* [PULL 0/8] target-arm queue
@ 2023-03-21 13:20 Peter Maydell
2023-03-21 13:20 ` [PULL 1/8] target/arm: Add Neoverse-N1 registers Peter Maydell
` (8 more replies)
0 siblings, 9 replies; 14+ messages in thread
From: Peter Maydell @ 2023-03-21 13:20 UTC (permalink / raw)
To: qemu-devel
The following changes since commit aa9e7fa4689d1becb2faf67f65aafcbcf664f1ce:
Merge tag 'edk2-stable202302-20230320-pull-request' of https://gitlab.com/kraxel/qemu into staging (2023-03-20 13:43:35 +0000)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230321
for you to fetch changes up to 5787d17a42f7af4bd117e5d6bfa54b1fdf93c255:
target/arm: Don't advertise aarch64-pauth.xml to gdb (2023-03-21 13:19:08 +0000)
----------------------------------------------------------------
target-arm queue:
* contrib/elf2dmp: Support Windows Server 2022
* hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settings
* target/arm: Add Neoverse-N1 IMPDEF registers
* hw/usb/imx: Fix out of bounds access in imx_usbphy_read()
* docs/system/arm/cpu-features.rst: Fix formatting
* target/arm: Don't advertise aarch64-pauth.xml to gdb
----------------------------------------------------------------
Chen Baozi (1):
target/arm: Add Neoverse-N1 registers
Guenter Roeck (1):
hw/usb/imx: Fix out of bounds access in imx_usbphy_read()
Peter Maydell (3):
hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settings
docs/system/arm/cpu-features.rst: Fix formatting
target/arm: Don't advertise aarch64-pauth.xml to gdb
Viktor Prutyanov (3):
contrib/elf2dmp: fix code style
contrib/elf2dmp: move PE dir search to pe_get_data_dir_entry
contrib/elf2dmp: add PE name check and Windows Server 2022 support
docs/system/arm/cpu-features.rst | 68 ++++++++++-------------
contrib/elf2dmp/pe.h | 115 ++++++++++++++++++++++-----------------
contrib/elf2dmp/addrspace.c | 1 +
contrib/elf2dmp/main.c | 108 ++++++++++++++++++++++++------------
hw/char/cadence_uart.c | 6 +-
hw/usb/imx-usb-phy.c | 19 ++++++-
target/arm/cpu64.c | 69 +++++++++++++++++++++++
target/arm/gdbstub.c | 7 +++
8 files changed, 267 insertions(+), 126 deletions(-)
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PULL 1/8] target/arm: Add Neoverse-N1 registers
2023-03-21 13:20 [PULL 0/8] target-arm queue Peter Maydell
@ 2023-03-21 13:20 ` Peter Maydell
2023-03-21 13:20 ` [PULL 2/8] hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settings Peter Maydell
` (7 subsequent siblings)
8 siblings, 0 replies; 14+ messages in thread
From: Peter Maydell @ 2023-03-21 13:20 UTC (permalink / raw)
To: qemu-devel
From: Chen Baozi <chenbaozi@phytium.com.cn>
Add implementation defined registers for neoverse-n1 which
would be accessed by TF-A. Since there is no DSU in Qemu,
CPUCFR_EL1.SCU bit is set to 1 to avoid DSU registers definition.
Signed-off-by: Chen Baozi <chenbaozi@phytium.com.cn>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Message-id: 20230313033936.585669-1-chenbaozi@phytium.com.cn
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/cpu64.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 69 insertions(+)
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 4066950da15..0fb07cc7b6d 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -21,6 +21,7 @@
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "cpu.h"
+#include "cpregs.h"
#include "qemu/module.h"
#include "sysemu/kvm.h"
#include "sysemu/hvf.h"
@@ -1027,6 +1028,72 @@ static void aarch64_a64fx_initfn(Object *obj)
/* TODO: Add A64FX specific HPC extension registers */
}
+static const ARMCPRegInfo neoverse_n1_cp_reginfo[] = {
+ { .name = "ATCR_EL1", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 7, .opc2 = 0,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "ATCR_EL2", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 4, .crn = 15, .crm = 7, .opc2 = 0,
+ .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "ATCR_EL3", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 7, .opc2 = 0,
+ .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "ATCR_EL12", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 5, .crn = 15, .crm = 7, .opc2 = 0,
+ .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "AVTCR_EL2", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 4, .crn = 15, .crm = 7, .opc2 = 1,
+ .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "CPUACTLR_EL1", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 0,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "CPUACTLR2_EL1", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 1,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "CPUACTLR3_EL1", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 2,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ /*
+ * Report CPUCFR_EL1.SCU as 1, as we do not implement the DSU
+ * (and in particular its system registers).
+ */
+ { .name = "CPUCFR_EL1", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 0, .opc2 = 0,
+ .access = PL1_R, .type = ARM_CP_CONST, .resetvalue = 4 },
+ { .name = "CPUECTLR_EL1", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 1, .opc2 = 4,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0x961563010 },
+ { .name = "CPUPCR_EL3", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 1,
+ .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "CPUPMR_EL3", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 3,
+ .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "CPUPOR_EL3", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 2,
+ .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "CPUPSELR_EL3", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 6, .crn = 15, .crm = 8, .opc2 = 0,
+ .access = PL3_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "CPUPWRCTLR_EL1", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 7,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "ERXPFGCDN_EL1", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 2,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "ERXPFGCTL_EL1", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 1,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ { .name = "ERXPFGF_EL1", .state = ARM_CP_STATE_AA64,
+ .opc0 = 3, .opc1 = 0, .crn = 15, .crm = 2, .opc2 = 0,
+ .access = PL1_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+};
+
+static void define_neoverse_n1_cp_reginfo(ARMCPU *cpu)
+{
+ define_arm_cp_regs(cpu, neoverse_n1_cp_reginfo);
+}
+
static void aarch64_neoverse_n1_initfn(Object *obj)
{
ARMCPU *cpu = ARM_CPU(obj);
@@ -1094,6 +1161,8 @@ static void aarch64_neoverse_n1_initfn(Object *obj)
/* From D5.1 AArch64 PMU register summary */
cpu->isar.reset_pmcr_el0 = 0x410c3000;
+
+ define_neoverse_n1_cp_reginfo(cpu);
}
static void aarch64_host_initfn(Object *obj)
--
2.34.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PULL 2/8] hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settings
2023-03-21 13:20 [PULL 0/8] target-arm queue Peter Maydell
2023-03-21 13:20 ` [PULL 1/8] target/arm: Add Neoverse-N1 registers Peter Maydell
@ 2023-03-21 13:20 ` Peter Maydell
2023-03-21 13:20 ` [PULL 3/8] contrib/elf2dmp: fix code style Peter Maydell
` (6 subsequent siblings)
8 siblings, 0 replies; 14+ messages in thread
From: Peter Maydell @ 2023-03-21 13:20 UTC (permalink / raw)
To: qemu-devel
The cadence UART attempts to avoid allowing the guest to set invalid
baud rate register values in the uart_write() function. However it
does the "mask to the size of the register field" and "check for
invalid values" in the wrong order, which means that a malicious
guest can get a bogus value into the register by setting also some
high bits in the value, and cause QEMU to crash by division-by-zero.
Do the mask before the bounds check instead of afterwards.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1493
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Edgar E. Iglesias <edgar@zeroasic.com>
Reviewed-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: Qiang Liu <cyruscyliu@gmail.com>
Message-id: 20230314170804.1196232-1-peter.maydell@linaro.org
---
hw/char/cadence_uart.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c
index c069a30842e..807e3985419 100644
--- a/hw/char/cadence_uart.c
+++ b/hw/char/cadence_uart.c
@@ -450,13 +450,15 @@ static MemTxResult uart_write(void *opaque, hwaddr offset,
}
break;
case R_BRGR: /* Baud rate generator */
+ value &= 0xffff;
if (value >= 0x01) {
- s->r[offset] = value & 0xFFFF;
+ s->r[offset] = value;
}
break;
case R_BDIV: /* Baud rate divider */
+ value &= 0xff;
if (value >= 0x04) {
- s->r[offset] = value & 0xFF;
+ s->r[offset] = value;
}
break;
default:
--
2.34.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PULL 3/8] contrib/elf2dmp: fix code style
2023-03-21 13:20 [PULL 0/8] target-arm queue Peter Maydell
2023-03-21 13:20 ` [PULL 1/8] target/arm: Add Neoverse-N1 registers Peter Maydell
2023-03-21 13:20 ` [PULL 2/8] hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settings Peter Maydell
@ 2023-03-21 13:20 ` Peter Maydell
2023-03-21 13:20 ` [PULL 4/8] contrib/elf2dmp: move PE dir search to pe_get_data_dir_entry Peter Maydell
` (5 subsequent siblings)
8 siblings, 0 replies; 14+ messages in thread
From: Peter Maydell @ 2023-03-21 13:20 UTC (permalink / raw)
To: qemu-devel
From: Viktor Prutyanov <viktor@daynix.com>
Originally elf2dmp were added with some code style issues,
especially in pe.h header, and some were introduced by
2d0fc797faaa73fbc1d30f5f9e90407bf3dd93f0. Fix them now.
Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
Reviewed-by: Annie Li <annie.li@oracle.com>
Message-id: 20230222211246.883679-2-viktor@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
contrib/elf2dmp/pe.h | 100 ++++++++++++++++++------------------
contrib/elf2dmp/addrspace.c | 1 +
contrib/elf2dmp/main.c | 9 ++--
3 files changed, 57 insertions(+), 53 deletions(-)
diff --git a/contrib/elf2dmp/pe.h b/contrib/elf2dmp/pe.h
index c2a4a6ba7c2..807d0063649 100644
--- a/contrib/elf2dmp/pe.h
+++ b/contrib/elf2dmp/pe.h
@@ -33,70 +33,70 @@ typedef struct IMAGE_DOS_HEADER {
} __attribute__ ((packed)) IMAGE_DOS_HEADER;
typedef struct IMAGE_FILE_HEADER {
- uint16_t Machine;
- uint16_t NumberOfSections;
- uint32_t TimeDateStamp;
- uint32_t PointerToSymbolTable;
- uint32_t NumberOfSymbols;
- uint16_t SizeOfOptionalHeader;
- uint16_t Characteristics;
+ uint16_t Machine;
+ uint16_t NumberOfSections;
+ uint32_t TimeDateStamp;
+ uint32_t PointerToSymbolTable;
+ uint32_t NumberOfSymbols;
+ uint16_t SizeOfOptionalHeader;
+ uint16_t Characteristics;
} __attribute__ ((packed)) IMAGE_FILE_HEADER;
typedef struct IMAGE_DATA_DIRECTORY {
- uint32_t VirtualAddress;
- uint32_t Size;
+ uint32_t VirtualAddress;
+ uint32_t Size;
} __attribute__ ((packed)) IMAGE_DATA_DIRECTORY;
#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
typedef struct IMAGE_OPTIONAL_HEADER64 {
- uint16_t Magic; /* 0x20b */
- uint8_t MajorLinkerVersion;
- uint8_t MinorLinkerVersion;
- uint32_t SizeOfCode;
- uint32_t SizeOfInitializedData;
- uint32_t SizeOfUninitializedData;
- uint32_t AddressOfEntryPoint;
- uint32_t BaseOfCode;
- uint64_t ImageBase;
- uint32_t SectionAlignment;
- uint32_t FileAlignment;
- uint16_t MajorOperatingSystemVersion;
- uint16_t MinorOperatingSystemVersion;
- uint16_t MajorImageVersion;
- uint16_t MinorImageVersion;
- uint16_t MajorSubsystemVersion;
- uint16_t MinorSubsystemVersion;
- uint32_t Win32VersionValue;
- uint32_t SizeOfImage;
- uint32_t SizeOfHeaders;
- uint32_t CheckSum;
- uint16_t Subsystem;
- uint16_t DllCharacteristics;
- uint64_t SizeOfStackReserve;
- uint64_t SizeOfStackCommit;
- uint64_t SizeOfHeapReserve;
- uint64_t SizeOfHeapCommit;
- uint32_t LoaderFlags;
- uint32_t NumberOfRvaAndSizes;
- IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
+ uint16_t Magic; /* 0x20b */
+ uint8_t MajorLinkerVersion;
+ uint8_t MinorLinkerVersion;
+ uint32_t SizeOfCode;
+ uint32_t SizeOfInitializedData;
+ uint32_t SizeOfUninitializedData;
+ uint32_t AddressOfEntryPoint;
+ uint32_t BaseOfCode;
+ uint64_t ImageBase;
+ uint32_t SectionAlignment;
+ uint32_t FileAlignment;
+ uint16_t MajorOperatingSystemVersion;
+ uint16_t MinorOperatingSystemVersion;
+ uint16_t MajorImageVersion;
+ uint16_t MinorImageVersion;
+ uint16_t MajorSubsystemVersion;
+ uint16_t MinorSubsystemVersion;
+ uint32_t Win32VersionValue;
+ uint32_t SizeOfImage;
+ uint32_t SizeOfHeaders;
+ uint32_t CheckSum;
+ uint16_t Subsystem;
+ uint16_t DllCharacteristics;
+ uint64_t SizeOfStackReserve;
+ uint64_t SizeOfStackCommit;
+ uint64_t SizeOfHeapReserve;
+ uint64_t SizeOfHeapCommit;
+ uint32_t LoaderFlags;
+ uint32_t NumberOfRvaAndSizes;
+ IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
} __attribute__ ((packed)) IMAGE_OPTIONAL_HEADER64;
typedef struct IMAGE_NT_HEADERS64 {
- uint32_t Signature;
- IMAGE_FILE_HEADER FileHeader;
- IMAGE_OPTIONAL_HEADER64 OptionalHeader;
+ uint32_t Signature;
+ IMAGE_FILE_HEADER FileHeader;
+ IMAGE_OPTIONAL_HEADER64 OptionalHeader;
} __attribute__ ((packed)) IMAGE_NT_HEADERS64;
typedef struct IMAGE_DEBUG_DIRECTORY {
- uint32_t Characteristics;
- uint32_t TimeDateStamp;
- uint16_t MajorVersion;
- uint16_t MinorVersion;
- uint32_t Type;
- uint32_t SizeOfData;
- uint32_t AddressOfRawData;
- uint32_t PointerToRawData;
+ uint32_t Characteristics;
+ uint32_t TimeDateStamp;
+ uint16_t MajorVersion;
+ uint16_t MinorVersion;
+ uint32_t Type;
+ uint32_t SizeOfData;
+ uint32_t AddressOfRawData;
+ uint32_t PointerToRawData;
} __attribute__ ((packed)) IMAGE_DEBUG_DIRECTORY;
#define IMAGE_DEBUG_TYPE_CODEVIEW 2
diff --git a/contrib/elf2dmp/addrspace.c b/contrib/elf2dmp/addrspace.c
index 53ded170618..0b04cba00e5 100644
--- a/contrib/elf2dmp/addrspace.c
+++ b/contrib/elf2dmp/addrspace.c
@@ -11,6 +11,7 @@
static struct pa_block *pa_space_find_block(struct pa_space *ps, uint64_t pa)
{
size_t i;
+
for (i = 0; i < ps->block_nr; i++) {
if (ps->block[i].paddr <= pa &&
pa <= ps->block[i].paddr + ps->block[i].size) {
diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c
index d77b8f98f78..92247642395 100644
--- a/contrib/elf2dmp/main.c
+++ b/contrib/elf2dmp/main.c
@@ -282,14 +282,16 @@ static int fill_header(WinDumpHeader64 *hdr, struct pa_space *ps,
};
for (i = 0; i < ps->block_nr; i++) {
- h.PhysicalMemoryBlock.NumberOfPages += ps->block[i].size / ELF2DMP_PAGE_SIZE;
+ h.PhysicalMemoryBlock.NumberOfPages +=
+ ps->block[i].size / ELF2DMP_PAGE_SIZE;
h.PhysicalMemoryBlock.Run[i] = (WinDumpPhyMemRun64) {
.BasePage = ps->block[i].paddr / ELF2DMP_PAGE_SIZE,
.PageCount = ps->block[i].size / ELF2DMP_PAGE_SIZE,
};
}
- h.RequiredDumpSpace += h.PhysicalMemoryBlock.NumberOfPages << ELF2DMP_PAGE_BITS;
+ h.RequiredDumpSpace +=
+ h.PhysicalMemoryBlock.NumberOfPages << ELF2DMP_PAGE_BITS;
*hdr = h;
@@ -299,7 +301,8 @@ static int fill_header(WinDumpHeader64 *hdr, struct pa_space *ps,
static int fill_context(KDDEBUGGER_DATA64 *kdbg,
struct va_space *vs, QEMU_Elf *qe)
{
- int i;
+ int i;
+
for (i = 0; i < qe->state_nr; i++) {
uint64_t Prcb;
uint64_t Context;
--
2.34.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PULL 4/8] contrib/elf2dmp: move PE dir search to pe_get_data_dir_entry
2023-03-21 13:20 [PULL 0/8] target-arm queue Peter Maydell
` (2 preceding siblings ...)
2023-03-21 13:20 ` [PULL 3/8] contrib/elf2dmp: fix code style Peter Maydell
@ 2023-03-21 13:20 ` Peter Maydell
2023-03-21 13:20 ` [PULL 5/8] contrib/elf2dmp: add PE name check and Windows Server 2022 support Peter Maydell
` (4 subsequent siblings)
8 siblings, 0 replies; 14+ messages in thread
From: Peter Maydell @ 2023-03-21 13:20 UTC (permalink / raw)
To: qemu-devel
From: Viktor Prutyanov <viktor@daynix.com>
Move out PE directory search functionality to be reused not only
for Debug Directory processing but for arbitrary PE directory.
Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
Reviewed-by: Annie Li <annie.li@oracle.com>
Message-id: 20230222211246.883679-3-viktor@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
contrib/elf2dmp/main.c | 71 +++++++++++++++++++++++++-----------------
1 file changed, 42 insertions(+), 29 deletions(-)
diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c
index 92247642395..2f6028d8eb3 100644
--- a/contrib/elf2dmp/main.c
+++ b/contrib/elf2dmp/main.c
@@ -333,6 +333,45 @@ static int fill_context(KDDEBUGGER_DATA64 *kdbg,
return 0;
}
+static int pe_get_data_dir_entry(uint64_t base, void *start_addr, int idx,
+ void *entry, size_t size, struct va_space *vs)
+{
+ const char e_magic[2] = "MZ";
+ const char Signature[4] = "PE\0\0";
+ IMAGE_DOS_HEADER *dos_hdr = start_addr;
+ IMAGE_NT_HEADERS64 nt_hdrs;
+ IMAGE_FILE_HEADER *file_hdr = &nt_hdrs.FileHeader;
+ IMAGE_OPTIONAL_HEADER64 *opt_hdr = &nt_hdrs.OptionalHeader;
+ IMAGE_DATA_DIRECTORY *data_dir = nt_hdrs.OptionalHeader.DataDirectory;
+
+ QEMU_BUILD_BUG_ON(sizeof(*dos_hdr) >= ELF2DMP_PAGE_SIZE);
+
+ if (memcmp(&dos_hdr->e_magic, e_magic, sizeof(e_magic))) {
+ return 1;
+ }
+
+ if (va_space_rw(vs, base + dos_hdr->e_lfanew,
+ &nt_hdrs, sizeof(nt_hdrs), 0)) {
+ return 1;
+ }
+
+ if (memcmp(&nt_hdrs.Signature, Signature, sizeof(Signature)) ||
+ file_hdr->Machine != 0x8664 || opt_hdr->Magic != 0x020b) {
+ return 1;
+ }
+
+ if (va_space_rw(vs,
+ base + data_dir[idx].VirtualAddress,
+ entry, size, 0)) {
+ return 1;
+ }
+
+ printf("Data directory entry #%d: RVA = 0x%08"PRIx32"\n", idx,
+ (uint32_t)data_dir[idx].VirtualAddress);
+
+ return 0;
+}
+
static int write_dump(struct pa_space *ps,
WinDumpHeader64 *hdr, const char *name)
{
@@ -369,42 +408,16 @@ static int write_dump(struct pa_space *ps,
static int pe_get_pdb_symstore_hash(uint64_t base, void *start_addr,
char *hash, struct va_space *vs)
{
- const char e_magic[2] = "MZ";
- const char Signature[4] = "PE\0\0";
const char sign_rsds[4] = "RSDS";
- IMAGE_DOS_HEADER *dos_hdr = start_addr;
- IMAGE_NT_HEADERS64 nt_hdrs;
- IMAGE_FILE_HEADER *file_hdr = &nt_hdrs.FileHeader;
- IMAGE_OPTIONAL_HEADER64 *opt_hdr = &nt_hdrs.OptionalHeader;
- IMAGE_DATA_DIRECTORY *data_dir = nt_hdrs.OptionalHeader.DataDirectory;
IMAGE_DEBUG_DIRECTORY debug_dir;
OMFSignatureRSDS rsds;
char *pdb_name;
size_t pdb_name_sz;
size_t i;
- QEMU_BUILD_BUG_ON(sizeof(*dos_hdr) >= ELF2DMP_PAGE_SIZE);
-
- if (memcmp(&dos_hdr->e_magic, e_magic, sizeof(e_magic))) {
- return 1;
- }
-
- if (va_space_rw(vs, base + dos_hdr->e_lfanew,
- &nt_hdrs, sizeof(nt_hdrs), 0)) {
- return 1;
- }
-
- if (memcmp(&nt_hdrs.Signature, Signature, sizeof(Signature)) ||
- file_hdr->Machine != 0x8664 || opt_hdr->Magic != 0x020b) {
- return 1;
- }
-
- printf("Debug Directory RVA = 0x%08"PRIx32"\n",
- (uint32_t)data_dir[IMAGE_FILE_DEBUG_DIRECTORY].VirtualAddress);
-
- if (va_space_rw(vs,
- base + data_dir[IMAGE_FILE_DEBUG_DIRECTORY].VirtualAddress,
- &debug_dir, sizeof(debug_dir), 0)) {
+ if (pe_get_data_dir_entry(base, start_addr, IMAGE_FILE_DEBUG_DIRECTORY,
+ &debug_dir, sizeof(debug_dir), vs)) {
+ eprintf("Failed to get Debug Directory\n");
return 1;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PULL 5/8] contrib/elf2dmp: add PE name check and Windows Server 2022 support
2023-03-21 13:20 [PULL 0/8] target-arm queue Peter Maydell
` (3 preceding siblings ...)
2023-03-21 13:20 ` [PULL 4/8] contrib/elf2dmp: move PE dir search to pe_get_data_dir_entry Peter Maydell
@ 2023-03-21 13:20 ` Peter Maydell
2023-03-21 13:20 ` [PULL 6/8] hw/usb/imx: Fix out of bounds access in imx_usbphy_read() Peter Maydell
` (3 subsequent siblings)
8 siblings, 0 replies; 14+ messages in thread
From: Peter Maydell @ 2023-03-21 13:20 UTC (permalink / raw)
To: qemu-devel
From: Viktor Prutyanov <viktor@daynix.com>
Since its inception elf2dmp has checked MZ signatures within an
address space above IDT[0] interrupt vector and took first PE image
found as Windows Kernel.
But in Windows Server 2022 memory dump this address space range is
full of invalid PE fragments and the tool must check that PE image
is 'ntoskrnl.exe' actually.
So, introduce additional validation by checking image name from
Export Directory against 'ntoskrnl.exe'.
Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
Tested-by: Yuri Benditovich <yuri.benditovich@daynix.com>
Reviewed-by: Annie Li <annie.li@oracle.com>
Message-id: 20230222211246.883679-4-viktor@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
contrib/elf2dmp/pe.h | 15 +++++++++++++++
contrib/elf2dmp/main.c | 28 ++++++++++++++++++++++++++--
2 files changed, 41 insertions(+), 2 deletions(-)
diff --git a/contrib/elf2dmp/pe.h b/contrib/elf2dmp/pe.h
index 807d0063649..71126af1aca 100644
--- a/contrib/elf2dmp/pe.h
+++ b/contrib/elf2dmp/pe.h
@@ -88,6 +88,20 @@ typedef struct IMAGE_NT_HEADERS64 {
IMAGE_OPTIONAL_HEADER64 OptionalHeader;
} __attribute__ ((packed)) IMAGE_NT_HEADERS64;
+typedef struct IMAGE_EXPORT_DIRECTORY {
+ uint32_t Characteristics;
+ uint32_t TimeDateStamp;
+ uint16_t MajorVersion;
+ uint16_t MinorVersion;
+ uint32_t Name;
+ uint32_t Base;
+ uint32_t NumberOfFunctions;
+ uint32_t NumberOfNames;
+ uint32_t AddressOfFunctions;
+ uint32_t AddressOfNames;
+ uint32_t AddressOfNameOrdinals;
+} __attribute__ ((packed)) IMAGE_EXPORT_DIRECTORY;
+
typedef struct IMAGE_DEBUG_DIRECTORY {
uint32_t Characteristics;
uint32_t TimeDateStamp;
@@ -102,6 +116,7 @@ typedef struct IMAGE_DEBUG_DIRECTORY {
#define IMAGE_DEBUG_TYPE_CODEVIEW 2
#endif
+#define IMAGE_FILE_EXPORT_DIRECTORY 0
#define IMAGE_FILE_DEBUG_DIRECTORY 6
typedef struct guid_t {
diff --git a/contrib/elf2dmp/main.c b/contrib/elf2dmp/main.c
index 2f6028d8eb3..89f0c69ab0f 100644
--- a/contrib/elf2dmp/main.c
+++ b/contrib/elf2dmp/main.c
@@ -17,6 +17,7 @@
#define SYM_URL_BASE "https://msdl.microsoft.com/download/symbols/"
#define PDB_NAME "ntkrnlmp.pdb"
+#define PE_NAME "ntoskrnl.exe"
#define INITIAL_MXCSR 0x1f80
@@ -405,6 +406,25 @@ static int write_dump(struct pa_space *ps,
return fclose(dmp_file);
}
+static bool pe_check_export_name(uint64_t base, void *start_addr,
+ struct va_space *vs)
+{
+ IMAGE_EXPORT_DIRECTORY export_dir;
+ const char *pe_name;
+
+ if (pe_get_data_dir_entry(base, start_addr, IMAGE_FILE_EXPORT_DIRECTORY,
+ &export_dir, sizeof(export_dir), vs)) {
+ return false;
+ }
+
+ pe_name = va_space_resolve(vs, base + export_dir.Name);
+ if (!pe_name) {
+ return false;
+ }
+
+ return !strcmp(pe_name, PE_NAME);
+}
+
static int pe_get_pdb_symstore_hash(uint64_t base, void *start_addr,
char *hash, struct va_space *vs)
{
@@ -489,6 +509,7 @@ int main(int argc, char *argv[])
uint64_t KdDebuggerDataBlock;
KDDEBUGGER_DATA64 *kdbg;
uint64_t KdVersionBlock;
+ bool kernel_found = false;
if (argc != 3) {
eprintf("usage:\n\t%s elf_file dmp_file\n", argv[0]);
@@ -536,11 +557,14 @@ int main(int argc, char *argv[])
}
if (*(uint16_t *)nt_start_addr == 0x5a4d) { /* MZ */
- break;
+ if (pe_check_export_name(KernBase, nt_start_addr, &vs)) {
+ kernel_found = true;
+ break;
+ }
}
}
- if (!nt_start_addr) {
+ if (!kernel_found) {
eprintf("Failed to find NT kernel image\n");
err = 1;
goto out_ps;
--
2.34.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PULL 6/8] hw/usb/imx: Fix out of bounds access in imx_usbphy_read()
2023-03-21 13:20 [PULL 0/8] target-arm queue Peter Maydell
` (4 preceding siblings ...)
2023-03-21 13:20 ` [PULL 5/8] contrib/elf2dmp: add PE name check and Windows Server 2022 support Peter Maydell
@ 2023-03-21 13:20 ` Peter Maydell
2023-03-21 13:20 ` [PULL 7/8] docs/system/arm/cpu-features.rst: Fix formatting Peter Maydell
` (2 subsequent siblings)
8 siblings, 0 replies; 14+ messages in thread
From: Peter Maydell @ 2023-03-21 13:20 UTC (permalink / raw)
To: qemu-devel
From: Guenter Roeck <linux@roeck-us.net>
The i.MX USB Phy driver does not check register ranges, resulting in out of
bounds accesses if an attempt is made to access non-existing PHY registers.
Add range check and conditionally report bad accesses to fix the problem.
While at it, also conditionally log attempted writes to non-existing or
read-only registers.
Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Qiang Liu <cyruscyliu@gmail.com>
Message-id: 20230316234926.208874-1-linux@roeck-us.net
Link: https://gitlab.com/qemu-project/qemu/-/issues/1408
Fixes: 0701a5efa015 ("hw/usb: Add basic i.MX USB Phy support")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/usb/imx-usb-phy.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/hw/usb/imx-usb-phy.c b/hw/usb/imx-usb-phy.c
index 5d7a549e34d..1a97b36a119 100644
--- a/hw/usb/imx-usb-phy.c
+++ b/hw/usb/imx-usb-phy.c
@@ -13,6 +13,7 @@
#include "qemu/osdep.h"
#include "hw/usb/imx-usb-phy.h"
#include "migration/vmstate.h"
+#include "qemu/log.h"
#include "qemu/module.h"
static const VMStateDescription vmstate_imx_usbphy = {
@@ -90,7 +91,15 @@ static uint64_t imx_usbphy_read(void *opaque, hwaddr offset, unsigned size)
value = s->usbphy[index - 3];
break;
default:
- value = s->usbphy[index];
+ if (index < USBPHY_MAX) {
+ value = s->usbphy[index];
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: Read from non-existing USB PHY register 0x%"
+ HWADDR_PRIx "\n",
+ __func__, offset);
+ value = 0;
+ }
break;
}
return (uint64_t)value;
@@ -168,7 +177,13 @@ static void imx_usbphy_write(void *opaque, hwaddr offset, uint64_t value,
s->usbphy[index - 3] ^= value;
break;
default:
- /* Other registers are read-only */
+ /* Other registers are read-only or do not exist */
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: Write to %s USB PHY register 0x%"
+ HWADDR_PRIx "\n",
+ __func__,
+ index >= USBPHY_MAX ? "non-existing" : "read-only",
+ offset);
break;
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PULL 7/8] docs/system/arm/cpu-features.rst: Fix formatting
2023-03-21 13:20 [PULL 0/8] target-arm queue Peter Maydell
` (5 preceding siblings ...)
2023-03-21 13:20 ` [PULL 6/8] hw/usb/imx: Fix out of bounds access in imx_usbphy_read() Peter Maydell
@ 2023-03-21 13:20 ` Peter Maydell
2023-03-21 13:20 ` [PULL 8/8] target/arm: Don't advertise aarch64-pauth.xml to gdb Peter Maydell
2023-03-21 17:14 ` [PULL 0/8] target-arm queue Peter Maydell
8 siblings, 0 replies; 14+ messages in thread
From: Peter Maydell @ 2023-03-21 13:20 UTC (permalink / raw)
To: qemu-devel
The markup for the Arm CPU feature documentation is incorrect,
and results in the HTML not rendering correctly -- the first
line of each description is rendered in boldface as if it
were part of the option name.
Reformat to match the styling used in cpu-models-x86.rst.inc.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1479
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230316105808.1414003-1-peter.maydell@linaro.org
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
---
docs/system/arm/cpu-features.rst | 68 ++++++++++++++------------------
1 file changed, 30 insertions(+), 38 deletions(-)
diff --git a/docs/system/arm/cpu-features.rst b/docs/system/arm/cpu-features.rst
index 00c444042ff..f4524b6d3e7 100644
--- a/docs/system/arm/cpu-features.rst
+++ b/docs/system/arm/cpu-features.rst
@@ -177,39 +177,32 @@ are named with the prefix "kvm-". KVM VCPU features may be probed,
enabled, and disabled in the same way as other CPU features. Below is
the list of KVM VCPU features and their descriptions.
- kvm-no-adjvtime By default kvm-no-adjvtime is disabled. This
- means that by default the virtual time
- adjustment is enabled (vtime is not *not*
- adjusted).
+``kvm-no-adjvtime``
+ By default kvm-no-adjvtime is disabled. This means that by default
+ the virtual time adjustment is enabled (vtime is not *not* adjusted).
- When virtual time adjustment is enabled each
- time the VM transitions back to running state
- the VCPU's virtual counter is updated to ensure
- stopped time is not counted. This avoids time
- jumps surprising guest OSes and applications,
- as long as they use the virtual counter for
- timekeeping. However it has the side effect of
- the virtual and physical counters diverging.
- All timekeeping based on the virtual counter
- will appear to lag behind any timekeeping that
- does not subtract VM stopped time. The guest
- may resynchronize its virtual counter with
- other time sources as needed.
+ When virtual time adjustment is enabled each time the VM transitions
+ back to running state the VCPU's virtual counter is updated to
+ ensure stopped time is not counted. This avoids time jumps
+ surprising guest OSes and applications, as long as they use the
+ virtual counter for timekeeping. However it has the side effect of
+ the virtual and physical counters diverging. All timekeeping based
+ on the virtual counter will appear to lag behind any timekeeping
+ that does not subtract VM stopped time. The guest may resynchronize
+ its virtual counter with other time sources as needed.
- Enable kvm-no-adjvtime to disable virtual time
- adjustment, also restoring the legacy (pre-5.0)
- behavior.
+ Enable kvm-no-adjvtime to disable virtual time adjustment, also
+ restoring the legacy (pre-5.0) behavior.
- kvm-steal-time Since v5.2, kvm-steal-time is enabled by
- default when KVM is enabled, the feature is
- supported, and the guest is 64-bit.
+``kvm-steal-time``
+ Since v5.2, kvm-steal-time is enabled by default when KVM is
+ enabled, the feature is supported, and the guest is 64-bit.
- When kvm-steal-time is enabled a 64-bit guest
- can account for time its CPUs were not running
- due to the host not scheduling the corresponding
- VCPU threads. The accounting statistics may
- influence the guest scheduler behavior and/or be
- exposed to the guest userspace.
+ When kvm-steal-time is enabled a 64-bit guest can account for time
+ its CPUs were not running due to the host not scheduling the
+ corresponding VCPU threads. The accounting statistics may influence
+ the guest scheduler behavior and/or be exposed to the guest
+ userspace.
TCG VCPU Features
=================
@@ -217,16 +210,15 @@ TCG VCPU Features
TCG VCPU features are CPU features that are specific to TCG.
Below is the list of TCG VCPU features and their descriptions.
- pauth-impdef When ``FEAT_Pauth`` is enabled, either the
- *impdef* (Implementation Defined) algorithm
- is enabled or the *architected* QARMA algorithm
- is enabled. By default the impdef algorithm
- is disabled, and QARMA is enabled.
+``pauth-impdef``
+ When ``FEAT_Pauth`` is enabled, either the *impdef* (Implementation
+ Defined) algorithm is enabled or the *architected* QARMA algorithm
+ is enabled. By default the impdef algorithm is disabled, and QARMA
+ is enabled.
- The architected QARMA algorithm has good
- cryptographic properties, but can be quite slow
- to emulate. The impdef algorithm used by QEMU
- is non-cryptographic but significantly faster.
+ The architected QARMA algorithm has good cryptographic properties,
+ but can be quite slow to emulate. The impdef algorithm used by QEMU
+ is non-cryptographic but significantly faster.
SVE CPU Properties
==================
--
2.34.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PULL 8/8] target/arm: Don't advertise aarch64-pauth.xml to gdb
2023-03-21 13:20 [PULL 0/8] target-arm queue Peter Maydell
` (6 preceding siblings ...)
2023-03-21 13:20 ` [PULL 7/8] docs/system/arm/cpu-features.rst: Fix formatting Peter Maydell
@ 2023-03-21 13:20 ` Peter Maydell
2023-03-21 17:14 ` [PULL 0/8] target-arm queue Peter Maydell
8 siblings, 0 replies; 14+ messages in thread
From: Peter Maydell @ 2023-03-21 13:20 UTC (permalink / raw)
To: qemu-devel
Unfortunately a bug in older versions of gdb means that they will
crash if QEMU sends them the aarch64-pauth.xml. This bug is fixed in
gdb commit 1ba3a3222039eb25, and there are plans to backport that to
affected gdb release branches, but since the bug affects gdb 9
through 12 it is very widely deployed (for instance by distros).
It is not currently clear what the best way to deal with this is; it
has been proposed to define a new XML feature name that old gdb will
ignore but newer gdb can handle. Since QEMU's 8.0 release is
imminent and at least one of our CI runners is now falling over this,
disable the pauth XML for the moment. We can follow up with a more
considered fix either in time for 8.0 or else for the 8.1 release.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
target/arm/gdbstub.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c
index 78105b8078b..3bd86cee979 100644
--- a/target/arm/gdbstub.c
+++ b/target/arm/gdbstub.c
@@ -520,11 +520,18 @@ void arm_cpu_register_gdb_regs_for_features(ARMCPU *cpu)
aarch64_gdb_set_fpu_reg,
34, "aarch64-fpu.xml", 0);
}
+#if 0
+ /*
+ * GDB versions 9 through 12 have a bug which means they will
+ * crash if they see this XML from QEMU; disable it for the 8.0
+ * release, pending a better solution.
+ */
if (isar_feature_aa64_pauth(&cpu->isar)) {
gdb_register_coprocessor(cs, aarch64_gdb_get_pauth_reg,
aarch64_gdb_set_pauth_reg,
4, "aarch64-pauth.xml", 0);
}
+#endif
#endif
} else {
if (arm_feature(env, ARM_FEATURE_NEON)) {
--
2.34.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PULL 0/8] target-arm queue
2023-03-21 13:20 [PULL 0/8] target-arm queue Peter Maydell
` (7 preceding siblings ...)
2023-03-21 13:20 ` [PULL 8/8] target/arm: Don't advertise aarch64-pauth.xml to gdb Peter Maydell
@ 2023-03-21 17:14 ` Peter Maydell
8 siblings, 0 replies; 14+ messages in thread
From: Peter Maydell @ 2023-03-21 17:14 UTC (permalink / raw)
To: qemu-devel
On Tue, 21 Mar 2023 at 13:20, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> The following changes since commit aa9e7fa4689d1becb2faf67f65aafcbcf664f1ce:
>
> Merge tag 'edk2-stable202302-20230320-pull-request' of https://gitlab.com/kraxel/qemu into staging (2023-03-20 13:43:35 +0000)
>
> are available in the Git repository at:
>
> https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230321
>
> for you to fetch changes up to 5787d17a42f7af4bd117e5d6bfa54b1fdf93c255:
>
> target/arm: Don't advertise aarch64-pauth.xml to gdb (2023-03-21 13:19:08 +0000)
>
> ----------------------------------------------------------------
> target-arm queue:
> * contrib/elf2dmp: Support Windows Server 2022
> * hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settings
> * target/arm: Add Neoverse-N1 IMPDEF registers
> * hw/usb/imx: Fix out of bounds access in imx_usbphy_read()
> * docs/system/arm/cpu-features.rst: Fix formatting
> * target/arm: Don't advertise aarch64-pauth.xml to gdb
>
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/8.0
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PULL 0/8] target-arm queue
2023-11-21 10:24 Peter Maydell
@ 2023-11-21 15:14 ` Stefan Hajnoczi
0 siblings, 0 replies; 14+ messages in thread
From: Stefan Hajnoczi @ 2023-11-21 15:14 UTC (permalink / raw)
To: Peter Maydell; +Cc: qemu-devel
[-- Attachment #1: Type: text/plain, Size: 115 bytes --]
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/8.2 for any user-visible changes.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PULL 0/8] target-arm queue
@ 2023-11-21 10:24 Peter Maydell
2023-11-21 15:14 ` Stefan Hajnoczi
0 siblings, 1 reply; 14+ messages in thread
From: Peter Maydell @ 2023-11-21 10:24 UTC (permalink / raw)
To: qemu-devel
Hi; here are some arm patches for rc1; all small bug fixes and cleanups.
thanks
-- PMM
The following changes since commit af9264da80073435fd78944bc5a46e695897d7e5:
Merge tag '20231119-xtensa-1' of https://github.com/OSLL/qemu-xtensa into staging (2023-11-20 05:25:19 -0500)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20231121
for you to fetch changes up to 0cbb56c236a4a28f5149eed227d74bb737321cfc:
hw/arm/fsl-imx: Do not ignore Error argument (2023-11-20 15:34:19 +0000)
----------------------------------------------------------------
target-arm queue:
* enable FEAT_RNG on Neoverse-N2
* hw/intc/arm_gicv3: ICC_PMR_EL1 high bits should be RAZ
* Fix SME FMOPA (16-bit), BFMOPA
* hw/core/machine: Constify MachineClass::valid_cpu_types[]
* stm32f* machines: Report error when user asks for wrong CPU type
* hw/arm/fsl-imx: Do not ignore Error argument
----------------------------------------------------------------
Ben Dooks (1):
hw/intc/arm_gicv3: ICC_PMR_EL1 high bits should be RAZ
Gavin Shan (1):
hw/core/machine: Constify MachineClass::valid_cpu_types[]
Marcin Juszkiewicz (1):
target/arm: enable FEAT_RNG on Neoverse-N2
Philippe Mathieu-Daudé (4):
hw/arm/stm32f405: Report error when incorrect CPU is used
hw/arm/stm32f205: Report error when incorrect CPU is used
hw/arm/stm32f100: Report error when incorrect CPU is used
hw/arm/fsl-imx: Do not ignore Error argument
Richard Henderson (1):
target/arm: Fix SME FMOPA (16-bit), BFMOPA
include/hw/arm/stm32f100_soc.h | 4 ----
include/hw/arm/stm32f205_soc.h | 4 ----
include/hw/arm/stm32f405_soc.h | 4 ----
include/hw/boards.h | 2 +-
hw/arm/fsl-imx25.c | 3 ++-
hw/arm/fsl-imx6.c | 3 ++-
hw/arm/netduino2.c | 7 ++++++-
hw/arm/netduinoplus2.c | 7 ++++++-
hw/arm/olimex-stm32-h405.c | 8 ++++++--
hw/arm/stm32f100_soc.c | 9 ++-------
hw/arm/stm32f205_soc.c | 9 ++-------
hw/arm/stm32f405_soc.c | 8 +-------
hw/arm/stm32vldiscovery.c | 7 ++++++-
hw/hppa/machine.c | 22 ++++++++++------------
hw/intc/arm_gicv3_cpuif.c | 4 ++--
hw/m68k/q800.c | 11 +++++------
target/arm/tcg/cpu64.c | 2 +-
target/arm/tcg/sme_helper.c | 10 ++++------
18 files changed, 56 insertions(+), 68 deletions(-)
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PULL 0/8] target-arm queue
2020-08-03 19:33 Peter Maydell
@ 2020-08-03 21:12 ` Peter Maydell
0 siblings, 0 replies; 14+ messages in thread
From: Peter Maydell @ 2020-08-03 21:12 UTC (permalink / raw)
To: QEMU Developers
On Mon, 3 Aug 2020 at 20:34, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> Handful of bugfixes for rc2. None of these are particularly critical
> or exciting.
>
> -- PMM
>
> The following changes since commit 45a150aa2b3492acf6691c7bdbeb25a8545d8345:
>
> Merge remote-tracking branch 'remotes/ericb/tags/pull-bitmaps-2020-08-03' into staging (2020-08-03 15:13:49 +0100)
>
> are available in the Git repository at:
>
> https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200803
>
> for you to fetch changes up to 13557fd392890cbd985bceba7f717e01efd674b8:
>
> hw/timer/imx_epit: Avoid assertion when CR.SWR is written (2020-08-03 17:56:11 +0100)
>
> ----------------------------------------------------------------
> target-arm queue:
> * hw/timer/imx_epit: Avoid assertion when CR.SWR is written
> * netduino2, netduinoplus2, microbit: set system_clock_scale so that
> SysTick running on the CPU clock works
> * target/arm: Avoid maybe-uninitialized warning with gcc 4.9
> * target/arm: Fix AddPAC error indication
> * Make AIRCR.SYSRESETREQ actually reset the system for the
> microbit, mps2-*, musca-*, netduino* boards
>
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/5.1
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PULL 0/8] target-arm queue
@ 2020-08-03 19:33 Peter Maydell
2020-08-03 21:12 ` Peter Maydell
0 siblings, 1 reply; 14+ messages in thread
From: Peter Maydell @ 2020-08-03 19:33 UTC (permalink / raw)
To: qemu-devel
Handful of bugfixes for rc2. None of these are particularly critical
or exciting.
-- PMM
The following changes since commit 45a150aa2b3492acf6691c7bdbeb25a8545d8345:
Merge remote-tracking branch 'remotes/ericb/tags/pull-bitmaps-2020-08-03' into staging (2020-08-03 15:13:49 +0100)
are available in the Git repository at:
https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20200803
for you to fetch changes up to 13557fd392890cbd985bceba7f717e01efd674b8:
hw/timer/imx_epit: Avoid assertion when CR.SWR is written (2020-08-03 17:56:11 +0100)
----------------------------------------------------------------
target-arm queue:
* hw/timer/imx_epit: Avoid assertion when CR.SWR is written
* netduino2, netduinoplus2, microbit: set system_clock_scale so that
SysTick running on the CPU clock works
* target/arm: Avoid maybe-uninitialized warning with gcc 4.9
* target/arm: Fix AddPAC error indication
* Make AIRCR.SYSRESETREQ actually reset the system for the
microbit, mps2-*, musca-*, netduino* boards
----------------------------------------------------------------
Kaige Li (1):
target/arm: Avoid maybe-uninitialized warning with gcc 4.9
Peter Maydell (6):
hw/arm/netduino2, netduinoplus2: Set system_clock_scale
include/hw/irq.h: New function qemu_irq_is_connected()
hw/intc/armv7m_nvic: Provide default "reset the system" behaviour for SYSRESETREQ
msf2-soc, stellaris: Don't wire up SYSRESETREQ
hw/arm/nrf51_soc: Set system_clock_scale
hw/timer/imx_epit: Avoid assertion when CR.SWR is written
Richard Henderson (1):
target/arm: Fix AddPAC error indication
include/hw/arm/armv7m.h | 4 +++-
include/hw/irq.h | 18 ++++++++++++++++++
hw/arm/msf2-soc.c | 11 -----------
hw/arm/netduino2.c | 10 ++++++++++
hw/arm/netduinoplus2.c | 10 ++++++++++
hw/arm/nrf51_soc.c | 5 +++++
hw/arm/stellaris.c | 12 ------------
hw/intc/armv7m_nvic.c | 17 ++++++++++++++++-
hw/timer/imx_epit.c | 13 ++++++++++---
target/arm/pauth_helper.c | 6 +++++-
target/arm/translate-a64.c | 2 +-
tests/tcg/aarch64/pauth-5.c | 33 +++++++++++++++++++++++++++++++++
tests/tcg/aarch64/Makefile.target | 2 +-
13 files changed, 112 insertions(+), 31 deletions(-)
create mode 100644 tests/tcg/aarch64/pauth-5.c
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2023-11-21 15:15 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-21 13:20 [PULL 0/8] target-arm queue Peter Maydell
2023-03-21 13:20 ` [PULL 1/8] target/arm: Add Neoverse-N1 registers Peter Maydell
2023-03-21 13:20 ` [PULL 2/8] hw/char/cadence_uart: Fix guards on invalid BRGR/BDIV settings Peter Maydell
2023-03-21 13:20 ` [PULL 3/8] contrib/elf2dmp: fix code style Peter Maydell
2023-03-21 13:20 ` [PULL 4/8] contrib/elf2dmp: move PE dir search to pe_get_data_dir_entry Peter Maydell
2023-03-21 13:20 ` [PULL 5/8] contrib/elf2dmp: add PE name check and Windows Server 2022 support Peter Maydell
2023-03-21 13:20 ` [PULL 6/8] hw/usb/imx: Fix out of bounds access in imx_usbphy_read() Peter Maydell
2023-03-21 13:20 ` [PULL 7/8] docs/system/arm/cpu-features.rst: Fix formatting Peter Maydell
2023-03-21 13:20 ` [PULL 8/8] target/arm: Don't advertise aarch64-pauth.xml to gdb Peter Maydell
2023-03-21 17:14 ` [PULL 0/8] target-arm queue Peter Maydell
-- strict thread matches above, loose matches on Subject: below --
2023-11-21 10:24 Peter Maydell
2023-11-21 15:14 ` Stefan Hajnoczi
2020-08-03 19:33 Peter Maydell
2020-08-03 21:12 ` Peter Maydell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.