summaryrefslogtreecommitdiffstats
path: root/contrib
Commit message (Collapse)AuthorAgeFilesLines
* plugins/cache: make L2 emulation optional through argsMahmoud Mandour2021-11-041-22/+54
| | | | | | | | | | | | By default L2 is not enabled and is enabled by either using the newly-introduced "l2" boolean argument, or by setting any of the L2 cache parameters using args. On specifying "l2=on", the default cache configuration is used. Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210810134844.166490-5-ma.mandourr@gmail.com> Message-Id: <20211026102234.3961636-17-alex.bennee@linaro.org>
* plugins/cache: split command line arguments into name and valueMahmoud Mandour2021-11-041-27/+30
| | | | | | | | | | This way of handling args is more lenient and sets a better framework to parse boolean command line arguments. Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210810134844.166490-4-ma.mandourr@gmail.com> Message-Id: <20211026102234.3961636-16-alex.bennee@linaro.org>
* plugins/cache: implement unified L2 cache emulationMahmoud Mandour2021-11-041-81/+175
| | | | | | | | | | | | | | | | | | | | | | | | | | | This adds an implementation of a simple L2 configuration, in which a unified L2 cache (stores both blocks of instructions and data) is maintained for each core separately, with no inter-core interaction taken in account. The L2 cache is used as a backup for L1 and is only accessed if the wanted block does not exist in L1. In terms of multi-threaded user-space emulation, the same approximation of L1 is done, a static number of caches is maintained, and each and every memory access initiated by a thread will have to go through one of the available caches. An atomic increment is used to maintain the number of L2 misses per instruction. The default cache parameters of L2 caches is: 2MB cache size 16-way associativity 64-byte blocks Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210810134844.166490-3-ma.mandourr@gmail.com> Message-Id: <20211026102234.3961636-15-alex.bennee@linaro.org>
* plugins/cache: freed heap-allocated mutexesMahmoud Mandour2021-11-041-0/+3
| | | | | | | | | Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210810134844.166490-2-ma.mandourr@gmail.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20211026102234.3961636-14-alex.bennee@linaro.org>
* elf2dmp: Fail cleanly if PDB file specifies zero block_sizePeter Maydell2021-09-201-0/+4
| | | | | | | | | | | | | | | | Coverity points out that if the PDB file we're trying to read has a header specifying a block_size of zero then we will end up trying to divide by zero in pdb_ds_read_file(). Check for this and fail cleanly instead. Fixes: Coverity CID 1458869 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Viktor Prutyanov <viktor.prutyanov@phystech.edu> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Viktor Prutyanov <viktor.prutyanov@phystech.edu> Message-id: 20210910170656.366592-3-philmd@redhat.com Message-Id: <20210901143910.17112-3-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
* elf2dmp: Check curl_easy_setopt() return valuePeter Maydell2021-09-201-12/+10Star
| | | | | | | | | | | | | Coverity points out that we aren't checking the return value from curl_easy_setopt(). Fixes: Coverity CID 1458895 Inspired-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Viktor Prutyanov <viktor.prutyanov@phystech.edu> Tested-by: Viktor Prutyanov <viktor.prutyanov@phystech.edu> Message-id: 20210910170656.366592-2-philmd@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* configure / meson: Move the GBM handling to meson.buildThomas Huth2021-09-061-3/+2Star
| | | | | | | | | | | | | | The GBM library detection does not need to be in the configure script, since it does not have any user-facing options (there are no --enable-gbm or --disable-gbm switches). Let's move it to meson.build instead, so we don't have to clutter config-host.mak with the related switches. Additionally, only check for GBM if it is really required, i.e. if we either compile with OpenGL or with virglrenderer support. Message-Id: <20210714085045.797168-1-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
* plugins/howvec: adapting to the new argument passing schemeMahmoud Mandour2021-09-021-8/+19
| | | | | | | | | | | | | | | Correctly parsing plugin argument since they now must be provided as full-form boolean parameters, e.g.: -plugin ./contrib/plugins/libhowvec.so,verbose=on,inline=on Also, introduced the argument "count" that accepts one opt to count individually at a time. Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210730135817.17816-8-ma.mandourr@gmail.com>
* plugins/hwprofile: adapt to the new plugin arguments schemeMahmoud Mandour2021-09-021-12/+27
| | | | | | | | | | | | | | Parsing boolean arguments correctly (e.g. pattern=on or source=false). Introduced a new "track" argument that takes a [read|write] value. This substitutes passing read or write to "arg=" that is deprecated. Also, matches are now taken one by one through the "match" argument. Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210730135817.17816-7-ma.mandourr@gmail.com>
* plugins/lockstep: make socket path not positional & parse bool argMahmoud Mandour2021-09-021-9/+22
| | | | | | | Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210730135817.17816-6-ma.mandourr@gmail.com>
* plugins/hotblocks: Added correct boolean argument parsingMahmoud Mandour2021-09-021-2/+12
| | | | | | | Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210730135817.17816-5-ma.mandourr@gmail.com>
* plugins/hotpages: introduce sortby arg and parsed bool args correctlyMahmoud Mandour2021-09-021-10/+20
| | | | | | | | | | | | | Since plugin arguments now expect boolean arguments, a plugin argument name "sortby" now expects a value of "read", "write", or "address". "io" arg is now expected to be passed as a full-form boolean parameter, i.e. "io=on|true|yes|off|false|no" Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210730135817.17816-4-ma.mandourr@gmail.com>
* plugins/cache: supported multicore cache modellingMahmoud Mandour2021-09-021-44/+132
| | | | | | | | | | | | | | | | | | | | Multicore L1 cache modelling is introduced and is supported for both full system emulation and linux-user. For full-system emulation, L1 icache and dcache are maintained for each available core, since this information is exposed to the plugin through `qemu_plugin_n_vcpus()`. For linux-user, a static number of cores is assumed (default 1 core, and can be provided as a plugin argument `cores=N`). Every memory access goes through one of these caches, this approach is taken as it's somewhat akin to what happens on real setup, where a program that dispatches more threads than the available cores, they'll thrash each other Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Message-Id: <20210803151301.123581-2-ma.mandourr@gmail.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
* plugins/execlog: removed unintended "s" at the end of log lines.Mahmoud Mandour2021-09-021-1/+1
| | | | | | | | Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210803151428.125323-1-ma.mandourr@gmail.com> Message-Id: <20210806141015.2487502-2-alex.bennee@linaro.org> Cc: qemu-stable@nongnu.org
* plugins/cache: Fixed "function decl. is not a prototype" warningsMahmoud Mandour2021-07-231-3/+3
| | | | | | | | | Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210714172151.8494-7-ma.mandourr@gmail.com> Message-Id: <20210720232703.10650-24-alex.bennee@linaro.org>
* plugins/cache: limited the scope of a mutex lockMahmoud Mandour2021-07-231-2/+1Star
| | | | | | | | | | | It's not necessary to lock the address translation portion of the vcpu_mem_access callback. Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210714172151.8494-3-ma.mandourr@gmail.com> Message-Id: <20210720232703.10650-23-alex.bennee@linaro.org>
* plugins/cache: Fixed a bug with destroying FIFO metadataMahmoud Mandour2021-07-231-1/+1
| | | | | | | | | | | | This manifests itself when associativity degree is greater than the number of sets and FIFO is used, otherwise it's also a memory leak whenever FIFO was used. Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210714172151.8494-2-ma.mandourr@gmail.com> Message-Id: <20210720232703.10650-22-alex.bennee@linaro.org>
* contrib/gitdm: add more individual contributor entries.Alex Bennée2021-07-232-0/+6
| | | | | | | | | | Also ensure Li's canonical gmail address is used. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Acked-by: Li Qiang <liq3ea@gmail.com> Acked-by: Chetan Pant <chetan4windows@gmail.com> Acked-by: Akihiko Odaki <akihiko.odaki@gmail.com> Message-Id: <20210720232703.10650-20-alex.bennee@linaro.org>
* contrib/gitdm: add a new interns group-map for GSoC/Outreachy workAlex Bennée2021-07-231-0/+13
| | | | | | | | | | | It makes sense to put our various interns in a group so we can see the overall impact of GSoC and Outreachy on the project. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Mahmoud Mandour <ma.mandourr@gmail.com> Cc: Ahmed Karaman <ahmedkhaledkaraman@gmail.com> Cc: César Belley <cesar.belley@lse.epita.fr> Message-Id: <20210720232703.10650-19-alex.bennee@linaro.org>
* contrib/gitdm: add an explicit academic entry for BUAlex Bennée2021-07-231-0/+3
| | | | | | | | | For some reason Alexander's contributions were not getting grouped from the plain "edu" mapping. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20210720232703.10650-18-alex.bennee@linaro.org>
* contrib/gitdm: add group-map for NetflixAlex Bennée2021-07-231-0/+5
| | | | | | | | Warner confirmed he works for Netflix on IRC. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com> Message-Id: <20210720232703.10650-17-alex.bennee@linaro.org>
* contrib/gitdm: add domain-map for NVIDIAAlex Bennée2021-07-231-0/+1
| | | | | | | Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Kirti Wankhede <kwankhede@nvidia.com> Cc: Yishai Hadas <yishaih@nvidia.com> Message-Id: <20210720232703.10650-16-alex.bennee@linaro.org>
* contrib/gitdm: add domain-map for CrudebyteAlex Bennée2021-07-231-0/+1
| | | | | | Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Message-Id: <20210720232703.10650-15-alex.bennee@linaro.org>
* contrib/gitdm: un-ironically add a mapping for LWNAlex Bennée2021-07-231-0/+1
| | | | | | | | | I think this mainly comes from kernel-doc stuff imported into the QEMU tree. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Cc: Jonathan Corbet <corbet@lwn.net> Message-Id: <20210720232703.10650-14-alex.bennee@linaro.org>
* contrib/gitdm: add domain-map/group-map for Wind RiverAlex Bennée2021-07-232-0/+2
| | | | | | | | | | | | | As per discussion at: http://patchwork.ozlabs.org/project/qemu-devel/patch/20201004180443.2035359-19-f4bug@amsat.org/ I've added Bin's personal email as an individual contributor. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Acked-by: Bin Meng <bin.meng@windriver.com> Cc: Ruimei Yan <ruimei.yan@windriver.com> Cc: Xuzhou Cheng <xuzhou.cheng@windriver.com> Message-Id: <20210720232703.10650-13-alex.bennee@linaro.org>
* contrib/gitdm: add domain-map for EldoradoAlex Bennée2021-07-231-0/+1
| | | | | | | | | | Luis acked on IRC: #qemu@znc-oftc_2021-07-13.txt:[15:00:02] <lffpires> stsquad: "eldorado.org.br Eldorado" is fine Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Acked-by: Luis Pires <luis.pires@eldorado.org.br> Message-Id: <20210720232703.10650-12-alex.bennee@linaro.org>
* contrib/gitdm: add domain-map/group-map mappings for SamsungAlex Bennée2021-07-232-0/+2
| | | | | | | | | | | Minwoo's work from their personal address are treated as personal contributions. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Acked-by: Klaus Jensen <k.jensen@samsung.com> Cc: Gollu Appalanaidu <anaidu.gollu@samsung.com> Cc: Minwoo Im <minwoo.im.dev@gmail.com> Message-Id: <20210720232703.10650-11-alex.bennee@linaro.org>
* contrib/gitdm: add a group mapping for robot scannersAlex Bennée2021-07-231-0/+7
| | | | | | | This mostly affects Reported-by: tags Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210720232703.10650-9-alex.bennee@linaro.org>
* contrib/gitdm: add domain-map for MontaVistaAlex Bennée2021-07-231-0/+1
| | | | | | Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Acked-by: Corey Minyard <cminyard@mvista.com> Message-Id: <20210720232703.10650-8-alex.bennee@linaro.org>
* contrib/gitdm: add some new aliases to fix up commitsAlex Bennée2021-07-231-0/+3
| | | | | | | Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Cc: Yuval Shaia <yuval.shaia.ml@gmail.com> Message-Id: <20210720232703.10650-6-alex.bennee@linaro.org>
* plugins/cache: Added FIFO and LRU eviction policiesMahmoud Mandour2021-07-141-13/+190
| | | | | | | | | | | Implemented FIFO and LRU eviction policies. Now one of the three eviction policies can be chosen as an argument. On not specifying an argument, LRU is used by default. Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210623125458.450462-4-ma.mandourr@gmail.com> Message-Id: <20210709143005.1554-39-alex.bennee@linaro.org>
* plugins/cache: Enable cache parameterizationMahmoud Mandour2021-07-141-1/+46
| | | | | | | | | | Enabled configuring both icache and dcache parameters using plugin parameters. Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210623125458.450462-3-ma.mandourr@gmail.com> Message-Id: <20210709143005.1554-38-alex.bennee@linaro.org>
* plugins: Added a new cache modelling pluginMahmoud Mandour2021-07-142-0/+420
| | | | | | | | | | | | | Added a cache modelling plugin that uses a static configuration used in many of the commercial microprocessors and uses random eviction policy. The purpose of the plugin is to identify the most cache-thrashing instructions for both instruction cache and data cache. Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210623125458.450462-2-ma.mandourr@gmail.com> Message-Id: <20210709143005.1554-37-alex.bennee@linaro.org>
* contrib/plugins: add execlog to log instruction execution and memory accessAlexandre Iooss2021-07-142-0/+154
| | | | | | | | | | | | Log instruction execution and memory access to a file. This plugin can be used for reverse engineering or for side-channel analysis using QEMU. Signed-off-by: Alexandre Iooss <erdnaxe@crans.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210702081307.1653644-2-erdnaxe@crans.org> Message-Id: <20210709143005.1554-35-alex.bennee@linaro.org>
* contrib/plugins: enable -Wall for building pluginsAlex Bennée2021-07-141-1/+1
| | | | | | | | | Lets spot the obvious errors. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210709143005.1554-34-alex.bennee@linaro.org>
* meson: fix missing preprocessor symbolsPaolo Bonzini2021-07-091-1/+1
| | | | | | | | | | | | | | | | | | While most libraries do not need a CONFIG_* symbol because the "when:" clauses are enough, some do. Add them back or stop using them if possible. In the case of libpmem, the statement to add the CONFIG_* symbol was still in configure, but could not be triggered because it checked for "no" instead of "disabled" (and it would be wrong anyway since the test for the library has not been done yet). Reported-by: Li Zhijian <lizhijian@cn.fujitsu.com> Fixes: 587d59d6cc ("configure, meson: convert virgl detection to meson", 2021-07-06) Fixes: 83ef16821a ("configure, meson: convert libdaxctl detection to meson", 2021-07-06) Fixes: e36e8c70f6 ("configure, meson: convert libpmem detection to meson", 2021-07-06) Fixes: 53c22b68e3 ("configure, meson: convert liburing detection to meson", 2021-07-06) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* vhost-user-gpu: reorder free calls.Gerd Hoffmann2021-06-151-1/+1
| | | | | | | | | | | Free in correct order to avoid use-after-free. Resolves: CID 1453812 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Li Qiang <liq3ea@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210604103714.1237414-1-kraxel@redhat.com>
* vhost-user-gpu: abstract vg_cleanup_mapping_iovLi Qiang2021-05-273-9/+26
| | | | | | | | | | | | | | Currently in vhost-user-gpu, we free resource directly in the cleanup case of resource. If we change the cleanup logic we need to change several places, also abstruct a 'vg_create_mapping_iov' can be symmetry with the 'vg_create_mapping_iov'. This is like what virtio-gpu does, no function changed. Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210516030403.107723-9-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (CVE-2021-3546)Li Qiang2021-05-271-0/+4
| | | | | | | | | | | | | | | | | If 'virgl_cmd_get_capset' set 'max_size' to 0, the 'virgl_renderer_fill_caps' will write the data after the 'resp'. This patch avoid this by checking the returned 'max_size'. virtio-gpu fix: abd7f08b23 ("display: virtio-gpu-3d: check virgl capabilities max_size") Fixes: CVE-2021-3546 Reported-by: Li Qiang <liq3ea@163.com> Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210516030403.107723-8-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' ↵Li Qiang2021-05-271-1/+4
| | | | | | | | | | | | | | | | | (CVE-2021-3544) If 'virgl_renderer_resource_attach_iov' failed, the 'res_iovs' will be leaked. Fixes: CVE-2021-3544 Reported-by: Li Qiang <liq3ea@163.com> virtio-gpu fix: 33243031da ("virtio-gpu-3d: fix memory leak in resource attach backing") Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210516030403.107723-7-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (CVE-2021-3544)Li Qiang2021-05-271-0/+7
| | | | | | | | | | | | | | | | | | | | The 'res->iov' will be leaked if the guest trigger following sequences: virgl_cmd_create_resource_2d virgl_resource_attach_backing virgl_cmd_resource_unref This patch fixes this. Fixes: CVE-2021-3544 Reported-by: Li Qiang <liq3ea@163.com> virtio-gpu fix: 5e8e3c4c75 ("virtio-gpu: fix resource leak in virgl_cmd_resource_unref" Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210516030403.107723-6-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' ↵Li Qiang2021-05-271-0/+1
| | | | | | | | | | | | | | | | | | | | | | | (CVE-2021-3544) If the guest trigger following sequences, the attach_backing will be leaked: vg_resource_create_2d vg_resource_attach_backing vg_resource_unref This patch fix this by freeing 'res->iov' in vg_resource_destroy. Fixes: CVE-2021-3544 Reported-by: Li Qiang <liq3ea@163.com> virtio-gpu fix: 5e8e3c4c75 ("virtio-gpu: fix resource leak in virgl_cmd_resource_unref") Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210516030403.107723-5-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* vhost-user-gpu: fix memory leak in vg_resource_attach_backing (CVE-2021-3544)Li Qiang2021-05-271-0/+5
| | | | | | | | | | | | | | | Check whether the 'res' has already been attach_backing to avoid memory leak. Fixes: CVE-2021-3544 Reported-by: Li Qiang <liq3ea@163.com> virtio-gpu fix: 204f01b309 ("virtio-gpu: fix memory leak in resource attach backing") Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210516030403.107723-4-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (CVE-2021-3544)Li Qiang2021-05-271-0/+1
| | | | | | | | | | | | Call 'vugbm_buffer_destroy' in error path to avoid resource leak. Fixes: CVE-2021-3544 Reported-by: Li Qiang <liq3ea@163.com> Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210516030403.107723-3-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info ↵Li Qiang2021-05-271-0/+1
| | | | | | | | | | | | | | | | (CVE-2021-3545) Otherwise some of the 'resp' will be leaked to guest. Fixes: CVE-2021-3545 Reported-by: Li Qiang <liq3ea@163.com> virtio-gpu fix: 42a8dadc74 ("virtio-gpu: fix information leak in getting capset info dispatch") Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210516030403.107723-2-liq3ea@163.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* Fix build with 64 bits time_tFabrice Fontaine2021-05-141-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | time element is deprecated on new input_event structure in kernel's input.h [1] This will avoid the following build failure: hw/input/virtio-input-host.c: In function 'virtio_input_host_handle_status': hw/input/virtio-input-host.c:198:28: error: 'struct input_event' has no member named 'time' 198 | if (gettimeofday(&evdev.time, NULL)) { | ^ Fixes: - http://autobuild.buildroot.org/results/a538167e288c14208d557cd45446df86d3d599d5 - http://autobuild.buildroot.org/results/efd4474fb4b6c0ce0ab3838ce130429c51e43bbb [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=152194fe9c3f Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Message-Id: <20201203195819.583626-1-fontaine.fabrice@gmail.com> Fixes: https://gitlab.com/qemu-project/qemu/-/issues/246 Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* vhost-user-gpu: fix cursor move/updateMarc-André Lureau2021-03-261-6/+12
| | | | | | | | | | | "move" is incorrectly initialized. Fix it by using a switch statement and also treating unknown commands with a fallback. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210312100108.2706195-5-marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* vhost-user-gpu: fix vugbm_device_init fallbackMarc-André Lureau2021-03-263-30/+22Star
| | | | | | | | | | | | | vugbm implements GBM device wrapping, udmabuf and memory fallback. However, the fallback/detection logic is flawed, as if "/dev/udmabuf" failed to be opened, it will not initialize vugbm and crash later. Rework the vugbm_device_init() logic to initialize correctly in all cases. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210312100108.2706195-4-marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* vhost-user-gpu: glFlush before notifying clientsMarc-André Lureau2021-03-262-1/+4
| | | | | | | | | | For similar reasons as commit 3af1671852 ("spice: flush on GL update before notifying client"), vhost-user-gpu must ensure the GL state is flushed before sharing its rendering result. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210312100108.2706195-3-marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* contrib: ivshmem client and server build fix for SunOS.David CARLIER2021-03-202-12/+12
| | | | | | | | | | sun is a macro on these systems, thus renaming the variables on the client and server. Signed-off-by: David Carlier <devnexen@gmail.com> Message-Id: <CA+XhMqzHPG5ezqY-YxbA+tMoadA3VDFWBX8_LaLC5YsQOMrz+A@mail.gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>