Archipelago » qemu

/*

 * QEMU System Emulator

 *

 * Copyright (c) 2003-2008 Fabrice Bellard

 *

 * Permission is hereby granted, free of charge, to any person obtaining a copy

 * of this software and associated documentation files (the "Software"), to deal

 * in the Software without restriction, including without limitation the rights

 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

 * copies of the Software, and to permit persons to whom the Software is

 * furnished to do so, subject to the following conditions:

 *

 * The above copyright notice and this permission notice shall be included in

 * all copies or substantial portions of the Software.

 *

 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL

 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

 * THE SOFTWARE.

 */

#include "qemu-common.h"

#include "monitor/monitor.h"

#include "ui/console.h"

#include "sysemu/sysemu.h"

#include "qemu/timer.h"

#include "sysemu/char.h"

#include "hw/usb.h"

#include "qmp-commands.h"

#include <unistd.h>

#include <fcntl.h>

#include <time.h>

#include <errno.h>

#include <sys/time.h>

#include <zlib.h>

#ifndef _WIN32

#include <sys/times.h>

#include <sys/wait.h>

#include <termios.h>

#include <sys/mman.h>

#include <sys/ioctl.h>

#include <sys/resource.h>

#include <sys/socket.h>

#include <netinet/in.h>

#include <net/if.h>

#include <arpa/inet.h>

#include <dirent.h>

#include <netdb.h>

#include <sys/select.h>

#ifdef CONFIG_BSD

#include <sys/stat.h>

#if defined(__GLIBC__)

#include <pty.h>

#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)

#include <libutil.h>

#else

#include <util.h>

#endif

#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)

#include <dev/ppbus/ppi.h>

#include <dev/ppbus/ppbconf.h>

#elif defined(__DragonFly__)

#include <dev/misc/ppi/ppi.h>

#include <bus/ppbus/ppbconf.h>

#endif

#else

#ifdef __linux__

#include <pty.h>

#include <linux/ppdev.h>

#include <linux/parport.h>

#endif

#ifdef __sun__

#include <sys/stat.h>

#include <sys/ethernet.h>

#include <sys/sockio.h>

#include <netinet/arp.h>

#include <netinet/in.h>

#include <netinet/in_systm.h>

#include <netinet/ip.h>

#include <netinet/ip_icmp.h> // must come after ip.h

#include <netinet/udp.h>

#include <netinet/tcp.h>

#include <net/if.h>

#include <syslog.h>

#include <stropts.h>

#endif

#endif

#endif

#include "qemu/sockets.h"

#include "ui/qemu-spice.h"

#define READ_BUF_LEN 4096

/***********************************************************/

/* character device */

static QTAILQ_HEAD(CharDriverStateHead, CharDriverState) chardevs =

    QTAILQ_HEAD_INITIALIZER(chardevs);

void qemu_chr_be_event(CharDriverState *s, int event)

{

    /* Keep track if the char device is open */

    switch (event) {

        case CHR_EVENT_OPENED:

            s->be_open = 1;

            break;

        case CHR_EVENT_CLOSED:

            s->be_open = 0;

            break;

    }

    if (!s->chr_event)

        return;

    s->chr_event(s->handler_opaque, event);

}

static gboolean qemu_chr_be_generic_open_bh(gpointer opaque)

{

    CharDriverState *s = opaque;

    qemu_chr_be_event(s, CHR_EVENT_OPENED);

    s->idle_tag = 0;

    return FALSE;

}

void qemu_chr_be_generic_open(CharDriverState *s)

{

    if (s->idle_tag == 0) {

        s->idle_tag = g_idle_add(qemu_chr_be_generic_open_bh, s);

    }

}

int qemu_chr_fe_write(CharDriverState *s, const uint8_t *buf, int len)

{

    return s->chr_write(s, buf, len);

}

int qemu_chr_fe_write_all(CharDriverState *s, const uint8_t *buf, int len)

{

    int offset = 0;

    int res;

    while (offset < len) {

        do {

            res = s->chr_write(s, buf + offset, len - offset);

            if (res == -1 && errno == EAGAIN) {

                g_usleep(100);

            }

        } while (res == -1 && errno == EAGAIN);

        if (res == 0) {

            break;

        }

        if (res < 0) {

            return res;

        }

        offset += res;

    }

    return offset;

}

int qemu_chr_fe_ioctl(CharDriverState *s, int cmd, void *arg)

{

    if (!s->chr_ioctl)

        return -ENOTSUP;

    return s->chr_ioctl(s, cmd, arg);

}

int qemu_chr_be_can_write(CharDriverState *s)

{

    if (!s->chr_can_read)

        return 0;

    return s->chr_can_read(s->handler_opaque);

}

void qemu_chr_be_write(CharDriverState *s, uint8_t *buf, int len)

{

    if (s->chr_read) {

        s->chr_read(s->handler_opaque, buf, len);

    }

}

int qemu_chr_fe_get_msgfd(CharDriverState *s)

{

    return s->get_msgfd ? s->get_msgfd(s) : -1;

}

int qemu_chr_add_client(CharDriverState *s, int fd)

{

    return s->chr_add_client ? s->chr_add_client(s, fd) : -1;

}

void qemu_chr_accept_input(CharDriverState *s)

{

    if (s->chr_accept_input)

        s->chr_accept_input(s);

    qemu_notify_event();

}

void qemu_chr_fe_printf(CharDriverState *s, const char *fmt, ...)

{

    char buf[READ_BUF_LEN];

    va_list ap;

    va_start(ap, fmt);

    vsnprintf(buf, sizeof(buf), fmt, ap);

    qemu_chr_fe_write(s, (uint8_t *)buf, strlen(buf));

    va_end(ap);

}

void qemu_chr_add_handlers(CharDriverState *s,

                           IOCanReadHandler *fd_can_read,

                           IOReadHandler *fd_read,

                           IOEventHandler *fd_event,

                           void *opaque)

{

    int fe_open;

    if (!opaque && !fd_can_read && !fd_read && !fd_event) {

        fe_open = 0;

    } else {

        fe_open = 1;

    }

    s->chr_can_read = fd_can_read;

    s->chr_read = fd_read;

    s->chr_event = fd_event;

    s->handler_opaque = opaque;

    if (s->chr_update_read_handler)

        s->chr_update_read_handler(s);

    if (!s->explicit_fe_open) {

        qemu_chr_fe_set_open(s, fe_open);

    }

    /* We're connecting to an already opened device, so let's make sure we

       also get the open event */

    if (fe_open && s->be_open) {

        qemu_chr_be_generic_open(s);

    }

}

static int null_chr_write(CharDriverState *chr, const uint8_t *buf, int len)

{

    return len;

}

static CharDriverState *qemu_chr_open_null(void)

{

    CharDriverState *chr;

    chr = g_malloc0(sizeof(CharDriverState));

    chr->chr_write = null_chr_write;

    return chr;

}

/* MUX driver for serial I/O splitting */

#define MAX_MUX 4

#define MUX_BUFFER_SIZE 32        /* Must be a power of 2.  */

#define MUX_BUFFER_MASK (MUX_BUFFER_SIZE - 1)

typedef struct {

    IOCanReadHandler *chr_can_read[MAX_MUX];

    IOReadHandler *chr_read[MAX_MUX];

    IOEventHandler *chr_event[MAX_MUX];

    void *ext_opaque[MAX_MUX];

    CharDriverState *drv;

    int focus;

    int mux_cnt;

    int term_got_escape;

    int max_size;

    /* Intermediate input buffer allows to catch escape sequences even if the

       currently active device is not accepting any input - but only until it

       is full as well. */

    unsigned char buffer[MAX_MUX][MUX_BUFFER_SIZE];

    int prod[MAX_MUX];

    int cons[MAX_MUX];

    int timestamps;

    int linestart;

    int64_t timestamps_start;

} MuxDriver;

static int mux_chr_write(CharDriverState *chr, const uint8_t *buf, int len)

{

    MuxDriver *d = chr->opaque;

    int ret;

    if (!d->timestamps) {

        ret = d->drv->chr_write(d->drv, buf, len);

    } else {

        int i;

        ret = 0;

        for (i = 0; i < len; i++) {

            if (d->linestart) {

                char buf1[64];

                int64_t ti;

                int secs;

                ti = qemu_get_clock_ms(rt_clock);

                if (d->timestamps_start == -1)

                    d->timestamps_start = ti;

                ti -= d->timestamps_start;

                secs = ti / 1000;

                snprintf(buf1, sizeof(buf1),

                         "[%02d:%02d:%02d.%03d] ",

                         secs / 3600,

                         (secs / 60) % 60,

                         secs % 60,

                         (int)(ti % 1000));

                d->drv->chr_write(d->drv, (uint8_t *)buf1, strlen(buf1));

                d->linestart = 0;

            }

            ret += d->drv->chr_write(d->drv, buf+i, 1);

            if (buf[i] == '\n') {

                d->linestart = 1;

            }

        }

    }

    return ret;

}

static const char * const mux_help[] = {

    "% h    print this help\n\r",

    "% x    exit emulator\n\r",

    "% s    save disk data back to file (if -snapshot)\n\r",

    "% t    toggle console timestamps\n\r"

    "% b    send break (magic sysrq)\n\r",

    "% c    switch between console and monitor\n\r",

    "% %  sends %\n\r",

    NULL

};

int term_escape_char = 0x01; /* ctrl-a is used for escape */

static void mux_print_help(CharDriverState *chr)

{

    int i, j;

    char ebuf[15] = "Escape-Char";

    char cbuf[50] = "\n\r";

    if (term_escape_char > 0 && term_escape_char < 26) {

        snprintf(cbuf, sizeof(cbuf), "\n\r");

        snprintf(ebuf, sizeof(ebuf), "C-%c", term_escape_char - 1 + 'a');

    } else {

        snprintf(cbuf, sizeof(cbuf),

                 "\n\rEscape-Char set to Ascii: 0x%02x\n\r\n\r",

                 term_escape_char);

    }

    chr->chr_write(chr, (uint8_t *)cbuf, strlen(cbuf));

    for (i = 0; mux_help[i] != NULL; i++) {

        for (j=0; mux_help[i][j] != '\0'; j++) {

            if (mux_help[i][j] == '%')

                chr->chr_write(chr, (uint8_t *)ebuf, strlen(ebuf));

            else

                chr->chr_write(chr, (uint8_t *)&mux_help[i][j], 1);

        }

    }

}

static void mux_chr_send_event(MuxDriver *d, int mux_nr, int event)

{

    if (d->chr_event[mux_nr])

        d->chr_event[mux_nr](d->ext_opaque[mux_nr], event);

}

static int mux_proc_byte(CharDriverState *chr, MuxDriver *d, int ch)

{

    if (d->term_got_escape) {

        d->term_got_escape = 0;

        if (ch == term_escape_char)

            goto send_char;

        switch(ch) {

        case '?':

        case 'h':

            mux_print_help(chr);

            break;

        case 'x':

            {

                 const char *term =  "QEMU: Terminated\n\r";

                 chr->chr_write(chr,(uint8_t *)term,strlen(term));

                 exit(0);

                 break;

            }

        case 's':

            bdrv_commit_all();

            break;

        case 'b':

            qemu_chr_be_event(chr, CHR_EVENT_BREAK);

            break;

        case 'c':

            /* Switch to the next registered device */

            mux_chr_send_event(d, d->focus, CHR_EVENT_MUX_OUT);

            d->focus++;

            if (d->focus >= d->mux_cnt)

                d->focus = 0;

            mux_chr_send_event(d, d->focus, CHR_EVENT_MUX_IN);

            break;

        case 't':

            d->timestamps = !d->timestamps;

            d->timestamps_start = -1;

            d->linestart = 0;

            break;

        }

    } else if (ch == term_escape_char) {

        d->term_got_escape = 1;

    } else {

    send_char:

        return 1;

    }

    return 0;

}

static void mux_chr_accept_input(CharDriverState *chr)

{

    MuxDriver *d = chr->opaque;

    int m = d->focus;

    while (d->prod[m] != d->cons[m] &&

           d->chr_can_read[m] &&

           d->chr_can_read[m](d->ext_opaque[m])) {

        d->chr_read[m](d->ext_opaque[m],

                       &d->buffer[m][d->cons[m]++ & MUX_BUFFER_MASK], 1);

    }

}

static int mux_chr_can_read(void *opaque)

{

    CharDriverState *chr = opaque;

    MuxDriver *d = chr->opaque;

    int m = d->focus;

    if ((d->prod[m] - d->cons[m]) < MUX_BUFFER_SIZE)

        return 1;

    if (d->chr_can_read[m])

        return d->chr_can_read[m](d->ext_opaque[m]);

    return 0;

}

static void mux_chr_read(void *opaque, const uint8_t *buf, int size)

{

    CharDriverState *chr = opaque;

    MuxDriver *d = chr->opaque;

    int m = d->focus;

    int i;

    mux_chr_accept_input (opaque);

    for(i = 0; i < size; i++)

        if (mux_proc_byte(chr, d, buf[i])) {

            if (d->prod[m] == d->cons[m] &&

                d->chr_can_read[m] &&

                d->chr_can_read[m](d->ext_opaque[m]))

                d->chr_read[m](d->ext_opaque[m], &buf[i], 1);

            else

                d->buffer[m][d->prod[m]++ & MUX_BUFFER_MASK] = buf[i];

        }

}

static void mux_chr_event(void *opaque, int event)

{

    CharDriverState *chr = opaque;

    MuxDriver *d = chr->opaque;

    int i;

    /* Send the event to all registered listeners */

    for (i = 0; i < d->mux_cnt; i++)

        mux_chr_send_event(d, i, event);

}

static void mux_chr_update_read_handler(CharDriverState *chr)

{

    MuxDriver *d = chr->opaque;

    if (d->mux_cnt >= MAX_MUX) {

        fprintf(stderr, "Cannot add I/O handlers, MUX array is full\n");

        return;

    }

    d->ext_opaque[d->mux_cnt] = chr->handler_opaque;

    d->chr_can_read[d->mux_cnt] = chr->chr_can_read;

    d->chr_read[d->mux_cnt] = chr->chr_read;

    d->chr_event[d->mux_cnt] = chr->chr_event;

    /* Fix up the real driver with mux routines */

    if (d->mux_cnt == 0) {

        qemu_chr_add_handlers(d->drv, mux_chr_can_read, mux_chr_read,

                              mux_chr_event, chr);

    }

    if (d->focus != -1) {

        mux_chr_send_event(d, d->focus, CHR_EVENT_MUX_OUT);

    }

    d->focus = d->mux_cnt;

    d->mux_cnt++;

    mux_chr_send_event(d, d->focus, CHR_EVENT_MUX_IN);

}

static CharDriverState *qemu_chr_open_mux(CharDriverState *drv)

{

    CharDriverState *chr;

    MuxDriver *d;

    chr = g_malloc0(sizeof(CharDriverState));

    d = g_malloc0(sizeof(MuxDriver));

    chr->opaque = d;

    d->drv = drv;

    d->focus = -1;

    chr->chr_write = mux_chr_write;

    chr->chr_update_read_handler = mux_chr_update_read_handler;

    chr->chr_accept_input = mux_chr_accept_input;

    /* Frontend guest-open / -close notification is not support with muxes */

    chr->chr_set_fe_open = NULL;

    /* Muxes are always open on creation */

    qemu_chr_be_generic_open(chr);

    return chr;

}

#ifdef _WIN32

int send_all(int fd, const void *buf, int len1)

{

    int ret, len;

    len = len1;

    while (len > 0) {

        ret = send(fd, buf, len, 0);

        if (ret < 0) {

            errno = WSAGetLastError();

            if (errno != WSAEWOULDBLOCK) {

                return -1;

            }

        } else if (ret == 0) {

            break;

        } else {

            buf += ret;

            len -= ret;

        }

    }

    return len1 - len;

}

#else

int send_all(int fd, const void *_buf, int len1)

{

    int ret, len;

    const uint8_t *buf = _buf;

    len = len1;

    while (len > 0) {

        ret = write(fd, buf, len);

        if (ret < 0) {

            if (errno != EINTR && errno != EAGAIN)

                return -1;

        } else if (ret == 0) {

            break;

        } else {

            buf += ret;

            len -= ret;

        }

    }

    return len1 - len;

}

int recv_all(int fd, void *_buf, int len1, bool single_read)

{

    int ret, len;

    uint8_t *buf = _buf;

    len = len1;

    while ((len > 0) && (ret = read(fd, buf, len)) != 0) {

        if (ret < 0) {

            if (errno != EINTR && errno != EAGAIN) {

                return -1;

            }

            continue;

        } else {

            if (single_read) {

                return ret;

            }

            buf += ret;

            len -= ret;

        }

    }

    return len1 - len;

}

#endif /* !_WIN32 */

typedef struct IOWatchPoll

{

    GSource parent;

    GIOChannel *channel;

    GSource *src;

    IOCanReadHandler *fd_can_read;

    GSourceFunc fd_read;

    void *opaque;

} IOWatchPoll;

static IOWatchPoll *io_watch_poll_from_source(GSource *source)

{

    return container_of(source, IOWatchPoll, parent);

}

static gboolean io_watch_poll_prepare(GSource *source, gint *timeout_)

{

    IOWatchPoll *iwp = io_watch_poll_from_source(source);

    bool now_active = iwp->fd_can_read(iwp->opaque) > 0;

    bool was_active = iwp->src != NULL;

    if (was_active == now_active) {

        return FALSE;

    }

    if (now_active) {

        iwp->src = g_io_create_watch(iwp->channel, G_IO_IN | G_IO_ERR | G_IO_HUP);

        g_source_set_callback(iwp->src, iwp->fd_read, iwp->opaque, NULL);

        g_source_attach(iwp->src, NULL);

    } else {

        g_source_destroy(iwp->src);

        g_source_unref(iwp->src);

        iwp->src = NULL;

    }

    return FALSE;

}

static gboolean io_watch_poll_check(GSource *source)

{

    return FALSE;

}

static gboolean io_watch_poll_dispatch(GSource *source, GSourceFunc callback,

                                       gpointer user_data)

{

    abort();

}

static void io_watch_poll_finalize(GSource *source)

{

    IOWatchPoll *iwp = io_watch_poll_from_source(source);

    if (iwp->src) {

        g_source_destroy(iwp->src);

        g_source_unref(iwp->src);

        iwp->src = NULL;

    }

}

static GSourceFuncs io_watch_poll_funcs = {

    .prepare = io_watch_poll_prepare,

    .check = io_watch_poll_check,

    .dispatch = io_watch_poll_dispatch,

    .finalize = io_watch_poll_finalize,

};

/* Can only be used for read */

static guint io_add_watch_poll(GIOChannel *channel,

                               IOCanReadHandler *fd_can_read,

                               GIOFunc fd_read,

                               gpointer user_data)

{

    IOWatchPoll *iwp;

    int tag;

    iwp = (IOWatchPoll *) g_source_new(&io_watch_poll_funcs, sizeof(IOWatchPoll));

    iwp->fd_can_read = fd_can_read;

    iwp->opaque = user_data;

    iwp->channel = channel;

    iwp->fd_read = (GSourceFunc) fd_read;

    iwp->src = NULL;

    tag = g_source_attach(&iwp->parent, NULL);

    g_source_unref(&iwp->parent);

    return tag;

}

#ifndef _WIN32

static GIOChannel *io_channel_from_fd(int fd)

{

    GIOChannel *chan;

    if (fd == -1) {

        return NULL;

    }

    chan = g_io_channel_unix_new(fd);

    g_io_channel_set_encoding(chan, NULL, NULL);

    g_io_channel_set_buffered(chan, FALSE);

    return chan;

}

#endif

static GIOChannel *io_channel_from_socket(int fd)

{

    GIOChannel *chan;

    if (fd == -1) {

        return NULL;

    }

#ifdef _WIN32

    chan = g_io_channel_win32_new_socket(fd);

#else

    chan = g_io_channel_unix_new(fd);

#endif

    g_io_channel_set_encoding(chan, NULL, NULL);

    g_io_channel_set_buffered(chan, FALSE);

    return chan;

}

static int io_channel_send(GIOChannel *fd, const void *buf, size_t len)

{

    GIOStatus status;

    size_t offset;

    offset = 0;

    while (offset < len) {

        gsize bytes_written;

        status = g_io_channel_write_chars(fd, buf + offset, len - offset,

                                          &bytes_written, NULL);

        if (status != G_IO_STATUS_NORMAL) {

            if (status == G_IO_STATUS_AGAIN) {

                /* If we've written any data, return a partial write. */

                if (offset) {

                    break;

                }

                errno = EAGAIN;

            } else {

                errno = EINVAL;

            }

            return -1;

        } else if (status == G_IO_STATUS_EOF) {

            break;

        }

        offset += bytes_written;

    }

    return offset;

}

#ifndef _WIN32

typedef struct FDCharDriver {

    CharDriverState *chr;

    GIOChannel *fd_in, *fd_out;

    guint fd_in_tag;

    int max_size;

    QTAILQ_ENTRY(FDCharDriver) node;

} FDCharDriver;

static int fd_chr_write(CharDriverState *chr, const uint8_t *buf, int len)

{

    FDCharDriver *s = chr->opaque;

    return io_channel_send(s->fd_out, buf, len);

}

static gboolean fd_chr_read(GIOChannel *chan, GIOCondition cond, void *opaque)

{

    CharDriverState *chr = opaque;

    FDCharDriver *s = chr->opaque;

    int len;

    uint8_t buf[READ_BUF_LEN];

    GIOStatus status;

    gsize bytes_read;

    len = sizeof(buf);

    if (len > s->max_size) {

        len = s->max_size;

    }

    if (len == 0) {

        return FALSE;

    }

    status = g_io_channel_read_chars(chan, (gchar *)buf,

                                     len, &bytes_read, NULL);

    if (status == G_IO_STATUS_EOF) {

        qemu_chr_be_event(chr, CHR_EVENT_CLOSED);

        return FALSE;

    }

    if (status == G_IO_STATUS_NORMAL) {

        qemu_chr_be_write(chr, buf, bytes_read);

    }

    return TRUE;

}

static int fd_chr_read_poll(void *opaque)

{

    CharDriverState *chr = opaque;

    FDCharDriver *s = chr->opaque;

    s->max_size = qemu_chr_be_can_write(chr);

    return s->max_size;

}

static GSource *fd_chr_add_watch(CharDriverState *chr, GIOCondition cond)

{

    FDCharDriver *s = chr->opaque;

    return g_io_create_watch(s->fd_out, cond);

}

static void fd_chr_update_read_handler(CharDriverState *chr)

{

    FDCharDriver *s = chr->opaque;

    if (s->fd_in_tag) {

        g_source_remove(s->fd_in_tag);

        s->fd_in_tag = 0;

    }

    if (s->fd_in) {

        s->fd_in_tag = io_add_watch_poll(s->fd_in, fd_chr_read_poll, fd_chr_read, chr);

    }

}

static void fd_chr_close(struct CharDriverState *chr)

{

    FDCharDriver *s = chr->opaque;

    if (s->fd_in_tag) {

        g_source_remove(s->fd_in_tag);

        s->fd_in_tag = 0;

    }

    if (s->fd_in) {

        g_io_channel_unref(s->fd_in);

    }

    if (s->fd_out) {

        g_io_channel_unref(s->fd_out);

    }

    g_free(s);

    qemu_chr_be_event(chr, CHR_EVENT_CLOSED);

}

/* open a character device to a unix fd */

static CharDriverState *qemu_chr_open_fd(int fd_in, int fd_out)

{

    CharDriverState *chr;

    FDCharDriver *s;

    chr = g_malloc0(sizeof(CharDriverState));

    s = g_malloc0(sizeof(FDCharDriver));

    s->fd_in = io_channel_from_fd(fd_in);

    s->fd_out = io_channel_from_fd(fd_out);

    fcntl(fd_out, F_SETFL, O_NONBLOCK);

    s->chr = chr;

    chr->opaque = s;

    chr->chr_add_watch = fd_chr_add_watch;

    chr->chr_write = fd_chr_write;

    chr->chr_update_read_handler = fd_chr_update_read_handler;

    chr->chr_close = fd_chr_close;

    qemu_chr_be_generic_open(chr);

    return chr;

}

static CharDriverState *qemu_chr_open_pipe(ChardevHostdev *opts)

{

    int fd_in, fd_out;

    char filename_in[256], filename_out[256];

    const char *filename = opts->device;

    if (filename == NULL) {

        fprintf(stderr, "chardev: pipe: no filename given\n");

        return NULL;

    }

    snprintf(filename_in, 256, "%s.in", filename);

    snprintf(filename_out, 256, "%s.out", filename);

    TFR(fd_in = qemu_open(filename_in, O_RDWR | O_BINARY));

    TFR(fd_out = qemu_open(filename_out, O_RDWR | O_BINARY));

    if (fd_in < 0 || fd_out < 0) {

        if (fd_in >= 0)

            close(fd_in);

        if (fd_out >= 0)

            close(fd_out);

        TFR(fd_in = fd_out = qemu_open(filename, O_RDWR | O_BINARY));

        if (fd_in < 0) {

            return NULL;

        }

    }

    return qemu_chr_open_fd(fd_in, fd_out);

}

/* init terminal so that we can grab keys */

static struct termios oldtty;

static int old_fd0_flags;

static bool stdio_allow_signal;

static void term_exit(void)

{

    tcsetattr (0, TCSANOW, &oldtty);

    fcntl(0, F_SETFL, old_fd0_flags);

}

static void qemu_chr_set_echo_stdio(CharDriverState *chr, bool echo)

{

    struct termios tty;

    tty = oldtty;

    if (!echo) {

        tty.c_iflag &= ~(IGNBRK|BRKINT|PARMRK|ISTRIP

                          |INLCR|IGNCR|ICRNL|IXON);

        tty.c_oflag |= OPOST;

        tty.c_lflag &= ~(ECHO|ECHONL|ICANON|IEXTEN);

        tty.c_cflag &= ~(CSIZE|PARENB);

        tty.c_cflag |= CS8;

        tty.c_cc[VMIN] = 1;

        tty.c_cc[VTIME] = 0;

    }

    /* if graphical mode, we allow Ctrl-C handling */

    if (!stdio_allow_signal)

        tty.c_lflag &= ~ISIG;

    tcsetattr (0, TCSANOW, &tty);

}

static void qemu_chr_close_stdio(struct CharDriverState *chr)

{

    term_exit();

    fd_chr_close(chr);

}

static CharDriverState *qemu_chr_open_stdio(ChardevStdio *opts)

{

    CharDriverState *chr;

    if (is_daemonized()) {

        error_report("cannot use stdio with -daemonize");

        return NULL;

    }

    old_fd0_flags = fcntl(0, F_GETFL);

    tcgetattr (0, &oldtty);

    fcntl(0, F_SETFL, O_NONBLOCK);

    atexit(term_exit);

    chr = qemu_chr_open_fd(0, 1);

    chr->chr_close = qemu_chr_close_stdio;

    chr->chr_set_echo = qemu_chr_set_echo_stdio;

    stdio_allow_signal = display_type != DT_NOGRAPHIC;

    if (opts->has_signal) {

        stdio_allow_signal = opts->signal;

    }

    qemu_chr_fe_set_echo(chr, false);

    return chr;

}

#ifdef __sun__

/* Once Solaris has openpty(), this is going to be removed. */

static int openpty(int *amaster, int *aslave, char *name,

                   struct termios *termp, struct winsize *winp)

{

        const char *slave;

        int mfd = -1, sfd = -1;

        *amaster = *aslave = -1;

        mfd = open("/dev/ptmx", O_RDWR | O_NOCTTY);

        if (mfd < 0)

                goto err;

        if (grantpt(mfd) == -1 || unlockpt(mfd) == -1)

                goto err;

        if ((slave = ptsname(mfd)) == NULL)

                goto err;

        if ((sfd = open(slave, O_RDONLY | O_NOCTTY)) == -1)

                goto err;

        if (ioctl(sfd, I_PUSH, "ptem") == -1 ||

            (termp != NULL && tcgetattr(sfd, termp) < 0))

                goto err;

        if (amaster)

                *amaster = mfd;

        if (aslave)

                *aslave = sfd;

        if (winp)

                ioctl(sfd, TIOCSWINSZ, winp);

        return 0;

err:

        if (sfd != -1)

                close(sfd);

        close(mfd);

        return -1;

}

static void cfmakeraw (struct termios *termios_p)

{

        termios_p->c_iflag &=

                ~(IGNBRK|BRKINT|PARMRK|ISTRIP|INLCR|IGNCR|ICRNL|IXON);

        termios_p->c_oflag &= ~OPOST;

        termios_p->c_lflag &= ~(ECHO|ECHONL|ICANON|ISIG|IEXTEN);

        termios_p->c_cflag &= ~(CSIZE|PARENB);

        termios_p->c_cflag |= CS8;

        termios_p->c_cc[VMIN] = 0;

        termios_p->c_cc[VTIME] = 0;

}

#endif

#if defined(__linux__) || defined(__sun__) || defined(__FreeBSD__) \

    || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__DragonFly__) \

    || defined(__GLIBC__)

#define HAVE_CHARDEV_TTY 1

typedef struct {

    GIOChannel *fd;

    guint fd_tag;

    int connected;

    int read_bytes;

    guint timer_tag;

} PtyCharDriver;

static void pty_chr_update_read_handler(CharDriverState *chr);

static void pty_chr_state(CharDriverState *chr, int connected);

static gboolean pty_chr_timer(gpointer opaque)

{

    struct CharDriverState *chr = opaque;

    PtyCharDriver *s = chr->opaque;

    if (s->connected) {

        goto out;

    }

    /* Next poll ... */

    pty_chr_update_read_handler(chr);

out:

    return FALSE;

}

static void pty_chr_rearm_timer(CharDriverState *chr, int ms)

{

    PtyCharDriver *s = chr->opaque;

    if (s->timer_tag) {

        g_source_remove(s->timer_tag);

        s->timer_tag = 0;

    }

    if (ms == 1000) {

        s->timer_tag = g_timeout_add_seconds(1, pty_chr_timer, chr);

    } else {

        s->timer_tag = g_timeout_add(ms, pty_chr_timer, chr);

    }

}

static int pty_chr_write(CharDriverState *chr, const uint8_t *buf, int len)

{

    PtyCharDriver *s = chr->opaque;

    if (!s->connected) {

        /* guest sends data, check for (re-)connect */

        pty_chr_update_read_handler(chr);

        return 0;

    }

    return io_channel_send(s->fd, buf, len);

}

static GSource *pty_chr_add_watch(CharDriverState *chr, GIOCondition cond)

{

    PtyCharDriver *s = chr->opaque;

    return g_io_create_watch(s->fd, cond);

}

static int pty_chr_read_poll(void *opaque)

{

    CharDriverState *chr = opaque;

    PtyCharDriver *s = chr->opaque;

    s->read_bytes = qemu_chr_be_can_write(chr);

    return s->read_bytes;

}

static gboolean pty_chr_read(GIOChannel *chan, GIOCondition cond, void *opaque)

{

    CharDriverState *chr = opaque;

    PtyCharDriver *s = chr->opaque;

    gsize size, len;

    uint8_t buf[READ_BUF_LEN];

    GIOStatus status;

    len = sizeof(buf);

    if (len > s->read_bytes)

        len = s->read_bytes;

    if (len == 0)

        return FALSE;

    status = g_io_channel_read_chars(s->fd, (gchar *)buf, len, &size, NULL);

    if (status != G_IO_STATUS_NORMAL) {

        pty_chr_state(chr, 0);

        return FALSE;

    } else {

        pty_chr_state(chr, 1);

        qemu_chr_be_write(chr, buf, size);

    }

    return TRUE;

}

static void pty_chr_update_read_handler(CharDriverState *chr)

{

    PtyCharDriver *s = chr->opaque;

    GPollFD pfd;

    pfd.fd = g_io_channel_unix_get_fd(s->fd);

    pfd.events = G_IO_OUT;

    pfd.revents = 0;

    g_poll(&pfd, 1, 0);

    if (pfd.revents & G_IO_HUP) {

        pty_chr_state(chr, 0);

    } else {

        pty_chr_state(chr, 1);

    }

}

static void pty_chr_state(CharDriverState *chr, int connected)

{

    PtyCharDriver *s = chr->opaque;

    if (!connected) {

        if (s->fd_tag) {

            g_source_remove(s->fd_tag);

            s->fd_tag = 0;

        }

        s->connected = 0;

        /* (re-)connect poll interval for idle guests: once per second.

         * We check more frequently in case the guests sends data to

         * the virtual device linked to our pty. */

        pty_chr_rearm_timer(chr, 1000);

    } else {

        if (s->timer_tag) {

            g_source_remove(s->timer_tag);

            s->timer_tag = 0;

        }

        if (!s->connected) {

            qemu_chr_be_generic_open(chr);

            s->connected = 1;

            s->fd_tag = io_add_watch_poll(s->fd, pty_chr_read_poll, pty_chr_read, chr);

        }

    }

}

static void pty_chr_close(struct CharDriverState *chr)

{

    PtyCharDriver *s = chr->opaque;

    int fd;

    if (s->fd_tag) {

        g_source_remove(s->fd_tag);

        s->fd_tag = 0;

    }

    fd = g_io_channel_unix_get_fd(s->fd);

    g_io_channel_unref(s->fd);

    close(fd);

    if (s->timer_tag) {

        g_source_remove(s->timer_tag);

        s->timer_tag = 0;

    }

    g_free(s);

    qemu_chr_be_event(chr, CHR_EVENT_CLOSED);

}

static CharDriverState *qemu_chr_open_pty(const char *id,

                                          ChardevReturn *ret)

{

    CharDriverState *chr;

    PtyCharDriver *s;

    struct termios tty;

    int master_fd, slave_fd;

#if defined(__OpenBSD__) || defined(__DragonFly__)

    char pty_name[PATH_MAX];

#define q_ptsname(x) pty_name

#else

    char *pty_name = NULL;

#define q_ptsname(x) ptsname(x)

#endif

    if (openpty(&master_fd, &slave_fd, pty_name, NULL, NULL) < 0) {

        return NULL;

    }

    /* Set raw attributes on the pty. */

    tcgetattr(slave_fd, &tty);

    cfmakeraw(&tty);

    tcsetattr(slave_fd, TCSAFLUSH, &tty);

    close(slave_fd);

    chr = g_malloc0(sizeof(CharDriverState));

    chr->filename = g_strdup_printf("pty:%s", q_ptsname(master_fd));

    ret->pty = g_strdup(q_ptsname(master_fd));

    ret->has_pty = true;

    fprintf(stderr, "char device redirected to %s (label %s)\n",

            q_ptsname(master_fd), id);

    s = g_malloc0(sizeof(PtyCharDriver));

    chr->opaque = s;

    chr->chr_write = pty_chr_write;

    chr->chr_update_read_handler = pty_chr_update_read_handler;

    chr->chr_close = pty_chr_close;

    chr->chr_add_watch = pty_chr_add_watch;

    s->fd = io_channel_from_fd(master_fd);

    s->timer_tag = 0;

    return chr;

}

static void tty_serial_init(int fd, int speed,

                            int parity, int data_bits, int stop_bits)

{

    struct termios tty;

    speed_t spd;

#if 0

    printf("tty_serial_init: speed=%d parity=%c data=%d stop=%d\n",

           speed, parity, data_bits, stop_bits);

#endif

    tcgetattr (fd, &tty);

#define check_speed(val) if (speed <= val) { spd = B##val; break; }

    speed = speed * 10 / 11;

    do {

        check_speed(50);

        check_speed(75);

        check_speed(110);

        check_speed(134);

        check_speed(150);

        check_speed(200);

        check_speed(300);

        check_speed(600);

        check_speed(1200);

        check_speed(1800);

        check_speed(2400);

        check_speed(4800);

        check_speed(9600);

        check_speed(19200);

        check_speed(38400);

        /* Non-Posix values follow. They may be unsupported on some systems. */

        check_speed(57600);

        check_speed(115200);

#ifdef B230400

        check_speed(230400);

#endif

#ifdef B460800

        check_speed(460800);

#endif

#ifdef B500000

        check_speed(500000);

#endif

#ifdef B576000

        check_speed(576000);

#endif

#ifdef B921600

        check_speed(921600);

#endif

#ifdef B1000000

        check_speed(1000000);

#endif

#ifdef B1152000

        check_speed(1152000);

#endif

#ifdef B1500000

        check_speed(1500000);

#endif

#ifdef B2000000

        check_speed(2000000);

#endif

#ifdef B2500000

        check_speed(2500000);

#endif

#ifdef B3000000

        check_speed(3000000);

#endif

#ifdef B3500000

        check_speed(3500000);

#endif

#ifdef B4000000

        check_speed(4000000);

#endif

        spd = B115200;

    } while (0);

    cfsetispeed(&tty, spd);

    cfsetospeed(&tty, spd);

    tty.c_iflag &= ~(IGNBRK|BRKINT|PARMRK|ISTRIP

                          |INLCR|IGNCR|ICRNL|IXON);

    tty.c_oflag |= OPOST;

    tty.c_lflag &= ~(ECHO|ECHONL|ICANON|IEXTEN|ISIG);

    tty.c_cflag &= ~(CSIZE|PARENB|PARODD|CRTSCTS|CSTOPB);

    switch(data_bits) {

    default:

    case 8:

        tty.c_cflag |= CS8;

        break;

    case 7:

        tty.c_cflag |= CS7;

        break;

    case 6:

        tty.c_cflag |= CS6;

        break;

    case 5:

        tty.c_cflag |= CS5;

        break;

    }

    switch(parity) {

    default:

    case 'N':

        break;

    case 'E':

        tty.c_cflag |= PARENB;

        break;

    case 'O':

        tty.c_cflag |= PARENB | PARODD;

        break;

    }

    if (stop_bits == 2)

        tty.c_cflag |= CSTOPB;

    tcsetattr (fd, TCSANOW, &tty);

}

static int tty_serial_ioctl(CharDriverState *chr, int cmd, void *arg)

{

    FDCharDriver *s = chr->opaque;

    switch(cmd) {

    case CHR_IOCTL_SERIAL_SET_PARAMS:

        {

            QEMUSerialSetParams *ssp = arg;

            tty_serial_init(g_io_channel_unix_get_fd(s->fd_in),

                            ssp->speed, ssp->parity,

                            ssp->data_bits, ssp->stop_bits);

        }

        break;

    case CHR_IOCTL_SERIAL_SET_BREAK:

        {

            int enable = *(int *)arg;

            if (enable) {

                tcsendbreak(g_io_channel_unix_get_fd(s->fd_in), 1);

            }

        }

        break;

    case CHR_IOCTL_SERIAL_GET_TIOCM:

        {