[Qemu-devel] [PULL v3 0/3] audio patch queue

[Qemu-devel] [PULL v3 0/3] audio patch queue

[Gerd Hoffmann]

  Hi,

Three little audio patches, adding replay support
and fixing audio with SDL2.

v3: really fix osx build failure.

The following changes since commit e7c83a885f865128ae3cf1946f8cb538b63cbfba:

  vhost-user: delay vhost_user_stop (2017-02-28 19:11:15 +0000)

are available in the git repository at:

  git://git.kraxel.org/qemu tags/pull-audio-20170301-1

for you to fetch changes up to bcf19777df78193f7cdb108a55db44fd4f20d5b5:

  audio/sdlaudio: Allow audio playback with SDL2 (2017-03-01 15:12:03 +0100)

----------------------------------------------------------------
audio: replay support, sdl2 fix.

----------------------------------------------------------------
Pavel Dovgalyuk (2):
      replay: add record/replay for audio passthrough
      audio: make audio poll timer deterministic

Thomas Huth (1):
      audio/sdlaudio: Allow audio playback with SDL2

 audio/audio.c            | 11 +++++--
 audio/audio.h            |  5 +++
 audio/mixeng.c           | 32 ++++++++++++++++++++
 audio/sdlaudio.c         | 48 +++++++++++++++++++++++++++++
 docs/replay.txt          |  7 +++++
 include/sysemu/replay.h  |  7 +++++
 replay/Makefile.objs     |  1 +
 replay/replay-audio.c    | 79 ++++++++++++++++++++++++++++++++++++++++++++++++
 replay/replay-internal.h |  4 +++
 9 files changed, 191 insertions(+), 3 deletions(-)
 create mode 100644 replay/replay-audio.c

[Qemu-devel] [PULL v3 1/3] replay: add record/replay for audio passthrough

[Gerd Hoffmann]

From: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>

This patch adds recording and replaying audio data. Is saves synchronization
information for audio out and inputs from the microphone.

v2: removed unneeded whitespace change

Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-id: 20170202055054.4848.94901.stgit@PASHA-ISP.lan02.inno

[ kraxel: add qemu/error-report.h include to fix osx build failure ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 audio/audio.c            |  9 ++++--
 audio/audio.h            |  5 +++
 audio/mixeng.c           | 32 ++++++++++++++++++++
 docs/replay.txt          |  7 +++++
 include/sysemu/replay.h  |  7 +++++
 replay/Makefile.objs     |  1 +
 replay/replay-audio.c    | 79 ++++++++++++++++++++++++++++++++++++++++++++++++
 replay/replay-internal.h |  4 +++
 8 files changed, 142 insertions(+), 2 deletions(-)
 create mode 100644 replay/replay-audio.c

diff --git a/audio/audio.c b/audio/audio.c
index c845a44..21f7b0b 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -28,6 +28,7 @@
 #include "qemu/timer.h"
 #include "sysemu/sysemu.h"
 #include "qemu/cutils.h"
+#include "sysemu/replay.h"
 
 #define AUDIO_CAP "audio"
 #include "audio_int.h"
@@ -1387,6 +1388,7 @@ static void audio_run_out (AudioState *s)
 
         prev_rpos = hw->rpos;
         played = hw->pcm_ops->run_out (hw, live);
+        replay_audio_out(&played);
         if (audio_bug (AUDIO_FUNC, hw->rpos >= hw->samples)) {
             dolog ("hw->rpos=%d hw->samples=%d played=%d\n",
                    hw->rpos, hw->samples, played);
@@ -1450,9 +1452,12 @@ static void audio_run_in (AudioState *s)
 
     while ((hw = audio_pcm_hw_find_any_enabled_in (hw))) {
         SWVoiceIn *sw;
-        int captured, min;
+        int captured = 0, min;
 
-        captured = hw->pcm_ops->run_in (hw);
+        if (replay_mode != REPLAY_MODE_PLAY) {
+            captured = hw->pcm_ops->run_in(hw);
+        }
+        replay_audio_in(&captured, hw->conv_buf, &hw->wpos, hw->samples);
 
         min = audio_pcm_hw_find_min_in (hw);
         hw->total_samples_captured += captured - min;
diff --git a/audio/audio.h b/audio/audio.h
index c3c5198..f4339a1 100644
--- a/audio/audio.h
+++ b/audio/audio.h
@@ -166,4 +166,9 @@ int wav_start_capture (CaptureState *s, const char *path, int freq,
 bool audio_is_cleaning_up(void);
 void audio_cleanup(void);
 
+void audio_sample_to_uint64(void *samples, int pos,
+                            uint64_t *left, uint64_t *right);
+void audio_sample_from_uint64(void *samples, int pos,
+                            uint64_t left, uint64_t right);
+
 #endif /* QEMU_AUDIO_H */
diff --git a/audio/mixeng.c b/audio/mixeng.c
index 66c0328..0bf9b53 100644
--- a/audio/mixeng.c
+++ b/audio/mixeng.c
@@ -25,6 +25,7 @@
 #include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "qemu/bswap.h"
+#include "qemu/error-report.h"
 #include "audio.h"
 
 #define AUDIO_CAP "mixeng"
@@ -267,6 +268,37 @@ f_sample *mixeng_clip[2][2][2][3] = {
     }
 };
 
+
+void audio_sample_to_uint64(void *samples, int pos,
+                            uint64_t *left, uint64_t *right)
+{
+    struct st_sample *sample = samples;
+    sample += pos;
+#ifdef FLOAT_MIXENG
+    error_report(
+        "Coreaudio and floating point samples are not supported by replay yet");
+    abort();
+#else
+    *left = sample->l;
+    *right = sample->r;
+#endif
+}
+
+void audio_sample_from_uint64(void *samples, int pos,
+                            uint64_t left, uint64_t right)
+{
+    struct st_sample *sample = samples;
+    sample += pos;
+#ifdef FLOAT_MIXENG
+    error_report(
+        "Coreaudio and floating point samples are not supported by replay yet");
+    abort();
+#else
+    sample->l = left;
+    sample->r = right;
+#endif
+}
+
 /*
  * August 21, 1998
  * Copyright 1998 Fabrice Bellard.
diff --git a/docs/replay.txt b/docs/replay.txt
index 03e1931..486c1e0 100644
--- a/docs/replay.txt
+++ b/docs/replay.txt
@@ -225,3 +225,10 @@ recording the virtual machine this filter puts all packets coming from
 the outer world into the log. In replay mode packets from the log are
 injected into the network device. All interactions with network backend
 in replay mode are disabled.
+
+Audio devices
+-------------
+
+Audio data is recorded and replay automatically. The command line for recording
+and replaying must contain identical specifications of audio hardware, e.g.:
+ -soundhw ac97
diff --git a/include/sysemu/replay.h b/include/sysemu/replay.h
index 7aad20b..f1c0712 100644
--- a/include/sysemu/replay.h
+++ b/include/sysemu/replay.h
@@ -152,6 +152,13 @@ void replay_unregister_net(ReplayNetState *rns);
 void replay_net_packet_event(ReplayNetState *rns, unsigned flags,
                              const struct iovec *iov, int iovcnt);
 
+/* Audio */
+
+/*! Saves/restores number of played samples of audio out operation. */
+void replay_audio_out(int *played);
+/*! Saves/restores recorded samples of audio in operation. */
+void replay_audio_in(int *recorded, void *samples, int *wpos, int size);
+
 /* VM state operations */
 
 /*! Called at the start of execution.
diff --git a/replay/Makefile.objs b/replay/Makefile.objs
index b2afd40..cee6539 100644
--- a/replay/Makefile.objs
+++ b/replay/Makefile.objs
@@ -6,3 +6,4 @@ common-obj-y += replay-input.o
 common-obj-y += replay-char.o
 common-obj-y += replay-snapshot.o
 common-obj-y += replay-net.o
+common-obj-y += replay-audio.o
\ No newline at end of file
diff --git a/replay/replay-audio.c b/replay/replay-audio.c
new file mode 100644
index 0000000..3d83743
--- /dev/null
+++ b/replay/replay-audio.c
@@ -0,0 +1,79 @@
+/*
+ * replay-audio.c
+ *
+ * Copyright (c) 2010-2017 Institute for System Programming
+ *                         of the Russian Academy of Sciences.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/error-report.h"
+#include "sysemu/replay.h"
+#include "replay-internal.h"
+#include "sysemu/sysemu.h"
+#include "audio/audio.h"
+
+void replay_audio_out(int *played)
+{
+    if (replay_mode == REPLAY_MODE_RECORD) {
+        replay_save_instructions();
+        replay_mutex_lock();
+        replay_put_event(EVENT_AUDIO_OUT);
+        replay_put_dword(*played);
+        replay_mutex_unlock();
+    } else if (replay_mode == REPLAY_MODE_PLAY) {
+        replay_account_executed_instructions();
+        replay_mutex_lock();
+        if (replay_next_event_is(EVENT_AUDIO_OUT)) {
+            *played = replay_get_dword();
+            replay_finish_event();
+            replay_mutex_unlock();
+        } else {
+            replay_mutex_unlock();
+            error_report("Missing audio out event in the replay log");
+            abort();
+        }
+    }
+}
+
+void replay_audio_in(int *recorded, void *samples, int *wpos, int size)
+{
+    int pos;
+    uint64_t left, right;
+    if (replay_mode == REPLAY_MODE_RECORD) {
+        replay_save_instructions();
+        replay_mutex_lock();
+        replay_put_event(EVENT_AUDIO_IN);
+        replay_put_dword(*recorded);
+        replay_put_dword(*wpos);
+        for (pos = (*wpos - *recorded + size) % size ; pos != *wpos
+             ; pos = (pos + 1) % size) {
+            audio_sample_to_uint64(samples, pos, &left, &right);
+            replay_put_qword(left);
+            replay_put_qword(right);
+        }
+        replay_mutex_unlock();
+    } else if (replay_mode == REPLAY_MODE_PLAY) {
+        replay_account_executed_instructions();
+        replay_mutex_lock();
+        if (replay_next_event_is(EVENT_AUDIO_IN)) {
+            *recorded = replay_get_dword();
+            *wpos = replay_get_dword();
+            for (pos = (*wpos - *recorded + size) % size ; pos != *wpos
+                 ; pos = (pos + 1) % size) {
+                left = replay_get_qword();
+                right = replay_get_qword();
+                audio_sample_from_uint64(samples, pos, left, right);
+            }
+            replay_finish_event();
+            replay_mutex_unlock();
+        } else {
+            replay_mutex_unlock();
+            error_report("Missing audio in event in the replay log");
+            abort();
+        }
+    }
+}
diff --git a/replay/replay-internal.h b/replay/replay-internal.h
index c26d079..ed66ed8 100644
--- a/replay/replay-internal.h
+++ b/replay/replay-internal.h
@@ -29,6 +29,10 @@ enum ReplayEvents {
     /* for character device read all event */
     EVENT_CHAR_READ_ALL,
     EVENT_CHAR_READ_ALL_ERROR,
+    /* for audio out event */
+    EVENT_AUDIO_OUT,
+    /* for audio in event */
+    EVENT_AUDIO_IN,
     /* for clock read/writes */
     /* some of greater codes are reserved for clocks */
     EVENT_CLOCK,
-- 
1.8.3.1

[Qemu-devel] [PULL v3 2/3] audio: make audio poll timer deterministic

[Gerd Hoffmann]

From: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>

This patch changes resetting strategy of the audio polling timer.
It does not change expiration time if the timer is already set.
This patch is needed to make this timer deterministic and to use execution
record/replay for audio devices.

audio_reset_timer is used in the function audio_vm_change_state_handler.
Therefore every time VM is stopped or restarted the timer will be reset
to new timeout. Virtual clock does not proceed while VM is stopped.
Therefore there is no need in resetting the timeout when VM restarts.

v2: updated commit message
v3: now using timer_mod_anticipate function (as suggested by Yurii Zubrytskyi)

Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
Message-id: 20170214071510.6112.76764.stgit@PASHA-ISP
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 audio/audio.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/audio/audio.c b/audio/audio.c
index 21f7b0b..c8898d8 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -1113,7 +1113,7 @@ static int audio_is_timer_needed (void)
 static void audio_reset_timer (AudioState *s)
 {
     if (audio_is_timer_needed ()) {
-        timer_mod (s->ts,
+        timer_mod_anticipate_ns(s->ts,
             qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + conf.period.ticks);
     }
     else {
-- 
1.8.3.1

[Qemu-devel] [PULL v3 3/3] audio/sdlaudio: Allow audio playback with SDL2

[Gerd Hoffmann]

From: Thomas Huth <thuth@redhat.com>

When compiling with SDL2, the semaphore trick used in sdlaudio.c
does not work - QEMU locks up completely in this case. To avoid
the hang and get at least some audio playback up and running (it's
a little bit crackling, but better than nothing), we can use the
SDL locking functions SDL_LockAudio() and SDL_UnlockAudio() to sync
with the sound playback thread instead.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 1485852398-2327-1-git-send-email-thuth@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 audio/sdlaudio.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/audio/sdlaudio.c b/audio/sdlaudio.c
index db69fe1..e8d91d2 100644
--- a/audio/sdlaudio.c
+++ b/audio/sdlaudio.c
@@ -38,10 +38,14 @@
 #define AUDIO_CAP "sdl"
 #include "audio_int.h"
 
+#define USE_SEMAPHORE (SDL_MAJOR_VERSION < 2)
+
 typedef struct SDLVoiceOut {
     HWVoiceOut hw;
     int live;
+#if USE_SEMAPHORE
     int rpos;
+#endif
     int decr;
 } SDLVoiceOut;
 
@@ -53,8 +57,10 @@ static struct {
 
 static struct SDLAudioState {
     int exit;
+#if USE_SEMAPHORE
     SDL_mutex *mutex;
     SDL_sem *sem;
+#endif
     int initialized;
     bool driver_created;
 } glob_sdl;
@@ -73,31 +79,45 @@ static void GCC_FMT_ATTR (1, 2) sdl_logerr (const char *fmt, ...)
 
 static int sdl_lock (SDLAudioState *s, const char *forfn)
 {
+#if USE_SEMAPHORE
     if (SDL_LockMutex (s->mutex)) {
         sdl_logerr ("SDL_LockMutex for %s failed\n", forfn);
         return -1;
     }
+#else
+    SDL_LockAudio();
+#endif
+
     return 0;
 }
 
 static int sdl_unlock (SDLAudioState *s, const char *forfn)
 {
+#if USE_SEMAPHORE
     if (SDL_UnlockMutex (s->mutex)) {
         sdl_logerr ("SDL_UnlockMutex for %s failed\n", forfn);
         return -1;
     }
+#else
+    SDL_UnlockAudio();
+#endif
+
     return 0;
 }
 
 static int sdl_post (SDLAudioState *s, const char *forfn)
 {
+#if USE_SEMAPHORE
     if (SDL_SemPost (s->sem)) {
         sdl_logerr ("SDL_SemPost for %s failed\n", forfn);
         return -1;
     }
+#endif
+
     return 0;
 }
 
+#if USE_SEMAPHORE
 static int sdl_wait (SDLAudioState *s, const char *forfn)
 {
     if (SDL_SemWait (s->sem)) {
@@ -106,6 +126,7 @@ static int sdl_wait (SDLAudioState *s, const char *forfn)
     }
     return 0;
 }
+#endif
 
 static int sdl_unlock_and_post (SDLAudioState *s, const char *forfn)
 {
@@ -246,6 +267,7 @@ static void sdl_callback (void *opaque, Uint8 *buf, int len)
         int to_mix, decr;
 
         /* dolog ("in callback samples=%d\n", samples); */
+#if USE_SEMAPHORE
         sdl_wait (s, "sdl_callback");
         if (s->exit) {
             return;
@@ -264,6 +286,11 @@ static void sdl_callback (void *opaque, Uint8 *buf, int len)
         if (!sdl->live) {
             goto again;
         }
+#else
+        if (s->exit || !sdl->live) {
+            break;
+        }
+#endif
 
         /* dolog ("in callback live=%d\n", live); */
         to_mix = audio_MIN (samples, sdl->live);
@@ -274,7 +301,11 @@ static void sdl_callback (void *opaque, Uint8 *buf, int len)
 
             /* dolog ("in callback to_mix %d, chunk %d\n", to_mix, chunk); */
             hw->clip (buf, src, chunk);
+#if USE_SEMAPHORE
             sdl->rpos = (sdl->rpos + chunk) % hw->samples;
+#else
+            hw->rpos = (hw->rpos + chunk) % hw->samples;
+#endif
             to_mix -= chunk;
             buf += chunk << hw->info.shift;
         }
@@ -282,12 +313,21 @@ static void sdl_callback (void *opaque, Uint8 *buf, int len)
         sdl->live -= decr;
         sdl->decr += decr;
 
+#if USE_SEMAPHORE
     again:
         if (sdl_unlock (s, "sdl_callback")) {
             return;
         }
+#endif
     }
     /* dolog ("done len=%d\n", len); */
+
+#if (SDL_MAJOR_VERSION >= 2)
+    /* SDL2 does not clear the remaining buffer for us, so do it on our own */
+    if (samples) {
+        memset(buf, 0, samples << hw->info.shift);
+    }
+#endif
 }
 
 static int sdl_write_out (SWVoiceOut *sw, void *buf, int len)
@@ -315,8 +355,12 @@ static int sdl_run_out (HWVoiceOut *hw, int live)
     decr = audio_MIN (sdl->decr, live);
     sdl->decr -= decr;
 
+#if USE_SEMAPHORE
     sdl->live = live - decr;
     hw->rpos = sdl->rpos;
+#else
+    sdl->live = live;
+#endif
 
     if (sdl->live > 0) {
         sdl_unlock_and_post (s, "sdl_run_out");
@@ -405,6 +449,7 @@ static void *sdl_audio_init (void)
         return NULL;
     }
 
+#if USE_SEMAPHORE
     s->mutex = SDL_CreateMutex ();
     if (!s->mutex) {
         sdl_logerr ("Failed to create SDL mutex\n");
@@ -419,6 +464,7 @@ static void *sdl_audio_init (void)
         SDL_QuitSubSystem (SDL_INIT_AUDIO);
         return NULL;
     }
+#endif
 
     s->driver_created = true;
     return s;
@@ -428,8 +474,10 @@ static void sdl_audio_fini (void *opaque)
 {
     SDLAudioState *s = opaque;
     sdl_close (s);
+#if USE_SEMAPHORE
     SDL_DestroySemaphore (s->sem);
     SDL_DestroyMutex (s->mutex);
+#endif
     SDL_QuitSubSystem (SDL_INIT_AUDIO);
     s->driver_created = false;
 }
-- 
1.8.3.1

Re: [Qemu-devel] [PULL v3 0/3] audio patch queue

[Peter Maydell]

On 1 March 2017 at 15:40, Gerd Hoffmann <kraxel@redhat.com> wrote:
>   Hi,
>
> Three little audio patches, adding replay support
> and fixing audio with SDL2.
>
> v3: really fix osx build failure.
>
> The following changes since commit e7c83a885f865128ae3cf1946f8cb538b63cbfba:
>
>   vhost-user: delay vhost_user_stop (2017-02-28 19:11:15 +0000)
>
> are available in the git repository at:
>
>   git://git.kraxel.org/qemu tags/pull-audio-20170301-1
>
> for you to fetch changes up to bcf19777df78193f7cdb108a55db44fd4f20d5b5:
>
>   audio/sdlaudio: Allow audio playback with SDL2 (2017-03-01 15:12:03 +0100)
>
> ----------------------------------------------------------------
> audio: replay support, sdl2 fix.
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PULL v3 1/3] replay: add record/replay for audio passthrough

[Alex Bennée]

Gerd Hoffmann <kraxel@redhat.com> writes:

> From: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
>
> This patch adds recording and replaying audio data. Is saves synchronization
> information for audio out and inputs from the microphone.
>
> v2: removed unneeded whitespace change
>
> Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
> Message-id: 20170202055054.4848.94901.stgit@PASHA-ISP.lan02.inno
>
> [ kraxel: add qemu/error-report.h include to fix osx build failure ]
>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>  audio/audio.c            |  9 ++++--
>  audio/audio.h            |  5 +++
>  audio/mixeng.c           | 32 ++++++++++++++++++++
>  docs/replay.txt          |  7 +++++
>  include/sysemu/replay.h  |  7 +++++
>  replay/Makefile.objs     |  1 +
>  replay/replay-audio.c    | 79 ++++++++++++++++++++++++++++++++++++++++++++++++
>  replay/replay-internal.h |  4 +++
>  8 files changed, 142 insertions(+), 2 deletions(-)
>  create mode 100644 replay/replay-audio.c
>
<snip>
> diff --git a/replay/replay-internal.h b/replay/replay-internal.h
> index c26d079..ed66ed8 100644
> --- a/replay/replay-internal.h
> +++ b/replay/replay-internal.h
> @@ -29,6 +29,10 @@ enum ReplayEvents {
>      /* for character device read all event */
>      EVENT_CHAR_READ_ALL,
>      EVENT_CHAR_READ_ALL_ERROR,
> +    /* for audio out event */
> +    EVENT_AUDIO_OUT,
> +    /* for audio in event */
> +    EVENT_AUDIO_IN,
>      /* for clock read/writes */
>      /* some of greater codes are reserved for clocks */
>      EVENT_CLOCK,

Well one thing I noticed while I was trying to work out the difference
between pre/post mttcg replay problems is the log format ABI has
changed. REPLAY_VERSION needs to be bumped to prevent confusion.

--
Alex Bennée

Re: [Qemu-devel] [PULL v3 1/3] replay: add record/replay for audio passthrough

[Pavel Dovgalyuk]

> From: Alex Bennée [mailto:alex.bennee@linaro.org]
> > From: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
> >
> > This patch adds recording and replaying audio data. Is saves synchronization
> > information for audio out and inputs from the microphone.
> >
> > v2: removed unneeded whitespace change
> >
> > Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
> > Message-id: 20170202055054.4848.94901.stgit@PASHA-ISP.lan02.inno
> >
> > [ kraxel: add qemu/error-report.h include to fix osx build failure ]
> >
> > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> > ---
> >  audio/audio.c            |  9 ++++--
> >  audio/audio.h            |  5 +++
> >  audio/mixeng.c           | 32 ++++++++++++++++++++
> >  docs/replay.txt          |  7 +++++
> >  include/sysemu/replay.h  |  7 +++++
> >  replay/Makefile.objs     |  1 +
> >  replay/replay-audio.c    | 79 ++++++++++++++++++++++++++++++++++++++++++++++++
> >  replay/replay-internal.h |  4 +++
> >  8 files changed, 142 insertions(+), 2 deletions(-)
> >  create mode 100644 replay/replay-audio.c
> >
> <snip>
> > diff --git a/replay/replay-internal.h b/replay/replay-internal.h
> > index c26d079..ed66ed8 100644
> > --- a/replay/replay-internal.h
> > +++ b/replay/replay-internal.h
> > @@ -29,6 +29,10 @@ enum ReplayEvents {
> >      /* for character device read all event */
> >      EVENT_CHAR_READ_ALL,
> >      EVENT_CHAR_READ_ALL_ERROR,
> > +    /* for audio out event */
> > +    EVENT_AUDIO_OUT,
> > +    /* for audio in event */
> > +    EVENT_AUDIO_IN,
> >      /* for clock read/writes */
> >      /* some of greater codes are reserved for clocks */
> >      EVENT_CLOCK,
> 
> Well one thing I noticed while I was trying to work out the difference
> between pre/post mttcg replay problems is the log format ABI has
> changed. REPLAY_VERSION needs to be bumped to prevent confusion.

Right, I missed that while sending the patches.

Pavel Dovgalyuk

Re: [Qemu-devel] [PULL v3 1/3] replay: add record/replay for audio passthrough

[Peter Maydell]

On 1 March 2017 at 15:40, Gerd Hoffmann <kraxel@redhat.com> wrote:
> From: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
>
> This patch adds recording and replaying audio data. Is saves synchronization
> information for audio out and inputs from the microphone.
>
> v2: removed unneeded whitespace change
>
> Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
> Message-id: 20170202055054.4848.94901.stgit@PASHA-ISP.lan02.inno
>
> [ kraxel: add qemu/error-report.h include to fix osx build failure ]
>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>  audio/audio.c            |  9 ++++--
>  audio/audio.h            |  5 +++
>  audio/mixeng.c           | 32 ++++++++++++++++++++
>  docs/replay.txt          |  7 +++++
>  include/sysemu/replay.h  |  7 +++++
>  replay/Makefile.objs     |  1 +
>  replay/replay-audio.c    | 79 ++++++++++++++++++++++++++++++++++++++++++++++++
>  replay/replay-internal.h |  4 +++
>  8 files changed, 142 insertions(+), 2 deletions(-)
>  create mode 100644 replay/replay-audio.c
>
> diff --git a/audio/audio.c b/audio/audio.c
> index c845a44..21f7b0b 100644
> --- a/audio/audio.c
> +++ b/audio/audio.c
> @@ -28,6 +28,7 @@
>  #include "qemu/timer.h"
>  #include "sysemu/sysemu.h"
>  #include "qemu/cutils.h"
> +#include "sysemu/replay.h"
>
>  #define AUDIO_CAP "audio"
>  #include "audio_int.h"
> @@ -1387,6 +1388,7 @@ static void audio_run_out (AudioState *s)
>
>          prev_rpos = hw->rpos;
>          played = hw->pcm_ops->run_out (hw, live);
> +        replay_audio_out(&played);
>          if (audio_bug (AUDIO_FUNC, hw->rpos >= hw->samples)) {
>              dolog ("hw->rpos=%d hw->samples=%d played=%d\n",
>                     hw->rpos, hw->samples, played);

Hi. Coverity produces a new warning because of this change (CID1390632),
because it treats the replay file as "tainted data", and complains
that we trust a value from the file to become a sample count
passed to audio_capture_mix_and_clear() and eventually used as
a byte count for a memset.

Do we trust the replay file to be non-malicious (making this
a false-positive), or not (in which case we need to sanitize
or check its contents somehow) ?

thanks
-- PMM

Re: [Qemu-devel] [PULL v3 1/3] replay: add record/replay for audio passthrough

[Pavel Dovgalyuk]

> From: Peter Maydell [mailto:peter.maydell@linaro.org]
> On 1 March 2017 at 15:40, Gerd Hoffmann <kraxel@redhat.com> wrote:
> > From: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
> >
> > This patch adds recording and replaying audio data. Is saves synchronization
> > information for audio out and inputs from the microphone.
> >
> > v2: removed unneeded whitespace change
> >
> > Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru>
> > Message-id: 20170202055054.4848.94901.stgit@PASHA-ISP.lan02.inno
> >
> > [ kraxel: add qemu/error-report.h include to fix osx build failure ]
> >
> > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> > ---
> >  audio/audio.c            |  9 ++++--
> >  audio/audio.h            |  5 +++
> >  audio/mixeng.c           | 32 ++++++++++++++++++++
> >  docs/replay.txt          |  7 +++++
> >  include/sysemu/replay.h  |  7 +++++
> >  replay/Makefile.objs     |  1 +
> >  replay/replay-audio.c    | 79 ++++++++++++++++++++++++++++++++++++++++++++++++
> >  replay/replay-internal.h |  4 +++
> >  8 files changed, 142 insertions(+), 2 deletions(-)
> >  create mode 100644 replay/replay-audio.c
> >
> > diff --git a/audio/audio.c b/audio/audio.c
> > index c845a44..21f7b0b 100644
> > --- a/audio/audio.c
> > +++ b/audio/audio.c
> > @@ -28,6 +28,7 @@
> >  #include "qemu/timer.h"
> >  #include "sysemu/sysemu.h"
> >  #include "qemu/cutils.h"
> > +#include "sysemu/replay.h"
> >
> >  #define AUDIO_CAP "audio"
> >  #include "audio_int.h"
> > @@ -1387,6 +1388,7 @@ static void audio_run_out (AudioState *s)
> >
> >          prev_rpos = hw->rpos;
> >          played = hw->pcm_ops->run_out (hw, live);
> > +        replay_audio_out(&played);
> >          if (audio_bug (AUDIO_FUNC, hw->rpos >= hw->samples)) {
> >              dolog ("hw->rpos=%d hw->samples=%d played=%d\n",
> >                     hw->rpos, hw->samples, played);
> 
> Hi. Coverity produces a new warning because of this change (CID1390632),
> because it treats the replay file as "tainted data", and complains
> that we trust a value from the file to become a sample count
> passed to audio_capture_mix_and_clear() and eventually used as
> a byte count for a memset.
> 
> Do we trust the replay file to be non-malicious (making this
> a false-positive), or not (in which case we need to sanitize
> or check its contents somehow) ?

Replay file is generated by QEMU and does not affected by the guest system directly.
This file is used by the developer himself (e.g., recording and replaying execution
on the same machine for the analysis or debugging).
Replay file can also be used by testers for bug reporting (e.g., to send bug
reproduction scenario to the developer).

In the case of transferring the file it can be used as an exploit.
But I cannot judge is it a real threat or just inessential one.

Pavel Dovgalyuk

Re: [Qemu-devel] [PULL v3 1/3] replay: add record/replay for audio passthrough

[Peter Maydell]

On 27 April 2018 at 13:28, Pavel Dovgalyuk <dovgaluk@ispras.ru> wrote:
>> From: Peter Maydell [mailto:peter.maydell@linaro.org]
>> Hi. Coverity produces a new warning because of this change (CID1390632),
>> because it treats the replay file as "tainted data", and complains
>> that we trust a value from the file to become a sample count
>> passed to audio_capture_mix_and_clear() and eventually used as
>> a byte count for a memset.
>>
>> Do we trust the replay file to be non-malicious (making this
>> a false-positive), or not (in which case we need to sanitize
>> or check its contents somehow) ?
>
> Replay file is generated by QEMU and does not affected by the guest system directly.
> This file is used by the developer himself (e.g., recording and replaying execution
> on the same machine for the analysis or debugging).
> Replay file can also be used by testers for bug reporting (e.g., to send bug
> reproduction scenario to the developer).
>
> In the case of transferring the file it can be used as an exploit.
> But I cannot judge is it a real threat or just inessential one.

Thanks for the explanation. I think we should consider the
replay file to be trusted -- it's a developer convenience, it's
only relevant to TCG, and it's not something that's going to
typically be passed around. I'll mark the relevant Coverity
complaints as false-positives.

-- PMM