Linux expects REQ_FUA to be advertised only if WRITE+FUA is faster than
WRITE+SYNCHRONIZE CACHE, so we should not set the DPOFUA bit. However,
it is useful to have it for testing purposes, so add a qdev property to
set it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
It is pointless to add a uint32_t field for every new feature.
Since we will need a new feature soon, convert accesses to "removable"
to look at bit 0 only.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
scsi_cmd_xfer_mode() is used to specify the xfer direction for SCSI
commands that come in from the guest. If the direction is set incorrectly
this will eventually cause QEMU to kernel-panic the guest.
Add UNMAP and ATAPASSTHROUGH as commands that send data to the device.
Without this change, recent kernels will send both UNMAP as well
as ATAPASSTHROUGH commands to any /dev/sg* device, which due to the
incorrect xfer direction very quickly causes the guest kernel to crash.
Example causing a crash without the patch applied:
./x86_64-softmmu/qemu-system-x86_64 -m 1024 -enable-kvm -cdrom linuxmint-12-gnome-dvd-64bit.iso -drive file=/dev/sg4,if=scsi,bus=0,unit=6
Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Recently introduced FUA support also gave us a use-after-free
of the BlockAcctCookie within a SCSIDiskReq, due to unbalanced
reference counting.
The patch fixes this by making scsi_do_read look like a combination
of scsi_*_complete + scsi_*_data. It does both a ref (like
scsi_read_data) and an unref (like scsi_flush_complete).
Reported-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Valgrind reported this memory leak which occured a few times.
Test scenario:
qemu-system-i386 (no arguments), only BIOS started, terminate with
monitor command (quit).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Valgrind reported this memory leak which occured very often.
Test scenario:
qemu-system-i386 (no arguments), only BIOS started, terminate with
monitor command (quit).
v2:
Use error_free instead of g_free (hint from Andreas Färber, thanks).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Andreas Färber <afaerber@suse.de>
When using Windows 8 with an AHCI disk drive, it issues a blue screen.
The reason is that WIN_SECURITY_FREEZE_LOCK / CFA_WEAR_LEVEL is not
supported by our ATA implementation, but Windows expects it to be there.
Since without security stuff implemented, the lock would be a nop anyway
and CFA_WEAR_LEVEL already is treated as a nop, let's just allow the cmd
for HD drives as well. That way Windows is happy.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* agraf/s390-for-upstream:
s390: reset avail and used index on reboot
S390: dont call system_shutdown on disabled wait
S390: remove default cdrom, sd-card and floppy support
S390: support reboot for kvm on s390
S390: reboot: reset device pages on reboot
S390: fix error handling on kernel and initrd failures
S390: fix kernel_commandline handling
The default case in function spin_read should never be reached,
therefore the old code used assert(0) to abort QEMU.
This does not work when QEMU is compiled with macro NDEBUG defined.
In this case (and also when the compiler does not know that assert
never returns), there is a compiler warning because of the missing
return value.
Using hw_error allows an improved error message and aborts always.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
[agraf: use __func__]
Signed-off-by: Alexander Graf <agraf@suse.de>
Commit ed120055c7 (Implement PAPR VPA
functions for pSeries shared processor partitions) introduced the
deregister_dtl() function and typo "emv" as name of its argument.
This went unnoticed because the code in that function can access the
global variable "env" so that no build failure resulted.
Fix the argument to read "env". Resolves LP#986241.
Signed-off-by: Peter Portante <peter.portante@redhat.com>
Acked-by: Andreas Färber <afaerber@suse.de>
[agraf: fixed typo in commit message]
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently the pseries PCI code uses a somewhat strange scheme of PCI irq
allocation - one per slot up to a maximum that's greater than the usual 4.
This scheme more or less worked, because we were able to tell the guest the
irq mapping in the device tree, however it's a bit odd and may break
assumptions in the future. Worse, the array used to construct the dev
tree interrupt map was mis-sized, we got away with it only because it
happened that our SPAPR_PCI_NUM_LSI value was greater than 7.
This patch changes the pseries PCI code to use the same interrupt swizzling
scheme as is standardized for PCI to PCI bridges. This makes for better
consistency, deals better with any devices which use multiple interrupt
pins and will make life easier in the future when we add passthrough of
what may be either a host bridge or a PCI to PCI bridge. This won't break
existing guests, because they don't assume a particular mapping scheme for
host bridges, but just follow what we tell them in the device tree (also
updated to match, of course). This patch also fixes the allocation of the
irq map.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
PAPR virtual IO (VIO) devices require a unique, but otherwise arbitrary,
"address" used as a token to the hypercalls which manipulate them.
Currently the pseries machine code does an ok job of allocating these
addresses when the legacy -net nic / -serial and so forth options are used
but will fail to allocate them properly when using -device.
Specifically, you can use -device if all addresses are explicitly assigned.
Without explicit assignment, only one VIO device of each type (network,
console, SCSI) will be assigned properly, any further ones will attempt
to take the same address leading to a fatal error.
This patch fixes the situation by adding a proper address allocator to the
VIO "bus" code. This is used both by -device and the legacy options and
default devices. Addresses can still be explicitly assigned with -device
options if desired.
This patch changes the (guest visible) numbering of VIO devices, but since
their addresses are discovered using the device tree and already differ
from the numbering found on existing PowerVM systems, this does not break
compatibility.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
Initial Mapping creation for secondary CPU in SMP was missing new MMU API.
Signed-off-by: Bharat Bhushan <bharat.bhushan@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
reset the guest vring avail/used idx fields, otherwise it's possible
that old values remain in memory which would cause a reboot to fail
with a "Guest moved used index" message
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch simply disables CDROM, SD card and floppy support for the
s390 virtio machine. Without this patch, a default CDROM drive would
get added which has currently no backing on s390.
Signed-off-by: Einar Lueck <elelueck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch fixes reboot on s390 by resetting the device
page on reboot.
Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
If the user specifies a non-existing or non-accessable kernel or initrd
qemu does not fail, instead it ipls into the system, which then falls
into a program check loop due to the zeroed memory with no kernel.
Lets add some sanity checks.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
The current handling of kernel parameters is broken. The pointer
is always valid, even if no -kernel or -append is specified.
We must check if the kernel rom address is valid instead,
otherwise qemu might segfault.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Initially, vga_get_text_resolution returns a text resolution of 1 x 1
(vga register values are 0).
This is visible during MIPS Malta boot with SDL. It also occurs with the
i386 or x86_64 system emulation when it runs in single step mode:
QEMU changes the size of the SDL window to the smallest possible value
which is supported by the window manager. As this is not the calculated
size, QEMU switches to scaled mode. When the BIOS or the VGA driver sets
the normal text resolution, the window stays small and displays
microscopic characters.
Ignoring text resolutions of 1 x 1 or less avoids these problems.
A similar workaround already exists for too large resolutions.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Register is one byte-wide (as per specification), so there is no need
to specify endianness.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
[AF: Limit access validity to size 1]
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Speaker init has been added in 506b7ddf88,
but audio subsystem init was missing.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Keep the PC values as defaults but allow to override them for PReP.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
This fixes a crash in PReP emulation when using DMA controller to access
floppy drive.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
* 'target-arm.for-upstream' of git://git.linaro.org/people/pmaydell/qemu-arm:
target-arm: Make SETEND respect bswap_code (BE8) setting
target-arm: Move A9 config_base_address reset value to ARMCPU
target-arm: Change cpu_arm_init() return type to ARMCPU
Move the A9 config_base_address cp15 register reset value to
ARMCPU. This should become a QOM property so that the Highbank
board can set it without having to pull in cpu-qom.h, but at
least this avoids the implicit dependency on reset ordering
that the previous workaround had.
Cc: Mark Langsdorf <mark.langsdorf@calxeda.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
* kraxel/usb.49:
usb-uhci: update irq line on reset
usb: add serial number generator
usb-redir: Not finding an async urb id is not an error
usb-redir: Reset device address and speed on disconnect
usb-redir: An interface count of 0 is a valid value
usb-xhci: fix bit test
usb-xhci: Use PCI DMA helper functions
usb-host: fix zero-length packets
usb-host: don't dereference invalid iovecs
usb-storage: fix request canceling
usb-ehci: Ensure frindex writes leave a valid frindex value
usb-ehci: add missing usb_packet_init() call
usb-ehci: remove hack
* mst/tags/for_anthony:
e1000: set E1000_ICR_INT_ASSERTED only for 8257x
e1000: link auto-negotiation emulation
e1000: introduce bit for debugging PHY emulation
e1000: introduce helpers to manipulate link status
e1000: PHY loopback mode support
e1000: conditionally raise irq at the end of MDI cycle
e1000: introduce bits of PHY control register
eepro100: Fix multicast regression
virtio: order index/descriptor reads
virtio: add missing mb() on enable notification
virtio: add missing mb() on notification
e1000: move reset function earlier in file
We're not actually calling qdev_init for the pc-sysfw device. Since we create
the canonical path during realize, this was causing an assert to trigger when
attempting to read a link pointing to pc-sysfw.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
uhci_reset() clears irq mask and irq status registers, but doesn't
update the irq line. Which may result in suspious IRQs after uhci
reset. Fix it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds a function which creates unique serial numbers for usb
devices and puts it into use. Windows guests tend to become unhappy if
they find two identical usb devices in the system. Effects range from
non-functional devices (with yellow exclamation mark in device manager)
to BSODs. Handing out unique serial numbers to devices fixes this.
With this patch applied almost all emulated devices get a generated,
unique serial number. There are two exceptions:
* usb-storage devices will prefer a user-specified serial number
and will only get a generated number in case the serial property
is unset.
* usb-hid devices keep the fixed serial number "42" as it is used
to signal "remote wakeup actually works".
See commit 7b074a22da
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
We clear our pending async urb list on device disconnect and we may still
receive "packet complete" packets from our peer after this, which will then
refer to packet ids no longer in our list.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Without this disconnected devices look like the last redirected device
in the monitor in "info usb".
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
An interface-count of 0 happens when a device is in unconfigured state when
it gets redirected. So we should not use 0 to detect not having received
interface info from our peer.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Shortly before 1.0, we added helper functions / wrappers for doing PCI DMA
from individual devices. This makes what's going on clearer and means that
when we add IOMMU support somewhere in the future, only the general PCI
code will have to change, not every device that uses PCI DMA.
However, usb-xhci is not using these wrappers, despite being a PCI only
device. This patch remedies the situation, using the pci dma functions
instead of direct calls to cpu_physical_memory_{read,write}(). Likewise
address parameters for DMA are changed to dma_addr_t instead of
target_phys_addr_t.
[ kraxel: removed #ifdefs ]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
usb-host optimizes away zero-length packets by not entering the
processing loop at all. Which isn't correct, we should submit a
zero-length urb to the host devicein that case. This patch makes
sure we run the processing loop at least once.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
