summaryrefslogtreecommitdiffstats
path: root/hw/ide
Commit message (Collapse)AuthorAgeFilesLines
* block: Drop some superfluous casts from void *Markus Armbruster2014-08-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | They clutter the code. Unfortunately, I can't figure out how to make Coccinelle drop all of them, so I have to settle for common special cases: @@ type T; T *pt; void *pv; @@ - pt = (T *)pv; + pt = pv; @@ type T; @@ - (T *) (\(g_malloc\|g_malloc0\|g_realloc\|g_new\|g_new0\|g_renew\| g_try_malloc\|g_try_malloc0\|g_try_realloc\| g_try_new\|g_try_new0\|g_try_renew\)(...)) Topped off with minor manual style cleanups. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* block: Use g_new() & friends where that makes obvious senseMarkus Armbruster2014-08-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer, for two reasons. One, it catches multiplication overflowing size_t. Two, it returns T * rather than void *, which lets the compiler catch more type errors. Patch created with Coccinelle, with two manual changes on top: * Add const to bdrv_iterate_format() to keep the types straight * Convert the allocation in bdrv_drop_intermediate(), which Coccinelle inexplicably misses Coccinelle semantic patch: @@ type T; @@ -g_malloc(sizeof(T)) +g_new(T, 1) @@ type T; @@ -g_try_malloc(sizeof(T)) +g_try_new(T, 1) @@ type T; @@ -g_malloc0(sizeof(T)) +g_new0(T, 1) @@ type T; @@ -g_try_malloc0(sizeof(T)) +g_try_new0(T, 1) @@ type T; expression n; @@ -g_malloc(sizeof(T) * (n)) +g_new(T, n) @@ type T; expression n; @@ -g_try_malloc(sizeof(T) * (n)) +g_try_new(T, n) @@ type T; expression n; @@ -g_malloc0(sizeof(T) * (n)) +g_new0(T, n) @@ type T; expression n; @@ -g_try_malloc0(sizeof(T) * (n)) +g_try_new0(T, n) @@ type T; expression p, n; @@ -g_realloc(p, sizeof(T) * (n)) +g_renew(T, p, n) @@ type T; expression p, n; @@ -g_try_realloc(p, sizeof(T) * (n)) +g_try_renew(T, p, n) Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell2014-08-194-13/+0Star
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SCSI changes that enable sending vendor-specific commands via virtio-scsi. Memory changes for QOMification and automatic tracking of MR lifetime. # gpg: Signature made Mon 18 Aug 2014 13:03:09 BST using RSA key ID 9B4D86F2 # gpg: Good signature from "Paolo Bonzini <pbonzini@redhat.com>" # gpg: aka "Paolo Bonzini <bonzini@gnu.org>" * remotes/bonzini/tags/for-upstream: mtree: remove write-only field memory: Use canonical path component as the name memory: Use memory_region_name for name access memory: constify memory_region_name exec: Abstract away ref to memory region names loader: Abstract away ref to memory region names tpm_tis: remove instance_finalize callback memory: remove memory_region_destroy memory: convert memory_region_destroy to object_unparent ioport: split deletion and destruction nic: do not destroy memory regions in cleanup functions vga: do not dynamically allocate chain4_alias sysbus: remove unused function sysbus_del_io qom: object: move unparenting to the child property's release callback qom: object: delete properties before calling instance_finalize virtio-scsi: implement parse_cdb scsi-block, scsi-generic: implement parse_cdb scsi-block: extract scsi_block_is_passthrough scsi-bus: introduce parse_cdb in SCSIDeviceClass and SCSIBusInfo scsi-bus: prepare scsi_req_new for introduction of parse_cdb Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * memory: remove memory_region_destroyPaolo Bonzini2014-08-184-13/+0Star
| | | | | | | | | | | | | | The function is empty after the previous patch, so remove it. Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* | ide: only constrain read/write requests to drive size, not other typesMichael Tokarev2014-08-151-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | Commit 58ac321135a introduced a check to ide dma processing which constrains all requests to drive size. However, apparently, some valid requests (like TRIM) does not fit in this constraint, and fails in 2.1. So check the range only for reads and writes. Cc: qemu-stable@nongnu.org Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | ide: Fix segfault when flushing a device that doesn't existKevin Wolf2014-08-151-1/+3
| | | | | | | | | | Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | cmd646: synchronise UDMA interrupt status with DMA interrupt statusMark Cave-Ayland2014-08-151-0/+24
| | | | | | | | | | | | | | | | Make sure that both registers are synchronised when being accessed through PCI configuration space. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | cmd646: allow MRDMODE interrupt status bits clearing from PCI config spaceMark Cave-Ayland2014-08-151-2/+30
| | | | | | | | | | | | | | | | Make sure that we also update the normal DMA interrupt status bits at the same time, and alter the IRQ if being cleared accordingly. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | cmd646: switch cmd646_update_irq() to accept PCIDevice instead of PCIIDEStateMark Cave-Ayland2014-08-151-5/+4Star
| | | | | | | | | | | | | | | | This is in preparation for adding configuration space accessors which accept PCIDevice as a parameter. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | cmd646: synchronise DMA interrupt status with UDMA interrupt statusMark Cave-Ayland2014-08-151-0/+22
| | | | | | | | | | | | | | | | | | | | Make sure that the standard DMA interrupt status bits reflect any changes made to the UDMA interrupt status bits. The CMD646U2 datasheet claims that these bits are equivalent, and they must be synchronised for guests that manipulate both registers. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | cmd646: add constants for CNTRL register accessMark Cave-Ayland2014-08-151-2/+5
| | | | | | | | | | Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | ahci: construct PIO Setup FIS for PIO commandsPaolo Bonzini2014-08-151-0/+70
| | | | | | | | | | | | | | | | | | | | PIO commands should put a PIO Setup FIS in the receive area when data transfer ends. Currently QEMU does not do this and only places the D2H FIS at the end of the operation. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | ide: make all commands go through cmd_donePaolo Bonzini2014-08-154-24/+16Star
| | | | | | | | | | | | | | | | | | | | AHCI has code to fill in the D2H FIS trigger the IRQ all over the place. Centralize this in a single cmd_done callback by generalizing the existing async_cmd_done callback. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | ide: stop PIO transfer on errorsPaolo Bonzini2014-08-151-3/+2Star
| | | | | | | | | | | | | | | | | | This will provide a hook for sending the result of the command via the FIS receive area. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | ahci: remove duplicate PORT_IRQ_* constantsPaolo Bonzini2014-08-152-24/+3Star
| | | | | | | | | | | | | | | | These are defined twice, just use one set consistently. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | ide: move retry constants out of BM_STATUS_* namespacePaolo Bonzini2014-08-153-23/+23
| | | | | | | | | | | | Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | ide: move BM_STATUS bits to pci.[ch]Paolo Bonzini2014-08-153-11/+11
| | | | | | | | | | | | | | | | They are not used by AHCI, and should not be even available there. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | ide: fold add_status callback into set_inactivePaolo Bonzini2014-08-156-34/+15Star
| | | | | | | | | | | | | | | | It is now called only after the set_inactive callback. Put the two together. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | ide: remove wrong setting of BM_STATUS_INTPaolo Bonzini2014-08-152-5/+0Star
| | | | | | | | | | | | | | | | | | | | | | Similar to the case removed in commit 69c38b8 (ide/core: Remove explicit setting of BM_STATUS_INT, 2011-05-19), the only remaining use of add_status(..., BM_STATUS_INT) is for short PRDs. The flag should not be raised in this case. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | ide: wrap start_dma callbackPaolo Bonzini2014-08-153-11/+11
| | | | | | | | | | | | | | | | Make it optional and prepare for the next patches. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | ide: simplify start_transfer callbacksPaolo Bonzini2014-08-155-24/+5Star
| | | | | | | | | | | | | | | | Drop the unused return value and make the callback optional. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | ide: simplify async_cmd_done callbacksPaolo Bonzini2014-08-152-4/+2Star
| | | | | | | | | | | | | | | | Drop the unused return value. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | ide: simplify set_inactive callbacksPaolo Bonzini2014-08-155-13/+5Star
| | | | | | | | | | | | | | | | Drop the unused return value and make the callback optional. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | ide: simplify reset callbacksPaolo Bonzini2014-08-155-13/+6Star
| | | | | | | | | | | | | | | | Drop the unused return value and make the callback optional. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | ide: stash aiocb for flushesPaolo Bonzini2014-08-151-1/+3
|/ | | | | | | | This ensures that operations are completed after a reset Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* ide: Treat read/write beyond end as invalidMarkus Armbruster2014-07-141-0/+28
| | | | | | | | | | | | | | | | The block layer fails such reads and writes just fine. However, they then get treated like valid operations that fail: the error action gets executed. Unwanted; reporting the error to the guest is the only sensible action. Reject them before passing them to the block layer. This bypasses the error action and I/O accounting. Not quite correct for DMA, because DMA can fail after some success, and when that happens, the part that succeeded isn't counted. Tolerable, because I/O accounting is an inconsistent mess anyway. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* ahci: map memory via device's address space instead of address_space_memoryLe Tan2014-07-071-10/+11
| | | | | | | | | | | | In map_page() in hw/ide/ahci.c, replace cpu_physical_memory_map() and cpu_physical_memory_unmap() with dma_memory_map() and dma_memory_unmap(), because ahci devices should not access memory directly but via their address space. Add an AddressSpace parameter to map_page(). In order to call map_page(), we should pass the AHCIState.as as the AddressSpace argument. Signed-off-by: Le Tan <tamlokveer@gmail.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* ahci.c: mask unused flags when reading size PRDT DBCReza Jelveh2014-07-072-3/+10
| | | | | | | | | | | | | | | | The data byte count(DBC) read from the description information is defined for bits 21:00. Bits 30:22 are reserved and bit 31 is the Interrupt on Completion (I) flag. Completion interrupts are triggered after every transaction instead of on I-flag in QEMU. tbl_entry_size is a signed integer and improperly reading the DBC leads to a negative offset that causes sglist allocation to fail. Signed-off-by: Reza Jelveh <reza.jelveh@tuhh.de> Reviewed-by: Alexander Graf <agraf@suse.de> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* hw: Fix qemu_allocate_irqs() leaksAndreas Färber2014-06-301-1/+1
| | | | | | | | | | | | | | | | | | | | Replace qemu_allocate_irqs(foo, bar, 1)[0] with qemu_allocate_irq(foo, bar, 0). This avoids leaking the dereferenced qemu_irq *. Cc: Markus Armbruster <armbru@redhat.com> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Andreas Färber <afaerber@suse.de> [PC Changes: * Applied change to instance in sh4/sh7750.c ] Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Reviewed-by: Kirill Batuzov <batuzovk@ispras.ru> [AF: Fix IRQ index in sh4/sh7750.c] Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber <afaerber@suse.de>
* qapi: adjust existing definesWenchao Xia2014-06-231-3/+3
| | | | | | | | | | | | | | | In order to let event defines use existing types later, instead of redefine new ones, some old type defines for spice and vnc are changed, and BlockErrorAction is moved from block.h to qapi schema. Note that BlockErrorAction is not merged with BlockdevOnError. At this point, VncInfo is not made a child of VncBasicInfo, because VncBasicInfo has mandatory fields where VncInfo makes them optional. Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
* Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' ↵Peter Maydell2014-06-161-10/+61
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging Patch queue for ppc - 2014-06-16 This pull request brings a lot of fun things. Among others we have - e500: u-boot firmware support - sPAPR: magic page enablement - sPAPR: add "compat" CPU option to support older guests - sPAPR: refactorings in preparation for VFIO - POWER8 live migration - mac99: expose bus frequency - little endian core dump, gdb and disas support - new ppc64le-linux-user target - DFP emulation - bug fixes # gpg: Signature made Mon 16 Jun 2014 12:28:32 BST using RSA key ID 03FEDC60 # gpg: Can't check signature: public key not found * remotes/agraf/tags/signed-ppc-for-upstream: (156 commits) spapr_pci: Advertise MSI quota PPC: KVM: Make pv hcall endian agnostic powerpc: use float64 for frsqrte spapr: Add kvm-type property spapr: Create SPAPRMachine struct linux-user: Tell guest about big host page sizes spapr_hcall: Add address-translation-mode-on-interrupt resource in H_SET_MODE spapr_hcall: Split h_set_mode() target-ppc: Enable DABRX SPR and limit it to <=POWER7 target-ppc: Enable PPR and VRSAVE SPRs migration target-ppc: Add POWER8's Event Based Branch (EBB) control SPRs KVM: target-ppc: Enable TM state migration target-ppc: Add POWER8's TM SPRs target-ppc: Add POWER8's MMCR2/MMCRS SPRs target-ppc: Enable FSCR facility check for TAR target-ppc: Add POWER8's FSCR SPR target-ppc: Add POWER8's TIR SPR target-ppc: Refactor class init for POWER7/8 target-ppc: Switch POWER7/8 classes to use correct PMU SPRs target-ppc: Make use of gen_spr_power5p_lpar() for POWER7/8 ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * macio ide: Do remainder access asynchronouslyAlexander Graf2014-06-161-10/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The macio IDE controller has some pretty nasty magic in its implementation to allow for unaligned sector accesses. We used to handle these accesses synchronously inside the IO callback handler. However, the block infrastructure changed below our feet and now it's impossible to call a synchronous block read/write from the aio callback handler of a previous block access. Work around that limitation by making the unaligned handling bits also go through our asynchronous handler. This fixes booting Mac OS X for me. Reported-by: John Arbuckle <programmingkidx@gmail.com> Signed-off-by: Alexander Graf <agraf@suse.de>
| * macio: handle non-block ATAPI DMA transfersMark Cave-Ayland2014-06-161-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | Currently the macio DMA routines assume that all DMA requests are for read/write block transfers. This is not always the case for ATAPI, for example when requesting a TOC where the response is generated directly in the IDE buffer. Detect these non-block ATAPI DMA transfers (where no lba is specified in the command) and copy the results directly into RAM as indicated by the DBDMA descriptor. This fixes CDROM access under MorphOS. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Alexander Graf <agraf@suse.de>
* | Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell2014-06-161-1/+1
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging Block pull request # gpg: Signature made Mon 16 Jun 2014 12:22:22 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: (39 commits) QemuOpts: cleanup tmp 'allocated' member from QemuOptsList cleanup QEMUOptionParameter vpc.c: replace QEMUOptionParameter with QemuOpts vmdk.c: replace QEMUOptionParameter with QemuOpts vhdx.c: replace QEMUOptionParameter with QemuOpts vdi.c: replace QEMUOptionParameter with QemuOpts ssh.c: replace QEMUOptionParameter with QemuOpts sheepdog.c: replace QEMUOptionParameter with QemuOpts rbd.c: replace QEMUOptionParameter with QemuOpts raw_bsd.c: replace QEMUOptionParameter with QemuOpts raw-win32.c: replace QEMUOptionParameter with QemuOpts raw-posix.c: replace QEMUOptionParameter with QemuOpts qed.c: replace QEMUOptionParameter with QemuOpts qcow2.c: replace QEMUOptionParameter with QemuOpts QemuOpts: export qemu_opt_find qcow.c: replace QEMUOptionParameter with QemuOpts nfs.c: replace QEMUOptionParameter with QemuOpts iscsi.c: replace QEMUOptionParameter with QemuOpts gluster.c: replace QEMUOptionParameter with QemuOpts cow.c: replace QEMUOptionParameter with QemuOpts ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * blockdev: Remove unused DriveInfo reference countMarkus Armbruster2014-06-161-1/+1
| | | | | | | | | | | | | | | | It's always one since commit fa510eb dropped the last drive_get_ref(). Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | savevm: Remove all the unneeded version_minimum_id_old (x86)Juan Quintela2014-06-164-14/+9Star
|/ | | | | | | | | | | | | | | | | | | | | After previous Peter patch, they are redundant. This way we don't assign them except when needed. Once there, there were lots of case where the ".fields" indentation was wrong: .fields = (VMStateField []) { and .fields = (VMStateField []) { Change all the combinations to: .fields = (VMStateField[]){ The biggest problem (appart from aesthetics) was that checkpatch complained when we copy&pasted the code from one place to another. Signed-off-by: Juan Quintela <quintela@redhat.com> Acked-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
* savevm: Remove all the unneeded version_minimum_id_old (rest)Juan Quintela2014-05-144-17/+8Star
| | | | | | | | | | | | | | | | | | | | After previous Peter patch, they are redundant. This way we don't assign them except when needed. Once there, there were lots of case where the ".fields" indentation was wrong: .fields = (VMStateField []) { and .fields = (VMStateField []) { Change all the combinations to: .fields = (VMStateField[]){ The biggest problem (appart from aesthetics) was that checkpatch complained when we copy&pasted the code from one place to another. Signed-off-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
* ahci: fix buffer overrun on invalid state loadMichael S. Tsirkin2014-05-051-1/+1
| | | | | | | | | | | | | | | | CVE-2013-4526 Within hw/ide/ahci.c, VARRAY refers to ports which is also loaded. So we use the old version of ports to read the array but then allow any value for ports. This can cause the code to overflow. There's no reason to migrate ports - it never changes. So just make sure it matches. Reported-by: Anthony Liguori <anthony@codemonkey.ws> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Juan Quintela <quintela@redhat.com>
* hw/ide/ahci.c: Avoid shift left into sign bitPeter Maydell2014-04-181-2/+2
| | | | | | | | Add U suffix to avoid shifting left into the sign bit, which is undefined behaviour. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
* ide: Correct improper smart self test counter reset in ide core.Benoît Canet2014-04-141-1/+1
| | | | | | | | | | | | | | | | The SMART self test counter was incorrectly being reset to zero, not 1. This had the effect that on every 21st SMART EXECUTE OFFLINE: * We would write off the beginning of a dynamically allocated buffer * We forgot the SMART history Fix this. Signed-off-by: Benoit Canet <benoit@irqsave.net> Message-id: 1397336390-24664-1-git-send-email-benoit.canet@irqsave.net Reviewed-by: Markus Armbruster <armbru@redhat.com> Cc: qemu-stable@nongnu.org Acked-by: Kevin Wolf <kwolf@redhat.com> [PMM: tweaked commit message as per suggestions from Markus] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* hw/ide: Add missing 'static' attributesStefan Weil2014-03-271-1/+1
| | | | | | | This fixes a warning from the static code analysis (smatch). Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
* ahci: fix sysbus supportRob Herring2014-03-181-5/+8
| | | | | | | | | | | | | | | | | | | Non-PCI AHCI support is broken due to assertion failures when trying to convert AHCIState to a PCIDevice pointer as AHCIState can have different container structs. Fix this by using the non-asserting object cast and checking the returned pointer is not NULL. The AddressSpace pointer is also being initialized to NULL and causing dma_memory_map call to fail. Fix this by initializing to address_space_memory for sysbus instances. Also correct AHCI_VMSTATE to use the correct container SysbusAHCIState for sysbus instances. Signed-off-by: Rob Herring <rob.herring@linaro.org> Message-id: 1392073373-3295-1-git-send-email-robherring2@gmail.com [PMM: added linebreaks to fix overlong lines] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* hw/ide/ahci.h: Avoid shifting left into sign bitPeter Maydell2014-03-071-5/+5
| | | | | | | | | | | | Add 'U' suffixes to avoid undefined behaviour shifting left into the signed bit of a signed integer type. Clang's sanitizer will warn about this: hw/ide/ahci.c:1210:27: runtime error: left shift of 1 by 31 places cannot be represented in type 'int' Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* Call pci_piix3_xen_ide_unplug from unplug_disksStefano Stabellini2014-02-201-2/+1Star
| | | | | Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com>
* Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' ↵Peter Maydell2014-02-202-3/+3
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging QOM infrastructure fixes and device conversions * QTest cleanups and test cases for PCI NICs * NAND fix for "info qtree" * Cleanup and extension of QOM machine tests * IndustryPack test cases and conversion to QOM realize * I2C cleanups * Cleanups of legacy qdev properties # gpg: Signature made Mon 17 Feb 2014 22:15:37 GMT using RSA key ID 3E7E013F # gpg: Good signature from "Andreas Färber <afaerber@suse.de>" # gpg: aka "Andreas Färber <afaerber@suse.com>" * remotes/afaerber/tags/qom-devices-for-peter: (49 commits) qtest: Include system headers before user headers qapi: Refine human printing of sizes qdev: Use QAPI type names for properties qdev: Add enum property types to QAPI schema block: Handle "rechs" and "large" translation options qdev: Remove hex8/32/64 property types qdev: Remove most legacy printers qdev: Use human mode in "info qtree" qapi: Add human mode to StringOutputVisitor qdev: Inline qdev_prop_parse() qdev: Legacy properties are just strings qdev: Legacy properties are now read-only qdev: Remove legacy parsers for hex8/32/64 qdev: Sizes are now parsed by StringInputVisitor qapi: Add size parser to StringInputVisitor qtest: Don't segfault with invalid -qtest option ipack: Move IndustryPack out of hw/char/ ipoctal232: QOM parent field cleanup ipack: QOM parent field cleanup for IPackDevice ipack: QOM parent field cleanup for IPackBus ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * qdev: Remove hex8/32/64 property typesPaolo Bonzini2014-02-142-3/+3
| | | | | | | | | | | | | | | | | | Replace them with uint8/32/64. Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
* | qdev:pci: refactor PCIDevice to use generic "hotpluggable" propertyIgor Mammedov2014-02-101-2/+2
|/ | | | | | | | | Get rid of PCIDevice specific PCIDeviceClass.no_hotplug and use generic DeviceClass.hotpluggable field instead. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* Merge remote-tracking branch 'mjt/tags/trivial-patches-2014-01-16' into stagingPeter Maydell2014-01-301-0/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | trivial-patches for 2014-01-16 # gpg: Signature made Thu 16 Jan 2014 17:29:05 GMT using RSA key ID 74F0C838 # gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" # gpg: aka "Michael Tokarev <mjt@corpit.ru>" # gpg: aka "Michael Tokarev <mjt@debian.org>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 # Subkey fingerprint: E190 8639 3B10 B51B AC2C 8B73 5253 C5AD 74F0 C838 Message-id: 1389893719-16336-1-git-send-email-mjt@msgid.tls.msk.ru Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * ide: cmd_exec_dev_diagnostic() always set error register to 0x01David du Colombier2014-01-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | This notably fix IDE CD probing on the Plan 9 operating system, which rely on the error register set by the Execute Device Diagnostic command to detect drive configurations. Thanks to Rémi Pommarel for reporting this issue. Signed-off-by: David du Colombier <0intro@gmail.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
* | block: rename buffer_alignment to guest_block_sizePaolo Bonzini2014-01-241-1/+1
|/ | | | | | | | | | | | | | | | | | The alignment field is now set to the value that is promised to the guest, rather than required by the host. The next patches will make QEMU aware of the host-provided values, so make this clear. The alignment is also not about memory buffers, but about the sectors on the disk, change the documentation of the field. At this point, the field is set by the device emulation, but completely ignored by the block layer. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net>