sdk/emulator/qemu.git
13 years agovmdk: fix endianness bugs
Alexander Graf [Tue, 24 May 2011 22:46:55 +0000 (00:46 +0200)]
vmdk: fix endianness bugs

The vmdk code is sloppy when handling the header descriptor during
creation of an image. Fix all header accesses in the create path to
either store native endianness or convert it when appropriate.

Reported-by: Yury Tsarev <ytsarev@novell.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
13 years agoblock: clarify the meaning of BDRV_O_NOCACHE
Christoph Hellwig [Tue, 17 May 2011 16:04:06 +0000 (18:04 +0200)]
block: clarify the meaning of BDRV_O_NOCACHE

Change BDRV_O_NOCACHE to only imply bypassing the host OS file cache,
but no writeback semantics.  All existing callers are changed to also
specify BDRV_O_CACHE_WB to give them writeback semantics.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
13 years agoide/core: Remove explicit setting of BM_STATUS_INT
Kevin Wolf [Thu, 19 May 2011 14:42:24 +0000 (16:42 +0200)]
ide/core: Remove explicit setting of BM_STATUS_INT

BM_STATUS_INT is automatically set during ide_set_irq(), there's no reason to
set it manually in addition.

There is even one case where the interrupt status bit was set, but no IRQ was
raised. This is when the PRD table was reached but there is more data to
transfer. The correct behaviour for this case is not to set BM_STATUS_INT.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
13 years agoAdd an isa device for SGA
Glauber Costa [Mon, 16 May 2011 18:45:08 +0000 (15:45 -0300)]
Add an isa device for SGA

This patch adds a dummy legacy ISA device whose responsibility is to
deploy sgabios, an option rom for a serial graphics adapter.
The proposal is that this device is always-on when -nographics,
but can otherwise be enable in any setup when -device sga is used.

[v2: suggestions on qdev by Markus ]
[v3: cleanups and documentation, per list suggestions ]

Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agojson-parser: add handling for NULL token list
Michael Roth [Wed, 1 Jun 2011 17:15:00 +0000 (12:15 -0500)]
json-parser: add handling for NULL token list

Currently a NULL token list will crash the parser, instead we have it
pass back a NULL QObject.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agojson-streamer: add handling for JSON_ERROR token/state
Michael Roth [Wed, 1 Jun 2011 17:14:59 +0000 (12:14 -0500)]
json-streamer: add handling for JSON_ERROR token/state

This allows a JSON_ERROR state to be passed to the streamer to force a
flush of the current tokens and pass a NULL token list to the parser
rather that have it churn on bad data. (Alternatively we could just not
pass it to the parser at all, but it may be useful to push there errors
up the stack. NULL token lists are not currently handled by the parser,
the next patch will address that)

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agojson-lexer: make lexer error-recovery more deterministic
Michael Roth [Wed, 1 Jun 2011 17:14:58 +0000 (12:14 -0500)]
json-lexer: make lexer error-recovery more deterministic

Currently when we reach an error state we effectively flush everything
fed to the lexer, which can put us in a state where we keep feeding
tokens into the parser at arbitrary offsets in the stream. This makes it
difficult for the lexer/tokenizer/parser to get back in sync when bad
input is made by the client.

With these changes we emit an error state/token up to the tokenizer as
soon as we reach an error state, and continue processing any data passed
in rather than bailing out. The reset token will be used to reset the
tokenizer and parser, such that they'll recover state as soon as the
lexer begins generating valid token sequences again.

We also map chr(192,193,245-255) to an error state here, since they are
invalid UTF-8 characters. QMP guest proxy/agent will use chr(255) to
force a flush/reset of previous input for reliable delivery of certain
events, so also we document that thoroughly here.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agojson-lexer: fix flushing logic to not always go to error state
Michael Roth [Wed, 1 Jun 2011 17:14:57 +0000 (12:14 -0500)]
json-lexer: fix flushing logic to not always go to error state

Currently we flush the lexer by passing in a NULL character. This
generally forces the lexer to go to the corresponding TERMINAL() state
for whatever token type it is currently parsing, emits the token to the
parser, then puts the lexer back into IN_START state. However, since a
NULL character causes char_consumed to be 0, we always do a second pass
after this, which puts us in the IN_ERROR state. Fix this behavior by
adding a "flush" flag that tells the lexer not to do a more than 1
iteration.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agojson-lexer: reset the lexer state on an invalid token
Anthony Liguori [Wed, 1 Jun 2011 17:14:56 +0000 (12:14 -0500)]
json-lexer: reset the lexer state on an invalid token

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agojson-parser: detect premature EOI
Anthony Liguori [Wed, 1 Jun 2011 17:14:55 +0000 (12:14 -0500)]
json-parser: detect premature EOI

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agojson-streamer: make sure to reset token_size after emitting a token list
Anthony Liguori [Wed, 1 Jun 2011 17:14:54 +0000 (12:14 -0500)]
json-streamer: make sure to reset token_size after emitting a token list

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agojson-streamer: limit the maximum recursion depth and maximum token count
Anthony Liguori [Wed, 1 Jun 2011 17:14:53 +0000 (12:14 -0500)]
json-streamer: limit the maximum recursion depth and maximum token count

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agojson-lexer: limit the maximum size of a given token
Anthony Liguori [Wed, 1 Jun 2011 17:14:52 +0000 (12:14 -0500)]
json-lexer: limit the maximum size of a given token

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agojson-streamer: allow recovery after bad input
Anthony Liguori [Wed, 1 Jun 2011 17:14:51 +0000 (12:14 -0500)]
json-streamer: allow recovery after bad input

Once we detect a malformed message, make sure to reset our state.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agojson-parser: propagate error from parser
Anthony Liguori [Wed, 1 Jun 2011 17:14:50 +0000 (12:14 -0500)]
json-parser: propagate error from parser

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agoIntroduce the new error framework
Luiz Capitulino [Wed, 1 Jun 2011 17:14:49 +0000 (12:14 -0500)]
Introduce the new error framework

New error-handling framework that allows for exception-like error
propagation.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agoQError: Introduce qerror_format()
Luiz Capitulino [Wed, 1 Jun 2011 17:14:48 +0000 (12:14 -0500)]
QError: Introduce qerror_format()

Will be used by new error propagation framework to convert Error objects
into human-readable form.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agoQError: Introduce qerror_format_desc()
Luiz Capitulino [Wed, 1 Jun 2011 17:14:47 +0000 (12:14 -0500)]
QError: Introduce qerror_format_desc()

Refactor non-QError-specific bits out of qerror_human() into general
function that can be used by the error_get_pretty() analogue in the
new error-propagation framework.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agodocs: qdev-device-use.txt has become stale, update it
Markus Armbruster [Tue, 7 Jun 2011 08:34:31 +0000 (10:34 +0200)]
docs: qdev-device-use.txt has become stale, update it

Document more bus addresses.

Update for bugs fixed.

Describe where exactly the -drive options go.

Update for recent split of qdev ide-drive into ide-{cd,hd},
scsi-disk into scsi-{cd,hd}.

Document scsi-hd's removable property only for usb-storage, because
that's where it's used.

Fix description of -global isa.fdc.

Document usb-storage lossage.

Clean up misleading description of network device's split into guest
and host part.

Document -vga's machine dependence.

New qdevs: virtconsole, qxl-vga, isa-vga, intel-hda, usb-ccid

Update for changed pci-assign property iommu.

New section "Default Devices".

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agoisa-vga: Make available with -device, like the other VGA qdevs
Markus Armbruster [Tue, 7 Jun 2011 08:34:30 +0000 (10:34 +0200)]
isa-vga: Make available with -device, like the other VGA qdevs

Switch no_user off and make it suppress the default VGA.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agoFix regression introduced by -machine accel=
Anthony Liguori [Mon, 6 Jun 2011 13:25:06 +0000 (08:25 -0500)]
Fix regression introduced by -machine accel=

Commit 85097db6 changed the timing when kvm_allowed is set until after
kvm is initialized.  During initialization, the ioeventfd initialization code
checks kvm_enabled() and after this change, ioeventfd is effectively disabled.

This causes a significant regression in performance.

Fix this by setting kvm_allowed before calling init.

Reported-by: Khoa Huynh <khoa@us.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agotimer: drop HPET and RTC
Anthony Liguori [Tue, 31 May 2011 15:51:11 +0000 (10:51 -0500)]
timer: drop HPET and RTC

dynticks will provide equally good timer granularity on all modern Linux
systems.  This is more or less dead code these days.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
13 years agoscsi: fix tracing of scsi requests with simple backend
Paolo Bonzini [Fri, 3 Jun 2011 12:57:06 +0000 (14:57 +0200)]
scsi: fix tracing of scsi requests with simple backend

The simple backend only supports a maximum of 6 arguments.  Split the
scsi_req_parsed event in two parts to cope with the limit.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
13 years agoconfigure: check for -Wendif-labels support
Mike Frysinger [Tue, 17 May 2011 21:08:43 +0000 (17:08 -0400)]
configure: check for -Wendif-labels support

Older gcc compilers do not support -Wendif-labels, so move it from the
hardcoded list to the dynamically detected list.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
13 years agovirtio-9p: Remove statement without effect (fix warning from cppcheck)
Stefan Weil [Sat, 7 May 2011 20:23:49 +0000 (22:23 +0200)]
virtio-9p: Remove statement without effect (fix warning from cppcheck)

cppcheck report:
virtio-9p.c:197: warning: Redundant assignment of "flags" to itself

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Reviewed-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
13 years agoexec: Implement qemu_ram_free_from_ptr()
Alex Williamson [Tue, 3 May 2011 18:48:09 +0000 (12:48 -0600)]
exec: Implement qemu_ram_free_from_ptr()

Required for regions mapped via qemu_ram_alloc_from_ptr().  VFIO
and ivshmem will make use of this to remove mappings when devices
are hot unplugged.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
13 years agomultiboot: set boot_device to first partition
Arun Thomas [Thu, 28 Apr 2011 14:11:11 +0000 (16:11 +0200)]
multiboot: set boot_device to first partition

The multiboot info struct's 'boot_device' field has 'part1' set to 0x01, which
maps to the second primary partition. To specify the first primary partition,
'part1' should be set to 0x00, since partition numbers start from zero
according to the multiboot spec.

Signed-off-by: Arun Thomas <arun.thomas@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
13 years agotarget-arm: BKPT instructions should raise prefetch aborts with IFSR type 00010
Alex Zuepke [Fri, 3 Jun 2011 16:42:17 +0000 (18:42 +0200)]
target-arm: BKPT instructions should raise prefetch aborts with IFSR type 00010

Signed-off-by: Alex Zuepke <azuepke@sysgo.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
13 years agotcg: Fix unused-but-set-variable warning
Christophe Fergeau [Tue, 31 May 2011 07:53:48 +0000 (09:53 +0200)]
tcg: Fix unused-but-set-variable warning

Based on a patch from Hans de Goede <hdegoede@redhat.com>

This warning is new in gcc 4.6.

Acked-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
13 years agotcg: If DEBUG_TCGV, distinguish TCGv_ptr from TCGv_i32/TCGv_i64
Peter Maydell [Fri, 27 May 2011 12:12:13 +0000 (13:12 +0100)]
tcg: If DEBUG_TCGV, distinguish TCGv_ptr from TCGv_i32/TCGv_i64

When compiling with DEBUG_TCGV enabled, make the TCGv_ptr type distinct
from TCGv_i32/TCGv_i64. This means that using an i32 or i64 TCG op to
manipulate a TCGv_ptr will always be detected at compile time, rather
than only if compiling on a host system with the other word size.

NB: the tcg_add_ptr and tcg_sub_ptr macros have been removed as they
were not used anywhere.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
13 years agotcg/tcg-op.h: Fix prototypes for ld/st functions on 64 bit hosts
Peter Maydell [Fri, 27 May 2011 12:12:12 +0000 (13:12 +0100)]
tcg/tcg-op.h: Fix prototypes for ld/st functions on 64 bit hosts

The prototypes for the ld/st functions on a 64 bit host declared
the address parameter as a TCGv_i64 rather than a TCGv_ptr. This
worked OK (since the two are aliases), but needs to be fixed to
allow extension of TCG type debugging to i64/i32/ptr mismatches.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
13 years agoUse the correct header in the TCG MIPS code to find cacheflush() on OpenBSD.
Brad [Thu, 26 May 2011 03:06:00 +0000 (23:06 -0400)]
Use the correct header in the TCG MIPS code to find cacheflush() on OpenBSD.

Use the correct header in the TCG MIPS code to find cacheflush() on OpenBSD
to fix compilation of the MIPS host support for OpenBSD/mips64 based architecures.

Signed-off-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
13 years agotarget-arm: Fix compilation failure for 64 bit hosts
Peter Maydell [Thu, 26 May 2011 11:03:36 +0000 (12:03 +0100)]
target-arm: Fix compilation failure for 64 bit hosts

Use the correct _ptr aliases for manipulating the pointer to
the fp_status; this fixes a compilation failure on 64 bit hosts.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
13 years agoMerge branch 's390-next' of git://repo.or.cz/qemu/agraf
Aurelien Jarno [Fri, 3 Jun 2011 15:47:04 +0000 (17:47 +0200)]
Merge branch 's390-next' of git://repo.or.cz/qemu/agraf

* 's390-next' of git://repo.or.cz/qemu/agraf:
  s390x: implement lrvgr
  s390x: fix cksm instruction
  s390x: free tmp explicitly in every opcode for disas_a5()
  target-s390x: Add missing tcg_temp_free_i32()
  target-s390x: Add missing tcg_temp_free_i64() in disas_s390_insn(), opc == 0x90
  target-s390x: Add missing tcg_temp_free_i64() in disas_s390_insn(), opc == 0x8e
  target-s390x: Add missing tcg_temp_free_i64() in disas_b2()
  target-s390x: Add missing tcg_temp_free_i64() in do_mh()
  target-s390x: Add missing tcg_temp_free_i64() in gen_jcc()
  target-s390x: Fix duplicate call of tcg_temp_new_i64
  target-s390x: Fix wrong argument in call of tcg_gen_shl_i64()
  target-s390x: Fix build for non-linux hosts
  s390x: update zipl rom

13 years agoMerge branch 'ppc-next' of git://repo.or.cz/qemu/agraf
Aurelien Jarno [Fri, 3 Jun 2011 15:45:19 +0000 (17:45 +0200)]
Merge branch 'ppc-next' of git://repo.or.cz/qemu/agraf

* 'ppc-next' of git://repo.or.cz/qemu/agraf:
  PPC: fix mpc8544ds pci default devices
  Fix segfault on screendump with -nographic
  PPC: install mpc8544ds.dtb
  PPC: fix sregs usage on booke
  ppc: Fix compilation for ppc64-softmmu

13 years agosoftfloat: add float*_is_zero_or_denormal()
Aurelien Jarno [Sun, 15 May 2011 12:09:18 +0000 (14:09 +0200)]
softfloat: add float*_is_zero_or_denormal()

float*_is_zero_or_denormal() is available for float32, but not for
float64, floatx80 and float128. Fix that.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
13 years agotarget-i386: use floatx80 constants in helper_fld*_ST0()
Aurelien Jarno [Sun, 15 May 2011 12:09:18 +0000 (14:09 +0200)]
target-i386: use floatx80 constants in helper_fld*_ST0()

Instead of using a table which doesn't correspond to anything from
physical in the CPU, use directly the constants in helper_fld*_ST0().

Cc: Andreas Färber <andreas.faerber@web.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
13 years agosoftfloat: always enable floatx80 and float128 support
Aurelien Jarno [Sun, 15 May 2011 12:09:18 +0000 (14:09 +0200)]
softfloat: always enable floatx80 and float128 support

Now that softfloat-native is gone, there is no real point on not always
enabling floatx80 and float128 support.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
13 years agosoftfloat-native: remove
Aurelien Jarno [Sun, 15 May 2011 12:09:18 +0000 (14:09 +0200)]
softfloat-native: remove

Remove softfloat-native support, all targets are now using softfloat
instead.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
13 years agotarget-i386: remove old code handling float64
Aurelien Jarno [Sun, 15 May 2011 12:09:18 +0000 (14:09 +0200)]
target-i386: remove old code handling float64

Now that target-i386 uses softfloat, floatx80 is always available and
there is no need anymore to have code handling both float64 and floax80.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
13 years agotarget-mips/gdbstub: remove old CONFIG_SOFTFLOAT #ifndef
Aurelien Jarno [Sun, 15 May 2011 12:09:18 +0000 (14:09 +0200)]
target-mips/gdbstub: remove old CONFIG_SOFTFLOAT #ifndef

target-mips has been switched to softfloat only long ago, but
a #ifndef CONFIG_SOFTFLOAT has been forgotten. Remove it.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
13 years agotarget-ppc: remove old CONFIG_SOFTFLOAT #ifdef
Aurelien Jarno [Sun, 15 May 2011 12:09:18 +0000 (14:09 +0200)]
target-ppc: remove old CONFIG_SOFTFLOAT #ifdef

target-ppc has been switched to softfloat only long ago, but a
few #ifdef CONFIG_SOFTFLOAT have been forgotten. Remove them.

Cc: Alexander Graf <agraf@suse.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
13 years agos390x: implement lrvgr
Alexander Graf [Mon, 30 May 2011 10:09:12 +0000 (12:09 +0200)]
s390x: implement lrvgr

The LRVGR instruction was missing. Implement it, so everyone's happy.

Reported-by: Balazs Kutil <bkutil@novell.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agos390x: fix cksm instruction
Alexander Graf [Mon, 30 May 2011 08:49:45 +0000 (10:49 +0200)]
s390x: fix cksm instruction

The cksm instruction was implemented incorrectly, rendering UDP and TCP
checksum calculation wrong, making an emulated s390x Linux guest break
in most networking operations.

This patch fixes odd end checksum calculation, takes the input register
as input for the checksum and optimizes the overflow pieces by a bit.

Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agos390x: free tmp explicitly in every opcode for disas_a5()
Alexander Graf [Sat, 28 May 2011 00:12:33 +0000 (02:12 +0200)]
s390x: free tmp explicitly in every opcode for disas_a5()

The disas_a5() function provided a TCG tmp variable which was populated
by the respective opcode implementations, but freed at the end of the
function in generic code.

That makes it really hard for code review, so let's move the freeing
to the same scope as the actual allocation.

Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agotarget-s390x: Add missing tcg_temp_free_i32()
Stefan Weil [Fri, 27 May 2011 17:03:36 +0000 (19:03 +0200)]
target-s390x: Add missing tcg_temp_free_i32()

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agotarget-s390x: Add missing tcg_temp_free_i64() in disas_s390_insn(), opc == 0x90
Stefan Weil [Fri, 27 May 2011 17:03:31 +0000 (19:03 +0200)]
target-s390x: Add missing tcg_temp_free_i64() in disas_s390_insn(), opc == 0x90

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agotarget-s390x: Add missing tcg_temp_free_i64() in disas_s390_insn(), opc == 0x8e
Stefan Weil [Fri, 27 May 2011 17:03:30 +0000 (19:03 +0200)]
target-s390x: Add missing tcg_temp_free_i64() in disas_s390_insn(), opc == 0x8e

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agotarget-s390x: Add missing tcg_temp_free_i64() in disas_b2()
Stefan Weil [Fri, 27 May 2011 17:03:29 +0000 (19:03 +0200)]
target-s390x: Add missing tcg_temp_free_i64() in disas_b2()

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agotarget-s390x: Add missing tcg_temp_free_i64() in do_mh()
Stefan Weil [Fri, 27 May 2011 17:03:28 +0000 (19:03 +0200)]
target-s390x: Add missing tcg_temp_free_i64() in do_mh()

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agotarget-s390x: Add missing tcg_temp_free_i64() in gen_jcc()
Stefan Weil [Fri, 27 May 2011 17:03:27 +0000 (19:03 +0200)]
target-s390x: Add missing tcg_temp_free_i64() in gen_jcc()

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agotarget-s390x: Fix duplicate call of tcg_temp_new_i64
Stefan Weil [Fri, 27 May 2011 17:03:26 +0000 (19:03 +0200)]
target-s390x: Fix duplicate call of tcg_temp_new_i64

tmp2 = tcg_temp_new_i64() is already executed unconditionally,
so there is no need to call it a second time for 64 bit hosts.

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agotarget-s390x: Fix wrong argument in call of tcg_gen_shl_i64()
Stefan Weil [Fri, 27 May 2011 17:03:25 +0000 (19:03 +0200)]
target-s390x: Fix wrong argument in call of tcg_gen_shl_i64()

tcg_gen_shl_i64 needs a 3rd argument of type TCGv_i64.
Set tmp4 so it can be used here.

v2:
Don't call tcg_const_i64() inside of the loop
because it creates additional code.

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agotarget-s390x: Fix build for non-linux hosts
Stefan Weil [Tue, 24 May 2011 17:42:51 +0000 (19:42 +0200)]
target-s390x: Fix build for non-linux hosts

linux/kvm.h is not always available for compilation.

Neither linux/kvm.h nor kvm.h are needed, so remove both
which also fixes the build problem for non-linux hosts.

Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agos390x: update zipl rom
Alexander Graf [Tue, 24 May 2011 17:52:28 +0000 (19:52 +0200)]
s390x: update zipl rom

The zipl bootloader rom we have has seen some dramatic speedups upstream,
so let's update it to improve the experience when booting a guest image.

This binary is based on commit id 9a0842dd9823d529f721b418d554f17c72e009e3.

Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoPPC: fix mpc8544ds pci default devices
Alexander Graf [Fri, 27 May 2011 01:23:26 +0000 (03:23 +0200)]
PPC: fix mpc8544ds pci default devices

After the Qdev'ification of the MPC8544DS board and PCI bus, the internal
PCI bus name changed from "pci" to "pci.0". Reflect this change in the
search for that bus.

This patch enables networking on e500 guests again.

Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoFix segfault on screendump with -nographic
Alexander Graf [Thu, 26 May 2011 21:50:33 +0000 (23:50 +0200)]
Fix segfault on screendump with -nographic

When running -nographic and calling "screendump" on the monitor, qemu
segfaults. Fix the invalid pointer dereference by checking for NULL.

Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoPPC: install mpc8544ds.dtb
Alexander Graf [Wed, 25 May 2011 21:49:41 +0000 (23:49 +0200)]
PPC: install mpc8544ds.dtb

We don't install mpc8544ds.dtb, which means that -M mpc8544ds doesn't
work when installed. Fix it by installing the file.

Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoPPC: fix sregs usage on booke
Alexander Graf [Wed, 25 May 2011 13:04:42 +0000 (15:04 +0200)]
PPC: fix sregs usage on booke

When compiling qemu with kvm support on BookE PPC machines, I get
the following error:

  cc1: warnings being treated as errors
  /tmp/qemu/target-ppc/kvm.c: In function 'kvm_arch_get_registers':
  /tmp/qemu/target-ppc/kvm.c:188: error: unused variable 'sregs'

This is due to overly ambitious #ifdef'ery introduced in 90dc88.
Fix it by keeping code that doesn't depend on new headers alive
for the compiler, but never executed due to failing capability
checks.

CC: Scott Wood <scottwood@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoppc: Fix compilation for ppc64-softmmu
Stefan Weil [Fri, 20 May 2011 20:30:19 +0000 (22:30 +0200)]
ppc: Fix compilation for ppc64-softmmu

When QEMU was configured with --enable-debug-tcg,
compilation fails in spr_write_booke206_mmucsr0() and in
spr_write_booke_pid(). Similar changes are also needed
in conditional code which is normally unused.

Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
13 years agoaudio: fix integer overflow expression
Juha Riihim?ki [Tue, 31 May 2011 18:40:21 +0000 (19:40 +0100)]
audio: fix integer overflow expression

Fix an integer overflow that can happen for signed 32 bit types
when using FLOAT_MIXENG. (Note that at the moment this is only true
when using the MacOSX coreaudio audio driver.)

Signed-off-by: Juha Riihim?ki <juha.riihimaki@nokia.com>
[Peter Maydell: Removed unnecessary casts]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: malc <av1474@comtv.ru>
13 years agoMerge remote-tracking branch 'stefanha/trivial-patches' into staging
Anthony Liguori [Tue, 31 May 2011 13:23:11 +0000 (08:23 -0500)]
Merge remote-tracking branch 'stefanha/trivial-patches' into staging

13 years agoMerge remote-tracking branch 'amit/for-anthony' into staging
Anthony Liguori [Tue, 31 May 2011 13:22:03 +0000 (08:22 -0500)]
Merge remote-tracking branch 'amit/for-anthony' into staging

13 years agoMerge remote-tracking branch 'bonzini/scsi.2' into staging
Anthony Liguori [Tue, 31 May 2011 13:20:56 +0000 (08:20 -0500)]
Merge remote-tracking branch 'bonzini/scsi.2' into staging

Conflicts:
hw/usb-msd.c

13 years agoMerge remote-tracking branch 'kraxel/usb.14.pull' into staging
Anthony Liguori [Tue, 31 May 2011 13:17:15 +0000 (08:17 -0500)]
Merge remote-tracking branch 'kraxel/usb.14.pull' into staging

13 years agoFix spelling in comment (additon -> addition)
Stefan Weil [Sun, 22 May 2011 12:02:40 +0000 (14:02 +0200)]
Fix spelling in comment (additon -> addition)

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
13 years agopflash_cfi02: Fix a typo in debug code (TARGET_FMT_pld -> TARGET_FMT_plx)
Stefan Weil [Sun, 22 May 2011 12:02:39 +0000 (14:02 +0200)]
pflash_cfi02: Fix a typo in debug code (TARGET_FMT_pld -> TARGET_FMT_plx)

Thanks to Tobias Hoffmann <th55@gmx.de> for this patch.

Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
13 years agobitbang_i2c: Fix spurious slave read after NACK
Marcus Comstedt [Sat, 28 May 2011 14:55:52 +0000 (16:55 +0200)]
bitbang_i2c: Fix spurious slave read after NACK

After NACKing a read operation, a raising SCL should not trigger a new
read from the slave.  Introduce a new state which just waits for a stop
or start condition after NACK.

Signed-off-by: Marcus Comstedt <marcus@mc.pp.se>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
13 years agoMove user emulator stuff from cpu-exec.c to user-exec.c
Blue Swirl [Sun, 8 May 2011 11:22:38 +0000 (11:22 +0000)]
Move user emulator stuff from cpu-exec.c to user-exec.c

Simplify cpu-exec.c by refactoring.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
13 years agocpu-exec: prepare for user and softmmu split
Blue Swirl [Sat, 21 May 2011 08:42:35 +0000 (08:42 +0000)]
cpu-exec: prepare for user and softmmu split

There is little in common with user and softmmu versions of cpu_resume_signal(),
split them.

Fix coding style for the user emulator part.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
13 years agovirtio-console: Simplify init callbacks
Markus Armbruster [Wed, 25 May 2011 12:21:14 +0000 (14:21 +0200)]
virtio-console: Simplify init callbacks

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
13 years agovirtio-serial: Drop redundant VirtIOSerialPort member info
Markus Armbruster [Wed, 25 May 2011 12:21:13 +0000 (14:21 +0200)]
virtio-serial: Drop redundant VirtIOSerialPort member info

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
13 years agovirtio-serial: Drop useless property is_console
Markus Armbruster [Wed, 25 May 2011 12:21:12 +0000 (14:21 +0200)]
virtio-serial: Drop useless property is_console

All you could ever achieve with it is break stuff, so removing it
should be safe.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
13 years agovirtio-serial: Clean up virtconsole detection
Markus Armbruster [Wed, 25 May 2011 12:21:11 +0000 (14:21 +0200)]
virtio-serial: Clean up virtconsole detection

virtio-serial-bus needs to treat "virtconsole" devices specially.  It
uses VirtIOSerialPort member is_console to recognize them.  It gets
its value via property initialization.  Cute hack, except it lets
users mess with it: "-device virtconsole,is_console=0" isn't plugged
into port 0 as it should.

Move the flag to VirtIOSerialPortInfo.  Keep the property for backward
compatibility; its value has no effect.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
13 years agovirtio-serial: Plug memory leak on qdev exit()
Markus Armbruster [Wed, 25 May 2011 12:21:10 +0000 (14:21 +0200)]
virtio-serial: Plug memory leak on qdev exit()

virtio_serial_init() allocates the VirtIOSerialBus dynamically, but
virtio_serial_exit() doesn't free it.

Fix by getting rid of the allocation.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
13 years agovirtio-serial-bus: use bh for unthrottling
Alon Levy [Fri, 29 Apr 2011 11:25:06 +0000 (14:25 +0300)]
virtio-serial-bus: use bh for unthrottling

Instead of calling flush_queued_data when unthrottling, schedule
a bh. That way we can return immediately to the caller, and the
flush uses the same call path as a have_data for callbackee.

No migration change is required because bh are called from vm_stop.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
13 years agoscsi: ignore LUN field in the CDB
Paolo Bonzini [Thu, 19 May 2011 14:47:28 +0000 (16:47 +0200)]
scsi: ignore LUN field in the CDB

The LUN field in the CDB is a historical relic.  Ignore it as reserved,
which is what modern SCSI specifications actually say.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
13 years agoscsi: rename arguments to the new callbacks
Paolo Bonzini [Fri, 20 May 2011 18:18:07 +0000 (20:18 +0200)]
scsi: rename arguments to the new callbacks

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
13 years agoscsi: split command_complete callback in two
Paolo Bonzini [Fri, 22 Apr 2011 10:27:30 +0000 (12:27 +0200)]
scsi: split command_complete callback in two

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
13 years agoesp: rename sense to status
Paolo Bonzini [Fri, 20 May 2011 18:10:02 +0000 (20:10 +0200)]
esp: rename sense to status

This mirrors the LSI patch that was recently committed.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
13 years agoscsi-generic: Handle queue full
Paolo Bonzini [Mon, 18 Apr 2011 12:29:16 +0000 (14:29 +0200)]
scsi-generic: Handle queue full

The sg driver currently has a hardcoded limit of commands it
can handle simultaneously. When this limit is reached the
driver will return -EDOM. So we need to capture this to
enable proper return values here.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
13 years agoscsi: make write_data return void
Paolo Bonzini [Fri, 22 Apr 2011 07:39:16 +0000 (09:39 +0200)]
scsi: make write_data return void

The return value is unused anyway.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
13 years agoscsi-disk: add data direction checking
Hannes Reinecke [Mon, 18 Apr 2011 10:57:22 +0000 (12:57 +0200)]
scsi-disk: add data direction checking

scsi_req_parse() already provides for a data direction setting,
so we should be using it to check for correct direction.
And we should return the sense code 'INVALID FIELD IN CDB'
in these cases.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
13 years agoscsi: Implement 'get_sense' callback
Hannes Reinecke [Mon, 18 Apr 2011 11:36:02 +0000 (13:36 +0200)]
scsi: Implement 'get_sense' callback

The get_sense callback copies existing sense information into
the provided buffer. This is required if sense information
should be transferred together with the command response.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
13 years agoscsi: introduce scsi_req_get_buf
Paolo Bonzini [Thu, 21 Apr 2011 11:21:02 +0000 (13:21 +0200)]
scsi: introduce scsi_req_get_buf

... and remove some SCSIDevice variables or fields that now become unused.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
13 years agoscsi: introduce scsi_req_continue
Paolo Bonzini [Mon, 18 Apr 2011 13:28:11 +0000 (15:28 +0200)]
scsi: introduce scsi_req_continue

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
13 years agoscsi: introduce scsi_req_new
Paolo Bonzini [Mon, 18 Apr 2011 17:09:55 +0000 (19:09 +0200)]
scsi: introduce scsi_req_new

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
13 years agoscsi: do not call send_command directly
Paolo Bonzini [Mon, 18 Apr 2011 17:07:23 +0000 (19:07 +0200)]
scsi: do not call send_command directly

Move the common part of scsi-disk.c and scsi-generic.c to the SCSI layer.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
13 years agoscsi: Update sense code handling
Hannes Reinecke [Mon, 18 Apr 2011 10:53:14 +0000 (12:53 +0200)]
scsi: Update sense code handling

The SCSI spec has a quite detailed list of sense codes available.
It even mandates the use of specific ones for some failure cases.
The current implementation just has one type of generic error
which is actually a violation of the spec in certain cases.
This patch introduces various predefined sense codes to have the
sense code reporting more in line with the spec.

On top of Hannes's patch I fixed the reply to REQUEST SENSE commands
with DESC=0 and a small (<18) length.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
13 years agoscsi: use scsi_req_complete
Paolo Bonzini [Mon, 18 Apr 2011 15:06:17 +0000 (17:06 +0200)]
scsi: use scsi_req_complete

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
13 years agoscsi: introduce scsi_req_cancel
Paolo Bonzini [Mon, 18 Apr 2011 20:53:08 +0000 (22:53 +0200)]
scsi: introduce scsi_req_cancel

This is for when the request must be dropped in the void,
but still memory should be freed.  To this end, the devices
register a second callback in SCSIBusOps.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
13 years agoscsi: introduce scsi_req_abort
Paolo Bonzini [Mon, 18 Apr 2011 15:14:51 +0000 (17:14 +0200)]
scsi: introduce scsi_req_abort

This covers the case of canceling a request's I/O and still
completing it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
13 years agoscsi: commonize purging requests
Paolo Bonzini [Mon, 18 Apr 2011 16:47:12 +0000 (18:47 +0200)]
scsi: commonize purging requests

The code for canceling requests upon reset is already the same.  Clean
it up and move it to scsi-bus.c.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
13 years agoscsi: Use 'SCSIRequest' directly
Hannes Reinecke [Mon, 18 Apr 2011 10:35:39 +0000 (12:35 +0200)]
scsi: Use 'SCSIRequest' directly

Currently the SCSIRequest structure is abstracted away and cannot accessed
directly from the driver. This requires the handler to do a lookup on
an abstract 'tag' which identifies the SCSIRequest structure.

With this patch the SCSIRequest structure is exposed to the driver. This
allows use to use it directly as an argument to the SCSIDeviceInfo
callback functions and remove the lookup.

A new callback function 'alloc_req' is introduced matching 'free
req'; unref'ing to free up resources after use is moved into the
scsi_command_complete callbacks.

This temporarily introduces a leak of requests that are cancelled,
when they are removed from the queue and not from the driver.  This
is fixed later by introducing scsi_req_cancel.  That patch in turn
depends on this one, because the argument to scsi_req_cancel is a
SCSIRequest.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
13 years agolsi: extract lsi_find_by_tag
Paolo Bonzini [Mon, 18 Apr 2011 10:01:45 +0000 (12:01 +0200)]
lsi: extract lsi_find_by_tag

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
13 years agoscsi: reference-count requests
Paolo Bonzini [Mon, 18 Apr 2011 14:01:56 +0000 (16:01 +0200)]
scsi: reference-count requests

With the next patch, a device may hold SCSIRequest for an indefinite
time.  Split a rather big patch, and protect against access errors,
by reference counting them.

There is some ugliness in scsi_send_command implementation due to
the need to unref the request when it fails.  This will go away
with the next patches, which move the unref'ing to the devices.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
13 years agoscsi-generic: do not use a stale aiocb
Paolo Bonzini [Wed, 25 May 2011 14:53:46 +0000 (16:53 +0200)]
scsi-generic: do not use a stale aiocb

If a request is canceled after it has been completed, scsi_cancel_io
would pass a stale aiocb to bdrv_aio_cancel.  Avoid this.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
13 years agoscsi: introduce SCSIBusOps
Paolo Bonzini [Mon, 18 Apr 2011 15:11:14 +0000 (17:11 +0200)]
scsi: introduce SCSIBusOps

There are more operations than a SCSI bus can handle, besides completing
commands.  One example, which this series will introduce, is cleaning up
after a request is cancelled.

More long term, a "SCSI bus" can represent the LUNs attached to a
target; in this case, while all commands will ultimately reach a logical
unit, it is the target who is in charge of answering REPORT LUNs.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
13 years agoscsi: introduce scsi_req_data
Paolo Bonzini [Mon, 18 Apr 2011 12:59:13 +0000 (14:59 +0200)]
scsi: introduce scsi_req_data

This abstracts calling the command_complete callback, reducing churn
in the following patches.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
13 years agoscsi-generic: Remove bogus double complete
Paolo Bonzini [Tue, 3 May 2011 12:15:59 +0000 (14:15 +0200)]
scsi-generic: Remove bogus double complete

scsi-generic scsi_read_complete() should not -both- call the client
complete callback with SCSI_REASON_DATA -and- call
scsi_command_complete().  The former will cause the client to queue a
new read or write request, while the later will free the request data
structure, thus causing the new read or write request to use a
freed/stale structure when it completes.

This patch fixes the bug, fixing a crash with scsi-generic & RHEL5.5
installer.

Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>