1) Move GPIO-related functionality to qdev. Now one can use directly
qdev_get_gpio_in()/qdev_connect_gpio_out() on max7310 devices.
2) Make reset to be called through qdev.reset callback.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
The host part of a block device can be deleted with in progress
block migration.
To fix this, add a reference count to DriveInfo, freeing resources
on last reference.
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
CC: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Different AHCI controllers have a different number of ports, so the core
shouldn't care about the amount of ports available.
This patch makes the number of ports available to the AHCI core runtime
configurable, allowing us to have multiple different AHCI implementations
with different amounts of ports.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The ahci code was missing its soft reset functionality. This wasn't really an
issue for Linux guests, but Windows gets confused when the controller doesn't
reset when it tells it so.
Using this patch I can now successfully boot Windows 7 from AHCI using AHCI
enabled SeaBIOS.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The drive sends a d2h init fis on initialization. Usually, the guest doesn't
receive fises yet at that point though, so the delivery is deferred.
Let's reflect that by sending the init fis on fis receive enablement.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Sebastian's patch already did a pretty good job at splitting up ICH-9
AHCI code and the AHCI core. We need some more though. Copyright was missing,
the lspci dump belongs to ICH-9, we don't need the AHCI core to have its
own qdev device duplicate.
So let's split them a bit more in this patch, making things easier to
read an understand.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Due to popular request, this patch adds a license header to ahci.h
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
There are multiple ahci devices out there. The currently implemented ich-9
is only one of the many. So let's split that one out into a separate file
to stress the difference.
Signed-off-by: Sebastian Herbszt <herbszt@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Fix a few style issues and convert magic numbers into prober symbolic
constants, also fixing the wrong but unused IOAPIC_DM_SIPI value.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
qemu-kvm carries the IOAPIC base address in its v2 vmstate. We only
support the default base address so far, and saving even that in the
device state was rejected.
Add a padding field to be able to read qemu-kvm's old state, but
increase our version to 3, indicating that we are not saving a valid
address. This also gives downstream the chance to change to stop
evaluating the base_address and move to v3 as well.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This is a guest modifiable state that must be saved/restored properly.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Add the missing EOI broadcast from local APIC to the IOAPICs on
completion of level-triggered IRQs. This ensures that a still asserted
IRQ source properly re-triggers an APIC IRQ.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This can happen if a port gets unplugged before guest has chance to
initialise vqs.
Reported-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When MSI is off, each interrupt needs to be bounced through the io
thread when it's set/cleared, so vhost-net causes more context switches and
higher CPU utilization than userspace virtio which handles networking in
the same thread.
We'll need to fix this by adding level irq support in kvm irqfd,
for now disable vhost-net in these configurations.
Added a vhostforce flag to force vhost-net back on.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The Ubuntu 10.10 gcc for ARM complains that we might be overrunning
the cpu_irqs[][] array: silence this by correcting the bounds on the
loop. (In fact we would not have overrun the array because bit
MAX_PILS in pil_pending and irl_out will always be 0.)
Also add a comment about why the loop's lower bound is OK.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The "leon3_cache_control_int" (op_helper.c) function is called within leon3.c
which leads to segfault error with the global "env".
Now cache control is a CPU feature and everything is handled in op_helper.c.
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Watch this:
(qemu) drive_add 0 if=none
(qemu) info block
none0: type=hd removable=0 [not inserted]
(qemu) drive_del none0
Segmentation fault (core dumped)
add_init_drive() is confused about drive_init()'s failure modes, and
cleans up when it shouldn't. This leaves the DriveInfo with member
opts dangling. drive_del attempts to free it, and dies.
drive_init() behaves as follows:
* If it created a drive with media, it returns its DriveInfo.
* If it created a drive without media, it clears *fatal_error and
returns NULL.
* If it couldn't create a drive, it sets *fatal_error and returns
NULL.
Of its three callers:
* drive_init_func() is correct.
* usb_msd_init() assumes drive_init() failed when it returns NULL.
This is correct only because it always passes option "file", and
"drive without media" can't happen then.
* add_init_drive() assumes drive_init() failed when it returns NULL.
This is incorrect.
Clean up drive_init() to return NULL on failure and only on failure.
Drop its parameter fatal_error.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Before, type & index were hidden in printf-like fmt, ... parameters,
which get expanded into an option string. Rather inconvenient for
uses later in this series.
New IF_DEFAULT to ask for the machine's default interface. Before,
that was done by having no option "if" in the option string.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Before commit 622b520f, index=12 meant bus=1,unit=5.
Since the commit, it means bus=0,unit=12. The drive is created, but
not the guest device. That's because the controllers we use with
if=scsi drives (lsi53c895a and esp) support only 7 units, and
scsi_bus_legacy_handle_cmdline() ignores drives with unit numbers
exceeding that limit.
Changing the mapping of index to bus, unit is a regression. Breaking
-drive invocations that used to work just makes it worse.
Revert the part of commit 622b520f that causes this, and clean up
some.
Note that the fix only affects if=scsi. You can still put more than 7
units on a SCSI bus with -device & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
qdev_init_bdrv() doesn't belong into qdev.c; it's about drives, not
qdevs. Rename to drive_get_next, move to blockdev.c, drop the bogus
DeviceState argument, and return DriveInfo instead of
BlockDriverState.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
drive_init() picks the first free bus and unit number, unless the user
specifies them.
This isn't a good fit for the drive_add monitor command, because there
we specify the controller by PCI address instead of using bus number
set by drive_init().
scsi_hot_add() takes care to replace the unit number set by
drive_init() by the real one, but it neglects to replace the bus
number. Thus, bus/unit in DriveInfo may be bogus. Affects
drive_get() and drive_get_max_bus(). I'm not aware of anything bad
happening because of that; looks like by the time we're hot-plugging,
the two functions aren't used anymore. Fix it anyway.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The len and is_write arguments to cpu_physical_memory_unmap() were
swapped. This patch changes calls to use the correct argument ordering.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Raise a config change interrupt when the size changed. This allows
virtio-blk guest drivers to read-read the information from the
config space once it got the config chaged interrupt.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Extend the change_cb callback with a reason argument, and use it
to tell drivers about size changes.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
r3480 added this check to account for the entry vector 0xfff00100 to be
available for CPUs that need it. Today however, the NIP is not yet
initialized at this point (zero), so the check always triggers.
Moreover, BIOS size check is already done previously, so this part can
be removed too.
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
For some unknown reason, the MIPS kernel briefly changes the RTC to
binary mode during boot, switch back to BCD mode and read the time. As
the registers are updated only every second, they may still be in the
old format when they are read.
This patch forces a register update immediately after a format change
(BCD/binary or 12/24H). This avoid long fsck during boot due to time
wrap.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
virtio-blk doesn't work on cross-endian configuration, as endianness is
not handled correctly.
This patch adds missing endianness conversions to make virtio-blk
working. Tested on the following configurations:
- i386 guest on x86_64 host
- ppc guest on x86_64 host
- i386 guest on mips host
- ppc guest on mips host
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
virtio-net used to work on cross-endianness configurations, but doesn't
anymore with recent guest kernels, as the new features don't handle
endianness correctly.
This patch fixes wrong conversion, and add missing ones to make
virtio-net working. Tested on the following configurations:
- i386 guest on x86_64 host
- ppc guest on x86_64 host
- i386 guest on mips host
- ppc guest on mips host
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Recent PowerPC kernel end up in kernel panic during boot in -nographic
mode. In this mode the second serial port is used as the udbg console,
and thus a few characters are sent on this port. This activates the
tx interrupt flag, and later choke the Linux kernel, as it was not
expecting such a flag to be set.
The problem here comes from the fact that contrary to most devices the
interrupt flags are only set if the interrupt is enabled. Quoting the
datasheet: "If the corresponding IE bit is not set, the IP for that
source of interrupt will never be set."
This patch fixes that by enabling the interrupt flag only when the
corresponding interrupt is enabled.
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
As noted by Markus Armbruster pxa2xx_gpio vmstate version bumped
because of a change in the or .ilevel / .olevel arrays are saved,
for convenience.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Switch sl-nand emulation to use qdev and vmstate. Also drop ecc_get/_put
functions as sl-nand was the only user of that code.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Convert SharpSL scoop device to qdev, remove lots of supporting code, as
lot of init and gpio related things can now be done automagically.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
This patch fixes typo in pcibus_get_dev_path().
Without this patch, the result of pcibus_get_dev_path() isn't unique.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
PCI_BRIDGE_CTL_DISCARD_STATUS (bit 10 in bridge control register)
is W1C so we should not make it writeable, otherwise the assert(!(wmask
& w1cmask)) in pci_default_write_config() is hit
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reported-by: Isaku Yamahata <yamahata@valinux.co.jp>
Tested-by: Isaku Yamahata <yamahata@valinux.co.jp>
Leon3 is an open-source VHDL System-On-Chip, well known in space industry (more
information on http://www.gaisler.com).
Leon3 is made of multiple components available in the GrLib VHDL library.
Three devices are implemented: uart, timers and IRQ manager.
You can find code for these peripherals in the grlib_* files.
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This device exposes one parameter:
- chardev (ptr) : Pointer to a qemu character device
Emulation of GrLib devices is base on the GRLIB IP Core User's Manual:
http://www.gaisler.com/products/grlib/grip.pdf
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This device exposes two parameters:
- set_pil_in (ptr) : A function to set the pil_in of the SPARC CPU
- set_pil_in_opaque (ptr) : Opaque argument of the set_pil_in function
Emulation of GrLib devices is base on the GRLIB IP Core User's Manual:
http://www.gaisler.com/products/grlib/grip.pdf
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This device exposes three parameters:
- frequency (uint32) : The system frequency
- irq-line (uint32) : IRQ line number for the first timer
(others use irq-line + 1, irq-line + 2...)
- nr-timers (uint32) : Number of timers
Emulation of GrLib devices is base on the GRLIB IP Core User's Manual:
http://www.gaisler.com/products/grlib/grip.pdf
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
USB Mass Storage Devices sometimes have the RMB (removable) bit set in
the SCSI INQUIRY response. Thumbdrives tend to have the bit set whereas
hard disks do not.
Operating systems differentiate between removable devices and fixed
devices. Under Linux, the anaconda installer looks for removable
devices. Under Windows, only fixed devices may have more than one
partition and AutoRun is also affected by the removable bit.
For these reasons, allow USB Mass Storage Devices to override the
removable bit:
qemu -usb
-drive if=none,file=test.img,cache=none,id=disk0
-device usb-storage,drive=disk0,removable=on
The default is off.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
scsi-disk devices may wish to override the removable bit. Add support
for a qdev property on SCSI devices. This is will be used by usb-msd.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Provide the "removable" qdev property bit to override the SCSI INQUIRY
removable (RMB) bit for non-CDROM devices. This will be used by USB
Mass Storage Devices, which sometimes have this guest-visible bit set
and sometimes do not. They therefore requires a means for user
configuration.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Avoid this warning from OpenBSD linker:
LINK i386-softmmu/qemu
../usb-bus.o(.text+0x27c): In function `usb_get_fw_dev_path':
/src/qemu/hw/usb-bus.c:294: warning: sprintf() is often misused,
please use snprintf()
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Yes, seriously. There is no migration support at all for usb devices.
They loose state, especially the device address, and stop responding
because of that. Oops.
Luckily there is so much broken usb hardware out there that the guest
usually just kicks the device hard (via port reset and
reinitialization), then continues without a hitch. So we got away with
that in a surprising high number of cases.
The arrival of remote wakeup (which enables autosuspend support) changes
that picture though. The usb devices also forget that it they are
supposed to wakeup, so they don't do that. The host also doesn't notice
the device stopped working in case it suspended the device and thus
expects it waking up instead of polling it. Result is that your mouse
is dead.
Lets start fixing that. Add a vmstate struct for USBDevice.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch moves the 'head' and 'n' fields from USBMouseState and
USBKeyboardState to the common USBHIDState struct.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds a event queue to the usb keyboard. This makes sure the
guest will see all key events even if they come in bursts. With this
patch applied sending Ctrl-Alt-Del using vncviewer's F8 menu works.
Also with autosuspend enabled the first keypress on a suspended keyboard
takes a little longer to be delivered to the guest because the usb bus
must be resumed first. Without event queue this easily gets lost.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The polling nature of the USB HID device makes it very hard to double
click or drag while on a high-latency VNC connection. This patch,
based on work done in the Xen qemu-dm tree by Ian Jackson, fixes this
bug by adding an event queue to the device. The event queue associates
each movement with the correct button state, and remembers all button
presses and releases as well.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffman <kraxel@redhat.com>
With bm == NULL, other code in the same function would crash.
This bug was reported by cppcheck:
hw/ide/pci.c:280: error: Possible null pointer dereference: bm
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Live migration from and to spice 0.4 qxl devices isn't going to work.
Rip out the bits which attempt to support that. Zap the subsection
logic which is obsolete now. Bumb the version to make a clean cut.
This should obviously go in before 0.14 is released.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
PCIDevice::rom_file is leaked.
PCIDevice::rom_file is allocated in pci_qdev_init(), but not freed anywhere.
free it in qemu_unregister_device().
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Merge ide_dma_submit_check into it's only caller. Also use tail recursion
using a goto instead of a real recursion - this avoid overflowing the
stack in the pathological situation of an recurring error that is ignored.
We'll still be busy looping in ide_dma_cb, but at least won't eat up
all stack space after this.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Currenly the code only resets the io_buffer_index field for reads,
but the code seems to expect this for all types of I/O. I guess
we simply don't hit large enough transfers that would require this
often enough.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Factor the DMA I/O path that is duplicated between read and write
commands, into common helpers using the s->is_read flag added for
the macio ATA controller.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The upper memory size field should exclude the first MB of RAM.
Signed-off-by: Kevin Wolf <mail@kevin-wolf.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Due to signed/unsigned comparison, the dirty bits are never reset, and
the screen redrawn each time. Fix that by only using ram_addr_t types,
and looking for page_min != addr_max instead.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
isa_mem_base is computed from registers during reset, but due to QEMU
limitations some devices (e.g. VGA card) need to know it earlier when
they are registered.
Workaround this by setting the value during registration instead of
reset.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The PL190 implementation keeps the default vector address
in vect_addr[16], but we weren't using this for writes to
the DEFVECTADDR register. As a result of this fix the
default_addr structure member is unused and we can delete it.
Reported-by: Himanshu Chauhan <hschauhan@nulltrace.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
use qemu_malloc() instead of direct use of malloc().
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
deassert intx on device reset.
So far pci_device_reset() is used for system reset.
In that case, interrupt controller is reset at the same time so that
all irq is are deasserted.
But now pci bus reset/flr is supported, and in that case irq needs to be
disabled explicitly.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Recently PXA2xx lcd have stopped to be updated incrementally (picture
frozen). This patch fixes that by passing non min/max x/y, but rather
(correctly) x/y and w/h.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
vmstate_pxa2xx_i2c incorrectly recursed to itself instead of going
to store slave device. Fix that stop stop qemu from segfaulting
during savevm for pxa2xx-based devices.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Second instance of scoop contains registers shifted to 0x40 from the start
of the page. Instead of messing with register mapping, just limit register
address to 0x00..0x3f.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Mainstone board has two flash chips (emulated by two ram regions), however
currently code tries to allocate them with the same name, which fails.
Fix that to make mainstone emulation work again.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
When operating on the SCIF, process all the received characters, as long
as the FIFO can handle them.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
When a modifier key is pressed or released, the USB HID keyboard still
answers NAK, unless another key is also pressed or released.
The patch fixes that by calling usb_hid_changed() when a modifier key
is pressed or released.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The new fields that got added as part of not copying over the guest
buffer to the host need to be saved/restored across migration. Do that
and bump up the version number.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
This commit lets apps signal an incomplete write. When that happens,
stop sending out any more data to the app and wait for it to unthrottle
the port.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
The have_data() API to hand off guest data to apps using virtio-serial
so far assumed all the data was consumed. Relax this assumption.
Future commits will allow for incomplete writes.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
When the guest writes something to a host, we copied over the entire
buffer first into the host and then processed it. Do away with that, it
could result in a malicious guest causing a DoS on the host.
Reported-by: Paul Brook <paul@codesourcery.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Instead of combining flush logic into the discard case and not discard
case, have one function doing discard case. This will help later when
adding flow control logic to the do_flush_queued_data() function.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Patch a6a7005d14 generated
broken device paths. We snprintf with a length shorter
than the output, so the last character is discarded and replaced
by the null byte. Fix it up by snprintf to a buffer
which is larger by 1 byte and then memcpy the data (without
the null byte) to where we need it.
Reported-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The initialisation for generic ports and console ports is similar.
Factor out the parts that are the same in a different function that can
be called from each of the initfns.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
When reading cp0_count from a timer with a late trigger that should
already have expired, expire it and raise the timer irq.
This makes it possible for guest code (e.g, Linux) that first read
cp0_count, then compare it with cp0_compare and check for raised
timer interrupt lines to run reliably.
Acked-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Reorganize for future patches, no functional change.
Acked-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Linux kernel started to use the SM501 2D engine for the console, and
especially the copyrect operation.
Implement this operation so that recent kernels can be used with QEMU.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Expose no_hotplug attribute via I/O port, so ACPI BIOS can indicate
removability status to guest OS.
An updated seabios is required to make use of this feature (seabios.git
commit ID 3c241edf3d7ef29c21).
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Tested-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The USB keyboard emulation's translation table in hw/usb-hid.c doesn't
match the codes actually sent for the Logo (a.k.a. "Windows") or Menu
keys. This results in the guest OS not being able to receive these keys
at all when the USB keyboard emulation is being used.
In particular, both the keymap in /usr/share/kvm/keymaps/modifiers and
the evdev table in x_keymap.c map these keys to 0xdb, 0xdc, and 0xdd,
while usb_hid_usage_keys[] seems to be expecting them to be mapped to
0x7d, 0x7e, and 0x7f.
The attached patch seems to fix the problem, at least in my (limited)
testing.
http://bugs.debian.org/578846http://bugs.debian.org/600593 (cloned from the above against different pkg)
https://bugs.launchpad.net/qemu/+bug/584139
Signed-Off-By: Brad Jorsch <anomie@users.sourceforge.net>
Signed-Off-By: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
lsi_ram_read*() and lsi_ram_write*() are not consistent, one uses
leXX_to_cpu() the other uses nothing. As the comment above the RAM
declaration says: "Script ram is stored as 32-bit words in host
byteorder.", remove the leXX_to_cpu() calls.
This fixes the boot of an ARM versatile machine on MIPS and PowerPC
hosts.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Board id can't be written with stl_phys() as it's read-only part of
memory. Use stl_p() on the memory buffer instead.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Fix a buffer overflow, reported by cppcheck:
[/src/qemu/hw/ppc405_uc.c:72]: (error) Buffer access out-of-bounds: bd.bi_s_version
The use of field bi_s_version seems to be a typo, it should be
bi_r_version.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Fix a buffer overflow, reported by cppcheck:
[/src/qemu/hw/lan9118.c:849]: (error) Buffer access out-of-bounds: s.eeprom
All eeprom handling code assumes that the size of eeprom is 128,
except lan9118_eeprom_cmd. Fix this by restricting the address passed.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The current default of 16 buffers for the control vq is too small. We
can get more entries in there, for example when asking the guest to add
max. allowed ports.
Note: a more robust solution would involve some kind of event queueing
in host to guarantee no event loss. Added a TODO to look into
this later.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This patch rewrites the firmware path code to use the physical port
location tracking just added to the qemu usb core. It also fixes the
port numbering to start with "1" in the firmware path.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This allows to explictily set the physical port where you want to
plug the usb device. Example:
-device usb-tablet,bus=usb.0,port=2
With explicit port addressing qemu can and will not automagically add
USB Hubs. This means that:
(a) You can plug two devices of your choice into the two uhci
root ports.
(b) If you want plug in more that two devices you have to care
about adding a hub yourself.
Plugging a hub works this way:
-device usb-hub,bus=usb.0,port=1
Use this to add a device to the hub:
-device usb-tablet,bus=usb.0,port=1.1
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add a path string to USBPort. Add usb_port_location() function to set
the physical location of the usb port. Update all drivers implementing
usb ports to call it. Update the monitor commands to print it. Wind it
up in qdev.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The scsi layer may return us more data than the guests wants to have.
Handle this by just ignoring the extra bytes and calling the
{read,write}_data callback to finish the request.
Seen happening in real life with some extended inquiry command.
With this patch applied the linux kernel stops reseting the device
once at boot.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Change usb_msd_send_status() to take a pointer to the status packet
instead of writing the status to s->usb_buf which might not point
to the correct location.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add high speed support to the usb mass storage device. With this patch
applied the linux kernel recognises the usb storage device as highspeed
capable device and suggests to connect it to a highspeed port instead of
the uhci. Tested with both uhci and (not-yet submitted) ehci.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add support for device_qualifier and other_speed_config descriptors.
These are used to query the "other speed" configuration of usb 2.0
devices, i.e. in high-speed mode they return the full-speed
configuration and visa versa.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add usb_desc_attach() which sets up the device according to the speed
the usb port is able to handle. This function can be hooked into the
handle_attach callback.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add handle_attach() callback to USBDeviceInfo which is called by the
generic package handler when the device is attached to the usb bus
(i.e. plugged into a port).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
It would be nice to have some way to signal our hid devices support
remote wakeup. There is a descriptor bit for that of course. Problem
with using is one is that older qemu versions used to set the bit even
though they did *not* support remote wakeup. Bummer.
This patch changes the serial number of our hid devices from "1" to "42"
to signal "it is safe to enable remote wakeup". The serial number was
choosen because it isn't used for anything and it is available in sysfs
so it is easy to match it using udev rules like this:
ACTION=="add", SUBSYSTEM=="usb", \
ATTR{product}=="QEMU USB Tablet", ATTR{serial}=="42", \
RUN+="usb_enable_autosuspend %p"
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch makes the usb hub handle remote wakeup requests from devices
properly by updating the port status register and forwarding the wakeup
to the upstream port.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>