qemu-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 62a9b2: hw/timer/slavio_timer: Allow 64-bit a

From: Peter Maydell
Subject: [Qemu-commits] [qemu/qemu] 62a9b2: hw/timer/slavio_timer: Allow 64-bit accesses
Date: Wed, 06 Jan 2021 08:21:13 -0800 
  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 62a9b228b5fefe0f9e364dfeaf3c65022c63cdb9
      
https://github.com/qemu/qemu/commit/62a9b228b5fefe0f9e364dfeaf3c65022c63cdb9
  Author: Philippe Mathieu-Daudé <f4bug@amsat.org>
  Date:   2021-01-06 (Wed, 06 Jan 2021)

  Changed paths:
    M hw/timer/slavio_timer.c

  Log Message:
  -----------
  hw/timer/slavio_timer: Allow 64-bit accesses

Per the "NCR89C105 Chip Specification" referenced in the header:

                  Chip-level Address Map

  ------------------------------------------------------------------
  | 1D0 0000 ->   | Counter/Timers                        | W,D    |
  |   1DF FFFF    |                                       |        |
  ...

  The address map indicated the allowed accesses at each address.
  [...] W indicates a word access, and D indicates a double-word
  access.

The SLAVIO timer controller is implemented expecting 32-bit accesses.
Commit a3d12d073e1 restricted the memory accesses to 32-bit, while
the device allows 64-bit accesses.

This was not an issue until commit 5d971f9e67 which reverted
("memory: accept mismatching sizes in memory_region_access_valid").

Fix by renaming .valid MemoryRegionOps as .impl, and add the valid
access range (W -> 4, D -> 8).

Since commit 21786c7e598 ("memory: Log invalid memory accesses")
this class of bug can be quickly debugged displaying 'guest_errors'
accesses, as:

  $ qemu-system-sparc -M SS-20 -m 256 -bios ss20_v2.25_rom -serial stdio -d 
guest_errors

  Power-ON Reset
  Invalid access at addr 0x0, size 8, region 'timer-1', reason: invalid size 
(min:4 max:4)

  $ qemu-system-sparc -M SS-20 -m 256 -bios ss20_v2.25_rom -monitor stdio -S
  (qemu) info mtree
  address-space: memory
    0000000000000000-ffffffffffffffff (prio 0, i/o): system
      ...
      0000000ff1300000-0000000ff130000f (prio 0, i/o): timer-1
             ^^^^^^^^^                                 ^^^^^^^
                   \ memory region base address and name /

  (qemu) info qtree
  bus: main-system-bus
    dev: slavio_timer, id ""              <-- device type name
      gpio-out "sysbus-irq" 17
      num_cpus = 1 (0x1)
      mmio 0000000ff1310000/0000000000000014
      mmio 0000000ff1300000/0000000000000010 <--- base address
      mmio 0000000ff1301000/0000000000000010
      mmio 0000000ff1302000/0000000000000010
      ...

Reported-by: Yap KV <yapkv@yahoo.com>
Buglink: https://bugs.launchpad.net/bugs/1906905
Fixes: a3d12d073e1 ("slavio_timer: convert to memory API")
CC: qemu-stable@nongnu.org
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201205150903.3062711-1-f4bug@amsat.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>


  Commit: 339195366069635fa47dc995806f236e820e6378
      
https://github.com/qemu/qemu/commit/339195366069635fa47dc995806f236e820e6378
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2021-01-06 (Wed, 06 Jan 2021)

  Changed paths:
    M hw/intc/grlib_irqmp.c
    M hw/sparc/leon3.c
    M include/hw/sparc/grlib.h

  Log Message:
  -----------
  hw/sparc: Make grlib-irqmp device handle its own inbound IRQ lines

Currently the GRLIB_IRQMP device is used in one place (the leon3 board),
but instead of the device providing inbound gpio lines for the board
to wire up, the board code itself calls qemu_allocate_irqs() with
the handler function being a set_irq function defined in the code
for the device.

Refactor this into the standard setup of a device having input
gpio lines.

This fixes a trivial Coverity memory leak report (the leon3
board code leaks the IRQ array returned from qemu_allocate_irqs()).

Fixes: Coverity CID 1421922
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20201212144134.29594-2-peter.maydell@linaro.org>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>


  Commit: aecf994bca54bd0d97732a8af03a584c0fdaff4c
      
https://github.com/qemu/qemu/commit/aecf994bca54bd0d97732a8af03a584c0fdaff4c
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2021-01-06 (Wed, 06 Jan 2021)

  Changed paths:
    M include/hw/sparc/grlib.h

  Log Message:
  -----------
  include/hw/sparc/grlib.h: Remove unused set_pil_in_fn typedef

The grlib.h header defines a set_pil_in_fn typedef which is never
used; remove it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20201212144134.29594-3-peter.maydell@linaro.org>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>


  Commit: a879306ca14de576d3a5dd51f830ebf89753e223
      
https://github.com/qemu/qemu/commit/a879306ca14de576d3a5dd51f830ebf89753e223
  Author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
  Date:   2021-01-06 (Wed, 06 Jan 2021)

  Changed paths:
    M hw/sparc/Kconfig
    M hw/sparc/sun4m.c

  Log Message:
  -----------
  sun4m: don't connect two qemu_irqs directly to the same input

The sun4m board code connects both of the IRQ outputs of each ESCC to the
same slavio input qemu_irq. Connecting two qemu_irqs outputs directly to the
same input is not valid as it produces subtly wrong behaviour (for instance
if both the IRQ lines are high, and then one goes low, the PIC input will see
this as a high-to-low transition even though the second IRQ line should still
be holding it high).

This kind of wiring needs an explicitly created OR gate; add one.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20201219111934.5540-1-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>


  Commit: 30918661c17f90ae25a559a91603142f2bcfa34b
      
https://github.com/qemu/qemu/commit/30918661c17f90ae25a559a91603142f2bcfa34b
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2021-01-06 (Wed, 06 Jan 2021)

  Changed paths:
    M hw/intc/grlib_irqmp.c
    M hw/sparc/Kconfig
    M hw/sparc/leon3.c
    M hw/sparc/sun4m.c
    M hw/timer/slavio_timer.c
    M include/hw/sparc/grlib.h

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc-20210106' into 
staging

qemu-sparc queue

# gpg: Signature made Wed 06 Jan 2021 11:43:02 GMT
# gpg:                using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F
# gpg:                issuer "mark.cave-ayland@ilande.co.uk"
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" 
[full]
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C  C9C4 5BC2 C56F AE0F 321F

* remotes/mcayland/tags/qemu-sparc-20210106:
  sun4m: don't connect two qemu_irqs directly to the same input
  include/hw/sparc/grlib.h: Remove unused set_pil_in_fn typedef
  hw/sparc: Make grlib-irqmp device handle its own inbound IRQ lines
  hw/timer/slavio_timer: Allow 64-bit accesses

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/7a5fd9343d75...30918661c17f
reply via email to
[Prev in Thread] Current Thread [Next in Thread]