[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 00f426: display: ensure qxl log_buf is a nul
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] 00f426: display: ensure qxl log_buf is a nul terminated st... |
|
Date: |
Thu, 31 Jan 2019 04:52:16 -0800 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 00f426974367a660d5228418b9b5843d969f4ac6
https://github.com/qemu/qemu/commit/00f426974367a660d5228418b9b5843d969f4ac6
Author: Daniel P. Berrangé <address@hidden>
Date: 2019-01-24 (Thu, 24 Jan 2019)
Changed paths:
M hw/display/qxl.c
M hw/display/trace-events
Log Message:
-----------
display: ensure qxl log_buf is a nul terminated string
The QXL_IO_LOG command allows the guest to send log messages to the host
via a buffer in the QXLRam struct. QEMU prints these to the console if
the qxl 'guestdebug' option is set to non-zero. It will also feed them
to the trace subsystem if any backends are built-in.
In both cases the log_buf data will get treated as being as a nul
terminated string, by the printf '%s' format specifier and / or other
code reading the buffer.
QEMU does nothing to guarantee that the log_buf really is nul terminated,
so there is potential for out of bounds array access.
This would affect any QEMU which has the log, syslog or ftrace trace
backends built into QEMU. It can only be triggered if the 'qxl_io_log'
trace event is enabled, however, so they are not vulnerable without
specific administrative action to enable this.
It would also affect QEMU if the 'guestdebug' parameter is set to a
non-zero value, which again is not the default and requires explicit
admin opt-in.
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrangé <address@hidden>
Message-id: address@hidden
Signed-off-by: Stefan Hajnoczi <address@hidden>
Commit: 77606363094332415995db7e09ed532b8903fdb3
https://github.com/qemu/qemu/commit/77606363094332415995db7e09ed532b8903fdb3
Author: Daniel P. Berrangé <address@hidden>
Date: 2019-01-24 (Thu, 24 Jan 2019)
Changed paths:
M hw/gpio/trace-events
M scripts/tracetool/__init__.py
Log Message:
-----------
trace: enforce that every trace-events file has a final newline
When generating the trace-events-all file, the build system simply
concatenates all the individual trace-events files. If any one of those
files does not have a final newline, the printf format string will have
the contents of the first line of the next file appended to it, which is
usually a '#' comment.
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Signed-off-by: Daniel P. Berrangé <address@hidden>
Message-id: address@hidden
Signed-off-by: Stefan Hajnoczi <address@hidden>
Commit: 772f1b3721ac138b69c525cb2186b6d72ed200e1
https://github.com/qemu/qemu/commit/772f1b3721ac138b69c525cb2186b6d72ed200e1
Author: Daniel P. Berrangé <address@hidden>
Date: 2019-01-24 (Thu, 24 Jan 2019)
Changed paths:
M hw/vfio/pci.c
M hw/vfio/trace-events
M scripts/tracetool/__init__.py
Log Message:
-----------
trace: forbid use of %m in trace event format strings
The '%m' format instructs glibc's printf()/syslog() implementation to
insert the contents of strerror(errno). Since this is a glibc extension
it should generally be avoided in QEMU due to need for portability to a
variety of platforms.
Even though vfio is Linux-only code that could otherwise use "%m", it
must still be avoided in trace-events files because several of the
backends do not use the format string and so this error information is
invisible to them.
The errno string value should be given as an explicit trace argument
instead, making it accessible to all backends. This also allows it to
work correctly with future patches that use the format string with
systemtap's simple printf code.
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrangé <address@hidden>
Message-id: address@hidden
Signed-off-by: Stefan Hajnoczi <address@hidden>
Commit: 62dd1048c0bd628d5811d22cbfbdbf7053b2c5bf
https://github.com/qemu/qemu/commit/62dd1048c0bd628d5811d22cbfbdbf7053b2c5bf
Author: Daniel P. Berrangé <address@hidden>
Date: 2019-01-24 (Thu, 24 Jan 2019)
Changed paths:
M MAINTAINERS
M Makefile
M Makefile.target
M docs/devel/tracing.txt
A scripts/qemu-trace-stap
A scripts/qemu-trace-stap.texi
A scripts/tracetool/format/log_stap.py
Log Message:
-----------
trace: add ability to do simple printf logging via systemtap
The dtrace systemtap trace backend for QEMU is very powerful but it is
also somewhat unfriendly to users who aren't familiar with systemtap,
or who don't need its power right now.
stap -e "....some strange script...."
The 'log' backend for QEMU by comparison is very crude but incredibly
easy to use:
$ qemu -d trace:qio* ...some args...
address@hidden:qio_channel_socket_new Socket new ioc=0x563a8a39d400
address@hidden:qio_task_new Task new task=0x563a891d0570 source=0x563a8a39d400
func=0x563a86f1e6c0 opaque=0x563a89078000
address@hidden:qio_task_thread_start Task thread start task=0x563a891d0570
worker=0x563a86f1ce50 opaque=0x563a891d9d90
address@hidden:qio_task_thread_run Task thread run task=0x563a891d0570
address@hidden:qio_channel_socket_connect_sync Socket connect sync
ioc=0x563a8a39d400 addr=0x563a891d9d90
address@hidden:qio_channel_socket_connect_fail Socket connect fail
ioc=0x563a8a39d400
This commit introduces a way to do simple printf style logging of probe
points using systemtap. In particular it creates another set of tapsets,
one per emulator:
/usr/share/systemtap/tapset/qemu-*-log.stp
These pre-define probe functions which simply call printf() on their
arguments. The printf() format string is taken from the normal
trace-events files, with a little munging to the format specifiers
to cope with systemtap's more restrictive syntax.
With this you can now do
$ stap -e 'probe qemu.system.x86_64.log.qio*{}'
address@hidden qio_channel_socket_new Socket new ioc=0x56135d1d7c00
address@hidden qio_task_new Task new task=0x56135cd66eb0 source=0x56135d1d7c00
func=0x56135af746c0 opaque=0x56135bf06400
address@hidden qio_task_thread_start Task thread start task=0x56135cd66eb0
worker=0x56135af72e50 opaque=0x56135c071d70
address@hidden qio_task_thread_run Task thread run task=0x56135cd66eb0
We go one step further though and introduce a 'qemu-trace-stap' tool to
make this even easier
$ qemu-trace-stap run qemu-system-x86_64 'qio*'
address@hidden qio_channel_socket_new Socket new ioc=0x56135d1d7c00
address@hidden qio_task_new Task new task=0x56135cd66eb0 source=0x56135d1d7c00
func=0x56135af746c0 opaque=0x56135bf06400
address@hidden qio_task_thread_start Task thread start task=0x56135cd66eb0
worker=0x56135af72e50 opaque=0x56135c071d70
address@hidden qio_task_thread_run Task thread run task=0x56135cd66eb0
This tool is clever in that it will automatically change the
SYSTEMTAP_TAPSET env variable to point to the directory containing the
right set of probes for the QEMU binary path you give it. This is useful
if you have QEMU installed in /usr but are trying to test and trace a
binary in /home/berrange/usr/qemu-git. In that case you'd do
$ qemu-trace-stap run /home/berrange/usr/qemu-git/bin/qemu-system-x86_64 'qio*'
And it'll make sure /home/berrange/usr/qemu-git/share/systemtap/tapset
is used for the trace session
The 'qemu-trace-stap' script takes a verbose arg so you can understand
what it is running
$ qemu-trace-stap run /home/berrange/usr/qemu-git/bin/qemu-system-x86_64 'qio*'
Using tapset dir '/home/berrange/usr/qemu-git/share/systemtap/tapset' for
binary '/home/berrange/usr/qemu-git/bin/qemu-system-x86_64'
Compiling script 'probe qemu.system.x86_64.log.qio* {}'
Running script, <Ctrl>-c to quit
...trace output...
It can enable multiple probes at once
$ qemu-trace-stap run qemu-system-x86_64 'qio*' 'qcrypto*' 'buffer*'
By default it monitors all existing running processes and all future
launched proceses. This can be restricted to a specific PID using the
--pid arg
$ qemu-trace-stap run --pid 2532 qemu-system-x86_64 'qio*'
Finally if you can't remember what probes are valid it can tell you
$ qemu-trace-stap list qemu-system-x86_64
ahci_check_irq
ahci_cmd_done
ahci_dma_prepare_buf
ahci_dma_prepare_buf_fail
ahci_dma_rw_buf
ahci_irq_lower
...snip...
Or list just those matching a prefix pattern
$ qemu-trace-stap list -v qemu-system-x86_64 'qio*'
Using tapset dir '/home/berrange/usr/qemu-git/share/systemtap/tapset' for
binary '/home/berrange/usr/qemu-git/bin/qemu-system-x86_64'
Listing probes with name 'qemu.system.x86_64.log.qio*'
qio_channel_command_abort
qio_channel_command_new_pid
qio_channel_command_new_spawn
qio_channel_command_wait
qio_channel_file_new_fd
...snip...
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrangé <address@hidden>
Message-id: address@hidden
Signed-off-by: Stefan Hajnoczi <address@hidden>
Commit: ff12e3ae3d052e11538c40a2b92d9b6db3b5520b
https://github.com/qemu/qemu/commit/ff12e3ae3d052e11538c40a2b92d9b6db3b5520b
Author: Vladimir Sementsov-Ogievskiy <address@hidden>
Date: 2019-01-25 (Fri, 25 Jan 2019)
Changed paths:
M trace-events
M vl.c
Log Message:
-----------
trace: improve runstate tracing
Trace previous state, move tracepoint to runstate_set start (to cover
all cases for debugging), add string representations of traced states.
Signed-off-by: Vladimir Sementsov-Ogievskiy <address@hidden>
Message-id: address@hidden
Signed-off-by: Stefan Hajnoczi <address@hidden>
Commit: 57b7bdf426445d8356171135308dfe6d7d5fb612
https://github.com/qemu/qemu/commit/57b7bdf426445d8356171135308dfe6d7d5fb612
Author: Stefan Hajnoczi <address@hidden>
Date: 2019-01-30 (Wed, 30 Jan 2019)
Changed paths:
M Makefile
Log Message:
-----------
trace: rerun tracetool after ./configure changes
Autogenerated code in trace.h/trace.c and friends is specific to the
config-host.mak TRACE_BACKENDS setting and must be regenerated when
./configure --enable-trace-backend= changes settings.
This patch ensures that changes to TRACE_BACKENDS are detected. For
example, the trace-root.h file is now updated after switching trace
backends:
$ ./configure && make
$ cp trace-root.h /tmp/old-trace-root.h
$ ./configure --enable-trace-backend=simple && make
$ diff -u /tmp/old-trace-root.h trace-root.h
Reported-by: Christophe Lyon <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Daniel P. Berrangé <address@hidden>
Message-id: address@hidden
Signed-off-by: Stefan Hajnoczi <address@hidden>
Commit: 460da1005d90beaab09f34a802976c0539d30587
https://github.com/qemu/qemu/commit/460da1005d90beaab09f34a802976c0539d30587
Author: Peter Maydell <address@hidden>
Date: 2019-01-31 (Thu, 31 Jan 2019)
Changed paths:
M MAINTAINERS
M Makefile
M Makefile.target
M docs/devel/tracing.txt
M hw/display/qxl.c
M hw/display/trace-events
M hw/gpio/trace-events
M hw/vfio/pci.c
M hw/vfio/trace-events
A scripts/qemu-trace-stap
A scripts/qemu-trace-stap.texi
M scripts/tracetool/__init__.py
A scripts/tracetool/format/log_stap.py
M trace-events
M vl.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request'
into staging
Pull request
User-visible changes:
* The new qemu-trace-stap script makes it convenient to collect traces without
writing SystemTap scripts. See "man qemu-trace-stap" for details.
# gpg: Signature made Wed 30 Jan 2019 03:17:57 GMT
# gpg: using RSA key 9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <address@hidden>" [full]
# gpg: aka "Stefan Hajnoczi <address@hidden>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha/tags/tracing-pull-request:
trace: rerun tracetool after ./configure changes
trace: improve runstate tracing
trace: add ability to do simple printf logging via systemtap
trace: forbid use of %m in trace event format strings
trace: enforce that every trace-events file has a final newline
display: ensure qxl log_buf is a nul terminated string
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/006dce5f8fd2...460da1005d90
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 00f426: display: ensure qxl log_buf is a nul terminated st...,
Peter Maydell <=