A host chardev could close just before the guest sends some data to be
written. This will cause an -EPIPE error. This shouldn't be propagated
to virtio-serial-bus.
Ideally we should close the port once -EPIPE is received, but since the
chardev interface doesn't return such meaningful values to its users,
all we get is -1 for any kind of error. Just return 0 for now and wait
for chardevs to return better error messages to act better on the return
messages.
Signed-off-by: Amit Shah <amit.shah@redhat.com>
We were previously allowing arbitrarily-long indirect descriptors, which
could lead to a buffer overflow in qemu-kvm process.
CVE-2011-2212
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
vhost dev stop failed to clear the log field.
Typically not an issue as dev start overwrites this field,
but if logging gets disabled before the following start,
it doesn't so this causes a double free.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Both the signal thread (via sigwait()) and the cpu thread (via
a normal signal handler) were attempting to catch SIG_IPI.
This resulted in random freezes under Darwin.
This patch separates SIG_IPI from the rest of the signals handled
by the signal thread, because it is independently caught by the cpu
thread.
Signed-off-by: Alexandre Raymond <cerbere@gmail.com>
Acked-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Changes since v1:
- take pthread_sigmask() out of the ifdef as it is now common
to both parts.
This fix effectively blocks, in the main thread, the signals handled
by signalfd or the compatibility signal thread.
This way, such signals are received synchronously in the main thread
through sigfd_handler() instead of triggering the signal handler
directly, asynchronously.
Signed-off-by: Alexandre Raymond <cerbere@gmail.com>
Acked-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Expand the note on the number of TCG ops generated per target insn,
to be clearer about the range of applicability of the 20 op rule
of thumb. Also add a note about the hard MAX_OP_PER_INSTR limit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Translation used incorrectly CPUState fields directly to check
for FPU enable state and 32 bit address masking on Sparc64.
Fix by using TB flags instead.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Support UA2007 block store ASIs for stfa instructions.
Signed-off-by: Tsuneo Saito <tsnsaito@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
stfa/stdfa/stqfa instructions should raise fp_disabled exceptions
if %pstate.PEF==0 or %fprs.FEF==0.
Signed-off-by: Tsuneo Saito <tsnsaito@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch implements sparcv9 stfa/stdfa/stqfa instructions
with non block-store ASIs.
Signed-off-by: Tsuneo Saito <tsnsaito@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
ldfa/lddfa/ldqfa instructions should raise fp_disabled exceptions
if %pstate.PEF==0 or %fprs.FEF==0.
Signed-off-by: Tsuneo Saito <tsnsaito@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch implements sparcv9 ldfa/lddfa/ldqfa instructions
with non block-load ASIs.
Signed-off-by: Tsuneo Saito <tsnsaito@gmail.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The ia64 sys/ucontext.h defines macros 'uc_link', 'uc_sigmask' and
'uc_stack'. Rename the s390 target_ucontext struct members to tuc_*,
bringing them into line with the other targets and fixing a compile
failure on ia64 hosts caused by this clash.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
MIPS uses similar calling convention than ARM eabi, where when using
64-bit values some registers are skipped. This patch makes MIPS and ARM
eabi share the argument reordering code.
This affects ftruncate64, creating insane sized fails (or just failing).
Cc: Wesley W. Terpstra <terpstra@debian.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
As reported by Cédric VINCENT:
The syscall #123 on SH4 should be "TARGET_NR_cacheflush" instead of
"TARGET_NR_modify_ldt" [1]. The only consequence of this misnaming is
that many "Unsupported syscall" warnings are issued when emulating JIT
compilers.
Reported-by: Cédric VINCENT <cedric.vincent@st.com>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Andrew Griffiths reports that -runas does not set supplementary group
IDs. This means that gid 0 (root) is not dropped when switching to an
unprivileged user.
Add an initgroups(3) call to use the -runas user's /etc/groups
membership to update the supplementary group IDs.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This bug was introduced in 94d3f98a3f3caddd7875f9a11776daeb84962a7b:
scsi_cancel_io was checking if some request was pending before trying
to cancel it, while scsi_req_cancel always cancels the request.
This may lead to a crash of Qemu due to dereferencing a NULL pointer,
as exhibited by NetBSD 5.1 installer on MIPS Magnum emulation.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Remove the include of setjmp.h from the cpu.h of target-alpha
and target-ppc. This is unnecessary because cpu-defs.h already
includes this header; this change brings these two targets
into line with all the rest.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Some versions of png.h cannot be included after setjmp.h,
even when PNG_SKIP_SETJMP_CHECK was defined.
setjmp.h was included from qemu-common.h and is not needed there.
Removing the include statement fixes compilation of ui/vnc-enc-tight.c
with CONFIG_VNC_PNG defined.
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Recent compilers look deep into cpu_exec, find longjmp as a noreturn
function and decide to smash some stack variables as they won't be used
again. This may lead to env becoming invalid after return from setjmp,
causing crashes. Fix it by reloading env from cpu_single_env in that
case.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The target-arm frontend's worst-case TCG ops per instr is 194 (and in
general many of the "load multiple registers" ARM instructions generate
more than 100 TCG ops). Raise MAX_OP_PER_INSTR accordingly to avoid
possible buffer overruns.
Since it doesn't make any sense for the "64 bit guest on 32 bit host"
case to have a smaller limit than the normal case, we collapse the
two cases back into each other again.
(This increase costs us about 14K in extra static buffer space and
21K of extra margin at the end of a 32MB codegen buffer.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
When calculating the point at which we should not try to put another
TB into the code gen buffer, we have to allow not just for OPC_MAX_SIZE
but OPC_BUF_SIZE. This is because the target translate.c will only
stop when an instruction has put it past the OPC_MAX_SIZE limit, so
we have to include the MAX_OP_PER_INSTR margin which that final insn
might have used.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Device code some times needs to access physical memory and does that
through the ld./st._phys functions. However, these are the exact same
functions that the CPU uses to access memory, which means they will
be endianness swapped depending on the target CPU.
However, devices don't know about the CPU's endianness, but instead
access memory directly using their own interface to the memory bus,
so they need some way to read data with their native endianness.
This patch adds _le and _be functions to ld./st._phys.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The codes for get/setrlimit differ between linux target platforms.
This patch adds conversion.
This is important else programs (rsyslog, python, ...) can go into a
near infinite loop trying to close all the file descriptors from 0 to
-1.
Signed-off-by: Wesley W. Terpstra <terpstra@debian.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Byte swap was applied in the wrong order with testing for
RLIM_INFINITY. On mips bigendian from an amd64 system this results in
infinity being misinterpretted as 2^31-1.
This is a serious bug because it causes setrlimit stack size to kill
all child processes. This means (for example) that 'make' can run no
children. The mechanism of failure:
1. parent sets stack size rlimit to 'infinity'
2. qemu screws this value up
3. child process fetches stack size as a large (but non-infinite) value
4. qemu tries to allocate stack before execution
5. stack allocation fails (too big) and child process dies
Signed-off-by: Wesley W. Terpstra <terpstra@debian.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Dereferencing a null pointer causes an exception 0xC (EXCP_AdEL)
instead of EXCP_TLBL. This should also trigger a segfault.
Signed-off-by: Wesley W. Terpstra <terpstra@debian.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Return -TARGET_ENOSYS instead of -ENOSYS from linux-user/main.c
* Caused strange 'Level 2 synchronization messages' instead of
correctly reporting the syscall was missing.
* Made glibc simply fail instead of using older syscalls
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Signed-off-by: Wesley W. Terpstra <terpstra@debian.org>
The syscall sigaltstack takes two parameters, not zero. This patch
should have no impact as only values above 4 influence the runtime
behaviour. Nevertheless, it is wrong.
Signed-off-by: Wesley W. Terpstra <terpstra@debian.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Enforce the same restriction on the size of the sigset passed to
pselect6 as the Linux kernel does. This is both correct and silences
a gcc 4.6 warning about a write-only variable.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
