[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 3541cd: usb-mtp: fix string length for filena
From: |
Peter Maydell |
Subject: |
[Qemu-commits] [qemu/qemu] 3541cd: usb-mtp: fix string length for filename when writi... |
Date: |
Fri, 03 May 2019 06:56:24 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 3541cd48f32233dd0c0766a3f342e3fd64b04381
https://github.com/qemu/qemu/commit/3541cd48f32233dd0c0766a3f342e3fd64b04381
Author: Daniel P. Berrangé <address@hidden>
Date: 2019-05-02 (Thu, 02 May 2019)
Changed paths:
M hw/usb/dev-mtp.c
Log Message:
-----------
usb-mtp: fix string length for filename when writing metadata
The ObjectInfo 'length' field provides the length of the
wide character string filename. This is then converted to
a multi-byte character string. This may have a different
byte count to the wide character string. We should use the
C string length of the multi-byte string instead.
Signed-off-by: Daniel P. Berrangé <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 1259f27ec2113d34e54ee731aac5990d9606d9fa
https://github.com/qemu/qemu/commit/1259f27ec2113d34e54ee731aac5990d9606d9fa
Author: Daniel P. Berrangé <address@hidden>
Date: 2019-05-02 (Thu, 02 May 2019)
Changed paths:
M hw/usb/dev-mtp.c
Log Message:
-----------
usb-mtp: fix alignment of access of ObjectInfo filename field
The ObjectInfo struct's "filename" field is following a uint8_t
field in a packed struct and thus has bad alignment for a 16-bit
field. Switch the field to to uint8_t and use the helper function
for accessing unaligned 16-bit data.
Note that although the MTP spec specifies big endian, when transported
over the USB protocol, data is little endian.
Signed-off-by: Daniel P. Berrangé <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 83c44b44d406326117ca2f040bae8d7de97b9c8e
https://github.com/qemu/qemu/commit/83c44b44d406326117ca2f040bae8d7de97b9c8e
Author: Bandan Das <address@hidden>
Date: 2019-05-02 (Thu, 02 May 2019)
Changed paths:
M hw/usb/dev-mtp.c
Log Message:
-----------
usb-mtp: change default to success for usb_mtp_update_object
Commit c5ead51f90cf (usb-mtp: return incomplete transfer on a lstat
failure) checks if lstat succeeded when updating attributes of a
file. However, it also changed behavior to return an error by
default. This is incorrect because for smaller file sizes, Qemu
will attempt to write the file in one go and there won't be
an object for it.
Fixes: c5ead51f90cf
Signed-off-by: Bandan Das <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 0a076730adf469918d5d1cfdf9d740c6928208a4
https://github.com/qemu/qemu/commit/0a076730adf469918d5d1cfdf9d740c6928208a4
Author: Longpeng <address@hidden>
Date: 2019-05-02 (Thu, 02 May 2019)
Changed paths:
M hw/usb/hcd-xhci.c
Log Message:
-----------
usb/xhci: avoid trigger assertion if guest write wrong epid
we found the following core in our environment:
0 0x00007fc6b06c2237 in raise ()
1 0x00007fc6b06c3928 in abort ()
2 0x00007fc6b06bb056 in __assert_fail_base ()
3 0x00007fc6b06bb102 in __assert_fail ()
4 0x0000000000702e36 in xhci_kick_ep (...)
5 0x000000000047897a in memory_region_write_accessor (...)
6 0x000000000047767f in access_with_adjusted_size (...)
7 0x000000000047944d in memory_region_dispatch_write (...)
(address@hidden, address@hidden, data=1648892416,
address@hidden, address@hidden)
8 0x000000000042df17 in address_space_write_continue (...)
10 0x000000000043084d in address_space_rw (...)
11 0x000000000047451b in kvm_cpu_exec (address@hidden)
12 0x000000000045dcf5 in qemu_kvm_cpu_thread_fn (arg=0x1ab11b0)
13 0x0000000000870631 in qemu_thread_start (address@hidden)
14 0x00000000008959a7 in thread_entry_for_hotfix (pthread_cb=<optimized out>)
15 0x00007fc6b0a60dd5 in start_thread ()
16 0x00007fc6b078a59d in clone ()
(gdb) f 5
5 0x000000000047897a in memory_region_write_accessor (...)
529 mr->ops->write(mr->opaque, addr, tmp, size);
(gdb) p /x tmp
$9 = 0x62481a00 <-- last byte 0x00 is @epid
xhci_doorbell_write() already check the upper bound of @slotid an @epid,
it also need to check the lower bound.
Cc: Gonglei <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Signed-off-by: Longpeng <address@hidden>
Tested-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
[ kraxel: fixed typo in subject line ]
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 72e0c127bd692660c087ba7fcbe9d50032c8debd
https://github.com/qemu/qemu/commit/72e0c127bd692660c087ba7fcbe9d50032c8debd
Author: Thomas Huth <address@hidden>
Date: 2019-05-02 (Thu, 02 May 2019)
Changed paths:
M hw/usb/hcd-ohci.c
Log Message:
-----------
hw/usb/hcd-ohci: Do not use PCI functions with sysbus devices in ohci_die()
The ohci_die() function always assumes to be running with a PCI OHCI
controller and calls the PCI-specific functions pci_set_word(). However,
this function might also get called for the sysbus OHCI devices, so it
likely fails in that case. To fix this issue, change the code now, so that
there are two implementations now, one for sysbus and one for PCI, and
use the right function via a function pointer in the OHCIState structure.
Signed-off-by: Thomas Huth <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Tested-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 34d97308f6d54d1f329267952533d25e6c8928ff
https://github.com/qemu/qemu/commit/34d97308f6d54d1f329267952533d25e6c8928ff
Author: Thomas Huth <address@hidden>
Date: 2019-05-02 (Thu, 02 May 2019)
Changed paths:
M hw/sh4/Kconfig
M hw/usb/Kconfig
M hw/usb/Makefile.objs
A hw/usb/hcd-ohci-pci.c
M hw/usb/hcd-ohci.c
A hw/usb/hcd-ohci.h
Log Message:
-----------
hw/usb/hcd-ohci: Move PCI-related code into a separate file
Some machines (like the pxa2xx-based ARM machines) only have a sysbus
OHCI controller, but no PCI. With the new Kconfig-style build system,
it will soon be possible to create QEMU binaries that only contain
such PCI-less machines. However, the two OHCI controllers, for sysbus
and for PCI, are currently both located in one file, so the PCI code
is still required for linking here. Move the OHCI-PCI device code
into a separate file, so that it is possible to use the sysbus OHCI
device also without the PCI dependency.
Signed-off-by: Thomas Huth <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Tested-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: ccb799313a5926a6aa49018bbc67fe6165fad7f3
https://github.com/qemu/qemu/commit/ccb799313a5926a6aa49018bbc67fe6165fad7f3
Author: Daniel P. Berrangé <address@hidden>
Date: 2019-05-03 (Fri, 03 May 2019)
Changed paths:
M hw/usb/hcd-xhci.c
Log Message:
-----------
hw/usb: avoid format truncation warning when formatting port name
hw/usb/hcd-xhci.c: In function ‘usb_xhci_realize’:
hw/usb/hcd-xhci.c:3339:66: warning: ‘%d’ directive output may be truncated
writing between 1 and 10 bytes into a region of size 5 [-Wformat-trunca\
tion=]
3339 | snprintf(port->name, sizeof(port->name), "usb2 port #%d",
i+1);
| ^~
hw/usb/hcd-xhci.c:3339:54: note: directive argument in the range [1, 2147483647]
3339 | snprintf(port->name, sizeof(port->name), "usb2 port #%d",
i+1);
| ^~~~~~~~~~~~~~~
The xhci code formats the port name into a fixed length
buffer which is only large enough to hold port numbers
upto 5 digits in decimal representation. We're never
going to have a port number that large, so aserting the
port number is sensible is sufficient to tell GCC the
formatted string won't be truncated.
Signed-off-by: Daniel P. Berrangé <address@hidden>
Message-Id: <address@hidden>
[ kraxel: also s/int/unsigned int/ to tell gcc they can't
go negative. ]
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: c58f3911b282e14991d540394e82a4be547466e5
https://github.com/qemu/qemu/commit/c58f3911b282e14991d540394e82a4be547466e5
Author: Peter Maydell <address@hidden>
Date: 2019-05-03 (Fri, 03 May 2019)
Changed paths:
M hw/sh4/Kconfig
M hw/usb/Kconfig
M hw/usb/Makefile.objs
M hw/usb/dev-mtp.c
A hw/usb/hcd-ohci-pci.c
M hw/usb/hcd-ohci.c
A hw/usb/hcd-ohci.h
M hw/usb/hcd-xhci.c
Log Message:
-----------
Merge remote-tracking branch
'remotes/kraxel/tags/usb-20190503-v2-pull-request' into staging
usb: bugfixes for mtp and xhci, split ohci-pci.
# gpg: Signature made Fri 03 May 2019 07:59:39 BST
# gpg: using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>" [full]
# gpg: aka "Gerd Hoffmann <address@hidden>" [full]
# gpg: aka "Gerd Hoffmann (private) <address@hidden>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* remotes/kraxel/tags/usb-20190503-v2-pull-request:
hw/usb: avoid format truncation warning when formatting port name
hw/usb/hcd-ohci: Move PCI-related code into a separate file
hw/usb/hcd-ohci: Do not use PCI functions with sysbus devices in ohci_die()
usb/xhci: avoid trigger assertion if guest write wrong epid
usb-mtp: change default to success for usb_mtp_update_object
usb-mtp: fix alignment of access of ObjectInfo filename field
usb-mtp: fix string length for filename when writing metadata
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/51138751827f...c58f3911b282
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 3541cd: usb-mtp: fix string length for filename when writi...,
Peter Maydell <=