review.tizen.org Git - sdk/emulator/qemu.git/log

Remove uses of ram.last_offset (aka last_ram_offset)

We currently need this either to allocate the next ram_addr_t for a
new block, or for total memory to be migrated. Both of which we can
calculate without need of this to keep us in a contiguous address space.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

make rtc alatm work

Convert alarm time from BCD if needed before comparing with current
time.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

scsi: Fix SCSI bus reset

When the controller raises the SCSI reset line, we have to perform the
requested reset on all disks attached to the controller's bus. Moreover,
reset is edge triggered, so avoid repeating it if the line was already
high.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

Fix io-thread build breakage of a88790a14f

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

Include sys/mman.h before qemu-options.h

The result of parsing qemu-options.def depends on whehter or not
MAP_POPULATE is defined, so make sure to include sys/mman.h before
including qemu-options.h.

Reported by Frank Arnold.

Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

Merge remote branch 'kwolf/for-anthony' into staging

Merge remote branch 'qmp/for-anthony' into staging

cris: Avoid debug clobbering for both I & D MMU state.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@axis.com>

cris: Dont clobber the MMU state across calls to cpu_get_phys_page_debug.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

cris: Break out rand LFSR update into a separate func.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@axis.com>

piix4: compile only once

Compile piix4 in hwlib. Two compilations less for the full build.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

remove exec-all.h inclusion from cpu.h

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

move cpu_pc_from_tb to target-*/exec.h

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

remove unused stuff from */exec.h

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

block: Handle multiwrite errors only when all requests have completed

Don't try to be clever by freeing all temporary data and calling all callbacks
when the return value (an error) is certain. Doing so has at least two
important problems:

* The temporary data that is freed (qiov, possibly zero buffer) is still used
by the requests that have not yet completed.
* Calling the callbacks for all requests in the multiwrite means for the caller
that it may free buffers etc. which are still in use.

Just remember the error value and do the cleanup when all requests have
completed.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>

block: Fix early failure in multiwrite

bdrv_aio_writev may call the callback immediately (and it will commonly do so
in error cases). Current code doesn't consider this. For details see the
comment added by this patch.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qemu-img: avoid calling exit(1) to release resources properly

This patch removes exit(1) from error(), and properly releases
resources such as a block driver and an allocated memory.

For testing the Sheepdog block driver with qemu-iotests, it is
necessary to call bdrv_delete() before the program exits. Because the
driver releases the lock of VM images in the close handler.

Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

pc: Fix CMOS info for drives defined with -device

Drives defined with -drive if=ide get get created along with the IDE
controller, inside machine->init().  That's before cmos_init().
Drives defined with -device get created during generic device init.
That's after cmos_init().  Because of that, CMOS has no information on
them (type, geometry, translation).  Older versions of Windows such as
XP reportedly choke on that.

Split off the part of CMOS initialization that needs to know about
-device devices, and turn it into a reset handler, so it runs after
device creation.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

ide: Make PIIX and ISA IDE init functions return the qdev

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

block: Fix virtual media change for if=none

BlockDriverState member removable controls whether virtual media
change (monitor commands change, eject) is allowed.  It is set when
the "type hint" is BDRV_TYPE_CDROM or BDRV_TYPE_FLOPPY.

The type hint is only set by drive_init().  It sets BDRV_TYPE_FLOPPY
for if=floppy.  It sets BDRV_TYPE_CDROM for media=cdrom and if=ide,
scsi, xen, or none.

if=ide and if=scsi work, because the type hint makes it a CD-ROM.
if=xen likewise, I think.

For the same reason, if=none works when it's used by ide-drive or
scsi-disk.  For other guest devices, there are problems:

* fdc: you can't change virtual media

    $ qemu [...] -drive if=none,id=foo,... -global isa-fdc.driveA=foo
    QEMU 0.12.50 monitor - type 'help' for more information
    (qemu) eject foo
    Device 'foo' is not removable

  unless you add media=cdrom, but that makes it readonly.

* virtio: if you add media=cdrom, you can change virtual media.  If
  you eject, the guest gets I/O errors.  If you change, the guest sees
  the drive's contents suddenly change.

* scsi-generic: if you add media=cdrom, you can change virtual media.
  I didn't test what that does to the guest or the physical device,
  but it can't be pretty.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

block: Clean up bdrv_snapshots()

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

savevm: Survive hot-unplug of snapshot device

savevm.c keeps a pointer to the snapshot block device.  If you manage
to get that device deleted, the pointer dangles, and the next snapshot
operation will crash & burn.  Unplugging a guest device that uses it
does the trick:

    $ MALLOC_PERTURB_=234 qemu-system-x86_64 [...]
    QEMU 0.12.50 monitor - type 'help' for more information
    (qemu) info snapshots
    No available block device supports snapshots
    (qemu) drive_add auto if=none,file=tmp.qcow2
    OK
    (qemu) device_add usb-storage,id=foo,drive=none1
    (qemu) info snapshots
    Snapshot devices: none1
    Snapshot list (from none1):
    ID        TAG                 VM SIZE                DATE       VM CLOCK
    (qemu) device_del foo
    (qemu) info snapshots
    Snapshot devices:
    Segmentation fault (core dumped)

Move management of that pointer to block.c, and zap it when the device
it points becomes unusable.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

blkdebug: Initialize state as 1

state = 0 in rules means that the rule is valid for any state. Therefore it's
impossible to have a rule that works only in the initial state. This changes
the initial state from 0 to 1 to make this possible.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>

blkdebug: Free QemuOpts after having read the config

Forgetting to free them means that the next instance inherits all rules and
gets its own rules only additionally.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>

blkdebug: Fix set_state_opts definition

The list head was initialized to point to the wrong list, so all actions ended
up being handled as inject-error even if they were set-state in fact.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qemu-option: New qemu_opts_reset()

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

block: Catch attempt to attach multiple devices to a blockdev

For instance, -device scsi-disk,drive=foo -device scsi-disk,drive=foo
happily creates two SCSI disks connected to the same block device.
It's all downhill from there.

Device usb-storage deliberately attaches twice to the same blockdev,
which fails with the fix in place. Detach before the second attach
there.

Also catch attempt to delete while a guest device model is attached.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

blockdev: drive_get_by_id() is no longer used, remove

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qdev: Decouple qdev_prop_drive from DriveInfo

Make the property point to BlockDriverState, cutting out the DriveInfo
middleman.  This prepares the ground for block devices that don't have
a DriveInfo.

Currently all user-defined ones have a DriveInfo, because the only way
to define one is -drive & friends (they go through drive_init()).
DriveInfo is closely tied to -drive, and like -drive, it mixes
information about host and guest part of the block device.  I'm
working towards a new way to define block devices, with clean
host/guest separation, and I need to get DriveInfo out of the way for
that.

Fortunately, the device models are perfectly happy with
BlockDriverState, except for two places: ide_drive_initfn() and
scsi_disk_initfn() need to check the DriveInfo for a serial number set
with legacy -drive serial=...  Use drive_get_by_blockdev() there.

Device model code should now use DriveInfo only when explicitly
dealing with drives defined the old way, i.e. without -device.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

blockdev: Clean up automatic drive deletion

We automatically delete blockdev host parts on unplug of the guest
device.  Too much magic, but we can't change that now.

The delete happens early in the guest device teardown, before the
connection to the host part is severed.  Thus, the guest part's
pointer to the host part dangles for a brief time.  No actual harm
comes from this, but we'll catch such dangling pointers a few commits
down the road.  Clean up the dangling pointers by delaying the
automatic deletion until the guest part's pointer is gone.

Device usb-storage deliberately makes two qdev properties refer to the
same drive, because it automatically creates a second device.  Again,
too much magic we can't change now.  Multiple references worked okay
before, but now free_drive() dies for the second one.  Zap the extra
reference.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

blockdev: New drive_get_by_blockdev()

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

Don't reset bs->is_temporary in bdrv_open_common

To fix https://bugs.launchpad.net/qemu/+bug/597402 where qemu fails to
call unlink() on temporary snapshots due to bs->is_temporary getting clobbered
in bdrv_open_common() after being set in bdrv_open() which calls the former.

We don't need to initialize bs->is_temporary in bdrv_open_common().

Signed-off-by: Ryan Harper <ryanh@us.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

blockdev: Remove drive_get_serial()

Unused since commit 6ced55a5.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

ide: Make it explicit that ide_create_drive() can't fail

All callers of ide_create_drive() ignore its value. Currently
harmless, because it fails only when qdev_init() fails, which fails
only when ide_drive_initfn() fails, which never fails.

Brittle. Change it to die instead of silently ignoring failure.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

scsi: scsi_bus_legacy_handle_cmdline() can fail, fix callers

None of its callers checks for failure. scsi_hot_add() can crash
because of that:

(qemu) drive_add 4 if=scsi,format=host_device,file=/dev/sg1
scsi-generic: scsi generic interface too old
Segmentation fault (core dumped)

Fix all callers, not just scsi_hot_add().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

block: allow filenames with colons again for host devices

Before the raw/file split we used to allow filenames with colons for host
device only. While this was more by accident than by design people rely
on it, so we need to bring it back.

So move the host device probing to be before the protocol detection
again.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qcow2: Fix error handling during metadata preallocation

People were wondering why qemu-img check failed after they tried to preallocate
a large qcow2 file and ran out of disk space.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>

Don't declare XSAVE as supported

i386 cpuid.c currently claims XSAVE is supported in the CPUID filter,
but that's not true: Only FXSAVE is supported. Remove that bit
from the filter.

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

Add more boundary checking to sse3/4 parsing

ssse3 uses tables with only two entries per op, but it is indexed
with b1 which can contain variables upto 3. This happens when ssse3
or sse4 are used with REP* prefixes.

Add boundary checking for this case.

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-arm : fix parallel saturated subtraction implementation

Signed-off-by: Chih-Min Chao <cmchao@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-arm : fix thumb2 parallel add/sub opcode decoding

Signed-off-by: Chih-Min Chao <cmchao@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-arm: fix addsub/subadd implementation

Signed-off-by: Chih-Min Chao <cmchao@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

Makefile: add qemu-options.def to distclean

Remove generated qemu-options.def at "make distclean".

Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

Add QMP/qmp-commands.txt to .gitignore

QMP/qmp-commands.txt is a generated file.

Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-i386: fix xchg rax,r8

We were ignoring REX_B while special-casing NOP, i.e. xchg eax,eax.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: add Loongson support prefetch

Loongson CPU uses a load to zero register for prefetch.
Emulate it as a NOP.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

monitor: Allow to exclude commands from QMP

Ported commands that are marked 'user_only' will not be considered for
QMP monitor sessions. This allows to implement new commands that do not
(yet) provide a sufficiently stable interface for QMP use.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

QMP: handle_qmp_command(): Small cleanup

Drop a unneeded label and QDECREF() call.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

QMP: Drop old input object checking

Previous commit added qmp_check_input_obj(), it does all the
checking we need.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

QMP: Introduce qmp_check_input_obj()

This is similar to qmp_check_client_args(), but it checks if
the input object follows the specification (QMP/qmp-spec.txt
section 2.3).

As we're limited to three keys, the work here is quite simple:
we iterate over the input object, checking each time if the
current argument complies to the specification.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

QError: Introduce QERR_QMP_EXTRA_MEMBER

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

QMP: Drop old client argument checker

Previous two commits added qmp_check_client_args(), which
fully replaces this code and is way better.

It's important to note that the new checker doesn't support
the '/' arg type. As we don't have any of those handlers
converted to QMP, this is just dead code.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

QMP: New argument checker (second part)

This commit introduces the second (and last) part of QMP's new
argument checker.

The job is done by check_client_args_type(), it iterates over
the client's argument qdict and for for each argument it checks
if it exists and if its type is valid.

It's important to observe the following changes from the existing
argument checker:

  - If the handler accepts an O-type argument, unknown arguments
    are passed down to it. It's up to O-type handlers to validate
    their arguments

  - Boolean types (eg. 'b' and '-') don't accept integers anymore,
    only json-bool

  - Argument types '/' and '.' are currently unsupported under QMP,
    thus they're not handled

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

QMP: New argument checker (first part)

Current QMP's argument checker is more complex than it should be
and has (at least) one serious bug: it ignores unknown arguments.

To solve both problems we introduce a new argument checker. It's
added on top of the existing one, so that there are no regressions
during the transition.

This commit introduces the first part of the new checker, which
is run by qmp_check_client_args() and does the following:

1. Check if all mandatory arguments were provided
2. Set flags for argument validation

In order to do that, we transform the args_type string (from
qemu-montor.hx) into a qdict and iterate over it.

Next commit adds the new checker's second part: type checking and
invalid argument detection.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

Monitor: handle optional '-' arg as a bool

Historically, user monitor arguments beginning with '-' (eg. '-f')
were passed as integers down to handlers.

I've maintained this behavior in the new monitor because we didn't
have a boolean type at the very beginning of QMP. Today we have it
and this behavior is causing trouble to QMP's argument checker.

This commit fixes the problem by doing the following changes:

1. User Monitor

   Before: the optional arg was represented as a QInt, we'd pass 1
           down to handlers if the user specified the argument or
           0 otherwise

   This commit: the optional arg is represented as a QBool, we pass
                true down to handlers if the user specified the
                argument, otherwise _nothing_ is passed

2. QMP

   Before: the client was required to pass the arg as QBool, but we'd
           convert it to QInt internally. If the argument wasn't passed,
           we'd pass 0 down

   This commit: still require a QBool, but doesn't do any conversion and
                doesn't pass any default value

3. Convert existing handlers (do_eject()/do_migrate()) to the new way

   Before: Both handlers would expect a QInt value, either 0 or 1

   This commit: Change the handlers to accept a QBool, they handle the
                following cases:

                   A) true is passed: the option is enabled
                   B) false is passed: the option is disabled
                   C) nothing is passed: option not specified, use
                                         default behavior

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

QDict: Introduce qdict_get_try_bool()

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

check-qdict: Introduce test for the new iteration API

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

QDict: Introduce new iteration API

It's composed of functions qdict_first() and qdict_next(), plus
functions to access QDictEntry values.

This API was suggested by Markus Armbruster <armbru@redhat.com> and
it offers full control over the iteration process.

The usage is simple, the following example prints all keys in 'qdict'
(it's hopefully better than any English description):

   QDict *qdict;
   const QDictEntry *ent;

   [...]

   for (ent = qdict_first(qdict); ent; ent = qdict_next(qdict, ent)) {
        printf("%s ", qdict_entry_key(ent));
    }

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

QDict: Introduce functions to retrieve QDictEntry values

Next commit will introduce a new QDict iteration API which
returns QDictEntry entries, but we don't want users to directly
access its members since QDictEntry should be private to QDict.

In the near future this kind of data type will be turned into a
forward reference.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

QDict: Small terminology change

Let's call a 'hash' only what is returned by our hash function,
anything else is a 'bucket'.

This helps avoiding confusion with regard to how we traverse
our table.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

QDict: Rename 'err_value'

A missing key is not an error.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

QError: Enhance QERR_DEVICE_NOT_ACTIVE's user desc

The 'by the guest' part is misleading, it could be disabled by
the host too.

We will likely need more surgery if we care for the distinction,
just dropping the problematic part is good enough for now.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

QMP: Fix error reporting in the async API

The current asynchronous command API doesn't return a QMP response
when the async command fails.

This is easy to reproduce with the balloon command (the sole async
command we have so far): run qemu w/o the '-balloon virtio' option
and try to issue the balloon command via QMP: no response will be
sent to the client.

This commit fixes the problem by making qmp_async_cmd_handler()
return the handler's error code and then calling
monitor_protocol_emitter() if the handler has returned an error.

Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

net: delete QemuOpts when net_client_init() fails.

This fixes the following scenario using QMP.

First, put a bogus argument "foo" to "type", which results in an error.
{"execute": "netdev_add", "arguments": { "type": "foo", "id": "netdev1" } }
Then, call it again with correct argument "user".
{"execute": "netdev_add", "arguments": { "type": "user", "id": "netdev1" } }
This results in "DuplicatedId" error.

Because the first command was invalid, it should be able to reuse the
same "id", and the second command should work.

Reported-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

QMP: Fix python helper /wrt long return strings

Remove the arbitrary limitation of 1024 characters per return string and
read complete lines instead. Required for device_show.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

QMP: Teach basic capability negotiation to python example

As sending "qmp_capabilities" on session start became mandatory, both
python examples were broken.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

monitor: Establish cmd flags and convert the async tag

As we want to add more flags to monitor commands, convert the only so
far existing one accordingly.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

monitor: Fix command completion vs. boolean switches

We now have to move forward to the next argument type via next_arg_type.
This patch fixes completion for 'eject' and maybe also other commands.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

monitor: Fix leakage during completion processing

Given too many arguments or an invalid command, we were leaking the
duplicated argument strings.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>

target-mips: split load and store

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

qdev-properties: Fix (u)intXX parsers

scanf calls must not use PRI constants, they have probably the wrong size and
corrupt memory. We could replace them by SCN ones, but strtol is simpler than
scanf here anyway. While at it, also fix the parsers to reject garbage after
the number ("4096xyz" was accepted before).

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Richard Henderson <rth@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

Return usb device to host on exit

Signed-off-by: Shahar Havivi <shaharh@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

Return usb device to host on usb_del command

Signed-off-by: Shahar Havivi <shaharh@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

net: Fix VM start with '-net none'

Commit 50e32ea8f31035877decc10f1075aa0e619e09cb changed the behaviour
for the return type of net_client_init() when a nic type with no init
method was specified. 'none' is one such nic type. Instead of returning
0, which gets interpreted as an index into the nd_table[] array, we
switched to returning -1, which signifies an error as well.

That broke VM start with '-net none'. Testing was only done with the
monitor command 'pci_add', which doesn't fail.

The correct fix would still be to return 0+ values from
net_client_init() only when the return value can be used as an index to
refer to an entry in nd_table[]. With the current code, callers can
erroneously poke into nd_table[0] when -net nic is used, which can lead
to badness.

However, this commit just returns to the previous behaviour before the
offending commit.

Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

x86: svm: Always clear event_inj on vmexit

We currently only clear SVM_EVTINJ_VALID after successful interrupt
delivery. This apparently does not match real hardware which clears the
whole event_inj field on every vmexit, including unsuccessful interrupt
delivery.

Reported-by: Erik van der Kouwe <vdkouwe@cs.vu.nl>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

usb-uhci: fix commit 8e65b7c04965c8355e4ce43211582b6b83054e3d for vmstate

The commit 8e65b7c04965c8355e4ce43211582b6b83054e3d introduced
expire_time of UHCIState. But expire_time is not in vmstate, the
second uhci_frame_timer will not be fired immediately after loadvm.

Signed-off-by: TeLeMan <geleman@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

hw/omap : make local function static and remove declaration from header

Signed-off-by: cmchao <cmchao@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

hw/omap1.c : separate uart module

Signed-off-by: cmchao <cmchao@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

hw/omwp2.c : separate l4 interconnect module

Signed-off-by: cmchao <cmchao@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

hw/omap2.c : separate tap module(Test-Chip-level)

Signed-off-by: cmchao <cmchao@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

hw/omap2.c : separate spi module

Signed-off-by: cmchao <cmchao@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

hw/omap1.c : separate interrupt controller module

Signed-off-by: cmchao <cmchao@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

hw/omap2.c : separate sdrc (sdram controller)

Signed-off-by: cmchao <cmchao@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

hw/omap2.c : separate gpmc(general purpose memory controller)

Signed-off-by: cmchao <cmchao@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

hw/omap2.c : separate synctimer module

Signed-off-by: cmchao <cmchao@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

hw/omap2.c : separate gptimer module

Signed-off-by: cmchao <cmchao@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

hw/omap2.c : separate gpio module

Signed-off-by: cmchao <cmchao@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

hw/omap1.c : separate gpio module

Signed-off-by: cmchao <cmchao@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

virtio-serial: Simplify virtio_serial_load()

For all i, ports_map[i] is used in and only in the i-th iteration.
Replace the dynamic array by a scalar variable.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

usb-serial: Fail instead of crash when chardev is missing

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

A bit optimization for tlb_set_page()

This patch avoids handling write watchpoints on read-only memory access.
It also breaks the searching loop for watchpoint once the setup for
handling watchpoint later is done.

Signed-off-by: Jun Koi <junkoi2004@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: fix DINSU instruction

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

MIPS: fix fulong bios loading

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

target-mips: enable movn/movz on loongson 2E & 2F

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

mips-dis: add support for Godson integer instructions

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

r2d: fix pflash mapping

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

lsi53c895a: fix Phase Mismatch Jump

lsi_bad_phase has a bug in the choice of pmjad1/pmjad2.  This does
not matter with Linux guests because it uses just one routine for
both, but it breaks Windows 64-bit guests.  This is the text
from the spec:

   "[The PMJCTL] bit controls which decision mechanism is used
   when jumping on phase mismatch. When this bit is cleared the
   LSI53C895A will use Phase Mismatch Jump Address 1 (PMJAD1) when
   the WSR bit is cleared and Phase Mismatch Jump Address 2 (PMJAD2)
   when the WSR bit is set.  When this bit is set the LSI53C895A will
   use jump address one (PMJAD1) on data out (data out, command,
   message out) transfers and jump address two (PMJAD2) on data in
   (data in, status, message in) transfers."

Which means:

    CCNTL0.PMJCTL
        0              SCNTL2.WSR = 0             PMJAD1
        0              SCNTL2.WSR = 1             PMJAD2
        1                    out                  PMJAD1
        1                    in                   PMJAD2

In qemu, what you get instead is:

    CCNTL0.PMJCTL
        0                    out                  PMJAD1
        0                    in                   PMJAD2    <<<<<
        1                    out                  PMJAD1
        1                    in                   PMJAD1    <<<<<

Considering that qemu always has SCNTL2.WSR cleared, the two marked cases
(corresponding to phase mismatch on input) are always jumping to the
wrong PMJAD register.  The patch implements the correct semantics.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

MIPS: Initial support of fulong mini pc (machine construction)

Signed-off-by: Huacai Chen <zltjiangshi@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

MIPS: Initial support of fulong mini pc (CPU definition)

Signed-off-by: Huacai Chen <zltjiangshi@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

MIPS: Initial support of VIA USB controller used by fulong mini pc

Signed-off-by: Huacai Chen <zltjiangshi@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>