| Age | Commit message (Collapse) | Author |
|---|
|
Refuse iso usb packets when then max packet size for the endpoint is 0,
this avoids an abort in usb_host_alloc_iso() caused by trying to qemu_malloc
a 0 bytes large buffer.
|
|
If an endpoint is not in the usb descriptor we've no idea what kind of
endpoint it is and thus how to handle it, refuse packages in this case.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
Currently we are submitting iso packets to the host one at a time, as we
receive them from the emulated host controller. This has 2 problems:
1) If we were fast enough to submit every packet in time for the next host host
controller usb frame, we would be generating 1000 hardware interrupts per
second on the host
2) We are not fast enough to submit every packet in time for the next host host
controller usb frame, causing us to not submit iso urbs in some usb frames
which causes devices with an endpoint with an interval of 1 ms (so every
frame) to loose data. This causes for example ubs-1.1 webcams to not work
properly (usb-2.0 is not supported at all atm).
This patch fixes both problems by changing the iso packet pass through handling
to buffer packets. This version only does so for iso input packets (webcams,
audio in) I'm working on a second patch extending this to iso output packets
(audio out).
This patch makes use of the linux batching of iso packets in one urb.
When an iso in packet gets received from the emulated host controller,
it immediately submits 3 urbs with 32 iso in packets each. This causes
the host to only get an hw interrupt every 32 packets dropping the
interrupt rate to 32 interrupts per second and gives it a queue of urbs
to work from once the first 32 iso in packets have been received to make sure
no packets are dropped.
Besides submitting a whole bunch or urbs as soon as the first urb is
received, effectively creating a buffer inside the kernel, this patch also
gets rid of the asynchroneous completion for iso in urbs. Instead they are
only marked as complete in the fd write callback (which usbfs uses to signal
complete urbs). These complete packets then get consumed by returning them
synchroneously to the emulated host controller when it submits an iso in
packet for the ep in question. When no complete packets are ready (which
happens when the stream is starting) a 0 length packet gets returned to
the emulated host controller.
With this patch I've several usb-1.1 webcams working well with usb pass
through, where as without this patch none of them work.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
At least one device I have lies when receiving a USB_REQ_GET_INTERFACE,
always returning 0 even if the alternate setting is different. This is
likely caused because in practice this control message is never used as
the operating system's usb stack knows which alternate setting it has
told the device to get into, and thus this ctrl message does not get
tested by device manufacturers.
When usb_fs_type == USB_FS_SYS, the active alt. setting can be read directly
from sysfs, which allows using this device through qemu's usb redirection.
More in general it seems a good idea to not send needless control msg's to
devices, esp. as the code in question is called every time a set_interface
is done. Which happens multiple times during virtual machine startup, and
when device drivers are activating the usb device.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
The next patch in this series introduces multiple ways to get the
alt setting dependent upon usb_fs_type, it is cleaner to put this
into its own function.
Note that this patch also changes the assumed alt setting in case
of an error getting the alt setting to be 0 (a sane default) rather
then the interface numberwhich makes no sense.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
Signed-off-by: Nick Thomas <nick@bytemark.co.uk>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Change the signal handling to indicate a signal is pending, rather
then printing directly from the signal handler.
In addition make the signal prints go to stderr, rather than stdout.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Signed-off-by: Alon Levy <alevy@redhat.com>
Acked-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
After the re-org of the atapi code, it might not be intuitive for a
reader of the code to understand why we're inserting a 'media not
present' state between cd changes.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Move misplaced comment for media_is_dvd()
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
For shrinking images, you're supposed to use a negative size. However, the
leading minus makes getopt think that it's an option and so you get the help
text if you don't use -- like in 'qemu-img resize test.img -- -1G'.
This patch handles the size first and removes it from the argument list so that
getopt won't even try to interpret it and you don't need -- any more.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
This patch adds support for Milkymist's minimal Ethernet MAC v2. It
superseds minimac1.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
|
|
Prevent timers from firing right after starting.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
|
|
After enabling the framebuffer, ensure that the console is resized.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
|
|
Global interrupt enable bit is already saved within the exception handler
helper routine. Thus remove extra code in translation routines.
Additionally, debug exceptions has always DEBA as base address.
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
|
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
This change fixes a long-standing immediate crash (memory corruption
and abort in glibc malloc code) in migration on 32bits.
The bug is present since this commit:
commit 692d9aca97b865b0f7903565274a52606910f129
Author: Bruce Rogers <brogers@novell.com>
Date: Wed Sep 23 16:13:18 2009 -0600
qemu-kvm: allocate correct size for dirty bitmap
The dirty bitmap copied out to userspace is stored in a long array,
and gets copied out to userspace accordingly. This patch accounts
for that correctly. Currently I'm seeing kvm crashing due to writing
beyond the end of the alloc'd dirty bitmap memory, because the buffer
has the wrong size.
Signed-off-by: Bruce Rogers
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
--- a/qemu-kvm.c
+++ b/qemu-kvm.c
@@ int kvm_get_dirty_pages_range(kvm_context_t kvm, unsigned long phys_addr,
- buf = qemu_malloc((slots[i].len / 4096 + 7) / 8 + 2);
+ buf = qemu_malloc(BITMAP_SIZE(slots[i].len));
r = kvm_get_map(kvm, KVM_GET_DIRTY_LOG, i, buf);
BITMAP_SIZE is now open-coded in that function, like this:
size = ALIGN(((mem->memory_size) >> TARGET_PAGE_BITS), HOST_LONG_BITS) / 8;
The problem is that HOST_LONG_BITS in 32bit userspace is 32
but it's 64 in 64bit kernel. So userspace aligns this to
32, and kernel to 64, but since no length is passed from
userspace to kernel on ioctl, kernel uses its size calculation
and copies 4 extra bytes to userspace, corrupting memory.
Here's how it looks like during migrate execution:
our=20, kern=24
our=4, kern=8
...
our=4, kern=8
our=4064, kern=4064
our=512, kern=512
our=4, kern=8
our=20, kern=24
our=4, kern=8
...
our=4, kern=8
our=4064, kern=4064
*** glibc detected *** ./x86_64-softmmu/qemu-system-x86_64: realloc(): invalid next size: 0x08f20528 ***
(our is userspace size above, kern is the size as calculated
by the kernel).
Fix this by always aligning to 64 in a hope that no platform will
have sizeof(long)>8 any time soon, and add a comment describing it
all. It's a small price to pay for bad kernel design.
Alternatively it's possible to fix that in the kernel by using
different size calculation depending on the current process.
But this becomes quite ugly.
Special thanks goes to Stefan Hajnoczi for spotting the fundamental
cause of the issue, and to Alexander Graf for his support in #qemu.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
CC: Bruce Rogers <brogers@novell.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
|
|
KVM only requires to set the raised IRQ in CPUState and to kick the
receiving vcpu if it is remote. Installing a specialized handler allows
potential future changes to the TCG code path without risking KVM side
effects.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
This allows to override the interrupt handling of QEMU in system mode.
KVM will make use of it to set a specialized handler.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
Both have only two lines in common, and we will convert the system
service into a callback which is of no use for user mode operation.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
CC: Riku Voipio <riku.voipio@iki.fi>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
kvmclock presence can be signalled by two different flags. So for
device creation, we have to test for both.
Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
|
|
We have two bits that can represent kvmclock in cpuid.
They signal the guest which msr set to use. When we tweak flags
involving this value - specially when we use "-", we have to act on both.
Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
|
|
kvmclock is represented by two feature bits. Therefore, lookup_feature
needs to continue its search even after the first match. Enhance it
accordingly and switch to a bool return type at this chance.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
|
|
new capabilities
Use the features provided by KVM_GET_SUPPORTED_CPUID directly to
mask out features from guest-visible cpuid.
The old get_para_features() mechanism is kept for older kernels that do not implement it.
Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
|
|
The kernel doesn't fill the buffer provided to sched_getaffinity
with zero bytes, so neither should QEMU.
Signed-off-by: Mike McCormack <mj.mccormack@samsung.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
|
|
Zeroing of the cpu array should start from &cpus[kernel_ret]
not &cpus[num_zeros_to_fill].
This fixes a crash in EFL's edje_cc running under qemu-arm.
Signed-off-by: Mike McCormack <mj.mccormack@samsung.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Acked-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
|
|
Debian Lenny and other installations with older linux versions
failed to compile linux-user because some CLONE_xxx macros are
undefined.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
|
|
* 'patches' of git://qemu.weilnetz.de/git/qemu:
qemu-timer: Fix timers for w32
qemu-timer: Avoid type casts
qemu-timer: Remove unneeded include statement (w32)
qemu-timer: Add and use new function qemu_timer_expired_ns
|
|
The latest virtfs pull broke the cris-softmmu target.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
|
|
|
|
The virtio serial specification requres that the values in the config
space are encoded in native endian of the guest.
The qemu virtio-serial code did not do conversion to the guest endian
format what caused problems when host and guest use different format.
This patch corrects the qemu side, correctly doing host-native <->
guest-native conversions when accessing the config space. This won't
break any setups that aren't already broken, and fixes the case
of different host and guest endianness.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
Juan says he prefers these extra checks to ensure a user of a chardev is
releasing it.
Requested-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
This fixes regression caused by commit
2d6c1ef40f3678ab47a4d14fb5dadaa486bfcda6
("char: Prevent multiple devices opening same chardev"):
-nodefaults -nographic -chardev stdio,id=stdio,mux=on,signal=off \
-mon stdio -device virtio-serial-pci \
-device virtconsole,chardev=stdio -device isa-serial,chardev=stdio
fails with:
qemu-system-x86_64: -device isa-serial,chardev=stdio: Property 'isa-serial.chardev' can't take value 'stdio', it's in use
Signed-off-by: Kusanagi Kouichi <slash@ac.auone-net.jp>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
Note the vmc_register_interface() in spice_chr_write is left in place
in case someone uses spice-chardev with a frontend which does not have
guest open / close notification.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
Some frontends know when the guest has opened the "channel" and is actively
listening to it, for example virtio-serial. This patch adds 2 new qemu-chardev
functions which can be used by frontends to signal guest open / close, and
allows interested backends to listen to this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
|
|
Make sure the base register isn't updated if it is in the load list
for a Thumb LDM (T1 encoding) which aborts partway through the load.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
target-arm: fix LDMIA bug on page boundary
When consecutive memory locations are on page boundary, a base register may be
loaded before page fault occurs. After page fault handling, it losts the memory
location information. To solve this problem, loading a base register has to put back.
Signed-off-by: Yuyeon Oh <yuyeon.oh@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
So far we set IRR for edge IRQs even if the pin is masked. If the guest
later on unmasks and switches the pin to level-triggered mode, irr will
remain set, causing an IRQ storm. The point is that setting IRR is not
correct in this case according to the spec, and avoiding this resolves
the issue.
Reported-and-tested-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
The -virtfs option creates an fsdev representing the pass-through file
system and a guest-visible virtio-9p-pci device that can access this
file system. This patch replaces the string manipulation used to build
and reparse option lists with direct QemuOpts calls. Removing the
string manipulation code makes it easier to maintain and less error
prone.
An error message is also updated to use "mount_tag" instead of
"mnt_tag".
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
|
|
The nwnames field in TWALK message is assumed to be >=0 and <= MAXWELEM
which is defined as macro P9_MAXWELEM (16) in virtio-9p.h as per 9p2000
RFC. Appropriate changes are required in V9fsWalkState and v9fs_walk.
Signed-off-by: Harsh Prateek Bora <harsh@linux.vnet.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
|
|
This patch removes the addition of null char in symlink file
which is being appended to file in case of mapped security model.
Without this patch, the extra null char causes LTP testcase lstat03
to fail and hence this fix is required.
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
|
|
LCREATE function packs address of iounit in the pdu, fix that to send
actual iounit itself.
Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Acked-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
|
|
If we don't have default acl, removexattr on default acl
should return 0
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
|
|
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
|
|
Now that we start adding more files related to 9pfs
it make sense to move them to a separate directory
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
|
|
Commit 5145b3d1cc revealed a bug in the lazy ROMD switch-back logic, but
resolved it by breaking that feature. This approach addresses the issue
by switching back to ROMD after a certain amount of read accesses
without further unlock sequences.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
cppcheck reports this error:
commpage.c:223: error: Possible null pointer dereference:
value - otherwise it is redundant to check if value is null at line 214
The null pointer check in line 214 is indeed not needed.
If value were null, the code would crash in line 223.
See do_compare_and_swap64 were for a reference.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
* 'for-anthony' of git://repo.or.cz/qemu/kevin:
Remove obsolete 'enabled' variable from progress state
Add dd-style SIGUSR1 progress reporting
qed: Fix consistency check on 32-bit hosts
ide/atapi: Introduce CHECK_READY flag for commands
ide/atapi: Replace bdrv_get_geometry calls by s->nb_sectors
ide/atapi: Use table instead of switch for commands
ide/atapi: Factor commands out
ide: Split atapi.c out
Improve accuracy of block migration bandwidth calculation
atapi: Add 'medium ready' to 'medium not ready' transition on cd change
qemu-img: allow rebase to a NULL backing file when unsafe
|
