[Qemu-commits] [qemu/qemu] c9afc7: hw/misc/aspeed_hace: Ensure HASH_IRQ is always set...

[Guenter Roeck via Qemu-commits]

  Branch: refs/heads/staging-10.0
  Home:   https://github.com/qemu/qemu
  Commit: c9afc732e22b0d7443f7774b7479c28c882c0b30
      
https://github.com/qemu/qemu/commit/c9afc732e22b0d7443f7774b7479c28c882c0b30
  Author: Jamin Lin <jamin_...@aspeedtech.com>
  Date:   2025-05-29 (Thu, 29 May 2025)

  Changed paths:
    M hw/misc/aspeed_hace.c

  Log Message:
  -----------
  hw/misc/aspeed_hace: Ensure HASH_IRQ is always set to prevent firmware hang

Currently, if the program encounters an unsupported algorithm, it does not set
the HASH_IRQ bit in the status register and send an interrupt to indicate
command completion. As a result, the FW gets stuck waiting for a completion
signal from the HACE module.

Additionally, in do_hash_operation, if an error occurs within the conditional
statement, the HASH_IRQ bit is not set in the status register. This causes the
firmware to continuously send HASH commands, as it is unaware that the HACE
model has completed processing the command.

To fix this, the HASH_IRQ bit in the status register must always be set to
ensure that the firmware receives an interrupt from the HACE module, preventing
it from getting stuck or repeatedly sending HASH commands.

Signed-off-by: Jamin Lin <jamin_...@aspeedtech.com>
Fixes: c5475b3 ("hw: Model ASPEED's Hash and Crypto Engine")
Reviewed-by: Cédric Le Goater <c...@redhat.com>
Link: 
https://lore.kernel.org/qemu-devel/20250515081008.583578-4-jamin_...@aspeedtech.com
Signed-off-by: Cédric Le Goater <c...@redhat.com>
(cherry picked from commit fb8e59abbe46957cd599bb9aa9221fad1e4e989e)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 80a03b51b2a679e944c351eadbb391abc2f196e6
      
https://github.com/qemu/qemu/commit/80a03b51b2a679e944c351eadbb391abc2f196e6
  Author: Jamin Lin <jamin_...@aspeedtech.com>
  Date:   2025-05-29 (Thu, 29 May 2025)

  Changed paths:
    M hw/arm/aspeed_ast27x0.c

  Log Message:
  -----------
  hw/arm/aspeed_ast27x0: Fix RAM size detection failure on BE hosts

On big-endian hosts, the aspeed_ram_capacity_write() function previously passed
the address of a 64-bit "data" variable directly to address_space_write(),
assuming host and guest endianness matched.

However, the data is expected to be written in little-endian format to DRAM.
On big-endian hosts, this led to incorrect data being written into DRAM,
which caused the guest firmware to misdetect the DRAM size.

As a result, U-Boot fails to boot and hangs.

- Replaces the "address_space_write()" call with "address_space_stl_le()",
  which performs an explicit 32-bit little-endian write.
- Updating the MemoryRegionOps to restrict access to exactly 4 bytes
  using .valid.{min,max}_access_size = 4 and .impl.min_access_size = 4.

Signed-off-by: Jamin Lin <jamin_...@aspeedtech.com>
Fixes: 7436db1 ("aspeed/soc: fix incorrect dram size for AST2700")
Reviewed-by: Cédric Le Goater <c...@redhat.com>
Link: 
https://lore.kernel.org/qemu-devel/20250522023305.2486536-4-jamin_...@aspeedtech.com
Signed-off-by: Cédric Le Goater <c...@redhat.com>
(cherry picked from commit e6941ac106190490d8b455eedc5b368e6d94d4cc)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 6eea0cd5114ffc491a8bf73fd682676638f037e2
      
https://github.com/qemu/qemu/commit/6eea0cd5114ffc491a8bf73fd682676638f037e2
  Author: Weifeng Liu <weifeng.li...@gmail.com>
  Date:   2025-05-30 (Fri, 30 May 2025)

  Changed paths:
    M ui/gtk.c

  Log Message:
  -----------
  ui/gtk: Document scale and coordinate handling

The existence of multiple scaling factors forces us to deal with various
coordinate systems and this would be confusing. It would be beneficial
to define the concepts clearly and use consistent representation for
variables in different coordinates.

Signed-off-by: Weifeng Liu <weifeng.li...@gmail.com>
Message-ID: <20250511073337.876650-2-weifeng.li...@gmail.com>
Acked-by: Gerd Hoffmann <kra...@redhat.com>
Acked-by: Marc-André Lureau <marcandre.lur...@redhat.com>
(cherry picked from commit 9498e2f7e1a247557cfa0f830a86c398a23c6809)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 91fec603bdfb07b2339fd14c31abddb608974bb7
      
https://github.com/qemu/qemu/commit/91fec603bdfb07b2339fd14c31abddb608974bb7
  Author: Weifeng Liu <weifeng.li...@gmail.com>
  Date:   2025-05-30 (Fri, 30 May 2025)

  Changed paths:
    M ui/gtk-egl.c
    M ui/gtk-gl-area.c
    M ui/gtk.c

  Log Message:
  -----------
  ui/gtk: Use consistent naming for variables in different coordinates

Now that we've documented definitions and presentation of various
coordinates, let's enforce the rules.

Signed-off-by: Weifeng Liu <weifeng.li...@gmail.com>
Message-ID: <20250511073337.876650-3-weifeng.li...@gmail.com>
Acked-by: Gerd Hoffmann <kra...@redhat.com>
Acked-by: Marc-André Lureau <marcandre.lur...@redhat.com>
(cherry picked from commit 3a6b314409b42fe7c46c2bd80cfc2a6744d414fe)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 43fecc5dde342ec9f04ee8a28d2b09f4cfe1450d
      
https://github.com/qemu/qemu/commit/43fecc5dde342ec9f04ee8a28d2b09f4cfe1450d
  Author: Weifeng Liu <weifeng.li...@gmail.com>
  Date:   2025-05-30 (Fri, 30 May 2025)

  Changed paths:
    M include/ui/gtk.h
    M ui/gtk.c

  Log Message:
  -----------
  gtk/ui: Introduce helper gd_update_scale

The code snippet updating scale_x/scale_y is general and will be used in
next patch. Make it a function.

Signed-off-by: Weifeng Liu <weifeng.li...@gmail.com>
Message-ID: <20250511073337.876650-4-weifeng.li...@gmail.com>
Acked-by: Gerd Hoffmann <kra...@redhat.com>
Acked-by: Marc-André Lureau <marcandre.lur...@redhat.com>
(cherry picked from commit a19665448156f17b52b7f33e7960d57efcfca067)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: a5a805068a2ca0dabf71f05c56bdbdba7360f985
      
https://github.com/qemu/qemu/commit/a5a805068a2ca0dabf71f05c56bdbdba7360f985
  Author: Weifeng Liu <weifeng.li...@gmail.com>
  Date:   2025-05-30 (Fri, 30 May 2025)

  Changed paths:
    M ui/gtk-gl-area.c

  Log Message:
  -----------
  ui/gtk: Update scales in fixed-scale mode when rendering GL area

When gl=on, scale_x and scale_y were set to 1 on startup that didn't
reflect the real situation of the scan-out in free scale mode, resulting
in incorrect cursor coordinates to be sent when moving the mouse
pointer. Simply updating the scales before rendering the image fixes
this issue.

Signed-off-by: Weifeng Liu <weifeng.li...@gmail.com>
Message-ID: <20250511073337.876650-5-weifeng.li...@gmail.com>
Acked-by: Gerd Hoffmann <kra...@redhat.com>
Acked-by: Marc-André Lureau <marcandre.lur...@redhat.com>
(cherry picked from commit 8fb072472c38cb1778c5b0bebf535a8b13533857)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 613f05a4c653761550b1d5a5ff8993d1f8e22230
      
https://github.com/qemu/qemu/commit/613f05a4c653761550b1d5a5ff8993d1f8e22230
  Author: Weifeng Liu <weifeng....@intel.com>
  Date:   2025-05-30 (Fri, 30 May 2025)

  Changed paths:
    M ui/sdl2.c

  Log Message:
  -----------
  ui/sdl: Consider scaling in mouse event handling

When using sdl display backend, if the window is scaled, incorrect mouse
positions will be reported since scaling is not properly handled. Fix it
by transforming the positions from window coordinate to guest buffer
coordinate.

Signed-off-by: Weifeng Liu <weifeng....@intel.com>
Message-ID: <20250511073337.876650-6-weifeng.li...@gmail.com>
Acked-by: Gerd Hoffmann <kra...@redhat.com>
Acked-by: Marc-André Lureau <marcandre.lur...@redhat.com>
(cherry picked from commit 30aa105640b0a2a541744b6584d57c9a4b86debd)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: a610978bc55f0199344a5ba6bc6927f9fef08a11
      
https://github.com/qemu/qemu/commit/a610978bc55f0199344a5ba6bc6927f9fef08a11
  Author: Daniel P. Berrangé <berra...@redhat.com>
  Date:   2025-05-30 (Fri, 30 May 2025)

  Changed paths:
    M ui/vnc-enc-tight.c
    M ui/vnc-enc-zrle.c
    M ui/vnc-jobs.c
    M ui/vnc.c
    M ui/vnc.h

  Log Message:
  -----------
  ui/vnc.c: replace big endian flag with byte order value

It will make it easier to do certain comparisons in future if we
store G_BIG_ENDIAN/G_LITTLE_ENDIAN directly, instead of a boolean
flag, as we can then compare directly to the G_BYTE_ORDER constant.

Reviewed-by: BALATON Zoltan <bala...@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Daniel P. Berrangé <berra...@redhat.com>
(cherry picked from commit 7ed96710e82c385c6cfc3d064eec7dde20f0f3fd)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 531cbd8e262d3e59059ea07a72d3aa71c9e94573
      
https://github.com/qemu/qemu/commit/531cbd8e262d3e59059ea07a72d3aa71c9e94573
  Author: Daniel P. Berrangé <berra...@redhat.com>
  Date:   2025-05-30 (Fri, 30 May 2025)

  Changed paths:
    M include/ui/qemu-pixman.h
    M ui/qemu-pixman.c
    M ui/vnc-enc-tight.c
    M ui/vnc.c

  Log Message:
  -----------
  ui/vnc: take account of client byte order in pixman format

The set_pixel_conversion() method is responsible for determining whether
the VNC client pixel format matches the server format, and thus whether
we can use the fast path "copy" impl for sending pixels, or must use
the generic impl with bit swizzling.

The VNC server format is set at build time to VNC_SERVER_FB_FORMAT,
which corresponds to PIXMAN_x8r8g8b8.

The qemu_pixman_get_format() method is then responsible for converting
the VNC pixel format into a pixman format.

The VNC client pixel shifts are relative to the associated endianness.

The pixman formats are always relative to the host native endianness.

The qemu_pixman_get_format() method does not take into account the
VNC client endianness, and is thus returning a pixman format that is
only valid with the host endianness matches that of the VNC client.

This has been broken since pixman was introduced to the VNC server:

  commit 9f64916da20eea67121d544698676295bbb105a7
  Author: Gerd Hoffmann <kra...@redhat.com>
  Date:   Wed Oct 10 13:29:43 2012 +0200

    pixman/vnc: use pixman images in vnc.

The flaw can be demonstrated using the Tigervnc client by using

   vncviewer -AutoSelect=0 -PreferredEncoding=raw server:display

connecting from a LE client to a QEMU on a BE server, or the
reverse.

The bug was masked, however, because almost all VNC clients will
advertize support for the "tight" encoding and the QEMU VNC server
will prefer "tight" if advertized.

The tight_pack24 method is responsible for taking a set of pixels
which have already been converted into client endianness and then
repacking them into the TPIXEL format which the RFB spec defines
as

  "TPIXEL is only 3 bytes long, where the first byte is the
   red component, the second byte is the green component,
   and the third byte is the blue component of the pixel
   color value"

IOW, the TPIXEL format is fixed on the wire, regardless of what
the VNC client declare as its endianness.

Since the VNC pixel encoding code was failing to honour the endian
flag of the client, the tight_pack24 method was always operating
on data in native endianness. Its impl cancelled out the VNC pixel
encoding bug.

With the VNC pixel encoding code now fixed, the tight_pack24 method
needs to take into account that it is operating on data in client
endianness, not native endianness. It thus may need to invert the
pixel shifts.

Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Daniel P. Berrangé <berra...@redhat.com>
(cherry picked from commit 70097442853c389a765c9f6502d861d182b092ae)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 9238fd846db22033cd12aca5736a25d69e1a5985
      
https://github.com/qemu/qemu/commit/9238fd846db22033cd12aca5736a25d69e1a5985
  Author: Daniel P. Berrangé <berra...@redhat.com>
  Date:   2025-05-30 (Fri, 30 May 2025)

  Changed paths:
    M ui/vnc-enc-tight.c

  Log Message:
  -----------
  ui/vnc: fix tight palette pixel encoding for 8/16-bpp formats

When sending a tight rectangle with the palette filter, if the client
format was 8/16bpp, the colours on big endian hosts are not set as
we're sending the wrong bytes. We must first cast the 32-bit colour
to a 16/8-bit value, and then send the result.

Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Daniel P. Berrangé <berra...@redhat.com>
(cherry picked from commit 63d320909220a90647c484263ae5e2f26eb54587)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


  Commit: 1702044371d334bfe4e3ffd96378a419bae4f4f7
      
https://github.com/qemu/qemu/commit/1702044371d334bfe4e3ffd96378a419bae4f4f7
  Author: Guenter Roeck <li...@roeck-us.net>
  Date:   2025-06-01 (Sun, 01 Jun 2025)

  Changed paths:
    M hw/arm/npcm8xx.c

  Log Message:
  -----------
  hw/arm: Add missing psci_conduit to NPCM8XX SoC boot info

Without psci_conduit, the Linux kernel crashes almost immediately.

    psci: probing for conduit method from DT.
    Internal error: Oops - Undefined instruction: 0000000002000000 [#1] PREEMPT 
SMP

Fixes: ae0c4d1a1290 ("hw/arm: Add NPCM8XX SoC")
Cc: qemu-sta...@nongnu.org
Cc: Hao Wu <wuhao...@google.com>
Cc: Peter Maydell <peter.mayd...@linaro.org>
Signed-off-by: Guenter Roeck <li...@roeck-us.net>
Message-id: 20250315142050.3642741-1-li...@roeck-us.net
Reviewed-by: Peter Maydell <peter.mayd...@linaro.org>
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
(cherry picked from commit e6bc01777e5a4b6ecf3414b21a2d7b4846bf4817)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>


Compare: https://github.com/qemu/qemu/compare/ff3419cbacdc...1702044371d3

To unsubscribe from these emails, change your notification settings at 
https://github.com/qemu/qemu/settings/notifications