diff options
Diffstat (limited to 'hw')
| -rw-r--r-- | hw/block/dataplane/virtio-blk.c | 9 | ||||
| -rw-r--r-- | hw/block/xen_disk.c | 13 | ||||
| -rw-r--r-- | hw/bt/core.c | 23 | ||||
| -rw-r--r-- | hw/bt/hci.c | 48 | ||||
| -rw-r--r-- | hw/i386/pc_piix.c | 18 | ||||
| -rw-r--r-- | hw/i386/pc_q35.c | 20 | ||||
| -rw-r--r-- | hw/net/e1000.c | 131 | ||||
| -rw-r--r-- | hw/net/ne2000.c | 2 | ||||
| -rw-r--r-- | hw/net/vmxnet3.h | 2 | ||||
| -rw-r--r-- | hw/pci/pci.c | 2 | ||||
| -rw-r--r-- | hw/usb/Makefile.objs | 3 | ||||
| -rw-r--r-- | hw/usb/bus.c | 4 | ||||
| -rw-r--r-- | hw/usb/dev-bluetooth.c | 10 | ||||
| -rw-r--r-- | hw/usb/hcd-ehci.c | 7 | ||||
| -rw-r--r-- | hw/usb/hcd-ehci.h | 1 |
15 files changed, 267 insertions, 26 deletions
diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c index 5a96ccd416..f2d7350a50 100644 --- a/hw/block/dataplane/virtio-blk.c +++ b/hw/block/dataplane/virtio-blk.c @@ -42,6 +42,7 @@ typedef struct { struct VirtIOBlockDataPlane { bool started; + bool starting; bool stopping; QEMUBH *start_bh; QemuThread thread; @@ -451,8 +452,15 @@ void virtio_blk_data_plane_start(VirtIOBlockDataPlane *s) return; } + if (s->starting) { + return; + } + + s->starting = true; + vq = virtio_get_queue(s->vdev, 0); if (!vring_setup(&s->vring, s->vdev, 0)) { + s->starting = false; return; } @@ -482,6 +490,7 @@ void virtio_blk_data_plane_start(VirtIOBlockDataPlane *s) s->io_notifier = *ioq_get_notifier(&s->ioqueue); aio_set_event_notifier(s->ctx, &s->io_notifier, handle_io); + s->starting = false; s->started = true; trace_virtio_blk_data_plane_start(s); diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c index 727f4331c0..668cc069ff 100644 --- a/hw/block/xen_disk.c +++ b/hw/block/xen_disk.c @@ -813,7 +813,7 @@ static int blk_connect(struct XenDevice *xendev) readonly); if (bdrv_open(blkdev->bs, blkdev->filename, NULL, qflags, drv) != 0) { - bdrv_delete(blkdev->bs); + bdrv_unref(blkdev->bs); blkdev->bs = NULL; } } @@ -824,6 +824,9 @@ static int blk_connect(struct XenDevice *xendev) /* setup via qemu cmdline -> already setup for us */ xen_be_printf(&blkdev->xendev, 2, "get configured bdrv (cmdline setup)\n"); blkdev->bs = blkdev->dinfo->bdrv; + /* blkdev->bs is not create by us, we get a reference + * so we can bdrv_unref() unconditionally */ + bdrv_ref(blkdev->bs); } bdrv_attach_dev_nofail(blkdev->bs, blkdev); blkdev->file_size = bdrv_getlength(blkdev->bs); @@ -922,12 +925,8 @@ static void blk_disconnect(struct XenDevice *xendev) struct XenBlkDev *blkdev = container_of(xendev, struct XenBlkDev, xendev); if (blkdev->bs) { - if (!blkdev->dinfo) { - /* close/delete only if we created it ourself */ - bdrv_close(blkdev->bs); - bdrv_detach_dev(blkdev->bs, blkdev); - bdrv_delete(blkdev->bs); - } + bdrv_detach_dev(blkdev->bs, blkdev); + bdrv_unref(blkdev->bs); blkdev->bs = NULL; } xen_be_unbind_evtchn(&blkdev->xendev); diff --git a/hw/bt/core.c b/hw/bt/core.c index 49012e028c..0ffc948898 100644 --- a/hw/bt/core.c +++ b/hw/bt/core.c @@ -119,3 +119,26 @@ void bt_device_done(struct bt_device_s *dev) *p = dev->next; } + +static struct bt_vlan_s { + struct bt_scatternet_s net; + int id; + struct bt_vlan_s *next; +} *first_bt_vlan; + +/* find or alloc a new bluetooth "VLAN" */ +struct bt_scatternet_s *qemu_find_bt_vlan(int id) +{ + struct bt_vlan_s **pvlan, *vlan; + for (vlan = first_bt_vlan; vlan != NULL; vlan = vlan->next) { + if (vlan->id == id) + return &vlan->net; + } + vlan = g_malloc0(sizeof(struct bt_vlan_s)); + vlan->id = id; + pvlan = &first_bt_vlan; + while (*pvlan != NULL) + pvlan = &(*pvlan)->next; + *pvlan = vlan; + return &vlan->net; +} diff --git a/hw/bt/hci.c b/hw/bt/hci.c index d1c0604a9b..7ea3dc6b70 100644 --- a/hw/bt/hci.c +++ b/hw/bt/hci.c @@ -429,6 +429,24 @@ static const uint8_t bt_event_reserved_mask[8] = { 0xff, 0x9f, 0xfb, 0xff, 0x07, 0x18, 0x00, 0x00, }; + +static void null_hci_send(struct HCIInfo *hci, const uint8_t *data, int len) +{ +} + +static int null_hci_addr_set(struct HCIInfo *hci, const uint8_t *bd_addr) +{ + return -ENOTSUP; +} + +struct HCIInfo null_hci = { + .cmd_send = null_hci_send, + .sco_send = null_hci_send, + .acl_send = null_hci_send, + .bdaddr_set = null_hci_addr_set, +}; + + static inline uint8_t *bt_hci_event_start(struct bt_hci_s *hci, int evt, int len) { @@ -2176,6 +2194,36 @@ struct HCIInfo *bt_new_hci(struct bt_scatternet_s *net) return &s->info; } +struct HCIInfo *hci_init(const char *str) +{ + char *endp; + struct bt_scatternet_s *vlan = 0; + + if (!strcmp(str, "null")) + /* null */ + return &null_hci; + else if (!strncmp(str, "host", 4) && (str[4] == '\0' || str[4] == ':')) + /* host[:hciN] */ + return bt_host_hci(str[4] ? str + 5 : "hci0"); + else if (!strncmp(str, "hci", 3)) { + /* hci[,vlan=n] */ + if (str[3]) { + if (!strncmp(str + 3, ",vlan=", 6)) { + vlan = qemu_find_bt_vlan(strtol(str + 9, &endp, 0)); + if (*endp) + vlan = 0; + } + } else + vlan = qemu_find_bt_vlan(0); + if (vlan) + return bt_new_hci(vlan); + } + + fprintf(stderr, "qemu: Unknown bluetooth HCI `%s'.\n", str); + + return 0; +} + static void bt_hci_done(struct HCIInfo *info) { struct bt_hci_s *hci = hci_from_info(info); diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index 275e39595d..907792b721 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -89,7 +89,7 @@ static void pc_init1(QEMUMachineInitArgs *args, FWCfgState *fw_cfg = NULL; PcGuestInfo *guest_info; - if (xen_enabled() && xen_hvm_init() != 0) { + if (xen_enabled() && xen_hvm_init(&ram_memory) != 0) { fprintf(stderr, "xen hardware virtual machine initialisation failed\n"); exit(1); } @@ -339,14 +339,25 @@ static void pc_xen_hvm_init(QEMUMachineInitArgs *args) .desc = "Standard PC (i440FX + PIIX, 1996)", \ .hot_add_cpu = pc_hot_add_cpu +#define PC_I440FX_1_7_MACHINE_OPTIONS PC_I440FX_MACHINE_OPTIONS +static QEMUMachine pc_i440fx_machine_v1_7 = { + PC_I440FX_1_7_MACHINE_OPTIONS, + .name = "pc-i440fx-1.7", + .alias = "pc", + .init = pc_init_pci, + .is_default = 1, +}; + #define PC_I440FX_1_6_MACHINE_OPTIONS PC_I440FX_MACHINE_OPTIONS static QEMUMachine pc_i440fx_machine_v1_6 = { PC_I440FX_1_6_MACHINE_OPTIONS, .name = "pc-i440fx-1.6", - .alias = "pc", .init = pc_init_pci_1_6, - .is_default = 1, + .compat_props = (GlobalProperty[]) { + PC_COMPAT_1_6, + { /* end of list */ } + }, }; static QEMUMachine pc_i440fx_machine_v1_5 = { @@ -735,6 +746,7 @@ static QEMUMachine xenfv_machine = { static void pc_machine_init(void) { + qemu_register_machine(&pc_i440fx_machine_v1_7); qemu_register_machine(&pc_i440fx_machine_v1_6); qemu_register_machine(&pc_i440fx_machine_v1_5); qemu_register_machine(&pc_i440fx_machine_v1_4); diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c index d7b7c3bf9a..ca84e1c04c 100644 --- a/hw/i386/pc_q35.c +++ b/hw/i386/pc_q35.c @@ -76,6 +76,11 @@ static void pc_q35_init(QEMUMachineInitArgs *args) DeviceState *icc_bridge; PcGuestInfo *guest_info; + if (xen_enabled() && xen_hvm_init(&ram_memory) != 0) { + fprintf(stderr, "xen hardware virtual machine initialisation failed\n"); + exit(1); + } + icc_bridge = qdev_create(NULL, TYPE_ICC_BRIDGE); object_property_add_child(qdev_get_machine(), "icc-bridge", OBJECT(icc_bridge), NULL); @@ -258,13 +263,25 @@ static void pc_q35_init_1_4(QEMUMachineInitArgs *args) .desc = "Standard PC (Q35 + ICH9, 2009)", \ .hot_add_cpu = pc_hot_add_cpu +#define PC_Q35_1_7_MACHINE_OPTIONS PC_Q35_MACHINE_OPTIONS + +static QEMUMachine pc_q35_machine_v1_7 = { + PC_Q35_1_7_MACHINE_OPTIONS, + .name = "pc-q35-1.7", + .alias = "q35", + .init = pc_q35_init, +}; + #define PC_Q35_1_6_MACHINE_OPTIONS PC_Q35_MACHINE_OPTIONS static QEMUMachine pc_q35_machine_v1_6 = { PC_Q35_1_6_MACHINE_OPTIONS, .name = "pc-q35-1.6", - .alias = "q35", .init = pc_q35_init_1_6, + .compat_props = (GlobalProperty[]) { + PC_COMPAT_1_6, + { /* end of list */ } + }, }; static QEMUMachine pc_q35_machine_v1_5 = { @@ -293,6 +310,7 @@ static QEMUMachine pc_q35_machine_v1_4 = { static void pc_q35_machine_init(void) { + qemu_register_machine(&pc_q35_machine_v1_7); qemu_register_machine(&pc_q35_machine_v1_6); qemu_register_machine(&pc_q35_machine_v1_5); qemu_register_machine(&pc_q35_machine_v1_4); diff --git a/hw/net/e1000.c b/hw/net/e1000.c index f5ebed46ab..d3f274cc28 100644 --- a/hw/net/e1000.c +++ b/hw/net/e1000.c @@ -135,9 +135,16 @@ typedef struct E1000State_st { QEMUTimer *autoneg_timer; + QEMUTimer *mit_timer; /* Mitigation timer. */ + bool mit_timer_on; /* Mitigation timer is running. */ + bool mit_irq_level; /* Tracks interrupt pin level. */ + uint32_t mit_ide; /* Tracks E1000_TXD_CMD_IDE bit. */ + /* Compatibility flags for migration to/from qemu 1.3.0 and older */ #define E1000_FLAG_AUTONEG_BIT 0 +#define E1000_FLAG_MIT_BIT 1 #define E1000_FLAG_AUTONEG (1 << E1000_FLAG_AUTONEG_BIT) +#define E1000_FLAG_MIT (1 << E1000_FLAG_MIT_BIT) uint32_t compat_flags; } E1000State; @@ -158,7 +165,8 @@ enum { defreg(TORH), defreg(TORL), defreg(TOTH), defreg(TOTL), defreg(TPR), defreg(TPT), defreg(TXDCTL), defreg(WUFC), defreg(RA), defreg(MTA), defreg(CRCERRS),defreg(VFTA), - defreg(VET), + defreg(VET), defreg(RDTR), defreg(RADV), defreg(TADV), + defreg(ITR), }; static void @@ -245,10 +253,21 @@ static const uint32_t mac_reg_init[] = { E1000_MANC_RMCP_EN, }; +/* Helper function, *curr == 0 means the value is not set */ +static inline void +mit_update_delay(uint32_t *curr, uint32_t value) +{ + if (value && (*curr == 0 || value < *curr)) { + *curr = value; + } +} + static void set_interrupt_cause(E1000State *s, int index, uint32_t val) { PCIDevice *d = PCI_DEVICE(s); + uint32_t pending_ints; + uint32_t mit_delay; if (val && (E1000_DEVID >= E1000_DEV_ID_82547EI_MOBILE)) { /* Only for 8257x */ @@ -266,7 +285,57 @@ set_interrupt_cause(E1000State *s, int index, uint32_t val) */ s->mac_reg[ICS] = val; - qemu_set_irq(d->irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0); + pending_ints = (s->mac_reg[IMS] & s->mac_reg[ICR]); + if (!s->mit_irq_level && pending_ints) { + /* + * Here we detect a potential raising edge. We postpone raising the + * interrupt line if we are inside the mitigation delay window + * (s->mit_timer_on == 1). + * We provide a partial implementation of interrupt mitigation, + * emulating only RADV, TADV and ITR (lower 16 bits, 1024ns units for + * RADV and TADV, 256ns units for ITR). RDTR is only used to enable + * RADV; relative timers based on TIDV and RDTR are not implemented. + */ + if (s->mit_timer_on) { + return; + } + if (s->compat_flags & E1000_FLAG_MIT) { + /* Compute the next mitigation delay according to pending + * interrupts and the current values of RADV (provided + * RDTR!=0), TADV and ITR. + * Then rearm the timer. + */ + mit_delay = 0; + if (s->mit_ide && + (pending_ints & (E1000_ICR_TXQE | E1000_ICR_TXDW))) { + mit_update_delay(&mit_delay, s->mac_reg[TADV] * 4); + } + if (s->mac_reg[RDTR] && (pending_ints & E1000_ICS_RXT0)) { + mit_update_delay(&mit_delay, s->mac_reg[RADV] * 4); + } + mit_update_delay(&mit_delay, s->mac_reg[ITR]); + + if (mit_delay) { + s->mit_timer_on = 1; + timer_mod(s->mit_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + + mit_delay * 256); + } + s->mit_ide = 0; + } + } + + s->mit_irq_level = (pending_ints != 0); + qemu_set_irq(d->irq[0], s->mit_irq_level); +} + +static void +e1000_mit_timer(void *opaque) +{ + E1000State *s = opaque; + + s->mit_timer_on = 0; + /* Call set_interrupt_cause to update the irq level (if necessary). */ + set_interrupt_cause(s, 0, s->mac_reg[ICR]); } static void @@ -307,6 +376,10 @@ static void e1000_reset(void *opaque) int i; timer_del(d->autoneg_timer); + timer_del(d->mit_timer); + d->mit_timer_on = 0; + d->mit_irq_level = 0; + d->mit_ide = 0; memset(d->phy_reg, 0, sizeof d->phy_reg); memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init); memset(d->mac_reg, 0, sizeof d->mac_reg); @@ -572,6 +645,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) struct e1000_context_desc *xp = (struct e1000_context_desc *)dp; struct e1000_tx *tp = &s->tx; + s->mit_ide |= (txd_lower & E1000_TXD_CMD_IDE); if (dtype == E1000_TXD_CMD_DEXT) { // context descriptor op = le32_to_cpu(xp->cmd_and_length); tp->ipcss = xp->lower_setup.ip_fields.ipcss; @@ -1047,7 +1121,8 @@ static uint32_t (*macreg_readops[])(E1000State *, int) = { getreg(TORL), getreg(TOTL), getreg(IMS), getreg(TCTL), getreg(RDH), getreg(RDT), getreg(VET), getreg(ICS), getreg(TDBAL), getreg(TDBAH), getreg(RDBAH), getreg(RDBAL), - getreg(TDLEN), getreg(RDLEN), + getreg(TDLEN), getreg(RDLEN), getreg(RDTR), getreg(RADV), + getreg(TADV), getreg(ITR), [TOTH] = mac_read_clr8, [TORH] = mac_read_clr8, [GPRC] = mac_read_clr4, [GPTC] = mac_read_clr4, [TPR] = mac_read_clr4, [TPT] = mac_read_clr4, @@ -1069,6 +1144,8 @@ static void (*macreg_writeops[])(E1000State *, int, uint32_t) = { [TDH] = set_16bit, [RDH] = set_16bit, [RDT] = set_rdt, [IMC] = set_imc, [IMS] = set_ims, [ICR] = set_icr, [EECD] = set_eecd, [RCTL] = set_rx_control, [CTRL] = set_ctrl, + [RDTR] = set_16bit, [RADV] = set_16bit, [TADV] = set_16bit, + [ITR] = set_16bit, [RA ... RA+31] = &mac_writereg, [MTA ... MTA+127] = &mac_writereg, [VFTA ... VFTA+127] = &mac_writereg, @@ -1150,6 +1227,11 @@ static void e1000_pre_save(void *opaque) E1000State *s = opaque; NetClientState *nc = qemu_get_queue(s->nic); + /* If the mitigation timer is active, emulate a timeout now. */ + if (s->mit_timer_on) { + e1000_mit_timer(s); + } + if (!(s->compat_flags & E1000_FLAG_AUTONEG)) { return; } @@ -1171,6 +1253,14 @@ static int e1000_post_load(void *opaque, int version_id) E1000State *s = opaque; NetClientState *nc = qemu_get_queue(s->nic); + if (!(s->compat_flags & E1000_FLAG_MIT)) { + s->mac_reg[ITR] = s->mac_reg[RDTR] = s->mac_reg[RADV] = + s->mac_reg[TADV] = 0; + s->mit_irq_level = false; + } + s->mit_ide = 0; + s->mit_timer_on = false; + /* nc.link_down can't be migrated, so infer link_down according * to link status bit in mac_reg[STATUS]. * Alternatively, restart link negotiation if it was in progress. */ @@ -1190,6 +1280,28 @@ static int e1000_post_load(void *opaque, int version_id) return 0; } +static bool e1000_mit_state_needed(void *opaque) +{ + E1000State *s = opaque; + + return s->compat_flags & E1000_FLAG_MIT; +} + +static const VMStateDescription vmstate_e1000_mit_state = { + .name = "e1000/mit_state", + .version_id = 1, + .minimum_version_id = 1, + .minimum_version_id_old = 1, + .fields = (VMStateField[]) { + VMSTATE_UINT32(mac_reg[RDTR], E1000State), + VMSTATE_UINT32(mac_reg[RADV], E1000State), + VMSTATE_UINT32(mac_reg[TADV], E1000State), + VMSTATE_UINT32(mac_reg[ITR], E1000State), + VMSTATE_BOOL(mit_irq_level, E1000State), + VMSTATE_END_OF_LIST() + } +}; + static const VMStateDescription vmstate_e1000 = { .name = "e1000", .version_id = 2, @@ -1267,6 +1379,14 @@ static const VMStateDescription vmstate_e1000 = { VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, MTA, 128), VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, VFTA, 128), VMSTATE_END_OF_LIST() + }, + .subsections = (VMStateSubsection[]) { + { + .vmsd = &vmstate_e1000_mit_state, + .needed = e1000_mit_state_needed, + }, { + /* empty */ + } } }; @@ -1316,6 +1436,8 @@ pci_e1000_uninit(PCIDevice *dev) timer_del(d->autoneg_timer); timer_free(d->autoneg_timer); + timer_del(d->mit_timer); + timer_free(d->mit_timer); memory_region_destroy(&d->mmio); memory_region_destroy(&d->io); qemu_del_nic(d->nic); @@ -1371,6 +1493,7 @@ static int pci_e1000_init(PCIDevice *pci_dev) add_boot_device_path(d->conf.bootindex, dev, "/ethernet-phy@0"); d->autoneg_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, e1000_autoneg_timer, d); + d->mit_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, e1000_mit_timer, d); return 0; } @@ -1385,6 +1508,8 @@ static Property e1000_properties[] = { DEFINE_NIC_PROPERTIES(E1000State, conf), DEFINE_PROP_BIT("autonegotiation", E1000State, compat_flags, E1000_FLAG_AUTONEG_BIT, true), + DEFINE_PROP_BIT("mitigation", E1000State, + compat_flags, E1000_FLAG_MIT_BIT, true), DEFINE_PROP_END_OF_LIST(), }; diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c index 31afd28c7c..c96125895e 100644 --- a/hw/net/ne2000.c +++ b/hw/net/ne2000.c @@ -693,7 +693,7 @@ static void ne2000_write(void *opaque, hwaddr addr, static const MemoryRegionOps ne2000_ops = { .read = ne2000_read, .write = ne2000_write, - .endianness = DEVICE_NATIVE_ENDIAN, + .endianness = DEVICE_LITTLE_ENDIAN, }; /***********************************************************/ diff --git a/hw/net/vmxnet3.h b/hw/net/vmxnet3.h index 4eae7c76be..f987d71269 100644 --- a/hw/net/vmxnet3.h +++ b/hw/net/vmxnet3.h @@ -34,7 +34,6 @@ #define __le16 uint16_t #define __le32 uint32_t #define __le64 uint64_t -#define __packed QEMU_PACKED #if defined(HOST_WORDS_BIGENDIAN) #define __BIG_ENDIAN_BITFIELD @@ -749,7 +748,6 @@ struct Vmxnet3_DriverShared { #undef __le16 #undef __le32 #undef __le64 -#undef __packed #if defined(HOST_WORDS_BIGENDIAN) #undef __BIG_ENDIAN_BITFIELD #endif diff --git a/hw/pci/pci.c b/hw/pci/pci.c index d00682e134..ad1c1ca91e 100644 --- a/hw/pci/pci.c +++ b/hw/pci/pci.c @@ -1461,7 +1461,7 @@ static PciDeviceInfo *qmp_query_pci_device(PCIDevice *dev, PCIBus *bus, info->function = PCI_FUNC(dev->devfn); class = pci_get_word(dev->config + PCI_CLASS_DEVICE); - info->class_info.class = class; + info->class_info.q_class = class; desc = get_class_desc(class); if (desc->desc) { info->class_info.has_desc = true; diff --git a/hw/usb/Makefile.objs b/hw/usb/Makefile.objs index f9695e7d8a..a3eac3e5c1 100644 --- a/hw/usb/Makefile.objs +++ b/hw/usb/Makefile.objs @@ -18,9 +18,6 @@ common-obj-$(CONFIG_USB_STORAGE_UAS) += dev-uas.o common-obj-$(CONFIG_USB_AUDIO) += dev-audio.o common-obj-$(CONFIG_USB_SERIAL) += dev-serial.o common-obj-$(CONFIG_USB_NETWORK) += dev-network.o - -# FIXME: make configurable too -CONFIG_USB_BLUETOOTH := y common-obj-$(CONFIG_USB_BLUETOOTH) += dev-bluetooth.o ifeq ($(CONFIG_USB_SMARTCARD),y) diff --git a/hw/usb/bus.c b/hw/usb/bus.c index 82ca6a13e8..72d5b92225 100644 --- a/hw/usb/bus.c +++ b/hw/usb/bus.c @@ -47,6 +47,10 @@ static int usb_device_post_load(void *opaque, int version_id) } else { dev->attached = 1; } + if (dev->setup_index >= sizeof(dev->data_buf) || + dev->setup_len >= sizeof(dev->data_buf)) { + return -EINVAL; + } return 0; } diff --git a/hw/usb/dev-bluetooth.c b/hw/usb/dev-bluetooth.c index f2fc2a8034..7f292b1ae6 100644 --- a/hw/usb/dev-bluetooth.c +++ b/hw/usb/dev-bluetooth.c @@ -511,10 +511,17 @@ static int usb_bt_initfn(USBDevice *dev) return 0; } -USBDevice *usb_bt_init(USBBus *bus, HCIInfo *hci) +static USBDevice *usb_bt_init(USBBus *bus, const char *cmdline) { USBDevice *dev; struct USBBtState *s; + HCIInfo *hci; + + if (*cmdline) { + hci = hci_init(cmdline); + } else { + hci = bt_new_hci(qemu_find_bt_vlan(0)); + } if (!hci) return NULL; @@ -566,6 +573,7 @@ static const TypeInfo bt_info = { static void usb_bt_register_types(void) { type_register_static(&bt_info); + usb_legacy_register("usb-bt-dongle", "bt", usb_bt_init); } type_init(usb_bt_register_types) diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index 137e200202..22bdbf4a7d 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -1241,13 +1241,11 @@ static int ehci_init_transfer(EHCIPacket *p) { uint32_t cpage, offset, bytes, plen; dma_addr_t page; - USBBus *bus = &p->queue->ehci->bus; - BusState *qbus = BUS(bus); cpage = get_field(p->qtd.token, QTD_TOKEN_CPAGE); bytes = get_field(p->qtd.token, QTD_TOKEN_TBYTES); offset = p->qtd.bufptr[0] & ~QTD_BUFPTR_MASK; - qemu_sglist_init(&p->sgl, qbus->parent, 5, p->queue->ehci->as); + qemu_sglist_init(&p->sgl, p->queue->ehci->device, 5, p->queue->ehci->as); while (bytes > 0) { if (cpage > 4) { @@ -1486,7 +1484,7 @@ static int ehci_process_itd(EHCIState *ehci, return -1; } - qemu_sglist_init(&ehci->isgl, DEVICE(ehci), 2, ehci->as); + qemu_sglist_init(&ehci->isgl, ehci->device, 2, ehci->as); if (off + len > 4096) { /* transfer crosses page border */ uint32_t len2 = off + len - 4096; @@ -2529,6 +2527,7 @@ void usb_ehci_realize(EHCIState *s, DeviceState *dev, Error **errp) s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, ehci_frame_timer, s); s->async_bh = qemu_bh_new(ehci_frame_timer, s); + s->device = dev; qemu_register_reset(ehci_reset, s); qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s); diff --git a/hw/usb/hcd-ehci.h b/hw/usb/hcd-ehci.h index 15a28e8b31..065c9fa741 100644 --- a/hw/usb/hcd-ehci.h +++ b/hw/usb/hcd-ehci.h @@ -255,6 +255,7 @@ typedef QTAILQ_HEAD(EHCIQueueHead, EHCIQueue) EHCIQueueHead; struct EHCIState { USBBus bus; + DeviceState *device; qemu_irq irq; MemoryRegion mem; AddressSpace *as; |