[Qemu-devel] [PATCH v2 0/3] Minor nmi cleanups

v2: 2/4: Remove inject_nmi and call nmi_monitor_handle() directly 3/4: rm -rf 4/4: Call nmi_monitor_handle and pass cpu index The primary change is a arch specific x86 nmi function which can be called by the core nmi handler. Bandan Das (3): target-i386: add a generic x86 nmi handler nmi

[Qemu-devel] [PATCH v2 2/3] nmi: remove x86 specific nmi handling

nmi_monitor_handle is wired to call the x86 nmi handler. So, we can directly use it at call sites. Signed-off-by: Bandan Das --- hw/core/nmi.c | 24 hw/watchdog/watchdog.c | 2 +- include/hw/nmi.h | 1 - 3 files changed, 1 insertion(+), 26 deletions

Re: [Qemu-devel] [PATCH 4/4] cpus: call the core nmi injection function

Paolo Bonzini writes: > On 20/05/2016 00:15, Bandan Das wrote: >> void qmp_inject_nmi(Error **errp) >> { >> -#if defined(TARGET_I386) >> -CPUState *cs; >> - >> -CPU_FOREACH(cs) { >> -X86CPU *cpu = X86_C

[Qemu-devel] [PATCH v2 1/3] target-i386: add a generic x86 nmi handler

Instead of having x86 ifdefs in core nmi code, this change adds a arch specific handler that the nmi common code can call. Signed-off-by: Bandan Das --- hw/i386/pc.c | 20 1 file changed, 20 insertions(+) diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 99437e0..e29ccc8

[Qemu-devel] [PATCH v2 3/3] cpus: call the core nmi injection function

We can call the common function here directly since x86 specific actions will be taken care of by the arch specific nmi handler Signed-off-by: Bandan Das --- cpus.c | 14 -- 1 file changed, 14 deletions(-) diff --git a/cpus.c b/cpus.c index eb34b4f..481f78a 100644 --- a/cpus.c

[Qemu-devel] [PATCH] monitor: print help for command errors

|off][,copy-on-read=on|off] -- add drive to PCI storage controller Signed-off-by: Bandan Das --- monitor.c | 28 +++- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/monitor.c b/monitor.c index b2561e1..37f00d9 100644 --- a/monitor.c +++ b/monitor.c @@ -939,7

Re: [Qemu-devel] [PATCH] monitor: print help for command errors

Markus Armbruster writes: > Bandan Das writes: > >> Unlike machines, humans will be (mostly) appreciative on seeing >> help output when a command fails due to incorrect syntax or input. >> By default, print output of help_cmd() to the monitor in such cases. >>

[Qemu-devel] [PATCH] monitor: suggest running "help" for command errors

dd: string expected Try "help drive_add" for more information Signed-off-by: Bandan Das --- monitor.c | 28 +++- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/monitor.c b/monitor.c index b2561e1..46e8880 100644 --- a/monitor.c +++ b/monitor.c @@ -939,7

Re: [Qemu-devel] [PULL 2/4] usb-mtp: fix some usb_mtp_write_data return paths

Peter Maydell writes: > On Thu, 7 Mar 2019 at 09:58, Gerd Hoffmann wrote: >> >> From: Bandan Das >> >> During a write, free up the "path" before getting more data. >> Also, while we at it, remove the confusing usage of d->fd for >> storing

Re: [Qemu-devel] [PULL 3/4] usb-mtp: prevent null dereference while deleting objects

Peter Maydell writes: > On Thu, 7 Mar 2019 at 09:56, Gerd Hoffmann wrote: >> >> From: Bandan Das >> >> Spotted by Coverity: CID 1399144 >> >> Signed-off-by: Bandan Das >> Message-id: 20190306210409.14842-4-...@redhat.com >> Signed-off

[Qemu-devel] [PATCH] usb-mtp: fix return status of delete

Spotted by Coverity: CID 1399414 mtp delete allows the a return status of delete succeeded, partial_delete or readonly - when none of the objects could be deleted. Some initiators recurse over the objects themselves. In that case, only READ_ONLY can be returned. Signed-off-by: Bandan Das

Re: [Qemu-devel] [PATCH] usb-mtp: fix return status of delete

Peter Maydell writes: > On Fri, 8 Mar 2019 at 22:14, Bandan Das wrote: >> >> >> Spotted by Coverity: CID 1399414 >> >> mtp delete allows the a return status of delete succeeded, >> partial_delete or readonly - when none of the objects could be >> de

Re: [Qemu-devel] [PATCH] usb-mtp: fix return status of delete

Peter Maydell writes: > On Mon, 11 Mar 2019 at 16:14, Bandan Das wrote: >> >> Peter Maydell writes: >> > At the moment PARTIAL_DELETE is "ALL_DELETE | READ_ONLY", which >> > doesn't seem like it makes much sense. >> > >> >>

Re: [Qemu-devel] [PATCH] usb-mtp: fix return status of delete

Peter Maydell writes: > On Mon, 11 Mar 2019 at 16:43, Bandan Das wrote: >> Peter Maydell writes: >> > On Mon, 11 Mar 2019 at 16:14, Bandan Das wrote: >> > Generally, if you have multiple bits X, Y in a return >> > value, they should be independent. Sometime

Re: [Qemu-devel] [PATCH] usb-mtp: fix return status of delete

Peter Maydell writes: ... >> > >> >> > It might be useful to take a step back -- what are >> >> > the different possible outcomes from this function that >> >> > we need to distinguish, and when should we be returning >> >> > which outcome? >> > >> They are what the variable names signify. > > Tha

Re: [Qemu-devel] [PATCH] usb-mtp: fix return status of delete

Peter Maydell writes: ... >> Ok, this is easier. Now, I know what you are referring to >> instead of guessing what and how I should be explainng. >> >> What you said is essentially correct. When deleting a >> single object that's a file, the return value would either >> be OK or STORE_READ_ONLY. >

[Qemu-devel] [PATCH v2] usb-mtp: fix return status of delete

case, only READ_ONLY can be returned. Signed-off-by: Bandan Das --- v2: Change the enum variable names and specify them as bits Add a comment describing the bit definitions Modify commit message slightly hw/usb/dev-mtp.c | 62 ++-- 1 file changed, 34

[Qemu-devel] [PATCH v3] usb-mtp: fix return status of delete

case, only READ_ONLY can be returned. Signed-off-by: Bandan Das --- v3: fix typo use g_assert_not_reached v2: Change the enum variable names and specify them as bits Add a comment describing the bit definitions Modify commit message slightly hw/usb/dev-mtp.c | 62

Re: [Qemu-devel] [PATCH v2] usb-mtp: fix return status of delete

Peter Maydell writes: > On Tue, 12 Mar 2019 at 18:25, Bandan Das wrote: >> >> >> Spotted by Coverity: CID 1399414 >> >> mtp delete allows the return status of delete succeeded, >> partial_delete or readonly - when none of the objects could be >>

Re: [Qemu-devel] [PATCH v4 01/17] util: add helper APIs for dealing with inotify in portable manner

Daniel P. Berrangé writes: ... > + > +int > +qemu_file_monitor_add_watch(QFileMonitor *mon, > +const char *dirpath, > +const char *filename, > +QFileMonitorHandler cb, > +void *opaque, >

Re: [Qemu-devel] [PATCH v4 01/17] util: add helper APIs for dealing with inotify in portable manner

Daniel P. Berrangé writes: > On Tue, Mar 12, 2019 at 07:07:42PM -0400, Bandan Das wrote: >> Daniel P. Berrangé writes: >> ... >> > + >> > +int >> > +qemu_file_monitor_add_watch(QFileMonitor *mon, >> > +const char *di

Re: [Qemu-devel] [RFC PATCH v2 02/17] fuzz: Add fuzzer configure options

"Oleinik, Alexander" writes: ... > if test "$supported_cpu" = "no"; then > echo > @@ -7306,6 +7310,17 @@ fi > if test "$sheepdog" = "yes" ; then >echo "CONFIG_SHEEPDOG=y" >> $config_host_mak > fi > +if test "$fuzzing" = "yes" ; then > + QEMU_CFLAGS="$QEMU_CFLAGS -fsanitize=fuzzer,addr

Re: [Qemu-devel] [PATCH] vl: Delay initialization of memory backends

Eduardo Habkost writes: > On Thu, Sep 01, 2016 at 02:39:37PM -0300, Eduardo Habkost wrote: >> On Thu, Sep 01, 2016 at 05:41:52PM +0200, Paolo Bonzini wrote: >> > On 01/09/2016 17:10, Eduardo Habkost wrote: >> > > Ouch. It looks like the ordering requirements are messier than I >> > > thought. vho

Re: [Qemu-devel] [PATCH v3 2/2] usb-mtp: added object properties

Gerd Hoffmann writes: > Hi, > >> and object properties. Most object properties are data that we already >> have, except for the unique persistant object identifier. Windows > >> +case PROP_PERSISTENT_UNIQUE_OBJECT_IDENTIFIER: >> +/* Should be persistant between sessions, >> +

Re: [Qemu-devel] iommu emulation

Jintack Lim writes: > [cc Bandan] > > On Tue, Feb 21, 2017 at 5:33 AM, Jintack Lim > wrote: > >> >> >> On Wed, Feb 15, 2017 at 9:47 PM, Alex Williamson < >> alex.william...@redhat.com> wrote: ... >> > > I've tried another network device on a different machine. It has "Intel > Corporation 82599ES

Re: [Qemu-devel] [PATCH v2 1/2] usb-mtp: fix sending files larger than 4gb

F); > +} > +else { > +container.length = cpu_to_le32(d->length + > sizeof(container)); > +} This will throw checkpatch errors and I see you have fixed them in the next patch. Please just use the preferred style here to keep context. > container.type = cpu_to_le16(TYPE_DATA); > container.code = cpu_to_le16(d->code); > container.trans = cpu_to_le32(d->trans); Please feel free to add Reviewed-by: Bandan Das

Re: [Qemu-devel] [PATCH v2 2/2] usb-mtp: added object properties

Isaac Lozano <109loza...@gmail.com> writes: > Windows uses object properties to determine the size of a file, so to > add object properties, we must also add a minimum set of new commands > and object properties. Most object properties are data that we already > have, except for the unique persist

Re: [Qemu-devel] [PATCH v3 01/19] target-i386: cpu: use uint32_t for X86CPU.apic_id

I know some of these have already been pulled. I just have some minor questions/comments that shouldn't conflict. Igor Mammedov writes: > Redo 9886e834 (target-i386: Require APIC ID to be explicitly set before > CPU realize) in another way that doesn't use int64_t to detect > if apic-id propert

Re: [Qemu-devel] [PATCH v3 04/19] pc: cpu: consolidate apic-id validity checks in pc_cpu_pre_plug()

Igor Mammedov writes: > Machine code knows about all possible APIC IDs so use that > instead of hack which does O(n^2) complexity duplicate > checks, interating over global CPUs list. > As result duplicate check is done only once with O(log n) complexity. > > Signed-off-by: Igor Mammedov > --- >

Re: [Qemu-devel] [PATCH v3 06/19] target-i386: add socket/core/thread properties to X86CPU

Igor Mammedov writes: > these properties will be used by as address where to plug > CPU with help -device/device_add commands. > > Signed-off-by: Igor Mammedov > --- > v3: > - use %u for printing topo ids > - add to error message topo ids from set apic_id > v2: > - rename socket/core/threa

Re: [Qemu-devel] [PATCH v3 07/19] pc: set APIC ID based on socket/core/thread ids if it's not been set yet

Igor Mammedov writes: > CPU added with device_add help won't have APIC ID set, > so set it according to socket/core/thread ids provided > with device_add command. > > Signed-off-by: Igor Mammedov > --- > v3: > - use %u for printing topo ids > v2: > - add validity checks for socket-id/core-id/t

Re: [Qemu-devel] [PATCH v3 10/19] pc: register created initial and hotpluged CPUs in one place pc_cpu_plug()

Igor Mammedov writes: > consolidate possible_cpus array management in pc_cpu_plug() > for smp_cpus, coldplugged with -device and hotplugged with > device_add. So, this takes care of the hotplug case and 09/19 took care of the coldplug case, right ? If yes, we should probably modify this commit m

Re: [Qemu-devel] [PATCH v3 12/19] apic: move MAX_APICS check to 'apic' class

Igor Mammedov writes: > MAX_APICS is only used by child 'apic' class and not > by its parent TYPE_APIC_COMMON or any other derived > class. > Move check into end user 'apic' class so it won't > get in the way of other APIC implementations > if they support more then MAX_APICS. > > Signed-off-by:

Re: [Qemu-devel] [PATCH v3 17/19] target-i386: fix apic object leak when CPU is deleted

Igor Mammedov writes: > Signed-off-by: Igor Mammedov > --- > target-i386/cpu.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/target-i386/cpu.c b/target-i386/cpu.c > index 04c0b79..2fa445d 100644 > --- a/target-i386/cpu.c > +++ b/target-i386/cpu.c > @@ -2765,6 +2765,7 @@ static void x

Re: [Qemu-devel] [PATCH v3 07/19] pc: set APIC ID based on socket/core/thread ids if it's not been set yet

Eduardo Habkost writes: > On Wed, Jul 13, 2016 at 06:24:17PM -0400, Bandan Das wrote: >> Igor Mammedov writes: >> >> > CPU added with device_add help won't have APIC ID set, >> > so set it according to socket/core/thread ids provided >> > with de

Re: [Qemu-devel] [PATCH v3 10/19] pc: register created initial and hotpluged CPUs in one place pc_cpu_plug()

Eduardo Habkost writes: > On Wed, Jul 13, 2016 at 06:32:27PM -0400, Bandan Das wrote: >> Igor Mammedov writes: >> >> > consolidate possible_cpus array management in pc_cpu_plug() >> > for smp_cpus, coldplugged with -device and hotplugged with >> > dev

Re: [Qemu-devel] [PATCH v3 12/19] apic: move MAX_APICS check to 'apic' class

Eduardo Habkost writes: > On Wed, Jul 13, 2016 at 06:47:20PM -0400, Bandan Das wrote: >> Igor Mammedov writes: >> >> > MAX_APICS is only used by child 'apic' class and not >> > by its parent TYPE_APIC_COMMON or any other derived >> > cla

Re: [Qemu-devel] [PATCH v3 10/19] pc: register created initial and hotpluged CPUs in one place pc_cpu_plug()

Eduardo Habkost writes: > On Wed, Jul 13, 2016 at 06:59:21PM -0400, Bandan Das wrote: >> Eduardo Habkost writes: >> >> > On Wed, Jul 13, 2016 at 06:32:27PM -0400, Bandan Das wrote: >> >> Igor Mammedov writes: >> >> >> >>

Re: [Qemu-devel] [PATCH v4 04/16] pc: forbid BSP removal

Igor Mammedov writes: > BSP is assumed to always present in QEMU code, so > untile that assumptions are gone, deny removal request. > In another words QEMU won't support BSP hot-unplug. > > Signed-off-by: Igor Mammedov > --- > hw/i386/pc.c | 7 +++ > 1 file changed, 7 insertions(+) > > diff

Re: [Qemu-devel] [PATCH v4 05/16] pc: enforce adding CPUs contiguously and removing them in opposit order

Igor Mammedov writes: > it will still allow us to use cpu_index as migration instance_id > since when CPUs are added contiguously (from the first to the last) > and removed in opposite order, cpu_index stays stable and it's > reproducable on destination side. > > Signed-off-by: Igor Mammedov > -

Re: [Qemu-devel] [PATCH v4 04/16] pc: forbid BSP removal

Eduardo Habkost writes: > On Thu, Jul 14, 2016 at 06:54:33PM +0200, Igor Mammedov wrote: >> BSP is assumed to always present in QEMU code, so >> untile that assumptions are gone, deny removal request. >> In another words QEMU won't support BSP hot-unplug. >> >> Signed-off-by: Igor Mammedov >> -

Re: [Qemu-devel] [PATCH] usb-mtp: added support for files larger than 4gb

Hi Isaac, Isaac Lozano <109loza...@gmail.com> writes: > Added support for sending data larger than 4gb. Also implemented > object properties so that Windows can receive >4gb files. Good work! :) Also, please consider making the commit message a little more verbose. Please split up the patches as

Re: [Qemu-devel] [PATCH] usb-mtp: added support for files larger than 4gb

Gerd Hoffmann writes: > On Do, 2016-07-14 at 04:49 -0700, Isaac Lozano wrote: >> Added support for sending data larger than 4gb. > >> Also implemented >> object properties so that Windows can receive >4gb files. > > Can you please split those into two separate patches? > >> +case PROP_PERSIST

Re: [Qemu-devel] [PATCH v4 04/16] pc: forbid BSP removal

Eduardo Habkost writes: ... >> >> DeviceState *dev, Error **errp) >> >> { >> >> +int idx; >> >> HotplugHandlerClass *hhc; >> >> Error *local_err = NULL; >> >> PCMachineState *pcms = PC_MACHINE(hotplug_dev); >> >> >> >> +pc_find_cpu_sl

Re: [Qemu-devel] [PATCH v4 05/16] pc: enforce adding CPUs contiguously and removing them in opposit order

Igor Mammedov writes: > On Thu, 14 Jul 2016 14:10:24 -0400 > Bandan Das wrote: > >> Igor Mammedov writes: >> >> > it will still allow us to use cpu_index as migration instance_id >> > since when CPUs are added contiguously (from the first to the l

Re: [Qemu-devel] iommu emulation

Peter Xu writes: > On Thu, Mar 02, 2017 at 05:20:19PM -0500, Bandan Das wrote: >> Jintack Lim writes: >> >> > [cc Bandan] >> > ... >> >> Jintack, any progress with this ? >> >> I am testing on a X540-AT2 and I see a different beh

[Qemu-devel] [PATCH 2/2] usb-mtp: breakup MTP write into smaller chunks

file size in the object metadata once the file has completely been written. Suggested-by: Gerd Hoffman Signed-off-by: Bandan Das --- hw/usb/dev-mtp.c | 133 +-- 1 file changed, 90 insertions(+), 43 deletions(-) diff --git a/hw/usb/dev-mtp.c b/hw

[Qemu-devel] [PATCH 0/2] Break down the MTP write operation

with different file sizes on a Linux guest. Bandan Das (2): usb-mtp: Reallocate buffer in multiples of MTP_WRITE_BUF_SZ usb-mtp: breakup MTP write into smaller chunks hw/usb/dev-mtp.c | 153 +++ 1 file changed, 99 insertions(+), 54 deletions

[Qemu-devel] [PATCH 1/2] usb-mtp: Reallocate buffer in multiples of MTP_WRITE_BUF_SZ

This is a "pre-patch" to breaking up the write buffer for MTP writes. Instead of allocating a mtp buffer equal to size sent by the initiator, we start with a small size and reallocate multiples (of that small size) as needed. Signed-off-by: Bandan Das --- hw/usb/dev-

Re: [Qemu-devel] 3.1.0-rc{0,1} doesn't start

baldu...@units.it writes: > hello > > I'm building qemu from source and happily using it since a bit > (2.3.0) > > Since 3.1.0-rc0 (including latest 3.1.0-rc1) I'm no more able to start > qemu, getting: > > 8< > install:115> qemu > qemu: error: failed to set MSR 0x10a to 0x0 >

Re: [Qemu-devel] 3.1.0-rc{0,1} doesn't start

Paolo Bonzini writes: ... > diff --git a/target/i386/kvm.c b/target/i386/kvm.c > index f524e7d929..4878ffb90b 100644 > --- a/target/i386/kvm.c > +++ b/target/i386/kvm.c > @@ -2002,14 +2002,9 @@ static int kvm_put_msrs(X86CPU *cpu, int level) > #endif > > /*

Re: [Qemu-devel] 3.1.0-rc{0,1} doesn't start

baldu...@units.it writes: > hello > >> incomplete because it can return 0 for data. Can you try this: >> >> diff --git a/target/i386/kvm.c b/target/i386/kvm.c >> index f524e7d929..4878ffb90b 100644 >> --- a/target/i386/kvm.c >> +++ b/target/i386/kvm.c >> @@ -2002,14 +2002,9 @@ static int kvm_put_m

[Qemu-devel] [PATCH] kvm: Use KVM_GET_MSR_INDEX_LIST for MSR_IA32_ARCH_CAPABILITIES support

When writing to guest's MSR_IA32_ARCH_CAPABILITIES, check whether it's supported in the guest using the KVM_GET_MSR_INDEX_LIST ioctl. Fixes: d86f963694df27f11b3681ffd225c9362de1b634 Suggested-by: Eduardo Habkost Tested-by: baldu...@units.it Signed-off-by: Bandan Das --- target/

Re: [Qemu-devel] [PATCH for-3.1 1/2] usb-mtp: fix utf16_to_str

Markus Armbruster writes: > Gerd Hoffmann writes: > >> Make utf16_to_str return an allocated string. Remove the assumtion that >> the number of string bytes equals the number of utf16 chars (which is >> only true for ascii chars). Instead call wcstombs twice, once to figure >> the storage size

Re: [Qemu-devel] [PATCH for-3.1 2/2] usb-mtp: outlaw slashes in filenames

Gerd Hoffmann writes: > Slash is unix directory separator, so they are not allowed in filenames. > Note this also stops the classic escape via "../". > > Fixes: CVE-2018-16867 > Reported-by: Michael Hanselmann (hansmi.ch) > Signed-off-by: Gerd Hoffmann > --- > hw/usb/dev-mtp.c | 6 ++ > 1 f

[Qemu-devel] [PATCH 0/2 v2] Break down the MTP write operation

reallocating to a larger buffer size. Tested with different file sizes on a Linux guest. Bandan Das (2): usb-mtp: Reallocate buffer in multiples of MTP_WRITE_BUF_SZ usb-mtp: breakup MTP write into smaller chunks hw/usb/dev-mtp.c | 154 ++- 1 file

[Qemu-devel] [PATCH 1/2 v2] usb-mtp: Reallocate buffer in multiples of MTP_WRITE_BUF_SZ

This is a "pre-patch" to breaking up the write buffer for MTP writes. Instead of allocating a mtp buffer equal to size sent by the initiator, we start with a small size and reallocate multiples (of that small size) as needed. Signed-off-by: Bandan Das --- hw/usb/dev-

[Qemu-devel] [PATCH 2/2 v2] usb-mtp: breakup MTP write into smaller chunks

file size in the object metadata once the file has completely been written. Suggested-by: Gerd Hoffman Signed-off-by: Bandan Das --- hw/usb/dev-mtp.c | 134 --- 1 file changed, 91 insertions(+), 43 deletions(-) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev

Re: [Qemu-devel] [PATCH 1/2 v2] usb-mtp: Reallocate buffer in multiples of MTP_WRITE_BUF_SZ

Eric Blake writes: > On 1/11/19 2:20 AM, Bandan Das wrote: >> This is a "pre-patch" to breaking up the write buffer for >> MTP writes. Instead of allocating a mtp buffer equal to size >> sent by the initiator, we start with a small size and reallocate >> mul

Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

[Ccing Nitesh] Stefan Hajnoczi writes: > On Fri, Jan 11, 2019 at 05:16:40PM +0100, Paolo Bonzini wrote: >> On 11/01/19 16:41, Max Moroz wrote: >> > On Fri, Jan 11, 2019 at 7:34 AM Paolo Bonzini > > > wrote: >> > >> > On 11/01/19 16:04, Max Moroz wrote: >> > >

Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support

Hi Stefan, Stefan Hajnoczi writes: > Hi folks, > I'd like to start fuzzing emulated devices in QEMU. Here is an > internship project idea I'm proposing to do this. > > Any thoughts? Want to co-mentor this in Google Summer of Code or Outreachy? > > Stefan > > '''Summary:''' Integrate oss-fuzz i

Re: [Qemu-devel] [PULL 1/3] usb-mtp: Add some NULL checks for issues pointed out by coverity

Peter Maydell writes: > On 7 May 2018 at 10:44, Gerd Hoffmann wrote: >> From: Bandan Das >> >> CID 1390578: In usb_mtp_write_metadata, parent can never be NULL but >> just in case, add an assert >> CID 1390592: Check for o->format only if o !=NULL >>

[Qemu-devel] [PATCH] usb-mtp: Assert on suspicious TYPE_DATA packet from initiator

CID 1390604 If the initiator sends a packet with TYPE_DATA set without initiating a CMD_GET_OBJECT_INFO first, then usb_mtp_get_data can trip on a null s->data_out. Signed-off-by: Bandan Das --- hw/usb/dev-mtp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/usb/dev-mtp.c b/hw/usb/

Re: [Qemu-devel] [PULL 1/3] usb-mtp: Add some NULL checks for issues pointed out by coverity

Bandan Das writes: >> If this is a "can't happen" situation we can mark it as a false >> positive in coverity. I posted a patch with an assert added in usb_mtp_get_data. I believe CID 1390604 can be marked as a false positive. Thanks, Bandan > The protocol ofco

Re: [Qemu-devel] [PATCH] usb-mtp: Assert on suspicious TYPE_DATA packet from initiator

Peter Maydell writes: > On 18 May 2018 at 19:22, Bandan Das wrote: >> >> CID 1390604 >> If the initiator sends a packet with TYPE_DATA set without >> initiating a CMD_GET_OBJECT_INFO first, then usb_mtp_get_data >> can trip on a null s->data_out. >> >

[Qemu-devel] [PATCH v2] usb-mtp: Return error on suspicious TYPE_DATA packet from initiator

CID 1390604 If the initiator sends a packet with TYPE_DATA set without initiating a CMD_GET_OBJECT_INFO first, then usb_mtp_get_data can trip on a null s->data_out. Signed-off-by: Bandan Das --- hw/usb/dev-mtp.c | 5 + 1 file changed, 5 insertions(+) diff --git a/hw/usb/dev-mtp.c b/hw/

Re: [Qemu-devel] [PATCH] usb-mtp: Assert on suspicious TYPE_DATA packet from initiator

Peter Maydell writes: > On 18 May 2018 at 19:38, Bandan Das wrote: >> Peter Maydell writes: >> >>> On 18 May 2018 at 19:22, Bandan Das wrote: >>>> >>>> CID 1390604 >>>> If the initiator sends a packet with TYPE_DATA s

[Qemu-devel] [PATCH v2 0/3] Misc usb-mtp fixes

v2: Same as v1 but with another minor cleanup patch. The write buffer breakup is still WIP. A documentation fix and changes to return the right error code on write failures. Bandan (2): usb-mtp: fix error conditions for write operation doc: replace x-root with rootdir for usb-mtp Bandan Das

[Qemu-devel] [PATCH v2 2/3] doc: replace x-root with rootdir for usb-mtp

From: Bandan Signed-off-by: Bandan --- qemu-doc.texi | 2 +- scripts/device-crash-test | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/qemu-doc.texi b/qemu-doc.texi index f74542a0e9..cc7d81181c 100644 --- a/qemu-doc.texi +++ b/qemu-doc.texi @@ -943,7 +943,7 @@

[Qemu-devel] [PATCH v2 3/3] usb-mtp: reset ObjectInfo dataset size on cleanup

Stale values in this field may result in qemu expecting more data on the next operation Signed-off-by: Bandan Das --- hw/usb/dev-mtp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index 15edf3bb82..00a3691bae 100644 --- a/hw/usb/dev-mtp.c +++ b/hw

[Qemu-devel] [PATCH v2 1/3] usb-mtp: fix error conditions for write operation

From: Bandan Return STORE_FULL if we can't write all the bytes but return incomplete transfer if data received is less then what was specified in the metadata. Also, use d->offset as the file size which is valid for all file sizes. Signed-off-by: Bandan --- hw/usb/dev-mtp.c | 7 --- 1 file

[Qemu-devel] [PATCH 1/5] dev-mtp: add support for canceling transaction

The initiator can choose to cancel an ongoing request which is specified by bRequest=0x64. If such a request arrives, free up any pending state Signed-off-by: Bandan Das --- hw/usb/dev-mtp.c | 30 ++ 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/hw

[Qemu-devel] [PATCH 4/5] dev-mtp: Add support for > 4GB file transfers

To support larger file transfers, rely on a short packet to detect end of the data phase and rewrite d->length to the size received Signed-off-by: Bandan Das --- hw/usb/dev-mtp.c | 31 +++ 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/hw/usb/

[Qemu-devel] [PATCH 3/5] dev-mtp: retry write for incomplete transfers

For large buffers, write may not copy the full buffer. For example, on Linux, write imposes a limit of 0x7000. Note that this does not fix >4G transfers but ~>2G files will transfer successfully. Signed-off-by: Bandan Das --- hw/usb/dev-mtp.c | 22 -- 1 file chang

[Qemu-devel] [PATCH 0/5] usb-mtp write fixes

Patch 1 adds support for canceling an ongoing transaction. 2,3 and 4 fix writes for large transfers. For > 4G file transfers, the logic has been modified to check for the end of the data phase by checking for a short packet. Patch 5 renames x-root to a more meaningful rootdir. Bandan Das

[Qemu-devel] [PATCH 2/5] dev-mtp: fix buffer allocation for writing file contents

usb_mtp_realloc() was being incorrectly used when allocating buffer for incoming data. Set d->length only after resizing the buffer. Signed-off-by: Bandan Das --- hw/usb/dev-mtp.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c in

[Qemu-devel] [PATCH 5/5] dev-mtp: rename x-root to rootdir

x-root was renamed as such owing to the experimental nature of the property; the underlying filesystem semantics were undecided Signed-off-by: Bandan Das --- hw/usb/dev-mtp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index

Re: [Qemu-devel] Filtering files passing through MTP devices

Omer Katz writes: > We're connecting USB drives that we want the guests to copy files from. > The user should only be allowed to copy certain files into the system. > The same thing goes for copying files to the USB drive. We only allow > certain files to be exported from the guest. If I underst

Re: [Qemu-devel] Filtering files passing through MTP devices

nge that you will have to maintain yourself. Bandan > > On Wed, Apr 25, 2018, 7:17 PM Bandan Das wrote: > >> Omer Katz writes: >> >> > We're connecting USB drives that we want the guests to copy files from. >> > The user should only be allowed to copy cer

Re: [Qemu-devel] [PULL 4/5] usb-mtp: Introduce write support for MTP objects

Peter Maydell writes: > On 27 February 2018 at 08:39, Gerd Hoffmann wrote: >> From: Bandan Das >> >> Allow write operations on behalf of the initiator. The >> precursor to write is the sending of the write metadata >> that consists of the ObjectInfo dataset

Re: [Qemu-devel] [PATCH 3/5] dev-mtp: retry write for incomplete transfers

Gerd Hoffmann writes: > On Fri, Jul 20, 2018 at 05:40:18PM -0400, Bandan Das wrote: >> For large buffers, write may not copy the full buffer. For example, >> on Linux, write imposes a limit of 0x7000. Note that this does >> not fix >4G transfers but ~>2G files

[Qemu-devel] [PATCH 5/5] usb-mtp: Advertise SendObjectInfo for write support

From: Bandan Das This patch implements a dummy ObjectInfo structure so that it's easy to typecast the incoming data. If the metadata is valid, write_pending is set. Also, the incoming filename is utf-16, so, instead of depending on external libraries, just implement a simple function to ge

[Qemu-devel] [PATCH 3/5] usb-mtp: Support delete of mtp objects

From: Bandan Das This is required because write of existing objects by the initiator is acheived by making a temporary buffer with the new changes, deleting the old file and then writing a new file with the same name. Note that this operation will fail as of this patch since the store is

[Qemu-devel] [PATCH 2/5] usb-mtp: print parent path in IN_IGNORED trace fn

From: Bandan Das Fix a possible null dereference when deleting a folder and its contents. An ignored event might be received for its contents after the parent folder is deleted which will return a null object. Signed-off-by: Bandan Das --- hw/usb/dev-mtp.c | 5 ++--- 1 file changed, 2

[Qemu-devel] [PATCH 0/5] Initial write support for MTP objects

runs on top of fuse). - Needs more testing :) Bandan Das (5): usb-mtp: Add one more argument when building results usb-mtp: print parent path in IN_IGNORED trace fn usb-mtp: Support delete of mtp objects usb-mtp: Introduce write support for MTP objects usb-mtp: Advertise SendObjectI

[Qemu-devel] [PATCH 4/5] usb-mtp: Introduce write support for MTP objects

From: Bandan Das Allow write operations on behalf of the initiator. The precursor to write is the sending of the write metadata that consists of the ObjectInfo dataset. This patch introduces a flag that is set when the responder is ready to receive write data based on a previous SendObjectInfo

[Qemu-devel] [PATCH 1/5] usb-mtp: Add one more argument when building results

From: Bandan Das The response to a SendObjectInfo consists of the storageid, parent obejct handle anad the handle reserved for the new incoming object Signed-off-by: Bandan Das --- hw/usb/dev-mtp.c | 50 +++--- 1 file changed, 27 insertions(+), 23

[Qemu-devel] [PATCH v2 5/5] usb-mtp: Advertise SendObjectInfo for write support

igned-off-by: Bandan Das --- hw/usb/dev-mtp.c | 118 ++- 1 file changed, 117 insertions(+), 1 deletion(-) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index 8d615cabc0..90cf54e2fe 100644 --- a/hw/usb/dev-mtp.c +++ b/hw/usb/dev-mtp.c @@ -47,6

[Qemu-devel] [PATCH v2 2/5] usb-mtp: print parent path in IN_IGNORED trace fn

Fix a possible null dereference when deleting a folder and its contents. An ignored event might be received for its contents after the parent folder is deleted which will return a null object. Signed-off-by: Bandan Das --- hw/usb/dev-mtp.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions

[Qemu-devel] [PATCH v2 0/5] Initial write support for MTP object

file editors typically run fsync when saving. Depending on the MTP client, it may choose not to implement it (such as simple-mtpfs that runs on top of fuse). - Needs more testing :) Bandan Das (5): usb-mtp: Add one more argument when building results usb-mtp: print parent path in IN_IGN

[Qemu-devel] [PATCH v2 3/5] usb-mtp: Support delete of mtp objects

marked read only. Signed-off-by: Bandan Das --- hw/usb/dev-mtp.c | 123 +++ 1 file changed, 123 insertions(+) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index 63f8f3b90b..5f53f200c4 100644 --- a/hw/usb/dev-mtp.c +++ b/hw/usb/dev-mtp.c @@ -46,6

[Qemu-devel] [PATCH v2 1/5] usb-mtp: Add one more argument when building results

The response to a SendObjectInfo consists of the storageid, parent obejct handle and the handle reserved for the new incoming object Signed-off-by: Bandan Das --- hw/usb/dev-mtp.c | 50 +++--- 1 file changed, 27 insertions(+), 23 deletions(-) diff

[Qemu-devel] [PATCH v2 4/5] usb-mtp: Introduce write support for MTP objects

initiator (The SendObjectInfo implementation is in a later patch) Signed-off-by: Bandan Das --- hw/usb/dev-mtp.c | 159 ++- 1 file changed, 157 insertions(+), 2 deletions(-) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index 5f53f200c4

Re: [Qemu-devel] [PATCH v2 3/5] usb-mtp: Support delete of mtp objects

Gerd Hoffmann writes: >> +#ifndef CONFIG_INOTIFY1 >> +/* Assumes that children, if any, have been already freed */ >> +static void usb_mtp_object_free_one(MTPState *s, MTPObject *o) >> +{ >> +assert(o->nchildren == 0); >> +QTAILQ_REMOVE(&s->objects, o, next); >> +g_free(o->name); >> +

Re: [Qemu-devel] [PATCH v2 5/5] usb-mtp: Advertise SendObjectInfo for write support

Gerd Hoffmann writes: >> +/* >> + * ObjectInfo dataset received from initiator >> + * Fields we don't care about are ignored >> + */ >> +typedef struct { >> +char __pad1[4]; > > So, is this really padding or a field we don't care about? > > If the latter I'd suggest to give them proper names

[Qemu-devel] ERROR:qom/object.c:907:object_unref: assertion failed (obj->ref > 0): (0 > 0)

I get the error mentioined in the subject line when using vncviewer with commit 13e1d0e71e78a925848258391a6e616b6b5ae219: Author: Daniel P. Berrange Date: Thu Feb 1 16:45:14 2018 + ui: convert VNC server to QIONetListener The VNC server already has the ability to listen on mu

Re: [Qemu-devel] [PATCH] vnc: remove bogus object_unref on client socket

Daniel P. Berrangé writes: > vnc_listen_io() does not own the reference on the 'cioc' parameter is it > passed, so should not be unref'ing it. > > Reported-by: Bandan Das > Signed-off-by: Daniel P. Berrangé Daniel, wouldn't a Fixes: 13e1d0e71e78a92584825

[Qemu-devel] [PATCH v3 4/5] usb-mtp: Introduce write support for MTP objects

initiator (The SendObjectInfo implementation is in a later patch) Signed-off-by: Bandan Das --- hw/usb/dev-mtp.c | 159 ++- 1 file changed, 157 insertions(+), 2 deletions(-) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index 5ef77f3e9f

[Qemu-devel] [PATCH v3 5/5] usb-mtp: Advertise SendObjectInfo for write support

igned-off-by: Bandan Das --- hw/usb/dev-mtp.c | 130 ++- 1 file changed, 129 insertions(+), 1 deletion(-) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index 4f369e1277..e015bbe771 100644 --- a/hw/usb/dev-mtp.c +++ b/hw/usb/dev-mtp.c @@ -47,6

[Qemu-devel] [PATCH v3 1/5] usb-mtp: Add one more argument when building results

The response to a SendObjectInfo consists of the storageid, parent obejct handle and the handle reserved for the new incoming object Signed-off-by: Bandan Das --- hw/usb/dev-mtp.c | 50 +++--- 1 file changed, 27 insertions(+), 23 deletions(-) diff

<    1   2   3   4   >