aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-03-10qcow2: Add refcount_bits to format-specific infoMax Reitz7-10/+37
Add the bit width of every refcount entry to the format-specific information. In contrast to lazy_refcounts and the corrupt flag, this should be always emitted, even for compat=0.10 although it does not support any refcount width other than 16 bits. This is because if a boolean is optional, one normally assumes it to be false when omitted; but if an integer is not specified, it is rather difficult to guess its value. This new field breaks some test outputs, fix them. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-10qcow2: Add two new fields to BDRVQcowStateMax Reitz3-2/+7
Add two new fields regarding refcount information (the bit width of every entry and the maximum refcount value) to the BDRVQcowState. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-10libqos: Add virtio MMIO supportMarc Marí4-8/+323
Add virtio MMIO support. Add virtio-blk-test MMIO test case. Signed-off-by: Marc Marí <marc.mari.barcelo@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1424812915-25728-6-git-send-email-marc.mari.barcelo@gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-10libqos: Add malloc genericMarc Marí2-0/+60
This malloc is a basic interface implementation that works for any platform. It should be replaced in the future for a real malloc implementation for each of the platforms. Signed-off-by: Marc Marí <marc.mari.barcelo@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1424812915-25728-5-git-send-email-marc.mari.barcelo@gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-10libqos: Remove PCI assumptions in constants of virtio driverMarc Marí3-32/+33
Convert PCI-specific constants names of libqos virtio driver. Signed-off-by: Marc Marí <marc.mari.barcelo@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1424812915-25728-4-git-send-email-marc.mari.barcelo@gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-10tests: Prepare virtio-blk-test for multi-arch implementationMarc Marí1-65/+89
Modularize functions in virtio-blk-test and add PCI suffix for PCI specific components. Signed-off-by: Marc Marí <marc.mari.barcelo@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1424812915-25728-3-git-send-email-marc.mari.barcelo@gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-10libqos: Change use of pointers to uint64_t in virtioMarc Marí4-28/+37
Convert use of pointers in functions of virtio to uint64_t in order to make it platform-independent. Add casting from pointers (in PCI functions) to uint64_t and vice versa through uintptr_t. Signed-off-by: Marc Marí <marc.mari.barcelo@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1424812915-25728-2-git-send-email-marc.mari.barcelo@gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-10virtio-blk: Check return value of blk_aio_ioctlFam Zheng1-2/+8
Since commit 1dc936aa84 (virtio-blk: Use blk_aio_ioctl) we silently lose the request if blk_aio_ioctl returns NULL (not implemented). Fix it by directly returning VIRTIO_BLK_S_UNSUPP as we used to do. Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> [ kwolf: Fixed build error on win32 ] Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-09qcow2: Remove unused struct QCowCreateStateKevin Wolf1-11/+0
The only user went away five years ago with commit a9420734 ('qcow2: Simplify image creation'). It's about time to remove it. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-03-09block/raw-posix: fix compilation warning on OSXDenis V. Lunev1-0/+2
block/raw-posix.c:947:19: warning: unused variable 's' [-Wunused-variable] BDRVRawState *s = aiocb->bs->opaque; This variable is used only when on of the following macros are defined CONFIG_XFS, CONFIG_FALLOCATE, CONFIG_FALLOCATE_PUNCH_HOLE or CONFIG_FALLOCATE_ZERO_RANGE. Fortunately, CONFIG_FALLOCATE_PUNCH_HOLE and CONFIG_FALLOCATE_ZERO_RANGE could be defined only along with CONFIG_FALLOCATE. Therefore checking for CONFIG_XFS or CONFIG_FALLOCATE would be enough. Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Peter Maydell <peter.maydell@linaro.org> CC: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-09sheepdog: selectable object size supportTeruaki Ishizaki2-22/+134
Previously, qemu block driver of sheepdog used hard-coded VDI object size. This patch enables users to handle VDI object size. When you start qemu, you don't need to specify additional command option. But when you create the VDI which doesn't have default object size with qemu-img command, you specify object_size option. If you want to create a VDI of 8MB object size, you need to specify following command option. # qemu-img create -o object_size=8M sheepdog:test1 100M In addition, when you don't specify qemu-img command option, a default value of sheepdog cluster is used for creating VDI. # qemu-img create sheepdog:test2 100M Signed-off-by: Teruaki Ishizaki <ishizaki.teruaki@lab.ntt.co.jp> Acked-by: Hitoshi Mitake <mitake.hitoshi@lab.ntt.co.jp> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-09vpc: Implement bdrv_co_get_block_status()Kevin Wolf1-2/+48
This implements bdrv_co_get_block_status() for VHD images. This can significantly speed up qemu-img convert operation because only with this function implemented sparseness can be considered. (Before, converting a 1 TB empty image took several minutes for me, now it's instantaneous.) Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2015-03-09vpc: Fix size in fixed image creationKevin Wolf1-7/+3
If total_sectors is rounded to match the geometry, total_size needs to be changed as well. Otherwise we end up with an image whose geometry describes a disk larger than the image file, which doesn't end well. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2015-03-09test-coroutine: Regression test for yield bugStefan Hajnoczi1-0/+26
This adds a test for reentering a coroutine that previously yielded to a coroutine that has meanwhile terminated. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-09coroutine: Clean up qemu_coroutine_enter()Kevin Wolf2-21/+16
qemu_coroutine_enter() is now the only user of coroutine_swap(). Both functions are short, so inline it. Also, using COROUTINE_YIELD is now even more confusing because this code is never called during qemu_coroutine_yield() any more. In fact, this value is never read back, so we can just introduce a new COROUTINE_ENTER which documents the purpose of the task switch better. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-03-09coroutine: Fix use after free with qemu_coroutine_yield()Kevin Wolf1-1/+1
Instead of using the same function for entering and exiting coroutines, and hoping that it doesn't add any functionality that hurts with the parameters used for exiting, we can just directly call into the real task switch in qemu_coroutine_switch(). This fixes a use-after-free scenario where reentering a coroutine that has yielded still accesses the old parent coroutine (which may have meanwhile terminated) in the part of coroutine_swap() that follows qemu_coroutine_switch(). Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-03-08Merge remote-tracking branch 'remotes/xtensa/tags/20150307-xtensa' into stagingPeter Maydell4-2/+38
Xtensa updates: - implement do_unassigned_access callback; - fix ML605 xtfpga FLASH size. # gpg: Signature made Sat Mar 7 12:35:05 2015 GMT using RSA key ID F83FA044 # gpg: Good signature from "Max Filippov <max.filippov@cogentembedded.com>" # gpg: aka "Max Filippov <jcmvbkbc@gmail.com>" * remotes/xtensa/tags/20150307-xtensa: target-xtensa: xtfpga: fix ml605 flash size target-xtensa: implement do_unassigned_access callback hw/xtensa: allow reads/writes in the system I/O region Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-08Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into stagingPeter Maydell7-11/+144
* remotes/qmp-unstable/queue/qmp: docs: add memory-hotplug.txt qemu-options.hx: improve -m description virtio-balloon: Add some trace events virtio-balloon: Fix balloon not working correctly when hotplug memory pc-dimm: add a function to calculate VM's current RAM size Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-08Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20150304-1' into ↵Peter Maydell5-26/+80
staging misc spice/qxl fixes. # gpg: Signature made Wed Mar 4 13:57:42 2015 GMT using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/spice/tags/pull-spice-20150304-1: hmp: info spice: take out webdav hmp: info spice: Show string channel name qxl: drop update_displaychangelistener call for secondary qxl devices vga: refactor vram_size clamping and rounding qxl: refactor rounding up to a nearest power of 2 spice: fix invalid memory access to vga.vram qxl: document minimal video memory for new modes Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-08Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20150303-1' into ↵Peter Maydell1-3/+12
staging xhci: generate a Transfer Event for each Transfer TRB with the IOC bit set # gpg: Signature made Tue Mar 3 07:38:43 2015 GMT using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-usb-20150303-1: xhci: generate a Transfer Event for each Transfer TRB with the IOC bit set Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-08Merge remote-tracking branch 'remotes/gonglei/tags/bootdevice-next-20150303' ↵Peter Maydell2-15/+25
into staging bootdevice: bug fixes # gpg: Signature made Tue Mar 3 05:18:39 2015 GMT using RSA key ID DDE30FBB # gpg: Good signature from "Gonglei <arei.gonglei@huawei.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 5178 9C82 617F 2F58 8693 63B1 BA7A 65B0 DDE3 0FBB * remotes/gonglei/tags/bootdevice-next-20150303: bootdevice: add check in restore_boot_order() bootdevice: check boot order argument validation before vm running Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-08Merge remote-tracking branch ↵Peter Maydell4-27/+1699
'remotes/bkoppelmann/tags/pull-tricore-20150303' into staging TriCore RRR1, RRR2 instructions and bugfixes # gpg: Signature made Tue Mar 3 01:12:02 2015 GMT using RSA key ID 6B69CA14 # gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>" * remotes/bkoppelmann/tags/pull-tricore-20150303: target-tricore: Add instructions of RRR1 opcode format, which have 0xc3 as first opcode target-tricore: Add instructions of RRR1 opcode format, which have 0x43 as first opcode target-tricore: Add instructions of RRR1 opcode format, which have 0x83 as first opcode target-tricore: Add instructions of RRR2 opcode format target-tricore: fix msub32_suov return wrong results target-tricore: Fix RLC_ADDI, RLC_ADDIH using wrong microcode helper Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-07target-xtensa: xtfpga: fix ml605 flash sizeMax Filippov1-1/+1
ML605 daughterboard has 16MB flash, not 32MB. Change board definition accordingly. Cc: qemu-stable@nongnu.org Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2015-03-07target-xtensa: implement do_unassigned_access callbackMax Filippov3-0/+18
Depending on access type raise either InstrPIFDataError or LoadStorePIFDataError exception. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2015-03-07hw/xtensa: allow reads/writes in the system I/O regionMax Filippov1-1/+19
Ignore writes to unassigned areas of system I/O regison and return 0 for reads. This makes drivers for unimportant unimplemented hardware blocks happy. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2015-03-04docs: add memory-hotplug.txtLuiz Capitulino1-0/+76
This document describes how to use memory hotplug in QEMU. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Paulo Vital <paulo.vital@profitbricks.com>
2015-03-04qemu-options.hx: improve -m descriptionLuiz Capitulino1-5/+17
Add memory hotplug options to the command-line format. Also, add a complete command-line example and improve description. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Paulo Vital <paulo.vital@profitbricks.com>
2015-03-04virtio-balloon: Add some trace eventszhanghailiang2-0/+10
Add some trace events for easier debugging Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2015-03-04virtio-balloon: Fix balloon not working correctly when hotplug memoryzhanghailiang1-6/+9
When do memory balloon, it takes the 'ram_size' as the VM's current ram size, But 'ram_size' is the startup configured ram size, it does not take into account the hotplugged memory. As a result, the balloon result will be confused. Steps to reproduce: (1)Start VM: qemu -m size=1024,slots=4,maxmem=8G (2)In VM: #free -m : 1024M (3)qmp balloon 512M (4)In VM: #free -m : 512M (5)hotplug pc-dimm 1G (6)In VM: #free -m : 1512M (7)qmp balloon 256M (8)In VM: #free -m :1256M We expect the VM's available ram size to be 256M after 'qmp balloon 256M' command, but VM's real available ram size is 1256M. For "qmp balloon" is not performance critical code, we use function 'get_current_ram_size' to get VM's current ram size. Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2015-03-04pc-dimm: add a function to calculate VM's current RAM sizezhanghailiang3-0/+32
The global parameter 'ram_size' does not take into account the hotplugged memory. In some codes, we use 'ram_size' as current VM's real RAM size, which is not correct. Add function 'get_current_ram_size' to calculate VM's current RAM size, it will enumerate present memory devices and also plus ram_size. Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2015-03-04Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' ↵Peter Maydell3-22/+32
into staging # gpg: Signature made Mon Mar 2 21:45:18 2015 GMT using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/tracing-pull-request: trace: add DTrace reserved words for .d files unbreak dtrace tracing due to double _ in rdma names Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-04Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20150302.0' ↵Peter Maydell4-8/+108
into staging Updates for QEMU 2.3-rc0: - Error reporting and static cleanup (Alexey Kardashevskiy) - Runtime mmap disable for tracing (Samuel Pitoiset) - Support for host directed device request (Alex Williamson) # gpg: Signature made Mon Mar 2 18:42:50 2015 GMT using RSA key ID 3BB08B22 # gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>" # gpg: aka "Alex Williamson <alex@shazbot.org>" # gpg: aka "Alex Williamson <alwillia@redhat.com>" # gpg: aka "Alex Williamson <alex.l.williamson@gmail.com>" * remotes/awilliam/tags/vfio-update-20150302.0: vfio-pci: Enable device request notification support vfio: allow to disable MMAP per device with -x-mmap=off option vfio: Make type1 listener symbols static vfio: Add ioctl number to error report Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-04hmp: info spice: take out webdavGerd Hoffmann1-0/+5
Obvious suggestion for the next spice-protocol release: Add some way to #ifdef new stuff. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Cole Robinson <crobinso@redhat.com>
2015-03-03vl: take iothread lock very earlyPaolo Bonzini1-3/+3
If the iothread lock isn't taken by the main thread, the RCU callbacks might run concurrently with the main thread. QEMU's not ready for that. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Tested-by: Christian Borntraeger <borntraeger@de.ibm.com> Tested-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-03Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell20-48/+81
- more config options - bootdevice, iscsi, virtio-scsi fixes - build system patches for MinGW and config-devices.mak - qemu_mutex_lock_iothread deadlock fixes - another tiny patch from the record/replay series # gpg: Signature made Mon Mar 2 09:59:14 2015 GMT using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: cpus: be more paranoid in avoiding deadlocks cpus: fix deadlock and segfault in qemu_mutex_lock_iothread virtio-scsi: Allocate op blocker reason before blocking Makefile.target: binary depends on config-devices Makefile: don't silence mak file test with V=1 Makefile: fix up parallel building under MSYS+MinGW iscsi: Handle write protected case in reopen Give ivshmem its own config option Create specific config option for "platform-bus" Add specific config options for PCI-E bridges bootdevice: fix segment fault when booting guest with '-kernel' and '-initrd' timer: replace time() with QEMU_CLOCK_HOST virtio-scsi-dataplane: Call blk_set_aio_context within BQL block: Forbid bdrv_set_aio_context outside BQL scsi: give device a parent before setting properties Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-03xhci: generate a Transfer Event for each Transfer TRB with the IOC bit setLaszlo Ersek1-3/+12
At the moment, when the XHCI driver in edk2 (MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf) runs on QEMU, with the options -device nec-usb-xhci -device usb-kbd it crashes with: ASSERT MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c(1759): TrsRing != ((void*) 0) The crash hits in the following edk2 call sequence (all files under MdeModulePkg/Bus/): UsbEnumerateNewDev() [Usb/UsbBusDxe/UsbEnumer.c] UsbBuildDescTable() [Usb/UsbBusDxe/UsbDesc.c] UsbGetDevDesc() [Usb/UsbBusDxe/UsbDesc.c] UsbCtrlGetDesc(USB_REQ_GET_DESCRIPTOR) [Usb/UsbBusDxe/UsbDesc.c] UsbCtrlRequest() [Usb/UsbBusDxe/UsbDesc.c] UsbHcControlTransfer() [Usb/UsbBusDxe/UsbUtility.c] XhcControlTransfer() [Pci/XhciDxe/Xhci.c] XhcCreateUrb() [Pci/XhciDxe/XhciSched.c] XhcCreateTransferTrb() [Pci/XhciDxe/XhciSched.c] XhcExecTransfer() [Pci/XhciDxe/XhciSched.c] XhcCheckUrbResult() [Pci/XhciDxe/XhciSched.c] // // look for TRB_TYPE_DATA_STAGE event [1] // // // Store a copy of the device descriptor, as the hub device // needs this info to configure endpoint. [2] // UsbSetConfig() [Usb/UsbBusDxe/UsbDesc.c] UsbCtrlRequest(USB_REQ_SET_CONFIG) [Usb/UsbBusDxe/UsbDesc.c] UsbHcControlTransfer() [Usb/UsbBusDxe/UsbUtility.c] XhcControlTransfer() [Pci/XhciDxe/Xhci.c] XhcSetConfigCmd() [Pci/XhciDxe/XhciSched.c] XhcInitializeEndpointContext() [Pci/XhciDxe/XhciSched.c] // // allocate transfer ring for the endpoint [3] // USBKeyboardDriverBindingStart() [Usb/UsbKbDxe/EfiKey.c] UsbIoAsyncInterruptTransfer() [Usb/UsbBusDxe/UsbBus.c] UsbHcAsyncInterruptTransfer() [Usb/UsbBusDxe/UsbUtility.c] XhcAsyncInterruptTransfer() [Pci/XhciDxe/Xhci.c] XhcCreateUrb() [Pci/XhciDxe/Xhci.c] XhcCreateTransferTrb() [Pci/XhciDxe/XhciSched.c] XhcSyncTrsRing() [Pci/XhciDxe/XhciSched.c] ASSERT (TrsRing != NULL) [4] UsbEnumerateNewDev() in the USB bus driver issues a GET_DESCRIPTOR request, in order to determine the number of configurations that the endpoint supports. The requests consists of three stages (three TRBs), setup, data, and status. The length of the response is determined in [1], namely from the transfer event that the host controller generates in response to the request's middle stage (ie. the data stage). If the length of the answer is correct (a full GET_DESCRIPTOR request takes 18 bytes), then the XHCI driver that underlies the USB bus driver "snoops" (caches) the descriptor data for later [2]. Later, the USB bus driver sends a SET_CONFIG request. The underlying XHCI driver allocates a transfer ring for the endpoint, relying on the data snooped and cached in step [2]. Finally, the USB keyboard driver submits an asynchronous interrupt transfer to manage the keyboard. As part of this it asserts [4] that the ring has been allocated in step [3]. And this ASSERT() fires. The root cause can be found in the way QEMU handles the initial GET_DESCRIPTOR request. Again, that request consists of three stages (TRBs, Transfer Request Blocks), "setup", "data", and "status". The XhcCreateTransferTrb() function sets the IOC ("Interrupt on Completion") flag in each of these TRBs. According to the XHCI specification, the host controller shall generate a Transfer Event in response to *each* individual TRB of the request that had the IOC flag set. This means that QEMU should queue three events: setup, data, and status, for edk2's XHCI driver. However, QEMU only generates two events: - one for the setup (ie. 1st) stage, - another for the status (ie. 3rd) stage. No event is generated for the middle (ie. data) stage. The loop in QEMU's xhci_xfer_report() function runs three times, but due to the "reported" variable, only the first and the last TRBs elicit events, the middle (data stage) results in no event queued. As a consequence: - When handling the GET_DESCRIPTOR request, XhcCheckUrbResult() in [1] does not update the response length from zero. - XhcControlTransfer() thinks that the response is invalid (it has zero length payload instead of 18 bytes), hence [2] is not reached; the device descriptor is not stashed for later, and the number of possible configurations is left at zero. - When handling the SET_CONFIG request, (NumConfigurations == 0) from above prevents the allocation of the endpoint's transfer ring. - When the keyboard driver tries to use the endpoint, the ASSERT() blows up. The solution is to correct the emulation in QEMU, and to generate a transfer event whenever IOC is set in a TRB. The patch replaces !reported && (IOC || foo) == !reported && IOC || !reported && foo with IOC || (!reported && foo) == IOC || !reported && foo which only changes how reported && IOC is handled. (Namely, it now generates an event.) Tested with edk2 built for "qemu-system-aarch64 -M virt" (ie. "ArmVirtualizationQemu.dsc", aka "AAVMF"), and guest Linux. Signed-off-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-03hmp: info spice: Show string channel nameCole Robinson1-0/+27
Useful for debugging. https://bugzilla.redhat.com/show_bug.cgi?id=822418 Signed-off-by: Cole Robinson <crobinso@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-03qxl: drop update_displaychangelistener call for secondary qxl devicesGerd Hoffmann1-1/+0
Commit 3dcadce5076d4b42fa395c39662d65e050b77784 added three update_displaychangelistener call sites: Two for primary qxl cards, when entering/leaving vga mode, which are correct. One for secondary qxl cards, which is wrong because we don't register a displaychangelistener in the first place for secondary cards. Remove it. Reported-by: Brad Campbell <lists2009@fnarfbargle.com> Tested-by: Brad Campbell <lists2009@fnarfbargle.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-03vga: refactor vram_size clamping and roundingRadim Krčmář1-7/+15
Make the code a bit more obvious. We don't have min/max, so a general helper for clamp probably isn't acceptable either. Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-03qxl: refactor rounding up to a nearest power of 2Radim Krčmář3-18/+22
We already have pow2floor, mirror it and use instead of a function with similar results (same in used domain), to clarify our intent. Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-03spice: fix invalid memory access to vga.vramRadim Krčmář2-2/+10
vga_common_init() doesn't allow more than 256 MiB vram size and silently shrinks any larger value. qxl_dirty_surfaces() used the unshrinked size via qxl->shadow_rom.surface0_area_size when accessing the memory, which resulted in segfault. Add a workaround for this case and an assert if it happens again. We have to bump the vga memory limit too, because 256 MiB wouldn't have allowed 8k (it requires more than 128 MiB). 1024 MiB doesn't work, but 512 MiB seems fine. Proposed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-03qxl: document minimal video memory for new modesRadim Krčmář1-0/+3
The alternative to removing existing comments. Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-03bootdevice: add check in restore_boot_order()Gonglei1-1/+3
qemu_boot_set() can't fail in restore_boot_order(), then simply assert it doesn't fail, by passing &error_abort if boot_set_handler set. Suggested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
2015-03-03bootdevice: check boot order argument validation before vm runningGonglei1-14/+22
Either 'once' option or 'order' option can take effect for -boot at the same time, that is say initial startup processing can check only one. And pc.c's set_boot_dev() fails when its boot order argument is invalid. This patch provide a solution fix this problem: 1. If "once" is given, register reset handler to restore boot order. 2. Pass the normal boot order to machine creation. Should fail when the normal boot order is invalid. 3. If "once" is given, set it with qemu_boot_set(). Fails when the once boot order is invalid. 4. Start the machine. 5. On reset, the reset handler calls qemu_boot_set() to restore boot order. Should never fail. Suggested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
2015-03-03Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2015-02-26' ↵Peter Maydell21-240/+284
into staging QemuOpts: Convert various setters to Error # gpg: Signature made Thu Feb 26 13:56:43 2015 GMT using RSA key ID EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" * remotes/armbru/tags/pull-error-2015-02-26: qtest: Use qemu_opt_set() instead of qemu_opts_parse() pc: Use qemu_opt_set() instead of qemu_opts_parse() qemu-sockets: Simplify setting numeric and boolean options block: Simplify setting numeric options qemu-img: Suppress unhelpful extra errors in convert, amend QemuOpts: Propagate errors through opts_parse() QemuOpts: Propagate errors through opts_do_parse() QemuOpts: Drop qemu_opt_set(), rename qemu_opt_set_err(), fix use block: Suppress unhelpful extra errors in bdrv_img_create() qemu-img: Suppress unhelpful extra errors in convert, resize QemuOpts: Convert qemu_opts_set() to Error, fix its use QemuOpts: Convert qemu_opt_set_number() to Error, fix its use QemuOpts: Convert qemu_opt_set_bool() to Error, fix its use Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-03target-tricore: Add instructions of RRR1 opcode format, which have 0xc3 as ↵Bastian Koppelmann3-0/+418
first opcode Add helpers helper_addsur_h/_ssov which adds one halfword and subtracts one halfword, rounds / and saturates each half word independently. Add microcode helper functions: * gen_maddsu_h/sus_h: multiply two halfwords left justified and add to the first one word and subtract from the second one word / and saturate each resulting word independetly. * gen_maddsum_h/sums_h: multiply two halfwords in q-format left justified and add to the first one word and subtract from the second one word / and saturate each resulting word independetly. * gen_maddsur32_h/32s_h: multiply two halfwords in q-format left justified and add to the first one word and subtract from the second one word, round both results / and saturate each resulting word independetly. Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Reviewed-by: Richard Henderson <rth@twiddle.net>
2015-03-03target-tricore: Add instructions of RRR1 opcode format, which have 0x43 as ↵Bastian Koppelmann4-4/+588
first opcode Add helpers: * madd64_q_ssov: multiply two 32 bit q-format number, add them with a 64 bit q-format number and saturate. * madd32_q_add_ssov: add two 64 bit q-format numbers and return a 32 bit result. * maddr_q_ssov: multiplay two 32 bit q-format numbers, add a 32 bit q-format number and saturate. * maddr_q: multiplay two 32 bit q-format numbers and add a 32 bit q-format number. Note: madd instructions in the q format can behave strange, e.g. 0x1 + (0x80000000 * 0x80000000) << 1 for 32 bit signed values does not cause an overflow on the guest, because all intermediate results should be handled as if they are indefinitely precise. We handle this by inverting the overflow bit for all cases: a + (0x80000000 * 0x80000000) << 1. Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Reviewed-by: Richard Henderson <rth@twiddle.net>
2015-03-03target-tricore: Add instructions of RRR1 opcode format, which have 0x83 as ↵Bastian Koppelmann3-0/+534
first opcode Add helpers: * add64_ssov: adds two 64 bit values and saturates the result. * addr_h/_ssov: adds two halfwords with two words in q-format with rounding / and saturates each result independetly. Add microcode generator: * gen_add64_d: adds two 64 bit values. * gen_addsub64_h: adds/subtracts one halfwords with a word and adds/ subtracts another halftword with another word. * gen_madd_h/s_h: multiply four halfwords, add each result left justfied to two word values / and saturate each result. * gen_maddm_h/s_h: multiply four halfwords, add each result left justfied to two words values in q-format / and saturate each result. * gen_maddr32/64_h/s_h: multiply four halfwords, add each result left justfied to two halftwords/words values in q-format / and saturate each result. Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Reviewed-by: Richard Henderson <rth@twiddle.net>
2015-03-03target-tricore: Add instructions of RRR2 opcode formatBastian Koppelmann2-15/+136
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Reviewed-by: Richard Henderson <rth@twiddle.net>
2015-03-03target-tricore: fix msub32_suov return wrong resultsBastian Koppelmann1-6/+21
If the signed result of the multiplication overflows, we would get a negative value, which would result in a addition instead of a subtraction. Now we do the overflow calculation and saturation by hand instead of using suov32_neg. Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Reviewed-by: Richard Henderson <rth@twiddle.net>