Wei Yang [Thu, 8 Mar 2012 01:10:44 +0000 (12:10 +1100)]
usb-ohci: DMA writeback bug fixes
This patch fixes two bugs in the OHCI device where the device writes
back data to system memory that should be exclusively under the
control of the guest side driver.
In OHCI specification Section 5.2.7, it mentioned "In all cases, Host
Controller Driver is responsible for the insertion and removal of all
Endpoint Descriptors in the various Host Controller Endpoint
Descriptor lists". In the ohci_frame_boundary(), ohci_put_hcca()
writes the entire hcca back including the interrupt ED lists which
should be under driver control. This violates the specification and
can race with a host driver updating that list at the same time.
In the OHCI Spec Section 4.6, Transfer Descriptor Queue Processing, it
mentioned "Since the TD pointed to by TailP is not accessed by the HC,
the Host Controller Driver can initialize that TD and link at least
one other to it without creating a coherency or synchronization
problem". While the function ohci_put_ed() writes the entire endpoint
descriptor back including the TailP which should under driver
control. This violate the specification and can race with a host
driver updating the TD list at the same time.
In each case the solution is to make sure we don't write data which is
under driver control.
Cc: Gerd Hoffman <kraxel@redhat.com> Signed-off-by: Wei Yang <weiyang@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Gerd Hoffmann [Wed, 7 Mar 2012 14:06:32 +0000 (15:06 +0100)]
usb: zap hw/ush-{ohic,uhci}.h + init wrappers
Remove the uhci and ohci init wrappers, which all wrapped a
pci_create_simple() one-liner. Switch callsites to call
pci_create_simple directly. Remove the header files where
the wrappers where declared.
Gerd Hoffmann [Wed, 7 Mar 2012 13:55:18 +0000 (14:55 +0100)]
usb: the big rename
Reorganize usb source files. Create a new hw/usb/ directory and move
all usb source code to that place. Also make filenames a bit more
descriptive. Host adapters are prefixed with "hch-" now, usb device
emulations are prefixed with "dev-". Fixup paths Makefile and include
paths to make it compile. No code changes.
Anthony Liguori [Tue, 13 Mar 2012 01:51:42 +0000 (20:51 -0500)]
Merge remote-tracking branch 'kwolf/for-anthony' into staging
* kwolf/for-anthony:
test-coroutine: add performance test for nesting
coroutine: adding configure option for sigaltstack coroutine backend
coroutine: adding configure choose mechanism for coroutine backend
coroutine: adding sigaltstack method (.c source)
qcow2: Reduce number of I/O requests
qcow2: Add qcow2_alloc_clusters_at()
qcow2: Factor out count_cow_clusters
qmp: convert blockdev-snapshot-sync to a wrapper around transactions
add mode field to blockdev-snapshot-sync transaction item
rename blockdev-group-snapshot-sync
qapi: complete implementation of unions
use QSIMPLEQ_FOREACH_SAFE when freeing list elements
Add 'make check-block'
make check: Add qemu-iotests subset
qemu-iotests: Mark some tests as quick
qcow2: Add error messages in qcow2_truncate
block: handle -EBUSY in bdrv_commit_all()
qcow2: Add some tracing
qed: do not evict in-use L2 table cache entries
Group snapshot: Fix format name for backing file
Anthony Liguori [Tue, 13 Mar 2012 01:50:09 +0000 (20:50 -0500)]
Merge remote-tracking branch 'qemu-kvm/memory/core' into staging
* qemu-kvm/memory/core:
memory: get rid of cpu_register_io_memory()
memory: dispatch directly via MemoryRegion
exec: fix code tlb entry misused as iotlb in get_page_addr_code()
memory: store section indices in iotlb instead of io indices
memory: make phys_page_find() return an unadjusted section
Anthony Liguori [Tue, 13 Mar 2012 01:49:13 +0000 (20:49 -0500)]
Merge remote-tracking branch 'stefanha/tracing' into staging
* stefanha/tracing:
vga: add trace event for ppm_save
console: add some trace events
maintainers: Add docs/tracing.txt to Tracing
docs: correct ./configure line in tracing.txt
trace: make trace_thread_create() use its function arg
tracetool: Omit useless QEMU_*_ENABLED() check
trace: Provide a per-event status define for conditional compilation
Anthony Liguori [Tue, 13 Mar 2012 01:48:00 +0000 (20:48 -0500)]
Merge remote-tracking branch 'qmp/queue/qmp' into staging
* qmp/queue/qmp:
qapi-schema.json: fix comment for type ObjectPropretyInfo
qapi-schema: fix typos and explain 'spice' auth
qjson.h: include compiler.h for GCC_FMT_ATTR
Michael Roth [Tue, 7 Feb 2012 19:56:48 +0000 (13:56 -0600)]
qemu-ga: add guest-sync-delimited
guest-sync leaves it as an exercise to the user as to how to reliably
obtain the response to guest-sync if the client had previously read in a
partial response (due qemu-ga previously being restarted mid-"sentence"
due to reboot, forced restart, etc).
qemu-ga handles this situation on its end by having a client precede
their guest-sync request with a 0xFF byte (invalid UTF-8), which
qemu-ga/QEMU JSON parsers will treat as a flush event. Thus we can
reliably flush the qemu-ga parser state in preparation for receiving
the guest-sync request.
guest-sync-delimited provides the same functionality for a client: when
a guest-sync-delimited is issued, qemu-ga will precede it's response
with a 0xFF byte that the client can use as an indicator to flush its
buffer/parser state in preparation for reliably receiving the
guest-sync-delimited response.
It is also useful as an optimization for clients, since, after issuing a
guest-sync-delimited, clients can safely discard all stale data read
from the channel until the 0xFF is found.
Luiz Capitulino [Tue, 28 Feb 2012 14:03:03 +0000 (11:03 -0300)]
qemu-ga: add guest-suspend-disk
As the command name implies, this command suspends the guest to disk.
The suspend operation is implemented by two functions: bios_supports_mode()
and guest_suspend(). Both functions are generic enough to be used by
other suspend modes (introduced by next commits).
Both functions will try to use the scripts provided by the pm-utils
package if it's available. If it's not available, a manual method,
which consists of directly writing to '/sys/power/state', will be used.
To reap terminated children, a new signal handler is installed in the
parent to catch SIGCHLD signals and a non-blocking call to waitpid()
is done to collect their exit statuses. The statuses, however, are
discarded.
The approach used to query the guest for suspend support deserves some
explanation. It's implemented by bios_supports_mode() and shown below:
This might look complex, but the resulting code is quite simple.
The purpose of that approach is to allow qemu-ga to reap its children
(semi-)automatically from its SIGCHLD handler.
Implementing this the obvious way, that's, doing the exec() call from
the first child process, would force us to introduce a more complex way
to reap qemu-ga's children. Like registering PIDs to be reaped and
having a way to wait for them when returning their exit status to
qemu-ga is necessary. The approach explained above avoids that complexity.
Peter Maydell [Fri, 9 Mar 2012 14:33:20 +0000 (14:33 +0000)]
cpu-all.h: Don't accidentally sign extend in g2h()
Cast the argument of the g2h() macro to a target_ulong so that
it isn't accidentally sign-extended if it is a signed 32 bit
type and long is a 64 bit type. In particular, this fixes a
bug where it would return the wrong value for 32 bit guests
on 64 bit hosts when passed in one of the arg* values from
do_syscall() [which are all abi_long and thus signed types].
This could result in spurious failure of mlock(), among others.
Reviewed-by: Andreas F=E4rber <afaerber@suse.de> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Gerd Hoffmann [Thu, 8 Mar 2012 10:19:19 +0000 (11:19 +0100)]
implement vnc_dpy_setdata
The comment is wrong, we have to do something in the setdata callback.
Changing the framebuffer backing storage (happens when the guest pans
the display) renders the whole screen content invalid.
Trigger #1: cirrus vga + 32bit linux guest + vesafb with ypan enabled.
Trigger #2: std vga + http://patchwork.ozlabs.org/patch/145479/
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Eduardo Habkost [Tue, 6 Mar 2012 18:11:32 +0000 (15:11 -0300)]
add Opteron_G4 CPU model (v2)
This patch addes a Bulldozer-based Opteron_G4 CPU model.
This version has the ffxsr bit actually disabled, to match what was
documented below. Thanks to Andre Przywara for spotting the bug.
I am trying to be conservative with the new model, so I am enabling only
features known to be useful to guests, and not enabling anything that
was not tested or found to be useful to a guest.
List of missing flags in comparison to real hardware:
- vme: host-specific feature.
- osxsave: it is not set here because it is set by the guest OS, not by KVM
- monitor: this is filtered out by the KVM module, so no point in
enabling it.
- mmxext: untested, so not enabled.
- Perf*, Topology*, lwp, ibs: not emulated by KVM.
- wdt, skinit, osvw, altmovcr8, extapicspace, cmplegacy: untested,
so not enabled.
List of new flags, in comparison to the Opteron_G3 model:
- xsave: xsave feature, already implemented by Qemu
- avx, aes, sse4.x, ssse3, pclmulqdq: all new state the new instructions
could use is handled by the xsave state loading/saving code on Qemu.
- pdpe1gb: 1GB pages, supported by the KVM kernel module.
- ffxsr: untested, so not enabled
- fma4, xop: all new state the new instructions could use is handled by
the xsave loading/saving code on Qemu.
- 3dnowprefetch: safe to pass through, though the flag is not used by
Linux guests, at least.
Below is the comparison between the current Opteron_G3 model
and the new model being added.
- The "full" line contains the flags found on actual hardware.
- The "missing" line shows the flags that are present on actual
hardware, but not on the added Opteron_G4 model.
- The "new" line shows the flags that were not on the Opteron_G3 model
but are on Opteron_G4.
feature_edx:
Opteron_G3: sse2 sse fxsr mmx clflush pse36 pat cmov mca pge mtrr sep apic cx8 mce pae msr tsc pse de fpu
full: sse2 sse fxsr mmx clflush pse36 pat cmov mca pge mtrr sep apic cx8 mce pae msr tsc pse de vme fpu
Opteron_G4: sse2 sse fxsr mmx clflush pse36 pat cmov mca pge mtrr sep apic cx8 mce pae msr tsc pse de fpu
missing: vme
Eduardo Habkost [Tue, 6 Mar 2012 18:11:31 +0000 (15:11 -0300)]
add SandyBridge CPU model
This patches add the definition of a SandyBridge CPU model.
Summary of differences:
Flags present on actual hardware, but not on the added model definition:
- pbe, tm, ht, ss, acpi, vme, xTPR, tm2, eist, smx: host-specific
features, not exposed to guest.
- ds, ds-cpl, dtes64, pdcm: emulation not supported by KVM (although it
may be added in the future if implementing PMU virtualization)
- pcid, vmx, monitor: not emulated by Qemu/KVM right now.
- osxsave: set by the guest OS, not by Qemu.
Flags added, that were not present on Westmere model:
- xsave: already supported by Qemu
- avx, pclmulqdq: all new state the new instructions could use is
handled by xsave state loading/saving code.
- tsc-deadline, x2apic, rdtscp: already supported by Qemu/KVM.
Below there's a comparison of the features on the current Westmere CPU
model, and the SandyBridge CPU model.
- The "full" line contains the flags found on actual hardware.
- The "missing" line shows the flags that are present on actual
hardware, but not on the added SandyBridge model.
- The "new" line shows the flags that were not on the Westmere model,
but are on SandyBridge.
feature_edx:
Westmere: sse2 sse fxsr mmx clflush pse36 pat cmov mca pge mtrr sep apic cx8 mce pae msr tsc pse de fpu
full: pbe tm ht ss sse2 sse fxsr mmx ds acpi clflush pse36 pat cmov mca pge mtrr sep apic cx8 mce pge msr tsc pse de vme fpu
SandyBridge: sse2 sse fxsr mmx clflush pse36 pat cmov mca pge mtrr sep apic cx8 mce pae msr tsc pse de fpu
missing: pbe tm ht ss ds acpi vme
Paolo Bonzini [Tue, 28 Feb 2012 08:54:15 +0000 (09:54 +0100)]
qom: fix device hot-unplug
Property removal modifies the list, so it is not safe to continue
iteration. We know anyway that each object can have only one
parent (see object_property_add_child), so exit after finding
the requested object.
Reported-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Tue, 28 Feb 2012 08:54:14 +0000 (09:54 +0100)]
qdev: accept empty string properties
These were stored as NULL due to wrong cut-and-paste from set_pointer.
Reported-by: Gerhard Wiesinger <lists@wiesinger.com> Tested-by: Gerhard Wiesinger <lists@wiesinger.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Alex Barcelo [Thu, 16 Feb 2012 12:14:06 +0000 (13:14 +0100)]
test-coroutine: add performance test for nesting
The performance test will also check for nesting. It will do
a certain quantity of cycles, and each of one will do a depth
nesting process.
This is useful for benchmarking the creation of coroutines,
given that nesting is creation-intensive (and the other perf
test does not benchmark that).
Signed-off-by: Alex Barcelo <abarcelo@ac.upc.edu> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Fri, 2 Mar 2012 13:10:54 +0000 (14:10 +0100)]
qcow2: Reduce number of I/O requests
If the first part of a write request is allocated, but the second isn't
and it can be allocated so that the resulting area is contiguous, handle
it at once. This is a common case for sequential writes.
After this patch, alloc_cluster_offset() only checks if the clusters are
already allocated or how many new clusters can be allocated contigouosly.
The actual cluster allocation is split off into a new function
do_alloc_cluster_offset().
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Kevin Wolf [Fri, 2 Mar 2012 18:35:58 +0000 (19:35 +0100)]
qcow2: Add qcow2_alloc_clusters_at()
This function allows to allocate clusters at a given offset in the image
file. This is useful if you want to allocate the second part of an area
that must be contiguous.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Paolo Bonzini [Tue, 6 Mar 2012 17:55:59 +0000 (18:55 +0100)]
qmp: convert blockdev-snapshot-sync to a wrapper around transactions
Simplify the blockdev-snapshot-sync code and gain failsafe operation
by turning it into a wrapper around the new transaction command. A new
option is also added matching "mode".
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Paolo Bonzini [Tue, 6 Mar 2012 17:55:58 +0000 (18:55 +0100)]
add mode field to blockdev-snapshot-sync transaction item
The mode field lets a management application create the snapshot
destination outside QEMU.
Right now, the only modes are "existing" and "absolute-paths". Mirroring
introduces "no-backing-file". In the future "relative-paths" could be
implemented too.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Thu, 8 Mar 2012 11:26:52 +0000 (12:26 +0100)]
qemu-iotests: Mark some tests as quick
This creates a new test group 'quick' for some test case that take at
most a couple of seconds each, so that the group can be run during a
quick 'make check'
Kevin Wolf [Tue, 6 Mar 2012 11:44:45 +0000 (12:44 +0100)]
qcow2: Add error messages in qcow2_truncate
qemu-img resize has some limitations with qcow2, but the user is only
told that "this image format does not support resize". Quite confusing,
so add some more detailed error_report() calls and change "this image
format" into "this image".
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Stefan Hajnoczi [Mon, 5 Mar 2012 18:10:11 +0000 (18:10 +0000)]
block: handle -EBUSY in bdrv_commit_all()
Monitor operations that manipulate image files must not execute while a
background job (like image streaming) is in progress. This prevents
corruptions from happening when two pieces of code are manipulating the
image file without knowledge of each other.
The monitor "commit" command raises QERR_DEVICE_IN_USE when
bdrv_commit() returns -EBUSY but "commit all" has no error handling.
This is easy to fix, although note that we do not deliver a detailed
error about which device was busy in the "commit all" case.
Suggested-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Mon, 27 Feb 2012 13:16:01 +0000 (13:16 +0000)]
qed: do not evict in-use L2 table cache entries
The L2 table cache reduces QED metadata reads that would be required
when translating LBAs to offsets into the image file. Since requests
execute in parallel it is possible to share an L2 table between multiple
requests.
There is a potential data corruption issue when an in-use L2 table is
evicted from the cache because the following situation occurs:
1. An allocating write performs an update to L2 table "A".
2. Another request needs L2 table "B" and causes table "A" to be
evicted.
3. A new read request needs L2 table "A" but it is not cached.
As a result the L2 update from #1 can overlap with the L2 fetch from #3.
We must avoid doing overlapping I/O requests here since the worst case
outcome is that the L2 fetch completes before the L2 update and yields
stale data. In that case we would effectively discard the L2 update and
lose data clusters!
Thanks to Benoît Canet <benoit.canet@gmail.com> for extensive testing
and debugging which lead to discovery of this bug.
Reported-by: Benoît Canet <benoit.canet@gmail.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Tested-by: Benoît Canet <benoit.canet@gmail.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Andreas Färber [Sat, 10 Mar 2012 12:37:34 +0000 (13:37 +0100)]
maintainers: Add docs/tracing.txt to Tracing
The topic of whether and by whom docs/tracing.txt is maintained was
brought up. It currently does not have an official maintainer.
Add it to the tracing section so that Stefan gets cc'ed on patches.
Signed-off-by: Andreas Färber <afaerber@suse.de> Acked-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Cc: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Jun Koi [Thu, 8 Mar 2012 06:20:37 +0000 (14:20 +0800)]
trace: make trace_thread_create() use its function arg
This patch makes trace_thread_create() to use its function arg to
initialize thread. The other choice is to make this a function to use
void arg, but i prefer this way.
Signed-off-by: Jun Koi <junkoi2004@gmail.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Stefan Hajnoczi [Tue, 27 Sep 2011 08:00:22 +0000 (09:00 +0100)]
tracetool: Omit useless QEMU_*_ENABLED() check
SystemTap provides a "semaphore" that can optionally be tested before
executing a trace event. The purpose of this mechanism is to skip
expensive tracing code when the trace event is disabled.
For example, some applications may have trace events that format or
convert strings for trace events. This expensive processing should only
be done in the case where the trace event is enabled.
Since QEMU's generated trace events never have such special-purpose
code, there is no reason to add the semaphore check.
Reviewed-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
LluĂs Vilanova [Tue, 6 Dec 2011 16:38:15 +0000 (17:38 +0100)]
trace: Provide a per-event status define for conditional compilation
Adds a 'TRACE_${NAME}_ENABLED' preprocessor define for each tracing event in
"trace.h".
This lets the user conditionally compile code with a relatively high execution
cost that is only necessary when producing the tracing information for an event
that is enabled.
Note that events using this define will probably have the "disable" property by
default, in order to avoid such costs on regular builds.
Signed-off-by: LluĂs Vilanova <vilanova@ac.upc.edu> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Stefan Weil [Sat, 10 Mar 2012 18:59:04 +0000 (19:59 +0100)]
tcg: Improve tcg_out_label and fix its usage for w64
tcg_out_label is always called with a third argument of pointer type
which was casted to tcg_target_long.
These casts can be avoided by changing the prototype of tcg_out_label.
There was also a cast to long. For most hosts with
sizeof(long) == sizeof(tcg_target_long) == sizeof(void *) this did not
matter, but for w64 it was wrong. This is fixed now.
Cc: Blue Swirl <blauwirbel@gmail.com> Cc: Richard Henderson <rth@twiddle.net> Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Stefan Weil [Sat, 10 Mar 2012 10:14:31 +0000 (11:14 +0100)]
w64: Don't redefine lseek, ftruncate
MinGW-w64 already defines lseek and ftruncate (and uses the 64 bit
variants). The conditional compilation avoids redefinitions
(which would be wrong) and compiler warnings.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
LluĂs Vilanova [Tue, 6 Mar 2012 18:50:38 +0000 (19:50 +0100)]
build: Include config-host.mak as soon as possible
Current code depends on variables defined in config-host.mak before it is
actually included.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: LluĂs Vilanova <vilanova@ac.upc.edu> Cc: Anthony Liguori <aliguori@us.ibm.com> Cc: Paul Brook <paul@codesourcery.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Jan Kiszka [Tue, 6 Mar 2012 17:32:35 +0000 (18:32 +0100)]
gdbstub: Do not kill target in system emulation mode
Too many VM kittens were killed since 7d03f82f81. Another one just died
under my fat fingers.
When you quit a kgdb session, does the Linux kernel power off? Or when
you terminate gdb attached to a hardware debugger, does your board
vanish in space? No.
So let's stop terminating QEMU when the gdbstub receives a kill commando
in system emulation mode. Real termination can still be achieved via
"monitor quit". We keep the behavior for user mode emulation which is
arguably more like a gdbserver scenario.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Jan Kiszka [Tue, 6 Mar 2012 14:22:02 +0000 (15:22 +0100)]
target-i386: Mask NX bit from cpu_get_phys_page_debug result
This was a long pending bug, now revealed by the assert in
phys_page_find that stumbled over the large page index returned by
cpu_get_phys_page_debug for NX-marked pages: We need to mask out NX and
all user-definable bits 52..62 from PDEs and the final PTE to avoid
corrupting physical addresses.
Reviewed-by: Avi Kivity <avi@redhat.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Anthony Liguori [Fri, 9 Mar 2012 18:30:20 +0000 (12:30 -0600)]
Merge remote-tracking branch 'stefanha/trivial-patches' into staging
* stefanha/trivial-patches:
configure: Quote the configure args printed in config.log
osdep: Remove local definition of macro offsetof
libcacard: Spelling and grammar fixes in documentation
Spelling fixes in comments (it's -> its)
vnc: Add break statement
libcacard: Use format specifier %u instead of %d for unsigned values
Fix sign of sscanf format specifiers
block/vmdk: Fix warning from splint (comparision of unsigned value)
qmp: Fix spelling fourty -> forty
qom: Fix spelling in documentation
sh7750: Remove redundant 'struct' from MemoryRegionOps
Anthony Liguori [Fri, 9 Mar 2012 18:29:55 +0000 (12:29 -0600)]
Merge remote-tracking branch 'qemu-kvm/uq/master' into staging
* qemu-kvm/uq/master:
kvm: fill in padding to help valgrind
kvm: x86: Add user space part for in-kernel i8254
kvm: Add kvm_has_pit_state2 helper
i8254: Open-code timer restore
i8254: Factor out base class for KVM reuse
Anthony Liguori [Fri, 9 Mar 2012 18:29:40 +0000 (12:29 -0600)]
Merge remote-tracking branch 'kraxel/usb.42' into staging
* kraxel/usb.42:
xhci: fix port status
xhci: fix control xfers
usb: add shortcut for control transfers
usb-host: enable pipelineing for bulk endpoints.
usb: add pipelining option to usb endpoints
usb: queue can have async packets
uhci_fill_queue: zap debug printf
usb: add USB_RET_IOERROR
usb: return BABBLE rather then NAK when we receive too much data
usb-ehci: Cleanup itd error handling
usb-ehci: Fix and simplify nakcnt handling
usb-ehci: Remove dead nakcnt code
usb-ehci: Fix cerr tracking
usb-ehci: Any packet completion except for NAK should set the interrupt
usb-ehci: Rip the queues when the async or period schedule is halted
usb-ehci: Drop cached qhs when the doorbell gets rung
usb-ehci: always call ehci_queues_rip_unused for period queues
usb-ehci: split our qh queue into async and periodic queues
usb-ehci: Never follow table entries with the T-bit set
usb-redir: Set ep type and interface
Hans de Goede [Fri, 2 Mar 2012 15:49:44 +0000 (16:49 +0100)]
libcacard: Fix compilation with gcc-4.7
VCARD_ATR_PREFIX is used as part of an array initializer so it should
not have () around it, so far this happened to work, but gcc-4.7 does
not like it.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Avi Kivity [Thu, 8 Mar 2012 16:50:18 +0000 (18:50 +0200)]
exec: fix code tlb entry misused as iotlb in get_page_addr_code()
get_page_addr_code() reads a code tlb entry, but interprets it as an
iotlb entry. This works by accident since the low bits of a RAM code
tlb entry are clear, and match a RAM iotlb entry. This accident is
about to unhappen, so fix the code to use an iotlb entry (using the
code entry with TLB_MMIO may fail if the page is a watchpoint).
Peter Maydell [Wed, 7 Mar 2012 12:16:29 +0000 (12:16 +0000)]
configure: Quote the configure args printed in config.log
Use the same mechanism we use for printing the configure command
line to config-host.mak to print it to config.log. This fixes a
bug where the config.log version didn't quote arguments with spaces.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Stefan Weil [Mon, 5 Mar 2012 06:22:31 +0000 (07:22 +0100)]
osdep: Remove local definition of macro offsetof
The macro offsetof is defined in stddef.h. It is conforming to
the standards C89, C99 and POSIX.1-2001 (see man page), so it
is a sufficiently old standard.
Therefore chances are very high that QEMU never needs a local
definition of this macro.
osdep.h already includes stddef.h, so this patch simply removes
the unneeded code from the files configure and osdep.h.
If we ever need the local definition again, it should be added
to compiler.h (the macro is usually provided with the compiler,
it is not OS specific).
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Stefan Weil [Mon, 27 Feb 2012 21:57:24 +0000 (22:57 +0100)]
libcacard: Spelling and grammar fixes in documentation
* it's -> its
* it's -> it is (that's no fix, but makes future checks easier)
* this functions -> this function
* replacable -> replaceable
* reader's -> readers
* logins into -> logs into
v2:
Also replace 'aid' by 'AID' (thanks to Peter Maydell for this hint).
v3:
Fix sentence (contributed by Alon Levy / Robert Relyea).
Cc: Alon Levy <alevy@redhat.com> Cc: Robert Relyea <rrelyea@redhat.com> Cc: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Stefan Weil [Sun, 26 Feb 2012 17:46:12 +0000 (18:46 +0100)]
Spelling fixes in comments (it's -> its)
* it's -> its (fixed for all files)
* dont -> don't (only fixed in a line which was touched by the previous fix)
* distrub -> disturb (fixed in the same line)
Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Avi Kivity [Thu, 8 Mar 2012 14:16:34 +0000 (16:16 +0200)]
memory: make phys_page_find() return an unadjusted section
We'd like to store the section index in the iotlb, so we can't
adjust it before returning. Return an unadjusted section and
instead introduce section_addr(), which does the adjustment later.
Stefan Weil [Sat, 25 Feb 2012 12:47:10 +0000 (13:47 +0100)]
qmp: Fix spelling fourty -> forty
This was found by codespell.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Acked-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Gerd Hoffmann [Thu, 1 Mar 2012 14:14:12 +0000 (15:14 +0100)]
xhci: fix port status
Don't signal port status change if the usb device isn't in attached
state. Happens with usb-host devices with the pass-through device
being plugged out at the host.
Gerd Hoffmann [Thu, 1 Mar 2012 14:51:51 +0000 (15:51 +0100)]
xhci: fix control xfers
Use the new, direct control transfer submission method instead of
bypassing the usb core by calling usb_device_handle_control directly.
The later fails for async control transfers.
Gerd Hoffmann [Fri, 2 Mar 2012 12:22:29 +0000 (13:22 +0100)]
usb: add shortcut for control transfers
Add a more direct code path to submit control transfers. Instead of
feeding three usb packets (setup, data, ack) to usb_handle_packet and
have the do_token_* functions in usb.c poke the control transfer
parameters out of it just submit a single packet carrying the actual
data with the control xfer parameters filled into USBPacket->parameters.
Gerd Hoffmann [Thu, 1 Mar 2012 13:39:28 +0000 (14:39 +0100)]
usb: add pipelining option to usb endpoints
With this patch applied USB drivers can enable pipelining per endpoint.
With pipelining enabled the usb core will continue submitting packets
even when there are still async transfers in flight instead of passing
them on one by one.
Gerd Hoffmann [Tue, 28 Feb 2012 14:36:06 +0000 (15:36 +0100)]
usb: queue can have async packets
This can happen today in case the ->complete() callback queues up the
next packet. Also we'll support pipelining soon, which allows to have
multiple packets per queue in flight (aka ASYNC) state.
Hans de Goede [Fri, 2 Mar 2012 20:27:20 +0000 (21:27 +0100)]
usb: add USB_RET_IOERROR
We already have USB_RET_NAK, but that means that a device does not want
to send/receive right now. But with host / network redirection we can
actually have a transaction fail due to some io error, rather then ie
the device just not having any data atm.
This patch adds a new error code named USB_RET_IOERROR for this, and uses
it were appropriate.
Notes:
-Currently all usb-controllers handle this the same as NODEV, but that
may change in the future, OHCI could indicate a CRC error instead for example.
-This patch does not touch hw/usb-musb.c, that is because the code in there
handles STALL and NAK specially and has a if status < 0 generic catch all
for all other errors
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Fri, 2 Mar 2012 20:27:17 +0000 (21:27 +0100)]
usb-ehci: Fix and simplify nakcnt handling
The nakcnt code in ehci_execute_complete() marked transactions as finished
when a packet completed with a result of USB_RET_NAK, but USB_RET_NAK
means that the device cannot receive / send data at that time and that
the transaction should be retried later, which is also what the usb-uhci
and usb-ohci code does.
Note that there already was some special code in place to handle this
for interrupt endpoints in the form of doing a return from
ehci_execute_complete() when reload == 0, but that for bulk transactions
this was not handled correctly (where as for example the usb-ccid device does
return USB_RET_NAK for bulk packets).
Besides that the code in ehci_execute_complete() decrement nakcnt by 1
on a packet result of USB_RET_NAK, but
-since the transaction got marked as finished,
nakcnt would never be decremented again
-there is no code checking for nakcnt becoming 0
-there is no use in re-trying the transaction within the same usb frame /
usb-ehci frame-timer call, since the status of emulated devices won't change
as long as the usb-ehci frame-timer is running
So we should simply set the nakcnt to 0 when we get a USB_RET_NAK, thus
claiming that we've tried reload times (or as many times as possible if
reload is 0).
Besides the code in ehci_execute_complete() handling USB_RET_NAK there
was also code handling it in ehci_state_executing(), which calls
ehci_execute_complete(), and then does its own handling on top of the handling
in ehci_execute_complete(), this code would decrement nakcnt *again* (if not
already 0), or restore the reload value (which was never changed) on success.
Since the double decrement was wrong to begin with, and is no longer needed
now that we set nakcnt directly to 0 on USB_RET_NAK, and the restore of reload
is not needed either, this patch simply removes all nakcnt handling from
ehci_state_executing().
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Fri, 2 Mar 2012 20:27:16 +0000 (21:27 +0100)]
usb-ehci: Remove dead nakcnt code
This patch removes 2 bits of dead nakcnt code:
1) usb_ehci_execute calls ehci_qh_do_overlay which does:
nakcnt = reload;
and then has a block of code which is conditional on:
if (reload && !nakcnt) {
which ofcourse is never true now as nakcnt == reload.
2) ehci_state_fetchqh does:
nakcnt = reload;
but before nakcnt is ever used ehci_state_fetchqh is always followed
by a ehci_qh_do_overlay call which also does:
nakcnt = reload;
So doing this from ehci_state_fetchqh is redundant.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Fri, 2 Mar 2012 20:27:15 +0000 (21:27 +0100)]
usb-ehci: Fix cerr tracking
cerr should only be decremented on errors which cause XactErr to be set, and
when that happens the failing transaction should be retried until cerr reaches
0 and only then should USBSTS_ERRINT be set (and inactive cleared and
USBSTS_INT set if requested).
Since we don't have any hardware level errors (and in case of redirection
the real hardware has already retried), re-trying makes no sense, so
immediately set cerr to 0 on errors which set XactErr.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Fri, 2 Mar 2012 20:27:12 +0000 (21:27 +0100)]
usb-ehci: Drop cached qhs when the doorbell gets rung
The purpose of the IAAD bit / the doorbell is to make the ehci controller
forget about cached qhs, this is mainly used when cancelling transactions,
the qh is unlinked from the async schedule and then the doorbell gets rung,
once the doorbell is acked by the controller the hcd knows that the qh is
no longer in use and that it can do something else with the memory, such
as re-use it for a new qh! But we keep our struct representing this qh around
for circa 250 ms. This allows for a (mightily large) race window where the
following could happen:
-hcd submits a qh at address 0xdeadbeef
-our ehci code sees the qh, sends a request to a usb-device, gets a result
of USB_RET_ASYNC, sets the async_state of the qh to EHCI_ASYNC_INFLIGHT
-hcd unlinks the qh at address 0xdeadbeef
-hcd rings the doorbell, wait for us to ack it
-hcd re-uses the qh at address 0xdeadbeef
-our ehci code sees the qh, looks in the async_queue, sees there already is
a qh at address 0xdeadbeef there with async_state of EHCI_ASYNC_INFLIGHT,
does nothing
-the *original* (which the hcd thinks it has cancelled) transaction finishes
-our ehci code sees the qh on yet another pass through the async list,
looks in the async_queue, sees there already is a qh at address 0xdeadbeef
there with async_state of EHCI_ASYNC_COMPLETED, and finished the transaction
with the results of the *original* transaction.
Not good (tm), this patch fixes this race by removing all qhs which have not
been seen during the last cycle through the async list immidiately when the
doorbell is rung.
Note this patch does not fix any actually observed problem, but upon
reading of the EHCI spec it became apparent to me that the above race could
happen and the usb-ehci behavior from before this patch is not good.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
projects / qemu-xen.git / log