Stefan Hajnoczi [Fri, 24 Aug 2012 12:37:29 +0000 (13:37 +0100)]
net: fix usbnet_receive() packet drops
The USB network interface has a single buffer which the guest reads
from. This patch prevents multiple calls to usbnet_receive() from
clobbering the input buffer. Instead we queue packets until buffer
space becomes available again.
This is inspired by virtio-net and e1000 rxbuf handling.
Stefan Hajnoczi [Fri, 24 Aug 2012 12:32:16 +0000 (13:32 +0100)]
net: clean up usbnet_receive()
The USB network interface has two code paths depending on whether or not
RNDIS mode is enabled. Refactor usbnet_receive() so that there is a
common path throughout the function instead of duplicating everything
across if (is_rndis(s)) ... else ... code paths.
Clean up coding style and 80 character line wrap along the way.
Stefan Hajnoczi [Mon, 20 Aug 2012 12:35:23 +0000 (13:35 +0100)]
net: do not report queued packets as sent
Net send functions have a return value where 0 means the packet has not
been sent and will be queued. A non-zero value means the packet was
sent or an error caused the packet to be dropped.
This patch fixes two instances where packets are queued but we return
their size. This causes callers to believe the packets were sent. When
the caller uses the async send interface this creates a real problem
because the callback will be invoked for a packet that the caller
believed to be already sent. This bug can cause double-frees in the
caller.
Stefan Hajnoczi [Fri, 17 Aug 2012 20:16:42 +0000 (21:16 +0100)]
net: add receive_disabled logic to iov delivery path
This patch adds the missing NetClient->receive_disabled logic in the
sendv delivery code path. It seems that commit 893379efd0e1b84ceb0c42a713293f3dbd27b1bd ("net: disable receiving if
client returns zero") only added the logic to qemu_deliver_packet() and
not qemu_deliver_packet_iov().
The receive_disabled flag should be automatically set when .receive(),
.receive_raw(), or .receive_iov() return 0. No further packets will be
delivered to the NetClient until the receive_disabled flag is cleared
again by calling qemu_flush_queued_packets().
Typically the NetClient will wait until its file descriptor becomes
writable and then invoke qemu_flush_queued_packets() to resume
transmission.
Bo Yang [Wed, 29 Aug 2012 11:26:11 +0000 (19:26 +0800)]
eepro100: Fix network hang when rx buffers run out
This is reported by QA. When installing os with pxe, after the initial
kernel and initrd are loaded, the procedure tries to copy files from install
server to local harddisk, the network becomes stall because of running out of
receive descriptor.
[Whitespace fixes and removed qemu_notify_event() because Paolo's
earlier net patches have moved it into qemu_flush_queued_packets().
Additional info:
I can reproduce the network hang with a tap device doing a iPXE HTTP
boot as follows:
I needed a vanilla iPXE ROM to get to the iPXE prompt. I think the boot
prompt has been disabled in the ROMs that ship with QEMU to reduce boot
time.
During the vmlinuz HTTP download there is a network hang. hw/eepro100.c
has reached the end of the rx descriptor list. When the iPXE driver
replenishes the rx descriptor list we don't kick the QEMU net subsystem
and event loop, thereby leaving the tap netdev without its file
descriptor in select(2).
Stefan Hajnoczi <stefanha@gmail.com>]
Signed-off-by: Bo Yang <boyang@suse.com> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 1069985fb132cd4324fc02d371f1e61492a1823f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Thu, 9 Aug 2012 14:45:57 +0000 (16:45 +0200)]
xen: flush queue when getting an event
xen does not have a register that, when written, will cause can_receive
to go from false to true. However, flushing the queue can be attempted
whenever the front-end raises its side of the Xen event channel. There
is a single event channel for tx and rx.
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Amos Kong <akong@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit a98b140223d3a627eab7ee3ddec645bab630d756)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Thu, 9 Aug 2012 14:45:56 +0000 (16:45 +0200)]
e1000: flush queue whenever can_receive can go from false to true
When the guests replenish the receive ring buffer, the network device
should flush its queue of pending packets. This is done with
qemu_flush_queued_packets.
e1000's can_receive can go from false to true when RCTL or RDT are
modified.
Reported-by: Luigi Rizzo <rizzo@iet.unipi.it> Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Cc: Jan Kiszka <jan.kiszka@siemens.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Amos Kong <akong@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit e8b4c680b41bd960ecccd9ff076b7b058e0afcd4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Paolo Bonzini [Thu, 9 Aug 2012 14:45:55 +0000 (16:45 +0200)]
net: notify iothread after flushing queue
virtio-net has code to flush the queue and notify the iothread
whenever new receive buffers are added by the guest. That is
fine, and indeed we need to do the same in all other drivers.
However, notifying the iothread should be work for the network
subsystem. And since we are at it we can add a little smartness:
if some of the queued packets already could not be delivered,
there is no need to notify the iothread.
Reported-by: Luigi Rizzo <rizzo@iet.unipi.it> Cc: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Cc: Jan Kiszka <jan.kiszka@siemens.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Amos Kong <akong@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit 987a9b4800003567b1a47a379255e886a77d57ea)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Igor Mitsyanko [Wed, 5 Sep 2012 09:04:56 +0000 (13:04 +0400)]
arch_init.c: add missing '%' symbols before PRIu64 in debug printfs
'%' symbols were missing in front of PRIu64 macros in DPRINTF() messages in
arch_init.c, this caused compilation warnings when compiled with DEBUG_ARCH_INIT defined.
Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit ef37a699a06f96e098ee00683b7052b5fbb6ad7d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Mon, 3 Sep 2012 20:40:40 +0000 (22:40 +0200)]
kvm: Fix warning from static code analysis
Report from smatch:
kvm-all.c:1373 kvm_init(135) warn:
variable dereferenced before check 's' (see line 1360)
's' cannot by NULL (it was alloced using g_malloc0), so there is no need
to check it here.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 6d1cc3210ccc4372ffa337c187da9db68314c0c4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Lei Li [Thu, 23 Aug 2012 05:14:25 +0000 (13:14 +0800)]
qapi: Fix enumeration typo error
Signed-off-by: Lei Li <lilei@linux.vnet.ibm.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
(cherry picked from commit 6932a69b20a88428c531805cdd20eec8acf05b27)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
BALATON Zoltan [Wed, 22 Aug 2012 15:19:42 +0000 (17:19 +0200)]
console: Clean up bytes per pixel calculation
Division with round up is the correct way to compute this even if the
only case where division with round down gives incorrect result is
probably 15 bpp. This case was explicitely patched up in one of these
functions but was unhandled in the other. (I'm not sure about setting
16 bpp for the 15bpp case either but I left that there for now.)
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit feadf1a4de0d7468ffb671a2b9f681925469fa58)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Fri, 10 Aug 2012 20:03:25 +0000 (22:03 +0200)]
Spelling fixes in comments and documentation
These wrong spellings were detected by codespell:
* successully -> successfully
* alot -> a lot
* wanna -> want to
* infomation -> information
* occured -> occurred
["also is" -> "is also" and "ressources" -> "resources" suggested by
Peter Maydell <peter.maydell@linaro.org>]
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit 0546b8c2f089867cd7606ff47e026e8931157828)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Fri, 10 Aug 2012 20:03:27 +0000 (22:03 +0200)]
srp: Don't use QEMU_PACKED for single elements of a structured type
QEMU_PACKED results in a MinGW compiler warning when it is
used for single structure elements:
warning: 'gcc_struct' attribute ignored
Using QEMU_PACKED for the whole structure avoids the compiler warning
without changing the memory layout.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
(cherry picked from commit 93d3ad2a8048469d2b2bb157697425b66b2a37aa)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This option is described in RFC 1783. As this is only an optional field,
we may ignore it in some situations and handle it in some others.
However, MS Windows 2003 PXE boot client requests a block size of the MTU
(most of the times 1472 bytes), and doesn't work if the option is not
acknowledged (with whatever value).
According to the RFC 1783, we cannot acknowledge the option with a bigger
value than the requested one.
As current implementation is using 512 bytes by block, accept the option
with a value of 512 if the option was specified, and don't acknowledge it
if it is not present or less than 512 bytes.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
(cherry picked from commit 95b1ad7ad86793c27ab8e9987be69571937900d1)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Tue, 4 Sep 2012 21:20:36 +0000 (23:20 +0200)]
slirp: Fix error reported by static code analysis
Report from smatch:
slirp/tcp_subr.c:127 tcp_respond(17) error:
we previously assumed 'tp' could be null (see line 124)
Return if 'tp' is NULL.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
(cherry picked from commit e56afbc54a2132c56931f44bae1992c28119944f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Tue, 4 Sep 2012 21:20:35 +0000 (23:20 +0200)]
slirp: Remove wrong type casts ins debug statements
The type casts of pointers to long are not allowed
when sizeof(pointer) != sizeof(long).
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
(cherry picked from commit c4d12a743c73a5b88a8705ca68ff620ce0f8bba7)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Wed, 12 Sep 2012 13:08:40 +0000 (15:08 +0200)]
uhci: Don't queue up packets after one with the SPD flag set
Don't queue up packets after a packet with the SPD (short packet detect)
flag set. Since we won't know if the packet will actually be short until it
has completed, and if it is short we should stop the queue.
This fixes a miniature photoframe emulating a USB cdrom with the windows
software for it not working.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 72a04d0c178f01908d74539230d9de64ffc6da19)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Wed, 12 Sep 2012 13:08:39 +0000 (15:08 +0200)]
usb-redir: Revert usb-redir part of commit 93bfef4c
Commit 93bfef4c6e4b23caea9d51e1099d06433d8835a4 makes qemu-devices
which report the qemu version string to the guest in some way use a
qemu_get_version function which reports a machine-specific version string.
However usb-redir does not expose the qemu version to the guest, only to
the usbredir-host as part of the initial handshake. This can then be logged
on the usbredir-host side for debugging purposes and is otherwise completely
unused! For debugging purposes it is important to have the real qemu version
in there, rather then the machine-specific version.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 35efba2cc6812dc980c336d7b9bf81dbfb5daf00)
Conflicts:
hw/usb/redirect.c
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Wed, 12 Sep 2012 13:08:33 +0000 (15:08 +0200)]
ehci: Walk async schedule before and after migration
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit ceab6f96454fe6589d1b09ce64403c041d79f9d9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Wed, 12 Sep 2012 13:08:32 +0000 (15:08 +0200)]
ehci: Don't set seen to 0 when removing unseen queue-heads
When removing unseen queue-heads from the async queue list, we should not
set the seen flag to 0, as this may cause them to be removed by
ehci_queues_rip_unused() during the next call to ehci_advance_async_state()
if the timer is late or running at a low frequency.
2) Rather then putting more if-s inside ehci_queues_rip_unused, this patch
instead introduces a new ehci_queues_rip_unseen function.
3) This patch also makes it save to call ehci_queues_rip_unseen() multiple
times, which gets used in the folluw up patch titled:
"ehci: Walk async schedule before and after migration"
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 8f5457eb04140714eaf57a99bc08dc661d83fa87)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The caller would not delete temporary file after failed get_tmp_filename().
Signed-off-by: Dunrong Huang <riegamaths@gmail.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit fe235a06e1e008dedd2ac3cc0a3a655169ce9b33)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Don't require encryption password for 'qemu-img info' command
The encryption password is only required if I/O is going to be
performed on a disk image. The 'qemu-img info' command merely
reports metadata, so it should not ask for a decryption password
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit f0536bb848ad6eb2709a7dc675f261bd160c751b)
Conflicts:
qemu-img.c
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jason Baron [Tue, 4 Sep 2012 20:08:08 +0000 (16:08 -0400)]
ahci: properly reset PxCMD on HBA reset
While testing q35, I found that windows 7 (specifically, windows 7 ultimate
with sp1 x64), wouldn't install because it can't find the cdrom or disk drive.
The failure message is: 'A required cd/dvd device driver is missing. If you
have a driver floppy disk, CD, DVD, or USB flash drive, please insert it now.'
This can also be reproduced on piix by adding an ahci controller, and
observing that windows 7 does not see any devices behind it.
The problem is that when windows issues a HBA reset, qemu does not reset the
individual ports' PxCMD register. Windows 7 then reads back the PxCMD register
and presumably assumes that the ahci controller has already been initialized.
Windows then never sets up the PxIE register to enable interrupts, and thus it
never gets irqs back when it sends ata device inquiry commands.
This change brings qemu into ahci 1.3 specification compliance.
Section 10.4.3 HBA Reset:
"
When GHC.HR is set to '1', GHC.AE, GHC.IE, the IS register, and all port
register fields (except PxFB/PxFBU/PxCLB/PxCLBU) that are not HwInit in the
HBA's register memory space are reset.
"
I've also re-tested Fedora 16 and 17 to verify that they continue to work with
this change.
Signed-off-by: Jason Baron <jbaron@redhat.com> Acked-by: Alexander Graf <agraf@suse.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 2a4f4f34e6fe55f4c82507c3e7ec9b58c2e24ad4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Pavel Hrdina [Thu, 9 Aug 2012 10:44:48 +0000 (12:44 +0200)]
block: fix block tray status
The tray status should change also if you eject empty block device.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 9ca111544c64b5abed2e79cf52e19a8f227b347b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The upper limit of 30 was never reached because both for loops terminated
when 'smart_attributes' reached end of list, so there was no real buffer
overflow.
Nevertheless, changing the code not only fixes the error report, but also
reduces the size of smart_attributes and simplifies the for loops.
MORITA Kazutaka [Wed, 29 Aug 2012 18:39:45 +0000 (03:39 +0900)]
sheepdog: fix savevm and loadvm
This patch sets data to be sent to Sheepdog correctly and fixes savevm
and loadvm operations on a Sheepdog image.
Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 1f7a48de4467f31afc51169122453318efdb0f33)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Mon, 10 Sep 2012 10:44:11 +0000 (12:44 +0200)]
ehci: Don't process too much frames in 1 timer tick (v2)
The Linux ehci isoc scheduling code fills the entire schedule ahead of
time minus 80 frames. If we make a large jump in where we are in the
schedule, ie 40 frames, then the scheduler all of a sudden will only have
40 frames left to work in, causing it to fail packet submissions
with error -27 (-EFBIG).
Changes in v2:
-Don't hardcode a maximum number of frames to process in one tick, instead:
-Process a minimum number of frames to ensure we do eventually catch up
-Stop (after the minimum number) when the guest has requested an irq
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 8f74ed1e43263293301031a10e440549bab19a6e)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Mon, 10 Sep 2012 10:44:10 +0000 (12:44 +0200)]
ehci: Fix interrupts stopping when Interrupt Threshold Control is 8
If Interrupt Threshold Control is 8 or a multiple of 8, then
s->usbsts_frindex can become exactly 0x4000, at which point
(s->usbsts_frindex > s->frindex) will never become true, as
s->usbsts_frindex will not be lowered / reset in this case.
This patch fixes this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit ffa1f2e088eb7e3d57f2fc35f21e7bdb23e592c5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Also register different memory regions for capabilities,
operational registers and port status registers. Create
separate tracepoints for operational regs and port status
regs. Ditch a bunch of sanity checks because the memory
core will do this for us now.
Offloading the byte, word and dword access handling to the
memory core also has the side effect of fixing ehci register
access on bigendian hosts.
Cc: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 3e4f910c8d490a1490409a7e381dbbb229f9d272)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Uri Lublin [Tue, 11 Sep 2012 07:09:58 +0000 (10:09 +0300)]
qxl: better cleanup for surface destroy
Add back a call to qxl_spice_destroy_surface_wait_complete() in qxl_spice_destroy_surface_wait(),
that was removed by commit c480bb7da465186b84d8427e068ef7502e47ffbf
It is needed to complete surface-removal cleanup, for non async.
For async, qxl_spice_destroy_surface_wait_complete is called upon operation completion.
Signed-off-by: Uri Lublin <uril@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 753b8b0d77ba1b343a35f9679cc777ea10a62bba)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Gerd Hoffmann [Fri, 17 Aug 2012 09:04:36 +0000 (11:04 +0200)]
xhci: drop buffering
This patch splits the xhci_xfer_data function into three.
The xhci_xfer_data function used to do does two things:
(1) copy transfer data between guest memory and a temporary buffer.
(2) report transfer results to the guest using events.
Now we three functions to handle this:
(1) xhci_xfer_map creates a scatter list for the transfer and
uses that (instead of the temporary buffer) to build a
USBPacket.
(2) xhci_xfer_unmap undoes the mapping.
(3) xhci_xfer_report sends out events.
The patch also fixes reporting of transaction errors which must be
reported unconditinally, not only in case the guest asks for it
using the ISP flag.
Gerd Hoffmann [Fri, 17 Aug 2012 12:05:21 +0000 (14:05 +0200)]
xhci: rip out background transfer code
original xhci code (the one which used libusb directly) used to use
'background transfers' for iso streams. In upstream qemu the iso
stream buffering is handled by usb-host & usb-redir, so we will
never ever need this. It has been left in as reference, but is dead
code anyway. Rip it out.
Hans de Goede [Tue, 28 Aug 2012 09:33:47 +0000 (11:33 +0200)]
usb-redir: Return babble when getting more bulk data then requested
Babble is the appropriate error in this case (rather then signalling a stall).
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 2979a36183a3902cd75665e7c6bbc8668668fd17)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Tue, 28 Aug 2012 09:30:13 +0000 (11:30 +0200)]
usb-redir: Move to core packet id and queue handling
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit de550a6afb468ed3b8171019e19b63ae8254886d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Tue, 28 Aug 2012 07:08:45 +0000 (09:08 +0200)]
usb-redir: Get rid of unused async-struct dev member
This is a preparation patch for completely getting rid of the async-packet
struct in usb-redir, instead relying on the (new) per ep queues in the
qemu usb core.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 206e7f20fe7b920b362bcc02608680c5d5527f2a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Tue, 28 Aug 2012 07:05:38 +0000 (09:05 +0200)]
usb-redir: Get rid of local shadow copy of packet headers
The shadow copy only serves as an extra check (besides the packet-id) to
ensure the packet we get back is a reply to the packet we think it is.
This check has never triggered in all the time usb-redir is in use now,
and since the verified data in the returned packet-header is not used
otherwise, removing the check does not open any possibilities for the
usbredirhost to confuse us.
This is a preparation patch for completely getting rid of the async-packet
struct in usb-redir, instead relying on the (new) per ep queues in the
qemu usb core.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 104981d52b63dc3d68f39d4442881c667f44bbb9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Mon, 27 Aug 2012 14:33:08 +0000 (16:33 +0200)]
usb-redir: Get rid of async-struct get member
This is a preparation patch for completely getting rid of the async-packet
struct in usb-redir, instead relying on the (new) per ep queues in the
qemu usb core.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit cb897117cdedd488f19985c8ec5ea05971103a27)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Thu, 23 Aug 2012 14:37:19 +0000 (16:37 +0200)]
usb-redir: Don't delay handling of open events to a bottom half
There is no need for this, and doing so means that a backend trying to
write immediately after an open event will see qemu_chr_be_can_write
returning 0, which not all backends handle well as there is no wakeup
mechanism to detect when the frontend does become writable.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit ed9873bfbf145c084d039baab08c63b9d67e7bd3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Fri, 17 Aug 2012 15:27:08 +0000 (17:27 +0200)]
usb-redir: Never return USB_RET_NAK for async handled packets
USB_RET_NAK is not a valid response for async handled packets (and will
trigger an assert as such).
Also drop the warning when receiving a status of cancelled for packets not
cancelled by qemu itself, this can happen when a device gets unredirected
by the usbredir-host while transfers are pending.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 181133404f520fab40a3ad40d935d91cf3cf546c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Mon, 3 Sep 2012 10:17:48 +0000 (12:17 +0200)]
ehci: Correct a comment in fetchqtd packet processing
Since my previous comment said "Should never happen", I tried changing the
next line to an assert(0), which did not go well, which as the new comments
explains is logical if you think about it for a moment.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit cf1f81691d1998fa8fe5bfcb8b498fb3723cf3c3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Mon, 3 Sep 2012 09:35:58 +0000 (11:35 +0200)]
ehci: Handle USB_RET_PROCERR in ehci_fill_queue
USB_RET_PROCERR can be triggered by the guest (by for example requesting more
then BUFFSIZE bytes), so don't assert on it.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit eff6dce79bd7ad3c16d75c5e55b5a2a137ba6a60)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Mon, 3 Sep 2012 09:01:13 +0000 (11:01 +0200)]
ehci: Fix memory leak in handling of NAK-ed packets
Currently each time we try to execute a NAK-ed packet we redo
ehci_init_transfer, and usb_packet_map, re-allocing (without freeing) the
sg list every time.
This patch fixes this, it does this by introducing another async state, so
that we also properly cleanup a NAK-ed packet on cancel.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit ef5b234477df80700b128f561f5877a0688a70c8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Mon, 3 Sep 2012 08:22:16 +0000 (10:22 +0200)]
ehci: Add some additional ehci_trace_guest_bug() calls
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 3a8ca08e01ea4baafff2a513655008cdd00feebf)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Gerd Hoffmann [Fri, 31 Aug 2012 08:44:21 +0000 (10:44 +0200)]
ehci: trace guest bugs
make qemu_queue_{cancel,reset} return the number of packets released,
so the caller can figure whenever there have been active packets even
though there shouldn't have been any. Add tracepoint to log this.
Hans de Goede [Thu, 30 Aug 2012 13:18:24 +0000 (15:18 +0200)]
ehci: Properly report completed but not yet processed packets to the guest
Reported packets which have completed before being cancelled as such to the
host. Note that the new code path this patch adds is untested since it I've
been unable to actually trigger the race which needs this code path.
Hans de Goede [Wed, 29 Aug 2012 08:37:37 +0000 (10:37 +0200)]
ehci: Validate qh is not changed unexpectedly by the guest
-combine the qh check with the check for devaddr changes
-also ensure that p gets set to NULL when the queue gets cancelled on
devaddr change, which was not done properly before this patch
Hans de Goede [Wed, 29 Aug 2012 08:12:52 +0000 (10:12 +0200)]
Revert "ehci: don't flush cache on doorbell rings."
This reverts commit 9bc3a3a216e2689bfcdd36c3e079333bbdbf3ba0, which got
added to fix an issue where the real, underlying cause was not stopping
the ep queue on an error.
Now that the underlying cause is fixed by the "usb: Halt ep queue and
cancel pending packets on a packet error" patch, the "don't flush" fix
is no longer needed.
Not only is it not needed, it causes us to see cancellations (unlinks)
done by the Linux EHCI driver too late, which in combination with the new
usb-core packet-id generation where qtd addresses are used as ids, causes
duplicate ids for in flight packets.
Hans de Goede [Mon, 3 Sep 2012 10:48:49 +0000 (12:48 +0200)]
usb-core: Allow the first packet of a pipelined ep to complete immediately
This can happen with usb-redir live-migration when the packet gets re-queued
after the migration and the original queuing from the migration source side
has already finished.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 9c1f67654ab611553bbfca54a1e0922728c25760)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Tue, 28 Aug 2012 07:43:18 +0000 (09:43 +0200)]
usb-core: Add a usb_ep_find_packet_by_id() helper function
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit c13a9e61366cc3e28299d8faeb65e65c6e5964cf)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Mon, 3 Sep 2012 10:33:44 +0000 (12:33 +0200)]
usb-core: Don't set packet state to complete on a nak
This way the hcd can re-use the same packet to retry without needing
to re-init it.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit cc40997489260f405aecccd30d4626ceee862502)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede [Fri, 17 Aug 2012 09:39:16 +0000 (11:39 +0200)]
usb: controllers do not need to check for babble themselves
If an (emulated) usb-device tries to write more data to a packet then
its iov len, this will trigger an assert in usb_packet_copy(), and if
a driver somehow circumvents that check and writes more data to the
iov then there is space, we have a much bigger problem then not correctly
reporting babble to the guest.
In practice babble will only happen with (real) redirected devices, and there
both the usb-host os and the qemu usb-device code already check for it.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 45b339b18c660eb85af2ba25bfcaed5469660d77)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Add ability to force enable/disable of tools build
The qemu-img, qemu-nbd and qemu-io tools are built conditionally
based on whether any softmmu target is enabled. These are useful
self-contained tools which can be used in many other scenarios.
Add new --enable-tools/--disable-tools args to configure to allow
the user to explicitly turn on / off their build. The default
behaviour is now to build these tools are all times, regardless
of whether any softmmu target is enabled
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 4b1c11fd20e8901f04a2d9c225cd10fc05a762ff)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Anthony Liguori [Wed, 5 Sep 2012 18:52:49 +0000 (13:52 -0500)]
socket: don't attempt to reconnect a TCP socket in server mode
Commit c3767ed0eb5d0bb25fe409ae5dec06e3411ff1b6 introduced a possible SEGV when
using a socket chardev with server=on because it assumes that all TCP sockets
are in client mode.
This patch adds a check to only reconnect when in client mode.
Cc: Lei Li <lilei@linux.vnet.ibm.com> Reported-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 455aa1e0818653c41fd794435b982426ce21ba2f)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Michael Tokarev [Wed, 6 Jun 2012 21:11:00 +0000 (01:11 +0400)]
use --libexecdir instead of ignoring it first and reinventing it later
Commit 7b93fadf3a38d1ed65ea5536a52efc2772c6e3b8 "Add basic version
of bridge helper" put the bridge helper executable into a fixed
${prefix}/libexec/ location, instead of using ${libexecdir} for
this. At the same time, --libexecdir is being happily ignored
by ./configure. Even more, the same patch sets unused $libexecdir
variable in the generated config-host.mak, and uses fixed string
(\${prefix}/libexecdir) for the bridge helper binary.
Fix this braindamage by introducing $libexecdir variable, using
it for the bridge helper binary, and recognizing --libexecdir.
This patch is applicable to stable-1.1.
Reviewed-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Cc: Corey Bryant <coreyb@linux.vnet.ibm.com> Cc: Richa Marwaha <rmarwah@linux.vnet.ibm.com> Cc: qemu-stable@nongnu.org Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 8bf188aa18ef7a8355d9edbd43871d590468c4ed)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
m5206_mbar_width has 0x80 elements and supports 0 <= offset < 0x200.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit a32354e206895400d17c3de9a8df1de96d3df289)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
It looks like the preprocessor statements were simply misplaced.
Replace also __FUNCTION__ by __func__ to please checkpatch.pl.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 149eeb5fe57b853081e8059575d91b8a58a4f96c)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
qemu: Use valgrind annotations to mark kvm guest memory as defined
valgrind with kvm produces a big amount of false positives regarding
"Conditional jump or move depends on uninitialised value(s)". This
happens because the guest memory is allocated with qemu_vmalloc which
boils down posix_memalign etc. This function is (correctly) considered
by valgrind as returning undefined memory.
Since valgrind is based on jitting code, it will not be able to see
changes made by the guest to guest memory if this is done by KVM_RUN,
thus keeping most of the guest memory undefined.
Now lots of places in qemu will then use guest memory to change behaviour.
To avoid the flood of these messages, lets declare the whole guest
memory as defined. This will reduce the noise and allows us to see real
problems.
In the future we might want to make this conditional, since there
is actually something that we can use those false positives for:
These messages will point to code that depends on guest memory, so
we can use these backtraces to actually make an audit that is focussed
only at those code places. For normal development we dont want to
see those messages, though.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Avi Kivity <avi@redhat.com>
(cherry picked from commit 62fe83318d2fc5b31f473d66326910d94c1c4907)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jan Kiszka [Sat, 8 Sep 2012 09:52:39 +0000 (11:52 +0200)]
musicpal: Fix flash mapping
The old arithmetic assumed 32 physical address bits which is no longer
true for ARM since 3cc0cd61f4.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 0c267217ca9985e6d118ec8368bebd382db7a099)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This change updates the CPU reset sequence to use a common piece of code
that figures out CPU state flags, fixing the problem with MIPS_HFLAG_COP1X
not being set where applicable that causes floating-point MADD family
instructions (and other instructions from the MIPS IV FP subset) to trap.
As compute_hflags is now shared between op_helper.c and translate.c, the
function is now moved to a common header. There are no changes to this
function.
The problem was seen with the 24Kf MIPS32r2 processor in user emulation.
The new approach prevents system and user emulation from diverging -- all
the hflags state is initialized in one place now.
Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 03e6e5017757645f00b2f3b4f3a257973985e455)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jason Baron [Tue, 4 Sep 2012 20:22:46 +0000 (16:22 -0400)]
pcie_aer: clear cmask for Advanced Error Interrupt Message Number
The Advanced Error Interrupt Message Number (bits 31:27 of the Root
Error Status Register) is updated when the number of msi messages assigned to a
device changes. Migration of windows 7 on q35 chipset failed because the check
in get_pci_config_device() fails due to cmask being set on these bits. Its valid
to update these bits and we must restore this state across migration.
Signed-off-by: Jason Baron <jbaron@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 0e180d9c8a7429c55d23d2e7855f1e490a063aaa)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
The VMSTATE_PCIE_DEVICE() currently has a 'version_id' set to 2. However,
'version_id' in the above check is 1. And thus we fail to load the pcie device
field. Further the code returns to 'qemu_loadvm_state()' which produces the
error that I saw.
I'm proposing to fix this by simply dropping the 'version_id' field from
VMSTATE_PCIE_DEVICE(). VMSTATE_PCI_DEVICE() defines no such field and further
the vmstate_pcie_device that VMSTATE_PCI_DEVICE() refers to is already
versioned. Thus, any versioning issues could be detected at the vmsd level.
Taking a step back, I think that the 'field->version_id' should be compared
against a saved version number for the field not the 'version_id'. Futhermore,
once vmstate_load_state() is called recursively on another vmsd, the check of:
if (version_id > vmsd->version_id) {
return -EINVAL;
}
Will never fail since version_id is always equal to vmsd->version_id. So I'm
wondering why we aren't storing the vmsd version id of the source in the
migration stream?
This patch also renames the 'name' field of vmstate_pcie_device from:
PCIDevice -> PCIEDevice to differentiate it from vmstate_pci_device.
Signed-off-by: Jason Baron <jbaron@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 1de53459272d89c52bb21b45d5d970de40fbb642)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Label 'out' in json-parser.c can be called with list == NULL
which is passed to QDECREF.
Modify QDECREF to handle a NULL argument (inline function qobject_decref
already handles them, too).
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
(cherry picked from commit 149474c93490e1c66f838391bd491db83136d91d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Sat, 1 Sep 2012 07:30:39 +0000 (09:30 +0200)]
qapi: Fix potential NULL pointer segfault
Report from smatch:
qapi-visit.c:1640 visit_type_BlockdevAction(8) error:
we previously assumed 'obj' could be null (see line 1639)
qapi-visit.c:2432 visit_type_NetClientOptions(8) error:
we previously assumed 'obj' could be null (see line 2431)
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
(cherry picked from commit 227ccf6bff234c29974c2c18ecd3a29e6b965e3d)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Alon Levy [Wed, 22 Aug 2012 08:16:25 +0000 (11:16 +0300)]
qxl: add QXL_IO_MONITORS_CONFIG_ASYNC
Revision bumped to 4 for new IO support, enabled for spice-server >=
0.11.1. New io enabled if revision is 4. Revision can be set to 4.
[ kraxel: 3 continues to be the default revision. Once we have a new
stable spice-server release and the qemu patches to enable
the new bits merged we'll go flip the switch and make rev4
the default ]
This io calls the corresponding new spice api
spice_qxl_monitors_config_async to let spice-server read a new guest set
monitors config and notify the client.
On migration reissue spice_qxl_monitors_config_async.
RHBZ: 770842
Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
fixup
Yonit Halperin [Tue, 21 Aug 2012 08:51:59 +0000 (11:51 +0300)]
spice: adding seamless-migration option to the command line
The seamless-migration flag is required in order to identify
whether libvirt supports the new QEVENT_SPICE_MIGRATE_COMPLETED or not
(by default the flag is off).
New libvirt versions that wait for QEVENT_SPICE_MIGRATE_COMPLETED should turn on this flag.
When this flag is off, spice fallbacks to its old migration method, which
can result in data loss.
Yonit Halperin [Tue, 21 Aug 2012 08:51:58 +0000 (11:51 +0300)]
spice: add 'migrated' flag to spice info
The flag is 'true' when spice migration has completed on the src side.
It is needed for a case where libvirt dies before migration completes
and it misses the event QEVENT_SPICE_MIGRATE_COMPLETED.
When libvirt is restored and queries the migration status, it also needs
to query spice and check if its migration has completed.
When migrating, libvirt queries the migration status, and upon migration
completions, it closes the migration src. On the other hand, when
migration is completed, spice transfers data from the src to destination
via the client. This data is required for keeping the spice session
after migration, without suffering from data loss and inconsistencies.
In order to allow this data transfer, we add QEVENT for signaling
libvirt that spice migration has completed, and libvirt needs to wait
for this event before quitting the src process.
Yonit Halperin [Tue, 21 Aug 2012 08:51:55 +0000 (11:51 +0300)]
spice: notify spice server on vm start/stop
Spice server needs to know about the vm state in order to prevent
attempts to write to devices when they are stopped, mainly during
the non-live stage of migration.
Instead, spice will take care of restoring this writes, on the migration
target side, after migration completes.
When parsing its command line parameters, spice aborts when it
finds unexpected values, except for the 'streaming-video' option.
This happens because the parsing of the parameters for this option
is done using the 'name2enum' helper, which does not error out
on unknown values. Using the 'parse_name' helper makes sure we
error out in this case. Looking at git history, the use of
'name2enum' instead of 'parse_name' seems to have been an oversight,
so let's change to that now.
Stefan Weil [Tue, 18 Sep 2012 20:43:38 +0000 (22:43 +0200)]
tci: Fix for AREG0 free mode
Support for helper functions with 5 arguments was missing
in the code generator and in the interpreter.
There is no need to pass the constant TCG_AREG0 from the
code generator to the interpreter. Remove that code for
the INDEX_op_qemu_st* opcodes.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Stefan Weil [Wed, 12 Sep 2012 17:18:55 +0000 (19:18 +0200)]
tcg: Fix MAX_OPC_PARAM_IARGS
DEF_HELPER_FLAGS_5 was added some time ago without adjusting
MAX_OPC_PARAM_IARGS.
Fixing the definition becomes more important as QEMU is using
an increasing number of helper functions called with 5 arguments.
Add also a comment to avoid future problems when DEF_HELPER_FLAGS_6
will be added.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
projects / qemu.git / log