aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2012-11-26hw/ide/macio: Fix segfault caused by NULL DMAContext*Peter Maydell
Pass qemu_sglist_init the global dma_context_memory rather than a NULL pointer; this fixes a segfault in dma_memory_map() when the guest starts using DMA. Reported-by: Amadeusz Sławiński <amade@asmblr.net> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-11-26Merge remote-tracking branch 'kraxel/usb.72' into stagingAnthony Liguori
* kraxel/usb.72: usb-redir: Don't handle interrupt output packets async usb-redir: Split usb_handle_interrupt_data into separate in/out functions usb-smartcard-reader: Properly NAK interrupt eps when we've no events usb-bt: Return NAK instead of STALL when interrupt ep has no data uhci: Fix double unlink uhci: Don't allow the guest to set port-enabled when there is no dev connected uhci: Add a completions_only flag for async completions Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-21usb-redir: Don't handle interrupt output packets asyncHans de Goede
Instead report them as successfully completed directly on submission, this has 2 advantages: 1) This matches the timing of interrupt output packets on real hardware, with the previous async handling, if an ep has an interval of say 500 ms, then there would be 500+ ms between the submission and the guest seeing the completion, as we wont do the write back until the qh gets polled again. And in the mean time the guest may very well have timed out, as the guest can reasonable expect a much quicker completion. 2) This fixes interrupt output packets potentially getting send twice surrounding a migration. As we delay the writeback to guest memory until the qh gets polled again, there is a window between completion and writeback where migration can happen, in this case the destination will not know about the completion, and it will execute the packet *again* But it does also come with a disadvantage: 1) If the actual interrupt out to the real usb device fails, there is no way to report this back to the guest. This patch assumes however that interrupt outs in practice never fail, as they are only used by specialized drivers, which are unlikely to issue illegal requests (unlike general class drivers which often issue requests which some devices don't implement). And that thus the advantages outway the disadvantage. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-21usb-redir: Split usb_handle_interrupt_data into separate in/out functionsHans de Goede
No functional changes. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-21usb-smartcard-reader: Properly NAK interrupt eps when we've no eventsHans de Goede
When we've no data to return from the interrupt endpoint, return NAK rather then a 0 length packet. CC: Alon Levy <alevy@redhat.com> Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-21usb-bt: Return NAK instead of STALL when interrupt ep has no dataHans de Goede
I noticed this while making all devices with interrupt endpoints properly do wakeup. While at it also add wakeup support. Note that I've not tested this, but returning STALL for an interrupt ep which has no data is cleary the wrong thing to do. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-21uhci: Fix double unlinkHans de Goede
uhci_async_cancel() already does a uhci_async_unlink(). Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-21uhci: Don't allow the guest to set port-enabled when there is no dev connectedHans de Goede
It is possible for device disconnect and the guest trying to reset the port (because of USB xact errors prior to the disconnect getting signaled) to race, when we hit this race, the guest will write the port-control register with its pre-disconnect value + the reset bit set, after which we have a disconnected device with its port-enabled bit set in its port-control register, which is no good :) Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-21uhci: Add a completions_only flag for async completionsHans de Goede
Add a completions_only flag, and set this when running process_frame for async completion handling, this fixes 2 issues in a single patch: 1) It makes sure async completed packets get written to guest mem immediately, even if all the bandwidth for the frame was consumed from the timer run process_frame. This is necessary as delaying their writeback to the next frame can cause the completion to get lost on migration. 2) The calling of process_frame from a bh on async completion causes iso tds to get server more often they should, messing up usb sound class device timing. By only processing completed packets, the iso tds get skipped fixing this. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-21ide: Fix status register after short PRDsKevin Wolf
When failing a request because the length of the regions described by the PRDT was too short for the requested number of sectors, the IDE emulation forgot to update the status register, so that the device would keep the BSY flag set indefinitely. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2012-11-21ide: Fix crash with too long PRDKevin Wolf
Without this, s->nsector can become negative and badness happens (trying to malloc huge amount of memory and glib calls abort()) Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2012-11-19Merge remote-tracking branch 'kwolf/for-anthony' into stagingAnthony Liguori
* kwolf/for-anthony: (26 commits) qemu-io: Use bdrv_drain_all instead of qemu_aio_flush megasas: Use bdrv_drain_all instead of qemu_aio_flush vmdk: Fix data corruption bug in WRITE and READ handling fdc: remove last usage of FD_STATE_SEEK fdc: fix typo in zero constant fdc: remove double affectation of FD_MSR_CMDBUSY flag fdc-tests: add tests for VERIFY command fdc: implement VERIFY command fdc-test: Check READ ID fdc: fix false FD_SR0_SEEK fdc: fix FD_SR0_SEEK for initial seek on DMA transfers fdc: fix FD_SR0_SEEK for non-DMA transfers and multi sectors transfers fdc: use status0 field instead of a local variable fdc-test: add tests for non-DMA READ command fdc-test: insert media before fuzzing registers fdc-test: split test_media_change() test, so insert part can be reused fdc: Remove status0 parameter from fdctrl_set_fifo() aio: rename AIOPool to AIOCBInfo aio: use g_slice_alloc() for AIOCB pooling aio: switch aiocb_size type int -> size_t ... Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-19Merge remote-tracking branch 'kraxel/usb.71' into stagingAnthony Liguori
* kraxel/usb.71: usb-host: fix splitted transfers usb-host: update tracing usb-redir: Set default debug level to warning usb-redir: Only add actually in flight packets to the in flight queue ehci: handle dma errors ehci: keep the frame timer running in case the guest asked for frame list rollover interrupts ehci: Don't verify the next pointer for periodic qh-s and qtd-s ehci: Better detection for qtd-s linked in circles ehci: Fixup q->qtdaddr after cancelling an already completed packet ehci: Don't access packet after freeing it usb: host-linux: Ignore parsing errors of the device descriptors usb-host: scan for usb devices when the vm starts usb: Fix (another) bug in usb_packet_map() for IOMMU handling fix live migration Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-19Merge remote-tracking branch 'amit/loadvm-irq-inj-fix' into stagingAnthony Liguori
* amit/loadvm-irq-inj-fix: virtio-serial-bus: post_load send_event when vm is running Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-19Merge remote-tracking branch 'afaerber/qom-cpu' into stagingAnthony Liguori
* afaerber/qom-cpu: target-i386: Add Haswell CPU model target-i386/cpu: Add new Opteron CPU model target-i386/cpu: Name new CPUID bits qapi-types.h: Don't include qemu-common.h osdep: Move qemu_{open,close}() prototypes qemu-config.h: Include headers it needs vnc-palette.h: Include <stdbool.h> qemu-fsdev-dummy.c: Include module.h qdev: Split up header so it can be used in cpu.h Move qemu_irq typedef out of qemu-common.h qemu-common.h: Comment about usage rules Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-19Merge remote-tracking branch 'qemu-kvm/uq/master' into stagingAnthony Liguori
* qemu-kvm/uq/master: kvm: Actually remove software breakpoints from list on cleanup acpi_piix4: fix migration of gpe fields Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-17Merge branch 'vga.1' of git://git.kraxel.org/qemuBlue Swirl
* 'vga.1' of git://git.kraxel.org/qemu: vga: fix mmio vga register mapping vga: fix bochs alignment issue
2012-11-16virtio-rng-pci: create a default backend if none existsAnthony Liguori
This allows you to specify: $ qemu -device virtio-rng-pci And things will Just Work with a reasonable default. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-16virtio-rng: add rate limiting supportAnthony Liguori
This adds parameters to virtio-rng-pci to allow rate limiting the entropy a guest receives. An example command line: $ qemu -device virtio-rng-pci,max-bytes=1024,period=1000 Would limit entropy collection to 1Kb/s. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-16virtio-rng: hardware random number generator deviceAmit Shah
The Linux kernel already has a virtio-rng driver, this is the device implementation. When the guest asks for entropy from the virtio hwrng, it puts a buffer in the vq. We then put entropy into that buffer, and push it back to the guest. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> --- aliguori: converted to new RngBackend interface aliguori: remove entropy needed event aliguori: fix migration
2012-11-16usb-host: fix splitted transfersGerd Hoffmann
USBPacket->actual_length wasn't updated correctly for USBPackets splitted into multiple urbs. Fix it. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16usb-host: update tracingGerd Hoffmann
Now that we have separate status and length fields in USBPacket update the completion tracepoint to log both. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16usb-redir: Set default debug level to warningHans de Goede
The previous default of 0 means that even errors and warnings would not get printed, which is really not a good default. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16usb-redir: Only add actually in flight packets to the in flight queueHans de Goede
Packets which are queued up, but not yet handed over to the device, are *not* in flight. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16ehci: handle dma errorsGerd Hoffmann
Starting with commit 1c380f9460522f32c8dd2577b2a53d518ec91c6d dma transfers can actually fail. This patch makes ehci keep track of the busmaster bit in pci config space, by setting/clearing the dma_context pointer. Attempts to dma without context will result in raising HSE (Host System Error) interrupt and stopping the host controller. This patch fixes WinXP not booting with a usb stick attached to ehci. Root cause is seabios activating ehci so you can boot from the stick, and WinXP clearing the busmaster bit before resetting the host controller, leading to ehci actually trying dma while it is disabled. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16ehci: keep the frame timer running in case the guest asked for frame list ↵Gerd Hoffmann
rollover interrupts Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16ehci: Don't verify the next pointer for periodic qh-s and qtd-sHans de Goede
While testing the move to async packet handling for interrupt endpoints I noticed that Windows-XP likes to play tricks with the next pointer for periodic qh-s, so we should not fail qh / qtd verification when it changes. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16ehci: Better detection for qtd-s linked in circlesHans de Goede
Windows links interrupt qtd-s in circles, which means that when interrupt endpoints return USB_RET_ASYNC, combined with the recent "ehci: Retry to fill the queue while waiting for td completion" patch, we keep adding the tds to the queue over and over again, as we detect the circle from fill_queue, but we call it over and over again ... This patch fixes this by changing the circle detection to also detect circling into tds already queued up previously. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16ehci: Fixup q->qtdaddr after cancelling an already completed packetHans de Goede
This avoids the q->qtdaddr == p->qtdaddr asserts we have triggering, when a queue contains multiple completed packages when we cancel the queue. I triggered this with windows7 + async interrupt endpoint handling (*) + not detecting circles in ehci_fill_queue() properly, which makes the qtd validation in ehci_fill_queue fail, causing cancellation of the queue on every mouse event ... *) Which is not going upstream as it will cause loss of interrupt events on migration. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16ehci: Don't access packet after freeing itHans de Goede
ehci_state_writeback() will free the packet, so we should not access the packet after calling ehci_state_writeback(). Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16usb: host-linux: Ignore parsing errors of the device descriptorsJan Kiszka
The Linux is more tolerant here as well: Just stop parsing the device descriptors when an error is detected but do not reset what was found so far. This allows to run buggy devices with partially invalid descriptors. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16vga: fix mmio vga register mappingGerd Hoffmann
2012-11-16vga: fix bochs alignment issueGerd Hoffmann
The bochs dispi interface traditionally uses port 0x1ce as 16bit index register and port 0x1cf as 16bit data register. The later is unaligned, and probably for that reason the the data register was moved to 0x1d0 for non-x86 archs. This patch makes the data register available at 0x1d0 on x86 too. The old x86 location is kept for compatibility reasons, so both 0x1cf and 0x1d0 can be used as data register on x86. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16usb-host: scan for usb devices when the vm startsGerd Hoffmann
Commit a844ed842d9a9d929645c09ae0f52f753d7a02e0 leads to usb-host detecting devices not right after qemu startup because the guest isn't running yet. Instead they are found on the first of the regular usb device poll runs. Which is too late for seabios to see them, so booting from usb sticks fails. Fix this by adding a vm state change handler which triggers a device scan when the vm is started. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16usb: Fix (another) bug in usb_packet_map() for IOMMU handlingDavid Gibson
Elements in qemu SGLists can cross IOMMU page boundaries. So, in commit 39c138c8420f51a7da7b35233a8d7400a0b589ac "usb: Fix usb_packet_map() in the presence of IOMMUs", I changed usb_packet_map() to split up each SGList element on IOMMU page boundaries and each resulting piece of qemu's memory space separately to the iovec the usb code uses internally. That was correct in concept, but the patch has a bug. The 'base' variable correctly steps through the dma address of each piece, but then we call the dma_memory_map() function on the base address of the whole SGList element every time. This patch fixes at least one problem using XHCI on the pseries guest machine. It didn't affect OHCI because that doesn't use usb_packet_map(). In theory it also affects EHCI, but we haven't observed that in practice. I think the transfers were small enough on EHCI that they never crossed an IOMMU page boundary in practice. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16fix live migrationGerd Hoffmann
Commit 1c380f9460522f32c8dd2577b2a53d518ec91c6d breaks live migration. DMA stops working for ehci (and probably for any pci device) after restoring the guest because the bus master region never gets enabled. Add code doing that after loading the pci config space from vmstate. Cc: Avi Kivity <avi@redhat.com> Cc: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16virtio-serial-bus: post_load send_event when vm is runningAlon Levy
Alexander Larsson found irq injection to Windows guests stopped after a migration. The symptom was the mouse stopped working. Reproduction steps are: 1. On src, start qemu with a virtio-serial port without any backend 2. On dest, start qemu with a virtio-serial port with a backend 3. Migrate. Upon migration, the older code detected the change in backend connection status, and sent a notification to the guest. However, it's not guaranteed that the apic is ready to inject irqs into the guest, and the irq line remained high, resulting in any future interrupts going unnoticed by the guest as well. Add a new timer based on vm_clock for 1 ns in the future from post_load to do the event send in case host_connected differs between migration source and target. RHBZ: 867366 Signed-off-by: Alon Levy <alevy@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com> # verbose commit log
2012-11-15mips/malta: fix CBUS UART interrupt pinAurelien Jarno
According to the MIPS Malta Developement Platform User's Manual, the i8259 interrupt controller is supposed to be connected to the hardware IRQ0, and the CBUS UART to the hardware interrupt 2. In QEMU they are both connected to hardware interrupt 0, the CBUS UART interrupt being wrong. This patch fixes that. It should be noted that the irq array in QEMU includes the software interrupts, hence env->irq[2] is the first hardware interrupt. Cc: Ralf Baechle <ralf@linux-mips.org> Reviewed-by: Eric Johnson <ericj@mips.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-11-15qdev: Split up header so it can be used in cpu.hAnthony Liguori
Header file dependency is a frickin' nightmare right now. cpu.h tends to get included in our 'include everything' header files but qdev also needs to include those headers mainly for qdev-properties since it knows about CharDriverState and friends. We can solve this for now by splitting out qdev.h along the same lines that we previously split the C file. Then cpu.h just needs to include qdev-core.h. hw/qdev.h is split into following new headers: hw/qdev-core.h hw/qdev-properties.h hw/qdev-monitor.h Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> [ehabkost: re-add DEFINE_PROP_PCI_HOST_DEVADDR, that was removed on the original patch (by mistake, I guess)] [ehabkost: kill qdev_prop_set_vlan() declaration] [ehabkost: moved get_fw_dev_path() comment to the original location (I don't know why it was moved)] [ehabkost: removed qdev_exists() declaration] [ehabkost: keep using 'QemuOpts' instead of 'struct QemuOpts', as qdev-core.h includes qemu-option.h] Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-11-15Move qemu_irq typedef out of qemu-common.hIgor Mammedov
It's necessary for making CPU child of DEVICE without causing circular header deps. Signed-off-by: Igor Mammedov <imammedo@redhat.com> [ehabkost: re-added the typedef to hw/irq.h after rebasing] Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-11-14acpi_piix4: fix migration of gpe fieldsMarcelo Tosatti
Migrate 16 bytes for en/sts fields (which is the correct size), increase version to 3, and document how to support incoming migration from qemu-kvm 1.2. Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2012-11-14megasas: Use bdrv_drain_all instead of qemu_aio_flushKevin Wolf
Calling qemu_aio_flush() directly can hang when combined with I/O throttling. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com>
2012-11-14fdc: remove last usage of FD_STATE_SEEKHervé Poussineau
Replace it by directly setting FD_SR0_SEEK if required Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-11-14fdc: fix typo in zero constantHervé Poussineau
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-11-14fdc: remove double affectation of FD_MSR_CMDBUSY flagHervé Poussineau
FD_MSR_CMDBUSY flag is already set in fdctrl_write_data(), just before calling the command handler (fdctrl_start_transfer() here). Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-11-14fdc: implement VERIFY commandHervé Poussineau
VERIFY command is like a READ command, except that read data is not transfered by DMA. As DMA engine is not used, so we have to start data transfer ourselves. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-11-14fdc: fix false FD_SR0_SEEKHervé Poussineau
Do not always set FD_SR0_SEEK, as callers already set it if needed. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-11-14fdc: fix FD_SR0_SEEK for initial seek on DMA transfersHervé Poussineau
fdctrl_start_transfer() used to set FD_SR0_SEEK no matter if there actually was a seek or not. This is obviously wrong. fdctrl_start_transfer() has this information because it performs the initial seek itself. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-11-14fdc: fix FD_SR0_SEEK for non-DMA transfers and multi sectors transfersHervé Poussineau
On non-DMA transfers, fdctrl_stop_transfer() used to set FD_SR0_SEEK no matter if there actually was a seek or not. This is obviously wrong. fdctrl_seek_to_next_sect() has this information because it performs the seek itself. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-11-14fdc: use status0 field instead of a local variableHervé Poussineau
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>