aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-03-16fuzz: add instructions for building reproducersAlexander Bulekov
We have several scripts that help build reproducers, but no documentation for how they should be used. Add some documentation Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-16fuzz: add a script to build reproducersAlexander Bulekov
Currently, bash and C crash reproducers are be built manually. This is a problem, as we want to integrate reproducers into the tree, for regression testing. This patch adds a script that converts a sequence of QTest commands into a pasteable Bash reproducer, or a libqtest-based C program. This will try to wrap pasteable reproducers to 72 chars, but the generated C code will not have nice formatting. Therefore, the C output of this script should be piped through an auto-formatter, such as clang-format Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-16fuzz: don't leave orphan llvm-symbolizers aroundAlexander Bulekov
I noticed that with a sufficiently small timeout, the fuzzer fork-server sometimes locks up. On closer inspection, the issue appeared to be caused by entering our SIGALRM handler, while libfuzzer is in it's crash handlers. Because libfuzzer relies on pipe communication with an external child process to print out stack-traces, we shouldn't exit early, and leave an orphan child. Check for children in the SIGALRM handler to avoid this issue. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Acked-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-16fuzz: fix the pro100 generic-fuzzer configAlexander Bulekov
The device-type names for the pro100 network cards, are i8255.. We were matching "eepro", which catches the PCI PIO/MMIO regions for those devices, however misses the actual PCI device, which we use to map the BARs, before fuzzing. Fix that Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-16MAINTAINERS: Cover fuzzer reproducer tests within 'Device Fuzzing'Philippe Mathieu-Daudé
When we started to commit the fuzzer QTest reproducers to fuzz-test.c in commit d8dd1095019 ("qtest: add fuzz test case"), we forgot to add the corresponding MAINTAINERS entry. Do it now. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-16tests/qtest: Only run fuzz-virtio-scsi when virtio-scsi is availablePhilippe Mathieu-Daudé
This test fails when QEMU is built without the virtio-scsi device, restrict it to its availability. Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-16tests/qtest: Only run fuzz-megasas-test if megasas device is availablePhilippe Mathieu-Daudé
This test fails when QEMU is built without the megasas device, restrict it to its availability. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-16vfio/migrate: Move switch of dirty tracking into vfio_memory_listenerKeqian Zhu
For now the switch of vfio dirty page tracking is integrated into @vfio_save_handler. The reason is that some PCI vendor driver may start to track dirty base on _SAVING state of device, so if dirty tracking is started before setting device state, vfio will report full-dirty to QEMU. However, the dirty bmap of all ramblocks are fully set when setup ram saving, so it's not matter whether the device is in _SAVING state when start vfio dirty tracking. Moreover, this logic causes some problems [1]. The object of dirty tracking is guest memory, but the object of @vfio_save_handler is device state, which produces unnecessary coupling and conflicts: 1. Coupling: Their saving granule is different (perVM vs perDevice). vfio will enable dirty_page_tracking for each devices, actually once is enough. 2. Conflicts: The ram_save_setup() traverses all memory_listeners to execute their log_start() and log_sync() hooks to get the first round dirty bitmap, which is used by the bulk stage of ram saving. However, as vfio dirty tracking is not yet started, it can't get dirty bitmap from vfio. Then we give up the chance to handle vfio dirty page at bulk stage. Move the switch of vfio dirty_page_tracking into vfio_memory_listener can solve above problems. Besides, Do not require devices in SAVING state for vfio_sync_dirty_bitmap(). [1] https://www.spinics.net/lists/kvm/msg229967.html Reported-by: Zenghui Yu <yuzenghui@huawei.com> Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20210309031913.11508-1-zhukeqian1@huawei.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2021-03-16vfio: Support host translation granule sizeKunkun Jiang
The cpu_physical_memory_set_dirty_lebitmap() can quickly deal with the dirty pages of memory by bitmap-traveling, regardless of whether the bitmap is aligned correctly or not. cpu_physical_memory_set_dirty_lebitmap() supports pages in bitmap of host page size. So it'd better to set bitmap_pgsize to host page size to support more translation granule sizes. [aw: The Fixes commit below introduced code to restrict migration support to configurations where the target page size intersects the host dirty page support. For example, a 4K guest on a 4K host. Due to the above flexibility in bitmap handling, this restriction unnecessarily prevents mixed target/host pages size that could otherwise be supported. Use host page size for dirty bitmap.] Fixes: 87ea529c502 ("vfio: Get migration capability flags for container") Signed-off-by: Kunkun Jiang <jiangkunkun@huawei.com> Message-Id: <20210304133446.1521-1-jiangkunkun@huawei.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2021-03-16vfio: Avoid disabling and enabling vectors repeatedly in VFIO migrationShenming Lu
In VFIO migration resume phase and some guest startups, there are already unmasked vectors in the vector table when calling vfio_msix_enable(). So in order to avoid inefficiently disabling and enabling vectors repeatedly, let's allocate all needed vectors first and then enable these unmasked vectors one by one without disabling. Signed-off-by: Shenming Lu <lushenming@huawei.com> Message-Id: <20210310030233.1133-4-lushenming@huawei.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2021-03-16vfio: Set the priority of the VFIO VM state change handler explicitlyShenming Lu
In the VFIO VM state change handler when stopping the VM, the _RUNNING bit in device_state is cleared which makes the VFIO device stop, including no longer generating interrupts. Then we can save the pending states of all interrupts in the GIC VM state change handler (on ARM). So we have to set the priority of the VFIO VM state change handler explicitly (like virtio devices) to ensure it is called before the GIC's in saving. Signed-off-by: Shenming Lu <lushenming@huawei.com> Reviewed-by: Kirti Wankhede <kwankhede@nvidia.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Message-Id: <20210310030233.1133-3-lushenming@huawei.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2021-03-16vfio: Move the saving of the config space to the right place in VFIO migrationShenming Lu
On ARM64 the VFIO SET_IRQS ioctl is dependent on the VM interrupt setup, if the restoring of the VFIO PCI device config space is before the VGIC, an error might occur in the kernel. So we move the saving of the config space to the non-iterable process, thus it will be called after the VGIC according to their priorities. As for the possible dependence of the device specific migration data on it's config space, we can let the vendor driver to include any config info it needs in its own data stream. Signed-off-by: Shenming Lu <lushenming@huawei.com> Reviewed-by: Kirti Wankhede <kwankhede@nvidia.com> Message-Id: <20210310030233.1133-2-lushenming@huawei.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2021-03-16spapr_iommu: Fix vhost integration regressionEric Auger
Previous work on dev-iotlb message broke spapr_iommu/vhost integration as it did for SMMU and virtio-iommu. The spapr_iommu currently only sends IOMMU_NOTIFIER_UNMAP notifications. Since commit 958ec334bca3 ("vhost: Unbreak SMMU and virtio-iommu on dev-iotlb support"), VHOST first tries to register IOMMU_NOTIFIER_DEVIOTLB_UNMAP notifier and if it fails, falls back to legacy IOMMU_NOTIFIER_UNMAP. So spapr_iommu must fail on the IOMMU_NOTIFIER_DEVIOTLB_UNMAP registration. Reported-by: Peter Xu <peterx@redhat.com> Fixes: b68ba1ca5767 ("memory: Add IOMMU_NOTIFIER_DEVIOTLB_UNMAP IOMMUTLBNotificationType") Signed-off-by: Eric Auger <eric.auger@redhat.com> Message-Id: <20210209213233.40985-3-eric.auger@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2021-03-16vfio: Do not register any IOMMU_NOTIFIER_DEVIOTLB_UNMAP notifierEric Auger
In an attempt to fix smmu/virtio-iommu - vhost regression, commit 958ec334bca3 ("vhost: Unbreak SMMU and virtio-iommu on dev-iotlb support") broke virtio-iommu integration. This is due to the fact VFIO registers IOMMU_NOTIFIER_ALL notifiers, which includes IOMMU_NOTIFIER_DEVIOTLB_UNMAP and this latter now is rejected by the virtio-iommu. As a consequence, the registration fails. VHOST behaves like a device with an ATC cache. The VFIO device does not support this scheme yet. Let's register only legacy MAP and UNMAP notifiers. Fixes: 958ec334bca3 ("vhost: Unbreak SMMU and virtio-iommu on dev-iotlb support") Signed-off-by: Eric Auger <eric.auger@redhat.com> Message-Id: <20210209213233.40985-2-eric.auger@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Acked-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2021-03-16MAINTAINERS: Cover docs/igd-assign.txt in VFIO sectionPhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210202155611.998424-1-philmd@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2021-03-16hw/vfio/pci-quirks: Replace the word 'blacklist'Philippe Mathieu-Daudé
Follow the inclusive terminology from the "Conscious Language in your Open Source Projects" guidelines [*] and replace the word "blacklist" appropriately. [*] https://github.com/conscious-lang/conscious-lang-docs/blob/main/faq.md Reviewed-by: Alex Williamson <alex.williamson@redhat.com> Acked-by: Alex Williamson <alex.williamson@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210205171817.2108907-9-philmd@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2021-03-16vfio: Fix vfio_listener_log_sync function name typoZenghui Yu
There is an obvious typo in the function name of the .log_sync() callback. Spell it correctly. Signed-off-by: Zenghui Yu <yuzenghui@huawei.com> Message-Id: <20201204014240.772-1-yuzenghui@huawei.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2021-03-16Merge remote-tracking branch 'remotes/kraxel/tags/usb-20210315-pull-request' ↵Peter Maydell
into staging usb: -usbdevice cleanup and un-deprecation. usb: split usb-storage. usb: misc fixes and cleanups. # gpg: Signature made Mon 15 Mar 2021 18:02:28 GMT # gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/usb-20210315-pull-request: usb/storage: clear csw on reset usb/storage: add kconfig symbols usb/storage move usb-storage device to separate source file usb/storage: move usb-bot device to separate source file usb/storage: move declarations to usb/msd.h header hw/usb: Extract VT82C686 UHCI PCI function into a new unit hw/usb/hcd-uhci: Expose generic prototypes to local header hw/southbridge: Add missing Kconfig dependency VT82C686 on USB_UHCI usb: Document the missing -usbdevice options usb: Un-deprecate -usbdevice (except for -usbdevice audio which gets removed) usb: remove '-usbdevice u2f-key' usb: remove support for -usbdevice parameters hw/usb/bus: Remove the "full-path" property Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-16Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into ↵Peter Maydell
staging # gpg: Signature made Mon 15 Mar 2021 08:42:25 GMT # gpg: using RSA key EF04965B398D6211 # gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal] # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211 * remotes/jasowang/tags/net-pull-request: net: Do not fill legacy info_str for backends hmp: Use QAPI NetdevInfo in hmp_info_network net: Move NetClientState.info_str to dynamic allocations tests: Add tests for query-netdev command qapi: net: Add query-netdev command pvrdma: wean code off pvrdma_ring.h kernel header lan9118: switch to use qemu_receive_packet() for loopback cadence_gem: switch to use qemu_receive_packet() for loopback pcnet: switch to use qemu_receive_packet() for loopback rtl8139: switch to use qemu_receive_packet() for loopback tx_pkt: switch to use qemu_receive_packet_iov() for loopback sungem: switch to use qemu_receive_packet() for loopback msf2-mac: switch to use qemu_receive_packet() for loopback dp8393x: switch to use qemu_receive_packet() for loopback packet e1000: switch to use qemu_receive_packet() for loopback net: introduce qemu_receive_packet() e1000: fail early for evil descriptor net: validate that ids are well formed net: Fix build error when DEBUG_NET is on virtio-net: calculating proper msix vectors on init Signed-off-by: Peter Maydell <peter.maydell@linaro.org> # Conflicts: # hw/core/machine.c
2021-03-16hw/9pfs/9p-synth: Replaced qemu_mutex_lock with QEMU_LOCK_GUARDMahmoud Mandour
Replaced a call to qemu_mutex_lock and its respective call to qemu_mutex_unlock and used QEMU_LOCK_GUARD macro in their place. This simplifies the code by removing the call required to unlock and also eliminates goto paths. Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Acked-by: Greg Kurz <groug@kaod.org> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Message-Id: <20210311031538.5325-9-ma.mandourr@gmail.com> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
2021-03-16coreaudio: Handle output device changeAkihiko Odaki
An output device change can occur when plugging or unplugging an earphone. Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com> Message-Id: <20210311151512.22096-3-akihiko.odaki@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-16coreaudio: Extract device operationsAkihiko Odaki
This change prepare to support dynamic device changes, which requires to perform device initialization/deinitialization multiple times. Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com> Message-Id: <20210311151512.22096-2-akihiko.odaki@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-16coreaudio: Drop support for macOS older than 10.6Akihiko Odaki
Mac OS X 10.6 was released in 2009. Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20210311151512.22096-1-akihiko.odaki@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-16ui/cocoa: Comment about modifier key input quirksAkihiko Odaki
Based-on: <20210310042348.21931-1-akihiko.odaki@gmail.com> Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com> Message-Id: <20210312133212.3131-1-akihiko.odaki@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-16ui: fold qemu_alloc_display in only callerMarc-André Lureau
A minor code simplification. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210312100108.2706195-2-marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-15m68k: add Virtual M68k MachineLaurent Vivier
The machine is based on Goldfish interfaces defined by Google for Android simulator. It uses Goldfish-rtc (timer and RTC), Goldfish-pic (PIC) and Goldfish-tty (for serial port and early tty). The machine is created with 128 virtio-mmio bus, and they can be used to use serial console, GPU, disk, NIC, HID, ... Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210312214145.2936082-6-laurent@vivier.eu>
2021-03-15m68k: add a system controllerLaurent Vivier
Add a system controller for the m68k-virt machine. This controller allows the kernel to power off or reset the machine. Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210312214145.2936082-5-laurent@vivier.eu>
2021-03-15m68k: add an interrupt controllerLaurent Vivier
A (generic) copy of the GLUE device we already have for q800 to use with the m68k-virt machine. The q800 one would disappear in the future as q800 uses actually the djMEMC controller. Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210312214145.2936082-4-laurent@vivier.eu>
2021-03-15hw/intc: add goldfish-picLaurent Vivier
Implement the goldfish pic device as defined in https://android.googlesource.com/platform/external/qemu/+/master/docs/GOLDFISH-VIRTUAL-HARDWARE.TXT Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210312214145.2936082-3-laurent@vivier.eu>
2021-03-15hw/char: add goldfish-ttyLaurent Vivier
Implement the goldfish tty device as defined in https://android.googlesource.com/platform/external/qemu/+/master/docs/GOLDFISH-VIRTUAL-HARDWARE.TXT and based on the kernel driver code: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/tty/goldfish.c Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210312214145.2936082-2-laurent@vivier.eu>
2021-03-15migration: Replaced qemu_mutex_lock calls with QEMU_LOCK_GUARDMahmoud Mandour
Replaced various qemu_mutex_lock calls and their respective qemu_mutex_unlock calls with QEMU_LOCK_GUARD macro. This simplifies the code by eliminating the respective qemu_mutex_unlock calls. Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Message-Id: <20210311031538.5325-7-ma.mandourr@gmail.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-03-15monitor: Replaced qemu_mutex_lock calls with QEMU_LOCK_GUARDMahmoud Mandour
Removed various qemu_mutex_lock and their respective qemu_mutex_unlock calls and used lock guard macros (QEMU_LOCK_GUARD and WITH_QEMU_LOCK_GUARD). This simplifies the code by eliminating qemu_mutex_unlock calls. Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Message-Id: <20210311031538.5325-6-ma.mandourr@gmail.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-03-15migration/tls: add error handling in multifd_tls_handshake_threadHao Wang
If any error happens during multifd send thread creating (e.g. channel broke because new domain is destroyed by the dst), multifd_tls_handshake_thread may exit silently, leaving main migration thread hanging (ram_save_setup -> multifd_send_sync_main -> qemu_sem_wait(&p->sem_sync)). Fix that by adding error handling in multifd_tls_handshake_thread. Signed-off-by: Hao Wang <wanghao232@huawei.com> Message-Id: <20210209104237.2250941-3-wanghao232@huawei.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Chuan Zheng <zhengchuan@huawei.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-03-15migration/tls: fix inverted semantics in multifd_channel_connectHao Wang
Function multifd_channel_connect() return "true" to indicate failure, which is rather confusing. Fix that. Signed-off-by: Hao Wang <wanghao232@huawei.com> Message-Id: <20210209104237.2250941-2-wanghao232@huawei.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Chuan Zheng <zhengchuan@huawei.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-03-15virtiofsd: Convert some functions to return boolGreg Kurz
Both currently only return 0 or 1. Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <20210312141003.819108-3-groug@kaod.org> Reviewed-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-03-15virtiofsd: Don't allow empty paths in lookup_name()Greg Kurz
When passed an empty filename, lookup_name() returns the inode of the parent directory, unless the parent is the root in which case the st_dev doesn't match and lo_find() returns NULL. This is because lookup_name() passes AT_EMPTY_PATH down to fstatat() or statx(). This behavior doesn't quite make sense because users of lookup_name() then pass the name to unlinkat(), renameat() or renameat2(), all of which will always fail on empty names. Drop AT_EMPTY_PATH from the flags in lookup_name() so that it has the consistent behavior of "returning an existing child inode or NULL" for all directories. Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <20210312141003.819108-2-groug@kaod.org> Reviewed-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-03-15virtiofsd: Don't allow empty filenamesGreg Kurz
POSIX.1-2017 clearly stipulates that empty filenames aren't allowed ([1] and [2]). Since virtiofsd is supposed to mirror the host file system hierarchy and the host can be assumed to be linux, we don't really expect clients to pass requests with an empty path in it. If they do so anyway, this would eventually cause an error when trying to create/lookup the actual inode on the underlying POSIX filesystem. But this could still confuse some code that wouldn't be ready to cope with this. Filter out empty names coming from the client at the top level, so that the rest doesn't have to care about it. This is done everywhere we already call is_safe_path_component(), but in a separate helper since the usual error for empty path names is ENOENT instead of EINVAL. [1] https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_170 [2] https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_13 Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <20210312141003.819108-4-groug@kaod.org> Reviewed-by: Connor Kuehl <ckuehl@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-03-15virtiofsd: Add qemu version and copyright infoVivek Goyal
Option "-V" currently displays the fuse protocol version virtiofsd is using. For example, I see this. $ ./virtiofsd -V "using FUSE kernel interface version 7.33" People also want to know software version of virtiofsd so that they can figure out if a certain fix is part of currently running virtiofsd or not. Eric Ernst ran into this issue. David Gilbert thinks that it probably is best that we simply carry the qemu version and display that information given we are part of qemu tree. So this patch enhances version information and also adds qemu version and copyright info. Not sure if copyright information is supposed to be displayed along with version info. Given qemu-storage-daemon and other utilities are doing it, so I continued with same pattern. This is how now output looks like. $ ./virtiofsd -V virtiofsd version 5.2.50 (v5.2.0-2357-gcbcf09872a-dirty) Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers using FUSE kernel interface version 7.33 Reported-by: Eric Ernst <eric.g.ernst@gmail.com> Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Message-Id: <20210303195339.GB3793@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Sergio Lopez <slp@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-03-15virtiofsd: Release vu_dispatch_lock when stopping queueGreg Kurz
QEMU can stop a virtqueue by sending a VHOST_USER_GET_VRING_BASE request to virtiofsd. As with all other vhost-user protocol messages, the thread that runs the main event loop in virtiofsd takes the vu_dispatch lock in write mode. This ensures that no other thread can access virtqueues or memory tables at the same time. In the case of VHOST_USER_GET_VRING_BASE, the main thread basically notifies the queue thread that it should terminate and waits for its termination: main() virtio_loop() vu_dispatch_wrlock() vu_dispatch() vu_process_message() vu_get_vring_base_exec() fv_queue_cleanup_thread() pthread_join() Unfortunately, the queue thread ends up calling virtio_send_msg() at some point, which itself needs to grab the lock: fv_queue_thread() g_list_foreach() fv_queue_worker() fuse_session_process_buf_int() do_release() lo_release() fuse_reply_err() send_reply() send_reply_iov() fuse_send_reply_iov_nofree() fuse_send_msg() virtio_send_msg() vu_dispatch_rdlock() <-- Deadlock ! Simply have the main thread to release the lock before going to sleep and take it back afterwards. A very similar patch was already sent by Vivek Goyal sometime back: https://listman.redhat.com/archives/virtio-fs/2021-January/msg00073.html The only difference here is that this done in fv_queue_set_started() because fv_queue_cleanup_thread() can also be called from virtio_loop() without the lock being held. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Vivek Goyal <vgoyal@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20210312092212.782255-8-groug@kaod.org> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-03-15Merge remote-tracking branch ↵Peter Maydell
'remotes/stefanha-gitlab/tags/block-pull-request' into staging Pull request # gpg: Signature made Mon 15 Mar 2021 09:50:58 GMT # gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full] # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full] # Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8 * remotes/stefanha-gitlab/tags/block-pull-request: virtio-blk: Respect discard granularity Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-15utils: Use fixed-point arithmetic in qemu_strtoszRichard Henderson
Once we've parsed the fractional value, extract it into an integral 64-bit fraction. Perform the scaling with integer arithmetic, and simplify the overflow detection. Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20210315155835.1970210-2-richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-03-15Merge remote-tracking branch 'remotes/philmd/tags/avr-20210315' into stagingPeter Maydell
AVR patches queue - Only reset 'interrupt_request' mask once all interrupts executed - Documentation and typo fixes # gpg: Signature made Sun 14 Mar 2021 23:45:34 GMT # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * remotes/philmd/tags/avr-20210315: target/avr: Fix interrupt execution target/avr: Fix some comment spelling errors hw/avr/arduino: List board schematic links hw/misc/led: Add yellow LED Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-15ui: honour the actual guest display dimensions without roundingDaniel P. Berrangé
A long time ago the VNC server code had some memory corruption fixes done in: commit bea60dd7679364493a0d7f5b54316c767cf894ef Author: Peter Lieven <pl@kamp.de> Date: Mon Jun 30 10:57:51 2014 +0200 ui/vnc: fix potential memory corruption issues One of the implications of the fix was that the VNC server would have a thin black bad down the right hand side if the guest desktop width was not a multiple of 16. In practice this was a non-issue since the VNC server was always honouring a guest specified resolution and guests essentially always pick from a small set of sane resolutions likely in real world hardware. We recently introduced support for the extended desktop resize extension and as a result the VNC client has ability to specify an arbitrary desktop size and the guest OS may well honour it exactly. As a result we no longer have any guarantee that the width will be a multiple of 16, and so when resizing the desktop we have a 93% chance of getting the black bar on the right hand size. The VNC server maintains three different desktop dimensions 1. The guest surface 2. The server surface 3. The client desktop The requirement for the width to be a multiple of 16 only applies to item 2, the server surface, for the purpose of doing dirty bitmap tracking. Normally we will set the client desktop size to always match the server surface size, but that's not a strict requirement. In order to cope with clients that don't support the desktop size encoding, we already allow for the client desktop to be a different size that the server surface. Thus we can trivially eliminate the black bar, but setting the client desktop size to be the un-rounded server surface size - the so called "true width". Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210311182957.486939-5-berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-15ui: use client width/height in WMVi messageDaniel P. Berrangé
The WMVi message is supposed to provide the same width/height information as the regular desktop resize and extended desktop resize messages. There can be times where the client width and height are different from the pixman surface dimensions. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210311182957.486939-4-berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-15ui: avoid sending framebuffer updates outside client desktop boundsDaniel P. Berrangé
We plan framebuffer update rects based on the VNC server surface. If the client doesn't support desktop resize, then the client bounds may differ from the server surface bounds. VNC clients may become upset if we then send an update message outside the bounds of the client desktop. This takes the approach of clamping the rectangles from the worker thread immediately before sending them. This may sometimes results in sending a framebuffer update message with zero rectangles. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210311182957.486939-3-berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-15ui: add more trace points for VNC client/server messagesDaniel P. Berrangé
This adds trace points for desktop size and audio related messages. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210311182957.486939-2-berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-15ui/cocoa: Do not exit immediately after shutdownAkihiko Odaki
ui/cocoa used to call exit immediately after calling qemu_system_shutdown_request, which prevents QEMU from actually perfoming system shutdown. Just sleep forever, and wait QEMU to call exit and kill the Cocoa thread. Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com> Message-Id: <20210219111652.20623-1-akihiko.odaki@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-15opengl: Do not convert format with glTexImage2D on OpenGL ESAkihiko Odaki
OpenGL ES does not support conversion from the given data format to the internal format with glTexImage2D. Use the given data format as the internal format, and ignore the given alpha channels with GL_TEXTURE_SWIZZLE_A in case the format contains alpha channels. Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com> Message-Id: <20210219094803.90860-1-akihiko.odaki@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-15ui: deprecate "password" option for SPICE serverDaniel P. Berrangé
With the new "password-secret" option, there is no reason to use the old inecure "password" option with -spice, so it can be deprecated. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20210311114343.439820-4-berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-15ui: introduce "password-secret" option for SPICE serverDaniel P. Berrangé
Currently when using SPICE the "password" option provides the password in plain text on the command line. This is insecure as it is visible to all processes on the host. As an alternative, the password can be provided separately via the monitor. This introduces a "password-secret" option which lets the password be provided up front. $QEMU --object secret,id=vncsec0,file=passwd.txt \ --spice port=5901,password-secret=vncsec0 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20210311114343.439820-3-berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>