gwj / at91sam9263 · Commits

Fixes regression reported agains Linux 2.6.18.
Looks like XP and newer Linux kernels are less sensitive
to length returned for control transfers.

Signed-off-by: Max Krasnyansky <maxk@kernel.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5070 c046a42c-6fe2-441c-8c8c-71466251a162

When a TLB miss occurs while pre-decrement store instruction such as
"mov.l Rm, @-Rn" is executed, re-execution of such instruction cause
status confusion. Because pre Rn decrement is executed before TLB miss,
re-execution decrements Rn again.
In other words, in a translated instruction array, register status
should not modified before memory access instruction.

(Shin-ichiro KAWASAKI)

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5069 c046a42c-6fe2-441c-8c8c-71466251a162

Some bugs on SH4 MMU are fixed.

- When a TLB entry is overwritten or invalidated, tlb_flush_page() should be
  invoked to invalidate old entry.
- When a ASID is changed, tlb_flush() should be invoke to invalidate entries
  which have old ASID.
- The check for shared bit in TLB entry causes multiple TLB hit exception.
  As SH3's MMU, shared bit is ignored.
- ASID is used when MMUCR's SV bit or SR's MD bit is zero.
  No need to check both bits are zero.

(Shin-ichiro KAWASAKI)

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5068 c046a42c-6fe2-441c-8c8c-71466251a162

SH4 MMU's memory mapped TLB feature is implemented.
SH-Linux seems to write to memory mapped TLB to invalidate a TLB entry,
but does not to read it. So only memory write feature is implemented.
Work on memory read feature is left.

(Shin-ichiro KAWASAKI)

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5067 c046a42c-6fe2-441c-8c8c-71466251a162

Two bugs about delay slot handlings are fixed.

- After an exception occurred in delay slot, the branch instruction
  before delay slot should be executed again. To judge such re-execution
  is necessery or not, delay slot status is kept in SH4 CPU data structure.
- When a branch instruction is placed at the end of memory segment,
  the delay slot is placed at the start of next memory segment.
  It means delay slot comes to the start of a translation block.
  In such occasion, DELAY_SLOT_CLAREME flag is used to transmit status
  between translation blocks. When an exception occurs on this kind of
  delay slot, DELAY_SLOT_CLEARME flag cause a status confusion in exception
  handling. DELAY_SLOT_CLEARME flag should be cleared on exceptions.

And some items are added to CPU status dump.

(Shin-ichiro KAWASAKI)

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5066 c046a42c-6fe2-441c-8c8c-71466251a162

This patch adds sleep instruction.

(Shin-ichiro KAWASAKI)

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5065 c046a42c-6fe2-441c-8c8c-71466251a162

(Jindrich Makovicka)

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5064 c046a42c-6fe2-441c-8c8c-71466251a162

The direction bit in the control register should not be directly

set using PPWCONTROL. The kernel gives the following debug message.

    parport0 (ppdev0): use data_reverse for this!

More over setting the data pins to forward mode does not work,
perhaps a bug in the Linux PP driver. The right way to do this is
to use PPDATADIR to set the direction. The patch checks if the
user is toggling the direction bit, and invokes PPDATADIR to
do the job.

Signed-off-by: Vijay Kumar B <vijaykumar@bravegnu.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5063 c046a42c-6fe2-441c-8c8c-71466251a162

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5062 c046a42c-6fe2-441c-8c8c-71466251a162

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5061 c046a42c-6fe2-441c-8c8c-71466251a162

Feature, Sector Count, LBA Low/Mid/High and Device registers should be
written only when both BSY and DRQ are cleared to zero.
Command register shall only be written when BSY and DRQ are set to zero
for all commands except DEVICE RESET.
Data Port register shall be accessed for host PIO data transfer only when
DRQ is set to one.

Signed-off-by: Gleb Natapov <gleb@qumranet.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5060 c046a42c-6fe2-441c-8c8c-71466251a162

(fix CVE-2008-1945)

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5059 c046a42c-6fe2-441c-8c8c-71466251a162

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5058 c046a42c-6fe2-441c-8c8c-71466251a162

From linux kernel sources, xen bits will use it, put it
into a place where others can see and use it too ;)

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5057 c046a42c-6fe2-441c-8c8c-71466251a162

Add idle field to DisplayState struct, so drivers can figure
the display is idle and take advantage of that.

The xen framebuffer driver will use this to communicate the
idle state to the guest, so it knows it can stop doing updates
to a virtual display which is invisible anyway.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5056 c046a42c-6fe2-441c-8c8c-71466251a162

This patch makes qemu handle signals better.  It sets the request_shutdown
flag, making the main_loop exit and qemu taking the usual exit route, with
atexit handlers being called and so on, instead of qemu just being killed
by the signal.

To avoid calling vm_start() from the signal handler main_loop() got an
additional check so qemu_system_shutdown_request() works even when the
vm is in stopped state.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5055 c046a42c-6fe2-441c-8c8c-71466251a162

For some reason we were not registering save/load-vm handler for piix3
flavor of UHCI and hence save/load was broken.

Async transactions need to be canceled when we save the VM because there
is no way we can save/restore all that state. Since we do not mess the
original TD/QH the driver will simply resubmit the transfers.

Tested with Windows XP-SP2 running under QEMU/KQEMU.

Signed-off-by: Max Krasnyansky <maxk@kernel.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5054 c046a42c-6fe2-441c-8c8c-71466251a162

Addressing Anthony's comments regarding printf and stuff.

Anthony, if you you want I can fold this commit and resend
the original patch.

Signed-off-by: Max Krasnyansky <maxk@kernel.org>
Signed-off-by: AnthonY Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5053 c046a42c-6fe2-441c-8c8c-71466251a162

On top of my previous USB patchset.

Async completion handler can detect device disconnects without polling.
We do not need the timer anymore.

Signed-off-by: Max Krasnyansky <maxk@kernel.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5052 c046a42c-6fe2-441c-8c8c-71466251a162

This is a follow up to the async UHCI patch. Both BULK and ISOC transactions
are now fully asynchrounous. I left CONTROL synchronous for now, ideally
we want it to be async too and it should not be that hard to do now.

This patch obviously requires UHCI patch. The combo has been tested with
various devices. See the UHCI patch description for list of the devices.
Most of the testing was done with the KVM flavor of QEMU.

Signed-off-by: Max Krasnyansky <maxk@kernel.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5051 c046a42c-6fe2-441c-8c8c-71466251a162

…nsactions (Max Krasnyansky)

This is esentially a re-write of the QEMU UHCI layer. My initial goal
was to support fully async operation with multiple outstanding async
transactions. Along the way I realized that I can greatly simplify
and cleanup the overall logic. There was a lot of duplicate and confusing
code in the UHCI data structure parsing and other places.
We were actually violating UHCI spec in handling async ISOC transaction
(host controller is not supposed to write into the frame pointer).

The reason I wanted to support fully async operation is because current
synchronous version is unusable with most devices exported from host
(via usb-linux.c). Transactions take a long time and the whole VM becomes
slow as hell.

Current async support is very rudimentory and for the most part
non-functional. Single transaction at a time is simply not enough. I have
a device for which XP driver submits both IN and OUT packets at the same
time. IN packet always times out unless OUT packet makes it to the device.
Hence we must be able to process both in order for that device to work.

The new code is backwards compatible and was first tested agains original
synchronous usb-linux.c and builtin usb devices like tablet which is also
synchronous. Rewrite of the usb-linux.c is coming up next.

Async support was tested against various XP versions (ie XP, SP2, SP3) and
a bunch of different USB devices: serial port controllers, mice, keyboard,
JTAG dongles (from Xilinx and Altera).

ISOC support was only lighly tested and needs more work. It's not any worse
than current code though.

UHCI parser changes are probably somewhat hard to review without the
understanding of the UHCI spec.
The async design should be fairly easy to follow. Basically we have a list
of async objects for each pending transfer. Async objects are tagged with
the original TD (transfer descriptor) address and token. We now support
unlimited number of outstanding isoc and one outstanding bulk/intr/ctrl
transfer per QH (queue head). UHCI spec does not have a clear protocol for
the cancelation of the trasfer requests. Driver can yank out TDs on any
frame boundary. In oder to handle that I added somewhat fancy TD validation
logic logic to avoid unnecessary cancelations.

Signed-off-by: Max Krasnyansky <maxk@kernel.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5050 c046a42c-6fe2-441c-8c8c-71466251a162

A bit better documentation of the USB device API, namely
return codes.
Rewrite of usb_generic_handle_packet() to make it more
reable and easier to follow.

Signed-off-by: Max Krasnyansky <maxk@kernel.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5049 c046a42c-6fe2-441c-8c8c-71466251a162

QEMU can now automatically grab host USB devices that match the filter.
For now I just extended 'host:X.Y' and 'host:VID:PID' syntax to handle
wildcards. So for example if you do something like
   usb_add host:5.*
QEMU will automatically grab any non-hub device with host address 5.*.

Same with the 'host:PID:*', we grab any device that matches PID.

Filtering itself is very generic so we can probably add more elaborate
syntax like 'host:BUS.ADDR:VID:PID'. So that we can do 'host:5.*:6000:*'.

Anyway, it's implemented using a periodic timer that scans host devices
and grabs those that match the filter. Timer is started when the first
filter is added.

We now keep the list of all host devices that we grabbed to make sure that
we do not grab the same device twice.

btw It's currently possible to grab the same host device more than once.
ie You can just do "usb_add host:1.1" more than once, which of course does
not work. So this patch fixes that issue too.

Along with auto disconnect patch that I send a minute ago the setup is very
seamless now. You can just allocate some usb ports to the VMs and plug/unplug
devices at any time.

Signed-off-by: Max Krasnyansky <maxk@kernel.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5048 c046a42c-6fe2-441c-8c8c-71466251a162

I got really annoyed by the fact that you have to manually do
usb_del in the monitor when host device is unplugged and decided
to fix it :)

Basically we now automatically remove guest USB device
when the actual host device is disconnected.

At first I've extended set_fd_handlerX() stuff to support checking
for exceptions on fds. But unfortunately usbfs code does not wake up
user-space process when device is removed, which means we need a
timer to periodically check if device is still there. So I removed
fd exception stuff and implemented it with the timer.

Signed-off-by: Max Krasnyansky <maxk@kernel.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5047 c046a42c-6fe2-441c-8c8c-71466251a162

Right now, the Windows build is broken because of NBD.  Using a mingw32 cross
compiler is also badly broken.

This patch fixes the Windows build by stubbing out NBD support until someone
fixes it for Windows.  It also santizing the mingw32 cross compiler support
by replacing the --enable-mingw32 option with a compiler check to determine
if we're on windows or not.

Also remove the weird SDL pseudo-detection for mingw32 using a cross compiler.
The hardcoded sdl-config name is seemly arbitrary.  If you cross compiler SDL
correctly and modify your PATH variable appropriately, it will Just Work when
cross compiling.

The audio driver detection is also broken for cross compiling so you have to
specify the audio drivers explicitly for now.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>




git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5046 c046a42c-6fe2-441c-8c8c-71466251a162

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5045 c046a42c-6fe2-441c-8c8c-71466251a162

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5044 c046a42c-6fe2-441c-8c8c-71466251a162

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5043 c046a42c-6fe2-441c-8c8c-71466251a162

them around, based on patch by Luis Pureza.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5042 c046a42c-6fe2-441c-8c8c-71466251a162

[ Taking latest isapc changes into account. ]

Ensure that PIC-delivered IRQs are properly de-asserted in case the APIC
is in EXTINT or FIXED mode (with level-triggering selected) on LINT0.
Fixes EFI-BIOS boot issues.

This patch also cleans up a bit the interface between PIC and APIC,
making apic_local_deliver private again.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5041 c046a42c-6fe2-441c-8c8c-71466251a162

[ Taking latest isapc changes into account. ]

In case the PIC IRQ gets de-asserted on an isapc machine, we also have
to reset CPU_INTERRUPT_HARD. This is what older qemu (before the
routing-through-APIC changes) used to do as well.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5040 c046a42c-6fe2-441c-8c8c-71466251a162

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5039 c046a42c-6fe2-441c-8c8c-71466251a162

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5038 c046a42c-6fe2-441c-8c8c-71466251a162

Some headers (e.g. signal.h) include asm/elf.h and the chaos of macro
redefinitions ensues, this kludge avoids it.

Alternative way to fight that would be to change all ELF_XXX and some
other definitions to QEMU_ELF_XXX or something to that effect.

This patch concludes the quest for enabling linux-user on PPC64,
however, since qemu_mallocz uses mmap and, at least on this system,
mmap tends to return values that do not fit into 32bit, emulation for
32bit targets does not work without some hacks wich are to disgusting
to commit (and as `man mmap' tells us MAP_32BIT is only implemented on
X86_64)

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5037 c046a42c-6fe2-441c-8c8c-71466251a162

p in this case is uint32_t *

e1/e2 are unsigned ints initialized from arithmetics performed on
unsigned longs

The mistake was, probably, never noticed due to the absence of any
big endian linux-user host. The types e1/e2 and p begs the quesiton
why this function takes longs at all.

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5036 c046a42c-6fe2-441c-8c8c-71466251a162

Was butchered by c&p

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5035 c046a42c-6fe2-441c-8c8c-71466251a162

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5034 c046a42c-6fe2-441c-8c8c-71466251a162

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5033 c046a42c-6fe2-441c-8c8c-71466251a162

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5032 c046a42c-6fe2-441c-8c8c-71466251a162

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5031 c046a42c-6fe2-441c-8c8c-71466251a162