[Qemu-commits] [qemu/qemu] 77582e: MAINTAINERS: Update my git address

qemu-commits
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 77582e: MAINTAINERS: Update my git address

From:	Peter Maydell
Subject:	[Qemu-commits] [qemu/qemu] 77582e: MAINTAINERS: Update my git address
Date:	Thu, 01 Oct 2020 13:45:34 -0700
  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 77582e2c9d14ee32851ef4ea06f5396194a0f657
      
https://github.com/qemu/qemu/commit/77582e2c9d14ee32851ef4ea06f5396194a0f657
  Author: John Snow <jsnow@redhat.com>
  Date:   2020-10-01 (Thu, 01 Oct 2020)

  Changed paths:
    M MAINTAINERS

  Log Message:
  -----------
  MAINTAINERS: Update my git address

I am switching from github to gitlab.

Signed-off-by: John Snow <jsnow@redhat.com>


  Commit: 1d1c4bdb736688b20d864831b90c07dc59c7b10c
      
https://github.com/qemu/qemu/commit/1d1c4bdb736688b20d864831b90c07dc59c7b10c
  Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
  Date:   2020-10-01 (Thu, 01 Oct 2020)

  Changed paths:
    M hw/ide/ahci.c

  Log Message:
  -----------
  hw/ide/ahci: Do not dma_memory_unmap(NULL)

libFuzzer triggered the following assertion:

  cat << EOF | qemu-system-i386 -M pc-q35-5.0 \
    -nographic -monitor none -serial none -qtest stdio
  outl 0xcf8 0x8000fa24
  outl 0xcfc 0xe1068000
  outl 0xcf8 0x8000fa04
  outw 0xcfc 0x7
  outl 0xcf8 0x8000fb20
  write 0xe1068304 0x1 0x21
  write 0xe1068318 0x1 0x21
  write 0xe1068384 0x1 0x21
  write 0xe1068398 0x2 0x21
  EOF
  qemu-system-i386: exec.c:3621: address_space_unmap: Assertion `mr != NULL' 
failed.
  Aborted (core dumped)

This is because we don't check the return value from dma_memory_map()
which can return NULL, then we call dma_memory_unmap(NULL) which is
illegal. Fix by only unmap if the value is not NULL (and the size is
not the expected one).

Cc: qemu-stable@nongnu.org
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200718072854.7001-1-f4bug@amsat.org
Fixes: f6ad2e32f8 ("ahci: add ahci emulation")
BugLink: https://bugs.launchpad.net/qemu/+bug/1884693
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>


  Commit: 98d98912238d9f4f4c41bda0a3d944d0cff934ce
      
https://github.com/qemu/qemu/commit/98d98912238d9f4f4c41bda0a3d944d0cff934ce
  Author: John Snow <jsnow@redhat.com>
  Date:   2020-10-01 (Thu, 01 Oct 2020)

  Changed paths:
    M hw/ide/core.c
    M hw/ide/ioport.c
    M hw/ide/macio.c
    M hw/ide/mmio.c
    M hw/ide/pci.c
    M hw/ide/trace-events
    M include/hw/ide/internal.h

  Log Message:
  -----------
  ide: rename cmd_write to ctrl_write

It's the Control register, part of the Control block -- Command is
misleading here. Rename all related functions and constants.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>


  Commit: f14bc040b073257f0eb8200042634c0d15f59ea7
      
https://github.com/qemu/qemu/commit/f14bc040b073257f0eb8200042634c0d15f59ea7
  Author: John Snow <jsnow@redhat.com>
  Date:   2020-10-01 (Thu, 01 Oct 2020)

  Changed paths:
    M hw/ide/core.c

  Log Message:
  -----------
  ide: don't tamper with the device register

In real ISA operation, register writes go out to an entire bus channel
and all listening devices receive the write. The devices do not toggle
the DEV bit based on their own configuration, nor does the HBA
intermediate or tamper with that value.

The reality of the matter is that DEV0/DEV1 accordingly will react to
command register writes based on whether or not the device was selected.

This does not fix a known bug, but it makes the code slightly simpler
and more obvious.

Signed-off-by: John Snow <jsnow@redhat.com>


  Commit: be8c9423dec7bd0a0af7f57ecbbcb2718db72555
      
https://github.com/qemu/qemu/commit/be8c9423dec7bd0a0af7f57ecbbcb2718db72555
  Author: John Snow <jsnow@redhat.com>
  Date:   2020-10-01 (Thu, 01 Oct 2020)

  Changed paths:
    M hw/ide/core.c
    M include/hw/ide/internal.h

  Log Message:
  -----------
  ide: model HOB correctly

I have been staring at this FIXME for years and I never knew what it
meant. I finally stumbled across it!

When writing to the command registers, the old value is shifted into a
HOB copy of the register and the new value is written into the primary
register. When reading registers, the value retrieved is dependent on
the HOB bit in the CONTROL register.

By setting bit 7 (0x80) in CONTROL, any register read will, if it has
one, yield the HOB value for that register instead.

Our code has a problem: We were using bit 7 of the DEVICE register to
model this. We use bus->cmd roughly as the control register already, as
it stores the value from ide_ctrl_write.

Lastly, all command register writes reset the HOB, so fix that, too.

Signed-off-by: John Snow <jsnow@redhat.com>


  Commit: 14ee9b53adc2f2e7f60f8ee0e906489785c8db13
      
https://github.com/qemu/qemu/commit/14ee9b53adc2f2e7f60f8ee0e906489785c8db13
  Author: John Snow <jsnow@redhat.com>
  Date:   2020-10-01 (Thu, 01 Oct 2020)

  Changed paths:
    M hw/ide/core.c

  Log Message:
  -----------
  ide: reorder set/get sector functions

Reorder these just a pinch to make them more obvious at a glance what
the addressing mode is.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>


  Commit: 0c7515e1c47372ae5d53f2e281b2ccd425ebbcc6
      
https://github.com/qemu/qemu/commit/0c7515e1c47372ae5d53f2e281b2ccd425ebbcc6
  Author: John Snow <jsnow@redhat.com>
  Date:   2020-10-01 (Thu, 01 Oct 2020)

  Changed paths:
    M hw/ide/core.c
    M include/hw/ide/internal.h

  Log Message:
  -----------
  ide: remove magic constants from the device register

(In QEMU, we call this the "select" register.)

My memory isn't good enough to memorize what these magic runes
do. Label them to prevent mixups from happening in the future.

Side note: I assume it's safe to always set 0xA0 even though ATA2 claims
these bits are reserved, because ATA3 immediately reinstated that these
bits should be always on. ATA4 and subsequent specs only claim that the
fields are obsolete, so I assume it's safe to leave these set and that
it should work with the widest array of guests.

Signed-off-by: John Snow <jsnow@redhat.com>


  Commit: 6f52e69f468f3b75db0292be3ee479db699a9a57
      
https://github.com/qemu/qemu/commit/6f52e69f468f3b75db0292be3ee479db699a9a57
  Author: John Snow <jsnow@redhat.com>
  Date:   2020-10-01 (Thu, 01 Oct 2020)

  Changed paths:
    M hw/ide/core.c

  Log Message:
  -----------
  ide: clear interrupt on command write

Not known to fix any bug, but I couldn't help but notice that ATA
specifies that writing to this register should clear an interrupt.

ATA7: Section 5.3.3 (Command register - Effect)
ATA6: Section 7.4.4 (Command register - Effect)
ATA5: Section 7.4.4 (Command register - Effect)
ATA4: Section 7.4.4 (Command register - Effect)
ATA3: Section 5.2.2 (Command register)

Other editions: try searching for the phrase "Writing this register".

Signed-off-by: John Snow <jsnow@redhat.com>


  Commit: 55adb3c45620c31f29978f209e2a44a08d34e2da
      
https://github.com/qemu/qemu/commit/55adb3c45620c31f29978f209e2a44a08d34e2da
  Author: John Snow <jsnow@redhat.com>
  Date:   2020-10-01 (Thu, 01 Oct 2020)

  Changed paths:
    M hw/ide/core.c

  Log Message:
  -----------
  ide: cancel pending callbacks on SRST

The SRST implementation did not keep up with the rest of IDE; it is
possible to perform a weak reset on an IDE device to remove the BSY/DRQ
bits, and then issue writes to the control/device registers which can
cause chaos with the state machine.

Fix that by actually performing a real reset.

Reported-by: Alexander Bulekov <alxndr@bu.edu>
Fixes: https://bugs.launchpad.net/qemu/+bug/1878253
Fixes: https://bugs.launchpad.net/qemu/+bug/1887303
Fixes: https://bugs.launchpad.net/qemu/+bug/1887309
Signed-off-by: John Snow <jsnow@redhat.com>


  Commit: b5ce42f5d138d7546f9faa2decbd6ee8702243a3
      
https://github.com/qemu/qemu/commit/b5ce42f5d138d7546f9faa2decbd6ee8702243a3
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2020-10-01 (Thu, 01 Oct 2020)

  Changed paths:
    M MAINTAINERS
    M hw/ide/ahci.c
    M hw/ide/core.c
    M hw/ide/ioport.c
    M hw/ide/macio.c
    M hw/ide/mmio.c
    M hw/ide/pci.c
    M hw/ide/trace-events
    M include/hw/ide/internal.h

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/jsnow-gitlab/tags/ide-pull-request' 
into staging

Pull request

# gpg: Signature made Thu 01 Oct 2020 18:41:05 BST
# gpg:                using RSA key F9B7ABDBBCACDF95BE76CBD07DEF8106AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>" [full]
# Primary key fingerprint: FAEB 9711 A12C F475 812F  18F2 88A9 064D 1835 61EB
#      Subkey fingerprint: F9B7 ABDB BCAC DF95 BE76  CBD0 7DEF 8106 AAFC 390E

* remotes/jsnow-gitlab/tags/ide-pull-request:
  ide: cancel pending callbacks on SRST
  ide: clear interrupt on command write
  ide: remove magic constants from the device register
  ide: reorder set/get sector functions
  ide: model HOB correctly
  ide: don't tamper with the device register
  ide: rename cmd_write to ctrl_write
  hw/ide/ahci: Do not dma_memory_unmap(NULL)
  MAINTAINERS: Update my git address

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/625581c2602b...b5ce42f5d138
[Prev in Thread]
Current Thread
[Next in Thread]
[Qemu-commits] [qemu/qemu] 77582e: MAINTAINERS: Update my git address, Peter Maydell <=
Prev by Date: [Qemu-commits] [qemu/qemu] 0ae032: target/arm: Replace ARM_FEATURE_PXN with ID_MMFR0....
Next by Date: [Qemu-commits] [qemu/qemu] 043c2c: migration: Silence compiler warning in global_stat...
Previous by thread: [Qemu-commits] [qemu/qemu] 0ae032: target/arm: Replace ARM_FEATURE_PXN with ID_MMFR0....
Next by thread: [Qemu-commits] [qemu/qemu] 043c2c: migration: Silence compiler warning in global_stat...
Index(es):
- Date
- Thread