qxl: dont update invalid area
This patch fixes the following error:
$ ~/usr/bin/qemu-system-x86_64 enable-kvm -m 1024 -spice port=5900,disable-ticketing -vga qxl -cdrom ~/Images/linuxmint-13-mate-dvd-32bit.iso(/home/mathslinux/usr/bin/qemu-system-x86_64:10068): SpiceWorker-CRITICAL **: red_worker.c:4599:red_update_area: condition `area>left >= 0 && area->top >= 0 && area->left < area->right && area->top < area->bottom' failed...
qxl: Ignore set_client_capabilities pre/post migrate
The recent introduction of set_client_capabilities has broken(seamless) migration by trying to call qxl_send_events pre (seamlessincoming) and post (*) migration, triggering the following assert:qxl_send_events: Assertion `qemu_spice_display_is_running(&d->ssd)' failed....
spice: switch to queue for vga mode updates
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
xhci: add msix support
xhci: move register update into xhci_intr_raise
Now that we have a separate function to raise an IRQ we can movesome comon code into the function.
xhci: add XHCIInterrupter
Move all state belonging to the (single) interrupter into a separatestruct. First step in adding support for multiple interrupters.
xhci: prepare xhci_runtime_{read,write} for multiple interrupters
Prepare xhci runtime register access function for multiple interrupters.
xhci: pick target interrupter
Pick the correct interrupter when queuing an event.
xhci: support multiple interrupters
Everything is in place, flip the big switch nowand enable support for multiple interrupters.
xhci: kill xhci_mem_{read,write} dispatcher functions
... and register subregions instead, so we offload the dispatchingto the the memory subsystem which is designed to handle it.
xhci: allow bytewise capability register reads
Some guests need this according toAlejandro Martinez Ruiz <alex@securiforest.com>
xhci: drop buffering
This patch splits the xhci_xfer_data function into three.The xhci_xfer_data function used to do does two things:
(1) copy transfer data between guest memory and a temporary buffer. (2) report transfer results to the guest using events....
xhci: move device lookup into xhci_setup_packet
xhci: implement mfindex
Implement mfindex register and mfindex wrap event.
xhci: iso xfer support
Add support for iso transfers.
xhci: trace cc codes in cleartext
xhci: add trace_usb_xhci_ep_set_dequeue
xhci: fix runtime write tracepoint
xhci: update register layout
Change the register layout to be a bit more sparse and also not dependon the number of ports. Useful when for making the number of portsruntime-configurable.
xhci: update port handling
This patch changes the way xhci ports are linked to USBPorts. The fixed1:1 relationship between xhci ports and USBPorts is gone. Now eachUSBPort represents a physical plug which has usually two xhci portsassigned: one usb2 and ond usb3 port. usb devices show up at one or the...
usb3: superspeed descriptors
Add superspeed descriptor entry to USBDesc,advertise superspeed support when present.
usb3: superspeed endpoint companion
Add support for building superspeed endpoint companion descriptors,create them for superspeed usb devices.
usb3: bos decriptor
Add support for creating BOS descriptor anddevice cappability descriptors.
usb-storage: usb3 support
Add usb3 descriptors to usb-storage, so it shows up as superspeeddevice when connected to xhci.
xhci: fix & cleanup msi.
Drop custom write_config function which isn't needed any more.Make the msi property a bit property so it accepts 'on' & 'off'.Enable MSI by default.
TODO: add compat property to disable on old machine types.
xhci: rework interrupt handling
Split xhci_irq_update into a function which handles intx updates(including lowering the irq line once the guests acks the interrupt)and one which is used for raising an irq only.
usb-redir: Don't delay handling of open events to a bottom half
There is no need for this, and doing so means that a backend trying towrite immediately after an open event will see qemu_chr_be_can_writereturning 0, which not all backends handle well as there is no wakeup...
usb-redir: Get rid of async-struct get member
This is a preparation patch for completely getting rid of the async-packetstruct in usb-redir, instead relying on the (new) per ep queues in theqemu usb core.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>...
usb-redir: Get rid of local shadow copy of packet headers
The shadow copy only serves as an extra check (besides the packet-id) toensure the packet we get back is a reply to the packet we think it is.
This check has never triggered in all the time usb-redir is in use now,...
usb-redir: Get rid of unused async-struct dev member
usb-redir: Move to core packet id and queue handling
Signed-off-by: Hans de Goede <hdegoede@redhat.com>Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
usb-redir: Return babble when getting more bulk data then requested
Babble is the appropriate error in this case (rather then signalling a stall).
usb-redir: Convert to new libusbredirparser 0.5 API
This gives us support for 64 bit ids which is needed for using XHCI withthe new hcd generated ids.
usb-redir: Set ep max_packet_size if available
This is needed for usb-redir to work properly with the xhci emulation.
usb-redir: Add a usbredir_reject_device helper function
usb-redir: Ensure our peer has the necessary caps when redirecting to XHCI
In order for redirection to work properly when redirecting to an emulatedXHCI controller, the usb-redir-host must support bothusb_redir_cap_ep_info_max_packet_size and usb_redir_cap_64bits_ids,...
usb-redir: Enable pipelining for bulk endpoints
Better name usb braille device
Windows users need to know that they have to use the Baum driver to makethe qemu braille device work.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
usb-audio: fix usb version
usb-audio is a full speed (1.1) device,but bcdUSB claims it is usb 2.0. Fix it.
xhci: rip out background transfer code
original xhci code (the one which used libusb directly) used to use'background transfers' for iso streams. In upstream qemu the isostream buffering is handled by usb-host & usb-redir, so we willnever ever need this. It has been left in as reference, but is dead...
usb-core: Add a usb_ep_find_packet_by_id() helper function
usb-core: Allow the first packet of a pipelined ep to complete immediately
This can happen with usb-redir live-migration when the packet gets re-queuedafter the migration and the original queuing from the migration source sidehas already finished.
Revert "ehci: don't flush cache on doorbell rings."
This reverts commit 9bc3a3a216e2689bfcdd36c3e079333bbdbf3ba0, which gotadded to fix an issue where the real, underlying cause was not stoppingthe ep queue on an error.
Now that the underlying cause is fixed by the "usb: Halt ep queue and...
ehci: Validate qh is not changed unexpectedly by the guest
-combine the qh check with the check for devaddr changes-also ensure that p gets set to NULL when the queue gets cancelled on devaddr change, which was not done properly before this patch
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
ehci: Update copyright headers to reflect recent work
Update copyright headers to reflect all the work Gerd and I have been doingon the EHCI emulation.
ehci: Properly cleanup packets on cancel
ehci: Properly report completed but not yet processed packets to the guest
Reported packets which have completed before being cancelled as such to thehost. Note that the new code path this patch adds is untested since it I'vebeen unable to actually trigger the race which needs this code path....
ehci: check for EHCI_ASYNC_FINISHED first in ehci_free_packet
Otherwise we'll see the packet free twice in the trace log even thoughit actually happens only once.
ehci: trace guest bugs
make qemu_queue_{cancel,reset} return the number of packets released,so the caller can figure whenever there have been active packets eventhough there shouldn't have been any. Add tracepoint to log this.
ehci: add doorbell trace events
ehci: Add some additional ehci_trace_guest_bug() calls
ehci: Fix memory leak in handling of NAK-ed packets
Currently each time we try to execute a NAK-ed packet we redoehci_init_transfer, and usb_packet_map, re-allocing (without freeing) thesg list every time.
This patch fixes this, it does this by introducing another async state, so...
ehci: Handle USB_RET_PROCERR in ehci_fill_queue
USB_RET_PROCERR can be triggered by the guest (by for example requesting morethen BUFFSIZE bytes), so don't assert on it.
ehci: Correct a comment in fetchqtd packet processing
Since my previous comment said "Should never happen", I tried changing thenext line to an assert(0), which did not go well, which as the new commentsexplains is logical if you think about it for a moment....
usb-redir: Never return USB_RET_NAK for async handled packets
USB_RET_NAK is not a valid response for async handled packets (and willtrigger an assert as such).
Also drop the warning when receiving a status of cancelled for packets notcancelled by qemu itself, this can happen when a device gets unredirected...
usb: controllers do not need to check for babble themselves
If an (emulated) usb-device tries to write more data to a packet thenits iov len, this will trigger an assert in usb_packet_copy(), and ifa driver somehow circumvents that check and writes more data to the...
usb-core: Don't set packet state to complete on a nak
This way the hcd can re-use the same packet to retry without needingto re-init it.
RTC: Remove the logic to update time format when DM bit changed
Changing the DM (binary/BCD) and 24/12 control bit doesn't affect the internalregisters. It only indicates what format is used for those registers.
Signed-off-by: Yang Zhang <yang.z.zhang@intel.com>...
RTC: Rename rtc_timer_update
Signed-off-by: Yang Zhang <yang.z.zhang@intel.com>Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
RTC: introduce RTC_CLOCK_RATE
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
RTC: Update interrupt state when interrupts are masked/unmasked
If an interrupt flag is already set when the interrupt becomes enabled,raise an interrupt immediately, and vice versa if interrupts becomedisabled.
RTC: Update the RTC clock only when reading it
Calculate guest RTC based on the time of the last update, instead ofusing timers. The formula is
(base_rtc + guest_time_now - guest_time_last_update + offset)
Base_rtc is the RTC value when the RTC was last updated....
RTC: Add divider reset support
The first update cycle begins one-half seconds after dividerreset is removed. This feature is useful for testing.
RTC: Do not fire timer periodically to catch next alarm
This patch limits further the usage of a periodic timer. It computes thetime of the next alarm, and uses it to skip all intermediate occurrencesof the timer.
Cc: Yang Zhang <yang.z.zhang@intel.com>...
RTC: Get and set time without going through s->current_tm
This patch makes rtc_set_time and rtc_set_cmos work without readings->current_tm. In the case of rtc_set_time I introduce a newfunction that retrieves the time and stores into a given struct tm...
RTC: Remove the current_tm field
This is not used anymore and only written to.
Merge remote-tracking branch 'qemu-kvm/uq/master' into staging
Merge remote-tracking branch 'mst/tags/for_anthony' into staging
Merge branch 'spice.v59' of git://anongit.freedesktop.org/spice/qemu
Merge branch 'queue/qmp' of git://repo.or.cz/qemu/qmp-unstable
hw/mcf5206: Fix buffer overflow for MBAR read / write
Report from smatch:
mcf5206.c:384 m5206_mbar_readb(7) error: buffer overflow 'm5206_mbar_width' 128 <= 128mcf5206.c:403 m5206_mbar_readw(8) error: buffer overflow 'm5206_mbar_width' 128 <= 128mcf5206.c:427 m5206_mbar_readl(8) error: buffer overflow 'm5206_mbar_width' 128 <= 128...
hw/wm8750: Fix potential buffer overflow
hw/wm8750.c:369 wm8750_tx(12) error: buffer overflow 's->i2c_data' 2 <= 2
It looks like the preprocessor statements were simply misplaced.
Replace also FUNCTION by func to please checkpatch.pl....
kvm: i386: Add classic PCI device assignment
This adds PCI device assignment for i386 targets using the classic KVMinterfaces. This version is 100% identical to what is being maintainedin qemu-kvm for several years and is supported by libvirt as well. It is...
kvm: Clean up irqfd API
No need to expose the fd-based interface, everyone will already be finewith the more handy EventNotifier variant. Rename the latter to clarifythat we are still talking about irqfds here.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>...
musicpal: Fix flash mapping
The old arithmetic assumed 32 physical address bits which is no longertrue for ARM since 3cc0cd61f4.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de>Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
lan9118: fix multicast filtering
The lan9118 emulation tries to compute the multicast index by callingdirectly the crc32() function from zlib, but fails to get the correctresult.
Use the common compute_mcast_idx() function instead, which gives thecorrect result. This fixes IPv6 support....
fix entry pointer for ELF kernels loaded with -kernel option
Find a hopefully proper patch attached. Take it or leave it.
Reviewed-by: Kevin Wolf <kwolf@redhat.com>Signed-off-by: Henning Schild <henning@hennsch.de>Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
vhost: Pass device path to vhost_dev_init()
The path to /dev/vhost-net is currently hardcoded in vhost_dev_init().This needs to be changed so that /dev/vhost-scsi can be used. Pass inthe device path instead of hardcoding it.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>...
pcie: drop version_id field for live migration
While testing q35 live migration, I found that the migration would abort withthe following error: "Unknown savevm section type 76".
The error is due to this check failing in 'vmstate_load_state()':
while(field->name) {...
pcie_aer: clear cmask for Advanced Error Interrupt Message Number
The Advanced Error Interrupt Message Number (bits 31:27 of the RootError Status Register) is updated when the number of msi messages assigned to adevice changes. Migration of windows 7 on q35 chipset failed because the check...
hw/pl110: Fix spelling of 'palette'
Fix the spelling of 'palette' used in various local variables,structure members and comments.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>Reviewed-by: Stefan Weil <sw@weilnetz.de>Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
console: vga_hw_screen_dump_ptr: take Error argument
All devices that register a screen dump callback viagraphic_console_init() are updated.
The new argument is not used in this commit. Error handling willbe added to each device individually later.
This change is a preparation to convert the screendump command...
vga: ppm_save(): add error handling
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
omap_lcdc: rename ppm_save() to omap_ppm_save()
Avoids confusion with the global ppm_save() defined in hw/vga.c.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
omap_lcdc: omap_ppm_save(): add error handling
g364fb: g364fb_screen_dump(): add error handling
tcx: tcx24_screen_dump(): add error handling
tcx: tcx_screen_dump(): add error handling
spice: make number of surfaces runtime-configurable.
qxl: Add set_client_capabilities() interface to QXLInterface
This new interface lets spice server inform the guest whether
(a) a client is connected(b) what capabilities the client has
There is a fixed number (464) of bits reserved for capabilities, and...
Remove #ifdef QXL_COMMAND_FLAG_COMPAT_16BPP
We require spice >= 0.8 now, so this flag is always present.
Signed-off-by: Soren Sandmann <ssp@redhat.com>Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
spice: notify on vm state change only via spice_server_vm_start/stop
QXLWorker->start/stop are deprecated since spice-server 0.11.2
Signed-off-by: Yonit Halperin <yhalperi@redhat.com>Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
qxl/update_area_io: guest_bug on invalid parameters
Signed-off-by: Alon Levy <alevy@redhat.com>Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
qxl: disallow unknown revisions
qxl: add QXL_IO_MONITORS_CONFIG_ASYNC
Revision bumped to 4 for new IO support, enabled for spice-server >=0.11.1. New io enabled if revision is 4. Revision can be set to 4.
[ kraxel: 3 continues to be the default revision. Once we have a new stable spice-server release and the qemu patches to enable...
ehci: Fix interrupt endpoints no longer working
One of the recent changes (likely the addition of queuing support) has brokeninterrupt endpoints, this patch fixes this.
uas: move transfer kickoff
Kick next scsi transfer from request release callback instead of commandcompletion callback, otherwise we might get stuck in case scsi_req_unref()doesn't release the request instantly due to someone else holding areference too....
ehci: handle TD deactivation of inflight packets
Check the TDs of inflight packets, cancelpackets in case the guest clears the active bit.
ehci: simplify ehci_state_executing
ehci_state_executing does not need to check for p->usb_status == USB_RET_ASYNCor USB_RET_PROCERR, since ehci_execute_complete already does a similar checkand will trigger an assert if either value is encountered.
USB_RET_ASYNC should never be the packet status when execute_complete runs...
ehci: add ehci_cancel_queue()
Factor out function to cancel all packets of a queue.No behavior change.