From nobody Sat Nov 15 23:37:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=git.sr.ht Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 174491163599259.631400081521406; Thu, 17 Apr 2025 10:40:35 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1u5TDs-0002uo-46; Thu, 17 Apr 2025 13:40:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u5T8K-00052y-Uv for qemu-devel@nongnu.org; Thu, 17 Apr 2025 13:34:41 -0400 Received: from mail-a.sr.ht ([46.23.81.152]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u5T8G-0001oL-Tt for qemu-devel@nongnu.org; Thu, 17 Apr 2025 13:34:40 -0400 Received: from git.sr.ht (unknown [46.23.81.155]) by mail-a.sr.ht (Postfix) with ESMTPSA id 701582121C; Thu, 17 Apr 2025 17:34:30 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=0opaJak5v69z9RyU5DA2C8fIfqJ/w0ElDx889KwlBIk=; c=simple/simple; d=git.sr.ht; h=From:Date:Subject:Reply-to:In-Reply-To:To:Cc; q=dns/txt; s=20240113; t=1744911270; v=1; b=cKBdr9fbinHodmd6y5E58P2D/XtSeiz/CszKDpTcEG1CmjtJVD8XFzqKogpYI7IT3cbzF0UN ULr5aJRJi8OEYvXizKxXhLyy0txB6+6J4EFNcFYwLQa46Za6sRIRsvGpCE6z4y+dlmah1nDrXfJ /2K5lZ+5i2xGAUp+r5uxygQv/6CC4hG9OZl+6bIQUJI8jla6J2fdWNQjviE/STGvhxoVVvUPiSh TdkeJsX1I3sxTRv4i5MTDbUQjIGV7xahhwCP4BdpoI6z4ve3X72YUBEM+gZTjx5VVHD5MIJsoC7 yz7ZrEgYxczGWRsrekED0xScth5ffqHTOp8hsPGrEp/Ng== From: ~percival_foss Date: Wed, 16 Apr 2025 14:29:18 -0400 Subject: [PATCH qemu 1/2] Fix: TCG cross-page overflow for 32 bit guest Message-ID: <174491127002.20547.8069526486864738611-1@git.sr.ht> X-Mailer: git.sr.ht In-Reply-To: <174491127002.20547.8069526486864738611-0@git.sr.ht> To: qemu-devel Cc: Richard Henderson , Paolo Bonzini Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=46.23.81.152; envelope-from=outgoing@sr.ht; helo=mail-a.sr.ht X-Spam_score_int: -5 X-Spam_score: -0.6 X-Spam_bar: / X-Spam_report: (-0.6 / 5.0 requ) BAYES_00=-1.9, DATE_IN_PAST_12_24=1.049, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Thu, 17 Apr 2025 13:39:22 -0400 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ~percival_foss Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1744911637030019000 From: foss@percivaleng.com --- accel/tcg/cputlb.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c index fb22048876..457b3f8ec7 100644 --- a/accel/tcg/cputlb.c +++ b/accel/tcg/cputlb.c @@ -1767,6 +1767,13 @@ static bool mmu_lookup(CPUState *cpu, vaddr addr, Me= mOpIdx oi, l->page[1].size =3D l->page[0].size - size0; l->page[0].size =3D size0; =20 + /* check for wrapping address space on page crossing if target is = 32 bit */ + #if TARGET_LONG_BITS =3D=3D 32 + if (l->page[1].addr >=3D (1UL << TARGET_LONG_BITS)) { + l->page[1].addr %=3D (1UL << TARGET_LONG_BITS); + } + # endif + /* * Lookup both pages, recognizing exceptions from either. If the * second lookup potentially resized, refresh first CPUTLBEntryFul= l. --=20 2.45.3 From nobody Sat Nov 15 23:37:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=git.sr.ht Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1744911620498813.8801616803903; Thu, 17 Apr 2025 10:40:20 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1u5TDE-0002We-CG; Thu, 17 Apr 2025 13:39:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u5T8J-00052D-NQ for qemu-devel@nongnu.org; Thu, 17 Apr 2025 13:34:40 -0400 Received: from mail-a.sr.ht ([46.23.81.152]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u5T8G-0001oM-SM for qemu-devel@nongnu.org; Thu, 17 Apr 2025 13:34:39 -0400 Received: from git.sr.ht (unknown [46.23.81.155]) by mail-a.sr.ht (Postfix) with ESMTPSA id 88CE62121F; Thu, 17 Apr 2025 17:34:30 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=fpS5hvuprs6AKLIPdLybYQh+eDUT6/HtuHF3AIBEoH8=; c=simple/simple; d=git.sr.ht; h=From:Date:Subject:Reply-to:In-Reply-To:To:Cc; q=dns/txt; s=20240113; t=1744911270; v=1; b=VK3SRtTMmd5ApJXhJNusJAx9PZE4YmkQ6hnZlQwVFkuIHU1rj/u7Fm2PIg/p5QVPYXfWh5YM 5xiigY8dDbfPOqxl5ZyI1IRTXNDYEXxAgdY/7i/8Re/F7t/UQyf1sghzq5xGFocyNniUEDoMfHU CTLaXKIx1RUAW0JUGUd83y7BsAdtRX9gqwky7dZqp/laG4tK8AbyabFZGHromLnGOC77rA+B3Nz UXweSYcvuNWvB/G5sYDzPckxwpRWfwfiNp+YiXHGsf8ierMWWH5W00PO9Hds8skIDdmD9KWOKAs mCQ0etgQ+HZc0mZUMPae+MpI9a7vr0tlSOIY/STikxnrA== From: ~percival_foss Date: Wed, 16 Apr 2025 15:22:29 -0400 Subject: [PATCH qemu 2/2] Added TCG cross-page overflow test MIME-Version: 1.0 Message-ID: <174491127002.20547.8069526486864738611-2@git.sr.ht> X-Mailer: git.sr.ht In-Reply-To: <174491127002.20547.8069526486864738611-0@git.sr.ht> To: qemu-devel Cc: Richard Henderson , Paolo Bonzini Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=46.23.81.152; envelope-from=outgoing@sr.ht; helo=mail-a.sr.ht X-Spam_score_int: -4 X-Spam_score: -0.5 X-Spam_bar: / X-Spam_report: (-0.5 / 5.0 requ) BAYES_00=-1.9, DATE_IN_PAST_12_24=1.049, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_SBL_A=0.1 autolearn=no autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Thu, 17 Apr 2025 13:39:10 -0400 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ~percival_foss Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1744911625075019100 From: foss@percivaleng.com --- tests/functional/meson.build | 1 + tests/functional/test_ppc_pegasos2.py | 69 +++++++++++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100755 tests/functional/test_ppc_pegasos2.py diff --git a/tests/functional/meson.build b/tests/functional/meson.build index 0f8be30fe2..6641b878c3 100644 --- a/tests/functional/meson.build +++ b/tests/functional/meson.build @@ -213,6 +213,7 @@ tests_ppc_system_thorough =3D [ 'ppc_bamboo', 'ppc_mac', 'ppc_mpc8544ds', + 'ppc_pegasos2', 'ppc_replay', 'ppc_sam460ex', 'ppc_tuxrun', diff --git a/tests/functional/test_ppc_pegasos2.py b/tests/functional/test_= ppc_pegasos2.py new file mode 100755 index 0000000000..ef76745068 --- /dev/null +++ b/tests/functional/test_ppc_pegasos2.py @@ -0,0 +1,69 @@ +#!/usr/bin/env python3 +# +# Test AmigaNG boards +# +# Copyright (c) 2023 BALATON Zoltan +# +# This work is licensed under the terms of the GNU GPL, version 2 or +# later. See the COPYING file in the top-level directory. + +import subprocess + +from qemu_test import QemuSystemTest, Asset +from qemu_test import wait_for_console_pattern +from zipfile import ZipFile + +class Pegasos2Machine(QemuSystemTest): + + timeout =3D 90 + + ASSET_IMAGE =3D Asset( + ('https://web.archive.org/web/20071021223056if_/http://www.bplan-g= mbh.de/up050404/up050404'), + '0b4ff042b293033e094b47ac7051824fc45f83adb340d455a17db1674b0150b0c= 60ffc624ac766f5369cd79f0447214d468baa182c1f18c5e04cd23a50f0b9a2') + + def test_ppc_pegasos2(self): + self.require_accelerator("tcg") + self.set_machine('pegasos2') + file_path =3D self.ASSET_IMAGE.fetch() + bios_fh =3D open(self.workdir + "/pegasos2.rom", "wb") + subprocess.run(['tail', '-c','+85581', file_path], stdout=3Dbios_f= h) + bios_fh.close() + subprocess.run(['truncate', '-s', '524288', self.workdir + "/pegas= os2.rom"], ) + + self.vm.set_console() + self.vm.add_args('-bios', self.workdir + '/pegasos2.rom') + self.vm.launch() + wait_for_console_pattern(self, 'SmartFirmware:') + + def test_ppc_pegasos2_test_tcg_crosspage_overflow_bug(self): + self.require_accelerator("tcg") + self.set_machine('pegasos2') + file_path =3D self.ASSET_IMAGE.fetch() + bios_fh =3D open(self.workdir + "/pegasos2.rom", "wb") + subprocess.run(['tail', '-c','+85581', file_path], stdout=3Dbios_f= h) + bios_fh.close() + subprocess.run(['truncate', '-s', '524288', self.workdir + "/pegas= os2.rom"], ) + + with open(self.workdir + "/pegasos2.rom", "rb") as bios_fh: + bios_data =3D bios_fh.read() + =20 + # Patch the firmware image with the following instructions that wi= ll cause tcg to crash for 32-bit guests on 64-bit platforms: + # li r3, 0 + # li r4, -1 + # lwz r5, 0x0(r4) + # lwz r5, 0x0(r3) + + bios_data_new =3D bios_data[:0x6c10] + b'\x38\x60\x00\x00' + b'\x3= 8\x80\xff\xff' + b'\x80\xa4\x00\x00' + b'\x80\xa3\x00\x00' + bios_data[0x6c= 20:] + with open(self.workdir + "/pegasos2_new.rom", "wb") as bios_new_fh: + bios_new_fh.write(bios_data_new) + + self.vm.set_console() + self.vm.add_args('-bios', self.workdir + '/pegasos2_new.rom') + self.vm.launch() + wait_for_console_pattern(self, 'Releasing IDE reset') + + # set $pc =3D 0 and expect crash + + +if __name__ =3D=3D '__main__': + QemuSystemTest.main() --=20 2.45.3