From patchwork Thu Sep 16 19:22:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Volker_R=C3=BCmelin?= X-Patchwork-Id: 1529018 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4H9Rnn3T1vz9sPf for ; Fri, 17 Sep 2021 05:23:25 +1000 (AEST) Received: from localhost ([::1]:42444 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mQwyh-0006bs-0g for incoming@patchwork.ozlabs.org; Thu, 16 Sep 2021 15:23:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34920) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mQwy6-0006ZO-RW for qemu-devel@nongnu.org; Thu, 16 Sep 2021 15:22:46 -0400 Received: from mailout08.t-online.de ([194.25.134.20]:35448) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mQwy5-0005pu-05 for qemu-devel@nongnu.org; Thu, 16 Sep 2021 15:22:46 -0400 Received: from fwd84.dcpf.telekom.de (fwd84.aul.t-online.de [10.223.144.110]) by mailout08.t-online.de (Postfix) with SMTP id 8D63A64AD; Thu, 16 Sep 2021 21:22:41 +0200 (CEST) Received: from linpower.localnet ([79.208.16.31]) by fwd84.t-online.de with (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384 encrypted) esmtp id 1mQwy0-1aPJ9l0; Thu, 16 Sep 2021 21:22:40 +0200 Received: by linpower.localnet (Postfix, from userid 1000) id CC95620061A; Thu, 16 Sep 2021 21:22:39 +0200 (CEST) From: =?utf-8?q?Volker_R=C3=BCmelin?= To: Gerd Hoffmann Subject: [PATCH v2 1/4] ui/console: replace QEMUFIFO with Fifo8 Date: Thu, 16 Sep 2021 21:22:36 +0200 Message-Id: <20210916192239.18742-1-vr_qemu@t-online.de> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 X-TOI-EXPURGATEID: 150726::1631820160-0000BA1A-CB2EA370/0/0 CLEAN NORMAL X-TOI-MSGID: 72e2812a-90b6-4652-83f8-bdc4df3925b6 Received-SPF: none client-ip=194.25.134.20; envelope-from=volker.ruemelin@t-online.de; helo=mailout08.t-online.de X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" One of the two FIFO implementations QEMUFIFO and Fifo8 is redundant. Replace QEMUFIFO with Fifo8. Signed-off-by: Volker Rümelin Reviewed-by: Marc-André Lureau --- ui/console.c | 86 ++++++++++++---------------------------------------- 1 file changed, 20 insertions(+), 66 deletions(-) diff --git a/ui/console.c b/ui/console.c index eabbbc951c..d2433c0636 100644 --- a/ui/console.c +++ b/ui/console.c @@ -27,6 +27,7 @@ #include "hw/qdev-core.h" #include "qapi/error.h" #include "qapi/qapi-commands-ui.h" +#include "qemu/fifo8.h" #include "qemu/module.h" #include "qemu/option.h" #include "qemu/timer.h" @@ -62,57 +63,6 @@ enum TTYState { TTY_STATE_CSI, }; -typedef struct QEMUFIFO { - uint8_t *buf; - int buf_size; - int count, wptr, rptr; -} QEMUFIFO; - -static int qemu_fifo_write(QEMUFIFO *f, const uint8_t *buf, int len1) -{ - int l, len; - - l = f->buf_size - f->count; - if (len1 > l) - len1 = l; - len = len1; - while (len > 0) { - l = f->buf_size - f->wptr; - if (l > len) - l = len; - memcpy(f->buf + f->wptr, buf, l); - f->wptr += l; - if (f->wptr >= f->buf_size) - f->wptr = 0; - buf += l; - len -= l; - } - f->count += len1; - return len1; -} - -static int qemu_fifo_read(QEMUFIFO *f, uint8_t *buf, int len1) -{ - int l, len; - - if (len1 > f->count) - len1 = f->count; - len = len1; - while (len > 0) { - l = f->buf_size - f->rptr; - if (l > len) - l = len; - memcpy(buf, f->buf + f->rptr, l); - f->rptr += l; - if (f->rptr >= f->buf_size) - f->rptr = 0; - buf += l; - len -= l; - } - f->count -= len1; - return len1; -} - typedef enum { GRAPHIC_CONSOLE, TEXT_CONSOLE, @@ -165,8 +115,7 @@ struct QemuConsole { Chardev *chr; /* fifo for key pressed */ - QEMUFIFO out_fifo; - uint8_t out_fifo_buf[16]; + Fifo8 out_fifo; QEMUTimer *kbd_timer; CoQueue dump_queue; @@ -1160,21 +1109,25 @@ static int vc_chr_write(Chardev *chr, const uint8_t *buf, int len) static void kbd_send_chars(void *opaque) { QemuConsole *s = opaque; - int len; - uint8_t buf[16]; + uint32_t len, avail; len = qemu_chr_be_can_write(s->chr); - if (len > s->out_fifo.count) - len = s->out_fifo.count; - if (len > 0) { - if (len > sizeof(buf)) - len = sizeof(buf); - qemu_fifo_read(&s->out_fifo, buf, len); - qemu_chr_be_write(s->chr, buf, len); + avail = fifo8_num_used(&s->out_fifo); + if (len > avail) { + len = avail; + } + while (len > 0) { + const uint8_t *buf; + uint32_t size; + + buf = fifo8_pop_buf(&s->out_fifo, len, &size); + qemu_chr_be_write(s->chr, (uint8_t *)buf, size); + len -= size; + avail -= size; } /* characters are pending: we send them a bit later (XXX: horrible, should change char device API) */ - if (s->out_fifo.count > 0) { + if (avail > 0) { timer_mod(s->kbd_timer, qemu_clock_get_ms(QEMU_CLOCK_REALTIME) + 1); } } @@ -1185,6 +1138,7 @@ void kbd_put_keysym_console(QemuConsole *s, int keysym) uint8_t buf[16], *q; CharBackend *be; int c; + uint32_t num_free; if (!s || (s->console_type == GRAPHIC_CONSOLE)) return; @@ -1228,7 +1182,8 @@ void kbd_put_keysym_console(QemuConsole *s, int keysym) } be = s->chr->be; if (be && be->chr_read) { - qemu_fifo_write(&s->out_fifo, buf, q - buf); + num_free = fifo8_num_free(&s->out_fifo); + fifo8_push_all(&s->out_fifo, buf, MIN(num_free, q - buf)); kbd_send_chars(s); } break; @@ -2233,8 +2188,7 @@ static void text_console_do_init(Chardev *chr, DisplayState *ds) int g_width = 80 * FONT_WIDTH; int g_height = 24 * FONT_HEIGHT; - s->out_fifo.buf = s->out_fifo_buf; - s->out_fifo.buf_size = sizeof(s->out_fifo_buf); + fifo8_create(&s->out_fifo, 16); s->kbd_timer = timer_new_ms(QEMU_CLOCK_REALTIME, kbd_send_chars, s); s->ds = ds; From patchwork Thu Sep 16 19:22:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Volker_R=C3=BCmelin?= X-Patchwork-Id: 1529020 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4H9Rrr6FwMz9sPf for ; Fri, 17 Sep 2021 05:26:04 +1000 (AEST) Received: from localhost ([::1]:47090 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mQx1G-0001LY-L4 for incoming@patchwork.ozlabs.org; Thu, 16 Sep 2021 15:26:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34982) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mQwyB-0006ig-Cb for qemu-devel@nongnu.org; Thu, 16 Sep 2021 15:22:51 -0400 Received: from mailout11.t-online.de ([194.25.134.85]:37780) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mQwy7-0005sh-QV for qemu-devel@nongnu.org; Thu, 16 Sep 2021 15:22:51 -0400 Received: from fwd82.dcpf.telekom.de (fwd82.aul.t-online.de [10.223.144.108]) by mailout11.t-online.de (Postfix) with SMTP id 3FCC11294D; Thu, 16 Sep 2021 21:22:45 +0200 (CEST) Received: from linpower.localnet ([79.208.16.31]) by fwd82.t-online.de with (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384 encrypted) esmtp id 1mQwy2-0c5Y130; Thu, 16 Sep 2021 21:22:42 +0200 Received: by linpower.localnet (Postfix, from userid 1000) id CE9502006DF; Thu, 16 Sep 2021 21:22:39 +0200 (CEST) From: =?utf-8?q?Volker_R=C3=BCmelin?= To: Gerd Hoffmann Subject: [PATCH v2 2/4] ui/console: replace kbd_timer with chr_accept_input callback Date: Thu, 16 Sep 2021 21:22:37 +0200 Message-Id: <20210916192239.18742-2-vr_qemu@t-online.de> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 X-TOI-EXPURGATEID: 150726::1631820162-000100A4-568E3CDF/0/0 CLEAN NORMAL X-TOI-MSGID: d71079d8-64be-43b6-a8ad-050eadccf06b Received-SPF: none client-ip=194.25.134.85; envelope-from=volker.ruemelin@t-online.de; helo=mailout11.t-online.de X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" There's a ChardevClass chr_accept_input() callback function that can replace the write retry timer. Reviewed-by: Marc-André Lureau Signed-off-by: Volker Rümelin --- ui/console.c | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/ui/console.c b/ui/console.c index d2433c0636..dda1e6861d 100644 --- a/ui/console.c +++ b/ui/console.c @@ -116,7 +116,6 @@ struct QemuConsole { Chardev *chr; /* fifo for key pressed */ Fifo8 out_fifo; - QEMUTimer *kbd_timer; CoQueue dump_queue; QTAILQ_ENTRY(QemuConsole) next; @@ -1106,30 +1105,21 @@ static int vc_chr_write(Chardev *chr, const uint8_t *buf, int len) return len; } -static void kbd_send_chars(void *opaque) +static void kbd_send_chars(QemuConsole *s) { - QemuConsole *s = opaque; uint32_t len, avail; len = qemu_chr_be_can_write(s->chr); avail = fifo8_num_used(&s->out_fifo); - if (len > avail) { - len = avail; - } - while (len > 0) { + while (len > 0 && avail > 0) { const uint8_t *buf; uint32_t size; - buf = fifo8_pop_buf(&s->out_fifo, len, &size); + buf = fifo8_pop_buf(&s->out_fifo, MIN(len, avail), &size); qemu_chr_be_write(s->chr, (uint8_t *)buf, size); - len -= size; + len = qemu_chr_be_can_write(s->chr); avail -= size; } - /* characters are pending: we send them a bit later (XXX: - horrible, should change char device API) */ - if (avail > 0) { - timer_mod(s->kbd_timer, qemu_clock_get_ms(QEMU_CLOCK_REALTIME) + 1); - } } /* called when an ascii key is pressed */ @@ -2141,6 +2131,14 @@ int qemu_console_get_height(QemuConsole *con, int fallback) return con ? surface_height(con->surface) : fallback; } +static void vc_chr_accept_input(Chardev *chr) +{ + VCChardev *drv = VC_CHARDEV(chr); + QemuConsole *s = drv->console; + + kbd_send_chars(s); +} + static void vc_chr_set_echo(Chardev *chr, bool echo) { VCChardev *drv = VC_CHARDEV(chr); @@ -2189,7 +2187,6 @@ static void text_console_do_init(Chardev *chr, DisplayState *ds) int g_height = 24 * FONT_HEIGHT; fifo8_create(&s->out_fifo, 16); - s->kbd_timer = timer_new_ms(QEMU_CLOCK_REALTIME, kbd_send_chars, s); s->ds = ds; s->y_displayed = 0; @@ -2439,6 +2436,7 @@ static void char_vc_class_init(ObjectClass *oc, void *data) cc->parse = qemu_chr_parse_vc; cc->open = vc_chr_open; cc->chr_write = vc_chr_write; + cc->chr_accept_input = vc_chr_accept_input; cc->chr_set_echo = vc_chr_set_echo; } From patchwork Thu Sep 16 19:22:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Volker_R=C3=BCmelin?= X-Patchwork-Id: 1529019 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4H9Rq93th7z9sPf for ; Fri, 17 Sep 2021 05:24:37 +1000 (AEST) Received: from localhost ([::1]:44974 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mQwzr-0008MF-B3 for incoming@patchwork.ozlabs.org; Thu, 16 Sep 2021 15:24:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34990) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mQwyC-0006jo-FL for qemu-devel@nongnu.org; Thu, 16 Sep 2021 15:22:52 -0400 Received: from mailout12.t-online.de ([194.25.134.22]:35228) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mQwy9-0005uZ-PL for qemu-devel@nongnu.org; Thu, 16 Sep 2021 15:22:52 -0400 Received: from fwd73.dcpf.telekom.de (fwd73.aul.t-online.de [10.223.144.99]) by mailout12.t-online.de (Postfix) with SMTP id B41882C5E; Thu, 16 Sep 2021 21:22:46 +0200 (CEST) Received: from linpower.localnet ([79.208.16.31]) by fwd73.t-online.de with (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384 encrypted) esmtp id 1mQwy5-43D0770; Thu, 16 Sep 2021 21:22:45 +0200 Received: by linpower.localnet (Postfix, from userid 1000) id D013D2006E0; Thu, 16 Sep 2021 21:22:39 +0200 (CEST) From: =?utf-8?q?Volker_R=C3=BCmelin?= To: Gerd Hoffmann Subject: [PATCH v2 3/4] ui/console: remove chardev frontend connected test Date: Thu, 16 Sep 2021 21:22:38 +0200 Message-Id: <20210916192239.18742-3-vr_qemu@t-online.de> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 X-TOI-EXPURGATEID: 150726::1631820165-0000F9C6-24ACFDAA/0/0 CLEAN NORMAL X-TOI-MSGID: 6d8b41fd-21aa-4583-b1f3-13b1a29ad0e5 Received-SPF: none client-ip=194.25.134.22; envelope-from=volker.ruemelin@t-online.de; helo=mailout12.t-online.de X-Spam_score_int: -4 X-Spam_score: -0.5 X-Spam_bar: / X-Spam_report: (-0.5 / 5.0 requ) BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The test if the chardev frontend is connected in kbd_put_keysym_console() is redundant, because the call to qemu_chr_be_can_write() in kbd_send_chars() tests the connected condition again. Remove the redundant test whether the chardev frontend is connected. Reviewed-by: Marc-André Lureau Signed-off-by: Volker Rümelin --- ui/console.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/ui/console.c b/ui/console.c index dda1e6861d..29a3e3f0f5 100644 --- a/ui/console.c +++ b/ui/console.c @@ -28,10 +28,11 @@ #include "qapi/error.h" #include "qapi/qapi-commands-ui.h" #include "qemu/fifo8.h" +#include "qemu/main-loop.h" #include "qemu/module.h" #include "qemu/option.h" #include "qemu/timer.h" -#include "chardev/char-fe.h" +#include "chardev/char.h" #include "trace.h" #include "exec/memory.h" #include "io/channel-file.h" @@ -1126,7 +1127,6 @@ static void kbd_send_chars(QemuConsole *s) void kbd_put_keysym_console(QemuConsole *s, int keysym) { uint8_t buf[16], *q; - CharBackend *be; int c; uint32_t num_free; @@ -1170,12 +1170,9 @@ void kbd_put_keysym_console(QemuConsole *s, int keysym) if (s->echo) { vc_chr_write(s->chr, buf, q - buf); } - be = s->chr->be; - if (be && be->chr_read) { - num_free = fifo8_num_free(&s->out_fifo); - fifo8_push_all(&s->out_fifo, buf, MIN(num_free, q - buf)); - kbd_send_chars(s); - } + num_free = fifo8_num_free(&s->out_fifo); + fifo8_push_all(&s->out_fifo, buf, MIN(num_free, q - buf)); + kbd_send_chars(s); break; } } From patchwork Thu Sep 16 19:22:39 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Volker_R=C3=BCmelin?= X-Patchwork-Id: 1529021 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4H9RwN1LfHz9sSn for ; Fri, 17 Sep 2021 05:29:07 +1000 (AEST) Received: from localhost ([::1]:52592 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mQx4C-00057e-GD for incoming@patchwork.ozlabs.org; Thu, 16 Sep 2021 15:29:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34996) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mQwyD-0006lC-3C for qemu-devel@nongnu.org; Thu, 16 Sep 2021 15:22:53 -0400 Received: from mailout04.t-online.de ([194.25.134.18]:34840) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mQwyA-0005vX-AC for qemu-devel@nongnu.org; Thu, 16 Sep 2021 15:22:52 -0400 Received: from fwd86.dcpf.telekom.de (fwd86.aul.t-online.de [10.223.144.112]) by mailout04.t-online.de (Postfix) with SMTP id 3C7CD83; Thu, 16 Sep 2021 21:22:48 +0200 (CEST) Received: from linpower.localnet ([79.208.16.31]) by fwd86.t-online.de with (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384 encrypted) esmtp id 1mQwy7-0PUK4P0; Thu, 16 Sep 2021 21:22:47 +0200 Received: by linpower.localnet (Postfix, from userid 1000) id D28E82006E1; Thu, 16 Sep 2021 21:22:39 +0200 (CEST) From: =?utf-8?q?Volker_R=C3=BCmelin?= To: Gerd Hoffmann Subject: [PATCH v2 4/4] ui/console: prevent use after free error Date: Thu, 16 Sep 2021 21:22:39 +0200 Message-Id: <20210916192239.18742-4-vr_qemu@t-online.de> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 X-TOI-EXPURGATEID: 150726::1631820167-000143A3-ED504374/0/0 CLEAN NORMAL X-TOI-MSGID: 40047553-8174-4852-aba1-836a984d1a81 Received-SPF: none client-ip=194.25.134.18; envelope-from=volker.ruemelin@t-online.de; helo=mailout04.t-online.de X-Spam_score_int: -4 X-Spam_score: -0.5 X-Spam_bar: / X-Spam_report: (-0.5 / 5.0 requ) BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Make chr in the QemuConsole object a strong reference to the referenced chardev device. This prevents a use after free error if the chardev device goes away unexpectedly. To reproduce the error start qemu-system built with address sanitizer with the the following command line options. -display sdl -chardev vc,id=test0,cols=132,rows=50. Open the monitor console with CTRL-ALT-3 and remove the unconnected chardev device test0. (qemu) chardev-remove test0 Open the text console test0 with CTRL-ALT-2 and type a character. QEMU immediately exits with this error message. ==28148==ERROR: AddressSanitizer: heap-use-after-free on address 0x60e000043778 at pc 0x558712ba7125 bp 0x7fff270980b0 sp 0x7fff270980a8 READ of size 8 at 0x60e000043778 thread T0 #0 0x558712ba7124 in qemu_chr_be_can_write ../qemu-master/chardev/char.c:188 #1 0x558711624770 in kbd_send_chars ../qemu-master/ui/console.c:1113 #2 0x558711634e91 in kbd_put_keysym_console ../qemu-master/ui/console.c:1175 #3 0x55871163532a in kbd_put_string_console ../qemu-master/ui/console.c:1221 #4 0x5587120a21e4 in handle_textinput ../qemu-master/ui/sdl2.c:464 #5 0x5587120a21e4 in sdl2_poll_events ../qemu-master/ui/sdl2.c:650 #6 0x5587116269c3 in dpy_refresh ../qemu-master/ui/console.c:1673 #7 0x5587116269c3 in gui_update ../qemu-master/ui/console.c:158 #8 0x558712d3a919 in timerlist_run_timers ../qemu-master/util/qemu-timer.c:573 #9 0x558712d3b183 in qemu_clock_run_timers ../qemu-master/util/qemu-timer.c:587 #10 0x558712d3b183 in qemu_clock_run_all_timers ../qemu-master/util/qemu-timer.c:669 #11 0x558712d286d9 in main_loop_wait ../qemu-master/util/main-loop.c:542 #12 0x5587123d313b in qemu_main_loop ../qemu-master/softmmu/runstate.c:726 #13 0x5587115f989d in main ../qemu-master/softmmu/main.c:50 #14 0x7f832ee0934c in __libc_start_main (/lib64/libc.so.6+0x2534c) #15 0x55871160b6e9 in _start (/home/ruemelin/rpmbuild/BUILD/qemu-6.1.50-build/ qemu-system-x86_64+0x1f4f6e9) Signed-off-by: Volker Rümelin --- ui/console.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ui/console.c b/ui/console.c index 29a3e3f0f5..1ef5a96295 100644 --- a/ui/console.c +++ b/ui/console.c @@ -2264,6 +2264,7 @@ static void vc_chr_open(Chardev *chr, } s->chr = chr; + object_ref(chr); drv->console = s; if (display_state) {