- 30 9月, 2016 1 次提交
-
-
由 John Snow 提交于
ATA8-APT defines the state transitions for both a host controller and for the hardware device during the lifecycle of a DMA transfer, in section 9.7 "DMA command protocol." One of the interesting tidbits here is that when a device transitions from DDMA0 ("Prepare state") to DDMA1 ("Data_Transfer State"), it can choose to set either BSY or DRQ to signal this transition, but not both. as ide_sector_dma_start is the last point in our preparation process before we begin the real data transfer process (for either AHCI or BMDMA), this is the correct transition point for DDMA0 to DDMA1. I have chosen !BSY && DRQ for QEMU to make the transition from DDMA0 the most obvious. Reported-by: NBenjamin David Lunt <fys@fysnet.net> Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Tested-by: NStefan Weil <sw@weilnetz.de> Message-id: 1470175541-19344-1-git-send-email-jsnow@redhat.com Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
- 08 9月, 2016 1 次提交
-
-
由 Marc-André Lureau 提交于
The isa_register_portio_list() function allocates ioports data/state. Let's keep the reference to this data on some owner. This isn't enough to fix leaks, but at least, ASAN stops complaining of direct leaks. Further cleanup would require calling portio_list_del/destroy(). Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 08 8月, 2016 1 次提交
-
-
由 Marc-André Lureau 提交于
ahci-test /x86_64/ahci/io/dma/lba28/retry triggers the following leak: Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x7fc4b2a25e20 in malloc (/lib64/libasan.so.3+0xc6e20) #1 0x7fc4993bce58 in g_malloc (/lib64/libglib-2.0.so.0+0x4ee58) #2 0x556a187d4b34 in ahci_populate_sglist hw/ide/ahci.c:896 #3 0x556a187d8237 in ahci_dma_prepare_buf hw/ide/ahci.c:1367 #4 0x556a187b5a1a in ide_dma_cb hw/ide/core.c:844 #5 0x556a187d7eec in ahci_start_dma hw/ide/ahci.c:1333 #6 0x556a187b650b in ide_start_dma hw/ide/core.c:921 #7 0x556a187b61e6 in ide_sector_start_dma hw/ide/core.c:911 #8 0x556a187b9e26 in cmd_write_dma hw/ide/core.c:1486 #9 0x556a187bd519 in ide_exec_cmd hw/ide/core.c:2027 #10 0x556a187d71c5 in handle_reg_h2d_fis hw/ide/ahci.c:1204 #11 0x556a187d7681 in handle_cmd hw/ide/ahci.c:1254 #12 0x556a187d168a in check_cmd hw/ide/ahci.c:510 #13 0x556a187d0afc in ahci_port_write hw/ide/ahci.c:314 #14 0x556a187d105d in ahci_mem_write hw/ide/ahci.c:435 #15 0x556a1831d959 in memory_region_write_accessor /home/elmarco/src/qemu/memory.c:525 #16 0x556a1831dc35 in access_with_adjusted_size /home/elmarco/src/qemu/memory.c:591 #17 0x556a18323ce3 in memory_region_dispatch_write /home/elmarco/src/qemu/memory.c:1262 #18 0x556a1828cf67 in address_space_write_continue /home/elmarco/src/qemu/exec.c:2578 #19 0x556a1828d20b in address_space_write /home/elmarco/src/qemu/exec.c:2635 #20 0x556a1828d92b in address_space_rw /home/elmarco/src/qemu/exec.c:2737 #21 0x556a1828daf7 in cpu_physical_memory_rw /home/elmarco/src/qemu/exec.c:2746 #22 0x556a183068d3 in cpu_physical_memory_write /home/elmarco/src/qemu/include/exec/cpu-common.h:72 #23 0x556a18308194 in qtest_process_command /home/elmarco/src/qemu/qtest.c:382 #24 0x556a18309999 in qtest_process_inbuf /home/elmarco/src/qemu/qtest.c:573 #25 0x556a18309a4a in qtest_read /home/elmarco/src/qemu/qtest.c:585 #26 0x556a18598b85 in qemu_chr_be_write_impl /home/elmarco/src/qemu/qemu-char.c:387 #27 0x556a18598c52 in qemu_chr_be_write /home/elmarco/src/qemu/qemu-char.c:399 #28 0x556a185a2afa in tcp_chr_read /home/elmarco/src/qemu/qemu-char.c:2902 #29 0x556a18cbaf52 in qio_channel_fd_source_dispatch io/channel-watch.c:84 Follow John Snow recommendation: Everywhere else ncq_err is used, it is accompanied by a list cleanup except for ncq_cb, which is the case you are fixing here. Move the sglist destruction inside of ncq_err and then delete it from the other two locations to keep it tidy. Call dma_buf_commit in ide_dma_cb after the early return. Though, this is also a little wonky because this routine does more than clear the list, but it is at the moment the centralized "we're done with the sglist" function and none of the other side effects that occur in dma_buf_commit will interfere with the reset that occurs from ide_restart_bh, I think Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: NJohn Snow <jsnow@redhat.com>
-
- 29 7月, 2016 1 次提交
-
-
由 John Snow 提交于
If one attempts to perform a system_reset after a failed IO request that causes the VM to enter a paused state, QEMU will segfault trying to free up the pending IO requests. These requests have already been completed and freed, though, so all we need to do is NULL them before we enter the paused state. Existing AHCI tests verify that halted requests are still resumed successfully after a STOP event. Analyzed-by: NLaszlo Ersek <lersek@redhat.com> Reviewed-by: NLaszlo Ersek <lersek@redhat.com> Signed-off-by: NJohn Snow <jsnow@redhat.com> Message-id: 1469635201-11918-2-git-send-email-jsnow@redhat.com Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
- 20 7月, 2016 1 次提交
-
-
由 Eric Blake 提交于
Change sector-based blk_discard(), blk_co_discard(), and blk_aio_discard() to instead be byte-based blk_pdiscard(), blk_co_pdiscard(), and blk_aio_pdiscard(). NBD gets a lot simpler now that ignoring the unaligned portion of a byte-based discard request is handled under the hood by the block layer. Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1468624988-423-6-git-send-email-eblake@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 19 7月, 2016 2 次提交
-
-
由 Evgeny Yakovlev 提交于
The following sequence of tests discovered a problem in IDE emulation: 1. Send DMA write to IDE device 0 2. Send CMD_FLUSH_CACHE to same IDE device which will be failed by block layer using blkdebug script in tests/ide-test:test_retry_flush When doing DMA request ide/core.c will set s->retry_unit to s->unit in ide_start_dma. When dma completes ide_set_inactive sets retry_unit to -1. After that ide_flush_cache runs and fails thanks to blkdebug. ide_flush_cb calls ide_handle_rw_error which asserts that s->retry_unit == s->unit. But s->retry_unit is still -1 after previous DMA completion and flush does not use anything related to retry. This patch restricts retry unit assertion only to ops that actually use retry logic. Signed-off-by: NEvgeny Yakovlev <eyakovlev@virtuozzo.com> Signed-off-by: NDenis V. Lunev <den@openvz.org> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1468870792-7411-3-git-send-email-den@openvz.org CC: Kevin Wolf <kwolf@redhat.com> CC: Max Reitz <mreitz@redhat.com> CC: Stefan Hajnoczi <stefanha@redhat.com> CC: Fam Zheng <famz@redhat.com> CC: John Snow <jsnow@redhat.com> Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Evgeny Yakovlev 提交于
Code to set and clear state associated with retry in moved into ide_set_retry and ide_clear_retry to make adding retry setups easier. Signed-off-by: NEvgeny Yakovlev <eyakovlev@virtuozzo.com> Signed-off-by: NDenis V. Lunev <den@openvz.org> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1468870792-7411-2-git-send-email-den@openvz.org CC: Kevin Wolf <kwolf@redhat.com> CC: Max Reitz <mreitz@redhat.com> CC: Stefan Hajnoczi <stefanha@redhat.com> CC: Fam Zheng <famz@redhat.com> CC: John Snow <jsnow@redhat.com> Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
- 12 7月, 2016 1 次提交
-
-
由 Markus Armbruster 提交于
Tracked down with an ugly, brittle and probably buggy Perl script. Also move includes converted to <...> up so they get included before ours where that's obviously okay. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Tested-by: NEric Blake <eblake@redhat.com> Reviewed-by: NRichard Henderson <rth@twiddle.net>
-
- 26 5月, 2016 2 次提交
-
-
由 Paolo Bonzini 提交于
Callers of dma_blk_io have no way to pass extra data to the DMAIOFunc, because the original callback and opaque are gone by the time DMAIOFunc is called. On the other hand, the BlockBackend is usually derived from those extra data that you could pass to the DMAIOFunc (in the next patch, that would be the SCSIRequest). So change DMAIOFunc's prototype, decoupling it from blk_aio_readv and blk_aio_writev's. The new prototype loses the BlockBackend and gains an extra opaque value which, in the case of dma_blk_readv and dma_blk_writev, is of course used for the BlockBackend. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Paolo Bonzini 提交于
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
- 12 5月, 2016 1 次提交
-
-
由 Eric Blake 提交于
Sector-based blk_aio_readv() and blk_aio_writev() should die; switch to byte-based blk_aio_preadv() and blk_aio_pwritev() instead. The patch had to touch multiple files at once, because dma_blk_io() takes pointers to the functions, and ide_issue_trim() piggybacks on the same interface (while ignoring offset under the hood). Signed-off-by: NEric Blake <eblake@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
- 13 4月, 2016 2 次提交
-
-
由 Pavel Butsykin 提交于
Restart of ATAPI DMA used to be unreachable, because the request to do so wasn't indicated in bus->error_status due to the lack of spare bits, and ide_restart_bh() would return early doing nothing. This patch makes use of the observation that not all bit combinations were possible in ->error_status. In particular, IDE_RETRY_READ only made sense together with IDE_RETRY_DMA or IDE_RETRY_PIO. This allows to re-use IDE_RETRY_READ alone as an indicator of ATAPI DMA restart request. To makes things more uniform, ATAPI DMA gets its own value for ->dma_cmd. As a means against confusion, macros are added to test the state of ->error_status. The patch fixes the restart of both in-flight and pending ATAPI DMA, following the scheme similar to that of IDE DMA. [Including a fixup patch: Message-id: 1460465594-15777-1-git-send-email-pbutsykin@virtuozzo.com --js] Signed-off-by: NPavel Butsykin <pbutsykin@virtuozzo.com> Signed-off-by: NDenis V. Lunev <den@openvz.org> Reviewed-by: NRoman Kagan <rkagan@virtuozzo.com> Reviewed-by: NJohn Snow <jsnow@redhat.com> Message-id: 1459924806-306-4-git-send-email-den@openvz.org Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Pavel Butsykin 提交于
If the migration occurs after the IDE DMA has been set up but before it has been initiated, the state gets lost upon save/restore. Specifically, ->dma_cb callback gets cleared, so, when the guest eventually starts bus mastering, the DMA never completes, causing the guest to time out the operation. OTOH all the infrastructure is already in place to restart the DMA if the migration happens while the DMA is in progress. So reuse that infrastructure, by setting bus->error_status based on ->dma_cmd in pre_save if ->dma_cb callback is already set but DMAING is clear. This will indicate the need for restart and make sure ->dma_cb is restored in ide_restart_bh(); howeover since DMAING is clear the state upon restore will be exactly "ready for DMA" as before the save. Signed-off-by: NPavel Butsykin <pbutsykin@virtuozzo.com> Reviewed-by: NRoman Kagan <rkagan@virtuozzo.com> Signed-off-by: NDenis V. Lunev <den@openvz.org> Reviewed-by: NJohn Snow <jsnow@redhat.com> Message-id: 1459924806-306-2-git-send-email-den@openvz.org Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
- 23 3月, 2016 2 次提交
-
-
由 Veronia Bahaa 提交于
Move declarations out of qemu-common.h for functions declared in utils/ files: e.g. include/qemu/path.h for utils/path.c. Move inline functions out of qemu-common.h and into new files (e.g. include/qemu/bcd.h) Signed-off-by: NVeronia Bahaa <veroniabahaa@gmail.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Rutuja Shah 提交于
This patch replaces get_ticks_per_sec() calls with the macro NANOSECONDS_PER_SECOND. Also, as there are no callers, get_ticks_per_sec() is then removed. This replacement improves the readability and understandability of code. For example, timer_mod(fdctrl->result_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + (get_ticks_per_sec() / 50)); NANOSECONDS_PER_SECOND makes it obvious that qemu_clock_get_ns matches the unit of the expression on the right side of the plus. Signed-off-by: NRutuja Shah <rutu.shah.26@gmail.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 11 2月, 2016 6 次提交
-
-
由 John Snow 提交于
Signed-off-by: NJohn Snow <jsnow@redhat.com> Reported-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1453225191-11871-7-git-send-email-jsnow@redhat.com
-
由 John Snow 提交于
Split apart the ide_transfer_stop function into two versions: one that interrupts and one that doesn't. The one that doesn't can be used to halt any PIO transfers that are in the DRQ phase. It will not halt any PIO transfers that are currently in the process of buffering data for the guest to read. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reported-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> [Renamed 'etf' to 'end_transfer_func' --js] Message-id: 1453225191-11871-6-git-send-email-jsnow@redhat.com
-
由 John Snow 提交于
Target the drain for just one device. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reported-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1453225191-11871-5-git-send-email-jsnow@redhat.com
-
由 John Snow 提交于
Buffered DMA cancellation was added to ATAPI devices and implemented for the BMDMA HBA. Move the code over to common IDE code and allow it to be used for any HBA. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reported-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1453225191-11871-4-git-send-email-jsnow@redhat.com
-
由 John Snow 提交于
Shuffle the reset function upwards. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reported-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1453225191-11871-3-git-send-email-jsnow@redhat.com
-
由 John Snow 提交于
This command is meant for ATAPI devices only, prohibit acknowledging it with a command aborted response when an IDE device is busy. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reported-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1453225191-11871-2-git-send-email-jsnow@redhat.com
-
- 29 1月, 2016 1 次提交
-
-
由 Peter Maydell 提交于
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-17-git-send-email-peter.maydell@linaro.org
-
- 18 11月, 2015 2 次提交
-
-
由 Peter Lieven 提交于
Signed-off-by: NPeter Lieven <pl@kamp.de> Reviewed-by: NFam Zheng <famz@redhat.com> Message-id: 1447345846-15624-7-git-send-email-pl@kamp.de Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
由 Peter Lieven 提交于
this patch adds a new aio readv compatible function which copies all data through a bounce buffer. These buffered requests can be flagged as orphaned which means that their original callback has already been invoked and the request has just not been completed by the backend storage. The bounce buffer guarantees that guest memory corruption is avoided when such a orphaned request is completed by the backend at a later stage. This trick only works for read requests as a write request completed at a later stage might corrupt data as there is no way to control if and what data has already been written to the storage. Signed-off-by: NPeter Lieven <pl@kamp.de> Reviewed-by: NFam Zheng <famz@redhat.com> Message-id: 1447345846-15624-4-git-send-email-pl@kamp.de Signed-off-by: NJohn Snow <jsnow@redhat.com>
-
- 12 11月, 2015 2 次提交
-
-
由 Alberto Garcia 提交于
Signed-off-by: NAlberto Garcia <berto@igalia.com> Message-id: bf4d6c9c563877e699b0bf42e7eaf8b096c4a35e.1446044838.git.berto@igalia.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Alberto Garcia 提交于
Signed-off-by: NAlberto Garcia <berto@igalia.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 2e71323c0875c2b66a8ae22229545e0c013af8d4.1446044837.git.berto@igalia.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
- 04 11月, 2015 1 次提交
-
-
由 Eduardo Habkost 提交于
This makes the purpose of the function clearer: it is not about the version of QEMU that's running, but the version string exposed in the emulated hardware. Cc: Andrzej Zaborowski <balrogg@gmail.com> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: John Snow <jsnow@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: NJohn Snow <jsnow@redhat.com> Signed-off-by: NEduardo Habkost <ehabkost@redhat.com> Message-Id: <1446233769-7892-3-git-send-email-ehabkost@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 18 9月, 2015 3 次提交
-
-
由 John Snow 提交于
We're supposed to abort on transfers like this, unless we fill Word 125 of our IDENTIFY data with a default transfer size, which we don't currently do. This is an ATA error, not a SCSI/ATAPI one. See ATA8-ACS3 sections 7.17.6.49 or 7.21.5. If we don't do this, QEMU will loop forever trying to transfer zero bytes, which isn't particularly useful. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Message-id: 1442253685-23349-2-git-send-email-jsnow@redhat.com
-
由 John Snow 提交于
We're a little too lenient with what we'll let an ATAPI drive handle. Clamp down on the IDE command execution table to remove CD_OK permissions from commands that are not and have never been ATAPI commands. For ATAPI command validity, please see: - ATA4 Section 6.5 ("PACKET Command feature set") - ATA8/ACS Section 4.3 ("The PACKET feature set") - ACS3 Section 4.3 ("The PACKET feature set") ACS3 has a historical command validity table in Table B.4 ("Historical Command Assignments") that can be referenced to find when a command was introduced, deprecated, obsoleted, etc. The only reference for ATAPI command validity is by checking that version's PACKET feature set section. ATAPI was introduced by T13 into ATA4, all commands retired prior to ATA4 therefore are assumed to have never been ATAPI commands. Mandatory commands, as listed in ATA8-ACS3, are: - DEVICE RESET - EXECUTE DEVICE DIAGNOSTIC - IDENTIFY DEVICE - IDENTIFY PACKET DEVICE - NOP - PACKET - READ SECTOR(S) - SET FEATURES Optional commands as listed in ATA8-ACS3, are: - FLUSH CACHE - READ LOG DMA EXT - READ LOG EXT - WRITE LOG DMA EXT - WRITE LOG EXT All other commands are illegal to send to an ATAPI device and should be rejected by the device. CD_OK removal justifications: 0x06 WIN_DSM Defined in ACS2. Not valid for ATAPI. 0x21 WIN_READ_ONCE Retired in ATA5. Not ATAPI in ATA4. 0x94 WIN_STANDBYNOW2 Retired in ATA4. Did not coexist with ATAPI. 0x95 WIN_IDLEIMMEDIATE2 Retired in ATA4. Did not coexist with ATAPI. 0x96 WIN_STANDBY2 Retired in ATA4. Did not coexist with ATAPI. 0x97 WIN_SETIDLE2 Retired in ATA4. Did not coexist with ATAPI. 0x98 WIN_CHECKPOWERMODE2 Retired in ATA4. Did not coexist with ATAPI. 0x99 WIN_SLEEPNOW2 Retired in ATA4. Did not coexist with ATAPI. 0xE0 WIN_STANDBYNOW1 Not part of ATAPI in ATA4, ACS or ACS3. 0xE1 WIN_IDLEIMMDIATE Not part of ATAPI in ATA4, ACS or ACS3. 0xE2 WIN_STANDBY Not part of ATAPI in ATA4, ACS or ACS3. 0xE3 WIN_SETIDLE1 Not part of ATAPI in ATA4, ACS or ACS3. 0xE4 WIN_CHECKPOWERMODE1 Not part of ATAPI in ATA4, ACS or ACS3. 0xE5 WIN_SLEEPNOW1 Not part of ATAPI in ATA4, ACS or ACS3. 0xF8 WIN_READ_NATIVE_MAX Obsoleted in ACS3. Not ATAPI in ATA4 or ACS. This patch fixes a divide by zero fault that can be caused by sending the WIN_READ_NATIVE_MAX command to an ATAPI drive, which causes it to attempt to use zeroed CHS values to perform sector arithmetic. Reported-by: NQinghao Tang <luodalongde@gmail.com> Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Message-id: 1441816082-21031-1-git-send-email-jsnow@redhat.com CC: qemu-stable@nongnu.org
-
由 John Snow 提交于
IDEState's io_buffer_offset was originally added to keep track of offsets in AHCI rather exclusively, but it was added to IDEState instead of an AHCI-specific structure. AHCI fakes all PIO transfers using DMA and a scatter-gather list. When the core or atapi layers invoke HBA-specific mechanisms for transfers, they do not always know that it is being backed by DMA or a sglist, so this offset is not always updated by the HBA code everywhere. If we modify it in dma_buf_commit, however, any HBA that needs to use this offset to manage operating on only part of a sglist will have access to it. This will fix ATAPI PIO transfers performed through the AHCI HBA, which were previously not modifying this value appropriately. This will fix ATAPI PIO transfers larger than one sector. Reported-by: NHannes Reinecke <hare@suse.de> Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Tested-by: NLaszlo Ersek <lersek@redhat.com> Message-id: 1440546331-29087-2-git-send-email-jsnow@redhat.com CC: qemu-stable@nongnu.org
-
- 27 7月, 2015 2 次提交
-
-
由 Kevin Wolf 提交于
This is additional hardening against an end_transfer_func that fails to clear the DRQ status bit. The bit must be unset as soon as the PIO transfer has completed, so it's better to do this in a central place instead of duplicating the code in all commands (and forgetting it in some). Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NJohn Snow <jsnow@redhat.com>
-
由 Kevin Wolf 提交于
If the end_transfer_func of a command is called because enough data has been read or written for the current PIO transfer, and it fails to correctly call the command completion functions, the DRQ bit in the status register and s->end_transfer_func may remain set. This allows the guest to access further bytes in s->io_buffer beyond s->data_end, and eventually overflowing the io_buffer. One case where this currently happens is emulation of the ATAPI command START STOP UNIT. This patch fixes the problem by adding explicit array bounds checks before accessing the buffer instead of relying on end_transfer_func to function correctly. Cc: qemu-stable@nongnu.org Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NJohn Snow <jsnow@redhat.com>
-
- 04 7月, 2015 2 次提交
-
-
由 John Snow 提交于
Handle NCQ failures for cases where we want to halt the VM on IO errors. Upon a VM state change, retry the halted NCQ commands. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1435767578-32743-7-git-send-email-jsnow@redhat.com
-
由 John Snow 提交于
prepare_buf should not always grab as many descriptors as it can, sometimes it should self-limit. For example, an NCQ transfer of 1 sector with a PRDT that describes 4GiB of data should not copy 4GiB of data, it should just transfer that first 512 bytes. PIO is not affected, because the dma_buf_rw dma helpers already have a byte limit built-in to them, but DMA/NCQ will exhaust the entire list regardless of requested size. AHCI 1.3 specifies in section 6.1.6 Command List Underflow that NCQ is not required to detect underflow conditions. Non-NCQ pathways signal underflow by writing to the PRDBC field, which will already occur by writing the actual transferred byte count to the PRDBC, signaling the underflow. Our NCQ pathways aren't required to detect underflow, but since our DMA backend uses the size of the PRDT to determine the size of the transer, if our PRDT is bigger than the transaction (the underflow condition) it doesn't cost us anything to detect it and truncate the PRDT. This is a recoverable error and is not signaled to the guest, in either NCQ or normal DMA cases. For BMDMA, the existing pathways should see no guest-visible difference, but any bytes described in the overage will no longer be transferred before indicating to the guest that there was an underflow. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1435767578-32743-2-git-send-email-jsnow@redhat.com
-
- 12 6月, 2015 1 次提交
-
-
由 Juan Quintela 提交于
We create optional sections with this patch. But we already have optional subsections. Instead of having two mechanism that do the same, we can just generalize it. For subsections we just change: - Add a needed function to VMStateDescription - Remove VMStateSubsection (after removal of the needed function it is just a VMStateDescription) - Adjust the whole tree, moving the needed function to the corresponding VMStateDescription Signed-off-by: NJuan Quintela <quintela@redhat.com>
-
- 28 4月, 2015 1 次提交
-
-
由 Paolo Bonzini 提交于
IDE PIO data must be written, for example, at 0x1f0. You cannot do word or dword writes to 0x1f1..0x1f3 to access the data register. Adjust the ide_portio_list accordingly. Cc: John Snow <jsnow@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 24 3月, 2015 2 次提交
-
-
由 John Snow 提交于
Similar to the cmd_write_pio fix, update the nsector count and ide sector before we invoke ide_transfer_start. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Tested-by: NAndreas Färber <afaerber@suse.de> Message-id: 1426811056-2202-3-git-send-email-jsnow@redhat.com
-
由 John Snow 提交于
We need to adjust the sector being written to prior to calling ide_transfer_start, otherwise we'll write to the same sector again. Signed-off-by: NJohn Snow <jsnow@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Tested-by: NAndreas Färber <afaerber@suse.de> Message-id: 1426811056-2202-2-git-send-email-jsnow@redhat.com
-
- 10 3月, 2015 2 次提交
-
-
由 Paolo Bonzini 提交于
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NJohn Snow <jsnow@redhat.com> Message-id: 1424708286-16483-13-git-send-email-jsnow@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Paolo Bonzini 提交于
Resetting the io_buffer_index to 0 is commonized, with the exception of the case within ide_atapi_cmd_reply, where we need to reset this index to 0 prior to the ide_atapi_cmd_reply_end call. Note that not all calls to ide_atapi_cmd_reply_end expect the index to be 0, so setting it there is not appropriate. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NJohn Snow <jsnow@redhat.com> Message-id: 1424708286-16483-12-git-send-email-jsnow@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-