aboutsummaryrefslogtreecommitdiff
path: root/qemu-char.c
AgeCommit message (Collapse)Author
2016-11-02qemu-char: do not forward events through the mux until QEMU has startedPaolo Bonzini
Otherwise, the CHR_EVENT_OPENED event is sent twice: first when the backend (for example "stdio") is opened, and second after processing the command line. The incorrect sending of the event prints the monitor banner when QEMU is started with "-serial mon:stdio". This includes the "(qemu)" prompt; thus the monitor seems to be dead, whereas actually the active front-end is the serial port. Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-28Merge remote-tracking branch 'remotes/berrange/tags/pull-qio-2016-10-27-1' ↵Peter Maydell
into staging Merge qio 2016/10/27 v1 # gpg: Signature made Thu 27 Oct 2016 13:54:03 BST # gpg: using RSA key 0xBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange/tags/pull-qio-2016-10-27-1: main: set names for main loop sources created vnc: set name for all I/O channels created migration: set name for all I/O channels created char: set name for all I/O channels created nbd: set name for all I/O channels created io: add ability to set a name for IO channels io: Add a QIOChannelSocket cleanup test io: set LISTEN flag explicitly for listen sockets io: Introduce a qio_channel_set_feature() helper io: Use qio_channel_has_feature() where applicable io: Fix double shift usages on QIOChannel features Conflicts: qemu-char.c Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-27char: set name for all I/O channels createdDaniel P. Berrange
Ensure that all I/O channels created for character devices are given names to distinguish their respective roles. Acked-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-10-24char: remove explicit_be_open from CharDriverStateMarc-André Lureau
It's only used in qmp_chardev_add(), so use a create() argument instead. Also switched to typedef functions for CharDriverParse/CharDriverCreate. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022100951.19562-7-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: use common error path in qmp_chardev_addMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022100951.19562-6-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: replace avail_connectionsMarc-André Lureau
No need to count the users of a CharDriverState, it can rely on the fact of whether there is a CharBackend associated or if there is enough space in the muxer. Simplify and fold chr_mux_new_fe() in qemu_chr_fe_init() since there is a single user now. Also switch from fprintf to raising error instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022100951.19562-5-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: remove unused qemu_chr_fe_eventMarc-André Lureau
I introduced this function in d61b0c9a2f7f, but it isn't used. Furthermore, it was incomplete, as it would need to translate QEMU chr events to Spice port events. (presumably it was used in the follow-up NBD-spice series that was not completed: http://lists.gnu.org/archive/html/qemu-devel/2013-11/msg02024.html) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022100951.19562-4-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: move fe_open in CharBackendMarc-André Lureau
The fe_open state belongs to front end. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022100951.19562-1-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: remove explicit_fe_open, use a set_handlers argumentMarc-André Lureau
No need to keep explicit_fe_open around if it affects only a qemu_chr_fe_set_handlers(). Use an additional argument instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-24-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: rename chr_close/chr_freeMarc-André Lureau
The function is used to free the backend opaque pointer, let's name it accordingly. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-23-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: move front end handlers in CharBackendMarc-André Lureau
Since the hanlders are associated with a CharBackend, rather than the CharDriverState, it is more appropriate to store in CharBackend. This avoids the handler copy dance in qemu_chr_fe_set_handlers() then mux_chr_update_read_handler(), by storing the CharBackend pointer directly. Also a mux CharDriver should go through mux->backends[focused], since chr->be will stay NULL. Before that, it was possible to call chr->handler by mistake with surprising results, for ex through qemu_chr_be_can_write(), which would result in calling the last set handler front end, not the one with focus. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-22-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: make some qemu_chr_fe skip if no driverMarc-André Lureau
In most cases, front ends do not care about the side effect of CharBackend, so we can simply skip the checks and call the qemu_chr_fe functions even without associated CharDriver. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-20-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: replace qemu_chr_claim/release with qemu_chr_fe_init/deinitMarc-André Lureau
Now that all front end use qemu_chr_fe_init(), we can move chardev claiming in init(), and add a function deinit() to release the chardev and cleanup handlers. The qemu_chr_fe_claim_no_fail() for property are gone, since the property will raise an error instead. In other cases, where there is already an error path, an error is raised instead. Finally, other cases are handled by &error_abort in qemu_chr_fe_init(). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-19-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: fold qemu_chr_set_handlers in qemu_chr_fe_set_handlersMarc-André Lureau
qemu_chr_add_handlers*() have been removed in previous change, so the common qemu_chr_set_handlers() is no longer needed. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-17-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: use qemu_chr_fe* functions with CharBackend argumentMarc-André Lureau
This also switches from qemu_chr_add_handlers() to qemu_chr_fe_set_handlers(). Note that qemu_chr_fe_set_handlers() now takes the focus when fe_open (qemu_chr_add_handlers() did take the focus) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-16-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: rename some frontend functionsMarc-André Lureau
qemu_chr_accept_input() and qemu_chr_disconnect() are only used by frontend, so use qemu_chr_fe prefix. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-14-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: start converting mux driver to use CharBackendMarc-André Lureau
Start using qemu_chr_fe* CharBackend functions: initialize a CharBackend and use qemu_chr_fe_set_handlers(). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-11-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: introduce CharBackendMarc-André Lureau
This new structure is meant to keep the details associated with a char driver usage. On initialization, it gets a tag from the mux backend. It can change its handlers thanks to qemu_chr_fe_set_handlers(). This structure is introduced so that all frontend will be moved to hold and use a CharBackend. This will allow to better track char usage and allocation, and help prevent some memory leaks or corruption. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-10-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24mux: split mux_chr_update_read_handler()Marc-André Lureau
Make qemu_chr_add_handlers_full() aware of mux handling. This allows introduction of a tag associated with the fe handlers and a qemu_chr_set_handlers() function to set the handler for a particular tag. That will allow to get rid of qemu_chr_add_handlers*() in later changes, in favor of qemu_chr_fe_set_handler(). To this end, chr_update_read_handler callback is enhanced with a tag argument, and mux_chr_update_read_handler() is splitted in new functions: mux_chr_new_handler_tag(), mux_chr_set_handlers(), mux_set_focus(). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-9-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: remove init callbackMarc-André Lureau
The CharDriverState.init() callback is no longer set since commit a61ae7f88ce and thus unused. The only user, the malta FGPA display has been converted to use an event "opened" callback instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-7-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24ringbuf: fix chr_write return valueMarc-André Lureau
It should return the number of written bytes. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-4-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-24char: remove use-after-free on win-stdioMarc-André Lureau
Found by reviewing the code, win_stdio_close() is called by qemu_chr_free() which then call qemu_chr_free_common() taking care of freeing CharDriverState*. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161022095318.17775-3-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-13Revert "char: use a fixed idx for child muxed chr"Marc-André Lureau
That commit mis-used mux char: the frontend are multiplexed, not the backend. Fix the regression preventing "c-a c" to switch the focus. The following patches will fix the crash (when leaving or removing frontend) by tracking frontends with handler tags. This reverts commit 949055a2549afc4cde06b7972072c7288bb43722. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-10Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
virtio, pc: fixes and features more guest error handling for virtio devices virtio migration rework pc fixes Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Mon 10 Oct 2016 00:39:11 BST # gpg: using RSA key 0x281F0DB8D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: (33 commits) intel-iommu: Check IOAPIC's Trigger Mode against the one in IRTE virtio: cleanup VMSTATE_VIRTIO_DEVICE vhost-vsock: convert VMSTATE_VIRTIO_DEVICE virtio-rng: convert VMSTATE_VIRTIO_DEVICE virtio-balloon: convert VMSTATE_VIRTIO_DEVICE virtio-scsi: convert VMSTATE_VIRTIO_DEVICE virtio-input: convert VMSTATE_VIRTIO_DEVICE virtio-gpu: convert VMSTATE_VIRTIO_DEVICE virtio-serial: convert VMSTATE_VIRTIO_DEVICE virtio-9p: convert VMSTATE_VIRTIO_DEVICE virtio-net: convert VMSTATE_VIRTIO_DEVICE virtio-blk: convert VMSTATE_VIRTIO_DEVICE virtio: prepare change VMSTATE_VIRTIO_DEVICE macro net: don't poke at chardev internal QemuOpts virtio-scsi: handle virtio_scsi_set_config() error virtio-scsi: convert virtio_scsi_bad_req() to use virtio_error() virtio-net: handle virtio_net_flush_tx() errors virtio-net: handle virtio_net_receive() errors virtio-net: handle virtio_net_handle_ctrl() error virtio-blk: handle virtio_blk_handle_request() errors ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-10Merge remote-tracking branch 'remotes/mjt/tags/trivial-patches-fetch' into ↵Peter Maydell
staging trivial patches for 2016-10-08 # gpg: Signature made Sat 08 Oct 2016 09:56:38 BST # gpg: using RSA key 0x701B4F6B1A693E59 # gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" # gpg: aka "Michael Tokarev <mjt@corpit.ru>" # gpg: aka "Michael Tokarev <mjt@debian.org>" # Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 # Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931 4B22 701B 4F6B 1A69 3E59 * remotes/mjt/tags/trivial-patches-fetch: (26 commits) net/filter-mirror: Fix mirror initial check typo virtio: rename the bar index field name in VirtIOPCIProxy linux-user: include <poll.h> instead of <sys/poll.h> char: fix missing return in error path for chardev TLS init CODING_STYLE: Fix a typo ("have" vs. "has") bitmap: refine and move BITMAP_{FIRST/LAST}_WORD_MASK build-sys: fix find-in-path m68k: change default system clock for m5208evb exec: remove unused compacted argument usb: ehci: fix memory leak in ehci_process_itd qapi: make the json schema files more regular. maint: Add module_block.h to .gitignore MAINTAINERS: Some updates related to the SH4 machines MAINTAINERS: Add some more MIPS related files MAINTAINERS: Add usermode related config files MAINTAINERS: Add some more pattern to recognize all win32 related files MAINTAINERS: Add some more rocker related files MAINTAINERS: Add header files to CRIS section MAINTAINERS: Add some more files to the virtio section MAINTAINERS: Add some SPARC machine related files ... # Conflicts: # MAINTAINERS
2016-10-10net: don't poke at chardev internal QemuOptsDaniel P. Berrange
The vhost-user & colo code is poking at the QemuOpts instance in the CharDriverState struct, not realizing that it is valid for this to be NULL. e.g. the following crash shows a codepath where it will be NULL: Program terminated with signal SIGSEGV, Segmentation fault. #0 0x000055baf6ab4adc in qemu_opt_foreach (opts=0x0, func=0x55baf696b650 <net_vhost_chardev_opts>, opaque=0x7ffc51368c00, errp=0x7ffc51368e48) at util/qemu-option.c:617 617 QTAILQ_FOREACH(opt, &opts->head, next) { [Current thread is 1 (Thread 0x7f1d4970bb40 (LWP 6603))] (gdb) bt #0 0x000055baf6ab4adc in qemu_opt_foreach (opts=0x0, func=0x55baf696b650 <net_vhost_chardev_opts>, opaque=0x7ffc51368c00, errp=0x7ffc51368e48) at util/qemu-option.c:617 #1 0x000055baf696b7da in net_vhost_parse_chardev (opts=0x55baf8ff9260, errp=0x7ffc51368e48) at net/vhost-user.c:314 #2 0x000055baf696b985 in net_init_vhost_user (netdev=0x55baf8ff9250, name=0x55baf879d270 "hostnet2", peer=0x0, errp=0x7ffc51368e48) at net/vhost-user.c:360 #3 0x000055baf6960216 in net_client_init1 (object=0x55baf8ff9250, is_netdev=true, errp=0x7ffc51368e48) at net/net.c:1051 #4 0x000055baf6960518 in net_client_init (opts=0x55baf776e7e0, is_netdev=true, errp=0x7ffc51368f00) at net/net.c:1108 #5 0x000055baf696083f in netdev_add (opts=0x55baf776e7e0, errp=0x7ffc51368f00) at net/net.c:1186 #6 0x000055baf69608c7 in qmp_netdev_add (qdict=0x55baf7afaf60, ret=0x7ffc51368f50, errp=0x7ffc51368f48) at net/net.c:1205 #7 0x000055baf6622135 in handle_qmp_command (parser=0x55baf77fb590, tokens=0x7f1d24011960) at /path/to/qemu.git/monitor.c:3978 #8 0x000055baf6a9d099 in json_message_process_token (lexer=0x55baf77fb598, input=0x55baf75acd20, type=JSON_RCURLY, x=113, y=19) at qobject/json-streamer.c:105 #9 0x000055baf6abf7aa in json_lexer_feed_char (lexer=0x55baf77fb598, ch=125 '}', flush=false) at qobject/json-lexer.c:319 #10 0x000055baf6abf8f2 in json_lexer_feed (lexer=0x55baf77fb598, buffer=0x7ffc51369170 "}R\204\367\272U", size=1) at qobject/json-lexer.c:369 #11 0x000055baf6a9d13c in json_message_parser_feed (parser=0x55baf77fb590, buffer=0x7ffc51369170 "}R\204\367\272U", size=1) at qobject/json-streamer.c:124 #12 0x000055baf66221f7 in monitor_qmp_read (opaque=0x55baf77fb530, buf=0x7ffc51369170 "}R\204\367\272U", size=1) at /path/to/qemu.git/monitor.c:3994 #13 0x000055baf6757014 in qemu_chr_be_write_impl (s=0x55baf7610a40, buf=0x7ffc51369170 "}R\204\367\272U", len=1) at qemu-char.c:387 #14 0x000055baf6757076 in qemu_chr_be_write (s=0x55baf7610a40, buf=0x7ffc51369170 "}R\204\367\272U", len=1) at qemu-char.c:399 #15 0x000055baf675b3b0 in tcp_chr_read (chan=0x55baf90244b0, cond=G_IO_IN, opaque=0x55baf7610a40) at qemu-char.c:2927 #16 0x000055baf6a5d655 in qio_channel_fd_source_dispatch (source=0x55baf7610df0, callback=0x55baf675b25a <tcp_chr_read>, user_data=0x55baf7610a40) at io/channel-watch.c:84 #17 0x00007f1d3e80cbbd in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0 #18 0x000055baf69d3720 in glib_pollfds_poll () at main-loop.c:213 #19 0x000055baf69d37fd in os_host_main_loop_wait (timeout=126000000) at main-loop.c:258 #20 0x000055baf69d38ad in main_loop_wait (nonblocking=0) at main-loop.c:506 #21 0x000055baf676587b in main_loop () at vl.c:1908 #22 0x000055baf676d3bf in main (argc=101, argv=0x7ffc5136a6c8, envp=0x7ffc5136a9f8) at vl.c:4604 (gdb) p opts $1 = (QemuOpts *) 0x0 The crash occurred when attaching vhost-user net via QMP: { "execute": "chardev-add", "arguments": { "id": "charnet2", "backend": { "type": "socket", "data": { "addr": { "type": "unix", "data": { "path": "/var/run/openvswitch/vhost-user1" } }, "wait": false, "server": false } } }, "id": "libvirt-19" } { "return": { }, "id": "libvirt-19" } { "execute": "netdev_add", "arguments": { "type": "vhost-user", "chardev": "charnet2", "id": "hostnet2" }, "id": "libvirt-20" } Code using chardevs should not be poking at the internals of the CharDriverState struct. What vhost-user wants is a chardev that is operating as reconnectable network service, along with the ability to do FD passing over the connection. The colo code simply wants a network service. Add a feature concept to the char drivers so that chardev users can query the actual features they wish to have supported. The QemuOpts member is removed to prevent future mistakes in this area. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-10-08char: fix missing return in error path for chardev TLS initDaniel P. Berrange
If the qio_channel_tls_new_(server|client) methods fail, we disconnect the client. Unfortunately a missing return means we then go on to try and run the TLS handshake on a NULL I/O channel. This gives predictably segfaulty results. The main way to trigger this is to request a bogus TLS priority string for the TLS credentials. e.g. -object tls-creds-x509,id=tls0,priority=wibble,... Most other ways appear impossible to trigger except perhaps if OOM conditions cause gnutls initialization to fail. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2016-10-04char: update read handler in all casesMarc-André Lureau
In commit ac1b84dd1 (rhbz#1027181), a check was added to only update the "read handler" when the front-end is opened, because the read callbacks were not restored when a device is plugged. However, this seems not correct, the handler is correctly set back on hotplug (in virtconsole_realize) and the bug can no longer be reproduced. Calling chr_update_read_handler() allows to fix the mux driver to stop calling the child handlers (which may be going to be destroyed). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161003094704.18087-2-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-04char: use a fixed idx for child muxed chrMarc-André Lureau
mux_chr_update_read_handler() is adding a new mux_cnt each time mux_chr_update_read_handler() is called, it's not possible to actually update the "child" chr callbacks that were set previously. This may lead to crashes if the "child" chr is destroyed: valgrind x86_64-softmmu/qemu-system-x86_64 -chardev stdio,mux=on,id=char0 -mon chardev=char0,mode=control,default when quitting: ==4306== Invalid read of size 8 ==4306== at 0x8061D3: json_lexer_destroy (json-lexer.c:385) ==4306== by 0x7E39F8: json_message_parser_destroy (json-streamer.c:134) ==4306== by 0x3447F6: monitor_qmp_event (monitor.c:3908) ==4306== by 0x480153: mux_chr_send_event (qemu-char.c:630) ==4306== by 0x480694: mux_chr_event (qemu-char.c:734) ==4306== by 0x47F1E9: qemu_chr_be_event (qemu-char.c:205) ==4306== by 0x481207: fd_chr_close (qemu-char.c:1114) ==4306== by 0x481659: qemu_chr_close_stdio (qemu-char.c:1221) ==4306== by 0x486F07: qemu_chr_free (qemu-char.c:4146) ==4306== by 0x486F97: qemu_chr_delete (qemu-char.c:4154) ==4306== by 0x487E66: qemu_chr_cleanup (qemu-char.c:4678) ==4306== by 0x495A98: main (vl.c:4675) ==4306== Address 0x28439e90 is 112 bytes inside a block of size 240 free'd ==4306== at 0x4C2CD5A: free (vg_replace_malloc.c:530) ==4306== by 0x1E4CBF2D: g_free (in /usr/lib64/libglib-2.0.so.0.4800.2) ==4306== by 0x344DE9: monitor_cleanup (monitor.c:4058) ==4306== by 0x495A93: main (vl.c:4674) ==4306== Block was alloc'd at ==4306== at 0x4C2BBAD: malloc (vg_replace_malloc.c:299) ==4306== by 0x1E4CBE18: g_malloc (in /usr/lib64/libglib-2.0.so.0.4800.2) ==4306== by 0x344BF8: monitor_init (monitor.c:4021) ==4306== by 0x49063C: mon_init_func (vl.c:2417) ==4306== by 0x7FC6DE: qemu_opts_foreach (qemu-option.c:1116) ==4306== by 0x4954E0: main (vl.c:4473) Instead, keep the "child" chr associated with a particular idx so its handlers can be updated and removed to avoid the crash. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20161003094704.18087-3-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-09-27qemu-char: Add qemu_chr_add_handlers_full() for GMaincontextZhang Chen
Add qemu_chr_add_handlers_full() API, we can use this API pass in a GMainContext,make handler run in the context rather than main_loop. This comments from Daniel P . Berrange. Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-09-14qemu-char: avoid segfault if user lacks of permisson of a given logfileLin Ma
Function qemu_chr_alloc returns NULL if it failed to open logfile by any reason, says no write permission. For backends tty, stdio and msmouse, They need to check this return value to avoid segfault in this case. Signed-off-by: Lin Ma <lma@suse.com> Cc: qemu-stable <qemu-stable@nongnu.org> Message-Id: <20160914062250.22226-1-lma@suse.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-09-13char: convert qemu_chr_fe_write to qemu_chr_fe_write_allDaniel P. Berrange
The mux chardev was not checking the return value of any qemu_chr_fe_write() call so would silently loose data on EAGAIN. Similarly the qemu_chr_fe_printf method would not check errors and was not in a position to retry even if it could check. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1473170165-540-5-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-09-13chardev: Add 'help' option to print all available chardev backend typesLin Ma
Signed-off-by: Lin Ma <lma@suse.com> Message-Id: <20160816171352.17021-1-lma@suse.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-16char: fix waiting for TLS and telnet connectionMarc-André Lureau
Since commit d7a04fd7d5008, tcp_chr_wait_connected() was introduced, so vhost-user could wait until a backend started successfully. In vhost-user case, the chr socket must be plain unix, and the chr+vhost setup happens synchronously during qemu startup. However, with TLS and telnet socket, initial socket setup happens asynchronously, and s->connected is not set after the socket is accepted. In order for tcp_chr_wait_connected() to not keep accepting new connections and proceed with the last accepted socket, it can check for s->ioc instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20160816083332.15088-1-marcandre.lureau@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-08char: free MuxDriver when closingMarc-André Lureau
Similarly to other chr_close callbacks, free char type specific data. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2016-08-08char: free the tcp connection data when closingMarc-André Lureau
Make sure the connection data got freed when closing the chardev, to avoid leaks. Introduce tcp_chr_free_connection() to clean all connection related data, and move some tcp_chr_close() clean-ups there. (while at it, set write_msgfds_num to 0 when clearing array in tcp_set_msgfds()) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-05wxx: Fix handling of files used for character devicesStefan Weil
On Windows, such files were not truncated like on all other hosts. Now we also test whether truncation is needed when running on Windows. The append case was also incorrect because it needs a different value for the desired access mode. Reported-by: Benjamin David Lunt <fys@fysnet.net> Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1470114877-1466-1-git-send-email-sw@weilnetz.de Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-29char: add and use tcp_chr_wait_connectedMarc-André Lureau
Add a chr_wait_connected for the tcp backend, and use it in the open_socket() function. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-29char: add chr_wait_connected callbackMarc-André Lureau
A function to wait on the backend to be connected, to be used in the following patches. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-29qemu-char: fix qemu_chr_fe_set_msgfds() crash when disconnectedMarc-André Lureau
Calling qemu_chr_fe_set_msgfds() on unconnected socket leads to crash since s->ioc is NULL in this case. Return an error earlier instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-13char: do not use atexit cleanup handlerMarc-André Lureau
It turns out qemu is calling exit() in various places from various threads without taking much care of resources state. The atexit() cleanup handlers cannot easily destroy resources that are in use (by the same thread or other). Since c1111a24a3, TCG arm guests run into the following abort() when running tests, the chardev mutex is locked during the write, so qemu_mutex_destroy() returns an error: #0 0x00007fffdbb806f5 in raise () at /lib64/libc.so.6 #1 0x00007fffdbb822fa in abort () at /lib64/libc.so.6 #2 0x00005555557616fe in error_exit (err=<optimized out>, msg=msg@entry=0x555555c38c30 <__func__.14622> "qemu_mutex_destroy") at /home/drjones/code/qemu/util/qemu-thread-posix.c:39 #3 0x0000555555b0be20 in qemu_mutex_destroy (mutex=mutex@entry=0x5555566aa0e0) at /home/drjones/code/qemu/util/qemu-thread-posix.c:57 #4 0x00005555558aab00 in qemu_chr_free_common (chr=0x5555566aa0e0) at /home/drjones/code/qemu/qemu-char.c:4029 #5 0x00005555558b05f9 in qemu_chr_delete (chr=<optimized out>) at /home/drjones/code/qemu/qemu-char.c:4038 #6 0x00005555558b05f9 in qemu_chr_delete (chr=<optimized out>) at /home/drjones/code/qemu/qemu-char.c:4044 #7 0x00005555558b062c in qemu_chr_cleanup () at /home/drjones/code/qemu/qemu-char.c:4557 #8 0x00007fffdbb851e8 in __run_exit_handlers () at /lib64/libc.so.6 #9 0x00007fffdbb85235 in () at /lib64/libc.so.6 #10 0x00005555558d1b39 in testdev_write (testdev=0x5555566aa0a0) at /home/drjones/code/qemu/backends/testdev.c:71 #11 0x00005555558d1b39 in testdev_write (chr=<optimized out>, buf=0x7fffc343fd9a "", len=0) at /home/drjones/code/qemu/backends/testdev.c:95 #12 0x00005555558adced in qemu_chr_fe_write (s=0x5555566aa0e0, buf=buf@entry=0x7fffc343fd98 "0q", len=len@entry=2) at /home/drjones/code/qemu/qemu-char.c:282 Instead of using a atexit() handler, only run the chardev cleanup as initially proposed at the end of main(), where there are less chances (hic) of conflicts or other races. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reported-by: Andrew Jones <drjones@redhat.com> Message-Id: <20160704153823.16879-1-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-07-06sockets: Use new QAPI cloningEric Blake
Rather than rolling our own clone via an expensive conversion in and back out of QObject, use the new clone visitor. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1465490926-28625-15-git-send-email-eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-06-29char: clean up remaining chardevs when leavingMarc-André Lureau
This helps to remove various chardev resources leaks when leaving qemu. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1466105332-10285-2-git-send-email-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-06-29char: change qemu_chr_fe_add_watch to return unsignedPaolo Bonzini
g_source_attach can return any value between 1 and UINT_MAX if you let QEMU run long enough. However, qemu_chr_fe_add_watch can also return a negative errno value when the device is disconnected or does not support chr_add_watch. Change it to return zero to avoid overloading these values. Fix the cadence_uart which asserts in this case (easily obtained with "-serial pty"). Tested-by: Bret Ketchum <bcketchum@gmail.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-06-17Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
pc, pci, virtio: new features, cleanups, fixes Beginning of reconnect support for vhost-user. Misc cleanups and fixes. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Fri 17 Jun 2016 01:28:39 BST # gpg: using RSA key 0x281F0DB8D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: MAINTAINERS: add Marcel to PCI msi_init: change return value to 0 on success fix some coding style problems pci core: assert ENOSPC when add capability test: start vhost-user reconnect test tests: append i386 tests vhost-net: save & restore vring enable state vhost-net: save & restore vhost-user acked features vhost-net: do not crash if backend is not present vhost-user: disconnect on start failure qemu-char: add qemu_chr_disconnect to close a fd accepted by listen fd tests/vhost-user-bridge: workaround stale vring base tests/vhost-user-bridge: add client mode vhost-user: add ability to know vhost-user backend disconnection pci: fix pci_requester_id() Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Conflicts: tests/Makefile.include
2016-06-17qemu-char: add qemu_chr_disconnect to close a fd accepted by listen fdTetsuya Mukawa
The patch introduces qemu_chr_disconnect(). The function is used for closing a fd accepted by listen fd. Though we already have qemu_chr_delete(), but it closes not only accepted fd but also listen fd. This new function is used when we still want to keep listen fd. Signed-off-by: Tetsuya Mukawa <mukawa@igel.co.jp> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Tested-by: Yuanhan Liu <yuanhan.liu@linux.intel.com> Reviewed-by: Yuanhan Liu <yuanhan.liu@linux.intel.com> Reviewed-by: Victor Kaplansky <victork@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-06-16os-posix: include sys/mman.hPaolo Bonzini
qemu/osdep.h checks whether MAP_ANONYMOUS is defined, but this check is bogus without a previous inclusion of sys/mman.h. Include it in sysemu/os-posix.h and remove it from everywhere else. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-06-06char: get rid of qemu_char_get_next_serialxiaoqiang zhao
since there is no user of qemu_char_get_next_serial any more, it's time to let it go away. Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: xiaoqiang zhao <zxq_yx_007@163.com> Message-id: 1465028065-5855-7-git-send-email-zxq_yx_007@163.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-05char: ensure all clients are in non-blocking modeDaniel P. Berrange
Only some callers of tcp_chr_new_client are putting the socket client into non-blocking mode. Move the call to qio_channel_set_blocking() into the tcp_chr_new_client method to guarantee that all code paths set non-blocking mode Reported-by: Andrew Baumann <Andrew.Baumann@microsoft.com> Reported-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1458324041-22709-1-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-05char: fix broken EAGAIN retry on OS-X due to errno clobberingDaniel P. Berrange
Some of the chardev I/O paths really want to write the complete data buffer even though the channel is in non-blocking mode. To achieve this they look for EAGAIN and g_usleep() for 100ms. Unfortunately the code is set to check errno == EAGAIN a second time, after the g_usleep() call has completed. On OS-X at least, g_usleep clobbers errno to ETIMEDOUT, causing the retry to be skipped. This failure to retry means the full data isn't written to the chardev backend, which causes various failures including making the tests/ahci-test qtest hang. Rather than playing games trying to reset errno just simplify the code to use a goto to retry instead of a a loop. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1459438168-8146-2-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>