qemu.git
10 years agoPPC: Qdev'ify e500 pci
Alexander Graf [Mon, 30 Aug 2010 22:22:28 +0000 (00:22 +0200)] 
PPC: Qdev'ify e500 pci

The e500 PCI controller isn't qdev'ified yet. This leads to severe issues
when running with -drive.

To be able to use a virtio disk with an e500 VM, let's convert the PCI
controller over to qdev.

Reviewed-by: Paul Brook <paul@codesourcery.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoPPC MPC7544DS: Use new TLB helper function
Alexander Graf [Fri, 6 May 2011 08:37:56 +0000 (10:37 +0200)] 
PPC MPC7544DS: Use new TLB helper function

Now that we have some nice helpers that can find us a TLB entry, let's
use that on the machine initialization code, so we don't need to know
about the internals of the TLB array.

Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoPPC: Implement e500 (FSL) MMU
Alexander Graf [Sat, 30 Apr 2011 21:34:58 +0000 (23:34 +0200)] 
PPC: Implement e500 (FSL) MMU

Most of the code to support e500 style MMUs is already in place, but
we're missing on some of the special TLB0-TLB1 handling code and slightly
different TLB modification.

This patch adds support for the FSL style MMU.

Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoPPC: Add another 64 bits to instruction feature mask
Alexander Graf [Sat, 30 Apr 2011 22:00:58 +0000 (00:00 +0200)] 
PPC: Add another 64 bits to instruction feature mask

To enable quick runtime detection of instruction groups to the currently
selected CPU emulation, we have a feature mask of what exactly the respective
instruction supports.

This feature mask is 64 bits long and we just successfully exceeded those 64
bits. To add more features, we need to think of something.

The easiest solution that came to my mind was to simply add another 64 bits
that we can also match on. Since the comparison is only done on start of the
qemu process to generate an internal opcode calling table, we should be fine
on any performance penalties here.

Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoPPC: Add GS MSR definition
Alexander Graf [Sat, 30 Apr 2011 21:34:56 +0000 (23:34 +0200)] 
PPC: Add GS MSR definition

The BookE specification defines MSR bit 28 as Guest State. Add it
to the list of MSR macros.

Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoPPC: Make MPC8544DS emulation work w/o KVM
Alexander Graf [Sat, 30 Apr 2011 21:34:53 +0000 (23:34 +0200)] 
PPC: Make MPC8544DS emulation work w/o KVM

The MPC8544DS board emulation was only used with KVM so far, so some
parts of the code didn't provide proper values for non-KVM execution.

This patch makes the machine work without KVM enabled. To actually use
this, you also need proper e500v2 MMU emulation.

Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoPPC: Make MPC8544DS obey -cpu switch
Alexander Graf [Sat, 30 Apr 2011 21:05:03 +0000 (23:05 +0200)] 
PPC: Make MPC8544DS obey -cpu switch

The MPC8544DS board emulation code ignored the user defined -cpu switch.
This patch enables it to only provide a sane default, not force an e500v2
CPU inside.

Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoFix off-by-one error in sizing pSeries hcall table
David Gibson [Tue, 10 May 2011 06:06:21 +0000 (16:06 +1000)] 
Fix off-by-one error in sizing pSeries hcall table

The pSeries machine uses two tables to look up guest hcalls for emulation.
One of these is exactly one entry too small to hold all the hcalls it needs
to, leading to memory corruption.

This patch fixes the bug, and while we're at it, make both tables 'static'
since they're never used from other modules.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoppc64: Fix out-of-tree builds
Andreas Färber [Sun, 8 May 2011 11:25:56 +0000 (13:25 +0200)] 
ppc64: Fix out-of-tree builds

On ppc64 host, recursion into pc-bios/spapr-rtas/ fails for
out-of-tree builds. Add missing dir and symlink.

Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agokvm: ppc: warn user on PAGE_SIZE mismatch
Alexander Graf [Sat, 16 Apr 2011 08:15:11 +0000 (10:15 +0200)] 
kvm: ppc: warn user on PAGE_SIZE mismatch

On PPC, the default PAGE_SIZE is 64kb. Unfortunately, the hardware
alignments don't match here: There are RAM and MMIO regions within
a single page when it's 64kb in size.

So the only way out for now is to tell the user that he should use 4k
PAGE_SIZE.

This patch gives the user a hint on that, telling him that failing to
register a prefix slot is most likely to be caused by mismatching PAGE_SIZE.

This way it's also more future-proof, as bigger PAGE_SIZE can easily be
supported by other machines then, as long as they stick to 64kb granularities.

Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agokvm: ppc: detect old headers
Alexander Graf [Sat, 16 Apr 2011 00:00:36 +0000 (02:00 +0200)] 
kvm: ppc: detect old headers

When compiling Qemu with older kernel headers, the PVR setting
mechanism isn't available yet. Unfortunately, back then I didn't add
a capability we could check against, so all we can do is add a configure
test to see if we support PVR setting. For BookE, we don't care yet.

This fixes compilation errors with KVM enabled on older kernel headers
(like 2.6.32).

Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agomonitor: add PPC BookE SPRs
Scott Wood [Fri, 29 Apr 2011 22:10:23 +0000 (17:10 -0500)] 
monitor: add PPC BookE SPRs

Read them via KVM_GET_SREGS in kvm_arch_get_registers(),
and display them in "info registers".

Also get CR and PID from the existing KVM_GET_REGS.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agokvm: ppc: fixes for KVM_SET_SREGS on init
Scott Wood [Mon, 11 Apr 2011 23:34:34 +0000 (18:34 -0500)] 
kvm: ppc: fixes for KVM_SET_SREGS on init

Classic/server ppc has had SREGS for a while now (though I think not
always?), but it's still missing for booke.  Check the capability before
calling KVM_SET_SREGS.

Without this, booke kvm fails to boot as of commit
84b4915dd2c0eaa86c970ffc42a68ea8ba9e48b5 (kvm: Handle kvm_init_vcpu
errors).

Also, don't write random stack state into the non-PVR sregs fields --
have kvm fill it in first.

Eventually booke will have sregs and it will have its own capability to
be tested here.  However, we will want a way for platform code to request
to look like the actual CPU we're running on, especially if SoC devices
are being directly assigned.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoppc64: Don't try to build sPAPR RTAS on Darwin
Andreas Färber [Sun, 1 May 2011 16:23:56 +0000 (18:23 +0200)] 
ppc64: Don't try to build sPAPR RTAS on Darwin

The Darwin assembler fails to build it.

Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoPlace pseries vty devices at addresses more similar to existing machines
David Gibson [Tue, 19 Apr 2011 01:54:52 +0000 (11:54 +1000)] 
Place pseries vty devices at addresses more similar to existing machines

Currently the qemu pseries machine numbers its virtual serial devices
from 0.  However, existing pSeries machines running pHyp number them from
0x30000000.

In theory these indices are arbitrary, since everything necessary for the
kernel to find them is advertised in the device tree.  However the debian
installer, at least, incorrectly looks for a device named vty@30... to
determine whether to use the hypervisor console.

Therefore this patch moves the numbers we use to match the existing pHyp
practice, in order to workaround broken userspace apps of this type.

Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agoMake pSeries 'model' property more closely resemble real hardware
David Gibson [Tue, 19 Apr 2011 01:54:51 +0000 (11:54 +1000)] 
Make pSeries 'model' property more closely resemble real hardware

Currently, the qemu emulated pseries machine puts
"qemu,emulated-pSeries-LPAR" in the device tree's root level 'model'
property.  Unfortunately this confuses some installers and ybin, which
expect this to start with "IBM" on pSeries machines.  This patch addresses
this problem, making the property more closely resemble the pattern of
existing real hardware.

Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agopseries: Increase maximum CPUs to 256
Anton Blanchard [Tue, 19 Apr 2011 01:54:50 +0000 (11:54 +1000)] 
pseries: Increase maximum CPUs to 256

The original pSeries machine was limited to 32 CPUs, more or less
arbitrarily.  Particularly when we get SMT KVM guests it will be
pretty easy to exceed this.  Therefore, raise the max number of CPUs
in a pseries machine guest to 256.

Signed-off-by: Anton Blanchard <anton@au1.ibm.com>
Signed-off-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
10 years agousb-linux: Add missing break statement
Stefan Weil [Sat, 7 May 2011 20:10:53 +0000 (22:10 +0200)] 
usb-linux: Add missing break statement

cppcheck report:
usb-linux.c:661: warning: Redundant assignment of "len" in switch

Cc: Hans de Goede <hdegoede@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 years agousb-musb: uninline functions
Gerd Hoffmann [Mon, 9 May 2011 07:44:03 +0000 (09:44 +0200)] 
usb-musb: uninline functions

Prototype without "inline" keyword breaks the build with some gcc
versions.  Noticed by Alexander Graf.

Fix this by removing the inline keywork everywhere.  Some functions
can't be inlined anyway as the are referenced using function pointers.
Beside that gcc does a pretty good job on auto-inlining these days.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 years agoirq: Privatize CPU_INTERRUPT_NMI.
Richard Henderson [Wed, 4 May 2011 20:34:31 +0000 (13:34 -0700)] 
irq: Privatize CPU_INTERRUPT_NMI.

This interrupt name is used by i386, CRIS, and MicroBlaze.
Copy the name into each target.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
10 years agotarget-i386: Privatize some i386-specific interrupt names.
Richard Henderson [Wed, 4 May 2011 20:34:30 +0000 (13:34 -0700)] 
target-i386: Privatize some i386-specific interrupt names.

SMI, VIRQ, INIT, SIPI, and MCE are all only used by the i386 port.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
10 years agotarget-arm: Privatize CPU_INTERRUPT_FIQ.
Richard Henderson [Wed, 4 May 2011 20:34:29 +0000 (13:34 -0700)] 
target-arm: Privatize CPU_INTERRUPT_FIQ.

This interrupt name was only used by the ARM port.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
10 years agoirq: Remove CPU_INTERRUPT_TIMER.
Richard Henderson [Wed, 4 May 2011 20:34:28 +0000 (13:34 -0700)] 
irq: Remove CPU_INTERRUPT_TIMER.

It is no longer used anywhere.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
10 years agotarget-sparc: Do not check CPU_INTERRUPT_TIMER.
Richard Henderson [Wed, 4 May 2011 20:34:27 +0000 (13:34 -0700)] 
target-sparc: Do not check CPU_INTERRUPT_TIMER.

This bit is never set, therefore we should not read it either.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
10 years agotarget-mips: Do not check CPU_INTERRUPT_TIMER.
Richard Henderson [Wed, 4 May 2011 20:34:26 +0000 (13:34 -0700)] 
target-mips: Do not check CPU_INTERRUPT_TIMER.

This bit is never set, therefore we should not read it either.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
10 years agoirq: Introduce and use CPU_INTERRUPT_SSTEP_MASK.
Richard Henderson [Wed, 4 May 2011 20:34:25 +0000 (13:34 -0700)] 
irq: Introduce and use CPU_INTERRUPT_SSTEP_MASK.

This mask contains all of the bits that should be ignored while single
stepping in the debugger.  The mask contains 2 bits that are not currently
cleared, but are also never set.  The bits are included in the mask for
consistency in handling of the CPU_INTERRUPT_TGT_EXT_N bits.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
10 years agoirq: Introduce CPU_INTERRUPT_TGT_* defines.
Richard Henderson [Wed, 4 May 2011 20:34:24 +0000 (13:34 -0700)] 
irq: Introduce CPU_INTERRUPT_TGT_* defines.

These defines will be place-holders for cpu-specific functionality.
Generic code will, at the end of the patch series, no longer have to
concern itself about how SMI, NMI, etc should be handled.  Instead,
generic code will know only that the interrupt is internal or external.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
10 years agoMerge remote-tracking branch 'mst/for_anthony' into staging
Anthony Liguori [Thu, 5 May 2011 18:05:32 +0000 (13:05 -0500)] 
Merge remote-tracking branch 'mst/for_anthony' into staging

10 years agoMerge remote-tracking branch 'kraxel/usb.7.pull' into staging
Anthony Liguori [Thu, 5 May 2011 18:04:57 +0000 (13:04 -0500)] 
Merge remote-tracking branch 'kraxel/usb.7.pull' into staging

10 years agoMerge remote branch 'origin/master' into pci
Michael S. Tsirkin [Thu, 5 May 2011 13:39:47 +0000 (16:39 +0300)] 
Merge remote branch 'origin/master' into pci

Conflicts:
exec.c

10 years agoCPUPhysMemoryClient: Pass guest physical address not region offset
Alex Williamson [Tue, 3 May 2011 18:36:46 +0000 (12:36 -0600)] 
CPUPhysMemoryClient: Pass guest physical address not region offset

When we're trying to get a newly registered phys memory client updated
with the current page mappings, we end up passing the region offset
(a ram_addr_t) as the start address rather than the actual guest
physical memory address (target_phys_addr_t).  If your guest has less
than 3.5G of memory, these are coincidentally the same thing.  If
there's more, the region offset for the memory above 4G starts over
at 0, so the set_memory client will overwrite it's lower memory entries.

Instead, keep track of the guest phsyical address as we're walking the
tables and pass that to the set_memory client.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
10 years agoCPUPhysMemoryClient: Fix typo in phys memory client registration
Alex Williamson [Tue, 3 May 2011 18:36:32 +0000 (12:36 -0600)] 
CPUPhysMemoryClient: Fix typo in phys memory client registration

When we register a physical memory client, we try to walk the page
tables, calling the set_memory hook for every entry.  Effectively
playing catchup for the client for everything already registered.
With this type, we only walk the 2nd entry of the l1 table,
typically missing all of the registered memory.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
10 years agopci: Add class 0x403 as 'audio controller'
Jan Kiszka [Mon, 2 May 2011 18:01:37 +0000 (20:01 +0200)] 
pci: Add class 0x403 as 'audio controller'

Used by HD audio controllers like our intel-hda.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
10 years agoMSI: Robust resource release
Jan Kiszka [Mon, 2 May 2011 18:00:47 +0000 (20:00 +0200)] 
MSI: Robust resource release

msi_init may fail, so we need to check on uninit if the cap was
actually installed. This also avoids that the users need to check.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
10 years agoeepro100: Support 32 bit read/write access to flash register
Stefan Weil [Sat, 30 Apr 2011 20:40:13 +0000 (22:40 +0200)] 
eepro100: Support 32 bit read/write access to flash register

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
10 years agoeepro100: Support byte read access to general control register
Stefan Weil [Sat, 30 Apr 2011 20:40:12 +0000 (22:40 +0200)] 
eepro100: Support byte read access to general control register

The general control register is a byte register.
Add support for byte reads.

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
10 years agoeepro100: Support byte/word read/write access to MDI control register
Stefan Weil [Sat, 30 Apr 2011 20:40:11 +0000 (22:40 +0200)] 
eepro100: Support byte/word read/write access to MDI control register

MDI control is a 32 bit register, but may be read or written using
8 or 16 bit access. Data is latched when the MSB is written.

Add support for byte/word read/write access.

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
10 years agoeepro100: Support byte/word writes to pointer register
Stefan Weil [Sat, 30 Apr 2011 20:40:10 +0000 (22:40 +0200)] 
eepro100: Support byte/word writes to pointer register

pointer is a 32 bit register, but may be written using 8 or 16 bit writes.
Add support for byte/word writes.

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
10 years agoeepro100: Support byte/word writes to port address
Stefan Weil [Sat, 30 Apr 2011 20:40:09 +0000 (22:40 +0200)] 
eepro100: Support byte/word writes to port address

port is a 32 bit register, but may be written using 8 or 16 bit writes.
Add support for byte/word writes.

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
10 years agoeepro100: Fix endianness issues
Stefan Weil [Sat, 30 Apr 2011 20:40:08 +0000 (22:40 +0200)] 
eepro100: Fix endianness issues

Like other Intel devices, e100 (eepro100) uses little endian byte order.

This patch was tested with these combinations:

i386 host, i386 + mipsel guests (le-le)
mipsel host, i386 guest (le-le)
i386 host, mips + ppc guests (le-be)
mips host, i386 guest (be-le)

mips and mipsel hosts were emulated machines.

v2:
Use prefix for new functions. Add the same prefix to stl_le_phys.
Fix alignment of mem (needed for word/dword reads/writes).

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
10 years agoeepro100: Pad received short frames
Stefan Weil [Sat, 30 Apr 2011 20:40:07 +0000 (22:40 +0200)] 
eepro100: Pad received short frames

QEMU sends frames smaller than 60 bytes to ethernet nics.
Such frames are rejected by real NICs and their emulations.
To avoid this behaviour, other NIC emulations pad received
frames. This patch enables this workaround for eepro100, too.

All related code is marked with CONFIG_PAD_RECEIVED_FRAMES,
so we can drop this in case QEMU's networking code is
ever changed.

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
10 years agoeepro100: Remove unused structure element
Stefan Weil [Sat, 30 Apr 2011 20:40:06 +0000 (22:40 +0200)] 
eepro100: Remove unused structure element

cppcheck reports that 'packet' is unused.

It was only used to calculate the size of the preceding data.
Removing it saves a lot of stack space (local variable rx).

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
10 years agoeepro100: Remove type casts which are no longer needed
Stefan Weil [Sat, 30 Apr 2011 20:40:05 +0000 (22:40 +0200)] 
eepro100: Remove type casts which are no longer needed

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
10 years agoeepro100: Avoid duplicate debug messages
Stefan Weil [Sat, 30 Apr 2011 20:40:04 +0000 (22:40 +0200)] 
eepro100: Avoid duplicate debug messages

When DEBUG_EEPRO100 was enabled, unsupported writes were logged twice.
Now logging in eepro100_write1 and eepro100_write2 is similar to the
logging in eepro100_write4 (which already was correct).

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
10 years agousb: mass storage fix
Gerd Hoffmann [Wed, 4 May 2011 14:49:56 +0000 (16:49 +0200)] 
usb: mass storage fix

Initialize scsi_len with zero when starting a new request, so any
stuff leftover from the previous request is cleared out.  This may
happen in case the data returned by the scsi command doesn't fit
into the buffer provided by the guest.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 years agousb: move complete callback to port ops
Gerd Hoffmann [Thu, 16 Dec 2010 16:03:44 +0000 (17:03 +0100)] 
usb: move complete callback to port ops

10 years agomusb: get musb state via container_of()
Gerd Hoffmann [Thu, 16 Dec 2010 12:23:13 +0000 (13:23 +0100)] 
musb: get musb state via container_of()

10 years agoohci: get ohci state via container_of()
Gerd Hoffmann [Wed, 15 Dec 2010 10:47:19 +0000 (11:47 +0100)] 
ohci: get ohci state via container_of()

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 years agouhci: keep uhci state pointer in async packet struct.
Gerd Hoffmann [Wed, 15 Dec 2010 09:26:15 +0000 (10:26 +0100)] 
uhci: keep uhci state pointer in async packet struct.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 years agouhci: switch to QTAILQ
Gerd Hoffmann [Tue, 14 Dec 2010 17:19:47 +0000 (18:19 +0100)] 
uhci: switch to QTAILQ

10 years agousb: control buffer fixes
Hans de Goede [Wed, 2 Feb 2011 16:46:00 +0000 (17:46 +0100)] 
usb: control buffer fixes

Windows allows control transfers to pass up to 4k of data, so raise our
control buffer size to 4k. For control out transfers the usb core code copies
the control request data to a buffer before calling the device's handle_control
callback. Add a check for overflowing the buffer before copying the data.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
10 years agousb-linux: Add support for buffering iso out usb packets
Hans de Goede [Fri, 26 Nov 2010 18:11:03 +0000 (19:11 +0100)] 
usb-linux: Add support for buffering iso out usb packets

Extend the iso buffering code to also buffer iso out packets, this
fixes for example using usb speakers with usb redirection.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
10 years agousb-linux: We only need to keep track of 15 endpoints
Hans de Goede [Fri, 26 Nov 2010 14:02:16 +0000 (15:02 +0100)] 
usb-linux: We only need to keep track of 15 endpoints

Currently we reserve room for endpoint data for 16 endpoints, but given
that we only use endpoint data for endpoints 1-15, and always index the
array with the endpoint-number - 1, 15 is enough.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
10 years agousb-linux: Refuse iso packets when max packet size is 0 (alt setting 0)
Hans de Goede [Fri, 26 Nov 2010 13:59:35 +0000 (14:59 +0100)] 
usb-linux: Refuse iso packets when max packet size is 0 (alt setting 0)

Refuse iso usb packets when then max packet size for the endpoint is 0,
this avoids an abort in usb_host_alloc_iso() caused by trying to qemu_malloc
a 0 bytes large buffer.

10 years agousb-linux: Refuse packets for endpoints which are not in the usb descriptor
Hans de Goede [Fri, 26 Nov 2010 13:56:17 +0000 (14:56 +0100)] 
usb-linux: Refuse packets for endpoints which are not in the usb descriptor

If an endpoint is not in the usb descriptor we've no idea what kind of
endpoint it is and thus how to handle it, refuse packages in this case.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
10 years agousb-linux: Add support for buffering iso usb packets
Hans de Goede [Fri, 26 Nov 2010 10:41:08 +0000 (11:41 +0100)] 
usb-linux: Add support for buffering iso usb packets

Currently we are submitting iso packets to the host one at a time, as we
receive them from the emulated host controller. This has 2 problems:
1) If we were fast enough to submit every packet in time for the next host host
controller usb frame, we would be generating 1000 hardware interrupts per
second on the host
2) We are not fast enough to submit every packet in time for the next host host
controller usb frame, causing us to not submit iso urbs in some usb frames
which causes devices with an endpoint with an interval of 1 ms (so every
frame) to loose data. This causes for example ubs-1.1 webcams to not work
properly (usb-2.0 is not supported at all atm).

This patch fixes both problems by changing the iso packet pass through handling
to buffer packets. This version only does so for iso input packets (webcams,
audio in) I'm working on a second patch extending this to iso output packets
(audio out).

This patch makes use of the linux batching of iso packets in one urb.
When an iso in packet gets received from the emulated host controller,
it immediately submits 3 urbs with 32 iso in packets each. This causes
the host to only get an hw interrupt every 32 packets dropping the
interrupt rate to 32 interrupts per second and gives it a queue of urbs
to work from once the first 32 iso in packets have been received to make sure
no packets are dropped.

Besides submitting a whole bunch or urbs as soon as the first urb is
received, effectively creating a buffer inside the kernel, this patch also
gets rid of the asynchroneous completion for iso in urbs. Instead they are
only marked as complete in the fd write callback (which usbfs uses to signal
complete urbs). These complete packets then get consumed by returning them
synchroneously to the emulated host controller when it submits an iso in
packet for the ep in question. When no complete packets are ready (which
happens when the stream is starting) a 0 length packet gets returned to
the emulated host controller.

With this patch I've several usb-1.1 webcams working well with usb pass
through, where as without this patch none of them work.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
10 years agousb-linux: Get the alt. setting from sysfs rather then asking the dev
Hans de Goede [Wed, 24 Nov 2010 11:57:59 +0000 (12:57 +0100)] 
usb-linux: Get the alt. setting from sysfs rather then asking the dev

At least one device I have lies when receiving a USB_REQ_GET_INTERFACE,
always returning 0 even if the alternate setting is different. This is
likely caused because in practice this control message is never used as
the operating system's usb stack knows which alternate setting it has
told the device to get into, and thus this ctrl message does not get
tested by device manufacturers.

When usb_fs_type == USB_FS_SYS, the active alt. setting can be read directly
from sysfs, which allows using this device through qemu's usb redirection.
More in general it seems a good idea to not send needless control msg's to
devices, esp. as the code in question is called every time a set_interface
is done. Which happens multiple times during virtual machine startup, and
when device drivers are activating the usb device.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
10 years agousb-linux: introduce a usb_linux_alt_setting function
Hans de Goede [Wed, 24 Nov 2010 11:50:00 +0000 (12:50 +0100)] 
usb-linux: introduce a usb_linux_alt_setting function

The next patch in this series introduces multiple ways to get the
alt setting dependent upon usb_fs_type, it is cleaner to put this
into its own function.

Note that this patch also changes the assumed alt setting in case
of an error getting the alt setting to be 0 (a sane default) rather
then the interface numberwhich makes no sense.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
10 years agospice: drop obsolete iothread locking
Gerd Hoffmann [Wed, 27 Apr 2011 14:06:10 +0000 (16:06 +0200)] 
spice: drop obsolete iothread locking

We don't use qemu internals from spice server context any more.
Thus we don't also need to grab the iothread mutex from spice
server context.  And we don't have to temporarely release the
lock to avoid deadlocks.  Drop all the calls.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 years agospice: don't call displaystate callbacks from spice server context.
Gerd Hoffmann [Wed, 27 Apr 2011 13:50:32 +0000 (15:50 +0200)] 
spice: don't call displaystate callbacks from spice server context.

This patch moves the displaystate callback calls for setting the cursor
and the mouse pointer from spice server to qemu (iothread) context.
This allows us to simplify locking.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 years agospice: don't create updates in spice server context.
Gerd Hoffmann [Wed, 27 Apr 2011 13:21:51 +0000 (15:21 +0200)] 
spice: don't create updates in spice server context.

This patch moves the creation of spice screen updates from the spice
server context to qemu iothread context (display refresh timer to be
exact).  This way we avoid accessing qemu internals (display surface)
from spice thread context which in turn allows us to simplify locking.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 years agoMake spice dummy functions inline to fix calls not checking return values
Jes Sorensen [Tue, 1 Feb 2011 14:53:23 +0000 (15:53 +0100)] 
Make spice dummy functions inline to fix calls not checking return values

qemu_spice_set_passwd() and qemu_spice_set_pw_expire() dummy functions
needs to be inline, in order to handle the case where they are called
without checking the return value.

Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
10 years agoNBD: Avoid leaking a couple of strings when the NBD device is closed
Nick Thomas [Thu, 28 Apr 2011 15:20:01 +0000 (16:20 +0100)] 
NBD: Avoid leaking a couple of strings when the NBD device is closed

Signed-off-by: Nick Thomas <nick@bytemark.co.uk>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoqemu-progress.c: printf isn't signal safe
Jes Sorensen [Thu, 28 Apr 2011 11:58:30 +0000 (13:58 +0200)] 
qemu-progress.c: printf isn't signal safe

Change the signal handling to indicate a signal is pending, rather
then printing directly from the signal handler.

In addition make the signal prints go to stderr, rather than stdout.

Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoide/atapi: fix set but unused
Alon Levy [Thu, 28 Apr 2011 13:34:39 +0000 (16:34 +0300)] 
ide/atapi: fix set but unused

Signed-off-by: Alon Levy <alevy@redhat.com>
Acked-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoatapi: Explain why we need a 'media not present' state
Amit Shah [Thu, 28 Apr 2011 14:34:41 +0000 (20:04 +0530)] 
atapi: Explain why we need a 'media not present' state

After the re-org of the atapi code, it might not be intuitive for a
reader of the code to understand why we're inserting a 'media not
present' state between cd changes.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoatapi: Move comment to proper place
Amit Shah [Thu, 28 Apr 2011 14:34:40 +0000 (20:04 +0530)] 
atapi: Move comment to proper place

Move misplaced comment for media_is_dvd()

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agoqemu-img resize: Fix option parsing
Kevin Wolf [Fri, 29 Apr 2011 08:58:12 +0000 (10:58 +0200)] 
qemu-img resize: Fix option parsing

For shrinking images, you're supposed to use a negative size. However, the
leading minus makes getopt think that it's an option and so you get the help
text if you don't use -- like in 'qemu-img resize test.img -- -1G'.

This patch handles the size first and removes it from the argument list so that
getopt won't even try to interpret it and you don't need -- any more.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
10 years agolm32: add Milkymist Minimac2 support
Michael Walle [Tue, 12 Apr 2011 22:29:36 +0000 (00:29 +0200)] 
lm32: add Milkymist Minimac2 support

This patch adds support for Milkymist's minimal Ethernet MAC v2. It
superseds minimac1.

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
10 years agomilkymist-sysctl: fix timers
Michael Walle [Tue, 12 Apr 2011 22:29:35 +0000 (00:29 +0200)] 
milkymist-sysctl: fix timers

Prevent timers from firing right after starting.

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
10 years agomilkymist-vgafb: fix console resizing
Michael Walle [Tue, 12 Apr 2011 22:29:34 +0000 (00:29 +0200)] 
milkymist-vgafb: fix console resizing

After enabling the framebuffer, ensure that the console is resized.

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
10 years agolm32: fix exception handling
Michael Walle [Tue, 12 Apr 2011 22:29:33 +0000 (00:29 +0200)] 
lm32: fix exception handling

Global interrupt enable bit is already saved within the exception handler
helper routine. Thus remove extra code in translation routines.

Additionally, debug exceptions has always DEBA as base address.

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
10 years agokvm: use qemu_free consistently
Paolo Bonzini [Mon, 2 May 2011 07:54:04 +0000 (09:54 +0200)] 
kvm: use qemu_free consistently

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
10 years agofix crash in migration, 32-bit userspace on 64-bit host
Michael Tokarev [Tue, 26 Apr 2011 16:13:49 +0000 (20:13 +0400)] 
fix crash in migration, 32-bit userspace on 64-bit host

This change fixes a long-standing immediate crash (memory corruption
and abort in glibc malloc code) in migration on 32bits.

The bug is present since this commit:

  commit 692d9aca97b865b0f7903565274a52606910f129
  Author: Bruce Rogers <brogers@novell.com>
  Date:   Wed Sep 23 16:13:18 2009 -0600

    qemu-kvm: allocate correct size for dirty bitmap

    The dirty bitmap copied out to userspace is stored in a long array,
    and gets copied out to userspace accordingly.  This patch accounts
    for that correctly.  Currently I'm seeing kvm crashing due to writing
    beyond the end of the alloc'd dirty bitmap memory, because the buffer
    has the wrong size.

Signed-off-by: Bruce Rogers
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
 --- a/qemu-kvm.c
 +++ b/qemu-kvm.c
 @@ int kvm_get_dirty_pages_range(kvm_context_t kvm, unsigned long phys_addr,
 -            buf = qemu_malloc((slots[i].len / 4096 + 7) / 8 + 2);
 +            buf = qemu_malloc(BITMAP_SIZE(slots[i].len));
             r = kvm_get_map(kvm, KVM_GET_DIRTY_LOG, i, buf);

BITMAP_SIZE is now open-coded in that function, like this:

 size = ALIGN(((mem->memory_size) >> TARGET_PAGE_BITS), HOST_LONG_BITS) / 8;

The problem is that HOST_LONG_BITS in 32bit userspace is 32
but it's 64 in 64bit kernel.  So userspace aligns this to
32, and kernel to 64, but since no length is passed from
userspace to kernel on ioctl, kernel uses its size calculation
and copies 4 extra bytes to userspace, corrupting memory.

Here's how it looks like during migrate execution:

our=20, kern=24
our=4, kern=8
...
our=4, kern=8
our=4064, kern=4064
our=512, kern=512
our=4, kern=8
our=20, kern=24
our=4, kern=8
...
our=4, kern=8
our=4064, kern=4064
*** glibc detected *** ./x86_64-softmmu/qemu-system-x86_64: realloc(): invalid next size: 0x08f20528 ***

(our is userspace size above, kern is the size as calculated
by the kernel).

Fix this by always aligning to 64 in a hope that no platform will
have sizeof(long)>8 any time soon, and add a comment describing it
all.  It's a small price to pay for bad kernel design.

Alternatively it's possible to fix that in the kernel by using
different size calculation depending on the current process.
But this becomes quite ugly.

Special thanks goes to Stefan Hajnoczi for spotting the fundamental
cause of the issue, and to Alexander Graf for his support in #qemu.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
CC: Bruce Rogers <brogers@novell.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
10 years agokvm: Install specialized interrupt handler
Jan Kiszka [Tue, 12 Apr 2011 23:32:56 +0000 (01:32 +0200)] 
kvm: Install specialized interrupt handler

KVM only requires to set the raised IRQ in CPUState and to kick the
receiving vcpu if it is remote. Installing a specialized handler allows
potential future changes to the TCG code path without risking KVM side
effects.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
10 years agoRedirect cpu_interrupt to callback handler
Jan Kiszka [Tue, 12 Apr 2011 23:32:56 +0000 (01:32 +0200)] 
Redirect cpu_interrupt to callback handler

This allows to override the interrupt handling of QEMU in system mode.
KVM will make use of it to set a specialized handler.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
10 years agoBreak up user and system cpu_interrupt implementations
Jan Kiszka [Tue, 12 Apr 2011 23:32:56 +0000 (01:32 +0200)] 
Break up user and system cpu_interrupt implementations

Both have only two lines in common, and we will convert the system
service into a callback which is of no use for user mode operation.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
CC: Riku Voipio <riku.voipio@iki.fi>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
10 years agokvm: create kvmclock when one of the flags are present
Glauber Costa [Thu, 17 Mar 2011 22:42:07 +0000 (19:42 -0300)] 
kvm: create kvmclock when one of the flags are present

kvmclock presence can be signalled by two different flags. So for
device creation, we have to test for both.

Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
10 years agokvm: add kvmclock to its second bit
Glauber Costa [Thu, 17 Mar 2011 22:42:06 +0000 (19:42 -0300)] 
kvm: add kvmclock to its second bit

We have two bits that can represent kvmclock in cpuid.
They signal the guest which msr set to use. When we tweak flags
involving this value - specially when we use "-", we have to act on both.

Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
10 years agox86: Allow multiple cpu feature matches of lookup_feature
Jan Kiszka [Tue, 19 Apr 2011 11:06:06 +0000 (13:06 +0200)] 
x86: Allow multiple cpu feature matches of lookup_feature

kvmclock is represented by two feature bits. Therefore, lookup_feature
needs to continue its search even after the first match. Enhance it
accordingly and switch to a bool return type at this chance.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
10 years agokvm: use kernel-provided para_features instead of statically coming up with new capab...
Glauber Costa [Thu, 17 Mar 2011 22:42:05 +0000 (19:42 -0300)] 
kvm: use kernel-provided para_features instead of statically coming up with new capabilities

Use the features provided by KVM_GET_SUPPORTED_CPUID directly to
mask out features from guest-visible cpuid.

The old get_para_features() mechanism is kept for older kernels that do not implement it.

Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
10 years agoDon't zero out buffer in sched_getaffinity
Mike McCormack [Mon, 18 Apr 2011 05:43:36 +0000 (14:43 +0900)] 
Don't zero out buffer in sched_getaffinity

The kernel doesn't fill the buffer provided to sched_getaffinity
with zero bytes, so neither should QEMU.

Signed-off-by: Mike McCormack <mj.mccormack@samsung.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
10 years agoFix buffer overrun in sched_getaffinity
Mike McCormack [Tue, 12 Apr 2011 02:41:00 +0000 (11:41 +0900)] 
Fix buffer overrun in sched_getaffinity

Zeroing of the cpu array should start from &cpus[kernel_ret]
not &cpus[num_zeros_to_fill].

This fixes a crash in EFL's edje_cc running under qemu-arm.

Signed-off-by: Mike McCormack <mj.mccormack@samsung.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Acked-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
10 years agolinux-user: Fix compilation for "old" linux versions
Stefan Weil [Wed, 27 Apr 2011 08:44:38 +0000 (10:44 +0200)] 
linux-user: Fix compilation for "old" linux versions

Debian Lenny and other installations with older linux versions
failed to compile linux-user because some CLONE_xxx macros are
undefined.

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
10 years agoMerge branch 'patches' of git://qemu.weilnetz.de/git/qemu
Blue Swirl [Fri, 29 Apr 2011 20:01:51 +0000 (20:01 +0000)] 
Merge branch 'patches' of git://qemu.weilnetz.de/git/qemu

* 'patches' of git://qemu.weilnetz.de/git/qemu:
  qemu-timer: Fix timers for w32
  qemu-timer: Avoid type casts
  qemu-timer: Remove unneeded include statement (w32)
  qemu-timer: Add and use new function qemu_timer_expired_ns

10 years agovirtfs: fix build due from rename
Anthony Liguori [Thu, 28 Apr 2011 17:40:54 +0000 (12:40 -0500)] 
virtfs: fix build due from rename

The latest virtfs pull broke the cris-softmmu target.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
10 years agoMerge remote-tracking branch 'amitshah/for-anthony' into staging
Anthony Liguori [Thu, 28 Apr 2011 13:37:54 +0000 (08:37 -0500)] 
Merge remote-tracking branch 'amitshah/for-anthony' into staging

10 years agoMerge remote-tracking branch 'jvrao/for-anthony' into staging
Anthony Liguori [Thu, 28 Apr 2011 13:25:45 +0000 (08:25 -0500)] 
Merge remote-tracking branch 'jvrao/for-anthony' into staging

10 years agovirtio-serial: Fix endianness bug in the config space
Alexey Kardashevskiy [Tue, 19 Apr 2011 02:03:46 +0000 (12:03 +1000)] 
virtio-serial: Fix endianness bug in the config space

The virtio serial specification requres that the values in the config
space are encoded in native endian of the guest.

The qemu virtio-serial code did not do conversion to the guest endian
format what caused problems when host and guest use different format.

This patch corrects the qemu side, correctly doing host-native <->
guest-native conversions when accessing the config space. This won't
break any setups that aren't already broken, and fixes the case
of different host and guest endianness.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
10 years agochar: Detect chardev release by NULL handlers as well as NULL opaque
Amit Shah [Mon, 25 Apr 2011 09:48:22 +0000 (15:18 +0530)] 
char: Detect chardev release by NULL handlers as well as NULL opaque

Juan says he prefers these extra checks to ensure a user of a chardev is
releasing it.

Requested-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
10 years agochar: Allow devices to use a single multiplexed chardev.
Kusanagi Kouichi [Tue, 26 Apr 2011 10:19:26 +0000 (19:19 +0900)] 
char: Allow devices to use a single multiplexed chardev.

This fixes regression caused by commit
2d6c1ef40f3678ab47a4d14fb5dadaa486bfcda6
("char: Prevent multiple devices opening same chardev"):

-nodefaults -nographic -chardev stdio,id=stdio,mux=on,signal=off \
 -mon stdio -device virtio-serial-pci \
 -device virtconsole,chardev=stdio -device isa-serial,chardev=stdio

fails with:

qemu-system-x86_64: -device isa-serial,chardev=stdio: Property 'isa-serial.chardev' can't take value 'stdio', it's in use

Signed-off-by: Kusanagi Kouichi <slash@ac.auone-net.jp>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
10 years agospice-chardev: listen to frontend guest open / close
Hans de Goede [Thu, 24 Mar 2011 10:12:04 +0000 (11:12 +0100)] 
spice-chardev: listen to frontend guest open / close

Note the vmc_register_interface() in spice_chr_write is left in place
in case someone uses spice-chardev with a frontend which does not have
guest open / close notification.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
10 years agovirtio-console: notify backend of guest open / close
Hans de Goede [Thu, 24 Mar 2011 10:12:03 +0000 (11:12 +0100)] 
virtio-console: notify backend of guest open / close

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
10 years agochardev: Allow frontends to notify backends of guest open / close
Hans de Goede [Thu, 24 Mar 2011 10:12:02 +0000 (11:12 +0100)] 
chardev: Allow frontends to notify backends of guest open / close

Some frontends know when the guest has opened the "channel" and is actively
listening to it, for example virtio-serial. This patch adds 2 new qemu-chardev
functions which can be used by frontends to signal guest open / close, and
allows interested backends to listen to this.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
10 years agotarget-arm: Don't update base register on abort in Thumb T1 LDM
Peter Maydell [Tue, 26 Apr 2011 17:17:20 +0000 (18:17 +0100)] 
target-arm: Don't update base register on abort in Thumb T1 LDM

Make sure the base register isn't updated if it is in the load list
for a Thumb LDM (T1 encoding) which aborts partway through the load.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
10 years agotarget-arm: fix LDMIA bug on page boundary
YuYeon Oh [Mon, 25 Apr 2011 01:23:58 +0000 (01:23 +0000)] 
target-arm: fix LDMIA bug on page boundary
target-arm: fix LDMIA bug on page boundary

When consecutive memory locations are on page boundary, a base register may be
loaded before page fault occurs. After page fault handling, it losts the memory
location information. To solve this problem, loading a base register has to put back.

Signed-off-by: Yuyeon Oh <yuyeon.oh@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
10 years agoioapic: Do not set irr for masked edge IRQs
Jan Kiszka [Sat, 9 Apr 2011 11:18:59 +0000 (13:18 +0200)] 
ioapic: Do not set irr for masked edge IRQs

So far we set IRR for edge IRQs even if the pin is masked. If the guest
later on unmasks and switches the pin to level-triggered mode, irr will
remain set, causing an IRQ storm. The point is that setting IRR is not
correct in this case according to the spec, and avoiding this resolves
the issue.

Reported-and-tested-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
10 years agovl.c: Replace -virtfs string manipulation with QemuOpts
Stefan Hajnoczi [Wed, 16 Mar 2011 08:31:43 +0000 (08:31 +0000)] 
vl.c: Replace -virtfs string manipulation with QemuOpts

The -virtfs option creates an fsdev representing the pass-through file
system and a guest-visible virtio-9p-pci device that can access this
file system.  This patch replaces the string manipulation used to build
and reparse option lists with direct QemuOpts calls.  Removing the
string manipulation code makes it easier to maintain and less error
prone.

An error message is also updated to use "mount_tag" instead of
"mnt_tag".

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
10 years agov9fs_walk: As per 9p2000 RFC, MAXWELEM >= nwnames >= 0.
Harsh Prateek Bora [Thu, 14 Apr 2011 09:24:40 +0000 (14:54 +0530)] 
v9fs_walk: As per 9p2000 RFC, MAXWELEM >= nwnames >= 0.

The nwnames field in TWALK message is assumed to be >=0 and <= MAXWELEM
which is defined as macro P9_MAXWELEM (16) in virtio-9p.h as per 9p2000
RFC. Appropriate changes are required in V9fsWalkState and v9fs_walk.

Signed-off-by: Harsh Prateek Bora <harsh@linux.vnet.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
10 years agohw/virtio-9p-local.c: Remove unnecessary null char in symlink file
Harsh Prateek Bora [Wed, 2 Feb 2011 04:50:33 +0000 (10:20 +0530)] 
hw/virtio-9p-local.c: Remove unnecessary null char in symlink file

This patch removes the addition of null char in symlink file
which is being appended to file in case of mapped security model.
Without this patch, the extra null char causes LTP testcase lstat03
to fail and hence this fix is required.

Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>