Commit Graph

63798 Commits

Author SHA1 Message Date
Pavel Zbitskiy
e1db291b9b target/s390x: add BAL and BALR instructions
These instructions are provided for compatibility purposes and are
used only by old software, in the new code BAS and BASR are preferred.
The difference between the old and new instruction exists only in the
24-bit mode.

In addition, fix BAS polluting high 32 bits of the first operand in
24- and 31-bit addressing modes.

Signed-off-by: Pavel Zbitskiy <pavel.zbitskiy@gmail.com>
Message-Id: <20180821025104.19604-3-pavel.zbitskiy@gmail.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-08-28 17:37:01 +02:00
Pavel Zbitskiy
276ba120ed tests/tcg: add a simple s390x test
Copied from alpha.

Signed-off-by: Pavel Zbitskiy <pavel.zbitskiy@gmail.com>
Message-Id: <20180821025104.19604-2-pavel.zbitskiy@gmail.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2018-08-28 17:37:01 +02:00
Greg Kurz
bc9b1f10f2 spapr_pci: fix potential NULL pointer dereference
Commit 2c88b098e7 added a call to SPAPR_MACHINE_GET_CLASS(spapr) in
spapr_phb_realize() before we check spapr isn't NULL. This causes QEMU
to crash when starting a non-pseries machine with a sPAPR PHB.

This could be fixed by setting the smc variable after the null check,
but it seems more explicit to use a ternary operator to skip the call
to SPAPR_MACHINE_GET_CLASS() if spapr is NULL, since spapr_phb_realize()
will return immediately in this case.

This was reported by Coverity (CID 1395170 and 1395183).

Fixes: 2c88b098e7
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-08-28 11:31:23 +10:00
Emilio G. Cota
eceba3477e spapr: fix leak of rev array
Introduced in 04d595b300 ("spapr: do not use CPU_FOREACH_REVERSE",
2018-08-23)

Fixes: CID1395181
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-08-28 11:31:23 +10:00
Thomas Huth
a69dc537cc ppc: Remove deprecated ppcemb target
There is no known available OS for ppc around anymore that uses page
sizes below 4k, so it does not make much sense that we keep wasting
our time on building and testing the ppcemb-softmmu target. It has
been deprecated since two releases, and nobody complained, so let's
remove this now.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2018-08-28 11:31:23 +10:00
Peter Maydell
19b599f766 Error reporting patches for 2018-08-27
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbg/oXAAoJEDhwtADrkYZT/nIP/1FQmbwvNEhB/oUcd+1H7Mq+
 hRggU9Ool5hjY5c2D/cFS126KOo6LNQhHRqjjMHXubKmWZpZPUc7Kz83zc/jgUvg
 EntekCPYVtBdrygOB9zr+3csVaQJvN1NevpQFl3vYrxsCs0GWN2Gwu2CLhDa6G9/
 uAw6qxiGhfYJJM7ZCOFNY0tQQgiA3nInr0NYWrczCGuDTPk6G6orF44Hn7fqud6v
 QxxCqqIUIDYg7BFzNMgPd9BihTs5u0+z1GCcCow9P9zioBytvFb3ucrbl5npa76c
 Wi5OCSt/WLrFLQkRwKtwijUZI6PAg4rKkPq0EK8LjE72r2huysYB/2avY0stPtaH
 tUeG7aTZ+301/SZwh00Is1s6yDp00FVBwAzx5HFpFf78daEJMGYVi/o9OtoKdJxG
 CnVdBMnKGz4TUUQOtfmoU8K5jkyxu3mibdURtM6qaHipX8uLH1xw1pZVs4MUU/YQ
 Ew2mGTT2Vs6/fCIq4XAS7soksck5vjvmlzon06s666dOXth0SFTgAu05WxQSw2R1
 UJs8tmBwMf8oiyGwcb7LWjXdwDLJtogKTOrjCVOt0hyesSSwTgdJYgUM/Gef0xrz
 ojs96WCq3rjxyOrrow6peNe35Duy6RXmL3JhIUdQh7PxUof1vczNl423IpJFy4vr
 Z9dLKRHF/vfUigpRs7Uv
 =X+fy
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2018-08-27-v2' into staging

Error reporting patches for 2018-08-27

# gpg: Signature made Mon 27 Aug 2018 14:18:15 BST
# gpg:                using RSA key 3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-error-2018-08-27-v2:
  intel-iommu: replace more vtd_err_* traces
  intel-iommu: start to use error_report_once
  qemu-error: introduce {error|warn}_report_once

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-27 16:44:20 +01:00
Peter Maydell
e1e388900d check/next for 20180827
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJbg8tbAAoJEPSH7xhYctcjU/UQAMAuCBW+qoAdHp53i8L7Eh7g
 GuEN1TNG0njQMbfAqlYEVCUnnyR3X52/ag0/zboS/pb77WAAAyxKtHK0dKYKVtEs
 89377YXwNA/I0boiRL9JXzzcNwZWQYlTuaKzWYBPC0UvEJ1e1yxbTgCoMKzNOlg/
 69OfWErKIJgS179fFFSnO1PvIkCZjRuGyHsgl2WfHfMjUALASuQLIDo6gj+wTzjO
 O228X075r9+O5ahdkl1de7pvx0OZ9QE1gXSVukCen4Wk63HKsV0Wn2ixXAFdNmUQ
 dxl5JGSexmJALQhRmn5KLd/6ULYMQyoTrnvvTQeBPPVNJsCS2h0FJokRKqcXeq4C
 dw9ZIc2JPydVwo5DCrHFTOg+wYxO0AyyqI9OVCYOAQG1y4KUnOC3YBlqyg0Cu3wU
 fCQ+WIU+MzvLYObmW4EYnCJDf+8wxWRc3rIt7bqDDO0on6VdgV7ifSz6E9O3mlOP
 GJ+O8KUizZXYCETFmH+bk24kBsANBtDJveVjG0lc/a12F26Y3FWoQINlaSeyyeYy
 rPdTs7D1W52/Quh5WoR+S4E5grpdNvWBGdBgJmwhORKLXTGmrDGQeGt9M1Mb3Ksk
 Wx9qr/eBSAx1LvS7BnJMJ4Cl2UZeIgJEwMiop/Lk4XbbD3M6j7x5tm+4PX+9H86j
 +cDcnyKSyLCbQQP6Ln8I
 =9l1t
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/juanquintela/tags/check/20180827' into staging

check/next for 20180827

# gpg: Signature made Mon 27 Aug 2018 10:58:51 BST
# gpg:                using RSA key F487EF185872D723
# gpg: Good signature from "Juan Quintela <quintela@redhat.com>"
# gpg:                 aka "Juan Quintela <quintela@trasno.org>"
# Primary key fingerprint: 1899 FF8E DEBF 58CC EE03  4B82 F487 EF18 5872 D723

* remotes/juanquintela/tags/check/20180827:
  check: Move wdt_ib700 test to common
  check: Move endianess test to common
  check: Move VMXNET3 test to common
  check: Only test boot-serial when sga is compiled in
  check: Only test ivshm when it is compiled in
  x86_64-softmmu: Configuration is identical to i386-softmmu
  check: Only test usb-xhci-nec when it is compiled in
  check: Only test isa-testdev when it is compiled in
  configure: We don't want to clean configuration files

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-27 14:55:57 +01:00
Peter Xu
4e4abd111a intel-iommu: replace more vtd_err_* traces
Replace all the trace_vtd_err_*() hooks with the new error_report_once()
since they are similar to trace_vtd_err() - dumping the first error
would be mostly enough, then we have them on by default too.

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180815095328.32414-4-peterx@redhat.com>
[Use "%x" instead of "%" PRIx16 to print uint16_t, whitespace tidied up]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2018-08-27 15:09:20 +02:00
Peter Xu
1376211f77 intel-iommu: start to use error_report_once
Replace existing trace_vtd_err() with error_report_once() then stderr
will capture something if any of the error happens, meanwhile we don't
suffer from any DDOS.  Then remove the trace point.  Since at it,
provide more information where proper (now we can pass parameters into
the report function).

Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180815095328.32414-3-peterx@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
[Two format strings fixed, whitespace tidied up]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2018-08-27 15:00:45 +02:00
Peter Maydell
025573be71 ui: misc fixes which piled up during 3.0 release freeze
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJbg7vzAAoJEEy22O7T6HE4ipQQAJ9KnrLLr23moSW+RwMjNbma
 m0ZK1ySWwRTFLcfvW2mREKW7smeRWRXILrD0KH8OYNf+AIqXzbVo160lV1LnWYLO
 9VtwGUsUpy36hYlBbc1ZwW9d0vZ8suF2j1k5uESUS8ZJg9QczyPGYWaa4Be9pC7y
 tIud4iPcukSnM42bF9EZCmUdi5rxhqBN6rLZtE/Bg+B7JJAxIh3fR4c2Bi27o1d4
 RX4gyoyl7WQmN77ejmZBelEQsUYWLFDrK1RL5Ir8Ib0O0mzSm7fnJQ5WgYv8R8Na
 wTS1t+ue7wa8GGQonUwRl5ttVf0BppvOu5NZLFaQyCVODTgjVO/IjbKpkijBgHsB
 DqOh4bYK8CgnQtre/m10nGrbVzNsX9FmcCLAAqwmWtCZ1sozjT3rOxVgJD8hn7ro
 J0LEYZuQ0TaCzS2Kaf6+BdXNMWJQShPPyi4UJI490RswzTeg4z2weNIPdlFoyJZd
 Wr7GDPkpHkpFnx65XbBvzOpMNIdJESW9WZLkwy95HfgSkty+3DpmvoKhLyzWOCsF
 AbVJOkjbNgKYJpfu8HmZsV/WB9Ll8aKkMieisY0Y2PHyNv853YkJBuRhLRopx7Ke
 NsGa2jZofuWJxpO0v9FqeVJB1B4iHJ5w2obWixcvGTUJD1Bg30WsQudGVO4tO4SD
 nvt+6vsxYFHr9QaOXIyV
 =WC8K
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20180827-v4-pull-request' into staging

ui: misc fixes which piled up during 3.0 release freeze

# gpg: Signature made Mon 27 Aug 2018 09:53:07 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20180827-v4-pull-request:
  util: promote qemu_egl_rendernode_open() to libqemuutil
  dmabuf: add y0_top, pass it to spice
  ui/vnc: Remove useless parenthesis around DIV_ROUND_UP macro
  ui/sdl2: Fix broken -full-screen CLI option
  spice-display: fix qemu_spice_cursor_refresh_bh locking
  spice-display: access ptr_x/ptr_y under Mutex
  vnc: remove support for deprecated tls, x509, x509verify options
  doc: switch to modern syntax for VNC TLS setup
  sdl2: redraw correctly when scanout_mode enabled.
  ui: use enum to string helpers
  vnc: fix memleak of the "vnc-worker-output" name
  ui/sdl2: Remove the obsolete SDL_INIT_NOPARACHUTE flag

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-27 12:30:51 +01:00
Juan Quintela
ee1f6c812b check: Move wdt_ib700 test to common
It is protected by CONFIG_WDT_IB700.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
2018-08-27 11:27:07 +02:00
Juan Quintela
669cc71000 check: Move endianess test to common
It is already protected by CONFIG_ISA_TESTDEV in all architectures.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2018-08-27 11:27:07 +02:00
Juan Quintela
7a066770f5 check: Move VMXNET3 test to common
We protect it with CONFIG_VMXNET3_PCI now, so no need to also put it
on i386.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2018-08-27 11:27:07 +02:00
Juan Quintela
dff1ba07a0 check: Only test boot-serial when sga is compiled in
This is only for x86* architecture.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2018-08-27 11:27:07 +02:00
Juan Quintela
1336e6085b check: Only test ivshm when it is compiled in
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2018-08-27 11:27:07 +02:00
Juan Quintela
fa212a2b8b x86_64-softmmu: Configuration is identical to i386-softmmu
If we ever changed that, just make the things that are different
explicit.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2018-08-27 11:27:06 +02:00
Juan Quintela
c9b688b469 check: Only test usb-xhci-nec when it is compiled in
Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2018-08-27 11:27:06 +02:00
Juan Quintela
4637963cc9 check: Only test isa-testdev when it is compiled in
Once there, untangle endianness-test and boot-serial-test.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>

---

boot-serial-test don't depend on isa-testdev.  Thanks Thomas.
2018-08-27 11:27:06 +02:00
Juan Quintela
e92af6ec85 configure: We don't want to clean configuration files
If you don't want to compile everything, you configure
config-devices.mak.  And then make clean remove it, and make will
create a default one without your configuration.  Fix it by not
removing it on clean target.  Remove it instead on distclean.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>

---

Remove it instead on distclean.
2018-08-27 11:27:06 +02:00
Marc-André Lureau
b1d380372f util: promote qemu_egl_rendernode_open() to libqemuutil
vhost-user-gpu will share the same code to open a DRM node.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180713130916.4153-20-marcandre.lureau@redhat.com>

[ kraxel: buildfix: util/drm.o must be CONFIG_OPENGL not CONFIG_LINUX ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-08-27 10:51:44 +02:00
Peter Xu
bc6a69dd4b qemu-error: introduce {error|warn}_report_once
There are many error_report()s that can be used in frequently called
functions, especially on IO paths.  That can be unideal in that
malicious guest can try to trigger the error tons of time which might
use up the log space on the host (e.g., libvirt can capture the stderr
of QEMU and put it persistently onto disk).  In VT-d emulation code, we
have trace_vtd_error() tracer.  AFAIU all those places can be replaced
by something like error_report() but trace points are mostly used to
avoid the DDOS attack that mentioned above.  However using trace points
mean that errors are not dumped if trace not enabled.

It's not a big deal in most modern server managements since we have
things like logrotate to maintain the logs and make sure the quota is
expected.  However it'll still be nice that we just provide another way
to restrict message generations.  In most cases, this kind of
error_report()s will only provide valid information on the first message
sent, and all the rest of similar messages will be mostly talking about
the same thing.  This patch introduces *_report_once() helpers to allow
a message to be dumped only once during one QEMU process's life cycle.
It will make sure: (1) it's on by deffault, so we can even get something
without turning the trace on and reproducing, and (2) it won't be
affected by DDOS attack.

To implement it, I stole the printk_once() macro from Linux.

CC: Eric Blake <eblake@redhat.com>
CC: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20180815095328.32414-2-peterx@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Whitespace adjusted, comments improved]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2018-08-27 06:38:45 +02:00
Peter Maydell
235c82acca pull-seccomp-20180823
-----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJbfsi1AAoJEN8y58Dw//miAfEH/2XIpp5S6IiHkxrFU16YE7Qn
 8oHuVKAk6kz6yRbRotW50Ok6SQRQX6dWIAxrAaLB2RfevuMPQs42o43JtdV3ldk1
 sNnrTDQCN75tbaQ1HedP7EEq7SRqk3A36s7SsljdPTcBmN9PAHgvYwTd/tbozbiD
 qZ+LZGCe+PYbu9lBEJ3UXXZu2Y4Wr/vAVl8D6kD5NPLkS8++4HzcHRyYrTMbkV5T
 Hh8aFIEncg7m9skCPlqGdgaReDDPWEkbk2vM7tw2bfPuAGJlzF+nV2q1hLBeI1eu
 zwH/BkWfOrnYodQzVMblqq+rh1+HIQkmZpjwEfEWy5k497ntiy4y+/hAJLjiFMM=
 =IygU
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20180823' into staging

pull-seccomp-20180823

# gpg: Signature made Thu 23 Aug 2018 15:46:13 BST
# gpg:                using RSA key DF32E7C0F0FFF9A2
# gpg: Good signature from "Eduardo Otubo (Senior Software Engineer) <otubo@redhat.com>"
# Primary key fingerprint: D67E 1B50 9374 86B4 0723  DBAB DF32 E7C0 F0FF F9A2

* remotes/otubo/tags/pull-seccomp-20180823:
  seccomp: set the seccomp filter to all threads
  configure: require libseccomp 2.2.0
  seccomp: prefer SCMP_ACT_KILL_PROCESS if available
  seccomp: use SIGSYS signal instead of killing the thread

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-25 13:08:57 +01:00
Peter Maydell
17182bb47f VFIO fixes 2018-08-23
- Fix coverity reported issue with use of realpath (Alex Williamson)
 
  - Cleanup file descriptor in error path (Alex Williamson)
 
  - Fix postcopy use of new balloon inhibitor (Alex Williamson)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJbfuTxAAoJECObm247sIsiO0sP/RJKVP52D5ZXChdv/Fxwo2N/
 5UulKRDVu1RAGKPFxww2JHN3hoo4Jz3keGSnK4l300pMBbxRLZsB8189IIb95ejH
 EzRFM73icK2//2zunFnv7V8CjcBS9Ol2ST6OdGmHk+kp5XFEb0wsysPn7lL+b0Uv
 +Ijext7xgPqqc6Lz7WiKcjcducD6Rm8ReIItvYw0S7ePVGviK8b/lM2BtfQOZY0W
 hlkp89za5l4fZigpHFy3XM9v1LEbtAUwnIWh+iHMelRU91og07cvnMuLINdaXyy9
 lF52REiPL1jOTRQZMOuUUcuXBAHgeHtoVd837TRuZTI2kcresSC3b3SVgu7zG0To
 Z48fVIaFxmwjAcwJmzckash2Jhk3CfSE5HJvX1CODtWbSLh+o28MekxGGMPWpYM/
 XJK8kTY7atace72j86f05INE4jPwQ3okak1jLb7FXz2LfRjpplPKeLEzSnhjm0dg
 63e0c88D1eNTEad6H1WYrq9WZ7yjgEgu3jDBTtah+ZKKHPltUbOkc9j+ZkHWFsFK
 VIHNAD1X8TJCqj5vxSEAgiqT+XxIn8LfTrfCoeORJsoEfGJaRPTKMkdEGq7M1/k4
 XMVJY7uK5C1p7loaUcqKs2J3RkIKuE4HvDWLXkeeAFHc1s9wtOzEBoKucREGt0UR
 V7L6J9paWJA4YQMy5SLw
 =aRcH
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/awilliam/tags/vfio-fixes-20180823.1' into staging

VFIO fixes 2018-08-23

 - Fix coverity reported issue with use of realpath (Alex Williamson)

 - Cleanup file descriptor in error path (Alex Williamson)

 - Fix postcopy use of new balloon inhibitor (Alex Williamson)

# gpg: Signature made Thu 23 Aug 2018 17:46:41 BST
# gpg:                using RSA key 239B9B6E3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>"
# gpg:                 aka "Alex Williamson <alex@shazbot.org>"
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>"
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>"
# Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B  8A90 239B 9B6E 3BB0 8B22

* remotes/awilliam/tags/vfio-fixes-20180823.1:
  postcopy: Synchronize usage of the balloon inhibitor
  vfio/pci: Fix failure to close file descriptor on error
  vfio/pci: Handle subsystem realpath() returning NULL

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-25 10:59:06 +01:00
Peter Maydell
cc9821fa9a QObject patches for 2018-08-24
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJbgFx1AAoJEDhwtADrkYZTaQQP/24SBzfCVDC4GR4zM2aNYca8
 en8UkIcF/MvgJ5E7b95LvT58g3qvd32G5nG5r8stbSzk1JlWQfH30O1zV+5J2FBY
 kkcJe69oTP+Qe8ZBndQCdxM8sMdlbZBpAKa81j6pYZXwueWvGd9PDxhYMiHuvglz
 EdXE2DsAZ8at7mwNlwC0E6TSYeJiHBmwjOI6YnuE9ZCP4Cr5JYIJojl2loHhJRsd
 7gZdL+6GGm/NPHeuLHdt7XyNEfS7ZJgPn+lV9wljukQbAXjbkOf5ko3VCZwclyOg
 JkzOWot04Fy+Ro0Zj2e2siU+0MJ3JxfCrx5TKRZU5hKimZj6Uo7oA5qkGtCBXG6J
 Vq1Zl4MBKLkfckv7Spxs6j7+xImQXV5PD0nO63KFkqqbhZwWeq2M5GUorSOddh27
 pecChH2fH/y32StStHzM7m2PvRuCIGq1ZfTdG7OdG/qRkwOQG9R9mkAO3hZNq54O
 GxoBs9ghjbttTZCCPm/qofc9EypVD7brjCwDwKWKm4Bf9daqVDFdAZic6n12HLKV
 ysAl2N8d5cCtQyFN6stKNXIZArLuT/MNPps6LC6hRawZaODsDZGPhjI3KcLcHnQs
 Vp9AWAB8vOzyWE0kvIdh004bPwXzH9r4IqTTZmvf1C15TTtZrpQ1r7BudDWKm3De
 wjTE5H4ETy0h/TuHE6yk
 =6BNc
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-qobject-2018-08-24' into staging

QObject patches for 2018-08-24

# gpg: Signature made Fri 24 Aug 2018 20:28:53 BST
# gpg:                using RSA key 3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qobject-2018-08-24: (58 commits)
  json: Update references to RFC 7159 to RFC 8259
  json: Support %% in JSON strings when interpolating
  json: Improve safety of qobject_from_jsonf_nofail() & friends
  json: Keep interpolation state in JSONParserContext
  tests/drive_del-test: Fix harmless JSON interpolation bug
  json: Clean up headers
  qobject: Drop superfluous includes of qemu-common.h
  json: Make JSONToken opaque outside json-parser.c
  json: Unbox tokens queue in JSONMessageParser
  json: Streamline json_message_process_token()
  json: Enforce token count and size limits more tightly
  qjson: Have qobject_from_json() & friends reject empty and blank
  json: Assert json_parser_parse() consumes all tokens on success
  json: Fix streamer not to ignore trailing unterminated structures
  json: Fix latent parser aborts at end of input
  qjson: Fix qobject_from_json() & friends for multiple values
  json: Improve names of lexer states related to numbers
  json: Replace %I64d, %I64u by %PRId64, %PRIu64
  json: Leave rejecting invalid interpolation to parser
  json: Pass lexical errors and limit violations to callback
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-25 10:11:54 +01:00
Peter Maydell
e2e6fa6793 MIPS queue August 2018 v6
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJbgCm7AAoJENSXKoln91plhJYH/jRqbCaUd04nGuyjOaYUajTL
 brz3JD0XN2jD6NnDYUpuiNzawSojNzSklMA0u9AJiG+cpNK+gqW4fX+CYeX7ApjK
 99+SXSejxnK3IJUNblQDD/hdCv9Dc1r12R7c80lm+aqJwi4C8hfULTbfrse/QdyA
 KIHKl+c3uaWTPG2qC3mpPW/QS+IRPgRRwF/7GILuiagNmMcXyuMd2fQuePnf1rvD
 ztTdtNJ0zfdFK1jlLa7D9Xe36RpS1uBinF429dNwXWM/+i1shvxc3Enzb4qEQNYe
 ZeVxTomP/nO1elLZYdVUwdQYr6vmnvb1/mtTT6nq0NvHeLGjMZMqOBWGuAtdXoo=
 =a8Jv
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/amarkovic/tags/mips-queue-aug-2018' into staging

MIPS queue August 2018 v6

# gpg: Signature made Fri 24 Aug 2018 16:52:27 BST
# gpg:                using RSA key D4972A8967F75A65
# gpg: Good signature from "Aleksandar Markovic <amarkovic@wavecomp.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8526 FBF1 5DA3 811F 4A01  DD75 D497 2A89 67F7 5A65

* remotes/amarkovic/tags/mips-queue-aug-2018: (45 commits)
  target/mips: Add definition of nanoMIPS I7200 CPU
  mips_malta: Fix semihosting argument passing for nanoMIPS bare metal
  mips_malta: Add setting up GT64120 BARs to the nanoMIPS bootloader
  mips_malta: Add basic nanoMIPS boot code for Malta board
  elf: Don't check FCR31_NAN2008 bit for nanoMIPS
  elf: On elf loading, treat both EM_MIPS and EM_NANOMIPS as legal for MIPS
  elf: Relax MIPS' elf_check_arch() to accept EM_NANOMIPS too
  elf: Add EM_NANOMIPS value as a valid one for e_machine field
  target/mips: Fix ERET/ERETNC behavior related to ADEL exception
  target/mips: Add updating BadInstr and BadInstrX for nanoMIPS
  target/mips: Add availability control via bit NMS
  target/mips: Add emulation of DSP ASE for nanoMIPS - part 6
  target/mips: Add emulation of DSP ASE for nanoMIPS - part 5
  target/mips: Add emulation of DSP ASE for nanoMIPS - part 4
  target/mips: Add emulation of DSP ASE for nanoMIPS - part 3
  target/mips: Add emulation of DSP ASE for nanoMIPS - part 2
  target/mips: Add emulation of DSP ASE for nanoMIPS - part 1
  target/mips: Implement MT ASE support for nanoMIPS
  target/mips: Fix pre-nanoMIPS MT ASE instructions availability control
  target/mips: Add emulation of nanoMIPS 32-bit branch instructions
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-08-24 23:10:15 +01:00
Markus Armbruster
37aded92c2 json: Update references to RFC 7159 to RFC 8259
RFC 8259 (December 2017) obsoletes RFC 7159 (March 2014).

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180823164025.12553-59-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2018-08-24 20:27:14 +02:00
Markus Armbruster
8bca4613e6 json: Support %% in JSON strings when interpolating
The previous commit makes JSON strings containing '%' awkward to
express in templates: you'd have to mask the '%' with an Unicode
escape \u0025.  No template currently contains such JSON strings.
Support the printf conversion specification %% in JSON strings as a
convenience anyway, because it's trivially easy to do.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-58-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
16a4859921 json: Improve safety of qobject_from_jsonf_nofail() & friends
The JSON parser optionally supports interpolation.  This is used to
build QObjects by parsing string templates.  The templates are C
literals, so parse errors (such as invalid interpolation
specifications) are actually programming errors.  Consequently, the
functions providing parsing with interpolation
(qobject_from_jsonf_nofail(), qobject_from_vjsonf_nofail(),
qdict_from_jsonf_nofail(), qdict_from_vjsonf_nofail()) pass
&error_abort to the parser.

However, there's another, more dangerous kind of programming error:
since we use va_arg() to get the value to interpolate, behavior is
undefined when the variable argument isn't consistent with the
interpolation specification.

The same problem exists with printf()-like functions, and the solution
is to have the compiler check consistency.  This is what
GCC_FMT_ATTR() is about.

To enable this type checking for interpolation as well, we carefully
chose our interpolation specifications to match printf conversion
specifications, and decorate functions parsing templates with
GCC_FMT_ATTR().

Note that this only protects against undefined behavior due to type
errors.  It can't protect against use of invalid interpolation
specifications that happen to be valid printf conversion
specifications.

However, there's still a gaping hole in the type checking: GCC
recognizes '%' as start of printf conversion specification anywhere in
the template, but the parser recognizes it only outside JSON strings.
For instance, if someone were to pass a "{ '%s': %d }" template, GCC
would require a char * and an int argument, but the parser would
va_arg() only an int argument, resulting in undefined behavior.

Avoid undefined behavior by catching the programming error at run
time: have the parser recognize and reject '%' in JSON strings.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-57-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
ada74c3ba1 json: Keep interpolation state in JSONParserContext
The recursive descent parser passes along a pointer to
JSONParserContext.  It additionally passes a pointer to interpolation
state (a va_alist *) as needed to reach its consumer
parse_interpolation().

Stuffing the latter pointer into JSONParserContext saves us the
trouble of passing it along, so do that.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-56-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
83273e84d9 tests/drive_del-test: Fix harmless JSON interpolation bug
test_after_failed_device_add() does this:

    response = qmp("{'execute': 'device_add',"
                   " 'arguments': {"
                   "   'driver': 'virtio-blk-%s',"
                   "   'drive': 'drive0'"
                   "}}", qvirtio_get_dev_type());

Wrong.  An interpolation specification must be a JSON token, it
doesn't work within JSON string tokens.  The code above doesn't use
the value of qvirtio_get_dev_type(), and sends arguments

    {"driver": "virtio-blk-%s", "drive": "drive0"}}

The command fails because there is no driver named "virtio-blk-%".
Harmless, since the test wants the command to fail.  Screwed up in
commit 2f84a92ec6.

Fix the obvious way.  The command now fails because the drive is
empty, like it did before commit 2f84a92ec6.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-55-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
86cdf9ec8d json: Clean up headers
The JSON parser has three public headers, json-lexer.h, json-parser.h,
json-streamer.h.  They all contain stuff that is of no interest
outside qobject/json-*.c.

Collect the public interface in include/qapi/qmp/json-parser.h, and
everything else in qobject/json-parser-int.h.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-54-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
812ce33ead qobject: Drop superfluous includes of qemu-common.h
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-53-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
abe7c2067c json: Make JSONToken opaque outside json-parser.c
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-52-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
a2731e08ee json: Unbox tokens queue in JSONMessageParser
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-51-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
8d3265b3d0 json: Streamline json_message_process_token()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-50-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
da09cfbf9d json: Enforce token count and size limits more tightly
Token count and size limits exist to guard against excessive heap
usage.  We check them only after we created the token on the heap.
That's assigning a cowboy to the barn to lasso the horse after it has
bolted.  Close the barn door instead: check before we create the
token.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-49-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
dd98e84819 qjson: Have qobject_from_json() & friends reject empty and blank
The last case where qobject_from_json() & friends return null without
setting an error is empty or blank input.  Callers:

* block.c's parse_json_protocol() reports "Could not parse the JSON
  options".  It's marked as a work-around, because it also covered
  actual bugs, but they got fixed in the previous few commits.

* qobject_input_visitor_new_str() reports "JSON parse error".  Also
  marked as work-around.  The recent fixes have made this unreachable,
  because it currently gets called only for input starting with '{'.

* check-qjson.c's empty_input() and blank_input() demonstrate the
  behavior.

* The other callers are not affected since they only pass input with
  exactly one JSON value or, in the case of negative tests, one error.

Fail with "Expecting a JSON value" instead of returning null, and
simplify callers.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-48-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
5d50113cf6 json: Assert json_parser_parse() consumes all tokens on success
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-47-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
f9277915ee json: Fix streamer not to ignore trailing unterminated structures
json_message_process_token() accumulates tokens until it got the
sequence of tokens that comprise a single JSON value (it counts curly
braces and square brackets to decide).  It feeds those token sequences
to json_parser_parse().  If a non-empty sequence of tokens remains at
the end of the parse, it's silently ignored.  check-qjson.c cases
unterminated_array(), unterminated_array_comma(), unterminated_dict(),
unterminated_dict_comma() demonstrate this bug.

Fix as follows.  Introduce a JSON_END_OF_INPUT token.  When the
streamer receives it, it feeds the accumulated tokens to
json_parser_parse().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-46-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
e06d008ac8 json: Fix latent parser aborts at end of input
json-parser.c carefully reports end of input like this:

    token = parser_context_pop_token(ctxt);
    if (token == NULL) {
        parse_error(ctxt, NULL, "premature EOI");
        goto out;
    }

Except parser_context_pop_token() can't return null, it fails its
assertion instead.  Same for parser_context_peek_token().  Broken in
commit 65c0f1e955, and faithfully preserved in commit 95385fe9ac.
Only a latent bug, because the streamer throws away any input that
could trigger it.

Drop the assertions, so we can fix the streamer in the next commit.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-45-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
2a4794ba14 qjson: Fix qobject_from_json() & friends for multiple values
qobject_from_json() & friends use the consume_json() callback to
receive either a value or an error from the parser.

When they are fed a string that contains more than either one JSON
value or one JSON syntax error, consume_json() gets called multiple
times.

When the last call receives a value, qobject_from_json() returns that
value.  Any other values are leaked.

When any call receives an error, qobject_from_json() sets the first
error received.  Any other errors are thrown away.

When values follow errors, qobject_from_json() returns both a value
and sets an error.  That's bad.  Impact:

* block.c's parse_json_protocol() ignores and leaks the value.  It's
  used to to parse pseudo-filenames starting with "json:".  The
  pseudo-filenames can come from the user or from image meta-data such
  as a QCOW2 image's backing file name.

* vl.c's parse_display_qapi() ignores and leaks the error.  It's used
  to parse the argument of command line option -display.

* vl.c's main() case QEMU_OPTION_blockdev ignores the error and leaves
  it in @err.  main() will then pass a pointer to a non-null Error *
  to net_init_clients(), which is forbidden.  It can lead to assertion
  failure or other misbehavior.

* check-qjson.c's multiple_values() demonstrates the badness.

* The other callers are not affected since they only pass strings with
  exactly one JSON value or, in the case of negative tests, one
  error.

The impact on the _nofail() functions is relatively harmless.  They
abort when any call receives an error.  Else they return the last
value, and leak the others, if any.

Fix consume_json() as follows.  On the first call, save value and
error as before.  On subsequent calls, if any, don't save them.  If
the first call saved a value, the next call, if any, replaces the
value by an "Expecting at most one JSON value" error.  Take care not
to leak values or errors that aren't saved.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-44-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
4d40066142 json: Improve names of lexer states related to numbers
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-43-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
53a0d616fe json: Replace %I64d, %I64u by %PRId64, %PRIu64
Support for %I64d got added in commit 2c0d4b36e7 "json: fix PRId64 on
Win32".  We had to hard-code I64d because we used the lexer's finite
state machine to check interpolations.  No more, so clean this up.

Additional conversion specifications would be easy enough to implement
when needed.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-42-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
f7617d45d4 json: Leave rejecting invalid interpolation to parser
Both lexer and parser reject invalid interpolation specifications.
The parser's check is useless.

The lexer ends the token right after the first bad character.  This
tends to lead to suboptimal error reporting.  For instance, input

    [ %04d ]

produces the tokens

    JSON_LSQUARE  [
    JSON_ERROR    %0
    JSON_INTEGER  4
    JSON_KEYWORD  d
    JSON_RSQUARE  ]

The parser then yields an error, an object and two more errors:

    error: Invalid JSON syntax
    object: 4
    error: JSON parse error, invalid keyword
    error: JSON parse error, expecting value

Dumb down the lexer to accept [A-Za-z0-9]*.  The parser's check is now
used.  Emit a proper error there.

The lexer now produces

    JSON_LSQUARE  [
    JSON_INTERP   %04d
    JSON_RSQUARE  ]

and the parser reports just

    JSON parse error, invalid interpolation '%04d'

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-41-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
84a56f38b2 json: Pass lexical errors and limit violations to callback
The callback to consume JSON values takes QObject *json, Error *err.
If both are null, the callback is supposed to make up an error by
itself.  This sucks.

qjson.c's consume_json() neglects to do so, which makes
qobject_from_json() null instead of failing.  I consider that a bug.

The culprit is json_message_process_token(): it passes two null
pointers when it runs into a lexical error or a limit violation.  Fix
it to pass a proper Error object then.  Update the callbacks:

* monitor.c's handle_qmp_command(): the code to make up an error is
  now dead, drop it.

* qga/main.c's process_event(): lumps the "both null" case together
  with the "not a JSON object" case.  The former is now gone.  The
  error message "Invalid JSON syntax" is misleading for the latter.
  Improve it to "Input must be a JSON object".

* qobject/qjson.c's consume_json(): no update; check-qjson
  demonstrates qobject_from_json() now sets an error on lexical
  errors, but still doesn't on some other errors.

* tests/libqtest.c's qmp_response(): the Error object is now reliable,
  so use it to improve the error message.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-40-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
2cbd15aa6f json: Treat unwanted interpolation as lexical error
The JSON parser optionally supports interpolation.  The lexer
recognizes interpolation tokens unconditionally.  The parser rejects
them when interpolation is disabled, in parse_interpolation().
However, it neglects to set an error then, which can make
json_parser_parse() fail without setting an error.

Move the check for unwanted interpolation from the parser's
parse_interpolation() into the lexer's finite state machine.  When
interpolation is disabled, '%' is now handled like any other
unexpected character.

The next commit will improve how such lexical errors are handled.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-39-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
61030280ca json: Rename token JSON_ESCAPE & friends to JSON_INTERP
The JSON parser optionally supports interpolation.  The code calls it
"escape".  Awkward, because it uses the same term for escape sequences
within strings.  The latter usage is consistent with RFC 8259 "The
JavaScript Object Notation (JSON) Data Interchange Format" and ISO C.
Call the former "interpolation" instead.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-38-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
269e57ae28 json: Don't create JSON_ERROR tokens that won't be used
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-37-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
ff281a272f json: Don't pass null @tokens to json_parser_parse()
json_parser_parse() normally returns the QObject on success.  Except
it returns null when its @tokens argument is null.

Its only caller json_message_process_token() passes null @tokens when
emitting a lexical error.  The call is a rather opaque way to say json
= NULL then.

Simplify matters by lifting the assignment to json out of the emit
path: initialize json to null, set it to the value of
json_parser_parse() when there's no lexical error.  Drop the special
case from json_parser_parse().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-36-armbru@redhat.com>
2018-08-24 20:26:37 +02:00
Markus Armbruster
62815d85ae json: Redesign the callback to consume JSON values
The classical way to structure parser and lexer is to have the client
call the parser to get an abstract syntax tree, the parser call the
lexer to get the next token, and the lexer call some function to get
input characters.

Another way to structure them would be to have the client feed
characters to the lexer, the lexer feed tokens to the parser, and the
parser feed abstract syntax trees to some callback provided by the
client.  This way is more easily integrated into an event loop that
dispatches input characters as they arrive.

Our JSON parser is kind of between the two.  The lexer feeds tokens to
a "streamer" instead of a real parser.  The streamer accumulates
tokens until it got the sequence of tokens that comprise a single JSON
value (it counts curly braces and square brackets to decide).  It
feeds those token sequences to a callback provided by the client.  The
callback passes each token sequence to the parser, and gets back an
abstract syntax tree.

I figure it was done that way to make a straightforward recursive
descent parser possible.  "Get next token" becomes "pop the first
token off the token sequence".  Drawback: we need to store a complete
token sequence.  Each token eats 13 + input characters + malloc
overhead bytes.

Observations:

1. This is not the only way to use recursive descent.  If we replaced
   "get next token" by a coroutine yield, we could do without a
   streamer.

2. The lexer reports errors by passing a JSON_ERROR token to the
   streamer.  This communicates the offending input characters and
   their location, but no more.

3. The streamer reports errors by passing a null token sequence to the
   callback.  The (already poor) lexical error information is thrown
   away.

4. Having the callback receive a token sequence duplicates the code to
   convert token sequence to abstract syntax tree in every callback.

5. Known bug: the streamer silently drops incomplete token sequences.

This commit rectifies 4. by lifting the call of the parser from the
callbacks into the streamer.  Later commits will address 3. and 5.

The lifting removes a bug from qjson.c's parse_json(): it passed a
pointer to a non-null Error * in certain cases, as demonstrated by
check-qjson.c.

json_parser_parse() is now unused.  It's a stupid wrapper around
json_parser_parse_err().  Drop it, and rename json_parser_parse_err()
to json_parser_parse().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20180823164025.12553-35-armbru@redhat.com>
2018-08-24 20:26:37 +02:00