aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2012-09-11usb-redir: Enable pipelining for bulk endpointsHans de Goede
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11usb-redir: Ensure our peer has the necessary caps when redirecting to XHCIHans de Goede
In order for redirection to work properly when redirecting to an emulated XHCI controller, the usb-redir-host must support both usb_redir_cap_ep_info_max_packet_size and usb_redir_cap_64bits_ids, reject any devices redirected to an XHCI controller when these are not supported. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11usb-redir: Add a usbredir_reject_device helper functionHans de Goede
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11usb-redir: Set ep max_packet_size if availableHans de Goede
This is needed for usb-redir to work properly with the xhci emulation. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11usb-redir: Convert to new libusbredirparser 0.5 APIHans de Goede
This gives us support for 64 bit ids which is needed for using XHCI with the new hcd generated ids. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11usb-redir: Return babble when getting more bulk data then requestedHans de Goede
Babble is the appropriate error in this case (rather then signalling a stall). Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11usb-redir: Move to core packet id and queue handlingHans de Goede
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11usb-redir: Get rid of unused async-struct dev memberHans de Goede
This is a preparation patch for completely getting rid of the async-packet struct in usb-redir, instead relying on the (new) per ep queues in the qemu usb core. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11usb-redir: Get rid of local shadow copy of packet headersHans de Goede
The shadow copy only serves as an extra check (besides the packet-id) to ensure the packet we get back is a reply to the packet we think it is. This check has never triggered in all the time usb-redir is in use now, and since the verified data in the returned packet-header is not used otherwise, removing the check does not open any possibilities for the usbredirhost to confuse us. This is a preparation patch for completely getting rid of the async-packet struct in usb-redir, instead relying on the (new) per ep queues in the qemu usb core. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11usb-redir: Get rid of async-struct get memberHans de Goede
This is a preparation patch for completely getting rid of the async-packet struct in usb-redir, instead relying on the (new) per ep queues in the qemu usb core. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11usb-redir: Don't delay handling of open events to a bottom halfHans de Goede
There is no need for this, and doing so means that a backend trying to write immediately after an open event will see qemu_chr_be_can_write returning 0, which not all backends handle well as there is no wakeup mechanism to detect when the frontend does become writable. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11usb-redir: Never return USB_RET_NAK for async handled packetsHans de Goede
USB_RET_NAK is not a valid response for async handled packets (and will trigger an assert as such). Also drop the warning when receiving a status of cancelled for packets not cancelled by qemu itself, this can happen when a device gets unredirected by the usbredir-host while transfers are pending. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11ehci: Correct a comment in fetchqtd packet processingHans de Goede
Since my previous comment said "Should never happen", I tried changing the next line to an assert(0), which did not go well, which as the new comments explains is logical if you think about it for a moment. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11ehci: Handle USB_RET_PROCERR in ehci_fill_queueHans de Goede
USB_RET_PROCERR can be triggered by the guest (by for example requesting more then BUFFSIZE bytes), so don't assert on it. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11ehci: Fix memory leak in handling of NAK-ed packetsHans de Goede
Currently each time we try to execute a NAK-ed packet we redo ehci_init_transfer, and usb_packet_map, re-allocing (without freeing) the sg list every time. This patch fixes this, it does this by introducing another async state, so that we also properly cleanup a NAK-ed packet on cancel. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11ehci: Add some additional ehci_trace_guest_bug() callsHans de Goede
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11ehci: add doorbell trace eventsGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11ehci: trace guest bugsGerd Hoffmann
make qemu_queue_{cancel,reset} return the number of packets released, so the caller can figure whenever there have been active packets even though there shouldn't have been any. Add tracepoint to log this. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11ehci: check for EHCI_ASYNC_FINISHED first in ehci_free_packetGerd Hoffmann
Otherwise we'll see the packet free twice in the trace log even though it actually happens only once. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11ehci: Properly report completed but not yet processed packets to the guestHans de Goede
Reported packets which have completed before being cancelled as such to the host. Note that the new code path this patch adds is untested since it I've been unable to actually trigger the race which needs this code path. Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-09-11ehci: Properly cleanup packets on cancelHans de Goede
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-09-11ehci: Update copyright headers to reflect recent workHans de Goede
Update copyright headers to reflect all the work Gerd and I have been doing on the EHCI emulation. Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-09-11ehci: Validate qh is not changed unexpectedly by the guestHans de Goede
-combine the qh check with the check for devaddr changes -also ensure that p gets set to NULL when the queue gets cancelled on devaddr change, which was not done properly before this patch Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-09-11Revert "ehci: don't flush cache on doorbell rings."Hans de Goede
This reverts commit 9bc3a3a216e2689bfcdd36c3e079333bbdbf3ba0, which got added to fix an issue where the real, underlying cause was not stopping the ep queue on an error. Now that the underlying cause is fixed by the "usb: Halt ep queue and cancel pending packets on a packet error" patch, the "don't flush" fix is no longer needed. Not only is it not needed, it causes us to see cancellations (unlinks) done by the Linux EHCI driver too late, which in combination with the new usb-core packet-id generation where qtd addresses are used as ids, causes duplicate ids for in flight packets. Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-09-11usb-core: Allow the first packet of a pipelined ep to complete immediatelyHans de Goede
This can happen with usb-redir live-migration when the packet gets re-queued after the migration and the original queuing from the migration source side has already finished. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11usb-core: Add a usb_ep_find_packet_by_id() helper functionHans de Goede
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11usb-core: Don't set packet state to complete on a nakHans de Goede
This way the hcd can re-use the same packet to retry without needing to re-init it. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11usb: controllers do not need to check for babble themselvesHans de Goede
If an (emulated) usb-device tries to write more data to a packet then its iov len, this will trigger an assert in usb_packet_copy(), and if a driver somehow circumvents that check and writes more data to the iov then there is space, we have a much bigger problem then not correctly reporting babble to the guest. In practice babble will only happen with (real) redirected devices, and there both the usb-host os and the qemu usb-device code already check for it. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-10RTC: Remove the current_tm fieldPaolo Bonzini
This is not used anymore and only written to. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-10RTC: Get and set time without going through s->current_tmPaolo Bonzini
This patch makes rtc_set_time and rtc_set_cmos work without reading s->current_tm. In the case of rtc_set_time I introduce a new function that retrieves the time and stores into a given struct tm (not hard-coded to s->current_tm). In the case of rtc_set_cmos, the current time is similarly taken from a struct tm rather than s->current_tm. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-10RTC: Do not fire timer periodically to catch next alarmPaolo Bonzini
This patch limits further the usage of a periodic timer. It computes the time of the next alarm, and uses it to skip all intermediate occurrences of the timer. Cc: Yang Zhang <yang.z.zhang@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-10RTC: Add divider reset supportYang Zhang
The first update cycle begins one-half seconds after divider reset is removed. This feature is useful for testing. Signed-off-by: Yang Zhang <yang.z.zhang@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-10RTC: Update the RTC clock only when reading itYang Zhang
Calculate guest RTC based on the time of the last update, instead of using timers. The formula is (base_rtc + guest_time_now - guest_time_last_update + offset) Base_rtc is the RTC value when the RTC was last updated. Guest_time_now is the guest time when the access happens. Guest_time_last_update was the guest time when the RTC was last updated. Offset is used when divider reset happens or the set bit is toggled. The timer is kept in order to signal interrupts, but it only needs to run when either UF or AF is cleared. When the bits are both set, the timer does not run. UIP is now synthesized when reading register A. If the timer is not set, or if there is more than one second before it (as is the case at the end of this series), the leading edge of UIP is computed and the rising edge occurs 220us later. If the update timer occurs within one second, however, the rising edge of the AF and UF bits should coincide withe the falling edge of UIP. We do not know exactly when this will happen because there could be delays in the servicing of the timer. Hence, in this case reading register A only computes for the rising edge of UIP, and latches the bit until the timer is fired and clears it. Signed-off-by: Yang Zhang <yang.z.zhang@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-10RTC: Update interrupt state when interrupts are masked/unmaskedYang Zhang
If an interrupt flag is already set when the interrupt becomes enabled, raise an interrupt immediately, and vice versa if interrupts become disabled. Signed-off-by: Yang Zhang <yang.z.zhang@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-10RTC: introduce RTC_CLOCK_RATEPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-10RTC: Rename rtc_timer_updateYang Zhang
Signed-off-by: Yang Zhang <yang.z.zhang@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-10RTC: Remove the logic to update time format when DM bit changedYang Zhang
Changing the DM (binary/BCD) and 24/12 control bit doesn't affect the internal registers. It only indicates what format is used for those registers. Signed-off-by: Yang Zhang <yang.z.zhang@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-10Merge remote-tracking branch 'qemu-kvm/uq/master' into stagingAnthony Liguori
* qemu-kvm/uq/master: kvm: i386: Add classic PCI device assignment kvm: i386: Add services required for PCI device assignment kvm: Introduce kvm_has_intx_set_mask kvm: Introduce kvm_irqchip_update_msi_route kvm: Clean up irqfd API qemu: Use valgrind annotations to mark kvm guest memory as defined
2012-09-10Merge remote-tracking branch 'mst/tags/for_anthony' into stagingAnthony Liguori
* mst/tags/for_anthony: vhost: Pass device path to vhost_dev_init() monitor: Rename+move net_handle_fd_param -> monitor_handle_fd_param pcie_aer: clear cmask for Advanced Error Interrupt Message Number pcie: drop version_id field for live migration qemu: add .exrc
2012-09-10Merge branch 'spice.v59' of git://anongit.freedesktop.org/spice/qemuAurelien Jarno
* 'spice.v59' of git://anongit.freedesktop.org/spice/qemu: Remove #ifdef QXL_COMMAND_FLAG_COMPAT_16BPP qxl: Add set_client_capabilities() interface to QXLInterface spice: make number of surfaces runtime-configurable. configure: print spice-protocol and spice-server versions qxl: add QXL_IO_MONITORS_CONFIG_ASYNC qxl: disallow unknown revisions qxl/update_area_io: guest_bug on invalid parameters spice: increase the verbosity of spice section in "qemu --help" spice: adding seamless-migration option to the command line spice: add 'migrated' flag to spice info spice migration: add QEVENT_SPICE_MIGRATE_COMPLETED spice: notify on vm state change only via spice_server_vm_start/stop spice: notify spice server on vm start/stop spice: abort on invalid streaming cmdline params
2012-09-10Merge branch 'queue/qmp' of git://repo.or.cz/qemu/qmp-unstableAurelien Jarno
* 'queue/qmp' of git://repo.or.cz/qemu/qmp-unstable: tcx: tcx_screen_dump(): add error handling tcx: tcx24_screen_dump(): add error handling g364fb: g364fb_screen_dump(): add error handling omap_lcdc: omap_ppm_save(): add error handling omap_lcdc: rename ppm_save() to omap_ppm_save() vga: ppm_save(): add error handling qapi: convert screendump console: vga_hw_screen_dump_ptr: take Error argument error: add error_setg() json-parser: Fix potential NULL pointer segfault qapi: Fix potential NULL pointer segfault qapi: convert sendkey monitor: move key_defs[] table and introduce two help functions qapi: add the QKeyCode enum qapi: generate list struct and visit_list for enum hmp: rename arguments monitor: rename keyname '<' to 'less' fix doc of using raw values with sendkey Add support for pretty-printing response in qmp-shell
2012-09-10hw/mcf5206: Fix buffer overflow for MBAR read / writeStefan Weil
Report from smatch: mcf5206.c:384 m5206_mbar_readb(7) error: buffer overflow 'm5206_mbar_width' 128 <= 128 mcf5206.c:403 m5206_mbar_readw(8) error: buffer overflow 'm5206_mbar_width' 128 <= 128 mcf5206.c:427 m5206_mbar_readl(8) error: buffer overflow 'm5206_mbar_width' 128 <= 128 mcf5206.c:451 m5206_mbar_writeb(9) error: buffer overflow 'm5206_mbar_width' 128 <= 128 mcf5206.c:475 m5206_mbar_writew(9) error: buffer overflow 'm5206_mbar_width' 128 <= 128 mcf5206.c:503 m5206_mbar_writel(9) error: buffer overflow 'm5206_mbar_width' 128 <= 128 m5206_mbar_width has 0x80 elements and supports 0 <= offset < 0x200. Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-09-10hw/wm8750: Fix potential buffer overflowStefan Weil
Report from smatch: hw/wm8750.c:369 wm8750_tx(12) error: buffer overflow 's->i2c_data' 2 <= 2 It looks like the preprocessor statements were simply misplaced. Replace also __FUNCTION__ by __func__ to please checkpatch.pl. Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-09-10kvm: i386: Add classic PCI device assignmentJan Kiszka
This adds PCI device assignment for i386 targets using the classic KVM interfaces. This version is 100% identical to what is being maintained in qemu-kvm for several years and is supported by libvirt as well. It is expected to remain relevant for another couple of years until kernels without full-features and performance-wise equivalent VFIO support are obsolete. A refactoring to-do that should be done in-tree is to model MSI and MSI-X support via the generic PCI layer, similar to what VFIO is already doing for MSI-X. This should improve the correctness and clean up the code from duplicate logic. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Acked-by: Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com>
2012-09-09kvm: Clean up irqfd APIJan Kiszka
No need to expose the fd-based interface, everyone will already be fine with the more handy EventNotifier variant. Rename the latter to clarify that we are still talking about irqfds here. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Acked-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com>
2012-09-08musicpal: Fix flash mappingJan Kiszka
The old arithmetic assumed 32 physical address bits which is no longer true for ARM since 3cc0cd61f4. Signed-off-by: Jan Kiszka <jan.kiszka@web.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-09-07lan9118: fix multicast filteringAurelien Jarno
The lan9118 emulation tries to compute the multicast index by calling directly the crc32() function from zlib, but fails to get the correct result. Use the common compute_mcast_idx() function instead, which gives the correct result. This fixes IPv6 support. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-09-07fix entry pointer for ELF kernels loaded with -kernel optionHenning Schild
Find a hopefully proper patch attached. Take it or leave it. Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Henning Schild <henning@hennsch.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-09-07vhost: Pass device path to vhost_dev_init()Stefan Hajnoczi
The path to /dev/vhost-net is currently hardcoded in vhost_dev_init(). This needs to be changed so that /dev/vhost-scsi can be used. Pass in the device path instead of hardcoding it. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-09-07pcie_aer: clear cmask for Advanced Error Interrupt Message NumberJason Baron
The Advanced Error Interrupt Message Number (bits 31:27 of the Root Error Status Register) is updated when the number of msi messages assigned to a device changes. Migration of windows 7 on q35 chipset failed because the check in get_pci_config_device() fails due to cmask being set on these bits. Its valid to update these bits and we must restore this state across migration. Signed-off-by: Jason Baron <jbaron@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>