Commit Graph

40 Commits

Author SHA1 Message Date
Paolo Bonzini
bd83b36205 qiov: prevent double free or use-after-free
qemu_iovec_destroy does not clear the QEMUIOVector fully, and the data
could thus be used after free or freed again.  While I do not know any
example in the tree, I observed this using virtio-scsi (and SCSI
scatter/gather) when canceling DMA requests.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-12-15 12:40:33 +01:00
Markus Armbruster
eba90e4efc cutils: Make strtosz & friends leave follow set to callers
strtosz() & friends require the size to be at the end of the string,
or be followed by whitespace or ','.  I find this surprising, because
the name suggests it works like strtol().

The check simplifies callers that accept exactly that follow set
slightly.  No such callers exist.

The check is redundant for callers that accept a smaller follow set,
and thus need to check themselves anyway.  Right now, this is the case
for all but one caller.  All of them neglected to check, or checked
incorrectly, but the previous few commits fixed them up.

Finally, the check is problematic for callers that accept a larger
follow set.  This is the case in monitor_parse_command().
Fortunately, the problems there are relatively harmless.

monitor_parse_command() uses strtosz() for argument type 'o'.  When
the last argument is of type 'o', a trailing ',' is diagnosed
differently than other trailing junk:

    (qemu) migrate_set_speed 1x
    invalid size
    (qemu) migrate_set_speed 1,
    migrate_set_speed: extraneous characters at the end of line

A related inconsistency exists with non-last arguments.  No such
command exists, but let's use memsave to explore the inconsistency.

The monitor permits, but does not require whitespace between
arguments.  For instance, "memsave (1-1)1024foo" is parsed as command
memsave with three arguments 0, 1024 and "foo".  Yes, this is daft,
but at least it's consistently daft.

If I change memsave's second argument from 'i' to 'o', then "memsave
(1-1)1foo" is rejected, because the size is followed by an 'f'.  But
"memsave (1-1)1," is still accepted, and duly saves to file ",".

We don't have any users of strtosz that profit from the check.  In the
users we have, it appears to encourage sloppy error checking, or gets
in the way.  Drop the bothersome check.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-28 16:20:52 -06:00
Markus Armbruster
8dddfb5531 cutils: Drop broken support for zero strtosz default_suffix
Commit 9f9b17a4's strtosz() defaults a missing suffix to 'M', except
it rejects fractions then (switch case 0).

When commit d8427002 introduced strtosz_suffix(), that changed:
fractions are no longer rejected, because we go to switch case 'M' on
missing suffix now.  Not mentioned in commit message, probably
unintentional.  Not worth changing back now.

Because case 0 is still around, you can get the old behavior by
passing a zero default_suffix to strtosz_suffix() or
strtosz_suffix_unit().  Undocumented and not used.  Drop.

Commit d8427002 also neglected to update the function comment.  Fix it
up.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-28 16:20:52 -06:00
Stefan Berger
443916d1d9 Move filedescriptor parsing code from net.c into qemu_parse_fd()
Move the parsing of a filedescriptor into a common function
qemu_parse_fd() so others can use it as well. Have net.c call this
function.

v2:
 - moving qemu_parse_fd into cutils.c

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-01 16:52:08 -05:00
Jan Kiszka
fdc9c41a5a Fix up some style nits of last uq/master merge
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-08-25 09:21:35 +01:00
Anthony Liguori
7267c0947d Use glib memory allocation and free functions
qemu_malloc/qemu_free no longer exist after this commit.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-20 23:01:08 -05:00
Joerg Roedel
a732e1baa8 qemu: Add strtosz_suffix_unit function
This function does the same as the strtosz_suffix function
except that it allows to specify the unit to which the
k/M/B/T suffixes apply. This function will be used later to
parse the tsc-frequency from the command-line.

Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2011-08-05 12:04:27 -03:00
Chunqiang Tang
e0d9c6f937 QCOW2: bug fix - read base image beyond its size
This patch fixes the following bug in QCOW2. For a QCOW2 image that is larger
than its base image, when handling a read request straddling over the end of the
base image, the QCOW2 driver attempts to read beyond the end of the base image
and the request would fail.

This bug was found by Fast Virtual Disk (FVD)'s fully automated testing tool.
The following test triggered the bug.

dd if=/dev/zero of=/var/ramdisk/truth.raw count=0 bs=1 seek=1098561536
dd if=/dev/zero of=/var/ramdisk/zero-500M.raw count=0 bs=1 seek=593099264
./qemu-img create -f qcow2 -ocluster_size=65536,backing_fmt=blksim -b /var/ramdisk/zero-500M.raw /var/ramdisk/test.qcow2 1098561536
./qemu-io --auto --seed=30477694 --truth=/var/ramdisk/truth.raw --format=qcow2 --test=blksim:/var/ramdisk/test.qcow2 --verify_write=true --compare_before=false --compare_after=true --round=100000 --parallel=100 --io_size=10485760 --fail_prob=0 --cancel_prob=0 --instant_qemubh=true

Signed-off-by: Chunqiang Tang <ctang@us.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-02-10 13:23:44 +01:00
Jes Sorensen
2be22ca5a8 strtosz(): Use suffix macros in switch() statement
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-31 10:03:00 +01:00
Jes Sorensen
7eb053494c strtosz(): Fix name confusion in use of modf()
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-31 10:03:00 +01:00
Jes Sorensen
a2afc2c163 strtosz() use qemu_toupper() to simplify switch statement
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-31 10:03:00 +01:00
Jes Sorensen
f3bd362a18 strtosz(): use unsigned char and switch to qemu_isspace()
isspace() behavior is undefined for signed char.

Bug pointed out by Eric Blake, thanks!

Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-31 10:02:59 +01:00
Jes Sorensen
70b4f4bb05 Make strtosz() return int64_t instead of ssize_t
strtosz() needs to return a 64 bit type even on 32 bit
architectures. Otherwise qemu-img will fail to create disk
images >= 2GB

Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24 11:08:50 +01:00
Jes Sorensen
d8427002dc Introduce strtosz_suffix()
This introduces strtosz_suffix() which allows the caller to specify a
default suffix in case the non default of MB is wanted.

strtosz() is kept as a wrapper for strtosz_suffix() which keeps it's
current default of MB.

Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17 16:10:59 +01:00
Jes Sorensen
9f9b17a4f0 Introduce strtosz() library function to convert a string to a byte count.
strtosz() returns -1 on error. It now supports human unit formats in
eg. 1.0G, with better error handling.

The following suffixes are supported:
B/b = bytes
K/k = KB
M/m = MB
G/g = GB
T/t = TB

This patch changes -numa and -m input to use strtosz().

Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-11-03 12:48:09 -05:00
Kevin Wolf
b8a83a4f79 cutils: qemu_iovec_copy and qemu_iovec_memset
This adds two functions that work on QEMUIOVectors and will be used by the next
qcow2 patches.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-09-21 15:39:42 +02:00
Paolo Bonzini
db1a49726c split out qemu-timer.c
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-03-17 11:16:15 -05:00
Blue Swirl
5f6b9e8fd5 Probe for fdatasync()
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2009-09-20 06:56:26 +00:00
Christoph Hellwig
6f1953c4c1 block: use fdatasync instead of fsync if possible
If we are flushing the caches for our image files we only care about the
data (including the metadata required for accessing it) but not things
like timestamp updates.  So try to use fdatasync instead of fsync to
implement the flush operations.

Unfortunately many operating systems still do not support fdatasync,
so we add a qemu_fdatasync wrapper that uses fdatasync if available
as per the _POSIX_SYNCHRONIZED_IO feature macro or fsync otherwise.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-09-11 10:19:46 -05:00
Kevin Wolf
40b4f53967 Add bdrv_aio_multiwrite
One performance problem of qcow2 during the initial image growth are
sequential writes that are not cluster aligned. In this case, when a first
requests requires to allocate a new cluster but writes only to the first
couple of sectors in that cluster, the rest of the cluster is zeroed - just
to be overwritten by the following second request that fills up the cluster.

Let's try to merge sequential write requests to the same cluster, so we can
avoid to write the zero padding to the disk in the first place.

As a nice side effect, also other formats take advantage of dealing with less
and larger requests.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-09-11 10:18:06 -05:00
Anthony Liguori
1cec71e359 Revert "support colon in filenames"
This reverts commit 707c0dbc97.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-07-09 16:06:38 -05:00
Blue Swirl
d43277c534 Fix missing strnlen problems
Fix missing strnlen (a GNU extension) problems by using qemu_strnlen
used for user emulators also for system emulators.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2009-07-01 18:24:44 +00:00
Ram Pai
707c0dbc97 support colon in filenames
Problem: It is impossible to feed filenames with the character colon because
qemu interprets such names as a protocol. For example filename scsi:0, is
interpreted as a protocol by name "scsi".

This patch allows user to espace colon characters. For example the above
filename can now be expressed either as 'scsi\:0' or as file:scsi:0

anything following the "file:" tag is interpreted verbatin. However if "file:"
tag is omitted then any colon characters in the string must be escaped using
backslash.

Here are couple of examples:

scsi\:0\:abc is a local file scsi:0:abc
http\://myweb is a local file by name http://myweb
file:scsi:0:abc is a local file scsi:0:abc
file:http://myweb is a local file by name http://myweb

Signed-off-by: Ram Pai <linuxram@us.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-29 13:50:05 -05:00
Paul Brook
5561650587 Include assert.h from qemu-common.h
Include assert.h from qemu-common.h and remove other direct uses.
cpu-all.h still need to include it because of the dyngen-exec.h hacks

Signed-off-by: Paul Brook <paul@codesourcery.com>
2009-05-13 20:54:26 +01:00
aliguori
522584a57b add qemu_iovec_init_external (Christoph Hellwig)
Allow to initialize a QEMUIOVector from an externally allocated iovec.
qiov->nalloc is initialized to -1 to indicate external storage for qiov->iov
and all functions dealing with memory management assert on the iovec beeing
an internally managed first.


Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6902 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-28 17:46:10 +00:00
aliguori
be959463af Add qemu_iovec_reset() (Avi Kivity)
Add a helper to zero out an existing iovec.  Removes the need to deallocate
and reallocate it.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6523 c046a42c-6fe2-441c-8c8c-71466251a162
2009-02-05 21:23:54 +00:00
aliguori
249aa745fb qemu iovec: keep track of total size, allow partial copies (Gerd Hoffman)
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6448 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-26 17:17:52 +00:00
aliguori
44e3ee8a2a I/O vector helpers (Avi Kivity)
In general, it is not possible to predict the size of of an I/O vector since
a contiguous guest region may map to a disconiguous host region.  Add some
helpers to manage I/O vector growth.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6396 c046a42c-6fe2-441c-8c8c-71466251a162
2009-01-22 16:59:20 +00:00
blueswir1
ad46db9add Rename fls to qemu_fls
Fix compiler warning on OSX, reported by Andreas Faerber.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5982 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-11 19:37:54 +00:00
aliguori
8d371d4bce Define fls() in terms of clz32().
As suggested by Laurent Desnogues.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5872 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-04 20:08:06 +00:00
aliguori
b39ade83c2 Introduce fls() helper
This is needed for virtio.  The implementation is originally from 
Marcelo Tosatti.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5868 c046a42c-6fe2-441c-8c8c-71466251a162
2008-12-04 19:19:45 +00:00
blueswir1
cd390083ad Attached patch fixes a series of this warning
when compiling on NetBSD:

warning: array subscript has type 'char'

Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5727 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-16 13:53:32 +00:00
balrog
793a10a2d4 Revert r5532, r5536 and a piece of r5531.
The use of strncat and strndup was correct, pstrcpy and pstrdup wasn't.
I'll try to restore building on non-gnu OSes in a later commit.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5651 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-08 23:57:26 +00:00
blueswir1
2bd7318c1a Replace uses of strndup (a GNU extension) with Qemu pstrdup
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5532 c046a42c-6fe2-441c-8c8c-71466251a162
2008-10-25 11:23:27 +00:00
pbrook
17e2377abf Prevent guest reusing host memory allocations.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4710 c046a42c-6fe2-441c-8c8c-71466251a162
2008-06-09 13:47:45 +00:00
aurel32
ca10f86763 Remove osdep.c/qemu-img code duplication
(Kevin Wolf)


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4191 c046a42c-6fe2-441c-8c8c-71466251a162
2008-04-11 21:35:42 +00:00
pbrook
faf07963cb Split block API from vl.h.
Remove QEMU_TOOL. Replace with QEMU_IMG and NEED_CPU_H.
Avoid linking qemu-img against whole system emulatior.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3578 c046a42c-6fe2-441c-8c8c-71466251a162
2007-11-11 02:51:17 +00:00
bellard
3c6b20885d always use mktimegm
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3570 c046a42c-6fe2-441c-8c8c-71466251a162
2007-11-10 19:36:39 +00:00
ths
5fafdf24ef find -type f | xargs sed -i 's/[\t ]$//g' # on most files
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3173 c046a42c-6fe2-441c-8c8c-71466251a162
2007-09-16 21:08:06 +00:00
bellard
18607dcb7c added cutils.c
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2310 c046a42c-6fe2-441c-8c8c-71466251a162
2007-01-07 22:04:40 +00:00