Commit Graph

5992 Commits

Author SHA1 Message Date
Peter Maydell e7852674d5 hw/usb-net.c: Fix precedence bug when checking rndis_state
"!X == 2" is always false (spotted by Coverity), so the checks
for whether rndis is in the correct state would never fire.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
2011-11-14 02:19:24 +01:00
Anthony Liguori 74d33d5ce4 Merge remote-tracking branch 'kwolf/block-stable' into staging 2011-11-11 17:26:37 -06:00
Peter Maydell ee71c98434 hw/arm_timer.c: Fix bounds check for Integrator timer accesses
There are only three counter/timers on the integrator board:
correct the bounds check to avoid an array overrun. (Spotted
by Coverity, see bug 887883).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11 12:49:53 -06:00
Peter Maydell afd4a65225 hw/pxa2xx.c: Fix handling of R/WC bits in PMCR
Fix a bug in handling the write-one-to-clear bits in the PMCR
which meant that we would always clear the bit even if the
value written was a zero. Spotted by Coverity (see bug 887883).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11 12:49:53 -06:00
Peter Maydell b78c2b3aad hw/pl061: Remove pointless comparison of array to null
Remove a pointless comparison of an array to null. (There is
no need to check whether s->out[i] is non-null as qemu_set_irq
will do that for us.) Spotted by Coverity (see bug 887883).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11 12:49:53 -06:00
Peter Maydell 35914dc724 hw/tc58128.c: Remove unnecessary check for g_malloc failure
Remove a check for g_malloc failing: this never happens.
Also use g_malloc rather than g_malloc0 as we immediately
memset the entire region and so zero-initialising it is pointless.
Spotted by Coverity (see bug 887883).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11 12:49:53 -06:00
Peter Maydell 096685fc2a hw/omap_intc.c: Avoid crash on access to nonexistent banked registers
Avoid a crash due to null pointer dereference if a guest attempts
to access banked registers for a nonexistent bank. Spotted by
Coverity (see bug 887883).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11 12:49:52 -06:00
Peter Maydell 980bda8ba2 hw/pc.c: Fix use-while-uninitialized of fd_type[]
Fix a use-while-uninitialized of the fd_type[] array (introduced
in commit 34d4260e1, noticed by Coverity). This is more theoretical
than practical, since it's quite hard to get here with floppy==NULL
(the qdev_try_create() of the isa-fdc device has to fail).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-11-11 14:02:59 +01:00
Paolo Bonzini 4480de19d9 scsi-disk: implement eject requests
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-11-11 14:02:57 +01:00
Paolo Bonzini 2df0a3a308 atapi: implement eject requests
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-11-11 14:02:57 +01:00
Peter Maydell 0e3b800e71 hw/lan9118.c: Add missing 'break' to fix buffer overrun
Add a missing 'break' statement to fix a buffer overrun when
executing the EEPROM write-all command. Spotted by Coverity
(see bug 887883).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-11-10 12:29:50 +00:00
Markus Armbruster 542379f426 qdev: Fix crash on -device '?=x'
Spotted by Coverity.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-11-10 12:29:50 +00:00
Max Filippov 4f61927a41 hpet: fix infinite loop in qemu_run_timers with -icount enabled
hpet_timer timer callback rearms itself based on difference between
current HPET tick counter and comparator value. Difference calculated by
the hpet_calculate_diff function is limited to non-negative values.

cur_tick is calculated via hpet_get_ticks that uses qemu_get_clock_ns(vm_clock).

With -icount enabled vm_clock doesn't advance during qemu_run_timers
loop thus once difference is zero, qemu_run_timers loops forever
handling hpet_timer.

Limit hpet_calculate_diff results to positive only values to avoid that
infinite loop.

This fixes the following qemu-system-x86_64 hang when it reaches
timer_irq_works() in the linux bootup:

[    0.000000] Fast TSC calibration using PIT
[    0.000000] Detected 1000.054 MHz processor.
[    0.000031] Calibrating delay loop (skipped), value calculated using timer frequency.. 2000.10 BogoMIPS (lpj=10000540)
[    0.000404] pid_max: default: 32768 minimum: 301
[    0.001138] Mount-cache hash table entries: 256
[    0.003883] Initializing cgroup subsys ns
[    0.004035] Initializing cgroup subsys cpuacct
[    0.004280] Initializing cgroup subsys freezer
[    0.004790] Performance Events: AMD PMU driver.
[    0.004985] ... version:                0
[    0.005134] ... bit width:              48
[    0.005285] ... generic registers:      4
[    0.005437] ... value mask:             0000ffffffffffff
[    0.005625] ... max period:             00007fffffffffff
[    0.005807] ... fixed-purpose events:   0
[    0.005957] ... event mask:             000000000000000f
[    0.006275] SMP alternatives: switching to UP code

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-09 12:06:20 -06:00
Peter Maydell c0465d1a1d hw/omap_gpmc.c: Add missing 'break's to fix 8 bit NAND writes
Add missing 'break' statements which would have meant that writing
to an 8 bit NAND device was broken. Spotted by Coverity (see bug
887883).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-09 12:06:20 -06:00
Peter Maydell 95117be5a3 hw/omap_dss.c: Fix !-vs-~ bug in handling DISPC_CONTROL
Fix a bug revealed by a coverity scan (see bug 887883) which meant
that we would never print the warning about unpredictable behaviour
if a nonexistent overlay is enabled.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-09 12:06:20 -06:00
Avi Kivity 4f26f2b6f2 configure: fix detection for xattr.h on modern distributions
Modern distributions place xattr.h in /usr/include/sys, and fold
libattr.so into libc.  They also don't have an ENOATTR.

Make configure detect this, and add a qemu-xattr.h file that
directs the #include to the right place.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-09 12:06:20 -06:00
Edgar E. Iglesias 9770b91252 virtex: Remove memset of clk_setup
clk_setup is now a function. Fixes a segfault.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
2011-11-08 20:53:49 +01:00
Gerd Hoffmann f67ab77a43 qxl: fix vga port initialization.
Commit 0a039dc700 broke vga modes for
qxl-vga by loosing vga_ioport_read windup.  qxl needs to hook into
vga port writes only and used to realize that by letting vga_init() do
the work for both reads and writes, then overwrite the write function.
That little detail was missed while doing the conversion ...

This patch fixes it.  It also switch qxl vga ioport registration to
portio lists while being at it.

Cc: Hans de Goede <hdegoede@redhat.com>
Acked-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-07 10:57:37 -06:00
Gerd Hoffmann 25a21c94c0 ac97: don't override the pci subsystem id
This patch removes the code lines which set the subsystem id for the
emulated ac97 card to 8086:0000.  Due to the device id being zero the
subsystem id isn't vaild anyway.  With the patch applied the sound card
gets the default qemu subsystem id (1af4:1100) instead.

[ v2: old & broken id is maintained for -M pc-$oldqemuversion ]

Cc: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-07 10:57:37 -06:00
Gerd Hoffmann 19857e625a pc: add 1.0 machine type
This patch adds a pc-1.0 machine type.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-07 10:57:36 -06:00
Paolo Bonzini 6023d83248 disable automatic loading of sgabios when -nographic
sgabios hasn't gotten a lot of coverage since it was not shipped.  For 1.0,
let's disable the automatic loading of the option ROM in -nographic
mode.  We can put it back for 1.1.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-07 10:57:36 -06:00
Anthony Liguori 2963e65a4e Merge remote-tracking branch 'kwolf/for-anthony' into staging 2011-11-07 10:57:27 -06:00
Anthony Liguori ca062aaed0 Merge remote-tracking branch 'stefanha/trivial-patches' into staging 2011-11-07 10:56:38 -06:00
Anthony PERARD e7b48c97fe xen-platform: Fix IO port read/write functions
Somehow, the read/write functions handle an offset that does not exist anymore.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-11-07 08:07:48 +00:00
Rabin Vincent 41bf234d8e arm_gic: handle banked enable bits for per-cpu interrupts
The first enable set/clear register (which controls the PPIs and SGIs)
is supposed to be banked for each processor.  Currently it is just
handled globally and this prevents recent SMP Linux kernels from
booting, because CPU0 stops receiving localtimer interrupts when CPU1
disables them locally.

To fix this, allow the enable bits to be enabled per-cpu.  For SPIs,
always enable/disable ALL_CPU_MASK.

Signed-off-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2011-11-06 16:01:08 +00:00
Kevin Wolf acae6f1c4c dma: Avoid reentrancy in DMA transfer handlers
With the conversion of the block layer to coroutines, bdrv_read/write
have changed to run a nested event loop that calls qemu_bh_poll.
Consequently a scheduled BH can be called while a DMA transfer handler
runs and this means that DMA_run becomes reentrant.

Devices haven't been designed to cope with that, so instead of running a
nested transfer handler just wait for the next invocation of the BH from the
main loop.

This fixes some problems with the floppy device.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-11-04 14:23:58 +01:00
Blue Swirl 932eacc158 Merge branch 'xtensa' of git://jcmvbkbc.spb.ru/dumb/qemu-xtensa
* 'xtensa' of git://jcmvbkbc.spb.ru/dumb/qemu-xtensa:
  xtensa_lx60: fix build date code and change memory region names
  xtensa_lx60: pass kernel arguments from -append
  xtensa_lx60: add FLASH support
  target-xtensa: raise an exception for invalid and reserved opcodes
  target-xtensa: handle cache options in the overlay tool
  target-xtensa: mask out undefined bits of WINDOWSTART SR
2011-11-02 20:52:23 +00:00
Anthony Liguori 42dfb09510 Merge remote-tracking branch 'aneesh/for-upstream-8' into staging 2011-11-02 12:30:00 -05:00
Bharata B Rao f2209eb854 Fix X86 CPU topology in KVM mode
apic id returned to guest kernel in ebx for cpuid(function=1) depends on
CPUX86State->cpuid_apic_id which gets populated after the cpuid information
is cached in the host kernel. This results in broken CPU topology in guest.

Fix this by setting cpuid_apic_id before cpuid information is passed to
the host kernel. This is done by moving the setting of cpuid_apic_id
to cpu_x86_init() where it will work for both KVM as well as TCG modes.

Acked-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Bharata B Rao <bharata.rao@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-02 07:55:05 -05:00
Gerd Hoffmann 18ebcc86f2 intel-hda: fix stream search
commit ba43d28916 introduces a bug:
The stream-not-found case doesn't error out any more, instead the
code silently uses the first stream.  Fix it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-02 07:51:58 -05:00
Paolo Bonzini 5bb2392776 virtio-blk: pass full status to the guest
When SCSI passthrough is being used by the guest with virtio-blk, the
guest is not able to detect disk failures.  This is because the status
field is expected by the guest driver to include also the msg_status,
host_status and driver_status fields, but the device is only passing
down the SCSI status.

The patch fixes this, and also makes sure that the guest always sees a
CHECK_CONDITION status when there is valid sense data.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-02 07:51:58 -05:00
Stefan Hajnoczi 779b5b04fd hw/9pfs: use g_vasprintf() instead of rolling our own
Markus Armbruster <armbru@redhat.com> sent fixes for va_list vararg
issues in v9fs_string_alloc_printf().  It turns out the function
duplicates g_vasprintf() and can therefore be eliminated entirely.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2011-11-02 12:57:15 +05:30
Max Filippov 556ba66845 xtensa_lx60: fix build date code and change memory region names
Fix date code to uses MMDDYYYY notation.
Change memory region names to reflect specification that defines them.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2011-11-02 05:05:52 +04:00
Max Filippov 292627bb5e xtensa_lx60: pass kernel arguments from -append
Create boot parameters in the end of SRAM region, insert kernel
arguments specified in -append there.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2011-11-02 05:05:52 +04:00
Max Filippov 82b25dc8b0 xtensa_lx60: add FLASH support
LX60 carry 4 Mbyte FLASH and 128 Kbyte SRAM, LX200 carry 16 Mbyte FLASH
and 32 Mbyte SRAM. Either of these memories may be mapped to the system
ROM region.

Select boot from FLASH if -kernel option is not specified, otherwise
boot from SRAM.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2011-11-02 05:05:52 +04:00
Anthony Liguori b0eb8449f2 Revert "virtio: Add PCI memory BAR in addition to PIO BAR"
This reverts commit 46d95bfec7.
2011-11-01 19:32:21 -05:00
Jan Kiszka e1c2008af6 pcnet: Add link state support
Update lnkst on link state changes so that guests can obtain this
information via reading back the LED output pin. Works for Linux but
not for guests that depend on the missing PHY.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-01 16:52:09 -05:00
Jan Kiszka 7ba7974197 pcnet-pci: Fix PIO word access to PROM
Implement the various IO access widths according to the spec. This
specifically unbreaks word and dword access to the PROM area that is
mapped into IO space. It also drops redundant upper limit checks and
spurious "return void".

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-01 16:52:09 -05:00
Jan Kiszka 488a1a5dfe pcnet: Move BCR defines to header
This moves BCR defines to the common header and immediately makes use of
them to add BCR_APROMWE, replacing the open-coded write check in
pcnet_aprom_writeb.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-01 16:52:09 -05:00
Avi Kivity 2284451019 event_notifier: move to top-level directory
Has no business in hw/.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-01 16:52:08 -05:00
David Gibson 46d95bfec7 virtio: Add PCI memory BAR in addition to PIO BAR
Currently, virtio devices are usually presented to the guest as an
emulated PCI device, virtio_pci.  Although the actual IO operations
are done through system memory, the configuration of the virtio device
is done through the one PCI IO space BAR that virtio_pci presents.

But PCI IO space (aka PIO) is deprecated for modern PCI devices, and
on some systems with many PCI domains accessing PIO space can be
problematic.  For example on the existing PowerVM implementation of
the PAPR spec, PCI PIO access is not supported at all.  We're hoping
that our KVM implementation will support PCI PIO (once we support PCI
at all), but it will probably have some irritating limitations.

This patch, therefore, extends the virtio_pci device to have a PCI
memory space (MMIO) BAR as well as the IO BAR.  The MMIO BAR contains
exactly the same registers, in exactly the same layout as the existing
PIO BAR.

Because the PIO BAR is still present, existing guest drivers should
still work fine.  With this change in place, future guest drivers can
check for an MMIO BAR and use that if present (falling back to PIO
when possible to support older qemu versions).

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-01 16:52:08 -05:00
David Gibson fff23ee9a5 usb-uhci: Use PCI DMA stub functions
This updates the usb-uhci device emulation to use the explicit PCI DMA
wrapper to initialize its scatter/gathjer structure.  This means this
driver should not need further changes when the sglist interface is
extended to support IOMMUs.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-01 16:52:08 -05:00
David Gibson 68d553587c usb-ehci: Use PCI DMA stub functions
This updates the usb-ehci device emulation to use the explicit PCI DMA
wrapper to initialize its scatter/gathjer structure.  This means this
driver should not need further changes when the sglist interface is
extended to support IOMMUs.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-01 16:52:08 -05:00
David Gibson 552908fef5 PCI IDE: Use PCI DMA stub functions
This updates the PCI IDE device emulation to use the explicit PCI DMA
wrapper to initialize its scatter/gathjer structure.  This means this
driver should not need further changes when the sglist interface is
extended to support IOMMUs.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-01 16:52:07 -05:00
David Gibson fa0ce55c71 intel-hda: Use PCI DMA stub functions
This updates the intel-hda device emulation to use the explicit PCI DMA
functions, instead of directly calling physical memory access functions.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-01 16:52:07 -05:00
Eduard - Gabriel Munteanu 14fecf26d0 pcnet-pci: Use PCI DMA stub functions
This updates the pcnet-pci device emulation to use the explicit PCI DMA
functions, instead of directly calling physical memory access functions.

Signed-off-by: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-01 16:52:07 -05:00
Eduard - Gabriel Munteanu 9ba4524cda lsi53c895a: Use PCI DMA stub functions
This updates the lsi53c895a device emulation to use the explicit PCI DMA
functions, instead of directly calling physical memory access functions.

Signed-off-by: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-01 16:52:07 -05:00
Eduard - Gabriel Munteanu 62ecbd353d e1000: Use PCI DMA stub functions
This updates the e1000 device emulation to use the explicit PCI DMA
functions, instead of directly calling physical memory access functions.

Signed-off-by: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-01 16:52:07 -05:00
Eduard - Gabriel Munteanu 3204db98de es1370: Use PCI DMA stub functions
This updates the es1370 device emulation to use the explicit PCI DMA
functions, instead of directly calling physical memory access functions.

Signed-off-by: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-01 16:52:07 -05:00
Eduard - Gabriel Munteanu 93f43c4888 ac97: Use PCI DMA stub functions
This updates the ac97 device emulation to use the explicit PCI DMA
functions, instead of directly calling physical memory access functions.

Signed-off-by: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-01 16:52:07 -05:00