Emulation bugfixes for intel-hda and adlib.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJSpc3gAAoJEEy22O7T6HE4D6IQAKHNCUutcopMEcHJwkldpHqO
uEVdNJvX91ZlgNGOWHtfqzMjRLftZVrY4XHL/D0H/LqXDeShXaT2Kz+6OOKDIDXi
KOchgKf2w3/lbuVtKv3xQSPt2A7TdgJFmfPpbn8f4I6tq6NrTP2TVodOyLc4RF8U
tfo+RDzZIQC5fsBFK284Ngk0abaTpRfWcNpccPh2FXznbCcgt5RiRW1bDPbjLRKD
6QoRyZsyEHAqap49YTSzW7HQFJzSsQX48Oo+FQPU/B81kUYEL7F9sSCam3NpNkoZ
xugn35cavGyYJE2kBmAYj/fMp4fdug8O9P/RZV6GxpDsA7OKimjq7xUxjYS+KtFB
0zdd4ToeheJK7t85kKh2xe30xVIYjffIqwg91LJrFJmlvqbgPKR/K+aY+pVVOKv6
S7lJscFJuBMPAxteb0ajuKZQmaK6P5LC1ckcJSsKPVehqQMzxTYdD9wsv6NN4tRk
ZHDVZEitV+u97fWj/fGjxWPuSMBQwwlbmjyBCn4TOL1iNqdeaW30bLafKBZhdXb9
iUaYMkCWI9dOtMYhkzyIAfPfJCdaMMf12ML+2zEskjll45R8lf+takHXnbeIr8oO
YSe5hWdZzHCdosCOtRJB9UmzbY+EmycsFpsIPsEnSE9Tfg0CXfjnowOGveZ4ikff
UZwqKbNaOAOTpmxM9SV8
=zExI
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'kraxel/tags/pull-audio-1' into staging
Change audio wakeup rate from 250 Hz to 100 Hz.
Emulation bugfixes for intel-hda and adlib.
# gpg: Signature made Mon 09 Dec 2013 06:04:16 AM PST using RSA key ID D3E87138
# gpg: Can't check signature: public key not found
# By Gerd Hoffmann (2) and others
# Via Gerd Hoffmann
* kraxel/tags/pull-audio-1:
intel-hda: fix position buffer
adlib: fix patching of port I/O addresses
audio: adjust pulse to 100Hz wakeup rate
audio: Lower default wakeup rate to 100 times / second
Message-id: 1386597974-26506-1-git-send-email-kraxel@redhat.com
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
Return false from can_receive() when no valid buffer descriptor is
available. Ensures against mass packet droppage in some applications.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: cde00ef774e84e2586bf10fd37b542f75bf36cfb.1386136219.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Currently this just floods indicating that can_receive has been called
by the net framework. Instead, save the result of the most recent
can_receive callback as state and only print a message if the result
changes (indicating some sort of actual state change in GEM). Make said
debug message more meaningful as well.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 2eb74ca6a5756aea242d9f525961db95d6cfcf2c.1386136219.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This write-1-clear logic was incorrect. It was always clearing w1c
bits regardless of whether the written value was 1 or not. i.e. it
was implementing a write-anything-to-clear strategy.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: ed905b04d3343966ded425f06aa2224bc7a35b59.1386136219.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The minimum packet size is 64, however this is before FCS stripping
occurs. So when FCS stripping the minimum packet size is 60. Fix.
Reported-by: Deepika Dhamija <deepika@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 8aac5bd737f9cf48b87f32943d7eb5939061e546.1386136219.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bytes_to_copy was being updated before its final use where it
advances the rx buffer pointer. This was causing total mayhem,
where packet data for any subsequent fragments was being fetched
from the wrong place.
Reported-by: Deepika Dhamija <deepika@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: c2a1c65c1fd06eb274442a0fa4a6839d940e145e.1386136219.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The Specific address registers can be enabled or disabled by software.
QEMU was assuming they were always enabled. Implement the
disable/enable feature. SARs are disabled by writing to the lower half
register. They are re-enabled by then writing the upper half.
Reported-by: Deepika Dhamija <deepika@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 49efd1f7450af8f980b967d3054245bae137866c.1386136219.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bit 27 of the RX buffer desc word 1 should be set when the packet was
accepted due to specific address register match. Implement.
This feature is absent from the Xilinx documentation (UG585) but the
behaviour is tested as accurate on real hardware.
Reported-by: Deepika Dhamija <deepika@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 7e3f26fc4ab244e8123efc12723e7164730abdcb.1386136219.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The various Rx packet address matching mode flags were not being set in
the rx descriptor. Implement.
Reported-by: Deepika Dhamija <deepika@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 6002a24a6a8ceaa11d3009ab5392840d1c084b28.1386136219.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The real hardware prefetches rx buffer descriptors ASAP and
potentially throws relevant interrupts following the fetch
even in the absence of a received packet.
Reported-by: Deepika Dhamija <deepika@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 41629e35edfdb1f02f1e401f2c3d0e2e4c9e44b3.1386136219.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
There was a replication of the rx descriptor address walking logic.
Reorder the flow control to remove. This refactoring also obsoletes
the local variables packet_desc_addr and last_desc_addr.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 2a425b457ff0b57274bf206ad2236690cd7f5909.1386136219.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We were updating the ownership bit of all descriptors if packets
get split and written through several descriptors.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: d61b7847b51487118783c93765a485bc5c66d272.1386136219.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Cadence GEM has a MAC level loopback mode. Implement. Use the same basic
operation as the already implemented PHY loopback.
Reported-by: Deepika Dhamija <deepika@xilinx.com>
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 3a0baf1b6b2fc1be638bdf1a37408ec38988e970.1386136219.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Support -cpu host in virt machine (treating it like an A15, ie
with a GIC v2 and the A15's private peripherals.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id: 1385140638-10444-12-git-send-email-peter.maydell@linaro.org
Add 'virt' platform support corresponding to arch/arm/mach-virt
in the Linux kernel tree. This has no platform-specific code but
can use any device whose kernel driver is is able to work purely
from a device tree node. We use this to instantiate a minimal
set of devices: a GIC and some virtio-mmio transports.
Signed-off-by: John Rigby <john.rigby@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id: 1385140638-10444-8-git-send-email-peter.maydell@linaro.org
[PMM:
Significantly overhauled:
* renamed user-facing machine to just "virt"
* removed the A9 support (it can't work since the A9 has no
generic timers)
* added virtio-mmio transports instead of random set of 'soc' devices
(though we retain a pl011 UART)
* instead of updating io_base as we step through adding devices,
define a memory map with an array (similar to vexpress)
* similarly, define irqmap with an array
* folded in some minor fixes from John's aarch64-support patch
* rather than explicitly doing endian-swapping on FDT cells,
use fdt APIs that let us just pass in host-endian values
and let the fdt layer take care of the swapping
* miscellaneous minor code cleanups and style fixes
]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
If no fdt is provided on command line and the new field
get_dtb in struct arm_boot_info is set then call it to
get a device tree blob.
Signed-off-by: John Rigby <john.rigby@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id: 1385140638-10444-4-git-send-email-peter.maydell@linaro.org
[PMM: minor tweaks and cleanup]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add the global timer to A9 MPCore.
Signed-off-by: François LEGAL <devel@thom.fr.eu.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: ff92f35f438ac671b57d99d823723dd3e62d2c49.1385969450.git.peter.crosthwaite@xilinx.com
[PC Changes:
* new commit message
* split off original version as a separate patch
* Rebased against new mpcore implementation (with struct embedding)
]
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The ARM A9 MPCore has a timer that is global to all cores in the cluster.
The timer is shared but each core has a private independent comparator
and interrupt.
Based on version contributed by Francois LEGAL.
Signed-off-by: François LEGAL <devel@thom.fr.eu.org>
Message-id: 4918e89476b8da916be2964ec41578b50d569a37.1385969450.git.peter.crosthwaite@xilinx.com
[PC changes:
* New commit message
* Re-implemented as single timer model
* Fixed backwards counting issue in polled mode
* completed VMSD fields
* macroified magic numbers (and headerified reg definitions)
* split of as device-model-only patch
* use bitops for 64 bit register access
* Fixed auto increment mode to check condition properly
* general cleanup (names/style etc).
]
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
[PMM:
* minor typo fixes
* added missing return after error_setg()
* dropped setting dc->no_user = 1
]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
To make it consistent for easier code reading. The order in which
variables are defined and functions are called is set to match the
address map ordering.
The new consistent order of doing stuff is:
SCU -> GIC -> MPTimer -> WDT.
0 functional change.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 8f31398e6d9a93f57291399f269039da1a77a2b5.1385969450.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Rename this variable for consistency with the above defined mptimerdev
variable.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 28939ef95589a62414634e86c47cef76b21b15f7.1385969450.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Linux kernel from version 3.4 requires CM_REFCNT register for sched timer
for Integrator/CP board (integrator_defconfig).
See http://infocenter.arm.com/help/topic/com.arm.doc.dui0138e/ch04s06s11.html
Signed-off-by: Jan Petrous <jan.petrous@tieto.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Forward-port the following commit from seabios:
commit 995bbeef78b338370f426bf8d0399038c3fa259c
Author: Paul Menzel <paulepanter@users.sourceforge.net>
Date: Thu Oct 3 11:30:52 2013 +0200
The ASL Optimizing Compiler version 20130823-32 [Sep 11 2013] issues the
following warning.
$ make
[…]
Compiling IASL out/src/fw/acpi-dsdt.hex
out/src/fw/acpi-dsdt.dsl.i 360: Method(IQCR, 1, NotSerialized) {
Remark 2120 - ^ Control Method should be made Serialized (due to creation of named objects within)
[…]
ASL Input: out/src/fw/acpi-dsdt.dsl.i - 475 lines, 19181 bytes, 316 keywords
AML Output: out/src/fw/acpi-dsdt.aml - 4407 bytes, 159 named objects, 157 executable opcodes
Listing File: out/src/fw/acpi-dsdt.lst - 143715 bytes
Hex Dump: out/src/fw/acpi-dsdt.hex - 41661 bytes
Compilation complete. 0 Errors, 0 Warnings, 1 Remarks, 246 Optimizations
[…]
After changing the parameter from `NotSerialized` to `Serialized`, the
remark is indeed gone and there is no size change.
The remark was added in ACPICA version 20130517 [1] and gives the
following explanation.
If a thread blocks within the method for any reason, and another thread
enters the method, the method will fail because an attempt will be
made to create the same (named) object twice.
In this case, issue a remark that the method should be marked
serialized. ACPICA BZ 909.
[1] ba84d0fc18
Signed-off-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reported-by: Marcel Apfelbaum <marcel.a@redhat.com>
Tested-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
IASL stores it's revision in each table header it generates.
That's not nice since guests will see a change each time they move
between hypervisors. We generally fill our own info for tables, but we
(and seabios) forgot to do this for the built-in DSDT.
Modifications in DSDT table:
OEM ID: "BXPC" -> "BOCHS "
OEM Table ID: "BXDSDT" -> "BXPCDSDT"
Compiler ID: "INTL" -> "BXPC"
Compiler Version: 0x20130823 -> 0x00000001
Tested-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Currently, we get SeaBIOS defaults: manufacturer Bochs, product Bochs,
no version. Best SeaBIOS can do, but we can provide better defaults:
manufacturer QEMU, product & version taken from QEMUMachine desc and
name.
Take care to do this only for new machine types, of course.
Note: Michael Tsirkin doesn't trust us to keep values of QEMUMachine member
product stable in the future. Use copies instead, and in a way that
makes it obvious that they're guest ABI.
Note that we can be trusted to keep values of member name, because
that has always been ABI.
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
It doesn't make sense for a region to be INT64_MAX in size:
memory core uses UINT64_MAX as a special value meaning
"all 64 bit" this is what was meant here.
While this should never affect the spapr system which at the moment always
has < 63 bit size, this makes us hit all kind of corner case bugs with
sub-pages, so users are probably better off if we just use UINT64_MAX
instead.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Alexander Graf <agraf@suse.de>
It doesn't make sense for a region to be INT64_MAX in size:
memory core uses UINT64_MAX as a special value meaning
"all 64 bit" this is what was meant here.
While this should never affect the PC system which at the moment always
has < 63 bit size, this makes us hit all kind of corner case bugs with
sub-pages, so users are probably better off if we just use UINT64_MAX
instead.
Reported-by: Luiz Capitulino <lcapitulino@redhat.com>
Tested-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Address space size for bridge should be full 64 bit,
so we should use UINT64_MAX not INT64_MAX as it's size.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
With a help of negative memory region priority PCI address space
is mapped underneath RAM regions effectively catching every access
to addresses not mapped by any other region.
It simplifies PCI address space mapping into system address space.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Temporarily allow either VirtioDeviceClass::init or
VirtioDeviceClass::realize.
Introduce VirtioDeviceClass::unrealize for symmetry.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Rename qdev -> dev since that's what realize's argument is called by
convention. No need to keep more "qdev" around than necessary.
Avoid duplicate VIRTIO_DEVICE() cast.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Rename qdev -> dev because that's what realize's argument is called by
convention. No need to keep more "qdev" around than necessary.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Rename qdev -> dev since that's what realize's argument is called by
convention. No need to keep more "qdev" around than necessary.
Avoid duplicate VIRTIO_DEVICE() cast.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Rename variable qdev -> dev since that's what realize's argument is
called by convention.
Avoid duplicate VIRTIO_DEVICE() cast.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Rename variable qdev -> dev since that's what realize's argument is called
by convention.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Return an Error so that it can be propagated later.
Tested-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
[AF: Rebased]
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This fixes a crash in hot-unplug of virtio-pci devices behind a PCIe
switch. The crash happens because the ioeventfd is still set whent the
child is destroyed (destruction happens in postorder). Then the proxy
tries to unset to ioeventfd, but the virtqueue structure that holds the
EventNotifier has been trashed in the meanwhile. kvm_set_ioeventfd_pio
does not expect failure and aborts.
The fix is simply to move parts of uninitialization to a new
device_unplugged callback, which is called before the child is destroyed.
Cc: qemu-stable@nongnu.org
Acked-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This ensures hot-unplug is handled properly by the proxy, and avoids
leaking bus_name which is freed by virtio_device_exit.
Cc: qemu-stable@nongnu.org
Acked-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This ensures hot-unplug is handled properly by the proxy, and avoids
leaking bus_name which is freed by virtio_device_exit.
Cc: qemu-stable@nongnu.org
Acked-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This ensures hot-unplug is handled properly by the proxy, and avoids
leaking bus_name which is freed by virtio_device_exit.
Cc: qemu-stable@nongnu.org
Acked-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This ensures hot-unplug is handled properly by the proxy, and avoids
leaking bus_name which is freed by virtio_device_exit.
Cc: qemu-stable@nongnu.org
Acked-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This ensures hot-unplug is handled properly by the proxy, and avoids
leaking bus_name which is freed by virtio_device_exit.
Cc: qemu-stable@nongnu.org
Acked-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This ensures hot-unplug is handled properly by the proxy, and avoids
leaking bus_name which is freed by virtio_device_exit.
Cc: qemu-stable@nongnu.org
Acked-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Right now we have these pairs:
- virtio_bus_plug_device/virtio_bus_destroy_device. The first
takes a VirtIODevice, the second takes a VirtioBusState
- device_plugged/device_unplug callbacks in the VirtioBusClass
(here it's just the naming that is inconsistent)
- virtio_bus_destroy_device is not called by anyone (and since
it calls qdev_free, it would be called by the proxies---but
then the callback is useless since the proxies can do whatever
they want before calling virtio_bus_destroy_device)
And there is a k->init but no k->exit, hence virtio_device_exit is
overwritten by subclasses (except virtio-9p). This cleans it up by:
- renaming the device_unplug callback to device_unplugged
- renaming virtio_bus_plug_device to virtio_bus_device_plugged,
matching the callback name
- renaming virtio_bus_destroy_device to virtio_bus_device_unplugged,
removing the qdev_free, making it take a VirtIODevice and calling it
from virtio_device_exit
- adding a k->exit callback
virtio_device_exit is still overwritten, the next patches will fix that.
Cc: qemu-stable@nongnu.org
Acked-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The vdev field is complicated to synchronize. Just access the
BusState's list of children.
Cc: qemu-stable@nongnu.org
Acked-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The vdev field is complicated to synchronize. Just access the
BusState's list of children.
Cc: qemu-stable@nongnu.org
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The vdev field is complicated to synchronize. Just access the
BusState's list of children.
Cc: qemu-stable@nongnu.org
Acked-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Similar to the PCI bug that prompted these patches, virtio-ccw will
segfault after the reworking of hotplug/hot-unplug. Prepare for
this by moving virtio_ccw_stop_ioeventfd to before the freeing
of the proxy device.
A better place for this could be the device_unplugged callback
for the virtio-ccw bus. However, we do not yet have a callback
that works: this patch avoids the problem while leaving the tree
bisectable.
Cc: qemu-stable@nongnu.org
Reported-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Suggested-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Acked-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
mac_table was always cleaned up first in handling
VIRTIO_NET_CTRL_MAC_TABLE_SET command, and we din't recover
mac_table content in error state, it's not correct.
This patch makes all the changes in temporal variables,
only update the real mac_table if everything is ok.
We won't change mac_table in error state, so rxfilter
notification isn't needed.
This patch also fixed same problame in
http://lists.nongnu.org/archive/html/qemu-devel/2013-11/msg01188.html
(not merge)
I will send patch for virtio spec to clarifying this change.
Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Vlad Yasevich <vyasevic@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
VERIFY emulation was completely botched (and remained botched through
all the refactorings). The command must be emulated both in check-medium
mode (BYTCHK=00, which we implement by doing nothing) and in check-bytes
mode (which we do not implement yet). Unlike WRITE AND VERIFY (which we
treat simply as WRITE with FUA bit set), VERIFY cannot be handled like
READ. In fact the device is _receiving_ data for VERIFY, not _sending_
it like READ.
Cc: qemu-stable@nongnu.org
Tested-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The amount of bytes to transfer depends on the BYTCHK field.
If any data is transferred, it is sent to the device.
Cc: qemu-stable@nongnu.org
Tested-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Fix position buffer updates to use the correct stream offset.
Without this patch both IN (record) and OUT (playback) streams
will update the IN buffer positions. The linux kernel notices
and complains:
hda-intel: Invalid position buffer, using LPIB read method instead.
The bug may also lead to glitches when recording and playing
at the same time:
https://bugzilla.redhat.com/show_bug.cgi?id=947785
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit 2b21fb5 (adlib: sort offsets in portio registration, 2013-08-14)
fixed the offsets in adlib_portio_list, but forgot the matching indices
in adlib_realizefn.
Reported at http://virtuallyfun.superglobalmegacorp.com/?p=3616 by
"neozeed".
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit ac86048bcd removed trace.h from
console.h and ignored the fact that qxl-render.c needs this file
(it includes qxl.h which includes console.h which included trace.h).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
- Update linux-headers to include KVM-VFIO device support
- Enable QEMU support for KVM-VFIO device
- Additional Nvidia x-vga quirk to ACK MSI interrupts
- Debug options to disable MSI/X KVM acceleration
- Fix to cleanup MSI-X vectors on shutdown and avoid IRQ route leaks
The KVM-VFIO device support enables KVM to manage how it handles
coherency instructions in the presence of non-coherent I/O. Dave
Airlie had noted that the Nvidia MSI ACK support here may just be
scratching the surface, but it's better than what we have now and
it's only enabled via the x-vga option, so I'm willing to add since
it does enable some users.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAABAgAGBQJSojNjAAoJECObm247sIsiraQQAJ6aiRZnYTr/OtIcqPa//Rmh
DVs1rCwc17+R3ApuhejqpmyCNwroZWkyTcsXxcVcZ1Ah837pBMsOGbtgLH3ySpF5
5v8EHm1DUgEp76WtTjpBGnMgsBv8JMuicHM2mnspqN4h4LTyPBaSwQeTrmAwKwzm
FKwSTJhoDaDWv78XYOuP8abIYo7pIeoXqAto5bq5h+yAolcWO5+LsSBUduHo5yco
y7R6uQjlScP2b6Y8N4rjGv/10ZOOih8O8ikbZzw3UuuBc8UGrHNR+OSTWnuOhztk
bsEf4ISGcRV/Fl/srJXhO4WHAA9z/fS6L3eDoigr/Lhgxu3pWBAo+CxIdFgHtATe
ptvtHlvhYZ7Pm2WUoTT96M0a+HwTOnNTy1GD5yG5Ye6JaivmkqpoxxjLfvpgHK0H
zPsSaUZ42sWS3JQvWowZoiIyF8MiJsxguSgq+RratepuFo6ZAp39jOV890xyQE5v
rRM+rKkRk8EM/B9xbM9G4MxaPxUXrbIgZpBuArD0ZMr8upPfRtzf5yvjXAyCJlA9
EnAwNALhoa5zJy0T+n8QAaeoM9Rgig264kQl+onVDVxExuRVIJOGX8Vaq48cFrpf
aOeFmVrBQ17zlaZBQUgRCllll5i9qv4TJjUG8YaLgnXvyMkhLIY3IyIj8rzI/fd+
4cYZYu78AUO0B1Plp/Wa
=6C93
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'awilliam/tags/vfio-pci-for-qemu-20131206.0' into staging
vfio-pci updates include:
- Update linux-headers to include KVM-VFIO device support
- Enable QEMU support for KVM-VFIO device
- Additional Nvidia x-vga quirk to ACK MSI interrupts
- Debug options to disable MSI/X KVM acceleration
- Fix to cleanup MSI-X vectors on shutdown and avoid IRQ route leaks
The KVM-VFIO device support enables KVM to manage how it handles
coherency instructions in the presence of non-coherent I/O. Dave
Airlie had noted that the Nvidia MSI ACK support here may just be
scratching the surface, but it's better than what we have now and
it's only enabled via the x-vga option, so I'm willing to add since
it does enable some users.
# gpg: Signature made Fri 06 Dec 2013 12:28:19 PM PST using RSA key ID 3BB08B22
# gpg: Can't check signature: public key not found
# By Alex Williamson
# Via Alex Williamson
* awilliam/tags/vfio-pci-for-qemu-20131206.0:
vfio-pci: Release all MSI-X vectors when disabled
vfio-pci: Add debug config options to disable MSI/X KVM support
vfio-pci: Fix Nvidia MSI ACK through 0x88000 quirk
vfio-pci: Make use of new KVM-VFIO device
linux-headers: Update from v3.13-rc3
Message-id: 20131206204715.16731.12627.stgit@bling.home
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
# By Paolo Bonzini (17) and others
# Via Stefan Hajnoczi
* stefanha/block: (48 commits)
qemu-iotests: filter QEMU monitor \r\n
aio: make aio_poll(ctx, true) block with no fds
block: clean up bdrv_drain_all() throttling comments
qcow2: use start_of_cluster() and offset_into_cluster() everywhere
qemu-img: decrease progress update interval on convert
qemu-img: round down request length to an aligned sector
qemu-img: dynamically adjust iobuffer size during convert
block/iscsi: set bs->bl.opt_transfer_length
block: add opt_transfer_length to BlockLimits
block/iscsi: set bdi->cluster_size
qemu-img: fix usage instruction for qemu-img convert
qemu-img: add support for skipping zeroes in input during convert
qemu-nbd: add doc for option -f
qemu-iotests: add test for snapshot in qemu-img convert
qemu-img: add -l for snapshot in convert
qemu-iotests: add 058 internal snapshot export with qemu-nbd case
qemu-nbd: support internal snapshot export
snapshot: distinguish id and name in load_tmp
qemu-iotests: Split qcow2 only cases in 048
qemu-iotests: Clean up spaces in usage output
...
Message-id: 1386347807-27359-1-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
Update vgabios, switch from lgplvgabios to seavgabios.
Update build process to build both 128k and 256k bios versions.
Use 256k bios for pc-*-2.0+ machine types.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJSoYRUAAoJEEy22O7T6HE4a18QAL5at1YcMp40N8EDJ268/xl0
+t2WGu2847imEhJ2lhI6gb1bmg2XdYYTtOfmIspC58BObpoJT4wppPo7JmGrGvL+
UYpge8mt/NkmzUjDz98sDKL3vqAq5ZFg4olMMIMNmNKCsyrq3Cz6U+/5F+2XMdHH
P5tMqNvAFqNHWUhjcDxPNF7jWpsZkMKQb2RV1zKzZD7nvuf2wZmZjzsEjCLh3JzO
pN2A4blgN3LTmoomf/HSaFmqGdrsuoDXtQ0s5JLCaZATONK7tr7/ZFhgxykHP+Ol
lenfmYKJba5KAO/rH7lN3DlF460HZClq734i9NXkTKGXPvPJ7mCMhJ79SIWZQcWx
u4mPKBvuE5hk596jV0lscNOTNqRk8fVw7aOgSgGpfOUtf72pl2jy70gCsXLpS9R3
zhazAQHDU5v55FHIsnGJ0igkrj0usliWoT89UBAcaYCbq/vKyVp9jKgWHYHLbJuM
Xr2rm8aQI0i/ZtSImHqxmg+UfrLdCcwKlW4gpUlqdO6w1Rd1m3GkY1RXbuSi9RYO
eGTcc51d8RJXxa1k24BkGOf9FPVjf8MmyOwy4mBbNp01+hU6XzdWs1E5kr7zQ65M
+apRsBJadcTtbG8kXuOMdSwhpkc1H0PuERppDyDSV9aS0NlPdyBMzr/H2T3szEsH
yqtyTFxZs23m3IWFYmvO
=nfH6
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'kraxel/tags/pull-seabios-31b8b4e-1' into staging
Update seabios to master snapshot (pre-1.7.4).
Update vgabios, switch from lgplvgabios to seavgabios.
Update build process to build both 128k and 256k bios versions.
Use 256k bios for pc-*-2.0+ machine types.
# gpg: Signature made Fri 06 Dec 2013 12:01:24 AM PST using RSA key ID D3E87138
# gpg: Can't check signature: public key not found
# By Gerd Hoffmann
# Via Gerd Hoffmann
* kraxel/tags/pull-seabios-31b8b4e-1:
pc: switch 2.0 machine types to large seabios binary
roms: update vgabios binaries
roms: update seabios binaries
roms: enable seabios cross builds
roms: build two seabios binaries
roms: update seabios submodule to 31b8b4eea9d9ad58a73b22a6060d3ac1c419c26d
add firmware to machine options
add pc-{i440fx,q35}-2.0 machine types
Message-id: 1386322527-23148-1-git-send-email-kraxel@redhat.com
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
# By Paul Durrant (1) and Wei Liu (1)
# Via Stefano Stabellini
* sstabellini/xen-2013-12-01:
xen-pvdevice: make device-id property compulsory
xen: fix two errors when debug is enabled
Message-id: alpine.DEB.2.02.1312011829000.3198@kaball.uk.xensource.com
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
Bugfixes for uas emulation.
Add remote wakeup support for ehci.
Add suspend support for xhci.
Misc minor tweaks and fixes.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJSmEXxAAoJEEy22O7T6HE47t0QALonQORRj0IUAH0cOdfAhlQ3
tGMQksBCYevBatKt4iZQgkw6H0jwse6QfsgsG2dfznEO+ZWsrt9cxe1UrqxbK2PN
2PY/I9Ke1iP6tjcf9ftjqt+mZcAg/FHrbua5hb8zXRQnqu2jr0y3Cp7k2Jax4j4d
Zl2FJ+sd4lGNR3Qpb85Muxtii8XERmMqvAit72VN4VAW4iE+SQAFSOgzBC512b55
wLVc6DrbnM8I4AVJQ8RH2pMQau0/aBHFbU8By2RKbymkJmIG2nFqLH6eSJ19QgzY
CmX8yGDJM5LGAGRZCeDSeuilxFU/WCSoTtkL8cPcYUv4cSTm+forzxhVz+CVOeVu
JJsWNkaIxu4mxfRyADjUKkWoKX7ACro3ErfAWHdv8hwuhZ4uD6cf2++nXVDK9dq4
yLL2nR4YG0NTOdQNKrsUbltf9gC5cWqNRgVMJ5VfqIBGtjXdTbpGpcUEFuDDegjk
GhfN8lcpqgnFj0U4fAGLxHYXHvJRpNeWzEEANPuEYnWr2tSrgBWKkYLaooTDHt5r
FUE6lmKL+BzQYnXfWWqh1fZoiBzzrMaT3OkHc2vx/SrGLuO/rVWTzXsFQI+NGPHp
XxuyocFoKZA2yGr9h6eBBp9mtd5y0oOVxBR0WbkgvmbyxkX7Zq9r2PSoDOm26oE3
5kmApAnSij83aT06Qe8P
=2yvC
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'kraxel/tags/pull-usb-1' into staging
Improvements for usb3 bulk stream (usb core, xhci).
Bugfixes for uas emulation.
Add remote wakeup support for ehci.
Add suspend support for xhci.
Misc minor tweaks and fixes.
# gpg: Signature made Thu 28 Nov 2013 11:44:49 PM PST using RSA key ID D3E87138
# gpg: Can't check signature: public key not found
# By Hans de Goede (11) and others
# Via Gerd Hoffmann
* kraxel/tags/pull-usb-1:
usb: move usb_{hi,lo} helpers to header file.
usb: add vendor request defines
trace-events: Clean up after removal of old usb-host code
Revert "usb-tablet: Don't claim wakeup capability for USB-2 version"
ehci: implement port wakeup
xhci: Call usb_device_alloc/free_streams
usb: Add usb_device_alloc/free_streams
usb: Add max_streams attribute to endpoint info
uas: s/ui/iu/
uas: Fix response iu struct definition
uas: Bounds check tags when using streams
uas: Streams are numbered 1-y, rather then 0-x
uas: Fix / cleanup usb_uas_task error handling
uas: Only use report iu-s for task_mgmt status reporting
scsi: Add 2 new sense codes needed by uas
xhci: add support for suspend/resume
xhci: Add a few missing checks for disconnected devices
Message-id: 1385712381-30918-1-git-send-email-kraxel@redhat.com
Signed-off-by: Anthony Liguori <aliguori@amazon.com>
scripts/checkpatch.pl reports about some style problems,
this commit fixes some of them:
ERROR: space prohibited before open square bracket '['
+ .fields = (VMStateField []) {
ERROR: space prohibited after that '!' (ctx:BxW)
+ if (! eeprom->eecs && eecs) {
^
ERROR: space prohibited after that '!' (ctx:WxW)
+ } else if (eeprom->eecs && ! eecs) {
^
ERROR: space prohibited after that '!' (ctx:WxW)
+ } else if (eecs && ! eeprom->eesk && eesk) {
^
ERROR: switch and case should be at the same indent
switch (address >> (eeprom->addrbits - 2)) {
+ case 0:
[...]
+ case 1:
[...]
+ case 2:
[...]
+ case 3:
ERROR: return is not a function, parentheses are not required
+ return (eeprom->eedo);
ERROR: switch and case should be at the same indent
switch (nwords) {
+ case 16:
+ case 64:
[...]
+ case 128:
+ case 256:
[...]
+ default:
Signed-off-by: Antony Pavlov <antonynpavlov@gmail.com>
Cc: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Cc: qemu-trivial@nongnu.org
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
We were relying on msix_unset_vector_notifiers() to release all the
vectors when we disable MSI-X, but this only happens when MSI-X is
still enabled on the device. Perform further cleanup by releasing
any remaining vectors listed as in-use after this call. This caused
a leak of IRQ routes on hotplug depending on how the guest OS prepared
the device for removal.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Cc: qemu-stable@nongnu.org
When MSI is enabled on Nvidia GeForce cards the driver seems to
acknowledge the interrupt by writing a 0xff byte to the MSI capability
ID register using the PCI config space mirror at offset 0x88000 from
BAR0. Without this, the device will only fire a single interrupt.
VFIO handles the PCI capability ID/next registers as virtual w/o write
support, so any write through config space is currently dropped. Add
a check for this and allow the write through the BAR window. The
registers are read-only anyway.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Add and remove groups from the KVM virtual VFIO device as we make
use of them. This allows KVM to optimize for performance and
correctness based on properties of the group.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Fetch the data to be written from the input buffer. If it is all zeroes,
we can use the write_zeroes call (possibly with the new MAY_UNMAP flag).
Otherwise, do as many write cycles as needed, writing 512k at a time.
Strictly speaking, this is still incorrect because a zero cluster should
only be written if the MAY_UNMAP flag is set. But this is a bug in qcow2
and the other formats, not in the SCSI code.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Since we report ANC_SUP==0 in VPD page B2h, we need to return
an error (ILLEGAL REQUEST/INVALID FIELD IN CDB) for all WRITE SAME
requests with ANCHOR==1.
Inspired by a similar patch to the LIO in-kernel target.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This is the same that is already done for WRITE SAME.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Most code already used QEMUTimer without the redundant 'struct' keyword.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
gcc 4.8.2 reports this warning when extra warnings are enabled (-Wextra):
CC m68k-softmmu/hw/m68k/mcf5206.o
hw/i386/acpi-build.c: In function ‘build_append_nameseg’:
hw/i386/acpi-build.c:294:5: error:
function might be possible candidate for ‘gnu_printf’ format attribute [-Werror=suggest-attribute=format]
g_string_vprintf(s, format, args);
^
When this warning is fixed, there is a new compiler warning:
CC i386-softmmu/hw/i386/acpi-build.o
hw/i386/acpi-build.c: In function ‘build_append_notify’:
hw/i386/acpi-build.c:632:5: error:
format not a string literal and no format arguments [-Werror=format-security]
build_append_nameseg(method, name);
^
This is fixed here, too.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This reduces the dependencies on trace.h.
Only one source file which needs hcd-ehci.h also needs trace.h.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This reduces the dependencies on trace.h.
Only two source files which need console.h also need trace.h.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The intention of the Xen PV device is that it is used as a parent
device for PV drivers in Xen HVM guests and the set of PV drivers that
bind to the device is determined by its device ID (and possibly
vendor ID and revision). As such, the device should not have a default
device ID, it should always be supplied by the Xen toolstack.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
This patch fixes:
1. build error in xen_pt.c when XEN_PT_LOGGING_ENABLED is defined
2. debug output format string error when DEBUG_XEN is defined
In the second case I also have the output info in consistent with the
output in mapping function - that is, print start_addr instead of
phys_offset.
Signed-off-by: Sander Eikelenboom <linux@eikelenboom.it>
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Update portsc register and raise irq in case a suspended
port is woken up, so remote wakeup works on our ehci ports.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Note this code is not as KISS as I would like, the reason for this is that
the Linux kernel interface wants streams on eps belonging to one interface
to be allocated in one call. Things will also work if we do this one ep at a
time (as long as all eps support the same amount of streams), but lets stick
to the kernel API.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The various uas data structures are called IU-s, which is short for
Information Unit, rather then UI-s.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch mirrors a patch to the Linux uas kernel driver which I've just
submitted. It looks like the qemu uas struct definitions were taken from
the Linux kernel driver, and have inherited the same mistake.
Besides fixing the response iu struct, the patch also drops the add_info
parameter from the usb_uas_queue_response() function, it is always 0 anyways,
and expressing 3 zero-bytes as a function argument is a bit hard.
Below is the long explanation for this change taken from the kernel commit:
The response iu struct before this patch has a size of 7 bytes, which is weird
since all other iu-s are explictly padded to a multiple of 4 bytes.
Submitting a 7 byte bulk transfer to the status endpoint of a real uasp device
when expecting a response iu results in an USB babble error, as the device
actually sends 8 bytes.
Up on closer reading of the UAS spec:
http://www.t10.org/cgi-bin/ac.pl?t=f&f=uas2r00.pdf
The reason for this becomes clear, the 2 entries in "Table 17 — RESPONSE IU"
are numbered 4 and 6, looking at other iu definitions in the spec, esp.
multi-byte fields, this indicates that the ADDITIONAL RESPONSE INFORMATION
field is not a 2 byte field as one might assume at a first look, but is
a multi-byte field containing 3 bytes.
This also aligns with the SCSI Architecture Model 4 spec, which UAS is based
on which states in paragraph "7.1 Task management function procedure calls"
that the "Additional Response Information" output argument for a Task
management function procedure call is 3 bytes.
Last but not least I've verified this by sending a logical unit reset task
management call with an invalid lun to an actual uasp device, and received
back a response-iu with byte 6 being 0, and byte 7 being 9, which is the
responce code for an invalid iu, which confirms that the response code is
being reported in byte 7 of the response iu rather then in byte 6.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Disallow the guest to cause us to address the data3 and status3 arrays
out of bounds.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
It is easier to simply make the arrays one larger, rather then
substracting one everywhere.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>