virtio-blk: fix out-of-bounds access to bitmap in notify_guest_bh
[qemu/kevin.git] / backends / rng-egd.c
blobe3805194088c4d6ab81443b0a73bbd43fb198362
1 /*
2 * QEMU Random Number Generator Backend
4 * Copyright IBM, Corp. 2012
6 * Authors:
7 * Anthony Liguori <aliguori@us.ibm.com>
9 * This work is licensed under the terms of the GNU GPL, version 2 or later.
10 * See the COPYING file in the top-level directory.
13 #include "qemu/osdep.h"
14 #include "sysemu/rng.h"
15 #include "chardev/char-fe.h"
16 #include "qapi/error.h"
17 #include "qapi/qmp/qerror.h"
18 #include "qemu/module.h"
20 #define TYPE_RNG_EGD "rng-egd"
21 #define RNG_EGD(obj) OBJECT_CHECK(RngEgd, (obj), TYPE_RNG_EGD)
23 typedef struct RngEgd
25 RngBackend parent;
27 CharBackend chr;
28 char *chr_name;
29 } RngEgd;
31 static void rng_egd_request_entropy(RngBackend *b, RngRequest *req)
33 RngEgd *s = RNG_EGD(b);
34 size_t size = req->size;
36 while (size > 0) {
37 uint8_t header[2];
38 uint8_t len = MIN(size, 255);
40 /* synchronous entropy request */
41 header[0] = 0x02;
42 header[1] = len;
44 /* XXX this blocks entire thread. Rewrite to use
45 * qemu_chr_fe_write and background I/O callbacks */
46 qemu_chr_fe_write_all(&s->chr, header, sizeof(header));
48 size -= len;
52 static int rng_egd_chr_can_read(void *opaque)
54 RngEgd *s = RNG_EGD(opaque);
55 RngRequest *req;
56 int size = 0;
58 QSIMPLEQ_FOREACH(req, &s->parent.requests, next) {
59 size += req->size - req->offset;
62 return size;
65 static void rng_egd_chr_read(void *opaque, const uint8_t *buf, int size)
67 RngEgd *s = RNG_EGD(opaque);
68 size_t buf_offset = 0;
70 while (size > 0 && !QSIMPLEQ_EMPTY(&s->parent.requests)) {
71 RngRequest *req = QSIMPLEQ_FIRST(&s->parent.requests);
72 int len = MIN(size, req->size - req->offset);
74 memcpy(req->data + req->offset, buf + buf_offset, len);
75 buf_offset += len;
76 req->offset += len;
77 size -= len;
79 if (req->offset == req->size) {
80 req->receive_entropy(req->opaque, req->data, req->size);
82 rng_backend_finalize_request(&s->parent, req);
87 static void rng_egd_opened(RngBackend *b, Error **errp)
89 RngEgd *s = RNG_EGD(b);
90 Chardev *chr;
92 if (s->chr_name == NULL) {
93 error_setg(errp, QERR_INVALID_PARAMETER_VALUE,
94 "chardev", "a valid character device");
95 return;
98 chr = qemu_chr_find(s->chr_name);
99 if (chr == NULL) {
100 error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
101 "Device '%s' not found", s->chr_name);
102 return;
104 if (!qemu_chr_fe_init(&s->chr, chr, errp)) {
105 return;
108 /* FIXME we should resubmit pending requests when the CDS reconnects. */
109 qemu_chr_fe_set_handlers(&s->chr, rng_egd_chr_can_read,
110 rng_egd_chr_read, NULL, NULL, s, NULL, true);
113 static void rng_egd_set_chardev(Object *obj, const char *value, Error **errp)
115 RngBackend *b = RNG_BACKEND(obj);
116 RngEgd *s = RNG_EGD(b);
118 if (b->opened) {
119 error_setg(errp, QERR_PERMISSION_DENIED);
120 } else {
121 g_free(s->chr_name);
122 s->chr_name = g_strdup(value);
126 static char *rng_egd_get_chardev(Object *obj, Error **errp)
128 RngEgd *s = RNG_EGD(obj);
129 Chardev *chr = qemu_chr_fe_get_driver(&s->chr);
131 if (chr && chr->label) {
132 return g_strdup(chr->label);
135 return NULL;
138 static void rng_egd_init(Object *obj)
140 object_property_add_str(obj, "chardev",
141 rng_egd_get_chardev, rng_egd_set_chardev,
142 NULL);
145 static void rng_egd_finalize(Object *obj)
147 RngEgd *s = RNG_EGD(obj);
149 qemu_chr_fe_deinit(&s->chr, false);
150 g_free(s->chr_name);
153 static void rng_egd_class_init(ObjectClass *klass, void *data)
155 RngBackendClass *rbc = RNG_BACKEND_CLASS(klass);
157 rbc->request_entropy = rng_egd_request_entropy;
158 rbc->opened = rng_egd_opened;
161 static const TypeInfo rng_egd_info = {
162 .name = TYPE_RNG_EGD,
163 .parent = TYPE_RNG_BACKEND,
164 .instance_size = sizeof(RngEgd),
165 .class_init = rng_egd_class_init,
166 .instance_init = rng_egd_init,
167 .instance_finalize = rng_egd_finalize,
170 static void register_types(void)
172 type_register_static(&rng_egd_info);
175 type_init(register_types);