Fix potential overflow problem when calculating pwm_duty.
1. Ensure p->cmr and p->cnr to be from [0,65535], according to the
hardware specification.
2. Changed duty to uint32_t. However, since MAX_DUTY * (p->cmr+1)
can excceed UINT32_MAX, we convert them to uint64_t in computation
and converted them back to uint32_t.
(duty is guaranteed to be <= MAX_DUTY so it won't overflow.)
Fixes: CID 1442342
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Doug Evans <dje@google.com>
Signed-off-by: Hao Wu <wuhaotsh@google.com>
Message-id: 20210127011142.2122790-1-wuhaotsh@google.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The properties to attach a CANBUS object to the xlnx-zcu102 machine have
a period in them. We want to use periods in properties for compound QAPI types,
and besides the "xlnx-zcu102." prefix is both unnecessary and different
from any other machine property name. Remove it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20210118162537.779542-1-pbonzini@redhat.com
Reviewed-by: Vikram Garhwal <fnu.vikram@xilinx.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
- Fix crash on write to read-only devices
- iotests: Rewrite 'check' in Python, get rid of 'groups' and allow
non-numeric test case names
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAmARxVARHGt3b2xmQHJl
ZGhhdC5jb20ACgkQfwmycsiPL9ZxrA//TAulJrmJ0T+h/782HRzA8St+Yuzkbdhh
96xuxqG+flhiRi1gq2LOiOUnIzYGgG0x2bI1INZku3AsqNp2BG02DtX95jdxpPkg
8Yr/PGAZ1Z+/fdajphcAVujR8A9tDrfj4wNXHOfN5cPoIXobNQGwMHX4+fDWJ3yf
sbeihc70JmjQ3V6Psau2YAVLCESRLfPkG571YYiNu1DmBVI5n0xgMUD4Oc6hzIPR
igJ6K5EO+uacrY1b6j5WsTIn7+mmUD8EC6njNZrYcF3aq8/SsCIaLqV/+6LN589e
KdvysjU3EtRbeln2Zk83m4YTL48Cpz967aCbfD908lRmsq0tu+X0LrAQoa9Y7+0x
DHS7jkUAG2LOppVrSFKUSt6QxOz08z8qqCBZutdMEBTJtfiq04I/EJhdv4HqLjD8
4dE9PQITAILO2NzfbWS+vVhHOgoyIuSu4QtC2Nw6ztUiGrtqkbRRkfPLmEv3vrxn
daA/yHgyJFwyKPtiubKqk20LZb/5txJKXCPpo18MVIs9r70NcqfRT6J1XVqApFQA
aXPhEsBNZ/p0gCBiej98ukCb15rOqlSk7iVlSV3kIPtp/Nk5kDqC3XV48Uy+GtXW
shSM4QZxoE6CoKPGkB5hWyMAAvYwyJRRJAPy7w/Rcqd3vTsfgwX7Ad0bBVQe0kpo
+pMOKs0/Yk8=
=gFsg
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches:
- Fix crash on write to read-only devices
- iotests: Rewrite 'check' in Python, get rid of 'groups' and allow
non-numeric test case names
# gpg: Signature made Wed 27 Jan 2021 19:56:00 GMT
# gpg: using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg: issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6
* remotes/kevin/tags/for-upstream:
iotests: rename and move 169 and 199 tests
iotests: rewrite check into python
iotests: add testrunner.py
iotests: add testenv.py
iotests: add findtests.py
iotests: 146: drop extra whitespaces from .out file
virtio-scsi-test: Test writing to scsi-cd device
block: Separate blk_is_writable() and blk_supports_write_perm()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This tests that trying to write to a (read-only) scsi-cd device backed
by a read-write image file doesn't crash and results in the correct
error.
This is a regression test for https://bugs.launchpad.net/bugs/1906693.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210118123448.307825-3-kwolf@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
qtest_rsp() is used in two different ways: (1) return some arguments
to caller, which the caller must free, and (2) return no arguments to
caller. Passing non-zero @expected_args gets you (1), and passing
zero gets you (2).
Having "the return value must be freed" depend on an argument this way
is less than ideal.
Provide separate functions for the two ways: (1) qtest_rsp_args()
takes @expected_args (possibly zero), and returns that number of
arguments. Caller must free the return value always. (2) qtest_rsp()
assumes zero, and returns nothing.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210126151649.2220902-1-armbru@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
This patch fixes the following memory leak detected by asan:
Indirect leak of 560320 byte(s) in 136 object(s) allocated from:
#0 0x556b3b3f9b57 in calloc (/home/stefanb/tmp/qemu-tip/build/tests/qtest/tpm-crb-swtpm-test+0x23fb57)
#1 0x152b0e96b9b0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x589b0)
#2 0x556b3b588f61 in parse_object /home/stefanb/tmp/qemu-tip/build/../qobject/json-parser.c:318:12
#3 0x556b3b588f61 in parse_value /home/stefanb/tmp/qemu-tip/build/../qobject/json-parser.c:546:16
#4 0x556b3b5886e8 in json_parser_parse /home/stefanb/tmp/qemu-tip/build/../qobject/json-parser.c:580:14
#5 0x556b3b52ff4a in json_message_process_token /home/stefanb/tmp/qemu-tip/build/../qobject/json-streamer.c:92:12
#6 0x556b3b59896f in json_lexer_feed_char /home/stefanb/tmp/qemu-tip/build/../qobject/json-lexer.c:313:13
#7 0x556b3b598443 in json_lexer_feed /home/stefanb/tmp/qemu-tip/build/../qobject/json-lexer.c:350:9
#8 0x556b3b436c70 in qmp_fd_receive /home/stefanb/tmp/qemu-tip/build/../tests/qtest/libqtest.c:614:9
#9 0x556b3b435871 in qtest_qmp_receive_dict /home/stefanb/tmp/qemu-tip/build/../tests/qtest/libqtest.c:636:12
#10 0x556b3b435871 in qtest_qmp_receive /home/stefanb/tmp/qemu-tip/build/../tests/qtest/libqtest.c:624:27
#11 0x556b3b435c59 in qtest_vqmp /home/stefanb/tmp/qemu-tip/build/../tests/qtest/libqtest.c:715:12
#12 0x556b3b435c59 in qtest_qmp /home/stefanb/tmp/qemu-tip/build/../tests/qtest/libqtest.c:756:16
#13 0x556b3b4328c7 in tpm_util_wait_for_migration_complete /home/stefanb/tmp/qemu-tip/build/../tests/qtest/tpm-util.c:245:15
#14 0x556b3b4333be in tpm_test_swtpm_migration_test /home/stefanb/tmp/qemu-tip/build/../tests/qtest/tpm-tests.c:117:5
#15 0x152b0e98e29d (/lib64/libglib-2.0.so.0+0x7b29d)
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210115204637.3332555-1-stefanb@linux.vnet.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
The pwm_qom_get function didn't free "response", which caused an indirect
memory leak. So use qobject_unref() to fix it.
ASAN shows memory leak stack:
Indirect leak of 74160000 byte(s) in 18000 object(s) allocated from:
#0 0x7f96e2f79d4e in __interceptor_calloc (/lib64/libasan.so.5+0x112d4e)
#1 0x7f96e2d98a50 in g_malloc0 (/lib64/libglib-2.0.so.0+0x55a50)
#2 0x556313112180 in qdict_new ../qobject/qdict.c:30
#3 0x556313115bca in parse_object ../qobject/json-parser.c:318
#4 0x556313117810 in parse_value ../qobject/json-parser.c:546
#5 0x556313117bda in json_parser_parse ../qobject/json-parser.c:580
#6 0x55631310fe67 in json_message_process_token ../qobject/json-streamer.c:92
#7 0x5563131210b7 in json_lexer_feed_char ../qobject/json-lexer.c:313
#8 0x556313121662 in json_lexer_feed ../qobject/json-lexer.c:350
#9 0x5563131101e9 in json_message_parser_feed ../qobject/json-streamer.c:121
#10 0x5563130cb81e in qmp_fd_receive ../tests/qtest/libqtest.c:614
#11 0x5563130cba2b in qtest_qmp_receive_dict ../tests/qtest/libqtest.c:636
#12 0x5563130cb939 in qtest_qmp_receive ../tests/qtest/libqtest.c:624
#13 0x5563130cbe0d in qtest_vqmp ../tests/qtest/libqtest.c:715
#14 0x5563130cc40f in qtest_qmp ../tests/qtest/libqtest.c:756
#15 0x5563130c5623 in pwm_qom_get ../tests/qtest/npcm7xx_pwm-test.c:180
#16 0x5563130c595e in pwm_get_duty ../tests/qtest/npcm7xx_pwm-test.c:210
#17 0x5563130c7529 in test_toggle ../tests/qtest/npcm7xx_pwm-test.c:447
Reported-by: Euler Robot <euler.robot@huawei.com>
Message-Id: <20210115075634.717909-1-ganqixin@huawei.com>
Signed-off-by: Gan Qixin <ganqixin@huawei.com>
Reviewed-by: Havard Skinnemoen <hskinnemoen@google.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
As per POSIX specification of limits.h [1], OS libc may define
PAGE_SIZE in limits.h.
Self defined PAGE_SIZE is frequently used in tests, to prevent
collosion of definition, we give PAGE_SIZE definitons reasonable
prefixs.
[1]: https://pubs.opengroup.org/onlinepubs/7908799/xsh/limits.h.html
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210118063808.12471-7-jiaxun.yang@flygoat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
The adc_qom_set function didn't free "response", which caused an indirect
memory leak. So use qobject_unref() to fix it.
ASAN shows memory leak stack:
Indirect leak of 593280 byte(s) in 144 object(s) allocated from:
#0 0x7f9a5e7e8d4e in __interceptor_calloc (/lib64/libasan.so.5+0x112d4e)
#1 0x7f9a5e607a50 in g_malloc0 (/lib64/libglib-2.0.so.0+0x55a50)
#2 0x55b1bebf636b in qdict_new ../qobject/qdict.c:30
#3 0x55b1bec09699 in parse_object ../qobject/json-parser.c:318
#4 0x55b1bec0b2df in parse_value ../qobject/json-parser.c:546
#5 0x55b1bec0b6a9 in json_parser_parse ../qobject/json-parser.c:580
#6 0x55b1bec060d1 in json_message_process_token ../qobject/json-streamer.c:92
#7 0x55b1bec16a12 in json_lexer_feed_char ../qobject/json-lexer.c:313
#8 0x55b1bec16fbd in json_lexer_feed ../qobject/json-lexer.c:350
#9 0x55b1bec06453 in json_message_parser_feed ../qobject/json-streamer.c:121
#10 0x55b1bebc2d51 in qmp_fd_receive ../tests/qtest/libqtest.c:614
#11 0x55b1bebc2f5e in qtest_qmp_receive_dict ../tests/qtest/libqtest.c:636
#12 0x55b1bebc2e6c in qtest_qmp_receive ../tests/qtest/libqtest.c:624
#13 0x55b1bebc3340 in qtest_vqmp ../tests/qtest/libqtest.c:715
#14 0x55b1bebc3942 in qtest_qmp ../tests/qtest/libqtest.c:756
#15 0x55b1bebbd64a in adc_qom_set ../tests/qtest/npcm7xx_adc-test.c:127
#16 0x55b1bebbd793 in adc_write_input ../tests/qtest/npcm7xx_adc-test.c:140
#17 0x55b1bebbdf92 in test_convert_external ../tests/qtest/npcm7xx_adc-test.c:246
Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Gan Qixin <ganqixin@huawei.com>
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Message-id: 20210118065627.79903-1-ganqixin@huawei.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The crypto overhead of emulating pauth can be significant for
some workloads. Add two boolean properties that allows the
feature to be turned off, on with the architected algorithm,
or on with an implementation defined algorithm.
We need two intermediate booleans to control the state while
parsing properties lest we clobber ID_AA64ISAR1 into an invalid
intermediate state.
Tested-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210111235740.462469-3-richard.henderson@linaro.org
[PMM: fixed docs typo, tweaked text to clarify that the impdef
algorithm is specific to QEMU]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
No matter whether the pxb is enabled or not, the CONFIG_PXB macro in test
would keep undefined. And since pxb is now enabled for ARM Virt machine
by default, let's enable pxb unit-test by removing the CONFIG_PXB.
Acked-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Jiahui Cen <cenjiahui@huawei.com>
Message-Id: <20210114100643.10617-8-cenjiahui@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Jiahui Cen <cenjiahui@huawei.com>
Message-Id: <20210114100643.10617-2-cenjiahui@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
We add a qtest for the PWM in the previous patch. It proves it works as
expected.
Reviewed-by: Havard Skinnemoen <hskinnemoen@google.com>
Reviewed-by: Tyrone Ting <kfting@nuvoton.com>
Signed-off-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210108190945.949196-6-wuhaotsh@google.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The ADC is part of NPCM7XX Module. Its behavior is controled by the
ADC_CON register. It converts one of the eight analog inputs into a
digital input and stores it in the ADC_DATA register when enabled.
Users can alter input value by using qom-set QMP command.
Reviewed-by: Havard Skinnemoen <hskinnemoen@google.com>
Reviewed-by: Tyrone Ting <kfting@nuvoton.com>
Signed-off-by: Hao Wu <wuhaotsh@google.com>
Message-id: 20210108190945.949196-4-wuhaotsh@google.com
[PMM: Added missing hw/adc/trace.h file]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Prior to this patch, the fuzzer found inputs to map PCI device BARs and
enable the device. While it is nice that the fuzzer can do this, it
added significant overhead, since the fuzzer needs to map all the
BARs (regenerating the memory topology), at the start of each input.
With this patch, we do this once, before fuzzing, mitigating some of
this overhead.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20201221181203.1853-1-alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
When the length of mname is less than 5, memcpy("xenfv", mname, 5) will cause
heap buffer overflow. Therefore, use strncmp to avoid this problem.
The asan showed stack:
ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000f2f4 at
pc 0x7f65d8cc2225 bp 0x7ffe93cc5a60 sp 0x7ffe93cc5208 READ of size 5 at
0x60200000f2f4 thread T0
#0 0x7f65d8cc2224 in memcmp (/lib64/libasan.so.5+0xdf224)
#1 0x5632c20be95b in qtest_cb_for_every_machine tests/qtest/libqtest.c:1282
#2 0x5632c20b7995 in main tests/qtest/test-hmp.c:160
#3 0x7f65d88fed42 in __libc_start_main (/lib64/libc.so.6+0x26d42)
#4 0x5632c20b72cd in _start (build/tests/qtest/test-hmp+0x542cd)
Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Gan Qixin <ganqixin@huawei.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20210106050625.518041-1-ganqixin@huawei.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
qobject_to_json() and qobject_to_json_pretty() build a GString, then
covert it to QString. Just one of the callers actually needs a
QString: qemu_rbd_parse_filename(). A few others need a string they
can modify: qmp_send_response(), qga's send_response(), to_json_str(),
and qmp_fd_vsend_fds(). The remainder just need a string.
Change qobject_to_json() and qobject_to_json_pretty() to return the
GString.
qemu_rbd_parse_filename() now has to convert to QString. All others
save a QString temporary. to_json_str() actually becomes a bit
simpler, because GString provides more convenient modification
functions.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20201211171152.146877-6-armbru@redhat.com>
On the pc-i440fx machine, the floppy drive relies on the i8257 DMA
controller. Add this device to the floppy fuzzer config, and silence the
warning about a missing format specifier for the null-co:// drive.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201216203328.41112-1-alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
In using the address_space_translate_internal API, address_space_cache_init
forgot one piece of advice that can be found in the code for
address_space_translate_internal:
/* MMIO registers can be expected to perform full-width accesses based only
* on their address, without considering adjacent registers that could
* decode to completely different MemoryRegions. When such registers
* exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
* regions overlap wildly. For this reason we cannot clamp the accesses
* here.
*
* If the length is small (as is the case for address_space_ldl/stl),
* everything works fine. If the incoming length is large, however,
* the caller really has to do the clamping through memory_access_size.
*/
address_space_cache_init is exactly one such case where "the incoming length
is large", therefore we need to clamp the resulting length---not to
memory_access_size though, since we are not doing an access yet, but to
the size of the resulting section. This ensures that subsequent accesses
to the cached MemoryRegionSection will be in range.
With this patch, the enclosed testcase notices that the used ring does
not fit into the MSI-X table and prints a "qemu-system-x86_64: Cannot map used"
error.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Test the scenario where the -action panic=none parameter is used to
signal that the VM must continue executing after a guest panic
occurs.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Message-Id: <1607705564-26264-5-git-send-email-alejandro.j.jimenez@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The preconfig state is only used if -incoming is not specified, which
makes the RunState state machine more tricky than it need be. However
there is already an equivalent condition which works even with -incoming,
namely qdev_hotplug. Use it instead of a separate runstate.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.
This commit was created with scripts/clean-includes, with the changes
to the following files manually reverted:
contrib/libvhost-user/libvhost-user-glib.h
contrib/libvhost-user/libvhost-user.c
contrib/libvhost-user/libvhost-user.h
contrib/plugins/hotblocks.c
contrib/plugins/hotpages.c
contrib/plugins/howvec.c
contrib/plugins/lockstep.c
linux-user/mips64/cpu_loop.c
linux-user/mips64/signal.c
linux-user/sparc64/cpu_loop.c
linux-user/sparc64/signal.c
linux-user/x86_64/cpu_loop.c
linux-user/x86_64/signal.c
target/s390x/gen-features.c
tests/fp/platform.h
tests/migration/s390x/a-b-bios.c
tests/plugin/bb.c
tests/plugin/empty.c
tests/plugin/insn.c
tests/plugin/mem.c
tests/test-rcu-simpleq.c
tests/test-rcu-slist.c
tests/test-rcu-tailq.c
tests/uefi-test-tools/UefiTestToolsPkg/BiosTablesTest/BiosTablesTest.c
contrib/plugins/, tests/plugin/, and tests/test-rcu-slist.c appear not
to include osdep.h intentionally. The remaining reverts are the same
as in commit bbfff19688.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20201113061216.2483385-1-armbru@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Alexander Bulekov <alxndr@bu.edu>
* New device model for EMC1413/EMC1414 temperature sensors (I2C)
* New g220a-bmc Aspeed machine
* couple of Aspeed cleanups
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAl/SDVIACgkQUaNDx8/7
7KFF3BAAvYPgi/XJN0caP0qbxZy7GvBA1nmINQq910d1ARz04Vin8K6oj9x02taq
1MMhk9KryNRF1VuT98eya8u9htsg1OxrosqSAwjrtI72oSRWLGSl1Ww0sKIPcBET
OUq8pfAv+gW5lVWRkpnEA4Ly33PMTp5zfT3sy0riuSf+Z7Mg/8Lk28tNSOYu6hBl
LUZddcweMshishrJ46F1SSwWFfdZ2+5Y1eLSDRGwn8Ba5xy6SI3UDQVFze1vFmo3
h1Sd9s2tVJtJn4It2op41XKQX99uoGUy98CYVrbAd/1euZIm/6c4ju9upZiFUU/p
wm8I1njd5ybdPzRmJkJ8zQxsblgvw/Ua0YLmX/4aFsPUlKPyomOr++YMXcyrThEY
cxezJsSmj5f/oVaGRULbRVR8hhaM18RLBgwQAbfNSOTylmFa+URT6FLR4mnysfhz
zv76xt6S8BIS8CAgxqB13tj4tQPXUansQsuVTWwRwE8mHd5Vkhau2oOQR5n9cV+n
FNjvmqUN7ICtekmwMmBdNOI4yiGBY1ckcj/UoCzkuAYK444kzTqFfB4CZABNhs5f
/fjAsWAvYtqsLFUWCUnpHkxyq/8N0hpSZc0DI3FDPsup4/NlRG17p+DcrNqimwIE
SZ1I28YYdmoh1igMQK46x7UvvnceCCXkHAnR+nGix8jOpSCWLKs=
=abAb
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/legoater/tags/pull-aspeed-20201210' into staging
Aspeed patches :
* New device model for EMC1413/EMC1414 temperature sensors (I2C)
* New g220a-bmc Aspeed machine
* couple of Aspeed cleanups
# gpg: Signature made Thu 10 Dec 2020 11:58:10 GMT
# gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1
* remotes/legoater/tags/pull-aspeed-20201210:
aspeed: g220a-bmc: Add an FRU
aspeed/smc: Add support for address lane disablement
ast2600: SRAM is 89KB
aspeed: Add support for the g220a-bmc board
hw/misc: add an EMC141{3,4} device model
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Dump the collected random data after a randomness test failure.
Note that this relies on the test having called
g_test_set_nonfatal_assertions() so we don't abort immediately on the
assertion failure.
Signed-off-by: Havard Skinnemoen <hskinnemoen@google.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: minor commit message tweak]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The QTests perform five tests on the Xilinx ZynqMP CAN controller:
Tests the CAN controller in loopback, sleep and snoop mode.
Tests filtering of incoming CAN messages.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Francisco Iglesias <francisco.iglesias@xilinx.com>
Signed-off-by: Vikram Garhwal <fnu.vikram@xilinx.com>
Message-id: 1605728926-352690-4-git-send-email-fnu.vikram@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Largely inspired by the TMP421 temperature sensor, here is a model for
the EMC1413/EMC1414 temperature sensors.
Specs can be found here :
http://ww1.microchip.com/downloads/en/DeviceDoc/20005274A.pdf
Signed-off-by: John Wang <wangzhiqiang.bj@bytedance.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20201122105134.671-1-wangzhiqiang.bj@bytedance.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Create second ioapic, route virtio-mmio IRQs to it,
allow more virtio-mmio devices (24 instead of 8).
Needs ACPI, enabled by default, can be turned off
using -machine ioapic2=off
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Sergio Lopez <slp@redhat.com>
Message-id: 20201203105423.10431-8-kraxel@redhat.com
Change that will be introduced by following patch:
@@ -557,6 +557,7 @@ DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPCDSDT", 0x00000001)
CINS, 1,
CRMV, 1,
CEJ0, 1,
+ CEJF, 1,
Offset (0x05),
CCMD, 8
}
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20201207140739.3829993-5-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The generic fuzzer can find double-fetch bugs. However:
* We currently have no good way of producing qemu-system reproducers for
double-fetch bugs. Even if we can get developers to run the binary-blob
reproducers with the qemu-fuzz builds, we currently don't have a minimizer for
these reproducers, so they are usually not easy to follow.
* Often times the fuzzer will provide a reproducer containing a
double-fetch for a bug that can be reproduced without double-fetching.
Until we find a way to build nice double-fetch reproducers that
developers are willing to look at, lets tell OSS-Fuzz to avoid
double-fetches.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-Id: <20201202164214.93867-1-alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Missed in fd25017284 ("qtest: add a reproducer for LP#1878642").
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20201201191026.4149955-2-philmd@redhat.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Add the binary file DSDT.pxb and clear bios-tables-test-allowed-diff.h
Signed-off-by: Yubo Miao <miaoyubo@huawei.com>
Signed-off-by: Jiahui Cen <cenjiahui@huawei.com>
Message-Id: <20201119014841.7298-10-cenjiahui@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Add testcase for pxb to make sure the ACPI table is correct for guest.
Signed-off-by: Yubo Miao <miaoyubo@huawei.com>
Signed-off-by: Jiahui Cen <cenjiahui@huawei.com>
Message-Id: <20201119014841.7298-9-cenjiahui@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>