aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2011-05-27virtio-serial: Plug memory leak on qdev exit()Markus Armbruster
virtio_serial_init() allocates the VirtIOSerialBus dynamically, but virtio_serial_exit() doesn't free it. Fix by getting rid of the allocation. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
2011-05-27virtio-serial-bus: use bh for unthrottlingAlon Levy
Instead of calling flush_queued_data when unthrottling, schedule a bh. That way we can return immediately to the caller, and the flush uses the same call path as a have_data for callbackee. No migration change is required because bh are called from vm_stop. Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
2011-05-26scsi: ignore LUN field in the CDBPaolo Bonzini
The LUN field in the CDB is a historical relic. Ignore it as reserved, which is what modern SCSI specifications actually say. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: rename arguments to the new callbacksPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Cc: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: split command_complete callback in twoPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Cc: Christoph Hellwig <hch@lst.de>
2011-05-26esp: rename sense to statusPaolo Bonzini
This mirrors the LSI patch that was recently committed. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Cc: Christoph Hellwig <hch@lst.de>
2011-05-26scsi-generic: Handle queue fullPaolo Bonzini
The sg driver currently has a hardcoded limit of commands it can handle simultaneously. When this limit is reached the driver will return -EDOM. So we need to capture this to enable proper return values here. Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: make write_data return voidPaolo Bonzini
The return value is unused anyway. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26scsi-disk: add data direction checkingHannes Reinecke
scsi_req_parse() already provides for a data direction setting, so we should be using it to check for correct direction. And we should return the sense code 'INVALID FIELD IN CDB' in these cases. Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: Implement 'get_sense' callbackHannes Reinecke
The get_sense callback copies existing sense information into the provided buffer. This is required if sense information should be transferred together with the command response. Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: introduce scsi_req_get_bufPaolo Bonzini
... and remove some SCSIDevice variables or fields that now become unused. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: introduce scsi_req_continuePaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Cc: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: introduce scsi_req_newPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: do not call send_command directlyPaolo Bonzini
Move the common part of scsi-disk.c and scsi-generic.c to the SCSI layer. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: Update sense code handlingHannes Reinecke
The SCSI spec has a quite detailed list of sense codes available. It even mandates the use of specific ones for some failure cases. The current implementation just has one type of generic error which is actually a violation of the spec in certain cases. This patch introduces various predefined sense codes to have the sense code reporting more in line with the spec. On top of Hannes's patch I fixed the reply to REQUEST SENSE commands with DESC=0 and a small (<18) length. Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: use scsi_req_completePaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: introduce scsi_req_cancelPaolo Bonzini
This is for when the request must be dropped in the void, but still memory should be freed. To this end, the devices register a second callback in SCSIBusOps. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: introduce scsi_req_abortPaolo Bonzini
This covers the case of canceling a request's I/O and still completing it. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: commonize purging requestsPaolo Bonzini
The code for canceling requests upon reset is already the same. Clean it up and move it to scsi-bus.c. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: Use 'SCSIRequest' directlyHannes Reinecke
Currently the SCSIRequest structure is abstracted away and cannot accessed directly from the driver. This requires the handler to do a lookup on an abstract 'tag' which identifies the SCSIRequest structure. With this patch the SCSIRequest structure is exposed to the driver. This allows use to use it directly as an argument to the SCSIDeviceInfo callback functions and remove the lookup. A new callback function 'alloc_req' is introduced matching 'free req'; unref'ing to free up resources after use is moved into the scsi_command_complete callbacks. This temporarily introduces a leak of requests that are cancelled, when they are removed from the queue and not from the driver. This is fixed later by introducing scsi_req_cancel. That patch in turn depends on this one, because the argument to scsi_req_cancel is a SCSIRequest. Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26lsi: extract lsi_find_by_tagPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: reference-count requestsPaolo Bonzini
With the next patch, a device may hold SCSIRequest for an indefinite time. Split a rather big patch, and protect against access errors, by reference counting them. There is some ugliness in scsi_send_command implementation due to the need to unref the request when it fails. This will go away with the next patches, which move the unref'ing to the devices. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Cc: Christoph Hellwig <hch@lst.de>
2011-05-26scsi-generic: do not use a stale aiocbPaolo Bonzini
If a request is canceled after it has been completed, scsi_cancel_io would pass a stale aiocb to bdrv_aio_cancel. Avoid this. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Cc: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: introduce SCSIBusOpsPaolo Bonzini
There are more operations than a SCSI bus can handle, besides completing commands. One example, which this series will introduce, is cleaning up after a request is cancelled. More long term, a "SCSI bus" can represent the LUNs attached to a target; in this case, while all commands will ultimately reach a logical unit, it is the target who is in charge of answering REPORT LUNs. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Cc: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: introduce scsi_req_dataPaolo Bonzini
This abstracts calling the command_complete callback, reducing churn in the following patches. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26scsi-generic: Remove bogus double completePaolo Bonzini
scsi-generic scsi_read_complete() should not -both- call the client complete callback with SCSI_REASON_DATA -and- call scsi_command_complete(). The former will cause the client to queue a new read or write request, while the later will free the request data structure, thus causing the new read or write request to use a freed/stale structure when it completes. This patch fixes the bug, fixing a crash with scsi-generic & RHEL5.5 installer. Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26scsi: add tracing of scsi requestsPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
2011-05-26usb: add ehci adapterGerd Hoffmann
This patch finally merges the EHCI host adapter aka USB 2.0 support. Based on the ehci bits collected @ git://git.kiszka.org/qemu.git ehci EHCI has a long out-of-tree history. Project was started by Mark Burkley, with contributions by Niels de Vos. David S. Ahern continued working on it. Kevin Wolf, Jan Kiszka and Vincent Palatin contributed bugfixes. /me (Gerd Hoffmann) picked it up where it left off, prepared the code for merge, fixed a few bugs and added basic user docs. Cc: David S. Ahern <daahern@cisco.com> Cc: Jan Kiszka <jan.kiszka@web.de> Cc: Kevin Wolf <mail@kevin-wolf.de> Cc: Vincent Palatin <vincent.palatin_qemu@m4x.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-26usb: move cancel callback to USBDeviceInfoGerd Hoffmann
Remove the cancel callback from the USBPacket struct, move it over to USBDeviceInfo. Zap usb_defer_packet() which is obsolete now. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-26usb: keep track of packet owner.Gerd Hoffmann
Keep track of the device which owns the usb packet for async processing. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-26usb: add usb_handle_packetGerd Hoffmann
Add a usb_handle_packet function, put it into use everywhere. Right now it just calls dev->info->handle_packet(), that will change in future patches though. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-26usb-storage: don't call usb_packet_complete twiceGerd Hoffmann
usb_msd_copy_data() may cause a recursive call to usb_msd_command_complete() which in turn may complete the packet, setting s->packet to NULL in case it does. Recheck s->packet before calling usb_packet_complete() to fix the double call. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-26usb-linux: use usb_generic_handle_packet()Hans de Goede
Make the linux usb host passthrough code use the usb_generic_handle_packet() function, rather then the curent DYI code. This removes 200 lines of almost identical code. Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2011-05-26usb: Pass the packet to the device's handle_control callbackHans de Goede
This allows using the generic usb_generic_handle_packet function from device code which does ASYNC control requests (such as the linux host pass through code). Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2011-05-26Bug #757654: UHCI fails to signal stall response patchJan Vesely
UHCI host controller status register indicates error and an interrupt is triggered on BABBLE and STALL errors. Signed-off-by: Jan Vesely <jano.vesely@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-26usb: add support for "grouped" interfaces and the Interface Association ↵Brad Hards
Descriptor This is used for some devices that have multiple interfaces that form a logic device. An example is Video Class, which has a Control interface and a Streaming interface. There can be additional interfaces on the same (physical) devices (e.g. a microphone), and Interface Association Descriptor handles this case. Signed-off-by: Brad Hards <bradh@frogmouth.net> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-26usb: remove fallback to bNumInterfaces if no .nifBrad Hards
All callers have been updated. Signed-off-by: Brad Hards <bradh@frogmouth.net> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-26usb: update config descriptors to identify number of interfacesBrad Hards
Previously we relied on the .bNumInterfaces, but that won't always be accurate after the introduction of grouped interfaces. Signed-off-by: Brad Hards <bradh@frogmouth.net> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-26usb: Add Interface Association Descriptor descriptor typeBrad Hards
Signed-off-by: Brad Hards <bradh@frogmouth.net> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-25Merge remote-tracking branch 'kraxel/CVE-2011-1751' into stagingAnthony Liguori
2011-05-23Merge branch 'trivial-patches' of git://repo.or.cz/qemu/stefanhaAurelien Jarno
* 'trivial-patches' of git://repo.or.cz/qemu/stefanha: Fix typos in comments (chek -> check) hw/sd.c: Don't complain about SDIO commands CMD52/CMD53 hw/realview.c: Remove duplicate #include line piix_pci: fix piix3_set_irq_pic()
2011-05-23Merge branch 'ppc-next' of git://repo.or.cz/qemu/agrafAurelien Jarno
* 'ppc-next' of git://repo.or.cz/qemu/agraf: Fix a bug in mtsr/mtsrin emulation on ppc64 pSeries: Clean up write-only variables w32: Fix compilation and replace non-portable usage of ulong
2011-05-22hw/sd.c: Don't complain about SDIO commands CMD52/CMD53Peter Maydell
The SDIO specification introduces new commands 52 and 53. Handle as illegal command but do not complain on stderr, as SDIO-aware OSes (including Linux) may legitimately use these in their probing for presence of an SDIO card. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-05-22hw/realview.c: Remove duplicate #include linePeter Maydell
Remove a duplicate #include of sysbus.h. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-05-22piix_pci: fix piix3_set_irq_pic()TeLeMan
If pic_irq is greater than 7, the irq level is always 0 on 32bits. Signed-off-by: TeLeMan <geleman@gmail.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-05-20pSeries: Clean up write-only variablesDavid Gibson
A few pieces of the pSeries emulation code have variables which are set but never used, which causes warnings on gcc 4.6. This patch removes these instances. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20s390x: fix memory detection for guests > 64GBChristian Borntraeger
the s390 memory detection has a 16bit field that specifies the amount of increments. This patch adopts the memory size to always fit into that scheme. This also fixes virtio detection for these guests, since the descriptor page is located after the main memory. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-20s390x: keep hint on virtio managing sizeAlexander Graf
The s390x virtio bus keeps management information on virtio after the top of the guest's RAM. We need to be able to tell the guest the size of its RAM (without virtio stuff), but also be able to trap when the guest accesses RAM outside of its scope (including virtio stuff). So we need a variable telling us the size of the virtio stuff, so we can calculate the highest available RAM address from that. While at it, also increase the maximum number of virtio pages, so we play along well with more recent kernels that spawn a ridiculous number of virtio console adapters. Signed-off-by: Alexander Graf <agraf@suse.de>
2011-05-19ahci: Fix non-NCQ accesses for LBA > 16bitsAlexander Graf
AHCI provides two ways of reading/writing data: 1) NCQ 2) ATA commands with the LBA in the command FIS In the second code path, we didn't handle any LBAs that were bigger than 16 bits, so whenever a guest that used high LBA numbers wanted to access data, the LBA got truncated down to 16 bits, giving the guest garbage. This patch adds support for LBAs higher than 16 bits. I've tested that it works just fine with SeaBIOS and Linux guests. This patch also unbreaks the often reported grub errors people have seen with AHCI. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-05-19Ignore pci unplug requests for unpluggable devices (CVE-2011-1751)Gerd Hoffmann
This patch makes qemu ignore unplug requests from the guest for pci devices which are tagged as non-hotpluggable. Trouble spot is the piix4 chipset with the ISA bridge. Requests to unplug that one will make it go away together with all ISA bus devices, which are not prepared to be unplugged and thus don't cleanup, leaving active qemu timers behind in free'ed memory. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>