This patch fixes a QEMU SEGFAULT when a write operation is performed on
the memory region of the PCI BAR 3 (base address space).
When a writeb(0xe0000000) is performed the .write function is invoked to
handle the write access, however, since the .write is not initialised,
the call to 0, causes QEMU to SEGFAULT.
Signed-off-by: Salva Peiró <speirofr@gmail.com>
Acked-by: Hannes Reinecke <hare@suse.com>
Message-Id: <1437987112-24744-1-git-send-email-speirofr@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Few devices have their specialized 'config_write' methods which simply
call 'pci_default_write_config' followed by a 'msix_write_config' or
'msi_write_config' calls, using exact same arguments.
This is unnecessary as 'pci_default_write_config' already invokes
'msi_write_config' and 'msix_write_config'.
Also, since 'pci_default_write_config' is the default 'config_write'
handler, we can simply avoid the registration of these specialized
versions.
Cc: Leonid Shatz <leonid.shatz@ravellosystems.com>
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This commit was generated mechanically by coccinelle from the following
semantic patch:
@@
expression val;
@@
- (ffs(val) - 1)
+ ctz32(val)
The call sites have been audited to ensure the ffs(0) - 1 == -1 case
never occurs (due to input validation, asserts, etc). Therefore we
don't need to worry about the fact that ctz32(0) == 32.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-5-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
These are "am53c974", "dc390", "lsi53c895a", "lsi53c810", "megasas",
"megasas-gen2".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-Id: <1425925048-15482-5-git-send-email-armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit a818a4b changed scsi_bus_legacy_handle_cmdline() to report
errors from scsi_bus_legacy_add_drive() with error_report() in
addition to returning them. That's inappropriate.
Two kinds of callers:
1. realize methods (devices "esp", "virtio-scsi-device" and
"spapr-vscsi")
The error object gets passed up the call chain until it gets
reported again and freed.
Example:
$ qemu-system-arm -M virt -S -display none \
> -drive if=scsi,id=foo,bus=1,file=tmp.qcow2 \
> -device nec-usb-xhci -device usb-storage,drive=foo \
> -device virtio-scsi-pci
qemu-system-arm: -drive if=scsi,id=foo,bus=1,file=tmp.qcow2: Property 'scsi-disk.drive' can't take value 'foo', it's in use
qemu-system-arm: -drive if=scsi,id=foo,bus=1,file=tmp.qcow2: Setting drive property failed
qemu-system-arm: -device virtio-scsi-pci: Setting drive property failed
qemu-system-arm: -device virtio-scsi-pci: Device initialization failed
qemu-system-arm: -device virtio-scsi-pci: Device 'virtio-scsi-pci' could not be initialized
The second message in this error cascade comes from
scsi_bus_legacy_handle_cmdline(). The error object then gets
passed up to the qdev_init() called from
virtio_scsi_pci_init_pci(), which reports it again.
2. init methods (devices "am53c974", "dc390", "lsi53c895a",
"lsi53c810", "megasas", "megasas-gen2")
init methods need to report their errors with qerror_report().
These don't. The inappropriate error_report() papers over the bug.
error_report() isn't the same as qerror_report() in QMP context,
but this can't actually happen: QMP can still only hot-plug, and
callers call scsi_bus_legacy_handle_cmdline() only on cold-plug.
Except for sysbus_esp_realize(), but that can't be hot-plugged at
all, as far as I can tell.
Fix the init methods and drop the inappropriate error_report() in
scsi_bus_legacy_handle_cmdline().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-Id: <1425925048-15482-2-git-send-email-armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
MSI-X works slightly different than INTx; the doorbell
registers are not necessarily used as MSI-X interrupts
are directed anyway. So the head pointer on the
reply queue needs to be updated as soon as a frame
is completed, and we can set the doorbell only
when in INTx mode.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Windows requires the frames to be unmapped, otherwise we run
into a race condition where the updated frame data is not
visible to the guest.
With that we can simplify the queue algorithm and use a bitmap
for tracking free frames.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Improve queue logging by displaying head and tail pointer
of the completion queue.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Some implementations use DCMD_CLUSTER_RESET_LD to simulate
a device reset.
Signed-off-by: Hannes Reinecke <hare@suse.de>
[Compare against id, not lun. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The windows driver is sending several init_firmware commands
when in MSI-X mode. It is, however, using only the first
queue. So disregard any additional init_firmware commands
until the HBA is reset.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The EFI firmware doesn't handle unit attentions properly,
so we need to clear the Power On/Reset unit attention upon
initial reset.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
To ease debugging we should be decoding
the register names.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The check for a valid command buffer size was inverted.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The 2108 chip supports MSI and MSI-X, so update the emulation
to support both chips.
Signed-off-by: Hannes Reinecke <hare@suse.de>
[Make VMStateDescription const. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Logical drives can only be addressed with the 'target_id' number;
LUN numbers cannot be selected.
Physical drives can be selected with both, target and LUN id.
So we should disallow LUN numbers not equal to 0 when in
RAID mode.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The MFI_DCMD_LD_LIST_QUERY function is using a different format than
MFI_DCMD_LD_LIST, so we need to implement it differently.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Device models should access their block backends only through the
block-backend.h API. Convert them, and drop direct includes of
inappropriate headers.
Just four uses of BlockDriverState are left:
* The Xen paravirtual block device backend (xen_disk.c) opens images
itself when set up via xenbus, bypassing blockdev.c. I figure it
should go through qmp_blockdev_add() instead.
* Device model "usb-storage" prompts for keys. No other device model
does, and this one probably shouldn't do it, either.
* ide_issue_trim_cb() uses bdrv_aio_discard() instead of
blk_aio_discard() because it fishes its backend out of a BlockAIOCB,
which has only the BlockDriverState.
* PC87312State has an unused BlockDriverState[] member.
The next two commits take care of the latter two.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The function is empty after the previous patch, so remove it.
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
After previous Peter patch, they are redundant. This way we don't
assign them except when needed. Once there, there were lots of case
where the ".fields" indentation was wrong:
.fields = (VMStateField []) {
and
.fields = (VMStateField []) {
Change all the combinations to:
.fields = (VMStateField[]){
The biggest problem (appart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Acked-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Using __DATE__ or __TIME__ in binary pkgs changes the checksum of
compiled binaries if they get rebuilt, even if there are no other
source changes. Replace the dynamic strings with some equally
informative static strings.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Some hardware instances do support MSI, so we should do likewise.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
MSI-X support has been fixed in qemu, so we can enable it again.
Signed-off-by: Hannes Reinecke <hare@suse.de>
[Do not change VMSTATE_PCI_DEVICE to PCIE. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Newer firmware implement a LD_LIST_QUERY command, and due to a driver
issue no drives might be detected if this command isn't supported.
So add emulation for this command, too.
Cc: qemu-stable@nongnu.org
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Replace them with uint8/32/64.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
pci_set_irq and the other pci irq wrappers use
PCI_INTERRUPT_PIN config register to compute device
INTx pin to assert/deassert.
An irq is allocated using pci_allocate_irq wrapper
only if is needed by non pci devices.
Removed irq related fields from state if not used anymore.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
To be passed to qbus_create_inplace().
Use DEVICE() casts instead of direct parent field access.
Reviewed-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The category will be used to sort the devices displayed in
the command line help.
Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
Message-id: 1375107465-25767-4-git-send-email-marcel.a@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Let scsi_bus_legacy_add_drive() and scsi_bus_legacy_handle_cmdline()
return an Error**. Prepare qdev initfns for QOM realize error model.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Only apply legacy command line handling when the device has not been
hot-plugged. Propagate failure of legacy command line handling.
Cc: qemu-stable@nongnu.org
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Replace direct uses of MegasasState::dev with QOM casts and rename it to
parent_obj.
Acked-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Define and use standard QOM cast macro. Remove usages of DO_UPCAST()
and direct -> style upcasting.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The DMAContext is a simple pointer to an AddressSpace that is now always
already available. Make everyone hold the address space directly,
and clean up the DMA API to use the AddressSpace directly.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This adds the possibility to create a scsi-bus with a specified name.
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Message-id: 1367330931-12994-4-git-send-email-fred.konrad@greensocs.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Salva Peiró
Shmulik Ladkani
Stefan Hajnoczi
Paolo Bonzini
Markus Armbruster
Hannes Reinecke
Juan Quintela
Olaf Hering
Edgar E. Iglesias
Marcel Apfelbaum
Andreas Färber
Peter Crosthwaite
KONRAD Frederic