summaryrefslogtreecommitdiffstats
path: root/hw/usb/dev-mtp.c
Commit message (Collapse)AuthorAgeFilesLines
* Use OBJECT_DECLARE_SIMPLE_TYPE when possibleEduardo Habkost2020-09-181-2/+1Star
| | | | | | | | | | | | | This converts existing DECLARE_INSTANCE_CHECKER usage to OBJECT_DECLARE_SIMPLE_TYPE when possible. $ ./scripts/codeconverter/converter.py -i \ --pattern=AddObjectDeclareSimpleType $(git grep -l '' -- '*.[ch]') Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Acked-by: Paul Durrant <paul@xen.org> Message-Id: <20200916182519.415636-6-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
* Use DECLARE_*CHECKER* macrosEduardo Habkost2020-09-091-1/+2
| | | | | | | | | | | | | | | Generated using: $ ./scripts/codeconverter/converter.py -i \ --pattern=TypeCheckMacro $(git grep -l '' -- '*.[ch]') Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Message-Id: <20200831210740.126168-12-ehabkost@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Message-Id: <20200831210740.126168-13-ehabkost@redhat.com> Message-Id: <20200831210740.126168-14-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
* Move QOM typedefs and add missing includesEduardo Habkost2020-09-091-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some typedefs and macros are defined after the type check macros. This makes it difficult to automatically replace their definitions with OBJECT_DECLARE_TYPE. Patch generated using: $ ./scripts/codeconverter/converter.py -i \ --pattern=QOMStructTypedefSplit $(git grep -l '' -- '*.[ch]') which will split "typdef struct { ... } TypedefName" declarations. Followed by: $ ./scripts/codeconverter/converter.py -i --pattern=MoveSymbols \ $(git grep -l '' -- '*.[ch]') which will: - move the typedefs and #defines above the type check macros - add missing #include "qom/object.h" lines if necessary Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Message-Id: <20200831210740.126168-9-ehabkost@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Message-Id: <20200831210740.126168-10-ehabkost@redhat.com> Message-Id: <20200831210740.126168-11-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
* usb/dev-mtp: Fix Error double free after inotify failureMarkus Armbruster2020-07-021-2/+0Star
| | | | | | | | | | | | | error_report_err() frees its first argument. Freeing it again is wrong. Don't. Fixes: 47287c27d0c367a89f7b2851e23a7f8b2d499dd6 Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Daniel P. Berrangé <berrange@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20200630090351.1247703-7-armbru@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
* error: Use error_reportf_err() where appropriateMarkus Armbruster2020-05-271-4/+5
| | | | | | | | | | | | | | | | | Replace error_report("...: %s", ..., error_get_pretty(err)); by error_reportf_err(err, "...: ", ...); One of the replaced messages lacked a colon. Add it. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200505101908.6207-6-armbru@redhat.com>
* qdev: set properties with device_class_set_props()Marc-André Lureau2020-01-241-1/+1
| | | | | | | | | | | | | | | | | | | | | The following patch will need to handle properties registration during class_init time. Let's use a device_class_set_props() setter. spatch --macro-file scripts/cocci-macro-file.h --sp-file ./scripts/coccinelle/qdev-set-props.cocci --keep-comments --in-place --dir . @@ typedef DeviceClass; DeviceClass *d; expression val; @@ - d->props = val + device_class_set_props(d, val) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20200110153039.1379601-20-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* usb-mtp: add sanity checks on rootdirBandan Das2019-08-291-14/+24
| | | | | | | | | | | | Currently, we don't check if rootdir exists and is accessible. Furthermore, a trailing slash results in a null "desc" string which ends up in the share not visible in the guest. Add some simple sanity checks for appropriate permissions. Also, bail out if the user does not supply an absolute path. Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: jpga7bto3on.fsf@linux.bootlegged.copy Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* Include hw/qdev-properties.h lessMarkus Armbruster2019-08-161-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | In my "build everything" tree, changing hw/qdev-properties.h triggers a recompile of some 2700 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). Many places including hw/qdev-properties.h (directly or via hw/qdev.h) actually need only hw/qdev-core.h. Include hw/qdev-core.h there instead. hw/qdev.h is actually pointless: all it does is include hw/qdev-core.h and hw/qdev-properties.h, which in turn includes hw/qdev-core.h. Replace the remaining uses of hw/qdev.h by hw/qdev-properties.h. While there, delete a few superfluous inclusions of hw/qdev-core.h. Touching hw/qdev-properties.h now recompiles some 1200 objects. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: "Daniel P. Berrangé" <berrange@redhat.com> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20190812052359.30071-22-armbru@redhat.com>
* Include migration/vmstate.h lessMarkus Armbruster2019-08-161-0/+1
| | | | | | | | | | | | | | | | | | In my "build everything" tree, changing migration/vmstate.h triggers a recompile of some 2700 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). hw/hw.h supposedly includes it for convenience. Several other headers include it just to get VMStateDescription. The previous commit made that unnecessary. Include migration/vmstate.h only where it's still needed. Touching it now recompiles only some 1600 objects. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20190812052359.30071-16-armbru@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
* Include qemu-common.h exactly where neededMarkus Armbruster2019-06-121-0/+1
| | | | | | | | | | | | | | | | No header includes qemu-common.h after this commit, as prescribed by qemu-common.h's file comment. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190523143508.25387-5-armbru@redhat.com> [Rebased with conflicts resolved automatically, except for include/hw/arm/xlnx-zynqmp.h hw/arm/nrf51_soc.c hw/arm/msf2-soc.c block/qcow2-refcount.c block/qcow2-cluster.c block/qcow2-cache.c target/arm/cpu.h target/lm32/cpu.h target/m68k/cpu.h target/mips/cpu.h target/moxie/cpu.h target/nios2/cpu.h target/openrisc/cpu.h target/riscv/cpu.h target/tilegx/cpu.h target/tricore/cpu.h target/unicore32/cpu.h target/xtensa/cpu.h; bsd-user/main.c and net/tap-bsd.c fixed up]
* Include qemu/module.h where needed, drop it from qemu-common.hMarkus Armbruster2019-06-121-1/+1
| | | | | | | | | Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190523143508.25387-4-armbru@redhat.com> [Rebased with conflicts resolved automatically, except for hw/usb/dev-hub.c hw/misc/exynos4210_rng.c hw/misc/bcm2835_rng.c hw/misc/aspeed_scu.c hw/display/virtio-vga.c hw/arm/stm32f205_soc.c; ui/cocoa.m fixed up]
* usb-mtp: refactor the flow of usb_mtp_write_dataBandan Das2019-06-071-27/+30
| | | | | | | | | There's no functional change but the flow is (hopefully) more consistent for both file and folder object types. Signed-off-by: Bandan Das <bsd@redhat.com> Message-Id: <20190401211712.19012-4-bsd@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb-mtp: change default to success for usb_mtp_update_objectBandan Das2019-05-021-1/+1
| | | | | | | | | | | | | | Commit c5ead51f90cf (usb-mtp: return incomplete transfer on a lstat failure) checks if lstat succeeded when updating attributes of a file. However, it also changed behavior to return an error by default. This is incorrect because for smaller file sizes, Qemu will attempt to write the file in one go and there won't be an object for it. Fixes: c5ead51f90cf Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: jpgwojv9pwv.fsf@linux.bootlegged.copy Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb-mtp: fix alignment of access of ObjectInfo filename fieldDaniel P. Berrangé2019-05-021-3/+3
| | | | | | | | | | | | | | The ObjectInfo struct's "filename" field is following a uint8_t field in a packed struct and thus has bad alignment for a 16-bit field. Switch the field to to uint8_t and use the helper function for accessing unaligned 16-bit data. Note that although the MTP spec specifies big endian, when transported over the USB protocol, data is little endian. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-id: 20190415154503.6758-4-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb-mtp: fix string length for filename when writing metadataDaniel P. Berrangé2019-05-021-1/+1
| | | | | | | | | | | | The ObjectInfo 'length' field provides the length of the wide character string filename. This is then converted to a multi-byte character string. This may have a different byte count to the wide character string. We should use the C string length of the multi-byte string instead. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-id: 20190415154503.6758-2-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb-mtp: fix bounds check for guest provided filenameDaniel P. Berrangé2019-04-161-2/+9
| | | | | | | | | | | | | | | | The ObjectInfo struct has a variable length array containing the UTF-16 encoded filename. The number of characters of trailing data is given by the 'length' field in the struct and this must be validated against the size of the data packet received from the guest. Since the data is UTF-16, we must convert the byte count we have to a character count before validating. This must take care to truncate if a malicious guest sent an odd number of bytes. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Bandan Das <bsd@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* filemon: fix watch IDs to avoid potential wraparound issuesDaniel P. Berrangé2019-04-021-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | Watch IDs are allocated from incrementing a int counter against the QFileMonitor object. In very long life QEMU processes with a huge amount of USB MTP activity creating & deleting directories it is just about conceivable that the int counter can wrap around. This would result in incorrect behaviour of the file monitor watch APIs due to clashing watch IDs. Instead of trying to detect this situation, this patch changes the way watch IDs are allocated. It is turned into an int64_t variable where the high 32 bits are set from the underlying inotify "int" ID. This gives an ID that is guaranteed unique for the directory as a whole, and we can rely on the kernel to enforce this. QFileMonitor then sets the low 32 bits from a per-directory counter. The USB MTP device only sets watches on the directory as a whole, not files within, so there is no risk of guest triggered wrap around on the low 32 bits. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* usb-mtp: remove usb_mtp_object_free_oneBandan Das2019-04-021-12/+2Star
| | | | | | | | | | This function is used in the delete path only and can be replaced by a call to usb_mtp_object_free. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Bandan Das <bsd@redhat.com> Message-Id: <20190401211712.19012-3-bsd@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb-mtp: fix return status of deleteBandan Das2019-04-021-28/+34
| | | | | | | | | | | | | | | | Spotted by Coverity: CID 1399414 mtp delete allows the return status of delete succeeded, partial_delete or readonly - when none of the objects could be deleted. Give more meaningful names to return values of the delete function. Some initiators recurse over the objects themselves. In that case, only READ_ONLY can be returned. Signed-off-by: Bandan Das <bsd@redhat.com> Message-Id: <20190401211712.19012-2-bsd@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb-mtp: prevent null dereference while deleting objectsBandan Das2019-03-071-3/+1Star
| | | | | | | | Spotted by Coverity: CID 1399144 Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20190306210409.14842-4-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb-mtp: fix some usb_mtp_write_data return pathsBandan Das2019-03-071-8/+10
| | | | | | | | | | | | During a write, free up the "path" before getting more data. Also, while we at it, remove the confusing usage of d->fd for storing mkdir status Spotted by Coverity: CID 1398642 Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20190306210409.14842-3-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb-mtp: return incomplete transfer on a lstat failureBandan Das2019-03-071-5/+14
| | | | | | | | | | | | MTP writes objects in small chunks and at the end gets the real file size to update the object metadata. If this fails for any reason, return an INCOMPLETE_TRANSFER to the initiator Spotted by Coverity: CID 1398651 Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20190306210409.14842-2-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* hw/usb: switch MTP to use new inotify APIsDaniel P. Berrangé2019-02-261-164/+110Star
| | | | | | | | The internal inotify APIs allow a lot of conditional statements to be cleared out, and provide a simpler callback for handling events. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* hw/usb: fix const-ness for string params in MTP driverDaniel P. Berrangé2019-02-261-4/+4
| | | | | | | | | Various functions accepting 'char *' string parameters were missing 'const' qualifiers. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* hw/usb: don't set IN_ISDIR for inotify watch in MTP driverDaniel P. Berrangé2019-02-261-2/+1Star
| | | | | | | | | | IN_ISDIR is not a bit that one can request when registering a watch with inotify_add_watch. Rather it is a bit that is set automatically when reading events from the kernel. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* usb-mtp: replace the homebrew write with qemu_write_fullBandan Das2019-01-301-11/+3Star
| | | | | | | | | | qemu_write_full takes care of partial blocking writes, as in cases of larger file sizes Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20190129131908.27924-4-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb-mtp: breakup MTP write into smaller chunksBandan Das2019-01-301-43/+91
| | | | | | | | | | | | | | For every MTP_WRITE_BUF_SZ copied, this patch writes it to file before getting the next block of data. The file is kept opened for the duration of the operation but the sanity checks on the write operation are performed only once when the write operation starts. Additionally, we also update the file size in the object metadata once the file has completely been written. Suggested-by: Gerd Hoffman <kraxel@redhat.com> Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20190129131908.27924-3-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb-mtp: Reallocate buffer in multiples of MTP_WRITE_BUF_SZBandan Das2019-01-301-14/+13Star
| | | | | | | | | | | This is a "pre-patch" to breaking up the write buffer for MTP writes. Instead of allocating a mtp buffer equal to size sent by the initiator, we start with a small size and reallocate multiples (of that small size) as needed. Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20190129131908.27924-2-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb: dev-mtp: close fd in usb_mtp_object_readdir()Li Qiang2019-01-301-0/+1
| | | | | | | | | | | | | | Spotted by Coverity: CID 1397070 Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20190103133113.49599-1-liq3ea@163.com [ kraxel: dropped chunk which adds close() after successful fdopendir() call, that is not needed according to POSIX even though Coverity flags it as bug ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* qemu/queue.h: simplify reverse access to QTAILQPaolo Bonzini2019-01-111-2/+2
| | | | | | | The new definition of QTAILQ does not require passing the headname, remove it. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* usb: dev-mtp: fix memory leak in error pathLi Qiang2019-01-081-0/+1
| | | | | | | | | | Spotted by Coverity: CID 1397074 Fixes: c52d46e041b Signed-off-by: Li Qiang <liq3ea@163.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20190103132605.49476-1-liq3ea@163.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb-mtp: Limit filename to object information sizeMichael Hanselmann2018-12-141-4/+5
| | | | | | | | | | | | | | | | | The filename length in MTP metadata is specified by the guest. By trusting it directly it'd theoretically be possible to get the host to write memory parts outside the filename buffer into a filename. In practice though there are usually NUL bytes stopping the string operations. Also use the opportunity to not assign the filename member twice. Signed-off-by: Michael Hanselmann <public@hansmi.ch> Message-id: ab70659d8d5c580bdf150a5f7d5cc60c8e374ffc.1544740018.git.public@hansmi.ch [ kraxel: codestyle fix: break a long line ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb-mtp: use O_NOFOLLOW and O_CLOEXEC.Gerd Hoffmann2018-12-141-4/+9
| | | | | | | | | | | | | | | | | | | | Open files and directories with O_NOFOLLOW to avoid symlinks attacks. While being at it also add O_CLOEXEC. usb-mtp only handles regular files and directories and ignores everything else, so users should not see a difference. Because qemu ignores symlinks, carrying out a successful symlink attack requires swapping an existing file or directory below rootdir for a symlink and winning the race against the inotify notification to qemu. Fixes: CVE-2018-16872 Cc: Prasad J Pandit <ppandit@redhat.com> Cc: Bandan Das <bsd@redhat.com> Reported-by: Michael Hanselmann <public@hansmi.ch> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Michael Hanselmann <public@hansmi.ch> Message-id: 20181213122511.13853-1-kraxel@redhat.com
* usb-mtp: outlaw slashes in filenamesGerd Hoffmann2018-12-031-0/+6
| | | | | | | | | | | Slash is unix directory separator, so they are not allowed in filenames. Note this also stops the classic escape via "../". Fixes: CVE-2018-16867 Reported-by: Michael Hanselmann <public@hansmi.ch> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20181203101045.27976-3-kraxel@redhat.com
* usb-mtp: fix utf16_to_strGerd Hoffmann2018-12-031-6/+12
| | | | | | | | | | | | | | | | | | Make utf16_to_str return an allocated string. Remove the assumtion that the number of string bytes equals the number of utf16 chars (which is only true for ascii chars). Instead call wcstombs twice, once to figure the storage size and once for the actual conversion (as suggested by the wcstombs manpage). FIXME: surrogate pairs are not working correctly. Pre-existing bug, fixing that is left for another day. Reported-by: Michael Hanselmann <public@hansmi.ch> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-id: 20181203101045.27976-2-kraxel@redhat.com
* usb-mtp: reset ObjectInfo dataset size on cleanupBandan Das2018-10-011-0/+2
| | | | | | | | | Stale values in this field may result in qemu expecting more data on the next operation Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180907220851.9658-4-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb-mtp: fix error conditions for write operationBandan2018-10-011-3/+4
| | | | | | | | | | | Return STORE_FULL if we can't write all the bytes but return incomplete transfer if data received is less then what was specified in the metadata. Also, use d->offset as the file size which is valid for all file sizes. Signed-off-by: Bandan <bsd@redhat.com> Message-id: 20180907220851.9658-2-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* dev-mtp: rename x-root to rootdirBandan Das2018-08-211-2/+2
| | | | | | | | | x-root was renamed as such owing to the experimental nature of the property; the underlying filesystem semantics were undecided Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180720214020.22897-6-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* dev-mtp: Add support for > 4GB file transfersBandan Das2018-08-211-4/+27
| | | | | | | | | | To support larger file transfers, rely on a short packet to detect end of the data phase and rewrite d->length to the size received Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180720214020.22897-5-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* dev-mtp: retry write for incomplete transfersBandan Das2018-08-211-2/+20
| | | | | | | | | | For large buffers, write may not copy the full buffer. For example, on Linux, write imposes a limit of 0x7ffff000. Note that this does not fix >4G transfers but ~>2G files will transfer successfully. Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180720214020.22897-4-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* dev-mtp: fix buffer allocation for writing file contentsBandan Das2018-08-211-2/+4
| | | | | | | | | | usb_mtp_realloc() was being incorrectly used when allocating buffer for incoming data. Set d->length only after resizing the buffer. Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180720214020.22897-3-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* dev-mtp: add support for canceling transactionBandan Das2018-08-211-4/+26
| | | | | | | | | | The initiator can choose to cancel an ongoing request which is specified by bRequest=0x64. If such a request arrives, free up any pending state Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180720214020.22897-2-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb-mtp: Return error on suspicious TYPE_DATA packet from initiatorBandan Das2018-06-121-0/+5
| | | | | | | | | | | CID 1390604 If the initiator sends a packet with TYPE_DATA set without initiating a CMD_GET_OBJECT_INFO first, then usb_mtp_get_data can trip on a null s->data_out. Signed-off-by: Bandan Das <bsd@redhat.com> Message-Id: <jpgr2m8ajfk.fsf_-_@linux.bootlegged.copy> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb/dev-mtp: Fix use of uninitialized valuesPhilippe Mathieu-Daudé2018-06-121-1/+5
| | | | | | | | | | | | | | | | | | | This fixes: hw/usb/dev-mtp.c:971:5: warning: 4th function call argument is an uninitialized value trace_usb_mtp_op_get_partial_object(s->dev.addr, o->handle, o->path, c->argv[1], c->argv[2]); ^~~~~~~~~~ and: hw/usb/dev-mtp.c:981:12: warning: Assigned value is garbage or undefined offset = c->argv[1]; ^ ~~~~~~~~~~ Reported-by: Clang Static Analyzer Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180604151421.23385-3-f4bug@amsat.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb: use local path for local headersMichael S. Tsirkin2018-06-011-1/+1
| | | | | | | | | | When pulling in headers that are in the same directory as the C file (as opposed to one in include/), we should use its relative path, without a directory. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
* usb-mtp: Unconditionally check for the readonly bitBandan Das2018-05-071-4/+5
| | | | | | | | | Currently, it's only being checked if desc is NULL and so write support breaks upon specifying desc Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180503192028.14353-3-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb-mtp: Add some NULL checks for issues pointed out by coverityBandan Das2018-05-071-3/+3
| | | | | | | | | | | CID 1390578: In usb_mtp_write_metadata, parent can never be NULL but just in case, add an assert CID 1390592: Check for o->format only if o !=NULL CID 1390604: Check s->data_out != NULL in usb_mtp_handle_data Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180503192028.14353-2-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb-mtp: Advertise SendObjectInfo for write supportBandan Das2018-02-261-2/+134
| | | | | | | | | | | | This patch implements a dummy ObjectInfo structure so that it's easy to typecast the incoming data. If the metadata is valid, write_pending is set. Also, the incoming filename is utf-16, so, instead of depending on external libraries, just implement a simple function to get the filename Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180223164829.29683-6-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb-mtp: Introduce write support for MTP objectsBandan Das2018-02-261-2/+155
| | | | | | | | | | | | | | Allow write operations on behalf of the initiator. The precursor to write is the sending of the write metadata that consists of the ObjectInfo dataset. This patch introduces a flag that is set when the responder is ready to receive write data based on a previous SendObjectInfo operation by the initiator (The SendObjectInfo implementation is in a later patch) Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180223164829.29683-5-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* usb-mtp: Support delete of mtp objectsBandan Das2018-02-261-0/+123
| | | | | | | | | | | | | Write of existing objects by the initiator is acheived by making a temporary buffer with the new changes, deleting the old file and then writing a new file with the same name. Also, add a "readonly" property which needs to be set to false for deletion to work. Signed-off-by: Bandan Das <bsd@redhat.com> Message-id: 20180223164829.29683-4-bsd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>