Commit Graph

72 Commits

Author SHA1 Message Date
Michael Roth
ded67782e6 acpi_piix4: fix segfault migrating from 1.2
b0b873a078 bumped the vmstate version and
introduced an old-style load function to handle migration from prior
(<= 1.2) versions.

The load function passes the top-level PIIX4PMState pointer to
vmstate_load_state() to handle nested structs for APMState and
pci_status, which leads to corruption of the top-level PIIX4PMState,
since pointers to the nested structs are expected.

A segfault can be fairly reliably triggered by migrating from 1.2 and
issuing a reset, which will trigger a number of QOM operations which
rely on the now corrupted ObjectClass/Object members.

Fix this by passing in the expected pointers for vmstate_load_state().

Cc: qemu-stable@nongnu.org
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-04 14:39:07 -06:00
Hervé Poussineau
c3a29809e4 acpi_piix4: Do not use old_portio-style callbacks
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
[AF: Used HWADDR_PRIx for hwaddr PIIX4_DPRINTF()]
Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-01-15 19:45:45 +01:00
Andreas Färber
8c43a6f05d Make all static TypeInfos const
Since 39bffca203 (qdev: register all
types natively through QEMU Object Model), TypeInfo as used in
the common, non-iterative pattern is no longer amended with information
and should therefore be const.

Fix the documented QOM examples:

 sed -i 's/static TypeInfo/static const TypeInfo/g' include/qom/object.h

Since frequently the wrong examples are being copied by contributors of
new devices, fix all types in the tree:

 sed -i 's/^static TypeInfo/static const TypeInfo/g' */*.c
 sed -i 's/^static TypeInfo/static const TypeInfo/g' */*/*.c

This also avoids to piggy-back these changes onto real functional
changes or other refactorings.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-01-10 15:11:53 -06:00
Gerd Hoffmann
56e5b2a1a6 apci: assign memory regions to piix4 acpi device
Get rid of get_system_io() usage.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-01-04 08:51:56 +01:00
Paolo Bonzini
9c17d615a6 softmmu: move include files to include/sysemu/
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19 08:32:45 +01:00
Paolo Bonzini
1de7afc984 misc: move include files to include/qemu/
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19 08:32:39 +01:00
Paolo Bonzini
022c62cbbc exec: move include files to include/exec/
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19 08:31:31 +01:00
Michael S. Tsirkin
a2cb15b0dd pci: update all users to look in pci/
update all users so we can remove the makefile hack.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-12-17 13:02:26 +02:00
Anthony Liguori
8385b173a0 Merge remote-tracking branch 'kraxel/acpi.1' into staging
* kraxel/acpi.1:
  acpi: drop debug port
  q35: update lpc pci config space according to configured devices
  apci: switch piix4 pci hotplug to memory api
  acpi: remove acpi_gpe_blk
  apci: switch piix4 gpe to memory api
  acpi: fix piix4 smbus mapping
  acpi: switch smbus to memory api
  acpi: cleanup ich9 memory region
  apci: switch ich9 smi to memory api
  apci: switch ich9 gpe to memory api
  acpi: cleanup vt82c686 memory region
  acpi: cleanup piix4 memory region
  apci: switch evt to memory api
  apci: switch cnt to memory api
  apci: switch timer to memory api
  apci: switch vt82c686 to memory api
  apci: switch ich9 to memory api
  apci: switch piix4 to memory api

Conflicts:
	hw/lpc_ich9.c

Resolved merge conflict due to apm_init adding an argument.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-12-10 08:33:11 -06:00
Julien Grall
42d8a3cf96 hw/apm.c: Replace register_ioport_*
Replace all register_ioport_*() with a MemoryRegion.
This permits to use the new Memory stuff like listeners.

Moreover, the PCI device is added as an argument for apm_init(),
so we can register IO inside the PCI IO address space.

Signed-off-by: Julien Grall <julien.grall@citrix.com>
Acked-by: Avi Kivity <avi@redhat.com>
[AF: Rebased onto hwaddr and q35]
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-12-04 14:50:21 +01:00
Gerd Hoffmann
3e43749882 acpi: drop debug port
I'm pretty sure this isn't needed any more.  I think this predates the
switch to seabios, and the seabios DSDT table has a DBUG() aml macro
which writes stuff to the seabios debug port (0x402).

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-12-04 13:52:43 +01:00
Gerd Hoffmann
c177684c75 apci: switch piix4 pci hotplug to memory api
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-12-04 13:52:43 +01:00
Gerd Hoffmann
c84649ca66 acpi: remove acpi_gpe_blk
With gpe being switched to memory api this is no longer needed.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-12-04 13:52:43 +01:00
Gerd Hoffmann
b65b93f24c apci: switch piix4 gpe to memory api
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-12-04 13:52:43 +01:00
Gerd Hoffmann
24fe083de6 acpi: fix piix4 smbus mapping
Make write to the smbus base register and enable bit actually work.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-12-04 13:52:43 +01:00
Gerd Hoffmann
798512e552 acpi: switch smbus to memory api
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-12-04 13:52:43 +01:00
Gerd Hoffmann
ca5d64b4b4 acpi: cleanup piix4 memory region
Nothing left to do, everything handled by subregions,
we can zap the reaw/write handlers now.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-12-04 13:52:42 +01:00
Gerd Hoffmann
b5a7c024d2 apci: switch evt to memory api
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-12-04 13:52:42 +01:00
Gerd Hoffmann
afafe4bbe0 apci: switch cnt to memory api
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-12-04 13:52:42 +01:00
Gerd Hoffmann
77d58b1e47 apci: switch timer to memory api
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-12-04 13:52:42 +01:00
Gerd Hoffmann
af11110bb8 apci: switch piix4 to memory api
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-12-04 13:52:42 +01:00
Marcelo Tosatti
b0b873a078 acpi_piix4: fix migration of gpe fields
Migrate 16 bytes for en/sts fields (which is the correct size),
increase version to 3, and document how to support incoming
migration from qemu-kvm 1.2.

Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2012-11-14 20:15:37 -02:00
Igor Mammedov
d010f91c3a acpi: use notifier for signaling guest system_powerdown command
In addition, there is no need to allocate an extra irq just for
rising SCI in irq handler. Just rise SCI right from notifier
handler instead.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-25 18:37:41 -05:00
Gleb Natapov
4d09d37c6a reset PMBA and PMREGMISC PIIX4 registers.
The bug causes Windows + OVMF hang after reboot since OVMF
checks PMREGMISC to see if IO space is enabled and skip
configuration if it is.

Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-29 09:30:31 -05:00
Paolo Bonzini
da5a44e8b0 qom: object_delete should unparent the object first
object_deinit is only called when the reference count goes to zero,
and yet tries to do an object_unparent.  Now, object_unparent
either does nothing or it will decrease the reference count.
Because we know the reference count is zero, the object_unparent
call in object_deinit is useless.

Instead, we need to disconnect the object from its parent just
before we remove the last reference apart from the parent's.  This
happens in object_delete.  Once we do this, all calls to
object_unparent peppered through QEMU can go away.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-23 20:19:59 -05:00
Gleb Natapov
459ae5ea5a Add PIIX4 properties to control PM system states.
This patch adds two things. First it allows QEMU to distinguish between
regular powerdown and S4 powerdown. Later separate QMP notification will
be added for S4 powerdown. Second it allows S3/S4 states to be disabled
from QEMU command line. Some guests known to be broken with regards to
power management, but allow to use it anyway. Using new properties
management will be able to disable S3/S4 for such guests.

Supported system state are passed to a firmware using new fw_cfg file.
The file contains  6 byte array. Each byte represents one system
state. If byte at offset X has its MSB set it means that system state
X is supported and to enter it guest should use the value from lowest 3
bits.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-06-19 13:36:56 -05:00
Anthony Liguori
0866aca1de qbus: Make child devices links
Make qbus children show up as link<> properties.  There is no stable
addressing for qbus children so we use an unstable naming convention.

This is okay in QOM though because the composition name is expected to
be what's stable.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-06-18 15:14:38 +02:00
Amos Kong
a6de8ed80e pci: call object_unparent() before free_qdev()
Start VM with 8 multiple-function block devs, hot-removing
those block devs by 'device_del ...' would cause qemu abort.

| (qemu) device_del virti0-0-0
| (qemu) **
|ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0)

It's a regression introduced by commit 57c9fafe

The whole PCI slot should be removed once. Currently only one func
is cleaned in pci_unplug_device(), if you try to remove a single
func by monitor cmd.

free_qdev() are called for all functions in slot,
but unparent_delete() is only called for one
function.

Signed-off-by: XXXX
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-05-29 20:19:24 -05:00
Michael S. Tsirkin
54bfa546a0 acpi: explicitly account for >1 device per slot
Slot present bit is cleared apparently for each device. Hotplug and non
hotplug devices should not mix normally, and we only set the bit when we
add a device so it should all work out, but it's more robust to
explicitly account for more than one device per slot.

Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-04-15 12:17:23 +03:00
Alex Williamson
9290f364c1 acpi_piix4: Re-define PCI hotplug eject register read
The PCI hotplug eject register has always returned 0, so let's redefine
it as a hotplug feature register.  The existing model of using separate
up & down read-only registers and an eject via write to this register
becomes the base implementation.  As we make use of new interfaces we'll
set bits here to allow the BIOS and AML implementation to optimize for
the platform implementation.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-04-15 12:17:23 +03:00
Alex Williamson
31745aabcd acpi_piix4: Remove PCI_RMV_BASE write code
Clarify this register as read-only and remove write code.  No
change in existing behavior.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-04-15 12:17:23 +03:00
Alex Williamson
7faa8075d8 acpi_piix4: Fix PCI hotplug race
As Michael Tsirkin demonstrated, current PCI hotplug is vulnerable
to a few races.  The first is a race with other hotplug operations
because we clear the up & down registers at each event.  If a new
event comes before the last is processed, up/down is cleared and
the event is lost.

To fix this for the down register, we create a life cycle for
the event request that starts with the hot unplug request in
piix4_device_hotplug() and ends when the device is ejected.
This allows us to mask and clear individual bits, preserving them
against races.  For the up register, we have no clear end point
for when the event is finished.  We could modify the BIOS to
acknowledge the bit and clear it, but this creates BIOS compatibiliy
issues without offering a complete solution.  Instead we note that
gratuitous ACPI device checks are not harmful, which allows us to
issue a device check for every slot.  We know which slots are present
and we know which slots are hotpluggable, so we can easily reduce
this to a more manageable set for the guest.

The other race Michael noted was that an unplug request followed
by reset may also lose the eject notification, which may also
result in the eject request being lost which a subsequent add
or remove.  Once we're in reset, the device is unused and we can
flush the queue of device removals ourselves.  Previously if a
device_del was issued to a guest without ACPI PCI hotplug support,
it was necessary to shutdown the guest to recover the device.
With this, a guest reboot is sufficient.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-04-15 12:17:23 +03:00
Alex Williamson
ba737541ed acpi_piix4: Disallow write to up/down PCI hotplug registers
The write side of these registers is never used and actually can't be
used as defined because any read/modify/write sequence from the guest
potentially races with qemu.  Drop the write support and define these
as read-only registers.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-04-15 12:17:22 +03:00
Gerd Hoffmann
da98c8eb4c suspend: switch acpi s3 to new infrastructure.
This patch switches pc s3 suspend over to the new infrastructure.
The cmos_s3 qemu_irq is killed, the new notifier is used instead.
The xen hack goes away with that too, the hypercall can simply be
done in a notifier function now.

This patch also makes the guest actually stay suspended instead
of leaving suspend instantly, so it is useful for more than just
testing whenever the suspend/resume cycle actually works.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-02-24 13:36:03 -06:00
Gerd Hoffmann
8283c4f565 acpi: add acpi_pm1_evt_write_en
Do APCIREGS->pm1.evt.en updates using the new acpi_pm1_evt_write_en
function, so the acpi code will see those updates.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-02-24 13:36:02 -06:00
Gerd Hoffmann
2886be1b01 acpi: don't pass overflow_time to acpi_pm1_evt_get_sts
Pretty pointless, can easily be reached via ACPIREGS now.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-02-24 13:36:02 -06:00
Gerd Hoffmann
355bf2e5ba acpi: add ACPIREGS
All those acpi structs are not independent from each other.
Various acpi functions expecting multiple acpi structs passed
in are a clean indicator for that ;)

So this patch bundles all acpi structs in the new ACPIREGS
struct, then use it everythere pass around acpi state.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-02-24 13:36:02 -06:00
Andreas Färber
83f7d43a9e qom: Unify type registration
Replace device_init() with generalized type_init().

While at it, unify naming convention: type_init([$prefix_]register_types)
Also, type_init() is a function, so add preceding blank line where
necessary and don't put a semicolon after the closing brace.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Anthony Liguori <anthony@codemonkey.ws>
Cc: malc <av1474@comtv.ru>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-02-15 09:39:21 -06:00
Anthony Liguori
39bffca203 qdev: register all types natively through QEMU Object Model
This was done in a mostly automated fashion.  I did it in three steps and then
rebased it into a single step which avoids repeatedly touching every file in
the tree.

The first step was a sed-based addition of the parent type to the subclass
registration functions.

The second step was another sed-based removal of subclass registration functions
while also adding virtual functions from the base class into a class_init
function as appropriate.

Finally, a python script was used to convert the DeviceInfo structures and
qdev_register_subclass functions to TypeInfo structures, class_init functions,
and type_register_static calls.

We are almost fully converted to QOM after this commit.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-02-03 10:41:06 -06:00
Anthony Liguori
40021f0888 pci: convert to QEMU Object Model
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-27 10:50:50 -06:00
Anthony Liguori
30fbb9fc7c qdev: move qdev->info to class
Right now, DeviceInfo acts as the class for qdev.  In order to switch to a
proper ObjectClass derivative, we need to ween all of the callers off of
interacting directly with the info pointer.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-27 10:50:34 -06:00
Paolo Bonzini
6b620ca3b0 prepare for future GPLv2+ relicensing
All files under GPLv2 will get GPLv2+ changes starting tomorrow.
event_notifier.c and exec-obsolete.h were only ever touched by Red Hat
employees and can be relicensed now.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-13 10:55:56 -06:00
Paolo Bonzini
d8bb00d6d7 qdev: switch children device list to QTAILQ
SCSI buses will need to read the children list first-to-last.  This
requires using a QTAILQ, because hell breaks loose if you just try
inserting at the tail (thus reversing the order of all existing
visits from last-to-first to first-to-tail).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-10-28 19:25:51 +02:00
Jan Kiszka
9e8dd45164 notifier: Pass data argument to callback
This allows to pass additional information to the notifier callback
which is useful if sender and receiver do not share any other distinct
data structure.

Will be used first for the clock reset notifier.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-07-23 11:26:06 -05:00
Paolo Bonzini
6141dbfe0a report serial devices created with -device in the PIIX4 config space
Serial and parallel devices created with -device are not reported in
the PIIX4 configuration space, and are hence not picked up by the DSDT.
This upsets Windows, which hides them altogether from the guest.

To avoid this, check at the end of machine initialization whether the
corresponding I/O ports have been registered.  The new function in
ioport.c does this; this also requires a tweak to isa_unassign_ioport.

I left the comment in piix4_pm_initfn since the registers I moved do
seem to match the 82371AB datasheet.  There are some quirks though.
We are setting this bit:

    "Device 8 EIO Enable (EIO_EN_DEV8)—R/W. 1=Enable PCI access to the
    device 8 enabled I/O ranges to be claimed by PIIX4 and forwarded
    to the ISA/EIO bus. 0=Disable. The LPT_MON_EN must be set to enable
    the decode."

but not LPT_MON_EN (bit 18 at 50h):

    LPT Port Enable (LPT_MON_EN)—R/W. 1=Enable accesses to parallel
    port address range (LPT_DEC_SEL) to generate a device 8 (parallel
    port) decode event. 0=Disable.

We're also setting the LPT_DEC_SEL field (that's the 0x60 written to
63h) to 11, which means reserved, rather than to 01 (378h-37Fh).

Likewise we're not setting SA_MON_EN, SB_MON_EN (respectively bit 14
and bit 16 at address 50h) for the serial ports.  However, we're setting
COMA_DEC_SEL and COMB_DEC_SEL correctly, unlike the corresponding register
for the parallel port.

All these fields are left as they are, since they are probably only
meant to be used in the DSDT.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-07-23 10:56:55 -05:00
Michael S. Tsirkin
befeac45d4 Merge remote-tracking branch 'origin/master' into pci
Conflicts:
	hw/virtio-pci.c
2011-06-15 18:27:15 +03:00
Isaku Yamahata
580b7295e1 hw/acpi_piix4.c: convert to PCIDeviceInfo to initialize ids
use PCIDeviceInfo to initialize ids.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-06-12 10:33:34 +03:00
Gerd Hoffmann
505597e447 Ignore pci unplug requests for unpluggable devices (CVE-2011-1751)
This patch makes qemu ignore unplug requests from the guest for pci
devices which are tagged as non-hotpluggable.  Trouble spot is the
piix4 chipset with the ISA bridge.  Requests to unplug that one will
make it go away together with all ISA bus devices, which are not
prepared to be unplugged and thus don't cleanup, leaving active
qemu timers behind in free'ed memory.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-19 11:06:49 +02:00
Isaku Yamahata
23910d3f66 acpi, acpi_piix: factor out GPE logic
factor out ACPI GPE logic. Later it will be used by ICH9 ACPI.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-04-10 14:00:14 +02:00
Isaku Yamahata
eaba51c573 acpi, acpi_piix, vt82c686: factor out PM1_CNT logic
factor out ACPI PM1_CNT logic. This will be used by ich9 acpi.

Cc: Blue Swirl <blauwirbel@gmail.com>
Cc: Huacai Chen <zltjiangshi@gmail.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-04-09 18:39:06 +02:00