From 2a19b229f6c2f7288bb8c2498bffb01d67810dee Mon Sep 17 00:00:00 2001 From: Lin Ma Date: Tue, 14 Jul 2015 19:27:30 +0800 Subject: virtio-input: fix segfault in virtio_input_hid_properties commit 5cce173 introduced virtio-input segfault, This patch fixes it. Signed-off-by: Lin Ma Signed-off-by: Gerd Hoffmann --- hw/input/virtio-input-hid.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/input/virtio-input-hid.c b/hw/input/virtio-input-hid.c index 616a815ed4..4d85dad4d1 100644 --- a/hw/input/virtio-input-hid.c +++ b/hw/input/virtio-input-hid.c @@ -308,6 +308,7 @@ static void virtio_input_hid_handle_status(VirtIOInput *vinput, static Property virtio_input_hid_properties[] = { DEFINE_PROP_STRING("display", VirtIOInputHID, display), DEFINE_PROP_UINT32("head", VirtIOInputHID, head, 0), + DEFINE_PROP_END_OF_LIST(), }; static void virtio_input_hid_class_init(ObjectClass *klass, void *data) -- cgit v1.2.1 From e2f6bac3010419426b636d2b307f66deecd60813 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 14 Jul 2015 13:44:12 +0200 Subject: virtio-input: move sys/ioctl.h include Drop from include/standard-headers/linux/input.h Add to hw/input/virtio-input-host.c instead. That allows to build virtio-input (except pass-through) on windows. Signed-off-by: Gerd Hoffmann --- hw/input/virtio-input-host.c | 1 + include/standard-headers/linux/input.h | 1 - scripts/update-linux-headers.sh | 1 + 3 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/input/virtio-input-host.c b/hw/input/virtio-input-host.c index f7e3d844e6..8978f16bae 100644 --- a/hw/input/virtio-input-host.c +++ b/hw/input/virtio-input-host.c @@ -11,6 +11,7 @@ #include "hw/virtio/virtio.h" #include "hw/virtio/virtio-input.h" +#include #include "standard-headers/linux/input.h" /* ----------------------------------------------------------------- */ diff --git a/include/standard-headers/linux/input.h b/include/standard-headers/linux/input.h index a459dd25da..b003c67059 100644 --- a/include/standard-headers/linux/input.h +++ b/include/standard-headers/linux/input.h @@ -10,7 +10,6 @@ #include -#include #include #include "standard-headers/linux/types.h" diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh index 47378d93d4..f0e830c2d6 100755 --- a/scripts/update-linux-headers.sh +++ b/scripts/update-linux-headers.sh @@ -56,6 +56,7 @@ cp_virtio() { -e 's/__bitwise__//' \ -e 's/__attribute__((packed))/QEMU_PACKED/' \ -e 's/__inline__/inline/' \ + -e '/sys\/ioctl.h/d' \ "$f" > "$to/$header"; done fi -- cgit v1.2.1 From 562f93754b95fd6dc65ad9a2aa15a90b2da7e8a4 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 14 Jul 2015 11:18:06 +0200 Subject: hid: clarify hid_keyboard_process_keycode Coverity thinks the fallthroughs are smelly. They are correct, but everything else in this function is like "wut?". Refer explicitly to bits 8 and 9 of hs->kbd.modifiers instead of shifting right first and using (1 << 7). Document what the scancode is when hid_code is 0xe0. And add plenty of comments. Signed-off-by: Paolo Bonzini Signed-off-by: Gerd Hoffmann --- hw/input/hid.c | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/hw/input/hid.c b/hw/input/hid.c index 6841cb8649..21ebd9e718 100644 --- a/hw/input/hid.c +++ b/hw/input/hid.c @@ -239,7 +239,7 @@ static void hid_keyboard_event(DeviceState *dev, QemuConsole *src, static void hid_keyboard_process_keycode(HIDState *hs) { - uint8_t hid_code, key; + uint8_t hid_code, index, key; int i, keycode, slot; if (hs->n == 0) { @@ -249,7 +249,8 @@ static void hid_keyboard_process_keycode(HIDState *hs) keycode = hs->kbd.keycodes[slot]; key = keycode & 0x7f; - hid_code = hid_usage_keys[key | ((hs->kbd.modifiers >> 1) & (1 << 7))]; + index = key | ((hs->kbd.modifiers & (1 << 8)) >> 1); + hid_code = hid_usage_keys[index]; hs->kbd.modifiers &= ~(1 << 8); switch (hid_code) { @@ -257,18 +258,41 @@ static void hid_keyboard_process_keycode(HIDState *hs) return; case 0xe0: + assert(key == 0x1d); if (hs->kbd.modifiers & (1 << 9)) { - hs->kbd.modifiers ^= 3 << 8; + /* The hid_codes for the 0xe1/0x1d scancode sequence are 0xe9/0xe0. + * Here we're processing the second hid_code. By dropping bit 9 + * and setting bit 8, the scancode after 0x1d will access the + * second half of the table. + */ + hs->kbd.modifiers ^= (1 << 8) | (1 << 9); return; } + /* fall through to process Ctrl_L */ case 0xe1 ... 0xe7: + /* Ctrl_L/Ctrl_R, Shift_L/Shift_R, Alt_L/Alt_R, Win_L/Win_R. + * Handle releases here, or fall through to process presses. + */ if (keycode & (1 << 7)) { hs->kbd.modifiers &= ~(1 << (hid_code & 0x0f)); return; } - case 0xe8 ... 0xef: + /* fall through */ + case 0xe8 ... 0xe9: + /* USB modifiers are just 1 byte long. Bits 8 and 9 of + * hs->kbd.modifiers implement a state machine that detects the + * 0xe0 and 0xe1/0x1d sequences. These bits do not follow the + * usual rules where bit 7 marks released keys; they are cleared + * elsewhere in the function as the state machine dictates. + */ hs->kbd.modifiers |= 1 << (hid_code & 0x0f); return; + + case 0xea ... 0xef: + abort(); + + default: + break; } if (keycode & (1 << 7)) { -- cgit v1.2.1