io base register at 0x40 is cleared on reset,
but io is not disabled until some other event
happens to call pm_io_space_update.
Invoke pm_io_space_update directly to make this
consistent.
Cc: qemu-stable@nongnu.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit c046e8c4a2)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Respect the interval for interrupt endpoints, so we don't finish
transfers as fast as possible but at the rate configured by the guest.
Fixes guest deadlocks triggered by interrupt storms.
Cc:
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 4d7a81c06f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The following sequence happens:
- the SeaBIOS virtio-blk driver does not support the WCE feature, which
causes QEMU to disable writeback caching
- the Linux virtio-blk driver resets the device, finds WCE is available
but writeback caching is disabled; tells block layer to not send cache
flush commands
- the Linux virtio-blk driver sets the DRIVER_OK bit, which causes
writeback caching to be re-enabled, but the Linux virtio-blk driver does
not know of this side effect and cache flushes remain disabled
The bug is at the third step. If the guest does know about CONFIG_WCE,
QEMU should ignore the WCE feature's state. The guest will control the
cache mode solely using configuration space. This change makes Linux
do flushes correctly, but Linux will keep SeaBIOS's writethrough mode.
Hence, whenever the guest is reset, the cache mode of the disk should
be reset to whatever was specified in the "-drive" option. With this
change, the Linux virtio-blk driver finds that writeback caching is
enabled, and tells the block layer to send cache flush commands
appropriately.
Reported-by: Rusty Russell <rusty@au1.ibm.com
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit ef5bc96268)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
To avoid misinterpreting INACTIVE after migration as old qemu-kvm's
STANDBY, also clear rom_state_paddr when going back to this state.
CC: qemu-stable@nongnu.org
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 4357930b8a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
ROM layout may change after reset of devices are hotplugged, so we have
to pick up the physical address again when the ROM is initialized. This
is best achieved by resetting the state to INACTIVE.
CC: qemu-stable@nongnu.org
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit c056bc3f34)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
If not caught early, a zero-length ROM will cause a NULL-pointer access
later on in patch_hypercalls when allocating a zero-length ROM copy and
trying to read from it.
CC: qemu-stable@nongnu.org
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 18e5eec4db)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Now that the memory subsystem is propagating the endianness correctly,
the pcnet-pci device should have its I/O ports and MMIO memory marked
as LITTLE_ENDIAN, as PCI devices are little endian.
This makes the pcnet-pci NIC to work again on big endian MIPS Malta
(default NIC).
Cc: qemu-stable@nongnu.org
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit a26405b350)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 254c12825f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
CC: qemu-stable@nongnu.org
(cherry picked from commit 04d7bad8a4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The local spice renderer assumes the primary surface is located at the
start of the "ram" bar. This used to be a requirement in qxl hardware
revision 1. In revision 2+ this is relaxed. Nevertheless guest drivers
continued to use the traditional location, for historical and backward
compatibility reasons. The qxl kms driver doesn't though as it depends
on qxl revision 4+ anyway.
Result is that local rendering is hosed for recent linux guests, you'll
get pixel garbage with non-spice ui (gtk, sdl, vnc) and when doing
screendumps. Fix that by doing a proper mapping of the guest-specified
memory location.
https://bugzilla.redhat.com/show_bug.cgi?id=948717
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit c58c7b959b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
We'll need a pointer to the actual pci/sysbus device,
stick a pointer to it into the EHCIState struct.
https://bugzilla.redhat.com/show_bug.cgi?id=1005495
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit adbecc8973)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Now that the memory subsystem is propagating the endianness correctly,
the ne2000 device should have its I/O ports marked as LITTLE_ENDIAN, as
PCI devices are little endian.
This makes the ne2000 NIC to work again on PowerPC.
Cc: qemu-stable@nongnu.org
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 45d883dcf2)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
usb3 bulk endpoints with streams are implicitly pipelined now,
so the requests will actually be processed in parallel. Also
allow them to complete out-of-order.
Fixes stalls in the uas driver.
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit c96c41ed0d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
commit 62c96360ae
virtio-pci: fix level interrupts
only helps systems without irqfd: on systems with irqfd support we
passed in flag requesting irqfd even when msix is disabled.
As a result, for level interrupts we didn't install an fd handler so
unmasking an fd had no effect.
Fix this up.
Cc: qemu-stable@nongnu.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 23fe2b3f9e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This fixes the following assert when -device adlib is used:
ioport.c:240: portio_list_add: Assertion `pio->offset >= off_last' failed.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 2b21fb57af)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This reverts commit a309ee6e0a.
This isn't in line with the usb specification and adds regressions,
win7 fails to drive the usb hub for example.
Was added because it "solved" the issue of hubs interacting badly
with the xhci host controller. Now with the root cause being fixed
in xhci (commit <FIXME>) we can revert this one.
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit bdebd6ee81)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
virtqueue_get_avail_bytes: when found a indirect desc, we need loop over it.
/* loop over the indirect descriptor table */
indirect = 1;
max = vring_desc_len(desc_pa, i) / sizeof(VRingDesc);
num_bufs = i = 0;
desc_pa = vring_desc_addr(desc_pa, i);
But, It init i to 0, then use i to update desc_pa. so we will always get:
desc_pa = vring_desc_addr(desc_pa, 0);
the last two line should swap.
Cc: qemu-stable@nongnu.org
Signed-off-by: Yin Yin <yin.yin@cs2c.com.cn>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 1ae2757c6c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
A number of users are reporting stalls when using the pseries
hypervisor virtual console.
A simple test case is to paste 15 or 17 characters at a time
into the console. Pasting 15 characters at a time works fine
but pasting 17 characters hangs for a random amount of time.
Other activity (network, qemu monitor etc) unblocks it.
If qemu-char tries to send more than 16 characters at once,
vty_can_receive returns false. At this point we have to
wait for the guest to consume that output. Everything is good
so far.
The problem occurs when the the guest does consume the output.
We need to signal back to the qemu-char layer that we are
ready for more input. Without this we block until something
else kicks us (eg network activity).
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit 7770b6f78a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
commit 3984890181
pc: limit 64 bit hole to 2G by default
introduced a way for management to control
the window allocated to the 64 bit PCI hole.
This is useful, but existing management tools do not know how to set
this property. As a result, e.g. specifying a large ivshmem device with
size > 4G is broken by default. For example this configuration no
longer works:
-device ivshmem,size=4294967296,chardev=cfoo
-chardev socket,path=/tmp/sock,id=cfoo,server,nowait
Fix this by detecting that hole size was not specified
and defaulting to the backwards-compatible value of 1 << 62.
Cc: qemu-stable@nongnu.org
Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 1466cef32d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
scsi_bus_legacy_add_drive() creates either a scsi-disk or a
scsi-generic device. It sets property "serial" to argument serial
unless null. Crashes with scsi-generic, because it doesn't have such
the property.
Only usb_msd_initfn_storage() passes non-null serial. Reproducer:
$ qemu-system-x86_64 -nodefaults -display none -S -usb \
-drive if=none,file=/dev/sg1,id=usb-drv0 \
-device usb-storage,id=usb-msd0,drive=usb-drv0,serial=123
qemu-system-x86_64: -device usb-storage,id=usb-msd0,drive=usb-drv0,serial=123: Property '.serial' not found
Aborted (core dumped)
Fix by handling exactly like "removable": set the property only when
it exists.
Cc: qemu-stable@nongnu.org
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit c24e7517ee)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Since commit c658b94f6e, MIPS raises
exceptions when accessing invalid memory. This is not the correct
behaviour for MIPS Malta Core LV, as the GT-64120A system controller
just ignore undecoded access. This feature is used by the Linux kernel
to probe for some devices.
Emulate the correct behaviour in QEMU by adding an empty slot covering
the entire memory space decoded by the GT-64120A.
Tested-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Context matching caused the 'has_pvpanic = true' to be applied to
the 1.6 machine type instead of the 1.5 machine type.
Reported-by: Markus Armbruster <armbru@redhat.com>
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch is based on Hu Tao's:
http://lists.nongnu.org/archive/html/qemu-devel/2013-08/msg00124.html
No need to hard-code pvpanic as part of the machine.
It can be added with "-device pvpanic" from command line (The next patch).
Anyway, for backport compatibility it is still part of 1.5
machine.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Reviewed-by: Hu Tao <hutao@cn.fujitsu.com>
Message-id: 1376233843-19410-2-git-send-email-marcel.a@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Commit 41cb383f42 made a guest-visible
change by adding the PCLMULQDQ bit to Westmere without adding
compatibility code to keep the ABI for older machine-types.
Fix it by adding the missing compat code.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Move the code to hw/i386, the sole remaining property is available
as !pci_enabled.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1376069702-22330-4-git-send-email-aliguori@us.ibm.com
Rebased.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
With the new semantics of pc_sysfw (no -pflash implies "old-style" ROM setup,
-pflash implies "new-style" ROM setup), there is no need anymore for a compat
property. Old machines simply will never use -pflash, and thus will always
use old-style setup.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1376069702-22330-3-git-send-email-aliguori@us.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The variable is not written anymore.
This cleans up after 9e1c2ec (which accidentally left variable
pc_sysfw_flash_vs_rom_bug_compatible behind, value always zero), and
buries dead code from commit dafb82e (which resurrected the pc_sysfw
code for pc_sysfw_flash_vs_rom_bug_compatible by mistake).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1376069702-22330-2-git-send-email-aliguori@us.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This includes some last-minute bugfixes for 1.6.
All very small patches that also look very safe to me.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iQEcBAABAgAGBQJSCKrZAAoJECgfDbjSjVRpzWsH/2vJswTENyE1ws/fgs3QIxM/
YNGpOkxXGtfLB8EgkSchdEFytFidDE7VJZA/maRS3jY1/vZbd54qjlfBSaoWa27l
eaLMqjr5vdFQXJMn4WS1Fhv2HEiTRame8RxvCkLvv3SU87QzDxbwdvgTNUsDSREJ
OUBZLqEpyK5mf7e/qdFxxFUWuOGAfbQhMw3A8jYYxNbmczbSvawA/qthTgsXiyW4
t5Kak2GzQ5W5yLhhe3PhdoD/9XnG0qFKP2ZGha/PcrQjAi+7oCZl2qJ55V5MTHl8
mh8Q1Qpp/5SDeo6kKNVBQ5ysF9iUbrPxog44LnkVgX4F8/282/birt6VfeyKZbg=
=U+hn
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'mst/tags/for_anthony' into staging
pci,virtio fixes for 1.6
This includes some last-minute bugfixes for 1.6.
All very small patches that also look very safe to me.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon 12 Aug 2013 04:28:57 AM CDT using RSA key ID D28D5469
# gpg: Can't check signature: public key not found
# By Michael S. Tsirkin (2) and others
# Via Michael S. Tsirkin
* mst/tags/for_anthony:
vhost: clear signalled_used_valid on vhost stop
virtio: clear signalled_used_valid when switching from dataplane
i82801b11: Fix i82801b11 PCI host bridge config space
pc: disable pci-info for 1.6
Message-id: 1376308831-19978-1-git-send-email-mst@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The virtio-mmio spec says that QueueNumMax must read zero for queues
which are unavailable; implement this, rather than always returning
VIRTQUEUE_MAX_SIZE.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1374853288-9912-3-git-send-email-peter.maydell@linaro.org
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
When vhost device stops, its implementation synchronizes kernel state
back to virtio.c so we can continue emulating the device
in userspace.
This patch ensures that virtio.c's signalled_used_valid flag is reset so
that userspace does not suppress guest notifications due to stale
signalled_used values.
Cc: qemu-stable@nongnu.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
When the dataplane thread stops, its vring.c implementation synchronizes
vring state back to virtio.c so we can continue emulating the virtio
device.
This patch ensures that virtio.c's signalled_used_valid flag is reset so
that we do not suppress guest notifications due to stale signalled_used
values.
Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
pci_bridge_write_config() was not being used.
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The BIOS that we ship in 1.6 does not use pci info
from host (yet). Several issues turned up
(e.g. around winXP boot crashes). So it's safest to disable that
interface for 1.6 machine types for now, leave it on for 1.7
as we have enough time to fix issues if any.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
A queue size of 0 is used to indicate a nonexistent queue, so
don't allow the guest to flip a queue between zero-size and
non-zero-size. Don't permit setting of negative queue sizes
either.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1374853288-9912-2-git-send-email-peter.maydell@linaro.org
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Now that this code path is not triggered anymore during the tests,
revert commit b332d24a8e. Booting a MIPS
target without kernel nor bios doesn't really make sense. At the same
time replace fprintf(stderr, ...) by error_report().
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The I/O port variant of fw_cfg is used by sparc64, which is a big-endian machine.
Firmware swaps bytes before sending them to fw_cfg, so we need to unswap them in
the device.
This is only used on sparc64 and on (little-endian) x86, so it does not affect
any other target. 32-bit Sparc and PPC all use memory-mapped fw_cfg.
Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-id: 1375014954-31916-2-git-send-email-pbonzini@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch fixes a bug in rom_copy introduced by
commit d60fa42e8b.
rom_copy failed to load roms with a "datasize" of 0.
As a result, multiboot kernels were not loaded correctly
when they contain a segment with a "file size" of 0.
https://bugs.launchpad.net/qemu/+bug/1208944
Signed-off-by: Martijn van den Broek <martijn.vdbrk@gmail.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: CAG1x_oET1u3TMPu3r_zzd3ZXsTWQLiaM0zAc+RkHFCwvJjGOvg@mail.gmail.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Error **errp argument is not for emitting warnings, it means an error
has occurred and the caller should not make any assumptions about the
state of other return values (unless otherwise documented).
Therefore cpu_x86_create() must unref the new X86CPU itself, and
pc_new_cpu() must check for an Error rather than NULL return value.
While at it, clean up a superfluous NULL check.
Reported-by: Jan Kiszka <jan.kiszka@siemens.com>
Cc: qemu-stable@nongnu.org
Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
pxa2xx_i2c_init() creates a pxa2xx-i2c-slave device on a second i2c-bus,
which has a NULL parent device. This causes an assertion in
object_get_canonical_path() when accessing pxa2xx-i2c-slave's
"parent_bus" link<bus> property in tosa and likely other PXA2xx machines.
Fix this by using the pxa2xx_i2c device, created just before, as parent.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1375621501-5564-1-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
# By Jan Kiszka
# Via Stefan Hajnoczi
* stefanha/net:
pcnet: Flush queued packets on end of STOP state
Message-id: 1375704975-19128-1-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Michael S. Tsirkin