* pmaydell/arm-devs.for-upstream:
arm: make the number of GIC interrupts configurable
hw/lan9118: Add save/load support
arm: Remove incorrect comment in arm_timer
vexpress, realview: Add (dummy) L2 cache controller
* kraxel/usb.37:
usb-redir: Improve some debugging messages
usb-redir: Try to keep our buffer size near the target size
usb-redir: Pre-fill our isoc input buffer before sending pkts to the host
usb-redir: Dynamically adjust iso buffering size based on ep interval
usb-redir: Clear iso / irq error when stopping the stream
usb: link packets to endpoints not devices
usb: add max_packet_size to USBEndpoint
usb/debug: add usb_ep_dump
usb-desc: USBEndpoint support
usb: add ifnum to USBEndpoint
usb: add USBEndpoint
xhci: Initial xHCI implementation
usb: add audio device model
usb-desc: audio endpoint support
usb: track altsetting in USBDevice
usb: track configuration and interface count in USBDevice.
usb-host: rip out legacy procfs support
Increase the maximum number of GIC interrupts for a9mp and a11mp to 1020,
and create a configurable property for each defaulting to 96 and 64
(respectively) so that device modelers can set the value appropriately
for their SoC. Other ARM processors also set their maximum number of
used IRQs appropriately.
Set the maximum theoretical number of GIC interrupts to 1020 and
update the save/restore code to only use the appropriate number for
each SoC.
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
[Peter Maydell: fixed minor whitespace snafu]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The current comment says that the arm_timers are restricted to between
32 KHz and 1 MHz, but sp804 TRM does not specify those limits.
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Instantiate the L2 cache controller on the ARM devboards which have one,
since we have a dummy model of it now. Note that the only non-MP board
with an L2x0 is the PB1176, which we don't model.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add USBEndpoint for the control endpoint to USBDevices. Link async
packets to the USBEndpoint instead of the USBDevice.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Start maintaining endpoint state at USBDevice level. Add USBEndpoint
struct and some helper functions to deal with it. For now it contains
the endpoint type only. Moved over some bits from usb-linux.c
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Based on the implementation from Hector Martin <hector@marcansoft.com>
Hectors's implementation completely sidestepped the qemu usb system and
used libusb directly for usb device pass through. So I've ripped out
the libusb bits (or left them in disabled, as reference for further
coding) and hooked up the qemu subsystem instead. That work is not
complete yet though, partly due to limitations of the qemu usb
subsystem. Nevertheless I think it is better to continue development
in-tree, especially as the qemu usb bits need a bunch of improvements
too for decent usb 3.0 support.
Current state:
- usb-storage emulation should work ok.
- Devices which need constant polling (HID emulation like usb-tablet)
are known to not work.
- ISO xfers are not implemented yet.
- superspeed ports are not implemented yet.
- usb pass-through is completely untested so far.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The secondary CPU bootloader in arm_boot.c holds secondary CPUs in a
pen until the primary CPU releases them. Make boards specify the
address to be polled to determine whether to leave the pen (it was
previously hardcoded to 0x10000030, which is a Versatile Express/
Realview specific system register address).
Signed-off-by: Evgeny Voevodin <e.voevodin@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
u-boot uses single automatic scans and polling in
pxa2xx_keypad driver, so clear KPC_AS bit immediately
and update keys state even if KPC_AS and KPC_ASACT are
cleared.
Signed-off-by: Vasily Khoruzhick <anarsoul@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Pallete entry size for 16bpp format is 2 bytes, not 4
Signed-off-by: Vasily Khoruzhick <anarsoul@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Obviously, linking the RTC device state to the PIIX does not belong into
the common path that is shared with the isapc.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
All files under GPLv2 will get GPLv2+ changes starting tomorrow.
event_notifier.c and exec-obsolete.h were only ever touched by Red Hat
employees and can be relicensed now.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
qdev is now equipped (thanks to the last commit) to disassociate
chardevs from the qdev devices on the devices going away. So doing it
in the virtio-console driver is not necessary.
Since that was the only thing being done in the qdev exit method, drop
it entirely.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When a device is removed, remove the association with a chardev, if any,
so that the chardev can be re-used later for other devices.
Reported-by: Qunfang Zhang <qzhang@redhat.com>
Fix-suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
QEMU does have a "scsi" option (to be used like -device
virtio-blk-pci,drive=foo,scsi=off). However, it only
masks the feature bit, and does not reject the command
if a malicious guest disregards the feature bits and
issues a request.
Without this patch, using scsi=off does not protect you
from CVE-2011-4127.
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When an rtc interrupt is reinjected immediately after being acked,
other interrupts should not be reinjected, so do clear their bits.
Also, if the periodic interrupts have been disabled before acking,
do not reinject, as the guest might get very confused!
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Hours in 12-hour mode are in the 1-12 range, not 0-11.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Commit 8eb0283 broken device_del by having too overzealous reference counting
checks. Move the reference count checks to qdev_free(), make sure to remove
the parent link on free, and decrement the reference count on property removal.
Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
These comments are used by static code analysis tools and in code reviews
to avoid false warnings because of missing break statements.
The case statements handled here were reported by coverity.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
The RFBI_READ/RFBI_STATUS code incorrectly uses chip[0] when it should
be using chip[1]. Andrzej Zaborowski <balrog@zabor.org> confirmed this
bug since I don't know this code well.
Reported-by: Dr David Alan Gilbert <davidagilbert@uk.ibm.com>
Reviewed-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
This brings a usb audio device to qemu. Output only, fixed at
16bit stereo @ 480000 Hz. Based on a patch from
H. Peter Anvin <hpa@linux.intel.com>
Usage: add '-device usb-audio' to your qemu command line.
Works sorta ok on a idle machine. Known issues:
* Is *very* sensitive to latencies.
* Burns quite some CPU due to usb polling.
In short: It brings the qemu usb emulation to its limits. Enjoy!
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add support for audio endpoints which have two more fields in the
descriptor. Also add support for extra class specific endpoint
descriptors.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Move fields from USBHostDevice to USBDevice.
Add bits to usb-desc.c to fill them for emulated devices too.
Also allow to set configuration 0 (== None) for emulated devices.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
ppm_save() spends upwards of 50% of its time doing divisions. Replace them
with shifts.
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
- Send EOP flags to the out channels.
- Send data descriptor metadata to the out channels.
Signed-off-by: Lars Persson <larper@axis.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Coverity says that the division by sizeof(*s->rate) might be wrong.
I think that coverity is right.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Coverity complained about local variable key which was only partially
initiated. Only key.st_value was set. As this was also the only part
of key which was used in function symfind, the code could be optimized
by directly passing a pointer to orig_addr.
In bsd-user/elfload.c, fix ec822001a2
was missing. This was a simple replacement of > by >= in symfind, so
I fixed it here without creating an additional patch.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Use the new memory mutator API to simplify the flash remap code;
this allows us to drop the flash_mapped flag.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Fix the sense of the REMAP bit: 0 should mean "map flash",
1 should mean "map RAM".
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
* 's390-next' of git://repo.or.cz/qemu/agraf:
s390: fix cpu hotplug / cpu activity on interrupts
s390x: add TR function for EXECUTE
Expose drive_add on all architectures
Add generic drive hotplugging
Compile device-hotplug on all targets
[S390] Add hotplug support
vhost memory management doesn't care about non-memory (e.g. PIO) or non-RAM
regions. Adjust the filtering to reflect that, and move it earlier so it
applies to mem_sections too.
Signed-off-by: Avi Kivity <avi@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
A memset() used to delete an entry in an array did not take into account
the array element's size.
Signed-off-by: Avi Kivity <avi@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
MemoryListener::region_add() gives us a slice of a MemoryRegion, not a
region. Adjust the userspace address to reflect that.
Signed-off-by: Avi Kivity <avi@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
* 'ppc-next' of git://repo.or.cz/qemu/agraf:
PPC: Add description for the Freescale e500mc core.
pseries: Check for duplicate addresses on the spapr-vio bus
pseries: Populate "/chosen/linux,stdout-path" in the FDT
pseries: Add a routine to find a stable "default" vty and use it
pseries: Emit device tree nodes in reg order
pseries: FDT NUMA extensions to support multi-node guests
pseries: Remove hcalls callback
kvm-ppc: halt secondary cpus when guest reset
console: Fix segfault on screendump without VGA adapter
PPC: monitor: add ability to dump SLB entries
color_reg is expected to hold 32 bit values, so it was too small.
This bug was reported by coverity:
hw/sm501.c:624:
result_independent_of_operands:
color_reg >> 16 is 0 regardless of the values of its operands.
This occurs as the bitwise first operand of '&'.
Cc: Shin-ichiro Kawasaki <kawasaki@juno.dti.ne.jp>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Commit 5632ae46d5 passes the address
of i8259 to qemu_irq_proxy. i8259 is an auto variable with undefined
value outside of mips_malta_init.
This made the interrupt proxy unusable: either QEMU crashes, or
the interrupt handler was not called.
Ethernet for example no longer worked with MIPS Malta.
v2:
While v1 used a static variable for i8259, this patch introduces
a qdev for the malta machine. i8259 is now part of the device status.
This is a minimal qdev implementation to keep the patch small.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
* stefanha/trivial-patches:
qemu-nbd: drop loop which can never loop
Make python mandatory
net/socket.c: Fix fd leak in net_socket_listen_init() error paths
gdbstub: Fix fd leak in gdbserver_open() error path
configure: Fix test for supported host CPU type
configure: CONFIG_QEMU_INTERP_PREFIX only for user mode
scsi virtio-blk usb-msd: Clean up device init error messages
Strip trailing '\n' from error_report()'s first argument (again)
qemu-options.hx: fix tls-channel help text
