aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2015-05-12fdc: force the fifo access to be in bounds of the allocated bufferPetr Matousek
During processing of certain commands such as FD_CMD_READ_ID and FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could get out of bounds leading to memory corruption with values coming from the guest. Fix this by making sure that the index is always bounded by the allocated memory. This is CVE-2015-3456. Signed-off-by: Petr Matousek <pmatouse@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com>
2015-05-12hw/arm/highbank.c: Wire FIQ between CPU <> GICPeter Maydell
Connect FIQ output of the GIC CPU interfaces to the CPUs. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1430502643-25909-18-git-send-email-peter.maydell@linaro.org
2015-05-12hw/arm/vexpress.c: Wire FIQ between CPU <> GICFabian Aggeler
Connect FIQ output of the GIC CPU interfaces to the CPUs. Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch> Signed-off-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1430502643-25909-17-git-send-email-peter.maydell@linaro.org Message-id: 1429113742-8371-3-git-send-email-greg.bellows@linaro.org [PMM: minor format tweak] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-12hw/arm/virt.c: Wire FIQ between CPU <> GICGreg Bellows
Connect FIQ output of the GIC CPU interfaces to the CPUs. Signed-off-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1430502643-25909-16-git-send-email-peter.maydell@linaro.org Message-id: 1429113742-8371-4-git-send-email-greg.bellows@linaro.org [PMM: minor format tweak] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-12hw/intc/arm_gic: Add grouping support to gic_update()Peter Maydell
Add support to gic_update() for determining the current IRQ and FIQ status when interrupt grouping is supported. This simply requires that instead of always raising IRQ we check the group of the highest priority pending interrupt and the GICC_CTLR.FIQEn bit to see whether we should raise IRQ or FIQ. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 1430502643-25909-15-git-send-email-peter.maydell@linaro.org
2015-05-12hw/intc/arm_gic: Change behavior of IAR writesFabian Aggeler
Grouping (GICv2) and Security Extensions change the behavior of IAR reads. Acknowledging Group0 interrupts is only allowed from Secure state and acknowledging Group1 interrupts from Secure state is only allowed if AckCtl bit is set. Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch> Signed-off-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1430502643-25909-14-git-send-email-peter.maydell@linaro.org Message-id: 1429113742-8371-14-git-send-email-greg.bellows@linaro.org [PMM: simplify significantly by reusing the existing gic_get_current_pending_irq() rather than reimplementing the same logic here] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-12hw/intc/arm_gic: Change behavior of EOIR writesFabian Aggeler
Grouping (GICv2) and Security Extensions change the behavior of EOIR writes. Completing Group0 interrupts is only allowed from Secure state. Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch> Signed-off-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1430502643-25909-13-git-send-email-peter.maydell@linaro.org Message-id: 1429113742-8371-13-git-send-email-greg.bellows@linaro.org [PMM: Rather than go to great lengths to ignore the UNPREDICTABLE case of a Secure EOI of a Group1 (NS) irq with AckCtl == 0, we just let it fall through; add a comment about it.] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-12hw/intc/arm_gic: Handle grouping for GICC_HPPIRFabian Aggeler
Grouping (GICv2) and Security Extensions change the behaviour of reads of the highest priority pending interrupt register (ICCHPIR/GICC_HPPIR). Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch> Signed-off-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1430502643-25909-12-git-send-email-peter.maydell@linaro.org Message-id: 1429113742-8371-12-git-send-email-greg.bellows@linaro.org [PMM: make utility fn static; coding style fixes; AckCtl has an effect for GICv2 without security extensions as well; removed checks on enable bits because these are done when we set current_pending[cpu]] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-12hw/intc/arm_gic: Restrict priority viewFabian Aggeler
GICs with Security Extensions restrict the non-secure view of the interrupt priority and priority mask registers. Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch> Signed-off-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1430502643-25909-11-git-send-email-peter.maydell@linaro.org Message-id: 1429113742-8371-15-git-send-email-greg.bellows@linaro.org [PMM: minor code tweaks; fixed missing masking in gic_set_priority_mask and gic_set_priority] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-12hw/intc/arm_gic: Implement Non-secure view of RPRFabian Aggeler
For GICs with Security Extensions Non-secure reads have a restricted view on the current running priority. Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch> Signed-off-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1430502643-25909-10-git-send-email-peter.maydell@linaro.org Message-id: 1429113742-8371-11-git-send-email-greg.bellows@linaro.org [PMM: make function static, minor comment tweak] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-12hw/intc/arm_gic: Make ICCICR/GICC_CTLR bankedFabian Aggeler
ICCICR/GICC_CTLR is banked in GICv1 implementations with Security Extensions or in GICv2 in independent from Security Extensions. This makes it possible to enable forwarding of interrupts from the CPU interfaces to the connected processors for Group0 and Group1. We also allow to set additional bits like AckCtl and FIQEn by changing the type from bool to uint32. Since the field does not only store the enable bit anymore and since we are touching the vmstate, we use the opportunity to rename the field to cpu_ctlr. Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch> Signed-off-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1430502643-25909-9-git-send-email-peter.maydell@linaro.org Message-id: 1429113742-8371-9-git-send-email-greg.bellows@linaro.org [PMM: rewrote to store state in a single uint32_t rather than keeping the NS and S banked variants separate; this considerably simplifies the get/set functions] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-12hw/intc/arm_gic: Make ICCBPR/GICC_BPR bankedFabian Aggeler
This register is banked in GICs with Security Extensions. Storing the non-secure copy of BPR in the abpr, which is an alias to the non-secure copy for secure access. ABPR itself is only accessible from secure state if the GIC implements Security Extensions. Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch> Signed-off-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1430502643-25909-8-git-send-email-peter.maydell@linaro.org Message-id: 1429113742-8371-10-git-send-email-greg.bellows@linaro.org [PMM: rewrote to fix style issues and correct handling of GICv2 without security extensions] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-12hw/intc/arm_gic: Make ICDDCR/GICD_CTLR bankedFabian Aggeler
ICDDCR/GICD_CTLR is banked if the GIC has the security extensions, and the S (or only) copy has separate enable bits for Group0 and Group1 enable if the GIC implements interrupt groups. EnableGroup0 (Bit [1]) in GICv1 is architecturally IMPDEF. Since this bit (Enable Non-secure) is present in the integrated GIC of the Cortex-A9 MPCore, we support this bit in our GICv1 implementation too. Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch> Signed-off-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1430502643-25909-7-git-send-email-peter.maydell@linaro.org Message-id: 1429113742-8371-8-git-send-email-greg.bellows@linaro.org [PMM: rewritten to store the state in a single s->ctlr uint32, with the NS register handled as an alias of bit 1 in that value; added vmstate version bump] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-12hw/intc/arm_gic_kvm.c: Save and restore GICD_IGROUPRn statePeter Maydell
Now that the GIC base class has state fields for the GICD_IGROUPRn registers, make kvm_arm_gic_get() and kvm_arm_gic_put() write and read them. This allows us to remove the check that made us fail migration if the guest had set any of the group register bits. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1430502643-25909-6-git-send-email-peter.maydell@linaro.org
2015-05-12hw/intc/arm_gic: Add Interrupt Group RegistersFabian Aggeler
The Interrupt Group Registers allow the guest to configure interrupts into one of two groups, where Group0 are higher priority and may be routed to IRQ or FIQ, and Group1 are lower priority and always routed to IRQ. (In a GIC with the security extensions Group0 is Secure interrupts and Group 1 is NonSecure.) The GICv2 always supports interrupt grouping; the GICv1 does only if it implements the security extensions. This patch implements the ability to read and write the registers; the actual functionality the bits control will be added in a subsequent patch. Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch> Signed-off-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1430502643-25909-5-git-send-email-peter.maydell@linaro.org Message-id: 1429113742-8371-7-git-send-email-greg.bellows@linaro.org [PMM: bring GIC_*_GROUP macros into line with the others, ie a simple SET/CLEAR/TEST rather than GROUP0/GROUP1; utility gic_has_groups() function; minor style fixes; bump vmstate version] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-12hw/intc/arm_gic: Switch to read/write callbacks with tx attributesPeter Maydell
Switch the GIC's MMIO callback functions to the read_with_attrs and write_with_attrs functions which provide MemTxAttrs. This will allow the GIC to correctly handle secure and nonsecure register accesses. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 1430502643-25909-4-git-send-email-peter.maydell@linaro.org
2015-05-12hw/intc/arm_gic: Add Security Extensions propertyFabian Aggeler
Add a QOM property which allows the GIC Security Extensions to be enabled. These are an optional part of the GICv1 and GICv2 architecture. This commit just adds the property and some sanity checks that it is only enabled on GIC revisions that support it. Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch> Signed-off-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1430502643-25909-3-git-send-email-peter.maydell@linaro.org Message-id: 1429113742-8371-5-git-send-email-greg.bellows@linaro.org [PMM: changed property name, added checks that it isn't set for older GIC revisions or if using the KVM VGIC; reworded commit message] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-12hw/intc/arm_gic: Create outbound FIQ linesFabian Aggeler
Create the outbound FIQ lines from the GIC to the CPUs; these are used if the GIC has security extensions or grouping support. Signed-off-by: Fabian Aggeler <aggelerf@ethz.ch> Signed-off-by: Greg Bellows <greg.bellows@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1430502643-25909-2-git-send-email-peter.maydell@linaro.org Message-id: 1429113742-8371-2-git-send-email-greg.bellows@linaro.org [PMM: added FIQ lines to kvm-arm-gic so its interface is the same; tweaked commit message] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-12hw/sd: Don't pass BlockBackend to sd_reset()Peter Maydell
The only valid BlockBackend to pass to sd_reset() is the one for the SD card, which is sd->blk. Drop the second argument from this function in favour of having it just use sd->blk. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-id: 1430683444-9797-1-git-send-email-peter.maydell@linaro.org
2015-05-12armv7m_nvic: systick: Reload the RELOAD value and count down only if ENABLE ↵Adrian Huang
bit is set Consider the following pseudo code to configure SYSTICK (The recommended programming sequence from "the definitive guide to the arm cortex-m3"): SYSTICK Reload Value Register = 0xffff SYSTICK Current Value Register = 0 SYSTICK Control and Status Register = 0x7 The pseudo code "SYSTICK Current Value Register = 0" leads to invoking systick_reload(). As a consequence, the systick.tick member is updated and the systick timer starts to count down when the ENABLE bit of SYSTICK Control and Status Register is cleared. The worst case is that: during the system initialization, the reset value of the SYSTICK Control and Status Register is 0x00000000. When the code "SYSTICK Current Value Register = 0" is executed, the systick.tick member is accumulated with "(s->systick.reload + 1) * systick_scale(s)". The systick_scale() gets the external_ref_clock scale because the CLKSOURCE bit of the SYSTICK Control and Status Register is cleared. This is the incorrect behavior because of the code "SYSTICK Control and Status Register = 0x7". Actually, we want the processor clock instead of the external reference clock. This incorrect behavior defers the generation of the first interrupt. The patch fixes the above-mentioned issue by setting the systick.tick member and modifying the systick timer only if the ENABLE bit of the SYSTICK Control and Status Register is set. In addition, the Cortex-M3 Devices Generic User Guide mentioned that "When ENABLE is set to 1, the counter loads the RELOAD value from the SYST RVR register and then counts down". This patch adheres to the statement of the user guide. Signed-off-by: Adrian Huang <adrianhuang0701@gmail.com> Reviewed-by: Jim Huang <jserv.tw@gmail.com> [PMM: minor tweak to comment text] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-12Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into ↵Peter Maydell
staging # gpg: Signature made Mon May 11 16:25:58 2015 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/net-pull-request: rocker: timestamp on the debug logs helps correlate with events in the VM MAINTAINERS: add rocker rocker: add tests rocker: add new rocker switch device pci: add network device class 'other' for network switches pci: add rocker device ID rocker: add register programming guide virtio-net: use qemu_mac_strdup_printf net: add MAC address string printer Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-11Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
pc, virtio enhancements Memory hot-unplug support for pc, MSI-X mapping update speedup for virtio-pci, misc refactorings and bugfixes. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Mon May 11 08:23:43 2015 BST using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: (28 commits) acpi: update expected files for memory unplug virtio-scsi: Move DEFINE_VIRTIO_SCSI_FEATURES to virtio-scsi virtio-net: Move DEFINE_VIRTIO_NET_FEATURES to virtio-net pci: Merge pci_nic_init() into pci_nic_init_nofail() acpi: add a missing backslash to the \_SB scope. qmp-event: add event notification for memory hot unplug error acpi: add hardware implementation for memory hot unplug acpi: fix "Memory device control fields" register acpi: extend aml_field() to support UpdateRule acpi, mem-hotplug: add unplug cb for memory device acpi, mem-hotplug: add unplug request cb for memory device acpi, mem-hotplug: add acpi_memory_slot_status() to get MemStatus docs: update documentation for memory hot unplug virtio: coding style tweak pci: remove hard-coded bar size in msix_init_exclusive_bar() virtio-pci: speedup MSI-X masking and unmasking virtio: introduce vector to virtqueues mapping virtio-ccw: using VIRTIO_NO_VECTOR instead of 0 for invalid virtqueue monitor: check return value of qemu_find_net_clients_except() monitor: replace the magic number 255 with MAX_QUEUE_NUM ... Conflicts: hw/s390x/s390-virtio-bus.c [PMM: fixed conflict in s390_virtio_scsi_properties and s390_virtio_net_properties arrays; since the result of the two conflicting patches is to empty the property arrays completely, the conflict resolution is to remove them entirely.] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-11rocker: timestamp on the debug logs helps correlate with events in the VMDavid Ahern
Signed-off-by: David Ahern <dsahern@gmail.com> Signed-off-by: Scott Feldman <sfeldma@gmail.com> Signed-off-by: Jiri Pirko <jiri@resnulli.us> Message-id: 1426306173-24884-10-git-send-email-sfeldma@gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-11rocker: add new rocker switch deviceScott Feldman
Rocker is a simulated ethernet switch device. The device supports up to 62 front-panel ports and supports L2 switching and L3 routing functions, as well as L2/L3/L4 ACLs. The device presents a single PCI device for each switch, with a memory-mapped register space for device driver access. Rocker device is invoked with -device, for example a 4-port switch: -device rocker,name=sw1,len-ports=4,ports[0]=dev0,ports[1]=dev1, \ ports[2]=dev2,ports[3]=dev3 Each port is a netdev and can be paired with using -netdev id=<port name>. Signed-off-by: Scott Feldman <sfeldma@gmail.com> Signed-off-by: Jiri Pirko <jiri@resnulli.us> Acked-by: Scott Feldman <sfeldma@gmail.com> Acked-by: Jiri Pirko <jiri@resnulli.us> Signed-off-by: David Ahern <dsahern@gmail.com> Message-id: 1426306173-24884-7-git-send-email-sfeldma@gmail.com rocker: fix clang compiler errors Consolidate all forward typedef declarations to rocker.h. Signed-off-by: David Ahern <dsahern@gmail.com> Acked-by: Scott Feldman <sfeldma@gmail.com> Acked-by: Jiri Pirko <jiri@resnulli.us> rocker: add support for flow modification We had support for flow add/del. This adds support for flow mod. I needed this for L3 support where an existing route is modified using NLM_F_REPLACE. For example: ip route add 12.0.0.0/30 nexthop via 11.0.0.1 dev swp1 ip route change 12.0.0.0/30 nexthop via 11.0.0.9 dev swp2 The first cmd adds the route. The second cmd changes the existing route by changing its nexthop info. In the device, a mod operation results in the matching flow enty being modified with the new settings. This is atomic to the device. Signed-off-by: Scott Feldman <sfeldma@gmail.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-11virtio-net: use qemu_mac_strdup_printfScott Feldman
Signed-off-by: Scott Feldman <sfeldma@gmail.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-id: 1426306173-24884-3-git-send-email-sfeldma@gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-11Merge remote-tracking branch ↵Peter Maydell
'remotes/mjt/tags/pull-trivial-patches-2015-05-09' into staging trivial patches for 2015-05-09 # gpg: Signature made Fri May 8 22:58:42 2015 BST using RSA key ID A4C3D7DB # gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" # gpg: aka "Michael Tokarev <mjt@corpit.ru>" # gpg: aka "Michael Tokarev <mjt@debian.org>" * remotes/mjt/tags/pull-trivial-patches-2015-05-09: docs: update BLOCK_IMAGE_CORRUPTED documentation glib-compat.h: change assert to g_assert Remove various unused functions sheepdog: fix resource leak with sd_snapshot_create xhci: remove unused code Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-11Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
- build bugfix from Fam and new configure check from Emilio - two improvements to "info mtere" from Gerd - KVM support for memory transaction attributes - one more small step towards unlocked MMIO dispatch - one piece of the qemu-nbd errno fixes - trivial-ish patches from Denis and Thomas # gpg: Signature made Fri May 8 13:47:29 2015 BST using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: qemu-nbd: only send a limited number of errno codes on the wire rules.mak: Force CFLAGS for all objects in DSO configure: require __thread support exec: move rcu_read_lock/unlock to address_space_translate callers kvm: add support for memory transaction attributes mtree: also print disabled regions mtree: tag & indent a bit better apic_common: improve readability of apic_reset_common kvm: Silence warning from valgrind Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-11Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20150508-1' into ↵Peter Maydell
staging usb: qomify, bugfixes for xhci & uhci. # gpg: Signature made Fri May 8 12:39:28 2015 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-usb-20150508-1: uhci: controller is halted after reset usb: usb-serial QOMify usb: usb-redir QOMify usb: usb-wacom-tablet QOMify usb: usb-uas QOMify usb: usb-storage QOMify usb: usb-ccid QOMify usb: usb-net QOMify usb-mtp: fix segmentation fault usb: usb-mtp QOMify usb: usb-hub QOMify usb: usb-hid QOMify usb: usb-bt QOMify usb: usb-audio QOMify uhci: QOMify xhci: fix events for setup trb. Revert "xhci: generate a Transfer Event for each Transfer TRB with the IOC bit set" xhci: set timer to retry xfers usb: fix usb-net segfault Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-08xhci: remove unused codeGonglei
Value from xfer->packet.ep is assigned to ep here, but that stored value is not used before it is overwritten. Remove it. Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-05-08uhci: controller is halted after resetGerd Hoffmann
... and the status register should say so. Fixes "usbus0: controller did not stop" error printed by freebsd. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08usb: usb-serial QOMifyGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08usb: usb-redir QOMifyGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08usb: usb-wacom-tablet QOMifyGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08usb: usb-uas QOMifyGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08usb: usb-storage QOMifyGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08usb: usb-ccid QOMifyGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08usb: usb-net QOMifyGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08usb-mtp: fix segmentation faultGonglei
When x-root property not be configured, will cause segfault because of null pointer accessing. Add a check for s->root property avoid segfault. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08usb: usb-mtp QOMifyGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08usb: usb-hub QOMifyGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08usb: usb-hid QOMifyGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08usb: usb-bt QOMifyGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08usb: usb-audio QOMifyGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08uhci: QOMifyGonglei
Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08xhci: fix events for setup trb.Gerd Hoffmann
When we find a IOC bit set on a setup trb and therefore queue an event, that should not stop events being generated for following data trbs. So clear the 'reported' flag. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08Revert "xhci: generate a Transfer Event for each Transfer TRB with the IOC ↵Gerd Hoffmann
bit set" This makes xhci generate multiple short packet events in case of multi-trb transfers. Which is wrong. We need to fix this in a different way. This reverts commit aa6857891df614c620e6e9fc4bc4af6e0e49cafd. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08xhci: set timer to retry xfersGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08usb: fix usb-net segfaultMichal Kazior
The dev->config pointer isn't set until guest system initializes usb devices (via usb_desc_set_config). However qemu networking can go through some motions prior to that, e.g.: #0 is_rndis (s=0x555557261970) at hw/usb/dev-network.c:653 #1 0x000055555585f723 in usbnet_can_receive (nc=0x55555641e820) at hw/usb/dev-network.c:1315 #2 0x000055555587635e in qemu_can_send_packet (sender=0x5555572660a0) at net/net.c:470 #3 0x0000555555878e34 in net_hub_port_can_receive (nc=0x5555562d7800) at net/hub.c:101 #4 0x000055555587635e in qemu_can_send_packet (sender=0x5555562d7980) at net/net.c:470 #5 0x000055555587dbca in tap_can_send (opaque=0x5555562d7980) at net/tap.c:172 The command to reproduce most reliably was: qemu-system-i386 -usb -device usb-net,vlan=0 -net tap,vlan=0 This wasn't strictly a problem with tap. Other networking endpoints (vde, user) could trigger this problem as well. Fixes: https://bugs.launchpad.net/qemu/+bug/1050823 Cc: qemu-stable@nongnu.org Signed-off-by: Michal Kazior <michal.kazior@tieto.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08virtio-ccw: implement ->device_pluggedCornelia Huck
Let's move operations that are only valid after the backend has been realized to a ->device_plugged callback, just as virtio-pci does. Also reorder setting up the host feature bits to the sequence used by virtio-pci. While we're at it, also add a ->device_unplugged callback to stop ioeventfd, just to be on the safe side. Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Message-Id: <1429627016-30656-3-git-send-email-cornelia.huck@de.ibm.com>
2015-05-08virtio-ccw: change realization sequenceCornelia Huck
virtio-ccw has an odd sequence of realizing devices: first the device-specific relization (net, block, ...), then the generic realization. It feels less odd to have the generic realization callback trigger the device-specific realization instead (and this also matches what virtio-pci does). One thing to note: We need to defer initializing the cu model in the sense id data until after the device-specific realization has been performed, as we need to refer to the virtio device's device_id. Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Message-Id: <1429627016-30656-2-git-send-email-cornelia.huck@de.ibm.com>