Commit Graph

10 Commits

Author SHA1 Message Date
David Gibson
bbdd2ad081 qemu-char: BUGFIX, don't call FD_ISSET with negative fd
tcp_chr_connect(), unlike for example udp_chr_update_read_handler() does
not check if the fd it is using is valid (>= 0) before passing it to
qemu_set_fd_handler2().  If using e.g. a TCP serial port, which is not
initially connected, this can result in -1 being passed to FD_ISSET, which
has undefined behaviour.  On x86 it seems to harmlessly return 0, but on
PowerPC, it causes a fortify buffer overflow error to be thrown.

This patch fixes this by putting an extra test in tcp_chr_connect(), and
also adds an assert qemu_set_fd_handler2() to catch other such errors on
all platforms, rather than just some.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-09-17 10:18:48 -05:00
Alexey Kardashevskiy
55ce75faf2 eventfd: making it thread safe
QEMU uses IO handlers to run select() in the main loop.
The handlers list is managed by qemu_set_fd_handler() helper
which works fine when called from the main thread as it is
called when select() is not waiting.

However IO handlers list can be changed in the thread other than
the main one doing os_host_main_loop_wait(), for example, as a result
of a hypercall which changes PCI config space (VFIO on POWER is the case)
and enables/disabled MSI/MSIX which closes/creates eventfd handles.
As the main loop should be waiting on the newly created eventfds,
it has to be restarted.

The patch adds the qemu_notify_event() call to interrupt select()
to make main_loop() restart select() with the updated IO handlers
list.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-08-21 15:16:29 -05:00
Stefan Weil
c97feed13c iohandler: Use bool for boolean struct member and remove holes
Using bool reduces the size of the structure and improves readability.
Two holes in the structure were removed.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-05-01 10:13:33 +01:00
Paolo Bonzini
be08e65e01 Revert to a hand-made select loop
This reverts commit c82dc29a91
and 4d88a2ac86.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2011-10-21 18:14:30 +02:00
Paolo Bonzini
44a9b356ad main-loop: create main-loop.h
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2011-10-21 18:14:30 +02:00
Anthony Liguori
c82dc29a91 iohandlers: fix issue with qemu_set_fd_handler()
As spotted by Aneesh, some users pass a NULL opaque so we need to be more
aggressive in checking whether a user means to unregister.

Also fix a double free caused by tag not being reset to zero after delete.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-09-08 08:06:08 -05:00
Anthony Liguori
4d88a2ac86 main: switch qemu_set_fd_handler to g_io_add_watch
This patch changes qemu_set_fd_handler to be implemented in terms of
g_io_add_watch().  The semantics are a bit different so some glue is required.

qemu_set_fd_handler2 is much harder to convert because of its use of polling.

The glib main loop has the major of advantage of having a proven thread safe
architecture.  By using the glib main loop instead of our own, it will allow us
to eventually introduce multiple I/O threads.

I'm pretty sure that this will work on Win32, but I would appreciate some help
testing.  I think the semantics of g_io_channel_unix_new() are really just tied
to the notion of a "unix fd" and not necessarily unix itself.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-09-01 13:12:33 -05:00
Anthony Liguori
7267c0947d Use glib memory allocation and free functions
qemu_malloc/qemu_free no longer exist after this commit.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-20 23:01:08 -05:00
Paolo Bonzini
4d54ec7898 add a service to reap zombies, use it in SLIRP
SLIRP -smb support wants to fork a process and forget about reaping it.
To please it, add a generic service to register a process id and let
QEMU reap it.  In the future it could be enhanced to pass a status,
but this would be unused.

With this in place, the SIGCHLD signal handler would not stomp on pclose
anymore.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-03-29 08:14:11 -05:00
Paolo Bonzini
0298141998 extract I/O handler lists to iohandler.c
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-03-29 08:14:01 -05:00