_RELEASE
which are part of the qxl rev3 feature set.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-08 12:15:17 +02:00
Michael Tokarev
36a03e0ba5 qxl/update_area_io: cleanup invalid parameters handling
This cleans up two additions of almost the same code in commits
511b13e2c9 and ccc2960d65.  While at it, make error paths
consistent (always use 'break' instead of 'return').

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Cc: Dunrong Huang <riegamaths@gmail.com>
Cc: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-08 12:15:16 +02:00
Gerd Hoffmann
0ec8df3974 qxl: always update displaysurface on resize
Don't try to be clever and skip displaysurface reinitialization in case
the size hasn't changed.  Other parameters might have changed
nevertheless, for example depth or stride, resulting in rendering being
broken then.

Trigger: boot linux guest with vesafb, start X11, make sure both vesafb
and X11 use the display same resolution.  Then watch X11 screen being
upside down.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-08 07:37:10 +02:00
Aurelien Jarno
048d3612a5 Merge branch 'trivial-patches' of git://github.com/stefanha/qemu
* 'trivial-patches' of git://github.com/stefanha/qemu:
  versatilepb: Use symbolic indices for ARM PIC
  qdev: kill bogus comment
  qemu-barrier: Fix compiler version check for future gcc versions
  hw: Add missing 'static' attribute for QEMUMachine
  cleanup useless return sentence
  qemu-sockets: Fix compiler warning (regression for MinGW)
  vnc: Fix spelling (hellmen -> hellman) in comment
  slirp: Fix spelling in comment (enought -> enough, insure -> ensure)
  tcg/arm: Use tcg_out_mov_reg rather than inline equivalent code
  cpu: Add missing 'static' attribute to qemu_global_mutex
  configure: Support empty target list (--target-list=)
  hw: Fix return value check for bdrv_read, bdrv_write
2012-10-06 18:54:14 +02:00
Aurelien Jarno
6b2f90fbbd Merge branch 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf
* 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf: (35 commits)
  PPC: KVM: Fix BAT put
  PPC: e500: Only expose even TLB sizes in initial TLB
  ppc/pseries: Reset VPA registration on CPU reset
  pseries: Don't test for MSR_PR for hypercalls under KVM
  PPC: e500: calculate initrd_base like dt_base
  PPC: e500: increase DTC_LOAD_PAD
  device tree: simplify dumpdtb code
  fdt: move dumpdtb interpretation code to device_tree.c
  target-ppc: Remove unused power_mode field from cpu state
  pseries: Set hash table size based on RAM size
  pseries: Remove unnecessary locking from PAPR hash table hcalls
  ppc405_uc: Fix buffer overflow
  target-ppc: KVM: Fix some kernel version edge cases for kvmppc_reset_htab()
  pseries: Fix semantics of RTAS int-on, int-off and set-xive functions
  pseries: Rework implementation of TCE bypass
  pseries: Remove never used flags field from spapr vio devices
  pseries: Remove XICS irq type enum type
  pseries: Remove C bitfields from xics code
  pseries: Small cleanup to H_CEDE implementation
  pseries: Fix XICS reset
  ...
2012-10-06 18:51:36 +02:00
Aurelien Jarno
457ebdcd91 vga: cleanup after isa_vga_init() and pci_vga_init() conversion
Now that all machines call isa_vga_init() or pci_vga_init(), some unused
code can be removed.

Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-10-06 18:48:39 +02:00
Aurelien Jarno
f642dfce19 mips/r4k: use the new is_vga_init() function
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-10-06 18:48:39 +02:00
Aurelien Jarno
16094b75b3 pc: use the new pci_vga_init() and isa_vga_init() functions
The CONFIG_SPICE is now tested in vl.c and thus not needed anymore.

Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-10-06 18:48:39 +02:00
Aurelien Jarno
f289877143 sun/sun4u: use the new pci_vga_init() function
As a bonus it allows new vga card types (including none).

Acked-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-10-06 18:48:39 +02:00
Aurelien Jarno
1ddcae82a2 ppc/pSeries: use the new pci_vga_init() function
Keep the case to prevent some vga card to be selected.

Cc: Alexander Graf <agraf@suse.de>
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-10-06 18:48:39 +02:00
Aurelien Jarno
95fa01fab0 ppc/prep: use the new pci_vga_init() function
As a bonus it allows new vga card types (including none).

Acked-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-10-06 18:48:39 +02:00
Aurelien Jarno
3e20ad3a9b ppc/oldworld: use the new pci_vga_init() function
As a bonus it allows new vga card types (including none).

Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-10-06 18:48:38 +02:00
Aurelien Jarno
e7a2e96df0 ppc/newworld: use the new pci_vga_init() function
As a bonus it allows new vga card types (including none).

Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-10-06 18:48:38 +02:00
Aurelien Jarno
606f90cc22 alpha: use the new pci_vga_init() function
This remove the fallback to std-vga in case, as availability of the
requested vga device is now tested in vl.c, and returns an error message
to the user.

Acked-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-10-06 18:48:38 +02:00
Aurelien Jarno
9c59864d16 mips/malta: use the new pci_vga_init() function
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-10-06 18:48:38 +02:00
Aurelien Jarno
14e7a6456e isa: add a isa_vga_init() function
This function create a ISA VGA device according to the value of
vga_interface_type. It returns a ISADevice (and not a DeviceState).

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-10-06 18:48:38 +02:00
Aurelien Jarno
129d42fb84 pci: add a pci_vga_init() function
This function create a PCI VGA device according to the value of
vga_interface_type. It returns a PCIDevice (and not a DeviceState).

Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-10-06 18:48:38 +02:00
Aurelien Jarno
36b7f27d21 vl.c: convert *vga_enabled functions to QOM
And get rid of qdev_exists().

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-10-06 18:48:37 +02:00
Aurelien Jarno
6405c86412 vga: rename isa_vga_init() to isa_std_vga_init()
This better explains what is this function about. Adjust all callers.

Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-10-06 18:48:37 +02:00
Aurelien Jarno
a1e472119a vga: rename pci_vga_init() into pci_std_vga_init()
This better explains what is this function about. Adjust all callers.

Cc: Alexander Graf <agraf@suse.de>
Cc: Andreas Färber <andreas.faerber@web.de>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: Anthony Liguori <aliguori@us.ibm.com>
Acked-by: Richard Henderson <rth@twiddle.net>
Acked-by: Blue Swirl <blauwirbel@gmail.com>
Acked-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-10-06 18:48:37 +02:00
Stefan Weil
c9159fe9aa Remove libhw
The entries for libhw* are no longer needed in .gitignore.

There is also no longer a difference between common-obj-y and
hw-obj-y, so one of those two macros is sufficient.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 16:07:49 -05:00
Stefan Weil
02cd521f6e versatilepb: Use symbolic indices for ARM PIC
It is more readable, and all other code does it like that, too.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-10-05 15:50:09 +02:00
Eduardo Habkost
c36b7de64d qdev: kill bogus comment
When the DeviceInfo code was removed, the comment describing
qdev_subclass_init() was left in the code by mistake. Remove it.

Cc: qemu-trivial@nongnu.org
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-10-05 15:49:23 +02:00
Stefan Weil
da665c99f1 hw: Add missing 'static' attribute for QEMUMachine
It was missing for leon3 and mips_fulong2e.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-10-05 15:17:54 +02:00
Amos Kong
4d5b97da35 cleanup useless return sentence
This patch cleans up return sentences in the end of void functions.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-10-05 15:10:21 +02:00
Paolo Bonzini
b8994faf2a rtc: implement century byte
Implement the century byte in the RTC emulation, and test that it works.
This leads to some annoying compatibility code because we need to treat
a value of 2000 for the base_year property as "use the century byte
properly" (which would be a value of 0).

The century byte will now be always-zero, rather than always-20,
for the MIPS Magnum machine whose base_year is 1980.  Commit 42fc73a
(Support epoch of 1980 in RTC emulation for MIPS Magnum, 2009-01-24)
correctly said:

    With an epoch of 1980 and a year of 2009, one could argue that [the
    century byte] should hold either 0, 1, 19 or 20.  NT 3.50 on MIPS
    does not read the century byte.

so I picked the simplest and most sensible implementation which is to
return 0 for 1980-2079, 1 for 2080-2179 and so on.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 08:02:30 -05:00
Paolo Bonzini
e67edb943f rtc: map CMOS index 0x37 to 0x32 on read and writes
QEMU's attempt to implement the century byte cover two possible places
for the byte.  A common one on modern chipsets is 0x32, but QEMU also
stores the value in 0x37 (apparently for IBM PS/2 compatibility---it's
only been 25 years).  To simplify the implementation of the century
byte, store it only at 0x32 but remap transparently 0x37 to 0x32 when
reading and writing from CMOS.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 08:02:30 -05:00
Jim Meyering
9310b9be14 hw/r2d: add comment: this strncpy use is ok
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:38 -05:00
Jim Meyering
3cda346269 acpi: remove strzcpy (strncpy-identical) function; just use strncpy
Adjust all uses s/strzcpy/strncpy/ and mark these uses
of strncpy as "ok".

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:38 -05:00
Jim Meyering
9d055d8ac8 vscsi: avoid unwarranted strncpy
Don't use strncpy when the source string is known to fit
in the destination buffer.  Use equivalent memcpy.
We could even use strcpy, here, but some static analyzers
warn about that, so don't add new uses.

Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:37 -05:00
Jim Meyering
9238c2099d virtio-9p: avoid unwarranted uses of strncpy
In all of these cases, the uses of strncpy were unnecessary, since
at each point of use we know that the NUL-terminated source bytes
fit in the destination buffer.  Use memcpy in place of strncpy.

Acked-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:37 -05:00
Jim Meyering
e5fda03839 bt: replace fragile snprintf use and unwarranted strncpy
In bt_hci_name_req a failed snprintf could return len larger than
sizeof(params.name), which means the following memset call would
have a "length" value of (size_t)-1, -2, etc...  Sounds scary.
But currently, one can deduce that there is no problem:
strlen(slave->lmp_name) is guaranteed to be smaller than
CHANGE_LOCAL_NAME_CP_SIZE, which is the same as sizeof(params.name),
so this cannot happen.  Regardless, there is no justification for
using snprintf+memset.  Use pstrcpy instead.

Also, in bt_hci_event_complete_read_local_name, use pstrcpy in place
of unwarranted strncpy.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:37 -05:00
Jim Meyering
1044dc1118 lm32: avoid buffer overrun
Actually do what the comment says, using pstrcpy NUL-terminate:
strncpy does not always do that.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:37 -05:00
Jim Meyering
a79b5f8b80 hw/9pfs: avoid buffer overrun
v9fs_add_dir_node and qemu_v9fs_synth_add_file used strncpy
to form node->name, which requires NUL-termination, but
strncpy does not ensure NUL-termination.
Use pstrcpy, which does.

Acked-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:37 -05:00
Jim Meyering
a5cf8262e4 scsi, pci, qdev, isa-bus, sysbus: don't let *_get_fw_dev_path return NULL
Use g_strdup rather than strdup, because the sole caller
(qdev_get_fw_dev_path_helper) assumes it gets non-NULL, and dereferences
it.  Besides, in that caller, the allocated buffer is already freed with
g_free, so it's better to allocate with a matching g_strdup.

In one case, (scsi-bus.c) it was trivial, so I replaced an snprintf+
g_strdup combination with an equivalent g_strdup_printf use.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 07:58:36 -05:00
Stefan Weil
7a608f562e hw: Fix return value check for bdrv_read, bdrv_write
Those functions return -errno in case of an error.
The old code would typically only detect EPERM (1) errors.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-10-05 13:54:35 +02:00
Anthony Liguori
a14c74928b Merge remote-tracking branch 'sstabellini/xen-2012-10-03' into staging
* sstabellini/xen-2012-10-03:
  xen: Set the vram dirty when an error occur.
  exec, memory: Call to xen_modified_memory.
  exec: Introduce helper to set dirty flags.
  xen: Introduce xen_modified_memory.
  QMP, Introduce xen-set-global-dirty-log command.
  qemu/xen: Add 64 bits big bar support on qemu
  xen: Fix, no unplug of pt device by platform device.
2012-10-04 19:56:26 -05:00
Anthony Liguori
05d4f2f2ca Merge remote-tracking branch 'kwolf/for-anthony' into staging
* kwolf/for-anthony: (30 commits)
  qemu-iotests: add tests for streaming error handling
  qemu-iotests: map underscore to dash in QMP argument names
  blkdebug: process all set_state rules in the old state
  stream: add on-error argument
  block: introduce block job error
  iostatus: reorganize io error code
  iostatus: change is_read to a bool
  iostatus: move BlockdevOnError declaration to QAPI
  iostatus: rename BlockErrorAction, BlockQMPEventAction
  qemu-iotests: add test for pausing a streaming operation
  qmp: add block-job-pause and block-job-resume
  block: add support for job pause/resume
  qmp: add 'busy' member to BlockJobInfo
  block: add block_job_query
  block: move job APIs to separate files
  block: fix documentation of block_job_cancel_sync
  qerror/block: introduce QERR_BLOCK_JOB_NOT_ACTIVE
  qemu-iotests: add initial tests for live block commit
  QAPI: add command for live block commit, 'block-commit'
  block: helper function, to find the base image of a chain
  ...
2012-10-04 19:53:50 -05:00
Anthony Liguori
97f3461555 Merge remote-tracking branch 'qmp/queue/qmp' into staging
* qmp/queue/qmp:
  block: live snapshot documentation tweaks
  input: index_from_key(): drop unused code
  qmp: qmp_send_key(): accept key codes in hex
  input: qmp_send_key(): simplify
  hmp: dump-guest-memory: hardcode protocol argument to "file:"
  qmp: dump-guest-memory: don't spin if non-blocking fd would block
  qmp: dump-guest-memory: improve schema doc (again)
  qapi: convert add_client
  monitor: add Error * argument to monitor_get_fd
  pci-assign: use monitor_handle_fd_param
  qapi: add "unix" to the set of reserved words
  qapi: do not protect enum values from namespace pollution
  Add qemu-ga-client script
  Support settimeout in QEMUMonitorProtocol
  Make negotiation optional in QEMUMonitorProtocol
2012-10-04 19:52:09 -05:00
Anthony Liguori
6929cf11bb Merge remote-tracking branch 'mst/tags/for_anthony' into staging
* mst/tags/for_anthony:
  virtio-serial-bus: let chardev know the exact number of bytes requested
  virtio: Introduce virtqueue_get_avail_bytes()
  virtio: use unsigned int for counting bytes in vq
  iov: add const annotation
  virtio-net: fix used len for tx
  virtio: don't mark unaccessed memory as dirty
2012-10-04 19:50:33 -05:00
Anthony Liguori
938406dfb1 Merge remote-tracking branch 'kraxel/usb.66' into staging
* kraxel/usb.66:
  usb: Fix usb_packet_map() in the presence of IOMMUs
  usb-redir: Adjust pkg-config check for usbredirparser .pc file rename (v2)
  ehci: Fix interrupt packet MULT handling
  xhci: create a memory region for each port
  xhci: route string & usb hub support
  xhci: tweak limits
  compat: turn off msi/msix on xhci for old machine types
  add pc-1.3 machine type

Conflicts:
	hw/pc_piix.c

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-04 19:49:15 -05:00
Avi Kivity
4be403c815 Make target_phys_addr_t 64 bits unconditionally
The hassle and compile time overhead of maintaining both 32-bit and 64-bit
capable source isn't worth the tiny performance advantage which is seen on
a minority of configurations.  Switch to compiling libhw only once, with
target_phys_addr_t unconditionally typedefed to uint64_t.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-04 19:46:18 -05:00
Alexander Graf
fb37c3029c PPC: e500: Only expose even TLB sizes in initial TLB
When booting our e500 machine, we automatically generate a big TLB entry
in TLB1 that covers all of the code we need to run in there until the guest
can handle its TLB on its own.

However, e500v2 can only handle MAS1.0 sizes. However, we keep our TLB
information in MAS2.0 layout, which means we have twice as many TLB sizes
to choose from. That also means we can run into a situation where we try
to add a TLB size that could not fit into the MAS1.0 size bits.

Fix it by making sure we always have the lower bit set to 0. That way we
are always guaranteed to have MAS1.0 compatible TLB size information.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-05 02:35:11 +02:00
David Gibson
efcb9383b9 pseries: Don't test for MSR_PR for hypercalls under KVM
PAPR hypercalls should only be invoked from the guest kernel, not guest
user programs, that is, with MSR[PR]=0.  Currently we check this in
spapr_hypercall, returning H_PRIVILEGE if MSR[PR]=1.

However, under KVM the state of MSR[PR] is already checked by the host
kernel before passing the hypercall to qemu, making this check redundant.
Worse, however, we don't generally synchronize KVM and qemu state on the
hypercall path, meaning that qemu could incorrectly reject a hypercall
because it has a stale MSR value.

This patch fixes the problem by moving the privilege test exclusively to
the TCG hypercall path.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
CC: qemu-stable@nongnu.org
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-05 02:35:11 +02:00
Scott Wood
7e7ec2d290 PPC: e500: calculate initrd_base like dt_base
While investigating dtb pad issues, I noticed that initrd_base wasn't taking
loadaddr into account the way dt_base was.  This seems wrong.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-05 02:35:11 +02:00
Scott Wood
9dd5eba1bc PPC: e500: increase DTC_LOAD_PAD
An allowance of 5 MiB for BSS is not enough for Linux kernels with certain
debug options enabled (not sure exactly which one caused it, but I'd guess
lockdep).  The kernel I ran into this with had a BSS of around 6.4 MB.

Unfortunately, uImage does not give us enough information to determine the
actual BSS size.  Increase the allowance to 18 MiB to give us plenty of
room.  Eventually this should be more intelligent, possibly packing
initrd+dtb at the end of guest RAM.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-05 02:35:11 +02:00
Alexander Graf
711934334e fdt: move dumpdtb interpretation code to device_tree.c
The dumpdtb code can be useful in more places than just for e500. Move it
to a generic place.

Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-05 02:35:11 +02:00
David Gibson
382be75df7 pseries: Set hash table size based on RAM size
Currently the pseries machine code always attempts to set the size of the
guests's hash page table to 16MB.  However, because of the way the POWER
MMU works, a suitable hash page table size should really depend on memory
size.  16MB will be excessive for guests with <1GB and RAM, and may not be
enough for guests with >2GB of RAM (depending on guest page size and
other factors).

The usual given rule of thumb is that the hash table should be 1/64 of
the size of memory, but in fact the Linux guests we are aiming at don't
really need that much.  This patch, therefore, changes the hash table
allocation code to aim for 1/128 of the size of RAM (rounding up).  When
using KVM, this size may still be adjusted by the host kernel if it is
unable to allocate a suitable (contiguous) table.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:18 +02:00
David Gibson
35f9304d92 pseries: Remove unnecessary locking from PAPR hash table hcalls
In the paravirtualized environment provided by PAPR, there is a standard
locking scheme so that hypercalls updating the hash page table from
different guest threads don't corrupt the haah table state.  We implement
this HVLOCK bit in out page table hypercalls.  However, it is not necessary
in our case, since the hypercalls all run in the qemu environment under the
big qemu lock.

Therefore, this patch removes the locking code.  This has the additional
advantage of freeing up a hash PTE bit which will be useful for migration
support.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:18 +02:00
Stefan Weil
5a1972c847 ppc405_uc: Fix buffer overflow
Report from smatch:

ppc405_uc.c:209 dcr_read_pob(12) error: buffer overflow 'pob->besr' 2 <= 2
ppc405_uc.c:232 dcr_write_pob(12) error: buffer overflow 'pob->besr' 2 <= 2

The old code reads and writes besr[POB0_BESR1 - POB0_BESR0] or besr[2]
which is one too much.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:18 +02:00
David Gibson
3fe719f467 pseries: Fix semantics of RTAS int-on, int-off and set-xive functions
Currently the ibm,int-on and ibm,int-off RTAS functions are implemented as
no-ops.  This is because when implemented as specified in PAPR they caused
Linux (which calls both int-on/off and set-xive) to end up with interrupts
masked when they should not be.  Since Linux's set-xive calls make the
int-on/off calls redundant, making them nops worked around the problem.

In fact, the problem was caused because there was a subtle bug in set-xive,
PAPR specifies that as well as updating the current priority, it also needs
to update the saved priority used by int-on/off.  With this bug fixed the
problem goes away.  This patch implements this more correct fix.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:18 +02:00
David Gibson
53724ee565 pseries: Rework implementation of TCE bypass
On the pseries machine the IOMMU (aka TCE tables) is always active for all
PCI and VIO devices.  Mostly to simplify the SLOF firmware, we implement an
extension which allows the IOMMU to be temporarily disabled for certain
devices.

Currently this is implemented by setting the device's DMAContext pointer to
NULL (thus reverting to qemu's default no-IOMMU DMA behaviour), then
replacing it when bypass mode is disabled.

This approach causes a bunch of complications though.  It complexifies the
management of the DMAContext lifetimes, it's problematic for savevm/loadvm,
and it means that while bypass is active we have nowhere to store the
device's LIOBN (Logical IO Bus Number, used to identify DMA address
spaces).  At present we regenerate the LIOBN from other address information
but this restricts how we can allocate LIOBNs.

This patch gives up on this approach, replacing it with the much simpler
one of having a 'bypass' boolean flag in the TCE state structure.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:18 +02:00
David Gibson
490d4a2b6e pseries: Remove never used flags field from spapr vio devices
The general device state structure for PAPR VIO emulated devices includes a
'flags' field which was never used.  This patch removes it.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:18 +02:00
David Gibson
ff9d2afa61 pseries: Remove XICS irq type enum type
Currently the XICS interrupt controller emulation uses a custom enum to
specify whether a given interrupt is level-sensitive or message-triggered.
This enum makes life awkward for saving the state, and isn't particularly
useful since there are only two possibilities.  This patch replaces the
enum with a simple bool.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:18 +02:00
David Gibson
98ca8c0238 pseries: Remove C bitfields from xics code
The XICS interrupt controller emulation uses some C bitfield variables in
its internal state structure.  This makes like awkward for saving the state
because we don't have easy VMSTATE helpers for bitfields.

This patch removes the bitfields, instead using explicit bit masking in a
single status variable.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:17 +02:00
David Gibson
1dd088946c pseries: Small cleanup to H_CEDE implementation
The H_CEDE hypercall implementation for the pseries machine doesn't trigger
quite the right path in the main cpu exec loop.  We should set exit_request
to pop up one extra level and recheck state, and we should set the
exception_index to EXCP_HLT (H_CEDE is roughly equivalent to the hlt
instruction on x86).

In practice, this doesn't really matter except for KVM, and KVM implements
H_CEDE internally so we never hit this code path.  But we might as well
get it right, just in case it matters some day.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:17 +02:00
David Gibson
256b408abe pseries: Fix XICS reset
The XICS interrupt controller used on the pseries machine currently has no
reset handler.  We can get away with this under some circumstances, but
it's not correct, and can cause failures if the XICS happens to be in the
wrong state at the time of reset.

This patch adds a hook to properly reset the XICS state.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:17 +02:00
David Gibson
eddeed26ac pseries: Reset emulated PCI TCE tables on system reset
The emulated PCI host bridge on the pseries machine incorporates an IOMMU
(PAPR TCE table).  Currently the mappings in this IOMMU are not cleared
when we reset the system.  This patch fixes this bug.  To do this it adds
a new reset function to the IOMMU emulation code.  The VIO devices already
reset their TCE tables, but they do so by destroying and re-creating their
DMA context.  This doesn't work for the PCI host bridge, because the
infrastructure for PCI IOMMUs has already copied/cached the DMA pointer
context into the subordinate PCI device structures.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:17 +02:00
David Gibson
4dd96f244f pseries: Clear TCE and signal state when resetting PAPR VIO devices
When we reset the system, the reset method for VIO bus devices resets
the state of their request queue (if present) as it should.  However
it was not resetting the state of their TCE table (DMA translation) if
present.  It was also not resetting the state of the per-device signal
mask set with H_VIO_SIGNAL.  This patch corrects both bugs, and also
removes some small code duplication in the reset paths.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:17 +02:00
David Gibson
7f763a5d99 pseries: Add support for new KVM hash table control call
This adds support for then new "reset htab" ioctl which allows qemu
to properly cleanup the MMU hash table when the guest is reset. With
the corresponding kernel support, reset of a guest now works properly.

This also paves the way for indicating a different size hash table
to the kernel and for the kernel to be able to impose limits on
the requested size.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:17 +02:00
David Gibson
c8787ad477 pseries: Use new method to correct reset sequence
A number of things need to occur during reset of the PAPR
paravirtualized platform in a specific order.  For example, the hash
table needs to be cleared before the CPUs are reset, so that they
initialize their register state correctly, and the CPUs need to have
their main reset called before we set up the entry point state on the
boot cpu.  We also need to have the main qdev reset happen before the
creation and installation of the device tree for the new boot, because
we need the state of the devices settled to correctly construct the
device tree.

We currently do the pseries once-per-reset initializations done from a
reset handler.  However we can't adequately control when this handler
is called during the reset - in particular we can't guarantee it
happens after all the qdev resets (since qdevs might be registered
after the machine init function has executed).

This patch uses the new QEMUMachine reset method to to fix this
problem, ensuring the various order dependent reset steps happen in
the correct order.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:17 +02:00
David Gibson
048706d971 pseries: Fix and cleanup CPU initialization and reset
The current pseries machine init function iterates over the CPUs at several
points, doing various bits of initialization.  This is messy; these can
and should be merged into a single iteration doing all the necessary per
cpu initialization.  Worse, some of these initializations were setting up
state which should be set on every reset, not just at machine init time.
A few of the initializations simply weren't necessary at all.

This patch, therefore, moves those things that need to be to the
per-cpu reset handler, and combines the remainder into two loops over
the cpus (which also creates them).  The second loop is for setting up
hash table information, and will be removed in a subsequent patch also
making other fixes to the hash table setup.

This exposes a bug in our start-cpu RTAS routine (called by the guest to
start up CPUs other than CPU0) under kvm.  Previously, this function did
not make a call to ensure that it's changes to the new cpu's state were
pushed into KVM in-kernel state.  We sort-of got away with this because
some of the initializations had already placed the secondary CPUs into the
right starting state for the sorts of Linux guests we've been running.

Nonetheless the start-cpu RTAS call's behaviour was not correct and could
easily have been broken by guest changes.  This patch also fixes it.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-10-04 15:54:17 +02:00
Anthony PERARD
910b38e4dc xen: Introduce xen_modified_memory.
This function is to be used during live migration. Every write access to the
guest memory should call this funcion so the Xen tools knows which pages are
dirty.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2012-10-03 13:48:45 +00:00
Xudong Hao
aabc8530c7 qemu/xen: Add 64 bits big bar support on qemu
Currently it is assumed PCI device BAR access < 4G memory. If there is such a
device whose BAR size is larger than 4G, it must access > 4G memory address.
This patch enable the 64bits big BAR support on qemu.

Signed-off-by: Xudong Hao <xudong.hao@intel.com>
Signed-off-by: Xiantao Zhang <xiantao.zhang@intel.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2012-10-03 13:46:23 +00:00
Anthony PERARD
bd4982a6c6 xen: Fix, no unplug of pt device by platform device.
The Xen platform device will unplug any NICs if requested by the guest (PVonHVM)
including a NIC that would have been passthrough. This patch makes sure that a
passthrough device will not be unplug.

Reported-by: "Zhang, Yang Z" <yang.z.zhang@intel.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2012-10-03 13:45:24 +00:00
Anthony Liguori
0f41dc182c vfio_pci: fix build on 32-bit systems
We cannot cast directly from pointer to uint64.

Cc: Alex Williamson <alex.williamson@redhat.com>
Cc: Alex Barcelo <abarcelo@ac.upc.edu>
Reported-by: Alex Barcelo <abarcelo@ac.upc.edu>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-01 13:40:15 -05:00
Alex Williamson
92e1fb5ed1 vfio: Enable vfio-pci and mark supported
Enabled for all softmmu guests supporting PCI on Linux hosts.  Note
that currently only x86 hosts have the kernel side VFIO IOMMU support
for this.  PPC (g3beige) is the only non-x86 guest known to work.
ARM (veratile) hangs in firmware, others untested.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-01 08:04:23 -05:00
Alex Williamson
65501a745d vfio: vfio-pci device assignment driver
This adds the core of the QEMU VFIO-based PCI device assignment driver.
To make use of this driver, enable CONFIG_VFIO, CONFIG_VFIO_IOMMU_TYPE1,
and CONFIG_VFIO_PCI in your host Linux kernel config.  Load the vfio-pci
module.  To assign device 0000:05:00.0 to a guest, do the following:

for dev in $(ls /sys/bus/pci/devices/0000:05:00.0/iommu_group/devices); do
    vendor=$(cat /sys/bus/pci/devices/$dev/vendor)
    device=$(cat /sys/bus/pci/devices/$dev/device)
    if [ -e /sys/bus/pci/devices/$dev/driver ]; then
        echo $dev > /sys/bus/pci/devices/$dev/driver/unbind
    fi
    echo $vendor $device > /sys/bus/pci/drivers/vfio-pci/new_id
done

See Documentation/vfio.txt in the Linux kernel tree for further
description of IOMMU groups and VFIO.

Then launch qemu including the option:

-device vfio-pci,host=0000:05:00.0

Legacy PCI interrupts (INTx) currently makes use of a kludge where we
trap BAR accesses and assume the access is in response to an interrupt,
therefore de-asserting and unmasking the interrupt.  It's not quite as
targetted as using the EOI for this, but it's self contained and seems
to work across all architectures.  The side-effect is a significant
performance slow-down for device in INTx mode.  Some devices, like
graphics cards, don't really use their interrupt, so this can be turned
off with the x-intx=off option, which disables INTx alltogether.  This
should be considered an experimental option until we refine this code.
Both MSI and MSI-X are supported and avoid these issues.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-01 08:04:23 -05:00
Paolo Bonzini
3e1caa5f76 iostatus: reorganize io error code
Move the common part of IDE/SCSI/virtio error handling to the block
layer.  The new function bdrv_error_action subsumes all three of
bdrv_emit_qmp_error_event, vm_stop, bdrv_iostatus_set_err.

The same scheme will be used for errors in block jobs.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-09-28 19:40:56 +02:00
Paolo Bonzini
1ceee0d5cc iostatus: change is_read to a bool
Do this while we are touching this part of the code, before introducing
more uses of "int is_read".

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-09-28 19:40:56 +02:00
Paolo Bonzini
92aa5c6d77 iostatus: move BlockdevOnError declaration to QAPI
This will let block-stream reuse the enum.  Places that used the enums
are renamed accordingly.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-09-28 19:40:26 +02:00
Paolo Bonzini
ff06f5f351 iostatus: rename BlockErrorAction, BlockQMPEventAction
We want to remove knowledge of BLOCK_ERR_STOP_ENOSPC from drivers;
drivers should only be told whether to stop/report/ignore the error.
On the other hand, we want to keep using the nicer BlockErrorAction
name in the drivers.  So rename the enums, while leaving aside the
names of the enum values for now.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-09-28 19:14:32 +02:00
Amit Shah
ad3005ad8c virtio-serial-bus: let chardev know the exact number of bytes requested
Using the virtqueue_avail_bytes() function had an unnecessarily
crippling effect on the number of bytes needed by the guest as reported
to the chardev layer in the can_read() callback.

Using the new virtqueue_get_avail_bytes() function will let us advertise
the exact number of bytes we can send to the guest.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-09-28 12:16:27 +02:00
Amit Shah
0d8d769085 virtio: Introduce virtqueue_get_avail_bytes()
The current virtqueue_avail_bytes() is oddly named, and checks if a
particular number of bytes are available in a vq.  A better API is to
fetch the number of bytes available in the vq, and let the caller do
what's interesting with the numbers.

Introduce virtqueue_get_avail_bytes(), which returns the number of bytes
for buffers marked for both, in as well as out.  virtqueue_avail_bytes()
is made a wrapper over this new function.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-09-28 12:16:27 +02:00
Amit Shah
385ce95d9d virtio: use unsigned int for counting bytes in vq
The virtqueue_avail_bytes() function counts bytes in an int.  Use an
unsigned int instead.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-09-28 12:16:27 +02:00
Michael S. Tsirkin
40bad8f3de virtio-net: fix used len for tx
There is no out sg for TX, so used buf length for tx
should always be 0.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-09-28 12:16:27 +02:00
Michael S. Tsirkin
0cea71a207 virtio: don't mark unaccessed memory as dirty
offset of accessed buffer is calculated using iov_length, so it
can exceed accessed len. If that happens
math in len - offset wraps around, and size becomes wrong.
As real value is 0, so this is harmless but unnecessary.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-09-28 12:16:27 +02:00
Francesco Lavra
3dc3e7dd93 Versatile Express: Add modelling of NOR flash
This patch adds modelling of the two NOR flash banks found on the
Versatile Express motherboard. Tested with U-Boot running on an emulated
Versatile Express, with either A9 or A15 CoreTile.

Signed-off-by: Francesco Lavra <francescolavra.fl@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-09-26 16:48:21 +01:00
Francesco Lavra
661bafb3e1 Versatile Express: Fix NOR flash 0 address and remove flash alias
In the A series memory map (implemented in the Cortex A15 CoreTile), the
first NOR flash bank (flash 0) is mapped to address 0x08000000, while
address 0x00000000 can be configured as alias to either the first or the
second flash bank. This patch fixes the definition of flash 0 address,
and for simplicity removes the alias definition.

Signed-off-by: Francesco Lavra <francescolavra.fl@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-09-26 16:47:45 +01:00
Meador Inge
9892cae395 hw/armv7m_nvic: Correctly register GIC region when setting up NVIC
When setting up the NVIC memory regions the memory range
0x100..0xcff is aliased to an IO memory region that belongs
to the ARM GIC.  This aliased region should be added to the
NVIC memory container, but the actual GIC IO memory region
was being added instead.  This mixup was causing the wrong
IO memory access functions to be called when accessing parts
of the NVIC memory.

Signed-off-by: Meador Inge <meadori@codesourcery.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-09-26 16:46:28 +01:00
Brendan Fennell
14c126baf1 pl190: fix read of VECTADDR
Reading VECTADDR was causing us to set the current priority to
the wrong value, the most obvious effect of which was that we
would return the vector for the wrong interrupt as the result
of the read.

Signed-off-by: Brendan Fennell <bfennell@skynet.ie>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-09-26 16:46:28 +01:00
Paolo Bonzini
9a3a88956c pci-assign: use monitor_handle_fd_param
There is no need to open-code the choice between a file descriptor
number or a named one.  Just use monitor_handle_fd_param, which
also takes care of printing the error message.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
2012-09-26 12:42:19 -03:00
David Gibson
39c138c842 usb: Fix usb_packet_map() in the presence of IOMMUs
With the IOMMU infrastructure introduced before 1.2, we need to use
dma_memory_map() to obtain a qemu pointer to memory from an IO bus address.
However, dma_memory_map() alters the given length to reflect the length
over which the used DMA translation is valid - which could be either more
or less than the requested length.

usb_packet_map() does not correctly handle these cases, simply failing if
dma_memory_map() alters the requested length.  If dma_memory_map()
increased the length, we just need to use the requested length for the
qemu_iovec_add().  However, if it decreased the length, it means that a
single DMA translation is not valid for the whole sglist element, and so
we need to loop, splitting it up into multiple iovec entries for each
piece with a DMA translation (in practice >2 pieces is unlikely).

This patch implements the correct behaviour

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-26 09:24:42 +02:00
Hans de Goede
cae5d3f4b3 ehci: Fix interrupt packet MULT handling
There are several issues with our handling of the MULT epcap field
of interrupt qhs, which this patch fixes.

1) When we don't execute a transaction because of the transaction counter
being 0, p->async stays EHCI_ASYNC_NONE, and the next time we process the
same qtd we hit an assert in ehci_state_fetchqtd because of this. Even though
I believe that this is caused by 3 below, this patch still removes the assert,
as that can still happen without 3, when multiple packets are queued for the
same interrupt ep.

2) We only *check* the transaction counter from ehci_state_execute, any
packets queued up by fill_queue bypass this check. This is fixed by not calling
fill_queue for interrupt packets.

3) Some versions of Windows set the MULT field of the qh to 0, which is a
clear violation of the EHCI spec, but still they do it. This means that we
will never execute a qtd for these, making interrupt ep-s on USB-2 devices
not work, and after recent changes, triggering 1).

So far we've stored the transaction counter in our copy of the mult field,
but with this beginnig at 0 already when dealing with these version of windows
this won't work. So this patch adds a transact_ctr field to our qh struct,
and sets this to the MULT field value on fetchqh. When the MULT field value
is 0, we set it to 4. Assuming that windows gets way with setting it to 0,
by the actual hardware going horizontal on a 1 -> 0 transition, which will
give it 4 transactions (MULT goes from 0 - 3).

Note that we cannot stop on detecting the 1 -> 0 transition, as our decrement
of the transaction counter, and checking for it are done in 2 different places.

Reported-by: Shawn Starr <shawn.starr@rogers.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-26 09:24:41 +02:00
Gerd Hoffmann
1d8a4e69ee xhci: create a memory region for each port
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-26 09:24:41 +02:00
Gerd Hoffmann
ccaf87a085 xhci: route string & usb hub support
Parse route string in slot contexts and
support devices connected via hub.
2012-09-26 09:24:41 +02:00
Gerd Hoffmann
d95e74eaed xhci: tweak limits
Set maxports to 15.  This is what the usb3 route string can handle.

Set maxslots to 64.  This is more than the number of root ports we
can have, but with additional hubs you can end up with more devices.

Set maxintrs (aka msi vectors) to 16.  Should be enougth, especially
considering that vectors are a limited ressource.  Linux guests use
only three at the moment.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-26 09:24:41 +02:00
Gerd Hoffmann
a2879190ab compat: turn off msi/msix on xhci for old machine types
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-26 09:24:41 +02:00
Gerd Hoffmann
356d837256 add pc-1.3 machine type
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-26 09:24:41 +02:00
Amos Kong
ac05f34924 add a boot parameter to set reboot timeout
Added an option to let qemu transfer a configuration file to bios,
"etc/boot-fail-wait", which could be specified by command
    -boot reboot-timeout=T
T have a max value of 0xffff, unit is ms.

With this option, guest will wait for a given time if not find
bootabled device, then reboot. If reboot-timeout is '-1', guest
will not reboot, qemu passes '-1' to bios by default.

This feature need the new seabios's support.

Seabios pulls the value from the fwcfg "file" interface, this
interface is used because SeaBIOS needs a reliable way of
obtaining a name, value size, and value. It in no way requires
that there be a real file on the user's host machine.

Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-25 20:05:04 -05:00
Gerd Hoffmann
c08ba66f13 ivshmem: add 64bit option
This patch adds a "use64" property which will make the ivshmem driver
register a 64bit memory bar when set, so you have something to play with
when testing 64bit pci bits.  It also allows to have quite big shared
memory regions, like this:

[root@fedora ~]# lspci -vs1:1
01:01.0 RAM memory: Red Hat, Inc Device 1110
        Subsystem: Red Hat, Inc Device 1100
        Physical Slot: 1-1
        Flags: fast devsel
        Memory at fd400000 (32-bit, non-prefetchable) [disabled] [size=256]
        Memory at 8040000000 (64-bit, prefetchable) [size=1G]

[ v5: rebase, update compat property for post-1.2 merge ]
[ v4: rebase & adapt to latest master again ]
[ v3: rebase & adapt to latest master ]
[ v2: default to on as suggested by avi,
      turn off for pc-$old using compat property ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Cam Macdonell <cam@cs.ualberta.ca>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-25 18:38:18 -05:00
Gerd Hoffmann
183c5eaa41 compat: turn off msi/msix on xhci for old machine types
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-25 18:38:18 -05:00
Gerd Hoffmann
f430694188 add pc-1.3 machine type
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-25 18:38:18 -05:00
Igor Mammedov
bea42280da target-sparc: use notifier for signaling guest system_powerdown command
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-25 18:37:41 -05:00
Igor Mammedov
c72ddb1e47 target-arm: use notifier for signaling guest system_powerdown command
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-25 18:37:41 -05:00
Igor Mammedov
d010f91c3a acpi: use notifier for signaling guest system_powerdown command
In addition, there is no need to allocate an extra irq just for
rising SCI in irq handler. Just rise SCI right from notifier
handler instead.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-25 18:37:41 -05:00
Anthony Liguori
3988475b9b Merge remote-tracking branch 'stefanha/trivial-patches' into staging
* stefanha/trivial-patches:
  w32: Always use standard instead of native format strings
  net/socket: Fix compiler warning (regression for MinGW)
  linux-user: Remove redundant null check and replace free by g_free
  qemu-timer: simplify qemu_run_timers
  TextConsole: saturate escape parameter in TTY_STATE_CSI
  curses: don't initialize curses when qemu is daemonized
  dtrace backend: add function to reserved words
  pflash_cfi01: Fix warning caused by unreachable code
  ioh3420: Remove unreachable code
  lm4549: Fix buffer overflow
  cadence_uart: Fix buffer overflow
  qemu-sockets: Fix potential memory leak
  qemu-ga: Remove unreachable code after g_error
  target-i386: Allow tsc-frequency to be larger then 2.147G
2012-09-25 16:06:16 -05:00
Anthony Liguori
d352210aed Merge remote-tracking branch 'bonzini/scsi-next' into staging
* bonzini/scsi-next:
  SCSI: Standard INQUIRY data should report HiSup flag as set.
  scsi-disk: use scsi_data_cdb_length
  scsi: introduce scsi_cdb_length and scsi_data_cdb_length
  scsi-disk: fix check for out-of-range LBA
  scsi-disk: introduce check_lba_range
  iSCSI: We dont need to explicitely call qemu_notify_event() any more
  iSCSI: We need to support SG_IO also from iscsi_ioctl()
2012-09-25 16:06:16 -05:00
Stefan Weil
12dabc79f9 pflash_cfi01: Fix warning caused by unreachable code
Report from smatch:
hw/pflash_cfi01.c:431 pflash_write(180) info: ignoring unreachable code.

Instead of removing the return statement after the switch statement,
the patch replaces the return statements in the switch statement by
break statements. Other switch statements in the same code do it also
like that.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-09-23 07:11:28 +01:00
Stefan Weil
997f15672a ioh3420: Remove unreachable code
Report from smatch:
hw/ioh3420.c:128 ioh3420_initfn(35) info: ignoring unreachable code.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-09-23 07:11:28 +01:00
Stefan Weil
8139626643 lm4549: Fix buffer overflow
Report from smatch:
lm4549.c:234 lm4549_write_samples(14) error:
 buffer overflow 's->buffer' 1024 <= 1024

There must be enough space to add two entries starting with index
s->buffer_level, therefore the old check was wrong.

[Peter Maydell <peter.maydell@linaro.org> clarifies the nature of the
analyser warning:

I don't object to making the change to placate the analyser,
but I don't think this is actually a buffer overrun. We always
add and remove samples from the buffer two at a time, so it's
not possible to get here with s->buffer_level == BUFFER_SIZE-1
(which is the only case where the old and new conditions
give different answers).]

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-09-23 07:11:28 +01:00
Stefan Weil
5d40097fc0 cadence_uart: Fix buffer overflow
Report from smatch:
hw/cadence_uart.c:413 uart_read(13) error: buffer overflow 's->r' 18 <= 18

This fixes read access to s->r[R_MAX] which is behind the limits of s->r.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-09-23 07:11:28 +01:00
Aurelien Jarno
cfb75cb980 Merge branch 'usb.65' of git://git.kraxel.org/qemu
* 'usb.65' of git://git.kraxel.org/qemu:
  uhci: Don't queue up packets after one with the SPD flag set
  usb-redir: Revert usb-redir part of commit 93bfef4c
  usb-redir: Add chardev open / close debug logging
  usb-redir: Add support for migration
  usb-redir: Store max_packet_size in endp_data
  usb-redir: Add an already_in_flight packet-id queue
  usb-redir: Change cancelled packet code into a generic packet-id queue
  ehci: Walk async schedule before and after migration
  ehci: Don't set seen to 0 when removing unseen queue-heads
  configure: usbredir fixes
  ehci: Don't process too much frames in 1 timer tick (v2)
  ehci: Fix interrupts stopping when Interrupt Threshold Control is 8
  ehci: switch to new-style memory ops
  usb-host: allow emulated (non-async) control requests without USBPacket
2012-09-21 19:53:26 +02:00
Ronnie Sahlberg
1109c89405 SCSI: Standard INQUIRY data should report HiSup flag as set.
QEMU as far as I know only reports LUN numbers using the modes that
are described in SAM4.
As such, since all LUN numbers generated by the SCSI emulation in QEMU
follow SAM4, we should set the HiSup bit in the standard INQUIRY data
to indicate such.

From SAM4:
  4.6.3 LUNs overview
  All LUN formats described in this standard are hierarchical in
  structure even when only a single level in that hierarchy is used.
  The HISUP bit shall be set to one in the standard INQUIRY data
  (see SPC-4) when any LUN format described in this standard is used.
  Non-hierarchical formats are outside the scope of this standard.

Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
2012-09-21 16:17:49 +02:00
Paolo Bonzini
e93176d55f scsi-disk: use scsi_data_cdb_length
This simplifies and unifies the parsing of READ, WRITE and WRITE SAME
commands.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-09-21 16:17:49 +02:00
Paolo Bonzini
bb729f7581 scsi: introduce scsi_cdb_length and scsi_data_cdb_length
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-09-21 16:14:55 +02:00
Paolo Bonzini
12ca76fc48 scsi-disk: fix check for out-of-range LBA
This fix is needed to correctly handle 0-block read and writes.
Without it, a 0-block access at LBA 0 would underflow.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-09-21 16:12:34 +02:00
Paolo Bonzini
444bc90861 scsi-disk: introduce check_lba_range
Abstract the test for an out-of-range (starting block, block count)
pair.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-09-21 16:12:34 +02:00
Peter Maydell
eb99c9a993 hw/pflash_cfi0[12]: Use host-utils.h ctz32()
Drop the private reimplementation of ctz32() from pflash_cfi0[12]
in favour of using the standard version from host-utils.h.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-09-19 21:40:47 +02:00
Aurelien Jarno
262e1eaafa pflash_cfi01: fix vendor specific extended query
pflash_cfi01 announces a version number of 1.1, which implies
"Protection Register Information" and "Burst Read information"
sections, which are not provided.

Decrease the version number to 1.0 so that only the "Protection
Register Information" section is needed.

Set the number of protection fields (0x3f) to 0x01, as 0x00 means 256
protections field, which makes the CFI table bigger than the current
implementation, causing some kernels to fail to read it.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-09-19 21:40:47 +02:00
Chris Wulff
8354cd722e xilinx_timer: Fix a compile error if debug enabled
There was a missing include of qemu-log and a variable name in a printf was out
of date.

Signed-off-by: Chris Wulff <crwulff@gmail.com>
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
2012-09-19 18:48:09 +02:00
Peter A. G. Crosthwaite
c9b6e1f6bb xilinx: fix names of ethernet and dma links.
These names were incorrect. Fixed to match to actual link names

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
2012-09-19 18:48:08 +02:00
Peter A. G. Crosthwaite
4b5e52101f xilinx.h: Error check when setting links
Assert that the ethernet and dma controller are sucessfully linked to their
peers.

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
2012-09-19 18:48:08 +02:00
Peter A. G. Crosthwaite
919f89f44c xilinx_timer: Fixed "frequency" prop name
The "frequency" qdev prop matches the "clock-frequency" property in Xilinx EDK.
Renamed "frequency" -> "clock-frequency" accordingly.

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
2012-09-19 18:48:08 +02:00
Peter A. G. Crosthwaite
e03377ae75 xilinx_timer: Send dbg msgs to stderr not stdout
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
2012-09-19 18:48:08 +02:00
Peter A. G. Crosthwaite
c0a1dcb9f0 xilinx_timer: Removed comma in device name
Fixes an error in a61e4b07a3

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
2012-09-19 18:48:08 +02:00
Anthony Liguori
109820df4a Merge remote-tracking branch 'kwolf/for-anthony' into staging
* kwolf/for-anthony:
  block: Don't forget to delete temporary file
  Don't require encryption password for 'qemu-img info' command
  qemu-img: Add json output option to the info command.
  qapi: Add SnapshotInfo and ImageInfo.
  ahci: properly reset PxCMD on HBA reset
  block: fix block tray status
  vdi: Fix warning from clang
  block/curl: Fix wrong free statement
  ide: Fix error messages from static code analysis (no real error)
  ATAPI: STARTSTOPUNIT only eject/load media if powercondition is 0
  sheepdog: fix savevm and loadvm
2012-09-17 10:23:15 -05:00
Anthony Liguori
509e9c462d Merge remote-tracking branch 'stefanha/trivial-patches' into staging
* stefanha/trivial-patches:
  configure: fix seccomp check
  arch_init.c: add missing '%' symbols before PRIu64 in debug printfs
  kvm: Fix warning from static code analysis
  qapi: Fix enumeration typo error
  console: Clean up bytes per pixel calculation
  Fix copy&paste typos in documentation comments
  linux-user: Remove #if 0'd cpu_get_real_ticks() definition
  ui: Fix spelling in comment (ressource -> resource)
  Spelling fixes in comments and macro names (ressource -> resource)
  Fix spelling (licenced -> licensed) in GPL
  Spelling fixes in comments and documentation
  srp: Don't use QEMU_PACKED for single elements of a structured type
2012-09-17 10:21:42 -05:00
Anthony Liguori
cd6dcc7105 Merge remote-tracking branch 'spice/spice.v60' into staging
* spice/spice.v60:
  hw/qxl: support client monitor configuration via device
  qxl: add trace-event for QXL_IO_LOG
  hw/qxl: tracing fixes
  qxl: better cleanup for surface destroy
  qxl: Ignore set_client_capabilities pre/post migrate
  qxl: dont update invalid area
  spice: send updates only for changed screen content
  spice: add screen mirror
  spice: split qemu_spice_create_update
  spice: switch to queue for vga mode updates
2012-09-17 10:21:09 -05:00
Anthony Liguori
de71bd6f77 Merge remote-tracking branch 'stefanha/net' into staging
* stefanha/net:
  net: EAGAIN handling for net/socket.c TCP
  net: EAGAIN handling for net/socket.c UDP
  net: asynchronous send/receive infrastructure for net/socket.c
  net: broadcast hub packets if at least one port can receive
  net: fix usbnet_receive() packet drops
  net: clean up usbnet_receive()
  net: add -netdev options to man page
  net: do not report queued packets as sent
  net: add receive_disabled logic to iov delivery path
  eepro100: Fix network hang when rx buffers run out
  xen: flush queue when getting an event
  e1000: flush queue whenever can_receive can go from false to true
  net: notify iothread after flushing queue
2012-09-17 10:20:48 -05:00
Anthony Liguori
31e165f177 Merge remote-tracking branch 'qemu-kvm/uq/master' into staging
* qemu-kvm/uq/master:
  kvm: Rename irqchip_inject_ioctl to irq_set_ioctl
  kvm: Stop flushing coalesced MMIO on vmexit
  VGA: Flush coalesced MMIO on related MMIO/PIO accesses
  memory: Flush coalesced MMIO on mapping and state changes
  memory: Fold memory_region_update_topology into memory_region_transaction_commit
  memory: Use transaction_begin/commit also for single-step operations
  memory: Flush coalesced MMIO on selected region access
  kvm-all.c: Move init of irqchip_inject_ioctl out of kvm_irqchip_create()
  update-linux-headers.sh: Don't hard code list of architectures
2012-09-17 10:20:27 -05:00
Jan Kiszka
ed0ec1aa85 pc: Drop practically unused BOCHS BIOS debug ports
We have debugcon these days to listen on those ports that receive debug
messages. Also drop the others that have no effect anymore.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-17 10:18:48 -05:00
Blue Swirl
89c33337fd Remove unused CONFIG_TCG_PASS_AREG0 and dead code
Now that CONFIG_TCG_PASS_AREG0 is enabled for all targets,
remove dead code and support for !CONFIG_TCG_PASS_AREG0 case.

Remove dyngen-exec.h and all references to it. Although included by
hw/spapr_hcall.c, it does not seem to use it.

Remove unused HELPER_CFLAGS.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
2012-09-15 17:51:14 +00:00
Stefan Hajnoczi
190563f9a9 net: fix usbnet_receive() packet drops
The USB network interface has a single buffer which the guest reads
from.  This patch prevents multiple calls to usbnet_receive() from
clobbering the input buffer.  Instead we queue packets until buffer
space becomes available again.

This is inspired by virtio-net and e1000 rxbuf handling.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-09-14 08:40:32 +01:00
Stefan Hajnoczi
f237ddbb89 net: clean up usbnet_receive()
The USB network interface has two code paths depending on whether or not
RNDIS mode is enabled.  Refactor usbnet_receive() so that there is a
common path throughout the function instead of duplicating everything
across if (is_rndis(s)) ... else ... code paths.

Clean up coding style and 80 character line wrap along the way.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-09-14 08:40:32 +01:00
Bo Yang
1069985fb1 eepro100: Fix network hang when rx buffers run out
This is reported by QA. When installing os with pxe, after the initial
kernel and initrd are loaded, the procedure tries to copy files from install
server to local harddisk, the network becomes stall because of running out of
receive descriptor.

[Whitespace fixes and removed qemu_notify_event() because Paolo's
earlier net patches have moved it into qemu_flush_queued_packets().

Additional info:

I can reproduce the network hang with a tap device doing a iPXE HTTP
boot as follows:

  $ qemu -enable-kvm -m 1024 \
    -netdev tap,id=netdev0,script=no,downscript=no \
    -device i82559er,netdev=netdev0,romfile=80861209.rom \
    -drive if=virtio,cache=none,file=test.img
  iPXE> ifopen net0
  iPXE> config # set static network configuration
  iPXE> kernel http://mirror.bytemark.co.uk/fedora/linux/releases/17/Fedora/x86_64/os/images/pxeboot/vmlinuz

I needed a vanilla iPXE ROM to get to the iPXE prompt.  I think the boot
prompt has been disabled in the ROMs that ship with QEMU to reduce boot
time.

During the vmlinuz HTTP download there is a network hang.  hw/eepro100.c
has reached the end of the rx descriptor list.  When the iPXE driver
replenishes the rx descriptor list we don't kick the QEMU net subsystem
and event loop, thereby leaving the tap netdev without its file
descriptor in select(2).

Stefan Hajnoczi <stefanha@gmail.com>]

Signed-off-by: Bo Yang <boyang@suse.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-09-14 08:40:31 +01:00
Paolo Bonzini
a98b140223 xen: flush queue when getting an event
xen does not have a register that, when written, will cause can_receive
to go from false to true.  However, flushing the queue can be attempted
whenever the front-end raises its side of the Xen event channel.  There
is a single event channel for tx and rx.

Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-09-14 08:40:31 +01:00
Paolo Bonzini
e8b4c680b4 e1000: flush queue whenever can_receive can go from false to true
When the guests replenish the receive ring buffer, the network device
should flush its queue of pending packets.  This is done with
qemu_flush_queued_packets.

e1000's can_receive can go from false to true when RCTL or RDT are
modified.

Reported-by: Luigi Rizzo <rizzo@iet.unipi.it>
Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Cc: Jan Kiszka <jan.kiszka@siemens.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-09-14 08:40:31 +01:00
Paolo Bonzini
987a9b4800 net: notify iothread after flushing queue
virtio-net has code to flush the queue and notify the iothread
whenever new receive buffers are added by the guest.  That is
fine, and indeed we need to do the same in all other drivers.
However, notifying the iothread should be work for the network
subsystem.  And since we are at it we can add a little smartness:
if some of the queued packets already could not be delivered,
there is no need to notify the iothread.

Reported-by: Luigi Rizzo <rizzo@iet.unipi.it>
Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Cc: Jan Kiszka <jan.kiszka@siemens.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-09-14 08:40:31 +01:00
Stefan Weil
52a8e968a3 Spelling fixes in comments and macro names (ressource -> resource)
Macro XEN_HOST_PCI_RESOURCE_BUFFER_SIZE is only used locally,
so the change should be safe.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-09-14 08:21:28 +01:00
Stefan Weil
aade7b91d5 Fix spelling (licenced -> licensed) in GPL
The patch also fixes the case of "written".

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-09-14 08:21:28 +01:00
Stefan Weil
0546b8c2f0 Spelling fixes in comments and documentation
These wrong spellings were detected by codespell:

* successully -> successfully

* alot -> a lot

* wanna -> want to

* infomation -> information

* occured -> occurred

["also is" -> "is also" and "ressources" -> "resources" suggested by
Peter Maydell <peter.maydell@linaro.org>]

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-09-14 08:21:28 +01:00
Stefan Weil
93d3ad2a80 srp: Don't use QEMU_PACKED for single elements of a structured type
QEMU_PACKED results in a MinGW compiler warning when it is
used for single structure elements:

warning: 'gcc_struct' attribute ignored

Using QEMU_PACKED for the whole structure avoids the compiler warning
without changing the memory layout.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-09-14 08:21:27 +01:00
Hans de Goede
72a04d0c17 uhci: Don't queue up packets after one with the SPD flag set
Don't queue up packets after a packet with the SPD (short packet detect)
flag set. Since we won't know if the packet will actually be short until it
has completed, and if it is short we should stop the queue.

This fixes a miniature photoframe emulating a USB cdrom with the windows
software for it not working.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-13 09:50:47 +02:00