diff --git a/0029-fdc-Fix-floppy-port-I-O.patch b/0029-fdc-Fix-floppy-port-I-O.patch new file mode 100644 index 0000000..3b71243 --- /dev/null +++ b/0029-fdc-Fix-floppy-port-I-O.patch @@ -0,0 +1,38 @@ +From 8175ec8e0fee5f110d91209096e77159ad6404f7 Mon Sep 17 00:00:00 2001 +From: Kevin Wolf +Date: Tue, 18 Oct 2011 16:41:45 +0200 +Subject: [PATCH 1/2] fdc: Fix floppy port I/O + +The floppy device was broken by commit 212ec7ba (fdc: Convert to +isa_register_portio_list). While the old interface provided the port number +relative to the floppy drive's io_base, the new one provides the real port +number, so we need to apply a bitmask now to get the register number. + +Signed-off-by: Kevin Wolf +--- + hw/fdc.c | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +diff --git a/hw/fdc.c b/hw/fdc.c +index 9fdbc75..ec99c78 100644 +--- a/hw/fdc.c ++++ b/hw/fdc.c +@@ -433,6 +433,7 @@ static uint32_t fdctrl_read (void *opaque, uint32_t reg) + FDCtrl *fdctrl = opaque; + uint32_t retval; + ++ reg &= 7; + switch (reg) { + case FD_REG_SRA: + retval = fdctrl_read_statusA(fdctrl); +@@ -470,6 +471,7 @@ static void fdctrl_write (void *opaque, uint32_t reg, uint32_t value) + + FLOPPY_DPRINTF("write reg%d: 0x%02x\n", reg & 7, value); + ++ reg &= 7; + switch (reg) { + case FD_REG_DOR: + fdctrl_write_dor(fdctrl, value); +-- +1.7.7.5 + diff --git a/0030-dma-Avoid-reentrancy-in-DMA-transfer-handlers.patch b/0030-dma-Avoid-reentrancy-in-DMA-transfer-handlers.patch new file mode 100644 index 0000000..c29e8e7 --- /dev/null +++ b/0030-dma-Avoid-reentrancy-in-DMA-transfer-handlers.patch @@ -0,0 +1,52 @@ +From 86f1e4e2f57af82aae0944ed704ab91dc36fc9b7 Mon Sep 17 00:00:00 2001 +From: Kevin Wolf +Date: Fri, 28 Oct 2011 05:28:13 -0400 +Subject: [PATCH 2/2] dma: Avoid reentrancy in DMA transfer handlers + +With the conversion of the block layer to coroutines, bdrv_read/write +have changed to run a nested event loop that calls qemu_bh_poll. +Consequently a scheduled BH can be called while a DMA transfer handler +runs and this means that DMA_run becomes reentrant. + +Devices haven't been designed to cope with that, so instead of running a +nested transfer handler just wait for the next invocation of the BH from the +main loop. + +This fixes some problems with the floppy device. + +Signed-off-by: Kevin Wolf +--- + hw/dma.c | 10 ++++++++++ + 1 files changed, 10 insertions(+), 0 deletions(-) + +diff --git a/hw/dma.c b/hw/dma.c +index 8a7302a..0a9322d 100644 +--- a/hw/dma.c ++++ b/hw/dma.c +@@ -358,6 +358,14 @@ static void DMA_run (void) + struct dma_cont *d; + int icont, ichan; + int rearm = 0; ++ static int running = 0; ++ ++ if (running) { ++ rearm = 1; ++ goto out; ++ } else { ++ running = 1; ++ } + + d = dma_controllers; + +@@ -374,6 +382,8 @@ static void DMA_run (void) + } + } + ++ running = 0; ++out: + if (rearm) + qemu_bh_schedule_idle(dma_bh); + } +-- +1.7.7.5 + diff --git a/0031-pc-Fix-floppy-drives-with-if-none.patch b/0031-pc-Fix-floppy-drives-with-if-none.patch new file mode 100644 index 0000000..97cca2c --- /dev/null +++ b/0031-pc-Fix-floppy-drives-with-if-none.patch @@ -0,0 +1,195 @@ +From a6b957c3dbc67e674f457d6c9738076f47ad8bd9 Mon Sep 17 00:00:00 2001 +From: Kevin Wolf +Date: Thu, 20 Oct 2011 16:37:26 +0200 +Subject: [PATCH] pc: Fix floppy drives with if=none + +Commit 63ffb564 broke floppy devices specified on the command line like +-drive file=...,if=none,id=floppy -global isa-fdc.driveA=floppy because it +relies on drive_get() which works only with -fda/-drive if=floppy. + +This patch resembles what we're already doing for IDE, i.e. remember the floppy +device that was created and use that to extract the BlockDriverStates where +needed. + +Signed-off-by: Kevin Wolf +Reviewed-by: Markus Armbruster +--- + hw/fdc.c | 12 ++++++++++++ + hw/fdc.h | 9 +++++++-- + hw/pc.c | 25 ++++++++++++++----------- + hw/pc.h | 3 ++- + hw/pc_piix.c | 5 +++-- + 5 files changed, 38 insertions(+), 16 deletions(-) + +diff --git a/hw/fdc.c b/hw/fdc.c +index ec99c78..4bd6abf 100644 +--- a/hw/fdc.c ++++ b/hw/fdc.c +@@ -1913,6 +1913,18 @@ static int sun4m_fdc_init1(SysBusDevice *dev) + return fdctrl_init_common(fdctrl); + } + ++void fdc_get_bs(BlockDriverState *bs[], ISADevice *dev) ++{ ++ FDCtrlISABus *isa = DO_UPCAST(FDCtrlISABus, busdev, dev); ++ FDCtrl *fdctrl = &isa->state; ++ int i; ++ ++ for (i = 0; i < MAX_FD; i++) { ++ bs[i] = fdctrl->drives[i].bs; ++ } ++} ++ ++ + static const VMStateDescription vmstate_isa_fdc ={ + .name = "fdc", + .version_id = 2, +diff --git a/hw/fdc.h b/hw/fdc.h +index 09f73c6..506feb6 100644 +--- a/hw/fdc.h ++++ b/hw/fdc.h +@@ -7,14 +7,15 @@ + /* fdc.c */ + #define MAX_FD 2 + +-static inline void fdctrl_init_isa(DriveInfo **fds) ++static inline ISADevice *fdctrl_init_isa(DriveInfo **fds) + { + ISADevice *dev; + + dev = isa_try_create("isa-fdc"); + if (!dev) { +- return; ++ return NULL; + } ++ + if (fds[0]) { + qdev_prop_set_drive_nofail(&dev->qdev, "driveA", fds[0]->bdrv); + } +@@ -22,10 +23,14 @@ static inline void fdctrl_init_isa(DriveInfo **fds) + qdev_prop_set_drive_nofail(&dev->qdev, "driveB", fds[1]->bdrv); + } + qdev_init_nofail(&dev->qdev); ++ ++ return dev; + } + + void fdctrl_init_sysbus(qemu_irq irq, int dma_chann, + target_phys_addr_t mmio_base, DriveInfo **fds); + void sun4m_fdctrl_init(qemu_irq irq, target_phys_addr_t io_base, + DriveInfo **fds, qemu_irq *fdc_tc); ++void fdc_get_bs(BlockDriverState *bs[], ISADevice *dev); ++ + #endif +diff --git a/hw/pc.c b/hw/pc.c +index a3e8539..4903803 100644 +--- a/hw/pc.c ++++ b/hw/pc.c +@@ -333,12 +333,12 @@ static void pc_cmos_init_late(void *opaque) + + void pc_cmos_init(ram_addr_t ram_size, ram_addr_t above_4g_mem_size, + const char *boot_device, +- BusState *idebus0, BusState *idebus1, ++ ISADevice *floppy, BusState *idebus0, BusState *idebus1, + ISADevice *s) + { + int val, nb, nb_heads, max_track, last_sect, i; + FDriveType fd_type[2]; +- DriveInfo *fd[2]; ++ BlockDriverState *fd[MAX_FD]; + static pc_cmos_init_late_arg arg; + + /* various important CMOS locations needed by PC/Bochs bios */ +@@ -380,14 +380,16 @@ void pc_cmos_init(ram_addr_t ram_size, ram_addr_t above_4g_mem_size, + } + + /* floppy type */ +- for (i = 0; i < 2; i++) { +- fd[i] = drive_get(IF_FLOPPY, 0, i); +- if (fd[i] && bdrv_is_inserted(fd[i]->bdrv)) { +- bdrv_get_floppy_geometry_hint(fd[i]->bdrv, &nb_heads, &max_track, +- &last_sect, FDRIVE_DRV_NONE, +- &fd_type[i]); +- } else { +- fd_type[i] = FDRIVE_DRV_NONE; ++ if (floppy) { ++ fdc_get_bs(fd, floppy); ++ for (i = 0; i < 2; i++) { ++ if (fd[i] && bdrv_is_inserted(fd[i])) { ++ bdrv_get_floppy_geometry_hint(fd[i], &nb_heads, &max_track, ++ &last_sect, FDRIVE_DRV_NONE, ++ &fd_type[i]); ++ } else { ++ fd_type[i] = FDRIVE_DRV_NONE; ++ } + } + } + val = (cmos_get_fd_drive_type(fd_type[0]) << 4) | +@@ -1092,6 +1094,7 @@ static void cpu_request_exit(void *opaque, int irq, int level) + + void pc_basic_device_init(qemu_irq *isa_irq, + ISADevice **rtc_state, ++ ISADevice **floppy, + bool no_vmport) + { + int i; +@@ -1156,7 +1159,7 @@ void pc_basic_device_init(qemu_irq *isa_irq, + for(i = 0; i < MAX_FD; i++) { + fd[i] = drive_get(IF_FLOPPY, 0, i); + } +- fdctrl_init_isa(fd); ++ *floppy = fdctrl_init_isa(fd); + } + + void pc_pci_device_init(PCIBus *pci_bus) +diff --git a/hw/pc.h b/hw/pc.h +index 6d5730b..24b7fe2 100644 +--- a/hw/pc.h ++++ b/hw/pc.h +@@ -138,11 +138,12 @@ qemu_irq *pc_allocate_cpu_irq(void); + void pc_vga_init(PCIBus *pci_bus); + void pc_basic_device_init(qemu_irq *isa_irq, + ISADevice **rtc_state, ++ ISADevice **floppy, + bool no_vmport); + void pc_init_ne2k_isa(NICInfo *nd); + void pc_cmos_init(ram_addr_t ram_size, ram_addr_t above_4g_mem_size, + const char *boot_device, +- BusState *ide0, BusState *ide1, ++ ISADevice *floppy, BusState *ide0, BusState *ide1, + ISADevice *s); + void pc_pci_device_init(PCIBus *pci_bus); + +diff --git a/hw/pc_piix.c b/hw/pc_piix.c +index c5c16b4..a634860 100644 +--- a/hw/pc_piix.c ++++ b/hw/pc_piix.c +@@ -89,6 +89,7 @@ static void pc_init1(ram_addr_t ram_size, + DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS]; + BusState *idebus[MAX_IDE_BUS]; + ISADevice *rtc_state; ++ ISADevice *floppy; + + global_cpu_model = cpu_model; + +@@ -141,7 +142,7 @@ static void pc_init1(ram_addr_t ram_size, + } + + /* init basic PC hardware */ +- pc_basic_device_init(isa_irq, &rtc_state, xen_enabled()); ++ pc_basic_device_init(isa_irq, &rtc_state, &floppy, xen_enabled()); + + for(i = 0; i < nb_nics; i++) { + NICInfo *nd = &nd_table[i]; +@@ -170,7 +171,7 @@ static void pc_init1(ram_addr_t ram_size, + audio_init(isa_irq, pci_enabled ? pci_bus : NULL); + + pc_cmos_init(below_4g_mem_size, above_4g_mem_size, boot_device, +- idebus[0], idebus[1], rtc_state); ++ floppy, idebus[0], idebus[1], rtc_state); + + if (pci_enabled && usb_enabled) { + usb_uhci_piix3_init(pci_bus, piix3_devfn + 2); +-- +1.7.7.5 + diff --git a/0101-usb-hub-dont_trigger_assert_on_packet_completion.patch b/0101-usb-hub-dont_trigger_assert_on_packet_completion.patch new file mode 100644 index 0000000..6d70092 --- /dev/null +++ b/0101-usb-hub-dont_trigger_assert_on_packet_completion.patch @@ -0,0 +1,21 @@ +diff --git a/hw/usb-hub.c b/hw/usb-hub.c +index b49a2fe..6278825 100644 +--- a/hw/usb-hub.c ++++ b/hw/usb-hub.c +@@ -207,10 +207,14 @@ static void usb_hub_complete(USBPort *port, USBPacket *packet) + /* + * Just pass it along upstream for now. + * +- * If we ever inplement usb 2.0 split transactions this will ++ * If we ever implement usb 2.0 split transactions this will + * become a little more complicated ... ++ * ++ * Can't use usb_packet_complete() here because packet->owner is ++ * cleared already, go call the ->complete() callback directly ++ * instead. + */ +- usb_packet_complete(&s->dev, packet); ++ s->dev.port->ops->complete(s->dev.port, packet); + } + + static void usb_hub_handle_attach(USBDevice *dev) diff --git a/qemu.spec b/qemu.spec index 4118598..6224bfe 100644 --- a/qemu.spec +++ b/qemu.spec @@ -1,7 +1,7 @@ Summary: QEMU is a FAST! processor emulator Name: qemu Version: 0.15.1 -Release: 3%{?dist} +Release: 4%{?dist} # Epoch because we pushed a qemu-1.0 package Epoch: 2 License: GPLv2+ and LGPLv2+ and BSD @@ -70,12 +70,19 @@ Patch25: 0025-spice-qemu-char-Generate-chardev-open-close-events.patch Patch26: 0026-usb-redir-Call-qemu_chr_guest_open-close.patch Patch27: 0027-usb-redir-Device-disconnect-re-connect-robustness-fi.patch Patch28: 0028-usb-redir-Don-t-try-to-write-to-the-chardev-after-a-.patch +Patch29: 0029-fdc-Fix-floppy-port-I-O.patch +Patch30: 0030-dma-Avoid-reentrancy-in-DMA-transfer-handlers.patch +Patch31: 0031-pc-Fix-floppy-drives-with-if-none.patch + # Allow -machine parameter to be used without specifying a machine type. # Upstream in qemu but apparently not in qemu-kvm yet. # qemu commit 2645c6dcaf6ea2a51a3b6dfa407dd203004e4d11 Patch100: qemu-Allow-to-leave-type-on-default-in-machine.patch +# Upstream patches from 1.0 +Patch101: 0101-usb-hub-dont_trigger_assert_on_packet_completion.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: SDL-devel zlib-devel which texi2html gnutls-devel cyrus-sasl-devel BuildRequires: libaio-devel @@ -322,8 +329,12 @@ such as kvm_stat. %patch26 -p1 %patch27 -p1 %patch28 -p1 +%patch29 -p1 +%patch30 -p1 +%patch31 -p1 %patch100 -p1 +%patch101 -p1 %build # By default we build everything, but allow x86 to build a minimal version @@ -704,6 +715,13 @@ fi %{_mandir}/man1/qemu-img.1* %changelog +* Mon Jan 30 2012 Justin M. Forbes - 2:0.15.1-4 +- Add vhost-net to kvm.modules +- Fix USB passthrough assert on packet completion (#769625) +- +* Thu Jan 5 2012 Christophe Fergeau - 2:0.15.1-3.1 +- Backport patches from qemu 1.0 to fix floppy drives (#753863) + * Fri Nov 18 2011 Justin M. Forbes - 2:0.15.1-3 - Enable support for fedora-13 machine type (#748218) - don't force ksm enable on updates (#754946)