aboutsummaryrefslogtreecommitdiff
path: root/hw/usb/dev-mtp.c
AgeCommit message (Collapse)Author
2018-12-03usb-mtp: outlaw slashes in filenamesGerd Hoffmann
Slash is unix directory separator, so they are not allowed in filenames. Note this also stops the classic escape via "../". Fixes: CVE-2018-16867 Reported-by: Michael Hanselmann <public@hansmi.ch> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181203101045.27976-3-kraxel@redhat.com
2018-12-03usb-mtp: fix utf16_to_strGerd Hoffmann
Make utf16_to_str return an allocated string. Remove the assumtion that the number of string bytes equals the number of utf16 chars (which is only true for ascii chars). Instead call wcstombs twice, once to figure the storage size and once for the actual conversion (as suggested by the wcstombs manpage). FIXME: surrogate pairs are not working correctly. Pre-existing bug, fixing that is left for another day. Reported-by: Michael Hanselmann <public@hansmi.ch> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-id: 20181203101045.27976-2-kraxel@redhat.com
2018-10-01usb-mtp: reset ObjectInfo dataset size on cleanupBandan Das
Stale values in this field may result in qemu expecting more data on the next operation Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180907220851.9658-4-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-10-01usb-mtp: fix error conditions for write operationBandan
Return STORE_FULL if we can't write all the bytes but return incomplete transfer if data received is less then what was specified in the metadata. Also, use d->offset as the file size which is valid for all file sizes. Signed-off-by: Bandan <bsd@redhat.com> Message-id: 20180907220851.9658-2-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-08-21dev-mtp: rename x-root to rootdirBandan Das
x-root was renamed as such owing to the experimental nature of the property; the underlying filesystem semantics were undecided Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180720214020.22897-6-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-08-21dev-mtp: Add support for > 4GB file transfersBandan Das
To support larger file transfers, rely on a short packet to detect end of the data phase and rewrite d->length to the size received Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180720214020.22897-5-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-08-21dev-mtp: retry write for incomplete transfersBandan Das
For large buffers, write may not copy the full buffer. For example, on Linux, write imposes a limit of 0x7ffff000. Note that this does not fix >4G transfers but ~>2G files will transfer successfully. Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180720214020.22897-4-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-08-21dev-mtp: fix buffer allocation for writing file contentsBandan Das
usb_mtp_realloc() was being incorrectly used when allocating buffer for incoming data. Set d->length only after resizing the buffer. Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180720214020.22897-3-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-08-21dev-mtp: add support for canceling transactionBandan Das
The initiator can choose to cancel an ongoing request which is specified by bRequest=0x64. If such a request arrives, free up any pending state Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180720214020.22897-2-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-06-12usb-mtp: Return error on suspicious TYPE_DATA packet from initiatorBandan Das
CID 1390604 If the initiator sends a packet with TYPE_DATA set without initiating a CMD_GET_OBJECT_INFO first, then usb_mtp_get_data can trip on a null s->data_out. Signed-off-by: Bandan Das <bsd@redhat.com> Message-Id: <jpgr2m8ajfk.fsf_-_@linux.bootlegged.copy> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-06-12usb/dev-mtp: Fix use of uninitialized valuesPhilippe Mathieu-Daudé
This fixes: hw/usb/dev-mtp.c:971:5: warning: 4th function call argument is an uninitialized value trace_usb_mtp_op_get_partial_object(s->dev.addr, o->handle, o->path, c->argv[1], c->argv[2]); ^~~~~~~~~~ and: hw/usb/dev-mtp.c:981:12: warning: Assigned value is garbage or undefined offset = c->argv[1]; ^ ~~~~~~~~~~ Reported-by: Clang Static Analyzer Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180604151421.23385-3-f4bug@amsat.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-06-01usb: use local path for local headersMichael S. Tsirkin
When pulling in headers that are in the same directory as the C file (as opposed to one in include/), we should use its relative path, without a directory. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2018-05-07usb-mtp: Unconditionally check for the readonly bitBandan Das
Currently, it's only being checked if desc is NULL and so write support breaks upon specifying desc Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180503192028.14353-3-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-05-07usb-mtp: Add some NULL checks for issues pointed out by coverityBandan Das
CID 1390578: In usb_mtp_write_metadata, parent can never be NULL but just in case, add an assert CID 1390592: Check for o->format only if o !=NULL CID 1390604: Check s->data_out != NULL in usb_mtp_handle_data Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180503192028.14353-2-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-26usb-mtp: Advertise SendObjectInfo for write supportBandan Das
This patch implements a dummy ObjectInfo structure so that it's easy to typecast the incoming data. If the metadata is valid, write_pending is set. Also, the incoming filename is utf-16, so, instead of depending on external libraries, just implement a simple function to get the filename Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180223164829.29683-6-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-26usb-mtp: Introduce write support for MTP objectsBandan Das
Allow write operations on behalf of the initiator. The precursor to write is the sending of the write metadata that consists of the ObjectInfo dataset. This patch introduces a flag that is set when the responder is ready to receive write data based on a previous SendObjectInfo operation by the initiator (The SendObjectInfo implementation is in a later patch) Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180223164829.29683-5-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-26usb-mtp: Support delete of mtp objectsBandan Das
Write of existing objects by the initiator is acheived by making a temporary buffer with the new changes, deleting the old file and then writing a new file with the same name. Also, add a "readonly" property which needs to be set to false for deletion to work. Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180223164829.29683-4-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-26usb-mtp: print parent path in IN_IGNORED trace fnBandan Das
Fix a possible null dereference when deleting a folder and its contents. An ignored event might be received for its contents after the parent folder is deleted which will return a null object. Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180223164829.29683-3-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-02-26usb-mtp: Add one more argument when building resultsBandan Das
The response to a SendObjectInfo consists of the storageid, parent obejct handle and the handle reserved for the new incoming object Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180223164829.29683-2-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-01-24usb: Set category and description of the MTP deviceThomas Huth
It's a storage device, so let's classify it accordingly. And while we're at it, also add a short description for people who do not know what MTP means. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-01-24hw: Fix typos found by codespellStefan Weil
Signed-off-by: Stefan Weil <sw@weilnetz.de> Acked-by: Alistair Francis <alistair.francis@xilinx.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2016-10-28clean-up: removed duplicate #includesAnand J
Some files contain multiple #includes of the same header file. Removed most of those unnecessary duplicate entries using scripts/clean-includes. Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Anand J <anand.indukala@gmail.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2016-09-14usb-mtp: added object propertiesIsaac Lozano
Windows uses object properties to determine the size of a file, so to add object properties, we must also add a minimum set of new commands and object properties. Most object properties are data that we already have, except for the unique persistant object identifier. Windows doesn't use this property, it seems, so we can cheat a bit and just use the object handle for it. Signed-off-by: Isaac Lozano <109lozanoi@gmail.com> Message-id: a741d0dd380cd7eb1695e1eb34ee6f341183f20a.1470477265.git.109lozanoi@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-09-14usb-mtp: fix sending files larger than 4gbIsaac Lozano
MTP requires that if a file is larger than 4gb or if sending data larger than 4gb, that the length field be set to 0xFFFFFFFF. Also widened a couple variables to prevent overflow errors. Signed-off-by: Isaac Lozano <109lozanoi@gmail.com> Message-id: 01ad8ec7775f58575801ac3f13716f553a16815e.1470477265.git.109lozanoi@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-05-11usb-mtp: fix usb_mtp_get_device_info so that libmtp on the guest doesn't ↵Isaac Lozano
complain If an application uses libmtp on the guest system, it will complain with the warning message: LIBMTP WARNING: VendorExtensionID: ffffffff LIBMTP WARNING: VendorExtensionDesc: (null) LIBMTP WARNING: this typically means the device is PTP (i.e. a camera) but not a MTP device at all. Trying to continue anyway. This is because libmtp expects a MTP Vendor Extension ID of 0x00000006 and a MTP Version of 0x0064. These numbers are taken from Microsoft's MTP Vendor Extension Identification Message page and are what most physical devices show. Signed-off-by: Isaac Lozano <109lozanoi@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1460892593-5908-1-git-send-email-109lozanoi@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-03-24Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* Log filtering from Alex and Peter * Chardev fix from Marc-André * config.status tweak from David * Header file tweaks from Markus, myself and Veronia (Outreachy candidate) * get_ticks_per_sec() removal from Rutuja (Outreachy candidate) * Coverity fix from myself * PKE implementation from myself, based on rth's XSAVE support # gpg: Signature made Thu 24 Mar 2016 20:15:11 GMT using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" * remotes/bonzini/tags/for-upstream: (28 commits) target-i386: implement PKE for TCG config.status: Pass extra parameters char: translate from QIOChannel error to errno exec: fix error handling in file_ram_alloc cputlb: modernise the debug support qemu-log: support simple pid substitution for logs target-arm: dfilter support for in_asm qemu-log: dfilter-ise exec, out_asm, op and opt_op qemu-log: new option -dfilter to limit output qemu-log: Improve the "exec" TB execution logging qemu-log: Avoid function call for disabled qemu_log_mask logging qemu-log: correct help text for -d cpu tcg: pass down TranslationBlock to tcg_code_gen util: move declarations out of qemu-common.h Replaced get_tick_per_sec() by NANOSECONDS_PER_SECOND hw: explicitly include qemu-common.h and cpu.h include/crypto: Include qapi-types.h or qemu/bswap.h instead of qemu-common.h isa: Move DMA_transfer_handler from qemu-common.h to hw/isa/isa.h Move ParallelIOArg from qemu-common.h to sysemu/char.h Move QEMU_ALIGN_*() from qemu-common.h to qemu/osdep.h ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Conflicts: scripts/clean-includes
2016-03-22include/qemu/osdep.h: Don't include qapi/error.hMarkus Armbruster
Commit 57cb38b included qapi/error.h into qemu/osdep.h to get the Error typedef. Since then, we've moved to include qemu/osdep.h everywhere. Its file comment explains: "To avoid getting into possible circular include dependencies, this file should not include any other QEMU headers, with the exceptions of config-host.h, compiler.h, os-posix.h and os-win32.h, all of which are doing a similar job to this file and are under similar constraints." qapi/error.h doesn't do a similar job, and it doesn't adhere to similar constraints: it includes qapi-types.h. That's in excess of 100KiB of crap most .c files don't actually need. Add the typedef to qemu/typedefs.h, and include that instead of qapi/error.h. Include qapi/error.h in .c files that need it and don't get it now. Include qapi-types.h in qom/object.h for uint16List. Update scripts/clean-includes accordingly. Update it further to match reality: replace config.h by config-target.h, add sysemu/os-posix.h, sysemu/os-win32.h. Update the list of includes in the qemu/osdep.h comment quoted above similarly. This reduces the number of objects depending on qapi/error.h from "all of them" to less than a third. Unfortunately, the number depending on qapi-types.h shrinks only a little. More work is needed for that one. Signed-off-by: Markus Armbruster <armbru@redhat.com> [Fix compilation without the spice devel packages. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-18hw/usb/dev-mtp: Guard inotify usage with CONFIG_INOTIFY1Matthew Fortune
inotify_init1 usage was guarded by a check for linux but does not exist on older distributions like CentOS 5 resulting in build failures. Signed-off-by: Matthew Fortune <matthew.fortune@imgtec.com> Message-id: 6D39441BF12EF246A7ABCE6654B023536BB85D4A@hhmail02.hh.imgtec.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-03-18usb: fix unbound stack warning for inotify_watchfnPeter Xu
Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1457503640-31473-1-git-send-email-peterx@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-03-18usb: fix unbound stack usage for usb_mtp_add_strPeter Xu
Use heap instead of stack. Signed-off-by: Peter Xu <peterx@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-01-29usb: Clean up includesPeter Maydell
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-20-git-send-email-peter.maydell@linaro.org
2016-01-08usb-mtp: fix call to trace functionBandan Das
trace_usb_mtp_inotify_event() was being called after the object was being freed. Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 1450861787-16213-3-git-send-email-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-01-08usb-mtp: use safe variant when cleaning events listBandan Das
usb_mtp_inotify_cleanup uses QLIST_FOREACH to pick events from a list and free them which is incorrect. Use QLIST_FOREACH_SAFE instead. Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 1450861787-16213-2-git-send-email-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-12-15usb-mtp: add support for basic mtp eventsBandan Das
When the host polls for events, we check our events qlist and send one event at a time. Also, note that the event packet needs to be sent in one go, so I increased the max packet size to 64. Tested with a linux guest. Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 1448314625-3855-5-git-send-email-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-12-15usb-mtp: Add support for inotify based file monitoringBandan Das
For now, we use inotify watches to track only a small number of events, namely, add, delete and modify. Note that for delete, the kernel already deactivates the watch for us and we just need to take care of modifying our internal state. inotify is a linux only mechanism. Suggested-by: Gerd Hoffman <kraxel@redhat.com> Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 1448314625-3855-4-git-send-email-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-12-15usb-mtp: free objects on a mtp resetBandan Das
On a reset, call usb_mtp_object_free on all objects and their children Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 1448314625-3855-3-git-send-email-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-12-15usb-mtp: use a list for keeping track of childrenBandan Das
To support adding/removal of objects, we will need to update the object cache hierarchy we have built internally. Convert to using a Qlist for easier management. Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 1448314625-3855-2-git-send-email-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-11-06usb: Use g_new() & friends where that makes obvious senseMarkus Armbruster
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer, for two reasons. One, it catches multiplication overflowing size_t. Two, it returns T * rather than void *, which lets the compiler catch more type errors. This commit only touches allocations with size arguments of the form sizeof(T). Same Coccinelle semantic patch as in commit b45c03f. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-05-08usb-mtp: fix segmentation faultGonglei
When x-root property not be configured, will cause segfault because of null pointer accessing. Add a check for s->root property avoid segfault. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-08usb: usb-mtp QOMifyGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-23usb-mtp: convert init to realizeGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-08-15usb: don't use 'Yoda conditions'Gonglei
imitate nearby code about using '!value' or 'value == NULL' Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-07-23usb: mtp: tag root property as experimentalGerd Hoffmann
Reason: we don't want commit to that interface yet. Possibly the implementation will be switched over to use fsdev. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-11mtp: linux guest detection fix.Gerd Hoffmann
Attach a name to the MTP interface (android phones have this too). With this patch recent linux guests such as fedora 20 happily detect and use the device. It shows up in nautilus file manager automatically, and simple-mtpfs can mount it. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-05-26usb-mtp: handle usb_mtp_get_object failureGerd Hoffmann
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-05-26usb-mtp: handle lseek failureGerd Hoffmann
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-05-26usb-mtp: use bool to track MTPObject init statusGerd Hoffmann
Stop setting nchildren to -1. Use separate bool variable to track whenever we've already fetched the child objects instead. Also make nchildren unsigned. Cc: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-05-05usb: mtp: reply INCOMPLETE_TRANSFER on read errorsGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Peter Wu <peter@lekensteyn.nl> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-05-05usb: mtp: fix possible buffer overflowGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Peter Wu <peter@lekensteyn.nl> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-05-05usb: mtp: drop data-out hexdumpGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Peter Wu <peter@lekensteyn.nl> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>