Due converting PIO to the new memory read/write api we no longer provide
separate I/O region lenghts for read and write operations. As a result,
reading from PIT Mode/Command register will end with accessing
pit->channels with invalid index.
Fix this by ignoring read from the Mode/Command register.
This is CVE-2015-3214.
Reported-by: Matt Tait <matttait@google.com>
Fixes: 0505bcdec8
Cc: qemu-stable@nongnu.org
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
New options were added to enable Windows MSI installation package
creation:
Option --enable-guest-agent-msi, like the name suggests, enables building
Windows MSI package for QEMU guest agent; option --disable-guest-agent-msi
disables MSI package creation; by default, no MSI package is created
Signed-off-by: Yossi Hindin <yhindin@redhat.com>
Message-Id: <1430913460-13174-5-git-send-email-yhindin@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The script enables building Windows MSI installation package on Linux with wixl tool.
Signed-off-by: Yossi Hindin <yhindin@redhat.com>
Message-Id: <1430913460-13174-4-git-send-email-yhindin@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Existing command line options include '-s install' and '-s uninstall'.
These options install/uninstall both Windows QEMU GA service
and optional VSS COM server. The QEMU GA Windows service allows
always-on serving guest agent's QMP commands and VSS COM server
enables guest agent integration with Volume Shadow Service.
This commit introdices new options '-s vss-install' and '-s vss-uninstall',
affecting only GA VSS COM server registration. The new options are useful
for registering and unregistering the COM server during MSI installation,
upgrade and uninstallation.
Signed-off-by: Yossi Hindin <yhindin@redhat.com>
Message-Id: <1430913460-13174-2-git-send-email-yhindin@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
qemu-log defaults to stderr when there is no '-D' option mentioned on command
line. When '-D' option is specified, we also need to specify '-d' option for it
to use the specified logfile. When using monitor to enable logging this is
troublesome since there will be no '-d' option because of which monitor dumps
the logs to stderr.
Fix this by opening the log file when '-D' is specified on the command line.
Also fix an ancient comment which does not hold true since changing location and
log level has now been streamlined.
Signed-off-by: Pranith Kumar <bobby.prani@gmail.com>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Luiz Capitulino <lcapitulino@redhat.com>
CC: Markus Armbruster <armbru@redhat.com>
CC: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <1433946024-18439-1-git-send-email-bobby.prani@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This is a special one. Two awesome features in one pull request:
- CCW support for TCG
- Watchpoint support for TCG
To celebrate this, we also switch the default machine model from s390-virtio
to s390-ccw and give users a fully working s390x model again!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
iQIcBAABAgAGBQJVgU8SAAoJECszeR4D/txgtzEP/R48c1FBYVPf2hg1DnGtDV7N
YEsymqymRXXi2Esdnfj+5Hs97BLKis0Fr0AX15tp5uhK15lntgLLqfZeGjguX3pD
5dSn9uJeRpzkf05eCnJo7/nV5w5iWgJhKNt2lyt7+mQWUdrdYQ6XzfLbBUhHkFJp
ev4SU7LilcL4sNAM8pQKQBLOT3djdy2KAwE4PdeqZxSngkRcePWDMBt4axyGX9t5
esKpWS3tQ9b9AgTkGB/XHtPIimQDpbsvi/MGI6A57Xd13hLn4NDKjjfFHhx/RMyW
UVeJl9+ndlp1DdsIRKaUOWGBaWKZB/sxCk6rt1W46WyQ8JoHWni2b2pfjn2k5NTk
xmGpUk91GlV56OUd5K+9W6wwdkOjpf8Ps79+s6z+w5yz5NJ2L+vLwUZjs13UDMYs
UZbHDCOI9wCZ2G8jwRBOkEyaXgRMAbBLefeBfr+Zlbnx/U/rBhioUFtmody9F0er
MfQjSYeDoC3I4v0KdS15li+ndpyCE5CwYUMBEajsoC5A5l6N/zK+y9ZY1NfPKKJi
kkvtbHaFtlz/UluOSgA8EN62AAu/nFAfJcZkG20qfumg0oIIs3kX/BsDvwKSoeSU
D6cpaw+q65/a2M5wsPnXJojXP6zZyC9Oxnv41l6c8vFqWt6vjfcESCZ6/QzFv16T
jCzNsC4T+tOSf+nHqyns
=PPD5
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/agraf/tags/signed-s390-for-upstream' into staging
Patch queue for s390 - 2015-06-17
This is a special one. Two awesome features in one pull request:
- CCW support for TCG
- Watchpoint support for TCG
To celebrate this, we also switch the default machine model from s390-virtio
to s390-ccw and give users a fully working s390x model again!
# gpg: Signature made Wed Jun 17 11:42:26 2015 BST using RSA key ID 03FEDC60
# gpg: Good signature from "Alexander Graf <agraf@suse.de>"
# gpg: aka "Alexander Graf <alex@csgraf.de>"
* remotes/agraf/tags/signed-s390-for-upstream: (26 commits)
s390x: Switch to s390-ccw machine as default
target-s390x: PER: add Breaking-Event-Address register
target-s390x: PER instruction-fetch nullification event support
target-s390x: PER store-using-real-address event support
target-s390x: PER storage-alteration event support
translate-all: fix watchpoints if retranslation not possible
target-s390x: PER instruction-fetch event support
target-s390x: PER successful-branching event support
target-s390x: basic PER event handling
target-s390x: add get_per_in_range function
target-s390x: add get_per_atmid function
target-s390x: add PER related constants
target-s390x: mvc_fast_memmove: access memory through softmmu
target-s390x: mvc_fast_memset: access memory through softmmu
target-s390x: function to adjust the length wrt page boundary
softmmu: provide tlb_vaddr_to_host function for user mode
target-s390x: wire up I/O instructions in TCG mode
target-s390x: wire up DIAG REIPL in TCG mode
target-s390x: wire up DIAG IPL in TCG mode
target-s390x: fix s390_cpu_initial_reset
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We now finally have TCG support for the basic set of instructions necessary
to run the s390-ccw machine. That means in any aspect possible that machine
type is now superior to the legacy s390-virtio machine.
Switch over to the ccw machine as default. That way people don't get a halfway
broken machine with the s390x target.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
This patch adds support for PER Breaking-Event-Address register. Like
real hardware, it save the current PSW address when the PSW address is
changed by an instruction. We have to take care of optimizations QEMU
does, a branch to the next instruction is still a branch.
This register is copied to low core memory when a program exception
happens.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
For the instruction-fetch nullification event, we just reuse the
existing instruction-fetch code and trigger the exception immediately
in that case.
There is no need to save the CPU state in the TCG code as it has been
saved by the previous instruction before calling the per_check_exception
helper.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
This PER event happens each time the STURA or STURG instructions are
used. As they use helpers, we can just save the event in the PER code
there, if enabled.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
For the PER storage-alteration event we can use the QEMU watchpoint
infrastructure. When PER is enabled or PER control register changed we
enable the corresponding watchpoints. When a watchpoint arises we can
save the event. Unfortunately the current code does not provide the
address space used to trigger the watchpoint. For now we assume it comes
from the default ASC.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
The tb_check_watchpoint function currently assumes that all memory
access is done either directly through the TCG code or through an
helper which knows its return address. This is obviously wrong as the
helpers use cpu_ldxx/stxx_data functions to access the memory.
Instead of aborting in that case, don't try to retranslate the code, but
assume that the CPU state (and especially the program counter) has been
saved before calling the helper. Then invalidate the TB based on this
address.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
For the PER instruction-fetch, we can't use the QEMU breakpoint
infrastructure as it triggers for a single address and not a full
address range, and as it actually stop before the instruction and
not before.
We therefore call an helper with the just fetched instruction address,
which check if the address is within the PER address range. If it is
the case, an event is recorded and will be signaled through an
exception.
Note that we implement here the PER-3 behaviour, that is an invalid
opcode is not considered as an instruction fetch. Without PER-3 this
behavious is undefined.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
For the PER successful-branching event support, we can't rely on any
QEMU infrastucture. We therefore call an helper in all places where
a branch can be taken. We have to pay attention to the branch to next
case, as it's still a taken branch.
We don't need to care about the cases using goto_tb, as we have disabled
them in the previous patch.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch add basic support to generate PER exceptions. It adds two
fields to the cpu structure to record for the PER address and PER
code & ATMID values. When an exception is triggered and a PER event is
pending, the two PER values are copied to the lowcore area.
At the end of an instruction, an helper is checking for a possible
pending PER event and triggers an exception in that case. For that to
work with branches, we need to disable TB chaining when PER is
activated. Fortunately it's already in the TB flags.
Finally in case of a SERVICE CALL exception, we need to trigger the PER
exception immediately after.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
This function checks if an address is in between the PER starting
address and the PER ending address, taking care of a possible
address range loop.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
This function returns the ATMID field that is stored in the
per_perc_atmid lowcore entry.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
mvc_fast_memmove is bypassing the softmmu functions, getting the
physical source and destination addresses using the mmu_translate
function and accessing the corresponding physical memory. This
prevents watchpoints to work correctly.
Instead use the tlb_vaddr_to_host function to get the host addresses
corresponding to the guest source and destination addresses through the
softmmu code and fallback to the byte level code in case the
corresponding address are not in the QEMU TLB or being examined through
a watchpoint. As a bonus it works even for area crossing pages by
splitting the are into chunks contained in a single page, bringing some
performances improvements. We can therefore remove the 8-byte
loads/stores method, as it is now quite unlikely to be used.
At the same time change the name of the function to fast_memmove as it's
not specific to mvc and use the same argument order as the C memmove
function.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
mvc_fast_memset is bypassing the softmmu functions, getting the
physical address using the mmu_translate function and accessing the
corresponding physical memory. This prevents watchpoints to work
correctly.
Instead use the tlb_vaddr_to_host function to get the host address
corresponding to the guest address through the softmmu code and fallback
to the byte level code in case the corresponding address is not in the
QEMU TLB or being examined through a watchpoint. As a bonus it works
even for area crossing pages by splitting the are into chunks contained
in a single page, bringing some performances improvements.
At the same time change the name of the function to fast_memset as it's
not specific to mvc and use the same argument order as the C memset
function.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch adds a function to adjust the length of a transfer so that
it doesn't cross a page boundary in softmmu mode. It does nothing in
user mode.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
To avoid to many #ifdef in target code, provide a tlb_vaddr_to_host for
both user and softmmu modes. In the first case the function always
succeed and just call the g2h function.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
The code handling the I/O instructions for KVM decodes the instruction
itself. In TCG mode also pass the full instruction word to the helpers.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
DIAG IPL is already implemented for KVM, but not wired from TCG. For
that change the format of the instruction so that we can get R1 and R3
numbers in addition to the function code.
The diag function can change plenty of things, including CC, so we
should enter with a static CC. Also it doesn't set the value of general
register 2 to 0 as in the current code. We also need to exit the CPU
loop after a reset, which means a new PSW.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
The s390_cpu_initial_reset function zeroes a big part of the CPU state
structure, including CPU_COMMON, and thus the QEMU TLB structure. As
they should not be initialized with zeroes only, we need to call the
tlb_flush to initialize it correctly.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
env->io_index[] should be set to -1 during CPU reset to mark the
I/O interrupt queue as empty.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
env->ext_index should be initialized to -1 to mark the external
interrupt queue as emtpy. This should not be done in s390_cpu_initfn
as all the interrupt fields are later reset to 0 by the memset in
s390_cpu_initial_reset or s390_cpu_full_reset. Move the initialization
there.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
In TCG mode we should store the CC value in env->cc_op. However do it
inconditionnaly because:
- the tcg_enabled function is not inlined
- it's probably faster to always store the value, especially given it
is likely in the same cache line than env->psw.mask.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
This remove the corresponding error messages in TCG mode, and allow to
simplify the s390_assign_subch_ioeventfd() function.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
The ioinst_schib_valid gets a SCHIB in guest endianness, we should
byteswap the fields we access.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
The I/O-Interruption Subclass field corresponds to bits 2 to 5 (BE
notation) of the Interruption-Identification Word. The value should
be shift by 27 instead of 24.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
* Fix for virtfs-proxy-helper crash
* Gracefully handle the error condition on input validation in virtfs-proxy-helper
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJVgD74AAoJEN5BpP4ExOI6TRgP/iIqwdimXCBlR2tbU1tr7WMp
uThQ77HQ0C1zfn6Zkl1Kq7+U6XtVnYedY/EeXpDQEnT2wxl5s7yKca01VUrcAwEM
W1/WDRYauqoRVcJW0IzJHgCb/fGvdroJSX+YY3+ITgVtbE3yfPsGEBYKG8oW4znF
xzkO1yemzd2qmBKruILyQrKYlByFZdxjtvuRGQcfXIm9JJ68Rb6H73BbwDW5Rdy2
IzYqisnjgjF/6t3KYSURc19+vyJIQTeZZdCkG9yJCxo1OrfiEVmeePfcxPv08BBs
3/bNYAoQHs+S1Fb3fLOSEulex7oqmDJ/exLfaUrnWIwErcWPgWEz2xlxD1rs8Hq5
fY4As02r9t0aJTFc5kbWxYEpFeQ4fVbN1zNRKPMPnpi0bjPy5m2czp2XYB4J6Toc
iaTFFvycZPhI533/0Is6joO8uDLfREWgsxCnYOIS3YIcliiHKn4H616PoiHrmKZP
QzmQ7Dd43QgDAo0mhZXz32itHALPodKv1v7RsDvzlUkXqZEr2RFjrOmlzYKwqMrT
PLXaWRsgV6sOXEOWN15AJYBzAkXW6mvBLCjRIcxEbgK90Z9dbNMK4cvHeAS2vatZ
tdjC6nxj3upzK83aI9yy59AramuQHS/z+NDPaD55j1oosQJwJ9PBuNUHeyJuwZzp
oNcqDzt9GLnKxGCUtTzU
=S8oz
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/kvaneesh/tags/for-upstream-signed' into staging
VirtFS update:
* Fix for virtfs-proxy-helper crash
* Gracefully handle the error condition on input validation in virtfs-proxy-helper
# gpg: Signature made Tue Jun 16 16:21:28 2015 BST using RSA key ID 04C4E23A
# gpg: Good signature from "Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4846 9DE7 1860 360F A6E9 968C DE41 A4FE 04C4 E23A
* remotes/kvaneesh/tags/for-upstream-signed:
virtfs-proxy-helper: fail gracefully if socket path is too long
virtfs-proxy-helper: add missing long option terminator
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
git shortlog rel-1.8.1..rel-1.8.2
=================================
Gerd Hoffmann (1):
vga: rework virtio-vga support
Kevin O'Connor (5):
vgabios: Add config option for assembler fixups
vgabios: Emulate "leal" instruction
build: Support "make VERSION=xyz" to override the default build version
build: CONFIG_VGA_FIXUP_ASM should depend on CONFIG_BUILD_VGABIOS
vgabios: On bda_save_restore() the saved vbe_mode also has flags in it
Paolo Bonzini (1):
smm: ignore bits 16,18-31 of SMM revision ID
Vladimir Serbinenko (1):
ahci: Ignore max_ports.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Replace the assertion check with graceful failure when the socket path
is too long. Programs should not crash on invalid input. Print an
error message and exit properly.
Cc: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
The getopt_long(3) long options array must have a zeroed terminator.
This patch solves a segmentation fault when an unknown command-line
option is encountered:
$ fsdev/virtfs-proxy-helper --help
Segmentation fault (core dumped)
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
second spin with ioctl patch refreshed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAVX/KMrRIkN7ePJvAAQg02g/+Ny0e+7sZd1ALgLcbxnP8qUgAYKIR0xbl
4iwfJjO8YWeD2x6EkEcb62nPD+ozL6of7DcuoYMeo6BFgZkxkUsGwO+W5N81AJJF
pF9eH/DQwQa6kOUbB2aUIdxR/q1pJ62UKEK8jqfqAtGkSL7r1a4cOQgW8gOPIorv
+lKbN+NYjZM/Ub11wYiqW579d3vfsFqrFeLjDqLv5qRyIY+O/Jr8LgqokAurJH05
WcRuw2mtLWEQZESNdMox2G3UQ6dqZUk6j/ipIVduzfHkmZZqAUrJeKHV2ZTu9rWs
7+Daihremp46ZLGGMgarG6/arDrqplmkWOshT60bm9J6SDiE20QyWJ6YymukGUre
rGbyk9RFBvamzMLns4jdVduFMOFWzgedVSA0cbo/VvuZriRxkzq8fW0o6I72Vlpf
OoEoY+t1M2CJOnOvjuU3z2iu0AwizJ9Xz18pOVHCovSPTWMmItfOt9CVexJIvLKH
DwqsaoaEdao5r5SoxBOM+l0vrh4QK6vLldBQaF46OhEyH3xySMD80cEsSM9lJWQg
lcGFmyQloc57TF0bLeJ5vxBwFBNRUYaKK698PJCG4wqhF+X0DxbFnY5q1QpfUZWv
tlabnqGt9sadYbjJmEHlc9dhXzXa76fvRgIhjlK014g9jL3KAnVWA2q4w2nQOGk0
Yws7IBXoynA=
=tTJW
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/riku/tags/pull-linux-user-20150616' into staging
linux-user patches for 2.4 softfreeze
second spin with ioctl patch refreshed
# gpg: Signature made Tue Jun 16 08:03:14 2015 BST using RSA key ID DE3C9BC0
# gpg: Good signature from "Riku Voipio <riku.voipio@iki.fi>"
# gpg: aka "Riku Voipio <riku.voipio@linaro.org>"
* remotes/riku/tags/pull-linux-user-20150616:
linux-user: ioctl() command type is int
linux-user: fix the breakpoint inheritance in spawned threads
linux-user: use __get_user and __put_user in cmsg conversions
linux-user: Fix length handling in host_to_target_cmsg
linux-user: Use abi_ulong for TARGET_ELF_PAGESTART
linux-user: Allocate thunk size dynamically
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
When executing a 64bit target chroot on 64bit host,
the ioctl() command can mismatch.
It seems the previous commit doesn't solve the problem in
my case:
9c6bf9c7 linux-user: Fix ioctl cmd type mismatch on 64-bit targets
For example, a ppc64 chroot on an x86_64 host:
bash-4.3# ls
Unsupported ioctl: cmd=0x80087467
Unsupported ioctl: cmd=0x802c7415
The origin of the problem is in syscall.c:do_ioctl().
static abi_long do_ioctl(int fd, abi_long cmd, abi_long arg)
In this case (ppc64) abi_long is long (on the x86_64), and
cmd = 0x0000000080087467
then
if (ie->target_cmd == cmd)
target_cmd is int, so target_cmd = 0x80087467
and to compare an int with a long, the sign is extended to 64bit,
so the comparison is:
if (0xffffffff80087467 == 0x0000000080087467)
which doesn't match whereas it should.
This patch uses int in the case of the target command type
instead of abi_long.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
When a thread is spawned, cpu_copy re-initializes
the bp & wp lists of current thread, instead of the ones
of the new thread.
The effect is that breakpoints are no longer hit.
Signed-off-by: Thierry Bultel <thierry.bultel@basystemes.fr>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
The target payloads in cmsg conversions may not have the alignment
required by the host. Using the get_user and put_user functions is
the easiest way to handle this and also do the byte-swapping we
require.
(Note that prior to this commit target_to_host_cmsg was incorrectly
using __put_user() rather than __get_user() for the SCM_CREDENTIALS
conversion, which meant it wasn't getting the benefit of the
misalignment handling.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
The previous code for handling payload length when converting
cmsg structures from host to target had a number of problems:
* we required the msg->msg_controllen to declare the buffer
to have enough space for final trailing padding (we were
checking against CMSG_SPACE), whereas the kernel does not
require this, and common userspace code assumes this. (In
particular, glibc's "try to talk to nscd" code that it will
run on startup will receive a cmsg with a 4 byte payload and
only allocate 4 bytes for it, which was causing us to do
the wrong thing on architectures that need 8-alignment.)
* we weren't correctly handling the fact that the SO_TIMESTAMP
payload may be larger for the target than the host
* we weren't marking the messages with MSG_CTRUNC when we did
need to truncate a message that wasn't truncated by the host,
but were instead logging a QEMU message; since truncation is
always the result of a guest giving us an insufficiently
sized buffer, we should report it to the guest as the kernel
does and don't log anything
Rewrite the parts of the function that deal with length to
fix these issues, and add a comment in target_to_host_cmsg
to explain why the overflow logging it does is a QEMU bug,
not a guest issue.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>