aboutsummaryrefslogtreecommitdiff
path: root/hw/bt
AgeCommit message (Collapse)Author
2017-08-01bt: stop the sdp memory allocation crazinessPaolo Bonzini
Clang static analyzer reports a memory leak. Actually, the allocated memory escapes here: record->attribute_list[record->attributes].pair = data; but clang is correct that the memory might leak if len is zero. We know it isn't; assert that it is the case. The craziness doesn't end there. The memory is freed by bt_l2cap_sdp_close_ch: g_free(sdp->service_list[i].attribute_list->pair); which actually should have been written like this: g_free(sdp->service_list[i].attribute_list[0].pair); The attribute_list is sorted with qsort; but indeed the first entry of attribute_list should point to "data" even after the qsort, because the first record has id SDP_ATTR_RECORD_HANDLE, whose numeric value is zero. But hang on. The qsort function is static int sdp_attributeid_compare( const struct sdp_service_attribute_s *a, const struct sdp_service_attribute_s *b) { return (int) b->attribute_id - a->attribute_id; } but no one ever writes attribute_id. So it only works if qsort is stable, and who knows what else is broken, but we can fix it by setting attribute_id in the while loop. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-06-02be-hci: use backend functionsMarc-André Lureau
Avoid accessing CharBackend directly, use qemu_chr_be_* methods instead. be->chr_read should exists if qemu_chr_be_can_write() is true. (use qemu_chr_be_write(), _impl() bypasses replay) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Andrzej Zaborowski <balrogg@gmail.com>
2017-06-02chardev: serial & parallel declaration to own headersMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-06-02chardev: move headers to include/chardevMarc-André Lureau
So they are all in one place. The following patch will move serial & parallel declarations to the respective headers. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2017-01-27chardev: qom-ifyMarc-André Lureau
Turn Chardev into Object. qemu_chr_alloc() is replaced by the qemu_chardev_new() constructor. It will call qemu_char_open() to open/intialize the chardev with the ChardevCommon *backend settings. The CharDriver::create() callback is turned into a ChardevClass::open() which is called from the newly introduced qemu_chardev_open(). "chardev-gdb" and "chardev-hci" are internal chardev and aren't creatable directly with -chardev. Use a new internal flag to disable them. We may want to use TYPE_USER_CREATABLE interface instead, or perhaps allow -chardev usage. Although in general we keep typename and macros private, unless the type is being used by some other file, in this patch, all types and common helper macros for qemu-char.c are in char.h. This is to help transition now (some types must be declared early, while some aren't shared) and when splitting in several units. This is to be improved later. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-01-27char: rename CharDriverState ChardevMarc-André Lureau
Pick a uniform chardev type name. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-01-27bt: use qemu_chr_alloc()Marc-André Lureau
Use common allocator for CharDriverState. Rename the now untouched parent field. The casts added are temporary, they are replaced with QOM type-safe macros in a later patch in this series. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-01-27char: allocate CharDriverState as a single objectMarc-André Lureau
Use a single allocation for CharDriverState, this avoids extra allocations & pointers, and is a step towards more object-oriented CharDriver. Gtk console is a bit peculiar, gd_vc_chr_set_echo() used to have a temporary VirtualConsole to save the echo bit. Instead now, we consider whether vcd->console is set or not, and restore the echo bit saved in VCDriverState when calling gd_vc_vte_init(). The casts added are temporary, they are replaced with QOM type-safe macros in a later patch in this series. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-01-27char: move callbacks in CharDriverMarc-André Lureau
This makes the code more declarative, and avoids duplicating the information on all instances. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: replace avail_connectionsMarc-André Lureau
No need to count the users of a CharDriverState, it can rely on the fact of whether there is a CharBackend associated or if there is enough space in the muxer. Simplify and fold chr_mux_new_fe() in qemu_chr_fe_init() since there is a single user now. Also switch from fprintf to raising error instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022100951.19562-5-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: move front end handlers in CharBackendMarc-André Lureau
Since the hanlders are associated with a CharBackend, rather than the CharDriverState, it is more appropriate to store in CharBackend. This avoids the handler copy dance in qemu_chr_fe_set_handlers() then mux_chr_update_read_handler(), by storing the CharBackend pointer directly. Also a mux CharDriver should go through mux->backends[focused], since chr->be will stay NULL. Before that, it was possible to call chr->handler by mistake with surprising results, for ex through qemu_chr_be_can_write(), which would result in calling the last set handler front end, not the one with focus. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-22-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-08bt-hci-csr: drop unused argumentPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2016-09-13hw/bt/hci: spelling fix: endiannessMichael Tokarev
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2016-07-12hw/bt: Don't use cpu_to_*w() and *_to_cpup()Peter Maydell
Don't use cpu_to_*w() and *_to_cpup() to do byte-swapped loads and stores; instead use ld*_p() and st*_p() which correctly handle misaligned accesses. Bring the HNDL() macro into line with how we deal with PARAMHANDLE(), by using cpu_to_le16() rather than an ifdef HOST_WORDS_BIGENDIAN. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Message-id: 1467908460-27048-3-git-send-email-peter.maydell@linaro.org
2016-05-29bt: rewrite csrhci_write to avoid out-of-bounds writesPaolo Bonzini
The usage of INT_MAX in this function confuses Coverity. I think the defect is bogus, however there is no protection against getting more than sizeof(s->inpkt) bytes from the character device backend. Rewrite the function to only fill in as much data as needed from buf into s->inpkt. The plen variable is replaced by a simple state machine and there is no need anymore to shift contents to the beginning of s->inpkt. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-19qemu-common: stop including qemu/host-utils.h from qemu-common.hPaolo Bonzini
Move it to the actual users. There are some inclusions of qemu/host-utils.h in headers, but they are all necessary. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-19qemu-common: stop including qemu/bswap.h from qemu-common.hPaolo Bonzini
Move it to the actual users. There are still a few includes of qemu/bswap.h in headers; removing them is left for future work. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-22util: move declarations out of qemu-common.hVeronia Bahaa
Move declarations out of qemu-common.h for functions declared in utils/ files: e.g. include/qemu/path.h for utils/path.c. Move inline functions out of qemu-common.h and into new files (e.g. include/qemu/bcd.h) Signed-off-by: Veronia Bahaa <veroniabahaa@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-22Replaced get_tick_per_sec() by NANOSECONDS_PER_SECONDRutuja Shah
This patch replaces get_ticks_per_sec() calls with the macro NANOSECONDS_PER_SECOND. Also, as there are no callers, get_ticks_per_sec() is then removed. This replacement improves the readability and understandability of code. For example, timer_mod(fdctrl->result_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + (get_ticks_per_sec() / 50)); NANOSECONDS_PER_SECOND makes it obvious that qemu_clock_get_ns matches the unit of the expression on the right side of the plus. Signed-off-by: Rutuja Shah <rutu.shah.26@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-22include/qemu/osdep.h: Don't include qapi/error.hMarkus Armbruster
Commit 57cb38b included qapi/error.h into qemu/osdep.h to get the Error typedef. Since then, we've moved to include qemu/osdep.h everywhere. Its file comment explains: "To avoid getting into possible circular include dependencies, this file should not include any other QEMU headers, with the exceptions of config-host.h, compiler.h, os-posix.h and os-win32.h, all of which are doing a similar job to this file and are under similar constraints." qapi/error.h doesn't do a similar job, and it doesn't adhere to similar constraints: it includes qapi-types.h. That's in excess of 100KiB of crap most .c files don't actually need. Add the typedef to qemu/typedefs.h, and include that instead of qapi/error.h. Include qapi/error.h in .c files that need it and don't get it now. Include qapi-types.h in qom/object.h for uint16List. Update scripts/clean-includes accordingly. Update it further to match reality: replace config.h by config-target.h, add sysemu/os-posix.h, sysemu/os-win32.h. Update the list of includes in the qemu/osdep.h comment quoted above similarly. This reduces the number of objects depending on qapi/error.h from "all of them" to less than a third. Unfortunately, the number depending on qapi-types.h shrinks only a little. More work is needed for that one. Signed-off-by: Markus Armbruster <armbru@redhat.com> [Fix compilation without the spice devel packages. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-29hw: Clean up includesPeter Maydell
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-38-git-send-email-peter.maydell@linaro.org
2015-12-04bt: avoid unintended sign extensionPaolo Bonzini
In the case of a 4-byte length, shifting a value by 24 may cause an unintended sign extension when converting from int to size_t. Use a uint32_t variable instead. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-06bt: fix use of uninitialized variable seqlenPaolo Bonzini
sdp_svc_match, sdp_attr_match and sdp_svc_attr_match read the last argument. The only sensible way to change the code is to make that last argument "len" instead of "seqlen" which is the length of a subsequence in the previous "if" branch. To make the structure of the code clearer, use "else" instead of "else if". Reported by Coverity. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-06replay: replay blockers for devicesPavel Dovgalyuk
Some devices are not supported by record/replay subsystem. This patch introduces replay blocker which denies starting record/replay if such devices are included into the configuration. Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru> Message-Id: <20150917162512.8676.11367.stgit@PASHA-ISP.def.inno> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
2015-09-25bt: remove muldiv64()Laurent Vivier
Originally, timers were ticks based, and it made sense to add ticks to current time to know when to trigger an alarm. But since commit: 7447545 change all other clock references to use nanosecond resolution accessors All timers use nanoseconds and we need to convert ticks to nanoseconds. As get_ticks_per_sec() is 10^9, a = muldiv64(b, get_ticks_per_sec(), 100); y = muldiv64(x, get_ticks_per_sec(), 1000000); can be converted to a = b * 10000000; y = x * 1000; Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2015-09-11maint: avoid useless "if (foo) free(foo)" patternDaniel P. Berrange
The free() and g_free() functions both happily accept NULL on any platform QEMU builds on. As such putting a conditional 'if (foo)' check before calls to 'free(foo)' merely serves to bloat the lines of code. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-04-28bt-sdp: fix broken uuids power-of-2 calculationStefan Hajnoczi
The binary search in sdp_uuid_match() only works when the number of elements to search is a power of two. lo = record->uuid; hi = record->uuids; while (hi >>= 1) if (lo[hi] <= val) lo += hi; return *lo == val; I noticed that the record->uuids calculation in sdp_service_record_build() was suspect: record->uuids = 1 << ffs(record->uuids - 1); Unlike most ffs(val) - 1 users, the expression is ffs(val - 1)! Actually ffs() is the wrong function to use for power-of-2. Use pow2ceil() to achieve the correct effect. Now the record->uuid[] array is sized correctly and the binary search in sdp_uuid_match() should work. I'm not sure how to run/test this code. Cc: Andrzej Zaborowski <balrog@zabor.org> Cc: qemu-stable@nongnu.org Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1427124571-28598-2-git-send-email-stefanha@redhat.com Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-08-15l2cap: fix access to freed memoryzhanghailiang
Pointer 'ch' will be used in function 'l2cap_channel_open_req_msg' after it was previously freed in 'l2cap_channel_open'. Assigned it to NULL after it is freed. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-09-10Preparation for usb-bt-dongle conditional buildMiroslav Rezanina
To allow disable usb-bt-dongle device using CONFIG_BLUETOOTH option, some of functions in vl.c file has to be made accessible in dev-bluetooth.c. This is pure code moving. Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-08-22aio / timers: Switch entire codebase to the new timer APIAlex Bligh
This is an autogenerated patch using scripts/switch-timer-api. Switch the entire code base to using the new timer API. Note this patch may introduce some line length issues. Signed-off-by: Alex Bligh <alex@alex.org.uk> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-04-15sysemu: avoid proliferation of include/ subdirectoriesPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-04-08hw: move target-independent files to subdirectoriesPaolo Bonzini
This patch tackles all files that are compiled once, moving them to subdirectories of hw/. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-04-08hw: make subdirectories for devicesPaolo Bonzini
Prepare the new directory structure. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>