[Qemu-devel] Re: [PATCH 26/35] kvm: Eliminate KVMState arguments

[Jan Kiszka]

Am 08.01.2011 00:27, Anthony Liguori wrote:
> On 01/07/2011 03:03 AM, Jan Kiszka wrote:
>> Am 06.01.2011 20:24, Anthony Liguori wrote:
>>   
>>> On 01/06/2011 11:56 AM, Marcelo Tosatti wrote:
>>> 
 From: Jan Kiszka

 QEMU supports only one VM, so there is only one kvm_state per process,
 and we gain nothing passing a reference to it around. Eliminate any
 need
 to refer to it outside of kvm-all.c.

 Signed-off-by: Jan Kiszka
 CC: Alexander Graf
 Signed-off-by: Marcelo Tosatti


>>> I think this is a big mistake.
>>>  
>> Obviously, I don't share your concerns. :)
>>
>>   
>>> Having to manage kvm_state keeps the abstraction lines well defined.
>>>  
>> How does it help?
>>
>>   
>>> Otherwise, it's far too easy for portions of code to call into KVM
>>> functions that really shouldn't.
>>>  
>> I can't imagine we gain anything from requiring kvm_check_extension
>> callers to hold a kvm_state "capability". Yes, it's now much easier to
>> call kvm_[vm_]ioctl, but that's the key point of this change:
>>
>> So far we primarily complicated the internal interface between generic
>> and arch-dependent kvm parts by requiring kvm_state joggling. But
>> external users already find interfaces without this restriction
>> (kvm_log_*, kvm_ioeventfd_*, ...). That's because it's at least
>> complicated to _cleanly_ pass kvm_state references to all users that
>> need it - e.g. sysbus devices like kvmclock or upcoming in-kernel
>> irqchips.
>>
> 
> I think you're basically making my point for me.
> 
> ioeventfd is a broken interface.  It shouldn't be a VM ioctl but rather
> a VCPU ioctl because PIO events are dispatched on a per-VCPU basis.

OK, but I don't want to argue about the ioeventfd API. So let's put this
case aside. :)

> 
> kvm_state is available as part of CPU state so it's quite easy to get at
> if these interfaces just took a CPUState argument (and they should).

My point is definitely NOT about cpu-bound devices. That case is clear
and is not touched at all by this patch.

My point is about devices that have clear system scope like kvmclock,
ioapic, pit, pic, whatever-the-future-will-bring. And about KVM services
that have global scope like capability checks and other feature
explorations or VM configurations done by the KVM arch code. You still
didn't explain what we gain in these concrete scenarios by handing the
technically redundant abstraction kvm_state around, especially _inside_
the KVM core.

Jan



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH] Stop current VCPU on synchronous reset requests

[Jan Kiszka]

From: Jan Kiszka 

If some I/O operation ends up calling qemu_system_reset_request in VCPU
context, we record this and inform the io-thread, but we do not
terminate the VCPU loop. This can lead to fairly unexpected behavior if
the triggering reset operation is supposed to work synchronously.

Fix this for TCG (when run in deterministic I/O mode) by setting the
VCPU on stop and issuing a cpu_exit. KVM requires some more work on its
VCPU loop.

[ ported from qemu-kvm ]

Signed-off-by: Jan Kiszka 
---
 cpus.c |   13 +
 cpus.h |1 +
 vl.c   |1 +
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/cpus.c b/cpus.c
index 9bf5224..925a40f 100644
--- a/cpus.c
+++ b/cpus.c
@@ -99,6 +99,14 @@ void cpu_synchronize_all_post_init(void)
 }
 }
 
+void cpu_stop_current(void)
+{
+if (cpu_single_env) {
+cpu_single_env->stopped = 1;
+cpu_exit(cpu_single_env);
+}
+}
+
 int cpu_is_stopped(CPUState *env)
 {
 return !vm_running || env->stopped;
@@ -854,10 +862,7 @@ void vm_stop(int reason)
  * FIXME: should not return to device code in case
  * vm_stop() has been requested.
  */
-if (cpu_single_env) {
-cpu_exit(cpu_single_env);
-cpu_single_env->stop = 1;
-}
+cpu_stop_current();
 return;
 }
 do_vm_stop(reason);
diff --git a/cpus.h b/cpus.h
index fa3f165..e021126 100644
--- a/cpus.h
+++ b/cpus.h
@@ -6,6 +6,7 @@ int qemu_init_main_loop(void);
 void qemu_main_loop_start(void);
 void resume_all_vcpus(void);
 void pause_all_vcpus(void);
+void cpu_stop_current(void);
 
 /* vl.c */
 extern int smp_cores;
diff --git a/vl.c b/vl.c
index 193afba..2b9a9da 100644
--- a/vl.c
+++ b/vl.c
@@ -1278,6 +1278,7 @@ void qemu_system_reset_request(void)
 } else {
 reset_requested = 1;
 }
+cpu_stop_current();
 qemu_notify_event();
 }
 
-- 
1.7.1

[Qemu-devel] Re: qemu-kvm vs. qemu: Terminate cpu loop on reset?

[Jan Kiszka]

Am 07.01.2011 22:19, Gleb Natapov wrote:
> On Fri, Jan 07, 2011 at 08:33:20PM +0100, Jan Kiszka wrote:
>> Am 07.01.2011 20:10, Gleb Natapov wrote:
>> We are on a good track now. I predict that we will be left with only one
>> or two major additional features in qemu-kvm in a few months from now,
>> no more duplications with subtle differences, and production-grade kvm
>> upstream stability.
>>
> You are optimistic. My prediction is that it will take at least one major 
> RHEL
> release until such merged code base will become production-grade. That
> is when most bugs that were introduced by eliminating subtle differences
> between working and non-working version will be found :)

 The more upstream code qemu-kvm stresses, the faster this convergence
 will become. And there is really not that much left. E.g, I've a
 qemu-kvm-x86.c here that is <400 LOC.

>>> That's what I don't get. Why working qemu-kvm should stress non working
>>> upstream code? Just remove upstream code and replace it with qemu-kvm
>>> version.
>>
>> We are 3/4 (if not more) done with refactoring qemu-kvm into a clean
>> state, removing lots of cruft from libkvm days and early kvm modules. We
>> achieved this by creating a "fork of the fork": upstream kvm. We may
>> argue a lot about pros and cons of this approach, but it is a fact now.
>> And a lot of effort would be wasted as well by throwing this away.
>>
> Upstream kvm was not "fork of the fork". It was something much worse
> then that. It was (bad) reimplementation of kvm that was unfortunately
> merged upstream.

Not everything is black or white.

> This slowed proper kvm inclusion into upstream for more
> then 2 years now (and counting). Glauber and you did (and do) a great
> job trying to sort this mess and nobody propose to throw what was done
> so far. qemu-kvm and qemu upstream uses a lot of common code. We can
> either try hard to consolidate even mode code, or at some point just
> merge qemu-kvm and drop upstream functions that are not used by qemu-kvm
> (ifdefed as obsolete in qemu-kvm tree).

Just take a look at the code: this is no longer that easy due to
upstream code being actively even when removing current x86 support. I'm
convinced we can't get around consolidating anymore.

> 
>> Moreover, taking off the x86 glasses: ppc and s390 rely on upstream kvm.
>> So it is impossible to drop those bits without breaking all non-x86 kvm
>> archs.
>>
> I do not propose to drop bits from upstream that are used in qemu-kvm
> obviously.
> 
>>>
>
> BTW Do you have a plan how to move upstream to thread per vcpu?

 Upstream has this already, but it's - once again - a different
 implementation. Understanding those differences is one of the next steps.

>>> I see only two threads on upstream no matter how much vcpus I configure.
>>
>> /me sees a lot of them. Did you enable io-thread support? Otherwise kvm
>> is run just like tcg in single-thread mode.
>>
> No, I didn't. Does io-thread work properly with TCG? IIRC there were
> problems with io thread + TCG.

I'm not using TCG heavily, so I can't say for sure if there are still
issues remaining with the I/O thread. Quite a few were fixed last year,
and I'm currently not aware of open issues.

> 
>>>
 In fact, as posted recently, unifying the execution model
 implementations is the only big problem I see. In-kernel irqchips and
 device assignment are things that can live in qemu-kvm without much
 conflicts until they are finally mergable.

>>> Upstream kvm is kinda useless without in-kernel irqchips.
>>
>> Not if its code serves the rest of qemu-kvm without further patches (and
>> merge conflicts). And we only need to sort out the execution loop and
>> threading stuff to get there.
>>
> This could have been achieved by not introducing upstream kvm in the
> first place :). Many if not most merging problems were result of rival
> kvm implementation in upstream. I thought the goal is to get rid of
> qemu-kvm fork at all by having fully functional kvm in upstream.

I'm quite sure that, by the time kvm upstream was merged, qemu-kvm was
still too far away from a mergable state, not so much its core but its
hooks into and extensions of qemu. So, as far as I understood (Anthony
may correct me), the upstream flavor originally served as an early
teaser for the QEMU folks, opening their mind for the needs and
possibilities of virtualization. However, at latest by the time ppc
adopted this teaser, it became more. And I'm also not that sure we would
be that far now if we tried to dress up qemu-kvm directly for a merge.

What went wrong IMHO was that we were not aggressively enough merging,
specifically once we reached the point where consolidating individual
parts became as easy as it is now. That likely cost more than it saved.

Jan



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 0/5] usb-ccid (v14)

[Alon Levy]

This patchset adds three new devices, usb-ccid, ccid-card-passthru and
ccid-card-emulated, providing a CCID bus, a simple passthru protocol
implementing card requiring a client, and a standalone emulated card.

It also introduces a new directory libcaccard with CAC card emulation,
CAC is a type of ISO 7816 smart card.

Tree for pull: git://anongit.freedesktop.org/~alon/qemu usb_ccid.v14

v13-v14 changes:
 - support device_del/device_add on ccid-card-* and usb-ccid
 * usb-ccid:
  * lose card reference when card device deleted
  * check slot number and deny adding a slot if one is already added.
 * ccid-card-*: use qdev_simple_unplug_cb in both emulated and passthru ccid 
cards,
   the exitfn already takes care of triggering card removal in the usb dev.
 * libcacard:
  * remove double include of config-host.mak
  * add replay of card events to libcacard to support second and more emulation
  * don't initialize more then once (doesn't support it right now, so one
   thread, NSS thread, is left when device_del is done)
  * add VCARD_EMUL_INIT_ALREADY_INITED
 * ccid-card-emulated:
  * take correct mutexes on signaling to fix deadlocks on device_del
  * allow card insertion/removal event without proper reader insertion event

v12-v13 changes:
 * libcacard:
  * fix Makefile clean to remove vscclient
  * fix double include of config-host in Makefile
 * usb-ccid: remove attach/detach logic, usb is always attached. Guest
  doesn't care if there is a reader attached with no card anyway.
 * ccid-card-passthru: don't close chr_dev on removal, makes it possible
  to use device_del/device_add to create remove/insertion for debugging.

v11-v12 changes:
 * fix out of tree build

v10-v11 changes:
 * fix last patch that removed one of the doc files.
 * updated flow table in docs/ccid.txt

v8-v10 changes:
 * usb-ccid:
  * add slot for future use (Gerd)
  * ifdef ENABLE_MIGRATION for migration support on account of usb
   migration not being ready in general. (Gerd)
 * verbosified commit messages. (Gerd)
 * put libcacard docs in libcacard commit. (Gerd)

v8-v9 changes:
 * Blue Swirl comments:
  * white space fixes
  * enabled by default, disabled only if missing nss
  * forgotten fix from v8 (don't build libcacard.so)
 * added a note about device being little endian
 * library renamed from libcaccard to libcacard
 * squashed both of libcacard patches, they touched different files anyway.

v7-v8 changes:
 * Blue Swirl comments:
  * usb-ccid: deannonymize some structs
  * usb-ccid: coding style change - answer_t and bulk_in_t fixed
  * usb-ccid: handle endianess conversion between guest and host
 * usb-ccid: s/ccid_bulk_in_copy_out/ccid_bulk_in_copy_to_guest/
 * ccid-card-emulated: fix segfault if backend not specified
 * ccid-card-emulated: let last reader inserted win
 * libcaccard: remove double vscard_common.h

v6->v7 changes:
 * external libcaccard became internal directory libcaccard
  * statically link object files into qemu
  * produce libcaccard.so for usage by external projects
  * applied coding style to new code (please check me)
  - did not use the qemu options parsing for libcaccard, since
   it seems to draw large amounts of qemu code (monitor for instance).

v5->v6 changes:
 * really remove static debug (I apologize for claiming to have done so before)

v4->v5 changes:
 * rebased to latest
 * remove static debug in card devices
 * fix --enable-smartcard to link
 * stall instead of assert when exceeding BULK_OUT_DATA_SIZE
 * make ccid_reserve_recv_buf for too large len discard message, not exit
 * make ccid_reserve_recv_buf return void*
 * fix typo
 * remove commented code in VMState

v3->v4:
 * remove ccid field in CCIDBus
 * remove static debug in bus
 * add back docs

v2->v3:
 * split into bus (usb-ccid.c, uses ccid.h) and card (ccid-card-passthru.c).
 * removed documentation (being revised).

v1->v2:
 * all QSIMPLEQ turned into fixed sized rings
 * all allocated buffers turned into fixed size buffers
 * added migration support
 * added a message to tell client qemu has migrated to ip:port
  * for lack of monitor commands ip:port are 0:0, which causes the updated
   vscclient to connect to one port higher on the same host. will add monitor
   commands in a separate patch. tested with current setup.

Alon Levy (4):
  usb-ccid: add CCID bus
  ccid: add passthru card device
  ccid: add ccid-card-emulated device (v2)
  ccid: add docs

Robert Relyea (1):
  libcacard: initial commit after coding style fixes

 Makefile|6 +-
 Makefile.objs   |6 +
 Makefile.target |2 +
 configure   |   31 +
 docs/ccid.txt   |  135 +
 docs/libcacard.txt  |  483 +++
 hw/ccid-card-emulated.c |  534 +
 hw/ccid-card-passthru.c |  272 +
 hw/ccid.h   |   35 ++
 hw/usb-ccid.c   | 1355 +++
 libcacard/Makefile  |   14 +
 libcacard/cac

[Qemu-devel] [PATCH 2/5] ccid: add passthru card device

[Alon Levy]

The passthru ccid card is a device sitting on the usb-ccid bus and
using a chardevice to communicate with a remote device using the
VSCard protocol defined in libcacard/vscard_common.h

Usage docs available in following patch in docs/ccid.txt

Signed-off-by: Alon Levy 
---
 Makefile.objs |2 +-
 hw/ccid-card-passthru.c   |  273 +
 libcacard/vscard_common.h |  130 +
 3 files changed, 404 insertions(+), 1 deletions(-)
 create mode 100644 hw/ccid-card-passthru.c
 create mode 100644 libcacard/vscard_common.h

diff --git a/Makefile.objs b/Makefile.objs
index 7da4771..274db5e 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -197,7 +197,7 @@ hw-obj-$(CONFIG_FDC) += fdc.o
 hw-obj-$(CONFIG_ACPI) += acpi.o acpi_piix4.o
 hw-obj-$(CONFIG_APM) += pm_smbus.o apm.o
 hw-obj-$(CONFIG_DMA) += dma.o
-hw-obj-$(CONFIG_SMARTCARD) += usb-ccid.o
+hw-obj-$(CONFIG_SMARTCARD) += usb-ccid.o ccid-card-passthru.o
 
 # PPC devices
 hw-obj-$(CONFIG_OPENPIC) += openpic.o
diff --git a/hw/ccid-card-passthru.c b/hw/ccid-card-passthru.c
new file mode 100644
index 000..6ec4f21
--- /dev/null
+++ b/hw/ccid-card-passthru.c
@@ -0,0 +1,273 @@
+/*
+ * CCID Card Device emulation
+ *
+ * Copyright (c) 2010 Red Hat.
+ * Written by Alon Levy.
+ *
+ * This code is licenced under the LGPL.
+ */
+
+#include "qemu-char.h"
+#include "monitor.h"
+#include "hw/ccid.h"
+#include "libcacard/vscard_common.h"
+
+#define DPRINTF(card, lvl, fmt, ...) \
+do { if (lvl <= card->debug) { printf("ccid-card: " fmt , ## __VA_ARGS__); } } 
while (0)
+
+/* Passthru card */
+
+
+// TODO: do we still need this?
+uint8_t DEFAULT_ATR[] = {
+/* From some example somewhere
+ 0x3B, 0xB0, 0x18, 0x00, 0xD1, 0x81, 0x05, 0xB1, 0x40, 0x38, 0x1F, 0x03, 0x28
+ */
+
+/* From an Athena smart card */
+ 0x3B, 0xD5, 0x18, 0xFF, 0x80, 0x91, 0xFE, 0x1F, 0xC3, 0x80, 0x73, 0xC8, 0x21, 
0x13, 0x08
+
+}; /* maximum size of ATR - from 7816-3 */
+
+
+#define PASSTHRU_DEV_NAME "ccid-card-passthru"
+#define VSCARD_IN_SIZE 65536
+#define MAX_ATR_SIZE40
+
+typedef struct PassthruState PassthruState;
+
+struct PassthruState {
+CCIDCardState base;
+CharDriverState *cs;
+uint8_t  vscard_in_data[VSCARD_IN_SIZE];
+uint32_t vscard_in_pos;
+uint32_t vscard_in_hdr;
+uint8_t  atr[MAX_ATR_SIZE];
+uint8_t  atr_length;
+uint8_t debug;
+};
+
+/* VSCard protocol over chardev
+ * This code should not depend on the card type.
+ * */
+
+static void ccid_card_vscard_send_msg(
+PassthruState *s, VSCMsgType type, reader_id_t reader_id,
+const uint8_t* payload, uint32_t length)
+{
+VSCMsgHeader scr_msg_header;
+
+scr_msg_header.type = type;
+scr_msg_header.reader_id = reader_id;
+scr_msg_header.length = length;
+qemu_chr_write(s->cs, (uint8_t*)&scr_msg_header, sizeof(VSCMsgHeader));
+qemu_chr_write(s->cs, payload, length);
+}
+
+static void ccid_card_vscard_send_apdu(
+PassthruState *s, const uint8_t* apdu, uint32_t length)
+{
+ccid_card_vscard_send_msg(s, VSC_APDU, VSCARD_MINIMAL_READER_ID, apdu, 
length);
+}
+
+static void ccid_card_vscard_send_error(
+PassthruState *s, reader_id_t reader_id, VSCErrorCode code)
+{
+VSCMsgError msg = {.code=code};
+
+ccid_card_vscard_send_msg(s, VSC_Error, reader_id, (uint8_t*)&msg, 
sizeof(msg));
+}
+
+static void ccid_card_vscard_send_init(PassthruState *s)
+{
+VSCMsgInit msg = {.version=VSCARD_VERSION};
+
+ccid_card_vscard_send_msg(s, VSC_Init, VSCARD_UNDEFINED_READER_ID,
+ (uint8_t*)&msg, sizeof(msg));
+}
+
+static int ccid_card_vscard_can_read(void *opaque)
+{
+return 65535;
+}
+
+static void ccid_card_vscard_handle_message(PassthruState *card,
+VSCMsgHeader* scr_msg_header)
+{
+uint8_t *data = (uint8_t*)&scr_msg_header[1];
+
+switch (scr_msg_header->type) {
+case VSC_ATR:
+DPRINTF(card, 1, "VSC_ATR %d\n", scr_msg_header->length);
+assert(scr_msg_header->length <= MAX_ATR_SIZE);
+memcpy(card->atr, data, scr_msg_header->length);
+card->atr_length = scr_msg_header->length;
+ccid_card_card_inserted(&card->base);
+break;
+case VSC_APDU:
+ccid_card_send_apdu_to_guest(&card->base, data, 
scr_msg_header->length);
+break;
+case VSC_CardRemove:
+DPRINTF(card, 1, "VSC_CardRemove\n");
+ccid_card_card_removed(&card->base);
+break;
+case VSC_Init:
+break;
+case VSC_Error:
+ccid_card_card_error(&card->base, *(uint64_t*)data);
+break;
+case VSC_ReaderAdd:
+if (ccid_card_ccid_attach(&card->base) < 0) {
+ccid_card_vscard_send_error(card, VSCARD_UNDEFINED_READER_ID,
+  VSC_CANNOT_ADD_MORE_READERS);
+} else {
+ccid_card_vscard_send_msg(card, VSC_ReaderAddResponse,
+  

[Qemu-devel] [PATCH 1/5] usb-ccid: add CCID bus

[Alon Levy]

A CCID device is a smart card reader. It is a USB device, defined at [1].
This patch introduces the usb-ccid device that is a ccid bus. Next patches will
introduce two card types to use it, a passthru card and an emulated card.

 [1] http://www.usb.org/developers/devclass_docs/DWG_Smart-Card_CCID_Rev110.

Signed-off-by: Alon Levy 
---
 Makefile.objs |1 +
 configure |6 +
 hw/ccid.h |   35 ++
 hw/usb-ccid.c | 1355 +
 4 files changed, 1397 insertions(+), 0 deletions(-)
 create mode 100644 hw/ccid.h
 create mode 100644 hw/usb-ccid.c

diff --git a/Makefile.objs b/Makefile.objs
index d6b3d60..7da4771 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -197,6 +197,7 @@ hw-obj-$(CONFIG_FDC) += fdc.o
 hw-obj-$(CONFIG_ACPI) += acpi.o acpi_piix4.o
 hw-obj-$(CONFIG_APM) += pm_smbus.o apm.o
 hw-obj-$(CONFIG_DMA) += dma.o
+hw-obj-$(CONFIG_SMARTCARD) += usb-ccid.o
 
 # PPC devices
 hw-obj-$(CONFIG_OPENPIC) += openpic.o
diff --git a/configure b/configure
index 47e4cf0..af62f09 100755
--- a/configure
+++ b/configure
@@ -334,6 +334,7 @@ trace_backend="nop"
 trace_file="trace"
 spice=""
 rbd=""
+smartcard="yes"
 
 # OS specific
 if check_define __linux__ ; then
@@ -2426,6 +2427,7 @@ echo "Trace output file $trace_file-"
 echo "spice support $spice"
 echo "rbd support   $rbd"
 echo "xfsctl support$xfs"
+echo "smartcard support $smartcard"
 
 if test $sdl_too_old = "yes"; then
 echo "-> Your SDL version is too old - please upgrade to have SDL support"
@@ -2692,6 +2694,10 @@ if test "$spice" = "yes" ; then
   echo "CONFIG_SPICE=y" >> $config_host_mak
 fi
 
+if test "$smartcard" = "yes" ; then
+  echo "CONFIG_SMARTCARD=y" >> $config_host_mak
+fi
+
 # XXX: suppress that
 if [ "$bsd" = "yes" ] ; then
   echo "CONFIG_BSD=y" >> $config_host_mak
diff --git a/hw/ccid.h b/hw/ccid.h
new file mode 100644
index 000..af59070
--- /dev/null
+++ b/hw/ccid.h
@@ -0,0 +1,35 @@
+#ifndef __CCID_H__
+#define __CCID_H__
+
+#include "qdev.h"
+
+typedef struct CCIDCardState CCIDCardState;
+typedef struct CCIDCardInfo CCIDCardInfo;
+
+struct CCIDCardState {
+DeviceState qdev;
+uint32_tslot; // For future use with multiple slot reader.
+};
+
+struct CCIDCardInfo {
+DeviceInfo qdev;
+void (*print)(Monitor *mon, CCIDCardState *card, int indent);
+const uint8_t *(*get_atr)(CCIDCardState *card, uint32_t *len);
+void (*apdu_from_guest)(CCIDCardState *card, const uint8_t *apdu, uint32_t 
len);
+int (*exitfn)(CCIDCardState *card);
+int (*initfn)(CCIDCardState *card);
+};
+
+void ccid_card_send_apdu_to_guest(CCIDCardState *card, uint8_t* apdu, uint32_t 
len);
+void ccid_card_card_removed(CCIDCardState *card);
+void ccid_card_card_inserted(CCIDCardState *card);
+void ccid_card_card_error(CCIDCardState *card, uint64_t error);
+void ccid_card_qdev_register(CCIDCardInfo *card);
+
+/* support guest visible insertion/removal of ccid devices based on actual
+ * devices connected/removed. Called by card implementation (passthru, local) 
*/
+int ccid_card_ccid_attach(CCIDCardState *card);
+void ccid_card_ccid_detach(CCIDCardState *card);
+
+#endif // __CCID_H__
+
diff --git a/hw/usb-ccid.c b/hw/usb-ccid.c
new file mode 100644
index 000..58f69a6
--- /dev/null
+++ b/hw/usb-ccid.c
@@ -0,0 +1,1355 @@
+/*
+ * CCID Device emulation
+ *
+ * Based on usb-serial.c:
+ * Copyright (c) 2006 CodeSourcery.
+ * Copyright (c) 2008 Samuel Thibault 
+ * Written by Paul Brook, reused for FTDI by Samuel Thibault,
+ * Reused for CCID by Alon Levy.
+ * Contributed to by Robert Relyea
+ * Copyright (c) 2010 Red Hat.
+ *
+ * This code is licenced under the LGPL.
+ */
+
+/* References:
+ *
+ * CCID Specification Revision 1.1 April 22nd 2005
+ *  "Universal Serial Bus, Device Class: Smart Card"
+ *  Specification for Integrated Circuit(s) Cards Interface Devices
+ *
+ * Endianess note: from the spec (1.3)
+ *  "Fields that are larger than a byte are stored in little endian
+ *
+ * KNOWN BUGS
+ * 1. remove/insert can sometimes result in removed state instead of inserted.
+ * This is a result of the following:
+ *  symptom: dmesg shows ERMOTEIO (-121), pcscd shows -99. This happens
+ *  when we send a too short packet, seen in uhci-usb.c, resulting from
+ *  a urb requesting SPD and us returning a smaller packet.
+ *  Not sure which messages trigger this.
+ *
+ * Migration note:
+ *
+ * All the VMStateDescription's are left here for future use, but
+ * not enabled right now since there is no support for USB migration.
+ *
+ * To enable define ENABLE_MIGRATION
+ */
+
+#include "qemu-common.h"
+#include "qemu-error.h"
+#include "usb.h"
+#include "monitor.h"
+
+#include "hw/ccid.h"
+
+//#define DEBUG_CCID
+
+#define DPRINTF(s, lvl, fmt, ...) \
+do { if (lvl <= s->debug) { printf("usb-ccid: " fmt , ## __VA_ARGS__); } } 
while (0)
+
+#define CCID_DEV_NAME "usb-ccid"
+
+/* The two options for variable sized buffers:
+ * make them constant size, for large enough constant,
+ * or h

[Qemu-devel] [PATCH 5/5] ccid: add docs

[Alon Levy]

Add documentation for the usb-ccid device and accompanying two card
devices, ccid-card-emulated and ccid-card-passthru.
---
 docs/ccid.txt |  135 +
 1 files changed, 135 insertions(+), 0 deletions(-)
 create mode 100644 docs/ccid.txt

diff --git a/docs/ccid.txt b/docs/ccid.txt
new file mode 100644
index 000..75605bb
--- /dev/null
+++ b/docs/ccid.txt
@@ -0,0 +1,135 @@
+Qemu CCID Device Documentation.
+
+Contents
+1. USB CCID device
+2. Building
+3. Using ccid-card-emulated with hardware
+4. Using ccid-card-emulated with certificates
+5. Using ccid-card-passthru with client side hardware
+6. Using ccid-card-passthru with client side certificates
+7. Passthrough protocol scenario
+8. libcaccard
+
+1. USB CCID device
+
+The USB CCID device is a USB device implementing the CCID specification, which
+lets one connect smart card readers that implement the same spec. For more
+information see the specification:
+
+ Universal Serial Bus
+ Device Class: Smart Card
+ CCID
+ Specification for
+ Integrated Circuit(s) Cards Interface Devices
+ Revision 1.1
+ April 22rd, 2005
+
+Smartcard are used for authentication, single sign on, decryption in
+public/private schemes and digital signatures. A smartcard reader on the client
+cannot be used on a guest with simple usb passthrough since it will then not be
+available on the client, possibly locking the computer when it is "removed". On
+the other hand this device can let you use the smartcard on both the client and
+the guest machine. It is also possible to have a completely virtual smart card
+reader and smart card (i.e. not backed by a physical device) using this device.
+
+2. Building
+
+The cryptographic functions and access to the physical card is done via NSS.
+
+Installing NSS:
+
+In redhat/fedora:
+yum install nss-devel
+In ubuntu/debian:
+apt-get install libnss3-dev
+(not tested on ubuntu)
+
+Configuring and building:
+./configure --enable-smartcard && make
+
+3. Using ccid-card-emulated with hardware
+
+Assuming you have a working smartcard on the host with the current
+user, using NSS, qemu acts as another NSS client using ccid-card-emulated:
+
+qemu -usb -device usb-ccid -device ccid-card-emualated
+
+4. Using ccid-card-emulated with certificates
+
+You must create the certificates. This is a one time process. We use NSS
+certificates:
+
+certutil -d /etc/pki/nssdb -x -t "CT,CT,CT" -S -s "CN=cert1" -n cert1
+
+Note: you must have exactly three certificates.
+
+Assuming the current user can access the certificates (use certutil -L to
+verify), you can use the emulated card type with the certificates backend:
+
+qemu -usb -device usb-ccid -device 
ccid-card-emulated,backend=certificates,cert1=cert1,cert2=cert2,cert3=cert3
+
+5. Using ccid-card-passthru with client side hardware
+
+on the host specify the ccid-card-passthru device with a suitable chardev:
+
+qemu -chardev socket,server,host=0.0.0.0,port=2001,id=ccid,nowait -usb 
-device usb-ccid -device ccid-card-passthru,chardev=ccid
+
+on the client run vscclient, built when you built the libcaccard library:
+libcaccard/vscclient  2001
+
+6. Using ccid-card-passthru with client side certificates
+
+Run qemu as per #5, and run vscclient as follows:
+(Note: vscclient command line interface is in a state of change)
+
+libcaccard/vscclient -e "db=\"/etc/pki/nssdb\" use_hw=no 
soft=(,Test,CAC,,cert1,cert2,cert3)"  2001
+
+7. Passthrough protocol scenario
+
+This is a typical interchange of messages when using the passthru card device.
+usb-ccid is a usb device. It defaults to an unattached usb device on startup.
+usb-ccid expects a chardev and expects the protocol defined in
+cac_card/vscard_common.h to be passed over that.
+The usb-ccid device can be in one of three modes:
+ * detached
+ * attached with no card
+ * attached with card
+
+A typical interchange is: (the arrow shows who started each exchange, it can 
be client
+originated or guest originated)
+
+client event  |  vscclient   |passthru| usb-ccid  
|  guest event
+--
+  |  VSC_Init||   |
+  |  VSC_ReaderAdd   || attach|
+  |  ||   
|  sees new usb device.
+card inserted ->  |  ||   |
+  |  VSC_ATR |   insert   | insert
|  see new card
+  |  ||   |
+  |  VSC_APDU|   VSC_APDU |   
| <- guest sends APDU
+client<->physical |  ||   |
+card APDU exchange|  ||   |

[Qemu-devel] [PATCH 4/5] ccid: add ccid-card-emulated device (v2)

[Alon Levy]

This devices uses libcacard (internal) to emulate a smartcard conforming
to the CAC standard. It attaches to the usb-ccid bus. Usage instructions
(example command lines) are in the following patch in docs/ccid.txt. It
uses libcacard which uses nss, so it can work with both hw cards and
certificates (files).

changes from v1:
remove stale comments, use only c-style comments
bugfix, forgot to set recv_len
change reader name to 'Virtual Reader'

Signed-off-by: Alon Levy 
---
 Makefile.objs   |2 +-
 hw/ccid-card-emulated.c |  534 +++
 hw/ccid-card-passthru.c |1 -
 3 files changed, 535 insertions(+), 2 deletions(-)
 create mode 100644 hw/ccid-card-emulated.c

diff --git a/Makefile.objs b/Makefile.objs
index 6a0030b..303b642 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -197,7 +197,7 @@ hw-obj-$(CONFIG_FDC) += fdc.o
 hw-obj-$(CONFIG_ACPI) += acpi.o acpi_piix4.o
 hw-obj-$(CONFIG_APM) += pm_smbus.o apm.o
 hw-obj-$(CONFIG_DMA) += dma.o
-hw-obj-$(CONFIG_SMARTCARD) += usb-ccid.o ccid-card-passthru.o
+hw-obj-$(CONFIG_SMARTCARD) += usb-ccid.o ccid-card-passthru.o 
ccid-card-emulated.o
 
 # PPC devices
 hw-obj-$(CONFIG_OPENPIC) += openpic.o
diff --git a/hw/ccid-card-emulated.c b/hw/ccid-card-emulated.c
new file mode 100644
index 000..5531ce1
--- /dev/null
+++ b/hw/ccid-card-emulated.c
@@ -0,0 +1,534 @@
+/*
+ * CCID Card Device. Emulated card.
+ *
+ * It can be used to provide access to the local hardware in a non exclusive
+ * way, or it can use certificates. It requires the usb-ccid bus.
+ *
+ * Usage 1: standard, mirror hardware reader+card:
+ * qemu .. -usb -device usb-ccid -device ccid-card-emulated
+ *
+ * Usage 2: use certificates, no hardware required
+ * one time: create the certificates:
+ *  for i in 1 2 3; do certutil -d /etc/pki/nssdb -x -t "CT,CT,CT" -S -s 
"CN=user$i" -n user$i; done
+ * qemu .. -usb -device usb-ccid -device 
ccid-card-emulated,cert1=user1,cert2=user2,cert3=user3
+ *
+ * If you use a non default db for the certificates you can specify it using 
the db parameter.
+ *
+ *
+ * Copyright (c) 2010 Red Hat.
+ * Written by Alon Levy.
+ *
+ * This code is licenced under the LGPL.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "qemu-char.h"
+#include "monitor.h"
+#include "hw/ccid.h"
+
+#define DPRINTF(card, lvl, fmt, ...) \
+do { if (lvl <= card->debug) { printf("ccid-card-emul: %s: " fmt , __func__, 
## __VA_ARGS__); } } while (0)
+
+#define EMULATED_DEV_NAME "ccid-card-emulated"
+
+#define BACKEND_NSS_EMULATED "nss-emulated" /* the default */
+#define BACKEND_CERTIFICATES "certificates"
+
+typedef struct EmulatedState EmulatedState;
+
+enum {
+EMUL_READER_INSERT = 0,
+EMUL_READER_REMOVE,
+EMUL_CARD_INSERT,
+EMUL_CARD_REMOVE,
+EMUL_GUEST_APDU,
+EMUL_RESPONSE_APDU,
+EMUL_ERROR,
+};
+
+static const char* emul_event_to_string(uint32_t emul_event)
+{
+switch (emul_event) {
+case EMUL_READER_INSERT: return "EMUL_READER_INSERT";
+case EMUL_READER_REMOVE: return "EMUL_READER_REMOVE";
+case EMUL_CARD_INSERT: return "EMUL_CARD_INSERT";
+case EMUL_CARD_REMOVE: return "EMUL_CARD_REMOVE";
+case EMUL_GUEST_APDU: return "EMUL_GUEST_APDU";
+case EMUL_RESPONSE_APDU: return "EMUL_RESPONSE_APDU";
+case EMUL_ERROR: return "EMUL_ERROR";
+default:
+break;
+}
+return "UNKNOWN";
+}
+
+typedef struct EmulEvent {
+QSIMPLEQ_ENTRY(EmulEvent) entry;
+union {
+struct {
+uint32_t type;
+} gen;
+struct {
+uint32_t type;
+uint64_t code;
+} error;
+struct {
+uint32_t type;
+uint32_t len;
+uint8_t data[];
+} data;
+} p;
+} EmulEvent;
+
+#define MAX_ATR_SIZE 40
+struct EmulatedState {
+CCIDCardState base;
+uint8_t  debug;
+char*backend;
+char*cert1;
+char*cert2;
+char*cert3;
+char*db;
+uint8_t  atr[MAX_ATR_SIZE];
+uint8_t  atr_length;
+QSIMPLEQ_HEAD(event_list, EmulEvent) event_list;
+pthread_mutex_t event_list_mutex;
+VReader *reader;
+QSIMPLEQ_HEAD(guest_apdu_list, EmulEvent) guest_apdu_list;
+pthread_mutex_t vreader_mutex; /* and guest_apdu_list mutex */
+pthread_mutex_t handle_apdu_mutex;
+pthread_cond_t handle_apdu_cond;
+int  pipe[2];
+int  quit_apdu_thread;
+pthread_mutex_t apdu_thread_quit_mutex;
+pthread_cond_t apdu_thread_quit_cond;
+};
+
+static void emulated_apdu_from_guest(CCIDCardState *base, const uint8_t *apdu, 
uint32_t len)
+{
+EmulatedState *card = DO_UPCAST(EmulatedState, base, base);
+EmulEvent *event = (EmulEvent*)malloc(sizeof(EmulEvent) + len);
+
+assert(event);
+event->p.data.type = EMUL_GUEST_APDU;
+event->p.data.len = len;
+memcpy(event->p.data.data, apdu, len);
+pthread_mutex_lock(&card->vreader_mutex);
+QSIMPLEQ_INSERT

[Qemu-devel] [Bug 700276] [NEW] QEMU crashed when GDB request a big size variable information

[dazhi]

Public bug reported:

Hello,
My host is Fedora 13. My QEMU version is 0.13.0, I use QEMU with GDB to debug 
Linux kernel(Version 2.6.36.2).

I use QEMU like this:"qemu -s -S -kernel build/arch/i386/boot/bzImage -hda 
/dev/zero"
When GDB connected with QEMU, and use gdb command print to look big size 
variable, the qemu is crash down. for example, when I look a task_struct 
variable 'init_task'(print init_task ), the qemu produce the below message and 
exit.

*** stack smashing detected ***: qemu terminated
=== Backtrace: =
/lib/libc.so.6(__fortify_fail+0x4d)[0x78a31d]
/lib/libc.so.6[0x78a2ca]
qemu[0x8059e21]
qemu[0x805a0cf]
qemu[0x80d12a1]
qemu[0x8189cb8]
qemu[0x818c3b0]
/lib/libc.so.6(__libc_start_main+0xe6)[0x6a8cc6]
...
adbf7000-adbf8000 rw-p  00:00 0 
adbf8000-ae3f8000 rw-p  00:00 0 
ae3f8000-ae742000 rw-p  00:00 0 
ae742000-ae762000 rw-p  00:00 0 
ae762000-ae764000 rw-p  00:00 0 
ae764000-ae784000 rw-p  00:00 0 
ae784000-ae786000 rw-p  00:00 0 
ae786000-b6786000 rw-p  00:00 0 
b6786000-b7894000 rw-p  00:00 0 
b78aa000-b78ab000 rw-p  00:00 0 
bfe95000-bfeaa000 rw-p  00:00 0  [stack]
已放弃 (core dumped)

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/700276

Title:
  QEMU crashed when GDB request a big size variable information

Status in QEMU:
  New

Bug description:
  Hello,
My host is Fedora 13. My QEMU version is 0.13.0, I use QEMU with GDB to debug 
Linux kernel(Version 2.6.36.2).

I use QEMU like this:"qemu -s -S -kernel build/arch/i386/boot/bzImage -hda 
/dev/zero"
When GDB connected with QEMU, and use gdb command print to look big size 
variable, the qemu is crash down. for example, when I look a task_struct 
variable 'init_task'(print init_task ), the qemu produce the below message and 
exit.

*** stack smashing detected ***: qemu terminated
=== Backtrace: =
/lib/libc.so.6(__fortify_fail+0x4d)[0x78a31d]
/lib/libc.so.6[0x78a2ca]
qemu[0x8059e21]
qemu[0x805a0cf]
qemu[0x80d12a1]
qemu[0x8189cb8]
qemu[0x818c3b0]
/lib/libc.so.6(__libc_start_main+0xe6)[0x6a8cc6]
...
adbf7000-adbf8000 rw-p  00:00 0 
adbf8000-ae3f8000 rw-p  00:00 0 
ae3f8000-ae742000 rw-p  00:00 0 
ae742000-ae762000 rw-p  00:00 0 
ae762000-ae764000 rw-p  00:00 0 
ae764000-ae784000 rw-p  00:00 0 
ae784000-ae786000 rw-p  00:00 0 
ae786000-b6786000 rw-p  00:00 0 
b6786000-b7894000 rw-p  00:00 0 
b78aa000-b78ab000 rw-p  00:00 0 
bfe95000-bfeaa000 rw-p  00:00 0  [stack]
已放弃 (core dumped)

[Qemu-devel] Re: [PATCH 14/35] kvm: Drop return value of kvm_cpu_exec

[Jan Kiszka]

Am 06.01.2011 18:56, Marcelo Tosatti wrote:
> From: Jan Kiszka 
> 
> It is not used, it is not needed, so let's remove it.
> 

Please do not apply this for now. Digging deeper into execution loop
issues, it turned out that we likely do need the return code to clean up
the kvm mess in cpu_exec.

Jan

> Signed-off-by: Jan Kiszka 
> Signed-off-by: Marcelo Tosatti 
> ---
>  kvm-all.c  |6 ++
>  kvm-stub.c |4 ++--
>  kvm.h  |2 +-
>  3 files changed, 5 insertions(+), 7 deletions(-)
> 
> diff --git a/kvm-all.c b/kvm-all.c
> index 2538283..7518f2c 100644
> --- a/kvm-all.c
> +++ b/kvm-all.c
> @@ -850,7 +850,7 @@ void kvm_cpu_synchronize_post_init(CPUState *env)
>  env->kvm_vcpu_dirty = 0;
>  }
>  
> -int kvm_cpu_exec(CPUState *env)
> +void kvm_cpu_exec(CPUState *env)
>  {
>  struct kvm_run *run = env->kvm_run;
>  int ret;
> @@ -943,7 +943,7 @@ int kvm_cpu_exec(CPUState *env)
>  #ifdef KVM_CAP_SET_GUEST_DEBUG
>  if (kvm_arch_debug(&run->debug.arch)) {
>  env->exception_index = EXCP_DEBUG;
> -return 0;
> +return;
>  }
>  /* re-enter, this exception was guest-internal */
>  ret = 1;
> @@ -960,8 +960,6 @@ int kvm_cpu_exec(CPUState *env)
>  env->exit_request = 0;
>  env->exception_index = EXCP_INTERRUPT;
>  }
> -
> -return ret;
>  }
>  
>  int kvm_ioctl(KVMState *s, int type, ...)
> diff --git a/kvm-stub.c b/kvm-stub.c
> index 5384a4b..352c6a6 100644
> --- a/kvm-stub.c
> +++ b/kvm-stub.c
> @@ -79,9 +79,9 @@ void kvm_cpu_synchronize_post_init(CPUState *env)
>  {
>  }
>  
> -int kvm_cpu_exec(CPUState *env)
> +void kvm_cpu_exec(CPUState *env)
>  {
> -abort ();
> +abort();
>  }
>  
>  int kvm_has_sync_mmu(void)
> diff --git a/kvm.h b/kvm.h
> index 60a9b42..51ad56f 100644
> --- a/kvm.h
> +++ b/kvm.h
> @@ -46,7 +46,7 @@ int kvm_has_xcrs(void);
>  #ifdef NEED_CPU_H
>  int kvm_init_vcpu(CPUState *env);
>  
> -int kvm_cpu_exec(CPUState *env);
> +void kvm_cpu_exec(CPUState *env);
>  
>  #if !defined(CONFIG_USER_ONLY)
>  int kvm_log_start(target_phys_addr_t phys_addr, ram_addr_t size);




signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 0/7] target-arm: Translate based on TB flags, not CPUState

[Aurelien Jarno]

On Fri, Jan 07, 2011 at 05:50:51PM +, Peter Maydell wrote:
> On 7 January 2011 16:01, Aurelien Jarno  wrote:
> > My other concern is about the definition of the individual bits in the
> > flags. I have seen that you have tried to summarize the usage in the
> > patch 6, but the masks and shifts are still duplicated in different
> > files, which may leads to mistakes if the flags definition are changed.
> >
> > Have you considered using #define as for example in the MIPS target?
> 
> I'll put out a proper v2 patchset in a bit but to save a round,
> are you happy with the following set of #defines?
> (I'm going to drop the comment since the #defines give the
> same info.)
> 
> /* Bit usage in the TB flags field: */
> #define ARM_TBFLAG_THUMB_SHIFT 0
> #define ARM_TBFLAG_THUMB_MASK (1 << ARM_TBFLAG_THUMB_SHIFT)
> #define ARM_TBFLAG_VECLEN_SHIFT 1
> #define ARM_TBFLAG_VECLEN_MASK (0x7 << ARM_TBFLAG_VECLEN_SHIFT)
> #define ARM_TBFLAG_VECSTRIDE_SHIFT 4
> #define ARM_TBFLAG_VECSTRIDE_MASK (0x3 << ARM_TBFLAG_VECSTRIDE_SHIFT)
> #define ARM_TBFLAG_PRIV_SHIFT 6
> #define ARM_TBFLAG_PRIV_MASK (1 << ARM_TBFLAG_PRIV_SHIFT)
> #define ARM_TBFLAG_VFPEN_SHIFT 7
> #define ARM_TBFLAG_VFPEN_MASK (1 << ARM_TBFLAG_VFPEN_SHIFT)
> #define ARM_TBFLAG_CONDEXEC_SHIFT 8
> #define ARM_TBFLAG_CONDEXEC_MASK (0xff << ARM_TBFLAG_CONDEXEC_SHIFT)

I am find with the names, maybe you can align the values for easier
readability, but that's details.

> /* some convenience accessor macros */
> #define ARM_TBFLAG_THUMB(F) \
> (((F) & ARM_TBFLAG_THUMB_MASK) >> ARM_TBFLAG_THUMB_SHIFT)
> #define ARM_TBFLAG_VECLEN(F) \
> (((F) & ARM_TBFLAG_VECLEN_MASK) >> ARM_TBFLAG_VECLEN_SHIFT)
> #define ARM_TBFLAG_VECSTRIDE(F) \
> (((F) & ARM_TBFLAG_VECSTRIDE_MASK) >> ARM_TBFLAG_VECSTRIDE_SHIFT)
> #define ARM_TBFLAG_PRIV(F) \
> (((F) & ARM_TBFLAG_PRIV_MASK) >> ARM_TBFLAG_PRIV_SHIFT)
> #define ARM_TBFLAG_VFPEN(F) \
> (((F) & ARM_TBFLAG_VFPEN_MASK) >> ARM_TBFLAG_VFPEN_SHIFT)
> #define ARM_TBFLAG_CONDEXEC(F) \
> (((F) & ARM_TBFLAG_CONDEXEC_MASK) >> ARM_TBFLAG_CONDEXEC_SHIFT)
> 

Looks fine.

-- 
Aurelien Jarno  GPG: 1024D/F1BCDB73
aurel...@aurel32.net http://www.aurel32.net

[Qemu-devel] [PATCH 1/2] ossaudio: add endianness support for VoiceIn

[Michael Walle]

Signed-off-by: Michael Walle 
---
 audio/ossaudio.c |   16 +++-
 1 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/audio/ossaudio.c b/audio/ossaudio.c
index 42bffae..5a56aa8 100644
--- a/audio/ossaudio.c
+++ b/audio/ossaudio.c
@@ -161,7 +161,7 @@ static int oss_write (SWVoiceOut *sw, void *buf, int len)
 return audio_pcm_sw_write (sw, buf, len);
 }
 
-static int aud_to_ossfmt (audfmt_e fmt)
+static int aud_to_ossfmt (audfmt_e fmt, int endianness)
 {
 switch (fmt) {
 case AUD_FMT_S8:
@@ -171,10 +171,16 @@ static int aud_to_ossfmt (audfmt_e fmt)
 return AFMT_U8;
 
 case AUD_FMT_S16:
-return AFMT_S16_LE;
+if (endianness)
+return AFMT_S16_BE;
+else
+return AFMT_S16_LE;
 
 case AUD_FMT_U16:
-return AFMT_U16_LE;
+if (endianness)
+return AFMT_U16_BE;
+else
+return AFMT_U16_LE;
 
 default:
 dolog ("Internal logic error: Bad audio format %d\n", fmt);
@@ -516,7 +522,7 @@ static int oss_init_out (HWVoiceOut *hw, struct audsettings 
*as)
 
 oss->fd = -1;
 
-req.fmt = aud_to_ossfmt (as->fmt);
+req.fmt = aud_to_ossfmt (as->fmt, as->endianness);
 req.freq = as->freq;
 req.nchannels = as->nchannels;
 req.fragsize = conf.fragsize;
@@ -682,7 +688,7 @@ static int oss_init_in (HWVoiceIn *hw, struct audsettings 
*as)
 
 oss->fd = -1;
 
-req.fmt = aud_to_ossfmt (as->fmt);
+req.fmt = aud_to_ossfmt (as->fmt, as->endianness);
 req.freq = as->freq;
 req.nchannels = as->nchannels;
 req.fragsize = conf.fragsize;
-- 
1.7.2.3

[Qemu-devel] [PATCH 2/2] alsaaudio: add endianness support for VoiceIn

[Michael Walle]

Signed-off-by: Michael Walle 
---
 audio/alsaaudio.c |   26 +++---
 1 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/audio/alsaaudio.c b/audio/alsaaudio.c
index 0741203..a86aa08 100644
--- a/audio/alsaaudio.c
+++ b/audio/alsaaudio.c
@@ -318,7 +318,7 @@ static int alsa_write (SWVoiceOut *sw, void *buf, int len)
 return audio_pcm_sw_write (sw, buf, len);
 }
 
-static snd_pcm_format_t aud_to_alsafmt (audfmt_e fmt)
+static snd_pcm_format_t aud_to_alsafmt (audfmt_e fmt, int endianness)
 {
 switch (fmt) {
 case AUD_FMT_S8:
@@ -328,16 +328,28 @@ static snd_pcm_format_t aud_to_alsafmt (audfmt_e fmt)
 return SND_PCM_FORMAT_U8;
 
 case AUD_FMT_S16:
-return SND_PCM_FORMAT_S16_LE;
+if (endianness)
+return SND_PCM_FORMAT_S16_BE;
+else
+return SND_PCM_FORMAT_S16_LE;
 
 case AUD_FMT_U16:
-return SND_PCM_FORMAT_U16_LE;
+if (endianness)
+return SND_PCM_FORMAT_U16_BE;
+else
+return SND_PCM_FORMAT_U16_LE;
 
 case AUD_FMT_S32:
-return SND_PCM_FORMAT_S32_LE;
+if (endianness)
+return SND_PCM_FORMAT_S32_BE;
+else
+return SND_PCM_FORMAT_S32_LE;
 
 case AUD_FMT_U32:
-return SND_PCM_FORMAT_U32_LE;
+if (endianness)
+return SND_PCM_FORMAT_U32_BE;
+else
+return SND_PCM_FORMAT_U32_LE;
 
 default:
 dolog ("Internal logic error: Bad audio format %d\n", fmt);
@@ -809,7 +821,7 @@ static int alsa_init_out (HWVoiceOut *hw, struct 
audsettings *as)
 snd_pcm_t *handle;
 struct audsettings obt_as;
 
-req.fmt = aud_to_alsafmt (as->fmt);
+req.fmt = aud_to_alsafmt (as->fmt, as->endianness);
 req.freq = as->freq;
 req.nchannels = as->nchannels;
 req.period_size = conf.period_size_out;
@@ -918,7 +930,7 @@ static int alsa_init_in (HWVoiceIn *hw, struct audsettings 
*as)
 snd_pcm_t *handle;
 struct audsettings obt_as;
 
-req.fmt = aud_to_alsafmt (as->fmt);
+req.fmt = aud_to_alsafmt (as->fmt, as->endianness);
 req.freq = as->freq;
 req.nchannels = as->nchannels;
 req.period_size = conf.period_size_in;
-- 
1.7.2.3

Re: [Qemu-devel] [PATCH 0/7] linux-user fixes for pull

[Aurelien Jarno]

On Fri, Jan 07, 2011 at 10:52:28PM +0200, Riku Voipio wrote:
> From: Riku Voipio 
> 
> The following changes since commit 2a704b137f1acfbd972aa6e9f031c5015c7e28cb:
> 
>   cris: Avoid useless tmp in t_gen_cc_jmp() (2011-01-07 12:50:38 +0100)
> 
> are available in the git repository at:
>   git://gitorious.org/qemu-maemo/qemu.git linux-user-for-upstream
> 
> Peter Maydell (5):
>   linux-user: Implement sync_file_range{,2} syscalls
>   linux-user: Support ioctls whose parameter size is not constant
>   linux-user: Implement FS_IOC_FIEMAP ioctl
>   softfloat: Implement floatx80_is_any_nan() and float128_is_any_nan()
>   linux-user: Fix incorrect NaN detection in ARM nwfpe emulation
> 
> Wolfgang Schildbach (2):
>   Fix commandline handling for ARM semihosted executables
>   Remove dead code for ARM semihosting commandline handling
> 
>  arm-semi.c|   79 ++-
>  bsd-user/bsdload.c|2 -
>  bsd-user/qemu.h   |1 -
>  configure |   18 +
>  fpu/softfloat.h   |   11 +++
>  linux-user/arm/nwfpe/fpa11_cprt.c |   14 ++--
>  linux-user/ioctls.h   |4 +
>  linux-user/linuxload.c|2 -
>  linux-user/qemu.h |1 -
>  linux-user/strace.list|6 ++
>  linux-user/syscall.c  |  129 
> -
>  linux-user/syscall_defs.h |1 +
>  linux-user/syscall_types.h|   16 +
>  13 files changed, 238 insertions(+), 46 deletions(-)
> 

Thanks, pulled.

-- 
Aurelien Jarno  GPG: 1024D/F1BCDB73
aurel...@aurel32.net http://www.aurel32.net

[Qemu-devel] [Bug 673613] Re: ARM semihosting SYS_GET_CMDLINE does not return arguments

[Aurelien Jarno]

** Changed in: qemu
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/673613

Title:
  ARM semihosting SYS_GET_CMDLINE does not return arguments

Status in QEMU:
  Fix Committed

Bug description:
  I have downloaded version 0.13.0 of the code, configured with: './configure' 
'--prefix=/tmp/qemu-0.13.0' 
'--interp-prefix=/tmp/qemu-0.13.0/usr/local/gnemul/qemu-%M' 
'--target-list=arm-softmmu arm-linux-user armeb-linux-user'

and built using gcc version 4.3.2 (Debian 4.3.2-1.1). Execution environment is 
Debian, kernel 2.6.26-2-686.

I am running a barebone helloworld.c which echoes its commandline arguments, 
compiled with ADS1.2 from ARM. The arguments never get echoed back.

I have found the culprit in the source code, lines 3020 and 3022 of 
linux-user/main.c which free target_argv[]. However, loader_exec(), which is 
called a couple lines above, records the pointer to target_argv[]. So, when the 
data is accessed in arm-semi.c, it is actually trying to load from memory that 
has been free()d already.

This bug manifests itself for baremetal simulation, but I suspect it hits other 
platforms as well.

[Qemu-devel] [PATCH v2 1/2] ARM: add neon helpers for VQSHLU

[Peter Maydell]

From: Juha Riihimäki 

Add neon helper functions to implement VQSHLU, which is a
signed-to-unsigned version of VQSHL available only as an
immediate form.

Signed-off-by: Juha Riihimäki 
Reviewed-by: Aurelien Jarno 
Signed-off-by: Peter Maydell 
---
 target-arm/helpers.h |4 +++
 target-arm/neon_helper.c |   47 ++
 2 files changed, 51 insertions(+), 0 deletions(-)

diff --git a/target-arm/helpers.h b/target-arm/helpers.h
index 0d1bc47..b88ebae 100644
--- a/target-arm/helpers.h
+++ b/target-arm/helpers.h
@@ -249,6 +249,10 @@ DEF_HELPER_3(neon_qshl_u32, i32, env, i32, i32)
 DEF_HELPER_3(neon_qshl_s32, i32, env, i32, i32)
 DEF_HELPER_3(neon_qshl_u64, i64, env, i64, i64)
 DEF_HELPER_3(neon_qshl_s64, i64, env, i64, i64)
+DEF_HELPER_3(neon_qshlu_s8, i32, env, i32, i32);
+DEF_HELPER_3(neon_qshlu_s16, i32, env, i32, i32);
+DEF_HELPER_3(neon_qshlu_s32, i32, env, i32, i32);
+DEF_HELPER_3(neon_qshlu_s64, i64, env, i64, i64);
 DEF_HELPER_3(neon_qrshl_u8, i32, env, i32, i32)
 DEF_HELPER_3(neon_qrshl_s8, i32, env, i32, i32)
 DEF_HELPER_3(neon_qrshl_u16, i32, env, i32, i32)
diff --git a/target-arm/neon_helper.c b/target-arm/neon_helper.c
index dae063e..20f3c16 100644
--- a/target-arm/neon_helper.c
+++ b/target-arm/neon_helper.c
@@ -632,6 +632,53 @@ uint64_t HELPER(neon_qshl_s64)(CPUState *env, uint64_t 
valop, uint64_t shiftop)
 return val;
 }
 
+#define NEON_FN(dest, src1, src2) do { \
+if (src1 & (1 << (sizeof(src1) * 8 - 1))) { \
+SET_QC(); \
+dest = 0; \
+} else { \
+int8_t tmp; \
+tmp = (int8_t)src2; \
+if (tmp >= (ssize_t)sizeof(src1) * 8) { \
+if (src1) { \
+SET_QC(); \
+dest = ~0; \
+} else { \
+dest = 0; \
+} \
+} else if (tmp <= -(ssize_t)sizeof(src1) * 8) { \
+dest = 0; \
+} else if (tmp < 0) { \
+dest = src1 >> -tmp; \
+} else { \
+dest = src1 << tmp; \
+if ((dest >> tmp) != src1) { \
+SET_QC(); \
+dest = ~0; \
+} \
+} \
+}} while (0)
+NEON_VOP_ENV(qshlu_s8, neon_u8, 4)
+NEON_VOP_ENV(qshlu_s16, neon_u16, 2)
+#undef NEON_FN
+
+uint32_t HELPER(neon_qshlu_s32)(CPUState *env, uint32_t valop, uint32_t 
shiftop)
+{
+if ((int32_t)valop < 0) {
+SET_QC();
+return 0;
+}
+return helper_neon_qshl_u32(env, valop, shiftop);
+}
+
+uint64_t HELPER(neon_qshlu_s64)(CPUState *env, uint64_t valop, uint64_t 
shiftop)
+{
+if ((int64_t)valop < 0) {
+SET_QC();
+return 0;
+}
+return helper_neon_qshl_u64(env, valop, shiftop);
+}
 
 /* FIXME: This is wrong.  */
 #define NEON_FN(dest, src1, src2) do { \
-- 
1.6.3.3

[Qemu-devel] [PATCH v2 2/2] ARM: Fix decoding of VQSHL/VQSHLU immediate forms

[Peter Maydell]

Fix errors in the decoding of ARM VQSHL/VQSHLU immediate forms,
including using the new VQSHLU helper functions where appropriate.

Reviewed-by: Aurelien Jarno 
Signed-off-by: Peter Maydell 
---
 target-arm/translate.c |   51 +--
 1 files changed, 36 insertions(+), 15 deletions(-)

diff --git a/target-arm/translate.c b/target-arm/translate.c
index 2ce82f3..57664bc 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -4652,14 +4652,22 @@ static int disas_neon_data_insn(CPUState * env, 
DisasContext *s, uint32_t insn)
 case 5: /* VSHL, VSLI */
 gen_helper_neon_shl_u64(cpu_V0, cpu_V0, cpu_V1);
 break;
-case 6: /* VQSHL */
-if (u)
-gen_helper_neon_qshl_u64(cpu_V0, cpu_env, 
cpu_V0, cpu_V1);
-else
-gen_helper_neon_qshl_s64(cpu_V0, cpu_env, 
cpu_V0, cpu_V1);
+case 6: /* VQSHLU */
+if (u) {
+gen_helper_neon_qshlu_s64(cpu_V0, cpu_env,
+  cpu_V0, cpu_V1);
+} else {
+return 1;
+}
 break;
-case 7: /* VQSHLU */
-gen_helper_neon_qshl_u64(cpu_V0, cpu_env, cpu_V0, 
cpu_V1);
+case 7: /* VQSHL */
+if (u) {
+gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
+ cpu_V0, cpu_V1);
+} else {
+gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
+ cpu_V0, cpu_V1);
+}
 break;
 }
 if (op == 1 || op == 3) {
@@ -4698,17 +4706,30 @@ static int disas_neon_data_insn(CPUState * env, 
DisasContext *s, uint32_t insn)
 default: return 1;
 }
 break;
-case 6: /* VQSHL */
-GEN_NEON_INTEGER_OP_ENV(qshl);
-break;
-case 7: /* VQSHLU */
+case 6: /* VQSHLU */
+if (!u) {
+return 1;
+}
 switch (size) {
-case 0: gen_helper_neon_qshl_u8(tmp, cpu_env, tmp, 
tmp2); break;
-case 1: gen_helper_neon_qshl_u16(tmp, cpu_env, 
tmp, tmp2); break;
-case 2: gen_helper_neon_qshl_u32(tmp, cpu_env, 
tmp, tmp2); break;
-default: return 1;
+case 0:
+gen_helper_neon_qshlu_s8(tmp, cpu_env,
+ tmp, tmp2);
+break;
+case 1:
+gen_helper_neon_qshlu_s16(tmp, cpu_env,
+  tmp, tmp2);
+break;
+case 2:
+gen_helper_neon_qshlu_s32(tmp, cpu_env,
+  tmp, tmp2);
+break;
+default:
+return 1;
 }
 break;
+case 7: /* VQSHL */
+GEN_NEON_INTEGER_OP_ENV(qshl);
+break;
 }
 dead_tmp(tmp2);
 
-- 
1.6.3.3

[Qemu-devel] [PATCH v2 0/2] ARM: Fix VQSHL/VQSHLU immediate forms

[Peter Maydell]

This patchset fixes errors in the decoding and implementation of the
immediate forms of the VQSHL/VQSHLU ARM instructions.
Tested in the usual random-instruction-set way. This is the final part
of the maemo-qemu tree commit 03a2445a fixes (the first part being
the already-committed VQSHL-reg patchset); the patch down as authored
by me is a minor tweaking of changes in the maemo-qemu commit.

There are no code changes here since v1, I've just got the author
attributions right (and added the reviewed-by tags from Aurelien,
thanks!)

Juha Riihimäki (1):
  ARM: add neon helpers for VQSHLU

Peter Maydell (1):
  ARM: Fix decoding of VQSHL/VQSHLU immediate forms

 target-arm/helpers.h |4 +++
 target-arm/neon_helper.c |   47 ++
 target-arm/translate.c   |   51 -
 3 files changed, 87 insertions(+), 15 deletions(-)

[Qemu-devel] Re: [PATCH 1/2] ossaudio: add endianness support for VoiceIn

[malc]

On Sat, 8 Jan 2011, Michael Walle wrote:

> Signed-off-by: Michael Walle 
> ---
>  audio/ossaudio.c |   16 +++-
>  1 files changed, 11 insertions(+), 5 deletions(-)
> 

This misses braces around if statements. (Ditto for alsa)

[..snip..]

-- 
mailto:av1...@comtv.ru

[Qemu-devel] [PATCH 2/2] alsaaudio: add endianness support for VoiceIn

[Michael Walle]

Signed-off-by: Michael Walle 
---
 audio/alsaaudio.c |   30 +++---
 1 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/audio/alsaaudio.c b/audio/alsaaudio.c
index 0741203..8d77646 100644
--- a/audio/alsaaudio.c
+++ b/audio/alsaaudio.c
@@ -318,7 +318,7 @@ static int alsa_write (SWVoiceOut *sw, void *buf, int len)
 return audio_pcm_sw_write (sw, buf, len);
 }
 
-static snd_pcm_format_t aud_to_alsafmt (audfmt_e fmt)
+static snd_pcm_format_t aud_to_alsafmt (audfmt_e fmt, int endianness)
 {
 switch (fmt) {
 case AUD_FMT_S8:
@@ -328,16 +328,32 @@ static snd_pcm_format_t aud_to_alsafmt (audfmt_e fmt)
 return SND_PCM_FORMAT_U8;
 
 case AUD_FMT_S16:
-return SND_PCM_FORMAT_S16_LE;
+if (endianness) {
+return SND_PCM_FORMAT_S16_BE;
+} else {
+return SND_PCM_FORMAT_S16_LE;
+}
 
 case AUD_FMT_U16:
-return SND_PCM_FORMAT_U16_LE;
+if (endianness) {
+return SND_PCM_FORMAT_U16_BE;
+} else {
+return SND_PCM_FORMAT_U16_LE;
+}
 
 case AUD_FMT_S32:
-return SND_PCM_FORMAT_S32_LE;
+if (endianness) {
+return SND_PCM_FORMAT_S32_BE;
+} else {
+return SND_PCM_FORMAT_S32_LE;
+}
 
 case AUD_FMT_U32:
-return SND_PCM_FORMAT_U32_LE;
+if (endianness) {
+return SND_PCM_FORMAT_U32_BE;
+} else {
+return SND_PCM_FORMAT_U32_LE;
+}
 
 default:
 dolog ("Internal logic error: Bad audio format %d\n", fmt);
@@ -809,7 +825,7 @@ static int alsa_init_out (HWVoiceOut *hw, struct 
audsettings *as)
 snd_pcm_t *handle;
 struct audsettings obt_as;
 
-req.fmt = aud_to_alsafmt (as->fmt);
+req.fmt = aud_to_alsafmt (as->fmt, as->endianness);
 req.freq = as->freq;
 req.nchannels = as->nchannels;
 req.period_size = conf.period_size_out;
@@ -918,7 +934,7 @@ static int alsa_init_in (HWVoiceIn *hw, struct audsettings 
*as)
 snd_pcm_t *handle;
 struct audsettings obt_as;
 
-req.fmt = aud_to_alsafmt (as->fmt);
+req.fmt = aud_to_alsafmt (as->fmt, as->endianness);
 req.freq = as->freq;
 req.nchannels = as->nchannels;
 req.period_size = conf.period_size_in;
-- 
1.7.2.3

[Qemu-devel] [PATCH 1/2] ossaudio: add endianness support for VoiceIn

[Michael Walle]

Signed-off-by: Michael Walle 
---
 audio/ossaudio.c |   18 +-
 1 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/audio/ossaudio.c b/audio/ossaudio.c
index 42bffae..cfa8f99 100644
--- a/audio/ossaudio.c
+++ b/audio/ossaudio.c
@@ -161,7 +161,7 @@ static int oss_write (SWVoiceOut *sw, void *buf, int len)
 return audio_pcm_sw_write (sw, buf, len);
 }
 
-static int aud_to_ossfmt (audfmt_e fmt)
+static int aud_to_ossfmt (audfmt_e fmt, int endianness)
 {
 switch (fmt) {
 case AUD_FMT_S8:
@@ -171,10 +171,18 @@ static int aud_to_ossfmt (audfmt_e fmt)
 return AFMT_U8;
 
 case AUD_FMT_S16:
-return AFMT_S16_LE;
+if (endianness) {
+return AFMT_S16_BE;
+} else {
+return AFMT_S16_LE;
+}
 
 case AUD_FMT_U16:
-return AFMT_U16_LE;
+if (endianness) {
+return AFMT_U16_BE;
+} else {
+return AFMT_U16_LE;
+}
 
 default:
 dolog ("Internal logic error: Bad audio format %d\n", fmt);
@@ -516,7 +524,7 @@ static int oss_init_out (HWVoiceOut *hw, struct audsettings 
*as)
 
 oss->fd = -1;
 
-req.fmt = aud_to_ossfmt (as->fmt);
+req.fmt = aud_to_ossfmt (as->fmt, as->endianness);
 req.freq = as->freq;
 req.nchannels = as->nchannels;
 req.fragsize = conf.fragsize;
@@ -682,7 +690,7 @@ static int oss_init_in (HWVoiceIn *hw, struct audsettings 
*as)
 
 oss->fd = -1;
 
-req.fmt = aud_to_ossfmt (as->fmt);
+req.fmt = aud_to_ossfmt (as->fmt, as->endianness);
 req.freq = as->freq;
 req.nchannels = as->nchannels;
 req.fragsize = conf.fragsize;
-- 
1.7.2.3

[Qemu-devel] [PATCH 0/7] cppcheck fixes

[Blue Swirl]

This patch set fixes bugs found by cppcheck.

http://sourceforge.net/apps/mediawiki/cppcheck/index.php?title=Main_Page

Blue Swirl (7):
  vnc-auth-sasl: fix a memory leak
  loader: fix a file descriptor leak
  vvfat: fix a file descriptor leak
  qemu-io: fix a memory leak
  vpc: fix a file descriptor leak
  lan9118: fix a buffer overflow
  ppc405_uc: fix a buffer overflow

 block/vpc.c|   47 ++-
 block/vvfat.c  |1 +
 hw/lan9118.c   |2 +-
 hw/loader.c|5 +++--
 hw/ppc405_uc.c |5 +++--
 qemu-io.c  |4 +++-
 ui/vnc-auth-sasl.c |   14 --
 7 files changed, 49 insertions(+), 29 deletions(-)

[Qemu-devel] [PATCH 2/7] loader: fix a file descriptor leak

[Blue Swirl]

Fix a file descriptor leak, reported by cppcheck:
[/src/qemu/hw/loader.c:311]: (error) Resource leak: fd

Signed-off-by: Blue Swirl 
---
 hw/loader.c |5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/loader.c b/hw/loader.c
index eb198f6..35d792e 100644
--- a/hw/loader.c
+++ b/hw/loader.c
@@ -307,8 +307,9 @@ int load_elf(const char *filename, uint64_t
(*translate_fn)(void *, uint64_t),
 target_data_order = ELFDATA2LSB;
 }

-if (target_data_order != e_ident[EI_DATA])
-return -1;
+if (target_data_order != e_ident[EI_DATA]) {
+goto fail;
+}

 lseek(fd, 0, SEEK_SET);
 if (e_ident[EI_CLASS] == ELFCLASS64) {
-- 
1.6.2.4

[Qemu-devel] [PATCH 5/7] vpc: fix a file descriptor leak

[Blue Swirl]

Fix a file descriptor leak, reported by cppcheck:
[/src/qemu/block/vpc.c:524]: (error) Resource leak: fd

Signed-off-by: Blue Swirl 
---
 block/vpc.c |   47 ++-
 1 files changed, 30 insertions(+), 17 deletions(-)

diff --git a/block/vpc.c b/block/vpc.c
index 21e2a68..7b025be 100644
--- a/block/vpc.c
+++ b/block/vpc.c
@@ -502,6 +502,7 @@ static int vpc_create(const char *filename,
QEMUOptionParameter *options)
 uint8_t secs_per_cyl = 0;
 size_t block_size, num_bat_entries;
 int64_t total_sectors = 0;
+int ret = -EIO;

 // Read out options
 while (options && options->name) {
@@ -521,7 +522,8 @@ static int vpc_create(const char *filename,
QEMUOptionParameter *options)
 for (i = 0; total_sectors > (int64_t)cyls * heads * secs_per_cyl; i++) {
 if (calculate_geometry(total_sectors + i,
&cyls, &heads, &secs_per_cyl)) {
-return -EFBIG;
+ret = -EFBIG;
+goto fail;
 }
 }
 total_sectors = (int64_t) cyls * heads * secs_per_cyl;
@@ -560,22 +562,28 @@ static int vpc_create(const char *filename,
QEMUOptionParameter *options)
 block_size = 0x20;
 num_bat_entries = (total_sectors + block_size / 512) / (block_size / 512);

-if (write(fd, buf, HEADER_SIZE) != HEADER_SIZE)
-return -EIO;
+if (write(fd, buf, HEADER_SIZE) != HEADER_SIZE) {
+goto fail;
+}

-if (lseek(fd, 1536 + ((num_bat_entries * 4 + 511) & ~511), SEEK_SET) < 0)
-return -EIO;
-if (write(fd, buf, HEADER_SIZE) != HEADER_SIZE)
-return -EIO;
+if (lseek(fd, 1536 + ((num_bat_entries * 4 + 511) & ~511), SEEK_SET) < 0) {
+goto fail;
+}
+if (write(fd, buf, HEADER_SIZE) != HEADER_SIZE) {
+goto fail;
+}

 // Write the initial BAT
-if (lseek(fd, 3 * 512, SEEK_SET) < 0)
-return -EIO;
+if (lseek(fd, 3 * 512, SEEK_SET) < 0) {
+goto fail;
+}

 memset(buf, 0xFF, 512);
-for (i = 0; i < (num_bat_entries * 4 + 511) / 512; i++)
-if (write(fd, buf, 512) != 512)
-return -EIO;
+for (i = 0; i < (num_bat_entries * 4 + 511) / 512; i++) {
+if (write(fd, buf, 512) != 512) {
+goto fail;
+}
+}


 // Prepare the Dynamic Disk Header
@@ -592,13 +600,18 @@ static int vpc_create(const char *filename,
QEMUOptionParameter *options)
 dyndisk_header->checksum = be32_to_cpu(vpc_checksum(buf, 1024));

 // Write the header
-if (lseek(fd, 512, SEEK_SET) < 0)
-return -EIO;
-if (write(fd, buf, 1024) != 1024)
-return -EIO;
+if (lseek(fd, 512, SEEK_SET) < 0) {
+goto fail;
+}

+if (write(fd, buf, 1024) != 1024) {
+goto fail;
+}
+ret = 0;
+
+ fail:
 close(fd);
-return 0;
+return ret;
 }

 static void vpc_close(BlockDriverState *bs)
-- 
1.6.2.4

[Qemu-devel] [PATCH 1/7] vnc-auth-sasl: fix a memory leak

[Blue Swirl]

Fix a memory leak reported by cppcheck:
[/src/qemu/ui/vnc-auth-sasl.c:448]: (error) Memory leak: mechname

Signed-off-by: Blue Swirl 
---
 ui/vnc-auth-sasl.c |   14 --
 1 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/ui/vnc-auth-sasl.c b/ui/vnc-auth-sasl.c
index a51ddc8..17a621a 100644
--- a/ui/vnc-auth-sasl.c
+++ b/ui/vnc-auth-sasl.c
@@ -444,22 +444,19 @@ static int
protocol_client_auth_sasl_mechname(VncState *vs, uint8_t *data, size_
 if (vs->sasl.mechlist[len] != '\0' &&
 vs->sasl.mechlist[len] != ',') {
 VNC_DEBUG("One %d", vs->sasl.mechlist[len]);
-vnc_client_error(vs);
-return -1;
+goto fail;
 }
 } else {
 char *offset = strstr(vs->sasl.mechlist, mechname);
 VNC_DEBUG("Two %p\n", offset);
 if (!offset) {
-vnc_client_error(vs);
-return -1;
+goto fail;
 }
 VNC_DEBUG("Two '%s'\n", offset);
 if (offset[-1] != ',' ||
 (offset[len] != '\0'&&
  offset[len] != ',')) {
-vnc_client_error(vs);
-return -1;
+goto fail;
 }
 }

@@ -469,6 +466,11 @@ static int
protocol_client_auth_sasl_mechname(VncState *vs, uint8_t *data, size_
 VNC_DEBUG("Validated mechname '%s'\n", mechname);
 vnc_read_when(vs, protocol_client_auth_sasl_start_len, 4);
 return 0;
+
+ fail:
+vnc_client_error(vs);
+free(mechname);
+return -1;
 }

 static int protocol_client_auth_sasl_mechname_len(VncState *vs,
uint8_t *data, size_t len)
-- 
1.6.2.4

[Qemu-devel] [PATCH 4/7] qemu-io: fix a memory leak

[Blue Swirl]

Fix a memory leak, reported by cppcheck:
[/src/qemu/qemu-io.c:1135]: (error) Memory leak: ctx

Signed-off-by: Blue Swirl 
---
 qemu-io.c |4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/qemu-io.c b/qemu-io.c
index 65dee13..5b24c5e 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -1131,8 +1131,10 @@ aio_read_f(int argc, char **argv)
case 'P':
ctx->Pflag = 1;
ctx->pattern = parse_pattern(optarg);
-   if (ctx->pattern < 0)
+   if (ctx->pattern < 0) {
+free(ctx);
return 0;
+}
break;
case 'q':
ctx->qflag = 1;
-- 
1.6.2.4

[Qemu-devel] [PATCH 3/7] vvfat: fix a file descriptor leak

[Blue Swirl]

Fix a file descriptor leak, reported by cppcheck:
[/src/qemu/block/vvfat.c:759]: (error) Resource leak: dir

Signed-off-by: Blue Swirl 
---
 block/vvfat.c |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/block/vvfat.c b/block/vvfat.c
index 26dd474..fe568fe 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -756,6 +756,7 @@ static int read_directory(BDRVVVFATState* s, int
mapping_index)
 if (st.st_size > 0x7fff) {
fprintf(stderr, "File %s is larger than 2GB\n", buffer);
free(buffer);
+closedir(dir);
return -2;
 }
direntry->size=cpu_to_le32(S_ISDIR(st.st_mode)?0:st.st_size);
-- 
1.6.2.4

[Qemu-devel] [PATCH 6/7] lan9118: fix a buffer overflow

[Blue Swirl]

Fix a buffer overflow, reported by cppcheck:
[/src/qemu/hw/lan9118.c:849]: (error) Buffer access out-of-bounds: s.eeprom

All eeprom handling code assumes that the size of eeprom is 128.

Signed-off-by: Blue Swirl 
---
 hw/lan9118.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/lan9118.c b/hw/lan9118.c
index a988664..1bb829e 100644
--- a/hw/lan9118.c
+++ b/hw/lan9118.c
@@ -187,7 +187,7 @@ typedef struct {
 uint32_t phy_int_mask;

 int eeprom_writable;
-uint8_t eeprom[8];
+uint8_t eeprom[128];

 int tx_fifo_size;
 LAN9118Packet *txp;
-- 
1.6.2.4

[Qemu-devel] [PATCH 7/7] ppc405_uc: fix a buffer overflow

[Blue Swirl]

Fix a buffer overflow, reported by cppcheck:
[/src/qemu/hw/ppc405_uc.c:72]: (error) Buffer access out-of-bounds:
bd.bi_s_version

The use of field bi_s_version seems to be a typo, it should be
bi_r_version.

Signed-off-by: Blue Swirl 
---
 hw/ppc405_uc.c |5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/ppc405_uc.c b/hw/ppc405_uc.c
index 8136cb9..334187e 100644
--- a/hw/ppc405_uc.c
+++ b/hw/ppc405_uc.c
@@ -68,8 +68,9 @@ ram_addr_t ppc405_set_bootinfo (CPUState *env,
ppc4xx_bd_info_t *bd,
 stl_phys(bdloc + 0x34, bd->bi_baudrate);
 for (i = 0; i < 4; i++)
 stb_phys(bdloc + 0x38 + i, bd->bi_s_version[i]);
-for (i = 0; i < 32; i++)
-stb_phys(bdloc + 0x3C + i, bd->bi_s_version[i]);
+for (i = 0; i < 32; i++) {
+stb_phys(bdloc + 0x3C + i, bd->bi_r_version[i]);
+}
 stl_phys(bdloc + 0x5C, bd->bi_plb_busfreq);
 stl_phys(bdloc + 0x60, bd->bi_pci_busfreq);
 for (i = 0; i < 6; i++)
-- 
1.6.2.4

[Qemu-devel] [RFC][PATCH] lsi53c895a: Update dnad when skipping MSGOUT bytes

[Stefan Hajnoczi]

Update not only dbc but also dnad when skipping bytes during the MSGOUT
phase.  Previously only dbc was updated which is probably wrong and
could lead to bogus message codes being read.

Signed-off-by: Stefan Hajnoczi 
---
I don't know the LSI SCSI code well but it seems odd that only dbc is updated
but the actual address isn't bumped when skipping bytes.  Unfortunately I
cannot test this because I don't know how to trigger SDTR/WDTR extended
messages.  Any ideas?

Came across this issue while looking into the following bug report:
https://bugs.launchpad.net/qemu/+bug/697510

 hw/lsi53c895a.c |   11 +--
 1 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/hw/lsi53c895a.c b/hw/lsi53c895a.c
index 0129ae3..c73f60a 100644
--- a/hw/lsi53c895a.c
+++ b/hw/lsi53c895a.c
@@ -842,6 +842,13 @@ static uint8_t lsi_get_msgbyte(LSIState *s)
 return data;
 }
 
+/* Skip the next n bytes during a MSGOUT phase. */
+static void lsi_skip_msgbytes(LSIState *s, unsigned int n)
+{
+s->dnad += n;
+s->dbc  -= n;
+}
+
 static void lsi_do_msgout(LSIState *s)
 {
 uint8_t msg;
@@ -869,11 +876,11 @@ static void lsi_do_msgout(LSIState *s)
 switch (msg) {
 case 1:
 DPRINTF("SDTR (ignored)\n");
-s->dbc -= 2;
+lsi_skip_msgbytes(s, 2);
 break;
 case 3:
 DPRINTF("WDTR (ignored)\n");
-s->dbc -= 1;
+lsi_skip_msgbytes(s, 1);
 break;
 default:
 goto bad;
-- 
1.7.2.3

[Qemu-devel] [PATCH] linux-user: fix for loopmount ioctl

[Martin Mohring]

Hi,

I had fixed the loopmount ioctl for linux-user, working correctly for arm, 
mips, ppc32 and sh4.

Martin

From: Martin Mohring 

In case a chrooted build uses XEN or KVM, a looped mount needs to be done to setup the chroot.
The ioctl for loop mount works correctly for arm, mips, ppc32 and sh4, so its now activated.

Signed-off-by: Martin Mohring 
---
diff -u -r qemu-0.14git2011.01.06.2243.orig//linux-user/ioctls.h qemu-0.14git2011.01.06.2243//linux-user/ioctls.h
--- qemu-0.14git2011.01.06.2243.orig//linux-user/ioctls.h	2011-01-08 20:50:21.0 +0100
+++ qemu-0.14git2011.01.06.2243//linux-user/ioctls.h	2011-01-09 00:17:41.0 +0100
@@ -312,10 +312,8 @@
   IOCTL(LOOP_CLR_FD, 0, TYPE_INT)
   IOCTL(LOOP_SET_STATUS, IOC_W, MK_PTR(MK_STRUCT(STRUCT_loop_info)))
   IOCTL(LOOP_GET_STATUS, IOC_W, MK_PTR(MK_STRUCT(STRUCT_loop_info)))
-#if 0 /* These have some problems - not fully tested */
   IOCTL(LOOP_SET_STATUS64, IOC_W, MK_PTR(MK_STRUCT(STRUCT_loop_info64)))
   IOCTL(LOOP_GET_STATUS64, IOC_W, MK_PTR(MK_STRUCT(STRUCT_loop_info64)))
-#endif
   IOCTL(LOOP_CHANGE_FD, 0, TYPE_INT)
 
   IOCTL(MTIOCTOP, IOC_W, MK_PTR(MK_STRUCT(STRUCT_mtop)))
Only in qemu-0.14git2011.01.06.2243//linux-user: ioctls.h.orig
Only in qemu-0.14git2011.01.06.2243//linux-user: ioctls.h~

[Qemu-devel] Re: [PATCH 1/2] ossaudio: add endianness support for VoiceIn

[malc]

On Sat, 8 Jan 2011, Michael Walle wrote:

> Signed-off-by: Michael Walle 
> ---
>  audio/ossaudio.c |   18 +-
>  1 files changed, 13 insertions(+), 5 deletions(-)

Thanks, applied with minor stylistic changes. (ditto alsaaudio.c)

[..snip..]

-- 
mailto:av1...@comtv.ru

[Qemu-devel] [Bug 688085] Re: Guest kernel hang during boot when KVM is active on i386 host

[kred]

Error still can be reproducible on patched 2.6.35-24-generic, amd64
architecture on Athlon 64 X2.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/688085

Title:
  Guest kernel hang during boot when KVM is active on i386 host

Status in meego project:
  Unknown
Status in QEMU:
  Fix Released
Status in qemu-kvm:
  Fix Released
Status in “kvm” package in Ubuntu:
  Invalid
Status in “linux” package in Ubuntu:
  In Progress
Status in “qemu” package in Ubuntu:
  Invalid
Status in “qemu-kvm” package in Ubuntu:
  Invalid
Status in “kvm” source package in Maverick:
  New
Status in “linux” source package in Maverick:
  New
Status in “qemu” source package in Maverick:
  New
Status in “qemu-kvm” source package in Maverick:
  New

Bug description:
  Binary package hint: qemu

Guest kernel hang during boot when KVM is active on i386 host

See the patch.
http://www.spinics.net/lists/kvm/msg40800.html

How to reproduce:
1. install Maversick x86 (not amd64)
2. ensure you have  kvm support in processor
3. kvm -kernel /boot/initrd.img-2.6.35-24-generic-pae
4. kvm -no-kvm -kernel /boot/initrd.img-2.6.35-24-generic-pae works OK.

SRU Justification:
Impact: Users cannot boot KVM guests on i386 hosts
2. How bug addressed:  The upstream commit at 
http://www.spinics.net/lists/kvm/msg40800.html fixed it
3. Patch:  A kernel patch is attached to this bug.
4. Reproduce: boot an i386 kernel on a kvm-capable host.  Try to boot a kvm 
guest.
5. Regression potential: since this is cherrypicking a commit from a future 
upstream which had already been changed, regression is possible.  However if 
there is a regression, it should only affect users of KVM on i386 hosts, which 
currently fail anyway.