Because the new API doesn't allow overlapping regions with just different
access sizes, we have to create a new "combined" region for both control
and data, when the two share an ioport offset.
Signed-off-by: Avi Kivity <avi@redhat.com>
Convert mechanicaly; the access size of the old_mmio fields
seems odd.
Signed-off-by: Benoit Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
The ARM documentation say transfers between the cpu and the
coprocessor are 32 bits wide.
Use 4 as size for coprocessor read and writes.
Signed-off-by: Benoit Canet <benoit.canet@gmail.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
The mmio register name list only had the names for four port status
registers. We emulate a EHCI adapter with six ports though, the last
two ones are listed as "unknown" in traces. Fix it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch makes iPXE work with the rtl8139 emulation. The rtl8139
driver in iPXE issues a 16bit access on the ChipCmd register
(offset 0x37) to check the status of the rx buffer. The offset of the
ioport access was getting fixed up to 0x36 in qemu, causing the value
read in iPXE to be invalid.
This fixes an issue with iPXE reporting timeouts during TFTP transfers.
Reposting this here because it is trivial enough and the original post
on qemu-devel didn't attract much attention.
Also, the inw() which was causing the issue has been replaced with an
inb() in upstream iPXE:
https://git.ipxe.org/ipxe.git/commit/91dd64ad25baa27954a7518e73df4fca8a2d0c93
Signed-off-by: Julian Pidancet <julian.pidancet@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
When detaching devices from the usb hub we must wakeup too,
otherwise the host misses the detach event.
Commit 4a33a9ea06 does the
same for device attach.
Found by hkran@linux.vnet.ibm.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
qdev doesn't call the ->exit callback on ->init failures, so we have to
take care ourself that we cleanup property on errors.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Use qdev_init() instead of qdev_init_nofail(), usb device initialization
can fail, most common case being port and device speed mismatch. Handle
failures correctly and pass up NULL pointers then.
Also fixup usb_create_simple() callers (only one was buggy) to properly
check for NULL pointers before referncing the usb_create_simple() return
value.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
There is no reason why a scsi-generic device cannot boot if it has
the right type, and indeed it provides already a bootindex property.
So register those devices too.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The pre-1.0 firmware path for SCSI devices already included the LUN
using the suffix argument to add_boot_device_path. Avoid that it is
included twice, and convert the colons to commas for consistency with
other kinds of devices
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
USB mass storage devices are registered twice in the boot order.
To avoid having to keep the two paths in sync, pass the bootindex
property down to the scsi-disk device and let it register itself.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Ivshmem cannot work, and the command lspci cannot show ivshmem BAR2 in the guest.
As for pci_register_bar(), parameter MemoryRegion should be s->bar instead of s->ivshmem.
Reviewed-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Hongyong Zang <zanghongyong@huawei.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Check pending bit only if vector mask status changed.
This is not really important for qemu.git but helps
fix a bug in qemu-kvm.git.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
>From: Jan Kiszka <jan.kiszka@siemens.com>
Only accesses to the MSI-X table must trigger a call to
msix_handle_mask_update, otherwise the vector
value might be out of range.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Only go over the table when function is masked.
This is not really important for qemu.git but helps
fix a bug in qemu-kvm.git.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
AT_REMOVEDIR is not defined on all systems. Pass the raw flags from the
9p protocol, which are always there.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Avoid a conflict on the definition of struct file_handle by
using a replacement name.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Now when you try to migrate with ivshmem, you get a proper QMP error:
(qemu) migrate tcp:localhost:1025
Migration is disabled when using feature 'peer mode' in device 'ivshmem'
(qemu)
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Coverity thinks q could be NULL there and warns.
I believe it can't be NULL there.
Add assert to prove it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Until recently all scsi commands sent to scsi-disk did either transfer
data or finished instantly. The correct implementation of
SYNCRONIZE_CACHE changed the picture though, and usb-storage needs
a fix to handle that case correctly.
Put status word into device state, fill it in command_complete, have
usb_msd_send_status just send it out.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
usb_msd_send_status can be called from different code paths, move the
debug message into the function to make sure it is printed
unconditionally.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Happily passes (size_t)-1 to rom_add_blob_fixed(), which promptly dies
attempting to malloc that much. Spotted by Coverity.
Bonus fix for ROMs larger than INT_MAX bytes: return ssize_t instead
of int. Bug can't bite, because the only user load_aout() limits ROM
size to an int value.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* 's390-1.0' of git://repo.or.cz/qemu/agraf:
s390x: initialize virtio dev region
tcg: Use TCGReg for standard tcg-target entry points.
tcg: Standardize on TCGReg as the enum for hard registers
s390x: Add shutdown for TCG s390-virtio machine
s390: Fix cpu shutdown for KVM
s390: fix short kernel command lines
s390: fix reset hypercall to reset the status
s390x: implement SIGP restart and shutdown
s390x: implement rrbe instruction properly
s390x: update R and C bits in storage key
s390x: make ipte 31-bit aware
s390x: add ldeb instruction
* 'ppc-1.0' of git://repo.or.cz/qemu/agraf:
pseries: Fix qdev.id handling in the VIO bus code
pseries: Allow kernel's early debug output to work
pseries: Default reg for vty should be SPAPR_VTY_BASE_ADDRESS
pseries: Check we have a chardev in spapr_vty_init()
pseries: Fix buggy spapr_vio_find_by_reg()
pseries: Correct RAM size check for SLOF
PPC: Fix for the gdb single step problem on an rfi instruction
tcg-ppc64: Fix compile errors for userspace only builds with gcc 4.6
pseries: Fix initialization of sPAPREnvironment structure
When the user creates a device on the command line with -device, they
can specify the id, using id=foo. Currently the VIO bus code overwrites
this id with it's own value. We should only set qdev.id if it is not
already set by the user.
The device tree code uses qdev.id for the device tree node name, however
we can't rely on the user specifiying the id using proper device tree
syntax, ie. device@reg. So separate the device tree node name from the
qdev.id, but use the same syntax, so they will match by default.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The PAPR specification defines a virtual TTY/console interface for guest
OSes to use via the H_PUT_TERM_CHAR and H_GET_TERM_CHAR hypercalls. There
can be multiple virtual ttys, so these take a "termno" parameter. This
encodes which vty to use as the 'reg' property on the device tree node
associated with that vty.
However, with the early debug options enabled, the Linux kernel will
attempt debugging output through the vty very early, before it has read
the device tree. In this case it always uses a termno of 0. This works
on the existing PowerVM hypervisor, so we assume there must be a hack /
feature in there which interprets termno==0 to mean the default primary
console.
To help with debugging kernels, including existing distribution kernels,
this patch implements a similar feature / hack in qemu. If termno==0
is supplied to H_{GET,PUT}_TERM_CHAR, they use the first available vty
device instead.
We need to be careful in the case that the user has manually created
an spapr-vty at address 0. So first we search for the specified reg and
only if that doesn't match do we fall back.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
In commit b4a7852735 ("Place pseries vty
devices at addresses more similar to existing machines"), we changed the
default reg for the vty to 0x30000000, however we didn't update the default
value for a user specified vty device. Fix that.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
If qemu is run like:
qemu-system-ppc64 -nodefaults -device spapr-vty
We end up in spapr_vty_init() with dev->chardev == NULL. Currently
that leads to a segfault because we unconditionally call
qemu_chr_add_handlers().
Although we could make that call conditional, I think a spapr-vty
without a chardev is basically useless so fail the init. This is
similar to what the serial code does for example.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The spapr_vio_find_by_reg() function in hw/spapr_vio.c is supposed to find
the device structure for a PAPR virtual IO device with the given reg value,
and return NULL if none exists.
It does the first ok, but if no device with that reg exists, it just
returns the last device traversed in the list. This patch fixes it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
The SLOF firmware used on the pseries machine needs a reasonable amount of
(guest) RAM in order to run, so we have a check in the machine init
function to check that this is available. However, SLOF runs in real mode
(MMU off) which means it can only actually access the RMA (Real Mode Area),
not all of RAM. In many cases the RMA is the same as all RAM, but when
running with Book3S HV KVM on PowerPC 970, the RMA must be especially
allocated to be (host) physically contiguous. In this case, the RMA size
is determined by what the host admin allocated at boot time, and will
usually be less than the whole guest RAM size.
This patch corrects the test to see if SLOF has enough memory for this
case.
In addition, more recent versions of SLOF that were committed earlier don't
need quite as much memory as earlier versions. Therefore, this patch also
reduces the amount of RAM we require to run SLOF.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
CD burning messes up the state of the host page cache and host block
device. Just pass all operations down to the device, even though that
might have slightly worse performance. Everything else just is not
reliable in combination with burning.
Reported-by: Thomas Schmitt <scdbackup@gmx.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This will let scsi-block/scsi-generic report progress on long
operations.
Reported-by: Thomas Schmitt <scdbackup@gmxbackup.net>
Tested-by: Thomas Schmitt <scdbackup@gmxbackup.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reported-by: Thomas Schmitt <scdbackup@gmx.net>
Tested-by: Thomas Schmitt <scdbackup@gmx.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
- several MMC commands were parsed wrong by QEMU because their allocation
length/parameter list length is placed in a non-standard position in
the CDB (i.e. it is different from most commands with the same value in
bits 5-7).
- SEND VOLUME TAG length was multiplied by 40 which is not in SMC. The
parameter list length is between 32 and 40 bytes. Same for MEDIUM SCAN
(spec found at http://ldkelley.com/SCSI2/SCSI2-16.html but not in any of
the PDFs I have here).
- READ_POSITION (SSC) conflicts with PRE_FETCH (SBC). READ_POSITION's
transfer length is not hardcoded to 20 in SSC; for PRE_FETCH cmd->xfer
should be 0. Both fixed.
- FORMAT MEDIUM (the SSC name for FORMAT UNIT) was missing. The FORMAT
UNIT command is still somewhat broken for block devices because its
parameter list length is not in the CDB. However it works for CD/DVD
drives, which mandate the length of the payload.
- fixed wrong sign-extensions for 32-bit fields (for the LBA field,
this affects disks >1 TB).
- several other SBC or SSC commands were missing or parsed wrong.
- some commands were not in the list of "write" commands.
Reported-by: Thomas Schmitt <scdbackup@gmx.net>
Tested-by: Thomas Schmitt <scdbackup@gmx.net> (MMC bits only)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Add more commands and their names, and remove SEEK(6) which is obsolete.
Instead, use SET_CAPACITY which is still in SSC.
Tested-by: Thomas Schmitt <scdbackup@gmx.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Mode page 2A of emulated ATAPI DVD-ROM should have page length 0x14
like SCSI CD-ROM, rather than 0x12.
Mode page length is off by 8, as it should contain the length of the
payload after the first two bytes.
MODE SENSE(6) should be thrown out of ATAPI DVD-ROM emulation. It is
not specified in the ATAPI list of MMC-2, and MMC-5 prescribes to use
MODE SENSE(10). Anyway, its implementation is wrong.
Reported-by: Thomas Schmitt <scdbackup@gmx.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Old operating systems rely on correct geometry to convert from CHS
addresses to LBA. Providing correct data is necessary for them to boot.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The pre-1.0 firmware path for SCSI devices already included the LUN
using the suffix argument to add_boot_device_path. I missed that when
making channel and LUN customizable. Avoid that it is included twice, and
convert the colons to commas for consistency with other kinds of devices
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This bug was detected by codespell.
In mips_mipssim.c a grammatical error was fixed, too.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
The default is still 3, and I didn't change older machine types.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Fix a long-standing bug which meant that any attempt to do an
8 or 16 bit read from the OMAP GPIO module would cause qemu to
crash due to an infinite recursion.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When running the s390x virtio machine we can potentially use uninitialized
memory for the virtio device backing ram. That can lead to weird breakge.
So let's better initialize it to 0 properly.
Reported-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
v1 -> v2:
- use target_phys_addr_t
On s390 a shutdown is the state of all CPUs being either stopped
or disabled (for interrupts) waiting. We have to track the overall
number of running CPUs to call the shutdown sequence accordingly.
This patch implements the counting and shutdown handling for the
kvm path in qemu.
Lets also wrap changes to env->halted and env->exception_index.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
The default kernel command line for s390 is
"root=/dev/ram0 ro"
When overriding this line, we have to ensure to also copy the \0 to
avoid false lines, for example, -append "root=/dev/vda" will result in
"root=/dev/vda0 ro" with the current code.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
also gracefully fail on nand_device_init() for unsupported block
size instead of aborting.
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Depending on the considered baseboard the bit used to
reset the platform is different.
Here is the list of considered Realview/Versatile platforms:
Realview/Versatile AB for ARM926EJ-S: BOARD_ID = 0x100 = BOARD_ID_PB9
http://infocenter.arm.com/help/topic/com.arm.doc.dui0225d/CACCIFGI.html
RealView Emulation Baseboard: BOARD_ID = 0x140 = BOARD_ID_EB
No reset register
RealView PB for Cortex-A8: BOARD_ID = 0x178 = BOARD_ID_PBA8
http://infocenter.arm.com/help/topic/com.arm.doc.dui0417d/BBACIGAD.html
RealView PB for Cortex-A9: BOARD_ID = 0x182 = BOARD_ID_PBX
http://infocenter.arm.com/help/topic/com.arm.doc.dui0440b/CACCHBFB.html
Motherboard Express =C2=B5ATX: BOARD_ID = 0x190 = BOARD_ID_VEXPRESS
No reset register
Signed-off-by: Jean-Christophe DUBOIS <jcd@tribudubois.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Fix an error in commit afd4a6522 which meant that writing a zero
to the RW bits in the PMCR wouldn't actually clear them. (Error
spotted by Andrzej Zaborowski.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
"!X == 2" is always false (spotted by Coverity), so the checks
for whether rndis is in the correct state would never fire.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
There are only three counter/timers on the integrator board:
correct the bounds check to avoid an array overrun. (Spotted
by Coverity, see bug 887883).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Fix a bug in handling the write-one-to-clear bits in the PMCR
which meant that we would always clear the bit even if the
value written was a zero. Spotted by Coverity (see bug 887883).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Remove a pointless comparison of an array to null. (There is
no need to check whether s->out[i] is non-null as qemu_set_irq
will do that for us.) Spotted by Coverity (see bug 887883).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Remove a check for g_malloc failing: this never happens.
Also use g_malloc rather than g_malloc0 as we immediately
memset the entire region and so zero-initialising it is pointless.
Spotted by Coverity (see bug 887883).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Avoid a crash due to null pointer dereference if a guest attempts
to access banked registers for a nonexistent bank. Spotted by
Coverity (see bug 887883).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Since we added PCI support to the pseries machine, we include a qlist of
PCI host bridges in the sPAPREnvironment structure. However this list
was never properly initialized it. Somehow we got away with this until
some other recent change broke it, and we now segfault immediately on
startup.
This patch adds the required QLIST_INIT(), and while we're at it makes sure
we initialize the rest of the sPAPREnvironment structure to 0, to avoid
future nasty surprises.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Fix a use-while-uninitialized of the fd_type[] array (introduced
in commit 34d4260e1, noticed by Coverity). This is more theoretical
than practical, since it's quite hard to get here with floppy==NULL
(the qdev_try_create() of the isa-fdc device has to fail).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Add a missing 'break' statement to fix a buffer overrun when
executing the EEPROM write-all command. Spotted by Coverity
(see bug 887883).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
hpet_timer timer callback rearms itself based on difference between
current HPET tick counter and comparator value. Difference calculated by
the hpet_calculate_diff function is limited to non-negative values.
cur_tick is calculated via hpet_get_ticks that uses qemu_get_clock_ns(vm_clock).
With -icount enabled vm_clock doesn't advance during qemu_run_timers
loop thus once difference is zero, qemu_run_timers loops forever
handling hpet_timer.
Limit hpet_calculate_diff results to positive only values to avoid that
infinite loop.
This fixes the following qemu-system-x86_64 hang when it reaches
timer_irq_works() in the linux bootup:
[ 0.000000] Fast TSC calibration using PIT
[ 0.000000] Detected 1000.054 MHz processor.
[ 0.000031] Calibrating delay loop (skipped), value calculated using timer frequency.. 2000.10 BogoMIPS (lpj=10000540)
[ 0.000404] pid_max: default: 32768 minimum: 301
[ 0.001138] Mount-cache hash table entries: 256
[ 0.003883] Initializing cgroup subsys ns
[ 0.004035] Initializing cgroup subsys cpuacct
[ 0.004280] Initializing cgroup subsys freezer
[ 0.004790] Performance Events: AMD PMU driver.
[ 0.004985] ... version: 0
[ 0.005134] ... bit width: 48
[ 0.005285] ... generic registers: 4
[ 0.005437] ... value mask: 0000ffffffffffff
[ 0.005625] ... max period: 00007fffffffffff
[ 0.005807] ... fixed-purpose events: 0
[ 0.005957] ... event mask: 000000000000000f
[ 0.006275] SMP alternatives: switching to UP code
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Add missing 'break' statements which would have meant that writing
to an 8 bit NAND device was broken. Spotted by Coverity (see bug
887883).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Fix a bug revealed by a coverity scan (see bug 887883) which meant
that we would never print the warning about unpredictable behaviour
if a nonexistent overlay is enabled.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Modern distributions place xattr.h in /usr/include/sys, and fold
libattr.so into libc. They also don't have an ENOATTR.
Make configure detect this, and add a qemu-xattr.h file that
directs the #include to the right place.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Commit 0a039dc700 broke vga modes for
qxl-vga by loosing vga_ioport_read windup. qxl needs to hook into
vga port writes only and used to realize that by letting vga_init() do
the work for both reads and writes, then overwrite the write function.
That little detail was missed while doing the conversion ...
This patch fixes it. It also switch qxl vga ioport registration to
portio lists while being at it.
Cc: Hans de Goede <hdegoede@redhat.com>
Acked-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch removes the code lines which set the subsystem id for the
emulated ac97 card to 8086:0000. Due to the device id being zero the
subsystem id isn't vaild anyway. With the patch applied the sound card
gets the default qemu subsystem id (1af4:1100) instead.
[ v2: old & broken id is maintained for -M pc-$oldqemuversion ]
Cc: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
sgabios hasn't gotten a lot of coverage since it was not shipped. For 1.0,
let's disable the automatic loading of the option ROM in -nographic
mode. We can put it back for 1.1.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Somehow, the read/write functions handle an offset that does not exist anymore.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
The first enable set/clear register (which controls the PPIs and SGIs)
is supposed to be banked for each processor. Currently it is just
handled globally and this prevents recent SMP Linux kernels from
booting, because CPU0 stops receiving localtimer interrupts when CPU1
disables them locally.
To fix this, allow the enable bits to be enabled per-cpu. For SPIs,
always enable/disable ALL_CPU_MASK.
Signed-off-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
With the conversion of the block layer to coroutines, bdrv_read/write
have changed to run a nested event loop that calls qemu_bh_poll.
Consequently a scheduled BH can be called while a DMA transfer handler
runs and this means that DMA_run becomes reentrant.
Devices haven't been designed to cope with that, so instead of running a
nested transfer handler just wait for the next invocation of the BH from the
main loop.
This fixes some problems with the floppy device.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* 'xtensa' of git://jcmvbkbc.spb.ru/dumb/qemu-xtensa:
xtensa_lx60: fix build date code and change memory region names
xtensa_lx60: pass kernel arguments from -append
xtensa_lx60: add FLASH support
target-xtensa: raise an exception for invalid and reserved opcodes
target-xtensa: handle cache options in the overlay tool
target-xtensa: mask out undefined bits of WINDOWSTART SR
apic id returned to guest kernel in ebx for cpuid(function=1) depends on
CPUX86State->cpuid_apic_id which gets populated after the cpuid information
is cached in the host kernel. This results in broken CPU topology in guest.
Fix this by setting cpuid_apic_id before cpuid information is passed to
the host kernel. This is done by moving the setting of cpuid_apic_id
to cpu_x86_init() where it will work for both KVM as well as TCG modes.
Acked-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Bharata B Rao <bharata.rao@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
commit ba43d28916 introduces a bug:
The stream-not-found case doesn't error out any more, instead the
code silently uses the first stream. Fix it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When SCSI passthrough is being used by the guest with virtio-blk, the
guest is not able to detect disk failures. This is because the status
field is expected by the guest driver to include also the msg_status,
host_status and driver_status fields, but the device is only passing
down the SCSI status.
The patch fixes this, and also makes sure that the guest always sees a
CHECK_CONDITION status when there is valid sense data.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Markus Armbruster <armbru@redhat.com> sent fixes for va_list vararg
issues in v9fs_string_alloc_printf(). It turns out the function
duplicates g_vasprintf() and can therefore be eliminated entirely.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Fix date code to uses MMDDYYYY notation.
Change memory region names to reflect specification that defines them.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
LX60 carry 4 Mbyte FLASH and 128 Kbyte SRAM, LX200 carry 16 Mbyte FLASH
and 32 Mbyte SRAM. Either of these memories may be mapped to the system
ROM region.
Select boot from FLASH if -kernel option is not specified, otherwise
boot from SRAM.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Update lnkst on link state changes so that guests can obtain this
information via reading back the LED output pin. Works for Linux but
not for guests that depend on the missing PHY.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Implement the various IO access widths according to the spec. This
specifically unbreaks word and dword access to the PROM area that is
mapped into IO space. It also drops redundant upper limit checks and
spurious "return void".
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This moves BCR defines to the common header and immediately makes use of
them to add BCR_APROMWE, replacing the open-coded write check in
pcnet_aprom_writeb.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Currently, virtio devices are usually presented to the guest as an
emulated PCI device, virtio_pci. Although the actual IO operations
are done through system memory, the configuration of the virtio device
is done through the one PCI IO space BAR that virtio_pci presents.
But PCI IO space (aka PIO) is deprecated for modern PCI devices, and
on some systems with many PCI domains accessing PIO space can be
problematic. For example on the existing PowerVM implementation of
the PAPR spec, PCI PIO access is not supported at all. We're hoping
that our KVM implementation will support PCI PIO (once we support PCI
at all), but it will probably have some irritating limitations.
This patch, therefore, extends the virtio_pci device to have a PCI
memory space (MMIO) BAR as well as the IO BAR. The MMIO BAR contains
exactly the same registers, in exactly the same layout as the existing
PIO BAR.
Because the PIO BAR is still present, existing guest drivers should
still work fine. With this change in place, future guest drivers can
check for an MMIO BAR and use that if present (falling back to PIO
when possible to support older qemu versions).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This updates the usb-uhci device emulation to use the explicit PCI DMA
wrapper to initialize its scatter/gathjer structure. This means this
driver should not need further changes when the sglist interface is
extended to support IOMMUs.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This updates the usb-ehci device emulation to use the explicit PCI DMA
wrapper to initialize its scatter/gathjer structure. This means this
driver should not need further changes when the sglist interface is
extended to support IOMMUs.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This updates the PCI IDE device emulation to use the explicit PCI DMA
wrapper to initialize its scatter/gathjer structure. This means this
driver should not need further changes when the sglist interface is
extended to support IOMMUs.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This updates the intel-hda device emulation to use the explicit PCI DMA
functions, instead of directly calling physical memory access functions.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This updates the pcnet-pci device emulation to use the explicit PCI DMA
functions, instead of directly calling physical memory access functions.
Signed-off-by: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This updates the lsi53c895a device emulation to use the explicit PCI DMA
functions, instead of directly calling physical memory access functions.
Signed-off-by: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This updates the e1000 device emulation to use the explicit PCI DMA
functions, instead of directly calling physical memory access functions.
Signed-off-by: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This updates the es1370 device emulation to use the explicit PCI DMA
functions, instead of directly calling physical memory access functions.
Signed-off-by: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This updates the ac97 device emulation to use the explicit PCI DMA
functions, instead of directly calling physical memory access functions.
Signed-off-by: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This updates the eepro100 device emulation to use the explicit PCI DMA
functions, instead of directly calling physical memory access functions.
Signed-off-by: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This updates the rtl8139 device emulation to use the explicit PCI DMA
functions, instead of directly calling physical memory access functions.
Signed-off-by: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch adds functions to pci.[ch] to perform PCI DMA operations.
At present, these are just stubs which perform directly cpu physical
memory accesses. Stubs are included which are analogous to
cpu_physical_memory_{read,write}(), the stX_phys() and ldX_phys()
functions and cpu_physical_memory_{map,unmap}().
In addition, a wrapper around qemu_sglist_init() is provided, which
also takes a PCIDevice *. It's assumed that _init() is the only
sglist function which will need wrapping, the idea being that once we
have IOMMU support whatever IOMMU context handle the wrapper derives
from the PCI device will be stored within the sglist structure for
later use.
Using these stubs, however, distinguishes PCI device DMA transactions from
other accesses to physical memory, which will allow PCI IOMMU support to
be added in one place, rather than updating every PCI driver at that time.
That is, it allows us to update individual PCI drivers to support an IOMMU
without having yet determined the details of how the IOMMU emulation will
operate. This will let us remove the most bitrot-sensitive part of an
IOMMU patch in advance.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Make the ps2 device track its ledstate so that we can migrate it.
Otherwise it gets lost across migration, and spice-server gets
confused about the actual keyboard state and sends bogus
caps/scroll/num key events. This fixes RH bug #729294
We only need to migrate the state when it is different of the default
one (0).
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* 'ppc-next' of git://repo.or.cz/qemu/agraf: (24 commits)
pseries: Add partial support for PCI
ppc: Alter CPU state to mask out TCG unimplemented instructions as appropriate
pseries: Allow writes to KVM accelerated TCE table
KVM: PPC: Override host vmx/vsx/dfp only when information known
ppc: Fix up usermode only builds
pseries: Correct vmx/dfp handling in both KVM and TCG cases
PPC: Fail configure when libfdt is not available
ppc: Avoid decrementer related kvm exits
PPC: Disable non-440 CPUs for ppcemb target
PPC: Bump qemu-system-ppc to 64-bit physical address space
pseries: Under kvm use guest cpu = host cpu by default
ppc: Add cpu defs for POWER7 revisions 2.1 and 2.3
ppc: First cut implementation of -cpu host
ppc: Remove broken partial PVR matching
pseries: Update SLOF firmware image
pseries: Add device tree properties for VMX/VSX and DFP under kvm
ppc: Generalize the kvmppc_get_clockfreq() function
Set an invalid-bits mask for each SPE instructions
pseries: Update SLOF firmware image
pseries: Use Book3S-HV TCE acceleration capabilities
...
OpenCores 10/100 Mbps Ethernet MAC specification doesn't clearly state
whether FCS is counted in the RX frame length or not. Looks like it is.
Append zero FCS to the received frames.
Get rid of big static buffer for RX frame padding, optimize it for the
most common MINFL value range.
Set RXD_TL for the long frames only when HUGEN bit is set.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Some USB drivers, for example USBASPI.SYS, will skip different type of
device which has same VID/PID. The following patch helps preventing
usb-msd being skipped by the driver.
Signed-off-by: Roy Tam <roytam@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When attaching a new device we must send a wakeup request to the root
hub, otherwise the guest will not notice the new device in case the
usb hub is suspended.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
RHBZ 740547
If we migrate when the device is in vga state the guest
still believes the slots are created, and will cause operations
that reference the slots, causing a "panic: virtual address out of range"
on the first of them. Easy to see by migrating in vga mode with
a driver loaded, for instance windows cmd window in full screen mode,
and then exiting vga mode back to native mode will cause said panic.
Fixed by doing the slot recreation in post_load for vga mode as well.
Note that compat does not require any changes because it creates it's
only slot by a side effect of QXL_IO_SET_MODE.
Signed-off-by: Alon Levy <alevy@redhat.com>