Shut up Coverity's complaint about unchecked fcntl return values,
and especially make the code simpler and more efficient.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
If libusb_get_device_list() fails, the uninitialized local variable
libusb_device would be passed to libusb_free_device_list(), that
will cause a crash, like:
(gdb) bt
#0 0x00007fbbb4bafc10 in pthread_mutex_lock () from /lib64/libpthread.so.0
#1 0x00007fbbb233e653 in libusb_unref_device (dev=0x6275682d627375)
at core.c:902
#2 0x00007fbbb233e739 in libusb_free_device_list (list=0x7fbbb6e8436e,
unref_devices=<optimized out>) at core.c:653
#3 0x00007fbbb6cd80a4 in usb_host_auto_check (unused=unused@entry=0x0)
at hw/usb/host-libusb.c:1446
#4 0x00007fbbb6cd8525 in usb_host_initfn (udev=0x7fbbbd3c5670)
at hw/usb/host-libusb.c:912
#5 0x00007fbbb6cc123b in usb_device_init (dev=0x7fbbbd3c5670)
at hw/usb/bus.c:106
...
So initialize libusb_device at the begin time.
Signed-off-by: Jincheng Miao <jmiao@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Due to an incomplete initialization, adding a usb-bt-dongle device through HMP
or QMP will cause a segmentation fault.
Signed-off-by: Hani Benhabiles <hani@linux.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
On FreeBSD polling a master pty while the other end is not connected
with G_IO_OUT only results in an endless wait. This is different from
the Linux behaviour, that returns immediately. In order to demonstrate
this, I have the following example code:
http://xenbits.xen.org/people/royger/test_poll.c
When executed on Linux:
$ ./test_poll
In callback
On FreeBSD instead, the callback never gets called:
$ ./test_poll
So, in order to workaround this, poll the source with G_IO_HUP (which
makes the code behave the same way on both Linux and FreeBSD).
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: Michael Tokarev <mjt@tls.msk.ru>
Cc: "Andreas Färber" <afaerber@suse.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: xen-devel@lists.xenproject.org
[Add hw/char/cadence_uart.c too. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
"Init" and "uninit" suggest the functions don't allocate / free
storage. But they do.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
We can pick the usb port speed in generic code, by looking at the port
and device speed masks and looking for the fastest match. So add a
function to do exactly that, and drop the speed setting code from
usb_desc_attach as it isn't needed any more.
This way we can set the device speed before calling port->ops->attach,
which fixes some xhci hotplug issues.
https://bugzilla.redhat.com/show_bug.cgi?id=1046873
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Extend compatibility test function to also figure whenever usb3
devices can be supported on ehci. Tweak ep0 maxpacketsize field
due to usb2 <-> usb3 difference.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
usb: xhci and mtp bugfixes.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJTgv7ZAAoJEEy22O7T6HE4FPgP/3eTqypKijaSwPAN7s0OqpKo
DuI9bXPRlludn1zWGi/Da7iYDy0OwlfDksJddU3I8Qdxo+Y5DG/ERh0yxaKoE8Cw
bT/eAtTmtAuCI0Spu0TdojPUDmjCIpAoO1Ta3WTi0IqR8LhMUyWwyMeQafMujeCn
QvXax+Xw5wl7a6ogk1mBa8IfHBtmQIcscT7oc9pg59/zlcN7omW/g5pkz8pLjzmu
LQYiSkUGt6LEViaKG2rTZ/dEOzqLe5Ot8SZ4Y2r+C6yOjsdG9J1kOhU5wGs1WuVU
i57Zj/VRlZ3jLxCeU3dBT+kgJvi3mCnPZFni67iBtAlDDreSchVJJwY42SNZxea0
yLZSMFyMF+LBNrlbA9RFqlrnzr1sSfcjaOhQOajP6IVfjCsAiv0zivUJ4u6ijZ4R
cGk1oJYsN888LUzgaszA3MTy593e7MI1cpPL79gt3lhh/Fu+mqTkFxcEUvrHqwSi
0LepENhE3tIgqSZH7MEtos+Avf8Uo2x/RULYZV3D0qRLLkhGcafJYIhb6mQsJug3
8D45yQ8YnsAmxpah0WopshlNxOi2hc/e5ADOCh4H+fNTmX5J9oN2IM4bQqqE+ci4
IkcYyyruNW5RGgHjlOZfAceC/CJ8Er/ocSuwvF9uTEiZ+unGotD4Xhaxyfrr3B+G
BHkkzcySLzGfkbUuebSL
=y+dq
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-7' into staging
usb: usb3 streams support for usb-host and usb-redir
usb: xhci and mtp bugfixes.
# gpg: Signature made Mon 26 May 2014 09:44:09 BST using RSA key ID D3E87138
# gpg: Can't check signature: public key not found
* remotes/kraxel/tags/pull-usb-7:
usb-host-libusb: Set stream id when submitting bulk-stream transfers
usb-host-libusb: Add alloc / free streams ops
usb-host-libusb: Fill in endpoint max_streams when available
usb-redir: Add support for bulk streams
usb-mtp: handle usb_mtp_get_object failure
usb-mtp: handle lseek failure
usb-mtp: use bool to track MTPObject init status
xhci: add xhci_get_flag
xhci: add endpoint cap on express bus only
xhci: child detach fix
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add display property to the keyboard.
Add display and head properties to the tablet.
If properties are set bind device to the display specified to
setup input routing.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Stop setting nchildren to -1. Use separate bool variable to track
whenever we've already fetched the child objects instead.
Also make nchildren unsigned.
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
xhci_child_detach() zaps the wrong slot when unplugging a device
connected via usb-hub: Instead of the device's slot the slot of the
usb-hub is used. Fix it.
https://bugzilla.redhat.com/show_bug.cgi?id=1075846
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Correct post load checks:
1. dev->setup_len == sizeof(dev->data_buf)
seems fine, no need to fail migration
2. When state is DATA, passing index > len
will cause memcpy with negative length,
resulting in heap overflow
First of the issues was reported by dgilbert.
Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
After previous Peter patch, they are redundant. This way we don't
assign them except when needed. Once there, there were lots of case
where the ".fields" indentation was wrong:
.fields = (VMStateField []) {
and
.fields = (VMStateField []) {
Change all the combinations to:
.fields = (VMStateField[]){
The biggest problem (appart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.
Signed-off-by: Juan Quintela <quintela@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Currently all what's needed for single file libcacard/vcard_emul_nss.c
(libnss cflags) and hw/usb/ccid-card-emulated.c (libcacard includes)
together with the libs is added to global QEMU_CFLAGS and libs_softmmu.
Use the cflags only where really used (for two mentioned files), and
libs only where needed.
While at it, rename variables to better reflect reality: libcacard_*
is really nss_*.
This needs a bit more tweaking: $(NSS_LIBS) should not contain $glib_libs
(ditto for _cflags). But in order to fix it, some more preparations
should be made first. So add a FIXME comment.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJTZ/QsAAoJEPSH7xhYctcjJ4wP/31lNMpPLxdRpxpUoTPK39L0
zEoBTUH5dzG2FG34p8/znNH0Lbmc3GALqP9UzyM0sL3QU0EDwqAP0idLJ/8zHrYN
ZNJnNH6wexlpEypAsyQiayAFYAq6bc3hYtnEurN56dQgPVgb6jCicuOAt26JafLg
xuGIuencgaEFZaIb8iobxloqDX9raoq0+JfnoV8r02+ES+PG+HHfZsAlbDiWpj/Z
o06WBq9Xvf8X/zvuGHb9PCLGK36+kxPJ2G2531TJGZ6BjjewDExF2xlQH+PQ8pQB
d2OKCP0In66JfyLu6JBz21APrks7DJxsuenvoqPhxhtlIcBSm+grZElNLbccDMLQ
3fteWOCcri5WSwKNAkZ138D5SzIArZFBlqD9qW0GQsiaj3tCxfy162JAmzRPa94i
R5OJCTDclwjCH6JvRsOs8NrQyYcXHcEl2rfeymfr68YOH5XBMeRPhcR91tVr03ow
ZVgvwC/TJHntKnW+qtGIOa9Wfq4KghjddD37ayPAqKM/GQ0TV2sAPEr2htDaBZ0l
5O/YGsAZPKax72OnMR2ObqoIMokympeanQLxG3Q8VKQSU2c+aU3rGVQrG1juiVYw
NiC/nzarFzFWU8UYToXIu2QBDTde2vuRLX/myzL7L4OLavOcv8EXZBp60DP/bktE
Pd+jdeLMh9kWu1tFrE8F
=VoYL
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20140505' into staging
migration/next for 20140505
# gpg: Signature made Mon 05 May 2014 21:27:24 BST using RSA key ID 5872D723
# gpg: Can't check signature: public key not found
* remotes/juanquintela/tags/migration/20140505: (36 commits)
migration: expose xbzrle cache miss rate
migration: expose the bitmap_sync_count to the end
migration: Add counts of updating the dirty bitmap
XBZRLE: Fix one XBZRLE corruption issues
migration: remove duplicate code
Coverity: Fix failure path for qemu_accept in migration
Init the XBZRLE.lock in ram_mig_init
Provide init function for ram migration
Count used RAMBlock pages for migration_dirty_pages
Make qemu_peek_buffer loop until it gets it's data
Disallow outward migration while awaiting incoming migration
virtio: validate config_len on load
virtio-net: out-of-bounds buffer write on load
openpic: avoid buffer overrun on incoming migration
ssi-sd: fix buffer overrun on invalid state load
savevm: Ignore minimum_version_id_old if there is no load_state_old
usb: sanity check setup_index+setup_len in post_load
vmstate: s/VMSTATE_INT32_LE/VMSTATE_INT32_POSITIVE_LE/
virtio-scsi: fix buffer overrun on invalid state load
zaurus: fix buffer overrun on invalid state load
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
CVE-2013-4541
s->setup_len and s->setup_index are fed into usb_packet_copy as
size/offset into s->data_buf, it's possible for invalid state to exploit
this to load arbitrary data.
setup_len and setup_index should be checked to make sure
they are not negative.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
This adds migration support for OHCI.
This defines a descriptor for OHCIState.
This changes some OHCIState field types to be migration compatible.
This adds a descriptor for OHCIPort.
This migrates the EOF timer if the USB was started at the time of
migration.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Implementation of a USB Media Transfer Device device for easy
filesharing. Read-only. No access control inside qemu, it will
happily export any file it is able to open to the guest, i.e.
standard unix access rights for the qemu process apply.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add U suffix to avoid undefined behaviour. This is only
strictly necessary for the 1<<31 cases, but we add it for the
other constants in these groups for consistency.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
If enabled, set the thread name at creation (on GNU systems with
pthread_set_np)
Fix up all the callers with a thread name
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* QTest cleanups and test cases for PCI NICs
* NAND fix for "info qtree"
* Cleanup and extension of QOM machine tests
* IndustryPack test cases and conversion to QOM realize
* I2C cleanups
* Cleanups of legacy qdev properties
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJTAooJAAoJEPou0S0+fgE/SuQQALW3zvra4ZLRAQV0e8kFoyj1
vVtmLkDhnCe4cYfxxfOX91NA0rH1ts2EO1+UcnaCHJlptNWfA+8qJW69XgYpHE3c
DKQlKPL/9pV5ywY5uUw/t1UJHg2BfrLBDDM4lP+vrpwiQYq4kp24JffnhfY3l9MA
9qdkXu1HrlWoLRVGnMyGDXI8cb+5bTL+FEc6UuHl3P89/gj5BV+LDWn0QOFbAkxq
4wk+Xh6sHKcfOdq6vMCNGlTjlJnpbY43D1a8+q6hFGG8JBlpne7Oer7bse9k4uTK
q/CzyNzC0lnjjcULpa4ptRlycH0ruD9DPY7Lco9XqYd3l/c9742PmTEqN5TZseKD
XD7+hwT1tk7W8rihm8KETCP6sKlXz4w8tJiWe6IT3zwRzvXIolxxK93heQuaX73Z
HFDmvTPVLUiWF8ftKTyWZM3w+jsbSH0QSrMCIHKJrPTRWTKphx0DUP74lWjNsvGs
FFBjpAgrflLihxiuRrcLmekGn0xCTjhQWIo2GoiWTgLSEHNQQQUNO+15/kcU/vlI
hh3DJpiBKeSnUapHHL0OEK6ryeHoG95akiRjImwWVthNLk4KEuWtlhFPYBtulO5A
PA02trE4Ah769effX0ZYdNl23KbW4VxpZ8VZv+kp7RTrDKxw551HoEFJ5ja0nkvB
O1CfsE7x0GH/Rbi/Hxhu
=KRcc
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging
QOM infrastructure fixes and device conversions
* QTest cleanups and test cases for PCI NICs
* NAND fix for "info qtree"
* Cleanup and extension of QOM machine tests
* IndustryPack test cases and conversion to QOM realize
* I2C cleanups
* Cleanups of legacy qdev properties
# gpg: Signature made Mon 17 Feb 2014 22:15:37 GMT using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg: aka "Andreas Färber <afaerber@suse.com>"
* remotes/afaerber/tags/qom-devices-for-peter: (49 commits)
qtest: Include system headers before user headers
qapi: Refine human printing of sizes
qdev: Use QAPI type names for properties
qdev: Add enum property types to QAPI schema
block: Handle "rechs" and "large" translation options
qdev: Remove hex8/32/64 property types
qdev: Remove most legacy printers
qdev: Use human mode in "info qtree"
qapi: Add human mode to StringOutputVisitor
qdev: Inline qdev_prop_parse()
qdev: Legacy properties are just strings
qdev: Legacy properties are now read-only
qdev: Remove legacy parsers for hex8/32/64
qdev: Sizes are now parsed by StringInputVisitor
qapi: Add size parser to StringInputVisitor
qtest: Don't segfault with invalid -qtest option
ipack: Move IndustryPack out of hw/char/
ipoctal232: QOM parent field cleanup
ipack: QOM parent field cleanup for IPackDevice
ipack: QOM parent field cleanup for IPackBus
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Allow the scheduled transfer time be a bit behind, to
compensate for latencies. Without this xhci will wait
way to often for the mfindex wraparound, assuming the
scheduled time is in the future just because qemu is
a bit behind in processing the iso transfer requests.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
