From 4ada7c25949ce56d9e903f450c100913e11c620d Mon Sep 17 00:00:00 2001 From: Alon Levy Date: Sun, 24 Jul 2011 16:34:18 -0300 Subject: [RHEL6 qemu-kvm PATCH 37/65] qxl: error handling fixes and cleanups. RH-Author: Alon Levy Message-id: <1311525266-12705-9-git-send-email-alevy@redhat.com> Patchwork-id: 30250 O-Subject: [PATCH RHEL6.2 08/16] qxl: error handling fixes and cleanups. Bugzilla: 700134 RH-Acked-by: Gerd Hoffmann RH-Acked-by: Yonit Halperin RH-Acked-by: Arnon Gilboa From: Gerd Hoffmann Add qxl_guest_bug() function which is supposed to be called in case sanity checks of guest requests fail. It raises an error IRQ and logs a message in case guest debugging is enabled. Make PANIC_ON() abort instead of exit. That macro should be used for qemu bugs only, any guest-triggerable stuff should use the new qxl_guest_bug() function instead. Convert a few easy cases from PANIC_ON() to qxl_guest_bug() to show intended usage. Signed-off-by: Gerd Hoffmann upstream: http://patchwork.ozlabs.org/patch/105612/ acked, slated for 0.16.0 --- hw/qxl.c | 34 ++++++++++++++++++++++++++++++---- hw/qxl.h | 3 ++- 2 files changed, 32 insertions(+), 5 deletions(-) Signed-off-by: Eduardo Habkost --- hw/qxl.c | 34 ++++++++++++++++++++++++++++++---- hw/qxl.h | 3 ++- 2 files changed, 32 insertions(+), 5 deletions(-) diff --git a/hw/qxl.c b/hw/qxl.c index 31c613a..4613f98 100644 --- a/hw/qxl.c +++ b/hw/qxl.c @@ -125,6 +125,16 @@ static void qxl_reset_memslots(PCIQXLDevice *d); static void qxl_reset_surfaces(PCIQXLDevice *d); static void qxl_ring_set_dirty(PCIQXLDevice *qxl); +void qxl_guest_bug(PCIQXLDevice *qxl, const char *msg) +{ +#if SPICE_INTERFACE_QXL_MINOR >= 1 + qxl_send_events(qxl, QXL_INTERRUPT_ERROR); +#endif + if (qxl->guestdebug) { + fprintf(stderr, "qxl-%d: guest bug: %s\n", qxl->id, msg); + } +} + void qxl_spice_update_area(PCIQXLDevice *qxl, uint32_t surface_id, struct QXLRect *area, struct QXLRect *dirty_rects, @@ -1088,22 +1098,38 @@ static void ioport_write(void *opaque, uint32_t addr, uint32_t val) qxl_hard_reset(d, 0); break; case QXL_IO_MEMSLOT_ADD: - PANIC_ON(val >= NUM_MEMSLOTS); - PANIC_ON(d->guest_slots[val].active); + if (val >= NUM_MEMSLOTS) { + qxl_guest_bug(d, "QXL_IO_MEMSLOT_ADD: val out of range"); + break; + } + if (d->guest_slots[val].active) { + qxl_guest_bug(d, "QXL_IO_MEMSLOT_ADD: memory slot already active"); + break; + } d->guest_slots[val].slot = d->ram->mem_slot; qxl_add_memslot(d, val, 0); break; case QXL_IO_MEMSLOT_DEL: + if (val >= NUM_MEMSLOTS) { + qxl_guest_bug(d, "QXL_IO_MEMSLOT_DEL: val out of range"); + break; + } qxl_del_memslot(d, val); break; case QXL_IO_CREATE_PRIMARY: - PANIC_ON(val != 0); + if (val != 0) { + qxl_guest_bug(d, "QXL_IO_CREATE_PRIMARY: val != 0"); + break; + } dprint(d, 1, "QXL_IO_CREATE_PRIMARY\n"); d->guest_primary.surface = d->ram->create_surface; qxl_create_guest_primary(d, 0); break; case QXL_IO_DESTROY_PRIMARY: - PANIC_ON(val != 0); + if (val != 0) { + qxl_guest_bug(d, "QXL_IO_DESTROY_PRIMARY: val != 0"); + break; + } dprint(d, 1, "QXL_IO_DESTROY_PRIMARY (%s)\n", qxl_mode_to_string(d->mode)); qxl_destroy_primary(d); break; diff --git a/hw/qxl.h b/hw/qxl.h index a47f5af..d71b079 100644 --- a/hw/qxl.h +++ b/hw/qxl.h @@ -86,7 +86,7 @@ typedef struct PCIQXLDevice { #define PANIC_ON(x) if ((x)) { \ printf("%s: PANIC %s failed\n", __FUNCTION__, #x); \ - exit(-1); \ + abort(); \ } #define dprint(_qxl, _level, _fmt, ...) \ @@ -99,6 +99,7 @@ typedef struct PCIQXLDevice { /* qxl.c */ void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL phys, int group_id); +void qxl_guest_bug(PCIQXLDevice *qxl, const char *msg); void qxl_spice_update_area(PCIQXLDevice *qxl, uint32_t surface_id, struct QXLRect *area, struct QXLRect *dirty_rects, -- 1.7.3.2