| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Correct definitions for FD_CMD_SAVE and FD_CMD_RESTORE in hw/fdc.c
Per https://bugs.launchpad.net/qemu/+bug/424453 the correct values
for FD_CMD_SAVE is 0x2e and FD_CMD_RESTORE is 0x4e. Verified against
the Intel 82078 manual which can be found at:
http://wiki.qemu.org/Documentation/HardwareManuals page 22.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit bb350a5e9b961a8c3940b3451c329ff07c027aa1)
|
|
When cancelling a request, bdrv_aio_cancel may decide that it waits for
completion of a request rather than for cancellation. IDE therefore can't
abandon its DMA status before calling bdrv_aio_cancel; otherwise the callback
of a completed request would use invalid data.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 38d8dfa193e9a45f0f08b06aab2ba2a94f40a041)
|
|
After commit 702f3e0fb52c124c07f215426eeadb70a716643f, the params is
nerver NULL. It should check *params instead of params to determine
whether the params is empty.
Signed-off-by: TeLeMan <geleman@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
(cherry picked from commit 98f22dc172e1ebd5341da3de0d67666442566f72)
|
|
Many usbdevice_init implementors assume params is non-NULL.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 702f3e0fb52c124c07f215426eeadb70a716643f)
|
|
If -usbdevice is used on a machine with no USB busses, usb_create
will fail and return NULL. Patch below handles this failure gracefully
rather than crashing when we try to init the device.
Signed-off-by: Paul Brook <paul@codesourcery.com>
(cherry picked from commit d44168fffa07fc57e61a37da65e9348661dec887)
|
|
In oneshot mode, the delta needs to come from the TimerLoad register,
not the maximum limit.
Signed-off-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit a9cf98d939c4f6539fad7e7d812ea16d96ba3dc9)
|
|
Reload the timer when TimerControl is written, if the timer is to be
enabled. Otherwise, if an earlier write to TimerLoad was done while
periodic mode was not set, s->delta may incorrectly still have the value
of the maximum limit instead of the value written to TimerLoad.
This problem is evident on versatileap on current linux-next, which
enables TIMER_CTRL_32BIT before writing to TimerLoad and then enabling
periodic mode and starting the timer. This causes the first periodic
tick to be scheduled to occur after 0xffffffff periods, leading to a
perceived hang while the kernel waits for the first timer tick.
Signed-off-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit d6759902cb467c002086853d2eb38fb969c29f7f)
|
|
Before issuing the barrier to the block driver we need to flush our oustanding
queue of write requests, as the flush is supposed to be issued after them.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 618fbb84299780af96e3d4c4b6f2148656fe3708)
|
|
Code for saving irq_state got vm_state
macros wrong, passing in the wrong parameter.
As a result, we both saved a wrong value
and restored it to a wrong offset.
This leads to device and bus irq counts getting
out of sync, which in turn leads to interrupts getting lost or
never cleared, such as
https://bugzilla.redhat.com/show_bug.cgi?id=588133
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit c3f8f61157625d0bb5bfc135047573de48fdc675)
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 6ac08101f9de84be1fb7b45f87caed8ba8f3eb5a)
|
|
All callers of lsi_reselect have a lsi_request struct at hand anyway.
So just pass it directly instead of having lsi_reselect search for it
using the tag.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit aa4d32c4742e62e09786bd1067a5b98239867e93)
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit b96a0da06bd782ef290445479a6d4d0de00c2c23)
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit daa70311e0f7b37cd0ea3c4de0d163ccf1a36abe)
|
|
Right now lsi_request is allocated when a request is queued and released
when a request is unqueued. With this patch applied the lsi_request is
kept for the whole lifetime of the scsi request.
Rationale: We can use it for per-request data then. The patch does that
already for the request tag.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit af12ac9880eacdd79d49a11d5672df7170afb38f)
|
|
Replace the funky array logic for queued commands with standard
qemu list functions. Also rename lsi_queue to lsi_request.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 042ec49dc52e54153942a089a46ae584152998fb)
|
|
Since commit 8da3ff180974732fc4272cb4433fef85c1822961 ("MMIO callback
interface changes"), the addresses passed to the I/O functions are an
offset to the start of the area. As a consequence, there is no need to
correct the address using the value of IOBR. This make possible the use
of the default MMIO functions. Moreover the addresses are now remaped
when the value if IOBR change.
The memory area corresponds to the devices behing the PCI bus, it should
not be mapped by the PCI controller. Remove the corresponding code.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry-picked from commit 5ba9e9522cf572715ca1966b292f64fb78342e22)
|
|
In case s->version is shorter than 4 bytes we overflow the memcpy src
buffer. Fix it by clearing the target buffer, then copy only the
amount of bytes we actually have.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from 314b1811c15f4e982e4667d9b845aee4b5a63d91)
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
When the MMUCR TI bit is set, all the UTLB and ITLB entries should be
flushed.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit e781d1285fc3b81d689ba25360c6c272116387fa)
|
|
Only raise an interrupt if the TD has actually completed.
Signed-off-by: Paul Brook <paul@codesourcery.com>
|
|
This is a workaround only, and is a partial revert
of a few changes to BMDMAState which removed pci_dev
field on the way.
- cmd646 pci_from_bm() expects bm->unit value to
correspond with bm data being passed to callback
as opaque pointer. This breaks when write to dma
control register of second channel happens when no
dma operation is in progress, so bm->unit is zero
for second channel, and pci_from_bm() returns garbage
pointer. Crash happens shortly after that while
dereferencing that pointer.
v0->v1: cleaned up dead code from pci_from_bm.
Signed-off-by: Igor V. Kovalenko <igor.v.kovalenko@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 90228ee395b71cdd64e6bc844e3d553eb9ef643f)
|
|
here's a trivial patch to fix the spelling of "compatibility":
Signed-off-by: Vagrant Cascadian <vagrant@freegeek.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
(cherry picked from commit 66c80e75752e87a9479577fda1446a7623884f01)
|
|
Fix the floppy controller init wrappers to set the drive properties
only in case the DriveInfo pointers passed in are non NULL. This allows
to set the properties using -global.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 995bf0ca57e52f4991d7f90c7eb2bbf7bc3f3c44)
|
|
Save/restore information necessary to continue in progress PIO/ATAPI CMD
transfers.
This includes the IO buffer.
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit ed487bb1d69040b9dac64a4fc076d8dd82b131d6)
|
|
Fix a race condition where qemu finds that there are not enough virtio
ring buffers available and the guest make more buffers available before
qemu can enable notifications.
Signed-off-by: Tom Lendacky <toml@us.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 06b1297017415ae6a07a0e97ad7d8e90b2d95823)
|
|
This fixes a segfault due to buffer overrun in the usb-serial device.
The memcpy was incrementing the start location by recv_used yet, the
computation of first_size (how much to write at the end of the buffer
before wrapping to the front) was not accounting for it. This causes the
next element after the receive buffer (recv_ptr) to get overwritten with
random data.
Signed-off-by: David Ahern <daahern@cisco.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 4ab4183d766f10f9fc35cd9ef4acee39f241986f)
|
|
If an I/O request fails right away instead of getting an error only in the
callback, we still need to consider rerror/werror.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 6c510fbf601fd8c6891b2f1d7165ceb82308a16f)
|
|
Current code assumes that only write requests are ever going to be restarted.
This is wrong since rerror=stop exists. Instead of directly starting writes,
use the same request processing as used for new requests.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f1b5286803ee66f73034f1f5e0e1cf14f4415f94)
|
|
We need a function that handles a single request. Create one by splitting out
code from virtio_blk_handle_output.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit bc6694d43a68baa864dba7742354a379a3347f33)
|
|
This fixes CONFIG_FB_CIRRUS for Linux guests and probably much more:
When switching away from linearly mapped vram, we also have to restore
the I/O handlers for the LFB.
This regression was once introduced by commit 2bec46dc97.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 4516e45f82b7ee0cedce875477e785989a719b67)
|
|
Win32 suffers from a very big memory leak when dealing with SCSI devices.
Each read/write request allocates memory with qemu_memalign (ie
VirtualAlloc) but frees it with qemu_free (ie free).
Pair all qemu_memalign() calls with qemu_vfree() to prevent such leaks.
Signed-off-by: Herve Poussineau <hpoussin@reactos.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f8a83245d9ec685bc6aa6173d6765fe03e20688f)
|
|
Commit 930c86820e introduced a regression to eth_send: eth_tx_desc_put
manipulates the host's tx descriptor copy before writing it back, but
two lines down the descriptor is evaluated again, leaving us with an
invalid next address if host and guest endianness differ. So this was
the actual issue commit 2e87c5b937 tried to paper over.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: malc <av1474@comtv.ru>
(cherry picked from commit 07b064e9de65a26a4cb36dfb37c7506ef17407fd)
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Commit b3a219883e uncovered that we attached the Wolfson with an I2C
address shifted left by one. Fixing this makes sound work again for
the Musicpal.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: malc <av1474@comtv.ru>
(cherry picked from commit 642582296479eabded45f262acbfea5121d2fbf8)
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Windows 7 BSODs under load with HAL_RTC_IRQF_WILL_NOT_CLEAR error.
It happens here:
hal!HalpRtcUnmaskClock:
8281b93a 8bff mov edi,edi
8281b93c 56 push esi
8281b93d 33f6 xor esi,esi
8281b93f 6a0c push 0Ch
8281b941 e8b2ffffff call hal!CMOS_READ (8281b8f8)
8281b946 84c0 test al,al
8281b948 7920 jns hal!HalpRtcUnmaskClock+0x30 (8281b96a)
8281b94a 6a0a push 0Ah
8281b94c 46 inc esi
8281b94d e854c8ffff call hal!KeStallExecutionProcessor (828181a6)
8281b952 83fe64 cmp esi,64h
8281b955 72e8 jb hal!HalpRtcUnmaskClock+0x5 (8281b93f)
8281b957 6a00 push 0
8281b959 6a00 push 0
8281b95b 6a00 push 0
8281b95d 680a010000 push 10Ah
8281b962 6a5c push 5Ch
8281b964 ff1500c38082 call dword ptr [hal!_imp__KeBugCheckEx (8280c300)]
8281b96a 5e pop esi
8281b96b c3 ret
So it loops for 100(64h) times reading register C before BSOD. Lets
reduce number of immediate reinjection well under this limit.
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit dd17765b5f77ca02b4aeaf9e42de8dd7513a0611)
|
|
This patch adds compat property entries for ide-disk.ver and
scsi-disk.ver to pc-0.10 and pc-0.11. With this patch applied
the scsi and ide disks report "0.10" and "0.11" as version when
you start qemu with "-M pc-0.10" or "-M pc-0.11".
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 374ef70452452fb729c45dcf1a73a1bd1396cfda)
|
|
This patch adds a new property named 'ver' to scsi-disk which allows to
specify the version which the virtual disk/cdrom should report to the
guest. By default this is the qemu version (i.e. 0.12). usage:
-drive if=none,id=disk,file=...
-device lsi
-device scsi-disk,drive=disk,bus=scsi.0,unit=0,ver=42
You can also switch the version for all scsi drives using:
-global scsi-disk.ver=42
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 383b4d9b79e3a71b1d5cadd34989b1c0e2a05832)
|
|
This patch adds a new property named 'ver' to ide-drive which allows to
specify the version which the virtual disk/cdrom should report to the
guest. By default this is the qemu version (i.e. 0.12). usage:
-drive if=none,id=disk,file=...
-device ide-drive,bus=ide.0,unit=0,drive=disk,ver=42
You can also switch the version for all ide drives using:
-global ide-drive.ver=42
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 47c063403065793ad6e1d2fdde27d69a00880752)
|
|
Since commit 747bbdf7 QEMU_WARN_UNUSED_RESULT is never defined as it is
conditional on a define from config-host.h which is included only later.
Include that file earlier to get the warnings back.
Reactivating it unfortunately leads to some warnings about unused qdev_init
results. These calls are changed to qdev_init_nofail to avoid build failures.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit beb6f0de7aa19ce62fdd21a876b8c171ac7fde2e)
|
|
So '-M pc-0.10' and '-M pc-0.11' will use the fw_cfg rom load method
by default.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 20a86364c9e421c4f9ce457251fa8df031cd5078)
|
|
This patch adds a pci bus property 'rombar' which specifies whenever
the pci rom should be loaded via pci rom bar (default) or via fw_cfg.
The later can be used for compatibility with older qemu versions where
no pci rom bar is present.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 88169ddf82853ca892ce7bee279579c8a0ac03e5)
|
|
This patch changes the way rom loading via fw_cfg is handled.
Instead of having pc_init1() call a function which passed all
roms to the firmware config we simply pass a pointer to fw_cfg
to the rom loader.
Advantage: loading roms via firmware works also for devices which
are initialized after pc_init1(), i.e. everyting added via -device.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 8832cb805dcb65009b979cd8e17d75ac4b03c7e4)
|
|
Changes:
- make dir argument mandatory, we allways have one anyway
(vgaroms or genroms).
- check for duplicates, skip loading if found.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit de9352bcaed2452af1d2b06b829748676c691794)
|
|
Changes:
- Drop extra file argument from rom_add_file().
- Drop fw_dir check in do_info_roms, we allways have a dir name.
- code style fixes.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit bdb5ee3064d5ae786b0bcb6cf6ff4e3554a72990)
|
|
Add a new machine type for qemu 0.12.
Also fixup the 0.11 machine type: msi for virtio-blk-pci was enabled
after the 0.11 release, so turn it off in the 0.11 machine type.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 2cae6f5e34d85fe44ec2329a7fbc22dc8cfb079f)
|
|
Similarly to what has been done in e405a2ba91b68817cae2a428de55fe9616a4cf37,
ignore rom intended to be loaded by the bios in find_rom() and rom_copy().
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit f21a59c224a6fdf7b30c3fe551fd93043e537f6c)
|
|
Since patch ed757e140c0ada220f213036e4497315d24ca8bct, virtio will
sometimes clear all status registers on bus master disable, which loses
information such as VIRTIO_CONFIG_S_FAILED bit. This is a result of
a patch being misapplied: code uses ! instead of ~ for bit
operations as in Yan's original patch. This obviously does not make
sense.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 49e75cf38848e6da70c0e9ddb4d994e9d71a9625)
|
|
Check that the cursor dimensions passed from the guest for the
DEFINE_CURSOR command don't overflow the available space in the
cursor.image[] or cursor.mask[] arrays before copying data from the
guest into those arrays.
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f2d928d44ebc918750c94f3605c1417f1f653ec9)
|
|
The first such option rom will load at address 0, which isn't very nice,
and the second will report a conflict and abort, which is horrible.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit e405a2ba91b68817cae2a428de55fe9616a4cf37)
|
|
Stepping through the SS-5's OBP initialization routines
it looks like reading fdc main status register should
clear the fd interrupt.
The patch doesn't fix problems with fdc on sparc platform,
it only fixes fdc detection.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
According to the SCSI-2 specification,
http://ldkelley.com/SCSI2/SCSI2/SCSI2/SCSI2-08.html#8.2.5 ,
"if the allocation length of the command descriptor block (CDB) is too
small to transfer all of the parameters, the additional length shall
not be adjusted to reflect the truncation."
The 36 mandatory bytes of response are written to outbuf, and then
only the length requested in CDB is transferred.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
ROMs need to be loaded if they are anywhere in the requested area, not
only at the very beginning. This fixes Multiboot with ELF kernels that
have more than one program header.
Signed-off-by: Kevin Wolf <mail@kevin-wolf.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 935effc2bbd2c441b755a8d280811a9763fdb98c)
|
