844bd70b | 04-Jun-2020 |
Marc-André Lureau <marcandre.lureau@redhat.com> |
qga: fix assert regression on guest-shutdown
Since commit 781f2b3d1e ("qga: process_event() simplification"), send_response() is called unconditionally, but will assert when "rsp" is NULL. This may
qga: fix assert regression on guest-shutdown
Since commit 781f2b3d1e ("qga: process_event() simplification"), send_response() is called unconditionally, but will assert when "rsp" is NULL. This may happen with QCO_NO_SUCCESS_RESP commands, such as "guest-shutdown".
Fixes: 781f2b3d1e5ef389b44016a897fd55e7a780bf35 Cc: Michael Roth <mdroth@linux.vnet.ibm.com> Reported-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> Tested-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> Cc: qemu-stable@nongnu.org Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
show more ...
|
668f62ec | 07-Jul-2020 |
Markus Armbruster <armbru@redhat.com> |
error: Eliminate error_propagate() with Coccinelle, part 1
When all we do with an Error we receive into a local variable is propagating to somewhere else, we can just as well receive it there right
error: Eliminate error_propagate() with Coccinelle, part 1
When all we do with an Error we receive into a local variable is propagating to somewhere else, we can just as well receive it there right away. Convert
if (!foo(..., &err)) { ... error_propagate(errp, err); ... return ... }
to
if (!foo(..., errp)) { ... ... return ... }
where nothing else needs @err. Coccinelle script:
@rule1 forall@ identifier fun, err, errp, lbl; expression list args, args2; binary operator op; constant c1, c2; symbol false; @@ if ( ( - fun(args, &err, args2) + fun(args, errp, args2) | - !fun(args, &err, args2) + !fun(args, errp, args2) | - fun(args, &err, args2) op c1 + fun(args, errp, args2) op c1 ) ) { ... when != err when != lbl: when strict - error_propagate(errp, err); ... when != err ( return; | return c2; | return false; ) }
@rule2 forall@ identifier fun, err, errp, lbl; expression list args, args2; expression var; binary operator op; constant c1, c2; symbol false; @@ - var = fun(args, &err, args2); + var = fun(args, errp, args2); ... when != err if ( ( var | !var | var op c1 ) ) { ... when != err when != lbl: when strict - error_propagate(errp, err); ... when != err ( return; | return c2; | return false; | return var; ) }
@depends on rule1 || rule2@ identifier err; @@ - Error *err = NULL; ... when != err
Not exactly elegant, I'm afraid.
The "when != lbl:" is necessary to avoid transforming
if (fun(args, &err)) { goto out } ... out: error_propagate(errp, err);
even though other paths to label out still need the error_propagate(). For an actual example, see sclp_realize().
Without the "when strict", Coccinelle transforms vfio_msix_setup(), incorrectly. I don't know what exactly "when strict" does, only that it helps here.
The match of return is narrower than what I want, but I can't figure out how to express "return where the operand doesn't use @err". For an example where it's too narrow, see vfio_intx_enable().
Silently fails to convert hw/arm/armsse.c, because Coccinelle gets confused by ARMSSE being used both as typedef and function-like macro there. Converted manually.
Line breaks tidied up manually. One nested declaration of @local_err deleted manually. Preexisting unwanted blank line dropped in hw/riscv/sifive_e.c.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20200707160613.848843-35-armbru@redhat.com>
show more ...
|
51bd4581 | 22-Apr-2020 |
Markus Armbruster <armbru@redhat.com> |
qga: Fix qmp_guest_suspend_{disk, ram}() error handling
The Error ** argument must be NULL, &error_abort, &error_fatal, or a pointer to a variable containing NULL. Passing an argument of the latter
qga: Fix qmp_guest_suspend_{disk, ram}() error handling
The Error ** argument must be NULL, &error_abort, &error_fatal, or a pointer to a variable containing NULL. Passing an argument of the latter kind twice without clearing it in between is wrong: if the first call sets an error, it no longer points to NULL for the second
qmp_guest_suspend_disk() and qmp_guest_suspend_ram() pass @local_err first to check_suspend_mode(), then to acquire_privilege(), then to execute_async(). Continuing after errors here can only end in tears. For instance, we risk tripping error_setv()'s assertion.
Fixes: aa59637ea1c6a4c83430933f9c44c43e6c3f1b69 Fixes: f54603b6aa765514b2519e74114a2f417759d727 Cc: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20200422130719.28225-15-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
show more ...
|
4155c998 | 22-Apr-2020 |
Markus Armbruster <armbru@redhat.com> |
qga: Fix qmp_guest_get_memory_blocks() error handling
The Error ** argument must be NULL, &error_abort, &error_fatal, or a pointer to a variable containing NULL. Passing an argument of the latter k
qga: Fix qmp_guest_get_memory_blocks() error handling
The Error ** argument must be NULL, &error_abort, &error_fatal, or a pointer to a variable containing NULL. Passing an argument of the latter kind twice without clearing it in between is wrong: if the first call sets an error, it no longer points to NULL for the second call.
qmp_guest_get_memory_blocks() passes &local_err to transfer_memory_block() in a loop. If this fails in more than one iteration, it can trip error_setv()'s assertion.
Fix it to break the loop.
Cc: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20200422130719.28225-14-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
show more ...
|
1329651f | 14-Apr-2020 |
Philippe Mathieu-Daudé <philmd@redhat.com> |
qga: Restrict guest-file-read count to 48 MB to avoid crashes
On [*] Daniel Berrangé commented:
The QEMU guest agent protocol is not sensible way to access huge files inside the guest. It requi
qga: Restrict guest-file-read count to 48 MB to avoid crashes
On [*] Daniel Berrangé commented:
The QEMU guest agent protocol is not sensible way to access huge files inside the guest. It requires the inefficient process of reading the entire data into memory than duplicating it again in base64 format, and then copying it again in the JSON serializer / monitor code.
For arbitrary general purpose file access, especially for large files, use a real file transfer program or use a network block device, not the QEMU guest agent.
To avoid bug reports as BZ#1594054 (CVE-2018-12617), follow his suggestion to put a low, hard limit on "count" in the guest agent QAPI schema, and don't allow count to be larger than 48 MB.
[*] https://www.mail-archive.com/qemu-devel@nongnu.org/msg693176.html
Fixes: CVE-2018-12617 Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1594054 Reported-by: Fakhri Zulkifli <mohdfakhrizulkifli@gmail.com> Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> *update schema documentation to indicate 48MB limit instead of 10MB Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
show more ...
|
ead83a13 | 14-Apr-2020 |
Philippe Mathieu-Daudé <philmd@redhat.com> |
qga: Extract qmp_guest_file_read() to common commands.c
Extract the common code shared by both POSIX/Win32 implementations.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by:
qga: Extract qmp_guest_file_read() to common commands.c
Extract the common code shared by both POSIX/Win32 implementations.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
show more ...
|
5d3586b8 | 14-Apr-2020 |
Philippe Mathieu-Daudé <philmd@redhat.com> |
qga: Extract guest_file_handle_find() to commands-common.h
As we are going to reuse this method, declare it in common header.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by
qga: Extract guest_file_handle_find() to commands-common.h
As we are going to reuse this method, declare it in common header.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
show more ...
|
7b46aadb | 23-Mar-2020 |
Stefan Hajnoczi <stefanha@redhat.com> |
qemu-ga: document vsock-listen in the man page
Although qemu-ga has supported vsock since 2016 it was not documented on the man page.
Also add the socket address representation to the qga --help ou
qemu-ga: document vsock-listen in the man page
Although qemu-ga has supported vsock since 2016 it was not documented on the man page.
Also add the socket address representation to the qga --help output.
Fixes: 586ef5dee77180fc32e33bc08051600030630239 ("qga: add vsock-listen method") Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
show more ...
|
a23f38a7 | 20-Mar-2020 |
Eric Blake <eblake@redhat.com> |
qga: Fix undefined C behavior
The QAPI struct GuestFileWhence has a comment about how we are exploiting equivalent values between two different integer types shared in a union. But C says behavior i
qga: Fix undefined C behavior
The QAPI struct GuestFileWhence has a comment about how we are exploiting equivalent values between two different integer types shared in a union. But C says behavior is undefined on assignments to overlapping storage when the two types are not the same width, and indeed, 'int64_t value' and 'enum QGASeek name' are very likely to be different in width. Utilize a temporary variable to fix things.
Reported-by: Peter Maydell <peter.maydell@linaro.org> Fixes: 0b4b49387 Fixes: Coverity CID 1421990 Signed-off-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
show more ...
|
807e2b6f | 11-Mar-2020 |
Basil Salman <basil@daynix.com> |
qga-win: prevent crash when executing guest-file-read with large count
guest-file-read command is currently implemented to read from a file handle count number of bytes. when executed with a very la
qga-win: prevent crash when executing guest-file-read with large count
guest-file-read command is currently implemented to read from a file handle count number of bytes. when executed with a very large count number qemu-ga crashes. after some digging turns out that qemu-ga crashes after trying to allocate a buffer large enough to save the data read in it, the buffer was allocated using g_malloc0 which is not fail safe, and results a crash in case of failure. g_malloc0 was replaced with g_try_malloc0() which returns NULL on failure, A check was added for that case in order to prevent qemu-ga from crashing and to send a response to the qemu-ga client accordingly.
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1594054
Signed-off-by: Basil Salman <basil@daynix.com> Reported-by: Fakhri Zulkifli <mohdfakhrizulkifli@gmail.com> Cc: qemu-stable@nongnu.org Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
show more ...
|
b2413df8 | 11-Mar-2020 |
Sameeh Jubran <sjubran@redhat.com> |
qga-win: Handle VSS_E_PROVIDER_ALREADY_REGISTERED error
This patch handles the case where VSS Provider is already registered, where in such case qga uninstalls the provider and registers it again.
qga-win: Handle VSS_E_PROVIDER_ALREADY_REGISTERED error
This patch handles the case where VSS Provider is already registered, where in such case qga uninstalls the provider and registers it again.
Signed-off-by: Sameeh Jubran <sjubran@redhat.com> Signed-off-by: Basil Salman <basil@daynix.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
show more ...
|
d1eddab8 | 28-Feb-2020 |
Philippe Mathieu-Daudé <philmd@redhat.com> |
qga: Fix a memory leak
The string returned by g_win32_error_message() has to be deallocated with g_free().
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Philippe Mathi
qga: Fix a memory leak
The string returned by g_win32_error_message() has to be deallocated with g_free().
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200228100726.8414-5-philmd@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
show more ...
|
a7b6e896 | 13-Feb-2020 |
Peter Maydell <peter.maydell@linaro.org> |
qga/qapi-schema.json: minor format fixups for rST
We would like to switch the doc comments to rST format, and rST requires a blank line before the start of a bulleted or enumerated list. Two places
qga/qapi-schema.json: minor format fixups for rST
We would like to switch the doc comments to rST format, and rST requires a blank line before the start of a bulleted or enumerated list. Two places in qapi-schema.json were missing this blank line.
Some places were using an indented line as a sort of single-item bulleted list, which in the Texinfo output comes out all run onto a single line; use a real bulleted list instead.
Some places unnecessarily indented lists, which confuses rST.
guest-fstrim:minimum's documentation was indented the right amount to share a line with @minimum, but wasn't actually doing so.
The indent on the bulleted list in the guest-set-vcpus Returns section meant rST misindented it.
Changes to the generated Texinfo are very minor (the new bulleted lists, and a few extra blank lines).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20200213175647.17628-7-peter.maydell@linaro.org> [Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
show more ...
|
883aff68 | 13-Feb-2020 |
Peter Maydell <peter.maydell@linaro.org> |
qga/qapi-schema.json: Fix indent level on doc comments
The current doc generation doesn't care much about indentation levels, but we would like to switch to an rST format, and rST does care about in
qga/qapi-schema.json: Fix indent level on doc comments
The current doc generation doesn't care much about indentation levels, but we would like to switch to an rST format, and rST does care about indentation.
Make the doc comments more strongly consistent about indentation for multiline constructs like:
@arg: description line 1 description line 2
Returns: line one line 2
so that there is always exactly one space after the colon, and subsequent lines align with the first.
This commit is a purely whitespace change, and it does not alter the generated .texi files (because the texi generation code strips away all the extra whitespace). This does mean that we end up with some over-length lines.
Note that when the documentation for an argument fits on a single line like this:
@arg: one line only
then stray extra spaces after the ':' don't affect the rST output, so I have not attempted to methodically fix them, though the preference is a single space here too.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20200213175647.17628-6-peter.maydell@linaro.org> [Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
show more ...
|