The two new variables "arp_requested" and "expiration_date" in the mbuf
structure have been added after the variable-sized "m_dat_" array. The
variables have to be added before the m_dat_ array instead.
Without this patch, the expiration_date gets clobbered by code that
accesses the m_dat_ array.
I experienced this problem with the code in slirp/tftp.c: The
tftp_send_data() function created a new packet with the m_get()
function (which fills-in a default expiration_date value). Then the
TFTP code cleared the data section of the packet, which accidentially
also cleared the expiration_date. This zeroed expiration_date then
finally causes the packet to be discarded during if_start(), so that
TFTP packets were not transmitted anymore.
[Jan: added comment as suggested by Fabien ]
CC: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
ti points into the m buffer. But the latter may already be released
right after the dodata: label. Move the test before the potential
release.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Those blanks violate the coding conventions, see
scripts/checkpatch.pl.
Blanks missing after colons in the changed lines were added.
This patch does not try to fix tabs, long lines and other
problems in the changed lines, therefore checkpatch.pl reports
many violations.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This ensures we can cleanly signal the drop in case the connection timer
fires. So far we sent those frames to nowhere (target IP 0.0.0.0).
Found by the new assertion on invalid IPs in arp_table_search.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
* qemu-common.h is not a system include file, so it should be included
with "" instead of <>. Otherwise incremental builds might fail
because only local include files are checked for changes.
* linux-user/syscall.c included the file twice.
Cc: Riku Voipio <riku.voipio@iki.fi>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Most changes were made using these commands:
git grep -la '__attribute__((packed))'|xargs perl -pi -e 's/__attribute__\(\(packed\)\)/QEMU_PACKED/'
git grep -la '__attribute__ ((packed))'|xargs perl -pi -e 's/__attribute__ \(\(packed\)\)/QEMU_PACKED/'
git grep -la '__attribute__((__packed__))'|xargs perl -pi -e 's/__attribute__\(\(__packed__\)\)/QEMU_PACKED/'
git grep -la '__attribute__ ((__packed__))'|xargs perl -pi -e 's/__attribute__ \(\(__packed__\)\)/QEMU_PACKED/'
git grep -la '__attribute((packed))'|xargs perl -pi -e 's/__attribute\(\(packed\)\)/QEMU_PACKED/'
Whitespace in linux-user/syscall_defs.h was fixed manually
to avoid warnings from scripts/checkpatch.pl.
Manual changes were also applied to hw/pc.c.
I did not fix indentation with tabs in block/vvfat.c.
The patch will show 4 errors with scripts/checkpatch.pl.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
-mms-bitfields prevents that the bitfields in current IP header structs
are packed into a single byte as it is required. Fix this by using
uint8_t as backing type.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
The expiration timeout must only affect packets that are queued due to
pending ARP resolutions. The old version broke ping e.g.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
No need to update the current time for each packet we send from the
queue. Processing time is comparably short.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Should be uint32_t for IPv4, not int. Also avoid in_addr_t without
proper includes. Fixes build regression on mingw32.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
In the current implementation, if Slirp tries to send an IP packet to a client
with an unknown hardware address, the packet is simply dropped and an ARP
request is sent (if_encap in slirp/slirp.c).
With this patch, Slirp will send the ARP request, re-queue the packet and try
to send it later. The packet is dropped after one second if the ARP reply is
not received.
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
This patch adds a simple ARP table in Slirp and also adds handling of
gratuitous ARP requests.
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
cppcheck detected two rather strange comments which were not
correctly written as C comments.
They did not cause any harm because they were framed by
#ifdef notdef ... #endif, so they were never compiled.
Fix them nevertheless (we could also remove the unused code).
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Avoid warnings like these by wrapping recv():
CC slirp/ip_icmp.o
/src/qemu/slirp/ip_icmp.c: In function 'icmp_receive':
/src/qemu/slirp/ip_icmp.c:418:5: error: passing argument 2 of 'recv' from incompatible pointer type [-Werror]
/usr/local/lib/gcc/i686-mingw32msvc/4.6.0/../../../../i686-mingw32msvc/include/winsock2.h:547:32: note: expected 'char *' but argument is of type 'struct icmp *'
Remove also casts used to avoid warnings.
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Linux 3.0 gained support for unprivileged ICMP ping sockets. Use this
feature to forward guest pings to the outer world. The host admin has to
set the ping_group_range in order to grant access to those sockets. To
allow ping for the users group (GID 100):
echo 100 100 > /proc/sys/net/ipv4/ping_group_range
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Recent smb daemons tend to terminate themselves via a process group
SIGTERM. If the daemon is still in qemu's group by that time, qemu will
die as well. Avoid this by always pushing fork_exec processes into a
group of their own, not just (unused) type 2 execs.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Instead of accepting every DHCP/BOOTP and TFTP packet, only invoke the
built-in servers if the target is the virtual host.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This aligns the code to what the documentation claims: Allow everything
but requests that would have to be routed outside of the virtual LAN.
So we need to drop the unneeded IP-level filter, allow TFTP requests,
and add the missing protocol-level filter to ICMP.
CC: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
SLIRP -smb support wants to fork a process and forget about reaping it.
To please it, add a generic service to register a process id and let
QEMU reap it. In the future it could be enhanced to pass a status,
but this would be unused.
With this in place, the SIGCHLD signal handler would not stomp on pclose
anymore.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This was done with:
sed -i '/get_clock\>.*rt_clock/s/get_clock\>/get_clock_ms/' \
$(git grep -l 'get_clock\>.*rt_clock' )
sed -i '/new_timer\>.*rt_clock/s/new_timer\>/new_timer_ms/' \
$(git grep -l 'new_timer\>.*rt_clock' )
after checking that get_clock and new_timer never occur twice
on the same line. There were no missed occurrences; however, even
if there had been, they would have been caught by the compiler.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
make the code compile correctly when DEBUG is activated.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
x.tp_buf was declared as a uint8_t array, but always used as
a char array (which needed a lot of type casts).
The patch includes these changes:
* Fix declaration of x.tp_buf and remove all type casts.
* Use offsetof() to get the offset of x.tp_buf.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Since the addition of the slirp member to struct mbuf, the value of
SLIRP_MSIZE and the initialization of m_size have not been correct,
resulting in overrunning the end of the malloc'd buffer in some cases.
Signed-off-by: Bruce Rogers <brogers@novell.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
According to RFC 1350 (TFTP Revision 2) the mode field can contain any
combination of upper and lower case; also RFC 2349 propagates that the
transfer size option ("tsize") is case in-sensitive too.
Current implementation of embedded TFTP server missed that what does
mess some TFTP clients. Fixed by using STRCASECMP(3) in the required
places.
Signed-off-by: Sergei Gavrikov <sergei.gavrikov@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Edgar E. Iglesias <edgar@axis.com>
Slirp code tries to be smart an avoid data copy by using pointer to
the data. This solution leads to unaligned access, in this case
preq_addr, which is a 32-bit long structure. There is no real point
of avoiding data copy in a such case, as the value itself is smaller
or the same size as a pointer.
The patch replaces pointers to the preq_addr structure by the strcture
itself, and use the address 0.0.0.0 if no address has been requested
(this is not a valid address in such a request). It compares it with
htonl(0L) for correctness reasons, in case a code checker look for such
mistakes. It also uses memcpy() for copying the data, which takes care
of alignement issues.
This fixes an unaligned access on IA64 host while requesting a DHCP
address.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Neither DECLARE_SPRINTF nor BAD_SPRINTF are needed for QEMU.
QEMU won't support systems with missing or bad declarations
for sprintf. The unused code was detected while looking for
functions with missing format checking. Instead of adding
GCC_FMT_ATTR, the unused code was removed.
Cc: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Haiku has O_BINARY in fcntl.h.
Signed-off-by: Andreas Färber <andreas.faerber@web.de>
Cc: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
IEEE 802.3 standard requires Ethernet frames to be at least 64 bytes long.
If it is not the case, they will be considered as runt frames, and may be ignored by netcard and/or OS
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Packets with TTL=1 may be directed to local network (DHCP/DNS servers for example), so don't discard them
This is required by old versions of NetBSD which send DHCP DISCOVER packets with TTL=1
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
The previous patches replaced u_int8_t, u_int16_t, u_int32_t, u_int64_t
by standard int types from stdint.h,
so we can now remove their declarations which are no longer needed.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
There is no need to have a second set of integral types.
Replace them by the standard types from stdint.h.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
When available, we'd like to be able to access the DeviceState
when registering a savevm. For buses with a get_dev_path()
function, this will allow us to create more unique savevm
id strings.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
A data structure of type sockaddr_in is allocated from stack but not
properly initialized. This may lead to a failure in the bind() call
later on. Fixed by filling the contents of the structure with zeroes
before using it.
Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Commits 376253ec..731b0364 introduced global variable cur_mon, which
points to the "default monitor" (if any), except during execution of
monitor_read() or monitor_control_read() it points to the monitor from
which we're reading instead (the "current monitor"). Monitor command
handlers run within monitor_read() or monitor_control_read().
Default monitor and current monitor are really separate things, and
squashing them together is confusing and error-prone.
For instance, usb_host_scan() can run both in "info usbhost" and
periodically via usb_host_auto_check(). It prints to cur_mon, which
is what we want in the former case: the monitor executing "info
usbhost". But since that's the default monitor in the latter case, it
periodically spams the default monitor there.
A few places use cur_mon to log stuff to the default monitor. If we
ever log something while cur_mon points to current monitor instead of
default monitor, the log temporarily "jumps" to another monitor.
Whether that can or cannot happen isn't always obvious.
Maybe logging to the default monitor (which may not even exist) is a
bad idea, and we should log to stderr or a logfile instead. But
that's outside the scope of this commit.
Change cur_mon to point to the current monitor. Create new
default_mon to point to the default monitor. Update users of cur_mon
accordingly.
This fixes the periodical spamming of the default monitor by
usb_host_scan(). It also stops "log jumping", should that problem
exist.
Although the value stored to 'r' is used in the enclosing expression,
the value is never actually read from 'r'.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Most of these are obvious NULL-deref bug fixes, for example,
the ones in these files:
block/curl.c
net.c
slirp/misc.c
and the first one in block/vvfat.c.
The others in block/vvfat.c may not lead to an immediate segfault, but I
traced the two schedule_rename(..., strdup(path)) uses, and a failed
strdup would appear to trigger this assertion in handle_renames_and_mkdirs:
assert(commit->path);
The conversion to use qemu_strdup in envlist_to_environ is not technically
needed, but does avoid a theoretical leak in the caller when strdup fails
for one value, but later succeeds in allocating another buffer(plausible,
if one string length is much larger than the others). The caller does
not know the length of the returned list, and as such can only free
pointers until it hits the first NULL. If there are non-NULL pointers
beyond the first, their buffers would be leaked. This one is admittedly
far-fetched.
The two in linux-user/main.c are worth fixing to ensure that an
OOM error is diagnosed up front, rather than letting it provoke some
harder-to-diagnose secondary error, in case of exec failure, or worse, in
case the exec succeeds but with an invalid list of command line options.
However, considering how unlikely it is to encounter a failed strdup early
in main, this isn't a big deal. Note that adding the required uses of
qemu_strdup here and in envlist.c induce link failures because qemu_strdup
is not currently in any library they're linked with. So for now, I've
omitted those changes, as well as the fixes in target-i386/helper.c
and target-sparc/helper.c.
If you'd like to see the above discussion (or anything else)
in the commit log, just let me know and I'll be happy to adjust.
>From 9af42864fd1ea666bd25e2cecfdfae74c20aa8c7 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Mon, 8 Feb 2010 18:29:29 +0100
Subject: [PATCH] don't dereference NULL after failed strdup
Handle failing strdup by replacing each use with qemu_strdup,
so as not to dereference NULL or trigger a failing assertion.
* block/curl.c (curl_open): s/\bstrdup\b/qemu_strdup/
* block/vvfat.c (init_directories): Likewise.
(get_cluster_count_for_direntry, check_directory_consistency): Likewise.
* net.c (parse_host_src_port): Likewise.
* slirp/misc.c (fork_exec): Likewise.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>