Commit Graph

13554 Commits

Author SHA1 Message Date
Isaku Yamahata
d00b261816 monitor: use after free in do_wav_capture()
use after free in do_wav_capture() on the error path.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-01-25 09:22:51 +01:00
Isaku Yamahata
52108a1ff0 mips_fulong: remove bogus HAS_AUDIO
remove bogus HAS_AUDIO according to 738012bec4.

Cc: Blue Swirl <blauwirbel@gmail.com>
Cc: Huacai Chen <zltjiangshi@gmail.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-01-25 09:18:05 +01:00
Isaku Yamahata
0dfa5ef90d audio: consolidate audio_init()
consolidate audio_init() and remove references to shoundhw.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Acked-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-01-25 09:18:00 +01:00
Alexandre Courbot
bec43cc3b6 target-sh4: fix index of address read error exception
Exception index of address read error should be 0x0e0.

Signed-off-by: Alexandre Courbot <gnurou@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-01-25 08:36:30 +01:00
Alexandre Courbot
e40a67beed target-sh4: fix TLB invalidation code
In cpu_sh4_invalidate_tlb, the UTLB was invalidated twice and the
ITLB left unchaged, probably because of some unfortunate copy/paste.

Signed-off-by: Alexandre Courbot <gnurou@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-01-25 08:36:29 +01:00
Anthony Liguori
b22b7b729d Merge remote branch 'kwolf/for-anthony' into staging 2011-01-24 15:16:56 -06:00
Fabien Chouteau
4a2ba23284 SPARC: Add asr17 register support
This register is activated by CPU_FEATURE_ASR17 in the feature field.

Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-01-24 20:54:34 +00:00
Fabien Chouteau
b04d989054 SPARC: Emulation of Leon3
Leon3 is an open-source VHDL System-On-Chip, well known in space industry (more
information on http://www.gaisler.com).

Leon3 is made of multiple components available in the GrLib VHDL library.
Three devices are implemented: uart, timers and IRQ manager.
You can find code for these peripherals in the grlib_* files.

Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-01-24 20:54:34 +00:00
Fabien Chouteau
8b1e132074 SPARC: Emulation of GRLIB APB UART
This device exposes one parameter:
 - chardev (ptr) : Pointer to a qemu character device

Emulation of GrLib devices is base on the GRLIB IP Core User's Manual:
http://www.gaisler.com/products/grlib/grip.pdf

Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-01-24 20:54:34 +00:00
Fabien Chouteau
3f10bcbb64 SPARC: Emulation of GRLIB IRQMP
This device exposes two parameters:
 - set_pil_in        (ptr) : A function to set the pil_in of the SPARC CPU
 - set_pil_in_opaque (ptr) : Opaque argument of the set_pil_in function

Emulation of GrLib devices is base on the GRLIB IP Core User's Manual:
http://www.gaisler.com/products/grlib/grip.pdf

Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-01-24 20:54:34 +00:00
Fabien Chouteau
0f3a4a01eb SPARC: Emulation of GRLIB GPTimer
This device exposes three parameters:
 - frequency (uint32) : The system frequency
 - irq-line  (uint32) : IRQ line number for the first timer
                        (others use irq-line + 1, irq-line + 2...)
 - nr-timers (uint32) : Number of timers

Emulation of GrLib devices is base on the GRLIB IP Core User's Manual:
http://www.gaisler.com/products/grlib/grip.pdf

Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-01-24 20:54:33 +00:00
Stefan Hajnoczi
a5c062edd2 docs: Document scsi-disk and usb-storage removable parameter
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 21:39:22 +01:00
Stefan Hajnoczi
6bb7b86722 usb-msd: Propagate removable bit to SCSI device
USB Mass Storage Devices sometimes have the RMB (removable) bit set in
the SCSI INQUIRY response.  Thumbdrives tend to have the bit set whereas
hard disks do not.

Operating systems differentiate between removable devices and fixed
devices.  Under Linux, the anaconda installer looks for removable
devices.  Under Windows, only fixed devices may have more than one
partition and AutoRun is also affected by the removable bit.

For these reasons, allow USB Mass Storage Devices to override the
removable bit:

qemu -usb
     -drive if=none,file=test.img,cache=none,id=disk0
     -device usb-storage,drive=disk0,removable=on

The default is off.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 21:39:22 +01:00
Stefan Hajnoczi
2d1fd26137 scsi: Allow scsi_bus_legacy_add_drive() to set removable bit
scsi-disk devices may wish to override the removable bit.  Add support
for a qdev property on SCSI devices.  This is will be used by usb-msd.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 21:39:22 +01:00
Stefan Hajnoczi
419e691f8e scsi-disk: Allow overriding SCSI INQUIRY removable bit
Provide the "removable" qdev property bit to override the SCSI INQUIRY
removable (RMB) bit for non-CDROM devices.  This will be used by USB
Mass Storage Devices, which sometimes have this guest-visible bit set
and sometimes do not.  They therefore requires a means for user
configuration.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 21:39:20 +01:00
Aurelien Jarno
b835e919f0 target-mips: fix save_cpu_state() calls
The rule is:
- don't save PC if the exception is only triggered by softmmu.
- save PC if the exception can be triggered by an helper.

Fix a 64-bit kernel crash when loading modules.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-01-24 20:52:04 +01:00
Stefan Hajnoczi
96df67d1c3 block: Use backing format driver during image creation
The backing format should be honored during image creation.  For some
reason we currently use the image format to open the backing file.  This
fails when the backing file has a different format than the image being
created.  Keep the image and backing format drivers completely separate.

Also print the backing filename if there is an error opening the backing
file instead of the image filename.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Acked-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 16:49:50 +01:00
Markus Armbruster
850ec1133b blockdev: Fix drive_del not to crash when drive is not in use
Watch this:

    (qemu) drive_add 0 if=none,file=tmp.img
    OK
    (qemu) info block
    none0: type=hd removable=0 file=tmp.img ro=0 drv=raw encrypted=0
    (qemu) drive_del none0
    Segmentation fault (core dumped)

do_drive_del()'s code to clean up the pointer from a qdev using the
drive back to the drive needs to check whether such a device exists.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 16:49:50 +01:00
Markus Armbruster
807105a775 blockdev: Make drive_init() use error_report()
This makes the errors point to the error location, and fixes drive_add
to report errors in the monitor instead of stderr.

While there, tweak a few error messages for consistency.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 16:49:50 +01:00
Markus Armbruster
4838485405 blockdev: Fix error message for invalid -drive CHS
When cyls, heads or secs are out of range, the error message prints
buf, which points to the value of option "if".  Bogus, may even be
null.  Drop that.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 16:49:49 +01:00
Pierre Riteau
77358b59f6 Fix block migration when the device size is not a multiple of 1 MB
b02bea3a85 added a check on the return
value of bdrv_write and aborts migration when it fails. However, if the
size of the block device to migrate is not a multiple of BLOCK_SIZE
(currently 1 MB), the last bdrv_write will fail with -EIO.

Fixed by calling bdrv_write with the correct size of the last block.

Signed-off-by: Pierre Riteau <Pierre.Riteau@irisa.fr>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 16:41:50 +01:00
Stefan Hajnoczi
c743849bee qed: Refuse to create images on block devices
QED relies on the underlying filesystem to extend the file and maintain
its size.  Check that images are not created on a block device.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 16:41:50 +01:00
Kevin Wolf
e61846908e Documentation: Add qemu-img check/rebase
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 16:41:49 +01:00
Stefan Weil
1635eecc41 ide: Remove unneeded null pointer check
With bm == NULL, other code in the same function would crash.

This bug was reported by cppcheck:
hw/ide/pci.c:280: error: Possible null pointer dereference: bm

Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 16:41:49 +01:00
Kevin Wolf
3de0a2944b qcow2: Batch flushes for COW
qcow2 calls bdrv_flush() after performing COW in order to ensure that the
L2 table change is never written before the copy is safe on disk. Now that the
L2 table is cached, we can wait with flushing until we write out the next L2
table.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 16:41:49 +01:00
Kevin Wolf
29c1a7301a qcow2: Use QcowCache
Use the new functions of qcow2-cache.c for everything that works on refcount
block and L2 tables.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 16:41:49 +01:00
Kevin Wolf
493810940b qcow2: Add QcowCache
This adds some new cache functions to qcow2 which can be used for caching
refcount blocks and L2 tables. When used with cache=writethrough they work
like the old caching code which is spread all over qcow2, so for this case we
have merely a cleanup.

The interesting case is with writeback caching (this includes cache=none) where
data isn't written to disk immediately but only kept in cache initially. This
leads to some form of metadata write batching which avoids the current "write
to refcount block, flush, write to L2 table" pattern for each single request
when a lot of cluster allocations happen. Instead, cache entries are only
written out if its required to maintain the right order. In the pure cluster
allocation case this means that all metadata updates for requests are done in
memory initially and on sync, first the refcount blocks are written to disk,
then fsync, then L2 tables.

This improves performance of scenarios with lots of cluster allocations
noticably (e.g. installation or after taking a snapshot).

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 11:08:51 +01:00
Christoph Hellwig
c641483fbe ide: kill ide_dma_submit_check
Merge ide_dma_submit_check into it's only caller.  Also use tail recursion
using a goto instead of a real recursion - this avoid overflowing the
stack in the pathological situation of an recurring error that is ignored.
We'll still be busy looping in ide_dma_cb, but at least won't eat up
all stack space after this.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 11:08:51 +01:00
Christoph Hellwig
596bb44dea ide: also reset io_buffer_index for writes
Currenly the code only resets the io_buffer_index field for reads,
but the code seems to expect this for all types of I/O.  I guess
we simply don't hit large enough transfers that would require this
often enough.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 11:08:51 +01:00
Christoph Hellwig
cd369c4634 ide: factor dma handling helpers
Factor the DMA I/O path that is duplicated between read and write
commands, into common helpers using the s->is_read flag added for
the macio ATA controller.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 11:08:50 +01:00
Pierre Riteau
8b6b2afcf8 Avoid divide by zero when there is no block device to migrate
When block migration is requested and no read-write block device is
present, a divide by zero exception is triggered because
total_sector_sum equals zero.

Signed-off-by: Pierre Riteau <Pierre.Riteau@irisa.fr>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 11:08:50 +01:00
Jes Sorensen
70b4f4bb05 Make strtosz() return int64_t instead of ssize_t
strtosz() needs to return a 64 bit type even on 32 bit
architectures. Otherwise qemu-img will fail to create disk
images >= 2GB

Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 11:08:50 +01:00
Jes Sorensen
c90f1b3297 do_snapshot_blkdev() error on missing snapshot_file argument
Current code does not support snapshot internally to the running
image. Error in case no snapshot_file is specified.

Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 11:08:50 +01:00
Kevin Wolf
710da702be qemu-img snapshot: Use writeback caching
None of the other qemu-img subcommands uses writethrough, and there's no reason
why snapshot should be special.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-01-24 11:08:50 +01:00
Aurelien Jarno
653df36bbe qcow2: fix unaligned access
cpu_to_be64w() is called with an obviously non-aligned pointer. Use
cpu_to_be64wu() instead. It fixes unaligned accesses errors on IA64
hosts.

Cc: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 11:08:50 +01:00
Kevin Wolf
0bfe006c53 multiboot: Fix upper memory size in multiboot info
The upper memory size field should exclude the first MB of RAM.

Signed-off-by: Kevin Wolf <mail@kevin-wolf.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-01-23 22:44:13 +01:00
Blue Swirl
64b85a8f23 Delete useless 'extern' qualifiers for functions
'extern' qualifier is useless for function declarations. Delete
them.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-01-23 16:21:20 +00:00
Blue Swirl
ba76a84d2d gdbstub-xml: avoid a warning from sparse
Include a header to get the declaration for xml_builtin. This
avoids a warning from sparse:
  CC    m68k-softmmu/gdbstub-xml.o
gdbstub-xml.c:244:12: warning: symbol 'xml_builtin' was not declared. Should it be static?

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-01-23 11:43:25 +00:00
Edgar E. Iglesias
225d02cd1a Avoid deadlock whith iothread and icount
When using the iothread together with icount, make sure the
qemu_icount counter makes forward progress when the vcpu is
idle to avoid deadlocks.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-01-23 04:44:51 +01:00
Edgar E. Iglesias
5d0bb8239d microblaze: cleanup helper_addkc
Remove unused addition and rename to helper_carry.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-01-23 03:52:20 +01:00
Edgar E. Iglesias
e0a42ebc08 microblaze: Improve subkc
Move code from the helper into the translator. The remaining
helper parts can reuse helper_addkc, making it possible to
remove helper_subkc entirely.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-01-22 12:39:16 +01:00
Edgar E. Iglesias
7e9e433008 microblaze: Fix 3rd addkc arg when rd is r0
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-01-22 12:35:48 +01:00
Edgar E. Iglesias
40cbf5b709 microblaze: Improve addkc
* Optimize handling when carry is not updated.
* Optimize handling for adds with nop semantics.
* Move code from helper_addkc to the translator making
  helper_addkc PURE and CONST.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-01-22 12:02:53 +01:00
Edgar E. Iglesias
2accfb5fa6 microblaze: Remove debug leftovers.
No functional changes.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-01-22 12:00:12 +01:00
Edgar E. Iglesias
ee8b246f82 microblaze: Reorganize for future patches
No functional changes.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-01-22 11:57:19 +01:00
Edgar E. Iglesias
5823947f9f ppc: Correct BookE tlb reads
Call the tlb read helper (and not the write helper) for tlb
reads.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-01-21 23:12:42 +01:00
Jan Kiszka
789f88d0b2 checkpatch: Fix bracing false positives on #else
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-01-21 17:32:45 +00:00
Aurelien Jarno
b947c12c0b Merge branch 'usb.4' of git://anongit.freedesktop.org/spice/qemu
* 'usb.4' of git://anongit.freedesktop.org/spice/qemu: (32 commits)
  usb: zap pdev from usbport
  usb: rewrite fw path, fix numbering
  usb: add port property.
  usb: keep track of physical port address.
  usb storage: handle long responses
  usb storage: fix status reporting
  usb storage: high speed support
  usb: add device qualifier support
  usb: add usb_desc_attach
  usb: add attach callback
  usb: add speed mask to ports
  usb: hid: change serial number to "42".
  usb: hid: remote wakeup support.
  usb: hub: remote wakeup support.
  usb: uhci: remote wakeup support.
  usb: add usb_wakeup() + wakeup callback to port ops
  usb: rework attach/detach workflow
  usb: create USBPortOps, move attach there.
  usb: move remote wakeup handling to common code
  usb: move USB_REQ_{GET,SET}_CONFIGURATION handling to common code
  ...
2011-01-21 17:56:50 +01:00
Aurelien Jarno
543c4c94cf sm501: fix screen redraw
Due to signed/unsigned comparison, the dirty bits are never reset, and
the screen redrawn each time. Fix that by only using ram_addr_t types,
and looking for page_min != addr_max instead.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-01-21 17:56:32 +01:00
Blue Swirl
b646968336 checkpatch: adjust to QEMUisms
Change checkpatch.pl for QEMU use:
 - Root directory detection
 - Forbid tabs
 - Indent at 4 spaces
 - Allow typedefs
 - Enforce brace use even for single statement blocks
 - Don't suggest nonexistent cleanup tools

Mention the script in CODING_STYLE.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-01-20 20:58:56 +00:00