aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-11-14Merge remote-tracking branch 'kraxel/usb.70' into stagingAnthony Liguori26-797/+775
* kraxel/usb.70: ehci: fix migration xhci: Fix some DMA host endian bugs usb/combined-packet: Move freeing of combined to usb_combined_packet_remove() xhci: Add support for packets with both data and an error status ehci: Add support for packets with both data and an error status ehci: Get rid of the magical PROC_ERR status usb-redir: Allow packets to have both data and an error-status usb: split packet result into actual_length + status Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-14Merge remote-tracking branch 'spice/spice.v63' into stagingAnthony Liguori10-274/+79
* spice/spice.v63: spice: fix initialization order pflib: unused, remove it. spice: switch to pixman qxl: call dpy_gfx_resize when entering vga mode qxl: fix cursor reset hw/qxl: qxl_send_events: nop if stopped hw/qxl: guest bug on primary create with stride %4 != 0 Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-12aio: fix aio_ctx_prepare with idle bottom halvesPaolo Bonzini1-4/+2
Commit ed2aec4867f0d5f5de496bb765347b5d0cfe113d changed the return value of aio_ctx_prepare from false to true when only idle bottom halves are available. This broke PC old-style DMA, which uses them. Fix this by making aio_ctx_prepare return true only when non-idle bottom halves are scheduled to run. Reported-by: malc <av1474@comtv.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: malc <av1474@comtv.ru>
2012-11-11tcg: properly check that op's output needs to be synced to memoryKirill Batuzov1-4/+4
Fix typo introduced in b3a1be87bac3a6aaa59bb88c1410f170dc9b22d5. Reported-by: Ruslan Savchenko <ruslan.savchenko@gmail.com> Signed-off-by: Kirill Batuzov <batuzovk@ispras.ru> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-11-11target-mips: Fix seg fault for LUI when MIPS_DEBUG_DISAS==1.Eric Johnson1-7/+11
The call to gen_logic_imm for OPC_LUI passes -1 for rs. This causes the MIPS_DEBUG statement to seg fault due to the deference of regnames[rs]. This patch fixes that. Signed-off-by: Eric Johnson <ericj@mips.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> (aurel32: replaced static string formating by a static string)
2012-11-10target-i386: avoid using cpu_single_envBlue Swirl1-218/+222
Pass around CPUArchState instead of using global cpu_single_env. Signed-off-by: Blue Swirl <blauwirbel@gmail.com> Reviewed-by: Andreas Färber <afaerber@suse.de>
2012-11-10target-xtensa: avoid using cpu_single_envBlue Swirl1-5/+5
Pass around CPUArchState instead of using global cpu_single_env. Signed-off-by: Blue Swirl <blauwirbel@gmail.com> Acked-by: Max Filippov <jcmvbkbc@gmail.com> Reviewed-by: Andreas Färber <afaerber@suse.de>
2012-11-10target-unicore32: avoid using cpu_single_envBlue Swirl1-4/+4
Pass around CPUArchState instead of using global cpu_single_env. Signed-off-by: Blue Swirl <blauwirbel@gmail.com> Acked-by: Guan Xuetao <gxt@mprc.pku.edu.cn> Reviewed-by: Andreas Färber <afaerber@suse.de>
2012-11-10kvm: avoid using cpu_single_envBlue Swirl1-10/+11
Pass around CPUArchState instead of using global cpu_single_env. Signed-off-by: Blue Swirl <blauwirbel@gmail.com> Reviewed-by: Andreas Färber <afaerber@suse.de>
2012-11-10disas: avoid using cpu_single_envBlue Swirl17-86/+100
Pass around CPUArchState instead of using global cpu_single_env. Signed-off-by: Blue Swirl <blauwirbel@gmail.com> Acked-by: Richard Henderson <rth@twiddle.net> Acked-by: Aurelien Jarno <aurelien@aurel32.net> Acked-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
2012-11-10slirp: remove unused function u_sleepBlue Swirl2-15/+0
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-10sun4c: remove unused functionsBlue Swirl2-27/+0
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-10m48t59: remove unused m48t59_set_addrBlue Swirl2-8/+0
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-10tests/tcg: new test for i386 FPREM and FPREM1Catalin Patulea2-0/+362
This is setting the stage for a cleanup of FPREM and FPREM1 helpers while being sure that they behave same as bare metal. The test constructs operands using combinations of corner cases for the floating-point bitfields and prints operands, result and FPU status word for FPREM and FPREM1. The outputs can then be compared between bare metal and QEMU. The 'run-test-i386-fprem' make target does just that. Signed-off-by: Catalin Patulea <catalinp@google.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-10memory: Don't dump disabled regionsJan Kiszka1-1/+1
This makes "info mtree" output readable again. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-10memory: Reintroduce dirty flag to optimize changes on disabled regionsJan Kiszka1-2/+13
Cirrus is triggering this, e.g. during Win2k boot: Changes only on disabled regions require no topology update when transaction depth drops to 0 again. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-10qemu-timer: Fix compilation for non-POSIX hostsStefan Weil1-0/+2
A compiler warning is caused by the unused local function reinit_timers on non-POSIX hosts. Include that function only for POSIX hosts. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-10vmware_vga: Add back some info in local state partially reverting aa32b38cBALATON Zoltan1-9/+21
Keep saving display surface parameters at init and using these cached values instead of getting them when needed. Not sure why this is needed (maybe due to the interaction with the vga device) but not doing this broke the Xorg vmware driver at least. Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Tested-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-10kvmvapic: Fix TB invalidation after instruction patchingJan Kiszka1-4/+16
Since 0b57e287, cpu_memory_rw_debug already triggers a TB invalidation. As it doesn't (and cannot) set is_cpu_write_access=1 but "consumes" the currently executed TB, the tb_invalidate_phys_page_range call from patch_instruction didn't work anymore. Fix this by open-coding the required bits to restore the CPU state from the current TB position before patching and resume execution on the patched instruction afterward. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Tested-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-09ehci: fix migrationGerd Hoffmann1-1/+2
Commit 5010d4dc618b6b8e7c21129c487c06f6493f71fc reorganized vmstate to split core + pci, but got two little details wrong. Fix them. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-09xhci: Fix some DMA host endian bugsDavid Gibson1-27/+54
The xhci device does correct endian switches on the results of some DMAs but not all. In particular, there are many DMAs of what are essentially arrays of 32-bit integers which never get byteswapped. This causes them to be interpreted incorrectly on big-endian hosts, since (as per the xhci spec) these arrays are always little-endian in guest memory. This patch adds some helper functions to fix these bugs. This may not be all the endian bugs in the xhci code, but it's certainly some of them and the Linux guest xhci driver certainly gets further with these fixes. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-08usb/combined-packet: Move freeing of combined to usb_combined_packet_remove()Hans de Goede1-18/+15
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-08xhci: Add support for packets with both data and an error statusHans de Goede1-2/+2
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-08ehci: Add support for packets with both data and an error statusHans de Goede2-85/+77
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-08ehci: Get rid of the magical PROC_ERR statusHans de Goede1-31/+24
Instead make ehci_execute and ehci_fill_queue return the again value. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-08usb-redir: Allow packets to have both data and an error-statusHans de Goede1-36/+20
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-08usb: split packet result into actual_length + statusHans de Goede24-626/+610
Since with the ehci and xhci controllers a single packet can be larger then maxpacketsize, it is possible for the result of a single packet to be both having transferred some data as well as the transfer to have an error. An example would be an input transfer from a bulk endpoint successfully receiving 1 or more maxpacketsize packets from the device, followed by a packet signalling halt. While already touching all the devices and controllers handle_packet / handle_data / handle_control code, also change the return type of these functions to void, solely storing the status in the packet. To make the code paths for regular versus async packet handling more uniform. This patch unfortunately is somewhat invasive, since makeing the qemu usb core deal with this requires changes everywhere. This patch only prepares the usb core for this, all the hcd / device changes are done in such a way that there are no functional changes. This patch has been tested with uhci and ehci hcds, together with usb-audio, usb-hid and usb-storage devices, as well as with usb-redir redirection with a wide variety of real devices. Note that there is usually no need to directly set packet->actual_length form devices handle_data callback, as that is done by usb_packet_copy() Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-08microblaze: translate.c: Fix swaph decodingPeter Crosthwaite1-1/+1
The swaph instruction was not decoding correctly. s/1e1/1e2 on the 9 LSBs on the instruction decode. Reported-by: David Holsgrove <david.holsgrove@xilinx.com> Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2012-11-06tools: initialize main loop before block layerPaolo Bonzini2-4/+2
Tools were broken because they initialized the block layer while qemu_aio_context was still NULL. Reported-by: malc <av1474@comtv.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: malc <av1474@comtv.ru>
2012-11-06tcg/ppc32: Use trampolines to trim the code size for mmu slow path accessorsmalc2-9/+25
mmu access looks something like: <check tlb> if miss goto slow_path <fast path> done: ... ; end of the TB slow_path: <pre process> mr r3, r27 ; move areg0 to r3 ; (r3 holds the first argument for all the PPC32 ABIs) <call mmu_helper> b $+8 .long done <post process> b done On ppc32 <call mmu_helper> is: (SysV and Darwin) mmu_helper is most likely not within direct branching distance from the call site, necessitating a. moving 32 bit offset of mmu_helper into a GPR ; 8 bytes b. moving GPR to CTR/LR ; 4 bytes c. (finally) branching to CTR/LR ; 4 bytes r3 setting - 4 bytes call - 16 bytes dummy jump over retaddr - 4 bytes embedded retaddr - 4 bytes Total overhead - 28 bytes (PowerOpen (AIX)) a. moving 32 bit offset of mmu_helper's TOC into a GPR1 ; 8 bytes b. loading 32 bit function pointer into GPR2 ; 4 bytes c. moving GPR2 to CTR/LR ; 4 bytes d. loading 32 bit small area pointer into R2 ; 4 bytes e. (finally) branching to CTR/LR ; 4 bytes r3 setting - 4 bytes call - 24 bytes dummy jump over retaddr - 4 bytes embedded retaddr - 4 bytes Total overhead - 36 bytes Following is done to trim the code size of slow path sections: In tcg_target_qemu_prologue trampolines are emitted that look like this: trampoline: mfspr r3, LR addi r3, 4 mtspr LR, r3 ; fixup LR to point over embedded retaddr mr r3, r27 <jump mmu_helper> ; tail call of sorts And slow path becomes: slow_path: <pre process> <call trampoline> .long done <post process> b done call - 4 bytes (trampoline is within code gen buffer and most likely accessible via direct branch) embedded retaddr - 4 bytes Total overhead - 8 bytes In the end the icache pressure is decreased by 20/28 bytes at the cost of an extra jump to trampoline and adjusting LR (to skip over embedded retaddr) once inside. Signed-off-by: malc <av1474@comtv.ru>
2012-11-05spice: fix initialization orderGerd Hoffmann2-3/+9
Register displaychangelistener last, after spice is fully initialized, otherwise we may hit NULL pointer dereferences when qemu starts calling our callbacks. Commit e250d949feb1334828f27f0d145c35f29c4b7639 triggers this bug. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-05pflib: unused, remove it.Gerd Hoffmann3-236/+0
Replaced by pixman library. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-05spice: switch to pixmanGerd Hoffmann5-33/+45
Switch over spice-display.c to use the pixman library instead of the home-grown pflib bits. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-05qxl: call dpy_gfx_resize when entering vga modeGerd Hoffmann1-1/+1
When entering vga mode the display size likely changes, notify all displaychangelisteners about this. Probably went unnoticed for a while as one if the first things the guest does after leaving qxl native mode and entering qxl vga mode is to set the vga video mode. But there is still a small window where qemu can operate on stale data, leading to crashes now and then. https://bugzilla.redhat.com/show_bug.cgi?id=865767 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-05qxl: fix cursor resetGerd Hoffmann1-0/+4
When resetting the qxl cursor notify the qemu displaystate too. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-05hw/qxl: qxl_send_events: nop if stoppedAlon Levy2-1/+8
Added a trace point for easy logging. RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=870972 Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-05hw/qxl: guest bug on primary create with stride %4 != 0Alon Levy1-0/+12
Due to usage of pixman for rendering on all spice surfaces we have pixman's requirement that the stride be word aligned. A guest not honoring that can crash spice and qemu with it due to failure to create a surface (in spice-server). Avoid this early on in primary surface creation and offscreen surface creation. Recently windows guests got odd width support which triggers a non word aligned primary surface in 16bit color depth. Off screen surfaces have always been word aligned, but doesn't hurt to check them here too. Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-05target-mips: use ULL for 64 bit constantsBlue Swirl1-2/+2
Fix build on a 32 bit host: CC mips-softmmu/target-mips/dsp_helper.o /src/qemu/target-mips/dsp_helper.c: In function 'helper_dextr_rs_w': /src/qemu/target-mips/dsp_helper.c:3556: error: integer constant is too large for 'long' type /src/qemu/target-mips/dsp_helper.c: In function 'helper_extr_s_h': /src/qemu/target-mips/dsp_helper.c:3656: error: integer constant is too large for 'long' type Signed-off-by: Blue Swirl <blauwirbel@gmail.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-11-04build: pthread_atfork() needs include of pthread.hAnthony Liguori1-0/+3
Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-11-03tcg/ppc: ld/st optimizationmalc3-196/+262
Signed-off-by: malc <av1474@comtv.ru>
2012-11-03vmware_vga: Allow simple drivers to work without using the fifoBALATON Zoltan3-14/+23
Postpone stopping the dirty log to the point where the command fifo is configured to allow drivers which don't use the fifo to work too. (Without this the picture rendered into the vram never got to the screen and the DIRECT_VRAM option meant to support this case was removed a year ago.) Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-03vmware_vga: Return a value for FB_SIZE before the device is enabledBALATON Zoltan1-10/+9
According to the documentation drivers using this device should read FB_SIZE before enabling the device to know what memory to map. This would not work if we return 0 before enabled. The docs also mention reading SVGA_REG_DEPTH but not writing it. (Only SVGA_REG_BITS_PER_PIXEL can be written but we don't really support that either.) Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-03vmware_vga: Remove duplicated info from local stateBALATON Zoltan2-94/+85
Removed info from vmsvga_state that is available from elsewhere and thus was duplicated here unnecessarily. Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-03vmware_vga: Coding style cleanupBALATON Zoltan1-124/+150
Fix coding style as suggested by checkpatch.pl Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-03Merge branch 'trivial-patches' of git://github.com/stefanha/qemuBlue Swirl21-96/+66
* 'trivial-patches' of git://github.com/stefanha/qemu: pc: Drop redundant test for ROM memory region exec: make some functions static target-ppc: make some functions static ppc: add missing static vnc: add missing static vl.c: add missing static target-sparc: make do_unaligned_access static m68k: Return semihosting errno values correctly cadence_uart: More debug information Conflicts: target-m68k/m68k-semi.c
2012-11-03tcg: Optimize qemu_ld/st by generating slow paths at the end of a blockYeongkyoon Lee3-126/+320
Add optimized TCG qemu_ld/st generation which locates the code of TLB miss cases at the end of a block after generating the other IRs. Currently, this optimization supports only i386 and x86_64 hosts. Signed-off-by: Yeongkyoon Lee <yeongkyoon.lee@samsung.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-03tcg: Add extended GETPC mechanism for MMU helpers with ldst optimizationYeongkyoon Lee3-8/+55
Add GETPC_EXT which is used by MMU helpers to selectively calculate the code address of accessing guest memory when called from a qemu_ld/st optimized code or a C function. Currently, it supports only i386 and x86-64 hosts. Signed-off-by: Yeongkyoon Lee <yeongkyoon.lee@samsung.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-03configure: Add CONFIG_QEMU_LDST_OPTIMIZATION for TCG qemu_ld/st optimizationYeongkyoon Lee1-0/+6
Enable CONFIG_QEMU_LDST_OPTIMIZATION for TCG qemu_ld/st optimization only when a host is i386 or x86_64. Signed-off-by: Yeongkyoon Lee <yeongkyoon.lee@samsung.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-03target-m68k/m68k-semi.c: Log when put_user for returning values failsPeter Maydell1-16/+31
Abstract out the use of put_user for returning semihosting call results, so that we can log when a guest erroneously attempts a semihosting call with an unwritable argument block. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-03target-m68k/m68k-semi: Handle get_user failurePeter Maydell1-51/+93
Handle failure of get_user accessing the semihosting argument block, rather than simply ignoring the failures. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>