Commit Graph

19582 Commits

Author SHA1 Message Date
Kevin Wolf
8dc0a5e7a0 qcow2: Fix error handling in qcow2_alloc_cluster_offset
If do_alloc_cluster_offset() fails, the error handling code tried to
remove the request from the in-flight queue, to which it wasn't added
yet, resulting in a NULL pointer dereference.

m->nb_clusters really only becomes != 0 when the request is in the list.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-04-19 16:03:27 +02:00
Stefan Hajnoczi
e82dabd82e ide: convert ide_sector_write() to asynchronous I/O
The IDE PIO write sector code path uses bdrv_write() and hence can make
the guest unresponsive while the I/O request is in progress.  This patch
converts ide_sector_write() to use bdrv_aio_writev() by using the
BUSY_STAT bit to tell the guest that the request is in progress.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Tested-by: Richard Davies <richard@arachsys.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-04-19 16:03:27 +02:00
Stefan Hajnoczi
bef0fd5958 ide: convert ide_sector_read() to asynchronous I/O
The IDE PIO interface currently uses bdrv_read() to perform reads
synchronously.  Synchronous I/O in the vcpu thread is bad because it
prevents the guest from executing code - it makes the guest
unresponsive.

This patch converts IDE PIO to use bdrv_aio_readv().  We simply need to
use the BUSY_STAT status so the guest knows to wait while we are busy.

The only external user of ide_sector_read() is restart behavior on I/O
errors and it is not affected by this change.  We still need to restart
I/O in the same way.

Migration is also unaffected if I understand the code correctly.  We
continue to use the same transfer function and the BUSY_STAT status
should never be migrated since we flush I/O before migrating device
state.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Tested-by: Richard Davies <richard@arachsys.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-04-19 16:03:27 +02:00
Kevin Wolf
592fa07043 qemu-io: Add command line switch for cache mode
To be used as in 'qemu-io -t writeback test.img'

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 16:03:16 +02:00
Stefan Weil
4e35b92a51 block: Fix spelling in comment (ineffcient -> inefficient)
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-04-19 15:48:52 +02:00
Dong Xu Wang
8ff9ae00da iotests: fix error in 005
According comment, we should not read again, we will write.

Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-04-19 15:48:52 +02:00
Kevin Wolf
7094f12f86 block: Drain requests in bdrv_close
If an AIO request is in flight that refers to a BlockDriverState that
has been closed and possibly even freed, more or less anything could
happen. I have seen segfaults, -EBADF return values and qcow2 sometimes
actually catches the situation in bdrv_close() and abort()s.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 15:48:52 +02:00
Kevin Wolf
aafcdcc9eb qemu-iotests: Test bdrv_close while AIO is in flight
If the BlockDriverState is closed/freed without draining the AIO
requests first, the request coroutines may work on invalid data and file
descriptors or have some dangling pointers that cause segfaults.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 15:48:52 +02:00
Kevin Wolf
7299550b25 qemu-iotests: Always filter cluster_size out in _make_test_img
Some image formats do have a cluster size, others don't, but there are
tests that work with both sets of images and currently we get failures
because the qemu-img create output doesn't mention the cluster size for
some formats.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-19 15:48:52 +02:00
Anthony Liguori
51006bbc45 Merge remote-tracking branch 'origin/master' into staging
* origin/master:
  Allow controlling volume with PulseAudio backend
  configure: pa_simple is not needed anymore
  Do not use pa_simple PulseAudio API
  audio/spice: add support for volume control
  hw/ac97: add support for volume control
  hw/ac97: the volume mask is not only 0x1f
  hw/ac97: remove USE_MIXER code
  audio: don't apply volume effect if backend has VOICE_VOLUME_CAP
  audio: add VOICE_VOLUME ctl
2012-04-18 10:06:09 -05:00
Anthony Liguori
25b9e14e78 Merge remote-tracking branch 'spice/spice.v52' into staging
* spice/spice.v52:
  qxl-render: fix broken vnc+spice since commit f934493
  qxl: set default values of vram*_size_mb to -1
  trace-events: remove unused qxl_vga_ioport_while_not_in_vga_mode
2012-04-18 07:56:18 -05:00
Anthony Liguori
b26d712ecc Merge remote-tracking branch 'kraxel/usb.46' into staging
* kraxel/usb.46: (21 commits)
  usb-ehci: drop assert()
  usb-redir: Notify our peer when we reject a device due to a speed mismatch
  usb-ehci: Drop unused sofv value
  usb-host: rewrite usb_linux_update_endp_table
  usb: use USBDescriptor for endpoint descriptors.
  usb: use USBDescriptor for interface descriptors.
  usb: use USBDescriptor for config descriptors.
  usb: use USBDescriptor for device qualifier descriptors.
  usb: add USBDescriptor, use for device descriptors.
  usb-ehci: frindex always is a 14 bits counter
  usb-ehci: fix ehci_child_detach
  usb-hub: add tracepoints
  usb_packet_set_state: handle p->ep == NULL
  usb-host: add property to turn off pipelining
  usb-host: add usb packet to request tracepoints
  usb-host: trace canceled requests
  usb-host: trace emulated requests
  Add bootindex support to usb-host and usb-redir
  usb-uhci: queuing fix
  usb-uhci: stop queue filling when we find a in-flight td
  ...
2012-04-18 07:55:56 -05:00
Alon Levy
06ddea49f8 qxl-render: fix broken vnc+spice since commit f934493
Notify any listeners such as vnc that the displaysurface has been
changed, otherwise they will segfault when first accessing the freed old
displaysurface data.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-18 12:21:53 +02:00
Alon Levy
79ce356701 qxl: set default values of vram*_size_mb to -1
The addition of those values caused a regression where not specifying
any value for the vram bar size would result in a 4096 _byte_ surface
area. This is ok for the windows driver but causes the X driver to be
unusable. Also, it's a regression. This patch returns the default
behavior of having a 64 megabyte vram BAR.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-18 12:21:53 +02:00
Alon Levy
a9257af0b9 trace-events: remove unused qxl_vga_ioport_while_not_in_vga_mode
The resulting stp file fails to load because of an unresolvable probe.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-18 12:21:45 +02:00
Marc-André Lureau
6e7a7f3d9b Allow controlling volume with PulseAudio backend
Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
2012-04-17 16:57:58 +04:00
Marc-André Lureau
a394aed235 configure: pa_simple is not needed anymore
Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
2012-04-17 16:57:58 +04:00
Marc-André Lureau
ea9ebc2ce6 Do not use pa_simple PulseAudio API
Unfortunately, pa_simple is a limited API which doesn't let us
retrieve the associated pa_stream. It is needed to control the volume
of the stream.

In v4:
- add missing braces

Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
2012-04-17 16:57:58 +04:00
Marc-André Lureau
a70c99c614 audio/spice: add support for volume control
Use Spice server volume control API when available.

Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
2012-04-17 16:57:58 +04:00
Marc-André Lureau
19677a380a hw/ac97: add support for volume control
Combine output volume with Master and PCM registers values.
Use default values in mixer_reset ().
Set volume on post-load to update backend values.

v4,v5:
- fix some code style

Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
2012-04-17 16:57:58 +04:00
Marc-André Lureau
5b72392603 hw/ac97: the volume mask is not only 0x1f
It's a case by case (see Table 66. AC ?97 Baseline Audio Register Map)

Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
2012-04-17 16:57:58 +04:00
Marc-André Lureau
ed2997cdcb hw/ac97: remove USE_MIXER code
That code doesn't compile. The interesting bits for volume control are
going to be rewritten in the following patch.

Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
2012-04-17 16:57:57 +04:00
Marc-André Lureau
c01b245623 audio: don't apply volume effect if backend has VOICE_VOLUME_CAP
If the audio backend is capable of volume control, don't apply
software volume (mixeng_volume ()), but instead, rely on backend
volume control. This will allow guest to have full range volume
control.

Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
2012-04-17 16:57:57 +04:00
Marc-André Lureau
6c95ab94f9 audio: add VOICE_VOLUME ctl
Add a new PCM control operation to update the stream volume on the
audio backend.  The argument given is a SWVoiceOut/SWVoiceIn.

v4:
- verified other backends didn't fail/assert on this new control
  they randomly return 0 or -1, but we ignore return value.

Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
2012-04-17 16:57:57 +04:00
Gerd Hoffmann
6b034aa138 seabios: update to 1.7.0
Update roms/seabios and pc-bios/bios.bin to the 1.7.0 release.
Most noticable new feature is virtio-scsi support.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:51:41 +02:00
Gerd Hoffmann
c7020c9740 usb-ehci: drop assert()
Not sure what the purpose of the assert() was, in any case it is bogous.
We can arrive there if transfer descriptors passed to us from the guest
failed to pass sanity checks, i.e. it is guest-triggerable.  We deal
with that case by resetting the host controller.  Everything is ok, no
need to throw a core dump here.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:29 +02:00
Hans de Goede
714f9db06c usb-redir: Notify our peer when we reject a device due to a speed mismatch
Also cleanup (reset) our device state when we reject a device due to a
speed mismatch.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Hans de Goede
8e24283b26 usb-ehci: Drop unused sofv value
The sofv value only ever gets a value assigned and is never used (read)
anywhere, so we can just drop it.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
96dd9aac37 usb-host: rewrite usb_linux_update_endp_table
This patch carries a complete rewrite of the usb descriptor parser.
Changes / improvements:

 * We are using the USBDescriptor struct instead of hard-coded offsets
   now to access descriptor data.
 * (debug) printfs are all gone, tracepoints have been added instead.
 * We don't try (and fail) to skip over unneeded descriptors.  We parse
   them all one by one.  We keep track of which configuration, interface
   and altsetting we are looking at and use this information to figure
   which desciptors are in use and which we can ignore.
 * On parse errors we clear all endpoint information, which will
   disallow any communication with the device, except control endpoint
   messages.  This makes sure we don't end up with a silly device state
   where half of the endpoints got enabled and the other half was left
   disabled.
 * Some sanity checks have been added.

The new parser is more robust and also leaves complete device
information in the trace log if you enable the ush_host_parse_*
tracepoints.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
e36a20d329 usb: use USBDescriptor for endpoint descriptors.
Add endpoint descriptor substruct to USBDescriptor,
use it in the descriptor generator code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
feafd797ee usb: use USBDescriptor for interface descriptors.
Add interface descriptor substruct to USBDescriptor,
use it in the descriptor generator code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
0a263db17a usb: use USBDescriptor for config descriptors.
Add config descriptor substruct to USBDescriptor,
use it in the descriptor generator code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
3cfeee6177 usb: use USBDescriptor for device qualifier descriptors.
Add device qualifier substruct to USBDescriptor,
use it in the descriptor generator code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
d3f904ea7b usb: add USBDescriptor, use for device descriptors.
This patch adds a new type for the binary representation of usb
descriptors.  It is put into use for the descriptor generator code
where the struct replaces the hard-coded offsets.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Hans de Goede
58ea88d87a usb-ehci: frindex always is a 14 bits counter
frindex always is a 14 bits counter, and not a 13 bits one as we were
emulating. There are some subtle hints to this in the spec, first of all
"Table 2-12. FRINDEX - Frame Index Register" says:
"Bit 13:0 Frame Index. The value in this register increments at the end of
each time frame (e.g. micro-frame). Bits [N:3] are used for the Frame List
current index. This means that each location of the frame list is accessed
8 times (frames or micro-frames) before moving to the next index. The
following illustrates values of N based on the value of the Frame List
Size field in the USBCMD register.

USBCMD[Frame List Size]	Number Elements		 N
00b				1024		12
01b				 512		11
10b				 256		10
11b			    Reserved"

Notice how the text talks about "Bits [N:3]" are used ..., it does
NOT say that when N == 12 (our case) the counter will wrap from 8191 to 0,
or in otherwords that it is a 13 bits counter (bits 0 - 12).

The other hint is in "Table 2-10. USBSTS USB Status Register Bit Definitions":

"Bit 3 Frame List Rollover - R/WC. The Host Controller sets this bit to a one
when the Frame List Index (see Section 2.3.4) rolls over from its maximum value
to zero. The exact value at which the rollover occurs depends on the frame
list size. For example, if the frame list size (as programmed in the Frame
List Size field of the USBCMD register) is 1024, the Frame Index Register
rolls over every time FRINDEX[13] toggles. Similarly, if the size is 512,
the Host Controller sets this bit to a one every time FRINDEX[12] toggles."

Notice how this text talks about setting bit 3 when bit 13 of frindex toggles
(when there are 1024 entries, so our case), so this indicates that frindex
has a bit 13 making it a 14 bit counter.

Besides these clear hints the real proof is in the pudding. Before this
patch I could not stream data from a USB2 webcam under Windows XP, after
this cam using a USB2 webcam under Windows XP works fine, and no regressions
with other operating systems were seen.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
088351a7e5 usb-ehci: fix ehci_child_detach
Looks like a cut+paste bug from ehci_detach.  When the device itself is
detached from a ehci port (ehci_detach op) we have to clear the
device pointer for the companion port too.  When a device gets removed
from a downstream port of a usb hub (ehci_child_detach op) the ehci port
where the usb hub is plugged in is not affected.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann
529f8f9fa9 usb-hub: add tracepoints
Add tracepoints to the usb hub emulation.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
f5bf14bf39 usb_packet_set_state: handle p->ep == NULL
usb_packet_set_state can be called with p->ep = NULL.  The tracepoint
there tries to log endpoint information, which leads to a segfault.
This patch makes usb_packet_set_state handle the NULL pointer properly.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
39c2057700 usb-host: add property to turn off pipelining
Add a property to usb-host to disable the bulk endpoint pipelining.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
19b89252a3 usb-host: add usb packet to request tracepoints
Add pointer to USBPacket to all tracepoints tracking requests to make it
easier to identify them when multiple requests are in flight.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
6aebe40796 usb-host: trace canceled requests
Add tracepoints to track canceled requests.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
e382e751ef usb-host: trace emulated requests
Add tracepoint to track completion of emulated control requests.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
65bb3a5c11 Add bootindex support to usb-host and usb-redir
When passing through a usb pendrive seabios will present it in the F12
boot menu and will happily boot from it.

This patch adds bootorder support so you can even make it the default
boot device.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
ee008ba626 usb-uhci: queuing fix
When we queue up usb packets we may happen to find a already queued
packet, which also might be finished at that point already.  We don't
want continue processing the packet at this point though, so lets
just signal back we've found a in-flight packet when in queuing mode.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
52b0fecdba usb-uhci: stop queue filling when we find a in-flight td
Not only QHs can form rings, but TDs too.  With the new
queuing/pipelining support we are following TD chains and
can actually walk in circles.  An assert() prevents us from
entering an endless loop then.

Fix is easy:  Just stop queuing when we figure the TD we are
about to queue up is in flight already.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann
eeb0cf9abf usb/vmstate: add parent dev path
... to make vmstate id string truely unique with multiple host
controllers, i.e. move from "1/usb-ptr" to "0000:00:01.3/1/usb-ptr"
(usb tabled connected to piix3 uhci).

This obviously breaks migration.  To handle this the usb bus
property "full-path" is added.  When setting this to false old
behavior is maintained.  This way current qemu will be compatible
with old versions when started using '-M pc-$oldversion'.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:21 +02:00
Peter Portante
158fd3ce98 qemu-timer.c: Remove 250us timeouts
Basically, the main wait loop calls qemu_run_all_timers() unconditionally. The
first thing this routine used to do is to see if a timer had been serviced,
and then reset the loop timeout to the next deadline.

However, the new deadlines had not been calculated at that point, as
qemu_run_timers() had not been called yet for each of the clocks. So
qemu_rearm_alarm_timer() would end up with a negative or zero deadline, and
default to setting a 250us timeout for the loop.

As qemu_run_timers() is called for each clock, the real deadlines would be put
in place, but because a loop timeout was already set, the loop timeout would
not be changed.

Once that 250us timeout fired, the real deadline would be used for the
subsequent timeout.

For idle VMs, this effectively doubles the number of times through the loop,
doubling the number of select() system calls, timer calls, etc. putting added
scheduling pressure on the kernel. And under cgroups, this really causes a big
problem because the cgroup code does not scale well.

By simply running the timers before trying to rearm the timer, we always rearm
with a non-zero deadline, effectively halving the number of system calls.

Signed-off-by: Peter Portante <pportant@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-04-16 12:56:48 -05:00
Anthony Liguori
fc34e77bb3 Merge remote-tracking branch 'kiszka/queues/pending' into staging
* kiszka/queues/pending:
  vapic: Disable for pre-1.1 machines
  Kick io-thread on qemu_chr_accept_input
  pcnet: Properly handle TX requests during Link Fail
  pcnet: Clear ERR in CSR0 on stop
  signrom: Rewrite as python script

Conflicts:
	hw/pc_piix.c

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-04-16 12:56:28 -05:00
Anthony Liguori
52346e8c75 Merge remote-tracking branch 'mst/tags/for_anthony' into staging
* mst/tags/for_anthony:
  pci: fix corrupted pci conf index register by unaligned write
  acpi: explicitly account for >1 device per slot
  acpi_piix4: Re-define PCI hotplug eject register read
  acpi_piix4: Remove PCI_RMV_BASE write code
  acpi_piix4: Fix PCI hotplug race
  acpi_piix4: Disallow write to up/down PCI hotplug registers
  virtio-pci: change virtio balloon PCI class code
  ivshmem: add missing msix calls
  vhost: readd assert statement
  vhost: Fix size of dirty log sync on resize
  pc: reduce duplication in compat machine types
  piix_pci: fix typo in i400FX chipset init code
2012-04-16 12:52:22 -05:00
Anthony Liguori
8a6b8708e3 Merge remote-tracking branch 'sstabellini/for_anthony' into staging
* sstabellini/for_anthony:
  xen: introduce an event channel for buffered io event notifications
  xen-mapcache: don't unmap locked entry during mapcache invalidation
  Xen, mapcache: Fix the compute of the size of bucket.
  xen: handle backend deletion from xenstore
  Xen: Add xen-apic support and hook it up.
  Xen: basic HVM MSI injection support.
2012-04-16 12:50:12 -05:00