All error statuses except for NAK are handled in a switch case, move the
handling of NAK into the same switch case.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The nakcnt code in ehci_execute_complete() marked transactions as finished
when a packet completed with a result of USB_RET_NAK, but USB_RET_NAK
means that the device cannot receive / send data at that time and that
the transaction should be retried later, which is also what the usb-uhci
and usb-ohci code does.
Note that there already was some special code in place to handle this
for interrupt endpoints in the form of doing a return from
ehci_execute_complete() when reload == 0, but that for bulk transactions
this was not handled correctly (where as for example the usb-ccid device does
return USB_RET_NAK for bulk packets).
Besides that the code in ehci_execute_complete() decrement nakcnt by 1
on a packet result of USB_RET_NAK, but
-since the transaction got marked as finished,
nakcnt would never be decremented again
-there is no code checking for nakcnt becoming 0
-there is no use in re-trying the transaction within the same usb frame /
usb-ehci frame-timer call, since the status of emulated devices won't change
as long as the usb-ehci frame-timer is running
So we should simply set the nakcnt to 0 when we get a USB_RET_NAK, thus
claiming that we've tried reload times (or as many times as possible if
reload is 0).
Besides the code in ehci_execute_complete() handling USB_RET_NAK there
was also code handling it in ehci_state_executing(), which calls
ehci_execute_complete(), and then does its own handling on top of the handling
in ehci_execute_complete(), this code would decrement nakcnt *again* (if not
already 0), or restore the reload value (which was never changed) on success.
Since the double decrement was wrong to begin with, and is no longer needed
now that we set nakcnt directly to 0 on USB_RET_NAK, and the restore of reload
is not needed either, this patch simply removes all nakcnt handling from
ehci_state_executing().
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch removes 2 bits of dead nakcnt code:
1) usb_ehci_execute calls ehci_qh_do_overlay which does:
nakcnt = reload;
and then has a block of code which is conditional on:
if (reload && !nakcnt) {
which ofcourse is never true now as nakcnt == reload.
2) ehci_state_fetchqh does:
nakcnt = reload;
but before nakcnt is ever used ehci_state_fetchqh is always followed
by a ehci_qh_do_overlay call which also does:
nakcnt = reload;
So doing this from ehci_state_fetchqh is redundant.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
cerr should only be decremented on errors which cause XactErr to be set, and
when that happens the failing transaction should be retried until cerr reaches
0 and only then should USBSTS_ERRINT be set (and inactive cleared and
USBSTS_INT set if requested).
Since we don't have any hardware level errors (and in case of redirection
the real hardware has already retried), re-trying makes no sense, so
immediately set cerr to 0 on errors which set XactErr.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
As clearly stated in the 2.3.2 of the EHCI spec, any time USBERRINT get
sets then if the td has its IOC bit set USBINT should be set as well.
This means that for any status except for USB_RET_NAK we should set
USBINT if the IOC bit is set.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The purpose of the IAAD bit / the doorbell is to make the ehci controller
forget about cached qhs, this is mainly used when cancelling transactions,
the qh is unlinked from the async schedule and then the doorbell gets rung,
once the doorbell is acked by the controller the hcd knows that the qh is
no longer in use and that it can do something else with the memory, such
as re-use it for a new qh! But we keep our struct representing this qh around
for circa 250 ms. This allows for a (mightily large) race window where the
following could happen:
-hcd submits a qh at address 0xdeadbeef
-our ehci code sees the qh, sends a request to a usb-device, gets a result
of USB_RET_ASYNC, sets the async_state of the qh to EHCI_ASYNC_INFLIGHT
-hcd unlinks the qh at address 0xdeadbeef
-hcd rings the doorbell, wait for us to ack it
-hcd re-uses the qh at address 0xdeadbeef
-our ehci code sees the qh, looks in the async_queue, sees there already is
a qh at address 0xdeadbeef there with async_state of EHCI_ASYNC_INFLIGHT,
does nothing
-the *original* (which the hcd thinks it has cancelled) transaction finishes
-our ehci code sees the qh on yet another pass through the async list,
looks in the async_queue, sees there already is a qh at address 0xdeadbeef
there with async_state of EHCI_ASYNC_COMPLETED, and finished the transaction
with the results of the *original* transaction.
Not good (tm), this patch fixes this race by removing all qhs which have not
been seen during the last cycle through the async list immidiately when the
doorbell is rung.
Note this patch does not fix any actually observed problem, but upon
reading of the EHCI spec it became apparent to me that the above race could
happen and the usb-ehci behavior from before this patch is not good.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Before this patch USB 2 devices with interrupt endpoints were not working
properly. The problem is that to avoid loops we stop processing as soon
as we encounter a queue-head (qh) we've already seen since qhs can be linked
in a circular fashion, this is tracked by the seen flag in our qh struct.
The resetting of the seen flag is done from ehci_queues_rip_unused which
before this patch was only called when executing the statemachine for the
async schedule.
But packets for interrupt endpoints are part of the periodic schedule! So what
would happen is that when there were no ctrl or bulk packets for a USB 2
device with an interrupt endpoint, the async schedule would become non
active, then ehci_queues_rip_unused would no longer get called and when
processing the qhs for the interrupt endpoints from the periodic schedule
their seen bit would still be 1 and they would be skipped.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
qhs can be part of both the async and the periodic schedule, as is shown
in later patches in this series it is useful to keep track of the qhs on
a per schedule basis.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Before this patch the T-bit was not checked in 2 places, while it should be.
Once we properly check the T-bit everywhere we no longer need the weird
entry < 0x1000 and entry > 0x1000 checks, so this patch removes them.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This provides the required user space stubs to enable the in-kernel
i8254 emulation of KVM.
The in-kernel model supports lost tick compensation according to the
"delay" policy. This is enabled by default and can be switched off via a
device property.
Depending on the feature set of the host kernel (before 2.6.32), we may
have to disable the HPET or lack sound output from the PC speaker.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Same as for the APIC: To enable migration between accelerated and
non-accelerated models, we need to arm the channel 0 timer only inside
the emulated PIT model. The common code just saves/restores that timer
to the the next_transition_time field.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Applying the concept used for the *PICs once again: establish a base
class for the i8254 that can be used both by the current user space
emulation and the upcoming KVM in-kernel version. We share most of the
public interface of the i8254, specifically to the pcspk, vmstate, reset
and certain init parts.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Xilinx zynq-7000 machine model. Also includes device model for the zynq-specific
system level control register (SLCR) module.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Device model for cadence gem ethernet controller.
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: John Linn <john.linn@xilinx.com>
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Implemented cadence Triple Timer Counter (TCC)
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: John Linn <john.linn@xilinx.com>
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Implemented cadence UART serial controller
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: John Linn <john.linn@xilinx.com>
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Use the -dtb argument for passing is a custom dtb rather than the old
hardcoded "mb.dtb"
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
defined macros for the addresses of the peripherals in machine model
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
This belongs in the machine specific reset function
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
factored out the copy-pasted common boot code from the two microblaze platforms
into a dedicated microblaze bootloader (microblaze_boot.o).
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
This reworks the image loading on s390.
Newer kernels will not always have a 0dd0 (basr 13,0) at address 0x10000.
We must not rely on specific code at certain addresses. This check was
introduced to warn users that tried to load vmlinux, since ELF loading
was not supported. Lets wire that up. If elf loading fails, we assume
that this is a standard kernel image and load that via load_image_targphys.
This patch also changes all other users of load_image to
load_image_targphys to be consistent. (the elf loader registers the kernel
as rom).
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
* 'arm-devs.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm:
hw/arm11mpcore: Fix broken realview_mpcore/arm11mpcore_priv properties
arm: add device tree support
arm: make sure that number of irqs can be represented in GICD_TYPER.
arm: clean up GIC constants
Fix confusion in the Property arrays for the "arm11mpcore_priv"
(per-CPU devices for the ARM11MPcore CPU) and "realview_mpcore"
(realview-eb board specific device encapsulating CPU and some
extra interrupt controllers) -- the num-irq property was defined
on the wrong device and the mpcore_rirq_properties were defined
as offsets in the wrong structure. The effect was that the
realview-eb-mpcore machine would abort on startup trying to
allocate an insane amount of memory. (This bug was introduced in
the QOM conversion in commit 999e12bb.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
If compiled with CONFIG_FDT, allow user to specify a device tree file using
the -dtb argument. If the machine supports it then the dtb will be loaded
into memory and passed to the kernel on boot.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
[Peter Maydell: Use machine opt rather than global to pass dtb filename]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We currently assume that the number of interrupts (ITLinesNumber in
the architecture reference manual) is divisible by 32, since we
present it to the guest when it reads GICD_TYPER (in gic_dist_readb())
as (N / 32) - 1.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Interrupts numbers 0-31 are private to the processor interface, 32-1019 are
general interrupts. Add GIC_INTERNAL and substitute everywhere.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
[Peter Maydell: converted some tabs to spaces]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* qemu-kvm/memory/core: (30 commits)
memory: allow phys_map tree paths to terminate early
memory: unify PhysPageEntry::node and ::leaf
memory: change phys_page_set() to set multiple pages
memory: switch phys_page_set() to a recursive implementation
memory: replace phys_page_find_alloc() with phys_page_set()
memory: simplify multipage/subpage registration
memory: give phys_page_find() its own tree search loop
memory: make phys_page_find() return a MemoryRegionSection
memory: move tlb flush to MemoryListener commit callback
memory: unify the two branches of cpu_register_physical_memory_log()
memory: fix RAM subpages in newly initialized pages
memory: compress phys_map node pointers to 16 bits
memory: store MemoryRegionSection pointers in phys_map
memory: unify phys_map last level with intermediate levels
memory: remove first level of l1_phys_map
memory: change memory registration to rebuild the memory map on each change
memory: support stateless memory listeners
memory: split memory listener for the two address spaces
xen: ignore I/O memory regions
memory: allow MemoryListeners to observe a specific address space
...
* qemu-kvm/uq/master:
pc-bios: update kvmvapic.bin
kvmvapic: Use optionrom helpers
optionsrom: Reserve space for checksum
kvmvapic: Simplify mp/up_set_tpr
kvmvapic: Introduce TPR access optimization for Windows guests
kvmvapic: Add option ROM
target-i386: Add infrastructure for reporting TPR MMIO accesses
Allow to use pause_all_vcpus from VCPU context
Process pending work while waiting for initial kick-off in TCG mode
Remove useless casts from cpu iterators
kvm: Set cpu_single_env only once
kvm: Synchronize cpu state in kvm_arch_stop_on_emulation_error()
* kwolf/for-anthony: (27 commits)
qemu-img: fix segment fault when the image format is qed
qemu-io: fix segment fault when the image format is qed
qemu-tool: revert cpu_get_clock() abort(3)
qemu-iotests: Test rebase with short backing file
qemu-iotests: 026: Reduce output changes for cache=none qcow2
qemu-iotests: Filter out DOS line endings
test: add image streaming tests
qemu-iotests: add iotests Python module
qemu-iotests: export TEST_DIR for non-bash tests
QMP: Add qmp command for blockdev-group-snapshot-sync
qapi: Introduce blockdev-group-snapshot-sync command
qcow2: Reject too large header extensions
qcow2: Fix offset in qcow2_read_extensions
block: drop aio_multiwrite in BlockDriver
block: remove unused fields in BlockDriverState
qcow2: Fix build with DEBUG_EXT enabled
ide: fail I/O to empty disk
fdc: DIR (Digital Input Register) should return status of current drive...
fdc: fix seek command, which shouldn't check tracks
fdc: check if media rate is correct before doing any transfer
...
* kraxel/usb.39: (21 commits)
usb: Resolve warnings about unassigned bus on usb device creation
usb-redir: Return USB_RET_NAK when we've no data for an interrupt endpoint
usb-redir: Limit return values returned by iso packets
usb-redir: Let the usb-host know about our device filtering
usb-redir: Always clear device state on filter reject
usb-redir: Fix printing of device version
ehci: drop old stuff
usb-ehci: Handle ISO packets failing with an error other then NAK
libcacard: fix reported ATR length
usb-ccid: advertise SELF_POWERED
libcacard: link with glib for g_strndup
usb-desc: fix user trigerrable segfaults (!config)
usb-ehci: sanity-check iso xfers
usb: add tracepoint for usb packet state changes.
usb-xhci: enable packet queuing
usb-uhci: implement packet queuing
usb-uhci: process uhci_handle_td return code via switch.
usb-uhci: add UHCIQueue
usb-uhci: cleanup UHCIAsync allocation & initialization.
usb-ehci: fix reset
...
Requesting a read or a write operation on an empty disk can lead
to QEMU dumping core.
Also fix a few braces here and there.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The seek command just sends step pulses to the drive and doesn't care if
there is a medium inserted of if it is banging the head against the drive.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The programmed rate has to be the same as the required rate for the
floppy format ; if that's not the case, the transfer should abort.
This check can be disabled by using the 'check_media_rate' property.
Save media rate value only if media rate check is enabled.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Set it to true for current Qemu versions, and false for previous ones
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Floppies must be read at a specific transfer rate, depending of its own format.
Update floppy description table to include required transfer rate.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
DIR and CCR registers share the same address ; DIR is read-only
while CCR is write-only
CCR register is used to change media transfer rate, which will be
checked in following changes.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
A real floppy doesn't attempt to write to read-only media either.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
In fact, only three control commands generate an interrupt:
read_id, recalibrate and seek
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This bit must be active while a command is currently executed.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Floppies can be simple or double-sided. However, current code
was only taking the common case into account (ie 2 sides).
This repairs single-sided floppies, which where totally broken
before this patch : for track > 0, wrong sector number was
calculated, and data was read/written at wrong place on
underlying device.
Fortunately, only some 360 kB floppies are single-sided, so
this bug was probably not seen much.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Current memory listeners are incremental; that is, they are expected to
maintain their own state, and receive callbacks for changes to that state.
This patch adds support for stateless listeners; these work by receiving
a ->begin() callback (which tells them that new state is coming), a
sequence of ->region_add() and ->region_nop() callbacks, and then a
->commit() callback which signifies the end of the new state. They should
ignore ->region_del() callbacks.
Signed-off-by: Avi Kivity <avi@redhat.com>
This allows reverse iteration, which in turns allows consistent ordering
among multiple listeners:
l1->add
l2->add
l2->del
l1->del
Signed-off-by: Avi Kivity <avi@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Although qxl creates a shared displaysurface when the qxl surface is
upright and doesn't need to be flipped there is no guarantee that the
surface doesn't become unshared for some reason. Rename qxl_flip to
qxl_blit and fix it to handle both flip and non-flip cases.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds an 64bit pci bar for vram. It is turned off by default.
It can be enabled by setting the size of the 64bit bar to be larger than
the 32bit bar. Both 32bit and 64bit bar refer to the same memory. Only
the first part of the memory is available via 32bit bar.
The intention is to allow large vram sizes for 64bit guests, by allowing
the vram bar being mapped above 4G, so we don't have to squeeze it into
the pci I/O window below 4G.
With vram_size_mb=16 and vram64_size_mb=256 it looks like this:
00:02.0 VGA compatible controller: Red Hat, Inc. Device 0100 (rev 02) (prog-if 00 [VGA controller])
Subsystem: Red Hat, Inc Device 1100
Physical Slot: 2
Flags: fast devsel, IRQ 10
Memory at f8000000 (32-bit, non-prefetchable) [size=64M]
Memory at fc000000 (32-bit, non-prefetchable) [size=16M]
Memory at fd020000 (32-bit, non-prefetchable) [size=8K]
I/O ports at c5a0 [size=32]
Memory at ffe0000000 (64-bit, prefetchable) [size=256M]
Expansion ROM at fd000000 [disabled] [size=64K]
[ mapping above 4G needs patched seabios:
http://www.kraxel.org/cgit/seabios/commit/?h=pci64 ]
