[PULL 0/9] target/hppa patch queue

[PULL 0/9] target/hppa patch queue

[Richard Henderson]

The following changes since commit 6c599282f8ab382fe59f03a6cae755b89561a7b3:

  Merge remote-tracking branch 'remotes/armbru/tags/pull-monitor-2020-02-15-v2' into staging (2020-02-17 13:32:25 +0000)

are available in the Git repository at:

  https://github.com/rth7680/qemu.git tags/pull-pa-20200218

for you to fetch changes up to 90e94c0591687f7f788fc40ac86b5583f30d9513:

  hw/hppa/dino: Do not accept accesses to registers 0x818 and 0x82c (2020-02-18 11:22:10 -0800)

----------------------------------------------------------------
Fixes for Dino and Artist.

----------------------------------------------------------------
Philippe Mathieu-Daudé (9):
      hw/display/artist: Move trace event to draw_line()
      hw/display/artist: Remove pointless initialization
      hw/display/artist: Delay some variables initialization
      hw/display/artist: Avoid drawing line when nothing to display
      hw/display/artist: Remove dead code (CID 1419388 & 1419389)
      hw/hppa/dino: Add comments with register name
      hw/hppa/dino: Fix reg800_keep_bits overrun (CID 1419387 1419393 1419394)
      hw/hppa/dino: Fix bitmask for the PCIROR register
      hw/hppa/dino: Do not accept accesses to registers 0x818 and 0x82c

 hw/display/artist.c | 29 +++++++++--------------------
 hw/hppa/dino.c      | 31 +++++++++++++++++--------------
 2 files changed, 26 insertions(+), 34 deletions(-)

[PULL 1/9] hw/display/artist: Move trace event to draw_line()

[Richard Henderson]

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

Instead of emitting the trace event before each call to
draw_line(), call it once at draw_line() entrance.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Sven Schnelle <svens@stackframe.org>
Message-Id: <20200214001303.12873-2-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 hw/display/artist.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/hw/display/artist.c b/hw/display/artist.c
index 65be9e3554..abacb0e27d 100644
--- a/hw/display/artist.c
+++ b/hw/display/artist.c
@@ -563,6 +563,7 @@ static void draw_line(ARTISTState *s, int x1, int y1, int x2, int y2,
     bool c1;
     uint8_t *p;
 
+    trace_artist_draw_line(x1, y1, x2, y2);
 
     if (update_start) {
         s->vram_start = (x2 << 16) | y2;
@@ -654,7 +655,6 @@ static void draw_line_pattern_start(ARTISTState *s)
     int endy = artist_get_y(s->blockmove_size);
     int pstart = s->line_pattern_start >> 16;
 
-    trace_artist_draw_line(startx, starty, endx, endy);
     draw_line(s, startx, starty, endx, endy, false, -1, pstart);
     s->line_pattern_skip = pstart;
 }
@@ -668,7 +668,6 @@ static void draw_line_pattern_next(ARTISTState *s)
     int endy = artist_get_y(s->blockmove_size);
     int line_xy = s->line_xy >> 16;
 
-    trace_artist_draw_line(startx, starty, endx, endy);
     draw_line(s, startx, starty, endx, endy, false, s->line_pattern_skip,
               s->line_pattern_skip + line_xy);
     s->line_pattern_skip += line_xy;
@@ -683,7 +682,6 @@ static void draw_line_size(ARTISTState *s, bool update_start)
     int endx = artist_get_x(s->line_size);
     int endy = artist_get_y(s->line_size);
 
-    trace_artist_draw_line(startx, starty, endx, endy);
     draw_line(s, startx, starty, endx, endy, update_start, -1, -1);
 }
 
@@ -743,7 +741,6 @@ static void draw_line_xy(ARTISTState *s, bool update_start)
         return;
     }
 
-    trace_artist_draw_line(startx, starty, endx, endy);
     draw_line(s, startx, starty, endx, endy, false, -1, -1);
 }
 
@@ -755,7 +752,6 @@ static void draw_line_end(ARTISTState *s, bool update_start)
     int endx = artist_get_x(s->line_end);
     int endy = artist_get_y(s->line_end);
 
-    trace_artist_draw_line(startx, starty, endx, endy);
     draw_line(s, startx, starty, endx, endy, update_start, -1, -1);
 }
 
-- 
2.20.1

[PULL 2/9] hw/display/artist: Remove pointless initialization

[Richard Henderson]

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

We are initializating incy inconditionally:

    if (y1 <= y2) {
        incy = 1;
    } else {
        incy = -1;
    }

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Sven Schnelle <svens@stackframe.org>
Message-Id: <20200214001303.12873-3-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 hw/display/artist.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/display/artist.c b/hw/display/artist.c
index abacb0e27d..47f0e9f0bc 100644
--- a/hw/display/artist.c
+++ b/hw/display/artist.c
@@ -572,7 +572,6 @@ static void draw_line(ARTISTState *s, int x1, int y1, int x2, int y2,
     buf = &s->vram_buffer[ARTIST_BUFFER_AP];
 
     c1 = false;
-    incy = 1;
 
     if (x2 > x1) {
         dx = x2 - x1;
-- 
2.20.1

[PULL 3/9] hw/display/artist: Delay some variables initialization

[Richard Henderson]

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

We want to have an early exit path. Delay some initializations
before the variables are used.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Sven Schnelle <svens@stackframe.org>
Message-Id: <20200214001303.12873-4-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 hw/display/artist.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/display/artist.c b/hw/display/artist.c
index 47f0e9f0bc..97c811b35e 100644
--- a/hw/display/artist.c
+++ b/hw/display/artist.c
@@ -558,7 +558,7 @@ static void draw_line(ARTISTState *s, int x1, int y1, int x2, int y2,
                       bool update_start, int skip_pix, int max_pix)
 {
     struct vram_buffer *buf;
-    uint8_t color = artist_get_color(s);
+    uint8_t color;
     int dx, dy, t, e, x, y, incy, diago, horiz;
     bool c1;
     uint8_t *p;
@@ -569,10 +569,6 @@ static void draw_line(ARTISTState *s, int x1, int y1, int x2, int y2,
         s->vram_start = (x2 << 16) | y2;
     }
 
-    buf = &s->vram_buffer[ARTIST_BUFFER_AP];
-
-    c1 = false;
-
     if (x2 > x1) {
         dx = x2 - x1;
     } else {
@@ -583,6 +579,8 @@ static void draw_line(ARTISTState *s, int x1, int y1, int x2, int y2,
     } else {
         dy = y1 - y2;
     }
+
+    c1 = false;
     if (dy > dx) {
         t = y2;
         y2 = x2;
@@ -620,6 +618,8 @@ static void draw_line(ARTISTState *s, int x1, int y1, int x2, int y2,
     }
     x = x1;
     y = y1;
+    color = artist_get_color(s);
+    buf = &s->vram_buffer[ARTIST_BUFFER_AP];
 
     do {
         if (c1) {
-- 
2.20.1

[PULL 4/9] hw/display/artist: Avoid drawing line when nothing to display

[Richard Henderson]

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200214001303.12873-5-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 hw/display/artist.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hw/display/artist.c b/hw/display/artist.c
index 97c811b35e..5492079116 100644
--- a/hw/display/artist.c
+++ b/hw/display/artist.c
@@ -579,6 +579,9 @@ static void draw_line(ARTISTState *s, int x1, int y1, int x2, int y2,
     } else {
         dy = y1 - y2;
     }
+    if (!dx || !dy) {
+        return;
+    }
 
     c1 = false;
     if (dy > dx) {
-- 
2.20.1

[PULL 5/9] hw/display/artist: Remove dead code (CID 1419388 & 1419389)

[Richard Henderson]

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

Coverity reports:

  *** CID 1419388:  Control flow issues  (DEADCODE)
  /hw/display/artist.c: 739 in draw_line_xy()
  733         if (endy < 0) {
  734             endy = 0;
  735         }
  736
  737
  738         if (endx < 0) {
  >>>     CID 1419388:  Control flow issues  (DEADCODE)
  >>>     Execution cannot reach this statement: "return;".
  739             return;
  740         }
  741
  742         if (endy < 0) {
  743             return;
  744         }

  *** CID 1419389:  Control flow issues  (DEADCODE)
  /hw/display/artist.c: 743 in draw_line_xy()
  737
  738         if (endx < 0) {
  739             return;
  740         }
  741
  742         if (endy < 0) {
  >>>     CID 1419389:  Control flow issues  (DEADCODE)
  >>>     Execution cannot reach this statement: "return;".
  743             return;
  744         }
  745
  746         trace_artist_draw_line(startx, starty, endx, endy);
  747         draw_line(s, startx, starty, endx, endy, false, -1, -1);
  748     }

Fixes: Covertiy CID 1419388 and 1419389 (commit 4765384ce33)
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Sven Schnelle <svens@stackframe.org>
Message-Id: <20200214001303.12873-6-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 hw/display/artist.c | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/hw/display/artist.c b/hw/display/artist.c
index 5492079116..753dbb9a77 100644
--- a/hw/display/artist.c
+++ b/hw/display/artist.c
@@ -734,15 +734,6 @@ static void draw_line_xy(ARTISTState *s, bool update_start)
         endy = 0;
     }
 
-
-    if (endx < 0) {
-        return;
-    }
-
-    if (endy < 0) {
-        return;
-    }
-
     draw_line(s, startx, starty, endx, endy, false, -1, -1);
 }
 
-- 
2.20.1

[PULL 6/9] hw/hppa/dino: Add comments with register name

[Richard Henderson]

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

Add a comment with the name of each register in the 0x800-0x8ff range.

Acked-by: Helge Deller <deller@gmx.de>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200218063355.18577-2-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 hw/hppa/dino.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c
index 9797a7f0d9..c237ad3b1b 100644
--- a/hw/hppa/dino.c
+++ b/hw/hppa/dino.c
@@ -85,18 +85,18 @@
 
 #define DINO800_REGS ((DINO_TLTIM - DINO_GMASK) / 4)
 static const uint32_t reg800_keep_bits[DINO800_REGS] = {
-            MAKE_64BIT_MASK(0, 1),
-            MAKE_64BIT_MASK(0, 7),
-            MAKE_64BIT_MASK(0, 7),
-            MAKE_64BIT_MASK(0, 8),
-            MAKE_64BIT_MASK(0, 7),
-            MAKE_64BIT_MASK(0, 9),
-            MAKE_64BIT_MASK(0, 32),
-            MAKE_64BIT_MASK(0, 8),
-            MAKE_64BIT_MASK(0, 30),
-            MAKE_64BIT_MASK(0, 25),
-            MAKE_64BIT_MASK(0, 22),
-            MAKE_64BIT_MASK(0, 9),
+    MAKE_64BIT_MASK(0, 1),  /* GMASK */
+    MAKE_64BIT_MASK(0, 7),  /* PAMR */
+    MAKE_64BIT_MASK(0, 7),  /* PAPR */
+    MAKE_64BIT_MASK(0, 8),  /* DAMODE */
+    MAKE_64BIT_MASK(0, 7),  /* PCICMD */
+    MAKE_64BIT_MASK(0, 9),  /* PCISTS */
+    MAKE_64BIT_MASK(0, 32), /* Undefined */
+    MAKE_64BIT_MASK(0, 8),  /* MLTIM */
+    MAKE_64BIT_MASK(0, 30), /* BRDG_FEAT */
+    MAKE_64BIT_MASK(0, 25), /* PCIROR */
+    MAKE_64BIT_MASK(0, 22), /* PCIWOR */
+    MAKE_64BIT_MASK(0, 9),  /* TLTIM */
 };
 
 typedef struct DinoState {
-- 
2.20.1

[PULL 7/9] hw/hppa/dino: Fix reg800_keep_bits overrun (CID 1419387 1419393 1419394)

[Richard Henderson]

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

Coverity reports:

  *** CID 1419387:  Memory - illegal accesses  (OVERRUN)
  /hw/hppa/dino.c: 267 in dino_chip_read_with_attrs()
  261             val = s->ilr & s->imr & s->icr;
  262             break;
  263         case DINO_TOC_ADDR:
  264             val = s->toc_addr;
  265             break;
  266         case DINO_GMASK ... DINO_TLTIM:
  >>>     CID 1419387:  Memory - illegal accesses  (OVERRUN)
  >>>     Overrunning array "s->reg800" of 12 4-byte elements at element index 12 (byte offset 48) using index "(addr - 2048UL) / 4UL" (which evaluates to 12).
  267             val = s->reg800[(addr - DINO_GMASK) / 4];
  268             if (addr == DINO_PAMR) {
  269                 val &= ~0x01;  /* LSB is hardwired to 0 */
  270             }
  271             if (addr == DINO_MLTIM) {
  272                 val &= ~0x07;  /* 3 LSB are hardwired to 0 */

  *** CID 1419393:  Memory - corruptions  (OVERRUN)
  /hw/hppa/dino.c: 363 in dino_chip_write_with_attrs()
  357             /* These registers are read-only.  */
  358             break;
  359
  360         case DINO_GMASK ... DINO_TLTIM:
  361             i = (addr - DINO_GMASK) / 4;
  362             val &= reg800_keep_bits[i];
  >>>     CID 1419393:  Memory - corruptions  (OVERRUN)
  >>>     Overrunning array "s->reg800" of 12 4-byte elements at element index 12 (byte offset 48) using index "i" (which evaluates to 12).
  363             s->reg800[i] = val;
  364             break;
  365
  366         default:
  367             /* Controlled by dino_chip_mem_valid above.  */
  368             g_assert_not_reached();

  *** CID 1419394:  Memory - illegal accesses  (OVERRUN)
  /hw/hppa/dino.c: 362 in dino_chip_write_with_attrs()
  356         case DINO_IRR1:
  357             /* These registers are read-only.  */
  358             break;
  359
  360         case DINO_GMASK ... DINO_TLTIM:
  361             i = (addr - DINO_GMASK) / 4;
  >>>     CID 1419394:  Memory - illegal accesses  (OVERRUN)
  >>>     Overrunning array "reg800_keep_bits" of 12 4-byte elements at element index 12 (byte offset 48) using index "i" (which evaluates to 12).
  362             val &= reg800_keep_bits[i];
  363             s->reg800[i] = val;
  364             break;
  365
  366         default:
  367             /* Controlled by dino_chip_mem_valid above.  */

Indeed the array should contain 13 entries, the undocumented
register 0x82c is missing. Fix by increasing the array size
and adding the missing register.

CID 1419387 can be verified with:

  $ echo x 0xfff80830 | hppa-softmmu/qemu-system-hppa -S -monitor stdio -display none
  QEMU 4.2.50 monitor - type 'help' for more information
  (qemu) x 0xfff80830
  qemu/hw/hppa/dino.c:267:15: runtime error: index 12 out of bounds for type 'uint32_t [12]'
  SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/phil/source/qemu/hw/hppa/dino.c:267:15 in
  00000000fff80830: 0x00000000

and CID 1419393/1419394 with:

  $ echo writeb 0xfff80830 0x69 \
    | hppa-softmmu/qemu-system-hppa -S -accel qtest -qtest stdio -display none
  [I 1581634452.654113] OPENED
  [R +4.105415] writeb 0xfff80830 0x69
  qemu/hw/hppa/dino.c:362:16: runtime error: index 12 out of bounds for type 'const uint32_t [12]'
  SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior qemu/hw/hppa/dino.c:362:16 in
  =================================================================
  ==29607==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5577dae32f30 at pc 0x5577d93f2463 bp 0x7ffd97ea11b0 sp 0x7ffd97ea11a8
  READ of size 4 at 0x5577dae32f30 thread T0
      #0 0x5577d93f2462 in dino_chip_write_with_attrs qemu/hw/hppa/dino.c:362:16
      #1 0x5577d9025664 in memory_region_write_with_attrs_accessor qemu/memory.c:503:12
      #2 0x5577d9024920 in access_with_adjusted_size qemu/memory.c:539:18
      #3 0x5577d9023608 in memory_region_dispatch_write qemu/memory.c:1482:13
      #4 0x5577d8e3177a in flatview_write_continue qemu/exec.c:3166:23
      #5 0x5577d8e20357 in flatview_write qemu/exec.c:3206:14
      #6 0x5577d8e1fef4 in address_space_write qemu/exec.c:3296:18
      #7 0x5577d8e20693 in address_space_rw qemu/exec.c:3306:16
      #8 0x5577d9011595 in qtest_process_command qemu/qtest.c:432:13
      #9 0x5577d900d19f in qtest_process_inbuf qemu/qtest.c:705:9
      #10 0x5577d900ca22 in qtest_read qemu/qtest.c:717:5
      #11 0x5577da8c4254 in qemu_chr_be_write_impl qemu/chardev/char.c:183:9
      #12 0x5577da8c430c in qemu_chr_be_write qemu/chardev/char.c:195:9
      #13 0x5577da8cf587 in fd_chr_read qemu/chardev/char-fd.c:68:9
      #14 0x5577da9836cd in qio_channel_fd_source_dispatch qemu/io/channel-watch.c:84:12
      #15 0x7faf44509ecc in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x4fecc)
      #16 0x5577dab75f96 in glib_pollfds_poll qemu/util/main-loop.c:219:9
      #17 0x5577dab74797 in os_host_main_loop_wait qemu/util/main-loop.c:242:5
      #18 0x5577dab7435a in main_loop_wait qemu/util/main-loop.c:518:11
      #19 0x5577d9514eb3 in main_loop qemu/vl.c:1682:9
      #20 0x5577d950699d in main qemu/vl.c:4450:5
      #21 0x7faf41a87f42 in __libc_start_main (/lib64/libc.so.6+0x23f42)
      #22 0x5577d8cd4d4d in _start (qemu/build/sanitizer/hppa-softmmu/qemu-system-hppa+0x1256d4d)

  0x5577dae32f30 is located 0 bytes to the right of global variable 'reg800_keep_bits' defined in 'qemu/hw/hppa/dino.c:87:23' (0x5577dae32f00) of size 48
  SUMMARY: AddressSanitizer: global-buffer-overflow qemu/hw/hppa/dino.c:362:16 in dino_chip_write_with_attrs
  Shadow bytes around the buggy address:
    0x0aaf7b5be590: 00 f9 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9
    0x0aaf7b5be5a0: 07 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9
    0x0aaf7b5be5b0: 07 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
    0x0aaf7b5be5c0: 00 00 00 02 f9 f9 f9 f9 00 00 00 00 00 00 00 00
    0x0aaf7b5be5d0: 00 00 00 00 00 00 00 00 00 00 00 03 f9 f9 f9 f9
  =>0x0aaf7b5be5e0: 00 00 00 00 00 00[f9]f9 f9 f9 f9 f9 00 00 00 00
    0x0aaf7b5be5f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    0x0aaf7b5be600: 00 00 01 f9 f9 f9 f9 f9 00 00 00 00 07 f9 f9 f9
    0x0aaf7b5be610: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
    0x0aaf7b5be620: 00 00 00 05 f9 f9 f9 f9 00 00 00 00 07 f9 f9 f9
    0x0aaf7b5be630: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 07 f9 f9 f9
  Shadow byte legend (one shadow byte represents 8 application bytes):
    Addressable:           00
    Partially addressable: 01 02 03 04 05 06 07
    Heap left redzone:       fa
    Freed heap region:       fd
    Stack left redzone:      f1
    Stack mid redzone:       f2
    Stack right redzone:     f3
    Stack after return:      f5
    Stack use after scope:   f8
    Global redzone:          f9
    Global init order:       f6
    Poisoned by user:        f7
    Container overflow:      fc
    Array cookie:            ac
    Intra object redzone:    bb
    ASan internal:           fe
    Left alloca redzone:     ca
    Right alloca redzone:    cb
    Shadow gap:              cc
  ==29607==ABORTING

Fixes: Covertiy CID 1419387 / 1419393 / 1419394 (commit 18092598a5)
Acked-by: Helge Deller <deller@gmx.de>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200218063355.18577-3-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 hw/hppa/dino.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c
index c237ad3b1b..8868e31793 100644
--- a/hw/hppa/dino.c
+++ b/hw/hppa/dino.c
@@ -83,7 +83,7 @@
 #define DINO_PCI_HOST_BRIDGE(obj) \
     OBJECT_CHECK(DinoState, (obj), TYPE_DINO_PCI_HOST_BRIDGE)
 
-#define DINO800_REGS ((DINO_TLTIM - DINO_GMASK) / 4)
+#define DINO800_REGS (1 + (DINO_TLTIM - DINO_GMASK) / 4)
 static const uint32_t reg800_keep_bits[DINO800_REGS] = {
     MAKE_64BIT_MASK(0, 1),  /* GMASK */
     MAKE_64BIT_MASK(0, 7),  /* PAMR */
@@ -96,6 +96,7 @@ static const uint32_t reg800_keep_bits[DINO800_REGS] = {
     MAKE_64BIT_MASK(0, 30), /* BRDG_FEAT */
     MAKE_64BIT_MASK(0, 25), /* PCIROR */
     MAKE_64BIT_MASK(0, 22), /* PCIWOR */
+    MAKE_64BIT_MASK(0, 32), /* Undocumented */
     MAKE_64BIT_MASK(0, 9),  /* TLTIM */
 };
 
-- 
2.20.1

[PULL 8/9] hw/hppa/dino: Fix bitmask for the PCIROR register

[Richard Henderson]

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

Only 24 bits of the PCIROR register are documented
(see pp. 37 of datasheet referenced in this file header).

Acked-by: Helge Deller <deller@gmx.de>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200218063355.18577-4-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 hw/hppa/dino.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c
index 8868e31793..be799aad43 100644
--- a/hw/hppa/dino.c
+++ b/hw/hppa/dino.c
@@ -94,7 +94,7 @@ static const uint32_t reg800_keep_bits[DINO800_REGS] = {
     MAKE_64BIT_MASK(0, 32), /* Undefined */
     MAKE_64BIT_MASK(0, 8),  /* MLTIM */
     MAKE_64BIT_MASK(0, 30), /* BRDG_FEAT */
-    MAKE_64BIT_MASK(0, 25), /* PCIROR */
+    MAKE_64BIT_MASK(0, 24), /* PCIROR */
     MAKE_64BIT_MASK(0, 22), /* PCIWOR */
     MAKE_64BIT_MASK(0, 32), /* Undocumented */
     MAKE_64BIT_MASK(0, 9),  /* TLTIM */
-- 
2.20.1

[PULL 9/9] hw/hppa/dino: Do not accept accesses to registers 0x818 and 0x82c

[Richard Henderson]

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

Register 0x818 is documented as 'undefined', and register
0x82c is not documented. Refuse their access.

Acked-by: Helge Deller <deller@gmx.de>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200218063355.18577-5-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 hw/hppa/dino.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c
index be799aad43..2b1b38c58a 100644
--- a/hw/hppa/dino.c
+++ b/hw/hppa/dino.c
@@ -181,7 +181,9 @@ static bool dino_chip_mem_valid(void *opaque, hwaddr addr,
     case DINO_IO_ADDR_EN:
     case DINO_PCI_IO_DATA:
     case DINO_TOC_ADDR:
-    case DINO_GMASK ... DINO_TLTIM:
+    case DINO_GMASK ... DINO_PCISTS:
+    case DINO_MLTIM ... DINO_PCIWOR:
+    case DINO_TLTIM:
         ret = true;
         break;
     case DINO_PCI_IO_DATA + 2:
-- 
2.20.1

Re: [PULL 0/9] target/hppa patch queue

[Peter Maydell]

On Tue, 18 Feb 2020 at 19:39, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> The following changes since commit 6c599282f8ab382fe59f03a6cae755b89561a7b3:
>
>   Merge remote-tracking branch 'remotes/armbru/tags/pull-monitor-2020-02-15-v2' into staging (2020-02-17 13:32:25 +0000)
>
> are available in the Git repository at:
>
>   https://github.com/rth7680/qemu.git tags/pull-pa-20200218
>
> for you to fetch changes up to 90e94c0591687f7f788fc40ac86b5583f30d9513:
>
>   hw/hppa/dino: Do not accept accesses to registers 0x818 and 0x82c (2020-02-18 11:22:10 -0800)
>
> ----------------------------------------------------------------
> Fixes for Dino and Artist.
>



Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.0
for any user-visible changes.

-- PMM

Re: [PULL 4/9] hw/display/artist: Avoid drawing line when nothing to display

[Sven Schnelle]

On Tue, Feb 18, 2020 at 11:39:24AM -0800, Richard Henderson wrote:
> From: Philippe Mathieu-Daudé <f4bug@amsat.org>
> 
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> Message-Id: <20200214001303.12873-5-f4bug@amsat.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>  hw/display/artist.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/hw/display/artist.c b/hw/display/artist.c
> index 97c811b35e..5492079116 100644
> --- a/hw/display/artist.c
> +++ b/hw/display/artist.c
> @@ -579,6 +579,9 @@ static void draw_line(ARTISTState *s, int x1, int y1, int x2, int y2,
>      } else {
>          dy = y1 - y2;
>      }
> +    if (!dx || !dy) {
> +        return;
> +    }
>  
>      c1 = false;
>      if (dy > dx) {
> -- 
> 2.20.1
> 
> 

I noticed that this change causes 1px wide lines to disappear. So i would propose
to revert that change.

Regards
Sven

Re: [PULL 4/9] hw/display/artist: Avoid drawing line when nothing to display

[Philippe Mathieu-Daudé]

On 2/29/20 10:31 AM, Sven Schnelle wrote:
> On Tue, Feb 18, 2020 at 11:39:24AM -0800, Richard Henderson wrote:
>> From: Philippe Mathieu-Daudé <f4bug@amsat.org>
>>
>> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
>> Message-Id: <20200214001303.12873-5-f4bug@amsat.org>
>> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
>> ---
>>   hw/display/artist.c | 3 +++
>>   1 file changed, 3 insertions(+)
>>
>> diff --git a/hw/display/artist.c b/hw/display/artist.c
>> index 97c811b35e..5492079116 100644
>> --- a/hw/display/artist.c
>> +++ b/hw/display/artist.c
>> @@ -579,6 +579,9 @@ static void draw_line(ARTISTState *s, int x1, int y1, int x2, int y2,
>>       } else {
>>           dy = y1 - y2;
>>       }
>> +    if (!dx || !dy) {
>> +        return;
>> +    }
>>   
>>       c1 = false;
>>       if (dy > dx) {
>> -- 
>> 2.20.1
>>
>>
> 
> I noticed that this change causes 1px wide lines to disappear. So i would propose
> to revert that change.

Maybe "if (!dx && !dy) { return; }"?

> 
> Regards
> Sven
>