If the value of get_image_size() exceeds INT_MAX / 2 - 10000, the
computation of @dt_size overflows to a negative number, which then
gets converted to a very large size_t for g_malloc0() and
load_image_size(). In the (fortunately improbable) case g_malloc0()
succeeds and load_image_size() survives, we'd assign the negative
number to *sizep. What that would do to the callers I can't say, but
it's unlikely to be good.
Fix by rejecting images whose size would overflow.
Reported-by: Kurtis Miller <kurtis.miller@nccgroup.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20190409174018.25798-1-armbru@redhat.com>
The load_image() function is deprecated, as it does not let the
caller specify how large the buffer to read the file into is.
Instead use load_image_size().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20181130151712.2312-9-peter.maydell@linaro.org
This helper allows to retrieve the paths of nodes whose name
match node-name or node-name@unit-address patterns.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-id: 1530044492-24921-2-git-send-email-eric.auger@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Use error_report() + exit() instead of error_setg(&error_fatal),
as suggested by the "qapi/error.h" documentation:
Please don't error_setg(&error_fatal, ...), use error_report() and
exit(), because that's more obvious.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-id: 20180625165749.3910-4-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
It is not uncommon for a contemporary FDT to be larger than 64 KiB,
leading to failures loading the device tree from sysfs:
qemu-system-aarch64: qemu_fdt_setprop: Couldn't set ...: FDT_ERR_NOSPACE
Hence increase the limit to 1 MiB, like on PPC.
For reference, the largest arm64 DTB created from the Linux sources is
ca. 75 KiB large (100 KiB when built with symbols/fixup support).
Cc: qemu-stable@nongnu.org
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Message-id: 1523541337-23919-1-git-send-email-geert+renesas@glider.be
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
qemu-common.h includes qemu/option.h, but most places that include the
former don't actually need the latter. Drop the include, and add it
to the places that actually need it.
While there, drop superfluous includes of both headers, and
separate #include from file comment with a blank line.
This cleanup makes the number of objects depending on qemu/option.h
drop from 4545 (out of 4743) to 284 in my "build everything" tree.
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180201111846.21846-20-armbru@redhat.com>
[Semantic conflict with commit bdd6a90a9e in block/nvme.c resolved]
Move it to the actual users. There are still a few includes of
qemu/bswap.h in headers; removing them is left for future work.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit 57cb38b included qapi/error.h into qemu/osdep.h to get the
Error typedef. Since then, we've moved to include qemu/osdep.h
everywhere. Its file comment explains: "To avoid getting into
possible circular include dependencies, this file should not include
any other QEMU headers, with the exceptions of config-host.h,
compiler.h, os-posix.h and os-win32.h, all of which are doing a
similar job to this file and are under similar constraints."
qapi/error.h doesn't do a similar job, and it doesn't adhere to
similar constraints: it includes qapi-types.h. That's in excess of
100KiB of crap most .c files don't actually need.
Add the typedef to qemu/typedefs.h, and include that instead of
qapi/error.h. Include qapi/error.h in .c files that need it and don't
get it now. Include qapi-types.h in qom/object.h for uint16List.
Update scripts/clean-includes accordingly. Update it further to match
reality: replace config.h by config-target.h, add sysemu/os-posix.h,
sysemu/os-win32.h. Update the list of includes in the qemu/osdep.h
comment quoted above similarly.
This reduces the number of objects depending on qapi/error.h from "all
of them" to less than a third. Unfortunately, the number depending on
qapi-types.h shrinks only a little. More work is needed for that one.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
[Fix compilation without the spice devel packages. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch aligns the prototype with qemu_fdt_getprop. The caller
can choose whether the function self-asserts on error (passing
&error_fatal as Error ** argument, corresponding to the legacy behavior),
or behaves differently such as simply output a message.
In this later case the caller can use the new lenp parameter to interpret
the error if any.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Current qemu_fdt_getprop exits if the property is not found. It is
sometimes needed to read an optional property, in which case we do
not wish to exit but simply returns a null value.
This patch converts qemu_fdt_getprop to accept an Error **, and existing
users are converted to pass &error_fatal. This preserves the existing
behaviour. Then to use the API with your optional semantic a null
parameter can be conveyed.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
This new helper routine returns a NULL terminated array of
node paths matching a node name and a compat string.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
This function returns the host device tree blob from sysfs
(/proc/device-tree). It uses a recursive function inspired
from dtc read_fstree.
Signed-off-by: Eric Auger <eric.auger@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.
This commit was created with scripts/clean-includes.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1454089805-5470-16-git-send-email-peter.maydell@linaro.org
There is no reason for device tree API to be built per-target.
common-obj it. There is an extraneous inclusion of config.h that
needs to be removed.
Cc: Alexander Graf <agraf@suse.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit e79d5a6 ("machine: remove qemu_machine_opts global list") removed
the global option descriptions and moved them to MachineState's QOM
properties.
Query phandle-start by accessing machine properties through designated
wrappers.
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Li Liu <john.liuli@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Looking at the implementation, this doesn't really have a lot to do
with arrays. Its just a pointer to a buffer and is passed through
to the wrapped fn (qemu_fdt_setprop) unchanged. So rename to make it
consistent with libfdt, which in the wrapped function just calls it
"val".
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
The qemu_devtree API is a wrapper around the fdt_ set of APIs.
Rename accordingly.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
[agraf: also convert hw/arm/virt.c]
Signed-off-by: Alexander Graf <agraf@suse.de>
Device trees created with create_device_tree() may not have any
entries in their reservemap, because the FDT API requires that the
reservemap is completed before any FDT nodes are added, and
create_device_tree() itself creates a node. However we were not
calling fdt_finish_reservemap(), which meant that there was no
terminator in the reservemap list and whatever happened to be at the
start of the FDT data section would end up being interpreted as
reservemap entries. Avoid this by calling fdt_finish_reservemap()
to add the terminator.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1385140638-10444-3-git-send-email-peter.maydell@linaro.org
We already have a qemu_devtree_setprop_cells() which sets a dtb
property to an array of cells whose values are specified by varargs.
However for the fairly common case of setting a property to a list
of addresses or of address,size pairs the number of cells used by
each element in the list depends on the parent's #address-cells
and #size-cells properties. To make this easier we provide an analogous
qemu_devtree_setprop_sized_cells() macro which allows the number
of cells used by each element to be specified. This is implemented
using an underlying qemu_devtree_setprop_sized_cells_from_array()
function which takes the values and sizes as an array; this may
also be directly useful for cases where the cell contents are
constructed programmatically.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-id: 1373977512-28932-2-git-send-email-peter.maydell@linaro.org
Make it QEMU_OPT_NUMBER, so it gets parsed by generic code, which
actually bothers to check for errors, rather than its user, which
doesn't.
Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Alexander Graf <agraf@suse.de>
Message-id: 1372943363-24081-8-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The previous two commits fixed bugs in -machine option queries. I
can't find fault with the remaining queries, but let's use
qemu_get_machine_opts() everywhere, for consistency, simplicity and
robustness.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1372943363-24081-7-git-send-email-armbru@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Fix this cppcheck warning:
Checking device_tree.c...
device_tree.c:216: style:
Checking if unsigned variable 'r' is less than zero.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
As per Peter's suggestion, we can use glib to write out a buffer in whole to
a file, simplifying the code dramatically.
Signed-off-by: Alexander Graf <agraf@suse.de>
Add support for reading device tree properties (both generic
and single-cell ones) to QEMU's convenience wrapper layer.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Whatever we pass in to qemu_devtree_setprop to put into the device tree
will not get modified by that function, so it can easily be declared const.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
If anyone outside of QEMU wants to mess with a QEMU generated device tree,
he needs to know which range phandles are valid in. So let's expose a
machine option that an external program can use to set the start allocate
id for phandles in QEMU.
Signed-off-by: Alexander Graf <agraf@suse.de>
This reverts commit "dt: temporarily disable subtree creation
failure check" which was meant as a temporary solution to keep
external and dynamic device tree construction intact.
Now that we switched to fully dynamic dt construction, it's no
longer necessary.
Signed-off-by: Alexander Graf <agraf@suse.de>
Some times in the device tree, we find an array of 2 u32 cells that
really are a single u64 value. This patch adds a helper to make the
creation of these easy.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Phandle references work by having 2 pieces:
- a "phandle" 1-cell property in the device tree node
- a reference to the same value in a property we want to point
to the other node
To generate the 1-cell property, we need an allocation mechanism that
gives us a unique number space. This patch adds an allocator for these
properties.
Signed-off-by: Alexander Graf <agraf@suse.de>
We want to get rid of the concept of loading an external device tree and instead
generate our own. However, to do this we need to also create a device tree
template programatically.
This patch adds a helper to create an empty device tree in memory.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
This patch adds a helper to search for a node's phandle by its path. This
is especially useful when the phandle is part of an array, not just a single
cell in which case qemu_devtree_setprop_phandle would be the easy choice.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Usually we want to know when creating a subtree fails. However, while
introducing this patch set we have to modify the device tree and some
times have the code to create a subtree in both the binary tree and
the dynamically created tree.
So ignore failures about this for now and enable them once we got rid
of the binary device tree.
Signed-off-by: Alexander Graf <agraf@suse.de>
Phandles are the fancy device tree name for "pointer to another node".
To create a phandle property, we most likely want to reference to the
node we're pointing to by its path. So create a helper that allows
us to do so.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
Our subnode creation helper can't handle creation of root subnodes,
like "/memory". Fix this by allowing the parent node to be an empty
string, indicating the root node.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@petalogix.com>
We currently load a device tree blob and then just take its size x2 to
account for modifications we do inside. While this is nice and great,
it fails when we have a small device tree as blob and lots of nodes added
in machine init code.
So for now, just make it 20k bigger than it was before. We maybe want to
be more clever about this later.
Signed-off-by: Alexander Graf <agraf@suse.de>
When we screw up and issue an FDT command that doesn't work, we really need to
know immediately and usually can't continue to create the machine. To make sure
we don't need to add error checking in all device tree modification code users,
we can just add the fail checks to the qemu abstract functions.
Signed-off-by: Alexander Graf <agraf@suse.de>
We want to be able to create subnodes in our device tree, so export it through
the qemu device tree abstraction framework.
Signed-off-by: Alexander Graf <agraf@suse.de>
We have a qemu internal abstraction layer on FDT. While I'm not fully convinced
we need it at all, it's missing the nop_node functionality that we now need
on e500. So let's add it and think about the general future of that API later.
Signed-off-by: Alexander Graf <agraf@suse.de>
Currently qemu_devtree_setprop() expects the new property value to be
given as a uint32_t *. While property values consisting of u32s are
common, in general they can have any bytestring value.
Therefore, this patch alters the function to take a void * instead,
allowing callers to easily give anything as the property value.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>