Correct the condition determining whether we instantiate the onboard
NIC or a PCI card NIC on VersatilePB and Realview boards. This was broken
in two ways:
(1) if the user asked for two default NICs ("-net nic -net nic") we would
crash trying to strcmp() a NULL pointer
(2) if the user asked for two NICs explicitly of the same model as the
onboard NIC (eg "-net nic,model=smc91c111 -net nic,model=smc91c111")
we would try to instantiate two onboard NICs at the same address.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The problem is with definitions in hw/pcnet.c such as:
#define CSR_CRDA(S) ((S)->csr[28] | ((S)->csr[29] << 16))
"(S)->csr[29]" is a uint16_t, but "(S)->csr[29] << 16" gets promoted to
int, so the overall CSR_CRDA(s) is a (signed) int rather than a uint32_t.
This then gets assigned to a uint64_t using
target_phys_addr_t crda = CSR_CRDA(s);
so when (S)->csr[29] has the high bit set, we end up with
crda=0xffffffffxxxxxxxx.
From: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
If these messages are not handled correctly the guest driver may hang.
Always mandatory:
- ABORT
- BUS DEVICE RESET
Mandatory if tagged queuing is implemented (which disks usually do):
- ABORT TAG
- CLEAR QUEUE
Signed-off-by: Bernhard Kohl <bernhard.kohl@nsn.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
I enable acpi_piix4 debug, and got the following build errors:
# make
CC libhw64/acpi_piix4.o
cc1: warnings being treated as errors
/home/wency/source/qemu/hw/acpi_piix4.c: In function ‘pm_ioport_write’:
/home/wency/source/qemu/hw/acpi_piix4.c:193: error: format ‘%04x’ expects type ‘unsigned int’, but argument 2 has type ‘uint64_t’
/home/wency/source/qemu/hw/acpi_piix4.c:193: error: format ‘%04x’ expects type ‘unsigned int’, but argument 3 has type ‘uint64_t’
/home/wency/source/qemu/hw/acpi_piix4.c: In function ‘pm_ioport_read’:
/home/wency/source/qemu/hw/acpi_piix4.c:219: error: format ‘%04x’ expects type ‘unsigned int’, but argument 2 has type ‘uint64_t’
make[1]: *** [acpi_piix4.o] Error 1
make: *** [subdir-libhw64] Error 2
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Currently, the emulated pSeries machine requires the use of the
-kernel parameter in order to explicitly load a guest kernel. This
means booting from the virtual disk, cdrom or network is not possible.
This patch addresses this limitation by inserting a within-partition
firmware image (derived from the "SLOF" free Open Firmware project).
If -kernel is not specified, qemu will now load the SLOF image, which
has access to the qemu boot device list through the device tree, and
can boot from any of the usual virtual devices.
In order to support the new firmware, an extension to the emulated
machine/hypervisor is necessary. Unlike Linux, which expects
multi-CPU entry to be handled kexec() style, the SLOF firmware expects
only one CPU to be active at entry, and to use a hypervisor RTAS
method to enable the other CPUs one by one.
This patch also implements this 'start-cpu' method, so that SLOF can
start the secondary CPUs and marshal them into the kexec() holding
pattern ready for entry into the guest OS. Linux should, and in the
future might directly use the start-cpu method to enable initially
disabled CPUs, but for now it does require kexec() entry.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Shared-processor partitions are those where a CPU is time-sliced between
partitions, rather than being permanently dedicated to a single
partition. qemu emulated partitions, since they are just scheduled with
the qemu user process, behave mostly like shared processor partitions.
In order to better support shared processor partitions (splpar), PAPR
defines the "VPA" (Virtual Processor Area), a shared memory communication
channel between the hypervisor and partitions. There are also two
additional shared memory communication areas for specialized purposes
associated with the VPA.
A VPA is not essential for operating an splpar, though it can be necessary
for obtaining accurate performance measurements in the presence of
runtime partition switching.
Most importantly, however, the VPA is a prerequisite for PAPR's H_CEDE,
hypercall, which allows a partition OS to give up it's shared processor
timeslices to other partitions when idle.
This patch implements the VPA and H_CEDE hypercalls in qemu. We don't
implement any of the more advanced statistics which can be communicated
through the VPA. However, this is enough to make normal pSeries kernels
do an effective power-save idle on an emulated pSeries, significantly
reducing the host load of a qemu emulated pSeries running an idle guest OS.
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Usually, PAPR virtual IO devices use a virtual IOMMU mechanism, TCEs,
to mediate all DMA transfers. While this is necessary for some sorts of
operation, it can be complex to program and slow for others.
This patch implements a mechanism for bypassing TCE translation, treating
"IO" addresses as plain (guest) physical memory addresses. This has two
main uses:
* Simple, but 64-bit aware programs like firmwares can use the VIO devices
without the complexity of TCE setup.
* The guest OS can optionally use the TCE bypass to improve performance in
suitable situations.
The mechanism used is a per-device flag which disables TCE translation.
The flag is toggled with some (hypervisor-implemented) RTAS methods.
Signed-off-by: Ben Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch implements the infrastructure and hypercalls necessary for
the PAPR specified Virtual SCSI interface. This is the normal method
for providing (virtual) disks to PAPR partitions.
Signed-off-by: Ben Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch implements the infrastructure and hypercalls necessary for the
PAPR specified CRQ (Command Request Queue) mechanism. This general
request queueing system is used by many of the PAPR virtual IO devices,
including the virtual scsi adapter.
Signed-off-by: Ben Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch implements the PAPR specified Inter Virtual Machine Logical
LAN; that is the virtual hardware used by the Linux ibmveth driver.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch implements the necessary infrastructure and hypercalls for
sPAPR's TCE (Translation Control Entry) IOMMU mechanism. This is necessary
for all virtual IO devices which do DMA (i.e. nearly all of them).
Signed-off-by: Ben Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Now that we have implemented the PAPR "xics" virtualized interrupt
controller, we can add interrupts in PAPR VIO devices. This patch adds
interrupt support to the PAPR virtual tty/console device.
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch adds infrastructure to support interrupts from PAPR virtual IO
devices. This includes correctly advertising those interrupts in the
device tree, and implementing the H_VIO_SIGNAL hypercall, used to
enable and disable individual device interrupts.
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
PAPR defines an interrupt control architecture which is logically divided
into ICS (Interrupt Control Presentation, each unit is responsible for
presenting interrupts to a particular "interrupt server", i.e. CPU) and
ICS (Interrupt Control Source, each unit responsible for one or more
hardware interrupts as numbered globally across the system). All PAPR
virtual IO devices expect to deliver interrupts via this mechanism. In
Linux, this interrupt controller system is handled by the "xics" driver.
On pSeries systems, access to the interrupt controller is virtualized via
hypercalls and RTAS methods. However, the virtualized interface is very
similar to the underlying interrupt controller hardware, and similar PICs
exist un-virtualized in some other systems.
This patch implements both the ICP and ICS sides of the PAPR interrupt
controller. For now, only the hypercall virtualized interface is provided,
however it would be relatively straightforward to graft an emulated
register interface onto the underlying interrupt logic if we want to add
a machine with a hardware ICS/ICP system in the future.
There are some limitations in this implementation: it is assumed for now
that only one instance of the ICS exists, although a full xics system can
have several, each responsible for a different group of hardware irqs.
ICP/ICS can handle both level-sensitve (LSI) and message signalled (MSI)
interrupt inputs. For now, this implementation supports only MSI
interrupts, since that is used by PAPR virtual IO devices.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch adds several small utility hypercalls and RTAS methods to
the pSeries platform emulation. Specifically:
* 'display-character' rtas call
This just prints a character to the console, it's occasionally used
for early debug of the OS. The support includes a hack to make this
RTAS call respond on the normal token value present on real hardware,
since some early debugging tools just assume this value without
checking the device tree.
* 'get-time-of-day' rtas call
This one just takes the host real time, converts to the PAPR described
format and returns it to the guest.
* 'power-off' rtas call
This one shuts down the emulated system.
* H_DABR hypercall
On pSeries, the DABR debug register is usually a hypervisor resource
and virtualized through this hypercall. If the hypercall is not
present, Linux will under some circumstances attempt to manipulate the
DABR directly which will fail on this emulated machine.
This stub implementation is enough to stop that behaviour, although it
doesn't actually implement the requested DABR operations as yet.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
On pSeries machines, operating systems can instantiate "RTAS" (Run-Time
Abstraction Services), a runtime component of the firmware which implements
a number of low-level, infrequently used operations. On logical partitions
under a hypervisor, many of the RTAS functions require hypervisor
privilege. For simplicity, therefore, hypervisor systems typically
implement the in-partition RTAS as just a tiny wrapper around a hypercall
which actually implements the various RTAS functions.
This patch implements such a hypercall based RTAS for our emulated pSeries
machine. A tiny in-partition "firmware" calls a new hypercall, which
looks up available RTAS services in a table.
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
On pSeries logical partitions, excepting the old POWER4-style full system
partitions, the guest does not have direct access to the hardware page
table. Instead, the pagetable exists in hypervisor memory, and the guest
must manipulate it with hypercalls.
However, our current pSeries emulation more closely resembles the old
style where the guest must set up and handle the pagetables itself. This
patch converts it to act like a modern partition.
This involves two things: first, the hash translation path is modified to
permit the has table to be stored externally to the emulated machine's
RAM. The pSeries machine init code configures the CPUs to use this mode.
Secondly, we emulate the PAPR hypercalls for manipulating the external
hashed page table.
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This extends the "pseries" (PAPR) machine to include a virtual IO bus
supporting the PAPR defined hypercall based virtual IO mechanisms.
So far only one VIO device is provided, the vty / vterm, providing
a full console (polled only, for now).
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch adds a "pseries" machine to qemu. This aims to emulate a
logical partition on an IBM pSeries machine, compliant to the
"PowerPC Architecture Platform Requirements" (PAPR) document.
This initial version is quite limited, it implements a basic machine
and PAPR hypercall emulation. So far only one hypercall is present -
H_PUT_TERM_CHAR - so that a (write-only) console is available.
Multiple CPUs are permitted, with SMP entry handled kexec() style.
The machine so far more resembles an old POWER4 style "full system
partition" rather than a modern LPAR, in that the guest manages the
page tables directly, rather than via hypercalls.
The machine requires qemu to be configured with --enable-fdt. The
machine can (so far) only be booted with -kernel - i.e. no partition
firmware is provided.
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This adds emulation support for the recent POWER7 cpu to qemu. It's far
from perfect - it's missing a number of POWER7 features so far, including
any support for VSX or decimal floating point instructions. However, it's
close enough to boot a kernel with the POWER7 PVR.
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
The previous patch didn't change the behavior when load,
it resulted in ugly code. This patch cleans it up.
With this patch, pic irq lines are manipulated when loaded.
It is expected that it won't change the behaviour because
the interrupts are level: at the moment e.g. pci devices already
reassert interrupts on load.
Test:
- rung linux as guest and use flooding ping (ping -f) to host
in order to trigger interrupts for e1000 emulated.
- savevm/loadvm and see guest kept running after loadvm.
To be honest, I'm not sure that ping -f caused enough interrupts
because Linux e1000 driver supports NAPI.
TODO: test more OSes, stress test with save/load, live-migration
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
optimize irq routing in piix_pic.c which has been a TODO.
So far piix3 tracks each pirq level and checks whether a given pic pins is
asserted by seeing if each pirq is mapped into the pic pin.
This is independent on irq routing, but data path is on slow path.
Given that irq routing is rarely changed and asserting pic pins is on
data path, the path that asserts pic pins should be optimized and
chainging irq routing should be on slow path.
The new behavior with this patch series is to use bitmap which is addressed
by pirq and pic pins with a given irq routing.
When pirq is asserted, the bitmap is set and see if the pic pins is
asserted by checking the bitmaps.
When irq routing is changed, rebuild the bitmap and re-assert pic pins.
test:
- create VM with 4 e1000 nics in different pci slots
(i.e. fn=0 for each e1000)
Thus those e1000's INTA are connected to each PIRQ[A-D].
- run linux as guest and saw each devices triggers interrupt
by seeing /proc/interrupts. And then confirmed that each PIRQ[A-D]
surely asserted interrupts.
Because irq 10 and 11 are shared by 4 e1000's, it only one NIC is activated
with ifconfig ethN up/down when counting interrupts.
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
PIIX3State::pci_irq_levels are redundant which is already tracked by
PCIBus layer. So eliminate them.
Cc: Juan Quintela <quintela@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Introduce accessor function to know INTx levels.
It will be used later by q35.
Although piix_pci tracks the intx line levels, it can be eliminated
by this helper function.
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
cirrus_reset is already called by the reset framework,
so there is no need to call it in cirrus_init_common.
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
vhost was passing a physical address to cpu_physical_memory_set_dirty,
which is wrong: we need to translate to ram address first.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Note: this lead to crashes during migration, so the patch
is needed on the stable branch too.
Reduce spurious packet drops on RX ring empty
by verifying that we have at least 1 buffer
ahead of the time.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Commit c81131db15
detects old guests by comparing virtio and
PCI status. It attempts to do this on load,
as well, but load_config callback in a binding
is invoked too early and so the virtio status
isn't set yet.
We could add yet another callback to the
binding, to invoke after load, but it
seems easier to reuse the existing vmstate
callback.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Cc: Alexander Graf <agraf@suse.de>
(slot, fn) pair is somewhat confusing because of ARI.
So use devfn for pci_find_device() instead of (slot, fn).
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Introduce symbol PCI_SLOT_MAX for the # of slots,
and replace the magic, 256.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Add support to the emulated hardware to insert vlan tags in packets
going from the guest to the network.
Signed-off-by: Benjamin Poirier <benjamin.poirier@gmail.com>
Cc: Igor V. Kovalenko <igor.v.kovalenko@gmail.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Add support to the emulated hardware to extract vlan tags in packets
going from the network to the guest.
Signed-off-by: Benjamin Poirier <benjamin.poirier@gmail.com>
Cc: Igor V. Kovalenko <igor.v.kovalenko@gmail.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Blue Swirl <blauwirbel@gmail.com>
--
AFAIK, extraction is optional to get vlans working. The driver
requests rx detagging but should not assume that it was done. Under
Linux, the mac layer will catch the vlan ethertype. I only added this
part for completeness (to emulate the hardware more truthfully...)
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
clean out ifdef's around ethernet checksum calculation
Signed-off-by: Benjamin Poirier <benjamin.poirier@gmail.com>
Acked-by: Igor V. Kovalenko <igor.v.kovalenko@gmail.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Latest refactorings left vmmouse nonfunctional behind. Fix it by adding
the required device initialization.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The PCI/PCI-X Family of Gigabit Ethernet Controllers Software
Developer’s Manual states the following about the POPTS field:
Provides a number of options which control the handling of this
packet. This field is ignored except on the first data descriptor of
a packet.
The current implementation always loads the field and its checksum
offload flags. This patch uses only the first descriptor's POPTS field
in order to comply with the specification.
When Solaris sends multi-descriptor packets it fills in POPTS for the
first descriptor only. Therefore this patch is necessary in order to
perform checksum offload correctly for multi-descriptor packets.
Reported-by: Daniel Pecka <dpecka@techniservit.cz>
Reported-by: Gabriele A. Trombetti <gabriele.trombetti@itb.cnr.it>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
* 'for-anthony' of git://github.com/bonzini/qemu:
remove qemu_get_clock
add a generic scaling mechanism for timers
change all other clock references to use nanosecond resolution accessors
change all rt_clock references to use millisecond resolution accessors
add more helper functions with explicit milli/nanosecond resolution
* 'for-anthony' of git://repo.or.cz/qemu/kevin:
Add qcow2 documentation
hw/xen_disk: aio_inflight not released in handling ioreq when nr_segments==0
Improve error handling in do_snapshot_blkdev()
Fix ATA SMART and CHECK POWER MODE
Don't allow multiwrites against a block device without underlying medium
tools: Use real async.c instead of stubs
Add error message for loading snapshot without VM state
block/qcow: Don't ignore immediate read/write and other failures
block/vdi: Don't ignore immediate read/write failures
Add support for the Versatile Express SYS_CFG registers, which provide
a generic means of reading or writing configuration information from
various parts of the board. We only implement shutdown and reset.
Also make the RESETCTL register RAZ/WI on Versatile Express rather
than reset the board. Other system registers are generally the same
as Versatile and Realview.
This includes a VMState version number bump for arm_sysctl,
since we have new register state to preserve. It also adds
sys_mci to the VMState while we're bumping the version number
(an accidental omission from commit b50ff6f5).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Prevent:
-chardev socket,path=/tmp/foo,server,nowait,id=c0 \
-device virtserialport,chardev=c0,id=vs0 \
-device virtserialport,chardev=c0,id=vs1
Reported-by: Mike Cao <bcao@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
After a hot-unplug operation, the previous behaviour was to close the
chardev. That meant the chardev couldn't be re-used. Also, since
chardev hot-plug isn't possible so far, this means virtio-console
hot-plug isn't feasible as well.
With this change, the chardev is kept around. A new virtio-console
channel can then be hot-plugged with the same chardev and things will
continue to work.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
After a port unplug operation, the port->info->have_data() pointer was
set to NULL. The problem is, the ->info struct is shared by all ports,
effectively disabling writes to other ports.
Reported-by: juzhang <juzhang@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
There's no code change, just re-arrangement to simplify the function
after recent modifications.
Reported-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Enable ioeventfd for virtio-serial devices by default. Commit
25db9ebe15 lists the benefits of using
ioeventfd.
Copying a file from guest to host over a virtio-serial channel didn't
show much difference in time or io_exit rate.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Port 0 is reserved for virtconsole devices for backward compatibility
with the old -virtioconsole (from qemu 0.12) device type.
libvirt prior to commit 8e28c5d40200b4c5d483bd585d237b9d870372e5 used
port 0 for generic ports. libvirt will no longer do that, but disallow
instantiating generic ports at id 0 from qemu as well.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Instead of using a single variable to pass to the virtio_serial_init
function, use a struct so that expanding the number of variables to be
passed on later is easier.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
This was done with:
sed -i 's/qemu_get_clock\>/qemu_get_clock_ns/' \
$(git grep -l 'qemu_get_clock\>' )
sed -i 's/qemu_new_timer\>/qemu_new_timer_ns/' \
$(git grep -l 'qemu_new_timer\>' )
after checking that get_clock and new_timer never occur twice
on the same line. There were no missed occurrences; however, even
if there had been, they would have been caught by the compiler.
There was exactly one false positive in qemu_run_timers:
- current_time = qemu_get_clock (clock);
+ current_time = qemu_get_clock_ns (clock);
which is of course not in this patch.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This was done with:
sed -i '/get_clock\>.*rt_clock/s/get_clock\>/get_clock_ms/' \
$(git grep -l 'get_clock\>.*rt_clock' )
sed -i '/new_timer\>.*rt_clock/s/new_timer\>/new_timer_ms/' \
$(git grep -l 'new_timer\>.*rt_clock' )
after checking that get_clock and new_timer never occur twice
on the same line. There were no missed occurrences; however, even
if there had been, they would have been caught by the compiler.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Remove a write-only variable, spotted by GCC 4.6.0:
/src/qemu/hw/petalogix_ml605_mmu.c: In function 'petalogix_ml605_init':
/src/qemu/hw/petalogix_ml605_mmu.c:153:11: error: variable 'serial' set but not used [-Werror=unused-but-set-variable]
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
qdev conversion broke migration as the previous version used vmstate
instance IDs derived from the iobase. Fix it by registering a legacy
alias.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Add the first Microblaze little endian platform.
Platform uses uart16550, axi ethernet, timer, intc.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@petalogix.com>
In hw/xen_disk.c, async writing ioreq is leaked when
ioreq->req.nr_segments==0, because `aio_inflight` flag is not released
properly (skipped by misplaced "break").
Signed-off-by: Feiran Zheng <famcool@gmail.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This patch fixes two things:
1) CHECK POWER MODE
The error return value wasn't always zero, so it would show up as
offline. Error is now explicitly set to zero.
2) SMART
The smart values that were returned were invalid and tools like skdump
would not recognize that the smart data was actually valid and would
dump weird output. The data has been fixed up and raw value support
was added. Tools like skdump and palimpsest work as expected.
Signed-off-by: Brian Wheeler <bdwheele@indiana.edu>
Acked-by: Ryan Harper <ryanh@us.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This ensures env->halt_cond is broadcast, and the loop in
qemu_tcg_wait_io_event and qemu_kvm_wait_io_event is exited
naturally rather than through a timeout.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Index 75 is one too large for AR_TABLE[75], DR_TABLE[75].
This error was reported by cppcheck.
hw/fmopl.c:600: error: Buffer access out-of-bounds: OPL.AR_TABLE
hw/fmopl.c:601: error: Buffer access out-of-bounds: OPL.DR_TABLE
Fix this by limiting the access to the allowed range.
MultiArcadeMachineEmulator has newer versions of fmopl,
but using these requires more efforts.
Cc: Blue Swirl <blauwirbel@gmail.com>
Reviewed-by: malc <av1474@comtv.ru>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The initialization should not be only on reset but also when initializing
the device.
It resolves a bug when hot plugging a pci network device: the mac address
was always null.
Signed-off-by: William Dauchy <wdauchy@gmail.com>
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Before commit 63ffb564dc, states for
floppy drives were calculated in fdc.c:fd_revalidate(). There it is
also considered whether a disk is inserted or not. The commit didn't copy
the logic completely to pc.c, which caused a regression.
Fix by adding the same check also to pc.c.
Reported-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Tested-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Extend mst_fpga and mainstone with logic to support PCMCIA
attachment (IRQs, status regs).
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
First, sysbus_init_irq shan't be called on on-stack variables. Indeed,
it only stores a passed pointer in qdev and the stored irq is later
populated, so we get a nice write-to-stack bug.
Second, irq for pxa27x should probably be handled in a more gentler way,
as we should check if we have events to raise this irq.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
This patch adds support for the following two BSPs:
- LM32 EVR32 BSP (as used by RTEMS)
- uclinux BSP by Theobroma Systems
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
This patch adds helper functions to create a ROM, which contains a hardware
description of a board. This is used in Theobromas LM32 Linux port.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
This patch add support for a system control block. It is supposed to
act as helper for the emulated program. E.g. shutting down the VM or
printing test results. This model is intended for testing purposes only and
doesn't fit to any real hardware. Therefore, it is not added to any board
by default. Instead a user has to add it explicitly with the '-device'
commandline parameter.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
This patch add support for the LatticeMico32 UART.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
This patch adds support for the LatticeMico32 system timer.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
This patch adds init functions for the PIC and JTAG UART commonly used
in the board initialization.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
This patch adds the JTAG UART model. It is accessed through special control
registers and opcodes. Therefore the translation uses callbacks to this
model.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
This patch adds the interrupt controller of the lm32. Because the PIC is
accessed through special control registers and opcodes, there are callbacks
from the lm32 translation code to this model.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Integrate secondary CPU reset into arm_boot, removing it from realview.c.
On non-Linux systems secondary CPUs start with the same entry as the boot
CPU.
Signed-off-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Fix selection of target list filter mode.
Signed-off-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
It was migrating the wrong structures, no way it would work
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
It was migrating the wrong structures, no way it would work
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
sd_set_cb() calls bdrv_is_read_only() and bdrv_is_inserted() even if
no block driver is associated with the card reader.
This patch fixes the issues by not setting the irq in this case, this
fixes ARM versatile crash.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Instantiate the three PL061 GPIO modules the realview boards have.
Connect the MMC card status outputs of the PL181 MMC controller
to both the system registers and the GPIO module which handles
internal devices.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Add a qemu_irq_split() function which allows a board to wire a single
GPIO output up to two GPIO inputs. This is needed for realview boards,
where the MMC card status is visible both in a system register and
via a PL061 GPIO module.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
ARM's PL061 has a different set of ID registers to the one in the
Luminary Stellaris; implement this so that the Linux driver can
identify the Realview PBX PL061 correctly.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Implement some GPIO inputs which a board can connect up to set the
MMC card status bits in the MCI register.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Add two GPIO output pins to the PL181 model to indicate the card
present and readonly status information. On ARM boards these usually
are reflected in a system register.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Update not only dbc but also dnad when skipping bytes during the MSGOUT
phase. Previously only dbc was updated which is probably wrong and
could lead to bogus message codes being read.
Tested on Linux and Windows Server 2003.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
bugfix under DOS for AMD netware driver:
AMD PCNTNW Ethernet MLID v3.10 (960115), network card not found
bugfix works well under DOS with:
1.) AMD NDIS driver v2.0.1
2.) AMD PCNTNW Ethernet MLID v3.10 (960115)
3.) Knoppix 6.2
Signed-off-by: Gerhard Wiesinger <lists@wiesinger.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
A pointer to a size_t variable was passed as the void * pointer to
lduw_p() in virtio_net_receive(). Instead of acting on the 16-bit value
this caused failure on big-endian hosts.
Avoid this issue in the future by using stw_p() instead. In general we
should use ld*_p() for loading from target memory and st*_p() for
storing to target memory anyway, not the other way around.
Also tighten up a correct use of lduw_p() when stw_p() should be used
instead in virtio_net_get_config().
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
VMSTATE_PCIE_AER_ERRS is indeed useful for other emulation drivers.
Move it to hw/hw.h under the name of VMSTATE_STRUCT_VARRAY_POINTER_UINT16.
Also add VMSTATE_STRUCT_VARRAY_POINTER_INT32 which is more or less
the same as _UINT16 macro, except the fact it uses int32_t internally.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
It should be PXA2xxTimerInfo, not pxa2xx_timer_info. Replace all
occurences of old name with the new one.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
This is a _TEST variant of VMSTATE_STRUCT_ARRAY, necessary e.g.
for future patch changing pxa2xx_timer to use vmstate.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Use qdev/sysbus framework to handle pxa2xx-pic. Instead of exposing IRQs
via array, reference them via qdev_get_gpio_in().
Patch has been modified by the committer.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Final corrections for IRQ levels that are set by mst_fpga:
* Don't retranslate IRQ if previously IRQ was masked.
* After setting or clearing IRQs through register, apply mask
before setting parent IRQ level.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
VirtIOSerialDevice is like VirtIOSerialPort with just the first two
fields, which makes it pretty pointless. Using VirtIOSerialPort
directly works equally well and is less confusing.
[Amit: - rebase
- rename 'dev' to 'port' in function params in virtio-serial.h ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The SD_STATUS and SEND_NUM_WR_BLOCKS commands are supposed to cause
the card to send data back to the host. However sd.c was missing the
state change to sd_sendingdata_state for these commands, with the effect
that the Linux driver would either hang indefinitely waiting for
nonexistent data (pl181) or read zeroes and provoke a qemu warning
message (omap).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Remove the typedef SetIRQFunc, as it is not used by anything.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Nothing prevented IRQ sharing on the ISA bus in principle. Not all
boards supported this, neither each and every card nor driver and OS.
Still, there existed valid IRQ sharing scenarios, (at least) two of them
can also be found in QEMU: >2 PC UARTs and the PREP IDE buses.
So remove this artificial restriction from our ISA model.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The following patch adds PS/2 keyboard Scancode Set 3 support.
Signed-off-by: Roy Tam <roytam@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
RST bit is (1 << 4) bit, not (1 << 3), fix condition
that enables i2s if ENB is set and RST is not set.
Signed-off-by: Vasily Khoruzhick <anarsoul@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Add handling of 0xe0xx keycodes to pxa2xx_driver.
Extended keycodes in keymap should be marked with most significant
bit set (i.e. 0x80). Without this patch it's not possible to handle
i.e. cursor keys.
Signed-off-by: Vasily Khoruzhick <anarsoul@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Add emulation of KPAS register and proper emulation of
KPASMKP regs, so now driver supports multipresses and properly
works with Linux driver.
Signed-off-by: Vasily Khoruzhick <anarsoul@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Acked-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
qemu makes it possible to disable link at tap which is not communicated
to the guest but causes all packets to be dropped.
When vhost-net is enabled, vhost needs to be aware of both the virtio
link_down and the peer link_down. we switch to userspace emulation when
either is down.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reported-by: pradeep <psuriset@linux.vnet.ibm.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The spec says: Any descriptor with a non-zero status byte has been
processed by the hardware, and is ready to be handled by the software.
Thus, once we change a descriptor status to non-zero we should
never move the head backwards and try to reuse this
descriptor from hardware.
This actually happened with a multibuffer packet
that arrives when we don't have enough buffers.
Fix by checking that we have enough buffers upfront
so we never need to discard the packet midway through.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The e1000 spec says: if software statically allocates
buffers, and uses memory read to check for completed descriptors, it
simply has to zero the status byte in the descriptor to make it ready
for reuse by hardware. This is not a hardware requirement (moving the
hardware tail pointer is), but is necessary for performing an in–memory
scan.
Thus the guest does not have to clear the status byte. In case it
doesn't we need to clear EOP for all descriptors
except the last. While I don't know of any such guests,
it's probably a good idea to stick to the spec.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reported-by: Juan Quintela <quintela@redhat.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
e1000 supports multi-buffer packets larger than rxbuf_size.
This fixes the following (on linux):
- in guest: ifconfig eth1 mtu 16110
- in host: ifconfig tap0 mtu 16110
ping -s 16082 <guest-ip>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Turn fdc_init_isa into an inline function.
Get floppy geometry directly from the drives.
Don't expose FDCtrl.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Other geometry guessing functions already reside in block.c.
Remove some unused or debugging only fields.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Now the only user of mainstone.h is mainstone.c file. Merge header
into board file.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Simplify IRQ handling to stop setting an input irq pin. As a win, also get
correct IRQ status after save/load cycle.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
TPR blocks all interrupts in a priority class, so simple "less or
equal" check is not enough.
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
If kvmclock is used, which implies the kernel supports it, register a
kvmclock device with the sysbus. Its main purpose is to save and restore
the kernel state on migration, but this will also allow to visualize it
one day.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
CC: Glauber Costa <glommer@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
In order to use log_start/log_stop with Xen as well in the vga code,
this two operations have been put in CPUPhysMemoryClient.
The two new functions cpu_physical_log_start,cpu_physical_log_stop are
used in hw/vga.c and replace the kvm_log_start/stop. With this, vga does
no longer depends on kvm header.
[ Jan: rebasing and style fixlets ]
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Define and use dedicated constants for vm_stop reasons, they actually
have nothing to do with the EXCP_* defines used so far. At this chance,
specify more detailed reasons so that VM state change handlers can
evaluate them.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
1) Move GPIO-related functionality to qdev. Now one can use directly
qdev_get_gpio_in()/qdev_connect_gpio_out() on max7310 devices.
2) Make reset to be called through qdev.reset callback.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
The host part of a block device can be deleted with in progress
block migration.
To fix this, add a reference count to DriveInfo, freeing resources
on last reference.
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
CC: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Different AHCI controllers have a different number of ports, so the core
shouldn't care about the amount of ports available.
This patch makes the number of ports available to the AHCI core runtime
configurable, allowing us to have multiple different AHCI implementations
with different amounts of ports.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The ahci code was missing its soft reset functionality. This wasn't really an
issue for Linux guests, but Windows gets confused when the controller doesn't
reset when it tells it so.
Using this patch I can now successfully boot Windows 7 from AHCI using AHCI
enabled SeaBIOS.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The drive sends a d2h init fis on initialization. Usually, the guest doesn't
receive fises yet at that point though, so the delivery is deferred.
Let's reflect that by sending the init fis on fis receive enablement.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Sebastian's patch already did a pretty good job at splitting up ICH-9
AHCI code and the AHCI core. We need some more though. Copyright was missing,
the lspci dump belongs to ICH-9, we don't need the AHCI core to have its
own qdev device duplicate.
So let's split them a bit more in this patch, making things easier to
read an understand.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Due to popular request, this patch adds a license header to ahci.h
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
There are multiple ahci devices out there. The currently implemented ich-9
is only one of the many. So let's split that one out into a separate file
to stress the difference.
Signed-off-by: Sebastian Herbszt <herbszt@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Fix a few style issues and convert magic numbers into prober symbolic
constants, also fixing the wrong but unused IOAPIC_DM_SIPI value.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
qemu-kvm carries the IOAPIC base address in its v2 vmstate. We only
support the default base address so far, and saving even that in the
device state was rejected.
Add a padding field to be able to read qemu-kvm's old state, but
increase our version to 3, indicating that we are not saving a valid
address. This also gives downstream the chance to change to stop
evaluating the base_address and move to v3 as well.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This is a guest modifiable state that must be saved/restored properly.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Add the missing EOI broadcast from local APIC to the IOAPICs on
completion of level-triggered IRQs. This ensures that a still asserted
IRQ source properly re-triggers an APIC IRQ.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This can happen if a port gets unplugged before guest has chance to
initialise vqs.
Reported-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When MSI is off, each interrupt needs to be bounced through the io
thread when it's set/cleared, so vhost-net causes more context switches and
higher CPU utilization than userspace virtio which handles networking in
the same thread.
We'll need to fix this by adding level irq support in kvm irqfd,
for now disable vhost-net in these configurations.
Added a vhostforce flag to force vhost-net back on.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The Ubuntu 10.10 gcc for ARM complains that we might be overrunning
the cpu_irqs[][] array: silence this by correcting the bounds on the
loop. (In fact we would not have overrun the array because bit
MAX_PILS in pil_pending and irl_out will always be 0.)
Also add a comment about why the loop's lower bound is OK.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The "leon3_cache_control_int" (op_helper.c) function is called within leon3.c
which leads to segfault error with the global "env".
Now cache control is a CPU feature and everything is handled in op_helper.c.
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Watch this:
(qemu) drive_add 0 if=none
(qemu) info block
none0: type=hd removable=0 [not inserted]
(qemu) drive_del none0
Segmentation fault (core dumped)
add_init_drive() is confused about drive_init()'s failure modes, and
cleans up when it shouldn't. This leaves the DriveInfo with member
opts dangling. drive_del attempts to free it, and dies.
drive_init() behaves as follows:
* If it created a drive with media, it returns its DriveInfo.
* If it created a drive without media, it clears *fatal_error and
returns NULL.
* If it couldn't create a drive, it sets *fatal_error and returns
NULL.
Of its three callers:
* drive_init_func() is correct.
* usb_msd_init() assumes drive_init() failed when it returns NULL.
This is correct only because it always passes option "file", and
"drive without media" can't happen then.
* add_init_drive() assumes drive_init() failed when it returns NULL.
This is incorrect.
Clean up drive_init() to return NULL on failure and only on failure.
Drop its parameter fatal_error.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Before, type & index were hidden in printf-like fmt, ... parameters,
which get expanded into an option string. Rather inconvenient for
uses later in this series.
New IF_DEFAULT to ask for the machine's default interface. Before,
that was done by having no option "if" in the option string.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Before commit 622b520f, index=12 meant bus=1,unit=5.
Since the commit, it means bus=0,unit=12. The drive is created, but
not the guest device. That's because the controllers we use with
if=scsi drives (lsi53c895a and esp) support only 7 units, and
scsi_bus_legacy_handle_cmdline() ignores drives with unit numbers
exceeding that limit.
Changing the mapping of index to bus, unit is a regression. Breaking
-drive invocations that used to work just makes it worse.
Revert the part of commit 622b520f that causes this, and clean up
some.
Note that the fix only affects if=scsi. You can still put more than 7
units on a SCSI bus with -device & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
qdev_init_bdrv() doesn't belong into qdev.c; it's about drives, not
qdevs. Rename to drive_get_next, move to blockdev.c, drop the bogus
DeviceState argument, and return DriveInfo instead of
BlockDriverState.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
drive_init() picks the first free bus and unit number, unless the user
specifies them.
This isn't a good fit for the drive_add monitor command, because there
we specify the controller by PCI address instead of using bus number
set by drive_init().
scsi_hot_add() takes care to replace the unit number set by
drive_init() by the real one, but it neglects to replace the bus
number. Thus, bus/unit in DriveInfo may be bogus. Affects
drive_get() and drive_get_max_bus(). I'm not aware of anything bad
happening because of that; looks like by the time we're hot-plugging,
the two functions aren't used anymore. Fix it anyway.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The len and is_write arguments to cpu_physical_memory_unmap() were
swapped. This patch changes calls to use the correct argument ordering.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Raise a config change interrupt when the size changed. This allows
virtio-blk guest drivers to read-read the information from the
config space once it got the config chaged interrupt.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Extend the change_cb callback with a reason argument, and use it
to tell drivers about size changes.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
r3480 added this check to account for the entry vector 0xfff00100 to be
available for CPUs that need it. Today however, the NIP is not yet
initialized at this point (zero), so the check always triggers.
Moreover, BIOS size check is already done previously, so this part can
be removed too.
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
For some unknown reason, the MIPS kernel briefly changes the RTC to
binary mode during boot, switch back to BCD mode and read the time. As
the registers are updated only every second, they may still be in the
old format when they are read.
This patch forces a register update immediately after a format change
(BCD/binary or 12/24H). This avoid long fsck during boot due to time
wrap.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
virtio-blk doesn't work on cross-endian configuration, as endianness is
not handled correctly.
This patch adds missing endianness conversions to make virtio-blk
working. Tested on the following configurations:
- i386 guest on x86_64 host
- ppc guest on x86_64 host
- i386 guest on mips host
- ppc guest on mips host
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
virtio-net used to work on cross-endianness configurations, but doesn't
anymore with recent guest kernels, as the new features don't handle
endianness correctly.
This patch fixes wrong conversion, and add missing ones to make
virtio-net working. Tested on the following configurations:
- i386 guest on x86_64 host
- ppc guest on x86_64 host
- i386 guest on mips host
- ppc guest on mips host
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Recent PowerPC kernel end up in kernel panic during boot in -nographic
mode. In this mode the second serial port is used as the udbg console,
and thus a few characters are sent on this port. This activates the
tx interrupt flag, and later choke the Linux kernel, as it was not
expecting such a flag to be set.
The problem here comes from the fact that contrary to most devices the
interrupt flags are only set if the interrupt is enabled. Quoting the
datasheet: "If the corresponding IE bit is not set, the IP for that
source of interrupt will never be set."
This patch fixes that by enabling the interrupt flag only when the
corresponding interrupt is enabled.
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
As noted by Markus Armbruster pxa2xx_gpio vmstate version bumped
because of a change in the or .ilevel / .olevel arrays are saved,
for convenience.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Switch sl-nand emulation to use qdev and vmstate. Also drop ecc_get/_put
functions as sl-nand was the only user of that code.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Convert SharpSL scoop device to qdev, remove lots of supporting code, as
lot of init and gpio related things can now be done automagically.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
This patch fixes typo in pcibus_get_dev_path().
Without this patch, the result of pcibus_get_dev_path() isn't unique.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
PCI_BRIDGE_CTL_DISCARD_STATUS (bit 10 in bridge control register)
is W1C so we should not make it writeable, otherwise the assert(!(wmask
& w1cmask)) in pci_default_write_config() is hit
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reported-by: Isaku Yamahata <yamahata@valinux.co.jp>
Tested-by: Isaku Yamahata <yamahata@valinux.co.jp>
Leon3 is an open-source VHDL System-On-Chip, well known in space industry (more
information on http://www.gaisler.com).
Leon3 is made of multiple components available in the GrLib VHDL library.
Three devices are implemented: uart, timers and IRQ manager.
You can find code for these peripherals in the grlib_* files.
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This device exposes one parameter:
- chardev (ptr) : Pointer to a qemu character device
Emulation of GrLib devices is base on the GRLIB IP Core User's Manual:
http://www.gaisler.com/products/grlib/grip.pdf
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This device exposes two parameters:
- set_pil_in (ptr) : A function to set the pil_in of the SPARC CPU
- set_pil_in_opaque (ptr) : Opaque argument of the set_pil_in function
Emulation of GrLib devices is base on the GRLIB IP Core User's Manual:
http://www.gaisler.com/products/grlib/grip.pdf
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This device exposes three parameters:
- frequency (uint32) : The system frequency
- irq-line (uint32) : IRQ line number for the first timer
(others use irq-line + 1, irq-line + 2...)
- nr-timers (uint32) : Number of timers
Emulation of GrLib devices is base on the GRLIB IP Core User's Manual:
http://www.gaisler.com/products/grlib/grip.pdf
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
USB Mass Storage Devices sometimes have the RMB (removable) bit set in
the SCSI INQUIRY response. Thumbdrives tend to have the bit set whereas
hard disks do not.
Operating systems differentiate between removable devices and fixed
devices. Under Linux, the anaconda installer looks for removable
devices. Under Windows, only fixed devices may have more than one
partition and AutoRun is also affected by the removable bit.
For these reasons, allow USB Mass Storage Devices to override the
removable bit:
qemu -usb
-drive if=none,file=test.img,cache=none,id=disk0
-device usb-storage,drive=disk0,removable=on
The default is off.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
scsi-disk devices may wish to override the removable bit. Add support
for a qdev property on SCSI devices. This is will be used by usb-msd.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Provide the "removable" qdev property bit to override the SCSI INQUIRY
removable (RMB) bit for non-CDROM devices. This will be used by USB
Mass Storage Devices, which sometimes have this guest-visible bit set
and sometimes do not. They therefore requires a means for user
configuration.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Avoid this warning from OpenBSD linker:
LINK i386-softmmu/qemu
../usb-bus.o(.text+0x27c): In function `usb_get_fw_dev_path':
/src/qemu/hw/usb-bus.c:294: warning: sprintf() is often misused,
please use snprintf()
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Yes, seriously. There is no migration support at all for usb devices.
They loose state, especially the device address, and stop responding
because of that. Oops.
Luckily there is so much broken usb hardware out there that the guest
usually just kicks the device hard (via port reset and
reinitialization), then continues without a hitch. So we got away with
that in a surprising high number of cases.
The arrival of remote wakeup (which enables autosuspend support) changes
that picture though. The usb devices also forget that it they are
supposed to wakeup, so they don't do that. The host also doesn't notice
the device stopped working in case it suspended the device and thus
expects it waking up instead of polling it. Result is that your mouse
is dead.
Lets start fixing that. Add a vmstate struct for USBDevice.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch moves the 'head' and 'n' fields from USBMouseState and
USBKeyboardState to the common USBHIDState struct.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds a event queue to the usb keyboard. This makes sure the
guest will see all key events even if they come in bursts. With this
patch applied sending Ctrl-Alt-Del using vncviewer's F8 menu works.
Also with autosuspend enabled the first keypress on a suspended keyboard
takes a little longer to be delivered to the guest because the usb bus
must be resumed first. Without event queue this easily gets lost.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The polling nature of the USB HID device makes it very hard to double
click or drag while on a high-latency VNC connection. This patch,
based on work done in the Xen qemu-dm tree by Ian Jackson, fixes this
bug by adding an event queue to the device. The event queue associates
each movement with the correct button state, and remembers all button
presses and releases as well.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffman <kraxel@redhat.com>
With bm == NULL, other code in the same function would crash.
This bug was reported by cppcheck:
hw/ide/pci.c:280: error: Possible null pointer dereference: bm
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Live migration from and to spice 0.4 qxl devices isn't going to work.
Rip out the bits which attempt to support that. Zap the subsection
logic which is obsolete now. Bumb the version to make a clean cut.
This should obviously go in before 0.14 is released.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
PCIDevice::rom_file is leaked.
PCIDevice::rom_file is allocated in pci_qdev_init(), but not freed anywhere.
free it in qemu_unregister_device().
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Merge ide_dma_submit_check into it's only caller. Also use tail recursion
using a goto instead of a real recursion - this avoid overflowing the
stack in the pathological situation of an recurring error that is ignored.
We'll still be busy looping in ide_dma_cb, but at least won't eat up
all stack space after this.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Currenly the code only resets the io_buffer_index field for reads,
but the code seems to expect this for all types of I/O. I guess
we simply don't hit large enough transfers that would require this
often enough.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Factor the DMA I/O path that is duplicated between read and write
commands, into common helpers using the s->is_read flag added for
the macio ATA controller.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The upper memory size field should exclude the first MB of RAM.
Signed-off-by: Kevin Wolf <mail@kevin-wolf.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Due to signed/unsigned comparison, the dirty bits are never reset, and
the screen redrawn each time. Fix that by only using ram_addr_t types,
and looking for page_min != addr_max instead.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
isa_mem_base is computed from registers during reset, but due to QEMU
limitations some devices (e.g. VGA card) need to know it earlier when
they are registered.
Workaround this by setting the value during registration instead of
reset.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The PL190 implementation keeps the default vector address
in vect_addr[16], but we weren't using this for writes to
the DEFVECTADDR register. As a result of this fix the
default_addr structure member is unused and we can delete it.
Reported-by: Himanshu Chauhan <hschauhan@nulltrace.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
use qemu_malloc() instead of direct use of malloc().
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
deassert intx on device reset.
So far pci_device_reset() is used for system reset.
In that case, interrupt controller is reset at the same time so that
all irq is are deasserted.
But now pci bus reset/flr is supported, and in that case irq needs to be
disabled explicitly.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Recently PXA2xx lcd have stopped to be updated incrementally (picture
frozen). This patch fixes that by passing non min/max x/y, but rather
(correctly) x/y and w/h.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
vmstate_pxa2xx_i2c incorrectly recursed to itself instead of going
to store slave device. Fix that stop stop qemu from segfaulting
during savevm for pxa2xx-based devices.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Second instance of scoop contains registers shifted to 0x40 from the start
of the page. Instead of messing with register mapping, just limit register
address to 0x00..0x3f.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Mainstone board has two flash chips (emulated by two ram regions), however
currently code tries to allocate them with the same name, which fails.
Fix that to make mainstone emulation work again.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
When operating on the SCIF, process all the received characters, as long
as the FIFO can handle them.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
When a modifier key is pressed or released, the USB HID keyboard still
answers NAK, unless another key is also pressed or released.
The patch fixes that by calling usb_hid_changed() when a modifier key
is pressed or released.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The new fields that got added as part of not copying over the guest
buffer to the host need to be saved/restored across migration. Do that
and bump up the version number.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
This commit lets apps signal an incomplete write. When that happens,
stop sending out any more data to the app and wait for it to unthrottle
the port.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
The have_data() API to hand off guest data to apps using virtio-serial
so far assumed all the data was consumed. Relax this assumption.
Future commits will allow for incomplete writes.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
When the guest writes something to a host, we copied over the entire
buffer first into the host and then processed it. Do away with that, it
could result in a malicious guest causing a DoS on the host.
Reported-by: Paul Brook <paul@codesourcery.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Instead of combining flush logic into the discard case and not discard
case, have one function doing discard case. This will help later when
adding flow control logic to the do_flush_queued_data() function.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Patch a6a7005d14 generated
broken device paths. We snprintf with a length shorter
than the output, so the last character is discarded and replaced
by the null byte. Fix it up by snprintf to a buffer
which is larger by 1 byte and then memcpy the data (without
the null byte) to where we need it.
Reported-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The initialisation for generic ports and console ports is similar.
Factor out the parts that are the same in a different function that can
be called from each of the initfns.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
When reading cp0_count from a timer with a late trigger that should
already have expired, expire it and raise the timer irq.
This makes it possible for guest code (e.g, Linux) that first read
cp0_count, then compare it with cp0_compare and check for raised
timer interrupt lines to run reliably.
Acked-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Reorganize for future patches, no functional change.
Acked-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Linux kernel started to use the SM501 2D engine for the console, and
especially the copyrect operation.
Implement this operation so that recent kernels can be used with QEMU.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Expose no_hotplug attribute via I/O port, so ACPI BIOS can indicate
removability status to guest OS.
An updated seabios is required to make use of this feature (seabios.git
commit ID 3c241edf3d7ef29c21).
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Tested-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The USB keyboard emulation's translation table in hw/usb-hid.c doesn't
match the codes actually sent for the Logo (a.k.a. "Windows") or Menu
keys. This results in the guest OS not being able to receive these keys
at all when the USB keyboard emulation is being used.
In particular, both the keymap in /usr/share/kvm/keymaps/modifiers and
the evdev table in x_keymap.c map these keys to 0xdb, 0xdc, and 0xdd,
while usb_hid_usage_keys[] seems to be expecting them to be mapped to
0x7d, 0x7e, and 0x7f.
The attached patch seems to fix the problem, at least in my (limited)
testing.
http://bugs.debian.org/578846http://bugs.debian.org/600593 (cloned from the above against different pkg)
https://bugs.launchpad.net/qemu/+bug/584139
Signed-Off-By: Brad Jorsch <anomie@users.sourceforge.net>
Signed-Off-By: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
lsi_ram_read*() and lsi_ram_write*() are not consistent, one uses
leXX_to_cpu() the other uses nothing. As the comment above the RAM
declaration says: "Script ram is stored as 32-bit words in host
byteorder.", remove the leXX_to_cpu() calls.
This fixes the boot of an ARM versatile machine on MIPS and PowerPC
hosts.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Board id can't be written with stl_phys() as it's read-only part of
memory. Use stl_p() on the memory buffer instead.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Fix a buffer overflow, reported by cppcheck:
[/src/qemu/hw/ppc405_uc.c:72]: (error) Buffer access out-of-bounds: bd.bi_s_version
The use of field bi_s_version seems to be a typo, it should be
bi_r_version.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Fix a buffer overflow, reported by cppcheck:
[/src/qemu/hw/lan9118.c:849]: (error) Buffer access out-of-bounds: s.eeprom
All eeprom handling code assumes that the size of eeprom is 128,
except lan9118_eeprom_cmd. Fix this by restricting the address passed.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The current default of 16 buffers for the control vq is too small. We
can get more entries in there, for example when asking the guest to add
max. allowed ports.
Note: a more robust solution would involve some kind of event queueing
in host to guarantee no event loss. Added a TODO to look into
this later.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This patch rewrites the firmware path code to use the physical port
location tracking just added to the qemu usb core. It also fixes the
port numbering to start with "1" in the firmware path.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This allows to explictily set the physical port where you want to
plug the usb device. Example:
-device usb-tablet,bus=usb.0,port=2
With explicit port addressing qemu can and will not automagically add
USB Hubs. This means that:
(a) You can plug two devices of your choice into the two uhci
root ports.
(b) If you want plug in more that two devices you have to care
about adding a hub yourself.
Plugging a hub works this way:
-device usb-hub,bus=usb.0,port=1
Use this to add a device to the hub:
-device usb-tablet,bus=usb.0,port=1.1
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add a path string to USBPort. Add usb_port_location() function to set
the physical location of the usb port. Update all drivers implementing
usb ports to call it. Update the monitor commands to print it. Wind it
up in qdev.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The scsi layer may return us more data than the guests wants to have.
Handle this by just ignoring the extra bytes and calling the
{read,write}_data callback to finish the request.
Seen happening in real life with some extended inquiry command.
With this patch applied the linux kernel stops reseting the device
once at boot.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Change usb_msd_send_status() to take a pointer to the status packet
instead of writing the status to s->usb_buf which might not point
to the correct location.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add high speed support to the usb mass storage device. With this patch
applied the linux kernel recognises the usb storage device as highspeed
capable device and suggests to connect it to a highspeed port instead of
the uhci. Tested with both uhci and (not-yet submitted) ehci.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add support for device_qualifier and other_speed_config descriptors.
These are used to query the "other speed" configuration of usb 2.0
devices, i.e. in high-speed mode they return the full-speed
configuration and visa versa.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add usb_desc_attach() which sets up the device according to the speed
the usb port is able to handle. This function can be hooked into the
handle_attach callback.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add handle_attach() callback to USBDeviceInfo which is called by the
generic package handler when the device is attached to the usb bus
(i.e. plugged into a port).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
It would be nice to have some way to signal our hid devices support
remote wakeup. There is a descriptor bit for that of course. Problem
with using is one is that older qemu versions used to set the bit even
though they did *not* support remote wakeup. Bummer.
This patch changes the serial number of our hid devices from "1" to "42"
to signal "it is safe to enable remote wakeup". The serial number was
choosen because it isn't used for anything and it is available in sysfs
so it is easy to match it using udev rules like this:
ACTION=="add", SUBSYSTEM=="usb", \
ATTR{product}=="QEMU USB Tablet", ATTR{serial}=="42", \
RUN+="usb_enable_autosuspend %p"
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch makes the usb hub handle remote wakeup requests from devices
properly by updating the port status register and forwarding the wakeup
to the upstream port.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add wakeup callback to port ops for remote wakeup handling.
Also add a usb_wakeup() function for devices which want
trigger a remote wakeup.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add separate detach callback to USBPortOps, split
uhci/ohci/musb/usbhub attach functions into two.
Move common code to the usb_attach() function, only
the hardware-specific bits remain in the attach/detach
callbacks.
Keep track of the port it is attached to for each usb device.
[ v3: fix tyops in usb-musb.c ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
- Don't return status from start/stop functions where it's ignored
- report errors to make debugging easier
- assert on unexpected failures
- don't disable notifiers on error so that we'll
retry when guest driver restarts
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
This patch moves setting and clearing the remote_wakeup feature
bit (via USB_REQ_{SET,CLEAR}_FEATURE) to common code. Also
USB_REQ_GET_STATUS handling is moved to common code.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds fields to the USBDevice struct for the current
speed (hard-wired to full speed for now) and current device
configuration. Also a init function is added which inializes
these fields. This allows USB_REQ_{GET,SET}_CONFIGURATION
handling to be moved to common code.
For most drivers the conversion is trivial ad they support a single
configuration only anyway. One exception is bluetooth where some
device-specific setup code runs after get/set configuration. The
other is usb-net which actually has two configurations so the
the code to check for the active configuration has been adapted.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Switch the usb hub driver over to the
new descriptor infrastructure.
It also removes the nr_ports variable and MAX_PORTS define and
introduces a NUM_PORTS define instead. The numver of ports was
(and still is) fixed at 8 anyway.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Switch the usb serial drivers (serial, braille) over to the
new descriptor infrastructure.
Note that this removes the freely configurable vendor and product id
properties. I think the only reason this was configurable is that the
only difference between the serial and the braille device is the
vendor+product id. Of course the serial and braille devices keep their
different IDs, but they can't be overritten from the command line any
more.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds hw/usb-desc.[ch] files. They carry data structures
for various usb descriptors and helper functions to generate usb
packets from the structures.
The intention is to have a internal representation of the device
desription which is more usable than the current char array blobs,
so we can have common code handle common usb device emulation using
the device description.
The usage of this infrastructure is optional for usb drivers as there
are cases such as pass-through where it probably isn't very useful.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Virtqueue notify is currently handled synchronously in userspace virtio. This
prevents the vcpu from executing guest code while hardware emulation code
handles the notify.
On systems that support KVM, the ioeventfd mechanism can be used to make
virtqueue notify a lightweight exit by deferring hardware emulation to the
iothread and allowing the VM to continue execution. This model is similar to
how vhost receives virtqueue notifies.
The result of this change is improved performance for userspace virtio devices.
Virtio-blk throughput increases especially for multithreaded scenarios and
virtio-net transmit throughput increases substantially.
Some virtio devices are known to have guest drivers which expect a notify to be
processed synchronously and spin waiting for completion.
For virtio-net, this also seems to interact with the guest stack in strange
ways so that TCP throughput for small message sizes (~200bytes)
is harmed. Only enable ioeventfd for virtio-blk for now.
Care must be taken not to interfere with vhost-net, which uses host
notifiers. If the set_host_notifier() API is used by a device
virtio-pci will disable virtio-ioeventfd and let the device deal with
host notifiers as it wishes.
Finally, there used to be a limit of 6 KVM io bus devices inside the
kernel. On such a kernel, don't use ioeventfd for virtqueue host
notification since the limit is reached too easily. This ensures that
existing vhost-net setups (which always use ioeventfd) have ioeventfds
available so they can continue to work.
After migration and on VM change state (running/paused) virtio-ioeventfd
will enable/disable itself.
* VIRTIO_CONFIG_S_DRIVER_OK -> enable virtio-ioeventfd
* !VIRTIO_CONFIG_S_DRIVER_OK -> disable virtio-ioeventfd
* virtio_pci_set_host_notifier() -> disable virtio-ioeventfd
* vm_change_state(running=0) -> disable virtio-ioeventfd
* vm_change_state(running=1) -> enable virtio-ioeventfd
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Move tracking vmstate change from virtio-net to virtio.c
as it is going to be used by virito-blk and virtio-pci
for the ioeventfd support.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The VirtIOPCIProxy bugs field is currently used to enable workarounds
for older guests. Rename it to flags so that other per-device behavior
can be tracked.
A later patch uses the flags field to remember whether ioeventfd should
be used for virtqueue host notification.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This patch tags all vga cards as not hotpluggable. The qemu
standard vga will never ever be hotpluggable. For cirrus + vmware
it might be possible to get that work some day. Todays we can't
handle that for a number of reasons though.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This patch tags all pci devices which belong to the piix3/4 chipsets as
not hotpluggable (Host bridge, ISA bridge, IDE controller, ACPI bridge).
Acked-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This patch adds a field to PCIDeviceInfo to tag devices as being
not hotpluggable. Any attempt to plug-in or -out such a device
will throw an error.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Some Linux kernels seems to implement ITLB/UTLB flushing through by
writing all TLB entries through the memory mapped interface instead
of writing one to MMUCR.TI.
Implement memory mapped ITLB write interface so that such kernels can
boot. This fixes https://bugs.launchpad.net/bugs/700774 .
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Commit 92d675d1c1 triggered uninitialized
variables warning with GCC 4.6. Fix them by adding zero initializers.
Acked-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This patch replaces explicit bswaps with endianness hints to the
mmio layer.
CC: Alexander Graf <agraf@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
956a3e6bb7 introduced a bug concerning
reset bit for port 92.
Since the keyboard output port and port 92 are not compatible anyway,
let's separate them.
Reported-by: Peter Lieven <pl@dlh.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
--
v2: added reset handler and VMState
rtl8139 includes a cpu_register_io_memory acquired value in it's
migration data. This is not only unecessary, but we should treat
these values as unique to the VM instances since the value depends
on call order. In most cases, this miraculously still works.
However, if devices are added or removed from the system, it may
represent an ordering change, which could cause the target rtl8139
device to make use of another device's cpu_register_io_memory value.
If we detect that a hot-add/remove has occured, include a subsection
to restrict migrations only to driver versions known to include this
fix.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Create a trivial interface to track whether the machine has been
modified since boot. Adding or removing devices will trigger this
to return true. An example usage scenario for such an interface is
the rtl8139 driver which includes a cpu_register_io_memory() value
in it's migration stream. For the majority of migrations, where
no hotplug has occured in the machine, this works correctly. Once
the machine is modified, we can use this interface to detect that
and include a subsection for the device to prevent migrations to
rtl8139 versions with this bug.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Commit d85d0d3883 introduces a regression
with Windows ME that leads to a division by 0 and a crash.
It uses the color expansion rop with the source pitch set to 0. This is
something allowed, as the manual explicitely says "When the source of
color-expand data is display memory, the source pitch is ignored.".
This patch fixes this regression by computing sx, sy and others
variables only if they are going to be used later, that is for a plain
copy ROP. It basically consists in moving code.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
On big endian hosts, the curses interface is unusable: the emulated
graphic card only displays garbage, while the monitor interface displays
nothing (or rather only spaces).
The curses interface is waiting for data in native endianness, so
console_write_ch() should not do any conversion. The conversion should
be done when reading the video buffer in hw/vga.c. I supposed this
buffer is in little endian mode, though it's not impossible that the
data is actually in guest endianness. I currently have no big endian
guest to way (they all switch to graphic mode immediately).
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The device path used for migration is currently broken for
for all devices behind a nested bridge.
Replace this by a hierarchical list of slot/function numbers, walking
the path from root down to device. Add :00 after the domain number
so that if there are no nested bridges, this is compatible
with what we have now.
Note: as pointed out by Gleb, using openfirmware paths
might be cleaner, doing this would break compatibility though,
and the IDs used are not guest or user visible at all,
so breaking the compatibility is probably not worth it.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The s390 target doesn't compile out of the box anymore. This patch fixes all
the obvious glitches that got introduced in the last few weeks.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This patch introduce a helper function to get PCIDevice from qdev id.
This function will be used later.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This patch exports qdev_find_recursive() for later use.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
by introducing pci-stub.c, eliminate QMP dependency on core PCI code
rquired by query-pci command.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Peter Maydell