Migrating after unplugging a virtio-balloon device resulted in an error
message on the destination:
Unknown savevm section or instance '0000:00:04.0/virtio-balloon' 0
load of migration failed
Fix this by unregistering the section on device unplug.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Add an exit handler that will free up RAM after a virtio-balloon device
is unplugged.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Multiple balloon registrations are not allowed; check if the
registration with the qemu balloon api succeeded. If not, fail the
device init.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Passing on '0' as ballooning target to indicate retrieval of stats is
bad API. It also makes 'balloon 0' in the monitor cause a segfault.
Have two different functions handle the different functionality instead.
Detailed explanation from Markus's review:
1. do_info_balloon() is an info_async() method. It receives a callback
with argument, to be called exactly once (callback frees the
argument). It passes the callback via qemu_balloon_status() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
virtio_balloon_to_target() executes its balloon stats half. It
stores the callback in the device state.
If it can't send a stats request, it resets stats and calls the
callback right away.
Else, it sends a stats request. The device model runs the callback
when it receives the answer.
Works.
2. do_balloon() is a cmd_async() method. It receives a callback with
argument, to be called when the command completes. do_balloon()
calls it right before it succeeds. Odd, but should work.
Nevertheless, it passes the callback on via qemu_ballon() and
indirectly through qemu_balloon_event to virtio_balloon_to_target().
a. If the argument is non-zero, virtio_balloon_to_target() executes
its balloon half, which doesn't use the callback in any way.
Odd, but works.
b. If the argument is zero, virtio_balloon_to_target() executes its
balloon stats half, just like in 1. It either calls the callback
right away, or arranges for it to be called later.
Thus, the callback runs twice: use after free and double free.
Test case: start with -S -device virtio-balloon, execute "balloon 0" in
human monitor. Runs the callback first from virtio_balloon_to_target(),
then again from do_balloon().
Reported-by: Mike Cao <bcao@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Separate out the code to retrieve balloon info from the code that sets
balloon values.
This will be used to separate the two callbacks from balloon.c and help
cope with 'balloon 0' on the monitor. Currently, 'balloon 0' causes a
segfault in monitor_resume().
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Almost pure code motion. Unstatic hid interface functions and add
them to the header file. Some renames. Some code style cleanups.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add hid_has_events function, use it to figure whenever there are pending
events instead of checking and updating USBHIDState->changed.
Setting ->changed to 1 on init is removed, that should have absolutely
no effect as the initial state of ->idle is 0 so we report hid state
anyway until the guest configures some idle time. Also should clear
->idle on reset.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add callback for event notification, which allows to un-usbify more
functions. Also split separate hid_* functions for reset and release.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
First step in separating out the HID emulation code from usb-hid, so it
can be reused without creating a dummy usb device like bluetooth does.
This creates a HIDState struct, moves the non-usbish fields from
USBHIDStruct there. Renames non-usbish structs, defines and functions
from usb* to hid*. Adapts the code to that.
Also cleans up a bunch of code style issues along the way.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Map guest memory and pass on a direct pointer instead of copying
the bits to a indirect buffer. EHCI transfer descriptors can
reference multiple (physical guest) pages so we'll actually start
seeing usb packets wich carry iovec with more than one element.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Zap data pointer from USBPacket, add a QEMUIOVector instead.
Add a bunch of helper functions to manage USBPacket data.
Switch over users to the new interface.
Note that USBPacket->len was used for two purposes: First to
pass in the buffer size and second to return the number of
transfered bytes or the status code on async transfers. There
is a new result variable for the latter. A new status code
was added to catch uninitialized result.
Nobody creates iovecs with more than one element (yet).
Some users are (temporarely) limited to iovecs with a single
element to keep the patch size as small as possible.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The QEMU keyboard and mouse reports themselves as full speed devices,
though they are actually low speed devices. Until this is fixed, claim that
we are supporting full speed devices.
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
The 'to' can go negative when the first region gets removed
(it gets incremented by to 0 immediately afterward), which
makes the assertion fail. Nothing breaks if
to < 0 here so just remove the assert.
Tested-by: David Ahern <daahern@cisco.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Inform guest drivers about the new features I/O commands we have
now (async commands, S3 support) if building with newer spice, i.e.
if SPICE_INTERFACE_QXL_MINOR >= 1.
sneaked in some 81+ column line spliting.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Alon Levy <alevy@redhat.com>
Add two new IOs.
QXL_IO_FLUSH_SURFACES - equivalent to update area for all surfaces, used
to reduce vmexits from NumSurfaces to 1 on guest S3, S4 and resolution change (windows
driver implementation is such that this is done on each of those occasions).
QXL_IO_FLUSH_RELEASE - used to ensure anything on last_release is put on the release ring
for the client to free.
Signed-off-by: Yonit Halperin <yhalperi@redhat.com>
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Some of the QXL port i/o commands are waiting for the spice server to
complete certain actions. Add async versions for these commands, so we
don't block the vcpu while the spice server processses the command.
Instead the qxl device will raise an IRQ when done.
The async command processing relies on an added QXLInterface::async_complete
and added QXLWorker::*_async additions, in spice server qxl >= 3.1
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Alon Levy <alevy@redhat.com>
Since the driver is still in operation even after moving to UNDEFINED, i.e.
by destroying primary in any way.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add qxl_guest_bug() function which is supposed to be called in case
sanity checks of guest requests fail. It raises an error IRQ and
logs a message in case guest debugging is enabled.
Make PANIC_ON() abort instead of exit. That macro should be used
for qemu bugs only, any guest-triggerable stuff should use the new
qxl_guest_bug() function instead.
Convert a few easy cases from PANIC_ON() to qxl_guest_bug() to
show intended usage.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Surface tracking needs proper locking since it is used from vcpu and spice
worker threads, add it. Also reset the surface counter when zapping all
surfaces.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Move the wrapper functions which are used by qxl only to qxl.c.
Rename them from qemu_spice_* to qxl_spice_*. Also pass in a
qxl state pointer instead of a SimpleSpiceDisplay pointer.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Factor out SimpleSpiceDisplay initialization into
qemu_spice_display_init_common() and call it from
both qxl.c (for vga mode) and spice-display.c
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Instead of using its own definitions scsi-disk should
be using the device type of the parent device.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
SET_WINDOW command is vendor-specific only.
So we shouldn't try to emulate it.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Move softmmu_exec.h include directives from target-*/exec.h to
target-*/op_helper.c. Move also various other stuff only used in
op_helper.c there.
Define global env in dyngen-exec.h.
For i386, move wrappers for segment and FPU helpers from user-exec.c
to op_helper.c. Implement raise_exception_err_env() to handle dynamic
CPUState. Move the function declarations to cpu.h since they can be
used outside of op_helper.c context.
LM32, s390x, UniCore32: remove unused cpu_halted(), regs_to_env() and
env_to_regs().
ARM: make raise_exception() static.
Convert
#include "exec.h"
to
#include "cpu.h"
#include "dyngen-exec.h"
and remove now unused target-*/exec.h.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch almost rewrites acpi_table_add() function
(but still leaves it using old get_param_value() interface).
The result is that it's now possible to specify whole table
(together with a header) in an external file, instead of just
data portion, with a new file= parameter, but at the same time
it's still possible to specify header fields as before.
Now with the checkpatch.pl formatting fixes, thanks to
Stefan Hajnoczi for suggestions, with changes from
Isaku Yamahata, and with my further refinements.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Cc: Isaku Yamahata <yamahata@valinux.co.jp>
Cc: John Baboval <john.baboval@virtualcomputer.com>
Cc: Blue Swirl <blauwirbel@gmail.com>
[yamahata@valinux.co.jp: fix compile error, comment fallthrough]
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This leads to random off-by-one error.
When the size of the SD is exactly 1GB, the emulation was returning a
wrong SDHC CSD descriptor.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
For unknown reasons, Windows drivers (tested with XP and Win7) ignore
usb-tablet events that move the pointer to 0/0. So always report 0/0 as
1/0.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Zipit Z2 is small PXA270 based handheld.
Signed-off-by: Vasily Khoruzhick <anarsoul@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
The program actions onenand_prog_main() and onenand_prog_spare()
can only set bits.
This implies a rewrite of onenand_erase() to not use the program
functions, since erase does need to set bits.
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
[Riku Voipio: Fixes and restructuring patchset]
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
[Peter Maydell: More fixes and cleanups for upstream submission]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Handle the manufacturer, device and version IDs separately rather than
smooshing them all together into a single uint32_t. Note that the ID
registers are actually 16 bit, even though typically the top bits are 0
and the Read Identification Data command only returns the bottom 8 bits.
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
[Riku Voipio: Fixes and restructuring patchset]
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
[Peter Maydell: More fixes and cleanups for upstream submission]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Pass the BlockDriverState to the onenand init function so it doesn't
need to look up the drive itself.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Qdevify the NAND device.
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
[Riku Voipio: Fixes and restructuring patchset]
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
[Peter Maydell: More fixes and cleanups for upstream submission]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Writing to a NAND device cannot set bits, it can only clear them;
implement this rather than simply copying the data.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
After receiving READ STATUS command all subsequent IO reads should return
the status register value until another command is issued.
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
[Riku Voipio: Fixes and restructuring patchset]
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
[Peter Maydell: More fixes and cleanups for upstream submission]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Support NAND devices which are wider than 8 bits.
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
[Riku Voipio: Fixes and restructuring patchset]
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
[Peter Maydell: More fixes and cleanups for upstream submission]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Add support for NAND devices of over 1Gb.
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
[Riku Voipio: Fixes and restructuring patchset]
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
[Peter Maydell: More fixes and cleanups for upstream submission]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Pass the BlockDeviceState to the nand_init() function rather
than having it look it up via drive_get() itself.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Since lm832x has been qdev'ified, its users will generally
have a DeviceState pointer rather than an i2c_slave pointer,
so adjust lm832x_key_event's prototype to suit.
This allows the n810 (its only user) to actually pass a correct
pointer to it rather than NULL. The effect is that we no longer
segfault when a key is pressed.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Convert the OMAP GPIO module to qdev.
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
[Riku Voipio: Fixes and restructuring patchset]
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
[Peter Maydell: More fixes and cleanups for upstream submission]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
The OMAP2430 has a fifth GPIO module which earlier OMAP2 models lack; add
the clock definition for it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Add helper function omap_l4_region_base() to return the base address
of a particular region of an L4 target agent.
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
[Riku Voipio: Fixes and restructuring patchset]
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
[Peter Maydell: More fixes and cleanups for upstream submission]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
Multiboot images can specify a bss segment. The boot loader must clear
the memory of the bss and ensure that no modules or structures are
allocated inside it. Several fields are provided in the Multiboot
header that were previously not used properly. The header is now used
to determine how much data should be read from the image and how much
memory should be reserved to the bss segment.
Signed-off-by: Göran Weinholt <goran@weinholt.se>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When writing the last sector of an SD card using WRITE_MULTIPLE_BLOCK
QEmu throws an error saying that we've run off the end, and leaves
itself in the wrong state.
Tested on ARM Vexpress model.
Signed-off-by: Dr. David Alan Gilbert <david.gilbert@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Added options to let qemu transfer two configuration files to bios:
"bootsplash.bmp" and "etc/boot-menu-wait", which could be specified by command
-boot splash=P,splash-time=T
P is jpg/bmp file name or an absolute path, T have a max value of 0xffff, unit
is ms. With these two options, if user invoke qemu with menu=on option, then
a splash picture would be showed in a given time. For example:
qemu -boot menu=on,splash=/root/boot.bmp,splash-time=5000
would make boot.bmp shown as a brand with 5 seconds in the booting up process.
This feature need the new seabios's support, which could be got from git.
Signed-off-by: Wayne Xia <xiawenc@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Allow registering sysbus device memory using a MemoryRegion. Once all users
are converted, sysbus_init_mmio() and sysbus_init_mmio_cb() will be removed.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Allow registering a BAR using a MemoryRegion. Once all users are converted,
pci_register_bar() and pci_register_bar_simple() will be removed.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This is now done sloppily, via get_system_memory(). Eventually callers
will be converted to stop using that.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
While eventually this should come from the machine initialization function,
take a short cut to avoid converting all machines now.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Device models rely on the core invoking their reset handlers after init.
We do this in the cold-plug case, but so far we miss this step after
hot-plug.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
For a conventional pci device behind
a pcie-to-pci bridge, pci_host handlers get confused by
an out of bounds access in the range [256, 4K).
Check for such an access and make it have no effect.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
virtio_common_init() allocates RAM for the vdev struct (and any
additional memory, depending on the size passed to the function). This
memory wasn't being freed until now.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
virtio_cleanup() will be changed by the following patch to remove the
VirtIONet struct that gets allocated via virtio_common_init(). Ensure
we don't dereference the structure after calling the cleanup function.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Calling virtio_cleanup() will free up memory allocated in
virtio_common_init().
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
In practice, guests don't generate config requests
that cross a word boundary, so the logic to
detect command word access is correct because
PCI_COMMAND is 0x4. But depending on this is
tricky, further, it will break with guests
that do try to generate a misaligned access
as we pass it to devices without splitting.
Better to use the generic range_covers_byte for this.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Introduce pci_config_read/write_common helpers to prevent passing
accesses down the callback chain that go beyond the config space limits.
Adjust length assertions as they are no longer correct (cutting may
generate valid 3 byte accesses).
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The unplug protocol is necessary to support PV drivers in the guest: the
drivers expect to be able to "unplug" emulated disks and nics before
initializing the Xen PV interfaces.
It is responsibility of the guest to make sure that the unplug is done
before the emulated devices or the PV interface start to be used.
We use pci_for_each_device to walk the PCI bus, identify the devices and
disks that we want to disable and dynamically unplug them.
Changes in v2:
- use PCI_CLASS constants;
- replace pci_unplug_device with qdev_unplug;
- do not import hw/ide/internal.h in xen_platform.c;
Changes in v3:
- introduce piix3-ide-xen, that support hot-unplug;
- move the unplug code to hw/ide/piix.c;
- just call qdev_unplug from xen_platform.c to unplug the IDE disks;
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
When using xen_enabled() we're currently only checking if xen is enabled
at all during the build. But what if you want to build multiple targets
out of which only one can potentially run xen code?
That means that for generic code we'll still have to fall back to the
variable and potentially slow the code down, but it's not as important as
that is mostly xen device emulation which is not touched for non-xen targets.
The target specific code however can with this patch see that it's unable to
ever execute xen code. We can thus always return 0 on xen_enabled(), giving
gcc enough hints to evict the mapcache code from the target memory management
code.
Signed-off-by: Alexander Graf <agraf@suse.de>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Use the "host" CONFIG_ define instead of the "target" one.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
6e1db57b2a didn't
convert brlapi or win32 chrdevs, breaking build for those.
Fix by converting the chrdevs.
Acked-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Correct typos of "licenced" to "licensed".
Reviewed-by: Stefan Weil <weil@mail.berlios.de>
Reviewed-by: Andreas F=E4rber <andreas.faerber@web.de>
Signed-off-by: Matthew Fernandez <matthew.fernandez@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Make use of the new clock reset notifier to update the RTC whenever
rtc_clock is the host clock and that happens to jump backward. This
avoids that the RTC stalls for the period the host clock was set back.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This allows to pass additional information to the notifier callback
which is useful if sender and receiver do not share any other distinct
data structure.
Will be used first for the clock reset notifier.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Old version looks like this in info qtree (last four lines):
dev: virtconsole, id ""
dev-prop: is_console = 1
dev-prop: nr = 0
dev-prop: chardev = <null>
dev-prop: name = <null>
dev-prop-int: id: 0
dev-prop-int: guest_connected: 1
dev-prop-int: host_connected: 0
dev-prop-int: throttled: 0
Indentation is off, and "dev-prop-int" suggests these are properties
you can configure with -device, which isn't the case. The other
buses' print_dev() callbacks don't do that. For instance, PCI's
output looks like this:
class Ethernet controller, addr 00:03.0, pci id 1af4:1000 (sub 1af4:0001)
bar 0: i/o at 0xffffffffffffffff [0x1e]
bar 1: mem at 0xffffffffffffffff [0xffe]
bar 6: mem at 0xffffffffffffffff [0xfffe]
Change virtser_bus_dev_print() to that style. Result:
dev: virtconsole, id ""
dev-prop: is_console = 1
dev-prop: nr = 0
dev-prop: chardev = <null>
dev-prop: name = <null>
port 0, guest on, host off, throttle off
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
These addresses have been passed through pci_to_cpu_addr,
and thus need to be full target_phys_addr_t.
Acked-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The only way for chardev drivers to communicate an error was to return a NULL
pointer, which resulted in an error message that said _that_ something went
wrong, but not _why_.
This patch changes the interface to return 0/-errno and updates
qemu_chr_open_opts to use strerror to display a more helpful error message.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Support commas in the parameter list of multiboot modules as well as for the
kernel command line, by using double commas (via get_opt_value()).
Signed-off-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Serial and parallel devices created with -device are not reported in
the PIIX4 configuration space, and are hence not picked up by the DSDT.
This upsets Windows, which hides them altogether from the guest.
To avoid this, check at the end of machine initialization whether the
corresponding I/O ports have been registered. The new function in
ioport.c does this; this also requires a tweak to isa_unassign_ioport.
I left the comment in piix4_pm_initfn since the registers I moved do
seem to match the 82371AB datasheet. There are some quirks though.
We are setting this bit:
"Device 8 EIO Enable (EIO_EN_DEV8)—R/W. 1=Enable PCI access to the
device 8 enabled I/O ranges to be claimed by PIIX4 and forwarded
to the ISA/EIO bus. 0=Disable. The LPT_MON_EN must be set to enable
the decode."
but not LPT_MON_EN (bit 18 at 50h):
LPT Port Enable (LPT_MON_EN)—R/W. 1=Enable accesses to parallel
port address range (LPT_DEC_SEL) to generate a device 8 (parallel
port) decode event. 0=Disable.
We're also setting the LPT_DEC_SEL field (that's the 0x60 written to
63h) to 11, which means reserved, rather than to 01 (378h-37Fh).
Likewise we're not setting SA_MON_EN, SB_MON_EN (respectively bit 14
and bit 16 at address 50h) for the serial ports. However, we're setting
COMA_DEC_SEL and COMB_DEC_SEL correctly, unlike the corresponding register
for the parallel port.
All these fields are left as they are, since they are probably only
meant to be used in the DSDT.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Drop the open-coded MAC assignment from net_init_nic and replace it with
standard qemu_macaddr_default_if_unset which is also used by qdev. That
avoid creating colliding MACs when instantiating NICs via different
mechanisms.
This change requires to store the MAC as MACAddr in NICInfo, and the
remaining nd_table users need to be updated.
Based on suggestion by Peter Maydell.
CC: Markus Armbruster <armbru@redhat.com>
CC: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Spec on UHCI_STS_USBERR: "If the TD on which the error interrupt
occurred also had its IOC bit set, both this bit and Bit 0 are set."
Make UHCI emulation do that.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Remove leftover calls to usb_hid_changed().
Take care to update the changed flag after delivering a event via
GET_REPORT like we do when sending events via interrupt endpoint.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Spice worker does no longer process commands when it is stopped.
Otherwise, it might crash during migration when attempting to process
commands while the guest is not completely loaded.
Cc: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This allows to easily tag devices as non-migratable,
so any attempt to migrate a virtual machine with the
device in question active will make migration fail.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
If the serial number is not set we should mask it out in the
list of supported VPD pages and mark it as not supported.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
A debugging statement wasn't converted to the new interface.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
'tag' is just an abstraction to identify the command
from the driver. So we should make that explicit by
replacing 'tag' with a driver-defined pointer 'hba_private'.
This saves the lookup for driver handling several commands
in parallel.
'tag' is still being kept for tracing purposes.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
iov_to_buf() has an 'offset' parameter, iov_from_buf() hasn't.
This patch adds the missing parameter to iov_from_buf().
It also renames the 'offset' parameter to 'iov_off' to
emphasize it's the offset into the iovec and not the buffer.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
A host chardev could close just before the guest sends some data to be
written. This will cause an -EPIPE error. This shouldn't be propagated
to virtio-serial-bus.
Ideally we should close the port once -EPIPE is received, but since the
chardev interface doesn't return such meaningful values to its users,
all we get is -1 for any kind of error. Just return 0 for now and wait
for chardevs to return better error messages to act better on the return
messages.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
We were previously allowing arbitrarily-long indirect descriptors, which
could lead to a buffer overflow in qemu-kvm process.
CVE-2011-2212
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
vhost dev stop failed to clear the log field.
Typically not an issue as dev start overwrites this field,
but if logging gets disabled before the following start,
it doesn't so this causes a double free.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The new xen_console protocol changed the default xen_console output device
from whatever Qemu chose to whatever xenstore choses and "pty" as fallback.
This is not how Qemu works. It has its own serial redirection semantics. So
it xenstore doesn't contain information on what to do, Qemu is the place to
ask.
Signed-off-by: Alexander Graf <agraf@suse.de>
Since CS 21994 on xen-unstable.hg and CS
466608f3a32e1f9808acdf832a5843af37e5fcec on qemu-xen-unstable.git, few
changes have been introduced to the PV console xenstore protocol, as
described by the document docs/misc/console.txt under xen-unstable.hg.
From the Qemu point of view, very few modifications are needed to
correctly support the protocol: read from xenstore the "output" node
that tell us what the output of the PV console is going to be.
In case the output is a tty, write to xenstore the device name.
Changes in v2:
- fix error paths: free malloc'ed strings and close the xenstore
connection before returning;
- remove useless snprintf in xenstore_store_pv_console_info if i == 0.
Changes in v3:
- replace xs_daemon_open/xs_daemon_close with xs_open/xs_close.
Changes in v4:
- add a compatibility implementation of xs_open/xs_close.
Changes in v5:
- fix code style.
[agraf] fix build error due to missing stub
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Sometimes the toolstack uses "aio" without an additional format
identifier, in such cases use "raw".
Updated in v2:
- fix code style.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
When disk is a cdrom and the drive is empty the "params" node in
xenstore might be missing completely: cope with it instead of
segfaulting.
Updated in v2:
- actually removed the strchr(blkdev->params, ':') that caused the
segfault;
- free all the allocated strings from xenstore before returning;
Updated in v3:
- set blkdev fields to NULL after free'ing them.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Register the vkbd backend even when running as device emulator for HVM
guests: it is useful because it doesn't need a frequent timer like usb.
Check whether the XenInput DisplayState has been set in the initialise
state, rather than the input state.
In case the DisplayState hasn't been set and there is no vfb for this
domain, then set the XenInput DisplayState to the default one.
Changed in v2:
- use qemu_free instead of free;
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
con_init leaks the string "type", fix it.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Xen won't be enabled if there is no backend support available for the
host. And that also means the map cache will work. So drop the separate
config switch and move the required stubs over to xen-stub.c.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This bug was introduced in 94d3f98a3f:
scsi_cancel_io was checking if some request was pending before trying
to cancel it, while scsi_req_cancel always cancels the request.
This may lead to a crash of Qemu due to dereferencing a NULL pointer,
as exhibited by NetBSD 5.1 installer on MIPS Magnum emulation.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Add ich9 controllers, Factor out properties to a separate
struct and reference it to reduce duplication.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
