Commits
ide
Name already in use
Commits on Mar 24, 2020
-
hw/ide/sii3112: Use qdev gpio rather than qemu_allocate_irqs()
Coverity points out (CID 1421984) that we are leaking the memory returned by qemu_allocate_irqs(). We can avoid this leak by switching to using qdev_init_gpio_in(); the base class finalize will free the irqs that this allocates under the hood. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Tested-by: BALATON Zoltan <balaton@eik.bme.hu> Message-id: 20200323151715.29454-1-peter.maydell@linaro.org [Maintainer edit: replace `DEVICE(dev)` by `ds` --js] Signed-off-by: John Snow <jsnow@redhat.com>
-
fdc/i8257: implement verify transfer mode
While working on the Tulip driver i tried to write some Teledisk images to a floppy image which didn't work. Turned out that Teledisk checks the written data by issuing a READ command to the FDC but running the DMA controller in VERIFY mode. As we ignored the DMA request in that case, the DMA transfer never finished, and Teledisk reported an error. The i8257 spec says about verify transfers: 3) DMA verify, which does not actually involve the transfer of data. When an 8257 channel is in the DMA verify mode, it will respond the same as described for transfer operations, except that no memory or I/O read/write control signals will be generated. Hervé proposed to remove all the dma_mode_ok stuff from fdc to have a more clear boundary between DMA and FDC, so this patch also does that. Suggested-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Sven Schnelle <svens@stackframe.org> Reviewed-by: Hervé Poussineau <hpoussin@reactos.org>
-
Update version for v5.0.0-rc0 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-
Merge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2020-03-24…
…-tag0' into staging qemu-ga patch queue for hard-freeze * fix undefined C behavior with guest-file-* interfaces * fix w32 installer issues * fix crash for large file reads via guest-file-read on windows * add missing man page documentation for virtio-vsock # gpg: Signature made Tue 24 Mar 2020 16:45:24 GMT # gpg: using RSA key CEACC9E15534EBABB82D3FA03353C9CEF108B584 # gpg: issuer "mdroth@linux.vnet.ibm.com" # gpg: Good signature from "Michael Roth <flukshun@gmail.com>" [full] # gpg: aka "Michael Roth <mdroth@utexas.edu>" [full] # gpg: aka "Michael Roth <mdroth@linux.vnet.ibm.com>" [full] # Primary key fingerprint: CEAC C9E1 5534 EBAB B82D 3FA0 3353 C9CE F108 B584 * remotes/mdroth/tags/qga-pull-2020-03-24-tag0: qemu-ga: document vsock-listen in the man page qga: Fix undefined C behavior qga-win: prevent crash when executing guest-file-read with large count qga-win: Handle VSS_E_PROVIDER_ALREADY_REGISTERED error qga: Installer: Wait for installation to finish Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-
qemu-ga: document vsock-listen in the man page
Although qemu-ga has supported vsock since 2016 it was not documented on the man page. Also add the socket address representation to the qga --help output. Fixes: 586ef5d ("qga: add vsock-listen method") Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
-
The QAPI struct GuestFileWhence has a comment about how we are exploiting equivalent values between two different integer types shared in a union. But C says behavior is undefined on assignments to overlapping storage when the two types are not the same width, and indeed, 'int64_t value' and 'enum QGASeek name' are very likely to be different in width. Utilize a temporary variable to fix things. Reported-by: Peter Maydell <peter.maydell@linaro.org> Fixes: 0b4b493 Fixes: Coverity CID 1421990 Signed-off-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
-
qga-win: prevent crash when executing guest-file-read with large count
guest-file-read command is currently implemented to read from a file handle count number of bytes. when executed with a very large count number qemu-ga crashes. after some digging turns out that qemu-ga crashes after trying to allocate a buffer large enough to save the data read in it, the buffer was allocated using g_malloc0 which is not fail safe, and results a crash in case of failure. g_malloc0 was replaced with g_try_malloc0() which returns NULL on failure, A check was added for that case in order to prevent qemu-ga from crashing and to send a response to the qemu-ga client accordingly. Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1594054 Signed-off-by: Basil Salman <basil@daynix.com> Reported-by: Fakhri Zulkifli <mohdfakhrizulkifli@gmail.com> Cc: qemu-stable@nongnu.org Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
-
qga-win: Handle VSS_E_PROVIDER_ALREADY_REGISTERED error
This patch handles the case where VSS Provider is already registered, where in such case qga uninstalls the provider and registers it again. Signed-off-by: Sameeh Jubran <sjubran@redhat.com> Signed-off-by: Basil Salman <basil@daynix.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
-
qga: Installer: Wait for installation to finish
Installation might fail if we don't wait for the provider unregisteration process to finish. Signed-off-by: Sameeh Jubran <sjubran@redhat.com> Signed-off-by: Basil Salman <basil@daynix.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
-
Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-0…
…3-24' into staging Block patches for 5.0-rc0: - Use-after-free fix - Fix for a memleak in an error path - Preventative measures against other potential use-after-frees, and against NULL deferences at runtime - iotest fixes # gpg: Signature made Tue 24 Mar 2020 12:19:09 GMT # gpg: using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40 # gpg: issuer "mreitz@redhat.com" # gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full] # Primary key fingerprint: 91BE B60A 30DB 3E88 57D1 1829 F407 DB00 61D5 CF40 * remotes/maxreitz/tags/pull-block-2020-03-24: iotests/026: Move v3-exclusive test to new file iotests: Fix cleanup path in some tests block/qcow2: zero data_file child after free block: bdrv_set_backing_bs: fix use-after-free block: Assert BlockDriver::format_name is not NULL block: Avoid memleak on qcow2 image info failure Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-
iotests/026: Move v3-exclusive test to new file
data_file does not work with v2, and we probably want 026 to keep working for v2 images. Thus, open a new file for v3-exclusive error path test cases. Fixes: 8131125 (“iotests/026: Test EIO on allocation in a data-file”) Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200311140707.1243218-1-mreitz@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Tested-by: John Snow <jsnow@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
-
iotests: Fix cleanup path in some tests
Some iotests leave behind some external data file when run for qcow2 with -o data_file. Fix that. Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200224171631.384314-1-mreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
-
block/qcow2: zero data_file child after free
data_file being NULL doesn't seem to be a correct state, but it's better than dead pointer and simpler to debug. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20200316060631.30052-3-vsementsov@virtuozzo.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
-
block: bdrv_set_backing_bs: fix use-after-free
There is a use-after-free possible: bdrv_unref_child() leaves bs->backing freed but not NULL. bdrv_attach_child may produce nested polling loop due to drain, than access of freed pointer is possible. I've produced the following crash on 30 iotest with modified code. It does not reproduce on master, but still seems possible: #0 __strcmp_avx2 () at /lib64/libc.so.6 qemu#1 bdrv_backing_overridden (bs=0x55c9d3cc2060) at block.c:6350 qemu#2 bdrv_refresh_filename (bs=0x55c9d3cc2060) at block.c:6404 qemu#3 bdrv_backing_attach (c=0x55c9d48e5520) at block.c:1063 qemu#4 bdrv_replace_child_noperm (child=child@entry=0x55c9d48e5520, new_bs=new_bs@entry=0x55c9d3cc2060) at block.c:2290 qemu#5 bdrv_replace_child (child=child@entry=0x55c9d48e5520, new_bs=new_bs@entry=0x55c9d3cc2060) at block.c:2320 qemu#6 bdrv_root_attach_child (child_bs=child_bs@entry=0x55c9d3cc2060, child_name=child_name@entry=0x55c9d241d478 "backing", child_role=child_role@entry=0x55c9d26ecee0 <child_backing>, ctx=<optimized out>, perm=<optimized out>, shared_perm=21, opaque=0x55c9d3c5a3d0, errp=0x7ffd117108e0) at block.c:2424 qemu#7 bdrv_attach_child (parent_bs=parent_bs@entry=0x55c9d3c5a3d0, child_bs=child_bs@entry=0x55c9d3cc2060, child_name=child_name@entry=0x55c9d241d478 "backing", child_role=child_role@entry=0x55c9d26ecee0 <child_backing>, errp=errp@entry=0x7ffd117108e0) at block.c:5876 qemu#8 in bdrv_set_backing_hd (bs=bs@entry=0x55c9d3c5a3d0, backing_hd=backing_hd@entry=0x55c9d3cc2060, errp=errp@entry=0x7ffd117108e0) at block.c:2576 qemu#9 stream_prepare (job=0x55c9d49d84a0) at block/stream.c:150 qemu#10 job_prepare (job=0x55c9d49d84a0) at job.c:761 qemu#11 job_txn_apply (txn=<optimized out>, fn=<optimized out>) at job.c:145 qemu#12 job_do_finalize (job=0x55c9d49d84a0) at job.c:778 qemu#13 job_completed_txn_success (job=0x55c9d49d84a0) at job.c:832 qemu#14 job_completed (job=0x55c9d49d84a0) at job.c:845 qemu#15 job_completed (job=0x55c9d49d84a0) at job.c:836 qemu#16 job_exit (opaque=0x55c9d49d84a0) at job.c:864 qemu#17 aio_bh_call (bh=0x55c9d471a160) at util/async.c:117 qemu#18 aio_bh_poll (ctx=ctx@entry=0x55c9d3c46720) at util/async.c:117 qemu#19 aio_poll (ctx=ctx@entry=0x55c9d3c46720, blocking=blocking@entry=true) at util/aio-posix.c:728 qemu#20 bdrv_parent_drained_begin_single (poll=true, c=0x55c9d3d558f0) at block/io.c:121 qemu#21 bdrv_parent_drained_begin_single (c=c@entry=0x55c9d3d558f0, poll=poll@entry=true) at block/io.c:114 qemu#22 bdrv_replace_child_noperm (child=child@entry=0x55c9d3d558f0, new_bs=new_bs@entry=0x55c9d3d27300) at block.c:2258 qemu#23 bdrv_replace_child (child=child@entry=0x55c9d3d558f0, new_bs=new_bs@entry=0x55c9d3d27300) at block.c:2320 qemu#24 bdrv_root_attach_child (child_bs=child_bs@entry=0x55c9d3d27300, child_name=child_name@entry=0x55c9d241d478 "backing", child_role=child_role@entry=0x55c9d26ecee0 <child_backing>, ctx=<optimized out>, perm=<optimized out>, shared_perm=21, opaque=0x55c9d3cc2060, errp=0x7ffd11710c60) at block.c:2424 qemu#25 bdrv_attach_child (parent_bs=parent_bs@entry=0x55c9d3cc2060, child_bs=child_bs@entry=0x55c9d3d27300, child_name=child_name@entry=0x55c9d241d478 "backing", child_role=child_role@entry=0x55c9d26ecee0 <child_backing>, errp=errp@entry=0x7ffd11710c60) at block.c:5876 qemu#26 bdrv_set_backing_hd (bs=bs@entry=0x55c9d3cc2060, backing_hd=backing_hd@entry=0x55c9d3d27300, errp=errp@entry=0x7ffd11710c60) at block.c:2576 qemu#27 stream_prepare (job=0x55c9d495ead0) at block/stream.c:150 ... Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20200316060631.30052-2-vsementsov@virtuozzo.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com> -
block: Assert BlockDriver::format_name is not NULL
bdrv_do_find_format() calls strcmp() using BlockDriver::format_name as argument, which must not be NULL. Assert this field is not null when we register a block driver in bdrv_register(). Reported-by: Mansour Ahmadi <ManSoSec@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200318222235.23856-1-philmd@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
-
block: Avoid memleak on qcow2 image info failure
If we fail to get bitmap info, we must not leak the encryption info. Fixes: b8968c8 Fixes: Coverity CID 1421894 Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20200320183620.1112123-1-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com> Tested-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
-
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-5.0-202003…
…24' into staging ppc patch queue for 2020-03-24 Here's a final pull request before the qemu-5.0 hard freeze. We have an implementation of the POWER9 forms of the slbia instruction, a small cleanup and a handful of assorted fixes. # gpg: Signature made Tue 24 Mar 2020 05:12:30 GMT # gpg: using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full] # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full] # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full] # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown] # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-5.0-20200324: ppc/ppc405_boards: Remove unnecessary NULL check hw/ppc: Take QEMU lock when calling ppc_dcr_read/write() spapr: Fix memory leak in h_client_architecture_support() target/ppc: don't byte swap ELFv2 signal handler target/ppc: Fix ISA v3.0 (POWER9) slbia implementation target/ppc: Fix slbia TLB invalidation gap ppc/spapr: Set the effective address provided flag in mc error log. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-
ppc/ppc405_boards: Remove unnecessary NULL check
This code is inside the "if (dinfo)" condition, so testing again here whether it is NULL is unnecessary. Fixes: dd59bca (Don't size flash memory to match backing image) Reported-by: Coverity (CID 1421917) Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200320155740.5342-1-philmd@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
-
hw/ppc: Take QEMU lock when calling ppc_dcr_read/write()
The ppc_dcr_read() and ppc_dcr_write() functions call into callbacks in device code, so we need to hold the QEMU iothread lock while calling them. This is the case already for the callsites in kvmppc_handle_dcr_read/write(), but we must also take the lock when calling the helpers from TCG. This fixes a bug where attempting to initialise the PPC405EP SDRAM will cause an assertion when sdram_map_bcr() attempts to remap memory regions. Reported-by: Amit Lazar <abasarlaz@hotmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20200322192258.14039-1-peter.maydell@linaro.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
-
spapr: Fix memory leak in h_client_architecture_support()
This is the only error path that needs to free the previously allocated ov1. Reported-by: Coverity (CID 1421924) Fixes: cbd0d7f "spapr: Fail CAS if option vector table cannot be parsed" Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <158481206205.336182.16106097429336044843.stgit@bahia.lan> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-
target/ppc: don't byte swap ELFv2 signal handler
Previously, the signal handler would be byte swapped if the target and host CPU used different endianness. This would cause a SIGSEGV when attempting to translate the opcode pointed to by the swapped address. Thread 1 "qemu-ppc64" received signal SIGSEGV, Segmentation fault. 0x00000000600a9257 in ldl_he_p (ptr=0x4c2c061000000000) at qemu/include/qemu/bswap.h:351 351 __builtin_memcpy(&r, ptr, sizeof(r)); #0 0x00000000600a9257 in ldl_he_p (ptr=0x4c2c061000000000) at qemu/include/qemu/bswap.h:351 qemu#1 0x00000000600a92fe in ldl_be_p (ptr=0x4c2c061000000000) at qemu/include/qemu/bswap.h:449 qemu#2 0x00000000600c0790 in translator_ldl_swap at qemu/include/exec/translator.h:201 qemu#3 0x000000006011c1ab in ppc_tr_translate_insn at qemu/target/ppc/translate.c:7856 qemu#4 0x000000006005ae70 in translator_loop at qemu/accel/tcg/translator.c:102 The signal handler will be byte swapped as a result of the __get_user() call in sigaction() if it is necessary, no additional swap is required. Signed-off-by: Vincent Fazio <vfazio@gmail.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20200319133244.8818-1-vfazio@xes-inc.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
-
target/ppc: Fix ISA v3.0 (POWER9) slbia implementation
The new ISA v3.0 slbia variants have not been implemented for TCG, which can lead to crashing when a POWER9 machine boots Linux using the hash MMU, for example ("disable_radix" kernel command line). Add them. Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Message-Id: <20200319064439.1020571-1-npiggin@gmail.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> [dwg: Fixed compile error for USER_ONLY builds] Signed-off-by: David Gibson <david@gibson.dropbear.id.au> -
target/ppc: Fix slbia TLB invalidation gap
slbia must invalidate TLBs even if it does not remove a valid SLB entry, because slbmte can overwrite valid entries without removing their TLBs. As the architecture says, slbia invalidates all lookaside information, not conditionally based on if it removed valid entries. It does not seem possible for POWER8 or earlier Linux kernels to hit this bug because it never changes its kernel SLB translations, and it should always have valid entries if any accesses are made to userspace regions. However other operating systems which may modify SLB entry 0 or do more fancy things with segments might be affected. When POWER9 slbia support is added in the next patch, this becomes a real problem because some new slbia variants don't invalidate all non-zero entries. Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Message-Id: <20200318044135.851716-1-npiggin@gmail.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
-
ppc/spapr: Set the effective address provided flag in mc error log.
Per PAPR, it is expected to set effective address provided flag in sub_err_type member of mc extended error log (i.e rtas_event_log_v6_mc.sub_err_type). This somehow got missed in original fwnmi-mce patch series. The current code just updates the effective address but does not set the flag to indicate that it is available. Hence guest fails to extract effective address from mce rtas log. This patch fixes that. Without this patch guest MCE logs fails print DAR value: [ 11.933608] Disabling lock debugging due to kernel taint [ 11.933773] MCE: CPU0: machine check (Severe) Host TLB Multihit [Recovered] [ 11.933979] MCE: CPU0: NIP: [c000000000090b34] radix__flush_tlb_range_psize+0x194/0xf00 [ 11.934223] MCE: CPU0: Initiator CPU [ 11.934341] MCE: CPU0: Unknown After the change: [ 22.454149] Disabling lock debugging due to kernel taint [ 22.454316] MCE: CPU0: machine check (Severe) Host TLB Multihit DAR: deadbeefdeadbeef [Recovered] [ 22.454605] MCE: CPU0: NIP: [c0000000003e5804] kmem_cache_alloc+0x84/0x330 [ 22.454820] MCE: CPU0: Initiator CPU [ 22.454944] MCE: CPU0: Unknown Signed-off-by: Mahesh Salgaonkar <mahesh@linux.ibm.com> Message-Id: <158451653844.22972.17999316676230071087.stgit@jupiter> Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Commits on Mar 23, 2020
-
Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-reques…
…t' into staging Pull request # gpg: Signature made Mon 23 Mar 2020 19:24:02 GMT # gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full] # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full] # Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8 * remotes/stefanha/tags/block-pull-request: aio-posix: fix io_uring with external events Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-2…
…0200323' into staging target-arm queue: * target/arm: avoid undefined behaviour shift in watchpoint code * target/arm: avoid undefined behaviour shift in handle_simd_dupe() * target/arm: add assert that immh != 0 in disas_simd_shift_imm() * aspeed/smc: Fix DMA support for AST2600 * hw/arm/bcm283x: Correct the license text ('and' vs 'or') # gpg: Signature made Mon 23 Mar 2020 17:38:59 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20200323: target/arm: Move computation of index in handle_simd_dupe target/arm: Assert immh != 0 in disas_simd_shift_imm target/arm: Rearrange disabled check for watchpoints aspeed/smc: Fix DMA support for AST2600 hw/arm/bcm283x: Correct the license text Signed-off-by: Peter Maydell <peter.maydell@linaro.org> -
target/arm: Move computation of index in handle_simd_dupe
Coverity reports a BAD_SHIFT with ctz32(imm5), with imm5 == 0. This is an invalid encoding, but we diagnose that just below by rejecting size > 3. Avoid the warning by sinking the computation of index below the check. Reported-by: Coverity (CID 1421965) Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200320160622.8040-4-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-
target/arm: Assert immh != 0 in disas_simd_shift_imm
Coverity raised a shed-load of errors cascading from inferring that clz32(immh) might yield 32, from immh might be 0. While immh cannot be 0 from encoding, it is not obvious even to a human how we've checked that: via the filtering provided by data_proc_simd[]. Reported-by: Coverity (CID 1421923, and more) Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200320160622.8040-3-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-
target/arm: Rearrange disabled check for watchpoints
Coverity rightly notes that ctz32(bas) on 0 will return 32, which makes the len calculation a BAD_SHIFT. A value of 0 in DBGWCR<n>_EL1.BAS is reserved. Simply move the existing check we have for this case. Reported-by: Coverity (CID 1421964) Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200320160622.8040-2-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-
aspeed/smc: Fix DMA support for AST2600
Recent firmwares uses SPI DMA transfers in U-Boot to load the different images (kernel, initrd, dtb) in the SoC DRAM. The AST2600 FMC model is missing the masks to be applied on the DMA registers which resulted in incorrect values. Fix that and wire the SPI controllers which have DMA support on the AST2600. Fixes: bcaa8dd ("aspeed/smc: Add AST2600 support") Signed-off-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Joel Stanley <joel@jms.id.au> Message-id: 20200320053923.20565-1-clg@kaod.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-
hw/arm/bcm283x: Correct the license text
The license is the 'GNU General Public License v2.0 or later', not 'and': This program is free software; you can redistribute it and/ori modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. Fix the license comment. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200312213455.15854-1-philmd@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20200323' int…
…o staging - fix an off-by-one in the ipl code - s390x documentation reordering # gpg: Signature made Mon 23 Mar 2020 12:42:47 GMT # gpg: using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF # gpg: issuer "cohuck@redhat.com" # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [marginal] # gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full] # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full] # gpg: aka "Cornelia Huck <cohuck@kernel.org>" [marginal] # gpg: aka "Cornelia Huck <cohuck@redhat.com>" [marginal] # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF * remotes/cohuck/tags/s390x-20200323: s390/ipl: fix off-by-one in update_machine_ipl_properties() Documentation: create/move s390x documentation Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-
linux-user, configure: improve syscall_nr.h dependencies checking
This is mostly a fix for in-tree build. It removes errors on .d directories: grep: ./.gitlab-ci.d: Is a directory grep: ./scripts/qemu-guest-agent/fsfreeze-hook.d: Is a directory and improves performance by only checking <ARCH>-linux-user directories. Reported-by: BALATON Zoltan <balaton@eik.bme.hu> Tested-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200323114116.163609-1-laurent@vivier.eu Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-
s390/ipl: fix off-by-one in update_machine_ipl_properties()
In update_machine_ipl_properties() the array ascii_loadparm needs to hold the 8 char loadparm and a string terminating zero char. Let's increase the size of ascii_loadparm accordingly. Signed-off-by: Halil Pasic <pasic@linux.ibm.com> Fixes: 0a01e08 ("s390/ipl: sync back loadparm") Fixes: Coverity CID 1421966 Reported-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20200320143101.41764-1-pasic@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
-
Documentation: create/move s390x documentation
Create a subdirectory for s390x under docs/system/ and move the existing vfio-ap documentation there. Create an initial document describing s390x system emulation. Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Cornelia Huck <cohuck@redhat.com> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-Id: <20200318103940.1169-1-cohuck@redhat.com>