aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2012-05-07scsi: do not report bogus overruns for commands in the 0x00-0x1F rangePaolo Bonzini
Interpreting cdb[4] == 0 as a request to transfer 256 blocks is only needed for READ_6 and WRITE_6. No other command in that range needs that special-casing, and the resulting overrun breaks scsi-testsuite's attempt to use command 2 as a known-invalid command. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-07scsi-disk: add dpofua propertyPaolo Bonzini
Linux expects REQ_FUA to be advertised only if WRITE+FUA is faster than WRITE+SYNCHRONIZE CACHE, so we should not set the DPOFUA bit. However, it is useful to have it for testing purposes, so add a qdev property to set it. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-07scsi: change "removable" field to host many featuresPaolo Bonzini
It is pointless to add a uint32_t field for every new feature. Since we will need a new feature soon, convert accesses to "removable" to look at bit 0 only. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-04scsi: Specify the xfer direction for UNMAP and ATA_PASSTHROUGH commandsRonnie Sahlberg
scsi_cmd_xfer_mode() is used to specify the xfer direction for SCSI commands that come in from the guest. If the direction is set incorrectly this will eventually cause QEMU to kernel-panic the guest. Add UNMAP and ATAPASSTHROUGH as commands that send data to the device. Without this change, recent kernels will send both UNMAP as well as ATAPASSTHROUGH commands to any /dev/sg* device, which due to the incorrect xfer direction very quickly causes the guest kernel to crash. Example causing a crash without the patch applied: ./x86_64-softmmu/qemu-system-x86_64 -m 1024 -enable-kvm -cdrom linuxmint-12-gnome-dvd-64bit.iso -drive file=/dev/sg4,if=scsi,bus=0,unit=6 Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-04scsi: fix WRITE SAME transfer length and directionPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-04scsi: fix refcounting for readsPaolo Bonzini
Recently introduced FUA support also gave us a use-after-free of the BlockAcctCookie within a SCSIDiskReq, due to unbalanced reference counting. The patch fixes this by making scsi_do_read look like a combination of scsi_*_complete + scsi_*_data. It does both a ref (like scsi_read_data) and an unref (like scsi_flush_complete). Reported-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-04scsi: prevent data transfer overflowPaolo Bonzini
Avoid sending more than 2GB of data, as that can cause overflows in int32_t variables. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-05-02ATA: Allow WIN_SECURITY_FREEZE_LOCK as nopAlexander Graf
When using Windows 8 with an AHCI disk drive, it issues a blue screen. The reason is that WIN_SECURITY_FREEZE_LOCK / CFA_WEAR_LEVEL is not supported by our ATA implementation, but Windows expects it to be there. Since without security stuff implemented, the lock would be a nop anyway and CFA_WEAR_LEVEL already is treated as a nop, let's just allow the cmd for HD drives as well. That way Windows is happy. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-05-01Merge remote-tracking branch 'agraf/s390-for-upstream' into stagingAnthony Liguori
* agraf/s390-for-upstream: s390: reset avail and used index on reboot S390: dont call system_shutdown on disabled wait S390: remove default cdrom, sd-card and floppy support S390: support reboot for kvm on s390 S390: reboot: reset device pages on reboot S390: fix error handling on kernel and initrd failures S390: fix kernel_commandline handling
2012-05-01ppce500_spin: Replace assert by hw_error (fixes compiler warning)Stefan Weil
The default case in function spin_read should never be reached, therefore the old code used assert(0) to abort QEMU. This does not work when QEMU is compiled with macro NDEBUG defined. In this case (and also when the compiler does not know that assert never returns), there is a compiler warning because of the missing return value. Using hw_error allows an improved error message and aborts always. Signed-off-by: Stefan Weil <sw@weilnetz.de> [agraf: use __func__] Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01pseries: Fix use of global CPU statePeter Portante
Commit ed120055c7f9b26b5707d3ceabbe5a3f06aaf937 (Implement PAPR VPA functions for pSeries shared processor partitions) introduced the deregister_dtl() function and typo "emv" as name of its argument. This went unnoticed because the code in that function can access the global variable "env" so that no build failure resulted. Fix the argument to read "env". Resolves LP#986241. Signed-off-by: Peter Portante <peter.portante@redhat.com> Acked-by: Andreas Färber <afaerber@suse.de> [agraf: fixed typo in commit message] Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01pseries: Use the same interrupt swizzling for host bridges as p2p bridgesDavid Gibson
Currently the pseries PCI code uses a somewhat strange scheme of PCI irq allocation - one per slot up to a maximum that's greater than the usual 4. This scheme more or less worked, because we were able to tell the guest the irq mapping in the device tree, however it's a bit odd and may break assumptions in the future. Worse, the array used to construct the dev tree interrupt map was mis-sized, we got away with it only because it happened that our SPAPR_PCI_NUM_LSI value was greater than 7. This patch changes the pseries PCI code to use the same interrupt swizzling scheme as is standardized for PCI to PCI bridges. This makes for better consistency, deals better with any devices which use multiple interrupt pins and will make life easier in the future when we add passthrough of what may be either a host bridge or a PCI to PCI bridge. This won't break existing guests, because they don't assume a particular mapping scheme for host bridges, but just follow what we tell them in the device tree (also updated to match, of course). This patch also fixes the allocation of the irq map. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01pseries: Implement automatic PAPR VIO address allocationDavid Gibson
PAPR virtual IO (VIO) devices require a unique, but otherwise arbitrary, "address" used as a token to the hypercalls which manipulate them. Currently the pseries machine code does an ok job of allocating these addresses when the legacy -net nic / -serial and so forth options are used but will fail to allocate them properly when using -device. Specifically, you can use -device if all addresses are explicitly assigned. Without explicit assignment, only one VIO device of each type (network, console, SCSI) will be assigned properly, any further ones will attempt to take the same address leading to a fatal error. This patch fixes the situation by adding a proper address allocator to the VIO "bus" code. This is used both by -device and the legacy options and default devices. Addresses can still be explicitly assigned with -device options if desired. This patch changes the (guest visible) numbering of VIO devices, but since their addresses are discovered using the device tree and already differ from the numbering found on existing PowerVM systems, this does not break compatibility. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01booke:Use MMU API for creating initial mapping for secondary cpusBharat Bhushan
Initial Mapping creation for secondary CPU in SMP was missing new MMU API. Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01s390: reset avail and used index on rebootJens Freimann
reset the guest vring avail/used idx fields, otherwise it's possible that old values remain in memory which would cause a reboot to fail with a "Guest moved used index" message Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01S390: remove default cdrom, sd-card and floppy supportEinar Lueck
This patch simply disables CDROM, SD card and floppy support for the s390 virtio machine. Without this patch, a default CDROM drive would get added which has currently no backing on s390. Signed-off-by: Einar Lueck <elelueck@de.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01S390: reboot: reset device pages on rebootJens Freimann
This patch fixes reboot on s390 by resetting the device page on reboot. Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01S390: fix error handling on kernel and initrd failuresChristian Borntraeger
If the user specifies a non-existing or non-accessable kernel or initrd qemu does not fail, instead it ipls into the system, which then falls into a program check loop due to the zeroed memory with no kernel. Lets add some sanity checks. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01S390: fix kernel_commandline handlingChristian Borntraeger
The current handling of kernel parameters is broken. The pointer is always valid, even if no -kernel or -append is specified. We must check if the kernel rom address is valid instead, otherwise qemu might segfault. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2012-05-01vga: Don't switch to 1 x 1 character text screenStefan Weil
Initially, vga_get_text_resolution returns a text resolution of 1 x 1 (vga register values are 0). This is visible during MIPS Malta boot with SDL. It also occurs with the i386 or x86_64 system emulation when it runs in single step mode: QEMU changes the size of the SDL window to the smallest possible value which is supported by the window manager. As this is not the calculated size, QEMU switches to scaled mode. When the BIOS or the VGA driver sets the normal text resolution, the window stays small and displays microscopic characters. Ignoring text resolutions of 1 x 1 or less avoids these problems. A similar workaround already exists for too large resolutions. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-04-30prep: Move int-ack register from PReP to Raven PCI emulationHervé Poussineau
Register is one byte-wide (as per specification), so there is no need to specify endianness. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> [AF: Limit access validity to size 1] Signed-off-by: Andreas Färber <andreas.faerber@web.de>
2012-04-28prep: Initialize PC speakerHervé Poussineau
Speaker init has been added in 506b7ddf889312659b36c667f7ae17bc9e909418, but audio subsystem init was missing. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Andreas Färber <andreas.faerber@web.de>
2012-04-28isa: Add isa_bus_from_device() methodHervé Poussineau
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Andreas Färber <andreas.faerber@web.de>
2012-04-28fdc: Parametrize ISA base, IRQ and DMAHervé Poussineau
Keep the PC values as defaults but allow to override them for PReP. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Andreas Färber <andreas.faerber@web.de> Reviewed-by: Markus Armbruster <armbru@redhat.com>
2012-04-28i82378/i82374: Do not create DMA controller twiceHervé Poussineau
This fixes a crash in PReP emulation when using DMA controller to access floppy drive. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Andreas Färber <andreas.faerber@web.de>
2012-04-28Merge branch 'target-arm.for-upstream' of ↵Blue Swirl
git://git.linaro.org/people/pmaydell/qemu-arm * 'target-arm.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm: target-arm: Make SETEND respect bswap_code (BE8) setting target-arm: Move A9 config_base_address reset value to ARMCPU target-arm: Change cpu_arm_init() return type to ARMCPU
2012-04-27target-arm: Move A9 config_base_address reset value to ARMCPUPeter Maydell
Move the A9 config_base_address cp15 register reset value to ARMCPU. This should become a QOM property so that the Highbank board can set it without having to pull in cpu-qom.h, but at least this avoids the implicit dependency on reset ordering that the previous workaround had. Cc: Mark Langsdorf <mark.langsdorf@calxeda.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-04-26Merge remote-tracking branch 'kraxel/usb.49' into stagingAnthony Liguori
* kraxel/usb.49: usb-uhci: update irq line on reset usb: add serial number generator usb-redir: Not finding an async urb id is not an error usb-redir: Reset device address and speed on disconnect usb-redir: An interface count of 0 is a valid value usb-xhci: fix bit test usb-xhci: Use PCI DMA helper functions usb-host: fix zero-length packets usb-host: don't dereference invalid iovecs usb-storage: fix request canceling usb-ehci: Ensure frindex writes leave a valid frindex value usb-ehci: add missing usb_packet_init() call usb-ehci: remove hack
2012-04-26Merge remote-tracking branch 'mst/tags/for_anthony' into stagingAnthony Liguori
* mst/tags/for_anthony: e1000: set E1000_ICR_INT_ASSERTED only for 8257x e1000: link auto-negotiation emulation e1000: introduce bit for debugging PHY emulation e1000: introduce helpers to manipulate link status e1000: PHY loopback mode support e1000: conditionally raise irq at the end of MDI cycle e1000: introduce bits of PHY control register eepro100: Fix multicast regression virtio: order index/descriptor reads virtio: add missing mb() on enable notification virtio: add missing mb() on notification e1000: move reset function earlier in file
2012-04-26Merge remote-tracking branch 'amit/master' into stagingAnthony Liguori
* amit/master: virtio-serial-bus: Unset guest_connected at reset and driver reset virtio-serial-bus: fix guest_connected init before driver init
2012-04-26pc-sysfw: make sure to call qdev_initAnthony Liguori
We're not actually calling qdev_init for the pc-sysfw device. Since we create the canonical path during realize, this was causing an assert to trigger when attempting to read a link pointing to pc-sysfw. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-04-26usb-uhci: update irq line on resetGerd Hoffmann
uhci_reset() clears irq mask and irq status registers, but doesn't update the irq line. Which may result in suspious IRQs after uhci reset. Fix it. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26usb: add serial number generatorGerd Hoffmann
This patch adds a function which creates unique serial numbers for usb devices and puts it into use. Windows guests tend to become unhappy if they find two identical usb devices in the system. Effects range from non-functional devices (with yellow exclamation mark in device manager) to BSODs. Handing out unique serial numbers to devices fixes this. With this patch applied almost all emulated devices get a generated, unique serial number. There are two exceptions: * usb-storage devices will prefer a user-specified serial number and will only get a generated number in case the serial property is unset. * usb-hid devices keep the fixed serial number "42" as it is used to signal "remote wakeup actually works". See commit 7b074a22dab4bdda9864b933f1bc811a3db42845 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26usb-redir: Not finding an async urb id is not an errorHans de Goede
We clear our pending async urb list on device disconnect and we may still receive "packet complete" packets from our peer after this, which will then refer to packet ids no longer in our list. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26usb-redir: Reset device address and speed on disconnectHans de Goede
Without this disconnected devices look like the last redirected device in the monitor in "info usb". Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26usb-redir: An interface count of 0 is a valid valueHans de Goede
An interface-count of 0 happens when a device is in unconfigured state when it gets redirected. So we should not use 0 to detect not having received interface info from our peer. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26usb-xhci: fix bit testLai Jiangshan
use & instead of the wrong && Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26usb-xhci: Use PCI DMA helper functionsDavid Gibson
Shortly before 1.0, we added helper functions / wrappers for doing PCI DMA from individual devices. This makes what's going on clearer and means that when we add IOMMU support somewhere in the future, only the general PCI code will have to change, not every device that uses PCI DMA. However, usb-xhci is not using these wrappers, despite being a PCI only device. This patch remedies the situation, using the pci dma functions instead of direct calls to cpu_physical_memory_{read,write}(). Likewise address parameters for DMA are changed to dma_addr_t instead of target_phys_addr_t. [ kraxel: removed #ifdefs ] Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26usb-host: fix zero-length packetsGerd Hoffmann
usb-host optimizes away zero-length packets by not entering the processing loop at all. Which isn't correct, we should submit a zero-length urb to the host devicein that case. This patch makes sure we run the processing loop at least once. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26usb-host: don't dereference invalid iovecsGerd Hoffmann
usb-host assumes the first iovec element is always valid. In case of a zero-length packet this isn't true though. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26usb-storage: fix request cancelingGerd Hoffmann
Little fix for usb packet handling on i/o cancelation. The usb packet pointer (s->packet) is cleared at the wrong place: The scsi request cancel handler does it. When a usb packet is canceled the usb-storage emulation canceles the scsi request if present. In most cases there is one, so usually s->packet is cleared as needed even with the code sitting at the wrong place. If there is no scsi request in flight s->packet is not cleared though. The usb-storage emulation will then try to complete an usb packet which is not in flight any more and thereby trigger an assert() in the usb core. Fix this by clearing s->packet at the correct place, which is the usb packet cancel header. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26usb-ehci: Ensure frindex writes leave a valid frindex valueHans de Goede
frindex is a 14 bits counter, so bits 31-14 should always be 0, and after the commit titled "usb-ehci: frindex always is a 14 bits counter" we rely on frindex always being a multiple of 8. I've not seen this in practice, but theoretically a guest can write a value >= 0x4000 or a value which is not a multiple of 8 value to frindex, this patch ensures that things will still work when that happens. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26usb-ehci: add missing usb_packet_init() callGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26usb-ehci: remove hackGerd Hoffmann
To answer the question in the comment removed by this patch: I think this was needed because several places in the ehci emulation did not check the T bit of link entries correctly and thus might have followed invalid references. See commit 2a5ff735dc1074171a0cbb1dc228d6d6e907f571 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26hda: fix codec idsGerd Hoffmann
Our hda codecs exist in two variants: With CONFIG_MIXEMU=y they expose amplifiers for volume control to the guest, with CONFIG_MIXEMU=n they don't. This patch changes the codec ids, they are different now for these two cases. This makes sure windows guests will notice the difference. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: malc <av1474@comtv.ru>
2012-04-26hda: add hda-micro codecGerd Hoffmann
It's identical to the hda-duplex codec, except that it advertises the input as microphone instead of line-in and the output as speaker instead of line-out. Some guest apps (microsoft netmeeting being one) are picky when it comes to selecting the recording source and don't accept line-in, so give them what they expect. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: malc <av1474@comtv.ru>
2012-04-26hda: move input widgets from duplex to commonGerd Hoffmann
Preparing for a new user of the input widget definitions. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: malc <av1474@comtv.ru>
2012-04-25virtio-serial-bus: Unset guest_connected at reset and driver resetAmit Shah
When a guest driver resets the virtio status to not ready, or when qemu is reset, reset all ports' guest_connected bit and let port users know of this event if they have the guest_close() callback registered. Reviewed-by: Alon Levy <alevy@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
2012-04-25virtio-serial-bus: fix guest_connected init before driver initAlon Levy
guest_connected should be false before guest driver initialization, and true after, both for multiport aware and non multiport aware drivers. Don't set it before the guest_features are available; instead use set_status which is called by io to VIRTIO_PCI_STATUS with VIRTIO_CONFIG_S_DRIVER_OK by even older non multiport drivers. [Amit: Add comment, tweak summary, only set guest_connected and not reset it as a side-effect.] Signed-off-by: Alon Levy <alevy@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
2012-04-25e1000: set E1000_ICR_INT_ASSERTED only for 8257xJason Wang
E1000_ICR_INT_ASSERTED were introduced only for 8257x, so we need to check the E1000_DEVID before setting this bit in ICS. Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>