Re: Are user static builds really dynamically linked ?

2020-12-16 Thread Tj (Elloe Linux) 
On 16/12/2020 11:39, Paolo Bonzini wrote:
> On 16/12/20 12:07, Peter Maydell wrote:
>> Something has definitely changed here. What you had with 4.2.1
>> is what you should be getting. The obvious suspect is that
>> something weird happened in the meson conversion...

Ubuntu/Debian maintainer reproduced and confirmed my findings. It's been
git-bisect-ed to the addition/use of -static-pie on 'supported'
architectures when calling configure with --static at commit 127814629b
"configure: Support -static-pie if requested".

Using --disable-pie works around it on x86_64 for us.

https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1908331

https://salsa.debian.org/qemu-team/qemu/-/merge_requests/16

> Please send the (gzipped) build.ninja file.

build.ninja archives with and without --disable-pie can be fetched from:

https://iam.tj/projects/qemu/

Are user static builds really dynamically linked ?

2020-12-15 Thread Tj (Elloe Linux) 
user --static builds are apparently resulting in dynamically linked
executables (to the glibc library, not other shared objects )

Concise summary:

$ file ../qemu-aarch64_v*

../qemu-aarch64_v4.2.1: ELF 64-bit LSB executable, x86-64, version 1
(GNU/Linux), statically linked,
BuildID[sha1]=70f5e10ac0eb9b63d7758850e2f18d0a047d4b79, for GNU/Linux
3.2.0, with debug_info, not stripped

../qemu-aarch64_v5.2:   ELF 64-bit LSB shared object, x86-64, version 1
(GNU/Linux), dynamically linked,
BuildID[sha1]=91fda2fa08f46d1bb6d19b6f72a4819a7c20fd7e, for GNU/Linux
3.2.0, stripped

$ ldd  ../qemu-aarch64_v*

../qemu-aarch64_v4.2.1:
not a dynamic executable
../qemu-aarch64_v5.2:
statically linked


Between v4.2.1 and HEAD and (trying to) perform git-bisect builds using:

$ ../../qemu/configure --disable-system --enable-linux-user --static
--target-list=aarch64-linux-user

All builds from v5.x onwards report:

$ file qemu-aarch64
qemu-aarch64: ELF 64-bit LSB shared object, x86-64, version 1
(GNU/Linux), dynamically linked,
BuildID[sha1]=546ba11f0de940f7f3cbfaffae3c2bb54b683386, for GNU/Linux
3.2.0, with debug_info, not stripped

Whereas builds of v4.2.1 report:

$ file ./aarch64-linux-user/qemu-aarch64
./aarch64-linux-user/qemu-aarch64: ELF 64-bit LSB executable, x86-64,
version 1 (GNU/Linux), statically linked,
BuildID[sha1]=70f5e10ac0eb9b63d7758850e2f18d0a047d4b79, for GNU/Linux
3.2.0, with debug_info, not stripped

... the same as the v4.2.0 built by Debian/Ubuntu:

$ file /usr/bin/qemu-aarch64-static
/usr/bin/qemu-aarch64-static: ELF 64-bit LSB executable, x86-64, version
1 (GNU/Linux), statically linked,
BuildID[sha1]=abad039a2cfc5bc87215554230a572b085fbc37a, for GNU/Linux
3.2.0, with debug_info, not stripped



This could be a problem because when the executable is dynamically
linked to glibc the same glibc version needs to be installed in the
chroot and that isn't always possible.

I'm unsure whether this is a cosmetic issue of file/ldd reporting or is
a regression.

Hit this whilst in the process of trying to isolate commits that fixed
another issue where using qemu-aarch64 on x86_64 Debian/Ubuntu host with
a foreign architecture chroot that results in "handle_cpu_signal
received signal outside vCPU context" when doing "chroot
debian-buster-aarch64 aptitude full-upgrade".

qemu:handle_cpu_signal received signal outside vCPU context

2020-12-03 Thread Tj (Elloe Linux) 
We're seeing this error on Ubuntu 20.04 amd64 host and aarch64
qemu-aarch64-static chroot when executing 'aptitude':

qemu:handle_cpu_signal received signal outside vCPU context
qemu:handle_cpu_signal received signal outside vCPU context

Research led us to an identical issue report against qemu-m68k [0] where
it is reported this issue is resolved in 5.0.0+.

Ubuntu 20.04 LTS currently ships v4.2 so I'm trying to identify the
commit(s) that resolved this issue so we can test a cherry-pick of the fix.

Do you know which commit(s) addressed this?

Some suggestions as to the responsible patch have been made but I've not
been able to find the patchwork patch [1] content in current upstream
which suggests its the wrong patch, it was never merged, or the code has
since changed so it is unrecognisable.


[0] https://github.com/vivier/qemu-m68k/issues/38

[1]
http://patchwork.ozlabs.org/project/qemu-devel/patch/1456850240-21096-1-git-send-email-peter.mayd...@linaro.org/

[Qemu-devel] [Bug 955379] Re: cmake hangs with qemu-arm-static

2018-04-13 Thread TJ 
** Also affects: qemu (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: qemu (Ubuntu)
   Status: New => Confirmed

** Changed in: qemu (Ubuntu)
Milestone: None => ubuntu-16.04.5

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/955379

Title:
  cmake hangs with qemu-arm-static

Status in QEMU:
  Fix Released
Status in Linaro QEMU:
  Confirmed
Status in qemu package in Ubuntu:
  Confirmed
Status in qemu-linaro package in Ubuntu:
  Confirmed

Bug description:
  I'm using git commit 3e7ecd976b06f... configured with --target-list
  =arm-linux-user --static in a chroot environment to compile some
  things. I ran into this problem with both pcl and opencv-2.3.1. cmake
  consistently freezes at some point during its execution, though in a
  different spot each time, usually during a step when it's searching
  for some libraries. For instance, pcl most commonly stops after:

  [snip]
  -- Boost version: 1.46.1
  -- Found the following Boost libraries:
  --   system
  --   filesystem
  --   thread
  --   date_time
  -- checking for module 'eigen3'
  --   found eigen3, version 3.0.1

  which is perplexing because it freezes after finding what it wants,
  not during the search. When it does get past that point, it does so
  almost immediately but freezes somewhere else.

  I'm using 64-bit Ubuntu 11.10 with kernel release 3.0.0-16-generic
  with an Intel i5.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/955379/+subscriptions

[Qemu-devel] [Bug 998435] Re: qemu-kvm-spice doesn't support spice/qxl installs

2013-04-04 Thread TJ 
This is a show-stopper and regression for many VM scenarios on Precise.
A year later we should have a fix for this.

** Changed in: qemu-kvm-spice (Ubuntu)
   Importance: Undecided = High

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/998435

Title:
  qemu-kvm-spice doesn't support spice/qxl  installs

Status in QEMU:
  Confirmed
Status in “qemu-kvm-spice” package in Ubuntu:
  Confirmed

Bug description:
  Been setup as follows :-

  boris@boris-P5Q-E:~$ dpkg -l | grep spice
  ii  gir1.2-spice-client-glib-2.0   0.9-0ubuntu1 GObject for 
communicating with Spice servers (GObject-Introspection)
  ii  gir1.2-spice-client-gtk-2.00.9-0ubuntu1   
 GTK2 widget for SPICE clients (GObject-Introspection)
  ii  gir1.2-spice-client-gtk-3.00.9-0ubuntu1   
 GTK3 widget for SPICE clients (GObject-Introspection)
  ii  libspice-client-glib-2.0-1 0.9-0ubuntu1   
 GObject for communicating with Spice servers (runtime library)
  ii  libspice-client-glib-2.0-dev   0.9-0ubuntu1   
 GObject for communicating with Spice servers (development files)
  ii  libspice-client-gtk-2.0-1  0.9-0ubuntu1   
 GTK2 widget for SPICE clients (runtime library)
  ii  libspice-client-gtk-2.0-dev0.9-0ubuntu1   
 GTK2 widget for SPICE clients (development files)
  ii  libspice-client-gtk-3.0-1  0.9-0ubuntu1   
 GTK3 widget for SPICE clients (runtime library)
  ii  libspice-client-gtk-3.0-dev0.9-0ubuntu1   
 GTK3 widget for SPICE clients (development files)
  ii  libspice-protocol-dev  0.10.1-1   
 SPICE protocol headers
  ii  libspice-server-dev0.10.0-1   
 Header files and development documentation for spice-server
  ii  libspice-server1   0.10.0-1   
 Implements the server side of the SPICE protocol
  ii  python-spice-client-gtk0.9-0ubuntu1   
 GTK2 widget for SPICE clients (Python binding)
  ii  qemu-kvm-spice 1.0.50-2012.03-0ubuntu2
 Full virtualization on amd64 hardware

  Spice/QXL install  doesn't work on Ubuntu 12.04 .  View also 
https://bugs.launchpad.net/ubuntu/+source/seabios/+bug/823494
  It doesn't look like duplicate of bug mentioned above.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/998435/+subscriptions

[Qemu-devel] Obama, Steve Jobs, the Clintons, Oprah - All the great communicators in one big event!

2011-10-30 Thread TJ Walker in Asia 

Hello friend,

Great speakers are made not born and the best way to become one is by
emulating the masters. EASIER SAID THAN DONE, especially in Malaysia, but
not anymore. 


That's because New York based international presentation, speaking and
media coach, TJ Walker is coming to Malaysia. 


This bestselling author, who has worked with presidents, prime ministers,
Nobel laureates, corporate leaders  celebrities, will be sharing his
speaking strategies, tips  tricks with you in Kuala Lumpur, Malaysia, on
Wednesday, 7th December, 2011.

A prominent feature of TJ Walker's seminars is the use of video clips of
great communicators such as Barack Obama, Winston Churchill, the Clintons,
Oprah Winfrey and Steve Jobs. TJ dissects each of their performances and
identify their strengths. He then shows you how to easily adopt these
strengths  strategies. 


TJ Walker's method is so effective that all of his clients have shown
tremendous improvement shortly after his session and you are about to join
that exclusive club.

This is TJ's first visit to Asia and to mark the occasion he has, for the
first time in his career, agreed to reduce his fee. Tickets are only priced
at RM998 each. 


There is however a super saver in the form of a Super Early Bird Offer,
and your price will be only RM389! These tickets are very limited and it's
best to buy yours now.

For tickets and further information, head to www.tjwalkerasia.com now!

Click here
http://www.e-marketinginc.com/iem/link.php?M=330561N=109L=20F=T and
Sign up now!

Best regards,

Maverick Foo
TJ Walker  Associates 




P.S.: By the way, many of TJ's clients such as U.S. Army, Bank of America,
McGraw-Hill, Ernst and Young, Federal Express and UCLA have engaged him
in-house to talk on hot topics such as Crisis Communication, Setting Up A
Crisis Management Campaign, small group or one-on-one coaching, and more.
If you like to enjoy the same positive results as them by bringing the
expert in to engage your people personally, kindly contact Maverick, at
m...@plaseed.com, or via his mobile, +60162252500. You can also download a
one-pager on the TJ Walker's Strategies to Successful Crisis Communication
here http://www.e-marketinginc.com/iem/link.php?M=330561N=109L=24F=T.



Click here to Unsubscribe
http://www.e-marketinginc.com/iem/unsubscribe.php?M=330561C=e9264b3b7e21991615630b1ad9d6e228L=7N=109,
or simply reply to this email and we will remove you from the list, no
questions asked. To contact us please email train...@plaseed.com.

This email is sent from:
TJ Walker  Associates
(A Plaseed Training Partner)
B-5-8, Plaza Mont Kiara,Mont Kiara,
50480 Kuala Lumpur, Malaysia 




Powered by Interspire

Re: [Qemu-devel] Fwd: [PATCH v2] Guest OS hangs on usb_add

2011-02-22 Thread TJ 
On 11/16/2010 02:55 PM, Anthony Liguori wrote:

 If you don't like the hack, you can just remove the 3 lines above and use the
 rest of the patch. I will just have to remember to manually patch mine every
 time I upgrade.

 Your thoughts?

 
 Yeah, that bit is a bit too gnarly for my tastes, but if you can resend the 
 rest
 of it with a Signed-off-by, I'd appreciate.
 
 Regards,
 
 Anthony Liguori
 
 -TJ

 

Antonio,
Did anything come of this? I resubmitted the patch without the hack, but it
don't look like it was committed:

http://lists.nongnu.org/archive/html/qemu-devel/2010-11/msg01496.html

Ciao,
TJ

Re: [Qemu-devel] Fwd: [PATCH v2] Guest OS hangs on usb_add

2010-11-16 Thread TJ 
On 11/16/2010 10:00 AM, Anthony Liguori wrote:
 On 11/02/2010 09:51 AM, TJ wrote:
 Doesn't look like this has ever been committed. qemu-kvm-0.13 has just 
 arrived
 to the portage tree, but I am still having problems with it. I checked the 
 git
 log and it's not there! Please commit.

 
 One off device hacks are concerning because it's basically impossible to 
 review.
 
 Why does this work on bare metal?
 
 Regards,
 
 Anthony Liguori
 

Probably because bare metal USB 2.0 controllers don't give a damn about USB 3
spec. :)

My guess is that they ignore the device descriptor length and assume that it's
always equal 18. Although the USB 2.0 spec doesn't explicitly say anywhere that
it can't be more than 18. IIRC USB 3 even adds some extensions to the device
descriptor. And since I wanted my code to be portable and USB 3 ready ;) I rely
on the value in dev_descr_len.

BTW, this patch is more than just a hack for the device in question. Without
this patch qemu simply locks up when I attach the remote and spins in endless
loop, because USB parsing is so very primitive. With this patch, USB parsing is
done more intelligently and devices with whacky USB descriptors are simply 
rejected.

The hack part is really just 3 lines:

 +if (dev_descr_len == 0x18  dev-descr[ 8] == 0x47  dev-descr[ 9] 
 == 0x46
 +   dev-descr[10] == 0x00  dev-descr[11] 
 == 0x30)
 +dev_descr_len = USB_DT_DEVICE_LEN; /* for buggy MX-950 remote 
 reporting len in hex */

And it is very harmless, as all it does is overwrites the device descriptor
length with correct one.

If you don't like the hack, you can just remove the 3 lines above and use the
rest of the patch. I will just have to remember to manually patch mine every
time I upgrade.

Your thoughts?

-TJ

[Qemu-devel] [PATCH v3] Guest OS hangs on usb_add

2010-11-16 Thread TJ 
This is a small patch to slightly intelligentify usb device and
config descriptor parsing. MX-950 bug work-around is not included.

Signed-off-by: Timothy Jones one.timothy.jo...@gmail.com
---
 hw/usb.h|5 +
 usb-linux.c |   34 +++---
 2 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/hw/usb.h b/hw/usb.h
index 00d2802..5c3528f 100644
--- a/hw/usb.h
+++ b/hw/usb.h
@@ -117,6 +117,11 @@
 #define USB_DT_INTERFACE   0x04
 #define USB_DT_ENDPOINT0x05

+#define USB_DT_DEVICE_LEN  18
+#define USB_DT_CONFIG_LEN  9
+#define USB_DT_INTERFACE_LEN   9
+#define USB_DT_ENDPOINT_LEN7
+
 #define USB_ENDPOINT_XFER_CONTROL  0
 #define USB_ENDPOINT_XFER_ISOC 1
 #define USB_ENDPOINT_XFER_BULK 2
diff --git a/usb-linux.c b/usb-linux.c
index c3c38ec..cf20399 100644
--- a/usb-linux.c
+++ b/usb-linux.c
@@ -290,7 +290,7 @@ static void async_cancel(USBPacket *unused, void *opaque)

 static int usb_host_claim_interfaces(USBHostDevice *dev, int configuration)
 {
-int dev_descr_len, config_descr_len;
+int dev_descr_len, config_descr_total_len;
 int interface, nb_interfaces;
 int ret, i;

@@ -299,32 +299,36 @@ static int usb_host_claim_interfaces(USBHostDevice *dev,
int configuration)

 DPRINTF(husb: claiming interfaces. config %d\n, configuration);

-i = 0;
 dev_descr_len = dev-descr[0];
-if (dev_descr_len  dev-descr_len) {
+
+if (dev_descr_len  dev-descr_len || dev_descr_len  USB_DT_DEVICE_LEN ||
dev-descr[1] != USB_DT_DEVICE) {
+fprintf(stderr, husb: invalid device descriptor\n);
 goto fail;
 }

-i += dev_descr_len;
-while (i  dev-descr_len) {
+for (i = dev_descr_len; i  dev-descr_len; ) {
 DPRINTF(husb: i is %d, descr_len is %d, dl %d, dt %d\n,
 i, dev-descr_len,
dev-descr[i], dev-descr[i+1]);

-if (dev-descr[i+1] != USB_DT_CONFIG) {
-i += dev-descr[i];
-continue;
+if (dev-descr[i]  2) {
+fprintf(stderr, husb: invalid descriptor\n);
+goto fail;
 }
-config_descr_len = dev-descr[i];
+if (dev-descr[i+1] == USB_DT_CONFIG) {
+config_descr_total_len = dev-descr[i+2] + (dev-descr[i+3]  8);

-printf(husb: config #%d need %d\n, dev-descr[i + 5], configuration);
+printf(husb: config #%d need %d\n, dev-descr[i + 5], 
configuration);

-if (configuration  0 || configuration == dev-descr[i + 5]) {
-configuration = dev-descr[i + 5];
-break;
-}
+if (configuration  0 || configuration == dev-descr[i + 5]) {
+configuration = dev-descr[i + 5];
+break;
+}

-i += config_descr_len;
+i += config_descr_total_len;
+}
+else
+i += dev-descr[i];
 }

 if (i = dev-descr_len) {
--
1.7.2.2

[Qemu-devel] Fwd: [PATCH v2] Guest OS hangs on usb_add

2010-11-02 Thread TJ 
Doesn't look like this has ever been committed. qemu-kvm-0.13 has just arrived
to the portage tree, but I am still having problems with it. I checked the git
log and it's not there! Please commit.
-TJ

 Original Message 
Subject: [PATCH v2] Guest OS hangs on usb_add
Date: Mon, 28 Jun 2010 10:47:03 -0400
From: TJ one.timothy.jo...@gmail.com
To: qemu-devel@nongnu.org qemu-devel@nongnu.org
CC: Gianni Tedesco gianni.tede...@citrix.com

This is a small patch to sligtly intelligentify usb device and
config descriptor parsing and to handle bug with certain usb
device (URC MX-950) reporting device desriptor length as 0x18
instead of 18 with added vendor_id/product_id check
---
 hw/usb.h|5 +
 usb-linux.c |   37 ++---
 2 files changed, 27 insertions(+), 15 deletions(-)

diff --git a/hw/usb.h b/hw/usb.h
index 00d2802..5c3528f 100644
--- a/hw/usb.h
+++ b/hw/usb.h
@@ -117,6 +117,11 @@
 #define USB_DT_INTERFACE   0x04
 #define USB_DT_ENDPOINT0x05

+#define USB_DT_DEVICE_LEN  18
+#define USB_DT_CONFIG_LEN  9
+#define USB_DT_INTERFACE_LEN   9
+#define USB_DT_ENDPOINT_LEN7
+
 #define USB_ENDPOINT_XFER_CONTROL  0
 #define USB_ENDPOINT_XFER_ISOC 1
 #define USB_ENDPOINT_XFER_BULK 2
diff --git a/usb-linux.c b/usb-linux.c
index 88273ff..2ac6562 100644
--- a/usb-linux.c
+++ b/usb-linux.c
@@ -288,7 +288,7 @@ static void async_cancel(USBPacket *unused, void *opaque)

 static int usb_host_claim_interfaces(USBHostDevice *dev, int configuration)
 {
-int dev_descr_len, config_descr_len;
+int dev_descr_len, config_descr_total_len;
 int interface, nb_interfaces;
 int ret, i;

@@ -297,32 +297,39 @@ static int usb_host_claim_interfaces(USBHostDevice *dev,
int configuration)

 DPRINTF(husb: claiming interfaces. config %d\n, configuration);

-i = 0;
 dev_descr_len = dev-descr[0];
-if (dev_descr_len  dev-descr_len) {
+if (dev_descr_len == 0x18  dev-descr[ 8] == 0x47  dev-descr[ 9] == 
0x46
+   dev-descr[10] == 0x00  dev-descr[11] == 
0x30)
+dev_descr_len = USB_DT_DEVICE_LEN; /* for buggy MX-950 remote reporting
len in hex */
+
+if (dev_descr_len  dev-descr_len || dev_descr_len  USB_DT_DEVICE_LEN ||
dev-descr[1] != USB_DT_DEVICE) {
+fprintf(stderr, husb: invalid device descriptor\n);
 goto fail;
 }

-i += dev_descr_len;
-while (i  dev-descr_len) {
+for (i = dev_descr_len; i  dev-descr_len; ) {
 DPRINTF(husb: i is %d, descr_len is %d, dl %d, dt %d\n,
 i, dev-descr_len,
dev-descr[i], dev-descr[i+1]);

-if (dev-descr[i+1] != USB_DT_CONFIG) {
-i += dev-descr[i];
-continue;
+if (dev-descr[i]  2) {
+fprintf(stderr, husb: invalid descriptor\n);
+goto fail;
 }
-config_descr_len = dev-descr[i];
+if (dev-descr[i+1] == USB_DT_CONFIG) {
+config_descr_total_len = dev-descr[i+2] + (dev-descr[i+3]  8);

-printf(husb: config #%d need %d\n, dev-descr[i + 5], configuration);
+printf(husb: config #%d need %d\n, dev-descr[i + 5], 
configuration);

-if (configuration  0 || configuration == dev-descr[i + 5]) {
-configuration = dev-descr[i + 5];
-break;
-}
+if (configuration  0 || configuration == dev-descr[i + 5]) {
+configuration = dev-descr[i + 5];
+break;
+}

-i += config_descr_len;
+i += config_descr_total_len;
+}
+else
+i += dev-descr[i];
 }

 if (i = dev-descr_len) {

Re: [Qemu-devel] Guest OS hangs on usb_add

2010-06-28 Thread TJ 
On 06/28/10 08:32, Gianni Tedesco wrote:
 
 FWIW, I am signing off on your approach :)
 
 Gianni Tedesco
 

Thank you Gianni :) I am gonna add simple vend/prod id check to my 0x18 hack and
resubmit final version.

-TJ

[Qemu-devel] [PATCH v2] Guest OS hangs on usb_add

2010-06-28 Thread TJ 
This is a small patch to sligtly intelligentify usb device and
config descriptor parsing and to handle bug with certain usb
device (URC MX-950) reporting device desriptor length as 0x18
instead of 18 with added vendor_id/product_id check
---
 hw/usb.h|5 +
 usb-linux.c |   37 ++---
 2 files changed, 27 insertions(+), 15 deletions(-)

diff --git a/hw/usb.h b/hw/usb.h
index 00d2802..5c3528f 100644
--- a/hw/usb.h
+++ b/hw/usb.h
@@ -117,6 +117,11 @@
 #define USB_DT_INTERFACE   0x04
 #define USB_DT_ENDPOINT0x05

+#define USB_DT_DEVICE_LEN  18
+#define USB_DT_CONFIG_LEN  9
+#define USB_DT_INTERFACE_LEN   9
+#define USB_DT_ENDPOINT_LEN7
+
 #define USB_ENDPOINT_XFER_CONTROL  0
 #define USB_ENDPOINT_XFER_ISOC 1
 #define USB_ENDPOINT_XFER_BULK 2
diff --git a/usb-linux.c b/usb-linux.c
index 88273ff..2ac6562 100644
--- a/usb-linux.c
+++ b/usb-linux.c
@@ -288,7 +288,7 @@ static void async_cancel(USBPacket *unused, void *opaque)

 static int usb_host_claim_interfaces(USBHostDevice *dev, int configuration)
 {
-int dev_descr_len, config_descr_len;
+int dev_descr_len, config_descr_total_len;
 int interface, nb_interfaces;
 int ret, i;

@@ -297,32 +297,39 @@ static int usb_host_claim_interfaces(USBHostDevice *dev,
int configuration)

 DPRINTF(husb: claiming interfaces. config %d\n, configuration);

-i = 0;
 dev_descr_len = dev-descr[0];
-if (dev_descr_len  dev-descr_len) {
+if (dev_descr_len == 0x18  dev-descr[ 8] == 0x47  dev-descr[ 9] == 
0x46
+   dev-descr[10] == 0x00  dev-descr[11] == 
0x30)
+dev_descr_len = USB_DT_DEVICE_LEN; /* for buggy MX-950 remote reporting
len in hex */
+
+if (dev_descr_len  dev-descr_len || dev_descr_len  USB_DT_DEVICE_LEN ||
dev-descr[1] != USB_DT_DEVICE) {
+fprintf(stderr, husb: invalid device descriptor\n);
 goto fail;
 }

-i += dev_descr_len;
-while (i  dev-descr_len) {
+for (i = dev_descr_len; i  dev-descr_len; ) {
 DPRINTF(husb: i is %d, descr_len is %d, dl %d, dt %d\n,
 i, dev-descr_len,
dev-descr[i], dev-descr[i+1]);

-if (dev-descr[i+1] != USB_DT_CONFIG) {
-i += dev-descr[i];
-continue;
+if (dev-descr[i]  2) {
+fprintf(stderr, husb: invalid descriptor\n);
+goto fail;
 }
-config_descr_len = dev-descr[i];
+if (dev-descr[i+1] == USB_DT_CONFIG) {
+config_descr_total_len = dev-descr[i+2] + (dev-descr[i+3]  8);

-printf(husb: config #%d need %d\n, dev-descr[i + 5], configuration);
+printf(husb: config #%d need %d\n, dev-descr[i + 5], 
configuration);

-if (configuration  0 || configuration == dev-descr[i + 5]) {
-configuration = dev-descr[i + 5];
-break;
-}
+if (configuration  0 || configuration == dev-descr[i + 5]) {
+configuration = dev-descr[i + 5];
+break;
+}

-i += config_descr_len;
+i += config_descr_total_len;
+}
+else
+i += dev-descr[i];
 }

 if (i = dev-descr_len) {

Re: [Qemu-devel] Guest OS hangs on usb_add

2010-06-25 Thread TJ 

On 06/25/10 12:32, Gianni Tedesco wrote:
 A device MAY provide extended descriptors in 2 ways mentioned in the
 spec, but ISTR finding at least one device in the wild with standard
 descriptors extended which were not so much used by the host but by
 application software. So not sure about your patch, a quirks blacklist
 based on idDevice/idProduct might be the better fix here.

Makes sense. I should add vend/prod id check.

 However the more serious problem is spinning on zero length descriptor
 when truncated descriptors are not valid and zero length (in fact  2)
 is totally unacceptable. Following patch checks for truncation.

Gianni, Please check my later patch submitted last night. I basically did the
same thing you did, but with few differences:

- if descriptor size is  2, goto fail
- if the descriptor is USB_DT_CONFIG, we can skip through all the sub
descriptors using wTotalLength field.
- otherwise, simply skip it

One thing to also watch out for is the string descriptors. I might be wrong, but
it appears (from reading the doc) that string descriptors (at least for the
device descriptor) can be interspersed with the config descriptors, in which
case (config_descr_len  USB_DT_CONFIG_SIZE) without checking descriptor type
might unwittingly lead to failure.

-TJ

 diff --git a/hw/usb.h b/hw/usb.h
 index 00d2802..efd4a65 100644
 --- a/hw/usb.h
 +++ b/hw/usb.h
 @@ -117,6 +117,14 @@
  #define USB_DT_INTERFACE 0x04
  #define USB_DT_ENDPOINT  0x05
  
 +/*
 + * Descriptor sizes per descriptor type
 + */
 +#define USB_DT_DEVICE_SIZE   18
 +#define USB_DT_CONFIG_SIZE   9
 +#define USB_DT_INTERFACE_SIZE9
 +#define USB_DT_ENDPOINT_SIZE 7
 +
  #define USB_ENDPOINT_XFER_CONTROL0
  #define USB_ENDPOINT_XFER_ISOC   1
  #define USB_ENDPOINT_XFER_BULK   2
 diff --git a/usb-linux.c b/usb-linux.c
 index 88273ff..d259290 100644
 --- a/usb-linux.c
 +++ b/usb-linux.c
 @@ -299,7 +299,7 @@ static int usb_host_claim_interfaces(USBHostDevice *dev, 
 int configuration)
  
  i = 0;
  dev_descr_len = dev-descr[0];
 -if (dev_descr_len  dev-descr_len) {
 +if ( dev_descr_len  USB_DT_DEVICE_SIZE || dev_descr_len  
 dev-descr_len) {
  goto fail;
  }
  
 @@ -314,6 +314,8 @@ static int usb_host_claim_interfaces(USBHostDevice *dev, 
 int configuration)
  continue;
  }
  config_descr_len = dev-descr[i];
 +if ( config_descr_len  USB_DT_CONFIG_SIZE )
 +goto fail;
  
  printf(husb: config #%d need %d\n, dev-descr[i + 5], 
 configuration);

Re: [Qemu-devel] Guest OS hangs on usb_add

2010-06-24 Thread TJ 
On 06/24/10 13:59, David S. Ahern wrote:
 
 
 On 06/23/10 22:45, TJ wrote:

 -- Forwarded message --
 From: Timothy Jones one.timothy.jo...@gmail.com
 Date: Wed, Jun 23, 2010 at 9:07 PM
 Subject: Guest OS hangs on usb_add
 To: qemu-devel@nongnu.org


 With some digging around I found out that the qemu hangs in
 usb_host_claim_interfaces, which is caused by screwed up usb
 descriptor. The device reports the following:

 (gdb) p dev-descr_len
 $21 = 50
 (gdb) p /x dev-descr...@50
 $23 = {0x18, 0x1, 0x0, 0x1, 0xff, 0xff, 0xff, 0x8, 0x47, 0x46, 0x0,
 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x9, 0x2, 0x20,
  0x0, 0x1, 0x1, 0x0, 0x80, 0x19, 0x9, 0x4, 0x0, 0x0, 0x2, 0xff, 0xff,
 0xff, 0x0, 0x7, 0x5, 0x81, 0x2, 0x40, 0x0, 0x0,
  0x7, 0x5, 0x3, 0x2, 0x10, 0x0, 0x0}

 The first 0x18 (Device Descriptor bLength) is supposed to be decimal
 18, not hex! According to USB spec, if the device reports size greater
 than expected, the host is supposed ignore the extra bytes. So qemu
 behaves correctly here. However, with this length, the following
 Configuration Descriptor length falls on a 0x0 and so the qemu spins
 in an endless loop. (This is prolly something that should be detected
 and reported as error by qemu.)

 My question is: This 0x18 -- is this something that comes from the
 device itself (ie, firmware bug)? Or does it come from the USB
 subsystem?
 
 What kind of device is this?
 
 David
 

Universal Remote Control MX-950

http://www.universalremote.com/product_detail.php?model=35

-TJ

[Qemu-devel] Fwd: [PATCH] Guest OS hangs on usb_add

2010-06-24 Thread TJ 
This is a small patch to sligtly intelligentify usb device and
config descriptor parsing and to handle bug with certain usb
device reporting device desriptor length as 0x18 (instead of 18)
---
 hw/usb.h|5 +
 usb-linux.c |   36 +---
 2 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/hw/usb.h b/hw/usb.h
index 00d2802..5c3528f 100644
--- a/hw/usb.h
+++ b/hw/usb.h
@@ -117,6 +117,11 @@
 #define USB_DT_INTERFACE   0x04
 #define USB_DT_ENDPOINT0x05

+#define USB_DT_DEVICE_LEN  18
+#define USB_DT_CONFIG_LEN  9
+#define USB_DT_INTERFACE_LEN   9
+#define USB_DT_ENDPOINT_LEN7
+
 #define USB_ENDPOINT_XFER_CONTROL  0
 #define USB_ENDPOINT_XFER_ISOC 1
 #define USB_ENDPOINT_XFER_BULK 2
diff --git a/usb-linux.c b/usb-linux.c
index 88273ff..3ff0856 100644
--- a/usb-linux.c
+++ b/usb-linux.c
@@ -288,7 +288,7 @@ static void async_cancel(USBPacket *unused, void *opaque)

 static int usb_host_claim_interfaces(USBHostDevice *dev, int configuration)
 {
-int dev_descr_len, config_descr_len;
+int dev_descr_len, config_descr_total_len;
 int interface, nb_interfaces;
 int ret, i;

@@ -297,32 +297,38 @@ static int usb_host_claim_interfaces(USBHostDevice *dev,
int configuration)

 DPRINTF(husb: claiming interfaces. config %d\n, configuration);

-i = 0;
 dev_descr_len = dev-descr[0];
-if (dev_descr_len  dev-descr_len) {
+if (dev_descr_len == 0x18)
+dev_descr_len = USB_DT_DEVICE_LEN; /* for buggy device(s) reporting len
in hex */
+
+if (dev_descr_len  dev-descr_len || dev_descr_len  USB_DT_DEVICE_LEN ||
dev-descr[1] != USB_DT_DEVICE) {
+fprintf(stderr, husb: invalid device descriptor\n);
 goto fail;
 }

-i += dev_descr_len;
-while (i  dev-descr_len) {
+for (i = dev_descr_len; i  dev-descr_len; ) {
 DPRINTF(husb: i is %d, descr_len is %d, dl %d, dt %d\n,
 i, dev-descr_len,
dev-descr[i], dev-descr[i+1]);

-if (dev-descr[i+1] != USB_DT_CONFIG) {
-i += dev-descr[i];
-continue;
+if (dev-descr[i]  2) {
+fprintf(stderr, husb: invalid descriptor\n);
+goto fail;
 }
-config_descr_len = dev-descr[i];
+if (dev-descr[i+1] == USB_DT_CONFIG) {
+config_descr_total_len = dev-descr[i+2] + (dev-descr[i+3]  8);

-printf(husb: config #%d need %d\n, dev-descr[i + 5], configuration);
+printf(husb: config #%d need %d\n, dev-descr[i + 5], 
configuration);

-if (configuration  0 || configuration == dev-descr[i + 5]) {
-configuration = dev-descr[i + 5];
-break;
-}
+if (configuration  0 || configuration == dev-descr[i + 5]) {
+configuration = dev-descr[i + 5];
+break;
+}

-i += config_descr_len;
+i += config_descr_total_len;
+}
+else
+i += dev-descr[i];
 }

 if (i = dev-descr_len) {

Re: [Qemu-devel] Guest OS hangs on usb_add

2010-06-24 Thread TJ 
On 06/24/10 02:42, Markus Armbruster wrote:

 A botched up patch is often a pretty effective way to get somebody to
 fix the thing correctly.

OK, I gave it a shot and sent it to the list. Shoulda prolly added a disclaimer
in case it blows something up ;)

-TJ

[Qemu-devel] Guest OS hangs on usb_add

2010-06-23 Thread TJ 

 -- Forwarded message --
 From: Timothy Jones one.timothy.jo...@gmail.com
 Date: Wed, Jun 23, 2010 at 9:07 PM
 Subject: Guest OS hangs on usb_add
 To: qemu-devel@nongnu.org
 
 
 With some digging around I found out that the qemu hangs in
 usb_host_claim_interfaces, which is caused by screwed up usb
 descriptor. The device reports the following:
 
 (gdb) p dev-descr_len
 $21 = 50
 (gdb) p /x dev-descr...@50
 $23 = {0x18, 0x1, 0x0, 0x1, 0xff, 0xff, 0xff, 0x8, 0x47, 0x46, 0x0,
 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x9, 0x2, 0x20,
  0x0, 0x1, 0x1, 0x0, 0x80, 0x19, 0x9, 0x4, 0x0, 0x0, 0x2, 0xff, 0xff,
 0xff, 0x0, 0x7, 0x5, 0x81, 0x2, 0x40, 0x0, 0x0,
  0x7, 0x5, 0x3, 0x2, 0x10, 0x0, 0x0}
 
 The first 0x18 (Device Descriptor bLength) is supposed to be decimal
 18, not hex! According to USB spec, if the device reports size greater
 than expected, the host is supposed ignore the extra bytes. So qemu
 behaves correctly here. However, with this length, the following
 Configuration Descriptor length falls on a 0x0 and so the qemu spins
 in an endless loop. (This is prolly something that should be detected
 and reported as error by qemu.)
 
 My question is: This 0x18 -- is this something that comes from the
 device itself (ie, firmware bug)? Or does it come from the USB
 subsystem?
 
 I don't mind writing a small patch to make descriptor parsing a bit
 more intelligent, but I am very unfamiliar with the code, so I might
 botch things up. Or is the above data sufficient for one of the devs
 to take a look at the code and improve it?
 
 Thank you.
 
 -TJ
 

Here is small patch that fixed my problem.

In looking at the USB spec, it seems pretty clear cut about the whole
device/config/interface/endpoint descriptor hierarchy, so the
usb_host_claim_interfaces can be optimized instead of parsing through each
descriptor to skip through config descriptors using wTotalLength field. And
again, some checks can be done for descriptor types and/or sizes.

Just my 2 cents.

-TJ


--- hw/usb.h.orig   2010-06-23 22:55:27.649182672 -0400
+++ hw/usb.h2010-06-23 22:56:09.937910171 -0400
@@ -117,6 +117,8 @@
 #define USB_DT_INTERFACE   0x04
 #define USB_DT_ENDPOINT0x05
 
+#define USB_DT_DEVICE_LEN  18
+
 #define USB_ENDPOINT_XFER_CONTROL  0
 #define USB_ENDPOINT_XFER_ISOC 1
 #define USB_ENDPOINT_XFER_BULK 2
--- usb-linux.c.orig2010-06-23 22:56:23.191339634 -0400
+++ usb-linux.c 2010-06-24 00:08:19.437515669 -0400
@@ -299,6 +299,9 @@
 
 i = 0;
 dev_descr_len = dev-descr[0];
+if (dev_descr_len == 0x18)
+dev_descr_len = USB_DT_DEVICE_LEN; /* for buggy device(s) reporting 
len in hex */
+
 if (dev_descr_len  dev-descr_len) {
 goto fail;
 }

Re: [Qemu-devel] [RFC] linux-user (mostly syscall.c)

2007-11-03 Thread TJ 
I'm glad you posted about your efforts since I've also been working on
solving related x86_64 build warnings caused by 32-bit int to 64-bit
pointer conversions. 

warning: cast to pointer from integer of different size

There are a lot of these in syscall.c

I have in my drafts folder an RFC I was planning to post detailing the
issue (1,053 warnings in the x64_64 build) and how to resolve them -
some simply require a cast from abi_long/unit32_t to a larger integer
storage (same size as host-pointer-size) using the various pre-processor
macros and typedefs so the compiler can do implicit conversion from the
larger integer type to the pointer.

I'll post what I've written so far so it can be considered in
conjunction with your work.

The title is RFC: x86_64 Best way to fix 'cast to pointer from integer
of different size' problems?

TJ.

[Qemu-devel] RFC: x86_64 Best way to fix 'cast to pointer from integer of different size' problems?

2007-11-03 Thread TJ 
I'm building on x86_64 GNU/Linux. There are *lots* of (1053) compiler
warnings of the class:

warning: cast to pointer from integer of different size

caused by the various conversions to/from host-to-target pointer and int
types.

On x86 the warnings mostly don't occur. An easy way to get an idea of
the scale of the build problems is to review the Ubuntu build logs for
x86, x86_64, powerpc, and solaris (It's a 0.9.0 build and the solaris
build fails, but the x86_64 build log is clear although the line numbers
don't match CVS).

Fixing it looks to require a variety of fixes, from simple explicit
casts in-line, to some complicated review of multiple levels of macros
to decide where best to apply a fix.

I am aiming to work through all 1053 errors to classify the reasons for
them, and then work up a solution for each class.

If you could review the details here and provide useful feedback and
ides I'd be grateful. I don't want to redo work others are already doing
or go against some implicit techniques hidden in the macro nesting in
particular.

This should be considered alongside Thayne Harbaugh's post [RFC]
linux-user (mostly syscall.c).

Thanks

TJ.

--- specimen details ---

The first warning is also one of the most complex to unravel. It occurs
in  linux-user/syscall.c in functions

target_to_host_cmsg()
host_to_target_cmsg()

It is caused by use of the macro TARGET_CMSG_FIRSTHDR (which is a
reworking of the linux macro CMSG_FIRSTHDR defined in
sys/bits/socket.h):

static inline void target_to_host_cmsg(struct msghdr *msgh,
   struct target_msghdr *target_msgh) 
{
   struct target_cmsghdr *target_cmsg = TARGET_CMSG_FIRSTHDR(target_msgh);

The macro is defined thus:

linux-user/syscall_defs.h

#define TARGET_CMSG_FIRSTHDR(mhdr) \
 ((size_t) tswapl((mhdr)-msg_controllen) = sizeof (struct  
target_cmsghdr) \
 ? (struct target_cmsghdr *) tswapl((mhdr)-msg_control) : (struct 
target_cmsghdr *) NULL)

and the pre-processor generates:

 struct target_cmsghdr *target_cmsg = ((size_t) 
tswap32((target_msgh)-msg_controllen) = sizeof (struct target_cmsghdr) ? 
(struct target_cmsghdr *) tswap32((target_msgh)-msg_control) : (struct 
target_cmsghdr *) ((void *)0));

The issue is in the 'true' action:

 (struct target_cmsghdr *) tswap32((target_msgh)-msg_control)

and the fact that the macro wasn't designed to handle different pointer
sizes. In this case assigning a 32-bit unsigned int to a 64-bit pointer.

The variables are defined as:

linux-user/syscall_defs.h
struct target_msghdr { ...
 abi_long msg_control;

linux-user/qemu.h
#ifdef TARGET_ABI32
 typedef uint32_t abi_ulong;
 typedef int32_t abi_long;
 #define TARGET_ABI_BITS 32

and the 'tswap' function as:

cpu-all.h

static inline uint32_t tswap32(uint32_t s)
{
return s;
}

So the compiler assigns the 32-bit value returned by tswap32() to the 64-bit 
pointer 'target_cmsg'.

For this case it appears the 'pure' solution would be to use additional
macros along the lines of:

struct target_cmsghdr *target_cmsg = TARGET_TO_HOST_PTR( 
TARGET_CMSG_FIRSTHDR(target_msgh));

and define new macros along the lines of

TARGET_TO_HOST_PTR
HOST_TO_TARGET_PTR

The practical solution is to promote the 32-bit unsigned integer to a
64-bit unsigned integer (using a cast) and then let the compiler do
implicit conversion to a 64-bit pointer.

[Qemu-devel] [Patch] Auto-detect USB devfs in Linux

2007-11-02 Thread TJ 
Since Linux kernel 2.6.14 the USB device file-system has moved from
'/proc/bus/usb' to '/dev/bus/usb' but qemu has '/proc/bus/usb'
hard-coded in usb-linux.c

I explored the option of moving USBDEVFS_PATH to config.h but it would
require several additions to the configure script as well as the changes
to usb-linux.c

Therefore I have opted to detect which USB file-system is in use by
extending the error-detection in usb_host_scan() to first try 
'/dev/bus/usb' and if that fails, then try the pre-2.6.14
'/proc/bus/usb'.

The new code uses a (new) static char 'usb_devfs_path' set to the path
that works, and it is subsequently used in usb_host_device_open().

TJ.

Index: usb-linux.c
===
RCS file: /sources/qemu/qemu/usb-linux.c,v
retrieving revision 1.15
diff -u -r1.15 usb-linux.c
--- usb-linux.c 31 Oct 2007 00:27:50 -  1.15
+++ usb-linux.c 2 Nov 2007 11:31:57 -
@@ -52,7 +52,17 @@
 //#define DEBUG_ISOCH
 //#define USE_ASYNCIO
 
-#define USBDEVFS_PATH /proc/bus/usb
+/*
+ * TJ [EMAIL PROTECTED] 2007-11-02
+ * Now defaults to /dev/bus/usb/devices which was introduced into kernel 
version 2.6.14 with 
+ * commit fbf82fd2e1f4e679c60516d772d1862c941ca845 on Jul 31st 2005.
+ * 
+ * If the 'devices' file doesn't exist, code checks for the older 
/proc/bus/usb/devices
+ * before reporting an error.
+*/
+static unsigned char usb_devfs_path[64];
+#define USB_DEVFS_PATH_PRE_2_6_14 /proc/bus/usb
+#define USB_DEVFS_PATH /dev/bus/usb
 #define PRODUCT_NAME_SZ 32
 #define SIG_ISOCOMPLETE (SIGRTMIN+7)
 #define MAX_ENDPOINTS 16
@@ -614,7 +624,7 @@
  devname)  0)
 return NULL;
 
-snprintf(buf, sizeof(buf), USBDEVFS_PATH /%03d/%03d,
+snprintf(buf, sizeof(buf), %s/%03d/%03d, usb_devfs_path,
  bus_num, addr);
 fd = open(buf, O_RDWR | O_NONBLOCK);
 if (fd  0) {
@@ -737,11 +747,25 @@
 int bus_num, addr, speed, device_count, class_id, product_id, vendor_id;
 int ret;
 char product_name[512];
-
-f = fopen(USBDEVFS_PATH /devices, r);
+
+/* TJ [EMAIL PROTECTED] 2007-11-02
+ * Auto-detect USB devices file-system location
+ * pre 2.6.14 kernels used /proc/bus/usb
+ * Standard location is now /dev/bus/usb
+ * Retain correct location in static variable for use by 
usb_host_device_open()
+ */
+snprintf(usb_devfs_path, sizeof(usb_devfs_path), %s, USB_DEVFS_PATH);
+/* use buf temporarily to build path to devices file */
+snprintf(buf, sizeof(buf), %s/devices, usb_devfs_path);
+f = fopen(buf, r);
 if (!f) {
-term_printf(Could not open %s\n, USBDEVFS_PATH /devices);
-return 0;
+snprintf(usb_devfs_path, sizeof(usb_devfs_path), %s, 
USB_DEVFS_PATH_PRE_2_6_14);
+snprintf(buf, sizeof(buf), %s/devices, usb_devfs_path);
+f = fopen(buf, r);
+if (!f) {
+term_printf(Could not open USB devices file %s\n, buf);
+return 0;
+}
 }
 device_count = 0;
 bus_num = addr = speed = class_id = product_id = vendor_id = 0;