From 2e84849aa2cc7f220d3b3668f5f7e3c57bb1b590 Mon Sep 17 00:00:00 2001 From: Don Slutz Date: Fri, 21 Sep 2012 20:13:13 -0400 Subject: target-i386: Allow tsc-frequency to be larger then 2.147G The check using INT_MAX (2147483647) is wrong in this case. Signed-off-by: Fred Oliveira Signed-off-by: Don Slutz Signed-off-by: Stefan Hajnoczi --- target-i386/cpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target-i386/cpu.c b/target-i386/cpu.c index 423e00905d..cbc172e9fc 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c @@ -846,7 +846,7 @@ static void x86_cpuid_set_tsc_freq(Object *obj, Visitor *v, void *opaque, { X86CPU *cpu = X86_CPU(obj); const int64_t min = 0; - const int64_t max = INT_MAX; + const int64_t max = INT64_MAX; int64_t value; visit_type_int(v, &value, name, errp); -- cgit v1.2.3 From b548828862d3bf7214b7ef9cb361356b153b89c9 Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Sat, 1 Sep 2012 09:34:15 +0200 Subject: qemu-ga: Remove unreachable code after g_error Report from smatch: qemu-ga.c:117 register_signal_handlers(11) info: ignoring unreachable code. qemu-ga.c:122 register_signal_handlers(16) info: ignoring unreachable code. g_error calls abort which terminates the program. Signed-off-by: Stefan Weil Signed-off-by: Stefan Hajnoczi --- qemu-ga.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/qemu-ga.c b/qemu-ga.c index 7623079887..b7474708f0 100644 --- a/qemu-ga.c +++ b/qemu-ga.c @@ -114,12 +114,10 @@ static gboolean register_signal_handlers(void) ret = sigaction(SIGINT, &sigact, NULL); if (ret == -1) { g_error("error configuring signal handler: %s", strerror(errno)); - return false; } ret = sigaction(SIGTERM, &sigact, NULL); if (ret == -1) { g_error("error configuring signal handler: %s", strerror(errno)); - return false; } return true; -- cgit v1.2.3 From 39b384591fda27d6e1213cea0b11b1ebe0ed4b74 Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Sat, 1 Sep 2012 09:40:26 +0200 Subject: qemu-sockets: Fix potential memory leak The old code leaks variable 'peer'. Signed-off-by: Stefan Weil Signed-off-by: Stefan Hajnoczi --- qemu-sockets.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qemu-sockets.c b/qemu-sockets.c index 361d890da3..037775b86b 100644 --- a/qemu-sockets.c +++ b/qemu-sockets.c @@ -353,7 +353,7 @@ int inet_dgram_opts(QemuOpts *opts) if (0 != (rc = getaddrinfo(addr, port, &ai, &local))) { fprintf(stderr,"getaddrinfo(%s,%s): %s\n", addr, port, gai_strerror(rc)); - return -1; + goto err; } /* create socket */ -- cgit v1.2.3 From 5d40097fc09fe5d34cf316a411dc27d455ac2cd0 Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Sat, 1 Sep 2012 11:12:23 +0200 Subject: cadence_uart: Fix buffer overflow Report from smatch: hw/cadence_uart.c:413 uart_read(13) error: buffer overflow 's->r' 18 <= 18 This fixes read access to s->r[R_MAX] which is behind the limits of s->r. Signed-off-by: Stefan Weil Signed-off-by: Stefan Hajnoczi --- hw/cadence_uart.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/cadence_uart.c b/hw/cadence_uart.c index d98e531372..f8afc4ed26 100644 --- a/hw/cadence_uart.c +++ b/hw/cadence_uart.c @@ -404,7 +404,7 @@ static uint64_t uart_read(void *opaque, target_phys_addr_t offset, uint32_t c = 0; offset >>= 2; - if (offset > R_MAX) { + if (offset >= R_MAX) { return 0; } else if (offset == R_TX_RX) { uart_read_rx_fifo(s, &c); -- cgit v1.2.3 From 8139626643cbe8dc07bd9acc88057effeedf8064 Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Sat, 1 Sep 2012 12:43:41 +0200 Subject: lm4549: Fix buffer overflow Report from smatch: lm4549.c:234 lm4549_write_samples(14) error: buffer overflow 's->buffer' 1024 <= 1024 There must be enough space to add two entries starting with index s->buffer_level, therefore the old check was wrong. [Peter Maydell clarifies the nature of the analyser warning: I don't object to making the change to placate the analyser, but I don't think this is actually a buffer overrun. We always add and remove samples from the buffer two at a time, so it's not possible to get here with s->buffer_level == BUFFER_SIZE-1 (which is the only case where the old and new conditions give different answers).] Signed-off-by: Stefan Weil Signed-off-by: Stefan Hajnoczi --- hw/lm4549.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/lm4549.c b/hw/lm4549.c index 80b3ec4a5d..e0137d54b6 100644 --- a/hw/lm4549.c +++ b/hw/lm4549.c @@ -224,7 +224,7 @@ uint32_t lm4549_write_samples(lm4549_state *s, uint32_t left, uint32_t right) This model supports 16-bit playback. */ - if (s->buffer_level >= LM4549_BUFFER_SIZE) { + if (s->buffer_level > LM4549_BUFFER_SIZE - 2) { DPRINTF("write_sample Buffer full\n"); return 0; } -- cgit v1.2.3 From 997f15672a5ca7714cf310d92f475d2c5fe40970 Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Sat, 1 Sep 2012 12:56:03 +0200 Subject: ioh3420: Remove unreachable code Report from smatch: hw/ioh3420.c:128 ioh3420_initfn(35) info: ignoring unreachable code. Signed-off-by: Stefan Weil Reviewed-by: Juan Quintela Signed-off-by: Stefan Hajnoczi --- hw/ioh3420.c | 1 - 1 file changed, 1 deletion(-) diff --git a/hw/ioh3420.c b/hw/ioh3420.c index 94a537c9b3..4d314733b9 100644 --- a/hw/ioh3420.c +++ b/hw/ioh3420.c @@ -125,7 +125,6 @@ static int ioh3420_initfn(PCIDevice *d) rc = pcie_chassis_add_slot(s); if (rc < 0) { goto err_pcie_cap; - return rc; } pcie_cap_root_init(d); rc = pcie_aer_init(d, IOH_EP_AER_OFFSET); -- cgit v1.2.3 From 12dabc79f976d66755025272f7e2e8e4da31715a Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Sat, 1 Sep 2012 13:00:48 +0200 Subject: pflash_cfi01: Fix warning caused by unreachable code Report from smatch: hw/pflash_cfi01.c:431 pflash_write(180) info: ignoring unreachable code. Instead of removing the return statement after the switch statement, the patch replaces the return statements in the switch statement by break statements. Other switch statements in the same code do it also like that. Signed-off-by: Stefan Weil Signed-off-by: Stefan Hajnoczi --- hw/pflash_cfi01.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hw/pflash_cfi01.c b/hw/pflash_cfi01.c index 9c42d3105c..855890d1f1 100644 --- a/hw/pflash_cfi01.c +++ b/hw/pflash_cfi01.c @@ -321,7 +321,7 @@ static void pflash_write(pflash_t *pfl, target_phys_addr_t offset, } pfl->wcycle++; pfl->cmd = cmd; - return; + break; case 1: switch (pfl->cmd) { case 0x10: /* Single Byte Program */ @@ -376,7 +376,7 @@ static void pflash_write(pflash_t *pfl, target_phys_addr_t offset, default: goto error_flash; } - return; + break; case 2: switch (pfl->cmd) { case 0xe8: /* Block write */ @@ -407,7 +407,7 @@ static void pflash_write(pflash_t *pfl, target_phys_addr_t offset, default: goto error_flash; } - return; + break; case 3: /* Confirm mode */ switch (pfl->cmd) { case 0xe8: /* Block write */ @@ -423,7 +423,7 @@ static void pflash_write(pflash_t *pfl, target_phys_addr_t offset, default: goto error_flash; } - return; + break; default: /* Should never happen */ DPRINTF("%s: invalid write state\n", __func__); -- cgit v1.2.3 From d8f8a860f2403533fc73f541122c65a34b21e42f Mon Sep 17 00:00:00 2001 From: Alon Levy Date: Sun, 2 Sep 2012 02:04:16 +0300 Subject: dtrace backend: add function to reserved words Signed-off-by: Alon Levy Signed-off-by: Stefan Hajnoczi --- scripts/tracetool/backend/dtrace.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/tracetool/backend/dtrace.py b/scripts/tracetool/backend/dtrace.py index 9cab75cde8..6be7047018 100644 --- a/scripts/tracetool/backend/dtrace.py +++ b/scripts/tracetool/backend/dtrace.py @@ -87,7 +87,7 @@ def stap(events): if len(e.args) > 0: for name in e.args.names(): # Append underscore to reserved keywords - if name in ('limit', 'in', 'next', 'self'): + if name in ('limit', 'in', 'next', 'self', 'function'): name += '_' out(' %s = $arg%d;' % (name, i)) i += 1 -- cgit v1.2.3 From 995ee2bf469de6bbe5ce133ec853392b2a4ce34c Mon Sep 17 00:00:00 2001 From: Hitoshi Mitake Date: Sat, 15 Sep 2012 01:15:41 +0900 Subject: curses: don't initialize curses when qemu is daemonized Current qemu initializes curses even if -daemonize option is passed. This cause problem because shell prompt appears without calling endwin(). This patch adds new function, is_daemonized(), to OS dependent code. With this function, curses_display_init() can check that qemu is daemonized or not. If daemonized, curses_display_init() isn't called and the problem is avoided. Of course, -daemonize && -curses doesn't make sense. Users shouldn't pass the arguments at the same time. But the problem is very painful because Ctrl-C cannot be delivered to the terminal. Cc: Andrzej Zaborowski Cc: Stefan Hajnoczi Cc: Anthony Liguori Cc: Michael Roth Signed-off-by: Hitoshi Mitake Signed-off-by: Stefan Hajnoczi --- os-posix.c | 5 +++++ qemu-os-posix.h | 2 ++ qemu-os-win32.h | 5 +++++ vl.c | 4 +++- 4 files changed, 15 insertions(+), 1 deletion(-) diff --git a/os-posix.c b/os-posix.c index 79fa2288e4..eabccb8fe0 100644 --- a/os-posix.c +++ b/os-posix.c @@ -360,3 +360,8 @@ int qemu_create_pidfile(const char *filename) /* keep pidfile open & locked forever */ return 0; } + +bool is_daemonized(void) +{ + return daemonize; +} diff --git a/qemu-os-posix.h b/qemu-os-posix.h index 8e1149d964..7f198e475c 100644 --- a/qemu-os-posix.h +++ b/qemu-os-posix.h @@ -46,4 +46,6 @@ typedef struct timeval qemu_timeval; typedef struct timespec qemu_timespec; int qemu_utimens(const char *path, const qemu_timespec *times); +bool is_daemonized(void); + #endif diff --git a/qemu-os-win32.h b/qemu-os-win32.h index 753679b194..b3e451b719 100644 --- a/qemu-os-win32.h +++ b/qemu-os-win32.h @@ -86,4 +86,9 @@ typedef struct { } qemu_timeval; int qemu_gettimeofday(qemu_timeval *tp); +static inline bool is_daemonized(void) +{ + return false; +} + #endif diff --git a/vl.c b/vl.c index 7c577fa544..48049ef0b6 100644 --- a/vl.c +++ b/vl.c @@ -3657,7 +3657,9 @@ int main(int argc, char **argv, char **envp) break; #if defined(CONFIG_CURSES) case DT_CURSES: - curses_display_init(ds, full_screen); + if (!is_daemonized()) { + curses_display_init(ds, full_screen); + } break; #endif #if defined(CONFIG_SDL) -- cgit v1.2.3 From c10600af60865ba6c60987be313102ebb5fcee57 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Mon, 17 Sep 2012 11:10:03 +0200 Subject: TextConsole: saturate escape parameter in TTY_STATE_CSI Signed-off-by: Laszlo Ersek Reviewed-by: Markus Armbruster Signed-off-by: Stefan Hajnoczi --- console.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/console.c b/console.c index a8bcc42fe4..3f3d2547bf 100644 --- a/console.c +++ b/console.c @@ -938,8 +938,11 @@ static void console_putchar(TextConsole *s, int ch) case TTY_STATE_CSI: /* handle escape sequence parameters */ if (ch >= '0' && ch <= '9') { if (s->nb_esc_params < MAX_ESC_PARAMS) { - s->esc_params[s->nb_esc_params] = - s->esc_params[s->nb_esc_params] * 10 + ch - '0'; + int *param = &s->esc_params[s->nb_esc_params]; + int digit = (ch - '0'); + + *param = (*param <= (INT_MAX - digit) / 10) ? + *param * 10 + digit : INT_MAX; } } else { if (s->nb_esc_params < MAX_ESC_PARAMS) -- cgit v1.2.3 From 144b97c26cdef7fecd62dae2db6ce312cd493751 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Wed, 19 Sep 2012 15:52:44 +0200 Subject: qemu-timer: simplify qemu_run_timers ptimer_head is an invariant pointer to clock->active_timers. Remove it, and just reference clock->active_timers directly. Signed-off-by: Paolo Bonzini Signed-off-by: Stefan Hajnoczi --- qemu-timer.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/qemu-timer.c b/qemu-timer.c index c7a1551a36..908a1030b6 100644 --- a/qemu-timer.c +++ b/qemu-timer.c @@ -372,21 +372,20 @@ bool qemu_timer_expired(QEMUTimer *timer_head, int64_t current_time) void qemu_run_timers(QEMUClock *clock) { - QEMUTimer **ptimer_head, *ts; + QEMUTimer *ts; int64_t current_time; if (!clock->enabled) return; current_time = qemu_get_clock_ns(clock); - ptimer_head = &clock->active_timers; for(;;) { - ts = *ptimer_head; + ts = clock->active_timers; if (!qemu_timer_expired_ns(ts, current_time)) { break; } /* remove timer from the list before calling the callback */ - *ptimer_head = ts->next; + clock->active_timers = ts->next; ts->next = NULL; /* run the callback (the timer list can be modified) */ -- cgit v1.2.3 From ad11ad77748bdd8016370db210751683dc038dd6 Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Tue, 4 Sep 2012 22:14:19 +0200 Subject: linux-user: Remove redundant null check and replace free by g_free Report from smatch: linux-user/syscall.c:3632 do_ioctl_dm(220) info: redundant null check on big_buf calling free() 'big_buf' was allocated by g_malloc0, therefore free was also replaced by g_free. Signed-off-by: Stefan Weil Reviewed-by: Peter Maydell Signed-off-by: Stefan Hajnoczi --- linux-user/syscall.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 6257a04d0a..471d0605f7 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -3628,9 +3628,7 @@ static abi_long do_ioctl_dm(const IOCTLEntry *ie, uint8_t *buf_temp, int fd, unlock_user(argptr, arg, target_size); } out: - if (big_buf) { - free(big_buf); - } + g_free(big_buf); return ret; } -- cgit v1.2.3 From 73062dfe6be0050dbd43ce3516e935ebb2545add Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Sat, 22 Sep 2012 21:13:28 +0200 Subject: net/socket: Fix compiler warning (regression for MinGW) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit 213fd5087e2e4e2da10ad266df0ba950cf7618bf removed a type cast which is needed for MinGW: net/socket.c:136: warning: pointer targets in passing argument 2 of ‘sendto’ differ in signedness /usr/lib/gcc/amd64-mingw32msvc/4.4.4/../../../../amd64-mingw32msvc/include/winsock2.h:1313: note: expected ‘const char *’ but argument is of type ‘const uint8_t *’ Add a 'qemu_sendto' macro which provides that type cast where needed and use the new macro instead of 'sendto'. Signed-off-by: Stefan Weil Signed-off-by: Stefan Hajnoczi --- net/socket.c | 6 +++--- qemu-common.h | 5 +++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/net/socket.c b/net/socket.c index 5e0c92e062..f3d7878264 100644 --- a/net/socket.c +++ b/net/socket.c @@ -131,9 +131,9 @@ static ssize_t net_socket_receive_dgram(NetClientState *nc, const uint8_t *buf, ssize_t ret; do { - ret = sendto(s->fd, buf, size, 0, - (struct sockaddr *)&s->dgram_dst, - sizeof(s->dgram_dst)); + ret = qemu_sendto(s->fd, buf, size, 0, + (struct sockaddr *)&s->dgram_dst, + sizeof(s->dgram_dst)); } while (ret == -1 && errno == EINTR); if (ret == -1 && errno == EAGAIN) { diff --git a/qemu-common.h b/qemu-common.h index e5c2bcd204..15d9e4ed71 100644 --- a/qemu-common.h +++ b/qemu-common.h @@ -223,9 +223,14 @@ int qemu_pipe(int pipefd[2]); #endif #ifdef _WIN32 +/* MinGW needs a type cast for the 'buf' argument. */ #define qemu_recv(sockfd, buf, len, flags) recv(sockfd, (void *)buf, len, flags) +#define qemu_sendto(sockfd, buf, len, flags, destaddr, addrlen) \ + sendto(sockfd, (const void *)buf, len, flags, destaddr, addrlen) #else #define qemu_recv(sockfd, buf, len, flags) recv(sockfd, buf, len, flags) +#define qemu_sendto(sockfd, buf, len, flags, destaddr, addrlen) \ + sendto(sockfd, buf, len, flags, destaddr, addrlen) #endif /* Error handling. */ -- cgit v1.2.3 From 95df51a4a02a853af8828c281bce2d4f2a41d6fd Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Wed, 22 Aug 2012 21:42:32 +0200 Subject: w32: Always use standard instead of native format strings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit GLib 2.0 include files use __printf__ for the format attribute which resolves to native format strings on w32 hosts. QEMU wants standard format strings instead of native format strings, so we simply change any declaration with __printf__ to use __gnu_printf__. This works because all basic printf functions support both kinds of format strings. This fixes a compiler warning: qapi/string-output-visitor.c: In function ‘print_type_int’: qapi/string-output-visitor.c:34:5: warning: unknown conversion type character ‘l’ in format [-Wformat] qapi/string-output-visitor.c:34:5: warning: too many arguments for format [-Wformat-extra-args] Signed-off-by: Stefan Weil Signed-off-by: Stefan Hajnoczi --- compiler.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/compiler.h b/compiler.h index 07ba1f8113..c734a71c67 100644 --- a/compiler.h +++ b/compiler.h @@ -44,6 +44,11 @@ /* Use gnu_printf when supported (qemu uses standard format strings). */ # define GCC_ATTR __attribute__((__unused__, format(gnu_printf, 1, 2))) # define GCC_FMT_ATTR(n, m) __attribute__((format(gnu_printf, n, m))) +# if defined(_WIN32) + /* Map __printf__ to __gnu_printf__ because we want standard format strings + * even when MinGW or GLib include files use __printf__. */ +# define __printf__ __gnu_printf__ +# endif # endif #if defined(_WIN32) #define GCC_WEAK __attribute__((weak)) -- cgit v1.2.3