- 20 7月, 2016 19 次提交
-
-
由 Eric Blake 提交于
There's enough drivers with a sector-based callback that it will be easier to switch one at a time. This patch adds a byte-based callback, and then after all drivers are swapped, we'll drop the sector-based callback. [checkpatch doesn't like the space after coroutine_fn in block_int.h, but it's consistent with the rest of the file] Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1468624988-423-10-git-send-email-eblake@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Eric Blake 提交于
Another step towards byte-based interfaces everywhere. Replace the sector-based driver callback .bdrv_aio_discard() with a new byte-based .bdrv_aio_pdiscard(). Only raw-posix and RBD drivers are affected, so it was not worth splitting into multiple patches. Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1468624988-423-9-git-send-email-eblake@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Eric Blake 提交于
The internal function converts to byte-based before calling into RBD code; hoist the conversion to the callers so that callers can then be switched to byte-based themselves. Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1468624988-423-8-git-send-email-eblake@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Eric Blake 提交于
The only remaining uses of paio_submit() were flush (with no offset or count) and discard (which we are switching to byte-based); furthermore, the similarly named paio_submit_co() is already byte-based. Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1468624988-423-7-git-send-email-eblake@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Eric Blake 提交于
Change sector-based blk_discard(), blk_co_discard(), and blk_aio_discard() to instead be byte-based blk_pdiscard(), blk_co_pdiscard(), and blk_aio_pdiscard(). NBD gets a lot simpler now that ignoring the unaligned portion of a byte-based discard request is handled under the hood by the block layer. Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1468624988-423-6-git-send-email-eblake@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Eric Blake 提交于
Another step towards byte-based interfaces everywhere. Replace the sector-based bdrv_aio_discard() with a new byte-based bdrv_aio_pdiscard(), which silently ignores any unaligned head or tail. Driver callbacks will be converted in followup patches. Signed-off-by: NEric Blake <eblake@redhat.com> Message-id: 1468624988-423-5-git-send-email-eblake@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Eric Blake 提交于
BlockRequest is the internal struct used by bdrv_aio_*. At the moment, all such calls were sector-based, but we will eventually convert to byte-based; start by changing the internal variables to be byte-based. No change to behavior, although the read and write code can now go byte-based through more of the stack. Signed-off-by: NEric Blake <eblake@redhat.com> Message-id: 1468624988-423-4-git-send-email-eblake@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Eric Blake 提交于
Another step towards byte-based interfaces everywhere. Replace the sector-based bdrv_discard() with a new byte-based bdrv_pdiscard(), which silently ignores any unaligned head or tail. Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1468624988-423-3-git-send-email-eblake@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Eric Blake 提交于
Another step towards byte-based interfaces everywhere. Replace the sector-based bdrv_co_discard() with a new byte-based bdrv_co_pdiscard(), which silently ignores any unaligned head or tail. Driver callbacks will be converted in followup patches. By calculating the alignment outside of the loop, and clamping the max discard to an aligned value, we can simplify the actions done within the loop. Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1468624988-423-2-git-send-email-eblake@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Eric Blake 提交于
Now that the block layer honors max_request, we don't need to bother with an EINVAL on overlarge requests, but can instead assert that requests are well-behaved. Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NFam Zheng <famz@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Acked-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1468607524-19021-7-git-send-email-eblake@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Eric Blake 提交于
Now that NBD relies on the block layer to fragment things, we no longer need to track an offset argument for which fragment of a request we are actually servicing. While at it, use true and false instead of 0 and 1 for a bool parameter. Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NFam Zheng <famz@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Acked-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1468607524-19021-6-git-send-email-eblake@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Eric Blake 提交于
Now that the block layer will honor max_transfer, we can simplify our code to rely on that guarantee. The readv code can call directly into nbd-client, just as the writev code has done since commit 52a46505. Interestingly enough, while qemu-io 'w 0 40m' splits into a 32M and 8M transaction, 'w -z 0 40m' splits into two 16M and an 8M, because the block layer caps the bounce buffer for writing zeroes at 16M. When we later introduce support for NBD_CMD_WRITE_ZEROES, we can get a full 32M zero write (or larger, if the client and server negotiate that write zeroes can use a larger size than ordinary writes). Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NFam Zheng <famz@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Acked-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1468607524-19021-5-git-send-email-eblake@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Eric Blake 提交于
Drivers should be able to rely on the block layer honoring the max transfer length, rather than needing to return -EINVAL (iscsi) or manually fragment things (nbd). We already fragment write zeroes at the block layer; this patch adds the fragmentation for normal writes, after requests have been aligned (fragmenting before alignment would lead to multiple unaligned requests, rather than just the head and tail). When fragmenting a large request where FUA was requested, but where we know that FUA is implemented by flushing all requests rather than the given request, then we can still get by with only one flush. Note, however, that we need a followup patch to the raw format driver to avoid a regression in the number of flushes actually issued. The return value was previously nebulous on success (sometimes zero, sometimes the length written); since we never have a short write, and since fragmenting may store yet another positive value in 'ret', change the function to always return 0 on success, matching what we do in bdrv_aligned_preadv(). Signed-off-by: NEric Blake <eblake@redhat.com> Message-id: 1468607524-19021-4-git-send-email-eblake@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Eric Blake 提交于
The raw format layer supports all flags via passthrough - but it only makes sense to pass through flags that the lower layer actually supports. The next patch gives stronger reasoning for why this is correct. At the moment, the raw format layer ignores the max_transfer limit of its protocol layer, and an attempt to do the qemu-io 'w -f 0 40m' to an NBD server that lacks FUA will pass the entire 40m request to the NBD driver, which then fragments the request itself into a 32m write, 8m write, and flush. But once the block layer starts honoring limits and fragmenting packets, the raw driver will hand the NBD driver two separate requests; if both requests have BDRV_REQ_FUA set, then this would result in a 32m write, flush, 8m write, and second flush. By having the raw layer no longer advertise FUA support when the protocol layer lacks it, we are back to a single flush at the block layer for the overall 40m request. Note that 'w -f -z 0 40m' does not currently exhibit the same problem, because there, the fragmentation does not occur until at the NBD layer (the raw layer has .bdrv_co_pwrite_zeroes, and the NBD layer doesn't advertise max_pwrite_zeroes to constrain things at the raw layer) - but the problem is latent and we would again have too many flushes without this patch once the NBD layer implements support for the new NBD_CMD_WRITE_ZEROES command, if it sets max_pwrite_zeroes to the same 32m limit as recommended by the NBD protocol. Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NFam Zheng <famz@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1468607524-19021-3-git-send-email-eblake@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Eric Blake 提交于
Drivers should be able to rely on the block layer honoring the max transfer length, rather than needing to return -EINVAL (iscsi) or manually fragment things (nbd). This patch adds the fragmentation in the block layer, after requests have been aligned (fragmenting before alignment would lead to multiple unaligned requests, rather than just the head and tail). The return value was previously nebulous on success on whether it was zero or the length read; and fragmenting may introduce yet other non-zero values if we use the last length read. But as at least some callers are sloppy and expect only zero on success, it is easiest to just guarantee 0. [Fix uninitialized ret local variable in bdrv_aligned_preadv(). --Stefan] Signed-off-by: NEric Blake <eblake@redhat.com> Message-id: 1468607524-19021-2-git-send-email-eblake@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Peter Maydell 提交于
target-arm queue: * fix two minor Coverity complaints # gpg: Signature made Tue 19 Jul 2016 18:02:34 BST # gpg: using RSA key 0x3C2525ED14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" # gpg: aka "Peter Maydell <pmaydell@gmail.com>" # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20160719: arm_gicv3: Add assert()s to tell Coverity that offsets are aligned target-arm: Fix unreachable code in gicv3_class_name() Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
linux-user fixes before 2.7 freeze, fix commit message # gpg: Signature made Tue 19 Jul 2016 14:18:54 BST # gpg: using RSA key 0xB44890DEDE3C9BC0 # gpg: Good signature from "Riku Voipio <riku.voipio@iki.fi>" # gpg: aka "Riku Voipio <riku.voipio@linaro.org>" # Primary key fingerprint: FF82 03C8 C391 98AE 0581 41EF B448 90DE DE3C 9BC0 * remotes/riku/tags/pull-linux-user-20160719-2: linux-user: AArch64 has sync_file_range, not sync_file_range2 linux-user: Fix type for SIOCATMARK ioctl linux-user: define missing sparc syscalls linux-user: Fix terminal control ioctls linux-user: Add some new blk ioctls linux-user: Handle short lengths in host_to_target_sockaddr() linux-user: Forget about synchronous signal once it is delivered linux-user: Correct type for LOOP_GET_STATUS{,64} ioctls linux-user: Correct type for BLKSSZGET linux-user: Add loop control ioctls linux-user: Check sigsetsize argument to syscalls linux-user: add nested netlink types linux-user: convert sockaddr_ll from host to target linux-user: add fd_trans helper in do_recvfrom() linux-user: fix netlink memory corruption linux-user: fd_trans_*_data() returns the length Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Coverity complains that the GICR_IPRIORITYR case in gicv3_readl() can overflow an array, because it doesn't know that the offsets passed to that function must be word aligned. Add some assert()s which hopefully tell Coverity that this isn't possible. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Message-id: 1468261372-17508-1-git-send-email-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
Coverity complains that the exit() in gicv3_class_name() can be unreachable, because if TARGET_AARCH64 is defined then all code paths return before reaching it. Move the exit() up to the error_report() that it belongs with. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NShannon Zhao <shannon.zhao@linaro.org> Message-id: 1468260552-8400-1-git-send-email-peter.maydell@linaro.org
-
- 19 7月, 2016 21 次提交
-
-
由 Peter Maydell 提交于
disas/bfd.h defines ATTRIBUTE_UNUSED, but unfortunately the ALSA system headers also define this macro, which means that you can get a compilation failure if building with ALSA and any files happen to include the alsa headers before bfd.h rather than the other way around. This is unfortunate namespace pollution by the ALSA headers but we can work around it. Add an #ifndef guard to bfd.h and remove the unnecessary extra definition in disas/arm.c to fix this. Reported-by: NBALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1468937076-21503-1-git-send-email-peter.maydell@linaro.org
-
由 Peter Maydell 提交于
* two old patches from prospective GSoC students * i386 -kernel device tree support * Coverity fix * memory usage improvement from Peter * checkpatch fix * g_path_get_dirname cleanup * caching of block status for iSCSI # gpg: Signature made Tue 19 Jul 2016 07:43:41 BST # gpg: using RSA key 0xBFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: target-i386: Remove redundant HF_SOFTMMU_MASK block/iscsi: allow caching of the allocation map block/iscsi: fix rounding in iscsi_allocationmap_set Move README to markdown cpu-exec: Move down some declarations in cpu_exec() exec: avoid realloc in phys_map_node_reserve checkpatch: consider git extended headers valid patches megasas: remove useless check for cmd->frame compiler: never omit assertions if using a static analysis tool hw/i386: add device tree support Changed malloc to g_malloc, free to g_free in bsd-user/qemu.h use g_path_get_dirname instead of dirname Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Make IRC a little less noisy # gpg: Signature made Mon 18 Jul 2016 16:42:57 BST # gpg: using RSA key 0xFBD0DB095A9E2A44 # gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" # Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44 * remotes/stsquad/tags/pull-travis-20160718-1: .travis.yml: Disable IRC build status updates from forks Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
The AArch64 Linux ABI syscall 84 is sync_file_range, not sync_file_range2 (in the kernel it uses the asm-generic headers and does not define __ARCH_WANT_SYNC_FILE_RANGE2). Update our TARGET_NR_* definitions accordingly. This fixes the sync_file_range syscall which otherwise gets its arguments in the wrong order. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>
-
由 Peter Maydell 提交于
The SIOCATMARK ioctl takes an argument which should be a pointer to an integer where the kernel will write the result. We were incorrectly declaring it as TYPE_NULL which would mean it would always fail (with EFAULT) when it should succeed. Correct the type. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>
-
由 Laurent Vivier 提交于
NR_lookup_dcookie, NR_fadvise64, NR_fadvise64_64 Signed-off-by: NLaurent Vivier <laurent@vivier.eu> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>
-
由 Timothy Pearson 提交于
TIOCGPTN and related terminal control ioctls were not converted to the guest ioctl format on x86_64 targets. Convert these ioctls to enable terminal functionality on x86_64 guests. Signed-off-by: NTimothy Pearson <tpearson@raptorengineering.com> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>
-
由 Peter Maydell 提交于
vnc: bugfixes for -rc0 # gpg: Signature made Tue 19 Jul 2016 08:27:05 BST # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/pull-vnc-20160719-1: vnc-tight: fix regression with libxenstore vnc-enc-tight: fix off-by-one bug vnc: make sure we finish disconnect Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Update OpenBIOS images # gpg: Signature made Tue 19 Jul 2016 07:42:30 BST # gpg: using RSA key 0x5BC2C56FAE0F321F # gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" # Primary key fingerprint: CC62 1AB9 8E82 200D 915C C9C4 5BC2 C56F AE0F 321F * remotes/mcayland/tags/qemu-openbios-signed: Update OpenBIOS images to e79bca6 built from submodule. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Add some new blk ioctls (these are 0x12,119 through to 0x12,127). Several of these are used by mke2fs; this silences the warnings: mke2fs 1.42.12 (29-Aug-2014) Unsupported ioctl: cmd=0x127b Unsupported ioctl: cmd=0x127a warning: Unable to get device geometry for /dev/loop5 Unsupported ioctl: cmd=0x127c Unsupported ioctl: cmd=0x127c Unsupported ioctl: cmd=0x1277 Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>
-
由 Peter Maydell 提交于
If userspace specifies a short buffer for a target sockaddr, the kernel will only copy in as much as it has space for (or none at all if the length is zero) -- see the kernel move_addr_to_user() function. Mimic this in QEMU's host_to_target_sockaddr() routine. In particular, this fixes a segfault running the LTP recvfrom01 test, where the guest makes a recvfrom() call with a bad buffer pointer and other parameters which cause the kernel to set the addrlen to zero; because we did not skip the attempt to swap the sa_family field we segfaulted on the bad address. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>
-
由 Peter Maydell 提交于
Commit 655ed67c which switched synchronous signals to benig recorded in ts->sync_signal rather than in a queue with every other signal had a bug: we failed to clear the flag indicating that a synchronous signal was pending when we delivered it. This meant that we would take the signal again and again every time the guest made a syscall. (This is a bug introduced in my refactoring of Timothy Baldwin's original code.) Fix this by passing in the struct emulated_sigtable* to handle_pending_signal(), so that we clear the pending flag in the ts->sync_signal struct when handling a synchronous signal. Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>
-
由 Peter Maydell 提交于
The LOOP_GET_STATUS and LOOP_GET_STATUS64 ioctls were incorrectly defined as IOC_W rather than IOC_R, which meant we weren't correctly copying the information back from the kernel to the guest. The loop_info64 structure definition was also missing a member and using the wrong type for several 32-bit fields. In particular, this meant that "kpartx -d image.img" didn't work and "losetup -a" behaved strangely. Correct the ioctl type definitions. Reported-by: NChanho Park <chanho61.park@samsung.com> Reviewed-by: NLaurent Vivier <laurent@vivier.eu> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>
-
由 Peter Maydell 提交于
The BLKSSZGET ioctl takes an argument which is a pointer to an int. We were incorrectly declaring it to take a pointer to a long, which meant that we would incorrectly write to memory which we should not if the guest is a 64-bit architecture. In particular, kpartx uses this ioctl to write to an int on the stack, which tends to result in it crashing immediately. Reported-by: NChanho Park <chanho61.park@samsung.com> Reviewed-by: NLaurent Vivier <laurent@vivier.eu> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>
-
由 Peter Maydell 提交于
Add support for the /dev/loop-control ioctls: LOOP_CTL_ADD LOOP_CTL_REMOVE LOOP_CTL_GET_FREE [RV: fixed to apply to new header guards] Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NLaurent Vivier <laurent@vivier.eu> Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>
-
由 Peter Maydell 提交于
Many syscalls which take a sigset_t argument also take an argument giving the size of the sigset_t. The kernel insists that this matches its idea of the type size and fails EINVAL if it is not. Implement this logic in QEMU. (This mostly just means some LTP test cases which check error cases now pass.) Signed-off-by: NPeter Maydell <peter.maydell@linaro.org> Signed-off-by: NRiku Voipio <riku.voipio@linaro.org> Reviewed-by: NLaurent Vivier <laurent@vivier.eu>
-
由 Laurent Vivier 提交于
Nested types are used by the kernel to send link information and protocol properties. We can see following errors with "ip link show": Unimplemented nested type 26 Unimplemented nested type 26 Unimplemented nested type 18 Unimplemented nested type 26 Unimplemented nested type 18 Unimplemented nested type 26 This patch implements nested types 18 (IFLA_LINKINFO) and 26 (IFLA_AF_SPEC). Signed-off-by: NLaurent Vivier <laurent@vivier.eu> Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>
-
由 Laurent Vivier 提交于
As we convert sockaddr for AF_PACKET family for sendto() (target to host) we need also to convert this for getsockname() (host to target). arping uses getsockname() to get the the interface address and uses this address with sendto(). Tested with: /sbin/arping -D -q -c2 -I eno1 192.168.122.88 ... getsockname(3, {sa_family=AF_PACKET, proto=0x806, if2, pkttype=PACKET_HOST, addr(6)={1, 10c37b6b9a76}, [18]) = 0 ... sendto(3, "..." 28, 0, {sa_family=AF_PACKET, proto=0x806, if2, pkttype=PACKET_HOST, addr(6)={1, ffffffffffff}, 20) = 28 ... Signed-off-by: NLaurent Vivier <laurent@vivier.eu> Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>
-
由 Laurent Vivier 提交于
Fix passwd using netlink audit. Signed-off-by: NLaurent Vivier <laurent@vivier.eu> Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>
-
由 Laurent Vivier 提交于
Netlink is byte-swapping data in the guest memory (it's bad). It's ok when the data come from the host as they are generated by the host. But it doesn't work when data come from the guest: the guest can try to reuse these data whereas they have been byte-swapped. This is what happens in glibc: glibc generates a sequence number in nlh.nlmsg_seq and calls sendto() with this nlh. In sendto(), we byte-swap nlmsg.seq. Later, after the recvmsg(), glibc compares nlh.nlmsg_seq with sequence number given in return, and of course it fails (hangs), because nlh.nlmsg_seq is not valid anymore. The involved code in glibc is: sysdeps/unix/sysv/linux/check_pf.c:make_request() ... req.nlh.nlmsg_seq = time (NULL); ... if (TEMP_FAILURE_RETRY (__sendto (fd, (void *) &req, sizeof (req), 0, (struct sockaddr *) &nladdr, sizeof (nladdr))) < 0) <here req.nlh.nlmsg_seq has been byte-swapped> ... do { ... ssize_t read_len = TEMP_FAILURE_RETRY (__recvmsg (fd, &msg, 0)); ... struct nlmsghdr *nlmh; for (nlmh = (struct nlmsghdr *) buf; NLMSG_OK (nlmh, (size_t) read_len); nlmh = (struct nlmsghdr *) NLMSG_NEXT (nlmh, read_len)) { <we compare nlmh->nlmsg_seq with corrupted req.nlh.nlmsg_seq> if (nladdr.nl_pid != 0 || (pid_t) nlmh->nlmsg_pid != pid || nlmh->nlmsg_seq != req.nlh.nlmsg_seq) continue; ... else if (nlmh->nlmsg_type == NLMSG_DONE) /* We found the end, leave the loop. */ done = true; } } while (! done); As we have a continue on "nlmh->nlmsg_seq != req.nlh.nlmsg_seq", "done" cannot be set to "true" and we have an infinite loop. It's why commands like "apt-get update" or "dnf update hangs". Signed-off-by: NLaurent Vivier <laurent@vivier.eu> Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>
-
由 Laurent Vivier 提交于
fd_trans_target_to_host_data() and fd_trans_host_to_target_data() must return the length of processed data. Signed-off-by: NLaurent Vivier <laurent@vivier.eu> Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>
-