Ian Jackson [Fri, 23 May 2008 17:20:55 +0000 (18:20 +0100)]
Merge changes from xen-unstable 17647 with relevant upstream changes.
Now we consider ourselves up to date with
(a) upstream as recorded by git
(b) xen-unstable 17647:f12724194ec6
This was achieved by copying these files
console.c
console.h
hw/cirrus_vga.c
hw/cirrus_vga_rop.h
hw/cirrus_vga_rop2.h
hw/vga.c
hw/vga_int.h
verbatim from the crazy branch vga-reverse-merge, current head
commit cc011fdf74a616fec9ab6841026c5e7121c0dce3.
We have effectively overwritten these files from qemu with those
from xen-unstable and then cherry-picked changes from qemu mainline.
Ian Jackson [Wed, 14 May 2008 15:55:37 +0000 (16:55 +0100)]
Do not kill ioemu if undefined LSI-SCI registers are read.
Imported changeset from xen-unstable:
changeset: 14902:a7bd11fd5b1b6f4a82135db09dfe654e8966fabe
user: kfraser@localhost.localdomain
date: Tue Apr 24 12:12:48 2007 +0100
files: tools/ioemu/hw/lsi53c895a.c
description:
qemu: Do not kill ioemu if undefined LSI-SCI registers are read. Just
return zeroes. This path is triggered by ASPI8DOS.SYS in DRDOS. Signed-off-by: Keir Fraser <keir@xensource.com>
However, this behaviour change was inexplicably made conditional on
CONFIG_DM. I have removed the conditionality.
Merge was relatively straightforward. Specific comments follow:
hw/serial.c
Have kept the Xen rate limiting rather than
the qemu version. The Xen version does an overall
rate limit but doesn't adjust according to the
baud rate. The qemu version is just a maximum
burst (so no overall capacity limit) but does
depend on the baud rate.
vl.c
Several dummy functions helpfully moved into
target-* directories; I put them in a new
i386-dm/machine.c for now.
edgar_igl [Tue, 13 May 2008 10:59:14 +0000 (10:59 +0000)]
CRIS: Improve TLB management and handle delayslots at page boundaries.
* Dont flush the entire qemu tlb when the $pid changes. Instead we go through
the guests TLB and choose entries that need to be flushed.
* Add env->dslot and handle delayslots at pageboundaries.
* Remove some unused code.
Ian Jackson [Fri, 9 May 2008 16:18:55 +0000 (17:18 +0100)]
usb-uhci: correctly deal with interrupt in asynchronous completion
This is the result of merging the remaining changes from:
changeset: 12775:60bbcf799384d779c2a561b9d9ba30f28e31d970
user: kfraser@localhost.localdomain
date: Thu Dec 07 11:52:26 2006 +0000
files: tools/ioemu/hw/usb-hid.c tools/ioemu/hw/usb-uhci.c
description:
[HVM] qemu mouse: Adds support for USB mouse/tablet status check and
restricts Universal Host Controller interrupt generating when received
NAK in interrupt transfer.
According to usb spec, USB mouse/tablet device returns NAK to host
controller if its status does not alter in interrupt transfer.
And UHC should leave a TD active when receiving NAK and execute this
incompleted TD in a subseqent frame. UHC only generates an interrupt
on complete after the TD with ICO bit is completed.
This patch make UHC & USB mouse/tablet behave consistently with spec.
Signed-off-by: Xinmei Huang <xinmei.huang@intel.com>
The tablet NAK support was already done in qemu, but there was still
what Xinmei Huang tell us is a spurious interrupt in the case of
submission for asynchronous completion.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Jackson [Fri, 9 May 2008 16:07:37 +0000 (17:07 +0100)]
Clear TD status field explicitly when it's fetched.
changeset: 13574:b064775fba7d838c99bcf11ca4fec6127e0e8792
user: kfraser@localhost.localdomain
date: Wed Jan 24 10:44:32 2007 +0000
files: tools/ioemu/hw/usb-uhci.c
description:
[QEMU] Clear TD status field explicitly when it's fetched.
In current Qemu-dm, UHC will set some status bits of TD in status
updating stage, but never process the status bit if relevant condition
does not occur, leaving it as it is. When a TD is fetched with some
status bits are set to 1, it will return to Guest OS with these bits
set to 1 even this TD is executed successfully. Some Windows OS,
e.g. Windows 2000, will check status bits of TD in UHC interrupt
routine, treat it as a unsuccessful one if some status bits are set to
1 and discard the data. Other Windows OS just check USBSTS of UHC,
ignoring status field of TD unless the value of USBSTS indicates
occurrence of error.
With this patch, USB mouse/tablet in Windows 2000 works correctly.
qemu doesn't enqueue mouse events, just records the latest mouse
state. This can cause some lost mouse double clicks if the events are
not processed fast enought. This patch implements a simple queue for
left mouse click events.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
As it stands the 8139C+ TX chaining is only bounded by realloc failure.
This is contrary to how the real hardware operates. It also has DoS
potential when ioemu runs in dom0.
This patch makes any attempt to chain a frame beyond 64K fail
immediately.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Ian Jackson [Tue, 6 May 2008 14:41:22 +0000 (15:41 +0100)]
merge from in qemu upstream: "BSD portability fixes"
From xen-unstable:
changeset: 15970:04cc0e22a20a0bdf6ceefb016185175ee094ed30
user: Keir Fraser <keir@xensource.com>
date: Thu Sep 27 16:36:23 2007 +0100
files: tools/ioemu/audio/audio.c tools/ioemu/audio/mixeng.c tools/ioemu/audio/ossaudio.c tools/ioemu/block-raw.c tools/ioemu/block-vvfat.c tools/ioemu/bswap.h tools/ioemu/cutils.c tools/ioemu/monitor.c tools/ioemu/osdep.h tools/ioemu/target-i386-dm/exec-dm.c tools/ioemu/usb-linux.c tools/ioemu/vl.c tools/ioemu/vl.h tools/ioemu/vnc.c
description:
ioemu: Fixes for BSD. Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
Mostly merged. Dropped the ctype.h casts since we have those already,
and also a few things that looked wrong.
Ian Jackson [Fri, 28 Mar 2008 16:10:30 +0000 (16:10 +0000)]
Use ioemu block drivers through blktap; import other Xen-specific files.
Add support for a tap:ioemu pseudo driver. Devices using this driver
won't use tapdisk (containing the code duplication) any more, but will
connect to the qemu-dm of the domain. In this way no working
configuration should be broken right now as you can still choose to
use the tapdisk drivers.
Signed-off-by: Kevin Wolf <kwolf@suse.de>
Also, import and update various Xen-specific files from xen-unstable
tip 17307:b667e220e556.
Ian Jackson [Fri, 28 Mar 2008 14:47:12 +0000 (14:47 +0000)]
Fix L1 table endianess of qcow images created by tapdisk
The qemu/ioemu implementation of the qcow format uses a big endian L1
table. tapdisk omits the necessary conversion, so qcow images have the
wrong endianess and cannot be read by correct implementations of qcow.
This patch detects broken tapdisk images and converts their L1 tables
to big endian when the image file is opened in ioemu for the first
time. The fixed image has a new flag EXTHDR_L1_BIG_ENDIAN set in the
extended header.
Note that a converted image cannot be opened by tapdisk again.
Ian Jackson [Mon, 17 Mar 2008 15:48:42 +0000 (15:48 +0000)]
Remove most uses of phys_ram_base in hw/pc.c
In this patch, I remove all the direct uses of phys_ram_base
from hw/pc.c, except for those presently needed to construct the
arguments to the vga init functions.
This involved:
* Getting rid of various additions and subtractions of phys_ram_base
* Changing the types of the guest physical addresses in load_linux
from uint8_t* to target_phys_addr_t
* Replacing calls to memcpy and pstrcpy with
cpu_physical_memory_write (and a new pstrcpy_targphys function)
* Replacing most calls to fread with a new fread_targphys function
* Deprecating load_image in favour of a new load_image_targphys
* Removing (rather than fixing up) the unused function load_kernel
I noticed that load_image doesn't take a buffer size argument - it
just overwrites the destination buffer with file data, extending as
long as the file happens to be. In most cases this is probably not an
exploitable vulnerability, but it seems poor practice. Hence
load_image_targphys's extra argument.
Ian Jackson [Fri, 28 Mar 2008 16:54:09 +0000 (16:54 +0000)]
Perform emulated IDE flushes asynchronously.
We arrange for the WIN_FLUSH_CACHE and WIN_FLUSH_CACHE_EXT
commands to use a new bdrv_aio_flush facility.
If there is an error, the ATA-7 spec says that we are supposed to know
which is the first block whose flush failed and leave that in the
block offset registers. However since we are using f(data)sync that's
not possible for us. There is sadly no way for us to report the error
which won't encourage the guest to try to understand what went wrong
and then do the flush again expecting the remaining blocks to be
written (as specified by ATA-7).
So if the asynchronous flush fails, we kill the disk by detaching
->bs. This makes it vanish: we don't generate any more interrupts,
leave status set to busy, and ignore future commands (and discard any
in-flight IO). Alan Cox reports that this will probably induce the
best available behaviour in guests (retry for a while and then give
up). Fine-grained error reporting is available if the guest turns off
the write cache.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Modified-by: Ian Jackson <ian.jackson@eu.citrix.com> Signed-off-by: Kouya Shimura <kouya@jp.fujitsu.com>
Ian Jackson [Thu, 27 Mar 2008 17:58:45 +0000 (17:58 +0000)]
make write cacheing controllable by guest
This patch implements the ATA write cache feature. This enables a
guest to control, in the standard way, whether disk writes are
immediately committed to disk before the IDE command completes, or may
be buffered in the host.
In this patch, by default buffering is off, which provides better
reliability but may have a performance impact. It would be
straightforward to change the default, or perhaps offer a command-line
option, if that would be preferred.
This patch is derived from one which was originally submitted to the
Xen tree by Rik van Riel <riel@redhat.com> and includes code to save
the write_cache setting from Samuel Thibault.
From: Rik van Riel <riel@redhat.com> Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com> Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Jackson [Wed, 13 Feb 2008 16:24:30 +0000 (16:24 +0000)]
check return value from read() and write() properly
The system calls read and write may return less than the whole amount
requested for a number of reasons. So the idioms
if (read(fd, &object, sizeof(object)) != sizeof(object)) goto fail;
and even worse
if (read(fd, &object, sizeof(object)) < 0) goto fail;
are wrong. Additionally, read and write may sometimes return EINTR on
some systems so interruption is not desired or expected a loop is
needed.
Ian Jackson [Wed, 13 Feb 2008 16:20:09 +0000 (16:20 +0000)]
Remove clone-and-hack qemu_malloc et al.
qemu-img.c has copies of qemu_malloc et al, which are already provided
in osdep.c. The attached patch removes these from qemu-img.c and
adds osdep.o to BLOCK_OBJS.
Ian Jackson [Wed, 13 Feb 2008 16:18:49 +0000 (16:18 +0000)]
Make it possible to disable AF_UNIX (unix-domain) sockets
The patch below makes it possible to disable AF_UNIX (unix-domain)
sockets in host environments which do not define _WIN32, by adding
-DNO_UNIX_SOCKETS to the compiler flags. This is useful in the
effectively-embedded qemu host which are going to be using for device
emulation in Xen.
Ian Jackson [Wed, 13 Feb 2008 16:17:54 +0000 (16:17 +0000)]
qemu's audio subdirectory contains a copy of BSD's sys-queue.h, which
defines a bunch of LIST_ macros. This makes it difficult to build a
program made partly out of qemu and partly out of the Linux kernel,
since Linux has a different set of LIST_ macros. It might also cause
trouble when mixing with BSD-derived code.
Under the circumstances it's probably best to rename the versions in
qemu. The attached patch does this.
edgar_igl [Sun, 11 May 2008 14:28:14 +0000 (14:28 +0000)]
CRIS: Add support for the pseudo randomized set that the mmu provides with TLB refill faults. This makes linux guests use the four way TLB set associativty.
projects / qemu-xen-3.3-testing.git / log