- 26 11月, 2014 2 次提交
-
-
由 Gonglei 提交于
When we dynamically modify boot order, the length of boot order will be changed, but we don't update s->files->f[i].size with new length. This casuse seabios read a wrong vale of qemu cfg file about bootorder. Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: NGonglei <arei.gonglei@huawei.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Don Slutz 提交于
c/s 9b23cfb7 or c/s b154537a moved the testing of xen_enabled() from pc_init1() to pc_machine_initfn(). xen_enabled() does not return the correct value in pc_machine_initfn(). Changed vmport from a bool to an enum. Added the value "auto" to do the old way. Move check of xen_enabled() back to pc_init1(). Acked-by: NEric Blake <eblake@redhat.com> Reviewed-by: NEduardo Habkost <ehabkost@redhat.com> Signed-off-by: NDon Slutz <dslutz@verizon.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 25 11月, 2014 8 次提交
-
-
由 Igor Mammedov 提交于
If QEMU is started with -numa ... Windows only notices that CPU has been hot-added but it will not online such CPUs. It's caused by the fact that possible CPUs are flagged as not enabled in SRAT and Windows honoring that information doesn't use corresponding CPU. ACPI 5.0 Spec regarding to flag says: " Table 5-47 Local APIC Flags ... Enabled: if zero, this processor is unusable, and the operating system support will not attempt to use it. " Fix QEMU to adhere to spec and mark possible CPUs as enabled in SRAT. With that Windows onlines hot-added CPUs as expected. Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Gonglei 提交于
Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Gonglei 提交于
Reported-by: https://bugs.launchpad.net/qemu/+bug/1393440Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Paolo Bonzini 提交于
This makes it simpler to keep the SSDT byte-for-byte identical for a given machine type, which is a goal we want to have for 2.2 and newer types. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Michael S. Tsirkin 提交于
acpi build modifies internal FW CFG RAM on first access but we forgot to mark it dirty. If this RAM has been migrated already, it won't be migrated again, returning corrupted tables to guest. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Marcel Apfelbaum 提交于
If the pci bridge enters in error flow as part of init process it will only delete the shpc mmio subregion but not remove it from the properties list, resulting in segmentation fault when the bridge runs the exit function. Example: add a pci bridge without specifing the chassis number: <qemu-bin> ... -device pci-bridge,id=p1 Result: (qemu) qemu-system-x86_64: -device pci-bridge,id=p1: Bridge chassis not specified. Each bridge is required to be assigned a unique chassis id > 0. qemu-system-x86_64: -device pci-bridge,id=p1: Device initialization failed. Segmentation fault (core dumped) if (child->class->unparent) { #0 0x00005555558d629b in object_finalize_child_property (obj=0x555556d2e830, name=0x555556d30630 "shpc-mmio[0]", opaque=0x555556a42fc8) at qom/object.c:1078 #1 0x00005555558d4b1f in object_property_del_all (obj=0x555556d2e830) at qom/object.c:367 #2 0x00005555558d4ca1 in object_finalize (data=0x555556d2e830) at qom/object.c:412 #3 0x00005555558d55a1 in object_unref (obj=0x555556d2e830) at qom/object.c:720 #4 0x000055555572c907 in qdev_device_add (opts=0x5555563544f0) at qdev-monitor.c:566 #5 0x0000555555744f16 in device_init_func (opts=0x5555563544f0, opaque=0x0) at vl.c:2213 #6 0x00005555559cf5f0 in qemu_opts_foreach (list=0x555555e0f8e0 <qemu_device_opts>, func=0x555555744efa <device_init_func>, opaque=0x0, abort_on_failure=1) at util/qemu-option.c:1057 #7 0x000055555574a11b in main (argc=16, argv=0x7fffffffdde8, envp=0x7fffffffde70) at vl.c:423 Unparent the shpc mmio region as part of shpc cleanup. Signed-off-by: NMarcel Apfelbaum <marcel.a@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NAmos Kong <akong@redhat.com>
-
由 Igor Mammedov 提交于
if DIMMs with different size/alignment are interleaved in creation order, it could lead to hotplug-memory container fragmentation and following inability to use all RAM upto maxmem. For example: -m 4G,slots=3,maxmem=7G -object memory-backend-file,id=mem-1,size=256M,mem-path=/pagesize-2MB -device pc-dimm,id=mem1,memdev=mem-1 -object memory-backend-file,id=mem-2,size=1G,mem-path=/pagesize-1GB -device pc-dimm,id=mem2,memdev=mem-2 -object memory-backend-file,id=mem-3,size=256M,mem-path=/pagesize-2MB -device pc-dimm,id=mem3,memdev=mem-3 fragments hotplug-memory container and doesn't allow to use 1GB hugepage backend to consume remainig 1Gb. To ease managment factor count in max 1Gb alignment for each memory slot when sizing hotplug-memory region so that regadless of fragmentaion it would be possible to add max aligned DIMM. Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Igor Mammedov 提交于
Currently maxmem limit is not checked and depends on hotplug region container not being able to fit more RAM than maxmem. Do check explicitly so that it would be possible to change hotplug container size later to deal with fragmentation. Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 24 11月, 2014 3 次提交
-
-
由 Paolo Bonzini 提交于
This fixes another failure with ExtINT, demonstrated by QNX. The failure mode is as follows: - IPI sent to cpu 0 (bit set in APIC irr) - IPI accepted by cpu 0 (bit cleared in irr, set in isr) - IPI sent to cpu 0 (bit set in both irr and isr) - PIC interrupt sent to cpu 0 The PIC interrupt causes CPU_INTERRUPT_HARD to be set, but apic_irq_pending observes that the highest pending APIC interrupt priority (the IPI) is the same as the processor priority (since the IPI is still being handled), so apic_get_interrupt returns a spurious interrupt rather than the pending PIC interrupt. The result is an endless sequence of spurious interrupts, since nothing will clear CPU_INTERRUPT_HARD. Instead, ExtINT interrupts should have ignored the processor priority. Calling apic_check_pic early in apic_get_interrupt ensures that apic_deliver_pic_intr is called instead of delivering the spurious interrupt. apic_deliver_pic_intr then clears CPU_INTERRUPT_HARD if needed. Reported-by: NRichard Bilson <rbilson@qnx.com> Tested-by: NRichard Bilson <rbilson@qnx.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
This patch fixes an obscure failure of the QNX kernel on QEMU x86 SMP. In QNX, all hardware interrupts come via the PIC, and are delivered by the cpu 0 LAPIC in ExtINT mode, while IPIs are delivered by the LAPIC in fixed mode. This bug happens as follows: - cpu 0 masks a particular PIC interrupt - IPI sent to cpu 0 (CPU_INTERRUPT_HARD is set) - before the IPI is accepted, the masked interrupt line is asserted by the device Since the interrupt is masked, apic_deliver_pic_intr will clear CPU_INTERRUPT_HARD. The IPI will still be set in the APIC irr, but since CPU_INTERRUPT_HARD is not set the cpu will not notice. Depending on the scenario this can cause a system hang, i.e. if cpu 0 is expected to unmask the interrupt. In order to fix this, do a full check of the APIC before an EXTINT is acknowledged. This can result in clearing CPU_INTERRUPT_HARD, but can also result in delivering the lost IPI. Reported-by: NRichard Bilson <rbilson@qnx.com> Tested-by: NRichard Bilson <rbilson@qnx.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
After the next patch, if a masked PIC interrupts causes CPU_INTERRUPT_POLL to be set, the CPU will spuriously get out of halted state. While this is technically valid, we should avoid that. Make CPU_INTERRUPT_POLL run apic_update_irq in the right thread and then look at CPU_INTERRUPT_HARD. If CPU_INTERRUPT_HARD does not get set, do not report the CPU as having work. Also move the handling of software-disabled APIC from apic_update_irq to apic_irq_pending, and always trigger CPU_INTERRUPT_POLL. This will be important once we will add a case that resets CPU_INTERRUPT_HARD from apic_update_irq. We want to run it even if we go through CPU_INTERRUPT_POLL, and even if the local APIC is software disabled. Reported-by: NRichard Bilson <rbilson@qnx.com> Tested-by: NRichard Bilson <rbilson@qnx.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 23 11月, 2014 5 次提交
-
-
由 Igor Mammedov 提交于
Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Igor Mammedov 提交于
Performance wise it's better to align GVA by the backend's page size. Also do not allow to create DIMM device with suboptimal size (i.e. not aligned to backends page size) to aviod memory loss. Do above only for 2.2 and newer machine types to avoid breaking working configs with 2.1 machine type. Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Igor Mammedov 提交于
When running in KVM mode, kvm_set_phys_mem() will silently fail if registered MemoryRegion address/size is not page aligned. Causing memory hotplug failure in guest. Mapping non aligned MemoryRegion in TCG mode 'works', but sane guest OS still expects page aligned memory module and fails to initialize it if it's not aligned. So do not allow non aligned (i.e. valid) address/size values for DIMM to avoid either KVM failure or guest issues caused by it. Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Igor Mammedov 提交于
split addr initialization from declaration so that later when new local vars are added property getter wouldn't drift off of error check. Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Igor Mammedov 提交于
When more memory devices are used than available KVM memory slots, QEMU crashes with: kvm_alloc_slot: no free slot available Aborted (core dumped) Fix this by checking that KVM has a free slot before attempting to map memory in guest address space. Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Acked-by: NPaolo Bonzini <pbonzini@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 21 11月, 2014 2 次提交
-
-
由 Gonglei 提交于
Coverity spot: Assigning: iov = struct iovec [3]({{buf, 12UL}, {(void *)dot1q_buf, 4UL}, {buf + 12, size - 12}}) (address of temporary variable of type struct iovec [3]). out_of_scope: Temporary variable of type struct iovec [3] goes out of scope. Pointer to local outside scope (RETURN_LOCAL) use_invalid: Using iov, which points to an out-of-scope temporary variable of type struct iovec [3]. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Reviewed-by: NJason Wang <jasowang@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Gonglei 提交于
s->xmit_pos maybe assigned to a negative value (-1), but in this branch variable s->xmit_pos as an index to array s->buffer. Let's add a check for s->xmit_pos. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Reviewed-by: NJason Wang <jasowang@redhat.com> Reviewed-by: NJason Wang <jasowang@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 20 11月, 2014 1 次提交
-
-
由 Leif Lindholm 提交于
ePAPR 1.1 defines the stdout-path property, making the os-specific linux,stdout-path property redundant. Change the DT setup for ARM virt to use the generic property - supported by Linux since 3.15. The old QEMU behaviour was not present in any released version of QEMU, and was only added to QEMU after the kernel changed, so this should not break any existing setups. Signed-off-by: NLeif Lindholm <leif.lindholm@linaro.org> [PMM: add note to commit about the old behaviour never hving been in a released version of QEMU] Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 19 11月, 2014 1 次提交
-
-
由 Don Slutz 提交于
The other callers to blk_set_enable_write_cache() in this file already check for s->blk == NULL. Signed-off-by: NDon Slutz <dslutz@verizon.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1416259239-13281-1-git-send-email-dslutz@verizon.com Cc: qemu-stable@nongnu.org Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 18 11月, 2014 1 次提交
-
-
由 Paolo Bonzini 提交于
usb_ep_get and usb_handle_packet can deal with a NULL device, but we have to avoid dereferencing NULL pointers when building the id. Thanks to Gonglei for an initial stab at fixing this. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 17 11月, 2014 4 次提交
-
-
由 Gonglei 提交于
Signed-off-by: NGonglei <arei.gonglei@huawei.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Gonglei 提交于
Operands don't affect result (CONSTANT_EXPRESSION_RESULT) ((n->bar.aqa >> AQA_ASQS_SHIFT) & AQA_ASQS_MASK) > 4095 is always false regardless of the values of its operands. This occurs as the logical second operand of '||'. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Gonglei 提交于
lseek will return -1 on error, g_malloc0(size) and read(,,size) paramenters cannot be negative. We should add a check for return value of lseek(). Signed-off-by: NGonglei <arei.gonglei@huawei.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Gonglei 提交于
May pass freed pointer filename as an argument to error_report. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 14 11月, 2014 11 次提交
-
-
由 Roger Pau Monne 提交于
This patch fixes two issues with persistent grants and the disk PV backend (Qdisk): - Keep track of memory regions where persistent grants have been mapped since we need to unmap them as a whole. It is not possible to unmap a single grant if it has been batch-mapped. A new check has also been added to make sure persistent grants are only used if the whole mapped region can be persistently mapped in the batch_maps case. - Unmap persistent grants before switching to the closed state, so the frontend can also free them. Signed-off-by: NRoger Pau Monné <roger.pau@citrix.com> Reported-by: NGeorge Dunlap <george.dunlap@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Kevin Wolf <kwolf@redhat.com> Cc: Stefan Hajnoczi <stefanha@redhat.com> Cc: George Dunlap <george.dunlap@eu.citrix.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-
由 Igor Mammedov 提交于
If user starts QEMU with "-machine pc,accel=xen", then compat property in xenfv won't work and it would cause error: "Unsupported bus. Bus doesn't have property 'acpi-pcihp-bsel' set" when PCI device is added with -device on QEMU CLI. From: Igor Mammedov <imammedo@redhat.com> In case of Xen instead of using compat property, just use the fact that xen doesn't use QEMU's fw_cfg/acpi tables to switch piix4_pm into legacy PCI hotplug mode when Xen is enabled. Signed-off-by: NIgor Mammedov <imammedo@redhat.com> Signed-off-by: NLi Liang <liang.z.li@intel.com> Signed-off-by: NStefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 John Snow 提交于
In order to make handle_cmd more readable at the macro level, the details of how to decompose particular types of FIS packets are left to helper functions. In our case, the only type of FIS packet we currently expect to see is a Register H2D FIS packet, but the gory details of its decomposition are of no particular interest in handle_cmd. This patch keeps the receipt of FIS packets and the decomposition thereof separated to two different functions. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1415058979-16604-6-git-send-email-jsnow@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 John Snow 提交于
Instead of checking for a known byte, inspect the fields of this byte explicitly to produce more meaningful error messages and improve the readability of this section. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1415058979-16604-5-git-send-email-jsnow@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 John Snow 提交于
Error checking in ahci's handle_cmd is re-ordered so that we initialize as few things as possible before we've done our sanity checking. This simplifies returning from this call in case of an error. A check to make sure the DMA memory map succeeds with the correct size is also added, and the debug print of the command fis is cleaned up with its size corrected. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1415058979-16604-4-git-send-email-jsnow@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 John Snow 提交于
This patch introduces a few changes to how FIS packets are deciphered in the AHCI virtual device. The summary of changes can be grouped into two pieces: [A] Changes to how we apply a preliminary sieve to FISes, [B] Changes in how we internalize a decomposed FIS. == Changes to how we apply a preliminary sieve to FISes == (1) Packets may now either update the Control register or the Command register, but not both. This is according to the SATA 3.2 specification which states: "...the device either initiates processing of the command indicated in the Command register or initiates processing of the control request indicated [...] depending on the state of the C bit in the FIS." See SATA 3.2 section 10.5.5.4, "Reception" in the 10.5.5 "Register Host to Device FIS" section. This change accounts for the first two regions of change within the diff. All other changes belong to the following changes. == Changes in how we internalize a decomposed FIS == (2) Instead of trying to extract the sector number out of the FIS from bytes 4-10 and setting it with ide_set_sector, we set the appropriate IDEState registers and trust that ide_get_sector can retrieve the correct sector later. By "constructing" the sector for use with ide_set_sector, we are duplicating the mechanisms of ide_get_sector. This change makes the FIS decomposition more obvious. SATA 3.2 as a specification does not make the legacy register mapping with respect to the D2H FIS obvious. However, SATA 3.2 section 10.5.5.1 "Register Host to Device FIS layout" describes all of the "cmd_fis" bytes: 0 - FIS Type (0x27) 1 - Port Multiplier Port and Command Update flag 2 - ATA Command 3 - Features_Low 4 - LBA 7:0 5 - LBA 15:8 6 - LBA 23:16 7 - Device, AKA "Drive Select." 8 - LBA 31:24 9 - LBA 39:32 10 - LBA 47:40 11 - Features_High 12 - Count Low 13 - Count High 14 - ICC 15 - Control 16-19 - Auxiliary (for NCQ, defined per-command) Most of these registers map to existing IDEState registers in obvious ways, especially features, select, hob_features, and nsector (count). ICC is reserved in older specifications but is not supported in our implementation, and remains unused here. The Control register is not valid for a command that is trying to update the command register and is to be considered reserved at this point. What is not obvious is the LBA register mappings, but SATA 1.0 can help inform of us legacy device support, see SATA 1.0 section 8.5.2 "Register - Host to Device." LBA 7:0 - Sector Number (sector) LBA 15:8 - Cyl Low (lcyl) LBA 23:16 - Cyl High (hcyl) LBA 31:24 - Sector Num Exp. (hob_sector) LBA 39:32 - Cyl Low Exp. (hob_lcyl) LBA 47:40 - Cyl High Exp. (hob_hcyl) These mappings help guide which registers the FIS should be decomposed into/towards for CHS, LBA28 and LBA48 commands. As a note: The prior confusion that can be seen in the documentation arises from the fact that CHS and LBA28 commands use the low nybble of the drive select register to store LBA 27:24, whereas LNA48 commands use the hob_sector, hob_lcyl and hob_hcyl registers as explained above. The decomposition as it stands now will correctly decompose CHS, LBA28 and LBA48 commands into their appropriate registers where the core IDE/ATAPI layers can deal with them correctly. See the below point for more information. (3) We save cmd_fis[7] as ide_state->select, which informs decisions about if we are using LBA or CHS. This corrects a bug in AHCI wherein we attempt to set and/or retrieve the sector number by using ide_set_sector and ide_get_sector, which depend on the select register to determine if we are using LBA or CHS. Without this adjustment, LBA48 read/writes are currently broken. Thanks to Eniac Zheng @ HP for pointing this out. (4) Save cmd_fis[11] as ide_state->hob_feature, as defined in SATA 3.2. (5) For several ATA commands, the sector count register set to 0 is a magic number that means 256 sectors. For LBA48 commands, this means 65,536 sectors. We drop the magic sector correction here, and trust the ide core layer to handle the conversion appropriately, in ide_cmd_lba48_transform(). As it stands, the current AHCI code is only compliant with LBA28 commands. By simply removing the magic, it will work with LBA28 and LBA48. (6) We expand FIS decomposition to include both ATAPI and IDE devices. We leave the logic of determining if the fields are valid or not to the respective layers. This change intends to make it clearer that AHCI is only a composition mechanism for the FIS packets: the meanings of the registers is best left to the implementation layers for those devices. (7) Forcefully setting the feature, hcyl and lcyl registers for ATAPI commands is removed. - The hcyl and lcyl magic present here is valid at boot only, and should not be overridden for every PACKET command. - The feature register is defined as valid for the PACKET command, so we should not suppress it. The ATAPI layer does not even currently depend on or require 0x01 as mandatory. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1415058979-16604-3-git-send-email-jsnow@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 John Snow 提交于
A small helper to determine which S/ATA commands are destined to be routed to the NCQ pathways. This references SATA 3.2 section 13.6, Native Command Queueing. See sections 13.6.4, 13.6.5, 13.6.6, 13.6.7 and 13.6.8 for all SATA commands considered to be part of the NCQ feature set. This is summarized in a small list in section 13.6.3.1 and again in 13.6.3.2. Not all of these NCQ commands are currently supported, so the error pathways are adjusted slightly to be more informative in the case they are encountered. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1415058979-16604-2-git-send-email-jsnow@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 John Snow 提交于
This impacts both BMDMA and AHCI HBA interfaces for IDE. Currently, we confuse the difference between a PRDT having "0 bytes" and a PRDT having "0 complete sectors." When we receive an incomplete sector, inconsistent error checking leads to an infinite loop wherein the call succeeds, but it didn't give us enough bytes -- leading us to re-call the DMA chain over and over again. This leads to, in the BMDMA case, leaked memory for short PRDTs, and infinite loops and resource usage in the AHCI case. The .prepare_buf() callback is reworked to return the number of bytes that it successfully prepared. 0 is a valid, non-error answer that means the table was empty and described no bytes. -1 indicates an error. Our current implementation uses the io_buffer in IDEState to ultimately describe the size of a prepared scatter-gather list. Even though the AHCI PRDT/SGList can be as large as 256GiB, the AHCI command header limits transactions to just 4GiB. ATA8-ACS3, however, defines the largest transaction to be an LBA48 command that transfers 65,536 sectors. With a 512 byte sector size, this is just 32MiB. Since our current state structures use the int type to describe the size of the buffer, and this state is migrated as int32, we are limited to describing 2GiB buffer sizes unless we change the migration protocol. For this reason, this patch begins to unify the assertions in the IDE pathways that the scatter-gather list provided by either the AHCI PRDT or the PCI BMDMA PRDs can only describe, at a maximum, 2GiB. This should be resilient enough unless we need a sector size that exceeds 32KiB. Further, the likelihood of any guest operating system actually attempting to transfer this much data in a single operation is very slim. To this end, the IDEState variables have been updated to more explicitly clarify our maximum supported size. Callers to the prepare_buf callback have been reworked to understand the new return code, and all versions of the prepare_buf callback have been adjusted accordingly. Lastly, the ahci_populate_sglist helper, relied upon by the AHCI implementation of .prepare_buf() as well as the PCI implementation of the callback have had overflow assertions added to help make clear the reasonings behind the various type changes. [Added %d -> %"PRId64" fix John sent because off_pos changed from int to int64_t. --Stefan] Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1414785819-26209-4-git-send-email-jsnow@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 John Snow 提交于
The intent of this patch is to further unify the creation and deletion of the sglist used for all AHCI transfers, including emulated PIO, ATAPI R/W, and native DMA R/W. By replacing ahci_start_transfer's call to ahci_populate_sglist with ahci_dma_prepare_buf, we reduce the number of direct calls where we manipulate the scatter-gather list in the AHCI code. To make this switch, the constant "0" passed as an offset in ahci_dma_prepare_buf is adjusted to use io_buffer_offset. For DMA pathways, this has no effect: io_buffer_offset is always updated to 0 at the beginning of a DMA transfer loop regardless. DMA pathways through ide_dma_cb() update the io_buffer_offset accordingly, and for circumstances where we might make several trips through this loop, this may actually correct a design flaw. For PIO pathways, the newly updated ahci_dma_prepare_buf will now prepare the sglist at the correct offset. It will also set io_buffer_size, but this is not used in the cmd_read_pio or cmd_write_pio pathways. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1414785819-26209-3-git-send-email-jsnow@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 John Snow 提交于
Currently, for emulated PIO transfers through the AHCI device, any attempt made to request more than a single sector's worth of data will result in the same sector being transferred over and over. For example, if we request 8 sectors via PIO READ SECTORS, the AHCI device will give us the same sector eight times. This patch adds offset tracking into the PIO pathways so that we can fulfill these requests appropriately. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1414785819-26209-2-git-send-email-jsnow@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 John Snow 提交于
This patch fixes a regression caused by commit 659142ec. The problem occurs when we wish to return early from the ahci_start_transfer function, but are now updating the transferred byte count in the AHCI command header via ahci_commit_buf. This will cause problems in the Windows 8 installer. Don't update the byte count in the command header for the transmission of ATAPI packets: These commands will distort the final byte count of the actual data payload. The call to ahci_commit_buf remains in the "out" portion of the call in order to clean up the sglist. The byte count is maintained by forcing size to be 0. Signed-off-by: NJohn Snow <jsnow@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 13 11月, 2014 2 次提交
-
-
由 Pavel Dovgalyuk 提交于
Compare clock in ns, because acpi_pm_tmr_update uses rounded to ns value instead of ticks. Signed-off-by: NPavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru> [This lets Windows boot in icount mode. - Paolo] Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 SeokYeon Hwang 提交于
ram_addr_t should not be used except if referring to a RAMBlobk. Using 'uint64_t' avoids a -Wconstant-conversion warning, which clang >= 3.4 produces in "smbios_get_tables()". Signed-off-by: NSeokYeon Hwang <syeon.hwang@samsung.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-