vhost dev stop failed to clear the log field.
Typically not an issue as dev start overwrites this field,
but if logging gets disabled before the following start,
it doesn't so this causes a double free.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The new xen_console protocol changed the default xen_console output device
from whatever Qemu chose to whatever xenstore choses and "pty" as fallback.
This is not how Qemu works. It has its own serial redirection semantics. So
it xenstore doesn't contain information on what to do, Qemu is the place to
ask.
Signed-off-by: Alexander Graf <agraf@suse.de>
Since CS 21994 on xen-unstable.hg and CS
466608f3a32e1f9808acdf832a5843af37e5fcec on qemu-xen-unstable.git, few
changes have been introduced to the PV console xenstore protocol, as
described by the document docs/misc/console.txt under xen-unstable.hg.
From the Qemu point of view, very few modifications are needed to
correctly support the protocol: read from xenstore the "output" node
that tell us what the output of the PV console is going to be.
In case the output is a tty, write to xenstore the device name.
Changes in v2:
- fix error paths: free malloc'ed strings and close the xenstore
connection before returning;
- remove useless snprintf in xenstore_store_pv_console_info if i == 0.
Changes in v3:
- replace xs_daemon_open/xs_daemon_close with xs_open/xs_close.
Changes in v4:
- add a compatibility implementation of xs_open/xs_close.
Changes in v5:
- fix code style.
[agraf] fix build error due to missing stub
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Sometimes the toolstack uses "aio" without an additional format
identifier, in such cases use "raw".
Updated in v2:
- fix code style.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
When disk is a cdrom and the drive is empty the "params" node in
xenstore might be missing completely: cope with it instead of
segfaulting.
Updated in v2:
- actually removed the strchr(blkdev->params, ':') that caused the
segfault;
- free all the allocated strings from xenstore before returning;
Updated in v3:
- set blkdev fields to NULL after free'ing them.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Register the vkbd backend even when running as device emulator for HVM
guests: it is useful because it doesn't need a frequent timer like usb.
Check whether the XenInput DisplayState has been set in the initialise
state, rather than the input state.
In case the DisplayState hasn't been set and there is no vfb for this
domain, then set the XenInput DisplayState to the default one.
Changed in v2:
- use qemu_free instead of free;
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
con_init leaks the string "type", fix it.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Xen won't be enabled if there is no backend support available for the
host. And that also means the map cache will work. So drop the separate
config switch and move the required stubs over to xen-stub.c.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This bug was introduced in 94d3f98a3f:
scsi_cancel_io was checking if some request was pending before trying
to cancel it, while scsi_req_cancel always cancels the request.
This may lead to a crash of Qemu due to dereferencing a NULL pointer,
as exhibited by NetBSD 5.1 installer on MIPS Magnum emulation.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Add ich9 controllers, Factor out properties to a separate
struct and reference it to reduce duplication.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
To use as a companion controller, use pci-ohci as device and set the
masterbus and num-ports properties, ie:
-device usb-ehci,addr=0b.1,multifunction=on,id=ehci0
-device pci-ohci,addr=0b.0,multifunction=on,masterbus=ehci0.0,num-ports=4
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
To use as a companion controller set the masterbus property.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The PED bit should only be set for highspeed devices and the PEDC bit
should not be set on "normal" PED bit changes, only on io errors.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
with the "usb-ehci: cleanup port reset handling" patch in place no callers
are calling usb_attach(port, NULL) for a port where port->dev is NULL.
Doing that makes no sense as that causes the port detach op to get called
for a port with nothing attached. Add an assert that port->dev != NULL when
dev == NULL, and remove the check for not having a port->dev in the dev == NULL
case.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Doing a usb_attach when dev is NULL will just result in the
port detach op getting called even though nothing was connected in
the first place.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Note this fixes 2 things in one go, first of all the device_destroy bus
op should be a device_detach bus op, as pending async packets from the
device should be cancelled on detach not on destroy.
Secondly having this as a bus op won't work with companion controllers, since
then there will be 1 bus driven by the ehci controller and thus 1 set of bus
ops, but the device being detached may be downstream of a handed over port.
Making the detach of a downstream device a port op allows the ehci controller
to forward this to the companion controller port for handed over ports.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This makes them consistent with the attach and detach ops, and in general
it makes sense to make portops take a port as argument. This also makes
adding support for a companion controller easier / cleaner.
[ kraxel: fix usb-musb.c build ]
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This is a preparation patch for adding support for USB companion controllers.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Cleanup / preparation patch for companion controller support. Note that
as a "side-effect" this patch also fixes the milkymist-softusb controller
not having a port_location set for its ports.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
In musb_packet() handle final processing of non-asynchronous
USB packets by directly calling musb_schedule_cb() rather than
going through usb_packet_complete(). The latter will trigger
an assertion because the packet doesn't belong to a device.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Just in case there's still a way how a guest can read out buffers when it's not
supposed to, let's zero the buffers during initialisation so that we don't leak
information to the guest.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
This fixes https://bugs.launchpad.net/qemu/+bug/786209:
When the DRQ_STAT bit is set, the IDE core permits both data reads
and data writes, regardless of whether the current transfer was
initiated as a read or write.
This potentially leaks uninitialized host memory into the guest,
if, before doing anything else to an IDE device, the guest begins a
write transaction (e.g. WIN_WRITE), but then *reads* from the IO
port instead of writing to it.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
It needs to be a qdev property, because it belongs to the drive's
guest part. Precedence: commit a0fef654 and 6ced55a5.
Bonus: info qtree now shows the serial number.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Until now, pxa2xx_lcd only supported 90deg rotation, but
some machines (for example Zipit Z2) needs 270deg rotation.
Signed-off-by: Vasily Khoruzhick <anarsoul@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Parameter 'info' is const, so add the missing attribute.
v2:
Add 'const' to the local variable info in do_cpu_reset() and to
the boot_info field in CPUARMState (suggested by Peter Maydell).
Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
report correct mode when in undefined mode.
introduces qxl_mode_to_string(), and uses it in other places too.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This bug showed up after 1455084ea2, and
may be seen only on operating systems *not* using DMA to give commands
to SCSI adapter.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* 'ppc-next' of git://repo.or.cz/qemu/agraf:
PPC: move TLBs to their own arrays
PPC: 440: Use 440 style MMU as default, so Qemu knows the MMU type
PPC: E500: Use MAS registers instead of internal TLB representation
PPC: Only set lower 32bits with mtmsr
PPC: update openbios firmware
PPC: mpc8544ds: Add hypervisor node
PPC: calculate kernel,initrd,cmdline locations dynamically
target-ppc: Handle memory-forced I/O controller access
PPC: E500: Implement reboot controller
If I start qemu with:
# qemu -hda disks/test.img -enable-kvm -m 1G -snapshot \
-device virtio-serial \
-chardev socket,host=localhost,port=1234,server,nowait,id=foo \
-device virtserialport,chardev=foo,name=org.qemu.guest_agent
I get a segfault when booting a Fedora 14 guest. The backtrace says:
Program terminated with signal 11, Segmentation fault.
#0 0x0000000000420850 in handle_control_message (vser=0x3732bd0, buf=0x2c173e0, len=8) at /home/lcapitulino/src/qmp-unstable/hw/virtio-serial-bus.c:335
335 info = DO_UPCAST(VirtIOSerialPortInfo, qdev, port->dev.info);
What's happening is VIRTIO_CONSOLE_DEVICE_READY is a message for the
whole device, not for an individual port. So port is NULL. This bug was
introduced by commit a15bb0d6a9.
This commit fixes that by making the port returned by find_port_by_id()
be used only by the VIRTIO_CONSOLE_PORT_READY and
VIRTIO_CONSOLE_PORT_OPEN messages.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
This is an all-in-one fix for the smaller and bigger mistakes of the
build system changes for accompanied Linux headers:
- only enable KVM and vhost on Linux hosts
- fix powerpc asm header symlink
- do not use Linux headers on non-Linux hosts
- fix kvmclock for !CONFIG_KVM
- fix s390 build on non-Linux hosts
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Tested-by: Andreas Färber <andreas.faerber@web.de>
Tested-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Fix a couple of typos in comments.
Signed-off-by: Matthew Fernandez <matthew.fernandez@gmail.com>
Acked-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
error_report() prepends location, and appends a newline. The message
constructed from the arguments should not contain a newline. Fix the
obvious offenders.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
It needs to be a qdev property, because it belongs to the drive's
guest part. Precedence: commit a0fef654 and 6ced55a5.
Bonus: info qtree now shows the serial number.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Correct a number of minor errors in the OHCI wakeup implementation:
* when the port is suspended but the controller is not, raise RHSC
* when the controller is suspended but the port is not, raise RD
* when the controller is suspended, move it to resume state
These fix some edge cases where a USB device might not successfully get
the attention of the guest OS if it tried to do so at the wrong time.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This is used to indicate at which speed[s] the device can operate,
so that this can be checked to match the ports capabilities when it gets
attached to a bus.
Note that currently all usb1 emulated device claim to be fullspeed, this
seems to not cause any problems, but still seems wrong, because with real
hardware keyboards, mice and tablets usually are lo-speed, so reporting these
as fullspeed devices seems wrong.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add properties for the wakeup rate and the max number of frames ehci
will process at once.
The wakeup rate defaults to 1000 which equals the usb frame rate. This
can be reduced to make qemu wake up less often when ehci is active.
In case the wakeup rate is reduced or the ehci timer is delayed due to
latency issues elsewhere in qemu ehci will process multiple frames at
once. The maxframes property specifies the upper limit for this.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diagnose the case where the user asked for a NIC via "-net nic"
but the board didn't instantiate that NIC (for example where the
user asked for two NICs but the board only supports one). Note
that this diagnostic doesn't apply to NICs created through -device,
because those are always instantiated.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When running kvm-autotest, fputc() is often the second highest (sometimes #1)
function showing up in a profile. This is due to fputc() locking the file
for every byte written.
Optimize by buffering a line's worth of pixels and writing that out in a
single call.
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This warning is new in gcc 4.6.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Introduce a new emulated PCI device, specific to fully virtualized Xen
guests. The device is necessary for PV on HVM drivers to work.
Signed-off-by: Steven Smith <ssmith@xensource.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Compared to the last version I only added a comment to the code.
- remove i440FX-xen and i440fx_write_config_xen
we don't need to intercept pci config writes to i440FX anymore;
- introduce PIIX3-xen and piix3_write_config_xen
we do need to intercept pci config write to the PCI-ISA bridge to update
the PCI link routing;
- set the number of PIIX3-xen interrupts line to 128;
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
If the cirrus_vga PCI BAR is unmapped than we should not only reset
map_addr but also lfb_addr, otherwise we'll keep trying to map
the old lfb_addr in map_linear_vram.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This function will be used to support sync dirty bitmap.
This come with a check against every Xen release, and special
implementation for Xen version that doesn't have this specific call.
This function will not be usable with Xen 3.3 because the behavior is
different.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Until now, we've created a union over multiple different TLB types and
allocated that union. While it's a waste of memory (and cache) to allocate
TLB information for a TLB type with much information when you only need
little, it also inflicts another issue.
With the new KVM API, we can now share the TLB between KVM and qemu, but
for that to work we need to have both be in the same layout. We can't just
stretch it over to fit some internal different TLB representation.
Hence this patch moves all TLB types to their own array, allowing us to only
address and allocate exactly the boundaries required for the specific TLB
type at hand.
Signed-off-by: Alexander Graf <agraf@suse.de>
We have some KVM interaction code in Qemu that tries to be clever and
ignore some capabilities when running on BookE style MMUs. Unfortunately,
the default CPU bamboo was defaulting to was not a BookE-style MMU,
resulting in the check to fail.
With this patch, guests can run again on 440 with -enable-kvm.
Signed-off-by: Alexander Graf <agraf@suse.de>
The natural format for e500 cores to do TLB manipulation with are the MAS
registers. Instead of converting them into some internal representation
and back again when the guest reads them, we can just keep the data
identical to the way the guest passed it to us.
The main advantage of this approach is that we're getting closer to being
able to share MMU data with KVM using shared memory, so that we don't need
to copy lots of MMU data back and forth all the time. For this to work
however, another patch is required that gets rid of the TLB union, as that
destroys our memory layout that needs to be identical with the kernel one.
Signed-off-by: Alexander Graf <agraf@suse.de>
When running a PPC guest with KVM that can do PV operations, we need
to indicate the guest which instructions to use for a hypercall and
that it is running as KVM guest.
This logic was available on openbios based machines already. This patch
also adds said functionality to the mpc8544ds machine.
Signed-off-by: Alexander Graf <agraf@suse.de>
Acked-by: Scott Wood <scottwood@freescale.com>
During testing, I was generating a vmlinux binary that easily occupied
more than 20MB of RAM. Since the current -kernel code loads the initrd
at a fixed address behind the kernel, we were overwriting kernel data
when the kernel got too big.
To finally get rid of the issue, let's calculate the initrd and cmdline
addresses relative to the kernel size, so we can have kernels and initrds
that are as big as they want to - as long as they fit in RAM.
Signed-off-by: Alexander Graf <agraf@suse.de>
When Linux reboots an e500 VM, it writes to a magic register in the
"global-utilities" device indicated by the device tree. We were not
emulating that device so far, rendering the VM reboot-less.
This patch implements that device with only the reboot functionality
implemented and adds it to the device tree. With this patch applied,
I can successfully reboot a -M mpc8544ds VM.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Andreas Färber <andreas.faerber@web.de>
As pci id initialization is moved to common layer,
some initialization function can be empty.
So don't call init method if NULL.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The 9118 ethernet controller interrupt line is active low unless
the IRQ config register is programmed to set both the IRQ_POL
(polarity: active-high) and IRQ_TYPE (type: push-pull) bits:
implement support for inverting the irq output in other configurations.
This also requires that we support setting the bits in the first
place, and that we correctly preserve them across software reset.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Register the smc91c111 reset function as a qdev reset function.
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Clearing the error status flag was missing for restarting flushes. Now that the
error status is separate from the BM status register, we can simply set it to 0
after restarting the request. This ensures that we never forget to clear a bit.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Add support for TRIM sub function of the data set management command,
and wire it up to the qemu discard infrastructure.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Replace the is_read flag with a dma_cmd flag to allow the dma and
restart logic to handler other commands like TRIM.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
When a failed PIO request caused the VM to stop, we still need to transfer the
PIO state even though DRQ=0 at this point.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
When adding the werror=stop mode, some flags were added to s->status
which are used to determine what kind of operation should be restarted
when the VM is continued.
Unfortunately, it turns out that s->status is in fact a device register
and as such is visible to the guest (some of the abused bits are even
writable for the guest).
For migration we keep on using the old VMState field (renamed to
migration_compat_status) if the status register doesn't use any of the
previously abused bits. If it does, we use a subsection with a clean copy of
the status register.
The error status is always sent in a subsection if there is any error. It can't
use the old field because errors happen even without PCI.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
ccid_initfn() allocates CCIDBus dynamically, but there is no exit
callback to free it.
Fix by getting rid of the allocation.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
When qemu gets compiled without support of vhost-net, any attempt
to use it fails with a very clear error message:
qemu-system-x86_64: -netdev ...,vhost=on: vhost-net requested but could not be initialized
there's absolutely no reason given _why_ it coult not be
initialized, and even strace'ing the process in question
does not reveal any errors. So print a message telling
what's going on.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
expire_time must be initialited when the guest activates the
usb scheduler, not at device creation time.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Implement the wakeup callback in the OHCI USBPortOps, so that when
a downstream device wakes up it correctly causes the OHCI controller
to come out of suspend.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
HcPeriodCurrentED is read-only, but Linux writes to it anyway; silently
ignore this rather than printing a warning message.
(Specifically, drivers/usb/host/ohci-hub.c:ohci_rh_resume() writes a
0, in at least kernels 2.6.25 through 2.6.39.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This causes an "Error: tried to detach unattached usb device " to be printed,
this can happen when deleting ie a usb host qdev, which did not
get attached (because a device matching the filter never got plugged in).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch fixes a bunch of issues in the itd descriptor handling.
Most important fix is to handle transfers which cross page borders
correctly by looking up the address of the next page. Luckily the
linux uses physically contigous memory so the data used to hits the
correct location even with this bug instead of corrupting guest
memory. Also the transfer length updates for outgoing transfers wasn't
correct.
While being at it DPRINTFs have been replaced by tracepoints.
The isoch_pause logic has been disabled. Not clear to me which propose
this serves and I think it is incorrect too as we just skip processing
itds. Even when no xfer happens we have to clear the active bit.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The USB tablet advertises that it supports the "boot" protocol.
However, its reports aren't "boot" protocol compatible. So, it
shouldn't claim that.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The QEMU USB mouse claims to support the "boot" protocol
(bInterfaceSubClass is 1). However, the mouse rejects the
Set_Protocol command.
The qemu mouse does support the "boot" protocol specification, so a
simple fix is to enable the Set_Protocol request.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The state machine doesn't stop in EXECUTING state any more when async
packets are in flight, so the checks are not needed any more and can
be dropped.
Also kick out the check for the frame timer. As we don't stop & sleep
any more on async packets this is obsolete.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds USBBusOps struct with (for now) only a single callback
which is called when a device is about to be destroyed. The USB Host
adapters are implementing this callback and use it to cancel any async
requests which might be in flight before the device actually goes away.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Set the correct bits for nodev, stall and babble errors.
Raise errint irq. Fix state transition from WRITEBACK
to the next state.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Two bugs at once:
First the mask is backwards, so the it used to keeps the offset and
clears the page address, which is not what we need when we update the
offset.
Second the offset calculation is wrong in case head isn't page aligned.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds support for keeping multiple queues going at the same
time. One slow device will not affect other devices any more.
The patch adds code to manage EHCIQueue structs. It also does a number
of changes to the state machine:
* The state machine will never ever stop in EXECUTING any more.
Instead it will continue with the next queue (aka HORIZONTALQH) when
the usb device returns USB_RET_ASYNC.
* The state machine will stop processing when it figures it walks in
circles (easy to figure now that we have a EHCIQueue struct for each
QH we've processed). The bailout logic should not be needed any
more. For now it is still in, but will assert() in case it triggers.
* The state machine will just skip queues with a async USBPacket in
flight.
* The state machine will resume processing as soon as the async
USBPacket is finished.
The patch also takes care to flush the QH struct back to guest memory
when needed, so we don't get stale data when (re-)loading it from guest
memory in FETCHQH state.
It also makes the writeback code to not touch the first three dwords of
the QH struct as the EHCI must not write them. This actually fixes a
bug where QH chaining changes (next ptr) by the linux ehci driver where
overwritten by the emulated EHCI.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add EHCIQueue struct, move the fields needed to track the queue state
into that struct. Pass the new struct instead of ehci state down to
functions which handle the queue state. Lot of variable references have
changed due to that without an actual functional change.
Replace fetch_addr with two variables, one for async and one for
periodic schedule. Add functions to get and set the fetch address.
Use EHCIQueue->usb_status (old name: EHCIState->exec_status) directly in
ehci_execute_complete instead of passing around the status using a
parameters and the return value.
ehci_state_fetchqh returns a EHCIQueue struct now.
No change in behavior.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add a separate tracepoint to log how register values change in response
to a mmio write. Especially useful for registers which have read-only
or clear-on-write bits in them.
No change in behavior.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Trace usb port operations (attach, detach, reset),
drop a few obsolete DPRINTF's.
No change in behavior.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add functions to get and set the current state of the state machine,
add tracepoints there to trace state transitions. Add support for
traceing the queue heads and transfer descriptors as we look at them.
Drop a few DPRINTFs and all DPRINTF_ST lines, they are obsolete now.
No change in behavior.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch starts adding trace support to ehci. It traces
updates of the status register (USBSTS), mmio access and
controller reset.
It also adds functions to set and clear status register bits
and puts them in use everywhere.
Some DPRINTF's are dropped in favor of the new tracepoints.
No change in behavior.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add support for event_idx feature, and utilize it to
reduce the number of interrupts and exits for the guest.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This also cleans up an open-coded 64-bit message address readout.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Pulls in latest version from kernel 3.0-rc2.
Some changes around AER now require local defines as QEMU accesses the
error source identification register via sub-words.
CC: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Current vm_running was not explicitly initialized and its value was changed by
vm state notifier, this may confuse the virtio device being hotplugged such as
virtio-net with vhost backend as it may think the vm was not running. Solve this
by initialize this value explicitly in virtio_common_init().
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The virtio_queue_notify() function checks that the virtqueue number is
less than the maximum number of virtqueues. A signed comparison is used
but the virtqueue number could be negative if a buggy or malicious guest
is run. This results in memory accesses outside of the virtqueue array.
It is risky doing input validation in common code instead of at the
guest<->host boundary. Note that virtio_queue_set_addr(),
virtio_queue_get_addr(), virtio_queue_get_num(), and many other virtio
functions do *not* validate the virtqueue number argument.
Instead of fixing the comparison in virtio_queue_notify(), move the
comparison to the virtio bindings (just like VIRTIO_PCI_QUEUE_SEL) where
we have a uint32_t value and can avoid ever calling into common virtio
code if the virtqueue number is invalid.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
vender id/device id... in configuration space are read-only registers
which are commonly defined for all pci devices.
So move those initialization into common place.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* rth/axp-next: (26 commits)
target-alpha: Implement TLB flush primitives.
target-alpha: Use a fixed frequency for the RPCC in system mode.
target-alpha: Trap for unassigned and unaligned addresses.
target-alpha: Remap PIO space for 43-bit KSEG for EV6.
target-alpha: Implement cpu_alpha_handle_mmu_fault for system mode.
target-alpha: Implement more CALL_PAL values inline.
target-alpha: Disable interrupts properly.
target-alpha: All ISA checks to use TB->FLAGS.
target-alpha: Swap shadow registers moving to/from PALmode.
target-alpha: Implement do_interrupt for system mode.
target-alpha: Add IPRs to be used by the emulation PALcode.
target-alpha: Use kernel mmu_idx for pal_mode.
target-alpha: Add various symbolic constants.
target-alpha: Use do_restore_state for arithmetic exceptions.
target-alpha: Tidy up arithmetic exceptions.
target-alpha: Tidy exception constants.
target-alpha: Enable the alpha-softmmu target.
target-alpha: Rationalize internal processor registers.
target-alpha: Merge HW_REI and HW_RET implementations.
target-alpha: Cleanup MMU modes.
...
BM_STATUS_INT is automatically set during ide_set_irq(), there's no reason to
set it manually in addition.
There is even one case where the interrupt status bit was set, but no IRQ was
raised. This is when the PRD table was reached but there is more data to
transfer. The correct behaviour for this case is not to set BM_STATUS_INT.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This patch adds a dummy legacy ISA device whose responsibility is to
deploy sgabios, an option rom for a serial graphics adapter.
The proposal is that this device is always-on when -nographics,
but can otherwise be enable in any setup when -device sga is used.
[v2: suggestions on qdev by Markus ]
[v3: cleanups and documentation, per list suggestions ]
Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Switch no_user off and make it suppress the default VGA.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The simple backend only supports a maximum of 6 arguments. Split the
scsi_req_parsed event in two parts to cope with the limit.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The multiboot info struct's 'boot_device' field has 'part1' set to 0x01, which
maps to the second primary partition. To specify the first primary partition,
'part1' should be set to 0x00, since partition numbers start from zero
according to the multiboot spec.
Signed-off-by: Arun Thomas <arun.thomas@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
After the Qdev'ification of the MPC8544DS board and PCI bus, the internal
PCI bus name changed from "pci" to "pci.0". Reflect this change in the
search for that bus.
This patch enables networking on e500 guests again.
Signed-off-by: Alexander Graf <agraf@suse.de>
Current rpath inline function is heavily used in all system calls.
This function has a static buffer making it a non-thread safe function.
This patch introduces new thread-safe routine and makes use of it.
Signed-off-by: Venkateswararao Jujjuri "<jvrao@linux.vnet.ibm.com>
Commit 353ac78d49 moved the files
without fixing the include paths. It used a modified CFLAGS
to add hw to the include search path, but this breaks builds
where the user wants to set special CFLAGS. Long include paths
also increase compilation time.
Therefore this patch removes the special CFLAGS for virtio
and fixes the include statements by using relative include paths.
v2: Remove special CFLAGS.
v3: Update needed for latest QEMU.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Venkateswararao Jujjuri (JV) <jvrao@linux.vnet.ibm.com>
This patch move the 9p device registration into its own file
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Venkateswararao Jujjuri (JV) <jvrao@linux.vnet.ibm.com>
v9fs_complete_rename() mistakenly renames files with similar name
as we don't check if the matched name is really an offspring.
Signed-off-by: Malahal Naineni <malahal@us.ibm.com>
Signed-off-by: Venkateswararao Jujjuri (JV) <jvrao@linux.vnet.ibm.com>
Thanks to Tobias Hoffmann <th55@gmx.de> for this patch.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
After NACKing a read operation, a raising SCL should not trigger a new
read from the slave. Introduce a new state which just waits for a stop
or start condition after NACK.
Signed-off-by: Marcus Comstedt <marcus@mc.pp.se>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
All you could ever achieve with it is break stuff, so removing it
should be safe.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
virtio-serial-bus needs to treat "virtconsole" devices specially. It
uses VirtIOSerialPort member is_console to recognize them. It gets
its value via property initialization. Cute hack, except it lets
users mess with it: "-device virtconsole,is_console=0" isn't plugged
into port 0 as it should.
Move the flag to VirtIOSerialPortInfo. Keep the property for backward
compatibility; its value has no effect.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
virtio_serial_init() allocates the VirtIOSerialBus dynamically, but
virtio_serial_exit() doesn't free it.
Fix by getting rid of the allocation.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Instead of calling flush_queued_data when unthrottling, schedule
a bh. That way we can return immediately to the caller, and the
flush uses the same call path as a have_data for callbackee.
No migration change is required because bh are called from vm_stop.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
The LUN field in the CDB is a historical relic. Ignore it as reserved,
which is what modern SCSI specifications actually say.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
The sg driver currently has a hardcoded limit of commands it
can handle simultaneously. When this limit is reached the
driver will return -EDOM. So we need to capture this to
enable proper return values here.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
scsi_req_parse() already provides for a data direction setting,
so we should be using it to check for correct direction.
And we should return the sense code 'INVALID FIELD IN CDB'
in these cases.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
The get_sense callback copies existing sense information into
the provided buffer. This is required if sense information
should be transferred together with the command response.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
... and remove some SCSIDevice variables or fields that now become unused.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Move the common part of scsi-disk.c and scsi-generic.c to the SCSI layer.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
The SCSI spec has a quite detailed list of sense codes available.
It even mandates the use of specific ones for some failure cases.
The current implementation just has one type of generic error
which is actually a violation of the spec in certain cases.
This patch introduces various predefined sense codes to have the
sense code reporting more in line with the spec.
On top of Hannes's patch I fixed the reply to REQUEST SENSE commands
with DESC=0 and a small (<18) length.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
This is for when the request must be dropped in the void,
but still memory should be freed. To this end, the devices
register a second callback in SCSIBusOps.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
This covers the case of canceling a request's I/O and still
completing it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
The code for canceling requests upon reset is already the same. Clean
it up and move it to scsi-bus.c.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Currently the SCSIRequest structure is abstracted away and cannot accessed
directly from the driver. This requires the handler to do a lookup on
an abstract 'tag' which identifies the SCSIRequest structure.
With this patch the SCSIRequest structure is exposed to the driver. This
allows use to use it directly as an argument to the SCSIDeviceInfo
callback functions and remove the lookup.
A new callback function 'alloc_req' is introduced matching 'free
req'; unref'ing to free up resources after use is moved into the
scsi_command_complete callbacks.
This temporarily introduces a leak of requests that are cancelled,
when they are removed from the queue and not from the driver. This
is fixed later by introducing scsi_req_cancel. That patch in turn
depends on this one, because the argument to scsi_req_cancel is a
SCSIRequest.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
With the next patch, a device may hold SCSIRequest for an indefinite
time. Split a rather big patch, and protect against access errors,
by reference counting them.
There is some ugliness in scsi_send_command implementation due to
the need to unref the request when it fails. This will go away
with the next patches, which move the unref'ing to the devices.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
If a request is canceled after it has been completed, scsi_cancel_io
would pass a stale aiocb to bdrv_aio_cancel. Avoid this.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
There are more operations than a SCSI bus can handle, besides completing
commands. One example, which this series will introduce, is cleaning up
after a request is cancelled.
More long term, a "SCSI bus" can represent the LUNs attached to a
target; in this case, while all commands will ultimately reach a logical
unit, it is the target who is in charge of answering REPORT LUNs.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
This abstracts calling the command_complete callback, reducing churn
in the following patches.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
scsi-generic scsi_read_complete() should not -both- call the client
complete callback with SCSI_REASON_DATA -and- call
scsi_command_complete(). The former will cause the client to queue a
new read or write request, while the later will free the request data
structure, thus causing the new read or write request to use a
freed/stale structure when it completes.
This patch fixes the bug, fixing a crash with scsi-generic & RHEL5.5
installer.
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
This patch finally merges the EHCI host adapter aka USB 2.0 support.
Based on the ehci bits collected @ git://git.kiszka.org/qemu.git ehci
EHCI has a long out-of-tree history. Project was started by Mark
Burkley, with contributions by Niels de Vos. David S. Ahern continued
working on it. Kevin Wolf, Jan Kiszka and Vincent Palatin contributed
bugfixes.
/me (Gerd Hoffmann) picked it up where it left off, prepared the code
for merge, fixed a few bugs and added basic user docs.
Cc: David S. Ahern <daahern@cisco.com>
Cc: Jan Kiszka <jan.kiszka@web.de>
Cc: Kevin Wolf <mail@kevin-wolf.de>
Cc: Vincent Palatin <vincent.palatin_qemu@m4x.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Remove the cancel callback from the USBPacket struct, move it over
to USBDeviceInfo. Zap usb_defer_packet() which is obsolete now.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add a usb_handle_packet function, put it into use everywhere.
Right now it just calls dev->info->handle_packet(), that will
change in future patches though.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
usb_msd_copy_data() may cause a recursive call to
usb_msd_command_complete() which in turn may complete
the packet, setting s->packet to NULL in case it does.
Recheck s->packet before calling usb_packet_complete()
to fix the double call.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Make the linux usb host passthrough code use the usb_generic_handle_packet()
function, rather then the curent DYI code. This removes 200 lines of almost
identical code.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
This allows using the generic usb_generic_handle_packet function from
device code which does ASYNC control requests (such as the linux host
pass through code).
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
UHCI host controller status register indicates error and
an interrupt is triggered on BABBLE and STALL errors.
Signed-off-by: Jan Vesely <jano.vesely@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This is used for some devices that have multiple interfaces that form a logic
device. An example is Video Class, which has a Control interface and a
Streaming interface. There can be additional interfaces on the same (physical)
devices (e.g. a microphone), and Interface Association Descriptor handles this
case.
Signed-off-by: Brad Hards <bradh@frogmouth.net>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Previously we relied on the .bNumInterfaces, but that won't always be
accurate after the introduction of grouped interfaces.
Signed-off-by: Brad Hards <bradh@frogmouth.net>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* 'ppc-next' of git://repo.or.cz/qemu/agraf:
Fix a bug in mtsr/mtsrin emulation on ppc64
pSeries: Clean up write-only variables
w32: Fix compilation and replace non-portable usage of ulong
The SDIO specification introduces new commands 52 and 53.
Handle as illegal command but do not complain on stderr,
as SDIO-aware OSes (including Linux) may legitimately use
these in their probing for presence of an SDIO card.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Remove a duplicate #include of sysbus.h.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
If pic_irq is greater than 7, the irq level is always 0 on 32bits.
Signed-off-by: TeLeMan <geleman@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
A few pieces of the pSeries emulation code have variables which are set
but never used, which causes warnings on gcc 4.6. This patch removes
these instances.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
the s390 memory detection has a 16bit field that specifies the amount of
increments. This patch adopts the memory size to always fit into that
scheme. This also fixes virtio detection for these guests, since the
descriptor page is located after the main memory.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
The s390x virtio bus keeps management information on virtio after the top
of the guest's RAM. We need to be able to tell the guest the size of its
RAM (without virtio stuff), but also be able to trap when the guest accesses
RAM outside of its scope (including virtio stuff).
So we need a variable telling us the size of the virtio stuff, so we can
calculate the highest available RAM address from that.
While at it, also increase the maximum number of virtio pages, so we play
along well with more recent kernels that spawn a ridiculous number of virtio
console adapters.
Signed-off-by: Alexander Graf <agraf@suse.de>
AHCI provides two ways of reading/writing data:
1) NCQ
2) ATA commands with the LBA in the command FIS
In the second code path, we didn't handle any LBAs that were bigger than
16 bits, so whenever a guest that used high LBA numbers wanted to access
data, the LBA got truncated down to 16 bits, giving the guest garbage.
This patch adds support for LBAs higher than 16 bits. I've tested that it
works just fine with SeaBIOS and Linux guests. This patch also unbreaks
the often reported grub errors people have seen with AHCI.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This patch makes qemu ignore unplug requests from the guest for pci
devices which are tagged as non-hotpluggable. Trouble spot is the
piix4 chipset with the ISA bridge. Requests to unplug that one will
make it go away together with all ISA bus devices, which are not
prepared to be unplugged and thus don't cleanup, leaving active
qemu timers behind in free'ed memory.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
DriveInfo is closely tied to -drive, and like -drive, it mixes
information about host and guest part of the block device. Unlike
DriveInfo, BlockDriverState should be about the host part only.
One of the remaining guest bits there is the "type hint". -drive
option media sets it, and qdevs "ide-drive", "scsi-disk" and non-qdev
IF_XEN devices check it to pick HD vs. CD.
Communicate -drive option media via new DriveInfo member media_cd
instead.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
A "scsi-disk" is either a hard disk or a CD-ROM, depending on the
associated BlockDriverState's type hint. Unclean; disk vs. CD belongs
to the guest part, not the host part.
Have separate qdevs "scsi-hd" and "scsi-cd" to model disk vs. CD in
the guest part.
Keep scsi-disk for backward compatibility.
Don't copy scsi-disk property removable to scsi-cd. It's not used and
always zero(!) there.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
An "ide-drive" is either a hard disk or a CD-ROM, depending on the
associated BlockDriverState's type hint. Unclean; disk vs. CD belongs
to the guest part, not the host part.
Have separate qdevs "ide-hd" and "ide-cd" to model disk vs. CD in
the guest part.
Keep ide-drive for backward compatibility.
"ide-disk" would perhaps be a nicer name than "ide-hd", but there's
already "scsi-disk", which is like "ide-drive", and will be likewise
split in the next commit. {ide,scsi}-{hd,cd} is the best consistent
set of names I could find within the backward compatibility
straightjacket.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
If ahci_dma_set_inactive is called a while there is still a pending BH
from a previous run, we will crash on the second run of
ahci_check_cmd_bh as it overwrites AHCIDevice::check_bh. Avoid this
broken and redundant duplicate registration.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
These printfs aren't really debug messages, but clearly indicate a bug if they
ever become effective. Noone uses DEBUG_IDE, let's re-enable the check
unconditionally and make it an assertion instead of printfs in the device
emulation.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
cppcheck report:
hw/xen_disk.c:309: style:
Variable 'len' is assigned a value that is never used
Cc: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Fix regression of 667bb59: ahci_init initializes ahci.mem, so we have to
move bar registration after it.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The commit 667bb59d23
uses d->ahci.mem before it is initialized by
ahci_init(). Fix this by calling ahci_init() first thing
so that it's safe to use all fields in the ahci state struct.
Reported-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
Reported-by: Jan Kiszka <jan.kiszka@web.de>
Tested-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* 'ppc-next' of git://repo.or.cz/qemu/agraf:
PPC: Qdev'ify e500 pci
PPC MPC7544DS: Use new TLB helper function
PPC: Implement e500 (FSL) MMU
PPC: Add another 64 bits to instruction feature mask
PPC: Add GS MSR definition
PPC: Make MPC8544DS emulation work w/o KVM
PPC: Make MPC8544DS obey -cpu switch
Fix off-by-one error in sizing pSeries hcall table
ppc64: Fix out-of-tree builds
kvm: ppc: warn user on PAGE_SIZE mismatch
kvm: ppc: detect old headers
monitor: add PPC BookE SPRs
kvm: ppc: fixes for KVM_SET_SREGS on init
ppc64: Don't try to build sPAPR RTAS on Darwin
Place pseries vty devices at addresses more similar to existing machines
Make pSeries 'model' property more closely resemble real hardware
pseries: Increase maximum CPUs to 256
The e500 PCI controller isn't qdev'ified yet. This leads to severe issues
when running with -drive.
To be able to use a virtio disk with an e500 VM, let's convert the PCI
controller over to qdev.
Reviewed-by: Paul Brook <paul@codesourcery.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Now that we have some nice helpers that can find us a TLB entry, let's
use that on the machine initialization code, so we don't need to know
about the internals of the TLB array.
Signed-off-by: Alexander Graf <agraf@suse.de>
The MPC8544DS board emulation was only used with KVM so far, so some
parts of the code didn't provide proper values for non-KVM execution.
This patch makes the machine work without KVM enabled. To actually use
this, you also need proper e500v2 MMU emulation.
Signed-off-by: Alexander Graf <agraf@suse.de>
The MPC8544DS board emulation code ignored the user defined -cpu switch.
This patch enables it to only provide a sane default, not force an e500v2
CPU inside.
Signed-off-by: Alexander Graf <agraf@suse.de>
The pSeries machine uses two tables to look up guest hcalls for emulation.
One of these is exactly one entry too small to hold all the hcalls it needs
to, leading to memory corruption.
This patch fixes the bug, and while we're at it, make both tables 'static'
since they're never used from other modules.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Read them via KVM_GET_SREGS in kvm_arch_get_registers(),
and display them in "info registers".
Also get CR and PID from the existing KVM_GET_REGS.
Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently the qemu pseries machine numbers its virtual serial devices
from 0. However, existing pSeries machines running pHyp number them from
0x30000000.
In theory these indices are arbitrary, since everything necessary for the
kernel to find them is advertised in the device tree. However the debian
installer, at least, incorrectly looks for a device named vty@30... to
determine whether to use the hypervisor console.
Therefore this patch moves the numbers we use to match the existing pHyp
practice, in order to workaround broken userspace apps of this type.
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently, the qemu emulated pseries machine puts
"qemu,emulated-pSeries-LPAR" in the device tree's root level 'model'
property. Unfortunately this confuses some installers and ybin, which
expect this to start with "IBM" on pSeries machines. This patch addresses
this problem, making the property more closely resemble the pattern of
existing real hardware.
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
The original pSeries machine was limited to 32 CPUs, more or less
arbitrarily. Particularly when we get SMT KVM guests it will be
pretty easy to exceed this. Therefore, raise the max number of CPUs
in a pseries machine guest to 256.
Signed-off-by: Anton Blanchard <anton@au1.ibm.com>
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Prototype without "inline" keyword breaks the build with some gcc
versions. Noticed by Alexander Graf.
Fix this by removing the inline keywork everywhere. Some functions
can't be inlined anyway as the are referenced using function pointers.
Beside that gcc does a pretty good job on auto-inlining these days.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The 'sense' field in the HBA status structure is misnamed, as it
actually carries the SCSI status. Rename it.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-trivial@nongnu.org
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
cppcheck report:
hw/ac97.c:1004: style:
Variable 'written' is assigned a value that is never used
hw/ac97.c:1072: style:
Variable 'written' is assigned a value that is never used
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
The code changed here is an unused data type name (evt_flush_occurred).
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Prevent a deadlock caused by leaving a map cache bucket locked by the
preceding qemu_get_ram_ptr() call.
Signed-off-By: John Baboval <john.baboval@virtualcomputer.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
On IA32 host or IA32 PAE host, at present, generally, we can't create
an HVM guest with more than 2G memory, because generally it's almost
impossible for Qemu to find a large enough and consecutive virtual
address space to map an HVM guest's whole physical address space.
The attached patch fixes this issue using dynamic mapping based on
little blocks of memory.
Each call to qemu_get_ram_ptr makes a call to qemu_map_cache with the
lock option, so mapcache will not unmap these ram_ptr.
Blocks that do not belong to the RAM, but usually to a device ROM or to
a framebuffer, are handled in a separate function. So the whole RAMBlock
can be map.
Signed-off-by: Jun Nakajima <jun.nakajima@intel.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Every set_irq call makes a Xen hypercall.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch introduces Xen specific call in piix_pci.
The specific part for Xen is in write_config, set_irq and get_pirq.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This is because there is not synchronisation of the vcpu register
between Xen and QEMU, so vmport can't work properly.
This patch introduces no_vmport parameter to pc_basic_device_init.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Introduce the Xen FV (Fully Virtualized) machine to Qemu, some more Xen
specific call will be added in further patches.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch moves above_4g_mem_size and below_4g_mem_size calculation in
the caller of pc_memory_init (pc_init1). And the prototype of
pc_memory_init is changed because there is no need anymore to have
variable pointer and the ram_size parameter.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
The xenpv machine use the common init function.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch updates the libxenctrl calls in Qemu to use the new interface,
otherwise Qemu wouldn't be able to build against new versions of the
library.
We check libxenctrl version in configure, from Xen 3.3.0 to Xen
unstable.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
And put braces for blocks with a single statement.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
With this new field, we can specified which accelerator use to run the
machine, if the accelerator is not already specified by either a
configuration file or the command line options.
Currently, the only use will be made in the xenfv machine.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
msi_init may fail, so we need to check on uninit if the cap was
actually installed. This also avoids that the users need to check.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The general control register is a byte register.
Add support for byte reads.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
MDI control is a 32 bit register, but may be read or written using
8 or 16 bit access. Data is latched when the MSB is written.
Add support for byte/word read/write access.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
pointer is a 32 bit register, but may be written using 8 or 16 bit writes.
Add support for byte/word writes.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
port is a 32 bit register, but may be written using 8 or 16 bit writes.
Add support for byte/word writes.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Like other Intel devices, e100 (eepro100) uses little endian byte order.
This patch was tested with these combinations:
i386 host, i386 + mipsel guests (le-le)
mipsel host, i386 guest (le-le)
i386 host, mips + ppc guests (le-be)
mips host, i386 guest (be-le)
mips and mipsel hosts were emulated machines.
v2:
Use prefix for new functions. Add the same prefix to stl_le_phys.
Fix alignment of mem (needed for word/dword reads/writes).
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
QEMU sends frames smaller than 60 bytes to ethernet nics.
Such frames are rejected by real NICs and their emulations.
To avoid this behaviour, other NIC emulations pad received
frames. This patch enables this workaround for eepro100, too.
All related code is marked with CONFIG_PAD_RECEIVED_FRAMES,
so we can drop this in case QEMU's networking code is
ever changed.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
cppcheck reports that 'packet' is unused.
It was only used to calculate the size of the preceding data.
Removing it saves a lot of stack space (local variable rx).
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
When DEBUG_EEPRO100 was enabled, unsupported writes were logged twice.
Now logging in eepro100_write1 and eepro100_write2 is similar to the
logging in eepro100_write4 (which already was correct).
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Initialize scsi_len with zero when starting a new request, so any
stuff leftover from the previous request is cleared out. This may
happen in case the data returned by the scsi command doesn't fit
into the buffer provided by the guest.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Windows allows control transfers to pass up to 4k of data, so raise our
control buffer size to 4k. For control out transfers the usb core code copies
the control request data to a buffer before calling the device's handle_control
callback. Add a check for overflowing the buffer before copying the data.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
We don't use qemu internals from spice server context any more.
Thus we don't also need to grab the iothread mutex from spice
server context. And we don't have to temporarely release the
lock to avoid deadlocks. Drop all the calls.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch moves the displaystate callback calls for setting the cursor
and the mouse pointer from spice server to qemu (iothread) context.
This allows us to simplify locking.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch moves the creation of spice screen updates from the spice
server context to qemu iothread context (display refresh timer to be
exact). This way we avoid accessing qemu internals (display surface)
from spice thread context which in turn allows us to simplify locking.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
After the re-org of the atapi code, it might not be intuitive for a
reader of the code to understand why we're inserting a 'media not
present' state between cd changes.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This patch adds support for Milkymist's minimal Ethernet MAC v2. It
superseds minimac1.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Prevent timers from firing right after starting.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
After enabling the framebuffer, ensure that the console is resized.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
kvmclock presence can be signalled by two different flags. So for
device creation, we have to test for both.
Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
The virtio serial specification requres that the values in the config
space are encoded in native endian of the guest.
The qemu virtio-serial code did not do conversion to the guest endian
format what caused problems when host and guest use different format.
This patch corrects the qemu side, correctly doing host-native <->
guest-native conversions when accessing the config space. This won't
break any setups that aren't already broken, and fixes the case
of different host and guest endianness.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
So far we set IRR for edge IRQs even if the pin is masked. If the guest
later on unmasks and switches the pin to level-triggered mode, irr will
remain set, causing an IRQ storm. The point is that setting IRR is not
correct in this case according to the spec, and avoiding this resolves
the issue.
Reported-and-tested-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The nwnames field in TWALK message is assumed to be >=0 and <= MAXWELEM
which is defined as macro P9_MAXWELEM (16) in virtio-9p.h as per 9p2000
RFC. Appropriate changes are required in V9fsWalkState and v9fs_walk.
Signed-off-by: Harsh Prateek Bora <harsh@linux.vnet.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
This patch removes the addition of null char in symlink file
which is being appended to file in case of mapped security model.
Without this patch, the extra null char causes LTP testcase lstat03
to fail and hence this fix is required.
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
LCREATE function packs address of iounit in the pdu, fix that to send
actual iounit itself.
Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Acked-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
If we don't have default acl, removexattr on default acl
should return 0
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Now that we start adding more files related to 9pfs
it make sense to move them to a separate directory
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Commit 5145b3d1cc revealed a bug in the lazy ROMD switch-back logic, but
resolved it by breaking that feature. This approach addresses the issue
by switching back to ROMD after a certain amount of read accesses
without further unlock sequences.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
* 'for-anthony' of git://repo.or.cz/qemu/kevin:
Remove obsolete 'enabled' variable from progress state
Add dd-style SIGUSR1 progress reporting
qed: Fix consistency check on 32-bit hosts
ide/atapi: Introduce CHECK_READY flag for commands
ide/atapi: Replace bdrv_get_geometry calls by s->nb_sectors
ide/atapi: Use table instead of switch for commands
ide/atapi: Factor commands out
ide: Split atapi.c out
Improve accuracy of block migration bandwidth calculation
atapi: Add 'medium ready' to 'medium not ready' transition on cd change
qemu-img: allow rebase to a NULL backing file when unsafe
Compilation for Windows needs a different declaration for the
printf format attribute, so use the macro which was defined for
this purpose.
Cc: Benjamin Poirier <benjamin.poirier@gmail.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Some commands are supposed to report a Not Ready Condition (i.e. they require
a medium to be present in order to execute successfully). Instead of
duplicating the check in each command implementation, let's add a flag and
check it before calling the command.
This patch only converts existing checks, it does not introduce new checks for
any of the other commands that can/should report a Not Ready Condition.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The disk size can only change when the medium is changed, and the change
callback takes care of updating s->nb_sectors in this case.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
