Age | Commit message (Collapse) | Author |
|
acpi table file can be modified during load so file size check
should be more strict.
pointer calculation should be after qemu_realloc(). not before realloc().
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
https://bugs.launchpad.net/bugs/611646
reports that ./i386-softmmu/qemu -M isapc segfaults.
This patch fixes the segfault introduced by
f885f1eaa8711c06033ceb1599e3750fb37c306f
It's because i440fx_state in pc_init1() isn't initialized.
> Core was generated by `./i386-softmmu/qemu -M isapc'.
> Program terminated with signal 11, Segmentation fault.
> [New process 19686]
> at qemu/hw/piix_pci.c:136
> (gdb) where
> at qemu/hw/piix_pci.c:136
> boot_device=0x7fffe1f5b040 "cad", kernel_filename=0x0,
> kernel_cmdline=0x6469bf "", initrd_filename=0x0,
> cpu_model=0x654d10 "486", pci_enabled=0)
> at qemu/hw/pc_piix.c:178
> boot_device=0x7fffe1f5b040 "cad", kernel_filename=0x0,
> kernel_cmdline=0x6469bf "", initrd_filename=0x0, cpu_model=0x654d10 "486")
> at qemu/hw/pc_piix.c:207
> envp=0x7fffe1f5b188)
> at qemu/vl.c:2871
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
Combining bitwise AND and logical NOT is suspicious.
Fixed by this Coccinelle script:
// From http://article.gmane.org/gmane.linux.kernel/646367
@@ expression E1,E2; @@
(
!E1 & !E2
|
- !E1 & E2
+ !(E1 & E2)
)
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
We can't use the return value of load_uimage() for the kernel because it
can't account for BSS size, and the PowerPC kernel does not relocate
blobs before zeroing BSS.
Instead, we now load at the fixed addresses chosen by u-boot (the normal
firmware for the board).
Signed-off-by: Hollis Blanchard <hollis@penguinppc.org>
|
|
The PowerPC 4xx SDRAM controller emulation unregisters RAM in its reset
callback. However, qemu_system_reset() is now called at initialization
time, so all RAM is unregistered before starting the guest (!).
Signed-off-by: Hollis Blanchard <hollis@penguinppc.org>
|
|
The message "Truncating memory to %d MiB to fit SDRAM controller limits"
should be displayed only when a user chooses an amount of RAM which
can't be represented by the PPC 4xx SDRAM controller (e.g. 129MB, which
would only be valid if the controller supports a bank size of 1MB).
Signed-off-by: Hollis Blanchard <hollis@penguinppc.org>
|
|
On KVM for PPC we need to tell the guest which instructions to use when
doing a hypercall. The clean way to do this is to go through an ioctl
from userspace and passing it on to the guest using the device tree.
So let's do the qemu part here: read out the hypercall and pass it on
to the guest's fw_cfg so openBIOS can read it out and expose it again.
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
Changing block.h or blockdev.h resulted in recompiling most objects.
Move DriveInfo typedef and BlockInterfaceType enum definitions
to qemu-common.h and rearrange blockdev.h use to decrease churn.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
Switch tree to lookup-by-name using qemu_find_opts().
Also hook up virtfs options so qemu_find_opts works for them too.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Old versions of the BOCHs VGA BIOS (cira 2003) made use of VBE
registers at 0xff80/81. In VBE API version 0xb0c2 these were
moved to 0x1ce/cf. Unfortunately, QEMU still registers handlers
for the old range. If a guest attempts to assign an I/O device
overlapping this region, QEMU exits with a hw_error. Windows
guests seem to like to assign I/O devices to the high end of
the address space, so it's pretty easy to hot add an rtl8139
to a Win2k8 guest and trigger the bug. I can't find any reason
to register these handlers, so let's remove the cruft.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Free malloc'ed memory, unregister from savevm and clean up virtio-common
bits on device hot-unplug.
This was found performing a migration after device hot-unplug.
Reported-by: <lihuang@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
I have a guest OS which sends the command 0xfd to the keyboard
controller during initialization. To get rid of the message
"qemu: unsupported keyboard cmd=0x%02x\n" I added support for
the pulse output bit commands.
I found the following explanation here:
http://www.win.tue.nl/~aeb/linux/kbd/scancodes-11.html#ss11.3
Command 0xf0-0xff: Pulse output bit
Bits 3-0 of the output port P2 of the keyboard controller may
be pulsed low for approximately 6 µseconds. Bits 3-0 of this
command specify the output port bits to be pulsed. 0: Bit should
be pulsed. 1: Bit should not be modified. The only useful version
of this command is Command 0xfe.
(For MCA, replace 3-0 by 1-0 in the above.)
Command 0xfe: System reset
Pulse bit 0 of the output port P2 of the keyboard controller.
This will reset the CPU.
Signed-off-by: Bernhard Kohl <bernhard.kohl@nsn.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Replace a qemu_malloc call, followed by a memset, with qemu_mallocz.
Found with this Coccinelle semantic patch, adapted from
Coccinelle test package rule 94:
@@
type T;
expression x;
expression E;
@@
- x = (T)qemu_malloc(E)
+ x = qemu_mallocz(E)
...
(
- memset(x,0,E);
|
- memset(x,0,sizeof(*x));
)
Some files (tests/*) had to be filtered out.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
Found with this Coccinelle semantic patch:
@@
expression E;
identifier ptr;
identifier fn ~= "qemu_strn?dup";
@@
-ptr = fn(E);
-if (ptr == NULL) { ... }
-
+ptr = fn(E);
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
According to scc_escc_um.pdf:
- Reset Highest IUS must update irq status to allow processing
of the next priority interrupt.
- rx interrupt has always higher priority than tx on same channel
The documentation only explicitly says that Reset Highest IUS
command (0x38) clears IUS bits, not that it clears the corresponding
interrupt too, so don't clear interrupts on this command.
The patch allows SunOS 4.1.4 to use the serial ports
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
resend for bug fix related to removal of irqfd
Support an inter-vm shared memory device that maps a shared-memory object as a
PCI device in the guest. This patch also supports interrupts between guest by
communicating over a unix domain socket. This patch applies to the qemu-kvm
repository.
-device ivshmem,size=<size in format accepted by -m>[,shm=<shm name>]
Interrupts are supported between multiple VMs by using a shared memory server
by using a chardev socket.
-device ivshmem,size=<size in format accepted by -m>[,shm=<shm name>]
[,chardev=<id>][,msi=on][,ioeventfd=on][,vectors=n][,role=peer|master]
-chardev socket,path=<path>,id=<id>
The shared memory server, sample programs and init scripts are in a git repo here:
www.gitorious.org/nahanni
Signed-off-by: Cam Macdonell <cam@cs.ualberta.ca>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
A non-migratable device should be removed before migration and re-added after.
Signed-off-by: Cam Macdonell <cam@cs.ualberta.ca>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
|
|
Add support for getting kernel command line size with
FW_CFG_CMDLINE_SIZE.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
The reason for not actually canceling the I/O is because with
virtualization and lots of VM running, a guest fs may mistake a
overload of the host, as an IDE timeout. So rather than canceling the
I/O, it's safer to wait I/O completion and simulate that the I/O has
completed just before the io cancellation was requested by the
guest. This way if ntfs or an app writes data without checking for
-EIO retval, and it thinks the write has succeeded, it's less likely
to run into troubles. Similar issues for reads.
Furthermore because the DMA operation is splitted into many synchronous
aio_read/write if there's more than one entry in the SG table, without this
patch the DMA would be cancelled in the middle, something we've no idea if it
happens on real hardware too or not. Overall this seems a great risk for zero
gain.
This approach is sure safer than previous code given we can't pretend all guest
fs code out there to check for errors and reply the DMA if it was completed
partially, given a timeout would never materialize on a real harddisk unless
there are defective blocks (and defective blocks are practically only an issue
for reads never for writes in any recent hardware as writing to blocks is the
way to fix them) or the harddisk breaks as a whole.
Signed-off-by: Izik Eidus <ieidus@redhat.com>
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
The timer #0 is the system timer, so the timer #num_cpu is the
timer of the last CPU, and it must be initialized in slavio_timer_reset.
Don't mark non-existing timers as running.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
Add a macro to easily enable/disable debug prints
Also fix wrong printf formatters
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
|
|
Set high to a word aligned address beyond loaded image.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
|
|
This header is not present on my system and causes a build
failure, but is also not used in these files, so remove it.
Signed-off-by: Mike McCormack <mikem@ring3k.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Use PCI_DEVFN() where appropriate.
The resulted stripped binary remains same
with/without thie patch.
Cc: Huacai Chen <zltjiangshi@gmail.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Removing dead code. Above we already continued when
rom->addr + valuegreaterthan0 < addr so this condition is always false.
Signed-off-by: Joel Schopp <jschopp@austin.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Currently virtio-serial supports a maximum of 31 ports. Specifying the
'max_ports' parameter to be > 31 on the cmd line causes badness.
Ensure we initialise virtio-serial only if max_ports is within the
supported range.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
* 'for-anthony' of git://repo.or.cz/qemu/kevin:
Fix -snapshot deleting images on disk change
block: Use error codes from lower levels for error message
block: default to 0 minimal / optiomal I/O size
move 'unsafe' to end of caching modes in help
virtio-blk: Create exit function to unregister savevm
block migration: propagate return value when bdrv_write() returns < 0
ide/atapi: add support for GET EVENT STATUS NOTIFICATION
|
|
Fix the following warnings:
/src/qemu/hw/ide/core.c: In function `ide_drive_pio_post_load':
/src/qemu/hw/ide/core.c:2767: warning: comparison is always false due to limited range of data type
/src/qemu/ui/vnc-enc-tight.c: In function `tight_detect_smooth_image':
/src/qemu/ui/vnc-enc-tight.c:284: warning: comparison is always true due to limited range of data type
/src/qemu/ui/vnc-enc-tight.c:297: warning: comparison is always true due to limited range of data type
/src/qemu/ui/vnc-enc-tight.c: In function `tight_encode_indexed_rect16':
/src/qemu/ui/vnc-enc-tight.c:456: warning: comparison is always false due to limited range of data type
/src/qemu/ui/vnc-enc-tight.c: In function `tight_encode_indexed_rect32':
/src/qemu/ui/vnc-enc-tight.c:457: warning: comparison is always false due to limited range of data type
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
It reintroduces
Revert "ide save/restore pio/atapi cmd transfer fields and io buffer"
but using subsections. Added bonus is the addition of ide_dummy_transfer_stop
to transfer_end_table, that was missing.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
This commit adds subsections for each device section.
Subsections is the way to handle information that don't need to be sent
to de destination of a migration because its values are not needed. It is
the way to handle optional information. Notice that only the source can
decide if the information is optional or not. The destination needs to
understand all subsections that it receives to have a sucessful load.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
This reverts commit 42ee76fe82093ba914f0dc83d2decbcf68866144.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
This reverts commit ed487bb1d69040b9dac64a4fc076d8dd82b131d6.
The conflicts are due to commit 4fc8d6711aff7a9c11e402c3d77b481609f9f486
that is a fix to the ide_drive_pre_save() function. It reverts both
(and both are reinstantiated later in the series)
Conflicts:
hw/ide/core.c
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
|
|
Otherwise we can't migrate after we've removed a virtio block device.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
The GET EVENT STATUS NOTIFICATION is a mandatory command according
to MMC-3, even if event status notification is not supported.
This patch adds support for this command. It returns NEA ("No Event
Available") with an empty "Supported Event Classes" to show that it
doesn't event support status notification. If asychronous operation is
requested, which requires NCQ support, it returns an error according
to the specifications.
This fixes HAL support on FreeBSD and derivatives, which fill up the
logs every second with:
acd0: FAILURE - unknown CMD (0x03) ILLEGAL REQUEST asc=0x20 ascq=0x00
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Some SW drivers dont keep track of what they've written and
depend on the HW latching write contents for later
read+modify+write sequences.
Signed-off-by: Edgar E. Iglesias <edgar@axis.com>
|
|
Commit 36388314febad3d7675ab919287f03733a560ff6 moved most of the
interrupt logic to cpu-exec.c. Remove the remaining useless code
and fix software interrupts.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Acked-by: Edgar E. Iglesias <edgar@axis.com>
Tested-by: Edgar E. Iglesias <edgar@axis.com>
|
|
When hw interrupt pending bits in CP0_Cause are set, the CPU should
see the hw interrupt line as active. The CPU may or may not take the
interrupt based on internal state (global irq mask etc) but the glue
logic shouldn't care.
This fixes MIPS external hw interrupts in combination with -icount.
Signed-off-by: Edgar E. Iglesias <edgar@axis.com>
|
|
The request completion callback of the LSI controller may start the next
request that can use the same tag as the completed one. As the latter is
still enqueued at that point, scsi_send_command will complain about the
tag reuse and cancel the completed request. That will cause a double
free later on when the completion path cleans up as well.
Fix this by dequeuing the request before invoking the callback.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
This change fixes initialization of e1000's microwire EEPROM internal
state values so that qemu's e1000 emulation works on NetBSD,
which doesn't use Intel's em driver but has its own wm driver
for the Intel i8254x Gigabit Ethernet.
Previously set_eecd() function in e1000.c clears EEPROM internal state
values on SK rising edge during CS==L, but according to FM93C06 EEPROM
(which is MicroWire compatible) data sheet, EEPROM internal status
should be cleared on CS rise edge regardless of SK input:
"... a rising edge on this (CS) signal is required to reset the internal
state-machine to accept a new cycle .."
and nothing should be changed during CS (chip select) is inactive.
Intel's em driver seems to explicitly raise SK output after CS is negated
in em_standby_eeprom() so many other OSes that use Intel's driver
don't have this problem even on the previous e1000.c implementation,
but I can't find any articles that say the MICROWIRE or EEPROM spec
requires such sequence, and actually hardware works fine without it
(i.e. real i82540EM has been working on NetBSD).
This fix also changes initialization to clear each state value in
struct eecd_state individually rather than using memset() against
the whole structre. The old_eecd member stores the last SK and CS
signal levels and it should be preserved even after reset of internal
EEPROM state to detect next signal edges for proper EEPROM emulation.
Signed-off-by: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Starting with qemu -M pc-0.12 -device virtio-serial
results in
-device virtio-serial: Property 'virtio-serial-pci.max_nr_ports' not found
The property name 'max_ports' is incorrectly named 'max_nr_ports'. Fix
that.
Also fix the ppc440 machine type bamboo-0.12 which has this typo.
Reported-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Use empty_slot to reserve addresses for several unimplemented devices so they won't fault.
- BPP (parallel port), DBRI (audio), SX (pixel processor), and vsimms (framebuffer)
OBP for SS-20 either assumes these devices exist or probes without expecting faults.
Signed-off-by: Bob Breuer <breuerr@mc.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
We need to know ring layout to allocate log buffer.
So init rings first.
Also fixes a theoretical memory-leak-on-error.
https://bugzilla.redhat.com/show_bug.cgi?id=615228
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Add support for secrc field. Reportedly needed by old RHEL guests.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
We do range check for size, and get size as buffer,
but copy size + 4 bytes (4 is for FCS).
Let's copy size bytes but put size + 4 in length.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
|
|
|