aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2015-09-23spapr_drc: don't allow 'empty' DRCs to be unisolated or allocatedMichael Roth
Logical resources start with allocation-state:UNUSABLE / isolation-state:ISOLATED. During hotplug, guests will transition them to allocation-state:USABLE, and then to isolation-state:UNISOLATED. For cases where we cannot transition to allocation-state:USABLE, in this case due to no device/resource being association with the logical DRC, we should return an error -3. For physical DRCs, we default to allocation-state:USABLE and stay there, so in this case we should report an error -3 when the guest attempts to make the isolation-state:ISOLATED transition for a DRC with no device associated. These are as documented in PAPR 2.7, 13.5.3.4. We also ensure allocation-state:USABLE when the guest attempts transition to isolation-state:UNISOLATED to deal with misbehaving guests attempting to bring online an unallocated logical resource. This is as documented in PAPR 2.7, 13.7. Currently we implement no such error logic. Fix this by handling these error cases as PAPR defines. Cc: Bharata B Rao <bharata@linux.vnet.ibm.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-09-23spapr_pci: fix device tree props for MSI/MSI-XMichael Roth
PAPR requires ibm,req#msi and ibm,req#msi-x to be present in the device node to define the number of msi/msi-x interrupts the device supports, respectively. Currently we have ibm,req#msi-x hardcoded to a non-sensical constant that happens to be 2, and are missing ibm,req#msi entirely. The result of that is that msi-x capable devices get limited to 2 msi-x interrupts (which can impact performance), and msi-only devices likely wouldn't work at all. Additionally, if devices expect a minimum that exceeds 2, the guest driver may fail to load entirely. SLOF still owns the generation of these properties at boot-time (although other device properties have since been offloaded to QEMU), but for hotplugged devices we rely on the values generated by QEMU and thus hit the limitations above. Fix this by generating these properties in QEMU as expected by guests. In the future it may make sense to modify SLOF to pass through these values directly as we do with other props since we're duplicating SLOF code. Cc: qemu-ppc@nongnu.org Cc: qemu-stable@nongnu.org Cc: David Gibson <david@gibson.dropbear.id.au> Cc: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-09-23spapr: Enable in-kernel H_SET_MODE handlingAlexey Kardashevskiy
For setting debug watchpoints, sPAPR guests use H_SET_MODE hypercall. The existing QEMU H_SET_MODE handler does not support this but the KVM handler in HV KVM does. However it is not enabled. This enables the in-kernel H_SET_MODE handler which handles: - Completed Instruction Address Breakpoint Register - Watch point 0 registers. The rest is still handled in QEMU. Reported-by: Anton Blanchard <anton@samba.org> Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-09-23pseries: Fix incorrect calculation of threads per socket for chip-idDavid Gibson
The device tree presented to pseries machine type guests includes an ibm,chip-id property which gives essentially the socket number of each vcpu core (individual vcpu threads don't get a node in the device tree). To calculate this, it uses a vcpus_per_socket variable computed as (smp_cpus / #sockets). This is correct for the usual case where smp_cpus == smp_threads * smp_cores * #sockets. However, you can start QEMU with the number of cores and threads mismatching the total number of vcpus (whether that _should_ be permitted is a topic for another day). It's a bit hard to say what the "real" number of vcpus per socket here is, but for most purposes (smp_threads * smp_cores) will more meaningfully match how QEMU behaves with respect to socket boundaries. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
2015-09-23pseries: define coldplugged devices as "configured"Laurent Vivier
When a device is hotplugged, attach() sets "configured" to false, waiting an action from the OS to configure it and then to call ibm,configure-connector. On ibm,configure-connector, the hypervisor sets "configured" to true. In case of coldplugged device, attach() sets "configured" to false, but firmware and OS never call the ibm,configure-connector in this case, so it remains set to false. It could be harmless, but when we unplug a device, hypervisor waits the device becomes configured because for it, a not configured device is a device being configured, so it waits the end of configuration to unplug it... and it never happens, so it is never unplugged. This patch set by default coldplugged device to "configured=true", hotplugged device to "configured=false". Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-09-23sPAPR: Introduce rtas_ldq()Gavin Shan
This introduces rtas_ldq() to load 64-bits parameter from continuous two 4-bytes memory chunk of RTAS parameter buffer, to simplify the code. Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-09-23spapr_rtas: Prevent QEMU crash during hotplug without a prior device_addBharata B Rao
If drmgr is used in the guest to hotplug a device before a device_add has been issued via the QEMU monitor, QEMU segfaults in configure_connector call. This occurs due to accessing of NULL FDT which otherwise would have been created and associated with the DRC during device_add command. Check for NULL FDT and return failure from configure_connector call. As per PAPR+, an error value of -9003 seems appropriate for this failure. Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Cc: Michael Roth <mdroth@linux.vnet.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-09-23ppc/spapr: Use qemu_log_mask() for hcall_dprintf()Thomas Huth
To see the output of the hcall_dprintf statements, you currently have to enable the DEBUG_SPAPR_HCALLS macro in include/hw/ppc/spapr.h. This is ugly because a) not every user who wants to debug guest problems can or wants to recompile QEMU to be able to see such issues, and b) since this macro is disabled by default, the code in the hcall_dprintf() brackets tends to bitrot until somebody temporarily enables that macro again. Since the hcall_dprintf statements except one indicate guest problems, let's always use qemu_log_mask(LOG_GUEST_ERROR, ...) for this macro instead. One spot indicated an unimplemented host feature, so this is changed into qemu_log_mask(LOG_UNIMP, ...) instead. Now it's possible to see all those messages by simply adding the CLI parameter "-d guest_errors,unimp", without the need to re-compile the binary. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-09-23spapr_drc: Fix potential undefined behaviourDavid Gibson
The DRC_INDEX_ID_MASK macro does a left shift on ~0, which is a signed quantity, and therefore undefined behaviour according to the C spec. In particular this causes warnings from the clang sanitizer. This fixes it by calculating the same mask without using ~0 (I think the new method is a more common idiom for generating masks anyway). For good measure I also use 1ULL to force the expression's type to unsigned long long, which should be good for assigning to anything we're going to want to. Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
2015-09-23spapr: add dumpdtb supportAndrew Jones
dumpdtb (-machine dumpdtb=<file>) allows one to inspect the generated device tree of machine types that generate device trees. This is useful for a) seeing what's there b) debugging/testing device tree generator patches. It can be used as follows $QEMU_CMDLINE -machine dumpdtb=dtb dtc -I dtb -O dts dtb Signed-off-by: Andrew Jones <drjones@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-09-23spapr: SPLPAR CharacteristicsSam Bobroff
Improve the SPLPAR Characteristics information: Add MaxPlatProcs: set to max_cpus, the maximum CPUs that could be addded to the system. Add DesMem: set to the initial memory of the system. Add DesProcs: set to smp_cpus, the inital number of CPUs in the system. These tokens and values are specified by PAPR. Signed-off-by: Sam Bobroff <sam.bobroff@au1.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-09-23spapr: Make ibm, change-msi respect 3 return valuesSam Bobroff
Currently, rtas_ibm_change_msi() always returns four values even if less are specified. Correct this by only returning the fourth parameter if it was requested. This is specified by PAPR. Signed-off-by: Sam Bobroff <sam.bobroff@au1.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-09-23spapr: Add /rtas/ibm,change-msix-capableSam Bobroff
QEMU is MSI-X capable and makes it available via ibm,change-msi, so we should indicate this by adding /rtas/ibm,change-msix-capable to the device tree. This is specificed by PAPR. Signed-off-by: Sam Bobroff <sam.bobroff@au1.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-09-23spapr: Add /ibm,partition-nameSam Bobroff
QEMU has a notion of the guest name, so if it's present we might as well put that into the device tree as /ibm,partition-name. This is specificed by PAPR. Signed-off-by: Sam Bobroff <sam.bobroff@au1.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-09-23spapr: Create pseries-2.5 machineDavid Gibson
Add pseries-2.5 machine version. Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com> [Altered to merge before memory hotplug -- dwg] [Altered to work with b9f072d01 -- dwg] Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-09-23spapr: Provide an error message when migration fails due to htab_shift mismatchBharata B Rao
Include an error message when migration fails due to mismatch in htab_shift values at source and target. This should provide a bit more verbose message in addition to the current migration failure message that reads like: qemu-system-ppc64: error while loading state for instance 0x0 of device 'spapr/htab' After this patch, the failure message will look like this: qemu-system-ppc64: htab_shift mismatch: source 29 target 24 qemu-system-ppc64: error while loading state for instance 0x0 of device 'spapr/htab' Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-09-20PPC: e500 pci host: Fix ATMUs register readsRudolf Marek
There is a bug in the register mask when reading the ATMUs registers. As the result some registers cannot be read, and read is aliased to the other registers. Fix it. Signed-off-by: Rudolf Marek <rudolf.marek@sysgo.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-09-20mac_dbdma: always clear FLUSH bit once DBDMA channel flush is completeMark Cave-Ayland
The code to flush the DBDMA channel was effectively duplicated in dbdma_control_write(), except for the fact that the copy executed outside of a RUN bit transition was broken by not clearing the FLUSH bit once the flush was complete. Newer PPC Linux kernels would timeout waiting for the FLUSH bit to clear again after submitting a FLUSH command. Fix this by always clearing the FLUSH bit once the channel flush is complete and removing the repeated code. Reported-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-09-20kvm_ppc: remove kvmppc_timer_hackPaolo Bonzini
QEMU does have an I/O thread now, that can be interrupted at any time because the VCPU thread runs outside the iothread mutex. Therefore, the kvmppc_timer_hack is obsolete. Remove it. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-09-19Revert use of DEFINE_MACHINE() for registrations of multiple machinesAndreas Färber
The script used for converting from QEMUMachine had used one DEFINE_MACHINE() per machine registered. In cases where multiple machines are registered from one source file, avoid the excessive generation of module init functions by reverting this unrolling. Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-09-19Use DEFINE_MACHINE() to register all machinesEduardo Habkost
Convert all machines to use DEFINE_MACHINE() instead of QEMUMachine automatically using a script. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> [AF: Style cleanups, convert imx25_pdk machine] Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-09-19mac_world: Break long lineEduardo Habkost
Coding style change only. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-09-19exynos4: Declare each QEMUMachine as a separate variableEduardo Habkost
This will make the code follow the same pattern used for other machines, and will make it easier to automatically convert the code to be QOM-based. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-09-19exynos4: Use MachineClass instead of exynos4_machines arrayEduardo Habkost
We don't need a QEMUMachine array to query max_cpus, if we can get the corresponding MachineClass. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-09-19exynos4: Use EXYNOS4210_NCPUS instead of max_cpus on error messageEduardo Habkost
The code is checking smp_cpus against EXYNOS4210_NCPUS, not against max_cpus, so use EXYNOS4210_NCPUS in the error message for consistency. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-09-19machine: Set MachineClass::name automaticallyEduardo Habkost
Now all TYPE_MACHINE subclasses use MACHINE_TYPE_NAME to generate the class name. So instead of requiring each subclass to set MachineClass::name manually, we can now set it automatically at the TYPE_MACHINE class_base_init() function. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com> [AF/ehabkost: Updated for s390-ccw machines] [AF: Cleanup of intermediate virt and vexpress name handling] Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-09-19machine: Ensure all TYPE_MACHINE subclasses have the right suffixEduardo Habkost
Now that all non-abstract TYPE_MACHINE subclasses have the -machine suffix, add an assert to ensure this will be always true. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-09-19mac99: Use MACHINE_TYPE_NAME to encode class nameEduardo Habkost
It will result in exactly the same class name, but it will make the code consistent with the other classes. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-09-19s390: Rename s390-ccw-virtio-2.4 class name to use MACHINE_TYPE_NAMEEduardo Habkost
Machine class names should use the "-machine" suffix to allow class-name-based machine class lookup to work. Rename the s390-ccw-virtio-2.4 machine class using the MACHINE_TYPE_NAME macro. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> [AF/ehabkost: Updated for 2.5 machine] Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-09-19s390-virtio: Rename machine class name to use MACHINE_TYPE_NAMEEduardo Habkost
Machine class names should use the "-machine" suffix to allow class-name-based machine class lookup to work. Rename the s390-virtio machine class using the MACHINE_TYPE_NAME macro. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-09-19pseries: Rename machine class names to use MACHINE_TYPE_NAMEEduardo Habkost
Machine class names should use the "-machine" suffix to allow class-name-based machine class lookup to work. Rename the the pseries machine classes using the MACHINE_TYPE_NAME macro. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-09-19arm: Rename virt machine class to use MACHINE_TYPE_NAMEEduardo Habkost
Machine class names should use the "-machine" suffix to allow class-name-based machine class lookup to work. Rename the arm virt machine class using the MACHINE_TYPE_NAME macro. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-09-19vexpress: Rename machine classes to use MACHINE_TYPE_NAMEEduardo Habkost
Machine class names should use the "-machine" suffix to allow class-name-based machine class lookup to work. Rename the vexpress machine classes using the MACHINE_TYPE_NAME macro. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> [AF: Introduce VEXPRESS_*_MACHINE_NAME] Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-09-19vexpress: Don't set name on abstract classEduardo Habkost
The MachineClass::name field won't be ever be used on TYPE_VEXPRESS, as it is an abstract class and the machine class lookup code explicitly skips abstract classes. We can remove it to make the code simpler. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-09-19qdev: Do not use slow [*] expansion for GPIO creationPavel Fedin
Expansion of [*] suffix is very slow because index expansion is done using trial and error strategy, starting every time from zero and retrying with the next index until insertion succeeds. With large number of already added properties this process takes huge amount of time (O(n^2) complexity). Some architectures (like ARM) use very large amount of IRQ pins in interrupt controller models. This flaw makes machine startup extremely slow (~20 seconds for ARM64 with 32 CPUs). This patch decreases this time down to ~10 seconds. Also in qdev_init_gpio_out_named() memset() is now called only once for the whole array instead of per-cell cleaning Signed-off-by: Pavel Fedin <p.fedin@samsung.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-09-18Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into stagingPeter Maydell
# gpg: Signature made Fri 18 Sep 2015 15:59:02 BST using RSA key ID AAFC390E # gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>" * remotes/jnsnow/tags/ide-pull-request: ahci: clean up initial d2h semantics ahci: remove cmd_fis argument from write_fis_d2h ahci: fix signature generation ahci: remove dead reset code atapi: abort transfers with 0 byte limits ide: fix ATAPI command permissions ide-test: add cdrom dma test ide-test: add cdrom pio test qtest/ahci: export generate_pattern qtest/ahci: use generate_pattern everywhere ide: unify io_buffer_offset increments Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-18ahci: clean up initial d2h semanticsJohn Snow
with write_fis_d2h and signature generation tidied up, let's adjust the initial d2h semantics to make more sense. The initial d2h is considered delivered if there is guest memory to save it to. Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1441140641-17631-5-git-send-email-jsnow@redhat.com
2015-09-18ahci: remove cmd_fis argument from write_fis_d2hJohn Snow
It's no longer used. We used to generate a D2H FIS based upon the command FIS that prompted the update, but in reality, the D2H FIS is generated purely from register state. cmd_fis is vestigial, so get rid of it. Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1441140641-17631-4-git-send-email-jsnow@redhat.com
2015-09-18ahci: fix signature generationJohn Snow
The initial register device-to-host FIS no longer needs to specially set certain fields, as these can be handled generically by setting those fields explicitly with the signatures we want at port reset time. (1) Signatures are decomposed into their four component registers and set upon (AHCI) port reset. (2) the signature cache register is no longer set manually per-each device type, but instead just once during ahci_init_d2h. Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1441140641-17631-3-git-send-email-jsnow@redhat.com
2015-09-18ahci: remove dead reset codeJohn Snow
This check is dead due to an earlier conditional. AHCI does not currently support hotplugging, so checks to see if devices are present or not are useless. Remove it. Reported-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1441140641-17631-2-git-send-email-jsnow@redhat.com
2015-09-18atapi: abort transfers with 0 byte limitsJohn Snow
We're supposed to abort on transfers like this, unless we fill Word 125 of our IDENTIFY data with a default transfer size, which we don't currently do. This is an ATA error, not a SCSI/ATAPI one. See ATA8-ACS3 sections 7.17.6.49 or 7.21.5. If we don't do this, QEMU will loop forever trying to transfer zero bytes, which isn't particularly useful. Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-id: 1442253685-23349-2-git-send-email-jsnow@redhat.com
2015-09-18ide: fix ATAPI command permissionsJohn Snow
We're a little too lenient with what we'll let an ATAPI drive handle. Clamp down on the IDE command execution table to remove CD_OK permissions from commands that are not and have never been ATAPI commands. For ATAPI command validity, please see: - ATA4 Section 6.5 ("PACKET Command feature set") - ATA8/ACS Section 4.3 ("The PACKET feature set") - ACS3 Section 4.3 ("The PACKET feature set") ACS3 has a historical command validity table in Table B.4 ("Historical Command Assignments") that can be referenced to find when a command was introduced, deprecated, obsoleted, etc. The only reference for ATAPI command validity is by checking that version's PACKET feature set section. ATAPI was introduced by T13 into ATA4, all commands retired prior to ATA4 therefore are assumed to have never been ATAPI commands. Mandatory commands, as listed in ATA8-ACS3, are: - DEVICE RESET - EXECUTE DEVICE DIAGNOSTIC - IDENTIFY DEVICE - IDENTIFY PACKET DEVICE - NOP - PACKET - READ SECTOR(S) - SET FEATURES Optional commands as listed in ATA8-ACS3, are: - FLUSH CACHE - READ LOG DMA EXT - READ LOG EXT - WRITE LOG DMA EXT - WRITE LOG EXT All other commands are illegal to send to an ATAPI device and should be rejected by the device. CD_OK removal justifications: 0x06 WIN_DSM Defined in ACS2. Not valid for ATAPI. 0x21 WIN_READ_ONCE Retired in ATA5. Not ATAPI in ATA4. 0x94 WIN_STANDBYNOW2 Retired in ATA4. Did not coexist with ATAPI. 0x95 WIN_IDLEIMMEDIATE2 Retired in ATA4. Did not coexist with ATAPI. 0x96 WIN_STANDBY2 Retired in ATA4. Did not coexist with ATAPI. 0x97 WIN_SETIDLE2 Retired in ATA4. Did not coexist with ATAPI. 0x98 WIN_CHECKPOWERMODE2 Retired in ATA4. Did not coexist with ATAPI. 0x99 WIN_SLEEPNOW2 Retired in ATA4. Did not coexist with ATAPI. 0xE0 WIN_STANDBYNOW1 Not part of ATAPI in ATA4, ACS or ACS3. 0xE1 WIN_IDLEIMMDIATE Not part of ATAPI in ATA4, ACS or ACS3. 0xE2 WIN_STANDBY Not part of ATAPI in ATA4, ACS or ACS3. 0xE3 WIN_SETIDLE1 Not part of ATAPI in ATA4, ACS or ACS3. 0xE4 WIN_CHECKPOWERMODE1 Not part of ATAPI in ATA4, ACS or ACS3. 0xE5 WIN_SLEEPNOW1 Not part of ATAPI in ATA4, ACS or ACS3. 0xF8 WIN_READ_NATIVE_MAX Obsoleted in ACS3. Not ATAPI in ATA4 or ACS. This patch fixes a divide by zero fault that can be caused by sending the WIN_READ_NATIVE_MAX command to an ATAPI drive, which causes it to attempt to use zeroed CHS values to perform sector arithmetic. Reported-by: Qinghao Tang <luodalongde@gmail.com> Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-id: 1441816082-21031-1-git-send-email-jsnow@redhat.com CC: qemu-stable@nongnu.org
2015-09-18Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2015-09-18' ↵Peter Maydell
into staging Error reporting patches # gpg: Signature made Fri 18 Sep 2015 13:42:49 BST using RSA key ID EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" * remotes/armbru/tags/pull-error-2015-09-18: memory: Fix bad error handling in memory_region_init_ram_ptr() loader: Fix memory_region_init_resizeable_ram() error handling Fix bad error handling after memory_region_init_ram() error: New error_fatal MAINTAINERS: Add "Error reporting" entry error: Copy location information in error_copy() hmp: Allow for error message hints on HMP error: only prepend timestamp on stderr Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-18loader: Fix memory_region_init_resizeable_ram() error handlingMarkus Armbruster
Commit ef701d7 screwed up handling of out-of-memory conditions. Before the commit, we report the error and exit(1), in one place. The commit lifts the error handling up the call chain some, to three places. Fine. Except it uses &error_abort in these places, changing the behavior from exit(1) to abort(), and thus undoing the work of commit 3922825 "exec: Don't abort when we can't allocate guest memory". The previous commit fixed up uses of memory_region_init_ram(). One of them was replaced by memory_region_init_resizeable_ram() [sic!] in commit a166614, so Coccinelle missed it. Fix it up. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1441983105-26376-4-git-send-email-armbru@redhat.com> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
2015-09-18Fix bad error handling after memory_region_init_ram()Markus Armbruster
Symptom: $ qemu-system-x86_64 -m 10000000 Unexpected error in ram_block_add() at /work/armbru/qemu/exec.c:1456: upstream-qemu: cannot set up guest memory 'pc.ram': Cannot allocate memory Aborted (core dumped) Root cause: commit ef701d7 screwed up handling of out-of-memory conditions. Before the commit, we report the error and exit(1), in one place, ram_block_add(). The commit lifts the error handling up the call chain some, to three places. Fine. Except it uses &error_abort in these places, changing the behavior from exit(1) to abort(), and thus undoing the work of commit 3922825 "exec: Don't abort when we can't allocate guest memory". The three places are: * memory_region_init_ram() Commit 4994653 (right after commit ef701d7) lifted the error handling further, through memory_region_init_ram(), multiplying the incorrect use of &error_abort. Later on, imitation of existing (bad) code may have created more. * memory_region_init_ram_ptr() The &error_abort is still there. * memory_region_init_rom_device() Doesn't need fixing, because commit 33e0eb5 (soon after commit ef701d7) lifted the error handling further, and in the process changed it from &error_abort to passing it up the call chain. Correct, because the callers are realize() methods. Fix the error handling after memory_region_init_ram() with a Coccinelle semantic patch: @r@ expression mr, owner, name, size, err; position p; @@ memory_region_init_ram(mr, owner, name, size, ( - &error_abort + &error_fatal | err@p ) ); @script:python@ p << r.p; @@ print "%s:%s:%s" % (p[0].file, p[0].line, p[0].column) When the last argument is &error_abort, it gets replaced by &error_fatal. This is the fix. If the last argument is anything else, its position is reported. This lets us check the fix is complete. Four positions get reported: * ram_backend_memory_alloc() Error is passed up the call chain, ultimately through user_creatable_complete(). As far as I can tell, it's callers all handle the error sanely. * fsl_imx25_realize(), fsl_imx31_realize(), dp8393x_realize() DeviceClass.realize() methods, errors handled sanely further up the call chain. We're good. Test case again behaves: $ qemu-system-x86_64 -m 10000000 qemu-system-x86_64: cannot set up guest memory 'pc.ram': Cannot allocate memory [Exit 1 ] The next commits will repair the rest of commit ef701d7's damage. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1441983105-26376-3-git-send-email-armbru@redhat.com> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
2015-09-18target-mips: fix corner case in TLBWR causing QEMU to hangLeon Alrae
cpu_mips_get_random() function is used to generate a random index from CP0.Wired to TLBSize-1 range. Current implementation avoids generating the same as before value, hence the while loop. If the guest sets CP0.Wired to TLBSize-1 (which actually does not sound to be very practical) QEMU will get stuck in the loop infinitely as we always generate the same index. Signed-off-by: Leon Alrae <leon.alrae@imgtec.com> Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
2015-09-18pic32: use LCG algorithm for generated random index of TLBWR instructionSerge Vakulenko
The LFSR algorithm, used for generating random TLB indexes for TLBWR instruction, was inclined to produce a degenerate sequence in some cases. For example, for 16-entry TLB size and Wired=1, it gives: 15, 6, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2, 7, 2... When replaced with LCG algorithm from ISO/IEC 9899 standard, the sequence looks much better, with about the same computational effort needed. Signed-off-by: Serge Vakulenko <serge.vakulenko@gmail.com> Reviewed-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Leon Alrae <leon.alrae@imgtec.com> Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2015-09-17ide: unify io_buffer_offset incrementsJohn Snow
IDEState's io_buffer_offset was originally added to keep track of offsets in AHCI rather exclusively, but it was added to IDEState instead of an AHCI-specific structure. AHCI fakes all PIO transfers using DMA and a scatter-gather list. When the core or atapi layers invoke HBA-specific mechanisms for transfers, they do not always know that it is being backed by DMA or a sglist, so this offset is not always updated by the HBA code everywhere. If we modify it in dma_buf_commit, however, any HBA that needs to use this offset to manage operating on only part of a sglist will have access to it. This will fix ATAPI PIO transfers performed through the AHCI HBA, which were previously not modifying this value appropriately. This will fix ATAPI PIO transfers larger than one sector. Reported-by: Hannes Reinecke <hare@suse.de> Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Message-id: 1440546331-29087-2-git-send-email-jsnow@redhat.com CC: qemu-stable@nongnu.org
2015-09-17Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into ↵Peter Maydell
staging # gpg: Signature made Thu 17 Sep 2015 12:43:56 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/net-pull-request: net: smc91c111: flush packets on RCR register changes net: smc91c111: gate can_receive() on rx FIFO having a slot net: smc91c111: guard flush_queued_packets() on can_rx() MAINTAINERS: Stefan will not maintain net subsystem Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-17net: smc91c111: flush packets on RCR register changesPeter Crosthwaite
The SOFT_RST or RXEN in the control register can be used as a condition to unblock the net layer via can_receive(). So check for possible flushes on RCR changes. This will drop all pending packets on soft reset or disable which is the functional intent of the can_receive() logic. Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Reviewed-by: Fam Zheng <famz@redhat.com> Tested-by: Richard Purdie <richard.purdie@linuxfoundation.org> Message-id: b114d4c96f4afbdaa15f1361d9c07e3021755915.1441873621.git.crosthwaite.peter@gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>