qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 6a02a7: target/arm: Fix sve_zcr_len_for_el


From: Peter Maydell
Subject: [Qemu-commits] [qemu/qemu] 6a02a7: target/arm: Fix sve_zcr_len_for_el
Date: Mon, 08 Jul 2019 06:54:23 -0700

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 6a02a73211c5bc634fccd652777230954b83ccba
      
https://github.com/qemu/qemu/commit/6a02a73211c5bc634fccd652777230954b83ccba
  Author: Richard Henderson <address@hidden>
  Date:   2019-07-08 (Mon, 08 Jul 2019)

  Changed paths:
    M target/arm/helper.c

  Log Message:
  -----------
  target/arm: Fix sve_zcr_len_for_el

Off by one error in the EL2 and EL3 tests.  Remove the test
against EL3 entirely, since it must always be true.

Signed-off-by: Richard Henderson <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: 2785f196318c759d2ba97a36c168e848ec38d362
      
https://github.com/qemu/qemu/commit/2785f196318c759d2ba97a36c168e848ec38d362
  Author: Peter Maydell <address@hidden>
  Date:   2019-07-08 (Mon, 08 Jul 2019)

  Changed paths:
    M tests/migration-test.c

  Log Message:
  -----------
  tests/migration-test: Fix read off end of aarch64_kernel array

The test aarch64 kernel is in an array defined with
 unsigned char aarch64_kernel[] = { [...] }

which means it could be any size; currently it's quite small.
However we write it to a file using init_bootfile(), which
writes exactly 512 bytes to the file. This will break if
we ever end up with a kernel larger than that, and will
read garbage off the end of the array in the current setup
where the kernel is smaller.

Make init_bootfile() take an argument giving the length of
the data to write. This allows us to use it for all architectures
(previously s390 had a special-purpose init_bootfile_s390x
which hardcoded the file to write so it could write the
correct length). We assert that the x86 bootfile really is
exactly 512 bytes as it should be (and as we were previously
just assuming it was).

This was detected by the clang-7 asan:
==15607==ERROR: AddressSanitizer: global-buffer-overflow on address 
0x55a796f51d20 at pc 0x55a796b89c2f bp 0x7ffc58e89160 sp 0x7ffc58e88908
READ of size 512 at 0x55a796f51d20 thread T0
    #0 0x55a796b89c2e in fwrite 
(/home/petmay01/linaro/qemu-from-laptop/qemu/build/sanitizers/tests/migration-test+0xb0c2e)
    #1 0x55a796c46492 in init_bootfile 
/home/petmay01/linaro/qemu-from-laptop/qemu/tests/migration-test.c:99:5
    #2 0x55a796c46492 in test_migrate_start 
/home/petmay01/linaro/qemu-from-laptop/qemu/tests/migration-test.c:593
    #3 0x55a796c44101 in test_baddest 
/home/petmay01/linaro/qemu-from-laptop/qemu/tests/migration-test.c:854:9
    #4 0x7f906ffd3cc9  (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72cc9)
    #5 0x7f906ffd3bfa  (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72bfa)
    #6 0x7f906ffd3bfa  (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72bfa)
    #7 0x7f906ffd3ea1 in g_test_run_suite 
(/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72ea1)
    #8 0x7f906ffd3ec0 in g_test_run 
(/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72ec0)
    #9 0x55a796c43707 in main 
/home/petmay01/linaro/qemu-from-laptop/qemu/tests/migration-test.c:1187:11
    #10 0x7f906e9abb96 in __libc_start_main 
/build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #11 0x55a796b6c2d9 in _start 
(/home/petmay01/linaro/qemu-from-laptop/qemu/build/sanitizers/tests/migration-test+0x932d9)

Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Laurent Vivier <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden


  Commit: c8ead5712486edb5058475fdef2c616857f5056f
      
https://github.com/qemu/qemu/commit/c8ead5712486edb5058475fdef2c616857f5056f
  Author: Peter Maydell <address@hidden>
  Date:   2019-07-08 (Mon, 08 Jul 2019)

  Changed paths:
    M hw/arm/sbsa-ref.c

  Log Message:
  -----------
  hw/arm/sbsa-ref: Remove unnecessary check for secure_sysmem == NULL

In the virt machine, we support TrustZone being either present or
absent, and so the code must deal with the secure_sysmem pointer
possibly being NULL. In the sbsa-ref machine, TrustZone is always
present, but some code and comments copied from virt still treat
it as possibly not being present.

This causes Coverity to complain (CID 1407287) that we check
secure_sysmem for being NULL after an unconditional dereference.
Simplify the code so that instead of initializing the variable
to NULL, unconditionally assigning it, and then testing it for NULL,
we just initialize it correctly in the variable declaration and
then assume it to be non-NULL. We also delete a comment which
only applied to the non-TrustZone config.

Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
Tested-by: Radosław Biernacki <address@hidden>
Reviewed-by: Radosław Biernacki <address@hidden>


  Commit: 85795187f416326f87177cabc39fae1911f04c50
      
https://github.com/qemu/qemu/commit/85795187f416326f87177cabc39fae1911f04c50
  Author: Philippe Mathieu-Daudé <address@hidden>
  Date:   2019-07-08 (Mon, 08 Jul 2019)

  Changed paths:
    M target/arm/vfp_helper.c

  Log Message:
  -----------
  target/arm/vfp_helper: Call set_fpscr_to_host before updating to FPSCR

In commit e9d652824b0 we extracted the vfp_set_fpscr_to_host()
function but failed at calling it in the correct place, we call
it after xregs[ARM_VFP_FPSCR] is modified.

Fix by calling this function before we update FPSCR.

Reported-by: Laurent Desnogues <address@hidden>
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Laurent Desnogues <address@hidden>
Tested-by: Laurent Desnogues <address@hidden>
Message-id: address@hidden
Signed-off-by: Peter Maydell <address@hidden>


  Commit: df34fe314b5da628bc9a2664fb1b887bc0a6cc6d
      
https://github.com/qemu/qemu/commit/df34fe314b5da628bc9a2664fb1b887bc0a6cc6d
  Author: Peter Maydell <address@hidden>
  Date:   2019-07-08 (Mon, 08 Jul 2019)

  Changed paths:
    M hw/arm/sbsa-ref.c
    M target/arm/helper.c
    M target/arm/vfp_helper.c
    M tests/migration-test.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190708' 
into staging

target-arm queue:
 * tests/migration-test: Fix read off end of aarch64_kernel array
 * Fix sve_zcr_len_for_el off-by-one error
 * hw/arm/sbsa-ref: Silence Coverity nit
 * vfp_helper: Call set_fpscr_to_host before updating to FPSCR

# gpg: Signature made Mon 08 Jul 2019 14:21:20 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "address@hidden"
# gpg: Good signature from "Peter Maydell <address@hidden>" [ultimate]
# gpg:                 aka "Peter Maydell <address@hidden>" [ultimate]
# gpg:                 aka "Peter Maydell <address@hidden>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20190708:
  target/arm/vfp_helper: Call set_fpscr_to_host before updating to FPSCR
  hw/arm/sbsa-ref: Remove unnecessary check for secure_sysmem == NULL
  tests/migration-test: Fix read off end of aarch64_kernel array
  target/arm: Fix sve_zcr_len_for_el

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/c4107e8208d0...df34fe314b5d



reply via email to

[Prev in Thread] Current Thread [Next in Thread]