This patch adds puv3 dma (Direct Memory Access) support,
include dma device simulation for kernel booting.
v1->v2: Add initialization to ret in puv3_dma_read.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch adds puv3 pm (power management) support,
include pm device simulation for kernel booting.
Thank Blue Swirl for pointing out the missing "break".
v1->v2: Add initialization to ret in puv3_pm_read.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch adds puv3 gpio (General Purpose Input/Output) support,
include gpio device simulation and its interrupt support.
v1->v2: Add initialization to ret in puv3_gpio_read.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch adds puv3 ostimer support, include os timer
device simulation and ptimer support in puv3 machine.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch adds puv3 interrupt support, include interrupt controler
device simulation and interrupt handler in puv3 machine.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch only add puv3 soc/board support, which introduces puv3
machine description, and specifies console type.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
As a matter of course, we need to access user space in kernel code,
so we need to correct load/store decoders to indicate correct memory
region.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch implements softmmu specific functions, include tlb_fill,
switch_mode, do_interrupt and uc32_cpu_handle_mmu_fault.
So the full exception handlers and page table walking could work now.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Any code that depends on a particular CPU type can now go through
callbacks on the QOM UniCore32CPUClass.
Signed-off-by: Andreas Färber <afaerber@suse.de
Acked-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch initializes the cpuid to exactly correct value because
linux kernel will check it.
In addition, the exception types are specified in proper situations.
Then it could make exceptions generated correctly and timely.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Coprocessor 0 is system control coprocessor, and we need get/set its contents.
Also, all cache/tlb ops shoule be implemented here, but just ignored with no harm.
Coprocessor 1 is OCD (on-chip-debugger), which is used for faked console,
so we could output chars to this console without graphic card.
TODO: curses display should be added lator for screen output.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch adds unicore32-softmmu build support, include configure,
makefile, arch_init, and all missing functions needed by softmmu.
Although all missing functions are empty, unicore32-softmmu could
be build successfully.
By 20120804: change QEMU_ARCH_UNICORE32 to 0x4000
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Fix a variety of typos in comments in target-arm files.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
We check whether the variable machine is NULL or not before accessing
it. If machine is NULL, exit QEMU with an error, this can avoids a
segfault error.
Markus Armbruster <armbru@redhat.com> adds that the segfault can be
reproduced as follows:
$ qemu-system-xtensa -cpu help
Signed-off-by: Dunrong Huang <riegamaths@gmail.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
When the qemu-io --nocache option is used the 039 test case cannot abort
QEMU at a point where the image is dirty. Skip the test case.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Image formats with a dirty bit, like qed and qcow2, repair dirty image
files upon open with BDRV_O_RDWR. Performing automatic repair when
qemu-img check runs is not ideal because the bdrv_open() call repairs
the image before the actual bdrv_check() call from qemu-img.c.
Fix this "double repair" since it leads to confusing output from
qemu-img check. Tell the block driver that this image is being opened
just for bdrv_check(). This skips automatic repair and qemu-img.c can
invoke it manually with bdrv_check().
Update the golden output for qemu-iotests 039 to reflect the new
qemu-img check output.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The dirty bit is cleared after image repair succeeds in qcow2_open().
Move this into qcow2_check() so that all callers benefit from this
behavior when fix mode is enabled.
This is necessary so qemu-img check can call .bdrv_check() and mark the
image clean.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The dirty bit is cleared after image repair succeeds in qed_open().
Move this into qed_check() so that all callers benefit from this
behavior when fix=true.
This is necessary so qemu-img check can call .bdrv_check() and mark the
image clean.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Now all major device models (IDE, SCSI, virtio) can choose between
writethrough and writeback at run-time, and virtio will even revert
to writethrough if the guest is not capable of sending flushes. So
we can change the default to writeback at last.
Tested, for lack of a better idea, with a breakpoint on bdrv_open
and all cache choices one by one.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
If the guest does not support flushes, we should run in writethrough mode.
The setting is temporary until the next reset, so that for example the
BIOS will run in writethrough mode while Linux will run with a writeback
cache.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Also rename VIRTIO_BLK_F_WCACHE to VIRTIO_BLK_F_WCE for consistency with
the spec.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Instead of building a huge pipeline, just pass all expressions to a
single sed process.
Suggested-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
I noticed that in hw/ide/ahci:ahci_dma_rw_buf() we do not free the sglist. Thus,
I've added a call to qemu_sglist_destroy() to fix this memory leak.
In addition, I've adeed a call in qemu_sglist_destroy() to 0 all of the sglist
fields, in case there is some other codepath that tries to free the sglist.
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
While testing q35, which has its cdrom attached to the ahci controller, I found
that the Fedora 17 install would panic on boot. The panic occurs while
squashfs is trying to read from the cdrom. The errors are:
[ 8.622711] SQUASHFS error: xz_dec_run error, data probably corrupt
[ 8.625180] SQUASHFS error: squashfs_read_data failed to read block
0x20be48a
I was also able to produce corrupt data reads using an installed piix based
qemu machine, using 'dd'. I found that the corruptions were only occuring when
then read size was greater than 128k. For example, the following command
results in corrupted reads:
dd if=/dev/sr0 of=/tmp/blah bs=256k iflag=direct
The > 128k size reads exercise a different code path than 128k and below. In
ide_atapi_cmd_read_dma_cb() s->io_buffer_size is capped at 128k. Thus,
ide_atapi_cmd_read_dma_cb() is called a second time when the read is > 128k.
However, ahci_dma_rw_buf() restart the read from offset 0, instead of at 128k.
Thus, resulting in a corrupted read.
To fix this, I've introduced 'io_buffer_offset' field in IDEState to keep
track of the offset. I've also modified ahci_populate_sglist() to take a new
3rd offset argument, so that the sglist is property initialized.
I've tested this patch using 'dd' testing, and Fedora 17 now correctly boots
and installs on q35 with the cdrom ahci controller.
Signed-off-by: Jason Baron <jbaron@redhat.com>
Tested-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The scsi passthrough handler falls through after completing a
request into the failure path, resulting in a use after free.
Reproducible by running a guest with aio=native on a block device.
Reported-by: Stefan Priebe <s.priebe@profihost.ag>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
A command line device probe using just -device "?" gets processed
after qemu-kvm initializes the accelerator. If /dev/kvm is not
present, the accelerator check will fail (kvm is defaulted to on),
which causes libvirt to not be set up to handle qemu guests.
Moving the device help handling before the accelerator set up allows
the device probe to work in this configuration and libvirt succeeds
in setting up for a qemu hypervisor mode.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* 'x86cpu_qom_tcg_v2' of git://github.com/imammedo/qemu:
target-i386: move tcg initialization into x86_cpu_initfn()
cleanup cpu_set_debug_excp_handler
target-xtensa: drop usage of prev_debug_excp_handler
target-i386: drop usage of prev_debug_excp_handler
qemu_rearm_alarm_timer partially duplicates the code in
qemu_next_alarm_deadline to figure out if it needs to rearm the timer.
If it calls qemu_next_alarm_deadline, it always rearms the timer even if
the next deadline is INT64_MAX.
This patch simplifies the behavior of qemu_rearm_alarm_timer and removes
the duplicated code, always calling qemu_next_alarm_deadline and only
rearming the timer if the deadline is less than INT64_MAX.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Tested-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This fixes the following error:
$ qemu-system-xtensa -cpu help
Segmentation fault
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This makes usable default for -cpu option both for qemu-system-xtensa
and qemu-system-xtensaeb fixing the following error:
$ qemu-system-xtensaeb -M sim
Unable to find CPU definition
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Tested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This change addresses a problem where QEMU incorrectly traps on
floating-point MADD group instructions with SIGILL, at least while
emulating MIPS32r2 processors. These instructions use the COP1X major
opcode and include ones like:
madd.d $f2,$f4,$f2,$f6
Here's Nathan's original analysis of the problem:
"QEMU essentially does:
d = find_cpu (cpu_string) // get CPU definition
fpu_init (env, d) // initialize fpu state (init FCR0, basically)
cpu_reset (env)
...and the cpu_reset call clears all interesting state that fpu_init
setup, then proceeds to reinitialize all the CP0 registers...but not
FCR0."
I have verified this change with system emulation running the GDB test
suite for the mips-sde-elf target (o32, big endian, 24Kf CPU emulated),
there were 55 progressions and no regressions.
Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
LOAD_UNLOAD and START_STOP have same value, so the table
entry is initialized twice. Spotted by Clang compiler.
Remove LOAD_UNLOAD entry since START_STOP entry already
represents both.
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Global register AREG0 was always assumed to be usable in user-exec.c,
but this is incorrect for several targets.
Fix with #ifdeffery and by using other variables.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Clang compiler complained about use of reserved word 'restrict' in SLIRP
and QAPI.
Prefix C keywords with "q_", adjust SLIRP accordingly.
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
err was uninitialized, it's not OK to use |=. Spotted by Clang
compiler.
Fix by implementing the earlier statement which initializes the variable.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The qemu_irq for Terminal Count (TC) line between FDC and Slavio misc
device was created only after use, spotted by Clang compiler. Also,
it was not created if the FDC didn't exist.
Rearrange code to fix order. Always create the TC line.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Difference with AMD PCscsi is that DC-390 contains a EEPROM,
and that a romfile is available to add INT13 support.
This has been successfully tested on:
- MS DOS 6.22 (using DC390 ASPI driver)
- MS Windows 98 SE (using DC390 driver)
- MS Windows NT 3.1 (using DC390 driver)
- MS Windows NT 4.0 (using DC390 driver)
- hard disk and cdrom boot
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This reverts commit 0883c5159f.
Those stubs were only used by PCI ESP emulation, which is now
not compiled on architectures which have no PCI bus support.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
sparc machines loose ability to instanciate PCI ESP SCSI adapter,
which is not a big loose as they don't have PCI bus support.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The unmap command can reuse the same infrastructure as MODE SELECT
for reading the descriptor list into memory. The descriptors are
processed sequentially.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Leaving the aiocb to a non-NULL value leads to an assertion failure when
rerror/werror are set to stop or enospc, and the operation is retried.
scsi-disk checks that the aiocb member is NULL before filling it.
This patch correctly resets the aiocb to NULL values everywhere,
and adds the dual assertion that the aiocb was non-NULL before
calling bdrv_acct_done.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch fixes a problem in handling task management functions
in virtio-scsi. The cause of the problem is a mismatch between
the size of the tag in QEMU (32-bit) and virtio-scsi (64-bit).
Changing the QEMU size is hard because the migration format
uses 32 bits to store the tag; so just don't use the QEMU tag
(virtio-scsi only uses the tag for task management functions
anyway) and look up the full 64-bit tag in the hba_private field.
The reproducer is a bit obscure. If you cause an I/O timeout
(for example with rerror=stop and doing 'cont' on the monitor
continuously without fixing the error), sooner or later the
guest will try to abort the command and reissue it. At this
point, QEMU will report _two_ errors instead of one when you
hit 'c', because the first error has not been canceled correctly.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch updates the iscsi layer to automatically pick a 'unique'
initiator-name based on the name of the vm in case the user has not set
an explicit iqn-name to use.
Create a new function qemu_get_vm_name() that returns the name of the VM,
if specified.
This way we can thus create default names to use as the initiator name
based on the guest session.
If the VM is not named via the '-name' command line argument, the iscsi
initiator-name used wiull simply be
iqn.2008-11.org.linux-kvm
If a name for the VM was specified with the '-name' option, iscsi will
use a default initiatorname of
iqn.2008-11.org.linux-kvm:<name>
These names are just the default iscsi initiator name that qemu will
generate/use only when the user has not set an explicit initiator name
via the commandlines or config files.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
The argument of iscsi_create_context is never freed by libiscsi,
which in fact calls strdup on it. Avoid a leak.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>