mips_mipssim: fix use-after-free for filename
[qemu-kvm.git] / spice-qemu-char.c
blob8106e063c031a254aef8166dd2976ff264d597f3
1 #include "config-host.h"
2 #include "trace.h"
3 #include "ui/qemu-spice.h"
4 #include "sysemu/char.h"
5 #include <spice.h>
6 #include <spice-experimental.h>
7 #include <spice/protocol.h>
9 #include "qemu/osdep.h"
11 typedef struct SpiceCharDriver {
12 CharDriverState* chr;
13 SpiceCharDeviceInstance sin;
14 bool active;
15 bool blocked;
16 const uint8_t *datapos;
17 int datalen;
18 QLIST_ENTRY(SpiceCharDriver) next;
19 } SpiceCharDriver;
21 typedef struct SpiceCharSource {
22 GSource source;
23 SpiceCharDriver *scd;
24 } SpiceCharSource;
26 static QLIST_HEAD(, SpiceCharDriver) spice_chars =
27 QLIST_HEAD_INITIALIZER(spice_chars);
29 static int vmc_write(SpiceCharDeviceInstance *sin, const uint8_t *buf, int len)
31 SpiceCharDriver *scd = container_of(sin, SpiceCharDriver, sin);
32 ssize_t out = 0;
33 ssize_t last_out;
34 uint8_t* p = (uint8_t*)buf;
36 while (len > 0) {
37 int can_write = qemu_chr_be_can_write(scd->chr);
38 last_out = MIN(len, can_write);
39 if (last_out <= 0) {
40 break;
42 qemu_chr_be_write(scd->chr, p, last_out);
43 out += last_out;
44 len -= last_out;
45 p += last_out;
48 trace_spice_vmc_write(out, len + out);
49 return out;
52 static int vmc_read(SpiceCharDeviceInstance *sin, uint8_t *buf, int len)
54 SpiceCharDriver *scd = container_of(sin, SpiceCharDriver, sin);
55 int bytes = MIN(len, scd->datalen);
57 if (bytes > 0) {
58 memcpy(buf, scd->datapos, bytes);
59 scd->datapos += bytes;
60 scd->datalen -= bytes;
61 assert(scd->datalen >= 0);
63 if (scd->datalen == 0) {
64 scd->datapos = 0;
65 scd->blocked = false;
67 trace_spice_vmc_read(bytes, len);
68 return bytes;
71 #if SPICE_SERVER_VERSION >= 0x000c02
72 static void vmc_event(SpiceCharDeviceInstance *sin, uint8_t event)
74 SpiceCharDriver *scd = container_of(sin, SpiceCharDriver, sin);
75 int chr_event;
77 switch (event) {
78 case SPICE_PORT_EVENT_BREAK:
79 chr_event = CHR_EVENT_BREAK;
80 break;
81 default:
82 return;
85 trace_spice_vmc_event(chr_event);
86 qemu_chr_be_event(scd->chr, chr_event);
88 #endif
90 static void vmc_state(SpiceCharDeviceInstance *sin, int connected)
92 SpiceCharDriver *scd = container_of(sin, SpiceCharDriver, sin);
94 if ((scd->chr->be_open && connected) ||
95 (!scd->chr->be_open && !connected)) {
96 return;
99 qemu_chr_be_event(scd->chr,
100 connected ? CHR_EVENT_OPENED : CHR_EVENT_CLOSED);
103 static SpiceCharDeviceInterface vmc_interface = {
104 .base.type = SPICE_INTERFACE_CHAR_DEVICE,
105 .base.description = "spice virtual channel char device",
106 .base.major_version = SPICE_INTERFACE_CHAR_DEVICE_MAJOR,
107 .base.minor_version = SPICE_INTERFACE_CHAR_DEVICE_MINOR,
108 .state = vmc_state,
109 .write = vmc_write,
110 .read = vmc_read,
111 #if SPICE_SERVER_VERSION >= 0x000c02
112 .event = vmc_event,
113 #endif
117 static void vmc_register_interface(SpiceCharDriver *scd)
119 if (scd->active) {
120 return;
122 scd->sin.base.sif = &vmc_interface.base;
123 qemu_spice_add_interface(&scd->sin.base);
124 scd->active = true;
125 trace_spice_vmc_register_interface(scd);
128 static void vmc_unregister_interface(SpiceCharDriver *scd)
130 if (!scd->active) {
131 return;
133 spice_server_remove_interface(&scd->sin.base);
134 scd->active = false;
135 trace_spice_vmc_unregister_interface(scd);
138 static gboolean spice_char_source_prepare(GSource *source, gint *timeout)
140 SpiceCharSource *src = (SpiceCharSource *)source;
142 *timeout = -1;
144 return !src->scd->blocked;
147 static gboolean spice_char_source_check(GSource *source)
149 SpiceCharSource *src = (SpiceCharSource *)source;
151 return !src->scd->blocked;
154 static gboolean spice_char_source_dispatch(GSource *source,
155 GSourceFunc callback, gpointer user_data)
157 GIOFunc func = (GIOFunc)callback;
159 return func(NULL, G_IO_OUT, user_data);
162 GSourceFuncs SpiceCharSourceFuncs = {
163 .prepare = spice_char_source_prepare,
164 .check = spice_char_source_check,
165 .dispatch = spice_char_source_dispatch,
168 static GSource *spice_chr_add_watch(CharDriverState *chr, GIOCondition cond)
170 SpiceCharDriver *scd = chr->opaque;
171 SpiceCharSource *src;
173 assert(cond == G_IO_OUT);
175 src = (SpiceCharSource *)g_source_new(&SpiceCharSourceFuncs,
176 sizeof(SpiceCharSource));
177 src->scd = scd;
179 return (GSource *)src;
182 static int spice_chr_write(CharDriverState *chr, const uint8_t *buf, int len)
184 SpiceCharDriver *s = chr->opaque;
185 int read_bytes;
187 assert(s->datalen == 0);
188 s->datapos = buf;
189 s->datalen = len;
190 spice_server_char_device_wakeup(&s->sin);
191 read_bytes = len - s->datalen;
192 if (read_bytes != len) {
193 /* We'll get passed in the unconsumed data with the next call */
194 s->datalen = 0;
195 s->datapos = NULL;
196 s->blocked = true;
198 return read_bytes;
201 static void spice_chr_close(struct CharDriverState *chr)
203 SpiceCharDriver *s = chr->opaque;
205 vmc_unregister_interface(s);
206 QLIST_REMOVE(s, next);
208 g_free((char *)s->sin.subtype);
209 #if SPICE_SERVER_VERSION >= 0x000c02
210 g_free((char *)s->sin.portname);
211 #endif
212 g_free(s);
215 static void spice_vmc_set_fe_open(struct CharDriverState *chr, int fe_open)
217 SpiceCharDriver *s = chr->opaque;
218 if (fe_open) {
219 vmc_register_interface(s);
220 } else {
221 vmc_unregister_interface(s);
225 static void spice_port_set_fe_open(struct CharDriverState *chr, int fe_open)
227 #if SPICE_SERVER_VERSION >= 0x000c02
228 SpiceCharDriver *s = chr->opaque;
230 if (fe_open) {
231 spice_server_port_event(&s->sin, SPICE_PORT_EVENT_OPENED);
232 } else {
233 spice_server_port_event(&s->sin, SPICE_PORT_EVENT_CLOSED);
235 #endif
238 static void spice_chr_fe_event(struct CharDriverState *chr, int event)
240 #if SPICE_SERVER_VERSION >= 0x000c02
241 SpiceCharDriver *s = chr->opaque;
243 spice_server_port_event(&s->sin, event);
244 #endif
247 static void print_allowed_subtypes(void)
249 const char** psubtype;
250 int i;
252 fprintf(stderr, "allowed names: ");
253 for(i=0, psubtype = spice_server_char_device_recognized_subtypes();
254 *psubtype != NULL; ++psubtype, ++i) {
255 if (i == 0) {
256 fprintf(stderr, "%s", *psubtype);
257 } else {
258 fprintf(stderr, ", %s", *psubtype);
261 fprintf(stderr, "\n");
264 static CharDriverState *chr_open(const char *subtype,
265 void (*set_fe_open)(struct CharDriverState *, int))
268 CharDriverState *chr;
269 SpiceCharDriver *s;
271 chr = qemu_chr_alloc();
272 s = g_malloc0(sizeof(SpiceCharDriver));
273 s->chr = chr;
274 s->active = false;
275 s->sin.subtype = g_strdup(subtype);
276 chr->opaque = s;
277 chr->chr_write = spice_chr_write;
278 chr->chr_add_watch = spice_chr_add_watch;
279 chr->chr_close = spice_chr_close;
280 chr->chr_set_fe_open = set_fe_open;
281 chr->explicit_be_open = true;
282 chr->chr_fe_event = spice_chr_fe_event;
284 QLIST_INSERT_HEAD(&spice_chars, s, next);
286 return chr;
289 CharDriverState *qemu_chr_open_spice_vmc(const char *type)
291 const char **psubtype = spice_server_char_device_recognized_subtypes();
293 if (type == NULL) {
294 fprintf(stderr, "spice-qemu-char: missing name parameter\n");
295 print_allowed_subtypes();
296 return NULL;
298 for (; *psubtype != NULL; ++psubtype) {
299 if (strcmp(type, *psubtype) == 0) {
300 break;
303 if (*psubtype == NULL) {
304 fprintf(stderr, "spice-qemu-char: unsupported type: %s\n", type);
305 print_allowed_subtypes();
306 return NULL;
309 return chr_open(type, spice_vmc_set_fe_open);
312 #if SPICE_SERVER_VERSION >= 0x000c02
313 CharDriverState *qemu_chr_open_spice_port(const char *name)
315 CharDriverState *chr;
316 SpiceCharDriver *s;
318 if (name == NULL) {
319 fprintf(stderr, "spice-qemu-char: missing name parameter\n");
320 return NULL;
323 chr = chr_open("port", spice_port_set_fe_open);
324 s = chr->opaque;
325 s->sin.portname = g_strdup(name);
327 return chr;
330 void qemu_spice_register_ports(void)
332 SpiceCharDriver *s;
334 QLIST_FOREACH(s, &spice_chars, next) {
335 if (s->sin.portname == NULL) {
336 continue;
338 vmc_register_interface(s);
341 #endif
343 static void qemu_chr_parse_spice_vmc(QemuOpts *opts, ChardevBackend *backend,
344 Error **errp)
346 const char *name = qemu_opt_get(opts, "name");
348 if (name == NULL) {
349 error_setg(errp, "chardev: spice channel: no name given");
350 return;
352 backend->spicevmc = g_new0(ChardevSpiceChannel, 1);
353 backend->spicevmc->type = g_strdup(name);
356 static void qemu_chr_parse_spice_port(QemuOpts *opts, ChardevBackend *backend,
357 Error **errp)
359 const char *name = qemu_opt_get(opts, "name");
361 if (name == NULL) {
362 error_setg(errp, "chardev: spice port: no name given");
363 return;
365 backend->spiceport = g_new0(ChardevSpicePort, 1);
366 backend->spiceport->fqdn = g_strdup(name);
369 static void register_types(void)
371 register_char_driver("spicevmc", CHARDEV_BACKEND_KIND_SPICEVMC,
372 qemu_chr_parse_spice_vmc);
373 register_char_driver("spiceport", CHARDEV_BACKEND_KIND_SPICEPORT,
374 qemu_chr_parse_spice_port);
377 type_init(register_types);