Commit Graph

8587 Commits

Author SHA1 Message Date
Heinz Graalfs
8c7c3c58e3 s390: Fix ram_size updating in machine init
The global variable 'ram_size' is hidden by the local variable
declaration in s390_init(). Since we want to update the global
ram size in certain cases we must not use a local ram_size
variable.
- This fixes booting with unusual ram sizes like -m 67001
- This changes behaviour back to the situation before commit
  5f072e1f30
  (create struct for machine initialization arguments)

Signed-off-by: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-11-26 20:16:26 +01:00
Alexey Kardashevskiy
70c68cf638 pseries: Fix bug in PCI MSI allocation
In one of the recent reworks to the XICS code, a bug was introduced where
we use the wrong sense and allocate level interrupts instead of message
interrupts for PCI MSIs.  This patch fixes it.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-11-26 19:53:26 +01:00
Peter Maydell
d688e5239a hw/ide/macio: Fix segfault caused by NULL DMAContext*
Pass qemu_sglist_init the global dma_context_memory rather than a NULL
pointer; this fixes a segfault in dma_memory_map() when the guest
starts using DMA.

Reported-by: Amadeusz Sławiński <amade@asmblr.net>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-11-26 19:53:26 +01:00
Paolo Bonzini
b5007bcc97 hmp: do not crash on invalid SCSI hotplug
Commit 0d93692 (qdev: Convert busses to QEMU Object Model, 2012-05-02)
removed a check on the type of the bus where a SCSI disk is hotplugged.
However, hot-plugging to the wrong kind of device now causes a crash
due to either a NULL pointer dereference (avoided by the previous patch)
or a failed QOM cast.

Instead, in this case we need to use object_dynamic_cast and check for
the result, similar to what was done before that commit.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-26 09:38:54 -06:00
Jan Kiszka
21022c92dc q35: Add kvmclock support
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-26 09:35:37 -06:00
Jan Kiszka
243b95111c q35: Fix non-PCI IRQ processing in ich9_lpc_update_apic
Avoid passing a non-PCI IRQ to ich9_gsi_to_pirq. It's wrong and triggers
an assertion.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-26 09:35:37 -06:00
Jan Kiszka
21bcfdd9a4 q35: Suppress SMM BIOS initialization under KVM
Same as for i44fx: KVM does not support SMM yet. Signal it initialized
to Seabios to avoid failures.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-26 09:35:37 -06:00
Jason Baron
a1c9304683 ich9: Add i82801b11 dmi-to-pci bridge
Add the dmi-to-pci i82801b11 bridge chip. This is the pci bridge chip
that q35 uses on its host bus for PCI bus arbitration.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-26 09:35:37 -06:00
Isaku Yamahata
df2d8b3ed4 q35: Introduce q35 pc based chipset emulator
pc q35 based chipset emulator to support pci express natively. Based on
Anthony Liguori's suggestion, the machine name is 'q35-next', with an alias
of 'q35'. At this point, there are no compatibility guarantees. When the
chipset stabilizes more, we will begin to version the machine names.

Major features which still need to be added:

-Migration support (mostly around ahci)
-ACPI hotplug support (pcie hotplug support is working)
-Passthrough support

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-26 09:35:36 -06:00
Jason Baron
678e7b94b1 ich9: Add smbus
Add support for the ich9 smbus chip.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-26 09:35:36 -06:00
Jason Baron
4d00636e97 ich9: Add the lpc chip
Add support for the ICH9 LPC chip.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-26 09:35:35 -06:00
Jason Baron
e516572fde ich9: Add acpi support and definitions
Lay the groundwork for subsequent ich9 support.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-26 09:35:35 -06:00
Isaku Yamahata
410edd922d pc/piix_pci: factor out smram/pam logic
Factor out smram/pam logic for use by other chipsets, namely q35
at this point.

Note: Should be factored out into a generic North Bridge Class.

[jbaron@redhat.com: changes for updated memory API]
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-26 09:35:35 -06:00
Jason Baron
d8ee03843f pc_piix: Move kvm irq routing functions out of pc_piix.c
Rename: kvm_piix3_gsi_handlei() -> kvm_pc_gsi_handler()
        kvm_piix3_setup_irq_routing() -> kvm_pc_setup_irq_routing()

This is in preparation for other users, namely q35 at this time.

Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-26 09:35:35 -06:00
Jason Baron
a39e356458 pc: Move ioapic_init() from pc_piix.c to pc.c
Move ioapic_init() from pc_piix.c to pc.c, to make it a common function.
Rename ioapic_init() -> ioapic_init_gsi().
Move to pc.h so q35 can use them as well.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-26 09:35:35 -06:00
Isaku Yamahata
9011a1a7bb pc, pc_piix: split out pc nic initialization
Factor out pc nic initialization.
This simplifies the pc initialization and will reduce the code
duplication of q35 pc initialization.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-26 09:35:35 -06:00
Anthony Liguori
95a6e48d77 Merge remote-tracking branch 'kraxel/usb.72' into staging
* kraxel/usb.72:
  usb-redir: Don't handle interrupt output packets async
  usb-redir: Split usb_handle_interrupt_data into separate in/out functions
  usb-smartcard-reader: Properly NAK interrupt eps when we've no events
  usb-bt: Return NAK instead of STALL when interrupt ep has no data
  uhci: Fix double unlink
  uhci: Don't allow the guest to set port-enabled when there is no dev connected
  uhci: Add a completions_only flag for async completions

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-26 08:19:20 -06:00
Hans de Goede
723aedd532 usb-redir: Don't handle interrupt output packets async
Instead report them as successfully completed directly on submission, this
has 2 advantages:

1) This matches the timing of interrupt output packets on real hardware,
with the previous async handling, if an ep has an interval of say 500 ms,
then there would be 500+ ms between the submission and the guest seeing the
completion, as we wont do the write back until the qh gets polled again. And
in the mean time the guest may very well have timed out, as the guest can
reasonable expect a much quicker completion.

2) This fixes interrupt output packets potentially getting send twice
surrounding a migration. As we delay the writeback to guest memory until
the qh gets polled again, there is a window between completion and writeback
where migration can happen, in this case the destination will not know
about the completion, and it will execute the packet *again*

But it does also come with a disadvantage:

1) If the actual interrupt out to the real usb device fails, there is no
way to report this back to the guest.

This patch assumes however that interrupt outs in practice never fail, as
they are only used by specialized drivers, which are unlikely to issue illegal
requests (unlike general class drivers which often issue requests which some
devices don't implement). And that thus the advantages outway the disadvantage.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-21 14:55:54 +01:00
Hans de Goede
234e810cce usb-redir: Split usb_handle_interrupt_data into separate in/out functions
No functional changes.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-21 14:55:54 +01:00
Hans de Goede
c4020746ff usb-smartcard-reader: Properly NAK interrupt eps when we've no events
When we've no data to return from the interrupt endpoint, return NAK rather
then a 0 length packet.

CC: Alon Levy <alevy@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-21 14:55:54 +01:00
Hans de Goede
33c1a6856f usb-bt: Return NAK instead of STALL when interrupt ep has no data
I noticed this while making all devices with interrupt endpoints properly
do wakeup. While at it also add wakeup support.

Note that I've not tested this, but returning STALL for an interrupt ep
which has no data is cleary the wrong thing to do.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-21 14:55:54 +01:00
Hans de Goede
71d2c9cf65 uhci: Fix double unlink
uhci_async_cancel() already does a uhci_async_unlink().

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-21 14:55:54 +01:00
Hans de Goede
1cbdde909f uhci: Don't allow the guest to set port-enabled when there is no dev connected
It is possible for device disconnect and the guest trying to reset the port
(because of USB xact errors prior to the disconnect getting signaled) to race,
when we hit this race, the guest will write the port-control register with its
pre-disconnect value + the reset bit set, after which we have a disconnected
device with its port-enabled bit set in its port-control register, which
is no good :)

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-21 14:55:54 +01:00
Hans de Goede
887938160e uhci: Add a completions_only flag for async completions
Add a completions_only flag, and set this when running process_frame for async
completion handling, this fixes 2 issues in a single patch:

1) It makes sure async completed packets get written to guest mem immediately,
even if all the bandwidth for the frame was consumed from the timer run
process_frame. This is necessary as delaying their writeback to the next frame
can cause the completion to get lost on migration.

2) The calling of process_frame from a bh on async completion causes iso
tds to get server more often they should, messing up usb sound class device
timing. By only processing completed packets, the iso tds get skipped fixing
this.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-21 14:55:54 +01:00
Kevin Wolf
72bcca73c7 ide: Fix status register after short PRDs
When failing a request because the length of the regions described by
the PRDT was too short for the requested number of sectors, the IDE
emulation forgot to update the status register, so that the device would
keep the BSY flag set indefinitely.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2012-11-21 09:47:34 +01:00
Kevin Wolf
038268e2e8 ide: Fix crash with too long PRD
Without this, s->nsector can become negative and badness happens (trying
to malloc huge amount of memory and glib calls abort())

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2012-11-21 09:47:34 +01:00
Anthony Liguori
ad1db3b341 Merge remote-tracking branch 'kwolf/for-anthony' into staging
* kwolf/for-anthony: (26 commits)
  qemu-io: Use bdrv_drain_all instead of qemu_aio_flush
  megasas: Use bdrv_drain_all instead of qemu_aio_flush
  vmdk: Fix data corruption bug in WRITE and READ handling
  fdc: remove last usage of FD_STATE_SEEK
  fdc: fix typo in zero constant
  fdc: remove double affectation of FD_MSR_CMDBUSY flag
  fdc-tests: add tests for VERIFY command
  fdc: implement VERIFY command
  fdc-test: Check READ ID
  fdc: fix false FD_SR0_SEEK
  fdc: fix FD_SR0_SEEK for initial seek on DMA transfers
  fdc: fix FD_SR0_SEEK for non-DMA transfers and multi sectors transfers
  fdc: use status0 field instead of a local variable
  fdc-test: add tests for non-DMA READ command
  fdc-test: insert media before fuzzing registers
  fdc-test: split test_media_change() test, so insert part can be reused
  fdc: Remove status0 parameter from fdctrl_set_fifo()
  aio: rename AIOPool to AIOCBInfo
  aio: use g_slice_alloc() for AIOCB pooling
  aio: switch aiocb_size type int -> size_t
  ...

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-19 09:27:00 -06:00
Anthony Liguori
5cc82c2d20 Merge remote-tracking branch 'kraxel/usb.71' into staging
* kraxel/usb.71:
  usb-host: fix splitted transfers
  usb-host: update tracing
  usb-redir: Set default debug level to warning
  usb-redir: Only add actually in flight packets to the in flight queue
  ehci: handle dma errors
  ehci: keep the frame timer running in case the guest asked for frame list rollover interrupts
  ehci: Don't verify the next pointer for periodic qh-s and qtd-s
  ehci: Better detection for qtd-s linked in circles
  ehci: Fixup q->qtdaddr after cancelling an already completed packet
  ehci: Don't access packet after freeing it
  usb: host-linux: Ignore parsing errors of the device descriptors
  usb-host: scan for usb devices when the vm starts
  usb: Fix (another) bug in usb_packet_map() for IOMMU handling
  fix live migration

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-19 09:26:48 -06:00
Anthony Liguori
698229eb28 Merge remote-tracking branch 'amit/loadvm-irq-inj-fix' into staging
* amit/loadvm-irq-inj-fix:
  virtio-serial-bus: post_load send_event when vm is running

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-19 08:31:48 -06:00
Anthony Liguori
f44d771a8c Merge remote-tracking branch 'afaerber/qom-cpu' into staging
* afaerber/qom-cpu:
  target-i386: Add Haswell CPU model
  target-i386/cpu: Add new Opteron CPU model
  target-i386/cpu: Name new CPUID bits
  qapi-types.h: Don't include qemu-common.h
  osdep: Move qemu_{open,close}() prototypes
  qemu-config.h: Include headers it needs
  vnc-palette.h: Include <stdbool.h>
  qemu-fsdev-dummy.c: Include module.h
  qdev: Split up header so it can be used in cpu.h
  Move qemu_irq typedef out of qemu-common.h
  qemu-common.h: Comment about usage rules

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-19 08:31:24 -06:00
Anthony Liguori
d167dac993 Merge remote-tracking branch 'qemu-kvm/uq/master' into staging
* qemu-kvm/uq/master:
  kvm: Actually remove software breakpoints from list on cleanup
  acpi_piix4: fix migration of gpe fields

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-19 08:30:45 -06:00
Blue Swirl
ab4dd33dc3 Merge branch 'vga.1' of git://git.kraxel.org/qemu
* 'vga.1' of git://git.kraxel.org/qemu:
  vga: fix mmio vga register mapping
  vga: fix bochs alignment issue
2012-11-17 16:38:05 +00:00
Anthony Liguori
500054f161 virtio-rng-pci: create a default backend if none exists
This allows you to specify:

  $ qemu -device virtio-rng-pci

And things will Just Work with a reasonable default.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-16 08:36:14 -06:00
Anthony Liguori
904d6f5880 virtio-rng: add rate limiting support
This adds parameters to virtio-rng-pci to allow rate limiting the entropy a
guest receives.  An example command line:

$ qemu -device virtio-rng-pci,max-bytes=1024,period=1000

Would limit entropy collection to 1Kb/s.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-16 08:36:13 -06:00
Amit Shah
16c915ba42 virtio-rng: hardware random number generator device
The Linux kernel already has a virtio-rng driver, this is the device
implementation.

When the guest asks for entropy from the virtio hwrng, it puts a buffer
in the vq.  We then put entropy into that buffer, and push it back to
the guest.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---
aliguori: converted to new RngBackend interface
aliguori: remove entropy needed event
aliguori: fix migration
2012-11-16 08:36:13 -06:00
Gerd Hoffmann
71e0aa3930 usb-host: fix splitted transfers
USBPacket->actual_length wasn't updated correctly for USBPackets
splitted into multiple urbs.  Fix it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16 11:27:32 +01:00
Gerd Hoffmann
8c908fca58 usb-host: update tracing
Now that we have separate status and length fields in USBPacket
update the completion tracepoint to log both.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16 11:27:32 +01:00
Hans de Goede
618fbc951d usb-redir: Set default debug level to warning
The previous default of 0 means that even errors and warnings would not
get printed, which is really not a good default.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16 11:27:32 +01:00
Hans de Goede
2cb343b442 usb-redir: Only add actually in flight packets to the in flight queue
Packets which are queued up, but not yet handed over to the device, are
*not* in flight.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16 11:27:32 +01:00
Gerd Hoffmann
55903f1d2d ehci: handle dma errors
Starting with commit 1c380f9460 dma
transfers can actually fail.  This patch makes ehci keep track
of the busmaster bit in pci config space, by setting/clearing the
dma_context pointer.  Attempts to dma without context will result
in raising HSE (Host System Error) interrupt and stopping the host
controller.

This patch fixes WinXP not booting with a usb stick attached to ehci.
Root cause is seabios activating ehci so you can boot from the stick,
and WinXP clearing the busmaster bit before resetting the host
controller, leading to ehci actually trying dma while it is disabled.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16 11:27:32 +01:00
Gerd Hoffmann
40862309a9 ehci: keep the frame timer running in case the guest asked for frame list rollover interrupts
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16 11:27:32 +01:00
Hans de Goede
2c7b15c1de ehci: Don't verify the next pointer for periodic qh-s and qtd-s
While testing the move to async packet handling for interrupt endpoints I
noticed that Windows-XP likes to play tricks with the next pointer for
periodic qh-s, so we should not fail qh / qtd verification when it changes.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16 11:27:32 +01:00
Hans de Goede
601a234731 ehci: Better detection for qtd-s linked in circles
Windows links interrupt qtd-s in circles, which means that when interrupt
endpoints return USB_RET_ASYNC, combined with the recent
"ehci: Retry to fill the queue while waiting for td completion" patch,
we keep adding the tds to the queue over and over again, as we detect the
circle from fill_queue, but we call it over and over again ...

This patch fixes this by changing the circle detection to also detect
circling into tds already queued up previously.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16 11:27:32 +01:00
Hans de Goede
ff80ce599e ehci: Fixup q->qtdaddr after cancelling an already completed packet
This avoids the q->qtdaddr == p->qtdaddr asserts we have triggering, when
a queue contains multiple completed packages when we cancel the queue.

I triggered this with windows7 + async interrupt endpoint handling (*)
+ not detecting circles in ehci_fill_queue() properly, which makes the qtd
validation in ehci_fill_queue fail, causing cancellation of the queue on every
mouse event ...

*) Which is not going upstream as it will cause loss of interrupt events on
migration.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16 11:27:32 +01:00
Hans de Goede
30d68cf6e1 ehci: Don't access packet after freeing it
ehci_state_writeback() will free the packet, so we should not access
the packet after calling ehci_state_writeback().

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16 11:27:32 +01:00
Jan Kiszka
537e8f1aa8 usb: host-linux: Ignore parsing errors of the device descriptors
The Linux is more tolerant here as well: Just stop parsing the device
descriptors when an error is detected but do not reset what was found
so far. This allows to run buggy devices with partially invalid
descriptors.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16 11:27:32 +01:00
Gerd Hoffmann
c96c53b5f1 vga: fix mmio vga register mapping 2012-11-16 11:27:07 +01:00
Gerd Hoffmann
df9ffb726f vga: fix bochs alignment issue
The bochs dispi interface traditionally uses port 0x1ce as 16bit index
register and port 0x1cf as 16bit data register.  The later is unaligned,
and probably for that reason the the data register was moved to 0x1d0
for non-x86 archs.

This patch makes the data register available at 0x1d0 on x86 too.  The
old x86 location is kept for compatibility reasons, so both 0x1cf and
0x1d0 can be used as data register on x86.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16 11:27:06 +01:00
Gerd Hoffmann
c06c68c928 usb-host: scan for usb devices when the vm starts
Commit a844ed842d leads to usb-host
detecting devices not right after qemu startup because the guest
isn't running yet.  Instead they are found on the first of the
regular usb device poll runs.  Which is too late for seabios to see
them, so booting from usb sticks fails.

Fix this by adding a vm state change handler which triggers a device
scan when the vm is started.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16 11:27:05 +01:00
David Gibson
155de06f24 usb: Fix (another) bug in usb_packet_map() for IOMMU handling
Elements in qemu SGLists can cross IOMMU page boundaries.  So, in commit
39c138c842 "usb: Fix usb_packet_map() in the
presence of IOMMUs", I changed usb_packet_map() to split up each SGList
element on IOMMU page boundaries and each resulting piece of qemu's memory
space separately to the iovec the usb code uses internally.

That was correct in concept, but the patch has a bug.  The 'base' variable
correctly steps through the dma address of each piece, but then we call
the dma_memory_map() function on the base address of the whole SGList
element every time.

This patch fixes at least one problem using XHCI on the pseries guest
machine.  It didn't affect OHCI because that doesn't use usb_packet_map().
In theory it also affects EHCI, but we haven't observed that in practice.
I think the transfers were small enough on EHCI that they never crossed an
IOMMU page boundary in practice.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16 11:27:05 +01:00
Gerd Hoffmann
4ea375bf37 fix live migration
Commit 1c380f9460 breaks live migration.
DMA stops working for ehci (and probably for any pci device) after
restoring the guest because the bus master region never gets enabled.
Add code doing that after loading the pci config space from vmstate.

Cc: Avi Kivity <avi@redhat.com>
Cc: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-16 11:27:05 +01:00
Alon Levy
80dcfb8532 virtio-serial-bus: post_load send_event when vm is running
Alexander Larsson found irq injection to Windows guests stopped after a
migration.  The symptom was the mouse stopped working.

Reproduction steps are:
1. On src, start qemu with a virtio-serial port without any backend
2. On dest, start qemu with a virtio-serial port with a backend
3. Migrate.

Upon migration, the older code detected the change in backend connection
status, and sent a notification to the guest.  However, it's not
guaranteed that the apic is ready to inject irqs into the guest, and the
irq line remained high, resulting in any future interrupts going
unnoticed by the guest as well.

Add a new timer based on vm_clock for 1 ns in the future from post_load
to do the event send in case host_connected differs between migration
source and target.

RHBZ: 867366

Signed-off-by: Alon Levy <alevy@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com> # verbose commit log
2012-11-16 14:10:37 +05:30
Aurelien Jarno
68d001928b mips/malta: fix CBUS UART interrupt pin
According to the MIPS Malta Developement Platform User's Manual, the
i8259 interrupt controller is supposed to be connected to the hardware
IRQ0, and the CBUS UART to the hardware interrupt 2.

In QEMU they are both connected to hardware interrupt 0, the CBUS UART
interrupt being wrong. This patch fixes that. It should be noted that
the irq array in QEMU includes the software interrupts, hence
env->irq[2] is the first hardware interrupt.

Cc: Ralf Baechle <ralf@linux-mips.org>
Reviewed-by: Eric Johnson <ericj@mips.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-11-15 14:37:55 +01:00
Anthony Liguori
074a86fccd qdev: Split up header so it can be used in cpu.h
Header file dependency is a frickin' nightmare right now.  cpu.h tends
to get included in our 'include everything' header files but qdev also
needs to include those headers mainly for qdev-properties since it knows
about CharDriverState and friends.

We can solve this for now by splitting out qdev.h along the same lines
that we previously split the C file.  Then cpu.h just needs to include
qdev-core.h.

hw/qdev.h is split into following new headers:
    hw/qdev-core.h
    hw/qdev-properties.h
    hw/qdev-monitor.h

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

[ehabkost: re-add DEFINE_PROP_PCI_HOST_DEVADDR, that was removed on the
 original patch (by mistake, I guess)]
[ehabkost: kill qdev_prop_set_vlan() declaration]
[ehabkost: moved get_fw_dev_path() comment to the original location
 (I don't know why it was moved)]
[ehabkost: removed qdev_exists() declaration]
[ehabkost: keep using 'QemuOpts' instead of 'struct QemuOpts', as
 qdev-core.h includes qemu-option.h]

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-11-15 02:18:55 +01:00
Igor Mammedov
5202ef942f Move qemu_irq typedef out of qemu-common.h
It's necessary for making CPU child of DEVICE without
causing circular header deps.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
[ehabkost: re-added the typedef to hw/irq.h after rebasing]
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-11-15 01:57:02 +01:00
Marcelo Tosatti
b0b873a078 acpi_piix4: fix migration of gpe fields
Migrate 16 bytes for en/sts fields (which is the correct size),
increase version to 3, and document how to support incoming
migration from qemu-kvm 1.2.

Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2012-11-14 20:15:37 -02:00
Kevin Wolf
b618f4a1c1 megasas: Use bdrv_drain_all instead of qemu_aio_flush
Calling qemu_aio_flush() directly can hang when combined with I/O
throttling.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
2012-11-14 18:20:06 +01:00
Hervé Poussineau
cd30b53d22 fdc: remove last usage of FD_STATE_SEEK
Replace it by directly setting FD_SR0_SEEK if required

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-11-14 18:19:22 +01:00
Hervé Poussineau
c83f97b563 fdc: fix typo in zero constant
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-11-14 18:19:22 +01:00
Hervé Poussineau
27c86e24e9 fdc: remove double affectation of FD_MSR_CMDBUSY flag
FD_MSR_CMDBUSY flag is already set in fdctrl_write_data(), just
before calling the command handler (fdctrl_start_transfer() here).

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-11-14 18:19:22 +01:00
Hervé Poussineau
7ea004ed67 fdc: implement VERIFY command
VERIFY command is like a READ command, except that read data is not
transfered by DMA.
As DMA engine is not used, so we have to start data transfer ourselves.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-11-14 18:19:22 +01:00
Hervé Poussineau
075f5532f1 fdc: fix false FD_SR0_SEEK
Do not always set FD_SR0_SEEK, as callers already set it if needed.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-11-14 18:19:22 +01:00
Hervé Poussineau
d6ed4e2106 fdc: fix FD_SR0_SEEK for initial seek on DMA transfers
fdctrl_start_transfer() used to set FD_SR0_SEEK no matter if
there actually was a seek or not. This is obviously wrong.

fdctrl_start_transfer() has this information because it performs
the initial seek itself.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-11-14 18:19:22 +01:00
Hervé Poussineau
c5139bd9a9 fdc: fix FD_SR0_SEEK for non-DMA transfers and multi sectors transfers
On non-DMA transfers, fdctrl_stop_transfer() used to set FD_SR0_SEEK
no matter if there actually was a seek or not. This is obviously wrong.

fdctrl_seek_to_next_sect() has this information because it performs
the seek itself.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-11-14 18:19:22 +01:00
Hervé Poussineau
d497d53497 fdc: use status0 field instead of a local variable
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-11-14 18:19:22 +01:00
Kevin Wolf
34abf9a7d8 fdc: Remove status0 parameter from fdctrl_set_fifo()
It decided whether an interrupt is triggered. Only one caller made use
of this functionality, so move the code there.

In this one caller, the interrupt must actually be triggered
unconditionally, like it was before commit 2fee0088. For example, a
successful read without an implied seek can result in st0 = 0, but still
triggers the interrupt.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Tested-by: Hervé Poussineau <hpoussin@reactos.org>
2012-11-14 18:19:21 +01:00
Stefan Hajnoczi
d7331bed11 aio: rename AIOPool to AIOCBInfo
Now that AIOPool no longer keeps a freelist, it isn't really a "pool"
anymore.  Rename it to AIOCBInfo and make it const since it no longer
needs to be modified.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-11-14 18:19:21 +01:00
Anthony Liguori
ce34cf72fe vfio-pci: KVM INTx accel & common msi_get_message
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJQoqBtAAoJECObm247sIsidvMP/RCO4cyEAhCKjjjx6ujcwe1t
 PgBtqmcmlbyPgZvJ0cBdAx9EjU2cD48um9FuR+/oa1IXgORM3/2H7jS/HdxsL+wE
 jUEQqbT3U+f9VyAKuldMxk8Ojz8VBFZHxTVGwZAzQLjSehOZhcJ8SOd0wHcZUIQ/
 8ZxDRvrs2YO4+D0nYL/SKrfejHUoZW3uX86bW8XKBQaM6rAauAFZ96csQiquAQP4
 1q+QkYOXGf9WhIGUG3dD/UTkCUgFWLyZXtQISitTRs9Kfpq4ZXbvJ4Vl8+GmuVn+
 mH45Zg5RrFrRwiXRT/K0PUgNbwndp79Byr/q3VvhC2oM1xjdCChm3AQLr1cLkp3I
 C2ra0DhgrR6Ifo4g0m1dOZmGQoNn0fjzqhrSjp5m+dWnt5KpZ+QQs9UHNlnXwmVw
 iuxxbiwkUp58OihFkD8oGMLb08O+VpD+Avwn8/bMeO7l1onBKhIZc7wdsnwno9NY
 NVtlaF+GQm8P4sNA1WK8XHr3Hnm7FuZnluP/kFhr7vh7uiFSYtNdDb+8jtGBoeoN
 ngf9OLn5i9GJv1GHOTeam9nihb0KkihrjnFc1220W9XoWo6UZgi8iUz4ibpopPFP
 gxooE/nKA1dLcaFoOXq0RbirWSH8siqmnv+miZ9LaLCqhmfVWZFbbQDIdHSj6dl2
 /Q/vqEZwWlo+7As6UOCi
 =jze5
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'awilliam/tags/vfio-pci-for-qemu-1.3.0-rc0' into staging

vfio-pci: KVM INTx accel & common msi_get_message

* awilliam/tags/vfio-pci-for-qemu-1.3.0-rc0:
  vfio-pci: Use common msi_get_message
  vfio-pci: Add KVM INTx acceleration
  linux-headers: Update to 3.7-rc5

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-14 08:53:40 -06:00
Anthony Liguori
5f580e9411 Merge remote-tracking branch 'bonzini/scsi-next' into staging
* bonzini/scsi-next:
  virtio-scsi: use dma_context_memory
  dma: Define dma_context_memory and use in sysbus-ohci
  megasas: Correct target/lun mapping
  scsi-disk: flush cache after disabling it
  megasas: do not include block_int.h
  scsi: remove superfluous call to scsi_device_set_ua
  virtio-scsi: factor checks for VIRTIO_SCSI_S_DRIVER_OK when reporting events
  scsi: do not return short responses for emulated commands

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-14 08:50:45 -06:00
Anthony Liguori
ce5e5b522e Merge remote-tracking branch 'kraxel/usb.70' into staging
* kraxel/usb.70:
  ehci: fix migration
  xhci: Fix some DMA host endian bugs
  usb/combined-packet: Move freeing of combined to usb_combined_packet_remove()
  xhci: Add support for packets with both data and an error status
  ehci: Add support for packets with both data and an error status
  ehci: Get rid of the magical PROC_ERR status
  usb-redir: Allow packets to have both data and an error-status
  usb: split packet result into actual_length + status

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-14 08:50:18 -06:00
Anthony Liguori
bf0dfb69f8 Merge remote-tracking branch 'spice/spice.v63' into staging
* spice/spice.v63:
  spice: fix initialization order
  pflib: unused, remove it.
  spice: switch to pixman
  qxl: call dpy_gfx_resize when entering vga mode
  qxl: fix cursor reset
  hw/qxl: qxl_send_events: nop if stopped
  hw/qxl: guest bug on primary create with stride %4 != 0

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-14 08:49:54 -06:00
Alex Williamson
a771c51703 vfio-pci: Use common msi_get_message
We can get rid of our local version now that a helper exists.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2012-11-13 12:27:40 -07:00
Alex Williamson
e1d1e5867d vfio-pci: Add KVM INTx acceleration
This makes use of the new level irqfd support enabling bypass of qemu
userspace both on INTx injection and unmask.  This significantly
boosts the performance of devices making use of legacy interrupts (ex.
~60% better netperf TCP_RR scores for an e1000e assigned to a Linux
guest and booted with pci=nomsi).  This also avoids flipping mmaps on
and off to simulate EOIs, so greatly improves performance of device
access in addition to interrupt latency.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2012-11-13 12:27:40 -07:00
Paolo Bonzini
dd72fdd062 virtio-scsi: use dma_context_memory
Until address_space_rw was introduced, NULL was accepted as a
placeholder for DMA with no IOMMU (to address_space_memory).

This does not work anymore, and dma_context_memory needs to
be specified explicitly.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-11-12 16:44:57 +01:00
Peter Maydell
9e11908f12 dma: Define dma_context_memory and use in sysbus-ohci
Define a new global dma_context_memory which is a DMAContext corresponding
to the global address_space_memory AddressSpace. This can be used by
sysbus peripherals like sysbus-ohci which need to do DMA.

In particular, use it in the sysbus-ohci device, which fixes a
segfault when attempting to use that device.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
2012-11-12 16:44:57 +01:00
Hannes Reinecke
4003e24fce megasas: Correct target/lun mapping
The structure to reference a logical drive has an unused field,
which can be used to carry the lun ID. This enabled seabios to
establish the proper target/LUN mapping.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-11-12 16:42:56 +01:00
Paolo Bonzini
accfeb2dd3 scsi-disk: flush cache after disabling it
SBC says that "if an application client changes the WCE bit from one to
zero via a MODE SELECT command, then the device server shall write
any data in volatile cache to non-volatile medium before completing
the command".

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-11-12 15:00:27 +01:00
Paolo Bonzini
346a3017ec megasas: do not include block_int.h
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-11-12 15:00:27 +01:00
Paolo Bonzini
b5232e904f scsi: remove superfluous call to scsi_device_set_ua
Suggested by Laszlo Ersek.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-11-12 15:00:27 +01:00
Paolo Bonzini
cd41a671b3 virtio-scsi: factor checks for VIRTIO_SCSI_S_DRIVER_OK when reporting events
Suggested by Laszlo Ersek.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-11-12 15:00:27 +01:00
Paolo Bonzini
c8dcb531bc scsi: do not return short responses for emulated commands
The inquiry command, for the case of VPD=1, was returning short
responses; the number of returned bytes was just the number of bytes
in the request, without padding to the specified allocation length
with zero bytes.  This is usually harmless, but it is a violation
of the SCSI specification.

To fix this, always pad with zero bytes to r->cmd.xfer in
scsi_disk_emulate_command, and return at most r->buflen bytes
(the size of the buffer for command data) rather than at most
buflen bytes (the number of bytes that was filled in).

Before this patch, "strace sg_inq -p0x83 /dev/sda" would report a
non-zero resid value.  After this patch, it reports resid=0.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-11-12 15:00:27 +01:00
Blue Swirl
e62774c410 sun4c: remove unused functions
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-10 13:49:20 +00:00
Blue Swirl
4d4d9b3adb m48t59: remove unused m48t59_set_addr
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-10 13:49:20 +00:00
BALATON Zoltan
1f202568e0 vmware_vga: Add back some info in local state partially reverting aa32b38c
Keep saving display surface parameters at init and using these cached
values instead of getting them when needed. Not sure why this is
needed (maybe due to the interaction with the vga device) but not
doing this broke the Xorg vmware driver at least.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Tested-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-10 12:26:48 +00:00
Jan Kiszka
5c61afec86 kvmvapic: Fix TB invalidation after instruction patching
Since 0b57e287, cpu_memory_rw_debug already triggers a TB invalidation.
As it doesn't (and cannot) set is_cpu_write_access=1 but "consumes" the
currently executed TB, the tb_invalidate_phys_page_range call from
patch_instruction didn't work anymore.

Fix this by open-coding the required bits to restore the CPU state from
the current TB position before patching and resume execution on the
patched instruction afterward.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Tested-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-10 12:25:17 +00:00
Gerd Hoffmann
9d1530470b ehci: fix migration
Commit 5010d4dc61 reorganized vmstate to
split core + pci, but got two little details wrong.  Fix them.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-09 09:09:34 +01:00
David Gibson
616b5d53ae xhci: Fix some DMA host endian bugs
The xhci device does correct endian switches on the results of some DMAs
but not all.  In particular, there are many DMAs of what are essentially
arrays of 32-bit integers which never get byteswapped.  This causes them
to be interpreted incorrectly on big-endian hosts, since (as per the xhci
spec) these arrays are always little-endian in guest memory.

This patch adds some helper functions to fix these bugs.  This may not be
all the endian bugs in the xhci code, but it's certainly some of them and
the Linux guest xhci driver certainly gets further with these fixes.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-09 08:27:55 +01:00
Hans de Goede
ffd8a97fb3 usb/combined-packet: Move freeing of combined to usb_combined_packet_remove()
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-08 18:41:47 +01:00
Hans de Goede
9b8251c5c4 xhci: Add support for packets with both data and an error status
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-08 18:41:47 +01:00
Hans de Goede
e696b1da42 ehci: Add support for packets with both data and an error status
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-08 18:41:47 +01:00
Hans de Goede
01e26b0ea3 ehci: Get rid of the magical PROC_ERR status
Instead make ehci_execute and ehci_fill_queue return the again value.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-08 18:41:46 +01:00
Hans de Goede
e94ca437ba usb-redir: Allow packets to have both data and an error-status
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-08 18:41:46 +01:00
Hans de Goede
9a77a0f589 usb: split packet result into actual_length + status
Since with the ehci and xhci controllers a single packet can be larger
then maxpacketsize, it is possible for the result of a single packet
to be both having transferred some data as well as the transfer to have
an error.

An example would be an input transfer from a bulk endpoint successfully
receiving 1 or more maxpacketsize packets from the device, followed
by a packet signalling halt.

While already touching all the devices and controllers handle_packet /
handle_data / handle_control code, also change the return type of
these functions to void, solely storing the status in the packet. To
make the code paths for regular versus async packet handling more
uniform.

This patch unfortunately is somewhat invasive, since makeing the qemu
usb core deal with this requires changes everywhere. This patch only
prepares the usb core for this, all the hcd / device changes are done
in such a way that there are no functional changes.

This patch has been tested with uhci and ehci hcds, together with usb-audio,
usb-hid and usb-storage devices, as well as with usb-redir redirection
with a wide variety of real devices.

Note that there is usually no need to directly set packet->actual_length
form devices handle_data callback, as that is done by usb_packet_copy()

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-08 18:41:46 +01:00
Gerd Hoffmann
bdd4df332a spice: fix initialization order
Register displaychangelistener last, after spice is fully initialized,
otherwise we may hit NULL pointer dereferences when qemu starts calling
our callbacks.

Commit e250d949fe triggers this bug.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-05 11:54:49 +01:00
Gerd Hoffmann
e32c25b5f2 qxl: call dpy_gfx_resize when entering vga mode
When entering vga mode the display size likely changes,
notify all displaychangelisteners about this.

Probably went unnoticed for a while as one if the first
things the guest does after leaving qxl native mode and
entering qxl vga mode is to set the vga video mode.  But
there is still a small window where qemu can operate on
stale data, leading to crashes now and then.

https://bugzilla.redhat.com/show_bug.cgi?id=865767

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-05 11:49:22 +01:00
Gerd Hoffmann
958c2bceba qxl: fix cursor reset
When resetting the qxl cursor notify the qemu displaystate too.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-05 11:49:22 +01:00
Alon Levy
511aefb0c6 hw/qxl: qxl_send_events: nop if stopped
Added a trace point for easy logging.

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=870972

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-05 11:49:22 +01:00
Alon Levy
48f4ba671b hw/qxl: guest bug on primary create with stride %4 != 0
Due to usage of pixman for rendering on all spice surfaces we have
pixman's requirement that the stride be word aligned. A guest not
honoring that can crash spice and qemu with it due to failure to create
a surface (in spice-server). Avoid this early on in primary surface
creation and offscreen surface creation.

Recently windows guests got odd width support which triggers a non word
aligned primary surface in 16bit color depth. Off screen surfaces have
always been word aligned, but doesn't hurt to check them here too.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-05 11:49:21 +01:00
BALATON Zoltan
b51d7b2e10 vmware_vga: Allow simple drivers to work without using the fifo
Postpone stopping the dirty log to the point where the command fifo is
configured to allow drivers which don't use the fifo to work too.
(Without this the picture rendered into the vram never got to the
screen and the DIRECT_VRAM option meant to support this case was
removed a year ago.)

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-03 13:26:54 +00:00
BALATON Zoltan
5b9575c8b7 vmware_vga: Return a value for FB_SIZE before the device is enabled
According to the documentation drivers using this device should read
FB_SIZE before enabling the device to know what memory to map. This
would not work if we return 0 before enabled. The docs also mention
reading SVGA_REG_DEPTH but not writing it. (Only SVGA_REG_BITS_PER_PIXEL
can be written but we don't really support that either.)

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-03 13:26:53 +00:00
BALATON Zoltan
aa32b38c5b vmware_vga: Remove duplicated info from local state
Removed info from vmsvga_state that is available from elsewhere and
thus was duplicated here unnecessarily.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-03 13:26:52 +00:00
BALATON Zoltan
0d7937974c vmware_vga: Coding style cleanup
Fix coding style as suggested by checkpatch.pl

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-03 13:26:51 +00:00
Blue Swirl
ef84755ebb Merge branch 'trivial-patches' of git://github.com/stefanha/qemu
* 'trivial-patches' of git://github.com/stefanha/qemu:
  pc: Drop redundant test for ROM memory region
  exec: make some functions static
  target-ppc: make some functions static
  ppc: add missing static
  vnc: add missing static
  vl.c: add missing static
  target-sparc: make do_unaligned_access static
  m68k: Return semihosting errno values correctly
  cadence_uart: More debug information

Conflicts:
	target-m68k/m68k-semi.c
2012-11-03 12:55:05 +00:00
Gerd Hoffmann
dc63936df7 xenfb: fix build breakage caused by console cleanup series
Console cleanup series renamed dpy_resize and dpy_update all over the
tree, but hw/xenfb.c was forgotten.  Update it too so it builds again.

Reported-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-02 11:12:30 -05:00
Anthony Liguori
de0a36cd01 Merge remote-tracking branch 'kraxel/usb.69' into staging
* kraxel/usb.69: (31 commits)
  usb-redir: Allow redirecting super speed devices to high speed controllers
  usb-redir: Allow to attach USB 2.0 devices to 1.1 host controller
  usb-redir: Use reject rather the disconnect on bad ep info
  usb-redir: Add an usbredir_setup_usb_eps() helper function
  usb-redir: Add support for input pipelining
  usb-redir: Add support for 32 bits bulk packet length
  combined-packet: Add a workaround for Linux usbfs + live migration
  usb: Add packet combining functions
  uhci: Don't crash on device disconnect
  uhci: Add a uhci_handle_td_error() helper function
  usb/ehci-pci: add helper to create ich9 usb controllers
  usb/ehci-pci: add ich9 00:1a.* variant
  usb/ehci-pci: dynamic type generation
  uhci: add ich9 00:1a.* variants
  uhci: stick irq routing info into UHCIInfo too.
  uhci: dynamic type generation
  xilinx_zynq: add USB controllers
  usb/ehci: add sysbus variant
  usb/ehci: split into multiple source files
  usb/ehci: Guard definition of EHCI_DEBUG
  ...

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-01 14:34:13 -05:00
Jan Kiszka
0d3cf3b6ff pc: Drop redundant test for ROM memory region
Just a few lines above, we already initialize rom_memory accordingly.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2012-11-01 19:50:57 +01:00
Blue Swirl
434482925e ppc: add missing static
Add missing 'static' qualifiers.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2012-11-01 19:49:45 +01:00
Peter Crosthwaite
2ddef11bed cadence_uart: More debug information
Add more helpful debug information to the cadence UART.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2012-11-01 19:42:35 +01:00
Anthony Liguori
4ba79505f4 Merge remote-tracking branch 'kraxel/pixman.v3' into staging
* kraxel/pixman.v3: (22 commits)
  pixman: drop obsolete fields from DisplaySurface
  pixman/vnc: remove dead code.
  pixman/vnc: remove rgb_prepare_row* functions
  pixman/vnc: use pixman images in vnc.
  pixman: switch screendump function.
  vga: stop direct access to DisplaySurface fields.
  qxl: stop direct access to DisplaySurface fields.
  console: don't set PixelFormat alpha fields for 32bpp
  console: make qemu_alloc_display static
  pixman: add pixman image to DisplaySurface
  pixman: helper functions
  pixman: windup in configure & makefiles
  pixman: add submodule
  console: remove DisplayAllocator
  console: remove dpy_gfx_fill
  vga: fix text mode updating
  console: init displaychangelisteners on register
  console: untangle gfx & txt updates
  console: s/TextConsole/QemuConsole/
  console: move set_mouse + cursor_define callbacks
  ...

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-01 11:14:39 -05:00
Anthony Liguori
d971919f08 Merge remote-tracking branch 'stefanha/net' into staging
* stefanha/net:
  e1000: pre-initialize RAH/RAL registers
  net: Reject non-netdevs in qmp_netdev_del()
  net: use "socket" model name for UDP sockets
  e1000: drop check_rxov, always treat RX ring with RDH == RDT as empty

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-01 11:13:59 -05:00
Anthony Liguori
5a34dbb559 Merge remote-tracking branch 'bonzini/threadpool' into staging
* bonzini/threadpool: (39 commits)
  raw-win32: implement native asynchronous I/O
  raw-posix: move linux-aio.c to block/
  raw-win32: add emulated AIO support
  raw-posix: rename raw-posix-aio.h, hide unavailable prototypes
  raw: merge posix-aio-compat.c into block/raw-posix.c
  block: switch posix-aio-compat to threadpool
  threadpool: do not take lock in event_notifier_ready
  aio: add generic thread-pool facility
  qemu-thread: add QemuSemaphore
  linux-aio: use event notifiers
  aio: clean up now-unused functions
  main-loop: use aio_notify for qemu_notify_event
  main-loop: use GSource to poll AIO file descriptors
  aio: call aio_notify after setting I/O handlers
  aio: add aio_notify
  aio: make AioContexts GSources
  aio: add Win32 implementation
  aio: prepare for introducing GSource-based dispatch
  aio: add non-blocking variant of aio_wait
  aio: test node->deleted before calling io_flush
  ...

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-01 11:13:39 -05:00
Anthony Liguori
43552994c4 Merge remote-tracking branch 'qemu-kvm/uq/master' into staging
* qemu-kvm/uq/master: (28 commits)
  update-linux-headers.sh: Handle new kernel uapi/ directories
  target-i386: kvm_cpu_fill_host: use GET_SUPPORTED_CPUID
  target-i386: cpu: make -cpu host/check/enforce code KVM-specific
  target-i386: make cpu_x86_fill_host() void
  Emulate qemu-kvms -no-kvm option
  Issue warning when deprecated -tdf option is used
  Issue warning when deprecated drive parameter boot=on|off is used
  Use global properties to emulate -no-kvm-pit-reinjection
  Issue warning when deprecated -no-kvm-pit is used
  Use machine options to emulate -no-kvm-irqchip
  cirrus_vga: allow configurable vram size
  target-i386: Add missing kvm cpuid feature name
  i386: cpu: add missing CPUID[EAX=7,ECX=0] flag names
  i386: kvm: filter CPUID leaf 7 based on GET_SUPPORTED_CPUID, too
  i386: kvm: reformat filter_features_for_kvm() code
  i386: kvm: filter CPUID feature words earlier, on cpu.c
  i386: kvm: mask cpuid_ext4_features bits earlier
  i386: kvm: mask cpuid_kvm_features earlier
  i386: kvm: x2apic is not supported without in-kernel irqchip
  i386: kvm: set CPUID_EXT_TSC_DEADLINE_TIMER on kvm_arch_get_supported_cpuid()
  ...

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-01 11:12:50 -05:00
Anthony Liguori
98c8a73b2e Merge remote-tracking branch 'afaerber/qom-cpu' into staging
* afaerber/qom-cpu: (35 commits)
  target-i386: Pass X86CPU to kvm_handle_halt()
  target-i386: Pass X86CPU to kvm_get_mp_state()
  cpu: Move thread_id to CPUState
  cpus: Pass CPUState to run_on_cpu()
  target-i386: Pass X86CPU to cpu_x86_inject_mce()
  target-i386: Pass X86CPU to kvm_mce_inject()
  cpus: Pass CPUState to [qemu_]cpu_has_work()
  spapr: Pass PowerPCCPU to hypercalls
  spapr: Pass PowerPCCPU to spapr_hypercall()
  target-ppc: Pass PowerPCCPU to cpu_ppc_hypercall
  target-ppc: Pass PowerPCCPU to powerpc_excp()
  xtensa_pic: Pass XtensaCPU to xtensa_ccompare_cb()
  cpus: Pass CPUState to qemu_wait_io_event_common()
  cpus: Pass CPUState to flush_queued_work()
  cpu: Move queued_work_{first,last} to CPUState
  cpus: Pass CPUState to qemu_cpu_kick()
  target-ppc: Rename kvm_kick_{env => cpu} and pass PowerPCCPU
  ppc: Pass PowerPCCPU to {ppc6xx,ppc970,power7,ppc40x,ppce500}_set_irq()
  cpus: Pass CPUState to qemu_tcg_init_vcpu()
  cpus: Pass CPUState to qemu_tcg_cpu_thread_fn
  ...

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-01 11:12:32 -05:00
Peter Maydell
fc53b7d4b7 arm_boot: Change initrd load address to "halfway through RAM"
To avoid continually having to bump the initrd load address
to account for larger kernel images, put the initrd halfway
through RAM. This allows large kernels on new boards with lots
of RAM to work OK, without breaking existing usecases for
boards with only 32MB of RAM.

Note that this change fixes in passing a bug where we were
passing an overly large max_size to load_image_targphys()
for the initrd, which meant that we wouldn't correctly refuse
to load an enormous initrd that didn't actually fit into RAM.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Tested-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-11-01 17:04:11 +01:00
Aurelien Jarno
46a3f23413 Merge branch 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf
* 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf:
  pseries: Cleanup duplications of ics_valid_irq() code
  pseries: Clean up inconsistent variable name in xics.c
  target-ppc: Extend FPU state for newer POWER CPUs
  target-ppc: Rework storage of VPA registration state
  Revert "PPC: pseries: Remove hack for PIO window"
2012-11-01 16:42:49 +01:00
Aurelien Jarno
735c1eeb85 Merge branch 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm
* 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm: (28 commits)
  hw/sd.c: add SD card save/load support
  vmstate: Add support for saving/loading bitmaps
  hw/sd.c: Fix erase for high capacity cards
  pflash_cfi01: Fix debug mode printfery
  pflash_cfi0x: QOMified
  pflash_cfi01: remove unused total_len field
  pflash_cfi0x: remove unused base field
  hw/versatile_i2c: Use LOG_GUEST_ERROR
  hw/arm_l2x0: Use LOG_GUEST_ERROR
  hw/arm_sysctl: Use LOG_GUEST_ERROR
  hw/armv7m_nvic: Use LOG_GUEST_ERROR and LOG_UNIMP
  hw/arm_timer: Use LOG_GUEST_ERROR and LOG_UNIMP
  hw/arm_gic: Use LOG_GUEST_ERROR
  hw/arm11mpcore: Use LOG_GUEST_ERROR rather than hw_error()
  hw/pl190: Use LOG_UNIMP rather than hw_error()
  hw/pl110: Use LOG_GUEST_ERROR rather than hw_error()
  hw/pl080: Use LOG_GUEST_ERROR and LOG_UNIMP
  hw/pl061: Use LOG_GUEST_ERROR
  hw/pl050: Use LOG_GUEST_ERROR
  hw/exynos4_boards: Don't prematurely explode QEMUMachineInitArgs
  ...
2012-11-01 16:42:29 +01:00
Hans de Goede
95a59dc039 usb-redir: Allow redirecting super speed devices to high speed controllers
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:21:01 +01:00
Jan Kiszka
cdfd3530fa usb-redir: Allow to attach USB 2.0 devices to 1.1 host controller
This follows the logic of host-linux: If a 2.0 device has no ISO
endpoint and no interrupt endpoint with a packet size > 64, we can
attach it also to an 1.1 host controller. In case the redir server does
not report endpoint sizes, play safe and remove the 1.1 compatibility as
well. Moreover, if we detect a conflicting change in the configuration
after the device was already attached, it will be disconnected
immediately.

HdG: Several small cleanups and fixes

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:21:01 +01:00
Hans de Goede
24ac283aa2 usb-redir: Use reject rather the disconnect on bad ep info
So that the client gets a notification about us disconnecting the device.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:21:01 +01:00
Hans de Goede
7e03d17816 usb-redir: Add an usbredir_setup_usb_eps() helper function
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:21:01 +01:00
Hans de Goede
1b36c4d826 usb-redir: Add support for input pipelining
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:20:46 +01:00
Hans de Goede
c19a798133 usb-redir: Add support for 32 bits bulk packet length
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:58 +01:00
Hans de Goede
579967bea6 combined-packet: Add a workaround for Linux usbfs + live migration
Older versions (anything but the latest) of Linux usbfs + libusb(x),
will submit larger (bulk) transfers split into multiple 16k submissions,
which means that rather then all tds getting linked into the queue in
one atomic operarion they get linked in a bunch at a time, which could
cause problems if:
1) We scan the queue while libusb is in the middle of submitting a split
   bulk transfer
2) While this bulk transfer is pending we migrate to another host.

The problem is that after 2, the new host will rescan the queue and
combine the packets in one large transfer, where as 1) has caused the
original host to see them as 2 transfers. This patch fixes this by stopping
combinging if we detect a 16k transfer with its int_req flag set.

This should not adversely effect performance for other cases as:
1) Linux never sets the interrupt flag on packets other then the last
2) Windows does set the in_req flag on each td, but will submit large
transfers in 20k tds thus never triggering the check

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:58 +01:00
Hans de Goede
a552a966f1 usb: Add packet combining functions
Currently we only do pipelining for output endpoints, since to properly
support short-not-ok semantics we can only have one outstanding input
packet. Since the ehci and uhci controllers have a limited per td packet
size guests will split large input transfers to into multiple packets,
and since we don't pipeline these, this comes with a serious performance
penalty.

This patch adds helper functions to (re-)combine packets which belong to 1
transfer at the guest device-driver level into 1 large transger. This can be
used by (redirection) usb-devices to enable pipelining for input endpoints.

This patch will combine packets together until a transfer terminating packet
is encountered. A terminating packet is a packet which meets one or more of
the following conditions:
1) The packet size is *not* a multiple of the endpoint max packet size
2) The packet does *not* have its short-not-ok flag set
3) The packet has its interrupt-on-complete flag set

The short-not-ok flag of the combined packet is that of the terminating packet.
Multiple combined packets may be submitted to the device, if the combined
packets do not have their short-not-ok flag set, enabling true pipelining.

If a combined packet does have its short-not-ok flag set the queue will
wait with submitting further packets to the device until that packet has
completed.

Once enabled in the usb-redir and ehci code, this improves the speed (MB/s)
of a Linux guest reading from a USB mass storage device by a factor of
1.2 - 1.5.

And the main reason why I started working on this, when reading from a pl2303
USB<->serial converter, it combines the previous 4 packets submitted per
device-driver level read into 1 big read, reducing the number of packets / sec
by a factor 4, and it allows to have multiple reads outstanding. This allows
for much better latency tolerance without the pl2303's internal buffer
overflowing (which was happening at 115200 bps, without serial flow control).

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:58 +01:00
Hans de Goede
7f102ebeb5 uhci: Don't crash on device disconnect
My recent uhci cleanup series has introduced a regression, where
qemu sometimes crashes on a device disconnect. The problem is that
the uhci code never checked for a device not / no longer existing, instead
it was relying on usb_handle_packet accepting a NULL device.

But since we now pass usb_handle_packet q->ep->dev, rather then just
a local dev variable, we crash as q->ep == NULL due to the device no longer
existing.

This patch fixes this. Note that this patch also improves over
the old behavior were we would:
1) create a queue for the device
2) create an async for the packet
3) have usb_handle_packet fail
4) destroy the async
5) wait for the queue to be idle for 32 frames
6) destroy the queue

Which was rather sub-optimal.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:58 +01:00
Hans de Goede
faccca000f uhci: Add a uhci_handle_td_error() helper function
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:58 +01:00
Gerd Hoffmann
bb4d2b2f0a usb/ehci-pci: add helper to create ich9 usb controllers
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:58 +01:00
Gerd Hoffmann
ba07630c79 usb/ehci-pci: add ich9 00:1a.* variant
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:58 +01:00
Gerd Hoffmann
df01318777 usb/ehci-pci: dynamic type generation
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:57 +01:00
Gerd Hoffmann
74625ea27c uhci: add ich9 00:1a.* variants
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:57 +01:00
Gerd Hoffmann
8f3f90b0c7 uhci: stick irq routing info into UHCIInfo too.
Kills the ugly "switch (device_id) { ... }" struct and makes it easier
to figure what the differences between the uhci variants are.

Need our own DeviceClass struct for that so we can allocate some space
to store UHCIInfo.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:57 +01:00
Gerd Hoffmann
2c2e852509 uhci: dynamic type generation
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:57 +01:00
Peter Crosthwaite
892776ce02 xilinx_zynq: add USB controllers
Add the two usb controllers in Zynq.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 15:17:57 +01:00
Gerd Hoffmann
b12f32c408 pixman: switch screendump function.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 14:00:04 +01:00
Gerd Hoffmann
1fd2510a37 vga: stop direct access to DisplaySurface fields.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 14:00:04 +01:00
Gerd Hoffmann
b6e9f63711 qxl: stop direct access to DisplaySurface fields.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 14:00:04 +01:00
Gerd Hoffmann
e433785a76 usb/ehci: add sysbus variant
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:10 +01:00
Gerd Hoffmann
0bf96f9457 usb/ehci: split into multiple source files
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:10 +01:00
Peter Crosthwaite
569c7fc840 usb/ehci: Guard definition of EHCI_DEBUG
Guard against re-definition of EHCI_DEBUG. Allows for turning on of debug info
from configure (using --qemu-extra-cflags="-DEHCI_DEBUG=1") rather than source
code hacking.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:10 +01:00
Peter Crosthwaite
5010d4dc61 usb/ehci: seperate out PCIisms
Seperate the PCI stuff from the EHCI components. Extracted the PCIDevice
out into a new wrapper struct to make EHCIState non-PCI-specific. Seperated
tho non PCI init component out into a seperate "common" init function.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:10 +01:00
Peter Crosthwaite
7ae6ce0258 usb/ehci: Abstract away PCI DMA API
Pull the DMAContext for the PCI DMA out at device init time and put it into
the device state. Use dma_memory_read/write() instead of pci specific versions.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Peter Crosthwaite
27a11324e0 usb/ehci: parameterise the register region offsets
The capabilities register and operational register offsets can vary from one
EHCI implementation to the next. Parameterise accordingly.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Gerd Hoffmann
0bc85da69e xhci: allow address slot being called multiple times
win8 guests do that for some reason ...

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Gerd Hoffmann
4f47f0f82e xhci: add port trace points
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Gerd Hoffmann
b62b08282d xhci: set pls in xhci_port_update & xhci_port_reset
Set the port link state to the correct values in xhci_port_update and
xhci_port_reset functions.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Gerd Hoffmann
40030130d1 xhci: add xhci_port_reset
Move port reset logic to its own function.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Gerd Hoffmann
f705a36280 xhci: add xhci_port_notify
Create a function to notify the guest about port
status changes and put it into use.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Gerd Hoffmann
6a32f80f05 xhci: add xhci_port_have_device
Factor out the code which checks whenever a usb device is attached
to the port in question.  No functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Gerd Hoffmann
f321402785 xhci: s/xhci_update_port/xhci_port_update/
Rename the function for xhci_port_* naming scheme, also drop
the xhci parameter as port carries a pointer to xhci anyway.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Gerd Hoffmann
85e05d825f xhci: add {get,set}_field macros & enum for pls
Add {get,set}_field macros (simliar to ehci) to read and update
some bits of a word.  Put them into use for updating pls (port
link state) values.  Also add a enum for pls values.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:09 +01:00
Gerd Hoffmann
9678aedd8e vga: fix text mode updating
With both text (curses) and graphics (vnc/sdl/spice/...) display active
vga text mode emulation fails to update both correctly.  Depending on
whenever vga_update_text() or vga_draw_text() happens to be called first
only the text display or only the graphics display will see display
resolution changes and full redraws.

Fix it by calling both text/gfx resize functions in both code paths and
keep track of full screen redraws needed in VGACommonState fields.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:06 +01:00
Gerd Hoffmann
a93a4a226a console: untangle gfx & txt updates
Stop abusing displaysurface fields for text mode displays.
(bpp = 0, width = cols, height = lines).

Add flags to displaystate indicating whenever text mode display
(curses) or gfx mode displays (sdl, vnc, ...) are present.

Add separate displaychangelistener callbacks for text / gfx mode
resize & updates.

This allows to enable gfx and txt diplays at the same time and also
paves the way for more cleanups in the future.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:06 +01:00
Gerd Hoffmann
bf2fde70fe console: move set_mouse + cursor_define callbacks
When adding DisplayChangeListeners the set_mouse and cursor_define
callbacks have been left in DisplayState for some reason.  Fix it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:05 +01:00
Gerd Hoffmann
87e487a14b console: QLIST-ify display change listeners.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:05 +01:00
David Gibson
1ecbbab469 pseries: Cleanup duplications of ics_valid_irq() code
A couple of places in xics.c open-coded the same logic as is already
implemented in ics_valid_irq().  This patch fixes the code duplication.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-11-01 13:02:22 +01:00
David Gibson
bf0175de6c pseries: Clean up inconsistent variable name in xics.c
Throughout xics.c 'nr' is used to refer to a global interrupt number, and
'server' is used to refer to an interrupt server number (i.e. CPU number).
Except in icp_set_mfrr(), where 'nr' is used as a server number.  Fix this
confusing inconsistency.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-11-01 13:02:22 +01:00
David Gibson
a3cfa18eb0 Revert "PPC: pseries: Remove hack for PIO window"
This reverts commit a178274efa.

Contrary to that commit's message, the users of old_portio are not all
gone.  In particular VGA still uses it via portio_list_add().

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2012-11-01 13:02:21 +01:00
Gabriel L. Somlo
372254c6e5 e1000: pre-initialize RAH/RAL registers
Some guest operating systems' drivers (Mac OS X in particular) fail to
properly initialize the Receive Address registers (probably expecting
them to be pre-initialized by an earlier component, such as a specific
proprietary BIOS). This patch pre-initializes the RA registers, allowing
OS X networking to function properly. Other guest operating systems are
not affected, and free to (re)initialize these registers during boot.

[According to the datasheet the Address Valid bits in the RA registers
are cleared on PCI or software reset.  This patch adds the NIC's MAC
address and sets Address Valid on reset.  So we diverge from real
hardware behavior here. -- Stefan]

Signed-off-by: Gabriel Somlo <somlo@cmu.edu>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2012-11-01 12:02:17 +01:00
Dmitry Fleytman
e5b8b0d4ba e1000: drop check_rxov, always treat RX ring with RDH == RDT as empty
Real HW always treats RX ring with RDH == RDT as empty.
Emulation is supposed to behave the same.

Reported-by: Chris Webb <chris.webb@elastichosts.com>
Reported-by: Richard Davies <richard.davies@elastichosts.com>
Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2012-11-01 10:59:59 +01:00
Paolo Bonzini
f563a5d7a8 Merge remote-tracking branch 'origin/master' into threadpool
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-10-31 10:42:51 +01:00
Andreas Färber
f100f0b38f cpus: Pass CPUState to run_on_cpu()
CPUArchState is no longer needed.

Move the declaration to include/qemu/cpu.h and add documentation.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-10-31 04:12:23 +01:00
Andreas Färber
3993c6bddf cpus: Pass CPUState to [qemu_]cpu_has_work()
For target-mips also change the return type to bool.

Make include paths for cpu-qom.h consistent for alpha and unicore32.

Signed-off-by: Andreas Färber <afaerber@suse.de>
[AF: Updated new target-openrisc function accordingly]
Acked-by: Richard Henderson <rth@twiddle.net> (for alpha)
2012-10-31 04:11:37 +01:00
Marcelo Tosatti
19403a68fb cirrus_vga: allow configurable vram size
Allow RAM size to be configurable for cirrus, to allow migration
compatibility from qemu-kvm.

Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2012-10-30 23:39:50 -02:00
Andreas Färber
b13ce26d3e spapr: Pass PowerPCCPU to hypercalls
Needed for changing cpu_has_work() argument type to CPUState,
used in h_cede().

Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-10-31 01:02:46 +01:00
Andreas Färber
aa100fa4c9 spapr: Pass PowerPCCPU to spapr_hypercall()
Needed for changing the hypercall handlers' argument type to PowerPCCPU.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-10-31 01:02:45 +01:00
Andreas Färber
1b14670a38 target-ppc: Pass PowerPCCPU to cpu_ppc_hypercall
Adapt emulate_spapr_hypercall() accordingly.

Needed for changing spapr_hypercall() argument type to PowerPCCPU.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-10-31 01:02:45 +01:00
Andreas Färber
79bbf20bca xtensa_pic: Pass XtensaCPU to xtensa_ccompare_cb()
Needed for changing cpu_has_work() argument type to CPUState.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
2012-10-31 01:02:45 +01:00
Andreas Färber
c08d7424d6 cpus: Pass CPUState to qemu_cpu_kick()
CPUArchState is no longer needed there.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-10-31 01:02:45 +01:00
Andreas Färber
a096124571 ppc: Pass PowerPCCPU to {ppc6xx,ppc970,power7,ppc40x,ppce500}_set_irq()
Needed for changing qemu_cpu_kick() argument type to CPUState and
for moving halted field into CPUState.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-10-31 01:02:45 +01:00
Andreas Färber
f324e7667a cpu: Move stopped field to CPUState
Change its type to bool.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-10-31 01:02:44 +01:00
Andreas Färber
b6444a42c0 ppce500_spin: Store PowerPCCPU in SpinKick
Needed for moving stopped field to CPUState.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-10-31 01:02:44 +01:00
Andreas Färber
60e82579c7 cpus: Pass CPUState to qemu_cpu_is_self()
Change return type to bool, move to include/qemu/cpu.h and
add documentation.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
[AF: Updated new caller qemu_in_vcpu_thread()]
2012-10-31 01:02:39 +01:00
Andreas Färber
e9f9d6b165 target-i386: Pass X86CPU to cpu_x86_load_seg_cache_sipi()
Simplifies the call in apic_sipi() again and needed for moving halted
field to CPUState.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
2012-10-30 22:38:37 +01:00
Andreas Färber
60671e583c apic: Store X86CPU in APICCommonState
Prepares for using a link<> property to connect APIC with CPU and for
changing the CPU APIs to CPUState.

Resolve Coding Style warnings by moving the closing parenthesis of
foreach_apic() macro to next line.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
2012-10-30 22:38:37 +01:00
Andreas Färber
449994eb58 target-i386: Inline APIC cpu_env property setting
This prepares for changing the variable type from void*.

Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
2012-10-30 22:38:37 +01:00
Igor Mammedov
bdeec80217 target-i386: Initialize APIC at CPU level
(L)APIC is a part of cpu [1] so move APIC initialization inside of
x86_cpu object. Since cpu_model and override flags currently specify
whether APIC should be created or not, APIC creation&initialization is
moved into x86_cpu_apic_init() which is called from x86_cpu_realize().

[1] - all x86 cpus have integrated APIC if we overlook existence of i486,
and it's more convenient to model after majority of them.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-10-30 22:38:37 +01:00
Blue Swirl
742a40229d Merge branch 'qspi.2' of git://developer.petalogix.com/public/qemu
* 'qspi.2' of git://developer.petalogix.com/public/qemu:
  xilinx_zynq: added QSPI controller
  xilinx_spips: Generalised to model QSPI
  m25p80: Support for Quad SPI
2012-10-30 18:35:18 +00:00
Paolo Bonzini
f627aab1cc aio: introduce AioContext, move bottom halves there
Start introducing AioContext, which will let us remove globals from
aio.c/async.c, and introduce multiple I/O threads.

The bottom half functions now take an additional AioContext argument.
A bottom half is created with a specific AioContext that remains the
same throughout the lifetime.  qemu_bh_new is just a wrapper that
uses a global context.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-10-30 09:30:53 +01:00
Igor Mitsyanko
50a5be6c3d hw/sd.c: add SD card save/load support
This patch updates SD card model to support save/load of card's state.

Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:12 +00:00
Igor Mitsyanko
f2d189d384 hw/sd.c: Fix erase for high capacity cards
Standard capacity cards SDSC use byte unit address while SDHC and SDXC cards use
block unit address (512 bytes) when setting ERASE_START and ERASE_END with CMD32
and CMD33, we have to account for this.

Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:12 +00:00
Peter Crosthwaite
fc5b64d082 pflash_cfi01: Fix debug mode printfery
This DPRINTF was throwing a warning due to a missing cast.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:11 +00:00
Peter Crosthwaite
368a354f02 pflash_cfi0x: QOMified
QOMified the pflash_cfi0x so machine models can connect them up in custom ways.

Kept the pflash_cfi0x_register functions as is. They can still be used to
create a flash straight onto system memory.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:11 +00:00
Peter Crosthwaite
be65f89992 pflash_cfi01: remove unused total_len field
This field is completely unused.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:11 +00:00
Peter Crosthwaite
b7dff23a48 pflash_cfi0x: remove unused base field
This field is completely unused. The base address should also be abstracted
away from the device anyway. Removed.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:11 +00:00
Peter Maydell
5170d661dc hw/versatile_i2c: Use LOG_GUEST_ERROR
Use LOG_GUEST_ERROR to report bad guest accesses.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:11 +00:00
Peter Maydell
a35d4e4223 hw/arm_l2x0: Use LOG_GUEST_ERROR
Use LOG_GUEST_ERROR to report bad guest accesses.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:10 +00:00
Peter Maydell
0c896f0662 hw/arm_sysctl: Use LOG_GUEST_ERROR
Use LOG_GUEST_ERROR to report bad guest accesses.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:10 +00:00
Peter Maydell
e72e3ffc3d hw/armv7m_nvic: Use LOG_GUEST_ERROR and LOG_UNIMP
Use LOG_GUEST_ERROR and LOG_UNIMP rather than hw_error() where
appropriate.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:10 +00:00
Peter Maydell
edb94a41e3 hw/arm_timer: Use LOG_GUEST_ERROR and LOG_UNIMP
Use LOG_GUEST_ERROR to report guest accesses to bad register
offsets, and LOG_UNIMP for access to the unimplemented
test registers.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:10 +00:00
Peter Maydell
8c8dc39fa6 hw/arm_gic: Use LOG_GUEST_ERROR
Use LOG_GUEST_ERROR to report guest accesses to bad offsets.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:10 +00:00
Peter Maydell
f9fe7bdad8 hw/arm11mpcore: Use LOG_GUEST_ERROR rather than hw_error()
Use LOG_GUEST_ERROR to report guest accesses to bad offsets.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:09 +00:00
Peter Maydell
2d746989bf hw/pl190: Use LOG_UNIMP rather than hw_error()
Use LOG_UNIMP to report attempts to use the unimplemented test mode.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:09 +00:00
Peter Maydell
375cb56029 hw/pl110: Use LOG_GUEST_ERROR rather than hw_error()
Use LOG_GUEST_ERROR to report guest accesses to invalid register
offsets.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:09 +00:00
Peter Maydell
df37416218 hw/pl080: Use LOG_GUEST_ERROR and LOG_UNIMP
Use LOG_GUEST_ERROR and LOG_UNIMP in preference to hw_error().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:09 +00:00
Peter Maydell
abff909c94 hw/pl061: Use LOG_GUEST_ERROR
Use LOG_GUEST_ERROR to report guest attempts to access bad register offsets.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:09 +00:00
Peter Maydell
fbfecf43e9 hw/pl050: Use LOG_GUEST_ERROR
Use LOG_GUEST_ERROR for reporting guest attempts to access invalid register
offsets.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:08 +00:00
Peter Maydell
7f0f774003 hw/exynos4_boards: Don't prematurely explode QEMUMachineInitArgs
Don't explode QEMUMachineInitArgs before passing it to
exynos4_boards_init_common().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:08 +00:00
Peter Maydell
6efa6d5038 hw/mainstone: Don't prematurely explode QEMUMachineInitArgs
Don't explode QEMUMachineInitArgs before passing it to mainstone_init().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:08 +00:00
Peter Maydell
462b69bba3 hw/nseries: Don't prematurely explode QEMUMachineInitArgs
Don't explode QEMUMachineInitArgs before passing it to n8x0_init().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:08 +00:00
Peter Maydell
6952625da8 hw/omap_sx1: Don't prematurely explode QEMUMachineInitArgs
Don't explode QEMUMachineInitArgs before passing it to the
omap_sx1 common init function.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2012-10-30 07:45:08 +00:00