While processing transmit(tx) descriptors in 'tx_consume' routine
the switch emulator suffers from an off-by-one error, if a
descriptor was to have more than allowed(ROCKER_TX_FRAGS_MAX=16)
fragments. Fix an incorrect bounds check to avoid it.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Following the previous patch which changed vmxnet3 to be a pci express
device, this patch introduces a boolean property 'x-disable-pcie' whose
default is false.
Setting 'x-disable-pcie' to 'on' preserves the old 'pci device' (non
express) behavior. This allows migration to older versions.
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Report the DSN extended PCI capability at 0x100.
DSN value is a transformation of device MAC address, as calculated
by VMware virtual hardware.
DSN is reported only if device is pcie.
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Report the 'express endpoint' capability if on a PCIE bus.
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Introduce a class type for vmxnet3, and the usual
DEVICE_CLASS/DEVICE_GET_CLASS macros.
No semantic change.
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Following the previous patches, where vmxnet3's pci's msi/msix
capability offsets and msix's PBA table offsets have been changed, this
patch introduces a boolean property 'x-old-msi-offsets' to vmxnet3,
whose default is false.
Setting 'x-old-msi-offsets' to 'on' preserves the old offsets behavior,
which allows migration to older versions.
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Place the PBA table at 0x1000, as placed by VMware virtual hardware.
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Place device reported PCI capabilities at the same offsets as placed by
the VMware virtual hardware: MSI at [84], MSI-X at [9c].
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
VMXNET3_DEVICE_VERSION is used as return value for accessing
UPT Revision Report and Selection register. So rename it
to VMXNET3_UPT_REVISION.
Signed-off-by: Miao Yan <yanmiaoebest@gmail.com>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Return 0 on unknown command, this is what esxi (5.x+) behaves.
Signed-off-by: Miao Yan <yanmiaobest@gmail.com>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
VMXNET3_CMD_GET_DEV_EXTRA_INFO should return 0 for emulation
mode
This behavior can be observed by the following steps:
1) run a Linux distro on esxi server (5.x+)
2) modify vmxnet3 Linux driver to read the register:
VMXNET3_WRITE_BAR1_REG(adapter, VMXNET3_REG_CMD, VMXNET3_CMD_GET_DEV_EXTRA_INFO);
ret = VMXNET3_READ_BAR1_REG(adapter, VMXNET3_REG_CMD);
pr_info("vmxnet3 dev_info: 0x%x\n", ret);
The kernel log will have some like the following message:
[ 7005.111170] vmxnet3 dev_info: 0x0
Signed-off-by: Miao Yan <yanmiaobest@gmail.com>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
VMXNET3_CMD_GET_DID_LO should return PCI ID of the device
and VMXNET3_CMD_GET_DID_HI should return vmxnet3 revision ID.
This behavior can be observed by the following steps:
1) run a Linux distro on esxi server (5.x+)
2) modify vmxnet3 Linux driver to read DID_HI and DID_LO:
VMXNET3_WRITE_BAR1_REG(adapter, VMXNET3_REG_CMD, VMXNET3_CMD_GET_DID_LO);
lo = VMXNET3_READ_BAR1_REG(adapter, VMXNET3_REG_CMD);
VMXNET3_WRITE_BAR1_REG(adapter, VMXNET3_REG_CMD, VMXNET3_CMD_GET_DID_HI);
high = VMXNET3_READ_BAR1_REG(adapter, VMXNET3_REG_CMD);
pr_info("vmxnet3 DID lo: 0x%x, high: 0x%x\n", lo, high);
The kernel log will have something like the following message:
[ 7005.111170] vmxnet3 DID lo: 0x7b0, high: 0x1
Signed-off-by: Miao Yan <yanmiaobest@gmail.com>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
When reading device status, 0 means device is successfully
activated and 1 means error.
This behavior can be observed by the following steps:
1) run a Linux distro on esxi server (5.5+)
2) modify vmxnet3 Linux driver to give it an invalid
address to 'adapter->shared_pa' which is the
shared memory for guest/host communication
This will trigger device activation failure and kernel
log will have the following message:
[ 7138.403256] vmxnet3 0000:03:00.0 eth1: Failed to activate dev: error 1
So return 1 on device activation failure instead of -1;
Signed-off-by: Miao Yan <yanmiaobest@gmail.com>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
The file net/slirp.c should be listed in the SLIRP section, too.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Vmxnet3 device emulator does not check if the device is active
before activating it, also it did not free the transmit & receive
buffers while deactivating the device, thus resulting in memory
leakage on the host. This patch fixes both these issues to avoid
host memory leakage.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Macro VMW_SHPRN(...) is already defined vmxnet3_debug.h,
so remove the duplication
Signed-off-by: Miao Yan <yanmiaobest@gmail.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Vmxnet3 uses the following debug macro style:
#ifdef SOME_DEBUG
# define debug(...) do{ printf(...); } while (0)
# else
# define debug(...) do{ } while (0)
#endif
If SOME_DEBUG is undefined, then format string inside the
debug macro will never be checked by compiler. Code is
likely to break in the future when SOME_DEBUG is enabled
because of lack of testing. This patch changes this
to the following:
#define debug(...) \
do { if (SOME_DEBUG_ENABLED) printf(...); } while (0)
Signed-off-by: Miao Yan <yanmiaobest@gmail.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Use %zu specifier for size_t in printf, otherwise build would fail
on platforms where size_t is not unsigned long
Signed-off-by: Miao Yan <yanmiaobest@gmail.com>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Macro MAC_FMT and MAC_ARG are not defined, but used in vmxnet3_net_init().
This will cause build error when debug level is raised in
vmxnet3_debug.h (enable all VMXNET3_DEBUG_xxx).
Use VMXNET_MF and VXMNET_MA instead.
Signed-off-by: Miao Yan <yanmiaobest@gmail.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Current text_console_update() writes totally broken color attributes
to console_write_ch(). The format now is writing,
[WRONG]
bold << 21 | fg << 12 | bg << 8 | char
fg == 3bits curses color number
bg == 3bits curses color number
I can't see this format is where come from. Anyway, this doesn't work
at all.
What curses expects is actually (and vga.c is using),
[RIGHT]
bold << 21 | bg << 11 | fg << 8 | char
fg == 3bits vga color number
bg == 3bits vga color number
And curses set COLOR_PAIR() up to match this format, and curses's
chtype. I.e,
bold | color_pair | char
color_pair == (bg << 3 | fg)
To fix, this simply uses VGA color number everywhere except curses.c
internal. Then, convert it to above [RIGHT] format to write by
console_write_ch(). And as bonus, this reduces to expose curses define
to other parts (removes COLOR_* from console.c).
[Tested the first line is displayed as white on blue back for monitor
in curses console]
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Message-id: 87r3j95407.fsf@mail.parknet.co.jp
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJWjuqwAAoJEDuxQgLoOKytznIH/Ap0ldYSdwBouhZkpKRDwIwf
5/9skIgwuDJ2DeGDqAcVEC4Nxq9HuUCz7DcXPAiTfFRM7ccpnSJJ5O0vfTuC353t
59h1JYh2kLDLXEm4RdylLMeuLNGuc+avUtWGVVQOrjFmSQAO7z3nexmoNRL6ccqE
Cd/Oe1I2QU65p/4YpyslKg0N8A/WrHjOsf58Coo2ZCGNh3GLCNuE5mpofXBeSfWB
bFdaq2Uv9x3F+vVq5zx3iNt2J8kHXlwZBEEYACzs+2j7j7O5TedjHDjgBrirbxl/
C3F8d+4JqhzAP141yZMO35z1hbehCaKddDZRuN8ryeMXSnBLU3hP9wm4Y1HLrJc=
=bxBe
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-for-peter-2016-01-07' into staging
Block patches from 2015-12-23 until 2016-01-07.
# gpg: Signature made Thu 07 Jan 2016 22:46:08 GMT using RSA key ID E838ACAD
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>"
* remotes/maxreitz/tags/pull-block-for-peter-2016-01-07: (21 commits)
iotests: Add test cases for blockdev-mirror
qmp: Add blockdev-mirror command
block: Add check on mirror target
block: Extract blockdev part of qmp_drive_mirror
block: Rename BLOCK_OP_TYPE_MIRROR to BLOCK_OP_TYPE_MIRROR_SOURCE
qemu-iotests: s390x: fix test 051
iotests: 095: Filter _img_info output
iotests: 095: Use TEST_IMG override instead of "mv"
iotests: 050: Use TEST_IMG override instead of "mv"
iotests: 038: Use TEST_IMG override instead of "mv"
iotests: 037: Use TEST_IMG override instead of "mv"
iotests: 034: Use TEST_IMG override instead of "mv"
iotests: 028: Use TEST_IMG override instead of "mv"
iotests: 024: Use TEST_IMG override instead of "mv"
iotests: 020: Use TEST_IMG override instead of "mv"
iotests: 019: Use TEST_IMG override instead of "mv"
iotests: 018: Use TEST_IMG override instead of "mv"
block/qapi: Clear err for further error
block: use drained section in bdrv_close
qemu-iotests: make check-block.sh work on out-of-tree builds
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
On overcommitted CPU, kernel can be so slow that an interrupt can
be triggered by the device whereas the driver is not ready to receive
it. This drives us into an infinite loop.
On suspend, if a SOF interrupt is raised between the stop of the
device processing and the change of the device internal state to
OHCI_USB_SUSPEND (QEMU stops SOF timer on this state change), this
interrupt is never acknowledged.
This patch clears pending SOF interrupt on OHCI_USB_SUSPEND setting.
Some details:
- ohci_irq(): the OHCI interrupt handler, acknowledges the SOF IRQ
only if the state of the driver (rh_state) is OHCI_STATE_RUNNING.
So if this interrupt happens and the driver is not in this state,
the function is called again and again, moving the system to a
CPU starvation.
- ohci_rh_suspend(): the function stop the operation and acknowledge
pending interrupts (but doesn't disable it). Later in the function,
the device is moved to OHCI_SUSPEND_STATE, and the driver to
OHCI_RH_SUSPENDED. If between the moment when the interrupt is
acknowledged and the moment when the device is suspended a new
interrupt is raised, it will be never acknowledged because the
driver is now not in OHCI_RH_RUNNING state.
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 1452109525-32150-3-git-send-email-lvivier@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
On overcommitted CPU, kernel can be so slow that an interrupt can
be triggered by the device whereas the driver is not ready to receive
it. This drives us into an infinite loop.
This does not happen on real hardware because real hardware never send
interrupt immediately after the controller has been moved to OPERATION state.
This patch tries to delay the first SOF interrupt to let driver exits from
the critical section (which is not protected against interrupts...)
Some details:
- ohci_irq(): the OHCI interrupt handler, acknowledges the SOF IRQ
only if the state of the driver (rh_state) is OHCI_STATE_RUNNING.
So if this interrupt happens and the driver is not in this state,
the function is called again and again, moving the system to a
CPU starvation.
- ohci_rh_resume(): the driver re-enables operation with OHCI_USB_OPER.
In QEMU this start the SOF timer and QEMU starts to send IRQs. As
the driver is not in OHCI_STATE_RUNNING and not protected against IRQ,
the ohci_irq() can be called and the driver never moved to
OHCI_STATE_RUNNING.
Suggested-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 1452109525-32150-2-git-send-email-lvivier@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
trace_usb_mtp_inotify_event() was being called after the object was
being freed.
Signed-off-by: Bandan Das <bsd@redhat.com>
Message-id: 1450861787-16213-3-git-send-email-bsd@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
usb_mtp_inotify_cleanup uses QLIST_FOREACH to pick events
from a list and free them which is incorrect. Use QLIST_FOREACH_SAFE
instead.
Signed-off-by: Bandan Das <bsd@redhat.com>
Message-id: 1450861787-16213-2-git-send-email-bsd@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Specification says that: "This bit is set by HCD to initiate a software reset of HC."
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-id: 1450567431-31795-4-git-send-email-hpoussin@reactos.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Specification says that, when entering this state, "the contents of the registers
(except Root Hub registers) are preserved by the HC. [...] The Root Hub is being reset,
which causes the Root Hub's downstream ports to be reset and possibly powered off."
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-id: 1450567431-31795-3-git-send-email-hpoussin@reactos.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This will start a mirror job from a named device to another named
device, its relation with drive-mirror is similar with blockdev-backup
to drive-backup.
In blockdev-mirror, the target node should be prepared by blockdev-add,
which will be responsible for assigning a name to the new node, so
we don't have 'node-name' parameter.
Signed-off-by: Fam Zheng <famz@redhat.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1450932306-13717-5-git-send-email-famz@redhat.com
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
This is the part that will be reused by blockdev-mirror.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1450932306-13717-3-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
It's necessary to distinguish source and target before we can add
blockdev-mirror, because we would want a concrete type of operation to
check on target bs before starting.
Signed-off-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1450932306-13717-2-git-send-email-famz@redhat.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
Replace the remaining "-drive file..."
by "-drive file=...,if=none,id=$device_id", then x86 and s390x
can get the common output.
"if=ide, if=floppy, if=scsi" are not supported by s390x,
so these test cases are not executed for s390x platform.
Signed-off-by: Bo Tu <tubo@linux.vnet.ibm.com>
Message-id: 1451885360-20236-2-git-send-email-tubo@linux.vnet.ibm.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
