From patchwork Mon Apr 4 10:51:47 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Michael S. Tsirkin" X-Patchwork-Id: 8739871 Return-Path: X-Original-To: patchwork-qemu-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 34C9A9F38C for ; Mon, 4 Apr 2016 10:52:07 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 47D6A20279 for ; Mon, 4 Apr 2016 10:52:06 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 66F1D20259 for ; Mon, 4 Apr 2016 10:52:03 +0000 (UTC) Received: from localhost ([::1]:57826 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1an270-0003se-Li for patchwork-qemu-devel@patchwork.kernel.org; Mon, 04 Apr 2016 06:52:02 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:55908) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1an26s-0003sZ-TO for qemu-devel@nongnu.org; Mon, 04 Apr 2016 06:51:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1an26p-0006zM-Jv for qemu-devel@nongnu.org; Mon, 04 Apr 2016 06:51:54 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50630) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1an26p-0006yX-Bf for qemu-devel@nongnu.org; Mon, 04 Apr 2016 06:51:51 -0400 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9516564381; Mon, 4 Apr 2016 10:51:50 +0000 (UTC) Received: from redhat.com (vpn1-7-51.ams2.redhat.com [10.36.7.51]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with SMTP id u34AplPJ017228; Mon, 4 Apr 2016 06:51:48 -0400 Date: Mon, 4 Apr 2016 13:51:47 +0300 From: "Michael S. Tsirkin" To: qemu-devel@nongnu.org Message-ID: <1459767028-28966-1-git-send-email-mst@redhat.com> MIME-Version: 1.0 Content-Disposition: inline X-Mutt-Fcc: =sent X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Mon, 04 Apr 2016 10:51:50 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Cc: Paolo Bonzini , "Gabriel L . Somlo" , Laszlo Ersek , Gerd Hoffmann , Markus Armbruster Subject: [Qemu-devel] [PATCH] fw_cfg: RQFN rules, documentation X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This requires that all -fw_cfg command line users use names of the form opt/RQFN/: such names are compatible with QEMU 2.4 and 2.5 as well as future QEMU versions. As ability to insert fw_cfg entries in QEMU root is useful for firmware development, add a special prefix: unsupported/root/ that allows that, while making sure users are aware it's unsupported. Cc: Gerd Hoffmann Cc: Gabriel L. Somlo Cc: Laszlo Ersek Cc: Markus Armbruster Signed-off-by: Michael S. Tsirkin --- This summarizes the discussions we had on list. vl.c | 40 ++++++++++++++++++++++++++++++++++++---- docs/specs/fw_cfg.txt | 34 +++++++++++++++++----------------- qemu-options.hx | 38 +++++++++++++++++++++++++++++++++----- 3 files changed, 86 insertions(+), 26 deletions(-) diff --git a/vl.c b/vl.c index 2200e62..af9c9d6 100644 --- a/vl.c +++ b/vl.c @@ -2296,8 +2296,10 @@ static int parse_fw_cfg(void *opaque, QemuOpts *opts, Error **errp) { gchar *buf; size_t size; - const char *name, *file, *str; + const char *name, *file, *str, *slash, *dot; FWCfgState *fw_cfg = (FWCfgState *) opaque; + const char qemu_prefix[] = "opt/org.qemu"; + const char unsupported_root_prefix[] = "unsupported/root/"; if (fw_cfg == NULL) { error_report("fw_cfg device not available"); @@ -2320,9 +2322,39 @@ static int parse_fw_cfg(void *opaque, QemuOpts *opts, Error **errp) error_report("name too long (max. %d char)", FW_CFG_MAX_FILE_PATH - 1); return -1; } - if (strncmp(name, "opt/", 4) != 0) { - error_report("warning: externally provided fw_cfg item names " - "should be prefixed with \"opt/\""); + /* + * Look for and strip unsupported_root_prefix, which is useful for firmware + * development, but warn users. + */ + if (!strncmp(name, unsupported_root_prefix, strlen(unsupported_root_prefix))) { + error_report("warning: removing prefix \"%s\". " + "Guest or QEMU may crash. " + "Names must be prefixed with \"opt/RQFN/\"", + unsupported_root_prefix); + name += strlen(unsupported_root_prefix); + if (!(nonempty_str(name))) { + error_report("invalid argument(s)"); + return -1; + } + } else { + /* + * Don't attempt to validate a valid RQFN in name, as that's not easy: + * we do validate that it includes '.' . + */ + if (strncmp(name, "opt/", 4) || + !((dot = strchr(name + 4, '.'))) || + !((slash = strchr(name + 4, '/'))) || + dot > slash) { + error_report("error: externally provided fw_cfg item names " + "must be prefixed with \"opt/RQFN/\""); + return -1; + } + if (!strncmp(name, qemu_prefix, strlen(qemu_prefix))) { + error_report("error: externally provided fw_cfg item names " + "must not use the reserved prefix \"%s\"", + qemu_prefix); + return -1; + } } if (nonempty_str(str)) { size = strlen(str); /* NUL terminator NOT included in fw_cfg blob */ diff --git a/docs/specs/fw_cfg.txt b/docs/specs/fw_cfg.txt index 5414140..83b5e80 100644 --- a/docs/specs/fw_cfg.txt +++ b/docs/specs/fw_cfg.txt @@ -210,29 +210,29 @@ the following syntax: -fw_cfg [name=],file= -where is the fw_cfg item name, and is the location -on the host file system of a file containing the data to be inserted. - -Small enough items may be provided directly as strings on the command -line, using the syntax: +Or -fw_cfg [name=],string= -The terminating NUL character of the content will NOT be -included as part of the fw_cfg item data, which is consistent with -the absence of a NUL terminator for items inserted via the file option. +See QEMU man page for more documentation. -Both and, if applicable, the content are passed -through by QEMU without any interpretation, expansion, or further -processing. Any such processing (potentially performed e.g., by the shell) -is outside of QEMU's responsibility; as such, using plain ASCII characters -is recommended. +Using item_name with plain ASCII characters only is recommended. -NOTE: Users *SHOULD* choose item names beginning with the prefix "opt/" +Users MUST choose item names beginning with the prefix "opt/RQFN/" when using the "-fw_cfg" command line option, to avoid conflicting with -item names used internally by QEMU. For instance: +item names used internally by QEMU, or by firmware. For instance: - -fw_cfg name=opt/my_item_name,file=./my_blob.bin + -fw_cfg name=opt/com.my_company/guestagent/guestblob,file=./my_blob.bin -Similarly, QEMU developers *SHOULD NOT* use item names prefixed with +Similarly, QEMU developers MUST NOT use item names prefixed with "opt/" when inserting items programmatically, e.g. via fw_cfg_add_file(). + +For historical reasons "opt/ovmf/" is reserved for use with the OVMF firmware. + +To simplify guest firmware development, the prefix +unsupported/root/ is automatically stripped from paths, which +allows creating fw_cfg files in the root QEMU directory. This interface is +strictly for use by developers, its use can cause guest or QEMU crashes, is +unsupported and can be removed at any point. + +Any use of the prefix "opt/org.qemu/" is reserved for future use. diff --git a/qemu-options.hx b/qemu-options.hx index a770086..1af28ac 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -2860,18 +2860,46 @@ ETEXI DEF("fw_cfg", HAS_ARG, QEMU_OPTION_fwcfg, "-fw_cfg [name=],file=\n" - " add named fw_cfg entry from file\n" + " add named fw_cfg entry with content from file\n" "-fw_cfg [name=],string=\n" - " add named fw_cfg entry from string\n", + " add named fw_cfg entry with content from string\n", QEMU_ARCH_ALL) STEXI + @item -fw_cfg [name=]@var{name},file=@var{file} @findex -fw_cfg -Add named fw_cfg entry from file. @var{name} determines the name of -the entry in the fw_cfg file directory exposed to the guest. +Add named fw_cfg entry with content from file @var{file}. @item -fw_cfg [name=]@var{name},string=@var{str} -Add named fw_cfg entry from string. +Add named fw_cfg entry with content from string @var{str}, up to the first NUL character. + +The terminating NUL character of the content @var{str} will NOT be +included as part of the fw_cfg item data. To insert content including +the NUL character, store it in file and insert the item via +the @var{file} option. + +Both the name and the content are passed by QEMU through to the guest, where: +@table @option +@item @var{name} determines the name of the entry in the fw_cfg file directory exposed to the guest. + +@var{name} must be in the format opt/RQFN/. + +Any processing of @var{name} values (potentially performed e.g., by the shell) +is outside of QEMU's responsibility; as such, using plain ASCII characters is +recommended. +@end table + +Example: +@example + -fw_cfg opt/com.mycompany/guestagent/guestblob,file=./my_blob.bin +@end example + +To simplify guest firmware development, the prefix +unsupported/root/ is automatically stripped from paths, which +allows creating fw_cfg files in the root QEMU directory. This interface is +strictly for use by developers, its use can cause Guest or QEMU crashes, is +unsupported and can be removed at any point. + ETEXI DEF("serial", HAS_ARG, QEMU_OPTION_serial, \