aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2011-01-12ppc405_uc: fix a buffer overflowBlue Swirl
Fix a buffer overflow, reported by cppcheck: [/src/qemu/hw/ppc405_uc.c:72]: (error) Buffer access out-of-bounds: bd.bi_s_version The use of field bi_s_version seems to be a typo, it should be bi_r_version. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-01-12lan9118: fix a buffer overflowBlue Swirl
Fix a buffer overflow, reported by cppcheck: [/src/qemu/hw/lan9118.c:849]: (error) Buffer access out-of-bounds: s.eeprom All eeprom handling code assumes that the size of eeprom is 128, except lan9118_eeprom_cmd. Fix this by restricting the address passed. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-01-12loader: fix a file descriptor leakBlue Swirl
Fix a file descriptor leak, reported by cppcheck: [/src/qemu/hw/loader.c:311]: (error) Resource leak: fd Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-01-10Merge remote branch 'mst/for_anthony' into stagingAnthony Liguori
2011-01-09target-sh4: implement writes to mmaped ITLBAurelien Jarno
Some Linux kernels seems to implement ITLB/UTLB flushing through by writing all TLB entries through the memory mapped interface instead of writing one to MMUCR.TI. Implement memory mapped ITLB write interface so that such kernels can boot. This fixes https://bugs.launchpad.net/bugs/700774 . Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-01-06cirrus: delete GCC 4.6 warningsAurelien Jarno
Commit 92d675d1c1f23f3617e24b63c825074a1d1da44b triggered uninitialized variables warning with GCC 4.6. Fix them by adding zero initializers. Acked-by: Blue Swirl <blauwirbel@gmail.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-01-06cirrus_vga: Declare as little endianBlue Swirl
This patch replaces explicit bswaps with endianness hints to the mmio layer. CC: Alexander Graf <agraf@suse.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-01-06pc: move port 92 stuff back to pc.c from pckbd.cBlue Swirl
956a3e6bb7386de48b642d4fee11f7f86a2fcf9a introduced a bug concerning reset bit for port 92. Since the keyboard output port and port 92 are not compatible anyway, let's separate them. Reported-by: Peter Lieven <pl@dlh.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com> -- v2: added reset handler and VMState
2011-01-04cirrus_vga: fix division by 0 for color expansion ropAurelien Jarno
Commit d85d0d3883f5a567fa2969a0396e42e0a662b3fa introduces a regression with Windows ME that leads to a division by 0 and a crash. It uses the color expansion rop with the source pitch set to 0. This is something allowed, as the manual explicitely says "When the source of color-expand data is display memory, the source pitch is ignored.". This patch fixes this regression by computing sx, sy and others variables only if they are going to be used later, that is for a plain copy ROP. It basically consists in moving code. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-01-04Fix curses on big endian hostsAurelien Jarno
On big endian hosts, the curses interface is unusable: the emulated graphic card only displays garbage, while the monitor interface displays nothing (or rather only spaces). The curses interface is waiting for data in native endianness, so console_write_ch() should not do any conversion. The conversion should be done when reading the video buffer in hw/vga.c. I supposed this buffer is in little endian mode, though it's not impossible that the data is actually in guest endianness. I currently have no big endian guest to way (they all switch to graphic mode immediately). Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2010-12-27Merge branch 'spice.v23.pull' of git://anongit.freedesktop.org/spice/qemuAurelien Jarno
* 'spice.v23.pull' of git://anongit.freedesktop.org/spice/qemu: vnc/spice: add set_passwd monitor command. vnc: support password expire vnc: auth reject cleanup spice: add qmp 'query-spice' and hmp 'info spice' commands. spice: connection events. spice: add qxl device spice: add qxl vgabios binary.
2010-12-27pci: fix migration path for devices behind bridgesMichael S. Tsirkin
The device path used for migration is currently broken for for all devices behind a nested bridge. Replace this by a hierarchical list of slot/function numbers, walking the path from root down to device. Add :00 after the domain number so that if there are no nested bridges, this is compatible with what we have now. Note: as pointed out by Gleb, using openfirmware paths might be cleaner, doing this would break compatibility though, and the IDs used are not guest or user visible at all, so breaking the compatibility is probably not worth it. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2010-12-26s390: compile fixesAlexander Graf
The s390 target doesn't compile out of the box anymore. This patch fixes all the obvious glitches that got introduced in the last few weeks. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2010-12-24pcie/aer: glue aer error injection into qemu monitorIsaku Yamahata
introduce pcie_aer_inject_error command. Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2010-12-24pci: introduce a helper function to convert qdev id to PCIDeviceIsaku Yamahata
This patch introduce a helper function to get PCIDevice from qdev id. This function will be used later. Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2010-12-24qdev: export qdev_find_recursive() for later useIsaku Yamahata
This patch exports qdev_find_recursive() for later use. Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2010-12-22build, pci: remove QMP dependency on core PCI codeIsaku Yamahata
by introducing pci-stub.c, eliminate QMP dependency on core PCI code rquired by query-pci command. Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2010-12-22pcie: add flr supportIsaku Yamahata
Support flr: trigger device reset on flr config write. Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2010-12-22pc/piix: fix mismerge of b1aeb92666d2fde413c34578b3b42bbfe5f2a506Isaku Yamahata
The change set of b1aeb92666d2fde413c34578b3b42bbfe5f2a506 in pci branch was mismerged. The compatibility should be kept for 0.13, not for 0.14. Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2010-12-21qdev: sysbus_get_default must not return a NULL pointer (fix regression)Stefan Weil
Every system should have some sort of main system bus, so sysbus_get_default should always return a valid bus. Without this patch, at least mipssim and malta no longer start but raise a null pointer access exception (caused by commit ec990eb622ad46df5ddcb1e94c418c271894d416). Cc: Anthony Liguori <anthony@codemonkey.ws> Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2010-12-21qdev: remove an unused functionMichael S. Tsirkin
qbus_reset_all is unused, remove it Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2010-12-20sparc32: ledma extra registers need tracing tooBob Breuer
Also trace the extra registers, and update the comments with new info from Artyom Tarasenko. Signed-off-by: Bob Breuer <breuerr@mc.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-12-20wdt_ib700: Fix accidental use of SoftFloat int64 typeAndreas Färber
softfloat.h's int64 type has least-width semantics. Since we're assigning an int64_t, use plain int64_t. v4: * Summary change. v3: * Split off. Signed-off-by: Andreas Färber <andreas.faerber@web.de> Acked-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-12-20apic: Fix accidental use of SoftFloat uint32 typeAndreas Färber
softfloat.h's uint32 type has least-width semantics. Surrounding code uses uint32_t, so use uint32_t here, too. v4: * Summary change. v3: * Split off. Signed-off-by: Andreas Färber <andreas.faerber@web.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-12-20qbus: register reset handler for qbus whose parent is NULLIsaku Yamahata
Stefan Weil reported the regression caused by ec990eb622ad46df5ddcb1e94c418c271894d416 as follows > The second regression also occurs with MIPS malta. > Networking no longer works with the default pcnet nic. > > This is caused because the reset function for pcnet is no > longer called during system boot. The result in an invalid > mac address (all zero) and a non-working nic. > > For this second regression I still have no simple solution. > Of course mips_malta.c should be converted to qdev which > would fix both problems (but only for malta system emulation). The issue is, it is assumed that all qbuses, qdeves are under main_system_bus. But there are qbuses whose parent is NULL. So it is necessary to trigger reset for those qbuses. (On the other hand, if NULL is passed to qdev_create(), its parent bus is main_system_bus.) Ideally those buses should be moved under bus controller device which is qdev. But it's not done yet. So register qbus reset handler for qbus whose parent is NULL. Reported-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: "Michael S. Tsirkin" <mst@redhat.com> Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2010-12-19qdev: sysbus_get_default must not return a NULL pointer (fix regression)Stefan Weil
Every system should have some sort of main system bus, so sysbus_get_default should always return a valid bus. Without this patch, at least mipssim and malta no longer start but raise a null pointer access exception (caused by commit ec990eb622ad46df5ddcb1e94c418c271894d416). Cc: Anthony Liguori <anthony@codemonkey.ws> Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2010-12-19pci: don't use bus number in migration, stub outMichael S. Tsirkin
Using bus numbers in migration is clearly wrong as they are guest assigned. Not really sure what the right thing to do is, for now stick 0 in there so things keep working for non-nested setups, add a TODO. We also probably have to mark nested bridges as non-migrateable until this is fixed? Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Alex Williamson <alex.williamson@redhat.com>
2010-12-19ahci: delete write-only variables (v2)Blue Swirl
Avoid these warnings with GCC 4.6.0: /src/qemu/hw/ide/ahci.c: In function 'ahci_reset_port': /src/qemu/hw/ide/ahci.c:810:14: error: variable 'tfd' set but not used [-Werror=unused-but-set-variable] /src/qemu/hw/ide/ahci.c: In function 'handle_cmd': /src/qemu/hw/ide/ahci.c:1103:19: error: variable 'pr' set but not used [-Werror=unused-but-set-variable] In the tfd variable case, fix the logic also. CC: Alexander Graf <agraf@suse.de> CC: Kevin Wolf <kwolf@redhat.com> Acked-by: Alexander Graf <agraf@suse.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-12-19vga: Declare as little endianBlue Swirl
This patch replaces explicit bswaps with endianness hints to the mmio layer. CC: Alexander Graf <agraf@suse.de> Acked-by: Alexander Graf <agraf@suse.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-12-18sparc32: ledma extra registersBob Breuer
ledma has 0x20 bytes of registers according to OBP, and at least Solaris9 reads the 5th register which is beyond what we've mapped. So let's setup a flag (inspired by a previous patch from Blue Swirl) to identify ledma from espdma, and map another 16 bytes of registers which return 0. Signed-off-by: Bob Breuer <breuerr@mc.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-12-17ide: Build fix for via.cKevin Wolf
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17ide: Fix build for cmd646.cKevin Wolf
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Acked-by: Andreas Färber <andreas.faerber@web.de>
2010-12-17scsi-disk: support WRITE SAME (16) with unmap bitChristoph Hellwig
Support discards via the WRITE SAME command with the unmap bit set, and tell the initiator about the support for it via the block limit and the new thin provisioning EVPD pages. Also fix the comment which incorrectly describedthe block limits EVPD page. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17ide: Register vm change state handler once onlyStefan Hajnoczi
We register the vm change state handler in a PCI BAR map() function. This function can be called multiple times throughout the lifetime of a PCI IDE device. This results in duplicate vm change state handlers being register, none of which are ever unregistered. Instead, register the vm change state handler in the device's init function once and for all. piix tested, cmd646 and via not tested. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17Remove NULL checks for bdrv_new return valueKevin Wolf
It's an indirect call to qemu_malloc, which never returns an error. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17ide: honor ncq for atapiAlexander Graf
ATAPI also can do ncq, so let's expose the capability. This patch makes CD-ROM support work on Windows 7 for me. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17ahci: set SATA Mode SelectSebastian Herbszt
Set SATA Mode Select to AHCI in the Address Map Register. Signed-off-by: Sebastian Herbszt <herbszt@gmx.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17ahci: add ahci emulationAlexander Graf
This patch adds an emulation layer for an ICH-9 AHCI controller. For now this controller does not do IDE legacy emulation. It is a pure AHCI controller. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17pci: add ich9 pci idAlexander Graf
We need a PCI ID for our new AHCI adapter. I just picked an ICH-9 because that's the one in the Q35 chipset. This patch adds a PCI ID define for an ICH-9 AHCI adapter. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17pci: add storage class for sataAlexander Graf
This patch adds the storage sata class id. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17ide: add ncq identify data for ahci sata drivesRoland Elek
I modified ide_identify() to include the zero-based queue length value in word 75, and set bit 8 in word 76 to signal NCQ support in the identify data for AHCI SATA drives. Signed-off-by: Roland Elek <elek.roland@gmail.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17ide: move transfer_start after variable modificationAlexander Graf
We hook into transfer_start and immediately call the end function for ahci. This means that everything needs to be in place for the end function when we start the transfer, so let's move the function down to where all state is in place. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17ide: Split out BMDMA code from ATA coreAlexander Graf
The ATA core is currently heavily intertwined with BMDMA code. Let's loosen that a bit, so we can happily replace the DMA backend with different implementations. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17ide: fix whitespace gap in ide_exec_cmdAlexander Graf
Now that we have the function split out, we have to reindent it. In order to increase the readability of the actual functional change, this is split out. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17ide: split ide command interpretation offAlexander Graf
The ATA command interpretation code can be used for PATA and SATA interfaces alike. So let's split it out into a separate function. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17Merge remote branch 'jvrao/for-anthony' into stagingAnthony Liguori
2010-12-17Merge remote branch 'mst/for_anthony' into stagingAnthony Liguori
2010-12-12Watchdog: disable watchdog timer when hard-rebooting a guest.Richard W.M. Jones
This commit causes the watchdog timer to be reset when a guest is hard-rebooted. The failure case previously was as follows: (a) guest boots, watchdog is enabled (b) guest does a reset eg: echo 'b' > /proc/sysrq-trigger (note that an ordinary /sbin/reboot wouldn't hit this case since as the watchdog daemon is shut down, the daemon would properly disable the watchdog device) (c) the reboot takes longer than the remaining time on the watchdog (d) the watchdog therefore fires during the reboot (e) probably the VM would just reboot again at this point which is pretty benign, but it could depend on the action that the user had selected for the watchdog Now we use the qdev reset function to register a reset handler which disables the timer. Note the handler is called _either_ just after init _or_ when the guest reboots. In the i6300esb case there is a small refactoring of the code so that the device's internal state is now fully restored to defaults on a reboot. Signed-off-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-12-11Pass boot device list to firmware.Gleb Natapov
Signed-off-by: Gleb Natapov <gleb@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-12-11Add bootindex for option roms.Gleb Natapov
Extend -option-rom command to have additional parameter ,bootindex=. Signed-off-by: Gleb Natapov <gleb@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>