Kevin Wolf [Tue, 27 Mar 2012 11:09:22 +0000 (13:09 +0200)]
qcow2: Refactor qcow2_free_any_clusters
Zero clusters will add another cluster type. Refactor the open-coded
cluster type detection into a switch of QCOW2_CLUSTER_* options so that
the detection is in a single place. This makes it easier to add new
cluster types.
Kevin Wolf [Thu, 23 Feb 2012 14:40:55 +0000 (15:40 +0100)]
qcow2: Ignore reserved bits in L1/L2 entries
This changes the still existing places that assume that the only flags
are QCOW_OFLAG_COPIED and QCOW_OFLAG_COMPRESSED to properly mask out
reserved bits.
Kevin Wolf [Thu, 15 Mar 2012 16:20:11 +0000 (17:20 +0100)]
qcow2: Fail write_compressed when overwriting data
qcow2_alloc_compressed_cluster_offset() already fails if the copied flag
is set, because qcow2_write_compressed() doesn't perform COW as it would
have to do to allow this.
However, what we really want to check here is whether the cluster is
allocated or not. With internal snapshots the copied flag may not be set
on allocated clusters. Check the cluster offset instead.
Kevin Wolf [Thu, 15 Mar 2012 15:37:40 +0000 (16:37 +0100)]
qcow2: Ignore reserved bits in count_contiguous_clusters()
Until now, count_contiguous_clusters() has an argument that allowed to
specify flags that should be ignored in the comparison, i.e. that are
allowed to change between contiguous clusters.
This patch changes the function so that it ignores all flags by default
now and you need to pass the flags on which it should stop.
Kevin Wolf [Wed, 14 Mar 2012 18:15:03 +0000 (19:15 +0100)]
qcow2: Ignore reserved bits in get_cluster_offset
With this change, reading from a qcow2 image ignores all reserved bits
that are set in an L1 or L2 table entry.
Now get_cluster_offset() assigns *cluster_offset only the offset without
any other flags. The cluster type is not longer encoded in the offset,
but a positive return value in case of success.
Kevin Wolf [Wed, 11 Apr 2012 14:33:50 +0000 (16:33 +0200)]
qcow2: Save disk size in snapshot header
This allows that different snapshots of an image can have different
sizes, which is a requirement for enabling image resizing even with
images that have internal snapshots.
We don't do the actual support for it now, but make sure that the
additional field is present and not completely ignored in all version 3
images. When trying to load a snapshot of different size, it returns
an error.
Kevin Wolf [Thu, 12 Apr 2012 11:20:41 +0000 (13:20 +0200)]
Specification for qcow2 version 3
This updates the qcow2 specification to cover version 3. It contains the
following changes:
- Added compatible/incompatible/auto-clear feature bits plus an optional
feature name table to allow useful error messages even if an older
version doesn't know some feature at all.
- Configurable refcount width. If you don't want to use internal
snapshots, make refcounts one bit and save cache space and I/O.
- Zero cluster flags. This allows discard even with a backing file that
doesn't contain zeros. It is also useful for copy-on-read/image
streaming, as you'll want to keep sparseness without accessing the
remote image for an unallocated cluster all the time.
- Fixed internal snapshot metadata to use 64 bit VM state size. You
can't save a snapshot of a VM with >= 4 GB RAM today.
- Extended internal snapshot metadata to contain the disk size, so that
resizing images that have snapshots can be allowed in the future.
Kevin Wolf [Fri, 20 Apr 2012 13:50:39 +0000 (15:50 +0200)]
qcow2: Fix refcount block allocation during qcow2_alloc_cluster_at()
Refcount block allocation and refcount table growth rely on
s->free_cluster_index pointing to somewhere after the current
allocation. Change qcow2_alloc_cluster_at() to fulfill this
assumption.
Without this change it could happen that a newly allocated refcount
block and the allocated data block point to the same area in the image
file, causing data corruption in the long run.
This fixes a bug that became first visible after commit 250196f1.
Liu Yuan [Fri, 20 Apr 2012 09:10:56 +0000 (17:10 +0800)]
qemu-img: let 'qemu-img convert' flush data
The 'qemu-img convert -h' advertise that the default cache mode is
'writeback', while in fact it is 'unsafe'.
This patch 1) fix the help manual and 2) let bdrv_close() call bdrv_flush()
2) is needed because some backend storage doesn't have a self-flush
mechanism(for e.g., sheepdog), so we need to call bdrv_flush() to make
sure the image is really writen to the storage instead of hanging around
writeback cache forever.
Signed-off-by: Liu Yuan <tailai.ly@taobao.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Paolo Bonzini [Thu, 12 Apr 2012 12:00:55 +0000 (14:00 +0200)]
aio: return "AIO in progress" state from qemu_aio_wait
The definition of when qemu_aio_flush should loop is much simpler
than it looks. It just has to call qemu_aio_wait until it makes
no progress and all flush callbacks return false. qemu_aio_wait
is the logical place to tell the caller about this.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Paolo Bonzini [Thu, 12 Apr 2012 12:00:52 +0000 (14:00 +0200)]
qemu-tool: map vm_clock to rt_clock
QED uses vm_clock timers so that images are not touched during and after
migration. This however does not apply to qemu-io and qemu-img.
Treat vm_clock as a synonym for rt_clock there, and enable it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Wed, 18 Apr 2012 14:27:06 +0000 (16:27 +0200)]
qcow2: Fix return value of alloc_refcount_block
Someone forgot something in commit 29c1a730... Documenting the right
return value is not enough, you also need to actually return it in the
code.
This bug sometimes causes error return values even when everything has
succeeded: The new offset of the refcount block is truncated to 32 bits
and interpreted as signed. At least with small cluster sizes it's easy
to get a negative return value this way.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Kevin Wolf [Wed, 18 Apr 2012 14:18:14 +0000 (16:18 +0200)]
qcow2: Fix error handling in qcow2_alloc_cluster_offset
If do_alloc_cluster_offset() fails, the error handling code tried to
remove the request from the in-flight queue, to which it wasn't added
yet, resulting in a NULL pointer dereference.
m->nb_clusters really only becomes != 0 when the request is in the list.
Stefan Hajnoczi [Thu, 29 Mar 2012 09:31:31 +0000 (10:31 +0100)]
ide: convert ide_sector_write() to asynchronous I/O
The IDE PIO write sector code path uses bdrv_write() and hence can make
the guest unresponsive while the I/O request is in progress. This patch
converts ide_sector_write() to use bdrv_aio_writev() by using the
BUSY_STAT bit to tell the guest that the request is in progress.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com> Tested-by: Richard Davies <richard@arachsys.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Thu, 29 Mar 2012 09:31:30 +0000 (10:31 +0100)]
ide: convert ide_sector_read() to asynchronous I/O
The IDE PIO interface currently uses bdrv_read() to perform reads
synchronously. Synchronous I/O in the vcpu thread is bad because it
prevents the guest from executing code - it makes the guest
unresponsive.
This patch converts IDE PIO to use bdrv_aio_readv(). We simply need to
use the BUSY_STAT status so the guest knows to wait while we are busy.
The only external user of ide_sector_read() is restart behavior on I/O
errors and it is not affected by this change. We still need to restart
I/O in the same way.
Migration is also unaffected if I understand the code correctly. We
continue to use the same transfer function and the BUSY_STAT status
should never be migrated since we flush I/O before migrating device
state.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com> Tested-by: Richard Davies <richard@arachsys.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
According comment, we should not read again, we will write.
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Wed, 11 Apr 2012 09:06:37 +0000 (11:06 +0200)]
block: Drain requests in bdrv_close
If an AIO request is in flight that refers to a BlockDriverState that
has been closed and possibly even freed, more or less anything could
happen. I have seen segfaults, -EBADF return values and qcow2 sometimes
actually catches the situation in bdrv_close() and abort()s.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Kevin Wolf [Wed, 11 Apr 2012 08:45:51 +0000 (10:45 +0200)]
qemu-iotests: Test bdrv_close while AIO is in flight
If the BlockDriverState is closed/freed without draining the AIO
requests first, the request coroutines may work on invalid data and file
descriptors or have some dangling pointers that cause segfaults.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Kevin Wolf [Wed, 11 Apr 2012 09:21:25 +0000 (11:21 +0200)]
qemu-iotests: Always filter cluster_size out in _make_test_img
Some image formats do have a cluster size, others don't, but there are
tests that work with both sets of images and currently we get failures
because the qemu-img create output doesn't mention the cluster size for
some formats.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Anthony Liguori [Wed, 18 Apr 2012 15:05:58 +0000 (10:05 -0500)]
Merge remote-tracking branch 'origin/master' into staging
* origin/master:
Allow controlling volume with PulseAudio backend
configure: pa_simple is not needed anymore
Do not use pa_simple PulseAudio API
audio/spice: add support for volume control
hw/ac97: add support for volume control
hw/ac97: the volume mask is not only 0x1f
hw/ac97: remove USE_MIXER code
audio: don't apply volume effect if backend has VOICE_VOLUME_CAP
audio: add VOICE_VOLUME ctl
Anthony Liguori [Wed, 18 Apr 2012 12:55:56 +0000 (07:55 -0500)]
Merge remote-tracking branch 'kraxel/usb.46' into staging
* kraxel/usb.46: (21 commits)
usb-ehci: drop assert()
usb-redir: Notify our peer when we reject a device due to a speed mismatch
usb-ehci: Drop unused sofv value
usb-host: rewrite usb_linux_update_endp_table
usb: use USBDescriptor for endpoint descriptors.
usb: use USBDescriptor for interface descriptors.
usb: use USBDescriptor for config descriptors.
usb: use USBDescriptor for device qualifier descriptors.
usb: add USBDescriptor, use for device descriptors.
usb-ehci: frindex always is a 14 bits counter
usb-ehci: fix ehci_child_detach
usb-hub: add tracepoints
usb_packet_set_state: handle p->ep == NULL
usb-host: add property to turn off pipelining
usb-host: add usb packet to request tracepoints
usb-host: trace canceled requests
usb-host: trace emulated requests
Add bootindex support to usb-host and usb-redir
usb-uhci: queuing fix
usb-uhci: stop queue filling when we find a in-flight td
...
Alon Levy [Wed, 18 Apr 2012 09:27:00 +0000 (12:27 +0300)]
qxl-render: fix broken vnc+spice since commit f934493
Notify any listeners such as vnc that the displaysurface has been
changed, otherwise they will segfault when first accessing the freed old
displaysurface data.
Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Alon Levy [Thu, 29 Mar 2012 20:24:38 +0000 (22:24 +0200)]
qxl: set default values of vram*_size_mb to -1
The addition of those values caused a regression where not specifying
any value for the vram bar size would result in a 4096 _byte_ surface
area. This is ok for the windows driver but causes the X driver to be
unusable. Also, it's a regression. This patch returns the default
behavior of having a 64 megabyte vram BAR.
Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
audio: don't apply volume effect if backend has VOICE_VOLUME_CAP
If the audio backend is capable of volume control, don't apply
software volume (mixeng_volume ()), but instead, rely on backend
volume control. This will allow guest to have full range volume
control.
Gerd Hoffmann [Fri, 30 Mar 2012 11:20:21 +0000 (13:20 +0200)]
usb-ehci: drop assert()
Not sure what the purpose of the assert() was, in any case it is bogous.
We can arrive there if transfer descriptors passed to us from the guest
failed to pass sanity checks, i.e. it is guest-triggerable. We deal
with that case by resetting the host controller. Everything is ok, no
need to throw a core dump here.
Gerd Hoffmann [Thu, 29 Mar 2012 14:06:28 +0000 (16:06 +0200)]
usb-host: rewrite usb_linux_update_endp_table
This patch carries a complete rewrite of the usb descriptor parser.
Changes / improvements:
* We are using the USBDescriptor struct instead of hard-coded offsets
now to access descriptor data.
* (debug) printfs are all gone, tracepoints have been added instead.
* We don't try (and fail) to skip over unneeded descriptors. We parse
them all one by one. We keep track of which configuration, interface
and altsetting we are looking at and use this information to figure
which desciptors are in use and which we can ignore.
* On parse errors we clear all endpoint information, which will
disallow any communication with the device, except control endpoint
messages. This makes sure we don't end up with a silly device state
where half of the endpoints got enabled and the other half was left
disabled.
* Some sanity checks have been added.
The new parser is more robust and also leaves complete device
information in the trace log if you enable the ush_host_parse_*
tracepoints.
Gerd Hoffmann [Thu, 29 Mar 2012 10:04:54 +0000 (12:04 +0200)]
usb: add USBDescriptor, use for device descriptors.
This patch adds a new type for the binary representation of usb
descriptors. It is put into use for the descriptor generator code
where the struct replaces the hard-coded offsets.
Hans de Goede [Wed, 28 Mar 2012 18:47:51 +0000 (20:47 +0200)]
usb-ehci: frindex always is a 14 bits counter
frindex always is a 14 bits counter, and not a 13 bits one as we were
emulating. There are some subtle hints to this in the spec, first of all
"Table 2-12. FRINDEX - Frame Index Register" says:
"Bit 13:0 Frame Index. The value in this register increments at the end of
each time frame (e.g. micro-frame). Bits [N:3] are used for the Frame List
current index. This means that each location of the frame list is accessed
8 times (frames or micro-frames) before moving to the next index. The
following illustrates values of N based on the value of the Frame List
Size field in the USBCMD register.
USBCMD[Frame List Size] Number Elements N
00b 1024 12
01b 512 11
10b 256 10
11b Reserved"
Notice how the text talks about "Bits [N:3]" are used ..., it does
NOT say that when N == 12 (our case) the counter will wrap from 8191 to 0,
or in otherwords that it is a 13 bits counter (bits 0 - 12).
The other hint is in "Table 2-10. USBSTS USB Status Register Bit Definitions":
"Bit 3 Frame List Rollover - R/WC. The Host Controller sets this bit to a one
when the Frame List Index (see Section 2.3.4) rolls over from its maximum value
to zero. The exact value at which the rollover occurs depends on the frame
list size. For example, if the frame list size (as programmed in the Frame
List Size field of the USBCMD register) is 1024, the Frame Index Register
rolls over every time FRINDEX[13] toggles. Similarly, if the size is 512,
the Host Controller sets this bit to a one every time FRINDEX[12] toggles."
Notice how this text talks about setting bit 3 when bit 13 of frindex toggles
(when there are 1024 entries, so our case), so this indicates that frindex
has a bit 13 making it a 14 bit counter.
Besides these clear hints the real proof is in the pudding. Before this
patch I could not stream data from a USB2 webcam under Windows XP, after
this cam using a USB2 webcam under Windows XP works fine, and no regressions
with other operating systems were seen.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Gerd Hoffmann [Fri, 23 Mar 2012 14:43:45 +0000 (15:43 +0100)]
usb-ehci: fix ehci_child_detach
Looks like a cut+paste bug from ehci_detach. When the device itself is
detached from a ehci port (ehci_detach op) we have to clear the
device pointer for the companion port too. When a device gets removed
from a downstream port of a usb hub (ehci_child_detach op) the ehci port
where the usb hub is plugged in is not affected.
Gerd Hoffmann [Fri, 23 Mar 2012 12:34:50 +0000 (13:34 +0100)]
usb_packet_set_state: handle p->ep == NULL
usb_packet_set_state can be called with p->ep = NULL. The tracepoint
there tries to log endpoint information, which leads to a segfault.
This patch makes usb_packet_set_state handle the NULL pointer properly.
Gerd Hoffmann [Thu, 29 Mar 2012 14:02:20 +0000 (16:02 +0200)]
usb-uhci: queuing fix
When we queue up usb packets we may happen to find a already queued
packet, which also might be finished at that point already. We don't
want continue processing the packet at this point though, so lets
just signal back we've found a in-flight packet when in queuing mode.
Gerd Hoffmann [Wed, 21 Mar 2012 17:25:25 +0000 (18:25 +0100)]
usb-uhci: stop queue filling when we find a in-flight td
Not only QHs can form rings, but TDs too. With the new
queuing/pipelining support we are following TD chains and
can actually walk in circles. An assert() prevents us from
entering an endless loop then.
Fix is easy: Just stop queuing when we figure the TD we are
about to queue up is in flight already.
Gerd Hoffmann [Mon, 22 Aug 2011 07:09:51 +0000 (09:09 +0200)]
usb/vmstate: add parent dev path
... to make vmstate id string truely unique with multiple host
controllers, i.e. move from "1/usb-ptr" to "0000:00:01.3/1/usb-ptr"
(usb tabled connected to piix3 uhci).
This obviously breaks migration. To handle this the usb bus
property "full-path" is added. When setting this to false old
behavior is maintained. This way current qemu will be compatible
with old versions when started using '-M pc-$oldversion'.
Peter Portante [Thu, 5 Apr 2012 15:00:45 +0000 (11:00 -0400)]
qemu-timer.c: Remove 250us timeouts
Basically, the main wait loop calls qemu_run_all_timers() unconditionally. The
first thing this routine used to do is to see if a timer had been serviced,
and then reset the loop timeout to the next deadline.
However, the new deadlines had not been calculated at that point, as
qemu_run_timers() had not been called yet for each of the clocks. So
qemu_rearm_alarm_timer() would end up with a negative or zero deadline, and
default to setting a 250us timeout for the loop.
As qemu_run_timers() is called for each clock, the real deadlines would be put
in place, but because a loop timeout was already set, the loop timeout would
not be changed.
Once that 250us timeout fired, the real deadline would be used for the
subsequent timeout.
For idle VMs, this effectively doubles the number of times through the loop,
doubling the number of select() system calls, timer calls, etc. putting added
scheduling pressure on the kernel. And under cgroups, this really causes a big
problem because the cgroup code does not scale well.
By simply running the timers before trying to rearm the timer, we always rearm
with a non-zero deadline, effectively halving the number of system calls.
Signed-off-by: Peter Portante <pportant@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Mon, 16 Apr 2012 17:56:28 +0000 (12:56 -0500)]
Merge remote-tracking branch 'kiszka/queues/pending' into staging
* kiszka/queues/pending:
vapic: Disable for pre-1.1 machines
Kick io-thread on qemu_chr_accept_input
pcnet: Properly handle TX requests during Link Fail
pcnet: Clear ERR in CSR0 on stop
signrom: Rewrite as python script
Conflicts:
hw/pc_piix.c
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Mon, 16 Apr 2012 17:50:12 +0000 (12:50 -0500)]
Merge remote-tracking branch 'sstabellini/for_anthony' into staging
* sstabellini/for_anthony:
xen: introduce an event channel for buffered io event notifications
xen-mapcache: don't unmap locked entry during mapcache invalidation
Xen, mapcache: Fix the compute of the size of bucket.
xen: handle backend deletion from xenstore
Xen: Add xen-apic support and hook it up.
Xen: basic HVM MSI injection support.
Jan Kiszka [Fri, 16 Mar 2012 12:18:00 +0000 (13:18 +0100)]
Kick io-thread on qemu_chr_accept_input
Once a chr frontend is able to receive input again, we need to inform
the io-thread about this fact. Otherwise, main_loop_wait may continue to
select without the related backend file descriptor in its set. This can
cause high input latencies if only low-rate events arrive otherwise.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Wed, 29 Feb 2012 14:37:43 +0000 (15:37 +0100)]
pcnet: Properly handle TX requests during Link Fail
As long as we have no link and we aren't in internal loopback mode, no
packet must be sent. Instead, LCAR needs to be set in any active TX
descriptor and also CERR in CSR0.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Fri, 27 Jan 2012 18:44:53 +0000 (19:44 +0100)]
signrom: Rewrite as python script
Now that we have a hard dependency on python anyway, we can replace the
slow shell script to calculate the option ROM checksum with a fast AND
portable python version. Tested both with python 2.7 and 3.1.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Blue Swirl [Sun, 15 Apr 2012 19:56:06 +0000 (19:56 +0000)]
Merge branch 'w64' of git://qemu.weilnetz.de/qemu
* 'w64' of git://qemu.weilnetz.de/qemu:
w64: Fix time conversion for some versions of MinGW-w64
nbd: Fix compiler warning (w64)
disas: Replace 'unsigned long' by 'uintptr_t'
cpu-exec: Remove non-portable type cast and fix format string
target-mips: Fix type cast for w64 (uintptr_t)
w64: Fix type cast in os_host_main_loop_wait
w64: Fix data types in softmmu*.h
w64: Use uintptr_t in exec.c
softmmu: Use uintptr_t for physaddr and rename it
w64: Fix struct CPUTLBEntry
w64: Fix definition of setjmp
w32: Move defines for socket specific errors to qemu-os-win32.h
w64: Use larger alignment for section with generated code
w64: Fix data types in cpu-all.h, exec.c
w64: Fix type casts used in some macros in cpu-all.h
tcg/i386: Add support for w64 ABI
tcg/i386: Use GDB JIT debugging interface only for hosts with ELF
Stefan Weil [Thu, 12 Apr 2012 13:42:19 +0000 (15:42 +0200)]
w64: Use uintptr_t in exec.c
Replace all type casts to 'long' or 'unsigned long' by 'intptr_t' or 'uintptr_t'.
For type casts which are only used to extract the lower bits of an address
or to modify those bits, signedness does not matter. There I always use 'uintptr_t'.
Stefan Weil [Thu, 12 Apr 2012 19:13:28 +0000 (21:13 +0200)]
w64: Fix definition of setjmp
The default definition of setjmp which is implemented in MinGW-w64
cannot be used with programs like QEMU which call longjmp from
code without structured exception handling (SEH).
This code therefore disables stack unwinding.
We could also implement SEH for QEMU's generated JIT code, but
that is much more difficult. Stack unwinding would also cost
execution time.
Blue Swirl [Sun, 15 Apr 2012 18:39:55 +0000 (18:39 +0000)]
Merge branch 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf
* 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf:
pseries: Fix reset of VIO network device
pseries: Reset vscsi properly
pseries: Correctly use the device model reset hooks
pseries: Remove old hcalls hook stub
pseries: Remove old debug leftovers from spapr_vscsi
pseries: Fix RTAS based config access
target-ppc/machine.c: Drop unnecessary ifdefs
target-ppc: Init dcache and icache size for e500 user mode
target-ppc: Fix type casts for w64 (uintptr_t)
target-ppc: QOM'ify CPU reset
target-ppc: Start QOM'ifying CPU init
target-ppc: QOM'ify CPU
target-ppc: Add hooks for handling tcg and kvm limitations
target-ppc: Drop cpu_ppc_close()
pseries: Consolidate hack for RTAS display-character usage
pseries: Remove unused fields from VIOsPAPRBus structure
pseries: Implement RTAS system-reboot call
pseries: Fix bug with reset of VIO CRQs
pseries: Clean up hcall_dprintf() debugging messages
PPC: Fix TLB invalidation bug within the PPC interrupt handler.
David Gibson [Thu, 12 Apr 2012 02:44:15 +0000 (12:44 +1000)]
pseries: Fix reset of VIO network device
Currently, the PAPR VIO network device does not have a reset handler. This
means that after a hard reset, H_REGISTER_LOGICAL_LAN will return an error
when the new guest boot attempts to initialize the device.
This patch corrects this, adding a suitable reset hook.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Andreas Färber <afaerber@suse.de>
David Gibson [Thu, 12 Apr 2012 02:44:14 +0000 (12:44 +1000)]
pseries: Reset vscsi properly
Currently the PAPR vscsi implementation does not properly clear its table
of request tags when the system is reset. This patch adds a reset hook
to do so.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Andreas Färber <afaerber@suse.de>
David Gibson [Thu, 12 Apr 2012 02:44:13 +0000 (12:44 +1000)]
pseries: Correctly use the device model reset hooks
Recently we added code to properly clean away VIO CRQs on reset However,
this directly uses qemu_register, rather than the existing device model
reset callbacks. This patch cleans this up by adding proper use of the
reset hook to the VIO bus model. The existing CRQ reset code is converted
to the new method.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Andreas Färber <afaerber@suse.de>
David Gibson [Thu, 12 Apr 2012 02:44:12 +0000 (12:44 +1000)]
pseries: Remove old hcalls hook stub
Some time ago we removed all use of the 'hcalls' callback in the pseries
VIO code, which was used to workaround an ordering problem which has since
been solved properly. However, the function pointer for the hook remains.
This patch cleans it away.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Andreas Färber <afaerber@suse.de>
David Gibson [Mon, 2 Apr 2012 04:17:35 +0000 (14:17 +1000)]
pseries: Fix RTAS based config access
On the pseries platform, access to PCI config space is via RTAS calls(
which go to the hypervisor) rather than MMIO. This means we don't use
the same code path as nearly everyone else which goes through pci_host.c
and we're missing some of the parameter checking along the way.
We do have some parameter checking in the RTAS calls, but it's not enough.
It checks for overruns, but does not check for unaligned accesses,
oversized accesses (which means the guest could trigger an assertion
failure from pci_host_config_{read,write}_common(). Worse it doesn't do
the basic checking for the number of RTAS arguments and results before
accessing them.
This patch fixes these bugs.
Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[AF: Fix typos spotted by mst] Signed-off-by: Andreas Färber <afaerber@suse.de>
projects / qemu.git / log