Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: c5d36da7ec62e4c72a72a437057fb6072cf0d6ab
https://github.com/qemu/qemu/commit/c5d36da7ec62e4c72a72a437057fb6072cf0d6ab
Author: Dmitry Frolov <[email protected]>
Date: 2024-11-19 (Tue, 19 Nov 2024)
Changed paths:
M hw/timer/exynos4210_mct.c
Log Message:
-----------
hw/timer/exynos4210_mct: fix possible int overflow
The product "icnto * s->tcntb" may overflow uint32_t.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Dmitry Frolov <[email protected]>
Message-id: [email protected]
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
Commit: 35ec474fd64224c0ff58b8c9730117fe5d31d40f
https://github.com/qemu/qemu/commit/35ec474fd64224c0ff58b8c9730117fe5d31d40f
Author: Rodrigo Dias Correa <[email protected]>
Date: 2024-11-19 (Tue, 19 Nov 2024)
Changed paths:
M hw/net/rocker/rocker_of_dpa.c
Log Message:
-----------
hw/net/rocker/rocker_of_dpa.c: Remove superfluous error check
of_dpa_cmd_add_acl_ip() is called from a single place, and despite the
fact that it always returns ROCKER_OK, its return value is still checked
by the caller.
Change of_dpa_cmd_add_acl_ip() to return void and remove the superfluous
check from of_dpa_cmd_add_acl().
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2471
Signed-off-by: Rodrigo Dias Correa <[email protected]>
Reviewed-by: Ján Tomko <[email protected]>
Message-id: [email protected]
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
Commit: 3bf7dcd47a3da0e86a9347ce5b2b5d5a1dcb5857
https://github.com/qemu/qemu/commit/3bf7dcd47a3da0e86a9347ce5b2b5d5a1dcb5857
Author: Peter Maydell <[email protected]>
Date: 2024-11-19 (Tue, 19 Nov 2024)
Changed paths:
M hw/intc/openpic.c
Log Message:
-----------
hw/intc/openpic: Avoid taking address of out-of-bounds array index
The clang sanitizer complains about the code in the EOI handling
of openpic_cpu_write_internal():
UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1 ./build/clang/qemu-system-ppc -M
mac99,graphics=off -display none -kernel day15/invaders.elf
../../hw/intc/openpic.c:1034:16: runtime error: index -1 out of bounds for type
'IRQSource[264]' (aka 'struct IRQSource[264]')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
../../hw/intc/openpic.c:1034:16 in
This is because we do
src = &opp->src[n_IRQ];
when n_IRQ may be -1. This is in practice harmless because if n_IRQ
is -1 then we don't do anything with the src pointer, but it is
undefined behaviour. (This has been present since this device
was first added to QEMU.)
Rearrange the code so we only do the array index when n_IRQ is not -1.
Cc: [email protected]
Fixes: e9df014c0b ("Implement embedded IRQ controller for PowerPC 6xx/740 & 75")
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Mark Cave-Ayland <[email protected]>
Message-id: [email protected]
Commit: eff9dc5660fad3a610171c56a5ec3fada245e519
https://github.com/qemu/qemu/commit/eff9dc5660fad3a610171c56a5ec3fada245e519
Author: Roque Arcudia Hernandez <[email protected]>
Date: 2024-11-19 (Tue, 19 Nov 2024)
Changed paths:
M hw/watchdog/cmsdk-apb-watchdog.c
Log Message:
-----------
hw/watchdog/cmsdk_apb_watchdog: Fix INTEN issues
Current watchdog is free running out of reset, this combined with the
fact that current implementation also ensures the counter is running
when programing WDOGLOAD creates issues when the firmware defer the
programing of WDOGCONTROL.INTEN much later after WDOGLOAD. Arm
Programmer's Model documentation states that INTEN is also the
counter enable:
> INTEN
>
> Enable the interrupt event, WDOGINT. Set HIGH to enable the counter
> and the interrupt, or LOW to disable the counter and interrupt.
> Reloads the counter from the value in WDOGLOAD when the interrupt
> is enabled, after previously being disabled.
Source of the time of writing:
https://developer.arm.com/documentation/ddi0479/d/apb-components/apb-watchdog/programmers-model
Signed-off-by: Roque Arcudia Hernandez <[email protected]>
Reviewed-by: Stephen Longfield <[email protected]>
Reviewed-by: Joe Komlodi <[email protected]>
Message-id: [email protected]
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
Commit: 583c98841553bf9ea6c2aa5e799be05e32fd378c
https://github.com/qemu/qemu/commit/583c98841553bf9ea6c2aa5e799be05e32fd378c
Author: Roque Arcudia Hernandez <[email protected]>
Date: 2024-11-19 (Tue, 19 Nov 2024)
Changed paths:
M tests/qtest/cmsdk-apb-watchdog-test.c
M tests/qtest/meson.build
Log Message:
-----------
tests/qtest/cmsdk-apb-watchdog-test: Parameterize tests
Currently the CMSDK APB watchdog tests target an specialized version
of the device (luminaris using the lm3s811evb machine) that prevents
the development of tests for the more generic device documented in:
https://developer.arm.com/documentation/ddi0479/d/apb-components/apb-watchdog/programmers-model
This patch allows the execution of the watchdog tests in an MPS2
machine (when applicable) which uses the generic version of the CMSDK
APB watchdog.
Finally the rules for compiling the test have to change because it is
possible not to have CONFIG_STELLARIS (required for the lm3s811evb
machine) while still having CONFIG_CMSDK_APB_WATCHDOG and the test
will fail. Due to the addition of the MPS2 machine CONFIG_MPS2
becomes also a dependency for the test compilation.
Signed-off-by: Roque Arcudia Hernandez <[email protected]>
Reviewed-by: Stephen Longfield <[email protected]>
Message-id: [email protected]
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
Commit: 9a0762c13283da7130cf27d174d5bbf4b7cc2acb
https://github.com/qemu/qemu/commit/9a0762c13283da7130cf27d174d5bbf4b7cc2acb
Author: Roque Arcudia Hernandez <[email protected]>
Date: 2024-11-19 (Tue, 19 Nov 2024)
Changed paths:
M tests/qtest/cmsdk-apb-watchdog-test.c
Log Message:
-----------
tests/qtest/cmsdk-apb-watchdog-test: Don't abort on assertion failure
Currently the watchdog test has a behavior in which the first test
assertion that fails will make the test abort making it impossible to
see the result of other tests:
# ERROR:../tests/qtest/cmsdk-apb-watchdog-test.c:87:test_watchdog:
assertion failed ...
Bail out!
Aborted
Changing the behavior in order to let the test finish other tests and
report the ones that pass and fail:
# ERROR:../tests/qtest/cmsdk-apb-watchdog-test.c:101:test_watchdog:
assertion failed ...
not ok 1 /arm/cmsdk-apb-watchdog/watchdog
Signed-off-by: Roque Arcudia Hernandez <[email protected]>
Message-id: [email protected]
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
Commit: b0a1009192d7dea0307734f691f693fd18ec3453
https://github.com/qemu/qemu/commit/b0a1009192d7dea0307734f691f693fd18ec3453
Author: Roque Arcudia Hernandez <[email protected]>
Date: 2024-11-19 (Tue, 19 Nov 2024)
Changed paths:
M tests/qtest/cmsdk-apb-watchdog-test.c
Log Message:
-----------
tests/qtest/cmsdk-apb-watchdog-test: Test INTEN as counter enable
The following tests focus on making sure the counter is not running
out of reset and the proper use of INTEN as the counter enable. As
described in:
https://developer.arm.com/documentation/ddi0479/d/apb-components/apb-watchdog/programmers-model
The new tests have to target an MPS2 machine because the original
machine used by the test (stellaris) has a variation of the
cmsdk_apb_watchdog that locks INTEN when it is programmed to 1. The
stellaris machine also does not reproduce the problem of the counter
running out of cold reset due to the way the clocks are initialized.
Signed-off-by: Roque Arcudia Hernandez <[email protected]>
Reviewed-by: Stephen Longfield <[email protected]>
Message-id: [email protected]
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
Commit: 0231bdc8957bcc3ed245c7498e10ee7a95487076
https://github.com/qemu/qemu/commit/0231bdc8957bcc3ed245c7498e10ee7a95487076
Author: Pavel Skripkin <[email protected]>
Date: 2024-11-19 (Tue, 19 Nov 2024)
Changed paths:
M target/arm/ptw.c
Log Message:
-----------
arm/ptw: Make get_S1prot accept decoded AP
AP in armv7 short descriptor mode has 3 bits and also domain, which
makes it incompatible with other arm schemas.
To make it possible to share get_S1prot between armv8, armv7 long
format, armv7 short format and armv6 it's easier to make caller
decode AP.
Signed-off-by: Pavel Skripkin <[email protected]>
Message-id: [email protected]
[PMM: fixed checkpatch nit]
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
Commit: 0340cb6e319341933443c1b1aee4c7ae816e8f7f
https://github.com/qemu/qemu/commit/0340cb6e319341933443c1b1aee4c7ae816e8f7f
Author: Pavel Skripkin <[email protected]>
Date: 2024-11-19 (Tue, 19 Nov 2024)
Changed paths:
M target/arm/ptw.c
Log Message:
-----------
arm/ptw: Honour WXN/UWXN and SIF in short-format descriptors
Currently the handling of page protection in the short-format
descriptor is open-coded. This means that we forgot to update
it to handle some newer architectural features, including:
* handling of SCTLR.{UWXN,WXN}
* handling of SCR.SIF
Make the short-format descriptor code call the same get_S1prot()
that we already use for the LPAE descriptor format. This makes
the code simpler and means it now correctly honours the WXN/UWXN
and SIF bits.
Signed-off-by: Pavel Skripkin <[email protected]>
Message-id: [email protected]
[PMM: fixed a couple of checkpatch nits, tweaked commit message]
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
Commit: 3d7680fb18c7b17701730589d241a32e85f763a3
https://github.com/qemu/qemu/commit/3d7680fb18c7b17701730589d241a32e85f763a3
Author: Peter Maydell <[email protected]>
Date: 2024-11-19 (Tue, 19 Nov 2024)
Changed paths:
M include/qemu/bitmap.h
M include/qemu/bitops.h
Log Message:
-----------
bitops.h: Define bit operations on 'uint32_t' arrays
Currently bitops.h defines a set of operations that work on
arbitrary-length bit arrays. However (largely because they
originally came from the Linux kernel) the bit array storage is an
array of 'unsigned long'. This is OK for the kernel and even for
parts of QEMU where we don't really care about the underlying storage
format, but it is not good for devices, where we often want to expose
the storage to the guest and so need a type that is not
variably-sized between host OSes.
We already have a workaround for this in the GICv3 model:
arm_gicv3_common.h defines equivalents of the bit operations that
work on uint32_t. It turns out that we should also be using
something similar in hw/intc/loongarch_extioi.c, which currently
casts a pointer to a uint32_t array to 'unsigned long *' in
extio_setirq(), which is both undefined behaviour and not correct on
a big-endian host.
Define equivalents of the set_bit() function family which work
with a uint32_t array.
(Cc stable because we're about to provide a bugfix to
loongarch_extioi which will depend on this commit.)
Cc: [email protected]
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Message-id: [email protected]
Commit: e05ebbd651ee9e5d0578b272b2eaf62557d407c9
https://github.com/qemu/qemu/commit/e05ebbd651ee9e5d0578b272b2eaf62557d407c9
Author: Peter Maydell <[email protected]>
Date: 2024-11-19 (Tue, 19 Nov 2024)
Changed paths:
M include/hw/intc/arm_gicv3_common.h
Log Message:
-----------
hw/intc/arm_gicv3: Use bitops.h uint32_t bit array functions
Now we have official uint32_t bit array functions in bitops.h, use
them instead of the hand-rolled local versions.
We retain gic_bmp_replace_bit() because bitops doesn't provide that
specific functionality.
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Message-id: [email protected]
Commit: 335be5bc44aa6800a9e3ba5859ea3833cfe5a7bc
https://github.com/qemu/qemu/commit/335be5bc44aa6800a9e3ba5859ea3833cfe5a7bc
Author: Peter Maydell <[email protected]>
Date: 2024-11-19 (Tue, 19 Nov 2024)
Changed paths:
M hw/intc/loongarch_extioi.c
Log Message:
-----------
hw/intc/loongarch_extioi: Use set_bit32() and clear_bit32() for s->isr
In extioi_setirq() we try to operate on a bit array stored as an
array of uint32_t using the set_bit() and clear_bit() functions
by casting the pointer to 'unsigned long *'.
This has two problems:
* the alignment of 'uint32_t' is less than that of 'unsigned long'
so we pass an insufficiently aligned pointer, which is
undefined behaviour
* on big-endian hosts the 64-bit 'unsigned long' will have
its two halves the wrong way around, and we will produce
incorrect results
The undefined behaviour is shown by the clang undefined-behaviour
sanitizer when running the loongarch64-virt functional test:
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/include/qemu/bitops.h:41:5: runtime
error: store to misaligned address 0x555559745d9c for type 'unsigned long',
which requires 8 byte alignment
0x555559745d9c: note: pointer points here
ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00
^
#0 0x555556fb81c4 in set_bit
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/include/qemu/bitops.h:41:9
#1 0x555556fb81c4 in extioi_setirq
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/clang/../../hw/intc/loongarch_extioi.c:65:9
#2 0x555556fb6e90 in pch_pic_irq_handler
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/clang/../../hw/intc/loongarch_pch_pic.c:75:5
#3 0x555556710265 in serial_ioport_write
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/clang/../../hw/char/serial.c
Fix these problems by using set_bit32() and clear_bit32(),
which work with bit arrays stored as an array of uint32_t.
Cc: [email protected]
Fixes: cbff2db1e92f8759 ("hw/intc: Add LoongArch extioi interrupt
controller(EIOINTC)")
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Bibo Mao <[email protected]>
Message-id: [email protected]
Commit: 0139a4f26d23f30a2b2f1673a910963bb276d7f6
https://github.com/qemu/qemu/commit/0139a4f26d23f30a2b2f1673a910963bb276d7f6
Author: Peter Maydell <[email protected]>
Date: 2024-11-19 (Tue, 19 Nov 2024)
Changed paths:
M system/dma-helpers.c
M system/trace-events
M trace-events
Log Message:
-----------
system/dma-helpers.c: Move trace events to system/trace-events
The dma-helpers.c file is in the system/ subdirectory, but it
defines its trace events in the root trace-events file. Move
them to the system/trace-events file where they more naturally
belong.
Fixes: 800d4deda0 ("softmmu: move more files to softmmu/")
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Message-id: [email protected]
Commit: 3de6d364b69dfc74e34f2e19e1897d678e7f3d5a
https://github.com/qemu/qemu/commit/3de6d364b69dfc74e34f2e19e1897d678e7f3d5a
Author: Peter Maydell <[email protected]>
Date: 2024-11-19 (Tue, 19 Nov 2024)
Changed paths:
M target/arm/hvf/hvf.c
A target/arm/hvf/trace.h
Log Message:
-----------
target/arm/hvf: Add trace.h header
The documentation for trace events says that every subdirectory which
has trace events should have a trace.h header, whose only content is
an include of the trace/trace-<subdir>.h file.
When we added the trace events in target/arm/hvf/ we forgot to create
this file and instead hvf.c directly includes
trace/trace-target_arm_hvf.h.
Create the standard trace.h file to bring this into line with the
convention.
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Message-id: [email protected]
Commit: c5275c734233d6457f2340ca01d4577a971ea328
https://github.com/qemu/qemu/commit/c5275c734233d6457f2340ca01d4577a971ea328
Author: Peter Maydell <[email protected]>
Date: 2024-11-19 (Tue, 19 Nov 2024)
Changed paths:
M trace/control-target.c
M trace/control.c
Log Message:
-----------
trace: Don't include trace-root.h in control.c or control-target.c
The trace-root.h file has the definitions of trace events for
the top-level trace-events file (i.e. for those events which are
used in source files in the root of the source tree). There's
no particular need for trace/control.c or trace/control-target.c
to include this.
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Message-id: [email protected]
Commit: e6459afb1ff4d86b361b14f4a2fc43f0d2b4d679
https://github.com/qemu/qemu/commit/e6459afb1ff4d86b361b14f4a2fc43f0d2b4d679
Author: Peter Maydell <[email protected]>
Date: 2024-11-19 (Tue, 19 Nov 2024)
Changed paths:
M hw/intc/loongarch_extioi.c
M hw/intc/openpic.c
M hw/net/rocker/rocker_of_dpa.c
M hw/timer/exynos4210_mct.c
M hw/watchdog/cmsdk-apb-watchdog.c
M include/hw/intc/arm_gicv3_common.h
M include/qemu/bitmap.h
M include/qemu/bitops.h
M system/dma-helpers.c
M system/trace-events
M target/arm/hvf/hvf.c
A target/arm/hvf/trace.h
M target/arm/ptw.c
M tests/qtest/cmsdk-apb-watchdog-test.c
M tests/qtest/meson.build
M trace-events
M trace/control-target.c
M trace/control.c
Log Message:
-----------
Merge tag 'pull-target-arm-20241119' of
https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* hw/timer/exynos4210_mct: fix possible int overflow
* hw/net/rocker/rocker_of_dpa.c: Remove superfluous error check
* hw/intc/openpic: Avoid taking address of out-of-bounds array index
* hw/watchdog/cmsdk_apb_watchdog: Fix INTEN issues
* arm/ptw: Honour WXN/UWXN and SIF in short-format descriptors
* hw/intc/loongarch_extioi: Use set_bit32() and clear_bit32() to avoid UB
* system/dma-helpers.c: Move trace events to system/trace-events
* target/arm/hvf: Add trace.h header
* trace: Don't include trace-root.h in control.c or control-target.c
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmc8nrwZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3n2nEACc4N7TI2QFbuqa1k4G+C5y
# 1bpWVnkPjeqnTGUyYshtl/ByZi+IH4RDFqlCJxUYgfSvfD74+u78haXcx/ukZL/x
# zNbNu/hjP0v6nQF+upzRcQip5PIBjkbIUJSC3ga90HbsNWv8rvTjVSwQmstQ2b8J
# 9mCNA2ri+NVJ4+kBL5xRSzDqxdu/7sC/eooYfcETlVXcnvL/oMWoF//iThvkaBve
# LyySM+PS1Ni4oApx6LY9VpLzabtaCXh5R4yDMsFW0WucKZf58lm9Z1yU2wdPjuwj
# uauHBbQnJy03LazprIyVNXlaT7SI2Qr+7CV4lAco66DoBsaIP16+Kby1XILbY8qo
# JjJmuNQ8DA9c7F9bPqagZ0PLVRy9Wj0UiXKuqaTHrnnKzbgBprPCApR8bj0XPISs
# xv6qsSrd4u9joSCkrD3XEC9ddzdWMi1xN1Hfw+lkuHOvnWKJJ7O3hortuupGhpeq
# h90VBQ8Gb9S15BlLPfSmSmiO+XjRWU53CcZasQew5bFBIMEha1sPnwz01/KrSZqG
# sN/nBBuVUhT6YjRY/7k7tqT1ATigXrEZPtRgCjap7W+zIILWaO9QUb2y2LlJfofp
# febu0L++xw1JvtHnNin1vImmM5rgCMLMLx3QQ5Kq9jc5ytKnZwzJarLV4LbqIpuv
# h1QzI2SJQXsL2zfBem/0yg==
# =lqA0
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 19 Nov 2024 14:20:44 GMT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "[email protected]"
# gpg: Good signature from "Peter Maydell <[email protected]>" [ultimate]
# gpg: aka "Peter Maydell <[email protected]>" [ultimate]
# gpg: aka "Peter Maydell <[email protected]>"
[ultimate]
# gpg: aka "Peter Maydell <[email protected]>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20241119' of
https://git.linaro.org/people/pmaydell/qemu-arm:
trace: Don't include trace-root.h in control.c or control-target.c
target/arm/hvf: Add trace.h header
system/dma-helpers.c: Move trace events to system/trace-events
hw/intc/loongarch_extioi: Use set_bit32() and clear_bit32() for s->isr
hw/intc/arm_gicv3: Use bitops.h uint32_t bit array functions
bitops.h: Define bit operations on 'uint32_t' arrays
arm/ptw: Honour WXN/UWXN and SIF in short-format descriptors
arm/ptw: Make get_S1prot accept decoded AP
tests/qtest/cmsdk-apb-watchdog-test: Test INTEN as counter enable
tests/qtest/cmsdk-apb-watchdog-test: Don't abort on assertion failure
tests/qtest/cmsdk-apb-watchdog-test: Parameterize tests
hw/watchdog/cmsdk_apb_watchdog: Fix INTEN issues
hw/intc/openpic: Avoid taking address of out-of-bounds array index
hw/net/rocker/rocker_of_dpa.c: Remove superfluous error check
hw/timer/exynos4210_mct: fix possible int overflow
Signed-off-by: Peter Maydell <[email protected]>
Compare: https://github.com/qemu/qemu/compare/70e651279541...e6459afb1ff4
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
