Public bug reported: This bug occurs when the SET flag of Register B is enabled. When an RTC data register (i.e. any of the 10 bytes of time/calender data in CMOS) is set, the data is (as expected) correctly stored in the cmos_data array. However, since the SET flag is enabled, the function rtc_set_time is not invoked. As a result, the field base_rtc in RTCState remains uninitialized. This appears to cause a problem on subsequent writes which can end up overwriting data.
To see this, consider writing data to Register A after having written data to any of the RTC data registers; the following figure illustrates the call stack for the Register A write operation: +- cmos_io_port_write +-- check_update_timer +---- get_next_alarm +------ rtc_update_time In rtc_update_time, get_guest_rtc calculates the wrong time and overwrites the previously written RTC data register values. I have created a standalone test case which exposes this bug: https://github.com/ahorn/benchmarks/commit/fff1ca40694bbef6f7f9de323bb0bed63419ef99 ** Affects: qemu Importance: Undecided Status: New ** Tags: rtc -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1080086 Title: MC146818 RTC breaks when SET bit in Register B is on. Status in QEMU: New Bug description: This bug occurs when the SET flag of Register B is enabled. When an RTC data register (i.e. any of the 10 bytes of time/calender data in CMOS) is set, the data is (as expected) correctly stored in the cmos_data array. However, since the SET flag is enabled, the function rtc_set_time is not invoked. As a result, the field base_rtc in RTCState remains uninitialized. This appears to cause a problem on subsequent writes which can end up overwriting data. To see this, consider writing data to Register A after having written data to any of the RTC data registers; the following figure illustrates the call stack for the Register A write operation: +- cmos_io_port_write +-- check_update_timer +---- get_next_alarm +------ rtc_update_time In rtc_update_time, get_guest_rtc calculates the wrong time and overwrites the previously written RTC data register values. I have created a standalone test case which exposes this bug: https://github.com/ahorn/benchmarks/commit/fff1ca40694bbef6f7f9de323bb0bed63419ef99 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1080086/+subscriptions
