[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] e3a99a: hw/hppa: Sync hppa_hardware.h file wi
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] e3a99a: hw/hppa: Sync hppa_hardware.h file with SeaBIOS so... |
|
Date: |
Thu, 27 Aug 2020 03:30:36 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: e3a99a8a62027a83d3296ea4234973522e86cfeb
https://github.com/qemu/qemu/commit/e3a99a8a62027a83d3296ea4234973522e86cfeb
Author: Helge Deller <deller@gmx.de>
Date: 2020-08-04 (Tue, 04 Aug 2020)
Changed paths:
M hw/hppa/hppa_hardware.h
M hw/hppa/lasi.c
Log Message:
-----------
hw/hppa: Sync hppa_hardware.h file with SeaBIOS sources
The hppa_hardware.h file is shared with SeaBIOS. Sync it.
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Helge Deller <deller@gmx.de>
Commit: 6d9c524da283c543fe0be00b34e5d37584fab672
https://github.com/qemu/qemu/commit/6d9c524da283c543fe0be00b34e5d37584fab672
Author: Helge Deller <deller@gmx.de>
Date: 2020-08-04 (Tue, 04 Aug 2020)
Changed paths:
M pc-bios/hppa-firmware.img
M roms/seabios-hppa
Log Message:
-----------
seabios-hppa: Update to SeaBIOS hppa version 1
Changes include:
* gcc-10 compile fix
* NetBSD boot fix due to wrong power button address
* Fix endian bug in romfile_loadint()
* Introduce SeaBIOS firmware version check
* Implement QEMU fw_cfg interface support
Required for proper version checking and gcc-10 update on Debian.
Signed-off-by: Helge Deller <deller@gmx.de>
Commit: 28b71a2e42553a3eb8367fec2a2f70265ec77829
https://github.com/qemu/qemu/commit/28b71a2e42553a3eb8367fec2a2f70265ec77829
Author: Helge Deller <deller@gmx.de>
Date: 2020-08-04 (Tue, 04 Aug 2020)
Changed paths:
M hw/hppa/machine.c
Log Message:
-----------
hw/hppa: Implement proper SeaBIOS version check
It's important that the SeaBIOS hppa firmware is at least at a minimal
level to ensure proper interaction between qemu and firmware.
Implement a proper firmware version check by telling SeaBIOS via the
fw_cfg interface which minimal SeaBIOS version is required by this
running qemu instance. If the firmware detects that it's too old, it
will stop.
Signed-off-by: Helge Deller <deller@gmx.de>
Commit: a24d2cf30c06e85dd06c68ad2f162ca53f3b9bc8
https://github.com/qemu/qemu/commit/a24d2cf30c06e85dd06c68ad2f162ca53f3b9bc8
Author: Sven Schnelle <svens@stackframe.org>
Date: 2020-08-04 (Tue, 04 Aug 2020)
Changed paths:
M hw/display/artist.c
Log Message:
-----------
hw/display/artist.c: fix out of bounds check
Fix the following runtime warning with artist framebuffer:
"write outside bounds: wants 1256x1023, max size 1280x1024"
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Sven Schnelle <svens@stackframe.org>
Signed-off-by: Helge Deller <deller@gmx.de>
Commit: b899fe41ceb9c684fa135a081f4c9749400a61d3
https://github.com/qemu/qemu/commit/b899fe41ceb9c684fa135a081f4c9749400a61d3
Author: Helge Deller <deller@gmx.de>
Date: 2020-08-26 (Wed, 26 Aug 2020)
Changed paths:
M hw/hppa/lasi.c
Log Message:
-----------
hw/hppa/lasi: Don't abort on invalid IMR value
NetBSD initializes the LASI IMR value with 0xffffffff to disable all LASI
interrupts. This triggered an assert() and stopped the emulation. By replacing
the check with a warning in the guest log we now allow NetBSD to boot again.
Signed-off-by: Helge Deller <deller@gmx.de>
Commit: b87a7355de04a2771c11824ea791802c052c979c
https://github.com/qemu/qemu/commit/b87a7355de04a2771c11824ea791802c052c979c
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2020-08-26 (Wed, 26 Aug 2020)
Changed paths:
M hw/display/artist.c
Log Message:
-----------
hw/display/artist: Check offset in draw_line to avoid buffer over-run
Invalid I/O writes can craft an offset out of the vram_buffer range.
We avoid:
Program terminated with signal SIGSEGV, Segmentation fault.
284 *dst &= ~plane_mask;
(gdb) bt
#0 0x000055d5dccdc5c0 in artist_rop8 (s=0x55d5defee510, dst=0x7f8e84ed8216
<error: Cannot access memory at address 0x7f8e84ed8216>, val=0 '\000') at
hw/display/artist.c:284
#1 0x000055d5dccdcf83 in fill_window (s=0x55d5defee510, startx=22,
starty=5674, width=65, height=5697) at hw/display/artist.c:551
#2 0x000055d5dccddfb9 in artist_reg_write (opaque=0x55d5defee510,
addr=1051140, val=4265537, size=4) at hw/display/artist.c:902
#3 0x000055d5dcb42a7c in memory_region_write_accessor (mr=0x55d5defeea10,
addr=1051140, value=0x7ffe57db08c8, size=4, shift=0, mask=4294967295,
attrs=...) at memory.c:483
Reported-by: LLVM libFuzzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Helge Deller <deller@gmx.de>
Commit: 84a7b7741a62ede8ff01ae151e59b2a16bda629b
https://github.com/qemu/qemu/commit/84a7b7741a62ede8ff01ae151e59b2a16bda629b
Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
Date: 2020-08-26 (Wed, 26 Aug 2020)
Changed paths:
M hw/display/artist.c
Log Message:
-----------
hw/display/artist: Refactor artist_rop8() to avoid buffer over-run
Invalid I/O writes can craft an offset out of the vram_buffer range.
Instead of passing an unsafe pointer to artist_rop8(), pass the vram_buffer and
the offset. We can now check if the offset is in range before accessing it.
We avoid:
Program terminated with signal SIGSEGV, Segmentation fault.
284 *dst &= ~plane_mask;
(gdb) bt
#0 0x000056367b2085c0 in artist_rop8 (s=0x56367d38b510, dst=0x7f9f972fffff
<error: Cannot access memory at address 0x7f9f972fffff>, val=0 '\000') at
hw/display/artist.c:284
#1 0x000056367b209325 in draw_line (s=0x56367d38b510, x1=-20480, y1=-1,
x2=0, y2=17920, update_start=true, skip_pix=-1, max_pix=-1) at
hw/display/artist.c:646
Reported-by: LLVM libFuzzer
Buglink: https://bugs.launchpad.net/qemu/+bug/1880326
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Helge Deller <deller@gmx.de>
Commit: 8bd0d5b5ef0552d66968a8fdefc5a9080eb358e3
https://github.com/qemu/qemu/commit/8bd0d5b5ef0552d66968a8fdefc5a9080eb358e3
Author: Helge Deller <deller@gmx.de>
Date: 2020-08-26 (Wed, 26 Aug 2020)
Changed paths:
M hw/display/artist.c
Log Message:
-----------
Revert "hw/display/artist: Avoid drawing line when nothing to display"
This reverts commit b0f6455feac97e41045ee394e11c24d92c370f6e.
It's wrong. A line could even be a dot.
Signed-off-by: Helge Deller <deller@gmx.de>
Commit: a501bfc91763d4642390090dd4e6039d67b63702
https://github.com/qemu/qemu/commit/a501bfc91763d4642390090dd4e6039d67b63702
Author: Helge Deller <deller@gmx.de>
Date: 2020-08-26 (Wed, 26 Aug 2020)
Changed paths:
M hw/display/artist.c
Log Message:
-----------
hw/display/artist: Prevent out of VRAM buffer accesses
Simplify various bounds checks by changing parameters like row and column
numbers to become unsigned instead of signed.
With that we can check if the calculated offset is bigger than the size of the
VRAM region and bail out if not.
Reported-by: LLVM libFuzzer
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Buglink: https://bugs.launchpad.net/qemu/+bug/1880326
Buglink: https://bugs.launchpad.net/qemu/+bug/1890310
Buglink: https://bugs.launchpad.net/qemu/+bug/1890311
Buglink: https://bugs.launchpad.net/qemu/+bug/1890312
Buglink: https://bugs.launchpad.net/qemu/+bug/1890370
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Helge Deller <deller@gmx.de>
Commit: e0cf02ce680f11893aca9642e76d6ae68b9375af
https://github.com/qemu/qemu/commit/e0cf02ce680f11893aca9642e76d6ae68b9375af
Author: Helge Deller <deller@gmx.de>
Date: 2020-08-26 (Wed, 26 Aug 2020)
Changed paths:
M hw/display/artist.c
Log Message:
-----------
hw/display/artist: Unbreak size mismatch memory accesses
Commit 5d971f9e6725 ("memory: Revert "memory: accept mismatching sizes
in memory_region_access_valid") broke the artist driver in a way that
the dtwm window manager on HP-UX rendered wrong.
Fixes: 5d971f9e6725 ("memory: Revert "memory: accept mismatching sizes in
memory_region_access_valid")
Signed-off-by: Sven Schnelle <svens@stackframe.org>
Signed-off-by: Helge Deller <deller@gmx.de>
Commit: f9e9f7149027906785949d49b4e4c9b9ec896203
https://github.com/qemu/qemu/commit/f9e9f7149027906785949d49b4e4c9b9ec896203
Author: Sven Schnelle <svens@stackframe.org>
Date: 2020-08-26 (Wed, 26 Aug 2020)
Changed paths:
M hw/display/artist.c
Log Message:
-----------
hw/display/artist: Fix invalidation of lines in artist_draw_line()
The old code didn't invalidate correctly when vertical lines were drawn.
Fix this and move the invalidation out of the loop.
Signed-off-by: Sven Schnelle <svens@stackframe.org>
Signed-off-by: Helge Deller <deller@gmx.de>
Commit: 2f8cd515477edab1cbf38ecbdbfa2cac13ce1550
https://github.com/qemu/qemu/commit/2f8cd515477edab1cbf38ecbdbfa2cac13ce1550
Author: Sven Schnelle <svens@stackframe.org>
Date: 2020-08-26 (Wed, 26 Aug 2020)
Changed paths:
M hw/display/artist.c
Log Message:
-----------
hw/display/artist: Fix invalidation of lines near screen border
If parts of the invalidated screen lines are outside of the VRAM buffer,
the code skips the whole invalidate. This is incorrect when only parts
of the buffer are invisble - which is the case when the mouse cursor is
located near the screen border.
Signed-off-by: Sven Schnelle <svens@stackframe.org>
Signed-off-by: Helge Deller <deller@gmx.de>
Commit: 8e49197ca5e76fdb8928833b2649ef13fc5aab2f
https://github.com/qemu/qemu/commit/8e49197ca5e76fdb8928833b2649ef13fc5aab2f
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2020-08-26 (Wed, 26 Aug 2020)
Changed paths:
M hw/display/artist.c
M hw/hppa/hppa_hardware.h
M hw/hppa/lasi.c
M hw/hppa/machine.c
M pc-bios/hppa-firmware.img
M roms/seabios-hppa
Log Message:
-----------
Merge remote-tracking branch
'remotes/hdeller/tags/target-hppa-v3-pull-request' into staging
artist out of bounds fixes
# gpg: Signature made Wed 26 Aug 2020 22:09:55 BST
# gpg: using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg: aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603
# Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F
* remotes/hdeller/tags/target-hppa-v3-pull-request:
hw/display/artist: Fix invalidation of lines near screen border
hw/display/artist: Fix invalidation of lines in artist_draw_line()
hw/display/artist: Unbreak size mismatch memory accesses
hw/display/artist: Prevent out of VRAM buffer accesses
Revert "hw/display/artist: Avoid drawing line when nothing to display"
hw/display/artist: Refactor artist_rop8() to avoid buffer over-run
hw/display/artist: Check offset in draw_line to avoid buffer over-run
hw/hppa/lasi: Don't abort on invalid IMR value
hw/display/artist.c: fix out of bounds check
hw/hppa: Implement proper SeaBIOS version check
seabios-hppa: Update to SeaBIOS hppa version 1
hw/hppa: Sync hppa_hardware.h file with SeaBIOS sources
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare: https://github.com/qemu/qemu/compare/25f6dc28a3a8...8e49197ca5e7
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] e3a99a: hw/hppa: Sync hppa_hardware.h file with SeaBIOS so...,
Peter Maydell <=