Kevin Wolf [Mon, 3 Sep 2012 23:46:54 +0000 (23:46 +0000)]
fdc: Remove status0 parameter from fdctrl_set_fifo()
It decided whether an interrupt is triggered. Only one caller made use
of this functionality, so move the code there.
In this one caller, the interrupt must actually be triggered
unconditionally, like it was before commit 2fee0088. For example, a
successful read without an implied seek can result in st0 = 0, but still
triggers the interrupt.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Tested-by: Hervé Poussineau <hpoussin@reactos.org>
Stefan Hajnoczi [Wed, 31 Oct 2012 15:34:37 +0000 (16:34 +0100)]
aio: rename AIOPool to AIOCBInfo
Now that AIOPool no longer keeps a freelist, it isn't really a "pool"
anymore. Rename it to AIOCBInfo and make it const since it no longer
needs to be modified.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Wed, 31 Oct 2012 15:34:36 +0000 (16:34 +0100)]
aio: use g_slice_alloc() for AIOCB pooling
AIO control blocks are frequently acquired and released because each aio
request involves at least one AIOCB. Therefore, we pool them to avoid
heap allocation overhead.
The problem with the freelist approach in AIOPool is thread-safety. If
we want BlockDriverStates to associate with AioContexts that execute in
multiple threads, then a global freelist becomes a problem.
This patch drops the freelist and instead uses g_slice_alloc() which is
tuned for per-thread fixed-size object pools. qemu_aio_get() and
qemu_aio_release() are now thread-safe.
Note that the change from g_malloc0() to g_slice_alloc() should be safe
since the freelist reuse case doesn't zero the AIOCB either.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Wed, 31 Oct 2012 15:34:35 +0000 (16:34 +0100)]
aio: switch aiocb_size type int -> size_t
Using appropriate types for variables is a good thing :). All users
simply do sizeof(MyType) and the value is passed to a memory allocator,
it should be size_t.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Nick Thomas [Fri, 2 Nov 2012 13:01:23 +0000 (13:01 +0000)]
tests: allow qemu-iotests to be run against nbd backend
To do this, we start a qemu-nbd process at _make_test_img and kill
it in _cleanup_test_img. $TEST_IMG is changed to point at the TCP
server. We also remove the checks for existence of binaries from
common.config - they're duplicated in common, and we can make the
qemu-nbd check conditional on $IMGPROTO being "nbd" if we do it there.
Signed-off-by: Nick Thomas <nick@bytemark.co.uk> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Weil [Sun, 4 Nov 2012 11:09:34 +0000 (12:09 +0100)]
block: Workaround for older versions of MinGW gcc
Versions before gcc-4.6 don't support unnamed fields in initializers
(see http://gcc.gnu.org/bugzilla/show_bug.cgi?id=10676).
Offset and OffsetHigh belong to an unnamed struct which is part of an
unnamed union. Therefore the original code does not work with older
versions of gcc.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Fri, 26 Oct 2012 18:31:15 +0000 (20:31 +0200)]
qemu-iotests: qcow2: Test growing large refcount table
Actually writing all the content with 512 byte sector size would take
forever, therefore build the image file with a Python script and use
qemu-io for the last write that actually triggers the refcount table
growth.
Kevin Wolf [Fri, 26 Oct 2012 14:33:32 +0000 (16:33 +0200)]
qcow2: Fix refcount table size calculation
A missing factor for the refcount table entry size in the calculation
could mean that too little memory was allocated for the in-memory
representation of the table, resulting in a buffer overflow.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Tested-by: Michael Tokarev <mjt@tls.msk.ru>
Anthony Liguori [Wed, 14 Nov 2012 14:53:03 +0000 (08:53 -0600)]
Merge remote-tracking branch 'kraxel/pixman.v5' into staging
* kraxel/pixman.v5:
pixman: cleanup properly on make distclean
pixman: add licensing info
pixman: build internal version early
pixman: pass cflags, add -fPIC
pixman: disable gtk
pixman: set --host for cross builds
pixman: add output dir to include path
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Wed, 14 Nov 2012 14:51:06 +0000 (08:51 -0600)]
Merge remote-tracking branch 'bonzini/nbd-next' into staging
* bonzini/nbd-next:
nbd: fixes to read-only handling
hmp: add NBD server commands
nbd: disallow nbd-server-add before nbd-server-start
nbd: force read-only export for read-only devices
nbd: fix nbd_server_stop crash when no server was running
nbd: accept URIs
nbd: accept relative path to Unix socket
qemu-nbd: initialize main loop before block layer
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Wed, 14 Nov 2012 14:50:45 +0000 (08:50 -0600)]
Merge remote-tracking branch 'bonzini/scsi-next' into staging
* bonzini/scsi-next:
virtio-scsi: use dma_context_memory
dma: Define dma_context_memory and use in sysbus-ohci
megasas: Correct target/lun mapping
scsi-disk: flush cache after disabling it
megasas: do not include block_int.h
scsi: remove superfluous call to scsi_device_set_ua
virtio-scsi: factor checks for VIRTIO_SCSI_S_DRIVER_OK when reporting events
scsi: do not return short responses for emulated commands
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Wed, 14 Nov 2012 14:50:18 +0000 (08:50 -0600)]
Merge remote-tracking branch 'kraxel/usb.70' into staging
* kraxel/usb.70:
ehci: fix migration
xhci: Fix some DMA host endian bugs
usb/combined-packet: Move freeing of combined to usb_combined_packet_remove()
xhci: Add support for packets with both data and an error status
ehci: Add support for packets with both data and an error status
ehci: Get rid of the magical PROC_ERR status
usb-redir: Allow packets to have both data and an error-status
usb: split packet result into actual_length + status
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Alex Williamson [Tue, 13 Nov 2012 19:27:40 +0000 (12:27 -0700)]
vfio-pci: Add KVM INTx acceleration
This makes use of the new level irqfd support enabling bypass of qemu
userspace both on INTx injection and unmask. This significantly
boosts the performance of devices making use of legacy interrupts (ex.
~60% better netperf TCP_RR scores for an e1000e assigned to a Linux
guest and booted with pci=nomsi). This also avoids flipping mmaps on
and off to simulate EOIs, so greatly improves performance of device
access in addition to interrupt latency.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Paolo Bonzini [Tue, 13 Nov 2012 09:34:17 +0000 (10:34 +0100)]
nbd: fixes to read-only handling
We do not need BLKROSET if the kernel supports setting flags.
Also, always do BLKROSET even for a read-write export, otherwise
the read-only state remains "sticky" after the invocation of
"qemu-nbd -r".
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 12 Nov 2012 12:30:10 +0000 (13:30 +0100)]
aio: fix aio_ctx_prepare with idle bottom halves
Commit ed2aec4867f0d5f5de496bb765347b5d0cfe113d changed the return
value of aio_ctx_prepare from false to true when only idle bottom
halves are available. This broke PC old-style DMA, which uses them.
Fix this by making aio_ctx_prepare return true only when non-idle
bottom halves are scheduled to run.
Reported-by: malc <av1474@comtv.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: malc <av1474@comtv.ru>
Peter Maydell [Mon, 29 Oct 2012 01:34:32 +0000 (11:34 +1000)]
dma: Define dma_context_memory and use in sysbus-ohci
Define a new global dma_context_memory which is a DMAContext corresponding
to the global address_space_memory AddressSpace. This can be used by
sysbus peripherals like sysbus-ohci which need to do DMA.
In particular, use it in the sysbus-ohci device, which fixes a
segfault when attempting to use that device.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Hannes Reinecke [Mon, 12 Nov 2012 14:42:42 +0000 (15:42 +0100)]
megasas: Correct target/lun mapping
The structure to reference a logical drive has an unused field,
which can be used to carry the lun ID. This enabled seabios to
establish the proper target/LUN mapping.
Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 31 Oct 2012 16:14:41 +0000 (17:14 +0100)]
scsi-disk: flush cache after disabling it
SBC says that "if an application client changes the WCE bit from one to
zero via a MODE SELECT command, then the device server shall write
any data in volatile cache to non-volatile medium before completing
the command".
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 10 Oct 2012 10:18:03 +0000 (12:18 +0200)]
scsi: do not return short responses for emulated commands
The inquiry command, for the case of VPD=1, was returning short
responses; the number of returned bytes was just the number of bytes
in the request, without padding to the specified allocation length
with zero bytes. This is usually harmless, but it is a violation
of the SCSI specification.
To fix this, always pad with zero bytes to r->cmd.xfer in
scsi_disk_emulate_command, and return at most r->buflen bytes
(the size of the buffer for command data) rather than at most
buflen bytes (the number of bytes that was filled in).
Before this patch, "strace sg_inq -p0x83 /dev/sda" would report a
non-zero resid value. After this patch, it reports resid=0.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Eric Johnson [Sat, 10 Nov 2012 03:40:51 +0000 (19:40 -0800)]
target-mips: Fix seg fault for LUI when MIPS_DEBUG_DISAS==1.
The call to gen_logic_imm for OPC_LUI passes -1 for rs. This
causes the MIPS_DEBUG statement to seg fault due to the deference
of regnames[rs]. This patch fixes that.
Signed-off-by: Eric Johnson <ericj@mips.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(aurel32: replaced static string formating by a static string)
Catalin Patulea [Mon, 29 Oct 2012 07:45:51 +0000 (03:45 -0400)]
tests/tcg: new test for i386 FPREM and FPREM1
This is setting the stage for a cleanup of FPREM and FPREM1 helpers while being
sure that they behave same as bare metal.
The test constructs operands using combinations of corner cases for the
floating-point bitfields and prints operands, result and FPU status word for
FPREM and FPREM1. The outputs can then be compared between bare metal and QEMU.
The 'run-test-i386-fprem' make target does just that.
Signed-off-by: Catalin Patulea <catalinp@google.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Jan Kiszka [Mon, 5 Nov 2012 15:45:56 +0000 (16:45 +0100)]
memory: Reintroduce dirty flag to optimize changes on disabled regions
Cirrus is triggering this, e.g. during Win2k boot: Changes only on
disabled regions require no topology update when transaction depth drops
to 0 again.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
BALATON Zoltan [Sun, 4 Nov 2012 17:41:59 +0000 (18:41 +0100)]
vmware_vga: Add back some info in local state partially reverting aa32b38c
Keep saving display surface parameters at init and using these cached
values instead of getting them when needed. Not sure why this is
needed (maybe due to the interaction with the vga device) but not
doing this broke the Xorg vmware driver at least.
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Tested-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Jan Kiszka [Sun, 4 Nov 2012 08:16:55 +0000 (09:16 +0100)]
kvmvapic: Fix TB invalidation after instruction patching
Since 0b57e287, cpu_memory_rw_debug already triggers a TB invalidation.
As it doesn't (and cannot) set is_cpu_write_access=1 but "consumes" the
currently executed TB, the tb_invalidate_phys_page_range call from
patch_instruction didn't work anymore.
Fix this by open-coding the required bits to restore the CPU state from
the current TB position before patching and resume execution on the
patched instruction afterward.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Tested-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
David Gibson [Mon, 5 Nov 2012 03:29:01 +0000 (14:29 +1100)]
xhci: Fix some DMA host endian bugs
The xhci device does correct endian switches on the results of some DMAs
but not all. In particular, there are many DMAs of what are essentially
arrays of 32-bit integers which never get byteswapped. This causes them
to be interpreted incorrectly on big-endian hosts, since (as per the xhci
spec) these arrays are always little-endian in guest memory.
This patch adds some helper functions to fix these bugs. This may not be
all the endian bugs in the xhci code, but it's certainly some of them and
the Linux guest xhci driver certainly gets further with these fixes.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Thu, 1 Nov 2012 16:15:01 +0000 (17:15 +0100)]
usb: split packet result into actual_length + status
Since with the ehci and xhci controllers a single packet can be larger
then maxpacketsize, it is possible for the result of a single packet
to be both having transferred some data as well as the transfer to have
an error.
An example would be an input transfer from a bulk endpoint successfully
receiving 1 or more maxpacketsize packets from the device, followed
by a packet signalling halt.
While already touching all the devices and controllers handle_packet /
handle_data / handle_control code, also change the return type of
these functions to void, solely storing the status in the packet. To
make the code paths for regular versus async packet handling more
uniform.
This patch unfortunately is somewhat invasive, since makeing the qemu
usb core deal with this requires changes everywhere. This patch only
prepares the usb core for this, all the hcd / device changes are done
in such a way that there are no functional changes.
This patch has been tested with uhci and ehci hcds, together with usb-audio,
usb-hid and usb-storage devices, as well as with usb-redir redirection
with a wide variety of real devices.
Note that there is usually no need to directly set packet->actual_length
form devices handle_data callback, as that is done by usb_packet_copy()
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The swaph instruction was not decoding correctly. s/1e1/1e2 on the
9 LSBs on the instruction decode.
Reported-by: David Holsgrove <david.holsgrove@xilinx.com> Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
malc [Mon, 5 Nov 2012 17:47:04 +0000 (21:47 +0400)]
tcg/ppc32: Use trampolines to trim the code size for mmu slow path accessors
mmu access looks something like:
<check tlb>
if miss goto slow_path
<fast path>
done:
...
; end of the TB
slow_path:
<pre process>
mr r3, r27 ; move areg0 to r3
; (r3 holds the first argument for all the PPC32 ABIs)
<call mmu_helper>
b $+8
.long done
<post process>
b done
On ppc32 <call mmu_helper> is:
(SysV and Darwin)
mmu_helper is most likely not within direct branching distance from
the call site, necessitating
a. moving 32 bit offset of mmu_helper into a GPR ; 8 bytes
b. moving GPR to CTR/LR ; 4 bytes
c. (finally) branching to CTR/LR ; 4 bytes
(PowerOpen (AIX))
a. moving 32 bit offset of mmu_helper's TOC into a GPR1 ; 8 bytes
b. loading 32 bit function pointer into GPR2 ; 4 bytes
c. moving GPR2 to CTR/LR ; 4 bytes
d. loading 32 bit small area pointer into R2 ; 4 bytes
e. (finally) branching to CTR/LR ; 4 bytes
call - 4 bytes (trampoline is within code gen buffer
and most likely accessible via
direct branch)
embedded retaddr - 4 bytes
Total overhead - 8 bytes
In the end the icache pressure is decreased by 20/28 bytes at the cost
of an extra jump to trampoline and adjusting LR (to skip over embedded
retaddr) once inside.
Gerd Hoffmann [Fri, 2 Nov 2012 08:37:27 +0000 (09:37 +0100)]
spice: fix initialization order
Register displaychangelistener last, after spice is fully initialized,
otherwise we may hit NULL pointer dereferences when qemu starts calling
our callbacks.
Gerd Hoffmann [Tue, 30 Oct 2012 13:55:12 +0000 (14:55 +0100)]
qxl: call dpy_gfx_resize when entering vga mode
When entering vga mode the display size likely changes,
notify all displaychangelisteners about this.
Probably went unnoticed for a while as one if the first
things the guest does after leaving qxl native mode and
entering qxl vga mode is to set the vga video mode. But
there is still a small window where qemu can operate on
stale data, leading to crashes now and then.
Alon Levy [Mon, 15 Oct 2012 12:54:03 +0000 (14:54 +0200)]
hw/qxl: guest bug on primary create with stride %4 != 0
Due to usage of pixman for rendering on all spice surfaces we have
pixman's requirement that the stride be word aligned. A guest not
honoring that can crash spice and qemu with it due to failure to create
a surface (in spice-server). Avoid this early on in primary surface
creation and offscreen surface creation.
Recently windows guests got odd width support which triggers a non word
aligned primary surface in 16bit color depth. Off screen surfaces have
always been word aligned, but doesn't hurt to check them here too.
Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Blue Swirl [Sat, 3 Nov 2012 18:48:35 +0000 (18:48 +0000)]
target-mips: use ULL for 64 bit constants
Fix build on a 32 bit host:
CC mips-softmmu/target-mips/dsp_helper.o
/src/qemu/target-mips/dsp_helper.c: In function 'helper_dextr_rs_w':
/src/qemu/target-mips/dsp_helper.c:3556: error: integer constant is too large for 'long' type
/src/qemu/target-mips/dsp_helper.c: In function 'helper_extr_s_h':
/src/qemu/target-mips/dsp_helper.c:3656: error: integer constant is too large for 'long' type
Signed-off-by: Blue Swirl <blauwirbel@gmail.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
BALATON Zoltan [Sat, 3 Nov 2012 11:47:08 +0000 (12:47 +0100)]
vmware_vga: Allow simple drivers to work without using the fifo
Postpone stopping the dirty log to the point where the command fifo is
configured to allow drivers which don't use the fifo to work too.
(Without this the picture rendered into the vram never got to the
screen and the DIRECT_VRAM option meant to support this case was
removed a year ago.)
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
BALATON Zoltan [Sat, 3 Nov 2012 11:47:08 +0000 (12:47 +0100)]
vmware_vga: Return a value for FB_SIZE before the device is enabled
According to the documentation drivers using this device should read
FB_SIZE before enabling the device to know what memory to map. This
would not work if we return 0 before enabled. The docs also mention
reading SVGA_REG_DEPTH but not writing it. (Only SVGA_REG_BITS_PER_PIXEL
can be written but we don't really support that either.)
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Blue Swirl [Sat, 3 Nov 2012 12:55:05 +0000 (12:55 +0000)]
Merge branch 'trivial-patches' of git://github.com/stefanha/qemu
* 'trivial-patches' of git://github.com/stefanha/qemu:
pc: Drop redundant test for ROM memory region
exec: make some functions static
target-ppc: make some functions static
ppc: add missing static
vnc: add missing static
vl.c: add missing static
target-sparc: make do_unaligned_access static
m68k: Return semihosting errno values correctly
cadence_uart: More debug information
Yeongkyoon Lee [Wed, 31 Oct 2012 07:04:25 +0000 (16:04 +0900)]
tcg: Optimize qemu_ld/st by generating slow paths at the end of a block
Add optimized TCG qemu_ld/st generation which locates the code of TLB miss
cases at the end of a block after generating the other IRs.
Currently, this optimization supports only i386 and x86_64 hosts.
Signed-off-by: Yeongkyoon Lee <yeongkyoon.lee@samsung.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Yeongkyoon Lee [Wed, 31 Oct 2012 07:04:24 +0000 (16:04 +0900)]
tcg: Add extended GETPC mechanism for MMU helpers with ldst optimization
Add GETPC_EXT which is used by MMU helpers to selectively calculate the code
address of accessing guest memory when called from a qemu_ld/st optimized code
or a C function. Currently, it supports only i386 and x86-64 hosts.
Signed-off-by: Yeongkyoon Lee <yeongkyoon.lee@samsung.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Peter Maydell [Mon, 29 Oct 2012 12:05:11 +0000 (12:05 +0000)]
target-m68k/m68k-semi.c: Log when put_user for returning values fails
Abstract out the use of put_user for returning semihosting call results,
so that we can log when a guest erroneously attempts a semihosting call
with an unwritable argument block.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Paolo Bonzini [Fri, 2 Nov 2012 14:43:24 +0000 (15:43 +0100)]
vl: delay thread initialization after daemonization
Commit ac4119c (chardev: Use timer instead of bottom-half to postpone
open event, 2012-10-12) moved the alarm timer initialization to an earlier
point but failed to consider that it depends on qemu_init_main_loop.
Later, commit 1c53786 (vl: init main loop earlier, 2012-10-30) fixed
this, but left -daemonize in two different ways. First, timers need to
be reinitialized after forking. Second, the global mutex was being held
by the parent, and thus dropped after forking.
The first is now fixed using pthread_atfork. For the second part,
make sure that the global mutex is not taken before daemonization,
and similarly delay qemu_thread_self.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
projects / qemu.git / log