Anthony Liguori [Mon, 29 Oct 2012 15:34:29 +0000 (10:34 -0500)]
Merge remote-tracking branch 'kraxel/usb.68' into staging
* kraxel/usb.68: (36 commits)
xhci: fix usb name in caps
xhci: make number of interrupters and slots configurable
xhci: allow disabling interrupters
xhci: flush endpoint context unconditinally
xhci: fix function name in error message
uhci: Use only one queue for ctrl endpoints
uhci: Retry to fill the queue while waiting for td completion
uhci: Always mark a queue valid when we encounter it
uhci: When the guest marks a pending td non-active, cancel the queue
uhci: Detect guest td re-use
uhci: Verify queue has not been changed by guest
uhci: Immediately free queues on device disconnect
uhci: Store ep in UHCIQueue
uhci: Make uhci_fill_queue() actually operate on an UHCIQueue
uhci: Add uhci_read_td() helper function
uhci: Rename UHCIAsync->td to UHCIAsync->td_addr
uhci: Move emptying of the queue's asyncs' queue to uhci_queue_free
uhci: Drop unnecessary forward declaration of some static functions
uhci: Don't retry on error
uhci: cleanup: Add an unlink call to uhci_async_cancel()
...
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Anthony Liguori [Mon, 29 Oct 2012 15:34:05 +0000 (10:34 -0500)]
Merge remote-tracking branch 'kwolf/for-anthony' into staging
* kwolf/for-anthony: (32 commits)
osdep: Less restrictive F_SEFL in qemu_dup_flags()
qemu-iotests: add testcases for mirroring on-source-error/on-target-error
qmp: add pull_event function
mirror: add support for on-source-error/on-target-error
iostatus: forward block_job_iostatus_reset to block job
qemu-iotests: add mirroring test case
mirror: implement completion
qmp: add drive-mirror command
mirror: introduce mirror job
block: introduce BLOCK_JOB_READY event
block: add block-job-complete
block: rename block_job_complete to block_job_completed
block: export dirty bitmap information in query-block
block: introduce new dirty bitmap functionality
block: add bdrv_open_backing_file
block: add bdrv_query_stats
block: add bdrv_query_info
qemu-config: Add new -add-fd command line option
monitor: Prevent removing fd from set during init
monitor: Enable adding an inherited fd to an fd set
...
Conflicts:
vl.c
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Aurelien Jarno [Mon, 29 Oct 2012 13:56:17 +0000 (14:56 +0100)]
Merge branch 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf
* 'ppc-for-upstream' of git://repo.or.cz/qemu/agraf: (22 commits)
PPC: pseries: Remove hack for PIO window
PPC: e500: Map PIO space into core memory region
xen_platform: convert PIO to new memory api read/write
vmport: convert PIO to new memory api read/write
serial: convert PIO to new memory api read/write
rtl8139: convert PIO to new memory api read/write
pckbd: convert PIO to new memory api read/write
pc port92: convert PIO to new memory api read/write
mc146818rtc: convert PIO to new memory api read/write
m48t59: convert PIO to new memory api read/write
i8254: convert PIO to new memory api read/write
es1370: convert PIO to new memory api read/write
virtio-pci: convert PIO to new memory api read/write
ac97: convert PIO to new memory api read/write
pseries: Implement qemu initiated shutdowns using EPOW events
target-ppc: Rework storage of VPA registration state
pseries: Don't allow duplicate registration of hcalls or RTAS calls
Add USB option in machine options
e500: Fix serial initialization
PPC: 440: Emulate DCBR0
...
Aurelien Jarno [Mon, 29 Oct 2012 13:55:51 +0000 (14:55 +0100)]
Merge branch 'queue/qmp' of git://repo.or.cz/qemu/qmp-unstable
* 'queue/qmp' of git://repo.or.cz/qemu/qmp-unstable:
migration: go to paused state after finishing incoming migration with -S
qmp: handle stop/cont in INMIGRATE state
hmp: fix info cpus for sparc targets
Alexander Graf [Mon, 8 Oct 2012 10:21:30 +0000 (12:21 +0200)]
PPC: e500: Map PIO space into core memory region
On PPC, we don't have PIO. So usually PIO space behind a PCI bridge is
accessible via MMIO. Do this mapping explicitly by mapping the PIO space
of our PCI bus into a memory region that lives in memory space.
David Gibson [Mon, 8 Oct 2012 18:17:39 +0000 (18:17 +0000)]
pseries: Implement qemu initiated shutdowns using EPOW events
At present, using 'system_powerdown' from the monitor or otherwise
instructing qemu to (cleanly) shut down a pseries guest will not work,
because we did not have a method of signalling the shutdown request to the
guest.
PAPR does include a usable mechanism for this, though it is rather more
involved than the equivalent on x86. This involves sending an EPOW
(Environmental and POwer Warning) event through the PAPR event and error
logging mechanism, which also has a number of other functions.
This patch implements just enough of the event/error logging functionality
to be able to send a shutdown event to the guest. At least with modern
guest kernels and a userspace that is up and running, this means that
system_powerdown from the qemu monitor should now work correctly on pseries
guests.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
David Gibson [Mon, 8 Oct 2012 18:17:38 +0000 (18:17 +0000)]
target-ppc: Rework storage of VPA registration state
With PAPR guests, hypercalls allow registration of the Virtual Processor
Area (VPA), SLB shadow and dispatch trace log (DTL), each of which allow
for certain communication between the guest and hypervisor. Currently, we
store the addresses of the three areas and the size of the dtl in
CPUPPCState.
The SLB shadow and DTL are variable sized, with the size being retrieved
from within the registered memory area at the hypercall time. This size
can later be overwritten with other information, however, so we need to
save the size as of registration time. We already do this for the DTL,
but not for the SLB shadow, so this patch fixes that.
In addition, we change the storage of the VPA information to use fixed
size integer types which will make life easier for syncing this data with
KVM, which we will need in future.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
David Gibson [Mon, 8 Oct 2012 18:17:36 +0000 (18:17 +0000)]
pseries: Don't allow duplicate registration of hcalls or RTAS calls
Currently the pseries machine code allows a callback to be registered
for a hypercall number twice, as long as it's the same callback the second
time. We don't test for duplicate registrations of RTAS callbacks at all
so it will effectively be last registratiojn wins.
This was originally done because it was awkward to ensure that the
registration happened exactly once, but the code has since been
restructured so that's no longer the case.
Duplicate registration of a hypercall or RTAS call could well suggest
a duplicate initialization which could cause other problems, so this patch
makes duplicate registrations a bug, to prevent the old behaviour from
hiding other bugs.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
When -usb option is used, global varible usb_enabled is set.
And all the plaform will create one USB controller according
to this variable. In fact, global varibles make code hard
to read.
So this patch is to remove global variable usb_enabled and
add USB option in machine options. All the plaforms will get
USB option value from machine options.
USB option of machine options will be set either by:
* -usb
* -machine type=pseries,usb=on
Both these ways can work now. They both set USB option in
machine options. In the future, the first way will be removed.
Signed-off-by: Li Zhang <zhlcindy@linux.vnet.ibm.com> Acked-by: Alexander Graf <agraf@suse.de> Signed-off-by: Alexander Graf <agraf@suse.de>
Peter Maydell [Fri, 5 Oct 2012 07:09:02 +0000 (07:09 +0000)]
Drop unnecessary check of TARGET_PHYS_ADDR_SPACE_BITS
For all our PPC targets the physical address space is at least
36 bits, so drop an unnecessary preprocessor conditional check
on TARGET_PHYS_ADDR_SPACE_BITS (erroneously introduced as part
of the change from target_phys_addr_t to hwaddr). This brings
this bit of code into line with the way we handle the other
cases which were originally checking TARGET_PHYS_ADDR_BITS in
order to avoid compiler complaints about overflowing a 32 bit type.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de>
Eduardo Habkost [Wed, 24 Oct 2012 14:10:33 +0000 (12:10 -0200)]
target-i386: cpu: recover items 28-31 of ext2_feature_name
I removed a line by mistake on commit 3b671a40cab2404bc63e57db8cd3afa4ec70bfab, containing the flags lm/i64,
3dnow, and 3dnowext. This patch restores the removed line.
qemu-timer: Check for usable fields for SIGEV_THREAD_ID
Older glibc (RHEL 5.x, Debian 5.x) does not have the _sigev_un._tid
member in its structure definition, while the accompanying kernel
headers do define SIGEV_THREAD_ID. We need configure to check for
both before using it.
Signed-off-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
When we allocate a reserved_va for the guest, the kernel will likely
choose an address well above 4G. At which point we must use a pair
of movabsq+addq to form the host address. If we have OS support,
set up a segment register to point to guest_base instead.
Signed-off-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
With normal FP, this doesn't have much affect on the generated code,
because most of the FP operations are not CONST/PURE, and so we spill
registers in about the same frequency as the explicit load/stores.
But with Loongson multimedia instructions, which are all integral and
whose helpers are in fact CONST+PURE, this greatly improves the code.
Signed-off-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 9 Oct 2012 19:53:09 +0000 (21:53 +0200)]
target-microblaze: rename helper flags
Rename helper flags to the new ones. This is purely a mechanical change,
it's possible to use better flags by looking at the helpers.
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 9 Oct 2012 19:53:08 +0000 (21:53 +0200)]
target-cris: rename helper flags
Rename helper flags to the new ones. This is purely a mechanical change,
it's possible to use better flags by looking at the helpers.
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com> Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 9 Oct 2012 19:53:08 +0000 (21:53 +0200)]
tcg: rework TCG helper flags
The current helper flags, TCG_CALL_CONST and TCG_CALL_PURE might be
confusing and doesn't provide enough granularity for some helpers (FP
helpers for example).
This patch changes them into the following helpers flags:
- TCG_CALL_NO_READ_GLOBALS means that the helper does not read globals,
either directly or via an exception. They will not be saved to their
canonical location before calling the helper.
- TCG_CALL_NO_WRITE_GLOBALS means that the helper does not modify any
globals. They will only be saved to their canonical locations before
calling helpers, but they won't be reloaded afterwise.
- TCG_CALL_NO_SIDE_EFFECTS means that the call to the function is
removed if the return value is not used.
It provides convenience flags, to avoid helper definitions longer than
80 characters. It also provides compatibility flags, and updates the
documentation.
Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 9 Oct 2012 19:53:08 +0000 (21:53 +0200)]
tcg: synchronize globals for ops with side effects
Operations with side effects (in practice qemu_ld/st ops), only need to
synchronize globals to make sure the CPU state is consistent in case of
exception.
Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 9 Oct 2012 19:53:08 +0000 (21:53 +0200)]
tcg: forbid ld/st function to modify globals
Mapping a memory address using a global and accessing it through
ld/st operations is currently broken. As it doesn't make any sense
to do that performance wise, let's forbid that.
Update the TCG documentation, and remove partial support for that.
Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 9 Oct 2012 19:53:08 +0000 (21:53 +0200)]
tcg: fix some op flags
Some branch related ops are marked with TCG_OPF_SIDE_EFFECTS, some other
not. In practice they don't need to, as they are all marked with
TCG_OPF_BB_END, which is handled specifically in all the code.
The call op is marked as TCG_OPF_SIDE_EFFECTS, which might be not true
as there is are specific flags (TCG_CALL_CONST and TCG_CALL_PURE) for
specifying that. On the other hand it always clobber arguments, so mark
it as such even if the call op is handled in a different code path.
Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 9 Oct 2012 19:53:07 +0000 (21:53 +0200)]
tcg: don't explicitly save globals and temps
The liveness analysis ensures that globals and temps are at the correct
state at a basic block end or with an op with side effects. Avoid
looping on all temps, this can be time consuming on targets with a lot
of globals. Keep an assert in debug mode.
Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 9 Oct 2012 19:53:07 +0000 (21:53 +0200)]
tcg: rewrite tcg_reg_alloc_mov()
Now that the liveness analysis provides more information, rewrite
tcg_reg_alloc_mov(). This changes the behaviour about propagating
constants and memory accesses. We now take the assumption that once
a value is loaded into a register (from memory or from a constant),
it's better to keep it there than to reload it later. This assumption
is now always almost correct given that we are now sure the
corresponding temp is going to be used later (otherwise it would have
been synchronized and marked as dead already). The assumption is wrong
if one of the op after clobbers some registers including the one
of the holding the temp (this can be avoided by allocating clobbered
registers last, which is what most TCG target do), or in case of lack
of available register.
Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 9 Oct 2012 19:53:07 +0000 (21:53 +0200)]
tcg: rework liveness analysis
Rework the liveness analysis by tracking temps that need to go back to
memory in addition to dead temps tracking. This allows to mark output
arguments as "need sync", and to synchronize them back to memory as soon
as they are not written anymore. This way even arguments mapping to
globals can be marked as "dead", avoiding moves to a new register when
input and outputs are aliased.
In addition it means that registers are freed as soon as temps are not
used anymore, instead of waiting for a basic block end or an op with side
effects. This reduces register spilling especially on CPUs with few
registers, and spread the mov over all the TB, increasing the
performances on in-order CPUs.
Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 9 Oct 2012 19:53:07 +0000 (21:53 +0200)]
tcg: sync output arguments on liveness request
Synchronize an output argument when requested by the liveness analysis.
This is needed so that the temp can be declared dead later.
For that, add a new op_sync_args table in which each bit tells if the
corresponding output argument needs to be synchronized with the memory.
Pass it to the tcg_reg_alloc_* functions, and honor this bit. We need to
synchronize the argument before marking it as dead, and we have to make
sure all the infos about the temp are correctly filled.
At the same time change some types from unsigned int to uint16_t when
passing op_dead_args.
Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 9 Oct 2012 19:53:06 +0000 (21:53 +0200)]
tcg: add temp_sync()
Add a new function temp_sync() to synchronize the canonical location
of a temp with the value in the corresponding register, but without
freeing the associated register. Rewrite temp_save() to call
temp_sync() followed by temp_dead().
Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 9 Oct 2012 19:53:06 +0000 (21:53 +0200)]
tcg: add tcg_reg_sync()
Add a new function tcg_reg_sync() to synchronize the canonical location
of a temp with the value in the associated register, but without freeing
it. Rewrite tcg_reg_free() to first call tcg_reg_sync() and then to free
the register.
Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 9 Oct 2012 19:53:06 +0000 (21:53 +0200)]
tcg: add temp_dead()
A lot of code is duplicated to mark a temporary as dead. Replace it
by temp_dead(), which in addition marks the temp as saved in memory
for globals and local temps, instead of doing this a posteriori in
temp_save().
Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 20 Oct 2012 15:31:44 +0000 (17:31 +0200)]
tcg/i386: remove ld/st third argument register constraint
On x86_64, remove the constraint on the third argument register which
is not needed:
- For loads the helper arguments are env, addr, mem_idx. The addr
value should not be in the two first argument registers as they are
used in tcg_out_tlb_load().
- For stores the helper arguments are env, addr, data, mem_idx.
The addr and data values should not be in the two first argument
registers as they are used in tcg_out_tlb_load(). The data value
should also not be in the two first argument registers, but could
be in the third argument register in which case it would be already
loaded at the right location.
Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 20 Oct 2012 15:31:44 +0000 (17:31 +0200)]
tcg/i386: remove suboptimal register shifting
Now that CONFIG_TCG_PASS_AREG0 has been removed, it's easier to get
an optimal code for the load/store functions.
First swap the two registers used in tcg_out_tlb_load() so that the
address end-up in the second register instead of the first one. Adjust
tcg_out_qemu_ld() and tcg_out_qemu_st() to respectively call
tcg_out_qemu_ld_direct() and tcg_out_qemu_st_direct() with the correct
registers. Then replace the register shifting by direct load of the
arguments.
Reviewed-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Peter Maydell [Fri, 19 Oct 2012 13:54:23 +0000 (14:54 +0100)]
Makefile: Forbid out-of-tree build from a source tree that has been built in
If we try to do an out-of-tree build but the source tree we're building from
has been used in the past for an in-tree build then things will go
confusingly wrong. Specifically, some parts of the build process will pull
in generated files from the old in-tree build (because SRC_PATH is on
the vpath). Diagnose this situation so we can produce a useful error
message and tell the user how to fix it (run distclean in the source tree).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Aurelien Jarno [Sun, 21 Oct 2012 22:50:58 +0000 (00:50 +0200)]
target-sparc64: disable VGA cirrus
OpenBIOS on sparc64 only support Standard VGA and not Cirrus VGA. Don't
build Cirrus VGA support so that it can't be selected.
This fixes the breakage introduced by commit f2898771.
Reported-by: Richard Henderson <rth@twiddle.net> Cc: Blue Swirl <blauwirbel@gmail.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Tested-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Blue Swirl [Sat, 27 Oct 2012 14:21:37 +0000 (14:21 +0000)]
Merge branch 'target-arm.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm
* 'target-arm.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm:
target-arm: Remove out of date FIXME regarding saturating arithmetic
target-arm: Implement abs_i32 inline rather than as a helper
target-arm: Use TCG operation for Neon 64 bit negation
arm-semi.c: Handle get/put_user() failure accessing arguments
Bruce Rogers [Mon, 20 Aug 2012 18:45:08 +0000 (12:45 -0600)]
configure: avoid compiler warning in pipe2 detection
When building qemu-kvm for openSUSE:Factory, I am getting a
warning in the pipe2 detection performed by configure, which
prevents using --enable-werror.
Change detection code to use return value of pipe2.
Signed-off-by: Bruce Rogers <brogers@suse.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Disable clang's initializer-overrides warnings, as QEMU makes significant
use of the pattern of initializing an array with a range-based default
entry like
[0 ... 0x1ff] = { GPIO_NONE, 0 }
followed by specific entries which override that default, and clang
would otherwise warn "initializer overrides prior initialization of
this subobject" when it encountered the specific entry.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Gerd Hoffmann [Wed, 24 Oct 2012 07:38:08 +0000 (09:38 +0200)]
xhci: allow disabling interrupters
For secondary interrupters this is explicitly allowed in the specs.
For the primary interrupter behavior is undefined, lets be friendly
and allow disabling too.
Gerd Hoffmann [Wed, 24 Oct 2012 08:14:16 +0000 (10:14 +0200)]
xhci: flush endpoint context unconditinally
Not updating the endpoint context in case the state didn't change is
wrong. Other context fields might have changed, for example the
dequeue pointer in response to a CR_SET_TR_DEQUEUE command.
Hans de Goede [Wed, 24 Oct 2012 16:31:19 +0000 (18:31 +0200)]
uhci: Retry to fill the queue while waiting for td completion
If the guest is using multiple transfers to try and keep the usb bus busy /
used at maximum efficiency, currently we would see / do the following:
1) submit transfer 1 to the device
2) submit transfer 2 to the device
3) report transfer 1 completion to guest
4) report transfer 2 completion to guest
5) submit transfer 1 to the device
6) report transfer 1 completion to guest
7) submit transfer 2 to the device
8) report transfer 2 completion to guest
etc.
So after the initial submission we would effectively only have 1 transfer
in flight, rather then 2. This is caused by us not checking the queue for
addition of new transfers by the guest (ie the resubmission of a recently
finished transfer), while waiting for a pending transfer to complete.
This patch does add a check for this, changing the sequence to:
1) submit transfer 1 to the device
2) submit transfer 2 to the device
3) report transfer 1 completion to guest
4) submit transfer 1 to the device
5) report transfer 2 completion to guest
6) submit transfer 2 to the device
etc.
Thus keeping 2 transfers in flight (most of the time, and always 1),
as intended by the guest.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Wed, 24 Oct 2012 16:31:18 +0000 (18:31 +0200)]
uhci: Always mark a queue valid when we encounter it
Before this patch we would not mark a queue valid when its head was a
non-active td. This causes us to misbehave in the following scenario:
1) queue with multiple input transfers queued
2) We hit some latency issue, causing qemu to get behind processing frames
3) When qemu gets to run again, it notices the first transfer ends short,
marking the head td non-active
4) It now processes 32+ frames in a row without giving the guest a chance
to run since it is behind
5) valid is decreased to 0, causing the queue to get cancelled also cancelling
already queued up further input transfers
6) guest gets to run, notices the inactive td, cleanups up further tds
from the short transfer, and lets the queue continue at the first td of
the next input transfer
7) we re-start the queue, issuing the second input transfer for the *second*
time, and any data read by the first time we issued it has been lost
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Wed, 24 Oct 2012 16:31:16 +0000 (18:31 +0200)]
uhci: Detect guest td re-use
A td can be reused by the guest in a different queue, before we notice
the original queue has been unlinked. So search for tds by addr only, detect
guest td reuse, and cancel the original queue, this is necessary to keep our
packet ids unique.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Wed, 24 Oct 2012 16:31:15 +0000 (18:31 +0200)]
uhci: Verify queue has not been changed by guest
According to the spec a guest can unlink a qh, and then as soon as frindex
has changed by 1 since the unlink, assume it is idle and re-use it. However
for various reasons, we cannot simply consider a qh as unlinked if we've not
seen it for 1 frame. This means that it is possible for a guest to re-use /
restart the queue while we still see its old state. This patch adds a safety
check for this, and "early" retires queues when they were changed by the guest.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Wed, 24 Oct 2012 16:31:14 +0000 (18:31 +0200)]
uhci: Immediately free queues on device disconnect
There is no need to just cancel any in-flight packets, and then wait
for validate-end to clean things up, we can simply clean things up
immediately on device removal.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Wed, 24 Oct 2012 16:31:12 +0000 (18:31 +0200)]
uhci: Make uhci_fill_queue() actually operate on an UHCIQueue
And move its calling point to handle_td, this removes the ep_ret ugliness,
and prepates the way for further cleanups in the follow-up patches in this
patch-set.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Wed, 24 Oct 2012 16:31:10 +0000 (18:31 +0200)]
uhci: Rename UHCIAsync->td to UHCIAsync->td_addr
We use the name td both to refer to a UHCI_TD read from guest memory as
well as to refer to the guest address where a td is stored, switch over
to always use td_addr in the second case for consistency.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Wed, 24 Oct 2012 16:31:07 +0000 (18:31 +0200)]
uhci: Don't retry on error
Since we are either dealing with emulated devices, where retrying is
not going to help, or with redirected devices where the host OS will
have already retried, don't bother retrying on failed transfers.
Also move some common/indentical code out of all the error cases
into the generic error path.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Wed, 24 Oct 2012 16:14:09 +0000 (18:14 +0200)]
usb: Move short-not-ok handling to the core
After a short-not-ok packet ending short, we should not advance the queue.
Move enforcing this to the core, rather then handling it in the hcd code.
This may result in the queue now actually containing multiple input packets
(which would not happen before), and this requires special handling in
combination with pipelining, so disable pipleining for input endpoints
(for now).
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Wed, 24 Oct 2012 16:14:08 +0000 (18:14 +0200)]
usb: Move clearing of queue on halt to the core
hcds which queue up more then one packet at once (uhci, ehci and xhci),
must clear the queue after an error which has caused the queue to halt.
Currently this is handled as a special case inside the hcd code, this
patch instead adds an USB_RET_REMOVE_FROM_QUEUE packet result code, teaches
the 3 hcds about this and moves the clearing of the queue on a halt into
the USB core.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Wed, 24 Oct 2012 16:14:07 +0000 (18:14 +0200)]
usb: Add USB_RET_ADD_TO_QUEUE packet result code
This can be used by usb-device code which wishes to process an entire endpoint
queue at once, to do this the usb-device code returns USB_RET_ADD_TO_QUEUE
from its handle_data class method and defines a flush_ep_queue class method
to call when the hcd is done queuing up packets.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Wed, 24 Oct 2012 16:14:04 +0000 (18:14 +0200)]
ehci: Retry to fill the queue while waiting for td completion
If the guest is using multiple transfers to try and keep the usb bus busy /
used at maximum efficiency, currently we would see / do the following:
1) submit transfer 1 to the device
2) submit transfer 2 to the device
3) report transfer 1 completion to guest
4) report transfer 2 completion to guest
5) submit transfer 1 to the device
6) report transfer 1 completion to guest
7) submit transfer 2 to the device
8) report transfer 2 completion to guest
etc.
So after the initial submission we would effectively only have 1 transfer
in flight, rather then 2. This is caused by us not checking the queue for
addition of new transfers by the guest (ie the resubmission of a recently
finished transfer), while waiting for a pending transfer to complete.
This patch does add a check for this, changing the sequence to:
1) submit transfer 1 to the device
2) submit transfer 2 to the device
3) report transfer 1 completion to guest
4) submit transfer 1 to the device
5) report transfer 2 completion to guest
6) submit transfer 2 to the device
etc.
Thus keeping 2 transfers in flight (most of the time, and always 1),
as intended by the guest.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Wed, 24 Oct 2012 16:14:03 +0000 (18:14 +0200)]
ehci: Detect going in circles when filling the queue
For ctrl endpoints Windows (atleast Win7) creates circular td lists, so far
these were not a problem because we would stop filling the queue if altnext
was set. Since further patches in this patchset remove the altnext check this
does become a problem and we need detection for going in circles.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Wed, 24 Oct 2012 16:14:02 +0000 (18:14 +0200)]
ehci: Speed up the timer of raising int from the async schedule
Often the guest will queue up new packets in response to a packet, in the
async schedule with its IOC flag set, completing. By speeding up the
frame-timer, we notice these new packets earlier. This increases the
speed (MB/s) of a Linux guest reading from a USB mass storage device by a
factor of 1.15 on top of the "Improve latency of interrupt delivery"
speed-ups, both with and without input pipelining enabled.
I've not tested the speed-up of this patch without the
"Improve latency of interrupt delivery" patch.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Wed, 24 Oct 2012 16:14:01 +0000 (18:14 +0200)]
ehci: Improve latency of interrupt delivery and async schedule scanning
While doing various performance tests of reading from USB mass storage devices
I noticed the following::
1) When an async handled packet completes, we don't immediately report an
interrupt to the guest, instead we wait for the frame-timer to run and
report it from there
2) If 1) has been fixed and an async handled packet takes a while to complete,
then async_stepdown will become a high value, which means that there
will be a large latency before any new packets queued by the guest in
response to the interrupt get seen
1) was done deliberately as part of commit f0ad01f92:
http://www.kraxel.org/cgit/qemu/commit/?h=usb.57&id=f0ad01f92ca02eee7cadbfd225c5de753ebd5fce
Since setting the interrupt immediately on async packet completion was causing
issues with Linux guests, I believe this recently fixed Linux bug explains
why this is happening:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=361aabf395e4a23cf554cf4ec0c0c6963b8beb01
Note that we can *not* count on this fix being present in all Linux guests!
I was hoping that the recently added support for Interrupt Threshold Control
would fix the issues with Linux guests, but adding a simple ehci_commit_irq()
call to ehci_async_bh() still caused problems with Linux guests.
The problem is, that when doing ehci_commit_irq() from ehci_async_bh(),
the "old" frindex value is used to calculate usbsts_frindex, and when
the frame-timer then runs possibly very shortly after ehci_async_bh(),
it increases the frame-timer, and thus any interrupts raised from that
frame-timer run, will also get reported to the guest immediately, rather
then being delayed to the next frame-timer run.
Luckily the solution for this is simple, this means that we need to
increase frindex before calling ehci_commit_irq() from ehci_async_bh(),
which in the end boils down to simple calling ehci_frame_timer() instead
of ehci_async_bh() from the bh.
This may seem like it causes a lot of extra work to be done, but this
is not true. Any work done from the frame-timer processing the periodic
schedule is work which then does not need to be done the next time the
frame timer runs, also the frame-timer will re-arm itself at (possibly)
a later time then it was armed for saving a vmexit at that time.
As an additional advantage moving to simply calling the frame-timer also
fixes 2) as the packet completion will set async_stepdown to 0, and the
re-arming of the timer with an async_stepdown of 0 ensures that any
newly queued up packets get seen in a reasonable amount of time.
This improves the speed (MB/s) of a Linux guest reading from a USB mass
storage device by a factor of 1.5 - 1.7 with input pipelining disabled,
and by a factor of 1.8 with input pipelining enabled.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Wed, 24 Oct 2012 16:14:00 +0000 (18:14 +0200)]
ehci: Set int flag on a short input packet
According to 4.15.1.2 an interrupt must be raised when a short packet
is received. If we don't do this it may take a significant time for
the guest to notice a short trasnfer has completed, since only the last td
will have its IOC flag set, and a short transfer may complete in an earlier
packet.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede [Wed, 24 Oct 2012 16:13:59 +0000 (18:13 +0200)]
ehci: Get rid of packet tbytes field
This field is used in some places to track the tbytes field of the token, but
in other places the field is used directly, use it directly everywhere for
consistency.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
projects / qemu.git / log