From 4714931410e808e7f11297ec0a05d2b235c621ed Mon Sep 17 00:00:00 2001
From: tangzhongrui <tangzhongrui@cmss.chinamobile.com>
Date: Wed, 28 Jun 2023 19:12:17 +0800
Subject: [PATCH 1/3]     The host addresses should be cast via *intptr_t not
 long.     Drop the inline and fix two other whitespace issues.

    Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
    Reviewed-by: Anton Johansson <anjo@rev.ng>

    Signed-off-by: tangzhongrui <tangzhongrui@cmss.chinamobile.com>
---
 linux-user/syscall.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index a544d04524..39611f3027 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4486,14 +4486,14 @@ static inline abi_ulong target_shmlba(CPUArchState *cpu_env)
 }
 #endif
 
-static inline abi_ulong do_shmat(CPUArchState *cpu_env,
-                                 int shmid, abi_ulong shmaddr, int shmflg)
+static abi_ulong do_shmat(CPUArchState *cpu_env, int shmid
+                          abi_ulong shmaddr, int shmflg)
 {
     CPUState *cpu = env_cpu(cpu_env);
-    abi_long raddr;
+    abi_ulong raddr;
     void *host_raddr;
     struct shmid_ds shm_info;
-    int i,ret;
+    int i, ret;
     abi_ulong shmlba;
 
     /* shmat pointers are always untagged */
@@ -4549,9 +4549,9 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env,
 
     if (host_raddr == (void *)-1) {
         mmap_unlock();
-        return get_errno((long)host_raddr);
+        return get_errno((intptr_t)host_raddr);
     }
-    raddr=h2g((unsigned long)host_raddr);
+    raddr = h2g((uintptr_t)host_raddr);
 
     page_set_flags(raddr, raddr + shm_info.shm_segsz,
                    PAGE_VALID | PAGE_RESET | PAGE_READ |
-- 
Gitee


From 5895f907ad2c46d256ae3ccb6326c0f1067822c6 Mon Sep 17 00:00:00 2001
From: tangzhongrui <tangzhongrui@cmss.chinamobile.com>
Date: Sun, 2 Jul 2023 23:01:15 +0800
Subject: [PATCH 2/3]         target/nios2 : Explicitly ask for target-endian
 loads and stores

        When we generate code for guest loads and stores, at the moment they
        end up being requests for a host-endian access. So for target-system-nios2
        (little endian) a load like
           ldw        r3,0(r4)
        results on an x86 host in the TCG IR
           qemu_ld_a32_i32 r3,loc2,al+leul,0
        but on s390 it is
           qemu_ld_a32_i32 r3,loc2,al+beul,0

        The result is that guests don't work on big-endian hosts.

        Use the MO_TE* memops rather than the plain ones.

        Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1693
        Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
        Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
        Reviewed-by: Philippe Mathieu-Daud<C3><A9> <philmd@linaro.org>
        Message-Id: <20230623172556.1951974-1-peter.maydell@linaro.org>
        Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

        Signed-off-by: Zhongrui Tang <tangzhongrui@cmss.chinamobile.com>
---
 target/nios2/translate.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/target/nios2/translate.c b/target/nios2/translate.c
index 08d7ac5398..989e6b4963 100644
--- a/target/nios2/translate.c
+++ b/target/nios2/translate.c
@@ -320,19 +320,19 @@ static const Nios2Instruction i_type_instructions[] = {
     INSTRUCTION_FLG(gen_cmpxxsi, TCG_COND_GE),        /* cmpgei */
     INSTRUCTION_ILLEGAL(),
     INSTRUCTION_ILLEGAL(),
-    INSTRUCTION_FLG(gen_ldx, MO_UW),                  /* ldhu */
+    INSTRUCTION_FLG(gen_ldx, MO_TEUW),                /* ldhu */
     INSTRUCTION(andi),                                /* andi */
-    INSTRUCTION_FLG(gen_stx, MO_UW),                  /* sth */
+    INSTRUCTION_FLG(gen_stx, MO_TEUW),                /* sth */
     INSTRUCTION_FLG(gen_bxx, TCG_COND_GE),            /* bge */
-    INSTRUCTION_FLG(gen_ldx, MO_SW),                  /* ldh */
+    INSTRUCTION_FLG(gen_ldx, MO_TESW),                /* ldh */
     INSTRUCTION_FLG(gen_cmpxxsi, TCG_COND_LT),        /* cmplti */
     INSTRUCTION_ILLEGAL(),
     INSTRUCTION_ILLEGAL(),
     INSTRUCTION_NOP(),                                /* initda */
     INSTRUCTION(ori),                                 /* ori */
-    INSTRUCTION_FLG(gen_stx, MO_UL),                  /* stw */
+    INSTRUCTION_FLG(gen_stx, MO_TEUL),                /* stw */
     INSTRUCTION_FLG(gen_bxx, TCG_COND_LT),            /* blt */
-    INSTRUCTION_FLG(gen_ldx, MO_UL),                  /* ldw */
+    INSTRUCTION_FLG(gen_ldx, MO_TEUL),                /* ldw */
     INSTRUCTION_FLG(gen_cmpxxsi, TCG_COND_NE),        /* cmpnei */
     INSTRUCTION_ILLEGAL(),
     INSTRUCTION_ILLEGAL(),
@@ -352,19 +352,19 @@ static const Nios2Instruction i_type_instructions[] = {
     INSTRUCTION_FLG(gen_cmpxxui, TCG_COND_GEU),       /* cmpgeui */
     INSTRUCTION_ILLEGAL(),
     INSTRUCTION_ILLEGAL(),
-    INSTRUCTION_FLG(gen_ldx, MO_UW),                  /* ldhuio */
+    INSTRUCTION_FLG(gen_ldx, MO_TEUW),                /* ldhuio */
     INSTRUCTION(andhi),                               /* andhi */
-    INSTRUCTION_FLG(gen_stx, MO_UW),                  /* sthio */
+    INSTRUCTION_FLG(gen_stx, MO_TEUW),                /* sthio */
     INSTRUCTION_FLG(gen_bxx, TCG_COND_GEU),           /* bgeu */
-    INSTRUCTION_FLG(gen_ldx, MO_SW),                  /* ldhio */
+    INSTRUCTION_FLG(gen_ldx, MO_TESW),                /* ldhio */
     INSTRUCTION_FLG(gen_cmpxxui, TCG_COND_LTU),       /* cmpltui */
     INSTRUCTION_ILLEGAL(),
     INSTRUCTION_UNIMPLEMENTED(),                      /* custom */
     INSTRUCTION_NOP(),                                /* initd */
     INSTRUCTION(orhi),                                /* orhi */
-    INSTRUCTION_FLG(gen_stx, MO_SL),                  /* stwio */
+    INSTRUCTION_FLG(gen_stx, MO_TESL),                /* stwio */
     INSTRUCTION_FLG(gen_bxx, TCG_COND_LTU),           /* bltu */
-    INSTRUCTION_FLG(gen_ldx, MO_UL),                  /* ldwio */
+    INSTRUCTION_FLG(gen_ldx, MO_TEUL),                /* ldwio */
     INSTRUCTION_UNIMPLEMENTED(),                      /* rdprs */
     INSTRUCTION_ILLEGAL(),
     INSTRUCTION_FLG(handle_r_type_instr, 0),          /* R-Type */
-- 
Gitee


From c97f890a1d4060642f65604d618af55640d356c1 Mon Sep 17 00:00:00 2001
From: tangzhongrui <tangzhongrui@cmss.chinamobile.com>
Date: Wed, 2 Aug 2023 16:59:54 +0800
Subject: [PATCH 3/3]     xen-block: Avoid leaks on new error path

    Commit 189829399070 ("xen-block: Use specific blockdev driver")
    introduced a new error path, without taking care of allocated
    resources.

    So only allocate the qdicts after the error check, and free both
    `filename` and `driver` when we are about to return and thus taking
    care of both success and error path.

    Coverity only spotted the leak of qdicts (*_layer variables).

    Reported-by: Peter Maydell <peter.maydell@linaro.org>
    Fixes: Coverity CID 1508722, 1398649
    Fixes: 189829399070 ("xen-block: Use specific blockdev driver")
    Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
    Reviewed-by: Paul Durrant <paul@xen.org>
    Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
    Message-Id: <20230704171819.42564-1-anthony.perard@citrix.com>
    Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>

    Signed-off-by: Zhongrui Tang <tangzhongrui_yewu@cmss.chinamobile.com>
---
 hw/block/xen-block.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c
index 674953f1ad..6d90621e02 100644
--- a/hw/block/xen-block.c
+++ b/hw/block/xen-block.c
@@ -760,14 +760,15 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
     drive = g_new0(XenBlockDrive, 1);
     drive->id = g_strdup(id);
 
-    file_layer = qdict_new();
-    driver_layer = qdict_new();
-
     rc = stat(filename, &st);
     if (rc) {
         error_setg_errno(errp, errno, "Could not stat file '%s'", filename);
         goto done;
     }
+
+    file_layer = qdict_new();
+    driver_layer = qdict_new();
+
     if (S_ISBLK(st.st_mode)) {
         qdict_put_str(file_layer, "driver", "host_device");
     } else {
@@ -775,7 +776,6 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
     }
 
     qdict_put_str(file_layer, "filename", filename);
-    g_free(filename);
 
     if (mode && *mode != 'w') {
         qdict_put_bool(file_layer, "read-only", true);
@@ -810,7 +810,6 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
     qdict_put_str(file_layer, "locking", "off");
 
     qdict_put_str(driver_layer, "driver", driver);
-    g_free(driver);
 
     qdict_put(driver_layer, "file", file_layer);
 
@@ -821,6 +820,8 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
     qobject_unref(driver_layer);
 
 done:
+    g_free(filename);
+    g_free(driver);
     if (*errp) {
         xen_block_drive_destroy(drive, NULL);
         return NULL;
-- 
Gitee