aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2012-01-27Merge remote-tracking branch 'pmaydell/arm-devs.for-upstream' into stagingAnthony Liguori
* pmaydell/arm-devs.for-upstream: arm: SoC model for Calxeda Highbank arm_boot: support board IDs more than 16 bits wide arm: add secondary cpu boot callbacks to arm_boot.c ahci: add support for non-PCI based controllers Add xgmac ethernet model
2012-01-27Merge remote-tracking branch 'kwolf/for-anthony' into stagingAnthony Liguori
* kwolf/for-anthony: (22 commits) scsi: Guard against buflen exceeding req->cmd.xfer in scsi_disk_emulate_command qcow: Use bdrv functions to replace file operation qcow: Return real error code in qcow_open block/vdi: Zero unused parts when allocating a new block (fix #919242) virtio-blk: add virtio_blk_handle_read trace event docs: describe live block operations block: add support for partial streaming add QERR_BASE_NOT_FOUND block: add bdrv_find_backing_image blockdev: make image streaming safe across hotplug qmp: add query-block-jobs qmp: add block_job_cancel command qmp: add block_job_set_speed command qmp: add block_stream command block: rate-limit streaming operations block: add image streaming block job block: add BlockJob interface for long-running operations block: make copy-on-read a per-request flag block: check bdrv_in_use() before blockdev operations coroutine: add co_sleep_ns() coroutine sleep function ...
2012-01-27pcnet: Preserve link state across device resetJan Kiszka
A device reset does not affect the link state, only set_link does. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-01-27e1000: Preserve link state across device resetJan Kiszka
A device reset does not affect the link state, only set_link does. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-01-27qdev-property: Make bit property parsing stricterJan Kiszka
By using strncasecmp, we allow for arbitrary characters after the "on"/"off" string. Fix this by switching to strcasecmp. Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-01-26scsi: Guard against buflen exceeding req->cmd.xfer in scsi_disk_emulate_commandThomas Higdon
Limit the return value (corresponding to the length of the buffer to be DMAed back to the intiator) to the value in req->cmd.xfer, which is the amount of data that the initiator expects. Eliminate now-duplicate code that does this guarding in the functions for individual commands. Without this, the SCRIPTS code in the emulated LSI device eventually raises a DMA interrupt for a data overrun when an INQUIRY command whose buflen exceeds req->cmd.xfer is processed. It's the responsibility of the client to provide a request buffer and allocation length that are large enough for the result of the command. Signed-off-by: Thomas Higdon <thigdon@akamai.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-01-26virtio-blk: add virtio_blk_handle_read trace eventStefan Hajnoczi
There already exists a virtio_blk_handle_write trace event as well as completion events. Add the virtio_blk_handle_read event so it's easy to trace virtio-blk requests for both read and write operations. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-01-26arm: SoC model for Calxeda HighbankRob Herring
Adds support for Calxeda's Highbank SoC. Signed-off-by: Rob Herring <rob.herring@calxeda.com> Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-01-26arm_boot: support board IDs more than 16 bits widePeter Maydell
Support passing a board ID value to the kernel in r1 that is more than 16 bits wide. This is needed to pass the '-1 == invalid' value for boards which only support device tree booting. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
2012-01-26arm: add secondary cpu boot callbacks to arm_boot.cMark Langsdorf
Create two functions, write_secondary_boot() and secondary_cpu_reset_hook(), to allow platforms more control of how secondary CPUs are brought up. The new functions default to NULL and aren't called unless they are populated so there are no changes to existing platform models. Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-01-26ahci: add support for non-PCI based controllersRob Herring
Add support for ahci on sysbus. Signed-off-by: Rob Herring <rob.herring@calxeda.com> Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-01-26Add xgmac ethernet modelRob Herring
This adds very basic support for the xgmac ethernet core. Missing things include: - statistics counters - WoL support - rx checksum offload - chained descriptors (only linear descriptor ring) - broadcast and multicast handling Signed-off-by: Rob Herring <rob.herring@calxeda.com> Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-01-25vga: compile cirrus_vga in hwlibBlue Swirl
Remove target dependencies and compile Cirrus VGA in hwlib. Address masking can be removed since memory API handles that now. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-01-25memory: change dirty setting APIs to take a sizeBlue Swirl
Instead of each target knowing or guessing the guest page size, just pass the desired size of dirtied memory area. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-01-23Merge remote-tracking branch 'qemu-kvm/uq/master' into stagingAnthony Liguori
* qemu-kvm/uq/master: kvm: Activate in-kernel irqchip support kvm: x86: Add user space part for in-kernel IOAPIC kvm: x86: Add user space part for in-kernel i8259 kvm: x86: Add user space part for in-kernel APIC kvm: x86: Establish IRQ0 override control kvm: Introduce core services for in-kernel irqchip support memory: Introduce memory_region_init_reservation ioapic: Factor out base class for KVM reuse ioapic: Drop post-load irr initialization i8259: Factor out base class for KVM reuse i8259: Completely privatize PicState apic: Open-code timer save/restore apic: Factor out base class for KVM reuse apic: Introduce apic_report_irq_delivered apic: Inject external NMI events via LINT1 apic: Stop timer on reset kvm: Move kvmclock into hw/kvm folder msi: Generalize msix_supported to msi_supported hyper-v: initialize Hyper-V CPUID leaves. hyper-v: introduce Hyper-V support infrastructure. Conflicts: Makefile.target Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-23Merge remote-tracking branch 'afaerber/prep-up' into stagingAnthony Liguori
* afaerber/prep-up: prep: Use i82378 PCI->ISA bridge for 'prep' machine prep: Add i82378 PCI-to-ISA bridge emulation prep: Add i82374 DMA emulation MAINTAINERS: Add PCI host bridge files to PReP machine prep: qdev'ify Raven host bridge (SysBus) prep_pci: Update I/O to MemoryRegion ops prep_pci: Simplify I/O endianness prep: qdev'ify Raven host bridge (PCIDevice) prep: Use ISA m48t59 prep: Fix offset of BIOS MemoryRegion
2012-01-23e1000: bounds packet size against buffer sizeAnthony Liguori
Otherwise we can write beyond the buffer and corrupt memory. This is tracked as CVE-2012-0029. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-22sga: fix copypastaBlue Swirl
Fix the name of the init function. Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-01-22vga: make Cirrus ISA device optionalBlue Swirl
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-01-22vga: improve VGA logicBlue Swirl
Improve VGA selection logic, push check for device availabilty to vl.c. Create the devices at board level unconditionally. Remove now unused pci_try_create*() functions. Make PCI VGA devices optional. Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-01-21grackle_pci: Clean up qdev namesAndreas Färber
Rename SysBus device from 'grackle' to 'grackle-pcihost' to resolve a name conflict. Also mark both devices as no_user. Signed-off-by: Andreas Färber <afaerber@suse.de> Cc: Alexander Graf <agraf@suse.de> Cc: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-01-21PPC: Pseries: Check for PCI boundariesAlexander Graf
We call pci_host_config_{read,write}_common() which perform PCI config accesses. However they don't do all limit checking the way we expect it to. So let's introduce a small wrapper around them, making them behave the way we would without touching generic code. This patch is based on a patch by David Gibson which put this logic into the generic code. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-01-21pseries: SLOF PCI flag dayBenjamin Herrenschmidt
Currently on the pseries machine the SLOF firmware is used normally, but we bypass it when -kernel is specified. Having these two different boot paths can cause some confusion. In particular at present we need to "probe" the (emulated) PCI bus and produce device tree nodes for the PCI devices in qemu, for the -kernel case. In the SLOF case, it takes the device tree from qemu adds some stuff to it then passes it on to the kernel. It's been decided that a better approach is to always boot through SLOF, even when using -kernel. WIth this approach we can leave PCI probing and device node creation to SLOF in all cases which removes a bunch of code in qemu, and avoids iterating the PCI devices from the machine specific init code which we're not supposed to do. This patch changes qemu to always boot through SLOF, and not to create PCI nodes. Simultaneously it updates the included version of SLOF (submodule and binary image) to one which supports (and requires) the new approach. The new SLOF version also includes a number of unrelated enhancements: support for booting from virtio-pci devices and e1000, greatly improved FCode support and many bugfixes. It also makes SLOF ready to be used even when specifying a kernel on the qemu command line. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-01-21pseries: Use correct dispatcher for PCI config space accessesDavid Gibson
The pseries machine expects a para-virtualized guest and so supplies RTAS functions (via a hypercall) for performing PCI config space access. Currently the implementation of these calls into pci_default_{read,write}_config(). However this would be incorrect for any PCI device which overrides the default config read/write functions. AFAICT there's only one such device today, but we should still get it right. In addition the pci_host_config_{read,write}_common() functions which do correctly do this dispatch, perform bounds checking on the config space address, lack of which currently leads to an exploitable bug. This patch corrects the problem. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-01-21pseries: Support PCI extended config space in RTAS callsBenjamin Herrenschmidt
On the pseries machine (which expexts a paravirtualized guest), guest access to PCI config space is via host-provided RTAS functions. This patch extends these RTAS functions to permit access to PCI extended config space, as specified in PAPR. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-01-21Correct types in bmdma_addr_{read,write}David Gibson
Back when I made patches introducing dma_addr_t and various PCI DMA wrapper functions, I made a mistake. The bmdma_addr_{read,write} functions need to take target_phys_addr_t not dma_addr_t, since they are assigned to MemoryRegionOps callbacks. This patch corrects my error. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-01-21load_image_targphys() should enforce the max sizeBenjamin Herrenschmidt
load_image_targphys() gets passed a max size for the file, but doesn't enforce it at all. Add a check and return -1 (error) if the file is too big, without loading it. Fix the bracing style in the function while we're at it. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-01-21virtio: change memcpy to guest readsAlexander Graf
When accessing the device specific virtio config space, we memcpy the data into a variable in QEMU. At that point we're basically pulling host endianness into the game which is a really bad idea. So instead, let's use the target specific load/store helpers for memory pointers which fetch things in target endianness. The whole array is already populated in target endianness anyways (see virtio-blk). Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-21virtio-pci: Fix endianness of virtio configBenjamin Herrenschmidt
The virtio config area in PIO space is a bit special. The initial header is little endian but the rest (device specific) is guest native endian. The PIO accessors for PCI on machines that don't have native IO ports assume that all PIO is little endian, which works fine for everything except the above. A complicated way to fix it would be to split the BAR into two memory regions with different endianess settings, but this isn't practical to do, besides, the PIO code doesn't honor region endianness anyway (I have a patch for that too but it isn't necessary at this stage). So I decided to go for the quick fix instead which consists of reverting the swap in virtio-pci in selected places, hoping that when we eventually do a "v2" of the virtio protocols, we sort that out once and for all using a fixed endian setting for everything. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Alexander Graf <agraf@suse.de> [agraf: keep virtio in libhw and determine endianness through a helper function in exec.c] Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-21PPC: Bamboo: Integrate SoC instatiation, use qdev for PCIAlexander Graf
Now that we have the SoC init function in the same file, let's integrate it with the board initialization. While at it, also make use of the newly qdev'ified PCI host controller. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-01-21PPC: Bamboo: fold ppc440.c and ppc440_bamboo.c into a single fileAlexander Graf
The separation of ppc440 and ppc440_bamboo makes some sense, since ppc440 is the SoC while ppc440_bamboo is the actual board. But the separation makes things harder for us for no good reason, so let's just fold them in together with each other. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-01-21PPC: 4xx: Qdevify the 440 PCI host controllerAlexander Graf
Due to popular demand, this qdevifies the PCI host controller of 4xx SoCs the same way as e500. We have to introduce a small stub function for pci init that will be removed in a later patch, once we qdev'ified the board, to keep the build working. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-01-21PPC: bamboo: fix whitespaceAlexander Graf
Tabs followed by spaces are a no-go. My editor shows it red, distracting me from actual work! :) Signed-off-by: Alexander Graf <agraf@suse.de>
2012-01-21PPC: bamboo: remove old machine descriptionsAlexander Graf
Nobody needs to run bamboo in 0.12 compat mode. Remove the machine. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-01-21PPC: 440: Default to 440EP CPUAlexander Graf
Today we're exposing a Virtex 440 CPU to the guest despite the fact that we're telling the guest that we're running on a 440EP one in the device tree. So let's better default to a real 440EP to make things synced again. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-01-21PPC: 440: Ignore invalid PCI IRQsAlexander Graf
When running a 440 target, we currently get invalid irq_num values (-1) which completely confuse the IRQ setting code. This is most likely due to the missing qdev conversion. While this shouldn't happen in the first place and should really rather be fixed by converting the target, I dislike segfaults. So for now, let's just print a warning and ignore invalid irq_num values. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-01-21PPC: Bamboo: Set initial TLB entryAlexander Graf
Back in the day when the bamboo target got introduced, the initial TLB was dictated by KVM. TCG has been missing initial TLB values ever since, rendering the target unusable for TCG usage. This patch adds linear TLB maps the way Linux expects them, making the target work. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-01-21PPC: Bamboo: Register CPU resetAlexander Graf
To be able to support CPU reset, we need to put all register initialization and initial state into a CPU reset hook instead of a function that is only called once on bootup. This is a preparation step for the initial TLB setting code and brings bamboo more in line with what e500 and virtex already do. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-01-21PPC: 440EP: Initialize timerAlexander Graf
When using TCG with a BookE PowerPC core, we need to explicitly initialize the BookE timers with the correct frequencies. This was missing for 440EP, since that code came from KVM and was never used with TCG. Signed-off-by: Alexander Graf <agraf@suse.de>
2012-01-20prep: Use i82378 PCI->ISA bridge for 'prep' machineAndreas Färber
Speaker I/O, ISA bus, i8259 PIC, RTC and DMA are no longer set up individually by the machine. Effectively, no-op speaker I/O is replaced by pcspk; PIT and i82374 DMA are introduced. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Remove related dead, alternative code. Wire up PCI host bridge IRQs via GPIO-in IRQs of PCI->ISA bridge. Signed-off-by: Andreas Färber <andreas.faerber@web.de> Cc: Alexander Graf <agraf@suse.de> Cc: Jan Kiszka <jan.kiszka@siemens.com>
2012-01-20prep: Add i82378 PCI-to-ISA bridge emulationAndreas Färber
Prepare Intel 82378 emulation for use by PReP platforms. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Create ISA bus in this device (suggested by Markus). Rebase onto Memory API, mark memory ops as Little Endian. Add VMState. Provide access to i8259 IRQs via qdev GPIOs. Signed-off-by: Andreas Färber <andreas.faerber@web.de> Cc: Markus Armbruster <armbru@redhat.com> Cc: Alexander Graf <agraf@suse.de> Cc: Jan Kiszka <jan.kiszka@siemens.com>
2012-01-20prep: Add i82374 DMA emulationAndreas Färber
Prepare Intel 82374 emulation for use by Intel 82378 PCI->ISA bridge. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Confine to CONFIG_I82374. Add VMState. Signed-off-by: Andreas Färber <andreas.faerber@web.de> Reviewed-by: Alexander Graf <agraf@suse.de>
2012-01-20prep: qdev'ify Raven host bridge (SysBus)Andreas Färber
Drop pci_prep_init() in favor of extended device state. Inspired by patches from Hervé and Alex. Assign the 4 IRQs from the board after device instantiation. This moves the knowledge out of prep_pci and allows for future machines with different IRQ wiring (IBM 40P). Suggested by Alex. Signed-off-by: Andreas Färber <andreas.faerber@web.de> Reviewed-by: Alexander Graf <agraf@suse.de> Cc: Hervé Poussineau <hpoussin@reactos.org> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Anthony Liguori <aliguori@us.ibm.com>
2012-01-20prep_pci: Update I/O to MemoryRegion opsAndreas Färber
Convert to new-style read/write callbacks. Signed-off-by: Andreas Färber <andreas.faerber@web.de> Cc: Alexander Graf <agraf@suse.de> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Avi Kivity <avi@redhat.com> Cc: Benoît Canet <benoit.canet@gmail.com>
2012-01-20prep_pci: Simplify I/O endiannessAndreas Färber
The prep PowerPC CPU is Big Endian. An explicit byte swap therefore effectively becomes Little Endian. Remove explicit byte swaps and mark as Little Endian. Signed-off-by: Andreas Färber <andreas.faerber@web.de> Reviewed-by: Alexander Graf <agraf@suse.de> Cc: Michael S. Tsirkin <mst@redhat.com>
2012-01-20prep: qdev'ify Raven host bridge (PCIDevice)Andreas Färber
Move initialization of vendor ID, etc. to PCIDeviceInfo. Introduce VMState. Signed-off-by: Andreas Färber <andreas.faerber@web.de> Reviewed-by: Alexander Graf <agraf@suse.de> Cc: Hervé Poussineau <hpoussin@reactos.org> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Anthony Liguori <aliguori@us.ibm.com>
2012-01-20prep: Use ISA m48t59Andreas Färber
This simplifies the code later when the i8259 moves to the i82378 PCI->ISA bridge and happens to fix a SysBus m48t59 io_base issue introduced by commit 0fb56ffc5edd66f12ccfc0d71af5f9c79c0a2612 (m48t59: drop obsolete address base arithmetic). Suggested by Hervé and Jan. Signed-off-by: Andreas Färber <andreas.faerber@web.de> Cc: Hervé Poussineau <hpoussin@reactos.org> Cc: Jan Kiszka <jan.kiszka@siemens.com> Cc: Blue Swirl <blauwirbel@gmail.com>
2012-01-20prep: Fix offset of BIOS MemoryRegionAndreas Färber
Since 0c90c52fab5ea92d7f12b29bfe26a7cd75d9efcb (ppc_prep: convert to memory API) OHW was "Trying to execute code outside RAM or ROM at 0xfff00700". The BIOS MemoryRegion is created with a fixed size of 1 MiB. Ensure that the full size can be accessed since the exception vectors are located at 0xfff00000 and the BIOS may want to use them. It thereby no longer depends on the actual BIOS binary size. Signed-off-by: Andreas Färber <afaerber@suse.de> Cc: Avi Kivity <avi@redhat.com> Cc: Alexander Graf <agraf@suse.de>
2012-01-19Merge remote-tracking branch 'spice/spice.v47' into stagingAnthony Liguori
* spice/spice.v47: qxl: Slot sanity check in qxl_phys2virt() is off by one, fix
2012-01-19Merge remote-tracking branch 'stefanha/trivial-patches' into stagingAnthony Liguori
* stefanha/trivial-patches: Makefile: Remove generated headers on clean Makefile: Exclude tests/Makefile in unconfigured tree lm32: Fix mixup of uint32 and uint32_t tests: Silence gtester in Makefile qemu-tool: Fix mixup of int64 and int64_t