The bdrv layer uses a signed offset. Furthermore, block-raw-posix
only seeks when that offset is positive. Passing a negative offset
to block-raw-posix can result in data being written at the current
seek cursor's position.
It may be possible to exploit this to seek to the end of the disk
and extend the virtual disk by writing data to a negative sector
offset. After a reboot, this could lead to the guest having a
larger disk than it had before.
Close the hole by sanity checking the lba against the size of the
disk.
Signed-off-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6475 c046a42c-6fe2-441c-8c8c-71466251a162
Current Linux guests oops if the host notifies of a
config change before a driver has been bound to the
device.
It's pretty pointless for us to do notify of config
changes before status is S_DRIVER_OK anyway, so let's
just not do it.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6471 c046a42c-6fe2-441c-8c8c-71466251a162
Paul Brook pointed out that the number of sectors reported
by the SCSI read capacity commands needs to be divided by
s->cluster_size, because bdrv_get_geometry reports the number
of 512 byte sectors, while emulated CDROMs report 2048 byte
sectors back to the guest.
This has no consequences for emulated hard disks, which use
a cluster size of 1.
aliguori: fixed typo
Signed-off-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6469 c046a42c-6fe2-441c-8c8c-71466251a162
Implement SCSI READ(16), WRITE(16) and SAI READ CAPACITY(16) commands,
so SCSI disks larger than 2TB can work with guests that support these
newer SCSI commands.
The cast to (uint64_t) is needed because otherwise gcc will use a
signed int, which gets sign extended into uint64_t lba, resulting
in bad block numbers for READ 10 and READ 16 with block numbers
larger than 2^31.
Signed-off-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6468 c046a42c-6fe2-441c-8c8c-71466251a162
Sector numbers can overflow on a virtual scsi disk of over 1TB
in size. Qemu's bdrv_read expects an int64_t, so fix the overflow
by going to that data type.
On large disks, we clip the capacity to 2TB instead of returning
"capacity modulo 2TB".
Turn sector_count into an unsigned to prevent a signed/unsigned
overflow with SCSI transfers larger than 2TB. We're unlikely to
ever hit this bug, but fixing it is just one line.
Signed-off-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6467 c046a42c-6fe2-441c-8c8c-71466251a162
Apparently this board was forgotten in the display changes.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6462 c046a42c-6fe2-441c-8c8c-71466251a162
The HPET emulation can disable the i8254 when the HPET is
in legacy mode, thus emulating the i8254's behavior.
But if it does, the i8254 doesn't have to be running, so
let's check to see if the timer works and not disable it
if it's not.
This fixes a segmentation fault when running Mac OS X as
guest os.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6460 c046a42c-6fe2-441c-8c8c-71466251a162
This fixes the warning:
/scratch/froydnj/qemu.git/hw/vga.c:1515: warning: redundant redeclaration of 'rgb_to_pixel_dup_table'
/scratch/froydnj/qemu.git/hw/vga.c:1248: warning: previous declaration of 'rgb_to_pixel_dup_table' was here
Signed-off-by: Nathan Froyd <froydnj@codesourcery.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6446 c046a42c-6fe2-441c-8c8c-71466251a162
Should solve 100% cpu ioport poll after reboot.
Signed-off-by: Dor Laor <dor@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6445 c046a42c-6fe2-441c-8c8c-71466251a162
This patch defines PCI vendor and device IDs in pci.h (matching those
from Linux's pci_ids.h), and uses those definitions where appropriate.
Change from v1:
Introduces pci_config_set_vendor_id() / pci_config_set_device_id()
accessors as suggested by Anthony Liguori.
Signed-off-by: Stuart Brady <stuart.brady@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6442 c046a42c-6fe2-441c-8c8c-71466251a162
A subsystem vendor ID of zero isn't allowed, so we use our
default ID.
Gerd points out that although the PCI subsystem vendor ID is
treated by the guest as the virtio vendor ID:
/* we use the subsystem vendor/device id as the virtio vendor/device
* id. this allows us to use the same PCI vendor/device id for all
* virtio devices and to identify the particular virtio driver by
* the subsytem ids */
vp_dev->vdev.id.vendor = pci_dev->subsystem_vendor;
vp_dev->vdev.id.device = pci_dev->subsystem_device;
it looks like only the device ID is used right now:
# grep virtio modules.alias
alias virtio:d00000001v* virtio_net
alias virtio:d00000002v* virtio_blk
alias virtio:d00000003v* virtio_console
alias virtio:d00000004v* virtio-rng
alias virtio:d00000005v* virtio_balloon
alias pci:v00001AF4d*sv*sd*bc*sc*i* virtio_pci
alias virtio:d00000009v* 9pnet_virtio
so setting the subsystem vendor id to something != zero shouldn't cause
trouble.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6440 c046a42c-6fe2-441c-8c8c-71466251a162
Also use the existing macro for the PCI vendor ID
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6439 c046a42c-6fe2-441c-8c8c-71466251a162
Gerd added these macros a while back.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6438 c046a42c-6fe2-441c-8c8c-71466251a162
Linux changed its physical address location in the elf header from
0xc0000000 to 0 on 2.6.25, causing later kernels to fail booting
with the -kernel option.
This patch assures that the lowest segment in the elf binary is loaded
to KERNEL_LOAD_ADDR, which is where the firmware expects it.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6437 c046a42c-6fe2-441c-8c8c-71466251a162
Add resource registration both for P4 and A7.
This is needed because of #5935 SH4: Eliminate P4 to A7 mangling.
Additionally, {reg,iop,mem}base which is no longer used are removed.
Signed-off-by: Takashi YOSHII <takasi-y@ops.dti.ne.jp>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6433 c046a42c-6fe2-441c-8c8c-71466251a162
On the MIPS Magnum, the time that is held in the RTC's NVRAM should be
relative to midnight on 1980-01-01. This patch adds an extra parameter
to rtc_init(), allowing different epochs to be used. For the Magnum,
1980 is specified, and for all other machines, 2000 is specified.
I've not modified the handling of the century byte, as with an epoch of
1980 and a year of 2009, one could argue that it should hold either
0, 1, 19 or 20. NT 3.50 on MIPS does not read the century byte.
Signed-off-by: Stuart Brady <stuart.brady@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6429 c046a42c-6fe2-441c-8c8c-71466251a162
This avoid crash when a bigger RAM size is requested (the devices are
mapped at 0x01000000).
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6419 c046a42c-6fe2-441c-8c8c-71466251a162
Original text below.
Attached is a patch that changes how the emulated floppy controller replies to Sense Interrupt Status commands immediately after a controller reset. The specs state that after a Reset the 82078 goes into polling mode which needs four Sense Interrupt Status commands to be issued afterwards to clear the status of each drive. Currently we always respond to Sense Interrupt Status with a SEEK END instead of POLLING. This causes a problem with the SCO Openserver installer which is expects a POLLING state after reset. This patch returns a POLLING status for four Sense Interrupt Status requests immediately after a controller reset. This approach mirrors the way Bochs handles this situation. With the attached patch applied Openserver gets further when trying to load storage drivers from the floppy disk (blocked by another issue, patch on its way). I have successfully tested the floppy drive on the following OSs after applying this patch: Windows 98, Windows XP SP2, Linux x86 (SysRescCD 1.1.3 and Ubuntu 8.10).
Justin
Changelog:
Properly handle Sense Interrupt Status after FDC Reset
Signed-off-by: Justin Chevrier <theburner1@yahoo.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6416 c046a42c-6fe2-441c-8c8c-71466251a162
[ The following text is in the "UTF-8" character set. ]
[ Your display is set for the "koi8-r" character set. ]
[ Some characters may be displayed incorrectly. ]
This patch fixes vga rendering when the guest endianness differs from
the host endianness: in this case we can only share the buffer if the
bpp is 32 and we must change the pixelformat accordingly.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6413 c046a42c-6fe2-441c-8c8c-71466251a162
The vm state handler needed updating after the recent vm state change
notification refactoring.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6403 c046a42c-6fe2-441c-8c8c-71466251a162
Instead of copying to a temporary buffer, map guest memory for IDE DMA
transactions.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6398 c046a42c-6fe2-441c-8c8c-71466251a162
This version of the patch adds new option "werror" to -drive flag.
Possible values are:
report - report errors to a guest as IO errors
ignore - continue as if nothing happened
stop - stop VM on any error and retry last command on resume
enospc - stop vm on ENOSPC error and retry last command on resume
all other errors are reported to a guest.
Default is "report" to maintain current behaviour.
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6388 c046a42c-6fe2-441c-8c8c-71466251a162
Switc vram unmapping in map_linear_vram to the simpler pattern used by
unmap_linear_vram.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6386 c046a42c-6fe2-441c-8c8c-71466251a162
We should not re-register the cirrus io-memory regions on each reset.
Moreover, this patch removes some dead code and pushes other static
field initializations from reset to init_common.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6385 c046a42c-6fe2-441c-8c8c-71466251a162
cirrus bitblt reset will stop and start dirty logging even when there is no
need; this causes full redraws.
avoid by only updating memory access when exiting cpu-to-video update mode.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6384 c046a42c-6fe2-441c-8c8c-71466251a162
Cleaned-up port from kvm-userspace: We have to stop any vram logging
while doing remaps. Otherwise the logger gets confused. This reward is
enormously accelerated cirrus vga in kvm mode.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6383 c046a42c-6fe2-441c-8c8c-71466251a162
Fix the broken text mode after reset by unmapping potentially mapped
vram.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6382 c046a42c-6fe2-441c-8c8c-71466251a162
It may lead to the issue when booting windows guests with acpi=1
if return the old pmsts.
Signed-off-by: Xiantao Zhang <xiantao.zhang@intel.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6375 c046a42c-6fe2-441c-8c8c-71466251a162
And use it for the malta emulation. Fix segfault introduced in
revision 6352.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6365 c046a42c-6fe2-441c-8c8c-71466251a162
I noticed that pcnet_common_init() takes an unused 'info_str'
parameter, added in r2142. Since then, we always pass "pcnet"
to register_savevm() (and never "lance").
Note that r6218 changed vc->info_str to "lance" for sun4m emulation.
On the assumption that it's not needed, this patch removes the
parameter. If reverting the change in r2142, and registering with
"lance" would be preferable, I can submit a patch to do so.
Signed-off-by: Stuart Brady <stuart.brady@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6362 c046a42c-6fe2-441c-8c8c-71466251a162
I discovered a bug in the hpet code that caused Windows to boot without
hpet. The config mask I was using was preventing the guest from placing
the hpet into 32 bit mode.
(Beth Kon)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6357 c046a42c-6fe2-441c-8c8c-71466251a162
This patch improves G364 video card emulation (used in MIPS Magnum machine):
- Use memory dirty tracking to not refresh whole screen each time
- Use macros for debugging messages
- Add support for hardware cursor
- Handle Y-panning
- Raise irq at each screen redraw
- Support retrieving of some registers
- Add load/save support
The emulation has been tested in Linux 2.1 and Windows NT 3.5, in
640x480, 800x600, 1024x768 and 1280x1024 resolutions.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6356 c046a42c-6fe2-441c-8c8c-71466251a162
ppm_save's signature changed so it needs updating.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6350 c046a42c-6fe2-441c-8c8c-71466251a162
This is specific to OpenHackware, and not used by OpenBIOS.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6347 c046a42c-6fe2-441c-8c8c-71466251a162
