| 1 | target-arm queue. This has the "plumb txattrs through various | 1 | This bug seemed worth fixing for 8.0 since we need an rc4 anyway: |
|---|---|---|---|
| 2 | bits of exec.c" patches, and a collection of bug fixes from | 2 | we were using uninitialized data for the guarded bit when |
| 3 | various people. | 3 | combining stage 1 and stage 2 attrs. |
| 4 | |||
| 5 | v2: fix compile error on arm hosts... | ||
| 6 | 4 | ||
| 7 | thanks | 5 | thanks |
| 8 | -- PMM | 6 | -- PMM |
| 9 | 7 | ||
| 8 | The following changes since commit 08dede07030973c1053868bc64de7e10bfa02ad6: | ||
| 10 | 9 | ||
| 11 | The following changes since commit a3ac12fba028df90f7b3dbec924995c126c41022: | 10 | Merge tag 'pull-ppc-20230409' of https://github.com/legoater/qemu into staging (2023-04-10 11:47:52 +0100) |
| 12 | |||
| 13 | Merge remote-tracking branch 'remotes/ehabkost/tags/numa-next-pull-request' into staging (2018-05-31 11:12:36 +0100) | ||
| 14 | 11 | ||
| 15 | are available in the Git repository at: | 12 | are available in the Git repository at: |
| 16 | 13 | ||
| 17 | git://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20180531-1 | 14 | https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20230410 |
| 18 | 15 | ||
| 19 | for you to fetch changes up to 2f15b79280cf71b7991dfd3f0312a1797630e376: | 16 | for you to fetch changes up to 8539dc00552e8ea60420856fc1262c8299bc6308: |
| 20 | 17 | ||
| 21 | KVM: GIC: Fix memory leak due to calling kvm_init_irq_routing twice (2018-05-31 16:32:35 +0100) | 18 | target/arm: Copy guarded bit in combine_cacheattrs (2023-04-10 14:31:40 +0100) |
| 22 | 19 | ||
| 23 | ---------------------------------------------------------------- | 20 | ---------------------------------------------------------------- |
| 24 | target-arm queue: | 21 | target-arm: Fix bug where we weren't initializing |
| 25 | * target/arm: Honour FPCR.FZ in FRECPX | 22 | guarded bit state when combining S1/S2 attrs |
| 26 | * MAINTAINERS: Add entries for newer MPS2 boards and devices | ||
| 27 | * hw/intc/arm_gicv3: Fix APxR<n> register dispatching | ||
| 28 | * arm_gicv3_kvm: fix bug in writing zero bits back to the in-kernel | ||
| 29 | GIC state | ||
| 30 | * tcg: Fix helper function vs host abi for float16 | ||
| 31 | * arm: fix qemu crash on startup with -bios option | ||
| 32 | * arm: fix malloc type mismatch | ||
| 33 | * xlnx-zdma: Correct mem leaks and memset to zero on desc unaligned errors | ||
| 34 | * Correct CPACR reset value for v7 cores | ||
| 35 | * memory.h: Improve IOMMU related documentation | ||
| 36 | * exec: Plumb transaction attributes through various functions in | ||
| 37 | preparation for allowing IOMMUs to see them | ||
| 38 | * vmstate.h: Provide VMSTATE_BOOL_SUB_ARRAY | ||
| 39 | * ARM: ACPI: Fix use-after-free due to memory realloc | ||
| 40 | * KVM: GIC: Fix memory leak due to calling kvm_init_irq_routing twice | ||
| 41 | 23 | ||
| 42 | ---------------------------------------------------------------- | 24 | ---------------------------------------------------------------- |
| 43 | Francisco Iglesias (1): | 25 | Richard Henderson (2): |
| 44 | xlnx-zdma: Correct mem leaks and memset to zero on desc unaligned errors | 26 | target/arm: PTE bit GP only applies to stage1 |
| 27 | target/arm: Copy guarded bit in combine_cacheattrs | ||
| 45 | 28 | ||
| 46 | Igor Mammedov (1): | 29 | target/arm/ptw.c | 11 ++++++----- |
| 47 | arm: fix qemu crash on startup with -bios option | 30 | 1 file changed, 6 insertions(+), 5 deletions(-) |
| 48 | |||
| 49 | Jan Kiszka (1): | ||
| 50 | hw/intc/arm_gicv3: Fix APxR<n> register dispatching | ||
| 51 | |||
| 52 | Paolo Bonzini (1): | ||
| 53 | arm: fix malloc type mismatch | ||
| 54 | |||
| 55 | Peter Maydell (17): | ||
| 56 | target/arm: Honour FPCR.FZ in FRECPX | ||
| 57 | MAINTAINERS: Add entries for newer MPS2 boards and devices | ||
| 58 | Correct CPACR reset value for v7 cores | ||
| 59 | memory.h: Improve IOMMU related documentation | ||
| 60 | Make tb_invalidate_phys_addr() take a MemTxAttrs argument | ||
| 61 | Make address_space_translate{, _cached}() take a MemTxAttrs argument | ||
| 62 | Make address_space_map() take a MemTxAttrs argument | ||
| 63 | Make address_space_access_valid() take a MemTxAttrs argument | ||
| 64 | Make flatview_extend_translation() take a MemTxAttrs argument | ||
| 65 | Make memory_region_access_valid() take a MemTxAttrs argument | ||
| 66 | Make MemoryRegion valid.accepts callback take a MemTxAttrs argument | ||
| 67 | Make flatview_access_valid() take a MemTxAttrs argument | ||
| 68 | Make flatview_translate() take a MemTxAttrs argument | ||
| 69 | Make address_space_get_iotlb_entry() take a MemTxAttrs argument | ||
| 70 | Make flatview_do_translate() take a MemTxAttrs argument | ||
| 71 | Make address_space_translate_iommu take a MemTxAttrs argument | ||
| 72 | vmstate.h: Provide VMSTATE_BOOL_SUB_ARRAY | ||
| 73 | |||
| 74 | Richard Henderson (1): | ||
| 75 | tcg: Fix helper function vs host abi for float16 | ||
| 76 | |||
| 77 | Shannon Zhao (3): | ||
| 78 | arm_gicv3_kvm: increase clroffset accordingly | ||
| 79 | ARM: ACPI: Fix use-after-free due to memory realloc | ||
| 80 | KVM: GIC: Fix memory leak due to calling kvm_init_irq_routing twice | ||
| 81 | |||
| 82 | include/exec/exec-all.h | 5 +- | ||
| 83 | include/exec/helper-head.h | 2 +- | ||
| 84 | include/exec/memory-internal.h | 3 +- | ||
| 85 | include/exec/memory.h | 128 +++++++++++++++++++++++++++++++++++------ | ||
| 86 | include/migration/vmstate.h | 3 + | ||
| 87 | include/sysemu/dma.h | 6 +- | ||
| 88 | accel/tcg/translate-all.c | 4 +- | ||
| 89 | exec.c | 95 ++++++++++++++++++------------ | ||
| 90 | hw/arm/boot.c | 18 +++--- | ||
| 91 | hw/arm/virt-acpi-build.c | 20 +++++-- | ||
| 92 | hw/dma/xlnx-zdma.c | 10 +++- | ||
| 93 | hw/hppa/dino.c | 3 +- | ||
| 94 | hw/intc/arm_gic_kvm.c | 1 - | ||
| 95 | hw/intc/arm_gicv3_cpuif.c | 12 ++-- | ||
| 96 | hw/intc/arm_gicv3_kvm.c | 2 +- | ||
| 97 | hw/nvram/fw_cfg.c | 12 ++-- | ||
| 98 | hw/s390x/s390-pci-inst.c | 3 +- | ||
| 99 | hw/scsi/esp.c | 3 +- | ||
| 100 | hw/vfio/common.c | 3 +- | ||
| 101 | hw/virtio/vhost.c | 3 +- | ||
| 102 | hw/xen/xen_pt_msi.c | 3 +- | ||
| 103 | memory.c | 12 ++-- | ||
| 104 | memory_ldst.inc.c | 18 +++--- | ||
| 105 | target/arm/gdbstub.c | 3 +- | ||
| 106 | target/arm/helper-a64.c | 41 +++++++------ | ||
| 107 | target/arm/helper.c | 90 ++++++++++++++++------------- | ||
| 108 | target/arm/kvm.c | 3 +- | ||
| 109 | target/ppc/mmu-hash64.c | 3 +- | ||
| 110 | target/riscv/helper.c | 2 +- | ||
| 111 | target/s390x/diag.c | 6 +- | ||
| 112 | target/s390x/excp_helper.c | 3 +- | ||
| 113 | target/s390x/mmu_helper.c | 3 +- | ||
| 114 | target/s390x/sigp.c | 3 +- | ||
| 115 | target/xtensa/op_helper.c | 3 +- | ||
| 116 | MAINTAINERS | 9 ++- | ||
| 117 | 35 files changed, 355 insertions(+), 183 deletions(-) | ||
| 118 | diff view generated by jsdifflib |
New patch | |||
|---|---|---|---|
| 1 | From: Richard Henderson <richard.henderson@linaro.org> | ||
| 1 | 2 | ||
| 3 | Only perform the extract of GP during the stage1 walk. | ||
| 4 | |||
| 5 | Reported-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 6 | Signed-off-by: Richard Henderson <richard.henderson@linaro.org> | ||
| 7 | Reviewed-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 8 | Message-id: 20230407185149.3253946-2-richard.henderson@linaro.org | ||
| 9 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 10 | --- | ||
| 11 | target/arm/ptw.c | 10 +++++----- | ||
| 12 | 1 file changed, 5 insertions(+), 5 deletions(-) | ||
| 13 | |||
| 14 | diff --git a/target/arm/ptw.c b/target/arm/ptw.c | ||
| 15 | index XXXXXXX..XXXXXXX 100644 | ||
| 16 | --- a/target/arm/ptw.c | ||
| 17 | +++ b/target/arm/ptw.c | ||
| 18 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, | ||
| 19 | result->f.attrs.secure = false; | ||
| 20 | } | ||
| 21 | |||
| 22 | - /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */ | ||
| 23 | - if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) { | ||
| 24 | - result->f.guarded = extract64(attrs, 50, 1); /* GP */ | ||
| 25 | - } | ||
| 26 | - | ||
| 27 | if (regime_is_stage2(mmu_idx)) { | ||
| 28 | result->cacheattrs.is_s2_format = true; | ||
| 29 | result->cacheattrs.attrs = extract32(attrs, 2, 4); | ||
| 30 | @@ -XXX,XX +XXX,XX @@ static bool get_phys_addr_lpae(CPUARMState *env, S1Translate *ptw, | ||
| 31 | assert(attrindx <= 7); | ||
| 32 | result->cacheattrs.is_s2_format = false; | ||
| 33 | result->cacheattrs.attrs = extract64(mair, attrindx * 8, 8); | ||
| 34 | + | ||
| 35 | + /* When in aarch64 mode, and BTI is enabled, remember GP in the TLB. */ | ||
| 36 | + if (aarch64 && cpu_isar_feature(aa64_bti, cpu)) { | ||
| 37 | + result->f.guarded = extract64(attrs, 50, 1); /* GP */ | ||
| 38 | + } | ||
| 39 | } | ||
| 40 | |||
| 41 | /* | ||
| 42 | -- | ||
| 43 | 2.34.1 | diff view generated by jsdifflib |
New patch | |||
|---|---|---|---|
| 1 | From: Richard Henderson <richard.henderson@linaro.org> | ||
| 1 | 2 | ||
| 3 | The guarded bit comes from the stage1 walk. | ||
| 4 | |||
| 5 | Fixes: Coverity CID 1507929 | ||
| 6 | Signed-off-by: Richard Henderson <richard.henderson@linaro.org> | ||
| 7 | Reviewed-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 8 | Message-id: 20230407185149.3253946-3-richard.henderson@linaro.org | ||
| 9 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | ||
| 10 | --- | ||
| 11 | target/arm/ptw.c | 1 + | ||
| 12 | 1 file changed, 1 insertion(+) | ||
| 13 | |||
| 14 | diff --git a/target/arm/ptw.c b/target/arm/ptw.c | ||
| 15 | index XXXXXXX..XXXXXXX 100644 | ||
| 16 | --- a/target/arm/ptw.c | ||
| 17 | +++ b/target/arm/ptw.c | ||
| 18 | @@ -XXX,XX +XXX,XX @@ static ARMCacheAttrs combine_cacheattrs(uint64_t hcr, | ||
| 19 | |||
| 20 | assert(!s1.is_s2_format); | ||
| 21 | ret.is_s2_format = false; | ||
| 22 | + ret.guarded = s1.guarded; | ||
| 23 | |||
| 24 | if (s1.attrs == 0xf0) { | ||
| 25 | tagged = true; | ||
| 26 | -- | ||
| 27 | 2.34.1 | diff view generated by jsdifflib |