Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch
diff options
context:
space:
mode:
Diffstat (limited to 'app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch')
-rw-r--r--app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch179
1 files changed, 179 insertions, 0 deletions
diff --git a/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch
new file mode 100644
index 000000000000..ca9340a471d7
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch
@@ -0,0 +1,179 @@
+From 60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 Mon Sep 17 00:00:00 2001
+From: Ladi Prosek <lprosek@redhat.com>
+Date: Thu, 3 Mar 2016 09:37:18 +0100
+Subject: [PATCH] rng: add request queue support to rng-random
+
+Requests are now created in the RngBackend parent class and the
+code path is shared by both rng-egd and rng-random.
+
+This commit fixes the rng-random implementation which processed
+only one request at a time and simply discarded all but the most
+recent one. In the guest this manifested as delayed completion
+of reads from virtio-rng, i.e. a read was completed only after
+another read was issued.
+
+By switching rng-random to use the same request queue as rng-egd,
+the unsafe stack-based allocation of the entropy buffer is
+eliminated and replaced with g_malloc.
+
+Signed-off-by: Ladi Prosek <lprosek@redhat.com>
+Reviewed-by: Amit Shah <amit.shah@redhat.com>
+Message-Id: <1456994238-9585-5-git-send-email-lprosek@redhat.com>
+Signed-off-by: Amit Shah <amit.shah@redhat.com>
+---
+ backends/rng-egd.c | 16 ++--------------
+ backends/rng-random.c | 43 +++++++++++++++++++------------------------
+ backends/rng.c | 13 ++++++++++++-
+ include/sysemu/rng.h | 3 +--
+ 4 files changed, 34 insertions(+), 41 deletions(-)
+
+diff --git a/backends/rng-egd.c b/backends/rng-egd.c
+index 8f2bd16..30332ed 100644
+--- a/backends/rng-egd.c
++++ b/backends/rng-egd.c
+@@ -27,20 +27,10 @@ typedef struct RngEgd
+ char *chr_name;
+ } RngEgd;
+
+-static void rng_egd_request_entropy(RngBackend *b, size_t size,
+- EntropyReceiveFunc *receive_entropy,
+- void *opaque)
++static void rng_egd_request_entropy(RngBackend *b, RngRequest *req)
+ {
+ RngEgd *s = RNG_EGD(b);
+- RngRequest *req;
+-
+- req = g_malloc(sizeof(*req));
+-
+- req->offset = 0;
+- req->size = size;
+- req->receive_entropy = receive_entropy;
+- req->opaque = opaque;
+- req->data = g_malloc(req->size);
++ size_t size = req->size;
+
+ while (size > 0) {
+ uint8_t header[2];
+@@ -54,8 +44,6 @@ static void rng_egd_request_entropy(RngBackend *b, size_t size,
+
+ size -= len;
+ }
+-
+- s->parent.requests = g_slist_append(s->parent.requests, req);
+ }
+
+ static int rng_egd_chr_can_read(void *opaque)
+diff --git a/backends/rng-random.c b/backends/rng-random.c
+index 8cdad6a..a6cb385 100644
+--- a/backends/rng-random.c
++++ b/backends/rng-random.c
+@@ -22,10 +22,6 @@ struct RndRandom
+
+ int fd;
+ char *filename;
+-
+- EntropyReceiveFunc *receive_func;
+- void *opaque;
+- size_t size;
+ };
+
+ /**
+@@ -38,36 +34,35 @@ struct RndRandom
+ static void entropy_available(void *opaque)
+ {
+ RndRandom *s = RNG_RANDOM(opaque);
+- uint8_t buffer[s->size];
+- ssize_t len;
+
+- len = read(s->fd, buffer, s->size);
+- if (len < 0 && errno == EAGAIN) {
+- return;
+- }
+- g_assert(len != -1);
++ while (s->parent.requests != NULL) {
++ RngRequest *req = s->parent.requests->data;
++ ssize_t len;
++
++ len = read(s->fd, req->data, req->size);
++ if (len < 0 && errno == EAGAIN) {
++ return;
++ }
++ g_assert(len != -1);
+
+- s->receive_func(s->opaque, buffer, len);
+- s->receive_func = NULL;
++ req->receive_entropy(req->opaque, req->data, len);
+
++ rng_backend_finalize_request(&s->parent, req);
++ }
++
++ /* We've drained all requests, the fd handler can be reset. */
+ qemu_set_fd_handler(s->fd, NULL, NULL, NULL);
+ }
+
+-static void rng_random_request_entropy(RngBackend *b, size_t size,
+- EntropyReceiveFunc *receive_entropy,
+- void *opaque)
++static void rng_random_request_entropy(RngBackend *b, RngRequest *req)
+ {
+ RndRandom *s = RNG_RANDOM(b);
+
+- if (s->receive_func) {
+- s->receive_func(s->opaque, NULL, 0);
++ if (s->parent.requests == NULL) {
++ /* If there are no pending requests yet, we need to
++ * install our fd handler. */
++ qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
+ }
+-
+- s->receive_func = receive_entropy;
+- s->opaque = opaque;
+- s->size = size;
+-
+- qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
+ }
+
+ static void rng_random_opened(RngBackend *b, Error **errp)
+diff --git a/backends/rng.c b/backends/rng.c
+index 014cb9d..277a41b 100644
+--- a/backends/rng.c
++++ b/backends/rng.c
+@@ -20,9 +20,20 @@ void rng_backend_request_entropy(RngBackend *s, size_t size,
+ void *opaque)
+ {
+ RngBackendClass *k = RNG_BACKEND_GET_CLASS(s);
++ RngRequest *req;
+
+ if (k->request_entropy) {
+- k->request_entropy(s, size, receive_entropy, opaque);
++ req = g_malloc(sizeof(*req));
++
++ req->offset = 0;
++ req->size = size;
++ req->receive_entropy = receive_entropy;
++ req->opaque = opaque;
++ req->data = g_malloc(req->size);
++
++ k->request_entropy(s, req);
++
++ s->requests = g_slist_append(s->requests, req);
+ }
+ }
+
+diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
+index 08a2eda..4fffd68 100644
+--- a/include/sysemu/rng.h
++++ b/include/sysemu/rng.h
+@@ -45,8 +45,7 @@ struct RngBackendClass
+ {
+ ObjectClass parent_class;
+
+- void (*request_entropy)(RngBackend *s, size_t size,
+- EntropyReceiveFunc *receive_entropy, void *opaque);
++ void (*request_entropy)(RngBackend *s, RngRequest *req);
+
+ void (*opened)(RngBackend *s, Error **errp);
+ };
+--
+2.7.4
+