Jim Meyering [Mon, 8 Feb 2010 18:28:38 +0000 (19:28 +0100)]
don't dereference NULL after failed strdup
Most of these are obvious NULL-deref bug fixes, for example,
the ones in these files:
block/curl.c
net.c
slirp/misc.c
and the first one in block/vvfat.c.
The others in block/vvfat.c may not lead to an immediate segfault, but I
traced the two schedule_rename(..., strdup(path)) uses, and a failed
strdup would appear to trigger this assertion in handle_renames_and_mkdirs:
assert(commit->path);
The conversion to use qemu_strdup in envlist_to_environ is not technically
needed, but does avoid a theoretical leak in the caller when strdup fails
for one value, but later succeeds in allocating another buffer(plausible,
if one string length is much larger than the others). The caller does
not know the length of the returned list, and as such can only free
pointers until it hits the first NULL. If there are non-NULL pointers
beyond the first, their buffers would be leaked. This one is admittedly
far-fetched.
The two in linux-user/main.c are worth fixing to ensure that an
OOM error is diagnosed up front, rather than letting it provoke some
harder-to-diagnose secondary error, in case of exec failure, or worse, in
case the exec succeeds but with an invalid list of command line options.
However, considering how unlikely it is to encounter a failed strdup early
in main, this isn't a big deal. Note that adding the required uses of
qemu_strdup here and in envlist.c induce link failures because qemu_strdup
is not currently in any library they're linked with. So for now, I've
omitted those changes, as well as the fixes in target-i386/helper.c
and target-sparc/helper.c.
If you'd like to see the above discussion (or anything else)
in the commit log, just let me know and I'll be happy to adjust.
>From 9af42864fd1ea666bd25e2cecfdfae74c20aa8c7 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Mon, 8 Feb 2010 18:29:29 +0100
Subject: [PATCH] don't dereference NULL after failed strdup
Handle failing strdup by replacing each use with qemu_strdup,
so as not to dereference NULL or trigger a failing assertion.
* block/curl.c (curl_open): s/\bstrdup\b/qemu_strdup/
* block/vvfat.c (init_directories): Likewise.
(get_cluster_count_for_direntry, check_directory_consistency): Likewise.
* net.c (parse_host_src_port): Likewise.
* slirp/misc.c (fork_exec): Likewise.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Luiz Capitulino [Mon, 8 Feb 2010 19:01:30 +0000 (17:01 -0200)]
QMP: Don't leak on connection close
QMP's chardev event callback doesn't call
json_message_parser_destroy() on CHR_EVENT_CLOSED. As the call
to json_message_parser_init() on CHR_EVENT_OPENED allocates memory,
we'are leaking on close.
Fix that by just calling json_message_parser_destroy() on
CHR_EVENT_CLOSED.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Luiz Capitulino [Mon, 8 Feb 2010 19:01:29 +0000 (17:01 -0200)]
QError: Don't abort on multiple faults
Ideally, Monitor code should report an error only once and
return the error information up the call chain.
To assure that this happens as expected and that no error is
lost, we have an assert() in qemu_error_internal().
However, we still have not fully converted handlers using
monitor_printf() to report errors. As there can be multiple
monitor_printf() calls on an error, the assertion is easily
triggered when debugging is enabled; and we will get a memory
leak if it's not.
The solution to this problem is to allow multiple faults by only
reporting the first one, and to release the additional error objects.
A better mechanism to report multiple errors to programmers is
underway.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Tom Lendacky [Mon, 8 Feb 2010 16:10:01 +0000 (10:10 -0600)]
virtio-net: fix network stall under load
Fix a race condition where qemu finds that there are not enough virtio
ring buffers available and the guest make more buffers available before
qemu can enable notifications.
Signed-off-by: Tom Lendacky <toml@us.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Roy Tam [Thu, 4 Feb 2010 02:30:30 +0000 (10:30 +0800)]
json: fix PRId64 on Win32
OK we are fooled by the json lexer and parser. As we use %I64d to
print 'long long' variables in Win32, but lexer and parser only deal
with %lld but not %I64d, this patch add support for %I64d and solve
'info pci', 'powser_reset' and 'power_powerdown' assert failure in
Win32.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Luiz Capitulino [Thu, 4 Feb 2010 20:10:06 +0000 (18:10 -0200)]
QMP: Enforce capability negotiation rules
With this commit QMP will be started in Capabilities Negotiation
mode, where the only command allowed to run is 'qmp_capabilities'.
All other commands will return CommandNotFound error. Asynchronous
messages are not delivered either.
When 'qmp_capabilities' is successfully executed QMP enters in
Command mode, where all commands (except 'qmp_capabilities') are
allowed to run and asynchronous messages are delivered.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Luiz Capitulino [Thu, 4 Feb 2010 20:10:05 +0000 (18:10 -0200)]
QMP: Introduce the qmp_capabilities command
This command will be used to enable QMP capabilities advertised
by the capabilities array.
Note that it will be mandatory to issue this command in order
to make QMP functional (although this behavior is not being
enforced by this commit).
Also, as we don't have any capabilities yet, the new command
doesn't accept any arguments. I will postpone the decision for
a format for this until we get our first capability.
Finally, this command is visible from the user Monitor too, in
the meaning that you can execute it but it won't do anything.
Making it only visible in QMP is beyond this series' goal, as
it requires changes in unrelated places.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Luiz Capitulino [Thu, 4 Feb 2010 20:10:04 +0000 (18:10 -0200)]
QMP: Add QEMU's version to the greeting message
With capability negotiation support clients will only have a chance
to check QEMU's version (ie. issue 'query-version') after the
negotiation procedure is done.
It might be useful to clients to check QEMU's version before
negotiating features, though.
To allow that, this commit adds the QEMU's version object to the
greeting message.
Not really sure this is needed, but doesn't hurt anyway.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
David S. Ahern [Wed, 3 Feb 2010 16:00:54 +0000 (09:00 -0700)]
segfault due to buffer overrun in usb-serial
This fixes a segfault due to buffer overrun in the usb-serial device.
The memcpy was incrementing the start location by recv_used yet, the
computation of first_size (how much to write at the end of the buffer
before wrapping to the front) was not accounting for it. This causes the
next element after the receive buffer (recv_ptr) to get overwritten with
random data.
Signed-off-by: David Ahern <daahern@cisco.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
David S. Ahern [Wed, 3 Feb 2010 15:49:39 +0000 (08:49 -0700)]
audio streaming from usb devices
I have streaming audio devices working within qemu-kvm. This is a port
of the changes to qemu.
Streaming audio generates a series of isochronous requests that are
repetitive and time sensitive. The URBs need to be submitted in
consecutive USB frames and responses need to be handled in a timely manner.
Summary of the changes for isochronous requests:
1. The initial 'valid' value is increased to 32. It needs to be higher
than its current value of 10 since the host adds a 10 frame delay to the
scheduling of the first request; if valid is set to 10 the first
isochronous request times out and qemu cancels it. 32 was chosen as a
nice round number, and it is used in the path where a TD-async pairing
already exists.
2. The token field in the TD is *not* unique for isochronous requests,
so it is not a good choice for finding a matching async request. The
buffer (where to write the guest data) is unique, so use that value instead.
3. TD's for isochronous request need to be completed in the async
completion handler so that data is pushed to the guest as soon as it is
available. The uhci code currently attempts to process complete
isochronous TDs the next time the UHCI frame with the request is
processed. The results in lost data since the async requests will have
long since timed out based on the valid parameter. Increasing the valid
value is not acceptable as it introduces a 1+ second delay in the data
getting pushed to the guest.
4. The frame timer needs to be run on 1 msec intervals. Currently, the
expire time for the processing the next frame is computed after the
processing of each frame. This regularly causes the scheduling of frames
to shift in time. When this happens the periodic scheduling of the
requests is broken and the subsequent request is seen as a new request
by the host resulting in a 10 msec delay (first isochronous request is
scheduled for 10 frames from when the URB is submitted).
[ For what's worth a small change is needed to the guest driver to have
more outstanding URBs (at least 4 URBs with 5 packets per URB).]
Signed-off-by: David Ahern <daahern@cisco.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Stefan Weil [Fri, 5 Feb 2010 22:52:00 +0000 (23:52 +0100)]
Documentation: Use UTF-8 encoding and fix one wrong encoding
At least for Linux distributions UTF-8 is now standard,
so the QEMU documentation should use this encoding, too.
Even if there was currently only a single special character
using ISO-8859-1, this might change in the future.
So the texinfo keywords @documentlanguage and
@documentencoding now document the language and the
encoding. The special character was changed to UTF-8
(it could also have been changed to an x, but the
original cross looks really nice if it is displayed
correctly).
These changes fix the html presentation at
http://www.qemu.org/qemu-doc.html#SEC65
(ARM System emulator).
Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Clean up the current mess about figuring out which flags to pass to the
driver. BDRV_O_FILE, BDRV_O_SNAPSHOT and BDRV_O_NO_BACKING are flags
only used by the block layer internally so filter them out directly.
Previously BDRV_O_NO_BACKING could accidentally be passed to the drivers,
but wasn't ever used.
Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Luiz Capitulino [Wed, 3 Feb 2010 14:41:01 +0000 (12:41 -0200)]
block: BLOCK_IO_ERROR QMP event
This commit introduces the bdrv_mon_event() function, which
should be called by block subsystems (eg. IDE) when a I/O
error occurs, so that an QMP event is emitted.
The following information is currently provided in the event:
- device name
- operation (ie. "read" or "write")
- action taken (eg. "stop")
Sheng Yang [Fri, 29 Jan 2010 02:15:06 +0000 (10:15 +0800)]
qemu-img: Fix qemu-img can't create qcow image based on read-only image
Commit 03cbdac7 "Disable fall-back to read-only when cannot open drive's
file for read-write" result in read-only image can't be used as backed
image in qemu-img.
Cc: Naphtali Sprei <nsprei@redhat.com> Signed-off-by: Sheng Yang <sheng@linux.intel.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Scott Tsai [Fri, 29 Jan 2010 19:28:58 +0000 (03:28 +0800)]
doc: Update mingw cross compile instructions
The "Cross compilation for Windows with Linux" section of qemu-doc.texi
still instructs the user to use 'configure --enable-mingw32'
even after the option was removed in Aug 2008:
http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=cd01b4a312248dd4e12c3d389d1a349cea4015d8
This documentation only change updates the instructions to:
* Remove use of '--enable-mingw32' in the configure example
* Correct the 'sdl-config' script name
* Remove references to i386-mingw32msvc.tar.gz which no longer exists in
recent SDL releases
* Document the zlib dependency
Signed-off-by: Scott Tsai <scottt.tw@gmail.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Do not ignore error, if open file failed (-serial /dev/tty)
In case, when qemu is executed with option like
-serial /dev/ttyS0, report if there are problems with
opening of devices. At now errors are silently ignoring.
Signed-off-by: Evgeniy Dushistov <dushistov@mail.ru> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Stefan Weil [Fri, 29 Jan 2010 22:16:50 +0000 (23:16 +0100)]
Documentation: Add build support for documentation in pdf format
Makefile already supported dvi, html and info formats,
but pdf was missing.
pdf is especially convenient for printing and for
documentation reviews. I hope it will help to
improve qemu's documentation.
Make now supports the new target 'pdf' which will
create qemu-doc.pdf and qemu-tech.pdf. It is also
possible to build both files individually.
texi2pdf and texi2dvi are rather noisy, so normally
some less important warnings are suppressed.
When make is called with V=1 (verbose mode),
warnings are not suppressed.
The patch also sorts the documentation targets
alphabetically and wraps a line which was too long.
Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Paolo Bonzini [Tue, 26 Jan 2010 08:31:46 +0000 (10:31 +0200)]
add qemu_get_clock_ns
Some places use get_clock directly because they want to access the
rt_clock with nanosecond precision. Add a function to do exactly that
instead of using internal interfaces.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Liran Schour [Tue, 26 Jan 2010 08:31:45 +0000 (10:31 +0200)]
Remove unused code
blk_mig_save_bulked_block is never called with sync flag. Remove the sync
flag. Calculate bulk completion during blk_mig_save_bulked_block.
Remove unused constants.
Signed-off-by: Liran Schour <lirans@il.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This adds notifiers for phys memory changes: a set of callbacks that
vhost can register and update kernel accordingly. Down the road, kvm
code can be switched to use these as well, instead of calling kvm code
directly from exec.c as is done now.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Aurelien Jarno [Tue, 9 Feb 2010 21:54:22 +0000 (22:54 +0100)]
tcg/mips: fix crash in tcg_out_qemu_ld()
The address register is overriden when it corresponds to v0 and the fast
path is taken, which leads to a crash. Fix that by using the a0 register
instead.
Aurelien Jarno [Tue, 2 Feb 2010 21:32:14 +0000 (22:32 +0100)]
target-sh4: MMU: separate execute and read/write permissions
On SH4, the ITLB and UTLB configurations are memory mapped, so loading
ITLB entries from UTLB has to be simulated correctly. For that the QEMU
TLB has to be handle the execute (ITLB) and read/write permissions
(UTLB) seperately.
Aurelien Jarno [Tue, 2 Feb 2010 18:50:51 +0000 (19:50 +0100)]
target-sh4: MMU: optimize UTLB accesses
With the current code, the QEMU TLB is setup to match the read/write
mode of the MMU fault. This means when read access is done, the page
is setup in read-only mode. When the page is later accessed in write
mode, an MMU fault happened, and the page is switch in write-only
mode. This flip-flop causes a lot of calls to the MMU code and slow
down the emulation.
This patch changes the MMU emulation, so that the QEMU TLB is setup
to match the UTLB protection key. This impressively increase the
speed of the emulation.
Aurelien Jarno [Mon, 1 Feb 2010 18:58:46 +0000 (19:58 +0100)]
target-sh4: MMU: fix mem_idx computation
The mem_idx is wrongly computed. As written in target-sh4/cpu.h, mode 0
corresponds to kernel mode (SR_MD = 1), while mode 1 corresponds to user
mode (SR_MD = 0).
Stefan Weil [Wed, 20 Jan 2010 18:43:25 +0000 (19:43 +0100)]
arm host: fix compiler warning
Compilation for arm (native or cross) results in this
warning:
fpu/softfloat-native.c: In function ‘float64_round_to_int’:
fpu/softfloat-native.c:387: error: control reaches end of non-void function
float64_round_to_int uses special assembler code for arm
and has no explicit return value.
As there is no obvious reason why arm should need special
code, all fpu related conditionals were removed.
The remaining code is standard (C99) and compiles for arm,
too.
Signed-off-by: Stefan Weil <weil@mail.berlios.de> Acked-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
There are places, like brcond2, where we know that the destination
of a forward branch will be within 127 bytes.
Add the R_386_PC8 relocation type to support this. Add a flag to
tcg_out_jxx and tcg_out_brcond* to enable it. Set the flag in the
brcond2 label_next branches; pass along the input flag otherwise.
Signed-off-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Loïc Minier [Sun, 31 Jan 2010 11:23:45 +0000 (12:23 +0100)]
Add -static earlier to LDFLAGS for compile_prog()
Add -static to LDFLAGS earlier as to run the compile_prog() tests with
this flags, this will avoid turning on features for which a shared
library is available but not a static one.
Loïc Minier [Sun, 31 Jan 2010 11:22:52 +0000 (12:22 +0100)]
Fix missing symbols in .rel/.rela.plt sections
Fix .rel.plt sections in the output to not only include .rel.plt
sections from the input but also the .rel.iplt sections and to define
the hidden symbols __rel_iplt_start and __rel_iplt_end around
.rel.iplt as otherwise we get undefined references to these when
linking statically to a multilib libc.a. This fixes the static build
under i386.
Apply similar logic to rela.plt/.iplt and __rela_iplt/_plt_start/_end to
fix the static build under amd64.
Aurelien Jarno [Sat, 6 Feb 2010 20:22:19 +0000 (21:22 +0100)]
configure: fix compilation on hosts without -fstack-protector-all
Commit a0f291fc101a7ab3e40850a329da2cc2f2cd1f2d has enabled
-fstack-protector-all on all targets, as the configure test is bogus.
GCC only emits a warning and not an error if this option is not
supported, so the configure scripts doesn't detect the problem.
This patch changes the configure script to try the various flags
with -Werror in addition to catch the possible warnings.
Riku Voipio [Mon, 25 Jan 2010 13:17:32 +0000 (15:17 +0200)]
target-arm: refactor cp15.c13 register access
Access the cp15.c13 TLS registers directly with TCG ops instead of with
a slow helper. If the the cp15 read/write was not TLS register access,
fall back to the cp15 helper.
This makes accessing __thread variables in linux-user when apps are compiled
with -mtp=cp15 possible. legal cp15 register to acces from linux-user are
already checked in cp15_user_ok.
While at it, make the cp15.c13 Thread ID registers available only on
ARMv6K and newer.
Riku Voipio [Mon, 25 Jan 2010 12:30:49 +0000 (14:30 +0200)]
linux-user: remove signal handler before calling abort()
Qemu may hang in host_signal_handler after qemu has done a
seppuku with cpu_abort(). But at this stage we are not really
interested in target process coredump anymore, so unregister
host_signal_handler to die grafefully.
Aurelien Jarno [Sat, 6 Feb 2010 15:59:11 +0000 (16:59 +0100)]
target-ppc: change DCR helpers to target_long arguments
The recent transition to always have the DCR helper functions take 32 bit
values broke the PPC64 target, as target_long became 64 bits there.
This patch changes DCR helpers to target_long arguments, and cast the values
to 32 bit when needed.
Fixes PPC64 build with --enable-debug-tcg
Based on a patch from Alexander Graf <agraf@suse.de> Reported-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
projects / qemu.git / log