[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 5646bc: hw/display/artist: Move trace event t
From: |
Peter Maydell |
Subject: |
[Qemu-commits] [qemu/qemu] 5646bc: hw/display/artist: Move trace event to draw_line() |
Date: |
Thu, 20 Feb 2020 09:00:13 -0800 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 5646bca36efe97a072550b783f62c7a164fe6ceb
https://github.com/qemu/qemu/commit/5646bca36efe97a072550b783f62c7a164fe6ceb
Author: Philippe Mathieu-Daudé <address@hidden>
Date: 2020-02-18 (Tue, 18 Feb 2020)
Changed paths:
M hw/display/artist.c
Log Message:
-----------
hw/display/artist: Move trace event to draw_line()
Instead of emitting the trace event before each call to
draw_line(), call it once at draw_line() entrance.
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Acked-by: Sven Schnelle <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Commit: 6c69f9c48e29376f16965f6e8ea9e1d01f368950
https://github.com/qemu/qemu/commit/6c69f9c48e29376f16965f6e8ea9e1d01f368950
Author: Philippe Mathieu-Daudé <address@hidden>
Date: 2020-02-18 (Tue, 18 Feb 2020)
Changed paths:
M hw/display/artist.c
Log Message:
-----------
hw/display/artist: Remove pointless initialization
We are initializating incy inconditionally:
if (y1 <= y2) {
incy = 1;
} else {
incy = -1;
}
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Acked-by: Sven Schnelle <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Commit: 0814343ce294b4dff780f6e8b6baa1acb1dc7ef8
https://github.com/qemu/qemu/commit/0814343ce294b4dff780f6e8b6baa1acb1dc7ef8
Author: Philippe Mathieu-Daudé <address@hidden>
Date: 2020-02-18 (Tue, 18 Feb 2020)
Changed paths:
M hw/display/artist.c
Log Message:
-----------
hw/display/artist: Delay some variables initialization
We want to have an early exit path. Delay some initializations
before the variables are used.
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Acked-by: Sven Schnelle <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Commit: b0f6455feac97e41045ee394e11c24d92c370f6e
https://github.com/qemu/qemu/commit/b0f6455feac97e41045ee394e11c24d92c370f6e
Author: Philippe Mathieu-Daudé <address@hidden>
Date: 2020-02-18 (Tue, 18 Feb 2020)
Changed paths:
M hw/display/artist.c
Log Message:
-----------
hw/display/artist: Avoid drawing line when nothing to display
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Commit: eb9b2ee8f68e1cb1f6b7cb6dee0c86492fae2f30
https://github.com/qemu/qemu/commit/eb9b2ee8f68e1cb1f6b7cb6dee0c86492fae2f30
Author: Philippe Mathieu-Daudé <address@hidden>
Date: 2020-02-18 (Tue, 18 Feb 2020)
Changed paths:
M hw/display/artist.c
Log Message:
-----------
hw/display/artist: Remove dead code (CID 1419388 & 1419389)
Coverity reports:
*** CID 1419388: Control flow issues (DEADCODE)
/hw/display/artist.c: 739 in draw_line_xy()
733 if (endy < 0) {
734 endy = 0;
735 }
736
737
738 if (endx < 0) {
>>> CID 1419388: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return;".
739 return;
740 }
741
742 if (endy < 0) {
743 return;
744 }
*** CID 1419389: Control flow issues (DEADCODE)
/hw/display/artist.c: 743 in draw_line_xy()
737
738 if (endx < 0) {
739 return;
740 }
741
742 if (endy < 0) {
>>> CID 1419389: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return;".
743 return;
744 }
745
746 trace_artist_draw_line(startx, starty, endx, endy);
747 draw_line(s, startx, starty, endx, endy, false, -1, -1);
748 }
Fixes: Covertiy CID 1419388 and 1419389 (commit 4765384ce33)
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Acked-by: Sven Schnelle <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Commit: 422a26489e6b7371ad7ef615252340f7b4992933
https://github.com/qemu/qemu/commit/422a26489e6b7371ad7ef615252340f7b4992933
Author: Philippe Mathieu-Daudé <address@hidden>
Date: 2020-02-18 (Tue, 18 Feb 2020)
Changed paths:
M hw/hppa/dino.c
Log Message:
-----------
hw/hppa/dino: Add comments with register name
Add a comment with the name of each register in the 0x800-0x8ff range.
Acked-by: Helge Deller <address@hidden>
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Commit: 6e4ed42397ff24521c1e6fb810d66fc40b190f4f
https://github.com/qemu/qemu/commit/6e4ed42397ff24521c1e6fb810d66fc40b190f4f
Author: Philippe Mathieu-Daudé <address@hidden>
Date: 2020-02-18 (Tue, 18 Feb 2020)
Changed paths:
M hw/hppa/dino.c
Log Message:
-----------
hw/hppa/dino: Fix reg800_keep_bits overrun (CID 1419387 1419393 1419394)
Coverity reports:
*** CID 1419387: Memory - illegal accesses (OVERRUN)
/hw/hppa/dino.c: 267 in dino_chip_read_with_attrs()
261 val = s->ilr & s->imr & s->icr;
262 break;
263 case DINO_TOC_ADDR:
264 val = s->toc_addr;
265 break;
266 case DINO_GMASK ... DINO_TLTIM:
>>> CID 1419387: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "s->reg800" of 12 4-byte elements at element index
12 (byte offset 48) using index "(addr - 2048UL) / 4UL" (which evaluates to 12).
267 val = s->reg800[(addr - DINO_GMASK) / 4];
268 if (addr == DINO_PAMR) {
269 val &= ~0x01; /* LSB is hardwired to 0 */
270 }
271 if (addr == DINO_MLTIM) {
272 val &= ~0x07; /* 3 LSB are hardwired to 0 */
*** CID 1419393: Memory - corruptions (OVERRUN)
/hw/hppa/dino.c: 363 in dino_chip_write_with_attrs()
357 /* These registers are read-only. */
358 break;
359
360 case DINO_GMASK ... DINO_TLTIM:
361 i = (addr - DINO_GMASK) / 4;
362 val &= reg800_keep_bits[i];
>>> CID 1419393: Memory - corruptions (OVERRUN)
>>> Overrunning array "s->reg800" of 12 4-byte elements at element index
12 (byte offset 48) using index "i" (which evaluates to 12).
363 s->reg800[i] = val;
364 break;
365
366 default:
367 /* Controlled by dino_chip_mem_valid above. */
368 g_assert_not_reached();
*** CID 1419394: Memory - illegal accesses (OVERRUN)
/hw/hppa/dino.c: 362 in dino_chip_write_with_attrs()
356 case DINO_IRR1:
357 /* These registers are read-only. */
358 break;
359
360 case DINO_GMASK ... DINO_TLTIM:
361 i = (addr - DINO_GMASK) / 4;
>>> CID 1419394: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "reg800_keep_bits" of 12 4-byte elements at element
index 12 (byte offset 48) using index "i" (which evaluates to 12).
362 val &= reg800_keep_bits[i];
363 s->reg800[i] = val;
364 break;
365
366 default:
367 /* Controlled by dino_chip_mem_valid above. */
Indeed the array should contain 13 entries, the undocumented
register 0x82c is missing. Fix by increasing the array size
and adding the missing register.
CID 1419387 can be verified with:
$ echo x 0xfff80830 | hppa-softmmu/qemu-system-hppa -S -monitor stdio
-display none
QEMU 4.2.50 monitor - type 'help' for more information
(qemu) x 0xfff80830
qemu/hw/hppa/dino.c:267:15: runtime error: index 12 out of bounds for type
'uint32_t [12]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
/home/phil/source/qemu/hw/hppa/dino.c:267:15 in
00000000fff80830: 0x00000000
and CID 1419393/1419394 with:
$ echo writeb 0xfff80830 0x69 \
| hppa-softmmu/qemu-system-hppa -S -accel qtest -qtest stdio -display none
[I 1581634452.654113] OPENED
[R +4.105415] writeb 0xfff80830 0x69
qemu/hw/hppa/dino.c:362:16: runtime error: index 12 out of bounds for type
'const uint32_t [12]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
qemu/hw/hppa/dino.c:362:16 in
=================================================================
==29607==ERROR: AddressSanitizer: global-buffer-overflow on address
0x5577dae32f30 at pc 0x5577d93f2463 bp 0x7ffd97ea11b0 sp 0x7ffd97ea11a8
READ of size 4 at 0x5577dae32f30 thread T0
#0 0x5577d93f2462 in dino_chip_write_with_attrs qemu/hw/hppa/dino.c:362:16
#1 0x5577d9025664 in memory_region_write_with_attrs_accessor
qemu/memory.c:503:12
#2 0x5577d9024920 in access_with_adjusted_size qemu/memory.c:539:18
#3 0x5577d9023608 in memory_region_dispatch_write qemu/memory.c:1482:13
#4 0x5577d8e3177a in flatview_write_continue qemu/exec.c:3166:23
#5 0x5577d8e20357 in flatview_write qemu/exec.c:3206:14
#6 0x5577d8e1fef4 in address_space_write qemu/exec.c:3296:18
#7 0x5577d8e20693 in address_space_rw qemu/exec.c:3306:16
#8 0x5577d9011595 in qtest_process_command qemu/qtest.c:432:13
#9 0x5577d900d19f in qtest_process_inbuf qemu/qtest.c:705:9
#10 0x5577d900ca22 in qtest_read qemu/qtest.c:717:5
#11 0x5577da8c4254 in qemu_chr_be_write_impl qemu/chardev/char.c:183:9
#12 0x5577da8c430c in qemu_chr_be_write qemu/chardev/char.c:195:9
#13 0x5577da8cf587 in fd_chr_read qemu/chardev/char-fd.c:68:9
#14 0x5577da9836cd in qio_channel_fd_source_dispatch
qemu/io/channel-watch.c:84:12
#15 0x7faf44509ecc in g_main_context_dispatch
(/lib64/libglib-2.0.so.0+0x4fecc)
#16 0x5577dab75f96 in glib_pollfds_poll qemu/util/main-loop.c:219:9
#17 0x5577dab74797 in os_host_main_loop_wait qemu/util/main-loop.c:242:5
#18 0x5577dab7435a in main_loop_wait qemu/util/main-loop.c:518:11
#19 0x5577d9514eb3 in main_loop qemu/vl.c:1682:9
#20 0x5577d950699d in main qemu/vl.c:4450:5
#21 0x7faf41a87f42 in __libc_start_main (/lib64/libc.so.6+0x23f42)
#22 0x5577d8cd4d4d in _start
(qemu/build/sanitizer/hppa-softmmu/qemu-system-hppa+0x1256d4d)
0x5577dae32f30 is located 0 bytes to the right of global variable
'reg800_keep_bits' defined in 'qemu/hw/hppa/dino.c:87:23' (0x5577dae32f00) of
size 48
SUMMARY: AddressSanitizer: global-buffer-overflow qemu/hw/hppa/dino.c:362:16
in dino_chip_write_with_attrs
Shadow bytes around the buggy address:
0x0aaf7b5be590: 00 f9 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9
0x0aaf7b5be5a0: 07 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9
0x0aaf7b5be5b0: 07 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0aaf7b5be5c0: 00 00 00 02 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0aaf7b5be5d0: 00 00 00 00 00 00 00 00 00 00 00 03 f9 f9 f9 f9
=>0x0aaf7b5be5e0: 00 00 00 00 00 00[f9]f9 f9 f9 f9 f9 00 00 00 00
0x0aaf7b5be5f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0aaf7b5be600: 00 00 01 f9 f9 f9 f9 f9 00 00 00 00 07 f9 f9 f9
0x0aaf7b5be610: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x0aaf7b5be620: 00 00 00 05 f9 f9 f9 f9 00 00 00 00 07 f9 f9 f9
0x0aaf7b5be630: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 07 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==29607==ABORTING
Fixes: Covertiy CID 1419387 / 1419393 / 1419394 (commit 18092598a5)
Acked-by: Helge Deller <address@hidden>
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Commit: c9cbfebfd08acb34ec2a22b9b971fcca856d44e9
https://github.com/qemu/qemu/commit/c9cbfebfd08acb34ec2a22b9b971fcca856d44e9
Author: Philippe Mathieu-Daudé <address@hidden>
Date: 2020-02-18 (Tue, 18 Feb 2020)
Changed paths:
M hw/hppa/dino.c
Log Message:
-----------
hw/hppa/dino: Fix bitmask for the PCIROR register
Only 24 bits of the PCIROR register are documented
(see pp. 37 of datasheet referenced in this file header).
Acked-by: Helge Deller <address@hidden>
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Commit: 90e94c0591687f7f788fc40ac86b5583f30d9513
https://github.com/qemu/qemu/commit/90e94c0591687f7f788fc40ac86b5583f30d9513
Author: Philippe Mathieu-Daudé <address@hidden>
Date: 2020-02-18 (Tue, 18 Feb 2020)
Changed paths:
M hw/hppa/dino.c
Log Message:
-----------
hw/hppa/dino: Do not accept accesses to registers 0x818 and 0x82c
Register 0x818 is documented as 'undefined', and register
0x82c is not documented. Refuse their access.
Acked-by: Helge Deller <address@hidden>
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
Commit: 8cd7325f034e119012dcdf56808a73d0884c706e
https://github.com/qemu/qemu/commit/8cd7325f034e119012dcdf56808a73d0884c706e
Author: Peter Maydell <address@hidden>
Date: 2020-02-20 (Thu, 20 Feb 2020)
Changed paths:
M hw/display/artist.c
M hw/hppa/dino.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/rth/tags/pull-pa-20200218' into staging
Fixes for Dino and Artist.
# gpg: Signature made Tue 18 Feb 2020 19:35:09 GMT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "address@hidden"
# gpg: Good signature from "Richard Henderson <address@hidden>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* remotes/rth/tags/pull-pa-20200218:
hw/hppa/dino: Do not accept accesses to registers 0x818 and 0x82c
hw/hppa/dino: Fix bitmask for the PCIROR register
hw/hppa/dino: Fix reg800_keep_bits overrun (CID 1419387 1419393 1419394)
hw/hppa/dino: Add comments with register name
hw/display/artist: Remove dead code (CID 1419388 & 1419389)
hw/display/artist: Avoid drawing line when nothing to display
hw/display/artist: Delay some variables initialization
hw/display/artist: Remove pointless initialization
hw/display/artist: Move trace event to draw_line()
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/672f9d0df10a...8cd7325f034e
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 5646bc: hw/display/artist: Move trace event to draw_line(),
Peter Maydell <=