aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-03-08libqtest: add qtest_kill_qemu()Stefan Hajnoczi
Tests that manage multiple processes may wish to kill QEMU before destroying the QTestState. Expose a function to do that. The vhost-user-blk-test testcase will need this. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com> Message-Id: <20210223144653.811468-4-stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-08libqtest: add qtest_socket_server()Stefan Hajnoczi
Add an API that returns a new UNIX domain socket in the listen state. The code for this was already there but only used internally in init_socket(). This new API will be used by vhost-user-blk-test. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com> Message-Id: <20210223144653.811468-3-stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-08vhost-user-blk: fix blkcfg->num_queues endiannessStefan Hajnoczi
Treat the num_queues field as virtio-endian. On big-endian hosts the vhost-user-blk num_queues field was in the wrong endianness. Move the blkcfg.num_queues store operation from realize to vhost_user_blk_update_config() so feature negotiation has finished and we know the endianness of the device. VIRTIO 1.0 devices are little-endian, but in case someone wants to use legacy VIRTIO we support all endianness cases. Cc: qemu-stable@nongnu.org Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <20210223144653.811468-2-stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-08docs: replace insecure /tmp examples in qsd docsStefan Hajnoczi
World-writeable directories have security issues. Avoid showing them in the documentation since someone might accidentally use them in situations where they are insecure. There tend to be 3 security problems: 1. Denial of service. An adversary may be able to create the file beforehand, consume all space/inodes, etc to sabotage us. 2. Impersonation. An adversary may be able to create a listen socket and accept incoming connections that were meant for us. 3. Unauthenticated client access. An adversary may be able to connect to us if we did not set the uid/gid and permissions correctly. These can be prevented or mitigated with private /tmp, carefully setting the umask, etc but that requires special action and does not apply to all situations. Just avoid using /tmp in examples. Reported-by: Richard W.M. Jones <rjones@redhat.com> Reported-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20210301172728.135331-3-stefanha@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-08docs: show how to spawn qemu-storage-daemon with fd passingStefan Hajnoczi
The QMP monitor, NBD server, and vhost-user-blk export all support file descriptor passing. This is a useful technique because it allows the parent process to spawn and wait for qemu-storage-daemon without busy waiting, which may delay startup due to arbitrary sleep() calls. This Python example is inspired by the test case written for libnbd by Richard W.M. Jones <rjones@redhat.com>: https://gitlab.com/nbdkit/libnbd/-/commit/89113f484effb0e6c322314ba75c1cbe07a04543 Thanks to Daniel P. Berrangé <berrange@redhat.com> for suggestions on how to get this working. Now let's document it! Reported-by: Richard W.M. Jones <rjones@redhat.com> Cc: Kevin Wolf <kwolf@redhat.com> Cc: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20210301172728.135331-2-stefanha@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-08qemu-storage-daemon: add --pidfile optionStefan Hajnoczi
Daemons often have a --pidfile option where the pid is written to a file so that scripts can stop the daemon by sending a signal. The pid file also acts as a lock to prevent multiple instances of the daemon from launching for a given pid file. QEMU, qemu-nbd, qemu-ga, virtiofsd, and qemu-pr-helper all support the --pidfile option. Add it to qemu-storage-daemon too. Reported-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20210302142746.170535-1-stefanha@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-08storage-daemon: include current command line option in the errorsPaolo Bonzini
Use the location management facilities that the emulator uses, so that the current command line option appears in the error message. Before: $ storage-daemon/qemu-storage-daemon --nbd key..= qemu-storage-daemon: Invalid parameter 'key..' After: $ storage-daemon/qemu-storage-daemon --nbd key..= qemu-storage-daemon: --nbd key..=: Invalid parameter 'key..' Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20210301152844.291799-3-pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-08storage-daemon: report unexpected arguments on the flyPaolo Bonzini
If the first character of optstring is '-', then each nonoption argv element is handled as if it were the argument of an option with character code 1. This removes the reordering of the argv array, and enables usage of loc_set_cmdline to provide better error messages. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20210301152844.291799-2-pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-08blockjob: report a better error messageStefano Garzarella
When a block job fails, we report strerror(-job->job.ret) error message, also if the job set an error object. Let's report a better error message using error_get_pretty(job->job.err). If an error object was not set, strerror(-job->ret) is used as fallback, as explained in include/qemu/job.h: typedef struct Job { ... /** * Error object for a failed job. * If job->ret is nonzero and an error object was not set, it will be set * to strerror(-job->ret) during job_completed. */ Error *err; } In block_job_query() there can be a transient where 'job.err' is not set by a scheduled bottom half. In that case we use strerror(-job->ret) as it was before. Suggested-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefano Garzarella <sgarzare@redhat.com> Message-Id: <20210225103633.76746-1-sgarzare@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-08iotests: Fix up python style in 300Eric Blake
Break some long lines, and relax our type hints to be more generic to any JSON, in order to more easily permit the additional JSON depth now possible in migration parameters. Detected by iotest 297. Fixes: ca4bfec41d56 (qemu-iotests: 300: Add test case for modifying persistence of bitmap) Reported-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20210215220518.1745469-1-eblake@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-08iotests/283: Check that finalize drops backup-topMax Reitz
Without any of HEAD^ or HEAD^^ applied, qemu will most likely crash on the qemu-io invocation, for a variety of immediate reasons. The underlying problem is generally a use-after-free access into backup-top's BlockCopyState. With only HEAD^ applied, qemu-io will run into an EIO (which is not capture by the output, but you can see that the qemu-io invocation will be accepted (i.e., qemu-io will run) in contrast to the reference output, where the node name cannot be found), and qemu will then crash in query-named-block-nodes: bdrv_get_allocated_file_size() detects backup-top to be a filter and passes the request through to its child. However, after bdrv_backup_top_drop(), that child is NULL, so the recursive call crashes. With HEAD^^ applied, this test should pass. Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20210219153348.41861-4-mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-08backup-top: Refuse I/O in inactive stateMax Reitz
When the backup-top node transitions from active to inactive in bdrv_backup_top_drop(), the BlockCopyState is freed and the filtered child is removed, so the node effectively becomes unusable. However, noone told its I/O functions this, so they will happily continue accessing bs->backing and s->bcs. Prevent that by aborting early when s->active is false. (After the preceding patch, the node should be gone after bdrv_backup_top_drop(), so this should largely be a theoretical problem. But still, better to be safe than sorry, and also I think it just makes sense to check s->active in the I/O functions.) Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20210219153348.41861-3-mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-08backup: Remove nodes from job in .clean()Max Reitz
The block job holds a reference to the backup-top node (because it is passed as the main job BDS to block_job_create()). Therefore, bdrv_backup_top_drop() cannot delete the backup-top node (replacing it by its child does not affect the job parent, because that has .stay_at_node set). That is a problem, because all of its I/O functions assume the BlockCopyState (s->bcs) to be valid and that it has a filtered child; but after bdrv_backup_top_drop(), neither of those things are true. It does not make sense to add new parents to backup-top after backup_clean(), so we should detach it from the job before bdrv_backup_top_drop(). Because there is no function to do that for a single node, just detach all of the job's nodes -- the job does not do anything past backup_clean() anyway. Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20210219153348.41861-2-mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-08iotests: Drop deprecated 'props' from object-addAlberto Garcia
Signed-off-by: Alberto Garcia <berto@igalia.com> Message-Id: <20210222115737.2993-1-berto@igalia.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-08Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into ↵Peter Maydell
staging * fix tracing vs -daemonize (Daniel) * detect invalid CFI configuration (Daniele) * 32-bit PVH fix (David) * forward SCSI passthrough host-status to the SCSI HBA (Hannes) * detect ill-formed id in QMP object-add (Kevin) * miscellaneous bugfixes and cleanups (Keqian, Kostiantyn, myself, Peng Liang) * add nodelay option for chardev (myself) * deprecate -M kernel-irqchip=off on x86 (myself) * keep .d files (myself) * Fix -trace file (myself) # gpg: Signature made Sat 06 Mar 2021 10:43:12 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini-gitlab/tags/for-upstream: (23 commits) meson: Stop if cfi is enabled with system slirp trace: skip qemu_set_log_filename if no "-D" option was passed trace: fix "-trace file=..." meson: adjust timeouts for some slower tests build-sys: invoke ninja with -d keepdepfile qemu-option: do not suggest using the delay option scsi: move host_status handling into SCSI drivers scsi: inline sg_io_sense_from_errno() into the callers. scsi-generic: do not snoop the output of failed commands scsi: Add mapping for generic SCSI_HOST status to sense codes scsi: Rename linux-specific SG_ERR codes to generic SCSI_HOST error codes qemu-config: add error propagation to qemu_config_parse x86/pvh: extract only 4 bytes of start address for 32 bit kernels elf_ops: correct loading of 32 bit PVH kernel lsilogic: Use PCIDevice::exit instead of DeviceState::unrealize accel: kvm: Add aligment assert for kvm_log_clear_one_slot accel: kvm: Fix memory waste under mismatch page size vl.c: do not execute trace_init_backends() before daemonizing qom: Check for wellformed id in user_creatable_add_type() chardev: add nodelay option ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-08Merge remote-tracking branch ↵Peter Maydell
'remotes/pmaydell/tags/pull-target-arm-20210308' into staging target-arm queue: * sbsa-ref: remove cortex-a53 from list of supported cpus * sbsa-ref: add 'max' to list of allowed cpus * target/arm: Add support for FEAT_SSBS, Speculative Store Bypass Safe * npcm7xx: add EMC model * xlnx-zynqmp: Remove obsolete 'has_rpu' property * target/arm: Speed up aarch64 TBL/TBX * virtio-mmio: improve virtio-mmio get_dev_path alog * target/arm: Use TCF0 and TFSRE0 for unprivileged tag checks * target/arm: Restrict v8M IDAU to TCG * target/arm/cpu: Update coding style to make checkpatch.pl happy * musicpal, tc6393xb, omap_lcdc, tcx: drop dead code for non-32-bit-RGB surfaces * Add new board: mps3-an524 # gpg: Signature made Mon 08 Mar 2021 11:56:24 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20210308: (49 commits) hw/arm/mps2: Update old infocenter.arm.com URLs docs/system/arm/mps2.rst: Document the new mps3-an524 board hw/arm/mps2-tz: Provide PL031 RTC on mps3-an524 hw/arm/mps2-tz: Stub out USB controller for mps3-an524 hw/arm/mps2-tz: Add new mps3-an524 board hw/arm/mps2-tz: Get armv7m_load_kernel() size argument from RAMInfo hw/arm/mps2-tz: Support ROMs as well as RAMs hw/arm/mps2-tz: Set MachineClass default_ram info from RAMInfo data hw/arm/mps2-tz: Make RAM arrangement board-specific hw/arm/mps2-tz: Allow boards to have different PPCInfo data hw/arm/mps2-tz: Size the uart-irq-orgate based on the number of UARTs hw/arm/mps2-tz: Move device IRQ info to data structures hw/arm/mps2-tz: Allow PPCPortInfo structures to specify device interrupts hw/arm/mps2-tz: Correct wrong interrupt numbers for DMA and SPI hw/misc/mps2-scc: Implement CFG_REG5 and CFG_REG6 for MPS3 AN524 hw/arm/mps2-tz: Make number of IRQs board-specific hw/arm/mps2-tz: Condition IRQ splitting on number of CPUs, not board type hw/arm/mps2-tz: Make FPGAIO switch and LED config per-board hw/misc/mps2-fpgaio: Support SWITCH register hw/misc/mps2-fpgaio: Make number of LEDs configurable by board ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-08hw/arm/mps2: Update old infocenter.arm.com URLsPeter Maydell
Update old infocenter.arm.com URLs to the equivalent developer.arm.com ones (the old URLs should redirect, but we might as well avoid the redirection notice, and the new URLs are pleasantly shorter). This commit covers the links to the MPS2 board TRM, the various Application Notes, the IoTKit and SSE-200 documents. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210215115138.20465-25-peter.maydell@linaro.org
2021-03-08docs/system/arm/mps2.rst: Document the new mps3-an524 boardPeter Maydell
Add brief documentation of the new mps3-an524 board. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210215115138.20465-24-peter.maydell@linaro.org
2021-03-08hw/arm/mps2-tz: Provide PL031 RTC on mps3-an524Peter Maydell
The AN524 has a PL031 RTC, which we have a model of; provide it rather than an unimplemented-device stub. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210215115138.20465-23-peter.maydell@linaro.org
2021-03-08hw/arm/mps2-tz: Stub out USB controller for mps3-an524Peter Maydell
The AN524 has a USB controller (an ISP1763); we don't have a model of it but we should provide a stub "unimplemented-device" for it. This is slightly complicated because the USB controller shares a PPC port with the ethernet controller. Implement a make_* function which provides creates a container MemoryRegion with both the ethernet controller and an unimplemented-device stub for the USB controller. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210215115138.20465-22-peter.maydell@linaro.org
2021-03-07esp: add support for unaligned accessesMark Cave-Ayland
When the MacOS toolbox ROM transfers data from a target device to an unaligned memory address, the first/last byte of a 16-bit transfer needs to be handled separately. This means that the first byte is preloaded into the FIFO before the transfer, or the last byte remains in the FIFO after the transfer. The result of this is that the PDMA routines must be updated so that the FIFO is loaded/unloaded if the last 16-bit word is used (rather than the last byte) and any remaining byte from a FIFO wraparound is handled correctly. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-43-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: implement non-DMA transfers in PDMA modeMark Cave-Ayland
The MacOS toolbox ROM uses non-DMA TI commands to handle the first/last byte of an unaligned 16-bit transfer to memory. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-42-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: add trivial implementation of the ESP_RFLAGS registerMark Cave-Ayland
The bottom 5 bits contain the number of bytes remaining in the FIFO which is trivial to implement with Fifo8 (the remaining bits are unimplemented and left as 0 for now). Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-41-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: convert cmdbuf from array to Fifo8Mark Cave-Ayland
Rename ESP_CMDBUF_SZ to ESP_CMDFIFO_SZ and cmdbuf_cdb_offset to cmdfifo_cdb_offset to indicate that the command buffer type has changed from an array to a Fifo8. This also enables us to remove the ESPState field cmdlen since the command length is now simply the number of elements used in cmdfifo. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-40-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: convert ti_buf from array to Fifo8Mark Cave-Ayland
Rename TI_BUFSZ to ESP_FIFO_SZ since this constant is really describing the size of the FIFO and is not directly related to the TI size. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-39-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: transition to message out phase after SATN and stop commandMark Cave-Ayland
The SCSI bus should remain in the message out phase after the SATN and stop command rather than transitioning to the command phase. A new ESPState variable cmdbuf_cdb_offset is added which stores the offset of the CDB from the start of cmdbuf when accumulating extended message out phase data. Currently any extended message out data is discarded in do_cmd() before the CDB is processed in do_busid_cmd(). Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-38-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: add maxlen parameter to get_cmd()Mark Cave-Ayland
Some guests use a mixture of DMA and non-DMA transfers in combination with the SATN and stop command to transfer message out phase and command phase bytes to the target. Prepare for the next commit by adding a maxlen parameter to get_cmd() to allow partial transfers. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-37-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: raise interrupt after every non-DMA byte transferred to the FIFOMark Cave-Ayland
This matches the description in the datasheet and is required as support for non-DMA transfers is added. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-36-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: remove old deferred command completion mechanismMark Cave-Ayland
Commit ea84a44250 "scsi: esp: Defer command completion until previous interrupts have been handled" provided a mechanism to delay the command completion interrupt until ESP_RINTR is read after the command has completed. With the previous fixes for latching the ESP_RINTR bits and deferring the setting of the command completion interrupt for incoming data to the SCSI callback, this workaround is no longer required and can be removed. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-35-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: defer command completion interrupt on incoming data transfersMark Cave-Ayland
The MacOS toolbox ROM issues a command to the ESP controller as part of its "FAST" SCSI routines and then proceeds to read the incoming data soon after receiving the command completion interrupt. Unfortunately due to SCSI block transfers being asynchronous the incoming data may not yet be present causing an underflow error. Resolve this by waiting for the SCSI subsystem transfer_data callback before raising the command completion interrupt. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-34-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: latch individual bits in ESP_RINTR registerMark Cave-Ayland
Currently the ESP_RINTR register is set to a specific value as required within the ESP state machine. In order to implement the upcoming deferred interrupt functionality it is necessary to set individual bits within ESP_RINTR so that a deferred interrupt will not overwrite the value of any other interrupt bits. This also requires fixing up a few locations where the ESP_RINTR and ESP_RSEQ registers are set/reset unexpectedly. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-33-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: implement FIFO flush commandMark Cave-Ayland
At this point it is now possible to properly implement the FIFO flush command without causing guest errors. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-32-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: add 4 byte PDMA read and write transfersMark Cave-Ayland
The MacOS toolbox ROM performs 4 byte reads/writes when transferring data to and from the target. Since the SCSI bus is 16-bits wide, use the memory API to split a 4 byte access into 2 x 2 byte accesses. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-31-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: remove pdma_origin from ESPStateMark Cave-Ayland
Now that all data is transferred via the FIFO (ti_buf) there is no need to track the source buffer being used for the data transfer. This also eliminates the need for a separate subsection for PDMA state migration. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-30-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: use FIFO for PDMA transfers between initiator and deviceMark Cave-Ayland
PDMA as implemented on the Quadra 800 uses DREQ to load data into the FIFO up to a maximum of 16 bytes at a time. The MacOS toolbox ROM requires this because it mixes FIFO and PDMA transfers whilst checking the FIFO status and counter registers to ensure success. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-29-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: fix PDMA target selectionMark Cave-Ayland
Currently the target selection for PDMA is done after the SCSI command has been delivered which is not correct. Perform target selection as part of the initial get_cmd() call when the command is submitted: if no target is present, don't raise DRQ. If the target is present then switch to the command phase since the MacOS toolbox ROM checks for this before attempting to submit the SCSI command. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-28-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: rename get_cmd_cb() to esp_select()Mark Cave-Ayland
This better describes the purpose of the function. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-27-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: remove CMD pdma_originMark Cave-Ayland
The cmdbuf is really just a copy of FIFO data (including extra message phase bytes) so its pdma_origin is effectively TI. Fortunately we already know when we are receiving a SCSI command since do_cmd == 1 which enables us to distinguish between the two cases in esp_pdma_read()/esp_pdma_write(). Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-26-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: use in-built TC to determine PDMA transfer lengthMark Cave-Ayland
Real hardware simply counts down using the in-built TC to determine when the the PDMA request is complete. Use the TC to determine the PDMA transfer length which then enables us to remove the redundant pdma_len variable. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-25-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: use ti_wptr/ti_rptr to manage the current FIFO position for PDMAMark Cave-Ayland
This eliminates the last user of the PDMA-specific pdma_cur variable which can now be removed. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-24-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: move PDMA length adjustments into esp_pdma_read()/esp_pdma_write()Mark Cave-Ayland
Here the updates to async_len and ti_size are moved into the corresponding esp_pdma_read()/esp_pdma_write() function to eliminate the reference to pdma_cur in do_dma_pdma_cb(). Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-23-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: remove redundant pdma_start from ESPStateMark Cave-Ayland
Now that PDMA SCSI commands are accumulated in cmdbuf in the same way as normal commands, the existing logic for locating the start of the SCSI command in cmdbuf via cmdlen can be used. This enables the PDMA-specific pdma_start and also get_pdma_buf() to be removed. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-22-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: remove the buf and buflen parameters from get_cmd()Mark Cave-Ayland
Now that all SCSI commands are accumulated in cmdbuf, remove the buf and buflen parameters from get_cmd() since these always reference cmdbuf and ESP_CMDBUF_SZ respectively. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-21-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: remove buf parameter from do_cmd()Mark Cave-Ayland
Now that all SCSI commands are accumulated in cmdbuf, remove the buf parameter from do_cmd() since this always points to cmdbuf. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-20-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: accumulate SCSI commands for PDMA transfers in cmdbuf instead of pdma_bufMark Cave-Ayland
ESP SCSI commands are already accumulated in cmdbuf and so there is no need to keep a separate pdma_buf buffer. Accumulate SCSI commands for PDMA transfers in cmdbuf instead of pdma_buf so update cmdlen accordingly and change pdma_origin for PDMA transfers to CMD which allows the PDMA origin to be removed. This commit also removes a stray memcpy() from get_cmd() which is a no-op because cmdlen is always zero at the start of a command. Notionally the removal of pdma_buf from vmstate_esp_pdma also breaks migration compatibility for the PDMA subsection until its complete removal by the end of the series. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-19-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: move pdma_len and TC logic into esp_pdma_read()/esp_pdma_write()Mark Cave-Ayland
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-18-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: use pdma_origin directly in esp_pdma_read()/esp_pdma_write()Mark Cave-Ayland
This is the first step in removing get_pdma_buf() from esp.c. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-17-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: introduce esp_pdma_read() and esp_pdma_write() functionsMark Cave-Ayland
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-16-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: remove minlen restriction in handle_tiMark Cave-Ayland
The limiting of DMA transfers to the maximum size of the available data is already handled by esp_do_dma() and do_dma_pdma_cb(). Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-15-mark.cave-ayland@ilande.co.uk>
2021-03-07esp: remove dma_left from ESPStateMark Cave-Ayland
The ESP device already keeps track of the remaining bytes left to transfer via its TC (transfer counter) register which is decremented for each byte that is transferred across the SCSI bus. Switch the transfer logic to use the value of TC instead of dma_left and then remove dma_left completely, adding logic to the vmstate_esp post_load() function to transfer the old dma_left value to the TC register during migration from older versions. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20210304221103.6369-14-mark.cave-ayland@ilande.co.uk>