Commit 6ab3fc32 authored by Daniel P. Berrangé's avatar Daniel P. Berrangé Committed by Paolo Bonzini
Browse files

hw: replace most use of qemu_chr_fe_write with qemu_chr_fe_write_all 

The qemu_chr_fe_write method will return -1 on EAGAIN if the
chardev backend write would block. Almost no callers of the
qemu_chr_fe_write() method check the return value, instead
blindly assuming data was successfully sent. In most cases
this will lead to silent data loss on interactive consoles,
but in some cases (eg RNG EGD) it'll just cause corruption
of the protocol being spoken.

We unfortunately can't fix the virtio-console code, due to
a bug in the Linux guest drivers, which would cause the
entire Linux kernel to hang if we delay processing of the
incoming data in any way. Fixing this requires first fixing
the guest driver to not hold spinlocks while writing to the
hvc device backend.

Fixes bug: https://bugs.launchpad.net/qemu/+bug/1586756



Signed-off-by: default avatarDaniel P. Berrange <berrange@redhat.com>
Message-Id: <1473170165-540-4-git-send-email-berrange@redhat.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 7983e829

backends/rng-egd.c

+3 −1
Original line number Diff line number Diff line
@@ -41,7 +41,9 @@ static void rng_egd_request_entropy(RngBackend *b, RngRequest *req) 
        header[0] = 0x02;

        header[1] = len;



        qemu_chr_fe_write(s->chr, header, sizeof(header));

        /* XXX this blocks entire thread. Rewrite to use

         * qemu_chr_fe_write and background I/O callbacks */

        qemu_chr_fe_write_all(s->chr, header, sizeof(header));



        size -= len;

    }

gdbstub.c

+3 −1
Original line number Diff line number Diff line
@@ -402,7 +402,9 @@ static void put_buffer(GDBState *s, const uint8_t *buf, int len) 
        }

    }

#else

    qemu_chr_fe_write(s->chr, buf, len);

    /* XXX this blocks entire thread. Rewrite to use

     * qemu_chr_fe_write and background I/O callbacks */

    qemu_chr_fe_write_all(s->chr, buf, len);

#endif

}

hw/arm/omap2.c

+5 −3
Original line number Diff line number Diff line
@@ -769,14 +769,16 @@ static void omap_sti_fifo_write(void *opaque, hwaddr addr, 


    if (ch == STI_TRACE_CONTROL_CHANNEL) {

        /* Flush channel <i>value</i>.  */

        qemu_chr_fe_write(s->chr, (const uint8_t *) "\r", 1);

        /* XXX this blocks entire thread. Rewrite to use

         * qemu_chr_fe_write and background I/O callbacks */

        qemu_chr_fe_write_all(s->chr, (const uint8_t *) "\r", 1);

    } else if (ch == STI_TRACE_CONSOLE_CHANNEL || 1) {

        if (value == 0xc0 || value == 0xc3) {

            /* Open channel <i>ch</i>.  */

        } else if (value == 0x00)

            qemu_chr_fe_write(s->chr, (const uint8_t *) "\n", 1);

            qemu_chr_fe_write_all(s->chr, (const uint8_t *) "\n", 1);

        else

            qemu_chr_fe_write(s->chr, &byte, 1);

            qemu_chr_fe_write_all(s->chr, &byte, 1);

    }

}

hw/arm/pxa2xx.c

+3 −1
Original line number Diff line number Diff line
@@ -1903,7 +1903,9 @@ static void pxa2xx_fir_write(void *opaque, hwaddr addr, 
        else

            ch = ~value;

        if (s->chr && s->enable && (s->control[0] & (1 << 3)))	/* TXE */

            qemu_chr_fe_write(s->chr, &ch, 1);

            /* XXX this blocks entire thread. Rewrite to use

             * qemu_chr_fe_write and background I/O callbacks */

            qemu_chr_fe_write_all(s->chr, &ch, 1);

        break;

    case ICSR0:

        s->status[0] &= ~(value & 0x66);

hw/arm/strongarm.c

+3 −1
Original line number Diff line number Diff line
@@ -1108,7 +1108,9 @@ static void strongarm_uart_tx(void *opaque) 
    if (s->utcr3 & UTCR3_LBM) /* loopback */ {

        strongarm_uart_receive(s, &s->tx_fifo[s->tx_start], 1);

    } else if (s->chr) {

        qemu_chr_fe_write(s->chr, &s->tx_fifo[s->tx_start], 1);

        /* XXX this blocks entire thread. Rewrite to use

         * qemu_chr_fe_write and background I/O callbacks */

        qemu_chr_fe_write_all(s->chr, &s->tx_fifo[s->tx_start], 1);

    }



    s->tx_start = (s->tx_start + 1) % 8;