Commit Graph

91 Commits

Author SHA1 Message Date
Paolo Bonzini
03dd024ff5 hw: explicitly include qemu/log.h
Move the inclusion out of hw/hw.h, most files do not need it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-19 16:42:29 +02:00
Eric Blake
12c125cba9 sd: Switch to byte-based block access
Sector-based blk_write() should die; switch to byte-based
blk_pwrite() instead.  Likewise for blk_read().

Greatly simplifies the code, now that we let the block layer
take care of alignment and read-modify-write on our behalf :)
In fact, we no longer need to include 'buf' in the migration
stream (although we do have to ensure that the stream remains
compatible).

Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-05-12 15:22:09 +02:00
Rutuja Shah
73bcb24d93 Replaced get_tick_per_sec() by NANOSECONDS_PER_SECOND
This patch replaces get_ticks_per_sec() calls with the macro
NANOSECONDS_PER_SECOND. Also, as there are no callers, get_ticks_per_sec()
is then removed.  This replacement improves the readability and
understandability of code.

For example,

    timer_mod(fdctrl->result_timer,
	      qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + (get_ticks_per_sec() / 50));

NANOSECONDS_PER_SECOND makes it obvious that qemu_clock_get_ns
matches the unit of the expression on the right side of the plus.

Signed-off-by: Rutuja Shah <rutu.shah.26@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-22 22:20:17 +01:00
Markus Armbruster
da34e65cb4 include/qemu/osdep.h: Don't include qapi/error.h
Commit 57cb38b included qapi/error.h into qemu/osdep.h to get the
Error typedef.  Since then, we've moved to include qemu/osdep.h
everywhere.  Its file comment explains: "To avoid getting into
possible circular include dependencies, this file should not include
any other QEMU headers, with the exceptions of config-host.h,
compiler.h, os-posix.h and os-win32.h, all of which are doing a
similar job to this file and are under similar constraints."
qapi/error.h doesn't do a similar job, and it doesn't adhere to
similar constraints: it includes qapi-types.h.  That's in excess of
100KiB of crap most .c files don't actually need.

Add the typedef to qemu/typedefs.h, and include that instead of
qapi/error.h.  Include qapi/error.h in .c files that need it and don't
get it now.  Include qapi-types.h in qom/object.h for uint16List.

Update scripts/clean-includes accordingly.  Update it further to match
reality: replace config.h by config-target.h, add sysemu/os-posix.h,
sysemu/os-win32.h.  Update the list of includes in the qemu/osdep.h
comment quoted above similarly.

This reduces the number of objects depending on qapi/error.h from "all
of them" to less than a third.  Unfortunately, the number depending on
qapi-types.h shrinks only a little.  More work is needed for that one.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
[Fix compilation without the spice devel packages. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-22 22:20:15 +01:00
Peter Maydell
fec44a8c70 sd: Fix "info qtree" on boards with SD cards
The SD card object is not a SysBusDevice, so don't create it with
qdev_create() if we're not assigning it to a specific bus; use
object_new() instead.

This was causing 'info qtree' to segfault on boards with SD cards,
because qdev_create(NULL, TYPE_FOO) puts the created object on the
system bus, and then we may try to run functions like sysbus_dev_print()
on it, which fail when casting the object to SysBusDevice.

(This is the same mistake that we made with the NAND device
and fixed in commit 6749695eaaf346c1.)

Reported-by: xiaoqiang.zhao <zxq_yx_007@163.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: xiaoqiang.zhao <zxq_yx_007@163.com>
Message-id: 1458061009-7733-1-git-send-email-peter.maydell@linaro.org
2016-03-16 17:42:19 +00:00
Peter Maydell
8b41c30525 sdhci: Implement DeviceClass reset
The sdhci device was missing a DeviceClass reset method;
implement it. Poweron reset looks the same as reset commanded
by the guest via the device registers, apart from modelling of
the rpi 'pending insert interrupt on powerup' quirk.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Message-id: 1456493044-10025-3-git-send-email-peter.maydell@linaro.org
2016-03-04 11:30:17 +00:00
Peter Maydell
0719e71e52 sd.c: Handle NULL block backend in sd_get_inserted()
The sd.c SD card emulation code can be in a state where the
SDState BlockBackend pointer is NULL; this is treated as
"card not present". Add a missing check to sd_get_inserted()
so that we don't segfault in this situation.

(This could be provoked by the guest writing to the SDHCI
register to do a reset on a xilinx-zynq-a9 board; it will
also happen at startup when sdhci implements its DeviceClass
reset method.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 1456493044-10025-2-git-send-email-peter.maydell@linaro.org
2016-03-04 11:30:17 +00:00
Andrew Baumann
0a7ac9f9e7 sdhci: add quirk property for card insert interrupt status on Raspberry Pi
This quirk is a workaround for the following hardware behaviour, on
which UEFI (specifically, the bootloader for Windows on Pi2) depends:

1. at boot with an SD card present, the interrupt status/enable
   registers are initially zero
2. upon enabling it in the interrupt enable register, the card insert
   bit in the interrupt status register is immediately set
3. after a subsequent controller reset, the card insert interrupt does
   not fire, even if enabled in the interrupt enable register

Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Message-id: 1456436130-7048-3-git-send-email-Andrew.Baumann@microsoft.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-26 15:09:42 +00:00
Andrew Baumann
5c1bc9a234 sdhci: Revert "add optional quirk property to disable card insertion/removal interrupts"
This reverts commit 723697551a.

This change was poorly tested on my part. It squelched card insertion
interrupts on reset, but that was not necessary because sdhci_reset()
clears all the registers (via the call to memset), so the subsequent
sdhci_insert_eject_cb() call never sees the card insert interrupt
enabled. However, not calling the insert_eject_cb results in prnsts
remaining 0, when it actually needs to be updated to indicate card
presence and R/O status.

Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Message-id: 1456436130-7048-2-git-send-email-Andrew.Baumann@microsoft.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-26 15:09:42 +00:00
Andrew Baumann
9800ad88c8 hw/sd: use guest error logging rather than fprintf to stderr
Some of these errors may be harmless (e.g. probing unimplemented
commands, or issuing CMD12 in the wrong state), and may also be quite
frequent. Spamming the standard error output isn't desirable in such
cases.

Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Message-id: 1454902521-21164-4-git-send-email-Andrew.Baumann@microsoft.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-18 14:50:50 +00:00
Andrew Baumann
dd26eb4333 hw/sd: model a power-up delay, as a workaround for an EDK2 bug
The SD spec for ACMD41 says that a zero argument is an "inquiry"
ACMD41, which does not start initialisation and is used only for
retrieving the OCR. However, Tianocore EDK2 (UEFI) has a bug [1]: it
first sends an inquiry (zero) ACMD41. If that first request returns an
OCR value with the power up bit (0x80000000) set, it assumes the card
is ready and continues, leaving the card in the wrong state. (My
assumption is that this works on hardware, because no real card is
immediately powered up upon reset.)

This change models a delay of 0.5ms from the first ACMD41 to the power
being up. However, it also immediately sets the power on upon seeing a
non-zero (non-enquiry) ACMD41. This speeds up UEFI boot, it should
also account for guests that simply delay after card reset and then
issue an ACMD41 that they expect will succeed.

[1] https://github.com/tianocore/edk2/blob/master/EmbeddedPkg/Universal/MmcDxe/MmcIdentification.c#L279
(This is the loop starting with "We need to wait for the MMC or SD
card is ready")

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Message-id: 1454902521-21164-3-git-send-email-Andrew.Baumann@microsoft.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-18 14:50:50 +00:00
Andrew Baumann
4481bbc79d hw/sd: implement CMD23 (SET_BLOCK_COUNT) for MMC compatibility
CMD23 is optional for SD but required for MMC, and the UEFI bootloader
used for Windows on Raspberry Pi 2 issues it.

Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Message-id: 1454902521-21164-2-git-send-email-Andrew.Baumann@microsoft.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-18 14:50:50 +00:00
Peter Maydell
6002915e0c hw/sd/pxa2xx_mmci: Add reset function
Add a reset function to the pxa2xx_mmci device; previously it had
no handling for system reset at all.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 1455646193-13238-11-git-send-email-peter.maydell@linaro.org
2016-02-18 14:50:50 +00:00
Peter Maydell
19d25e0a6d hw/sd/pxa2xx_mmci: Convert to VMStateDescription
Convert the pxa2xx_mmci device from manual save/load
functions to a VMStateDescription structure.

This is a migration compatibility break.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 1455646193-13238-10-git-send-email-peter.maydell@linaro.org
2016-02-18 14:49:55 +00:00
Peter Maydell
a9563e75e4 hw/sd/pxa2xx_mmci: Update to use new SDBus APIs
Now the PXA2xx MMCI device is QOMified itself, we can
update it to use the SDBus APIs to talk to the SD card.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1455646193-13238-9-git-send-email-peter.maydell@linaro.org
2016-02-18 14:49:21 +00:00
Peter Maydell
7a9468c925 hw/sd/pxa2xx_mmci: convert to SysBusDevice object
Convert the pxa2xx_mmci device to be a sysbus device.

In this commit we only change the device itself, and leave
the interface to the SD card using the old non-SDBus APIs.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 1455646193-13238-8-git-send-email-peter.maydell@linaro.org
2016-02-18 14:26:33 +00:00
Peter Maydell
eb4f566bbb sdhci_sysbus: Create SD card device in users, not the device itself
Move the creation of the SD card device from the sdhci_sysbus
device itself into the boards that create these devices.
This allows us to remove the cannot_instantiate_with_device_add
notation because we no longer call drive_get_next in the device
model.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 1455646193-13238-7-git-send-email-peter.maydell@linaro.org
2016-02-18 14:26:33 +00:00
Peter Maydell
40bbc19437 hw/sd/sdhci.c: Update to use SDBus APIs
Update the SDHCI code to use the new SDBus APIs.

This commit introduces the new command line options required
to connect a disk to sdhci-pci:

 -device sdhci-pci -drive id=mydrive,[...] -device sd,drive=mydrive

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 1455646193-13238-6-git-send-email-peter.maydell@linaro.org
2016-02-18 14:26:33 +00:00
Peter Maydell
c759a790b6 hw/sd: Add QOM bus which SD cards plug in to
Add a QOM bus for SD cards to plug in to.

Note that since sd_enable() is used only by one board and there
only as part of a broken implementation, we do not provide it in
the SDBus API (but instead add a warning comment about the old
function). Whoever converts OMAP and the nseries boards to QOM
will need to either implement the card switch properly or move
the enable hack into the OMAP MMC controller model.

In the SDBus API, the old-style use of sd_set_cb to register some
qemu_irqs for notification of card insertion and write-protect
toggling is replaced with methods in the SDBusClass which the
card calls on status changes and methods in the SDClass which
the controller can call to find out the current status. The
query methods will allow us to remove the abuse of the 'register
irqs' API by controllers in their reset methods to trigger
the card to tell them about the current status again.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 1455646193-13238-5-git-send-email-peter.maydell@linaro.org
2016-02-18 14:26:33 +00:00
Peter Maydell
ba3ed0fa94 hw/sd/sd.c: Convert sd_reset() function into Device reset method
Convert the sd_reset() function into a proper Device reset method.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 1455646193-13238-4-git-send-email-peter.maydell@linaro.org
2016-02-18 14:26:33 +00:00
Peter Maydell
260bc9d8aa hw/sd/sd.c: QOMify
Turn the SD card into a QOM device.
This conversion only changes the device itself; the various
functions which are effectively methods on the device are not
touched at this point.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Message-id: 1455646193-13238-3-git-send-email-peter.maydell@linaro.org
2016-02-18 14:26:33 +00:00
Peter Maydell
ac6de31acd hw/sd/sdhci.c: Remove x-drive property
The following commits will remove support for the old sdhci-pci
command line syntax using the x-drive property:
 -device sdhci-pci,x-drive=mydrive -drive id=mydrive,[...]
and replace it with an explicit sd device:
 -device sdhci-pci -drive id=mydrive,[...] -device sd,drive=mydrive

(This is OK because x-drive is experimental.)

This commit removes the x-drive property so that old style
command lines will fail with a reasonable error message:
  -device sdhci-pci,x-drive=mydrive: Property '.x-drive' not found

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 1455646193-13238-2-git-send-email-peter.maydell@linaro.org
2016-02-18 14:26:33 +00:00
Prasad J Pandit
97f4ed3b71 sd: limit 'req.cmd' while using as an array index
While processing standard SD commands, the 'req.cmd' value could
lead to OOB read when used as an index into 'sd_cmd_type' or
'sd_cmd_class' arrays. Limit 'req.cmd' value to avoid such an
access.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453315857-1352-1-git-send-email-ppandit@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-02-11 11:17:32 +00:00
Peter Maydell
0430891ce1 hw: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-38-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:25 +00:00
Peter Maydell
17b7f2dbbc arm devices: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-36-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:25 +00:00
Peter Maydell
8ef94f0bc9 arm: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-13-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:23 +00:00
Peter Maydell
ea99dde191 lm32: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-5-git-send-email-peter.maydell@linaro.org
2016-01-29 15:07:22 +00:00
Alistair Francis
8fd06719e7 ssi: Move ssi.h into a separate directory
Move the ssi.h include file into the ssi directory.

While touching the code also fix the typdef lines as
checkpatch complains.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-21 14:15:03 +00:00
Andrew Baumann
723697551a sdhci: add optional quirk property to disable card insertion/removal interrupts
This is needed for a quirk of the Raspberry Pi (bcm2835/6) MMC
controller, where the card insert bit is documented as unimplemented
(always reads zero, doesn't generate interrupts) but is in fact
observed on hardware as set at power on, but is cleared (and remains
clear) on subsequent controller resets.

Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 1450738069-18664-4-git-send-email-Andrew.Baumann@microsoft.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22 16:34:26 +08:00
Andrew Baumann
62d32ec817 sdhci: don't raise a command index error for an unexpected response
This deletes a block of code that raised a command index error if a
command returned response data, but the guest did not set the
appropriate bits in the response register to handle such a response. I
cannot find any documentation that suggests the controller should
behave in this way, the error code doesn't make sense (command index
error is defined for the case where the index in a response does not
match that of the issued command), and in at least one case (CMD23
issued by UEFI on Raspberry Pi 2), actual hardware does not do this.

Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: 1450738069-18664-3-git-send-email-Andrew.Baumann@microsoft.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22 16:34:26 +08:00
Peter Crosthwaite
6890a695d9 sd: sdhci: Delete over-zealous power check
This check was conditionalising SD card operation on the card being
powered by the SDHCI host controller. It is however possible
(particularly in embedded systems) for the power control of the SD card
to be managed outside of SDHCI. This can be as trivial as hard-wiring
the SD slot VCC to a constant power-rail.

This means the guest SDHCI can validly opt-out of the SDHCI power
control feature while still using the card. So delete this check to
allow operation of the card with SDHCI power control.

This is needed for at least Xilinx Zynq and Raspberry Pi, and
also makes Freescale i.MX25 work for me. The digilent Zybo board
has a public schematic which shows SD VCC hardwiring:

http://digilentinc.com/Data/Products/ZYBO/ZYBO_sch_VB.3.pdf
bottom of page 3.

Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Reviewed-by: Sai Pavan Boddu <saipava@xilinx.com>
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Message-id: 1450738069-18664-2-git-send-email-Andrew.Baumann@microsoft.com
[AB: Add Pi to list of devices fixed in commit message]
Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22 16:34:26 +08:00
Markus Armbruster
ba306c7a55 sd: Mark brittle abuse of blk_attach_dev() FIXME
blk_attach_dev() fails here only when we're working for device
"sdhci-pci" (which already attached the backend), and then we don't
want to attach a second time.  If we ever create another failure mode,
we're setting up ourselves to using the same backend from multiple
frontends, which is likely to end in tears.  Can't clean this up this
close to the release, so mark it FIXME.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1449503710-3707-3-git-send-email-armbru@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-07 17:13:10 +00:00
Markus Armbruster
79f2170789 sdhci: Sanitize "sdhci-pci" properties for future qomification
We currently fuse controller and card into a single device model, but
we intend qomify things properly and separate the two.  The properties
that really belong to the card would then have to somehow pass-through
to the card's properties.  To avoid that complication, either mark
them experimental or drop them.

Properties "capareg", "maxcurr" and the usual PCI device properties
belong to the controller.  Property "drive" belongs to the card;
rename it to "x-drive".  Properties "logical_block_size",
"physical_block_size", "min_io_size", "opt_io_size",
"discard_granularity" belong to the card, but have no effect; drop
them.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1449503710-3707-2-git-send-email-armbru@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-07 17:13:10 +00:00
Sai Pavan Boddu
637d23beb6 sdhci: Split sdhci.h for public and internal device usage
Split sdhci.h into pubilc version (i.e include/hw/sd/sdhci.h) and
internal version (i.e hw/sd/sdhci-interna.h) based on register
declarations and object declaration.

Signed-off-by: Sai Pavan Boddu <saipava@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-10-29 17:59:27 +00:00
Sai Pavan Boddu
e3382ef0ea sd.h: Move sd.h to include/hw/sd/
Create a sd directory under include/hw/ and move sd.h to
include/hw/sd/

Signed-off-by: Sai Pavan Boddu <saipava@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-10-29 17:59:27 +00:00
Alistair Francis
9201bb9a8c sdhci.c: Limit the maximum block size
It is possible for the guest to set an invalid block
size which is larger then the fifo_buffer[] array. This
could cause a buffer overflow.

To avoid this limit the maximum size of the blksize variable.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reported-by: Intel Security ATR <secure@intel.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: abe4c51f513290bbb85d1ee271cb1a3d463d7561.1444067470.git.alistair.francis@xilinx.com
Suggested-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
Reported-by: Intel Security ATR <secure@intel.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-10-12 11:17:45 +01:00
Kevin O'Connor
5ec911c30f sdhci: Pass drive parameter to sdhci-pci via qdev property
Commit 19109131 disabled the sdhci-pci support because it used
drive_get_next().  This patch reenables sdhci-pci and changes it to
pass the drive via a qdev property - for example:
 -device sdhci-pci,drive=drive0 -drive id=drive0,if=sd,file=myimage

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-10-12 09:21:10 +01:00
Sai Pavan Boddu
7af0fc994e sdhci: Change debug prints to compile unconditionally
Conditional compilation hides few type mismatch warnings, fix it to
compile unconditionally.

Signed-off-by: Sai Pavan Boddu <saipava@xilinx.com>
Suggested-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-10-08 19:46:01 +03:00
Sai Pavan Boddu
be9c5ddeab sdhci: use PRIx64 for uint64_t type
Fix compile time warnings, because of type mismatch for unsigned long
long type.

Signed-off-by: Sai Pavan Boddu <saipava@xilinx.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-10-08 19:46:01 +03:00
Veres Lajos
67cc32ebfd typofixes - v4
Signed-off-by: Veres Lajos <vlajos@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11 10:45:43 +03:00
Markus Armbruster
012aef0734 maint: avoid useless "if (foo) free(foo)" pattern
My Coccinelle semantic patch finds a few more, because it also fixes up
the equally pointless conditional

    if (foo) {
        free(foo);
        foo = NULL;
    }

Result (feel free to squash it into your patch):

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11 10:21:38 +03:00
Daniel P. Berrange
ef1e1e0782 maint: avoid useless "if (foo) free(foo)" pattern
The free() and g_free() functions both happily accept
NULL on any platform QEMU builds on. As such putting a
conditional 'if (foo)' check before calls to 'free(foo)'
merely serves to bloat the lines of code.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11 10:21:38 +03:00
Markus Armbruster
b45c03f585 arm: Use g_new() & friends where that makes obvious sense
g_new(T, n) is neater than g_malloc(sizeof(T) * n).  It's also safer,
for two reasons.  One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.

This commit only touches allocations with size arguments of the form
sizeof(T).

Coccinelle semantic patch:

    @@
    type T;
    @@
    -g_malloc(sizeof(T))
    +g_new(T, 1)
    @@
    type T;
    @@
    -g_try_malloc(sizeof(T))
    +g_try_new(T, 1)
    @@
    type T;
    @@
    -g_malloc0(sizeof(T))
    +g_new0(T, 1)
    @@
    type T;
    @@
    -g_try_malloc0(sizeof(T))
    +g_try_new0(T, 1)
    @@
    type T;
    expression n;
    @@
    -g_malloc(sizeof(T) * (n))
    +g_new(T, n)
    @@
    type T;
    expression n;
    @@
    -g_try_malloc(sizeof(T) * (n))
    +g_try_new(T, n)
    @@
    type T;
    expression n;
    @@
    -g_malloc0(sizeof(T) * (n))
    +g_new0(T, n)
    @@
    type T;
    expression n;
    @@
    -g_try_malloc0(sizeof(T) * (n))
    +g_try_new0(T, n)
    @@
    type T;
    expression p, n;
    @@
    -g_realloc(p, sizeof(T) * (n))
    +g_renew(T, p, n)
    @@
    type T;
    expression p, n;
    @@
    -g_try_realloc(p, sizeof(T) * (n))
    +g_try_renew(T, p, n)
    @@
    type T;
    expression n;
    @@
    -(T *)g_new(T, n)
    +g_new(T, n)
    @@
    type T;
    expression n;
    @@
    -(T *)g_new0(T, n)
    +g_new0(T, n)
    @@
    type T;
    expression p, n;
    @@
    -(T *)g_renew(T, p, n)
    +g_renew(T, p, n)

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1440524394-15640-1-git-send-email-armbru@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-07 10:39:27 +01:00
Peter Maydell
13e1e476b4 hw/sd/pxa2xx_mmci: Stop using old_mmio in MemoryRegionOps
Update the pxa2xx_mmci device to stop using the old_mmio read
and write callbacks in its MemoryRegionOps. This actually
simplifies the code because the separate byte/halfword/word
access functions were all calling into a single function to
do the work anyway.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1434117989-7367-6-git-send-email-peter.maydell@linaro.org
2015-06-15 18:06:09 +01:00
Peter Maydell
16b781aaef hw/sd: Don't pass BlockBackend to sd_reset()
The only valid BlockBackend to pass to sd_reset() is the one for
the SD card, which is sd->blk. Drop the second argument from this
function in favour of having it just use sd->blk.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1430683444-9797-1-git-send-email-peter.maydell@linaro.org
2015-05-12 11:57:16 +01:00
Stefan Hajnoczi
c9d9331851 sd: convert sd_normal_command() ffs(3) call to ctz32()
ffs() cannot be replaced with ctz32() when the argument might be zero,
because ffs(0) returns 0 while ctz32(0) returns 32.

The ffs(3) call in sd_normal_command() is a special case though.  It can
be converted to ctz32() + 1 because the argument is never zero:

  if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
      ~~~~~~~~~~~~~~~
            ^--------------- req.arg cannot be zero

Cc: Markus Armbruster <armbru@redhat.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427124571-28598-7-git-send-email-stefanha@redhat.com
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-04-28 15:36:08 +02:00
Markus Armbruster
9f9bdf43ca sysbus: Make devices picking up backends unavailable with -device
Device models aren't supposed to go on fishing expeditions for
backends.  They should expose suitable properties for the user to set.
For onboard devices, board code sets them.

A number of sysbus devices pick up block backends in their init() /
instance_init() methods with drive_get_next() instead: sl-nand,
milkymist-memcard, pl181, generic-sdhci.

Likewise, a number of sysbus devices pick up character backends in
their init() / realize() methods with qemu_char_get_next_serial():
cadence_uart, digic-uart, etraxfs,serial, lm32-juart, lm32-uart,
milkymist-uart, pl011, stm32f2xx-usart, xlnx.xps-uartlite.

All these mistakes are already marked FIXME.  See the commit that
added these FIXMEs for a more detailed explanation of what's wrong.

Fortunately, only machines ppce500 and pseries-* support -device with
sysbus devices, and none of the devices above is supported with these
machines.

Set cannot_instantiate_with_device_add_yet to preserve our luck.

Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: Antony Pavlov <antonynpavlov@gmail.com>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-04-02 15:30:44 +02:00
Markus Armbruster
19109131ca sdhci: Make device "sdhci-pci" unavailable with -device
Device models aren't supposed to go on fishing expeditions for
backends.  They should expose suitable properties for the user to set.
For onboard devices, board code sets them.

"sdhci-pci" picks up its block backend in its realize() method with
drive_get_next() instead.  Already marked FIXME.  See the commit that
added the FIXME for a more detailed explanation of what's wrong.

We can't fix this in time for the release, but since the device is new
in 2.3, we can set cannot_instantiate_with_device_add_yet to disable
it before this mistake becomes ABI, and we have to support command
lines like

    $ qemu -drive if=sd -drive if=sd,file=sd.img -device sdhci-pci -device sdhci-pci

forever.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-04-02 15:30:39 +02:00
Markus Armbruster
af9e40aa8f hw: Mark devices picking up block backends actively FIXME
Drives defined with if!=none are for board initialization to wire up.
Board code calls drive_get() or similar to find them, and creates
devices with their qdev drive properties set accordingly.

Except a few devices go on a fishing expedition for a suitable backend
instead of exposing a drive property for board code to set: they call
driver_get() or drive_get_next() in their realize() or init() method
to implicitly connect to the "next" backend with a certain interface
type.

Picking up backends that way works when the devices are created by
board code.  But it's inappropriate for -device or device_add.  Not
only is this inconsistent with how the other block device models work
(they connect to a backend explicitly identified by a "drive"
property), it breaks when the "next" backend has been picked up by the
board already.

Example:

    $ qemu-system-arm -S -M connex -pflash flash.img -device ssi-sd
    Aborted (core dumped)

Mark them with suitable FIXME comments.

Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: "Andreas Färber" <andreas.faerber@web.de>
Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2015-04-02 15:26:27 +02:00
Stefan Weil
77a8257ed7 omap: Fix warnings from Sparse
Sparse report:

arm/omap1.c:1015:9: warning: returning void-valued expression
arm/omap1.c:1084:9: warning: returning void-valued expression
arm/omap1.c:1178:9: warning: returning void-valued expression
arm/omap1.c:1287:9: warning: returning void-valued expression
arm/omap1.c:1382:9: warning: returning void-valued expression
arm/omap1.c:1650:9: warning: returning void-valued expression
arm/omap1.c:1778:9: warning: returning void-valued expression
arm/omap1.c:1985:9: warning: returning void-valued expression
arm/omap1.c:210:9: warning: returning void-valued expression
arm/omap1.c:2213:9: warning: returning void-valued expression
arm/omap1.c:2352:9: warning: returning void-valued expression
arm/omap1.c:2447:9: warning: returning void-valued expression
arm/omap1.c:2640:9: warning: returning void-valued expression
arm/omap1.c:317:9: warning: returning void-valued expression
arm/omap1.c:3413:13: warning: returning void-valued expression
arm/omap1.c:3414:13: warning: returning void-valued expression
arm/omap1.c:3415:14: warning: returning void-valued expression
arm/omap1.c:3589:9: warning: returning void-valued expression
arm/omap1.c:443:9: warning: returning void-valued expression
arm/omap1.c:588:9: warning: returning void-valued expression
arm/omap1.c:860:9: warning: returning void-valued expression
arm/omap2.c:1362:9: warning: returning void-valued expression
arm/omap2.c:450:9: warning: returning void-valued expression
arm/omap2.c:695:9: warning: returning void-valued expression
arm/omap2.c:760:9: warning: returning void-valued expression
hw/char/omap_uart.c:115:9: warning: returning void-valued expression
hw/display/omap_dss.c:1019:9: warning: returning void-valued expression
hw/display/omap_dss.c:215:9: warning: returning void-valued expression
hw/display/omap_dss.c:380:9: warning: returning void-valued expression
hw/display/omap_dss.c:739:9: warning: returning void-valued expression
hw/display/omap_dss.c:931:9: warning: returning void-valued expression
hw/dma/omap_dma.c:139:5: warning: returning void-valued expression
hw/dma/omap_dma.c:1505:9: warning: returning void-valued expression
hw/dma/omap_dma.c:1860:9: warning: returning void-valued expression
hw/gpio/omap_gpio.c:116:9: warning: returning void-valued expression
hw/misc/omap_gpmc.c:627:9: warning: returning void-valued expression
hw/misc/omap_l4.c:85:9: warning: returning void-valued expression
hw/misc/omap_sdrc.c:95:9: warning: returning void-valued expression
hw/misc/omap_tap.c:98:9: warning: returning void-valued expression
hw/sd/omap_mmc.c:409:9: warning: returning void-valued expression
hw/ssi/omap_spi.c:229:9: warning: returning void-valued expression
hw/timer/omap_gptimer.c:447:9: warning: returning void-valued expression

Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-03-19 11:11:55 +03:00