Ian Jackson [Fri, 23 May 2008 17:43:27 +0000 (18:43 +0100)]
Fix COW extendability for vulnerability fix.
(Thanks to report from Daniel Berrange.
Corresponds to my email to xen-devel of 2008-02-27
Subject: Re: [Xen-devel] [PATCH] ioemu block device extent checks.)
Ian Jackson [Fri, 23 May 2008 17:20:55 +0000 (18:20 +0100)]
Merge changes from xen-unstable 17647 with relevant upstream changes.
Now we consider ourselves up to date with
(a) upstream as recorded by git
(b) xen-unstable 17647:f12724194ec6
This was achieved by copying these files
console.c
console.h
hw/cirrus_vga.c
hw/cirrus_vga_rop.h
hw/cirrus_vga_rop2.h
hw/vga.c
hw/vga_int.h
verbatim from the crazy branch vga-reverse-merge, current head
commit cc011fdf74a616fec9ab6841026c5e7121c0dce3.
We have effectively overwritten these files from qemu with those
from xen-unstable and then cherry-picked changes from qemu mainline.
Ian Jackson [Mon, 19 May 2008 15:21:52 +0000 (16:21 +0100)]
Send unit_attention on cd-rom not_ready to ready transition
Patch sends a UNIT_ATTENTION(6), MEDIUM_MAY_HAVE_CHANGED(0x28) sense
when cdrom transitions from not ready to ready.
I used the following documentation:
ATA Packet interface for CD-ROMS, SFF8020i.pdf. See state diagram Figure
12, page 82 and Table 44 -recommended Sense Key, ASC
With patch in place HVM win2008 server guest sees the CD/DVD contents
have changed when the media is switched.
Ian Jackson [Fri, 16 May 2008 16:04:57 +0000 (17:04 +0100)]
pci.c: restore bus-level pci interrupt state via pci_set_irq
This change abolishes pcibus_save. Instead we use an invariant - that
device interrupts are supposed to be reflected in the bus interrupt
state - to restore the bus interrupt state.
This makes the code smaller and removes one way in which a savefile
could be corrupted (eg, if it had been generated by a buggy emulator).
It also means that systems which do some of their own PCI bus
emulation and thus reflect PCI bus state elsewhere (eg CPU acclerators
such as Xen) get notified of the PCI bus interrupt level, via
pci_set_irq's call to bus->set_irq.
Ian Jackson [Fri, 16 May 2008 16:01:12 +0000 (17:01 +0100)]
register_savevm etc.: make save function optional
This allows a device to provide only a loading function, not a saving
function.
This is useful if a later version of an emulation restores its state
in some other way (eg by having a different device name, or by
exploiting invariants in the state); when this happens it is still
necessary to load or skip the information when it is found in old
savefiles.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Jackson [Wed, 14 May 2008 15:55:37 +0000 (16:55 +0100)]
Do not kill ioemu if undefined LSI-SCI registers are read.
Imported changeset from xen-unstable:
changeset: 14902:a7bd11fd5b1b6f4a82135db09dfe654e8966fabe
user: kfraser@localhost.localdomain
date: Tue Apr 24 12:12:48 2007 +0100
files: tools/ioemu/hw/lsi53c895a.c
description:
qemu: Do not kill ioemu if undefined LSI-SCI registers are read. Just
return zeroes. This path is triggered by ASPI8DOS.SYS in DRDOS. Signed-off-by: Keir Fraser <keir@xensource.com>
However, this behaviour change was inexplicably made conditional on
CONFIG_DM. I have removed the conditionality.
Merge was relatively straightforward. Specific comments follow:
hw/serial.c
Have kept the Xen rate limiting rather than
the qemu version. The Xen version does an overall
rate limit but doesn't adjust according to the
baud rate. The qemu version is just a maximum
burst (so no overall capacity limit) but does
depend on the baud rate.
vl.c
Several dummy functions helpfully moved into
target-* directories; I put them in a new
i386-dm/machine.c for now.
edgar_igl [Tue, 13 May 2008 10:59:14 +0000 (10:59 +0000)]
CRIS: Improve TLB management and handle delayslots at page boundaries.
* Dont flush the entire qemu tlb when the $pid changes. Instead we go through
the guests TLB and choose entries that need to be flushed.
* Add env->dslot and handle delayslots at pageboundaries.
* Remove some unused code.
Ian Jackson [Fri, 9 May 2008 16:18:55 +0000 (17:18 +0100)]
usb-uhci: correctly deal with interrupt in asynchronous completion
This is the result of merging the remaining changes from:
changeset: 12775:60bbcf799384d779c2a561b9d9ba30f28e31d970
user: kfraser@localhost.localdomain
date: Thu Dec 07 11:52:26 2006 +0000
files: tools/ioemu/hw/usb-hid.c tools/ioemu/hw/usb-uhci.c
description:
[HVM] qemu mouse: Adds support for USB mouse/tablet status check and
restricts Universal Host Controller interrupt generating when received
NAK in interrupt transfer.
According to usb spec, USB mouse/tablet device returns NAK to host
controller if its status does not alter in interrupt transfer.
And UHC should leave a TD active when receiving NAK and execute this
incompleted TD in a subseqent frame. UHC only generates an interrupt
on complete after the TD with ICO bit is completed.
This patch make UHC & USB mouse/tablet behave consistently with spec.
Signed-off-by: Xinmei Huang <xinmei.huang@intel.com>
The tablet NAK support was already done in qemu, but there was still
what Xinmei Huang tell us is a spurious interrupt in the case of
submission for asynchronous completion.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Jackson [Fri, 9 May 2008 16:07:37 +0000 (17:07 +0100)]
Clear TD status field explicitly when it's fetched.
changeset: 13574:b064775fba7d838c99bcf11ca4fec6127e0e8792
user: kfraser@localhost.localdomain
date: Wed Jan 24 10:44:32 2007 +0000
files: tools/ioemu/hw/usb-uhci.c
description:
[QEMU] Clear TD status field explicitly when it's fetched.
In current Qemu-dm, UHC will set some status bits of TD in status
updating stage, but never process the status bit if relevant condition
does not occur, leaving it as it is. When a TD is fetched with some
status bits are set to 1, it will return to Guest OS with these bits
set to 1 even this TD is executed successfully. Some Windows OS,
e.g. Windows 2000, will check status bits of TD in UHC interrupt
routine, treat it as a unsuccessful one if some status bits are set to
1 and discard the data. Other Windows OS just check USBSTS of UHC,
ignoring status field of TD unless the value of USBSTS indicates
occurrence of error.
With this patch, USB mouse/tablet in Windows 2000 works correctly.
qemu doesn't enqueue mouse events, just records the latest mouse
state. This can cause some lost mouse double clicks if the events are
not processed fast enought. This patch implements a simple queue for
left mouse click events.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
As it stands the 8139C+ TX chaining is only bounded by realloc failure.
This is contrary to how the real hardware operates. It also has DoS
potential when ioemu runs in dom0.
This patch makes any attempt to chain a frame beyond 64K fail
immediately.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Ian Jackson [Tue, 6 May 2008 14:41:22 +0000 (15:41 +0100)]
merge from in qemu upstream: "BSD portability fixes"
From xen-unstable:
changeset: 15970:04cc0e22a20a0bdf6ceefb016185175ee094ed30
user: Keir Fraser <keir@xensource.com>
date: Thu Sep 27 16:36:23 2007 +0100
files: tools/ioemu/audio/audio.c tools/ioemu/audio/mixeng.c tools/ioemu/audio/ossaudio.c tools/ioemu/block-raw.c tools/ioemu/block-vvfat.c tools/ioemu/bswap.h tools/ioemu/cutils.c tools/ioemu/monitor.c tools/ioemu/osdep.h tools/ioemu/target-i386-dm/exec-dm.c tools/ioemu/usb-linux.c tools/ioemu/vl.c tools/ioemu/vl.h tools/ioemu/vnc.c
description:
ioemu: Fixes for BSD. Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
Mostly merged. Dropped the ctype.h casts since we have those already,
and also a few things that looked wrong.
projects / qemu-xen-4.0-testing.git / log