Commit Graph

457 Commits

Author SHA1 Message Date
Hans de Goede 8c75a899f8 uhci: Detect guest td re-use
A td can be reused by the guest in a different queue, before we notice
the original queue has been unlinked. So search for tds by addr only, detect
guest td reuse, and cancel the original queue, this is necessary to keep our
packet ids unique.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:11 +02:00
Hans de Goede 66a08cbe6a uhci: Verify queue has not been changed by guest
According to the spec a guest can unlink a qh, and then as soon as frindex
has changed by 1 since the unlink, assume it is idle and re-use it. However
for various reasons, we cannot simply consider a qh as unlinked if we've not
seen it for 1 frame. This means that it is possible for a guest to re-use /
restart the queue while we still see its old state. This patch adds a safety
check for this, and "early" retires queues when they were changed by the guest.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:11 +02:00
Hans de Goede 5ad23e873c uhci: Immediately free queues on device disconnect
There is no need to just cancel any in-flight packets, and then wait
for validate-end to clean things up, we can simply clean things up
immediately on device removal.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:11 +02:00
Hans de Goede 11d15e402b uhci: Store ep in UHCIQueue
This avoids the need to repeatedly lookup the device, and ep.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:11 +02:00
Hans de Goede a4f30cd766 uhci: Make uhci_fill_queue() actually operate on an UHCIQueue
And move its calling point to handle_td, this removes the ep_ret ugliness,
and prepates the way for further cleanups in the follow-up patches in this
patch-set.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:11 +02:00
Hans de Goede 963a68b54f uhci: Add uhci_read_td() helper function
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:11 +02:00
Hans de Goede 1f250cc772 uhci: Rename UHCIAsync->td to UHCIAsync->td_addr
We use the name td both to refer to a UHCI_TD read from guest memory as
well as to refer to the guest address where a td is stored, switch over
to always use td_addr in the second case for consistency.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:11 +02:00
Hans de Goede 4050737726 uhci: Move emptying of the queue's asyncs' queue to uhci_queue_free
Cleanup: all callers of uhci_queue_free first unconditionally cancel
all remaining asyncs in the queue, so lets move this to uhci_queue_free().

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:11 +02:00
Hans de Goede 3c87c76d1a uhci: Drop unnecessary forward declaration of some static functions
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:11 +02:00
Hans de Goede a89e255b0c uhci: Don't retry on error
Since we are either dealing with emulated devices, where retrying is
not going to help, or with redirected devices where the host OS will
have already retried, don't bother retrying on failed transfers.

Also move some common/indentical code out of all the error cases
into the generic error path.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:10 +02:00
Hans de Goede 2f2ee2689f uhci: cleanup: Add an unlink call to uhci_async_cancel()
All callers of uhci_async_cancel() call uhci_async_unlink() first, so
lets move the unlink call to uhci_async_cancel()

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:10 +02:00
Hans de Goede 5b352ed537 uhci: No need to handle async completion of isoc packets
No devices ever return async for isoc endpoints and the core
already enforces this.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:10 +02:00
Hans de Goede aaac74343d usb: Enforce iso endpoints never returing USB_RET_ASYNC
ehci was already testing for this, and we depend in various places
on no devices doing this, so lets move the check for this to the
usb core.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:10 +02:00
Hans de Goede a6fb2ddb14 usb: Add an int_req flag to USBPacket
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:10 +02:00
Hans de Goede 6ba43f1f6b usb: Move short-not-ok handling to the core
After a short-not-ok packet ending short, we should not advance the queue.
Move enforcing this to the core, rather then handling it in the hcd code.

This may result in the queue now actually containing multiple input packets
(which would not happen before), and this requires special handling in
combination with pipelining, so disable pipleining for input endpoints
(for now).

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:10 +02:00
Hans de Goede 0cae7b1a00 usb: Move clearing of queue on halt to the core
hcds which queue up more then one packet at once (uhci, ehci and xhci),
must clear the queue after an error which has caused the queue to halt.

Currently this is handled as a special case inside the hcd code, this
patch instead adds an USB_RET_REMOVE_FROM_QUEUE packet result code, teaches
the 3 hcds about this and moves the clearing of the queue on a halt into
the USB core.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:10 +02:00
Hans de Goede 36dfe324fd usb: Add USB_RET_ADD_TO_QUEUE packet result code
This can be used by usb-device code which wishes to process an entire endpoint
queue at once, to do this the usb-device code returns USB_RET_ADD_TO_QUEUE
from its handle_data class method and defines a flush_ep_queue class method
to call when the hcd is done queuing up packets.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:09 +02:00
Hans de Goede d0ff81b871 usb: Rename __usb_packet_complete to usb_packet_complete_one
And make it available for use outside of core.c

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:09 +02:00
Hans de Goede 3151f2096d xhci: Add a xhci_ep_nuke_one_xfer helper function
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:09 +02:00
Hans de Goede b4ea866499 ehci: Retry to fill the queue while waiting for td completion
If the guest is using multiple transfers to try and keep the usb bus busy /
used at maximum efficiency, currently we would see / do the following:

1) submit transfer 1 to the device
2) submit transfer 2 to the device
3) report transfer 1 completion to guest
4) report transfer 2 completion to guest
5) submit transfer 1 to the device
6) report transfer 1 completion to guest
7) submit transfer 2 to the device
8) report transfer 2 completion to guest
etc.

So after the initial submission we would effectively only have 1 transfer
in flight, rather then 2. This is caused by us not checking the queue for
addition of new transfers by the guest (ie the resubmission of a recently
finished transfer), while waiting for a pending transfer to complete.
This patch does add a check for this, changing the sequence to:

1) submit transfer 1 to the device
2) submit transfer 2 to the device
3) report transfer 1 completion to guest
4) submit transfer 1 to the device
5) report transfer 2 completion to guest
6) submit transfer 2 to the device
etc.

Thus keeping 2 transfers in flight (most of the time, and always 1),
as intended by the guest.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:09 +02:00
Hans de Goede e3a36bce1d ehci: Detect going in circles when filling the queue
For ctrl endpoints Windows (atleast Win7) creates circular td lists, so far
these were not a problem because we would stop filling the queue if altnext
was set. Since further patches in this patchset remove the altnext check this
does become a problem and we need detection for going in circles.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:09 +02:00
Hans de Goede 44272b0f88 ehci: Speed up the timer of raising int from the async schedule
Often the guest will queue up new packets in response to a packet, in the
async schedule with its IOC flag set, completing. By speeding up the
frame-timer, we notice these new packets earlier. This increases the
speed (MB/s) of a Linux guest reading from a USB mass storage device by a
factor of 1.15 on top of the "Improve latency of interrupt delivery"
speed-ups, both with and without input pipelining enabled.

I've not tested the speed-up of this patch without the
"Improve latency of interrupt delivery" patch.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:09 +02:00
Hans de Goede 0262f65aaa ehci: Improve latency of interrupt delivery and async schedule scanning
While doing various performance tests of reading from USB mass storage devices
I noticed the following::
1) When an async handled packet completes, we don't immediately report an
   interrupt to the guest, instead we wait for the frame-timer to run and
   report it from there
2) If 1) has been fixed and an async handled packet takes a while to complete,
   then async_stepdown will become a high value, which means that there
   will be a large latency before any new packets queued by the guest in
   response to the interrupt get seen

1) was done deliberately as part of commit f0ad01f92:
http://www.kraxel.org/cgit/qemu/commit/?h=usb.57&id=f0ad01f92ca02eee7cadbfd225c5de753ebd5fce
Since setting the interrupt immediately on async packet completion was causing
issues with Linux guests, I believe this recently fixed Linux bug explains
why this is happening:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=361aabf395e4a23cf554cf4ec0c0c6963b8beb01

Note that we can *not* count on this fix being present in all Linux guests!

I was hoping that the recently added support for Interrupt Threshold Control
would fix the issues with Linux guests, but adding a simple ehci_commit_irq()
call to ehci_async_bh() still caused problems with Linux guests.

The problem is, that when doing ehci_commit_irq() from ehci_async_bh(),
the "old" frindex value is used to calculate usbsts_frindex, and when
the frame-timer then runs possibly very shortly after ehci_async_bh(),
it increases the frame-timer, and thus any interrupts raised from that
frame-timer run, will also get reported to the guest immediately, rather
then being delayed to the next frame-timer run.

Luckily the solution for this is simple, this means that we need to
increase frindex before calling ehci_commit_irq() from ehci_async_bh(),
which in the end boils down to simple calling ehci_frame_timer() instead
of ehci_async_bh() from the bh.

This may seem like it causes a lot of extra work to be done, but this
is not true. Any work done from the frame-timer processing the periodic
schedule is work which then does not need to be done the next time the
frame timer runs, also the frame-timer will re-arm itself at (possibly)
a later time then it was armed for saving a vmexit at that time.

As an additional advantage moving to simply calling the frame-timer also
fixes 2) as the packet completion will set async_stepdown to 0, and the
re-arming of the timer with an async_stepdown of 0 ensures that any
newly queued up packets get seen in a reasonable amount of time.

This improves the speed (MB/s) of a Linux guest reading from a USB mass
storage device by a factor of 1.5 - 1.7 with input pipelining disabled,
and by a factor of 1.8 with input pipelining enabled.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:09 +02:00
Hans de Goede cf08a8a1f6 ehci: Set int flag on a short input packet
According to 4.15.1.2 an interrupt must be raised when a short packet
is received. If we don't do this it may take a significant time for
the guest to notice a short trasnfer has completed, since only the last td
will have its IOC flag set, and a short transfer may complete in an earlier
packet.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:09 +02:00
Hans de Goede 549a3c3d96 ehci: Get rid of packet tbytes field
This field is used in some places to track the tbytes field of the token, but
in other places the field is used directly, use it directly everywhere for
consistency.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:09 +02:00
Hans de Goede 7c2eaca4ef uhci: Move checks to continue queuing to uhci_fill_queue()
Rather then having a special check to start queuing after the first packet,
and then another check for the other packets in uhci_fill_queue(), simply
check the previous packet beforehand in uhci_fill_queue()

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:08 +02:00
Hans de Goede 00a0770de3 uhci: Properly unmap packets on cancel / invalid pid
Packets with an invalid pid, or which were cancelled have
usb_packet_map() called on them on init, but not usb_packet_unmap()
before being freed.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-25 09:08:08 +02:00
Avi Kivity a8170e5e97 Rename target_phys_addr_t to hwaddr
target_phys_addr_t is unwieldly, violates the C standard (_t suffixes are
reserved) and its purpose doesn't match the name (most target_phys_addr_t
addresses are not target specific).  Replace it with a finger-friendly,
standards conformant hwaddr.

Outstanding patchsets can be fixed up with the command

  git rebase -i --exec 'find -name "*.[ch]"
                        | xargs s/target_phys_addr_t/hwaddr/g' origin

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-23 08:58:25 -05:00
Gerd Hoffmann da124e62de usb-serial: only expose device in guest when the chardev is open
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-22 13:26:42 -05:00
Gerd Hoffmann 70330fb3da usb-serial: don't magically zap chardev on umplug
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-22 13:26:42 -05:00
Hans de Goede 883bca776d uhci: Raise interrupt when requested even for non active tds
According to the spec we must raise an interrupt when one is requested
even for non active tds.

Linux depends on this, for bulk transfers it runs an inactivity timer
to work around a bug in early uhci revisions, when we take longer then
200 ms to process a packet, this timer goes of, and as part of the
handling Linux then unlinks the qh, and relinks it after the frindex
has increased by atleast 1, the problem is Linux only checks for the
frindex increases on an interrupt, and we don't send that, causing
the qh to go inactive for more then 32 frames, at which point we
consider the packet cancelled.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-11 09:33:33 +02:00
Hans de Goede 5c16f76781 usb-redir: Don't make migration fail in none seamless case
Instead simple disconnect the device like host redirection does on
migration.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-11 09:32:10 +02:00
Hans de Goede dbbf01958e usb-redir: Change usbredir_open_chardev into usbredir_create_parser
As we need to create the parser at more places.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-11 09:32:10 +02:00
Aurelien Jarno 048d3612a5 Merge branch 'trivial-patches' of git://github.com/stefanha/qemu
* 'trivial-patches' of git://github.com/stefanha/qemu:
  versatilepb: Use symbolic indices for ARM PIC
  qdev: kill bogus comment
  qemu-barrier: Fix compiler version check for future gcc versions
  hw: Add missing 'static' attribute for QEMUMachine
  cleanup useless return sentence
  qemu-sockets: Fix compiler warning (regression for MinGW)
  vnc: Fix spelling (hellmen -> hellman) in comment
  slirp: Fix spelling in comment (enought -> enough, insure -> ensure)
  tcg/arm: Use tcg_out_mov_reg rather than inline equivalent code
  cpu: Add missing 'static' attribute to qemu_global_mutex
  configure: Support empty target list (--target-list=)
  hw: Fix return value check for bdrv_read, bdrv_write
2012-10-06 18:54:14 +02:00
Stefan Weil c9159fe9aa Remove libhw
The entries for libhw* are no longer needed in .gitignore.

There is also no longer a difference between common-obj-y and
hw-obj-y, so one of those two macros is sufficient.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-10-05 16:07:49 -05:00
Amos Kong 4d5b97da35 cleanup useless return sentence
This patch cleans up return sentences in the end of void functions.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Amos Kong <akong@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
2012-10-05 15:10:21 +02:00
David Gibson 39c138c842 usb: Fix usb_packet_map() in the presence of IOMMUs
With the IOMMU infrastructure introduced before 1.2, we need to use
dma_memory_map() to obtain a qemu pointer to memory from an IO bus address.
However, dma_memory_map() alters the given length to reflect the length
over which the used DMA translation is valid - which could be either more
or less than the requested length.

usb_packet_map() does not correctly handle these cases, simply failing if
dma_memory_map() alters the requested length.  If dma_memory_map()
increased the length, we just need to use the requested length for the
qemu_iovec_add().  However, if it decreased the length, it means that a
single DMA translation is not valid for the whole sglist element, and so
we need to loop, splitting it up into multiple iovec entries for each
piece with a DMA translation (in practice >2 pieces is unlikely).

This patch implements the correct behaviour

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-26 09:24:42 +02:00
Hans de Goede cae5d3f4b3 ehci: Fix interrupt packet MULT handling
There are several issues with our handling of the MULT epcap field
of interrupt qhs, which this patch fixes.

1) When we don't execute a transaction because of the transaction counter
being 0, p->async stays EHCI_ASYNC_NONE, and the next time we process the
same qtd we hit an assert in ehci_state_fetchqtd because of this. Even though
I believe that this is caused by 3 below, this patch still removes the assert,
as that can still happen without 3, when multiple packets are queued for the
same interrupt ep.

2) We only *check* the transaction counter from ehci_state_execute, any
packets queued up by fill_queue bypass this check. This is fixed by not calling
fill_queue for interrupt packets.

3) Some versions of Windows set the MULT field of the qh to 0, which is a
clear violation of the EHCI spec, but still they do it. This means that we
will never execute a qtd for these, making interrupt ep-s on USB-2 devices
not work, and after recent changes, triggering 1).

So far we've stored the transaction counter in our copy of the mult field,
but with this beginnig at 0 already when dealing with these version of windows
this won't work. So this patch adds a transact_ctr field to our qh struct,
and sets this to the MULT field value on fetchqh. When the MULT field value
is 0, we set it to 4. Assuming that windows gets way with setting it to 0,
by the actual hardware going horizontal on a 1 -> 0 transition, which will
give it 4 transactions (MULT goes from 0 - 3).

Note that we cannot stop on detecting the 1 -> 0 transition, as our decrement
of the transaction counter, and checking for it are done in 2 different places.

Reported-by: Shawn Starr <shawn.starr@rogers.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-26 09:24:41 +02:00
Gerd Hoffmann 1d8a4e69ee xhci: create a memory region for each port
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-26 09:24:41 +02:00
Gerd Hoffmann ccaf87a085 xhci: route string & usb hub support
Parse route string in slot contexts and
support devices connected via hub.
2012-09-26 09:24:41 +02:00
Gerd Hoffmann d95e74eaed xhci: tweak limits
Set maxports to 15.  This is what the usb3 route string can handle.

Set maxslots to 64.  This is more than the number of root ports we
can have, but with additional hubs you can end up with more devices.

Set maxintrs (aka msi vectors) to 16.  Should be enougth, especially
considering that vectors are a limited ressource.  Linux guests use
only three at the moment.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-26 09:24:41 +02:00
Aurelien Jarno cfb75cb980 Merge branch 'usb.65' of git://git.kraxel.org/qemu
* 'usb.65' of git://git.kraxel.org/qemu:
  uhci: Don't queue up packets after one with the SPD flag set
  usb-redir: Revert usb-redir part of commit 93bfef4c
  usb-redir: Add chardev open / close debug logging
  usb-redir: Add support for migration
  usb-redir: Store max_packet_size in endp_data
  usb-redir: Add an already_in_flight packet-id queue
  usb-redir: Change cancelled packet code into a generic packet-id queue
  ehci: Walk async schedule before and after migration
  ehci: Don't set seen to 0 when removing unseen queue-heads
  configure: usbredir fixes
  ehci: Don't process too much frames in 1 timer tick (v2)
  ehci: Fix interrupts stopping when Interrupt Threshold Control is 8
  ehci: switch to new-style memory ops
  usb-host: allow emulated (non-async) control requests without USBPacket
2012-09-21 19:53:26 +02:00
Stefan Hajnoczi 190563f9a9 net: fix usbnet_receive() packet drops
The USB network interface has a single buffer which the guest reads
from.  This patch prevents multiple calls to usbnet_receive() from
clobbering the input buffer.  Instead we queue packets until buffer
space becomes available again.

This is inspired by virtio-net and e1000 rxbuf handling.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-09-14 08:40:32 +01:00
Stefan Hajnoczi f237ddbb89 net: clean up usbnet_receive()
The USB network interface has two code paths depending on whether or not
RNDIS mode is enabled.  Refactor usbnet_receive() so that there is a
common path throughout the function instead of duplicating everything
across if (is_rndis(s)) ... else ... code paths.

Clean up coding style and 80 character line wrap along the way.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-09-14 08:40:32 +01:00
Hans de Goede 72a04d0c17 uhci: Don't queue up packets after one with the SPD flag set
Don't queue up packets after a packet with the SPD (short packet detect)
flag set. Since we won't know if the packet will actually be short until it
has completed, and if it is short we should stop the queue.

This fixes a miniature photoframe emulating a USB cdrom with the windows
software for it not working.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-13 09:50:47 +02:00
Hans de Goede 35efba2cc6 usb-redir: Revert usb-redir part of commit 93bfef4c
Commit 93bfef4c6e makes qemu-devices
which report the qemu version string to the guest in some way use a
qemu_get_version function which reports a machine-specific version string.

However usb-redir does not expose the qemu version to the guest, only to
the usbredir-host as part of the initial handshake. This can then be logged
on the usbredir-host side for debugging purposes and is otherwise completely
unused! For debugging purposes it is important to have the real qemu version
in there, rather then the machine-specific version.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-13 09:50:47 +02:00
Hans de Goede 09054d19e7 usb-redir: Add chardev open / close debug logging
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-13 09:50:47 +02:00
Hans de Goede fc3f6e1b10 usb-redir: Add support for migration
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-13 09:50:47 +02:00
Hans de Goede 3f4be32824 usb-redir: Store max_packet_size in endp_data
So that we've a place to migrate it to / from to allow restoring it after
migration.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-13 09:50:46 +02:00
Hans de Goede 9a8d4067a6 usb-redir: Add an already_in_flight packet-id queue
After a live migration, the usb-hcd will re-queue all packets by
walking over the schedule in the guest memory again, but requests which
were encountered on the migration source before will already be in flight,
so these should *not* be re-send to the usbredir-host.

This patch adds an already in flight packet ud queue, which will be filled by
the source before migration and then moved over to the migration dest, any
async handled packets are then checked against this queue to avoid sending
the same packet to the usbredir-host twice.

Signed-off-by: Hans de Goede <hdegoede@redhat,com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-13 09:50:46 +02:00
Hans de Goede 8e60452a95 usb-redir: Change cancelled packet code into a generic packet-id queue
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-13 09:50:46 +02:00
Hans de Goede ceab6f9645 ehci: Walk async schedule before and after migration
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-13 09:50:46 +02:00
Hans de Goede 8f5457eb04 ehci: Don't set seen to 0 when removing unseen queue-heads
When removing unseen queue-heads from the async queue list, we should not
set the seen flag to 0, as this may cause them to be removed by
ehci_queues_rip_unused() during the next call to ehci_advance_async_state()
if the timer is late or running at a low frequency.

Note:
1) This *may* have caused the instant unlink / relinks described in commit
   9bc3a3a216

2) Rather then putting more if-s inside ehci_queues_rip_unused, this patch
   instead introduces a new ehci_queues_rip_unseen function.

3) This patch also makes it save to call ehci_queues_rip_unseen() multiple
   times, which gets used in the folluw up patch titled:
   "ehci: Walk async schedule before and after migration"

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-13 09:50:46 +02:00
Hans de Goede 8f74ed1e43 ehci: Don't process too much frames in 1 timer tick (v2)
The Linux ehci isoc scheduling code fills the entire schedule ahead of
time minus 80 frames. If we make a large jump in where we are in the
schedule, ie 40 frames, then the scheduler all of a sudden will only have
40 frames left to work in, causing it to fail packet submissions
with error -27 (-EFBIG).

Changes in v2:
-Don't hardcode a maximum number of frames to process in one tick, instead:
 -Process a minimum number of frames to ensure we do eventually catch up
 -Stop (after the minimum number) when the guest has requested an irq

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-12 08:09:49 +02:00
Hans de Goede ffa1f2e088 ehci: Fix interrupts stopping when Interrupt Threshold Control is 8
If Interrupt Threshold Control is 8 or a multiple of 8, then
s->usbsts_frindex can become exactly 0x4000, at which point
(s->usbsts_frindex > s->frindex) will never become true, as
s->usbsts_frindex will not be lowered / reset in this case.

This patch fixes this.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-12 08:09:49 +02:00
Gerd Hoffmann 3e4f910c8d ehci: switch to new-style memory ops
Also register different memory regions for capabilities,
operational registers and port status registers.  Create
separate tracepoints for operational regs and port status
regs.  Ditch a bunch of sanity checks because the memory
core will do this for us now.

Offloading the byte, word and dword access handling to the
memory core also has the side effect of fixing ehci register
access on bigendian hosts.

Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-12 08:09:49 +02:00
Gerd Hoffmann 63587e3135 usb-host: allow emulated (non-async) control requests without USBPacket
xhci needs this for USB_REQ_SET_ADDRESS due to the way
usb addressing is handled by the xhci hardware.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-12 08:09:48 +02:00
Gerd Hoffmann 6ee021d410 xhci: allow bytewise capability register reads
Some guests need this according to
Alejandro Martinez Ruiz <alex@securiforest.com>

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:02 +02:00
Gerd Hoffmann 1b067564ce xhci: kill xhci_mem_{read,write} dispatcher functions
... and register subregions instead, so we offload the dispatching
to the the memory subsystem which is designed to handle it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:02 +02:00
Gerd Hoffmann fa8ee89e8b xhci: support multiple interrupters
Everything is in place, flip the big switch now
and enable support for multiple interrupters.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:02 +02:00
Gerd Hoffmann 2d1de8508f xhci: pick target interrupter
Pick the correct interrupter when queuing an event.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:02 +02:00
Gerd Hoffmann 43d9d6047e xhci: prepare xhci_runtime_{read,write} for multiple interrupters
Prepare xhci runtime register access function for multiple interrupters.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:02 +02:00
Gerd Hoffmann 962d11e172 xhci: add XHCIInterrupter
Move all state belonging to the (single) interrupter into a separate
struct.  First step in adding support for multiple interrupters.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:02 +02:00
Gerd Hoffmann 2cae41195b xhci: move register update into xhci_intr_raise
Now that we have a separate function to raise an IRQ we can move
some comon code into the function.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:02 +02:00
Gerd Hoffmann 4c47f80063 xhci: add msix support
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:02 +02:00
Gerd Hoffmann 4c4abe7cc9 xhci: rework interrupt handling
Split xhci_irq_update into a function which handles intx updates
(including lowering the irq line once the guests acks the interrupt)
and one which is used for raising an irq only.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:01 +02:00
Gerd Hoffmann c5e9b02dee xhci: fix & cleanup msi.
Drop custom write_config function which isn't needed any more.
Make the msi property a bit property so it accepts 'on' & 'off'.
Enable MSI by default.

TODO: add compat property to disable on old machine types.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:01 +02:00
Gerd Hoffmann 79b40459ba usb-storage: usb3 support
Add usb3 descriptors to usb-storage, so it shows up as superspeed
device when connected to xhci.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:01 +02:00
Gerd Hoffmann 2077469b58 usb3: bos decriptor
Add support for creating BOS descriptor and
device cappability descriptors.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:01 +02:00
Gerd Hoffmann b43a285176 usb3: superspeed endpoint companion
Add support for building superspeed endpoint companion descriptors,
create them for superspeed usb devices.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:01 +02:00
Gerd Hoffmann 6d51b2bb07 usb3: superspeed descriptors
Add superspeed descriptor entry to USBDesc,
advertise superspeed support when present.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:01 +02:00
Gerd Hoffmann 0846e6359c xhci: update port handling
This patch changes the way xhci ports are linked to USBPorts.  The fixed
1:1 relationship between xhci ports and USBPorts is gone.  Now each
USBPort represents a physical plug which has usually two xhci ports
assigned: one usb2 and ond usb3 port.  usb devices show up at one or the
other, depending on whenever they support superspeed or not.

This patch also makes the number of usb2 and usb3 ports runtime
configurable by adding 'p2' and 'p3' properties.  It is allowed to
have different numbers of usb2 and usb3 ports.  Specifying p2=4,p3=2
will give you an xhci adapter which supports all speeds on physical
ports 1+2 and usb2 only on ports 3+4.
2012-09-11 07:43:01 +02:00
Gerd Hoffmann 106b214c4f xhci: update register layout
Change the register layout to be a bit more sparse and also not depend
on the number of ports.  Useful when for making the number of ports
runtime-configurable.
2012-09-11 07:43:01 +02:00
Gerd Hoffmann 8e9f18b6db xhci: fix runtime write tracepoint
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:01 +02:00
Gerd Hoffmann d829fde97d xhci: add trace_usb_xhci_ep_set_dequeue
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:01 +02:00
Gerd Hoffmann 873123fe09 xhci: trace cc codes in cleartext
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:01 +02:00
Gerd Hoffmann 3d1396842d xhci: iso xfer support
Add support for iso transfers.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:01 +02:00
Gerd Hoffmann 01546fa662 xhci: implement mfindex
Implement mfindex register and mfindex wrap event.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:01 +02:00
Gerd Hoffmann 5c08106ff6 xhci: move device lookup into xhci_setup_packet
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:01 +02:00
Gerd Hoffmann d5a15814b4 xhci: drop buffering
This patch splits the xhci_xfer_data function into three.
The xhci_xfer_data function used to do does two things:

  (1) copy transfer data between guest memory and a temporary buffer.
  (2) report transfer results to the guest using events.

Now we three functions to handle this:

  (1) xhci_xfer_map creates a scatter list for the transfer and
      uses that (instead of the temporary buffer) to build a
      USBPacket.
  (2) xhci_xfer_unmap undoes the mapping.
  (3) xhci_xfer_report sends out events.

The patch also fixes reporting of transaction errors which must be
reported unconditinally, not only in case the guest asks for it
using the ISP flag.

[ v2: fix warning ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:01 +02:00
Gerd Hoffmann 331e9406f1 xhci: rip out background transfer code
original xhci code (the one which used libusb directly) used to use
'background transfers' for iso streams.  In upstream qemu the iso
stream buffering is handled by usb-host & usb-redir, so we will
never ever need this.  It has been left in as reference, but is dead
code anyway.  Rip it out.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:00 +02:00
Gerd Hoffmann 2bbd086c41 usb-audio: fix usb version
usb-audio is a full speed (1.1) device,
but bcdUSB claims it is usb 2.0.  Fix it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:00 +02:00
Samuel Thibault 2964cd9bfa Better name usb braille device
Windows users need to know that they have to use the Baum driver to make
the qemu braille device work.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:00 +02:00
Hans de Goede 6c67446a42 usb-redir: Enable pipelining for bulk endpoints
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:00 +02:00
Hans de Goede a508cc42e2 usb-redir: Ensure our peer has the necessary caps when redirecting to XHCI
In order for redirection to work properly when redirecting to an emulated
XHCI controller, the usb-redir-host must support both
usb_redir_cap_ep_info_max_packet_size and usb_redir_cap_64bits_ids,
reject any devices redirected to an XHCI controller when these are not
supported.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:00 +02:00
Hans de Goede 910c1e6b14 usb-redir: Add a usbredir_reject_device helper function
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:00 +02:00
Hans de Goede 0fde3b7a82 usb-redir: Set ep max_packet_size if available
This is needed for usb-redir to work properly with the xhci emulation.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:00 +02:00
Hans de Goede be4a892846 usb-redir: Convert to new libusbredirparser 0.5 API
This gives us support for 64 bit ids which is needed for using XHCI with
the new hcd generated ids.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:00 +02:00
Hans de Goede 2979a36183 usb-redir: Return babble when getting more bulk data then requested
Babble is the appropriate error in this case (rather then signalling a stall).

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:00 +02:00
Hans de Goede de550a6afb usb-redir: Move to core packet id and queue handling
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:00 +02:00
Hans de Goede 206e7f20fe usb-redir: Get rid of unused async-struct dev member
This is a preparation patch for completely getting rid of the async-packet
struct in usb-redir, instead relying on the (new) per ep queues in the
qemu usb core.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:00 +02:00
Hans de Goede 104981d52b usb-redir: Get rid of local shadow copy of packet headers
The shadow copy only serves as an extra check (besides the packet-id) to
ensure the packet we get back is a reply to the packet we think it is.

This check has never triggered in all the time usb-redir is in use now,
and since the verified data in the returned packet-header is not used
otherwise, removing the check does not open any possibilities for the
usbredirhost to confuse us.

This is a preparation patch for completely getting rid of the async-packet
struct in usb-redir, instead relying on the (new) per ep queues in the
qemu usb core.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:00 +02:00
Hans de Goede cb897117cd usb-redir: Get rid of async-struct get member
This is a preparation patch for completely getting rid of the async-packet
struct in usb-redir, instead relying on the (new) per ep queues in the
qemu usb core.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:00 +02:00
Hans de Goede ed9873bfbf usb-redir: Don't delay handling of open events to a bottom half
There is no need for this, and doing so means that a backend trying to
write immediately after an open event will see qemu_chr_be_can_write
returning 0, which not all backends handle well as there is no wakeup
mechanism to detect when the frontend does become writable.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:43:00 +02:00
Hans de Goede 181133404f usb-redir: Never return USB_RET_NAK for async handled packets
USB_RET_NAK is not a valid response for async handled packets (and will
trigger an assert as such).

Also drop the warning when receiving a status of cancelled for packets not
cancelled by qemu itself, this can happen when a device gets unredirected
by the usbredir-host while transfers are pending.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:42:59 +02:00
Hans de Goede cf1f81691d ehci: Correct a comment in fetchqtd packet processing
Since my previous comment said "Should never happen", I tried changing the
next line to an assert(0), which did not go well, which as the new comments
explains is logical if you think about it for a moment.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:42:59 +02:00
Hans de Goede eff6dce79b ehci: Handle USB_RET_PROCERR in ehci_fill_queue
USB_RET_PROCERR can be triggered by the guest (by for example requesting more
then BUFFSIZE bytes), so don't assert on it.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:42:59 +02:00
Hans de Goede ef5b234477 ehci: Fix memory leak in handling of NAK-ed packets
Currently each time we try to execute a NAK-ed packet we redo
ehci_init_transfer, and usb_packet_map, re-allocing (without freeing) the
sg list every time.

This patch fixes this, it does this by introducing another async state, so
that we also properly cleanup a NAK-ed packet on cancel.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:42:59 +02:00
Hans de Goede 3a8ca08e01 ehci: Add some additional ehci_trace_guest_bug() calls
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:42:59 +02:00
Gerd Hoffmann 1defcbd1e8 ehci: add doorbell trace events
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:42:59 +02:00
Gerd Hoffmann 5c514681ab ehci: trace guest bugs
make qemu_queue_{cancel,reset} return the number of packets released,
so the caller can figure whenever there have been active packets even
though there shouldn't have been any.  Add tracepoint to log this.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:42:59 +02:00
Gerd Hoffmann 616789cde2 ehci: check for EHCI_ASYNC_FINISHED first in ehci_free_packet
Otherwise we'll see the packet free twice in the trace log even though
it actually happens only once.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:42:59 +02:00
Hans de Goede 4b63a0df3b ehci: Properly report completed but not yet processed packets to the guest
Reported packets which have completed before being cancelled as such to the
host. Note that the new code path this patch adds is untested since it I've
been unable to actually trigger the race which needs this code path.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-09-11 07:42:59 +02:00
Hans de Goede 0e7953525f ehci: Properly cleanup packets on cancel
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-09-11 07:42:59 +02:00
Hans de Goede 522079dd44 ehci: Update copyright headers to reflect recent work
Update copyright headers to reflect all the work Gerd and I have been doing
on the EHCI emulation.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-09-11 07:42:59 +02:00
Hans de Goede dafe31fc2a ehci: Validate qh is not changed unexpectedly by the guest
-combine the qh check with the check for devaddr changes
-also ensure that p gets set to NULL when the queue gets cancelled on
 devaddr change, which was not done properly before this patch

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-09-11 07:42:59 +02:00
Hans de Goede 66f092d256 Revert "ehci: don't flush cache on doorbell rings."
This reverts commit 9bc3a3a216, which got
added to fix an issue where the real, underlying cause was not stopping
the ep queue on an error.

Now that the underlying cause is fixed by the "usb: Halt ep queue and
cancel pending packets on a packet error" patch, the "don't flush" fix
is no longer needed.

Not only is it not needed, it causes us to see cancellations (unlinks)
done by the Linux EHCI driver too late, which in combination with the new
usb-core packet-id generation where qtd addresses are used as ids, causes
duplicate ids for in flight packets.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-09-11 07:42:59 +02:00
Hans de Goede 9c1f67654a usb-core: Allow the first packet of a pipelined ep to complete immediately
This can happen with usb-redir live-migration when the packet gets re-queued
after the migration and the original queuing from the migration source side
has already finished.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:42:59 +02:00
Hans de Goede c13a9e6136 usb-core: Add a usb_ep_find_packet_by_id() helper function
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:42:59 +02:00
Hans de Goede cc40997489 usb-core: Don't set packet state to complete on a nak
This way the hcd can re-use the same packet to retry without needing
to re-init it.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:42:58 +02:00
Hans de Goede 45b339b18c usb: controllers do not need to check for babble themselves
If an (emulated) usb-device tries to write more data to a packet then
its iov len, this will trigger an assert in usb_packet_copy(), and if
a driver somehow circumvents that check and writes more data to the
iov then there is space, we have a much bigger problem then not correctly
reporting babble to the guest.

In practice babble will only happen with (real) redirected devices, and there
both the usb-host os and the qemu usb-device code already check for it.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-11 07:42:58 +02:00
Gerd Hoffmann 347e40ffe6 uas: move transfer kickoff
Kick next scsi transfer from request release callback instead of command
completion callback, otherwise we might get stuck in case scsi_req_unref()
doesn't release the request instantly due to someone else holding a
reference too.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31 15:47:57 +02:00
Hans de Goede adf478342b ehci: Fix interrupt endpoints no longer working
One of the recent changes (likely the addition of queuing support) has broken
interrupt endpoints, this patch fixes this.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-08-31 15:47:57 +02:00
Gerd Hoffmann 287fd3f1dd ehci: handle TD deactivation of inflight packets
Check the TDs of inflight packets, cancel
packets in case the guest clears the active bit.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31 15:47:35 +02:00
Gerd Hoffmann c7cdca3b85 ehci: add ehci_cancel_queue()
Factor out function to cancel all packets of a queue.
No behavior change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31 12:02:15 +02:00
Hans de Goede 574ef17191 ehci: simplify ehci_state_executing
ehci_state_executing does not need to check for p->usb_status == USB_RET_ASYNC
or USB_RET_PROCERR, since ehci_execute_complete already does a similar check
and will trigger an assert if either value is encountered.

USB_RET_ASYNC should never be the packet status when execute_complete runs
for obvious reasons, and USB_RET_PROCERR is only used by ehci_state_execute /
ehci_execute not by ehci_state_executing / ehci_execute_complete.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31 12:02:15 +02:00
Hans de Goede 53dd6f7032 ehci: Remove unnecessary ehci_flush_qh call
ehci_qh_do_overlay() already calls ehci_flush_qh() before it returns, calling
it twice is useless.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31 11:58:03 +02:00
Hans de Goede a1c3e4b839 ehci: Schedule async-bh when IAAD bit gets set
After the "ehci: Print a warning when a queue unexpectedly contains packets
on cancel" commit. Under certain reproducable conditions I was getting the
following message: "EHCI: Warning queue not empty on queue reset".

After aprox. 8 hours of debugging I've finally found the cause. The Linux EHCI
driver has an IAAD watchdog, to work around certain EHCI hardware sometimes
not acknowledging the doorbell at all. This watchdog has a timeout of 10 ms,
which is less then the time between 2 runs through the async schedule when
async_stepdown is at its highest value.

Thus the watchdog can trigger, after which Linux clears the IAAD bit and
re-uses the QH. IOW we were not properly detecting the unlink of the qh, due
to us missing (ignoring for more then 10 ms) the IAAD command, which triggered
the warning.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-08-31 11:58:03 +02:00
Hans de Goede 7ce86aa1aa ehci: Fix NULL ptr deref when unplugging an USB dev with an iso stream active
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2012-08-31 11:57:41 +02:00
Gerd Hoffmann e983395d30 usb: unique packet ids
This patch adds IDs to usb packets.  Those IDs are (a) supposed to be
unique for the lifecycle of a packet (from packet setup until the packet
is either completed or canceled) and (b) stable across migration.

uhci, ohci, ehci and xhci use the guest physical address of the transfer
descriptor for this.

musb needs a different approach because there is no transfer descriptor.
But musb also doesn't support pipelining, so we have never more than one
packet per endpoint in flight.  So we go create an ID based on endpoint
and device address.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31 11:57:23 +02:00
Hans de Goede 0132b4b659 usb: Halt ep queue en cancel pending packets on a packet error
For controllers which queue up more then 1 packet at a time, we must halt the
ep queue, and inside the controller code cancel all pending packets on an
error.

There are multiple reasons for this:
1) Guests expect the controllers to halt ep queues on error, so that they
get the opportunity to cancel transfers which the scheduled after the failing
one, before processing continues

2) Not cancelling queued up packets after a failed transfer also messes up
the controller state machine, in the case of EHCI causing the following
assert to trigger: "assert(p->qtdaddr == q->qtdaddr)" at hcd-ehci.c:2075

3) For bulk endpoints with pipelining enabled (redirection to a real USB
device), we must cancel all the transfers after this a failed one so that:
a) If they've completed already, they are not processed further causing more
   stalls to be reported, originating from the same failed transfer
b) If still in flight, they are cancelled before the guest does
   a clear stall, otherwise the guest and device can loose sync!

Note this patch only touches the ehci and uhci controller changes, since AFAIK
no other controllers actually queue up multiple transfer. If I'm wrong on this
other controllers need to be updated too!

Also note that this patch was heavily tested with the ehci code, where I had
a reproducer for a device causing a transfer to fail. The uhci code is not
tested with actually failing transfers and could do with a thorough review!

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-31 11:55:17 +02:00
Hans de Goede 47d073cc3b ehci: Fix setting of halt bit from usbcmd register updates
This fixes linux guests started without any USB devices not seeing newly
plugged devices until "lsusb" is done inside the guest.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-16 11:48:25 +02:00
Gerd Hoffmann 6d3b6d3d2d ehci: fix Interrupt Threshold Control implementation
First, not all interrupts are subject to Interrupt Threshold Control,
some of them must be delivered without delay.

Second, Interrupt Threshold Control state must be part of vmstate,
otherwise we might loose IRQs on migration.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-16 08:39:50 +02:00
Gerd Hoffmann 0daf53047d usb: update uas product id
Pick other product id to fix clash with audio.

Current usage list (after applying this patch):

46f4:0001 -- usb-storage
46f4:0002 -- usb-audio
46f4:0003 -- usb-uas

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-16 08:39:49 +02:00
Gerd Hoffmann c19537a114 usb: async control xfer fixup
Need to clear p->result after copying setup data using usb_packet_copy()
because we'll reuse the USBPacket for the data transfer.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-16 08:39:49 +02:00
Alejandro Martinez Ruiz df6839c7f7 ehci: fix assertion typo
Signed-off-by: Alejandro Martinez Ruiz <alex@securiforest.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-08-15 15:18:53 +01:00
Gerd Hoffmann 54414218d7 usb-storage: fix SYNCHRONIZE_CACHE
Commit 5931065907 is incomplete,
we'll arrive in the scsi command complete callback in CSW state
and must handle that case correctly.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-07 10:49:06 +02:00
Gerd Hoffmann 06f9847dc3 usb-storage: improve debug logging
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-08-07 10:49:06 +02:00
Stefan Hajnoczi b20c6b9e47 net: Rename qemu_del_vlan_client() to qemu_del_net_client()
Another step in moving the vlan feature out of net core.  Users only
deal with NetClientState and therefore qemu_del_vlan_client() should be
named qemu_del_net_client().

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2012-08-01 13:32:10 +01:00
Stefan Hajnoczi 4e68f7a081 net: Rename VLANClientState to NetClientState
The vlan feature is no longer part of net core.  Rename VLANClientState
to NetClientState because net clients are not explicitly associated with
a vlan at all, instead they have a peer net client to which they are
connected.

This patch is a mechanical search-and-replace except for a few
whitespace fixups where changing VLANClientState to NetClientState
misaligned whitespace.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2012-08-01 13:32:10 +01:00
Michael S. Tsirkin 5e59b02435 Merge branch pci into master
Merge master and pci branch, resolve build breakage in hw/esp.c
introduced by f90c2bcd.

Conflicts:
	hw/esp.c
2012-07-29 17:05:35 +03:00
Laszlo Ersek 2be64a68ed hw, net: "net_client_type" -> "NetClientOptionsKind" (qapi-generated)
NET_CLIENT_TYPE_ -> NET_CLIENT_OPTIONS_KIND_

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-07-23 11:55:18 +01:00
Anthony Liguori dfe1ce5d80 Merge remote-tracking branch 'kwolf/for-anthony' into staging
* kwolf/for-anthony: (41 commits)
  fdc-test: Clean up a bit
  fdc-test: introduce test_relative_seek
  fdc: fix relative seek
  qemu-iotests: Valgrind support
  coroutine-ucontext: Help valgrind understand coroutines
  qemu-io: Fix memory leaks
  hw/block-common: Factor out fall back to legacy -drive cyls=...
  blockdev: Don't limit DriveInfo serial to 20 characters
  hw/block-common: Factor out fall back to legacy -drive serial=...
  hw/block-common: Move BlockConf & friends from block.h
  Relax IDE CHS limits from 16383,16,63 to 65535,16,255
  blockdev: Drop redundant CHS validation for if=ide
  hd-geometry: Compute BIOS CHS translation in one place
  qtest: Test we don't put hard disk info into CMOS for a CD-ROM
  ide pc: Put hard disk info into CMOS only for hard disks
  block: Geometry and translation hints are now useless, purge them
  qtest: Cover qdev property for BIOS CHS translation
  ide: qdev property for BIOS CHS translation
  qdev: New property type chs-translation
  qdev: Collect private helpers in one place
  ...
2012-07-18 14:44:50 -05:00
Markus Armbruster 911525dba9 hw/block-common: Factor out fall back to legacy -drive serial=...
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-07-17 16:48:32 +02:00
Gerd Hoffmann afb7a0b85b ehci: improve expire time calculation
Move down the expire time calculation down in the frame timer, to the
point where the timer is actually reloaded.  This way we'll notice any
async_stepdown changes (especially resetting to 0 due to usb activity).

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-12 15:00:50 +02:00
Gerd Hoffmann 7efc17af9a ehci: implement Interrupt Threshold Control support
Also reorganize and comment the irq functions while being at it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-12 15:00:50 +02:00
Gerd Hoffmann f0ad01f92c ehci: raise irq in the frame timer
With the async schedule being kicked from other places than the frame
timer (commit 0f588df8b3) it may happen
that we call ehci_commit_interrupt() more than once per frame.

Move the call from the async schedule handler to the frame timer to
restore old irq behavior, which is more correct.  Fixes regressions
with some linux kernel versions.

TODO: implement full Interrupt Threshold Control support.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-12 15:00:50 +02:00
Gerd Hoffmann 75f151cd27 uhci: initialize expire_time when loading v1 vmstate
$subject says all: when loading old (v1) vmstate which doesn't contain
expire_time initialize it with a reasonable default (current time).

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-12 15:00:50 +02:00
Gerd Hoffmann 0f58f68b58 usb: add usb attached scsi emulation
$subject says all.  First cut.

It's a pure UAS (usb attached scsi) emulation, without BOT (bulk-only
transport) compatibility.  If your guest can't handle it use usb-storage
instead.

The emulation works like any other scsi hba emulation (eps, lsi, virtio,
megasas, ...).  It provides just the HBA where you can attach scsi
devices as you like using '-device'.  A single scsi target with up to
256 luns is supported.

For now only usb 2.0 transport is supported.  This will change in the
future though as I plan to use this as playground when codeing up &
testing usb 3.0 transport and streams support in the qemu usb core and
the xhci emulation.

No migration support yet.  I'm planning to add usb 3.0 support first as
this probably requires saving additional state.

Special thanks go to Paolo for bringing the qemu scsi emulation into
shape, so this can be added nicely without having to touch a single line
of scsi code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-12 15:00:39 +02:00
Anthony Liguori 23797df3d9 Merge remote-tracking branch 'mjt/mjt-iov2' into staging
* mjt/mjt-iov2:
  rewrite iov_send_recv() and move it to iov.c
  cleanup qemu_co_sendv(), qemu_co_recvv() and friends
  export iov_send_recv() and use it in iov_send() and iov_recv()
  rename qemu_sendv to iov_send, change proto and move declarations to iov.h
  change qemu_iovec_to_buf() to match other to,from_buf functions
  consolidate qemu_iovec_copy() and qemu_iovec_concat() and make them consistent
  allow qemu_iovec_from_buffer() to specify offset from which to start copying
  consolidate qemu_iovec_memset{,_skip}() into single function and use existing iov_memset()
  rewrite iov_* functions
  change iov_* function prototypes to be more appropriate
  virtio-serial-bus: use correct lengths in control_out() message

Conflicts:
	tests/Makefile

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-07-09 12:35:06 -05:00
Gerd Hoffmann c32da15188 usb-host: add trace events for iso xfers
Replace iso transfer fprintf's with trace points.  Also rename existing
tracepoints so they all match usb_host_iso_*.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09 11:59:55 +02:00
Gerd Hoffmann 7c37e6a4c4 usb: fix interface initialization
zero is a valid interface number, so don't use it when resetting the
endpoints.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09 11:59:55 +02:00
Gerd Hoffmann 19deaa089c usb: split endpoint init and reset
Create a new usb_ep_reset() function to reset endpoint state, without
re-initialiting the queues, so we don't unlink in-flight packets just
because usb-host has to re-parse the descriptor tables.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09 11:59:54 +02:00
Hans de Goede adae502c0a usb-redir: Correctly handle the usb_redir_babble usbredir status
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09 11:59:54 +02:00
Hans de Goede 379521175c ehci: Kick async schedule on wakeup in the non companion case
Commit 0f588df8b3, added code
to ehci_wakeup to kick the async schedule on wakeup, but the else
was positioned wrong making it trigger for devices which are routed
to the companion rather then to the ehci controller itself.

This patch fixes this. Note that the "programming style" with using the
return at the end of the companion block matches how the companion case
is handled in the other ports ops, and is done this way for consistency.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09 11:59:54 +02:00
Hans de Goede 7341ea075c usb-ehci: Fix an assert whenever isoc transfers are used
hcd-ehci.c is missing an usb_packet_init() call for the ipacket UsbPacket
it uses for isoc transfers, triggering an assert (taking the entire vm down)
in usb_packet_setup as soon as any isoc transfers are done by a high speed
USB device.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09 11:59:54 +02:00
Gerd Hoffmann 9bc3a3a216 ehci: don't flush cache on doorbell rings.
Commit 4be23939ab makes ehci instantly
zap any unlinked queue heads when the guest rings the doorbell.

While hacking up uas support this turned out to be a problem.  The linux
kernel can unlink and instantly relink the very same queue head, thereby
killing any async packets in flight.  That alone isn't an issue yet, the
packet will canceled and resubmitted and everything is fine.  We'll run
into trouble though in case the async packet is completed already, so we
can't cancel it any more.  The transaction is simply lost then.

usb_ehci_qh_ptrs q (nil) - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95feba90a0 - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95fe515210 - QH @ 39c4f120: next 39c4f0c2 qtds 29dbce40,29dbc4e0,00000009
usb_ehci_qh_fields QH @ 39c4f120 - rl 4, mplen 512, eps 2, ep 1, dev 2
usb_ehci_packet_action q 0x7f95fe515210 p 0x7f95fdec32a0: alloc
usb_packet_state_change bus 0, port 2, ep 1, packet 0x7f95fdec32e0, state undef -> setup
usb_ehci_packet_action q 0x7f95fe515210 p 0x7f95fdec32a0: process
usb_uas_command dev 2, tag 0x2, lun 0, lun64 00000000-00000000
scsi_req_parsed target 0 lun 0 tag 2 command 42 dir 2 length 16384
scsi_req_parsed_lba target 0 lun 0 tag 2 command 42 lba 5933312
scsi_req_alloc target 0 lun 0 tag 2
scsi_req_continue target 0 lun 0 tag 2
scsi_req_data target 0 lun 0 tag 2 len 16384
usb_uas_scsi_data dev 2, tag 0x2, bytes 16384
usb_uas_write_ready dev 2, tag 0x2
usb_packet_state_change bus 0, port 2, ep 1, packet 0x7f95fdec32e0, state setup -> complete
usb_ehci_packet_action q 0x7f95fe515210 p 0x7f95fdec32a0: free
usb_ehci_qh_ptrs q 0x7f95fdec3210 - QH @ 39c4f0c0: next 39c4f002 qtds 29dbce40,00000001,00000009
usb_ehci_qh_fields QH @ 39c4f0c0 - rl 4, mplen 512, eps 2, ep 2, dev 2
usb_ehci_queue_action q 0x7f95fe5152a0: free
usb_packet_state_change bus 0, port 2, ep 2, packet 0x7f95feba9170, state async -> complete
^^^ async packets completes.
usb_ehci_packet_action q 0x7f95fdec3210 p 0x7f95feba9130: wakeup

usb_ehci_qh_ptrs q (nil) - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95feba90a0 - QH @ 39c4f000: next 39c4f122 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95fe515210 - QH @ 39c4f120: next 39c4f002 qtds 29dbc4e0,29dbc8a0,00000009
usb_ehci_qh_fields QH @ 39c4f120 - rl 4, mplen 512, eps 2, ep 1, dev 2
usb_ehci_queue_action q 0x7f95fdec3210: free
usb_ehci_packet_action q 0x7f95fdec3210 p 0x7f95feba9130: free
^^^ endpoint #2 queue head removed from schedule, doorbell makes ehci zap the queue,
    the (completed) usb packet is freed too and gets lost.

usb_ehci_qh_ptrs q (nil) - QH @ 39c4f000: next 39c4f0c2 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_qh_ptrs q 0x7f95feba90a0 - QH @ 39c4f000: next 39c4f0c2 qtds 00000000,00000001,39c50000
usb_ehci_qh_fields QH @ 39c4f000 - rl 0, mplen 0, eps 0, ep 0, dev 0
usb_ehci_queue_action q 0x7f9600dff570: alloc
usb_ehci_qh_ptrs q 0x7f9600dff570 - QH @ 39c4f0c0: next 39c4f122 qtds 29dbce40,00000001,00000009
usb_ehci_qh_fields QH @ 39c4f0c0 - rl 4, mplen 512, eps 2, ep 2, dev 2
usb_ehci_packet_action q 0x7f9600dff570 p 0x7f95feba9130: alloc
usb_packet_state_change bus 0, port 2, ep 2, packet 0x7f95feba9170, state undef -> setup
usb_ehci_packet_action q 0x7f9600dff570 p 0x7f95feba9130: process
usb_packet_state_change bus 0, port 2, ep 2, packet 0x7f95feba9170, state setup -> async
usb_ehci_packet_action q 0x7f9600dff570 p 0x7f95feba9130: async
^^^ linux kernel relinked the queue head, ehci creates a new usb packet,
    but we should have delivered the completed one instead.
usb_ehci_qh_ptrs q 0x7f95fe515210 - QH @ 39c4f120: next 39c4f002 qtds 29dbc4e0,29dbc8a0,00000009
usb_ehci_qh_fields QH @ 39c4f120 - rl 4, mplen 512, eps 2, ep 1, dev 2

So instead of instantly zapping the queue we'll set a flag that the
queue needs revalidation in case we'll see it again in the schedule.
ehci then checks that the queue head fields addressing / describing the
endpoint and the qtd pointer match the cached content before reusing it.

Cc: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09 11:59:53 +02:00
Gerd Hoffmann 4ed1c57a64 ehci: fix td writeback
Only write back the dwords the hc is supposed to update.  Should not
make a difference in theory as the guest must not touch the td while
it is active to avoid races.  But it is still more correct.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09 09:57:46 +02:00
Gerd Hoffmann a5e0139ab6 ehci: fix ehci_qh_do_overlay
Use ehci_flush_qh to make sure we touch inly the fields the hc is
allowed to touch.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-07-09 09:57:46 +02:00
Alex Williamson f90c2bcdbc pci: convert PCIUnregisterFunc to void
Not a single driver has any possibility of failure on their
exit function, let's keep it that way.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2012-07-04 15:52:55 +03:00
David Gibson e2f89926f1 usb: Convert usb_packet_{map, unmap} to universal DMA helpers
The USB UHCI and EHCI drivers were converted some time ago to use the
pci_dma_*() helper functions.  However, this conversion was not complete
because in some places both these drivers do DMA via the usb_packet_map()
function in usb-libhw.c.  That function directly used
cpu_physical_memory_map().

Now that the sglist code uses DMA wrappers properly, we can convert the
functions in usb-libhw.c, thus conpleting the conversion of UHCI and EHCI
to use the DMA wrappers.

Note that usb_packet_map() invokes dma_memory_map() with a NULL invalidate
callback function.  When IOMMU support is added, this will mean that
usb_packet_map() and the corresponding usb_packet_unmap() must be called in
close proximity without dropping the qemu device lock - otherwise the guest
might invalidate IOMMU mappings while they are still in use by the device
code.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-06-27 16:33:25 -05:00
David Gibson 9ac6a217f2 usb-ohci: Use universal DMA helper functions
The OHCI device emulation can provide both PCI and SysBus OHCI
implementations.  Because of this, it was not previously converted to
use the PCI DMA helper functions.

This patch converts it to use the new universal DMA helper functions.
In the PCI case, it obtains its DMAContext from pci_dma_context(), in
the SysBus case, it uses NULL - i.e. assumes for now that there will
be no IOMMU translation for a SysBus OHCI.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-06-27 16:33:25 -05:00
Gerd Hoffmann 77fa9aee38 uhci: fix uhci_async_cancel_all
We update the QTAILQ in the loop, thus we must use the SAFE version
to make sure we don't touch the queue struct after freeing it.

https://bugzilla.novell.com/show_bug.cgi?id=766310

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-20 14:46:02 +02:00
Gerd Hoffmann a229c0535b usb-host: live migration support
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-20 14:46:02 +02:00
Gerd Hoffmann a844ed842d usb-host: attach only to running guest
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-20 14:46:02 +02:00
Gerd Hoffmann 30e9d4120f ehci: tracing improvements
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-20 14:46:02 +02:00
Gerd Hoffmann 495d544798 usb: restore USBDevice->attached on vmload
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-20 14:46:02 +02:00
Gerd Hoffmann 9a77340827 ehci: add live migration support
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-20 14:46:02 +02:00
Crístian Viana 93bfef4c6e Allow machines to configure the QEMU_VERSION that's exposed via hardware
QEMU exposes its version to the guest's hardware and in some cases that is wrong
(e.g. Windows prints messages about driver updates when you switch
the QEMU version).
There is a new field now on the struct QEmuMachine, hw_version, which may
contain the version that the specific machine should report. If that field is
set, then that machine will report that version to the guest.

Signed-off-by: Crístian Viana <vianac@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-06-19 13:36:56 -05:00
Anthony Liguori 0d936928ef qdev: Convert busses to QEMU Object Model
This is far less interesting than it sounds.  We simply add an Object to each
BusState and then register the types appropriately.  Most of the interesting
refactoring will follow in the next patches.

Since we're changing fundamental type names (BusInfo -> BusClass), it all needs
to convert at once.  Fortunately, not a lot of code is affected.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[AF: Made all new bus TypeInfos static const.]
[AF: Made qbus_free() call object_delete(), required {qom,glib}_allocated]
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-06-18 15:14:38 +02:00
Anthony Liguori 09e5ab6360 qdev: Use wrapper for qdev_get_path
This makes it easier to remove it from BusInfo.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[AF: Drop now unnecessary NULL initialization in scsibus_get_dev_path()]
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-06-18 15:14:38 +02:00
Paolo Bonzini bce544740a qdev: Move bus properties to abstract superclasses
In qdev, each bus in practice identified an abstract superclass, but
this was mostly hidden.  In QOM, instead, these abstract classes are
explicit so we can move bus properties there.

All bus property walks are removed, and all device property walks
are changed to look along the class hierarchy instead.

We would have duplicates if class A defines some properties and its
subclass B does not define any, because class_b->props will be
left equal to class_a->props.

The solution here is to reintroduce the class_base_init TypeInfo
callback, that was present in one of the early QOM versions but
removed (on my request...) before committing.

This breaks global bus properties, an obscure feature when used
with the command-line which is actually useful and used when used by
backwards-compatible machine types.  So this patch also adjusts the
global bus properties in hw/pc_piix.c to refer to the abstract class.

Globals and other properties must be modified in the same patch to
avoid complications related to initialization ordering.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-06-18 15:14:37 +02:00
Paolo Bonzini 3cb75a7cba qdev: Move bus properties to a separate global
Simple code movement in order to simplify future refactoring.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-06-18 15:14:37 +02:00
Anthony Liguori 39cde84517 Merge remote-tracking branch 'kraxel/usb.52' into staging
* kraxel/usb.52: (37 commits)
  ehci: rework frame skipping
  ehci: adaptive wakeup rate.
  ehci: create ehci_update_frindex
  ehci: remove unused attach_poll_counter
  ehci: fix halt status handling
  ehci: update status bits in ehci_set_state
  ehci: add ehci_*_enabled() helpers
  ehci: fix reset
  ehci: kick async schedule on wakeup
  ehci: schedule async bh on async packet completion
  ehci: move async schedule to bottom half
  ehci: add async field to EHCIQueue
  ehci: tweak queue initialization
  ehci: add queuing support
  ehci: move ehci_flush_qh
  ehci: cache USBDevice in EHCIQueue
  ehci: make ehci_execute work on EHCIPacket instead of EHCIQueue
  ehci: add EHCIPacket
  xhci: trace: slots
  xhci: trace: transfers
  ...
2012-06-11 12:07:00 -05:00
Michael Tokarev dcf6f5e15e change iov_* function prototypes to be more appropriate
Reorder arguments to be more natural, readable and
consistent with other iov_* functions, and change
argument names, from:
 iov_from_buf(iov, iov_cnt, buf, iov_off, size)
to
 iov_from_buf(iov, iov_cnt, offset, buf, bytes)

The result becomes natural English:

 copy data to this `iov' vector with `iov_cnt'
 elements starting at byte offset `offset'
 from memory buffer `buf', processing `bytes'
 bytes max.

(Try to read the original prototype this way).

Also change iov_clear() to more general iov_memset()
(it uses memset() internally anyway).

While at it, add comments to the header file
describing what the routines actually does.

The patch only renames argumens in the header, but
keeps old names in the implementation.  The next
patch will touch actual code to match.

Now, it might look wrong to pay so much attention
to so small things.  But we've so many badly designed
interfaces already so the whole thing becomes rather
confusing or error prone.  One example of this is
previous commit and small discussion which emerged
from it, with an outcome that the utility functions
like these aren't well-understdandable, leading to
strange usage cases.  That's why I paid quite some
attention to this set of functions and a few
others in subsequent patches.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2012-06-07 20:43:38 +04:00
Gerd Hoffmann f020ed36fe ehci: rework frame skipping
Move the framecount check out of the loop and use the new
ehci_update_frindex function to skip frames if needed.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:23 +02:00
Gerd Hoffmann 3a21532626 ehci: adaptive wakeup rate.
Adapt the frame timer sleeps according to the actual needs.  With the
periodic schedule being active we'll have to wakeup 1000 times per
second and go check for work.  In case only the async schedule is active
we can be more lazy though.  When idle ehci will increate the sleep time
step by step, so qemu has to wake up less frequently.  When we'll see
transactions on the bus or the guest fiddles with the schedule
enable/disable bits we'll return to a 1000 Hz wakeup rate and full
speed.  With both schedules disabled we stop wakeups altogether.

This patch also drops the freq property (configures wakeup rate
manually) which is obsoleted by this patch.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:23 +02:00
Gerd Hoffmann 6ceced0b2e ehci: create ehci_update_frindex
Factor out code from ehci_frame_timer.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:23 +02:00
Gerd Hoffmann 863b474163 ehci: remove unused attach_poll_counter
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:23 +02:00
Gerd Hoffmann daf25307b4 ehci: fix halt status handling
When the enable bits for controller / async schedule / periodic schedule
change just make sure we kick the frame timer and let
ehci_advance_periodic_state and ehci_advance_async_state handle the
controller state changes.

This will make ehci set USBSTS_HALT when the controller shutdown is
actually done, once both schedules are in inactive state and the
USBSTS_PSS and USBSTS_ASS bits are clear.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:23 +02:00
Gerd Hoffmann b53f685d63 ehci: update status bits in ehci_set_state
Update the status register in the ehci_set_state function, to make sure
the guest-visible register is in sync with our internal schedule state.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:23 +02:00
Gerd Hoffmann ec807d12bd ehci: add ehci_*_enabled() helpers
Add helper functions to query whenever the async / periodic schedule
is enabled or not.  Put them into use too.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:23 +02:00
Gerd Hoffmann 7046530c36 ehci: fix reset
Check for the reset bit first when processing USBCMD register writes.
Also break out of the switch, there is no need to check the other bits.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:22 +02:00
Gerd Hoffmann 0f588df8b3 ehci: kick async schedule on wakeup
Kick async schedule when we get a wakeup
notification from a usb device.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:22 +02:00
Gerd Hoffmann ae710b9905 ehci: schedule async bh on async packet completion
When a packet completes which happens to be part of the async schedule
kick the async bottom half for processing,

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:22 +02:00
Gerd Hoffmann 0fb3e299bd ehci: move async schedule to bottom half
This way we can kick the async schedule independant from the
periodic frame timer.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:22 +02:00
Gerd Hoffmann ae0138a8ea ehci: add async field to EHCIQueue
Keep track whenever a EHCIQueue is part of the async or periodic
schedule.  This way we don't have to pass around the async flag
everywhere but can look it up from the EHCIQueue struct when needed.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:22 +02:00
Gerd Hoffmann 8f6d5e26b1 ehci: tweak queue initialization
Little tweak for the queue initialization, set the QH address in the
allocation function.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:22 +02:00
Gerd Hoffmann 773dc9cdfd ehci: add queuing support
Add packet queuing.  Follow the qTD chain to see if there are more
packets we can submit.  Improves performance on larger transfers,
especially with usb-host, as we don't have to wait for a packet to
finish before sending the next one to the host for processing.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:22 +02:00
Gerd Hoffmann cd6657156e ehci: move ehci_flush_qh
Move ehci_flush_qh() function up in the source code.
No code change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:22 +02:00
Gerd Hoffmann e59928b3d1 ehci: cache USBDevice in EHCIQueue
Keep a USBDevice pointer in EHCIQueue so we don't have to lookup the
device on each usb packet submission.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:22 +02:00
Gerd Hoffmann 4224558f87 ehci: make ehci_execute work on EHCIPacket instead of EHCIQueue
This way it is possible to use ehci_execute to submit others than the
first EHCIPacket of the EHCIQueue.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:22 +02:00
Gerd Hoffmann eb36a88e6b ehci: add EHCIPacket
Add a separate EHCIPacket struct and move fields over from EHCIQueue.
Preparing for supporting multiple packets per queue being in flight at
the same time.  No functional changes yet.

Fix some codestyle issues along the way.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:22 +02:00
Gerd Hoffmann 348f10374a xhci: trace: slots
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:22 +02:00
Gerd Hoffmann 97df650bb9 xhci: trace: transfers
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:22 +02:00
Gerd Hoffmann c1f6b49326 xhci: trace: endpoints
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:22 +02:00
Gerd Hoffmann 0703a4a7a6 xhci: trace: ring fetch
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:22 +02:00
Gerd Hoffmann 7acd279f83 xhci: trace: irq + events
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:21 +02:00
Gerd Hoffmann fc0ddaca33 xhci: trace: run+stop
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:21 +02:00
Gerd Hoffmann 2d754a10e4 xhci: trace: mmio reads+writes
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:21 +02:00
Jan Kiszka 64619739c4 xhci: Clean up reset function
Properly register reset function via the device class.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:21 +02:00
Gerd Hoffmann 5de88b1d46 usb-storage: migration support
With all scsi migration support bits in place the
final step is pretty simple ;)

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:21 +02:00
Gerd Hoffmann 1dc903673a usb-storage: add scsi_off, remove scsi_buf
Repace the running buffer pointer (scsi_buf) with a buffer offset
field (scsi_off).  The later is alot easier to live-migrate.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:21 +02:00
Gerd Hoffmann 1e6ed80b90 usb-storage: add usb_msd_packet_complete()
Factor out packet completion to a separate function which
cares to get the MSDState->packet update right.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:21 +02:00
Gerd Hoffmann 0659879e6e usb-storage: remove MSDState->residue
We have the field twice, once in MSDState directly and one in the status
word struct.  Drop one.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:21 +02:00
Gerd Hoffmann 973002c114 uhci: fix irq routing
The multifunction ich9 ehci controller with uhci companions uses a
different interrupt pin for each function.  The three uhci devices
get pins A, B and C, whereas ehci uses pin D.  This way the guest
can assign different IRQ lines to each controller.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:20 +02:00
Gerd Hoffmann 5852d3bfe1 uhci: zap uhci_pre_save
Cancel transactions before saving vmstate is pretty pointless and just
causes disruptions.  We need to cancel them before *loading* vmstate,
but in that case uhci_reset() handles it already and no special action
is needed.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:20 +02:00
Gerd Hoffmann 40141d12de uhci: make bandwidth tunable
Add a property for the uhci bandwidth.  Can be used to make uhci
emulation run faster than real hardware.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:20 +02:00
Gerd Hoffmann 9a16c5950d uhci: use bottom half
Schedule bottom half on completion of async packets instead of calling
uhci_process_frame directly.  This way we run uhci_process_frame only
once in case multiple packets finish in a row.  Also check whenever
there is bandwidth left before scheduling uhci_process_frame.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:20 +02:00
Gerd Hoffmann 4aed20e2d7 uhci: fix bandwidth management
uhci_process_frame() can be invoked multiple times per frame, so
accounting usb bandwith in a local variable doesn't fly, use a variable
in UHCIState instead.  Also check the limit more frequently.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-07 10:02:20 +02:00
Paolo Bonzini be1029ec30 build: convert libhw to nested Makefile.objs
After this patch, the libhw* directories will have a hierarchy
that mimics the source tree.  This is useful because we do have
a couple of files there that are in the top source directory.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-06-07 09:21:17 +02:00
Paolo Bonzini 3d5a3f9a7f build: move target-independent hw/ objects to nested Makefile.objs
This patch starts converting the hw/ directory.  Some files in hw/
are compiled once, some twice (32-/64-bit), some once per target.
Each category is moved in a separate patch.

After this patch, the files that are compiled once will show the
same hierarchy in the build tree as they do in the source tree,
for example hw/qdev.o instead of just qdev.o.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-06-07 09:21:16 +02:00
Luiz Capitulino 4559a1dbcc net: net_client_init(): use error_set()
Callers are changed to use qerror_report_err() to keep their QError
semantics.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-By: Laszlo Ersek <lersek@redhat.com>
2012-06-04 13:49:35 -03:00
Luiz Capitulino 42dcc547e1 net: purge the monitor object from all init functions
The only backend that really uses it is the socket one, which calls
monitor_get_fd(). But it can use 'cur_mon' instead.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-By: Laszlo Ersek <lersek@redhat.com>
2012-06-04 13:49:35 -03:00
Luiz Capitulino 8be7e7e4c7 qemu-option: qemu_opts_create(): use error_set()
This commit converts qemu_opts_create() from qerror_report() to
error_set().

Currently, most calls to qemu_opts_create() can't fail, so most
callers don't need any changes.

The two cases where code checks for qemu_opts_create() erros are:

 1. Initialization code in vl.c. All of them print their own
    error messages directly to stderr, no need to pass the Error
    object

 2. The functions opts_parse(), qemu_opts_from_qdict() and
    qemu_chr_parse_compat() make use of the error information and
    they can be called from HMP or QMP. In this case, to allow for
    incremental conversion, we propagate the error up using
    qerror_report_err(), which keeps the QError semantics

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-By: Laszlo Ersek <lersek@redhat.com>
2012-06-04 13:49:34 -03:00
Anthony Liguori 7a85d1cf1c Merge remote-tracking branch 'kraxel/usb.50' into staging
* kraxel/usb.50:
  usb-host: handle guest-issued clear halt
2012-05-14 10:07:23 -05:00
Gerd Hoffmann a2498f76b8 usb-host: handle guest-issued clear halt
Most important here is to update our internal endpoint state so we know
the endpoint isn't in halted state any more.  Without this usb-host
tries to clear halt again with the next data transfer submitted.  Doing
this twice is (a) not correct and (b) confuses some usb devices,
rendering them non-functional in the guest.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-05-14 10:22:20 +02:00
Jim Meyering a31f053129 fix some common typos
These were identified using: http://github.com/lyda/misspell-check
and run like this to create a bourne shell script using GNU sed's
-i option:

git ls-files|grep -vF .bin | misspellings -f - |grep -v '^ERROR:' |perl \
-pe 's/^(.*?)\[(\d+)\]: (\w+) -> "(.*?)"$/sed -i '\''${2}s!$3!$4!'\'' $1/'

Manually eliding the FP, "rela->real" and resolving "addres" to
address (not "adders") we get this:

  sed -i '450s!thru!through!' Changelog
  sed -i '260s!neccessary!necessary!' coroutine-sigaltstack.c
  sed -i '54s!miniscule!minuscule!' disas.c
  sed -i '1094s!thru!through!' hw/usb/hcd-ehci.c
  sed -i '1095s!thru!through!' hw/usb/hcd-ehci.c
  sed -i '21s!unecessary!unnecessary!' qapi-schema-guest.json
  sed -i '307s!explictly!explicitly!' qemu-ga.c
  sed -i '490s!preceeding!preceding!' qga/commands-posix.c
  sed -i '792s!addres!address!' qga/commands-posix.c
  sed -i '6s!beeing!being!' tests/tcg/test-mmap.c

Also, manually fix "arithmentic", spotted by Peter Maydell:

  sed -i 's!arithmentic!arithmetic!' coroutine-sigaltstack.c

Signed-off-by: Jim Meyering <meyering@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2012-05-14 07:27:24 +02:00
Gerd Hoffmann aba1f24283 usb-uhci: update irq line on reset
uhci_reset() clears irq mask and irq status registers, but doesn't
update the irq line.  Which may result in suspious IRQs after uhci
reset.  Fix it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:17 +02:00
Gerd Hoffmann 9d55d1adc8 usb: add serial number generator
This patch adds a function which creates unique serial numbers for usb
devices and puts it into use.  Windows guests tend to become unhappy if
they find two identical usb devices in the system.  Effects range from
non-functional devices (with yellow exclamation mark in device manager)
to BSODs.  Handing out unique serial numbers to devices fixes this.

With this patch applied almost all emulated devices get a generated,
unique serial number.  There are two exceptions:

 * usb-storage devices will prefer a user-specified serial number
   and will only get a generated number in case the serial property
   is unset.
 * usb-hid devices keep the fixed serial number "42" as it is used
   to signal "remote wakeup actually works".
   See commit 7b074a22da

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:17 +02:00
Hans de Goede b15cf49b78 usb-redir: Not finding an async urb id is not an error
We clear our pending async urb list on device disconnect and we may still
receive "packet complete" packets from our peer after this, which will then
refer to packet ids no longer in our list.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:17 +02:00
Hans de Goede a0625c56e0 usb-redir: Reset device address and speed on disconnect
Without this disconnected devices look like the last redirected device
in the monitor in "info usb".

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:17 +02:00
Hans de Goede 1510168e27 usb-redir: An interface count of 0 is a valid value
An interface-count of 0 happens when a device is in unconfigured state when
it gets redirected. So we should not use 0 to detect not having received
interface info from our peer.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:17 +02:00
Lai Jiangshan 215bff17ed usb-xhci: fix bit test
use & instead of the wrong &&

Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:16 +02:00
David Gibson 59a70ccd3b usb-xhci: Use PCI DMA helper functions
Shortly before 1.0, we added helper functions / wrappers for doing PCI DMA
from individual devices.  This makes what's going on clearer and means that
when we add IOMMU support somewhere in the future, only the general PCI
code will have to change, not every device that uses PCI DMA.

However, usb-xhci is not using these wrappers, despite being a PCI only
device.  This patch remedies the situation, using the pci dma functions
instead of direct calls to cpu_physical_memory_{read,write}().  Likewise
address parameters for DMA are changed to dma_addr_t instead of
target_phys_addr_t.

[ kraxel: removed #ifdefs ]

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:16 +02:00
Gerd Hoffmann 0b377169b1 usb-host: fix zero-length packets
usb-host optimizes away zero-length packets by not entering the
processing loop at all.  Which isn't correct, we should submit a
zero-length urb to the host devicein that case.  This patch makes
sure we run the processing loop at least once.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:16 +02:00
Gerd Hoffmann 818d59dc17 usb-host: don't dereference invalid iovecs
usb-host assumes the first iovec element is always valid.
In case of a zero-length packet this isn't true though.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:16 +02:00
Gerd Hoffmann 6d7aeeeb89 usb-storage: fix request canceling
Little fix for usb packet handling on i/o cancelation.  The
usb packet pointer (s->packet) is cleared at the wrong place:
The scsi request cancel handler does it.  When a usb packet
is canceled the usb-storage emulation canceles the scsi request
if present.  In most cases there is one, so usually s->packet
is cleared as needed even with the code sitting at the wrong
place.

If there is no scsi request in flight s->packet is not cleared
though.  The usb-storage emulation will then try to complete an
usb packet which is not in flight any more and thereby trigger
an assert() in the usb core.

Fix this by clearing s->packet at the correct place, which is
the usb packet cancel header.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:16 +02:00
Hans de Goede 8a771f77e2 usb-ehci: Ensure frindex writes leave a valid frindex value
frindex is a 14 bits counter, so bits 31-14 should always be 0, and
after the commit titled "usb-ehci: frindex always is a 14 bits counter"
we rely on frindex always being a multiple of 8. I've not seen this in
practice, but theoretically a guest can write a value >= 0x4000 or a value
which is not a multiple of 8 value to frindex, this patch ensures that
things will still work when that happens.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:15 +02:00
Gerd Hoffmann 0cc6a0f19e usb-ehci: add missing usb_packet_init() call
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:15 +02:00
Gerd Hoffmann e59a8cf1eb usb-ehci: remove hack
To answer the question in the comment removed by this patch:  I think
this was needed because several places in the ehci emulation did not
check the T bit of link entries correctly and thus might have followed
invalid references.  See commit 2a5ff735dc

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-26 12:21:15 +02:00
Gerd Hoffmann c7020c9740 usb-ehci: drop assert()
Not sure what the purpose of the assert() was, in any case it is bogous.
We can arrive there if transfer descriptors passed to us from the guest
failed to pass sanity checks, i.e. it is guest-triggerable.  We deal
with that case by resetting the host controller.  Everything is ok, no
need to throw a core dump here.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:29 +02:00
Hans de Goede 714f9db06c usb-redir: Notify our peer when we reject a device due to a speed mismatch
Also cleanup (reset) our device state when we reject a device due to a
speed mismatch.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Hans de Goede 8e24283b26 usb-ehci: Drop unused sofv value
The sofv value only ever gets a value assigned and is never used (read)
anywhere, so we can just drop it.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann 96dd9aac37 usb-host: rewrite usb_linux_update_endp_table
This patch carries a complete rewrite of the usb descriptor parser.
Changes / improvements:

 * We are using the USBDescriptor struct instead of hard-coded offsets
   now to access descriptor data.
 * (debug) printfs are all gone, tracepoints have been added instead.
 * We don't try (and fail) to skip over unneeded descriptors.  We parse
   them all one by one.  We keep track of which configuration, interface
   and altsetting we are looking at and use this information to figure
   which desciptors are in use and which we can ignore.
 * On parse errors we clear all endpoint information, which will
   disallow any communication with the device, except control endpoint
   messages.  This makes sure we don't end up with a silly device state
   where half of the endpoints got enabled and the other half was left
   disabled.
 * Some sanity checks have been added.

The new parser is more robust and also leaves complete device
information in the trace log if you enable the ush_host_parse_*
tracepoints.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann e36a20d329 usb: use USBDescriptor for endpoint descriptors.
Add endpoint descriptor substruct to USBDescriptor,
use it in the descriptor generator code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann feafd797ee usb: use USBDescriptor for interface descriptors.
Add interface descriptor substruct to USBDescriptor,
use it in the descriptor generator code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann 0a263db17a usb: use USBDescriptor for config descriptors.
Add config descriptor substruct to USBDescriptor,
use it in the descriptor generator code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann 3cfeee6177 usb: use USBDescriptor for device qualifier descriptors.
Add device qualifier substruct to USBDescriptor,
use it in the descriptor generator code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann d3f904ea7b usb: add USBDescriptor, use for device descriptors.
This patch adds a new type for the binary representation of usb
descriptors.  It is put into use for the descriptor generator code
where the struct replaces the hard-coded offsets.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Hans de Goede 58ea88d87a usb-ehci: frindex always is a 14 bits counter
frindex always is a 14 bits counter, and not a 13 bits one as we were
emulating. There are some subtle hints to this in the spec, first of all
"Table 2-12. FRINDEX - Frame Index Register" says:
"Bit 13:0 Frame Index. The value in this register increments at the end of
each time frame (e.g. micro-frame). Bits [N:3] are used for the Frame List
current index. This means that each location of the frame list is accessed
8 times (frames or micro-frames) before moving to the next index. The
following illustrates values of N based on the value of the Frame List
Size field in the USBCMD register.

USBCMD[Frame List Size]	Number Elements		 N
00b				1024		12
01b				 512		11
10b				 256		10
11b			    Reserved"

Notice how the text talks about "Bits [N:3]" are used ..., it does
NOT say that when N == 12 (our case) the counter will wrap from 8191 to 0,
or in otherwords that it is a 13 bits counter (bits 0 - 12).

The other hint is in "Table 2-10. USBSTS USB Status Register Bit Definitions":

"Bit 3 Frame List Rollover - R/WC. The Host Controller sets this bit to a one
when the Frame List Index (see Section 2.3.4) rolls over from its maximum value
to zero. The exact value at which the rollover occurs depends on the frame
list size. For example, if the frame list size (as programmed in the Frame
List Size field of the USBCMD register) is 1024, the Frame Index Register
rolls over every time FRINDEX[13] toggles. Similarly, if the size is 512,
the Host Controller sets this bit to a one every time FRINDEX[12] toggles."

Notice how this text talks about setting bit 3 when bit 13 of frindex toggles
(when there are 1024 entries, so our case), so this indicates that frindex
has a bit 13 making it a 14 bit counter.

Besides these clear hints the real proof is in the pudding. Before this
patch I could not stream data from a USB2 webcam under Windows XP, after
this cam using a USB2 webcam under Windows XP works fine, and no regressions
with other operating systems were seen.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann 088351a7e5 usb-ehci: fix ehci_child_detach
Looks like a cut+paste bug from ehci_detach.  When the device itself is
detached from a ehci port (ehci_detach op) we have to clear the
device pointer for the companion port too.  When a device gets removed
from a downstream port of a usb hub (ehci_child_detach op) the ehci port
where the usb hub is plugged in is not affected.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:28 +02:00
Gerd Hoffmann 529f8f9fa9 usb-hub: add tracepoints
Add tracepoints to the usb hub emulation.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann f5bf14bf39 usb_packet_set_state: handle p->ep == NULL
usb_packet_set_state can be called with p->ep = NULL.  The tracepoint
there tries to log endpoint information, which leads to a segfault.
This patch makes usb_packet_set_state handle the NULL pointer properly.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann 39c2057700 usb-host: add property to turn off pipelining
Add a property to usb-host to disable the bulk endpoint pipelining.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann 19b89252a3 usb-host: add usb packet to request tracepoints
Add pointer to USBPacket to all tracepoints tracking requests to make it
easier to identify them when multiple requests are in flight.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann 6aebe40796 usb-host: trace canceled requests
Add tracepoints to track canceled requests.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann e382e751ef usb-host: trace emulated requests
Add tracepoint to track completion of emulated control requests.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann 65bb3a5c11 Add bootindex support to usb-host and usb-redir
When passing through a usb pendrive seabios will present it in the F12
boot menu and will happily boot from it.

This patch adds bootorder support so you can even make it the default
boot device.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann ee008ba626 usb-uhci: queuing fix
When we queue up usb packets we may happen to find a already queued
packet, which also might be finished at that point already.  We don't
want continue processing the packet at this point though, so lets
just signal back we've found a in-flight packet when in queuing mode.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann 52b0fecdba usb-uhci: stop queue filling when we find a in-flight td
Not only QHs can form rings, but TDs too.  With the new
queuing/pipelining support we are following TD chains and
can actually walk in circles.  An assert() prevents us from
entering an endless loop then.

Fix is easy:  Just stop queuing when we figure the TD we are
about to queue up is in flight already.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:27 +02:00
Gerd Hoffmann eeb0cf9abf usb/vmstate: add parent dev path
... to make vmstate id string truely unique with multiple host
controllers, i.e. move from "1/usb-ptr" to "0000:00:01.3/1/usb-ptr"
(usb tabled connected to piix3 uhci).

This obviously breaks migration.  To handle this the usb bus
property "full-path" is added.  When setting this to false old
behavior is maintained.  This way current qemu will be compatible
with old versions when started using '-M pc-$oldversion'.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-17 10:23:21 +02:00
Luiz Capitulino 56f9107e43 qdev: qdev_unplug(): use error_set()
It currently uses qerror_report(), but next commit will convert
the drive_del command to the QAPI and this requires using
error_set().

One particularity of qerror_report() is that it knows when it's
running on monitor context or command-line context and prints the
error message accordingly. error_set() doesn't do this, so we
have to be careful not to drop error messages.

qdev_unplug() has three kinds of usages:

 1. It's called when hot adding a device fails, to undo anything
    that has been done before hitting the error

 2. It's called by function monitor functions like device_del(),
    to unplug a device

 3. It's used by xen_platform.c in a way that doesn't _seem_ to
    be in monitor context

Only item 2 can print an error message to the user, this commit
maintains that.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-04-09 14:35:25 -03:00
Benjamin Herrenschmidt e2854bf323 Endian fix an assertion in usb-msd
This fixes a broken endian assumption in an assertion in usb-msd.

Cc: Gerd Hoffman <kraxel@redhat.com>

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:52:25 +01:00
Gerd Hoffmann 6c60134091 uhci: alloc can't fail, drop check.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00
Gerd Hoffmann 4efe4ef3b8 uhci: new uhci_handle_td return code for tds still in flight
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00
Gerd Hoffmann 0cd178ca2c uhci: renumber uhci_handle_td return codes
Step #2 (separate for better bisectability): renumber so the silly '-1'
goes away.  Pick a range which doesn't overlap the old values.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00
Gerd Hoffmann 60e1b2a6dd uhci: use enum for uhci_handle_td return codes
Step #1 (separate for better bisectability): replace numbers with names.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00
Gerd Hoffmann 50dcc0f85d uhci: tracing support
Zap DPRINTF, add tracepoints instead.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00
Gerd Hoffmann d9a528db7f uhci: cancel on schedule stop.
Cancel any in-flight transaction when the guest stops the uhci schedule.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-13 10:15:32 +01:00