Commit Graph

89733 Commits

Author SHA1 Message Date
Alexander Bulekov
40c0d963db fuzz: use ITIMER_REAL for timeouts
Using ITIMER_VIRTUAL is a bad idea, if the fuzzer hits a blocking
syscall - e.g. ppoll with a NULL timespec. This causes timeout issues
while fuzzing some block-device code. Fix that by using wall-clock time.
This might cause inputs to timeout sometimes due to scheduling
effects/ambient load, but it is better than bringing the entire fuzzing
process to a halt.

Based-on: <20210713150037.9297-1-alxndr@bu.edu>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
2021-09-01 07:33:13 -04:00
Alexander Bulekov
dfc86c0f25 fuzz: add an instrumentation filter
By default, -fsanitize=fuzzer instruments all code with coverage
information. However, this means that libfuzzer will track coverage over
hundreds of source files that are unrelated to virtual-devices. This
means that libfuzzer will optimize inputs for coverage observed in timer
code, memory APIs etc. This slows down the fuzzer and stores many inputs
that are not relevant to the actual virtual-devices.

With this change, clang versions that support the
"-fsanitize-coverage-allowlist" will only instrument a subset of the
compiled code, that is directly related to virtual-devices.

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
2021-09-01 07:33:13 -04:00
Alexander Bulekov
f2e8b87a1a fuzz: make object-name matching case-insensitive
We have some configs for devices such as the AC97 and ES1370 that were
not matching memory-regions correctly, because the configs provided
lowercase names. To resolve these problems and prevent them from
occurring again in the future, convert both the pattern and names to
lower-case, prior to checking for a match.

Suggested-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
2021-09-01 07:33:13 -04:00
Alexander Bulekov
993f52f4d4 fuzz: adjust timeout to allow for longer inputs
Using a custom timeout is useful to continue fuzzing complex devices,
even after we run into some slow code-path. However, simply adding a
fixed timeout to each input effectively caps the maximum input
length/number of operations at some artificial value. There are two
major problems with this:
1. Some code might only be reachable through long IO sequences.
2. Longer inputs can actually be _better_ for performance. While the
   raw number of fuzzer executions decreases with larger inputs, the
   number of MMIO/PIO/DMA operation/second actually increases, since
   were are speding proportionately less time fork()ing.

With this change, we keep the custom-timeout, but we renew it, prior to
each MMIO/PIO/DMA operation. Thus, we time-out only when a specific
operation takes a long time.

Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
2021-09-01 07:33:13 -04:00
Alexander Bulekov
af16990a1b fuzz: fix sparse memory access in the DMA callback
The code mistakenly relied on address_space_translate to store the
length remaining until the next memory-region. We care about this
because when there is RAM or sparse-memory neighboring on an MMIO
region, we should only write up to the border, to prevent inadvertently
invoking MMIO handlers within the DMA callback.

However address_space_translate_internal only stores the length until
the end of the MemoryRegion if memory_region_is_ram(mr). Otherwise
the *len is left unmodified. This caused some false-positive issues,
where the fuzzer found a way to perform a nested MMIO write through a
DMA callback on an [address, length] that started within sparse memory
and spanned some device MMIO regions.

To fix this, write to sparse memory in small chunks of
memory_access_size (similar to the underlying address_space_write code),
which will prevent accidentally hitting MMIO handlers through large
writes.

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2021-09-01 07:33:13 -04:00
Peter Maydell
ec397e90d2 First RISC-V PR for QEMU 6.2
- Add a config for Shakti UART
  - Fixup virt flash node
  - Don't override users supplied ISA version
  - Fixup some CSR accesses
  - Use g_strjoinv() for virt machine PLIC string config
  - Fix an overflow in the SiFive CLINT
  - Add 64-bit register access helpers
  - Replace tcg_const_* with direct constant usage
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEE9sSsRtSTSGjTuM6PIeENKd+XcFQFAmEu4LAACgkQIeENKd+X
 cFQfBQf/Q5T6SGY8HC0ao/znTrvuBkUTgoL+R/pyNzamkgkrNFaRkMScOHq6gEqM
 3W//ri1z4+8KDPnXEScI2GWRA1eE0g9QVco1tv6YzenJTHK8ttk380HuptszMcoP
 LGHfNH45BTDjj9D7rpgPkycGSSzR7OxynxH0SAl6pBqT7n8vkaSUsqsUnIvmThY2
 Orx9hQkhAowsNCajwqzW/qLOi/HFXd455U08vFIZ/GSaV5s4uXdpIWShiiFttSVe
 vL9IgNie2GszKJYoD3a5FUYKobHMc1xvoj2XuZSac2XAyl4lS8FNM+NFRg12MdXv
 g1s4EhRMxjn3/X3acc99O5aokhf0+w==
 =YUsp
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20210901-2' into staging

First RISC-V PR for QEMU 6.2

 - Add a config for Shakti UART
 - Fixup virt flash node
 - Don't override users supplied ISA version
 - Fixup some CSR accesses
 - Use g_strjoinv() for virt machine PLIC string config
 - Fix an overflow in the SiFive CLINT
 - Add 64-bit register access helpers
 - Replace tcg_const_* with direct constant usage

# gpg: Signature made Wed 01 Sep 2021 03:08:48 BST
# gpg:                using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [full]
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8  CE8F 21E1 0D29 DF97 7054

* remotes/alistair/tags/pull-riscv-to-apply-20210901-2: (33 commits)
  target/riscv: Use {get,dest}_gpr for RVV
  target/riscv: Tidy trans_rvh.c.inc
  target/riscv: Use {get,dest}_gpr for RVD
  target/riscv: Use {get,dest}_gpr for RVF
  target/riscv: Use gen_shift_imm_fn for slli_uw
  target/riscv: Use {get,dest}_gpr for RVA
  target/riscv: Reorg csr instructions
  target/riscv: Fix hgeie, hgeip
  target/riscv: Fix rmw_sip, rmw_vsip, rmw_hsip vs write-only operation
  target/riscv: Use {get, dest}_gpr for integer load/store
  target/riscv: Use get_gpr in branches
  target/riscv: Use extracts for sraiw and srliw
  target/riscv: Use DisasExtend in shift operations
  target/riscv: Add DisasExtend to gen_unary
  target/riscv: Move gen_* helpers for RVB
  target/riscv: Move gen_* helpers for RVM
  target/riscv: Use gen_arith for mulh and mulhu
  target/riscv: Remove gen_arith_div*
  target/riscv: Add DisasExtend to gen_arith*
  target/riscv: Introduce DisasExtend and new helpers
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-01 08:33:02 +01:00
Richard Henderson
8e034ae44d target/riscv: Use {get,dest}_gpr for RVV
Remove gen_get_gpr, as the function becomes unused.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210823195529.560295-25-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
f33960df5b target/riscv: Tidy trans_rvh.c.inc
Exit early if check_access fails.
Split out do_hlv, do_hsv, do_hlvx subroutines.
Use dest_gpr, get_gpr in the new subroutines.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210823195529.560295-24-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
7976837f9a target/riscv: Use {get,dest}_gpr for RVD
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210823195529.560295-23-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
75234a2843 target/riscv: Use {get,dest}_gpr for RVF
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210823195529.560295-22-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
6922eee6ac target/riscv: Use gen_shift_imm_fn for slli_uw
Always use tcg_gen_deposit_z_tl; the special case for
shamt >= 32 is handled there.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210823195529.560295-21-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
cce762a75e target/riscv: Use {get,dest}_gpr for RVA
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210823195529.560295-20-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
a974879b45 target/riscv: Reorg csr instructions
Introduce csrr and csrw helpers, for read-only and write-only insns.

Note that we do not properly implement this in riscv_csrrw, in that
we cannot distinguish true read-only (rs1 == 0) from any other zero
write_mask another source register -- this should still raise an
exception for read-only registers.

Only issue gen_io_start for CF_USE_ICOUNT.
Use ctx->zero for csrrc.
Use get_gpr and dest_gpr.

Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210823195529.560295-19-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
377cbb4bdb target/riscv: Fix hgeie, hgeip
We failed to write into *val for these read functions;
replace them with read_zero.  Only warn about unsupported
non-zero value when writing a non-zero value.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210823195529.560295-18-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
33979526ca target/riscv: Fix rmw_sip, rmw_vsip, rmw_hsip vs write-only operation
We distinguish write-only by passing ret_value as NULL.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210823195529.560295-17-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
6ecf39e2dd target/riscv: Use {get, dest}_gpr for integer load/store
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210823195529.560295-16-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
9b21b64345 target/riscv: Use get_gpr in branches
Narrow the scope of t0 in trans_jalr.

Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210823195529.560295-15-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
23c1088689 target/riscv: Use extracts for sraiw and srliw
These operations can be done in one instruction on some hosts.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210823195529.560295-14-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
89c883091f target/riscv: Use DisasExtend in shift operations
These operations are greatly simplified by ctx->w, which allows
us to fold gen_shiftw into gen_shift.  Split gen_shifti into
gen_shift_imm_{fn,tl} like we do for gen_arith_imm_{fn,tl}.

Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210823195529.560295-13-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
6090391505 target/riscv: Add DisasExtend to gen_unary
Use ctx->w for ctpopw, which is the only one that can
re-use the generic algorithm for the narrow operation.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210823195529.560295-12-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
f84ed8c2df target/riscv: Move gen_* helpers for RVB
Move these helpers near their use by the trans_*
functions within insn_trans/trans_rvb.c.inc.

Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210823195529.560295-11-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
b66a0585f0 target/riscv: Move gen_* helpers for RVM
Move these helpers near their use by the trans_*
functions within insn_trans/trans_rvm.c.inc.

Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210823195529.560295-10-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
8a1b4917c5 target/riscv: Use gen_arith for mulh and mulhu
Split out gen_mulh and gen_mulhu and use the common helper.

Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210823195529.560295-9-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
afbbec8201 target/riscv: Remove gen_arith_div*
Use ctx->w and the enhanced gen_arith function.

Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210823195529.560295-8-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
191d1dafae target/riscv: Add DisasExtend to gen_arith*
Most arithmetic does not require extending the inputs.
Exceptions include division, comparison and minmax.

Begin using ctx->w, which allows elimination of gen_addw,
gen_subw, gen_mulw.

Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210823195529.560295-7-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
ecda15d137 target/riscv: Introduce DisasExtend and new helpers
Introduce get_gpr, dest_gpr, temp_new -- new helpers that do not force
tcg globals into temps, returning a constant 0 for $zero as source and
a new temp for $zero as destination.

Introduce ctx->w for simplifying word operations, such as addw.

Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210823195529.560295-6-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
867c81968a target/riscv: Add DisasContext to gen_get_gpr, gen_set_gpr
We will require the context to handle RV64 word operations.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210823195529.560295-5-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
4a083b563a target/riscv: Clean up division helpers
Utilize the condition in the movcond more; this allows some of
the setcond that were feeding into movcond to be removed.
Do not write into source1 and source2.  Re-name "condN" to "tempN"
and use the temporaries for more than holding conditions.

Tested-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210823195529.560295-4-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
9b17ae9c6a tests/tcg/riscv64: Add test for division
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210823195529.560295-3-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Richard Henderson
05b80ed0a1 target/riscv: Use tcg_constant_*
Replace uses of tcg_const_* with the allocate and free close together.

Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210823195529.560295-2-richard.henderson@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Joe Komlodi
2a4b408930 hw/registerfields: Use 64-bit bitfield for FIELD_DP64
If we have a field that's wider than 32-bits, we need a data type wide enough to
be able to create the bitfield used to deposit the value.

Signed-off-by: Joe Komlodi <joe.komlodi@xilinx.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1626805903-162860-3-git-send-email-joe.komlodi@xilinx.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Joe Komlodi
4d63ef20cf hw/core/register: Add more 64-bit utilities
We already have some utilities to handle 64-bit wide registers, so this just
adds some more for:
- Initializing 64-bit registers
- Extracting and depositing to an array of 64-bit registers

Signed-off-by: Joe Komlodi <joe.komlodi@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1626805903-162860-2-git-send-email-joe.komlodi@xilinx.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
David Hoppenbrouwers
4dc06bb816 hw/intc/sifive_clint: Fix muldiv64 overflow in sifive_clint_write_timecmp()
`muldiv64` would overflow in cases where the final 96-bit value does not
fit in a `uint64_t`. This would result in small values that cause an
interrupt to be triggered much sooner than intended.

The overflow can be detected in most cases by checking if the new value is
smaller than the previous value. If the final result is larger than
`diff` it is either correct or it doesn't matter as it is effectively
infinite anyways.

`next` is an `uint64_t` value, but `timer_mod` takes an `int64_t`. This
resulted in high values such as `UINT64_MAX` being converted to `-1`,
which caused an immediate timer interrupt.

By limiting `next` to `INT64_MAX` no overflow will happen while the
timer will still be effectively set to "infinitely" far in the future.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/493
Signed-off-by: David Hoppenbrouwers <david@salt-inc.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210827152324.5201-1-david@salt-inc.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Peter Maydell
33fcedfac8 hw/riscv/virt.c: Assemble plic_hart_config string with g_strjoinv()
In the riscv virt machine init function, We assemble a string
plic_hart_config which is a comma-separated list of N copies of the
VIRT_PLIC_HART_CONFIG string.  The code that does this has a
misunderstanding of the strncat() length argument.  If the source
string is too large strncat() will write a maximum of length+1 bytes
(length bytes from the source string plus a trailing NUL), but the
code here assumes that it will write only length bytes at most.

This isn't an actual bug because the code has correctly precalculated
the amount of memory it needs to allocate so that it will never be
too small (i.e.  we could have used plain old strcat()), but it does
mean that the code looks like it has a guard against accidental
overrun when it doesn't.

Rewrite the string handling here to use the glib g_strjoinv()
function, which means we don't need to do careful accountancy of
string lengths, and makes it clearer that what we're doing is
"create a comma-separated string".

Fixes: Coverity 1460752
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210812144647.10516-1-peter.maydell@linaro.org
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
LIU Zhiwei
42109837b5 target/riscv: Add User CSRs read-only check
For U-mode CSRs, read-only check is also needed.

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-id: 20210810014552.4884-1-zhiwei_liu@c-sky.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
LIU Zhiwei
a8b37120d4 target/riscv: Don't wrongly override isa version
For some cpu, the isa version has already been set in cpu init function.
Thus only override the isa version when isa version is not set, or
users set different isa version explicitly by cpu parameters.

Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-id: 20210811144612.68674-1-zhiwei_liu@c-sky.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Bin Meng
65e728a28a target/riscv: Correct a comment in riscv_csrrw()
When privilege check fails, RISCV_EXCP_ILLEGAL_INST is returned,
not -1 (RISCV_EXCP_NONE).

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210807141025.31808-1-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Bin Meng
58bde469ba hw/riscv: virt: Move flash node to root
The flash is not inside the SoC, so it's inappropriate to put it
under the /soc node. Move it to root instead.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210807035641.22449-1-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Vijai Kumar K
46b3e2548b hw/char: Add config for shakti uart
Use a dedicated UART config(CONFIG_SHAKTI_UART) to select
shakti uart.

Signed-off-by: Vijai Kumar K <vijai@behindbytes.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210731190229.137483-1-vijai@behindbytes.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-09-01 11:59:12 +10:00
Peter Maydell
d52dff5d80 -----BEGIN PGP SIGNATURE-----
iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmEuLrccHG1hcmNhbmRy
 ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5cmyD/0ebOdpSFpCqTMDSLzS
 YGtM00EEUVtzM7SRgXdhqagih1jeukXze3jq7pQDneoOZgFEOU4sbJ5BQ0mPSzQc
 MgFq36oqnjcXQiCw2bfAUExmPEdL5UsBRzzr91nb0VUF9tfAezYqf8CY8fbgu1bZ
 cwk9KbrlfwR1trtxvbvhUhVbZfhO+9/gSu8e3WEr3fuSPYsy+nMcf0AG8m6bfVg5
 IISchT1OCiJ/9BSRITjLUko5qcyxLBAnnA9qVOMnHXokQzvMaoATOi5vXNtRm/TC
 yqni2Ls/Oh03oSA33JEnS+vh/wOO+Eruiuxh7k4UzTUt9PBs4J9Z7JPmCQfbL+6+
 Fb7VH3KsKhTDHW6U88Ux+pf4tWN8ajZm8JnammWNquiJ8AmvPdJQG+9hXPWGEWNS
 a9cA302o8/VF4bolboAqEc0ETpwAxhA7uytdgUOXCiCAusEXS+EZg+P4Wc1KBxwq
 N754+Taw/+0xI1JXnjq1+YF1CFM3rag/rY4PJiqwuBlTHNI9KoIk++7AqS7umGXg
 2OaLoWXFtwOLrOqNjtT3LjQBT9PlqoDBrjP8Ntd3x+BhgYTYRh2TxHNusTnfINcZ
 ave8Zv3ChePt4v4qRXJo3XKBddnHiq3jD37VhOLowtUtjhGd2BFHR29fLZ6f6z3C
 vVGGT0r4PmLuTNhOkaEdb76qyA==
 =N/L8
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/marcandre/tags/clip-pull-request' into staging

# gpg: Signature made Tue 31 Aug 2021 14:29:27 BST
# gpg:                using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg:                issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276  F62D DAE8 E109 7596 9CE5

* remotes/marcandre/tags/clip-pull-request:
  ui/vdagent: add a migration blocker
  ui/gtk-clipboard: emit release clipboard events
  ui/vdagent: send release when no clipboard owner
  ui/gtk-clipboard: use qemu_clipboard_info helper
  ui/vdagent: send empty clipboard when unhandled
  ui/vdagent: use qemu_clipboard_info helper
  ui/vdagent: use qemu_clipboard_peer_release helper
  ui/vdagent: split clipboard recv message handling
  ui/vdagent: reset outbuf on disconnect
  ui/vdagent: disconnect handlers and reset state on finalize
  ui/clipboard: release owned grabs on unregister
  ui/clipboard: add qemu_clipboard_peer_release() helper
  ui/clipboard: add qemu_clipboard_peer_owns() helper
  ui/clipboard: add helper to retrieve current clipboard
  ui/gtk-clipboard: fix clipboard enum typo
  ui/gtk-clipboard: use existing macros
  ui/vdagent: remove copy-pasta comment
  ui/vdagent: fix leak on error path

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-31 14:38:15 +01:00
Marc-André Lureau
90208bc965 ui/vdagent: add a migration blocker
The current implementation lacks migration support. After migration,
vdagent support will be broken (even after a restart of the daemons).
Let's try to fix it in 6.2.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210805135715.857938-19-marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31 17:25:14 +04:00
Marc-André Lureau
8038c5b646 ui/gtk-clipboard: emit release clipboard events
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210805135715.857938-18-marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31 17:25:14 +04:00
Marc-André Lureau
314bf50086 ui/vdagent: send release when no clipboard owner
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210805135715.857938-17-marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31 17:25:14 +04:00
Marc-André Lureau
b702c863bf ui/gtk-clipboard: use qemu_clipboard_info helper
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210805135715.857938-16-marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31 17:25:14 +04:00
Marc-André Lureau
3d3f0bc3f7 ui/vdagent: send empty clipboard when unhandled
Rather than leaving the agent timing out or hanging, reply to it with an
empty result.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210805135715.857938-15-marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31 17:25:14 +04:00
Marc-André Lureau
d2ed2c01c2 ui/vdagent: use qemu_clipboard_info helper
The clipboard unit now tracks the current clipboard grab, no need to
duplicate this work.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210805135715.857938-14-marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31 17:25:14 +04:00
Marc-André Lureau
c98c50de7c ui/vdagent: use qemu_clipboard_peer_release helper
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210805135715.857938-13-marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31 17:25:14 +04:00
Marc-André Lureau
3b99bb4c3a ui/vdagent: split clipboard recv message handling
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210805135715.857938-12-marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31 17:25:14 +04:00
Marc-André Lureau
5fb2e8d99b ui/vdagent: reset outbuf on disconnect
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210805135715.857938-11-marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31 17:25:14 +04:00
Marc-André Lureau
5e0a24e868 ui/vdagent: disconnect handlers and reset state on finalize
Avoid handlers being called with dangling pointers when the object is
freed.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210805135715.857938-10-marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2021-08-31 17:25:14 +04:00