From 329b588089d27facb823d050c0dc03b1f498a94f Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Jul 05 2012 09:24:44 +0000 Subject: Upgrade to qemu-kvm-1.1.0 - WIP build fails, investigating - New upstream release 1.1.0 - Drop about a 100 spice + USB patches, which are all upstream --- diff --git a/0001-malta-Fix-regression-i8259-interrupts-did-not-work.patch b/0001-malta-Fix-regression-i8259-interrupts-did-not-work.patch deleted file mode 100644 index a57f4ec..0000000 --- a/0001-malta-Fix-regression-i8259-interrupts-did-not-work.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 0b23c5d40ea933cfece3b4f69427f79c8a23256d Mon Sep 17 00:00:00 2001 -From: Stefan Weil -Date: Tue, 29 Nov 2011 06:34:48 +0100 -Subject: [PATCH 01/25] malta: Fix regression (i8259 interrupts did not work) - -Commit 5632ae46d5bda798e971dae48ebb318ac2c3686a passes the address -of i8259 to qemu_irq_proxy. i8259 is an auto variable with undefined -value outside of mips_malta_init. - -This made the interrupt proxy unusable: either QEMU crashes, or -the interrupt handler was not called. - -Ethernet for example no longer worked with MIPS Malta. - -v2: -While v1 used a static variable for i8259, this patch introduces -a qdev for the malta machine. i8259 is now part of the device status. -This is a minimal qdev implementation to keep the patch small. - -Signed-off-by: Stefan Weil -Signed-off-by: Aurelien Jarno -(cherry picked from commit e9b40fd34ceb23461083d505a444a389c094455b) ---- - hw/mips_malta.c | 39 +++++++++++++++++++++++++++++++++++---- - 1 files changed, 35 insertions(+), 4 deletions(-) - -diff --git a/hw/mips_malta.c b/hw/mips_malta.c -index bb49749..941b9bd 100644 ---- a/hw/mips_malta.c -+++ b/hw/mips_malta.c -@@ -47,6 +47,7 @@ - #include "mc146818rtc.h" - #include "blockdev.h" - #include "exec-memory.h" -+#include "sysbus.h" /* SysBusDevice */ - - //#define DEBUG_BOARD_INIT - -@@ -72,6 +73,11 @@ typedef struct { - SerialState *uart; - } MaltaFPGAState; - -+typedef struct { -+ SysBusDevice busdev; -+ qemu_irq *i8259; -+} MaltaState; -+ - static ISADevice *pit; - - static struct _loaderparams { -@@ -775,7 +781,7 @@ void mips_malta_init (ram_addr_t ram_size, - int64_t kernel_entry; - PCIBus *pci_bus; - CPUState *env; -- qemu_irq *i8259 = NULL, *isa_irq; -+ qemu_irq *isa_irq; - qemu_irq *cpu_exit_irq; - int piix4_devfn; - i2c_bus *smbus; -@@ -787,6 +793,11 @@ void mips_malta_init (ram_addr_t ram_size, - int fl_sectors = 0; - int be; - -+ DeviceState *dev = qdev_create(NULL, "mips-malta"); -+ MaltaState *s = DO_UPCAST(MaltaState, busdev.qdev, dev); -+ -+ qdev_init_nofail(dev); -+ - /* Make sure the first 3 serial ports are associated with a device. */ - for(i = 0; i < 3; i++) { - if (!serial_hds[i]) { -@@ -932,7 +943,7 @@ void mips_malta_init (ram_addr_t ram_size, - * qemu_irq_proxy() adds an extra bit of indirection, allowing us - * to resolve the isa_irq -> i8259 dependency after i8259 is initialized. - */ -- isa_irq = qemu_irq_proxy(&i8259, 16); -+ isa_irq = qemu_irq_proxy(&s->i8259, 16); - - /* Northbridge */ - pci_bus = gt64120_register(isa_irq); -@@ -944,9 +955,9 @@ void mips_malta_init (ram_addr_t ram_size, - - /* Interrupt controller */ - /* The 8259 is attached to the MIPS CPU INT0 pin, ie interrupt 2 */ -- i8259 = i8259_init(env->irq[2]); -+ s->i8259 = i8259_init(env->irq[2]); - -- isa_bus_irqs(i8259); -+ isa_bus_irqs(s->i8259); - pci_piix4_ide_init(pci_bus, hd, piix4_devfn + 1); - usb_uhci_piix4_init(pci_bus, piix4_devfn + 2); - smbus = piix4_pm_init(pci_bus, piix4_devfn + 3, 0x1100, isa_get_irq(9), -@@ -990,6 +1001,20 @@ void mips_malta_init (ram_addr_t ram_size, - } - } - -+static int mips_malta_sysbus_device_init(SysBusDevice *sysbusdev) -+{ -+ return 0; -+} -+ -+static SysBusDeviceInfo mips_malta_device = { -+ .init = mips_malta_sysbus_device_init, -+ .qdev.name = "mips-malta", -+ .qdev.size = sizeof(MaltaState), -+ .qdev.props = (Property[]) { -+ DEFINE_PROP_END_OF_LIST(), -+ } -+}; -+ - static QEMUMachine mips_malta_machine = { - .name = "malta", - .desc = "MIPS Malta Core LV", -@@ -998,9 +1023,15 @@ static QEMUMachine mips_malta_machine = { - .is_default = 1, - }; - -+static void mips_malta_device_init(void) -+{ -+ sysbus_register_withprop(&mips_malta_device); -+} -+ - static void mips_malta_machine_init(void) - { - qemu_register_machine(&mips_malta_machine); - } - -+device_init(mips_malta_device_init); - machine_init(mips_malta_machine_init); --- -1.7.7.5 - diff --git a/0001-qemu-kvm-Add-missing-default-machine-options.patch b/0001-qemu-kvm-Add-missing-default-machine-options.patch new file mode 100644 index 0000000..e785a70 --- /dev/null +++ b/0001-qemu-kvm-Add-missing-default-machine-options.patch @@ -0,0 +1,36 @@ +From 398b87f4ef3426569bdda2da2c9c2b89f4ba906f Mon Sep 17 00:00:00 2001 +From: Jan Kiszka +Date: Mon, 2 Jul 2012 09:34:46 +0200 +Subject: [PATCH 01/17] qemu-kvm: Add missing default machine options + +qemu-kvm-specific machine defaults were missing for pc-0.15 and pc-1.0. + +Signed-off-by: Jan Kiszka +Signed-off-by: Marcelo Tosatti +--- + hw/pc_piix.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/hw/pc_piix.c b/hw/pc_piix.c +index c3fb74e..4e8a280 100644 +--- a/hw/pc_piix.c ++++ b/hw/pc_piix.c +@@ -393,6 +393,7 @@ static QEMUMachine pc_machine_v1_0 = { + .desc = "Standard PC", + .init = pc_init_pci, + .max_cpus = 255, ++ .default_machine_opts = "accel=kvm,kernel_irqchip=on", + .compat_props = (GlobalProperty[]) { + PC_COMPAT_1_0, + { /* end of list */ } +@@ -407,6 +408,7 @@ static QEMUMachine pc_machine_v0_15 = { + .desc = "Standard PC", + .init = pc_init_pci, + .max_cpus = 255, ++ .default_machine_opts = "accel=kvm,kernel_irqchip=on", + .compat_props = (GlobalProperty[]) { + PC_COMPAT_0_15, + { /* end of list */ } +-- +1.7.10.4 + diff --git a/0002-exec.c-Fix-subpage-memory-access-to-RAM-MemoryRegion.patch b/0002-exec.c-Fix-subpage-memory-access-to-RAM-MemoryRegion.patch deleted file mode 100644 index e49a049..0000000 --- a/0002-exec.c-Fix-subpage-memory-access-to-RAM-MemoryRegion.patch +++ /dev/null @@ -1,134 +0,0 @@ -From 2061800b85ddcc9b34b5ccbfaa87f7e8b94626a6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Andreas=20F=C3=A4rber?= -Date: Wed, 30 Nov 2011 16:26:21 +0100 -Subject: [PATCH 02/25] exec.c: Fix subpage memory access to RAM MemoryRegion -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Commit 95c318f5e1f88d7e5bcc6deac17330fd4806a2d3 (Fix segfault in mmio -subpage handling code.) prevented a segfault by making all subpage -registrations over an existing memory page perform an unassigned access. -Symptoms were writes not taking effect and reads returning zero. - -Very small page sizes are not currently supported either, -so subpage memory areas cannot fully be avoided. - -Therefore change the previous fix to use a new IO_MEM_SUBPAGE_RAM -instead of IO_MEM_UNASSIGNED. Suggested by Avi. - -Reviewed-by: Avi Kivity -Signed-off-by: Andreas Färber -Cc: Avi Kivity -Cc: Gleb Natapov -Signed-off-by: Anthony Liguori ---- - cpu-common.h | 1 + - exec.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++- - 2 files changed, 64 insertions(+), 2 deletions(-) - -diff --git a/cpu-common.h b/cpu-common.h -index c9878ba..3f45428 100644 ---- a/cpu-common.h -+++ b/cpu-common.h -@@ -172,6 +172,7 @@ void cpu_physical_memory_write_rom(target_phys_addr_t addr, - #define IO_MEM_ROM (1 << IO_MEM_SHIFT) /* hardcoded offset */ - #define IO_MEM_UNASSIGNED (2 << IO_MEM_SHIFT) - #define IO_MEM_NOTDIRTY (3 << IO_MEM_SHIFT) -+#define IO_MEM_SUBPAGE_RAM (4 << IO_MEM_SHIFT) - - /* Acts like a ROM when read and like a device when written. */ - #define IO_MEM_ROMD (1) -diff --git a/exec.c b/exec.c -index 6b92198..6c206ff 100644 ---- a/exec.c -+++ b/exec.c -@@ -3570,6 +3570,63 @@ static CPUWriteMemoryFunc * const subpage_write[] = { - &subpage_writel, - }; - -+static uint32_t subpage_ram_readb(void *opaque, target_phys_addr_t addr) -+{ -+ ram_addr_t raddr = addr; -+ void *ptr = qemu_get_ram_ptr(raddr); -+ return ldub_p(ptr); -+} -+ -+static void subpage_ram_writeb(void *opaque, target_phys_addr_t addr, -+ uint32_t value) -+{ -+ ram_addr_t raddr = addr; -+ void *ptr = qemu_get_ram_ptr(raddr); -+ stb_p(ptr, value); -+} -+ -+static uint32_t subpage_ram_readw(void *opaque, target_phys_addr_t addr) -+{ -+ ram_addr_t raddr = addr; -+ void *ptr = qemu_get_ram_ptr(raddr); -+ return lduw_p(ptr); -+} -+ -+static void subpage_ram_writew(void *opaque, target_phys_addr_t addr, -+ uint32_t value) -+{ -+ ram_addr_t raddr = addr; -+ void *ptr = qemu_get_ram_ptr(raddr); -+ stw_p(ptr, value); -+} -+ -+static uint32_t subpage_ram_readl(void *opaque, target_phys_addr_t addr) -+{ -+ ram_addr_t raddr = addr; -+ void *ptr = qemu_get_ram_ptr(raddr); -+ return ldl_p(ptr); -+} -+ -+static void subpage_ram_writel(void *opaque, target_phys_addr_t addr, -+ uint32_t value) -+{ -+ ram_addr_t raddr = addr; -+ void *ptr = qemu_get_ram_ptr(raddr); -+ stl_p(ptr, value); -+} -+ -+static CPUReadMemoryFunc * const subpage_ram_read[] = { -+ &subpage_ram_readb, -+ &subpage_ram_readw, -+ &subpage_ram_readl, -+}; -+ -+static CPUWriteMemoryFunc * const subpage_ram_write[] = { -+ &subpage_ram_writeb, -+ &subpage_ram_writew, -+ &subpage_ram_writel, -+}; -+ - static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end, - ram_addr_t memory, ram_addr_t region_offset) - { -@@ -3583,8 +3640,9 @@ static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end, - printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__, - mmio, start, end, idx, eidx, memory); - #endif -- if ((memory & ~TARGET_PAGE_MASK) == IO_MEM_RAM) -- memory = IO_MEM_UNASSIGNED; -+ if ((memory & ~TARGET_PAGE_MASK) == IO_MEM_RAM) { -+ memory = IO_MEM_SUBPAGE_RAM; -+ } - memory = (memory >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1); - for (; idx <= eidx; idx++) { - mmio->sub_io_index[idx] = memory; -@@ -3817,6 +3875,9 @@ static void io_mem_init(void) - cpu_register_io_memory_fixed(IO_MEM_NOTDIRTY, error_mem_read, - notdirty_mem_write, NULL, - DEVICE_NATIVE_ENDIAN); -+ cpu_register_io_memory_fixed(IO_MEM_SUBPAGE_RAM, subpage_ram_read, -+ subpage_ram_write, NULL, -+ DEVICE_NATIVE_ENDIAN); - for (i=0; i<5; i++) - io_mem_used[i] = 1; - --- -1.7.7.5 - diff --git a/0002-qemu-kvm-virtio-Do-not-register-mask-notifiers-witho.patch b/0002-qemu-kvm-virtio-Do-not-register-mask-notifiers-witho.patch new file mode 100644 index 0000000..3c914d0 --- /dev/null +++ b/0002-qemu-kvm-virtio-Do-not-register-mask-notifiers-witho.patch @@ -0,0 +1,41 @@ +From 6f82a5ea52302bab33287b0191538be6f9138637 Mon Sep 17 00:00:00 2001 +From: Jan Kiszka +Date: Mon, 2 Jul 2012 10:05:39 +0200 +Subject: [PATCH 02/17] qemu-kvm: virtio: Do not register mask notifiers + without in-kernel irqchip support + +We crash if we registers mask notifiers without backing in-kernel +irqchip. This corresponds to the check in QEMU upstream after 1.1 now. + +Signed-off-by: Jan Kiszka +Acked-by: Michael S. Tsirkin +Signed-off-by: Marcelo Tosatti +--- + hw/virtio-pci.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/virtio-pci.c b/hw/virtio-pci.c +index a0c2ca7..5b64356 100644 +--- a/hw/virtio-pci.c ++++ b/hw/virtio-pci.c +@@ -629,7 +629,7 @@ static int virtio_pci_set_guest_notifiers(void *opaque, bool assign) + + /* Must unset mask notifier while guest notifier + * is still assigned */ +- if (!assign) { ++ if (kvm_irqchip_in_kernel() && !assign) { + r = msix_unset_mask_notifier(&proxy->pci_dev); + assert(r >= 0); + } +@@ -647,7 +647,7 @@ static int virtio_pci_set_guest_notifiers(void *opaque, bool assign) + + /* Must set mask notifier after guest notifier + * has been assigned */ +- if (assign) { ++ if (kvm_irqchip_in_kernel() && assign) { + r = msix_set_mask_notifier(&proxy->pci_dev, + virtio_pci_mask_notifier); + if (r < 0) { +-- +1.7.10.4 + diff --git a/0003-hw-9pfs-Improve-portability-to-older-systems.patch b/0003-hw-9pfs-Improve-portability-to-older-systems.patch deleted file mode 100644 index 4e91a9f..0000000 --- a/0003-hw-9pfs-Improve-portability-to-older-systems.patch +++ /dev/null @@ -1,101 +0,0 @@ -From f03969b952bc2aaf9f4445b6da28aebb0a9abde5 Mon Sep 17 00:00:00 2001 -From: "Aneesh Kumar K.V" -Date: Sun, 4 Dec 2011 22:35:27 +0530 -Subject: [PATCH 03/25] hw/9pfs: Improve portability to older systems - -handle fs driver require a set of newly added syscalls. Don't -Compile handle FS driver if those syscalls are not available. -Instead of adding #ifdef for all those syscalls we check for -open by handle syscall. If that is available then rest of the -syscalls used by the driver should be available. - -Signed-off-by: Aneesh Kumar K.V ---- - Makefile.objs | 4 ++-- - fsdev/qemu-fsdev.c | 2 ++ - hw/9pfs/virtio-9p-handle.c | 33 --------------------------------- - 3 files changed, 4 insertions(+), 35 deletions(-) - -diff --git a/Makefile.objs b/Makefile.objs -index d7a6539..3a699ee 100644 ---- a/Makefile.objs -+++ b/Makefile.objs -@@ -310,8 +310,8 @@ hw-obj-$(CONFIG_SOUND) += $(sound-obj-y) - 9pfs-nested-$(CONFIG_VIRTFS) += virtio-9p-local.o virtio-9p-xattr.o - 9pfs-nested-$(CONFIG_VIRTFS) += virtio-9p-xattr-user.o virtio-9p-posix-acl.o - 9pfs-nested-$(CONFIG_VIRTFS) += virtio-9p-coth.o cofs.o codir.o cofile.o --9pfs-nested-$(CONFIG_VIRTFS) += coxattr.o virtio-9p-handle.o --9pfs-nested-$(CONFIG_VIRTFS) += virtio-9p-synth.o -+9pfs-nested-$(CONFIG_VIRTFS) += coxattr.o virtio-9p-synth.o -+9pfs-nested-$(CONFIG_OPEN_BY_HANDLE) += virtio-9p-handle.o - - hw-obj-$(CONFIG_REALLY_VIRTFS) += $(addprefix 9pfs/, $(9pfs-nested-y)) - $(addprefix 9pfs/, $(9pfs-nested-y)): QEMU_CFLAGS+=$(GLIB_CFLAGS) -diff --git a/fsdev/qemu-fsdev.c b/fsdev/qemu-fsdev.c -index 7fd2aa7..6684f7e 100644 ---- a/fsdev/qemu-fsdev.c -+++ b/fsdev/qemu-fsdev.c -@@ -23,7 +23,9 @@ static QTAILQ_HEAD(FsDriverEntry_head, FsDriverListEntry) fsdriver_entries = - - static FsDriverTable FsDrivers[] = { - { .name = "local", .ops = &local_ops}, -+#ifdef CONFIG_OPEN_BY_HANDLE - { .name = "handle", .ops = &handle_ops}, -+#endif - { .name = "synth", .ops = &synth_ops}, - }; - -diff --git a/hw/9pfs/virtio-9p-handle.c b/hw/9pfs/virtio-9p-handle.c -index 7644ae5..a62f690 100644 ---- a/hw/9pfs/virtio-9p-handle.c -+++ b/hw/9pfs/virtio-9p-handle.c -@@ -45,7 +45,6 @@ struct handle_data { - int handle_bytes; - }; - --#ifdef CONFIG_OPEN_BY_HANDLE - static inline int name_to_handle(int dirfd, const char *name, - struct file_handle *fh, int *mnt_id, int flags) - { -@@ -56,38 +55,6 @@ static inline int open_by_handle(int mountfd, const char *fh, int flags) - { - return open_by_handle_at(mountfd, (struct file_handle *)fh, flags); - } --#else -- --struct rpl_file_handle { -- unsigned int handle_bytes; -- int handle_type; -- unsigned char handle[0]; --}; --#define file_handle rpl_file_handle -- --#ifndef AT_REMOVEDIR --#define AT_REMOVEDIR 0x200 --#endif --#ifndef AT_EMPTY_PATH --#define AT_EMPTY_PATH 0x1000 /* Allow empty relative pathname */ --#endif --#ifndef O_PATH --#define O_PATH 010000000 --#endif -- --static inline int name_to_handle(int dirfd, const char *name, -- struct file_handle *fh, int *mnt_id, int flags) --{ -- errno = ENOSYS; -- return -1; --} -- --static inline int open_by_handle(int mountfd, const char *fh, int flags) --{ -- errno = ENOSYS; -- return -1; --} --#endif - - static int handle_update_file_cred(int dirfd, const char *name, FsCred *credp) - { --- -1.7.7.5 - diff --git a/0004-hw-9pfs-use-migration-blockers-to-prevent-live-migra.patch b/0004-hw-9pfs-use-migration-blockers-to-prevent-live-migra.patch deleted file mode 100644 index a63b9e1..0000000 --- a/0004-hw-9pfs-use-migration-blockers-to-prevent-live-migra.patch +++ /dev/null @@ -1,171 +0,0 @@ -From 77a02621812952acfde887244f6f480de1b51f95 Mon Sep 17 00:00:00 2001 -From: "Aneesh Kumar K.V" -Date: Sun, 4 Dec 2011 22:35:28 +0530 -Subject: [PATCH 04/25] hw/9pfs: use migration blockers to prevent live - migration when virtfs export path is mounted - -Now when you try to migrate with VirtFS export path mounted, you get a proper QMP error: - -(qemu) migrate tcp:localhost:4444 -Migration is disabled when VirtFS export path '/tmp/' is mounted in the guest using mount_tag 'v_tmp' -(qemu) - -Signed-off-by: Aneesh Kumar K.V ---- - hw/9pfs/virtio-9p-device.c | 22 +++++++++++----------- - hw/9pfs/virtio-9p.c | 19 +++++++++++++++++++ - hw/9pfs/virtio-9p.h | 5 +++-- - qerror.c | 5 +++++ - qerror.h | 3 +++ - 5 files changed, 41 insertions(+), 13 deletions(-) - -diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c -index bba4c54..c9bca8b 100644 ---- a/hw/9pfs/virtio-9p-device.c -+++ b/hw/9pfs/virtio-9p-device.c -@@ -33,13 +33,15 @@ static V9fsState *to_virtio_9p(VirtIODevice *vdev) - - static void virtio_9p_get_config(VirtIODevice *vdev, uint8_t *config) - { -+ int len; - struct virtio_9p_config *cfg; - V9fsState *s = to_virtio_9p(vdev); - -- cfg = g_malloc0(sizeof(struct virtio_9p_config) + -- s->tag_len); -- stw_raw(&cfg->tag_len, s->tag_len); -- memcpy(cfg->tag, s->tag, s->tag_len); -+ len = strlen(s->tag); -+ cfg = g_malloc0(sizeof(struct virtio_9p_config) + len); -+ stw_raw(&cfg->tag_len, len); -+ /* We don't copy the terminating null to config space */ -+ memcpy(cfg->tag, s->tag, len); - memcpy(config, cfg, s->config_size); - g_free(cfg); - } -@@ -96,20 +98,18 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf) - } - - len = strlen(conf->tag); -- if (len > MAX_TAG_LEN) { -+ if (len > MAX_TAG_LEN - 1) { - fprintf(stderr, "mount tag '%s' (%d bytes) is longer than " -- "maximum (%d bytes)", conf->tag, len, MAX_TAG_LEN); -+ "maximum (%d bytes)", conf->tag, len, MAX_TAG_LEN - 1); - exit(1); - } -- /* s->tag is non-NULL terminated string */ -- s->tag = g_malloc(len); -- memcpy(s->tag, conf->tag, len); -- s->tag_len = len; -+ -+ s->tag = strdup(conf->tag); - s->ctx.uid = -1; - - s->ops = fse->ops; - s->vdev.get_features = virtio_9p_get_features; -- s->config_size = sizeof(struct virtio_9p_config) + s->tag_len; -+ s->config_size = sizeof(struct virtio_9p_config) + len; - s->vdev.get_config = virtio_9p_get_config; - s->fid_list = NULL; - qemu_co_rwlock_init(&s->rename_lock); -diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/virtio-9p.c -index 1b2fc5d..32b98dd 100644 ---- a/hw/9pfs/virtio-9p.c -+++ b/hw/9pfs/virtio-9p.c -@@ -23,6 +23,7 @@ - #include "virtio-9p-xattr.h" - #include "virtio-9p-coth.h" - #include "trace.h" -+#include "migration.h" - - int open_fd_hw; - int total_open_fd; -@@ -373,6 +374,19 @@ static void put_fid(V9fsPDU *pdu, V9fsFidState *fidp) - * Don't free the fid if it is in reclaim list - */ - if (!fidp->ref && fidp->clunked) { -+ if (fidp->fid == pdu->s->root_fid) { -+ /* -+ * if the clunked fid is root fid then we -+ * have unmounted the fs on the client side. -+ * delete the migration blocker. Ideally, this -+ * should be hooked to transport close notification -+ */ -+ if (pdu->s->migration_blocker) { -+ migrate_del_blocker(pdu->s->migration_blocker); -+ error_free(pdu->s->migration_blocker); -+ pdu->s->migration_blocker = NULL; -+ } -+ } - free_fid(pdu, fidp); - } - } -@@ -1235,6 +1249,11 @@ static void v9fs_attach(void *opaque) - err = offset; - trace_v9fs_attach_return(pdu->tag, pdu->id, - qid.type, qid.version, qid.path); -+ s->root_fid = fid; -+ /* disable migration */ -+ error_set(&s->migration_blocker, QERR_VIRTFS_FEATURE_BLOCKS_MIGRATION, -+ s->ctx.fs_root, s->tag); -+ migrate_add_blocker(s->migration_blocker); - out: - put_fid(pdu, fidp); - out_nofid: -diff --git a/hw/9pfs/virtio-9p.h b/hw/9pfs/virtio-9p.h -index 7f88356..8b612da 100644 ---- a/hw/9pfs/virtio-9p.h -+++ b/hw/9pfs/virtio-9p.h -@@ -246,8 +246,7 @@ typedef struct V9fsState - V9fsFidState *fid_list; - FileOperations *ops; - FsContext ctx; -- uint16_t tag_len; -- uint8_t *tag; -+ char *tag; - size_t config_size; - enum p9_proto_version proto_version; - int32_t msize; -@@ -256,6 +255,8 @@ typedef struct V9fsState - * on rename. - */ - CoRwlock rename_lock; -+ int32_t root_fid; -+ Error *migration_blocker; - } V9fsState; - - typedef struct V9fsStatState { -diff --git a/qerror.c b/qerror.c -index fdf62b9..25bc91e 100644 ---- a/qerror.c -+++ b/qerror.c -@@ -235,6 +235,11 @@ static const QErrorStringTable qerror_table[] = { - "supported by this qemu version: %(feature)", - }, - { -+ .error_fmt = QERR_VIRTFS_FEATURE_BLOCKS_MIGRATION, -+ .desc = "Migration is disabled when VirtFS export path '%(path)' " -+ "is mounted in the guest using mount_tag '%(tag)'", -+ }, -+ { - .error_fmt = QERR_VNC_SERVER_FAILED, - .desc = "Could not start VNC server on %(target)", - }, -diff --git a/qerror.h b/qerror.h -index 2d3d43b..6414cd9 100644 ---- a/qerror.h -+++ b/qerror.h -@@ -192,6 +192,9 @@ QError *qobject_to_qerror(const QObject *obj); - #define QERR_UNKNOWN_BLOCK_FORMAT_FEATURE \ - "{ 'class': 'UnknownBlockFormatFeature', 'data': { 'device': %s, 'format': %s, 'feature': %s } }" - -+#define QERR_VIRTFS_FEATURE_BLOCKS_MIGRATION \ -+ "{ 'class': 'VirtFSFeatureBlocksMigration', 'data': { 'path': %s, 'tag': %s } }" -+ - #define QERR_VNC_SERVER_FAILED \ - "{ 'class': 'VNCServerFailed', 'data': { 'target': %s } }" - --- -1.7.7.5 - diff --git a/0005-hw-9pfs-Reset-server-state-during-TVERSION.patch b/0005-hw-9pfs-Reset-server-state-during-TVERSION.patch deleted file mode 100644 index 585b7cc..0000000 --- a/0005-hw-9pfs-Reset-server-state-during-TVERSION.patch +++ /dev/null @@ -1,64 +0,0 @@ -From c554919f74e5a79f15360c4c2f417003477634cf Mon Sep 17 00:00:00 2001 -From: Deepak C Shetty -Date: Sun, 4 Dec 2011 22:35:28 +0530 -Subject: [PATCH 05/25] hw/9pfs: Reset server state during TVERSION - -As per the 9p rfc, during TVERSION its necessary to clean all the active -fids, so that we start the session from a clean state. Its also needed in -scenarios where the guest is booting off 9p, and boot fails, and client -restarts, without any knowledge of the past, it will issue a TVERSION again -so this ensures that we always start from a clean state. - -Signed-off-by: Deepak C Shetty -Signed-off-by: Aneesh Kumar K.V ---- - hw/9pfs/virtio-9p.c | 26 ++++++++++++++++++++++++++ - 1 files changed, 26 insertions(+), 0 deletions(-) - -diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/virtio-9p.c -index 32b98dd..dd43209 100644 ---- a/hw/9pfs/virtio-9p.c -+++ b/hw/9pfs/virtio-9p.c -@@ -523,6 +523,30 @@ static int v9fs_mark_fids_unreclaim(V9fsPDU *pdu, V9fsPath *path) - return 0; - } - -+static void virtfs_reset(V9fsPDU *pdu) -+{ -+ V9fsState *s = pdu->s; -+ V9fsFidState *fidp = NULL; -+ -+ /* Free all fids */ -+ while (s->fid_list) { -+ fidp = s->fid_list; -+ s->fid_list = fidp->next; -+ -+ if (fidp->ref) { -+ fidp->clunked = 1; -+ } else { -+ free_fid(pdu, fidp); -+ } -+ } -+ if (fidp) { -+ /* One or more unclunked fids found... */ -+ error_report("9pfs:%s: One or more uncluncked fids " -+ "found during reset", __func__); -+ } -+ return; -+} -+ - #define P9_QID_TYPE_DIR 0x80 - #define P9_QID_TYPE_SYMLINK 0x02 - -@@ -1196,6 +1220,8 @@ static void v9fs_version(void *opaque) - pdu_unmarshal(pdu, offset, "ds", &s->msize, &version); - trace_v9fs_version(pdu->tag, pdu->id, s->msize, version.data); - -+ virtfs_reset(pdu); -+ - if (!strcmp(version.data, "9P2000.u")) { - s->proto_version = V9FS_PROTO_2000U; - } else if (!strcmp(version.data, "9P2000.L")) { --- -1.7.7.5 - diff --git a/0006-hw-9pfs-Add-qdev.reset-callback-for-virtio-9p-pci-de.patch b/0006-hw-9pfs-Add-qdev.reset-callback-for-virtio-9p-pci-de.patch deleted file mode 100644 index aa49abb..0000000 --- a/0006-hw-9pfs-Add-qdev.reset-callback-for-virtio-9p-pci-de.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 64dd41bc2de392fa018c5ce804cc451b83f18b94 Mon Sep 17 00:00:00 2001 -From: "Aneesh Kumar K.V" -Date: Sun, 4 Dec 2011 22:35:28 +0530 -Subject: [PATCH 06/25] hw/9pfs: Add qdev.reset callback for virtio-9p-pci - device - -Add the device reset callback - -Signed-off-by: Aneesh Kumar K.V ---- - hw/9pfs/virtio-9p-device.c | 3 ++- - hw/virtio-pci.c | 2 +- - hw/virtio-pci.h | 1 + - 3 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c -index c9bca8b..cd343e1 100644 ---- a/hw/9pfs/virtio-9p-device.c -+++ b/hw/9pfs/virtio-9p-device.c -@@ -176,7 +176,8 @@ static PCIDeviceInfo virtio_9p_info = { - DEFINE_PROP_STRING("mount_tag", VirtIOPCIProxy, fsconf.tag), - DEFINE_PROP_STRING("fsdev", VirtIOPCIProxy, fsconf.fsdev_id), - DEFINE_PROP_END_OF_LIST(), -- } -+ }, -+ .qdev.reset = virtio_pci_reset, - }; - - static void virtio_9p_register_devices(void) -diff --git a/hw/virtio-pci.c b/hw/virtio-pci.c -index 64c6a94..c665f5c 100644 ---- a/hw/virtio-pci.c -+++ b/hw/virtio-pci.c -@@ -266,7 +266,7 @@ static void virtio_pci_stop_ioeventfd(VirtIOPCIProxy *proxy) - proxy->ioeventfd_started = false; - } - --static void virtio_pci_reset(DeviceState *d) -+void virtio_pci_reset(DeviceState *d) - { - VirtIOPCIProxy *proxy = container_of(d, VirtIOPCIProxy, pci_dev.qdev); - virtio_pci_stop_ioeventfd(proxy); -diff --git a/hw/virtio-pci.h b/hw/virtio-pci.h -index f8404de..344c22b 100644 ---- a/hw/virtio-pci.h -+++ b/hw/virtio-pci.h -@@ -45,6 +45,7 @@ typedef struct { - } VirtIOPCIProxy; - - void virtio_init_pci(VirtIOPCIProxy *proxy, VirtIODevice *vdev); -+void virtio_pci_reset(DeviceState *d); - - /* Virtio ABI version, if we increment this, we break the guest driver. */ - #define VIRTIO_PCI_ABI_VERSION 0 --- -1.7.7.5 - diff --git a/0007-hw-9pfs-Use-the-correct-file-descriptor-in-Fsdriver-.patch b/0007-hw-9pfs-Use-the-correct-file-descriptor-in-Fsdriver-.patch deleted file mode 100644 index 446716c..0000000 --- a/0007-hw-9pfs-Use-the-correct-file-descriptor-in-Fsdriver-.patch +++ /dev/null @@ -1,210 +0,0 @@ -From ed6857bf98e6c8b8080be208ffe15bb678591466 Mon Sep 17 00:00:00 2001 -From: "Aneesh Kumar K.V" -Date: Sun, 4 Dec 2011 22:35:28 +0530 -Subject: [PATCH 07/25] hw/9pfs: Use the correct file descriptor in Fsdriver - Callback - -Fsdriver callback that operate on file descriptor need to -differentiate between directory fd and file fd. - -Based on the original patch from Sassan Panahinejad - -Signed-off-by: Aneesh Kumar K.V ---- - fsdev/file-op-9p.h | 4 ++-- - hw/9pfs/cofile.c | 4 ++-- - hw/9pfs/virtio-9p-handle.c | 28 ++++++++++++++++++++++------ - hw/9pfs/virtio-9p-local.c | 36 ++++++++++++++++++++++++++---------- - hw/9pfs/virtio-9p-synth.c | 5 +++-- - 5 files changed, 55 insertions(+), 22 deletions(-) - -diff --git a/fsdev/file-op-9p.h b/fsdev/file-op-9p.h -index 1928da2..a85ecd3 100644 ---- a/fsdev/file-op-9p.h -+++ b/fsdev/file-op-9p.h -@@ -112,10 +112,10 @@ typedef struct FileOperations - ssize_t (*pwritev)(FsContext *, V9fsFidOpenState *, - const struct iovec *, int, off_t); - int (*mkdir)(FsContext *, V9fsPath *, const char *, FsCred *); -- int (*fstat)(FsContext *, V9fsFidOpenState *, struct stat *); -+ int (*fstat)(FsContext *, int, V9fsFidOpenState *, struct stat *); - int (*rename)(FsContext *, const char *, const char *); - int (*truncate)(FsContext *, V9fsPath *, off_t); -- int (*fsync)(FsContext *, V9fsFidOpenState *, int); -+ int (*fsync)(FsContext *, int, V9fsFidOpenState *, int); - int (*statfs)(FsContext *s, V9fsPath *path, struct statfs *stbuf); - ssize_t (*lgetxattr)(FsContext *, V9fsPath *, - const char *, void *, size_t); -diff --git a/hw/9pfs/cofile.c b/hw/9pfs/cofile.c -index 586b038..b15838c 100644 ---- a/hw/9pfs/cofile.c -+++ b/hw/9pfs/cofile.c -@@ -71,7 +71,7 @@ int v9fs_co_fstat(V9fsPDU *pdu, V9fsFidState *fidp, struct stat *stbuf) - } - v9fs_co_run_in_worker( - { -- err = s->ops->fstat(&s->ctx, &fidp->fs, stbuf); -+ err = s->ops->fstat(&s->ctx, fidp->fid_type, &fidp->fs, stbuf); - if (err < 0) { - err = -errno; - } -@@ -192,7 +192,7 @@ int v9fs_co_fsync(V9fsPDU *pdu, V9fsFidState *fidp, int datasync) - } - v9fs_co_run_in_worker( - { -- err = s->ops->fsync(&s->ctx, &fidp->fs, datasync); -+ err = s->ops->fsync(&s->ctx, fidp->fid_type, &fidp->fs, datasync); - if (err < 0) { - err = -errno; - } -diff --git a/hw/9pfs/virtio-9p-handle.c b/hw/9pfs/virtio-9p-handle.c -index a62f690..f97d898 100644 ---- a/hw/9pfs/virtio-9p-handle.c -+++ b/hw/9pfs/virtio-9p-handle.c -@@ -255,10 +255,17 @@ static int handle_mkdir(FsContext *fs_ctx, V9fsPath *dir_path, - return ret; - } - --static int handle_fstat(FsContext *fs_ctx, V9fsFidOpenState *fs, -- struct stat *stbuf) -+static int handle_fstat(FsContext *fs_ctx, int fid_type, -+ V9fsFidOpenState *fs, struct stat *stbuf) - { -- return fstat(fs->fd, stbuf); -+ int fd; -+ -+ if (fid_type == P9_FID_DIR) { -+ fd = dirfd(fs->dir); -+ } else { -+ fd = fs->fd; -+ } -+ return fstat(fd, stbuf); - } - - static int handle_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name, -@@ -395,12 +402,21 @@ static int handle_remove(FsContext *ctx, const char *path) - return -1; - } - --static int handle_fsync(FsContext *ctx, V9fsFidOpenState *fs, int datasync) -+static int handle_fsync(FsContext *ctx, int fid_type, -+ V9fsFidOpenState *fs, int datasync) - { -+ int fd; -+ -+ if (fid_type == P9_FID_DIR) { -+ fd = dirfd(fs->dir); -+ } else { -+ fd = fs->fd; -+ } -+ - if (datasync) { -- return qemu_fdatasync(fs->fd); -+ return qemu_fdatasync(fd); - } else { -- return fsync(fs->fd); -+ return fsync(fd); - } - } - -diff --git a/hw/9pfs/virtio-9p-local.c b/hw/9pfs/virtio-9p-local.c -index 99ef0cd..371a94d 100644 ---- a/hw/9pfs/virtio-9p-local.c -+++ b/hw/9pfs/virtio-9p-local.c -@@ -366,11 +366,18 @@ out: - return err; - } - --static int local_fstat(FsContext *fs_ctx, -+static int local_fstat(FsContext *fs_ctx, int fid_type, - V9fsFidOpenState *fs, struct stat *stbuf) - { -- int err; -- err = fstat(fs->fd, stbuf); -+ int err, fd; -+ -+ if (fid_type == P9_FID_DIR) { -+ fd = dirfd(fs->dir); -+ } else { -+ fd = fs->fd; -+ } -+ -+ err = fstat(fd, stbuf); - if (err) { - return err; - } -@@ -381,19 +388,19 @@ static int local_fstat(FsContext *fs_ctx, - mode_t tmp_mode; - dev_t tmp_dev; - -- if (fgetxattr(fs->fd, "user.virtfs.uid", -+ if (fgetxattr(fd, "user.virtfs.uid", - &tmp_uid, sizeof(uid_t)) > 0) { - stbuf->st_uid = tmp_uid; - } -- if (fgetxattr(fs->fd, "user.virtfs.gid", -+ if (fgetxattr(fd, "user.virtfs.gid", - &tmp_gid, sizeof(gid_t)) > 0) { - stbuf->st_gid = tmp_gid; - } -- if (fgetxattr(fs->fd, "user.virtfs.mode", -+ if (fgetxattr(fd, "user.virtfs.mode", - &tmp_mode, sizeof(mode_t)) > 0) { - stbuf->st_mode = tmp_mode; - } -- if (fgetxattr(fs->fd, "user.virtfs.rdev", -+ if (fgetxattr(fd, "user.virtfs.rdev", - &tmp_dev, sizeof(dev_t)) > 0) { - stbuf->st_rdev = tmp_dev; - } -@@ -592,12 +599,21 @@ static int local_remove(FsContext *ctx, const char *path) - return remove(rpath(ctx, path, buffer)); - } - --static int local_fsync(FsContext *ctx, V9fsFidOpenState *fs, int datasync) -+static int local_fsync(FsContext *ctx, int fid_type, -+ V9fsFidOpenState *fs, int datasync) - { -+ int fd; -+ -+ if (fid_type == P9_FID_DIR) { -+ fd = dirfd(fs->dir); -+ } else { -+ fd = fs->fd; -+ } -+ - if (datasync) { -- return qemu_fdatasync(fs->fd); -+ return qemu_fdatasync(fd); - } else { -- return fsync(fs->fd); -+ return fsync(fd); - } - } - -diff --git a/hw/9pfs/virtio-9p-synth.c b/hw/9pfs/virtio-9p-synth.c -index f573616..92e0b09 100644 ---- a/hw/9pfs/virtio-9p-synth.c -+++ b/hw/9pfs/virtio-9p-synth.c -@@ -166,7 +166,7 @@ static int v9fs_synth_lstat(FsContext *fs_ctx, - return 0; - } - --static int v9fs_synth_fstat(FsContext *fs_ctx, -+static int v9fs_synth_fstat(FsContext *fs_ctx, int fid_type, - V9fsFidOpenState *fs, struct stat *stbuf) - { - V9fsSynthOpenState *synth_open = fs->private; -@@ -414,7 +414,8 @@ static int v9fs_synth_remove(FsContext *ctx, const char *path) - return -1; - } - --static int v9fs_synth_fsync(FsContext *ctx, V9fsFidOpenState *fs, int datasync) -+static int v9fs_synth_fsync(FsContext *ctx, int fid_type, -+ V9fsFidOpenState *fs, int datasync) - { - errno = ENOSYS; - return 0; --- -1.7.7.5 - diff --git a/0008-hw-9pfs-replace-iovec-manipulation-with-QEMUIOVector.patch b/0008-hw-9pfs-replace-iovec-manipulation-with-QEMUIOVector.patch deleted file mode 100644 index 95c3f05..0000000 --- a/0008-hw-9pfs-replace-iovec-manipulation-with-QEMUIOVector.patch +++ /dev/null @@ -1,305 +0,0 @@ -From 45d6cdff48356dc8974497ec0524f971b646dd70 Mon Sep 17 00:00:00 2001 -From: Stefan Hajnoczi -Date: Wed, 21 Dec 2011 12:37:22 +0530 -Subject: [PATCH 08/25] hw/9pfs: replace iovec manipulation with QEMUIOVector - -The v9fs_read() and v9fs_write() functions rely on iovec[] manipulation -code should be replaced with QEMUIOVector to avoid duplicating code. -In the future it may be possible to make the code even more concise by -using QEMUIOVector consistently across virtio and 9pfs. - -The "v" format specifier for pdu_marshal() and pdu_unmarshal() is -dropped since it does not actually pack/unpack anything. The specifier -was also not implemented to update the offset variable and could only be -used at the end of a format string, another sign that this shouldn't -really be a format specifier. Instead, see the new -v9fs_init_qiov_from_pdu() function. - -This change avoids a possible iovec[] buffer overflow when indirect -vrings are used since the number of vectors is now limited by the -underlying VirtQueueElement and cannot be out-of-bounds. - -Signed-off-by: Stefan Hajnoczi -Signed-off-by: Aneesh Kumar K.V ---- - hw/9pfs/virtio-9p.c | 162 +++++++++++++++++++-------------------------------- - 1 files changed, 60 insertions(+), 102 deletions(-) - -diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/virtio-9p.c -index dd43209..c018916 100644 ---- a/hw/9pfs/virtio-9p.c -+++ b/hw/9pfs/virtio-9p.c -@@ -674,40 +674,6 @@ static size_t pdu_pack(V9fsPDU *pdu, size_t offset, const void *src, - offset, size, 1); - } - --static int pdu_copy_sg(V9fsPDU *pdu, size_t offset, int rx, struct iovec *sg) --{ -- size_t pos = 0; -- int i, j; -- struct iovec *src_sg; -- unsigned int num; -- -- if (rx) { -- src_sg = pdu->elem.in_sg; -- num = pdu->elem.in_num; -- } else { -- src_sg = pdu->elem.out_sg; -- num = pdu->elem.out_num; -- } -- -- j = 0; -- for (i = 0; i < num; i++) { -- if (offset <= pos) { -- sg[j].iov_base = src_sg[i].iov_base; -- sg[j].iov_len = src_sg[i].iov_len; -- j++; -- } else if (offset < (src_sg[i].iov_len + pos)) { -- sg[j].iov_base = src_sg[i].iov_base; -- sg[j].iov_len = src_sg[i].iov_len; -- sg[j].iov_base += (offset - pos); -- sg[j].iov_len -= (offset - pos); -- j++; -- } -- pos += src_sg[i].iov_len; -- } -- -- return j; --} -- - static size_t pdu_unmarshal(V9fsPDU *pdu, size_t offset, const char *fmt, ...) - { - size_t old_offset = offset; -@@ -743,12 +709,6 @@ static size_t pdu_unmarshal(V9fsPDU *pdu, size_t offset, const char *fmt, ...) - *valp = le64_to_cpu(val); - break; - } -- case 'v': { -- struct iovec *iov = va_arg(ap, struct iovec *); -- int *iovcnt = va_arg(ap, int *); -- *iovcnt = pdu_copy_sg(pdu, offset, 0, iov); -- break; -- } - case 's': { - V9fsString *str = va_arg(ap, V9fsString *); - offset += pdu_unmarshal(pdu, offset, "w", &str->size); -@@ -827,12 +787,6 @@ static size_t pdu_marshal(V9fsPDU *pdu, size_t offset, const char *fmt, ...) - offset += pdu_pack(pdu, offset, &val, sizeof(val)); - break; - } -- case 'v': { -- struct iovec *iov = va_arg(ap, struct iovec *); -- int *iovcnt = va_arg(ap, int *); -- *iovcnt = pdu_copy_sg(pdu, offset, 1, iov); -- break; -- } - case 's': { - V9fsString *str = va_arg(ap, V9fsString *); - offset += pdu_marshal(pdu, offset, "w", str->size); -@@ -1143,42 +1097,6 @@ static void stat_to_v9stat_dotl(V9fsState *s, const struct stat *stbuf, - stat_to_qid(stbuf, &v9lstat->qid); - } - --static struct iovec *adjust_sg(struct iovec *sg, int len, int *iovcnt) --{ -- while (len && *iovcnt) { -- if (len < sg->iov_len) { -- sg->iov_len -= len; -- sg->iov_base += len; -- len = 0; -- } else { -- len -= sg->iov_len; -- sg++; -- *iovcnt -= 1; -- } -- } -- -- return sg; --} -- --static struct iovec *cap_sg(struct iovec *sg, int cap, int *cnt) --{ -- int i; -- int total = 0; -- -- for (i = 0; i < *cnt; i++) { -- if ((total + sg[i].iov_len) > cap) { -- sg[i].iov_len -= ((total + sg[i].iov_len) - cap); -- i++; -- break; -- } -- total += sg[i].iov_len; -- } -- -- *cnt = i; -- -- return sg; --} -- - static void print_sg(struct iovec *sg, int cnt) - { - int i; -@@ -1861,6 +1779,38 @@ out: - return count; - } - -+/* -+ * Create a QEMUIOVector for a sub-region of PDU iovecs -+ * -+ * @qiov: uninitialized QEMUIOVector -+ * @skip: number of bytes to skip from beginning of PDU -+ * @size: number of bytes to include -+ * @is_write: true - write, false - read -+ * -+ * The resulting QEMUIOVector has heap-allocated iovecs and must be cleaned up -+ * with qemu_iovec_destroy(). -+ */ -+static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, -+ uint64_t skip, size_t size, -+ bool is_write) -+{ -+ QEMUIOVector elem; -+ struct iovec *iov; -+ unsigned int niov; -+ -+ if (is_write) { -+ iov = pdu->elem.out_sg; -+ niov = pdu->elem.out_num; -+ } else { -+ iov = pdu->elem.in_sg; -+ niov = pdu->elem.in_num; -+ } -+ -+ qemu_iovec_init_external(&elem, iov, niov); -+ qemu_iovec_init(qiov, niov); -+ qemu_iovec_copy(qiov, &elem, skip, size); -+} -+ - static void v9fs_read(void *opaque) - { - int32_t fid; -@@ -1895,21 +1845,21 @@ static void v9fs_read(void *opaque) - err += pdu_marshal(pdu, offset, "d", count); - err += count; - } else if (fidp->fid_type == P9_FID_FILE) { -- int32_t cnt; -+ QEMUIOVector qiov_full; -+ QEMUIOVector qiov; - int32_t len; -- struct iovec *sg; -- struct iovec iov[128]; /* FIXME: bad, bad, bad */ - -- sg = iov; -- pdu_marshal(pdu, offset + 4, "v", sg, &cnt); -- sg = cap_sg(sg, max_count, &cnt); -+ v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset + 4, max_count, false); -+ qemu_iovec_init(&qiov, qiov_full.niov); - do { -+ qemu_iovec_reset(&qiov); -+ qemu_iovec_copy(&qiov, &qiov_full, count, qiov_full.size - count); - if (0) { -- print_sg(sg, cnt); -+ print_sg(qiov.iov, qiov.niov); - } - /* Loop in case of EINTR */ - do { -- len = v9fs_co_preadv(pdu, fidp, sg, cnt, off); -+ len = v9fs_co_preadv(pdu, fidp, qiov.iov, qiov.niov, off); - if (len >= 0) { - off += len; - count += len; -@@ -1920,11 +1870,12 @@ static void v9fs_read(void *opaque) - err = len; - goto out; - } -- sg = adjust_sg(sg, len, &cnt); - } while (count < max_count && len > 0); - err = offset; - err += pdu_marshal(pdu, offset, "d", count); - err += count; -+ qemu_iovec_destroy(&qiov); -+ qemu_iovec_destroy(&qiov_full); - } else if (fidp->fid_type == P9_FID_XATTR) { - err = v9fs_xattr_read(s, pdu, fidp, off, max_count); - } else { -@@ -2095,7 +2046,6 @@ out: - - static void v9fs_write(void *opaque) - { -- int cnt; - ssize_t err; - int32_t fid; - int64_t off; -@@ -2104,13 +2054,14 @@ static void v9fs_write(void *opaque) - int32_t total = 0; - size_t offset = 7; - V9fsFidState *fidp; -- struct iovec iov[128]; /* FIXME: bad, bad, bad */ -- struct iovec *sg = iov; - V9fsPDU *pdu = opaque; - V9fsState *s = pdu->s; -+ QEMUIOVector qiov_full; -+ QEMUIOVector qiov; - -- pdu_unmarshal(pdu, offset, "dqdv", &fid, &off, &count, sg, &cnt); -- trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, cnt); -+ offset += pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); -+ v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); -+ trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); - - fidp = get_fid(pdu, fid); - if (fidp == NULL) { -@@ -2126,20 +2077,23 @@ static void v9fs_write(void *opaque) - /* - * setxattr operation - */ -- err = v9fs_xattr_write(s, pdu, fidp, off, count, sg, cnt); -+ err = v9fs_xattr_write(s, pdu, fidp, off, count, -+ qiov_full.iov, qiov_full.niov); - goto out; - } else { - err = -EINVAL; - goto out; - } -- sg = cap_sg(sg, count, &cnt); -+ qemu_iovec_init(&qiov, qiov_full.niov); - do { -+ qemu_iovec_reset(&qiov); -+ qemu_iovec_copy(&qiov, &qiov_full, total, qiov_full.size - total); - if (0) { -- print_sg(sg, cnt); -+ print_sg(qiov.iov, qiov.niov); - } - /* Loop in case of EINTR */ - do { -- len = v9fs_co_pwritev(pdu, fidp, sg, cnt, off); -+ len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); - if (len >= 0) { - off += len; - total += len; -@@ -2148,16 +2102,20 @@ static void v9fs_write(void *opaque) - if (len < 0) { - /* IO error return the error */ - err = len; -- goto out; -+ goto out_qiov; - } -- sg = adjust_sg(sg, len, &cnt); - } while (total < count && len > 0); -+ -+ offset = 7; - offset += pdu_marshal(pdu, offset, "d", total); - err = offset; - trace_v9fs_write_return(pdu->tag, pdu->id, total, err); -+out_qiov: -+ qemu_iovec_destroy(&qiov); - out: - put_fid(pdu, fidp); - out_nofid: -+ qemu_iovec_destroy(&qiov_full); - complete_pdu(s, pdu, err); - } - --- -1.7.7.5 - diff --git a/0009-hw-9pfs-Use-the-correct-signed-type-for-different-va.patch b/0009-hw-9pfs-Use-the-correct-signed-type-for-different-va.patch deleted file mode 100644 index c0b02f2..0000000 --- a/0009-hw-9pfs-Use-the-correct-signed-type-for-different-va.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 3d3ec7b809b91f2a71fb78fc6b5b079963383243 Mon Sep 17 00:00:00 2001 -From: "Aneesh Kumar K.V" -Date: Wed, 21 Dec 2011 12:37:23 +0530 -Subject: [PATCH 09/25] hw/9pfs: Use the correct signed type for different - variables - -Signed-off-by: Aneesh Kumar K.V ---- - fsdev/file-op-9p.h | 2 +- - hw/9pfs/virtio-9p.c | 21 +++++++++++---------- - hw/9pfs/virtio-9p.h | 2 +- - trace-events | 8 ++++---- - 4 files changed, 17 insertions(+), 16 deletions(-) - -diff --git a/fsdev/file-op-9p.h b/fsdev/file-op-9p.h -index a85ecd3..c823fe0 100644 ---- a/fsdev/file-op-9p.h -+++ b/fsdev/file-op-9p.h -@@ -74,7 +74,7 @@ typedef struct FsContext - } FsContext; - - typedef struct V9fsPath { -- int16_t size; -+ uint16_t size; - char *data; - } V9fsPath; - -diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/virtio-9p.c -index c018916..b3fc3d0 100644 ---- a/hw/9pfs/virtio-9p.c -+++ b/hw/9pfs/virtio-9p.c -@@ -1694,8 +1694,8 @@ out_nofid: - complete_pdu(s, pdu, err); - } - --static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, -- V9fsFidState *fidp, int64_t off, int32_t max_count) -+static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, -+ uint64_t off, uint32_t max_count) - { - size_t offset = 7; - int read_count; -@@ -1719,7 +1719,7 @@ static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, - } - - static int v9fs_do_readdir_with_stat(V9fsPDU *pdu, -- V9fsFidState *fidp, int32_t max_count) -+ V9fsFidState *fidp, uint32_t max_count) - { - V9fsPath path; - V9fsStat v9stat; -@@ -1814,11 +1814,11 @@ static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, - static void v9fs_read(void *opaque) - { - int32_t fid; -- int64_t off; -+ uint64_t off; - ssize_t err = 0; - int32_t count = 0; - size_t offset = 7; -- int32_t max_count; -+ uint32_t max_count; - V9fsFidState *fidp; - V9fsPDU *pdu = opaque; - V9fsState *s = pdu->s; -@@ -1962,8 +1962,9 @@ static void v9fs_readdir(void *opaque) - V9fsFidState *fidp; - ssize_t retval = 0; - size_t offset = 7; -- int64_t initial_offset; -- int32_t count, max_count; -+ uint64_t initial_offset; -+ int32_t count; -+ uint32_t max_count; - V9fsPDU *pdu = opaque; - V9fsState *s = pdu->s; - -@@ -2001,7 +2002,7 @@ out_nofid: - } - - static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, -- int64_t off, int32_t count, -+ uint64_t off, uint32_t count, - struct iovec *sg, int cnt) - { - int i, to_copy; -@@ -2048,8 +2049,8 @@ static void v9fs_write(void *opaque) - { - ssize_t err; - int32_t fid; -- int64_t off; -- int32_t count; -+ uint64_t off; -+ uint32_t count; - int32_t len = 0; - int32_t total = 0; - size_t offset = 7; -diff --git a/hw/9pfs/virtio-9p.h b/hw/9pfs/virtio-9p.h -index 8b612da..19a797b 100644 ---- a/hw/9pfs/virtio-9p.h -+++ b/hw/9pfs/virtio-9p.h -@@ -156,7 +156,7 @@ typedef struct V9fsFidState V9fsFidState; - - typedef struct V9fsString - { -- int16_t size; -+ uint16_t size; - char *data; - } V9fsString; - -diff --git a/trace-events b/trace-events -index 962caca..e417897 100644 ---- a/trace-events -+++ b/trace-events -@@ -579,11 +579,11 @@ v9fs_lcreate(uint16_t tag, uint8_t id, int32_t dfid, int32_t flags, int32_t mode - v9fs_lcreate_return(uint16_t tag, uint8_t id, int8_t type, int32_t version, int64_t path, int32_t iounit) "tag %d id %d qid={type %d version %d path %"PRId64"} iounit %d" - v9fs_fsync(uint16_t tag, uint8_t id, int32_t fid, int datasync) "tag %d id %d fid %d datasync %d" - v9fs_clunk(uint16_t tag, uint8_t id, int32_t fid) "tag %d id %d fid %d" --v9fs_read(uint16_t tag, uint8_t id, int32_t fid, int64_t off, int32_t max_count) "tag %d id %d fid %d off %"PRId64" max_count %d" -+v9fs_read(uint16_t tag, uint8_t id, int32_t fid, uint64_t off, uint32_t max_count) "tag %d id %d fid %d off %"PRIu64" max_count %u" - v9fs_read_return(uint16_t tag, uint8_t id, int32_t count, ssize_t err) "tag %d id %d count %d err %zd" --v9fs_readdir(uint16_t tag, uint8_t id, int32_t fid, int64_t offset, int32_t max_count) "tag %d id %d fid %d offset %"PRId64" max_count %d" --v9fs_readdir_return(uint16_t tag, uint8_t id, int32_t count, ssize_t retval) "tag %d id %d count %d retval %zd" --v9fs_write(uint16_t tag, uint8_t id, int32_t fid, int64_t off, int32_t count, int cnt) "tag %d id %d fid %d off %"PRId64" count %d cnt %d" -+v9fs_readdir(uint16_t tag, uint8_t id, int32_t fid, uint64_t offset, uint32_t max_count) "tag %d id %d fid %d offset %"PRIu64" max_count %u" -+v9fs_readdir_return(uint16_t tag, uint8_t id, uint32_t count, ssize_t retval) "tag %d id %d count %u retval %zd" -+v9fs_write(uint16_t tag, uint8_t id, int32_t fid, uint64_t off, uint32_t count, int cnt) "tag %d id %d fid %d off %"PRIu64" count %u cnt %d" - v9fs_write_return(uint16_t tag, uint8_t id, int32_t total, ssize_t err) "tag %d id %d total %d err %zd" - v9fs_create(uint16_t tag, uint8_t id, int32_t fid, char* name, int32_t perm, int8_t mode) "tag %d id %d fid %d name %s perm %d mode %d" - v9fs_create_return(uint16_t tag, uint8_t id, int8_t type, int32_t version, int64_t path, int iounit) "tag %d id %d qid={type %d version %d path %"PRId64"} iounit %d" --- -1.7.7.5 - diff --git a/0010-target-i386-fix-cmpxchg-instruction-emulation.patch b/0010-target-i386-fix-cmpxchg-instruction-emulation.patch deleted file mode 100644 index a7276e2..0000000 --- a/0010-target-i386-fix-cmpxchg-instruction-emulation.patch +++ /dev/null @@ -1,54 +0,0 @@ -From abf80f880410ebbdd01a289c41c87153802fe900 Mon Sep 17 00:00:00 2001 -From: Andreas Gustafsson -Date: Mon, 12 Dec 2011 00:46:32 +0400 -Subject: [PATCH 10/25] target-i386: fix cmpxchg instruction emulation - -When the i386 cmpxchg instruction is executed with a memory operand -and the comparison result is "unequal", do the memory write before -changing the accumulator instead of the other way around, because -otherwise the new accumulator value will incorrectly be used in the -comparison when the instruction is restarted after a page fault. - -This bug was originally reported on 2010-04-25 as -https://bugs.launchpad.net/qemu/+bug/569760 - -Signed-off-by: Andreas Gustafsson ---- - target-i386/translate.c | 11 +++++++---- - 1 files changed, 7 insertions(+), 4 deletions(-) - -diff --git a/target-i386/translate.c b/target-i386/translate.c -index 1ef8d16..8321bf3 100644 ---- a/target-i386/translate.c -+++ b/target-i386/translate.c -@@ -4870,20 +4870,23 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start) - tcg_gen_sub_tl(t2, cpu_regs[R_EAX], t0); - gen_extu(ot, t2); - tcg_gen_brcondi_tl(TCG_COND_EQ, t2, 0, label1); -+ label2 = gen_new_label(); - if (mod == 3) { -- label2 = gen_new_label(); - gen_op_mov_reg_v(ot, R_EAX, t0); - tcg_gen_br(label2); - gen_set_label(label1); - gen_op_mov_reg_v(ot, rm, t1); -- gen_set_label(label2); - } else { -- tcg_gen_mov_tl(t1, t0); -+ /* perform no-op store cycle like physical cpu; must be -+ before changing accumulator to ensure idempotency if -+ the store faults and the instruction is restarted */ -+ gen_op_st_v(ot + s->mem_index, t0, a0); - gen_op_mov_reg_v(ot, R_EAX, t0); -+ tcg_gen_br(label2); - gen_set_label(label1); -- /* always store */ - gen_op_st_v(ot + s->mem_index, t1, a0); - } -+ gen_set_label(label2); - tcg_gen_mov_tl(cpu_cc_src, t0); - tcg_gen_mov_tl(cpu_cc_dst, t2); - s->cc_op = CC_OP_SUBB + ot; --- -1.7.7.5 - diff --git a/0011-configure-Enable-build-by-default-PIE-read-only-relo.patch b/0011-configure-Enable-build-by-default-PIE-read-only-relo.patch deleted file mode 100644 index bd592c7..0000000 --- a/0011-configure-Enable-build-by-default-PIE-read-only-relo.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 6d450bfbc862d0dab0e8da10ae15698612800726 Mon Sep 17 00:00:00 2001 -From: Brad -Date: Mon, 28 Nov 2011 19:53:49 -0500 -Subject: [PATCH 11/25] configure: Enable build by default PIE / read-only - relocation sections on OpenBSD amd64/i386. - -Enable build by default PIE / read-only relocation sections for the QEMU -binaries on OpenBSD amd64/i386. - -Signed-off-by: Brad Smith -Signed-off-by: Blue Swirl ---- - configure | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/configure b/configure -index ac4840d..b113f60 100755 ---- a/configure -+++ b/configure -@@ -1116,7 +1116,7 @@ fi - - if test "$pie" = ""; then - case "$cpu-$targetos" in -- i386-Linux|x86_64-Linux) -+ i386-Linux|x86_64-Linux|i386-OpenBSD|x86_64-OpenBSD) - ;; - *) - pie="no" --- -1.7.7.5 - diff --git a/0012-cris-Handle-conditional-stores-on-CRISv10.patch b/0012-cris-Handle-conditional-stores-on-CRISv10.patch deleted file mode 100644 index c824a09..0000000 --- a/0012-cris-Handle-conditional-stores-on-CRISv10.patch +++ /dev/null @@ -1,155 +0,0 @@ -From 3e8088148bb56b84a739c2ef3c63d89188a1ad8f Mon Sep 17 00:00:00 2001 -From: Stefan Sandstrom -Date: Mon, 12 Dec 2011 11:38:31 +0100 -Subject: [PATCH 12/25] cris: Handle conditional stores on CRISv10 - -Signed-off-by: Stefan Sandstrom -Signed-off-by: Edgar E. Iglesias ---- - target-cris/cpu.h | 2 + - target-cris/helper.c | 1 + - target-cris/translate_v10.c | 72 +++++++++++++++++++++++++++++++++++++++--- - 3 files changed, 69 insertions(+), 6 deletions(-) - -diff --git a/target-cris/cpu.h b/target-cris/cpu.h -index 8ae0ce3..453afbb 100644 ---- a/target-cris/cpu.h -+++ b/target-cris/cpu.h -@@ -67,6 +67,8 @@ - #define Q_FLAG 0x80000000 - #define M_FLAG 0x40000000 - #define PFIX_FLAG 0x800 /* CRISv10 Only. */ -+#define F_FLAG_V10 0x400 -+#define P_FLAG_V10 0x200 - #define S_FLAG 0x200 - #define R_FLAG 0x100 - #define P_FLAG 0x80 -diff --git a/target-cris/helper.c b/target-cris/helper.c -index 75f0035..5bc6d81 100644 ---- a/target-cris/helper.c -+++ b/target-cris/helper.c -@@ -157,6 +157,7 @@ static void do_interruptv10(CPUState *env) - /* Now that we are in kernel mode, load the handlers address. */ - env->pc = ldl_code(env->pregs[PR_EBP] + ex_vec * 4); - env->locked_irq = 1; -+ env->pregs[PR_CCS] |= F_FLAG_V10; /* set F. */ - - qemu_log_mask(CPU_LOG_INT, "%s isr=%x vec=%x ccs=%x pid=%d erp=%x\n", - __func__, env->pc, ex_vec, -diff --git a/target-cris/translate_v10.c b/target-cris/translate_v10.c -index 637ac20..95053b6 100644 ---- a/target-cris/translate_v10.c -+++ b/target-cris/translate_v10.c -@@ -62,6 +62,65 @@ static inline void cris_illegal_insn(DisasContext *dc) - t_gen_raise_exception(EXCP_BREAK); - } - -+static void gen_store_v10_conditional(DisasContext *dc, TCGv addr, TCGv val, -+ unsigned int size, int mem_index) -+{ -+ int l1 = gen_new_label(); -+ TCGv taddr = tcg_temp_local_new(); -+ TCGv tval = tcg_temp_local_new(); -+ TCGv t1 = tcg_temp_local_new(); -+ dc->postinc = 0; -+ cris_evaluate_flags(dc); -+ -+ tcg_gen_mov_tl(taddr, addr); -+ tcg_gen_mov_tl(tval, val); -+ -+ /* Store only if F flag isn't set */ -+ tcg_gen_andi_tl(t1, cpu_PR[PR_CCS], F_FLAG_V10); -+ tcg_gen_brcondi_tl(TCG_COND_NE, t1, 0, l1); -+ if (size == 1) { -+ tcg_gen_qemu_st8(tval, taddr, mem_index); -+ } else if (size == 2) { -+ tcg_gen_qemu_st16(tval, taddr, mem_index); -+ } else { -+ tcg_gen_qemu_st32(tval, taddr, mem_index); -+ } -+ gen_set_label(l1); -+ tcg_gen_shri_tl(t1, t1, 1); /* shift F to P position */ -+ tcg_gen_or_tl(cpu_PR[PR_CCS], cpu_PR[PR_CCS], t1); /*P=F*/ -+ tcg_temp_free(t1); -+ tcg_temp_free(tval); -+ tcg_temp_free(taddr); -+} -+ -+static void gen_store_v10(DisasContext *dc, TCGv addr, TCGv val, -+ unsigned int size) -+{ -+ int mem_index = cpu_mmu_index(dc->env); -+ -+ /* If we get a fault on a delayslot we must keep the jmp state in -+ the cpu-state to be able to re-execute the jmp. */ -+ if (dc->delayed_branch == 1) { -+ cris_store_direct_jmp(dc); -+ } -+ -+ /* Conditional writes. We only support the kind were X is known -+ at translation time. */ -+ if (dc->flagx_known && dc->flags_x) { -+ gen_store_v10_conditional(dc, addr, val, size, mem_index); -+ return; -+ } -+ -+ if (size == 1) { -+ tcg_gen_qemu_st8(val, addr, mem_index); -+ } else if (size == 2) { -+ tcg_gen_qemu_st16(val, addr, mem_index); -+ } else { -+ tcg_gen_qemu_st32(val, addr, mem_index); -+ } -+} -+ -+ - /* Prefix flag and register are used to handle the more complex - addressing modes. */ - static void cris_set_prefix(DisasContext *dc) -@@ -313,7 +372,8 @@ static unsigned int dec10_setclrf(DisasContext *dc) - if (set) { - tcg_gen_ori_tl(cpu_PR[PR_CCS], cpu_PR[PR_CCS], flags); - } else { -- tcg_gen_andi_tl(cpu_PR[PR_CCS], cpu_PR[PR_CCS], ~flags); -+ tcg_gen_andi_tl(cpu_PR[PR_CCS], cpu_PR[PR_CCS], -+ ~(flags|F_FLAG_V10|P_FLAG_V10)); - } - - dc->flags_uptodate = 1; -@@ -723,7 +783,7 @@ static unsigned int dec10_ind_move_r_m(DisasContext *dc, unsigned int size) - LOG_DIS("move.%d $r%d, [$r%d]\n", dc->size, dc->src, dc->dst); - addr = tcg_temp_new(); - crisv10_prepare_memaddr(dc, addr, size); -- gen_store(dc, addr, cpu_R[dc->dst], size); -+ gen_store_v10(dc, addr, cpu_R[dc->dst], size); - insn_len += crisv10_post_memaddr(dc, size); - - return insn_len; -@@ -767,10 +827,10 @@ static unsigned int dec10_ind_move_pr_m(DisasContext *dc) - t0 = tcg_temp_new(); - cris_evaluate_flags(dc); - tcg_gen_andi_tl(t0, cpu_PR[PR_CCS], ~PFIX_FLAG); -- gen_store(dc, addr, t0, size); -+ gen_store_v10(dc, addr, t0, size); - tcg_temp_free(t0); - } else { -- gen_store(dc, addr, cpu_PR[dc->dst], size); -+ gen_store_v10(dc, addr, cpu_PR[dc->dst], size); - } - t0 = tcg_temp_new(); - insn_len += crisv10_post_memaddr(dc, size); -@@ -793,9 +853,9 @@ static void dec10_movem_r_m(DisasContext *dc) - tcg_gen_mov_tl(t0, addr); - for (i = dc->dst; i >= 0; i--) { - if ((pfix && dc->mode == CRISV10_MODE_AUTOINC) && dc->src == i) { -- gen_store(dc, addr, t0, 4); -+ gen_store_v10(dc, addr, t0, 4); - } else { -- gen_store(dc, addr, cpu_R[i], 4); -+ gen_store_v10(dc, addr, cpu_R[i], 4); - } - tcg_gen_addi_tl(addr, addr, 4); - } --- -1.7.7.5 - diff --git a/0013-pc-add-pc-0.15.patch b/0013-pc-add-pc-0.15.patch deleted file mode 100644 index f85b065..0000000 --- a/0013-pc-add-pc-0.15.patch +++ /dev/null @@ -1,40 +0,0 @@ -From a25808dc5baee83f36e0cdab998eb6c0024156fa Mon Sep 17 00:00:00 2001 -From: Anthony Liguori -Date: Sun, 18 Dec 2011 12:59:12 -0600 -Subject: [PATCH 13/25] pc: add pc-0.15 - -Signed-off-by: Anthony Liguori ---- - hw/pc_piix.c | 9 +++++++++ - 1 files changed, 9 insertions(+), 0 deletions(-) - -diff --git a/hw/pc_piix.c b/hw/pc_piix.c -index 970f43c..9093a28 100644 ---- a/hw/pc_piix.c -+++ b/hw/pc_piix.c -@@ -306,6 +306,14 @@ static QEMUMachine pc_machine_v1_0 = { - .is_default = 1, - }; - -+static QEMUMachine pc_machine_v0_15 = { -+ .name = "pc-0.15", -+ .desc = "Standard PC", -+ .init = pc_init_pci, -+ .max_cpus = 255, -+ .is_default = 1, -+}; -+ - static QEMUMachine pc_machine_v0_14 = { - .name = "pc-0.14", - .desc = "Standard PC", -@@ -557,6 +565,7 @@ static QEMUMachine xenfv_machine = { - static void pc_machine_init(void) - { - qemu_register_machine(&pc_machine_v1_0); -+ qemu_register_machine(&pc_machine_v0_15); - qemu_register_machine(&pc_machine_v0_14); - qemu_register_machine(&pc_machine_v0_13); - qemu_register_machine(&pc_machine_v0_12); --- -1.7.7.5 - diff --git a/0014-pc-fix-event_idx-compatibility-for-virtio-devices.patch b/0014-pc-fix-event_idx-compatibility-for-virtio-devices.patch deleted file mode 100644 index 121ec6c..0000000 --- a/0014-pc-fix-event_idx-compatibility-for-virtio-devices.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 7e2191ae9898cc957a3d1991aff0e40f2e0f44a4 Mon Sep 17 00:00:00 2001 -From: Anthony Liguori -Date: Sun, 18 Dec 2011 13:07:03 -0600 -Subject: [PATCH 14/25] pc: fix event_idx compatibility for virtio devices - -event_idx was introduced in 0.15 and must be disabled for all virtio-pci devices -(including virtio-balloon-pci). - -Signed-off-by: Anthony Liguori ---- - hw/pc_piix.c | 32 ++++++++++++++++++++++++++++++++ - 1 files changed, 32 insertions(+), 0 deletions(-) - -diff --git a/hw/pc_piix.c b/hw/pc_piix.c -index 9093a28..05000e3 100644 ---- a/hw/pc_piix.c -+++ b/hw/pc_piix.c -@@ -328,6 +328,22 @@ static QEMUMachine pc_machine_v0_14 = { - .driver = "qxl-vga", - .property = "revision", - .value = stringify(2), -+ },{ -+ .driver = "virtio-blk-pci", -+ .property = "event_idx", -+ .value = "off", -+ },{ -+ .driver = "virtio-serial-pci", -+ .property = "event_idx", -+ .value = "off", -+ },{ -+ .driver = "virtio-net-pci", -+ .property = "event_idx", -+ .value = "off", -+ },{ -+ .driver = "virtio-balloon-pci", -+ .property = "event_idx", -+ .value = "off", - }, - { /* end of list */ } - }, -@@ -368,6 +384,10 @@ static QEMUMachine pc_machine_v0_13 = { - .property = "event_idx", - .value = "off", - },{ -+ .driver = "virtio-balloon-pci", -+ .property = "event_idx", -+ .value = "off", -+ },{ - .driver = "AC97", - .property = "use_broken_id", - .value = stringify(1), -@@ -415,6 +435,10 @@ static QEMUMachine pc_machine_v0_12 = { - .property = "event_idx", - .value = "off", - },{ -+ .driver = "virtio-balloon-pci", -+ .property = "event_idx", -+ .value = "off", -+ },{ - .driver = "AC97", - .property = "use_broken_id", - .value = stringify(1), -@@ -470,6 +494,10 @@ static QEMUMachine pc_machine_v0_11 = { - .property = "event_idx", - .value = "off", - },{ -+ .driver = "virtio-balloon-pci", -+ .property = "event_idx", -+ .value = "off", -+ },{ - .driver = "AC97", - .property = "use_broken_id", - .value = stringify(1), -@@ -537,6 +565,10 @@ static QEMUMachine pc_machine_v0_10 = { - .property = "event_idx", - .value = "off", - },{ -+ .driver = "virtio-balloon-pci", -+ .property = "event_idx", -+ .value = "off", -+ },{ - .driver = "AC97", - .property = "use_broken_id", - .value = stringify(1), --- -1.7.7.5 - diff --git a/0015-Fix-parse-of-usb-device-description-with-multiple-co.patch b/0015-Fix-parse-of-usb-device-description-with-multiple-co.patch deleted file mode 100644 index efc5119..0000000 --- a/0015-Fix-parse-of-usb-device-description-with-multiple-co.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 9b81fbdbb0cc930aacec343c6ab37adfd60c9e76 Mon Sep 17 00:00:00 2001 -From: "Cao,Bing Bu" -Date: Tue, 13 Dec 2011 09:22:20 +0800 -Subject: [PATCH 15/25] Fix parse of usb device description with multiple - configurations - -Changed From V1: -Use DPRINTF instead of fprintf,because it is not an error. - -When testing ipod on QEMU by He Jie Xu,qemu made a assertion. -We found that the ipod with 2 configurations,and the usb-linux did not parse the descriptor correctly. -The descr_len returned is the total length of the all configurations,not one configuration. -The older version will through the other configurations instead of skip,continue parsing the descriptor of interfaces/endpoints in other configurations,then went wrong. - -This patch will put the configuration descriptor parse in loop outside and dispel the other configurations not requested. - -Signed-off-by: Cao,Bing Bu -Signed-off-by: Gerd Hoffmann ---- - usb-linux.c | 19 +++++++++++-------- - 1 files changed, 11 insertions(+), 8 deletions(-) - -diff --git a/usb-linux.c b/usb-linux.c -index ab4c693..ed14bb1 100644 ---- a/usb-linux.c -+++ b/usb-linux.c -@@ -1141,15 +1141,18 @@ static int usb_linux_update_endp_table(USBHostDevice *s) - length = s->descr_len - 18; - i = 0; - -- if (descriptors[i + 1] != USB_DT_CONFIG || -- descriptors[i + 5] != s->configuration) { -- fprintf(stderr, "invalid descriptor data - configuration %d\n", -- s->configuration); -- return 1; -- } -- i += descriptors[i]; -- - while (i < length) { -+ if (descriptors[i + 1] != USB_DT_CONFIG) { -+ fprintf(stderr, "invalid descriptor data\n"); -+ return 1; -+ } else if (descriptors[i + 5] != s->configuration) { -+ DPRINTF("not requested configuration %d\n", s->configuration); -+ i += (descriptors[i + 3] << 8) + descriptors[i + 2]; -+ continue; -+ } -+ -+ i += descriptors[i]; -+ - if (descriptors[i + 1] != USB_DT_INTERFACE || - (descriptors[i + 1] == USB_DT_INTERFACE && - descriptors[i + 4] == 0)) { --- -1.7.7.5 - diff --git a/0016-usb-storage-cancel-I-O-on-reset.patch b/0016-usb-storage-cancel-I-O-on-reset.patch deleted file mode 100644 index 5fdd63d..0000000 --- a/0016-usb-storage-cancel-I-O-on-reset.patch +++ /dev/null @@ -1,40 +0,0 @@ -From f63d074313c5df917535587b50802ece7beb6e45 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Wed, 4 Jan 2012 18:13:54 +0100 -Subject: [PATCH 16/25] usb-storage: cancel I/O on reset - -When resetting the usb-storage device we'll have to carefully cancel -and clear any requests which might be in flight, otherwise we'll confuse -the state machine. - -Signed-off-by: Gerd Hoffmann ---- - hw/usb-msd.c | 12 ++++++++++++ - 1 files changed, 12 insertions(+), 0 deletions(-) - -diff --git a/hw/usb-msd.c b/hw/usb-msd.c -index 4c06950..3147131 100644 ---- a/hw/usb-msd.c -+++ b/hw/usb-msd.c -@@ -278,6 +278,18 @@ static void usb_msd_handle_reset(USBDevice *dev) - MSDState *s = (MSDState *)dev; - - DPRINTF("Reset\n"); -+ if (s->req) { -+ scsi_req_cancel(s->req); -+ } -+ assert(s->req == NULL); -+ -+ if (s->packet) { -+ USBPacket *p = s->packet; -+ s->packet = NULL; -+ p->result = USB_RET_STALL; -+ usb_packet_complete(dev, p); -+ } -+ - s->mode = USB_MSDM_CBW; - } - --- -1.7.7.5 - diff --git a/0017-usb-host-properly-release-port-on-unplug-exit.patch b/0017-usb-host-properly-release-port-on-unplug-exit.patch deleted file mode 100644 index 5804510..0000000 --- a/0017-usb-host-properly-release-port-on-unplug-exit.patch +++ /dev/null @@ -1,111 +0,0 @@ -From c936f649d4a6b87cabe809170874f6b560cc0524 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Thu, 5 Jan 2012 15:49:18 +0100 -Subject: [PATCH 17/25] usb-host: properly release port on unplug & exit - -Factor out port release into a separate function. Call release function -in exit notifier too. Add explicit call the USBDEVFS_RELEASE_PORT -ioctl, just closing the hub file handle seems not to be enougth. Make -sure we release the port before resetting the device, otherwise host -drivers will not re-attach. - -Signed-off-by: Gerd Hoffmann ---- - usb-linux.c | 28 ++++++++++++++++++++-------- - 1 files changed, 20 insertions(+), 8 deletions(-) - -diff --git a/usb-linux.c b/usb-linux.c -index ed14bb1..749ce71 100644 ---- a/usb-linux.c -+++ b/usb-linux.c -@@ -116,6 +116,7 @@ typedef struct USBHostDevice { - USBDevice dev; - int fd; - int hub_fd; -+ int hub_port; - - uint8_t descr[8192]; - int descr_len; -@@ -434,7 +435,7 @@ static int usb_host_claim_port(USBHostDevice *s) - { - #ifdef USBDEVFS_CLAIM_PORT - char *h, hub_name[64], line[1024]; -- int hub_addr, portnr, ret; -+ int hub_addr, ret; - - snprintf(hub_name, sizeof(hub_name), "%d-%s", - s->match.bus_num, s->match.port); -@@ -442,13 +443,13 @@ static int usb_host_claim_port(USBHostDevice *s) - /* try strip off last ".$portnr" to get hub */ - h = strrchr(hub_name, '.'); - if (h != NULL) { -- portnr = atoi(h+1); -+ s->hub_port = atoi(h+1); - *h = '\0'; - } else { - /* no dot in there -> it is the root hub */ - snprintf(hub_name, sizeof(hub_name), "usb%d", - s->match.bus_num); -- portnr = atoi(s->match.port); -+ s->hub_port = atoi(s->match.port); - } - - if (!usb_host_read_file(line, sizeof(line), "devnum", -@@ -469,20 +470,32 @@ static int usb_host_claim_port(USBHostDevice *s) - return -1; - } - -- ret = ioctl(s->hub_fd, USBDEVFS_CLAIM_PORT, &portnr); -+ ret = ioctl(s->hub_fd, USBDEVFS_CLAIM_PORT, &s->hub_port); - if (ret < 0) { - close(s->hub_fd); - s->hub_fd = -1; - return -1; - } - -- trace_usb_host_claim_port(s->match.bus_num, hub_addr, portnr); -+ trace_usb_host_claim_port(s->match.bus_num, hub_addr, s->hub_port); - return 0; - #else - return -1; - #endif - } - -+static void usb_host_release_port(USBHostDevice *s) -+{ -+ if (s->hub_fd == -1) { -+ return; -+ } -+#ifdef USBDEVFS_RELEASE_PORT -+ ioctl(s->hub_fd, USBDEVFS_RELEASE_PORT, &s->hub_port); -+#endif -+ close(s->hub_fd); -+ s->hub_fd = -1; -+} -+ - static int usb_host_disconnect_ifaces(USBHostDevice *dev, int nb_interfaces) - { - /* earlier Linux 2.4 do not support that */ -@@ -635,10 +648,8 @@ static void usb_host_handle_destroy(USBDevice *dev) - { - USBHostDevice *s = (USBHostDevice *)dev; - -+ usb_host_release_port(s); - usb_host_close(s); -- if (s->hub_fd != -1) { -- close(s->hub_fd); -- } - QTAILQ_REMOVE(&hostdevs, s, next); - qemu_remove_exit_notifier(&s->exit); - } -@@ -1402,6 +1413,7 @@ static void usb_host_exit_notifier(struct Notifier *n, void *data) - { - USBHostDevice *s = container_of(n, USBHostDevice, exit); - -+ usb_host_release_port(s); - if (s->fd != -1) { - usb_host_do_reset(s);; - } --- -1.7.7.5 - diff --git a/0018-usb-ohci-td.cbp-incorrectly-updated-near-page-end.patch b/0018-usb-ohci-td.cbp-incorrectly-updated-near-page-end.patch deleted file mode 100644 index bba083e..0000000 --- a/0018-usb-ohci-td.cbp-incorrectly-updated-near-page-end.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 23201c64a789cf948fedcea221a4b6e197fcd628 Mon Sep 17 00:00:00 2001 -From: Andriy Gapon -Date: Thu, 22 Dec 2011 11:34:30 +0200 -Subject: [PATCH 18/25] usb-ohci: td.cbp incorrectly updated near page end - -The current code that updates the cbp value after a transfer looks like this: -td.cbp += ret; -if ((td.cbp & 0xfff) + ret > 0xfff) { - -because the 'ret' value is effectively added twice the check may fire too early -when the overflow hasn't happened yet. - -Below is one of the possible changes that correct the behavior: - -Signed-off-by: Gerd Hoffmann ---- - hw/usb-ohci.c | 6 +++--- - 1 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/hw/usb-ohci.c b/hw/usb-ohci.c -index c2981c5..c27014a 100644 ---- a/hw/usb-ohci.c -+++ b/hw/usb-ohci.c -@@ -1025,10 +1025,10 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed) - if (ret == len) { - td.cbp = 0; - } else { -- td.cbp += ret; - if ((td.cbp & 0xfff) + ret > 0xfff) { -- td.cbp &= 0xfff; -- td.cbp |= td.be & ~0xfff; -+ td.cbp = (td.be & ~0xfff) + ((td.cbp + ret) & 0xfff); -+ } else { -+ td.cbp += ret; - } - } - td.flags |= OHCI_TD_T1; --- -1.7.7.5 - diff --git a/0019-target-sh4-ignore-ocbp-and-ocbwb-instructions.patch b/0019-target-sh4-ignore-ocbp-and-ocbwb-instructions.patch deleted file mode 100644 index d3a4197..0000000 --- a/0019-target-sh4-ignore-ocbp-and-ocbwb-instructions.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 37769d27270eff15d878a1c7df23407fc5f09b7f Mon Sep 17 00:00:00 2001 -From: Aurelien Jarno -Date: Sat, 7 Jan 2012 15:20:12 +0100 -Subject: [PATCH 19/25] target-sh4: ignore ocbp and ocbwb instructions - -ocbp and ocbwb controls the writeback of a cache line to memory. They -are supposed to do nothing in case of a cache miss. Given QEMU only -partially emulate caches, it is safe to ignore these instructions. - -This fixes a kernel oops when trying to access an rtl8139 NIC with -recent versions. - -Signed-off-by: Aurelien Jarno -(cherry picked from commit 0cdb95549fedc73e13c147ab9dcabcc303426a07) ---- - target-sh4/translate.c | 14 +++----------- - 1 files changed, 3 insertions(+), 11 deletions(-) - -diff --git a/target-sh4/translate.c b/target-sh4/translate.c -index bad3577..e04a6e0 100644 ---- a/target-sh4/translate.c -+++ b/target-sh4/translate.c -@@ -1652,18 +1652,10 @@ static void _decode_opc(DisasContext * ctx) - } - return; - case 0x00a3: /* ocbp @Rn */ -- { -- TCGv dummy = tcg_temp_new(); -- tcg_gen_qemu_ld32s(dummy, REG(B11_8), ctx->memidx); -- tcg_temp_free(dummy); -- } -- return; - case 0x00b3: /* ocbwb @Rn */ -- { -- TCGv dummy = tcg_temp_new(); -- tcg_gen_qemu_ld32s(dummy, REG(B11_8), ctx->memidx); -- tcg_temp_free(dummy); -- } -+ /* These instructions are supposed to do nothing in case of -+ a cache miss. Given that we only partially emulate caches -+ it is safe to simply ignore them. */ - return; - case 0x0083: /* pref @Rn */ - return; --- -1.7.7.5 - diff --git a/0020-PPC-Fix-linker-scripts-on-ppc-hosts.patch b/0020-PPC-Fix-linker-scripts-on-ppc-hosts.patch deleted file mode 100644 index f6ce35a..0000000 --- a/0020-PPC-Fix-linker-scripts-on-ppc-hosts.patch +++ /dev/null @@ -1,74 +0,0 @@ -From fbcf305e5adc310e6383d4ec5e844f3f8d072116 Mon Sep 17 00:00:00 2001 -From: Alexander Graf -Date: Mon, 12 Dec 2011 22:36:01 +0100 -Subject: [PATCH 20/25] PPC: Fix linker scripts on ppc hosts - -When compiling qemu statically with multilib on PPC, we hit the -same issue that commit 845f2c2812d9ed24b36c02a3d06ee83aeafe8b49 -is fixing. Do the same here. - -Signed-off-by: Alexander Graf -Signed-off-by: Aurelien Jarno -(cherry picked from commit 665a04ae1cbfa8004a38cf0fe99ba799c978a1fe) ---- - ppc.ld | 16 ++++++++++++++-- - ppc64.ld | 16 ++++++++++++++-- - 2 files changed, 28 insertions(+), 4 deletions(-) - -diff --git a/ppc.ld b/ppc.ld -index 69aa3f2..2a0dcad 100644 ---- a/ppc.ld -+++ b/ppc.ld -@@ -49,8 +49,20 @@ SECTIONS - .rela.sbss2 : { *(.rela.sbss2 .rela.sbss2.* .rela.gnu.linkonce.sb2.*) } - .rel.bss : { *(.rel.bss .rel.bss.* .rel.gnu.linkonce.b.*) } - .rela.bss : { *(.rela.bss .rela.bss.* .rela.gnu.linkonce.b.*) } -- .rel.plt : { *(.rel.plt) } -- .rela.plt : { *(.rela.plt) } -+ .rel.plt : -+ { -+ *(.rel.plt) -+ PROVIDE (__rel_iplt_start = .); -+ *(.rel.iplt) -+ PROVIDE (__rel_iplt_end = .); -+ } -+ .rela.plt : -+ { -+ *(.rela.plt) -+ PROVIDE (__rela_iplt_start = .); -+ *(.rela.iplt) -+ PROVIDE (__rela_iplt_end = .); -+ } - .init : - { - KEEP (*(.init)) -diff --git a/ppc64.ld b/ppc64.ld -index 0a7c0dd..e2dafa0 100644 ---- a/ppc64.ld -+++ b/ppc64.ld -@@ -54,8 +54,20 @@ SECTIONS - *(.rela.sbss2 .rela.sbss2.* .rela.gnu.linkonce.sb2.*) - *(.rela.bss .rela.bss.* .rela.gnu.linkonce.b.*) - } -- .rel.plt : { *(.rel.plt) } -- .rela.plt : { *(.rela.plt) } -+ .rel.plt : -+ { -+ *(.rel.plt) -+ PROVIDE (__rel_iplt_start = .); -+ *(.rel.iplt) -+ PROVIDE (__rel_iplt_end = .); -+ } -+ .rela.plt : -+ { -+ *(.rela.plt) -+ PROVIDE (__rela_iplt_start = .); -+ *(.rela.iplt) -+ PROVIDE (__rela_iplt_end = .); -+ } - .rela.tocbss : { *(.rela.tocbss) } - .init : - { --- -1.7.7.5 - diff --git a/0021-qiov-prevent-double-free-or-use-after-free.patch b/0021-qiov-prevent-double-free-or-use-after-free.patch deleted file mode 100644 index 08e0e84..0000000 --- a/0021-qiov-prevent-double-free-or-use-after-free.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 6061f16a8a119a46e61f2ddbabdb58f83e8857f7 Mon Sep 17 00:00:00 2001 -From: Paolo Bonzini -Date: Fri, 25 Nov 2011 12:06:22 +0100 -Subject: [PATCH 21/25] qiov: prevent double free or use-after-free - -qemu_iovec_destroy does not clear the QEMUIOVector fully, and the data -could thus be used after free or freed again. While I do not know any -example in the tree, I observed this using virtio-scsi (and SCSI -scatter/gather) when canceling DMA requests. - -Signed-off-by: Paolo Bonzini -Signed-off-by: Kevin Wolf ---- - cutils.c | 3 +++ - 1 files changed, 3 insertions(+), 0 deletions(-) - -diff --git a/cutils.c b/cutils.c -index 6db6304..24b3fe3 100644 ---- a/cutils.c -+++ b/cutils.c -@@ -217,7 +217,10 @@ void qemu_iovec_destroy(QEMUIOVector *qiov) - { - assert(qiov->nalloc != -1); - -+ qemu_iovec_reset(qiov); - g_free(qiov->iov); -+ qiov->nalloc = 0; -+ qiov->iov = NULL; - } - - void qemu_iovec_reset(QEMUIOVector *qiov) --- -1.7.7.5 - diff --git a/0022-coroutine-switch-per-thread-free-pool-to-a-global-po.patch b/0022-coroutine-switch-per-thread-free-pool-to-a-global-po.patch deleted file mode 100644 index eebdfaa..0000000 --- a/0022-coroutine-switch-per-thread-free-pool-to-a-global-po.patch +++ /dev/null @@ -1,115 +0,0 @@ -From fe5c13ebf1161d0f324229cfb36cb5fb87ec6248 Mon Sep 17 00:00:00 2001 -From: Avi Kivity -Date: Mon, 5 Dec 2011 19:20:12 +0200 -Subject: [PATCH 22/25] coroutine: switch per-thread free pool to a global - pool - -ucontext-based coroutines use a free pool to reduce allocations and -deallocations of coroutine objects. The pool is per-thread, presumably -to improve locality. However, as coroutines are usually allocated in -a vcpu thread and freed in the I/O thread, the pool accounting gets -screwed up and we end allocating and freeing a coroutine for every I/O -request. This is expensive since large objects are allocated via the -kernel, and are not cached by the C runtime. - -Fix by switching to a global pool. This is safe since we're protected -by the global mutex. - -Signed-off-by: Avi Kivity -Signed-off-by: Kevin Wolf ---- - coroutine-ucontext.c | 30 ++++++++++++++++-------------- - 1 files changed, 16 insertions(+), 14 deletions(-) - -diff --git a/coroutine-ucontext.c b/coroutine-ucontext.c -index 2b8d3e9..3d01075 100644 ---- a/coroutine-ucontext.c -+++ b/coroutine-ucontext.c -@@ -35,6 +35,10 @@ enum { - POOL_MAX_SIZE = 64, - }; - -+/** Free list to speed up creation */ -+static QLIST_HEAD(, Coroutine) pool = QLIST_HEAD_INITIALIZER(pool); -+static unsigned int pool_size; -+ - typedef struct { - Coroutine base; - void *stack; -@@ -48,10 +52,6 @@ typedef struct { - /** Currently executing coroutine */ - Coroutine *current; - -- /** Free list to speed up creation */ -- QLIST_HEAD(, Coroutine) pool; -- unsigned int pool_size; -- - /** The default coroutine */ - CoroutineUContext leader; - } CoroutineThreadState; -@@ -75,7 +75,6 @@ static CoroutineThreadState *coroutine_get_thread_state(void) - if (!s) { - s = g_malloc0(sizeof(*s)); - s->current = &s->leader.base; -- QLIST_INIT(&s->pool); - pthread_setspecific(thread_state_key, s); - } - return s; -@@ -84,14 +83,19 @@ static CoroutineThreadState *coroutine_get_thread_state(void) - static void qemu_coroutine_thread_cleanup(void *opaque) - { - CoroutineThreadState *s = opaque; -+ -+ g_free(s); -+} -+ -+static void __attribute__((destructor)) coroutine_cleanup(void) -+{ - Coroutine *co; - Coroutine *tmp; - -- QLIST_FOREACH_SAFE(co, &s->pool, pool_next, tmp) { -+ QLIST_FOREACH_SAFE(co, &pool, pool_next, tmp) { - g_free(DO_UPCAST(CoroutineUContext, base, co)->stack); - g_free(co); - } -- g_free(s); - } - - static void __attribute__((constructor)) coroutine_init(void) -@@ -169,13 +173,12 @@ static Coroutine *coroutine_new(void) - - Coroutine *qemu_coroutine_new(void) - { -- CoroutineThreadState *s = coroutine_get_thread_state(); - Coroutine *co; - -- co = QLIST_FIRST(&s->pool); -+ co = QLIST_FIRST(&pool); - if (co) { - QLIST_REMOVE(co, pool_next); -- s->pool_size--; -+ pool_size--; - } else { - co = coroutine_new(); - } -@@ -184,13 +187,12 @@ Coroutine *qemu_coroutine_new(void) - - void qemu_coroutine_delete(Coroutine *co_) - { -- CoroutineThreadState *s = coroutine_get_thread_state(); - CoroutineUContext *co = DO_UPCAST(CoroutineUContext, base, co_); - -- if (s->pool_size < POOL_MAX_SIZE) { -- QLIST_INSERT_HEAD(&s->pool, &co->base, pool_next); -+ if (pool_size < POOL_MAX_SIZE) { -+ QLIST_INSERT_HEAD(&pool, &co->base, pool_next); - co->base.caller = NULL; -- s->pool_size++; -+ pool_size++; - return; - } - --- -1.7.7.5 - diff --git a/0023-qemu-img-rebase-Fix-for-undersized-backing-files.patch b/0023-qemu-img-rebase-Fix-for-undersized-backing-files.patch deleted file mode 100644 index 413ebd0..0000000 --- a/0023-qemu-img-rebase-Fix-for-undersized-backing-files.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 5bb37d151b026759ee35f04212b11b4d625c7431 Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Wed, 7 Dec 2011 12:42:10 +0100 -Subject: [PATCH 23/25] qemu-img rebase: Fix for undersized backing files - -Backing files may be smaller than the corresponding COW file. When -reading directly from the backing file, qemu-img rebase must consider -this and assume zero sectors after the end of backing files. - -Signed-off-by: Kevin Wolf -Reviewed-by: Stefan Hajnoczi ---- - qemu-img.c | 42 +++++++++++++++++++++++++++++++++--------- - 1 files changed, 33 insertions(+), 9 deletions(-) - -diff --git a/qemu-img.c b/qemu-img.c -index 8bdae66..01cc0d3 100644 ---- a/qemu-img.c -+++ b/qemu-img.c -@@ -1420,6 +1420,8 @@ static int img_rebase(int argc, char **argv) - */ - if (!unsafe) { - uint64_t num_sectors; -+ uint64_t old_backing_num_sectors; -+ uint64_t new_backing_num_sectors; - uint64_t sector; - int n; - uint8_t * buf_old; -@@ -1430,6 +1432,8 @@ static int img_rebase(int argc, char **argv) - buf_new = qemu_blockalign(bs, IO_BUF_SIZE); - - bdrv_get_geometry(bs, &num_sectors); -+ bdrv_get_geometry(bs_old_backing, &old_backing_num_sectors); -+ bdrv_get_geometry(bs_new_backing, &new_backing_num_sectors); - - local_progress = (float)100 / - (num_sectors / MIN(num_sectors, IO_BUF_SIZE / 512)); -@@ -1448,16 +1452,36 @@ static int img_rebase(int argc, char **argv) - continue; - } - -- /* Read old and new backing file */ -- ret = bdrv_read(bs_old_backing, sector, buf_old, n); -- if (ret < 0) { -- error_report("error while reading from old backing file"); -- goto out; -+ /* -+ * Read old and new backing file and take into consideration that -+ * backing files may be smaller than the COW image. -+ */ -+ if (sector >= old_backing_num_sectors) { -+ memset(buf_old, 0, n * BDRV_SECTOR_SIZE); -+ } else { -+ if (sector + n > old_backing_num_sectors) { -+ n = old_backing_num_sectors - sector; -+ } -+ -+ ret = bdrv_read(bs_old_backing, sector, buf_old, n); -+ if (ret < 0) { -+ error_report("error while reading from old backing file"); -+ goto out; -+ } - } -- ret = bdrv_read(bs_new_backing, sector, buf_new, n); -- if (ret < 0) { -- error_report("error while reading from new backing file"); -- goto out; -+ -+ if (sector >= new_backing_num_sectors) { -+ memset(buf_new, 0, n * BDRV_SECTOR_SIZE); -+ } else { -+ if (sector + n > new_backing_num_sectors) { -+ n = new_backing_num_sectors - sector; -+ } -+ -+ ret = bdrv_read(bs_new_backing, sector, buf_new, n); -+ if (ret < 0) { -+ error_report("error while reading from new backing file"); -+ goto out; -+ } - } - - /* If they differ, we need to write to the COW file */ --- -1.7.7.5 - diff --git a/0024-Documentation-Add-qemu-img-t-parameter-in-man-page.patch b/0024-Documentation-Add-qemu-img-t-parameter-in-man-page.patch deleted file mode 100644 index 6df771d..0000000 --- a/0024-Documentation-Add-qemu-img-t-parameter-in-man-page.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 8afe984ef7aa25cb2f8af51da021fdc8a242884d Mon Sep 17 00:00:00 2001 -From: Kevin Wolf -Date: Wed, 7 Dec 2011 13:57:13 +0100 -Subject: [PATCH 24/25] Documentation: Add qemu-img -t parameter in man page - -Signed-off-by: Kevin Wolf -Reviewed-by: Stefan Hajnoczi ---- - qemu-img-cmds.hx | 6 +++--- - qemu-img.texi | 10 +++++++--- - 2 files changed, 10 insertions(+), 6 deletions(-) - -diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx -index 4be00a5..49dce7c 100644 ---- a/qemu-img-cmds.hx -+++ b/qemu-img-cmds.hx -@@ -24,13 +24,13 @@ ETEXI - DEF("commit", img_commit, - "commit [-f fmt] [-t cache] filename") - STEXI --@item commit [-f @var{fmt}] @var{filename} -+@item commit [-f @var{fmt}] [-t @var{cache}] @var{filename} - ETEXI - - DEF("convert", img_convert, - "convert [-c] [-p] [-f fmt] [-t cache] [-O output_fmt] [-o options] [-s snapshot_name] [-S sparse_size] filename [filename2 [...]] output_filename") - STEXI --@item convert [-c] [-p] [-f @var{fmt}] [-O @var{output_fmt}] [-o @var{options}] [-s @var{snapshot_name}] [-S @var{sparse_size}] @var{filename} [@var{filename2} [...]] @var{output_filename} -+@item convert [-c] [-p] [-f @var{fmt}] [-t @var{cache}] [-O @var{output_fmt}] [-o @var{options}] [-s @var{snapshot_name}] [-S @var{sparse_size}] @var{filename} [@var{filename2} [...]] @var{output_filename} - ETEXI - - DEF("info", img_info, -@@ -48,7 +48,7 @@ ETEXI - DEF("rebase", img_rebase, - "rebase [-f fmt] [-t cache] [-p] [-u] -b backing_file [-F backing_fmt] filename") - STEXI --@item rebase [-f @var{fmt}] [-p] [-u] -b @var{backing_file} [-F @var{backing_fmt}] @var{filename} -+@item rebase [-f @var{fmt}] [-t @var{cache}] [-p] [-u] -b @var{backing_file} [-F @var{backing_fmt}] @var{filename} - ETEXI - - DEF("resize", img_resize, -diff --git a/qemu-img.texi b/qemu-img.texi -index 70fa321..b2ca3a5 100644 ---- a/qemu-img.texi -+++ b/qemu-img.texi -@@ -45,6 +45,10 @@ indicates the consecutive number of bytes that must contain only zeros - for qemu-img to create a sparse image during conversion. This value is rounded - down to the nearest 512 bytes. You may use the common size suffixes like - @code{k} for kilobytes. -+@item -t @var{cache} -+specifies the cache mode that should be used with the (destination) file. See -+the documentation of the emulator's @code{-drive cache=...} option for allowed -+values. - @end table - - Parameters to snapshot subcommand: -@@ -87,11 +91,11 @@ this case. @var{backing_file} will never be modified unless you use the - The size can also be specified using the @var{size} option with @code{-o}, - it doesn't need to be specified separately in this case. - --@item commit [-f @var{fmt}] @var{filename} -+@item commit [-f @var{fmt}] [-t @var{cache}] @var{filename} - - Commit the changes recorded in @var{filename} in its base image. - --@item convert [-c] [-p] [-f @var{fmt}] [-O @var{output_fmt}] [-o @var{options}] [-s @var{snapshot_name}] [-S @var{sparse_size}] @var{filename} [@var{filename2} [...]] @var{output_filename} -+@item convert [-c] [-p] [-f @var{fmt}] [-t @var{cache}] [-O @var{output_fmt}] [-o @var{options}] [-s @var{snapshot_name}] [-S @var{sparse_size}] @var{filename} [@var{filename2} [...]] @var{output_filename} - - Convert the disk image @var{filename} or a snapshot @var{snapshot_name} to disk image @var{output_filename} - using format @var{output_fmt}. It can be optionally compressed (@code{-c} -@@ -121,7 +125,7 @@ they are displayed too. - - List, apply, create or delete snapshots in image @var{filename}. - --@item rebase [-f @var{fmt}] [-p] [-u] -b @var{backing_file} [-F @var{backing_fmt}] @var{filename} -+@item rebase [-f @var{fmt}] [-t @var{cache}] [-p] [-u] -b @var{backing_file} [-F @var{backing_fmt}] @var{filename} - - Changes the backing file of an image. Only the formats @code{qcow2} and - @code{qed} support changing the backing file. --- -1.7.7.5 - diff --git a/0025-rbd-always-set-out-parameter-in-qemu_rbd_snap_list.patch b/0025-rbd-always-set-out-parameter-in-qemu_rbd_snap_list.patch deleted file mode 100644 index fb7010d..0000000 --- a/0025-rbd-always-set-out-parameter-in-qemu_rbd_snap_list.patch +++ /dev/null @@ -1,39 +0,0 @@ -From e47c212cb5af148ab6d9dcf49bc0e054fe9c2e1d Mon Sep 17 00:00:00 2001 -From: Josh Durgin -Date: Tue, 6 Dec 2011 17:05:10 -0800 -Subject: [PATCH 25/25] rbd: always set out parameter in qemu_rbd_snap_list - -The caller expects psn_tab to be NULL when there are no snapshots or -an error occurs. This results in calling g_free on an invalid address. - -Reported-by: Oliver Francke -Signed-off-by: Josh Durgin -Signed-off-by: Kevin Wolf ---- - block/rbd.c | 3 ++- - 1 files changed, 2 insertions(+), 1 deletions(-) - -diff --git a/block/rbd.c b/block/rbd.c -index 9088c52..54a6961 100644 ---- a/block/rbd.c -+++ b/block/rbd.c -@@ -808,7 +808,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs, - } while (snap_count == -ERANGE); - - if (snap_count <= 0) { -- return snap_count; -+ goto done; - } - - sn_tab = g_malloc0(snap_count * sizeof(QEMUSnapshotInfo)); -@@ -827,6 +827,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs, - } - rbd_snap_list_end(snaps); - -+ done: - *psn_tab = sn_tab; - return snap_count; - } --- -1.7.7.5 - diff --git a/0026-e1000-bounds-packet-size-against-buffer-size.patch b/0026-e1000-bounds-packet-size-against-buffer-size.patch deleted file mode 100644 index bd2bdc7..0000000 --- a/0026-e1000-bounds-packet-size-against-buffer-size.patch +++ /dev/null @@ -1,37 +0,0 @@ -From d0ed2d2e8e863a9a64c9fc9c08fa68bee546ad00 Mon Sep 17 00:00:00 2001 -From: Anthony Liguori -Date: Mon, 23 Jan 2012 07:30:43 -0600 -Subject: [PATCH 26/26] e1000: bounds packet size against buffer size - -Otherwise we can write beyond the buffer and corrupt memory. This is tracked -as CVE-2012-0029. - -Signed-off-by: Anthony Liguori ---- - hw/e1000.c | 3 +++ - 1 files changed, 3 insertions(+), 0 deletions(-) - -diff --git a/hw/e1000.c b/hw/e1000.c -index 986ed9c..e164d79 100644 ---- a/hw/e1000.c -+++ b/hw/e1000.c -@@ -466,6 +466,8 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) - bytes = split_size; - if (tp->size + bytes > msh) - bytes = msh - tp->size; -+ -+ bytes = MIN(sizeof(tp->data) - tp->size, bytes); - pci_dma_read(&s->dev, addr, tp->data + tp->size, bytes); - if ((sz = tp->size + bytes) >= hdr && tp->size < hdr) - memmove(tp->header, tp->data, hdr); -@@ -481,6 +483,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) - // context descriptor TSE is not set, while data descriptor TSE is set - DBGOUT(TXERR, "TCP segmentaion Error\n"); - } else { -+ split_size = MIN(sizeof(tp->data) - tp->size, split_size); - pci_dma_read(&s->dev, addr, tp->data + tp->size, split_size); - tp->size += split_size; - } --- -1.7.7.6 - diff --git a/0101-char-Split-out-tcp-socket-close-code-in-a-separate-f.patch b/0101-char-Split-out-tcp-socket-close-code-in-a-separate-f.patch new file mode 100644 index 0000000..8f5a24b --- /dev/null +++ b/0101-char-Split-out-tcp-socket-close-code-in-a-separate-f.patch @@ -0,0 +1,57 @@ +From 5b79aa329a378537ec939cee75df10ca073b367f Mon Sep 17 00:00:00 2001 +From: Amit Shah +Date: Mon, 21 Mar 2011 21:57:47 +0100 +Subject: [PATCH 101/114] char: Split out tcp socket close code in a separate + function + +Signed-off-by: Amit Shah +--- + qemu-char.c | 25 ++++++++++++++++--------- + 1 file changed, 16 insertions(+), 9 deletions(-) + +diff --git a/qemu-char.c b/qemu-char.c +index fe1126f..78d2a69 100644 +--- a/qemu-char.c ++++ b/qemu-char.c +@@ -2141,6 +2141,21 @@ typedef struct { + + static void tcp_chr_accept(void *opaque); + ++static void tcp_closed(void *opaque) ++{ ++ CharDriverState *chr = opaque; ++ TCPCharDriver *s = chr->opaque; ++ ++ s->connected = 0; ++ if (s->listen_fd >= 0) { ++ qemu_set_fd_handler2(s->listen_fd, NULL, tcp_chr_accept, NULL, chr); ++ } ++ qemu_set_fd_handler2(s->fd, NULL, NULL, NULL, NULL); ++ closesocket(s->fd); ++ s->fd = -1; ++ qemu_chr_be_event(chr, CHR_EVENT_CLOSED); ++} ++ + static int tcp_chr_write(CharDriverState *chr, const uint8_t *buf, int len) + { + TCPCharDriver *s = chr->opaque; +@@ -2291,15 +2306,7 @@ static void tcp_chr_read(void *opaque) + len = s->max_size; + size = tcp_chr_recv(chr, (void *)buf, len); + if (size == 0) { +- /* connection closed */ +- s->connected = 0; +- if (s->listen_fd >= 0) { +- qemu_set_fd_handler2(s->listen_fd, NULL, tcp_chr_accept, NULL, chr); +- } +- qemu_set_fd_handler2(s->fd, NULL, NULL, NULL, NULL); +- closesocket(s->fd); +- s->fd = -1; +- qemu_chr_be_event(chr, CHR_EVENT_CLOSED); ++ tcp_closed(chr); + } else if (size > 0) { + if (s->do_telnetopt) + tcp_chr_process_IAC_bytes(chr, s, buf, &size); +-- +1.7.10.4 + diff --git a/0101-usb-redir-Clear-iso-irq-error-when-stopping-the-stre.patch b/0101-usb-redir-Clear-iso-irq-error-when-stopping-the-stre.patch deleted file mode 100644 index 324f9e4..0000000 --- a/0101-usb-redir-Clear-iso-irq-error-when-stopping-the-stre.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 01936dfd5b9fa8117fc1d63ce92198dd28422773 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Mon, 19 Dec 2011 14:59:45 +0100 -Subject: [PATCH 101/118] usb-redir: Clear iso / irq error when stopping the - stream - -And ignore status messages from the client which arrive after stream -stop (the stream stop send to the client and an error status reported by -the client my cross each other due to network latency). - -Signed-off-by: Hans de Goede ---- - usb-redir.c | 6 ++++-- - 1 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/usb-redir.c b/usb-redir.c -index fb91c92..7678f1a 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -410,6 +410,7 @@ static void usbredir_stop_iso_stream(USBRedirDevice *dev, uint8_t ep) - DPRINTF("iso stream stopped ep %02X\n", ep); - dev->endpoint[EP2I(ep)].iso_started = 0; - } -+ dev->endpoint[EP2I(ep)].iso_error = 0; - usbredir_free_bufpq(dev, ep); - } - -@@ -522,6 +523,7 @@ static void usbredir_stop_interrupt_receiving(USBRedirDevice *dev, - DPRINTF("interrupt recv stopped ep %02X\n", ep); - dev->endpoint[EP2I(ep)].interrupt_started = 0; - } -+ dev->endpoint[EP2I(ep)].interrupt_error = 0; - usbredir_free_bufpq(dev, ep); - } - -@@ -1029,7 +1031,7 @@ static void usbredir_iso_stream_status(void *priv, uint32_t id, - DPRINTF("iso status %d ep %02X id %u\n", iso_stream_status->status, - ep, id); - -- if (!dev->dev.attached) { -+ if (!dev->dev.attached || !dev->endpoint[EP2I(ep)].iso_started) { - return; - } - -@@ -1050,7 +1052,7 @@ static void usbredir_interrupt_receiving_status(void *priv, uint32_t id, - DPRINTF("interrupt recv status %d ep %02X id %u\n", - interrupt_receiving_status->status, ep, id); - -- if (!dev->dev.attached) { -+ if (!dev->dev.attached || !dev->endpoint[EP2I(ep)].interrupt_started) { - return; - } - --- -1.7.7.5 - diff --git a/0102-char-Add-a-QemuChrHandlers-struct-to-initialise-char.patch b/0102-char-Add-a-QemuChrHandlers-struct-to-initialise-char.patch new file mode 100644 index 0000000..5c6b719 --- /dev/null +++ b/0102-char-Add-a-QemuChrHandlers-struct-to-initialise-char.patch @@ -0,0 +1,931 @@ +From 0e725325a4f3d1eb0eaa243cc059df2774c9c098 Mon Sep 17 00:00:00 2001 +From: Amit Shah +Date: Mon, 21 Mar 2011 20:31:45 +0100 +Subject: [PATCH 102/114] char: Add a QemuChrHandlers struct to initialise + chardev handlers + +Instead of passing each handler in the qemu_add_handlers() function, +create a struct of handlers that can be passed to the function instead. + +Signed-off-by: Amit Shah +--- + gdbstub.c | 9 +++++++-- + hw/cadence_uart.c | 9 +++++++-- + hw/ccid-card-passthru.c | 11 +++++++---- + hw/debugcon.c | 2 +- + hw/escc.c | 9 +++++++-- + hw/etraxfs_ser.c | 13 +++++++++---- + hw/exynos4210_uart.c | 9 +++++++-- + hw/grlib_apbuart.c | 12 +++++++----- + hw/ivshmem.c | 28 ++++++++++++++++++++++------ + hw/lm32_juart.c | 8 +++++++- + hw/lm32_uart.c | 8 +++++++- + hw/mcf_uart.c | 9 +++++++-- + hw/milkymist-uart.c | 8 +++++++- + hw/pl011.c | 9 +++++++-- + hw/pxa2xx.c | 13 +++++++++---- + hw/qdev-properties.c | 2 +- + hw/serial.c | 9 +++++++-- + hw/sh_serial.c | 12 +++++++++--- + hw/spapr_vty.c | 8 ++++++-- + hw/strongarm.c | 12 +++++++----- + hw/usb/dev-serial.c | 9 +++++++-- + hw/usb/redirect.c | 9 +++++++-- + hw/virtio-console.c | 9 +++++++-- + hw/xen_console.c | 16 +++++++++++----- + hw/xilinx_uartlite.c | 11 +++++++++-- + monitor.c | 18 ++++++++++++++---- + net/slirp.c | 8 ++++++-- + qemu-char.c | 32 ++++++++++++++++++++++---------- + qemu-char.h | 13 +++++++++---- + qtest.c | 9 ++++++++- + 30 files changed, 248 insertions(+), 86 deletions(-) + +diff --git a/gdbstub.c b/gdbstub.c +index 6a77a66..9e099b0 100644 +--- a/gdbstub.c ++++ b/gdbstub.c +@@ -2874,6 +2874,12 @@ static void gdb_sigterm_handler(int signal) + } + #endif + ++static const QemuChrHandlers gdb_handlers = { ++ .fd_can_read = gdb_chr_can_receive, ++ .fd_read = gdb_chr_receive, ++ .fd_event = gdb_chr_event, ++}; ++ + int gdbserver_start(const char *device) + { + GDBState *s; +@@ -2903,8 +2909,7 @@ int gdbserver_start(const char *device) + if (!chr) + return -1; + +- qemu_chr_add_handlers(chr, gdb_chr_can_receive, gdb_chr_receive, +- gdb_chr_event, NULL); ++ qemu_chr_add_handlers(chr, &gdb_handlers, NULL); + } + + s = gdbserver_state; +diff --git a/hw/cadence_uart.c b/hw/cadence_uart.c +index d98e531..8f7d64a 100644 +--- a/hw/cadence_uart.c ++++ b/hw/cadence_uart.c +@@ -435,6 +435,12 @@ static void cadence_uart_reset(UartState *s) + s->rx_wpos = 0; + } + ++static const QemuChrHandlers cadence_uart_handlers = { ++ .fd_can_read = uart_can_receive, ++ .fd_read = uart_receive, ++ .fd_event = uart_event, ++}; ++ + static int cadence_uart_init(SysBusDevice *dev) + { + UartState *s = FROM_SYSBUS(UartState, dev); +@@ -456,8 +462,7 @@ static int cadence_uart_init(SysBusDevice *dev) + cadence_uart_reset(s); + + if (s->chr) { +- qemu_chr_add_handlers(s->chr, uart_can_receive, uart_receive, +- uart_event, s); ++ qemu_chr_add_handlers(s->chr, &cadence_uart_handlers, s); + } + + return 0; +diff --git a/hw/ccid-card-passthru.c b/hw/ccid-card-passthru.c +index bd6c777..fb32107 100644 +--- a/hw/ccid-card-passthru.c ++++ b/hw/ccid-card-passthru.c +@@ -274,6 +274,12 @@ static const uint8_t *passthru_get_atr(CCIDCardState *base, uint32_t *len) + return card->atr; + } + ++static const QemuChrHandlers passthru_handlers = { ++ .fd_can_read = ccid_card_vscard_can_read, ++ .fd_read = ccid_card_vscard_read, ++ .fd_event = ccid_card_vscard_event, ++}; ++ + static int passthru_initfn(CCIDCardState *base) + { + PassthruState *card = DO_UPCAST(PassthruState, base, base); +@@ -282,10 +288,7 @@ static int passthru_initfn(CCIDCardState *base) + card->vscard_in_hdr = 0; + if (card->cs) { + DPRINTF(card, D_INFO, "initing chardev\n"); +- qemu_chr_add_handlers(card->cs, +- ccid_card_vscard_can_read, +- ccid_card_vscard_read, +- ccid_card_vscard_event, card); ++ qemu_chr_add_handlers(card->cs, &passthru_handlers, card); + ccid_card_vscard_send_init(card); + } else { + error_report("missing chardev"); +diff --git a/hw/debugcon.c b/hw/debugcon.c +index 14ab326..7887fd2 100644 +--- a/hw/debugcon.c ++++ b/hw/debugcon.c +@@ -73,7 +73,7 @@ static void debugcon_init_core(DebugconState *s) + exit(1); + } + +- qemu_chr_add_handlers(s->chr, NULL, NULL, NULL, s); ++ qemu_chr_add_handlers(s->chr, NULL, s); + } + + static int debugcon_isa_initfn(ISADevice *dev) +diff --git a/hw/escc.c b/hw/escc.c +index 4d8a8e8..689f275 100644 +--- a/hw/escc.c ++++ b/hw/escc.c +@@ -867,6 +867,12 @@ void slavio_serial_ms_kbd_init(target_phys_addr_t base, qemu_irq irq, + sysbus_mmio_map(s, 0, base); + } + ++static const QemuChrHandlers serial_handlers = { ++ .fd_can_read = serial_can_receive, ++ .fd_read = serial_receive1, ++ .fd_event = serial_event, ++}; ++ + static int escc_init1(SysBusDevice *dev) + { + SerialState *s = FROM_SYSBUS(SerialState, dev); +@@ -879,8 +885,7 @@ static int escc_init1(SysBusDevice *dev) + s->chn[i].chn = 1 - i; + s->chn[i].clock = s->frequency / 2; + if (s->chn[i].chr) { +- qemu_chr_add_handlers(s->chn[i].chr, serial_can_receive, +- serial_receive1, serial_event, &s->chn[i]); ++ qemu_chr_add_handlers(s->chn[i].chr, &serial_handlers, &s->chn[i]); + } + } + s->chn[0].otherchn = &s->chn[1]; +diff --git a/hw/etraxfs_ser.c b/hw/etraxfs_ser.c +index 5f16b17..f2571c2 100644 +--- a/hw/etraxfs_ser.c ++++ b/hw/etraxfs_ser.c +@@ -208,6 +208,12 @@ static void etraxfs_ser_reset(DeviceState *d) + + } + ++static const QemuChrHandlers serial_handlers = { ++ .fd_can_read = serial_can_receive, ++ .fd_read = serial_receive, ++ .fd_event = serial_event, ++}; ++ + static int etraxfs_ser_init(SysBusDevice *dev) + { + struct etrax_serial *s = FROM_SYSBUS(typeof (*s), dev); +@@ -217,10 +223,9 @@ static int etraxfs_ser_init(SysBusDevice *dev) + sysbus_init_mmio(dev, &s->mmio); + + s->chr = qemu_char_get_next_serial(); +- if (s->chr) +- qemu_chr_add_handlers(s->chr, +- serial_can_receive, serial_receive, +- serial_event, s); ++ if (s->chr) { ++ qemu_chr_add_handlers(s->chr, &serial_handlers, s); ++ } + return 0; + } + +diff --git a/hw/exynos4210_uart.c b/hw/exynos4210_uart.c +index ccc4780..fefe400 100644 +--- a/hw/exynos4210_uart.c ++++ b/hw/exynos4210_uart.c +@@ -625,6 +625,12 @@ DeviceState *exynos4210_uart_create(target_phys_addr_t addr, + return dev; + } + ++static const QemuChrHandlers exynos4210_handlers = { ++ .fd_can_read = exynos4210_uart_can_receive, ++ .fd_read = exynos4210_uart_receive, ++ .fd_event = exynos4210_uart_event, ++}; ++ + static int exynos4210_uart_init(SysBusDevice *dev) + { + Exynos4210UartState *s = FROM_SYSBUS(Exynos4210UartState, dev); +@@ -636,8 +642,7 @@ static int exynos4210_uart_init(SysBusDevice *dev) + + sysbus_init_irq(dev, &s->irq); + +- qemu_chr_add_handlers(s->chr, exynos4210_uart_can_receive, +- exynos4210_uart_receive, exynos4210_uart_event, s); ++ qemu_chr_add_handlers(s->chr, &exynos4210_handlers, s); + + return 0; + } +diff --git a/hw/grlib_apbuart.c b/hw/grlib_apbuart.c +index 73fc989..fd77d52 100644 +--- a/hw/grlib_apbuart.c ++++ b/hw/grlib_apbuart.c +@@ -222,15 +222,17 @@ static const MemoryRegionOps grlib_apbuart_ops = { + .endianness = DEVICE_NATIVE_ENDIAN, + }; + ++static const QemuChrHandlers grlib_handlers = { ++ .fd_can_read = grlib_apbuart_can_receive, ++ .fd_read = grlib_apbuart_receive, ++ .fd_event = grlib_apbuart_event, ++}; ++ + static int grlib_apbuart_init(SysBusDevice *dev) + { + UART *uart = FROM_SYSBUS(typeof(*uart), dev); + +- qemu_chr_add_handlers(uart->chr, +- grlib_apbuart_can_receive, +- grlib_apbuart_receive, +- grlib_apbuart_event, +- uart); ++ qemu_chr_add_handlers(uart->chr, &grlib_handlers, uart); + + sysbus_init_irq(dev, &uart->irq); + +diff --git a/hw/ivshmem.c b/hw/ivshmem.c +index d48e5f9..2dbf86e 100644 +--- a/hw/ivshmem.c ++++ b/hw/ivshmem.c +@@ -279,6 +279,18 @@ static void fake_irqfd(void *opaque, const uint8_t *buf, int size) { + msix_notify(pdev, entry->vector); + } + ++static const QemuChrHandlers ivshmem_handlers = { ++ .fd_can_read = ivshmem_can_receive, ++ .fd_read = ivshmem_receive, ++ .fd_event = ivshmem_event, ++}; ++ ++static const QemuChrHandlers ivshmem_msi_handlers = { ++ .fd_can_read = ivshmem_can_receive, ++ .fd_read = fake_irqfd, ++ .fd_event = ivshmem_event, ++}; ++ + static CharDriverState* create_eventfd_chr_device(void * opaque, int eventfd, + int vector) + { +@@ -298,11 +310,10 @@ static CharDriverState* create_eventfd_chr_device(void * opaque, int eventfd, + s->eventfd_table[vector].pdev = &s->dev; + s->eventfd_table[vector].vector = vector; + +- qemu_chr_add_handlers(chr, ivshmem_can_receive, fake_irqfd, +- ivshmem_event, &s->eventfd_table[vector]); ++ qemu_chr_add_handlers(chr, &ivshmem_msi_handlers, ++ &s->eventfd_table[vector]); + } else { +- qemu_chr_add_handlers(chr, ivshmem_can_receive, ivshmem_receive, +- ivshmem_event, s); ++ qemu_chr_add_handlers(chr, &ivshmem_handlers, s); + } + + return chr; +@@ -635,6 +646,12 @@ static void ivshmem_write_config(PCIDevice *pci_dev, uint32_t address, + msix_write_config(pci_dev, address, val, len); + } + ++static const QemuChrHandlers ivshmem_server_handlers = { ++ .fd_can_read = ivshmem_can_receive, ++ .fd_read = ivshmem_read, ++ .fd_event = ivshmem_event, ++}; ++ + static int pci_ivshmem_init(PCIDevice *dev) + { + IVShmemState *s = DO_UPCAST(IVShmemState, dev, dev); +@@ -724,8 +741,7 @@ static int pci_ivshmem_init(PCIDevice *dev) + + s->eventfd_chr = g_malloc0(s->vectors * sizeof(CharDriverState *)); + +- qemu_chr_add_handlers(s->server_chr, ivshmem_can_receive, ivshmem_read, +- ivshmem_event, s); ++ qemu_chr_add_handlers(s->server_chr, &ivshmem_server_handlers, s); + } else { + /* just map the file immediately, we're not using a server */ + int fd; +diff --git a/hw/lm32_juart.c b/hw/lm32_juart.c +index f07ed39..d4daeb8 100644 +--- a/hw/lm32_juart.c ++++ b/hw/lm32_juart.c +@@ -110,13 +110,19 @@ static void juart_reset(DeviceState *d) + s->jrx = 0; + } + ++static const QemuChrHandlers juart_handlers = { ++ .fd_can_read = juart_can_rx, ++ .fd_read = juart_rx, ++ .fd_event = juart_event, ++}; ++ + static int lm32_juart_init(SysBusDevice *dev) + { + LM32JuartState *s = FROM_SYSBUS(typeof(*s), dev); + + s->chr = qemu_char_get_next_serial(); + if (s->chr) { +- qemu_chr_add_handlers(s->chr, juart_can_rx, juart_rx, juart_event, s); ++ qemu_chr_add_handlers(s->chr, &juart_handlers, s); + } + + return 0; +diff --git a/hw/lm32_uart.c b/hw/lm32_uart.c +index 57066e2..4ea130b 100644 +--- a/hw/lm32_uart.c ++++ b/hw/lm32_uart.c +@@ -243,6 +243,12 @@ static void uart_reset(DeviceState *d) + s->regs[R_LSR] = LSR_THRE | LSR_TEMT; + } + ++static const QemuChrHandlers uart_handlers = { ++ .fd_can_read = uart_can_rx, ++ .fd_read = uart_rx, ++ .fd_event = uart_event, ++}; ++ + static int lm32_uart_init(SysBusDevice *dev) + { + LM32UartState *s = FROM_SYSBUS(typeof(*s), dev); +@@ -254,7 +260,7 @@ static int lm32_uart_init(SysBusDevice *dev) + + s->chr = qemu_char_get_next_serial(); + if (s->chr) { +- qemu_chr_add_handlers(s->chr, uart_can_rx, uart_rx, uart_event, s); ++ qemu_chr_add_handlers(s->chr, &uart_handlers, s); + } + + return 0; +diff --git a/hw/mcf_uart.c b/hw/mcf_uart.c +index ec6a87f..f52fb96 100644 +--- a/hw/mcf_uart.c ++++ b/hw/mcf_uart.c +@@ -272,6 +272,12 @@ static void mcf_uart_receive(void *opaque, const uint8_t *buf, int size) + mcf_uart_push_byte(s, buf[0]); + } + ++static const QemuChrHandlers mcf_uart_handlers = { ++ .fd_can_read = mcf_uart_can_receive, ++ .fd_read = mcf_uart_receive, ++ .fd_event = mcf_uart_event, ++}; ++ + void *mcf_uart_init(qemu_irq irq, CharDriverState *chr) + { + mcf_uart_state *s; +@@ -280,8 +286,7 @@ void *mcf_uart_init(qemu_irq irq, CharDriverState *chr) + s->chr = chr; + s->irq = irq; + if (chr) { +- qemu_chr_add_handlers(chr, mcf_uart_can_receive, mcf_uart_receive, +- mcf_uart_event, s); ++ qemu_chr_add_handlers(chr, &mcf_uart_handlers, s); + } + mcf_uart_reset(s); + return s; +diff --git a/hw/milkymist-uart.c b/hw/milkymist-uart.c +index 291fe3c..2dcb41c 100644 +--- a/hw/milkymist-uart.c ++++ b/hw/milkymist-uart.c +@@ -189,6 +189,12 @@ static void milkymist_uart_reset(DeviceState *d) + s->regs[R_STAT] = STAT_THRE; + } + ++static const QemuChrHandlers uart_handlers = { ++ .fd_can_read = uart_can_rx, ++ .fd_read = uart_rx, ++ .fd_event = uart_event, ++}; ++ + static int milkymist_uart_init(SysBusDevice *dev) + { + MilkymistUartState *s = FROM_SYSBUS(typeof(*s), dev); +@@ -201,7 +207,7 @@ static int milkymist_uart_init(SysBusDevice *dev) + + s->chr = qemu_char_get_next_serial(); + if (s->chr) { +- qemu_chr_add_handlers(s->chr, uart_can_rx, uart_rx, uart_event, s); ++ qemu_chr_add_handlers(s->chr, &uart_handlers, s); + } + + return 0; +diff --git a/hw/pl011.c b/hw/pl011.c +index 8a5a8f5..b125c40 100644 +--- a/hw/pl011.c ++++ b/hw/pl011.c +@@ -256,6 +256,12 @@ static const VMStateDescription vmstate_pl011 = { + } + }; + ++static const QemuChrHandlers pl011_handlers = { ++ .fd_can_read = pl011_can_receive, ++ .fd_read = pl011_receive, ++ .fd_event = pl011_event, ++}; ++ + static int pl011_init(SysBusDevice *dev, const unsigned char *id) + { + pl011_state *s = FROM_SYSBUS(pl011_state, dev); +@@ -271,8 +277,7 @@ static int pl011_init(SysBusDevice *dev, const unsigned char *id) + s->cr = 0x300; + s->flags = 0x90; + if (s->chr) { +- qemu_chr_add_handlers(s->chr, pl011_can_receive, pl011_receive, +- pl011_event, s); ++ qemu_chr_add_handlers(s->chr, &pl011_handlers, s); + } + vmstate_register(&dev->qdev, -1, &vmstate_pl011, s); + return 0; +diff --git a/hw/pxa2xx.c b/hw/pxa2xx.c +index ddaa846..81827a4 100644 +--- a/hw/pxa2xx.c ++++ b/hw/pxa2xx.c +@@ -2011,6 +2011,12 @@ static int pxa2xx_fir_load(QEMUFile *f, void *opaque, int version_id) + return 0; + } + ++static const QemuChrHandlers pxa2xx_handlers = { ++ .fd_can_read = pxa2xx_fir_is_empty, ++ .fd_read = pxa2xx_fir_rx, ++ .fd_event = pxa2xx_fir_event, ++}; ++ + static PXA2xxFIrState *pxa2xx_fir_init(MemoryRegion *sysmem, + target_phys_addr_t base, + qemu_irq irq, qemu_irq rx_dma, qemu_irq tx_dma, +@@ -2029,10 +2035,9 @@ static PXA2xxFIrState *pxa2xx_fir_init(MemoryRegion *sysmem, + memory_region_init_io(&s->iomem, &pxa2xx_fir_ops, s, "pxa2xx-fir", 0x1000); + memory_region_add_subregion(sysmem, base, &s->iomem); + +- if (chr) +- qemu_chr_add_handlers(chr, pxa2xx_fir_is_empty, +- pxa2xx_fir_rx, pxa2xx_fir_event, s); +- ++ if (chr) { ++ qemu_chr_add_handlers(chr, &pxa2xx_handlers, s); ++ } + register_savevm(NULL, "pxa2xx_fir", 0, 0, pxa2xx_fir_save, + pxa2xx_fir_load, s); + +diff --git a/hw/qdev-properties.c b/hw/qdev-properties.c +index b7b5597..e3c1b40 100644 +--- a/hw/qdev-properties.c ++++ b/hw/qdev-properties.c +@@ -551,7 +551,7 @@ static void release_chr(Object *obj, const char *name, void *opaque) + CharDriverState **ptr = qdev_get_prop_ptr(dev, prop); + + if (*ptr) { +- qemu_chr_add_handlers(*ptr, NULL, NULL, NULL, NULL); ++ qemu_chr_add_handlers(*ptr, NULL, NULL); + } + } + +diff --git a/hw/serial.c b/hw/serial.c +index a421d1e..056d823 100644 +--- a/hw/serial.c ++++ b/hw/serial.c +@@ -736,6 +736,12 @@ static void serial_reset(void *opaque) + qemu_irq_lower(s->irq); + } + ++static const QemuChrHandlers serial_handlers = { ++ .fd_can_read = serial_can_receive1, ++ .fd_read = serial_receive1, ++ .fd_event = serial_event, ++}; ++ + static void serial_init_core(SerialState *s) + { + if (!s->chr) { +@@ -750,8 +756,7 @@ static void serial_init_core(SerialState *s) + + qemu_register_reset(serial_reset, s); + +- qemu_chr_add_handlers(s->chr, serial_can_receive1, serial_receive1, +- serial_event, s); ++ qemu_chr_add_handlers(s->chr, &serial_handlers, s); + } + + /* Change the main reference oscillator frequency. */ +diff --git a/hw/sh_serial.c b/hw/sh_serial.c +index 43b0eb1..c322784 100644 +--- a/hw/sh_serial.c ++++ b/hw/sh_serial.c +@@ -350,6 +350,12 @@ static const MemoryRegionOps sh_serial_ops = { + .endianness = DEVICE_NATIVE_ENDIAN, + }; + ++static const QemuChrHandlers sh_serial_handlers = { ++ .fd_can_read = sh_serial_can_receive1, ++ .fd_read = sh_serial_receive1, ++ .fd_event = sh_serial_event, ++}; ++ + void sh_serial_init(MemoryRegion *sysmem, + target_phys_addr_t base, int feat, + uint32_t freq, CharDriverState *chr, +@@ -394,9 +400,9 @@ void sh_serial_init(MemoryRegion *sysmem, + + s->chr = chr; + +- if (chr) +- qemu_chr_add_handlers(chr, sh_serial_can_receive1, sh_serial_receive1, +- sh_serial_event, s); ++ if (chr) { ++ qemu_chr_add_handlers(chr, &sh_serial_handlers, s); ++ } + + s->eri = eri_source; + s->rxi = rxi_source; +diff --git a/hw/spapr_vty.c b/hw/spapr_vty.c +index c9674f3..15f61c3 100644 +--- a/hw/spapr_vty.c ++++ b/hw/spapr_vty.c +@@ -54,6 +54,11 @@ void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, int len) + qemu_chr_fe_write(dev->chardev, buf, len); + } + ++static const QemuChrHandlers vty_handlers = { ++ .fd_can_read = vty_can_receive, ++ .fd_read = vty_receive, ++}; ++ + static int spapr_vty_init(VIOsPAPRDevice *sdev) + { + VIOsPAPRVTYDevice *dev = (VIOsPAPRVTYDevice *)sdev; +@@ -63,8 +68,7 @@ static int spapr_vty_init(VIOsPAPRDevice *sdev) + exit(1); + } + +- qemu_chr_add_handlers(dev->chardev, vty_can_receive, +- vty_receive, NULL, dev); ++ qemu_chr_add_handlers(dev->chardev, &vty_handlers, dev); + + return 0; + } +diff --git a/hw/strongarm.c b/hw/strongarm.c +index 1b15f39..2ae2f7e 100644 +--- a/hw/strongarm.c ++++ b/hw/strongarm.c +@@ -1199,6 +1199,12 @@ static const MemoryRegionOps strongarm_uart_ops = { + .endianness = DEVICE_NATIVE_ENDIAN, + }; + ++static const QemuChrHandlers strongarm_uart_handlers = { ++ .fd_can_read = strongarm_uart_can_receive, ++ .fd_read = strongarm_uart_receive, ++ .fd_event = strongarm_uart_event, ++}; ++ + static int strongarm_uart_init(SysBusDevice *dev) + { + StrongARMUARTState *s = FROM_SYSBUS(StrongARMUARTState, dev); +@@ -1211,11 +1217,7 @@ static int strongarm_uart_init(SysBusDevice *dev) + s->tx_timer = qemu_new_timer_ns(vm_clock, strongarm_uart_tx, s); + + if (s->chr) { +- qemu_chr_add_handlers(s->chr, +- strongarm_uart_can_receive, +- strongarm_uart_receive, +- strongarm_uart_event, +- s); ++ qemu_chr_add_handlers(s->chr, &strongarm_uart_handlers, s); + } + + return 0; +diff --git a/hw/usb/dev-serial.c b/hw/usb/dev-serial.c +index 56743ee..af670cc 100644 +--- a/hw/usb/dev-serial.c ++++ b/hw/usb/dev-serial.c +@@ -475,6 +475,12 @@ static void usb_serial_event(void *opaque, int event) + } + } + ++static const QemuChrHandlers usb_serial_handlers = { ++ .fd_can_read = usb_serial_can_read, ++ .fd_read = usb_serial_read, ++ .fd_event = usb_serial_event, ++}; ++ + static int usb_serial_initfn(USBDevice *dev) + { + USBSerialState *s = DO_UPCAST(USBSerialState, dev, dev); +@@ -487,8 +493,7 @@ static int usb_serial_initfn(USBDevice *dev) + return -1; + } + +- qemu_chr_add_handlers(s->cs, usb_serial_can_read, usb_serial_read, +- usb_serial_event, s); ++ qemu_chr_add_handlers(s->cs, &usb_serial_handlers, s); + usb_serial_handle_reset(dev); + return 0; + } +diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c +index 51c27b4..6e8180e 100644 +--- a/hw/usb/redirect.c ++++ b/hw/usb/redirect.c +@@ -890,6 +890,12 @@ static void usbredir_chardev_event(void *opaque, int event) + } + } + ++static const QemuChrHandlers usbredir_chr_handlers = { ++ .fd_can_read = usbredir_chardev_can_read, ++ .fd_read = usbredir_chardev_read, ++ .fd_event = usbredir_chardev_event, ++}; ++ + /* + * init + destroy + */ +@@ -928,8 +934,7 @@ static int usbredir_initfn(USBDevice *udev) + + /* Let the backend know we are ready */ + qemu_chr_fe_open(dev->cs); +- qemu_chr_add_handlers(dev->cs, usbredir_chardev_can_read, +- usbredir_chardev_read, usbredir_chardev_event, dev); ++ qemu_chr_add_handlers(dev->cs, &usbredir_chr_handlers, dev); + + add_boot_device_path(dev->bootindex, &udev->qdev, NULL); + return 0; +diff --git a/hw/virtio-console.c b/hw/virtio-console.c +index cffee3d..066590c 100644 +--- a/hw/virtio-console.c ++++ b/hw/virtio-console.c +@@ -106,6 +106,12 @@ static void chr_event(void *opaque, int event) + } + } + ++static const QemuChrHandlers chr_handlers = { ++ .fd_can_read = chr_can_read, ++ .fd_read = chr_read, ++ .fd_event = chr_event, ++}; ++ + static int virtconsole_initfn(VirtIOSerialPort *port) + { + VirtConsole *vcon = DO_UPCAST(VirtConsole, port, port); +@@ -117,8 +123,7 @@ static int virtconsole_initfn(VirtIOSerialPort *port) + } + + if (vcon->chr) { +- qemu_chr_add_handlers(vcon->chr, chr_can_read, chr_read, chr_event, +- vcon); ++ qemu_chr_add_handlers(vcon->chr, &chr_handlers, vcon); + } + + return 0; +diff --git a/hw/xen_console.c b/hw/xen_console.c +index 3794b19..ee872c3 100644 +--- a/hw/xen_console.c ++++ b/hw/xen_console.c +@@ -212,6 +212,11 @@ out: + return ret; + } + ++static const QemuChrHandlers xencons_handlers = { ++ .fd_can_read = xencons_can_receive, ++ .fd_read = xencons_receive, ++}; ++ + static int con_initialise(struct XenDevice *xendev) + { + struct XenConsole *con = container_of(xendev, struct XenConsole, xendev); +@@ -232,9 +237,9 @@ static int con_initialise(struct XenDevice *xendev) + return -1; + + xen_be_bind_evtchn(&con->xendev); +- if (con->chr) +- qemu_chr_add_handlers(con->chr, xencons_can_receive, xencons_receive, +- NULL, con); ++ if (con->chr) { ++ qemu_chr_add_handlers(con->chr, &xencons_handlers, con); ++ } + + xen_be_printf(xendev, 1, "ring mfn %d, remote port %d, local port %d, limit %zd\n", + con->ring_ref, +@@ -251,8 +256,9 @@ static void con_disconnect(struct XenDevice *xendev) + if (!xendev->dev) { + return; + } +- if (con->chr) +- qemu_chr_add_handlers(con->chr, NULL, NULL, NULL, NULL); ++ if (con->chr) { ++ qemu_chr_add_handlers(con->chr, NULL, NULL); ++ } + xen_be_unbind_evtchn(&con->xendev); + + if (con->sring) { +diff --git a/hw/xilinx_uartlite.c b/hw/xilinx_uartlite.c +index aa0170d..6ca45dc 100644 +--- a/hw/xilinx_uartlite.c ++++ b/hw/xilinx_uartlite.c +@@ -195,6 +195,12 @@ static void uart_event(void *opaque, int event) + + } + ++static const QemuChrHandlers uart_handlers = { ++ .fd_can_read = uart_can_rx, ++ .fd_read = uart_rx, ++ .fd_event = uart_event, ++}; ++ + static int xilinx_uartlite_init(SysBusDevice *dev) + { + struct xlx_uartlite *s = FROM_SYSBUS(typeof (*s), dev); +@@ -206,8 +212,9 @@ static int xilinx_uartlite_init(SysBusDevice *dev) + sysbus_init_mmio(dev, &s->mmio); + + s->chr = qemu_char_get_next_serial(); +- if (s->chr) +- qemu_chr_add_handlers(s->chr, uart_can_rx, uart_rx, uart_event, s); ++ if (s->chr) { ++ qemu_chr_add_handlers(s->chr, &uart_handlers, s); ++ } + return 0; + } + +diff --git a/monitor.c b/monitor.c +index 71f4392..116accb 100644 +--- a/monitor.c ++++ b/monitor.c +@@ -4601,6 +4601,18 @@ static void sortcmdlist(void) + * End: + */ + ++static const QemuChrHandlers monitor_handlers = { ++ .fd_can_read = monitor_can_read, ++ .fd_read = monitor_read, ++ .fd_event = monitor_event, ++}; ++ ++static const QemuChrHandlers monitor_control_handlers = { ++ .fd_can_read = monitor_can_read, ++ .fd_read = monitor_control_read, ++ .fd_event = monitor_control_event, ++}; ++ + void monitor_init(CharDriverState *chr, int flags) + { + static int is_first_init = 1; +@@ -4623,12 +4635,10 @@ void monitor_init(CharDriverState *chr, int flags) + if (monitor_ctrl_mode(mon)) { + mon->mc = g_malloc0(sizeof(MonitorControl)); + /* Control mode requires special handlers */ +- qemu_chr_add_handlers(chr, monitor_can_read, monitor_control_read, +- monitor_control_event, mon); ++ qemu_chr_add_handlers(chr, &monitor_control_handlers, mon); + qemu_chr_fe_set_echo(chr, true); + } else { +- qemu_chr_add_handlers(chr, monitor_can_read, monitor_read, +- monitor_event, mon); ++ qemu_chr_add_handlers(chr, &monitor_handlers, mon); + } + + QLIST_INSERT_HEAD(&mon_list, mon, entry); +diff --git a/net/slirp.c b/net/slirp.c +index 96f5032..aa8ed08 100644 +--- a/net/slirp.c ++++ b/net/slirp.c +@@ -577,6 +577,11 @@ static void guestfwd_read(void *opaque, const uint8_t *buf, int size) + slirp_socket_recv(fwd->slirp, fwd->server, fwd->port, buf, size); + } + ++static const QemuChrHandlers guestfwd_handlers = { ++ .fd_can_read = guestfwd_can_read, ++ .fd_read = guestfwd_read, ++}; ++ + static int slirp_guestfwd(SlirpState *s, const char *config_str, + int legacy_format) + { +@@ -633,8 +638,7 @@ static int slirp_guestfwd(SlirpState *s, const char *config_str, + fwd->port = port; + fwd->slirp = s->slirp; + +- qemu_chr_add_handlers(fwd->hd, guestfwd_can_read, guestfwd_read, +- NULL, fwd); ++ qemu_chr_add_handlers(fwd->hd, &guestfwd_handlers, fwd); + return 0; + + fail_syntax: +diff --git a/qemu-char.c b/qemu-char.c +index 78d2a69..86bdabf 100644 +--- a/qemu-char.c ++++ b/qemu-char.c +@@ -192,19 +192,26 @@ void qemu_chr_fe_printf(CharDriverState *s, const char *fmt, ...) + va_end(ap); + } + ++static const QemuChrHandlers null_handlers = { ++ /* All handlers are initialised to NULL */ ++}; ++ + void qemu_chr_add_handlers(CharDriverState *s, +- IOCanReadHandler *fd_can_read, +- IOReadHandler *fd_read, +- IOEventHandler *fd_event, +- void *opaque) ++ const QemuChrHandlers *handlers, void *opaque) + { +- if (!opaque && !fd_can_read && !fd_read && !fd_event) { ++ if (!s) { ++ return; ++ } ++ if (!opaque && !handlers) { + /* chr driver being released. */ + ++s->avail_connections; + } +- s->chr_can_read = fd_can_read; +- s->chr_read = fd_read; +- s->chr_event = fd_event; ++ if (!handlers) { ++ handlers = &null_handlers; ++ } ++ s->chr_can_read = handlers->fd_can_read; ++ s->chr_read = handlers->fd_read; ++ s->chr_event = handlers->fd_event; + s->handler_opaque = opaque; + if (s->chr_update_read_handler) + s->chr_update_read_handler(s); +@@ -442,6 +449,12 @@ static void mux_chr_event(void *opaque, int event) + mux_chr_send_event(d, i, event); + } + ++static const QemuChrHandlers mux_chr_handlers = { ++ .fd_can_read = mux_chr_can_read, ++ .fd_read = mux_chr_read, ++ .fd_event = mux_chr_event, ++}; ++ + static void mux_chr_update_read_handler(CharDriverState *chr) + { + MuxDriver *d = chr->opaque; +@@ -456,8 +469,7 @@ static void mux_chr_update_read_handler(CharDriverState *chr) + d->chr_event[d->mux_cnt] = chr->chr_event; + /* Fix up the real driver with mux routines */ + if (d->mux_cnt == 0) { +- qemu_chr_add_handlers(d->drv, mux_chr_can_read, mux_chr_read, +- mux_chr_event, chr); ++ qemu_chr_add_handlers(d->drv, &mux_chr_handlers, chr); + } + if (d->focus != -1) { + mux_chr_send_event(d, d->focus, CHR_EVENT_MUX_OUT); +diff --git a/qemu-char.h b/qemu-char.h +index 486644b..dfa8c2d 100644 +--- a/qemu-char.h ++++ b/qemu-char.h +@@ -222,10 +222,15 @@ void qemu_chr_be_write(CharDriverState *s, uint8_t *buf, int len); + */ + void qemu_chr_be_event(CharDriverState *s, int event); + +-void qemu_chr_add_handlers(CharDriverState *s, +- IOCanReadHandler *fd_can_read, +- IOReadHandler *fd_read, +- IOEventHandler *fd_event, ++ ++typedef struct QemuChrHandlers { ++ IOCanReadHandler *fd_can_read; ++ IOReadHandler *fd_read; ++ IOHandler *fd_write_unblocked; ++ IOEventHandler *fd_event; ++} QemuChrHandlers; ++ ++void qemu_chr_add_handlers(CharDriverState *s, const QemuChrHandlers *handlers, + void *opaque); + + void qemu_chr_generic_open(CharDriverState *s); +diff --git a/qtest.c b/qtest.c +index fbfab4e..4ab5b69 100644 +--- a/qtest.c ++++ b/qtest.c +@@ -416,6 +416,13 @@ static void qtest_event(void *opaque, int event) + } + } + ++static const QemuChrHandlers test_handlers = { ++ .fd_can_read = qtest_can_read, ++ .fd_read = qtest_read, ++ .fd_event = qtest_event, ++}; ++ ++ + int qtest_init(void) + { + CharDriverState *chr; +@@ -425,7 +432,7 @@ int qtest_init(void) + configure_icount("0"); + chr = qemu_chr_new("qtest", qtest_chrdev, NULL); + +- qemu_chr_add_handlers(chr, qtest_can_read, qtest_read, qtest_event, chr); ++ qemu_chr_add_handlers(chr, &test_handlers, chr); + qemu_chr_fe_set_echo(chr, true); + + inbuf = g_string_new(""); +-- +1.7.10.4 + diff --git a/0102-usb-redir-Dynamically-adjust-iso-buffering-size-base.patch b/0102-usb-redir-Dynamically-adjust-iso-buffering-size-base.patch deleted file mode 100644 index 297fa9b..0000000 --- a/0102-usb-redir-Dynamically-adjust-iso-buffering-size-base.patch +++ /dev/null @@ -1,102 +0,0 @@ -From cc5740ae8aa68dbbdc690f694b0e55d70f9c49ee Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Mon, 19 Dec 2011 13:42:40 +0100 -Subject: [PATCH 102/118] usb-redir: Dynamically adjust iso buffering size - based on ep interval - -Note the bufpq_target_size id stored in the endpoint info struct, -even though it only used once. This is done because it will be -referenced from other code in a follow up patch. - -Signed-off-by: Hans de Goede ---- - usb-redir.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++----- - 1 files changed, 47 insertions(+), 5 deletions(-) - -diff --git a/usb-redir.c b/usb-redir.c -index 7678f1a..ab2c8fa 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -61,6 +61,7 @@ struct endp_data { - uint8_t interrupt_started; - uint8_t interrupt_error; - QTAILQ_HEAD(, buf_packet) bufpq; -+ int bufpq_target_size; - }; - - struct USBRedirDevice { -@@ -332,15 +333,41 @@ static int usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p, - uint8_t ep) - { - int status, len; -- - if (!dev->endpoint[EP2I(ep)].iso_started && - !dev->endpoint[EP2I(ep)].iso_error) { - struct usb_redir_start_iso_stream_header start_iso = { - .endpoint = ep, -- /* TODO maybe do something with these depending on ep interval? */ -- .pkts_per_urb = 32, -- .no_urbs = 3, - }; -+ int pkts_per_sec; -+ -+ if (dev->dev.speed == USB_SPEED_HIGH) -+ pkts_per_sec = 8000 / dev->endpoint[EP2I(ep)].interval; -+ else -+ pkts_per_sec = 1000 / dev->endpoint[EP2I(ep)].interval; -+ /* Testing has shown that we need circa 60 ms buffer */ -+ dev->endpoint[EP2I(ep)].bufpq_target_size = (pkts_per_sec * 60) / 1000; -+ -+ /* Aim for approx 100 interrupts / second on the client to -+ balance latency and interrupt load */ -+ start_iso.pkts_per_urb = pkts_per_sec / 100; -+ if (start_iso.pkts_per_urb < 1) { -+ start_iso.pkts_per_urb = 1; -+ } else if (start_iso.pkts_per_urb > 32) { -+ start_iso.pkts_per_urb = 32; -+ } -+ -+ start_iso.no_urbs = (dev->endpoint[EP2I(ep)].bufpq_target_size + -+ start_iso.pkts_per_urb - 1) / -+ start_iso.pkts_per_urb; -+ /* Output endpoints pre-fill only 1/2 of the packets, keeping the rest -+ as overflow buffer. Also see the usbredir protocol documentation */ -+ if (!(ep & USB_DIR_IN)) { -+ start_iso.no_urbs *= 2; -+ } -+ if (start_iso.no_urbs > 16) { -+ start_iso.no_urbs = 16; -+ } -+ - /* No id, we look at the ep when receiving a status back */ - usbredirparser_send_start_iso_stream(dev->parser, 0, &start_iso); - usbredirparser_do_write(dev->parser); -@@ -961,9 +988,24 @@ static void usbredir_ep_info(void *priv, - dev->endpoint[i].type = ep_info->type[i]; - dev->endpoint[i].interval = ep_info->interval[i]; - dev->endpoint[i].interface = ep_info->interface[i]; -- if (dev->endpoint[i].type != usb_redir_type_invalid) { -+ switch (dev->endpoint[i].type) { -+ case usb_redir_type_invalid: -+ break; -+ case usb_redir_type_iso: -+ case usb_redir_type_interrupt: -+ if (dev->endpoint[i].interval == 0) { -+ ERROR("Received 0 interval for isoc or irq endpoint\n"); -+ usbredir_device_disconnect(dev); -+ } -+ /* Fall through */ -+ case usb_redir_type_control: -+ case usb_redir_type_bulk: - DPRINTF("ep: %02X type: %d interface: %d\n", I2EP(i), - dev->endpoint[i].type, dev->endpoint[i].interface); -+ break; -+ default: -+ ERROR("Received invalid endpoint type\n"); -+ usbredir_device_disconnect(dev); - } - } - } --- -1.7.7.5 - diff --git a/0103-iohandlers-Add-enable-disable_write_fd_handler-funct.patch b/0103-iohandlers-Add-enable-disable_write_fd_handler-funct.patch new file mode 100644 index 0000000..7b70e2a --- /dev/null +++ b/0103-iohandlers-Add-enable-disable_write_fd_handler-funct.patch @@ -0,0 +1,77 @@ +From 32876859aeee3722398d98abfb6b6307e701091f Mon Sep 17 00:00:00 2001 +From: Amit Shah +Date: Mon, 21 Mar 2011 20:32:58 +0100 +Subject: [PATCH 103/114] iohandlers: Add enable/disable_write_fd_handler() + functions + +These will be used to provide a cleaner API for the nonblocking case. + +Signed-off-by: Amit Shah +--- + iohandler.c | 35 +++++++++++++++++++++++++++++++++++ + main-loop.h | 3 +++ + 2 files changed, 38 insertions(+) + +diff --git a/iohandler.c b/iohandler.c +index 3c74de6..250fd0e 100644 +--- a/iohandler.c ++++ b/iohandler.c +@@ -45,6 +45,41 @@ typedef struct IOHandlerRecord { + static QLIST_HEAD(, IOHandlerRecord) io_handlers = + QLIST_HEAD_INITIALIZER(io_handlers); + ++static IOHandlerRecord *find_iohandler(int fd) ++{ ++ IOHandlerRecord *ioh; ++ ++ QLIST_FOREACH(ioh, &io_handlers, next) { ++ if (ioh->fd == fd) { ++ return ioh; ++ } ++ } ++ return NULL; ++} ++ ++void enable_write_fd_handler(int fd, IOHandler *fd_write) ++{ ++ IOHandlerRecord *ioh; ++ ++ ioh = find_iohandler(fd); ++ if (!ioh) { ++ return; ++ } ++ ++ ioh->fd_write = fd_write; ++} ++ ++void disable_write_fd_handler(int fd) ++{ ++ IOHandlerRecord *ioh; ++ ++ ioh = find_iohandler(fd); ++ if (!ioh) { ++ return; ++ } ++ ++ ioh->fd_write = NULL; ++} + + /* XXX: fd_read_poll should be suppressed, but an API change is + necessary in the character devices to suppress fd_can_read(). */ +diff --git a/main-loop.h b/main-loop.h +index dce1cd9..eb31273 100644 +--- a/main-loop.h ++++ b/main-loop.h +@@ -175,6 +175,9 @@ typedef void IOReadHandler(void *opaque, const uint8_t *buf, int size); + typedef int IOCanReadHandler(void *opaque); + typedef void IOHandler(void *opaque); + ++void enable_write_fd_handler(int fd, IOHandler *fd_write); ++void disable_write_fd_handler(int fd); ++ + /** + * qemu_set_fd_handler2: Register a file descriptor with the main loop + * +-- +1.7.10.4 + diff --git a/0103-usb-redir-Pre-fill-our-isoc-input-buffer-before-send.patch b/0103-usb-redir-Pre-fill-our-isoc-input-buffer-before-send.patch deleted file mode 100644 index 56daa98..0000000 --- a/0103-usb-redir-Pre-fill-our-isoc-input-buffer-before-send.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 577aff1f1df0a41fd5e21f5ff2b470c36565211b Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Mon, 19 Dec 2011 14:55:15 +0100 -Subject: [PATCH 103/118] usb-redir: Pre-fill our isoc input buffer before - sending pkts to the host - -This is something which should have been done from the first version of -usb-redir, but wasn't. - -Signed-off-by: Hans de Goede ---- - usb-redir.c | 16 ++++++++++++++++ - 1 files changed, 16 insertions(+), 0 deletions(-) - -diff --git a/usb-redir.c b/usb-redir.c -index ab2c8fa..17ea7a7 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -60,7 +60,9 @@ struct endp_data { - uint8_t iso_error; /* For reporting iso errors to the HC */ - uint8_t interrupt_started; - uint8_t interrupt_error; -+ uint8_t bufpq_prefilled; - QTAILQ_HEAD(, buf_packet) bufpq; -+ int bufpq_size; - int bufpq_target_size; - }; - -@@ -296,6 +298,7 @@ static struct buf_packet *bufp_alloc(USBRedirDevice *dev, - bufp->len = len; - bufp->status = status; - QTAILQ_INSERT_TAIL(&dev->endpoint[EP2I(ep)].bufpq, bufp, next); -+ dev->endpoint[EP2I(ep)].bufpq_size++; - return bufp; - } - -@@ -303,6 +306,7 @@ static void bufp_free(USBRedirDevice *dev, struct buf_packet *bufp, - uint8_t ep) - { - QTAILQ_REMOVE(&dev->endpoint[EP2I(ep)].bufpq, bufp, next); -+ dev->endpoint[EP2I(ep)].bufpq_size--; - free(bufp->data); - g_free(bufp); - } -@@ -373,14 +377,26 @@ static int usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p, - usbredirparser_do_write(dev->parser); - DPRINTF("iso stream started ep %02X\n", ep); - dev->endpoint[EP2I(ep)].iso_started = 1; -+ dev->endpoint[EP2I(ep)].bufpq_prefilled = 0; - } - - if (ep & USB_DIR_IN) { - struct buf_packet *isop; - -+ if (dev->endpoint[EP2I(ep)].iso_started && -+ !dev->endpoint[EP2I(ep)].bufpq_prefilled) { -+ if (dev->endpoint[EP2I(ep)].bufpq_size < -+ dev->endpoint[EP2I(ep)].bufpq_target_size) { -+ return usbredir_handle_status(dev, 0, 0); -+ } -+ dev->endpoint[EP2I(ep)].bufpq_prefilled = 1; -+ } -+ - isop = QTAILQ_FIRST(&dev->endpoint[EP2I(ep)].bufpq); - if (isop == NULL) { - DPRINTF2("iso-token-in ep %02X, no isop\n", ep); -+ /* Re-fill the buffer */ -+ dev->endpoint[EP2I(ep)].bufpq_prefilled = 0; - /* Check iso_error for stream errors, otherwise its an underrun */ - status = dev->endpoint[EP2I(ep)].iso_error; - dev->endpoint[EP2I(ep)].iso_error = 0; --- -1.7.7.5 - diff --git a/0104-char-Add-framework-for-a-write-unblocked-callback.patch b/0104-char-Add-framework-for-a-write-unblocked-callback.patch new file mode 100644 index 0000000..bea0d67 --- /dev/null +++ b/0104-char-Add-framework-for-a-write-unblocked-callback.patch @@ -0,0 +1,61 @@ +From 3def2c629b31cfc6dfe54a1a5464bb35359c3b10 Mon Sep 17 00:00:00 2001 +From: Amit Shah +Date: Mon, 21 Mar 2011 21:41:42 +0100 +Subject: [PATCH 104/114] char: Add framework for a 'write unblocked' callback + +The char layer can let users know that the driver will block on further +input. For users interested in not blocking, they can assign a function +pointer that will be called back when the driver becomes writable. This +patch just adds the function pointers to the CharDriverState structure, +future patches will enable the nonblocking and callback functionality. + +Signed-off-by: Amit Shah +--- + qemu-char.c | 3 +++ + qemu-char.h | 4 ++++ + 2 files changed, 7 insertions(+) + +diff --git a/qemu-char.c b/qemu-char.c +index 86bdabf..88cbbd0 100644 +--- a/qemu-char.c ++++ b/qemu-char.c +@@ -211,11 +211,14 @@ void qemu_chr_add_handlers(CharDriverState *s, + } + s->chr_can_read = handlers->fd_can_read; + s->chr_read = handlers->fd_read; ++ s->chr_write_unblocked = handlers->fd_write_unblocked; + s->chr_event = handlers->fd_event; + s->handler_opaque = opaque; + if (s->chr_update_read_handler) + s->chr_update_read_handler(s); + ++ s->write_blocked = false; ++ + /* We're connecting to an already opened device, so let's make sure we + also get the open event */ + if (s->opened) { +diff --git a/qemu-char.h b/qemu-char.h +index dfa8c2d..b5e23a4 100644 +--- a/qemu-char.h ++++ b/qemu-char.h +@@ -62,6 +62,9 @@ struct CharDriverState { + IOEventHandler *chr_event; + IOCanReadHandler *chr_can_read; + IOReadHandler *chr_read; ++ IOHandler *chr_write_unblocked; ++ void (*chr_enable_write_fd_handler)(struct CharDriverState *chr); ++ void (*chr_disable_write_fd_handler)(struct CharDriverState *chr); + void *handler_opaque; + void (*chr_close)(struct CharDriverState *chr); + void (*chr_accept_input)(struct CharDriverState *chr); +@@ -74,6 +77,7 @@ struct CharDriverState { + char *filename; + int opened; + int avail_connections; ++ bool write_blocked; /* Are we in a blocked state? */ + QTAILQ_ENTRY(CharDriverState) next; + }; + +-- +1.7.10.4 + diff --git a/0104-usb-redir-Try-to-keep-our-buffer-size-near-the-targe.patch b/0104-usb-redir-Try-to-keep-our-buffer-size-near-the-targe.patch deleted file mode 100644 index 0f826d3..0000000 --- a/0104-usb-redir-Try-to-keep-our-buffer-size-near-the-targe.patch +++ /dev/null @@ -1,87 +0,0 @@ -From b8e632d175063770655e75507de85ae873fa6c2d Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Tue, 20 Dec 2011 16:54:25 +0100 -Subject: [PATCH 104/118] usb-redir: Try to keep our buffer size near the - target size - -Before this patch we would allow the (iso) buffer to grow unlimited -(and it would under certain circumstances) leading to way too high -latencies for iso data streams. - -Signed-off-by: Hans de Goede ---- - usb-redir.c | 30 +++++++++++++++++++++++++++--- - 1 files changed, 27 insertions(+), 3 deletions(-) - -diff --git a/usb-redir.c b/usb-redir.c -index 17ea7a7..88d941a 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -61,6 +61,7 @@ struct endp_data { - uint8_t interrupt_started; - uint8_t interrupt_error; - uint8_t bufpq_prefilled; -+ uint8_t bufpq_dropping_packets; - QTAILQ_HEAD(, buf_packet) bufpq; - int bufpq_size; - int bufpq_target_size; -@@ -290,16 +291,34 @@ static void usbredir_cancel_packet(USBDevice *udev, USBPacket *p) - } - } - --static struct buf_packet *bufp_alloc(USBRedirDevice *dev, -+static void bufp_alloc(USBRedirDevice *dev, - uint8_t *data, int len, int status, uint8_t ep) - { -- struct buf_packet *bufp = g_malloc(sizeof(struct buf_packet)); -+ struct buf_packet *bufp; -+ -+ if (!dev->endpoint[EP2I(ep)].bufpq_dropping_packets && -+ dev->endpoint[EP2I(ep)].bufpq_size > -+ 2 * dev->endpoint[EP2I(ep)].bufpq_target_size) { -+ DPRINTF("bufpq overflow, dropping packets ep %02X\n", ep); -+ dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 1; -+ } -+ /* Since we're interupting the stream anyways, drop enough packets to get -+ back to our target buffer size */ -+ if (dev->endpoint[EP2I(ep)].bufpq_dropping_packets) { -+ if (dev->endpoint[EP2I(ep)].bufpq_size > -+ dev->endpoint[EP2I(ep)].bufpq_target_size) { -+ free(data); -+ return; -+ } -+ dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 0; -+ } -+ -+ bufp = g_malloc(sizeof(struct buf_packet)); - bufp->data = data; - bufp->len = len; - bufp->status = status; - QTAILQ_INSERT_TAIL(&dev->endpoint[EP2I(ep)].bufpq, bufp, next); - dev->endpoint[EP2I(ep)].bufpq_size++; -- return bufp; - } - - static void bufp_free(USBRedirDevice *dev, struct buf_packet *bufp, -@@ -378,6 +397,7 @@ static int usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p, - DPRINTF("iso stream started ep %02X\n", ep); - dev->endpoint[EP2I(ep)].iso_started = 1; - dev->endpoint[EP2I(ep)].bufpq_prefilled = 0; -+ dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 0; - } - - if (ep & USB_DIR_IN) { -@@ -504,6 +524,10 @@ static int usbredir_handle_interrupt_data(USBRedirDevice *dev, - usbredirparser_do_write(dev->parser); - DPRINTF("interrupt recv started ep %02X\n", ep); - dev->endpoint[EP2I(ep)].interrupt_started = 1; -+ /* We don't really want to drop interrupt packets ever, but -+ having some upper limit to how much we buffer is good. */ -+ dev->endpoint[EP2I(ep)].bufpq_target_size = 1000; -+ dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 0; - } - - intp = QTAILQ_FIRST(&dev->endpoint[EP2I(ep)].bufpq); --- -1.7.7.5 - diff --git a/0105-char-Update-send_all-to-handle-nonblocking-chardev-w.patch b/0105-char-Update-send_all-to-handle-nonblocking-chardev-w.patch new file mode 100644 index 0000000..1b954ef --- /dev/null +++ b/0105-char-Update-send_all-to-handle-nonblocking-chardev-w.patch @@ -0,0 +1,188 @@ +From 6a36990b303dc64709931e16783e2f2e0a54b9d6 Mon Sep 17 00:00:00 2001 +From: Amit Shah +Date: Mon, 21 Mar 2011 22:00:27 +0100 +Subject: [PATCH 105/114] char: Update send_all() to handle nonblocking + chardev write requests + +The send_all function is modified to return to the caller in case the +driver cannot handle any more data. It returns -EAGAIN or +WSAEWOULDBLOCK on non-Windows and Windows platforms respectively. This +is only done when the caller sets a callback function handler indicating +it's not interested in blocking till the driver has written out all the +data. + +Currently there's no driver or caller that supports this. Future +commits will add such capability. + +Signed-off-by: Amit Shah +--- + net/socket.c | 4 ++-- + qemu-char.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++----- + qemu_socket.h | 2 +- + 3 files changed, 66 insertions(+), 9 deletions(-) + +diff --git a/net/socket.c b/net/socket.c +index 0bcf229..c21bb60 100644 +--- a/net/socket.c ++++ b/net/socket.c +@@ -56,8 +56,8 @@ static ssize_t net_socket_receive(VLANClientState *nc, const uint8_t *buf, size_ + uint32_t len; + len = htonl(size); + +- send_all(s->fd, (const uint8_t *)&len, sizeof(len)); +- return send_all(s->fd, buf, size); ++ send_all(NULL, s->fd, (const uint8_t *)&len, sizeof(len)); ++ return send_all(NULL, s->fd, buf, size); + } + + static ssize_t net_socket_receive_dgram(VLANClientState *nc, const uint8_t *buf, size_t size) +diff --git a/qemu-char.c b/qemu-char.c +index 88cbbd0..d8059ff 100644 +--- a/qemu-char.c ++++ b/qemu-char.c +@@ -508,7 +508,7 @@ static CharDriverState *qemu_chr_open_mux(CharDriverState *drv) + + + #ifdef _WIN32 +-int send_all(int fd, const void *buf, int len1) ++static int do_send(int fd, const void *buf, int len1, bool nonblock) + { + int ret, len; + +@@ -516,9 +516,14 @@ int send_all(int fd, const void *buf, int len1) + while (len > 0) { + ret = send(fd, buf, len, 0); + if (ret < 0) { ++ if (nonblock && len1 - len) { ++ return len1 - len; ++ } + errno = WSAGetLastError(); + if (errno != WSAEWOULDBLOCK) { + return -1; ++ } else if (errno == WSAEWOULDBLOCK && nonblock) { ++ return WSAEWOULDBLOCK; + } + } else if (ret == 0) { + break; +@@ -532,7 +537,7 @@ int send_all(int fd, const void *buf, int len1) + + #else + +-int send_all(int fd, const void *_buf, int len1) ++static int do_send(int fd, const void *_buf, int len1, bool nonblock) + { + int ret, len; + const uint8_t *buf = _buf; +@@ -541,8 +546,15 @@ int send_all(int fd, const void *_buf, int len1) + while (len > 0) { + ret = write(fd, buf, len); + if (ret < 0) { +- if (errno != EINTR && errno != EAGAIN) ++ if (nonblock && len1 - len) { ++ return len1 - len; ++ } ++ if (errno == EAGAIN && nonblock) { ++ return -EAGAIN; ++ } ++ if (errno != EINTR && errno != EAGAIN) { + return -1; ++ } + } else if (ret == 0) { + break; + } else { +@@ -557,6 +569,44 @@ int send_all(int fd, const void *_buf, int len1) + #define STDIO_MAX_CLIENTS 1 + static int stdio_nb_clients; + ++int send_all(CharDriverState *chr, int fd, const void *_buf, int len1) ++{ ++ int ret, eagain_errno; ++ bool nonblock; ++ ++ if (chr && chr->write_blocked) { ++ /* ++ * The caller should not send us data while we're blocked, ++ * but this can happen when multiple writers are woken at once, ++ * so simply return -EAGAIN. ++ */ ++ return -EAGAIN; ++ } ++ ++ nonblock = false; ++ /* ++ * Ensure the char backend is able to receive and handle the ++ * 'write unblocked' event before we turn on nonblock support. ++ */ ++ if (chr && chr->chr_enable_write_fd_handler && chr->chr_write_unblocked) { ++ nonblock = true; ++ } ++ ret = do_send(fd, _buf, len1, nonblock); ++ ++#ifdef _WIN32 ++ eagain_errno = WSAEWOULDBLOCK; ++#else ++ eagain_errno = -EAGAIN; ++#endif ++ ++ if (nonblock && (ret == eagain_errno || (ret >= 0 && ret < len1))) { ++ /* Update fd handler to wake up when chr becomes writable */ ++ chr->chr_enable_write_fd_handler(chr); ++ chr->write_blocked = true; ++ } ++ return ret; ++} ++ + #ifndef _WIN32 + + typedef struct { +@@ -568,7 +618,7 @@ typedef struct { + static int fd_chr_write(CharDriverState *chr, const uint8_t *buf, int len) + { + FDCharDriver *s = chr->opaque; +- return send_all(s->fd_out, buf, len); ++ return send_all(chr, s->fd_out, buf, len); + } + + static int fd_chr_read_poll(void *opaque) +@@ -887,7 +937,7 @@ static int pty_chr_write(CharDriverState *chr, const uint8_t *buf, int len) + pty_chr_update_read_handler(chr); + return 0; + } +- return send_all(s->fd, buf, len); ++ return send_all(chr, s->fd, buf, len); + } + + static int pty_chr_read_poll(void *opaque) +@@ -2174,8 +2224,15 @@ static void tcp_closed(void *opaque) + static int tcp_chr_write(CharDriverState *chr, const uint8_t *buf, int len) + { + TCPCharDriver *s = chr->opaque; ++ + if (s->connected) { +- return send_all(s->fd, buf, len); ++ int ret; ++ ++ ret = send_all(chr, s->fd, buf, len); ++ if (ret == -1 && errno == EPIPE) { ++ tcp_closed(chr); ++ } ++ return ret; + } else { + /* XXX: indicate an error ? */ + return len; +diff --git a/qemu_socket.h b/qemu_socket.h +index 4689ff3..3d780ce 100644 +--- a/qemu_socket.h ++++ b/qemu_socket.h +@@ -36,7 +36,7 @@ int qemu_accept(int s, struct sockaddr *addr, socklen_t *addrlen); + int socket_set_cork(int fd, int v); + void socket_set_block(int fd); + void socket_set_nonblock(int fd); +-int send_all(int fd, const void *buf, int len1); ++int send_all(CharDriverState *chr, int fd, const void *buf, int len1); + + /* New, ipv6-ready socket helper functions, see qemu-sockets.c */ + int inet_listen_opts(QemuOpts *opts, int port_offset, Error **errp); +-- +1.7.10.4 + diff --git a/0105-usb-redir-Improve-some-debugging-messages.patch b/0105-usb-redir-Improve-some-debugging-messages.patch deleted file mode 100644 index 8c5bda6..0000000 --- a/0105-usb-redir-Improve-some-debugging-messages.patch +++ /dev/null @@ -1,58 +0,0 @@ -From ba411ef969f3dcd8e82929e5577c0e06a60a5707 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Tue, 20 Dec 2011 16:21:34 +0100 -Subject: [PATCH 105/118] usb-redir: Improve some debugging messages - -Signed-off-by: Hans de Goede ---- - usb-redir.c | 13 ++++++++----- - 1 files changed, 8 insertions(+), 5 deletions(-) - -diff --git a/usb-redir.c b/usb-redir.c -index 88d941a..86bccf8 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -394,7 +394,8 @@ static int usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p, - /* No id, we look at the ep when receiving a status back */ - usbredirparser_send_start_iso_stream(dev->parser, 0, &start_iso); - usbredirparser_do_write(dev->parser); -- DPRINTF("iso stream started ep %02X\n", ep); -+ DPRINTF("iso stream started pkts/sec %d pkts/urb %d urbs %d ep %02X\n", -+ pkts_per_sec, start_iso.pkts_per_urb, start_iso.no_urbs, ep); - dev->endpoint[EP2I(ep)].iso_started = 1; - dev->endpoint[EP2I(ep)].bufpq_prefilled = 0; - dev->endpoint[EP2I(ep)].bufpq_dropping_packets = 0; -@@ -414,7 +415,8 @@ static int usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p, - - isop = QTAILQ_FIRST(&dev->endpoint[EP2I(ep)].bufpq); - if (isop == NULL) { -- DPRINTF2("iso-token-in ep %02X, no isop\n", ep); -+ DPRINTF("iso-token-in ep %02X, no isop, iso_error: %d\n", -+ ep, dev->endpoint[EP2I(ep)].iso_error); - /* Re-fill the buffer */ - dev->endpoint[EP2I(ep)].bufpq_prefilled = 0; - /* Check iso_error for stream errors, otherwise its an underrun */ -@@ -422,8 +424,8 @@ static int usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p, - dev->endpoint[EP2I(ep)].iso_error = 0; - return usbredir_handle_status(dev, status, 0); - } -- DPRINTF2("iso-token-in ep %02X status %d len %d\n", ep, isop->status, -- isop->len); -+ DPRINTF2("iso-token-in ep %02X status %d len %d queue-size: %d\n", ep, -+ isop->status, isop->len, dev->endpoint[EP2I(ep)].bufpq_size); - - status = isop->status; - if (status != usb_redir_success) { -@@ -433,7 +435,8 @@ static int usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p, - - len = isop->len; - if (len > p->iov.size) { -- ERROR("received iso data is larger then packet ep %02X\n", ep); -+ ERROR("received iso data is larger then packet ep %02X (%d > %d)\n", -+ ep, len, (int)p->iov.size); - bufp_free(dev, isop, ep); - return USB_RET_NAK; - } --- -1.7.7.5 - diff --git a/0106-char-Equip-the-unix-tcp-backend-to-handle-nonblockin.patch b/0106-char-Equip-the-unix-tcp-backend-to-handle-nonblockin.patch new file mode 100644 index 0000000..c6a3987 --- /dev/null +++ b/0106-char-Equip-the-unix-tcp-backend-to-handle-nonblockin.patch @@ -0,0 +1,81 @@ +From bccdec085744256038f35b243853d7142b85cddb Mon Sep 17 00:00:00 2001 +From: Amit Shah +Date: Mon, 21 Mar 2011 22:02:47 +0100 +Subject: [PATCH 106/114] char: Equip the unix/tcp backend to handle + nonblocking writes# + +Now that the infrastructure is in place to return -EAGAIN to callers, +individual char drivers can set their update_fd_handlers() function to +set or remove an fd's write handler. This handler checks if the driver +became writable. + +A generic callback routine is used for unblocking writes and letting +users of chardevs know that a driver became writable again. + +Signed-off-by: Amit Shah +--- + qemu-char.c | 34 ++++++++++++++++++++++++++++++++++ + 1 file changed, 34 insertions(+) + +diff --git a/qemu-char.c b/qemu-char.c +index d8059ff..ed306e5 100644 +--- a/qemu-char.c ++++ b/qemu-char.c +@@ -106,6 +106,19 @@ + static QTAILQ_HEAD(CharDriverStateHead, CharDriverState) chardevs = + QTAILQ_HEAD_INITIALIZER(chardevs); + ++/* ++ * Generic routine that gets called when chardev becomes writable. ++ * Lets chardev user know it's OK to send more data. ++ */ ++static void char_write_unblocked(void *opaque) ++{ ++ CharDriverState *chr = opaque; ++ ++ chr->write_blocked = false; ++ chr->chr_disable_write_fd_handler(chr); ++ chr->chr_write_unblocked(chr->handler_opaque); ++} ++ + void qemu_chr_be_event(CharDriverState *s, int event) + { + /* Keep track if the char device is open */ +@@ -2493,6 +2506,25 @@ static void tcp_chr_close(CharDriverState *chr) + qemu_chr_be_event(chr, CHR_EVENT_CLOSED); + } + ++static void tcp_enable_write_fd_handler(CharDriverState *chr) ++{ ++ TCPCharDriver *s = chr->opaque; ++ ++ /* ++ * This function is called only after tcp_chr_connect() is called ++ * (either in 'server' mode or client mode. So we're sure of ++ * s->fd being initialised. ++ */ ++ enable_write_fd_handler(s->fd, char_write_unblocked); ++} ++ ++static void tcp_disable_write_fd_handler(CharDriverState *chr) ++{ ++ TCPCharDriver *s = chr->opaque; ++ ++ disable_write_fd_handler(s->fd); ++} ++ + static CharDriverState *qemu_chr_open_socket(QemuOpts *opts) + { + CharDriverState *chr = NULL; +@@ -2547,6 +2579,8 @@ static CharDriverState *qemu_chr_open_socket(QemuOpts *opts) + chr->chr_close = tcp_chr_close; + chr->get_msgfd = tcp_get_msgfd; + chr->chr_add_client = tcp_chr_add_client; ++ chr->chr_enable_write_fd_handler = tcp_enable_write_fd_handler; ++ chr->chr_disable_write_fd_handler = tcp_disable_write_fd_handler; + + if (is_listen) { + s->listen_fd = fd; +-- +1.7.10.4 + diff --git a/0106-char-Split-out-tcp-socket-close-code-in-a-separate-f.patch b/0106-char-Split-out-tcp-socket-close-code-in-a-separate-f.patch deleted file mode 100644 index bb37bd7..0000000 --- a/0106-char-Split-out-tcp-socket-close-code-in-a-separate-f.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 34736b9b6690054152ae2b9b37f75f7ed720590a Mon Sep 17 00:00:00 2001 -From: Amit Shah -Date: Mon, 21 Mar 2011 21:57:47 +0100 -Subject: [PATCH 106/118] char: Split out tcp socket close code in a separate - function - -Signed-off-by: Amit Shah ---- - qemu-char.c | 25 ++++++++++++++++--------- - 1 files changed, 16 insertions(+), 9 deletions(-) - -diff --git a/qemu-char.c b/qemu-char.c -index 27abcb9..a5ca611 100644 ---- a/qemu-char.c -+++ b/qemu-char.c -@@ -2163,6 +2163,21 @@ typedef struct { - - static void tcp_chr_accept(void *opaque); - -+static void tcp_closed(void *opaque) -+{ -+ CharDriverState *chr = opaque; -+ TCPCharDriver *s = chr->opaque; -+ -+ s->connected = 0; -+ if (s->listen_fd >= 0) { -+ qemu_set_fd_handler2(s->listen_fd, NULL, tcp_chr_accept, NULL, chr); -+ } -+ qemu_set_fd_handler2(s->fd, NULL, NULL, NULL, NULL); -+ closesocket(s->fd); -+ s->fd = -1; -+ qemu_chr_be_event(chr, CHR_EVENT_CLOSED); -+} -+ - static int tcp_chr_write(CharDriverState *chr, const uint8_t *buf, int len) - { - TCPCharDriver *s = chr->opaque; -@@ -2313,15 +2328,7 @@ static void tcp_chr_read(void *opaque) - len = s->max_size; - size = tcp_chr_recv(chr, (void *)buf, len); - if (size == 0) { -- /* connection closed */ -- s->connected = 0; -- if (s->listen_fd >= 0) { -- qemu_set_fd_handler2(s->listen_fd, NULL, tcp_chr_accept, NULL, chr); -- } -- qemu_set_fd_handler2(s->fd, NULL, NULL, NULL, NULL); -- closesocket(s->fd); -- s->fd = -1; -- qemu_chr_be_event(chr, CHR_EVENT_CLOSED); -+ tcp_closed(chr); - } else if (size > 0) { - if (s->do_telnetopt) - tcp_chr_process_IAC_bytes(chr, s, buf, &size); --- -1.7.7.5 - diff --git a/0107-char-Add-a-QemuChrHandlers-struct-to-initialise-char.patch b/0107-char-Add-a-QemuChrHandlers-struct-to-initialise-char.patch deleted file mode 100644 index 48acb6a..0000000 --- a/0107-char-Add-a-QemuChrHandlers-struct-to-initialise-char.patch +++ /dev/null @@ -1,871 +0,0 @@ -From 61efa48e1973eaac16615c85198d9d74e36a3124 Mon Sep 17 00:00:00 2001 -From: Amit Shah -Date: Mon, 21 Mar 2011 20:31:45 +0100 -Subject: [PATCH 107/118] char: Add a QemuChrHandlers struct to initialise - chardev handlers - -Instead of passing each handler in the qemu_add_handlers() function, -create a struct of handlers that can be passed to the function instead. - -Signed-off-by: Amit Shah ---- - gdbstub.c | 9 +++++++-- - hw/ccid-card-passthru.c | 11 +++++++---- - hw/debugcon.c | 2 +- - hw/escc.c | 9 +++++++-- - hw/etraxfs_ser.c | 13 +++++++++---- - hw/grlib_apbuart.c | 12 +++++++----- - hw/ivshmem.c | 28 ++++++++++++++++++++++------ - hw/lm32_juart.c | 8 +++++++- - hw/lm32_uart.c | 8 +++++++- - hw/mcf_uart.c | 9 +++++++-- - hw/milkymist-uart.c | 8 +++++++- - hw/pl011.c | 9 +++++++-- - hw/pxa2xx.c | 13 +++++++++---- - hw/serial.c | 9 +++++++-- - hw/sh_serial.c | 12 +++++++++--- - hw/spapr_vty.c | 8 ++++++-- - hw/strongarm.c | 12 +++++++----- - hw/syborg_serial.c | 9 +++++++-- - hw/usb-serial.c | 9 +++++++-- - hw/virtio-console.c | 11 ++++++++--- - hw/xen_console.c | 16 +++++++++++----- - hw/xilinx_uartlite.c | 11 +++++++++-- - monitor.c | 18 ++++++++++++++---- - net/slirp.c | 8 ++++++-- - qemu-char.c | 32 ++++++++++++++++++++++---------- - qemu-char.h | 13 +++++++++---- - usb-redir.c | 9 +++++++-- - 27 files changed, 233 insertions(+), 83 deletions(-) - -diff --git a/gdbstub.c b/gdbstub.c -index 640cf4e..b984e12 100644 ---- a/gdbstub.c -+++ b/gdbstub.c -@@ -2860,6 +2860,12 @@ static void gdb_sigterm_handler(int signal) - } - #endif - -+static const QemuChrHandlers gdb_handlers = { -+ .fd_can_read = gdb_chr_can_receive, -+ .fd_read = gdb_chr_receive, -+ .fd_event = gdb_chr_event, -+}; -+ - int gdbserver_start(const char *device) - { - GDBState *s; -@@ -2889,8 +2895,7 @@ int gdbserver_start(const char *device) - if (!chr) - return -1; - -- qemu_chr_add_handlers(chr, gdb_chr_can_receive, gdb_chr_receive, -- gdb_chr_event, NULL); -+ qemu_chr_add_handlers(chr, &gdb_handlers, NULL); - } - - s = gdbserver_state; -diff --git a/hw/ccid-card-passthru.c b/hw/ccid-card-passthru.c -index 9f51c6c..c5bff01 100644 ---- a/hw/ccid-card-passthru.c -+++ b/hw/ccid-card-passthru.c -@@ -274,6 +274,12 @@ static const uint8_t *passthru_get_atr(CCIDCardState *base, uint32_t *len) - return card->atr; - } - -+static const QemuChrHandlers passthru_handlers = { -+ .fd_can_read = ccid_card_vscard_can_read, -+ .fd_read = ccid_card_vscard_read, -+ .fd_event = ccid_card_vscard_event, -+}; -+ - static int passthru_initfn(CCIDCardState *base) - { - PassthruState *card = DO_UPCAST(PassthruState, base, base); -@@ -282,10 +288,7 @@ static int passthru_initfn(CCIDCardState *base) - card->vscard_in_hdr = 0; - if (card->cs) { - DPRINTF(card, D_INFO, "initing chardev\n"); -- qemu_chr_add_handlers(card->cs, -- ccid_card_vscard_can_read, -- ccid_card_vscard_read, -- ccid_card_vscard_event, card); -+ qemu_chr_add_handlers(card->cs, &passthru_handlers, card); - ccid_card_vscard_send_init(card); - } else { - error_report("missing chardev"); -diff --git a/hw/debugcon.c b/hw/debugcon.c -index c9ee6d9..1d3c3ca 100644 ---- a/hw/debugcon.c -+++ b/hw/debugcon.c -@@ -73,7 +73,7 @@ static void debugcon_init_core(DebugconState *s) - exit(1); - } - -- qemu_chr_add_handlers(s->chr, NULL, NULL, NULL, s); -+ qemu_chr_add_handlers(s->chr, NULL, s); - } - - static int debugcon_isa_initfn(ISADevice *dev) -diff --git a/hw/escc.c b/hw/escc.c -index 13c7e66..997377e 100644 ---- a/hw/escc.c -+++ b/hw/escc.c -@@ -867,6 +867,12 @@ void slavio_serial_ms_kbd_init(target_phys_addr_t base, qemu_irq irq, - sysbus_mmio_map(s, 0, base); - } - -+static const QemuChrHandlers serial_handlers = { -+ .fd_can_read = serial_can_receive, -+ .fd_read = serial_receive1, -+ .fd_event = serial_event, -+}; -+ - static int escc_init1(SysBusDevice *dev) - { - SerialState *s = FROM_SYSBUS(SerialState, dev); -@@ -879,8 +885,7 @@ static int escc_init1(SysBusDevice *dev) - s->chn[i].chn = 1 - i; - s->chn[i].clock = s->frequency / 2; - if (s->chn[i].chr) { -- qemu_chr_add_handlers(s->chn[i].chr, serial_can_receive, -- serial_receive1, serial_event, &s->chn[i]); -+ qemu_chr_add_handlers(s->chn[i].chr, &serial_handlers, &s->chn[i]); - } - } - s->chn[0].otherchn = &s->chn[1]; -diff --git a/hw/etraxfs_ser.c b/hw/etraxfs_ser.c -index 298b985..29d486e 100644 ---- a/hw/etraxfs_ser.c -+++ b/hw/etraxfs_ser.c -@@ -208,6 +208,12 @@ static void etraxfs_ser_reset(DeviceState *d) - - } - -+static const QemuChrHandlers serial_handlers = { -+ .fd_can_read = serial_can_receive, -+ .fd_read = serial_receive, -+ .fd_event = serial_event, -+}; -+ - static int etraxfs_ser_init(SysBusDevice *dev) - { - struct etrax_serial *s = FROM_SYSBUS(typeof (*s), dev); -@@ -217,10 +223,9 @@ static int etraxfs_ser_init(SysBusDevice *dev) - sysbus_init_mmio_region(dev, &s->mmio); - - s->chr = qdev_init_chardev(&dev->qdev); -- if (s->chr) -- qemu_chr_add_handlers(s->chr, -- serial_can_receive, serial_receive, -- serial_event, s); -+ if (s->chr) { -+ qemu_chr_add_handlers(s->chr, &serial_handlers, s); -+ } - return 0; - } - -diff --git a/hw/grlib_apbuart.c b/hw/grlib_apbuart.c -index c90b810..ac6c33b 100644 ---- a/hw/grlib_apbuart.c -+++ b/hw/grlib_apbuart.c -@@ -144,16 +144,18 @@ static CPUWriteMemoryFunc * const grlib_apbuart_write[] = { - NULL, NULL, grlib_apbuart_writel, - }; - -+static const QemuChrHandlers grlib_handlers = { -+ .fd_can_read = grlib_apbuart_can_receive, -+ .fd_read = grlib_apbuart_receive, -+ .fd_event = grlib_apbuart_event, -+}; -+ - static int grlib_apbuart_init(SysBusDevice *dev) - { - UART *uart = FROM_SYSBUS(typeof(*uart), dev); - int uart_regs = 0; - -- qemu_chr_add_handlers(uart->chr, -- grlib_apbuart_can_receive, -- grlib_apbuart_receive, -- grlib_apbuart_event, -- uart); -+ qemu_chr_add_handlers(uart->chr, &grlib_handlers, uart); - - sysbus_init_irq(dev, &uart->irq); - -diff --git a/hw/ivshmem.c b/hw/ivshmem.c -index 7b4dbf6..ee78576 100644 ---- a/hw/ivshmem.c -+++ b/hw/ivshmem.c -@@ -276,6 +276,18 @@ static void fake_irqfd(void *opaque, const uint8_t *buf, int size) { - msix_notify(pdev, entry->vector); - } - -+static const QemuChrHandlers ivshmem_handlers = { -+ .fd_can_read = ivshmem_can_receive, -+ .fd_read = ivshmem_receive, -+ .fd_event = ivshmem_event, -+}; -+ -+static const QemuChrHandlers ivshmem_msi_handlers = { -+ .fd_can_read = ivshmem_can_receive, -+ .fd_read = fake_irqfd, -+ .fd_event = ivshmem_event, -+}; -+ - static CharDriverState* create_eventfd_chr_device(void * opaque, int eventfd, - int vector) - { -@@ -295,11 +307,10 @@ static CharDriverState* create_eventfd_chr_device(void * opaque, int eventfd, - s->eventfd_table[vector].pdev = &s->dev; - s->eventfd_table[vector].vector = vector; - -- qemu_chr_add_handlers(chr, ivshmem_can_receive, fake_irqfd, -- ivshmem_event, &s->eventfd_table[vector]); -+ qemu_chr_add_handlers(chr, &ivshmem_msi_handlers, -+ &s->eventfd_table[vector]); - } else { -- qemu_chr_add_handlers(chr, ivshmem_can_receive, ivshmem_receive, -- ivshmem_event, s); -+ qemu_chr_add_handlers(chr, &ivshmem_handlers, s); - } - - return chr; -@@ -614,6 +625,12 @@ static int ivshmem_load(QEMUFile* f, void *opaque, int version_id) - return 0; - } - -+static const QemuChrHandlers ivshmem_server_handlers = { -+ .fd_can_read = ivshmem_can_receive, -+ .fd_read = ivshmem_read, -+ .fd_event = ivshmem_event, -+}; -+ - static int pci_ivshmem_init(PCIDevice *dev) - { - IVShmemState *s = DO_UPCAST(IVShmemState, dev, dev); -@@ -703,8 +720,7 @@ static int pci_ivshmem_init(PCIDevice *dev) - - s->eventfd_chr = g_malloc0(s->vectors * sizeof(CharDriverState *)); - -- qemu_chr_add_handlers(s->server_chr, ivshmem_can_receive, ivshmem_read, -- ivshmem_event, s); -+ qemu_chr_add_handlers(s->server_chr, &ivshmem_server_handlers, s); - } else { - /* just map the file immediately, we're not using a server */ - int fd; -diff --git a/hw/lm32_juart.c b/hw/lm32_juart.c -index 5454aa4..1b9fa07 100644 ---- a/hw/lm32_juart.c -+++ b/hw/lm32_juart.c -@@ -110,13 +110,19 @@ static void juart_reset(DeviceState *d) - s->jrx = 0; - } - -+static const QemuChrHandlers juart_handlers = { -+ .fd_can_read = juart_can_rx, -+ .fd_read = juart_rx, -+ .fd_event = juart_event, -+}; -+ - static int lm32_juart_init(SysBusDevice *dev) - { - LM32JuartState *s = FROM_SYSBUS(typeof(*s), dev); - - s->chr = qdev_init_chardev(&dev->qdev); - if (s->chr) { -- qemu_chr_add_handlers(s->chr, juart_can_rx, juart_rx, juart_event, s); -+ qemu_chr_add_handlers(s->chr, juart_handlers, s); - } - - return 0; -diff --git a/hw/lm32_uart.c b/hw/lm32_uart.c -index 3678545..ccaf88c 100644 ---- a/hw/lm32_uart.c -+++ b/hw/lm32_uart.c -@@ -242,6 +242,12 @@ static void uart_reset(DeviceState *d) - s->regs[R_LSR] = LSR_THRE | LSR_TEMT; - } - -+static const QemuChrHandlers uart_handlers = { -+ .fd_can_read = uart_can_rx, -+ .fd_read = uart_rx, -+ .fd_event = uart_event, -+}; -+ - static int lm32_uart_init(SysBusDevice *dev) - { - LM32UartState *s = FROM_SYSBUS(typeof(*s), dev); -@@ -255,7 +261,7 @@ static int lm32_uart_init(SysBusDevice *dev) - - s->chr = qdev_init_chardev(&dev->qdev); - if (s->chr) { -- qemu_chr_add_handlers(s->chr, uart_can_rx, uart_rx, uart_event, s); -+ qemu_chr_add_handlers(s->chr, uart_handlers, s); - } - - return 0; -diff --git a/hw/mcf_uart.c b/hw/mcf_uart.c -index e6b2ab0..2870683 100644 ---- a/hw/mcf_uart.c -+++ b/hw/mcf_uart.c -@@ -268,6 +268,12 @@ static void mcf_uart_receive(void *opaque, const uint8_t *buf, int size) - mcf_uart_push_byte(s, buf[0]); - } - -+static const QemuChrHandlers mcf_uart_handlers = { -+ .fd_can_read = mcf_uart_can_receive, -+ .fd_read = mcf_uart_receive, -+ .fd_event = mcf_uart_event, -+}; -+ - void *mcf_uart_init(qemu_irq irq, CharDriverState *chr) - { - mcf_uart_state *s; -@@ -276,8 +282,7 @@ void *mcf_uart_init(qemu_irq irq, CharDriverState *chr) - s->chr = chr; - s->irq = irq; - if (chr) { -- qemu_chr_add_handlers(chr, mcf_uart_can_receive, mcf_uart_receive, -- mcf_uart_event, s); -+ qemu_chr_add_handlers(chr, &mcf_uart_handlers, s); - } - mcf_uart_reset(s); - return s; -diff --git a/hw/milkymist-uart.c b/hw/milkymist-uart.c -index 5404ca9..fd10e12 100644 ---- a/hw/milkymist-uart.c -+++ b/hw/milkymist-uart.c -@@ -189,6 +189,12 @@ static void milkymist_uart_reset(DeviceState *d) - s->regs[R_STAT] = STAT_THRE; - } - -+static const QemuChrHandlers uart_handlers = { -+ .fd_can_read = uart_can_rx, -+ .fd_read = uart_rx, -+ .fd_event = uart_event, -+}; -+ - static int milkymist_uart_init(SysBusDevice *dev) - { - MilkymistUartState *s = FROM_SYSBUS(typeof(*s), dev); -@@ -201,7 +207,7 @@ static int milkymist_uart_init(SysBusDevice *dev) - - s->chr = qdev_init_chardev(&dev->qdev); - if (s->chr) { -- qemu_chr_add_handlers(s->chr, uart_can_rx, uart_rx, uart_event, s); -+ qemu_chr_add_handlers(s->chr, uart_handlers, s); - } - - return 0; -diff --git a/hw/pl011.c b/hw/pl011.c -index 707a161..7482246 100644 ---- a/hw/pl011.c -+++ b/hw/pl011.c -@@ -260,6 +260,12 @@ static const VMStateDescription vmstate_pl011 = { - } - }; - -+static const QemuChrHandlers pl011_handlers = { -+ .fd_can_read = pl011_can_receive, -+ .fd_read = pl011_receive, -+ .fd_event = pl011_event, -+}; -+ - static int pl011_init(SysBusDevice *dev, const unsigned char *id) - { - int iomemtype; -@@ -278,8 +284,7 @@ static int pl011_init(SysBusDevice *dev, const unsigned char *id) - s->cr = 0x300; - s->flags = 0x90; - if (s->chr) { -- qemu_chr_add_handlers(s->chr, pl011_can_receive, pl011_receive, -- pl011_event, s); -+ qemu_chr_add_handlers(s->chr, &pl011_handlers, s); - } - vmstate_register(&dev->qdev, -1, &vmstate_pl011, s); - return 0; -diff --git a/hw/pxa2xx.c b/hw/pxa2xx.c -index e9a507e..24925b6 100644 ---- a/hw/pxa2xx.c -+++ b/hw/pxa2xx.c -@@ -1984,6 +1984,12 @@ static int pxa2xx_fir_load(QEMUFile *f, void *opaque, int version_id) - return 0; - } - -+static const QemuChrHandlers pxa2xx_handlers = { -+ .fd_can_read = pxa2xx_fir_is_empty, -+ .fd_read = pxa2xx_fir_rx, -+ .fd_event = pxa2xx_fir_event, -+}; -+ - static PXA2xxFIrState *pxa2xx_fir_init(MemoryRegion *sysmem, - target_phys_addr_t base, - qemu_irq irq, qemu_irq rx_dma, qemu_irq tx_dma, -@@ -2002,10 +2008,9 @@ static PXA2xxFIrState *pxa2xx_fir_init(MemoryRegion *sysmem, - memory_region_init_io(&s->iomem, &pxa2xx_fir_ops, s, "pxa2xx-fir", 0x1000); - memory_region_add_subregion(sysmem, base, &s->iomem); - -- if (chr) -- qemu_chr_add_handlers(chr, pxa2xx_fir_is_empty, -- pxa2xx_fir_rx, pxa2xx_fir_event, s); -- -+ if (chr) { -+ qemu_chr_add_handlers(chr, &pxa2xx_handlers, s); -+ } - register_savevm(NULL, "pxa2xx_fir", 0, 0, pxa2xx_fir_save, - pxa2xx_fir_load, s); - -diff --git a/hw/serial.c b/hw/serial.c -index d35c7a9..6499d4a 100644 ---- a/hw/serial.c -+++ b/hw/serial.c -@@ -728,6 +728,12 @@ static void serial_reset(void *opaque) - qemu_irq_lower(s->irq); - } - -+static const QemuChrHandlers serial_handlers = { -+ .fd_can_read = serial_can_receive1, -+ .fd_read = serial_receive1, -+ .fd_event = serial_event, -+}; -+ - static void serial_init_core(SerialState *s) - { - if (!s->chr) { -@@ -742,8 +748,7 @@ static void serial_init_core(SerialState *s) - - qemu_register_reset(serial_reset, s); - -- qemu_chr_add_handlers(s->chr, serial_can_receive1, serial_receive1, -- serial_event, s); -+ qemu_chr_add_handlers(s->chr, &serial_handlers, s); - } - - /* Change the main reference oscillator frequency. */ -diff --git a/hw/sh_serial.c b/hw/sh_serial.c -index a20c59e..470ce7a 100644 ---- a/hw/sh_serial.c -+++ b/hw/sh_serial.c -@@ -350,6 +350,12 @@ static CPUWriteMemoryFunc * const sh_serial_writefn[] = { - &sh_serial_write, - }; - -+static const QemuChrHandlers sh_serial_handlers = { -+ .fd_can_read = sh_serial_can_receive1, -+ .fd_read = sh_serial_receive1, -+ .fd_event = sh_serial_event, -+}; -+ - void sh_serial_init (target_phys_addr_t base, int feat, - uint32_t freq, CharDriverState *chr, - qemu_irq eri_source, -@@ -389,9 +395,9 @@ void sh_serial_init (target_phys_addr_t base, int feat, - - s->chr = chr; - -- if (chr) -- qemu_chr_add_handlers(chr, sh_serial_can_receive1, sh_serial_receive1, -- sh_serial_event, s); -+ if (chr) { -+ qemu_chr_add_handlers(chr, &sh_serial_handlers, s); -+ } - - s->eri = eri_source; - s->rxi = rxi_source; -diff --git a/hw/spapr_vty.c b/hw/spapr_vty.c -index f23cc36..0d9cd59 100644 ---- a/hw/spapr_vty.c -+++ b/hw/spapr_vty.c -@@ -54,6 +54,11 @@ void vty_putchars(VIOsPAPRDevice *sdev, uint8_t *buf, int len) - qemu_chr_fe_write(dev->chardev, buf, len); - } - -+static const QemuChrHandlers vty_handlers = { -+ .fd_can_read = vty_can_receive, -+ .fd_read = vty_receive, -+}; -+ - static int spapr_vty_init(VIOsPAPRDevice *sdev) - { - VIOsPAPRVTYDevice *dev = (VIOsPAPRVTYDevice *)sdev; -@@ -63,8 +68,7 @@ static int spapr_vty_init(VIOsPAPRDevice *sdev) - exit(1); - } - -- qemu_chr_add_handlers(dev->chardev, vty_can_receive, -- vty_receive, NULL, dev); -+ qemu_chr_add_handlers(dev->chardev, vty_handlers, dev); - - return 0; - } -diff --git a/hw/strongarm.c b/hw/strongarm.c -index a3d9080..8a8a219 100644 ---- a/hw/strongarm.c -+++ b/hw/strongarm.c -@@ -1160,6 +1160,12 @@ static const MemoryRegionOps strongarm_uart_ops = { - .endianness = DEVICE_NATIVE_ENDIAN, - }; - -+static const QemuChrHandlers strongarm_uart_handlers = { -+ .fd_can_read = strongarm_uart_can_receive, -+ .fd_read = strongarm_uart_receive, -+ .fd_event = strongarm_uart_event, -+}; -+ - static int strongarm_uart_init(SysBusDevice *dev) - { - StrongARMUARTState *s = FROM_SYSBUS(StrongARMUARTState, dev); -@@ -1172,11 +1178,7 @@ static int strongarm_uart_init(SysBusDevice *dev) - s->tx_timer = qemu_new_timer_ns(vm_clock, strongarm_uart_tx, s); - - if (s->chr) { -- qemu_chr_add_handlers(s->chr, -- strongarm_uart_can_receive, -- strongarm_uart_receive, -- strongarm_uart_event, -- s); -+ qemu_chr_add_handlers(s->chr, &strongarm_uart_handlers, s); - } - - return 0; -diff --git a/hw/syborg_serial.c b/hw/syborg_serial.c -index c83f82c..fff76da 100644 ---- a/hw/syborg_serial.c -+++ b/hw/syborg_serial.c -@@ -292,6 +292,12 @@ static const VMStateDescription vmstate_syborg_serial = { - } - }; - -+static const QemuChrHandlers syborg_serial_handlers = { -+ .fd_can_read = syborg_serial_can_receive, -+ .fd_read = syborg_serial_receive, -+ .fd_event = syborg_serial_event, -+}; -+ - static int syborg_serial_init(SysBusDevice *dev) - { - SyborgSerialState *s = FROM_SYSBUS(SyborgSerialState, dev); -@@ -304,8 +310,7 @@ static int syborg_serial_init(SysBusDevice *dev) - sysbus_init_mmio(dev, 0x1000, iomemtype); - s->chr = qdev_init_chardev(&dev->qdev); - if (s->chr) { -- qemu_chr_add_handlers(s->chr, syborg_serial_can_receive, -- syborg_serial_receive, syborg_serial_event, s); -+ qemu_chr_add_handlers(s->chr, &syborg_serial_handlers, s); - } - if (s->fifo_size <= 0) { - fprintf(stderr, "syborg_serial: fifo too small\n"); -diff --git a/hw/usb-serial.c b/hw/usb-serial.c -index 7dbf6df..bcf6622 100644 ---- a/hw/usb-serial.c -+++ b/hw/usb-serial.c -@@ -482,6 +482,12 @@ static void usb_serial_event(void *opaque, int event) - } - } - -+static const QemuChrHandlers usb_serial_handlers = { -+ .fd_can_read = usb_serial_can_read, -+ .fd_read = usb_serial_read, -+ .fd_event = usb_serial_event, -+}; -+ - static int usb_serial_initfn(USBDevice *dev) - { - USBSerialState *s = DO_UPCAST(USBSerialState, dev, dev); -@@ -493,8 +499,7 @@ static int usb_serial_initfn(USBDevice *dev) - return -1; - } - -- qemu_chr_add_handlers(s->cs, usb_serial_can_read, usb_serial_read, -- usb_serial_event, s); -+ qemu_chr_add_handlers(s->cs, &usb_serial_handlers, s); - usb_serial_handle_reset(dev); - return 0; - } -diff --git a/hw/virtio-console.c b/hw/virtio-console.c -index d3351c8..6d6f3ef 100644 ---- a/hw/virtio-console.c -+++ b/hw/virtio-console.c -@@ -95,6 +95,12 @@ static void chr_event(void *opaque, int event) - } - } - -+static const QemuChrHandlers chr_handlers = { -+ .fd_can_read = chr_can_read, -+ .fd_read = chr_read, -+ .fd_event = chr_event, -+}; -+ - static int virtconsole_initfn(VirtIOSerialPort *port) - { - VirtConsole *vcon = DO_UPCAST(VirtConsole, port, port); -@@ -107,8 +113,7 @@ static int virtconsole_initfn(VirtIOSerialPort *port) - } - - if (vcon->chr) { -- qemu_chr_add_handlers(vcon->chr, chr_can_read, chr_read, chr_event, -- vcon); -+ qemu_chr_add_handlers(vcon->chr, &chr_handlers, vcon); - info->have_data = flush_buf; - info->guest_open = guest_open; - info->guest_close = guest_close; -@@ -126,7 +131,7 @@ static int virtconsole_exitfn(VirtIOSerialPort *port) - * Instead of closing the chardev, free it so it can be used - * for other purposes. - */ -- qemu_chr_add_handlers(vcon->chr, NULL, NULL, NULL, NULL); -+ qemu_chr_add_handlers(vcon->chr, NULL, NULL); - } - - return 0; -diff --git a/hw/xen_console.c b/hw/xen_console.c -index edcb31c..2ba74f0 100644 ---- a/hw/xen_console.c -+++ b/hw/xen_console.c -@@ -212,6 +212,11 @@ out: - return ret; - } - -+static const QemuChrHandlers xencons_handlers = { -+ .fd_can_read = xencons_can_receive, -+ .fd_read = xencons_receive, -+}; -+ - static int con_initialise(struct XenDevice *xendev) - { - struct XenConsole *con = container_of(xendev, struct XenConsole, xendev); -@@ -232,9 +237,9 @@ static int con_initialise(struct XenDevice *xendev) - return -1; - - xen_be_bind_evtchn(&con->xendev); -- if (con->chr) -- qemu_chr_add_handlers(con->chr, xencons_can_receive, xencons_receive, -- NULL, con); -+ if (con->chr) { -+ qemu_chr_add_handlers(con->chr, &xencons_handlers, con); -+ } - - xen_be_printf(xendev, 1, "ring mfn %d, remote port %d, local port %d, limit %zd\n", - con->ring_ref, -@@ -248,8 +253,9 @@ static void con_disconnect(struct XenDevice *xendev) - { - struct XenConsole *con = container_of(xendev, struct XenConsole, xendev); - -- if (con->chr) -- qemu_chr_add_handlers(con->chr, NULL, NULL, NULL, NULL); -+ if (con->chr) { -+ qemu_chr_add_handlers(con->chr, NULL, NULL); -+ } - xen_be_unbind_evtchn(&con->xendev); - - if (con->sring) { -diff --git a/hw/xilinx_uartlite.c b/hw/xilinx_uartlite.c -index ceb7b4d..69f7191 100644 ---- a/hw/xilinx_uartlite.c -+++ b/hw/xilinx_uartlite.c -@@ -195,6 +195,12 @@ static void uart_event(void *opaque, int event) - - } - -+static const QemuChrHandlers uart_handlers = { -+ .fd_can_read = uart_can_rx, -+ .fd_read = uart_rx, -+ .fd_event = uart_event, -+}; -+ - static int xilinx_uartlite_init(SysBusDevice *dev) - { - struct xlx_uartlite *s = FROM_SYSBUS(typeof (*s), dev); -@@ -206,8 +212,9 @@ static int xilinx_uartlite_init(SysBusDevice *dev) - sysbus_init_mmio_region(dev, &s->mmio); - - s->chr = qdev_init_chardev(&dev->qdev); -- if (s->chr) -- qemu_chr_add_handlers(s->chr, uart_can_rx, uart_rx, uart_event, s); -+ if (s->chr) { -+ qemu_chr_add_handlers(s->chr, &uart_handlers, s); -+ } - return 0; - } - -diff --git a/monitor.c b/monitor.c -index f956eb7..a82fda3 100644 ---- a/monitor.c -+++ b/monitor.c -@@ -4882,6 +4882,18 @@ static void sortcmdlist(void) - * End: - */ - -+static const QemuChrHandlers monitor_handlers = { -+ .fd_can_read = monitor_can_read, -+ .fd_read = monitor_read, -+ .fd_event = monitor_event, -+}; -+ -+static const QemuChrHandlers monitor_control_handlers = { -+ .fd_can_read = monitor_can_read, -+ .fd_read = monitor_control_read, -+ .fd_event = monitor_control_event, -+}; -+ - void monitor_init(CharDriverState *chr, int flags) - { - static int is_first_init = 1; -@@ -4904,12 +4916,10 @@ void monitor_init(CharDriverState *chr, int flags) - if (monitor_ctrl_mode(mon)) { - mon->mc = g_malloc0(sizeof(MonitorControl)); - /* Control mode requires special handlers */ -- qemu_chr_add_handlers(chr, monitor_can_read, monitor_control_read, -- monitor_control_event, mon); -+ qemu_chr_add_handlers(chr, &monitor_control_handlers, mon); - qemu_chr_fe_set_echo(chr, true); - } else { -- qemu_chr_add_handlers(chr, monitor_can_read, monitor_read, -- monitor_event, mon); -+ qemu_chr_add_handlers(chr, &monitor_handlers, mon); - } - - QLIST_INSERT_HEAD(&mon_list, mon, entry); -diff --git a/net/slirp.c b/net/slirp.c -index 6646ecb..05405ff 100644 ---- a/net/slirp.c -+++ b/net/slirp.c -@@ -576,6 +576,11 @@ static void guestfwd_read(void *opaque, const uint8_t *buf, int size) - slirp_socket_recv(fwd->slirp, fwd->server, fwd->port, buf, size); - } - -+static const QemuChrHandlers guestfwd_handlers = { -+ .fd_can_read = guestfwd_can_read, -+ .fd_read = guestfwd_read, -+}; -+ - static int slirp_guestfwd(SlirpState *s, const char *config_str, - int legacy_format) - { -@@ -632,8 +637,7 @@ static int slirp_guestfwd(SlirpState *s, const char *config_str, - fwd->port = port; - fwd->slirp = s->slirp; - -- qemu_chr_add_handlers(fwd->hd, guestfwd_can_read, guestfwd_read, -- NULL, fwd); -+ qemu_chr_add_handlers(fwd->hd, &guestfwd_handlers, fwd); - return 0; - - fail_syntax: -diff --git a/qemu-char.c b/qemu-char.c -index a5ca611..d2a99a6 100644 ---- a/qemu-char.c -+++ b/qemu-char.c -@@ -189,19 +189,26 @@ void qemu_chr_fe_printf(CharDriverState *s, const char *fmt, ...) - va_end(ap); - } - -+static const QemuChrHandlers null_handlers = { -+ /* All handlers are initialised to NULL */ -+}; -+ - void qemu_chr_add_handlers(CharDriverState *s, -- IOCanReadHandler *fd_can_read, -- IOReadHandler *fd_read, -- IOEventHandler *fd_event, -- void *opaque) -+ const QemuChrHandlers *handlers, void *opaque) - { -- if (!opaque && !fd_can_read && !fd_read && !fd_event) { -+ if (!s) { -+ return; -+ } -+ if (!opaque && !handlers) { - /* chr driver being released. */ - ++s->avail_connections; - } -- s->chr_can_read = fd_can_read; -- s->chr_read = fd_read; -- s->chr_event = fd_event; -+ if (!handlers) { -+ handlers = &null_handlers; -+ } -+ s->chr_can_read = handlers->fd_can_read; -+ s->chr_read = handlers->fd_read; -+ s->chr_event = handlers->fd_event; - s->handler_opaque = opaque; - if (s->chr_update_read_handler) - s->chr_update_read_handler(s); -@@ -441,6 +448,12 @@ static void mux_chr_event(void *opaque, int event) - mux_chr_send_event(d, i, event); - } - -+static const QemuChrHandlers mux_chr_handlers = { -+ .fd_can_read = mux_chr_can_read, -+ .fd_read = mux_chr_read, -+ .fd_event = mux_chr_event, -+}; -+ - static void mux_chr_update_read_handler(CharDriverState *chr) - { - MuxDriver *d = chr->opaque; -@@ -455,8 +468,7 @@ static void mux_chr_update_read_handler(CharDriverState *chr) - d->chr_event[d->mux_cnt] = chr->chr_event; - /* Fix up the real driver with mux routines */ - if (d->mux_cnt == 0) { -- qemu_chr_add_handlers(d->drv, mux_chr_can_read, mux_chr_read, -- mux_chr_event, chr); -+ qemu_chr_add_handlers(d->drv, &mux_chr_handlers, chr); - } - if (d->focus != -1) { - mux_chr_send_event(d, d->focus, CHR_EVENT_MUX_OUT); -diff --git a/qemu-char.h b/qemu-char.h -index 8ca1e2d..564e688 100644 ---- a/qemu-char.h -+++ b/qemu-char.h -@@ -222,10 +222,15 @@ void qemu_chr_be_write(CharDriverState *s, uint8_t *buf, int len); - */ - void qemu_chr_be_event(CharDriverState *s, int event); - --void qemu_chr_add_handlers(CharDriverState *s, -- IOCanReadHandler *fd_can_read, -- IOReadHandler *fd_read, -- IOEventHandler *fd_event, -+ -+typedef struct QemuChrHandlers { -+ IOCanReadHandler *fd_can_read; -+ IOReadHandler *fd_read; -+ IOHandler *fd_write_unblocked; -+ IOEventHandler *fd_event; -+} QemuChrHandlers; -+ -+void qemu_chr_add_handlers(CharDriverState *s, const QemuChrHandlers *handlers, - void *opaque); - - void qemu_chr_generic_open(CharDriverState *s); -diff --git a/usb-redir.c b/usb-redir.c -index 86bccf8..e421cff 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -865,6 +865,12 @@ static void usbredir_chardev_event(void *opaque, int event) - } - } - -+static const QemuChrHandlers usbredir_chr_handlers = { -+ .fd_can_read = usbredir_chardev_can_read, -+ .fd_read = usbredir_chardev_read, -+ .fd_event = usbredir_chardev_event, -+}; -+ - /* - * init + destroy - */ -@@ -892,8 +898,7 @@ static int usbredir_initfn(USBDevice *udev) - - /* Let the backend know we are ready */ - qemu_chr_fe_open(dev->cs); -- qemu_chr_add_handlers(dev->cs, usbredir_chardev_can_read, -- usbredir_chardev_read, usbredir_chardev_event, dev); -+ qemu_chr_add_handlers(dev->cs, &usbredir_chr_handlers, dev); - - return 0; - } --- -1.7.7.5 - diff --git a/0107-char-Throttle-when-host-connection-is-down.patch b/0107-char-Throttle-when-host-connection-is-down.patch new file mode 100644 index 0000000..26755a5 --- /dev/null +++ b/0107-char-Throttle-when-host-connection-is-down.patch @@ -0,0 +1,56 @@ +From 52aef47122bcbdd556f9fd3510a2047b8f920064 Mon Sep 17 00:00:00 2001 +From: Amit Shah +Date: Mon, 21 Mar 2011 22:05:10 +0100 +Subject: [PATCH 107/114] char: Throttle when host connection is down# + +When the host-side connection goes down, throttle the virtio-serial bus +and later unthrottle when a connection gets established. This helps +prevent any lost IO (guest->host) while the host connection was down. + +Bugzilla: 621484 + +This commit actually helps the bug mentioned above as no writes will now +get lost because of the throttling done here. With just the patches +sent earlier for that bug, one write will end up getting lost in the +worst case (host d/c, guest write, host connect). + +Signed-off-by: Amit Shah +--- + qemu-char.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/qemu-char.c b/qemu-char.c +index ed306e5..c263328 100644 +--- a/qemu-char.c ++++ b/qemu-char.c +@@ -140,6 +140,9 @@ static void qemu_chr_generic_open_bh(void *opaque) + { + CharDriverState *s = opaque; + qemu_chr_be_event(s, CHR_EVENT_OPENED); ++ if (s->write_blocked) { ++ char_write_unblocked(s); ++ } + qemu_bh_delete(s->bh); + s->bh = NULL; + } +@@ -2244,6 +2247,17 @@ static int tcp_chr_write(CharDriverState *chr, const uint8_t *buf, int len) + ret = send_all(chr, s->fd, buf, len); + if (ret == -1 && errno == EPIPE) { + tcp_closed(chr); ++ ++ if (chr->chr_enable_write_fd_handler && chr->chr_write_unblocked) { ++ /* ++ * Since we haven't written out anything, let's say ++ * we're throttled. This will prevent any output from ++ * the guest getting lost if host-side chardev goes ++ * down. Unthrottle when we re-connect. ++ */ ++ chr->write_blocked = true; ++ return 0; ++ } + } + return ret; + } else { +-- +1.7.10.4 + diff --git a/0108-iohandlers-Add-enable-disable_write_fd_handler-funct.patch b/0108-iohandlers-Add-enable-disable_write_fd_handler-funct.patch deleted file mode 100644 index a02a798..0000000 --- a/0108-iohandlers-Add-enable-disable_write_fd_handler-funct.patch +++ /dev/null @@ -1,77 +0,0 @@ -From f896c023201863927853c5d97e62916e0753fede Mon Sep 17 00:00:00 2001 -From: Amit Shah -Date: Mon, 21 Mar 2011 20:32:58 +0100 -Subject: [PATCH 108/118] iohandlers: Add enable/disable_write_fd_handler() - functions - -These will be used to provide a cleaner API for the nonblocking case. - -Signed-off-by: Amit Shah ---- - iohandler.c | 35 +++++++++++++++++++++++++++++++++++ - main-loop.h | 3 +++ - 2 files changed, 38 insertions(+), 0 deletions(-) - -diff --git a/iohandler.c b/iohandler.c -index 5640d49..a9a62cb 100644 ---- a/iohandler.c -+++ b/iohandler.c -@@ -45,6 +45,41 @@ typedef struct IOHandlerRecord { - static QLIST_HEAD(, IOHandlerRecord) io_handlers = - QLIST_HEAD_INITIALIZER(io_handlers); - -+static IOHandlerRecord *find_iohandler(int fd) -+{ -+ IOHandlerRecord *ioh; -+ -+ QLIST_FOREACH(ioh, &io_handlers, next) { -+ if (ioh->fd == fd) { -+ return ioh; -+ } -+ } -+ return NULL; -+} -+ -+void enable_write_fd_handler(int fd, IOHandler *fd_write) -+{ -+ IOHandlerRecord *ioh; -+ -+ ioh = find_iohandler(fd); -+ if (!ioh) { -+ return; -+ } -+ -+ ioh->fd_write = fd_write; -+} -+ -+void disable_write_fd_handler(int fd) -+{ -+ IOHandlerRecord *ioh; -+ -+ ioh = find_iohandler(fd); -+ if (!ioh) { -+ return; -+ } -+ -+ ioh->fd_write = NULL; -+} - - /* XXX: fd_read_poll should be suppressed, but an API change is - necessary in the character devices to suppress fd_can_read(). */ -diff --git a/main-loop.h b/main-loop.h -index 8a716b1..c5a96cd 100644 ---- a/main-loop.h -+++ b/main-loop.h -@@ -167,6 +167,9 @@ typedef void IOReadHandler(void *opaque, const uint8_t *buf, int size); - typedef int IOCanReadHandler(void *opaque); - typedef void IOHandler(void *opaque); - -+void enable_write_fd_handler(int fd, IOHandler *fd_write); -+void disable_write_fd_handler(int fd); -+ - /** - * qemu_set_fd_handler2: Register a file descriptor with the main loop - * --- -1.7.7.5 - diff --git a/0108-virtio-console-Enable-port-throttling-when-chardev-i.patch b/0108-virtio-console-Enable-port-throttling-when-chardev-i.patch new file mode 100644 index 0000000..d3e4afc --- /dev/null +++ b/0108-virtio-console-Enable-port-throttling-when-chardev-i.patch @@ -0,0 +1,49 @@ +From 738da364d19bd99b70c79cb1174eef0e19f8e368 Mon Sep 17 00:00:00 2001 +From: Amit Shah +Date: Mon, 21 Mar 2011 22:06:41 +0100 +Subject: [PATCH 108/114] virtio-console: Enable port throttling when chardev + is slow to consume data + +When a chardev indicates it can't accept more data, we tell the +virtio-serial code to stop sending us any more data till we tell +otherwise. This helps in guests continuing to run normally while the vq +keeps getting full and eventually the guest stops queueing more data. +As soon as the chardev indicates it can accept more data, start pushing! + +Signed-off-by: Amit Shah +--- + hw/virtio-console.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/hw/virtio-console.c b/hw/virtio-console.c +index 066590c..2b5e515 100644 +--- a/hw/virtio-console.c ++++ b/hw/virtio-console.c +@@ -20,6 +20,16 @@ typedef struct VirtConsole { + CharDriverState *chr; + } VirtConsole; + ++/* ++ * Callback function that's called from chardevs when backend becomes ++ * writable. ++ */ ++static void chr_write_unblocked(void *opaque) ++{ ++ VirtConsole *vcon = opaque; ++ ++ virtio_serial_throttle_port(&vcon->port, false); ++} + + /* Callback function that's called when the guest sends us data */ + static ssize_t flush_buf(VirtIOSerialPort *port, const uint8_t *buf, size_t len) +@@ -110,6 +120,7 @@ static const QemuChrHandlers chr_handlers = { + .fd_can_read = chr_can_read, + .fd_read = chr_read, + .fd_event = chr_event, ++ .fd_write_unblocked = chr_write_unblocked, + }; + + static int virtconsole_initfn(VirtIOSerialPort *port) +-- +1.7.10.4 + diff --git a/0109-char-Add-framework-for-a-write-unblocked-callback.patch b/0109-char-Add-framework-for-a-write-unblocked-callback.patch deleted file mode 100644 index 2599187..0000000 --- a/0109-char-Add-framework-for-a-write-unblocked-callback.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 6d5337e1dc8d926f9183e2f5eb5e97c438203527 Mon Sep 17 00:00:00 2001 -From: Amit Shah -Date: Mon, 21 Mar 2011 21:41:42 +0100 -Subject: [PATCH 109/118] char: Add framework for a 'write unblocked' callback - -The char layer can let users know that the driver will block on further -input. For users interested in not blocking, they can assign a function -pointer that will be called back when the driver becomes writable. This -patch just adds the function pointers to the CharDriverState structure, -future patches will enable the nonblocking and callback functionality. - -Signed-off-by: Amit Shah ---- - qemu-char.c | 3 +++ - qemu-char.h | 4 ++++ - 2 files changed, 7 insertions(+), 0 deletions(-) - -diff --git a/qemu-char.c b/qemu-char.c -index d2a99a6..66b5887 100644 ---- a/qemu-char.c -+++ b/qemu-char.c -@@ -208,11 +208,14 @@ void qemu_chr_add_handlers(CharDriverState *s, - } - s->chr_can_read = handlers->fd_can_read; - s->chr_read = handlers->fd_read; -+ s->chr_write_unblocked = handlers->fd_write_unblocked; - s->chr_event = handlers->fd_event; - s->handler_opaque = opaque; - if (s->chr_update_read_handler) - s->chr_update_read_handler(s); - -+ s->write_blocked = false; -+ - /* We're connecting to an already opened device, so let's make sure we - also get the open event */ - if (s->opened) { -diff --git a/qemu-char.h b/qemu-char.h -index 564e688..2628bee 100644 ---- a/qemu-char.h -+++ b/qemu-char.h -@@ -62,6 +62,9 @@ struct CharDriverState { - IOEventHandler *chr_event; - IOCanReadHandler *chr_can_read; - IOReadHandler *chr_read; -+ IOHandler *chr_write_unblocked; -+ void (*chr_enable_write_fd_handler)(struct CharDriverState *chr); -+ void (*chr_disable_write_fd_handler)(struct CharDriverState *chr); - void *handler_opaque; - void (*chr_close)(struct CharDriverState *chr); - void (*chr_accept_input)(struct CharDriverState *chr); -@@ -74,6 +77,7 @@ struct CharDriverState { - char *filename; - int opened; - int avail_connections; -+ bool write_blocked; /* Are we in a blocked state? */ - QTAILQ_ENTRY(CharDriverState) next; - }; - --- -1.7.7.5 - diff --git a/0109-spice-qemu-char.c-add-throttling.patch b/0109-spice-qemu-char.c-add-throttling.patch new file mode 100644 index 0000000..b64243e --- /dev/null +++ b/0109-spice-qemu-char.c-add-throttling.patch @@ -0,0 +1,133 @@ +From 484eac58fb0cf9b0ba6d31db868a549ee8799437 Mon Sep 17 00:00:00 2001 +From: Alon Levy +Date: Tue, 22 Mar 2011 12:27:59 +0200 +Subject: [PATCH 109/114] spice-qemu-char.c: add throttling + +BZ: 672191 + +upstream: not submitted (explained below) + +Adds throttling support to spicevmc chardev. Uses a timer to avoid recursing: +1. spice-server: reds.c: read_from_vdi_port +2. qemu: spice-qemu-char.c: vmc_read +3. chr_write_unblocked + (calls virtio_serial_throttle_port(port, false)) +4. qemu: virtio ... +5. qemu: spice-qemu-char.c: spice_chr_write +6. qemu: spice-qemu-char.c: wakeup (calls into spice-server) +7. spice-server: ... +8. qemu: spice-qemu-char.c: vmc_read + +Instead, in vmc_read if we were throttled and we are just about to return +all the bytes we will set a timer to be triggered immediately to call +chr_write_unblocked. Then we return after 2 above, and 3 is called from the +timer callback. This also means we can later remove some ugly recursion protection +from spice-server. + +The other tricky point in this patch is not returning the leftover chunk twice. +When we throttle, by definition we have data that spice server didn't consume. +It is being kept by virtio-serial, and by us. The next vmc_read callback needs +to not return it, but just do unthrottling. Then virtio will give us the remaining +chunk as usual in spice_chr_write, and we will pass it to spice server in the +next vmc_read. + +This patch relies on Amit's series to expose throttling to chardev's, which +was not accepted upstream, and will not be accepted upstream until the mainloop +is reworked to use glib. +--- + spice-qemu-char.c | 39 +++++++++++++++++++++++++++++++++++---- + 1 file changed, 35 insertions(+), 4 deletions(-) + +diff --git a/spice-qemu-char.c b/spice-qemu-char.c +index 09aa22d..fba2bfb 100644 +--- a/spice-qemu-char.c ++++ b/spice-qemu-char.c +@@ -1,4 +1,6 @@ + #include "config-host.h" ++#include "qemu-common.h" ++#include "qemu-timer.h" + #include "trace.h" + #include "ui/qemu-spice.h" + #include +@@ -25,6 +27,7 @@ typedef struct SpiceCharDriver { + uint8_t *datapos; + ssize_t bufsize, datalen; + uint32_t debug; ++ QEMUTimer *unblock_timer; + } SpiceCharDriver; + + static int vmc_write(SpiceCharDeviceInstance *sin, const uint8_t *buf, int len) +@@ -50,6 +53,17 @@ static int vmc_write(SpiceCharDeviceInstance *sin, const uint8_t *buf, int len) + return out; + } + ++static void spice_chr_unblock(void *opaque) ++{ ++ SpiceCharDriver *scd = opaque; ++ ++ if (scd->chr->chr_write_unblocked == NULL) { ++ dprintf(scd, 1, "%s: backend doesn't support unthrottling.\n", __func__); ++ return; ++ } ++ scd->chr->chr_write_unblocked(scd->chr->handler_opaque); ++} ++ + static int vmc_read(SpiceCharDeviceInstance *sin, uint8_t *buf, int len) + { + SpiceCharDriver *scd = container_of(sin, SpiceCharDriver, sin); +@@ -61,9 +75,16 @@ static int vmc_read(SpiceCharDeviceInstance *sin, uint8_t *buf, int len) + scd->datapos += bytes; + scd->datalen -= bytes; + assert(scd->datalen >= 0); +- if (scd->datalen == 0) { +- scd->datapos = 0; +- } ++ } ++ if (scd->datalen == 0 && scd->chr->write_blocked) { ++ dprintf(scd, 1, "%s: unthrottling (%d)\n", __func__, bytes); ++ scd->chr->write_blocked = false; ++ /* ++ * set a timer instead of calling scd->chr->chr_write_unblocked directly, ++ * because that will call back into spice_chr_write (see ++ * virtio-console.c:chr_write_unblocked), which is unwanted. ++ */ ++ qemu_mod_timer(scd->unblock_timer, 0); + } + trace_spice_vmc_read(bytes, len); + return bytes; +@@ -135,6 +156,7 @@ static void vmc_unregister_interface(SpiceCharDriver *scd) + static int spice_chr_write(CharDriverState *chr, const uint8_t *buf, int len) + { + SpiceCharDriver *s = chr->opaque; ++ int read_bytes; + + dprintf(s, 2, "%s: %d\n", __func__, len); + vmc_register_interface(s); +@@ -147,7 +169,15 @@ static int spice_chr_write(CharDriverState *chr, const uint8_t *buf, int len) + s->datapos = s->buffer; + s->datalen = len; + spice_server_char_device_wakeup(&s->sin); +- return len; ++ read_bytes = len - s->datalen; ++ if (read_bytes != len) { ++ dprintf(s, 1, "%s: throttling: %d < %d (%zd)\n", __func__, ++ read_bytes, len, s->bufsize); ++ s->chr->write_blocked = true; ++ /* We'll get passed in the unconsumed data with the next call */ ++ s->datalen = 0; ++ } ++ return read_bytes; + } + + static void spice_chr_close(struct CharDriverState *chr) +@@ -225,6 +255,7 @@ CharDriverState *qemu_chr_open_spice(QemuOpts *opts) + chr->chr_close = spice_chr_close; + chr->chr_guest_open = spice_chr_guest_open; + chr->chr_guest_close = spice_chr_guest_close; ++ s->unblock_timer = qemu_new_timer_ms(vm_clock, spice_chr_unblock, s); + + #if SPICE_SERVER_VERSION < 0x000901 + /* See comment in vmc_state() */ +-- +1.7.10.4 + diff --git a/0110-char-Update-send_all-to-handle-nonblocking-chardev-w.patch b/0110-char-Update-send_all-to-handle-nonblocking-chardev-w.patch deleted file mode 100644 index c694ebf..0000000 --- a/0110-char-Update-send_all-to-handle-nonblocking-chardev-w.patch +++ /dev/null @@ -1,188 +0,0 @@ -From 9ca6b87b877fa46c81ce8e5b5a97dca4f522a727 Mon Sep 17 00:00:00 2001 -From: Amit Shah -Date: Mon, 21 Mar 2011 22:00:27 +0100 -Subject: [PATCH 110/118] char: Update send_all() to handle nonblocking - chardev write requests - -The send_all function is modified to return to the caller in case the -driver cannot handle any more data. It returns -EAGAIN or -WSAEWOULDBLOCK on non-Windows and Windows platforms respectively. This -is only done when the caller sets a callback function handler indicating -it's not interested in blocking till the driver has written out all the -data. - -Currently there's no driver or caller that supports this. Future -commits will add such capability. - -Signed-off-by: Amit Shah ---- - net/socket.c | 4 +- - qemu-char.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++----- - qemu_socket.h | 2 +- - 3 files changed, 66 insertions(+), 9 deletions(-) - -diff --git a/net/socket.c b/net/socket.c -index e9ef128..0d53dce 100644 ---- a/net/socket.c -+++ b/net/socket.c -@@ -56,8 +56,8 @@ static ssize_t net_socket_receive(VLANClientState *nc, const uint8_t *buf, size_ - uint32_t len; - len = htonl(size); - -- send_all(s->fd, (const uint8_t *)&len, sizeof(len)); -- return send_all(s->fd, buf, size); -+ send_all(NULL, s->fd, (const uint8_t *)&len, sizeof(len)); -+ return send_all(NULL, s->fd, buf, size); - } - - static ssize_t net_socket_receive_dgram(VLANClientState *nc, const uint8_t *buf, size_t size) -diff --git a/qemu-char.c b/qemu-char.c -index 66b5887..5e7f68e 100644 ---- a/qemu-char.c -+++ b/qemu-char.c -@@ -507,7 +507,7 @@ static CharDriverState *qemu_chr_open_mux(CharDriverState *drv) - - - #ifdef _WIN32 --int send_all(int fd, const void *buf, int len1) -+static int do_send(int fd, const void *buf, int len1, bool nonblock) - { - int ret, len; - -@@ -515,9 +515,14 @@ int send_all(int fd, const void *buf, int len1) - while (len > 0) { - ret = send(fd, buf, len, 0); - if (ret < 0) { -+ if (nonblock && len1 - len) { -+ return len1 - len; -+ } - errno = WSAGetLastError(); - if (errno != WSAEWOULDBLOCK) { - return -1; -+ } else if (errno == WSAEWOULDBLOCK && nonblock) { -+ return WSAEWOULDBLOCK; - } - } else if (ret == 0) { - break; -@@ -531,7 +536,7 @@ int send_all(int fd, const void *buf, int len1) - - #else - --int send_all(int fd, const void *_buf, int len1) -+static int do_send(int fd, const void *_buf, int len1, bool nonblock) - { - int ret, len; - const uint8_t *buf = _buf; -@@ -540,8 +545,15 @@ int send_all(int fd, const void *_buf, int len1) - while (len > 0) { - ret = write(fd, buf, len); - if (ret < 0) { -- if (errno != EINTR && errno != EAGAIN) -+ if (nonblock && len1 - len) { -+ return len1 - len; -+ } -+ if (errno == EAGAIN && nonblock) { -+ return -EAGAIN; -+ } -+ if (errno != EINTR && errno != EAGAIN) { - return -1; -+ } - } else if (ret == 0) { - break; - } else { -@@ -556,6 +568,44 @@ int send_all(int fd, const void *_buf, int len1) - #define STDIO_MAX_CLIENTS 1 - static int stdio_nb_clients; - -+int send_all(CharDriverState *chr, int fd, const void *_buf, int len1) -+{ -+ int ret, eagain_errno; -+ bool nonblock; -+ -+ if (chr && chr->write_blocked) { -+ /* -+ * The caller should not send us data while we're blocked, -+ * but this can happen when multiple writers are woken at once, -+ * so simply return -EAGAIN. -+ */ -+ return -EAGAIN; -+ } -+ -+ nonblock = false; -+ /* -+ * Ensure the char backend is able to receive and handle the -+ * 'write unblocked' event before we turn on nonblock support. -+ */ -+ if (chr && chr->chr_enable_write_fd_handler && chr->chr_write_unblocked) { -+ nonblock = true; -+ } -+ ret = do_send(fd, _buf, len1, nonblock); -+ -+#ifdef _WIN32 -+ eagain_errno = WSAEWOULDBLOCK; -+#else -+ eagain_errno = -EAGAIN; -+#endif -+ -+ if (nonblock && (ret == eagain_errno || (ret >= 0 && ret < len1))) { -+ /* Update fd handler to wake up when chr becomes writable */ -+ chr->chr_enable_write_fd_handler(chr); -+ chr->write_blocked = true; -+ } -+ return ret; -+} -+ - #ifndef _WIN32 - - typedef struct { -@@ -567,7 +617,7 @@ typedef struct { - static int fd_chr_write(CharDriverState *chr, const uint8_t *buf, int len) - { - FDCharDriver *s = chr->opaque; -- return send_all(s->fd_out, buf, len); -+ return send_all(chr, s->fd_out, buf, len); - } - - static int fd_chr_read_poll(void *opaque) -@@ -892,7 +942,7 @@ static int pty_chr_write(CharDriverState *chr, const uint8_t *buf, int len) - pty_chr_update_read_handler(chr); - return 0; - } -- return send_all(s->fd, buf, len); -+ return send_all(chr, s->fd, buf, len); - } - - static int pty_chr_read_poll(void *opaque) -@@ -2196,8 +2246,15 @@ static void tcp_closed(void *opaque) - static int tcp_chr_write(CharDriverState *chr, const uint8_t *buf, int len) - { - TCPCharDriver *s = chr->opaque; -+ - if (s->connected) { -- return send_all(s->fd, buf, len); -+ int ret; -+ -+ ret = send_all(chr, s->fd, buf, len); -+ if (ret == -1 && errno == EPIPE) { -+ tcp_closed(chr); -+ } -+ return ret; - } else { - /* XXX: indicate an error ? */ - return len; -diff --git a/qemu_socket.h b/qemu_socket.h -index 9e32fac..9ea33fe 100644 ---- a/qemu_socket.h -+++ b/qemu_socket.h -@@ -37,7 +37,7 @@ int qemu_socket(int domain, int type, int protocol); - int qemu_accept(int s, struct sockaddr *addr, socklen_t *addrlen); - void socket_set_block(int fd); - void socket_set_nonblock(int fd); --int send_all(int fd, const void *buf, int len1); -+int send_all(CharDriverState *chr, int fd, const void *buf, int len1); - - /* New, ipv6-ready socket helper functions, see qemu-sockets.c */ - int inet_listen_opts(QemuOpts *opts, int port_offset); --- -1.7.7.5 - diff --git a/0110-spice-qemu-char.c-remove-intermediate-buffer.patch b/0110-spice-qemu-char.c-remove-intermediate-buffer.patch new file mode 100644 index 0000000..7a49e1d --- /dev/null +++ b/0110-spice-qemu-char.c-remove-intermediate-buffer.patch @@ -0,0 +1,71 @@ +From 606c5ed5369c862c70fa527892b808f189a2b482 Mon Sep 17 00:00:00 2001 +From: Alon Levy +Date: Tue, 22 Mar 2011 12:28:00 +0200 +Subject: [PATCH 110/114] spice-qemu-char.c: remove intermediate buffer + +BZ: 672191 +upstream: not submitted (explained below) + +virtio-serial's buffer is valid when it calls us, and we don't +access it otherwise: vmc_read is only called in response to wakeup, +or else we set datalen=0 and throttle. Then vmc_read is called back, +we return 0 (not accessing the buffer) and set the timer to unthrottle. + +Also make datalen int and not ssize_t (to fit spice_chr_write signature). + +This relied on the previous patch that introduces throttling, which +can't go upstream right now as explained in that patch. +--- + spice-qemu-char.c | 18 ++++++------------ + 1 file changed, 6 insertions(+), 12 deletions(-) + +diff --git a/spice-qemu-char.c b/spice-qemu-char.c +index fba2bfb..ef44bc0 100644 +--- a/spice-qemu-char.c ++++ b/spice-qemu-char.c +@@ -23,9 +23,8 @@ typedef struct SpiceCharDriver { + SpiceCharDeviceInstance sin; + char *subtype; + bool active; +- uint8_t *buffer; +- uint8_t *datapos; +- ssize_t bufsize, datalen; ++ const uint8_t *datapos; ++ int datalen; + uint32_t debug; + QEMUTimer *unblock_timer; + } SpiceCharDriver; +@@ -69,7 +68,7 @@ static int vmc_read(SpiceCharDeviceInstance *sin, uint8_t *buf, int len) + SpiceCharDriver *scd = container_of(sin, SpiceCharDriver, sin); + int bytes = MIN(len, scd->datalen); + +- dprintf(scd, 2, "%s: %p %d/%d/%zd\n", __func__, scd->datapos, len, bytes, scd->datalen); ++ dprintf(scd, 2, "%s: %p %d/%d/%d\n", __func__, scd->datapos, len, bytes, scd->datalen); + if (bytes > 0) { + memcpy(buf, scd->datapos, bytes); + scd->datapos += bytes; +@@ -161,18 +160,13 @@ static int spice_chr_write(CharDriverState *chr, const uint8_t *buf, int len) + dprintf(s, 2, "%s: %d\n", __func__, len); + vmc_register_interface(s); + assert(s->datalen == 0); +- if (s->bufsize < len) { +- s->bufsize = len; +- s->buffer = g_realloc(s->buffer, s->bufsize); +- } +- memcpy(s->buffer, buf, len); +- s->datapos = s->buffer; ++ s->datapos = buf; + s->datalen = len; + spice_server_char_device_wakeup(&s->sin); + read_bytes = len - s->datalen; + if (read_bytes != len) { +- dprintf(s, 1, "%s: throttling: %d < %d (%zd)\n", __func__, +- read_bytes, len, s->bufsize); ++ dprintf(s, 1, "%s: throttling: %d < %d\n", __func__, ++ read_bytes, len); + s->chr->write_blocked = true; + /* We'll get passed in the unconsumed data with the next call */ + s->datalen = 0; +-- +1.7.10.4 + diff --git a/0111-char-Equip-the-unix-tcp-backend-to-handle-nonblockin.patch b/0111-char-Equip-the-unix-tcp-backend-to-handle-nonblockin.patch deleted file mode 100644 index 10ccf75..0000000 --- a/0111-char-Equip-the-unix-tcp-backend-to-handle-nonblockin.patch +++ /dev/null @@ -1,81 +0,0 @@ -From b235c039fbab104ab582922f0083625564e177b1 Mon Sep 17 00:00:00 2001 -From: Amit Shah -Date: Mon, 21 Mar 2011 22:02:47 +0100 -Subject: [PATCH 111/118] char: Equip the unix/tcp backend to handle - nonblocking writes# - -Now that the infrastructure is in place to return -EAGAIN to callers, -individual char drivers can set their update_fd_handlers() function to -set or remove an fd's write handler. This handler checks if the driver -became writable. - -A generic callback routine is used for unblocking writes and letting -users of chardevs know that a driver became writable again. - -Signed-off-by: Amit Shah ---- - qemu-char.c | 34 ++++++++++++++++++++++++++++++++++ - 1 files changed, 34 insertions(+), 0 deletions(-) - -diff --git a/qemu-char.c b/qemu-char.c -index 5e7f68e..f98b240 100644 ---- a/qemu-char.c -+++ b/qemu-char.c -@@ -106,6 +106,19 @@ - static QTAILQ_HEAD(CharDriverStateHead, CharDriverState) chardevs = - QTAILQ_HEAD_INITIALIZER(chardevs); - -+/* -+ * Generic routine that gets called when chardev becomes writable. -+ * Lets chardev user know it's OK to send more data. -+ */ -+static void char_write_unblocked(void *opaque) -+{ -+ CharDriverState *chr = opaque; -+ -+ chr->write_blocked = false; -+ chr->chr_disable_write_fd_handler(chr); -+ chr->chr_write_unblocked(chr->handler_opaque); -+} -+ - void qemu_chr_be_event(CharDriverState *s, int event) - { - /* Keep track if the char device is open */ -@@ -2515,6 +2528,25 @@ static void tcp_chr_close(CharDriverState *chr) - qemu_chr_be_event(chr, CHR_EVENT_CLOSED); - } - -+static void tcp_enable_write_fd_handler(CharDriverState *chr) -+{ -+ TCPCharDriver *s = chr->opaque; -+ -+ /* -+ * This function is called only after tcp_chr_connect() is called -+ * (either in 'server' mode or client mode. So we're sure of -+ * s->fd being initialised. -+ */ -+ enable_write_fd_handler(s->fd, char_write_unblocked); -+} -+ -+static void tcp_disable_write_fd_handler(CharDriverState *chr) -+{ -+ TCPCharDriver *s = chr->opaque; -+ -+ disable_write_fd_handler(s->fd); -+} -+ - static int qemu_chr_open_socket(QemuOpts *opts, CharDriverState **_chr) - { - CharDriverState *chr = NULL; -@@ -2571,6 +2603,8 @@ static int qemu_chr_open_socket(QemuOpts *opts, CharDriverState **_chr) - chr->chr_close = tcp_chr_close; - chr->get_msgfd = tcp_get_msgfd; - chr->chr_add_client = tcp_chr_add_client; -+ chr->chr_enable_write_fd_handler = tcp_enable_write_fd_handler; -+ chr->chr_disable_write_fd_handler = tcp_disable_write_fd_handler; - - if (is_listen) { - s->listen_fd = fd; --- -1.7.7.5 - diff --git a/0111-usb-redir-Add-flow-control-support.patch b/0111-usb-redir-Add-flow-control-support.patch new file mode 100644 index 0000000..8cd4d88 --- /dev/null +++ b/0111-usb-redir-Add-flow-control-support.patch @@ -0,0 +1,65 @@ +From 2f61a7bed440164c35c739fcef10d19edef3f8ea Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Tue, 19 Jul 2011 10:56:19 +0200 +Subject: [PATCH 111/114] usb-redir: Add flow control support + +Signed-off-by: Hans de Goede +--- + hw/usb/redirect.c | 26 ++++++++++++++++++++++++-- + 1 file changed, 24 insertions(+), 2 deletions(-) + +diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c +index 6e8180e..5f55d78 100644 +--- a/hw/usb/redirect.c ++++ b/hw/usb/redirect.c +@@ -238,12 +238,22 @@ static int usbredir_read(void *priv, uint8_t *data, int count) + static int usbredir_write(void *priv, uint8_t *data, int count) + { + USBRedirDevice *dev = priv; ++ int r; + +- if (!dev->cs->opened) { ++ if (!dev->cs->opened || dev->cs->write_blocked) { + return 0; + } + +- return qemu_chr_fe_write(dev->cs, data, count); ++ r = qemu_chr_fe_write(dev->cs, data, count); ++ ++ if (r < 0) { ++ if (dev->cs->write_blocked) { ++ return 0; ++ } ++ return -1; ++ } ++ ++ return r; + } + + /* +@@ -890,10 +900,22 @@ static void usbredir_chardev_event(void *opaque, int event) + } + } + ++static void usbredir_chardev_write_unblocked(void *opaque) ++{ ++ USBRedirDevice *dev = opaque; ++ ++ if (dev->parser == NULL) { ++ /* usbredir_open_close_bh hasn't handled the open event yet */ ++ return; ++ } ++ usbredirparser_do_write(dev->parser); ++} ++ + static const QemuChrHandlers usbredir_chr_handlers = { + .fd_can_read = usbredir_chardev_can_read, + .fd_read = usbredir_chardev_read, + .fd_event = usbredir_chardev_event, ++ .fd_write_unblocked = usbredir_chardev_write_unblocked, + }; + + /* +-- +1.7.10.4 + diff --git a/0112-char-Throttle-when-host-connection-is-down.patch b/0112-char-Throttle-when-host-connection-is-down.patch deleted file mode 100644 index f8d29af..0000000 --- a/0112-char-Throttle-when-host-connection-is-down.patch +++ /dev/null @@ -1,56 +0,0 @@ -From e5eb5b185d39942a2011b21114bb7f0b8e11427a Mon Sep 17 00:00:00 2001 -From: Amit Shah -Date: Mon, 21 Mar 2011 22:05:10 +0100 -Subject: [PATCH 112/118] char: Throttle when host connection is down# - -When the host-side connection goes down, throttle the virtio-serial bus -and later unthrottle when a connection gets established. This helps -prevent any lost IO (guest->host) while the host connection was down. - -Bugzilla: 621484 - -This commit actually helps the bug mentioned above as no writes will now -get lost because of the throttling done here. With just the patches -sent earlier for that bug, one write will end up getting lost in the -worst case (host d/c, guest write, host connect). - -Signed-off-by: Amit Shah ---- - qemu-char.c | 14 ++++++++++++++ - 1 files changed, 14 insertions(+), 0 deletions(-) - -diff --git a/qemu-char.c b/qemu-char.c -index f98b240..5f67652 100644 ---- a/qemu-char.c -+++ b/qemu-char.c -@@ -140,6 +140,9 @@ static void qemu_chr_generic_open_bh(void *opaque) - { - CharDriverState *s = opaque; - qemu_chr_be_event(s, CHR_EVENT_OPENED); -+ if (s->write_blocked) { -+ char_write_unblocked(s); -+ } - qemu_bh_delete(s->bh); - s->bh = NULL; - } -@@ -2266,6 +2269,17 @@ static int tcp_chr_write(CharDriverState *chr, const uint8_t *buf, int len) - ret = send_all(chr, s->fd, buf, len); - if (ret == -1 && errno == EPIPE) { - tcp_closed(chr); -+ -+ if (chr->chr_enable_write_fd_handler && chr->chr_write_unblocked) { -+ /* -+ * Since we haven't written out anything, let's say -+ * we're throttled. This will prevent any output from -+ * the guest getting lost if host-side chardev goes -+ * down. Unthrottle when we re-connect. -+ */ -+ chr->write_blocked = true; -+ return 0; -+ } - } - return ret; - } else { --- -1.7.7.5 - diff --git a/0112-virtio-serial-bus-replay-guest_open-on-migration.patch b/0112-virtio-serial-bus-replay-guest_open-on-migration.patch new file mode 100644 index 0000000..e6464bd --- /dev/null +++ b/0112-virtio-serial-bus-replay-guest_open-on-migration.patch @@ -0,0 +1,50 @@ +From be9fad02180478f6c9435257e6a7c29b9e4c9841 Mon Sep 17 00:00:00 2001 +From: Alon Levy +Date: Thu, 28 Jul 2011 15:08:48 +0300 +Subject: [PATCH 112/114] virtio-serial-bus: replay guest_open on migration + +When migrating a host with with a spice agent running the mouse becomes +non operational after the migration. This is rhbz #725965. + +The problem is that after migration spice doesn't know the guest agent is open. +Spice is just a char dev here. And a chardev cannot query it's device, the +device has to let the chardev know when it is open. Right now after migration +the chardev which is recreated is in it's default state, which assumes the +guest is disconnected. + +Char devices carry no information across migration, but the virtio-serial does +already carry the guest_connected state. This patch passes that bit to the +chardev. + +Signed-off-by: Alon Levy +--- + hw/virtio-serial-bus.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/hw/virtio-serial-bus.c b/hw/virtio-serial-bus.c +index 72287d1..7ea5bbf 100644 +--- a/hw/virtio-serial-bus.c ++++ b/hw/virtio-serial-bus.c +@@ -682,6 +682,7 @@ static int virtio_serial_load(QEMUFile *f, void *opaque, int version_id) + for (i = 0; i < nr_active_ports; i++) { + uint32_t id; + bool host_connected; ++ VirtIOSerialPortClass *vsc; + + id = qemu_get_be32(f); + port = find_port_by_id(s, id); +@@ -690,6 +691,11 @@ static int virtio_serial_load(QEMUFile *f, void *opaque, int version_id) + } + + port->guest_connected = qemu_get_byte(f); ++ vsc = VIRTIO_SERIAL_PORT_GET_CLASS(port); ++ if (port->guest_connected && vsc->guest_open) { ++ /* replay guest open */ ++ vsc->guest_open(port); ++ } + host_connected = qemu_get_byte(f); + if (host_connected != port->host_connected) { + /* +-- +1.7.10.4 + diff --git a/0113-char-Disable-write-callback-if-throttled-chardev-is-.patch b/0113-char-Disable-write-callback-if-throttled-chardev-is-.patch new file mode 100644 index 0000000..16c547a --- /dev/null +++ b/0113-char-Disable-write-callback-if-throttled-chardev-is-.patch @@ -0,0 +1,36 @@ +From 303a46e3877f6d9600151fdf9719fdb2009db7ff Mon Sep 17 00:00:00 2001 +From: Amit Shah +Date: Fri, 2 Dec 2011 15:42:55 +0530 +Subject: [PATCH 113/114] char: Disable write callback if throttled chardev is + detached + +If a throttled chardev is detached from the frontend device, all future +callbacks should be suppressed. Not doing this results in a segfault. + +Bugzilla: 745758 +Upstream: Not applicable, since throttling is a RHEL6-only feature. + +Signed-off-by: Amit Shah +--- + qemu-char.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/qemu-char.c b/qemu-char.c +index c263328..622c388 100644 +--- a/qemu-char.c ++++ b/qemu-char.c +@@ -223,6 +223,11 @@ void qemu_chr_add_handlers(CharDriverState *s, + ++s->avail_connections; + } + if (!handlers) { ++ if (s->write_blocked) { ++ /* Ensure we disable the callback if we were throttled */ ++ s->chr_disable_write_fd_handler(s); ++ /* s->write_blocked is cleared below */ ++ } + handlers = &null_handlers; + } + s->chr_can_read = handlers->fd_can_read; +-- +1.7.10.4 + diff --git a/0113-virtio-console-Enable-port-throttling-when-chardev-i.patch b/0113-virtio-console-Enable-port-throttling-when-chardev-i.patch deleted file mode 100644 index 73dfcb6..0000000 --- a/0113-virtio-console-Enable-port-throttling-when-chardev-i.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 71108acb189f5fda923013ed72270642199ab50d Mon Sep 17 00:00:00 2001 -From: Amit Shah -Date: Mon, 21 Mar 2011 22:06:41 +0100 -Subject: [PATCH 113/118] virtio-console: Enable port throttling when chardev - is slow to consume data - -When a chardev indicates it can't accept more data, we tell the -virtio-serial code to stop sending us any more data till we tell -otherwise. This helps in guests continuing to run normally while the vq -keeps getting full and eventually the guest stops queueing more data. -As soon as the chardev indicates it can accept more data, start pushing! - -Signed-off-by: Amit Shah ---- - hw/virtio-console.c | 11 +++++++++++ - 1 files changed, 11 insertions(+), 0 deletions(-) - -diff --git a/hw/virtio-console.c b/hw/virtio-console.c -index 6d6f3ef..da68211 100644 ---- a/hw/virtio-console.c -+++ b/hw/virtio-console.c -@@ -20,6 +20,16 @@ typedef struct VirtConsole { - CharDriverState *chr; - } VirtConsole; - -+/* -+ * Callback function that's called from chardevs when backend becomes -+ * writable. -+ */ -+static void chr_write_unblocked(void *opaque) -+{ -+ VirtConsole *vcon = opaque; -+ -+ virtio_serial_throttle_port(&vcon->port, false); -+} - - /* Callback function that's called when the guest sends us data */ - static ssize_t flush_buf(VirtIOSerialPort *port, const uint8_t *buf, size_t len) -@@ -99,6 +109,7 @@ static const QemuChrHandlers chr_handlers = { - .fd_can_read = chr_can_read, - .fd_read = chr_read, - .fd_event = chr_event, -+ .fd_write_unblocked = chr_write_unblocked, - }; - - static int virtconsole_initfn(VirtIOSerialPort *port) --- -1.7.7.5 - diff --git a/0114-spice-qemu-char.c-add-throttling.patch b/0114-spice-qemu-char.c-add-throttling.patch deleted file mode 100644 index 00c7580..0000000 --- a/0114-spice-qemu-char.c-add-throttling.patch +++ /dev/null @@ -1,133 +0,0 @@ -From d4066655fc866ac0e57420b32dec3b37277b374c Mon Sep 17 00:00:00 2001 -From: Alon Levy -Date: Tue, 22 Mar 2011 12:27:59 +0200 -Subject: [PATCH 114/118] spice-qemu-char.c: add throttling - -BZ: 672191 - -upstream: not submitted (explained below) - -Adds throttling support to spicevmc chardev. Uses a timer to avoid recursing: -1. spice-server: reds.c: read_from_vdi_port -2. qemu: spice-qemu-char.c: vmc_read -3. chr_write_unblocked - (calls virtio_serial_throttle_port(port, false)) -4. qemu: virtio ... -5. qemu: spice-qemu-char.c: spice_chr_write -6. qemu: spice-qemu-char.c: wakeup (calls into spice-server) -7. spice-server: ... -8. qemu: spice-qemu-char.c: vmc_read - -Instead, in vmc_read if we were throttled and we are just about to return -all the bytes we will set a timer to be triggered immediately to call -chr_write_unblocked. Then we return after 2 above, and 3 is called from the -timer callback. This also means we can later remove some ugly recursion protection -from spice-server. - -The other tricky point in this patch is not returning the leftover chunk twice. -When we throttle, by definition we have data that spice server didn't consume. -It is being kept by virtio-serial, and by us. The next vmc_read callback needs -to not return it, but just do unthrottling. Then virtio will give us the remaining -chunk as usual in spice_chr_write, and we will pass it to spice server in the -next vmc_read. - -This patch relies on Amit's series to expose throttling to chardev's, which -was not accepted upstream, and will not be accepted upstream until the mainloop -is reworked to use glib. ---- - spice-qemu-char.c | 39 +++++++++++++++++++++++++++++++++++---- - 1 files changed, 35 insertions(+), 4 deletions(-) - -diff --git a/spice-qemu-char.c b/spice-qemu-char.c -index 7e8eaa9..eeeb32e 100644 ---- a/spice-qemu-char.c -+++ b/spice-qemu-char.c -@@ -1,4 +1,6 @@ - #include "config-host.h" -+#include "qemu-common.h" -+#include "qemu-timer.h" - #include "trace.h" - #include "ui/qemu-spice.h" - #include -@@ -25,6 +27,7 @@ typedef struct SpiceCharDriver { - uint8_t *datapos; - ssize_t bufsize, datalen; - uint32_t debug; -+ QEMUTimer *unblock_timer; - } SpiceCharDriver; - - static int vmc_write(SpiceCharDeviceInstance *sin, const uint8_t *buf, int len) -@@ -50,6 +53,17 @@ static int vmc_write(SpiceCharDeviceInstance *sin, const uint8_t *buf, int len) - return out; - } - -+static void spice_chr_unblock(void *opaque) -+{ -+ SpiceCharDriver *scd = opaque; -+ -+ if (scd->chr->chr_write_unblocked == NULL) { -+ dprintf(scd, 1, "%s: backend doesn't support unthrottling.\n", __func__); -+ return; -+ } -+ scd->chr->chr_write_unblocked(scd->chr->handler_opaque); -+} -+ - static int vmc_read(SpiceCharDeviceInstance *sin, uint8_t *buf, int len) - { - SpiceCharDriver *scd = container_of(sin, SpiceCharDriver, sin); -@@ -61,9 +75,16 @@ static int vmc_read(SpiceCharDeviceInstance *sin, uint8_t *buf, int len) - scd->datapos += bytes; - scd->datalen -= bytes; - assert(scd->datalen >= 0); -- if (scd->datalen == 0) { -- scd->datapos = 0; -- } -+ } -+ if (scd->datalen == 0 && scd->chr->write_blocked) { -+ dprintf(scd, 1, "%s: unthrottling (%d)\n", __func__, bytes); -+ scd->chr->write_blocked = false; -+ /* -+ * set a timer instead of calling scd->chr->chr_write_unblocked directly, -+ * because that will call back into spice_chr_write (see -+ * virtio-console.c:chr_write_unblocked), which is unwanted. -+ */ -+ qemu_mod_timer(scd->unblock_timer, 0); - } - trace_spice_vmc_read(bytes, len); - return bytes; -@@ -135,6 +156,7 @@ static void vmc_unregister_interface(SpiceCharDriver *scd) - static int spice_chr_write(CharDriverState *chr, const uint8_t *buf, int len) - { - SpiceCharDriver *s = chr->opaque; -+ int read_bytes; - - dprintf(s, 2, "%s: %d\n", __func__, len); - vmc_register_interface(s); -@@ -147,7 +169,15 @@ static int spice_chr_write(CharDriverState *chr, const uint8_t *buf, int len) - s->datapos = s->buffer; - s->datalen = len; - spice_server_char_device_wakeup(&s->sin); -- return len; -+ read_bytes = len - s->datalen; -+ if (read_bytes != len) { -+ dprintf(s, 1, "%s: throttling: %d < %d (%zd)\n", __func__, -+ read_bytes, len, s->bufsize); -+ s->chr->write_blocked = true; -+ /* We'll get passed in the unconsumed data with the next call */ -+ s->datalen = 0; -+ } -+ return read_bytes; - } - - static void spice_chr_close(struct CharDriverState *chr) -@@ -225,6 +255,7 @@ int qemu_chr_open_spice(QemuOpts *opts, CharDriverState **_chr) - chr->chr_close = spice_chr_close; - chr->chr_guest_open = spice_chr_guest_open; - chr->chr_guest_close = spice_chr_guest_close; -+ s->unblock_timer = qemu_new_timer_ms(vm_clock, spice_chr_unblock, s); - - #if SPICE_SERVER_VERSION < 0x000901 - /* See comment in vmc_state() */ --- -1.7.7.5 - diff --git a/0115-spice-qemu-char.c-remove-intermediate-buffer.patch b/0115-spice-qemu-char.c-remove-intermediate-buffer.patch deleted file mode 100644 index 2ec2e2f..0000000 --- a/0115-spice-qemu-char.c-remove-intermediate-buffer.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 9d965c99311c6f3d5c7ba9b66a72398814175865 Mon Sep 17 00:00:00 2001 -From: Alon Levy -Date: Tue, 22 Mar 2011 12:28:00 +0200 -Subject: [PATCH 115/118] spice-qemu-char.c: remove intermediate buffer - -BZ: 672191 -upstream: not submitted (explained below) - -virtio-serial's buffer is valid when it calls us, and we don't -access it otherwise: vmc_read is only called in response to wakeup, -or else we set datalen=0 and throttle. Then vmc_read is called back, -we return 0 (not accessing the buffer) and set the timer to unthrottle. - -Also make datalen int and not ssize_t (to fit spice_chr_write signature). - -This relied on the previous patch that introduces throttling, which -can't go upstream right now as explained in that patch. ---- - spice-qemu-char.c | 18 ++++++------------ - 1 files changed, 6 insertions(+), 12 deletions(-) - -diff --git a/spice-qemu-char.c b/spice-qemu-char.c -index eeeb32e..70a83bf 100644 ---- a/spice-qemu-char.c -+++ b/spice-qemu-char.c -@@ -23,9 +23,8 @@ typedef struct SpiceCharDriver { - SpiceCharDeviceInstance sin; - char *subtype; - bool active; -- uint8_t *buffer; -- uint8_t *datapos; -- ssize_t bufsize, datalen; -+ const uint8_t *datapos; -+ int datalen; - uint32_t debug; - QEMUTimer *unblock_timer; - } SpiceCharDriver; -@@ -69,7 +68,7 @@ static int vmc_read(SpiceCharDeviceInstance *sin, uint8_t *buf, int len) - SpiceCharDriver *scd = container_of(sin, SpiceCharDriver, sin); - int bytes = MIN(len, scd->datalen); - -- dprintf(scd, 2, "%s: %p %d/%d/%zd\n", __func__, scd->datapos, len, bytes, scd->datalen); -+ dprintf(scd, 2, "%s: %p %d/%d/%d\n", __func__, scd->datapos, len, bytes, scd->datalen); - if (bytes > 0) { - memcpy(buf, scd->datapos, bytes); - scd->datapos += bytes; -@@ -161,18 +160,13 @@ static int spice_chr_write(CharDriverState *chr, const uint8_t *buf, int len) - dprintf(s, 2, "%s: %d\n", __func__, len); - vmc_register_interface(s); - assert(s->datalen == 0); -- if (s->bufsize < len) { -- s->bufsize = len; -- s->buffer = g_realloc(s->buffer, s->bufsize); -- } -- memcpy(s->buffer, buf, len); -- s->datapos = s->buffer; -+ s->datapos = buf; - s->datalen = len; - spice_server_char_device_wakeup(&s->sin); - read_bytes = len - s->datalen; - if (read_bytes != len) { -- dprintf(s, 1, "%s: throttling: %d < %d (%zd)\n", __func__, -- read_bytes, len, s->bufsize); -+ dprintf(s, 1, "%s: throttling: %d < %d\n", __func__, -+ read_bytes, len); - s->chr->write_blocked = true; - /* We'll get passed in the unconsumed data with the next call */ - s->datalen = 0; --- -1.7.7.5 - diff --git a/0116-usb-redir-Add-flow-control-support.patch b/0116-usb-redir-Add-flow-control-support.patch deleted file mode 100644 index 94d10ef..0000000 --- a/0116-usb-redir-Add-flow-control-support.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 80aafc63c842ee902cc9e32d692efed8952a1e14 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Tue, 19 Jul 2011 10:56:19 +0200 -Subject: [PATCH 116/118] usb-redir: Add flow control support - -Signed-off-by: Hans de Goede ---- - usb-redir.c | 26 ++++++++++++++++++++++++-- - 1 files changed, 24 insertions(+), 2 deletions(-) - -diff --git a/usb-redir.c b/usb-redir.c -index e421cff..1289506 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -228,12 +228,22 @@ static int usbredir_read(void *priv, uint8_t *data, int count) - static int usbredir_write(void *priv, uint8_t *data, int count) - { - USBRedirDevice *dev = priv; -+ int r; - -- if (!dev->cs->opened) { -+ if (!dev->cs->opened || dev->cs->write_blocked) { - return 0; - } - -- return qemu_chr_fe_write(dev->cs, data, count); -+ r = qemu_chr_fe_write(dev->cs, data, count); -+ -+ if (r < 0) { -+ if (dev->cs->write_blocked) { -+ return 0; -+ } -+ return -1; -+ } -+ -+ return r; - } - - /* -@@ -865,10 +875,22 @@ static void usbredir_chardev_event(void *opaque, int event) - } - } - -+static void usbredir_chardev_write_unblocked(void *opaque) -+{ -+ USBRedirDevice *dev = opaque; -+ -+ if (dev->parser == NULL) { -+ /* usbredir_open_close_bh hasn't handled the open event yet */ -+ return; -+ } -+ usbredirparser_do_write(dev->parser); -+} -+ - static const QemuChrHandlers usbredir_chr_handlers = { - .fd_can_read = usbredir_chardev_can_read, - .fd_read = usbredir_chardev_read, - .fd_event = usbredir_chardev_event, -+ .fd_write_unblocked = usbredir_chardev_write_unblocked, - }; - - /* --- -1.7.7.5 - diff --git a/0117-virtio-serial-bus-replay-guest_open-on-migration.patch b/0117-virtio-serial-bus-replay-guest_open-on-migration.patch deleted file mode 100644 index 2e76feb..0000000 --- a/0117-virtio-serial-bus-replay-guest_open-on-migration.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 8e92fe9feebc319c019feb8c28941e322524932f Mon Sep 17 00:00:00 2001 -From: Alon Levy -Date: Thu, 28 Jul 2011 15:08:48 +0300 -Subject: [PATCH 117/118] virtio-serial-bus: replay guest_open on migration - -When migrating a host with with a spice agent running the mouse becomes -non operational after the migration. This is rhbz #725965. - -The problem is that after migration spice doesn't know the guest agent is open. -Spice is just a char dev here. And a chardev cannot query it's device, the -device has to let the chardev know when it is open. Right now after migration -the chardev which is recreated is in it's default state, which assumes the -guest is disconnected. - -Char devices carry no information across migration, but the virtio-serial does -already carry the guest_connected state. This patch passes that bit to the -chardev. - -Signed-off-by: Alon Levy ---- - hw/virtio-serial-bus.c | 6 ++++++ - 1 files changed, 6 insertions(+), 0 deletions(-) - -diff --git a/hw/virtio-serial-bus.c b/hw/virtio-serial-bus.c -index a4825b9..e5f343f 100644 ---- a/hw/virtio-serial-bus.c -+++ b/hw/virtio-serial-bus.c -@@ -618,6 +618,7 @@ static int virtio_serial_load(QEMUFile *f, void *opaque, int version_id) - for (i = 0; i < nr_active_ports; i++) { - uint32_t id; - bool host_connected; -+ VirtIOSerialPortInfo *info; - - id = qemu_get_be32(f); - port = find_port_by_id(s, id); -@@ -626,6 +627,11 @@ static int virtio_serial_load(QEMUFile *f, void *opaque, int version_id) - } - - port->guest_connected = qemu_get_byte(f); -+ info = DO_UPCAST(VirtIOSerialPortInfo, qdev, port->dev.info); -+ if (port->guest_connected && info->guest_open) { -+ /* replay guest open */ -+ info->guest_open(port); -+ } - host_connected = qemu_get_byte(f); - if (host_connected != port->host_connected) { - /* --- -1.7.7.5 - diff --git a/0118-char-Disable-write-callback-if-throttled-chardev-is-.patch b/0118-char-Disable-write-callback-if-throttled-chardev-is-.patch deleted file mode 100644 index 757fb21..0000000 --- a/0118-char-Disable-write-callback-if-throttled-chardev-is-.patch +++ /dev/null @@ -1,36 +0,0 @@ -From fad276489cbc04f228d52b7019bee9e7a88c8a86 Mon Sep 17 00:00:00 2001 -From: Amit Shah -Date: Fri, 2 Dec 2011 15:42:55 +0530 -Subject: [PATCH 118/118] char: Disable write callback if throttled chardev is - detached - -If a throttled chardev is detached from the frontend device, all future -callbacks should be suppressed. Not doing this results in a segfault. - -Bugzilla: 745758 -Upstream: Not applicable, since throttling is a RHEL6-only feature. - -Signed-off-by: Amit Shah ---- - qemu-char.c | 5 +++++ - 1 files changed, 5 insertions(+), 0 deletions(-) - -diff --git a/qemu-char.c b/qemu-char.c -index 5f67652..5a94919 100644 ---- a/qemu-char.c -+++ b/qemu-char.c -@@ -220,6 +220,11 @@ void qemu_chr_add_handlers(CharDriverState *s, - ++s->avail_connections; - } - if (!handlers) { -+ if (s->write_blocked) { -+ /* Ensure we disable the callback if we were throttled */ -+ s->chr_disable_write_fd_handler(s); -+ /* s->write_blocked is cleared below */ -+ } - handlers = &null_handlers; - } - s->chr_can_read = handlers->fd_can_read; --- -1.7.7.5 - diff --git a/0119-usb-ehci-Clear-the-portstatus-powner-bit-on-device-d.patch b/0119-usb-ehci-Clear-the-portstatus-powner-bit-on-device-d.patch deleted file mode 100644 index cb41dc0..0000000 --- a/0119-usb-ehci-Clear-the-portstatus-powner-bit-on-device-d.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 959f57d34f11daf0da6f73541243934f39dfb2b2 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Fri, 13 Jan 2012 14:26:26 +0100 -Subject: [PATCH 119/140] usb-ehci: Clear the portstatus powner bit on device - disconnect - -According to the EHCI spec port ownerhsip should revert to the EHCI controller -on device disconnect. This fixes the problem of a port getting stuck on USB 1 -when using redirection and plugging in a USB 2 device after a USB 1 device -has been redirected. - -Signed-off-by: Hans de Goede ---- - hw/usb-ehci.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c -index a946e1d..69bcc4b 100644 ---- a/hw/usb-ehci.c -+++ b/hw/usb-ehci.c -@@ -764,6 +764,11 @@ static void ehci_detach(USBPort *port) - USBPort *companion = s->companion_ports[port->index]; - companion->ops->detach(companion); - companion->dev = NULL; -+ /* -+ * EHCI spec 4.2.2: "When a disconnect occurs... On the event, -+ * the port ownership is returned immediately to the EHCI controller." -+ */ -+ *portsc &= ~PORTSC_POWNER; - return; - } - --- -1.7.9.3 - diff --git a/0120-usb-redir-Add-the-posibility-to-filter-out-certain-d.patch b/0120-usb-redir-Add-the-posibility-to-filter-out-certain-d.patch deleted file mode 100644 index c0d0e9f..0000000 --- a/0120-usb-redir-Add-the-posibility-to-filter-out-certain-d.patch +++ /dev/null @@ -1,263 +0,0 @@ -From bcc4748db3e991fbaa032fe9c0726288a8f1008d Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Thu, 12 Jan 2012 16:54:04 +0100 -Subject: [PATCH 120/140] usb-redir: Add the posibility to filter out certain - devices from redirecion - -This patch adds the posibility to filter out certain devices from redirecion. -To use this pass the filter property to -device usb-redir. The filter -property takes a string consisting of filter rules, the format for a rule is: -:::: - --1 can be used to allow any value for a field. - -Muliple rules can be concatonated using | as a separator. Note that if -a device matches none of the passed in rules, redirecting it will not be -allowed! - -Example: --device usb-redir,filter='-1:0x0781:0x5567:-1:0|0x08:-1:-1:-1:1' - -This example will deny the Sandisk Cruzer Blade being redirected, as it -has a usb id of 0781:5567, it will allow any other usb mass storage devices, -and it will deny any other devices (the default for devices not matching any -of the rules. - -Signed-off-by: Hans de Goede ---- - configure | 2 +- - usb-redir.c | 115 +++++++++++++++++++++++++++++++++++++++++++++++++++++------ - 2 files changed, 106 insertions(+), 11 deletions(-) - -diff --git a/configure b/configure -index 7ecf44e..c7e37df 100755 ---- a/configure -+++ b/configure -@@ -2541,7 +2541,7 @@ fi - - # check for usbredirparser for usb network redirection support - if test "$usb_redir" != "no" ; then -- if $pkg_config libusbredirparser >/dev/null 2>&1 ; then -+ if $pkg_config --atleast-version=0.3.3 libusbredirparser >/dev/null 2>&1 ; then - usb_redir="yes" - usb_redir_cflags=$($pkg_config --cflags libusbredirparser 2>/dev/null) - usb_redir_libs=$($pkg_config --libs libusbredirparser 2>/dev/null) -diff --git a/usb-redir.c b/usb-redir.c -index 6e92f14..85f40d6 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -34,6 +34,7 @@ - #include - #include - #include -+#include - - #include "hw/usb.h" - -@@ -72,6 +73,7 @@ struct USBRedirDevice { - /* Properties */ - CharDriverState *cs; - uint8_t debug; -+ char *filter_str; - /* Data passed from chardev the fd_read cb to the usbredirparser read cb */ - const uint8_t *read_buf; - int read_buf_size; -@@ -84,6 +86,11 @@ struct USBRedirDevice { - struct endp_data endpoint[MAX_ENDPOINTS]; - uint32_t packet_id; - QTAILQ_HEAD(, AsyncURB) asyncq; -+ /* Data for device filtering */ -+ struct usb_redir_device_connect_header device_info; -+ struct usb_redir_interface_info_header interface_info; -+ struct usbredirfilter_rule *filter_rules; -+ int filter_rules_count; - }; - - struct AsyncURB { -@@ -790,6 +797,7 @@ static int usbredir_handle_control(USBDevice *udev, USBPacket *p, - static void usbredir_open_close_bh(void *opaque) - { - USBRedirDevice *dev = opaque; -+ uint32_t caps[USB_REDIR_CAPS_SIZE] = { 0, }; - - usbredir_device_disconnect(dev); - -@@ -820,7 +828,9 @@ static void usbredir_open_close_bh(void *opaque) - dev->parser->interrupt_packet_func = usbredir_interrupt_packet; - dev->read_buf = NULL; - dev->read_buf_size = 0; -- usbredirparser_init(dev->parser, VERSION, NULL, 0, 0); -+ -+ usbredirparser_caps_set_cap(caps, usb_redir_cap_connect_device_version); -+ usbredirparser_init(dev->parser, VERSION, caps, USB_REDIR_CAPS_SIZE, 0); - usbredirparser_do_write(dev->parser); - } - } -@@ -908,6 +918,17 @@ static int usbredir_initfn(USBDevice *udev) - return -1; - } - -+ if (dev->filter_str) { -+ i = usbredirfilter_string_to_rules(dev->filter_str, ":", "|", -+ &dev->filter_rules, -+ &dev->filter_rules_count); -+ if (i) { -+ qerror_report(QERR_INVALID_PARAMETER_VALUE, "filter", -+ "a usb device filter string"); -+ return -1; -+ } -+ } -+ - dev->open_close_bh = qemu_bh_new(usbredir_open_close_bh, dev); - dev->attach_timer = qemu_new_timer_ms(vm_clock, usbredir_do_attach, dev); - -@@ -956,6 +977,44 @@ static void usbredir_handle_destroy(USBDevice *udev) - if (dev->parser) { - usbredirparser_destroy(dev->parser); - } -+ -+ free(dev->filter_rules); -+} -+ -+static int usbredir_check_filter(USBRedirDevice *dev) -+{ -+ if (dev->interface_info.interface_count == 0) { -+ ERROR("No interface info for device\n"); -+ return -1; -+ } -+ -+ if (dev->filter_rules) { -+ if (!usbredirparser_peer_has_cap(dev->parser, -+ usb_redir_cap_connect_device_version)) { -+ ERROR("Device filter specified and peer does not have the " -+ "connect_device_version capability\n"); -+ return -1; -+ } -+ -+ if (usbredirfilter_check( -+ dev->filter_rules, -+ dev->filter_rules_count, -+ dev->device_info.device_class, -+ dev->device_info.device_subclass, -+ dev->device_info.device_protocol, -+ dev->interface_info.interface_class, -+ dev->interface_info.interface_subclass, -+ dev->interface_info.interface_protocol, -+ dev->interface_info.interface_count, -+ dev->device_info.vendor_id, -+ dev->device_info.product_id, -+ dev->device_info.device_version_bcd, -+ 0) != 0) { -+ return -1; -+ } -+ } -+ -+ return 0; - } - - /* -@@ -984,6 +1043,7 @@ static void usbredir_device_connect(void *priv, - struct usb_redir_device_connect_header *device_connect) - { - USBRedirDevice *dev = priv; -+ const char *speed; - - if (qemu_timer_pending(dev->attach_timer) || dev->dev.attached) { - ERROR("Received device connect while already connected\n"); -@@ -992,26 +1052,48 @@ static void usbredir_device_connect(void *priv, - - switch (device_connect->speed) { - case usb_redir_speed_low: -- DPRINTF("attaching low speed device\n"); -+ speed = "low speed"; - dev->dev.speed = USB_SPEED_LOW; - break; - case usb_redir_speed_full: -- DPRINTF("attaching full speed device\n"); -+ speed = "full speed"; - dev->dev.speed = USB_SPEED_FULL; - break; - case usb_redir_speed_high: -- DPRINTF("attaching high speed device\n"); -+ speed = "high speed"; - dev->dev.speed = USB_SPEED_HIGH; - break; - case usb_redir_speed_super: -- DPRINTF("attaching super speed device\n"); -+ speed = "super speed"; - dev->dev.speed = USB_SPEED_SUPER; - break; - default: -- DPRINTF("attaching unknown speed device, assuming full speed\n"); -+ speed = "unknown speed"; - dev->dev.speed = USB_SPEED_FULL; - } -+ -+ if (usbredirparser_peer_has_cap(dev->parser, -+ usb_redir_cap_connect_device_version)) { -+ INFO("attaching %s device %04x:%04x version %d.%d class %02x\n", -+ speed, device_connect->vendor_id, device_connect->product_id, -+ device_connect->device_version_bcd >> 8, -+ device_connect->device_version_bcd & 0xff, -+ device_connect->device_class); -+ } else { -+ INFO("attaching %s device %04x:%04x class %02x\n", speed, -+ device_connect->vendor_id, device_connect->product_id, -+ device_connect->device_class); -+ } -+ - dev->dev.speedmask = (1 << dev->dev.speed); -+ dev->device_info = *device_connect; -+ -+ if (usbredir_check_filter(dev)) { -+ WARNING("Device %04x:%04x rejected by device filter, not attaching\n", -+ device_connect->vendor_id, device_connect->product_id); -+ return; -+ } -+ - qemu_mod_timer(dev->attach_timer, dev->next_attach_time); - } - -@@ -1038,15 +1120,27 @@ static void usbredir_device_disconnect(void *priv) - for (i = 0; i < MAX_ENDPOINTS; i++) { - QTAILQ_INIT(&dev->endpoint[i].bufpq); - } -+ dev->interface_info.interface_count = 0; - } - - static void usbredir_interface_info(void *priv, - struct usb_redir_interface_info_header *interface_info) - { -- /* The intention is to allow specifying acceptable interface classes -- for redirection on the cmdline and in the future verify this here, -- and disconnect (or never connect) the device if a not accepted -- interface class is detected */ -+ USBRedirDevice *dev = priv; -+ -+ dev->interface_info = *interface_info; -+ -+ /* -+ * If we receive interface info after the device has already been -+ * connected (ie on a set_config), re-check the filter. -+ */ -+ if (qemu_timer_pending(dev->attach_timer) || dev->dev.attached) { -+ if (usbredir_check_filter(dev)) { -+ ERROR("Device no longer matches filter after interface info " -+ "change, disconnecting!\n"); -+ usbredir_device_disconnect(dev); -+ } -+ } - } - - static void usbredir_ep_info(void *priv, -@@ -1356,6 +1450,7 @@ static struct USBDeviceInfo usbredir_dev_info = { - .qdev.props = (Property[]) { - DEFINE_PROP_CHR("chardev", USBRedirDevice, cs), - DEFINE_PROP_UINT8("debug", USBRedirDevice, debug, 0), -+ DEFINE_PROP_STRING("filter", USBRedirDevice, filter_str), - DEFINE_PROP_END_OF_LIST(), - }, - }; --- -1.7.9.3 - diff --git a/0121-usb-redir-Fix-printing-of-device-version.patch b/0121-usb-redir-Fix-printing-of-device-version.patch deleted file mode 100644 index 854641c..0000000 --- a/0121-usb-redir-Fix-printing-of-device-version.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 6c13e7b9448b10d966bb99c00c5120678ccd2a3f Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Sat, 18 Feb 2012 09:12:14 +0100 -Subject: [PATCH 121/140] usb-redir: Fix printing of device version - -The device version is in bcd format, which requires some special handling to -print. - -Signed-off-by: Hans de Goede ---- - usb-redir.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/usb-redir.c b/usb-redir.c -index 85f40d6..9b804e9 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -1076,8 +1076,10 @@ static void usbredir_device_connect(void *priv, - usb_redir_cap_connect_device_version)) { - INFO("attaching %s device %04x:%04x version %d.%d class %02x\n", - speed, device_connect->vendor_id, device_connect->product_id, -- device_connect->device_version_bcd >> 8, -- device_connect->device_version_bcd & 0xff, -+ ((device_connect->device_version_bcd & 0xf000) >> 12) * 10 + -+ ((device_connect->device_version_bcd & 0x0f00) >> 8), -+ ((device_connect->device_version_bcd & 0x00f0) >> 4) * 10 + -+ ((device_connect->device_version_bcd & 0x000f) >> 0), - device_connect->device_class); - } else { - INFO("attaching %s device %04x:%04x class %02x\n", speed, --- -1.7.9.3 - diff --git a/0122-usb-redir-Always-clear-device-state-on-filter-reject.patch b/0122-usb-redir-Always-clear-device-state-on-filter-reject.patch deleted file mode 100644 index 66ccf68..0000000 --- a/0122-usb-redir-Always-clear-device-state-on-filter-reject.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 49a01afb24b925de97074d093fb072bb7de470f9 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Sat, 18 Feb 2012 09:18:57 +0100 -Subject: [PATCH 122/140] usb-redir: Always clear device state on filter - reject - -Always call usbredir_device_disconnect() when usbredir_check_filter() fails -to clean up all the device state (ie received endpoint info). - -Signed-off-by: Hans de Goede ---- - usb-redir.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/usb-redir.c b/usb-redir.c -index 9b804e9..fe3b0a3 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -985,7 +985,7 @@ static int usbredir_check_filter(USBRedirDevice *dev) - { - if (dev->interface_info.interface_count == 0) { - ERROR("No interface info for device\n"); -- return -1; -+ goto error; - } - - if (dev->filter_rules) { -@@ -993,7 +993,7 @@ static int usbredir_check_filter(USBRedirDevice *dev) - usb_redir_cap_connect_device_version)) { - ERROR("Device filter specified and peer does not have the " - "connect_device_version capability\n"); -- return -1; -+ goto error; - } - - if (usbredirfilter_check( -@@ -1010,11 +1010,15 @@ static int usbredir_check_filter(USBRedirDevice *dev) - dev->device_info.product_id, - dev->device_info.device_version_bcd, - 0) != 0) { -- return -1; -+ goto error; - } - } - - return 0; -+ -+error: -+ usbredir_device_disconnect(dev); -+ return -1; - } - - /* -@@ -1140,7 +1144,6 @@ static void usbredir_interface_info(void *priv, - if (usbredir_check_filter(dev)) { - ERROR("Device no longer matches filter after interface info " - "change, disconnecting!\n"); -- usbredir_device_disconnect(dev); - } - } - } --- -1.7.9.3 - diff --git a/0123-usb-redir-Let-the-usb-host-know-about-our-device-fil.patch b/0123-usb-redir-Let-the-usb-host-know-about-our-device-fil.patch deleted file mode 100644 index 9a166bf..0000000 --- a/0123-usb-redir-Let-the-usb-host-know-about-our-device-fil.patch +++ /dev/null @@ -1,93 +0,0 @@ -From f04315d9210f22e5d7317f1cfb3c076fb93b3c08 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Sun, 19 Feb 2012 09:58:03 +0100 -Subject: [PATCH 123/140] usb-redir: Let the usb-host know about our device - filtering - -libusbredirparser-0.3.4 adds 2 new packets which allows us to notify -the usb-host: --about the usb device filter we have (if any), so that it knows not the even - try to redirect certain devices --when we reject a device based on filtering (in case it tries anyways) - -Signed-off-by: Hans de Goede ---- - configure | 2 +- - usb-redir.c | 20 ++++++++++++++++++++ - 2 files changed, 21 insertions(+), 1 deletion(-) - -diff --git a/configure b/configure -index c7e37df..a4848a4 100755 ---- a/configure -+++ b/configure -@@ -2541,7 +2541,7 @@ fi - - # check for usbredirparser for usb network redirection support - if test "$usb_redir" != "no" ; then -- if $pkg_config --atleast-version=0.3.3 libusbredirparser >/dev/null 2>&1 ; then -+ if $pkg_config --atleast-version=0.3.4 libusbredirparser >/dev/null 2>&1 ; then - usb_redir="yes" - usb_redir_cflags=$($pkg_config --cflags libusbredirparser 2>/dev/null) - usb_redir_libs=$($pkg_config --libs libusbredirparser 2>/dev/null) -diff --git a/usb-redir.c b/usb-redir.c -index fe3b0a3..d10d8de 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -106,6 +106,7 @@ struct AsyncURB { - QTAILQ_ENTRY(AsyncURB)next; - }; - -+static void usbredir_hello(void *priv, struct usb_redir_hello_header *h); - static void usbredir_device_connect(void *priv, - struct usb_redir_device_connect_header *device_connect); - static void usbredir_device_disconnect(void *priv); -@@ -812,6 +813,7 @@ static void usbredir_open_close_bh(void *opaque) - dev->parser->log_func = usbredir_log; - dev->parser->read_func = usbredir_read; - dev->parser->write_func = usbredir_write; -+ dev->parser->hello_func = usbredir_hello; - dev->parser->device_connect_func = usbredir_device_connect; - dev->parser->device_disconnect_func = usbredir_device_disconnect; - dev->parser->interface_info_func = usbredir_interface_info; -@@ -830,6 +832,7 @@ static void usbredir_open_close_bh(void *opaque) - dev->read_buf_size = 0; - - usbredirparser_caps_set_cap(caps, usb_redir_cap_connect_device_version); -+ usbredirparser_caps_set_cap(caps, usb_redir_cap_filter); - usbredirparser_init(dev->parser, VERSION, caps, USB_REDIR_CAPS_SIZE, 0); - usbredirparser_do_write(dev->parser); - } -@@ -1018,6 +1021,10 @@ static int usbredir_check_filter(USBRedirDevice *dev) - - error: - usbredir_device_disconnect(dev); -+ if (usbredirparser_peer_has_cap(dev->parser, usb_redir_cap_filter)) { -+ usbredirparser_send_filter_reject(dev->parser); -+ usbredirparser_do_write(dev->parser); -+ } - return -1; - } - -@@ -1043,6 +1050,19 @@ static int usbredir_handle_status(USBRedirDevice *dev, - } - } - -+static void usbredir_hello(void *priv, struct usb_redir_hello_header *h) -+{ -+ USBRedirDevice *dev = priv; -+ -+ /* Try to send the filter info now that we've the usb-host's caps */ -+ if (usbredirparser_peer_has_cap(dev->parser, usb_redir_cap_filter) && -+ dev->filter_rules) { -+ usbredirparser_send_filter_filter(dev->parser, dev->filter_rules, -+ dev->filter_rules_count); -+ usbredirparser_do_write(dev->parser); -+ } -+} -+ - static void usbredir_device_connect(void *priv, - struct usb_redir_device_connect_header *device_connect) - { --- -1.7.9.3 - diff --git a/0124-usb-redir-Limit-return-values-returned-by-iso-packet.patch b/0124-usb-redir-Limit-return-values-returned-by-iso-packet.patch deleted file mode 100644 index d35ae08..0000000 --- a/0124-usb-redir-Limit-return-values-returned-by-iso-packet.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 91338d1b4df14f7454d1b52200d2ae4eb957fa72 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Sun, 26 Feb 2012 15:28:51 +0100 -Subject: [PATCH 124/140] usb-redir: Limit return values returned by iso - packets - -The usbredir protocol uses a status of usb_redir_stall to indicate that -an iso data stream has stopped (ie because the urbs failed on resubmit), -but iso packets should never return a result of USB_RET_STALL, since iso -endpoints cannot stall. So instead simply always return USB_RET_NAK on -iso stream errors. - -Signed-off-by: Hans de Goede ---- - usb-redir.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/usb-redir.c b/usb-redir.c -index d10d8de..c76e55d 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -441,7 +441,7 @@ static int usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p, - /* Check iso_error for stream errors, otherwise its an underrun */ - status = dev->endpoint[EP2I(ep)].iso_error; - dev->endpoint[EP2I(ep)].iso_error = 0; -- return usbredir_handle_status(dev, status, 0); -+ return status ? USB_RET_NAK : 0; - } - DPRINTF2("iso-token-in ep %02X status %d len %d queue-size: %d\n", ep, - isop->status, isop->len, dev->endpoint[EP2I(ep)].bufpq_size); -@@ -449,7 +449,7 @@ static int usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p, - status = isop->status; - if (status != usb_redir_success) { - bufp_free(dev, isop, ep); -- return usbredir_handle_status(dev, status, 0); -+ return USB_RET_NAK; - } - - len = isop->len; --- -1.7.9.3 - diff --git a/0125-usb-redir-Return-USB_RET_NAK-when-we-ve-no-data-for-.patch b/0125-usb-redir-Return-USB_RET_NAK-when-we-ve-no-data-for-.patch deleted file mode 100644 index 516b431..0000000 --- a/0125-usb-redir-Return-USB_RET_NAK-when-we-ve-no-data-for-.patch +++ /dev/null @@ -1,33 +0,0 @@ -From ddb24b5063e3b4c90295bd4ddaab3bfc428ae79b Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Sun, 26 Feb 2012 15:51:50 +0100 -Subject: [PATCH 125/140] usb-redir: Return USB_RET_NAK when we've no data for - an interrupt endpoint - -We should return USB_RET_NAK, rather then a 0 sized packet, when we've no data -for an interrupt IN endpoint. - -Signed-off-by: Hans de Goede ---- - usb-redir.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/usb-redir.c b/usb-redir.c -index c76e55d..629c87d 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -558,7 +558,10 @@ static int usbredir_handle_interrupt_data(USBRedirDevice *dev, - /* Check interrupt_error for stream errors */ - status = dev->endpoint[EP2I(ep)].interrupt_error; - dev->endpoint[EP2I(ep)].interrupt_error = 0; -- return usbredir_handle_status(dev, status, 0); -+ if (status) { -+ return usbredir_handle_status(dev, status, 0); -+ } -+ return USB_RET_NAK; - } - DPRINTF("interrupt-token-in ep %02X status %d len %d\n", ep, - intp->status, intp->len); --- -1.7.9.3 - diff --git a/0126-usb-ehci-Handle-ISO-packets-failing-with-an-error-ot.patch b/0126-usb-ehci-Handle-ISO-packets-failing-with-an-error-ot.patch deleted file mode 100644 index 7c3c59d..0000000 --- a/0126-usb-ehci-Handle-ISO-packets-failing-with-an-error-ot.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 7a3acb928b617b33605c779e7df05c2c896844b1 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Mon, 20 Feb 2012 16:27:47 +0100 -Subject: [PATCH 126/140] usb-ehci: Handle ISO packets failing with an error - other then NAK - -Before this patch the ehci code was not checking for any other errors other -then USB_RET_NAK. This causes 2 problems: -1) Other errors are not reported to the guest. -2) When transactions with the ITD_XACT_IOC bit set completing with another - error would not result in USBSTS_INT getting set. - -I hit this problem when unplugging devices while iso data was streaming from -the device to the guest. When this happens it takes a while for the guest to -process the unplugging and remove ISO transactions from the ehci schedule, in -the mean time these transactions would complete with a result of USB_RET_NODEV, -which was not handled. This lead to the Linux guest's usb subsystem "hanging", -that is it would no longer see new usb devices getting plugged in and running -for example lsusb would lead to a stuck (D state) lsusb process. This patch -fixes this. - -Signed-off-by: Hans de Goede ---- - hw/usb-ehci.c | 22 +++++++++++++++++++--- - 1 file changed, 19 insertions(+), 3 deletions(-) - -diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c -index 69bcc4b..a6b6ae5 100644 ---- a/hw/usb-ehci.c -+++ b/hw/usb-ehci.c -@@ -1512,11 +1512,27 @@ static int ehci_process_itd(EHCIState *ehci, - /* IN */ - set_field(&itd->transact[i], ret, ITD_XACT_LENGTH); - } -- -- if (itd->transact[i] & ITD_XACT_IOC) { -- ehci_record_interrupt(ehci, USBSTS_INT); -+ } else { -+ switch (ret) { -+ default: -+ fprintf(stderr, "Unexpected iso usb result: %d\n", ret); -+ /* Fall through */ -+ case USB_RET_NODEV: -+ /* 3.3.2: XACTERR is only allowed on IN transactions */ -+ if (dir) { -+ itd->transact[i] |= ITD_XACT_XACTERR; -+ ehci_record_interrupt(ehci, USBSTS_ERRINT); -+ } -+ break; -+ case USB_RET_BABBLE: -+ itd->transact[i] |= ITD_XACT_BABBLE; -+ ehci_record_interrupt(ehci, USBSTS_ERRINT); -+ break; - } - } -+ if (itd->transact[i] & ITD_XACT_IOC) { -+ ehci_record_interrupt(ehci, USBSTS_INT); -+ } - itd->transact[i] &= ~ITD_XACT_ACTIVE; - } - } --- -1.7.9.3 - diff --git a/0127-usb-ehci-Never-follow-table-entries-with-the-T-bit-s.patch b/0127-usb-ehci-Never-follow-table-entries-with-the-T-bit-s.patch deleted file mode 100644 index e437048..0000000 --- a/0127-usb-ehci-Never-follow-table-entries-with-the-T-bit-s.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 82e500c24a026323e0b8b869e227cc68b179fb11 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Mon, 27 Feb 2012 11:44:52 +0100 -Subject: [PATCH 127/140] usb-ehci: Never follow table entries with the T-bit - set - -Before this patch the T-bit was not checked in 2 places, while it should be. - -Once we properly check the T-bit everywhere we no longer need the weird -entry < 0x1000 and entry > 0x1000 checks, so this patch removes them. - -Signed-off-by: Hans de Goede ---- - hw/usb-ehci.c | 10 ++++------ - 1 file changed, 4 insertions(+), 6 deletions(-) - -diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c -index a6b6ae5..37076a9 100644 ---- a/hw/usb-ehci.c -+++ b/hw/usb-ehci.c -@@ -1596,8 +1596,7 @@ static int ehci_state_fetchentry(EHCIState *ehci, int async) - int again = 0; - uint32_t entry = ehci_get_fetch_addr(ehci, async); - -- if (entry < 0x1000) { -- DPRINTF("fetchentry: entry invalid (0x%08x)\n", entry); -+ if (NLPTR_TBIT(entry)) { - ehci_set_state(ehci, async, EST_ACTIVE); - goto out; - } -@@ -1705,7 +1704,8 @@ static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async) - if (q->qh.token & QTD_TOKEN_HALT) { - ehci_set_state(ehci, async, EST_HORIZONTALQH); - -- } else if ((q->qh.token & QTD_TOKEN_ACTIVE) && (q->qh.current_qtd > 0x1000)) { -+ } else if ((q->qh.token & QTD_TOKEN_ACTIVE) && -+ (NLPTR_TBIT(q->qh.current_qtd) == 0)) { - q->qtdaddr = q->qh.current_qtd; - ehci_set_state(ehci, async, EST_FETCHQTD); - -@@ -1784,7 +1784,6 @@ static int ehci_state_advqueue(EHCIQueue *q, int async) - * want data and alt-next qTD is valid - */ - if (((q->qh.token & QTD_TOKEN_TBYTES_MASK) != 0) && -- (q->qh.altnext_qtd > 0x1000) && - (NLPTR_TBIT(q->qh.altnext_qtd) == 0)) { - q->qtdaddr = q->qh.altnext_qtd; - ehci_set_state(q->ehci, async, EST_FETCHQTD); -@@ -1792,8 +1791,7 @@ static int ehci_state_advqueue(EHCIQueue *q, int async) - /* - * next qTD is valid - */ -- } else if ((q->qh.next_qtd > 0x1000) && -- (NLPTR_TBIT(q->qh.next_qtd) == 0)) { -+ } else if (NLPTR_TBIT(q->qh.next_qtd) == 0) { - q->qtdaddr = q->qh.next_qtd; - ehci_set_state(q->ehci, async, EST_FETCHQTD); - --- -1.7.9.3 - diff --git a/0128-usb-ehci-split-our-qh-queue-into-async-and-periodic-.patch b/0128-usb-ehci-split-our-qh-queue-into-async-and-periodic-.patch deleted file mode 100644 index 6272c84..0000000 --- a/0128-usb-ehci-split-our-qh-queue-into-async-and-periodic-.patch +++ /dev/null @@ -1,219 +0,0 @@ -From 0f1e5b8d4f36de8b6b1301740226c9858b5a0318 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Tue, 28 Feb 2012 16:34:38 +0100 -Subject: [PATCH 128/140] usb-ehci: split our qh queue into async and periodic - queues - -qhs can be part of both the async and the periodic schedule, as is shown -in later patches in this series it is useful to keep track of the qhs on -a per schedule basis. - -Signed-off-by: Hans de Goede ---- - hw/usb-ehci.c | 62 ++++++++++++++++++++++++++++++++++----------------------- - 1 file changed, 37 insertions(+), 25 deletions(-) - -diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c -index 37076a9..980cce3 100644 ---- a/hw/usb-ehci.c -+++ b/hw/usb-ehci.c -@@ -347,7 +347,6 @@ enum async_state { - struct EHCIQueue { - EHCIState *ehci; - QTAILQ_ENTRY(EHCIQueue) next; -- bool async_schedule; - uint32_t seen; - uint64_t ts; - -@@ -367,6 +366,8 @@ struct EHCIQueue { - int usb_status; - }; - -+typedef QTAILQ_HEAD(EHCIQueueHead, EHCIQueue) EHCIQueueHead; -+ - struct EHCIState { - PCIDevice dev; - USBBus bus; -@@ -410,7 +411,8 @@ struct EHCIState { - USBPort ports[NB_PORTS]; - USBPort *companion_ports[NB_PORTS]; - uint32_t usbsts_pending; -- QTAILQ_HEAD(, EHCIQueue) queues; -+ EHCIQueueHead aqueues; -+ EHCIQueueHead pqueues; - - uint32_t a_fetch_addr; // which address to look at next - uint32_t p_fetch_addr; // which address to look at next -@@ -660,31 +662,34 @@ static void ehci_trace_sitd(EHCIState *s, target_phys_addr_t addr, - - static EHCIQueue *ehci_alloc_queue(EHCIState *ehci, int async) - { -+ EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; - EHCIQueue *q; - - q = g_malloc0(sizeof(*q)); - q->ehci = ehci; -- q->async_schedule = async; -- QTAILQ_INSERT_HEAD(&ehci->queues, q, next); -+ QTAILQ_INSERT_HEAD(head, q, next); - trace_usb_ehci_queue_action(q, "alloc"); - return q; - } - --static void ehci_free_queue(EHCIQueue *q) -+static void ehci_free_queue(EHCIQueue *q, int async) - { -+ EHCIQueueHead *head = async ? &q->ehci->aqueues : &q->ehci->pqueues; - trace_usb_ehci_queue_action(q, "free"); - if (q->async == EHCI_ASYNC_INFLIGHT) { - usb_cancel_packet(&q->packet); - } -- QTAILQ_REMOVE(&q->ehci->queues, q, next); -+ QTAILQ_REMOVE(head, q, next); - g_free(q); - } - --static EHCIQueue *ehci_find_queue_by_qh(EHCIState *ehci, uint32_t addr) -+static EHCIQueue *ehci_find_queue_by_qh(EHCIState *ehci, uint32_t addr, -+ int async) - { -+ EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; - EHCIQueue *q; - -- QTAILQ_FOREACH(q, &ehci->queues, next) { -+ QTAILQ_FOREACH(q, head, next) { - if (addr == q->qhaddr) { - return q; - } -@@ -692,11 +697,12 @@ static EHCIQueue *ehci_find_queue_by_qh(EHCIState *ehci, uint32_t addr) - return NULL; - } - --static void ehci_queues_rip_unused(EHCIState *ehci) -+static void ehci_queues_rip_unused(EHCIState *ehci, int async) - { -+ EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; - EHCIQueue *q, *tmp; - -- QTAILQ_FOREACH_SAFE(q, &ehci->queues, next, tmp) { -+ QTAILQ_FOREACH_SAFE(q, head, next, tmp) { - if (q->seen) { - q->seen = 0; - q->ts = ehci->last_run_ns; -@@ -706,28 +712,30 @@ static void ehci_queues_rip_unused(EHCIState *ehci) - /* allow 0.25 sec idle */ - continue; - } -- ehci_free_queue(q); -+ ehci_free_queue(q, async); - } - } - --static void ehci_queues_rip_device(EHCIState *ehci, USBDevice *dev) -+static void ehci_queues_rip_device(EHCIState *ehci, USBDevice *dev, int async) - { -+ EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; - EHCIQueue *q, *tmp; - -- QTAILQ_FOREACH_SAFE(q, &ehci->queues, next, tmp) { -+ QTAILQ_FOREACH_SAFE(q, head, next, tmp) { - if (q->packet.owner != dev) { - continue; - } -- ehci_free_queue(q); -+ ehci_free_queue(q, async); - } - } - --static void ehci_queues_rip_all(EHCIState *ehci) -+static void ehci_queues_rip_all(EHCIState *ehci, int async) - { -+ EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; - EHCIQueue *q, *tmp; - -- QTAILQ_FOREACH_SAFE(q, &ehci->queues, next, tmp) { -- ehci_free_queue(q); -+ QTAILQ_FOREACH_SAFE(q, head, next, tmp) { -+ ehci_free_queue(q, async); - } - } - -@@ -772,7 +780,8 @@ static void ehci_detach(USBPort *port) - return; - } - -- ehci_queues_rip_device(s, port->dev); -+ ehci_queues_rip_device(s, port->dev, 0); -+ ehci_queues_rip_device(s, port->dev, 1); - - *portsc &= ~(PORTSC_CONNECT|PORTSC_PED); - *portsc |= PORTSC_CSC; -@@ -792,7 +801,8 @@ static void ehci_child_detach(USBPort *port, USBDevice *child) - return; - } - -- ehci_queues_rip_device(s, child); -+ ehci_queues_rip_device(s, child, 0); -+ ehci_queues_rip_device(s, child, 1); - } - - static void ehci_wakeup(USBPort *port) -@@ -890,7 +900,8 @@ static void ehci_reset(void *opaque) - usb_send_msg(devs[i], USB_MSG_RESET); - } - } -- ehci_queues_rip_all(s); -+ ehci_queues_rip_all(s, 0); -+ ehci_queues_rip_all(s, 1); - } - - static uint32_t ehci_mem_readb(void *ptr, target_phys_addr_t addr) -@@ -1554,7 +1565,7 @@ static int ehci_state_waitlisthead(EHCIState *ehci, int async) - ehci_set_usbsts(ehci, USBSTS_REC); - } - -- ehci_queues_rip_unused(ehci); -+ ehci_queues_rip_unused(ehci, async); - - /* Find the head of the list (4.9.1.1) */ - for(i = 0; i < MAX_QH; i++) { -@@ -1641,7 +1652,7 @@ static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async) - int reload; - - entry = ehci_get_fetch_addr(ehci, async); -- q = ehci_find_queue_by_qh(ehci, entry); -+ q = ehci_find_queue_by_qh(ehci, entry, async); - if (NULL == q) { - q = ehci_alloc_queue(ehci, async); - } -@@ -2092,7 +2103,7 @@ static void ehci_advance_state(EHCIState *ehci, - - static void ehci_advance_async_state(EHCIState *ehci) - { -- int async = 1; -+ const int async = 1; - - switch(ehci_get_state(ehci, async)) { - case EST_INACTIVE: -@@ -2149,7 +2160,7 @@ static void ehci_advance_periodic_state(EHCIState *ehci) - { - uint32_t entry; - uint32_t list; -- int async = 0; -+ const int async = 0; - - // 4.6 - -@@ -2366,7 +2377,8 @@ static int usb_ehci_initfn(PCIDevice *dev) - } - - s->frame_timer = qemu_new_timer_ns(vm_clock, ehci_frame_timer, s); -- QTAILQ_INIT(&s->queues); -+ QTAILQ_INIT(&s->aqueues); -+ QTAILQ_INIT(&s->pqueues); - - qemu_register_reset(ehci_reset, s); - --- -1.7.9.3 - diff --git a/0129-usb-ehci-always-call-ehci_queues_rip_unused-for-peri.patch b/0129-usb-ehci-always-call-ehci_queues_rip_unused-for-peri.patch deleted file mode 100644 index 6305ec4..0000000 --- a/0129-usb-ehci-always-call-ehci_queues_rip_unused-for-peri.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 320063f7165c5a5f9ddd5a09a4663bc1a81f5bd6 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Fri, 2 Mar 2012 13:52:44 +0100 -Subject: [PATCH 129/140] usb-ehci: always call ehci_queues_rip_unused for - period queues - -Before this patch USB 2 devices with interrupt endpoints were not working -properly. The problem is that to avoid loops we stop processing as soon -as we encounter a queue-head (qh) we've already seen since qhs can be linked -in a circular fashion, this is tracked by the seen flag in our qh struct. - -The resetting of the seen flag is done from ehci_queues_rip_unused which -before this patch was only called when executing the statemachine for the -async schedule. - -But packets for interrupt endpoints are part of the periodic schedule! So what -would happen is that when there were no ctrl or bulk packets for a USB 2 -device with an interrupt endpoint, the async schedule would become non -active, then ehci_queues_rip_unused would no longer get called and when -processing the qhs for the interrupt endpoints from the periodic schedule -their seen bit would still be 1 and they would be skipped. - -Signed-off-by: Hans de Goede ---- - hw/usb-ehci.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c -index 980cce3..422afc8 100644 ---- a/hw/usb-ehci.c -+++ b/hw/usb-ehci.c -@@ -2195,6 +2195,7 @@ static void ehci_advance_periodic_state(EHCIState *ehci) - ehci_set_fetch_addr(ehci, async,entry); - ehci_set_state(ehci, async, EST_FETCHENTRY); - ehci_advance_state(ehci, async); -+ ehci_queues_rip_unused(ehci, async, 0); - break; - - default: --- -1.7.9.3 - diff --git a/0130-usb-ehci-Drop-cached-qhs-when-the-doorbell-gets-rung.patch b/0130-usb-ehci-Drop-cached-qhs-when-the-doorbell-gets-rung.patch deleted file mode 100644 index fa1b20d..0000000 --- a/0130-usb-ehci-Drop-cached-qhs-when-the-doorbell-gets-rung.patch +++ /dev/null @@ -1,115 +0,0 @@ -From 35562fb521547e081e732453a6395fc00d9ee9e4 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Thu, 1 Mar 2012 15:20:17 +0100 -Subject: [PATCH 130/140] usb-ehci: Drop cached qhs when the doorbell gets - rung - -The purpose of the IAAD bit / the doorbell is to make the ehci controller -forget about cached qhs, this is mainly used when cancelling transactions, -the qh is unlinked from the async schedule and then the doorbell gets rung, -once the doorbell is acked by the controller the hcd knows that the qh is -no longer in use and that it can do something else with the memory, such -as re-use it for a new qh! But we keep our struct representing this qh around -for circa 250 ms. This allows for a (mightily large) race window where the -following could happen: --hcd submits a qh at address 0xdeadbeef --our ehci code sees the qh, sends a request to a usb-device, gets a result - of USB_RET_ASYNC, sets the async_state of the qh to EHCI_ASYNC_INFLIGHT --hcd unlinks the qh at address 0xdeadbeef --hcd rings the doorbell, wait for us to ack it --hcd re-uses the qh at address 0xdeadbeef --our ehci code sees the qh, looks in the async_queue, sees there already is - a qh at address 0xdeadbeef there with async_state of EHCI_ASYNC_INFLIGHT, - does nothing --the *original* (which the hcd thinks it has cancelled) transaction finishes --our ehci code sees the qh on yet another pass through the async list, - looks in the async_queue, sees there already is a qh at address 0xdeadbeef - there with async_state of EHCI_ASYNC_COMPLETED, and finished the transaction - with the results of the *original* transaction. - -Not good (tm), this patch fixes this race by removing all qhs which have not -been seen during the last cycle through the async list immidiately when the -doorbell is rung. - -Note this patch does not fix any actually observed problem, but upon -reading of the EHCI spec it became apparent to me that the above race could -happen and the usb-ehci behavior from before this patch is not good. - -Signed-off-by: Hans de Goede ---- - hw/usb-ehci.c | 31 ++++++++++++++++--------------- - 1 file changed, 16 insertions(+), 15 deletions(-) - -diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c -index 422afc8..b8ba483 100644 ---- a/hw/usb-ehci.c -+++ b/hw/usb-ehci.c -@@ -697,7 +697,7 @@ static EHCIQueue *ehci_find_queue_by_qh(EHCIState *ehci, uint32_t addr, - return NULL; - } - --static void ehci_queues_rip_unused(EHCIState *ehci, int async) -+static void ehci_queues_rip_unused(EHCIState *ehci, int async, int flush) - { - EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; - EHCIQueue *q, *tmp; -@@ -708,7 +708,7 @@ static void ehci_queues_rip_unused(EHCIState *ehci, int async) - q->ts = ehci->last_run_ns; - continue; - } -- if (ehci->last_run_ns < q->ts + 250000000) { -+ if (!flush && ehci->last_run_ns < q->ts + 250000000) { - /* allow 0.25 sec idle */ - continue; - } -@@ -1565,7 +1565,7 @@ static int ehci_state_waitlisthead(EHCIState *ehci, int async) - ehci_set_usbsts(ehci, USBSTS_REC); - } - -- ehci_queues_rip_unused(ehci, async); -+ ehci_queues_rip_unused(ehci, async, 0); - - /* Find the head of the list (4.9.1.1) */ - for(i = 0; i < MAX_QH; i++) { -@@ -2121,18 +2121,7 @@ static void ehci_advance_async_state(EHCIState *ehci) - break; - } - -- /* If the doorbell is set, the guest wants to make a change to the -- * schedule. The host controller needs to release cached data. -- * (section 4.8.2) -- */ -- if (ehci->usbcmd & USBCMD_IAAD) { -- DPRINTF("ASYNC: doorbell request acknowledged\n"); -- ehci->usbcmd &= ~USBCMD_IAAD; -- ehci_set_interrupt(ehci, USBSTS_IAA); -- break; -- } -- -- /* make sure guest has acknowledged */ -+ /* make sure guest has acknowledged the doorbell interrupt */ - /* TO-DO: is this really needed? */ - if (ehci->usbsts & USBSTS_IAA) { - DPRINTF("IAA status bit still set.\n"); -@@ -2146,6 +2135,18 @@ static void ehci_advance_async_state(EHCIState *ehci) - - ehci_set_state(ehci, async, EST_WAITLISTHEAD); - ehci_advance_state(ehci, async); -+ -+ /* If the doorbell is set, the guest wants to make a change to the -+ * schedule. The host controller needs to release cached data. -+ * (section 4.8.2) -+ */ -+ if (ehci->usbcmd & USBCMD_IAAD) { -+ /* Remove all unseen qhs from the async qhs queue */ -+ ehci_queues_rip_unused(ehci, async, 1); -+ DPRINTF("ASYNC: doorbell request acknowledged\n"); -+ ehci->usbcmd &= ~USBCMD_IAAD; -+ ehci_set_interrupt(ehci, USBSTS_IAA); -+ } - break; - - default: --- -1.7.9.3 - diff --git a/0131-usb-ehci-Rip-the-queues-when-the-async-or-period-sch.patch b/0131-usb-ehci-Rip-the-queues-when-the-async-or-period-sch.patch deleted file mode 100644 index 3f07ca0..0000000 --- a/0131-usb-ehci-Rip-the-queues-when-the-async-or-period-sch.patch +++ /dev/null @@ -1,44 +0,0 @@ -From cbb6384d32c4926822ba9216992253deef9ef3b5 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Fri, 2 Mar 2012 11:02:04 +0100 -Subject: [PATCH 131/140] usb-ehci: Rip the queues when the async or period - schedule is halted - -Signed-off-by: Hans de Goede ---- - hw/usb-ehci.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c -index b8ba483..11eded7 100644 ---- a/hw/usb-ehci.c -+++ b/hw/usb-ehci.c -@@ -1054,7 +1054,8 @@ static void ehci_mem_writel(void *ptr, target_phys_addr_t addr, uint32_t val) - - if (!(val & USBCMD_RUNSTOP) && (s->usbcmd & USBCMD_RUNSTOP)) { - qemu_del_timer(s->frame_timer); -- // TODO - should finish out some stuff before setting halt -+ ehci_queues_rip_all(s, 0); -+ ehci_queues_rip_all(s, 1); - ehci_set_usbsts(s, USBSTS_HALT); - } - -@@ -2116,6 +2117,7 @@ static void ehci_advance_async_state(EHCIState *ehci) - - case EST_ACTIVE: - if ( !(ehci->usbcmd & USBCMD_ASE)) { -+ ehci_queues_rip_all(ehci, async); - ehci_clear_usbsts(ehci, USBSTS_ASS); - ehci_set_state(ehci, async, EST_INACTIVE); - break; -@@ -2176,6 +2178,7 @@ static void ehci_advance_periodic_state(EHCIState *ehci) - - case EST_ACTIVE: - if ( !(ehci->frindex & 7) && !(ehci->usbcmd & USBCMD_PSE)) { -+ ehci_queues_rip_all(ehci, async); - ehci_clear_usbsts(ehci, USBSTS_PSS); - ehci_set_state(ehci, async, EST_INACTIVE); - break; --- -1.7.9.3 - diff --git a/0132-usb-ehci-Any-packet-completion-except-for-NAK-should.patch b/0132-usb-ehci-Any-packet-completion-except-for-NAK-should.patch deleted file mode 100644 index 7107ed8..0000000 --- a/0132-usb-ehci-Any-packet-completion-except-for-NAK-should.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 73a9969c47459ee208d6247999823f2a36ee51fe Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Thu, 1 Mar 2012 16:34:56 +0100 -Subject: [PATCH 132/140] usb-ehci: Any packet completion except for NAK - should set the interrupt - -As clearly stated in the 2.3.2 of the EHCI spec, any time USBERRINT get -sets then if the td has its IOC bit set USBINT should be set as well. - -This means that for any status except for USB_RET_NAK we should set -USBINT if the IOC bit is set. - -Signed-off-by: Hans de Goede ---- - hw/usb-ehci.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c -index 11eded7..bc5f591 100644 ---- a/hw/usb-ehci.c -+++ b/hw/usb-ehci.c -@@ -1338,7 +1338,7 @@ err: - q->qh.token ^= QTD_TOKEN_DTOGGLE; - q->qh.token &= ~QTD_TOKEN_ACTIVE; - -- if ((q->usb_status >= 0) && (q->qh.token & QTD_TOKEN_IOC)) { -+ if ((q->usb_status != USB_RET_NAK) && (q->qh.token & QTD_TOKEN_IOC)) { - ehci_record_interrupt(q->ehci, USBSTS_INT); - } - } --- -1.7.9.3 - diff --git a/0133-usb-ehci-Fix-cerr-tracking.patch b/0133-usb-ehci-Fix-cerr-tracking.patch deleted file mode 100644 index 6ae9d8e..0000000 --- a/0133-usb-ehci-Fix-cerr-tracking.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 6e6bfa88ae3867afd8258b43e3c05cba2585ee37 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Thu, 1 Mar 2012 21:43:56 +0100 -Subject: [PATCH 133/140] usb-ehci: Fix cerr tracking - -cerr should only be decremented on errors which cause XactErr to be set, and -when that happens the failing transaction should be retried until cerr reaches -0 and only then should USBSTS_ERRINT be set (and inactive cleared and -USBSTS_INT set if requested). - -Since we don't have any hardware level errors (and in case of redirection -the real hardware has already retried), re-trying makes no sense, so -immediately set cerr to 0 on errors which set XactErr. - -Signed-off-by: Hans de Goede ---- - hw/usb-ehci.c | 19 ++++++------------- - 1 file changed, 6 insertions(+), 13 deletions(-) - -diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c -index bc5f591..a3d5c11 100644 ---- a/hw/usb-ehci.c -+++ b/hw/usb-ehci.c -@@ -1269,7 +1269,7 @@ static void ehci_async_complete_packet(USBPort *port, USBPacket *packet) - - static void ehci_execute_complete(EHCIQueue *q) - { -- int c_err, reload; -+ int reload; - - assert(q->async != EHCI_ASYNC_INFLIGHT); - q->async = EHCI_ASYNC_NONE; -@@ -1278,15 +1278,10 @@ static void ehci_execute_complete(EHCIQueue *q) - q->qhaddr, q->qh.next, q->qtdaddr, q->usb_status); - - if (q->usb_status < 0) { --err: -- /* TO-DO: put this is in a function that can be invoked below as well */ -- c_err = get_field(q->qh.token, QTD_TOKEN_CERR); -- c_err--; -- set_field(&q->qh.token, c_err, QTD_TOKEN_CERR); -- - switch(q->usb_status) { - case USB_RET_NODEV: - q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_XACTERR); -+ set_field(&q->qh.token, 0, QTD_TOKEN_CERR); - ehci_record_interrupt(q->ehci, USBSTS_ERRINT); - break; - case USB_RET_STALL: -@@ -1314,15 +1309,13 @@ err: - assert(0); - break; - } -+ } else if ((q->usb_status > q->tbytes) && (q->pid == USB_TOKEN_IN)) { -+ q->usb_status = USB_RET_BABBLE; -+ q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_BABBLE); -+ ehci_record_interrupt(q->ehci, USBSTS_ERRINT); - } else { -- // DPRINTF("Short packet condition\n"); - // TODO check 4.12 for splits - -- if ((q->usb_status > q->tbytes) && (q->pid == USB_TOKEN_IN)) { -- q->usb_status = USB_RET_BABBLE; -- goto err; -- } -- - if (q->tbytes && q->pid == USB_TOKEN_IN) { - q->tbytes -= q->usb_status; - } else { --- -1.7.9.3 - diff --git a/0134-usb-ehci-Remove-dead-nakcnt-code.patch b/0134-usb-ehci-Remove-dead-nakcnt-code.patch deleted file mode 100644 index 657ab26..0000000 --- a/0134-usb-ehci-Remove-dead-nakcnt-code.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 6177c3610b6416a7200ae6c6985f01fccdbdc7e5 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Thu, 1 Mar 2012 23:11:13 +0100 -Subject: [PATCH 134/140] usb-ehci: Remove dead nakcnt code - -This patch removes 2 bits of dead nakcnt code: - -1) usb_ehci_execute calls ehci_qh_do_overlay which does: -nakcnt = reload; -and then has a block of code which is conditional on: -if (reload && !nakcnt) { -which ofcourse is never true now as nakcnt == reload. - -2) ehci_state_fetchqh does: -nakcnt = reload; -but before nakcnt is ever used ehci_state_fetchqh is always followed -by a ehci_qh_do_overlay call which also does: -nakcnt = reload; -So doing this from ehci_state_fetchqh is redundant. - -Signed-off-by: Hans de Goede ---- - hw/usb-ehci.c | 20 -------------------- - 1 file changed, 20 deletions(-) - -diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c -index a3d5c11..92cdf2a 100644 ---- a/hw/usb-ehci.c -+++ b/hw/usb-ehci.c -@@ -1643,7 +1643,6 @@ static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async) - { - uint32_t entry; - EHCIQueue *q; -- int reload; - - entry = ehci_get_fetch_addr(ehci, async); - q = ehci_find_queue_by_qh(ehci, entry, async); -@@ -1701,11 +1700,6 @@ static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async) - } - #endif - -- reload = get_field(q->qh.epchar, QH_EPCHAR_RL); -- if (reload) { -- set_field(&q->qh.altnext_qtd, reload, QH_ALTNEXT_NAKCNT); -- } -- - if (q->qh.token & QTD_TOKEN_HALT) { - ehci_set_state(ehci, async, EST_HORIZONTALQH); - -@@ -1865,25 +1859,11 @@ static void ehci_flush_qh(EHCIQueue *q) - static int ehci_state_execute(EHCIQueue *q, int async) - { - int again = 0; -- int reload, nakcnt; -- int smask; - - if (ehci_qh_do_overlay(q) != 0) { - return -1; - } - -- smask = get_field(q->qh.epcap, QH_EPCAP_SMASK); -- -- if (!smask) { -- reload = get_field(q->qh.epchar, QH_EPCHAR_RL); -- nakcnt = get_field(q->qh.altnext_qtd, QH_ALTNEXT_NAKCNT); -- if (reload && !nakcnt) { -- ehci_set_state(q->ehci, async, EST_HORIZONTALQH); -- again = 1; -- goto out; -- } -- } -- - // TODO verify enough time remains in the uframe as in 4.4.1.1 - // TODO write back ptr to async list when done or out of time - // TODO Windows does not seem to ever set the MULT field --- -1.7.9.3 - diff --git a/0135-usb-ehci-Fix-and-simplify-nakcnt-handling.patch b/0135-usb-ehci-Fix-and-simplify-nakcnt-handling.patch deleted file mode 100644 index 351f9e4..0000000 --- a/0135-usb-ehci-Fix-and-simplify-nakcnt-handling.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 2d9b6cb9bd00ede47635dc4db413f647143d5a1d Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Thu, 1 Mar 2012 23:55:11 +0100 -Subject: [PATCH 135/140] usb-ehci: Fix and simplify nakcnt handling - -The nakcnt code in ehci_execute_complete() marked transactions as finished -when a packet completed with a result of USB_RET_NAK, but USB_RET_NAK -means that the device cannot receive / send data at that time and that -the transaction should be retried later, which is also what the usb-uhci -and usb-ohci code does. - -Note that there already was some special code in place to handle this -for interrupt endpoints in the form of doing a return from -ehci_execute_complete() when reload == 0, but that for bulk transactions -this was not handled correctly (where as for example the usb-ccid device does -return USB_RET_NAK for bulk packets). - -Besides that the code in ehci_execute_complete() decrement nakcnt by 1 -on a packet result of USB_RET_NAK, but --since the transaction got marked as finished, - nakcnt would never be decremented again --there is no code checking for nakcnt becoming 0 --there is no use in re-trying the transaction within the same usb frame / - usb-ehci frame-timer call, since the status of emulated devices won't change - as long as the usb-ehci frame-timer is running -So we should simply set the nakcnt to 0 when we get a USB_RET_NAK, thus -claiming that we've tried reload times (or as many times as possible if -reload is 0). - -Besides the code in ehci_execute_complete() handling USB_RET_NAK there -was also code handling it in ehci_state_executing(), which calls -ehci_execute_complete(), and then does its own handling on top of the handling -in ehci_execute_complete(), this code would decrement nakcnt *again* (if not -already 0), or restore the reload value (which was never changed) on success. - -Since the double decrement was wrong to begin with, and is no longer needed -now that we set nakcnt directly to 0 on USB_RET_NAK, and the restore of reload -is not needed either, this patch simply removes all nakcnt handling from -ehci_state_executing(). - -Signed-off-by: Hans de Goede ---- - hw/usb-ehci.c | 32 ++++---------------------------- - 1 file changed, 4 insertions(+), 28 deletions(-) - -diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c -index 92cdf2a..aa6fae5 100644 ---- a/hw/usb-ehci.c -+++ b/hw/usb-ehci.c -@@ -1269,8 +1269,6 @@ static void ehci_async_complete_packet(USBPort *port, USBPacket *packet) - - static void ehci_execute_complete(EHCIQueue *q) - { -- int reload; -- - assert(q->async != EHCI_ASYNC_INFLIGHT); - q->async = EHCI_ASYNC_NONE; - -@@ -1289,16 +1287,8 @@ static void ehci_execute_complete(EHCIQueue *q) - ehci_record_interrupt(q->ehci, USBSTS_ERRINT); - break; - case USB_RET_NAK: -- /* 4.10.3 */ -- reload = get_field(q->qh.epchar, QH_EPCHAR_RL); -- if ((q->pid == USB_TOKEN_IN) && reload) { -- int nakcnt = get_field(q->qh.altnext_qtd, QH_ALTNEXT_NAKCNT); -- nakcnt--; -- set_field(&q->qh.altnext_qtd, nakcnt, QH_ALTNEXT_NAKCNT); -- } else if (!reload) { -- return; -- } -- break; -+ set_field(&q->qh.altnext_qtd, 0, QH_ALTNEXT_NAKCNT); -+ return; /* We're not done yet with this transaction */ - case USB_RET_BABBLE: - q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_BABBLE); - ehci_record_interrupt(q->ehci, USBSTS_ERRINT); -@@ -1331,7 +1321,7 @@ static void ehci_execute_complete(EHCIQueue *q) - q->qh.token ^= QTD_TOKEN_DTOGGLE; - q->qh.token &= ~QTD_TOKEN_ACTIVE; - -- if ((q->usb_status != USB_RET_NAK) && (q->qh.token & QTD_TOKEN_IOC)) { -+ if (q->qh.token & QTD_TOKEN_IOC) { - ehci_record_interrupt(q->ehci, USBSTS_INT); - } - } -@@ -1905,7 +1895,6 @@ out: - static int ehci_state_executing(EHCIQueue *q, int async) - { - int again = 0; -- int reload, nakcnt; - - ehci_execute_complete(q); - if (q->usb_status == USB_RET_ASYNC) { -@@ -1925,21 +1914,8 @@ static int ehci_state_executing(EHCIQueue *q, int async) - // counter decrements to 0 - } - -- reload = get_field(q->qh.epchar, QH_EPCHAR_RL); -- if (reload) { -- nakcnt = get_field(q->qh.altnext_qtd, QH_ALTNEXT_NAKCNT); -- if (q->usb_status == USB_RET_NAK) { -- if (nakcnt) { -- nakcnt--; -- } -- } else { -- nakcnt = reload; -- } -- set_field(&q->qh.altnext_qtd, nakcnt, QH_ALTNEXT_NAKCNT); -- } -- - /* 4.10.5 */ -- if ((q->usb_status == USB_RET_NAK) || (q->qh.token & QTD_TOKEN_ACTIVE)) { -+ if (q->usb_status == USB_RET_NAK) { - ehci_set_state(q->ehci, async, EST_HORIZONTALQH); - } else { - ehci_set_state(q->ehci, async, EST_WRITEBACK); --- -1.7.9.3 - diff --git a/0136-usb-ehci-Remove-dead-isoch_pause-code.patch b/0136-usb-ehci-Remove-dead-isoch_pause-code.patch deleted file mode 100644 index 7d47913..0000000 --- a/0136-usb-ehci-Remove-dead-isoch_pause-code.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 0e6cd6e6da3d0648204526e8ebd79047f48d009a Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Fri, 2 Mar 2012 00:36:50 +0100 -Subject: [PATCH 136/140] usb-ehci: Remove dead isoch_pause code - -I see no value in keeping this around, so lets delete it. - -Signed-off-by: Hans de Goede ---- - hw/usb-ehci.c | 60 +++++++++++++++------------------------------------------ - 1 file changed, 15 insertions(+), 45 deletions(-) - -diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c -index aa6fae5..72c3f2a 100644 ---- a/hw/usb-ehci.c -+++ b/hw/usb-ehci.c -@@ -419,7 +419,6 @@ struct EHCIState { - - USBPacket ipacket; - QEMUSGList isgl; -- int isoch_pause; - - uint64_t last_run_ns; - }; -@@ -886,7 +885,6 @@ static void ehci_reset(void *opaque) - - s->astate = EST_INACTIVE; - s->pstate = EST_INACTIVE; -- s->isoch_pause = -1; - s->attach_poll_counter = 0; - - for(i = 0; i < NB_PORTS; i++) { -@@ -1468,46 +1466,7 @@ static int ehci_process_itd(EHCIState *ehci, - usb_packet_unmap(&ehci->ipacket); - qemu_sglist_destroy(&ehci->isgl); - --#if 0 -- /* In isoch, there is no facility to indicate a NAK so let's -- * instead just complete a zero-byte transaction. Setting -- * DBERR seems too draconian. -- */ -- -- if (ret == USB_RET_NAK) { -- if (ehci->isoch_pause > 0) { -- DPRINTF("ISOCH: received a NAK but paused so returning\n"); -- ehci->isoch_pause--; -- return 0; -- } else if (ehci->isoch_pause == -1) { -- DPRINTF("ISOCH: recv NAK & isoch pause inactive, setting\n"); -- // Pause frindex for up to 50 msec waiting for data from -- // remote -- ehci->isoch_pause = 50; -- return 0; -- } else { -- DPRINTF("ISOCH: isoch pause timeout! return 0\n"); -- ret = 0; -- } -- } else { -- DPRINTF("ISOCH: received ACK, clearing pause\n"); -- ehci->isoch_pause = -1; -- } --#else -- if (ret == USB_RET_NAK) { -- ret = 0; -- } --#endif -- -- if (ret >= 0) { -- if (!dir) { -- /* OUT */ -- set_field(&itd->transact[i], len - ret, ITD_XACT_LENGTH); -- } else { -- /* IN */ -- set_field(&itd->transact[i], ret, ITD_XACT_LENGTH); -- } -- } else { -+ if (ret < 0) { - switch (ret) { - default: - fprintf(stderr, "Unexpected iso usb result: %d\n", ret); -@@ -1523,6 +1482,19 @@ static int ehci_process_itd(EHCIState *ehci, - itd->transact[i] |= ITD_XACT_BABBLE; - ehci_record_interrupt(ehci, USBSTS_ERRINT); - break; -+ case USB_RET_NAK: -+ /* no data for us, so do a zero-length transfer */ -+ ret = 0; -+ break; -+ } -+ } -+ if (ret >= 0) { -+ if (!dir) { -+ /* OUT */ -+ set_field(&itd->transact[i], len - ret, ITD_XACT_LENGTH); -+ } else { -+ /* IN */ -+ set_field(&itd->transact[i], ret, ITD_XACT_LENGTH); - } - } - if (itd->transact[i] & ITD_XACT_IOC) { -@@ -2176,9 +2148,7 @@ static void ehci_frame_timer(void *opaque) - - for (i = 0; i < frames; i++) { - if ( !(ehci->usbsts & USBSTS_HALT)) { -- if (ehci->isoch_pause <= 0) { -- ehci->frindex += 8; -- } -+ ehci->frindex += 8; - - if (ehci->frindex > 0x00001fff) { - ehci->frindex = 0; --- -1.7.9.3 - diff --git a/0137-usb-return-BABBLE-rather-then-NAK-when-we-receive-to.patch b/0137-usb-return-BABBLE-rather-then-NAK-when-we-receive-to.patch deleted file mode 100644 index 3743d5e..0000000 --- a/0137-usb-return-BABBLE-rather-then-NAK-when-we-receive-to.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 9726556968aef62213b80bd4e351a4f7f721f941 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Thu, 1 Mar 2012 17:22:14 +0100 -Subject: [PATCH 137/140] usb: return BABBLE rather then NAK when we receive - too much data - -Signed-off-by: Hans de Goede ---- - usb-linux.c | 8 +++++++- - usb-redir.c | 4 ++-- - 2 files changed, 9 insertions(+), 3 deletions(-) - -diff --git a/usb-linux.c b/usb-linux.c -index ab4c693..b2d70f9 100644 ---- a/usb-linux.c -+++ b/usb-linux.c -@@ -390,6 +390,10 @@ static void async_complete(void *opaque) - p->result = USB_RET_STALL; - break; - -+ case -EOVERFLOW: -+ p->result = USB_RET_BABBLE; -+ break; -+ - default: - p->result = USB_RET_NAK; - break; -@@ -718,6 +722,8 @@ static int urb_status_to_usb_ret(int status) - switch (status) { - case -EPIPE: - return USB_RET_STALL; -+ case -EOVERFLOW: -+ return USB_RET_BABBLE; - default: - return USB_RET_NAK; - } -@@ -755,7 +761,7 @@ static int usb_host_handle_iso_data(USBHostDevice *s, USBPacket *p, int in) - } else if (aurb[i].urb.iso_frame_desc[j].actual_length - > p->iov.size) { - printf("husb: received iso data is larger then packet\n"); -- len = USB_RET_NAK; -+ len = USB_RET_BABBLE; - /* All good copy data over */ - } else { - len = aurb[i].urb.iso_frame_desc[j].actual_length; -diff --git a/usb-redir.c b/usb-redir.c -index 629c87d..61860ef 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -457,7 +457,7 @@ static int usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p, - ERROR("received iso data is larger then packet ep %02X (%d > %d)\n", - ep, len, (int)p->iov.size); - bufp_free(dev, isop, ep); -- return USB_RET_NAK; -+ return USB_RET_BABBLE; - } - usb_packet_copy(p, isop->data, len); - bufp_free(dev, isop, ep); -@@ -576,7 +576,7 @@ static int usbredir_handle_interrupt_data(USBRedirDevice *dev, - if (len > p->iov.size) { - ERROR("received int data is larger then packet ep %02X\n", ep); - bufp_free(dev, intp, ep); -- return USB_RET_NAK; -+ return USB_RET_BABBLE; - } - usb_packet_copy(p, intp->data, len); - bufp_free(dev, intp, ep); --- -1.7.9.3 - diff --git a/0138-usb-add-USB_RET_IOERROR.patch b/0138-usb-add-USB_RET_IOERROR.patch deleted file mode 100644 index 0ed82a7..0000000 --- a/0138-usb-add-USB_RET_IOERROR.patch +++ /dev/null @@ -1,167 +0,0 @@ -From 2a6bbdddc2aca6af038c42054c3d3a7b09e5ac3a Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Fri, 2 Mar 2012 00:26:23 +0100 -Subject: [PATCH 138/140] usb: add USB_RET_IOERROR - -We already have USB_RET_NAK, but that means that a device does not want -to send/receive right now. But with host / network redirection we can -actually have a transaction fail due to some io error, rather then ie -the device just not having any data atm. - -This patch adds a new error code named USB_RET_IOERROR for this, and uses -it were appropriate. - -Notes: --Currently all usb-controllers handle this the same as NODEV, but that - may change in the future, OHCI could indicate a CRC error instead for example. --This patch does not touch hw/usb-musb.c, that is because the code in there - handles STALL and NAK specially and has a if status < 0 generic catch all - for all other errors - -Signed-off-by: Hans de Goede ---- - hw/usb-ehci.c | 2 ++ - hw/usb-ohci.c | 2 ++ - hw/usb-uhci.c | 1 + - hw/usb.h | 11 ++++++----- - usb-linux.c | 4 ++-- - usb-redir.c | 9 ++++++--- - 6 files changed, 19 insertions(+), 10 deletions(-) - -diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c -index 72c3f2a..ba1b9da 100644 ---- a/hw/usb-ehci.c -+++ b/hw/usb-ehci.c -@@ -1275,6 +1275,7 @@ static void ehci_execute_complete(EHCIQueue *q) - - if (q->usb_status < 0) { - switch(q->usb_status) { -+ case USB_RET_IOERROR: - case USB_RET_NODEV: - q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_XACTERR); - set_field(&q->qh.token, 0, QTD_TOKEN_CERR); -@@ -1471,6 +1472,7 @@ static int ehci_process_itd(EHCIState *ehci, - default: - fprintf(stderr, "Unexpected iso usb result: %d\n", ret); - /* Fall through */ -+ case USB_RET_IOERROR: - case USB_RET_NODEV: - /* 3.3.2: XACTERR is only allowed on IN transactions */ - if (dir) { -diff --git a/hw/usb-ohci.c b/hw/usb-ohci.c -index c2981c5..d805497 100644 ---- a/hw/usb-ohci.c -+++ b/hw/usb-ohci.c -@@ -828,6 +828,7 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed, - OHCI_CC_DATAUNDERRUN); - } else { - switch (ret) { -+ case USB_RET_IOERROR: - case USB_RET_NODEV: - OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC, - OHCI_CC_DEVICENOTRESPONDING); -@@ -1051,6 +1052,7 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed) - OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DATAUNDERRUN); - } else { - switch (ret) { -+ case USB_RET_IOERROR: - case USB_RET_NODEV: - OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DEVICENOTRESPONDING); - case USB_RET_NAK: -diff --git a/hw/usb-uhci.c b/hw/usb-uhci.c -index f9e3ea5..a994943 100644 ---- a/hw/usb-uhci.c -+++ b/hw/usb-uhci.c -@@ -751,6 +751,7 @@ out: - break; - return 1; - -+ case USB_RET_IOERROR: - case USB_RET_NODEV: - default: - break; -diff --git a/hw/usb.h b/hw/usb.h -index c6e1870..4010e12 100644 ---- a/hw/usb.h -+++ b/hw/usb.h -@@ -41,11 +41,12 @@ - #define USB_MSG_DETACH 0x101 - #define USB_MSG_RESET 0x102 - --#define USB_RET_NODEV (-1) --#define USB_RET_NAK (-2) --#define USB_RET_STALL (-3) --#define USB_RET_BABBLE (-4) --#define USB_RET_ASYNC (-5) -+#define USB_RET_NODEV (-1) -+#define USB_RET_NAK (-2) -+#define USB_RET_STALL (-3) -+#define USB_RET_BABBLE (-4) -+#define USB_RET_IOERROR (-5) -+#define USB_RET_ASYNC (-6) - - #define USB_SPEED_LOW 0 - #define USB_SPEED_FULL 1 -diff --git a/usb-linux.c b/usb-linux.c -index b2d70f9..9f13d1e 100644 ---- a/usb-linux.c -+++ b/usb-linux.c -@@ -395,7 +395,7 @@ static void async_complete(void *opaque) - break; - - default: -- p->result = USB_RET_NAK; -+ p->result = USB_RET_IOERROR; - break; - } - -@@ -725,7 +725,7 @@ static int urb_status_to_usb_ret(int status) - case -EOVERFLOW: - return USB_RET_BABBLE; - default: -- return USB_RET_NAK; -+ return USB_RET_IOERROR; - } - } - -diff --git a/usb-redir.c b/usb-redir.c -index 61860ef..f64443e 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -441,7 +441,7 @@ static int usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p, - /* Check iso_error for stream errors, otherwise its an underrun */ - status = dev->endpoint[EP2I(ep)].iso_error; - dev->endpoint[EP2I(ep)].iso_error = 0; -- return status ? USB_RET_NAK : 0; -+ return status ? USB_RET_IOERROR : 0; - } - DPRINTF2("iso-token-in ep %02X status %d len %d queue-size: %d\n", ep, - isop->status, isop->len, dev->endpoint[EP2I(ep)].bufpq_size); -@@ -449,7 +449,7 @@ static int usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p, - status = isop->status; - if (status != usb_redir_success) { - bufp_free(dev, isop, ep); -- return USB_RET_NAK; -+ return USB_RET_IOERROR; - } - - len = isop->len; -@@ -1045,11 +1045,14 @@ static int usbredir_handle_status(USBRedirDevice *dev, - return USB_RET_STALL; - case usb_redir_cancelled: - WARNING("returning cancelled packet to HC?\n"); -+ return USB_RET_NAK; - case usb_redir_inval: -+ WARNING("got invalid param error from usb-host?\n"); -+ return USB_RET_NAK; - case usb_redir_ioerror: - case usb_redir_timeout: - default: -- return USB_RET_NAK; -+ return USB_RET_IOERROR; - } - } - --- -1.7.9.3 - diff --git a/0139-usb-ehci-fix-reset.patch b/0139-usb-ehci-fix-reset.patch deleted file mode 100644 index d9e6ac1..0000000 --- a/0139-usb-ehci-fix-reset.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 21946e621f14553b72cde7fae221ae390a427eac Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Thu, 23 Feb 2012 13:24:00 +0000 -Subject: [PATCH 139/140] usb-ehci: fix reset - -Two reset fixes: - * pick up s->usbcmd value after ehci_reset call to make sure it - keeps the reset value and doesn't get rubbish filled in when - val is written back to the mmio register array later on. - * make sure the frame timer is zapped on reset. - -Signed-off-by: Gerd Hoffmann ---- - hw/usb-ehci.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c -index ba1b9da..ad0f6e1 100644 ---- a/hw/usb-ehci.c -+++ b/hw/usb-ehci.c -@@ -900,6 +900,7 @@ static void ehci_reset(void *opaque) - } - ehci_queues_rip_all(s, 0); - ehci_queues_rip_all(s, 1); -+ qemu_del_timer(s->frame_timer); - } - - static uint32_t ehci_mem_readb(void *ptr, target_phys_addr_t addr) -@@ -1059,7 +1060,7 @@ static void ehci_mem_writel(void *ptr, target_phys_addr_t addr, uint32_t val) - - if (val & USBCMD_HCRESET) { - ehci_reset(s); -- val &= ~USBCMD_HCRESET; -+ val = s->usbcmd; - } - - /* not supporting dynamic frame list size at the moment */ --- -1.7.9.3 - diff --git a/0140-usb-ehci-sanity-check-iso-xfers.patch b/0140-usb-ehci-sanity-check-iso-xfers.patch deleted file mode 100644 index 1305f51..0000000 --- a/0140-usb-ehci-sanity-check-iso-xfers.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 985b7cfbd45960bb74a13ad8044765a8e35f2251 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Sun, 4 Mar 2012 12:41:11 +0100 -Subject: [PATCH 140/140] usb-ehci: sanity-check iso xfers - -This patch adds a sanity check to itd processing to make sure the -endpoint addressed by the guest is actually an iso endpoint. Also -verify that usb drivers don't return USB_RET_ASYNC which is illegal for -iso xfers. - -Signed-off-by: Gerd Hoffmann -(Cherry picked from: aa0568ff2559d7717f4684af6a83d0bd1a125f56) - -[qemu-kvm-1.0: we don't track ep types on RHEL-6 like we do upstream, so we -cannot check if an itd is pointing to a non iso ep in advance, but we do still -need to make sure that we never handle an iso xfer async. So check if the -device does want to handle it async, and if so cancel the xfer and treat it as -a NAK, like upstream does when the ep type check fails.] - -Signed-off-by: Hans de Goede ---- - hw/usb-ehci.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c -index ad0f6e1..b5d7037 100644 ---- a/hw/usb-ehci.c -+++ b/hw/usb-ehci.c -@@ -1485,6 +1485,10 @@ static int ehci_process_itd(EHCIState *ehci, - itd->transact[i] |= ITD_XACT_BABBLE; - ehci_record_interrupt(ehci, USBSTS_ERRINT); - break; -+ case USB_RET_ASYNC: -+ /* ISO endpoints are never ASYNC, not an iso endpoint? */ -+ usb_cancel_packet(&ehci->ipacket); -+ /* Treat this as a NAK (fall through) */ - case USB_RET_NAK: - /* no data for us, so do a zero-length transfer */ - ret = 0; --- -1.7.9.3 - diff --git a/0141-usb-ehci-frindex-always-is-a-14-bits-counter.patch b/0141-usb-ehci-frindex-always-is-a-14-bits-counter.patch deleted file mode 100644 index 4481332..0000000 --- a/0141-usb-ehci-frindex-always-is-a-14-bits-counter.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 9d604ddc4770f8f25de148e9b35687817a5d4110 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Wed, 28 Mar 2012 20:31:32 +0200 -Subject: [PATCH 141/146] usb-ehci: frindex always is a 14 bits counter - -frindex always is a 14 bits counter, and not a 13 bits one as we were -emulating. There are some subtle hints to this in the spec, first of all -"Table 2-12. FRINDEX - Frame Index Register" says: -"Bit 13:0 Frame Index. The value in this register increments at the end of -each time frame (e.g. micro-frame). Bits [N:3] are used for the Frame List -current index. This means that each location of the frame list is accessed -8 times (frames or micro-frames) before moving to the next index. The -following illustrates values of N based on the value of the Frame List -Size field in the USBCMD register. - -USBCMD[Frame List Size] Number Elements N -00b 1024 12 -01b 512 11 -10b 256 10 -11b Reserved" - -Notice how the text talks about "Bits [N:3]" are used ..., it does -NOT say that when N == 12 (our case) the counter will wrap from 8191 to 0, -or in otherwords that it is a 13 bits counter (bits 0 - 12). - -The other hint is in "Table 2-10. USBSTS USB Status Register Bit Definitions": - -"Bit 3 Frame List Rollover - R/WC. The Host Controller sets this bit to a one -when the Frame List Index (see Section 2.3.4) rolls over from its maximum value -to zero. The exact value at which the rollover occurs depends on the frame -list size. For example, if the frame list size (as programmed in the Frame -List Size field of the USBCMD register) is 1024, the Frame Index Register -rolls over every time FRINDEX[13] toggles. Similarly, if the size is 512, -the Host Controller sets this bit to a one every time FRINDEX[12] toggles." - -Notice how this text talks about setting bit 3 when bit 13 of frindex toggles -(when there are 1024 entries, so our case), so this indicates that frindex -has a bit 13 making it a 14 bit counter. - -Besides these clear hints the real proof is in the pudding. Before this -patch I could not stream data from a USB2 webcam under Windows XP, after -this cam using a USB2 webcam under Windows XP works fine, and no regressions -with other operating systems were seen. - -Signed-off-by: Hans de Goede ---- - hw/usb-ehci.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c -index b5d7037..3934bf0 100644 ---- a/hw/usb-ehci.c -+++ b/hw/usb-ehci.c -@@ -2157,11 +2157,15 @@ static void ehci_frame_timer(void *opaque) - if ( !(ehci->usbsts & USBSTS_HALT)) { - ehci->frindex += 8; - -- if (ehci->frindex > 0x00001fff) { -- ehci->frindex = 0; -+ if (ehci->frindex == 0x00002000) { - ehci_set_interrupt(ehci, USBSTS_FLR); - } - -+ if (ehci->frindex == 0x00004000) { -+ ehci_set_interrupt(ehci, USBSTS_FLR); -+ ehci->frindex = 0; -+ } -+ - ehci->sofv = (ehci->frindex - 1) >> 3; - ehci->sofv &= 0x000003ff; - } --- -1.7.9.3 - diff --git a/0142-usb-ehci-Drop-unused-sofv-value.patch b/0142-usb-ehci-Drop-unused-sofv-value.patch deleted file mode 100644 index d2cf3bf..0000000 --- a/0142-usb-ehci-Drop-unused-sofv-value.patch +++ /dev/null @@ -1,49 +0,0 @@ -From ef3477db39f2eb38610b7e99a4a4f4d8ddb903df Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Thu, 29 Mar 2012 16:37:34 +0200 -Subject: [PATCH 142/146] usb-ehci: Drop unused sofv value - -The sofv value only ever gets a value assigned and is never used (read) -anywhere, so we can just drop it. - -Signed-off-by: Hans de Goede ---- - hw/usb-ehci.c | 8 -------- - 1 file changed, 8 deletions(-) - -diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c -index 3934bf0..ff69587 100644 ---- a/hw/usb-ehci.c -+++ b/hw/usb-ehci.c -@@ -403,7 +403,6 @@ struct EHCIState { - /* - * Internal states, shadow registers, etc - */ -- uint32_t sofv; - QEMUTimer *frame_timer; - int attach_poll_counter; - int astate; // Current state in asynchronous schedule -@@ -1082,10 +1081,6 @@ static void ehci_mem_writel(void *ptr, target_phys_addr_t addr, uint32_t val) - val &= USBINTR_MASK; - break; - -- case FRINDEX: -- s->sofv = val >> 3; -- break; -- - case CONFIGFLAG: - val &= 0x1; - if (val) { -@@ -2165,9 +2160,6 @@ static void ehci_frame_timer(void *opaque) - ehci_set_interrupt(ehci, USBSTS_FLR); - ehci->frindex = 0; - } -- -- ehci->sofv = (ehci->frindex - 1) >> 3; -- ehci->sofv &= 0x000003ff; - } - - if (frames - i > ehci->maxframes) { --- -1.7.9.3 - diff --git a/0143-usb-redir-Notify-our-peer-when-we-reject-a-device-du.patch b/0143-usb-redir-Notify-our-peer-when-we-reject-a-device-du.patch deleted file mode 100644 index 1bf631a..0000000 --- a/0143-usb-redir-Notify-our-peer-when-we-reject-a-device-du.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 89c9752afa77c6936ab9839d8fb1ce42147086b2 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Thu, 29 Mar 2012 16:41:23 +0200 -Subject: [PATCH 143/146] usb-redir: Notify our peer when we reject a device - due to a speed mismatch - -Also cleanup (reset) our device state when we reject a device due to a -speed mismatch. - -Signed-off-by: Hans de Goede ---- - usb-redir.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/usb-redir.c b/usb-redir.c -index f64443e..8ee3f07 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -845,7 +845,13 @@ static void usbredir_do_attach(void *opaque) - { - USBRedirDevice *dev = opaque; - -- usb_device_attach(&dev->dev); -+ if (usb_device_attach(&dev->dev) != 0) { -+ usbredir_device_disconnect(dev); -+ if (usbredirparser_peer_has_cap(dev->parser, usb_redir_cap_filter)) { -+ usbredirparser_send_filter_reject(dev->parser); -+ usbredirparser_do_write(dev->parser); -+ } -+ } - } - - /* --- -1.7.9.3 - diff --git a/0144-usb-redir-An-interface-count-of-0-is-a-valid-value.patch b/0144-usb-redir-An-interface-count-of-0-is-a-valid-value.patch deleted file mode 100644 index f654331..0000000 --- a/0144-usb-redir-An-interface-count-of-0-is-a-valid-value.patch +++ /dev/null @@ -1,47 +0,0 @@ -From c6b10d4d87d8158c1b0bd8648491db8501dff784 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Sat, 31 Mar 2012 13:07:24 +0200 -Subject: [PATCH 144/146] usb-redir: An interface count of 0 is a valid value - -An interface-count of 0 happens when a device is in unconfigured state when -it gets redirected. So we should not use 0 to detect not having received -interface info from our peer. - -Signed-off-by: Hans de Goede ---- - usb-redir.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/usb-redir.c b/usb-redir.c -index 8ee3f07..3187b68 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -39,6 +39,7 @@ - #include "hw/usb.h" - - #define MAX_ENDPOINTS 32 -+#define NO_INTERFACE_INFO 255 /* Valid interface_count always <= 32 */ - #define EP2I(ep_address) (((ep_address & 0x80) >> 3) | (ep_address & 0x0f)) - #define I2EP(i) (((i & 0x10) << 3) | (i & 0x0f)) - -@@ -995,7 +996,7 @@ static void usbredir_handle_destroy(USBDevice *udev) - - static int usbredir_check_filter(USBRedirDevice *dev) - { -- if (dev->interface_info.interface_count == 0) { -+ if (dev->interface_info.interface_count == NO_INTERFACE_INFO) { - ERROR("No interface info for device\n"); - goto error; - } -@@ -1158,7 +1159,7 @@ static void usbredir_device_disconnect(void *priv) - for (i = 0; i < MAX_ENDPOINTS; i++) { - QTAILQ_INIT(&dev->endpoint[i].bufpq); - } -- dev->interface_info.interface_count = 0; -+ dev->interface_info.interface_count = NO_INTERFACE_INFO; - } - - static void usbredir_interface_info(void *priv, --- -1.7.9.3 - diff --git a/0145-usb-redir-Reset-device-address-and-speed-on-disconne.patch b/0145-usb-redir-Reset-device-address-and-speed-on-disconne.patch deleted file mode 100644 index b0c7c81..0000000 --- a/0145-usb-redir-Reset-device-address-and-speed-on-disconne.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 442d81d00308b0145307b175a1910c7443184a3f Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Sat, 31 Mar 2012 13:12:09 +0200 -Subject: [PATCH 145/146] usb-redir: Reset device address and speed on - disconnect - -Without this disconnected devices look like the last redirected device -in the monitor in "info usb". - -Signed-off-by: Hans de Goede ---- - usb-redir.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/usb-redir.c b/usb-redir.c -index 3187b68..1a9d766 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -1160,6 +1160,8 @@ static void usbredir_device_disconnect(void *priv) - QTAILQ_INIT(&dev->endpoint[i].bufpq); - } - dev->interface_info.interface_count = NO_INTERFACE_INFO; -+ dev->dev.addr = 0; -+ dev->dev.speed = 0; - } - - static void usbredir_interface_info(void *priv, --- -1.7.9.3 - diff --git a/0146-usb-redir-Not-finding-an-async-urb-id-is-not-an-erro.patch b/0146-usb-redir-Not-finding-an-async-urb-id-is-not-an-erro.patch deleted file mode 100644 index dcb1a9a..0000000 --- a/0146-usb-redir-Not-finding-an-async-urb-id-is-not-an-erro.patch +++ /dev/null @@ -1,31 +0,0 @@ -From b467871a6a08b8ff12382e33e49f991fe02f3cc7 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Sat, 31 Mar 2012 13:17:13 +0200 -Subject: [PATCH 146/146] usb-redir: Not finding an async urb id is not an - error - -We clear our pending async urb list on device disconnect and we may still -receive "packet complete" packets from our peer after this, which will then -refer to packet ids no longer in our list. - -Signed-off-by: Hans de Goede ---- - usb-redir.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/usb-redir.c b/usb-redir.c -index 1a9d766..a41c231 100644 ---- a/usb-redir.c -+++ b/usb-redir.c -@@ -286,7 +286,7 @@ static AsyncURB *async_find(USBRedirDevice *dev, uint32_t packet_id) - return aurb; - } - } -- ERROR("could not find async urb for packet_id %u\n", packet_id); -+ DPRINTF("could not find async urb for packet_id %u\n", packet_id); - return NULL; - } - --- -1.7.9.3 - diff --git a/0147-usb-ehci-Ensure-frindex-writes-leave-a-valid-frindex.patch b/0147-usb-ehci-Ensure-frindex-writes-leave-a-valid-frindex.patch deleted file mode 100644 index af7a55c..0000000 --- a/0147-usb-ehci-Ensure-frindex-writes-leave-a-valid-frindex.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 4c245e5ecbc7d5c30c8e8bb4bfcd18c79fafddfe Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Tue, 3 Apr 2012 14:04:31 +0200 -Subject: [PATCH 147/181] usb-ehci: Ensure frindex writes leave a valid - frindex value - -frindex is a 14 bits counter, so bits 31-14 should always be 0, and -after the commit titled "usb-ehci: frindex always is a 14 bits counter" -we rely on frindex always being a multiple of 8. I've not seen this in -practice, but theoretically a guest can write a value >= 0x4000 or a value -which is not a multiple of 8 value to frindex, this patch ensures that -things will still work when that happens. - -Signed-off-by: Hans de Goede ---- - hw/usb-ehci.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c -index ff69587..16e6053 100644 ---- a/hw/usb-ehci.c -+++ b/hw/usb-ehci.c -@@ -1081,6 +1081,10 @@ static void ehci_mem_writel(void *ptr, target_phys_addr_t addr, uint32_t val) - val &= USBINTR_MASK; - break; - -+ case FRINDEX: -+ val &= 0x00003ff8; /* frindex is 14bits and always a multiple of 8 */ -+ break; -+ - case CONFIGFLAG: - val &= 0x1; - if (val) { --- -1.7.10 - diff --git a/0201-usb-redir-Correctly-handle-the-usb_redir_babble-usbr.patch b/0201-usb-redir-Correctly-handle-the-usb_redir_babble-usbr.patch new file mode 100644 index 0000000..7273c25 --- /dev/null +++ b/0201-usb-redir-Correctly-handle-the-usb_redir_babble-usbr.patch @@ -0,0 +1,27 @@ +From 1271c4b3437a8bcf9b35ae8ed03be3dc758fe756 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Fri, 22 Jun 2012 09:43:08 +0200 +Subject: [PATCH] usb-redir: Correctly handle the usb_redir_babble usbredir + status + +Signed-off-by: Hans de Goede +--- + hw/usb/redirect.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c +index 5f55d78..c6358c0 100644 +--- a/hw/usb/redirect.c ++++ b/hw/usb/redirect.c +@@ -1058,6 +1058,8 @@ static int usbredir_handle_status(USBRedirDevice *dev, + case usb_redir_inval: + WARNING("got invalid param error from usb-host?\n"); + return USB_RET_NAK; ++ case usb_redir_babble: ++ return USB_RET_BABBLE; + case usb_redir_ioerror: + case usb_redir_timeout: + default: +-- +1.7.10.4 + diff --git a/0401-qxl-Slot-sanity-check-in-qxl_phys2virt-is-off-by-one.patch b/0401-qxl-Slot-sanity-check-in-qxl_phys2virt-is-off-by-one.patch deleted file mode 100644 index df4ed85..0000000 --- a/0401-qxl-Slot-sanity-check-in-qxl_phys2virt-is-off-by-one.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 8858b6d0dac346d9f841cfa84f57cb03bffdf050 Mon Sep 17 00:00:00 2001 -From: Markus Armbruster -Date: Fri, 4 Nov 2011 10:34:24 +0100 -Subject: [PATCH 401/434] qxl: Slot sanity check in qxl_phys2virt() is off by - one, fix - -Spotted by Coverity. - -Signed-off-by: Markus Armbruster -Signed-off-by: Gerd Hoffmann ---- - hw/qxl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/qxl.c b/hw/qxl.c -index 41500e9..e0f9d4a 100644 ---- a/hw/qxl.c -+++ b/hw/qxl.c -@@ -1020,7 +1020,7 @@ void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id) - case MEMSLOT_GROUP_HOST: - return (void*)offset; - case MEMSLOT_GROUP_GUEST: -- PANIC_ON(slot > NUM_MEMSLOTS); -+ PANIC_ON(slot >= NUM_MEMSLOTS); - PANIC_ON(!qxl->guest_slots[slot].active); - PANIC_ON(offset < qxl->guest_slots[slot].delta); - offset -= qxl->guest_slots[slot].delta; --- -1.7.10 - diff --git a/0402-input-send-kbd-mouse-events-only-to-running-guests.patch b/0402-input-send-kbd-mouse-events-only-to-running-guests.patch deleted file mode 100644 index ba35d9b..0000000 --- a/0402-input-send-kbd-mouse-events-only-to-running-guests.patch +++ /dev/null @@ -1,45 +0,0 @@ -From f87b93c3944652f90e2c0010da6ee8c182382369 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Wed, 15 Feb 2012 09:15:37 +0100 -Subject: [PATCH 402/434] input: send kbd+mouse events only to running guests. - -Trying to interact with a stopped guest will queue up the events, -then send them all at once when the guest continues running, with -a high chance to have them cause unwanted actions. - -Avoid that by only injecting the input events only when the guest -is in running state. - -Signed-off-by: Gerd Hoffmann -Signed-off-by: Anthony Liguori ---- - input.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/input.c b/input.c -index 9ade63f..b48408d 100644 ---- a/input.c -+++ b/input.c -@@ -130,6 +130,9 @@ void qemu_remove_led_event_handler(QEMUPutLEDEntry *entry) - - void kbd_put_keycode(int keycode) - { -+ if (!runstate_is_running()) { -+ return; -+ } - if (qemu_put_kbd_event) { - qemu_put_kbd_event(qemu_put_kbd_event_opaque, keycode); - } -@@ -151,6 +154,9 @@ void kbd_mouse_event(int dx, int dy, int dz, int buttons_state) - void *mouse_event_opaque; - int width, height; - -+ if (!runstate_is_running()) { -+ return; -+ } - if (QTAILQ_EMPTY(&mouse_handlers)) { - return; - } --- -1.7.10 - diff --git a/0403-qxl-fix-warnings-on-32bit.patch b/0403-qxl-fix-warnings-on-32bit.patch deleted file mode 100644 index c358780..0000000 --- a/0403-qxl-fix-warnings-on-32bit.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 3b36dd31d54b24e02493fdd86269ba5286086c98 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Wed, 8 Feb 2012 15:58:35 +0100 -Subject: [PATCH 403/434] qxl: fix warnings on 32bit - -Signed-off-by: Gerd Hoffmann ---- - hw/qxl.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/hw/qxl.c b/hw/qxl.c -index e0f9d4a..4fd5e4e 100644 ---- a/hw/qxl.c -+++ b/hw/qxl.c -@@ -628,7 +628,7 @@ static void interface_release_resource(QXLInstance *sin, - - if (ext.group_id == MEMSLOT_GROUP_HOST) { - /* host group -> vga mode update request */ -- qemu_spice_destroy_update(&qxl->ssd, (void*)ext.info->id); -+ qemu_spice_destroy_update(&qxl->ssd, (void *)(intptr_t)ext.info->id); - return; - } - -@@ -751,7 +751,8 @@ static void interface_async_complete(QXLInstance *sin, uint64_t cookie) - qxl->current_async = QXL_UNDEFINED_IO; - qemu_mutex_unlock(&qxl->async_lock); - -- dprint(qxl, 2, "async_complete: %d (%ld) done\n", current_async, cookie); -+ dprint(qxl, 2, "async_complete: %d (%" PRId64 ") done\n", -+ current_async, cookie); - switch (current_async) { - case QXL_IO_CREATE_PRIMARY_ASYNC: - qxl_create_guest_primary_complete(qxl); -@@ -1018,7 +1019,7 @@ void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id) - - switch (group_id) { - case MEMSLOT_GROUP_HOST: -- return (void*)offset; -+ return (void *)(intptr_t)offset; - case MEMSLOT_GROUP_GUEST: - PANIC_ON(slot >= NUM_MEMSLOTS); - PANIC_ON(!qxl->guest_slots[slot].active); --- -1.7.10 - diff --git a/0404-qxl-don-t-render-stuff-when-the-vm-is-stopped.patch b/0404-qxl-don-t-render-stuff-when-the-vm-is-stopped.patch deleted file mode 100644 index 24722a4..0000000 --- a/0404-qxl-don-t-render-stuff-when-the-vm-is-stopped.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 29fdb0f3a401e5590e465a0cc37d82383f3d5f07 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Wed, 15 Feb 2012 14:04:44 +0100 -Subject: [PATCH 404/434] qxl: don't render stuff when the vm is stopped. - -This patch fixes the local qxl renderer to not kick spice-server -in case the vm is stopped. First it is largely pointless because -we ask spice-server to process all not-yet processed commands when -the vm is stopped, so there isn't much do do anyway. Second we -avoid triggering an assert in spice-server. - -The patch makes sure we still honor redraw requests, even if we don't -ask spice-server for updates. This is needed to handle displaysurface -changes with a stopped vm correctly. - -With this patch applied it is possible to take screen shots (via -screendump monitor command) from a qxl gpu even in case the guest -is stopped. - -Signed-off-by: Gerd Hoffmann ---- - hw/qxl-render.c | 12 +++++------- - 1 file changed, 5 insertions(+), 7 deletions(-) - -diff --git a/hw/qxl-render.c b/hw/qxl-render.c -index 2c51ba9..a7891b2 100644 ---- a/hw/qxl-render.c -+++ b/hw/qxl-render.c -@@ -121,19 +121,17 @@ void qxl_render_update(PCIQXLDevice *qxl) - dpy_resize(vga->ds); - } - -- if (!qxl->guest_primary.commands) { -- return; -- } -- qxl->guest_primary.commands = 0; -- - update.left = 0; - update.right = qxl->guest_primary.surface.width; - update.top = 0; - update.bottom = qxl->guest_primary.surface.height; - - memset(dirty, 0, sizeof(dirty)); -- qxl_spice_update_area(qxl, 0, &update, -- dirty, ARRAY_SIZE(dirty), 1, QXL_SYNC); -+ if (runstate_is_running() && qxl->guest_primary.commands) { -+ qxl->guest_primary.commands = 0; -+ qxl_spice_update_area(qxl, 0, &update, -+ dirty, ARRAY_SIZE(dirty), 1, QXL_SYNC); -+ } - if (redraw) { - memset(dirty, 0, sizeof(dirty)); - dirty[0] = update; --- -1.7.10 - diff --git a/0405-qxl-set-only-off-screen-surfaces-dirty-instead-of-th.patch b/0405-qxl-set-only-off-screen-surfaces-dirty-instead-of-th.patch deleted file mode 100644 index 8c642a0..0000000 --- a/0405-qxl-set-only-off-screen-surfaces-dirty-instead-of-th.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 0386bf2be16745ce87f35ce65153ef4e11f93b22 Mon Sep 17 00:00:00 2001 -From: Yonit Halperin -Date: Wed, 15 Feb 2012 11:22:15 +0200 -Subject: [PATCH 405/434] qxl: set only off-screen surfaces dirty instead of - the whole vram - -We used to assure the guest surfaces were saved before migration by -setting the whole vram dirty. This patch sets dirty only the areas -that are actually used in the vram. - -Signed-off-by: Yonit Halperin -Signed-off-by: Gerd Hoffmann ---- - hw/qxl.c | 53 ++++++++++++++++++++++++++++++++++++++++++++--------- - 1 file changed, 44 insertions(+), 9 deletions(-) - -diff --git a/hw/qxl.c b/hw/qxl.c -index 4fd5e4e..3d9b1b3 100644 ---- a/hw/qxl.c -+++ b/hw/qxl.c -@@ -1010,7 +1010,7 @@ static void qxl_reset_surfaces(PCIQXLDevice *d) - qxl_spice_destroy_surfaces(d, QXL_SYNC); - } - --/* called from spice server thread context only */ -+/* can be also called from spice server thread context */ - void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id) - { - uint64_t phys = le64_to_cpu(pqxl); -@@ -1469,6 +1469,46 @@ static void qxl_hw_text_update(void *opaque, console_ch_t *chardata) - } - } - -+static void qxl_dirty_surfaces(PCIQXLDevice *qxl) -+{ -+ intptr_t vram_start; -+ int i; -+ -+ if (qxl->mode != QXL_MODE_NATIVE) { -+ return; -+ } -+ -+ /* dirty the primary surface */ -+ qxl_set_dirty(&qxl->vga.vram, qxl->shadow_rom.draw_area_offset, -+ qxl->shadow_rom.surface0_area_size); -+ -+ vram_start = (intptr_t)memory_region_get_ram_ptr(&qxl->vram_bar); -+ -+ /* dirty the off-screen surfaces */ -+ for (i = 0; i < NUM_SURFACES; i++) { -+ QXLSurfaceCmd *cmd; -+ intptr_t surface_offset; -+ int surface_size; -+ -+ if (qxl->guest_surfaces.cmds[i] == 0) { -+ continue; -+ } -+ -+ cmd = qxl_phys2virt(qxl, qxl->guest_surfaces.cmds[i], -+ MEMSLOT_GROUP_GUEST); -+ assert(cmd->type == QXL_SURFACE_CMD_CREATE); -+ surface_offset = (intptr_t)qxl_phys2virt(qxl, -+ cmd->u.surface_create.data, -+ MEMSLOT_GROUP_GUEST); -+ surface_offset -= vram_start; -+ surface_size = cmd->u.surface_create.height * -+ abs(cmd->u.surface_create.stride); -+ dprint(qxl, 3, "%s: dirty surface %d, offset %d, size %d\n", __func__, -+ i, (int)surface_offset, surface_size); -+ qxl_set_dirty(&qxl->vram_bar, surface_offset, surface_size); -+ } -+} -+ - static void qxl_vm_change_state_handler(void *opaque, int running, - RunState state) - { -@@ -1482,14 +1522,9 @@ static void qxl_vm_change_state_handler(void *opaque, int running, - * called - */ - qxl_update_irq(qxl); -- } else if (qxl->mode == QXL_MODE_NATIVE) { -- /* dirty all vram (which holds surfaces) and devram (primary surface) -- * to make sure they are saved */ -- /* FIXME #1: should go out during "live" stage */ -- /* FIXME #2: we only need to save the areas which are actually used */ -- qxl_set_dirty(&qxl->vram_bar, 0, qxl->vram_size); -- qxl_set_dirty(&qxl->vga.vram, qxl->shadow_rom.draw_area_offset, -- qxl->shadow_rom.surface0_area_size); -+ } else { -+ /* make sure surfaces are saved before migration */ -+ qxl_dirty_surfaces(qxl); - } - } - --- -1.7.10 - diff --git a/0406-qxl-make-sure-primary-surface-is-saved-on-migration-.patch b/0406-qxl-make-sure-primary-surface-is-saved-on-migration-.patch deleted file mode 100644 index b07d4b6..0000000 --- a/0406-qxl-make-sure-primary-surface-is-saved-on-migration-.patch +++ /dev/null @@ -1,30 +0,0 @@ -From ba922e5e6a5687f13def623e36bfb834ece2defc Mon Sep 17 00:00:00 2001 -From: Yonit Halperin -Date: Wed, 15 Feb 2012 11:22:16 +0200 -Subject: [PATCH 406/434] qxl: make sure primary surface is saved on migration - also in compat mode - -RHBZ #790083 - -Signed-off-by: Yonit Halperin -Signed-off-by: Gerd Hoffmann ---- - hw/qxl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/qxl.c b/hw/qxl.c -index 3d9b1b3..b910337 100644 ---- a/hw/qxl.c -+++ b/hw/qxl.c -@@ -1474,7 +1474,7 @@ static void qxl_dirty_surfaces(PCIQXLDevice *qxl) - intptr_t vram_start; - int i; - -- if (qxl->mode != QXL_MODE_NATIVE) { -+ if (qxl->mode != QXL_MODE_NATIVE && qxl->mode != QXL_MODE_COMPAT) { - return; - } - --- -1.7.10 - diff --git a/0407-Add-SPICE-support-to-add_client-monitor-command.patch b/0407-Add-SPICE-support-to-add_client-monitor-command.patch deleted file mode 100644 index 1ba56e5..0000000 --- a/0407-Add-SPICE-support-to-add_client-monitor-command.patch +++ /dev/null @@ -1,139 +0,0 @@ -From 9ada192cfea65a92a765c6a2f6b56a08f1b865df Mon Sep 17 00:00:00 2001 -From: "Daniel P. Berrange" -Date: Mon, 13 Feb 2012 13:43:08 +0000 -Subject: [PATCH 407/434] Add SPICE support to add_client monitor command - -With the acceptance of some new APIs to libspice-server.so it -is possible to add support for SPICE to the 'add_client' -monitor command, bringing parity with VNC. Since SPICE can -use TLS or plain connections, the command also gains a new -'tls' parameter to specify whether TLS should be attempted -on the injected client sockets. - -This new feature is only enabled if building against a -libspice-server >= 0.10.1 - -* qmp-commands.hx: Add 'tls' parameter & missing doc for - 'skipauth' parameter -* monitor.c: Wire up SPICE for 'add_client' command -* ui/qemu-spice.h, ui/spice-core.c: Add qemu_spice_display_add_client - API to wire up from monitor - -[1] http://cgit.freedesktop.org/spice/spice/commit/server/spice.h?id=d55b68b6b44f2499278fa860fb47ff22f5011faa - http://cgit.freedesktop.org/spice/spice/commit/server/spice.h?id=bd07dde530d9504e1cfe7ed5837fc00c26f36716 - -Changes in v3: - - Added 'optional' flag to new parameters documented - - Added no-op impl of qemu_spice_display_add_client when - SPICE is disabled during build - -Signed-off-by: Daniel P. Berrange -Signed-off-by: Gerd Hoffmann ---- - monitor.c | 9 +++++++-- - qmp-commands.hx | 6 ++++-- - ui/qemu-spice.h | 7 +++++++ - ui/spice-core.c | 13 +++++++++++++ - 4 files changed, 31 insertions(+), 4 deletions(-) - -diff --git a/monitor.c b/monitor.c -index a82fda3..3c23aa4 100644 ---- a/monitor.c -+++ b/monitor.c -@@ -998,13 +998,18 @@ static int add_graphics_client(Monitor *mon, const QDict *qdict, QObject **ret_d - CharDriverState *s; - - if (strcmp(protocol, "spice") == 0) { -+ int fd = monitor_get_fd(mon, fdname); -+ int skipauth = qdict_get_try_bool(qdict, "skipauth", 0); -+ int tls = qdict_get_try_bool(qdict, "tls", 0); - if (!using_spice) { - /* correct one? spice isn't a device ,,, */ - qerror_report(QERR_DEVICE_NOT_ACTIVE, "spice"); - return -1; - } -- qerror_report(QERR_ADD_CLIENT_FAILED); -- return -1; -+ if (qemu_spice_display_add_client(fd, skipauth, tls) < 0) { -+ close(fd); -+ } -+ return 0; - #ifdef CONFIG_VNC - } else if (strcmp(protocol, "vnc") == 0) { - int fd = monitor_get_fd(mon, fdname); -diff --git a/qmp-commands.hx b/qmp-commands.hx -index 97975a5..122b10d 100644 ---- a/qmp-commands.hx -+++ b/qmp-commands.hx -@@ -909,8 +909,8 @@ EQMP - - { - .name = "add_client", -- .args_type = "protocol:s,fdname:s,skipauth:b?", -- .params = "protocol fdname skipauth", -+ .args_type = "protocol:s,fdname:s,skipauth:b?,tls:b?", -+ .params = "protocol fdname skipauth tls", - .help = "add a graphics client", - .user_print = monitor_user_noop, - .mhandler.cmd_new = add_graphics_client, -@@ -926,6 +926,8 @@ Arguments: - - - "protocol": protocol name (json-string) - - "fdname": file descriptor name (json-string) -+- "skipauth": whether to skip authentication (json-bool, optional) -+- "tls": whether to perform TLS (json-bool, optional) - - Example: - -diff --git a/ui/qemu-spice.h b/ui/qemu-spice.h -index c35b29c..680206a 100644 ---- a/ui/qemu-spice.h -+++ b/ui/qemu-spice.h -@@ -33,6 +33,7 @@ void qemu_spice_init(void); - void qemu_spice_input_init(void); - void qemu_spice_audio_init(void); - void qemu_spice_display_init(DisplayState *ds); -+int qemu_spice_display_add_client(int csock, int skipauth, int tls); - int qemu_spice_add_interface(SpiceBaseInstance *sin); - int qemu_spice_set_passwd(const char *passwd, - bool fail_if_connected, bool disconnect_if_connected); -@@ -68,6 +69,12 @@ static inline int qemu_spice_migrate_info(const char *h, int p, int t, - return -1; - } - -+static inline int qemu_spice_display_add_client(int csock, int skipauth, -+ int tls) -+{ -+ return -1; -+} -+ - #endif /* CONFIG_SPICE */ - - #endif /* QEMU_SPICE_H */ -diff --git a/ui/spice-core.c b/ui/spice-core.c -index 5639c6f..d98863e 100644 ---- a/ui/spice-core.c -+++ b/ui/spice-core.c -@@ -747,6 +747,19 @@ int qemu_spice_set_pw_expire(time_t expires) - return qemu_spice_set_ticket(false, false); - } - -+int qemu_spice_display_add_client(int csock, int skipauth, int tls) -+{ -+#if SPICE_SERVER_VERSION >= 0x000a01 -+ if (tls) { -+ return spice_server_add_ssl_client(spice_server, csock, skipauth); -+ } else { -+ return spice_server_add_client(spice_server, csock, skipauth); -+ } -+#else -+ return -1; -+#endif -+} -+ - static void spice_register_config(void) - { - qemu_add_opts(&qemu_spice_opts); --- -1.7.10 - diff --git a/0408-spice-support-ipv6-channel-address-in-monitor-events.patch b/0408-spice-support-ipv6-channel-address-in-monitor-events.patch deleted file mode 100644 index 4709e09..0000000 --- a/0408-spice-support-ipv6-channel-address-in-monitor-events.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 6594551ebe427cae4298b038be02ddc9c335219f Mon Sep 17 00:00:00 2001 -From: Yonit Halperin -Date: Wed, 8 Feb 2012 15:40:15 +0200 -Subject: [PATCH 408/434] spice: support ipv6 channel address in monitor - events and in spice info - -RHBZ #788444 - -CC: Gerd Hoffmann - -Signed-off-by: Yonit Halperin -Signed-off-by: Gerd Hoffmann ---- - ui/spice-core.c | 37 ++++++++++++++++++++++++++++++++----- - 1 file changed, 32 insertions(+), 5 deletions(-) - -diff --git a/ui/spice-core.c b/ui/spice-core.c -index d98863e..27216e9 100644 ---- a/ui/spice-core.c -+++ b/ui/spice-core.c -@@ -220,10 +220,23 @@ static void channel_event(int event, SpiceChannelEventInfo *info) - } - - client = qdict_new(); -- add_addr_info(client, &info->paddr, info->plen); -- - server = qdict_new(); -- add_addr_info(server, &info->laddr, info->llen); -+ -+#ifdef SPICE_CHANNEL_EVENT_FLAG_ADDR_EXT -+ if (info->flags & SPICE_CHANNEL_EVENT_FLAG_ADDR_EXT) { -+ add_addr_info(client, (struct sockaddr *)&info->paddr_ext, -+ info->plen_ext); -+ add_addr_info(server, (struct sockaddr *)&info->laddr_ext, -+ info->llen_ext); -+ } else { -+ fprintf(stderr, "spice: %s, extended address is expected\n", -+ __func__); -+#endif -+ add_addr_info(client, &info->paddr, info->plen); -+ add_addr_info(server, &info->laddr, info->llen); -+#ifdef SPICE_CHANNEL_EVENT_FLAG_ADDR_EXT -+ } -+#endif - - if (event == SPICE_CHANNEL_EVENT_INITIALIZED) { - qdict_put(server, "auth", qstring_from_str(auth)); -@@ -376,16 +389,30 @@ static SpiceChannelList *qmp_query_spice_channels(void) - QTAILQ_FOREACH(item, &channel_list, link) { - SpiceChannelList *chan; - char host[NI_MAXHOST], port[NI_MAXSERV]; -+ struct sockaddr *paddr; -+ socklen_t plen; - - chan = g_malloc0(sizeof(*chan)); - chan->value = g_malloc0(sizeof(*chan->value)); - -- getnameinfo(&item->info->paddr, item->info->plen, -+#ifdef SPICE_CHANNEL_EVENT_FLAG_ADDR_EXT -+ if (item->info->flags & SPICE_CHANNEL_EVENT_FLAG_ADDR_EXT) { -+ paddr = (struct sockaddr *)&item->info->paddr_ext; -+ plen = item->info->plen_ext; -+ } else { -+#endif -+ paddr = &item->info->paddr; -+ plen = item->info->plen; -+#ifdef SPICE_CHANNEL_EVENT_FLAG_ADDR_EXT -+ } -+#endif -+ -+ getnameinfo(paddr, plen, - host, sizeof(host), port, sizeof(port), - NI_NUMERICHOST | NI_NUMERICSERV); - chan->value->host = g_strdup(host); - chan->value->port = g_strdup(port); -- chan->value->family = g_strdup(inet_strfamily(item->info->paddr.sa_family)); -+ chan->value->family = g_strdup(inet_strfamily(paddr->sa_family)); - - chan->value->connection_id = item->info->connection_id; - chan->value->channel_type = item->info->type; --- -1.7.10 - diff --git a/0409-qxl-drop-vram-bar-minimum-size.patch b/0409-qxl-drop-vram-bar-minimum-size.patch deleted file mode 100644 index f7a740d..0000000 --- a/0409-qxl-drop-vram-bar-minimum-size.patch +++ /dev/null @@ -1,30 +0,0 @@ -From f7656005900f3c07450303afa66151b6a1bb9599 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 17 Feb 2012 14:40:01 +0100 -Subject: [PATCH 409/434] qxl: drop vram bar minimum size - -There is no reason to require a minimum size of 16 MB for the vram. -Lower the limit to 4096 (one page). Make it disapper completely would -break guests. ---- - hw/qxl.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hw/qxl.c b/hw/qxl.c -index b910337..d71c94d 100644 ---- a/hw/qxl.c -+++ b/hw/qxl.c -@@ -1595,8 +1595,8 @@ static int qxl_init_common(PCIQXLDevice *qxl) - init_qxl_rom(qxl); - init_qxl_ram(qxl); - -- if (qxl->vram_size < 16 * 1024 * 1024) { -- qxl->vram_size = 16 * 1024 * 1024; -+ if (qxl->vram_size < 4096) { -+ qxl->vram_size = 4096; - } - if (qxl->revision == 1) { - qxl->vram_size = 4096; --- -1.7.10 - diff --git a/0410-qxl-move-ram-size-init-to-new-function.patch b/0410-qxl-move-ram-size-init-to-new-function.patch deleted file mode 100644 index 97b12cf..0000000 --- a/0410-qxl-move-ram-size-init-to-new-function.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 619c68418809149d56025e5b4e7a9828eef90ea8 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 17 Feb 2012 15:02:40 +0100 -Subject: [PATCH 410/434] qxl: move ram size init to new function - -Factor memory bar sizing bits out to a separate function. - -Signed-off-by: Gerd Hoffmann - -Conflicts: - - hw/qxl.c ---- - hw/qxl.c | 41 ++++++++++++++++++++++------------------- - 1 file changed, 22 insertions(+), 19 deletions(-) - -diff --git a/hw/qxl.c b/hw/qxl.c -index d71c94d..df8efbc 100644 ---- a/hw/qxl.c -+++ b/hw/qxl.c -@@ -1557,6 +1557,25 @@ static DisplayChangeListener display_listener = { - .dpy_refresh = display_refresh, - }; - -+static void qxl_init_ramsize(PCIQXLDevice *qxl, uint32_t ram_min_mb) -+{ -+ /* vga ram (bar 0) */ -+ if (qxl->vga.vram_size < ram_min_mb * 1024 * 1024) { -+ qxl->vga.vram_size = ram_min_mb * 1024 * 1024; -+ } -+ -+ /* vram (surfaces, bar 1) */ -+ if (qxl->vram_size < 4096) { -+ qxl->vram_size = 4096; -+ } -+ if (qxl->revision == 1) { -+ qxl->vram_size = 4096; -+ } -+ -+ qxl->vga.vram_size = msb_mask(qxl->vga.vram_size * 2 - 1); -+ qxl->vram_size = msb_mask(qxl->vram_size * 2 - 1); -+} -+ - static int qxl_init_common(PCIQXLDevice *qxl) - { - uint8_t* config = qxl->pci.config; -@@ -1595,13 +1614,6 @@ static int qxl_init_common(PCIQXLDevice *qxl) - init_qxl_rom(qxl); - init_qxl_ram(qxl); - -- if (qxl->vram_size < 4096) { -- qxl->vram_size = 4096; -- } -- if (qxl->revision == 1) { -- qxl->vram_size = 4096; -- } -- qxl->vram_size = msb_mask(qxl->vram_size * 2 - 1); - memory_region_init_ram(&qxl->vram_bar, &qxl->pci.qdev, "qxl.vram", - qxl->vram_size); - -@@ -1644,15 +1656,11 @@ static int qxl_init_primary(PCIDevice *dev) - { - PCIQXLDevice *qxl = DO_UPCAST(PCIQXLDevice, pci, dev); - VGACommonState *vga = &qxl->vga; -- ram_addr_t ram_size = msb_mask(qxl->vga.vram_size * 2 - 1); - PortioList *qxl_vga_port_list = g_new(PortioList, 1); - - qxl->id = 0; -- -- if (ram_size < 32 * 1024 * 1024) { -- ram_size = 32 * 1024 * 1024; -- } -- vga_common_init(vga, ram_size); -+ qxl_init_ramsize(qxl, 32); -+ vga_common_init(vga, qxl->vga.vram_size); - vga_init(vga, pci_address_space(dev), pci_address_space_io(dev), false); - portio_list_init(qxl_vga_port_list, qxl_vga_portio_list, vga, "vga"); - portio_list_add(qxl_vga_port_list, pci_address_space_io(dev), 0x3b0); -@@ -1671,14 +1679,9 @@ static int qxl_init_secondary(PCIDevice *dev) - { - static int device_id = 1; - PCIQXLDevice *qxl = DO_UPCAST(PCIQXLDevice, pci, dev); -- ram_addr_t ram_size = msb_mask(qxl->vga.vram_size * 2 - 1); - - qxl->id = device_id++; -- -- if (ram_size < 16 * 1024 * 1024) { -- ram_size = 16 * 1024 * 1024; -- } -- qxl->vga.vram_size = ram_size; -+ qxl_init_ramsize(qxl, 16); - memory_region_init_ram(&qxl->vga.vram, &qxl->pci.qdev, "qxl.vgavram", - qxl->vga.vram_size); - qxl->vga.vram_ptr = memory_region_get_ram_ptr(&qxl->vga.vram); --- -1.7.10 - diff --git a/0411-qxl-add-user-friendly-bar-size-properties.patch b/0411-qxl-add-user-friendly-bar-size-properties.patch deleted file mode 100644 index 30fae99..0000000 --- a/0411-qxl-add-user-friendly-bar-size-properties.patch +++ /dev/null @@ -1,63 +0,0 @@ -From eff66c7db18e9a3ef0b6ce5deb9a49b61090d809 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 17 Feb 2012 15:03:24 +0100 -Subject: [PATCH 411/434] qxl: add user-friendly bar size properties - -Add two properties to specify bar sizes in megabytes instead of bytes, -which is alot more user-friendly. - -Signed-off-by: Gerd Hoffmann ---- - hw/qxl.c | 8 ++++++++ - hw/qxl.h | 4 ++++ - 2 files changed, 12 insertions(+) - -diff --git a/hw/qxl.c b/hw/qxl.c -index df8efbc..c8839c3 100644 ---- a/hw/qxl.c -+++ b/hw/qxl.c -@@ -1560,11 +1560,17 @@ static DisplayChangeListener display_listener = { - static void qxl_init_ramsize(PCIQXLDevice *qxl, uint32_t ram_min_mb) - { - /* vga ram (bar 0) */ -+ if (qxl->ram_size_mb != -1) { -+ qxl->vga.vram_size = qxl->ram_size_mb * 1024 * 1024; -+ } - if (qxl->vga.vram_size < ram_min_mb * 1024 * 1024) { - qxl->vga.vram_size = ram_min_mb * 1024 * 1024; - } - - /* vram (surfaces, bar 1) */ -+ if (qxl->vram_size_mb != -1) { -+ qxl->vram_size = qxl->vram_size_mb * 1024 * 1024; -+ } - if (qxl->vram_size < 4096) { - qxl->vram_size = 4096; - } -@@ -1863,6 +1869,8 @@ static Property qxl_properties[] = { - DEFINE_PROP_UINT32("debug", PCIQXLDevice, debug, 0), - DEFINE_PROP_UINT32("guestdebug", PCIQXLDevice, guestdebug, 0), - DEFINE_PROP_UINT32("cmdlog", PCIQXLDevice, cmdlog, 0), -+ DEFINE_PROP_UINT32("ram_size_mb", PCIQXLDevice, ram_size_mb, -1), -+ DEFINE_PROP_UINT32("vram_size_mb", PCIQXLDevice, vram_size_mb, -1), - DEFINE_PROP_END_OF_LIST(), - }; - -diff --git a/hw/qxl.h b/hw/qxl.h -index 766aa6d..d062991 100644 ---- a/hw/qxl.h -+++ b/hw/qxl.h -@@ -89,6 +89,10 @@ typedef struct PCIQXLDevice { - - /* io bar */ - MemoryRegion io_bar; -+ -+ /* user-friendly properties (in megabytes) */ -+ uint32_t ram_size_mb; -+ uint32_t vram_size_mb; - } PCIQXLDevice; - - #define PANIC_ON(x) if ((x)) { \ --- -1.7.10 - diff --git a/0412-qxl-fix-spice-sdl-no-cursor-regression.patch b/0412-qxl-fix-spice-sdl-no-cursor-regression.patch deleted file mode 100644 index 6c4a6d7..0000000 --- a/0412-qxl-fix-spice-sdl-no-cursor-regression.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 1cae61c4d4fe994e5158d63d5f4fe9b52a7b8211 Mon Sep 17 00:00:00 2001 -From: Alon Levy -Date: Fri, 24 Feb 2012 23:19:25 +0200 -Subject: [PATCH 412/434] qxl: fix spice+sdl no cursor regression -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -regression introduced by 075360945860ad9bdd491921954b383bf762b0e5, - -v2: lock around qemu_spice_cursor_refresh_unlocked - -Reported-by: Fabiano Fidêncio -Signed-off-by: Alon Levy -Signed-off-by: Gerd Hoffmann ---- - hw/qxl.c | 4 ++++ - ui/spice-display.c | 23 ++++++++++++++--------- - ui/spice-display.h | 1 + - 3 files changed, 19 insertions(+), 9 deletions(-) - -diff --git a/hw/qxl.c b/hw/qxl.c -index c8839c3..17f2576 100644 ---- a/hw/qxl.c -+++ b/hw/qxl.c -@@ -1548,6 +1548,10 @@ static void display_refresh(struct DisplayState *ds) - { - if (qxl0->mode == QXL_MODE_VGA) { - qemu_spice_display_refresh(&qxl0->ssd); -+ } else { -+ qemu_mutex_lock(&qxl0->ssd.lock); -+ qemu_spice_cursor_refresh_unlocked(&qxl0->ssd); -+ qemu_mutex_unlock(&qxl0->ssd.lock); - } - } - -diff --git a/ui/spice-display.c b/ui/spice-display.c -index 6c302a3..c6e61d8 100644 ---- a/ui/spice-display.c -+++ b/ui/spice-display.c -@@ -317,16 +317,8 @@ void qemu_spice_display_resize(SimpleSpiceDisplay *ssd) - ssd->notify++; - } - --void qemu_spice_display_refresh(SimpleSpiceDisplay *ssd) -+void qemu_spice_cursor_refresh_unlocked(SimpleSpiceDisplay *ssd) - { -- dprint(3, "%s:\n", __FUNCTION__); -- vga_hw_update(); -- -- qemu_mutex_lock(&ssd->lock); -- if (ssd->update == NULL) { -- ssd->update = qemu_spice_create_update(ssd); -- ssd->notify++; -- } - if (ssd->cursor) { - ssd->ds->cursor_define(ssd->cursor); - cursor_put(ssd->cursor); -@@ -337,6 +329,19 @@ void qemu_spice_display_refresh(SimpleSpiceDisplay *ssd) - ssd->mouse_x = -1; - ssd->mouse_y = -1; - } -+} -+ -+void qemu_spice_display_refresh(SimpleSpiceDisplay *ssd) -+{ -+ dprint(3, "%s:\n", __func__); -+ vga_hw_update(); -+ -+ qemu_mutex_lock(&ssd->lock); -+ if (ssd->update == NULL) { -+ ssd->update = qemu_spice_create_update(ssd); -+ ssd->notify++; -+ } -+ qemu_spice_cursor_refresh_unlocked(ssd); - qemu_mutex_unlock(&ssd->lock); - - if (ssd->notify) { -diff --git a/ui/spice-display.h b/ui/spice-display.h -index 5e52df9..a23bfc8 100644 ---- a/ui/spice-display.h -+++ b/ui/spice-display.h -@@ -97,6 +97,7 @@ void qemu_spice_display_update(SimpleSpiceDisplay *ssd, - int x, int y, int w, int h); - void qemu_spice_display_resize(SimpleSpiceDisplay *ssd); - void qemu_spice_display_refresh(SimpleSpiceDisplay *ssd); -+void qemu_spice_cursor_refresh_unlocked(SimpleSpiceDisplay *ssd); - - void qemu_spice_add_memslot(SimpleSpiceDisplay *ssd, QXLDevMemSlot *memslot, - qxl_async_io async); --- -1.7.10 - diff --git a/0413-sdl-remove-NULL-check-g_malloc0-can-t-fail.patch b/0413-sdl-remove-NULL-check-g_malloc0-can-t-fail.patch deleted file mode 100644 index 8eddcc9..0000000 --- a/0413-sdl-remove-NULL-check-g_malloc0-can-t-fail.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 4888e60d646b0f8cdfe4180bacc90857d3d2a5dd Mon Sep 17 00:00:00 2001 -From: Alon Levy -Date: Fri, 24 Feb 2012 23:19:26 +0200 -Subject: [PATCH 413/434] sdl: remove NULL check, g_malloc0 can't fail - -Signed-off-by: Alon Levy -Signed-off-by: Gerd Hoffmann ---- - ui/sdl.c | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/ui/sdl.c b/ui/sdl.c -index 8cafc44..6844c83 100644 ---- a/ui/sdl.c -+++ b/ui/sdl.c -@@ -167,10 +167,6 @@ static PixelFormat sdl_to_qemu_pixelformat(SDL_PixelFormat *sdl_pf) - static DisplaySurface* sdl_create_displaysurface(int width, int height) - { - DisplaySurface *surface = (DisplaySurface*) g_malloc0(sizeof(DisplaySurface)); -- if (surface == NULL) { -- fprintf(stderr, "sdl_create_displaysurface: malloc failed\n"); -- exit(1); -- } - - surface->width = width; - surface->height = height; --- -1.7.10 - diff --git a/0414-qxl-drop-qxl_spice_update_area_async-definition.patch b/0414-qxl-drop-qxl_spice_update_area_async-definition.patch deleted file mode 100644 index 0edba27..0000000 --- a/0414-qxl-drop-qxl_spice_update_area_async-definition.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 813c46edf4f3f69347353749755e040bc5fbd597 Mon Sep 17 00:00:00 2001 -From: Alon Levy -Date: Fri, 24 Feb 2012 23:19:27 +0200 -Subject: [PATCH 414/434] qxl: drop qxl_spice_update_area_async definition - -It was never used. Introduced in -5ff4e36c804157bd84af43c139f8cd3a59722db9 -qxl: async io support using new spice api - -But not used even then. - -Signed-off-by: Alon Levy -Signed-off-by: Gerd Hoffmann ---- - hw/qxl.h | 6 ------ - 1 file changed, 6 deletions(-) - -diff --git a/hw/qxl.h b/hw/qxl.h -index d062991..a615eca 100644 ---- a/hw/qxl.h -+++ b/hw/qxl.h -@@ -138,9 +138,3 @@ void qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext); - void qxl_render_resize(PCIQXLDevice *qxl); - void qxl_render_update(PCIQXLDevice *qxl); - void qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext); --#if SPICE_INTERFACE_QXL_MINOR >= 1 --void qxl_spice_update_area_async(PCIQXLDevice *qxl, uint32_t surface_id, -- struct QXLRect *area, -- uint32_t clear_dirty_region, -- int is_vga); --#endif --- -1.7.10 - diff --git a/0415-qxl-require-spice-0.8.2.patch b/0415-qxl-require-spice-0.8.2.patch deleted file mode 100644 index e00a42e..0000000 --- a/0415-qxl-require-spice-0.8.2.patch +++ /dev/null @@ -1,358 +0,0 @@ -From e07eeb01819b40b839cc12b2eb658f48f13a5ff0 Mon Sep 17 00:00:00 2001 -From: Alon Levy -Date: Fri, 24 Feb 2012 23:19:28 +0200 -Subject: [PATCH 415/434] qxl: require spice >= 0.8.2 - -drop all ifdefs on SPICE_INTERFACE_QXL_MINOR >= 1 as a result, -any check for SPICE_SERVER_VERSION that is now always satisfied, -and SPICE_INTERFACE_CORE_MINOR >= 3 tests, because -0.8.2 has SPICE_INTERFACE_QXL_MINOR == 1 and -SPICE_INTERFACE_CORE_MINOR == 3. - -Signed-off-by: Alon Levy -Signed-off-by: Gerd Hoffmann ---- - configure | 2 +- - hw/qxl.c | 40 ---------------------------------------- - hw/qxl.h | 4 ---- - ui/spice-core.c | 17 ----------------- - ui/spice-display.c | 12 ------------ - 5 files changed, 1 insertion(+), 74 deletions(-) - -diff --git a/configure b/configure -index a4848a4..b03172c 100755 ---- a/configure -+++ b/configure -@@ -2501,7 +2501,7 @@ int main(void) { spice_server_new(); return 0; } - EOF - spice_cflags=$($pkg_config --cflags spice-protocol spice-server 2>/dev/null) - spice_libs=$($pkg_config --libs spice-protocol spice-server 2>/dev/null) -- if $pkg_config --atleast-version=0.6.0 spice-server >/dev/null 2>&1 && \ -+ if $pkg_config --atleast-version=0.8.2 spice-server >/dev/null 2>&1 && \ - compile_prog "$spice_cflags" "$spice_libs" ; then - spice="yes" - libs_softmmu="$libs_softmmu $spice_libs" -diff --git a/hw/qxl.c b/hw/qxl.c -index 17f2576..0be9859 100644 ---- a/hw/qxl.c -+++ b/hw/qxl.c -@@ -125,9 +125,7 @@ static void qxl_ring_set_dirty(PCIQXLDevice *qxl); - - void qxl_guest_bug(PCIQXLDevice *qxl, const char *msg, ...) - { --#if SPICE_INTERFACE_QXL_MINOR >= 1 - qxl_send_events(qxl, QXL_INTERRUPT_ERROR); --#endif - if (qxl->guestdebug) { - va_list ap; - va_start(ap, msg); -@@ -149,12 +147,8 @@ void qxl_spice_update_area(PCIQXLDevice *qxl, uint32_t surface_id, - qxl->ssd.worker->update_area(qxl->ssd.worker, surface_id, area, - dirty_rects, num_dirty_rects, clear_dirty_region); - } else { --#if SPICE_INTERFACE_QXL_MINOR >= 1 - spice_qxl_update_area_async(&qxl->ssd.qxl, surface_id, area, - clear_dirty_region, 0); --#else -- abort(); --#endif - } - } - -@@ -171,24 +165,18 @@ static void qxl_spice_destroy_surface_wait(PCIQXLDevice *qxl, uint32_t id, - qxl_async_io async) - { - if (async) { --#if SPICE_INTERFACE_QXL_MINOR < 1 -- abort(); --#else - spice_qxl_destroy_surface_async(&qxl->ssd.qxl, id, - (uint64_t)id); --#endif - } else { - qxl->ssd.worker->destroy_surface_wait(qxl->ssd.worker, id); - qxl_spice_destroy_surface_wait_complete(qxl, id); - } - } - --#if SPICE_INTERFACE_QXL_MINOR >= 1 - static void qxl_spice_flush_surfaces_async(PCIQXLDevice *qxl) - { - spice_qxl_flush_surfaces_async(&qxl->ssd.qxl, 0); - } --#endif - - void qxl_spice_loadvm_commands(PCIQXLDevice *qxl, struct QXLCommandExt *ext, - uint32_t count) -@@ -217,11 +205,7 @@ static void qxl_spice_destroy_surfaces_complete(PCIQXLDevice *qxl) - static void qxl_spice_destroy_surfaces(PCIQXLDevice *qxl, qxl_async_io async) - { - if (async) { --#if SPICE_INTERFACE_QXL_MINOR < 1 -- abort(); --#else - spice_qxl_destroy_surfaces_async(&qxl->ssd.qxl, 0); --#endif - } else { - qxl->ssd.worker->destroy_surfaces(qxl->ssd.worker); - qxl_spice_destroy_surfaces_complete(qxl); -@@ -493,7 +477,6 @@ static const char *io_port_to_string(uint32_t io_port) - [QXL_IO_DESTROY_PRIMARY] = "QXL_IO_DESTROY_PRIMARY", - [QXL_IO_DESTROY_SURFACE_WAIT] = "QXL_IO_DESTROY_SURFACE_WAIT", - [QXL_IO_DESTROY_ALL_SURFACES] = "QXL_IO_DESTROY_ALL_SURFACES", --#if SPICE_INTERFACE_QXL_MINOR >= 1 - [QXL_IO_UPDATE_AREA_ASYNC] = "QXL_IO_UPDATE_AREA_ASYNC", - [QXL_IO_MEMSLOT_ADD_ASYNC] = "QXL_IO_MEMSLOT_ADD_ASYNC", - [QXL_IO_CREATE_PRIMARY_ASYNC] = "QXL_IO_CREATE_PRIMARY_ASYNC", -@@ -503,7 +486,6 @@ static const char *io_port_to_string(uint32_t io_port) - = "QXL_IO_DESTROY_ALL_SURFACES_ASYNC", - [QXL_IO_FLUSH_SURFACES_ASYNC] = "QXL_IO_FLUSH_SURFACES_ASYNC", - [QXL_IO_FLUSH_RELEASE] = "QXL_IO_FLUSH_RELEASE", --#endif - }; - return io_port_to_string[io_port]; - } -@@ -738,8 +720,6 @@ static int interface_flush_resources(QXLInstance *sin) - - static void qxl_create_guest_primary_complete(PCIQXLDevice *d); - --#if SPICE_INTERFACE_QXL_MINOR >= 1 -- - /* called from spice server thread context only */ - static void interface_async_complete(QXLInstance *sin, uint64_t cookie) - { -@@ -767,8 +747,6 @@ static void interface_async_complete(QXLInstance *sin, uint64_t cookie) - qxl_send_events(qxl, QXL_INTERRUPT_IO_CMD); - } - --#endif -- - static const QXLInterface qxl_interface = { - .base.type = SPICE_INTERFACE_QXL, - .base.description = "qxl gpu", -@@ -788,9 +766,7 @@ static const QXLInterface qxl_interface = { - .req_cursor_notification = interface_req_cursor_notification, - .notify_update = interface_notify_update, - .flush_resources = interface_flush_resources, --#if SPICE_INTERFACE_QXL_MINOR >= 1 - .async_complete = interface_async_complete, --#endif - }; - - static void qxl_enter_vga_mode(PCIQXLDevice *d) -@@ -1140,9 +1116,7 @@ static void ioport_write(void *opaque, target_phys_addr_t addr, - PCIQXLDevice *d = opaque; - uint32_t io_port = addr; - qxl_async_io async = QXL_SYNC; --#if SPICE_INTERFACE_QXL_MINOR >= 1 - uint32_t orig_io_port = io_port; --#endif - - switch (io_port) { - case QXL_IO_RESET: -@@ -1152,10 +1126,8 @@ static void ioport_write(void *opaque, target_phys_addr_t addr, - case QXL_IO_CREATE_PRIMARY: - case QXL_IO_UPDATE_IRQ: - case QXL_IO_LOG: --#if SPICE_INTERFACE_QXL_MINOR >= 1 - case QXL_IO_MEMSLOT_ADD_ASYNC: - case QXL_IO_CREATE_PRIMARY_ASYNC: --#endif - break; - default: - if (d->mode != QXL_MODE_VGA) { -@@ -1163,17 +1135,14 @@ static void ioport_write(void *opaque, target_phys_addr_t addr, - } - dprint(d, 1, "%s: unexpected port 0x%x (%s) in vga mode\n", - __func__, io_port, io_port_to_string(io_port)); --#if SPICE_INTERFACE_QXL_MINOR >= 1 - /* be nice to buggy guest drivers */ - if (io_port >= QXL_IO_UPDATE_AREA_ASYNC && - io_port <= QXL_IO_DESTROY_ALL_SURFACES_ASYNC) { - qxl_send_events(d, QXL_INTERRUPT_IO_CMD); - } --#endif - return; - } - --#if SPICE_INTERFACE_QXL_MINOR >= 1 - /* we change the io_port to avoid ifdeffery in the main switch */ - orig_io_port = io_port; - switch (io_port) { -@@ -1212,7 +1181,6 @@ async_common: - default: - break; - } --#endif - - switch (io_port) { - case QXL_IO_UPDATE_AREA: -@@ -1304,7 +1272,6 @@ async_common: - } - qxl_spice_destroy_surface_wait(d, val, async); - break; --#if SPICE_INTERFACE_QXL_MINOR >= 1 - case QXL_IO_FLUSH_RELEASE: { - QXLReleaseRing *ring = &d->ram->release_ring; - if (ring->prod - ring->cons + 1 == ring->num_items) { -@@ -1325,7 +1292,6 @@ async_common: - d->num_free_res); - qxl_spice_flush_surfaces_async(d); - break; --#endif - case QXL_IO_DESTROY_ALL_SURFACES: - d->mode = QXL_MODE_UNDEFINED; - qxl_spice_destroy_surfaces(d, async); -@@ -1336,16 +1302,12 @@ async_common: - } - return; - cancel_async: --#if SPICE_INTERFACE_QXL_MINOR >= 1 - if (async) { - qxl_send_events(d, QXL_INTERRUPT_IO_CMD); - qemu_mutex_lock(&d->async_lock); - d->current_async = QXL_UNDEFINED_IO; - qemu_mutex_unlock(&d->async_lock); - } --#else -- return; --#endif - } - - static uint64_t ioport_read(void *opaque, target_phys_addr_t addr, -@@ -1607,9 +1569,7 @@ static int qxl_init_common(PCIQXLDevice *qxl) - case 2: /* spice 0.6 -- qxl-2 */ - pci_device_rev = QXL_REVISION_STABLE_V06; - break; --#if SPICE_INTERFACE_QXL_MINOR >= 1 - case 3: /* qxl-3 */ --#endif - default: - pci_device_rev = QXL_DEFAULT_REVISION; - break; -diff --git a/hw/qxl.h b/hw/qxl.h -index a615eca..9288e46 100644 ---- a/hw/qxl.h -+++ b/hw/qxl.h -@@ -108,11 +108,7 @@ typedef struct PCIQXLDevice { - } \ - } while (0) - --#if SPICE_INTERFACE_QXL_MINOR >= 1 - #define QXL_DEFAULT_REVISION QXL_REVISION_STABLE_V10 --#else --#define QXL_DEFAULT_REVISION QXL_REVISION_STABLE_V06 --#endif - - /* qxl.c */ - void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL phys, int group_id); -diff --git a/ui/spice-core.c b/ui/spice-core.c -index 27216e9..2c815f1 100644 ---- a/ui/spice-core.c -+++ b/ui/spice-core.c -@@ -139,8 +139,6 @@ static void watch_remove(SpiceWatch *watch) - g_free(watch); - } - --#if SPICE_INTERFACE_CORE_MINOR >= 3 -- - typedef struct ChannelList ChannelList; - struct ChannelList { - SpiceChannelEventInfo *info; -@@ -257,15 +255,6 @@ static void channel_event(int event, SpiceChannelEventInfo *info) - } - } - --#else /* SPICE_INTERFACE_CORE_MINOR >= 3 */ -- --static QList *channel_list_get(void) --{ -- return NULL; --} -- --#endif /* SPICE_INTERFACE_CORE_MINOR >= 3 */ -- - static SpiceCoreInterface core_interface = { - .base.type = SPICE_INTERFACE_CORE, - .base.description = "qemu core services", -@@ -281,9 +270,7 @@ static SpiceCoreInterface core_interface = { - .watch_update_mask = watch_update_mask, - .watch_remove = watch_remove, - --#if SPICE_INTERFACE_CORE_MINOR >= 3 - .channel_event = channel_event, --#endif - }; - - #ifdef SPICE_INTERFACE_MIGRATION -@@ -490,7 +477,6 @@ static void migration_state_notifier(Notifier *notifier, void *data) - spice_server_migrate_start(spice_server); - #endif - } else if (migration_has_finished(s)) { --#if SPICE_SERVER_VERSION >= 0x000701 /* 0.7.1 */ - #ifndef SPICE_INTERFACE_MIGRATION - spice_server_migrate_switch(spice_server); - #else -@@ -498,7 +484,6 @@ static void migration_state_notifier(Notifier *notifier, void *data) - } else if (migration_has_failed(s)) { - spice_server_migrate_end(spice_server, false); - #endif --#endif - } - } - -@@ -659,11 +644,9 @@ void qemu_spice_init(void) - spice_server_set_noauth(spice_server); - } - --#if SPICE_SERVER_VERSION >= 0x000801 - if (qemu_opt_get_bool(opts, "disable-copy-paste", 0)) { - spice_server_set_agent_copypaste(spice_server, false); - } --#endif - - compression = SPICE_IMAGE_COMPRESS_AUTO_GLZ; - str = qemu_opt_get(opts, "image-compression"); -diff --git a/ui/spice-display.c b/ui/spice-display.c -index c6e61d8..ad76bae 100644 ---- a/ui/spice-display.c -+++ b/ui/spice-display.c -@@ -64,11 +64,7 @@ void qemu_spice_add_memslot(SimpleSpiceDisplay *ssd, QXLDevMemSlot *memslot, - qxl_async_io async) - { - if (async != QXL_SYNC) { --#if SPICE_INTERFACE_QXL_MINOR >= 1 - spice_qxl_add_memslot_async(&ssd->qxl, memslot, 0); --#else -- abort(); --#endif - } else { - ssd->worker->add_memslot(ssd->worker, memslot); - } -@@ -84,11 +80,7 @@ void qemu_spice_create_primary_surface(SimpleSpiceDisplay *ssd, uint32_t id, - qxl_async_io async) - { - if (async != QXL_SYNC) { --#if SPICE_INTERFACE_QXL_MINOR >= 1 - spice_qxl_create_primary_surface_async(&ssd->qxl, id, surface, 0); --#else -- abort(); --#endif - } else { - ssd->worker->create_primary_surface(ssd->worker, id, surface); - } -@@ -99,11 +91,7 @@ void qemu_spice_destroy_primary_surface(SimpleSpiceDisplay *ssd, - uint32_t id, qxl_async_io async) - { - if (async != QXL_SYNC) { --#if SPICE_INTERFACE_QXL_MINOR >= 1 - spice_qxl_destroy_primary_surface_async(&ssd->qxl, id, 0); --#else -- abort(); --#endif - } else { - ssd->worker->destroy_primary_surface(ssd->worker, id); - } --- -1.7.10 - diff --git a/0416-qxl-remove-flipped.patch b/0416-qxl-remove-flipped.patch deleted file mode 100644 index 3820b9b..0000000 --- a/0416-qxl-remove-flipped.patch +++ /dev/null @@ -1,145 +0,0 @@ -From f9344933bcc1425cf1e8142dc2f8321522dc00af Mon Sep 17 00:00:00 2001 -From: Alon Levy -Date: Fri, 24 Feb 2012 23:19:29 +0200 -Subject: [PATCH 416/434] qxl: remove flipped - -Tested on linux and windows guests. For negative stride, qxl_flip copies -directly to vga->ds->surface->data, for positive it's reallocated to -share qxl->guest_primary.data - -Signed-off-by: Alon Levy -Signed-off-by: Gerd Hoffmann ---- - hw/qxl-render.c | 66 +++++++++++++++++++++++++------------------------------ - hw/qxl.h | 2 +- - 2 files changed, 31 insertions(+), 37 deletions(-) - -diff --git a/hw/qxl-render.c b/hw/qxl-render.c -index a7891b2..5811d74 100644 ---- a/hw/qxl-render.c -+++ b/hw/qxl-render.c -@@ -23,10 +23,21 @@ - - static void qxl_flip(PCIQXLDevice *qxl, QXLRect *rect) - { -- uint8_t *src = qxl->guest_primary.data; -- uint8_t *dst = qxl->guest_primary.flipped; -+ uint8_t *src; -+ uint8_t *dst = qxl->vga.ds->surface->data; - int len, i; - -+ if (qxl->guest_primary.qxl_stride > 0) { -+ return; -+ } -+ if (!qxl->guest_primary.data) { -+ dprint(qxl, 1, "%s: initializing guest_primary.data\n", __func__); -+ qxl->guest_primary.data = memory_region_get_ram_ptr(&qxl->vga.vram); -+ } -+ dprint(qxl, 1, "%s: stride %d, [%d, %d, %d, %d]\n", __func__, -+ qxl->guest_primary.qxl_stride, -+ rect->left, rect->right, rect->top, rect->bottom); -+ src = qxl->guest_primary.data; - src += (qxl->guest_primary.surface.height - rect->top - 1) * - qxl->guest_primary.abs_stride; - dst += rect->top * qxl->guest_primary.abs_stride; -@@ -75,52 +86,38 @@ void qxl_render_update(PCIQXLDevice *qxl) - { - VGACommonState *vga = &qxl->vga; - QXLRect dirty[32], update; -- void *ptr; - int i, redraw = 0; -- -- if (!is_buffer_shared(vga->ds->surface)) { -- dprint(qxl, 1, "%s: restoring shared displaysurface\n", __func__); -- qxl->guest_primary.resized++; -- qxl->guest_primary.commands++; -- redraw = 1; -- } -+ DisplaySurface *surface = vga->ds->surface; - - if (qxl->guest_primary.resized) { - qxl->guest_primary.resized = 0; - -- if (qxl->guest_primary.flipped) { -- g_free(qxl->guest_primary.flipped); -- qxl->guest_primary.flipped = NULL; -- } -- qemu_free_displaysurface(vga->ds); -- - qxl->guest_primary.data = memory_region_get_ram_ptr(&qxl->vga.vram); -- if (qxl->guest_primary.qxl_stride < 0) { -- /* spice surface is upside down -> need extra buffer to flip */ -- qxl->guest_primary.flipped = -- g_malloc(qxl->guest_primary.surface.width * -- qxl->guest_primary.abs_stride); -- ptr = qxl->guest_primary.flipped; -- } else { -- ptr = qxl->guest_primary.data; -- } -- dprint(qxl, 1, "%s: %dx%d, stride %d, bpp %d, depth %d, flip %s\n", -+ dprint(qxl, 1, "%s: %dx%d, stride %d, bpp %d, depth %d\n", - __FUNCTION__, - qxl->guest_primary.surface.width, - qxl->guest_primary.surface.height, - qxl->guest_primary.qxl_stride, - qxl->guest_primary.bytes_pp, -- qxl->guest_primary.bits_pp, -- qxl->guest_primary.flipped ? "yes" : "no"); -- vga->ds->surface = -+ qxl->guest_primary.bits_pp); -+ } -+ if (surface->width != qxl->guest_primary.surface.width || -+ surface->height != qxl->guest_primary.surface.height) { -+ dprint(qxl, 1, "%s: resizing displaysurface to guest_primary\n", -+ __func__); -+ if (qxl->guest_primary.qxl_stride > 0) { -+ qemu_free_displaysurface(vga->ds); - qemu_create_displaysurface_from(qxl->guest_primary.surface.width, - qxl->guest_primary.surface.height, - qxl->guest_primary.bits_pp, - qxl->guest_primary.abs_stride, -- ptr); -- dpy_resize(vga->ds); -+ qxl->guest_primary.data); -+ } else { -+ qemu_resize_displaysurface(vga->ds, -+ qxl->guest_primary.surface.width, -+ qxl->guest_primary.surface.height); -+ } - } -- - update.left = 0; - update.right = qxl->guest_primary.surface.width; - update.top = 0; -@@ -136,14 +133,11 @@ void qxl_render_update(PCIQXLDevice *qxl) - memset(dirty, 0, sizeof(dirty)); - dirty[0] = update; - } -- - for (i = 0; i < ARRAY_SIZE(dirty); i++) { - if (qemu_spice_rect_is_empty(dirty+i)) { - break; - } -- if (qxl->guest_primary.flipped) { -- qxl_flip(qxl, dirty+i); -- } -+ qxl_flip(qxl, dirty+i); - dpy_update(vga->ds, - dirty[i].left, dirty[i].top, - dirty[i].right - dirty[i].left, -diff --git a/hw/qxl.h b/hw/qxl.h -index 9288e46..53a3ace 100644 ---- a/hw/qxl.h -+++ b/hw/qxl.h -@@ -52,7 +52,7 @@ typedef struct PCIQXLDevice { - uint32_t abs_stride; - uint32_t bits_pp; - uint32_t bytes_pp; -- uint8_t *data, *flipped; -+ uint8_t *data; - } guest_primary; - - struct surfaces { --- -1.7.10 - diff --git a/0417-qxl-introduce-QXLCookie.patch b/0417-qxl-introduce-QXLCookie.patch deleted file mode 100644 index 1eeff47..0000000 --- a/0417-qxl-introduce-QXLCookie.patch +++ /dev/null @@ -1,264 +0,0 @@ -From bbe362cd6a386d98a94ac791f1263671bd79b754 Mon Sep 17 00:00:00 2001 -From: Alon Levy -Date: Fri, 24 Feb 2012 23:19:30 +0200 -Subject: [PATCH 417/434] qxl: introduce QXLCookie - -Will be used in the next patch. - -Signed-off-by: Alon Levy -Signed-off-by: Gerd Hoffmann ---- - hw/qxl-render.c | 2 +- - hw/qxl.c | 61 ++++++++++++++++++++++++++++++++++++++++------------ - hw/qxl.h | 2 +- - ui/spice-display.c | 22 ++++++++++++++++--- - ui/spice-display.h | 14 ++++++++++++ - 5 files changed, 82 insertions(+), 19 deletions(-) - -diff --git a/hw/qxl-render.c b/hw/qxl-render.c -index 5811d74..4c22166 100644 ---- a/hw/qxl-render.c -+++ b/hw/qxl-render.c -@@ -127,7 +127,7 @@ void qxl_render_update(PCIQXLDevice *qxl) - if (runstate_is_running() && qxl->guest_primary.commands) { - qxl->guest_primary.commands = 0; - qxl_spice_update_area(qxl, 0, &update, -- dirty, ARRAY_SIZE(dirty), 1, QXL_SYNC); -+ dirty, ARRAY_SIZE(dirty), 1, QXL_SYNC, NULL); - } - if (redraw) { - memset(dirty, 0, sizeof(dirty)); -diff --git a/hw/qxl.c b/hw/qxl.c -index 0be9859..e6e65d9 100644 ---- a/hw/qxl.c -+++ b/hw/qxl.c -@@ -141,14 +141,15 @@ void qxl_spice_update_area(PCIQXLDevice *qxl, uint32_t surface_id, - struct QXLRect *area, struct QXLRect *dirty_rects, - uint32_t num_dirty_rects, - uint32_t clear_dirty_region, -- qxl_async_io async) -+ qxl_async_io async, struct QXLCookie *cookie) - { - if (async == QXL_SYNC) { - qxl->ssd.worker->update_area(qxl->ssd.worker, surface_id, area, - dirty_rects, num_dirty_rects, clear_dirty_region); - } else { -+ assert(cookie != NULL); - spice_qxl_update_area_async(&qxl->ssd.qxl, surface_id, area, -- clear_dirty_region, 0); -+ clear_dirty_region, (uint64_t)cookie); - } - } - -@@ -164,9 +165,13 @@ static void qxl_spice_destroy_surface_wait_complete(PCIQXLDevice *qxl, - static void qxl_spice_destroy_surface_wait(PCIQXLDevice *qxl, uint32_t id, - qxl_async_io async) - { -+ QXLCookie *cookie; -+ - if (async) { -- spice_qxl_destroy_surface_async(&qxl->ssd.qxl, id, -- (uint64_t)id); -+ cookie = qxl_cookie_new(QXL_COOKIE_TYPE_IO, -+ QXL_IO_DESTROY_SURFACE_ASYNC); -+ cookie->u.surface_id = id; -+ spice_qxl_destroy_surface_async(&qxl->ssd.qxl, id, (uint64_t)cookie); - } else { - qxl->ssd.worker->destroy_surface_wait(qxl->ssd.worker, id); - qxl_spice_destroy_surface_wait_complete(qxl, id); -@@ -175,7 +180,9 @@ static void qxl_spice_destroy_surface_wait(PCIQXLDevice *qxl, uint32_t id, - - static void qxl_spice_flush_surfaces_async(PCIQXLDevice *qxl) - { -- spice_qxl_flush_surfaces_async(&qxl->ssd.qxl, 0); -+ spice_qxl_flush_surfaces_async(&qxl->ssd.qxl, -+ (uint64_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -+ QXL_IO_FLUSH_SURFACES_ASYNC)); - } - - void qxl_spice_loadvm_commands(PCIQXLDevice *qxl, struct QXLCommandExt *ext, -@@ -205,7 +212,9 @@ static void qxl_spice_destroy_surfaces_complete(PCIQXLDevice *qxl) - static void qxl_spice_destroy_surfaces(PCIQXLDevice *qxl, qxl_async_io async) - { - if (async) { -- spice_qxl_destroy_surfaces_async(&qxl->ssd.qxl, 0); -+ spice_qxl_destroy_surfaces_async(&qxl->ssd.qxl, -+ (uint64_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -+ QXL_IO_DESTROY_ALL_SURFACES_ASYNC)); - } else { - qxl->ssd.worker->destroy_surfaces(qxl->ssd.worker); - qxl_spice_destroy_surfaces_complete(qxl); -@@ -721,9 +730,8 @@ static int interface_flush_resources(QXLInstance *sin) - static void qxl_create_guest_primary_complete(PCIQXLDevice *d); - - /* called from spice server thread context only */ --static void interface_async_complete(QXLInstance *sin, uint64_t cookie) -+static void interface_async_complete_io(PCIQXLDevice *qxl, QXLCookie *cookie) - { -- PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl); - uint32_t current_async; - - qemu_mutex_lock(&qxl->async_lock); -@@ -731,8 +739,16 @@ static void interface_async_complete(QXLInstance *sin, uint64_t cookie) - qxl->current_async = QXL_UNDEFINED_IO; - qemu_mutex_unlock(&qxl->async_lock); - -- dprint(qxl, 2, "async_complete: %d (%" PRId64 ") done\n", -- current_async, cookie); -+ dprint(qxl, 2, "async_complete: %d (%p) done\n", current_async, cookie); -+ if (!cookie) { -+ fprintf(stderr, "qxl: %s: error, cookie is NULL\n", __func__); -+ return; -+ } -+ if (cookie && current_async != cookie->io) { -+ fprintf(stderr, -+ "qxl: %s: error: current_async = %d != %ld = cookie->io\n", -+ __func__, current_async, cookie->io); -+ } - switch (current_async) { - case QXL_IO_CREATE_PRIMARY_ASYNC: - qxl_create_guest_primary_complete(qxl); -@@ -741,12 +757,29 @@ static void interface_async_complete(QXLInstance *sin, uint64_t cookie) - qxl_spice_destroy_surfaces_complete(qxl); - break; - case QXL_IO_DESTROY_SURFACE_ASYNC: -- qxl_spice_destroy_surface_wait_complete(qxl, (uint32_t)cookie); -+ qxl_spice_destroy_surface_wait_complete(qxl, cookie->u.surface_id); - break; - } - qxl_send_events(qxl, QXL_INTERRUPT_IO_CMD); - } - -+/* called from spice server thread context only */ -+static void interface_async_complete(QXLInstance *sin, uint64_t cookie_token) -+{ -+ PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl); -+ QXLCookie *cookie = (QXLCookie *)cookie_token; -+ -+ switch (cookie->type) { -+ case QXL_COOKIE_TYPE_IO: -+ interface_async_complete_io(qxl, cookie); -+ break; -+ default: -+ fprintf(stderr, "qxl: %s: unexpected cookie type %d\n", -+ __func__, cookie->type); -+ } -+ g_free(cookie); -+} -+ - static const QXLInterface qxl_interface = { - .base.type = SPICE_INTERFACE_QXL, - .base.description = "qxl gpu", -@@ -1057,9 +1090,7 @@ static int qxl_destroy_primary(PCIQXLDevice *d, qxl_async_io async) - if (d->mode == QXL_MODE_UNDEFINED) { - return 0; - } -- - dprint(d, 1, "%s\n", __FUNCTION__); -- - d->mode = QXL_MODE_UNDEFINED; - qemu_spice_destroy_primary_surface(&d->ssd, 0, async); - qxl_spice_reset_cursor(d); -@@ -1187,7 +1218,9 @@ async_common: - { - QXLRect update = d->ram->update_area; - qxl_spice_update_area(d, d->ram->update_surface, -- &update, NULL, 0, 0, async); -+ &update, NULL, 0, 0, async, -+ qxl_cookie_new(QXL_COOKIE_TYPE_IO, -+ QXL_IO_UPDATE_AREA_ASYNC)); - break; - } - case QXL_IO_NOTIFY_CMD: -diff --git a/hw/qxl.h b/hw/qxl.h -index 53a3ace..1443925 100644 ---- a/hw/qxl.h -+++ b/hw/qxl.h -@@ -118,7 +118,7 @@ void qxl_spice_update_area(PCIQXLDevice *qxl, uint32_t surface_id, - struct QXLRect *area, struct QXLRect *dirty_rects, - uint32_t num_dirty_rects, - uint32_t clear_dirty_region, -- qxl_async_io async); -+ qxl_async_io async, QXLCookie *cookie); - void qxl_spice_loadvm_commands(PCIQXLDevice *qxl, struct QXLCommandExt *ext, - uint32_t count); - void qxl_spice_oom(PCIQXLDevice *qxl); -diff --git a/ui/spice-display.c b/ui/spice-display.c -index ad76bae..ab266ae 100644 ---- a/ui/spice-display.c -+++ b/ui/spice-display.c -@@ -60,11 +60,23 @@ void qemu_spice_rect_union(QXLRect *dest, const QXLRect *r) - dest->right = MAX(dest->right, r->right); - } - -+QXLCookie *qxl_cookie_new(int type, uint64_t io) -+{ -+ QXLCookie *cookie; -+ -+ cookie = g_malloc0(sizeof(*cookie)); -+ cookie->type = type; -+ cookie->io = io; -+ return cookie; -+} -+ - void qemu_spice_add_memslot(SimpleSpiceDisplay *ssd, QXLDevMemSlot *memslot, - qxl_async_io async) - { - if (async != QXL_SYNC) { -- spice_qxl_add_memslot_async(&ssd->qxl, memslot, 0); -+ spice_qxl_add_memslot_async(&ssd->qxl, memslot, -+ (uint64_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -+ QXL_IO_MEMSLOT_ADD_ASYNC)); - } else { - ssd->worker->add_memslot(ssd->worker, memslot); - } -@@ -80,7 +92,9 @@ void qemu_spice_create_primary_surface(SimpleSpiceDisplay *ssd, uint32_t id, - qxl_async_io async) - { - if (async != QXL_SYNC) { -- spice_qxl_create_primary_surface_async(&ssd->qxl, id, surface, 0); -+ spice_qxl_create_primary_surface_async(&ssd->qxl, id, surface, -+ (uint64_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -+ QXL_IO_CREATE_PRIMARY_ASYNC)); - } else { - ssd->worker->create_primary_surface(ssd->worker, id, surface); - } -@@ -91,7 +105,9 @@ void qemu_spice_destroy_primary_surface(SimpleSpiceDisplay *ssd, - uint32_t id, qxl_async_io async) - { - if (async != QXL_SYNC) { -- spice_qxl_destroy_primary_surface_async(&ssd->qxl, id, 0); -+ spice_qxl_destroy_primary_surface_async(&ssd->qxl, id, -+ (uint64_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -+ QXL_IO_DESTROY_PRIMARY_ASYNC)); - } else { - ssd->worker->destroy_primary_surface(ssd->worker, id); - } -diff --git a/ui/spice-display.h b/ui/spice-display.h -index a23bfc8..8a010cb 100644 ---- a/ui/spice-display.h -+++ b/ui/spice-display.h -@@ -48,6 +48,20 @@ typedef enum qxl_async_io { - QXL_ASYNC, - } qxl_async_io; - -+enum { -+ QXL_COOKIE_TYPE_IO, -+}; -+ -+typedef struct QXLCookie { -+ int type; -+ uint64_t io; -+ union { -+ uint32_t surface_id; -+ } u; -+} QXLCookie; -+ -+QXLCookie *qxl_cookie_new(int type, uint64_t io); -+ - typedef struct SimpleSpiceDisplay SimpleSpiceDisplay; - typedef struct SimpleSpiceUpdate SimpleSpiceUpdate; - --- -1.7.10 - diff --git a/0418-qxl-make-qxl_render_update-async.patch b/0418-qxl-make-qxl_render_update-async.patch deleted file mode 100644 index c569d73..0000000 --- a/0418-qxl-make-qxl_render_update-async.patch +++ /dev/null @@ -1,360 +0,0 @@ -From c26805e29312fee136008a57c70a2f5f140ba706 Mon Sep 17 00:00:00 2001 -From: Alon Levy -Date: Fri, 24 Feb 2012 23:19:31 +0200 -Subject: [PATCH 418/434] qxl: make qxl_render_update async - -RHBZ# 747011 - -Removes the last user of QXL_SYNC when using update drivers that use the -_ASYNC io ports. - -The last user is qxl_render_update, it is called both by qxl_hw_update -which is the vga_hw_update_ptr passed to graphic_console_init, and by -qxl_hw_screen_dump. - -At the same time the QXLRect area being passed to the red_worker thread -is passed as a copy, as part of the QXLCookie. - -The implementation uses interface_update_area_complete with a bh to make -sure dpy_update and qxl_flip are called from the io thread, otherwise -the vga->ds->surface.data can change under our feet. - -With this patch sdl+spice works fine. But spice by itself doesn't -produce the expected screendumps unless repeated a few times, due to -ppm_save being called before update_area (rendering done in spice server -thread) having a chance to complete. Fixed by next patch, but see commit -message for problem introduced by it. - -Signed-off-by: Alon Levy -Signed-off-by: Gerd Hoffmann ---- - hw/qxl-render.c | 96 +++++++++++++++++++++++++++++++++++++--------------- - hw/qxl.c | 69 ++++++++++++++++++++++++++++++++++--- - hw/qxl.h | 10 ++++++ - ui/spice-display.h | 6 ++++ - 4 files changed, 150 insertions(+), 31 deletions(-) - -diff --git a/hw/qxl-render.c b/hw/qxl-render.c -index 4c22166..4857838 100644 ---- a/hw/qxl-render.c -+++ b/hw/qxl-render.c -@@ -82,17 +82,25 @@ void qxl_render_resize(PCIQXLDevice *qxl) - } - } - --void qxl_render_update(PCIQXLDevice *qxl) -+static void qxl_set_rect_to_surface(PCIQXLDevice *qxl, QXLRect *area) -+{ -+ area->left = 0; -+ area->right = qxl->guest_primary.surface.width; -+ area->top = 0; -+ area->bottom = qxl->guest_primary.surface.height; -+} -+ -+static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl) - { - VGACommonState *vga = &qxl->vga; -- QXLRect dirty[32], update; -- int i, redraw = 0; -+ int i; - DisplaySurface *surface = vga->ds->surface; - - if (qxl->guest_primary.resized) { - qxl->guest_primary.resized = 0; -- - qxl->guest_primary.data = memory_region_get_ram_ptr(&qxl->vga.vram); -+ qxl_set_rect_to_surface(qxl, &qxl->dirty[0]); -+ qxl->num_dirty_rects = 1; - dprint(qxl, 1, "%s: %dx%d, stride %d, bpp %d, depth %d\n", - __FUNCTION__, - qxl->guest_primary.surface.width, -@@ -103,9 +111,9 @@ void qxl_render_update(PCIQXLDevice *qxl) - } - if (surface->width != qxl->guest_primary.surface.width || - surface->height != qxl->guest_primary.surface.height) { -- dprint(qxl, 1, "%s: resizing displaysurface to guest_primary\n", -- __func__); - if (qxl->guest_primary.qxl_stride > 0) { -+ dprint(qxl, 1, "%s: using guest_primary for displaysurface\n", -+ __func__); - qemu_free_displaysurface(vga->ds); - qemu_create_displaysurface_from(qxl->guest_primary.surface.width, - qxl->guest_primary.surface.height, -@@ -113,36 +121,70 @@ void qxl_render_update(PCIQXLDevice *qxl) - qxl->guest_primary.abs_stride, - qxl->guest_primary.data); - } else { -+ dprint(qxl, 1, "%s: resizing displaysurface to guest_primary\n", -+ __func__); - qemu_resize_displaysurface(vga->ds, - qxl->guest_primary.surface.width, - qxl->guest_primary.surface.height); - } - } -- update.left = 0; -- update.right = qxl->guest_primary.surface.width; -- update.top = 0; -- update.bottom = qxl->guest_primary.surface.height; -- -- memset(dirty, 0, sizeof(dirty)); -- if (runstate_is_running() && qxl->guest_primary.commands) { -- qxl->guest_primary.commands = 0; -- qxl_spice_update_area(qxl, 0, &update, -- dirty, ARRAY_SIZE(dirty), 1, QXL_SYNC, NULL); -- } -- if (redraw) { -- memset(dirty, 0, sizeof(dirty)); -- dirty[0] = update; -- } -- for (i = 0; i < ARRAY_SIZE(dirty); i++) { -- if (qemu_spice_rect_is_empty(dirty+i)) { -+ for (i = 0; i < qxl->num_dirty_rects; i++) { -+ if (qemu_spice_rect_is_empty(qxl->dirty+i)) { - break; - } -- qxl_flip(qxl, dirty+i); -+ qxl_flip(qxl, qxl->dirty+i); - dpy_update(vga->ds, -- dirty[i].left, dirty[i].top, -- dirty[i].right - dirty[i].left, -- dirty[i].bottom - dirty[i].top); -+ qxl->dirty[i].left, qxl->dirty[i].top, -+ qxl->dirty[i].right - qxl->dirty[i].left, -+ qxl->dirty[i].bottom - qxl->dirty[i].top); -+ } -+ qxl->num_dirty_rects = 0; -+} -+ -+/* -+ * use ssd.lock to protect render_update_cookie_num. -+ * qxl_render_update is called by io thread or vcpu thread, and the completion -+ * callbacks are called by spice_server thread, defering to bh called from the -+ * io thread. -+ */ -+void qxl_render_update(PCIQXLDevice *qxl) -+{ -+ QXLCookie *cookie; -+ -+ qemu_mutex_lock(&qxl->ssd.lock); -+ -+ if (!runstate_is_running() || !qxl->guest_primary.commands) { -+ qxl_render_update_area_unlocked(qxl); -+ qemu_mutex_unlock(&qxl->ssd.lock); -+ return; - } -+ -+ qxl->guest_primary.commands = 0; -+ qxl->render_update_cookie_num++; -+ qemu_mutex_unlock(&qxl->ssd.lock); -+ cookie = qxl_cookie_new(QXL_COOKIE_TYPE_RENDER_UPDATE_AREA, -+ 0); -+ qxl_set_rect_to_surface(qxl, &cookie->u.render.area); -+ qxl_spice_update_area(qxl, 0, &cookie->u.render.area, NULL, -+ 0, 1 /* clear_dirty_region */, QXL_ASYNC, cookie); -+} -+ -+void qxl_render_update_area_bh(void *opaque) -+{ -+ PCIQXLDevice *qxl = opaque; -+ -+ qemu_mutex_lock(&qxl->ssd.lock); -+ qxl_render_update_area_unlocked(qxl); -+ qemu_mutex_unlock(&qxl->ssd.lock); -+} -+ -+void qxl_render_update_area_done(PCIQXLDevice *qxl, QXLCookie *cookie) -+{ -+ qemu_mutex_lock(&qxl->ssd.lock); -+ qemu_bh_schedule(qxl->update_area_bh); -+ qxl->render_update_cookie_num--; -+ qemu_mutex_unlock(&qxl->ssd.lock); -+ g_free(cookie); - } - - static QEMUCursor *qxl_cursor(PCIQXLDevice *qxl, QXLCursor *cursor) -diff --git a/hw/qxl.c b/hw/qxl.c -index e6e65d9..73be115 100644 ---- a/hw/qxl.c -+++ b/hw/qxl.c -@@ -750,6 +750,11 @@ static void interface_async_complete_io(PCIQXLDevice *qxl, QXLCookie *cookie) - __func__, current_async, cookie->io); - } - switch (current_async) { -+ case QXL_IO_MEMSLOT_ADD_ASYNC: -+ case QXL_IO_DESTROY_PRIMARY_ASYNC: -+ case QXL_IO_UPDATE_AREA_ASYNC: -+ case QXL_IO_FLUSH_SURFACES_ASYNC: -+ break; - case QXL_IO_CREATE_PRIMARY_ASYNC: - qxl_create_guest_primary_complete(qxl); - break; -@@ -759,11 +764,54 @@ static void interface_async_complete_io(PCIQXLDevice *qxl, QXLCookie *cookie) - case QXL_IO_DESTROY_SURFACE_ASYNC: - qxl_spice_destroy_surface_wait_complete(qxl, cookie->u.surface_id); - break; -+ default: -+ fprintf(stderr, "qxl: %s: unexpected current_async %d\n", __func__, -+ current_async); - } - qxl_send_events(qxl, QXL_INTERRUPT_IO_CMD); - } - - /* called from spice server thread context only */ -+static void interface_update_area_complete(QXLInstance *sin, -+ uint32_t surface_id, -+ QXLRect *dirty, uint32_t num_updated_rects) -+{ -+ PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl); -+ int i; -+ int qxl_i; -+ -+ qemu_mutex_lock(&qxl->ssd.lock); -+ if (surface_id != 0 || !qxl->render_update_cookie_num) { -+ qemu_mutex_unlock(&qxl->ssd.lock); -+ return; -+ } -+ if (qxl->num_dirty_rects + num_updated_rects > QXL_NUM_DIRTY_RECTS) { -+ /* -+ * overflow - treat this as a full update. Not expected to be common. -+ */ -+ dprint(qxl, 1, "%s: overflow of dirty rects\n", __func__); -+ qxl->guest_primary.resized = 1; -+ } -+ if (qxl->guest_primary.resized) { -+ /* -+ * Don't bother copying or scheduling the bh since we will flip -+ * the whole area anyway on completion of the update_area async call -+ */ -+ qemu_mutex_unlock(&qxl->ssd.lock); -+ return; -+ } -+ qxl_i = qxl->num_dirty_rects; -+ for (i = 0; i < num_updated_rects; i++) { -+ qxl->dirty[qxl_i++] = dirty[i]; -+ } -+ qxl->num_dirty_rects += num_updated_rects; -+ dprint(qxl, 1, "%s: scheduling update_area_bh, #dirty %d\n", -+ __func__, qxl->num_dirty_rects); -+ qemu_bh_schedule(qxl->update_area_bh); -+ qemu_mutex_unlock(&qxl->ssd.lock); -+} -+ -+/* called from spice server thread context only */ - static void interface_async_complete(QXLInstance *sin, uint64_t cookie_token) - { - PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl); -@@ -772,12 +820,16 @@ static void interface_async_complete(QXLInstance *sin, uint64_t cookie_token) - switch (cookie->type) { - case QXL_COOKIE_TYPE_IO: - interface_async_complete_io(qxl, cookie); -+ g_free(cookie); -+ break; -+ case QXL_COOKIE_TYPE_RENDER_UPDATE_AREA: -+ qxl_render_update_area_done(qxl, cookie); - break; - default: - fprintf(stderr, "qxl: %s: unexpected cookie type %d\n", - __func__, cookie->type); -+ g_free(cookie); - } -- g_free(cookie); - } - - static const QXLInterface qxl_interface = { -@@ -800,6 +852,7 @@ static const QXLInterface qxl_interface = { - .notify_update = interface_notify_update, - .flush_resources = interface_flush_resources, - .async_complete = interface_async_complete, -+ .update_area_complete = interface_update_area_complete, - }; - - static void qxl_enter_vga_mode(PCIQXLDevice *d) -@@ -1216,11 +1269,17 @@ async_common: - switch (io_port) { - case QXL_IO_UPDATE_AREA: - { -+ QXLCookie *cookie = NULL; - QXLRect update = d->ram->update_area; -+ -+ if (async == QXL_ASYNC) { -+ cookie = qxl_cookie_new(QXL_COOKIE_TYPE_IO, -+ QXL_IO_UPDATE_AREA_ASYNC); -+ cookie->u.area = update; -+ } - qxl_spice_update_area(d, d->ram->update_surface, -- &update, NULL, 0, 0, async, -- qxl_cookie_new(QXL_COOKIE_TYPE_IO, -- QXL_IO_UPDATE_AREA_ASYNC)); -+ cookie ? &cookie->u.area : &update, -+ NULL, 0, 0, async, cookie); - break; - } - case QXL_IO_NOTIFY_CMD: -@@ -1652,6 +1711,8 @@ static int qxl_init_common(PCIQXLDevice *qxl) - init_pipe_signaling(qxl); - qxl_reset_state(qxl); - -+ qxl->update_area_bh = qemu_bh_new(qxl_render_update_area_bh, qxl); -+ - return 0; - } - -diff --git a/hw/qxl.h b/hw/qxl.h -index 1443925..86e415b 100644 ---- a/hw/qxl.h -+++ b/hw/qxl.h -@@ -18,6 +18,8 @@ enum qxl_mode { - - #define QXL_UNDEFINED_IO UINT32_MAX - -+#define QXL_NUM_DIRTY_RECTS 64 -+ - typedef struct PCIQXLDevice { - PCIDevice pci; - SimpleSpiceDisplay ssd; -@@ -93,6 +95,12 @@ typedef struct PCIQXLDevice { - /* user-friendly properties (in megabytes) */ - uint32_t ram_size_mb; - uint32_t vram_size_mb; -+ -+ /* qxl_render_update state */ -+ int render_update_cookie_num; -+ int num_dirty_rects; -+ QXLRect dirty[QXL_NUM_DIRTY_RECTS]; -+ QEMUBH *update_area_bh; - } PCIQXLDevice; - - #define PANIC_ON(x) if ((x)) { \ -@@ -134,3 +142,5 @@ void qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext); - void qxl_render_resize(PCIQXLDevice *qxl); - void qxl_render_update(PCIQXLDevice *qxl); - void qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext); -+void qxl_render_update_area_done(PCIQXLDevice *qxl, QXLCookie *cookie); -+void qxl_render_update_area_bh(void *opaque); -diff --git a/ui/spice-display.h b/ui/spice-display.h -index 8a010cb..12e50b6 100644 ---- a/ui/spice-display.h -+++ b/ui/spice-display.h -@@ -50,6 +50,7 @@ typedef enum qxl_async_io { - - enum { - QXL_COOKIE_TYPE_IO, -+ QXL_COOKIE_TYPE_RENDER_UPDATE_AREA, - }; - - typedef struct QXLCookie { -@@ -57,6 +58,11 @@ typedef struct QXLCookie { - uint64_t io; - union { - uint32_t surface_id; -+ QXLRect area; -+ struct { -+ QXLRect area; -+ int redraw; -+ } render; - } u; - } QXLCookie; - --- -1.7.10 - diff --git a/0419-spice-use-error_report-to-report-errors.patch b/0419-spice-use-error_report-to-report-errors.patch deleted file mode 100644 index ac7464a..0000000 --- a/0419-spice-use-error_report-to-report-errors.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 2b973a5ea22635211cbde2e559cc6e6355ca8205 Mon Sep 17 00:00:00 2001 -From: Christophe Fergeau -Date: Fri, 24 Feb 2012 18:13:12 +0100 -Subject: [PATCH 419/434] spice: use error_report to report errors - -Error message reporting during spice startup wasn't consistent, it was done -with fprintf(stderr, "") but sometimes the message didn't have a trailing -\n. Using error_report make the intent of the message clearer and deal -with the final \n for us. - -Signed-off-by: Gerd Hoffmann ---- - ui/spice-core.c | 22 +++++++++++----------- - 1 file changed, 11 insertions(+), 11 deletions(-) - -diff --git a/ui/spice-core.c b/ui/spice-core.c -index 2c815f1..8503f03 100644 ---- a/ui/spice-core.c -+++ b/ui/spice-core.c -@@ -227,8 +227,8 @@ static void channel_event(int event, SpiceChannelEventInfo *info) - add_addr_info(server, (struct sockaddr *)&info->laddr_ext, - info->llen_ext); - } else { -- fprintf(stderr, "spice: %s, extended address is expected\n", -- __func__); -+ error_report("spice: %s, extended address is expected", -+ __func__); - #endif - add_addr_info(client, &info->paddr, info->plen); - add_addr_info(server, &info->laddr, info->llen); -@@ -333,7 +333,7 @@ static int parse_name(const char *string, const char *optname, - if (value != -1) { - return value; - } -- fprintf(stderr, "spice: invalid %s: %s\n", optname, string); -+ error_report("spice: invalid %s: %s", optname, string); - exit(1); - } - -@@ -525,7 +525,7 @@ static int add_channel(const char *name, const char *value, void *opaque) - rc = spice_server_set_channel_security(spice_server, value, security); - } - if (rc != 0) { -- fprintf(stderr, "spice: failed to set channel security for %s\n", value); -+ error_report("spice: failed to set channel security for %s", value); - exit(1); - } - return 0; -@@ -553,15 +553,15 @@ void qemu_spice_init(void) - port = qemu_opt_get_number(opts, "port", 0); - tls_port = qemu_opt_get_number(opts, "tls-port", 0); - if (!port && !tls_port) { -- fprintf(stderr, "neither port nor tls-port specified for spice."); -+ error_report("neither port nor tls-port specified for spice"); - exit(1); - } - if (port < 0 || port > 65535) { -- fprintf(stderr, "spice port is out of range"); -+ error_report("spice port is out of range"); - exit(1); - } - if (tls_port < 0 || tls_port > 65535) { -- fprintf(stderr, "spice tls-port is out of range"); -+ error_report("spice tls-port is out of range"); - exit(1); - } - password = qemu_opt_get(opts, "password"); -@@ -631,11 +631,11 @@ void qemu_spice_init(void) - #if SPICE_SERVER_VERSION >= 0x000900 /* 0.9.0 */ - if (spice_server_set_sasl_appname(spice_server, "qemu") == -1 || - spice_server_set_sasl(spice_server, 1) == -1) { -- fprintf(stderr, "spice: failed to enable sasl\n"); -+ error_report("spice: failed to enable sasl"); - exit(1); - } - #else -- fprintf(stderr, "spice: sasl is not available (spice >= 0.9 required)\n"); -+ error_report("spice: sasl is not available (spice >= 0.9 required)"); - exit(1); - #endif - } -@@ -683,7 +683,7 @@ void qemu_spice_init(void) - qemu_opt_foreach(opts, add_channel, NULL, 0); - - if (0 != spice_server_init(spice_server, &core_interface)) { -- fprintf(stderr, "failed to initialize spice server"); -+ error_report("failed to initialize spice server"); - exit(1); - }; - using_spice = 1; -@@ -708,7 +708,7 @@ int qemu_spice_add_interface(SpiceBaseInstance *sin) - { - if (!spice_server) { - if (QTAILQ_FIRST(&qemu_spice_opts.head) != NULL) { -- fprintf(stderr, "Oops: spice configured but not active\n"); -+ error_report("Oops: spice configured but not active"); - exit(1); - } - /* --- -1.7.10 - diff --git a/0420-Error-out-when-tls-channel-option-is-used-without-TL.patch b/0420-Error-out-when-tls-channel-option-is-used-without-TL.patch deleted file mode 100644 index 3c73fc3..0000000 --- a/0420-Error-out-when-tls-channel-option-is-used-without-TL.patch +++ /dev/null @@ -1,44 +0,0 @@ -From d01f59d652b8ac906ecd129afa338f56b2aaef90 Mon Sep 17 00:00:00 2001 -From: Christophe Fergeau -Date: Fri, 24 Feb 2012 18:28:32 +0100 -Subject: [PATCH 420/434] Error out when tls-channel option is used without - TLS - -It's currently possible to setup spice channels using TLS when -no TLS port has been specified (ie TLS is disabled). This cannot -work, so better to error out in such a situation. - -Signed-off-by: Gerd Hoffmann ---- - ui/spice-core.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/ui/spice-core.c b/ui/spice-core.c -index 8503f03..98356b0 100644 ---- a/ui/spice-core.c -+++ b/ui/spice-core.c -@@ -511,6 +511,12 @@ static int add_channel(const char *name, const char *value, void *opaque) - int rc; - - if (strcmp(name, "tls-channel") == 0) { -+ int *tls_port = opaque; -+ if (!*tls_port) { -+ error_report("spice: tried to setup tls-channel" -+ " without specifying a TLS port"); -+ exit(1); -+ } - security = SPICE_CHANNEL_SECURITY_SSL; - } - if (strcmp(name, "plaintext-channel") == 0) { -@@ -680,7 +686,7 @@ void qemu_spice_init(void) - spice_server_set_playback_compression - (spice_server, qemu_opt_get_bool(opts, "playback-compression", 1)); - -- qemu_opt_foreach(opts, add_channel, NULL, 0); -+ qemu_opt_foreach(opts, add_channel, &tls_port, 0); - - if (0 != spice_server_init(spice_server, &core_interface)) { - error_report("failed to initialize spice server"); --- -1.7.10 - diff --git a/0421-qxl-properly-handle-upright-and-non-shared-surfaces.patch b/0421-qxl-properly-handle-upright-and-non-shared-surfaces.patch deleted file mode 100644 index d5b0eb1..0000000 --- a/0421-qxl-properly-handle-upright-and-non-shared-surfaces.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 7027fa0d3be22f48a51420a45aff13bec54fef1e Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Mon, 27 Feb 2012 11:05:09 +0100 -Subject: [PATCH 421/434] qxl: properly handle upright and non-shared surfaces - -Although qxl creates a shared displaysurface when the qxl surface is -upright and doesn't need to be flipped there is no guarantee that the -surface doesn't become unshared for some reason. Rename qxl_flip to -qxl_blit and fix it to handle both flip and non-flip cases. - -Signed-off-by: Gerd Hoffmann ---- - hw/qxl-render.c | 20 +++++++++++++------- - 1 file changed, 13 insertions(+), 7 deletions(-) - -diff --git a/hw/qxl-render.c b/hw/qxl-render.c -index 4857838..2e10e93 100644 ---- a/hw/qxl-render.c -+++ b/hw/qxl-render.c -@@ -21,25 +21,31 @@ - - #include "qxl.h" - --static void qxl_flip(PCIQXLDevice *qxl, QXLRect *rect) -+static void qxl_blit(PCIQXLDevice *qxl, QXLRect *rect) - { - uint8_t *src; - uint8_t *dst = qxl->vga.ds->surface->data; - int len, i; - -- if (qxl->guest_primary.qxl_stride > 0) { -+ if (is_buffer_shared(qxl->vga.ds->surface)) { - return; - } - if (!qxl->guest_primary.data) { - dprint(qxl, 1, "%s: initializing guest_primary.data\n", __func__); - qxl->guest_primary.data = memory_region_get_ram_ptr(&qxl->vga.vram); - } -- dprint(qxl, 1, "%s: stride %d, [%d, %d, %d, %d]\n", __func__, -+ dprint(qxl, 2, "%s: stride %d, [%d, %d, %d, %d]\n", __func__, - qxl->guest_primary.qxl_stride, - rect->left, rect->right, rect->top, rect->bottom); - src = qxl->guest_primary.data; -- src += (qxl->guest_primary.surface.height - rect->top - 1) * -- qxl->guest_primary.abs_stride; -+ if (qxl->guest_primary.qxl_stride < 0) { -+ /* qxl surface is upside down, walk src scanlines -+ * in reverse order to flip it */ -+ src += (qxl->guest_primary.surface.height - rect->top - 1) * -+ qxl->guest_primary.abs_stride; -+ } else { -+ src += rect->top * qxl->guest_primary.abs_stride; -+ } - dst += rect->top * qxl->guest_primary.abs_stride; - src += rect->left * qxl->guest_primary.bytes_pp; - dst += rect->left * qxl->guest_primary.bytes_pp; -@@ -48,7 +54,7 @@ static void qxl_flip(PCIQXLDevice *qxl, QXLRect *rect) - for (i = rect->top; i < rect->bottom; i++) { - memcpy(dst, src, len); - dst += qxl->guest_primary.abs_stride; -- src -= qxl->guest_primary.abs_stride; -+ src += qxl->guest_primary.qxl_stride; - } - } - -@@ -132,7 +138,7 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl) - if (qemu_spice_rect_is_empty(qxl->dirty+i)) { - break; - } -- qxl_flip(qxl, qxl->dirty+i); -+ qxl_blit(qxl, qxl->dirty+i); - dpy_update(vga->ds, - qxl->dirty[i].left, qxl->dirty[i].top, - qxl->dirty[i].right - qxl->dirty[i].left, --- -1.7.10 - diff --git a/0422-spice-set-spice-uuid-and-name.patch b/0422-spice-set-spice-uuid-and-name.patch deleted file mode 100644 index bba1015..0000000 --- a/0422-spice-set-spice-uuid-and-name.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 544cfc4a2c730aca346df7215a0dd83280f864d5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Mon, 5 Mar 2012 18:22:26 +0100 -Subject: [PATCH 422/434] spice: set spice uuid and name - -This allows a Spice client to identify a VM - -Signed-off-by: Gerd Hoffmann ---- - ui/spice-core.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/ui/spice-core.c b/ui/spice-core.c -index 98356b0..4ad0a67 100644 ---- a/ui/spice-core.c -+++ b/ui/spice-core.c -@@ -19,6 +19,7 @@ - #include - - #include -+#include "sysemu.h" - - #include "qemu-common.h" - #include "qemu-spice.h" -@@ -688,6 +689,11 @@ void qemu_spice_init(void) - - qemu_opt_foreach(opts, add_channel, &tls_port, 0); - -+#if SPICE_SERVER_VERSION >= 0x000a02 /* 0.10.2 */ -+ spice_server_set_name(spice_server, qemu_name); -+ spice_server_set_uuid(spice_server, qemu_uuid); -+#endif -+ - if (0 != spice_server_init(spice_server, &core_interface)) { - error_report("failed to initialize spice server"); - exit(1); --- -1.7.10 - diff --git a/0423-monitor-fix-client_migrate_info-error-handling.patch b/0423-monitor-fix-client_migrate_info-error-handling.patch deleted file mode 100644 index b691cf5..0000000 --- a/0423-monitor-fix-client_migrate_info-error-handling.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 63f3e6ee49e0a88bbd7915d81962c9046205c411 Mon Sep 17 00:00:00 2001 -From: Yonit Halperin -Date: Sun, 18 Mar 2012 09:42:39 +0200 -Subject: [PATCH 423/434] monitor: fix client_migrate_info error handling - -Report QERR_MISSING_PARAMETER when port is missing. Otherwise -QERR_UNDEFINED_ERROR will occur. - -rhbz #795652 - -Signed-off-by: Yonit Halperin -Signed-off-by: Gerd Hoffmann ---- - monitor.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/monitor.c b/monitor.c -index 3c23aa4..76739d7 100644 ---- a/monitor.c -+++ b/monitor.c -@@ -1046,6 +1046,11 @@ static int client_migrate_info(Monitor *mon, const QDict *qdict, - return -1; - } - -+ if (port == -1 && tls_port == -1) { -+ qerror_report(QERR_MISSING_PARAMETER, "port/tls-port"); -+ return -1; -+ } -+ - ret = qemu_spice_migrate_info(hostname, port, tls_port, subject, - cb, opaque); - if (ret != 0) { --- -1.7.10 - diff --git a/0424-qxl-init_pipe_signaling-exit-on-failure.patch b/0424-qxl-init_pipe_signaling-exit-on-failure.patch deleted file mode 100644 index 3de1920..0000000 --- a/0424-qxl-init_pipe_signaling-exit-on-failure.patch +++ /dev/null @@ -1,49 +0,0 @@ -From d3e6c37f68e7e4573a47b0540f626a2add0d05e4 Mon Sep 17 00:00:00 2001 -From: Alon Levy -Date: Sun, 18 Mar 2012 13:46:13 +0100 -Subject: [PATCH 424/434] qxl: init_pipe_signaling: exit on failure - -If pipe creation fails, exit, don't log and continue. Fix indentation at -the same time. - -Signed-off-by: Alon Levy -Signed-off-by: Gerd Hoffmann ---- - hw/qxl.c | 21 +++++++++++---------- - 1 file changed, 11 insertions(+), 10 deletions(-) - -diff --git a/hw/qxl.c b/hw/qxl.c -index 73be115..9ad5807 100644 ---- a/hw/qxl.c -+++ b/hw/qxl.c -@@ -1453,16 +1453,17 @@ static void qxl_send_events(PCIQXLDevice *d, uint32_t events) - - static void init_pipe_signaling(PCIQXLDevice *d) - { -- if (pipe(d->pipe) < 0) { -- dprint(d, 1, "%s: pipe creation failed\n", __FUNCTION__); -- return; -- } -- fcntl(d->pipe[0], F_SETFL, O_NONBLOCK); -- fcntl(d->pipe[1], F_SETFL, O_NONBLOCK); -- fcntl(d->pipe[0], F_SETOWN, getpid()); -- -- qemu_thread_get_self(&d->main); -- qemu_set_fd_handler(d->pipe[0], pipe_read, NULL, d); -+ if (pipe(d->pipe) < 0) { -+ fprintf(stderr, "%s:%s: qxl pipe creation failed\n", -+ __FILE__, __func__); -+ exit(1); -+ } -+ fcntl(d->pipe[0], F_SETFL, O_NONBLOCK); -+ fcntl(d->pipe[1], F_SETFL, O_NONBLOCK); -+ fcntl(d->pipe[0], F_SETOWN, getpid()); -+ -+ qemu_thread_get_self(&d->main); -+ qemu_set_fd_handler(d->pipe[0], pipe_read, NULL, d); - } - - /* graphics console */ --- -1.7.10 - diff --git a/0425-qxl-switch-qxl.c-to-trace-events.patch b/0425-qxl-switch-qxl.c-to-trace-events.patch deleted file mode 100644 index e60bd4c..0000000 --- a/0425-qxl-switch-qxl.c-to-trace-events.patch +++ /dev/null @@ -1,753 +0,0 @@ -From 29304ce6b6863b544f1ad8535a927dfc8864354c Mon Sep 17 00:00:00 2001 -From: Alon Levy -Date: Sun, 18 Mar 2012 13:46:14 +0100 -Subject: [PATCH 425/434] qxl: switch qxl.c to trace-events - -dprint is still used for qxl_init_common one time prints. - -also switched parts of spice-display.c over, mainly all the callbacks to -spice server. - -All qxl device trace events start with the qxl device id. - -Signed-off-by: Alon Levy -Reviewed-by: Stefan Hajnoczi -Signed-off-by: Gerd Hoffmann - -Conflicts: - - trace-events ---- - hw/qxl.c | 141 +++++++++++++++++++++++++--------------------------- - trace-events | 59 ++++++++++++++++++++++ - ui/spice-display.c | 14 +++++- - 3 files changed, 140 insertions(+), 74 deletions(-) - -diff --git a/hw/qxl.c b/hw/qxl.c -index 9ad5807..813873a 100644 ---- a/hw/qxl.c -+++ b/hw/qxl.c -@@ -23,6 +23,7 @@ - #include "qemu-queue.h" - #include "monitor.h" - #include "sysemu.h" -+#include "trace.h" - - #include "qxl.h" - -@@ -143,6 +144,10 @@ void qxl_spice_update_area(PCIQXLDevice *qxl, uint32_t surface_id, - uint32_t clear_dirty_region, - qxl_async_io async, struct QXLCookie *cookie) - { -+ trace_qxl_spice_update_area(qxl->id, surface_id, area->left, area->right, -+ area->top, area->bottom); -+ trace_qxl_spice_update_area_rest(qxl->id, num_dirty_rects, -+ clear_dirty_region); - if (async == QXL_SYNC) { - qxl->ssd.worker->update_area(qxl->ssd.worker, surface_id, area, - dirty_rects, num_dirty_rects, clear_dirty_region); -@@ -156,6 +161,7 @@ void qxl_spice_update_area(PCIQXLDevice *qxl, uint32_t surface_id, - static void qxl_spice_destroy_surface_wait_complete(PCIQXLDevice *qxl, - uint32_t id) - { -+ trace_qxl_spice_destroy_surface_wait_complete(qxl->id, id); - qemu_mutex_lock(&qxl->track_lock); - qxl->guest_surfaces.cmds[id] = 0; - qxl->guest_surfaces.count--; -@@ -167,6 +173,7 @@ static void qxl_spice_destroy_surface_wait(PCIQXLDevice *qxl, uint32_t id, - { - QXLCookie *cookie; - -+ trace_qxl_spice_destroy_surface_wait(qxl->id, id, async); - if (async) { - cookie = qxl_cookie_new(QXL_COOKIE_TYPE_IO, - QXL_IO_DESTROY_SURFACE_ASYNC); -@@ -174,12 +181,13 @@ static void qxl_spice_destroy_surface_wait(PCIQXLDevice *qxl, uint32_t id, - spice_qxl_destroy_surface_async(&qxl->ssd.qxl, id, (uint64_t)cookie); - } else { - qxl->ssd.worker->destroy_surface_wait(qxl->ssd.worker, id); -- qxl_spice_destroy_surface_wait_complete(qxl, id); - } - } - - static void qxl_spice_flush_surfaces_async(PCIQXLDevice *qxl) - { -+ trace_qxl_spice_flush_surfaces_async(qxl->id, qxl->guest_surfaces.count, -+ qxl->num_free_res); - spice_qxl_flush_surfaces_async(&qxl->ssd.qxl, - (uint64_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, - QXL_IO_FLUSH_SURFACES_ASYNC)); -@@ -188,21 +196,25 @@ static void qxl_spice_flush_surfaces_async(PCIQXLDevice *qxl) - void qxl_spice_loadvm_commands(PCIQXLDevice *qxl, struct QXLCommandExt *ext, - uint32_t count) - { -+ trace_qxl_spice_loadvm_commands(qxl->id, ext, count); - qxl->ssd.worker->loadvm_commands(qxl->ssd.worker, ext, count); - } - - void qxl_spice_oom(PCIQXLDevice *qxl) - { -+ trace_qxl_spice_oom(qxl->id); - qxl->ssd.worker->oom(qxl->ssd.worker); - } - - void qxl_spice_reset_memslots(PCIQXLDevice *qxl) - { -+ trace_qxl_spice_reset_memslots(qxl->id); - qxl->ssd.worker->reset_memslots(qxl->ssd.worker); - } - - static void qxl_spice_destroy_surfaces_complete(PCIQXLDevice *qxl) - { -+ trace_qxl_spice_destroy_surfaces_complete(qxl->id); - qemu_mutex_lock(&qxl->track_lock); - memset(&qxl->guest_surfaces.cmds, 0, sizeof(qxl->guest_surfaces.cmds)); - qxl->guest_surfaces.count = 0; -@@ -211,6 +223,7 @@ static void qxl_spice_destroy_surfaces_complete(PCIQXLDevice *qxl) - - static void qxl_spice_destroy_surfaces(PCIQXLDevice *qxl, qxl_async_io async) - { -+ trace_qxl_spice_destroy_surfaces(qxl->id, async); - if (async) { - spice_qxl_destroy_surfaces_async(&qxl->ssd.qxl, - (uint64_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -@@ -223,11 +236,13 @@ static void qxl_spice_destroy_surfaces(PCIQXLDevice *qxl, qxl_async_io async) - - void qxl_spice_reset_image_cache(PCIQXLDevice *qxl) - { -+ trace_qxl_spice_reset_image_cache(qxl->id); - qxl->ssd.worker->reset_image_cache(qxl->ssd.worker); - } - - void qxl_spice_reset_cursor(PCIQXLDevice *qxl) - { -+ trace_qxl_spice_reset_cursor(qxl->id); - qxl->ssd.worker->reset_cursor(qxl->ssd.worker); - qemu_mutex_lock(&qxl->track_lock); - qxl->guest_cursor = 0; -@@ -412,7 +427,7 @@ static void interface_attach_worker(QXLInstance *sin, QXLWorker *qxl_worker) - { - PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl); - -- dprint(qxl, 1, "%s:\n", __FUNCTION__); -+ trace_qxl_interface_attach_worker(qxl->id); - qxl->ssd.worker = qxl_worker; - } - -@@ -420,7 +435,7 @@ static void interface_set_compression_level(QXLInstance *sin, int level) - { - PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl); - -- dprint(qxl, 1, "%s: %d\n", __FUNCTION__, level); -+ trace_qxl_interface_set_compression_level(qxl->id, level); - qxl->shadow_rom.compression_level = cpu_to_le32(level); - qxl->rom->compression_level = cpu_to_le32(level); - qxl_rom_set_dirty(qxl); -@@ -430,6 +445,7 @@ static void interface_set_mm_time(QXLInstance *sin, uint32_t mm_time) - { - PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl); - -+ trace_qxl_interface_set_mm_time(qxl->id, mm_time); - qxl->shadow_rom.mm_clock = cpu_to_le32(mm_time); - qxl->rom->mm_clock = cpu_to_le32(mm_time); - qxl_rom_set_dirty(qxl); -@@ -439,7 +455,7 @@ static void interface_get_init_info(QXLInstance *sin, QXLDevInitInfo *info) - { - PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl); - -- dprint(qxl, 1, "%s:\n", __FUNCTION__); -+ trace_qxl_interface_get_init_info(qxl->id); - info->memslot_gen_bits = MEMSLOT_GENERATION_BITS; - info->memslot_id_bits = MEMSLOT_SLOT_BITS; - info->num_memslots = NUM_MEMSLOTS; -@@ -508,9 +524,10 @@ static int interface_get_command(QXLInstance *sin, struct QXLCommandExt *ext) - QXLCommand *cmd; - int notify, ret; - -+ trace_qxl_ring_command_check(qxl->id, qxl_mode_to_string(qxl->mode)); -+ - switch (qxl->mode) { - case QXL_MODE_VGA: -- dprint(qxl, 2, "%s: vga\n", __FUNCTION__); - ret = false; - qemu_mutex_lock(&qxl->ssd.lock); - if (qxl->ssd.update != NULL) { -@@ -521,19 +538,18 @@ static int interface_get_command(QXLInstance *sin, struct QXLCommandExt *ext) - } - qemu_mutex_unlock(&qxl->ssd.lock); - if (ret) { -- dprint(qxl, 2, "%s %s\n", __FUNCTION__, qxl_mode_to_string(qxl->mode)); -+ trace_qxl_ring_command_get(qxl->id, qxl_mode_to_string(qxl->mode)); - qxl_log_command(qxl, "vga", ext); - } - return ret; - case QXL_MODE_COMPAT: - case QXL_MODE_NATIVE: - case QXL_MODE_UNDEFINED: -- dprint(qxl, 4, "%s: %s\n", __FUNCTION__, qxl_mode_to_string(qxl->mode)); - ring = &qxl->ram->cmd_ring; - if (SPICE_RING_IS_EMPTY(ring)) { - return false; - } -- dprint(qxl, 2, "%s: %s\n", __FUNCTION__, qxl_mode_to_string(qxl->mode)); -+ trace_qxl_ring_command_get(qxl->id, qxl_mode_to_string(qxl->mode)); - SPICE_RING_CONS_ITEM(ring, cmd); - ext->cmd = *cmd; - ext->group_id = MEMSLOT_GROUP_GUEST; -@@ -558,6 +574,7 @@ static int interface_req_cmd_notification(QXLInstance *sin) - PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl); - int wait = 1; - -+ trace_qxl_ring_command_req_notification(qxl->id); - switch (qxl->mode) { - case QXL_MODE_COMPAT: - case QXL_MODE_NATIVE: -@@ -595,10 +612,11 @@ static inline void qxl_push_free_res(PCIQXLDevice *d, int flush) - } - - SPICE_RING_PUSH(ring, notify); -- dprint(d, 2, "free: push %d items, notify %s, ring %d/%d [%d,%d]\n", -- d->num_free_res, notify ? "yes" : "no", -- ring->prod - ring->cons, ring->num_items, -- ring->prod, ring->cons); -+ trace_qxl_ring_res_push(d->id, qxl_mode_to_string(d->mode), -+ d->guest_surfaces.count, d->num_free_res, -+ d->last_release, notify ? "yes" : "no"); -+ trace_qxl_ring_res_push_rest(d->id, ring->prod - ring->cons, -+ ring->num_items, ring->prod, ring->cons); - if (notify) { - qxl_send_events(d, QXL_INTERRUPT_DISPLAY); - } -@@ -645,7 +663,7 @@ static void interface_release_resource(QXLInstance *sin, - } - qxl->last_release = ext.info; - qxl->num_free_res++; -- dprint(qxl, 3, "%4d\r", qxl->num_free_res); -+ trace_qxl_ring_res_put(qxl->id, qxl->num_free_res); - qxl_push_free_res(qxl, 0); - } - -@@ -657,6 +675,8 @@ static int interface_get_cursor_command(QXLInstance *sin, struct QXLCommandExt * - QXLCommand *cmd; - int notify; - -+ trace_qxl_ring_cursor_check(qxl->id, qxl_mode_to_string(qxl->mode)); -+ - switch (qxl->mode) { - case QXL_MODE_COMPAT: - case QXL_MODE_NATIVE: -@@ -680,6 +700,7 @@ static int interface_get_cursor_command(QXLInstance *sin, struct QXLCommandExt * - if (qxl->id == 0) { - qxl_render_cursor(qxl, ext); - } -+ trace_qxl_ring_cursor_get(qxl->id, qxl_mode_to_string(qxl->mode)); - return true; - default: - return false; -@@ -692,6 +713,7 @@ static int interface_req_cursor_notification(QXLInstance *sin) - PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl); - int wait = 1; - -+ trace_qxl_ring_cursor_req_notification(qxl->id); - switch (qxl->mode) { - case QXL_MODE_COMPAT: - case QXL_MODE_NATIVE: -@@ -719,7 +741,6 @@ static int interface_flush_resources(QXLInstance *sin) - PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl); - int ret; - -- dprint(qxl, 1, "free: guest flush (have %d)\n", qxl->num_free_res); - ret = qxl->num_free_res; - if (ret) { - qxl_push_free_res(qxl, 1); -@@ -739,7 +760,7 @@ static void interface_async_complete_io(PCIQXLDevice *qxl, QXLCookie *cookie) - qxl->current_async = QXL_UNDEFINED_IO; - qemu_mutex_unlock(&qxl->async_lock); - -- dprint(qxl, 2, "async_complete: %d (%p) done\n", current_async, cookie); -+ trace_qxl_interface_async_complete_io(qxl->id, current_async, cookie); - if (!cookie) { - fprintf(stderr, "qxl: %s: error, cookie is NULL\n", __func__); - return; -@@ -785,11 +806,15 @@ static void interface_update_area_complete(QXLInstance *sin, - qemu_mutex_unlock(&qxl->ssd.lock); - return; - } -+ trace_qxl_interface_update_area_complete(qxl->id, surface_id, dirty->left, -+ dirty->right, dirty->top, dirty->bottom); -+ trace_qxl_interface_update_area_complete_rest(qxl->id, num_updated_rects); - if (qxl->num_dirty_rects + num_updated_rects > QXL_NUM_DIRTY_RECTS) { - /* - * overflow - treat this as a full update. Not expected to be common. - */ -- dprint(qxl, 1, "%s: overflow of dirty rects\n", __func__); -+ trace_qxl_interface_update_area_complete_overflow(qxl->id, -+ QXL_NUM_DIRTY_RECTS); - qxl->guest_primary.resized = 1; - } - if (qxl->guest_primary.resized) { -@@ -805,8 +830,8 @@ static void interface_update_area_complete(QXLInstance *sin, - qxl->dirty[qxl_i++] = dirty[i]; - } - qxl->num_dirty_rects += num_updated_rects; -- dprint(qxl, 1, "%s: scheduling update_area_bh, #dirty %d\n", -- __func__, qxl->num_dirty_rects); -+ trace_qxl_interface_update_area_complete_schedule_bh(qxl->id, -+ qxl->num_dirty_rects); - qemu_bh_schedule(qxl->update_area_bh); - qemu_mutex_unlock(&qxl->ssd.lock); - } -@@ -860,7 +885,7 @@ static void qxl_enter_vga_mode(PCIQXLDevice *d) - if (d->mode == QXL_MODE_VGA) { - return; - } -- dprint(d, 1, "%s\n", __FUNCTION__); -+ trace_qxl_enter_vga_mode(d->id); - qemu_spice_create_host_primary(&d->ssd); - d->mode = QXL_MODE_VGA; - memset(&d->ssd.dirty, 0, sizeof(d->ssd.dirty)); -@@ -871,7 +896,7 @@ static void qxl_exit_vga_mode(PCIQXLDevice *d) - if (d->mode != QXL_MODE_VGA) { - return; - } -- dprint(d, 1, "%s\n", __FUNCTION__); -+ trace_qxl_exit_vga_mode(d->id); - qxl_destroy_primary(d, QXL_SYNC); - } - -@@ -908,7 +933,7 @@ static void qxl_reset_state(PCIQXLDevice *d) - - static void qxl_soft_reset(PCIQXLDevice *d) - { -- dprint(d, 1, "%s:\n", __FUNCTION__); -+ trace_qxl_soft_reset(d->id); - qxl_check_state(d); - - if (d->id == 0) { -@@ -920,8 +945,7 @@ static void qxl_soft_reset(PCIQXLDevice *d) - - static void qxl_hard_reset(PCIQXLDevice *d, int loadvm) - { -- dprint(d, 1, "%s: start%s\n", __FUNCTION__, -- loadvm ? " (loadvm)" : ""); -+ trace_qxl_hard_reset(d->id, loadvm); - - qxl_spice_reset_cursor(d); - qxl_spice_reset_image_cache(d); -@@ -936,13 +960,12 @@ static void qxl_hard_reset(PCIQXLDevice *d, int loadvm) - } - qemu_spice_create_host_memslot(&d->ssd); - qxl_soft_reset(d); -- -- dprint(d, 1, "%s: done\n", __FUNCTION__); - } - - static void qxl_reset_handler(DeviceState *dev) - { - PCIQXLDevice *d = DO_UPCAST(PCIQXLDevice, pci.qdev, dev); -+ - qxl_hard_reset(d, 0); - } - -@@ -951,8 +974,8 @@ static void qxl_vga_ioport_write(void *opaque, uint32_t addr, uint32_t val) - VGACommonState *vga = opaque; - PCIQXLDevice *qxl = container_of(vga, PCIQXLDevice, vga); - -+ trace_qxl_io_write_vga(qxl->id, qxl_mode_to_string(qxl->mode), addr, val); - if (qxl->mode != QXL_MODE_VGA) { -- dprint(qxl, 1, "%s\n", __FUNCTION__); - qxl_destroy_primary(qxl, QXL_SYNC); - qxl_soft_reset(qxl); - } -@@ -992,9 +1015,7 @@ static void qxl_add_memslot(PCIQXLDevice *d, uint32_t slot_id, uint64_t delta, - guest_start = le64_to_cpu(d->guest_slots[slot_id].slot.mem_start); - guest_end = le64_to_cpu(d->guest_slots[slot_id].slot.mem_end); - -- dprint(d, 1, "%s: slot %d: guest phys 0x%" PRIx64 " - 0x%" PRIx64 "\n", -- __FUNCTION__, slot_id, -- guest_start, guest_end); -+ trace_qxl_memslot_add_guest(d->id, slot_id, guest_start, guest_end); - - PANIC_ON(slot_id >= NUM_MEMSLOTS); - PANIC_ON(guest_start > guest_end); -@@ -1040,10 +1061,6 @@ static void qxl_add_memslot(PCIQXLDevice *d, uint32_t slot_id, uint64_t delta, - memslot.generation = d->rom->slot_generation = 0; - qxl_rom_set_dirty(d); - -- dprint(d, 1, "%s: slot %d: host virt 0x%lx - 0x%lx\n", -- __FUNCTION__, memslot.slot_id, -- memslot.virt_start, memslot.virt_end); -- - qemu_spice_add_memslot(&d->ssd, &memslot, async); - d->guest_slots[slot_id].ptr = (void*)memslot.virt_start; - d->guest_slots[slot_id].size = memslot.virt_end - memslot.virt_start; -@@ -1053,21 +1070,19 @@ static void qxl_add_memslot(PCIQXLDevice *d, uint32_t slot_id, uint64_t delta, - - static void qxl_del_memslot(PCIQXLDevice *d, uint32_t slot_id) - { -- dprint(d, 1, "%s: slot %d\n", __FUNCTION__, slot_id); - qemu_spice_del_memslot(&d->ssd, MEMSLOT_GROUP_HOST, slot_id); - d->guest_slots[slot_id].active = 0; - } - - static void qxl_reset_memslots(PCIQXLDevice *d) - { -- dprint(d, 1, "%s:\n", __FUNCTION__); - qxl_spice_reset_memslots(d); - memset(&d->guest_slots, 0, sizeof(d->guest_slots)); - } - - static void qxl_reset_surfaces(PCIQXLDevice *d) - { -- dprint(d, 1, "%s:\n", __FUNCTION__); -+ trace_qxl_reset_surfaces(d->id); - d->mode = QXL_MODE_UNDEFINED; - qxl_spice_destroy_surfaces(d, QXL_SYNC); - } -@@ -1109,9 +1124,6 @@ static void qxl_create_guest_primary(PCIQXLDevice *qxl, int loadvm, - assert(qxl->mode != QXL_MODE_NATIVE); - qxl_exit_vga_mode(qxl); - -- dprint(qxl, 1, "%s: %dx%d\n", __FUNCTION__, -- le32_to_cpu(sc->width), le32_to_cpu(sc->height)); -- - surface.format = le32_to_cpu(sc->format); - surface.height = le32_to_cpu(sc->height); - surface.mem = le64_to_cpu(sc->mem); -@@ -1120,6 +1132,10 @@ static void qxl_create_guest_primary(PCIQXLDevice *qxl, int loadvm, - surface.width = le32_to_cpu(sc->width); - surface.type = le32_to_cpu(sc->type); - surface.flags = le32_to_cpu(sc->flags); -+ trace_qxl_create_guest_primary(qxl->id, sc->width, sc->height, sc->mem, -+ sc->format, sc->position); -+ trace_qxl_create_guest_primary_rest(qxl->id, sc->stride, sc->type, -+ sc->flags); - - surface.mouse_mode = true; - surface.group_id = MEMSLOT_GROUP_GUEST; -@@ -1143,7 +1159,7 @@ static int qxl_destroy_primary(PCIQXLDevice *d, qxl_async_io async) - if (d->mode == QXL_MODE_UNDEFINED) { - return 0; - } -- dprint(d, 1, "%s\n", __FUNCTION__); -+ trace_qxl_destroy_primary(d->id); - d->mode = QXL_MODE_UNDEFINED; - qemu_spice_destroy_primary_surface(&d->ssd, 0, async); - qxl_spice_reset_cursor(d); -@@ -1170,8 +1186,8 @@ static void qxl_set_mode(PCIQXLDevice *d, int modenr, int loadvm) - .mem = devmem + d->shadow_rom.draw_area_offset, - }; - -- dprint(d, 1, "%s: mode %d [ %d x %d @ %d bpp devmem 0x%" PRIx64 " ]\n", -- __func__, modenr, mode->x_res, mode->y_res, mode->bits, devmem); -+ trace_qxl_set_mode(d->id, modenr, mode->x_res, mode->y_res, mode->bits, -+ devmem); - if (!loadvm) { - qxl_hard_reset(d, 0); - } -@@ -1217,8 +1233,8 @@ static void ioport_write(void *opaque, target_phys_addr_t addr, - if (d->mode != QXL_MODE_VGA) { - break; - } -- dprint(d, 1, "%s: unexpected port 0x%x (%s) in vga mode\n", -- __func__, io_port, io_port_to_string(io_port)); -+ trace_qxl_io_unexpected_vga_mode(d->id, -+ io_port, io_port_to_string(io_port)); - /* be nice to buggy guest drivers */ - if (io_port >= QXL_IO_UPDATE_AREA_ASYNC && - io_port <= QXL_IO_DESTROY_ALL_SURFACES_ASYNC) { -@@ -1260,11 +1276,12 @@ async_common: - } - d->current_async = orig_io_port; - qemu_mutex_unlock(&d->async_lock); -- dprint(d, 2, "start async %d (%"PRId64")\n", io_port, val); - break; - default: - break; - } -+ trace_qxl_io_write(d->id, qxl_mode_to_string(d->mode), addr, val, size, -+ async); - - switch (io_port) { - case QXL_IO_UPDATE_AREA: -@@ -1300,7 +1317,6 @@ async_common: - d->oom_running = 0; - break; - case QXL_IO_SET_MODE: -- dprint(d, 1, "QXL_SET_MODE %d\n", (int)val); - qxl_set_mode(d, val, 0); - break; - case QXL_IO_LOG: -@@ -1310,7 +1326,6 @@ async_common: - } - break; - case QXL_IO_RESET: -- dprint(d, 1, "QXL_IO_RESET\n"); - qxl_hard_reset(d, 0); - break; - case QXL_IO_MEMSLOT_ADD: -@@ -1338,7 +1353,6 @@ async_common: - async); - goto cancel_async; - } -- dprint(d, 1, "QXL_IO_CREATE_PRIMARY async=%d\n", async); - d->guest_primary.surface = d->ram->create_surface; - qxl_create_guest_primary(d, 0, async); - break; -@@ -1348,11 +1362,9 @@ async_common: - async); - goto cancel_async; - } -- dprint(d, 1, "QXL_IO_DESTROY_PRIMARY (async=%d) (%s)\n", async, -- qxl_mode_to_string(d->mode)); - if (!qxl_destroy_primary(d, async)) { -- dprint(d, 1, "QXL_IO_DESTROY_PRIMARY_ASYNC in %s, ignored\n", -- qxl_mode_to_string(d->mode)); -+ trace_qxl_io_destroy_primary_ignored(d->id, -+ qxl_mode_to_string(d->mode)); - goto cancel_async; - } - break; -@@ -1372,16 +1384,9 @@ async_common: - ring->prod, ring->cons); - } - qxl_push_free_res(d, 1 /* flush */); -- dprint(d, 1, "QXL_IO_FLUSH_RELEASE exit (%s, s#=%d, res#=%d,%p)\n", -- qxl_mode_to_string(d->mode), d->guest_surfaces.count, -- d->num_free_res, d->last_release); - break; - } - case QXL_IO_FLUSH_SURFACES_ASYNC: -- dprint(d, 1, "QXL_IO_FLUSH_SURFACES_ASYNC" -- " (%"PRId64") (%s, s#=%d, res#=%d)\n", -- val, qxl_mode_to_string(d->mode), d->guest_surfaces.count, -- d->num_free_res); - qxl_spice_flush_surfaces_async(d); - break; - case QXL_IO_DESTROY_ALL_SURFACES: -@@ -1407,7 +1412,7 @@ static uint64_t ioport_read(void *opaque, target_phys_addr_t addr, - { - PCIQXLDevice *d = opaque; - -- dprint(d, 1, "%s: unexpected\n", __FUNCTION__); -+ trace_qxl_io_read_unexpected(d->id); - return 0xff; - } - -@@ -1558,8 +1563,7 @@ static void qxl_dirty_surfaces(PCIQXLDevice *qxl) - surface_offset -= vram_start; - surface_size = cmd->u.surface_create.height * - abs(cmd->u.surface_create.stride); -- dprint(qxl, 3, "%s: dirty surface %d, offset %d, size %d\n", __func__, -- i, (int)surface_offset, surface_size); -+ trace_qxl_surfaces_dirty(qxl->id, i, (int)surface_offset, surface_size); - qxl_set_dirty(&qxl->vram_bar, surface_offset, surface_size); - } - } -@@ -1759,7 +1763,7 @@ static void qxl_pre_save(void *opaque) - PCIQXLDevice* d = opaque; - uint8_t *ram_start = d->vga.vram_ptr; - -- dprint(d, 1, "%s:\n", __FUNCTION__); -+ trace_qxl_pre_save(d->id); - if (d->last_release == NULL) { - d->last_release_offset = 0; - } else { -@@ -1772,10 +1776,9 @@ static int qxl_pre_load(void *opaque) - { - PCIQXLDevice* d = opaque; - -- dprint(d, 1, "%s: start\n", __FUNCTION__); -+ trace_qxl_pre_load(d->id); - qxl_hard_reset(d, 1); - qxl_exit_vga_mode(d); -- dprint(d, 1, "%s: done\n", __FUNCTION__); - return 0; - } - -@@ -1787,7 +1790,6 @@ static void qxl_create_memslots(PCIQXLDevice *d) - if (!d->guest_slots[i].active) { - continue; - } -- dprint(d, 1, "%s: restoring guest slot %d\n", __func__, i); - qxl_add_memslot(d, i, 0, QXL_SYNC); - } - } -@@ -1799,8 +1801,6 @@ static int qxl_post_load(void *opaque, int version) - QXLCommandExt *cmds; - int in, out, newmode; - -- dprint(d, 1, "%s: start\n", __FUNCTION__); -- - assert(d->last_release_offset < d->vga.vram_size); - if (d->last_release_offset == 0) { - d->last_release = NULL; -@@ -1810,8 +1810,7 @@ static int qxl_post_load(void *opaque, int version) - - d->modes = (QXLModes*)((uint8_t*)d->rom + d->rom->modes_offset); - -- dprint(d, 1, "%s: restore mode (%s)\n", __FUNCTION__, -- qxl_mode_to_string(d->mode)); -+ trace_qxl_post_load(d->id, qxl_mode_to_string(d->mode)); - newmode = d->mode; - d->mode = QXL_MODE_UNDEFINED; - -@@ -1853,8 +1852,6 @@ static int qxl_post_load(void *opaque, int version) - qxl_set_mode(d, d->shadow_rom.mode, 1); - break; - } -- dprint(d, 1, "%s: done\n", __FUNCTION__); -- - return 0; - } - -diff --git a/trace-events b/trace-events -index 962caca..0bc290f 100644 ---- a/trace-events -+++ b/trace-events -@@ -631,3 +631,62 @@ win_helper_no_switch_pstate(uint32_t new_pstate_regs) "change_pstate: regs new=% - win_helper_wrpil(uint32_t psrpil, uint32_t new_pil) "old=%x new=%x" - win_helper_done(uint32_t tl) "tl=%d" - win_helper_retry(uint32_t tl) "tl=%d" -+ -+# hw/qxl.c -+disable qxl_interface_set_mm_time(int qid, uint32_t mm_time) "%d %d" -+disable qxl_io_write_vga(int qid, const char *mode, uint32_t addr, uint32_t val) "%d %s addr=%u val=%u" -+qxl_create_guest_primary(int qid, uint32_t width, uint32_t height, uint64_t mem, uint32_t format, uint32_t position) "%d %dx%d mem=%lx %d,%d" -+qxl_create_guest_primary_rest(int qid, int32_t stride, uint32_t type, uint32_t flags) "%d %d,%d,%d" -+qxl_destroy_primary(int qid) "%d" -+qxl_enter_vga_mode(int qid) "%d" -+qxl_exit_vga_mode(int qid) "%d" -+qxl_hard_reset(int qid, int64_t loadvm) "%d loadvm=%"PRId64"" -+qxl_interface_async_complete_io(int qid, uint32_t current_async, void *cookie) "%d current=%d cookie=%p" -+qxl_interface_attach_worker(int qid) "%d" -+qxl_interface_get_init_info(int qid) "%d" -+qxl_interface_set_compression_level(int qid, int64_t level) "%d %"PRId64 -+qxl_interface_update_area_complete(int qid, uint32_t surface_id, uint32_t dirty_left, uint32_t dirty_right, uint32_t dirty_top, uint32_t dirty_bottom) "%d surface=%d [%d,%d,%d,%d]" -+qxl_interface_update_area_complete_rest(int qid, uint32_t num_updated_rects) "%d #=%d" -+qxl_interface_update_area_complete_overflow(int qid, int max) "%d max=%d" -+qxl_interface_update_area_complete_schedule_bh(int qid, uint32_t num_dirty) "%d #dirty=%d" -+qxl_io_destroy_primary_ignored(int qid, const char *mode) "%d %s" -+qxl_io_read_unexpected(int qid) "%d" -+qxl_io_unexpected_vga_mode(int qid, uint32_t io_port, const char *desc) "%d 0x%x (%s)" -+qxl_io_write(int qid, const char *mode, uint64_t addr, uint64_t val, unsigned size, int async) "%d %s addr=%"PRIu64 " val=%"PRIu64" size=%u async=%d" -+qxl_memslot_add_guest(int qid, uint32_t slot_id, uint64_t guest_start, uint64_t guest_end) "%d %u: guest phys 0x%"PRIx64 " - 0x%" PRIx64 -+qxl_post_load(int qid, const char *mode) "%d %s" -+qxl_pre_load(int qid) "%d" -+qxl_pre_save(int qid) "%d" -+qxl_reset_surfaces(int qid) "%d" -+qxl_ring_command_check(int qid, const char *mode) "%d %s" -+qxl_ring_command_get(int qid, const char *mode) "%d %s" -+qxl_ring_command_req_notification(int qid) "%d" -+qxl_ring_cursor_check(int qid, const char *mode) "%d %s" -+qxl_ring_cursor_get(int qid, const char *mode) "%d %s" -+qxl_ring_cursor_req_notification(int qid) "%d" -+qxl_ring_res_push(int qid, const char *mode, uint32_t surface_count, uint32_t free_res, void *last_release, const char *notify) "%d %s s#=%d res#=%d last=%p notify=%s" -+qxl_ring_res_push_rest(int qid, uint32_t ring_has, uint32_t ring_size, uint32_t prod, uint32_t cons) "%d ring %d/%d [%d,%d]" -+qxl_ring_res_put(int qid, uint32_t free_res) "%d #res=%d" -+qxl_set_mode(int qid, int modenr, uint32_t x_res, uint32_t y_res, uint32_t bits, uint64_t devmem) "%d mode=%d [ x=%d y=%d @ bpp=%d devmem=0x%" PRIx64 " ]" -+qxl_soft_reset(int qid) "%d" -+qemu_spice_add_memslot(int qid, uint32_t slot_id, unsigned long virt_start, unsigned long virt_end, int async) "%d %u: host virt 0x%lx - 0x%lx async=%d" -+qemu_spice_del_memslot(int qid, uint32_t gid, uint32_t slot_id) "%d gid=%u sid=%u" -+qemu_spice_create_primary_surface(int qid, uint32_t sid, void *surface, int async) "%d sid=%u surface=%p async=%d" -+qemu_spice_destroy_primary_surface(int qid, uint32_t sid, int async) "%d sid=%u async=%d" -+qemu_spice_wakeup(uint32_t qid) "%d" -+qemu_spice_start(uint32_t qid) "%d" -+qemu_spice_stop(uint32_t qid) "%d" -+qemu_spice_create_update(uint32_t left, uint32_t right, uint32_t top, uint32_t bottom) "lr %d -> %d, tb -> %d -> %d" -+qxl_spice_destroy_surfaces_complete(int qid) "%d" -+qxl_spice_destroy_surfaces(int qid, int async) "%d async=%d" -+qxl_spice_destroy_surface_wait_complete(int qid, uint32_t id) "%d sid=%d" -+qxl_spice_destroy_surface_wait(int qid, uint32_t id, int async) "%d sid=%d async=%d" -+qxl_spice_flush_surfaces_async(int qid, uint32_t surface_count, uint32_t num_free_res) "%d s#=%d, res#=%d" -+qxl_spice_loadvm_commands(int qid, void *ext, uint32_t count) "%d ext=%p count=%d" -+qxl_spice_oom(int qid) "%d" -+qxl_spice_reset_cursor(int qid) "%d" -+qxl_spice_reset_image_cache(int qid) "%d" -+qxl_spice_reset_memslots(int qid) "%d" -+qxl_spice_update_area(int qid, uint32_t surface_id, uint32_t left, uint32_t right, uint32_t top, uint32_t bottom) "%d sid=%d [%d,%d,%d,%d]" -+qxl_spice_update_area_rest(int qid, uint32_t num_dirty_rects, uint32_t clear_dirty_region) "%d #d=%d clear=%d" -+qxl_surfaces_dirty(int qid, int surface, int offset, int size) "%d surface=%d offset=%d size=%d" -diff --git a/ui/spice-display.c b/ui/spice-display.c -index ab266ae..28d6d4a 100644 ---- a/ui/spice-display.c -+++ b/ui/spice-display.c -@@ -22,6 +22,7 @@ - #include "monitor.h" - #include "console.h" - #include "sysemu.h" -+#include "trace.h" - - #include "spice-display.h" - -@@ -73,6 +74,10 @@ QXLCookie *qxl_cookie_new(int type, uint64_t io) - void qemu_spice_add_memslot(SimpleSpiceDisplay *ssd, QXLDevMemSlot *memslot, - qxl_async_io async) - { -+ trace_qemu_spice_add_memslot(ssd->qxl.id, memslot->slot_id, -+ memslot->virt_start, memslot->virt_end, -+ async); -+ - if (async != QXL_SYNC) { - spice_qxl_add_memslot_async(&ssd->qxl, memslot, - (uint64_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -@@ -84,6 +89,7 @@ void qemu_spice_add_memslot(SimpleSpiceDisplay *ssd, QXLDevMemSlot *memslot, - - void qemu_spice_del_memslot(SimpleSpiceDisplay *ssd, uint32_t gid, uint32_t sid) - { -+ trace_qemu_spice_del_memslot(ssd->qxl.id, gid, sid); - ssd->worker->del_memslot(ssd->worker, gid, sid); - } - -@@ -91,6 +97,7 @@ void qemu_spice_create_primary_surface(SimpleSpiceDisplay *ssd, uint32_t id, - QXLDevSurfaceCreate *surface, - qxl_async_io async) - { -+ trace_qemu_spice_create_primary_surface(ssd->qxl.id, id, surface, async); - if (async != QXL_SYNC) { - spice_qxl_create_primary_surface_async(&ssd->qxl, id, surface, - (uint64_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -@@ -100,10 +107,10 @@ void qemu_spice_create_primary_surface(SimpleSpiceDisplay *ssd, uint32_t id, - } - } - -- - void qemu_spice_destroy_primary_surface(SimpleSpiceDisplay *ssd, - uint32_t id, qxl_async_io async) - { -+ trace_qemu_spice_destroy_primary_surface(ssd->qxl.id, id, async); - if (async != QXL_SYNC) { - spice_qxl_destroy_primary_surface_async(&ssd->qxl, id, - (uint64_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -@@ -115,16 +122,19 @@ void qemu_spice_destroy_primary_surface(SimpleSpiceDisplay *ssd, - - void qemu_spice_wakeup(SimpleSpiceDisplay *ssd) - { -+ trace_qemu_spice_wakeup(ssd->qxl.id); - ssd->worker->wakeup(ssd->worker); - } - - void qemu_spice_start(SimpleSpiceDisplay *ssd) - { -+ trace_qemu_spice_start(ssd->qxl.id); - ssd->worker->start(ssd->worker); - } - - void qemu_spice_stop(SimpleSpiceDisplay *ssd) - { -+ trace_qemu_spice_stop(ssd->qxl.id); - ssd->worker->stop(ssd->worker); - } - -@@ -142,7 +152,7 @@ static SimpleSpiceUpdate *qemu_spice_create_update(SimpleSpiceDisplay *ssd) - return NULL; - }; - -- dprint(2, "%s: lr %d -> %d, tb -> %d -> %d\n", __FUNCTION__, -+ trace_qemu_spice_create_update( - ssd->dirty.left, ssd->dirty.right, - ssd->dirty.top, ssd->dirty.bottom); - --- -1.7.10 - diff --git a/0426-qxl-qxl_render.c-add-trace-events.patch b/0426-qxl-qxl_render.c-add-trace-events.patch deleted file mode 100644 index 90c4069..0000000 --- a/0426-qxl-qxl_render.c-add-trace-events.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 6b3e0d7afd011b8d40207fe45f6518937df1d99e Mon Sep 17 00:00:00 2001 -From: Alon Levy -Date: Sun, 18 Mar 2012 13:46:15 +0100 -Subject: [PATCH 426/434] qxl/qxl_render.c: add trace events - -Signed-off-by: Alon Levy -Reviewed-by: Stefan Hajnoczi -Signed-off-by: Gerd Hoffmann - -Cherry-pick: Added missing include "trace.h" ---- - hw/qxl-render.c | 14 +++++--------- - trace-events | 7 +++++++ - 2 files changed, 12 insertions(+), 9 deletions(-) - -diff --git a/hw/qxl-render.c b/hw/qxl-render.c -index 2e10e93..835dc5e 100644 ---- a/hw/qxl-render.c -+++ b/hw/qxl-render.c -@@ -20,6 +20,7 @@ - */ - - #include "qxl.h" -+#include "trace.h" - - static void qxl_blit(PCIQXLDevice *qxl, QXLRect *rect) - { -@@ -31,11 +32,10 @@ static void qxl_blit(PCIQXLDevice *qxl, QXLRect *rect) - return; - } - if (!qxl->guest_primary.data) { -- dprint(qxl, 1, "%s: initializing guest_primary.data\n", __func__); -+ trace_qxl_render_blit_guest_primary_initialized(); - qxl->guest_primary.data = memory_region_get_ram_ptr(&qxl->vga.vram); - } -- dprint(qxl, 2, "%s: stride %d, [%d, %d, %d, %d]\n", __func__, -- qxl->guest_primary.qxl_stride, -+ trace_qxl_render_blit(qxl->guest_primary.qxl_stride, - rect->left, rect->right, rect->top, rect->bottom); - src = qxl->guest_primary.data; - if (qxl->guest_primary.qxl_stride < 0) { -@@ -107,8 +107,7 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl) - qxl->guest_primary.data = memory_region_get_ram_ptr(&qxl->vga.vram); - qxl_set_rect_to_surface(qxl, &qxl->dirty[0]); - qxl->num_dirty_rects = 1; -- dprint(qxl, 1, "%s: %dx%d, stride %d, bpp %d, depth %d\n", -- __FUNCTION__, -+ trace_qxl_render_guest_primary_resized( - qxl->guest_primary.surface.width, - qxl->guest_primary.surface.height, - qxl->guest_primary.qxl_stride, -@@ -118,8 +117,6 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl) - if (surface->width != qxl->guest_primary.surface.width || - surface->height != qxl->guest_primary.surface.height) { - if (qxl->guest_primary.qxl_stride > 0) { -- dprint(qxl, 1, "%s: using guest_primary for displaysurface\n", -- __func__); - qemu_free_displaysurface(vga->ds); - qemu_create_displaysurface_from(qxl->guest_primary.surface.width, - qxl->guest_primary.surface.height, -@@ -127,8 +124,6 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl) - qxl->guest_primary.abs_stride, - qxl->guest_primary.data); - } else { -- dprint(qxl, 1, "%s: resizing displaysurface to guest_primary\n", -- __func__); - qemu_resize_displaysurface(vga->ds, - qxl->guest_primary.surface.width, - qxl->guest_primary.surface.height); -@@ -187,6 +182,7 @@ void qxl_render_update_area_bh(void *opaque) - void qxl_render_update_area_done(PCIQXLDevice *qxl, QXLCookie *cookie) - { - qemu_mutex_lock(&qxl->ssd.lock); -+ trace_qxl_render_update_area_done(cookie); - qemu_bh_schedule(qxl->update_area_bh); - qxl->render_update_cookie_num--; - qemu_mutex_unlock(&qxl->ssd.lock); -diff --git a/trace-events b/trace-events -index 0bc290f..6050d92 100644 ---- a/trace-events -+++ b/trace-events -@@ -690,3 +690,10 @@ qxl_spice_reset_memslots(int qid) "%d" - qxl_spice_update_area(int qid, uint32_t surface_id, uint32_t left, uint32_t right, uint32_t top, uint32_t bottom) "%d sid=%d [%d,%d,%d,%d]" - qxl_spice_update_area_rest(int qid, uint32_t num_dirty_rects, uint32_t clear_dirty_region) "%d #d=%d clear=%d" - qxl_surfaces_dirty(int qid, int surface, int offset, int size) "%d surface=%d offset=%d size=%d" -+qxl_vga_ioport_while_not_in_vga_mode(int qid) "%d (int qid, reset to VGA mode because of VGA io)" -+ -+# hw/qxl-render.c -+qxl_render_blit_guest_primary_initialized(void) "" -+qxl_render_blit(int32_t stride, int32_t left, int32_t right, int32_t top, int32_t bottom) "stride=%d [%d, %d, %d, %d]" -+qxl_render_guest_primary_resized(int32_t width, int32_t height, int32_t stride, int32_t bytes_pp, int32_t bits_pp) "%dx%d, stride %d, bpp %d, depth %d" -+qxl_render_update_area_done(void *cookie) "%p" --- -1.7.10 - diff --git a/0427-hw-qxl.c-Fix-compilation-failures-on-32-bit-hosts.patch b/0427-hw-qxl.c-Fix-compilation-failures-on-32-bit-hosts.patch deleted file mode 100644 index b723016..0000000 --- a/0427-hw-qxl.c-Fix-compilation-failures-on-32-bit-hosts.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 1ca7f74b31de28e9170e404ce2b932e311e4d2d0 Mon Sep 17 00:00:00 2001 -From: Peter Maydell -Date: Fri, 16 Mar 2012 13:50:04 +0000 -Subject: [PATCH 427/434] hw/qxl.c: Fix compilation failures on 32 bit hosts - -Fix compilation failures on 32 bit hosts (cast from pointer to -integer of different size; %ld expects 'long int' not uint64_t). - -Reported-by: Steve Langasek -Signed-off-by: Peter Maydell -Signed-off-by: Gerd Hoffmann ---- - hw/qxl.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/hw/qxl.c b/hw/qxl.c -index 813873a..bcdf274 100644 ---- a/hw/qxl.c -+++ b/hw/qxl.c -@@ -154,7 +154,7 @@ void qxl_spice_update_area(PCIQXLDevice *qxl, uint32_t surface_id, - } else { - assert(cookie != NULL); - spice_qxl_update_area_async(&qxl->ssd.qxl, surface_id, area, -- clear_dirty_region, (uint64_t)cookie); -+ clear_dirty_region, (uintptr_t)cookie); - } - } - -@@ -178,7 +178,7 @@ static void qxl_spice_destroy_surface_wait(PCIQXLDevice *qxl, uint32_t id, - cookie = qxl_cookie_new(QXL_COOKIE_TYPE_IO, - QXL_IO_DESTROY_SURFACE_ASYNC); - cookie->u.surface_id = id; -- spice_qxl_destroy_surface_async(&qxl->ssd.qxl, id, (uint64_t)cookie); -+ spice_qxl_destroy_surface_async(&qxl->ssd.qxl, id, (uintptr_t)cookie); - } else { - qxl->ssd.worker->destroy_surface_wait(qxl->ssd.worker, id); - } -@@ -189,8 +189,8 @@ static void qxl_spice_flush_surfaces_async(PCIQXLDevice *qxl) - trace_qxl_spice_flush_surfaces_async(qxl->id, qxl->guest_surfaces.count, - qxl->num_free_res); - spice_qxl_flush_surfaces_async(&qxl->ssd.qxl, -- (uint64_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -- QXL_IO_FLUSH_SURFACES_ASYNC)); -+ (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -+ QXL_IO_FLUSH_SURFACES_ASYNC)); - } - - void qxl_spice_loadvm_commands(PCIQXLDevice *qxl, struct QXLCommandExt *ext, -@@ -226,8 +226,8 @@ static void qxl_spice_destroy_surfaces(PCIQXLDevice *qxl, qxl_async_io async) - trace_qxl_spice_destroy_surfaces(qxl->id, async); - if (async) { - spice_qxl_destroy_surfaces_async(&qxl->ssd.qxl, -- (uint64_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -- QXL_IO_DESTROY_ALL_SURFACES_ASYNC)); -+ (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -+ QXL_IO_DESTROY_ALL_SURFACES_ASYNC)); - } else { - qxl->ssd.worker->destroy_surfaces(qxl->ssd.worker); - qxl_spice_destroy_surfaces_complete(qxl); -@@ -767,7 +767,7 @@ static void interface_async_complete_io(PCIQXLDevice *qxl, QXLCookie *cookie) - } - if (cookie && current_async != cookie->io) { - fprintf(stderr, -- "qxl: %s: error: current_async = %d != %ld = cookie->io\n", -+ "qxl: %s: error: current_async = %d != %" PRId64 " = cookie->io\n", - __func__, current_async, cookie->io); - } - switch (current_async) { -@@ -840,7 +840,7 @@ static void interface_update_area_complete(QXLInstance *sin, - static void interface_async_complete(QXLInstance *sin, uint64_t cookie_token) - { - PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl); -- QXLCookie *cookie = (QXLCookie *)cookie_token; -+ QXLCookie *cookie = (QXLCookie *)(uintptr_t)cookie_token; - - switch (cookie->type) { - case QXL_COOKIE_TYPE_IO: --- -1.7.10 - diff --git a/0428-spice-fix-broken-initialization.patch b/0428-spice-fix-broken-initialization.patch deleted file mode 100644 index 6559660..0000000 --- a/0428-spice-fix-broken-initialization.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 9f7bc0be9a5c353d076bb42b3bfdf77d8709063f Mon Sep 17 00:00:00 2001 -From: Alon Levy -Date: Wed, 14 Mar 2012 20:33:37 +0200 -Subject: [PATCH 428/434] spice: fix broken initialization - -Commit 1b71f7c14fab6f00c2680d4489fbee7baf796e4f moved MODULE_INIT_QOM to -way before MODULE_INIT_MACHINE, thereby breaking assumptions made in -spice-core.c which registered both a type initializer and a machine -intializer. - -This fix removes the type registration, and replaces it with calling -qemu_spice_init in vl.c after command line parsing (second pass) is -done, and after timers are armed, required by spice server. - -Signed-off-by: Alon Levy -Signed-off-by: Gerd Hoffmann - -Conflicts: - - ui/spice-core.c ---- - ui/spice-core.c | 8 +------- - vl.c | 5 +++++ - 2 files changed, 6 insertions(+), 7 deletions(-) - -diff --git a/ui/spice-core.c b/ui/spice-core.c -index 4ad0a67..a468524 100644 ---- a/ui/spice-core.c -+++ b/ui/spice-core.c -@@ -554,7 +554,7 @@ void qemu_spice_init(void) - - qemu_thread_get_self(&me); - -- if (!opts) { -+ if (!opts) { - return; - } - port = qemu_opt_get_number(opts, "port", 0); -@@ -787,9 +787,3 @@ static void spice_register_config(void) - qemu_add_opts(&qemu_spice_opts); - } - machine_init(spice_register_config); -- --static void spice_initialize(void) --{ -- qemu_spice_init(); --} --device_init(spice_initialize); -diff --git a/vl.c b/vl.c -index fdefa86..d33eb03 100644 ---- a/vl.c -+++ b/vl.c -@@ -3271,6 +3271,11 @@ int main(int argc, char **argv, char **envp) - exit(1); - } - -+#ifdef CONFIG_SPICE -+ /* spice needs the timers to be initialized by this point */ -+ qemu_spice_init(); -+#endif -+ - if (icount_option && (kvm_enabled() || xen_enabled())) { - fprintf(stderr, "-icount is not allowed with kvm or xen\n"); - exit(1); --- -1.7.10 - diff --git a/0429-ui-spice-display.c-Fix-compilation-warnings-on-32-bi.patch b/0429-ui-spice-display.c-Fix-compilation-warnings-on-32-bi.patch deleted file mode 100644 index 27fb514..0000000 --- a/0429-ui-spice-display.c-Fix-compilation-warnings-on-32-bi.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 2b4d2ccd83280b22d2fea0801e11af5a944a135d Mon Sep 17 00:00:00 2001 -From: Peter Maydell -Date: Wed, 7 Mar 2012 13:36:48 +0000 -Subject: [PATCH 429/434] ui/spice-display.c: Fix compilation warnings on 32 - bit hosts - -Fix compilation failures ("cast from pointer to integer of -different size [-Werror=pointer-to-int-cast]") by using -uintptr_t instead. - -Signed-off-by: Peter Maydell -Signed-off-by: Gerd Hoffmann ---- - ui/spice-display.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/ui/spice-display.c b/ui/spice-display.c -index 28d6d4a..6d7563f 100644 ---- a/ui/spice-display.c -+++ b/ui/spice-display.c -@@ -80,8 +80,8 @@ void qemu_spice_add_memslot(SimpleSpiceDisplay *ssd, QXLDevMemSlot *memslot, - - if (async != QXL_SYNC) { - spice_qxl_add_memslot_async(&ssd->qxl, memslot, -- (uint64_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -- QXL_IO_MEMSLOT_ADD_ASYNC)); -+ (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -+ QXL_IO_MEMSLOT_ADD_ASYNC)); - } else { - ssd->worker->add_memslot(ssd->worker, memslot); - } -@@ -100,8 +100,8 @@ void qemu_spice_create_primary_surface(SimpleSpiceDisplay *ssd, uint32_t id, - trace_qemu_spice_create_primary_surface(ssd->qxl.id, id, surface, async); - if (async != QXL_SYNC) { - spice_qxl_create_primary_surface_async(&ssd->qxl, id, surface, -- (uint64_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -- QXL_IO_CREATE_PRIMARY_ASYNC)); -+ (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -+ QXL_IO_CREATE_PRIMARY_ASYNC)); - } else { - ssd->worker->create_primary_surface(ssd->worker, id, surface); - } -@@ -113,8 +113,8 @@ void qemu_spice_destroy_primary_surface(SimpleSpiceDisplay *ssd, - trace_qemu_spice_destroy_primary_surface(ssd->qxl.id, id, async); - if (async != QXL_SYNC) { - spice_qxl_destroy_primary_surface_async(&ssd->qxl, id, -- (uint64_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -- QXL_IO_DESTROY_PRIMARY_ASYNC)); -+ (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO, -+ QXL_IO_DESTROY_PRIMARY_ASYNC)); - } else { - ssd->worker->destroy_primary_surface(ssd->worker, id); - } --- -1.7.10 - diff --git a/0430-ui-spice-display-use-uintptr_t-when-casting-qxl-phys.patch b/0430-ui-spice-display-use-uintptr_t-when-casting-qxl-phys.patch deleted file mode 100644 index bdfc59e..0000000 --- a/0430-ui-spice-display-use-uintptr_t-when-casting-qxl-phys.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 626eb7b96445815945600895a411ee14c10b9056 Mon Sep 17 00:00:00 2001 -From: Alon Levy -Date: Wed, 21 Mar 2012 18:17:18 +0200 -Subject: [PATCH 430/434] ui/spice-display: use uintptr_t when casting qxl - physical addresses - -The current intptr_t casts are a problem when the address's highest -bit is 1, and it is cast to a intptr_t and then to uint64_t, such -as at: - surface.mem = (intptr_t)ssd->buf; - -This causes the sign bit to be extended which causes a wrong address to -be passed on to spice, which then complains when it gets the wrong -slot_id number, since the slot_id is taken from the higher bits. - -The assertion happens early - during the first primary surface creation. - -This fixes running "-vga qxl -spice" with 32 bit compiled -qemu-system-i386. - -Signed-off-by: Alon Levy -Signed-off-by: Gerd Hoffmann ---- - ui/spice-display.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/ui/spice-display.c b/ui/spice-display.c -index 6d7563f..cb8a7ad 100644 ---- a/ui/spice-display.c -+++ b/ui/spice-display.c -@@ -168,7 +168,7 @@ static SimpleSpiceUpdate *qemu_spice_create_update(SimpleSpiceDisplay *ssd) - drawable->bbox = ssd->dirty; - drawable->clip.type = SPICE_CLIP_TYPE_NONE; - drawable->effect = QXL_EFFECT_OPAQUE; -- drawable->release_info.id = (intptr_t)update; -+ drawable->release_info.id = (uintptr_t)update; - drawable->type = QXL_DRAW_COPY; - drawable->surfaces_dest[0] = -1; - drawable->surfaces_dest[1] = -1; -@@ -179,7 +179,7 @@ static SimpleSpiceUpdate *qemu_spice_create_update(SimpleSpiceDisplay *ssd) - + time_space.tv_nsec / 1000 / 1000; - - drawable->u.copy.rop_descriptor = SPICE_ROPD_OP_PUT; -- drawable->u.copy.src_bitmap = (intptr_t)image; -+ drawable->u.copy.src_bitmap = (uintptr_t)image; - drawable->u.copy.src_area.right = bw; - drawable->u.copy.src_area.bottom = bh; - -@@ -189,7 +189,7 @@ static SimpleSpiceUpdate *qemu_spice_create_update(SimpleSpiceDisplay *ssd) - image->bitmap.stride = bw * 4; - image->descriptor.width = image->bitmap.x = bw; - image->descriptor.height = image->bitmap.y = bh; -- image->bitmap.data = (intptr_t)(update->bitmap); -+ image->bitmap.data = (uintptr_t)(update->bitmap); - image->bitmap.palette = 0; - image->bitmap.format = SPICE_BITMAP_FMT_32BIT; - -@@ -210,7 +210,7 @@ static SimpleSpiceUpdate *qemu_spice_create_update(SimpleSpiceDisplay *ssd) - } - - cmd->type = QXL_CMD_DRAW; -- cmd->data = (intptr_t)drawable; -+ cmd->data = (uintptr_t)drawable; - - memset(&ssd->dirty, 0, sizeof(ssd->dirty)); - return update; -@@ -254,7 +254,7 @@ void qemu_spice_create_host_primary(SimpleSpiceDisplay *ssd) - surface.mouse_mode = true; - surface.flags = 0; - surface.type = 0; -- surface.mem = (intptr_t)ssd->buf; -+ surface.mem = (uintptr_t)ssd->buf; - surface.group_id = MEMSLOT_GROUP_HOST; - - qemu_spice_create_primary_surface(ssd, 0, &surface, QXL_SYNC); --- -1.7.10 - diff --git a/0431-qxl-add-optinal-64bit-vram-bar.patch b/0431-qxl-add-optinal-64bit-vram-bar.patch deleted file mode 100644 index f686f01..0000000 --- a/0431-qxl-add-optinal-64bit-vram-bar.patch +++ /dev/null @@ -1,185 +0,0 @@ -From f1e729a041efbd2d562e8202407e927745210bbd Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 14 Oct 2011 18:05:48 +0200 -Subject: [PATCH 431/434] qxl: add optinal 64bit vram bar - -This patch adds an 64bit pci bar for vram. It is turned off by default. -It can be enabled by setting the size of the 64bit bar to be larger than -the 32bit bar. Both 32bit and 64bit bar refer to the same memory. Only -the first part of the memory is available via 32bit bar. - -The intention is to allow large vram sizes for 64bit guests, by allowing -the vram bar being mapped above 4G, so we don't have to squeeze it into -the pci I/O window below 4G. - -With vram_size_mb=16 and vram64_size_mb=256 it looks like this: - -00:02.0 VGA compatible controller: Red Hat, Inc. Device 0100 (rev 02) (prog-if 00 [VGA controller]) - Subsystem: Red Hat, Inc Device 1100 - Physical Slot: 2 - Flags: fast devsel, IRQ 10 - Memory at f8000000 (32-bit, non-prefetchable) [size=64M] - Memory at fc000000 (32-bit, non-prefetchable) [size=16M] - Memory at fd020000 (32-bit, non-prefetchable) [size=8K] - I/O ports at c5a0 [size=32] - Memory at ffe0000000 (64-bit, prefetchable) [size=256M] - Expansion ROM at fd000000 [disabled] [size=64K] - -[ mapping above 4G needs patched seabios: - http://www.kraxel.org/cgit/seabios/commit/?h=pci64 ] - -Conflicts: - - hw/qxl.c ---- - hw/qxl.c | 51 ++++++++++++++++++++++++++++++++++++++++++++------- - hw/qxl.h | 7 +++++++ - 2 files changed, 51 insertions(+), 7 deletions(-) - -diff --git a/hw/qxl.c b/hw/qxl.c -index bcdf274..18f3759 100644 ---- a/hw/qxl.c -+++ b/hw/qxl.c -@@ -1002,6 +1002,7 @@ static void qxl_add_memslot(PCIQXLDevice *d, uint32_t slot_id, uint64_t delta, - static const int regions[] = { - QXL_RAM_RANGE_INDEX, - QXL_VRAM_RANGE_INDEX, -+ QXL_VRAM64_RANGE_INDEX, - }; - uint64_t guest_start; - uint64_t guest_end; -@@ -1046,6 +1047,7 @@ static void qxl_add_memslot(PCIQXLDevice *d, uint32_t slot_id, uint64_t delta, - virt_start = (intptr_t)memory_region_get_ram_ptr(&d->vga.vram); - break; - case QXL_VRAM_RANGE_INDEX: -+ case 4 /* vram 64bit */: - virt_start = (intptr_t)memory_region_get_ram_ptr(&d->vram_bar); - break; - default: -@@ -1630,18 +1632,28 @@ static void qxl_init_ramsize(PCIQXLDevice *qxl, uint32_t ram_min_mb) - qxl->vga.vram_size = ram_min_mb * 1024 * 1024; - } - -- /* vram (surfaces, bar 1) */ -+ /* vram32 (surfaces, 32bit, bar 1) */ -+ if (qxl->vram32_size_mb != -1) { -+ qxl->vram32_size = qxl->vram32_size_mb * 1024 * 1024; -+ } -+ if (qxl->vram32_size < 4096) { -+ qxl->vram32_size = 4096; -+ } -+ -+ /* vram (surfaces, 64bit, bar 4+5) */ - if (qxl->vram_size_mb != -1) { - qxl->vram_size = qxl->vram_size_mb * 1024 * 1024; - } -- if (qxl->vram_size < 4096) { -- qxl->vram_size = 4096; -+ if (qxl->vram_size < qxl->vram32_size) { -+ qxl->vram_size = qxl->vram32_size; - } -+ - if (qxl->revision == 1) { -+ qxl->vram32_size = 4096; - qxl->vram_size = 4096; - } -- - qxl->vga.vram_size = msb_mask(qxl->vga.vram_size * 2 - 1); -+ qxl->vram32_size = msb_mask(qxl->vram32_size * 2 - 1); - qxl->vram_size = msb_mask(qxl->vram_size * 2 - 1); - } - -@@ -1683,6 +1695,8 @@ static int qxl_init_common(PCIQXLDevice *qxl) - - memory_region_init_ram(&qxl->vram_bar, &qxl->pci.qdev, "qxl.vram", - qxl->vram_size); -+ memory_region_init_alias(&qxl->vram32_bar, "qxl.vram32", &qxl->vram_bar, -+ 0, qxl->vram32_size); - - io_size = msb_mask(QXL_IO_RANGE_SIZE * 2 - 1); - if (qxl->revision == 1) { -@@ -1706,7 +1720,29 @@ static int qxl_init_common(PCIQXLDevice *qxl) - PCI_BASE_ADDRESS_SPACE_MEMORY, &qxl->vga.vram); - - pci_register_bar(&qxl->pci, QXL_VRAM_RANGE_INDEX, -- PCI_BASE_ADDRESS_SPACE_MEMORY, &qxl->vram_bar); -+ PCI_BASE_ADDRESS_SPACE_MEMORY, &qxl->vram32_bar); -+ -+ if (qxl->vram32_size < qxl->vram_size) { -+ /* -+ * Make the 64bit vram bar show up only in case it is -+ * configured to be larger than the 32bit vram bar. -+ */ -+ pci_register_bar(&qxl->pci, QXL_VRAM64_RANGE_INDEX, -+ PCI_BASE_ADDRESS_SPACE_MEMORY | -+ PCI_BASE_ADDRESS_MEM_TYPE_64 | -+ PCI_BASE_ADDRESS_MEM_PREFETCH, -+ &qxl->vram_bar); -+ } -+ -+ /* print pci bar details */ -+ dprint(qxl, 1, "ram/%s: %d MB [region 0]\n", -+ qxl->id == 0 ? "pri" : "sec", -+ qxl->vga.vram_size / (1024*1024)); -+ dprint(qxl, 1, "vram/32: %d MB [region 1]\n", -+ qxl->vram32_size / (1024*1024)); -+ dprint(qxl, 1, "vram/64: %d MB %s\n", -+ qxl->vram_size / (1024*1024), -+ qxl->vram32_size < qxl->vram_size ? "[region 4]" : "[unmapped]"); - - qxl->ssd.qxl.base.sif = &qxl_interface.base; - qxl->ssd.qxl.id = qxl->id; -@@ -1918,7 +1954,7 @@ static VMStateDescription qxl_vmstate = { - static Property qxl_properties[] = { - DEFINE_PROP_UINT32("ram_size", PCIQXLDevice, vga.vram_size, - 64 * 1024 * 1024), -- DEFINE_PROP_UINT32("vram_size", PCIQXLDevice, vram_size, -+ DEFINE_PROP_UINT32("vram_size", PCIQXLDevice, vram32_size, - 64 * 1024 * 1024), - DEFINE_PROP_UINT32("revision", PCIQXLDevice, revision, - QXL_DEFAULT_REVISION), -@@ -1926,7 +1962,8 @@ static Property qxl_properties[] = { - DEFINE_PROP_UINT32("guestdebug", PCIQXLDevice, guestdebug, 0), - DEFINE_PROP_UINT32("cmdlog", PCIQXLDevice, cmdlog, 0), - DEFINE_PROP_UINT32("ram_size_mb", PCIQXLDevice, ram_size_mb, -1), -- DEFINE_PROP_UINT32("vram_size_mb", PCIQXLDevice, vram_size_mb, -1), -+ DEFINE_PROP_UINT32("vram_size_mb", PCIQXLDevice, vram32_size_mb, 0), -+ DEFINE_PROP_UINT32("vram64_size_mb", PCIQXLDevice, vram_size_mb, 0), - DEFINE_PROP_END_OF_LIST(), - }; - -diff --git a/hw/qxl.h b/hw/qxl.h -index 86e415b..11a0db3 100644 ---- a/hw/qxl.h -+++ b/hw/qxl.h -@@ -16,6 +16,10 @@ enum qxl_mode { - QXL_MODE_NATIVE, - }; - -+#ifndef QXL_VRAM64_RANGE_INDEX -+#define QXL_VRAM64_RANGE_INDEX 4 -+#endif -+ - #define QXL_UNDEFINED_IO UINT32_MAX - - #define QXL_NUM_DIRTY_RECTS 64 -@@ -88,6 +92,8 @@ typedef struct PCIQXLDevice { - /* vram pci bar */ - uint32_t vram_size; - MemoryRegion vram_bar; -+ uint32_t vram32_size; -+ MemoryRegion vram32_bar; - - /* io bar */ - MemoryRegion io_bar; -@@ -95,6 +101,7 @@ typedef struct PCIQXLDevice { - /* user-friendly properties (in megabytes) */ - uint32_t ram_size_mb; - uint32_t vram_size_mb; -+ uint32_t vram32_size_mb; - - /* qxl_render_update state */ - int render_update_cookie_num; --- -1.7.10 - diff --git a/0432-qxl-set-default-values-of-vram-_size_mb-to-1.patch b/0432-qxl-set-default-values-of-vram-_size_mb-to-1.patch deleted file mode 100644 index 3972342..0000000 --- a/0432-qxl-set-default-values-of-vram-_size_mb-to-1.patch +++ /dev/null @@ -1,35 +0,0 @@ -From c18b8163ec4ebec3a7f99865038fa1ad36b2add2 Mon Sep 17 00:00:00 2001 -From: Alon Levy -Date: Thu, 29 Mar 2012 22:24:38 +0200 -Subject: [PATCH 432/434] qxl: set default values of vram*_size_mb to -1 - -The addition of those values caused a regression where not specifying -any value for the vram bar size would result in a 4096 _byte_ surface -area. This is ok for the windows driver but causes the X driver to be -unusable. Also, it's a regression. This patch returns the default -behavior of having a 64 megabyte vram BAR. - -Signed-off-by: Alon Levy -Signed-off-by: Gerd Hoffmann ---- - hw/qxl.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hw/qxl.c b/hw/qxl.c -index 18f3759..2135fde 100644 ---- a/hw/qxl.c -+++ b/hw/qxl.c -@@ -1962,8 +1962,8 @@ static Property qxl_properties[] = { - DEFINE_PROP_UINT32("guestdebug", PCIQXLDevice, guestdebug, 0), - DEFINE_PROP_UINT32("cmdlog", PCIQXLDevice, cmdlog, 0), - DEFINE_PROP_UINT32("ram_size_mb", PCIQXLDevice, ram_size_mb, -1), -- DEFINE_PROP_UINT32("vram_size_mb", PCIQXLDevice, vram32_size_mb, 0), -- DEFINE_PROP_UINT32("vram64_size_mb", PCIQXLDevice, vram_size_mb, 0), -+ DEFINE_PROP_UINT32("vram_size_mb", PCIQXLDevice, vram32_size_mb, -1), -+ DEFINE_PROP_UINT32("vram64_size_mb", PCIQXLDevice, vram_size_mb, -1), - DEFINE_PROP_END_OF_LIST(), - }; - --- -1.7.10 - diff --git a/0433-qxl-render-fix-broken-vnc-spice-since-commit-f934493.patch b/0433-qxl-render-fix-broken-vnc-spice-since-commit-f934493.patch deleted file mode 100644 index 16e821e..0000000 --- a/0433-qxl-render-fix-broken-vnc-spice-since-commit-f934493.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 68fc3d666b28d14c5023c1f2115cd3a51389f838 Mon Sep 17 00:00:00 2001 -From: Alon Levy -Date: Wed, 18 Apr 2012 12:24:28 +0300 -Subject: [PATCH 433/434] qxl-render: fix broken vnc+spice since commit - f934493 - -Notify any listeners such as vnc that the displaysurface has been -changed, otherwise they will segfault when first accessing the freed old -displaysurface data. - -Signed-off-by: Alon Levy ---- - hw/qxl-render.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/hw/qxl-render.c b/hw/qxl-render.c -index 835dc5e..180b8f9 100644 ---- a/hw/qxl-render.c -+++ b/hw/qxl-render.c -@@ -127,6 +127,7 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl) - qemu_resize_displaysurface(vga->ds, - qxl->guest_primary.surface.width, - qxl->guest_primary.surface.height); -+ dpy_resize(vga->ds); - } - } - for (i = 0; i < qxl->num_dirty_rects; i++) { --- -1.7.10 - diff --git a/0434-qxl-don-t-assert-on-guest-create_guest_primary.patch b/0434-qxl-don-t-assert-on-guest-create_guest_primary.patch deleted file mode 100644 index f98970f..0000000 --- a/0434-qxl-don-t-assert-on-guest-create_guest_primary.patch +++ /dev/null @@ -1,36 +0,0 @@ -From f9f547a6646d72204d88a79960191a0285774c23 Mon Sep 17 00:00:00 2001 -From: Alon Levy -Date: Wed, 18 Apr 2012 14:00:06 +0300 -Subject: [PATCH 434/434] qxl: don't assert on guest create_guest_primary - -initiate the implicit destroy ourselves. - -Signed-off-by: Alon Levy ---- - hw/qxl.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/hw/qxl.c b/hw/qxl.c -index 2135fde..29c8873 100644 ---- a/hw/qxl.c -+++ b/hw/qxl.c -@@ -1123,7 +1123,15 @@ static void qxl_create_guest_primary(PCIQXLDevice *qxl, int loadvm, - QXLDevSurfaceCreate surface; - QXLSurfaceCreate *sc = &qxl->guest_primary.surface; - -- assert(qxl->mode != QXL_MODE_NATIVE); -+ if (qxl->mode == QXL_MODE_NATIVE) { -+ /* -+ * allow a create without a destroy. This could be used -+ * later for an atomic "change primary" but right now just -+ * destroy the primary for the guest. Note that this uses -+ * the ability to have multiple concurrent async commands. -+ */ -+ qxl_destroy_primary(qxl, async); -+ } - qxl_exit_vga_mode(qxl); - - surface.format = le32_to_cpu(sc->format); --- -1.7.10 - diff --git a/0501-audio-add-VOICE_VOLUME-ctl.patch b/0501-audio-add-VOICE_VOLUME-ctl.patch deleted file mode 100644 index b981b77..0000000 --- a/0501-audio-add-VOICE_VOLUME-ctl.patch +++ /dev/null @@ -1,68 +0,0 @@ -From be81272bafb948278e5e5739ef975cd7bbf0ee0c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Tue, 17 Apr 2012 14:32:35 +0200 -Subject: [PATCH 501/509] audio: add VOICE_VOLUME ctl - -Add a new PCM control operation to update the stream volume on the -audio backend. The argument given is a SWVoiceOut/SWVoiceIn. - -v4: -- verified other backends didn't fail/assert on this new control - they randomly return 0 or -1, but we ignore return value. - -Signed-off-by: Marc-Andr? Lureau -Signed-off-by: malc ---- - audio/audio.c | 12 ++++++++++++ - audio/audio_int.h | 1 + - 2 files changed, 13 insertions(+) - -diff --git a/audio/audio.c b/audio/audio.c -index 50d0d71..2ae9b2f 100644 ---- a/audio/audio.c -+++ b/audio/audio.c -@@ -2050,17 +2050,29 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque) - void AUD_set_volume_out (SWVoiceOut *sw, int mute, uint8_t lvol, uint8_t rvol) - { - if (sw) { -+ HWVoiceOut *hw = sw->hw; -+ - sw->vol.mute = mute; - sw->vol.l = nominal_volume.l * lvol / 255; - sw->vol.r = nominal_volume.r * rvol / 255; -+ -+ if (hw->pcm_ops->ctl_out) { -+ hw->pcm_ops->ctl_out (hw, VOICE_VOLUME, sw); -+ } - } - } - - void AUD_set_volume_in (SWVoiceIn *sw, int mute, uint8_t lvol, uint8_t rvol) - { - if (sw) { -+ HWVoiceIn *hw = sw->hw; -+ - sw->vol.mute = mute; - sw->vol.l = nominal_volume.l * lvol / 255; - sw->vol.r = nominal_volume.r * rvol / 255; -+ -+ if (hw->pcm_ops->ctl_in) { -+ hw->pcm_ops->ctl_in (hw, VOICE_VOLUME, sw); -+ } - } - } -diff --git a/audio/audio_int.h b/audio/audio_int.h -index 2003f8b..117f95e 100644 ---- a/audio/audio_int.h -+++ b/audio/audio_int.h -@@ -231,6 +231,7 @@ void audio_run (const char *msg); - - #define VOICE_ENABLE 1 - #define VOICE_DISABLE 2 -+#define VOICE_VOLUME 3 - - static inline int audio_ring_dist (int dst, int src, int len) - { --- -1.7.10 - diff --git a/0502-audio-don-t-apply-volume-effect-if-backend-has-VOICE.patch b/0502-audio-don-t-apply-volume-effect-if-backend-has-VOICE.patch deleted file mode 100644 index 656989d..0000000 --- a/0502-audio-don-t-apply-volume-effect-if-backend-has-VOICE.patch +++ /dev/null @@ -1,99 +0,0 @@ -From eaa3b2d4cc2ac17b2aaf0d6387d3991b9d08c56e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Tue, 17 Apr 2012 14:32:36 +0200 -Subject: [PATCH 502/509] audio: don't apply volume effect if backend has - VOICE_VOLUME_CAP - -If the audio backend is capable of volume control, don't apply -software volume (mixeng_volume ()), but instead, rely on backend -volume control. This will allow guest to have full range volume -control. - -Signed-off-by: Marc-Andr? Lureau -Signed-off-by: malc ---- - audio/audio.c | 9 +++++++-- - audio/audio_int.h | 5 +++++ - audio/audio_template.h | 2 ++ - 3 files changed, 14 insertions(+), 2 deletions(-) - -diff --git a/audio/audio.c b/audio/audio.c -index 2ae9b2f..0fe95a7 100644 ---- a/audio/audio.c -+++ b/audio/audio.c -@@ -954,7 +954,9 @@ int audio_pcm_sw_read (SWVoiceIn *sw, void *buf, int size) - total += isamp; - } - -- mixeng_volume (sw->buf, ret, &sw->vol); -+ if (!(hw->ctl_caps & VOICE_VOLUME_CAP)) { -+ mixeng_volume (sw->buf, ret, &sw->vol); -+ } - - sw->clip (buf, sw->buf, ret); - sw->total_hw_samples_acquired += total; -@@ -1038,7 +1040,10 @@ int audio_pcm_sw_write (SWVoiceOut *sw, void *buf, int size) - swlim = audio_MIN (swlim, samples); - if (swlim) { - sw->conv (sw->buf, buf, swlim); -- mixeng_volume (sw->buf, swlim, &sw->vol); -+ -+ if (!(sw->hw->ctl_caps & VOICE_VOLUME_CAP)) { -+ mixeng_volume (sw->buf, swlim, &sw->vol); -+ } - } - - while (swlim) { -diff --git a/audio/audio_int.h b/audio/audio_int.h -index 117f95e..b9b0676 100644 ---- a/audio/audio_int.h -+++ b/audio/audio_int.h -@@ -82,6 +82,7 @@ typedef struct HWVoiceOut { - int samples; - QLIST_HEAD (sw_out_listhead, SWVoiceOut) sw_head; - QLIST_HEAD (sw_cap_listhead, SWVoiceCap) cap_head; -+ int ctl_caps; - struct audio_pcm_ops *pcm_ops; - QLIST_ENTRY (HWVoiceOut) entries; - } HWVoiceOut; -@@ -101,6 +102,7 @@ typedef struct HWVoiceIn { - - int samples; - QLIST_HEAD (sw_in_listhead, SWVoiceIn) sw_head; -+ int ctl_caps; - struct audio_pcm_ops *pcm_ops; - QLIST_ENTRY (HWVoiceIn) entries; - } HWVoiceIn; -@@ -150,6 +152,7 @@ struct audio_driver { - int max_voices_in; - int voice_size_out; - int voice_size_in; -+ int ctl_caps; - }; - - struct audio_pcm_ops { -@@ -233,6 +236,8 @@ void audio_run (const char *msg); - #define VOICE_DISABLE 2 - #define VOICE_VOLUME 3 - -+#define VOICE_VOLUME_CAP (1 << VOICE_VOLUME) -+ - static inline int audio_ring_dist (int dst, int src, int len) - { - return (dst >= src) ? (dst - src) : (len - src + dst); -diff --git a/audio/audio_template.h b/audio/audio_template.h -index e62a713..519432a 100644 ---- a/audio/audio_template.h -+++ b/audio/audio_template.h -@@ -263,6 +263,8 @@ static HW *glue (audio_pcm_hw_add_new_, TYPE) (struct audsettings *as) - } - - hw->pcm_ops = drv->pcm_ops; -+ hw->ctl_caps = drv->ctl_caps; -+ - QLIST_INIT (&hw->sw_head); - #ifdef DAC - QLIST_INIT (&hw->cap_head); --- -1.7.10 - diff --git a/0503-hw-ac97-remove-USE_MIXER-code.patch b/0503-hw-ac97-remove-USE_MIXER-code.patch deleted file mode 100644 index 763773a..0000000 --- a/0503-hw-ac97-remove-USE_MIXER-code.patch +++ /dev/null @@ -1,170 +0,0 @@ -From e27e5ceeee3d8cb55ba0749446b49ccc6ec5b96d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Tue, 17 Apr 2012 14:32:37 +0200 -Subject: [PATCH 503/509] hw/ac97: remove USE_MIXER code - -That code doesn't compile. The interesting bits for volume control are -going to be rewritten in the following patch. - -Signed-off-by: Marc-Andr? Lureau -Signed-off-by: malc ---- - hw/ac97.c | 121 ------------------------------------------------------------- - 1 file changed, 121 deletions(-) - -diff --git a/hw/ac97.c b/hw/ac97.c -index 0dbba3b..cd893c3 100644 ---- a/hw/ac97.c -+++ b/hw/ac97.c -@@ -434,99 +434,6 @@ static void reset_voices (AC97LinkState *s, uint8_t active[LAST_INDEX]) - AUD_set_active_in (s->voice_mc, active[MC_INDEX]); - } - --#ifdef USE_MIXER --static void set_volume (AC97LinkState *s, int index, -- audmixerctl_t mt, uint32_t val) --{ -- int mute = (val >> MUTE_SHIFT) & 1; -- uint8_t rvol = VOL_MASK - (val & VOL_MASK); -- uint8_t lvol = VOL_MASK - ((val >> 8) & VOL_MASK); -- rvol = 255 * rvol / VOL_MASK; -- lvol = 255 * lvol / VOL_MASK; -- --#ifdef SOFT_VOLUME -- if (index == AC97_Master_Volume_Mute) { -- AUD_set_volume_out (s->voice_po, mute, lvol, rvol); -- } -- else { -- AUD_set_volume (mt, &mute, &lvol, &rvol); -- } --#else -- AUD_set_volume (mt, &mute, &lvol, &rvol); --#endif -- -- rvol = VOL_MASK - ((VOL_MASK * rvol) / 255); -- lvol = VOL_MASK - ((VOL_MASK * lvol) / 255); -- mixer_store (s, index, val); --} -- --static audrecsource_t ac97_to_aud_record_source (uint8_t i) --{ -- switch (i) { -- case REC_MIC: -- return AUD_REC_MIC; -- -- case REC_CD: -- return AUD_REC_CD; -- -- case REC_VIDEO: -- return AUD_REC_VIDEO; -- -- case REC_AUX: -- return AUD_REC_AUX; -- -- case REC_LINE_IN: -- return AUD_REC_LINE_IN; -- -- case REC_PHONE: -- return AUD_REC_PHONE; -- -- default: -- dolog ("Unknown record source %d, using MIC\n", i); -- return AUD_REC_MIC; -- } --} -- --static uint8_t aud_to_ac97_record_source (audrecsource_t rs) --{ -- switch (rs) { -- case AUD_REC_MIC: -- return REC_MIC; -- -- case AUD_REC_CD: -- return REC_CD; -- -- case AUD_REC_VIDEO: -- return REC_VIDEO; -- -- case AUD_REC_AUX: -- return REC_AUX; -- -- case AUD_REC_LINE_IN: -- return REC_LINE_IN; -- -- case AUD_REC_PHONE: -- return REC_PHONE; -- -- default: -- dolog ("Unknown audio recording source %d using MIC\n", rs); -- return REC_MIC; -- } --} -- --static void record_select (AC97LinkState *s, uint32_t val) --{ -- uint8_t rs = val & REC_MASK; -- uint8_t ls = (val >> 8) & REC_MASK; -- audrecsource_t ars = ac97_to_aud_record_source (rs); -- audrecsource_t als = ac97_to_aud_record_source (ls); -- AUD_set_record_source (&als, &ars); -- rs = aud_to_ac97_record_source (ars); -- ls = aud_to_ac97_record_source (als); -- mixer_store (s, AC97_Record_Select, rs | (ls << 8)); --} --#endif -- - static void mixer_reset (AC97LinkState *s) - { - uint8_t active[LAST_INDEX]; -@@ -561,12 +468,6 @@ static void mixer_reset (AC97LinkState *s) - mixer_store (s, AC97_PCM_LR_ADC_Rate , 0xbb80); - mixer_store (s, AC97_MIC_ADC_Rate , 0xbb80); - --#ifdef USE_MIXER -- record_select (s, 0); -- set_volume (s, AC97_Master_Volume_Mute, AUD_MIXER_VOLUME , 0x8000); -- set_volume (s, AC97_PCM_Out_Volume_Mute, AUD_MIXER_PCM , 0x8808); -- set_volume (s, AC97_Line_In_Volume_Mute, AUD_MIXER_LINE_IN, 0x8808); --#endif - reset_voices (s, active); - } - -@@ -625,20 +526,6 @@ static void nam_writew (void *opaque, uint32_t addr, uint32_t val) - val |= mixer_load (s, index) & 0xf; - mixer_store (s, index, val); - break; --#ifdef USE_MIXER -- case AC97_Master_Volume_Mute: -- set_volume (s, index, AUD_MIXER_VOLUME, val); -- break; -- case AC97_PCM_Out_Volume_Mute: -- set_volume (s, index, AUD_MIXER_PCM, val); -- break; -- case AC97_Line_In_Volume_Mute: -- set_volume (s, index, AUD_MIXER_LINE_IN, val); -- break; -- case AC97_Record_Select: -- record_select (s, val); -- break; --#endif - case AC97_Vendor_ID1: - case AC97_Vendor_ID2: - dolog ("Attempt to write vendor ID to %#x\n", val); -@@ -1191,14 +1078,6 @@ static int ac97_post_load (void *opaque, int version_id) - uint8_t active[LAST_INDEX]; - AC97LinkState *s = opaque; - --#ifdef USE_MIXER -- record_select (s, mixer_load (s, AC97_Record_Select)); --#define V_(a, b) set_volume (s, a, b, mixer_load (s, a)) -- V_ (AC97_Master_Volume_Mute, AUD_MIXER_VOLUME); -- V_ (AC97_PCM_Out_Volume_Mute, AUD_MIXER_PCM); -- V_ (AC97_Line_In_Volume_Mute, AUD_MIXER_LINE_IN); --#undef V_ --#endif - active[PI_INDEX] = !!(s->bm_regs[PI_INDEX].cr & CR_RPBM); - active[PO_INDEX] = !!(s->bm_regs[PO_INDEX].cr & CR_RPBM); - active[MC_INDEX] = !!(s->bm_regs[MC_INDEX].cr & CR_RPBM); --- -1.7.10 - diff --git a/0504-hw-ac97-the-volume-mask-is-not-only-0x1f.patch b/0504-hw-ac97-the-volume-mask-is-not-only-0x1f.patch deleted file mode 100644 index 015f995..0000000 --- a/0504-hw-ac97-the-volume-mask-is-not-only-0x1f.patch +++ /dev/null @@ -1,28 +0,0 @@ -From c0bcb346459445db2895fb56c78ab71e592c0c90 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Tue, 17 Apr 2012 14:32:38 +0200 -Subject: [PATCH 504/509] hw/ac97: the volume mask is not only 0x1f - -It's a case by case (see Table 66. AC ?97 Baseline Audio Register Map) - -Signed-off-by: Marc-Andr? Lureau -Signed-off-by: malc ---- - hw/ac97.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/hw/ac97.c b/hw/ac97.c -index cd893c3..aa1babf 100644 ---- a/hw/ac97.c -+++ b/hw/ac97.c -@@ -115,7 +115,6 @@ enum { - #define EACS_VRA 1 - #define EACS_VRM 8 - --#define VOL_MASK 0x1f - #define MUTE_SHIFT 15 - - #define REC_MASK 7 --- -1.7.10 - diff --git a/0505-hw-ac97-add-support-for-volume-control.patch b/0505-hw-ac97-add-support-for-volume-control.patch deleted file mode 100644 index 551ae8e..0000000 --- a/0505-hw-ac97-add-support-for-volume-control.patch +++ /dev/null @@ -1,134 +0,0 @@ -From 41d13bd2047a3a3ae8f451ff4aaf0585231ba1c6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Tue, 17 Apr 2012 14:32:39 +0200 -Subject: [PATCH 505/509] hw/ac97: add support for volume control - -Combine output volume with Master and PCM registers values. -Use default values in mixer_reset (). -Set volume on post-load to update backend values. - -v4,v5: -- fix some code style - -Signed-off-by: Marc-Andr? Lureau -Signed-off-by: malc ---- - hw/ac97.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 81 insertions(+) - -diff --git a/hw/ac97.c b/hw/ac97.c -index aa1babf..dd4917b 100644 ---- a/hw/ac97.c -+++ b/hw/ac97.c -@@ -433,6 +433,65 @@ static void reset_voices (AC97LinkState *s, uint8_t active[LAST_INDEX]) - AUD_set_active_in (s->voice_mc, active[MC_INDEX]); - } - -+static void get_volume (uint16_t vol, uint16_t mask, int inverse, -+ int *mute, uint8_t *lvol, uint8_t *rvol) -+{ -+ *mute = (vol >> MUTE_SHIFT) & 1; -+ *rvol = (255 * (vol & mask)) / mask; -+ *lvol = (255 * ((vol >> 8) & mask)) / mask; -+ -+ if (inverse) { -+ *rvol = 255 - *rvol; -+ *lvol = 255 - *lvol; -+ } -+} -+ -+static void update_combined_volume_out (AC97LinkState *s) -+{ -+ uint8_t lvol, rvol, plvol, prvol; -+ int mute, pmute; -+ -+ get_volume (mixer_load (s, AC97_Master_Volume_Mute), 0x3f, 1, -+ &mute, &lvol, &rvol); -+ /* FIXME: should be 1f according to spec */ -+ get_volume (mixer_load (s, AC97_PCM_Out_Volume_Mute), 0x3f, 1, -+ &pmute, &plvol, &prvol); -+ -+ mute = mute | pmute; -+ lvol = (lvol * plvol) / 255; -+ rvol = (rvol * prvol) / 255; -+ -+ AUD_set_volume_out (s->voice_po, mute, lvol, rvol); -+} -+ -+static void update_volume_in (AC97LinkState *s) -+{ -+ uint8_t lvol, rvol; -+ int mute; -+ -+ get_volume (mixer_load (s, AC97_Record_Gain_Mute), 0x0f, 0, -+ &mute, &lvol, &rvol); -+ -+ AUD_set_volume_in (s->voice_pi, mute, lvol, rvol); -+} -+ -+static void set_volume (AC97LinkState *s, int index, uint32_t val) -+{ -+ mixer_store (s, index, val); -+ if (index == AC97_Master_Volume_Mute || index == AC97_PCM_Out_Volume_Mute) { -+ update_combined_volume_out (s); -+ } else if (index == AC97_Record_Gain_Mute) { -+ update_volume_in (s); -+ } -+} -+ -+static void record_select (AC97LinkState *s, uint32_t val) -+{ -+ uint8_t rs = val & REC_MASK; -+ uint8_t ls = (val >> 8) & REC_MASK; -+ mixer_store (s, AC97_Record_Select, rs | (ls << 8)); -+} -+ - static void mixer_reset (AC97LinkState *s) - { - uint8_t active[LAST_INDEX]; -@@ -467,6 +526,11 @@ static void mixer_reset (AC97LinkState *s) - mixer_store (s, AC97_PCM_LR_ADC_Rate , 0xbb80); - mixer_store (s, AC97_MIC_ADC_Rate , 0xbb80); - -+ record_select (s, 0); -+ set_volume (s, AC97_Master_Volume_Mute, 0x8000); -+ set_volume (s, AC97_PCM_Out_Volume_Mute, 0x8808); -+ set_volume (s, AC97_Line_In_Volume_Mute, 0x8808); -+ - reset_voices (s, active); - } - -@@ -525,6 +589,15 @@ static void nam_writew (void *opaque, uint32_t addr, uint32_t val) - val |= mixer_load (s, index) & 0xf; - mixer_store (s, index, val); - break; -+ case AC97_PCM_Out_Volume_Mute: -+ case AC97_Master_Volume_Mute: -+ case AC97_Record_Gain_Mute: -+ case AC97_Line_In_Volume_Mute: -+ set_volume (s, index, val); -+ break; -+ case AC97_Record_Select: -+ record_select (s, val); -+ break; - case AC97_Vendor_ID1: - case AC97_Vendor_ID2: - dolog ("Attempt to write vendor ID to %#x\n", val); -@@ -1077,6 +1150,14 @@ static int ac97_post_load (void *opaque, int version_id) - uint8_t active[LAST_INDEX]; - AC97LinkState *s = opaque; - -+ record_select (s, mixer_load (s, AC97_Record_Select)); -+ set_volume (s, AC97_Master_Volume_Mute, -+ mixer_load (s, AC97_Master_Volume_Mute)); -+ set_volume (s, AC97_PCM_Out_Volume_Mute, -+ mixer_load (s, AC97_PCM_Out_Volume_Mute)); -+ set_volume (s, AC97_Line_In_Volume_Mute, -+ mixer_load (s, AC97_Line_In_Volume_Mute)); -+ - active[PI_INDEX] = !!(s->bm_regs[PI_INDEX].cr & CR_RPBM); - active[PO_INDEX] = !!(s->bm_regs[PO_INDEX].cr & CR_RPBM); - active[MC_INDEX] = !!(s->bm_regs[MC_INDEX].cr & CR_RPBM); --- -1.7.10 - diff --git a/0506-audio-spice-add-support-for-volume-control.patch b/0506-audio-spice-add-support-for-volume-control.patch deleted file mode 100644 index e713e87..0000000 --- a/0506-audio-spice-add-support-for-volume-control.patch +++ /dev/null @@ -1,84 +0,0 @@ -From a9f796f670f3c34c3b5874026b61bbe4d782be2e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Tue, 17 Apr 2012 14:32:40 +0200 -Subject: [PATCH 506/509] audio/spice: add support for volume control - -Use Spice server volume control API when available. - -Signed-off-by: Marc-Andr? Lureau -Signed-off-by: malc ---- - audio/spiceaudio.c | 41 +++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 41 insertions(+) - -diff --git a/audio/spiceaudio.c b/audio/spiceaudio.c -index f972110..6f15591 100644 ---- a/audio/spiceaudio.c -+++ b/audio/spiceaudio.c -@@ -202,7 +202,26 @@ static int line_out_ctl (HWVoiceOut *hw, int cmd, ...) - } - spice_server_playback_stop (&out->sin); - break; -+ case VOICE_VOLUME: -+ { -+#if ((SPICE_INTERFACE_PLAYBACK_MAJOR >= 1) && (SPICE_INTERFACE_PLAYBACK_MINOR >= 2)) -+ SWVoiceOut *sw; -+ va_list ap; -+ uint16_t vol[2]; -+ -+ va_start (ap, cmd); -+ sw = va_arg (ap, SWVoiceOut *); -+ va_end (ap); -+ -+ vol[0] = sw->vol.l / ((1ULL << 16) + 1); -+ vol[1] = sw->vol.r / ((1ULL << 16) + 1); -+ spice_server_playback_set_volume (&out->sin, 2, vol); -+ spice_server_playback_set_mute (&out->sin, sw->vol.mute); -+#endif -+ break; -+ } - } -+ - return 0; - } - -@@ -304,7 +323,26 @@ static int line_in_ctl (HWVoiceIn *hw, int cmd, ...) - in->active = 0; - spice_server_record_stop (&in->sin); - break; -+ case VOICE_VOLUME: -+ { -+#if ((SPICE_INTERFACE_RECORD_MAJOR >= 2) && (SPICE_INTERFACE_RECORD_MINOR >= 2)) -+ SWVoiceIn *sw; -+ va_list ap; -+ uint16_t vol[2]; -+ -+ va_start (ap, cmd); -+ sw = va_arg (ap, SWVoiceIn *); -+ va_end (ap); -+ -+ vol[0] = sw->vol.l / ((1ULL << 16) + 1); -+ vol[1] = sw->vol.r / ((1ULL << 16) + 1); -+ spice_server_record_set_volume (&in->sin, 2, vol); -+ spice_server_record_set_mute (&in->sin, sw->vol.mute); -+#endif -+ break; -+ } - } -+ - return 0; - } - -@@ -337,6 +375,9 @@ struct audio_driver spice_audio_driver = { - .max_voices_in = 1, - .voice_size_out = sizeof (SpiceVoiceOut), - .voice_size_in = sizeof (SpiceVoiceIn), -+#if ((SPICE_INTERFACE_PLAYBACK_MAJOR >= 1) && (SPICE_INTERFACE_PLAYBACK_MINOR >= 2)) -+ .ctl_caps = VOICE_VOLUME_CAP -+#endif - }; - - void qemu_spice_audio_init (void) --- -1.7.10 - diff --git a/0507-Do-not-use-pa_simple-PulseAudio-API.patch b/0507-Do-not-use-pa_simple-PulseAudio-API.patch deleted file mode 100644 index 28f7df7..0000000 --- a/0507-Do-not-use-pa_simple-PulseAudio-API.patch +++ /dev/null @@ -1,573 +0,0 @@ -From 5c8ce128ec78d17a8a0f49115dc07726a3d3f0c1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Tue, 17 Apr 2012 14:32:41 +0200 -Subject: [PATCH 507/509] Do not use pa_simple PulseAudio API - -Unfortunately, pa_simple is a limited API which doesn't let us -retrieve the associated pa_stream. It is needed to control the volume -of the stream. - -In v4: -- add missing braces - -Signed-off-by: Marc-Andr? Lureau -Signed-off-by: malc ---- - audio/paaudio.c | 377 +++++++++++++++++++++++++++++++++++++++++++++++++------ - 1 file changed, 339 insertions(+), 38 deletions(-) - -diff --git a/audio/paaudio.c b/audio/paaudio.c -index d1f3912..6f50c1c 100644 ---- a/audio/paaudio.c -+++ b/audio/paaudio.c -@@ -2,8 +2,7 @@ - #include "qemu-common.h" - #include "audio.h" - --#include --#include -+#include - - #define AUDIO_CAP "pulseaudio" - #include "audio_int.h" -@@ -15,7 +14,7 @@ typedef struct { - int live; - int decr; - int rpos; -- pa_simple *s; -+ pa_stream *stream; - void *pcm_buf; - struct audio_pt pt; - } PAVoiceOut; -@@ -26,17 +25,23 @@ typedef struct { - int dead; - int incr; - int wpos; -- pa_simple *s; -+ pa_stream *stream; - void *pcm_buf; - struct audio_pt pt; -+ const void *read_data; -+ size_t read_index, read_length; - } PAVoiceIn; - --static struct { -+typedef struct { - int samples; - char *server; - char *sink; - char *source; --} conf = { -+ pa_threaded_mainloop *mainloop; -+ pa_context *context; -+} paaudio; -+ -+static paaudio glob_paaudio = { - .samples = 4096, - }; - -@@ -51,6 +56,126 @@ static void GCC_FMT_ATTR (2, 3) qpa_logerr (int err, const char *fmt, ...) - AUD_log (AUDIO_CAP, "Reason: %s\n", pa_strerror (err)); - } - -+#define CHECK_SUCCESS_GOTO(c, rerror, expression, label) \ -+ do { \ -+ if (!(expression)) { \ -+ if (rerror) { \ -+ *(rerror) = pa_context_errno ((c)->context); \ -+ } \ -+ goto label; \ -+ } \ -+ } while (0); -+ -+#define CHECK_DEAD_GOTO(c, stream, rerror, label) \ -+ do { \ -+ if (!(c)->context || !PA_CONTEXT_IS_GOOD (pa_context_get_state((c)->context)) || \ -+ !(stream) || !PA_STREAM_IS_GOOD (pa_stream_get_state ((stream)))) { \ -+ if (((c)->context && pa_context_get_state ((c)->context) == PA_CONTEXT_FAILED) || \ -+ ((stream) && pa_stream_get_state ((stream)) == PA_STREAM_FAILED)) { \ -+ if (rerror) { \ -+ *(rerror) = pa_context_errno ((c)->context); \ -+ } \ -+ } else { \ -+ if (rerror) { \ -+ *(rerror) = PA_ERR_BADSTATE; \ -+ } \ -+ } \ -+ goto label; \ -+ } \ -+ } while (0); -+ -+static int qpa_simple_read (PAVoiceIn *p, void *data, size_t length, int *rerror) -+{ -+ paaudio *g = &glob_paaudio; -+ -+ pa_threaded_mainloop_lock (g->mainloop); -+ -+ CHECK_DEAD_GOTO (g, p->stream, rerror, unlock_and_fail); -+ -+ while (length > 0) { -+ size_t l; -+ -+ while (!p->read_data) { -+ int r; -+ -+ r = pa_stream_peek (p->stream, &p->read_data, &p->read_length); -+ CHECK_SUCCESS_GOTO (g, rerror, r == 0, unlock_and_fail); -+ -+ if (!p->read_data) { -+ pa_threaded_mainloop_wait (g->mainloop); -+ CHECK_DEAD_GOTO (g, p->stream, rerror, unlock_and_fail); -+ } else { -+ p->read_index = 0; -+ } -+ } -+ -+ l = p->read_length < length ? p->read_length : length; -+ memcpy (data, (const uint8_t *) p->read_data+p->read_index, l); -+ -+ data = (uint8_t *) data + l; -+ length -= l; -+ -+ p->read_index += l; -+ p->read_length -= l; -+ -+ if (!p->read_length) { -+ int r; -+ -+ r = pa_stream_drop (p->stream); -+ p->read_data = NULL; -+ p->read_length = 0; -+ p->read_index = 0; -+ -+ CHECK_SUCCESS_GOTO (g, rerror, r == 0, unlock_and_fail); -+ } -+ } -+ -+ pa_threaded_mainloop_unlock (g->mainloop); -+ return 0; -+ -+unlock_and_fail: -+ pa_threaded_mainloop_unlock (g->mainloop); -+ return -1; -+} -+ -+static int qpa_simple_write (PAVoiceOut *p, const void *data, size_t length, int *rerror) -+{ -+ paaudio *g = &glob_paaudio; -+ -+ pa_threaded_mainloop_lock (g->mainloop); -+ -+ CHECK_DEAD_GOTO (g, p->stream, rerror, unlock_and_fail); -+ -+ while (length > 0) { -+ size_t l; -+ int r; -+ -+ while (!(l = pa_stream_writable_size (p->stream))) { -+ pa_threaded_mainloop_wait (g->mainloop); -+ CHECK_DEAD_GOTO (g, p->stream, rerror, unlock_and_fail); -+ } -+ -+ CHECK_SUCCESS_GOTO (g, rerror, l != (size_t) -1, unlock_and_fail); -+ -+ if (l > length) { -+ l = length; -+ } -+ -+ r = pa_stream_write (p->stream, data, l, NULL, 0LL, PA_SEEK_RELATIVE); -+ CHECK_SUCCESS_GOTO (g, rerror, r >= 0, unlock_and_fail); -+ -+ data = (const uint8_t *) data + l; -+ length -= l; -+ } -+ -+ pa_threaded_mainloop_unlock (g->mainloop); -+ return 0; -+ -+unlock_and_fail: -+ pa_threaded_mainloop_unlock (g->mainloop); -+ return -1; -+} -+ - static void *qpa_thread_out (void *arg) - { - PAVoiceOut *pa = arg; -@@ -77,7 +202,7 @@ static void *qpa_thread_out (void *arg) - } - } - -- decr = to_mix = audio_MIN (pa->live, conf.samples >> 2); -+ decr = to_mix = audio_MIN (pa->live, glob_paaudio.samples >> 2); - rpos = pa->rpos; - - if (audio_pt_unlock (&pa->pt, AUDIO_FUNC)) { -@@ -91,8 +216,8 @@ static void *qpa_thread_out (void *arg) - - hw->clip (pa->pcm_buf, src, chunk); - -- if (pa_simple_write (pa->s, pa->pcm_buf, -- chunk << hw->info.shift, &error) < 0) { -+ if (qpa_simple_write (pa, pa->pcm_buf, -+ chunk << hw->info.shift, &error) < 0) { - qpa_logerr (error, "pa_simple_write failed\n"); - return NULL; - } -@@ -169,7 +294,7 @@ static void *qpa_thread_in (void *arg) - } - } - -- incr = to_grab = audio_MIN (pa->dead, conf.samples >> 2); -+ incr = to_grab = audio_MIN (pa->dead, glob_paaudio.samples >> 2); - wpos = pa->wpos; - - if (audio_pt_unlock (&pa->pt, AUDIO_FUNC)) { -@@ -181,8 +306,8 @@ static void *qpa_thread_in (void *arg) - int chunk = audio_MIN (to_grab, hw->samples - wpos); - void *buf = advance (pa->pcm_buf, wpos); - -- if (pa_simple_read (pa->s, buf, -- chunk << hw->info.shift, &error) < 0) { -+ if (qpa_simple_read (pa, buf, -+ chunk << hw->info.shift, &error) < 0) { - qpa_logerr (error, "pa_simple_read failed\n"); - return NULL; - } -@@ -283,6 +408,109 @@ static audfmt_e pa_to_audfmt (pa_sample_format_t fmt, int *endianness) - } - } - -+static void context_state_cb (pa_context *c, void *userdata) -+{ -+ paaudio *g = &glob_paaudio; -+ -+ switch (pa_context_get_state(c)) { -+ case PA_CONTEXT_READY: -+ case PA_CONTEXT_TERMINATED: -+ case PA_CONTEXT_FAILED: -+ pa_threaded_mainloop_signal (g->mainloop, 0); -+ break; -+ -+ case PA_CONTEXT_UNCONNECTED: -+ case PA_CONTEXT_CONNECTING: -+ case PA_CONTEXT_AUTHORIZING: -+ case PA_CONTEXT_SETTING_NAME: -+ break; -+ } -+} -+ -+static void stream_state_cb (pa_stream *s, void * userdata) -+{ -+ paaudio *g = &glob_paaudio; -+ -+ switch (pa_stream_get_state (s)) { -+ -+ case PA_STREAM_READY: -+ case PA_STREAM_FAILED: -+ case PA_STREAM_TERMINATED: -+ pa_threaded_mainloop_signal (g->mainloop, 0); -+ break; -+ -+ case PA_STREAM_UNCONNECTED: -+ case PA_STREAM_CREATING: -+ break; -+ } -+} -+ -+static void stream_request_cb (pa_stream *s, size_t length, void *userdata) -+{ -+ paaudio *g = &glob_paaudio; -+ -+ pa_threaded_mainloop_signal (g->mainloop, 0); -+} -+ -+static pa_stream *qpa_simple_new ( -+ const char *server, -+ const char *name, -+ pa_stream_direction_t dir, -+ const char *dev, -+ const char *stream_name, -+ const pa_sample_spec *ss, -+ const pa_channel_map *map, -+ const pa_buffer_attr *attr, -+ int *rerror) -+{ -+ paaudio *g = &glob_paaudio; -+ int r; -+ pa_stream *stream; -+ -+ pa_threaded_mainloop_lock (g->mainloop); -+ -+ stream = pa_stream_new (g->context, name, ss, map); -+ if (!stream) { -+ goto fail; -+ } -+ -+ pa_stream_set_state_callback (stream, stream_state_cb, g); -+ pa_stream_set_read_callback (stream, stream_request_cb, g); -+ pa_stream_set_write_callback (stream, stream_request_cb, g); -+ -+ if (dir == PA_STREAM_PLAYBACK) { -+ r = pa_stream_connect_playback (stream, dev, attr, -+ PA_STREAM_INTERPOLATE_TIMING -+ |PA_STREAM_ADJUST_LATENCY -+ |PA_STREAM_AUTO_TIMING_UPDATE, NULL, NULL); -+ } else { -+ r = pa_stream_connect_record (stream, dev, attr, -+ PA_STREAM_INTERPOLATE_TIMING -+ |PA_STREAM_ADJUST_LATENCY -+ |PA_STREAM_AUTO_TIMING_UPDATE); -+ } -+ -+ if (r < 0) { -+ goto fail; -+ } -+ -+ pa_threaded_mainloop_unlock (g->mainloop); -+ -+ return stream; -+ -+fail: -+ pa_threaded_mainloop_unlock (g->mainloop); -+ -+ if (stream) { -+ pa_stream_unref (stream); -+ } -+ -+ qpa_logerr (pa_context_errno (g->context), -+ "stream_new() failed\n"); -+ -+ return NULL; -+} -+ - static int qpa_init_out (HWVoiceOut *hw, struct audsettings *as) - { - int error; -@@ -306,24 +534,24 @@ static int qpa_init_out (HWVoiceOut *hw, struct audsettings *as) - - obt_as.fmt = pa_to_audfmt (ss.format, &obt_as.endianness); - -- pa->s = pa_simple_new ( -- conf.server, -+ pa->stream = qpa_simple_new ( -+ glob_paaudio.server, - "qemu", - PA_STREAM_PLAYBACK, -- conf.sink, -+ glob_paaudio.sink, - "pcm.playback", - &ss, - NULL, /* channel map */ - &ba, /* buffering attributes */ - &error - ); -- if (!pa->s) { -+ if (!pa->stream) { - qpa_logerr (error, "pa_simple_new for playback failed\n"); - goto fail1; - } - - audio_pcm_init_info (&hw->info, &obt_as); -- hw->samples = conf.samples; -+ hw->samples = glob_paaudio.samples; - pa->pcm_buf = audio_calloc (AUDIO_FUNC, hw->samples, 1 << hw->info.shift); - pa->rpos = hw->rpos; - if (!pa->pcm_buf) { -@@ -342,8 +570,10 @@ static int qpa_init_out (HWVoiceOut *hw, struct audsettings *as) - g_free (pa->pcm_buf); - pa->pcm_buf = NULL; - fail2: -- pa_simple_free (pa->s); -- pa->s = NULL; -+ if (pa->stream) { -+ pa_stream_unref (pa->stream); -+ pa->stream = NULL; -+ } - fail1: - return -1; - } -@@ -361,24 +591,24 @@ static int qpa_init_in (HWVoiceIn *hw, struct audsettings *as) - - obt_as.fmt = pa_to_audfmt (ss.format, &obt_as.endianness); - -- pa->s = pa_simple_new ( -- conf.server, -+ pa->stream = qpa_simple_new ( -+ glob_paaudio.server, - "qemu", - PA_STREAM_RECORD, -- conf.source, -+ glob_paaudio.source, - "pcm.capture", - &ss, - NULL, /* channel map */ - NULL, /* buffering attributes */ - &error - ); -- if (!pa->s) { -+ if (!pa->stream) { - qpa_logerr (error, "pa_simple_new for capture failed\n"); - goto fail1; - } - - audio_pcm_init_info (&hw->info, &obt_as); -- hw->samples = conf.samples; -+ hw->samples = glob_paaudio.samples; - pa->pcm_buf = audio_calloc (AUDIO_FUNC, hw->samples, 1 << hw->info.shift); - pa->wpos = hw->wpos; - if (!pa->pcm_buf) { -@@ -397,8 +627,10 @@ static int qpa_init_in (HWVoiceIn *hw, struct audsettings *as) - g_free (pa->pcm_buf); - pa->pcm_buf = NULL; - fail2: -- pa_simple_free (pa->s); -- pa->s = NULL; -+ if (pa->stream) { -+ pa_stream_unref (pa->stream); -+ pa->stream = NULL; -+ } - fail1: - return -1; - } -@@ -413,9 +645,9 @@ static void qpa_fini_out (HWVoiceOut *hw) - audio_pt_unlock_and_signal (&pa->pt, AUDIO_FUNC); - audio_pt_join (&pa->pt, &ret, AUDIO_FUNC); - -- if (pa->s) { -- pa_simple_free (pa->s); -- pa->s = NULL; -+ if (pa->stream) { -+ pa_stream_unref (pa->stream); -+ pa->stream = NULL; - } - - audio_pt_fini (&pa->pt, AUDIO_FUNC); -@@ -433,9 +665,9 @@ static void qpa_fini_in (HWVoiceIn *hw) - audio_pt_unlock_and_signal (&pa->pt, AUDIO_FUNC); - audio_pt_join (&pa->pt, &ret, AUDIO_FUNC); - -- if (pa->s) { -- pa_simple_free (pa->s); -- pa->s = NULL; -+ if (pa->stream) { -+ pa_stream_unref (pa->stream); -+ pa->stream = NULL; - } - - audio_pt_fini (&pa->pt, AUDIO_FUNC); -@@ -460,37 +692,106 @@ static int qpa_ctl_in (HWVoiceIn *hw, int cmd, ...) - /* common */ - static void *qpa_audio_init (void) - { -- return &conf; -+ paaudio *g = &glob_paaudio; -+ -+ g->mainloop = pa_threaded_mainloop_new (); -+ if (!g->mainloop) { -+ goto fail; -+ } -+ -+ g->context = pa_context_new (pa_threaded_mainloop_get_api (g->mainloop), glob_paaudio.server); -+ if (!g->context) { -+ goto fail; -+ } -+ -+ pa_context_set_state_callback (g->context, context_state_cb, g); -+ -+ if (pa_context_connect (g->context, glob_paaudio.server, 0, NULL) < 0) { -+ qpa_logerr (pa_context_errno (g->context), -+ "pa_context_connect() failed\n"); -+ goto fail; -+ } -+ -+ pa_threaded_mainloop_lock (g->mainloop); -+ -+ if (pa_threaded_mainloop_start (g->mainloop) < 0) { -+ goto unlock_and_fail; -+ } -+ -+ for (;;) { -+ pa_context_state_t state; -+ -+ state = pa_context_get_state (g->context); -+ -+ if (state == PA_CONTEXT_READY) { -+ break; -+ } -+ -+ if (!PA_CONTEXT_IS_GOOD (state)) { -+ qpa_logerr (pa_context_errno (g->context), -+ "Wrong context state\n"); -+ goto unlock_and_fail; -+ } -+ -+ /* Wait until the context is ready */ -+ pa_threaded_mainloop_wait (g->mainloop); -+ } -+ -+ pa_threaded_mainloop_unlock (g->mainloop); -+ -+ return &glob_paaudio; -+ -+unlock_and_fail: -+ pa_threaded_mainloop_unlock (g->mainloop); -+fail: -+ AUD_log (AUDIO_CAP, "Failed to initialize PA context"); -+ return NULL; - } - - static void qpa_audio_fini (void *opaque) - { -- (void) opaque; -+ paaudio *g = opaque; -+ -+ if (g->mainloop) { -+ pa_threaded_mainloop_stop (g->mainloop); -+ } -+ -+ if (g->context) { -+ pa_context_disconnect (g->context); -+ pa_context_unref (g->context); -+ g->context = NULL; -+ } -+ -+ if (g->mainloop) { -+ pa_threaded_mainloop_free (g->mainloop); -+ } -+ -+ g->mainloop = NULL; - } - - struct audio_option qpa_options[] = { - { - .name = "SAMPLES", - .tag = AUD_OPT_INT, -- .valp = &conf.samples, -+ .valp = &glob_paaudio.samples, - .descr = "buffer size in samples" - }, - { - .name = "SERVER", - .tag = AUD_OPT_STR, -- .valp = &conf.server, -+ .valp = &glob_paaudio.server, - .descr = "server address" - }, - { - .name = "SINK", - .tag = AUD_OPT_STR, -- .valp = &conf.sink, -+ .valp = &glob_paaudio.sink, - .descr = "sink device name" - }, - { - .name = "SOURCE", - .tag = AUD_OPT_STR, -- .valp = &conf.source, -+ .valp = &glob_paaudio.source, - .descr = "source device name" - }, - { /* End of list */ } --- -1.7.10 - diff --git a/0508-configure-pa_simple-is-not-needed-anymore.patch b/0508-configure-pa_simple-is-not-needed-anymore.patch deleted file mode 100644 index 14e8766..0000000 --- a/0508-configure-pa_simple-is-not-needed-anymore.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 1b4ee5ccd426102b9ea415a8ce563bf96d7aa1f4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Tue, 17 Apr 2012 14:32:42 +0200 -Subject: [PATCH 508/509] configure: pa_simple is not needed anymore - -Signed-off-by: Marc-Andr? Lureau -Signed-off-by: malc ---- - configure | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/configure b/configure -index b03172c..4559836 100755 ---- a/configure -+++ b/configure -@@ -1791,9 +1791,9 @@ for drv in $audio_drv_list; do - ;; - - pa) -- audio_drv_probe $drv pulse/simple.h "-lpulse-simple -lpulse" \ -- "pa_simple *s = 0; pa_simple_free(s); return 0;" -- libs_softmmu="-lpulse -lpulse-simple $libs_softmmu" -+ audio_drv_probe $drv pulse/mainloop.h "-lpulse" \ -+ "pa_mainloop *m = 0; pa_mainloop_free (m); return 0;" -+ libs_softmmu="-lpulse $libs_softmmu" - audio_pt_int="yes" - ;; - --- -1.7.10 - diff --git a/0509-Allow-controlling-volume-with-PulseAudio-backend.patch b/0509-Allow-controlling-volume-with-PulseAudio-backend.patch deleted file mode 100644 index acc8ded..0000000 --- a/0509-Allow-controlling-volume-with-PulseAudio-backend.patch +++ /dev/null @@ -1,134 +0,0 @@ -From 4b09edbfdaad4536617bbb53ccadfe531156ed56 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Tue, 17 Apr 2012 14:32:43 +0200 -Subject: [PATCH 509/509] Allow controlling volume with PulseAudio backend - -Signed-off-by: Marc-Andr? Lureau -Signed-off-by: malc ---- - audio/paaudio.c | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++--- - 1 file changed, 94 insertions(+), 5 deletions(-) - -diff --git a/audio/paaudio.c b/audio/paaudio.c -index 6f50c1c..e6708d0 100644 ---- a/audio/paaudio.c -+++ b/audio/paaudio.c -@@ -677,15 +677,103 @@ static void qpa_fini_in (HWVoiceIn *hw) - - static int qpa_ctl_out (HWVoiceOut *hw, int cmd, ...) - { -- (void) hw; -- (void) cmd; -+ PAVoiceOut *pa = (PAVoiceOut *) hw; -+ pa_operation *op; -+ pa_cvolume v; -+ paaudio *g = &glob_paaudio; -+ -+ pa_cvolume_init (&v); -+ -+ switch (cmd) { -+ case VOICE_VOLUME: -+ { -+ SWVoiceOut *sw; -+ va_list ap; -+ -+ va_start (ap, cmd); -+ sw = va_arg (ap, SWVoiceOut *); -+ va_end (ap); -+ -+ v.channels = 2; -+ v.values[0] = ((PA_VOLUME_NORM - PA_VOLUME_MUTED) * sw->vol.l) / UINT32_MAX; -+ v.values[1] = ((PA_VOLUME_NORM - PA_VOLUME_MUTED) * sw->vol.r) / UINT32_MAX; -+ -+ pa_threaded_mainloop_lock (g->mainloop); -+ -+ op = pa_context_set_sink_input_volume (g->context, -+ pa_stream_get_index (pa->stream), -+ &v, NULL, NULL); -+ if (!op) -+ qpa_logerr (pa_context_errno (g->context), -+ "set_sink_input_volume() failed\n"); -+ else -+ pa_operation_unref (op); -+ -+ op = pa_context_set_sink_input_mute (g->context, -+ pa_stream_get_index (pa->stream), -+ sw->vol.mute, NULL, NULL); -+ if (!op) { -+ qpa_logerr (pa_context_errno (g->context), -+ "set_sink_input_mute() failed\n"); -+ } else { -+ pa_operation_unref (op); -+ } -+ -+ pa_threaded_mainloop_unlock (g->mainloop); -+ } -+ } - return 0; - } - - static int qpa_ctl_in (HWVoiceIn *hw, int cmd, ...) - { -- (void) hw; -- (void) cmd; -+ PAVoiceIn *pa = (PAVoiceIn *) hw; -+ pa_operation *op; -+ pa_cvolume v; -+ paaudio *g = &glob_paaudio; -+ -+ pa_cvolume_init (&v); -+ -+ switch (cmd) { -+ case VOICE_VOLUME: -+ { -+ SWVoiceIn *sw; -+ va_list ap; -+ -+ va_start (ap, cmd); -+ sw = va_arg (ap, SWVoiceIn *); -+ va_end (ap); -+ -+ v.channels = 2; -+ v.values[0] = ((PA_VOLUME_NORM - PA_VOLUME_MUTED) * sw->vol.l) / UINT32_MAX; -+ v.values[1] = ((PA_VOLUME_NORM - PA_VOLUME_MUTED) * sw->vol.r) / UINT32_MAX; -+ -+ pa_threaded_mainloop_lock (g->mainloop); -+ -+ /* FIXME: use the upcoming "set_source_output_{volume,mute}" */ -+ op = pa_context_set_source_volume_by_index (g->context, -+ pa_stream_get_device_index (pa->stream), -+ &v, NULL, NULL); -+ if (!op) { -+ qpa_logerr (pa_context_errno (g->context), -+ "set_source_volume() failed\n"); -+ } else { -+ pa_operation_unref(op); -+ } -+ -+ op = pa_context_set_source_mute_by_index (g->context, -+ pa_stream_get_index (pa->stream), -+ sw->vol.mute, NULL, NULL); -+ if (!op) { -+ qpa_logerr (pa_context_errno (g->context), -+ "set_source_mute() failed\n"); -+ } else { -+ pa_operation_unref (op); -+ } -+ -+ pa_threaded_mainloop_unlock (g->mainloop); -+ } -+ } - return 0; - } - -@@ -822,5 +910,6 @@ struct audio_driver pa_audio_driver = { - .max_voices_out = INT_MAX, - .max_voices_in = INT_MAX, - .voice_size_out = sizeof (PAVoiceOut), -- .voice_size_in = sizeof (PAVoiceIn) -+ .voice_size_in = sizeof (PAVoiceIn), -+ .ctl_caps = VOICE_VOLUME_CAP - }; --- -1.7.10 - diff --git a/Fix_save-restore_of_in-kernel_i8259.patch b/Fix_save-restore_of_in-kernel_i8259.patch deleted file mode 100644 index 15c772f..0000000 --- a/Fix_save-restore_of_in-kernel_i8259.patch +++ /dev/null @@ -1,87 +0,0 @@ -As the qemu-kvm version of the i8259 contains KVM bits, it still has to -be compiled per target. This unbreaks migration of the i8259. - -Signed-off-by: Jan Kiszka ---- - -Not sure if anyone bothers (no one should actually use qemu-kvm for -targets != x86), but let's avoid needless breakages of other targets -requiring the i8259. - - Makefile.objs | 2 +- - Makefile.target | 8 ++++---- - hw/i8259.c | 2 -- - 3 files changed, 5 insertions(+), 7 deletions(-) - -diff --git a/Makefile.objs b/Makefile.objs -index 13afd19..77237e1 100644 ---- a/Makefile.objs -+++ b/Makefile.objs -@@ -223,7 +223,7 @@ hw-obj-$(CONFIG_APPLESMC) += applesmc.o - hw-obj-$(CONFIG_SMARTCARD) += usb-ccid.o ccid-card-passthru.o - hw-obj-$(CONFIG_SMARTCARD_NSS) += ccid-card-emulated.o - hw-obj-$(CONFIG_USB_REDIR) += usb-redir.o --hw-obj-$(CONFIG_I8259) += i8259.o -+# hw-obj-$(CONFIG_I8259) += i8259.o - - # PPC devices - hw-obj-$(CONFIG_PREP_PCI) += prep_pci.o -diff --git a/Makefile.target b/Makefile.target -index 0b610ad..29eaa68 100644 ---- a/Makefile.target -+++ b/Makefile.target -@@ -236,7 +236,7 @@ obj-$(CONFIG_IVSHMEM) += ivshmem.o - - # Hardware support - obj-i386-y += vga.o --obj-i386-y += mc146818rtc.o pc.o -+obj-i386-y += mc146818rtc.o pc.o i8259.o - obj-i386-y += cirrus_vga.o sga.o apic.o ioapic.o piix_pci.o - obj-i386-y += vmport.o - obj-i386-y += device-hotplug.o pci-hotplug.o smbios.o wdt_ib700.o -@@ -255,7 +255,7 @@ obj-i386-$(CONFIG_KVM_DEVICE_ASSIGNMENT) += device-assignment.o - obj-ppc-y = ppc.o ppc_booke.o - obj-ppc-y += vga.o - # PREP target --obj-ppc-y += mc146818rtc.o -+obj-ppc-y += mc146818rtc.o i8259.o - obj-ppc-y += ppc_prep.o - # OldWorld PowerMac - obj-ppc-y += ppc_oldworld.o -@@ -311,7 +311,7 @@ obj-mips-y += acpi.o acpi_piix4.o - obj-mips-y += mips_addr.o mips_timer.o mips_int.o - obj-mips-y += vga.o - obj-mips-y += jazz_led.o --obj-mips-y += gt64xxx.o mc146818rtc.o -+obj-mips-y += gt64xxx.o mc146818rtc.o i8259.o - obj-mips-y += cirrus_vga.o - obj-mips-$(CONFIG_FULONG) += bonito.o vt82c686.o mips_fulong2e.o - -@@ -392,7 +392,7 @@ obj-m68k-y += m68k-semi.o dummy_m68k.o - - obj-s390x-y = s390-virtio-bus.o s390-virtio.o - --obj-alpha-y = mc146818rtc.o -+obj-alpha-y = mc146818rtc.o i8259.o - obj-alpha-y += vga.o cirrus_vga.o - obj-alpha-y += alpha_pci.o alpha_dp264.o alpha_typhoon.o - -diff --git a/hw/i8259.c b/hw/i8259.c -index fa63e83..a9ea9c9 100644 ---- a/hw/i8259.c -+++ b/hw/i8259.c -@@ -697,8 +697,6 @@ static int kvm_kernel_pic_load_from_user(PicState *s) - return 0; - } - --extern void apic_set_irq_delivered(void); -- - static void kvm_i8259_set_irq(void *opaque, int irq, int level) - { - int pic_ret; --- -1.7.3.4 --- -To unsubscribe from this list: send the line "unsubscribe kvm" in -the body of a message to majordomo@vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/enable_architectural_PMU_cpuid_leaf.patch b/enable_architectural_PMU_cpuid_leaf.patch deleted file mode 100644 index f0a7415..0000000 --- a/enable_architectural_PMU_cpuid_leaf.patch +++ /dev/null @@ -1,37 +0,0 @@ -commit a0fa82085e175bf8ce6d69a3f83695f81af2a649 -Author: Gleb Natapov -Date: Thu Dec 15 12:44:05 2011 +0200 - - enable architectural PMU cpuid leaf for kvm - - Signed-off-by: Gleb Natapov - Signed-off-by: Marcelo Tosatti - -diff --git a/target-i386/cpuid.c b/target-i386/cpuid.c -index 0b3af90..91a104b 100644 ---- a/target-i386/cpuid.c -+++ b/target-i386/cpuid.c -@@ -1180,10 +1180,19 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, - break; - case 0xA: - /* Architectural Performance Monitoring Leaf */ -- *eax = 0; -- *ebx = 0; -- *ecx = 0; -- *edx = 0; -+ if (kvm_enabled()) { -+ KVMState *s = env->kvm_state; -+ -+ *eax = kvm_arch_get_supported_cpuid(s, 0xA, count, R_EAX); -+ *ebx = kvm_arch_get_supported_cpuid(s, 0xA, count, R_EBX); -+ *ecx = kvm_arch_get_supported_cpuid(s, 0xA, count, R_ECX); -+ *edx = kvm_arch_get_supported_cpuid(s, 0xA, count, R_EDX); -+ } else { -+ *eax = 0; -+ *ebx = 0; -+ *ecx = 0; -+ *edx = 0; -+ } - break; - case 0xD: - /* Processor Extended State */ diff --git a/qemu-Allow-to-leave-type-on-default-in-machine.patch b/qemu-Allow-to-leave-type-on-default-in-machine.patch deleted file mode 100644 index e4a8e6d..0000000 --- a/qemu-Allow-to-leave-type-on-default-in-machine.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- qemu-kvm-0.15.0.old/vl.c 2011-08-09 13:40:29.000000000 +0100 -+++ qemu-kvm-0.15.0/vl.c 2011-08-18 16:38:51.487515037 +0100 -@@ -2718,7 +2718,10 @@ - fprintf(stderr, "parse error: %s\n", optarg); - exit(1); - } -- machine = machine_parse(qemu_opt_get(opts, "type")); -+ optarg = qemu_opt_get(opts, "type"); -+ if (optarg) { -+ machine = machine_parse(optarg); -+ } - break; - case QEMU_OPTION_no_kvm: - olist = qemu_find_opts("machine"); diff --git a/qemu-fix-non-PCI-target-build.patch b/qemu-fix-non-PCI-target-build.patch deleted file mode 100644 index b479efa..0000000 --- a/qemu-fix-non-PCI-target-build.patch +++ /dev/null @@ -1,53 +0,0 @@ -commit 1a8364456c2f3946b4feb8fc78eaf00d974f4c03 -Author: Jan Kiszka -Date: Wed Feb 23 09:28:53 2011 +0100 - - qemu-kvm: Fix non-PCI target build - - Replace obsolete qemu-kvm.h with kvm.h in pci.c and build that module - just like upstream does. This fixes non-x86 targets which have no PCI - support. - - Signed-off-by: Jan Kiszka - Signed-off-by: Avi Kivity - -diff --git a/Makefile.objs b/Makefile.objs -index f5702eb..3ec7121 100644 ---- a/Makefile.objs -+++ b/Makefile.objs -@@ -170,7 +170,7 @@ hw-obj-y = - hw-obj-y += loader.o - hw-obj-$(CONFIG_VIRTIO) += virtio.o virtio-console.o - hw-obj-y += fw_cfg.o --hw-obj-$(CONFIG_PCI) += pci_bridge.o -+hw-obj-$(CONFIG_PCI) += pci.o pci_bridge.o - hw-obj-$(CONFIG_PCI) += msix.o msi.o - hw-obj-$(CONFIG_PCI) += pci_host.o pcie_host.o - hw-obj-$(CONFIG_PCI) += ioh3420.o xio3130_upstream.o xio3130_downstream.o -diff --git a/Makefile.target b/Makefile.target -index 6e9a024..23367eb 100644 ---- a/Makefile.target -+++ b/Makefile.target -@@ -195,7 +195,7 @@ endif #CONFIG_BSD_USER - # System emulator target - ifdef CONFIG_SOFTMMU - --obj-y = arch_init.o cpus.o monitor.o pci.o machine.o gdbstub.o vl.o balloon.o -+obj-y = arch_init.o cpus.o monitor.o machine.o gdbstub.o vl.o balloon.o - # virtio has to be here due to weird dependency between PCI and virtio-net. - # need to fix this properly - obj-$(CONFIG_NO_PCI) += pci-stub.o -diff --git a/hw/pci.c b/hw/pci.c -index 0c44939..1f6cebe 100644 ---- a/hw/pci.c -+++ b/hw/pci.c -@@ -29,8 +29,8 @@ - #include "net.h" - #include "sysemu.h" - #include "loader.h" --#include "qemu-kvm.h" - #include "hw/pc.h" -+#include "kvm.h" - #include "device-assignment.h" - #include "qemu-objects.h" - #include "range.h" diff --git a/qemu-vhost-fix-dirty-page-handling.patch b/qemu-vhost-fix-dirty-page-handling.patch deleted file mode 100644 index e3fabb7..0000000 --- a/qemu-vhost-fix-dirty-page-handling.patch +++ /dev/null @@ -1,31 +0,0 @@ -vhost was passing a physical address to cpu_physical_memory_set_dirty, -which is wrong: we need to translate to ram address first. - -Signed-off-by: Michael S. Tsirkin - -Note: this lead to crashes during migration, so the patch -is needed on the stable branch too. - ---- - hw/vhost.c | 4 +++- - 1 files changed, 3 insertions(+), 1 deletions(-) - -diff --git a/hw/vhost.c b/hw/vhost.c -index aaa34e4..97a1299 100644 ---- a/hw/vhost.c -+++ b/hw/vhost.c -@@ -49,8 +49,10 @@ static void vhost_dev_sync_region(struct vhost_dev *dev, - log = __sync_fetch_and_and(from, 0); - while ((bit = sizeof(log) > sizeof(int) ? - ffsll(log) : ffs(log))) { -+ ram_addr_t ram_addr; - bit -= 1; -- cpu_physical_memory_set_dirty(addr + bit * VHOST_LOG_PAGE); -+ ram_addr = cpu_get_physical_page_desc(addr + bit * VHOST_LOG_PAGE); -+ cpu_physical_memory_set_dirty(ram_addr); - log &= ~(0x1ull << bit); - } - addr += VHOST_LOG_CHUNK; --- -1.7.3.2.91.g446ac - diff --git a/qemu-virtio-9p-noatime.patch b/qemu-virtio-9p-noatime.patch deleted file mode 100644 index e363509..0000000 --- a/qemu-virtio-9p-noatime.patch +++ /dev/null @@ -1,40 +0,0 @@ -commit eed968607d656a218712df47a5e0432c21fd6994 -Author: Daniel P. Berrange -Date: Mon Jan 16 18:11:40 2012 +0000 - - hw/9pfs: Remove O_NOATIME flag from 9pfs open() calls in readonly mode - - When 2c74c2cb4bedddbfa67628fbd5f9273b4e0e9903 added support for - the 'readonly' flag against 9p filesystems, it also made QEMU - add the O_NOATIME flag as a side-effect. - - The O_NOATIME flag, however, may only be set by the file owner, - or a user with CAP_FOWNER capability. QEMU cannot assume that - this is the case for filesytems exported to QEMU. - - eg, run QEMU as non-root, and attempt to pass the host OS - filesystem through to the guest OS with readonly enable. - The result is that the guest OS cannot open any files at - all. - - If O_NOATIME is really required, it should be optionally - enabled via a separate QEMU command line flag. - - * hw/9pfs/virtio-9p.c: Remove O_NOATIME - - Acked-by: M. Mohan Kumar - Signed-off-by: Daniel P. Berrange - Signed-off-by: Aneesh Kumar K.V - -diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/virtio-9p.c -index dfe2025..a72ffc3 100644 ---- a/hw/9pfs/virtio-9p.c -+++ b/hw/9pfs/virtio-9p.c -@@ -1391,7 +1391,6 @@ static void v9fs_open(void *opaque) - err = -EROFS; - goto out; - } -- flags |= O_NOATIME; - } - err = v9fs_co_open(pdu, fidp, flags); - if (err < 0) { diff --git a/qemu.spec b/qemu.spec index dcbae41..d1f4afc 100644 --- a/qemu.spec +++ b/qemu.spec @@ -37,8 +37,8 @@ Summary: QEMU is a FAST! processor emulator Name: qemu -Version: 1.0 -Release: 17%{?dist} +Version: 1.1.0 +Release: 1%{?dist} # Epoch because we pushed a qemu-1.0 package Epoch: 2 License: GPLv2+ and LGPLv2+ and BSD @@ -75,140 +75,28 @@ Source9: ksmtuned.conf Source10: qemu-guest-agent.service Source11: 99-qemu-guest-agent.rules -# Patches queued for 1.0.1 stable -Patch01: 0001-malta-Fix-regression-i8259-interrupts-did-not-work.patch -Patch02: 0002-exec.c-Fix-subpage-memory-access-to-RAM-MemoryRegion.patch -Patch03: 0003-hw-9pfs-Improve-portability-to-older-systems.patch -Patch04: 0004-hw-9pfs-use-migration-blockers-to-prevent-live-migra.patch -Patch05: 0005-hw-9pfs-Reset-server-state-during-TVERSION.patch -Patch06: 0006-hw-9pfs-Add-qdev.reset-callback-for-virtio-9p-pci-de.patch -Patch07: 0007-hw-9pfs-Use-the-correct-file-descriptor-in-Fsdriver-.patch -Patch08: 0008-hw-9pfs-replace-iovec-manipulation-with-QEMUIOVector.patch -Patch09: 0009-hw-9pfs-Use-the-correct-signed-type-for-different-va.patch -Patch10: 0010-target-i386-fix-cmpxchg-instruction-emulation.patch -Patch11: 0011-configure-Enable-build-by-default-PIE-read-only-relo.patch -Patch12: 0012-cris-Handle-conditional-stores-on-CRISv10.patch -Patch13: 0013-pc-add-pc-0.15.patch -Patch14: 0014-pc-fix-event_idx-compatibility-for-virtio-devices.patch -Patch15: 0015-Fix-parse-of-usb-device-description-with-multiple-co.patch -Patch16: 0016-usb-storage-cancel-I-O-on-reset.patch -Patch17: 0017-usb-host-properly-release-port-on-unplug-exit.patch -Patch18: 0018-usb-ohci-td.cbp-incorrectly-updated-near-page-end.patch -Patch19: 0019-target-sh4-ignore-ocbp-and-ocbwb-instructions.patch -Patch20: 0020-PPC-Fix-linker-scripts-on-ppc-hosts.patch -Patch21: 0021-qiov-prevent-double-free-or-use-after-free.patch -Patch22: 0022-coroutine-switch-per-thread-free-pool-to-a-global-po.patch -Patch23: 0023-qemu-img-rebase-Fix-for-undersized-backing-files.patch -Patch24: 0024-Documentation-Add-qemu-img-t-parameter-in-man-page.patch -Patch25: 0025-rbd-always-set-out-parameter-in-qemu_rbd_snap_list.patch -Patch26: 0026-e1000-bounds-packet-size-against-buffer-size.patch -Patch27: virtio-blk_refuse_SG_IO_requests_with_scsi_off.patch - -# USB-redir patches all upstream for 1.1 except for the chardev flowcontrol set -Patch101: 0101-usb-redir-Clear-iso-irq-error-when-stopping-the-stre.patch -Patch102: 0102-usb-redir-Dynamically-adjust-iso-buffering-size-base.patch -Patch103: 0103-usb-redir-Pre-fill-our-isoc-input-buffer-before-send.patch -Patch104: 0104-usb-redir-Try-to-keep-our-buffer-size-near-the-targe.patch -Patch105: 0105-usb-redir-Improve-some-debugging-messages.patch -Patch106: 0106-char-Split-out-tcp-socket-close-code-in-a-separate-f.patch -Patch107: 0107-char-Add-a-QemuChrHandlers-struct-to-initialise-char.patch -Patch108: 0108-iohandlers-Add-enable-disable_write_fd_handler-funct.patch -Patch109: 0109-char-Add-framework-for-a-write-unblocked-callback.patch -Patch110: 0110-char-Update-send_all-to-handle-nonblocking-chardev-w.patch -Patch111: 0111-char-Equip-the-unix-tcp-backend-to-handle-nonblockin.patch -Patch112: 0112-char-Throttle-when-host-connection-is-down.patch -Patch113: 0113-virtio-console-Enable-port-throttling-when-chardev-i.patch -Patch114: 0114-spice-qemu-char.c-add-throttling.patch -Patch115: 0115-spice-qemu-char.c-remove-intermediate-buffer.patch -Patch116: 0116-usb-redir-Add-flow-control-support.patch -Patch117: 0117-virtio-serial-bus-replay-guest_open-on-migration.patch -Patch118: 0118-char-Disable-write-callback-if-throttled-chardev-is-.patch -Patch119: 0119-usb-ehci-Clear-the-portstatus-powner-bit-on-device-d.patch -Patch120: 0120-usb-redir-Add-the-posibility-to-filter-out-certain-d.patch -Patch121: 0121-usb-redir-Fix-printing-of-device-version.patch -Patch122: 0122-usb-redir-Always-clear-device-state-on-filter-reject.patch -Patch123: 0123-usb-redir-Let-the-usb-host-know-about-our-device-fil.patch -Patch124: 0124-usb-redir-Limit-return-values-returned-by-iso-packet.patch -Patch125: 0125-usb-redir-Return-USB_RET_NAK-when-we-ve-no-data-for-.patch -Patch126: 0126-usb-ehci-Handle-ISO-packets-failing-with-an-error-ot.patch -Patch127: 0127-usb-ehci-Never-follow-table-entries-with-the-T-bit-s.patch -Patch128: 0128-usb-ehci-split-our-qh-queue-into-async-and-periodic-.patch -Patch129: 0129-usb-ehci-always-call-ehci_queues_rip_unused-for-peri.patch -Patch130: 0130-usb-ehci-Drop-cached-qhs-when-the-doorbell-gets-rung.patch -Patch131: 0131-usb-ehci-Rip-the-queues-when-the-async-or-period-sch.patch -Patch132: 0132-usb-ehci-Any-packet-completion-except-for-NAK-should.patch -Patch133: 0133-usb-ehci-Fix-cerr-tracking.patch -Patch134: 0134-usb-ehci-Remove-dead-nakcnt-code.patch -Patch135: 0135-usb-ehci-Fix-and-simplify-nakcnt-handling.patch -Patch136: 0136-usb-ehci-Remove-dead-isoch_pause-code.patch -Patch137: 0137-usb-return-BABBLE-rather-then-NAK-when-we-receive-to.patch -Patch138: 0138-usb-add-USB_RET_IOERROR.patch -Patch139: 0139-usb-ehci-fix-reset.patch -Patch140: 0140-usb-ehci-sanity-check-iso-xfers.patch -Patch141: 0141-usb-ehci-frindex-always-is-a-14-bits-counter.patch -Patch142: 0142-usb-ehci-Drop-unused-sofv-value.patch -Patch143: 0143-usb-redir-Notify-our-peer-when-we-reject-a-device-du.patch -Patch144: 0144-usb-redir-An-interface-count-of-0-is-a-valid-value.patch -Patch145: 0145-usb-redir-Reset-device-address-and-speed-on-disconne.patch -Patch146: 0146-usb-redir-Not-finding-an-async-urb-id-is-not-an-erro.patch -Patch147: 0147-usb-ehci-Ensure-frindex-writes-leave-a-valid-frindex.patch - -# General bug fixes -Patch201: Fix_save-restore_of_in-kernel_i8259.patch -Patch202: qemu-virtio-9p-noatime.patch - -# Feature patches, should be in 1.1 before release -Patch301: enable_architectural_PMU_cpuid_leaf.patch -Patch302: qemu_virtio-scsi_support.patch - -# QXL fixes backports, all are upstream for 1.1 -Patch401: 0401-qxl-Slot-sanity-check-in-qxl_phys2virt-is-off-by-one.patch -Patch402: 0402-input-send-kbd-mouse-events-only-to-running-guests.patch -Patch403: 0403-qxl-fix-warnings-on-32bit.patch -Patch404: 0404-qxl-don-t-render-stuff-when-the-vm-is-stopped.patch -Patch405: 0405-qxl-set-only-off-screen-surfaces-dirty-instead-of-th.patch -Patch406: 0406-qxl-make-sure-primary-surface-is-saved-on-migration-.patch -Patch407: 0407-Add-SPICE-support-to-add_client-monitor-command.patch -Patch408: 0408-spice-support-ipv6-channel-address-in-monitor-events.patch -Patch409: 0409-qxl-drop-vram-bar-minimum-size.patch -Patch410: 0410-qxl-move-ram-size-init-to-new-function.patch -Patch411: 0411-qxl-add-user-friendly-bar-size-properties.patch -Patch412: 0412-qxl-fix-spice-sdl-no-cursor-regression.patch -Patch413: 0413-sdl-remove-NULL-check-g_malloc0-can-t-fail.patch -Patch414: 0414-qxl-drop-qxl_spice_update_area_async-definition.patch -Patch415: 0415-qxl-require-spice-0.8.2.patch -Patch416: 0416-qxl-remove-flipped.patch -Patch417: 0417-qxl-introduce-QXLCookie.patch -Patch418: 0418-qxl-make-qxl_render_update-async.patch -Patch419: 0419-spice-use-error_report-to-report-errors.patch -Patch420: 0420-Error-out-when-tls-channel-option-is-used-without-TL.patch -Patch421: 0421-qxl-properly-handle-upright-and-non-shared-surfaces.patch -Patch422: 0422-spice-set-spice-uuid-and-name.patch -Patch423: 0423-monitor-fix-client_migrate_info-error-handling.patch -Patch424: 0424-qxl-init_pipe_signaling-exit-on-failure.patch -Patch425: 0425-qxl-switch-qxl.c-to-trace-events.patch -Patch426: 0426-qxl-qxl_render.c-add-trace-events.patch -Patch427: 0427-hw-qxl.c-Fix-compilation-failures-on-32-bit-hosts.patch -Patch428: 0428-spice-fix-broken-initialization.patch -Patch429: 0429-ui-spice-display.c-Fix-compilation-warnings-on-32-bi.patch -Patch430: 0430-ui-spice-display-use-uintptr_t-when-casting-qxl-phys.patch -Patch431: 0431-qxl-add-optinal-64bit-vram-bar.patch -Patch432: 0432-qxl-set-default-values-of-vram-_size_mb-to-1.patch -Patch433: 0433-qxl-render-fix-broken-vnc-spice-since-commit-f934493.patch -Patch434: 0434-qxl-don-t-assert-on-guest-create_guest_primary.patch - -# Spice volume control backports, all are upstream for 1.1 -Patch501: 0501-audio-add-VOICE_VOLUME-ctl.patch -Patch502: 0502-audio-don-t-apply-volume-effect-if-backend-has-VOICE.patch -Patch503: 0503-hw-ac97-remove-USE_MIXER-code.patch -Patch504: 0504-hw-ac97-the-volume-mask-is-not-only-0x1f.patch -Patch505: 0505-hw-ac97-add-support-for-volume-control.patch -Patch506: 0506-audio-spice-add-support-for-volume-control.patch -Patch507: 0507-Do-not-use-pa_simple-PulseAudio-API.patch -Patch508: 0508-configure-pa_simple-is-not-needed-anymore.patch -Patch509: 0509-Allow-controlling-volume-with-PulseAudio-backend.patch - -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +# Fixes from qemu-kvm git stable-1.1 branch +Patch1: 0001-qemu-kvm-Add-missing-default-machine-options.patch +Patch2: 0002-qemu-kvm-virtio-Do-not-register-mask-notifiers-witho.patch + +# The infamous chardev flow control patches +Patch101: 0101-char-Split-out-tcp-socket-close-code-in-a-separate-f.patch +Patch102: 0102-char-Add-a-QemuChrHandlers-struct-to-initialise-char.patch +Patch103: 0103-iohandlers-Add-enable-disable_write_fd_handler-funct.patch +Patch104: 0104-char-Add-framework-for-a-write-unblocked-callback.patch +Patch105: 0105-char-Update-send_all-to-handle-nonblocking-chardev-w.patch +Patch106: 0106-char-Equip-the-unix-tcp-backend-to-handle-nonblockin.patch +Patch107: 0107-char-Throttle-when-host-connection-is-down.patch +Patch108: 0108-virtio-console-Enable-port-throttling-when-chardev-i.patch +Patch109: 0109-spice-qemu-char.c-add-throttling.patch +Patch110: 0110-spice-qemu-char.c-remove-intermediate-buffer.patch +Patch111: 0111-usb-redir-Add-flow-control-support.patch +Patch112: 0112-virtio-serial-bus-replay-guest_open-on-migration.patch +Patch113: 0113-char-Disable-write-callback-if-throttled-chardev-is-.patch + +# USB-redir bugfixes +Patch201: 0201-usb-redir-Correctly-handle-the-usb_redir_babble-usbr.patch + BuildRequires: SDL-devel zlib-devel which texi2html gnutls-devel cyrus-sasl-devel BuildRequires: libaio-devel BuildRequires: rsync @@ -265,7 +153,7 @@ Requires: %{name}-img = %{epoch}:%{version}-%{release} Obsoletes: %{name}-system-ppc Obsoletes: %{name}-system-sparc -%define qemudocdir %{_docdir}/%{name}-%{version} +%define qemudocdir %{_docdir}/%{name} %description QEMU is a generic and open source processor emulator which achieves a good @@ -454,33 +342,8 @@ such as kvm_stat. %prep %setup -q -n qemu-kvm-%{version} -%patch01 -p1 -%patch02 -p1 -%patch03 -p1 -%patch04 -p1 -%patch05 -p1 -%patch06 -p1 -%patch07 -p1 -%patch08 -p1 -%patch09 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 -%patch20 -p1 -%patch21 -p1 -%patch22 -p1 -%patch23 -p1 -%patch24 -p1 -%patch25 -p1 -%patch26 -p1 -%patch27 -p1 +%patch1 -p1 +%patch2 -p1 %patch101 -p1 %patch102 -p1 @@ -495,91 +358,8 @@ such as kvm_stat. %patch111 -p1 %patch112 -p1 %patch113 -p1 -%patch114 -p1 -%patch115 -p1 -%patch116 -p1 -%patch117 -p1 -%patch118 -p1 -%patch119 -p1 -%patch120 -p1 -%patch121 -p1 -%patch122 -p1 -%patch123 -p1 -%patch124 -p1 -%patch125 -p1 -%patch126 -p1 -%patch127 -p1 -%patch128 -p1 -%patch129 -p1 -%patch130 -p1 -%patch131 -p1 -%patch132 -p1 -%patch133 -p1 -%patch134 -p1 -%patch135 -p1 -%patch136 -p1 -%patch137 -p1 -%patch138 -p1 -%patch139 -p1 -%patch140 -p1 -%patch141 -p1 -%patch142 -p1 -%patch143 -p1 -%patch144 -p1 -%patch145 -p1 -%patch146 -p1 -%patch147 -p1 %patch201 -p1 -%patch202 -p1 - -%patch301 -p1 -%patch302 -p1 - -%patch401 -p1 -%patch402 -p1 -%patch403 -p1 -%patch404 -p1 -%patch405 -p1 -%patch406 -p1 -%patch407 -p1 -%patch408 -p1 -%patch409 -p1 -%patch410 -p1 -%patch411 -p1 -%patch412 -p1 -%patch413 -p1 -%patch414 -p1 -%patch415 -p1 -%patch416 -p1 -%patch417 -p1 -%patch418 -p1 -%patch419 -p1 -%patch420 -p1 -%patch421 -p1 -%patch422 -p1 -%patch423 -p1 -%patch424 -p1 -%patch425 -p1 -%patch426 -p1 -%patch427 -p1 -%patch428 -p1 -%patch429 -p1 -%patch430 -p1 -%patch431 -p1 -%patch432 -p1 -%patch433 -p1 -%patch434 -p1 - -%patch501 -p1 -%patch502 -p1 -%patch503 -p1 -%patch504 -p1 -%patch505 -p1 -%patch506 -p1 -%patch507 -p1 -%patch508 -p1 -%patch509 -p1 %build @@ -638,12 +418,11 @@ cat config-host.mak echo "===" make V=1 %{?_smp_mflags} $buildldflags -./scripts/tracetool --dtrace --binary %{_bindir}/qemu-kvm \ - --target-arch x86_64 --target-type system --stap \ +./scripts/tracetool.py --backend dtrace --format stap \ + --binary %{_bindir}/qemu-kvm --target-arch x86_64 --target-type system \ --probe-prefix qemu.kvm < ./trace-events > qemu-kvm.stp cp -a x86_64-softmmu/qemu-system-x86_64 qemu-kvm make clean - %endif ./configure \ @@ -681,7 +460,6 @@ gcc %{SOURCE6} -O2 -g -o ksmctl %install -rm -rf $RPM_BUILD_ROOT %define _udevdir /lib/udev/rules.d @@ -701,19 +479,13 @@ mkdir -p $RPM_BUILD_ROOT%{_udevdir} mkdir -p $RPM_BUILD_ROOT%{_datadir}/systemtap/tapset install -m 0755 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/modules/kvm.modules -install -m 0755 kvm/kvm_stat $RPM_BUILD_ROOT%{_bindir}/ +install -m 0755 scripts/kvm/kvm_stat $RPM_BUILD_ROOT%{_bindir}/ install -m 0755 qemu-kvm $RPM_BUILD_ROOT%{_bindir}/ install -m 0644 qemu-kvm.stp $RPM_BUILD_ROOT%{_datadir}/systemtap/tapset/ install -m 0644 %{SOURCE3} $RPM_BUILD_ROOT%{_udevdir} %endif -make prefix="${RPM_BUILD_ROOT}%{_prefix}" \ - bindir="${RPM_BUILD_ROOT}%{_bindir}" \ - sharedir="${RPM_BUILD_ROOT}%{_datadir}/%{name}" \ - mandir="${RPM_BUILD_ROOT}%{_mandir}" \ - docdir="${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}" \ - datadir="${RPM_BUILD_ROOT}%{_datadir}/%{name}" \ - sysconfdir="${RPM_BUILD_ROOT}%{_sysconfdir}" install +make DESTDIR=$RPM_BUILD_ROOT install chmod -x ${RPM_BUILD_ROOT}%{_mandir}/man1/* install -D -p -m 0644 -t ${RPM_BUILD_ROOT}%{qemudocdir} Changelog README TODO COPYING COPYING.LIB LICENSE @@ -808,9 +580,6 @@ install -m 0644 %{SOURCE11} $RPM_BUILD_ROOT%{_udevdir} %check make check -%clean -rm -rf $RPM_BUILD_ROOT - %post system-x86 %ifarch %{ix86} x86_64 # load kvm modules now, so we can make sure no reboot is needed. @@ -1011,6 +780,10 @@ fi %{_mandir}/man1/qemu-img.1* %changelog +* Wed Jul 4 2012 Hans de Goede - 2:1.1.0-1 +- New upstream release 1.1.0 +- Drop about a 100 spice + USB patches, which are all upstream + * Mon Apr 23 2012 Paolo Bonzini - 2:1.0-17 - Fix install failure due to set -e (rhbz #815272) diff --git a/qemu_virtio-scsi_support.patch b/qemu_virtio-scsi_support.patch deleted file mode 100644 index 59f6876..0000000 --- a/qemu_virtio-scsi_support.patch +++ /dev/null @@ -1,1652 +0,0 @@ -diff -ruNp qemu-kvm-1.0/default-configs/pci.mak qemu-kvm-1.0.virtio-scsi/default-configs/pci.mak ---- qemu-kvm-1.0/default-configs/pci.mak 2011-12-04 04:38:06.000000000 -0600 -+++ qemu-kvm-1.0.virtio-scsi/default-configs/pci.mak 2012-02-07 14:44:53.424905251 -0600 -@@ -1,5 +1,6 @@ - CONFIG_PCI=y - CONFIG_VIRTIO_PCI=y -+CONFIG_VIRTIO_SCSI=y - CONFIG_VIRTIO=y - CONFIG_USB_UHCI=y - CONFIG_USB_OHCI=y -diff -ruNp qemu-kvm-1.0/default-configs/s390x-softmmu.mak qemu-kvm-1.0.virtio-scsi/default-configs/s390x-softmmu.mak ---- qemu-kvm-1.0/default-configs/s390x-softmmu.mak 2011-12-04 04:38:06.000000000 -0600 -+++ qemu-kvm-1.0.virtio-scsi/default-configs/s390x-softmmu.mak 2012-02-07 14:44:53.424905251 -0600 -@@ -1 +1,2 @@ - CONFIG_VIRTIO=y -+CONFIG_VIRTIO_SCSI=y -diff -ruNp qemu-kvm-1.0/dma.h qemu-kvm-1.0.virtio-scsi/dma.h ---- qemu-kvm-1.0/dma.h 2011-12-04 04:38:06.000000000 -0600 -+++ qemu-kvm-1.0.virtio-scsi/dma.h 2012-02-07 14:44:53.425905267 -0600 -@@ -17,6 +17,13 @@ - - typedef struct ScatterGatherEntry ScatterGatherEntry; - -+struct QEMUSGList { -+ ScatterGatherEntry *sg; -+ int nsg; -+ int nalloc; -+ size_t size; -+}; -+ - #if defined(TARGET_PHYS_ADDR_BITS) - typedef target_phys_addr_t dma_addr_t; - -@@ -32,13 +39,6 @@ struct ScatterGatherEntry { - dma_addr_t len; - }; - --struct QEMUSGList { -- ScatterGatherEntry *sg; -- int nsg; -- int nalloc; -- dma_addr_t size; --}; -- - void qemu_sglist_init(QEMUSGList *qsg, int alloc_hint); - void qemu_sglist_add(QEMUSGList *qsg, dma_addr_t base, dma_addr_t len); - void qemu_sglist_destroy(QEMUSGList *qsg); -@@ -58,4 +58,10 @@ BlockDriverAIOCB *dma_bdrv_read(BlockDri - BlockDriverAIOCB *dma_bdrv_write(BlockDriverState *bs, - QEMUSGList *sg, uint64_t sector, - BlockDriverCompletionFunc *cb, void *opaque); -+uint64_t dma_buf_read(uint8_t *ptr, int32_t len, QEMUSGList *sg); -+uint64_t dma_buf_write(uint8_t *ptr, int32_t len, QEMUSGList *sg); -+ -+void dma_acct_start(BlockDriverState *bs, BlockAcctCookie *cookie, -+ QEMUSGList *sg, enum BlockAcctType type); -+ - #endif -diff -ruNp qemu-kvm-1.0/dma-helpers.c qemu-kvm-1.0.virtio-scsi/dma-helpers.c ---- qemu-kvm-1.0/dma-helpers.c 2011-12-04 04:38:06.000000000 -0600 -+++ qemu-kvm-1.0.virtio-scsi/dma-helpers.c 2012-02-07 14:44:53.424905251 -0600 -@@ -196,3 +196,39 @@ BlockDriverAIOCB *dma_bdrv_write(BlockDr - { - return dma_bdrv_io(bs, sg, sector, bdrv_aio_writev, cb, opaque, true); - } -+ -+ -+static uint64_t dma_buf_rw(uint8_t *ptr, int32_t len, QEMUSGList *sg, bool to_dev) -+{ -+ uint64_t resid; -+ int sg_cur_index; -+ -+ resid = sg->size; -+ sg_cur_index = 0; -+ len = MIN(len, resid); -+ while (len > 0) { -+ ScatterGatherEntry entry = sg->sg[sg_cur_index++]; -+ cpu_physical_memory_rw(entry.base, ptr, MIN(len, entry.len), !to_dev); -+ ptr += entry.len; -+ len -= entry.len; -+ resid -= entry.len; -+ } -+ -+ return resid; -+} -+ -+uint64_t dma_buf_read(uint8_t *ptr, int32_t len, QEMUSGList *sg) -+{ -+ return dma_buf_rw(ptr, len, sg, 0); -+} -+ -+uint64_t dma_buf_write(uint8_t *ptr, int32_t len, QEMUSGList *sg) -+{ -+ return dma_buf_rw(ptr, len, sg, 1); -+} -+ -+void dma_acct_start(BlockDriverState *bs, BlockAcctCookie *cookie, -+ QEMUSGList *sg, enum BlockAcctType type) -+{ -+ bdrv_acct_start(bs, cookie, sg->size, type); -+} -diff -ruNp qemu-kvm-1.0/hw/esp.c qemu-kvm-1.0.virtio-scsi/hw/esp.c ---- qemu-kvm-1.0/hw/esp.c 2011-12-04 04:38:06.000000000 -0600 -+++ qemu-kvm-1.0.virtio-scsi/hw/esp.c 2012-02-07 14:44:53.425905267 -0600 -@@ -389,7 +389,8 @@ static void esp_do_dma(ESPState *s) - esp_dma_done(s); - } - --static void esp_command_complete(SCSIRequest *req, uint32_t status) -+static void esp_command_complete(SCSIRequest *req, uint32_t status, -+ int32_t resid) - { - ESPState *s = DO_UPCAST(ESPState, busdev.qdev, req->bus->qbus.parent); - -diff -ruNp qemu-kvm-1.0/hw/ide/ahci.c qemu-kvm-1.0.virtio-scsi/hw/ide/ahci.c ---- qemu-kvm-1.0/hw/ide/ahci.c 2011-12-04 04:38:06.000000000 -0600 -+++ qemu-kvm-1.0.virtio-scsi/hw/ide/ahci.c 2012-02-07 14:44:53.426905283 -0600 -@@ -425,55 +425,6 @@ static void ahci_reg_init(AHCIState *s) - } - } - --static uint32_t read_from_sglist(uint8_t *buffer, uint32_t len, -- QEMUSGList *sglist) --{ -- uint32_t i = 0; -- uint32_t total = 0, once; -- ScatterGatherEntry *cur_prd; -- uint32_t sgcount; -- -- cur_prd = sglist->sg; -- sgcount = sglist->nsg; -- for (i = 0; len && sgcount; i++) { -- once = MIN(cur_prd->len, len); -- cpu_physical_memory_read(cur_prd->base, buffer, once); -- cur_prd++; -- sgcount--; -- len -= once; -- buffer += once; -- total += once; -- } -- -- return total; --} -- --static uint32_t write_to_sglist(uint8_t *buffer, uint32_t len, -- QEMUSGList *sglist) --{ -- uint32_t i = 0; -- uint32_t total = 0, once; -- ScatterGatherEntry *cur_prd; -- uint32_t sgcount; -- -- DPRINTF(-1, "total: 0x%x bytes\n", len); -- -- cur_prd = sglist->sg; -- sgcount = sglist->nsg; -- for (i = 0; len && sgcount; i++) { -- once = MIN(cur_prd->len, len); -- DPRINTF(-1, "write 0x%x bytes to 0x%lx\n", once, (long)cur_prd->base); -- cpu_physical_memory_write(cur_prd->base, buffer, once); -- cur_prd++; -- sgcount--; -- len -= once; -- buffer += once; -- total += once; -- } -- -- return total; --} -- - static void check_cmd(AHCIState *s, int port) - { - AHCIPortRegs *pr = &s->dev[port].port_regs; -@@ -794,9 +745,8 @@ static void process_ncq_command(AHCIStat - DPRINTF(port, "tag %d aio read %"PRId64"\n", - ncq_tfs->tag, ncq_tfs->lba); - -- bdrv_acct_start(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->acct, -- (ncq_tfs->sector_count-1) * BDRV_SECTOR_SIZE, -- BDRV_ACCT_READ); -+ dma_acct_start(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->acct, -+ &ncq_tfs->sglist, BDRV_ACCT_READ); - ncq_tfs->aiocb = dma_bdrv_read(ncq_tfs->drive->port.ifs[0].bs, - &ncq_tfs->sglist, ncq_tfs->lba, - ncq_cb, ncq_tfs); -@@ -808,9 +758,8 @@ static void process_ncq_command(AHCIStat - DPRINTF(port, "tag %d aio write %"PRId64"\n", - ncq_tfs->tag, ncq_tfs->lba); - -- bdrv_acct_start(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->acct, -- (ncq_tfs->sector_count-1) * BDRV_SECTOR_SIZE, -- BDRV_ACCT_WRITE); -+ dma_acct_start(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->acct, -+ &ncq_tfs->sglist, BDRV_ACCT_WRITE); - ncq_tfs->aiocb = dma_bdrv_write(ncq_tfs->drive->port.ifs[0].bs, - &ncq_tfs->sglist, ncq_tfs->lba, - ncq_cb, ncq_tfs); -@@ -1015,12 +964,12 @@ static int ahci_start_transfer(IDEDMA *d - is_write ? "writ" : "read", size, is_atapi ? "atapi" : "ata", - has_sglist ? "" : "o"); - -- if (is_write && has_sglist && (s->data_ptr < s->data_end)) { -- read_from_sglist(s->data_ptr, size, &s->sg); -- } -- -- if (!is_write && has_sglist && (s->data_ptr < s->data_end)) { -- write_to_sglist(s->data_ptr, size, &s->sg); -+ if (has_sglist && size) { -+ if (is_write) { -+ dma_buf_write(s->data_ptr, size, &s->sg); -+ } else { -+ dma_buf_read(s->data_ptr, size, &s->sg); -+ } - } - - /* update number of transferred bytes */ -@@ -1059,14 +1008,9 @@ static int ahci_dma_prepare_buf(IDEDMA * - { - AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma); - IDEState *s = &ad->port.ifs[0]; -- int i; - - ahci_populate_sglist(ad, &s->sg); -- -- s->io_buffer_size = 0; -- for (i = 0; i < s->sg.nsg; i++) { -- s->io_buffer_size += s->sg.sg[i].len; -- } -+ s->io_buffer_size = s->sg.size; - - DPRINTF(ad->port_no, "len=%#x\n", s->io_buffer_size); - return s->io_buffer_size != 0; -@@ -1084,9 +1028,9 @@ static int ahci_dma_rw_buf(IDEDMA *dma, - } - - if (is_write) { -- write_to_sglist(p, l, &s->sg); -+ dma_buf_read(p, l, &s->sg); - } else { -- read_from_sglist(p, l, &s->sg); -+ dma_buf_write(p, l, &s->sg); - } - - /* update number of transferred bytes */ -diff -ruNp qemu-kvm-1.0/hw/lsi53c895a.c qemu-kvm-1.0.virtio-scsi/hw/lsi53c895a.c ---- qemu-kvm-1.0/hw/lsi53c895a.c 2011-12-04 04:38:06.000000000 -0600 -+++ qemu-kvm-1.0.virtio-scsi/hw/lsi53c895a.c 2012-02-07 14:44:53.427905299 -0600 -@@ -699,7 +699,7 @@ static int lsi_queue_req(LSIState *s, SC - } - - /* Callback to indicate that the SCSI layer has completed a command. */ --static void lsi_command_complete(SCSIRequest *req, uint32_t status) -+static void lsi_command_complete(SCSIRequest *req, uint32_t status, int32_t resid) - { - LSIState *s = DO_UPCAST(LSIState, dev.qdev, req->bus->qbus.parent); - int out; -diff -ruNp qemu-kvm-1.0/hw/pci.h qemu-kvm-1.0.virtio-scsi/hw/pci.h ---- qemu-kvm-1.0/hw/pci.h 2011-12-04 04:38:06.000000000 -0600 -+++ qemu-kvm-1.0.virtio-scsi/hw/pci.h 2012-02-07 14:44:53.427905299 -0600 -@@ -76,6 +76,7 @@ - #define PCI_DEVICE_ID_VIRTIO_BLOCK 0x1001 - #define PCI_DEVICE_ID_VIRTIO_BALLOON 0x1002 - #define PCI_DEVICE_ID_VIRTIO_CONSOLE 0x1003 -+#define PCI_DEVICE_ID_VIRTIO_SCSI 0x1004 - - #define FMT_PCIBUS PRIx64 - -diff -ruNp qemu-kvm-1.0/hw/s390-virtio-bus.c qemu-kvm-1.0.virtio-scsi/hw/s390-virtio-bus.c ---- qemu-kvm-1.0/hw/s390-virtio-bus.c 2011-12-04 04:38:06.000000000 -0600 -+++ qemu-kvm-1.0.virtio-scsi/hw/s390-virtio-bus.c 2012-02-07 14:44:53.428905315 -0600 -@@ -158,6 +158,18 @@ static int s390_virtio_serial_init(VirtI - return r; - } - -+static int s390_virtio_scsi_init(VirtIOS390Device *dev) -+{ -+ VirtIODevice *vdev; -+ -+ vdev = virtio_scsi_init((DeviceState *)dev, &dev->scsi); -+ if (!vdev) { -+ return -1; -+ } -+ -+ return s390_virtio_device_init(dev, vdev); -+} -+ - static uint64_t s390_virtio_device_vq_token(VirtIOS390Device *dev, int vq) - { - ram_addr_t token_off; -@@ -370,6 +382,17 @@ static VirtIOS390DeviceInfo s390_virtio_ - }, - }; - -+static VirtIOS390DeviceInfo s390_virtio_scsi = { -+ .init = s390_virtio_scsi_init, -+ .qdev.name = "virtio-scsi-s390", -+ .qdev.alias = "virtio-scsi", -+ .qdev.size = sizeof(VirtIOS390Device), -+ .qdev.props = (Property[]) { -+ DEFINE_VIRTIO_SCSI_PROPERTIES(VirtIOS390Device, host_features, scsi), -+ DEFINE_PROP_END_OF_LIST(), -+ }, -+}; -+ - static int s390_virtio_busdev_init(DeviceState *dev, DeviceInfo *info) - { - VirtIOS390DeviceInfo *_info = (VirtIOS390DeviceInfo *)info; -@@ -392,6 +415,7 @@ static void s390_virtio_register(void) - s390_virtio_bus_register_withprop(&s390_virtio_serial); - s390_virtio_bus_register_withprop(&s390_virtio_blk); - s390_virtio_bus_register_withprop(&s390_virtio_net); -+ s390_virtio_bus_register_withprop(&s390_virtio_scsi); - } - device_init(s390_virtio_register); - -diff -ruNp qemu-kvm-1.0/hw/s390-virtio-bus.h qemu-kvm-1.0.virtio-scsi/hw/s390-virtio-bus.h ---- qemu-kvm-1.0/hw/s390-virtio-bus.h 2011-12-04 04:38:06.000000000 -0600 -+++ qemu-kvm-1.0.virtio-scsi/hw/s390-virtio-bus.h 2012-02-07 14:44:53.428905315 -0600 -@@ -19,6 +19,7 @@ - - #include "virtio-net.h" - #include "virtio-serial.h" -+#include "virtio-scsi.h" - - #define VIRTIO_DEV_OFFS_TYPE 0 /* 8 bits */ - #define VIRTIO_DEV_OFFS_NUM_VQ 1 /* 8 bits */ -@@ -47,6 +48,7 @@ typedef struct VirtIOS390Device { - uint32_t host_features; - virtio_serial_conf serial; - virtio_net_conf net; -+ VirtIOSCSIConf scsi; - } VirtIOS390Device; - - typedef struct VirtIOS390Bus { -diff -ruNp qemu-kvm-1.0/hw/scsi-bus.c qemu-kvm-1.0.virtio-scsi/hw/scsi-bus.c ---- qemu-kvm-1.0/hw/scsi-bus.c 2011-12-04 04:38:06.000000000 -0600 -+++ qemu-kvm-1.0.virtio-scsi/hw/scsi-bus.c 2012-02-07 14:44:53.428905315 -0600 -@@ -5,6 +5,7 @@ - #include "qdev.h" - #include "blockdev.h" - #include "trace.h" -+#include "dma.h" - - static char *scsibus_get_fw_dev_path(DeviceState *dev); - static int scsi_req_parse(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf); -@@ -50,6 +51,7 @@ static void scsi_dma_restart_bh(void *op - scsi_req_continue(req); - break; - case SCSI_XFER_NONE: -+ assert(!req->sg); - scsi_req_dequeue(req); - scsi_req_enqueue(req); - break; -@@ -512,6 +514,8 @@ SCSIRequest *scsi_req_new(SCSIDevice *d, - } - - req->cmd = cmd; -+ req->resid = req->cmd.xfer; -+ - switch (buf[0]) { - case INQUIRY: - trace_scsi_inquiry(d->id, lun, tag, cmd.buf[1], cmd.buf[2]); -@@ -624,15 +628,25 @@ void scsi_req_build_sense(SCSIRequest *r - req->sense_len = 18; - } - --int32_t scsi_req_enqueue(SCSIRequest *req) -+static void scsi_req_enqueue_internal(SCSIRequest *req) - { -- int32_t rc; -- - assert(!req->enqueued); - scsi_req_ref(req); -+ if (req->bus->info->get_sg_list) { -+ req->sg = req->bus->info->get_sg_list(req); -+ } else { -+ req->sg = NULL; -+ } - req->enqueued = true; - QTAILQ_INSERT_TAIL(&req->dev->requests, req, next); -+} -+ -+int32_t scsi_req_enqueue(SCSIRequest *req) -+{ -+ int32_t rc; - -+ assert (!req->retry); -+ scsi_req_enqueue_internal(req); - scsi_req_ref(req); - rc = req->ops->send_command(req, req->cmd.buf); - scsi_req_unref(req); -@@ -1254,12 +1268,32 @@ void scsi_req_continue(SCSIRequest *req) - Once it completes, calling scsi_req_continue will restart I/O. */ - void scsi_req_data(SCSIRequest *req, int len) - { -+ uint8_t *buf; - if (req->io_canceled) { - trace_scsi_req_data_canceled(req->dev->id, req->lun, req->tag, len); -- } else { -- trace_scsi_req_data(req->dev->id, req->lun, req->tag, len); -+ return; -+ } -+ trace_scsi_req_data(req->dev->id, req->lun, req->tag, len); -+ assert(req->cmd.mode != SCSI_XFER_NONE); -+ if (!req->sg) { -+ req->resid -= len; - req->bus->info->transfer_data(req, len); -+ return; -+ } -+ -+ /* If the device calls scsi_req_data and the HBA specified a -+ * scatter/gather list, the transfer has to happen in a single -+ * step. */ -+ assert(!req->dma_started); -+ req->dma_started = true; -+ -+ buf = scsi_req_get_buf(req); -+ if (req->cmd.mode == SCSI_XFER_FROM_DEV) { -+ req->resid = dma_buf_read(buf, len, req->sg); -+ } else { -+ req->resid = dma_buf_write(buf, len, req->sg); - } -+ scsi_req_continue(req); - } - - void scsi_req_print(SCSIRequest *req) -@@ -1318,7 +1352,7 @@ void scsi_req_complete(SCSIRequest *req, - - scsi_req_ref(req); - scsi_req_dequeue(req); -- req->bus->info->complete(req, req->status); -+ req->bus->info->complete(req, req->status, req->resid); - scsi_req_unref(req); - } - -@@ -1393,3 +1427,100 @@ SCSIDevice *scsi_device_find(SCSIBus *bu - } - return target_dev; - } -+ -+ -+/* SCSI request list. For simplicity, pv points to the whole device */ -+ -+static void put_scsi_requests(QEMUFile *f, void *pv, size_t size) -+{ -+ SCSIDevice *s = pv; -+ SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, s->qdev.parent_bus); -+ SCSIRequest *req; -+ -+ QTAILQ_FOREACH(req, &s->requests, next) { -+ assert(!req->io_canceled); -+ assert(req->status == -1); -+ assert(req->retry); -+ assert(req->enqueued); -+ -+ qemu_put_sbyte(f, 1); -+ qemu_put_buffer(f, req->cmd.buf, sizeof(req->cmd.buf)); -+ qemu_put_be32s(f, &req->tag); -+ qemu_put_be32s(f, &req->lun); -+ if (bus->info->save_request) { -+ bus->info->save_request(f, req); -+ } -+ if (req->ops->save_request) { -+ req->ops->save_request(f, req); -+ } -+ } -+ qemu_put_sbyte(f, 0); -+} -+ -+static int get_scsi_requests(QEMUFile *f, void *pv, size_t size) -+{ -+ SCSIDevice *s = pv; -+ SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, s->qdev.parent_bus); -+ -+ while (qemu_get_sbyte(f)) { -+ uint8_t buf[SCSI_CMD_BUF_SIZE]; -+ uint32_t tag; -+ uint32_t lun; -+ SCSIRequest *req; -+ -+ qemu_get_buffer(f, buf, sizeof(buf)); -+ qemu_get_be32s(f, &tag); -+ qemu_get_be32s(f, &lun); -+ req = scsi_req_new(s, tag, lun, buf, NULL); -+ if (bus->info->load_request) { -+ req->hba_private = bus->info->load_request(f, req); -+ } -+ if (req->ops->load_request) { -+ req->ops->load_request(f, req); -+ } -+ -+ /* Just restart it later. */ -+ req->retry = true; -+ scsi_req_enqueue_internal(req); -+ -+ /* At this point, the request will be kept alive by the reference -+ * added by scsi_req_enqueue_internal, so we can release our reference. -+ * The HBA of course will add its own reference in the load_request -+ * callback if it needs to hold on the SCSIRequest. -+ */ -+ scsi_req_unref(req); -+ } -+ -+ return 0; -+} -+ -+const VMStateInfo vmstate_info_scsi_requests = { -+ .name = "scsi-requests", -+ .get = get_scsi_requests, -+ .put = put_scsi_requests, -+}; -+ -+const VMStateDescription vmstate_scsi_device = { -+ .name = "SCSIDevice", -+ .version_id = 1, -+ .minimum_version_id = 1, -+ .minimum_version_id_old = 1, -+ .fields = (VMStateField[]) { -+ VMSTATE_UINT8(unit_attention.key, SCSIDevice), -+ VMSTATE_UINT8(unit_attention.asc, SCSIDevice), -+ VMSTATE_UINT8(unit_attention.ascq, SCSIDevice), -+ VMSTATE_BOOL(sense_is_ua, SCSIDevice), -+ VMSTATE_UINT8_ARRAY(sense, SCSIDevice, SCSI_SENSE_BUF_SIZE), -+ VMSTATE_UINT32(sense_len, SCSIDevice), -+ { -+ .name = "requests", -+ .version_id = 0, -+ .field_exists = NULL, -+ .size = 0, /* ouch */ -+ .info = &vmstate_info_scsi_requests, -+ .flags = VMS_SINGLE, -+ .offset = 0, -+ }, -+ VMSTATE_END_OF_LIST() -+ } -+}; -diff -ruNp qemu-kvm-1.0/hw/scsi-disk.c qemu-kvm-1.0.virtio-scsi/hw/scsi-disk.c ---- qemu-kvm-1.0/hw/scsi-disk.c 2011-12-04 04:38:06.000000000 -0600 -+++ qemu-kvm-1.0.virtio-scsi/hw/scsi-disk.c 2012-02-07 14:44:53.429905331 -0600 -@@ -38,6 +38,7 @@ do { fprintf(stderr, "scsi-disk: " fmt , - #include "sysemu.h" - #include "blockdev.h" - #include "block_int.h" -+#include "dma.h" - - #ifdef __linux - #include -@@ -110,12 +111,12 @@ static void scsi_cancel_io(SCSIRequest * - r->req.aiocb = NULL; - } - --static uint32_t scsi_init_iovec(SCSIDiskReq *r) -+static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size) - { - SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); - - if (!r->iov.iov_base) { -- r->buflen = SCSI_DMA_BUF_SIZE; -+ r->buflen = size; - r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen); - } - r->iov.iov_len = MIN(r->sector_count * 512, r->buflen); -@@ -123,6 +124,56 @@ static uint32_t scsi_init_iovec(SCSIDisk - return r->qiov.size / 512; - } - -+static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req) -+{ -+ SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); -+ -+ qemu_put_be64s(f, &r->sector); -+ qemu_put_be32s(f, &r->sector_count); -+ qemu_put_be32s(f, &r->buflen); -+ if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) { -+ qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len); -+ } -+} -+ -+static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req) -+{ -+ SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); -+ -+ qemu_get_be64s(f, &r->sector); -+ qemu_get_be32s(f, &r->sector_count); -+ qemu_get_be32s(f, &r->buflen); -+ if (r->buflen) { -+ scsi_init_iovec(r, r->buflen); -+ if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { -+ qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len); -+ } -+ } -+ -+ qemu_iovec_init_external(&r->qiov, &r->iov, 1); -+} -+ -+static void scsi_dma_complete(void * opaque, int ret) -+{ -+ SCSIDiskReq *r = (SCSIDiskReq *)opaque; -+ SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); -+ -+ bdrv_acct_done(s->qdev.conf.bs, &r->acct); -+ -+ if (ret) { -+ if (scsi_handle_rw_error(r, -ret)) { -+ goto done; -+ } -+ } -+ -+ r->sector += r->sector_count; -+ r->sector_count = 0; -+ scsi_req_complete(&r->req, GOOD); -+ -+done: -+ scsi_req_unref(&r->req); -+} -+ - static void scsi_read_complete(void * opaque, int ret) - { - SCSIDiskReq *r = (SCSIDiskReq *)opaque; -@@ -213,10 +264,17 @@ static void scsi_read_data(SCSIRequest * - return; - } - -- n = scsi_init_iovec(r); -- bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ); -- r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n, -- scsi_read_complete, r); -+ if (r->req.sg) { -+ dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ); -+ r->req.resid -= r->req.sg->size; -+ r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector, -+ scsi_dma_complete, r); -+ } else { -+ n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); -+ bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ); -+ r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n, -+ scsi_read_complete, r); -+ } - if (r->req.aiocb == NULL) { - scsi_read_complete(r, -EIO); - } -@@ -290,7 +348,7 @@ static void scsi_write_complete(void * o - if (r->sector_count == 0) { - scsi_req_complete(&r->req, GOOD); - } else { -- scsi_init_iovec(r); -+ scsi_init_iovec(r, SCSI_DMA_BUF_SIZE); - DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size); - scsi_req_data(&r->req, r->qiov.size); - } -@@ -318,21 +376,29 @@ static void scsi_write_data(SCSIRequest - return; - } - -- n = r->qiov.size / 512; -- if (n) { -- if (s->tray_open) { -- scsi_write_complete(r, -ENOMEDIUM); -- return; -- } -+ if (!r->req.sg && !r->qiov.size) { -+ /* Called for the first time. Ask the driver to send us more data. */ -+ scsi_write_complete(r, 0); -+ return; -+ } -+ if (s->tray_open) { -+ scsi_write_complete(r, -ENOMEDIUM); -+ return; -+ } -+ -+ if (r->req.sg) { -+ dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE); -+ r->req.resid -= r->req.sg->size; -+ r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector, -+ scsi_dma_complete, r); -+ } else { -+ n = r->qiov.size / 512; - bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE); - r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n, - scsi_write_complete, r); -- if (r->req.aiocb == NULL) { -- scsi_write_complete(r, -ENOMEM); -- } -- } else { -- /* Called for the first time. Ask the driver to send us more data. */ -- scsi_write_complete(r, 0); -+ } -+ if (r->req.aiocb == NULL) { -+ scsi_write_complete(r, -ENOMEM); - } - } - -@@ -1601,6 +1667,8 @@ static const SCSIReqOps scsi_disk_reqops - .write_data = scsi_write_data, - .cancel_io = scsi_cancel_io, - .get_buf = scsi_get_buf, -+ .load_request = scsi_disk_load_request, -+ .save_request = scsi_disk_save_request, - }; - - static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, -@@ -1729,6 +1797,22 @@ static SCSIRequest *scsi_block_new_reque - DEFINE_PROP_STRING("ver", SCSIDiskState, version), \ - DEFINE_PROP_STRING("serial", SCSIDiskState, serial) - -+static const VMStateDescription vmstate_scsi_disk_state = { -+ .name = "scsi-disk", -+ .version_id = 1, -+ .minimum_version_id = 1, -+ .minimum_version_id_old = 1, -+ .fields = (VMStateField[]) { -+ VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState), -+ VMSTATE_BOOL(media_changed, SCSIDiskState), -+ VMSTATE_BOOL(media_event, SCSIDiskState), -+ VMSTATE_BOOL(eject_request, SCSIDiskState), -+ VMSTATE_BOOL(tray_open, SCSIDiskState), -+ VMSTATE_BOOL(tray_locked, SCSIDiskState), -+ VMSTATE_END_OF_LIST() -+ } -+}; -+ - static SCSIDeviceInfo scsi_disk_info[] = { - { - .qdev.name = "scsi-hd", -@@ -1736,6 +1820,7 @@ static SCSIDeviceInfo scsi_disk_info[] = - .qdev.desc = "virtual SCSI disk", - .qdev.size = sizeof(SCSIDiskState), - .qdev.reset = scsi_disk_reset, -+ .qdev.vmsd = &vmstate_scsi_disk_state, - .init = scsi_hd_initfn, - .destroy = scsi_destroy, - .alloc_req = scsi_new_request, -@@ -1751,6 +1836,7 @@ static SCSIDeviceInfo scsi_disk_info[] = - .qdev.desc = "virtual SCSI CD-ROM", - .qdev.size = sizeof(SCSIDiskState), - .qdev.reset = scsi_disk_reset, -+ .qdev.vmsd = &vmstate_scsi_disk_state, - .init = scsi_cd_initfn, - .destroy = scsi_destroy, - .alloc_req = scsi_new_request, -@@ -1766,6 +1852,7 @@ static SCSIDeviceInfo scsi_disk_info[] = - .qdev.desc = "SCSI block device passthrough", - .qdev.size = sizeof(SCSIDiskState), - .qdev.reset = scsi_disk_reset, -+ .qdev.vmsd = &vmstate_scsi_disk_state, - .init = scsi_block_initfn, - .destroy = scsi_destroy, - .alloc_req = scsi_block_new_request, -@@ -1780,6 +1867,7 @@ static SCSIDeviceInfo scsi_disk_info[] = - .qdev.desc = "virtual SCSI disk or CD-ROM (legacy)", - .qdev.size = sizeof(SCSIDiskState), - .qdev.reset = scsi_disk_reset, -+ .qdev.vmsd = &vmstate_scsi_disk_state, - .init = scsi_disk_initfn, - .destroy = scsi_destroy, - .alloc_req = scsi_new_request, -diff -ruNp qemu-kvm-1.0/hw/scsi-generic.c qemu-kvm-1.0.virtio-scsi/hw/scsi-generic.c ---- qemu-kvm-1.0/hw/scsi-generic.c 2011-12-04 04:38:06.000000000 -0600 -+++ qemu-kvm-1.0.virtio-scsi/hw/scsi-generic.c 2012-02-07 14:44:53.430905347 -0600 -@@ -59,6 +59,28 @@ typedef struct SCSIGenericReq { - sg_io_hdr_t io_header; - } SCSIGenericReq; - -+static void scsi_generic_save_request(QEMUFile *f, SCSIRequest *req) -+{ -+ SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); -+ -+ qemu_put_sbe32s(f, &r->buflen); -+ if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) { -+ assert(!r->req.sg); -+ qemu_put_buffer(f, r->buf, r->req.cmd.xfer); -+ } -+} -+ -+static void scsi_generic_load_request(QEMUFile *f, SCSIRequest *req) -+{ -+ SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); -+ -+ qemu_get_sbe32s(f, &r->buflen); -+ if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) { -+ assert(!r->req.sg); -+ qemu_get_buffer(f, r->buf, r->req.cmd.xfer); -+ } -+} -+ - static void scsi_free_request(SCSIRequest *req) - { - SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req); -@@ -450,6 +472,8 @@ const SCSIReqOps scsi_generic_req_ops = - .write_data = scsi_write_data, - .cancel_io = scsi_cancel_io, - .get_buf = scsi_get_buf, -+ .load_request = scsi_generic_load_request, -+ .save_request = scsi_generic_save_request, - }; - - static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, -@@ -467,6 +491,7 @@ static SCSIDeviceInfo scsi_generic_info - .qdev.desc = "pass through generic scsi device (/dev/sg*)", - .qdev.size = sizeof(SCSIDevice), - .qdev.reset = scsi_generic_reset, -+ .qdev.vmsd = &vmstate_scsi_device, - .init = scsi_generic_initfn, - .destroy = scsi_destroy, - .alloc_req = scsi_new_request, -diff -ruNp qemu-kvm-1.0/hw/scsi.h qemu-kvm-1.0.virtio-scsi/hw/scsi.h ---- qemu-kvm-1.0/hw/scsi.h 2011-12-04 04:38:06.000000000 -0600 -+++ qemu-kvm-1.0.virtio-scsi/hw/scsi.h 2012-02-07 14:44:53.430905347 -0600 -@@ -47,8 +47,11 @@ struct SCSIRequest { - uint32_t tag; - uint32_t lun; - uint32_t status; -+ size_t resid; - SCSICommand cmd; - BlockDriverAIOCB *aiocb; -+ QEMUSGList *sg; -+ bool dma_started; - uint8_t sense[SCSI_SENSE_BUF_SIZE]; - uint32_t sense_len; - bool enqueued; -@@ -78,6 +81,16 @@ struct SCSIDevice - uint64_t max_lba; - }; - -+extern const VMStateDescription vmstate_scsi_device; -+ -+#define VMSTATE_SCSI_DEVICE(_field, _state) { \ -+ .name = (stringify(_field)), \ -+ .size = sizeof(SCSIDevice), \ -+ .vmsd = &vmstate_scsi_device, \ -+ .flags = VMS_STRUCT, \ -+ .offset = vmstate_offset_value(_state, _field, SCSIDevice), \ -+} -+ - /* cdrom.c */ - int cdrom_read_toc(int nb_sectors, uint8_t *buf, int msf, int start_track); - int cdrom_read_toc_raw(int nb_sectors, uint8_t *buf, int msf, int session_num); -@@ -91,6 +104,9 @@ struct SCSIReqOps { - void (*write_data)(SCSIRequest *req); - void (*cancel_io)(SCSIRequest *req); - uint8_t *(*get_buf)(SCSIRequest *req); -+ -+ void (*save_request)(QEMUFile *f, SCSIRequest *req); -+ void (*load_request)(QEMUFile *f, SCSIRequest *req); - }; - - typedef int (*scsi_qdev_initfn)(SCSIDevice *dev); -@@ -107,8 +123,12 @@ struct SCSIBusInfo { - int tcq; - int max_channel, max_target, max_lun; - void (*transfer_data)(SCSIRequest *req, uint32_t arg); -- void (*complete)(SCSIRequest *req, uint32_t arg); -+ void (*complete)(SCSIRequest *req, uint32_t arg, int32_t len); - void (*cancel)(SCSIRequest *req); -+ QEMUSGList *(*get_sg_list)(SCSIRequest *req); -+ -+ void (*save_request)(QEMUFile *f, SCSIRequest *req); -+ void *(*load_request)(QEMUFile *f, SCSIRequest *req); - }; - - struct SCSIBus { -diff -ruNp qemu-kvm-1.0/hw/spapr_vscsi.c qemu-kvm-1.0.virtio-scsi/hw/spapr_vscsi.c ---- qemu-kvm-1.0/hw/spapr_vscsi.c 2011-12-04 04:38:06.000000000 -0600 -+++ qemu-kvm-1.0.virtio-scsi/hw/spapr_vscsi.c 2012-02-07 14:44:53.430905347 -0600 -@@ -494,7 +494,7 @@ static void vscsi_transfer_data(SCSIRequ - } - - /* Callback to indicate that the SCSI layer has completed a transfer. */ --static void vscsi_command_complete(SCSIRequest *sreq, uint32_t status) -+static void vscsi_command_complete(SCSIRequest *sreq, uint32_t status, int32_t resid) - { - VSCSIState *s = DO_UPCAST(VSCSIState, vdev.qdev, sreq->bus->qbus.parent); - vscsi_req *req = sreq->hba_private; -diff -ruNp qemu-kvm-1.0/hw/usb-msd.c qemu-kvm-1.0.virtio-scsi/hw/usb-msd.c ---- qemu-kvm-1.0/hw/usb-msd.c 2012-02-07 14:44:04.881123501 -0600 -+++ qemu-kvm-1.0.virtio-scsi/hw/usb-msd.c 2012-02-07 14:44:53.431905363 -0600 -@@ -223,7 +223,7 @@ static void usb_msd_transfer_data(SCSIRe - } - } - --static void usb_msd_command_complete(SCSIRequest *req, uint32_t status) -+static void usb_msd_command_complete(SCSIRequest *req, uint32_t status, int32_t resid) - { - MSDState *s = DO_UPCAST(MSDState, dev.qdev, req->bus->qbus.parent); - USBPacket *p = s->packet; -diff -ruNp qemu-kvm-1.0/hw/virtio.h qemu-kvm-1.0.virtio-scsi/hw/virtio.h ---- qemu-kvm-1.0/hw/virtio.h 2011-12-04 04:38:06.000000000 -0600 -+++ qemu-kvm-1.0.virtio-scsi/hw/virtio.h 2012-02-07 14:44:53.433905395 -0600 -@@ -199,6 +199,8 @@ VirtIODevice *virtio_net_init(DeviceStat - typedef struct virtio_serial_conf virtio_serial_conf; - VirtIODevice *virtio_serial_init(DeviceState *dev, virtio_serial_conf *serial); - VirtIODevice *virtio_balloon_init(DeviceState *dev); -+typedef struct VirtIOSCSIConf VirtIOSCSIConf; -+VirtIODevice *virtio_scsi_init(DeviceState *dev, VirtIOSCSIConf *conf); - #ifdef CONFIG_LINUX - VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf); - #endif -@@ -208,6 +210,7 @@ void virtio_net_exit(VirtIODevice *vdev) - void virtio_blk_exit(VirtIODevice *vdev); - void virtio_serial_exit(VirtIODevice *vdev); - void virtio_balloon_exit(VirtIODevice *vdev); -+void virtio_scsi_exit(VirtIODevice *vdev); - - #define DEFINE_VIRTIO_COMMON_FEATURES(_state, _field) \ - DEFINE_PROP_BIT("indirect_desc", _state, _field, \ -diff -ruNp qemu-kvm-1.0/hw/virtio-pci.c qemu-kvm-1.0.virtio-scsi/hw/virtio-pci.c ---- qemu-kvm-1.0/hw/virtio-pci.c 2012-02-07 14:44:04.850123002 -0600 -+++ qemu-kvm-1.0.virtio-scsi/hw/virtio-pci.c 2012-02-07 14:44:53.432905379 -0600 -@@ -19,6 +19,7 @@ - #include "virtio-blk.h" - #include "virtio-net.h" - #include "virtio-serial.h" -+#include "virtio-scsi.h" - #include "pci.h" - #include "qemu-error.h" - #include "msix.h" -@@ -855,6 +856,32 @@ static int virtio_balloon_exit_pci(PCIDe - return virtio_exit_pci(pci_dev); - } - -+static int virtio_scsi_init_pci(PCIDevice *pci_dev) -+{ -+ VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev); -+ VirtIODevice *vdev; -+ -+ vdev = virtio_scsi_init(&pci_dev->qdev, &proxy->scsi); -+ if (!vdev) { -+ return -EINVAL; -+ } -+ -+ vdev->nvectors = proxy->nvectors; -+ virtio_init_pci(proxy, vdev); -+ -+ /* make the actual value visible */ -+ proxy->nvectors = vdev->nvectors; -+ return 0; -+} -+ -+static int virtio_scsi_exit_pci(PCIDevice *pci_dev) -+{ -+ VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev); -+ -+ virtio_scsi_exit(proxy->vdev); -+ return virtio_exit_pci(pci_dev); -+} -+ - static PCIDeviceInfo virtio_info[] = { - { - .qdev.name = "virtio-blk-pci", -@@ -940,6 +967,21 @@ static PCIDeviceInfo virtio_info[] = { - }, - .qdev.reset = virtio_pci_reset, - },{ -+ .qdev.name = "virtio-scsi-pci", -+ .qdev.alias = "virtio-scsi", -+ .qdev.size = sizeof(VirtIOPCIProxy), -+ .init = virtio_scsi_init_pci, -+ .exit = virtio_scsi_exit_pci, -+ .vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET, -+ .device_id = PCI_DEVICE_ID_VIRTIO_SCSI, -+ .class_id = PCI_CLASS_STORAGE_SCSI, -+ .revision = 0x00, -+ .qdev.props = (Property[]) { -+ DEFINE_PROP_UINT32("vectors", VirtIOPCIProxy, nvectors, 2), -+ DEFINE_VIRTIO_SCSI_PROPERTIES(VirtIOPCIProxy, host_features, scsi), -+ DEFINE_PROP_END_OF_LIST(), -+ }, -+ }, { - /* end of list */ - } - }; -diff -ruNp qemu-kvm-1.0/hw/virtio-pci.h qemu-kvm-1.0.virtio-scsi/hw/virtio-pci.h ---- qemu-kvm-1.0/hw/virtio-pci.h 2012-02-07 14:44:04.850123002 -0600 -+++ qemu-kvm-1.0.virtio-scsi/hw/virtio-pci.h 2012-02-07 14:44:53.432905379 -0600 -@@ -17,6 +17,7 @@ - - #include "virtio-net.h" - #include "virtio-serial.h" -+#include "virtio-scsi.h" - - /* Performance improves when virtqueue kick processing is decoupled from the - * vcpu thread using ioeventfd for some devices. */ -@@ -40,6 +41,7 @@ typedef struct { - #endif - virtio_serial_conf serial; - virtio_net_conf net; -+ VirtIOSCSIConf scsi; - bool ioeventfd_disabled; - bool ioeventfd_started; - } VirtIOPCIProxy; -diff -ruNp qemu-kvm-1.0/hw/virtio-scsi.c qemu-kvm-1.0.virtio-scsi/hw/virtio-scsi.c ---- qemu-kvm-1.0/hw/virtio-scsi.c 1969-12-31 18:00:00.000000000 -0600 -+++ qemu-kvm-1.0.virtio-scsi/hw/virtio-scsi.c 2012-02-07 14:44:53.432905379 -0600 -@@ -0,0 +1,607 @@ -+/* -+ * Virtio SCSI HBA -+ * -+ * Copyright IBM, Corp. 2010 -+ * Copyright Red Hat, Inc. 2011 -+ * -+ * Authors: -+ * Stefan Hajnoczi -+ * Paolo Bonzini -+ * -+ * This work is licensed under the terms of the GNU GPL, version 2 or later. -+ * See the COPYING file in the top-level directory. -+ * -+ */ -+ -+#include "virtio-scsi.h" -+#include -+#include -+ -+#define VIRTIO_SCSI_VQ_SIZE 128 -+#define VIRTIO_SCSI_CDB_SIZE 32 -+#define VIRTIO_SCSI_SENSE_SIZE 96 -+#define VIRTIO_SCSI_MAX_CHANNEL 0 -+#define VIRTIO_SCSI_MAX_TARGET 255 -+#define VIRTIO_SCSI_MAX_LUN 16383 -+ -+/* Response codes */ -+#define VIRTIO_SCSI_S_OK 0 -+#define VIRTIO_SCSI_S_OVERRUN 1 -+#define VIRTIO_SCSI_S_ABORTED 2 -+#define VIRTIO_SCSI_S_BAD_TARGET 3 -+#define VIRTIO_SCSI_S_RESET 4 -+#define VIRTIO_SCSI_S_BUSY 5 -+#define VIRTIO_SCSI_S_TRANSPORT_FAILURE 6 -+#define VIRTIO_SCSI_S_TARGET_FAILURE 7 -+#define VIRTIO_SCSI_S_NEXUS_FAILURE 8 -+#define VIRTIO_SCSI_S_FAILURE 9 -+#define VIRTIO_SCSI_S_FUNCTION_SUCCEEDED 10 -+#define VIRTIO_SCSI_S_FUNCTION_REJECTED 11 -+#define VIRTIO_SCSI_S_INCORRECT_LUN 12 -+ -+/* Controlq type codes. */ -+#define VIRTIO_SCSI_T_TMF 0 -+#define VIRTIO_SCSI_T_AN_QUERY 1 -+#define VIRTIO_SCSI_T_AN_SUBSCRIBE 2 -+ -+/* Valid TMF subtypes. */ -+#define VIRTIO_SCSI_T_TMF_ABORT_TASK 0 -+#define VIRTIO_SCSI_T_TMF_ABORT_TASK_SET 1 -+#define VIRTIO_SCSI_T_TMF_CLEAR_ACA 2 -+#define VIRTIO_SCSI_T_TMF_CLEAR_TASK_SET 3 -+#define VIRTIO_SCSI_T_TMF_I_T_NEXUS_RESET 4 -+#define VIRTIO_SCSI_T_TMF_LOGICAL_UNIT_RESET 5 -+#define VIRTIO_SCSI_T_TMF_QUERY_TASK 6 -+#define VIRTIO_SCSI_T_TMF_QUERY_TASK_SET 7 -+ -+/* Events. */ -+#define VIRTIO_SCSI_T_EVENTS_MISSED 0x80000000 -+#define VIRTIO_SCSI_T_NO_EVENT 0 -+#define VIRTIO_SCSI_T_TRANSPORT_RESET 1 -+#define VIRTIO_SCSI_T_ASYNC_NOTIFY 2 -+ -+/* SCSI command request, followed by data-out */ -+typedef struct { -+ uint8_t lun[8]; /* Logical Unit Number */ -+ uint64_t tag; /* Command identifier */ -+ uint8_t task_attr; /* Task attribute */ -+ uint8_t prio; -+ uint8_t crn; -+ uint8_t cdb[]; -+} QEMU_PACKED VirtIOSCSICmdReq; -+ -+/* Response, followed by sense data and data-in */ -+typedef struct { -+ uint32_t sense_len; /* Sense data length */ -+ uint32_t resid; /* Residual bytes in data buffer */ -+ uint16_t status_qualifier; /* Status qualifier */ -+ uint8_t status; /* Command completion status */ -+ uint8_t response; /* Response values */ -+ uint8_t sense[]; -+} QEMU_PACKED VirtIOSCSICmdResp; -+ -+/* Task Management Request */ -+typedef struct { -+ uint32_t type; -+ uint32_t subtype; -+ uint8_t lun[8]; -+ uint64_t tag; -+} QEMU_PACKED VirtIOSCSICtrlTMFReq; -+ -+typedef struct { -+ uint8_t response; -+} QEMU_PACKED VirtIOSCSICtrlTMFResp; -+ -+/* Asynchronous notification query/subscription */ -+typedef struct { -+ uint32_t type; -+ uint8_t lun[8]; -+ uint32_t event_requested; -+} QEMU_PACKED VirtIOSCSICtrlANReq; -+ -+typedef struct { -+ uint32_t event_actual; -+ uint8_t response; -+} QEMU_PACKED VirtIOSCSICtrlANResp; -+ -+typedef struct { -+ uint32_t event; -+ uint8_t lun[8]; -+ uint32_t reason; -+} QEMU_PACKED VirtIOSCSIEvent; -+ -+typedef struct { -+ uint32_t num_queues; -+ uint32_t seg_max; -+ uint32_t max_sectors; -+ uint32_t cmd_per_lun; -+ uint32_t event_info_size; -+ uint32_t sense_size; -+ uint32_t cdb_size; -+ uint16_t max_channel; -+ uint16_t max_target; -+ uint32_t max_lun; -+} QEMU_PACKED VirtIOSCSIConfig; -+ -+typedef struct { -+ VirtIODevice vdev; -+ DeviceState *qdev; -+ VirtIOSCSIConf *conf; -+ -+ SCSIBus bus; -+ VirtQueue *ctrl_vq; -+ VirtQueue *event_vq; -+ VirtQueue *cmd_vq; -+ uint32_t sense_size; -+ uint32_t cdb_size; -+ bool resetting; -+} VirtIOSCSI; -+ -+typedef struct VirtIOSCSIReq { -+ VirtIOSCSI *dev; -+ VirtQueue *vq; -+ VirtQueueElement elem; -+ QEMUSGList qsgl; -+ SCSIRequest *sreq; -+ union { -+ char *buf; -+ VirtIOSCSICmdReq *cmd; -+ VirtIOSCSICtrlTMFReq *tmf; -+ VirtIOSCSICtrlANReq *an; -+ } req; -+ union { -+ char *buf; -+ VirtIOSCSICmdResp *cmd; -+ VirtIOSCSICtrlTMFResp *tmf; -+ VirtIOSCSICtrlANResp *an; -+ VirtIOSCSIEvent *event; -+ } resp; -+} VirtIOSCSIReq; -+ -+static inline int virtio_scsi_get_lun(uint8_t *lun) -+{ -+ return ((lun[2] << 8) | lun[3]) & 0x3FFF; -+} -+ -+static inline SCSIDevice *virtio_scsi_device_find(VirtIOSCSI *s, uint8_t *lun) -+{ -+ if (lun[0] != 1) { -+ return NULL; -+ } -+ if (lun[2] != 0 && !(lun[2] >= 0x40 && lun[2] < 0x80)) { -+ return NULL; -+ } -+ return scsi_device_find(&s->bus, 0, lun[1], virtio_scsi_get_lun(lun)); -+} -+ -+static void virtio_scsi_complete_req(VirtIOSCSIReq *req) -+{ -+ VirtIOSCSI *s = req->dev; -+ VirtQueue *vq = req->vq; -+ virtqueue_push(vq, &req->elem, req->qsgl.size + req->elem.in_sg[0].iov_len); -+ qemu_sglist_destroy(&req->qsgl); -+ if (req->sreq) { -+ req->sreq->hba_private = NULL; -+ scsi_req_unref(req->sreq); -+ } -+ g_free(req); -+ virtio_notify(&s->vdev, vq); -+} -+ -+static void virtio_scsi_bad_req(void) -+{ -+ error_report("wrong size for virtio-scsi headers"); -+ exit(1); -+} -+ -+static void qemu_sgl_init_external(QEMUSGList *qsgl, struct iovec *sg, -+ target_phys_addr_t *addr, int num) -+{ -+ memset(qsgl, 0, sizeof(*qsgl)); -+ while (num--) { -+ qemu_sglist_add(qsgl, *(addr++), (sg++)->iov_len); -+ } -+} -+ -+static void virtio_scsi_parse_req(VirtIOSCSI *s, VirtQueue *vq, -+ VirtIOSCSIReq *req) -+{ -+ assert(req->elem.out_num && req->elem.in_num); -+ req->vq = vq; -+ req->dev = s; -+ req->sreq = NULL; -+ req->req.buf = req->elem.out_sg[0].iov_base; -+ req->resp.buf = req->elem.in_sg[0].iov_base; -+ -+ if (req->elem.out_num > 1) { -+ qemu_sgl_init_external(&req->qsgl, &req->elem.out_sg[1], -+ &req->elem.out_addr[1], -+ req->elem.out_num - 1); -+ } else { -+ qemu_sgl_init_external(&req->qsgl, &req->elem.in_sg[1], -+ &req->elem.in_addr[1], -+ req->elem.in_num - 1); -+ } -+} -+ -+static VirtIOSCSIReq *virtio_scsi_pop_req(VirtIOSCSI *s, VirtQueue *vq) -+{ -+ VirtIOSCSIReq *req; -+ req = g_malloc(sizeof(*req)); -+ if (!virtqueue_pop(vq, &req->elem)) { -+ g_free(req); -+ return NULL; -+ } -+ -+ virtio_scsi_parse_req(s, vq, req); -+ return req; -+} -+ -+static void virtio_scsi_save_request(QEMUFile *f, SCSIRequest *sreq) -+{ -+ VirtIOSCSIReq *req = sreq->hba_private; -+ -+ qemu_put_buffer(f, (unsigned char*)&req->elem, sizeof(req->elem)); -+} -+ -+static void *virtio_scsi_load_request(QEMUFile *f, SCSIRequest *sreq) -+{ -+ SCSIBus *bus = sreq->bus; -+ VirtIOSCSI *s = container_of(bus, VirtIOSCSI, bus); -+ VirtIOSCSIReq *req; -+ -+ req = g_malloc(sizeof(*req)); -+ qemu_get_buffer(f, (unsigned char*)&req->elem, sizeof(req->elem)); -+ virtio_scsi_parse_req(s, s->cmd_vq, req); -+ -+ scsi_req_ref(sreq); -+ req->sreq = sreq; -+ if (req->sreq->cmd.mode != SCSI_XFER_NONE) { -+ int req_mode = -+ (req->elem.in_num > 1 ? SCSI_XFER_FROM_DEV : SCSI_XFER_TO_DEV); -+ -+ assert (req->sreq->cmd.mode == req_mode); -+ } -+ return req; -+} -+ -+static void virtio_scsi_do_tmf(VirtIOSCSI *s, VirtIOSCSIReq *req) -+{ -+ SCSIDevice *d = virtio_scsi_device_find(s, req->req.cmd->lun); -+ SCSIRequest *r, *next; -+ DeviceState *qdev; -+ int target; -+ -+ switch (req->req.tmf->subtype) { -+ case VIRTIO_SCSI_T_TMF_ABORT_TASK: -+ case VIRTIO_SCSI_T_TMF_QUERY_TASK: -+ d = virtio_scsi_device_find(s, req->req.cmd->lun); -+ if (!d) { -+ goto fail; -+ } -+ if (d->lun != virtio_scsi_get_lun(req->req.cmd->lun)) { -+ req->resp.tmf->response = VIRTIO_SCSI_S_INCORRECT_LUN; -+ break; -+ } -+ QTAILQ_FOREACH_SAFE(r, &d->requests, next, next) { -+ if (r->tag == req->req.cmd->tag) { -+ break; -+ } -+ } -+ if (r && r->hba_private) { -+ if (req->req.tmf->subtype == VIRTIO_SCSI_T_TMF_ABORT_TASK) { -+ scsi_req_cancel(r); -+ } -+ req->resp.tmf->response = VIRTIO_SCSI_S_FUNCTION_SUCCEEDED; -+ } else { -+ req->resp.tmf->response = VIRTIO_SCSI_S_OK; -+ } -+ break; -+ -+ case VIRTIO_SCSI_T_TMF_LOGICAL_UNIT_RESET: -+ d = virtio_scsi_device_find(s, req->req.cmd->lun); -+ if (!d) { -+ goto fail; -+ } -+ if (d->lun == virtio_scsi_get_lun(req->req.cmd->lun)) { -+ s->resetting++; -+ qdev_reset_all(&d->qdev); -+ s->resetting--; -+ } -+ break; -+ -+ case VIRTIO_SCSI_T_TMF_ABORT_TASK_SET: -+ case VIRTIO_SCSI_T_TMF_CLEAR_TASK_SET: -+ case VIRTIO_SCSI_T_TMF_QUERY_TASK_SET: -+ d = virtio_scsi_device_find(s, req->req.cmd->lun); -+ if (!d) { -+ goto fail; -+ } -+ if (d->lun != virtio_scsi_get_lun(req->req.cmd->lun)) { -+ req->resp.tmf->response = VIRTIO_SCSI_S_INCORRECT_LUN; -+ break; -+ } -+ req->resp.tmf->response = VIRTIO_SCSI_S_OK; -+ QTAILQ_FOREACH_SAFE(r, &d->requests, next, next) { -+ if (r->hba_private) { -+ if (req->req.tmf->subtype != VIRTIO_SCSI_T_TMF_QUERY_TASK) { -+ scsi_req_cancel(r); -+ } -+ req->resp.tmf->response = VIRTIO_SCSI_S_FUNCTION_SUCCEEDED; -+ } -+ } -+ break; -+ -+ case VIRTIO_SCSI_T_TMF_I_T_NEXUS_RESET: -+ target = req->req.cmd->lun[1]; -+ s->resetting++; -+ QTAILQ_FOREACH(qdev, &s->bus.qbus.children, sibling) { -+ d = DO_UPCAST(SCSIDevice, qdev, qdev); -+ if (d->channel == 0 && d->id == target) { -+ qdev_reset_all(&d->qdev); -+ } -+ } -+ s->resetting--; -+ break; -+ -+ case VIRTIO_SCSI_T_TMF_CLEAR_ACA: -+ default: -+ req->resp.tmf->response = VIRTIO_SCSI_S_FUNCTION_REJECTED; -+ break; -+ } -+ -+ return; -+ -+fail: -+ req->resp.tmf->response = VIRTIO_SCSI_S_BAD_TARGET; -+} -+ -+static void virtio_scsi_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq) -+{ -+ VirtIOSCSI *s = (VirtIOSCSI *)vdev; -+ VirtIOSCSIReq *req; -+ -+ while ((req = virtio_scsi_pop_req(s, vq))) { -+ int out_size, in_size; -+ if (req->elem.out_num < 1 || req->elem.in_num < 1) { -+ virtio_scsi_bad_req(); -+ continue; -+ } -+ -+ out_size = req->elem.out_sg[0].iov_len; -+ in_size = req->elem.in_sg[0].iov_len; -+ if (req->req.tmf->type == VIRTIO_SCSI_T_TMF) { -+ if (out_size < sizeof(VirtIOSCSICtrlTMFReq) || -+ in_size < sizeof(VirtIOSCSICtrlTMFResp)) { -+ virtio_scsi_bad_req(); -+ } -+ virtio_scsi_do_tmf(s, req); -+ -+ } else if (req->req.tmf->type == VIRTIO_SCSI_T_AN_QUERY || -+ req->req.tmf->type == VIRTIO_SCSI_T_AN_SUBSCRIBE) { -+ if (out_size < sizeof(VirtIOSCSICtrlANReq) || -+ in_size < sizeof(VirtIOSCSICtrlANResp)) { -+ virtio_scsi_bad_req(); -+ } -+ req->resp.an->event_actual = 0; -+ req->resp.an->response = VIRTIO_SCSI_S_OK; -+ } -+ virtio_scsi_complete_req(req); -+ } -+} -+ -+static void virtio_scsi_command_complete(SCSIRequest *r, uint32_t status, -+ int32_t resid) -+{ -+ VirtIOSCSIReq *req = r->hba_private; -+ -+ req->resp.cmd->response = VIRTIO_SCSI_S_OK; -+ req->resp.cmd->status = status; -+ if (req->resp.cmd->status == GOOD) { -+ req->resp.cmd->resid = resid; -+ } else { -+ req->resp.cmd->resid = 0; -+ scsi_req_get_sense(r, req->resp.cmd->sense, VIRTIO_SCSI_SENSE_SIZE); -+ } -+ virtio_scsi_complete_req(req); -+} -+ -+static QEMUSGList *virtio_scsi_get_sg_list(SCSIRequest *r) -+{ -+ VirtIOSCSIReq *req = r->hba_private; -+ -+ return &req->qsgl; -+} -+ -+static void virtio_scsi_request_cancelled(SCSIRequest *r) -+{ -+ VirtIOSCSIReq *req = r->hba_private; -+ -+ if (!req) { -+ return; -+ } -+ if (req->dev->resetting) { -+ req->resp.cmd->response = VIRTIO_SCSI_S_RESET; -+ } else { -+ req->resp.cmd->response = VIRTIO_SCSI_S_ABORTED; -+ } -+ virtio_scsi_complete_req(req); -+} -+ -+static void virtio_scsi_fail_cmd_req(VirtIOSCSIReq *req) -+{ -+ req->resp.cmd->response = VIRTIO_SCSI_S_FAILURE; -+ virtio_scsi_complete_req(req); -+} -+ -+static void virtio_scsi_handle_cmd(VirtIODevice *vdev, VirtQueue *vq) -+{ -+ VirtIOSCSI *s = (VirtIOSCSI *)vdev; -+ VirtIOSCSIReq *req; -+ int n; -+ -+ while ((req = virtio_scsi_pop_req(s, vq))) { -+ SCSIDevice *d; -+ int out_size, in_size; -+ if (req->elem.out_num < 1 || req->elem.in_num < 1) { -+ virtio_scsi_bad_req(); -+ } -+ -+ out_size = req->elem.out_sg[0].iov_len; -+ in_size = req->elem.in_sg[0].iov_len; -+ if (out_size < sizeof(VirtIOSCSICmdReq) + s->cdb_size || -+ in_size < sizeof(VirtIOSCSICmdResp) + s->sense_size) { -+ virtio_scsi_bad_req(); -+ } -+ -+ if (req->elem.out_num > 1 && req->elem.in_num > 1) { -+ virtio_scsi_fail_cmd_req(req); -+ continue; -+ } -+ -+ d = virtio_scsi_device_find(s, req->req.cmd->lun); -+ if (!d) { -+ req->resp.cmd->response = VIRTIO_SCSI_S_BAD_TARGET; -+ virtio_scsi_complete_req(req); -+ continue; -+ } -+ req->sreq = scsi_req_new(d, req->req.cmd->tag, -+ virtio_scsi_get_lun(req->req.cmd->lun), -+ req->req.cmd->cdb, req); -+ -+ if (req->sreq->cmd.mode != SCSI_XFER_NONE) { -+ int req_mode = -+ (req->elem.in_num > 1 ? SCSI_XFER_FROM_DEV : SCSI_XFER_TO_DEV); -+ -+ if (req->sreq->cmd.mode != req_mode || -+ req->sreq->cmd.xfer > req->qsgl.size) { -+ req->resp.cmd->response = VIRTIO_SCSI_S_OVERRUN; -+ virtio_scsi_complete_req(req); -+ continue; -+ } -+ } -+ -+ n = scsi_req_enqueue(req->sreq); -+ if (n) { -+ scsi_req_continue(req->sreq); -+ } -+ } -+} -+ -+static void virtio_scsi_get_config(VirtIODevice *vdev, -+ uint8_t *config) -+{ -+ VirtIOSCSIConfig *scsiconf = (VirtIOSCSIConfig *)config; -+ VirtIOSCSI *s = (VirtIOSCSI *)vdev; -+ -+ stl_raw(&scsiconf->num_queues, s->conf->num_queues); -+ stl_raw(&scsiconf->seg_max, 128 - 2); -+ stl_raw(&scsiconf->max_sectors, s->conf->max_sectors); -+ stl_raw(&scsiconf->cmd_per_lun, s->conf->cmd_per_lun); -+ stl_raw(&scsiconf->event_info_size, sizeof(VirtIOSCSIEvent)); -+ stl_raw(&scsiconf->sense_size, s->sense_size); -+ stl_raw(&scsiconf->cdb_size, s->cdb_size); -+ stl_raw(&scsiconf->max_channel, VIRTIO_SCSI_MAX_CHANNEL); -+ stl_raw(&scsiconf->max_target, VIRTIO_SCSI_MAX_TARGET); -+ stl_raw(&scsiconf->max_lun, VIRTIO_SCSI_MAX_LUN); -+} -+ -+static void virtio_scsi_set_config(VirtIODevice *vdev, -+ const uint8_t *config) -+{ -+ VirtIOSCSIConfig *scsiconf = (VirtIOSCSIConfig *)config; -+ VirtIOSCSI *s = (VirtIOSCSI *)vdev; -+ -+ if ((uint32_t) ldl_raw(&scsiconf->sense_size) >= 65536 || -+ (uint32_t) ldl_raw(&scsiconf->cdb_size) >= 256) { -+ error_report("bad data written to virtio-scsi configuration space"); -+ exit(1); -+ } -+ -+ s->sense_size = ldl_raw(&scsiconf->sense_size); -+ s->cdb_size = ldl_raw(&scsiconf->cdb_size); -+} -+ -+static uint32_t virtio_scsi_get_features(VirtIODevice *vdev, -+ uint32_t requested_features) -+{ -+ return requested_features; -+} -+ -+static void virtio_scsi_reset(VirtIODevice *vdev) -+{ -+ VirtIOSCSI *s = (VirtIOSCSI *)vdev; -+ -+ s->sense_size = VIRTIO_SCSI_SENSE_SIZE; -+ s->cdb_size = VIRTIO_SCSI_CDB_SIZE; -+} -+ -+/* The device does not have anything to save beyond the virtio data. -+ * Request data is saved with callbacks from SCSI devices. -+ */ -+static void virtio_scsi_save(QEMUFile *f, void *opaque) -+{ -+ VirtIOSCSI *s = opaque; -+ virtio_save(&s->vdev, f); -+} -+ -+static int virtio_scsi_load(QEMUFile *f, void *opaque, int version_id) -+{ -+ VirtIOSCSI *s = opaque; -+ virtio_load(&s->vdev, f); -+ return 0; -+} -+ -+static struct SCSIBusInfo virtio_scsi_scsi_info = { -+ .tcq = true, -+ .max_channel = VIRTIO_SCSI_MAX_CHANNEL, -+ .max_target = VIRTIO_SCSI_MAX_TARGET, -+ .max_lun = VIRTIO_SCSI_MAX_LUN, -+ -+ .complete = virtio_scsi_command_complete, -+ .cancel = virtio_scsi_request_cancelled, -+ .get_sg_list = virtio_scsi_get_sg_list, -+ .save_request = virtio_scsi_save_request, -+ .load_request = virtio_scsi_load_request, -+}; -+ -+VirtIODevice *virtio_scsi_init(DeviceState *dev, VirtIOSCSIConf *proxyconf) -+{ -+ VirtIOSCSI *s; -+ static int virtio_scsi_id; -+ -+ s = (VirtIOSCSI *)virtio_common_init("virtio-scsi", VIRTIO_ID_SCSI, -+ sizeof(VirtIOSCSIConfig), -+ sizeof(VirtIOSCSI)); -+ -+ s->qdev = dev; -+ s->conf = proxyconf; -+ -+ /* TODO set up vdev function pointers */ -+ s->vdev.get_config = virtio_scsi_get_config; -+ s->vdev.set_config = virtio_scsi_set_config; -+ s->vdev.get_features = virtio_scsi_get_features; -+ s->vdev.reset = virtio_scsi_reset; -+ -+ s->ctrl_vq = virtio_add_queue(&s->vdev, VIRTIO_SCSI_VQ_SIZE, -+ virtio_scsi_handle_ctrl); -+ s->event_vq = virtio_add_queue(&s->vdev, VIRTIO_SCSI_VQ_SIZE, -+ NULL); -+ s->cmd_vq = virtio_add_queue(&s->vdev, VIRTIO_SCSI_VQ_SIZE, -+ virtio_scsi_handle_cmd); -+ -+ scsi_bus_new(&s->bus, dev, &virtio_scsi_scsi_info); -+ if (!dev->hotplugged) { -+ scsi_bus_legacy_handle_cmdline(&s->bus); -+ } -+ -+ register_savevm(dev, "virtio-scsi", virtio_scsi_id++, 1, -+ virtio_scsi_save, virtio_scsi_load, s); -+ -+ return &s->vdev; -+} -+ -+void virtio_scsi_exit(VirtIODevice *vdev) -+{ -+ virtio_cleanup(vdev); -+} -diff -ruNp qemu-kvm-1.0/hw/virtio-scsi.h qemu-kvm-1.0.virtio-scsi/hw/virtio-scsi.h ---- qemu-kvm-1.0/hw/virtio-scsi.h 1969-12-31 18:00:00.000000000 -0600 -+++ qemu-kvm-1.0.virtio-scsi/hw/virtio-scsi.h 2012-02-07 14:44:53.432905379 -0600 -@@ -0,0 +1,36 @@ -+/* -+ * Virtio SCSI HBA -+ * -+ * Copyright IBM, Corp. 2010 -+ * -+ * Authors: -+ * Stefan Hajnoczi -+ * -+ * This work is licensed under the terms of the GNU GPL, version 2. See -+ * the COPYING file in the top-level directory. -+ * -+ */ -+ -+#ifndef _QEMU_VIRTIO_SCSI_H -+#define _QEMU_VIRTIO_SCSI_H -+ -+#include "virtio.h" -+#include "net.h" -+#include "pci.h" -+ -+/* The ID for virtio_scsi */ -+#define VIRTIO_ID_SCSI 8 -+ -+struct VirtIOSCSIConf { -+ uint32_t num_queues; -+ uint32_t max_sectors; -+ uint32_t cmd_per_lun; -+}; -+ -+#define DEFINE_VIRTIO_SCSI_PROPERTIES(_state, _features_field, _conf_field) \ -+ DEFINE_VIRTIO_COMMON_FEATURES(_state, _features_field), \ -+ DEFINE_PROP_UINT32("num_queues", _state, _conf_field.num_queues, 1), \ -+ DEFINE_PROP_UINT32("max_sectors", _state, _conf_field.max_sectors, 0xFFFF), \ -+ DEFINE_PROP_UINT32("cmd_per_lun", _state, _conf_field.cmd_per_lun, 128) -+ -+#endif /* _QEMU_VIRTIO_SCSI_H */ -diff -ruNp qemu-kvm-1.0/Makefile.target qemu-kvm-1.0.virtio-scsi/Makefile.target ---- qemu-kvm-1.0/Makefile.target 2012-02-07 14:44:04.965124855 -0600 -+++ qemu-kvm-1.0.virtio-scsi/Makefile.target 2012-02-07 14:44:53.126900450 -0600 -@@ -205,6 +205,7 @@ obj-y = arch_init.o cpus.o monitor.o mac - obj-$(CONFIG_NO_PCI) += pci-stub.o - obj-$(CONFIG_PCI) += pci.o - obj-$(CONFIG_VIRTIO) += virtio.o virtio-blk.o virtio-balloon.o virtio-net.o virtio-serial-bus.o -+obj-$(CONFIG_VIRTIO_SCSI) += virtio-scsi.o - obj-y += vhost_net.o - obj-$(CONFIG_VHOST_NET) += vhost.o - obj-$(CONFIG_REALLY_VIRTFS) += 9pfs/virtio-9p-device.o diff --git a/virtio-blk_refuse_SG_IO_requests_with_scsi_off.patch b/virtio-blk_refuse_SG_IO_requests_with_scsi_off.patch deleted file mode 100644 index 277e740..0000000 --- a/virtio-blk_refuse_SG_IO_requests_with_scsi_off.patch +++ /dev/null @@ -1,111 +0,0 @@ -From qemu-stable-bounces+jmforbes=linuxtx.org@nongnu.org Wed Jan 11 03:51:20 2012 -Return-Path: -Received: from citysiren.linuxtx.org (localhost [127.0.0.1]) - by citysiren.linuxtx.org (8.14.4/8.14.4) with ESMTP id q0B9pIjw017454 - for ; Wed, 11 Jan 2012 03:51:20 -0600 -Delivered-To: jmforbes@linuxtx.org -Received: from gmail-pop.l.google.com [74.125.81.108] - by citysiren.linuxtx.org with POP3 (fetchmail-6.3.20) - for (single-drop); Wed, 11 Jan 2012 03:51:20 -0600 (CST) -Received: by 10.180.102.100 with SMTP id fn4cs34060wib; - Wed, 11 Jan 2012 01:48:56 -0800 (PST) -Received: by 10.224.182.2 with SMTP id ca2mr28967033qab.57.1326275334564; - Wed, 11 Jan 2012 01:48:54 -0800 (PST) -Received: from lists.gnu.org (lists.gnu.org. [140.186.70.17]) - by mx.google.com with ESMTPS id gc3si782557qab.44.2012.01.11.01.48.54 - (version=TLSv1/SSLv3 cipher=OTHER); - Wed, 11 Jan 2012 01:48:54 -0800 (PST) -Received-SPF: pass (google.com: domain of qemu-stable-bounces+jmforbes=linuxtx.org@nongnu.org designates 140.186.70.17 as permitted sender) client-ip=140.186.70.17; -Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-stable-bounces+jmforbes=linuxtx.org@nongnu.org designates 140.186.70.17 as permitted sender) smtp.mail=qemu-stable-bounces+jmforbes=linuxtx.org@nongnu.org -Received: from localhost ([::1]:48473 helo=lists.gnu.org) - by lists.gnu.org with esmtp (Exim 4.71) - (envelope-from ) - id 1Rkund-0003iT-UQ - for jmforbes@linuxtx.org; Wed, 11 Jan 2012 04:48:53 -0500 -Received: from eggs.gnu.org ([140.186.70.92]:40037) - by lists.gnu.org with esmtp (Exim 4.71) - (envelope-from ) id 1RkunV-0003fY-Vl - for qemu-stable@nongnu.org; Wed, 11 Jan 2012 04:48:53 -0500 -Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) - (envelope-from ) id 1RkunQ-0004zL-Nl - for qemu-stable@nongnu.org; Wed, 11 Jan 2012 04:48:45 -0500 -Received: from mx1.redhat.com ([209.132.183.28]:23781) - by eggs.gnu.org with esmtp (Exim 4.71) - (envelope-from ) id 1RkunQ-0004vY-3c - for qemu-stable@nongnu.org; Wed, 11 Jan 2012 04:48:40 -0500 -Received: from int-mx11.intmail.prod.int.phx2.redhat.com - (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) - by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id q0B9mcYI005348 - (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) - for ; Wed, 11 Jan 2012 04:48:38 -0500 -Received: from yakj.usersys.redhat.com (ovpn-112-23.ams2.redhat.com - [10.36.112.23]) - by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP - id q0B9magG031084 - for ; Wed, 11 Jan 2012 04:48:37 -0500 -From: Paolo Bonzini -To: qemu-stable@nongnu.org -Date: Wed, 11 Jan 2012 10:48:33 +0100 -Message-Id: <1326275313-15635-1-git-send-email-pbonzini@redhat.com> -X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 -X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) -X-Received-From: 209.132.183.28 -Subject: [Qemu-stable] [PATCH] virtio-blk: refuse SG_IO requests with - scsi=off -X-BeenThere: qemu-stable@nongnu.org -X-Mailman-Version: 2.1.14 -Precedence: list -List-Id: -List-Unsubscribe: , - -List-Archive: -List-Post: -List-Help: -List-Subscribe: , - -Errors-To: qemu-stable-bounces+jmforbes=linuxtx.org@nongnu.org -Sender: qemu-stable-bounces+jmforbes=linuxtx.org@nongnu.org -X-UID: 32 -Status: RO -Content-Length: 1003 -Lines: 38 - -QEMU does have a "scsi" option (to be used like -device -virtio-blk-pci,drive=foo,scsi=off). However, it only -masks the feature bit, and does not reject the command -if a malicious guest disregards the feature bits and -issues a request. - -Without this patch, using scsi=off does not protect you -from CVE-2011-4127. - -Signed-off-by: Paolo Bonzini ---- - hw/virtio-blk.c | 6 ++++++ - 1 files changed, 6 insertions(+), 0 deletions(-) - -diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c -index b70d116..6cd3164 100644 ---- a/hw/virtio-blk.c -+++ b/hw/virtio-blk.c -@@ -153,6 +153,12 @@ static void virtio_blk_handle_scsi(VirtIOBlockReq *req) - int status; - int i; - -+ if ((req->dev->vdev.guest_features & (1 << VIRTIO_BLK_F_SCSI)) == 0) { -+ virtio_blk_req_complete(req, VIRTIO_BLK_S_UNSUPP); -+ g_free(req); -+ return; -+ } -+ - /* - * We require at least one output segment each for the virtio_blk_outhdr - * and the SCSI command block. --- -1.7.7.1 - - - - - -