Feature, Sector Count, LBA Low/Mid/High and Device registers should be
written only when both BSY and DRQ are cleared to zero.
Command register shall only be written when BSY and DRQ are set to zero
for all commands except DEVICE RESET.
Data Port register shall be accessed for host PIO data transfer only when
DRQ is set to one.
Signed-off-by: Gleb Natapov <gleb@qumranet.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5060 c046a42c-6fe2-441c-8c8c-71466251a162
For some reason we were not registering save/load-vm handler for piix3
flavor of UHCI and hence save/load was broken.
Async transactions need to be canceled when we save the VM because there
is no way we can save/restore all that state. Since we do not mess the
original TD/QH the driver will simply resubmit the transfers.
Tested with Windows XP-SP2 running under QEMU/KQEMU.
Signed-off-by: Max Krasnyansky <maxk@kernel.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5054 c046a42c-6fe2-441c-8c8c-71466251a162
This is esentially a re-write of the QEMU UHCI layer. My initial goal
was to support fully async operation with multiple outstanding async
transactions. Along the way I realized that I can greatly simplify
and cleanup the overall logic. There was a lot of duplicate and confusing
code in the UHCI data structure parsing and other places.
We were actually violating UHCI spec in handling async ISOC transaction
(host controller is not supposed to write into the frame pointer).
The reason I wanted to support fully async operation is because current
synchronous version is unusable with most devices exported from host
(via usb-linux.c). Transactions take a long time and the whole VM becomes
slow as hell.
Current async support is very rudimentory and for the most part
non-functional. Single transaction at a time is simply not enough. I have
a device for which XP driver submits both IN and OUT packets at the same
time. IN packet always times out unless OUT packet makes it to the device.
Hence we must be able to process both in order for that device to work.
The new code is backwards compatible and was first tested agains original
synchronous usb-linux.c and builtin usb devices like tablet which is also
synchronous. Rewrite of the usb-linux.c is coming up next.
Async support was tested against various XP versions (ie XP, SP2, SP3) and
a bunch of different USB devices: serial port controllers, mice, keyboard,
JTAG dongles (from Xilinx and Altera).
ISOC support was only lighly tested and needs more work. It's not any worse
than current code though.
UHCI parser changes are probably somewhat hard to review without the
understanding of the UHCI spec.
The async design should be fairly easy to follow. Basically we have a list
of async objects for each pending transfer. Async objects are tagged with
the original TD (transfer descriptor) address and token. We now support
unlimited number of outstanding isoc and one outstanding bulk/intr/ctrl
transfer per QH (queue head). UHCI spec does not have a clear protocol for
the cancelation of the trasfer requests. Driver can yank out TDs on any
frame boundary. In oder to handle that I added somewhat fancy TD validation
logic logic to avoid unnecessary cancelations.
Signed-off-by: Max Krasnyansky <maxk@kernel.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5050 c046a42c-6fe2-441c-8c8c-71466251a162
A bit better documentation of the USB device API, namely
return codes.
Rewrite of usb_generic_handle_packet() to make it more
reable and easier to follow.
Signed-off-by: Max Krasnyansky <maxk@kernel.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5049 c046a42c-6fe2-441c-8c8c-71466251a162
QEMU can now automatically grab host USB devices that match the filter.
For now I just extended 'host:X.Y' and 'host:VID:PID' syntax to handle
wildcards. So for example if you do something like
usb_add host:5.*
QEMU will automatically grab any non-hub device with host address 5.*.
Same with the 'host:PID:*', we grab any device that matches PID.
Filtering itself is very generic so we can probably add more elaborate
syntax like 'host:BUS.ADDR:VID:PID'. So that we can do 'host:5.*:6000:*'.
Anyway, it's implemented using a periodic timer that scans host devices
and grabs those that match the filter. Timer is started when the first
filter is added.
We now keep the list of all host devices that we grabbed to make sure that
we do not grab the same device twice.
btw It's currently possible to grab the same host device more than once.
ie You can just do "usb_add host:1.1" more than once, which of course does
not work. So this patch fixes that issue too.
Along with auto disconnect patch that I send a minute ago the setup is very
seamless now. You can just allocate some usb ports to the VMs and plug/unplug
devices at any time.
Signed-off-by: Max Krasnyansky <maxk@kernel.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5048 c046a42c-6fe2-441c-8c8c-71466251a162
I got really annoyed by the fact that you have to manually do
usb_del in the monitor when host device is unplugged and decided
to fix it :)
Basically we now automatically remove guest USB device
when the actual host device is disconnected.
At first I've extended set_fd_handlerX() stuff to support checking
for exceptions on fds. But unfortunately usbfs code does not wake up
user-space process when device is removed, which means we need a
timer to periodically check if device is still there. So I removed
fd exception stuff and implemented it with the timer.
Signed-off-by: Max Krasnyansky <maxk@kernel.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5047 c046a42c-6fe2-441c-8c8c-71466251a162
[ Taking latest isapc changes into account. ]
Ensure that PIC-delivered IRQs are properly de-asserted in case the APIC
is in EXTINT or FIXED mode (with level-triggering selected) on LINT0.
Fixes EFI-BIOS boot issues.
This patch also cleans up a bit the interface between PIC and APIC,
making apic_local_deliver private again.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5041 c046a42c-6fe2-441c-8c8c-71466251a162
[ Taking latest isapc changes into account. ]
In case the PIC IRQ gets de-asserted on an isapc machine, we also have
to reset CPU_INTERRUPT_HARD. This is what older qemu (before the
routing-through-APIC changes) used to do as well.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5040 c046a42c-6fe2-441c-8c8c-71466251a162
According to ACPI spec table 4-13 suspend type field should be 3 bits
long.
(Gleb Natapov)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5027 c046a42c-6fe2-441c-8c8c-71466251a162
The APIC timer must not start when the initial count is (still) zero.
This caused occasional stalls when booting secondary CPUs of Linux SMP
guests.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5024 c046a42c-6fe2-441c-8c8c-71466251a162
Cancel AIO in IDE layer on device rest in order to be in deterministic state
during next boot.
Signed-off-by: Gleb Natapov <gleb@qumranet.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5011 c046a42c-6fe2-441c-8c8c-71466251a162
This fixes installation of Windows XP.
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4995 c046a42c-6fe2-441c-8c8c-71466251a162
Add SEEK_STAT in all non-error cases except sleep request, since our
seek times are virtually 0. Although this flag is deprecated by newer
ATA standards, Linux at least checks it for CD drives, and would timeout
in some case if we do not set it.
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4994 c046a42c-6fe2-441c-8c8c-71466251a162
This patch upgrades the emulated UART to 16550A, the code comes from
xen-unstable. The main improvement was introduced with the following patch and
subsequent email thread:
http://lists.xensource.com/archives/html/xen-devel/2007-12/msg00129.html
The changes compared to previous version are:
- change clock_gettime to qemu_get_clock
- no token bucket anymore;
- fixed a small bug handling IRQs; this was the problem that prevented
kgdb to work over the serial (thanks to Jason Wessel for the help
spotting and reproducing this bug).
- many many style fixes;
- savevm version number increased;
- not including termios.h and sys/ioctl.h anymore, declaring static
constants in qemu-char.h instead;
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4993 c046a42c-6fe2-441c-8c8c-71466251a162
e1000_receive() has code to raise a receive overflow interrupt when the receive
buffer head and tail match. However, with the present implementation of
e1000_can_receive(), this code is unreachable -- and etherboot breaks as a
result.
Signed-off-by: Charles Duffy <charles_duffy@messageone.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4987 c046a42c-6fe2-441c-8c8c-71466251a162
This makes it easier to reuse in other parts of QEMU.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4975 c046a42c-6fe2-441c-8c8c-71466251a162
This is to improve the usage of audio API thanks to explanation from malc.
Functionally may not be better.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4969 c046a42c-6fe2-441c-8c8c-71466251a162
VMWare backdoor interface should work with IN/OUT port ops, but
currently only IN is supported. BOCHS bios uses OUT to query UUID.
The patch adds OUT support.
Signed-off-by: Chris Lalancette <clalance@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4957 c046a42c-6fe2-441c-8c8c-71466251a162
This reverts commit r3421, which kills the mouse in SuSE Linux 9.1 (there
were other reports of breakage earlier also).
Signed-off-by: Avi Kivity <avi@qumranet.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4905 c046a42c-6fe2-441c-8c8c-71466251a162
The fix is bogus, causing sci to be deferred for longer and longer.
Noticed by Alex Williamson.
Signed-off-by: Avi Kivity <avi@qumranet.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4904 c046a42c-6fe2-441c-8c8c-71466251a162
Previously, all data descriptors used TSE context descriptor by default,
It's not correct, per spec, data descriptor uses TSE bit to indicate
whether use TSE,
Legacy data descripter never use TSE.
This patch fixed this bug.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4878 c046a42c-6fe2-441c-8c8c-71466251a162
Fix a typo in my previous comming (spotted by Laurent Desnouges).
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4877 c046a42c-6fe2-441c-8c8c-71466251a162
Makes PPC host happy. Also use the right type for a memory offset.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4874 c046a42c-6fe2-441c-8c8c-71466251a162
This was correct also in the Anthony Liguori's patch, but not in mine.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4872 c046a42c-6fe2-441c-8c8c-71466251a162
Hopefully someday will be merged with cs4231.c (SPARC version)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4741 c046a42c-6fe2-441c-8c8c-71466251a162
* When hitting EOL (end of list) at the data descriptor level, the DMA should mark the current context-descriptor as disabled and perform a context-store so software can see whats goin on.
* Context loads update RW_SAVED_DATA_BUF, data loads dont. This fixes an issue with ethernet bootstrapping.
* Reorder the logic for processing out channels to be more like the one for input channels.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4723 c046a42c-6fe2-441c-8c8c-71466251a162
* Add NMI and GURU exceptions to teh interrupt controller.
* Teach the watchdog timer to signal an NMI before reseting the chip.
* Add etraxfs.h to hold api for etrax device models.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4720 c046a42c-6fe2-441c-8c8c-71466251a162
The IO index is now stored in its own field, instead of being wedged
into the vaddr field. This eliminates the ROMD and watchpoint host
pointer weirdness. The IO index space is expanded by 1 bit, and
several additional bits are made available in the TLB vaddr field.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4704 c046a42c-6fe2-441c-8c8c-71466251a162
Add basic support for TC6393XB system features. No support for GPIO
input though.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4702 c046a42c-6fe2-441c-8c8c-71466251a162
Current key injection via the monitor basically generates no key hold
time. This is fine for keyboard emulations that have their own queues,
but it causes troubles for those how don't (like the MusicPal - it
simply does not work with injected keys). Moreover, I would like to use
this mechanism to simulate pressed buttons during power-up.
Therefore, this patch enhances the key injection with a configurable
release delay (by default 100 virtual milliseconds).
This feature allows to get rid of the initial sleep() in musicpal_init
because one can now simply start qemu with -S and issue "sendkey m 1000"
and "continue" in the monitor to achieve the desired effect of a pressed
menu button during power-up. So there is no need for a per-musicpal or
even qemu-wide "-hold-button" switch.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4701 c046a42c-6fe2-441c-8c8c-71466251a162
Apparently Windows Server 2003 sets the frequency for either mc or pi
voice to zero, which in turn triggers a call to audio_bug from this
chain:
open_voice -> AUD_open_in -> audio_bug (audio_validate_settings):
A bug was just triggered in AUD_open_in
...
Context:
audio: frequency=0 nchannels=2 fmt=S16 endianness=little
But since no attempt by the said OS is made to actually use the voice
with zero frequency this can be considered normal behavior.
Hence if zero freqency situation is encountered - close current voice,
and make noises if the guest tries to use it.
Reported by simon@...ve
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4694 c046a42c-6fe2-441c-8c8c-71466251a162
* Move DMA_run into the dma controller to allow for multiple ETRAX/CRIS machines.
* Support both ELF and kimage kernel images.
* Correct emulation of the DMA RW_DATA register.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4678 c046a42c-6fe2-441c-8c8c-71466251a162
The current implementation of GET_CONFIGURATION in the ATAPI stack of qemu
replies a different length depending on the buffer, the data should be
written into.
On the other hand the SCSI spec defines that length information has to be
consistent and independent of return buffer lengths.
This patch makes the ATAPI emulation behave according to the spec and fixes
the Darwin DVD driver.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@suse.de>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4649 c046a42c-6fe2-441c-8c8c-71466251a162
Make sure that the MusicPal display is set to the correct size again
after some other console may have used a different size.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4646 c046a42c-6fe2-441c-8c8c-71466251a162
This adds basic support for emulating Sharp Zaurus SL-6000 PDA (tosa).
Currently it provides only basic support: no kbd/lcd, sound, ts, etc.
But it's able at least to boot Linux from CF.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4643 c046a42c-6fe2-441c-8c8c-71466251a162
Factor out to sharpsl code to support devices that are present not only
in spitz-family PDAs but also in outher Sharp Zaurus PDAs
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4642 c046a42c-6fe2-441c-8c8c-71466251a162
This code is needed to make NOLO bootloader happy. It is mostly guesses.
The tags are normally written by some early boot code that runs before NOLO.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4492 c046a42c-6fe2-441c-8c8c-71466251a162
* Support the station address filters MA0 and MA1.
* Model the group address bloom filter.
* Indentation.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4487 c046a42c-6fe2-441c-8c8c-71466251a162
Decode HID report Items in the comments.
Invert mouse wheel direction as per Alexander Graf's report and as we already do in the tablet.
Clamp the Relative values to -127:127 as we claimed in the HID descriptors.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4482 c046a42c-6fe2-441c-8c8c-71466251a162
Looking at the hold-button-on-powerup thing, I came across some
improvable parts in the MusicPal's button handling. This patch allows
for repeated wheel events by keying the arrow keys pressed, corrects
some constant name, and introduces an explicitly maintained GPIO_ISR
state.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4476 c046a42c-6fe2-441c-8c8c-71466251a162
* Add support for link partner ability and diagnostics reg.
* Correct the endianess for MDIO responses.
* Dont trash PHY registers after reads.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4456 c046a42c-6fe2-441c-8c8c-71466251a162
* Use CFI-0002 flashes.
* Connect one of the ethernet blocks.
* Simplified irq numbering.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4430 c046a42c-6fe2-441c-8c8c-71466251a162
* Add an extended table area.
* Clear buffer write timeouts to indicate that we dont support it.
* Correct device size.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4387 c046a42c-6fe2-441c-8c8c-71466251a162
Add TSC2005 touchscreen controller.
Add N810 machine definition.
Unify N800 and N810 ATAG list generation.
Pass a word length parameter on every SPI transfer.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4374 c046a42c-6fe2-441c-8c8c-71466251a162
I have just noticed that patch for CVE-2007-1320 has never been applied
to the QEMU CVS. Please find it below.
| Multiple heap-based buffer overflows in the cirrus_invalidate_region
| function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and
| possibly other products, might allow local users to execute arbitrary
| code via unspecified vectors related to "attempting to mark
| non-existent regions as dirty," aka the "bitblt" heap overflow.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4340 c046a42c-6fe2-441c-8c8c-71466251a162
Add a dummy serial to receive the output from STI console (OMAP
debugging/emulation interface).
Add some more OMAP UART dummy registers.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4331 c046a42c-6fe2-441c-8c8c-71466251a162
In floppy controller, transfer data len is not correctly calculated.
We should read up to the last sector specified by the caller, and not up to
the last sector of the floppy.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4294 c046a42c-6fe2-441c-8c8c-71466251a162
In floppy controller, programming PIO writes which are more than one sector
long leads to a buffer overflow of the fdtrl->fifo[] array.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4293 c046a42c-6fe2-441c-8c8c-71466251a162
- Replaces bootsel field by the whole tdr register. It may be easier if we want to later add support for tapes.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4288 c046a42c-6fe2-441c-8c8c-71466251a162
- Removes useless fields in fdrive_t structure.
- Adds a message when bdrv_read/bdrv_write calls fail.
- Rename int_status to status0.
- Replace some constants by value names.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4287 c046a42c-6fe2-441c-8c8c-71466251a162
- Stores controller state in MSR register instead of internal state field. This simplifies the fdctrl_read_main_status() function, which may be called in some tight loops.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4286 c046a42c-6fe2-441c-8c8c-71466251a162
- Better handling of DOR register. DOR register drives external motors, but it not limited to existing drives.
- Use FD_DOR_nRESET flag instead of internal FD_CTRL_RESET flag.
- Support writing to DOR register even in reset mode (as said in specification)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4285 c046a42c-6fe2-441c-8c8c-71466251a162
- Handles correctly FD_MSR_NONDMA/FD_DOR_NONDMA flags, and uses them when possible. Fixes a problem with SPECIFY command.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4284 c046a42c-6fe2-441c-8c8c-71466251a162
- Fixes status A and status B registers. It removes one Sun4m mutation. Also removes the internal FD_CTRL_INTR flag.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4283 c046a42c-6fe2-441c-8c8c-71466251a162
- Extract seeking to next sector handling in a function. Add a sector seek in PIO read and write modes
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4282 c046a42c-6fe2-441c-8c8c-71466251a162
- Adds a command lookup table, as suggested by Fabrice at http://lists.gnu.org/archive/html/qemu-devel/2008-04/msg00143.html
- This also moves initialization functions at the bottom of the file to prevent multiple forward declarations.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4281 c046a42c-6fe2-441c-8c8c-71466251a162