fdt: move dumpdtb interpretation code to device_tree.c
The dumpdtb code can be useful in more places than just for e500. Move itto a generic place.
Signed-off-by: Alexander Graf <agraf@suse.de>
pseries: Remove XICS irq type enum type
Currently the XICS interrupt controller emulation uses a custom enum tospecify whether a given interrupt is level-sensitive or message-triggered.This enum makes life awkward for saving the state, and isn't particularly...
pseries: Remove never used flags field from spapr vio devices
The general device state structure for PAPR VIO emulated devices includes a'flags' field which was never used. This patch removes it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>...
pseries: Rework implementation of TCE bypass
On the pseries machine the IOMMU (aka TCE tables) is always active for allPCI and VIO devices. Mostly to simplify the SLOF firmware, we implement anextension which allows the IOMMU to be temporarily disabled for certain...
pseries: Fix semantics of RTAS int-on, int-off and set-xive functions
Currently the ibm,int-on and ibm,int-off RTAS functions are implemented asno-ops. This is because when implemented as specified in PAPR they causedLinux (which calls both int-on/off and set-xive) to end up with interrupts...
ppc405_uc: Fix buffer overflow
Report from smatch:
ppc405_uc.c:209 dcr_read_pob(12) error: buffer overflow 'pob->besr' 2 <= 2ppc405_uc.c:232 dcr_write_pob(12) error: buffer overflow 'pob->besr' 2 <= 2
The old code reads and writes besr[POB0_BESR1 - POB0_BESR0] or besr2...
pseries: Remove unnecessary locking from PAPR hash table hcalls
In the paravirtualized environment provided by PAPR, there is a standardlocking scheme so that hypercalls updating the hash page table fromdifferent guest threads don't corrupt the haah table state. We implement...
pseries: Set hash table size based on RAM size
Currently the pseries machine code always attempts to set the size of theguests's hash page table to 16MB. However, because of the way the POWERMMU works, a suitable hash page table size should really depend on memory...
pseries: Fix and cleanup CPU initialization and reset
The current pseries machine init function iterates over the CPUs at severalpoints, doing various bits of initialization. This is messy; these canand should be merged into a single iteration doing all the necessary per...
pseries: Use new method to correct reset sequence
A number of things need to occur during reset of the PAPRparavirtualized platform in a specific order. For example, the hashtable needs to be cleared before the CPUs are reset, so that theyinitialize their register state correctly, and the CPUs need to have...
pseries: Add support for new KVM hash table control call
This adds support for then new "reset htab" ioctl which allows qemuto properly cleanup the MMU hash table when the guest is reset. Withthe corresponding kernel support, reset of a guest now works properly....
pseries: Clear TCE and signal state when resetting PAPR VIO devices
When we reset the system, the reset method for VIO bus devices resetsthe state of their request queue (if present) as it should. Howeverit was not resetting the state of their TCE table (DMA translation) if...
pseries: Reset emulated PCI TCE tables on system reset
The emulated PCI host bridge on the pseries machine incorporates an IOMMU(PAPR TCE table). Currently the mappings in this IOMMU are not clearedwhen we reset the system. This patch fixes this bug. To do this it adds...
pseries: Fix XICS reset
The XICS interrupt controller used on the pseries machine currently has noreset handler. We can get away with this under some circumstances, butit's not correct, and can cause failures if the XICS happens to be in thewrong state at the time of reset....
pseries: Small cleanup to H_CEDE implementation
The H_CEDE hypercall implementation for the pseries machine doesn't triggerquite the right path in the main cpu exec loop. We should set exit_requestto pop up one extra level and recheck state, and we should set the...
pseries: Remove C bitfields from xics code
The XICS interrupt controller emulation uses some C bitfield variables inits internal state structure. This makes like awkward for saving the statebecause we don't have easy VMSTATE helpers for bitfields.
This patch removes the bitfields, instead using explicit bit masking in a...
vfio_pci: fix build on 32-bit systems
We cannot cast directly from pointer to uint64.
Cc: Alex Williamson <alex.williamson@redhat.com>Cc: Alex Barcelo <abarcelo@ac.upc.edu>Reported-by: Alex Barcelo <abarcelo@ac.upc.edu>Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
vfio: vfio-pci device assignment driver
This adds the core of the QEMU VFIO-based PCI device assignment driver.To make use of this driver, enable CONFIG_VFIO, CONFIG_VFIO_IOMMU_TYPE1,and CONFIG_VFIO_PCI in your host Linux kernel config. Load the vfio-pci...
vfio: Enable vfio-pci and mark supported
Enabled for all softmmu guests supporting PCI on Linux hosts. Notethat currently only x86 hosts have the kernel side VFIO IOMMU supportfor this. PPC (g3beige) is the only non-x86 guest known to work.ARM (veratile) hangs in firmware, others untested....
Versatile Express: Add modelling of NOR flash
This patch adds modelling of the two NOR flash banks found on theVersatile Express motherboard. Tested with U-Boot running on an emulatedVersatile Express, with either A9 or A15 CoreTile.
Signed-off-by: Francesco Lavra <francescolavra.fl@gmail.com>...
Versatile Express: Fix NOR flash 0 address and remove flash alias
In the A series memory map (implemented in the Cortex A15 CoreTile), thefirst NOR flash bank (flash 0) is mapped to address 0x08000000, whileaddress 0x00000000 can be configured as alias to either the first or the...
pl190: fix read of VECTADDR
Reading VECTADDR was causing us to set the current priority tothe wrong value, the most obvious effect of which was that wewould return the vector for the wrong interrupt as the resultof the read.
Signed-off-by: Brendan Fennell <bfennell@skynet.ie>...
hw/armv7m_nvic: Correctly register GIC region when setting up NVIC
When setting up the NVIC memory regions the memory range0x100..0xcff is aliased to an IO memory region that belongsto the ARM GIC. This aliased region should be added to theNVIC memory container, but the actual GIC IO memory region...
add a boot parameter to set reboot timeout
Added an option to let qemu transfer a configuration file to bios,"etc/boot-fail-wait", which could be specified by command -boot reboot-timeout=TT have a max value of 0xffff, unit is ms.
With this option, guest will wait for a given time if not find...
add pc-1.3 machine type
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
compat: turn off msi/msix on xhci for old machine types
ivshmem: add 64bit option
This patch adds a "use64" property which will make the ivshmem driverregister a 64bit memory bar when set, so you have something to play withwhen testing 64bit pci bits. It also allows to have quite big sharedmemory regions, like this:...
acpi: use notifier for signaling guest system_powerdown command
In addition, there is no need to allocate an extra irq just forrising SCI in irq handler. Just rise SCI right from notifierhandler instead.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>...
target-arm: use notifier for signaling guest system_powerdown command
Acked-by: Peter Maydell <peter.maydell@linaro.org>Signed-off-by: Igor Mammedov <imammedo@redhat.com>Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
target-sparc: use notifier for signaling guest system_powerdown command
Signed-off-by: Igor Mammedov <imammedo@redhat.com>Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Merge remote-tracking branch 'bonzini/scsi-next' into staging
Merge remote-tracking branch 'stefanha/trivial-patches' into staging
cadence_uart: Fix buffer overflow
Report from smatch:hw/cadence_uart.c:413 uart_read(13) error: buffer overflow 's->r' 18 <= 18
This fixes read access to s->r[R_MAX] which is behind the limits of s->r.
Signed-off-by: Stefan Weil <sw@weilnetz.de>Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
lm4549: Fix buffer overflow
Report from smatch:lm4549.c:234 lm4549_write_samples(14) error: buffer overflow 's->buffer' 1024 <= 1024
There must be enough space to add two entries starting with indexs->buffer_level, therefore the old check was wrong....
ioh3420: Remove unreachable code
Report from smatch:hw/ioh3420.c:128 ioh3420_initfn(35) info: ignoring unreachable code.
Signed-off-by: Stefan Weil <sw@weilnetz.de>Reviewed-by: Juan Quintela <quintela@redhat.com>Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
pflash_cfi01: Fix warning caused by unreachable code
Report from smatch:hw/pflash_cfi01.c:431 pflash_write(180) info: ignoring unreachable code.
Instead of removing the return statement after the switch statement,the patch replaces the return statements in the switch statement by...
Merge branch 'usb.65' of git://git.kraxel.org/qemu
scsi-disk: use scsi_data_cdb_length
This simplifies and unifies the parsing of READ, WRITE and WRITE SAMEcommands.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
SCSI: Standard INQUIRY data should report HiSup flag as set.
QEMU as far as I know only reports LUN numbers using the modes thatare described in SAM4.As such, since all LUN numbers generated by the SCSI emulation in QEMUfollow SAM4, we should set the HiSup bit in the standard INQUIRY data...
scsi: introduce scsi_cdb_length and scsi_data_cdb_length
scsi-disk: introduce check_lba_range
Abstract the test for an out-of-range (starting block, block count)pair.
scsi-disk: fix check for out-of-range LBA
This fix is needed to correctly handle 0-block read and writes.Without it, a 0-block access at LBA 0 would underflow.
pflash_cfi01: fix vendor specific extended query
pflash_cfi01 announces a version number of 1.1, which implies"Protection Register Information" and "Burst Read information" sections, which are not provided.
Decrease the version number to 1.0 so that only the "Protection...
hw/pflash_cfi012: Use host-utils.h ctz32()
Drop the private reimplementation of ctz32() from pflash_cfi012in favour of using the standard version from host-utils.h.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>Reviewed-by: Stefan Weil <sw@weilnetz.de>...
xilinx_timer: Fix a compile error if debug enabled
There was a missing include of qemu-log and a variable name in a printf was outof date.
Signed-off-by: Chris Wulff <crwulff@gmail.com>Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
xilinx_timer: Removed comma in device name
Fixes an error in a61e4b07a30c062260d2d01771773f14820d1eb7
Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
xilinx_timer: Send dbg msgs to stderr not stdout
xilinx_timer: Fixed "frequency" prop name
The "frequency" qdev prop matches the "clock-frequency" property in Xilinx EDK.Renamed "frequency" -> "clock-frequency" accordingly.
xilinx.h: Error check when setting links
Assert that the ethernet and dma controller are sucessfully linked to theirpeers.
xilinx: fix names of ethernet and dma links.
These names were incorrect. Fixed to match to actual link names
Merge remote-tracking branch 'kwolf/for-anthony' into staging
Merge remote-tracking branch 'spice/spice.v60' into staging
Merge remote-tracking branch 'stefanha/net' into staging
Merge remote-tracking branch 'qemu-kvm/uq/master' into staging
pc: Drop practically unused BOCHS BIOS debug ports
We have debugcon these days to listen on those ports that receive debugmessages. Also drop the others that have no effect anymore.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Remove unused CONFIG_TCG_PASS_AREG0 and dead code
Now that CONFIG_TCG_PASS_AREG0 is enabled for all targets,remove dead code and support for !CONFIG_TCG_PASS_AREG0 case.
Remove dyngen-exec.h and all references to it. Although included byhw/spapr_hcall.c, it does not seem to use it....
net: clean up usbnet_receive()
The USB network interface has two code paths depending on whether or notRNDIS mode is enabled. Refactor usbnet_receive() so that there is acommon path throughout the function instead of duplicating everythingacross if (is_rndis(s)) ... else ... code paths....
net: fix usbnet_receive() packet drops
The USB network interface has a single buffer which the guest readsfrom. This patch prevents multiple calls to usbnet_receive() fromclobbering the input buffer. Instead we queue packets until bufferspace becomes available again....
net: notify iothread after flushing queue
virtio-net has code to flush the queue and notify the iothreadwhenever new receive buffers are added by the guest. That isfine, and indeed we need to do the same in all other drivers.However, notifying the iothread should be work for the network...
e1000: flush queue whenever can_receive can go from false to true
When the guests replenish the receive ring buffer, the network deviceshould flush its queue of pending packets. This is done withqemu_flush_queued_packets.
e1000's can_receive can go from false to true when RCTL or RDT are...
xen: flush queue when getting an event
xen does not have a register that, when written, will cause can_receiveto go from false to true. However, flushing the queue can be attemptedwhenever the front-end raises its side of the Xen event channel. There...
eepro100: Fix network hang when rx buffers run out
This is reported by QA. When installing os with pxe, after the initialkernel and initrd are loaded, the procedure tries to copy files from installserver to local harddisk, the network becomes stall because of running out of...
Spelling fixes in comments and documentation
These wrong spellings were detected by codespell:
["also is" -> "is also" and "ressources" -> "resources" suggested by...
Fix spelling (licenced -> licensed) in GPL
The patch also fixes the case of "written".
Signed-off-by: Stefan Weil <sw@weilnetz.de>Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Spelling fixes in comments and macro names (ressource -> resource)
Macro XEN_HOST_PCI_RESOURCE_BUFFER_SIZE is only used locally,so the change should be safe.
srp: Don't use QEMU_PACKED for single elements of a structured type
QEMU_PACKED results in a MinGW compiler warning when it isused for single structure elements:
warning: 'gcc_struct' attribute ignored
Using QEMU_PACKED for the whole structure avoids the compiler warning...
usb-redir: Add support for migration
Signed-off-by: Hans de Goede <hdegoede@redhat.com>Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
usb-redir: Add chardev open / close debug logging
usb-redir: Revert usb-redir part of commit 93bfef4c
Commit 93bfef4c6e4b23caea9d51e1099d06433d8835a4 makes qemu-deviceswhich report the qemu version string to the guest in some way use aqemu_get_version function which reports a machine-specific version string....
uhci: Don't queue up packets after one with the SPD flag set
Don't queue up packets after a packet with the SPD (short packet detect)flag set. Since we won't know if the packet will actually be short until ithas completed, and if it is short we should stop the queue....
ehci: Don't set seen to 0 when removing unseen queue-heads
When removing unseen queue-heads from the async queue list, we should notset the seen flag to 0, as this may cause them to be removed byehci_queues_rip_unused() during the next call to ehci_advance_async_state()...
ehci: Walk async schedule before and after migration
usb-redir: Change cancelled packet code into a generic packet-id queue
usb-redir: Add an already_in_flight packet-id queue
After a live migration, the usb-hcd will re-queue all packets bywalking over the schedule in the guest memory again, but requests whichwere encountered on the migration source before will already be in flight,...
usb-redir: Store max_packet_size in endp_data
So that we've a place to migrate it to / from to allow restoring it aftermigration.
hw/qxl: support client monitor configuration via device
Until now we used only the agent to change the monitor count and eachmonitor resolution. This patch introduces the qemu part of using thedevice as the mediator instead of the agent via virtio-serial....
hw/qxl: tracing fixes
Add two new trace events:qxl_send_events(int qid, uint32_t events) "%d %d" qxl_set_guest_bug(int qid) "%d"
Change qxl_io_unexpected_vga_mode parameters to be equivalent to thoseof qxl_io_write for easier grouping under a single systemtap probe....
qxl: add trace-event for QXL_IO_LOG
Signed-off-by: Alon Levy <alevy@redhat.com>Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
ATAPI: STARTSTOPUNIT only eject/load media if powercondition is 0
The START STOP UNIT command will only eject/load media ifpower condition is zero.
If power condition is !0 then LOEJ and START will be ignored.
From MMC (sbc contains similar wordings too)...
ide: Fix error messages from static code analysis (no real error)
Report from smatch:hw/ide/core.c:1472 ide_exec_cmd(423) error: buffer overflow 'smart_attributes' 8 <= 29hw/ide/core.c:1474 ide_exec_cmd(425) error: buffer overflow 'smart_attributes' 8 <= 29...
ahci: properly reset PxCMD on HBA reset
While testing q35, I found that windows 7 (specifically, windows 7 ultimatewith sp1 x64), wouldn't install because it can't find the cdrom or disk drive.The failure message is: 'A required cd/dvd device driver is missing. If you...
ehci: switch to new-style memory ops
Also register different memory regions for capabilities,operational registers and port status registers. Createseparate tracepoints for operational regs and port statusregs. Ditch a bunch of sanity checks because the memory...
ehci: Fix interrupts stopping when Interrupt Threshold Control is 8
If Interrupt Threshold Control is 8 or a multiple of 8, thens->usbsts_frindex can become exactly 0x4000, at which point(s->usbsts_frindex > s->frindex) will never become true, ass->usbsts_frindex will not be lowered / reset in this case....
ehci: Don't process too much frames in 1 timer tick (v2)
The Linux ehci isoc scheduling code fills the entire schedule ahead oftime minus 80 frames. If we make a large jump in where we are in theschedule, ie 40 frames, then the scheduler all of a sudden will only have...
qxl: dont update invalid area
This patch fixes the following error:
$ ~/usr/bin/qemu-system-x86_64 enable-kvm -m 1024 -spice port=5900,disable-ticketing -vga qxl -cdrom ~/Images/linuxmint-13-mate-dvd-32bit.iso(/home/mathslinux/usr/bin/qemu-system-x86_64:10068): SpiceWorker-CRITICAL **: red_worker.c:4599:red_update_area: condition `area>left >= 0 && area->top >= 0 && area->left < area->right && area->top < area->bottom' failed...
qxl: Ignore set_client_capabilities pre/post migrate
The recent introduction of set_client_capabilities has broken(seamless) migration by trying to call qxl_send_events pre (seamlessincoming) and post (*) migration, triggering the following assert:qxl_send_events: Assertion `qemu_spice_display_is_running(&d->ssd)' failed....
usb-host: allow emulated (non-async) control requests without USBPacket
xhci needs this for USB_REQ_SET_ADDRESS due to the wayusb addressing is handled by the xhci hardware.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
qxl: better cleanup for surface destroy
Add back a call to qxl_spice_destroy_surface_wait_complete() in qxl_spice_destroy_surface_wait(),that was removed by commit c480bb7da465186b84d8427e068ef7502e47ffbf
It is needed to complete surface-removal cleanup, for non async....
spice: switch to queue for vga mode updates
VGA: Flush coalesced MMIO on related MMIO/PIO accesses
In preparation of stopping to flush coalesced MMIO unconditionally onvmexits, mark VGA MMIO and PIO regions as synchronous /wrt coalescedMMIO and flush the buffer explicitly on PIO accesses that do not use...
xhci: add msix support
xhci: move register update into xhci_intr_raise
Now that we have a separate function to raise an IRQ we can movesome comon code into the function.
xhci: add XHCIInterrupter
Move all state belonging to the (single) interrupter into a separatestruct. First step in adding support for multiple interrupters.
xhci: prepare xhci_runtime_{read,write} for multiple interrupters
Prepare xhci runtime register access function for multiple interrupters.
xhci: pick target interrupter
Pick the correct interrupter when queuing an event.
xhci: support multiple interrupters
Everything is in place, flip the big switch nowand enable support for multiple interrupters.
xhci: kill xhci_mem_{read,write} dispatcher functions
... and register subregions instead, so we offload the dispatchingto the the memory subsystem which is designed to handle it.
xhci: allow bytewise capability register reads
Some guests need this according toAlejandro Martinez Ruiz <alex@securiforest.com>
xhci: rework interrupt handling
Split xhci_irq_update into a function which handles intx updates(including lowering the irq line once the guests acks the interrupt)and one which is used for raising an irq only.