aboutsummaryrefslogtreecommitdiff
path: root/contrib
AgeCommit message (Collapse)Author
2021-06-15vhost-user-gpu: reorder free calls.Gerd Hoffmann
Free in correct order to avoid use-after-free. Resolves: CID 1453812 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Li Qiang <liq3ea@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210604103714.1237414-1-kraxel@redhat.com>
2021-05-27vhost-user-gpu: abstract vg_cleanup_mapping_iovLi Qiang
Currently in vhost-user-gpu, we free resource directly in the cleanup case of resource. If we change the cleanup logic we need to change several places, also abstruct a 'vg_create_mapping_iov' can be symmetry with the 'vg_create_mapping_iov'. This is like what virtio-gpu does, no function changed. Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210516030403.107723-9-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-05-27vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (CVE-2021-3546)Li Qiang
If 'virgl_cmd_get_capset' set 'max_size' to 0, the 'virgl_renderer_fill_caps' will write the data after the 'resp'. This patch avoid this by checking the returned 'max_size'. virtio-gpu fix: abd7f08b23 ("display: virtio-gpu-3d: check virgl capabilities max_size") Fixes: CVE-2021-3546 Reported-by: Li Qiang <liq3ea@163.com> Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210516030403.107723-8-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-05-27vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' ↵Li Qiang
(CVE-2021-3544) If 'virgl_renderer_resource_attach_iov' failed, the 'res_iovs' will be leaked. Fixes: CVE-2021-3544 Reported-by: Li Qiang <liq3ea@163.com> virtio-gpu fix: 33243031da ("virtio-gpu-3d: fix memory leak in resource attach backing") Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210516030403.107723-7-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-05-27vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (CVE-2021-3544)Li Qiang
The 'res->iov' will be leaked if the guest trigger following sequences: virgl_cmd_create_resource_2d virgl_resource_attach_backing virgl_cmd_resource_unref This patch fixes this. Fixes: CVE-2021-3544 Reported-by: Li Qiang <liq3ea@163.com> virtio-gpu fix: 5e8e3c4c75 ("virtio-gpu: fix resource leak in virgl_cmd_resource_unref" Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210516030403.107723-6-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-05-27vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' ↵Li Qiang
(CVE-2021-3544) If the guest trigger following sequences, the attach_backing will be leaked: vg_resource_create_2d vg_resource_attach_backing vg_resource_unref This patch fix this by freeing 'res->iov' in vg_resource_destroy. Fixes: CVE-2021-3544 Reported-by: Li Qiang <liq3ea@163.com> virtio-gpu fix: 5e8e3c4c75 ("virtio-gpu: fix resource leak in virgl_cmd_resource_unref") Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210516030403.107723-5-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-05-27vhost-user-gpu: fix memory leak in vg_resource_attach_backing (CVE-2021-3544)Li Qiang
Check whether the 'res' has already been attach_backing to avoid memory leak. Fixes: CVE-2021-3544 Reported-by: Li Qiang <liq3ea@163.com> virtio-gpu fix: 204f01b309 ("virtio-gpu: fix memory leak in resource attach backing") Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210516030403.107723-4-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-05-27vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (CVE-2021-3544)Li Qiang
Call 'vugbm_buffer_destroy' in error path to avoid resource leak. Fixes: CVE-2021-3544 Reported-by: Li Qiang <liq3ea@163.com> Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210516030403.107723-3-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-05-27vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info ↵Li Qiang
(CVE-2021-3545) Otherwise some of the 'resp' will be leaked to guest. Fixes: CVE-2021-3545 Reported-by: Li Qiang <liq3ea@163.com> virtio-gpu fix: 42a8dadc74 ("virtio-gpu: fix information leak in getting capset info dispatch") Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210516030403.107723-2-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-05-14Fix build with 64 bits time_tFabrice Fontaine
time element is deprecated on new input_event structure in kernel's input.h [1] This will avoid the following build failure: hw/input/virtio-input-host.c: In function 'virtio_input_host_handle_status': hw/input/virtio-input-host.c:198:28: error: 'struct input_event' has no member named 'time' 198 | if (gettimeofday(&evdev.time, NULL)) { | ^ Fixes: - http://autobuild.buildroot.org/results/a538167e288c14208d557cd45446df86d3d599d5 - http://autobuild.buildroot.org/results/efd4474fb4b6c0ce0ab3838ce130429c51e43bbb [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=152194fe9c3f Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Message-Id: <20201203195819.583626-1-fontaine.fabrice@gmail.com> Fixes: https://gitlab.com/qemu-project/qemu/-/issues/246 Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-03-26vhost-user-gpu: fix cursor move/updateMarc-André Lureau
"move" is incorrectly initialized. Fix it by using a switch statement and also treating unknown commands with a fallback. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210312100108.2706195-5-marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-26vhost-user-gpu: fix vugbm_device_init fallbackMarc-André Lureau
vugbm implements GBM device wrapping, udmabuf and memory fallback. However, the fallback/detection logic is flawed, as if "/dev/udmabuf" failed to be opened, it will not initialize vugbm and crash later. Rework the vugbm_device_init() logic to initialize correctly in all cases. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210312100108.2706195-4-marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-26vhost-user-gpu: glFlush before notifying clientsMarc-André Lureau
For similar reasons as commit 3af1671852 ("spice: flush on GL update before notifying client"), vhost-user-gpu must ensure the GL state is flushed before sharing its rendering result. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210312100108.2706195-3-marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-20contrib: ivshmem client and server build fix for SunOS.David CARLIER
sun is a macro on these systems, thus renaming the variables on the client and server. Signed-off-by: David Carlier <devnexen@gmail.com> Message-Id: <CA+XhMqzHPG5ezqY-YxbA+tMoadA3VDFWBX8_LaLC5YsQOMrz+A@mail.gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-03-17plugins: Expose physical addresses instead of device offsetsAaron Lindsay
This allows plugins to query for full virtual-to-physical address translation for a given `qemu_plugin_hwaddr` and stops exposing the offset within the device itself. As this change breaks the API, QEMU_PLUGIN_VERSION is incremented. Signed-off-by: Aaron Lindsay <aaron@os.amperecomputing.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210309202802.211756-1-aaron@os.amperecomputing.com> Message-Id: <20210312172821.31647-3-alex.bennee@linaro.org>
2021-02-18contrib: Open brace '{' following struct go on the same linezhouyang
I found some style problems whil check the code using checkpatch.pl. This commit fixs the issue below: ERROR: that open brace { should be on the previous line Signed-off-by: zhouyang <zhouyang789@huawei.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210118031004.1662363-6-zhouyang789@huawei.com> Message-Id: <20210213130325.14781-9-alex.bennee@linaro.org>
2021-02-18contrib: space required after that ','zhouyang
I am reading contrib related code and found some style problems while check the code using checkpatch.pl. This commit fixs the issue below: ERROR: space required after that ',' Signed-off-by: zhouyang <zhouyang789@huawei.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210118031004.1662363-5-zhouyang789@huawei.com> Message-Id: <20210213130325.14781-8-alex.bennee@linaro.org>
2021-02-18contrib: Add spaces around operatorzhouyang
I am reading contrib related code and found some style problems while check the code using checkpatch.pl. This commit fixs the issue below: ERROR: spaces required around that '*' Signed-off-by: zhouyang <zhouyang789@huawei.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210118031004.1662363-4-zhouyang789@huawei.com> Message-Id: <20210213130325.14781-7-alex.bennee@linaro.org>
2021-02-18contrib: Fix some code style problems, ERROR: "foo * bar" should be "foo *bar"zhouyang
I am reading contrib related code and found some style problems while check the code using checkpatch.pl. This commit fixs the issue below: ERROR: "foo * bar" should be "foo *bar" Signed-off-by: zhouyang <zhouyang789@huawei.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210118031004.1662363-3-zhouyang789@huawei.com> Message-Id: <20210213130325.14781-6-alex.bennee@linaro.org>
2021-02-18contrib: Don't use '#' flag of printf formatzhouyang
I am reading contrib related code and found some style problems while check the code using checkpatch.pl. This commit fixs the misuse of '#' flag of printf format Signed-off-by: zhouyang <zhouyang789@huawei.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210118031004.1662363-2-zhouyang789@huawei.com> Message-Id: <20210213130325.14781-5-alex.bennee@linaro.org>
2021-02-18plugins: new hwprofile pluginAlex Bennée
This is a plugin intended to help with profiling access to various bits of system hardware. It only really makes sense for system emulation. It takes advantage of the recently exposed helper API that allows us to see the device name (memory region name) associated with a device. You can specify arg=read or arg=write to limit the tracking to just reads or writes (by default it does both). The pattern option: -plugin ./tests/plugin/libhwprofile.so,arg=pattern will allow you to see the access pattern to devices, eg: gic_cpu @ 0xffffffc010040000 off:00000000, 8, 1, 8, 1 off:00000000, 4, 1, 4, 1 off:00000000, 2, 1, 2, 1 off:00000000, 1, 1, 1, 1 The source option: -plugin ./tests/plugin/libhwprofile.so,arg=source will track the virtual source address of the instruction making the access: pl011 @ 0xffffffc010031000 pc:ffffffc0104c785c, 1, 4, 0, 0 pc:ffffffc0104c7898, 1, 4, 0, 0 pc:ffffffc010512bcc, 2, 1867, 0, 0 You cannot mix source and pattern. Finally the match option allow you to limit the tracking to just the devices you care about. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Robert Foley <robert.foley@linaro.org> Reviewed-by: Robert Foley <robert.foley@linaro.org> Message-Id: <20210213130325.14781-4-alex.bennee@linaro.org>
2021-02-04vhost-user-gpu: handle display-info in a callbackMarc-André Lureau
Fixes a deadlock where the backend calls QEMU, while QEMU also calls the backend simultaneously, both ends waiting for each other. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210204105232.834642-5-marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-02-04vhost-user-gpu: use an extandable state enum for commandsMarc-André Lureau
Introduce a pending state for commands which aren't finished yet, but are being handled. See following patch. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210204105232.834642-4-marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-02-04vhost-user-gpu: handle vhost-user-gpu features in a callbackMarc-André Lureau
Fixes a deadlock where the backend calls QEMU, while QEMU also calls the backend simultaneously, both ends waiting for each other. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210204105232.834642-3-marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-01-20elf2dmp: Rename PAGE_SIZE to ELF2DMP_PAGE_SIZEJiaxun Yang
As per POSIX specification of limits.h [1], OS libc may define PAGE_SIZE in limits.h. To prevent collosion of definition, we rename PAGE_SIZE here. [1]: https://pubs.opengroup.org/onlinepubs/7908799/xsh/limits.h.html Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210118063808.12471-6-jiaxun.yang@flygoat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-01-02libiscsi: convert to mesonPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-01-02curl: convert to mesonPaolo Bonzini
Reviewed-by: Daniel Berrangé <berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-12-18contrib/rdmacm-mux: Fix error condition in hash_tbl_search_fd_by_ifid()AlexChen
When fd is not found according to ifid, the _hash_tbl_search_fd_by_ifid() returns 0 and assigns the result to *fd, so We have to check that *fd is 0, not that fd is 0. Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: AlexChen <alex.chen@huawei.com> Message-Id: <5F9AC6FF.4000301@huawei.com> Reviewed-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
2020-12-13elf2dmp/pdb: Plug memleak in pdb_init_from_filePan Nengyuan
Missing g_error_free in pdb_init_from_file() error path. Fix that. Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com> Reviewed-by: Viktor Prutyanov <viktor.prutyanov@phystech.edu> Reviewed-by: Li Qiang <liq3ea@gmail.com> Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <20201023061218.2080844-5-kuhn.chenqun@huawei.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-12-13elf2dmp/qemu_elf: Plug memleak in QEMU_Elf_initPan Nengyuan
Missing g_error_free in QEMU_Elf_init() error path. Fix that. Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com> Reviewed-by: Viktor Prutyanov <viktor.prutyanov@phystech.edu> Reviewed-by: Li Qiang <liq3ea@gmail.com> Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <20201023061218.2080844-4-kuhn.chenqun@huawei.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-12-10Clean up includesMarkus Armbruster
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes, with the changes to the following files manually reverted: contrib/libvhost-user/libvhost-user-glib.h contrib/libvhost-user/libvhost-user.c contrib/libvhost-user/libvhost-user.h contrib/plugins/hotblocks.c contrib/plugins/hotpages.c contrib/plugins/howvec.c contrib/plugins/lockstep.c linux-user/mips64/cpu_loop.c linux-user/mips64/signal.c linux-user/sparc64/cpu_loop.c linux-user/sparc64/signal.c linux-user/x86_64/cpu_loop.c linux-user/x86_64/signal.c target/s390x/gen-features.c tests/fp/platform.h tests/migration/s390x/a-b-bios.c tests/plugin/bb.c tests/plugin/empty.c tests/plugin/insn.c tests/plugin/mem.c tests/test-rcu-simpleq.c tests/test-rcu-slist.c tests/test-rcu-tailq.c tests/uefi-test-tools/UefiTestToolsPkg/BiosTablesTest/BiosTablesTest.c contrib/plugins/, tests/plugin/, and tests/test-rcu-slist.c appear not to include osdep.h intentionally. The remaining reverts are the same as in commit bbfff19688d. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20201113061216.2483385-1-armbru@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Tested-by: Thomas Huth <thuth@redhat.com> Acked-by: Cornelia Huck <cohuck@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Acked-by: Alexander Bulekov <alxndr@bu.edu>
2020-12-09contrib/vhost-user-input: avoid g_return_val_if() input validationStefan Hajnoczi
Do not validate input with g_return_val_if(). This API is intended for checking programming errors and is compiled out with -DG_DISABLE_CHECKS. Use an explicit if statement for input validation so it cannot accidentally be compiled out. Suggested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20201118091644.199527-4-stefanha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-09contrib/vhost-user-gpu: avoid g_return_val_if() input validationStefan Hajnoczi
Do not validate input with g_return_val_if(). This API is intended for checking programming errors and is compiled out with -DG_DISABLE_CHECKS. Use an explicit if statement for input validation so it cannot accidentally be compiled out. Suggested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20201118091644.199527-3-stefanha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-09contrib/vhost-user-blk: avoid g_return_val_if() input validationStefan Hajnoczi
Do not validate input with g_return_val_if(). This API is intended for checking programming errors and is compiled out with -DG_DISABLE_CHECKS. Use an explicit if statement for input validation so it cannot accidentally be compiled out. Suggested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20201118091644.199527-2-stefanha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08libvhost-user: make it a meson subprojectMarc-André Lureau
By making libvhost-user a subproject, check it builds standalone (without the global QEMU cflags etc). Note that the library still relies on QEMU include/qemu/atomic.h and linux_headers/. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20201125100640.366523-6-marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08libvhost-user: drop qemu/osdep.h dependencyMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20201125100640.366523-5-marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08libvhost-user: remove qemu/compiler.h usageMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20201125100640.366523-4-marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08libvhost-user: replace qemu/memfd.h usageMarc-André Lureau
Undo the damage from commit 5f9ff1eff3 ("libvhost-user: Support tracking inflight I/O in shared memory") which introduced glib dependency through osdep.h inclusion. libvhost-user.c tries to stay free from glib usage. Use glibc memfd_create directly when available (assumed so when MFD_ALLOW_SEALING is defined). A following commit will make the project standalone and check for memfd API at configure time, instead of a panic at runtime. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20201125100640.366523-3-marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08libvhost-user: replace qemu/bswap.h with glibc endian.hMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20201125100640.366523-2-marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08vhost-user-scsi: Fix memleaks in vus_proc_req()Alex Chen
The 'elem' is allocated memory in vu_queue_pop(), and its memory should be freed in all error branches after vu_queue_pop(). In addition, in order to free the 'elem' memory outside of while(1) loop, move the definition of 'elem' to the beginning of vus_proc_req(). Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Alex Chen <alex.chen@huawei.com> Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com> Message-Id: <20201125013055.34147-1-alex.chen@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-11-17Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
pc,vhost: fixes Fixes all over the place. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Tue 17 Nov 2020 09:17:12 GMT # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full] # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: vhost-user-blk/scsi: Fix broken error handling for socket call contrib/libvhost-user: Fix bad printf format specifiers hw/i386/acpi-build: Fix maybe-uninitialized error when ACPI hotplug off configure: mark vhost-user Linux-only vhost-user-blk-server: depend on CONFIG_VHOST_USER meson: move vhost_user_blk_server to meson.build vhost-user: fix VHOST_USER_ADD/REM_MEM_REG truncation Signed-off-by: Peter Maydell <peter.maydell@linaro.org> # Conflicts: # meson.build
2020-11-17vhost-user-blk/scsi: Fix broken error handling for socket callAlexChen
When socket() fails, it returns -1, 0 is the normal return value and should not return error. Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: AlexChen <alex.chen@huawei.com> Message-Id: <5F9A5B48.9030509@huawei.com> Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-11-17contrib/libvhost-user: Fix bad printf format specifiersAlexChen
We should use printf format specifier "%u" instead of "%d" for argument of type "unsigned int". Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Alex Chen <alex.chen@huawei.com> Message-Id: <5FA28106.6000901@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-11-16plugins: Fix two resource leaks in setup_socket()Alex Chen
Either accept() fails or exits normally, we need to close the fd. Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Alex Chen <alex.chen@huawei.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20201109082829.87496-3-alex.chen@huawei.com> Message-Id: <20201110192316.26397-3-alex.bennee@linaro.org>
2020-11-16plugins: Fix resource leak in connect_socket()Alex Chen
Close the fd when the connect() fails. Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Alex Chen <alex.chen@huawei.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20201109082829.87496-2-alex.chen@huawei.com> Message-Id: <20201110192316.26397-2-alex.bennee@linaro.org>
2020-11-12vhost-user: fix VHOST_USER_ADD/REM_MEM_REG truncationStefan Hajnoczi
QEMU currently truncates the mmap_offset field when sending VHOST_USER_ADD_MEM_REG and VHOST_USER_REM_MEM_REG messages. The struct layout looks like this: typedef struct VhostUserMemoryRegion { uint64_t guest_phys_addr; uint64_t memory_size; uint64_t userspace_addr; uint64_t mmap_offset; } VhostUserMemoryRegion; typedef struct VhostUserMemRegMsg { uint32_t padding; /* WARNING: there is a 32-bit hole here! */ VhostUserMemoryRegion region; } VhostUserMemRegMsg; The payload size is calculated as follows when sending the message in hw/virtio/vhost-user.c: msg->hdr.size = sizeof(msg->payload.mem_reg.padding) + sizeof(VhostUserMemoryRegion); This calculation produces an incorrect result of only 36 bytes. sizeof(VhostUserMemRegMsg) is actually 40 bytes. The consequence of this is that the final field, mmap_offset, is truncated. This breaks x86_64 TCG guests on s390 hosts. Other guest/host combinations may get lucky if either of the following holds: 1. The guest memory layout does not need mmap_offset != 0. 2. The host is little-endian and mmap_offset <= 0xffffffff so the truncation has no effect. Fix this by extending the existing 32-bit padding field to 64-bit. Now the padding reflects the actual compiler padding. This can be verified using pahole(1). Also document the layout properly in the vhost-user specification. The vhost-user spec did not document the exact layout. It would be impossible to implement the spec without looking at the QEMU source code. Existing vhost-user frontends and device backends continue to work after this fix has been applied. The only change in the wire protocol is that QEMU now sets hdr.size to 40 instead of 36. If a vhost-user implementation has a hardcoded size check for 36 bytes, then it will fail with new QEMUs. Both QEMU and DPDK/SPDK don't check the exact payload size, so they continue to work. Fixes: f1aeb14b0809e313c74244d838645ed25e85ea63 ("Transmit vhost-user memory regions individually") Cc: Raphael Norwitz <raphael.norwitz@nutanix.com> Cc: Cornelia Huck <cohuck@redhat.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20201109174355.1069147-1-stefanha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Fixes: f1aeb14b0809 ("Transmit vhost-user memory regions individually") Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
2020-11-05Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
pc,pci,vhost,virtio: fixes Lots of fixes all over the place. virtio-mem and virtio-iommu patches are kind of fixes but it seems better to just make them behave sanely than try to educate users about the limitations ... Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Wed 04 Nov 2020 18:40:03 GMT # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full] # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: (31 commits) contrib/vhost-user-blk: fix get_config() information leak block/export: fix vhost-user-blk get_config() information leak block/export: make vhost-user-blk config space little-endian configure: introduce --enable-vhost-user-blk-server libvhost-user: follow QEMU comment style vhost-blk: set features before setting inflight feature Revert "vhost-blk: set features before setting inflight feature" net: Add vhost-vdpa in show_netdevs() vhost-vdpa: Add qemu_close in vhost_vdpa_cleanup vfio: Don't issue full 2^64 unmap virtio-iommu: Set supported page size mask vfio: Set IOMMU page size as per host supported page size memory: Add interface to set iommu page size mask virtio-iommu: Add notify_flag_changed() memory region callback virtio-iommu: Add replay() memory region callback virtio-iommu: Call memory notifiers in attach/detach virtio-iommu: Add memory notifiers for map/unmap virtio-iommu: Store memory region in endpoint struct virtio-iommu: Fix virtio_iommu_mr() hw/smbios: Fix leaked fd in save_opt_one() error path ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-03contrib/vhost-user-blk: fix get_config() information leakStefan Hajnoczi
Refuse get_config() in excess of sizeof(struct virtio_blk_config). Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20201027173528.213464-6-stefanha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-11-03libvhost-user: follow QEMU comment styleStefan Hajnoczi
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20201027173528.213464-2-stefanha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-11-03meson: vhost-user-gpu/virtiofsd: use absolute pathMarc Hartmayer
The option `libexecdir` is relative to `prefix` (see https://mesonbuild.com/Builtin-options.html), so we have to be aware of this when creating 50-qemu-gpu.json and 50-qemu-virtiofsd.json. Otherwise, tools like libvirt will not be able to find the executable. Fixes: 16bf7a3326d8 ("configure: move directory options from config-host.mak to meson") Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com> Message-Id: <20201103112333.24734-1-mhartmay@linux.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>