From d2b638d86bc96057fbc3bb62af79c4a50695795e Mon Sep 17 00:00:00 2001 From: Heyi Guo Date: Mon, 9 Dec 2019 14:37:19 +0800 Subject: [PATCH 1/5] hw/arm/acpi: enable SHPC native hot plug After the introduction of generic PCIe root port and PCIe-PCI bridge, we will also have SHPC controller on ARM, so just enable SHPC native hot plug. Also update tests/data/acpi/virt/DSDT* to pass "make check". Cc: Shannon Zhao Cc: Peter Maydell Cc: "Michael S. Tsirkin" Cc: Igor Mammedov Reviewed-by: Michael S. Tsirkin Reviewed-by: Igor Mammedov Signed-off-by: Heyi Guo Message-id: 20191209063719.23086-3-guoheyi@huawei.com Signed-off-by: Peter Maydell --- hw/arm/virt-acpi-build.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c index 2cfac7b84f3..588e7f26804 100644 --- a/hw/arm/virt-acpi-build.c +++ b/hw/arm/virt-acpi-build.c @@ -347,7 +347,12 @@ static void acpi_dsdt_add_pci(Aml *scope, const MemMapEntry *memmap, aml_create_dword_field(aml_arg(3), aml_int(8), "CDW3")); aml_append(ifctx, aml_store(aml_name("CDW2"), aml_name("SUPP"))); aml_append(ifctx, aml_store(aml_name("CDW3"), aml_name("CTRL"))); - aml_append(ifctx, aml_store(aml_and(aml_name("CTRL"), aml_int(0x1D), NULL), + + /* + * Allow OS control for all 5 features: + * PCIeHotplug SHPCHotplug PME AER PCIeCapability. + */ + aml_append(ifctx, aml_store(aml_and(aml_name("CTRL"), aml_int(0x1F), NULL), aml_name("CTRL"))); ifctx1 = aml_if(aml_lnot(aml_equal(aml_arg(1), aml_int(0x1)))); -- Gitee From d99d965c232c649686b4d8bc42dc11dcaf90dc0b Mon Sep 17 00:00:00 2001 From: Prasad J Pandit Date: Fri, 18 Sep 2020 10:55:22 +0800 Subject: [PATCH 2/5] hw/sd/sdhci: Fix DMA Transfer Block Size field MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The 'Transfer Block Size' field is 12-bit wide. See section '2.2.2. Block Size Register (Offset 004h)' in datasheet. Cc: qemu-stable@nongnu.org Cc: Igor Mitsyanko Buglink: https://bugs.launchpad.net/qemu/+bug/1892960 Fixes: d7dfca0807a ("hw/sdhci: introduce standard SD host controller") Reported-by: Alexander Bulekov Signed-off-by: Philippe Mathieu-Daudé --- hw/sd/sdhci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c index 7b80b1d93f5..65a530aee41 100644 --- a/hw/sd/sdhci.c +++ b/hw/sd/sdhci.c @@ -1127,7 +1127,7 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) break; case SDHC_BLKSIZE: if (!TRANSFERRING_DATA(s->prnsts)) { - MASKED_WRITE(s->blksize, mask, value); + MASKED_WRITE(s->blksize, mask, extract32(value, 0, 12)); MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16); } -- Gitee From ff7545a6911bc7b9d818a541130f666a81077b44 Mon Sep 17 00:00:00 2001 From: Li Qiang Date: Fri, 18 Sep 2020 11:08:28 +0800 Subject: [PATCH 3/5] hw: xhci: check return value of 'usb_packet_map' Currently we don't check the return value of 'usb_packet_map', this will cause an UAF issue. This is LP#1891341. Following is the reproducer provided in: -->https://bugs.launchpad.net/qemu/+bug/1891341 cat << EOF | ./i386-softmmu/qemu-system-i386 -device nec-usb-xhci \ -trace usb\* -device usb-audio -device usb-storage,drive=mydrive \ -drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \ -nodefaults -nographic -qtest stdio outl 0xcf8 0x80001016 outl 0xcfc 0x3c009f0d outl 0xcf8 0x80001004 outl 0xcfc 0xc77695e writel 0x9f0d000000000040 0xffff3655 writeq 0x9f0d000000002000 0xff2f9e0000000000 write 0x1d 0x1 0x27 write 0x2d 0x1 0x2e write 0x17232 0x1 0x03 write 0x17254 0x1 0x06 write 0x17278 0x1 0x34 write 0x3d 0x1 0x27 write 0x40 0x1 0x2e write 0x41 0x1 0x72 write 0x42 0x1 0x01 write 0x4d 0x1 0x2e write 0x4f 0x1 0x01 writeq 0x9f0d000000002000 0x5c051a0100000000 write 0x34001d 0x1 0x13 write 0x340026 0x1 0x30 write 0x340028 0x1 0x08 write 0x34002c 0x1 0xfe write 0x34002d 0x1 0x08 write 0x340037 0x1 0x5e write 0x34003a 0x1 0x05 write 0x34003d 0x1 0x05 write 0x34004d 0x1 0x13 writeq 0x9f0d000000002000 0xff00010100400009 EOF This patch fixes this. Buglink: https://bugs.launchpad.net/qemu/+bug/1891341 Reported-by: Alexander Bulekov Signed-off-by: Li Qiang Message-id: 20200812153139.15146-1-liq3ea@163.com Signed-off-by: Gerd Hoffmann --- hw/usb/hcd-xhci.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c index a21485fe8ac..3b25abcacdf 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -1614,7 +1614,10 @@ static int xhci_setup_packet(XHCITransfer *xfer) xhci_xfer_create_sgl(xfer, dir == USB_TOKEN_IN); /* Also sets int_req */ usb_packet_setup(&xfer->packet, dir, ep, xfer->streamid, xfer->trbs[0].addr, false, xfer->int_req); - usb_packet_map(&xfer->packet, &xfer->sgl); + if (usb_packet_map(&xfer->packet, &xfer->sgl)) { + qemu_sglist_destroy(&xfer->sgl); + return -1; + } DPRINTF("xhci: setup packet pid 0x%x addr %d ep %d\n", xfer->packet.pid, ep->dev->addr, ep->nr); return 0; -- Gitee From 3f7f2cd3b67a32b9f08b00798452c584702fb96d Mon Sep 17 00:00:00 2001 From: AlexChen Date: Tue, 15 Sep 2020 14:55:28 +0800 Subject: [PATCH 4/5] migration/socket: fix a compilation failure Signed-off-by: AlexChen --- migration/socket.c | 1 + 1 file changed, 1 insertion(+) diff --git a/migration/socket.c b/migration/socket.c index bc0960c639c..093b956b80d 100644 --- a/migration/socket.c +++ b/migration/socket.c @@ -22,6 +22,7 @@ #include "channel.h" #include "socket.h" #include "migration.h" +#include "ram.h" #include "qemu-file.h" #include "io/channel-socket.h" #include "io/net-listener.h" -- Gitee From c0569e7ddfa4f6c6a5b143d85b2d535d9536622e Mon Sep 17 00:00:00 2001 From: Ying Fang Date: Thu, 6 Aug 2020 10:05:00 +0800 Subject: [PATCH 5/5] tests: Disalbe filemonitor testcase Since filemonitor testcase requires that host kernel being a LTS version, we cannot guarantee that on OBS system. Let's disable it by default. Signed-of-by: Ying Fang --- tests/Makefile.include | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/Makefile.include b/tests/Makefile.include index d8cf00c1293..f3273ad382e 100644 --- a/tests/Makefile.include +++ b/tests/Makefile.include @@ -117,7 +117,6 @@ ifneq (,$(findstring qemu-ga,$(TOOLS))) check-unit-$(call land,$(CONFIG_LINUX),$(CONFIG_VIRTIO_SERIAL)) += tests/test-qga$(EXESUF) endif check-unit-y += tests/test-timed-average$(EXESUF) -check-unit-$(CONFIG_INOTIFY1) += tests/test-util-filemonitor$(EXESUF) check-unit-y += tests/test-util-sockets$(EXESUF) check-unit-$(CONFIG_BLOCK) += tests/test-authz-simple$(EXESUF) check-unit-$(CONFIG_BLOCK) += tests/test-authz-list$(EXESUF) @@ -654,8 +653,6 @@ tests/test-crypto-tlssession$(EXESUF): tests/test-crypto-tlssession.o \ tests/crypto-tls-x509-helpers.o tests/pkix_asn1_tab.o \ tests/crypto-tls-psk-helpers.o \ $(test-crypto-obj-y) -tests/test-util-filemonitor$(EXESUF): tests/test-util-filemonitor.o \ - $(test-util-obj-y) tests/test-util-sockets$(EXESUF): tests/test-util-sockets.o \ tests/socket-helpers.o $(test-util-obj-y) tests/test-authz-simple$(EXESUF): tests/test-authz-simple.o $(test-authz-obj-y) -- Gitee