review.tizen.org Git - sdk/emulator/qemu.git/log

Merge branch 'xtensa' of git://jcmvbkbc.spb.ru/dumb/qemu-xtensa

* 'xtensa' of git://jcmvbkbc.spb.ru/dumb/qemu-xtensa:
  target-xtensa: add breakpoint tests
  target-xtensa: add DEBUG_SECTION to overlay tool
  target-xtensa: add DBREAK data breakpoints
  exec: let cpu_watchpoint_insert accept larger watchpoints
  exec: fix check_watchpoint exiting cpu_loop
  exec: add missing breaks to the watch_mem_write
  target-xtensa: add ICOUNT SR and debug exception
  target-xtensa: implement instruction breakpoints
  target-xtensa: add DEBUGCAUSE SR and configuration
  target-xtensa: fetch 3rd opcode byte only when needed
  target-xtensa: implement info tlb monitor command
  target-xtensa: define TLB_TEMPLATE for MMU-less cores

Merge remote-tracking branch 'qemu-kvm/memory/urgent' into staging

* qemu-kvm/memory/urgent:
kvm: fix unaligned slots

Merge remote-tracking branch 'qemu-kvm/memory/core' into staging

* qemu-kvm/memory/core: (30 commits)
  memory: allow phys_map tree paths to terminate early
  memory: unify PhysPageEntry::node and ::leaf
  memory: change phys_page_set() to set multiple pages
  memory: switch phys_page_set() to a recursive implementation
  memory: replace phys_page_find_alloc() with phys_page_set()
  memory: simplify multipage/subpage registration
  memory: give phys_page_find() its own tree search loop
  memory: make phys_page_find() return a MemoryRegionSection
  memory: move tlb flush to MemoryListener commit callback
  memory: unify the two branches of cpu_register_physical_memory_log()
  memory: fix RAM subpages in newly initialized pages
  memory: compress phys_map node pointers to 16 bits
  memory: store MemoryRegionSection pointers in phys_map
  memory: unify phys_map last level with intermediate levels
  memory: remove first level of l1_phys_map
  memory: change memory registration to rebuild the memory map on each change
  memory: support stateless memory listeners
  memory: split memory listener for the two address spaces
  xen: ignore I/O memory regions
  memory: allow MemoryListeners to observe a specific address space
  ...

Merge remote-tracking branch 'qemu-kvm/uq/master' into staging

* qemu-kvm/uq/master:
  pc-bios: update kvmvapic.bin
  kvmvapic: Use optionrom helpers
  optionsrom: Reserve space for checksum
  kvmvapic: Simplify mp/up_set_tpr
  kvmvapic: Introduce TPR access optimization for Windows guests
  kvmvapic: Add option ROM
  target-i386: Add infrastructure for reporting TPR MMIO accesses
  Allow to use pause_all_vcpus from VCPU context
  Process pending work while waiting for initial kick-off in TCG mode
  Remove useless casts from cpu iterators
  kvm: Set cpu_single_env only once
  kvm: Synchronize cpu state in kvm_arch_stop_on_emulation_error()

kvm: fix unaligned slots

kvm_set_phys_mem() may be passed sections that are not aligned to a page
boundary. The current code simply brute-forces the alignment which leads
to an inconsistency and an abort().

Fix by aligning the start and the end of the section correctly, discarding
and unaligned head or tail.

This was triggered by a guest sizing a 64-bit BAR that is smaller than a page
with PCI_COMMAND_MEMORY enabled and the upper dword clear.

Signed-off-by: Avi Kivity <avi@redhat.com>

pc-bios: update kvmvapic.bin

Signed-off-by: Avi Kivity <avi@redhat.com>

Merge remote-tracking branch 'kwolf/for-anthony' into staging

* kwolf/for-anthony: (27 commits)
  qemu-img: fix segment fault when the image format is qed
  qemu-io: fix segment fault when the image format is qed
  qemu-tool: revert cpu_get_clock() abort(3)
  qemu-iotests: Test rebase with short backing file
  qemu-iotests: 026: Reduce output changes for cache=none qcow2
  qemu-iotests: Filter out DOS line endings
  test: add image streaming tests
  qemu-iotests: add iotests Python module
  qemu-iotests: export TEST_DIR for non-bash tests
  QMP: Add qmp command for blockdev-group-snapshot-sync
  qapi: Introduce blockdev-group-snapshot-sync command
  qcow2: Reject too large header extensions
  qcow2: Fix offset in qcow2_read_extensions
  block: drop aio_multiwrite in BlockDriver
  block: remove unused fields in BlockDriverState
  qcow2: Fix build with DEBUG_EXT enabled
  ide: fail I/O to empty disk
  fdc: DIR (Digital Input Register) should return status of current drive...
  fdc: fix seek command, which shouldn't check tracks
  fdc: check if media rate is correct before doing any transfer
  ...

Merge remote-tracking branch 'spice/spice.v49' into staging

* spice/spice.v49:
  qxl: properly handle upright and non-shared surfaces
  Error out when tls-channel option is used without TLS
  spice: use error_report to report errors
  qxl: add optinal 64bit vram bar
  qxl: make qxl_render_update async
  qxl: introduce QXLCookie
  qxl: remove flipped
  qxl: require spice >= 0.8.2
  qxl: drop qxl_spice_update_area_async definition
  sdl: remove NULL check, g_malloc0 can't fail
  qxl: fix spice+sdl no cursor regression

Merge remote-tracking branch 'kraxel/usb.39' into staging

* kraxel/usb.39: (21 commits)
  usb: Resolve warnings about unassigned bus on usb device creation
  usb-redir: Return USB_RET_NAK when we've no data for an interrupt endpoint
  usb-redir: Limit return values returned by iso packets
  usb-redir: Let the usb-host know about our device filtering
  usb-redir: Always clear device state on filter reject
  usb-redir: Fix printing of device version
  ehci: drop old stuff
  usb-ehci: Handle ISO packets failing with an error other then NAK
  libcacard: fix reported ATR length
  usb-ccid: advertise SELF_POWERED
  libcacard: link with glib for g_strndup
  usb-desc: fix user trigerrable segfaults (!config)
  usb-ehci: sanity-check iso xfers
  usb: add tracepoint for usb packet state changes.
  usb-xhci: enable packet queuing
  usb-uhci: implement packet queuing
  usb-uhci: process uhci_handle_td return code via switch.
  usb-uhci: add UHCIQueue
  usb-uhci: cleanup UHCIAsync allocation & initialization.
  usb-ehci: fix reset
  ...

qemu-img: fix segment fault when the image format is qed

[root@f15 qemu]# qemu-img info /home/zwu/work/misc/rh6.img
image: /home/zwu/work/misc/rh6.img
file format: qed
virtual size: 4.0G (4294967296 bytes)
disk size: 1.2G
cluster_size: 65536
Segmentation fault (core dumped)

Today when i were fixing another issue, i found this issue; After simple
investigation, i found that the required clock vm_clock is not created
for qemu tool.

Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qemu-io: fix segment fault when the image format is qed

[root@f15 qemu]# qemu-io -c info /home/zwu/work/misc/rh6.img
format name: qed
cluster size: 64 KiB
vm state offset: 0.000000 bytes
Segmentation fault (core dumped)

This reason is same as the former patch

Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qemu-tool: revert cpu_get_clock() abort(3)

Despite the fact that the qemu-tool environment has no guest running and
vm_clock therefore does not make sense, there is code that gets the
vm_clock time even in qemu-tool. Therefore, revert the abort(3) call
and just return 0 like we used to. This unbreaks qemu-img/qemu-io with
QED and Kevin has also expressed interest in this for qcow2.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qemu-iotests: Test rebase with short backing file

This tests that qemu-img rebase doesn't assume that the backing file has
the same size as the image, but considers that it can be smaller.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

qemu-iotests: 026: Reduce output changes for cache=none qcow2

qemu-iotests supports the -nocache option which makes the tests run with
cache=none. For blkdebug tests with qcow2 this means that we may see
test results that differ from cache=writethrough. This patch makes the
diff a bit smaller and therefore easier to review.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

qemu-iotests: Filter out DOS line endings

This one makes it possible to run qemu-iotests on a Windows build using Wine
and get somewhat meaningful results.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

test: add image streaming tests

This patch adds a test suite for the image streaming feature. It
exercises the 'block_stream', 'block_job_cancel', 'block_job_set_speed',
and 'query-block-jobs' QMP commands.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qemu-iotests: add iotests Python module

Block layer tests that involve QMP commands rather than qemu-img or
qemu-io are not well-suited for shell scripting.  This patch adds a
Python module which allows tests to be written in Python instead.

The basic API is:

  VM          - class for launching and interacting with a VM
  QMPTestCase - abstract base class for tests that use QMP
  qemu_img()  - wrapper function for invoking qemu-img
  qemu_io()   - wrapper function for invoking qemu-io
  imgfmt      - the image format under test (e.g. qcow2, qed)
  test_dir    - scratch directory path for temporary files
  main()      - entry point for running tests

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qemu-iotests: export TEST_DIR for non-bash tests

Since qemu-iotests may need to create large image files it is possible
to specify the test directory. The TEST_DIR variable needs to be
exported so non-bash tests can make use of it.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

QMP: Add qmp command for blockdev-group-snapshot-sync

This adds the QMP command for blockdev-group-snapshot-sync. It
takes an array in as the input, for the argument devlist.  The
array consists of the following elements:

    + device:        device to snapshot. e.g. "ide-hd0", "virtio0"
    + snapshot-file: path & file for the snapshot image. e.g. "/tmp/file.img"
    + format:        snapshot format. e.g., "qcow2". Optional

There is no HMP equivalent for the command.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Acked-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qapi: Introduce blockdev-group-snapshot-sync command

This is a QAPI/QMP only command to take a snapshot of a group of
devices. This is similar to the blockdev-snapshot-sync command, except
blockdev-group-snapshot-sync accepts a list devices, filenames, and
formats.

It is attempted to keep the snapshot of the group atomic; if the
creation or open of any of the new snapshots fails, then all of
the new snapshots are abandoned, and the name of the snapshot image
that failed is returned. The failure case should not interrupt
any operations.

Rather than use bdrv_close() along with a subsequent bdrv_open() to
perform the pivot, the original image is never closed and the new
image is placed 'in front' of the original image via manipulation
of the BlockDriverState fields. Thus, once the new snapshot image
has been successfully created, there are no more failure points
before pivoting to the new snapshot.

This allows the group of disks to remain consistent with each other,
even across snapshot failures.

Signed-off-by: Jeff Cody <jcody@redhat.com>
Acked-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qcow2: Reject too large header extensions

Image files that make qemu-img info read several gigabytes into the
unknown header extensions list are bad. Just fail opening the image
if an extension claims to be larger than the header extension area.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

qcow2: Fix offset in qcow2_read_extensions

The spec says that the length of extensions is padded to 8 bytes, not
the offset. Currently this is the same because the header size is a
multiple of 8, so this is only about compatibility with future changes
to the header size.

While touching it, move the calculation to a common place instead of
duplicating it for each header extension type.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

block: drop aio_multiwrite in BlockDriver

These were never used.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

block: remove unused fields in BlockDriverState

sync_aiocb is unused since commit ce1a14d (Dynamically allocate AIO
Completion Blocks., 2006-08-07).

private is unused since commit 56a1493 (drive cleanup fixes., 2009-09-25).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qcow2: Fix build with DEBUG_EXT enabled

Signed-off-by: Kevin Wolf <kwolf@redhat.com>

ide: fail I/O to empty disk

Requesting a read or a write operation on an empty disk can lead
to QEMU dumping core.

Also fix a few braces here and there.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

fdc: DIR (Digital Input Register) should return status of current drive...

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

fdc: fix seek command, which shouldn't check tracks

The seek command just sends step pulses to the drive and doesn't care if
there is a medium inserted of if it is banging the head against the drive.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

fdc: check if media rate is correct before doing any transfer

The programmed rate has to be the same as the required rate for the
floppy format ; if that's not the case, the transfer should abort.
This check can be disabled by using the 'check_media_rate' property.

Save media rate value only if media rate check is enabled.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

fdc: add a 'check media rate' property. Not used yet

Set it to true for current Qemu versions, and false for previous ones

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

block: add a transfer rate for floppy types

Floppies must be read at a specific transfer rate, depending of its own format.
Update floppy description table to include required transfer rate.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

fdc: add CCR (Configuration Control Register) write register

DIR and CCR registers share the same address ; DIR is read-only
while CCR is write-only

CCR register is used to change media transfer rate, which will be
checked in following changes.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

fdc: handle read-only floppies (abort early on write commands)

A real floppy doesn't attempt to write to read-only media either.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

fdc: most control commands do not generate interrupts

In fact, only three control commands generate an interrupt:
read_id, recalibrate and seek

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

fdc: set busy bit when starting a command

This bit must be active while a command is currently executed.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

fdc: take side count into account

Floppies can be simple or double-sided. However, current code
was only taking the common case into account (ie 2 sides).

This repairs single-sided floppies, which where totally broken
before this patch : for track > 0, wrong sector number was
calculated, and data was read/written at wrong place on
underlying device.

Fortunately, only some 360 kB floppies are single-sided, so
this bug was probably not seen much.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

memory: allow phys_map tree paths to terminate early

When storing large contiguous ranges in phys_map, all values tend to
be the same pointers to a single MemoryRegionSection. Collapse them
by marking nodes with level > 0 as leaves. This reduces tree memory
usage dramatically.

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: unify PhysPageEntry::node and ::leaf

They have the same type, unify them.

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: change phys_page_set() to set multiple pages

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: switch phys_page_set() to a recursive implementation

Setting multiple pages at once requires backtracking to previous
nodes; easiest to achieve via recursion.

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: replace phys_page_find_alloc() with phys_page_set()

By giving the function the value we want to set, we make it
more flexible for the next patch.

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: simplify multipage/subpage registration

Instead of considering subpage on a per-page basis, split each section
into a subpage head, multipage body, and subpage tail, and register
each separately. This simplifies the registration functions.

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: give phys_page_find() its own tree search loop

We'll change phys_page_find_alloc() soon, but phys_page_find()
doesn't need to bear the consequences.

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: make phys_page_find() return a MemoryRegionSection

We no longer describe memory in terms of individual pages; use sections
throughout instead.

PhysPageDesc no longer used - remove.

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: move tlb flush to MemoryListener commit callback

This way, if we have several changes in a single transaction, we flush just
once.

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: unify the two branches of cpu_register_physical_memory_log()

Identical except that the second branch knows its not modifying an existing
subpage.

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: fix RAM subpages in newly initialized pages

If the first subpage installed in a page is RAM, then we install it as
a full page, instead of a subpage. Fix by not special casing RAM.

The issue dates to commit db7b5426a4b4242, which introduced subpages.

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: compress phys_map node pointers to 16 bits

Use an expanding vector to store nodes. Allocation is baroque to g_renew()
potentially invalidating pointers; this will be addressed later.

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: store MemoryRegionSection pointers in phys_map

Instead of storing PhysPageDesc, store pointers to MemoryRegionSections.
The various offsets (phys_offset & ~TARGET_PAGE_MASK,
PHYS_OFFSET & TARGET_PAGE_MASK, region_offset) can all be synthesized
from the information in a MemoryRegionSection. Adjust phys_page_find()
to synthesize a PhysPageDesc.

The upshot is that phys_map now contains uniform values, so it's easier
to generate and compress.

The end result is somewhat clumsy but this will be improved as we we
propagate MemoryRegionSections throughout the code instead of transforming
them to PhysPageDesc.

The MemoryRegionSection pointers are stored as uint16_t offsets in an
array. This saves space (when we also compress node pointers) and is
more cache friendly.

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: unify phys_map last level with intermediate levels

This lays the groundwork for storing leaf data in intermediate levels,
saving space.

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: remove first level of l1_phys_map

L1 and the lower levels in l1_phys_map are equivalent, except that L1 has
a different size, and is always allocated. Simplify the code by removing
L1. This leaves us with a tree composed solely of L2 tables, but that
problem can be renamed away later.

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: change memory registration to rebuild the memory map on each change

Instead of incrementally building the memory map, rebuild it every time.
This allows later simplification, since the code need not consider overlaying
a previous mapping. It is also RCU friendly.

With large memory guests this can get expensive, since the operation is
O(mem size), but this will be optimized later.

As a side effect subpage and L2 leaks are fixed here.

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: support stateless memory listeners

Current memory listeners are incremental; that is, they are expected to
maintain their own state, and receive callbacks for changes to that state.

This patch adds support for stateless listeners; these work by receiving
a ->begin() callback (which tells them that new state is coming), a
sequence of ->region_add() and ->region_nop() callbacks, and then a
->commit() callback which signifies the end of the new state. They should
ignore ->region_del() callbacks.

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: split memory listener for the two address spaces

The memory and I/O address spaces do different things, so split them into
two memory listeners.

Signed-off-by: Avi Kivity <avi@redhat.com>

xen: ignore I/O memory regions

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: allow MemoryListeners to observe a specific address space

Ignore any regions not belonging to a specified address space.

Signed-off-by: Avi Kivity <avi@redhat.com>

memory: drop AddressSpaceOps

All functionality has been moved to various MemoryListeners.

Signed-off-by: Avi Kivity <avi@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>

memory: use a MemoryListener for core memory map updates too

This transforms memory.c into a library which can then be unit tested
easily, by feeding it inputs and listening to its outputs.

Signed-off-by: Avi Kivity <avi@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>

memory: don't pass ->readable attribute to cpu_register_physical_memory_log

It can be derived from the MemoryRegion itself (which is why it is not
used there).

Signed-off-by: Avi Kivity <avi@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>

memory: add a readonly attribute to MemoryRegionSection

.readonly cannot be obtained from the MemoryRegion, since it is
inherited from aliases (so you can have a MemoryRegion mapped RW
at one address and RO at another). Record it in a MemoryRegionSection
for listeners.

Signed-off-by: Avi Kivity <avi@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>

memory: move ioeventfd ops to MemoryListener

This way the accelerator (kvm) can handle them directly.

Signed-off-by: Avi Kivity <avi@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>

memory: code motion: move MEMORY_LISTENER_CALL()

So it can be used in earlier code.

Signed-off-by: Avi Kivity <avi@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>

memory: switch memory listeners to a QTAILQ

This allows reverse iteration, which in turns allows consistent ordering
among multiple listeners:

  l1->add
  l2->add
  l2->del
  l1->del

Signed-off-by: Avi Kivity <avi@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>

memory: add shorthand for invoking a callback on all listeners

Signed-off-by: Avi Kivity <avi@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>

memory: remove memory_region_set_offset()

memory_region_set_offset() complicates the API, and has been deprecated
since its introduction. Now that it is no longer used, remove it.

Signed-off-by: Avi Kivity <avi@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>

ioport: change portio_list not to use memory_region_set_offset()

memory_region_set_offset() will be going away soon, so don't use it.
Use an alias instead.

Signed-off-by: Avi Kivity <avi@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>

qxl: properly handle upright and non-shared surfaces

Although qxl creates a shared displaysurface when the qxl surface is
upright and doesn't need to be flipped there is no guarantee that the
surface doesn't become unshared for some reason. Rename qxl_flip to
qxl_blit and fix it to handle both flip and non-flip cases.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Error out when tls-channel option is used without TLS

It's currently possible to setup spice channels using TLS when
no TLS port has been specified (ie TLS is disabled). This cannot
work, so better to error out in such a situation.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

spice: use error_report to report errors

Error message reporting during spice startup wasn't consistent, it was done
with fprintf(stderr, "") but sometimes the message didn't have a trailing
\n. Using error_report make the intent of the message clearer and deal
with the final \n for us.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

qxl: add optinal 64bit vram bar

This patch adds an 64bit pci bar for vram.  It is turned off by default.
It can be enabled by setting the size of the 64bit bar to be larger than
the 32bit bar.  Both 32bit and 64bit bar refer to the same memory.  Only
the first part of the memory is available via 32bit bar.

The intention is to allow large vram sizes for 64bit guests, by allowing
the vram bar being mapped above 4G, so we don't have to squeeze it into
the pci I/O window below 4G.

With vram_size_mb=16 and vram64_size_mb=256 it looks like this:

00:02.0 VGA compatible controller: Red Hat, Inc. Device 0100 (rev 02) (prog-if 00 [VGA controller])
        Subsystem: Red Hat, Inc Device 1100
        Physical Slot: 2
        Flags: fast devsel, IRQ 10
        Memory at f8000000 (32-bit, non-prefetchable) [size=64M]
        Memory at fc000000 (32-bit, non-prefetchable) [size=16M]
        Memory at fd020000 (32-bit, non-prefetchable) [size=8K]
        I/O ports at c5a0 [size=32]
        Memory at ffe0000000 (64-bit, prefetchable) [size=256M]
        Expansion ROM at fd000000 [disabled] [size=64K]

[ mapping above 4G needs patched seabios:
  http://www.kraxel.org/cgit/seabios/commit/?h=pci64 ]

Merge remote-tracking branch 'aneesh/for-upstream' into staging

* aneesh/for-upstream:
hw/9pfs: Endian fixes for virtfs
./configure: add option for disabling VirtFS

usb: Resolve warnings about unassigned bus on usb device creation

When creating an USB device the old way, there is no way to specify the
target bus. Thus the warning issued by usb_create makes no sense and
rather confuses our users.

Resolve this by passing a bus reference to the usbdevice_init handler
and letting those handlers forward it to usb_create.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

slirp: Fix assertion failure on rejected DHCP requests

The guest network stack might DHCPREQUEST an address that the slirp built
in dhcp server can't let it have - for example if the guest has an old
leases file from another network configuration.  In this case the dhcp
server should and does reject the request and prepares to send a DHCPNAK
to the client.

However, in this case the daddr variable in bootp_reply() is set to
0.0.0.0.  Shortly afterwards, it unconditionally attempts to pre-insert the
new client address into the ARP table.  This causes an assertion failure in
arp_address_add() because of the 0.0.0.0 address.

According to RFC2131, DHCPNAK messages for clients on the same subnet
must be sent to the broadcast address (S3.2, subpoint 2).

Cc: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

slirp: Refactor if_start

Replace gotos with a while loop, fix coding style.

CC: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
CC: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

slirp: Fix requeuing of batchq packets in if_start

In case we requeued a packet that was the head of a longer session
queue, we failed to restore this ordering. Also, we did not properly
deal with changes to Slirp::next_m.

Instead of a cumbersome roll back, this fix simply avoids any changes
until we know if the packet was actually sent. Both fixes crashes due
to inconsistent queues and simplifies the logic.

Thanks to Zhi Yong Wu who found the reason for these crashes.

CC: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
CC: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

slirp: Clean up ifs_init

Remove duplicate ifs_init macros, reimplement the logic as static inline
in mbuf.h.

CC: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
CC: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

usb-redir: Return USB_RET_NAK when we've no data for an interrupt endpoint

We should return USB_RET_NAK, rather then a 0 sized packet, when we've no data
for an interrupt IN endpoint.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-redir: Limit return values returned by iso packets

The usbredir protocol uses a status of usb_redir_stall to indicate that
an iso data stream has stopped (ie because the urbs failed on resubmit),
but iso packets should never return a result of USB_RET_STALL, since iso
endpoints cannot stall. So instead simply always return USB_RET_NAK on
iso stream errors.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-redir: Let the usb-host know about our device filtering

libusbredirparser-0.3.4 adds 2 new packets which allows us to notify
the usb-host:
-about the usb device filter we have (if any), so that it knows not the even
try to redirect certain devices
-when we reject a device based on filtering (in case it tries anyways)

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-redir: Always clear device state on filter reject

Always call usbredir_device_disconnect() when usbredir_check_filter() fails
to clean up all the device state (ie received endpoint info).

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-redir: Fix printing of device version

The device version is in bcd format, which requires some special handling to
print.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

ehci: drop old stuff

Drop the "ehci under development" banner.
Drop unused & inactive (#if 0) code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-ehci: Handle ISO packets failing with an error other then NAK

Before this patch the ehci code was not checking for any other errors other
then USB_RET_NAK. This causes 2 problems:
1) Other errors are not reported to the guest.
2) When transactions with the ITD_XACT_IOC bit set completing with another
error would not result in USBSTS_INT getting set.

I hit this problem when unplugging devices while iso data was streaming from
the device to the guest. When this happens it takes a while for the guest to
process the unplugging and remove ISO transactions from the ehci schedule, in
the mean time these transactions would complete with a result of USB_RET_NODEV,
which was not handled. This lead to the Linux guest's usb subsystem "hanging",
that is it would no longer see new usb devices getting plugged in and running
for example lsusb would lead to a stuck (D state) lsusb process. This patch
fixes this.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

libcacard: fix reported ATR length

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-ccid: advertise SELF_POWERED

Before commit ed5a83ddd8c1d8ec7b1015315530cf29949e7c48 each device
provided it's own response to USB_REQ_GET_STATUS, but after it that
response was based on bmAttributes, which was errounously set for
usb-ccid as 0xa0 and not 0xe0.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

libcacard: link with glib for g_strndup

Without it the produced library for make libcacard.la has an unresolved
symbol.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-desc: fix user trigerrable segfaults (!config)

Check for dev->config being NULL in two places:
USB_REQ_GET_CONFIGURATION and USB_REQ_GET_STATUS.

The behavior of USB_REQ_GET_STATUS is unspecified in the Default state,
that corresponds to dev->config being NULL (it defaults to NULL and is
reset whenever a SET_CONFIGURATION with value 0, or attachment). I
implemented it to correspond with the state before
ed5a83ddd8c1d8ec7b1015315530cf29949e7c48, the commit moving SET_STATUS
to usb-desc; if dev->config is not set we return whatever is in the
first configuration.

The behavior of USB_REQ_GET_CONFIGURATION is also undefined before any
SET_CONFIGURATION, but here we just return 0 (same as specified for the
Address state).

A win7 guest failed to initialize the device before this patch,
segfaulting when GET_STATUS was called with dev->config == NULL. With
this patch the passthrough device still doesn't work but the failure is
unrelated.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-ehci: sanity-check iso xfers

This patch adds a sanity check to itd processing to make sure the
endpoint addressed by the guest is actually an iso endpoint. Also
verify that usb drivers don't return USB_RET_ASYNC which is illegal for
iso xfers.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb: add tracepoint for usb packet state changes.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-xhci: enable packet queuing

qemu usb core has packet queues now, so flip lets the switch.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-uhci: implement packet queuing

When a usb device is busy processing a packet (and returns
USB_RET_ASYNC), continue walking the transfer descriptor list
and process them to fill the request queue.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-uhci: process uhci_handle_td return code via switch.

Restruct the uhci_handle_td return code processing to make the
control flow more clear and the code more readable.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-uhci: add UHCIQueue

UHCIAsync structs (in-flight requests) grouped in UHCIQueue now.
Each (active) usb endpoint gets its own UHCIQueue.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-uhci: cleanup UHCIAsync allocation & initialization.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-ehci: fix reset

Two reset fixes:
  * pick up s->usbcmd value after ehci_reset call to make sure it
    keeps the reset value and doesn't get rubbish filled in when
    val is written back to the mmio register array later on.
  * make sure the frame timer is zapped on reset.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

usb-hid: fix tablet activation

Activate usb hid pointer devices (mouse+tablet) unconditionally
on polls, even if we NAK the poll due to lack of new events.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

qxl: make qxl_render_update async

RHBZ# 747011

Removes the last user of QXL_SYNC when using update drivers that use the
_ASYNC io ports.

The last user is qxl_render_update, it is called both by qxl_hw_update
which is the vga_hw_update_ptr passed to graphic_console_init, and by
qxl_hw_screen_dump.

At the same time the QXLRect area being passed to the red_worker thread
is passed as a copy, as part of the QXLCookie.

The implementation uses interface_update_area_complete with a bh to make
sure dpy_update and qxl_flip are called from the io thread, otherwise
the vga->ds->surface.data can change under our feet.

With this patch sdl+spice works fine. But spice by itself doesn't
produce the expected screendumps unless repeated a few times, due to
ppm_save being called before update_area (rendering done in spice server
thread) having a chance to complete. Fixed by next patch, but see commit
message for problem introduced by it.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

qxl: introduce QXLCookie

Will be used in the next patch.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

qxl: remove flipped

Tested on linux and windows guests. For negative stride, qxl_flip copies
directly to vga->ds->surface->data, for positive it's reallocated to
share qxl->guest_primary.data

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

qxl: require spice >= 0.8.2

drop all ifdefs on SPICE_INTERFACE_QXL_MINOR >= 1 as a result,
any check for SPICE_SERVER_VERSION that is now always satisfied,
and SPICE_INTERFACE_CORE_MINOR >= 3 tests, because
0.8.2 has SPICE_INTERFACE_QXL_MINOR == 1 and
SPICE_INTERFACE_CORE_MINOR == 3.

Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>