aboutsummaryrefslogtreecommitdiff
path: root/hw/9pfs
AgeCommit message (Collapse)AuthorFilesLines
2025-05-059pfs: fix 'total_open_fd' decrementationChristian Schoenebeck3-3/+21
According to 'man 2 close' errors returned by close() should only be used for either diagnostic purposes or for catching data loss due to a previous write error, as an error result of close() usually indicates a deferred error of a previous write operation. Therefore not decrementing 'total_open_fd' on a close() error is wrong and would yield in a higher open file descriptor count than actually the case, leading to 9p server reclaiming open file descriptors too soon. Based-on: <20250312152933.383967-7-groug@kaod.org> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Greg Kurz <groug@kaod.org> Message-Id: <E1tvEyJ-004dMa-So@kylie.crudebyte.com>
2025-05-059pfs: Introduce futimens file opGreg Kurz6-1/+44
Add an futimens operation to the fs driver and use if when a fid has a valid file descriptor. This is required to support more cases where the client wants to do an action on an unlinked file which it still has an open file decriptor for. Only 9P2000.L was considered. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Message-Id: <20250312152933.383967-5-groug@kaod.org> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
2025-05-059pfs: Introduce ftruncate file opGreg Kurz5-1/+42
Add an ftruncate operation to the fs driver and use if when a fid has a valid file descriptor. This is required to support more cases where the client wants to do an action on an unlinked file which it still has an open file decriptor for. Only 9P2000.L was considered. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Message-Id: <20250312152933.383967-4-groug@kaod.org> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
2025-05-059pfs: Don't use file descriptors in core codeGreg Kurz3-3/+20
v9fs_getattr() currently peeks into V9fsFidOpenState to know if a fid has a valid file descriptor or directory stream. Even though the fields are accessible, this is an implementation detail of the local backend that should not be manipulated directly by the server code. Abstract that with a new has_valid_file_handle() backend operation. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Message-Id: <20250312152933.383967-3-groug@kaod.org> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
2025-05-059pfs: local : Introduce local_fid_fd() helperGreg Kurz1-13/+10
Factor out duplicated code to a single helper. More users to come. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Message-Id: <20250312152933.383967-2-groug@kaod.org> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
2025-05-059pfs: fix FD leak and reduce latency of v9fs_reclaim_fd()Christian Schoenebeck1-9/+20
This patch fixes two different bugs in v9fs_reclaim_fd(): 1. Reduce latency: This function calls v9fs_co_close() and v9fs_co_closedir() in a loop. Each one of the calls adds two thread hops (between main thread and a fs driver background thread). Each thread hop adds latency, which sums up in function's loop to a significant duration. Reduce overall latency by open coding what v9fs_co_close() and v9fs_co_closedir() do, executing those and the loop itself altogether in only one background thread block, hence reducing the total amount of thread hops to only two. 2. Fix file descriptor leak: The existing code called v9fs_co_close() and v9fs_co_closedir() to close file descriptors. Both functions check right at the beginning if the 9p request was cancelled: if (v9fs_request_cancelled(pdu)) { return -EINTR; } So if client sent a 'Tflush' message, v9fs_co_close() / v9fs_co_closedir() returned without having closed the file descriptor and v9fs_reclaim_fd() subsequently freed the FID without its file descriptor being closed, hence leaking those file descriptors. This 2nd bug is fixed by this patch as well by open coding v9fs_co_close() and v9fs_co_closedir() inside of v9fs_reclaim_fd() and not performing the v9fs_request_cancelled(pdu) check there. Fixes: 7a46274529c ('hw/9pfs: Add file descriptor reclaim support') Fixes: bccacf6c792 ('hw/9pfs: Implement TFLUSH operation') Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Greg Kurz <groug@kaod.org> Message-Id: <5747469d3f039c53147e850b456943a1d4b5485c.1741339452.git.qemu_oss@crudebyte.com>
2025-05-059pfs: fix concurrent v9fs_reclaim_fd() callsChristian Schoenebeck2-0/+11
Even though this function is serialized to be always called from main thread, v9fs_reclaim_fd() is dispatching the coroutine to a worker thread in between via its v9fs_co_*() calls, hence leading to the situation where v9fs_reclaim_fd() is effectively executed multiple times simultaniously, which renders its LRU algorithm useless and causes high latency. Fix this by adding a simple boolean variable to ensure this function is only called once at a time. No synchronization needed for this boolean variable as this function is only entered and returned on main thread. Fixes: 7a46274529c ('hw/9pfs: Add file descriptor reclaim support') Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Greg Kurz <groug@kaod.org> Message-Id: <5c622067efd66dd4ee5eca740dcf263f41db20b2.1741339452.git.qemu_oss@crudebyte.com>
2025-04-25qom: Have class_init() take a const data argumentPhilippe Mathieu-Daudé1-1/+1
Mechanical change using gsed, then style manually adapted to pass checkpatch.pl script. Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20250424194905.82506-4-philmd@linaro.org>
2025-02-069pfs: improve v9fs_open() tracingChristian Schoenebeck5-2/+66
Improve tracing of 9p 'Topen' request type by showing open() flags as human-readable text. E.g. trace output: v9fs_open tag 0 id 12 fid 2 mode 100352 would become: v9fs_open tag=0 id=12 fid=2 mode=100352(RDONLY|NONBLOCK|DIRECTORY| TMPFILE|NDELAY) Therefor add a new utility function qemu_open_flags_tostr() that converts numeric open() flags from host's native O_* flag constants to a string presentation. 9p2000.L and 9p2000.u protocol variants use different numeric 'mode' constants for 'Topen' requests. Instead of writing string conversion code for both protocol variants, use the already existing conversion functions that convert the mode flags from respective protocol constants to host's native open() numeric flag constants and pass that result to the new string conversion function qemu_open_flags_tostr(). Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Message-Id: <E1tTgDR-000oRr-9g@kylie.crudebyte.com>
2025-02-069pfs: make multidevs=remap defaultChristian Schoenebeck1-0/+3
1a6ed33cc5 introduced option multidevs=remap|forbid|warn and made "warn" the default option. As it turned out though, e.g. by several reports in conjunction with following 9p client issue: https://github.com/torvalds/linux/commit/850925a8133c73c4a2453c360b2c3beb3bab67c9 Many people are just ignoring this warning, or even do not notice the warning at all. Therefore make multidevs=remap the new default option to prevent people to run into such kind of severe misbehaviours in the first place. From performance PoV the runtime overhead of multidevs=remap is neglectable with few or even just only one device being shared with the same 9p export, expected to be constant Theta(1). The inode numbers emitted to guest also just loose one bit (since 6b6aa8285d) for the 1st device being shared. Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Message-Id: <09cc84e5561f66b6a8cf49b3532c6c78a6acc806.1734876877.git.qemu_oss@crudebyte.com>
2025-02-069pfs: improve v9fs_walk() tracingChristian Schoenebeck2-6/+32
'Twalk' is the most important request type in the 9p protocol to look out for when debugging 9p communication. That's because it is the only part of the 9p protocol which actually deals with human-readable path names, whereas all other 9p request types work on numeric file IDs (FIDs) only. Improve tracing of 'Twalk' requests, e.g. let's say client wanted to walk to "/home/bob/src", then improve trace output from: v9fs_walk tag 0 id 110 fid 0 newfid 1 nwnames 3 to: v9fs_walk tag=0 id=110 fid=0 newfid=1 nwnames=3 wnames={home, bob, src} To achieve this, add a new helper function trace_v9fs_walk_wnames() which converts the received V9fsString array of individual path elements into a comma-separated string presentation for being passed to the tracing system. As this conversion is somewhat expensive, this conversion function is only called if tracing of event 'v9fs_walk' is currently enabled. Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <E1tJamT-007Cqk-9E@kylie.crudebyte.com>
2024-12-21Merge tag 'exec-20241220' of https://github.com/philmd/qemu into stagingStefan Hajnoczi2-2/+2
Accel & Exec patch queue - Ignore writes to CNTP_CTL_EL0 on HVF ARM (Alexander) - Add '-d invalid_mem' logging option (Zoltan) - Create QOM containers explicitly (Peter) - Rename sysemu/ -> system/ (Philippe) - Re-orderning of include/exec/ headers (Philippe) Move a lot of declarations from these legacy mixed bag headers: . "exec/cpu-all.h" . "exec/cpu-common.h" . "exec/cpu-defs.h" . "exec/exec-all.h" . "exec/translate-all" to these more specific ones: . "exec/page-protection.h" . "exec/translation-block.h" . "user/cpu_loop.h" . "user/guest-host.h" . "user/page-protection.h" # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmdlnyAACgkQ4+MsLN6t # wN6mBw//QFWi7CrU+bb8KMM53kOU9C507tjn99LLGFb5or73/umDsw6eo/b8DHBt # KIwGLgATel42oojKfNKavtAzLK5rOrywpboPDpa3SNeF1onW+99NGJ52LQUqIX6K # A6bS0fPdGG9ZzEuPpbjDXlp++0yhDcdSgZsS42fEsT7Dyj5gzJYlqpqhiXGqpsn8 # 4Y0UMxSL21K3HEexlzw2hsoOBFA3tUm2ujNDhNkt8QASr85yQVLCypABJnuoe/// # 5Ojl5wTBeDwhANET0rhwHK8eIYaNboiM9fHopJYhvyw1bz6yAu9jQwzF/MrL3s/r # xa4OBHBy5mq2hQV9Shcl3UfCQdk/vDaYaWpgzJGX8stgMGYfnfej1SIl8haJIfcl # VMX8/jEFdYbjhO4AeGRYcBzWjEJymkDJZoiSWp2NuEDi6jqIW+7yW1q0Rnlg9lay # ShAqLK5Pv4zUw3t0Jy3qv9KSW8sbs6PQxtzXjk8p97rTf76BJ2pF8sv1tVzmsidP # 9L92Hv5O34IqzBu2oATOUZYJk89YGmTIUSLkpT7asJZpBLwNM2qLp5jO00WVU0Sd # +kAn324guYPkko/TVnjC/AY7CMu55EOtD9NU35k3mUAnxXT9oDUeL4NlYtfgrJx6 # x1Nzr2FkS68+wlPAFKNSSU5lTjsjNaFM0bIJ4LCNtenJVP+SnRo= # =cjz8 # -----END PGP SIGNATURE----- # gpg: Signature made Fri 20 Dec 2024 11:45:20 EST # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * tag 'exec-20241220' of https://github.com/philmd/qemu: (59 commits) util/qemu-timer: fix indentation meson: Do not define CONFIG_DEVICES on user emulation system/accel-ops: Remove unnecessary 'exec/cpu-common.h' header system/numa: Remove unnecessary 'exec/cpu-common.h' header hw/xen: Remove unnecessary 'exec/cpu-common.h' header target/mips: Drop left-over comment about Jazz machine target/mips: Remove tswap() calls in semihosting uhi_fstat_cb() target/xtensa: Remove tswap() calls in semihosting simcall() helper accel/tcg: Un-inline translator_is_same_page() accel/tcg: Include missing 'exec/translation-block.h' header accel/tcg: Move tcg_cflags_has/set() to 'exec/translation-block.h' accel/tcg: Restrict curr_cflags() declaration to 'internal-common.h' qemu/coroutine: Include missing 'qemu/atomic.h' header exec/translation-block: Include missing 'qemu/atomic.h' header accel/tcg: Declare cpu_loop_exit_requested() in 'exec/cpu-common.h' exec/cpu-all: Include 'cpu.h' earlier so MMU_USER_IDX is always defined target/sparc: Move sparc_restore_state_to_opc() to cpu.c target/sparc: Uninline cpu_get_tb_cpu_state() target/loongarch: Declare loongarch_cpu_dump_state() locally user: Move various declarations out of 'exec/exec-all.h' ... Conflicts: hw/char/riscv_htif.c hw/intc/riscv_aplic.c target/s390x/cpu.c Apply sysemu header path changes to not in the pull request. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2024-12-20include: Rename sysemu/ -> system/Philippe Mathieu-Daudé2-2/+2
Headers in include/sysemu/ are not only related to system *emulation*, they are also used by virtualization. Rename as system/ which is clearer. Files renamed manually then mechanical change using sed tool. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Lei Yang <leiyang@redhat.com> Message-Id: <20241203172445.28576-1-philmd@linaro.org>
2024-12-19include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LISTRichard Henderson1-1/+0
Now that all of the Property arrays are counted, we can remove the terminator object from each array. Update the assertions in device_class_set_props to match. With struct Property being 88 bytes, this was a rather large form of terminator. Saves 30k from qemu-system-aarch64. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Lei Yang <leiyang@redhat.com> Link: https://lore.kernel.org/r/20241218134251.4724-21-richard.henderson@linaro.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2024-12-15hw/9pfs: Constify all PropertyRichard Henderson1-1/+1
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-12-109pfs: fix regression regarding CVE-2023-2861Christian Schoenebeck1-10/+17
The released fix for this CVE: f6b0de53fb8 ("9pfs: prevent opening special files (CVE-2023-2861)") caused a regression with security_model=passthrough. When handling a 'Tmknod' request there was a side effect that 'Tmknod' request could fail as 9p server was trying to adjust permissions: #6 close_if_special_file (fd=30) at ../hw/9pfs/9p-util.h:140 #7 openat_file (mode=<optimized out>, flags=2228224, name=<optimized out>, dirfd=<optimized out>) at ../hw/9pfs/9p-util.h:181 #8 fchmodat_nofollow (dirfd=dirfd@entry=31, name=name@entry=0x5555577ea6e0 "mysocket", mode=493) at ../hw/9pfs/9p-local.c:360 #9 local_set_cred_passthrough (credp=0x7ffbbc4ace10, name=0x5555577ea6e0 "mysocket", dirfd=31, fs_ctx=0x55555811f528) at ../hw/9pfs/9p-local.c:457 #10 local_mknod (fs_ctx=0x55555811f528, dir_path=<optimized out>, name=0x5555577ea6e0 "mysocket", credp=0x7ffbbc4ace10) at ../hw/9pfs/9p-local.c:702 #11 v9fs_co_mknod (pdu=pdu@entry=0x555558121140, fidp=fidp@entry=0x5555574c46c0, name=name@entry=0x7ffbbc4aced0, uid=1000, gid=1000, dev=<optimized out>, mode=49645, stbuf=0x7ffbbc4acef0) at ../hw/9pfs/cofs.c:205 #12 v9fs_mknod (opaque=0x555558121140) at ../hw/9pfs/9p.c:3711 That's because server was opening the special file to adjust permissions, however it was using O_PATH and it would have not returned the file descriptor to guest. So the call to close_if_special_file() on that branch was incorrect. Let's lift the restriction introduced by f6b0de53fb8 such that it would allow to open special files on host if O_PATH flag is supplied, not only for 9p server's own operations as described above, but also for any client 'Topen' request. It is safe to allow opening special files with O_PATH on host, because O_PATH only allows path based operations on the resulting file descriptor and prevents I/O such as read() and write() on that file descriptor. Fixes: f6b0de53fb8 ("9pfs: prevent opening special files (CVE-2023-2861)") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2337 Reported-by: Dirk Herrendorfer <d.herrendoerfer@de.ibm.com> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Greg Kurz <groug@kaod.org> Tested-by: Dirk Herrendorfer <d.herrendoerfer@de.ibm.com> Message-Id: <E1tJWbk-007BH4-OB@kylie.crudebyte.com>
2024-11-289pfs: fix 'Tgetattr' after unlinkChristian Schoenebeck1-1/+7
With a valid file ID (FID) of an open file, it should be possible to send a 'Tgettattr' 9p request and successfully receive a 'Rgetattr' response, even if the file has been removed in the meantime. Currently this would fail with ENOENT. I.e. this fixes the following misbehaviour with a 9p Linux client: open("/home/tst/filename", O_RDWR|O_CREAT|O_EXCL, 0600) = 3 unlink("/home/tst/filename") = 0 fstat(3, 0x23aa1a8) = -1 ENOENT (No such file or directory) Expected results: open("/home/tst/filename", O_RDWR|O_CREAT|O_EXCL, 0600) = 3 unlink("/home/tst/filename") = 0 fstat(3, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0 This is because 9p server is always using a path name based lstat() call which fails as soon as the file got removed. So to fix this, use fstat() whenever we have an open file descriptor already. Fixes: 00ede4c2529b ("virtio-9p: getattr server implementation...") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/103 Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Greg Kurz <groug@kaod.org> Message-Id: <4c41ad47f449a5cc8bfa9285743e029080d5f324.1732465720.git.qemu_oss@crudebyte.com>
2024-11-289pfs: remove obsolete comment in v9fs_getattr()Christian Schoenebeck1-4/+0
The comment claims that we'd only support basic Tgetattr fields. This is no longer true, so remove this comment. Fixes: e06a765efbe3 ("hw/9pfs: Add st_gen support in getattr reply") Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Greg Kurz <groug@kaod.org> Message-Id: <fb364d12045217a4c6ccd0dd6368103ddb80698b.1732465720.git.qemu_oss@crudebyte.com>
2024-11-289pfs: cleanup V9fsFidStateChristian Schoenebeck1-1/+0
Drop V9fsFidState's 'next' member, which is no longer used since: f5265c8f917e ('9pfs: use GHashTable for fid table') Fixes: f5265c8f917e ('9pfs: use GHashTable for fid table') Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Greg Kurz <groug@kaod.org> Message-Id: <E1tE4v2-0051EH-Ni@kylie.crudebyte.com>
2024-11-089pfs: fix crash on 'Treaddir' requestChristian Schoenebeck1-0/+5
A bad (broken or malicious) 9p client (guest) could cause QEMU host to crash by sending a 9p 'Treaddir' request with a numeric file ID (FID) that was previously opened for a file instead of an expected directory: #0 0x0000762aff8f4919 in __GI___rewinddir (dirp=0xf) at ../sysdeps/unix/sysv/linux/rewinddir.c:29 #1 0x0000557b7625fb40 in do_readdir_many (pdu=0x557bb67d2eb0, fidp=0x557bb67955b0, entries=0x762afe9fff58, offset=0, maxsize=131072, dostat=<optimized out>) at ../hw/9pfs/codir.c:101 #2 v9fs_co_readdir_many (pdu=pdu@entry=0x557bb67d2eb0, fidp=fidp@entry=0x557bb67955b0, entries=entries@entry=0x762afe9fff58, offset=0, maxsize=131072, dostat=false) at ../hw/9pfs/codir.c:226 #3 0x0000557b7625c1f9 in v9fs_do_readdir (pdu=0x557bb67d2eb0, fidp=0x557bb67955b0, offset=<optimized out>, max_count=<optimized out>) at ../hw/9pfs/9p.c:2488 #4 v9fs_readdir (opaque=0x557bb67d2eb0) at ../hw/9pfs/9p.c:2602 That's because V9fsFidOpenState was declared as union type. So the same memory region is used for either an open POSIX file handle (int), or a POSIX DIR* pointer, etc., so 9p server incorrectly used the previously opened (valid) POSIX file handle (0xf) as DIR* pointer, eventually causing a crash in glibc's rewinddir() function. Root cause was therefore a missing check in 9p server's 'Treaddir' request handler, which must ensure that the client supplied FID was really opened as directory stream before trying to access the aforementioned union and its DIR* member. Cc: qemu-stable@nongnu.org Fixes: d62dbb51f7 ("virtio-9p: Add fidtype so that we can do type ...") Reported-by: Akihiro Suda <suda.kyoto@gmail.com> Tested-by: Akihiro Suda <suda.kyoto@gmail.com> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Greg Kurz <groug@kaod.org> Message-Id: <E1t8GnN-002RS8-E2@kylie.crudebyte.com>
2024-10-039p: remove 'proxy' filesystem backend driverPaolo Bonzini3-1381/+0
It has been deprecated since 8.1; remove it and suggest using the 'local' file system backend driver instead or virtiofsd. Acked-by: Greg Kurz <groug@kaod.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2024-06-04hw/xen: Make XenDevOps structures constPhilippe Mathieu-Daudé1-1/+1
Keep XenDevOps structures in .rodata. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Paul Durrant <paul@xen.org> Message-Id: <20240510104908.76908-5-philmd@linaro.org>
2024-05-10xen: register legacy backends via xen_backend_initPaolo Bonzini1-1/+7
It is okay to register legacy backends in the middle of xen_bus_init(). All that the registration does is record the existence of the backend in xenstore. This makes it possible to remove them from the build without introducing undefined symbols in xen_be_init(). It also removes the need for the backend_register callback, whose only purpose is to avoid registering nonfunctional backends. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20240509170044.190795-8-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2024-01-04Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into stagingPeter Maydell1-2/+5
* configure: use a native non-cross compiler for linux-user * meson: cleanups * target/i386: miscellaneous cleanups and optimizations * target/i386: implement CMPccXADD * target/i386: the sgx_epc_get_section stub is reachable * esp: check for NULL result from scsi_device_find() # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmWRImYUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroNd7AgAgcyJGiMfUkXqhefplpm06RDXQIa8 # FuoJqPb21lO75DQKfaFRAc4xGLagjJROMJGHMm9HvMu2VlwvOydkQlfFRspENxQ/ # 5XzGdb/X0A7HA/mwUfnMB1AZx0Vs32VI5IBSc6acc9fmgeZ84XQEoM3KBQHUik7X # mSkE4eltR9gJ+4IaGo4voZtK+YoVD8nEcuqmnKihSPWizev0FsZ49aNMtaYa9qC/ # Xs3kiQd/zPibHDHJu0ulFsNZgxtUcvlLHTCf8gO4dHWxCFLXGubMush83McpRtNB # Qoh6cTLH+PBXfrxMR3zmTZMNvo8Euls3s07Y8TkNP4vdIIE/kMeMDW1wJw== # =mq30 # -----END PGP SIGNATURE----- # gpg: Signature made Sun 31 Dec 2023 08:12:22 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (46 commits) meson.build: report graphics backends separately configure, meson: rename targetos to host_os meson: rename config_all meson: remove CONFIG_ALL meson: remove config_targetos meson: remove CONFIG_POSIX and CONFIG_WIN32 from config_targetos meson: remove OS definitions from config_targetos meson: always probe u2f and canokey if the option is enabled meson: move subdirs to "Collect sources" section meson: move config-host.h definitions together meson: move CFI detection code with other compiler flags meson: keep subprojects together meson: move accelerator dependency checks together meson: move option validation together meson: move program checks together meson: add more sections to main meson.build configure: unify again the case arms in probe_target_compiler configure: remove unnecessary subshell Makefile: clean qemu-iotests output meson: use version_compare() to compare version ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-12-31configure, meson: rename targetos to host_osPaolo Bonzini1-2/+2
This variable is about the host OS, not the target. It is used a lot more since the Meson conversion, but the original sin dates back to 2003. Time to fix it. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-12-31meson: remove OS definitions from config_targetosPaolo Bonzini1-2/+5
CONFIG_DARWIN, CONFIG_LINUX and CONFIG_BSD are used in some rules, but only CONFIG_LINUX has substantial use. Convert them all to if...endif. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-12-29hw/9pfs: Constify VMStateRichard Henderson1-1/+1
Acked-by: Greg Kurz <groug@kaod.org> Acked-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20231221031652.119827-21-richard.henderson@linaro.org>
2023-10-20migration: simplify blockersSteve Sistare1-8/+2
Modify migrate_add_blocker and migrate_del_blocker to take an Error ** reason. This allows migration to own the Error object, so that if an error occurs in migrate_add_blocker, migration code can free the Error and clear the client handle, simplifying client code. It also simplifies the migrate_del_blocker call site. In addition, this is a pre-requisite for a proposed future patch that would add a mode argument to migration requests to support live update, and maintain a list of blockers for each mode. A blocker may apply to a single mode or to multiple modes, and passing Error** will allow one Error object to be registered for multiple modes. No functional change. Signed-off-by: Steve Sistare <steven.sistare@oracle.com> Tested-by: Michael Galaxy <mgalaxy@akamai.com> Reviewed-by: Michael Galaxy <mgalaxy@akamai.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com> Message-ID: <1697634216-84215-1-git-send-email-steven.sistare@oracle.com>
2023-08-29fsdev: Use ThrottleDirection instread of bool is_writezhenwei pi1-2/+2
'bool is_write' style is obsolete from throttle framework, adapt fsdev to the new style. Cc: Greg Kurz <groug@kaod.org> Reviewed-by: Hanna Czenczek <hreitz@redhat.com> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> Message-Id: <20230728022006.1098509-9-pizhenwei@bytedance.com> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
2023-07-25hw/9pfs: spelling fixesMichael Tokarev6-10/+10
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
2023-07-069pfs: deprecate 'proxy' backendChristian Schoenebeck2-0/+10
As recent CVE-2023-2861 (fixed by f6b0de53fb) once again showed, the 9p 'proxy' fs driver is in bad shape. Using the 'proxy' backend was already discouraged for safety reasons before and we recommended to use the 'local' backend (preferably in conjunction with its 'mapped' security model) instead, but now it is time to officially deprecate the 'proxy' backend. Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Greg Kurz <groug@kaod.org> Message-Id: <E1qDkmw-0007M1-8f@lizzy.crudebyte.com>
2023-06-20meson: Replace softmmu_ss -> system_ssPhilippe Mathieu-Daudé1-1/+1
We use the user_ss[] array to hold the user emulation sources, and the softmmu_ss[] array to hold the system emulation ones. Hold the latter in the 'system_ss[]' array for parity with user emulation. Mechanical change doing: $ sed -i -e s/softmmu_ss/system_ss/g $(git grep -l softmmu_ss) Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230613133347.82210-10-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-06-089pfs: prevent opening special files (CVE-2023-2861)Christian Schoenebeck1-0/+39
The 9p protocol does not specifically define how server shall behave when client tries to open a special file, however from security POV it does make sense for 9p server to prohibit opening any special file on host side in general. A sane Linux 9p client for instance would never attempt to open a special file on host side, it would always handle those exclusively on its guest side. A malicious client however could potentially escape from the exported 9p tree by creating and opening a device file on host side. With QEMU this could only be exploited in the following unsafe setups: - Running QEMU binary as root AND 9p 'local' fs driver AND 'passthrough' security model. or - Using 9p 'proxy' fs driver (which is running its helper daemon as root). These setups were already discouraged for safety reasons before, however for obvious reasons we are now tightening behaviour on this. Fixes: CVE-2023-2861 Reported-by: Yanwu Shen <ywsPlz@gmail.com> Reported-by: Jietao Xiao <shawtao1125@gmail.com> Reported-by: Jinku Li <jkli@xidian.edu.cn> Reported-by: Wenbo Shen <shenwenbo@zju.edu.cn> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Message-Id: <E1q6w7r-0000Q0-NM@lizzy.crudebyte.com>
2023-06-01hw/9pfs: use qemu_xxhash4Alex Bennée1-3/+2
No need to pass zeros as we have helpers that do that for us. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20230526165401.574474-11-alex.bennee@linaro.org Message-Id: <20230524133952.3971948-10-alex.bennee@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-05-169pfs/xen: Fix segfault on shutdownJason Andryuk2-13/+28
xen_9pfs_free can't use gnttabdev since it is already closed and NULL-ed out when free is called. Do the teardown in _disconnect(). This matches the setup done in _connect(). trace-events are also added for the XenDevOps functions. Signed-off-by: Jason Andryuk <jandryuk@gmail.com> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> Message-Id: <20230502143722.15613-1-jandryuk@gmail.com> [C.S.: - Remove redundant return in xen_9pfs_free(). - Add comment to trace-events. ] Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
2023-04-28hw: replace most qemu_bh_new calls with qemu_bh_new_guardedAlexander Bulekov1-1/+4
This protects devices from bh->mmio reentrancy issues. Thanks: Thomas Huth <thuth@redhat.com> for diagnosing OS X test failure. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paul Durrant <paul@xen.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <20230427211013.2994127-5-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-04-259pfs: mark more coroutine_fnsPaolo Bonzini2-5/+5
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20230309084456.304669-6-pbonzini@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2023-04-25thread-pool: avoid passing the pool parameter every timeEmanuele Giuseppe Esposito1-2/+1
thread_pool_submit_aio() is always called on a pool taken from qemu_get_current_aio_context(), and that is the only intended use: each pool runs only in the same thread that is submitting work to it, it can't run anywhere else. Therefore simplify the thread_pool_submit* API and remove the ThreadPool function parameter. Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> Message-Id: <20230203131731.851116-5-eesposit@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2023-03-07hw/xen: Build PV backend drivers for CONFIG_XEN_BUSDavid Woodhouse1-1/+1
Now that we have the redirectable Xen backend operations we can build the PV backends even without the Xen libraries. Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Reviewed-by: Paul Durrant <paul@xen.org>
2023-03-07hw/xen: Rename xen_common.h to xen_native.hDavid Woodhouse1-0/+1
This header is now only for native Xen code, not PV backends that may be used in Xen emulation. Since the toolstack libraries may depend on the specific version of Xen headers that they pull in (and will set the __XEN_TOOLS__ macro to enable internal definitions that they depend on), the rule is that xen_native.h (and thus the toolstack library headers) must be included *before* any of the headers in include/hw/xen/interface. Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Reviewed-by: Paul Durrant <paul@xen.org>
2023-03-07hw/xen: Pass grant ref to gnttab unmap operationDavid Woodhouse1-3/+4
The previous commit introduced redirectable gnttab operations fairly much like-for-like, with the exception of the extra arguments to the ->open() call which were always NULL/0 anyway. This *changes* the arguments to the ->unmap() operation to include the original ref# that was mapped. Under real Xen it isn't necessary; all we need to do from QEMU is munmap(), then the kernel will release the grant, and Xen does the tracking/refcounting for the guest. When we have emulated grant tables though, we need to do all that for ourselves. So let's have the back ends keep track of what they mapped and pass it in to the ->unmap() method for us. Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Reviewed-by: Paul Durrant <paul@xen.org>
2023-03-07hw/xen: Add evtchn operations to allow redirection to internal emulationDavid Woodhouse1-12/+12
The existing implementation calling into the real libxenevtchn moves to a new file hw/xen/xen-operations.c, and is called via a function table which in a subsequent commit will also be able to invoke the emulated event channel support. Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Reviewed-by: Paul Durrant <paul@xen.org>
2023-02-08Don't include headers already included by qemu/osdep.hMarkus Armbruster1-2/+0
This commit was created with scripts/clean-includes. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <20230202133830.2152150-19-armbru@redhat.com>
2023-01-20coroutine: Split qemu/coroutine-core.h off qemu/coroutine.hMarkus Armbruster1-1/+1
qemu/coroutine.h and qemu/lockable.h include each other. They need each other only in macro expansions, so we could simply drop both inclusions to break the loop, and add suitable includes to files that expand the macros. Instead, move a part of qemu/coroutine.h to new qemu/coroutine-core.h so that qemu/coroutine-core.h doesn't need qemu/lockable.h, and qemu/lockable.h only needs qemu/coroutine-core.h. Result: qemu/coroutine.h includes qemu/lockable.h includes qemu/coroutine-core.h. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20221221131435.3851212-5-armbru@redhat.com> [Semantic rebase conflict with 7c10cb38cc "accel/tcg: Add debuginfo support" resolved]
2023-01-19coroutine: Clean up superfluous inclusion of qemu/coroutine.hMarkus Armbruster4-4/+0
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221221131435.3851212-2-armbru@redhat.com>
2023-01-09error handling: Use RETRY_ON_EINTR() macro where applicableNikita Ivanov1-6/+2
There is a defined RETRY_ON_EINTR() macro in qemu/osdep.h which handles the same while loop. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/415 Signed-off-by: Nikita Ivanov <nivanov@cloudlinux.com> Message-Id: <20221023090422.242617-3-nivanov@cloudlinux.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> [thuth: Dropped the hunk that changed socket_accept() in libqtest.c] Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-12-23hw/9pfs: Replace the direct call to xxxat() APIs with a wrapperBin Meng2-20/+27
xxxat() APIs are only available on POSIX platforms. For future extension to Windows, let's replace the direct call to xxxat() APIs with a wrapper. Signed-off-by: Bin Meng <bin.meng@windriver.com> Message-Id: <20221219102022.2167736-4-bin.meng@windriver.com> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
2022-12-23hw/9pfs: Drop unnecessary *xattr wrapper API declarationsBin Meng1-11/+0
These are not used anywhere in the source tree. Drop them. Signed-off-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Greg Kurz <groug@kaod.org> Message-Id: <20221219102022.2167736-3-bin.meng@windriver.com> Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
2022-12-239pfs: Fix some return statements in the synth backendGreg Kurz1-6/+6
The qemu_v9fs_synth_mkdir() and qemu_v9fs_synth_add_file() functions currently return a positive errno value on failure. This causes checkpatch.pl to spit several errors like the one below: ERROR: return of an errno should typically be -ve (return -EAGAIN) + return EAGAIN; Simply change the sign. This has no consequence since callers assert() the returned value to be equal to 0. Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <166930551818.827792.10663674346122681963.stgit@bahia> [C.S.: - Resolve conflict with 66997c42e02c. ] Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
2022-12-14cleanup: Tweak and re-run return_directly.cocciMarkus Armbruster1-10/+4
Tweak the semantic patch to drop redundant parenthesis around the return expression. Coccinelle drops a comment in hw/rdma/vmw/pvrdma_cmd.c; restored manually. Coccinelle messes up vmdk_co_create(), not sure why. Change dropped, will be done manually in the next commit. Line breaks in target/avr/cpu.h and hw/rdma/vmw/pvrdma_cmd.c tidied up manually. Whitespace in tools/virtiofsd/fuse_lowlevel.c tidied up manually. checkpatch.pl complains "return of an errno should typically be -ve" two times for hw/9pfs/9p-synth.c. Preexisting, the patch merely makes it visible to checkpatch.pl. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20221122134917.1217307-2-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>