with the "usb-ehci: cleanup port reset handling" patch in place no callers
are calling usb_attach(port, NULL) for a port where port->dev is NULL.
Doing that makes no sense as that causes the port detach op to get called
for a port with nothing attached. Add an assert that port->dev != NULL when
dev == NULL, and remove the check for not having a port->dev in the dev == NULL
case.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Doing a usb_attach when dev is NULL will just result in the
port detach op getting called even though nothing was connected in
the first place.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Note this fixes 2 things in one go, first of all the device_destroy bus
op should be a device_detach bus op, as pending async packets from the
device should be cancelled on detach not on destroy.
Secondly having this as a bus op won't work with companion controllers, since
then there will be 1 bus driven by the ehci controller and thus 1 set of bus
ops, but the device being detached may be downstream of a handed over port.
Making the detach of a downstream device a port op allows the ehci controller
to forward this to the companion controller port for handed over ports.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This makes them consistent with the attach and detach ops, and in general
it makes sense to make portops take a port as argument. This also makes
adding support for a companion controller easier / cleaner.
[ kraxel: fix usb-musb.c build ]
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This is a preparation patch for adding support for USB companion controllers.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Cleanup / preparation patch for companion controller support. Note that
as a "side-effect" this patch also fixes the milkymist-softusb controller
not having a port_location set for its ports.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
In musb_packet() handle final processing of non-asynchronous
USB packets by directly calling musb_schedule_cb() rather than
going through usb_packet_complete(). The latter will trigger
an assertion because the packet doesn't belong to a device.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Just in case there's still a way how a guest can read out buffers when it's not
supposed to, let's zero the buffers during initialisation so that we don't leak
information to the guest.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
This fixes https://bugs.launchpad.net/qemu/+bug/786209:
When the DRQ_STAT bit is set, the IDE core permits both data reads
and data writes, regardless of whether the current transfer was
initiated as a read or write.
This potentially leaks uninitialized host memory into the guest,
if, before doing anything else to an IDE device, the guest begins a
write transaction (e.g. WIN_WRITE), but then *reads* from the IO
port instead of writing to it.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
It needs to be a qdev property, because it belongs to the drive's
guest part. Precedence: commit a0fef654 and 6ced55a5.
Bonus: info qtree now shows the serial number.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Until now, pxa2xx_lcd only supported 90deg rotation, but
some machines (for example Zipit Z2) needs 270deg rotation.
Signed-off-by: Vasily Khoruzhick <anarsoul@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Parameter 'info' is const, so add the missing attribute.
v2:
Add 'const' to the local variable info in do_cpu_reset() and to
the boot_info field in CPUARMState (suggested by Peter Maydell).
Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
report correct mode when in undefined mode.
introduces qxl_mode_to_string(), and uses it in other places too.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This bug showed up after 1455084ea2, and
may be seen only on operating systems *not* using DMA to give commands
to SCSI adapter.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* 'ppc-next' of git://repo.or.cz/qemu/agraf:
PPC: move TLBs to their own arrays
PPC: 440: Use 440 style MMU as default, so Qemu knows the MMU type
PPC: E500: Use MAS registers instead of internal TLB representation
PPC: Only set lower 32bits with mtmsr
PPC: update openbios firmware
PPC: mpc8544ds: Add hypervisor node
PPC: calculate kernel,initrd,cmdline locations dynamically
target-ppc: Handle memory-forced I/O controller access
PPC: E500: Implement reboot controller
If I start qemu with:
# qemu -hda disks/test.img -enable-kvm -m 1G -snapshot \
-device virtio-serial \
-chardev socket,host=localhost,port=1234,server,nowait,id=foo \
-device virtserialport,chardev=foo,name=org.qemu.guest_agent
I get a segfault when booting a Fedora 14 guest. The backtrace says:
Program terminated with signal 11, Segmentation fault.
#0 0x0000000000420850 in handle_control_message (vser=0x3732bd0, buf=0x2c173e0, len=8) at /home/lcapitulino/src/qmp-unstable/hw/virtio-serial-bus.c:335
335 info = DO_UPCAST(VirtIOSerialPortInfo, qdev, port->dev.info);
What's happening is VIRTIO_CONSOLE_DEVICE_READY is a message for the
whole device, not for an individual port. So port is NULL. This bug was
introduced by commit a15bb0d6a9.
This commit fixes that by making the port returned by find_port_by_id()
be used only by the VIRTIO_CONSOLE_PORT_READY and
VIRTIO_CONSOLE_PORT_OPEN messages.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
This is an all-in-one fix for the smaller and bigger mistakes of the
build system changes for accompanied Linux headers:
- only enable KVM and vhost on Linux hosts
- fix powerpc asm header symlink
- do not use Linux headers on non-Linux hosts
- fix kvmclock for !CONFIG_KVM
- fix s390 build on non-Linux hosts
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Tested-by: Andreas Färber <andreas.faerber@web.de>
Tested-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Fix a couple of typos in comments.
Signed-off-by: Matthew Fernandez <matthew.fernandez@gmail.com>
Acked-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
error_report() prepends location, and appends a newline. The message
constructed from the arguments should not contain a newline. Fix the
obvious offenders.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
It needs to be a qdev property, because it belongs to the drive's
guest part. Precedence: commit a0fef654 and 6ced55a5.
Bonus: info qtree now shows the serial number.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Correct a number of minor errors in the OHCI wakeup implementation:
* when the port is suspended but the controller is not, raise RHSC
* when the controller is suspended but the port is not, raise RD
* when the controller is suspended, move it to resume state
These fix some edge cases where a USB device might not successfully get
the attention of the guest OS if it tried to do so at the wrong time.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This is used to indicate at which speed[s] the device can operate,
so that this can be checked to match the ports capabilities when it gets
attached to a bus.
Note that currently all usb1 emulated device claim to be fullspeed, this
seems to not cause any problems, but still seems wrong, because with real
hardware keyboards, mice and tablets usually are lo-speed, so reporting these
as fullspeed devices seems wrong.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add properties for the wakeup rate and the max number of frames ehci
will process at once.
The wakeup rate defaults to 1000 which equals the usb frame rate. This
can be reduced to make qemu wake up less often when ehci is active.
In case the wakeup rate is reduced or the ehci timer is delayed due to
latency issues elsewhere in qemu ehci will process multiple frames at
once. The maxframes property specifies the upper limit for this.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diagnose the case where the user asked for a NIC via "-net nic"
but the board didn't instantiate that NIC (for example where the
user asked for two NICs but the board only supports one). Note
that this diagnostic doesn't apply to NICs created through -device,
because those are always instantiated.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When running kvm-autotest, fputc() is often the second highest (sometimes #1)
function showing up in a profile. This is due to fputc() locking the file
for every byte written.
Optimize by buffering a line's worth of pixels and writing that out in a
single call.
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This warning is new in gcc 4.6.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Introduce a new emulated PCI device, specific to fully virtualized Xen
guests. The device is necessary for PV on HVM drivers to work.
Signed-off-by: Steven Smith <ssmith@xensource.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Compared to the last version I only added a comment to the code.
- remove i440FX-xen and i440fx_write_config_xen
we don't need to intercept pci config writes to i440FX anymore;
- introduce PIIX3-xen and piix3_write_config_xen
we do need to intercept pci config write to the PCI-ISA bridge to update
the PCI link routing;
- set the number of PIIX3-xen interrupts line to 128;
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
If the cirrus_vga PCI BAR is unmapped than we should not only reset
map_addr but also lfb_addr, otherwise we'll keep trying to map
the old lfb_addr in map_linear_vram.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This function will be used to support sync dirty bitmap.
This come with a check against every Xen release, and special
implementation for Xen version that doesn't have this specific call.
This function will not be usable with Xen 3.3 because the behavior is
different.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Until now, we've created a union over multiple different TLB types and
allocated that union. While it's a waste of memory (and cache) to allocate
TLB information for a TLB type with much information when you only need
little, it also inflicts another issue.
With the new KVM API, we can now share the TLB between KVM and qemu, but
for that to work we need to have both be in the same layout. We can't just
stretch it over to fit some internal different TLB representation.
Hence this patch moves all TLB types to their own array, allowing us to only
address and allocate exactly the boundaries required for the specific TLB
type at hand.
Signed-off-by: Alexander Graf <agraf@suse.de>
We have some KVM interaction code in Qemu that tries to be clever and
ignore some capabilities when running on BookE style MMUs. Unfortunately,
the default CPU bamboo was defaulting to was not a BookE-style MMU,
resulting in the check to fail.
With this patch, guests can run again on 440 with -enable-kvm.
Signed-off-by: Alexander Graf <agraf@suse.de>
The natural format for e500 cores to do TLB manipulation with are the MAS
registers. Instead of converting them into some internal representation
and back again when the guest reads them, we can just keep the data
identical to the way the guest passed it to us.
The main advantage of this approach is that we're getting closer to being
able to share MMU data with KVM using shared memory, so that we don't need
to copy lots of MMU data back and forth all the time. For this to work
however, another patch is required that gets rid of the TLB union, as that
destroys our memory layout that needs to be identical with the kernel one.
Signed-off-by: Alexander Graf <agraf@suse.de>
When running a PPC guest with KVM that can do PV operations, we need
to indicate the guest which instructions to use for a hypercall and
that it is running as KVM guest.
This logic was available on openbios based machines already. This patch
also adds said functionality to the mpc8544ds machine.
Signed-off-by: Alexander Graf <agraf@suse.de>
Acked-by: Scott Wood <scottwood@freescale.com>
During testing, I was generating a vmlinux binary that easily occupied
more than 20MB of RAM. Since the current -kernel code loads the initrd
at a fixed address behind the kernel, we were overwriting kernel data
when the kernel got too big.
To finally get rid of the issue, let's calculate the initrd and cmdline
addresses relative to the kernel size, so we can have kernels and initrds
that are as big as they want to - as long as they fit in RAM.
Signed-off-by: Alexander Graf <agraf@suse.de>
When Linux reboots an e500 VM, it writes to a magic register in the
"global-utilities" device indicated by the device tree. We were not
emulating that device so far, rendering the VM reboot-less.
This patch implements that device with only the reboot functionality
implemented and adds it to the device tree. With this patch applied,
I can successfully reboot a -M mpc8544ds VM.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Andreas Färber <andreas.faerber@web.de>
As pci id initialization is moved to common layer,
some initialization function can be empty.
So don't call init method if NULL.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The 9118 ethernet controller interrupt line is active low unless
the IRQ config register is programmed to set both the IRQ_POL
(polarity: active-high) and IRQ_TYPE (type: push-pull) bits:
implement support for inverting the irq output in other configurations.
This also requires that we support setting the bits in the first
place, and that we correctly preserve them across software reset.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Register the smc91c111 reset function as a qdev reset function.
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Clearing the error status flag was missing for restarting flushes. Now that the
error status is separate from the BM status register, we can simply set it to 0
after restarting the request. This ensures that we never forget to clear a bit.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Add support for TRIM sub function of the data set management command,
and wire it up to the qemu discard infrastructure.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Replace the is_read flag with a dma_cmd flag to allow the dma and
restart logic to handler other commands like TRIM.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
When a failed PIO request caused the VM to stop, we still need to transfer the
PIO state even though DRQ=0 at this point.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
When adding the werror=stop mode, some flags were added to s->status
which are used to determine what kind of operation should be restarted
when the VM is continued.
Unfortunately, it turns out that s->status is in fact a device register
and as such is visible to the guest (some of the abused bits are even
writable for the guest).
For migration we keep on using the old VMState field (renamed to
migration_compat_status) if the status register doesn't use any of the
previously abused bits. If it does, we use a subsection with a clean copy of
the status register.
The error status is always sent in a subsection if there is any error. It can't
use the old field because errors happen even without PCI.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
ccid_initfn() allocates CCIDBus dynamically, but there is no exit
callback to free it.
Fix by getting rid of the allocation.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
When qemu gets compiled without support of vhost-net, any attempt
to use it fails with a very clear error message:
qemu-system-x86_64: -netdev ...,vhost=on: vhost-net requested but could not be initialized
there's absolutely no reason given _why_ it coult not be
initialized, and even strace'ing the process in question
does not reveal any errors. So print a message telling
what's going on.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
expire_time must be initialited when the guest activates the
usb scheduler, not at device creation time.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Implement the wakeup callback in the OHCI USBPortOps, so that when
a downstream device wakes up it correctly causes the OHCI controller
to come out of suspend.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
HcPeriodCurrentED is read-only, but Linux writes to it anyway; silently
ignore this rather than printing a warning message.
(Specifically, drivers/usb/host/ohci-hub.c:ohci_rh_resume() writes a
0, in at least kernels 2.6.25 through 2.6.39.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This causes an "Error: tried to detach unattached usb device " to be printed,
this can happen when deleting ie a usb host qdev, which did not
get attached (because a device matching the filter never got plugged in).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch fixes a bunch of issues in the itd descriptor handling.
Most important fix is to handle transfers which cross page borders
correctly by looking up the address of the next page. Luckily the
linux uses physically contigous memory so the data used to hits the
correct location even with this bug instead of corrupting guest
memory. Also the transfer length updates for outgoing transfers wasn't
correct.
While being at it DPRINTFs have been replaced by tracepoints.
The isoch_pause logic has been disabled. Not clear to me which propose
this serves and I think it is incorrect too as we just skip processing
itds. Even when no xfer happens we have to clear the active bit.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The USB tablet advertises that it supports the "boot" protocol.
However, its reports aren't "boot" protocol compatible. So, it
shouldn't claim that.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The QEMU USB mouse claims to support the "boot" protocol
(bInterfaceSubClass is 1). However, the mouse rejects the
Set_Protocol command.
The qemu mouse does support the "boot" protocol specification, so a
simple fix is to enable the Set_Protocol request.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The state machine doesn't stop in EXECUTING state any more when async
packets are in flight, so the checks are not needed any more and can
be dropped.
Also kick out the check for the frame timer. As we don't stop & sleep
any more on async packets this is obsolete.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds USBBusOps struct with (for now) only a single callback
which is called when a device is about to be destroyed. The USB Host
adapters are implementing this callback and use it to cancel any async
requests which might be in flight before the device actually goes away.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Set the correct bits for nodev, stall and babble errors.
Raise errint irq. Fix state transition from WRITEBACK
to the next state.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Two bugs at once:
First the mask is backwards, so the it used to keeps the offset and
clears the page address, which is not what we need when we update the
offset.
Second the offset calculation is wrong in case head isn't page aligned.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds support for keeping multiple queues going at the same
time. One slow device will not affect other devices any more.
The patch adds code to manage EHCIQueue structs. It also does a number
of changes to the state machine:
* The state machine will never ever stop in EXECUTING any more.
Instead it will continue with the next queue (aka HORIZONTALQH) when
the usb device returns USB_RET_ASYNC.
* The state machine will stop processing when it figures it walks in
circles (easy to figure now that we have a EHCIQueue struct for each
QH we've processed). The bailout logic should not be needed any
more. For now it is still in, but will assert() in case it triggers.
* The state machine will just skip queues with a async USBPacket in
flight.
* The state machine will resume processing as soon as the async
USBPacket is finished.
The patch also takes care to flush the QH struct back to guest memory
when needed, so we don't get stale data when (re-)loading it from guest
memory in FETCHQH state.
It also makes the writeback code to not touch the first three dwords of
the QH struct as the EHCI must not write them. This actually fixes a
bug where QH chaining changes (next ptr) by the linux ehci driver where
overwritten by the emulated EHCI.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add EHCIQueue struct, move the fields needed to track the queue state
into that struct. Pass the new struct instead of ehci state down to
functions which handle the queue state. Lot of variable references have
changed due to that without an actual functional change.
Replace fetch_addr with two variables, one for async and one for
periodic schedule. Add functions to get and set the fetch address.
Use EHCIQueue->usb_status (old name: EHCIState->exec_status) directly in
ehci_execute_complete instead of passing around the status using a
parameters and the return value.
ehci_state_fetchqh returns a EHCIQueue struct now.
No change in behavior.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add a separate tracepoint to log how register values change in response
to a mmio write. Especially useful for registers which have read-only
or clear-on-write bits in them.
No change in behavior.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Trace usb port operations (attach, detach, reset),
drop a few obsolete DPRINTF's.
No change in behavior.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add functions to get and set the current state of the state machine,
add tracepoints there to trace state transitions. Add support for
traceing the queue heads and transfer descriptors as we look at them.
Drop a few DPRINTFs and all DPRINTF_ST lines, they are obsolete now.
No change in behavior.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch starts adding trace support to ehci. It traces
updates of the status register (USBSTS), mmio access and
controller reset.
It also adds functions to set and clear status register bits
and puts them in use everywhere.
Some DPRINTF's are dropped in favor of the new tracepoints.
No change in behavior.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add support for event_idx feature, and utilize it to
reduce the number of interrupts and exits for the guest.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This also cleans up an open-coded 64-bit message address readout.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Pulls in latest version from kernel 3.0-rc2.
Some changes around AER now require local defines as QEMU accesses the
error source identification register via sub-words.
CC: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Current vm_running was not explicitly initialized and its value was changed by
vm state notifier, this may confuse the virtio device being hotplugged such as
virtio-net with vhost backend as it may think the vm was not running. Solve this
by initialize this value explicitly in virtio_common_init().
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The virtio_queue_notify() function checks that the virtqueue number is
less than the maximum number of virtqueues. A signed comparison is used
but the virtqueue number could be negative if a buggy or malicious guest
is run. This results in memory accesses outside of the virtqueue array.
It is risky doing input validation in common code instead of at the
guest<->host boundary. Note that virtio_queue_set_addr(),
virtio_queue_get_addr(), virtio_queue_get_num(), and many other virtio
functions do *not* validate the virtqueue number argument.
Instead of fixing the comparison in virtio_queue_notify(), move the
comparison to the virtio bindings (just like VIRTIO_PCI_QUEUE_SEL) where
we have a uint32_t value and can avoid ever calling into common virtio
code if the virtqueue number is invalid.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
vender id/device id... in configuration space are read-only registers
which are commonly defined for all pci devices.
So move those initialization into common place.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* rth/axp-next: (26 commits)
target-alpha: Implement TLB flush primitives.
target-alpha: Use a fixed frequency for the RPCC in system mode.
target-alpha: Trap for unassigned and unaligned addresses.
target-alpha: Remap PIO space for 43-bit KSEG for EV6.
target-alpha: Implement cpu_alpha_handle_mmu_fault for system mode.
target-alpha: Implement more CALL_PAL values inline.
target-alpha: Disable interrupts properly.
target-alpha: All ISA checks to use TB->FLAGS.
target-alpha: Swap shadow registers moving to/from PALmode.
target-alpha: Implement do_interrupt for system mode.
target-alpha: Add IPRs to be used by the emulation PALcode.
target-alpha: Use kernel mmu_idx for pal_mode.
target-alpha: Add various symbolic constants.
target-alpha: Use do_restore_state for arithmetic exceptions.
target-alpha: Tidy up arithmetic exceptions.
target-alpha: Tidy exception constants.
target-alpha: Enable the alpha-softmmu target.
target-alpha: Rationalize internal processor registers.
target-alpha: Merge HW_REI and HW_RET implementations.
target-alpha: Cleanup MMU modes.
...
