qemu/hw
Peter Maydell a1ce993da6 hw/intc/arm_gicv3_its: Fix address calculation in get_ite() and update_ite()
In get_ite() and update_ite() we work with a 12-byte in-guest-memory
table entry, which we intend to handle as an 8-byte value followed by
a 4-byte value.  Unfortunately the calculation of the address of the
4-byte value is wrong, because we write it as:

 table_base_address + (index * entrysize) + 4
(obfuscated by the way the expression has been written)

when it should be + 8.  This bug meant that we overwrote the top
bytes of the 8-byte value with the 4-byte value.  There are no
guest-visible effects because the top half of the 8-byte value
contains only the doorbell interrupt field, which is used only in
GICv4, and the two bugs in the "write ITE" and "read ITE" codepaths
cancel each other out.

We can't simply change the calculation, because this would break
migration of a (TCG) guest from the old version of QEMU which had
in-guest-memory interrupt tables written using the buggy version of
update_ite().  We must also at the same time change the layout of the
fields within the ITE_L and ITE_H values so that the in-memory
locations of the fields we care about (VALID, INTTYPE, INTID and
ICID) stay the same.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220201193207.2771604-7-peter.maydell@linaro.org
2022-02-08 10:56:29 +00:00
..
9pfs 9pfs: use P9Array in v9fs_walk() 2021-10-27 14:45:22 +02:00
acpi ACPI ERST: build the ACPI ERST table 2022-02-06 04:33:50 -05:00
adc hw/adc: Add basic Aspeed ADC model 2021-10-12 08:20:08 +02:00
alpha hw/alpha: Provide a PCI-ISA bridge device node 2021-06-28 07:27:32 -07:00
arm hw/arm/smmuv3: Fix device reset 2022-02-08 10:56:28 +00:00
audio Remove unnecessary minimum_version_id_old fields 2022-01-28 15:38:23 +01:00
avr hw/avr: Realize AVRCPU qdev object using qdev_realize() 2021-12-17 10:43:24 +01:00
block hw/block/m25p80: Add support for Micron Xccela flash mt35xu01g 2022-01-28 14:29:46 +00:00
char hw/char/exynos4210_uart: Fix crash on trying to load VM state 2022-01-28 14:29:46 +00:00
core hw/elf_ops: clear uninitialized segment space 2022-01-20 09:09:37 +01:00
cpu cpu/core: Fix "help" of CPU core device types 2021-04-09 16:05:16 -04:00
cris Do not include exec/address-spaces.h if it's not really necessary 2021-05-02 17:24:51 +02:00
display Fixes and updates for hppa target 2022-02-02 19:54:30 +00:00
dma Migration Pull request (Take 2) 2022-01-29 15:55:54 +00:00
gpio Remove unnecessary minimum_version_id_old fields 2022-01-28 15:38:23 +01:00
hppa hppa: Add support for an emulated TOC/NMI button. 2022-02-02 18:46:42 +01:00
hyperv dma: Let dma_memory_map() take MemTxAttrs argument 2021-12-30 17:16:32 +01:00
i2c aspeed/i2c: QOMify AspeedI2CBus 2021-10-12 08:20:08 +02:00
i386 ACPI ERST: create ACPI ERST table for pc/x86 machines 2022-02-06 04:33:50 -05:00
ide hw/dma: Let dma_buf_read() / dma_buf_write() propagate MemTxResult 2022-01-18 12:56:29 +01:00
input ps2: Initial horizontal scroll support 2022-01-13 15:33:18 +01:00
intc hw/intc/arm_gicv3_its: Fix address calculation in get_ite() and update_ite() 2022-02-08 10:56:29 +00:00
ipack qbus: Rename qbus_create_inplace() to qbus_init() 2021-09-30 13:42:10 +01:00
ipmi ipmi/sim: fix watchdog_expired data type error in IPMIBmcSim struct 2021-07-08 14:15:01 -05:00
isa vt82c686: Add a method to VIA_ISA to raise ISA interrupts 2021-10-18 00:41:36 +02:00
m68k m68k: virt: correctly set the initial PC 2022-01-20 09:09:37 +01:00
mem hw/mem/pc-dimm: Restrict NUMA-specific code to NUMA machines 2021-11-11 03:13:05 -05:00
microblaze hw/microblaze: Replace drive_get_next() by drive_get() 2021-12-15 08:38:16 +01:00
mips hw/mips/jazz: Inline vga_mmio_init() and remove it 2022-01-13 10:58:54 +01:00
misc Migration Pull request (Take 2) 2022-01-29 15:55:54 +00:00
net Remove unnecessary minimum_version_id_old fields 2022-01-28 15:38:23 +01:00
nios2 Do not include cpu.h if it's not really necessary 2021-05-02 17:24:51 +02:00
nubus qbus: Rename qbus_create_inplace() to qbus_init() 2021-09-30 13:42:10 +01:00
nvme hw/dma: Let dma_buf_read() / dma_buf_write() propagate MemTxResult 2022-01-18 12:56:29 +01:00
nvram hw/nvram: Restrict fw_cfg QOM interface to sysemu and tools 2022-01-18 10:45:35 +01:00
openrisc Do not include exec/address-spaces.h if it's not really necessary 2021-05-02 17:24:51 +02:00
pci pcie_aer: Don't trigger a LSI if none are defined 2022-01-07 05:19:55 -05:00
pci-bridge qdev: Make DeviceState.id independent of QemuOpts 2021-10-15 16:06:35 +02:00
pci-host ppc/pnv: use a do-while() loop in pnv_phb4_translate_tve() 2022-01-28 13:15:02 +01:00
pcmcia hw/pcmcia: Do not register PCMCIA type if not required 2021-05-02 17:24:50 +02:00
ppc ppc 7.0 queue: 2022-01-31 11:10:08 +00:00
rdma hw/dma: Use dma_addr_t type definition when relevant 2022-01-18 12:56:29 +01:00
remote hw/remote/proxy: Categorize Wireless devices as 'Network' ones 2021-10-04 09:47:26 +02:00
riscv hw/riscv: Remove macros for ELF BIOS image names 2022-01-21 15:52:57 +10:00
rtc rtc: Move RTC function prototypes to their own header 2022-01-28 14:29:46 +00:00
rx hw/rx/rx-gdbsim: Do not accept invalid memory size 2021-05-03 10:07:41 +02:00
s390x rtc: Move RTC function prototypes to their own header 2022-01-28 14:29:46 +00:00
scsi Migration Pull request (Take 2) 2022-01-29 15:55:54 +00:00
sd hw/sd: Add SDHC support for SD card SPI-mode 2022-01-04 08:50:28 +01:00
sensor hw/misc: Add Infineon DPS310 sensor model 2021-09-20 08:50:59 +02:00
sh4 hw/intc/sh_intc: Inline and drop sh_intc_source() function 2021-10-30 18:39:37 +02:00
smbios smbios: Rename SMBIOS_ENTRY_POINT_* enums 2022-01-07 05:19:55 -05:00
sparc sun4m: fix setting CPU id when more than one CPU is present 2021-09-08 11:09:45 +01:00
sparc64 hw: Replace trivial drive_get_next() by drive_get() 2021-12-15 08:38:16 +01:00
ssi hw/ssi: Add a model of Xilinx Versal's OSPI flash memory controller 2022-01-28 14:29:46 +00:00
timer hw/timer/armv7m_systick: Update clock source before enabling timer 2022-02-08 10:56:28 +00:00
tpm tpm: mark correct memory region range dirty when clearing RAM 2021-10-02 08:43:21 +02:00
tricore hw/tricore: fix inclusion of tricore_testboard 2021-07-20 20:10:21 +02:00
usb uas: add missing return 2022-01-13 10:58:05 +01:00
vfio vfio: Fix memory leak of hostwin 2021-11-17 11:25:55 -07:00
virtio Remove unnecessary minimum_version_id_old fields 2022-01-28 15:38:23 +01:00
watchdog watchdog: remove select_watchdog_action 2021-11-02 15:57:27 +01:00
xen aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
xenpv meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
xtensa Do not include exec/address-spaces.h if it's not really necessary 2021-05-02 17:24:51 +02:00
Kconfig hw/arm: xlnx-zcu102: Add Xilinx eFUSE device 2021-09-30 13:42:10 +01:00
meson.build sensor: Move hardware sensors from misc to a sensor directory 2021-06-17 07:10:32 -05:00