aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--MAINTAINERS1
-rw-r--r--Makefile11
-rw-r--r--Makefile.objs1
-rw-r--r--contrib/libvhost-user/libvhost-user.c12
-rw-r--r--contrib/vhost-user-input/Makefile.objs1
-rw-r--r--contrib/vhost-user-input/main.c393
-rw-r--r--docs/qemu-cpu-models.texi12
-rw-r--r--target/i386/cpu.c4
8 files changed, 428 insertions, 7 deletions
diff --git a/MAINTAINERS b/MAINTAINERS
index a6948eb..73a0105 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1532,6 +1532,7 @@ S: Maintained
F: hw/input/vhost-user-input.c
F: hw/input/virtio-input*.c
F: include/hw/virtio/virtio-input.h
+F: contrib/vhost-user-input/*
virtio-serial
M: Amit Shah <amit@kernel.org>
diff --git a/Makefile b/Makefile
index 155f066..8598ab9 100644
--- a/Makefile
+++ b/Makefile
@@ -408,6 +408,7 @@ dummy := $(call unnest-vars,, \
libvhost-user-obj-y \
vhost-user-scsi-obj-y \
vhost-user-blk-obj-y \
+ vhost-user-input-obj-y \
qga-vss-dll-obj-y \
block-obj-y \
block-obj-m \
@@ -618,6 +619,16 @@ rdmacm-mux$(EXESUF): LIBS += "-libumad"
rdmacm-mux$(EXESUF): $(rdmacm-mux-obj-y) $(COMMON_LDADDS)
$(call LINK, $^)
+ifdef CONFIG_VHOST_USER_INPUT
+ifdef CONFIG_LINUX
+vhost-user-input$(EXESUF): $(vhost-user-input-obj-y) libvhost-user.a libqemuutil.a
+ $(call LINK, $^)
+
+# build by default, do not install
+all: vhost-user-input$(EXESUF)
+endif
+endif
+
module_block.h: $(SRC_PATH)/scripts/modules/module_block.py config-host.mak
$(call quiet-command,$(PYTHON) $< $@ \
$(addprefix $(SRC_PATH)/,$(patsubst %.mo,%.c,$(block-obj-m))), \
diff --git a/Makefile.objs b/Makefile.objs
index 2b0793e..485f962 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -122,6 +122,7 @@ vhost-user-scsi.o-libs := $(LIBISCSI_LIBS)
vhost-user-scsi-obj-y = contrib/vhost-user-scsi/
vhost-user-blk-obj-y = contrib/vhost-user-blk/
rdmacm-mux-obj-y = contrib/rdmacm-mux/
+vhost-user-input-obj-y = contrib/vhost-user-input/
######################################################################
trace-events-subdirs =
diff --git a/contrib/libvhost-user/libvhost-user.c b/contrib/libvhost-user/libvhost-user.c
index 3825b1c..c56f2df 100644
--- a/contrib/libvhost-user/libvhost-user.c
+++ b/contrib/libvhost-user/libvhost-user.c
@@ -621,7 +621,7 @@ vu_set_mem_table_exec_postcopy(VuDev *dev, VhostUserMsg *vmsg)
* data that's already arrived in the shared process.
* TODO: How to do hugepage
*/
- ret = madvise((void *)dev_region->mmap_addr,
+ ret = madvise((void *)(uintptr_t)dev_region->mmap_addr,
dev_region->size + dev_region->mmap_offset,
MADV_DONTNEED);
if (ret) {
@@ -633,7 +633,7 @@ vu_set_mem_table_exec_postcopy(VuDev *dev, VhostUserMsg *vmsg)
* in neighbouring pages.
* TODO: Turn this backon later.
*/
- ret = madvise((void *)dev_region->mmap_addr,
+ ret = madvise((void *)(uintptr_t)dev_region->mmap_addr,
dev_region->size + dev_region->mmap_offset,
MADV_NOHUGEPAGE);
if (ret) {
@@ -663,10 +663,12 @@ vu_set_mem_table_exec_postcopy(VuDev *dev, VhostUserMsg *vmsg)
__func__, i);
return false;
}
- DPRINT("%s: region %d: Registered userfault for %llx + %llx\n",
- __func__, i, reg_struct.range.start, reg_struct.range.len);
+ DPRINT("%s: region %d: Registered userfault for %"
+ PRIx64 " + %" PRIx64 "\n", __func__, i,
+ (uint64_t)reg_struct.range.start,
+ (uint64_t)reg_struct.range.len);
/* Now it's registered we can let the client at it */
- if (mprotect((void *)dev_region->mmap_addr,
+ if (mprotect((void *)(uintptr_t)dev_region->mmap_addr,
dev_region->size + dev_region->mmap_offset,
PROT_READ | PROT_WRITE)) {
vu_panic(dev, "failed to mprotect region %d for postcopy (%s)",
diff --git a/contrib/vhost-user-input/Makefile.objs b/contrib/vhost-user-input/Makefile.objs
new file mode 100644
index 0000000..b1fad90
--- /dev/null
+++ b/contrib/vhost-user-input/Makefile.objs
@@ -0,0 +1 @@
+vhost-user-input-obj-y = main.o
diff --git a/contrib/vhost-user-input/main.c b/contrib/vhost-user-input/main.c
new file mode 100644
index 0000000..8d493f5
--- /dev/null
+++ b/contrib/vhost-user-input/main.c
@@ -0,0 +1,393 @@
+/*
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * (at your option) any later version. See the COPYING file in the
+ * top-level directory.
+ */
+
+#include "qemu/osdep.h"
+
+#include <glib.h>
+#include <linux/input.h>
+
+#include "qemu/iov.h"
+#include "qemu/bswap.h"
+#include "qemu/sockets.h"
+#include "contrib/libvhost-user/libvhost-user.h"
+#include "contrib/libvhost-user/libvhost-user-glib.h"
+#include "standard-headers/linux/virtio_input.h"
+#include "qapi/error.h"
+
+typedef struct virtio_input_event virtio_input_event;
+typedef struct virtio_input_config virtio_input_config;
+
+typedef struct VuInput {
+ VugDev dev;
+ GSource *evsrc;
+ int evdevfd;
+ GArray *config;
+ virtio_input_config *sel_config;
+ struct {
+ virtio_input_event event;
+ VuVirtqElement *elem;
+ } *queue;
+ uint32_t qindex, qsize;
+} VuInput;
+
+static void vi_input_send(VuInput *vi, struct virtio_input_event *event)
+{
+ VuDev *dev = &vi->dev.parent;
+ VuVirtq *vq = vu_get_queue(dev, 0);
+ VuVirtqElement *elem;
+ int i, len;
+
+ /* queue up events ... */
+ if (vi->qindex == vi->qsize) {
+ vi->qsize++;
+ vi->queue = g_realloc_n(vi->queue, vi->qsize, sizeof(vi->queue[0]));
+ }
+ vi->queue[vi->qindex++].event = *event;
+
+ /* ... until we see a report sync ... */
+ if (event->type != htole16(EV_SYN) ||
+ event->code != htole16(SYN_REPORT)) {
+ return;
+ }
+
+ /* ... then check available space ... */
+ for (i = 0; i < vi->qindex; i++) {
+ elem = vu_queue_pop(dev, vq, sizeof(VuVirtqElement));
+ if (!elem) {
+ while (--i >= 0) {
+ vu_queue_unpop(dev, vq, vi->queue[i].elem, 0);
+ }
+ vi->qindex = 0;
+ g_warning("virtio-input queue full");
+ return;
+ }
+ vi->queue[i].elem = elem;
+ }
+
+ /* ... and finally pass them to the guest */
+ for (i = 0; i < vi->qindex; i++) {
+ elem = vi->queue[i].elem;
+ len = iov_from_buf(elem->in_sg, elem->in_num,
+ 0, &vi->queue[i].event, sizeof(virtio_input_event));
+ vu_queue_push(dev, vq, elem, len);
+ g_free(elem);
+ }
+
+ vu_queue_notify(&vi->dev.parent, vq);
+ vi->qindex = 0;
+}
+
+static void
+vi_evdev_watch(VuDev *dev, int condition, void *data)
+{
+ VuInput *vi = data;
+ int fd = vi->evdevfd;
+
+ g_debug("Got evdev condition %x", condition);
+
+ struct virtio_input_event virtio;
+ struct input_event evdev;
+ int rc;
+
+ for (;;) {
+ rc = read(fd, &evdev, sizeof(evdev));
+ if (rc != sizeof(evdev)) {
+ break;
+ }
+
+ g_debug("input %d %d %d", evdev.type, evdev.code, evdev.value);
+
+ virtio.type = htole16(evdev.type);
+ virtio.code = htole16(evdev.code);
+ virtio.value = htole32(evdev.value);
+ vi_input_send(vi, &virtio);
+ }
+}
+
+
+static void vi_handle_status(VuInput *vi, virtio_input_event *event)
+{
+ struct input_event evdev;
+ int rc;
+
+ if (gettimeofday(&evdev.time, NULL)) {
+ perror("vi_handle_status: gettimeofday");
+ return;
+ }
+
+ evdev.type = le16toh(event->type);
+ evdev.code = le16toh(event->code);
+ evdev.value = le32toh(event->value);
+
+ rc = write(vi->evdevfd, &evdev, sizeof(evdev));
+ if (rc == -1) {
+ perror("vi_host_handle_status: write");
+ }
+}
+
+static void vi_handle_sts(VuDev *dev, int qidx)
+{
+ VuInput *vi = container_of(dev, VuInput, dev.parent);
+ VuVirtq *vq = vu_get_queue(dev, qidx);
+ virtio_input_event event;
+ VuVirtqElement *elem;
+ int len;
+
+ g_debug("%s", G_STRFUNC);
+
+ for (;;) {
+ elem = vu_queue_pop(dev, vq, sizeof(VuVirtqElement));
+ if (!elem) {
+ break;
+ }
+
+ memset(&event, 0, sizeof(event));
+ len = iov_to_buf(elem->out_sg, elem->out_num,
+ 0, &event, sizeof(event));
+ vi_handle_status(vi, &event);
+ vu_queue_push(dev, vq, elem, len);
+ g_free(elem);
+ }
+
+ vu_queue_notify(&vi->dev.parent, vq);
+}
+
+static void
+vi_panic(VuDev *dev, const char *msg)
+{
+ g_critical("%s\n", msg);
+ exit(EXIT_FAILURE);
+}
+
+static void
+vi_queue_set_started(VuDev *dev, int qidx, bool started)
+{
+ VuInput *vi = container_of(dev, VuInput, dev.parent);
+ VuVirtq *vq = vu_get_queue(dev, qidx);
+
+ g_debug("queue started %d:%d", qidx, started);
+
+ if (qidx == 1) {
+ vu_set_queue_handler(dev, vq, started ? vi_handle_sts : NULL);
+ }
+
+ started = vu_queue_started(dev, vu_get_queue(dev, 0)) &&
+ vu_queue_started(dev, vu_get_queue(dev, 1));
+
+ if (started && !vi->evsrc) {
+ vi->evsrc = vug_source_new(&vi->dev, vi->evdevfd,
+ G_IO_IN, vi_evdev_watch, vi);
+ }
+
+ if (!started && vi->evsrc) {
+ g_source_destroy(vi->evsrc);
+ vi->evsrc = NULL;
+ }
+}
+
+static virtio_input_config *
+vi_find_config(VuInput *vi, uint8_t select, uint8_t subsel)
+{
+ virtio_input_config *cfg;
+ int i;
+
+ for (i = 0; i < vi->config->len; i++) {
+ cfg = &g_array_index(vi->config, virtio_input_config, i);
+ if (select == cfg->select && subsel == cfg->subsel) {
+ return cfg;
+ }
+ }
+
+ return NULL;
+}
+
+static int vi_get_config(VuDev *dev, uint8_t *config, uint32_t len)
+{
+ VuInput *vi = container_of(dev, VuInput, dev.parent);
+
+ g_return_val_if_fail(len <= sizeof(*vi->sel_config), -1);
+
+ if (vi->sel_config) {
+ memcpy(config, vi->sel_config, len);
+ } else {
+ memset(config, 0, len);
+ }
+
+ return 0;
+}
+
+static int vi_set_config(VuDev *dev, const uint8_t *data,
+ uint32_t offset, uint32_t size,
+ uint32_t flags)
+{
+ VuInput *vi = container_of(dev, VuInput, dev.parent);
+ virtio_input_config *config = (virtio_input_config *)data;
+
+ vi->sel_config = vi_find_config(vi, config->select, config->subsel);
+
+ return 0;
+}
+
+static const VuDevIface vuiface = {
+ .queue_set_started = vi_queue_set_started,
+ .get_config = vi_get_config,
+ .set_config = vi_set_config,
+};
+
+static void
+vi_bits_config(VuInput *vi, int type, int count)
+{
+ virtio_input_config bits;
+ int rc, i, size = 0;
+
+ memset(&bits, 0, sizeof(bits));
+ rc = ioctl(vi->evdevfd, EVIOCGBIT(type, count / 8), bits.u.bitmap);
+ if (rc < 0) {
+ return;
+ }
+
+ for (i = 0; i < count / 8; i++) {
+ if (bits.u.bitmap[i]) {
+ size = i + 1;
+ }
+ }
+ if (size == 0) {
+ return;
+ }
+
+ bits.select = VIRTIO_INPUT_CFG_EV_BITS;
+ bits.subsel = type;
+ bits.size = size;
+ g_array_append_val(vi->config, bits);
+}
+
+static char *opt_evdev;
+static int opt_fdnum = -1;
+static char *opt_socket_path;
+static gboolean opt_nograb;
+static gboolean opt_print_caps;
+
+static GOptionEntry entries[] = {
+ { "print-capabilities", 'c', 0, G_OPTION_ARG_NONE, &opt_print_caps,
+ "Print capabilities", NULL },
+ { "no-grab", 'n', 0, G_OPTION_ARG_NONE, &opt_nograb,
+ "Don't grab device", NULL },
+ { "fd", 'f', 0, G_OPTION_ARG_INT, &opt_fdnum,
+ "Use inherited fd socket", "FDNUM" },
+ { "socket-path", 's', 0, G_OPTION_ARG_FILENAME, &opt_socket_path,
+ "Use UNIX socket path", "PATH" },
+ { "evdev-path", 'p', 0, G_OPTION_ARG_FILENAME, &opt_evdev,
+ "evdev input device path", "PATH" },
+ { NULL, }
+};
+
+int
+main(int argc, char *argv[])
+{
+ GMainLoop *loop = NULL;
+ VuInput vi = { 0, };
+ int rc, ver, fd;
+ virtio_input_config id;
+ struct input_id ids;
+ GError *error = NULL;
+ GOptionContext *context;
+
+ context = g_option_context_new(NULL);
+ g_option_context_add_main_entries(context, entries, NULL);
+ if (!g_option_context_parse(context, &argc, &argv, &error)) {
+ g_printerr("Option parsing failed: %s\n", error->message);
+ exit(EXIT_FAILURE);
+ }
+ if (opt_print_caps) {
+ g_print("{\n");
+ g_print(" \"type\": \"input\",\n");
+ g_print(" \"features\": [\n");
+ g_print(" \"evdev-path\",\n");
+ g_print(" \"no-grab\"\n");
+ g_print(" ]\n");
+ g_print("}\n");
+ exit(EXIT_SUCCESS);
+ }
+ if (!opt_evdev) {
+ g_printerr("Please specify an evdev path\n");
+ exit(EXIT_FAILURE);
+ }
+ if ((!!opt_socket_path + (opt_fdnum != -1)) != 1) {
+ g_printerr("Please specify either --fd or --socket-path\n");
+ exit(EXIT_FAILURE);
+ }
+
+ vi.evdevfd = open(opt_evdev, O_RDWR);
+ if (vi.evdevfd < 0) {
+ g_printerr("Failed to open evdev: %s\n", g_strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+
+ rc = ioctl(vi.evdevfd, EVIOCGVERSION, &ver);
+ if (rc < 0) {
+ g_printerr("%s: is not an evdev device\n", argv[1]);
+ exit(EXIT_FAILURE);
+ }
+
+ if (!opt_nograb) {
+ rc = ioctl(vi.evdevfd, EVIOCGRAB, 1);
+ if (rc < 0) {
+ g_printerr("Failed to grab device\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ vi.config = g_array_new(false, false, sizeof(virtio_input_config));
+ memset(&id, 0, sizeof(id));
+ ioctl(vi.evdevfd, EVIOCGNAME(sizeof(id.u.string) - 1), id.u.string);
+ id.select = VIRTIO_INPUT_CFG_ID_NAME;
+ id.size = strlen(id.u.string);
+ g_array_append_val(vi.config, id);
+
+ if (ioctl(vi.evdevfd, EVIOCGID, &ids) == 0) {
+ memset(&id, 0, sizeof(id));
+ id.select = VIRTIO_INPUT_CFG_ID_DEVIDS;
+ id.size = sizeof(struct virtio_input_devids);
+ id.u.ids.bustype = cpu_to_le16(ids.bustype);
+ id.u.ids.vendor = cpu_to_le16(ids.vendor);
+ id.u.ids.product = cpu_to_le16(ids.product);
+ id.u.ids.version = cpu_to_le16(ids.version);
+ g_array_append_val(vi.config, id);
+ }
+
+ vi_bits_config(&vi, EV_KEY, KEY_CNT);
+ vi_bits_config(&vi, EV_REL, REL_CNT);
+ vi_bits_config(&vi, EV_ABS, ABS_CNT);
+ vi_bits_config(&vi, EV_MSC, MSC_CNT);
+ vi_bits_config(&vi, EV_SW, SW_CNT);
+ g_debug("config length: %u", vi.config->len);
+
+ if (opt_socket_path) {
+ int lsock = unix_listen(opt_socket_path, &error_fatal);
+ fd = accept(lsock, NULL, NULL);
+ close(lsock);
+ } else {
+ fd = opt_fdnum;
+ }
+ if (fd == -1) {
+ g_printerr("Invalid socket");
+ exit(EXIT_FAILURE);
+ }
+ vug_init(&vi.dev, fd, vi_panic, &vuiface);
+
+ loop = g_main_loop_new(NULL, FALSE);
+ g_main_loop_run(loop);
+ g_main_loop_unref(loop);
+
+ vug_deinit(&vi.dev);
+
+ if (vi.evsrc) {
+ g_source_unref(vi.evsrc);
+ }
+ g_array_free(vi.config, TRUE);
+ g_free(vi.queue);
+ return 0;
+}
diff --git a/docs/qemu-cpu-models.texi b/docs/qemu-cpu-models.texi
index 23c11dc..ad040cf 100644
--- a/docs/qemu-cpu-models.texi
+++ b/docs/qemu-cpu-models.texi
@@ -200,6 +200,18 @@ Not included by default in any Intel CPU model.
Should be explicitly turned on for all Intel CPU models.
Note that not all CPU hardware will support this feature.
+
+@item @code{md-clear}
+
+Required to confirm the MDS (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,
+CVE-2019-11091) fixes.
+
+Not included by default in any Intel CPU model.
+
+Must be explicitly turned on for all Intel CPU models.
+
+Requires the host CPU microcode to support this feature before it
+can be used for guest CPUs.
@end table
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 2df56fa..2f151da 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1077,7 +1077,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
.feat_names = {
NULL, NULL, "avx512-4vnniw", "avx512-4fmaps",
NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL,
+ NULL, NULL, "md-clear", NULL,
NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
@@ -1184,7 +1184,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
.type = MSR_FEATURE_WORD,
.feat_names = {
"rdctl-no", "ibrs-all", "rsba", "skip-l1dfl-vmentry",
- "ssb-no", NULL, NULL, NULL,
+ "ssb-no", "mds-no", NULL, NULL,
NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL,