aliguori [Thu, 11 Dec 2008 21:20:03 +0000 (21:20 +0000)]
pci: virtio: use pci id defines (Gerd Hoffman)
Use the defines added by the previous patch in the virtio drivers.
Also remove the pointless vendor and device args from the
virtio_blk_init() function.
aliguori [Thu, 11 Dec 2008 21:15:42 +0000 (21:15 +0000)]
pci: add default pci subsystem id for all devices (Gerd Hoffman)
This sets a default PCI subsystem ID for all emulated PCI devices. PCI
specs require this, so do it.
In many cases it is enougth to know the PCI ID to handle a device
correctly. Sometimes a device driver must identify the exact piece of
hardware (via PCI Subsystem ID) though.
What does this patch to qemu devices:
Right now the emulated PCI devices have no PCI subsystem ID, only the
PCI ID. The discussed patch sets a default PCI subsystem ID for all
emulated devices. Which will make the qemu devices look pretty much
like in the laptop case: all PCI subsystem IDs will point to qemu by
default.
If a driver emulates a very specific piece of hardware where it has to
emulate more than just the PCI chip, it can overwrite the PCI subsystem
ID without problems. The es1370 driver does that for example.
aliguori [Thu, 11 Dec 2008 21:06:49 +0000 (21:06 +0000)]
Fix handling of disk-only snapshots (Kevin Wolf)
When creating a snapshot with multiple qcow2 disks attached, the current
behaviour is that qemu creates a disk snapshot on all of them and
chooses one to write the VM state to.
Despite having the state only in one image, loadvm tries to restore the
VM state from the middle of nowhere if you run qemu a second time with
only one of the other images attached. In the lucky case it will fail
because there simply is no state, but it also can happen that it loads
the state of a different snapshot (the one this new one is based upon).
The fix is to write a zero VM state size to the images which don't
contain the state, and check this in loadvm.
I agree that you probably have to provoke such things intentionally to
get in a state like this with qemu itself. However, with my second patch
that adds snapshot support to qemu-img it could become a reasonable use
case to have snapshots with and without VM states on the same image.
blueswir1 [Thu, 11 Dec 2008 17:30:50 +0000 (17:30 +0000)]
Allow to register a callback with fw_cfg_add_callback()
fw_cfg_add_callback() checks if key has FW_CFG_WRITE_CHANNEL bit set
after masking the key with FW_CFG_ENTRY_MASK.
But as FW_CFG_ENTRY_MASK is ~(FW_CFG_WRITE_CHANNEL | FW_CFG_ARCH_LOCAL),
the bit is never set and function exits.
This patch corrects this by checking the bit before masking the value.
aurel32 [Wed, 10 Dec 2008 17:31:51 +0000 (17:31 +0000)]
target-sh4: Add SH bit handling to TLB
This patch adds SH bit handling to sh4's TLB, which is a part of MMU
functionality that had not been implemented in qemu.
Additionally, increment_urc() call in cpu_load_tlb() is deleted, because
the specification explicitly says that URC is not incremented by an LDTLB
instruction (at Section 3 of SH7751 Hardware manual(REJ09B0370-0400)).
Even though URC is not needed to be strictly same as HW because it is a
random number, this condition is not negligible.
This patch adds support for 64-bit Block Move instructions. There are multiple
modes for 64-bit Block moves, direct, indirect, and table indirect. This patch
implements Direct and Table indirect moves which are needed by 64-bit windows
and SYM_CONF_DMA_ADDRESSING_MODE=2 for the Linux sym53c8xx_2 driver respectively.
Two helper functions are included to check which mode the guest is using. For
64-bit direct moves, we fetch a 3rd DWORD and store the value in the DBMS
register. For Table Indirect moves, we look into the table for which register
contains the upper 32-bits of the 64-bit address. This selector value indicates
which register to pull the value from and into dnad64 register.
Finally, lsi_do_dma is updated to use the approriate register to build a 64-bit
DMA address if required.
With this patch, Windows XP x64, 2003 SP2 x64, can now install to scsi devices.
Linux SYM_CONF_DMA_ADDRESSING_MODE=2 need a quirk fixup in Patch 4 to function
properly.
monitor_readline expects buf_size to include the terminating \0, but
do_change_vnc in monitor.c calls it as though it doesn't. The other site
where monitor_readline reads a password (in vl.c) passes the buffer
length
correctly.
aurel32 [Wed, 10 Dec 2008 15:02:16 +0000 (15:02 +0000)]
target-i386: Fix jmp im on x86_64 when executing 32-bit code
When running grub-install (32-bit) on an x86_64 Linux system in qemu, it
hangs on a pagefault forever, because an integer overflow occurs on the
IP on "jmp im". This patch masks overflows for 32 bit IPs on a 64 bit
system, just like it is done for 16 bit IPs already.
Using this patch, x86_64 openSUSE installation works again.
aurel32 [Wed, 10 Dec 2008 15:02:07 +0000 (15:02 +0000)]
MIPS Magnum: fix memory-mapped i8042
Current implementation of memory-mapped i8042 controller is atm
implemented with an interface shift (it_shift) parameter, like most all
memory-mapped devices in Qemu.
However, this isn't suitable for MIPS Magnum, where i8042 controller is at
0x80005000 up to 0x80005fff.
Thomas Bogendoerfer (from #mipslinux) tested the behaviour of a real
machine, and found that odd addresses are for status/command register, and
even addresses for data register.
Attached patch implements this behaviour by replacing the it_shift
parameter by a mask one.
Incidentally, keyboard now works on OpenBSD 2.3, which accesses i8042
controller at 0x80005060 and 0x80005061.
aliguori [Tue, 9 Dec 2008 20:09:57 +0000 (20:09 +0000)]
KVM: Coalesced MMIO support
MMIO exits are more expensive in KVM or Xen than in QEMU because they
involve, at least, privilege transitions. However, MMIO write
operations can be effectively batched if those writes do not have side
effects.
Good examples of this include VGA pixel operations when in a planar
mode. As it turns out, we can get a nice boost in other areas too.
Laurent mentioned a 9.7% performance boost in iperf with the coalesced
MMIO changes for the e1000 when he originally posted this work for KVM.
aliguori [Tue, 9 Dec 2008 19:59:09 +0000 (19:59 +0000)]
Disable KVM support if the kernel modules have broken memory slot handling
Prior to kvm-80, memory slot deletion was broken in the KVM kernel
modules. In kvm-81, a new capability is introduced to signify that this
problem has been fixed.
Since we rely on being able to delete memory slots, refuse to work with
any kernel module that does not have this capability present.
aurel32 [Mon, 8 Dec 2008 18:12:26 +0000 (18:12 +0000)]
linux-user: Fix h2g usage in page_find_alloc
Paul's comment on my first approach to fix the h2g usage in
page_find_alloc finally open my eyes about what the code is actually
supposed to do:
With the help of h2g_valid we can no cleanly check if a freshly allocate
page (for host usage) is guest-reachable and, in case it is, mark it
reserved in the guest's address range.
aurel32 [Mon, 8 Dec 2008 18:12:11 +0000 (18:12 +0000)]
linux-user: Safety belt for h2g
h2g can only work on 64-bit hosts if the provided address is mappable to
the guest range. Neglecting this was already the source for several
bugs. Instrument the macro so that it will trigger earlier in the
future (at least as long as we have this kind of mapping mechanism).
aurel32 [Mon, 8 Dec 2008 18:11:21 +0000 (18:11 +0000)]
target-ppc: memory load/store rework
Rework the memory load/store:
- Unify load/store functions for 32-bit and 64-bit CPU
- Don't swap values twice for bit-reverse load/store functions
in little endian mode.
- On a 64-bit CPU in 32-bit mode, do the address truncation for
address computation instead of every load store. Truncate the
address when incrementing the address (if needed)
- Cache writes to access_types.
- Add a few missing calls to gen_set_access_type()
aurel32 [Sun, 7 Dec 2008 22:46:49 +0000 (22:46 +0000)]
SH4: SCI improvement
This patch simply implement one register of SH4's SCI := Serial Communication Interface.
R2D evaluation board uses SCI for SPI connection. So, Linux kernel for R2D with
default configuration causes a QEMU assertion failure when it initializes SPI driver.
This patch avoids it and reduces the kernel config modification work for QEMU.
Completing SCI implementation task is left. Other board support is desirable to confirm
this task, which uses SCI for a serial terminal.
aurel32 [Sun, 7 Dec 2008 22:46:31 +0000 (22:46 +0000)]
SH4: Implement FD bit
SH4 manual say that if a floating point instruction is executed while
FD bit in the status register is 1, an exception should be raised. QEMU
presently does not do that, so the kernel does not initialize FP state
for any thread, nor does it save/restore FP state. The most apparent
consequence is that while recent gcc/libc expect double-precision mode
to be set by kernel, they run in single-precision mode, and all FP code
produces wrong values.
This patch fixes this. It also fixes a couple of places where PC was
not updated before handling an exception, although both those places
deal with invalid instruction and don't lead to any user-visible bugs.
aurel32 [Sun, 7 Dec 2008 20:35:00 +0000 (20:35 +0000)]
Some cleanups after dyngen removal
1. hostregs_helper.h: fix comment
2. translate-all.c: rename dyngen_code(_search_pc) to
tcg_gen_code(_search_pc)
3. tcg.c:
- rename dyngen_table_op_count to tcg_table_op_count
- no need to generate a log of dyngen ops generated
- rename dyngen_code(_search_pc) to tcg_gen_code(_search_pc)
4. tcg.h: rename dyngen_code(_search_pc) to
tcg_gen_code(_search_pc)
balrog [Sun, 7 Dec 2008 19:39:58 +0000 (19:39 +0000)]
SH4: Eliminate P4 to A7 mangling (Takashi YOSHII).
Main purpose of this is to delete
*physical = address & 0x1fffffff;
at target-sh4/helper.c:449, using new mmio rule introduced by #5849
This masking is a nice trick to realize P4/A7 duality of SH registers.
But, IMHO, it is logically wrong.
Most of SH4 cpu control registers in P4 area(0xfc000000...0xffffffff) have
one more address called A7 which is usually P4 address with upper 3bits masked.
This is an address only appears in TLB's physical address part.
Current code use trick writing drivers as if they are really in A7
(that's why you see many *_A7 in hw/sh*.c), and using translation P4 to A7.
balrog [Sun, 7 Dec 2008 19:33:15 +0000 (19:33 +0000)]
SH: improve the way sh7750 registers io memory (Takashi YOSHII).
Fixes to be needed for commit #5849 "Change MMIO callbacks..."
hw/sh7750.c:
- Divide region of CPU control registers to avoid overlapping
to peripheral modules.
- Delete unused var "icr", which had moved to hw/sh_intc.c.
hw/sm501.c:
- Merge non page aligned palette registers into the region of
control registers.
balrog [Sun, 7 Dec 2008 19:20:43 +0000 (19:20 +0000)]
SH: r2d pci support (Takashi YOSHII).
This patch adds pci support to sh/r2d board.
This is the first user of PCIC support I formerly sent.
PCIC actually is inside of chip with CPU core on SH7751.
But, this code is written as if SH7750 and PCIC are on board.
I care little about physical device boundary, but fitting with qemu's
design.
This patch also adds some BSC (Bus State Controller) registers,
because PCI device driver software have to accesses them.
balrog [Sun, 7 Dec 2008 18:41:42 +0000 (18:41 +0000)]
sh4: mmio based CF support on r2d board (Takashi YOSHII).
This patch adds emulation for a CompactFlash on sh4/r2d board.
The device is CF, but wired to be worked as True-IDE mode, and connected
directly to SH bus. So, this code is to support generally mmio based
IDEs which are supported by "pata_platform" driver in linux kernel.
aurel32 [Sun, 7 Dec 2008 18:15:45 +0000 (18:15 +0000)]
Some cleanups after dyngen removal
this patch removes some now unused things after dyngen removal.
1. dyngen-exec.h: op_param, op _jmp and some associated macros
are now unused;
2. Makefile.target: tcg-dyngen is not needed anymore
2. tcg/tcg-op.h, tcg/tcg-opc.h: gen-op.h is dead
3. tcg.c:
- INDEX_op_end is now the first op
- CONFIG_DYNGEN_OP is never defined
4. tcg.h: dyngen_op not needed anymore
5. exec-all.h: remove some ASM macros.
aurel32 [Sun, 7 Dec 2008 18:15:23 +0000 (18:15 +0000)]
slirp: fix CVE 2007-5729
The emulated network cards in QEMU allows local users to execute arbitrary
code by writing Ethernet frames with a size larger than the slirp's default
MTU, which triggers a heap-based buffer overflow in the slirp library.
balrog [Sun, 7 Dec 2008 13:32:09 +0000 (13:32 +0000)]
Patch holes in ARM translation (Laurent Desnogues).
- gen_set_CF_bit31: use the right value to set carry flag
- shifter_out_im: remove a spurious semi-colon
- add a break for VSHRN, VRSHRN, VQSHRN, VQRSHRN
size 2 case
- sbfx, ubfx are v6t2 instructions
The correct cps user mode behaviour is unclear so it's left out from the
commit until ARM decides it.
balrog [Sun, 7 Dec 2008 03:12:54 +0000 (03:12 +0000)]
SCSI: Handle inquiry commands of varying length (Justin Chevrier).
Openserver 5.0.5 sends an Inquiry command to the emulated SCSI disk
expecting a response length of 40 bytes. Currently the response to an
Inquiry command is hardcoded to 36 bytes. When receiving a response of
length 36 instead of 40 Openserver panics.
Modifications to original patch based on feedback from Ryan Harper and Paul
Brook. Thanks guys.
Basically after each DMA transfer the Openserver driver would issue an
empty (0) SCRIPTS opcode. As the opcode is essentially a NOP it has no
second DWORD and therefore the DSP should only be incremented by 4 bytes
instead of the 8 bytes we currently do.
Note the 2nd DWORD after the empty opcode; the next opcode in the DMA
transfer sequence. As can be expected the address after that has the next
DMA address to use.
After the attached patch the DMA transfer is able to complete successfully:
projects / qemu.git / log