Branch: refs/heads/staging-8.2 Home: https://github.com/qemu/qemu Commit: f6abce29cc4afa0445cb3b29a265a114ac9fa744 https://github.com/qemu/qemu/commit/f6abce29cc4afa0445cb3b29a265a114ac9fa744 Author: Li Zhijian <lizhij...@fujitsu.com> Date: 2024-04-30 (Tue, 30 Apr 2024)
Changed paths: M backends/cryptodev-builtin.c Log Message: ----------- backends/cryptodev-builtin: Fix local_error leaks It seems that this error does not need to be propagated to the upper, directly output the error to avoid the leaks Closes: https://gitlab.com/qemu-project/qemu/-/issues/2283 Fixes: 2fda101de07 ("virtio-crypto: Support asynchronous mode") Signed-off-by: Li Zhijian <lizhij...@fujitsu.com> Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org> Reviewed-by: zhenwei pi <pizhen...@bytedance.com> Reviewed-by: Michael Tokarev <m...@tls.msk.ru> Signed-off-by: Michael Tokarev <m...@tls.msk.ru> (cherry picked from commit 06479dbf3d7d245572c4b3016e5a1d923ff04d66) Signed-off-by: Michael Tokarev <m...@tls.msk.ru> Commit: 7e5f59326ddfef04154a9f4ae1f97893ce8aa142 https://github.com/qemu/qemu/commit/7e5f59326ddfef04154a9f4ae1f97893ce8aa142 Author: Michael Tokarev <m...@tls.msk.ru> Date: 2024-04-30 (Tue, 30 Apr 2024) Changed paths: M target/loongarch/cpu.c Log Message: ----------- target/loongarch/cpu.c: typo fix: expection Fixes: 1590154ee437 ("target/loongarch: Fix qemu-system-loongarch64 assert failed with the option '-d int'") Fixes: ef9b43bb8e2d (in stable-8.2) Signed-off-by: Michael Tokarev <m...@tls.msk.ru> Reviewed-by: Richard Henderson <richard.hender...@linaro.org> (cherry picked from commit 0cbb322f70e8a87e4acbffecef5ea8f9448f3513) Signed-off-by: Michael Tokarev <m...@tls.msk.ru> Commit: 5b5655fdb75f9b31dbfc65697349b3cc7d52330a https://github.com/qemu/qemu/commit/5b5655fdb75f9b31dbfc65697349b3cc7d52330a Author: Peter Maydell <peter.mayd...@linaro.org> Date: 2024-05-01 (Wed, 01 May 2024) Changed paths: M tests/avocado/boot_linux_console.py M tests/avocado/replay_kernel.py Log Message: ----------- tests/avocado: update sunxi kernel from armbian to 6.6.16 The Linux kernel 5.10.16 binary for sunxi has been removed from apt.armbian.com. This means that the avocado tests for these machines will be skipped (status CANCEL) if the old binary isn't present in the avocado cache. Update to 6.6.16, in the same way we did in commit e384db41d8661 when we moved to 5.10.16 in 2021. Cc: qemu-sta...@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2284 Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> Reviewed-by: Strahinja Jankovic <strahinja.p.janko...@gmail.com> Reviewed-by: Niek Linnenbank <nieklinnenb...@gmail.com> Tested-by: Niek Linnenbank <nieklinnenb...@gmail.com> Message-id: 20240415151845.1564201-1-peter.mayd...@linaro.org (cherry picked from commit dcc5c018c7e6acddf81951bcbdf1019b9ab45f56) Signed-off-by: Michael Tokarev <m...@tls.msk.ru> Commit: 5479d911bc8f769a914668f65bf04f30fb64627d https://github.com/qemu/qemu/commit/5479d911bc8f769a914668f65bf04f30fb64627d Author: Thomas Huth <th...@redhat.com> Date: 2024-05-01 (Wed, 01 May 2024) Changed paths: M .gitlab-ci.d/cirrus.yml Log Message: ----------- .gitlab-ci.d/cirrus.yml: Shorten the runtime of the macOS and FreeBSD jobs Cirrus-CI introduced limitations to the free CI minutes. To avoid that we are consuming them too fast, let's drop the usual targets that are not that important since they are either a subset of another target (like i386 or ppc being a subset of x86_64 or ppc64 respectively), or since there is still a similar target with the opposite endianness (like xtensa/xtensael, microblaze/microblazeel etc.). Message-ID: <20240429100113.53357-1-th...@redhat.com> Signed-off-by: Thomas Huth <th...@redhat.com> (cherry picked from commit a88a04906b966ffdcda23a5a456abe10aa8c826e) Signed-off-by: Michael Tokarev <m...@tls.msk.ru> Commit: d5cf8bed29870b6f9f2c26892acdc889033894d9 https://github.com/qemu/qemu/commit/d5cf8bed29870b6f9f2c26892acdc889033894d9 Author: Jeuk Kim <jeuk20....@samsung.com> Date: 2024-05-02 (Thu, 02 May 2024) Changed paths: M hw/ufs/ufs.c Log Message: ----------- hw/ufs: Fix buffer overflow bug It fixes the buffer overflow vulnerability in the ufs device. The bug was detected by sanitizers. You can reproduce it by: cat << EOF |\ qemu-system-x86_64 \ -display none -machine accel=qtest -m 512M -M q35 -nodefaults -drive \ file=null-co://,if=none,id=disk0 -device ufs,id=ufs_bus -device \ ufs-lu,drive=disk0,bus=ufs_bus -qtest stdio outl 0xcf8 0x80000810 outl 0xcfc 0xe0000000 outl 0xcf8 0x80000804 outw 0xcfc 0x06 write 0xe0000058 0x1 0xa7 write 0xa 0x1 0x50 EOF Resolves: #2299 Fixes: 329f16624499 ("hw/ufs: Support for Query Transfer Requests") Reported-by: Zheyu Ma <zheyum...@gmail.com> Signed-off-by: Jeuk Kim <jeuk20....@samsung.com> (cherry picked from commit f2c8aeb1afefcda92054c448b21fc59cdd99db30) Signed-off-by: Michael Tokarev <m...@tls.msk.ru> Commit: dfcbb9ef240378e5a97566bdad0296a7b7fd7c60 https://github.com/qemu/qemu/commit/dfcbb9ef240378e5a97566bdad0296a7b7fd7c60 Author: Alexandra Diupina <adiup...@astralinux.ru> Date: 2024-05-02 (Thu, 02 May 2024) Changed paths: M hw/dma/xlnx_dpdma.c Log Message: ----------- hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields The DMA descriptor structures for this device have a set of "address extension" fields which extend the 32 bit source addresses with an extra 16 bits to give a 48 bit address: https://docs.amd.com/r/en-US/ug1085-zynq-ultrascale-trm/ADDR_EXT-Field However, we misimplemented this address extension in several ways: * we only extracted 12 bits of the extension fields, not 16 * we didn't shift the extension field up far enough * we accidentally did the shift as 32-bit arithmetic, which meant that we would have an overflow instead of setting bits [47:32] of the resulting 64-bit address Add a type cast and use extract64() instead of extract32() to avoid integer overflow on addition. Fix bit fields extraction according to documentation. Found by Linux Verification Center (linuxtesting.org) with SVACE. Cc: qemu-sta...@nongnu.org Fixes: d3c6369a96 ("introduce xlnx-dpdma") Signed-off-by: Alexandra Diupina <adiup...@astralinux.ru> Message-id: 20240428181131.23801-1-adiup...@astralinux.ru [PMM: adjusted commit message] Reviewed-by: Peter Maydell <peter.mayd...@linaro.org> Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> (cherry picked from commit 4b00855f0ee2e2eee8fd2500ffef27c108be6dc3) Signed-off-by: Michael Tokarev <m...@tls.msk.ru> Commit: 7b4804c965643d30ad0aed8cafe9b762381cfeb5 https://github.com/qemu/qemu/commit/7b4804c965643d30ad0aed8cafe9b762381cfeb5 Author: Philippe Mathieu-Daudé <phi...@linaro.org> Date: 2024-05-02 (Thu, 02 May 2024) Changed paths: M hw/arm/npcm7xx.c Log Message: ----------- hw/arm/npcm7xx: Store derivative OTP fuse key in little endian Use little endian for derivative OTP fuse key. Cc: qemu-sta...@nongnu.org Fixes: c752bb079b ("hw/nvram: NPCM7xx OTP device model") Suggested-by: Avi Fishman <avi.fish...@nuvoton.com> Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org> Message-id: 20240422125813.1403-1-phi...@linaro.org Reviewed-by: Peter Maydell <peter.mayd...@linaro.org> Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> (cherry picked from commit eb656a60fd93262b1e519b3162888bf261df7f68) Signed-off-by: Michael Tokarev <m...@tls.msk.ru> Commit: dc5390a0ca23e3811f793fe15b40ba2a47c4729b https://github.com/qemu/qemu/commit/dc5390a0ca23e3811f793fe15b40ba2a47c4729b Author: Philippe Mathieu-Daudé <phi...@linaro.org> Date: 2024-05-04 (Sat, 04 May 2024) Changed paths: M target/sh4/translate.c M tests/tcg/sh4/Makefile.target A tests/tcg/sh4/test-addv.c Log Message: ----------- target/sh4: Fix ADDV opcode The documentation says: ADDV Rm, Rn Rn + Rm -> Rn, overflow -> T But QEMU implementation was: ADDV Rm, Rn Rn + Rm -> Rm, overflow -> T Fix by filling the correct Rm register. Add tests provided by Paul Cercueil. Cc: qemu-sta...@nongnu.org Fixes: ad8d25a11f ("target-sh4: implement addv and subv using TCG") Reported-by: Paul Cercueil <p...@crapouillou.net> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2317 Reviewed-by: Richard Henderson <richard.hender...@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org> Reviewed-by: Yoshinori Sato <ys...@users.sourceforge.jp> Message-Id: <20240430163125.77430-2-phi...@linaro.org> (cherry picked from commit c365e6b0705788866a65e7b8206bd4c5332595cd) Signed-off-by: Michael Tokarev <m...@tls.msk.ru> Commit: 07d46408cb9837c54a449d56c9af1b6a2d69ec60 https://github.com/qemu/qemu/commit/07d46408cb9837c54a449d56c9af1b6a2d69ec60 Author: Philippe Mathieu-Daudé <phi...@linaro.org> Date: 2024-05-04 (Sat, 04 May 2024) Changed paths: M target/sh4/translate.c M tests/tcg/sh4/Makefile.target A tests/tcg/sh4/test-subv.c Log Message: ----------- target/sh4: Fix SUBV opcode The documentation says: SUBV Rm, Rn Rn - Rm -> Rn, underflow -> T The overflow / underflow can be calculated as: T = ((Rn ^ Rm) & (Result ^ Rn)) >> 31 However we were using the incorrect: T = ((Rn ^ Rm) & (Result ^ Rm)) >> 31 Fix by using the Rn register instead of Rm. Add tests provided by Paul Cercueil. Cc: qemu-sta...@nongnu.org Fixes: ad8d25a11f ("target-sh4: implement addv and subv using TCG") Reported-by: Paul Cercueil <p...@crapouillou.net> Suggested-by: Paul Cercueil <p...@crapouillou.net> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2318 Reviewed-by: Richard Henderson <richard.hender...@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org> Reviewed-by: Yoshinori Sato <ys...@users.sourceforge.jp> Message-Id: <20240430163125.77430-3-phi...@linaro.org> (cherry picked from commit e88a856efd1d3c3ffa8e53da4831eff8da290808) Signed-off-by: Michael Tokarev <m...@tls.msk.ru> Compare: https://github.com/qemu/qemu/compare/37751067b175...07d46408cb98 To unsubscribe from these emails, change your notification settings at https://github.com/qemu/qemu/settings/notifications