Currently on the pseries machine the SLOF firmware is used normally,
but we bypass it when -kernel is specified. Having these two
different boot paths can cause some confusion.
In particular at present we need to "probe" the (emulated) PCI bus and
produce device tree nodes for the PCI devices in qemu, for the -kernel
case. In the SLOF case, it takes the device tree from qemu adds some
stuff to it then passes it on to the kernel.
It's been decided that a better approach is to always boot through
SLOF, even when using -kernel. WIth this approach we can leave PCI
probing and device node creation to SLOF in all cases which removes a
bunch of code in qemu, and avoids iterating the PCI devices from the
machine specific init code which we're not supposed to do.
This patch changes qemu to always boot through SLOF, and not to create
PCI nodes. Simultaneously it updates the included version of SLOF
(submodule and binary image) to one which supports (and requires) the
new approach.
The new SLOF version also includes a number of unrelated enhancements:
support for booting from virtio-pci devices and e1000, greatly
improved FCode support and many bugfixes. It also makes SLOF ready to
be used even when specifying a kernel on the qemu command line.
David Gibson [Wed, 11 Jan 2012 19:46:26 +0000 (19:46 +0000)]
pseries: Use correct dispatcher for PCI config space accesses
The pseries machine expects a para-virtualized guest and so supplies RTAS
functions (via a hypercall) for performing PCI config space access.
Currently the implementation of these calls into
pci_default_{read,write}_config(). However this would be incorrect for
any PCI device which overrides the default config read/write functions.
AFAICT there's only one such device today, but we should still get it
right. In addition the pci_host_config_{read,write}_common() functions
which do correctly do this dispatch, perform bounds checking on the config
space address, lack of which currently leads to an exploitable bug.
pseries: Support PCI extended config space in RTAS calls
On the pseries machine (which expexts a paravirtualized guest), guest
access to PCI config space is via host-provided RTAS functions. This
patch extends these RTAS functions to permit access to PCI extended
config space, as specified in PAPR.
David Gibson [Wed, 11 Jan 2012 19:46:24 +0000 (19:46 +0000)]
Correct types in bmdma_addr_{read,write}
Back when I made patches introducing dma_addr_t and various PCI DMA
wrapper functions, I made a mistake. The bmdma_addr_{read,write} functions
need to take target_phys_addr_t not dma_addr_t, since they are assigned
to MemoryRegionOps callbacks.
Fix dirty logging with 32-bit qemu & 64-bit guests
The kvm_get_dirty_pages_log_range() function uses two address
variables to step through the monitored memory region to update the
dirty log. However, these variables have type unsigned long, which
can overflow if running a 64-bit guest with a 32-bit qemu binary.
This patch changes these to target_phys_addr_t which will have the
correct size.
load_image_targphys() gets passed a max size for the file, but doesn't
enforce it at all. Add a check and return -1 (error) if the file is
too big, without loading it. Fix the bracing style in the function
while we're at it.
Alexander Graf [Tue, 10 Jan 2012 22:33:10 +0000 (23:33 +0100)]
virtio: change memcpy to guest reads
When accessing the device specific virtio config space, we memcpy
the data into a variable in QEMU. At that point we're basically
pulling host endianness into the game which is a really bad idea.
So instead, let's use the target specific load/store helpers for
memory pointers which fetch things in target endianness. The whole
array is already populated in target endianness anyways
(see virtio-blk).
The virtio config area in PIO space is a bit special. The initial
header is little endian but the rest (device specific) is guest
native endian.
The PIO accessors for PCI on machines that don't have native IO ports
assume that all PIO is little endian, which works fine for everything
except the above.
A complicated way to fix it would be to split the BAR into two memory
regions with different endianess settings, but this isn't practical
to do, besides, the PIO code doesn't honor region endianness anyway
(I have a patch for that too but it isn't necessary at this stage).
So I decided to go for the quick fix instead which consists of
reverting the swap in virtio-pci in selected places, hoping that when
we eventually do a "v2" of the virtio protocols, we sort that out once
and for all using a fixed endian setting for everything.
Signed-off-by: Benjamin Herrenschmidt <[email protected]> Signed-off-by: Alexander Graf <[email protected]>
[agraf: keep virtio in libhw and determine endianness through a
helper function in exec.c] Reviewed-by: Anthony Liguori <[email protected]>
Alexander Graf [Tue, 10 Jan 2012 18:39:38 +0000 (19:39 +0100)]
PPC: Bamboo: fold ppc440.c and ppc440_bamboo.c into a single file
The separation of ppc440 and ppc440_bamboo makes some sense, since ppc440
is the SoC while ppc440_bamboo is the actual board. But the separation
makes things harder for us for no good reason, so let's just fold them
in together with each other.
Alexander Graf [Tue, 10 Jan 2012 18:36:26 +0000 (19:36 +0100)]
PPC: 4xx: Qdevify the 440 PCI host controller
Due to popular demand, this qdevifies the PCI host controller of 4xx SoCs
the same way as e500.
We have to introduce a small stub function for pci init that will be
removed in a later patch, once we qdev'ified the board, to keep the build
working.
Alexander Graf [Tue, 3 Jan 2012 18:15:16 +0000 (19:15 +0100)]
PPC: 440: Ignore invalid PCI IRQs
When running a 440 target, we currently get invalid irq_num values (-1)
which completely confuse the IRQ setting code.
This is most likely due to the missing qdev conversion.
While this shouldn't happen in the first place and should really rather
be fixed by converting the target, I dislike segfaults. So for now, let's
just print a warning and ignore invalid irq_num values.
Alexander Graf [Tue, 3 Jan 2012 18:12:47 +0000 (19:12 +0100)]
PPC: Bamboo: Set initial TLB entry
Back in the day when the bamboo target got introduced, the initial TLB was
dictated by KVM. TCG has been missing initial TLB values ever since, rendering
the target unusable for TCG usage.
This patch adds linear TLB maps the way Linux expects them, making the target
work.
Alexander Graf [Tue, 3 Jan 2012 18:10:02 +0000 (19:10 +0100)]
PPC: Bamboo: Register CPU reset
To be able to support CPU reset, we need to put all register initialization
and initial state into a CPU reset hook instead of a function that is only
called once on bootup.
This is a preparation step for the initial TLB setting code and brings bamboo
more in line with what e500 and virtex already do.
Anthony Liguori [Thu, 19 Jan 2012 15:23:59 +0000 (09:23 -0600)]
Merge remote-tracking branch 'stefanha/trivial-patches' into staging
* stefanha/trivial-patches:
Makefile: Remove generated headers on clean
Makefile: Exclude tests/Makefile in unconfigured tree
lm32: Fix mixup of uint32 and uint32_t
tests: Silence gtester in Makefile
qemu-tool: Fix mixup of int64 and int64_t
Anthony Liguori [Thu, 19 Jan 2012 15:19:44 +0000 (09:19 -0600)]
Merge remote-tracking branch 'pmaydell/arm-devs.for-upstream' into staging
* pmaydell/arm-devs.for-upstream:
arm: make the number of GIC interrupts configurable
hw/lan9118: Add save/load support
arm: Remove incorrect comment in arm_timer
vexpress, realview: Add (dummy) L2 cache controller
Anthony Liguori [Thu, 19 Jan 2012 14:34:38 +0000 (08:34 -0600)]
Merge remote-tracking branch 'kraxel/usb.37' into staging
* kraxel/usb.37:
usb-redir: Improve some debugging messages
usb-redir: Try to keep our buffer size near the target size
usb-redir: Pre-fill our isoc input buffer before sending pkts to the host
usb-redir: Dynamically adjust iso buffering size based on ep interval
usb-redir: Clear iso / irq error when stopping the stream
usb: link packets to endpoints not devices
usb: add max_packet_size to USBEndpoint
usb/debug: add usb_ep_dump
usb-desc: USBEndpoint support
usb: add ifnum to USBEndpoint
usb: add USBEndpoint
xhci: Initial xHCI implementation
usb: add audio device model
usb-desc: audio endpoint support
usb: track altsetting in USBDevice
usb: track configuration and interface count in USBDevice.
usb-host: rip out legacy procfs support
Andreas Färber [Tue, 17 Jan 2012 12:16:05 +0000 (13:16 +0100)]
Makefile: Exclude tests/Makefile in unconfigured tree
Since commit dbfe06c62ccedc5b64e1c6466445133dd50f6de1 (build:
split unit test builds to a separate makefile fragment),
in absence of config-host.mak an undefined $(SRC_PATH) breaks
`make distclean' due to /tests/Makefile not being include'able.
Fix by only including when config-host.mak is present.
Stefan Hajnoczi [Wed, 4 Jan 2012 22:23:32 +0000 (22:23 +0000)]
qerror: add check-qerror.sh to verify alphabetical order
We're supposed to keep qerror definitions and table entries in
alphabetical order. In practice this is not checked.
I haven't found a nice way to integrate this into the makefile yet but
we can at least have this script which verifies that qerrors are in
alphabetical order.
Anthony Liguori [Fri, 2 Sep 2011 17:34:50 +0000 (12:34 -0500)]
monitor: expose readline state
HMP is now implemented in terms of QMP. The monitor has a bunch of logic to
deal with HMP right now like readline support. Export it from the monitor so
we can consume it in hmp.c.
In short time, hmp.c will take over all of the readline bits.
Mark Langsdorf [Tue, 17 Jan 2012 10:54:07 +0000 (10:54 +0000)]
arm: make the number of GIC interrupts configurable
Increase the maximum number of GIC interrupts for a9mp and a11mp to 1020,
and create a configurable property for each defaulting to 96 and 64
(respectively) so that device modelers can set the value appropriately
for their SoC. Other ARM processors also set their maximum number of
used IRQs appropriately.
Set the maximum theoretical number of GIC interrupts to 1020 and
update the save/restore code to only use the appropriate number for
each SoC.
Instantiate the L2 cache controller on the ARM devboards which have one,
since we have a dummy model of it now. Note that the only non-MP board
with an L2x0 is the PB1176, which we don't model.
Hans de Goede [Tue, 10 Jan 2012 13:13:07 +0000 (14:13 +0100)]
usb-redir: Try to keep our buffer size near the target size
Before this patch we would allow the (iso) buffer to grow unlimited
(and it would under certain circumstances) leading to way too high
latencies for iso data streams.
Hans de Goede [Tue, 10 Jan 2012 13:13:05 +0000 (14:13 +0100)]
usb-redir: Dynamically adjust iso buffering size based on ep interval
Note the bufpq_target_size id stored in the endpoint info struct,
even though it only used once. This is done because it will be
referenced from other code in a follow up patch.
Hans de Goede [Tue, 10 Jan 2012 13:13:04 +0000 (14:13 +0100)]
usb-redir: Clear iso / irq error when stopping the stream
And ignore status messages from the client which arrive after stream
stop (the stream stop send to the client and an error status reported by
the client my cross each other due to network latency).
Gerd Hoffmann [Mon, 29 Aug 2011 10:49:46 +0000 (12:49 +0200)]
usb: add USBEndpoint
Start maintaining endpoint state at USBDevice level. Add USBEndpoint
struct and some helper functions to deal with it. For now it contains
the endpoint type only. Moved over some bits from usb-linux.c
Hectors's implementation completely sidestepped the qemu usb system and
used libusb directly for usb device pass through. So I've ripped out
the libusb bits (or left them in disabled, as reference for further
coding) and hooked up the qemu subsystem instead. That work is not
complete yet though, partly due to limitations of the qemu usb
subsystem. Nevertheless I think it is better to continue development
in-tree, especially as the qemu usb bits need a bunch of improvements
too for decent usb 3.0 support.
Current state:
- usb-storage emulation should work ok.
- Devices which need constant polling (HID emulation like usb-tablet)
are known to not work.
- ISO xfers are not implemented yet.
- superspeed ports are not implemented yet.
- usb pass-through is completely untested so far.
Evgeny Voevodin [Fri, 13 Jan 2012 20:52:40 +0000 (20:52 +0000)]
hw/arm_boot.c: Make SMP boards specify address to poll in bootup loop
The secondary CPU bootloader in arm_boot.c holds secondary CPUs in a
pen until the primary CPU releases them. Make boards specify the
address to be polled to determine whether to leave the pen (it was
previously hardcoded to 0x10000030, which is a Versatile Express/
Realview specific system register address).
u-boot uses single automatic scans and polling in
pxa2xx_keypad driver, so clear KPC_AS bit immediately
and update keys state even if KPC_AS and KPC_ASACT are
cleared.
Peter Maydell [Fri, 13 Jan 2012 17:25:08 +0000 (17:25 +0000)]
target-arm: Fix errors in decode of M profile CPS
Fix errors in the decode of M profile CPS:
* the decode of the I (affects PRIMASK) and F (affects FAULTMASK)
bits was reversed
* the FAULTMASK system register number is 19, not 17
Paolo Bonzini [Fri, 13 Jan 2012 16:44:23 +0000 (17:44 +0100)]
prepare for future GPLv2+ relicensing
All files under GPLv2 will get GPLv2+ changes starting tomorrow.
event_notifier.c and exec-obsolete.h were only ever touched by Red Hat
employees and can be relicensed now.
Amit Shah [Fri, 13 Jan 2012 09:59:48 +0000 (15:29 +0530)]
virtio-console: no need to remove char handlers explicitly
qdev is now equipped (thanks to the last commit) to disassociate
chardevs from the qdev devices on the devices going away. So doing it
in the virtio-console driver is not necessary.
Since that was the only thing being done in the qdev exit method, drop
it entirely.
Paolo Bonzini [Fri, 23 Dec 2011 14:39:03 +0000 (15:39 +0100)]
virtio-blk: refuse SG_IO requests with scsi=off
QEMU does have a "scsi" option (to be used like -device
virtio-blk-pci,drive=foo,scsi=off). However, it only
masks the feature bit, and does not reject the command
if a malicious guest disregards the feature bits and
issues a request.
Without this patch, using scsi=off does not protect you
from CVE-2011-4127.
Anthony Liguori [Fri, 13 Jan 2012 13:45:55 +0000 (07:45 -0600)]
qdev: fix device_del by refactoring reference counting
Commit 8eb0283 broken device_del by having too overzealous reference counting
checks. Move the reference count checks to qdev_free(), make sure to remove
the parent link on free, and decrement the reference count on property removal.
Anthony Liguori [Fri, 13 Jan 2012 16:17:49 +0000 (10:17 -0600)]
Merge remote-tracking branch 'stefanha/trivial-patches' into HEAD
* stefanha/trivial-patches:
bt-host: add missing break statement
virtfs-proxy-helper: Add missing printf format attribute
virtfs-proxy-helper: Clean include files
virtfs-proxy-helper: Fix compilation on newer systems
hmp: Fix freeing of PciInfoList
Add 'fall through' comments to case statements without break
omap_dss: correct chip[1] index in RFBI_READ/RFBI_STATUS
vnc: fix no-lock-key-sync strncmp() length
vvfat: avoid leaking file descriptor in commit_one_file()
Spelling fixes in comments and documentation
tcg-arm: fix a typo in comments
configure: Modify detection of supported warning options
Aurelien Jarno [Fri, 13 Jan 2012 15:01:40 +0000 (16:01 +0100)]
target-i386: fix compilation with --enable-debug-tcg
Commit 2355c16e74ffa4d14e7fc2b4a23b055565ac0221 introduced a new ldmxcsr
helper taking an i32 argument, but the helper is actually passed a long.
Fix that by truncating the long to i32.
Stefan Hajnoczi [Thu, 12 Jan 2012 14:17:04 +0000 (14:17 +0000)]
bt-host: add missing break statement
The switch statement in bt_host_read() is missing a break in one case.
Andrzej Zaborowski <[email protected]> confirmed that this is
not an intentional fall-through.
Stefan Weil [Wed, 11 Jan 2012 18:34:30 +0000 (19:34 +0100)]
virtfs-proxy-helper: Clean include files
The common standard include files are already included via qemu-common.h,
and for the socket related include files there is qemu_socket.h, so the
code can be reduced by some lines.
Stefan Hajnoczi [Sat, 7 Jan 2012 11:59:59 +0000 (11:59 +0000)]
omap_dss: correct chip[1] index in RFBI_READ/RFBI_STATUS
The RFBI_READ/RFBI_STATUS code incorrectly uses chip[0] when it should
be using chip[1]. Andrzej Zaborowski <[email protected]> confirmed this
bug since I don't know this code well.
Stefan Hajnoczi [Fri, 6 Jan 2012 16:57:45 +0000 (16:57 +0000)]
vnc: fix no-lock-key-sync strncmp() length
The no-lock-key-sync option is being parsed incorrectly because of an
outdated strcmp() length value. Use the correct length so that invalid
option names do not match.
projects / qemu.git / log