Linux really looks only at scsi->errors for SG_IO requests; it does
not look at the virtio request status at all. Because of this, when
a SG_IO request is failed early with virtio_blk_req_complete(req,
VIRTIO_BLK_S_UNSUPP), without writing hdr.status, it will look like
a success to the guest.
This is their bug, but we can make it safe for older guests now by
forcing scsi->errors to have a non-zero value whenever a request
has to be failed.
But if we fix the bug in the guest driver, we will have another problem
because QEMU returns VIRTIO_BLK_S_IOERR if the status is non-zero, and
Linux translates that to -EIO. Rather, the guest should succeed the
request and pass the non-zero status via the userspace-provided SG_IO
structure. So, remove the case where virtio_blk_handle_scsi can
return VIRTIO_BLK_S_IOERR.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Allow load_image_targphys to load files on systems with more than 2G of
emulated memory by changing the max_sz parameter from an int to an
uint64_t.
Reviewed-by: Andreas F=E4rber <afaerber@suse.de>
Acked-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Make use of the new vector notifier to track changes of the MSI-X
configuration of virtio PCI devices. On enabling events, we establish
the required virtual IRQ to MSI-X message route and link the signaling
eventfd file descriptor to this vIRQ line. That way, vhost-generated
interrupts can be directly delivered to an in-kernel MSI-X consumer like
the x86 APIC.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Analogously to msi_nr_vectors_allocated, add a service for MSI-X. Will
be used by the virtio-pci layer.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Automatically commit route changes after kvm_add_routing_entry and
kvm_irqchip_release_virq. There is no performance relevant use case for
which collecting multiple route changes is beneficial. This makes
kvm_irqchip_commit_routes an internal service which assert()s that the
corresponding IOCTL will always succeed.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
We will add kvm_irqchip_add_msi_route, so let's make the difference
clearer.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Vector notifiers shall be triggered by the MSI/MSI-X core whenever a
relevant configuration change is programmed by the guest. In case of
MSI-X, changes are reported when the effective mask (global &&
per-vector) alters its state. On unmask, the current vector
configuration is included in the event report. This allows users - e.g.
virtio-pci layer - to transfer this information to external MSI-X
routing subsystems - like vhost + KVM in-kernel irqchip.
This implementation only provides MSI-X support, but extension to MSI is
feasible and will be provided later on when adding support for KVM PCI
device assignment.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
In preparation of firing vector notifiers on mask changes, call
msix_handle_mask_update also from msix_mask_all. So far, this will have
no real effect.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
This helper will also be used by the upcoming config notifier.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
There are no outside references to virtio_portio.
Add missing 'static' specifier.
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Initrd load address is too low, it conflicts with kernel load
address:
rom: requested regions overlap (rom phdr #0: /tmp/vmlinux-debian-6.0.4-sparc64. free=0x0000000000742519, addr=0x0000000000400000)
rom loading failed
Fix by making the initrd address variable, load initrd after kernel
image. Use 64 bit variables instead of longs or 32 bit types.
Tested-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: John V. Baboval <john.baboval@virtualcomputer.com>
Signed-off-by: Tom Goetz <tom.goetz@virtualcomputer.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
In the context of PV-on-HVM under Xen, the emulated nics are supposed to be
unplug before the guest drivers are initialized, when the guest write to a
specific IO port.
Without this patch, the guest end up with two nics with the same MAC, the
emulated nic and the PV nic.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
While for the "normal" case (called from blk_send_response_all())
decrementing requests_finished is correct, doing so in the parse error
case is wrong; requests_inflight needs to be decremented instead.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Use bdrv_aio_flush instead of bdrv_flush.
Make sure to call bdrv_aio_writev/readv after the presync bdrv_aio_flush is fully
completed and make sure to call the postsync bdrv_aio_flush after
bdrv_aio_writev/readv is fully completed.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
This patch removes a dead option.
The same can be achieved removing BDRV_O_NOCACHE and BDRV_O_CACHE_WB
from the flags passed to bdrv_open.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
PIT and PCSPK are emulated by the hypervisor so we don't need to emulate
them in Qemu: this patch prevents Qemu from waking up needlessly at
PIT_FREQ on Xen.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Catch writes to the MSI MMIO region in the KVM APIC and forward them to
the kernel. Provide the kernel support GSI routing, this allows to
enable MSI support also for in-kernel irqchip mode.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Push msi_supported enabling to the APIC implementations where we can
encapsulate the decision more cleanly, hiding the details from the
generic code.
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Will be used for generating and distributing MSI messages, both in
emulation mode and under KVM.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
* sweil/for-1.1:
qemu-doc: Use QEMU instead of qemu for product name
qemu-doc: Fix executable name in examples
qemu-doc: Add missing parameter in description of -D option
configure: Use QEMU instead of Qemu
fix some common typos
qemu-timer: Fix wrong error message
Since most property types do not have a parse property now, this was
broken. Fix it by looking at the setter instead.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Acked-by: Andreas F=E4rber <afaerber@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Most important here is to update our internal endpoint state so we know
the endpoint isn't in halted state any more. Without this usb-host
tries to clear halt again with the next data transfer submitted. Doing
this twice is (a) not correct and (b) confuses some usb devices,
rendering them non-functional in the guest.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
These were identified using: http://github.com/lyda/misspell-check
and run like this to create a bourne shell script using GNU sed's
-i option:
git ls-files|grep -vF .bin | misspellings -f - |grep -v '^ERROR:' |perl \
-pe 's/^(.*?)\[(\d+)\]: (\w+) -> "(.*?)"$/sed -i '\''${2}s!$3!$4!'\'' $1/'
Manually eliding the FP, "rela->real" and resolving "addres" to
address (not "adders") we get this:
sed -i '450s!thru!through!' Changelog
sed -i '260s!neccessary!necessary!' coroutine-sigaltstack.c
sed -i '54s!miniscule!minuscule!' disas.c
sed -i '1094s!thru!through!' hw/usb/hcd-ehci.c
sed -i '1095s!thru!through!' hw/usb/hcd-ehci.c
sed -i '21s!unecessary!unnecessary!' qapi-schema-guest.json
sed -i '307s!explictly!explicitly!' qemu-ga.c
sed -i '490s!preceeding!preceding!' qga/commands-posix.c
sed -i '792s!addres!address!' qga/commands-posix.c
sed -i '6s!beeing!being!' tests/tcg/test-mmap.c
Also, manually fix "arithmentic", spotted by Peter Maydell:
sed -i 's!arithmentic!arithmetic!' coroutine-sigaltstack.c
Signed-off-by: Jim Meyering <meyering@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
We have the following simplified callgraph in mips_fulong2e_init():
cpu_init() => cpu_mips_init()
object_new()
mips_cpu_initfn()
cpu_exec_init()
register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
cpu_save, cpu_load, env)
register_savevm(NULL, "cpu", 0, 3, cpu_save, cpu_load, env)
CPU_SAVE_VERSION is defined as 3 in target-mips/cpu.h.
fulong2e instantiates one CPU, so its cpu_index is 0.
Thus the two are fully identical.
Therefore just remove the second call in fulong2e.
Signed-off-by: Juan Quintela <quintela@redhat.com>
[AF: Extend explanation in commit message]
Signed-off-by: Andreas Färber <afaerber@suse.de>
This was erroneously dropped in d6c730086c
(pc: reduce duplication in compat machine types).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
ptr properties have neither a get/set or a print/parse which means that when
they're added they aren't treated as static or legacy properties.
Just assume properties like this are legacy properties and treat them as such.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Otherwise, non-string properties without a legacy counterpart are missed.
Also fix error propagation in object_property_print() itself.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Similarly to PCI interrupt mappings, the OBIO ones have to be initialized.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
* kwolf/for-anthony:
fdc: simplify media change handling
qcow2: lock on prealloc
block: make bdrv_create adopt coroutine
qcow2: Limit COW to where it's needed
sheepdog: switch to writethrough mode if cluster doesn't support flush
* bonzini/scsi-next:
scsi: Add assertion for use-after-free errors
scsi: remove useless debug messages
scsi: set VALID bit to 0 in fixed format sense data
scsi: do not require a minimum allocation length for REQUEST SENSE
scsi: do not require a minimum allocation length for INQUIRY
scsi: parse 16-byte tape CDBs
scsi: do not report bogus overruns for commands in the 0x00-0x1F range
scsi-disk: add dpofua property
scsi: change "removable" field to host many features
scsi: Specify the xfer direction for UNMAP and ATA_PASSTHROUGH commands
scsi: fix WRITE SAME transfer length and direction
scsi: fix refcounting for reads
scsi: prevent data transfer overflow
ISCSI: Add support for thin-provisioning via discard/UNMAP and bigger LUNs
Commit afe0a59535 added byte reads for TxStatus/TxAddr, but
broke 32-bit reads; the mask generation
(1 << (8 * size)) - 1
is unspecified in C for size >= sizeof(int), and in fact returns 0
on x86.
Fix by using a larger type.
Fixes (at least) Fedora 9 i386 with -machine kernel_irqchip=on. I
didn't see it with the qemu APIC implementation; may be due to timing
or (more likely) a tester error.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This also (partly) fixes IBM OS/2 Warp 4.0 floppy installation, where
not all floppies have the same format (2x80x18 for the first ones,
2x80x23 for the next ones).
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The Linux AC97 driver tests this bit to decide wether or not to show
an External amplifier toggle control.
This patch was also tested with a Windows XP guest without any issues.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
The Linux ac97 drivers does a number of register read/write tests to
see how much resolution a volume control actually has.
This patch takes this into account by masking out any bits written to
a volume control reg which should not be there according to the spec.
After this the Linux ac97 driver correctly uses a range of 0 - 0x1f for
the PCM out volume, as stated in the spec, and we can fix the FIXME
in update_combined_volume_out().
This patch was also tested with a Windows XP guest without any issues.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
After commit 19677a380a:
"hw/ac97: add support for volume control"
We are (correctly) using AC97_Record_Gain_Mute and not AC97_Line_In_Volume_Mute
for recording volume, but various places in hw/ac97 were still assumimg that
we are using AC97_Line_In_Volume_Mute for record volume control, this patch
fixes this.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
The Linux ac97 driver tries to see if optional things like video input
volume control are available in 2 ways:
1) See if the mute bit is set after reset, if it is no further tests are done
2) If the mute bit is not set it does a write/read test of the mute bit
This patch changes our ac97 to conform to what the Linux driver expects, it
initializes registers for things which we don't emulate to 0 (so the mute bit
is not set) and makes them read only.
This causes Linux to now longer show the following (functionless)
controls in alsamixer:
Master Mono vol + mute
3d Control toggle
PCM out pre / post 3d select
Surround toggle
CD vol + mute
Mic vol + mute
Mic boost toggle
Mic mic1 / mic2 select
Video vol + mute
Phone vol + mute
Beep mono vol + mute
Aux vol + mute
Mono "output mic" / "mix" select
Sigmatel 4 speaker stereo toggle
Sigmatel ADC 6Db att toggle
Sigmatel DAC 6Db att toggle
This patch was also tested with a Windows XP guest and there it also makes
a number of functionless mixer controls go away.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: malc <av1474@comtv.ru>
The QEMU emulation which is currently used with Raspberry PI images
(qemu-system-arm -M versatilepb ...) accesses memory which was freed.
Valgrind output (extract):
==17857== Invalid write of size 4
==17857== at 0x24EB06: scsi_req_unref (scsi-bus.c:1273)
==17857== by 0x24FFAE: scsi_read_complete (scsi-disk.c:277)
==17857== by 0x152ACC: bdrv_co_em_bh (block.c:3363)
==17857== by 0x13D49C: qemu_bh_poll (async.c:71)
==17857== by 0x211A8C: main_loop_wait (main-loop.c:503)
==17857== by 0x207954: main_loop (vl.c:1555)
==17857== by 0x20E9C9: main (vl.c:3653)
==17857== Address 0x1c54383c is 12 bytes inside a block of size 260 free'd
==17857== at 0x4824B3A: free (vg_replace_malloc.c:366)
==17857== by 0x20ADFA: free_and_trace (vl.c:2250)
==17857== by 0x4899FC5: g_free (in /lib/libglib-2.0.so.0.2400.1)
==17857== by 0x24EB3B: scsi_req_unref (scsi-bus.c:1277)
==17857== by 0x24F003: scsi_req_complete (scsi-bus.c:1383)
==17857== by 0x25022A: scsi_read_data (scsi-disk.c:334)
==17857== by 0x24EB9F: scsi_req_continue (scsi-bus.c:1289)
==17857== by 0x1C7787: lsi_do_dma (lsi53c895a.c:575)
==17857== by 0x1C8CDA: lsi_execute_script (lsi53c895a.c:1147)
==17857== by 0x1C74EA: lsi_resume_script (lsi53c895a.c:510)
==17857== by 0x1C7ECD: lsi_transfer_data (lsi53c895a.c:746)
==17857== by 0x24EC90: scsi_req_data (scsi-bus.c:1307)
(There are some more similar messages.)
This patch adds an assertion which also detects those errors:
Calling scsi_req_unref is not allowed when the previous call
of that function has decremented refcount to 0, because in this
case req was freed.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Optional inquiry information is declared obsolete in the latest versions
of the standard; invalid CDBs or unsupported VPD pages are supported
can be diagnosed with trace_scsi_inquiry.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The requirements on the REQUEST SENSE buffer size are not in my copy of SPC
(SPC-4 r27) and not observed by LIO. Rip them out.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
