| Age | Commit message (Collapse) | Author |
|---|
|
The MIPS TCG backend implements qemu_ld with 64-bit targets using the v0
register (base) as a temporary to load the upper half of the QEMU TLB
comparator (see line 5 below), however this happens before the input
address is used (line 8 to mask off the low bits for the TLB
comparison, and line 12 to add the host-guest offset). If the input
address (addrl) also happens to have been placed in v0 (as in the second
column below), it gets clobbered before it is used.
addrl in t2 addrl in v0
1 srl a0,t2,0x7 srl a0,v0,0x7
2 andi a0,a0,0x1fe0 andi a0,a0,0x1fe0
3 addu a0,a0,s0 addu a0,a0,s0
4 lw at,9136(a0) lw at,9136(a0) set TCG_TMP0 (at)
5 lw v0,9140(a0) lw v0,9140(a0) set base (v0)
6 li t9,-4093 li t9,-4093
7 lw a0,9160(a0) lw a0,9160(a0) set addend (a0)
8 and t9,t9,t2 and t9,t9,v0 use addrl
9 bne at,t9,0x836d8c8 bne at,t9,0x836d838 use TCG_TMP0
10 nop nop
11 bne v0,t8,0x836d8c8 bne v0,a1,0x836d838 use base
12 addu v0,a0,t2 addu v0,a0,v0 use addrl, addend
13 lw t0,0(v0) lw t0,0(v0)
Fix by using TCG_TMP0 (at) as the temporary instead of v0 (base),
pushing the load on line 5 forward into the delay slot of the low
comparison (line 10). The early load of the addend on line 7 also needs
pushing even further for 64-bit targets, or it will clobber a0 before
we're done with it. The output for 32-bit targets is unaffected.
srl a0,v0,0x7
andi a0,a0,0x1fe0
addu a0,a0,s0
lw at,9136(a0)
-lw v0,9140(a0) load high comparator
li t9,-4093
-lw a0,9160(a0) load addend
and t9,t9,v0
bne at,t9,0x836d838
- nop
+ lw at,9140(a0) load high comparator
+lw a0,9160(a0) load addend
-bne v0,a1,0x836d838
+bne at,a1,0x836d838
addu v0,a0,v0
lw t0,0(v0)
Cc: qemu-stable@nongnu.org
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Do not open a Cocoa window when another display is selected that will be
initialized later. The Cocoa display cannot be selected with -display,
so there is no need to check its argument.
Signed-off-by: Rainer Müller <raimue@codingfarm.de>
Reviewed-by: Andreas Färber <andreas.faerber@web.de>
Message-id: 1441807710-25431-1-git-send-email-raimue@codingfarm.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
# gpg: Signature made Fri 18 Sep 2015 15:59:02 BST using RSA key ID AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>"
* remotes/jnsnow/tags/ide-pull-request:
ahci: clean up initial d2h semantics
ahci: remove cmd_fis argument from write_fis_d2h
ahci: fix signature generation
ahci: remove dead reset code
atapi: abort transfers with 0 byte limits
ide: fix ATAPI command permissions
ide-test: add cdrom dma test
ide-test: add cdrom pio test
qtest/ahci: export generate_pattern
qtest/ahci: use generate_pattern everywhere
ide: unify io_buffer_offset increments
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
with write_fis_d2h and signature generation tidied up,
let's adjust the initial d2h semantics to make more sense.
The initial d2h is considered delivered if there is guest
memory to save it to.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1441140641-17631-5-git-send-email-jsnow@redhat.com
|
|
It's no longer used. We used to generate a D2H FIS based
upon the command FIS that prompted the update, but in reality,
the D2H FIS is generated purely from register state.
cmd_fis is vestigial, so get rid of it.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1441140641-17631-4-git-send-email-jsnow@redhat.com
|
|
The initial register device-to-host FIS no longer needs to specially
set certain fields, as these can be handled generically by setting those
fields explicitly with the signatures we want at port reset time.
(1) Signatures are decomposed into their four component registers and
set upon (AHCI) port reset.
(2) the signature cache register is no longer set manually per-each
device type, but instead just once during ahci_init_d2h.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1441140641-17631-3-git-send-email-jsnow@redhat.com
|
|
This check is dead due to an earlier conditional.
AHCI does not currently support hotplugging, so
checks to see if devices are present or not are useless.
Remove it.
Reported-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1441140641-17631-2-git-send-email-jsnow@redhat.com
|
|
We're supposed to abort on transfers like this, unless we fill
Word 125 of our IDENTIFY data with a default transfer size, which
we don't currently do.
This is an ATA error, not a SCSI/ATAPI one.
See ATA8-ACS3 sections 7.17.6.49 or 7.21.5.
If we don't do this, QEMU will loop forever trying to transfer
zero bytes, which isn't particularly useful.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1442253685-23349-2-git-send-email-jsnow@redhat.com
|
|
We're a little too lenient with what we'll let an ATAPI drive handle.
Clamp down on the IDE command execution table to remove CD_OK permissions
from commands that are not and have never been ATAPI commands.
For ATAPI command validity, please see:
- ATA4 Section 6.5 ("PACKET Command feature set")
- ATA8/ACS Section 4.3 ("The PACKET feature set")
- ACS3 Section 4.3 ("The PACKET feature set")
ACS3 has a historical command validity table in Table B.4
("Historical Command Assignments") that can be referenced to find when
a command was introduced, deprecated, obsoleted, etc.
The only reference for ATAPI command validity is by checking that
version's PACKET feature set section.
ATAPI was introduced by T13 into ATA4, all commands retired prior to ATA4
therefore are assumed to have never been ATAPI commands.
Mandatory commands, as listed in ATA8-ACS3, are:
- DEVICE RESET
- EXECUTE DEVICE DIAGNOSTIC
- IDENTIFY DEVICE
- IDENTIFY PACKET DEVICE
- NOP
- PACKET
- READ SECTOR(S)
- SET FEATURES
Optional commands as listed in ATA8-ACS3, are:
- FLUSH CACHE
- READ LOG DMA EXT
- READ LOG EXT
- WRITE LOG DMA EXT
- WRITE LOG EXT
All other commands are illegal to send to an ATAPI device and should
be rejected by the device.
CD_OK removal justifications:
0x06 WIN_DSM Defined in ACS2. Not valid for ATAPI.
0x21 WIN_READ_ONCE Retired in ATA5. Not ATAPI in ATA4.
0x94 WIN_STANDBYNOW2 Retired in ATA4. Did not coexist with ATAPI.
0x95 WIN_IDLEIMMEDIATE2 Retired in ATA4. Did not coexist with ATAPI.
0x96 WIN_STANDBY2 Retired in ATA4. Did not coexist with ATAPI.
0x97 WIN_SETIDLE2 Retired in ATA4. Did not coexist with ATAPI.
0x98 WIN_CHECKPOWERMODE2 Retired in ATA4. Did not coexist with ATAPI.
0x99 WIN_SLEEPNOW2 Retired in ATA4. Did not coexist with ATAPI.
0xE0 WIN_STANDBYNOW1 Not part of ATAPI in ATA4, ACS or ACS3.
0xE1 WIN_IDLEIMMDIATE Not part of ATAPI in ATA4, ACS or ACS3.
0xE2 WIN_STANDBY Not part of ATAPI in ATA4, ACS or ACS3.
0xE3 WIN_SETIDLE1 Not part of ATAPI in ATA4, ACS or ACS3.
0xE4 WIN_CHECKPOWERMODE1 Not part of ATAPI in ATA4, ACS or ACS3.
0xE5 WIN_SLEEPNOW1 Not part of ATAPI in ATA4, ACS or ACS3.
0xF8 WIN_READ_NATIVE_MAX Obsoleted in ACS3. Not ATAPI in ATA4 or ACS.
This patch fixes a divide by zero fault that can be caused by sending
the WIN_READ_NATIVE_MAX command to an ATAPI drive, which causes it to
attempt to use zeroed CHS values to perform sector arithmetic.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1441816082-21031-1-git-send-email-jsnow@redhat.com
CC: qemu-stable@nongnu.org
|
|
Now, test the DMA functionality of the ATAPI drive.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1441926555-19471-5-git-send-email-jsnow@redhat.com
|
|
Add a simple read test for ATAPI devices,
using the PIO mechanism.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1441926555-19471-4-git-send-email-jsnow@redhat.com
|
|
Share the pattern function for ide and ahci test.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1441926555-19471-3-git-send-email-jsnow@redhat.com
|
|
Fix the pattern generation to actually be interesting,
and make sure all buffers in the ahci-test actually use it.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-id: 1441926555-19471-2-git-send-email-jsnow@redhat.com
|
|
into staging
Error reporting patches
# gpg: Signature made Fri 18 Sep 2015 13:42:49 BST using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>"
* remotes/armbru/tags/pull-error-2015-09-18:
memory: Fix bad error handling in memory_region_init_ram_ptr()
loader: Fix memory_region_init_resizeable_ram() error handling
Fix bad error handling after memory_region_init_ram()
error: New error_fatal
MAINTAINERS: Add "Error reporting" entry
error: Copy location information in error_copy()
hmp: Allow for error message hints on HMP
error: only prepend timestamp on stderr
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Commit ef701d7 screwed up handling of out-of-memory conditions.
Before the commit, we report the error and exit(1), in one place. The
commit lifts the error handling up the call chain some, to three
places. Fine. Except it uses &error_abort in these places, changing
the behavior from exit(1) to abort(), and thus undoing the work of
commit 3922825 "exec: Don't abort when we can't allocate guest
memory".
The previous two commits fixed one of the three places, another one
was fixed in commit 33e0eb5. This commit fixes the third one.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1441983105-26376-5-git-send-email-armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
|
|
Commit ef701d7 screwed up handling of out-of-memory conditions.
Before the commit, we report the error and exit(1), in one place. The
commit lifts the error handling up the call chain some, to three
places. Fine. Except it uses &error_abort in these places, changing
the behavior from exit(1) to abort(), and thus undoing the work of
commit 3922825 "exec: Don't abort when we can't allocate guest
memory".
The previous commit fixed up uses of memory_region_init_ram(). One of
them was replaced by memory_region_init_resizeable_ram() [sic!] in
commit a166614, so Coccinelle missed it. Fix it up.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1441983105-26376-4-git-send-email-armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
|
|
Symptom:
$ qemu-system-x86_64 -m 10000000
Unexpected error in ram_block_add() at /work/armbru/qemu/exec.c:1456:
upstream-qemu: cannot set up guest memory 'pc.ram': Cannot allocate memory
Aborted (core dumped)
Root cause: commit ef701d7 screwed up handling of out-of-memory
conditions. Before the commit, we report the error and exit(1), in
one place, ram_block_add(). The commit lifts the error handling up
the call chain some, to three places. Fine. Except it uses
&error_abort in these places, changing the behavior from exit(1) to
abort(), and thus undoing the work of commit 3922825 "exec: Don't
abort when we can't allocate guest memory".
The three places are:
* memory_region_init_ram()
Commit 4994653 (right after commit ef701d7) lifted the error
handling further, through memory_region_init_ram(), multiplying the
incorrect use of &error_abort. Later on, imitation of existing
(bad) code may have created more.
* memory_region_init_ram_ptr()
The &error_abort is still there.
* memory_region_init_rom_device()
Doesn't need fixing, because commit 33e0eb5 (soon after commit
ef701d7) lifted the error handling further, and in the process
changed it from &error_abort to passing it up the call chain.
Correct, because the callers are realize() methods.
Fix the error handling after memory_region_init_ram() with a
Coccinelle semantic patch:
@r@
expression mr, owner, name, size, err;
position p;
@@
memory_region_init_ram(mr, owner, name, size,
(
- &error_abort
+ &error_fatal
|
err@p
)
);
@script:python@
p << r.p;
@@
print "%s:%s:%s" % (p[0].file, p[0].line, p[0].column)
When the last argument is &error_abort, it gets replaced by
&error_fatal. This is the fix.
If the last argument is anything else, its position is reported. This
lets us check the fix is complete. Four positions get reported:
* ram_backend_memory_alloc()
Error is passed up the call chain, ultimately through
user_creatable_complete(). As far as I can tell, it's callers all
handle the error sanely.
* fsl_imx25_realize(), fsl_imx31_realize(), dp8393x_realize()
DeviceClass.realize() methods, errors handled sanely further up the
call chain.
We're good. Test case again behaves:
$ qemu-system-x86_64 -m 10000000
qemu-system-x86_64: cannot set up guest memory 'pc.ram': Cannot allocate memory
[Exit 1 ]
The next commits will repair the rest of commit ef701d7's damage.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1441983105-26376-3-git-send-email-armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
|
|
Similar to error_abort, but doesn't report where the error was
created, and terminates the process with exit(1) rather than abort().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1441983105-26376-2-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
|
|
Error reporting work has been flowing through my tree for a while.
Time for MAINTAINERS to catch up.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1442057396-21989-1-git-send-email-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
|
|
Commit 1e9b65bb forgot to propagate source information to copied
errors.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1441902890-23064-1-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
|
|
Commits 7216ae3d and d2828429 disabled some error message hints,
all because a change to use modern error reporting meant that the
hint would be output prior to the actual error. Fix this by making
hints a first-class member of Error.
For example, we are now back to the pleasant:
$ qemu-system-x86_64 --nodefaults -S --vnc :0 --chardev null,id=,
qemu-system-x86_64: --chardev null,id=,: Parameter 'id' expects an identifier
Identifiers consist of letters, digits, '-', '.', '_', starting with a letter.
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1441901956-21991-1-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
|
|
The -msg timestamp=on option prepends a timestamp to error messages.
This is useful on stderr where it allows users to identify when an error
was raised.
Timestamps do not make sense on the monitor since error_report() is
called in response to a synchronous monitor command and the user already
knows "when" the command was issued. Additionally, the rest of the
monitor conversation lacks timestamps so the error timestamp cannot be
correlated with other activity.
Only prepend timestamps on stderr. This fixes libvirt's 'drive_del'
processing, which did not expect a timestamp. Other QEMU monitor
clients are probably equally confused by timestamps on monitor error
messages.
Cc: Markus Armbruster <armbru@redhat.com>
Cc: Seiji Aguchi <seiji.aguchi@hds.com>
Cc: Frank Schreuder <fschreuder@transip.nl>
Cc: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <1439212541-16997-1-git-send-email-stefanha@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Tested-by: Frank Schreuder <fschreuder@transip.nl>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
|
|
MIPS patches 2015-09-18
Changes:
* fixes for rdhwr, tlbwr, mtc0, recip.fmt, rsqrt.fmt and daui instructions
* removal of MIPS_DEBUG code
* use tcg_gen_extrh_i64_i32()
* improve random tlb index generation in cpu_mips_get_random()
* exception handling improvements to correctly restore icount
# gpg: Signature made Fri 18 Sep 2015 12:15:28 BST using RSA key ID 0B29DA6B
# gpg: Good signature from "Leon Alrae <leon.alrae@imgtec.com>"
* remotes/lalrae/tags/mips-20150918:
target-mips: improve exception handling
target-mips: correct MTC0 instruction on MIPS64
target-mips: add missing restriction in DAUI instruction
target-mips: fix corner case in TLBWR causing QEMU to hang
pic32: use LCG algorithm for generated random index of TLBWR instruction
target-mips: get rid of MIPS_DEBUG_SIGN_EXTENSIONS
target-mips: get rid of MIPS_DEBUG
target-mips: Fix RDHWR on CP0.Count
target-mips: remove wrong checks for recip.fmt and rsqrt.fmt
target-mips: Use tcg_gen_extrh_i64_i32
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
This patch improves exception handling in MIPS.
Instructions generate several types of exceptions.
When exception is generated, it breaks the execution of the current
translation block. Implementation of the exceptions handling does not
correctly restore icount for the instruction which caused the exception.
In most cases icount will be decreased by the value equal to the size of
TB. This patch passes pointer to the translation block internals to the
exception handler. It allows correct restoring of the icount value.
Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
[leon.alrae@imgtec.com: avoid retranslation in linux-user SC, break lines
which are over 80 chars, remove v3 changelog from the commit message]
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
|
|
MTC0 on a 64-bit processor should move entire 64-bit GPR content to CP0
register.
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
rs cannot be the zero register, Reserved Instruction exception must be
signalled for this case.
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
cpu_mips_get_random() function is used to generate a random index from
CP0.Wired to TLBSize-1 range. Current implementation avoids generating
the same as before value, hence the while loop. If the guest sets
CP0.Wired to TLBSize-1 (which actually does not sound to be very
practical) QEMU will get stuck in the loop infinitely as we always
generate the same index.
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
The LFSR algorithm, used for generating random TLB indexes for TLBWR
instruction, was inclined to produce a degenerate sequence in some cases.
For example, for 16-entry TLB size and Wired=1, it gives: 15, 6, 7, 2,
7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2...
When replaced with LCG algorithm from ISO/IEC 9899 standard, the sequence
looks much better, with about the same computational effort needed.
Signed-off-by: Serge Vakulenko <serge.vakulenko@gmail.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
|
|
MIPS_DEBUG_SIGN_EXTENSIONS was used sometimes ago to verify that 32-bit
instructions correctly sign extend their results. It's now not need
anymore, remove it.
Cc: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
|
|
MIPS_DEBUG is a define used to dump the instruction disassembling. It
has to be defined at compile time. In practice I believe it's more
efficient to just look at the instruction disassembly and op dump using
-d in_asm,op. This patch therefore removes the corresponding code, which
clutters translate.c.
Cc: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
|
|
For RDHWR on the CP0.Count register, env->CP0_Count was being returned.
This value is a delta against the QEMU_CLOCK_VIRTUAL clock, not the
correct current value of CP0.Count. Use cpu_mips_get_count() instead.
Signed-off-by: Alex Smith <alex.smith@imgtec.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
|
|
Instructions recip.{s|d} and rsqrt.{s|d} do not require 64-bit FPU neither
they require any particular mode for its FPU. This patch removes the checks
that may break a program that uses these instructions.
Signed-off-by: Petar Jovanovic <petar.jovanovic@imgtec.com>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
|
|
We can tidy gen_load_fpr32h, as well as introduce a helper
to cleanup the MACC instructions.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Leon Alrae <leon.alrae@imgtec.com>
Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
|
|
IDEState's io_buffer_offset was originally added to keep track of offsets
in AHCI rather exclusively, but it was added to IDEState instead of an
AHCI-specific structure.
AHCI fakes all PIO transfers using DMA and a scatter-gather list. When
the core or atapi layers invoke HBA-specific mechanisms for transfers,
they do not always know that it is being backed by DMA or a sglist, so
this offset is not always updated by the HBA code everywhere.
If we modify it in dma_buf_commit, however, any HBA that needs to use
this offset to manage operating on only part of a sglist will have
access to it.
This will fix ATAPI PIO transfers performed through the AHCI HBA,
which were previously not modifying this value appropriately.
This will fix ATAPI PIO transfers larger than one sector.
Reported-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1440546331-29087-2-git-send-email-jsnow@redhat.com
CC: qemu-stable@nongnu.org
|
|
Update the CRIS CPU state save/load to use a VMStateDescription struct
rather than cpu_save/cpu_load functions.
Have to define TLBSet struct.
Multidimensional arrays in C are a mess, just unroll them.
Signed-off-by: Juan Quintela <quintela@redhat.com>
[PMM:
* expand commit message a little since it's no longer one patch in
a 35-patch series
* add header/copyright comment to machine.c; credited copyright is
Red Hat and author is Juan, since this commit gives the file all-new
contents; license is LGPL-2-or-later, to match other target-cris code
* remove hardcoded tab
* add fields for locked_irq, interrupt_vector, fault_vector, trap_vector
* drop minimum_version_id_old fields
* bump version_id to 2 as we are not compatible with old state format
* remove unnecessary hw/boards.h include
* update to register via dc->vmsd]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
|
|
staging
# gpg: Signature made Thu 17 Sep 2015 12:43:56 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
* remotes/stefanha/tags/net-pull-request:
net: smc91c111: flush packets on RCR register changes
net: smc91c111: gate can_receive() on rx FIFO having a slot
net: smc91c111: guard flush_queued_packets() on can_rx()
MAINTAINERS: Stefan will not maintain net subsystem
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
The SOFT_RST or RXEN in the control register can be used as a condition
to unblock the net layer via can_receive(). So check for possible
flushes on RCR changes. This will drop all pending packets on soft
reset or disable which is the functional intent of the can_receive()
logic.
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Tested-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Message-id: b114d4c96f4afbdaa15f1361d9c07e3021755915.1441873621.git.crosthwaite.peter@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
Return false from can_receive() when the FIFO doesn't have a free RX
slot. This fixes a bug in the current code where the allocated buffer
is freed before the fifo pop, triggering a premature flush of queued RX
packets. It also will handle a corner case, where the guest manually
frees the allocated buffer before popping the rx FIFO (hence it is not
enough to just delay the flush_queued_packets()).
Reported-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Tested-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Message-id: 97bfdfc5cbce0bd5e0cbbbff35ce7a1bf6f8603d.1441873621.git.crosthwaite.peter@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
Check that the core can once again receive packets before asking the
net layer to do a flush. This will make it more convenient to flush
packets when adding new conditions to can_receive.
Add missing if braces while moving the can_receive() core code.
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Tested-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Message-id: 92e15e12a6964274f4bc0eb71b61a7d94326f6c6.1441873621.git.crosthwaite.peter@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
* Linux header update and cleanup
* Support for HyperV crash report
* Cleanup of target-specific HMP commands
* Multiarch batch
* Checkpatch fix for Perl 5.22
* NBD fix
* Revert incorrect commit 5243722376
# gpg: Signature made Wed 16 Sep 2015 16:39:01 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
* remotes/bonzini/tags/for-upstream: (24 commits)
nbd: release exp->blk after all clients are closed
checkpatch: Escape left braces in regex
monitor: uninclude cpu_ldst
include/exec: Move cputlb exec.c defs out
cputlb: Change tlb_set_dirty() arg to cpu
cputlb: move CPU_LOOP() for tlb_reset() to exec.c
translate: move real_host_page setting to -common
tcg: Move tci_tb_ptr to -common
tcg: split tcg_op_defs to -common
translate-all: Move tcg_handle_interrupt() to -common
cpu-exec: Migrate some generic fns to cpu-exec-common
qemu-char: Use g_new() & friends where that makes obvious sense
monitor: added generation of documentation for hmp-commands-info.hx
hmp-commands.hx: fix end of table info
monitor: remove target-specific code from monitor.c
hmp-commands-info: move info_cmds content out of monitor.c
i386/kvm: Hyper-v crash msrs set/get'ers and migration
kvm: Add kvm system event crash handler
cpu: Add crash_occurred flag into CPUState
target-i386: move asm-x86/hyperv.h to standard-headers
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
If the socket fd is shutdown, there may be some data which is received before
shutdown. We will read the data and do read/write in nbd_trip(). But the exp's
blk is NULL, and it will cause qemu crashed.
Reported-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Message-Id: <55F929E2.1020501@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Latest perl now deprecates "{" literal in regex and print warnings like
"unescaped left brace in regex is deprecated". Add escape to keep it
happy.
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-Id: <1441969656-2640-1-git-send-email-famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
This header is non-needed anymore and wont work in multi-arch where
this service is not provided to core code.
Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <4e96622ab5320603829b6f94b8c4e94d573d34fc.1441614289.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Move the architecture agnostic function prototypes for exec.c out of
cputlb.h to exec-all.h. This allows hiding of the arch specific
cputlb.h from exec.c which should be getting close to having no
architecture specifics. Prepares support for multi-arch, which will have
a minimal cpu.h that services exec.c but not cputlb.h.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <b4fe754c58c860315e35d44430c26b1c967ce2c9.1441614289.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Change tlb_set_dirty() to accept a CPU instead of an env pointer. This
allows for removal of another CPUArchState usage from prototypes that
need to be QOMified.
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <d2b1dcbe7945112989861d8ba7369449c11cc273.1441614289.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
To prepare for multi-arch, cputlb.c should only have awareness of one
single architecture. This means it should not have access to the full
CPU lists which may be heterogeneous. Instead, push the CPU_LOOP() up
to the one and only caller in exec.c.
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <db06dc6c49f8970caaf116d0385f00ee10a56f2f.1441614289.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Move the size and mask globals for the "real" host page size to
translate-common. This is to allow system-level code to use
REAL_HOST_PAGE_ALIGN and friends in builds which hide translate-all
behind arch-obj.
Cc: dgilbert@redhat.com
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <b437638691f044bc690a7f03b1240c8b0f34ab57.1441614289.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
This requires global visibility to common code. Move to tcg-common.
Cc: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <cb0340eba225ab4945aa6cf7c9013f33aa05bcf8.1441614289.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
tcg_op_defs (and the _max) are both needed by the TCI disassembler. For
multi-arch, tcg.c will be multiple-compiled (arch-obj) with its symbols
hidden from common code. So split the definition off to new file,
tcg-common.c which will remain a regular obj-y for use by both the TCI
disas as well as the multiple tcg.c's.
Cc: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <4b607425886d85aee65878e4935dfad46b3e6085.1441614289.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Move this function to common code. It has no arch specific
dependencies. Prepares support for multi-arch where the translate-all
interface needs to be virtualised. One less thing to virtualise.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <44a7c73604ed2552af47ed02b047b6a772b683e0.1441614289.git.crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
