This patch fixes a bunch of issues in the itd descriptor handling.
Most important fix is to handle transfers which cross page borders
correctly by looking up the address of the next page. Luckily the
linux uses physically contigous memory so the data used to hits the
correct location even with this bug instead of corrupting guest
memory. Also the transfer length updates for outgoing transfers wasn't
correct.
While being at it DPRINTFs have been replaced by tracepoints.
The isoch_pause logic has been disabled. Not clear to me which propose
this serves and I think it is incorrect too as we just skip processing
itds. Even when no xfer happens we have to clear the active bit.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The USB tablet advertises that it supports the "boot" protocol.
However, its reports aren't "boot" protocol compatible. So, it
shouldn't claim that.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The QEMU USB mouse claims to support the "boot" protocol
(bInterfaceSubClass is 1). However, the mouse rejects the
Set_Protocol command.
The qemu mouse does support the "boot" protocol specification, so a
simple fix is to enable the Set_Protocol request.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The state machine doesn't stop in EXECUTING state any more when async
packets are in flight, so the checks are not needed any more and can
be dropped.
Also kick out the check for the frame timer. As we don't stop & sleep
any more on async packets this is obsolete.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds USBBusOps struct with (for now) only a single callback
which is called when a device is about to be destroyed. The USB Host
adapters are implementing this callback and use it to cancel any async
requests which might be in flight before the device actually goes away.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Set the correct bits for nodev, stall and babble errors.
Raise errint irq. Fix state transition from WRITEBACK
to the next state.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Two bugs at once:
First the mask is backwards, so the it used to keeps the offset and
clears the page address, which is not what we need when we update the
offset.
Second the offset calculation is wrong in case head isn't page aligned.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds support for keeping multiple queues going at the same
time. One slow device will not affect other devices any more.
The patch adds code to manage EHCIQueue structs. It also does a number
of changes to the state machine:
* The state machine will never ever stop in EXECUTING any more.
Instead it will continue with the next queue (aka HORIZONTALQH) when
the usb device returns USB_RET_ASYNC.
* The state machine will stop processing when it figures it walks in
circles (easy to figure now that we have a EHCIQueue struct for each
QH we've processed). The bailout logic should not be needed any
more. For now it is still in, but will assert() in case it triggers.
* The state machine will just skip queues with a async USBPacket in
flight.
* The state machine will resume processing as soon as the async
USBPacket is finished.
The patch also takes care to flush the QH struct back to guest memory
when needed, so we don't get stale data when (re-)loading it from guest
memory in FETCHQH state.
It also makes the writeback code to not touch the first three dwords of
the QH struct as the EHCI must not write them. This actually fixes a
bug where QH chaining changes (next ptr) by the linux ehci driver where
overwritten by the emulated EHCI.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add EHCIQueue struct, move the fields needed to track the queue state
into that struct. Pass the new struct instead of ehci state down to
functions which handle the queue state. Lot of variable references have
changed due to that without an actual functional change.
Replace fetch_addr with two variables, one for async and one for
periodic schedule. Add functions to get and set the fetch address.
Use EHCIQueue->usb_status (old name: EHCIState->exec_status) directly in
ehci_execute_complete instead of passing around the status using a
parameters and the return value.
ehci_state_fetchqh returns a EHCIQueue struct now.
No change in behavior.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add a separate tracepoint to log how register values change in response
to a mmio write. Especially useful for registers which have read-only
or clear-on-write bits in them.
No change in behavior.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Trace usb port operations (attach, detach, reset),
drop a few obsolete DPRINTF's.
No change in behavior.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add functions to get and set the current state of the state machine,
add tracepoints there to trace state transitions. Add support for
traceing the queue heads and transfer descriptors as we look at them.
Drop a few DPRINTFs and all DPRINTF_ST lines, they are obsolete now.
No change in behavior.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch starts adding trace support to ehci. It traces
updates of the status register (USBSTS), mmio access and
controller reset.
It also adds functions to set and clear status register bits
and puts them in use everywhere.
Some DPRINTF's are dropped in favor of the new tracepoints.
No change in behavior.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Factor out disconnect code (called when a device disappears) to a
separate function. Add a check for ENODEV errno to a few more places
to make sure we notice disconnects.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Variable 'snap' is assigned a value that is never used.
Remove snap and the related code.
Cc: Christian Brunner <chb@muc.de>
Cc: Josh Durgin <josh.durgin@dreamhost.com>
Cc: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Reviewed-by: Josh Durgin <josh.durgin@dreamhost.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Changes since v1: create a wrapper function named qemu_daemon() in oslib-posix.c
instead of putting the OS specific workaround in qemu-nbd.c directly.
On OSX >= 10.5, daemon() is deprecated, resulting in the following warning:
----8<----
qemu-nbd.c: In function ‘main’:
qemu-nbd.c:371: warning: ‘daemon’ is deprecated (declared at /usr/include/stdlib.h:289)
----8<----
The following trick, used in mDNSResponder, takes care of this warning:
http://www.opensource.apple.com/source/mDNSResponder/mDNSResponder-258.18/mDNSPosix/PosixDaemon.c
On OSX, it temporarily renames the daemon() function before including stdlib.h
and declares it manually as an extern function. This way, the compiler does not
see the declaration from stdlib.h and thus does not display the warning.
Signed-off-by: Alexandre Raymond <cerbere@gmail.com>
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Avoid compiler confusion as to which method signature to use for the
handleEvent: selector on OSX >= 10.6 by making the variable type-safe
as opposed to generic 'id' type.
Requires moving the variable definition to after the class definition.
----8<----
ui/cocoa.m: In function ‘cocoa_refresh’:
ui/cocoa.m:997: warning: multiple methods named ‘-handleEvent:’ found
/System/Library/Frameworks/AppKit.framework/Headers/NSTextInputContext.h:84: warning: using ‘-(BOOL)handleEvent:(NSEvent *)theEvent’
ui/cocoa.m:272: warning: also found ‘-(void)handleEvent:(NSEvent *)event’
----8<---
Reported-by: Alexandre Raymond <cerbere@gmail.com>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Tested-by: Alexandre Raymond <cerbere@gmail.com>
In 821601ea5b (Make VNC support optional)
cocoa.o was moved from ui-obj-$(CONFIG_COCOA) to vnc-obj-$(CONFIG_COCOA),
adding a dependency on $(CONFIG_VNC). That must've been unintentional.
Cc: Jes Sorensen <Jes.Sorensen@redhat.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
This fixes a missing prototype warning in vl.c and obsoletes
the prototype in cocoa.m. Adjust callers in cocoa.m to supply
third argument, which is currently only used on Linux/ppc.
The prototype is designed so that it could be shared with SDL
and other frontends, if desired.
Cc: Alexandre Raymond <cerbere@gmail.com>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Building with libfdt results in the following warnings on Mac OS X:
CC ppc-softmmu/device_tree.o
In file included from /Users/andreas/QEMU/latest64/include/libfdt.h:54,
from /Users/andreas/QEMU/qemu/device_tree.c:26:
/Users/andreas/QEMU/qemu/libfdt_env.h:25:20: warning: endian.h: No such file or directory
/Users/andreas/QEMU/qemu/libfdt_env.h:26:22: warning: byteswap.h: No such file or directory
/Users/andreas/QEMU/qemu/libfdt_env.h:28:5: warning: "__BYTE_ORDER" is not defined
/Users/andreas/QEMU/qemu/libfdt_env.h:28:21: warning: "__BIG_ENDIAN" is not defined
Since QEMU's copy of libfdt_env.h only uses bswap_32() and bswap_64(),
let QEMU's bswap.h take care of the headers and use its endianness define.
Cc: Hollis Blanchard <hollis@penguinppc.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Acked-by: Alexander Graf <agraf@suse.de>
Under Darwin, a symbol exists for the fdatasync() function, so that our
link test succeeds. However _POSIX_SYNCHRONIZED_IO is set to '-1'.
According to POSIX:2008, a value of -1 means the feature is not supported.
A value of 0 means supported at compilation time, and a value greater 0
means supported at both compilation and run time.
Enable fdatasync() only if _POSIX_SYNCHRONIZED_IO is '>0'.
Signed-off-by: Alexandre Raymond <cerbere@gmail.com>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
----8<----
qemu/target-lm32/translate.c: In function ‘gen_intermediate_code_internal’:
qemu/target-lm32/translate.c:1135: warning: format ‘%zd’ expects type ‘signed size_t’, but argument 4 has type ‘int’
----8<----
Both gen_opc_ptr and gen_opc_buf are "uint16_t *". The difference between
pointers is a ptrdiff_t so printf needs '%td'.
Signed-off-by: Alexandre Raymond <cerbere@gmail.com>
Acked-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
There was already a check in place to avoid displaying a window
in certain modes such as vnc, nographic or curses.
Add a check for '-h' and '-help' to avoid displaying a window for a split-
second before showing the usage information.
Signed-off-by: Alexandre Raymond <cerbere@gmail.com>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
In audio/coreaudio.c, a variable named "str" was assigned "const char" values,
which resulted in the following warnings:
-----8<-----
audio/coreaudio.c: In function ‘coreaudio_logstatus’:
audio/coreaudio.c:59: warning: initialization discards qualifiers from pointer target type
audio/coreaudio.c:63: warning: assignment discards qualifiers from pointer target type
(...)
-----8<-----
Signed-off-by: Alexandre Raymond <cerbere@gmail.com>
Acked-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
When invoked with -version, qemu will exit just after displaying the version,
so there is no need to create a window.
Also handles --XXX options.
Signed-off-by: Tristan Gingold <gingold@adacore.com>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Older versions of libcurl don't have some of the features we try to
use, in particular curl_multi_setopt(). Check for this in the 'is
libcurl available?' configure test so we disable curl support if the
library is too old.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Add an explanatory note to the top of Changelog pointing at the
wiki and git history for changelogs for more recent releases.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Add support for event_idx feature, and utilize it to
reduce the number of interrupts and exits for the guest.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This also cleans up an open-coded 64-bit message address readout.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Pulls in latest version from kernel 3.0-rc2.
Some changes around AER now require local defines as QEMU accesses the
error source identification register via sub-words.
CC: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Current vm_running was not explicitly initialized and its value was changed by
vm state notifier, this may confuse the virtio device being hotplugged such as
virtio-net with vhost backend as it may think the vm was not running. Solve this
by initialize this value explicitly in virtio_common_init().
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The virtio_queue_notify() function checks that the virtqueue number is
less than the maximum number of virtqueues. A signed comparison is used
but the virtqueue number could be negative if a buggy or malicious guest
is run. This results in memory accesses outside of the virtqueue array.
It is risky doing input validation in common code instead of at the
guest<->host boundary. Note that virtio_queue_set_addr(),
virtio_queue_get_addr(), virtio_queue_get_num(), and many other virtio
functions do *not* validate the virtqueue number argument.
Instead of fixing the comparison in virtio_queue_notify(), move the
comparison to the virtio bindings (just like VIRTIO_PCI_QUEUE_SEL) where
we have a uint32_t value and can avoid ever calling into common virtio
code if the virtqueue number is invalid.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
