None of its callers checks for failure. scsi_hot_add() can crash
because of that:
(qemu) drive_add 4 if=scsi,format=host_device,file=/dev/sg1
scsi-generic: scsi generic interface too old
Segmentation fault (core dumped)
Fix all callers, not just scsi_hot_add().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
lsi_bad_phase has a bug in the choice of pmjad1/pmjad2. This does
not matter with Linux guests because it uses just one routine for
both, but it breaks Windows 64-bit guests. This is the text
from the spec:
"[The PMJCTL] bit controls which decision mechanism is used
when jumping on phase mismatch. When this bit is cleared the
LSI53C895A will use Phase Mismatch Jump Address 1 (PMJAD1) when
the WSR bit is cleared and Phase Mismatch Jump Address 2 (PMJAD2)
when the WSR bit is set. When this bit is set the LSI53C895A will
use jump address one (PMJAD1) on data out (data out, command,
message out) transfers and jump address two (PMJAD2) on data in
(data in, status, message in) transfers."
Which means:
CCNTL0.PMJCTL
0 SCNTL2.WSR = 0 PMJAD1
0 SCNTL2.WSR = 1 PMJAD2
1 out PMJAD1
1 in PMJAD2
In qemu, what you get instead is:
CCNTL0.PMJCTL
0 out PMJAD1
0 in PMJAD2 <<<<<
1 out PMJAD1
1 in PMJAD1 <<<<<
Considering that qemu always has SCNTL2.WSR cleared, the two marked cases
(corresponding to phase mismatch on input) are always jumping to the
wrong PMJAD register. The patch implements the correct semantics.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This fixes a mismerge of 64d564094c (wrong
patch version): We need to mask the tag value properly to obtain its
device ID.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
We must not store references to selected devices as they may be
hot-removed. Instead, look up the device based on its tag right before
using it. If the device disappeared, throw an interrupt and disconnect.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
According to the LSI spec, the reset value of dcmd, dstat, and ctest2
were wrong, and sdid as well as ssid require zero initialization. There
are surely more discrepancies, this is just another increment.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Declare the input message queue empty and initialize the related state
machine properly on controller reset. This fixes unrecoverable errors
when the controller was reset during ongoing requests.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The LSI controller was lacking a system reset handler. Simply invoke the
existing soft reset handler in this case. This also allows to drop its
explicit invocation during init.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Avoid keeping zombie requests across controller reset by purging the
queue and also dropping the currently active request.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
All callers of lsi_reselect have a lsi_request struct at hand anyway.
So just pass it directly instead of having lsi_reselect search for it
using the tag.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Right now lsi_request is allocated when a request is queued and released
when a request is unqueued. With this patch applied the lsi_request is
kept for the whole lifetime of the scsi request.
Rationale: We can use it for per-request data then. The patch does that
already for the request tag.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Replace the funky array logic for queued commands with standard
qemu list functions. Also rename lsi_queue to lsi_request.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
No functional changes. I verified that the generated binary
does not change.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Juan Quintela <quintela@redhat.com>
Acked-by: Glauber Costa <glommer@gmail.com>
This patch fixes the follow error when LSI_DEBUG is set.
CC libhw64/lsi53c895a.o
cc1: warnings being treated as errors
qemu/hw/lsi53c895a.c: In function 'lsi_io_mapfunc':
qemu/hw/lsi53c895a.c:1932: error: format '%08x' expects type 'unsigned int', but argument 2 has type 'pcibus_t'
qemu/hw/lsi53c895a.c: In function 'lsi_ram_mapfunc':
/qemu/hw/lsi53c895a.c:1947: error: format '%08x' expects type 'unsigned int', but argument 2 has type 'pcibus_t'
qemu/hw/lsi53c895a.c: In function 'lsi_mmio_mapfunc':
qemu/hw/lsi53c895a.c:1957: error: format '%08x' expects type 'unsigned int', but argument 2 has type 'pcibus_t'
make[1]: *** [lsi53c895a.o] Error 1
make: *** [subdir-libhw64] Error 2
Signed-off-by: Ryan Harper <ryanh@us.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The critical part of this change is how to deal with simultaneaous
generation of interrupts. The only (normal) case when this happens in
the emulation is near simultaneous reselection + selection. If selection
comes first, there is no problem, since the target attempting
reselection loses the arbitration (in the emulation it only means that
the reselect function will not be started). In the worst case the host
adapter is reselected, but the device driver already started a
selection, so we jump to the alternative address to handle the
situation.
The SCRIPTS code can trigger another interrupt to notify the driver that
the new task has to be postponed. I suppose that on real hardware there
is enough time after the reselection interrupt to set the SIP bit before
the next interrupt comes, so it would result in 2 stacked interrupts (a
SCSI and a DMA one). However, in the emulation there is no interrupt
stacking, so there is a good chance that the 2 interrupts will get to
the interrupt handler at the same time.
Nevertheless, it should not make a big difference in interrupt handling,
since in both cases both interrupts have to be fetched first, and after
that the new task (that failed during the selection phase) has to be
prepared/reset for a later restart, and the reconnected device has to be
serviced.
The changes do not modify the host adapter's behavior if this interrupt
is not enabled.
See also LSI53C895A technical manual, SCID and SIEN0.
Signed-off-by: Laszlo Ast <laszlo.ast@siemens-enterprise.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
See SCSI-2, 6.5 Message system description/message codes.
Signed-off-by: Laszlo Ast <laszlo.ast@siemens-enterprise.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
pci.h declares some functions which aren't
defined in pci.h. Clean up moving things
to appropriate headers, and update all users.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This patch is preliminary for 64 bit BAR support.
Introduce dedicated type, pcibus_t, to represent pci bus address/size
instead of uint32_t.
Later this type will be changed to uint64_t.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
make constants for pci base address match pci_regs.h by
renaming PCI_ADDRESS_SPACE_xxx to PCI_BASE_ADDRESS_SPACE_xxx.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Explicitly add the drive to the bus of the newly created scsi adapter
instead of hoping that scsi_bus_legacy_handle_cmdline() picks it up
correctly.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
In the very least, a change like this requires discussion on the list.
The naming convention is goofy and it causes a massive merge problem. Something
like this _must_ be presented on the list first so people can provide input
and cope with it.
This reverts commit 99a0949b72.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Sorry folks, but it has to be. One more of these invasive qdev patches.
We have a serious design bug in the qdev interface: device init
callbacks can't signal failure because the init() callback has no
return value. This patch fixes it.
We have already one case in-tree where this is needed:
Try -device virtio-blk-pci (without drive= specified) and watch qemu
segfault. This patch fixes it.
With usb+scsi being converted to qdev we'll get more devices where the
init callback can fail for various reasons.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch requires "Handle BH's queued by AIO completions in
qemu_aio_flush()" to work reliably. The combination of those two
patches survived 300+ migrations with heavy IO load running in the
guest.
Signed-off-by: Nolan Leake <nolan <at> sigbus.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Makes pci_qdev_register take a PCIDeviceInfo struct instead of a bunch
of parameters. Also adds config_read and config_write callbacks to
PCIDeviceInfo, so drivers needing these can be converted to the qdev
device API too.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This function is used to manage a PCI BAR, so make the more generic
pci_register_io_region() available to other uses.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The parameter is always zero except when registering the three internal
io regions (ROM, unassigned, notdirty). Remove the parameter to reduce
the API's power, thus facilitating future change.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>