qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 61653b: accel/nvmm: Fix NULL dereference in n


From: Richard Henderson
Subject: [Qemu-commits] [qemu/qemu] 61653b: accel/nvmm: Fix NULL dereference in nvmm_init_vcpu()
Date: Fri, 03 May 2024 14:48:30 -0700

  Branch: refs/heads/staging
  Home:   https://github.com/qemu/qemu
  Commit: 61653b4a97b1c08b0f1d090da1ed981362a3961a
      
https://github.com/qemu/qemu/commit/61653b4a97b1c08b0f1d090da1ed981362a3961a
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-03 (Fri, 03 May 2024)

  Changed paths:
    M target/i386/nvmm/nvmm-all.c

  Log Message:
  -----------
  accel/nvmm: Fix NULL dereference in nvmm_init_vcpu()

When mechanically moving the @dirty field to AccelCPUState
in commit 79f1926b2d, we neglected cpu->accel is still NULL
when we want to dereference it.

Reported-by: Volker Rümelin <vr_qemu@t-online.de>
Suggested-by: Volker Rümelin <vr_qemu@t-online.de>
Fixes: 79f1926b2d ("accel/nvmm: Use accel-specific per-vcpu @dirty field")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240429091918.27429-3-philmd@linaro.org>


  Commit: 083367dbbf6e5ac086c32e64db6701f493928e47
      
https://github.com/qemu/qemu/commit/083367dbbf6e5ac086c32e64db6701f493928e47
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-03 (Fri, 03 May 2024)

  Changed paths:
    M target/i386/whpx/whpx-all.c

  Log Message:
  -----------
  accel/whpx: Fix NULL dereference in whpx_init_vcpu()

When mechanically moving the @dirty field to AccelCPUState
in commit 9ad49538c7, we neglected cpu->accel is still NULL
when we want to dereference it.

Fixes: 9ad49538c7 ("accel/whpx: Use accel-specific per-vcpu @dirty field")
Reported-by: Volker Rümelin <vr_qemu@t-online.de>
Suggested-by: Volker Rümelin <vr_qemu@t-online.de>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240429091918.27429-2-philmd@linaro.org>


  Commit: f184f3856e82a6f4e96df6a77118d6a2e1a9059b
      
https://github.com/qemu/qemu/commit/f184f3856e82a6f4e96df6a77118d6a2e1a9059b
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-03 (Fri, 03 May 2024)

  Changed paths:
    M include/exec/cpu-common.h

  Log Message:
  -----------
  exec: Include missing license in 'exec/cpu-common.h'

Commit 1ad2134f91 ("Hardware convenience library") extracted
"cpu-common.h" from "cpu-all.h", which uses the LGPL-2.1+ license.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240427155714.53669-5-philmd@linaro.org>


  Commit: 22879b66800d4f84ff48f151867369e76e33f9a4
      
https://github.com/qemu/qemu/commit/22879b66800d4f84ff48f151867369e76e33f9a4
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-03 (Fri, 03 May 2024)

  Changed paths:
    M bsd-user/qemu.h
    M include/exec/cpu-all.h
    R include/exec/user/abitypes.h
    M include/exec/user/thunk.h
    A include/user/abitypes.h
    M include/user/syscall-trace.h
    M linux-user/qemu.h

  Log Message:
  -----------
  user: Move 'abitypes.h' from 'exec/user' to 'user'

Keep all user emulation headers under the same user/ directory.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240503125202.35667-1-philmd@linaro.org>


  Commit: 4e111653168acc058044885c679015d50fcaf474
      
https://github.com/qemu/qemu/commit/4e111653168acc058044885c679015d50fcaf474
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-03 (Fri, 03 May 2024)

  Changed paths:
    M MAINTAINERS
    M bsd-user/qemu.h
    R include/exec/user/thunk.h
    A include/user/thunk.h
    M linux-user/thunk.c
    M linux-user/user-internals.h

  Log Message:
  -----------
  user: Move 'thunk.h' from 'exec/user' to 'user'

Keep all user emulation headers under the same user/ directory.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240428221450.26460-2-philmd@linaro.org>


  Commit: bf0bcac890cc7b4c9e52c9e94817897ce73b69a8
      
https://github.com/qemu/qemu/commit/bf0bcac890cc7b4c9e52c9e94817897ce73b69a8
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-03 (Fri, 03 May 2024)

  Changed paths:
    M scripts/coverity-scan/COMPONENTS.md

  Log Message:
  -----------
  coverity: Update user emulation regexp

All user emulation headers are now under include/user/.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240428221450.26460-3-philmd@linaro.org>


  Commit: 155fb465b1a6c87d8fc002a670b6517a6790fad8
      
https://github.com/qemu/qemu/commit/155fb465b1a6c87d8fc002a670b6517a6790fad8
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-03 (Fri, 03 May 2024)

  Changed paths:
    M plugins/api.c

  Log Message:
  -----------
  plugins/api: Only include 'exec/ram_addr.h' with system emulation

"exec/ram_addr.h" shouldn't be used with user emulation.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240427155714.53669-4-philmd@linaro.org>


  Commit: e096d370ad877f8573e20266f7e843084f9611d8
      
https://github.com/qemu/qemu/commit/e096d370ad877f8573e20266f7e843084f9611d8
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-03 (Fri, 03 May 2024)

  Changed paths:
    M plugins/core.c

  Log Message:
  -----------
  plugins: Update stale comment

"plugin_mask" was renamed as "event_mask" in commit c006147122
("plugins: create CPUPluginState and migrate plugin_mask").

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240427155714.53669-3-philmd@linaro.org>


  Commit: a0dbef9f337062eaf8af37bf904dba181469d550
      
https://github.com/qemu/qemu/commit/a0dbef9f337062eaf8af37bf904dba181469d550
  Author: Anthony PERARD <anthony.perard@citrix.com>
  Date:   2024-05-03 (Fri, 03 May 2024)

  Changed paths:
    M MAINTAINERS

  Log Message:
  -----------
  MAINTAINERS: Update my email address

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Paul Durrant <paul@xen.org>
Acked-by: Stefano Stabellini <sstabellini@kernel.org>
Message-ID: <20240429154938.19340-1-anthony.perard@citrix.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>


  Commit: c365e6b0705788866a65e7b8206bd4c5332595cd
      
https://github.com/qemu/qemu/commit/c365e6b0705788866a65e7b8206bd4c5332595cd
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-03 (Fri, 03 May 2024)

  Changed paths:
    M target/sh4/translate.c
    M tests/tcg/sh4/Makefile.target
    A tests/tcg/sh4/test-addv.c

  Log Message:
  -----------
  target/sh4: Fix ADDV opcode

The documentation says:

  ADDV Rm, Rn        Rn + Rm -> Rn, overflow -> T

But QEMU implementation was:

  ADDV Rm, Rn        Rn + Rm -> Rm, overflow -> T

Fix by filling the correct Rm register.

Add tests provided by Paul Cercueil.

Cc: qemu-stable@nongnu.org
Fixes: ad8d25a11f ("target-sh4: implement addv and subv using TCG")
Reported-by: Paul Cercueil <paul@crapouillou.net>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2317
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <20240430163125.77430-2-philmd@linaro.org>


  Commit: e88a856efd1d3c3ffa8e53da4831eff8da290808
      
https://github.com/qemu/qemu/commit/e88a856efd1d3c3ffa8e53da4831eff8da290808
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-03 (Fri, 03 May 2024)

  Changed paths:
    M target/sh4/translate.c
    M tests/tcg/sh4/Makefile.target
    A tests/tcg/sh4/test-subv.c

  Log Message:
  -----------
  target/sh4: Fix SUBV opcode

The documentation says:

  SUBV Rm, Rn        Rn - Rm -> Rn, underflow -> T

The overflow / underflow can be calculated as:

  T = ((Rn ^ Rm) & (Result ^ Rn)) >> 31

However we were using the incorrect:

  T = ((Rn ^ Rm) & (Result ^ Rm)) >> 31

Fix by using the Rn register instead of Rm.

Add tests provided by Paul Cercueil.

Cc: qemu-stable@nongnu.org
Fixes: ad8d25a11f ("target-sh4: implement addv and subv using TCG")
Reported-by: Paul Cercueil <paul@crapouillou.net>
Suggested-by: Paul Cercueil <paul@crapouillou.net>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2318
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <20240430163125.77430-3-philmd@linaro.org>


  Commit: 40ed073f893b1aaebbd7f2ef1259bab9a0cea46f
      
https://github.com/qemu/qemu/commit/40ed073f893b1aaebbd7f2ef1259bab9a0cea46f
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-03 (Fri, 03 May 2024)

  Changed paths:
    M target/sh4/translate.c

  Log Message:
  -----------
  target/sh4: Rename TCGv variables as manual for ADDV opcode

To easily compare with the SH4 manual, rename:

  REG(B11_8) -> Rn
  REG(B7_4) -> Rm
  t0 -> result

Mention how overflow is calculated.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <20240430163125.77430-4-philmd@linaro.org>


  Commit: 942ba09d7cfc11b8a149011a201d274902731333
      
https://github.com/qemu/qemu/commit/942ba09d7cfc11b8a149011a201d274902731333
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-05-03 (Fri, 03 May 2024)

  Changed paths:
    M target/sh4/translate.c

  Log Message:
  -----------
  target/sh4: Rename TCGv variables as manual for SUBV opcode

To easily compare with the SH4 manual, rename:

  REG(B11_8) -> Rn
  REG(B7_4) -> Rm
  t0 -> result

Mention how underflow is calculated.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240430163125.77430-5-philmd@linaro.org>


  Commit: 2d27c91e2b72ac7a65504ac207c89262d92464eb
      
https://github.com/qemu/qemu/commit/2d27c91e2b72ac7a65504ac207c89262d92464eb
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2024-05-03 (Fri, 03 May 2024)

  Changed paths:
    M ui/cocoa.m

  Log Message:
  -----------
  ui/cocoa.m: Drop old macOS-10.12-and-earlier compat ifdefs

We only support the most recent two versions of macOS (currently
macOS 13 Ventura and macOS 14 Sonoma), and our ui/cocoa.m code
already assumes at least macOS 12 Monterey or better, because it uses
NSScreen safeAreaInsets, which is 12.0-or-newer.

Remove the ifdefs that were providing backwards compatibility for
building on 10.12 and earlier versions.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20240502142904.62644-1-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>


  Commit: 97c872276d147c882296f5da245bd8432f1582f6
      
https://github.com/qemu/qemu/commit/97c872276d147c882296f5da245bd8432f1582f6
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2024-05-03 (Fri, 03 May 2024)

  Changed paths:
    M MAINTAINERS
    M bsd-user/qemu.h
    M include/exec/cpu-all.h
    M include/exec/cpu-common.h
    R include/exec/user/abitypes.h
    R include/exec/user/thunk.h
    A include/user/abitypes.h
    M include/user/syscall-trace.h
    A include/user/thunk.h
    M linux-user/qemu.h
    M linux-user/thunk.c
    M linux-user/user-internals.h
    M plugins/api.c
    M plugins/core.c
    M scripts/coverity-scan/COMPONENTS.md
    M target/i386/nvmm/nvmm-all.c
    M target/i386/whpx/whpx-all.c
    M target/sh4/translate.c
    M tests/tcg/sh4/Makefile.target
    A tests/tcg/sh4/test-addv.c
    A tests/tcg/sh4/test-subv.c
    M ui/cocoa.m

  Log Message:
  -----------
  Merge tag 'accel-sh4-ui-20240503' of https://github.com/philmd/qemu into 
staging

- Fix NULL dereference in NVMM & WHPX init_vcpu()
- Move user emulation headers "exec/user" to "user"
- Fix SH-4 ADDV / SUBV opcodes
- Drop Cocoa compatility on macOS <= 10.12
- Update Anthony PERARD email

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmY1BE4ACgkQ4+MsLN6t
# wN73jg//dbdHQU+4oM7BgTduDZn1ulKz5DtNEJawRP6vxIcSQ+Co2Yd+gdLOSXNI
# 2BaoiOQ8cyDEHj1Uud3WVB0GsQYvHrqgXcjeHpX6yFFCZNyRvzEXizJPHKCtq+4e
# XQFtfTFftlJdaKCLqyDqVnrVNRacFPm7kinrEQbTSmglAhwnyu3GwsokDAYiJTqp
# g0n6mX/pWVEMDNY1HrDsk2Q/pyIZFmzhtuRyXRvi/bh8/BnmMCpySG+2463dnu1O
# xIGr2w8ldc+mKn2w2k3wYKDnUHz/NhOkE86tL/ZxIgjCzeenZXwXNdzM+cuAmOZX
# L9KIu5io6bTevYVwwHhd5/N6MCqVEhoRmsUQfF0CIkIzxXbyF14M89YHXZo3YJAd
# n2uoJ7i6hF/4Pt6Uqlg09+vEk7onwrobnTPnbKHEKNWHNOMKXpq1CBxxcVz2qe24
# +CTAAOOhHqaTjODPSexzHZDZYxugCy1XSqps9AFF1HqUcmsPCL/PQ75YGTJJO0oF
# 0V1Yvzjhin26AQS9SglIeXnHxYC26Cg2mXnUpVbryWnG888r0XAGpRl+FEuXK7Ln
# /dGuCIWTozypSkG9304IlxlYsOoXhL11NZqINW+W/Tor3dMRQhWUQcHqv98Jl4Ad
# rnpzZ0Dhd9ityZdbI0CCMZZZLY5dw1Rq5q407GTJr1CDU4PJBh0=
# =N8q0
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 03 May 2024 08:35:42 AM PDT
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" 
[full]

* tag 'accel-sh4-ui-20240503' of https://github.com/philmd/qemu:
  ui/cocoa.m: Drop old macOS-10.12-and-earlier compat ifdefs
  target/sh4: Rename TCGv variables as manual for SUBV opcode
  target/sh4: Rename TCGv variables as manual for ADDV opcode
  target/sh4: Fix SUBV opcode
  target/sh4: Fix ADDV opcode
  MAINTAINERS: Update my email address
  plugins: Update stale comment
  plugins/api: Only include 'exec/ram_addr.h' with system emulation
  coverity: Update user emulation regexp
  user: Move 'thunk.h' from 'exec/user' to 'user'
  user: Move 'abitypes.h' from 'exec/user' to 'user'
  exec: Include missing license in 'exec/cpu-common.h'
  accel/whpx: Fix NULL dereference in whpx_init_vcpu()
  accel/nvmm: Fix NULL dereference in nvmm_init_vcpu()

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


Compare: https://github.com/qemu/qemu/compare/909aff7eaf63...97c872276d14

To unsubscribe from these emails, change your notification settings at 
https://github.com/qemu/qemu/settings/notifications



reply via email to

[Prev in Thread] Current Thread [Next in Thread]