getaddrinfo can give us a list of addresses, but we only try to
connect to the first one. If that fails we never proceed to
the next one. This is common on desktop setups that often have ipv6
configured but not actually working.
To fix this make inet_connect_nonblocking retry connection with a different
address.
callers on inet_nonblocking_connect register a callback function that will
be called when connect opertion completes, in case of failure the fd will have
a negative value
Signed-off-by: Orit Wasserman <owasserm@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 233aa5c2d1cf4655ffe335025a68cf5454f87dad)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Amos Kong <akong@redhat.com> Signed-off-by: Orit Wasserman <owasserm@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 05bc1d8a4b2f77df8cc9880a552047e30c16f1f8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Fri, 14 Sep 2012 17:02:30 +0000 (19:02 +0200)]
configure: Allow builds without any system or user emulation
The old code aborted configure when no emulation target was selected.
Even after removing the 'exit 1', it tried to read from STDIN
when QEMU was configured with
configure' '--disable-user' '--disable-system'
This is fixed here.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 8bdd3d499fe0ddffa9901c56ab3bc8911d5b8be0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jeff Cody [Thu, 20 Sep 2012 19:13:17 +0000 (15:13 -0400)]
block: correctly set the keep_read_only flag
I believe the bs->keep_read_only flag is supposed to reflect
the initial open state of the device. If the device is initially
opened R/O, then commit operations, or reopen operations changing
to R/W, are prohibited.
Currently, the keep_read_only flag is only accurate for the active
layer, and its backing file. Subsequent images end up always having
the keep_read_only flag set.
For instance, what happens now:
[ base ] kro = 1, ro = 1
|
v
[ snap-1 ] kro = 1, ro = 1
|
v
[ snap-2 ] kro = 0, ro = 1
|
v
[ active ] kro = 0, ro = 0
What we want:
[ base ] kro = 0, ro = 1
|
v
[ snap-1 ] kro = 0, ro = 1
|
v
[ snap-2 ] kro = 0, ro = 1
|
v
[ active ] kro = 0, ro = 0
Kevin Shanahan [Thu, 20 Sep 2012 23:20:22 +0000 (08:50 +0930)]
blockdev: preserve readonly and snapshot states across media changes
If readonly=on is given at device creation time, the ->readonly flag
needs to be set in the block driver state for this device so that
readonly-ness is preserved across media changes (qmp change command).
Similarly, to preserve the snapshot property requires ->open_flags to
be correct.
Signed-off-by: Kevin Shanahan <kmshanah@disenchant.net> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 80dd1aae3657a902d262f5d20a7a3c655b23705e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Sat, 22 Sep 2012 20:26:19 +0000 (22:26 +0200)]
w32: Add implementation of gmtime_r, localtime_r
Those functions are missing in MinGW.
Some versions of MinGW-w64 include defines for gmtime_r and localtime_r.
Older versions of these macros are buggy (they return a pointer to a
static variable), therefore we don't want them. Newer versions are
similar to the code used here, but without the memset.
The implementation which is used here is not strictly reentrant,
but sufficiently good for QEMU on w32 or w64.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
[blauwirbel@gmail.com: added comment about locking] Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit d3e8f95753114a827f9cd8e819b1d5cc8333f76b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Wed, 22 Aug 2012 19:42:32 +0000 (21:42 +0200)]
w32: Always use standard instead of native format strings
GLib 2.0 include files use __printf__ for the format attribute
which resolves to native format strings on w32 hosts.
QEMU wants standard format strings instead of native format
strings, so we simply change any declaration with __printf__
to use __gnu_printf__.
This works because all basic printf functions support both
kinds of format strings.
This fixes a compiler warning:
qapi/string-output-visitor.c: In function ‘print_type_int’:
qapi/string-output-visitor.c:34:5: warning: unknown conversion type character ‘l’ in format [-Wformat]
qapi/string-output-visitor.c:34:5: warning: too many arguments for format [-Wformat-extra-args]
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 95df51a4a02a853af8828c281bce2d4f2a41d6fd)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
net/socket.c:136: warning:
pointer targets in passing argument 2 of ‘sendto’ differ in signedness
/usr/lib/gcc/amd64-mingw32msvc/4.4.4/../../../../amd64-mingw32msvc/include/winsock2.h:1313: note:
expected ‘const char *’ but argument is of type ‘const uint8_t *’
Add a 'qemu_sendto' macro which provides that type cast where needed
and use the new macro instead of 'sendto'.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 73062dfe6be0050dbd43ce3516e935ebb2545add)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Tue, 4 Sep 2012 20:14:19 +0000 (22:14 +0200)]
linux-user: Remove redundant null check and replace free by g_free
Report from smatch:
linux-user/syscall.c:3632 do_ioctl_dm(220) info:
redundant null check on big_buf calling free()
'big_buf' was allocated by g_malloc0, therefore free was also
replaced by g_free.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit ad11ad77748bdd8016370db210751683dc038dd6)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
curses: don't initialize curses when qemu is daemonized
Current qemu initializes curses even if -daemonize option is
passed. This cause problem because shell prompt appears without
calling endwin().
This patch adds new function, is_daemonized(), to OS dependent
code. With this function, curses_display_init() can check that qemu is
daemonized or not. If daemonized, curses_display_init() isn't called
and the problem is avoided.
Of course, -daemonize && -curses doesn't make sense. Users shouldn't
pass the arguments at the same time. But the problem is very painful
because Ctrl-C cannot be delivered to the terminal.
Cc: Andrzej Zaborowski <balrog@zabor.org> Cc: Stefan Hajnoczi <stefanha@gmail.com> Cc: Anthony Liguori <aliguori@us.ibm.com> Cc: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Hitoshi Mitake <h.mitake@gmail.com> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 995ee2bf469de6bbe5ce133ec853392b2a4ce34c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Sat, 1 Sep 2012 11:00:48 +0000 (13:00 +0200)]
pflash_cfi01: Fix warning caused by unreachable code
Report from smatch:
hw/pflash_cfi01.c:431 pflash_write(180) info: ignoring unreachable code.
Instead of removing the return statement after the switch statement,
the patch replaces the return statements in the switch statement by
break statements. Other switch statements in the same code do it also
like that.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 12dabc79f976d66755025272f7e2e8e4da31715a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Sat, 1 Sep 2012 10:56:03 +0000 (12:56 +0200)]
ioh3420: Remove unreachable code
Report from smatch:
hw/ioh3420.c:128 ioh3420_initfn(35) info: ignoring unreachable code.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 997f15672a5ca7714cf310d92f475d2c5fe40970)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
There must be enough space to add two entries starting with index
s->buffer_level, therefore the old check was wrong.
[Peter Maydell <peter.maydell@linaro.org> clarifies the nature of the
analyser warning:
I don't object to making the change to placate the analyser,
but I don't think this is actually a buffer overrun. We always
add and remove samples from the buffer two at a time, so it's
not possible to get here with s->buffer_level == BUFFER_SIZE-1
(which is the only case where the old and new conditions
give different answers).]
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 8139626643cbe8dc07bd9acc88057effeedf8064)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This fixes read access to s->r[R_MAX] which is behind the limits of s->r.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 5d40097fc09fe5d34cf316a411dc27d455ac2cd0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Sat, 1 Sep 2012 07:40:26 +0000 (09:40 +0200)]
qemu-sockets: Fix potential memory leak
The old code leaks variable 'peer'.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 39b384591fda27d6e1213cea0b11b1ebe0ed4b74)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit b548828862d3bf7214b7ef9cb361356b153b89c9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Ronnie Sahlberg [Sat, 15 Sep 2012 01:13:29 +0000 (18:13 -0700)]
SCSI: Standard INQUIRY data should report HiSup flag as set.
QEMU as far as I know only reports LUN numbers using the modes that
are described in SAM4.
As such, since all LUN numbers generated by the SCSI emulation in QEMU
follow SAM4, we should set the HiSup bit in the standard INQUIRY data
to indicate such.
From SAM4:
4.6.3 LUNs overview
All LUN formats described in this standard are hierarchical in
structure even when only a single level in that hierarchy is used.
The HISUP bit shall be set to one in the standard INQUIRY data
(see SPC-4) when any LUN format described in this standard is used.
Non-hierarchical formats are outside the scope of this standard.
Ronnie Sahlberg [Thu, 30 Aug 2012 23:56:36 +0000 (16:56 -0700)]
iSCSI: We dont need to explicitely call qemu_notify_event() any more
We no longer need to explicitely call qemu_notify_event() any more
since this is now done automatically any time the filehandles we listen
to change.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 40a13ca8d28c21062e35b10d9b80e76b92405bdf)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Ronnie Sahlberg [Fri, 31 Aug 2012 00:28:40 +0000 (17:28 -0700)]
iSCSI: We need to support SG_IO also from iscsi_ioctl()
We need to support SG_IO from the synchronous iscsi_ioctl() since
scsi-block uses this to do an INQ to the device to discover its properties
This patch makes scsi-block work with iscsi.
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit f1a12821d7df2e4d21be4f2206f84b4640533e53)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
pflash_cfi01 announces a version number of 1.1, which implies
"Protection Register Information" and "Burst Read information"
sections, which are not provided.
Decrease the version number to 1.0 so that only the "Protection
Register Information" section is needed.
Set the number of protection fields (0x3f) to 0x01, as 0x00 means 256
protections field, which makes the CFI table bigger than the current
implementation, causing some kernels to fail to read it.
Chris Wulff [Mon, 10 Sep 2012 00:20:07 +0000 (20:20 -0400)]
xilinx_timer: Fix a compile error if debug enabled
There was a missing include of qemu-log and a variable name in a printf was out
of date.
Signed-off-by: Chris Wulff <crwulff@gmail.com> Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
(cherry picked from commit 8354cd722e0afae63bee3e4cb21c8f0ddb6874c2)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Peter Maydell [Wed, 19 Sep 2012 13:51:38 +0000 (14:51 +0100)]
arch_init.c: Improve '-soundhw help' for non-HAS_AUDIO_CHOICE archs
For architectures which don't set HAS_AUDIO_CHOICE, improve the
'-soundhw help' message so that it doesn't simply print an empty
list, implying no sound support at all.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: malc <av1474@comtv.ru>
(cherry picked from commit 55d4fd3c24bd253bd96270c7fdf1bb862f3a3400)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
David Gibson [Mon, 10 Sep 2012 02:30:57 +0000 (12:30 +1000)]
cpu_physical_memory_write_rom() needs to do TB invalidates
cpu_physical_memory_write_rom(), despite the name, can also be used to
write images into RAM - and will often be used that way if the machine
uses load_image_targphys() into RAM addresses.
However, cpu_physical_memory_write_rom(), unlike cpu_physical_memory_rw()
doesn't invalidate any cached TBs which might be affected by the region
written.
This was breaking reset (under full emu) on the pseries machine - we loaded
our firmware image into RAM, and while executing it rewrite the code at
the entry point (correctly causing a TB invalidate/refresh). When we
reset the firmware image was reloaded, but the TB from the rewrite was
still active and caused us to get an illegal instruction trap.
This patch fixes the bug by duplicating the tb invalidate code from
cpu_physical_memory_rw() in cpu_physical_memory_write_rom().
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 0b57e287138728f72d88b06e69b970c5d745c44a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
David Gibson [Mon, 10 Sep 2012 02:30:56 +0000 (12:30 +1000)]
qemu-char: BUGFIX, don't call FD_ISSET with negative fd
tcp_chr_connect(), unlike for example udp_chr_update_read_handler() does
not check if the fd it is using is valid (>= 0) before passing it to
qemu_set_fd_handler2(). If using e.g. a TCP serial port, which is not
initially connected, this can result in -1 being passed to FD_ISSET, which
has undefined behaviour. On x86 it seems to harmlessly return 0, but on
PowerPC, it causes a fortify buffer overflow error to be thrown.
This patch fixes this by putting an extra test in tcp_chr_connect(), and
also adds an assert qemu_set_fd_handler2() to catch other such errors on
all platforms, rather than just some.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit bbdd2ad0814ea0911076419ea21b7957505cf1cc)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Has no hope of working because tcp_chr_connect() does not actually connect.
455aa1e08 just fixes the SEGV with server() but the attempt to connect a client
socket is still completely broken.
This patch reverts both.
Reported-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 6db0fdce02d72546a4c47100a9b2cd0090cf464d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Natanael Copa [Wed, 12 Sep 2012 09:06:51 +0000 (09:06 +0000)]
configure: properly check if -lrt and -lm is needed
Fixes build against uClibc.
uClibc provides 2 versions of clock_gettime(), one with realtime
support and one without (this is so you can avoid linking in -lrt
unless actually needed). This means that the clock_gettime() don't
need -lrt. We still need it for timer_create() so we check for this
function in addition.
We also need check if -lm is needed for isnan().
Both -lm and -lrt are needed for libs_qga.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 8bacde8d86a09699207d85d4bab06162aed18dc4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Currently, if libseccomp is missing but the user explicitly requested
seccomp support using --enable-seccomp, configure silently ignores the
situation and disables seccomp support.
This is unlike all other tests that explicitly fail in such situation.
Fix that.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit e84d5956cc6215d2f098e7b6090fc5ec4cba1be3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Hajnoczi [Mon, 20 Aug 2012 09:14:35 +0000 (10:14 +0100)]
net: EAGAIN handling for net/socket.c TCP
Replace spinning send_all() with a proper non-blocking send. When the
socket write buffer limit is reached, we should stop trying to send and
wait for the socket to become writable again.
Non-blocking TCP sockets can return in two different ways when the write
buffer limit is reached:
1. ret = -1 and errno = EAGAIN/EWOULDBLOCK. No data has been written.
2. ret < total_size. Short write, only part of the message was
transmitted.
Handle both cases and keep track of how many bytes have been written in
s->send_index. (This includes the 'length' header before the actual
payload buffer.)
Stefan Hajnoczi [Mon, 20 Aug 2012 09:21:54 +0000 (10:21 +0100)]
net: asynchronous send/receive infrastructure for net/socket.c
The net/socket.c net client is not truly asynchronous. This patch
borrows the qemu_set_fd_handler2() code from net/tap.c as the basis for
proper asynchronous send/receive.
Only read packets from the socket when the peer is able to receive.
This avoids needless queuing.
Stefan Hajnoczi [Fri, 24 Aug 2012 12:50:30 +0000 (13:50 +0100)]
net: broadcast hub packets if at least one port can receive
In commit 60c07d933c66c4b30a83b7ccbc8a0cb3df1b2d0e ("net: fix
qemu_can_send_packet logic") the "VLAN" broadcast behavior was changed
to queue packets if any net client cannot receive. It turns out that
this was not actually the right fix and just hides the real bug that
hw/usb/dev-network.c:usbnet_receive() clobbers its receive buffer when
called multiple times in a row. The commit also introduced a new bug
that "VLAN" packets would not be sent if one of multiple net clients was
down.
The hw/usb/dev-network.c bug has since been fixed, so this patch reverts
broadcast behavior to send packets as long as one net client can
receive. Packets simply get queued for the net clients that are
temporarily unable to receive.
Reported-by: Roy.Li <rongqing.li@windriver.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit 61518a74ca98870e8ff132f91dd5dda252e31f58)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Hajnoczi [Fri, 24 Aug 2012 12:37:29 +0000 (13:37 +0100)]
net: fix usbnet_receive() packet drops
The USB network interface has a single buffer which the guest reads
from. This patch prevents multiple calls to usbnet_receive() from
clobbering the input buffer. Instead we queue packets until buffer
space becomes available again.
This is inspired by virtio-net and e1000 rxbuf handling.
Stefan Hajnoczi [Fri, 24 Aug 2012 12:32:16 +0000 (13:32 +0100)]
net: clean up usbnet_receive()
The USB network interface has two code paths depending on whether or not
RNDIS mode is enabled. Refactor usbnet_receive() so that there is a
common path throughout the function instead of duplicating everything
across if (is_rndis(s)) ... else ... code paths.
Clean up coding style and 80 character line wrap along the way.
Stefan Hajnoczi [Mon, 20 Aug 2012 12:35:23 +0000 (13:35 +0100)]
net: do not report queued packets as sent
Net send functions have a return value where 0 means the packet has not
been sent and will be queued. A non-zero value means the packet was
sent or an error caused the packet to be dropped.
This patch fixes two instances where packets are queued but we return
their size. This causes callers to believe the packets were sent. When
the caller uses the async send interface this creates a real problem
because the callback will be invoked for a packet that the caller
believed to be already sent. This bug can cause double-frees in the
caller.
Stefan Hajnoczi [Fri, 17 Aug 2012 20:16:42 +0000 (21:16 +0100)]
net: add receive_disabled logic to iov delivery path
This patch adds the missing NetClient->receive_disabled logic in the
sendv delivery code path. It seems that commit 893379efd0e1b84ceb0c42a713293f3dbd27b1bd ("net: disable receiving if
client returns zero") only added the logic to qemu_deliver_packet() and
not qemu_deliver_packet_iov().
The receive_disabled flag should be automatically set when .receive(),
.receive_raw(), or .receive_iov() return 0. No further packets will be
delivered to the NetClient until the receive_disabled flag is cleared
again by calling qemu_flush_queued_packets().
Typically the NetClient will wait until its file descriptor becomes
writable and then invoke qemu_flush_queued_packets() to resume
transmission.
Bo Yang [Wed, 29 Aug 2012 11:26:11 +0000 (19:26 +0800)]
eepro100: Fix network hang when rx buffers run out
This is reported by QA. When installing os with pxe, after the initial
kernel and initrd are loaded, the procedure tries to copy files from install
server to local harddisk, the network becomes stall because of running out of
receive descriptor.
[Whitespace fixes and removed qemu_notify_event() because Paolo's
earlier net patches have moved it into qemu_flush_queued_packets().
Additional info:
I can reproduce the network hang with a tap device doing a iPXE HTTP
boot as follows:
I needed a vanilla iPXE ROM to get to the iPXE prompt. I think the boot
prompt has been disabled in the ROMs that ship with QEMU to reduce boot
time.
During the vmlinuz HTTP download there is a network hang. hw/eepro100.c
has reached the end of the rx descriptor list. When the iPXE driver
replenishes the rx descriptor list we don't kick the QEMU net subsystem
and event loop, thereby leaving the tap netdev without its file
descriptor in select(2).
Stefan Hajnoczi <stefanha@gmail.com>]
Signed-off-by: Bo Yang <boyang@suse.com> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 1069985fb132cd4324fc02d371f1e61492a1823f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Thu, 9 Aug 2012 14:45:57 +0000 (16:45 +0200)]
xen: flush queue when getting an event
xen does not have a register that, when written, will cause can_receive
to go from false to true. However, flushing the queue can be attempted
whenever the front-end raises its side of the Xen event channel. There
is a single event channel for tx and rx.
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Amos Kong <akong@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit a98b140223d3a627eab7ee3ddec645bab630d756)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Thu, 9 Aug 2012 14:45:56 +0000 (16:45 +0200)]
e1000: flush queue whenever can_receive can go from false to true
When the guests replenish the receive ring buffer, the network device
should flush its queue of pending packets. This is done with
qemu_flush_queued_packets.
e1000's can_receive can go from false to true when RCTL or RDT are
modified.
Reported-by: Luigi Rizzo <rizzo@iet.unipi.it> Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Cc: Jan Kiszka <jan.kiszka@siemens.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Amos Kong <akong@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit e8b4c680b41bd960ecccd9ff076b7b058e0afcd4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Thu, 9 Aug 2012 14:45:55 +0000 (16:45 +0200)]
net: notify iothread after flushing queue
virtio-net has code to flush the queue and notify the iothread
whenever new receive buffers are added by the guest. That is
fine, and indeed we need to do the same in all other drivers.
However, notifying the iothread should be work for the network
subsystem. And since we are at it we can add a little smartness:
if some of the queued packets already could not be delivered,
there is no need to notify the iothread.
Reported-by: Luigi Rizzo <rizzo@iet.unipi.it> Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Cc: Jan Kiszka <jan.kiszka@siemens.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Amos Kong <akong@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit 987a9b4800003567b1a47a379255e886a77d57ea)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Igor Mitsyanko [Wed, 5 Sep 2012 09:04:56 +0000 (13:04 +0400)]
arch_init.c: add missing '%' symbols before PRIu64 in debug printfs
'%' symbols were missing in front of PRIu64 macros in DPRINTF() messages in
arch_init.c, this caused compilation warnings when compiled with DEBUG_ARCH_INIT defined.
Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit ef37a699a06f96e098ee00683b7052b5fbb6ad7d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Mon, 3 Sep 2012 20:40:40 +0000 (22:40 +0200)]
kvm: Fix warning from static code analysis
Report from smatch:
kvm-all.c:1373 kvm_init(135) warn:
variable dereferenced before check 's' (see line 1360)
's' cannot by NULL (it was alloced using g_malloc0), so there is no need
to check it here.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 6d1cc3210ccc4372ffa337c187da9db68314c0c4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Lei Li [Thu, 23 Aug 2012 05:14:25 +0000 (13:14 +0800)]
qapi: Fix enumeration typo error
Signed-off-by: Lei Li <lilei@linux.vnet.ibm.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 6932a69b20a88428c531805cdd20eec8acf05b27)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
BALATON Zoltan [Wed, 22 Aug 2012 15:19:42 +0000 (17:19 +0200)]
console: Clean up bytes per pixel calculation
Division with round up is the correct way to compute this even if the
only case where division with round down gives incorrect result is
probably 15 bpp. This case was explicitely patched up in one of these
functions but was unhandled in the other. (I'm not sure about setting
16 bpp for the 15bpp case either but I left that there for now.)
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit feadf1a4de0d7468ffb671a2b9f681925469fa58)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Fri, 10 Aug 2012 20:03:25 +0000 (22:03 +0200)]
Spelling fixes in comments and documentation
These wrong spellings were detected by codespell:
* successully -> successfully
* alot -> a lot
* wanna -> want to
* infomation -> information
* occured -> occurred
["also is" -> "is also" and "ressources" -> "resources" suggested by
Peter Maydell <peter.maydell@linaro.org>]
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit 0546b8c2f089867cd7606ff47e026e8931157828)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Fri, 10 Aug 2012 20:03:27 +0000 (22:03 +0200)]
srp: Don't use QEMU_PACKED for single elements of a structured type
QEMU_PACKED results in a MinGW compiler warning when it is
used for single structure elements:
warning: 'gcc_struct' attribute ignored
Using QEMU_PACKED for the whole structure avoids the compiler warning
without changing the memory layout.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit 93d3ad2a8048469d2b2bb157697425b66b2a37aa)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This option is described in RFC 1783. As this is only an optional field,
we may ignore it in some situations and handle it in some others.
However, MS Windows 2003 PXE boot client requests a block size of the MTU
(most of the times 1472 bytes), and doesn't work if the option is not
acknowledged (with whatever value).
According to the RFC 1783, we cannot acknowledge the option with a bigger
value than the requested one.
As current implementation is using 512 bytes by block, accept the option
with a value of 512 if the option was specified, and don't acknowledge it
if it is not present or less than 512 bytes.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
(cherry picked from commit 95b1ad7ad86793c27ab8e9987be69571937900d1)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Tue, 4 Sep 2012 21:20:36 +0000 (23:20 +0200)]
slirp: Fix error reported by static code analysis
Report from smatch:
slirp/tcp_subr.c:127 tcp_respond(17) error:
we previously assumed 'tp' could be null (see line 124)
Return if 'tp' is NULL.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
(cherry picked from commit e56afbc54a2132c56931f44bae1992c28119944f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Tue, 4 Sep 2012 21:20:35 +0000 (23:20 +0200)]
slirp: Remove wrong type casts ins debug statements
The type casts of pointers to long are not allowed
when sizeof(pointer) != sizeof(long).
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
(cherry picked from commit c4d12a743c73a5b88a8705ca68ff620ce0f8bba7)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Wed, 12 Sep 2012 13:08:40 +0000 (15:08 +0200)]
uhci: Don't queue up packets after one with the SPD flag set
Don't queue up packets after a packet with the SPD (short packet detect)
flag set. Since we won't know if the packet will actually be short until it
has completed, and if it is short we should stop the queue.
This fixes a miniature photoframe emulating a USB cdrom with the windows
software for it not working.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 72a04d0c178f01908d74539230d9de64ffc6da19)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Wed, 12 Sep 2012 13:08:39 +0000 (15:08 +0200)]
usb-redir: Revert usb-redir part of commit 93bfef4c
Commit 93bfef4c6e4b23caea9d51e1099d06433d8835a4 makes qemu-devices
which report the qemu version string to the guest in some way use a
qemu_get_version function which reports a machine-specific version string.
However usb-redir does not expose the qemu version to the guest, only to
the usbredir-host as part of the initial handshake. This can then be logged
on the usbredir-host side for debugging purposes and is otherwise completely
unused! For debugging purposes it is important to have the real qemu version
in there, rather then the machine-specific version.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 35efba2cc6812dc980c336d7b9bf81dbfb5daf00)
Conflicts:
hw/usb/redirect.c
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Wed, 12 Sep 2012 13:08:33 +0000 (15:08 +0200)]
ehci: Walk async schedule before and after migration
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit ceab6f96454fe6589d1b09ce64403c041d79f9d9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Wed, 12 Sep 2012 13:08:32 +0000 (15:08 +0200)]
ehci: Don't set seen to 0 when removing unseen queue-heads
When removing unseen queue-heads from the async queue list, we should not
set the seen flag to 0, as this may cause them to be removed by
ehci_queues_rip_unused() during the next call to ehci_advance_async_state()
if the timer is late or running at a low frequency.
2) Rather then putting more if-s inside ehci_queues_rip_unused, this patch
instead introduces a new ehci_queues_rip_unseen function.
3) This patch also makes it save to call ehci_queues_rip_unseen() multiple
times, which gets used in the folluw up patch titled:
"ehci: Walk async schedule before and after migration"
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 8f5457eb04140714eaf57a99bc08dc661d83fa87)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The caller would not delete temporary file after failed get_tmp_filename().
Signed-off-by: Dunrong Huang <riegamaths@gmail.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit fe235a06e1e008dedd2ac3cc0a3a655169ce9b33)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Don't require encryption password for 'qemu-img info' command
The encryption password is only required if I/O is going to be
performed on a disk image. The 'qemu-img info' command merely
reports metadata, so it should not ask for a decryption password
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit f0536bb848ad6eb2709a7dc675f261bd160c751b)
Conflicts:
qemu-img.c
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jason Baron [Tue, 4 Sep 2012 20:08:08 +0000 (16:08 -0400)]
ahci: properly reset PxCMD on HBA reset
While testing q35, I found that windows 7 (specifically, windows 7 ultimate
with sp1 x64), wouldn't install because it can't find the cdrom or disk drive.
The failure message is: 'A required cd/dvd device driver is missing. If you
have a driver floppy disk, CD, DVD, or USB flash drive, please insert it now.'
This can also be reproduced on piix by adding an ahci controller, and
observing that windows 7 does not see any devices behind it.
The problem is that when windows issues a HBA reset, qemu does not reset the
individual ports' PxCMD register. Windows 7 then reads back the PxCMD register
and presumably assumes that the ahci controller has already been initialized.
Windows then never sets up the PxIE register to enable interrupts, and thus it
never gets irqs back when it sends ata device inquiry commands.
This change brings qemu into ahci 1.3 specification compliance.
Section 10.4.3 HBA Reset:
"
When GHC.HR is set to '1', GHC.AE, GHC.IE, the IS register, and all port
register fields (except PxFB/PxFBU/PxCLB/PxCLBU) that are not HwInit in the
HBA's register memory space are reset.
"
I've also re-tested Fedora 16 and 17 to verify that they continue to work with
this change.
Signed-off-by: Jason Baron <jbaron@redhat.com> Acked-by: Alexander Graf <agraf@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 2a4f4f34e6fe55f4c82507c3e7ec9b58c2e24ad4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Pavel Hrdina [Thu, 9 Aug 2012 10:44:48 +0000 (12:44 +0200)]
block: fix block tray status
The tray status should change also if you eject empty block device.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 9ca111544c64b5abed2e79cf52e19a8f227b347b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The upper limit of 30 was never reached because both for loops terminated
when 'smart_attributes' reached end of list, so there was no real buffer
overflow.
Nevertheless, changing the code not only fixes the error report, but also
reduces the size of smart_attributes and simplifies the for loops.
MORITA Kazutaka [Wed, 29 Aug 2012 18:39:45 +0000 (03:39 +0900)]
sheepdog: fix savevm and loadvm
This patch sets data to be sent to Sheepdog correctly and fixes savevm
and loadvm operations on a Sheepdog image.
Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 1f7a48de4467f31afc51169122453318efdb0f33)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Mon, 10 Sep 2012 10:44:11 +0000 (12:44 +0200)]
ehci: Don't process too much frames in 1 timer tick (v2)
The Linux ehci isoc scheduling code fills the entire schedule ahead of
time minus 80 frames. If we make a large jump in where we are in the
schedule, ie 40 frames, then the scheduler all of a sudden will only have
40 frames left to work in, causing it to fail packet submissions
with error -27 (-EFBIG).
Changes in v2:
-Don't hardcode a maximum number of frames to process in one tick, instead:
-Process a minimum number of frames to ensure we do eventually catch up
-Stop (after the minimum number) when the guest has requested an irq
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 8f74ed1e43263293301031a10e440549bab19a6e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Mon, 10 Sep 2012 10:44:10 +0000 (12:44 +0200)]
ehci: Fix interrupts stopping when Interrupt Threshold Control is 8
If Interrupt Threshold Control is 8 or a multiple of 8, then
s->usbsts_frindex can become exactly 0x4000, at which point
(s->usbsts_frindex > s->frindex) will never become true, as
s->usbsts_frindex will not be lowered / reset in this case.
This patch fixes this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit ffa1f2e088eb7e3d57f2fc35f21e7bdb23e592c5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Also register different memory regions for capabilities,
operational registers and port status registers. Create
separate tracepoints for operational regs and port status
regs. Ditch a bunch of sanity checks because the memory
core will do this for us now.
Offloading the byte, word and dword access handling to the
memory core also has the side effect of fixing ehci register
access on bigendian hosts.
Cc: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 3e4f910c8d490a1490409a7e381dbbb229f9d272)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Uri Lublin [Tue, 11 Sep 2012 07:09:58 +0000 (10:09 +0300)]
qxl: better cleanup for surface destroy
Add back a call to qxl_spice_destroy_surface_wait_complete() in qxl_spice_destroy_surface_wait(),
that was removed by commit c480bb7da465186b84d8427e068ef7502e47ffbf
It is needed to complete surface-removal cleanup, for non async.
For async, qxl_spice_destroy_surface_wait_complete is called upon operation completion.
Signed-off-by: Uri Lublin <uril@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 753b8b0d77ba1b343a35f9679cc777ea10a62bba)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Gerd Hoffmann [Fri, 17 Aug 2012 09:04:36 +0000 (11:04 +0200)]
xhci: drop buffering
This patch splits the xhci_xfer_data function into three.
The xhci_xfer_data function used to do does two things:
(1) copy transfer data between guest memory and a temporary buffer.
(2) report transfer results to the guest using events.
Now we three functions to handle this:
(1) xhci_xfer_map creates a scatter list for the transfer and
uses that (instead of the temporary buffer) to build a
USBPacket.
(2) xhci_xfer_unmap undoes the mapping.
(3) xhci_xfer_report sends out events.
The patch also fixes reporting of transaction errors which must be
reported unconditinally, not only in case the guest asks for it
using the ISP flag.
Gerd Hoffmann [Fri, 17 Aug 2012 12:05:21 +0000 (14:05 +0200)]
xhci: rip out background transfer code
original xhci code (the one which used libusb directly) used to use
'background transfers' for iso streams. In upstream qemu the iso
stream buffering is handled by usb-host & usb-redir, so we will
never ever need this. It has been left in as reference, but is dead
code anyway. Rip it out.
Hans de Goede [Tue, 28 Aug 2012 09:33:47 +0000 (11:33 +0200)]
usb-redir: Return babble when getting more bulk data then requested
Babble is the appropriate error in this case (rather then signalling a stall).
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 2979a36183a3902cd75665e7c6bbc8668668fd17)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Tue, 28 Aug 2012 09:30:13 +0000 (11:30 +0200)]
usb-redir: Move to core packet id and queue handling
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit de550a6afb468ed3b8171019e19b63ae8254886d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Tue, 28 Aug 2012 07:08:45 +0000 (09:08 +0200)]
usb-redir: Get rid of unused async-struct dev member
This is a preparation patch for completely getting rid of the async-packet
struct in usb-redir, instead relying on the (new) per ep queues in the
qemu usb core.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 206e7f20fe7b920b362bcc02608680c5d5527f2a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Tue, 28 Aug 2012 07:05:38 +0000 (09:05 +0200)]
usb-redir: Get rid of local shadow copy of packet headers
The shadow copy only serves as an extra check (besides the packet-id) to
ensure the packet we get back is a reply to the packet we think it is.
This check has never triggered in all the time usb-redir is in use now,
and since the verified data in the returned packet-header is not used
otherwise, removing the check does not open any possibilities for the
usbredirhost to confuse us.
This is a preparation patch for completely getting rid of the async-packet
struct in usb-redir, instead relying on the (new) per ep queues in the
qemu usb core.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 104981d52b63dc3d68f39d4442881c667f44bbb9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Mon, 27 Aug 2012 14:33:08 +0000 (16:33 +0200)]
usb-redir: Get rid of async-struct get member
This is a preparation patch for completely getting rid of the async-packet
struct in usb-redir, instead relying on the (new) per ep queues in the
qemu usb core.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit cb897117cdedd488f19985c8ec5ea05971103a27)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Thu, 23 Aug 2012 14:37:19 +0000 (16:37 +0200)]
usb-redir: Don't delay handling of open events to a bottom half
There is no need for this, and doing so means that a backend trying to
write immediately after an open event will see qemu_chr_be_can_write
returning 0, which not all backends handle well as there is no wakeup
mechanism to detect when the frontend does become writable.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit ed9873bfbf145c084d039baab08c63b9d67e7bd3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Fri, 17 Aug 2012 15:27:08 +0000 (17:27 +0200)]
usb-redir: Never return USB_RET_NAK for async handled packets
USB_RET_NAK is not a valid response for async handled packets (and will
trigger an assert as such).
Also drop the warning when receiving a status of cancelled for packets not
cancelled by qemu itself, this can happen when a device gets unredirected
by the usbredir-host while transfers are pending.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 181133404f520fab40a3ad40d935d91cf3cf546c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Mon, 3 Sep 2012 10:17:48 +0000 (12:17 +0200)]
ehci: Correct a comment in fetchqtd packet processing
Since my previous comment said "Should never happen", I tried changing the
next line to an assert(0), which did not go well, which as the new comments
explains is logical if you think about it for a moment.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit cf1f81691d1998fa8fe5bfcb8b498fb3723cf3c3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Mon, 3 Sep 2012 09:35:58 +0000 (11:35 +0200)]
ehci: Handle USB_RET_PROCERR in ehci_fill_queue
USB_RET_PROCERR can be triggered by the guest (by for example requesting more
then BUFFSIZE bytes), so don't assert on it.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit eff6dce79bd7ad3c16d75c5e55b5a2a137ba6a60)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Mon, 3 Sep 2012 09:01:13 +0000 (11:01 +0200)]
ehci: Fix memory leak in handling of NAK-ed packets
Currently each time we try to execute a NAK-ed packet we redo
ehci_init_transfer, and usb_packet_map, re-allocing (without freeing) the
sg list every time.
This patch fixes this, it does this by introducing another async state, so
that we also properly cleanup a NAK-ed packet on cancel.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit ef5b234477df80700b128f561f5877a0688a70c8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Mon, 3 Sep 2012 08:22:16 +0000 (10:22 +0200)]
ehci: Add some additional ehci_trace_guest_bug() calls
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 3a8ca08e01ea4baafff2a513655008cdd00feebf)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Gerd Hoffmann [Fri, 31 Aug 2012 08:44:21 +0000 (10:44 +0200)]
ehci: trace guest bugs
make qemu_queue_{cancel,reset} return the number of packets released,
so the caller can figure whenever there have been active packets even
though there shouldn't have been any. Add tracepoint to log this.