| Age | Commit message (Collapse) | Author |
|---|
|
We added a new unit test for testing acpi hotplug on multifunction bridges in
q35 machines. Here, we update the DSDT table gloden master blob for this unit
test.
The test adds the following devices to qemu and then checks the changes
introduced in the DSDT table due to the addition of the following devices:
(a) a multifunction bridge device
(b) a bridge device with function 1
(c) a non-bridge device with function 2
In the DSDT table, we should see AML hotplug descriptions for (a) and (b).
For (a) we should find a hotplug AML description for function 0.
Following is the ASL diff between the original DSDT table and the modified DSDT
table due to the unit test. We see that multifunction bridge on bus 2 and single
function bridge on bus 3 function 1 are described, not the non-bridge balloon
device on bus 4, function 2.
@@ -1,30 +1,30 @@
/*
* Intel ACPI Component Architecture
* AML/ASL+ Disassembler version 20190509 (64-bit version)
* Copyright (c) 2000 - 2019 Intel Corporation
*
* Disassembling to symbolic ASL+ operators
*
- * Disassembly of tests/data/acpi/q35/DSDT, Thu Oct 7 18:29:19 2021
+ * Disassembly of /tmp/aml-C7JCA1, Thu Oct 7 18:29:19 2021
*
* Original Table Header:
* Signature "DSDT"
- * Length 0x00002061 (8289)
+ * Length 0x00002187 (8583)
* Revision 0x01 **** 32-bit table (V1), no 64-bit math support
- * Checksum 0xF9
+ * Checksum 0x8D
* OEM ID "BOCHS "
* OEM Table ID "BXPC "
* OEM Revision 0x00000001 (1)
* Compiler ID "BXPC"
* Compiler Version 0x00000001 (1)
*/
DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC ", 0x00000001)
{
Scope (\)
{
OperationRegion (DBG, SystemIO, 0x0402, One)
Field (DBG, ByteAcc, NoLock, Preserve)
{
DBGB, 8
}
@@ -3265,23 +3265,95 @@
Method (_S1D, 0, NotSerialized) // _S1D: S1 Device State
{
Return (Zero)
}
Method (_S2D, 0, NotSerialized) // _S2D: S2 Device State
{
Return (Zero)
}
Method (_S3D, 0, NotSerialized) // _S3D: S3 Device State
{
Return (Zero)
}
}
+ Device (S10)
+ {
+ Name (_ADR, 0x00020000) // _ADR: Address
+ Name (BSEL, One)
+ Device (S00)
+ {
+ Name (_SUN, Zero) // _SUN: Slot User Number
+ Name (_ADR, Zero) // _ADR: Address
+ Method (_EJ0, 1, NotSerialized) // _EJx: Eject Device, x=0-9
+ {
+ PCEJ (BSEL, _SUN)
+ }
+
+ Method (_DSM, 4, Serialized) // _DSM: Device-Specific Method
+ {
+ Return (PDSM (Arg0, Arg1, Arg2, Arg3, BSEL, _SUN))
+ }
+ }
+
+ Method (DVNT, 2, NotSerialized)
+ {
+ If ((Arg0 & One))
+ {
+ Notify (S00, Arg1)
+ }
+ }
+
+ Method (PCNT, 0, NotSerialized)
+ {
+ BNUM = One
+ DVNT (PCIU, One)
+ DVNT (PCID, 0x03)
+ }
+ }
+
+ Device (S19)
+ {
+ Name (_ADR, 0x00030001) // _ADR: Address
+ Name (BSEL, Zero)
+ Device (S00)
+ {
+ Name (_SUN, Zero) // _SUN: Slot User Number
+ Name (_ADR, Zero) // _ADR: Address
+ Method (_EJ0, 1, NotSerialized) // _EJx: Eject Device, x=0-9
+ {
+ PCEJ (BSEL, _SUN)
+ }
+
+ Method (_DSM, 4, Serialized) // _DSM: Device-Specific Method
+ {
+ Return (PDSM (Arg0, Arg1, Arg2, Arg3, BSEL, _SUN))
+ }
+ }
+
+ Method (DVNT, 2, NotSerialized)
+ {
+ If ((Arg0 & One))
+ {
+ Notify (S00, Arg1)
+ }
+ }
+
+ Method (PCNT, 0, NotSerialized)
+ {
+ BNUM = Zero
+ DVNT (PCIU, One)
+ DVNT (PCID, 0x03)
+ }
+ }
+
Method (PCNT, 0, NotSerialized)
{
+ ^S19.PCNT ()
+ ^S10.PCNT ()
}
}
}
}
Signed-off-by: Ani Sinha <ani@anisinha.ca>
Message-Id: <20211007135750.1277213-4-ani@anisinha.ca>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
|
|
commit d7346e614f4ec ("acpi: x86: pcihp: add support hotplug on multifunction bridges")
added ACPI hotplug descriptions for cold plugged bridges for functions other
than 0. For all other devices, the ACPI hotplug descriptions are limited to
function 0 only. This change adds unit tests for this feature.
This test adds the following devices to qemu and then checks the changes
introduced in the DSDT table due to the addition of the following devices:
(a) a multifunction bridge device
(b) a bridge device with function 1
(c) a non-bridge device with function 2
In the DSDT table, we should see AML hotplug descriptions for (a) and (b).
For (a) we should find a hotplug AML description for function 0.
The following diff compares the DSDT table AML with the new unit test before
and after the change d7346e614f4ec is introduced. In other words,
this diff reflects the changes that occurs in the DSDT table due to the change
d7346e614f4ec .
@@ -1,60 +1,38 @@
/*
* Intel ACPI Component Architecture
* AML/ASL+ Disassembler version 20190509 (64-bit version)
* Copyright (c) 2000 - 2019 Intel Corporation
*
* Disassembling to symbolic ASL+ operators
*
- * Disassembly of tests/data/acpi/q35/DSDT.multi-bridge, Thu Oct 7 18:56:05 2021
+ * Disassembly of /tmp/aml-AN0DA1, Thu Oct 7 18:56:05 2021
*
* Original Table Header:
* Signature "DSDT"
- * Length 0x000020FE (8446)
+ * Length 0x00002187 (8583)
* Revision 0x01 **** 32-bit table (V1), no 64-bit math support
- * Checksum 0xDE
+ * Checksum 0x8D
* OEM ID "BOCHS "
* OEM Table ID "BXPC "
* OEM Revision 0x00000001 (1)
* Compiler ID "BXPC"
* Compiler Version 0x00000001 (1)
*/
DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC ", 0x00000001)
{
- /*
- * iASL Warning: There was 1 external control method found during
- * disassembly, but only 0 were resolved (1 unresolved). Additional
- * ACPI tables may be required to properly disassemble the code. This
- * resulting disassembler output file may not compile because the
- * disassembler did not know how many arguments to assign to the
- * unresolved methods. Note: SSDTs can be dynamically loaded at
- * runtime and may or may not be available via the host OS.
- *
- * In addition, the -fe option can be used to specify a file containing
- * control method external declarations with the associated method
- * argument counts. Each line of the file must be of the form:
- * External (<method pathname>, MethodObj, <argument count>)
- * Invocation:
- * iasl -fe refs.txt -d dsdt.aml
- *
- * The following methods were unresolved and many not compile properly
- * because the disassembler had to guess at the number of arguments
- * required for each:
- */
- External (_SB_.PCI0.S19_.PCNT, MethodObj) // Warning: Unknown method, guessing 1 arguments
-
Scope (\)
{
OperationRegion (DBG, SystemIO, 0x0402, One)
Field (DBG, ByteAcc, NoLock, Preserve)
{
DBGB, 8
}
Method (DBUG, 1, NotSerialized)
{
ToHexString (Arg0, Local0)
ToBuffer (Local0, Local0)
Local1 = (SizeOf (Local0) - One)
Local2 = Zero
While ((Local2 < Local1))
{
@@ -3322,24 +3300,60 @@
Method (DVNT, 2, NotSerialized)
{
If ((Arg0 & One))
{
Notify (S00, Arg1)
}
}
Method (PCNT, 0, NotSerialized)
{
BNUM = One
DVNT (PCIU, One)
DVNT (PCID, 0x03)
}
}
+ Device (S19)
+ {
+ Name (_ADR, 0x00030001) // _ADR: Address
+ Name (BSEL, Zero)
+ Device (S00)
+ {
+ Name (_SUN, Zero) // _SUN: Slot User Number
+ Name (_ADR, Zero) // _ADR: Address
+ Method (_EJ0, 1, NotSerialized) // _EJx: Eject Device, x=0-9
+ {
+ PCEJ (BSEL, _SUN)
+ }
+
+ Method (_DSM, 4, Serialized) // _DSM: Device-Specific Method
+ {
+ Return (PDSM (Arg0, Arg1, Arg2, Arg3, BSEL, _SUN))
+ }
+ }
+
+ Method (DVNT, 2, NotSerialized)
+ {
+ If ((Arg0 & One))
+ {
+ Notify (S00, Arg1)
+ }
+ }
+
+ Method (PCNT, 0, NotSerialized)
+ {
+ BNUM = Zero
+ DVNT (PCIU, One)
+ DVNT (PCID, 0x03)
+ }
+ }
+
Method (PCNT, 0, NotSerialized)
{
- ^S19.PCNT (^S10.PCNT ())
+ ^S19.PCNT ()
+ ^S10.PCNT ()
}
}
}
}
Signed-off-by: Ani Sinha <ani@anisinha.ca>
Message-Id: <20211007135750.1277213-3-ani@anisinha.ca>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
|
|
We are adding a new unit test to cover the acpi hotplug support in q35 for
multi-function bridges. This test uses a new table DSDT.multi-bridge.
We need to allow changes in DSDT acpi table for addition of this new
unit test.
Signed-off-by: Ani Sinha <ani@anisinha.ca>
Message-Id: <20211007135750.1277213-2-ani@anisinha.ca>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
|
|
A recommended way to populate new tables is to have an
empty expected file. In this case, attempts to disassemble
will fail but it is useful to disassemble the actual files.
Detect and skip decompile step in this case.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
qemu-storage-daemon is launched with the vhost-user listen socket path.
The path is first unlinked before opening the listen socket. This
prevents stale UNIX domain socket files from stopping socket
initialization.
This behavior is undesirable in vhost-user-blk-test and the cause of a
bug:
There is a race condition in vhost-user-blk-test when QEMU launches
before QSD. It connects to the old socket that QSD unlinks and the
vhost-user connection is never serviced, resulting in a hang.
Pass the listen socket fd to QSD to maintain listen socket continuity
and prevent the lost connection.
Fixes: 806952026df41939680abe92b329715b9b4e01cc ("test: new qTest case to test the vhost-user-blk-server")
Cc: Raphael Norwitz <raphael.norwitz@nutanix.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Thomas Huth <thuth@redhat.com>
Cc: Coiby Xu <coiby.xu@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20211019135655.83067-1-stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
.. only if TCG is available
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-16-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Suggested-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210902113551.461632-15-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
and drop custom function that were doing the job
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-14-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
follow up call with smbios options generates the same ACPI tables,
so there is no need to run smbios-less variant at all.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-13-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
DSDT:
+ Device (S10)
+ {
+ Name (_ADR, 0x00020000) // _ADR: Address
+ }
New IVRS table:
[000h 0000 4] Signature : "IVRS" [I/O Virtualization Reporting Structure]
[004h 0004 4] Table Length : 00000068
[008h 0008 1] Revision : 01
[009h 0009 1] Checksum : 43
[00Ah 0010 6] Oem ID : "BOCHS "
[010h 0016 8] Oem Table ID : "BXPC "
[018h 0024 4] Oem Revision : 00000001
[01Ch 0028 4] Asl Compiler ID : "BXPC"
[020h 0032 4] Asl Compiler Revision : 00000001
[024h 0036 4] Virtualization Info : 00002800
[028h 0040 8] Reserved : 0000000000000000
[030h 0048 1] Subtable Type : 10 [Hardware Definition Block]
[031h 0049 1] Flags : D1
[032h 0050 2] Length : 0038
[034h 0052 2] DeviceId : 0010
[036h 0054 2] Capability Offset : 0040
[038h 0056 8] Base Address : 00000000FED80000
[040h 0064 2] PCI Segment Group : 0000
[042h 0066 2] Virtualization Info : 0000
[044h 0068 4] Reserved : 00000044
[048h 0072 1] Entry Type : 02
[049h 0073 2] Device ID : 0000
[04Bh 0075 1] Data Setting : 00
[04Ch 0076 1] Entry Type : 02
[04Dh 0077 2] Device ID : 0008
[04Fh 0079 1] Data Setting : 00
[050h 0080 1] Entry Type : 02
[051h 0081 2] Device ID : 0010
[053h 0083 1] Data Setting : 00
[054h 0084 1] Entry Type : 02
[055h 0085 2] Device ID : 00F8
[057h 0087 1] Data Setting : 00
[058h 0088 1] Entry Type : 02
[059h 0089 2] Device ID : 00FA
[05Bh 0091 1] Data Setting : 00
[05Ch 0092 1] Entry Type : 02
[05Dh 0093 2] Device ID : 00FB
[05Fh 0095 1] Data Setting : 00
[060h 0096 1] Entry Type : 48
[061h 0097 2] Device ID : 0000
[063h 0099 1] Data Setting : 00
[064h 0100 1] Handle : 00
[065h 0101 2] Source Used Device ID : 00A0
[067h 0103 1] Variety : 01
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-12-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-11-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-10-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
[000h 0000 4] Signature : "DMAR" [DMA Remapping table]
[004h 0004 4] Table Length : 00000078
[008h 0008 1] Revision : 01
[009h 0009 1] Checksum : 15
[00Ah 0010 6] Oem ID : "BOCHS "
[010h 0016 8] Oem Table ID : "BXPC "
[018h 0024 4] Oem Revision : 00000001
[01Ch 0028 4] Asl Compiler ID : "BXPC"
[020h 0032 4] Asl Compiler Revision : 00000001
[024h 0036 1] Host Address Width : 26
[025h 0037 1] Flags : 01
[026h 0038 10] Reserved : 00 00 00 00 00 00 00 00 00 00
[030h 0048 2] Subtable Type : 0000 [Hardware Unit Definition]
[032h 0050 2] Length : 0040
[034h 0052 1] Flags : 00
[035h 0053 1] Reserved : 00
[036h 0054 2] PCI Segment Number : 0000
[038h 0056 8] Register Base Address : 00000000FED90000
[040h 0064 1] Device Scope Type : 03 [IOAPIC Device]
[041h 0065 1] Entry Length : 08
[042h 0066 2] Reserved : 0000
[044h 0068 1] Enumeration ID : 00
[045h 0069 1] PCI Bus Number : FF
[046h 0070 2] PCI Path : 00,00
[048h 0072 1] Device Scope Type : 01 [PCI Endpoint Device]
[049h 0073 1] Entry Length : 08
[04Ah 0074 2] Reserved : 0000
[04Ch 0076 1] Enumeration ID : 00
[04Dh 0077 1] PCI Bus Number : 00
[04Eh 0078 2] PCI Path : 00,00
[050h 0080 1] Device Scope Type : 01 [PCI Endpoint Device]
[051h 0081 1] Entry Length : 08
[052h 0082 2] Reserved : 0000
[054h 0084 1] Enumeration ID : 00
[055h 0085 1] PCI Bus Number : 00
[056h 0086 2] PCI Path : 01,00
[058h 0088 1] Device Scope Type : 01 [PCI Endpoint Device]
[059h 0089 1] Entry Length : 08
[05Ah 0090 2] Reserved : 0000
[05Ch 0092 1] Enumeration ID : 00
[05Dh 0093 1] PCI Bus Number : 00
[05Eh 0094 2] PCI Path : 1F,00
[060h 0096 1] Device Scope Type : 01 [PCI Endpoint Device]
[061h 0097 1] Entry Length : 08
[062h 0098 2] Reserved : 0000
[064h 0100 1] Enumeration ID : 00
[065h 0101 1] PCI Bus Number : 00
[066h 0102 2] PCI Path : 1F,02
[068h 0104 1] Device Scope Type : 01 [PCI Endpoint Device]
[069h 0105 1] Entry Length : 08
[06Ah 0106 2] Reserved : 0000
[06Ch 0108 1] Enumeration ID : 00
[06Dh 0109 1] PCI Bus Number : 00
[06Eh 0110 2] PCI Path : 1F,03
[070h 0112 2] Subtable Type : 0002 [Root Port ATS Capability]
[072h 0114 2] Length : 0008
[074h 0116 1] Flags : 01
[075h 0117 1] Reserved : 00
[076h 0118 2] PCI Segment Number : 0000
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-9-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-8-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-7-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Update adds CPU entries to MADT/SRAT/FACP and DSDT to cover 288 CPUs.
Notable changes are that CPUs with APIC ID 255 and higher
use 'Processor Local x2APIC Affinity' structure in SRAT and
"Device" element in DSDT.
FACP:
- Use APIC Cluster Model (V4) : 0
+ Use APIC Cluster Model (V4) : 1
SRAT:
...
+[1010h 4112 1] Subtable Type : 00 [Processor Local APIC/SAPIC Affinity]
+[1011h 4113 1] Length : 10
+
+[1012h 4114 1] Proximity Domain Low(8) : 00
+[1013h 4115 1] Apic ID : FE
+[1014h 4116 4] Flags (decoded below) : 00000001
+ Enabled : 1
+[1018h 4120 1] Local Sapic EID : 00
+[1019h 4121 3] Proximity Domain High(24) : 000000
+[101Ch 4124 4] Clock Domain : 00000000
+
+[1020h 4128 1] Subtable Type : 02 [Processor Local x2APIC Affinity]
+[1021h 4129 1] Length : 18
+
+[1022h 4130 2] Reserved1 : 0000
+[1024h 4132 4] Proximity Domain : 00000001
+[1028h 4136 4] Apic ID : 000000FF
+[102Ch 4140 4] Flags (decoded below) : 00000001
+ Enabled : 1
+[1030h 4144 4] Clock Domain : 00000000
+[1034h 4148 4] Reserved2 : 00000000
...
+[1320h 4896 1] Subtable Type : 02 [Processor Local x2APIC Affinity]
+[1321h 4897 1] Length : 18
+
+[1322h 4898 2] Reserved1 : 0000
+[1324h 4900 4] Proximity Domain : 00000001
+[1328h 4904 4] Apic ID : 0000011F
+[132Ch 4908 4] Flags (decoded below) : 00000001
+ Enabled : 1
+[1330h 4912 4] Clock Domain : 00000000
+[1334h 4916 4] Reserved2 : 00000000
DSDT:
...
+ Processor (C0FE, 0xFE, 0x00000000, 0x00)
+ {
...
+ }
+
+ Device (C0FF)
+ {
+ Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
+ Name (_UID, 0xFF) // _UID: Unique ID
...
+ }
+ Device (C11F)
+ {
+ Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
+ Name (_UID, 0x011F) // _UID: Unique ID
...
+ }
APIC:
+[034h 0052 1] Subtable Type : 00 [Processor Local APIC]
+[035h 0053 1] Length : 08
+[036h 0054 1] Processor ID : 01
+[037h 0055 1] Local Apic ID : 01
+[038h 0056 4] Flags (decoded below) : 00000000
+ Processor Enabled : 0
...
+[81Ch 2076 1] Subtable Type : 00 [Processor Local APIC]
+[81Dh 2077 1] Length : 08
+[81Eh 2078 1] Processor ID : FE
+[81Fh 2079 1] Local Apic ID : FE
+[820h 2080 4] Flags (decoded below) : 00000000
+ Processor Enabled : 0
+
+[824h 2084 1] Subtable Type : 09 [Processor Local x2APIC]
+[825h 2085 1] Length : 10
+[826h 2086 2] Reserved : 0000
+[828h 2088 4] Processor x2Apic ID : 000000FF
+[82Ch 2092 4] Flags (decoded below) : 00000000
+ Processor Enabled : 0
+[830h 2096 4] Processor UID : 000000FF
...
+[A24h 2596 1] Subtable Type : 09 [Processor Local x2APIC]
+[A25h 2597 1] Length : 10
+[A26h 2598 2] Reserved : 0000
+[A28h 2600 4] Processor x2Apic ID : 0000011F
+[A2Ch 2604 4] Flags (decoded below) : 00000000
+ Processor Enabled : 0
+[A30h 2608 4] Processor UID : 0000011F
+
+[A34h 2612 1] Subtable Type : 01 [I/O APIC]
+[A35h 2613 1] Length : 0C
+[A36h 2614 1] I/O Apic ID : 00
+[A37h 2615 1] Reserved : 00
+[A38h 2616 4] Address : FEC00000
+[A3Ch 2620 4] Interrupt : 00000000
+
+[A40h 2624 1] Subtable Type : 02 [Interrupt Source Override]
+[A41h 2625 1] Length : 0A
+[A42h 2626 1] Bus : 00
+[A43h 2627 1] Source : 00
+[A44h 2628 4] Interrupt : 00000002
+[A48h 2632 2] Flags (decoded below) : 0000
Polarity : 0
Trigger Mode : 0
-[04Ah 0074 1] Subtable Type : 02 [Interrupt Source Override]
-[04Bh 0075 1] Length : 0A
-[04Ch 0076 1] Bus : 00
-[04Dh 0077 1] Source : 05
-[04Eh 0078 4] Interrupt : 00000005
-[052h 0082 2] Flags (decoded below) : 000D
+[A4Ah 2634 1] Subtable Type : 02 [Interrupt Source Override]
+[A4Bh 2635 1] Length : 0A
+[A4Ch 2636 1] Bus : 00
+[A4Dh 2637 1] Source : 05
+[A4Eh 2638 4] Interrupt : 00000005
+[A52h 2642 2] Flags (decoded below) : 000D
Polarity : 1
Trigger Mode : 3
-[054h 0084 1] Subtable Type : 02 [Interrupt Source Override]
-[055h 0085 1] Length : 0A
-[056h 0086 1] Bus : 00
-[057h 0087 1] Source : 09
-[058h 0088 4] Interrupt : 00000009
-[05Ch 0092 2] Flags (decoded below) : 000D
+[A54h 2644 1] Subtable Type : 02 [Interrupt Source Override]
+[A55h 2645 1] Length : 0A
+[A56h 2646 1] Bus : 00
+[A57h 2647 1] Source : 09
+[A58h 2648 4] Interrupt : 00000009
+[A5Ch 2652 2] Flags (decoded below) : 000D
Polarity : 1
Trigger Mode : 3
-[05Eh 0094 1] Subtable Type : 02 [Interrupt Source Override]
-[05Fh 0095 1] Length : 0A
-[060h 0096 1] Bus : 00
-[061h 0097 1] Source : 0A
-[062h 0098 4] Interrupt : 0000000A
-[066h 0102 2] Flags (decoded below) : 000D
+[A5Eh 2654 1] Subtable Type : 02 [Interrupt Source Override]
+[A5Fh 2655 1] Length : 0A
+[A60h 2656 1] Bus : 00
+[A61h 2657 1] Source : 0A
+[A62h 2658 4] Interrupt : 0000000A
+[A66h 2662 2] Flags (decoded below) : 000D
Polarity : 1
Trigger Mode : 3
-[068h 0104 1] Subtable Type : 02 [Interrupt Source Override]
-[069h 0105 1] Length : 0A
-[06Ah 0106 1] Bus : 00
-[06Bh 0107 1] Source : 0B
-[06Ch 0108 4] Interrupt : 0000000B
-[070h 0112 2] Flags (decoded below) : 000D
+[A68h 2664 1] Subtable Type : 02 [Interrupt Source Override]
+[A69h 2665 1] Length : 0A
+[A6Ah 2666 1] Bus : 00
+[A6Bh 2667 1] Source : 0B
+[A6Ch 2668 4] Interrupt : 0000000B
+[A70h 2672 2] Flags (decoded below) : 000D
Polarity : 1
Trigger Mode : 3
-[072h 0114 1] Subtable Type : 04 [Local APIC NMI]
-[073h 0115 1] Length : 06
-[074h 0116 1] Processor ID : FF
-[075h 0117 2] Flags (decoded below) : 0000
+[A72h 2674 1] Subtable Type : 0A [Local x2APIC NMI]
+[A73h 2675 1] Length : 0C
+[A74h 2676 2] Flags (decoded below) : 0000
Polarity : 0
Trigger Mode : 0
-[077h 0119 1] Interrupt Input LINT : 01
+[A76h 2678 4] Processor UID : FFFFFFFF
+[A7Ah 2682 1] Interrupt Input LINT : 01
+[A7Bh 2683 3] Reserved : 000000
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-6-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Set -smp 1,maxcpus=288 to test for ACPI code that
deal with CPUs with large APIC ID (>255).
PS:
Test requires KVM and in-kernel irqchip support,
so skip test if KVM is not available.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-5-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-4-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
accelerator
Currently it is not possible to create tests that have KVM as a hard
requirement on a host that doesn't support KVM for tested target
binary (modulo going through the trouble of compiling out
the offending test case).
Following scenario makes test fail when it's run on non x86 host:
qemu-system-x86_64 -enable-kvm -M q35,kernel-irqchip=on -smp 1,maxcpus=288
This patch introduces qtest_has_accel() to let users check if accel is
available in advance and avoid executing non run-able test-cases.
It implements detection of TCG and KVM only, the rest could be
added later on, when we actually start testing them in qtest.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-3-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-2-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Cc: Alexander Oleinik <alxndr@bu.edu>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20211007130829.632254-2-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Meson 0.58.2 does not need b_staticpic=$pie anymore, and has
stabilized the keyval module. Remove the workaround and use a few
replacements for features deprecated in the 0.57.0 release cycle.
One feature that we would like to use is passing dependencies to
summary. However, that was broken in 0.59.0 and 0.59.1. Therefore,
use the embedded Meson if the host has anything older than 0.59.2,
but allow --meson= to use 0.58.2.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Since commit 80d7835749 (qemu-options: rewrite help for -smp options),
the preference of sockets/cores in -smp parsing is considered liable
to change, and actually we are going to change it in a coming commit.
So it'll be more stable to use detailed -smp CLIs in the testcases
that have strong dependency on the parsing results.
Currently, test_def_cpu_split use "-smp 8" and will get 8 CPU sockets
based on current parsing rule. But if we change to prefer cores over
sockets we will get one CPU socket with 8 cores, and this testcase
will not get expected numa set by default on x86_64 (Ok on aarch64).
So now explicitly use "-smp 8,sockets=8" to avoid affect from parsing
logic change.
Signed-off-by: Yanan Wang <wangyanan55@huawei.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210929025816.21076-9-wangyanan55@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Since commit 80d7835749 (qemu-options: rewrite help for -smp options),
the preference of sockets/cores in -smp parsing is considered liable
to change, and actually we are going to change it in a coming commit.
So it'll be more stable to use detailed -smp CLIs in testing if we
have strong dependency on the parsing results.
pc_dynamic_cpu_cfg currently assumes/needs that there will be 2 CPU
sockets with "-smp 2". To avoid breaking the test because of parsing
logic change, now explicitly use "-smp 2,sockets=2".
Signed-off-by: Yanan Wang <wangyanan55@huawei.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210929025816.21076-8-wangyanan55@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Skip the test if bzip2 is not available, and run it after they are
uncompressed.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210923105529.3845741-2-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Libvirt can use query-sgx-capabilities to get the host
sgx capabilities to decide how to allocate SGX EPC size to VM.
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210910102258.46648-3-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
The QMP and HMP interfaces can be used by monitor or QMP tools to retrieve
the SGX information from VM side when SGX is enabled on Intel platform.
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210910102258.46648-2-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
g_setenv() can fail; check for it when starting a QEMU process
when we set the QEMU_AUDIO_DRV environment variable.
Because this happens after fork() reporting an exact message
via printf() is a bad idea; just exit(1), as we already do
for the case of execlp() failure.
Fixes: Coverity CID 1460117
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210820163750.9106-1-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
staging
Fuzzing Patches for 2021-09-01
# gpg: Signature made Wed 01 Sep 2021 12:42:00 BST
# gpg: using RSA key FAD4E2BF871375D6340517C44E661DDE583A964E
# gpg: Good signature from "Alexander Bulekov <alxndr@bu.edu>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAD4 E2BF 8713 75D6 3405 17C4 4E66 1DDE 583A 964E
* remotes/a1xndr/tags/fuzz-pull-2021-09-01:
MAINTAINERS: add fuzzing reviewer
MAINTAINERS: Add myself as a reviewer for Device Fuzzing
fuzz: unblock SIGALRM so the timeout works
fuzz: use ITIMER_REAL for timeouts
fuzz: add an instrumentation filter
fuzz: make object-name matching case-insensitive
fuzz: adjust timeout to allow for longer inputs
fuzz: fix sparse memory access in the DMA callback
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
'remotes/stefanberger/tags/pull-tpm-2021-09-01-1' into staging
Merge tpm 2021/09/01 v1
# gpg: Signature made Wed 01 Sep 2021 13:13:27 BST
# gpg: using RSA key B818B9CADF9089C2D5CEC66B75AD65802A0B4211
# gpg: Good signature from "Stefan Berger <stefanb@linux.vnet.ibm.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B818 B9CA DF90 89C2 D5CE C66B 75AD 6580 2A0B 4211
* remotes/stefanberger/tags/pull-tpm-2021-09-01-1:
tests: acpi: tpm1.2: Add expected TPM 1.2 ACPI blobs
tests: acpi: Add test cases for TPM 1.2 with TCPA table
tests: Use QMP to check whether a TPM device model is available
tests: acpi: prepare for new TPM 1.2 related tables
tests: tpm: Create TPM 1.2 response in TPM emulator
tests: acpi: tpm2: Add the renamed ACPI files and drop old ones
tests: Add suffix 'tpm2' or 'tpm12' to ACPI table files
tests: acpi: Prepare for renaming of TPM2 related ACPI files
tests: Add tpm_version field to TPMTestState and fill it
tests: Rename TestState to TPMTestState
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
'remotes/pmaydell/tags/pull-target-arm-20210901' into staging
* Refactor M-profile systick to use Clocks instead of system_clock_scale global
* clock: Provide builtin multiplier/divider
* Add A64FX processor model
* Enable MVE emulation in Cortex-M55
* hw: Add compat machines for 6.2
* hw/intc/arm_gicv3: Replace mis-used MEMTX_* constants by booleans
* hw/arm/raspi: Remove deprecated raspi2/raspi3 aliases
# gpg: Signature made Wed 01 Sep 2021 11:35:57 BST
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* remotes/pmaydell/tags/pull-target-arm-20210901: (51 commits)
arm: Remove system_clock_scale global
hw/timer/stellaris-gptm: Use Clock input instead of system_clock_scale
hw/arm/stellaris: Split stellaris-gptm into its own file
hw/arm/stellaris: Fix code style issues in GPTM code
hw/timer/armv7m_systick: Use clock inputs instead of system_clock_scale
hw/arm/msf2-soc: Wire up refclk
hw/arm/msf2: Use Clock input to MSF2_SOC instead of m3clk property
hw/arm/msf2_soc: Don't allocate separate MemoryRegions
hw/arm/stellaris: Wire sysclk up to armv7m
hw/arm/stellaris: split stellaris_sys_init()
hw/arm/nrf51: Wire up sysclk
hw/arm/stm32vldiscovery: Delete trailing blank line
hw/arm/stm32f405: Wire up sysclk and refclk
hw/arm/stm32f205: Wire up sysclk and refclk
hw/arm/stm32f100: Wire up sysclk and refclk
hw/arm: Don't allocate separate MemoryRegions in stm32 SoC realize
clock: Provide builtin multiplier/divider
hw/arm/mps2.c: Connect up armv7m clocks
armsse: Wire up systick cpuclk clock
hw/arm/armv7m: Create input clocks
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
The timeout mechanism won't work if SIGALRM is blocked. This changes
unmasks SIGALRM when the timer is installed. This doesn't completely
solve the problem, as the fuzzer could trigger some device activity that
re-masks SIGALRM. However, there are currently no inputs on OSS-Fuzz
that re-mask SIGALRM and timeout. If that turns out to be a real issue,
we could try to hook sigmask-type calls, or use a separate timer thread.
Based-on: <20210713150037.9297-1-alxndr@bu.edu>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
|
|
Using ITIMER_VIRTUAL is a bad idea, if the fuzzer hits a blocking
syscall - e.g. ppoll with a NULL timespec. This causes timeout issues
while fuzzing some block-device code. Fix that by using wall-clock time.
This might cause inputs to timeout sometimes due to scheduling
effects/ambient load, but it is better than bringing the entire fuzzing
process to a halt.
Based-on: <20210713150037.9297-1-alxndr@bu.edu>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
|
|
We have some configs for devices such as the AC97 and ES1370 that were
not matching memory-regions correctly, because the configs provided
lowercase names. To resolve these problems and prevent them from
occurring again in the future, convert both the pattern and names to
lower-case, prior to checking for a match.
Suggested-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
|
|
Using a custom timeout is useful to continue fuzzing complex devices,
even after we run into some slow code-path. However, simply adding a
fixed timeout to each input effectively caps the maximum input
length/number of operations at some artificial value. There are two
major problems with this:
1. Some code might only be reachable through long IO sequences.
2. Longer inputs can actually be _better_ for performance. While the
raw number of fuzzer executions decreases with larger inputs, the
number of MMIO/PIO/DMA operation/second actually increases, since
were are speding proportionately less time fork()ing.
With this change, we keep the custom-timeout, but we renew it, prior to
each MMIO/PIO/DMA operation. Thus, we time-out only when a specific
operation takes a long time.
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
|
|
The code mistakenly relied on address_space_translate to store the
length remaining until the next memory-region. We care about this
because when there is RAM or sparse-memory neighboring on an MMIO
region, we should only write up to the border, to prevent inadvertently
invoking MMIO handlers within the DMA callback.
However address_space_translate_internal only stores the length until
the end of the MemoryRegion if memory_region_is_ram(mr). Otherwise
the *len is left unmodified. This caused some false-positive issues,
where the fuzzer found a way to perform a nested MMIO write through a
DMA callback on an [address, length] that started within sparse memory
and spanned some device MMIO regions.
To fix this, write to sparse memory in small chunks of
memory_access_size (similar to the underlying address_space_write code),
which will prevent accidentally hitting MMIO handlers through large
writes.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
Add tests that the A64FX CPU model exposes the expected features.
Signed-off-by: Shuuichirou Ishii <ishii.shuuichir@fujitsu.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
[PMM: added commit message body]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Commit 155e1c82ed0 deprecated the raspi2/raspi3 machine names.
Use the recommended new names: raspi2b and raspi3b.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Willian Rampazzo <willianr@redhat.com>
Message-id: 20210827060815.2384760-2-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
The TCPA.tis.tpm12 file contains the following:
[000h 0000 4] Signature : "TCPA" [Trusted Computing Platform Alliance table]
[004h 0004 4] Table Length : 00000032
[008h 0008 1] Revision : 02
[009h 0009 1] Checksum : 32
[00Ah 0010 6] Oem ID : "BOCHS "
[010h 0016 8] Oem Table ID : "BXPC "
[018h 0024 4] Oem Revision : 00000001
[01Ch 0028 4] Asl Compiler ID : "BXPC"
[020h 0032 4] Asl Compiler Revision : 00000001
[024h 0036 2] Platform Class : 0000
[026h 0038 4] Min Event Log Length : 00010000
[02Ah 0042 8] Event Log Address : 0000000007FF0000
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20210802215246.1433175-11-stefanb@linux.ibm.com
|
|
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20210802215246.1433175-10-stefanb@linux.ibm.com
|
|
Use QMP to check whether a given TPM device model is available and if it
is not the case then do not register the tests that require it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20210802215246.1433175-9-stefanb@linux.ibm.com
|
|
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20210802215246.1433175-8-stefanb@linux.ibm.com
|
|
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20210802215246.1433175-7-stefanb@linux.ibm.com
|
|
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20210802215246.1433175-6-stefanb@linux.ibm.com
|
|
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20210802215246.1433175-5-stefanb@linux.ibm.com
|
|
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20210802215246.1433175-4-stefanb@linux.ibm.com
|
|
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20210802215246.1433175-3-stefanb@linux.ibm.com
|
|
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20210802215246.1433175-2-stefanb@linux.ibm.com
|
|
xlnx_dp_read allows an out-of-bounds read at its default branch because
of an improper index.
According to
https://www.xilinx.com/html_docs/registers/ug1087/ug1087-zynq-ultrascale-registers.html
(DP Module), registers 0x3A4/0x3A4/0x3AC are allowed.
DP_INT_MASK 0x000003A4 32 mixed 0xFFFFF03F Interrupt Mask Register for intrN.
DP_INT_EN 0x000003A8 32 mixed 0x00000000 Interrupt Enable Register.
DP_INT_DS 0x000003AC 32 mixed 0x00000000 Interrupt Disable Register.
In xlnx_dp_write, when the offset is 0x3A8 and 0x3AC, the virtual device
will write s->core_registers[0x3A4
>> 2]. That is to say, the maxize of s->core_registers could be ((0x3A4
>> 2) + 1). However, the current size of s->core_registers is (0x3AF >>
>> 2), that is ((0x3A4 >> 2) + 2), which is out of the range.
In xlxn_dp_read, the access to offset 0x3A8 or 0x3AC will be directed to
the offset 0x3A8 (incorrect functionality) or 0x3AC (out-of-bounds read)
rather than 0x3A4.
This patch enforces the read access to offset 0x3A8 and 0x3AC to 0x3A4,
but does not adjust the size of s->core_registers to avoid breaking
migration.
Fixes: 58ac482a66de ("introduce xlnx-dp")
Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <1628059910-12060-1-git-send-email-cyruscyliu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Zero-initialize the sockaddr_in struct that we're about to fill in
and pass to bind(), to ensure we don't leave possible
implementation-defined extension fields as uninitialized garbage.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Corey Minyard <cminyard@mvista.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-id: 20210813150506.7768-4-peter.maydell@linaro.org
|
