Commit Graph

14616 Commits

Author SHA1 Message Date
Anthony Liguori
3964f535c3 Merge remote-tracking branch 'mst/for_anthony' into staging 2011-05-05 13:05:32 -05:00
Anthony Liguori
a69fb35079 Merge remote-tracking branch 'kraxel/usb.7.pull' into staging 2011-05-05 13:04:57 -05:00
Michael S. Tsirkin
5300f1a548 Merge remote branch 'origin/master' into pci
Conflicts:
	exec.c
2011-05-05 16:39:47 +03:00
Alex Williamson
8d4c78e7c8 CPUPhysMemoryClient: Pass guest physical address not region offset
When we're trying to get a newly registered phys memory client updated
with the current page mappings, we end up passing the region offset
(a ram_addr_t) as the start address rather than the actual guest
physical memory address (target_phys_addr_t).  If your guest has less
than 3.5G of memory, these are coincidentally the same thing.  If
there's more, the region offset for the memory above 4G starts over
at 0, so the set_memory client will overwrite it's lower memory entries.

Instead, keep track of the guest phsyical address as we're walking the
tables and pass that to the set_memory client.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-05-05 16:23:12 +03:00
Alex Williamson
c2f42bf003 CPUPhysMemoryClient: Fix typo in phys memory client registration
When we register a physical memory client, we try to walk the page
tables, calling the set_memory hook for every entry.  Effectively
playing catchup for the client for everything already registered.
With this type, we only walk the 2nd entry of the l1 table,
typically missing all of the registered memory.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-05-05 16:21:46 +03:00
Jan Kiszka
602ef4d917 pci: Add class 0x403 as 'audio controller'
Used by HD audio controllers like our intel-hda.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-05-05 16:11:20 +03:00
Jan Kiszka
45fe15c25a MSI: Robust resource release
msi_init may fail, so we need to check on uninit if the cap was
actually installed. This also avoids that the users need to check.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-05-05 16:10:08 +03:00
Stefan Weil
072476ea08 eepro100: Support 32 bit read/write access to flash register
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-05-05 16:05:43 +03:00
Stefan Weil
a39bd01713 eepro100: Support byte read access to general control register
The general control register is a byte register.
Add support for byte reads.

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-05-05 16:05:43 +03:00
Stefan Weil
0113f48df6 eepro100: Support byte/word read/write access to MDI control register
MDI control is a 32 bit register, but may be read or written using
8 or 16 bit access. Data is latched when the MSB is written.

Add support for byte/word read/write access.

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-05-05 16:05:43 +03:00
Stefan Weil
27a05006e0 eepro100: Support byte/word writes to pointer register
pointer is a 32 bit register, but may be written using 8 or 16 bit writes.
Add support for byte/word writes.

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-05-05 16:05:43 +03:00
Stefan Weil
3fd3d0b463 eepro100: Support byte/word writes to port address
port is a 32 bit register, but may be written using 8 or 16 bit writes.
Add support for byte/word writes.

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-05-05 16:05:42 +03:00
Stefan Weil
e5e23ab83b eepro100: Fix endianness issues
Like other Intel devices, e100 (eepro100) uses little endian byte order.

This patch was tested with these combinations:

i386 host, i386 + mipsel guests (le-le)
mipsel host, i386 guest (le-le)
i386 host, mips + ppc guests (le-be)
mips host, i386 guest (be-le)

mips and mipsel hosts were emulated machines.

v2:
Use prefix for new functions. Add the same prefix to stl_le_phys.
Fix alignment of mem (needed for word/dword reads/writes).

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-05-05 16:05:42 +03:00
Stefan Weil
792f1d6394 eepro100: Pad received short frames
QEMU sends frames smaller than 60 bytes to ethernet nics.
Such frames are rejected by real NICs and their emulations.
To avoid this behaviour, other NIC emulations pad received
frames. This patch enables this workaround for eepro100, too.

All related code is marked with CONFIG_PAD_RECEIVED_FRAMES,
so we can drop this in case QEMU's networking code is
ever changed.

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-05-05 16:04:45 +03:00
Stefan Weil
27112f18f9 eepro100: Remove unused structure element
cppcheck reports that 'packet' is unused.

It was only used to calculate the size of the preceding data.
Removing it saves a lot of stack space (local variable rx).

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-05-05 15:50:04 +03:00
Stefan Weil
77bee84e6a eepro100: Remove type casts which are no longer needed
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-05-05 15:50:01 +03:00
Stefan Weil
1b4f97d62e eepro100: Avoid duplicate debug messages
When DEBUG_EEPRO100 was enabled, unsupported writes were logged twice.
Now logging in eepro100_write1 and eepro100_write2 is similar to the
logging in eepro100_write4 (which already was correct).

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2011-05-05 15:49:58 +03:00
Gerd Hoffmann
ef0bdf77d7 usb: mass storage fix
Initialize scsi_len with zero when starting a new request, so any
stuff leftover from the previous request is cleared out.  This may
happen in case the data returned by the scsi command doesn't fit
into the buffer provided by the guest.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-04 16:55:15 +02:00
Gerd Hoffmann
13a9a0d3e2 usb: move complete callback to port ops 2011-05-04 14:11:08 +02:00
Gerd Hoffmann
5dc1672b27 musb: get musb state via container_of() 2011-05-04 14:11:08 +02:00
Gerd Hoffmann
9066df13a3 ohci: get ohci state via container_of()
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-04 14:11:08 +02:00
Gerd Hoffmann
7b5a44c546 uhci: keep uhci state pointer in async packet struct.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-04 14:11:08 +02:00
Gerd Hoffmann
ddf6583f88 uhci: switch to QTAILQ 2011-05-04 14:11:08 +02:00
Hans de Goede
19f3322379 usb: control buffer fixes
Windows allows control transfers to pass up to 4k of data, so raise our
control buffer size to 4k. For control out transfers the usb core code copies
the control request data to a buffer before calling the device's handle_control
callback. Add a check for overflowing the buffer before copying the data.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2011-05-04 12:25:52 +02:00
Hans de Goede
bb6d5498c6 usb-linux: Add support for buffering iso out usb packets
Extend the iso buffering code to also buffer iso out packets, this
fixes for example using usb speakers with usb redirection.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2011-05-04 12:25:24 +02:00
Hans de Goede
3a4854b372 usb-linux: We only need to keep track of 15 endpoints
Currently we reserve room for endpoint data for 16 endpoints, but given
that we only use endpoint data for endpoints 1-15, and always index the
array with the endpoint-number - 1, 15 is enough.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2011-05-04 12:25:24 +02:00
Hans de Goede
975f29984d usb-linux: Refuse iso packets when max packet size is 0 (alt setting 0)
Refuse iso usb packets when then max packet size for the endpoint is 0,
this avoids an abort in usb_host_alloc_iso() caused by trying to qemu_malloc
a 0 bytes large buffer.
2011-05-04 12:25:24 +02:00
Hans de Goede
a0b5fece8a usb-linux: Refuse packets for endpoints which are not in the usb descriptor
If an endpoint is not in the usb descriptor we've no idea what kind of
endpoint it is and thus how to handle it, refuse packages in this case.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2011-05-04 12:25:24 +02:00
Hans de Goede
060dc841d1 usb-linux: Add support for buffering iso usb packets
Currently we are submitting iso packets to the host one at a time, as we
receive them from the emulated host controller. This has 2 problems:
1) If we were fast enough to submit every packet in time for the next host host
controller usb frame, we would be generating 1000 hardware interrupts per
second on the host
2) We are not fast enough to submit every packet in time for the next host host
controller usb frame, causing us to not submit iso urbs in some usb frames
which causes devices with an endpoint with an interval of 1 ms (so every
frame) to loose data. This causes for example ubs-1.1 webcams to not work
properly (usb-2.0 is not supported at all atm).

This patch fixes both problems by changing the iso packet pass through handling
to buffer packets. This version only does so for iso input packets (webcams,
audio in) I'm working on a second patch extending this to iso output packets
(audio out).

This patch makes use of the linux batching of iso packets in one urb.
When an iso in packet gets received from the emulated host controller,
it immediately submits 3 urbs with 32 iso in packets each. This causes
the host to only get an hw interrupt every 32 packets dropping the
interrupt rate to 32 interrupts per second and gives it a queue of urbs
to work from once the first 32 iso in packets have been received to make sure
no packets are dropped.

Besides submitting a whole bunch or urbs as soon as the first urb is
received, effectively creating a buffer inside the kernel, this patch also
gets rid of the asynchroneous completion for iso in urbs. Instead they are
only marked as complete in the fd write callback (which usbfs uses to signal
complete urbs). These complete packets then get consumed by returning them
synchroneously to the emulated host controller when it submits an iso in
packet for the ep in question. When no complete packets are ready (which
happens when the stream is starting) a 0 length packet gets returned to
the emulated host controller.

With this patch I've several usb-1.1 webcams working well with usb pass
through, where as without this patch none of them work.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2011-05-04 12:25:24 +02:00
Hans de Goede
c43831fb47 usb-linux: Get the alt. setting from sysfs rather then asking the dev
At least one device I have lies when receiving a USB_REQ_GET_INTERFACE,
always returning 0 even if the alternate setting is different. This is
likely caused because in practice this control message is never used as
the operating system's usb stack knows which alternate setting it has
told the device to get into, and thus this ctrl message does not get
tested by device manufacturers.

When usb_fs_type == USB_FS_SYS, the active alt. setting can be read directly
from sysfs, which allows using this device through qemu's usb redirection.
More in general it seems a good idea to not send needless control msg's to
devices, esp. as the code in question is called every time a set_interface
is done. Which happens multiple times during virtual machine startup, and
when device drivers are activating the usb device.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2011-05-04 12:25:24 +02:00
Hans de Goede
ed3a328db9 usb-linux: introduce a usb_linux_alt_setting function
The next patch in this series introduces multiple ways to get the
alt setting dependent upon usb_fs_type, it is cleaner to put this
into its own function.

Note that this patch also changes the assumed alt setting in case
of an error getting the alt setting to be 0 (a sane default) rather
then the interface numberwhich makes no sense.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2011-05-04 12:25:24 +02:00
Gerd Hoffmann
196a778428 spice: drop obsolete iothread locking
We don't use qemu internals from spice server context any more.
Thus we don't also need to grab the iothread mutex from spice
server context.  And we don't have to temporarely release the
lock to avoid deadlocks.  Drop all the calls.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-03 15:35:48 +02:00
Gerd Hoffmann
0753609458 spice: don't call displaystate callbacks from spice server context.
This patch moves the displaystate callback calls for setting the cursor
and the mouse pointer from spice server to qemu (iothread) context.
This allows us to simplify locking.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-03 15:35:48 +02:00
Gerd Hoffmann
e0c64d08d1 spice: don't create updates in spice server context.
This patch moves the creation of spice screen updates from the spice
server context to qemu iothread context (display refresh timer to be
exact).  This way we avoid accessing qemu internals (display surface)
from spice thread context which in turn allows us to simplify locking.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-03 15:35:48 +02:00
Jes Sorensen
14da8345b2 Make spice dummy functions inline to fix calls not checking return values
qemu_spice_set_passwd() and qemu_spice_set_pw_expire() dummy functions
needs to be inline, in order to handle the case where they are called
without checking the return value.

Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-05-03 15:35:48 +02:00
Nick Thomas
d2d979c628 NBD: Avoid leaking a couple of strings when the NBD device is closed
Signed-off-by: Nick Thomas <nick@bytemark.co.uk>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-05-03 11:29:21 +02:00
Jes Sorensen
2ab3cb8c0a qemu-progress.c: printf isn't signal safe
Change the signal handling to indicate a signal is pending, rather
then printing directly from the signal handler.

In addition make the signal prints go to stderr, rather than stdout.

Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-05-03 11:29:21 +02:00
Alon Levy
ab71982716 ide/atapi: fix set but unused
Signed-off-by: Alon Levy <alevy@redhat.com>
Acked-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-05-03 11:29:21 +02:00
Amit Shah
4a737d14d0 atapi: Explain why we need a 'media not present' state
After the re-org of the atapi code, it might not be intuitive for a
reader of the code to understand why we're inserting a 'media not
present' state between cd changes.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-05-03 11:29:21 +02:00
Amit Shah
a7acf552e2 atapi: Move comment to proper place
Move misplaced comment for media_is_dvd()

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-05-03 11:29:21 +02:00
Kevin Wolf
e80fec7feb qemu-img resize: Fix option parsing
For shrinking images, you're supposed to use a negative size. However, the
leading minus makes getopt think that it's an option and so you get the help
text if you don't use -- like in 'qemu-img resize test.img -- -1G'.

This patch handles the size first and removes it from the argument list so that
getopt won't even try to interpret it and you don't need -- any more.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-05-03 11:29:21 +02:00
Michael Walle
57aa265d46 lm32: add Milkymist Minimac2 support
This patch adds support for Milkymist's minimal Ethernet MAC v2. It
superseds minimac1.

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-05-03 10:48:40 +02:00
Michael Walle
f3172a0e2e milkymist-sysctl: fix timers
Prevent timers from firing right after starting.

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-05-03 10:48:40 +02:00
Michael Walle
c07050ddb9 milkymist-vgafb: fix console resizing
After enabling the framebuffer, ensure that the console is resized.

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-05-03 10:48:40 +02:00
Michael Walle
ecbe1de823 lm32: fix exception handling
Global interrupt enable bit is already saved within the exception handler
helper routine. Thus remove extra code in translation routines.

Additionally, debug exceptions has always DEBA as base address.

Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-05-03 10:48:40 +02:00
Paolo Bonzini
4a043713b3 kvm: use qemu_free consistently
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2011-05-02 09:51:59 -03:00
Michael Tokarev
51b0c6065a fix crash in migration, 32-bit userspace on 64-bit host
This change fixes a long-standing immediate crash (memory corruption
and abort in glibc malloc code) in migration on 32bits.

The bug is present since this commit:

  commit 692d9aca97b865b0f7903565274a52606910f129
  Author: Bruce Rogers <brogers@novell.com>
  Date:   Wed Sep 23 16:13:18 2009 -0600

    qemu-kvm: allocate correct size for dirty bitmap

    The dirty bitmap copied out to userspace is stored in a long array,
    and gets copied out to userspace accordingly.  This patch accounts
    for that correctly.  Currently I'm seeing kvm crashing due to writing
    beyond the end of the alloc'd dirty bitmap memory, because the buffer
    has the wrong size.

    Signed-off-by: Bruce Rogers
    Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

 --- a/qemu-kvm.c
 +++ b/qemu-kvm.c
 @@ int kvm_get_dirty_pages_range(kvm_context_t kvm, unsigned long phys_addr,
 -            buf = qemu_malloc((slots[i].len / 4096 + 7) / 8 + 2);
 +            buf = qemu_malloc(BITMAP_SIZE(slots[i].len));
             r = kvm_get_map(kvm, KVM_GET_DIRTY_LOG, i, buf);

BITMAP_SIZE is now open-coded in that function, like this:

 size = ALIGN(((mem->memory_size) >> TARGET_PAGE_BITS), HOST_LONG_BITS) / 8;

The problem is that HOST_LONG_BITS in 32bit userspace is 32
but it's 64 in 64bit kernel.  So userspace aligns this to
32, and kernel to 64, but since no length is passed from
userspace to kernel on ioctl, kernel uses its size calculation
and copies 4 extra bytes to userspace, corrupting memory.

Here's how it looks like during migrate execution:

our=20, kern=24
our=4, kern=8
...
our=4, kern=8
our=4064, kern=4064
our=512, kern=512
our=4, kern=8
our=20, kern=24
our=4, kern=8
...
our=4, kern=8
our=4064, kern=4064
*** glibc detected *** ./x86_64-softmmu/qemu-system-x86_64: realloc(): invalid next size: 0x08f20528 ***

(our is userspace size above, kern is the size as calculated
by the kernel).

Fix this by always aligning to 64 in a hope that no platform will
have sizeof(long)>8 any time soon, and add a comment describing it
all.  It's a small price to pay for bad kernel design.

Alternatively it's possible to fix that in the kernel by using
different size calculation depending on the current process.
But this becomes quite ugly.

Special thanks goes to Stefan Hajnoczi for spotting the fundamental
cause of the issue, and to Alexander Graf for his support in #qemu.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
CC: Bruce Rogers <brogers@novell.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
2011-05-02 09:38:35 -03:00
Jan Kiszka
aa7f74d119 kvm: Install specialized interrupt handler
KVM only requires to set the raised IRQ in CPUState and to kick the
receiving vcpu if it is remote. Installing a specialized handler allows
potential future changes to the TCG code path without risking KVM side
effects.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2011-05-02 09:38:35 -03:00
Jan Kiszka
ec6959d046 Redirect cpu_interrupt to callback handler
This allows to override the interrupt handling of QEMU in system mode.
KVM will make use of it to set a specialized handler.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2011-05-02 09:38:35 -03:00
Jan Kiszka
97ffbd8d9d Break up user and system cpu_interrupt implementations
Both have only two lines in common, and we will convert the system
service into a callback which is of no use for user mode operation.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
CC: Riku Voipio <riku.voipio@iki.fi>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2011-05-02 09:38:35 -03:00