Commit Graph

158 Commits

Author SHA1 Message Date
Alexey Kardashevskiy
f81bb347ef xhci: Fix possible side effect from assert()
A static analysis tool called BEAM detected possible side effect from
assert() calling a helper which may change an XHCI ring after every call.

This moves xhci_ring_fetch() out of assert() so it will be called
with and without enabled debug.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Message-id: 1468812548-31868-1-git-send-email-aik@ozlabs.ru
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-07-20 13:31:09 +02:00
Zhang Shuaiyi
a4055d8586 nec-usb-xhci: set the device state to USB_STATE_DEFAULT
This patch is a rough fix to "hw/usb/core.c:401: usb_handle_packet:
 Assertion `dev->state == 3' failed.". Qemu will crash when a usb3
device redirect to Windows7 VM via nec-usb-xhci.

In extensible-host-controler-interface-usb-xhci.pdf P94(4.6.5
Address Device):
    • If the Block Set Address Request (BSR) flag = ‘1’
        • If the slot is in the Enabled state:
            ...
            • Set the Slot State in the Output Slot Context to Default.

BSR = ‘1’: Enabled state to Default state; BSR = ‘0’: Default state
to Addressed state. Try to call usb_device_reset to set device state
to USB_STATE_DEFAULT in xhci_address_slot wether bsr is zero.

Signed-off-by: Zhang Shuaiyi <zhang_syi@massclouds.com>
Message-id: 1467258640-11921-1-git-send-email-zhang_syi@massclouds.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-07-12 10:23:59 +02:00
Cao jin
1108b2f8a9 pci: Convert msi_init() to Error and fix callers to check it
msi_init() reports errors with error_report(), which is wrong
when it's used in realize().

Fix by converting it to Error.

Fix its callers to handle failure instead of ignoring it.

For those callers who don't handle the failure, it might happen:
when user want msi on, but he doesn't get what he want because of
msi_init fails silently.

cc: Gerd Hoffmann <kraxel@redhat.com>
cc: John Snow <jsnow@redhat.com>
cc: Dmitry Fleytman <dmitry@daynix.com>
cc: Jason Wang <jasowang@redhat.com>
cc: Michael S. Tsirkin <mst@redhat.com>
cc: Hannes Reinecke <hare@suse.de>
cc: Paolo Bonzini <pbonzini@redhat.com>
cc: Alex Williamson <alex.williamson@redhat.com>
cc: Markus Armbruster <armbru@redhat.com>
cc: Marcel Apfelbaum <marcel@redhat.com>

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
2016-07-05 13:14:41 +03:00
Cao jin
290fd20db6 usb xhci: change msi/msix property type
>From bit to enum OnOffAuto

cc: Gerd Hoffmann <kraxel@redhat.com>
cc: Michael S. Tsirkin <mst@redhat.com>
cc: Markus Armbruster <armbru@redhat.com>
cc: Marcel Apfelbaum <marcel@redhat.com>

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-05 13:14:41 +03:00
Roman Kagan
491d68d938 usb:xhci: no DMA on HC reset
This patch is a rough fix to a memory corruption we are observing when
running VMs with xhci USB controller and OVMF firmware.

Specifically, on the following call chain

xhci_reset
  xhci_disable_slot
    xhci_disable_ep
      xhci_set_ep_state

QEMU overwrites guest memory using stale guest addresses.

This doesn't happen when the guest (firmware) driver sets up xhci for
the first time as there are no slots configured yet.  However when the
firmware hands over the control to the OS some slots and endpoints are
already set up with their context in the guest RAM.  Now the OS' driver
resets the controller again and xhci_set_ep_state then reads and writes
that memory which is now owned by the OS.

As a quick fix, skip calling xhci_set_ep_state in xhci_disable_ep if the
device context base address array pointer is zero (indicating we're in
the HC reset and no DMA is possible).

Cc: qemu-stable@nongnu.org
Signed-off-by: Roman Kagan <rkagan@virtuozzo.com>
Message-id: 1462384435-1034-1-git-send-email-rkagan@virtuozzo.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-11 10:29:28 +02:00
Peter Xu
182b391e79 usb: fix unbounded stack warning for xhci_dma_write_u32s
All the callers for xhci_dma_write_u32s() are using mostly 5 * uint32_t
in len. To avoid unbound stack warning for the function, make it
statically allocated, and assert when it's not big enough in the
future.

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-id: 1457661106-9569-1-git-send-email-peterx@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-03-18 13:42:14 +01:00
Peter Maydell
e532b2e008 usb: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-20-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:23 +00:00
Markus Armbruster
98f343395e usb: Use g_new() & friends where that makes obvious sense
g_new(T, n) is neater than g_malloc(sizeof(T) * n).  It's also safer,
for two reasons.  One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.

This commit only touches allocations with size arguments of the form
sizeof(T).  Same Coccinelle semantic patch as in commit b45c03f.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-06 15:42:38 +03:00
Daniel P. Berrange
ef1e1e0782 maint: avoid useless "if (foo) free(foo)" pattern
The free() and g_free() functions both happily accept
NULL on any platform QEMU builds on. As such putting a
conditional 'if (foo)' check before calls to 'free(foo)'
merely serves to bloat the lines of code.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11 10:21:38 +03:00
Gerd Hoffmann
92fdfa4bef Revert "xhci: set timer to retry xfers"
This reverts commit 4e8cfbe114.

We should not poll via timer, and with ccid being fixed
to properly notify us about pending transfers we don't have to.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-07-17 13:20:53 +02:00
Peter Maydell
9ad2c8cd41 trivial patches for 2015-05-09
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJVTTGSAAoJEL7lnXSkw9fb6WUH/iWY2zJ+wNY/GCutyJ+bxq/0
 XeYhe+3DyjU7sAjDPnTjgJ26K1sYREhQkSDXbIXKpu+Ez9AAucBauDlYczVcklf0
 xiNVBCVDCvLZr2YwDctbV2WhqUVVJG78xMRlbpGapTPsvwPAG5CL+ZRN6l6Fp8G8
 yCHRvK7I9n2P8uZVqZiLd3jGTeRYqd7lBzHyOoxTQAuQdgOvuwf9zEKVZ+RxA5B0
 7ckuE8aZH0yyDDTG8w3nksWYLnEPizfT9MaNjI6AX4dwLPGv4BvvmGP6YwZRavRI
 +OopR7KliEdSaurj0ggM8rUcBkA37QHuIwRfmd3Syyx4HLOB3ckgGlWL8He9mpM=
 =PXUH
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mjt/tags/pull-trivial-patches-2015-05-09' into staging

trivial patches for 2015-05-09

# gpg: Signature made Fri May  8 22:58:42 2015 BST using RSA key ID A4C3D7DB
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>"
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>"
# gpg:                 aka "Michael Tokarev <mjt@debian.org>"

* remotes/mjt/tags/pull-trivial-patches-2015-05-09:
  docs: update BLOCK_IMAGE_CORRUPTED documentation
  glib-compat.h: change assert to g_assert
  Remove various unused functions
  sheepdog: fix resource leak with sd_snapshot_create
  xhci: remove unused code

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-11 13:54:00 +01:00
Gonglei
e5a88b0cf3 xhci: remove unused code
Value from xfer->packet.ep is assigned to ep here, but that
stored value is not used before it is overwritten. Remove it.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-05-08 14:11:09 +03:00
Gerd Hoffmann
df0f1692db xhci: fix events for setup trb.
When we find a IOC bit set on a setup trb and therefore queue an event,
that should not stop events being generated for following data trbs.
So clear the 'reported' flag.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08 13:01:06 +02:00
Gerd Hoffmann
88dbed3f59 Revert "xhci: generate a Transfer Event for each Transfer TRB with the IOC bit set"
This makes xhci generate multiple short packet events in case of
multi-trb transfers.  Which is wrong.  We need to fix this in a
different way.

This reverts commit aa6857891d.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08 13:00:56 +02:00
Gerd Hoffmann
4e8cfbe114 xhci: set timer to retry xfers
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08 12:39:18 +02:00
Peter Maydell
0048fa6c80 pci, pc, virtio fixes and cleanups
A bunch of fixes all over the place.
 All of ACPI refactoring has been merged.
 Legacy pci commands have been dropped.
 virtio header cleanup
 initial patches from virtio-1.0 branch
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJU/CoXAAoJECgfDbjSjVRpX7EH/RMmgtsDO4wvqJu++lHvkB/q
 kSaXZYTpJTo0i5JE7n2brwuXA4902tTg9g5TMUpGPh9Pt2QRg7RTgGC1vqZyOBos
 MPw+4BO2v66S6qgX7bOf222z7r64cHTY7pLkQlrfD4usPlu2eusZ64UTW6Ru51fW
 WF9E9aunbl+HnuCGq6Iez3sCLscTBJpU/lEr6oSyHhuq3aa0CjjraEeV0E/QcwJG
 HTUeFymL8NFvlXZblsLI++VOv7Mxpi6yiCQ5XoKpFgGMvidwo41Aso6gB3ySGxOd
 w8O3Nbu77Iw/StDRNCg/5/GapabMKh2bE4UCsYY5OS63ZtD0fl0CCblhzm/ZFPw=
 =LY/j
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pci, pc, virtio fixes and cleanups

A bunch of fixes all over the place.
All of ACPI refactoring has been merged.
Legacy pci commands have been dropped.
virtio header cleanup
initial patches from virtio-1.0 branch

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

* remotes/mst/tags/for_upstream: (130 commits)
  acpi: drop unused code
  aml-build: comment fix
  acpi-build: fix typo in comment
  acpi: update generated files
  vhost user:support vhost user nic for non msi guests
  aml-build: fix build for glib < 2.22
  acpi: update generated files
  Makefile.target: binary depends on config-devices
  acpi-test-data: update after pci rewrite
  acpi, mem-hotplug: use PC_DIMM_SLOT_PROP in acpi_memory_plug_cb().
  pci-hotplug-old: Has been dead for five major releases, bury
  pci: Give a few helpers internal linkage
  acpi: make build_*() routines static to aml-build.c
  pc: acpi: remove not used anymore ssdt-[misc|pcihp].hex.generated blobs
  pc: acpi-build: drop template patching and create PCI bus tree dynamically
  tests: ACPI: update pc/SSDT.bridge due to new alg of PCI tree creation
  pc: acpi-build: simplify PCI bus tree generation
  tests: add ACPI blobs for qemu with bridge cases
  tests: bios-tables-test: add support for testing bridges
  tests: ACPI test blobs update due to PCI0._CRS changes
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Conflicts:
	hw/pci/pci-hotplug-old.c
2015-03-09 09:14:28 +00:00
Laszlo Ersek
aa6857891d xhci: generate a Transfer Event for each Transfer TRB with the IOC bit set
At the moment, when the XHCI driver in edk2
(MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf) runs on QEMU, with the options

  -device nec-usb-xhci -device usb-kbd

it crashes with:

  ASSERT MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c(1759):
  TrsRing != ((void*) 0)

The crash hits in the following edk2 call sequence (all files under
MdeModulePkg/Bus/):

UsbEnumerateNewDev()                         [Usb/UsbBusDxe/UsbEnumer.c]
  UsbBuildDescTable()                        [Usb/UsbBusDxe/UsbDesc.c]
    UsbGetDevDesc()                          [Usb/UsbBusDxe/UsbDesc.c]
      UsbCtrlGetDesc(USB_REQ_GET_DESCRIPTOR) [Usb/UsbBusDxe/UsbDesc.c]
        UsbCtrlRequest()                     [Usb/UsbBusDxe/UsbDesc.c]
          UsbHcControlTransfer()             [Usb/UsbBusDxe/UsbUtility.c]
            XhcControlTransfer()             [Pci/XhciDxe/Xhci.c]
              XhcCreateUrb()                 [Pci/XhciDxe/XhciSched.c]
                XhcCreateTransferTrb()       [Pci/XhciDxe/XhciSched.c]
              XhcExecTransfer()              [Pci/XhciDxe/XhciSched.c]
                XhcCheckUrbResult()          [Pci/XhciDxe/XhciSched.c]
                  //
                  // look for TRB_TYPE_DATA_STAGE event [1]
                  //
              //
              // Store a copy of the device descriptor, as the hub device
              // needs this info to configure endpoint. [2]
              //
  UsbSetConfig()                             [Usb/UsbBusDxe/UsbDesc.c]
    UsbCtrlRequest(USB_REQ_SET_CONFIG)       [Usb/UsbBusDxe/UsbDesc.c]
      UsbHcControlTransfer()                 [Usb/UsbBusDxe/UsbUtility.c]
        XhcControlTransfer()                 [Pci/XhciDxe/Xhci.c]
          XhcSetConfigCmd()                  [Pci/XhciDxe/XhciSched.c]
            XhcInitializeEndpointContext()   [Pci/XhciDxe/XhciSched.c]
              //
              // allocate transfer ring for the endpoint [3]
              //

USBKeyboardDriverBindingStart()              [Usb/UsbKbDxe/EfiKey.c]
  UsbIoAsyncInterruptTransfer()              [Usb/UsbBusDxe/UsbBus.c]
    UsbHcAsyncInterruptTransfer()            [Usb/UsbBusDxe/UsbUtility.c]
      XhcAsyncInterruptTransfer()            [Pci/XhciDxe/Xhci.c]
        XhcCreateUrb()                       [Pci/XhciDxe/Xhci.c]
          XhcCreateTransferTrb()             [Pci/XhciDxe/XhciSched.c]
            XhcSyncTrsRing()                 [Pci/XhciDxe/XhciSched.c]
              ASSERT (TrsRing != NULL) [4]

UsbEnumerateNewDev() in the USB bus driver issues a GET_DESCRIPTOR
request, in order to determine the number of configurations that the
endpoint supports. The requests consists of three stages (three TRBs),
setup, data, and status. The length of the response is determined in [1],
namely from the transfer event that the host controller generates in
response to the request's middle stage (ie. the data stage).

If the length of the answer is correct (a full GET_DESCRIPTOR request
takes 18 bytes), then the XHCI driver that underlies the USB bus driver
"snoops" (caches) the descriptor data for later [2].

Later, the USB bus driver sends a SET_CONFIG request. The underlying XHCI
driver allocates a transfer ring for the endpoint, relying on the data
snooped and cached in step [2].

Finally, the USB keyboard driver submits an asynchronous interrupt
transfer to manage the keyboard. As part of this it asserts [4] that the
ring has been allocated in step [3].

And this ASSERT() fires. The root cause can be found in the way QEMU
handles the initial GET_DESCRIPTOR request.

Again, that request consists of three stages (TRBs, Transfer Request
Blocks), "setup", "data", and "status". The XhcCreateTransferTrb()
function sets the IOC ("Interrupt on Completion") flag in each of these
TRBs.

According to the XHCI specification, the host controller shall generate a
Transfer Event in response to *each* individual TRB of the request that
had the IOC flag set. This means that QEMU should queue three events:
setup, data, and status, for edk2's XHCI driver.

However, QEMU only generates two events:
- one for the setup (ie. 1st) stage,
- another for the status (ie. 3rd) stage.

No event is generated for the middle (ie. data) stage. The loop in QEMU's
xhci_xfer_report() function runs three times, but due to the "reported"
variable, only the first and the last TRBs elicit events, the middle (data
stage) results in no event queued.

As a consequence:
- When handling the GET_DESCRIPTOR request, XhcCheckUrbResult() in [1]
  does not update the response length from zero.

- XhcControlTransfer() thinks that the response is invalid (it has zero
  length payload instead of 18 bytes), hence [2] is not reached; the
  device descriptor is not stashed for later, and the number of possible
  configurations is left at zero.

- When handling the SET_CONFIG request, (NumConfigurations == 0) from
  above prevents the allocation of the endpoint's transfer ring.

- When the keyboard driver tries to use the endpoint, the ASSERT() blows
  up.

The solution is to correct the emulation in QEMU, and to generate a
transfer event whenever IOC is set in a TRB.

The patch replaces

  !reported && (IOC || foo)    == !reported && IOC ||
                                  !reported && foo

with

  IOC || (!reported && foo)    == IOC ||
                                  !reported && foo

which only changes how

  reported && IOC

is handled. (Namely, it now generates an event.)

Tested with edk2 built for "qemu-system-aarch64 -M virt" (ie.
"ArmVirtualizationQemu.dsc", aka "AAVMF"), and guest Linux.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-03 08:36:58 +01:00
Markus Armbruster
9af21dbee1 pci: Trivial device model conversions to realize
Convert the device models where initialization obviously can't fail.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
2015-02-26 12:42:16 +01:00
Paolo Bonzini
e720677e32 vmstate: accept QEMUTimer in VMSTATE_TIMER*, add VMSTATE_TIMER_PTR*
Old users of VMSTATE_TIMER* are mechanically changed to VMSTATE_TIMER_PTR
variants.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-01-26 12:22:44 +01:00
Gerd Hoffmann
f2ad97ff81 xhci: add sanity checks to xhci_lookup_uport
Also catch xhci_lookup_uport failures in post_load.

https://bugzilla.redhat.com/show_bug.cgi?id=1074219

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-11-11 08:48:16 +01:00
Gerd Hoffmann
2aa6bfcb66 xhci: add property to turn on/off streams support
streams support in usb-redir and usb-host works only with recent enough
versions of the support libraries (libusbredir and libusbx).  Failure
mode is rather unelegant:  Any stream usb transfers will throw stall
errors.  Turning off support for streams in the xhci host controller
will work better as the guest can figure beforehand that streams are
not going to work.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
2014-10-28 11:38:18 +01:00
Gerd Hoffmann
ac20e1bb0e xhci: remove dead code
Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-10-15 13:39:48 +02:00
Gerd Hoffmann
3533c3d2bf usb: tag xhci as hotpluggable
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-23 12:51:08 +02:00
Dr. David Alan Gilbert
e6043e92c2 xhci PCIe endpoint migration compatibility fix
Add back the PCIe config capabilities on XHCI cards in non-PCIe slots,
but only for machine types before 2.1.

This fixes a migration incompatibility in the XHCI PCI devices
caused by:
   058fdcf52c - xhci: add endpoint cap on express bus only

Note that in fixing it for compatibility with older QEMUs, it breaks
compatibility with existing QEMU 2.1's on older machine types.

The status before this patch was (if it used an XHCI adapter):
   machine type | source qemu
     any           pre-2.1     - FAIL
     any           2.1...      - PASS

With this patch:
   machine type | source qemu
     any           pre-2.1    - PASS
     pre-2.1       2.1...     - FAIL
     2.1           2.1...     - PASS

A test to trigger it is to add '-device nec-usb-xhci,id=xhci,addr=0x12'
to the command line.

Cc: qemu-stable@nongnu.org
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-10 07:20:53 +02:00
Gonglei
d733f74c33 usb: add usb host adapters exit trace
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-08-29 12:52:14 +02:00
Gonglei
53c30545fb usb-xhci: add exit function
clean up xhci resource when xhci pci device exit.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-08-29 12:52:14 +02:00
Gerd Hoffmann
f90e160b50 Revert "xhci: Fix number of streams allocated when using streams"
This reverts commit d063c3112c.

"2 << x" is the same as "2 ^ (x + 1)", so the old code is correct.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-08-29 12:51:44 +02:00
Gerd Hoffmann
3d80365b55 xhci: use (1u << i)
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2014-08-29 12:51:43 +02:00
Gonglei
8c244210d8 xhci: fix debug print compiling error
after commit 003e15a180
the DPRINTF will broke compiling, adjust its location.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-08-29 12:51:43 +02:00
Laszlo Ersek
3afca1d6d4 vmstate_xhci_event: fix unterminated field list
"vmstate_xhci_event" was introduced in commit 37352df3 ("xhci: add live
migration support"), and first released in v1.6.0. The field list in this
VMSD is not terminated with the VMSTATE_END_OF_LIST() macro.

During normal use (ie. migration), the issue is practically invisible,
because the "vmstate_xhci_event" object (with the unterminated field list)
is only ever referenced -- via "vmstate_xhci_intr" -- if xhci_er_full()
returns true, for the "ev_buffer" test. Since that field_exists() check
(apparently) almost always returns false, we almost never traverse
"vmstate_xhci_event" during migration, which hides the bug.

However, Amit's vmstate checker forces recursion into this VMSD as well,
and the lack of VMSTATE_END_OF_LIST() breaks the field list terminator
check (field->name != NULL) in dump_vmstate_vmsd(). The result is
undefined behavior, which in my case translates to infinite recursion
(because the loop happens to overflow into "vmstate_xhci_intr", which then
links back to "vmstate_xhci_event").

Add the missing terminator.

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-22 17:34:24 +01:00
Gerd Hoffmann
7bafd8889e xhci: order superspeed ports first
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-02 16:38:09 +02:00
Gerd Hoffmann
7bd3055ffd xhci: make port reset trace point more verbose
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-02 16:29:00 +02:00
Gerd Hoffmann
f995523582 xhci: add xhci_get_flag
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-05-26 08:41:07 +02:00
Gerd Hoffmann
058fdcf52c xhci: add endpoint cap on express bus only
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-05-26 08:41:07 +02:00
Gerd Hoffmann
463c534db5 xhci: child detach fix
xhci_child_detach() zaps the wrong slot when unplugging a device
connected via usb-hub:  Instead of the device's slot the slot of the
usb-hub is used.  Fix it.

https://bugzilla.redhat.com/show_bug.cgi?id=1075846

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
2014-05-26 08:41:07 +02:00
Gerd Hoffmann
d6bb65fcd2 xhci: use DPRINTF() instead of fprintf(stderr, ...)
So we don't spam stderr with (guest-triggerable) messages by default.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-02-18 15:39:13 +01:00
Gerd Hoffmann
4f9cc73422 xhci: switch debug printf to tracepoint
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-02-18 15:39:13 +01:00
Gerd Hoffmann
cc03ff9d0a xhci iso: allow for some latency
Allow the scheduled transfer time be a bit behind, to
compensate for latencies.  Without this xhci will wait
way to often for the mfindex wraparound, assuming the
scheduled time is in the future just because qemu is
a bit behind in processing the iso transfer requests.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-02-18 15:39:13 +01:00
Gerd Hoffmann
786ad214c7 xhci iso: fix time calculation
Frameid specifies frames not microframes, so we
need to shift it to get the microframe index.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-02-18 15:39:13 +01:00
Gerd Hoffmann
f6969b9fef xhci: fix overflow in usb_xhci_post_load
Found by Coverity.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-02-18 15:39:12 +01:00
Igor Mammedov
2897ae0267 qdev:pci: refactor PCIDevice to use generic "hotpluggable" property
Get rid of PCIDevice specific PCIDeviceClass.no_hotplug and use
generic DeviceClass.hotpluggable field instead.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-02-10 10:26:56 +02:00
Hans de Goede
72391da506 xhci: Call usb_device_alloc/free_streams
Note this code is not as KISS as I would like, the reason for this is that
the Linux kernel interface wants streams on eps belonging to one interface
to be allocated in one call. Things will also work if we do this one ep at a
time (as long as all eps support the same amount of streams), but lets stick
to the kernel API.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-11-26 09:21:17 +01:00
Gerd Hoffmann
f1f8bc218a xhci: add support for suspend/resume
The OS can ask the xhci controller to save and restore its
internal state, which is used by the OS when the system is
suspended and resumed.

This patch handles writes to the save + restore bits in the
command register.  Only thing it does is updating the
restore error bit in the status register to signal an error
on restore.  The guest OS should do a full reinitialization
after resume then.

This is the minimal patch which gets S3 going with xhci.
Implementing full save/restore support is TBD.

https://bugzilla.redhat.com/show_bug.cgi?id=1012365

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-11-26 09:21:17 +01:00
Hans de Goede
de9de157fb xhci: Add a few missing checks for disconnected devices
One of the reworks of qemu's usb core made changes to usb-port's disconnect
handling. Now ports with a device will always have a non 0 dev member, but
if the device is not attached (which is possible with usb redirection),
dev->attached will be 0.

So supplement all checks for dev to also check dev->attached, and add an
extra check in a path where a device check was completely missing.

This fixes various crashes (asserts triggering) I've been seeing when xhci
attached usb devices get disconnected at the wrong time.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-11-26 09:21:17 +01:00
Anthony Liguori
cb95ec1b83 Merge remote-tracking branch 'kraxel/usb.91' into staging
* kraxel/usb.91:
  usb-hcd-xhci: Update endpoint context dequeue pointer for streams too
  usb-hcd-xhci: Report completion of active transfer with CC_STOPPED on ep stop
  usb-hcd-xhci: Remove unused cancelled member from XHCITransfer
  usb-hcd-xhci: Remove unused sstreamsm member from XHCIStreamContext
  usb-host-libusb: Detach kernel drivers earlier
  usb-host-libusb: Configuration 0 may be a valid configuration
  usb-host-libusb: Fix reset handling

Message-id: 1382620267-18065-1-git-send-email-kraxel@redhat.com
Signed-off-by: Anthony Liguori <anthony@codemonkey.ws>
2013-10-31 17:00:25 +01:00
Anthony Liguori
b0eb759fb2 pci, pc, acpi fixes, enhancements
This includes some pretty big changes:
 - pci master abort support by Marcel
 - pci IRQ API rework by Marcel
 - acpi generation support by myself
 
 Everything has gone through several revisions, latest versions have been on
 list for a while without any more comments, tested by several
 people.
 
 Please pull for 1.7.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.15 (GNU/Linux)
 
 iQEcBAABAgAGBQJSXNO8AAoJECgfDbjSjVRp7VAH/0B73mCOiyVACGx7fazK3SGK
 X8TxZWVtG5A77ISqKyrtjLAhK9DCQjEzQTbMNhXHM3Ar6crwo7nJZnQvH2Gh1X2p
 34BOQSVc4rtXz5pwDIr48dBLrxeslwXub79chUs+IK1/4RSn3h3nuS3k6JVkmLJN
 rcHMj4ljJmi4Hd9vOpmS1jo/a61usi36hhU7CMgcrsXzStZycBBzCozOB3VW8p1X
 /iwyf91YjmNPkn9gA3/aViGjszu8jE91dkA0C+ljwvcGbs2yEl3LCWEJfsMvoh5P
 2M+k0XXbHwq/P9PFMa/2/lWOo4EO4Oxa+G/6QvovJrteYnktr+E9DqjU8pCT7yI=
 =CVfs
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'mst/tags/for_anthony' into staging

pci, pc, acpi fixes, enhancements

This includes some pretty big changes:
- pci master abort support by Marcel
- pci IRQ API rework by Marcel
- acpi generation support by myself

Everything has gone through several revisions, latest versions have been on
list for a while without any more comments, tested by several
people.

Please pull for 1.7.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Tue 15 Oct 2013 07:33:48 AM CEST using RSA key ID D28D5469
# gpg: Can't check signature: public key not found

* mst/tags/for_anthony: (39 commits)
  ssdt-proc: update generated file
  ssdt: fix PBLK length
  i386: ACPI table generation code from seabios
  pc: use new api to add builtin tables
  acpi: add interface to access user-installed tables
  hpet: add API to find it
  pvpanic: add API to access io port
  ich9: APIs for pc guest info
  piix: APIs for pc guest info
  acpi/piix: add macros for acpi property names
  i386: define pc guest info
  loader: allow adding ROMs in done callbacks
  i386: add bios linker/loader
  loader: use file path size from fw_cfg.h
  acpi: ssdt pcihp: updat generated file
  acpi: pre-compiled ASL files
  acpi: add rules to compile ASL source
  i386: add ACPI table files from seabios
  q35: expose mmcfg size as a property
  q35: use macro for MCFG property name
  ...

Message-id: 1381818560-18367-1-git-send-email-mst@redhat.com
Signed-off-by: Anthony Liguori <anthony@codemonkey.ws>
2013-10-31 16:58:32 +01:00
Hans de Goede
c90daa1c10 usb-hcd-xhci: Update endpoint context dequeue pointer for streams too
With streams the endpoint context dequeue pointer should point to the
dequeue value for the currently active stream.

At least Linux guests expect it to point to value set by an set_ep_dequeue
upon completion of the set_ep_dequeue (before kicking the ep).

Otherwise the Linux kernel will complain (and things won't work):

xhci_hcd 0000:00:05.0: Mismatch between completed Set TR Deq Ptr command & xHCI internal state.
xhci_hcd 0000:00:05.0: ep deq seg = ffff8800366f0880, deq ptr = ffff8800366ec010

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-10-22 16:28:49 +02:00
Hans de Goede
582d6f4aba usb-hcd-xhci: Report completion of active transfer with CC_STOPPED on ep stop
As we should per the XHCI spec "4.6.9 Stop Endpoint".

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-10-22 16:28:49 +02:00
Hans de Goede
8de1838afe usb-hcd-xhci: Remove unused cancelled member from XHCITransfer
Since qemu's USB model is geared towards emulated devices cancellation
is instanteneous, so no need to wait for cancellation to complete, as
such there is no wait for cancellation code, and the cancelled bool
as well as the bogus comment about it can be removed.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-10-22 16:28:49 +02:00
Hans de Goede
946ff2c0c3 usb-hcd-xhci: Remove unused sstreamsm member from XHCIStreamContext
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-10-22 16:28:49 +02:00