in sifive_plic_read hw/intc/sifive_plic.c:151:16
#1 0x5baf49f7f3bb in memory_region_read_accessor system/memory.c:445:11
Reproducer:
cat << EOF | qemu-system-riscv64 -display \
none -machine accel=qtest, -m 512M -machine shakti_c -m 2G -qtest stdio
readl 0xc001004
EOF
Signed-off-by: Zh
y none -machine accel=qtest, -m 512M -machine q35 -nodefaults \
-device sm501 -qtest stdio
outl 0xcf8 0x8814
outl 0xcfc 0xe400
outl 0xcf8 0x8804
outw 0xcfc 0x02
writel 0xe410 0xe000
writel 0xe4100010 0x1
writel 0xe418 0x10001
writel 0xe41c 0x8000
EOF
Signed-off-by: Zh
ock-backend.c:2583:12
#3 0x55f1f945c74b in nvme_dsm hw/nvme/ctrl.c:2609:30
#4 0x55f1f945831b in nvme_io_cmd hw/nvme/ctrl.c:4470:16
#5 0x55f1f94561b7 in nvme_process_sq hw/nvme/ctrl.c:7039:29
Signed-off-by: Zheyu Ma
---
hw/nvme/ctrl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a
sm501 -qtest stdio
outl 0xcf8 0x8814
outl 0xcfc 0xe400
outl 0xcf8 0x8804
outw 0xcfc 0x02
writel 0xe410 0xe000
writel 0xe4100010 0x1
writel 0xe418 0x10001
writel 0xe41c 0x8000
EOF
Signed-off-by: Zheyu Ma
---
hw/display/sm501.c | 12 ++--
1 file changed, 10 inse
On Tue, Jul 2, 2024 at 11:05 PM Michael S. Tsirkin wrote:
> On Tue, Jul 02, 2024 at 11:04:43PM +0200, Zheyu Ma wrote:
> > The assignment of the op_code in the virtio_crypto_create_asym_session
> > function was moved before its usage to ensure it is correctly set.
> > Previo
in virtio_queue_host_notifier_read
hw/virtio/virtio.c:3641:9
Signed-off-by: Zheyu Ma
---
Changes in v3:
- Refine the commit log
Changes in v2:
- Fix the whitespace in title
Signed-off-by: Zheyu Ma
---
hw/virtio/virtio-crypto.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/virtio
/virtio/virtio-crypto.c:407:19
#3 0x5586a94fc84c in virtio_queue_notify_vq hw/virtio/virtio.c:2277:9
#4 0x5586a94fc0a2 in virtio_queue_host_notifier_read
hw/virtio/virtio.c:3641:9
Signed-off-by: Zheyu Ma
---
Changes in v2:
- Fix the whitespace in title
---
hw/virtio/virtio-crypto.c | 2
/virtio/virtio-crypto.c:407:19
#3 0x5586a94fc84c in virtio_queue_notify_vq hw/virtio/virtio.c:2277:9
#4 0x5586a94fc0a2 in virtio_queue_host_notifier_read
hw/virtio/virtio.c:3641:9
Signed-off-by: Zheyu Ma
---
hw/virtio/virtio-crypto.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion
/virtio/virtio-crypto.c:407:19
#3 0x5586a94fc84c in virtio_queue_notify_vq hw/virtio/virtio.c:2277:9
#4 0x5586a94fc0a2 in virtio_queue_host_notifier_read
hw/virtio/virtio.c:3641:9
Signed-off-by: Zheyu Ma
---
hw/virtio/virtio-crypto.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion
Hi Peter,
On Mon, Jul 1, 2024 at 2:43 PM Peter Maydell
wrote:
> On Sun, 30 Jun 2024 at 17:33, Zheyu Ma wrote:
> >
> > The musb_reset function was causing a memory leak by not properly freeing
> > the memory associated with USBPacket instances before reinitializing
&g
Hi Mark,
On Mon, Jul 1, 2024 at 10:49 PM Mark Cave-Ayland <
mark.cave-ayl...@ilande.co.uk> wrote:
> On 30/06/2024 14:04, Zheyu Ma wrote:
>
> > This patch addresses a potential out-of-bounds memory access issue in the
> > tcx_blit_writel function. It adds bounds checki
Hi Xingtao,
On Mon, Jul 1, 2024 at 5:13 AM Xingtao Yao (Fujitsu)
wrote:
> Hi, zheyu
>
> > -Original Message-
> > From: qemu-devel-bounces+yaoxt.fnst=fujitsu@nongnu.org
> > On Behalf Of
> Zheyu
> > Ma
> > Sent: Sunday, June 30, 2024 9:04 PM
>
\
none -machine accel=qtest, -m 512M -machine realview-pb-a8 -qtest stdio
writeq 0x1000b024 0xf800
EOF
Suggested-by: Philippe Mathieu-Daudé
Suggested-by: Peter Maydell
Signed-off-by: Zheyu Ma
---
Changes in v3:
- Defined masks for UARTIBRD and UARTFBRD to avoid magic numbers.
Changes in v2:
- E
Hi Philippe,
On Tue, Jul 2, 2024 at 5:44 PM Philippe Mathieu-Daudé
wrote:
> On 2/7/24 17:40, Philippe Mathieu-Daudé wrote:
> > Hi Zheyu,
> >
> > On 2/7/24 17:27, Zheyu Ma wrote:
> >> In pl011_get_baudrate(), when we calculate the baudrate we can
> >> ac
/bcm2835_thermal.c:55:bcm2835_thermal_read: code should
not be reached
Aborted
Reproducer:
cat << EOF | qemu-system-aarch64 -display \
none -machine accel=qtest, -m 512M -machine raspi3b -m 1G -qtest stdio
readw 0x3f212003
EOF
Signed-off-by: Zheyu Ma
---
Changes in v2:
- Added .valid.min_acces
\
none -machine accel=qtest, -m 512M -machine realview-pb-a8 -qtest stdio
writeq 0x1000b024 0xf800
EOF
Signed-off-by: Zheyu Ma
---
Changes in v2:
- Enforce the correct register field widths on writes to both UARTIBRD
and UARTFBRD registers.
- Mask UARTIBRD to 16 bits and UARTFBRD to
aarch64 -display \
none -machine accel=qtest, -m 512M -machine realview-pb-a8 -qtest stdio
writeq 0x1000b024 0xf800
EOF
Signed-off-by: Zheyu Ma
---
hw/char/pl011.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/char/pl011.c b/hw/char/pl011.c
index 8753b84a84..f962786e2a
/arm/nseries.c:1356:5
#16 0x561e22561170 in n810_init hw/arm/nseries.c:1418:5
Signed-off-by: Zheyu Ma
---
hw/usb/hcd-musb.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/usb/hcd-musb.c b/hw/usb/hcd-musb.c
index 6dca373cb1..0300aeaec6 100644
--- a/hw/usb/hcd-musb.c
+++ b/hw/usb/hcd
ed-off-by: Zheyu Ma
---
hw/misc/bcm2835_thermal.c | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/hw/misc/bcm2835_thermal.c b/hw/misc/bcm2835_thermal.c
index ee7816b8a5..5c2a429d58 100644
--- a/hw/misc/bcm2835_thermal.c
+++ b/hw/misc/bcm2835_thermal.c
@@ -51,8
2e98c4 0x3d92fd01
EOF
Signed-off-by: Zheyu Ma
---
hw/display/tcx.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/hw/display/tcx.c b/hw/display/tcx.c
index 99507e7638..af43bea7f2 100644
--- a/hw/display/tcx.c
+++ b/hw/display/tcx.c
@@ -33,6 +33,7 @@
#include "migration/vmstate.h"
On Thu, Jun 20, 2024 at 2:35 PM Cédric Le Goater wrote:
>
> >> @@ -75,6 +75,7 @@ struct AspeedGPIOClass {
> >> uint32_t nr_gpio_pins;
> >> uint32_t nr_gpio_sets;
> >> const AspeedGPIOReg *reg_table;
> >> +uint32_t reg_table_size;
> >> };
> >
> > - "reg_table_size" is a
h_read system/memory.c:1459:9
#5 0x55a5d9376ad1 in flatview_read_continue_step system/physmem.c:2836:18
#6 0x55a5d9376399 in flatview_read_continue system/physmem.c:2877:19
#7 0x55a5d93775b8 in flatview_read system/physmem.c:2907:12
Signed-off-by: Zheyu Ma
---
Changes in v4:
-
Hi Philippe,
On Wed, Jun 19, 2024 at 6:29 PM Philippe Mathieu-Daudé
wrote:
> On 19/6/24 08:49, Zheyu Ma wrote:
> > Hi Andrew,
> >
> > On Wed, Jun 19, 2024 at 1:58 AM Andrew Jeffery
> > mailto:and...@codeconstruct.com.au>>
> wrote:
> >
> > Hell
h_read system/memory.c:1459:9
#5 0x55a5d9376ad1 in flatview_read_continue_step system/physmem.c:2836:18
#6 0x55a5d9376399 in flatview_read_continue system/physmem.c:2877:19
#7 0x55a5d93775b8 in flatview_read system/physmem.c:2907:12
Signed-off-by: Zheyu Ma
---
Changes in v3:
Hi Philippe,
On Tue, Jun 18, 2024 at 10:34 PM Philippe Mathieu-Daudé
wrote:
> On 18/6/24 21:11, Zheyu Ma wrote:
> > Thanks for your useful advice!
> >
> > So how about report the issue and return:
>
> We might report the issue to the user, but there should
>
in flatview_read_continue system/physmem.c:2877:19
#7 0x55a5d93775b8 in flatview_read system/physmem.c:2907:12
Signed-off-by: Zheyu Ma
---
Changes in v2:
- Introduce the reg_table_size to AspeedGPIOClass
---
hw/gpio/aspeed_gpio.c | 17 +
include/hw/gpio/aspeed_gpio.h | 1 +
2
Hi Andrew,
On Wed, Jun 19, 2024 at 1:58 AM Andrew Jeffery
wrote:
> Hello Zheyu Ma,
>
> On Tue, 2024-06-18 at 15:09 +0200, Zheyu Ma wrote:
> > Added bounds checking in the aspeed_gpio_read() and aspeed_gpio_write()
> > functions to ensure the index idx is w
_assert) != capa_to_assert) {
regards,
Zheyu
On Tue, Jun 18, 2024 at 5:35 PM Philippe Mathieu-Daudé
wrote:
> Hi Zheyu,
>
> On 18/6/24 17:23, Zheyu Ma wrote:
> > This patch fixes a heap-buffer-overflow issue in the flash_erase function
> > of the m25p80 flash memory emulatio
athieu-Daudé
Signed-off-by: Zheyu Ma
---
Changes in v3:
- point to the device specification
---
hw/misc/exynos4210_rng.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/misc/exynos4210_rng.c b/hw/misc/exynos4210_rng.c
index 0756bd3205..674d8eece5 100644
--- a/hw/misc/exynos4210_rng.c
++
This commit ensures that accesses to the RNG memory region are properly
validated and align with expected access sizes.
Reproducer:
cat << EOF | qemu-system-aarch64 -display none \
-machine accel=qtest, -m 512M -machine smdkc210 -qtest stdio
readb 0x10830454
EOF
Signed-off-by: Zheyu Ma
-
, we ensure that autopolling is
correctly managed.
Reproducer:
cat << EOF | qemu-system-m68k -display none
-machine accel=qtest, -m 512M -machine q800 -qtest stdio
write 0x5000166d 0x1 0x10
write 0x500b 0x1 0x10
EOF
Signed-off-by: Zheyu Ma zheyum...@gmail.com
---
hw/input/adb.c | 4 +++-
e8be4b in npcm7xx_fiu_ctrl_write hw/ssi/npcm7xx_fiu.c:428:13
Signed-off-by: Zheyu Ma
---
hw/block/m25p80.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index 8dec134832..e9a59f6616 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -617,6 +617,12 @@ stati
the size is invalid.
Reproducer:
cat << EOF | qemu-system-aarch64 -display none \
-machine accel=qtest, -m 512M -machine smdkc210 -qtest stdio
readb 0x10830454
EOF
Signed-off-by: Zheyu Ma
---
hw/misc/exynos4210_rng.c | 14 --
1 file changed, 12 insertions(+), 2 deletions(-)
diff
system-aarch64 -display \
none -machine accel=qtest, -m 512M -machine npcm750-evb -qtest stdio
writel 0xf03fe20c 0x26d7468c
EOF
Signed-off-by: Zheyu Ma
---
hw/timer/a9gtimer.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/hw/timer/a9gtimer.c b/hw/timer/a9gtimer.c
index a2ac5bdfb9..64d80cdf6a
f=none,format=raw,id=disk0 -device \
usb-storage,port=1,drive=disk0 -qtest stdio
readl 0x3f980dfb
EOF
Signed-off-by: Zheyu Ma
---
hw/usb/hcd-dwc2.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/hw/usb/hcd-dwc2.c b/hw/usb/hcd-dwc2.c
index 8cac9c0a06..b4f0652c7d
configurations in the RCC registers.
Reproducer:
cat << EOF | qemu-system-aarch64 -display \
none -machine accel=qtest, -m 512M -machine b-l475e-iot01a -qtest \
stdio
writeq 0x40021008 0x
EOF
Signed-off-by: Zheyu Ma
---
hw/misc/stm32l4x5_rcc.c | 28
1 file c
-by: Zheyu Ma
---
hw/gpio/aspeed_gpio.c | 26 ++
1 file changed, 26 insertions(+)
diff --git a/hw/gpio/aspeed_gpio.c b/hw/gpio/aspeed_gpio.c
index c1781e2ba3..1441046f6c 100644
--- a/hw/gpio/aspeed_gpio.c
+++ b/hw/gpio/aspeed_gpio.c
@@ -550,6 +550,7 @@ static uint64_t
The device should not handle the commands which have bad request/reply
size, it should just report the error instead of raising an assertation.
Signed-off-by: Zheyu Ma
---
hw/virtio/virtio-iommu.c | 10 +++---
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/hw/virtio/virtio
:1157:5
Signed-off-by: Zheyu Ma
---
hw/block/virtio-blk.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index 92de315f17..bb86e65f65 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -768,7 +768,8 @@ static void
in aio_dispatch_handlers qemu/util/aio-posix.c:414:20
#9 0x57cea3978eb1 in aio_dispatch qemu/util/aio-posix.c:424:5
#10 0x57cea3a1eede in aio_ctx_dispatch qemu/util/async.c:360:5
Signed-off-by: Zheyu Ma
Reviewed-by: Manos Pitsidianakis
---
Changes in v2:
- Applied similar error handling
in aio_dispatch qemu/util/aio-posix.c:424:5
#10 0x57cea3a1eede in aio_ctx_dispatch qemu/util/async.c:360:5
Signed-off-by: Zheyu Ma
---
hw/audio/virtio-snd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/audio/virtio-snd.c b/hw/audio/virtio-snd.c
index e604d8f30c..d9e9f980f7
In qvirtqueue_kick(), the 'flags' were previously being incorrectly read from
vq->avail instead of the correct vq->used location. This update ensures 'flags'
are read from the correct location as per the virtio standard.
Signed-off-by: Zheyu Ma
---
tests/qtest/libqos/virtio.c | 2 +-
in tulip_desc_write qemu/hw/net/tulip.c:101:9
#14 0x5595435f7e3d in tulip_xmit_list_update qemu/hw/net/tulip.c:706:9
#15 0x5595435f204a in tulip_write qemu/hw/net/tulip.c:805:13
Fix this bug by restricting the DMA engine to memories regions.
Signed-off-by: Zheyu Ma
---
Changes in v2:
- Remove
qemu/hw/net/tulip.c:805:13
Fix this bug by restricting the DMA engine to memories regions.
Signed-off-by: Zheyu Ma
---
hw/net/tulip.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/net/tulip.c b/hw/net/tulip.c
index 097e905bec..b9e42c322a 100644
--- a/hw/net/tulip.c
44 matches
Mail list logo
