[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 158b65: hw/misc/grlib_ahb_apb_pnp: Avoid cras
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] 158b65: hw/misc/grlib_ahb_apb_pnp: Avoid crash when writin... |
|
Date: |
Thu, 07 Nov 2019 09:13:03 -0800 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 158b65945192eb01708fa13718d92053ad583bba
https://github.com/qemu/qemu/commit/158b65945192eb01708fa13718d92053ad583bba
Author: Philippe Mathieu-Daudé <address@hidden>
Date: 2019-11-05 (Tue, 05 Nov 2019)
Changed paths:
M hw/misc/grlib_ahb_apb_pnp.c
Log Message:
-----------
hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers
Guests can crash QEMU when writting to PnP registers:
$ echo 'writeb 0x800ff042 69' | qemu-system-sparc -M leon3_generic -S -bios
/etc/magic -qtest stdio
[I 1571938309.932255] OPENED
[R +0.063474] writeb 0x800ff042 69
Segmentation fault (core dumped)
(gdb) bt
#0 0x0000000000000000 in ()
#1 0x0000555f4bcdf0bc in memory_region_write_with_attrs_accessor
(mr=0x555f4d7be8c0, addr=66, value=0x7fff07d00f08, size=1, shift=0, mask=255,
attrs=...) at memory.c:503
#2 0x0000555f4bcdf185 in access_with_adjusted_size (addr=66,
value=0x7fff07d00f08, size=1, access_size_min=1, access_size_max=4,
access_fn=0x555f4bcdeff4 <memory_region_write_with_attrs_accessor>,
mr=0x555f4d7be8c0, attrs=...) at memory.c:539
#3 0x0000555f4bce2243 in memory_region_dispatch_write (mr=0x555f4d7be8c0,
addr=66, data=69, op=MO_8, attrs=...) at memory.c:1489
#4 0x0000555f4bc80b20 in flatview_write_continue (fv=0x555f4d92c400,
addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, addr1=66, l=1,
mr=0x555f4d7be8c0) at exec.c:3161
#5 0x0000555f4bc80c65 in flatview_write (fv=0x555f4d92c400, addr=2148528194,
attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3201
#6 0x0000555f4bc80fb0 in address_space_write (as=0x555f4d7aa460,
addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3291
#7 0x0000555f4bc8101d in address_space_rw (as=0x555f4d7aa460,
addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, is_write=true) at
exec.c:3301
#8 0x0000555f4bcdb388 in qtest_process_command (chr=0x555f4c2ed7e0
<qtest_chr>, words=0x555f4db0c5d0) at qtest.c:432
Instead of crashing, log the access as unimplemented.
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: KONRAD Frederic <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Laurent Vivier <address@hidden>
Commit: 0fbe394a64ac9ceb13a98f43d078cd48d3006498
https://github.com/qemu/qemu/commit/0fbe394a64ac9ceb13a98f43d078cd48d3006498
Author: Philippe Mathieu-Daudé <address@hidden>
Date: 2019-11-05 (Tue, 05 Nov 2019)
Changed paths:
M hw/misc/grlib_ahb_apb_pnp.c
Log Message:
-----------
hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses
The Plug & Play region of the AHB/APB bridge can be accessed
by various word size, however the implementation is clearly
restricted to 32-bit:
static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size)
{
APBPnp *apb_pnp = GRLIB_APB_PNP(opaque);
return apb_pnp->regs[offset >> 2];
}
Set the MemoryRegionOps::impl min/max fields to 32-bit, so
memory.c::access_with_adjusted_size() can adjust when the
access is not 32-bit.
This is required to run RTEMS on leon3, the grlib scanning
functions do byte accesses.
Reported-by: Jiri Gaisler <address@hidden>
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: KONRAD Frederic <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Laurent Vivier <address@hidden>
Commit: df59feb197cda31a8b807c13bf509259db9e018f
https://github.com/qemu/qemu/commit/df59feb197cda31a8b807c13bf509259db9e018f
Author: Dr. David Alan Gilbert <address@hidden>
Date: 2019-11-06 (Wed, 06 Nov 2019)
Changed paths:
M docs/interop/pr-helper.rst
M docs/specs/ppc-spapr-hotplug.txt
M docs/specs/ppc-xive.rst
M docs/specs/tpm.txt
M include/hw/xen/interface/io/blkif.h
M scripts/dump-guest-memory.py
Log Message:
-----------
global: Squash 'the the'
'the' has a tendency to double up; squash them back down.
Signed-off-by: Dr. David Alan Gilbert <address@hidden>
Reviewed-by: Alex Bennée <address@hidden>
Reviewed-by: Laurent Vivier <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Message-Id: <address@hidden>
[lv: removed disas/libvixl/vixl/invalset.h change]
Signed-off-by: Laurent Vivier <address@hidden>
Commit: 6a5d22083d50c76a3fdc0bffc6658f42b3b37981
https://github.com/qemu/qemu/commit/6a5d22083d50c76a3fdc0bffc6658f42b3b37981
Author: Peter Maydell <address@hidden>
Date: 2019-11-07 (Thu, 07 Nov 2019)
Changed paths:
M docs/interop/pr-helper.rst
M docs/specs/ppc-spapr-hotplug.txt
M docs/specs/ppc-xive.rst
M docs/specs/tpm.txt
M hw/misc/grlib_ahb_apb_pnp.c
M include/hw/xen/interface/io/blkif.h
M scripts/dump-guest-memory.py
Log Message:
-----------
Merge remote-tracking branch
'remotes/vivier2/tags/trivial-branch-pull-request' into staging
Trivial fixes (20191105-v3)
v3: remove disas/libvixl/vixl/invalset.h changes
v2: remove patch from Greg that has lines with more than 80 columns
# gpg: Signature made Wed 06 Nov 2019 16:23:45 GMT
# gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg: issuer "address@hidden"
# gpg: Good signature from "Laurent Vivier <address@hidden>" [full]
# gpg: aka "Laurent Vivier <address@hidden>" [full]
# gpg: aka "Laurent Vivier (Red Hat) <address@hidden>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C
* remotes/vivier2/tags/trivial-branch-pull-request:
global: Squash 'the the'
hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses
hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/763657b1fc73...6a5d22083d50
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 158b65: hw/misc/grlib_ahb_apb_pnp: Avoid crash when writin...,
Peter Maydell <=