| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
This fixes a bug in the TPM TIS device model's state suspend code and
adds some casts to variables to avoid compiler warnings.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
| |
|
|
|
|
| |
This avoids a lot of "freeing in-use page" errors.
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
| |
|
|
|
| |
an I/O port write.
Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In current Qemu-dm, UHC will set some status bits of TD in status
updating stage, but never process the status bit if relevant condition
does not occur, leaving it as it is. When a TD is fetched with some
status bits are set to 1, it will return to Guest OS with these bits
set to 1 even this TD is executed successfully. Some Windows OS,
e.g. Windows 2000, will check status bits of TD in UHC interrupt
routine, treat it as a unsuccessful one if some status bits are set to
1 and discard the data. Other Windows OS just check USBSTS of UHC,
ignoring status field of TD unless the value of USBSTS indicates
occurrence of error.
With this patch, USB mouse/tablet in Windows 2000 works correctly.
Signed-off-by: Xinmei Huang <xinmei.huang@intel.com>
|
| |
|
|
|
| |
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
| |
|
|
|
|
| |
Signed-off-by: Zhai Edwin <edwin.zhai@intel.com>
qemu's save/restore including vga acceleration support
|
| |
|
|
|
| |
Boot info now stored at 0x9ff00; registers saved in HDD load code.
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
| |
|
|
| |
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
| |
|
|
|
| |
This makes the SSE-optimized vram_dirty() safe again.
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
| |
|
|
|
|
| |
This is rudimentary support for parts of the BIOS Boot Specification,
just enough to use Etherboot ROM images.
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
restricts Universal Host Controller interrupt generating when received
NAK in interrupt transfer.
According to usb spec, USB mouse/tablet device returns NAK to host
controller if its status does not alter in interrupt transfer.
And UHC should leave a TD active when receiving NAK and execute this
incompleted TD in a subseqent frame. UHC only generates an interrupt
on complete after the TD with ICO bit is completed.
This patch make UHC & USB mouse/tablet behave consistently with spec.
Signed-off-by: Xinmei Huang <xinmei.huang@intel.com>
|
| |
|
|
|
| |
highest 3 bits of the 4 bytes prepended to each packet.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Following on from my patch to make blktap report I/O errors back to
guest OS, a similar problem exists in the QEMU codebase. The IDE
driver never reports I/O errors during read/write operations back to
the guest OS. Instead all I/O operations are reported as
succesfull. If, for example, the host FS holding the disk image fills
up, then writes may fail due to lack of space. Since the guest OS
never sees these failures, it assumes all is well & will continue
writing. Eventually this can lead to severe & unrecoverable filesystem
corruption.
The attached patch fixes QEMU ide driver such that any failure of a
read or write operation sets the appropriate IDE status/error
registers. Having read the ATA-6 spec I think the most compliant
behaviour is to set the status register to 'READY_STAT | ERR_STAT',
and the error register to ABRT_ERR. There is already a convenience
function ide_abort_command() in the QEMU codebase which does just
this, so the attached patch simply calls that function.
With this patch the guest OS sees the I/O failure & the kernel logs
IDE errors and then retries the operation. This at least ensures that
the guest can be shutdown the out of space issue in the host corrected
and the guest restarted, without any serious filesystem damage having
occurred.
From: Daniel Berrange <berrange@redhat.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
|
|
|
|
| |
The data buffer is only 1280 bytes long but the user-supplied length
can be as large as 0x7ff. This patch extends the buffer to 2048
bytes.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| |
|
|
|
| |
space that extend past byte 0xff.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The default config read/write handlers allows a 4-byte read/write at
address 255. This can clobber the field after the config area. This
happens to be the PCIBus pointer in the PCIDevice structure.
This patch stops this from reducing the read/write to the (largest
multiple of 2) number of bytes within the config area.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In fdctrl_start_transfer the sector size field (fifo[5]) is not
checked for overflows. This allows an arbitrarily large sector size
to be used, which can in turn result in a negative data_len field that
is then used for DMA transfers.
This can lead to the corrpuption of qemu state because some subsequent
checks on the transfer length is conducted using signed integers.
This patch limits the value fifo[5] to 7 which is the standard limit
on floppy sector size.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| |
|
|
|
|
|
|
|
|
|
| |
As it stands the 8139C+ TX chaining is only bounded by realloc failure.
This is contrary to how the real hardware operates. It also has DoS
potential when ioemu runs in dom0.
This patch makes any attempt to chain a frame beyond 64K fail
immediately.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
|
|
| |
IPF doesn't work This patch makes shutdown work for IPF.
Signed-off-by, Anthony Xu <anthony.xu@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CPU#0"
When console=ttyS0 in guest grub configuration and serial='pty' in vmx
configure file. The root cause to this bug is the characteristic of
PTY emulator in Qemu. PTY has write/read end with some buffer. Write
to a buffer will be failed after the buffer is full until read end
reads the data from buffer.
Previous to changeset 12026, write to serial port would fail quietly
when buffer for pty is full. With changeset 12026, write to serial
port would retry 3 times in 300ms if failed, even without notifying
guest using serial irq. Smp guest will hang, waiting for an
interrupt. For SMP guest, a watchdog thread should be executed
periodically, otherwise soft lockup is detected. With this patch, an
upper threshold of total consecutive retries is added and serial
interrupt would be sent after retry 3 times for each write request,
even if failed.
Signed-off-by: Xinmei Huang <xinmei.huang@intel.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
|
|
|
|
|
|
| |
1. Retry transmit via a polling timer if a byte cannot be written
immediately to its destination.
2. Turn off output processing of raw serial lines.
Signed-off-by: Xiaowei Yang <xiaowei.yang@intel.com>
Signed-off-by: Yunhong Jiang <yunhong.jiang@intel.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It implements all registers necessary to make the Linux TIS driver
work (tpm_tis.c). All of the basic registers supported by this type of
device are implemented. Also the locality selection has been
implemented, but has not been tested. The legacy registers as
described in the specification are not supported.
Current caveat: The device has so far not yet been integrated with the
virtual TPM available in the repository. It will require changes to
the virtual TPM spawned by the vTPM manager to offer an additional message
interface. The TIS interface itself then needs to have an additional
transport implemented. (see vTPMTransmit array).
The relevant specification for the device model can be found here:
https://www.trustedcomputinggroup.org/groups/pc_client/TCG_PCClientTPMSpecification_1-20_1-00_FINAL.pdf
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As a program that runs in dom0 which serves users from guests,
the qemu drivers need to be vigilant to the input that comes
from the guests since they may be malicious.
As it is there are multiple ways to get ne2000 to read/write
memory beyond the 48K buffer that it has allocated for each
adapter.
This patch checks the addresses and prevents this from occuring.
The boundary is checked each time since it's changed for every
packet received while the other parameters are only changed
(by the guest) during setup.
Signed-off: Herbert Xu <herbert@gondor.apana.org.au>
|
| |
|
|
| |
Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
|
| |
|
|
| |
Signed-off-by: Winston Wang <winston.l.wang@intel.com
|
| |
|
|
|
|
| |
grub's boot menu from hammering dom0.
Signed-off-by: Steven Smith <sos22@cam.ac.uk>
|
| |
|
|
|
|
|
| |
is connected, and (b) fixing an overflow bug in the scanning code which
prevented the dirty bit from ever getting cleared.
Signed-off-by: Steven Smith <sos22@cam.ac.uk>
|
| |
|
|
|
|
| |
just making one up.
Signed-off-by: Steven Smith <sos22@cam.ac.uk>
|
| |
|
|
|
|
|
|
|
|
| |
Fix failure in Windows HCT's PCI-Compliance-Test by invalidating the
writing to read-only/reserved fields in PCI configuration space header
and giving Subsystem-Vendor-ID field a valid value via copying Vendor-ID
field into it.
Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
qemu 0.8.2 has a flush callback to the storage backends, so now it is
possible to implement hdparm tunable IDE write cache enable/disable for
guest domains, allowing people to pick speed or data consistency on a
case by case basis.
As an added benefit, really large LBA48 IOs will now no longer be broken
up into smaller IOs on the host side.
From: Rik van Riel <riel@redhat.com>
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
| |
|
|
|
|
|
|
|
|
| |
The rombios supports trying to boot from more than one device and then
falling back. Set 'boot=dc' in your config file to try booting first
from the CD and then the hard drive.
Based on a patch from: Jeremy Katz <katzj@redhat.com>
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes are:
1) M2P table and e820 table are changed to skip address space from
HVM_RAM_LIMIT_BELOW_4G to 4G.
2) shared io page location, when less than HVM_RAM_LIMIT_BELOW_4G
memory, it's the last page of RAM as today, or it's the last page of
HVM_RAM_LIMIT_BELOW_4G RAM.
3) in qemu-dm address space from HVM_RAM_LIMIT_BELOW_4G to 4G are
stuffed with mfns starting from 4G, so the 1:1 mapping can still works.
This is ugly, but another limit check patch as changeset 10757 will
prevent qemu-dm to access this range. This ugly stuffing will be
removed when the patch to remove 1:1 mapping from qemu-dm gets accepted
in the future.
Signed-off-by: Xin Li <xin.b.li@intel.com>
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
| |
|
|
|
|
|
|
| |
Useful functionality will come later.
Signed-off-by: Steven Smith <ssmith@xensource.com>
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
| |
|
|
|
|
| |
Based on feedback from: Wang, Winston L <winston.l.wang@intel.com>
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
| |
|
|
|
|
|
|
| |
Removed the acpi port depency on USB exist.
Based on a patch from: Winston Wang <winston.l.wang@intel.com>
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
| |
|
|
|
|
| |
Based on a patch from: Wang, Winston L <winston.l.wang@intel.com>
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
| |
|
|
|
| |
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
| |
|
|
|
| |
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
| |
|
|
|
| |
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
| |
|
|
|
|
|
|
|
| |
Compute the acpi timer's value when it is accessed instead of using
a qemu timer to keep it uptodate.
From: Wang, Winston L <winston.l.wang@intel.com>
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
| |
|
|
|
| |
Signed-off-by: Winston Wang <winston.l.wang@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- read ioemu block device config from xenstore
- don't require the ioemu: prefix on block devices any longer
- allow change of media associated with cdrom drives
- replace cdrom= option by :cdrom suffix on regular block device config:
'file:/root/mytest.iso,hdc:cdrom,r'
- don't create default cdrom drive anymore - to create default empty
cdrom drive use: ',hdc:cdrom,r'
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
| |
|
|
|
|
|
|
| |
upstream QEMU, but they can be confusing when they are called CVS.
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
| |
|
|
|
|
| |
From: Zhang, Xiantao <xiantao.zhang@intel.com>
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
On xen/x86, vga bios is copied to 0xC0000 by guest firmware.
However on ia64 platform, native firmware depends on some
initialization vga state at power on and so does guest firmware.
That's why that vga bios initialization stub is required for vti
domain, to match platform requirement.
Signed-off-by: Kevin Tian <kevin.tian@intel.com>
Signed-off-by: Zhang Xiantao <xiantao.zhang@intel.com>
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
| |
|
|
|
|
|
|
|
| |
Due to some ia64 patches aren't checked into xen-unstable.hg.
I reversed related logic.
Signed-off-by: Zhang xiantao <xiantao.zhang@intel.com>
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
| |
|
|
|
|
|
|
| |
where "startx" will cause qemu dm to die.
Signed-off-by: Xin Li <xin.b.li@intel.com>
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
| |
|
|
|
|
| |
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
| |
|
|
|
|
| |
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
