Commit Graph

84 Commits

Author SHA1 Message Date
Gerd Hoffmann
d3ac1a87b2 usb-storage: fix NULL pointer dereference.
When a usb packet is canceled we need to check whenever we actually have
a scsi request in flight before we try to cancel it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-10-13 12:58:51 +02:00
Markus Armbruster
fa879d62eb block: Attach non-qdev devices as well
For now, this just protects against programming errors like having the
same drive back multiple non-qdev devices, or untimely bdrv_delete().
Later commits will add other interesting uses.

While there, rename BlockDriverState member peer to dev, bdrv_attach()
to bdrv_attach_dev(), bdrv_detach() to bdrv_detach_dev(), and
bdrv_get_attached() to bdrv_get_attached_dev().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-09-06 11:23:51 +02:00
Paolo Bonzini
c39ce112b6 scsi: pass cdb already to scsi_req_new
Right now the CDB is not passed to the SCSIBus until scsi_req_enqueue.
Passing it to scsi_req_new will let scsi_req_new dispatch common requests
through different reqops.

Moving the memcpy to scsi_req_new is a hack that will go away as
soon as scsi_req_new will also take care of the parsing.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-12 08:27:37 -05:00
Gerd Hoffmann
29c74f762b usb-storage: iovec support
Add full iovec support to usb-storage.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-08-04 15:51:30 +02:00
Gerd Hoffmann
4f4321c11f usb: use iovecs in USBPacket
Zap data pointer from USBPacket, add a QEMUIOVector instead.
Add a bunch of helper functions to manage USBPacket data.
Switch over users to the new interface.

Note that USBPacket->len was used for two purposes:  First to
pass in the buffer size and second to return the number of
transfered bytes or the status code on async transfers.  There
is a new result variable for the latter.  A new status code
was added to catch uninitialized result.

Nobody creates iovecs with more than one element (yet).
Some users are (temporarely) limited to iovecs with a single
element to keep the patch size as small as possible.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-08-04 15:51:22 +02:00
Anthony Liguori
e374560232 Merge remote-tracking branch 'kraxel/migration.2' into staging 2011-07-29 09:39:37 -05:00
Matthew Fernandez
8e31bf388e Correct spelling of licensed
Correct typos of "licenced" to "licensed".

Reviewed-by: Stefan Weil <weil@mail.berlios.de>
Reviewed-by: Andreas F=E4rber <andreas.faerber@web.de>
Signed-off-by: Matthew Fernandez <matthew.fernandez@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-07-23 11:26:12 -05:00
Gerd Hoffmann
f54b656303 usb storage: first migration support bits.
Tag vmstate as unmigratable for the time being,
to be removed when mgration support is finished.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-07-20 14:49:41 +02:00
Hannes Reinecke
c5bf71a9a3 scsi: Add 'hba_private' to SCSIRequest
'tag' is just an abstraction to identify the command
from the driver. So we should make that explicit by
replacing 'tag' with a driver-defined pointer 'hba_private'.
This saves the lookup for driver handling several commands
in parallel.
'tag' is still being kept for tracing purposes.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-07-19 15:38:58 +02:00
Markus Armbruster
c3a90cb120 usb-storage: Turn drive serial into a qdev property usb-storage.serial
It needs to be a qdev property, because it belongs to the drive's
guest part.  Precedence: commit a0fef654 and 6ced55a5.

Bonus: info qtree now shows the serial number.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-06-23 17:09:31 +02:00
Hans de Goede
fa19bf831b usb: Proper error propagation for usb_device_attach errors
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-06-23 11:28:06 +02:00
Anthony Liguori
ed7ec84007 Merge remote-tracking branch 'bonzini/scsi.2' into staging
Conflicts:
	hw/usb-msd.c
2011-05-31 08:20:56 -05:00
Paolo Bonzini
aba1f02363 scsi: rename arguments to the new callbacks
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
2011-05-26 12:14:17 +02:00
Paolo Bonzini
c6df7102f5 scsi: split command_complete callback in two
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
2011-05-26 12:14:17 +02:00
Paolo Bonzini
0c34459b6a scsi: introduce scsi_req_get_buf
... and remove some SCSIDevice variables or fields that now become unused.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26 12:14:16 +02:00
Paolo Bonzini
ad3376cc55 scsi: introduce scsi_req_continue
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
2011-05-26 12:14:16 +02:00
Paolo Bonzini
43a2b33957 scsi: introduce scsi_req_new
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26 12:14:16 +02:00
Paolo Bonzini
fc4f0754c7 scsi: do not call send_command directly
Move the common part of scsi-disk.c and scsi-generic.c to the SCSI layer.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26 12:14:16 +02:00
Paolo Bonzini
94d3f98a3f scsi: introduce scsi_req_cancel
This is for when the request must be dropped in the void,
but still memory should be freed.  To this end, the devices
register a second callback in SCSIBusOps.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26 12:14:15 +02:00
Hannes Reinecke
5c6c0e5136 scsi: Use 'SCSIRequest' directly
Currently the SCSIRequest structure is abstracted away and cannot accessed
directly from the driver. This requires the handler to do a lookup on
an abstract 'tag' which identifies the SCSIRequest structure.

With this patch the SCSIRequest structure is exposed to the driver. This
allows use to use it directly as an argument to the SCSIDeviceInfo
callback functions and remove the lookup.

A new callback function 'alloc_req' is introduced matching 'free
req'; unref'ing to free up resources after use is moved into the
scsi_command_complete callbacks.

This temporarily introduces a leak of requests that are cancelled,
when they are removed from the queue and not from the driver.  This
is fixed later by introducing scsi_req_cancel.  That patch in turn
depends on this one, because the argument to scsi_req_cancel is a
SCSIRequest.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26 12:14:15 +02:00
Paolo Bonzini
cfdc1bb06e scsi: introduce SCSIBusOps
There are more operations than a SCSI bus can handle, besides completing
commands.  One example, which this series will introduce, is cleaning up
after a request is cancelled.

More long term, a "SCSI bus" can represent the LUNs attached to a
target; in this case, while all commands will ultimately reach a logical
unit, it is the target who is in charge of answering REPORT LUNs.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
2011-05-26 12:14:14 +02:00
Gerd Hoffmann
eb5e680ae5 usb: move cancel callback to USBDeviceInfo
Remove the cancel callback from the USBPacket struct, move it over
to USBDeviceInfo.  Zap usb_defer_packet() which is obsolete now.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-26 11:55:03 +02:00
Gerd Hoffmann
ebd669a19f usb-storage: don't call usb_packet_complete twice
usb_msd_copy_data() may cause a recursive call to
usb_msd_command_complete() which in turn may complete
the packet, setting s->packet to NULL in case it does.
Recheck s->packet before calling usb_packet_complete()
to fix the double call.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-26 11:55:02 +02:00
Hans de Goede
007fd62f4d usb: Pass the packet to the device's handle_control callback
This allows using the generic usb_generic_handle_packet function from
device code which does ASYNC control requests (such as the linux host
pass through code).

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2011-05-26 11:55:02 +02:00
Brad Hards
add750882f usb: update config descriptors to identify number of interfaces
Previously we relied on the .bNumInterfaces, but that won't always be
accurate after the introduction of grouped interfaces.

Signed-off-by: Brad Hards <bradh@frogmouth.net>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-26 11:55:02 +02:00
Gerd Hoffmann
ef0bdf77d7 usb: mass storage fix
Initialize scsi_len with zero when starting a new request, so any
stuff leftover from the previous request is cleared out.  This may
happen in case the data returned by the scsi command doesn't fit
into the buffer provided by the guest.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-04 16:55:15 +02:00
Gerd Hoffmann
13a9a0d3e2 usb: move complete callback to port ops 2011-05-04 14:11:08 +02:00
Brad Hards
94843f66ab usb: trivial spelling fixes
Signed-off-by: Brad Hards <bradh@frogmouth.net>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-04-16 12:24:28 +01:00
Gleb Natapov
cf8ce30d03 Add bootindex handling into usb storage device.
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-02-01 16:50:44 -06:00
Markus Armbruster
319ae529b8 blockdev: Fix drive_add for drives without media
Watch this:

    (qemu) drive_add 0 if=none
    (qemu) info block
    none0: type=hd removable=0 [not inserted]
    (qemu) drive_del none0
    Segmentation fault (core dumped)

add_init_drive() is confused about drive_init()'s failure modes, and
cleans up when it shouldn't.  This leaves the DriveInfo with member
opts dangling.  drive_del attempts to free it, and dies.

drive_init() behaves as follows:

* If it created a drive with media, it returns its DriveInfo.

* If it created a drive without media, it clears *fatal_error and
  returns NULL.

* If it couldn't create a drive, it sets *fatal_error and returns
  NULL.

Of its three callers:

* drive_init_func() is correct.

* usb_msd_init() assumes drive_init() failed when it returns NULL.
  This is correct only because it always passes option "file", and
  "drive without media" can't happen then.

* add_init_drive() assumes drive_init() failed when it returns NULL.
  This is incorrect.

Clean up drive_init() to return NULL on failure and only on failure.
Drop its parameter fatal_error.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-31 11:59:24 +01:00
Stefan Hajnoczi
6bb7b86722 usb-msd: Propagate removable bit to SCSI device
USB Mass Storage Devices sometimes have the RMB (removable) bit set in
the SCSI INQUIRY response.  Thumbdrives tend to have the bit set whereas
hard disks do not.

Operating systems differentiate between removable devices and fixed
devices.  Under Linux, the anaconda installer looks for removable
devices.  Under Windows, only fixed devices may have more than one
partition and AutoRun is also affected by the removable bit.

For these reasons, allow USB Mass Storage Devices to override the
removable bit:

qemu -usb
     -drive if=none,file=test.img,cache=none,id=disk0
     -device usb-storage,drive=disk0,removable=on

The default is off.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 21:39:22 +01:00
Stefan Hajnoczi
2d1fd26137 scsi: Allow scsi_bus_legacy_add_drive() to set removable bit
scsi-disk devices may wish to override the removable bit.  Add support
for a qdev property on SCSI devices.  This is will be used by usb-msd.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 21:39:22 +01:00
Gerd Hoffmann
fa7935c1e1 usb storage: handle long responses
The scsi layer may return us more data than the guests wants to have.
Handle this by just ignoring the extra bytes and calling the
{read,write}_data callback to finish the request.

Seen happening in real life with some extended inquiry command.
With this patch applied the linux kernel stops reseting the device
once at boot.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-01-11 17:15:24 +01:00
Gerd Hoffmann
ab4797ad2e usb storage: fix status reporting
Change usb_msd_send_status() to take a pointer to the status packet
instead of writing the status to s->usb_buf which might not point
to the correct location.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-01-11 17:15:24 +01:00
Gerd Hoffmann
ca0c730df9 usb storage: high speed support
Add high speed support to the usb mass storage device.  With this patch
applied the linux kernel recognises the usb storage device as highspeed
capable device and suggests to connect it to a highspeed port instead of
the uhci.  Tested with both uhci and (not-yet submitted) ehci.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-01-11 17:15:24 +01:00
Gerd Hoffmann
ed5a83ddd8 usb: move remote wakeup handling to common code
This patch moves setting and clearing the remote_wakeup feature
bit (via USB_REQ_{SET,CLEAR}_FEATURE) to common code.  Also
USB_REQ_GET_STATUS handling is moved to common code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-01-11 15:56:01 +01:00
Gerd Hoffmann
a980a065fb usb: move USB_REQ_{GET,SET}_CONFIGURATION handling to common code
This patch adds fields to the USBDevice struct for the current
speed (hard-wired to full speed for now) and current device
configuration.  Also a init function is added which inializes
these fields.  This allows USB_REQ_{GET,SET}_CONFIGURATION
handling to be moved to common code.

For most drivers the conversion is trivial ad they support a single
configuration only anyway.  One exception is bluetooth where some
device-specific setup code runs after get/set configuration.  The
other is usb-net which actually has two configurations so the
the code to check for the active configuration has been adapted.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-01-11 15:56:01 +01:00
Gerd Hoffmann
41c6abbdeb usb: move USB_REQ_SET_ADDRESS handling to common code
USB_REQ_SET_ADDRESS handling is identical in *all* emulated devices.
Move it to common code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-01-11 15:56:01 +01:00
Gerd Hoffmann
4a1e1bc416 usb storage: serial number support
If a serial number is present for the drive fill it into the usb
serialnumber string descriptor.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-01-11 15:56:00 +01:00
Gerd Hoffmann
81bfd2f246 usb storage: use new descriptor infrastructure.
Switch the usb storage driver over to the
new descriptor infrastructure.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-01-11 15:56:00 +01:00
Blue Swirl
2446333cd5 Rearrange block headers
Changing block.h or blockdev.h resulted in recompiling most objects.

Move DriveInfo typedef and BlockInterfaceType enum definitions
to qemu-common.h and rearrange blockdev.h use to decrease churn.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-08-24 15:22:24 +00:00
Gerd Hoffmann
3329f07b7a QemuOpts: make most qemu_*_opts static
Switch tree to lookup-by-name using qemu_find_opts().
Also hook up virtfs options so qemu_find_opts works for them too.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-08-22 17:11:06 -05:00
Markus Armbruster
18846dee1a block: Catch attempt to attach multiple devices to a blockdev
For instance, -device scsi-disk,drive=foo -device scsi-disk,drive=foo
happily creates two SCSI disks connected to the same block device.
It's all downhill from there.

Device usb-storage deliberately attaches twice to the same blockdev,
which fails with the fix in place.  Detach before the second attach
there.

Also catch attempt to delete while a guest device model is attached.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-02 13:18:02 +02:00
Markus Armbruster
f8b6cc0070 qdev: Decouple qdev_prop_drive from DriveInfo
Make the property point to BlockDriverState, cutting out the DriveInfo
middleman.  This prepares the ground for block devices that don't have
a DriveInfo.

Currently all user-defined ones have a DriveInfo, because the only way
to define one is -drive & friends (they go through drive_init()).
DriveInfo is closely tied to -drive, and like -drive, it mixes
information about host and guest part of the block device.  I'm
working towards a new way to define block devices, with clean
host/guest separation, and I need to get DriveInfo out of the way for
that.

Fortunately, the device models are perfectly happy with
BlockDriverState, except for two places: ide_drive_initfn() and
scsi_disk_initfn() need to check the DriveInfo for a serial number set
with legacy -drive serial=...  Use drive_get_by_blockdev() there.

Device model code should now use DriveInfo only when explicitly
dealing with drives defined the old way, i.e. without -device.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-02 13:18:02 +02:00
Markus Armbruster
14bafc5407 blockdev: Clean up automatic drive deletion
We automatically delete blockdev host parts on unplug of the guest
device.  Too much magic, but we can't change that now.

The delete happens early in the guest device teardown, before the
connection to the host part is severed.  Thus, the guest part's
pointer to the host part dangles for a brief time.  No actual harm
comes from this, but we'll catch such dangling pointers a few commits
down the road.  Clean up the dangling pointers by delaying the
automatic deletion until the guest part's pointer is gone.

Device usb-storage deliberately makes two qdev properties refer to the
same drive, because it automatically creates a second device.  Again,
too much magic we can't change now.  Multiple references worked okay
before, but now free_drive() dies for the second one.  Zap the extra
reference.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-02 13:18:01 +02:00
Markus Armbruster
fa66b909f3 scsi: scsi_bus_legacy_handle_cmdline() can fail, fix callers
None of its callers checks for failure.  scsi_hot_add() can crash
because of that:

(qemu) drive_add 4 if=scsi,format=host_device,file=/dev/sg1
scsi-generic: scsi generic interface too old
Segmentation fault (core dumped)

Fix all callers, not just scsi_hot_add().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-02 13:18:01 +02:00
Markus Armbruster
666daa6823 blockdev: Collect block device code in new blockdev.c
Anything that moves hundreds of lines out of vl.c can't be all bad.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-06-04 15:20:47 +02:00
Markus Armbruster
a803cb8eb8 blockdev: Hide QEMUMachine from drive_init()
To pave the way for moving it out of vl.c.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-06-04 11:43:40 +02:00
Max Reitz
f3571b1a5b usb: class specific interface requests
Mass Storage Reset and Get Max LUN are class specific requests, but
they were not marked as such in hw/usb-msd.c, moved therefore
ClassInterfaceRequest and ClassInterfaceOutRequest from hw/usb-net.c
to hw/usb.h.
Furthermore there was a problem in hw/usb-ohci.c when using DEBUG
concerning systems where size_t is a 32 bit integer (printf resulted
in a segmentation fault).

Signed-off-by: Max Reitz <max@tyndur.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-03-31 11:16:52 -05:00
Arnaud Patard (Rtp)
e5322f76a7 hw/usb-msd: fix some usb requests
The usb-msd device emulation needs some small tweaks in the requests
emulations. For instance, the reset/maxlun requests are class/interface
specific so requests for them with the type class and recipient interface
bits sets have to be handled.

Signed-off-by: Arnaud Patard <arnaud.patard@rtp-net.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-03-17 11:17:05 -05:00