aboutsummaryrefslogtreecommitdiff
path: root/qemu-char.c
AgeCommit message (Collapse)Author
2012-09-17qemu-char: BUGFIX, don't call FD_ISSET with negative fdDavid Gibson
tcp_chr_connect(), unlike for example udp_chr_update_read_handler() does not check if the fd it is using is valid (>= 0) before passing it to qemu_set_fd_handler2(). If using e.g. a TCP serial port, which is not initially connected, this can result in -1 being passed to FD_ISSET, which has undefined behaviour. On x86 it seems to harmlessly return 0, but on PowerPC, it causes a fortify buffer overflow error to be thrown. This patch fixes this by putting an extra test in tcp_chr_connect(), and also adds an assert qemu_set_fd_handler2() to catch other such errors on all platforms, rather than just some. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-17Revert 455aa1e08 and c3767ed0ebAnthony Liguori
commit c3767ed0eb5d0bb25fe409ae5dec06e3411ff1b6 qemu-char: (Re-)connect for tcp_chr_write() unconnected writing Has no hope of working because tcp_chr_connect() does not actually connect. 455aa1e08 just fixes the SEGV with server() but the attempt to connect a client socket is still completely broken. This patch reverts both. Reported-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-10socket: don't attempt to reconnect a TCP socket in server modeAnthony Liguori
Commit c3767ed0eb5d0bb25fe409ae5dec06e3411ff1b6 introduced a possible SEGV when using a socket chardev with server=on because it assumes that all TCP sockets are in client mode. This patch adds a check to only reconnect when in client mode. Cc: Lei Li <lilei@linux.vnet.ibm.com> Reported-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-16qemu-char: (Re-)connect for tcp_chr_write() unconnected writingLei Li
tcp_chr_write() did not deal with writing to an unconnected connection and return the original length of the data, it's not right and would cause false writing. So (re-)connect it and return 0 for this situation. Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Lei Li <lilei@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-15qemu-char: Add MSG_CMSG_CLOEXEC flag to recvmsgCorey Bryant
Set the close-on-exec flag for the file descriptor received via SCM_RIGHTS. Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-08-13net: inet_connect(), inet_connect_opts(): add in_progress argumentLuiz Capitulino
It's used to indicate the special case where a valid file-descriptor is returned (ie. success) but the connection can't be completed w/o blocking. This is needed because QERR_SOCKET_CONNECT_IN_PROGRESS is not treated like an error and a future commit will drop it. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
2012-06-09do not include <libutil.h> needlessly or if it doesn't existMichael Tokarev
<libutil.h> and <util.h> on *BSD (some have one, some another) were #included just for openpty() declaration. The only file where this function is actually used is qemu-char.c. In vl.c and net/tap-bsd.c, none of functions declared in libutil.h (login logout logwtmp timdomain openpty forkpty uu_lock realhostname fparseln and a few others depending on version) are used. Initially the code which is currently in qemu-char.c was in vl.c, it has been removed into separate file in commit 0e82f34d077dc2542 Fri Oct 31 18:44:40 2008, but the #includes were left in vl.c. So with vl.c, we just remove includes - libutil.h, util.h and pty.h (which declares only openpty() and forkpty()) from there. The code in net/tap-bsd.c, which come from net/tap.c, had this commit 5281d757efa6e40d74ce124be048b08d43887555 Author: Mark McLoughlin <markmc@redhat.com> Date: Thu Oct 22 17:49:07 2009 +0100 net: split all the tap code out into net/tap.c Note this commit not only moved stuff out of net.c to net/tap.c, but also rewrote large portions of the tap code, and added these completely unnecessary #includes -- as usual, I question why such a misleading commit messages are allowed. Again, no functions defined in libutil.h or util.h on *BSD are used by neither net/tap.c nor net/tap-bsd.c. Removing them. And finally, the only real user for these #includes, qemu-char.c, which actually uses openpty(). There, the #ifdef logic is wrong. A GLIBC-based system has <pty.h>, even if it is a variant of *BSD. So __GLIBC__ should be checked first, and instead of trying to include <libutil.h> or <util.h>, we include <pty.h>. If it is not GLIBC-based, we check for variations between <*util.h> as before. This patch fixes build of qemu 1.1 on Debian/kFreebsd (well, one of the two problems): it is a distribution with a FreeBSD kernel, so it #defines at least __FreeBSD_kernel__, but since it is based on GLIBC, it has <pty.h>, but current version does not have neither <util.h> nor <libutil.h>, which the code tries to include 3 times but uses only once. Signed-off-By: Michael Tokarev <mjt@tls.msk.ru> Cc: Aurelien Jarno <aurelien@aurel32.net> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-06-04qemu-option: qemu_opts_create(): use error_set()Luiz Capitulino
This commit converts qemu_opts_create() from qerror_report() to error_set(). Currently, most calls to qemu_opts_create() can't fail, so most callers don't need any changes. The two cases where code checks for qemu_opts_create() erros are: 1. Initialization code in vl.c. All of them print their own error messages directly to stderr, no need to pass the Error object 2. The functions opts_parse(), qemu_opts_from_qdict() and qemu_chr_parse_compat() make use of the error information and they can be called from HMP or QMP. In this case, to allow for incremental conversion, we propagate the error up using qerror_report_err(), which keeps the QError semantics Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-By: Laszlo Ersek <lersek@redhat.com>
2012-05-10sockets: use error class to pass listen errorAmos Kong
Add a new argument in inet_listen()/inet_listen_opts() to pass back listen error. Change nbd, qemu-char, vnc to use new interface. Signed-off-by: Amos Kong <akong@redhat.com> Reviewed-by: Orit Wasserman <owasserm@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-05-10sockets: change inet_connect() to support nonblock socketAmos Kong
Add a bool argument to inet_connect() to assign if set socket to block/nonblock, and delete original argument 'socktype' that is unused. Add a new argument to inet_connect()/inet_connect_opts(), to pass back connect error by error class. Retry to connect when -EINTR is got. Connect's successful for nonblock socket when following errors are got, user should wait for connecting by select(): -EINPROGRESS -EWOULDBLOCK (win32) -WSAEALREADY (win32) Change nbd, vnc to use new interface. Signed-off-by: Amos Kong <akong@redhat.com> Reviewed-by: Orit Wasserman <owasserm@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-04-24qemu-char: Fix crash when switching consolesStefan Weil
qemu-system-arm (and other system emulations) crashes with SDL when the user switches consoles (Alt-Ctrl-F4). We already check for NULL pointers in qemu_chr_fe_ioctl, qemu_chr_be_can_write and other functions, so do this also for s->chr_read in qemu_chr_be_write. This fixes the crash. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-04-16Kick io-thread on qemu_chr_accept_inputJan Kiszka
Once a chr frontend is able to receive input again, we need to inform the io-thread about this fact. Otherwise, main_loop_wait may continue to select without the related backend file descriptor in its set. This can cause high input latencies if only low-rate events arrive otherwise. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2012-02-24qemu-char: qemu_chr_open_fd() can't fail, don't checkMarkus Armbruster
Cleaned up silently in commit aad04cd0, but that just got reverted. Re-apply this part. Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-02-24qemu-char: Re-apply style fixes from just reverted aad04cd0Markus Armbruster
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-02-24qemu-char: Use qemu_open() to avoid leaking fds to childrenMarkus Armbruster
Fixed silently in commit aad04cd0, but that just got reverted. Re-apply the fixes, plus one missed instance: parport on Linux. Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-02-24Revert "qemu-char: Print strerror message on failure" and depsMarkus Armbruster
The commit's purpose is laudable: The only way for chardev drivers to communicate an error was to return a NULL pointer, which resulted in an error message that said _that_ something went wrong, but not _why_. It attempts to achieve it by changing the interface to return 0/-errno and update qemu_chr_open_opts() to use strerror() to display a more helpful error message. Unfortunately, it has serious flaws: 1. Backends "socket" and "udp" return bogus error codes, because qemu_chr_open_socket() and qemu_chr_open_udp() assume that unix_listen_opts(), unix_connect_opts(), inet_listen_opts(), inet_connect_opts() and inet_dgram_opts() fail with errno set appropriately. That assumption is wrong, and the commit turns unspecific error messages into misleading error messages. For instance: $ qemu-system-x86_64 -nodefaults -vnc :0 -chardev socket,id=bar,host=xxx inet_connect: host and/or port not specified chardev: opening backend "socket" failed: No such file or directory ENOENT is what happens to be in my errno when the backend returns -errno. Let's put ERANGE there just for giggles: $ qemu-system-x86_64 -nodefaults -vnc :0 -chardev socket,id=bar,host=xxx -drive if=none,iops=99999999999999999999 inet_connect: host and/or port not specified chardev: opening backend "socket" failed: Numerical result out of range Worse: when errno happens to be zero, return -errno erroneously signals success, and qemu_chr_new_from_opts() dies dereferencing uninitialized chr. I observe this with "-serial unix:". 2. All qemu_chr_open_opts() knows about the error is an errno error code. That's simply not enough for a decent message. For instance, when inet_dgram() can't resolve the parameter host, which errno code should it use? What if it can't resolve parameter localaddr? Clue: many backends already report errors in their open methods. Let's revert the flawed commit along with its dependencies, and fix up the silent error paths instead. This reverts commit 6e1db57b2ac9025c2443c665a0d9e78748637b26. Conflicts: console.c hw/baum.c qemu-char.c This reverts commit aad04cd024f0c59f0b96f032cde2e24eb3abba6d. The parts of commit db418a0a "Add stdio char device on windows" that depend on the reverted change fixed up. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-02-03qdev: nuke qdev_init_chardev()Anthony Liguori
I'm sure the intentions were good here, but there's no reason this should be in qdev. Move it to qemu-char where it belongs. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-28qemu-char: rename qemu_chr_event to qemu_chr_be_event and make it publicHans de Goede
Rename qemu_chr_event to qemu_chr_be_event, since it is only to be called by backends and make it public so that it can be used by chardev code which lives outside of qemu-char.c Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-11qemu-char: Plug memory leak on qemu_chr_open_pty() error pathMarkus Armbruster
Spotted by Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-10-23Add stdio char device on windowsFabien Chouteau
Simple implementation of an stdio char device on Windows. Signed-off-by: Fabien Chouteau <chouteau@adacore.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-10-14qemu-char: Fix use of free() instead of g_free()Stefan Weil
cppcheck reported these errors: qemu-char.c:1667: error: Mismatching allocation and deallocation: s qemu-char.c:1668: error: Mismatching allocation and deallocation: chr qemu-char.c:1769: error: Mismatching allocation and deallocation: s qemu-char.c:1770: error: Mismatching allocation and deallocation: chr Tested-by: Dongxu Wang <wdongxu@linux.vnet.ibm.com> Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-10-04qapi: Convert query-chardevLuiz Capitulino
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2011-09-23qemu-char: use qemu_set_fd_handler/2 consistentlyMarcelo Tosatti
Now that qemu_set_fd_handler and qemu_set_fd_handler2 have different implementations, one using qemu iohandlers and the other glib, it is not safe to mix the two when inserting/deleting handlers. Fixes kvm-autotest. Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-22char: remove qemu_chr_send_event()Anthony Liguori
It's dead code. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-22char: rename qemu_chr_get_msgfd() -> qemu_chr_fe_get_msgfd()Anthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-22char: rename qemu_chr_close() -> qemu_chr_delete()Anthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-22char: qemu_chr_open_opts() -> qemu_chr_new_from_opts()Anthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-22char: rename qemu_chr_open() -> qemu_chr_new()Anthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-22char: rename qemu_chr_set_echo() -> qemu_chr_fe_set_echo()Anthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-22char: qemu_chr_ioctl() -> qemu_chr_fe_ioctl()Anthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-22char: rename qemu_chr_guest_close() -> qemu_chr_fe_close()Anthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-22char: rename qemu_chr_guest_open() -> qemu_chr_fe_open()Anthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-22char: rename qemu_chr_can_read() -> qemu_chr_be_can_read()Anthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-22char: rename qemu_chr_read() -> qemu_chr_be_write()Anthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-22char: rename qemu_chr_printf() -> qemu_chr_fe_printf()Anthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-22char: rename qemu_chr_write() -> qemu_chr_fe_write()Anthony Liguori
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-20Use glib memory allocation and free functionsAnthony Liguori
qemu_malloc/qemu_free no longer exist after this commit. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-07-25Wrap recv to avoid warningsBlue Swirl
Avoid warnings like these by wrapping recv(): CC slirp/ip_icmp.o /src/qemu/slirp/ip_icmp.c: In function 'icmp_receive': /src/qemu/slirp/ip_icmp.c:418:5: error: passing argument 2 of 'recv' from incompatible pointer type [-Werror] /usr/local/lib/gcc/i686-mingw32msvc/4.6.0/../../../../i686-mingw32msvc/include/winsock2.h:547:32: note: expected 'char *' but argument is of type 'struct icmp *' Remove also casts used to avoid warnings. Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-07-24Fix chrdev return value conversionBlue Swirl
6e1db57b2ac9025c2443c665a0d9e78748637b26 didn't convert brlapi or win32 chrdevs, breaking build for those. Fix by converting the chrdevs. Acked-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-07-23Introduce a 'client_add' monitor command accepting an open FDDaniel P. Berrange
Allow client connections for VNC and socket based character devices to be passed in over the monitor using SCM_RIGHTS. One intended usage scenario is to start QEMU with VNC on a UNIX domain socket. An unprivileged user which cannot access the UNIX domain socket, can then connect to QEMU's VNC server by passing an open FD to libvirt, which passes it onto QEMU. { "execute": "get_fd", "arguments": { "fdname": "myclient" } } { "return": {} } { "execute": "add_client", "arguments": { "protocol": "vnc", "fdname": "myclient", "skipauth": true } } { "return": {} } In this case 'protocol' can be 'vnc' or 'spice', or the name of a character device (eg from -chardev id=XXXX) The 'skipauth' parameter can be used to skip any configured VNC authentication scheme, which is useful if the mgmt layer talking to the monitor has already authenticated the client in another way. * console.h: Define 'vnc_display_add_client' method * monitor.c: Implement 'client_add' command * qemu-char.c, qemu-char.h: Add 'qemu_char_add_client' method * qerror.c, qerror.h: Add QERR_ADD_CLIENT_FAILED * qmp-commands.hx: Declare 'client_add' command * ui/vnc.c: Implement 'vnc_display_add_client' method Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-07-23qemu-char: Print strerror message on failureKevin Wolf
The only way for chardev drivers to communicate an error was to return a NULL pointer, which resulted in an error message that said _that_ something went wrong, but not _why_. This patch changes the interface to return 0/-errno and updates qemu_chr_open_opts to use strerror to display a more helpful error message. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-06-08Fix compilation warning due to missing header for sigaction (followup)Alexandre Raymond
This patch removes all references to signal.h when qemu-common.h is included as they become redundant. Signed-off-by: Alexandre Raymond <cerbere@gmail.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-04-28char: Detect chardev release by NULL handlers as well as NULL opaqueAmit Shah
Juan says he prefers these extra checks to ensure a user of a chardev is releasing it. Requested-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
2011-04-28char: Allow devices to use a single multiplexed chardev.Kusanagi Kouichi
This fixes regression caused by commit 2d6c1ef40f3678ab47a4d14fb5dadaa486bfcda6 ("char: Prevent multiple devices opening same chardev"): -nodefaults -nographic -chardev stdio,id=stdio,mux=on,signal=off \ -mon stdio -device virtio-serial-pci \ -device virtconsole,chardev=stdio -device isa-serial,chardev=stdio fails with: qemu-system-x86_64: -device isa-serial,chardev=stdio: Property 'isa-serial.chardev' can't take value 'stdio', it's in use Signed-off-by: Kusanagi Kouichi <slash@ac.auone-net.jp> Signed-off-by: Amit Shah <amit.shah@redhat.com>
2011-04-28chardev: Allow frontends to notify backends of guest open / closeHans de Goede
Some frontends know when the guest has opened the "channel" and is actively listening to it, for example virtio-serial. This patch adds 2 new qemu-chardev functions which can be used by frontends to signal guest open / close, and allows interested backends to listen to this. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Alon Levy <alevy@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
2011-03-24Merge remote branch 'amit/for-anthony' into stagingAnthony Liguori
2011-03-21char: Prevent multiple devices opening same chardevAmit Shah
Prevent: -chardev socket,path=/tmp/foo,server,nowait,id=c0 \ -device virtserialport,chardev=c0,id=vs0 \ -device virtserialport,chardev=c0,id=vs1 Reported-by: Mike Cao <bcao@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
2011-03-21change all rt_clock references to use millisecond resolution accessorsPaolo Bonzini
This was done with: sed -i '/get_clock\>.*rt_clock/s/get_clock\>/get_clock_ms/' \ $(git grep -l 'get_clock\>.*rt_clock' ) sed -i '/new_timer\>.*rt_clock/s/new_timer\>/new_timer_ms/' \ $(git grep -l 'new_timer\>.*rt_clock' ) after checking that get_clock and new_timer never occur twice on the same line. There were no missed occurrences; however, even if there had been, they would have been caught by the compiler. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2011-03-20Fix conversions from pointer to int and vice versaStefan Weil
Here the int values fds[0], sigfd, s, sock and fd are converted to void pointers which are later converted back to an int value. These conversions should always use intptr_t instead of unsigned long. They are needed for environments where sizeof(long) != sizeof(void *). Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-02-20qemu-char: Check for missing backend nameStefan Hajnoczi
Check if the backend option is missing before searching the backend table. This fixes a NULL pointer dereference when QEMU is invoked with the following invalid command-line: $ qemu -chardev id=foo,path=/tmp/socket Previously QEMU would segfault, now it produces this error message: chardev: "foo" missing backend Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>