These addresses have been passed through pci_to_cpu_addr,
and thus need to be full target_phys_addr_t.
Acked-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The only way for chardev drivers to communicate an error was to return a NULL
pointer, which resulted in an error message that said _that_ something went
wrong, but not _why_.
This patch changes the interface to return 0/-errno and updates
qemu_chr_open_opts to use strerror to display a more helpful error message.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Support commas in the parameter list of multiboot modules as well as for the
kernel command line, by using double commas (via get_opt_value()).
Signed-off-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Serial and parallel devices created with -device are not reported in
the PIIX4 configuration space, and are hence not picked up by the DSDT.
This upsets Windows, which hides them altogether from the guest.
To avoid this, check at the end of machine initialization whether the
corresponding I/O ports have been registered. The new function in
ioport.c does this; this also requires a tweak to isa_unassign_ioport.
I left the comment in piix4_pm_initfn since the registers I moved do
seem to match the 82371AB datasheet. There are some quirks though.
We are setting this bit:
"Device 8 EIO Enable (EIO_EN_DEV8)—R/W. 1=Enable PCI access to the
device 8 enabled I/O ranges to be claimed by PIIX4 and forwarded
to the ISA/EIO bus. 0=Disable. The LPT_MON_EN must be set to enable
the decode."
but not LPT_MON_EN (bit 18 at 50h):
LPT Port Enable (LPT_MON_EN)—R/W. 1=Enable accesses to parallel
port address range (LPT_DEC_SEL) to generate a device 8 (parallel
port) decode event. 0=Disable.
We're also setting the LPT_DEC_SEL field (that's the 0x60 written to
63h) to 11, which means reserved, rather than to 01 (378h-37Fh).
Likewise we're not setting SA_MON_EN, SB_MON_EN (respectively bit 14
and bit 16 at address 50h) for the serial ports. However, we're setting
COMA_DEC_SEL and COMB_DEC_SEL correctly, unlike the corresponding register
for the parallel port.
All these fields are left as they are, since they are probably only
meant to be used in the DSDT.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Drop the open-coded MAC assignment from net_init_nic and replace it with
standard qemu_macaddr_default_if_unset which is also used by qdev. That
avoid creating colliding MACs when instantiating NICs via different
mechanisms.
This change requires to store the MAC as MACAddr in NICInfo, and the
remaining nd_table users need to be updated.
Based on suggestion by Peter Maydell.
CC: Markus Armbruster <armbru@redhat.com>
CC: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Spec on UHCI_STS_USBERR: "If the TD on which the error interrupt
occurred also had its IOC bit set, both this bit and Bit 0 are set."
Make UHCI emulation do that.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Remove leftover calls to usb_hid_changed().
Take care to update the changed flag after delivering a event via
GET_REPORT like we do when sending events via interrupt endpoint.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Spice worker does no longer process commands when it is stopped.
Otherwise, it might crash during migration when attempting to process
commands while the guest is not completely loaded.
Cc: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This allows to easily tag devices as non-migratable,
so any attempt to migrate a virtual machine with the
device in question active will make migration fail.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
If the serial number is not set we should mask it out in the
list of supported VPD pages and mark it as not supported.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
A debugging statement wasn't converted to the new interface.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
'tag' is just an abstraction to identify the command
from the driver. So we should make that explicit by
replacing 'tag' with a driver-defined pointer 'hba_private'.
This saves the lookup for driver handling several commands
in parallel.
'tag' is still being kept for tracing purposes.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
iov_to_buf() has an 'offset' parameter, iov_from_buf() hasn't.
This patch adds the missing parameter to iov_from_buf().
It also renames the 'offset' parameter to 'iov_off' to
emphasize it's the offset into the iovec and not the buffer.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
A host chardev could close just before the guest sends some data to be
written. This will cause an -EPIPE error. This shouldn't be propagated
to virtio-serial-bus.
Ideally we should close the port once -EPIPE is received, but since the
chardev interface doesn't return such meaningful values to its users,
all we get is -1 for any kind of error. Just return 0 for now and wait
for chardevs to return better error messages to act better on the return
messages.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
We were previously allowing arbitrarily-long indirect descriptors, which
could lead to a buffer overflow in qemu-kvm process.
CVE-2011-2212
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
vhost dev stop failed to clear the log field.
Typically not an issue as dev start overwrites this field,
but if logging gets disabled before the following start,
it doesn't so this causes a double free.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The new xen_console protocol changed the default xen_console output device
from whatever Qemu chose to whatever xenstore choses and "pty" as fallback.
This is not how Qemu works. It has its own serial redirection semantics. So
it xenstore doesn't contain information on what to do, Qemu is the place to
ask.
Signed-off-by: Alexander Graf <agraf@suse.de>
Since CS 21994 on xen-unstable.hg and CS
466608f3a32e1f9808acdf832a5843af37e5fcec on qemu-xen-unstable.git, few
changes have been introduced to the PV console xenstore protocol, as
described by the document docs/misc/console.txt under xen-unstable.hg.
From the Qemu point of view, very few modifications are needed to
correctly support the protocol: read from xenstore the "output" node
that tell us what the output of the PV console is going to be.
In case the output is a tty, write to xenstore the device name.
Changes in v2:
- fix error paths: free malloc'ed strings and close the xenstore
connection before returning;
- remove useless snprintf in xenstore_store_pv_console_info if i == 0.
Changes in v3:
- replace xs_daemon_open/xs_daemon_close with xs_open/xs_close.
Changes in v4:
- add a compatibility implementation of xs_open/xs_close.
Changes in v5:
- fix code style.
[agraf] fix build error due to missing stub
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Sometimes the toolstack uses "aio" without an additional format
identifier, in such cases use "raw".
Updated in v2:
- fix code style.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
When disk is a cdrom and the drive is empty the "params" node in
xenstore might be missing completely: cope with it instead of
segfaulting.
Updated in v2:
- actually removed the strchr(blkdev->params, ':') that caused the
segfault;
- free all the allocated strings from xenstore before returning;
Updated in v3:
- set blkdev fields to NULL after free'ing them.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Register the vkbd backend even when running as device emulator for HVM
guests: it is useful because it doesn't need a frequent timer like usb.
Check whether the XenInput DisplayState has been set in the initialise
state, rather than the input state.
In case the DisplayState hasn't been set and there is no vfb for this
domain, then set the XenInput DisplayState to the default one.
Changed in v2:
- use qemu_free instead of free;
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
con_init leaks the string "type", fix it.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Xen won't be enabled if there is no backend support available for the
host. And that also means the map cache will work. So drop the separate
config switch and move the required stubs over to xen-stub.c.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This bug was introduced in 94d3f98a3f:
scsi_cancel_io was checking if some request was pending before trying
to cancel it, while scsi_req_cancel always cancels the request.
This may lead to a crash of Qemu due to dereferencing a NULL pointer,
as exhibited by NetBSD 5.1 installer on MIPS Magnum emulation.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Add ich9 controllers, Factor out properties to a separate
struct and reference it to reduce duplication.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
To use as a companion controller, use pci-ohci as device and set the
masterbus and num-ports properties, ie:
-device usb-ehci,addr=0b.1,multifunction=on,id=ehci0
-device pci-ohci,addr=0b.0,multifunction=on,masterbus=ehci0.0,num-ports=4
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
To use as a companion controller set the masterbus property.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The PED bit should only be set for highspeed devices and the PEDC bit
should not be set on "normal" PED bit changes, only on io errors.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
with the "usb-ehci: cleanup port reset handling" patch in place no callers
are calling usb_attach(port, NULL) for a port where port->dev is NULL.
Doing that makes no sense as that causes the port detach op to get called
for a port with nothing attached. Add an assert that port->dev != NULL when
dev == NULL, and remove the check for not having a port->dev in the dev == NULL
case.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Doing a usb_attach when dev is NULL will just result in the
port detach op getting called even though nothing was connected in
the first place.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Note this fixes 2 things in one go, first of all the device_destroy bus
op should be a device_detach bus op, as pending async packets from the
device should be cancelled on detach not on destroy.
Secondly having this as a bus op won't work with companion controllers, since
then there will be 1 bus driven by the ehci controller and thus 1 set of bus
ops, but the device being detached may be downstream of a handed over port.
Making the detach of a downstream device a port op allows the ehci controller
to forward this to the companion controller port for handed over ports.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This makes them consistent with the attach and detach ops, and in general
it makes sense to make portops take a port as argument. This also makes
adding support for a companion controller easier / cleaner.
[ kraxel: fix usb-musb.c build ]
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This is a preparation patch for adding support for USB companion controllers.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Cleanup / preparation patch for companion controller support. Note that
as a "side-effect" this patch also fixes the milkymist-softusb controller
not having a port_location set for its ports.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
In musb_packet() handle final processing of non-asynchronous
USB packets by directly calling musb_schedule_cb() rather than
going through usb_packet_complete(). The latter will trigger
an assertion because the packet doesn't belong to a device.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Just in case there's still a way how a guest can read out buffers when it's not
supposed to, let's zero the buffers during initialisation so that we don't leak
information to the guest.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
This fixes https://bugs.launchpad.net/qemu/+bug/786209:
When the DRQ_STAT bit is set, the IDE core permits both data reads
and data writes, regardless of whether the current transfer was
initiated as a read or write.
This potentially leaks uninitialized host memory into the guest,
if, before doing anything else to an IDE device, the guest begins a
write transaction (e.g. WIN_WRITE), but then *reads* from the IO
port instead of writing to it.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
It needs to be a qdev property, because it belongs to the drive's
guest part. Precedence: commit a0fef654 and 6ced55a5.
Bonus: info qtree now shows the serial number.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Until now, pxa2xx_lcd only supported 90deg rotation, but
some machines (for example Zipit Z2) needs 270deg rotation.
Signed-off-by: Vasily Khoruzhick <anarsoul@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Parameter 'info' is const, so add the missing attribute.
v2:
Add 'const' to the local variable info in do_cpu_reset() and to
the boot_info field in CPUARMState (suggested by Peter Maydell).
Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
report correct mode when in undefined mode.
introduces qxl_mode_to_string(), and uses it in other places too.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This bug showed up after 1455084ea2, and
may be seen only on operating systems *not* using DMA to give commands
to SCSI adapter.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* 'ppc-next' of git://repo.or.cz/qemu/agraf:
PPC: move TLBs to their own arrays
PPC: 440: Use 440 style MMU as default, so Qemu knows the MMU type
PPC: E500: Use MAS registers instead of internal TLB representation
PPC: Only set lower 32bits with mtmsr
PPC: update openbios firmware
PPC: mpc8544ds: Add hypervisor node
PPC: calculate kernel,initrd,cmdline locations dynamically
target-ppc: Handle memory-forced I/O controller access
PPC: E500: Implement reboot controller
If I start qemu with:
# qemu -hda disks/test.img -enable-kvm -m 1G -snapshot \
-device virtio-serial \
-chardev socket,host=localhost,port=1234,server,nowait,id=foo \
-device virtserialport,chardev=foo,name=org.qemu.guest_agent
I get a segfault when booting a Fedora 14 guest. The backtrace says:
Program terminated with signal 11, Segmentation fault.
#0 0x0000000000420850 in handle_control_message (vser=0x3732bd0, buf=0x2c173e0, len=8) at /home/lcapitulino/src/qmp-unstable/hw/virtio-serial-bus.c:335
335 info = DO_UPCAST(VirtIOSerialPortInfo, qdev, port->dev.info);
What's happening is VIRTIO_CONSOLE_DEVICE_READY is a message for the
whole device, not for an individual port. So port is NULL. This bug was
introduced by commit a15bb0d6a9.
This commit fixes that by making the port returned by find_port_by_id()
be used only by the VIRTIO_CONSOLE_PORT_READY and
VIRTIO_CONSOLE_PORT_OPEN messages.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
This is an all-in-one fix for the smaller and bigger mistakes of the
build system changes for accompanied Linux headers:
- only enable KVM and vhost on Linux hosts
- fix powerpc asm header symlink
- do not use Linux headers on non-Linux hosts
- fix kvmclock for !CONFIG_KVM
- fix s390 build on non-Linux hosts
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Tested-by: Andreas Färber <andreas.faerber@web.de>
Tested-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Fix a couple of typos in comments.
Signed-off-by: Matthew Fernandez <matthew.fernandez@gmail.com>
Acked-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
