[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 6ed675: s390: avoid potential null dereferenc
From: |
GitHub |
Subject: |
[Qemu-commits] [qemu/qemu] 6ed675: s390: avoid potential null dereference in s390_pci... |
Date: |
Fri, 18 Jan 2019 10:48:32 -0800 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 6ed675c92a80ff83638eef5e12d4aac529c12f93
https://github.com/qemu/qemu/commit/6ed675c92a80ff83638eef5e12d4aac529c12f93
Author: Li Qiang <address@hidden>
Date: 2019-01-18 (Fri, 18 Jan 2019)
Changed paths:
M hw/s390x/s390-pci-bus.c
Log Message:
-----------
s390: avoid potential null dereference in s390_pcihost_unplug()
When getting the 'pbdev', the if...else has no default branch.
>From Coverity, the 'pbdev' maybe null when the 'dev' is not
the TYPE_PCI_BRIDGE/TYPE_PCI_DEVICE/TYPE_S390_PCI_DEVICE.
This patch adds a default branch for device plug and unplug.
Spotted by Coverity: CID 1398593
Signed-off-by: Li Qiang <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: David Hildenbrand <address@hidden>
Reviewed-by: Halil Pasic <address@hidden>
Reviewed-by: Collin Walling <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
Commit: 0d3a76139827f7d08f1b487fda9f01ecc06741a7
https://github.com/qemu/qemu/commit/0d3a76139827f7d08f1b487fda9f01ecc06741a7
Author: Thomas Huth <address@hidden>
Date: 2019-01-18 (Fri, 18 Jan 2019)
Changed paths:
M pc-bios/s390-ccw/start.S
Log Message:
-----------
pc-bios/s390-ccw: Use proper register names for Clang
When compiling the s390-ccw firmware with Clang 7.0.1, I get the
following errors:
pc-bios/s390-ccw/start.S:62:19: error: invalid use of length addressing
stctg 0,0,0(15)
^
pc-bios/s390-ccw/start.S:63:12: error: invalid use of length addressing
oi 6(15), 0x2
^
pc-bios/s390-ccw/start.S:64:19: error: invalid use of length addressing
lctlg 0,0,0(15)
^
pc-bios/s390-ccw/start.S:76:19: error: invalid use of length addressing
stctg 0,0,0(15)
^
pc-bios/s390-ccw/start.S:77:12: error: invalid use of length addressing
ni 6(15), 0xfd
^
pc-bios/s390-ccw/start.S:78:19: error: invalid use of length addressing
lctlg 0,0,0(15)
^
pc-bios/s390-ccw/start.S:79:12: error: invalid operand for instruction
br 14
^
Let's use proper register names like in the rest of this file to fix it.
Signed-off-by: Thomas Huth <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Christian Borntraeger <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
Commit: 37dbd1f4d4805edcd18d94eb202bb3461b3cd52d
https://github.com/qemu/qemu/commit/37dbd1f4d4805edcd18d94eb202bb3461b3cd52d
Author: Janosch Frank <address@hidden>
Date: 2019-01-18 (Fri, 18 Jan 2019)
Changed paths:
M target/s390x/diag.c
Log Message:
-----------
s390x: Return specification exception for unimplemented diag 308 subcodes
The architecture specifies specification exceptions for all
unavailable subcodes.
The presence of subcodes is indicated by checking some query subcode.
For example 6 will indicate that 3-6 are available. So future systems
might call new subcodes to check for new features. This should not
trigger a hw error, instead we return the architectured specification
exception.
Signed-off-by: Janosch Frank <address@hidden>
Cc: address@hidden
Message-Id: <address@hidden>
Reviewed-by: Christian Borntraeger <address@hidden>
Reviewed-by: David Hildenbrand <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
Commit: 2e33c3f848a729ec549062b4ca9064ee6c83216d
https://github.com/qemu/qemu/commit/2e33c3f848a729ec549062b4ca9064ee6c83216d
Author: Thomas Huth <address@hidden>
Date: 2019-01-18 (Fri, 18 Jan 2019)
Changed paths:
M configure
Log Message:
-----------
configure: Only build the s390-ccw bios if the compiler supports -march=z900
We want to build our s390-ccw bios with -march=z900 so that it also
works with the oldest s390x CPU that we support with TCG. However,
Clang on s390x does not support -march=z900 anymore, so we can not
use this compiler to build the s390-ccw bios. Thus add a proper test
to the configure script to see whether the compiler is usable.
Signed-off-by: Thomas Huth <address@hidden>
Message-Id: <address@hidden>
Acked-by: Christian Borntraeger <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
Commit: d57d6abc33c770b77732039ebcc96e26cf6ff285
https://github.com/qemu/qemu/commit/d57d6abc33c770b77732039ebcc96e26cf6ff285
Author: David Hildenbrand <address@hidden>
Date: 2019-01-18 (Fri, 18 Jan 2019)
Changed paths:
M hw/s390x/s390-pci-bus.c
Log Message:
-----------
s390x/pci: Send correct event on hotplug
Comit 2c28c490571f ("s390x/pci: let pci devices start in configured mode")
changed the initial state of zPCI devices from ZPCI_FS_STANDBY to
ZPCI_FS_DISABLED (a.k.a. configured). However we still only send a
HP_EVENT_RESERVED_TO_STANDBY event to the guest, indicating a wrong
state.
Let's send a HP_EVENT_TO_CONFIGURED event instead, to match the actual
state the device is in.
This fixes hotplugged devices having to be enabled explicitly in the
guest e.g. via echo 1 > /sys/bus/pci/slots/00000000/power.
On real HW, a PCI device always pops up in the STANDBY state. In QEMU,
we decided to let it show up directly in the configured state (as
configuring it is otherwise just an extra burden for the admin). We can
safely bypass the STANDBY state when hotplugging PCI devices to a guest.
Fixes: 2c28c490571f ("s390x/pci: let pci devices start in configured mode")
Reported-by: Cornelia Huck <address@hidden>
Signed-off-by: David Hildenbrand <address@hidden>
Message-Id: <address@hidden>
Tested-by: Cornelia Huck <address@hidden>
Reviewed-by: Pierre Morel <address@hidden>
Reviewed-by: Collin Walling <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
Commit: dbe9cf606c2fe7365008be2a71d7b1781bbd5435
https://github.com/qemu/qemu/commit/dbe9cf606c2fe7365008be2a71d7b1781bbd5435
Author: Pierre Morel <address@hidden>
Date: 2019-01-18 (Fri, 18 Jan 2019)
Changed paths:
M hw/s390x/s390-pci-bus.c
Log Message:
-----------
s390x/pci: Set the iommu region size mpcifc request
The size of the accessible iommu memory region in the guest
is given to the IOMMU by the guest through the mpcifc request
specifying the PCI Base Address and the PCI Address Limit.
Let's set the size of the IOMMU region to:
(PCI Address Limit) - (PCI Base Address) + 1.
Fixes: f7c40aa1e7 ("s390x/pci: fix failures of dma map/unmap")
Signed-off-by: Pierre Morel <address@hidden>
Message-Id: <address@hidden>
Acked-by: Collin Walling <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
Commit: 19375e9be0ccb7ec02dffbc6ffceafd3c480b799
https://github.com/qemu/qemu/commit/19375e9be0ccb7ec02dffbc6ffceafd3c480b799
Author: David Hildenbrand <address@hidden>
Date: 2019-01-18 (Fri, 18 Jan 2019)
Changed paths:
M hw/s390x/s390-pci-bus.c
Log Message:
-----------
s390x/pci: Use hotplug_dev instead of looking up the host bridge
We directly have it in our hands.
Signed-off-by: David Hildenbrand <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Collin Walling <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
Commit: 6069bcdeaceebb91f43bc4762e3f63eee48cd390
https://github.com/qemu/qemu/commit/6069bcdeaceebb91f43bc4762e3f63eee48cd390
Author: David Hildenbrand <address@hidden>
Date: 2019-01-18 (Fri, 18 Jan 2019)
Changed paths:
M hw/s390x/s390-pci-bus.c
Log Message:
-----------
s390x/pci: Move some hotplug checks to the pre_plug handler
Let's move most of the checks to the new pre_plug handler. As a PCI
bridge is just a PCI device, we can simplify the code.
Notes: We cannot yet move the MSIX check or device ID creation +
zPCI device creation to the pre_plug handler as both parts are not
fixed before actual device realization (and therefore after pre_plug and
before plug). Once that part is factored out, we can move these parts to
the pre_plug handler, too and therefore remove all possible errors from
the plug handler.
Reviewed-by: Collin Walling <address@hidden>
Signed-off-by: David Hildenbrand <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
Commit: d648a3e62d5e726526f9df283341999792f4fbf9
https://github.com/qemu/qemu/commit/d648a3e62d5e726526f9df283341999792f4fbf9
Author: David Hildenbrand <address@hidden>
Date: 2019-01-18 (Fri, 18 Jan 2019)
Changed paths:
M hw/s390x/s390-pci-bus.c
Log Message:
-----------
s390x/pci: Always delete and free the release_timer
We should always get rid of it. I don't see a reason to keep the timer
alive if the devices are going away. This looks like a memory leak.
(hmp) device_add virtio-mouse-pci,id=test
(hmp) device_del test
-> guest notified, timer pending.
-> guest does not react for some reason (e.g. crash)
-> s390_pcihost_timer_cb(). Timer not pending anymore. qmp_unplug().
-> Device deleted. Timer expired (not pending) but not freed.
Signed-off-by: David Hildenbrand <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Collin Walling <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
Commit: 3549f8c9e4f0ef1c3417ff43b2164f68ad34b922
https://github.com/qemu/qemu/commit/3549f8c9e4f0ef1c3417ff43b2164f68ad34b922
Author: David Hildenbrand <address@hidden>
Date: 2019-01-18 (Fri, 18 Jan 2019)
Changed paths:
M hw/s390x/s390-pci-bus.c
Log Message:
-----------
s390x/pci: Ignore the unplug call if we already have a release_timer
... otherwise two successive calls to qdev_unplug() (e.g. by an impatient
user) will effectively overwrite pbdev->release_timer, resulting in a
memory leak. We are already processing the unplug.
If there is already a release_timer, the unplug will be performed after
the timeout.
Can be easily triggered by
(hmp) device_add virtio-mouse-pci,id=test
(hmp) stop
(hmp) device_del test
(hmp) device_del test
Signed-off-by: David Hildenbrand <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Collin Walling <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
Commit: 6e92c70c37547b6a247a206651dfcc583a57f484
https://github.com/qemu/qemu/commit/6e92c70c37547b6a247a206651dfcc583a57f484
Author: Yi Min Zhao <address@hidden>
Date: 2019-01-18 (Fri, 18 Jan 2019)
Changed paths:
M hw/s390x/s390-pci-bus.c
M hw/s390x/s390-pci-bus.h
M hw/s390x/s390-pci-inst.c
M hw/s390x/s390-pci-inst.h
Log Message:
-----------
s390x/pci: add common function measurement block
Common function measurement block is used to report zPCI internal
counters of successful pcilg/stg/stb and rpcit instructions to
a memory location provided by the program.
This patch introduces a new ZpciFmb structure and schedules a timer
callback to copy the zPCI measures to the FMB in the guest memory
at an interval time set to 4s.
An error while attemping to update the FMB, would generate an error
event to the guest.
The pcilg/stg/stb and rpcit interception handlers increase the
related counter on a successful call.
The guest shall pass a null FMBA (FMB address) in the FIB (Function
Information Block) when it issues a Modify PCI Function Control
instruction to switch off FMB and stop the corresponding timer.
Signed-off-by: Yi Min Zhao <address@hidden>
Signed-off-by: Pierre Morel <address@hidden>
Message-Id: <address@hidden>
Acked-by: David Hildenbrand <address@hidden>
Reviewed-by: Collin Walling <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
Commit: a8d2b0685681e2f291faaa501efbbd76875f8ec8
https://github.com/qemu/qemu/commit/a8d2b0685681e2f291faaa501efbbd76875f8ec8
Author: Peter Maydell <address@hidden>
Date: 2019-01-18 (Fri, 18 Jan 2019)
Changed paths:
M configure
M hw/s390x/s390-pci-bus.c
M hw/s390x/s390-pci-bus.h
M hw/s390x/s390-pci-inst.c
M hw/s390x/s390-pci-inst.h
M pc-bios/s390-ccw/start.S
M target/s390x/diag.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20190118' into staging
s390x updates:
- clang compilation fixes
- fixes in zpci hotplug code
- handle unimplemented diag 308 subcodes correctly
- add common fmb in zpci
# gpg: Signature made Fri 18 Jan 2019 12:13:26 GMT
# gpg: using RSA key DECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <address@hidden>"
# gpg: aka "Cornelia Huck <address@hidden>"
# gpg: aka "Cornelia Huck <address@hidden>"
# gpg: aka "Cornelia Huck <address@hidden>"
# gpg: aka "Cornelia Huck <address@hidden>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF
* remotes/cohuck/tags/s390x-20190118:
s390x/pci: add common function measurement block
s390x/pci: Ignore the unplug call if we already have a release_timer
s390x/pci: Always delete and free the release_timer
s390x/pci: Move some hotplug checks to the pre_plug handler
s390x/pci: Use hotplug_dev instead of looking up the host bridge
s390x/pci: Set the iommu region size mpcifc request
s390x/pci: Send correct event on hotplug
configure: Only build the s390-ccw bios if the compiler supports -march=z900
s390x: Return specification exception for unimplemented diag 308 subcodes
pc-bios/s390-ccw: Use proper register names for Clang
s390: avoid potential null dereference in s390_pcihost_unplug()
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/9bd641b10a13...a8d2b0685681
**NOTE:** This service has been marked for deprecation:
https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 6ed675: s390: avoid potential null dereference in s390_pci...,
GitHub <=