aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2012-07-09Merge remote-tracking branch 'mjt/mjt-iov2' into stagingAnthony Liguori
* mjt/mjt-iov2: rewrite iov_send_recv() and move it to iov.c cleanup qemu_co_sendv(), qemu_co_recvv() and friends export iov_send_recv() and use it in iov_send() and iov_recv() rename qemu_sendv to iov_send, change proto and move declarations to iov.h change qemu_iovec_to_buf() to match other to,from_buf functions consolidate qemu_iovec_copy() and qemu_iovec_concat() and make them consistent allow qemu_iovec_from_buffer() to specify offset from which to start copying consolidate qemu_iovec_memset{,_skip}() into single function and use existing iov_memset() rewrite iov_* functions change iov_* function prototypes to be more appropriate virtio-serial-bus: use correct lengths in control_out() message Conflicts: tests/Makefile Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-07-09Merge remote-tracking branch 'kwolf/for-anthony' into stagingAnthony Liguori
* kwolf/for-anthony: (24 commits) block: Factor bdrv_read_unthrottled() out of guess_disk_lchs() qtest: Tidy up temporary files properly fdc: Drop broken code for user-defined floppy geometry fdc_test: introduce test_sense_interrupt fdc_test: update media_change test fdc: fix interrupt handling fdc: rewrite seek and DSKCHG bit handling block: introduce bdrv_swap, implement bdrv_append on top of it block: copy over job and dirty bitmap fields in bdrv_append raw: hook into blkdebug blkdebug: optionally tie errors to a specific sector blkdebug: store list of active rules blkdebug: pass getlength to underlying file blkdebug: tiny cleanup blkdebug: remove sync i/o events sheepdog: traverse pending_list from the first for each time sheepdog: split outstanding list into inflight and pending sheepdog: make sure we don't free aiocb before sending all requests sheepdog: use coroutine based socket functions in coroutine context sheepdog: restart I/O when socket becomes ready in do_co_req() ...
2012-07-09Merge remote-tracking branch 'kraxel/usb.55' into stagingAnthony Liguori
* kraxel/usb.55: usb-host: add trace events for iso xfers usb: fix interface initialization usb: split endpoint init and reset usb-redir: Correctly handle the usb_redir_babble usbredir status ehci: Kick async schedule on wakeup in the non companion case usb-ehci: Fix an assert whenever isoc transfers are used ehci: don't flush cache on doorbell rings. ehci: fix td writeback ehci: fix ehci_qh_do_overlay
2012-07-09Merge remote-tracking branch 'bonzini/scsi-next' into stagingAnthony Liguori
* bonzini/scsi-next: scsi: Fix transfer length for READ POSITION commands. scsi: Add basic support for SCSI media changer commands. scsi: Ensure command and transfer lengths are set for all SCSI devices scsi: Fix LOAD_UNLOAD scsi: Fix data length == SCSI_SENSE_BUF_SIZE virtio-scsi: do not crash on adding buffers to the event queue megasas: LSI Megaraid SAS HBA emulation megasas: Add header file ISCSI: force use of sg for SMC and SSC devices ISCSI: Add SCSI passthrough via scsi-generic to libiscsi scsi-disk: implement READ DISC INFORMATION atapi: implement READ DISC INFORMATION scsi: add a qdev property for the disk's WWN scsi: simplify handling of the VPD page length field
2012-07-09fdc: Drop broken code for user-defined floppy geometryMarkus Armbruster
bdrv_get_floppy_geometry_hint() fails to store through its parameter drive when bs has a geometry hint. Makes fd_revalidate() assign random crap to drv->drive. Has been broken that way for ages. Harmless, because: * The only way to set a geometry hint is -drive if=none,cyls=... Since commit c219331e, probably unintentional. * The only use of drv->drive is as argument to another bdrv_get_floppy_geometry_hint(). Which doesn't use it, since the geometry hint is still there. Drop the broken code, ignore -drive parameter cyls, heads and secs for floppies even with if=none, just like before commit c219331e. Matches -help, which explains cyls, heads, secs as "hard disk physical geometry". Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09fdc: fix interrupt handlingPavel Hrdina
If you call the SENSE INTERRUPT STATUS command while there is no interrupt waiting you get as result unknown command. Fixed status0 register handling for read/write/format commands. Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09fdc: rewrite seek and DSKCHG bit handlingPavel Hrdina
This bit is cleared on every successful seek to a different track (cylinder). The seek is also called on revalidate or on read/write/format commands which also clear the DSKCHG bit. Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-09usb-host: add trace events for iso xfersGerd Hoffmann
Replace iso transfer fprintf's with trace points. Also rename existing tracepoints so they all match usb_host_iso_*. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09usb: fix interface initializationGerd Hoffmann
zero is a valid interface number, so don't use it when resetting the endpoints. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09usb: split endpoint init and resetGerd Hoffmann
Create a new usb_ep_reset() function to reset endpoint state, without re-initialiting the queues, so we don't unlink in-flight packets just because usb-host has to re-parse the descriptor tables. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09usb-redir: Correctly handle the usb_redir_babble usbredir statusHans de Goede
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09ehci: Kick async schedule on wakeup in the non companion caseHans de Goede
Commit 0f588df8b3688b00e77aabaa32e26ece5f19bd39, added code to ehci_wakeup to kick the async schedule on wakeup, but the else was positioned wrong making it trigger for devices which are routed to the companion rather then to the ehci controller itself. This patch fixes this. Note that the "programming style" with using the return at the end of the companion block matches how the companion case is handled in the other ports ops, and is done this way for consistency. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09usb-ehci: Fix an assert whenever isoc transfers are usedHans de Goede
hcd-ehci.c is missing an usb_packet_init() call for the ipacket UsbPacket it uses for isoc transfers, triggering an assert (taking the entire vm down) in usb_packet_setup as soon as any isoc transfers are done by a high speed USB device. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09ehci: don't flush cache on doorbell rings.Gerd Hoffmann
Commit 4be23939ab0d7019c7e59a37485b416fbbf0f073 makes ehci instantly zap any unlinked queue heads when the guest rings the doorbell. While hacking up uas support this turned out to be a problem. The linux kernel can unlink and instantly relink the very same queue head, thereby killing any async packets in flight. That alone isn't an issue yet, the packet will canceled and resubmitted and everything is fine. We'll run into trouble though in case the async packet is completed already, so we can't cancel it any more. The transaction is simply lost then. usb_ehci_qh_ptrs q (nil) - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000 usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0 usb_ehci_qh_ptrs q 0x7f95feba90a0 - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000 usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0 usb_ehci_qh_ptrs q 0x7f95fe515210 - QH @ 39c4f120: next 39c4f0c2 qtds 29dbce40,29dbc4e0,00000009 usb_ehci_qh_fields QH @ 39c4f120 - rl 4, mplen 512, eps 2, ep 1, dev 2 usb_ehci_packet_action q 0x7f95fe515210 p 0x7f95fdec32a0: alloc usb_packet_state_change bus 0, port 2, ep 1, packet 0x7f95fdec32e0, state undef -> setup usb_ehci_packet_action q 0x7f95fe515210 p 0x7f95fdec32a0: process usb_uas_command dev 2, tag 0x2, lun 0, lun64 00000000-00000000 scsi_req_parsed target 0 lun 0 tag 2 command 42 dir 2 length 16384 scsi_req_parsed_lba target 0 lun 0 tag 2 command 42 lba 5933312 scsi_req_alloc target 0 lun 0 tag 2 scsi_req_continue target 0 lun 0 tag 2 scsi_req_data target 0 lun 0 tag 2 len 16384 usb_uas_scsi_data dev 2, tag 0x2, bytes 16384 usb_uas_write_ready dev 2, tag 0x2 usb_packet_state_change bus 0, port 2, ep 1, packet 0x7f95fdec32e0, state setup -> complete usb_ehci_packet_action q 0x7f95fe515210 p 0x7f95fdec32a0: free usb_ehci_qh_ptrs q 0x7f95fdec3210 - QH @ 39c4f0c0: next 39c4f002 qtds 29dbce40,00000001,00000009 usb_ehci_qh_fields QH @ 39c4f0c0 - rl 4, mplen 512, eps 2, ep 2, dev 2 usb_ehci_queue_action q 0x7f95fe5152a0: free usb_packet_state_change bus 0, port 2, ep 2, packet 0x7f95feba9170, state async -> complete ^^^ async packets completes. usb_ehci_packet_action q 0x7f95fdec3210 p 0x7f95feba9130: wakeup usb_ehci_qh_ptrs q (nil) - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000 usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0 usb_ehci_qh_ptrs q 0x7f95feba90a0 - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000 usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0 usb_ehci_qh_ptrs q 0x7f95fe515210 - QH @ 39c4f120: next 39c4f002 qtds 29dbc4e0,29dbc8a0,00000009 usb_ehci_qh_fields QH @ 39c4f120 - rl 4, mplen 512, eps 2, ep 1, dev 2 usb_ehci_queue_action q 0x7f95fdec3210: free usb_ehci_packet_action q 0x7f95fdec3210 p 0x7f95feba9130: free ^^^ endpoint #2 queue head removed from schedule, doorbell makes ehci zap the queue, the (completed) usb packet is freed too and gets lost. usb_ehci_qh_ptrs q (nil) - QH @ 39c4f000: next 39c4f0c2 qtds 00000000,00000001,39c50000 usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0 usb_ehci_qh_ptrs q 0x7f95feba90a0 - QH @ 39c4f000: next 39c4f0c2 qtds 00000000,00000001,39c50000 usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0 usb_ehci_queue_action q 0x7f9600dff570: alloc usb_ehci_qh_ptrs q 0x7f9600dff570 - QH @ 39c4f0c0: next 39c4f122 qtds 29dbce40,00000001,00000009 usb_ehci_qh_fields QH @ 39c4f0c0 - rl 4, mplen 512, eps 2, ep 2, dev 2 usb_ehci_packet_action q 0x7f9600dff570 p 0x7f95feba9130: alloc usb_packet_state_change bus 0, port 2, ep 2, packet 0x7f95feba9170, state undef -> setup usb_ehci_packet_action q 0x7f9600dff570 p 0x7f95feba9130: process usb_packet_state_change bus 0, port 2, ep 2, packet 0x7f95feba9170, state setup -> async usb_ehci_packet_action q 0x7f9600dff570 p 0x7f95feba9130: async ^^^ linux kernel relinked the queue head, ehci creates a new usb packet, but we should have delivered the completed one instead. usb_ehci_qh_ptrs q 0x7f95fe515210 - QH @ 39c4f120: next 39c4f002 qtds 29dbc4e0,29dbc8a0,00000009 usb_ehci_qh_fields QH @ 39c4f120 - rl 4, mplen 512, eps 2, ep 1, dev 2 So instead of instantly zapping the queue we'll set a flag that the queue needs revalidation in case we'll see it again in the schedule. ehci then checks that the queue head fields addressing / describing the endpoint and the qtd pointer match the cached content before reusing it. Cc: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09ehci: fix td writebackGerd Hoffmann
Only write back the dwords the hc is supposed to update. Should not make a difference in theory as the guest must not touch the td while it is active to avoid races. But it is still more correct. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09ehci: fix ehci_qh_do_overlayGerd Hoffmann
Use ehci_flush_qh to make sure we touch inly the fields the hc is allowed to touch. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-04hw/cadence_gem: Make rx_desc_addr and tx_desc_addr uint32_tPeter Maydell
Make the state fields rx_desc_addr and tx_desc_addr uint32_t; this matches the VMStateDescription, and also conforms to how hardware works: the registers don't magically become larger if the device is attached to a CPU with a larger physical address size. It also fixes a compile failure if the target_phys_addr_t type is changed to 64 bits. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
2012-07-04i.MX31: KZM-ARM11-01 evaluation boardPeter Chubb
Board support for Kyoto Micro's KZM-ARM11-01, an evaluation board built around the Freescale i.MX31. Signed-off-by: Philip O'Sullivan <philipo@ok-labs.com> Signed-off-by: Peter Chubb <peter.chubb@nicta.com.au> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-07-04i.MX31: Interrupt ControllerPeter Chubb
Implement the Freescale i.MX31 advanced vectored interrupt controller, at least to the extent it is used by Linux 3.x Vectors are not implemented. Signed-off-by: Philip O'Sullivan <philipo@ok-labs.com> Signed-off-by: Peter Chubb <peter.chubb@nicta.com.au> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-07-04i.MX31: TimersPeter Chubb
Implement the timers on the Freescale i.MX31 SoC. This is not a complete implementation, but gives enough for Linux to boot and run. In particular external triggers, which are not useful under QEMU, are not implemented. Signed-off-by: Philip O'Sullivan <philipo@ok-labs.com> Signed-off-by: Peter Chubb <peter.chubb@nicta.com.au> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-07-04i.MX31: Clock Control ModulePeter Chubb
For Linux to be able to work out how fast its clocks are going, so that timer ticks come approximately at the right time, it needs to be able to query the clock control module (CCM). This is the start of a CCM implementation. It currently knows only about the MCU, HSP and IPG clocks --- i.e., the ones used to feed the periodic and general purpose timers. Signed-off-by: Peter Chubb <peter.chubb@nicta.com.au> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-07-04i.MX: UART supportPeter Chubb
Implement the Freescale i.MX UART. This uart is used in a variety of SoCs, including some by Motorola, as well as in the Freescale i.MX series. This patch gives only a `bare-bones' implementation, enough to run Linux or OKL4, but that's about it. Signed-off-by: Philip O'Sullivan <philipo@ok-labs.com> Signed-off-by: Peter Chubb <peter.chubb@nicta.com.au> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-07-04Exynos4: add RTC deviceOleg Ogurtsov
Signed-off-by: Oleg Ogurtsov <o.ogurtsov@samsung.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-07-04hw/exynos4210.c: Fix misleading initialization of IROM mirrorEvgeny Voevodin
We want to mirror whole IROM and should pass zero instead of EXYNOS4210_IROM_BASE_ADDR (though it equals to zero too) since memory_region_init_alias takes an offset within an original region as an argument. Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-07-04hw/exynos4210_pwm.c: Fix STOP status in tick handler.Evgeny Voevodin
START/STOP bit was not cleaned correctly. Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-07-04ARM: hw/exynos4210_mct.c: Fix a bug which hangs Linux kernel.Stanislav Vorobiov
After some long period of time Linux kernel hanged due to ptimer_get_count may return 0 before timer interrupt occurs, thus, causing FRC to jump back in time Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-07-02scsi: Fix transfer length for READ POSITION commands.Christian Hoff
The transfer length depends on the specific service action code, as defined in the SCSI stream commands spec section 7.7. Up to now only the extended form was supported. Signed-off-by: Christian Hoff <christian.hoff@de.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-07-02scsi: Add basic support for SCSI media changer commands.Christian Hoff
This adds basic support for SCSI media changer commands. Not all commands are supported as of now, but enough to cover basic functionality. Signed-off-by: Christian Hoff <christian.hoff@de.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-07-02scsi: Ensure command and transfer lengths are set for all SCSI devicesPaolo Bonzini
scsi-generic relies on those values to be correct, so it is important that those values are initialized properly for all device types. Reported-by: Christian Hoff <christian.hoff@de.ibm.com> Reported-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-07-02scsi: Fix LOAD_UNLOADChristian Hoff
Change operation code of LOAD_UNLOAD command to 0x1b as described in section 7.3 of the SCSI Stream Commands spec. Signed-off-by: Christian Hoff <christian.hoff@de.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-07-02scsi: Fix data length == SCSI_SENSE_BUF_SIZEChristian Hoff
Fix the edge case where the sense data length is exactly the same as SCSI_SENSE_BUF_SIZE. This makes SCSI requests work that use all of the available 95 byte sense data. Signed-off-by: Christian Hoff <christian.hoff@de.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-07-02virtio-scsi: do not crash on adding buffers to the event queuePaolo Bonzini
The event queue is not supported yet and the handler does not have to do much anyway when buffers are added. However, the handler is called unconditionally by the virtio layer, and this results in a crash as soon as buffers are added to the event queue because we pass NULL. Reported-by: Bryan Venteicher <bryanv@daemoninthecloset.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-07-02megasas: LSI Megaraid SAS HBA emulationHannes Reinecke
This patch adds an emulation for the LSI Megaraid SAS 8708EM2 HBA. I've tested it to work with Linux, Windows Vista, and Windows7. Signed-off-by: Hannes Reinecke <hare@suse.de> [ Squashed trivial changes from Andreas Faerber, rebased over IOMMU and QBus changes - Paolo ] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-07-02megasas: Add header fileHannes Reinecke
This patch adds the header file for megasas. Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-07-02ISCSI: Add SCSI passthrough via scsi-generic to libiscsiRonnie Sahlberg
Update iscsi to allow passthrough of SG_IO scsi commands when the iscsi device is forced to be scsi-generic. Implement both bdrv_ioctl() and bdrv_aio_ioctl() in the iscsi backend, emulate the SG_IO ioctl and pass the SCSI commands across to the iscsi target. This allows end-to-end passthrough of SCSI all the way from the guest, to qemu, via scsi-generic, then libiscsi all the way to the iscsi target. To activate this you need to specify that the iscsi lun should be treated as a scsi-generic device. Example: -device lsi -device scsi-generic,drive=MyISCSI \ -drive file=iscsi://10.1.1.125/iqn.ronnie.test/1,if=none,id=MyISCSI Note, you can currently not boot a qemu guest from a scsi device. Note, This only works when the host is linux, since the emulation relies on definitions of SG_IO from the scsi-generic implementation in the linux kernel. It should be fairly easy to re-implement some structures similar enough for non-linux hosts to do the same style of passthrough via a fake scsi generic layer and libiscsi if need be. Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-07-02scsi-disk: implement READ DISC INFORMATIONPaolo Bonzini
This command is not necessary for CD-ROM and DVD-ROM, but some versions of udev trip on its absence. Cc: Kevin Wolf <kwolf@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-07-02atapi: implement READ DISC INFORMATIONPaolo Bonzini
This command is not necessary for CD-ROM and DVD-ROM, but some versions of udev trip on its absence. Cc: Kevin Wolf <kwolf@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-07-02scsi: add a qdev property for the disk's WWNPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-07-02scsi: simplify handling of the VPD page length fieldPaolo Bonzini
The last four bytes of the thin provisioning page were cut out. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-06-27pseries: Implement IOMMU and DMA for PAPR PCI devicesDavid Gibson
Currently the pseries machine emulation does not support DMA for emulated PCI devices, because the PAPR spec always requires a (guest visible, paravirtualized) IOMMU which was not implemented. Now that we have infrastructure for IOMMU emulation, we can correct this and allow PCI DMA for pseries. With the existing PAPR IOMMU code used for VIO devices, this is almost trivial. We use a single DMAContext for each (virtual) PCI host bridge, which is the usual configuration on real PAPR machines (which often have _many_ PCI host bridges). Cc: Alex Graf <agraf@suse.de> Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-06-27iommu: Allow PCI to use IOMMU infrastructureDavid Gibson
This patch adds some hooks to let PCI devices and busses use the new IOMMU infrastructure. When IOMMU support is enabled, each PCI device now contains a DMAContext * which is used by the pci_dma_*() wrapper functions. By default, the contexts are initialized to NULL, assuming no IOMMU. However the platform or host bridge code which sets up the PCI bus can use pci_setup_iommu() to set a function which will determine the correct DMAContext for a given PCI device. Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-06-27pseries: Convert sPAPR TCEs to use generic IOMMU infrastructureDavid Gibson
The pseries platform already contains an IOMMU implementation, since it is essential for the platform's paravirtualized VIO devices. This IOMMU support is currently built into the implementation of the VIO "bus" and the various VIO devices. This patch converts this code to make use of the new common IOMMU infrastructure. We don't yet handle synchronization of map/unmap callbacks vs. invalidations, this will require some complex interaction with the kernel and is not a major concern at this stage. Cc: Alex Graf <agraf@suse.de> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-06-27iommu: Introduce IOMMU emulation infrastructureDavid Gibson
This patch adds the basic infrastructure necessary to emulate an IOMMU visible to the guest. The DMAContext structure is extended with information and a callback describing the translation, and the various DMA functions used by devices will now perform IOMMU translation using this callback. Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Signed-off-by: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-06-27usb: Convert usb_packet_{map, unmap} to universal DMA helpersDavid Gibson
The USB UHCI and EHCI drivers were converted some time ago to use the pci_dma_*() helper functions. However, this conversion was not complete because in some places both these drivers do DMA via the usb_packet_map() function in usb-libhw.c. That function directly used cpu_physical_memory_map(). Now that the sglist code uses DMA wrappers properly, we can convert the functions in usb-libhw.c, thus conpleting the conversion of UHCI and EHCI to use the DMA wrappers. Note that usb_packet_map() invokes dma_memory_map() with a NULL invalidate callback function. When IOMMU support is added, this will mean that usb_packet_map() and the corresponding usb_packet_unmap() must be called in close proximity without dropping the qemu device lock - otherwise the guest might invalidate IOMMU mappings while they are still in use by the device code. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-06-27ide/ahci: Use universal DMA helper functionsDavid Gibson
The AHCI device can provide both PCI and SysBus AHCI device emulations. For this reason, it wasn't previously converted to use the pci_dma_*() helper functions. Now that we have universal DMA helper functions, this converts AHCI to use them. The DMAContext is obtained from pci_dma_context() in the PCI case and set to NULL in the SysBus case (i.e. we assume for now that a SysBus AHCI has no IOMMU translation). Cc: Kevin Wolf <kwolf@redhat.com> Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-06-27iommu: Make sglists and dma_bdrv helpers use new universal DMA helpersDavid Gibson
dma-helpers.c contains a number of helper functions for doing scatter/gather DMA, and various block device related DMA. Currently, these directly access guest memory using cpu_physical_memory_*(), assuming no IOMMU translation. This patch updates this code to use the new universal DMA helper functions. qemu_sglist_init() now takes a DMAContext * to describe the DMA address space in which the scatter/gather will take place. We minimally update the callers qemu_sglist_init() to pass NULL (i.e. no translation, same as current behaviour). Some of those callers should pass something else in some cases to allow proper IOMMU translation in future, but that will be fixed in later patches. Cc: Kevin Wolf <kwolf@redhat.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-06-27usb-ohci: Use universal DMA helper functionsDavid Gibson
The OHCI device emulation can provide both PCI and SysBus OHCI implementations. Because of this, it was not previously converted to use the PCI DMA helper functions. This patch converts it to use the new universal DMA helper functions. In the PCI case, it obtains its DMAContext from pci_dma_context(), in the SysBus case, it uses NULL - i.e. assumes for now that there will be no IOMMU translation for a SysBus OHCI. Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-06-27iommu: Add universal DMA helper functionsDavid Gibson
Not that long ago, every device implementation using DMA directly accessed guest memory using cpu_physical_memory_*(). This meant that adding support for a guest visible IOMMU would require changing every one of these devices to go through IOMMU translation. Shortly before qemu 1.0, I made a start on fixing this by providing helper functions for PCI DMA. These are currently just stubs which call the direct access functions, but mean that an IOMMU can be implemented in one place, rather than for every PCI device. Clearly, this doesn't help for non PCI devices, which could also be IOMMU translated on some platforms. It is also problematic for the devices which have both PCI and non-PCI version (e.g. OHCI, AHCI) - we cannot use the the pci_dma_*() functions, because they assume the presence of a PCIDevice, but we don't want to have to check between pci_dma_*() and cpu_physical_memory_*() every time we do a DMA in the device code. This patch makes the first step on addressing both these problems, by introducing new (stub) dma helper functions which can be used for any DMA capable device. These dma functions take a DMAContext *, a new (currently empty) variable describing the DMA address space in which the operation is to take place. NULL indicates untranslated DMA directly into guest physical address space. The intention is that in future non-NULL values will given information about any necessary IOMMU translation. DMA using devices must obtain a DMAContext (or, potentially, contexts) from their bus or platform. For now this patch just converts the PCI wrappers to be implemented in terms of the universal wrappers, converting other drivers can take place over time. Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro> Cc: Richard Henderson <rth@twiddle.net> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-06-27Better support for dma_addr_t variablesDavid Gibson
A while back, we introduced the dma_addr_t type, which is supposed to be used for bus visible memory addresses. At present, this is an alias for target_phys_addr_t, but this will change when we eventually add support for guest visible IOMMUs. There are some instances of target_phys_addr_t in the code now which should really be dma_addr_t, but can't be trivially converted due to missing features which this patch corrects. * We add DMA_ADDR_BITS analagous to TARGET_PHYS_ADDR_BITS. This is important where we need to make a compile-time (#if) based on the size of dma_addr_t. * We add a new helper macro to create device properties which take a dma_addr_t, currently an alias to DEFINE_PROP_TADDR(). Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-06-27rtl8139: validate rx ring before receiving packetsJason Wang
Commit ff71f2e8cacefae99179993204172bc65e4303df prevent the possible crash during initialization of linux driver by checking the operating mode.This seems too strict as: - the real card could still work in mode other than normal - some buggy driver who does not set correct opmode after eeprom access So, considering rx ring address were reset to zero (which could be safely trated as an address not intened to DMA to), in order to both letting old guest work and preventing the unexpected DMA to guest, we can forbid packet receiving when rx ring address is zero. Tested-by: Avi Kivity <avi@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>