aboutsummaryrefslogtreecommitdiff
path: root/hw
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2021-07-19 11:34:08 +0100
committerPeter Maydell <peter.maydell@linaro.org>2021-07-19 11:34:08 +0100
commit7457b407edd6e8555e4b46488aab2f13959fccf8 (patch)
treec94429d30a760cfa44e04aad3c263e4a6f79bbbc /hw
parentfd79f89c76c8e2f409dd9db5d7a367b1f64b6dc6 (diff)
parent9405d87be25db6dff4d7b5ab48a81bbf6d083e47 (diff)
Merge remote-tracking branch 'remotes/thuth-gitlab/tags/pull-request-2021-07-19' into staging
- Compile-test the Windows installer in the Gitlab-CI - Fix endianess detection problem with LTO in "configure" - Fix two abort()s in the vmxnet code - Fix crash with x-remote machine and IDE devices # gpg: Signature made Mon 19 Jul 2021 10:47:12 BST # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [full] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * remotes/thuth-gitlab/tags/pull-request-2021-07-19: hw/ide: Fix crash when plugging a piix3-ide device into the x-remote machine hw/net/net_tx_pkt: Fix crash detected by fuzzer hw/net/vmxnet3: Do not abort if the guest is trying to use an invalid TX queue configure: Fix endianess test with LTO ci: build & store windows installer Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw')
-rw-r--r--hw/ide/ioport.c16
-rw-r--r--hw/ide/piix.c22
-rw-r--r--hw/isa/isa-bus.c14
-rw-r--r--hw/net/net_tx_pkt.c12
-rw-r--r--hw/net/vmxnet3.c9
5 files changed, 51 insertions, 22 deletions
diff --git a/hw/ide/ioport.c b/hw/ide/ioport.c
index b613ff3bba..e6caa537fa 100644
--- a/hw/ide/ioport.c
+++ b/hw/ide/ioport.c
@@ -50,15 +50,19 @@ static const MemoryRegionPortio ide_portio2_list[] = {
PORTIO_END_OF_LIST(),
};
-void ide_init_ioport(IDEBus *bus, ISADevice *dev, int iobase, int iobase2)
+int ide_init_ioport(IDEBus *bus, ISADevice *dev, int iobase, int iobase2)
{
+ int ret;
+
/* ??? Assume only ISA and PCI configurations, and that the PCI-ISA
bridge has been setup properly to always register with ISA. */
- isa_register_portio_list(dev, &bus->portio_list,
- iobase, ide_portio_list, bus, "ide");
+ ret = isa_register_portio_list(dev, &bus->portio_list,
+ iobase, ide_portio_list, bus, "ide");
- if (iobase2) {
- isa_register_portio_list(dev, &bus->portio2_list,
- iobase2, ide_portio2_list, bus, "ide");
+ if (ret == 0 && iobase2) {
+ ret = isa_register_portio_list(dev, &bus->portio2_list,
+ iobase2, ide_portio2_list, bus, "ide");
}
+
+ return ret;
}
diff --git a/hw/ide/piix.c b/hw/ide/piix.c
index b9860e35a5..d3e738320b 100644
--- a/hw/ide/piix.c
+++ b/hw/ide/piix.c
@@ -26,6 +26,7 @@
#include "qemu/osdep.h"
#include "hw/pci/pci.h"
#include "migration/vmstate.h"
+#include "qapi/error.h"
#include "qemu/module.h"
#include "sysemu/block-backend.h"
#include "sysemu/blockdev.h"
@@ -123,7 +124,8 @@ static void piix_ide_reset(DeviceState *dev)
pci_conf[0x20] = 0x01; /* BMIBA: 20-23h */
}
-static void pci_piix_init_ports(PCIIDEState *d) {
+static int pci_piix_init_ports(PCIIDEState *d)
+{
static const struct {
int iobase;
int iobase2;
@@ -132,24 +134,30 @@ static void pci_piix_init_ports(PCIIDEState *d) {
{0x1f0, 0x3f6, 14},
{0x170, 0x376, 15},
};
- int i;
+ int i, ret;
for (i = 0; i < 2; i++) {
ide_bus_new(&d->bus[i], sizeof(d->bus[i]), DEVICE(d), i, 2);
- ide_init_ioport(&d->bus[i], NULL, port_info[i].iobase,
- port_info[i].iobase2);
+ ret = ide_init_ioport(&d->bus[i], NULL, port_info[i].iobase,
+ port_info[i].iobase2);
+ if (ret) {
+ return ret;
+ }
ide_init2(&d->bus[i], isa_get_irq(NULL, port_info[i].isairq));
bmdma_init(&d->bus[i], &d->bmdma[i], d);
d->bmdma[i].bus = &d->bus[i];
ide_register_restart_cb(&d->bus[i]);
}
+
+ return 0;
}
static void pci_piix_ide_realize(PCIDevice *dev, Error **errp)
{
PCIIDEState *d = PCI_IDE(dev);
uint8_t *pci_conf = dev->config;
+ int rc;
pci_conf[PCI_CLASS_PROG] = 0x80; // legacy ATA mode
@@ -158,7 +166,11 @@ static void pci_piix_ide_realize(PCIDevice *dev, Error **errp)
vmstate_register(VMSTATE_IF(dev), 0, &vmstate_ide_pci, d);
- pci_piix_init_ports(d);
+ rc = pci_piix_init_ports(d);
+ if (rc) {
+ error_setg_errno(errp, -rc, "Failed to realize %s",
+ object_get_typename(OBJECT(dev)));
+ }
}
int pci_piix3_xen_ide_unplug(DeviceState *dev, bool aux)
diff --git a/hw/isa/isa-bus.c b/hw/isa/isa-bus.c
index 7820068e6e..cffaa35e9c 100644
--- a/hw/isa/isa-bus.c
+++ b/hw/isa/isa-bus.c
@@ -131,13 +131,17 @@ void isa_register_ioport(ISADevice *dev, MemoryRegion *io, uint16_t start)
isa_init_ioport(dev, start);
}
-void isa_register_portio_list(ISADevice *dev,
- PortioList *piolist, uint16_t start,
- const MemoryRegionPortio *pio_start,
- void *opaque, const char *name)
+int isa_register_portio_list(ISADevice *dev,
+ PortioList *piolist, uint16_t start,
+ const MemoryRegionPortio *pio_start,
+ void *opaque, const char *name)
{
assert(piolist && !piolist->owner);
+ if (!isabus) {
+ return -ENODEV;
+ }
+
/* START is how we should treat DEV, regardless of the actual
contents of the portio array. This is how the old code
actually handled e.g. the FDC device. */
@@ -145,6 +149,8 @@ void isa_register_portio_list(ISADevice *dev,
portio_list_init(piolist, OBJECT(dev), pio_start, opaque, name);
portio_list_add(piolist, isabus->address_space_io, start);
+
+ return 0;
}
static void isa_device_init(Object *obj)
diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c
index 1f9aa59eca..1cb1125d9f 100644
--- a/hw/net/net_tx_pkt.c
+++ b/hw/net/net_tx_pkt.c
@@ -450,11 +450,13 @@ void net_tx_pkt_reset(struct NetTxPkt *pkt)
pkt->payload_len = 0;
pkt->payload_frags = 0;
- assert(pkt->raw);
- for (i = 0; i < pkt->raw_frags; i++) {
- assert(pkt->raw[i].iov_base);
- pci_dma_unmap(pkt->pci_dev, pkt->raw[i].iov_base, pkt->raw[i].iov_len,
- DMA_DIRECTION_TO_DEVICE, 0);
+ if (pkt->max_raw_frags > 0) {
+ assert(pkt->raw);
+ for (i = 0; i < pkt->raw_frags; i++) {
+ assert(pkt->raw[i].iov_base);
+ pci_dma_unmap(pkt->pci_dev, pkt->raw[i].iov_base,
+ pkt->raw[i].iov_len, DMA_DIRECTION_TO_DEVICE, 0);
+ }
}
pkt->raw_frags = 0;
diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index eff299f629..f6bd8c53b1 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -23,6 +23,7 @@
#include "net/checksum.h"
#include "sysemu/sysemu.h"
#include "qemu/bswap.h"
+#include "qemu/log.h"
#include "qemu/module.h"
#include "hw/pci/msix.h"
#include "hw/pci/msi.h"
@@ -1093,8 +1094,12 @@ vmxnet3_io_bar0_write(void *opaque, hwaddr addr,
int tx_queue_idx =
VMW_MULTIREG_IDX_BY_ADDR(addr, VMXNET3_REG_TXPROD,
VMXNET3_REG_ALIGN);
- assert(tx_queue_idx <= s->txq_num);
- vmxnet3_process_tx_queue(s, tx_queue_idx);
+ if (tx_queue_idx <= s->txq_num) {
+ vmxnet3_process_tx_queue(s, tx_queue_idx);
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR, "vmxnet3: Illegal TX queue %d/%d\n",
+ tx_queue_idx, s->txq_num);
+ }
return;
}