| Age | Commit message (Collapse) | Author |
|---|
|
PAPR hypercalls should only be invoked from the guest kernel, not guest
user programs, that is, with MSR[PR]=0. Currently we check this in
spapr_hypercall, returning H_PRIVILEGE if MSR[PR]=1.
However, under KVM the state of MSR[PR] is already checked by the host
kernel before passing the hypercall to qemu, making this check redundant.
Worse, however, we don't generally synchronize KVM and qemu state on the
hypercall path, meaning that qemu could incorrectly reject a hypercall
because it has a stale MSR value.
This patch fixes the problem by moving the privilege test exclusively to
the TCG hypercall path.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
CC: qemu-stable@nongnu.org
Signed-off-by: Alexander Graf <agraf@suse.de>
(cherry picked from commit efcb9383b974114e5f682e531346006f8f2466c0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
In the A series memory map (implemented in the Cortex A15 CoreTile), the
first NOR flash bank (flash 0) is mapped to address 0x08000000, while
address 0x00000000 can be configured as alias to either the first or the
second flash bank. This patch fixes the definition of flash 0 address,
and for simplicity removes the alias definition.
Signed-off-by: Francesco Lavra <francescolavra.fl@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 661bafb3e14bfffcb0a7c7910534c7944608ca45)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
When setting up the NVIC memory regions the memory range
0x100..0xcff is aliased to an IO memory region that belongs
to the ARM GIC. This aliased region should be added to the
NVIC memory container, but the actual GIC IO memory region
was being added instead. This mixup was causing the wrong
IO memory access functions to be called when accessing parts
of the NVIC memory.
Signed-off-by: Meador Inge <meadori@codesourcery.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 9892cae39562d2e6c00ccc5966302c00f23be6d4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Reading VECTADDR was causing us to set the current priority to
the wrong value, the most obvious effect of which was that we
would return the vector for the wrong interrupt as the result
of the read.
Signed-off-by: Brendan Fennell <bfennell@skynet.ie>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 14c126baf1c38607c5bd988878de85a06cefd8cf)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Report from smatch:
hw/pflash_cfi01.c:431 pflash_write(180) info: ignoring unreachable code.
Instead of removing the return statement after the switch statement,
the patch replaces the return statements in the switch statement by
break statements. Other switch statements in the same code do it also
like that.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 12dabc79f976d66755025272f7e2e8e4da31715a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Report from smatch:
hw/ioh3420.c:128 ioh3420_initfn(35) info: ignoring unreachable code.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 997f15672a5ca7714cf310d92f475d2c5fe40970)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Report from smatch:
lm4549.c:234 lm4549_write_samples(14) error:
buffer overflow 's->buffer' 1024 <= 1024
There must be enough space to add two entries starting with index
s->buffer_level, therefore the old check was wrong.
[Peter Maydell <peter.maydell@linaro.org> clarifies the nature of the
analyser warning:
I don't object to making the change to placate the analyser,
but I don't think this is actually a buffer overrun. We always
add and remove samples from the buffer two at a time, so it's
not possible to get here with s->buffer_level == BUFFER_SIZE-1
(which is the only case where the old and new conditions
give different answers).]
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 8139626643cbe8dc07bd9acc88057effeedf8064)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Report from smatch:
hw/cadence_uart.c:413 uart_read(13) error: buffer overflow 's->r' 18 <= 18
This fixes read access to s->r[R_MAX] which is behind the limits of s->r.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 5d40097fc09fe5d34cf316a411dc27d455ac2cd0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
QEMU as far as I know only reports LUN numbers using the modes that
are described in SAM4.
As such, since all LUN numbers generated by the SCSI emulation in QEMU
follow SAM4, we should set the HiSup bit in the standard INQUIRY data
to indicate such.
From SAM4:
4.6.3 LUNs overview
All LUN formats described in this standard are hierarchical in
structure even when only a single level in that hierarchy is used.
The HISUP bit shall be set to one in the standard INQUIRY data
(see SPC-4) when any LUN format described in this standard is used.
Non-hierarchical formats are outside the scope of this standard.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
(cherry picked from commit 1109c894052751df99962c009fd7dbae397721f5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
This fix is needed to correctly handle 0-block read and writes.
Without it, a 0-block access at LBA 0 would underflow.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 12ca76fc48081b3a0ad1a70546abfcf198aedfc4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Abstract the test for an out-of-range (starting block, block count)
pair.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 444bc908611ccaf4512dc37c33ac3b54d873a62b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
pflash_cfi01 announces a version number of 1.1, which implies
"Protection Register Information" and "Burst Read information"
sections, which are not provided.
Decrease the version number to 1.0 so that only the "Protection
Register Information" section is needed.
Set the number of protection fields (0x3f) to 0x01, as 0x00 means 256
protections field, which makes the CFI table bigger than the current
implementation, causing some kernels to fail to read it.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 262e1eaafabf32d33a9fa0b03b3c8ea426c5ae1b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
There was a missing include of qemu-log and a variable name in a printf was out
of date.
Signed-off-by: Chris Wulff <crwulff@gmail.com>
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
(cherry picked from commit 8354cd722e0afae63bee3e4cb21c8f0ddb6874c2)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Assert that the ethernet and dma controller are sucessfully linked to their
peers.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
(cherry picked from commit 4b5e52101f9ad077d1c016f2b7130e2fdae6d2da)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
(cherry picked from commit e03377ae75808d33d0a7afc803b37bcda9f796b3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Fixes an error in a61e4b07a30c062260d2d01771773f14820d1eb7
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
(cherry picked from commit c0a1dcb9f0baf9269f8baeb02cbcca8dad75454c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
The USB network interface has a single buffer which the guest reads
from. This patch prevents multiple calls to usbnet_receive() from
clobbering the input buffer. Instead we queue packets until buffer
space becomes available again.
This is inspired by virtio-net and e1000 rxbuf handling.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit 190563f9a90c9df8ad32fc7f3e4b166deda949a6)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
The USB network interface has two code paths depending on whether or not
RNDIS mode is enabled. Refactor usbnet_receive() so that there is a
common path throughout the function instead of duplicating everything
across if (is_rndis(s)) ... else ... code paths.
Clean up coding style and 80 character line wrap along the way.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit f237ddbb89142c6948a2257c459e49dee7500a7c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
This is reported by QA. When installing os with pxe, after the initial
kernel and initrd are loaded, the procedure tries to copy files from install
server to local harddisk, the network becomes stall because of running out of
receive descriptor.
[Whitespace fixes and removed qemu_notify_event() because Paolo's
earlier net patches have moved it into qemu_flush_queued_packets().
Additional info:
I can reproduce the network hang with a tap device doing a iPXE HTTP
boot as follows:
$ qemu -enable-kvm -m 1024 \
-netdev tap,id=netdev0,script=no,downscript=no \
-device i82559er,netdev=netdev0,romfile=80861209.rom \
-drive if=virtio,cache=none,file=test.img
iPXE> ifopen net0
iPXE> config # set static network configuration
iPXE> kernel http://mirror.bytemark.co.uk/fedora/linux/releases/17/Fedora/x86_64/os/images/pxeboot/vmlinuz
I needed a vanilla iPXE ROM to get to the iPXE prompt. I think the boot
prompt has been disabled in the ROMs that ship with QEMU to reduce boot
time.
During the vmlinuz HTTP download there is a network hang. hw/eepro100.c
has reached the end of the rx descriptor list. When the iPXE driver
replenishes the rx descriptor list we don't kick the QEMU net subsystem
and event loop, thereby leaving the tap netdev without its file
descriptor in select(2).
Stefan Hajnoczi <stefanha@gmail.com>]
Signed-off-by: Bo Yang <boyang@suse.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 1069985fb132cd4324fc02d371f1e61492a1823f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
xen does not have a register that, when written, will cause can_receive
to go from false to true. However, flushing the queue can be attempted
whenever the front-end raises its side of the Xen event channel. There
is a single event channel for tx and rx.
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit a98b140223d3a627eab7ee3ddec645bab630d756)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
When the guests replenish the receive ring buffer, the network device
should flush its queue of pending packets. This is done with
qemu_flush_queued_packets.
e1000's can_receive can go from false to true when RCTL or RDT are
modified.
Reported-by: Luigi Rizzo <rizzo@iet.unipi.it>
Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Cc: Jan Kiszka <jan.kiszka@siemens.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit e8b4c680b41bd960ecccd9ff076b7b058e0afcd4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
virtio-net has code to flush the queue and notify the iothread
whenever new receive buffers are added by the guest. That is
fine, and indeed we need to do the same in all other drivers.
However, notifying the iothread should be work for the network
subsystem. And since we are at it we can add a little smartness:
if some of the queued packets already could not be delivered,
there is no need to notify the iothread.
Reported-by: Luigi Rizzo <rizzo@iet.unipi.it>
Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Cc: Jan Kiszka <jan.kiszka@siemens.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit 987a9b4800003567b1a47a379255e886a77d57ea)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
These wrong spellings were detected by codespell:
* successully -> successfully
* alot -> a lot
* wanna -> want to
* infomation -> information
* occured -> occurred
["also is" -> "is also" and "ressources" -> "resources" suggested by
Peter Maydell <peter.maydell@linaro.org>]
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit 0546b8c2f089867cd7606ff47e026e8931157828)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
QEMU_PACKED results in a MinGW compiler warning when it is
used for single structure elements:
warning: 'gcc_struct' attribute ignored
Using QEMU_PACKED for the whole structure avoids the compiler warning
without changing the memory layout.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit 93d3ad2a8048469d2b2bb157697425b66b2a37aa)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Don't queue up packets after a packet with the SPD (short packet detect)
flag set. Since we won't know if the packet will actually be short until it
has completed, and if it is short we should stop the queue.
This fixes a miniature photoframe emulating a USB cdrom with the windows
software for it not working.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 72a04d0c178f01908d74539230d9de64ffc6da19)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Commit 93bfef4c6e4b23caea9d51e1099d06433d8835a4 makes qemu-devices
which report the qemu version string to the guest in some way use a
qemu_get_version function which reports a machine-specific version string.
However usb-redir does not expose the qemu version to the guest, only to
the usbredir-host as part of the initial handshake. This can then be logged
on the usbredir-host side for debugging purposes and is otherwise completely
unused! For debugging purposes it is important to have the real qemu version
in there, rather then the machine-specific version.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 35efba2cc6812dc980c336d7b9bf81dbfb5daf00)
Conflicts:
hw/usb/redirect.c
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit ceab6f96454fe6589d1b09ce64403c041d79f9d9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
When removing unseen queue-heads from the async queue list, we should not
set the seen flag to 0, as this may cause them to be removed by
ehci_queues_rip_unused() during the next call to ehci_advance_async_state()
if the timer is late or running at a low frequency.
Note:
1) This *may* have caused the instant unlink / relinks described in commit
9bc3a3a216e2689bfcdd36c3e079333bbdbf3ba0
2) Rather then putting more if-s inside ehci_queues_rip_unused, this patch
instead introduces a new ehci_queues_rip_unseen function.
3) This patch also makes it save to call ehci_queues_rip_unseen() multiple
times, which gets used in the folluw up patch titled:
"ehci: Walk async schedule before and after migration"
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 8f5457eb04140714eaf57a99bc08dc661d83fa87)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Add two new trace events:
qxl_send_events(int qid, uint32_t events) "%d %d"
qxl_set_guest_bug(int qid) "%d"
Change qxl_io_unexpected_vga_mode parameters to be equivalent to those
of qxl_io_write for easier grouping under a single systemtap probe.
Change d to qxl in one place.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 917ae08ca1565aab2d10c8b6269cd905d6c5c05b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
While testing q35, I found that windows 7 (specifically, windows 7 ultimate
with sp1 x64), wouldn't install because it can't find the cdrom or disk drive.
The failure message is: 'A required cd/dvd device driver is missing. If you
have a driver floppy disk, CD, DVD, or USB flash drive, please insert it now.'
This can also be reproduced on piix by adding an ahci controller, and
observing that windows 7 does not see any devices behind it.
The problem is that when windows issues a HBA reset, qemu does not reset the
individual ports' PxCMD register. Windows 7 then reads back the PxCMD register
and presumably assumes that the ahci controller has already been initialized.
Windows then never sets up the PxIE register to enable interrupts, and thus it
never gets irqs back when it sends ata device inquiry commands.
This change brings qemu into ahci 1.3 specification compliance.
Section 10.4.3 HBA Reset:
"
When GHC.HR is set to '1', GHC.AE, GHC.IE, the IS register, and all port
register fields (except PxFB/PxFBU/PxCLB/PxCLBU) that are not HwInit in the
HBA's register memory space are reset.
"
I've also re-tested Fedora 16 and 17 to verify that they continue to work with
this change.
Signed-off-by: Jason Baron <jbaron@redhat.com>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 2a4f4f34e6fe55f4c82507c3e7ec9b58c2e24ad4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Report from smatch:
hw/ide/core.c:1472 ide_exec_cmd(423) error: buffer overflow 'smart_attributes' 8 <= 29
hw/ide/core.c:1474 ide_exec_cmd(425) error: buffer overflow 'smart_attributes' 8 <= 29
hw/ide/core.c:1475 ide_exec_cmd(426) error: buffer overflow 'smart_attributes' 8 <= 29
...
The upper limit of 30 was never reached because both for loops terminated
when 'smart_attributes' reached end of list, so there was no real buffer
overflow.
Nevertheless, changing the code not only fixes the error report, but also
reduces the size of smart_attributes and simplifies the for loops.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 1e53537fdaa4657d11f130a0f2673fcfb1956381)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
The Linux ehci isoc scheduling code fills the entire schedule ahead of
time minus 80 frames. If we make a large jump in where we are in the
schedule, ie 40 frames, then the scheduler all of a sudden will only have
40 frames left to work in, causing it to fail packet submissions
with error -27 (-EFBIG).
Changes in v2:
-Don't hardcode a maximum number of frames to process in one tick, instead:
-Process a minimum number of frames to ensure we do eventually catch up
-Stop (after the minimum number) when the guest has requested an irq
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 8f74ed1e43263293301031a10e440549bab19a6e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
If Interrupt Threshold Control is 8 or a multiple of 8, then
s->usbsts_frindex can become exactly 0x4000, at which point
(s->usbsts_frindex > s->frindex) will never become true, as
s->usbsts_frindex will not be lowered / reset in this case.
This patch fixes this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit ffa1f2e088eb7e3d57f2fc35f21e7bdb23e592c5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Also register different memory regions for capabilities,
operational registers and port status registers. Create
separate tracepoints for operational regs and port status
regs. Ditch a bunch of sanity checks because the memory
core will do this for us now.
Offloading the byte, word and dword access handling to the
memory core also has the side effect of fixing ehci register
access on bigendian hosts.
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 3e4f910c8d490a1490409a7e381dbbb229f9d272)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Add back a call to qxl_spice_destroy_surface_wait_complete() in qxl_spice_destroy_surface_wait(),
that was removed by commit c480bb7da465186b84d8427e068ef7502e47ffbf
It is needed to complete surface-removal cleanup, for non async.
For async, qxl_spice_destroy_surface_wait_complete is called upon operation completion.
Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 753b8b0d77ba1b343a35f9679cc777ea10a62bba)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
xhci needs this for USB_REQ_SET_ADDRESS due to the way
usb addressing is handled by the xhci hardware.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 63587e31353b6652cadfcfb869f5692a2b69daeb)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
This patch fixes the following error:
$ ~/usr/bin/qemu-system-x86_64 -enable-kvm -m 1024 -spice port=5900,disable-ticketing -vga qxl -cdrom ~/Images/linuxmint-13-mate-dvd-32bit.iso
(/home/mathslinux/usr/bin/qemu-system-x86_64:10068): SpiceWorker-CRITICAL **: red_worker.c:4599:red_update_area: condition `area->left >= 0 && area->top >= 0 && area->left < area->right && area->top < area->bottom' failed
Aborted
spice server terminates QEMU process if we pass invalid area to it,
so dont update those invalid areas.
Signed-off-by: Dunrong Huang <riegamaths@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit ccc2960d654a233a6ed415b37d8ff41728d817c5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Some guests need this according to
Alejandro Martinez Ruiz <alex@securiforest.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 6ee021d41078844df60a3a466e3829a3e82776f3)
Conflicts:
hw/usb/hcd-xhci.c
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 8e9f18b6db1cd67f0a7efd7d0285bee489445197)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
This patch splits the xhci_xfer_data function into three.
The xhci_xfer_data function used to do does two things:
(1) copy transfer data between guest memory and a temporary buffer.
(2) report transfer results to the guest using events.
Now we three functions to handle this:
(1) xhci_xfer_map creates a scatter list for the transfer and
uses that (instead of the temporary buffer) to build a
USBPacket.
(2) xhci_xfer_unmap undoes the mapping.
(3) xhci_xfer_report sends out events.
The patch also fixes reporting of transaction errors which must be
reported unconditinally, not only in case the guest asks for it
using the ISP flag.
[ v2: fix warning ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit d5a15814b413869667b2a3215772986885be574a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
original xhci code (the one which used libusb directly) used to use
'background transfers' for iso streams. In upstream qemu the iso
stream buffering is handled by usb-host & usb-redir, so we will
never ever need this. It has been left in as reference, but is dead
code anyway. Rip it out.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 331e9406f152b6bae6859a153d36e5076c58901d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
usb-audio is a full speed (1.1) device,
but bcdUSB claims it is usb 2.0. Fix it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 2bbd086c41a00dc4384727ec895a94890c688eb5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Windows users need to know that they have to use the Baum driver to make
the qemu braille device work.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 2964cd9bfa5100e433471d3e3fedcc9d62891894)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Babble is the appropriate error in this case (rather then signalling a stall).
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 2979a36183a3902cd75665e7c6bbc8668668fd17)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit de550a6afb468ed3b8171019e19b63ae8254886d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
This is a preparation patch for completely getting rid of the async-packet
struct in usb-redir, instead relying on the (new) per ep queues in the
qemu usb core.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 206e7f20fe7b920b362bcc02608680c5d5527f2a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
The shadow copy only serves as an extra check (besides the packet-id) to
ensure the packet we get back is a reply to the packet we think it is.
This check has never triggered in all the time usb-redir is in use now,
and since the verified data in the returned packet-header is not used
otherwise, removing the check does not open any possibilities for the
usbredirhost to confuse us.
This is a preparation patch for completely getting rid of the async-packet
struct in usb-redir, instead relying on the (new) per ep queues in the
qemu usb core.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 104981d52b63dc3d68f39d4442881c667f44bbb9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
This is a preparation patch for completely getting rid of the async-packet
struct in usb-redir, instead relying on the (new) per ep queues in the
qemu usb core.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit cb897117cdedd488f19985c8ec5ea05971103a27)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
There is no need for this, and doing so means that a backend trying to
write immediately after an open event will see qemu_chr_be_can_write
returning 0, which not all backends handle well as there is no wakeup
mechanism to detect when the frontend does become writable.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit ed9873bfbf145c084d039baab08c63b9d67e7bd3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
USB_RET_NAK is not a valid response for async handled packets (and will
trigger an assert as such).
Also drop the warning when receiving a status of cancelled for packets not
cancelled by qemu itself, this can happen when a device gets unredirected
by the usbredir-host while transfers are pending.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 181133404f520fab40a3ad40d935d91cf3cf546c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
