[Qemu-commits] [qemu/qemu] b62e82: parallels: fix possible int overflow

qemu-commits
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] b62e82: parallels: fix possible int overflow

From:	Peter Maydell
Subject:	[Qemu-commits] [qemu/qemu] b62e82: parallels: fix possible int overflow
Date:	Tue, 26 Nov 2024 03:33:53 -0800
  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: b62e82be06a97ce48d1363bb28e8215ab2487a20
      
https://github.com/qemu/qemu/commit/b62e82be06a97ce48d1363bb28e8215ab2487a20
  Author: Dmitry Frolov <frolov@swemel.ru>
  Date:   2024-11-25 (Mon, 25 Nov 2024)

  Changed paths:
    M block/parallels.c

  Log Message:
  -----------
  parallels: fix possible int overflow

The sum "cluster_index + count" may overflow uint32_t.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
Message-ID: <20241106080521.219255-2-frolov@swemel.ru>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>


  Commit: 757dbafe115e4f33782ac59812f37997f5b5ce6c
      
https://github.com/qemu/qemu/commit/757dbafe115e4f33782ac59812f37997f5b5ce6c
  Author: John Snow <jsnow@redhat.com>
  Date:   2024-11-25 (Mon, 25 Nov 2024)

  Changed paths:
    M tests/qemu-iotests/iotests.py

  Log Message:
  -----------
  iotests: reflow ReproducibleTestRunner arguments

Trivial reflow to let the type names breathe.

(I need to add a longer type name.)

Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20241101173700.965776-2-jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>


  Commit: d808888429dbdd308e7348cb112ece06d287b87a
      
https://github.com/qemu/qemu/commit/d808888429dbdd308e7348cb112ece06d287b87a
  Author: John Snow <jsnow@redhat.com>
  Date:   2024-11-25 (Mon, 25 Nov 2024)

  Changed paths:
    M tests/qemu-iotests/iotests.py

  Log Message:
  -----------
  iotests: correct resultclass type in ReproducibleTestRunner

I have a vague memory that I suggested this base class to Vladimir and
said "Maybe someday it will break, and I'll just fix it then." Guess
that's today.

Fixes various mypy errors in the "make check-tox" python test for at
least Python3.8; seemingly requires a fairly modern mypy and/or Python
base version to trigger.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20241101173700.965776-3-jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>


  Commit: 4c600fdcd49c5661b658c325100dcd7754b0a479
      
https://github.com/qemu/qemu/commit/4c600fdcd49c5661b658c325100dcd7754b0a479
  Author: John Snow <jsnow@redhat.com>
  Date:   2024-11-25 (Mon, 25 Nov 2024)

  Changed paths:
    M python/setup.cfg
    M tests/qemu-iotests/pylintrc

  Log Message:
  -----------
  python: disable too-many-positional-arguments warning

Newest versions of pylint complain about specifically positional
arguments in addition to too many in general. We already disable the
general case, so silence this new warning too.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20241101173700.965776-4-jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>


  Commit: 05fd7214d8262878ac4d8bf8909fa315f1f589a6
      
https://github.com/qemu/qemu/commit/05fd7214d8262878ac4d8bf8909fa315f1f589a6
  Author: John Snow <jsnow@redhat.com>
  Date:   2024-11-25 (Mon, 25 Nov 2024)

  Changed paths:
    M python/scripts/mkvenv.py

  Log Message:
  -----------
  python: silence pylint raising-non-exception error

As of (at least) pylint 3.3.1, this code trips pylint up into believing
we are raising something other than an Exception. We are not: the first
two values may indeed be "None", but the last and final value must by
definition be a SystemExit exception.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20241101173700.965776-5-jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>


  Commit: 5102f9df4a9a7adfbd902f9515c3f8f53dba288e
      
https://github.com/qemu/qemu/commit/5102f9df4a9a7adfbd902f9515c3f8f53dba288e
  Author: Kevin Wolf <kwolf@redhat.com>
  Date:   2024-11-25 (Mon, 25 Nov 2024)

  Changed paths:
    M hw/core/qdev-properties-system.c

  Log Message:
  -----------
  qdev: Fix set_pci_devfn() to visit option only once

pci_devfn properties accept either a string or an integer as input. To
implement this, set_pci_devfn() first tries to visit the option as a
string, and if that fails, it visits it as an integer instead. While the
QemuOpts visitor happens to accept this, it is invalid according to the
visitor interface. QObject input visitors run into an assertion failure
when this is done.

QObject input visitors are used with the JSON syntax version of -device
on the command line:

$ ./qemu-system-x86_64 -enable-kvm -M q35 -device 
pcie-pci-bridge,id=pci.1,bus=pcie.0 -blockdev null-co,node-name=disk -device '{ 
"driver": "virtio-blk-pci", "drive": "disk", "id": "virtio-disk0", "bus": 
"pci.1", "addr": 1 }'
qemu-system-x86_64: ../qapi/qobject-input-visitor.c:143: QObject 
*qobject_input_try_get_object(QObjectInputVisitor *, const char *, _Bool): 
Assertion `removed' failed.

The proper way to accept both strings and integers is using the
alternate mechanism, which tells us the type of the input before it's
visited. With this information, we can directly visit it as the right
type.

This fixes set_pci_devfn() by using the alternate mechanism.

Cc: qemu-stable@nongnu.org
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20241119120353.57812-1-kwolf@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>


  Commit: 770de685353e8c495ad4773fbd4bc0db997e4dfd
      
https://github.com/qemu/qemu/commit/770de685353e8c495ad4773fbd4bc0db997e4dfd
  Author: Kevin Wolf <kwolf@redhat.com>
  Date:   2024-11-25 (Mon, 25 Nov 2024)

  Changed paths:
    M tests/avocado/hotplug_blk.py

  Log Message:
  -----------
  tests/avocado/hotplug_blk: Fix addr in device_add command

pci_devfn properties accept both integer and string values, but
integer 1 and string '1' have different meanings: The integer value
means device 0, function 1 whereas the string value '1' is short for
'1.0' and means device 1, function 0.

This test wants the string version so that the device actually becomes
visible for the guest. device_add hides the problem because it goes
through QemuOpts, which turns all properties into strings - this is a
QEMU bug that we want to fix, but that cancelled out the bug in this
test.

Fix the test first so that device_add can be fixed afterwards.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20241122224042.149258-1-kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>


  Commit: be93fd53723cbdca675bd9ed112dae5cabbe1e91
      
https://github.com/qemu/qemu/commit/be93fd53723cbdca675bd9ed112dae5cabbe1e91
  Author: Stefan Hajnoczi <stefanha@redhat.com>
  Date:   2024-11-25 (Mon, 25 Nov 2024)

  Changed paths:
    M system/qdev-monitor.c

  Log Message:
  -----------
  qdev-monitor: avoid QemuOpts in QMP device_add

The QMP device_add monitor command converts the QDict arguments to
QemuOpts and then back again to QDict. This process only supports scalar
types. Device properties like virtio-blk-pci's iothread-vq-mapping (an
array of objects) are silently dropped by qemu_opts_from_qdict() during
the QemuOpts conversion even though QAPI is capable of validating them.
As a result, hotplugging virtio-blk-pci devices with the
iothread-vq-mapping property does not work as expected (the property is
ignored).

Get rid of the QemuOpts conversion in qmp_device_add() and call
qdev_device_add_from_qdict() with from_json=true. Using the QMP
command's QDict arguments directly allows non-scalar properties.

The HMP is also adjusted since qmp_device_add()'s now expects properly
typed JSON arguments and cannot be used from HMP anymore. Move the code
that was previously in qmp_device_add() (with QemuOpts conversion and
from_json=false) into hmp_device_add() so that its behavior is
unchanged.

This patch changes the behavior of QMP device_add but not HMP
device_add. QMP clients that sent incorrectly typed device_add QMP
commands no longer work. This is a breaking change but clients should be
using the correct types already. See the netdev_add QAPIfication in
commit db2a380c8457 for similar reasoning and object-add in commit
9151e59a8b6e. Unlike those commits, we continue to rely on 'gen': false
for the time being.

Markus helped me figure this out and even provided a draft patch. The
code ended up very close to what he suggested.

Suggested-by: Markus Armbruster <armbru@redhat.com>
Cc: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20240827192751.948633-2-stefanha@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>


  Commit: 11bf1d6aa06138e93b274e942d6992af63ffc510
      
https://github.com/qemu/qemu/commit/11bf1d6aa06138e93b274e942d6992af63ffc510
  Author: Stefan Hajnoczi <stefanha@redhat.com>
  Date:   2024-11-25 (Mon, 25 Nov 2024)

  Changed paths:
    M system/vl.c

  Log Message:
  -----------
  vl: use qmp_device_add() in qemu_create_cli_devices()

qemu_create_cli_devices() should use qmp_device_add() to match the
behavior of the QMP monitor. A comment explained that libvirt changes
implementing strict CLI syntax were needed.

Peter Krempa <pkrempa@redhat.com> has confirmed that modern libvirt uses
the same JSON for -device (CLI) and device_add (QMP). Go ahead and use
qmp_device_add().

Cc: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20240827192751.948633-3-stefanha@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>


  Commit: fbdea3d6c13d5a75895c287a004c6f1a6bf6c164
      
https://github.com/qemu/qemu/commit/fbdea3d6c13d5a75895c287a004c6f1a6bf6c164
  Author: Jakub Jelen <jjelen@redhat.com>
  Date:   2024-11-25 (Mon, 25 Nov 2024)

  Changed paths:
    M block/ssh.c

  Log Message:
  -----------
  ssh: Do not switch session to non-blocking mode

The libssh does not handle non-blocking mode in SFTP correctly. The
driver code already changes the mode to blocking for the SFTP
initialization, but for some reason changes to non-blocking mode.
This used to work accidentally until libssh in 0.11 branch merged
the patch to avoid infinite looping in case of network errors:

https://gitlab.com/libssh/libssh-mirror/-/merge_requests/498

Since then, the ssh driver in qemu fails to read files over SFTP
as the first SFTP messages exchanged after switching the session
to non-blocking mode return SSH_AGAIN, but that message is lost
int the SFTP internals and interpretted as SSH_ERROR, which is
returned to the caller:

https://gitlab.com/libssh/libssh-mirror/-/issues/280

This is indeed an issue in libssh that we should address in the
long term, but it will require more work on the internals. For
now, the SFTP is not supported in non-blocking mode.

Fixes: https://gitlab.com/libssh/libssh-mirror/-/issues/280
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Message-ID: <20241113125526.2495731-1-rjones@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>


  Commit: bd5629db935a6c17c86ffbb6a39aa85eed807346
      
https://github.com/qemu/qemu/commit/bd5629db935a6c17c86ffbb6a39aa85eed807346
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2024-11-25 (Mon, 25 Nov 2024)

  Changed paths:
    M block/parallels.c
    M block/ssh.c
    M hw/core/qdev-properties-system.c
    M python/scripts/mkvenv.py
    M python/setup.cfg
    M system/qdev-monitor.c
    M system/vl.c
    M tests/avocado/hotplug_blk.py
    M tests/qemu-iotests/iotests.py
    M tests/qemu-iotests/pylintrc

  Log Message:
  -----------
  Merge tag 'for-upstream' of https://repo.or.cz/qemu/kevin into staging

Block layer patches

- Fix qmp_device_add() to not throw non-scalar options away (fixes
  iothread-vq-mapping being silently ignored in device_add)
- Fix qdev property crash with integer PCI addresses and JSON -device
- iotests: Fix mypy failure
- parallels: Avoid potential integer overflow
- ssh: libssh broke with non-blocking sessions, use a blocking one for now
- Fix crash in migration_is_running()

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAmdES74RHGt3b2xmQHJl
# ZGhhdC5jb20ACgkQfwmycsiPL9abFQ//fGmBl3Jp99GWB1R0y49/hPhfj0166UGj
# zeEmhdy+k6gKywyhVy0Fj0xLztDTb/2bGflrwtDDxYA0PBLel461QSeJUzwDsn9h
# ZGLyFrosXgIPADP55RF1wJ6c+m13MX4jVy80Neh2jemhinMazjj3ADb4RdCf0B4M
# XoYOy96goDFPlzZNvr08dlaDvJaD5QmPYX8nK7TaZqZOSYvdSRWMuB+QQCPj+qEf
# UfpBo3beNsxedNu/1wKS1Nc6FVX7VHKoMzhDLAvxkYMBKcCg9l5lEAGrgp61O+79
# nYZmPtEG5RHsMNBCZtk8zZMIHPg2Ydxpj3jOV3eA0rF4Twk/fPrOOfBEUHT6PapX
# tCS1UJtgyQA2GTULiax3vKV4yBSpmUzbhjddNwBkW7uG1md67d17nqbjkEhHVxZL
# yMuauFRCx5onzE0TSgTYEMAmAgD9oawuGUqBiNCOqJlTbGZwJ9l7jtwP4Bl1gskk
# pWzL/PLP8MkVf50dcP0QBPNHn85/oZOwv5yNr2Z893qNQhh/0xqCEFwqSq2SJOkg
# vKd/bAusgmicoh1XD0o0+mv2ewZor/JghrU83YDPKWM1MmOwePZ8wRTx9pJtZWvq
# Pnc71397zppHIw7aIWKYDoyQ3aeaoTM/oY2Q5Y7et6c/FvGW5JtFjsPCGbgm9mw+
# +6JA51ujtYU=
# =oLdE
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 25 Nov 2024 10:04:46 GMT
# gpg:                using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg:                issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* tag 'for-upstream' of https://repo.or.cz/qemu/kevin:
  ssh: Do not switch session to non-blocking mode
  vl: use qmp_device_add() in qemu_create_cli_devices()
  qdev-monitor: avoid QemuOpts in QMP device_add
  tests/avocado/hotplug_blk: Fix addr in device_add command
  qdev: Fix set_pci_devfn() to visit option only once
  python: silence pylint raising-non-exception error
  python: disable too-many-positional-arguments warning
  iotests: correct resultclass type in ReproducibleTestRunner
  iotests: reflow ReproducibleTestRunner arguments
  parallels: fix possible int overflow

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/791e3837c110...bd5629db935a

To unsubscribe from these emails, change your notification settings at 
https://github.com/qemu/qemu/settings/notifications
[Prev in Thread]
Current Thread
[Next in Thread]
[Qemu-commits] [qemu/qemu] b62e82: parallels: fix possible int overflow, Peter Maydell, 2024/11/25
- [Qemu-commits] [qemu/qemu] b62e82: parallels: fix possible int overflow, Peter Maydell <=
Prev by Date: [Qemu-commits] [qemu/qemu] b62e82: parallels: fix possible int overflow
Next by Date: [Qemu-commits] [qemu/qemu] 2abdc8: tests/functional: fix mips64el test to honour workdir
Previous by thread: [Qemu-commits] [qemu/qemu] b62e82: parallels: fix possible int overflow
Next by thread: [Qemu-commits] [qemu/qemu] 2abdc8: tests/functional: fix mips64el test to honour workdir
Index(es):
- Date
- Thread