From patchwork Tue Jul 30 09:40:00 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815277
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp214950wrs;
 Tue, 30 Jul 2024 02:40:55 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCW5R7OU0riAkznotZG4AJNwiwM8bUMmRz5JTKN0UEs9fBYaAGqtXtU6MIXoNdpFMhFbMm+x+VQidEr/HgqKXnMU
X-Google-Smtp-Source: AGHT+IHIdFSXwnZDA367+utpHpaq2/UsRTyCyNAp97hckSWslxQez6yh2lGL3DYiyA1LuhsTg+x9
X-Received: by 2002:a05:6214:29e6:b0:6b5:9fa:3224 with SMTP id
 6a1803df08f44-6bb559b25b5mr121940766d6.13.1722332454820;
 Tue, 30 Jul 2024 02:40:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332454; cv=none;
 d=google.com; s=arc-20160816;
 b=tWuEMLylsVaRwnQsEQ7stwLx5DUXQqUsHn5RIlAhrekm57exOpk91Mh3KiVPO/5UHh
 x9F/zdeXvPcUgXXTpTxVoGNzG8RfB2jXWi2E0UvlE6O0jogvJetElB89M0I/Zmmcsgx0
 AJ0YSQCiOxRMNWRRKJzoVvT2wF/MLSL8xiNeRLw8qPKfbnhN9Z4r/C+Z/gK5D5GSw1tw
 w3R8dhQdUHwyHEarHhyfiE0GDYOTB9NfUF6XbK4uUYuYxdZ06xAROqEvKY5MSakwcZnM
 EDN2iEU2sKeTVyhfnBNi6L0yGXpnvEFHBvMHwBjFr6GY1W58WEKX2KnRqbrTIIbYoTV0
 SVFw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=B5RN4DpWdHMmOm58ODLLg2Ecn4bzdDrCkkEJlS4i1B8=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=qNWHkB/YlYA+X1Qnak2VQT4+jvS463u4vN6NHlQbkIfqwD2st+WlGSRUlxC2shwivi
 jUf46fF9yPwkKgyES/CnsnMU4vT/Pwfj+FfW8DilrlYik8p0IXg7ke+yBK2BUpiB0JAz
 oo5bwV3cowyLbWnVqEkatXezBkomJdoJYswxfkz6ubS91Edbi2PXXjMeb0sOiO21ov+u
 rrCJ0rdlBZpvqczjg/q1tkJh9cPiajMkEgi/xsRNupRDGvNBeBhfjpkG+XLuJoNeaLCg
 y3NBftjUzzQkfQK7FPWHMjaX3XU5ppSPBkitl8CK6WYU5UGSKVbXVIsduoMEm3Esw++8
 MV2w==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=qxeZjrZs;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 6a1803df08f44-6bb3faabcb7si124276096d6.374.2024.07.30.02.40.54
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:40:54 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=qxeZjrZs;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLK-0003ZR-BE; Tue, 30 Jul 2024 05:40:30 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLH-0003SX-DF
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:27 -0400
Received: from mail-wr1-x430.google.com ([2a00:1450:4864:20::430])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLF-0000Wv-JZ
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:27 -0400
Received: by mail-wr1-x430.google.com with SMTP id
 ffacd0b85a97d-3687fb526b9so1972703f8f.0
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332423; x=1722937223; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=B5RN4DpWdHMmOm58ODLLg2Ecn4bzdDrCkkEJlS4i1B8=;
 b=qxeZjrZsVJoU76K4CaH4t0OnjVm2j1b4chcBtQF5FzIjDM81FEo35UVH6st6FOVx9H
 xpBoOtkvY2fU1tdiM7XBjpC64wVu8xab2J8XL9oljSIZqnRgJ20FOzDzvD9R/t2VnG86
 WJbkYnfrs1kO+S06Khecw3eFZmWmbX40iAQglrmUZAPcEoNb1UuMMTFOMB/rhTg/8T2T
 ln5O6LJwq0CsrJjQp6t3TYaKiD8rwNKyS8ky/Ku0mgn8E9OKWWGl9XJ+FbdDPe0aSRH/
 wJftKdIFEznwPnwT31d7F0Cc4p4t+RvoTpw5GarodbEqfKLBCiBGxRW7Lvjbz1aj7YGi
 Ak1Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332423; x=1722937223;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=B5RN4DpWdHMmOm58ODLLg2Ecn4bzdDrCkkEJlS4i1B8=;
 b=C8/g2XlgzfJcgANdv5p0agsPvTn4RWDnCo7Yo3V0zEMKi8/LWDPlWXY0L0aiA9xAoL
 0iRwcSzMNV2Hzq/1XN09bwF0PiR541k7AAuXaAonVHE6peUpKlndEENCbhXRncibVvp6
 f6XEl8HYQ93aQpXUzXzhL5rM11mTrBxm3P4vUlsxihZrbxqu/KrscPahhBc9u//WxvpR
 rEKj6JXTwFikDR+olR9vwnbRP/N2uGrx9GrjAiaMZXz5QUT8RdQGCPySGF/m0wIkJj/q
 /i9kcicBAV3poIjSizvGXAHaAgwPllwVqe9AvtjT8Sv2Lze7Nisc6aGjdTFYY4JK8O6F
 8c5g==
X-Gm-Message-State: AOJu0YwSM7wRd6uWdddnqwz/K/gj1RfiU9H+grJ31QOR+PUQuUD3vHOc
 w4sK+n36TQV2SdNUp3XaO8Gw9HGUaikP75KZ1EgTOnGOb8l47CNmCnbroISmxt2E1XWC86n8SNX
 v
X-Received: by 2002:adf:e60f:0:b0:368:3731:1614 with SMTP id
 ffacd0b85a97d-36b5cf243f2mr6704492f8f.32.1722332423335;
 Tue, 30 Jul 2024 02:40:23 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.22
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:23 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 01/21] hw/char/bcm2835_aux: Fix assert when receive FIFO fills
 up
Date: Tue, 30 Jul 2024 10:40:00 +0100
Message-Id: <20240730094020.2758637-2-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::430;
 envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x430.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

From: Frederik van Hövell <frederik@fvhovell.nl>

When a bare-metal application on the raspi3 board reads the
AUX_MU_STAT_REG MMIO register while the device's buffer is
at full receive FIFO capacity
(i.e. `s->read_count == BCM2835_AUX_RX_FIFO_LEN`) the
assertion `assert(s->read_count < BCM2835_AUX_RX_FIFO_LEN)`
fails.

Reported-by: Cryptjar <cryptjar@junk.studio>
Suggested-by: Cryptjar <cryptjar@junk.studio>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/459
Signed-off-by: Frederik van Hövell <frederik@fvhovell.nl>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[PMM: commit message tweaks]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/char/bcm2835_aux.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/char/bcm2835_aux.c b/hw/char/bcm2835_aux.c
index 83990e20f76..fca2f27a553 100644
--- a/hw/char/bcm2835_aux.c
+++ b/hw/char/bcm2835_aux.c
@@ -138,7 +138,7 @@ static uint64_t bcm2835_aux_read(void *opaque, hwaddr offset, unsigned size)
         res = 0x30e; /* space in the output buffer, empty tx fifo, idle tx/rx */
         if (s->read_count > 0) {
             res |= 0x1; /* data in input buffer */
-            assert(s->read_count < BCM2835_AUX_RX_FIFO_LEN);
+            assert(s->read_count <= BCM2835_AUX_RX_FIFO_LEN);
             res |= ((uint32_t)s->read_count) << 16; /* rx fifo fill level */
         }
         return res;

From patchwork Tue Jul 30 09:40:01 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815278
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp214952wrs;
 Tue, 30 Jul 2024 02:40:55 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCUt9shaO4sO1Gk3PjeJoOAe1bUfwKXhdiZzY4idhEH7lM0qg1GYWrX9LwkRw8Yo+SlYAxL6/Skqu4U5tNgYjIRF
X-Google-Smtp-Source: AGHT+IGjzf2tDvF/l3xSUkq5DsTxjoGhEty6vXto0mynu22hIs9UiXQtDMh0biK/5oPANFNX1jS3
X-Received: by 2002:a05:6358:61c2:b0:1a6:72f2:4d03 with SMTP id
 e5c5f4694b2df-1adbc2a0707mr1330988355d.9.1722332454826;
 Tue, 30 Jul 2024 02:40:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332454; cv=none;
 d=google.com; s=arc-20160816;
 b=gABIUFUolmsCyiTC/PquVGhaf1i1ekN+6VvNWSke+TpX76DPIKDCdPLuDe14FpthSE
 TO1kWSDyd3NDBBUDvJ+XiqRW43xqj4JTH5V7Kjv96BDLemLGRMseeBx/A9Sh6BKuSuC+
 EwdbLbgD1058O54aBvxUatnks4StkJ9DzT8Zox10V8s9vABlhz+B44/0EtUhQpu7N3rU
 vSTRSkBMv7QXZ/OH8Ft32DJI1NU8y6Zs5nyyxVr8mryOuaYrbI8Ta05SeZ9IcgyLs/rW
 N40A1dVHOARy9Io3r8f0aYir5Ftd2wLllMcXxm8N6MYYtZ5n7mSBChqbGyZyd762NQSU
 Cb1A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=2hTb07T/lHUckLF9pRQZzZ733VhUGgQBsCLUx7kwgYc=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=aqo/8lzvJ5cnanv2fmGDX3taluN/SfDNtmB3jF/5wq2HSpl5zXffb0DmCPtS4cc8YW
 d3e0VcAF664k438ElyIQbE3ThW/aBUHIrIrZ/DYABZr3Tft/wEnSc56wZtQWmbCHeSAh
 V4h1V4em1BA+Q2iCVbRtCp/b4PXZWC2A5zPztibDSabNpb0WXpWRJ9B5mltOlKzd9lh5
 KbmjdJZXsCv2/LMZKXOZSxso2ZDEs/mxnqkKiYPCKkA8kPxyYHmHF8RcHpLkEnBkoz3g
 j8HOQltT2pXObUQ7jPAt1NzPsVdEbHiD3u6cqH6Y7fbCJn4uhj0imLBO9G2OJVZITggn
 kn+g==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=iqS8Xpws;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 af79cd13be357-7a1d74629a1si1229951485a.470.2024.07.30.02.40.54
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:40:54 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=iqS8Xpws;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLM-0003hK-4t; Tue, 30 Jul 2024 05:40:32 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLI-0003UO-SJ
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:28 -0400
Received: from mail-lj1-x235.google.com ([2a00:1450:4864:20::235])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLF-0000X1-K8
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:28 -0400
Received: by mail-lj1-x235.google.com with SMTP id
 38308e7fff4ca-2ef2cce8be8so56889371fa.1
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332424; x=1722937224; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=2hTb07T/lHUckLF9pRQZzZ733VhUGgQBsCLUx7kwgYc=;
 b=iqS8Xpws2CoA+TwvDX8+LigcHyYvEFkNraE3ZayKDHJT5r8Dklzx2cRQLfEr5vNjaq
 p02m8CBFrbyup1G5TDUiGZQs9Gtu+YE3OWB4j8y/Ywvc3jwMmRbEtWRQugQGKYf1HUpQ
 SrlBFUPYZfsMfN31dffih9Vey24CGoRLLS+ScrK6UTj9HpaDsWyO5O+2M5Wr/jDWxqWP
 UIgLCdwbuX5x/gopL/X2ZCYspnb1ScX9WSEmPaQHi90EJJDasEsM/7JxOJHrweM8gkqZ
 7jX1/CrHfehu295kL+PDBvgVCjpogQepTEu/t6XaMtEcCbSHnqfbHvbf1BrvfBafX/ba
 k/2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332424; x=1722937224;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=2hTb07T/lHUckLF9pRQZzZ733VhUGgQBsCLUx7kwgYc=;
 b=uZyPmJTZUM3RHQP/wf7bl2i3ec8j1d2yEWQmFV/a5QIBzRl5fSZVACWAvCj+CLGEEW
 hsYvdIOGVVwhDFuNF6CA95td9M2SgN3M5WcXnFLmtXuISW5BYq1krwMqG2CwNGy5HzX2
 Z3W5aWoBokRul+nsF/2n1E0SskSoeei1utWP1opJrPKL7TbMPUJ/Nx3mvxGVyi0ED6jw
 qCxgYFqYpcm2c/OdCO5JWj9SXCVgHHun6vLZcN5WHdp0KsK28g02e04UWYeiDvqTLEOI
 vOAjGTV+GfXn8bZqPgllspIrr4sd1+EJ24sJEu5OfHo1oXrBQWsthqOtJfquceafnPdm
 cUdQ==
X-Gm-Message-State: AOJu0YyJBk4RLtdJQU8LNUzM30OobzmqGMKsOSXBIUXaGQgILMPvr6x8
 DH+4c1zmZpOMJ37xCmPWlm8wmEQZiZo7/GJwoZQ2T7eU8ez0PwGctz3AKDn8sn/7Ns7K5B1J04t
 S
X-Received: by 2002:a2e:87d5:0:b0:2ef:1c0a:9b97 with SMTP id
 38308e7fff4ca-2f12ebcaea9mr74174751fa.3.1722332423812;
 Tue, 30 Jul 2024 02:40:23 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.23
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:23 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 02/21] hw/arm/smmuv3: Assert input to oas2bits() is valid
Date: Tue, 30 Jul 2024 10:40:01 +0100
Message-Id: <20240730094020.2758637-3-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::235;
 envelope-from=peter.maydell@linaro.org; helo=mail-lj1-x235.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

From: Mostafa Saleh <smostafa@google.com>

Coverity has spotted a possible problem with the OAS handling
(CID 1558464), where the error return of oas2bits() -1 is not
checked, which can cause an overflow in oas value.

oas2bits() is only called with valid inputs, harden the function
to assert that.

Reported-By: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Mostafa Saleh <smostafa@google.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20240722103531.2377348-1-smostafa@google.com
Link: https://lore.kernel.org/qemu-devel/CAFEAcA-H=n-3mHC+eL6YjfL1m+x+b+Fk3mkgZbN74WNxifFVow@mail.gmail.com/
Signed-off-by: Mostafa Saleh <smostafa@google.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/arm/smmuv3-internal.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
index 0ebf2eebcff..b6b7399347f 100644
--- a/hw/arm/smmuv3-internal.h
+++ b/hw/arm/smmuv3-internal.h
@@ -599,7 +599,8 @@ static inline int oas2bits(int oas_field)
     case 5:
         return 48;
     }
-    return -1;
+
+    g_assert_not_reached();
 }
 
 /* CD fields */

From patchwork Tue Jul 30 09:40:02 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815279
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp214953wrs;
 Tue, 30 Jul 2024 02:40:55 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCX6ZCgis+5WCELi6jOtPQPT2LpesKjyqcuwajs6SMH8pztUPn8+Q1PXjDLqR5ACv40KZzMSh7SfbMdrLdlGB8eh
X-Google-Smtp-Source: AGHT+IHFQl7JrwSy20A/BxoInd/SJDy+hnEkpnDgiwfgRKqDEruSbdJ2i2f/pR3lr8ZyGCHft1Kr
X-Received: by 2002:a05:620a:28ce:b0:79f:6bc:d98 with SMTP id
 af79cd13be357-7a1e525f3c9mr1265619385a.36.1722332454922;
 Tue, 30 Jul 2024 02:40:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332454; cv=none;
 d=google.com; s=arc-20160816;
 b=0RfkfNtD+QBd8GQNv/xjzZWxri0YFzk/okJIE/k4tTo5PZ+lltVqFctIUBDcc8lhIG
 OrtFWK1illv7CU0b2YFhZ3wGx9dippQFVLtK0WcUeKpq209YBmCPVZoztbCy4cN/qDJ/
 vkxtZbYoXQr3HR0hrs+4U0J0hzDVwtawDpRmYn58iDiHWreRmHEy8Fx3AEqAMzooxxl/
 xgZffrlIt7djwGac4+6LlDbbqLBC2iASdzA3Vv4v5uFUJG874m6Phb99AiPoGoqGbmBI
 Wr55yY1J8Zf68D9J/KTuEVDPBZfAw0ya/pFyurLBY7NDQx8isPFEYjU0Va2K5uUtvurg
 f45A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=bZsLhHkGD+2RM38lDnVh/UCvs0hJqBanVDQ8iZwwBuE=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=UgjmUCnNRgjW+1cFI7lPSgj8kqvrSu5nxktSO+0XoFMkuAzKtav+t/6zxAf9rcfx9G
 ogVUn2to1wDjYVf4Mtq4xO/lcnKZhiUe9ldZZV6KFQroKMPEkrV93jpnNuA2RxiKdJHI
 uVqkYJR+IQppfjCkgUFe8HSrEkLCfLwjL+cDvbH9wogEXliCS1A+BMIOUn9gr0RVgRNy
 rMShb0ygm7H0DC2+lGDazhUP5we2TenEtiZjQDUSvDXF4D7CFDGVDXSixNBViKHjnARx
 JQdoQrXsmLBKX0/7HbXQgLbTot66f5kY+SX18ojPq9+YrXUxhWdkbyXZoW0Hh5uG9Ufq
 4ISg==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=lUqaleGY;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 af79cd13be357-7a1d74464f5si1264177185a.293.2024.07.30.02.40.54
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:40:54 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=lUqaleGY;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLK-0003cR-UD; Tue, 30 Jul 2024 05:40:30 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLI-0003U6-Nb
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:28 -0400
Received: from mail-wm1-x32b.google.com ([2a00:1450:4864:20::32b])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLG-0000X5-8w
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:28 -0400
Received: by mail-wm1-x32b.google.com with SMTP id
 5b1f17b1804b1-427b1d4da32so15413315e9.0
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332424; x=1722937224; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=bZsLhHkGD+2RM38lDnVh/UCvs0hJqBanVDQ8iZwwBuE=;
 b=lUqaleGYBlOLbVUXNtr0PANnSb0ma7SSFyVldsT4IsRp+qloAYQ8uhDC7DdhcbWABA
 CXxnjLvBDMRtOTU9XhbnazikaOS3PCrRVdZ4ujyy5vjioaC/XP+wVcFb71zlR3RyH9ok
 KUVBqmYQgsPEToH086QPgLm0+XjzfKBCYJh7BjL5M9ywDB1GDLWccbv0O41wyK3iQ5P0
 7c8RTJXr3GpDm/oS62RCu89FLnYX4Yqu6wwb+FtDnuyHlZwQqfRYRuxLB9cnmmpieVqX
 0FK5OPdoQCFW6w0rCQf6c7z+J5wylo5ng08e2871S4Fff4IijjGiKfZyFWUhEEKSZk1p
 FJ6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332424; x=1722937224;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=bZsLhHkGD+2RM38lDnVh/UCvs0hJqBanVDQ8iZwwBuE=;
 b=gxkj3ke44yg+dyEMI6X+D4phzZq3lckat8/1kseue+4/KgE14ZjpJ2qKoQSjqUxJor
 GFDfXEnyHMC+v9png4VgW4NEZSuz4d4Fg7vlV89lLpGhnivtIh5ujadtWZgaUpzfVGNg
 1QO1fFExdD94XB8Lu7oethCu+NhO3zchSouw7qRPA9yay42diDwJU/M3pFycYUfbIODF
 P3o5NRgLGj1qteZUTf29yufR7Rgu4qrOnhapGwLfJzYaynAM+ea4cYhIxPJmvUvGE8zQ
 EbBXdV7eH1L+/aPT/hi4MHbgwv2QRYFKHQTctbbXlRE00iHvNMBLXxGmti3tbWQ4TlNp
 21/Q==
X-Gm-Message-State: AOJu0YxrwyqebdnChMxuUktCdWF7TmNxrQnebDTtUnPQgxytRho/odtA
 26U91mg5lzTm0thXW7glEEobV3Vo+UmqNJAoAzcPcN/SYTDg8WWep4E6xr/X8qSIOMyoYA281yQ
 b
X-Received: by 2002:a5d:6e04:0:b0:366:e308:f9a1 with SMTP id
 ffacd0b85a97d-36b8c8e9b57mr1001217f8f.23.1722332424295;
 Tue, 30 Jul 2024 02:40:24 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.23
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:24 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 03/21] target/arm/kvm: Set PMU for host only when available
Date: Tue, 30 Jul 2024 10:40:02 +0100
Message-Id: <20240730094020.2758637-4-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::32b;
 envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x32b.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

From: Akihiko Odaki <akihiko.odaki@daynix.com>

target/arm/kvm.c checked PMU availability but unconditionally set the
PMU feature flag for the host CPU model, which is confusing. Set the
feature flag only when available.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/kvm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 70f79eda33c..b20a35052f4 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -280,6 +280,7 @@ static bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
     if (kvm_arm_pmu_supported()) {
         init.features[0] |= 1 << KVM_ARM_VCPU_PMU_V3;
         pmu_supported = true;
+        features |= 1ULL << ARM_FEATURE_PMU;
     }
 
     if (!kvm_arm_create_scratch_host_vcpu(cpus_to_try, fdarray, &init)) {
@@ -448,7 +449,6 @@ static bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
     features |= 1ULL << ARM_FEATURE_V8;
     features |= 1ULL << ARM_FEATURE_NEON;
     features |= 1ULL << ARM_FEATURE_AARCH64;
-    features |= 1ULL << ARM_FEATURE_PMU;
     features |= 1ULL << ARM_FEATURE_GENERIC_TIMER;
 
     ahcf->features = features;

From patchwork Tue Jul 30 09:40:03 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815288
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp215499wrs;
 Tue, 30 Jul 2024 02:42:51 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCUUSZ2wtLHwn7LemPAQcJubSnpCo/U52poIYJzxFzGzgAAh5eBT5j+ivyqqXeWEbsj14OPOBFc2YW52urN6jMea
X-Google-Smtp-Source: AGHT+IFPepDFuu+Dqv73LHlZZ8nVhk6uMgGe/rfLpBBkOcgJECDJWWezYwsug1njg3hRxajS71me
X-Received: by 2002:ac8:588c:0:b0:44f:deee:befd with SMTP id
 d75a77b69052e-45004f98845mr124103661cf.44.1722332570879;
 Tue, 30 Jul 2024 02:42:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332570; cv=none;
 d=google.com; s=arc-20160816;
 b=hSKE3SKwXfCELtmcQENXskMA0OrAN6v7qxe/h94nOxiRKzWG+PDrQTn7hLoe33kn8w
 AEn4ZUKo7sGkg/IW2/deA4+qLHLgqxPB3fyR/jOhMPT3WgUOE0ViWSTY+YHiTSkeSLzP
 RVZe7+r5U8oU3JyDox4u7HScb4yZa0xSvyRzrVznBB94WeWhTkLJc6R9qxc6XGcwrD81
 +QIWwu1PttA+AGnq5/HqWrzVKyslqDakorym3/W4QwxJ2UUXdwH696sH+FtkTuD/1mi5
 FQyC9LUWsU8YWR6cwJRawwmnqebvgXSV3JvzVivb3SmFr8EPXeye9f/nhQfLLfUufzKk
 EpwQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=NzA4PjXCRONbQTo8BkDcv1kJWdZctM8YQjAGl+nA/2Y=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=OeIhJYDWlLRROgmLpE4oSq3b7Wkbqx0djuKrWCgOIhJCkaxpJyV7lLR7t/TWY/8Wzp
 z3j1CfKET0q973wwETVyG/KOZOhrTOe5atEXrln/mk//WRMtfTYLnnMSYKbX1AtgQpsq
 oBnBAf23njj/PiCkqE/DX64u7mG2IHzvOglYNE+oNqW3LXfrqxrgxxAZK2+Z+QLVYdN5
 u2yOpFmNWKt86/nHBdXbOgdJkHmKZphJpwCnvjxV6sAuFFB+4EbXkIcaHrVAuJghHd4C
 f1xmZo0WVmThdDa2KCtE+r7yG8n1QNEG0JwIqgoQz1La2TSWGHeGJ161DfZ9UAOc3HPJ
 n1CQ==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=IWxayZdS;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 d75a77b69052e-44fe815b96bsi127993571cf.202.2024.07.30.02.42.50
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:42:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=IWxayZdS;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLK-0003aj-Kb; Tue, 30 Jul 2024 05:40:30 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLI-0003UC-Qh
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:28 -0400
Received: from mail-wr1-x435.google.com ([2a00:1450:4864:20::435])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLG-0000X7-96
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:28 -0400
Received: by mail-wr1-x435.google.com with SMTP id
 ffacd0b85a97d-36865a516f1so2835618f8f.0
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332425; x=1722937225; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=NzA4PjXCRONbQTo8BkDcv1kJWdZctM8YQjAGl+nA/2Y=;
 b=IWxayZdS+y1XSMSMDx/cotFWvinCo1CDJCqP00GukJsrCA5Y70FO8NDArwbha4hV+0
 T1C1lDz8t5WTtkG1soHWYOCnmRgs6V3D4zvXZqdfAo1Pq7h2Mlr8mswAm0Fo5kExx0We
 oUlbUyaMxVgTd7lg+mUbJl4DFbN20xsFeAP7qNS8pOy1NVMXXRJbbgNLOdEfz6nFmXTc
 JmfGODsVcNctjtikDVjRM45uhovzHKJAd+Pjsnpc0P7OfRxNxn/stdmZZgLnz8EAn+3J
 wydHug7sKOkzSrgi3Nt6HyGrfNZycFhQ1TLqc6TC2cSv0EkrMnpdrmP0yJYzUC7jjAQx
 /Ydw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332425; x=1722937225;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=NzA4PjXCRONbQTo8BkDcv1kJWdZctM8YQjAGl+nA/2Y=;
 b=dxajZdRcstUVr/hmTLfYQOXa8ZSIRefcLCXAxP5Z33AILLS/juJ91vQwU376uB7ASV
 hgdIONX6TJUeQrbzoTij2xdgU8RmruzOCbV7Spx01WLSUOqdSuLlQHCKijShxxIUY6eA
 ufOui6iPGImbN3AOU7dTOA1/Awz7ROVZ4GE/Nymi77I10O+inhjmmlUh1aL5KfFN5XzH
 tQv1kZ4fZREgEW7RgkUzxUDe45QjAoELgV8fBdPi4eRvHusPHl1skbn4uY06ALbtaHEF
 DGm2e1uOdDblUExL3LgBtuIOgUlbwfzPMNbqGmHPtts9Ra/bABc8xT+UBRbph11GSpL+
 Kl9g==
X-Gm-Message-State: AOJu0YyhO4E/VhmxcZoF+BXSEGb3bFz4K+olwM4/GK6IkH65AenzhUSD
 HmfNabb2TY+JALecXoYgEDoKURzvm/ktWR8rMzUzjkjO93w0GQc9mhVDKDgga+o4ZbKZ/+yWGrF
 I
X-Received: by 2002:adf:f582:0:b0:368:3f5b:2ae7 with SMTP id
 ffacd0b85a97d-36b5d079e31mr7514750f8f.24.1722332424739;
 Tue, 30 Jul 2024 02:40:24 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.24
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:24 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 04/21] target/arm/kvm: Do not silently remove PMU
Date: Tue, 30 Jul 2024 10:40:03 +0100
Message-Id: <20240730094020.2758637-5-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::435;
 envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x435.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

From: Akihiko Odaki <akihiko.odaki@daynix.com>

kvm_arch_init_vcpu() used to remove PMU when it is not available even
if the CPU model needs one. It is semantically incorrect, and may
continue execution on a misbehaving host that advertises a CPU model
while lacking its PMU. Keep the PMU when the CPU model needs one, and
let kvm_arm_vcpu_init() fail if the KVM implementation mismatches with
our expectation.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/kvm.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index b20a35052f4..849e2e21b30 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -1888,13 +1888,8 @@ int kvm_arch_init_vcpu(CPUState *cs)
     if (!arm_feature(env, ARM_FEATURE_AARCH64)) {
         cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_EL1_32BIT;
     }
-    if (!kvm_check_extension(cs->kvm_state, KVM_CAP_ARM_PMU_V3)) {
-        cpu->has_pmu = false;
-    }
     if (cpu->has_pmu) {
         cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_PMU_V3;
-    } else {
-        env->features &= ~(1ULL << ARM_FEATURE_PMU);
     }
     if (cpu_isar_feature(aa64_sve, cpu)) {
         assert(kvm_arm_sve_supported());

From patchwork Tue Jul 30 09:40:04 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815290
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp215527wrs;
 Tue, 30 Jul 2024 02:42:58 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCU/5atRYhK59N7ZMuCfvveFzx/ThRREYUrd4YidtNWmSf9KlO3ieUAGHwXwYYmh1oMCt0zJwVTksVcCCf98SP/x
X-Google-Smtp-Source: AGHT+IFNhyVoMap7OiRYLJMxWxLjUFzsiiGVW8WAHwUnT9Uo65IMcIa27D3kIb+v8mE+Vq1vXaZW
X-Received: by 2002:a05:620a:404e:b0:79d:74c3:b5fe with SMTP id
 af79cd13be357-7a1e5301acbmr907593985a.66.1722332578424;
 Tue, 30 Jul 2024 02:42:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332578; cv=none;
 d=google.com; s=arc-20160816;
 b=kGOu8S9W7aipP4HyLSATC8zupQdrLgBi/JKZ82TWh4XBDyM2qxFxunsNg2NsiOe2vV
 2zoLr7c3BLo3tRPJEWbE1hsu7MIC+q2IdwqaUJsFMiVdLJ+BVZoR/IRMnuWg8V/F/UbV
 Kvel6YgKLEW+K+svJreL2Or46dDU04oNLzzgI4us5pJR6KDjHnoRDgr0+zg5ZLEiWrUp
 C/YHJhh5URNQyfVI1v36Aw8NmDAKKUxpMmDIGUP60k2fYrsw1pbj8K4VaVX8j9jP2pjf
 r4yYunJj2SybjE31sZTUfDujjalR2MUMt6zreA/C+ILHhLrO9wf1NPij4dnQHJxDO59H
 5dnA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=jEc2SgYhHaxOGH0nqAsbg0clklAWKN/eCzhci1Lx38Q=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=Gxe/ll8jsNN6i84aijTUDgeB+cpj5v/x8O4l5AUq9X/QBQ53UEyuYvSsJ5piAO2mt2
 IxXH8d5UpRPGqRT1VRM4bRqDK1crv9VmLwJ7ONQ9neIZDd6mwESAg6iTcHH2L/b0iYmJ
 z7xniZP9rN8yltvPg5ZBW7bQqLesx8ye8h6fjQrwQD5IaU7NJibmPV276l4fXsPckQTT
 E+wiYZ2gmRp/RTlqXmD1XWig2lhzQxpJIvc9VGqp1NJm/okGiVJkyzZqY/Iifr6bdCkF
 Zd+Z8sNY/iEzpnU4FYGtZR+osku7XYjYmyNC0fCaOWcFn18vgGvaPHlJw01QG3ttf7qK
 AneA==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=Rcua7EJ7;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 af79cd13be357-7a1d74629f9si1278845685a.520.2024.07.30.02.42.58
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:42:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=Rcua7EJ7;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLO-0003pQ-BH; Tue, 30 Jul 2024 05:40:34 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLK-0003bA-La
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:30 -0400
Received: from mail-wr1-x42e.google.com ([2a00:1450:4864:20::42e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLH-0000XD-Gg
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:30 -0400
Received: by mail-wr1-x42e.google.com with SMTP id
 ffacd0b85a97d-3686b554cfcso2036208f8f.1
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332425; x=1722937225; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=jEc2SgYhHaxOGH0nqAsbg0clklAWKN/eCzhci1Lx38Q=;
 b=Rcua7EJ70PdjzzKLO9Ua2mzEwn5ThlwOx70bhXAk5LD4zKpg1ePpvWOdkqPaLwZCND
 MxSaIQi4nnQH6AO75fUB+U6mLJyH/V7KxE4H1yTyrH748PEHJYSI3lEF84Lob5Ld58Kb
 jLiI08UcA8H7C+uc7xV1j2hK9AE1f/8qzRNvGz4ykSVfNB3/kOZ+WBQwkn0kuJUZs31U
 JtHGg/7JXjg4KAydOIdD3wUQAelc9gPjzfRW+srv1jnOwNZ2T5j3n3BgQa/i6Lnq5DGE
 cmRomjLWfI+hB1ur/aXOG9BBvgNT/qqCm8ng+A3Uvq5WvDmvxVDaikFekgsIeoG7ICLb
 Xe1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332425; x=1722937225;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=jEc2SgYhHaxOGH0nqAsbg0clklAWKN/eCzhci1Lx38Q=;
 b=C4WghR5wififK4cRMjqNKvHxalCCTNLXM3WJR/mqhRH65BKd/HWUL0XZanE12XSF3k
 MWE46phyOIvfvkiflmTybqZC/UpMnwwV+sIFyxp40nQYXPUeWDmatN6BxZ3EE4mT0cVV
 NOo8kdUPxX3230uA/eVy0OHyUO62oxCQo1bD78j+TjUyVlzll31H9rldZke1HUwpi7IO
 z7OQsyqxaV3iFn97ppuz0asx4nJu1UFz1RfoMePNvzjuITll/+IcakOoxOI+LnKXlGFl
 g7F1r3PisIeXSpOemVkPb3ptAPMooueucGeZP8pbmoSbjq9ZKS81clG4z27Ywe9D1/m5
 Pccg==
X-Gm-Message-State: AOJu0YxXAejt7PlFTn5OoIbP2ElgnvybankeitDAd6VdZe+/sfWZGJ3b
 d2UBeiSKjSnV2cjxVFdSi/psIQdTZ0EBwgBFLN1z5sIXXa5Vgy5Er7DsTdfRwgYzIf+aeRd5D8H
 2
X-Received: by 2002:adf:ef48:0:b0:368:7e10:6995 with SMTP id
 ffacd0b85a97d-36b5ceef468mr6548012f8f.17.1722332425190;
 Tue, 30 Jul 2024 02:40:25 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.24
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:24 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 05/21] hvf: arm: Raise an exception for sysreg by default
Date: Tue, 30 Jul 2024 10:40:04 +0100
Message-Id: <20240730094020.2758637-6-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::42e;
 envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x42e.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

From: Akihiko Odaki <akihiko.odaki@daynix.com>

Any sysreg access results in an exception unless defined otherwise so
we should raise an exception by default.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/hvf/hvf.c | 174 +++++++++++++++++++++----------------------
 1 file changed, 85 insertions(+), 89 deletions(-)

diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index eb090e67a2f..1a749534fb0 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -1199,57 +1199,56 @@ static bool hvf_sysreg_read_cp(CPUState *cpu, uint32_t reg, uint64_t *val)
     return false;
 }
 
-static int hvf_sysreg_read(CPUState *cpu, uint32_t reg, uint32_t rt)
+static int hvf_sysreg_read(CPUState *cpu, uint32_t reg, uint64_t *val)
 {
     ARMCPU *arm_cpu = ARM_CPU(cpu);
     CPUARMState *env = &arm_cpu->env;
-    uint64_t val = 0;
 
     switch (reg) {
     case SYSREG_CNTPCT_EL0:
-        val = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) /
+        *val = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) /
               gt_cntfrq_period_ns(arm_cpu);
-        break;
+        return 0;
     case SYSREG_PMCR_EL0:
-        val = env->cp15.c9_pmcr;
-        break;
+        *val = env->cp15.c9_pmcr;
+        return 0;
     case SYSREG_PMCCNTR_EL0:
         pmu_op_start(env);
-        val = env->cp15.c15_ccnt;
+        *val = env->cp15.c15_ccnt;
         pmu_op_finish(env);
-        break;
+        return 0;
     case SYSREG_PMCNTENCLR_EL0:
-        val = env->cp15.c9_pmcnten;
-        break;
+        *val = env->cp15.c9_pmcnten;
+        return 0;
     case SYSREG_PMOVSCLR_EL0:
-        val = env->cp15.c9_pmovsr;
-        break;
+        *val = env->cp15.c9_pmovsr;
+        return 0;
     case SYSREG_PMSELR_EL0:
-        val = env->cp15.c9_pmselr;
-        break;
+        *val = env->cp15.c9_pmselr;
+        return 0;
     case SYSREG_PMINTENCLR_EL1:
-        val = env->cp15.c9_pminten;
-        break;
+        *val = env->cp15.c9_pminten;
+        return 0;
     case SYSREG_PMCCFILTR_EL0:
-        val = env->cp15.pmccfiltr_el0;
-        break;
+        *val = env->cp15.pmccfiltr_el0;
+        return 0;
     case SYSREG_PMCNTENSET_EL0:
-        val = env->cp15.c9_pmcnten;
-        break;
+        *val = env->cp15.c9_pmcnten;
+        return 0;
     case SYSREG_PMUSERENR_EL0:
-        val = env->cp15.c9_pmuserenr;
-        break;
+        *val = env->cp15.c9_pmuserenr;
+        return 0;
     case SYSREG_PMCEID0_EL0:
     case SYSREG_PMCEID1_EL0:
         /* We can't really count anything yet, declare all events invalid */
-        val = 0;
-        break;
+        *val = 0;
+        return 0;
     case SYSREG_OSLSR_EL1:
-        val = env->cp15.oslsr_el1;
-        break;
+        *val = env->cp15.oslsr_el1;
+        return 0;
     case SYSREG_OSDLR_EL1:
         /* Dummy register */
-        break;
+        return 0;
     case SYSREG_ICC_AP0R0_EL1:
     case SYSREG_ICC_AP0R1_EL1:
     case SYSREG_ICC_AP0R2_EL1:
@@ -1276,9 +1275,8 @@ static int hvf_sysreg_read(CPUState *cpu, uint32_t reg, uint32_t rt)
     case SYSREG_ICC_SRE_EL1:
     case SYSREG_ICC_CTLR_EL1:
         /* Call the TCG sysreg handler. This is only safe for GICv3 regs. */
-        if (!hvf_sysreg_read_cp(cpu, reg, &val)) {
-            hvf_raise_exception(cpu, EXCP_UDEF, syn_uncategorized());
-            return 1;
+        if (hvf_sysreg_read_cp(cpu, reg, &val)) {
+            return 0;
         }
         break;
     case SYSREG_DBGBVR0_EL1:
@@ -1297,8 +1295,8 @@ static int hvf_sysreg_read(CPUState *cpu, uint32_t reg, uint32_t rt)
     case SYSREG_DBGBVR13_EL1:
     case SYSREG_DBGBVR14_EL1:
     case SYSREG_DBGBVR15_EL1:
-        val = env->cp15.dbgbvr[SYSREG_CRM(reg)];
-        break;
+        *val = env->cp15.dbgbvr[SYSREG_CRM(reg)];
+        return 0;
     case SYSREG_DBGBCR0_EL1:
     case SYSREG_DBGBCR1_EL1:
     case SYSREG_DBGBCR2_EL1:
@@ -1315,8 +1313,8 @@ static int hvf_sysreg_read(CPUState *cpu, uint32_t reg, uint32_t rt)
     case SYSREG_DBGBCR13_EL1:
     case SYSREG_DBGBCR14_EL1:
     case SYSREG_DBGBCR15_EL1:
-        val = env->cp15.dbgbcr[SYSREG_CRM(reg)];
-        break;
+        *val = env->cp15.dbgbcr[SYSREG_CRM(reg)];
+        return 0;
     case SYSREG_DBGWVR0_EL1:
     case SYSREG_DBGWVR1_EL1:
     case SYSREG_DBGWVR2_EL1:
@@ -1333,8 +1331,8 @@ static int hvf_sysreg_read(CPUState *cpu, uint32_t reg, uint32_t rt)
     case SYSREG_DBGWVR13_EL1:
     case SYSREG_DBGWVR14_EL1:
     case SYSREG_DBGWVR15_EL1:
-        val = env->cp15.dbgwvr[SYSREG_CRM(reg)];
-        break;
+        *val = env->cp15.dbgwvr[SYSREG_CRM(reg)];
+        return 0;
     case SYSREG_DBGWCR0_EL1:
     case SYSREG_DBGWCR1_EL1:
     case SYSREG_DBGWCR2_EL1:
@@ -1351,35 +1349,25 @@ static int hvf_sysreg_read(CPUState *cpu, uint32_t reg, uint32_t rt)
     case SYSREG_DBGWCR13_EL1:
     case SYSREG_DBGWCR14_EL1:
     case SYSREG_DBGWCR15_EL1:
-        val = env->cp15.dbgwcr[SYSREG_CRM(reg)];
-        break;
+        *val = env->cp15.dbgwcr[SYSREG_CRM(reg)];
+        return 0;
     default:
         if (is_id_sysreg(reg)) {
             /* ID system registers read as RES0 */
-            val = 0;
-            break;
+            *val = 0;
+            return 0;
         }
-        cpu_synchronize_state(cpu);
-        trace_hvf_unhandled_sysreg_read(env->pc, reg,
-                                        SYSREG_OP0(reg),
-                                        SYSREG_OP1(reg),
-                                        SYSREG_CRN(reg),
-                                        SYSREG_CRM(reg),
-                                        SYSREG_OP2(reg));
-        hvf_raise_exception(cpu, EXCP_UDEF, syn_uncategorized());
-        return 1;
     }
 
-    trace_hvf_sysreg_read(reg,
-                          SYSREG_OP0(reg),
-                          SYSREG_OP1(reg),
-                          SYSREG_CRN(reg),
-                          SYSREG_CRM(reg),
-                          SYSREG_OP2(reg),
-                          val);
-    hvf_set_reg(cpu, rt, val);
-
-    return 0;
+    cpu_synchronize_state(cpu);
+    trace_hvf_unhandled_sysreg_read(env->pc, reg,
+                                    SYSREG_OP0(reg),
+                                    SYSREG_OP1(reg),
+                                    SYSREG_CRN(reg),
+                                    SYSREG_CRM(reg),
+                                    SYSREG_OP2(reg));
+    hvf_raise_exception(cpu, EXCP_UDEF, syn_uncategorized());
+    return 1;
 }
 
 static void pmu_update_irq(CPUARMState *env)
@@ -1503,7 +1491,7 @@ static int hvf_sysreg_write(CPUState *cpu, uint32_t reg, uint64_t val)
         pmu_op_start(env);
         env->cp15.c15_ccnt = val;
         pmu_op_finish(env);
-        break;
+        return 0;
     case SYSREG_PMCR_EL0:
         pmu_op_start(env);
 
@@ -1523,45 +1511,45 @@ static int hvf_sysreg_write(CPUState *cpu, uint32_t reg, uint64_t val)
         env->cp15.c9_pmcr |= (val & PMCR_WRITABLE_MASK);
 
         pmu_op_finish(env);
-        break;
+        return 0;
     case SYSREG_PMUSERENR_EL0:
         env->cp15.c9_pmuserenr = val & 0xf;
-        break;
+        return 0;
     case SYSREG_PMCNTENSET_EL0:
         env->cp15.c9_pmcnten |= (val & pmu_counter_mask(env));
-        break;
+        return 0;
     case SYSREG_PMCNTENCLR_EL0:
         env->cp15.c9_pmcnten &= ~(val & pmu_counter_mask(env));
-        break;
+        return 0;
     case SYSREG_PMINTENCLR_EL1:
         pmu_op_start(env);
         env->cp15.c9_pminten |= val;
         pmu_op_finish(env);
-        break;
+        return 0;
     case SYSREG_PMOVSCLR_EL0:
         pmu_op_start(env);
         env->cp15.c9_pmovsr &= ~val;
         pmu_op_finish(env);
-        break;
+        return 0;
     case SYSREG_PMSWINC_EL0:
         pmu_op_start(env);
         pmswinc_write(env, val);
         pmu_op_finish(env);
-        break;
+        return 0;
     case SYSREG_PMSELR_EL0:
         env->cp15.c9_pmselr = val & 0x1f;
-        break;
+        return 0;
     case SYSREG_PMCCFILTR_EL0:
         pmu_op_start(env);
         env->cp15.pmccfiltr_el0 = val & PMCCFILTR_EL0;
         pmu_op_finish(env);
-        break;
+        return 0;
     case SYSREG_OSLAR_EL1:
         env->cp15.oslsr_el1 = val & 1;
-        break;
+        return 0;
     case SYSREG_OSDLR_EL1:
         /* Dummy register */
-        break;
+        return 0;
     case SYSREG_ICC_AP0R0_EL1:
     case SYSREG_ICC_AP0R1_EL1:
     case SYSREG_ICC_AP0R2_EL1:
@@ -1591,10 +1579,10 @@ static int hvf_sysreg_write(CPUState *cpu, uint32_t reg, uint64_t val)
         if (!hvf_sysreg_write_cp(cpu, reg, val)) {
             hvf_raise_exception(cpu, EXCP_UDEF, syn_uncategorized());
         }
-        break;
+        return 0;
     case SYSREG_MDSCR_EL1:
         env->cp15.mdscr_el1 = val;
-        break;
+        return 0;
     case SYSREG_DBGBVR0_EL1:
     case SYSREG_DBGBVR1_EL1:
     case SYSREG_DBGBVR2_EL1:
@@ -1612,7 +1600,7 @@ static int hvf_sysreg_write(CPUState *cpu, uint32_t reg, uint64_t val)
     case SYSREG_DBGBVR14_EL1:
     case SYSREG_DBGBVR15_EL1:
         env->cp15.dbgbvr[SYSREG_CRM(reg)] = val;
-        break;
+        return 0;
     case SYSREG_DBGBCR0_EL1:
     case SYSREG_DBGBCR1_EL1:
     case SYSREG_DBGBCR2_EL1:
@@ -1630,7 +1618,7 @@ static int hvf_sysreg_write(CPUState *cpu, uint32_t reg, uint64_t val)
     case SYSREG_DBGBCR14_EL1:
     case SYSREG_DBGBCR15_EL1:
         env->cp15.dbgbcr[SYSREG_CRM(reg)] = val;
-        break;
+        return 0;
     case SYSREG_DBGWVR0_EL1:
     case SYSREG_DBGWVR1_EL1:
     case SYSREG_DBGWVR2_EL1:
@@ -1648,7 +1636,7 @@ static int hvf_sysreg_write(CPUState *cpu, uint32_t reg, uint64_t val)
     case SYSREG_DBGWVR14_EL1:
     case SYSREG_DBGWVR15_EL1:
         env->cp15.dbgwvr[SYSREG_CRM(reg)] = val;
-        break;
+        return 0;
     case SYSREG_DBGWCR0_EL1:
     case SYSREG_DBGWCR1_EL1:
     case SYSREG_DBGWCR2_EL1:
@@ -1666,20 +1654,18 @@ static int hvf_sysreg_write(CPUState *cpu, uint32_t reg, uint64_t val)
     case SYSREG_DBGWCR14_EL1:
     case SYSREG_DBGWCR15_EL1:
         env->cp15.dbgwcr[SYSREG_CRM(reg)] = val;
-        break;
-    default:
-        cpu_synchronize_state(cpu);
-        trace_hvf_unhandled_sysreg_write(env->pc, reg,
-                                         SYSREG_OP0(reg),
-                                         SYSREG_OP1(reg),
-                                         SYSREG_CRN(reg),
-                                         SYSREG_CRM(reg),
-                                         SYSREG_OP2(reg));
-        hvf_raise_exception(cpu, EXCP_UDEF, syn_uncategorized());
-        return 1;
+        return 0;
     }
 
-    return 0;
+    cpu_synchronize_state(cpu);
+    trace_hvf_unhandled_sysreg_write(env->pc, reg,
+                                     SYSREG_OP0(reg),
+                                     SYSREG_OP1(reg),
+                                     SYSREG_CRN(reg),
+                                     SYSREG_CRM(reg),
+                                     SYSREG_OP2(reg));
+    hvf_raise_exception(cpu, EXCP_UDEF, syn_uncategorized());
+    return 1;
 }
 
 static int hvf_inject_interrupts(CPUState *cpu)
@@ -1944,7 +1930,17 @@ int hvf_vcpu_exec(CPUState *cpu)
         int sysreg_ret = 0;
 
         if (isread) {
-            sysreg_ret = hvf_sysreg_read(cpu, reg, rt);
+            sysreg_ret = hvf_sysreg_read(cpu, reg, &val);
+            if (!sysreg_ret) {
+                trace_hvf_sysreg_read(reg,
+                                      SYSREG_OP0(reg),
+                                      SYSREG_OP1(reg),
+                                      SYSREG_CRN(reg),
+                                      SYSREG_CRM(reg),
+                                      SYSREG_OP2(reg),
+                                      val);
+                hvf_set_reg(cpu, rt, val);
+            }
         } else {
             val = hvf_get_reg(cpu, rt);
             sysreg_ret = hvf_sysreg_write(cpu, reg, val);

From patchwork Tue Jul 30 09:40:05 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815286
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp215416wrs;
 Tue, 30 Jul 2024 02:42:31 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCXzhtF+LAH+TR7UKhlMIzy0tfaeZDbiIEpIGLxK7rqLx4JvrcAmfmsg99L4dqFAD7ZhwCZJ0/8bpAOXKCSKm3uO
X-Google-Smtp-Source: AGHT+IEKoOs7AP8ZoK23aZsf0Jyjpr8sHXBSkQ4V/7roBivjLo/52gNcbTb9oq2OHvuTWGfl+7sg
X-Received: by 2002:a05:622a:447:b0:441:59f3:fa1 with SMTP id
 d75a77b69052e-45004f328a7mr130675891cf.43.1722332551469;
 Tue, 30 Jul 2024 02:42:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332551; cv=none;
 d=google.com; s=arc-20160816;
 b=aAWl6EGyKL/oUEmmYpRwPT/A/fLFM/B9mw+DkGZ5/ZHYl5JCNdoxsQg5F4JIiFLYBA
 cdbHhBc5diFUVobRyiYtvzn3ZFbXY1bRtU70e+pRggLscspe2snL+8AOJqHe193G3hLf
 XIX7AEC/znnQfqtOo22yIgzi2AsrhQFQwpXUp9YQWh9JAboSq84Maop3jY2Ur6xet7Xl
 U+7bh3Z+6UpNWUZaH4fHGtXKLlo1uPp0slLQf8Ep0d3vA9wDWZ7hq5I4TIQ7XSPD4tfr
 XarTUQIj0nYSHiPI05zD77kEMt077pgkRFI4hBfNfYsXiH3cCsPLUijqcHTY81E6f+Qr
 Hi3Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=4T6pYopAN2oL2qteh+hB6Dilhk+gKXLQ4w62WyPdv7M=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=uop1cvJjwTKcYULaSE9xhvOE374t+jdEg0lFHZcdwk8viA1zu7WbgnyyHhWjGlbZrQ
 KyJeWgFsatncERMe3g2ehpk+ykFuozsf6HIfIa0qdx/pBPYcwR9LIDP6j0CzIRGZDRyH
 0MghdsqKnQK0jwSId2HFhRYFB1Xzz6GUoQyb//aZXOxZXHdW14PubjqZc3rSg4YuSG45
 YtCtldbJbIbycQOIHOqRPVsAPDGEjihpLfivJAbc2hkkGAQHxqHyKNuayPCiOa7Jsxm/
 QsIAU9gZdpU6T8H/DTe8sILQcx8mOYrf3m+WQdXfNh0p0cUiVUp9+kYOOB8XCvHBI9Pa
 ZzYQ==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=sXe+lhNl;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 d75a77b69052e-44fe8403e36si125987811cf.408.2024.07.30.02.42.31
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:42:31 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=sXe+lhNl;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLN-0003lR-9F; Tue, 30 Jul 2024 05:40:33 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLK-0003ZA-75
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:30 -0400
Received: from mail-wr1-x42c.google.com ([2a00:1450:4864:20::42c])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLH-0000XJ-25
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:29 -0400
Received: by mail-wr1-x42c.google.com with SMTP id
 ffacd0b85a97d-36844375001so1777184f8f.0
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332425; x=1722937225; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=4T6pYopAN2oL2qteh+hB6Dilhk+gKXLQ4w62WyPdv7M=;
 b=sXe+lhNlOh0naJtgSUBry+o5EKssAHlpixEi9g3PI4nW1bZ1NbEawvG8kIzol7tlkq
 MFpAWwiBzZog412x1RFJ9pEkMVL2nc4w4T2CUqPQuboRRDljwmgE8a7RlpDNG2PGLGGk
 gPmRAe8C89EHFz0j3IfvNfCrhQGLGXCK/p4J3db8XVS0HuziR687+R6D04tOaJf5Fi0l
 gIOjR0wfESOh0b+7K+IbPgenc6gVLLnbdR36A+IL+S7wLyhX4qH7WwLpCfiRfAWIpzln
 oeNjhRpNuB2Y5ReK0uu4pakZIm8Cf0Vu54+E24n7KyDZDpXbSLs0jP8E7zhPauF3f8xm
 N6ew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332425; x=1722937225;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=4T6pYopAN2oL2qteh+hB6Dilhk+gKXLQ4w62WyPdv7M=;
 b=xRHzgWTJ9ITcwiTBIMPzULFn57REIogBW8tU57vXXE3wPRS01vF0iZwA9kEvCDRyCQ
 fyyD/Oul9Ye9SJRIS/9fyrWW0NjQyFDVI8wfqFAx0BUpWGTtxAdlov+I5vqr4KVqrpbP
 VrBRm0Tnn4HCR7ReGyypwNeAGWV4i0GXejV36QWOE1mvKJuHpvvANaaArwOslcdS2Idp
 MvjoRXThDitjx2UX+NQP6S7aVAjSHsvQXZUFyOiWEzKhPVEKjeQH9VV2xaw+022y88yT
 iR1bIaECSYRi2sCSlOD6bMSG1saCTP7Nw4xiULBhfKkK1fnbMpls+XITPwTAtF93ONJE
 nLYg==
X-Gm-Message-State: AOJu0Yz6ICqGhTxS+ijViFrXLLc3p3H8mpUogDJsY3i/bPmK+zswDlU2
 yORI/90YIv0WB/15KUQK4tHB+TdojNg92E7TouyU0b+uZBgPMYpk8QXotwtO68b7v38HnNkrrOR
 e
X-Received: by 2002:a05:6000:1249:b0:367:f054:7aba with SMTP id
 ffacd0b85a97d-36b5d0bc571mr6269721f8f.41.1722332425648;
 Tue, 30 Jul 2024 02:40:25 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.25
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:25 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 06/21] hvf: arm: Properly disable PMU
Date: Tue, 30 Jul 2024 10:40:05 +0100
Message-Id: <20240730094020.2758637-7-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::42c;
 envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x42c.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

From: Akihiko Odaki <akihiko.odaki@daynix.com>

Setting pmu property used to have no effect for hvf so fix it.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/hvf/hvf.c | 186 +++++++++++++++++++++++--------------------
 1 file changed, 98 insertions(+), 88 deletions(-)

diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index 1a749534fb0..adcdfae0b17 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -1204,45 +1204,50 @@ static int hvf_sysreg_read(CPUState *cpu, uint32_t reg, uint64_t *val)
     ARMCPU *arm_cpu = ARM_CPU(cpu);
     CPUARMState *env = &arm_cpu->env;
 
+    if (arm_feature(env, ARM_FEATURE_PMU)) {
+        switch (reg) {
+        case SYSREG_PMCR_EL0:
+            *val = env->cp15.c9_pmcr;
+            return 0;
+        case SYSREG_PMCCNTR_EL0:
+            pmu_op_start(env);
+            *val = env->cp15.c15_ccnt;
+            pmu_op_finish(env);
+            return 0;
+        case SYSREG_PMCNTENCLR_EL0:
+            *val = env->cp15.c9_pmcnten;
+            return 0;
+        case SYSREG_PMOVSCLR_EL0:
+            *val = env->cp15.c9_pmovsr;
+            return 0;
+        case SYSREG_PMSELR_EL0:
+            *val = env->cp15.c9_pmselr;
+            return 0;
+        case SYSREG_PMINTENCLR_EL1:
+            *val = env->cp15.c9_pminten;
+            return 0;
+        case SYSREG_PMCCFILTR_EL0:
+            *val = env->cp15.pmccfiltr_el0;
+            return 0;
+        case SYSREG_PMCNTENSET_EL0:
+            *val = env->cp15.c9_pmcnten;
+            return 0;
+        case SYSREG_PMUSERENR_EL0:
+            *val = env->cp15.c9_pmuserenr;
+            return 0;
+        case SYSREG_PMCEID0_EL0:
+        case SYSREG_PMCEID1_EL0:
+            /* We can't really count anything yet, declare all events invalid */
+            *val = 0;
+            return 0;
+        }
+    }
+
     switch (reg) {
     case SYSREG_CNTPCT_EL0:
         *val = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) /
               gt_cntfrq_period_ns(arm_cpu);
         return 0;
-    case SYSREG_PMCR_EL0:
-        *val = env->cp15.c9_pmcr;
-        return 0;
-    case SYSREG_PMCCNTR_EL0:
-        pmu_op_start(env);
-        *val = env->cp15.c15_ccnt;
-        pmu_op_finish(env);
-        return 0;
-    case SYSREG_PMCNTENCLR_EL0:
-        *val = env->cp15.c9_pmcnten;
-        return 0;
-    case SYSREG_PMOVSCLR_EL0:
-        *val = env->cp15.c9_pmovsr;
-        return 0;
-    case SYSREG_PMSELR_EL0:
-        *val = env->cp15.c9_pmselr;
-        return 0;
-    case SYSREG_PMINTENCLR_EL1:
-        *val = env->cp15.c9_pminten;
-        return 0;
-    case SYSREG_PMCCFILTR_EL0:
-        *val = env->cp15.pmccfiltr_el0;
-        return 0;
-    case SYSREG_PMCNTENSET_EL0:
-        *val = env->cp15.c9_pmcnten;
-        return 0;
-    case SYSREG_PMUSERENR_EL0:
-        *val = env->cp15.c9_pmuserenr;
-        return 0;
-    case SYSREG_PMCEID0_EL0:
-    case SYSREG_PMCEID1_EL0:
-        /* We can't really count anything yet, declare all events invalid */
-        *val = 0;
-        return 0;
     case SYSREG_OSLSR_EL1:
         *val = env->cp15.oslsr_el1;
         return 0;
@@ -1486,64 +1491,69 @@ static int hvf_sysreg_write(CPUState *cpu, uint32_t reg, uint64_t val)
                            SYSREG_OP2(reg),
                            val);
 
-    switch (reg) {
-    case SYSREG_PMCCNTR_EL0:
-        pmu_op_start(env);
-        env->cp15.c15_ccnt = val;
-        pmu_op_finish(env);
-        return 0;
-    case SYSREG_PMCR_EL0:
-        pmu_op_start(env);
+    if (arm_feature(env, ARM_FEATURE_PMU)) {
+        switch (reg) {
+        case SYSREG_PMCCNTR_EL0:
+            pmu_op_start(env);
+            env->cp15.c15_ccnt = val;
+            pmu_op_finish(env);
+            return 0;
+        case SYSREG_PMCR_EL0:
+            pmu_op_start(env);
 
-        if (val & PMCRC) {
-            /* The counter has been reset */
-            env->cp15.c15_ccnt = 0;
-        }
-
-        if (val & PMCRP) {
-            unsigned int i;
-            for (i = 0; i < pmu_num_counters(env); i++) {
-                env->cp15.c14_pmevcntr[i] = 0;
+            if (val & PMCRC) {
+                /* The counter has been reset */
+                env->cp15.c15_ccnt = 0;
             }
+
+            if (val & PMCRP) {
+                unsigned int i;
+                for (i = 0; i < pmu_num_counters(env); i++) {
+                    env->cp15.c14_pmevcntr[i] = 0;
+                }
+            }
+
+            env->cp15.c9_pmcr &= ~PMCR_WRITABLE_MASK;
+            env->cp15.c9_pmcr |= (val & PMCR_WRITABLE_MASK);
+
+            pmu_op_finish(env);
+            return 0;
+        case SYSREG_PMUSERENR_EL0:
+            env->cp15.c9_pmuserenr = val & 0xf;
+            return 0;
+        case SYSREG_PMCNTENSET_EL0:
+            env->cp15.c9_pmcnten |= (val & pmu_counter_mask(env));
+            return 0;
+        case SYSREG_PMCNTENCLR_EL0:
+            env->cp15.c9_pmcnten &= ~(val & pmu_counter_mask(env));
+            return 0;
+        case SYSREG_PMINTENCLR_EL1:
+            pmu_op_start(env);
+            env->cp15.c9_pminten |= val;
+            pmu_op_finish(env);
+            return 0;
+        case SYSREG_PMOVSCLR_EL0:
+            pmu_op_start(env);
+            env->cp15.c9_pmovsr &= ~val;
+            pmu_op_finish(env);
+            return 0;
+        case SYSREG_PMSWINC_EL0:
+            pmu_op_start(env);
+            pmswinc_write(env, val);
+            pmu_op_finish(env);
+            return 0;
+        case SYSREG_PMSELR_EL0:
+            env->cp15.c9_pmselr = val & 0x1f;
+            return 0;
+        case SYSREG_PMCCFILTR_EL0:
+            pmu_op_start(env);
+            env->cp15.pmccfiltr_el0 = val & PMCCFILTR_EL0;
+            pmu_op_finish(env);
+            return 0;
         }
+    }
 
-        env->cp15.c9_pmcr &= ~PMCR_WRITABLE_MASK;
-        env->cp15.c9_pmcr |= (val & PMCR_WRITABLE_MASK);
-
-        pmu_op_finish(env);
-        return 0;
-    case SYSREG_PMUSERENR_EL0:
-        env->cp15.c9_pmuserenr = val & 0xf;
-        return 0;
-    case SYSREG_PMCNTENSET_EL0:
-        env->cp15.c9_pmcnten |= (val & pmu_counter_mask(env));
-        return 0;
-    case SYSREG_PMCNTENCLR_EL0:
-        env->cp15.c9_pmcnten &= ~(val & pmu_counter_mask(env));
-        return 0;
-    case SYSREG_PMINTENCLR_EL1:
-        pmu_op_start(env);
-        env->cp15.c9_pminten |= val;
-        pmu_op_finish(env);
-        return 0;
-    case SYSREG_PMOVSCLR_EL0:
-        pmu_op_start(env);
-        env->cp15.c9_pmovsr &= ~val;
-        pmu_op_finish(env);
-        return 0;
-    case SYSREG_PMSWINC_EL0:
-        pmu_op_start(env);
-        pmswinc_write(env, val);
-        pmu_op_finish(env);
-        return 0;
-    case SYSREG_PMSELR_EL0:
-        env->cp15.c9_pmselr = val & 0x1f;
-        return 0;
-    case SYSREG_PMCCFILTR_EL0:
-        pmu_op_start(env);
-        env->cp15.pmccfiltr_el0 = val & PMCCFILTR_EL0;
-        pmu_op_finish(env);
-        return 0;
+    switch (reg) {
     case SYSREG_OSLAR_EL1:
         env->cp15.oslsr_el1 = val & 1;
         return 0;

From patchwork Tue Jul 30 09:40:06 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815289
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp215503wrs;
 Tue, 30 Jul 2024 02:42:52 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCU1GeVb38uig0WKBoxz3KAxZx8iW8Y/qgpUPIeX+s7oX2/mmtCAd6ozMzRxuFs4X2U07NSf8MxNXkuTzLY3dkrV
X-Google-Smtp-Source: AGHT+IECSA5+qrWPGkbC6QDDRwgXoISuPAaZFA9TpupUDOOb8c6ugWyVgVhWyUWNdM0Zdi96OgVi
X-Received: by 2002:a05:622a:54c:b0:445:d9fa:6237 with SMTP id
 d75a77b69052e-45004db05c9mr134261791cf.3.1722332572267;
 Tue, 30 Jul 2024 02:42:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332572; cv=none;
 d=google.com; s=arc-20160816;
 b=lDBZCzskPvELzfel8P9f3xMgwCsj7rkQCapZfIwpMvxMOtzPpBNueuxuXMQj7V64Uq
 iw/DB4fqRtn67bFieVqldVI8EdYQCB2Kz5b+xrySrJlZdPMdvkVf+IFbpBgPwjBglPPp
 Pky6258zSt/1aHPtTsKmNV4hSJ/OwHbDsyMpSIUdx0ZS1EXChiKONhB3rDALdWUxRlV5
 /XdbWZ+VK+4vqrq89/KyL8PFWNw078e2MHBgUtZFfsVj/yLXeiM9X2qoC6e+JcFdm+1X
 uH5bGW0RqjFhMbZejTnPr1utMPonxNzH8G47yGFE0II9CXzZdYRiCXNnedyqmhFC2f8W
 M4MA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=jnq1VIda5vt4YzdNGFFqZt+A/PPj1CEI6DvJT2Yvga0=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=sl99wVDVrmKJjR2eSUcO52HKqIWHP8FbIUnTiI0WwyxAtEi0TeIFj4UEAGY5w4XTHm
 yHmMDzf+ORGNJ6eHZ4VTBpID/w/1dCcAjq6PEZYSmrFrSbgI/OneYxBBRCUT3BPp74Ah
 wVcmB1uLNrxhV+T7UxFcnSb437xouEQaoimr0WEmad6ueA8YnHXjnyq53esZE8ObyjL0
 4gVuXyObnXKssXact10mZuAlYtB6HXerbNaF7ANJp9yNdXSqWsLoF58Xss8nla7hta5O
 O3aWCzbYgKj5zeAvz5bTz1rZ5T1iT48URspK9fsZvoEKhiwbt7TkTraBbVHVQpkrFwMH
 YmTQ==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=MNys9gH9;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 d75a77b69052e-44fe8535839si121085431cf.725.2024.07.30.02.42.52
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:42:52 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=MNys9gH9;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLN-0003lZ-A5; Tue, 30 Jul 2024 05:40:33 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLL-0003dq-8a
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:31 -0400
Received: from mail-wr1-x42d.google.com ([2a00:1450:4864:20::42d])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLI-0000YY-HA
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:30 -0400
Received: by mail-wr1-x42d.google.com with SMTP id
 ffacd0b85a97d-3687f91af40so2217187f8f.0
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332427; x=1722937227; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=jnq1VIda5vt4YzdNGFFqZt+A/PPj1CEI6DvJT2Yvga0=;
 b=MNys9gH9FeJdiAPthkLKpsm/+OuU9+kQgFJsPDGRo3bPi4Avf57S4CVJx87e4KiU2a
 4V7Iep1zNquD/y6umhxlsqI2/9y2SBA7ZPLfEZWoi3JuYt3+zMLOr24biJp1XwkYCobK
 /0QTtJj6MR7nBZFXz/OLq4fmQI96kiicktvLupQ/h0Gs7zEVTUOXDZUtepiWSP3pXToM
 2JL5zmASlUK/p995oavsSULUQVYx2OMHomQYPF5qXjkLIuUMzjBJPe3PuP9PUUWUJmHp
 0w75ATpnLJOdAtzr2mtRdt/lwr8K9HTPbVmSd9UFd9F0bhm2ccV8kuYBpRi3I9PuOm70
 WF0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332427; x=1722937227;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=jnq1VIda5vt4YzdNGFFqZt+A/PPj1CEI6DvJT2Yvga0=;
 b=Eq7iF6bGMBTr7VqCgxCMCg7jWio/R0ecu6ooDooviPposcShrnlqN+oWxKdkacJtyJ
 9f96hMhZ3IA/5ePr/L+v67Ip+hYvJwlo5d0v7bg2tHHQcBVPNXdr64tmN5lG0EVGt9R/
 ykE1SjFUmV2ikUVLsWZyd+ufu390zzqRmdZ2IAfe9tS3/wsRu+nrKZp5N9YD98K5l+l1
 /+3/HGKq+hYO3dgzPP4MAvd/sPHlKIh9NoShnNemaQNtwEp432Inje5JIOeAtHZmAmuC
 44y5S0zz6Ij6KRlXfwuNFbFrysX0tfk+aNwA/L2Xyi9E/Zb4qtIbXowgmCkHTSovTWLs
 vrQQ==
X-Gm-Message-State: AOJu0Yy+aP0NJgvVmc2V7o5KhMUzhCRkvoM/Y9KO9jghUXW3CUvZvO5+
 Tpa5RToK6PuK4nf6IjUDMOktXuHG4sreoVaXa3G3oQqfVsGSGzBQp43a3O+KjUWqdpm3EX1QL+I
 2
X-Received: by 2002:a05:6000:196b:b0:368:4ee0:3c65 with SMTP id
 ffacd0b85a97d-36b5cf1e6bamr6509864f8f.37.1722332426866;
 Tue, 30 Jul 2024 02:40:26 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.25
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:25 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 07/21] hvf: arm: Do not advance PC when raising an exception
Date: Tue, 30 Jul 2024 10:40:06 +0100
Message-Id: <20240730094020.2758637-8-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::42d;
 envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x42d.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

From: Akihiko Odaki <akihiko.odaki@daynix.com>

This is identical with commit 30a1690f2402 ("hvf: arm: Do not advance
PC when raising an exception") but for writes instead of reads.

Fixes: a2260983c655 ("hvf: arm: Add support for GICv3")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/hvf/hvf.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index adcdfae0b17..c1496ad5be9 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -1586,10 +1586,10 @@ static int hvf_sysreg_write(CPUState *cpu, uint32_t reg, uint64_t val)
     case SYSREG_ICC_SGI1R_EL1:
     case SYSREG_ICC_SRE_EL1:
         /* Call the TCG sysreg handler. This is only safe for GICv3 regs. */
-        if (!hvf_sysreg_write_cp(cpu, reg, val)) {
-            hvf_raise_exception(cpu, EXCP_UDEF, syn_uncategorized());
+        if (hvf_sysreg_write_cp(cpu, reg, val)) {
+            return 0;
         }
-        return 0;
+        break;
     case SYSREG_MDSCR_EL1:
         env->cp15.mdscr_el1 = val;
         return 0;

From patchwork Tue Jul 30 09:40:07 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815291
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp215554wrs;
 Tue, 30 Jul 2024 02:43:05 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCUerzXWg/QAMQA+2HNPFtcG9wjhdJv+O2WdBf3vbfiJS/Db2JlFHOpHyA/3h+eOSYT6KFheDpfxXTm3WpA+b19v
X-Google-Smtp-Source: AGHT+IHdJ6FH4CydZ9KcuQHNdDpAol2CYPt6tONV7DFJBnh3GPBGFYbK8elAWlU/mtMO56pGwN8d
X-Received: by 2002:a05:6214:d66:b0:6b5:e97b:bdce with SMTP id
 6a1803df08f44-6bb55a13655mr113983066d6.22.1722332585658;
 Tue, 30 Jul 2024 02:43:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332585; cv=none;
 d=google.com; s=arc-20160816;
 b=C1IACBkTr7ud3dmeTYBIhJjgKI1+oJVIm8XOspBXgP4ASVlxu/DjY6pB4/gmx15Z4C
 YK70yqLv9KyG3LVCuXiGD4Ili3RJLJqN+ARizhY7w1DsI8Y41nDyUtXLm7NT/IE/wggd
 TifNmkOnt+K2LRuz2rwXuFcvTYpV7yPZS78G4jQDmFNO4RUQODgOcob2YyUIKXP2xeH7
 Tcn+/zHn5C0S2ER0NTqeqgVHXDWj0gTc2PUaOzZe3+D5jYayB+N/esPl5Bsix3VKPdgg
 H9ejZLaQIQZhMNnyDdm+90FyMch8agkoXLtIUnSWNPSyqSZ/lGkaOHtp6USVTZkrqK0X
 /XTg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=7nLQOxJ+g65mj2LydJL4MXaPvrQeqRnkG/NPnjTzCQk=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=qxYv+LwtmQlReFnrhN008d1TyKLSkX62yf4OPN8BpxhVB1v8zcRk5Qnr2SmEyOCKHJ
 SvcGWZDFCIX5BIcxbFEI8SaCoKg5eBfuEgvaq8mvAqsVdG9MZ0WktIJ4LenxlGFe1yKO
 kyF+lQJNR/GAdo2NysLK+bMlgHYdGNVJh9susF8t/f2PDwEj95qCdDAagVSkUzWJ4NVy
 Xl8O3yitTTh4Y5dA16qi2snw08Udf6ZfywHoeg0ZUG6v5JjXqwybcnMLIRwlQeXuis7y
 6SzHmUedNWjHqQl+TBpJumV9LCjHIo8pfU/RMI/czx9Ucs5bdk3NJVVb0jM+EVnHhEdd
 U1+A==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=CfJfkwZB;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 6a1803df08f44-6bb3faab08csi123250016d6.365.2024.07.30.02.43.05
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:43:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=CfJfkwZB;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLO-0003ov-6Y; Tue, 30 Jul 2024 05:40:34 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLL-0003fA-Ja
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:31 -0400
Received: from mail-wr1-x429.google.com ([2a00:1450:4864:20::429])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLJ-0000Yn-10
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:31 -0400
Received: by mail-wr1-x429.google.com with SMTP id
 ffacd0b85a97d-3683329f787so2166111f8f.1
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332427; x=1722937227; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=7nLQOxJ+g65mj2LydJL4MXaPvrQeqRnkG/NPnjTzCQk=;
 b=CfJfkwZBaaNfG4sJKDA3PGogxziJ5aIB/0LWpr7s5cZ07mW/LB233ObODMErIN78e9
 lHjcvsfqsyTDo/YA2rTLESqkzvzXl0j2ExLh4vhRReog0oWset/3vbvNt9ETYAvLCl9+
 2LAb40P6dMF8xq1SvghYbJ/gLoVFAXrGAcWiY/6bVmsTyk0p9vBUPl6LFdcivCdeKRrB
 LIepGnjPtGmBx5vAzvd5Ei5UyhhDxn7OYZUbjTGYdfdQKowJRyw+2eusGmyOcWT4zvgL
 wkCo/for70UO0FjgnZL1Srwvydtf1t+mccU7FlYmUwhFByGSR9ER/4F5Ms/eJCyl+1xZ
 K/wA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332427; x=1722937227;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=7nLQOxJ+g65mj2LydJL4MXaPvrQeqRnkG/NPnjTzCQk=;
 b=ZzV4o64FTzMz8YqCsxNccYWJuVXhH3968MuVRxOjyFFJGME6pG9ZYDeYifCLYTCdVI
 gE5fkVQliYlVduloU+5311xHIX094+BekJ9uPxEgkpFonkgpUIITCm8mcpEKqaetFCVB
 vDq/PG1+YPUzebjg6gjqzjYPjVrgtu1BO+4PD+GOyf6OV2PcJpmaHj4o9CgJTJYLa3fL
 deAtOM+dplGG0X4L+xbA6koI9IvwL+eoLTobHN4R5FNyMm7MmDiHB3rYNeiRiJreVPXo
 1ph0Tfe5xcu+BlHvVFcDuZ0M/BEcF7nw1ibpwUuysVWdivdzt/br2m05nLogCwJt3OvP
 IWzQ==
X-Gm-Message-State: AOJu0YxjY+2LSxusN5XY9hxckZksF/UtPyCiG1bYDIBhfRT883nY0rxa
 Eyhdxtb5dziVFYgC7OcfAlfHxKKtboV9dtUm2pZPNKeIcWpTFiA3qtC4Dj3ducJiYaVxEnKRzUQ
 T
X-Received: by 2002:a05:6000:1542:b0:368:4e4f:cec5 with SMTP id
 ffacd0b85a97d-36b5cf25338mr9134188f8f.35.1722332427406;
 Tue, 30 Jul 2024 02:40:27 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.26
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:27 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 08/21] hw/misc/bcm2835_property: Fix handling of
 FRAMEBUFFER_SET_PALETTE
Date: Tue, 30 Jul 2024 10:40:07 +0100
Message-Id: <20240730094020.2758637-9-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::429;
 envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x429.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

The documentation of the "Set palette" mailbox property at
https://github.com/raspberrypi/firmware/wiki/Mailbox-property-interface#set-palette
says it has the form:

    Length: 24..1032
    Value:
        u32: offset: first palette index to set (0-255)
        u32: length: number of palette entries to set (1-256)
        u32...: RGBA palette values (offset to offset+length-1)

We get this wrong in a couple of ways:
 * we aren't checking the offset and length are in range, so the guest
   can make us spin for a long time by providing a large length
 * the bounds check on our loop is wrong: we should iterate through
   'length' palette entries, not 'length - offset' entries

Fix the loop to implement the bounds checks and get the loop
condition right. In the process, make the variables local to
this switch case, rather than function-global, so it's clearer
what type they are when reading the code.

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240723131029.1159908-2-peter.maydell@linaro.org
---
 hw/misc/bcm2835_property.c | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c
index 63de3db6215..e28fdca9846 100644
--- a/hw/misc/bcm2835_property.c
+++ b/hw/misc/bcm2835_property.c
@@ -31,7 +31,6 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
     size_t resplen;
     uint32_t tmp;
     int n;
-    uint32_t offset, length, color;
     uint32_t start_num, number, otp_row;
 
     /*
@@ -274,19 +273,25 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
             resplen = 16;
             break;
         case RPI_FWREQ_FRAMEBUFFER_SET_PALETTE:
-            offset = ldl_le_phys(&s->dma_as, value + 12);
-            length = ldl_le_phys(&s->dma_as, value + 16);
-            n = 0;
-            while (n < length - offset) {
-                color = ldl_le_phys(&s->dma_as, value + 20 + (n << 2));
-                stl_le_phys(&s->dma_as,
-                            s->fbdev->vcram_base + ((offset + n) << 2), color);
-                n++;
+        {
+            uint32_t offset = ldl_le_phys(&s->dma_as, value + 12);
+            uint32_t length = ldl_le_phys(&s->dma_as, value + 16);
+            int resp;
+
+            if (offset > 255 || length < 1 || length > 256) {
+                resp = 1; /* invalid request */
+            } else {
+                for (uint32_t e = 0; e < length; e++) {
+                    uint32_t color = ldl_le_phys(&s->dma_as, value + 20 + (e << 2));
+                    stl_le_phys(&s->dma_as,
+                                s->fbdev->vcram_base + ((offset + e) << 2), color);
+                }
+                resp = 0;
             }
-            stl_le_phys(&s->dma_as, value + 12, 0);
+            stl_le_phys(&s->dma_as, value + 12, resp);
             resplen = 4;
             break;
-
+        }
         case RPI_FWREQ_FRAMEBUFFER_GET_NUM_DISPLAYS:
             stl_le_phys(&s->dma_as, value + 12, 1);
             resplen = 4;

From patchwork Tue Jul 30 09:40:08 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815292
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp215583wrs;
 Tue, 30 Jul 2024 02:43:10 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCXZentgKG1V7jD6dqY+GEqd9Qb3Ks4acNfJVjHt5fgZ9QkysxndrgWnkJgxjfrWQS7TAPLb5VBPwV8tSFxSQBoI
X-Google-Smtp-Source: AGHT+IHlwHRnsimEEIHNt47YoXBievmlA0NJCy9s/+1lOdrzDA/5IHOlqLApSXO3gp8qZ+KxeAP/
X-Received: by 2002:a05:620a:2953:b0:79e:ff64:39d4 with SMTP id
 af79cd13be357-7a1e52625d9mr1362103885a.39.1722332589801;
 Tue, 30 Jul 2024 02:43:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332589; cv=none;
 d=google.com; s=arc-20160816;
 b=SZQ1sajNlEuWWQYZYvkDa6KwcjnHo9aD2jAZRhj0iN3pBBqzraGO1P8dr65nKdijQf
 MaXyMuPYT60I3FMKu0Um9y4RTNYmDtAFrGi7fqHvQ/e84cWBA5qfi0q8/uDqdL1xvxfL
 GUZtbPf0rThjvXFc+CM5y4lGxUQF2C3k8EjxSRXtJ6zvsipftGA9V4/bzoHBgxWfHCwI
 gonnDXf350N28TYhTCC0vqi0NCYrt4PCHSRrx1EQdyELE17ZaW4sDxRp1HqkKcu6nOYy
 u0rpeSIY4+vT5tn0aHDY8o+jpI+uRlGDG6RswlUAzRdUBE3gqS/OP+yTNcgl3YmxWpAv
 ZuyA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=6/3KP82EfN4i2J5+6pe3rVQ72AJnXOfkdmQBvmdb3yU=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=O0wN4jWIm7GvWc9Xx+8vEtzc3JuH4wY2h3Ai7oMtmVg2q0QCnJSVxPoFSFI4MUBLjl
 V6W3YRMvj3sS6XQ6+Yl7WYwlc229CfxV/16JAt8XhZuNYrzTRutyyzHHt3o3y4/HuhLO
 oK9kvBx+HgthIVv3pJWwGKm7C+a9eG3Alcx9mTwG/K5Ikr8GvbaxjTtBPD8pKUIJ1/Tf
 bLFfaDTkxNBMmENd5W/DZRl5I4FeLUYJOKIMwaHR9KAoAZzdratWJOg98bAN7yVofo1B
 5WJBQBBS/AP3c0WG90devnDf6icLiEemx2IRA3iCQq5hwO3R7x1jL3Cde3JM1eyLHd/7
 mzlg==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=R2Zve7nP;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 af79cd13be357-7a1ec8262c8si635729885a.333.2024.07.30.02.43.09
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:43:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=R2Zve7nP;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLO-0003oz-66; Tue, 30 Jul 2024 05:40:34 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLL-0003fW-Mf
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:31 -0400
Received: from mail-wm1-x32f.google.com ([2a00:1450:4864:20::32f])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLJ-0000Z2-Aj
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:31 -0400
Received: by mail-wm1-x32f.google.com with SMTP id
 5b1f17b1804b1-427b1d4da32so15413695e9.0
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332428; x=1722937228; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=6/3KP82EfN4i2J5+6pe3rVQ72AJnXOfkdmQBvmdb3yU=;
 b=R2Zve7nP4fw3rYQjKqgcHxi9Fmgu3AzYtnWU1G+ImKs1LvLe6My0Jl6PBQVlHHH1oR
 o1+FKBIfOpA8jDhU0YvNY4PgseTwEKeTL5kQE1tCf1/DSNBXB3+U2a576HHy1g+fhExZ
 RKvBufPd7xBofARuH92M6Y+WfriYv1s5EgFHmy8U72PNPNIubHUMXpltSHXzBeNrnZQn
 1TU+an9dqygOdaP84Xyqv/c6oXCkPI2GFHvZ2tLCtfIH8dmcrYJJGsAS7Iz821dl+TD3
 5sMfLWMooc0qkZRIhE85Ol7hQ7TpADcehq9xml+MgqnbyG5sU9uqy/EMRZgTDXoi+rNQ
 GCnw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332428; x=1722937228;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=6/3KP82EfN4i2J5+6pe3rVQ72AJnXOfkdmQBvmdb3yU=;
 b=A2C7VL+Z+HaEuL3/2Lhe6ZCJHqKgsrCihKM3GUeuZs74lN/QXkvPCIKq+L0ak/IiVr
 VDp3rHKq3R1RhrPXj1OIZ0Ut/wae4QJ2gTyBBSaDsuLhzoE5SsRam7Omy5rAR4+ufiqA
 m+aAHaFwOGJNEYrDxSje6zMltMrKsJhoM3Z26m7OFOq1EEWpAthcBFkOQMXId563e58o
 aKEcziOHpiWIcN1lyRYq6B3glzZdiYv9uqPLaq7f4b/jE11LP0WStVlbwdRNULXhw/eC
 4gd/xhFuHQX7a3u+ojYHiWu9Si1pnUlKX4BAXP0EphWoQyOCJ3wQGo55UIejpezsLaH9
 lLiA==
X-Gm-Message-State: AOJu0YxXwDTBKOE8SrNJyi7QtY3RrtjCQSqhai2ZjcS3pKyd59N5j6BR
 S2DgaJhS6hgHZFoT21zRVVfwKzrhSUkiNPOcFVY0XECVzqxH2IMZcj8YptN+BweZq2dWYYg9aAB
 d
X-Received: by 2002:adf:f8ca:0:b0:367:8e52:3bb9 with SMTP id
 ffacd0b85a97d-36b8c8e9a69mr873598f8f.22.1722332427858;
 Tue, 30 Jul 2024 02:40:27 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.27
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:27 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 09/21] hw/misc/bcm2835_property: Avoid overflow in OTP access
 properties
Date: Tue, 30 Jul 2024 10:40:08 +0100
Message-Id: <20240730094020.2758637-10-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::32f;
 envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x32f.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

Coverity points out that in our handling of the property
RPI_FWREQ_SET_CUSTOMER_OTP we have a potential overflow.  This
happens because we read start_num and number from the guest as
unsigned 32 bit integers, but then the variable 'n' we use as a loop
counter as we iterate from start_num to start_num + number is only an
"int".  That means that if the guest passes us a very large start_num
we will interpret it as negative.  This will result in an assertion
failure inside bcm2835_otp_set_row(), which checks that we didn't
pass it an invalid row number.

A similar issue applies to all the properties for accessing OTP rows
where we are iterating through with a start and length read from the
guest.

Use uint32_t for the loop counter to avoid this problem. Because in
all cases 'n' is only used as a loop counter, we can do this as
part of the for(), restricting its scope to exactly where we need it.

Resolves: Coverity CID 1549401
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240723131029.1159908-3-peter.maydell@linaro.org
---
 hw/misc/bcm2835_property.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c
index e28fdca9846..7eb623b4e90 100644
--- a/hw/misc/bcm2835_property.c
+++ b/hw/misc/bcm2835_property.c
@@ -30,7 +30,6 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
     uint32_t tot_len;
     size_t resplen;
     uint32_t tmp;
-    int n;
     uint32_t start_num, number, otp_row;
 
     /*
@@ -337,7 +336,7 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
 
             resplen = 8 + 4 * number;
 
-            for (n = start_num; n < start_num + number &&
+            for (uint32_t n = start_num; n < start_num + number &&
                  n < BCM2835_OTP_CUSTOMER_OTP_LEN; n++) {
                 otp_row = bcm2835_otp_get_row(s->otp,
                                               BCM2835_OTP_CUSTOMER_OTP + n);
@@ -366,7 +365,7 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
                 break;
             }
 
-            for (n = start_num; n < start_num + number &&
+            for (uint32_t n = start_num; n < start_num + number &&
                  n < BCM2835_OTP_CUSTOMER_OTP_LEN; n++) {
                 otp_row = ldl_le_phys(&s->dma_as,
                                       value + 20 + ((n - start_num) << 2));
@@ -383,7 +382,7 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
 
             resplen = 8 + 4 * number;
 
-            for (n = start_num; n < start_num + number &&
+            for (uint32_t n = start_num; n < start_num + number &&
                  n < BCM2835_OTP_PRIVATE_KEY_LEN; n++) {
                 otp_row = bcm2835_otp_get_row(s->otp,
                                               BCM2835_OTP_PRIVATE_KEY + n);
@@ -403,7 +402,7 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
                 break;
             }
 
-            for (n = start_num; n < start_num + number &&
+            for (uint32_t n = start_num; n < start_num + number &&
                  n < BCM2835_OTP_PRIVATE_KEY_LEN; n++) {
                 otp_row = ldl_le_phys(&s->dma_as,
                                       value + 20 + ((n - start_num) << 2));

From patchwork Tue Jul 30 09:40:09 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815280
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp215067wrs;
 Tue, 30 Jul 2024 02:41:17 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCXkvY2fBjUyNb4hUEbWqBx3bfUP+am/QnOzo5II48rdExM2x9fazBFkX56VK1aFl1SfW0ZNvhAV5SwZ+PlZqbAD
X-Google-Smtp-Source: AGHT+IEufTKTYSTWV/sOUV9dbV2gkefmafdX7ugBY9T735qh6EjjGPJKt8sFfGmGpl6GcE/PPbz1
X-Received: by 2002:a05:6214:21c4:b0:6b0:8fe5:4a98 with SMTP id
 6a1803df08f44-6bb55a840e7mr150747386d6.36.1722332477480;
 Tue, 30 Jul 2024 02:41:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332477; cv=none;
 d=google.com; s=arc-20160816;
 b=FiWOuIY/cM755T6SLS9cOvuN/VAMuE8Q0zNrDOX+lK/4alNA+McEiIQLScAUhj28xg
 mYkUeawALA1Mugp+Rdg21QKdLWrW6V/RVpfibsDIxezPqFi9yutRK5NaD8B02SvAa59w
 1p+SYZvYrB9yp+R0uz4FTEHfzfOctYcc1A7VmJPlzyZBN86XcGceivHfUnLgenUBXg/x
 6yaTiOixbVqOXw1oKkhps89o2F9yO3kNDygWF8O5AVRRq35KriOXE/eI8AaUt9llqTCf
 ycrMk39FVtvFwn+JOm+M749Wg4iiVJ3AnwcBb/75aLPvSK7kQsC3HQiRop5k3agM1JGI
 tN/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=/hhRBmwKOtfoX+xYIxvn6dWC79cReHXO4z3495yS0JM=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=lrWn8GGbVFlf2oL+sXlROK52miiVEq6/GiGjcSpLYE3xHmrh1JmtXO04J/q0bYiE2q
 OwPfqCvlPNp9oDpuYzgtGLW8Xv0nM14j+PPB1lBWVXg58fIHzqdGESmFqIQHxDnFGtDh
 aNME/TdssOb5G9riMVcDBR3Nc3H78dE30n30BUZDDGPluYIm5+MVxqk/LKN0H5XLGMJJ
 HRUF0WcMDqErrjLdVnLcN3BveSxfA7PkKXFh4XKdhvb3zfC+bDfBXJZ1JKrJkVMeM5ka
 mft3VPy/pC1/8Tjc4mmsQB6Kl9kA62rBfOMQAWRzsZCy5wc0A7Jjaeoh8iZoQ9yxdg5r
 6FQg==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=EZuOFjvR;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 6a1803df08f44-6bb3f8cb0a3si130854756d6.38.2024.07.30.02.41.17
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:41:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=EZuOFjvR;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLQ-00041F-UL; Tue, 30 Jul 2024 05:40:36 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLM-0003ir-J9
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:32 -0400
Received: from mail-wr1-x42a.google.com ([2a00:1450:4864:20::42a])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLJ-0000Zy-Nw
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:32 -0400
Received: by mail-wr1-x42a.google.com with SMTP id
 ffacd0b85a97d-368f92df172so2007720f8f.2
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332428; x=1722937228; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=/hhRBmwKOtfoX+xYIxvn6dWC79cReHXO4z3495yS0JM=;
 b=EZuOFjvRBaVYBn8G09d182+hHM21mb6HaEt/uHK9WAmBkQYr5SW4eRlPQZhrCkEfzR
 9fnUnySlEmnEMA/A1hycpX8KQs+8OCImRLAdheiBpVC9hg5Er1Lge4YIq9cB6SUgdQDE
 qzb+q/Cb+TKhZGA1BYU+xvAoMI9kA8bwqyNoE/N3/QA5W3eAH5Ii2exYavCqjGMMD2QS
 phYTgibzjaaziFkikcsLodH2Ti1VzEghAAxxfg3rwF2Wh/8P8mCanDbPVD3bmf7sraG+
 OrAwLS90OqS4M8yqZgkjZpzAF7DcjnKchcCJjiEHWuM34W8KpBuP8G/yUGM0G2q32JcX
 5q7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332428; x=1722937228;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=/hhRBmwKOtfoX+xYIxvn6dWC79cReHXO4z3495yS0JM=;
 b=PXw2hnFpEAsAKGciipKvkXJlu8TfuV0ERZEmI+ivg0bcXbMtfLeDTUnFnNu9Wfn1RY
 e7TSVVZYZWe3SNeV+K8NnOAfwNUAe75cE2plV468J9rtaQOPne1Ryk+NSe2oiXf0A193
 i0jLYId8SZ7L7b1yZrC3AAOfvcyZel2VTx0iyLQHxr8xJXxdJ07Pwo18loHWBCh6NxAv
 k+pvUznnOgFvcMVNxoGTuepxNNIuEoIy2huMnak0J7lrq2iHzJ51cSPkXklL/yl6u6E9
 wY91fVOhaxuhxeXov1f6lxLZS1CbaANm4H2PqcpFmqPrQ9FFukOYV1pSO33TlsrBkkB0
 sJkQ==
X-Gm-Message-State: AOJu0Yyln5B3K9RffKsPEsUkk50DUQatRGZFmHEAF/dhF+YIKYw2ImSy
 5LADotvJCqycEQ05qhP8WmGDbbI0lALTaBLoZY+pK/6IxstTB88w9R7Xu98LFabvY4Yx/S7Nmga
 O
X-Received: by 2002:a5d:4390:0:b0:367:909b:8281 with SMTP id
 ffacd0b85a97d-36b5d0ddcd5mr6482178f8f.59.1722332428293;
 Tue, 30 Jul 2024 02:40:28 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.27
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:28 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 10/21] hw/misc/bcm2835_property: Restrict scope of start_num,
 number, otp_row
Date: Tue, 30 Jul 2024 10:40:09 +0100
Message-Id: <20240730094020.2758637-11-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::42a;
 envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x42a.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

In the long function bcm2835_property_mbox_push(), the variables
start_num, number and otp_row are used only in the four cases which
access OTP data, and their uses don't overlap with each other.

Make these variables have scope restricted to the cases where they're
used, so it's easier to read each individual case without having to
cross-refer up to the variable declaration at the top of the function
and check whether the variable is also used later in the loop.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240723131029.1159908-4-peter.maydell@linaro.org
---
 hw/misc/bcm2835_property.c | 34 ++++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c
index 7eb623b4e90..443d42a1824 100644
--- a/hw/misc/bcm2835_property.c
+++ b/hw/misc/bcm2835_property.c
@@ -30,7 +30,6 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
     uint32_t tot_len;
     size_t resplen;
     uint32_t tmp;
-    uint32_t start_num, number, otp_row;
 
     /*
      * Copy the current state of the framebuffer config; we will update
@@ -331,22 +330,25 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
         /* Customer OTP */
 
         case RPI_FWREQ_GET_CUSTOMER_OTP:
-            start_num = ldl_le_phys(&s->dma_as, value + 12);
-            number = ldl_le_phys(&s->dma_as, value + 16);
+        {
+            uint32_t start_num = ldl_le_phys(&s->dma_as, value + 12);
+            uint32_t number = ldl_le_phys(&s->dma_as, value + 16);
 
             resplen = 8 + 4 * number;
 
             for (uint32_t n = start_num; n < start_num + number &&
                  n < BCM2835_OTP_CUSTOMER_OTP_LEN; n++) {
-                otp_row = bcm2835_otp_get_row(s->otp,
+                uint32_t otp_row = bcm2835_otp_get_row(s->otp,
                                               BCM2835_OTP_CUSTOMER_OTP + n);
                 stl_le_phys(&s->dma_as,
                             value + 20 + ((n - start_num) << 2), otp_row);
             }
             break;
+        }
         case RPI_FWREQ_SET_CUSTOMER_OTP:
-            start_num = ldl_le_phys(&s->dma_as, value + 12);
-            number = ldl_le_phys(&s->dma_as, value + 16);
+        {
+            uint32_t start_num = ldl_le_phys(&s->dma_as, value + 12);
+            uint32_t number = ldl_le_phys(&s->dma_as, value + 16);
 
             resplen = 4;
 
@@ -367,32 +369,35 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
 
             for (uint32_t n = start_num; n < start_num + number &&
                  n < BCM2835_OTP_CUSTOMER_OTP_LEN; n++) {
-                otp_row = ldl_le_phys(&s->dma_as,
+                uint32_t otp_row = ldl_le_phys(&s->dma_as,
                                       value + 20 + ((n - start_num) << 2));
                 bcm2835_otp_set_row(s->otp,
                                     BCM2835_OTP_CUSTOMER_OTP + n, otp_row);
             }
             break;
+        }
 
         /* Device-specific private key */
-
         case RPI_FWREQ_GET_PRIVATE_KEY:
-            start_num = ldl_le_phys(&s->dma_as, value + 12);
-            number = ldl_le_phys(&s->dma_as, value + 16);
+        {
+            uint32_t start_num = ldl_le_phys(&s->dma_as, value + 12);
+            uint32_t number = ldl_le_phys(&s->dma_as, value + 16);
 
             resplen = 8 + 4 * number;
 
             for (uint32_t n = start_num; n < start_num + number &&
                  n < BCM2835_OTP_PRIVATE_KEY_LEN; n++) {
-                otp_row = bcm2835_otp_get_row(s->otp,
+                uint32_t otp_row = bcm2835_otp_get_row(s->otp,
                                               BCM2835_OTP_PRIVATE_KEY + n);
                 stl_le_phys(&s->dma_as,
                             value + 20 + ((n - start_num) << 2), otp_row);
             }
             break;
+        }
         case RPI_FWREQ_SET_PRIVATE_KEY:
-            start_num = ldl_le_phys(&s->dma_as, value + 12);
-            number = ldl_le_phys(&s->dma_as, value + 16);
+        {
+            uint32_t start_num = ldl_le_phys(&s->dma_as, value + 12);
+            uint32_t number = ldl_le_phys(&s->dma_as, value + 16);
 
             resplen = 4;
 
@@ -404,12 +409,13 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
 
             for (uint32_t n = start_num; n < start_num + number &&
                  n < BCM2835_OTP_PRIVATE_KEY_LEN; n++) {
-                otp_row = ldl_le_phys(&s->dma_as,
+                uint32_t otp_row = ldl_le_phys(&s->dma_as,
                                       value + 20 + ((n - start_num) << 2));
                 bcm2835_otp_set_row(s->otp,
                                     BCM2835_OTP_PRIVATE_KEY + n, otp_row);
             }
             break;
+        }
         default:
             qemu_log_mask(LOG_UNIMP,
                           "bcm2835_property: unhandled tag 0x%08x\n", tag);

From patchwork Tue Jul 30 09:40:10 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815298
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp215929wrs;
 Tue, 30 Jul 2024 02:44:34 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCVvmuaVXz+m1J8EB19sgzOvD4AThp0b7eHtUniutHe8k3tFukxKoYeYc7Fz3oLyw2Qk49a1FGZ8bnV/UMU+Apif
X-Google-Smtp-Source: AGHT+IFu1FuK8N7pckgCpIeiknqJG0ZsCMNDDC+CrIDsk5yrsx74cXRf0NI1CegG6+GfIcSSRK4k
X-Received: by 2002:a05:620a:4152:b0:7a1:df6f:3620 with SMTP id
 af79cd13be357-7a1e524147fmr1507105185a.22.1722332674359;
 Tue, 30 Jul 2024 02:44:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332674; cv=none;
 d=google.com; s=arc-20160816;
 b=GP/aXLbMT04nJ2bR3zejuLR6iy31K7CYhRUcmFeMitfqtYIjOnrbbZzdYb7UGdF+Dn
 IlSwrh79/4rWkszwOq3sBdg9PQNsPQ2uCouQBxOGVUMpJQZYlKlz2q2p5NnoUALQvg0y
 MMOnM7gXvpeppoa3wb2aNoD5AQhnY5BcldvuO0EHLoHSPMuWrb0H2TUrTpZWmKQpZsqy
 QBdNaAk6uDSbRswYe1U6yfpcZ9dwY5nLNvrWHCJLdDHTFgSgdWzCukSA1pYcVLfTBDDQ
 Ch5Mgui7g0o8qIuMwjyUtXbNwcqL0Y6p7ldhG6MM1MkysPzo15CGsnuJKjke7l/c+6z6
 rKHg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=720J6Fnn90LCfDNzvb5BOYvjsNm2pz0pQOgxMBS+Hs0=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=yinOBBuA81wcwISb7cgqFCH1ZOm2bPVDjIATCsWlGcy260XXE+gK/wfz+Eg4AMwIIb
 7rTdi74qCOQf0k/gRfS6gioc9jIptTGwyNR8FgInDQxrCwHV+sYXlnDmqHsJV2R3bijZ
 /XeKlJds7PF8AkBi6erJha9mjTd495wXImsa9pHtZBJkY46HtsHdi/J5Zcs9rYD6CFpz
 jOKS4MTvzoQkzB1q56TQmJYrXeQWcCJh1ITdnYnzl530L/oOhS01JOndqJUnZYP57+w8
 0x88WkPIrpPrjlsqLXX4Y5MrmQqSiBuClpJBhSvukhZKxB4uQosHuinTweLp5GCNUpeb
 uBng==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=jjASWuXj;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 af79cd13be357-7a1d739bc72si1229560585a.98.2024.07.30.02.44.34
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:44:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=jjASWuXj;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLR-00041p-3V; Tue, 30 Jul 2024 05:40:37 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLM-0003jL-NZ
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:32 -0400
Received: from mail-wm1-x32d.google.com ([2a00:1450:4864:20::32d])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLK-0000aW-EY
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:32 -0400
Received: by mail-wm1-x32d.google.com with SMTP id
 5b1f17b1804b1-4281d812d3eso19863145e9.3
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332429; x=1722937229; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=720J6Fnn90LCfDNzvb5BOYvjsNm2pz0pQOgxMBS+Hs0=;
 b=jjASWuXjK6MJvGeTE7ennWdmCRDst+YkyOvgKIGip+pLtW4cm1GvfYsJuZVo4qUqZx
 G4gAfPtn4BpxhSvnNRrCnCKpb1aB58d0NFAlZdQDhyj5ORp25GzmktYu9BAHahT9H1JV
 GUecfskkf34nRdrCtFV/6P0HTCKDhs9MbcY7JVFxKbbrxyun2jmP81bxCIZjtgMknupb
 fo4VLZ0VpF9ygSojVjMlZx07sdwv8qgaxGELuLJERj+Xt8df+WU7lk70SeJsmpV4H9ys
 6v5k+WD+sURzX1k16hXwNizuTE9yBILZ+qyXHtU1oNer4kzN1d0WTqtZosoUOicBj91Q
 nK9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332429; x=1722937229;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=720J6Fnn90LCfDNzvb5BOYvjsNm2pz0pQOgxMBS+Hs0=;
 b=BUq4QS/Fzy1G61Eulu+UZ/geZatWvn7uwu71usD1NaQN8STDZ/SBWsdUP74Of+hVPf
 zL48ivAdZaQRPyczKLJx/s6VRUgDDXJd342fPI5IHOa1YO1F72QYWYevlz+f3cdUMez0
 EqMpsOfJNjGFlLtn2NwU7qthr0xpf96lHmgtCdtnwFct0oyHOhd5HoTd3mrD2tPbl0KV
 hAPhZe38lGrn0/Q/HNlKS9EOsak2RMuDWCGB6l0OOtRdhWx9wuyORK3CUtt4ZRg3leBY
 3Q77ArLQFLhwRuOdcn1MoTyINAM9TjeUWuWrmn0QbRVrw5ghoI2wYtUf2WdesVf7Dqtx
 Jinw==
X-Gm-Message-State: AOJu0Yxmiwy6L1uMAUdKeK5BXphatzjZz3ztmSX/OcvvT71KZ+tNUUzk
 2hAvwaILr10XYT+WuQYbGtKQ8+ouVVK2xWwlXfd6VIdmdEkUnfFiuFfev9aw0fDHeNhyy5hT2zI
 E
X-Received: by 2002:adf:f00c:0:b0:368:7943:8b1f with SMTP id
 ffacd0b85a97d-36b5d0d0f9dmr8965034f8f.43.1722332428734;
 Tue, 30 Jul 2024 02:40:28 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.28
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:28 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 11/21] hw/misc/bcm2835_property: Reduce scope of variables in
 mbox push function
Date: Tue, 30 Jul 2024 10:40:10 +0100
Message-Id: <20240730094020.2758637-12-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::32d;
 envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x32d.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

In bcm2835_property_mbox_push(), some variables are defined at function scope
but used only in a smaller scope of the function:
 * tag, bufsize, resplen are used only in the body of the while() loop
 * tmp is used only for RPI_FWREQ_SET_POWER_STATE (and is badly named)

Declare these variables in the scope where they're needed, so the code
is easier to read.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240723131029.1159908-5-peter.maydell@linaro.org
---
 hw/misc/bcm2835_property.c | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c
index 443d42a1824..8ca3128f29b 100644
--- a/hw/misc/bcm2835_property.c
+++ b/hw/misc/bcm2835_property.c
@@ -25,11 +25,7 @@
 
 static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
 {
-    uint32_t tag;
-    uint32_t bufsize;
     uint32_t tot_len;
-    size_t resplen;
-    uint32_t tmp;
 
     /*
      * Copy the current state of the framebuffer config; we will update
@@ -48,10 +44,10 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
     /* @(addr + 4) : Buffer response code */
     value = s->addr + 8;
     while (value + 8 <= s->addr + tot_len) {
-        tag = ldl_le_phys(&s->dma_as, value);
-        bufsize = ldl_le_phys(&s->dma_as, value + 4);
+        uint32_t tag = ldl_le_phys(&s->dma_as, value);
+        uint32_t bufsize = ldl_le_phys(&s->dma_as, value + 4);
         /* @(value + 8) : Request/response indicator */
-        resplen = 0;
+        size_t resplen = 0;
         switch (tag) {
         case RPI_FWREQ_PROPERTY_END:
             break;
@@ -95,13 +91,16 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value)
             resplen = 8;
             break;
         case RPI_FWREQ_SET_POWER_STATE:
-            /* Assume that whatever device they asked for exists,
-             * and we'll just claim we set it to the desired state
+        {
+            /*
+             * Assume that whatever device they asked for exists,
+             * and we'll just claim we set it to the desired state.
              */
-            tmp = ldl_le_phys(&s->dma_as, value + 16);
-            stl_le_phys(&s->dma_as, value + 16, (tmp & 1));
+            uint32_t state = ldl_le_phys(&s->dma_as, value + 16);
+            stl_le_phys(&s->dma_as, value + 16, (state & 1));
             resplen = 8;
             break;
+        }
 
         /* Clocks */
 

From patchwork Tue Jul 30 09:40:11 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815282
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp215262wrs;
 Tue, 30 Jul 2024 02:41:53 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCVtRdXS+anyhDGjydNoVrqPJL4i4tQcFe3Aqw7o6/6sV7RVXS3lmEU+KIXLinkAqtkOQYOy3vsp3smW1D6Wnt+k
X-Google-Smtp-Source: AGHT+IH2tVEj6/+Uyt40c4e/dWFp50rKBSU/8pNajvGjEE0lkgCCqCQkoOmVv107/mmEpTZzem9F
X-Received: by 2002:a05:620a:24c3:b0:79e:fcb8:815c with SMTP id
 af79cd13be357-7a1e52cdbf2mr1437333585a.54.1722332513219;
 Tue, 30 Jul 2024 02:41:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332513; cv=none;
 d=google.com; s=arc-20160816;
 b=N2XtoEPlJO1aIE0eqksrEG90cG2FsPC9SdpSNdd8Cu5OD/2w4dz4ITSMI8CwyT8Z/v
 a7NQwTrkRydH5iqoJlVgH9dsRUbbK4b09RfKO9MHpCL1JX5sD6FY6KeFpPQ6vGFJVm+O
 EQ+iiDpSGowwpB80p+8hX7zaPlID+m65Brl4l9/Lmx0BbUFXs/uXk8l/cHwiHGFVLNik
 GExcq5meZfe/Y6etGGkxCj+JhxEB4gc8QxbzzY7VIoWNQtisy6xUh8Yw7kTQBDMKOPpt
 F7zCGWAlxZdM5HDNEKb/yq5c3X9e4B7DhotE5oujeY4nP8FH01RNqMad1/w7vE2ol6CY
 TCMQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=0K0Gkugc0azQ0l2zlcwkWWXyTIwjww7OgMp4rP3ZvNg=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=TeXRJ5IWyvjoI3FmW0BmHAMQ5L19PNWOS41qSQ3XS4ZAKvNeMcu9Kw3W/ytGVeVyWz
 PkiBD9CFshGII+7U+3VSYSoNhqkahz/3PjExgYJKQ1e+cHDIR+ifLPpc8AlHduXawHFY
 OQTERR2beox/iSwLe4oWosHZwYjhrCm+dynOFRCns9dVLci5n6JmxT6Ivqg4nJX8npHI
 xXt9rQARjZb0aN37Y6W23bV1cWAR1nEvcxIhZAlVjLAVsCeL+3rkRae6VwXhvwv8uFKC
 2h5ZybS2tADnbR7vP4fG0LRyfOTPZ7Knm1+L1mPi/LXAeLOaHeFGWPVomYRLvdo9vMT7
 hyUA==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=OUuLXmM9;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 d75a77b69052e-44fe8137efesi122942161cf.159.2024.07.30.02.41.53
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:41:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=OUuLXmM9;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLU-0004FZ-MJ; Tue, 30 Jul 2024 05:40:40 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLN-0003mM-Ey
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:33 -0400
Received: from mail-wr1-x42c.google.com ([2a00:1450:4864:20::42c])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLK-0000bj-Qw
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:32 -0400
Received: by mail-wr1-x42c.google.com with SMTP id
 ffacd0b85a97d-368440b073bso1744461f8f.0
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332429; x=1722937229; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=0K0Gkugc0azQ0l2zlcwkWWXyTIwjww7OgMp4rP3ZvNg=;
 b=OUuLXmM9FiiuO4OUft8H42nhh2XZjDWxB1bbQF6PJ2L1hHMIf4a8WTxeIcq7UnFH+p
 cBeyleunjm4C6BnrFHAsAMu4noE7LZ7f1LhFsIWwQdtoV+lddf2bdvjDa6onFqIYTq/R
 EvhMQvUKcRFnfzswzBva9GZF2DBdJ+vzZ5uSNYm1Juv6FvVJyKimclbvS0mx6XovWzKb
 1pu1pq7xiuJHrsdOQ5iwCsr73C+H9muF95T/D7yZqTeOetIB1UL+UlGsJbInTtsk1Lxv
 PdrUKg9D6JWogegVIci7/+oOVNzl3gC6L35LKCLOsuYxcpg/Tg/AOYTkK2UoaAd1gK4i
 FljQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332429; x=1722937229;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=0K0Gkugc0azQ0l2zlcwkWWXyTIwjww7OgMp4rP3ZvNg=;
 b=SiE6ysOJAbQpR7yJx+NbormcUSUNSv1ibUxWGYXKZSPk54TwB1gizWN9rHs5K8Es9k
 xqyMDiW5mKRa4A+rKM9kiYvnGXdBKxFqRxBk/on3wZ8KtzoK6UJa1UMC8p1H/OYelWcg
 j7N+Lx87nMUA0rafXyqCu2MJEOsmFH4bwqpSlQiN7qUWf3K3R+ThWCWPSKWVTRLC7sDM
 75cwHTbaNaBk8Mo8BEeIGFb0oYpi2QI8S8Xs1TfllFmcZdB8+UNbZW17x4vicgjwoswB
 fwPnLZSuehuZh9lBTeJz1x8+ypcNpROL5CV/yYPCNSCfaHVBp/6SrQCiSHYp+XC6xlDL
 Yfqw==
X-Gm-Message-State: AOJu0Yx0Wdn9rIHM8fyFCVRLtthMRgdZ9BxyX0qzn6K/C+/SAEeUNMqR
 MYeVPbLSp2QN+LxBRAT3KRl2L1l8sHonH7G+MQZUGcQvJXccRGV3sLelptToNKFddjsWy94RtO0
 5
X-Received: by 2002:adf:fd8d:0:b0:362:ad01:5435 with SMTP id
 ffacd0b85a97d-36b8c8ed70dmr923232f8f.29.1722332429238;
 Tue, 30 Jul 2024 02:40:29 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.28
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:28 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 12/21] target/arm: Don't assert for 128-bit tile accesses when
 SVL is 128
Date: Tue, 30 Jul 2024 10:40:11 +0100
Message-Id: <20240730094020.2758637-13-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::42c;
 envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x42c.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

For an instruction which accesses a 128-bit element tile when
the SVL is also 128 (for example MOV z0.Q, p0/M, ZA0H.Q[w0,0]),
we will assert in get_tile_rowcol():

qemu-system-aarch64: ../../tcg/tcg-op.c:926: tcg_gen_deposit_z_i32: Assertion `len > 0' failed.

This happens because we calculate
    len = ctz32(streaming_vec_reg_size(s)) - esz;$
but if the SVL and the element size are the same len is 0, and
the deposit operation asserts.

In this case the ZA storage contains exactly one 128 bit
element ZA tile, and the horizontal or vertical slice is just
that tile. This means that regardless of the index value in
the Ws register, we always access that tile. (In pseudocode terms,
we calculate (index + offset) MOD 1, which is 0.)

Special case the len == 0 case to avoid hitting the assertion
in tcg_gen_deposit_z_i32().

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240722172957.1041231-2-peter.maydell@linaro.org
---
 target/arm/tcg/translate-sme.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c
index 185a8a917b0..a50a419af27 100644
--- a/target/arm/tcg/translate-sme.c
+++ b/target/arm/tcg/translate-sme.c
@@ -49,7 +49,15 @@ static TCGv_ptr get_tile_rowcol(DisasContext *s, int esz, int rs,
     /* Prepare a power-of-two modulo via extraction of @len bits. */
     len = ctz32(streaming_vec_reg_size(s)) - esz;
 
-    if (vertical) {
+    if (!len) {
+        /*
+         * SVL is 128 and the element size is 128. There is exactly
+         * one 128x128 tile in the ZA storage, and so we calculate
+         * (Rs + imm) MOD 1, which is always 0. We need to special case
+         * this because TCG doesn't allow deposit ops with len 0.
+         */
+        tcg_gen_movi_i32(tmp, 0);
+    } else if (vertical) {
         /*
          * Compute the byte offset of the index within the tile:
          *     (index % (svl / size)) * size

From patchwork Tue Jul 30 09:40:12 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815283
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp215350wrs;
 Tue, 30 Jul 2024 02:42:18 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCVV0mmQ2sNRxnqYrRM9/krAHsmkqSJGSUREuP2RrYkRmjwi4gCHUjttPLyQYvyHjf3qn4UbCtnKRotaX8SyQBcO
X-Google-Smtp-Source: AGHT+IFrTYBw6OAwQsRS60BqNeSnShQxbYYiajwt3Fq9Sb0Fo/3Da+ryOuDyE0XSiCrB6GF/EShx
X-Received: by 2002:a05:6359:45a7:b0:1ad:10ff:341e with SMTP id
 e5c5f4694b2df-1add6f37fe0mr1151029855d.4.1722332538021;
 Tue, 30 Jul 2024 02:42:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332537; cv=none;
 d=google.com; s=arc-20160816;
 b=K74RdC1WEhDxe0ky/9mh7RiL5Rfx+1V9G7OpCXXd9ip5g69szysQHttyH6rH8/gRTZ
 71q4p2d5VL3/rrlGvrHkHVbKlSz69NjkMU6ZrZ6YSlm2zXaIPUm0EX115PvYkONpH4hu
 Js+sPwHcOJAIanidN1iGzcyUTMajAuU0C1aDuwBEw9tg0Ni+Wf9D1GV5Dx3pG5iPFszM
 GC17rw0xLiw+DRgduGbwTPVqbCcZsbNtG5upDLsWmOmQ0vAe72Ou2VrSrPrurLi3rIBz
 F1cAry7Hm6ncRLGEI8FqohNq9OVSXwecokf5yuCCnPv0q0zJiVixcKMvtX3dLi6r3Mgy
 Ad+w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=0t3dw23LYO7KaJ6voFBl2V9URgkrKmEjm+VodO24yXE=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=NOeJNjIPeodiv1jjtZsytVQDGof3amrLdJRM8XkpLcguOXX7v4XbRampG4rHTOXEnu
 d1BCOkDZUy4/pXzCd2Y8uPMUb5FQukCZygmmTVvIRdZdHibbiccomaZp4lkMd+v0tNUi
 bg1jq8SI1usManV/5uchiiu5rGfB5kL95pC2Si98INdOg5fdFUQXV/8Igo/W8s/WJSiU
 MfHo8kMIT6t1yRFTn6dnM/ojFxSoV4DT600oUA3Fyec0LTPb5jSuHjcpk6Uf5H1OuEFC
 QgSfoHh9tg8OddHQA7fs9h0vd7c/XmnhFNBbDqZopoq470S6mYoXQuONRqqZd0Z9l5t/
 7ORg==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=G1DZrjxE;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 6a1803df08f44-6bb3fac7c83si116869646d6.418.2024.07.30.02.42.17
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:42:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=G1DZrjxE;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLP-0003tG-Bh; Tue, 30 Jul 2024 05:40:35 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLN-0003mI-Ec
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:33 -0400
Received: from mail-wr1-x42d.google.com ([2a00:1450:4864:20::42d])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLL-0000cK-53
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:32 -0400
Received: by mail-wr1-x42d.google.com with SMTP id
 ffacd0b85a97d-3684bea9728so2289766f8f.3
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332429; x=1722937229; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=0t3dw23LYO7KaJ6voFBl2V9URgkrKmEjm+VodO24yXE=;
 b=G1DZrjxEx0hR/Re43a/s3hVE/4zF4zqBb9mujMooXCK2GqfBhjx2wKQBb8fRpcxr3m
 SNidaAUX3gzplGfLYtKp7rPqlFJlhF4qCQxyrxt+c5ASNQ6lKO3K0IlzUHXVql1zWsQG
 wBicXxx0X3Ssb8JJsDZpat9+LiVJryk/gefu1L0Eh1LYIuZxqJNszyNP6+5YgcrIliYj
 b+IfvUjOSyUX+Eqn3WHIyvaGtj2wIuO0gr/RVVF3n3A7fjXVZ37qp9tU9vCqclecN9U7
 vdPnXDCjp4ji6QAcK9avj9OZ5eAj2XJLS+3925RAdOrG07HiXHp6PWGZJAmmrvmDkBaC
 /f2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332429; x=1722937229;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=0t3dw23LYO7KaJ6voFBl2V9URgkrKmEjm+VodO24yXE=;
 b=K3de6EuOEQGwLKlvsi9JPU+NAdtD8NV5a60kfqlc5a3jXSJi7cwgOAc8cj3QcyAep1
 FoH45bDCGq2Ks2odR6KIY6yrZx9iKjLgI2+mwGEIOOB2BvL7+6lbdF+i+v/1nL2pT8Vf
 HbCRGqF5G/+2tSKeh0DRXc881HpdlqraJIS0Q3/ERc3A8c0pUJyC0Ni7e6mlvvsW7u73
 3D0aRgxoSdnHJ29Nk2Y4D/IaQCOkY9b9EZ7LJUFls1NKNCynCwVL1Lq6PbkFkQXwsmD7
 Hft/uax5RtRW+X3X+aLb0K5QajQJjFhNP7AJQ2Cr7UMgIOljYoPqmlLFMJAOIYYD8Bdp
 Bf6w==
X-Gm-Message-State: AOJu0Yx3UQo1tgypQz1V3XtTbz1U61eIrTcuC9vZpjh/MMTcJ6HXfS8S
 dEEOH7NReVrV5C2UtjsshtL+j0GhTuXiAGEe6ojxHSp3i09j9Uhdv/ed/WvsDUfQMdWQsT7GLST
 Z
X-Received: by 2002:a5d:4c91:0:b0:367:96b9:760a with SMTP id
 ffacd0b85a97d-36b5d0ae662mr6825401f8f.41.1722332429644;
 Tue, 30 Jul 2024 02:40:29 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.29
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:29 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 13/21] target/arm: Fix UMOPA/UMOPS of 16-bit values
Date: Tue, 30 Jul 2024 10:40:12 +0100
Message-Id: <20240730094020.2758637-14-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::42d;
 envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x42d.google.com
X-Spam_score_int: -11
X-Spam_score: -1.2
X-Spam_bar: -
X-Spam_report: (-1.2 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 THIS_AD=0.899 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

The UMOPA/UMOPS instructions are supposed to multiply unsigned 8 or
16 bit elements and accumulate the products into a 64-bit element.
In the Arm ARM pseudocode, this is done with the usual
infinite-precision signed arithmetic.  However our implementation
doesn't quite get it right, because in the DEF_IMOP_64() macro we do:
  sum += (NTYPE)(n >> 0) * (MTYPE)(m >> 0);

where NTYPE and MTYPE are uint16_t or int16_t.  In the uint16_t case,
the C usual arithmetic conversions mean the values are converted to
"int" type and the multiply is done as a 32-bit multiply.  This means
that if the inputs are, for example, 0xffff and 0xffff then the
result is 0xFFFE0001 as an int, which is then promoted to uint64_t
for the accumulation into sum; this promotion incorrectly sign
extends the multiply.

Avoid the incorrect sign extension by casting to int64_t before
the multiply, so we do the multiply as 64-bit signed arithmetic,
which is a type large enough that the multiply can never
overflow into the sign bit.

(The equivalent 8-bit operations in DEF_IMOP_32() are fine, because
the 8-bit multiplies can never overflow into the sign bit of a
32-bit integer.)

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2372
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240722172957.1041231-3-peter.maydell@linaro.org
---
 target/arm/tcg/sme_helper.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c
index 50bb088d048..3ba826a6ceb 100644
--- a/target/arm/tcg/sme_helper.c
+++ b/target/arm/tcg/sme_helper.c
@@ -1162,10 +1162,10 @@ static uint64_t NAME(uint64_t n, uint64_t m, uint64_t a, uint8_t p, bool neg) \
     uint64_t sum = 0;                                                       \
     /* Apply P to N as a mask, making the inactive elements 0. */           \
     n &= expand_pred_h(p);                                                  \
-    sum += (NTYPE)(n >> 0) * (MTYPE)(m >> 0);                               \
-    sum += (NTYPE)(n >> 16) * (MTYPE)(m >> 16);                             \
-    sum += (NTYPE)(n >> 32) * (MTYPE)(m >> 32);                             \
-    sum += (NTYPE)(n >> 48) * (MTYPE)(m >> 48);                             \
+    sum += (int64_t)(NTYPE)(n >> 0) * (MTYPE)(m >> 0);                      \
+    sum += (int64_t)(NTYPE)(n >> 16) * (MTYPE)(m >> 16);                    \
+    sum += (int64_t)(NTYPE)(n >> 32) * (MTYPE)(m >> 32);                    \
+    sum += (int64_t)(NTYPE)(n >> 48) * (MTYPE)(m >> 48);                    \
     return neg ? a - sum : a + sum;                                         \
 }
 

From patchwork Tue Jul 30 09:40:13 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815284
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp215364wrs;
 Tue, 30 Jul 2024 02:42:21 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCVoYyyazaaCBSz7BUz9tF35Pffu9/ajZzOyEj36LWzhN3nDkCa9hyHjQPhxcT4GjZ/tg75UF7nB82VkR0E2GubX
X-Google-Smtp-Source: AGHT+IG+ABcjZph4ephkP3KVoxx+089go6PtINtGNZVAPYpe+2luCmN/vk/zi9pVOZ4CwALnILCA
X-Received: by 2002:ac8:7f14:0:b0:447:e931:6ae1 with SMTP id
 d75a77b69052e-45004f59051mr110781981cf.54.1722332541509;
 Tue, 30 Jul 2024 02:42:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332541; cv=none;
 d=google.com; s=arc-20160816;
 b=mCEOKzlcSqbA9T9n3yXw7rbXZTGyS9gwU70M+XHSndJjnjmfwEIysrkDjMbkAmbGoi
 IjD7cfSnLM45zPJ5NHEGp+2sAirtK+De1xwY4AOI/1oVELHdJD7LpTKUbAMML3JAdffs
 I4C1tX9qrsvVJOIARShGOjA+Tts1kgWHr7DBZm7QMD0e2dmgEy6U1l2j03lVeof6vy5Y
 0EGFqmuv40T6/NRCZc9uNfGF1JGjBov2dpQMlXlF+lr6dnWFp7R6bbDmPg4QLnJm8dGj
 ydsh3chgDmtpLyRLfKI3oFMk+AGITGRErxExxxUPrHSzrEFYdVHCrV9w+sAMdb1v4Kpx
 bVKg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=bV8H5RVK0b+LxsupxZcm8cD3g3amlRE8yjf1z8/+Mwk=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=RyuIr1yr3s61/c66I23RnMs6z7wO0MVNcSPhWBKJ/GzD6vcupKRPHiroF6zYmlWa9Y
 VA1zCmf9Bk6dqUM/Q4swvq1LTABV+c/dfggDa1215UJ9uYb97M+7xzjOhjzVSgoA9DXr
 XsXh0LhN1hTSMuepXxGZ9yO82InkRusKMYfFZdKIW+Vw5qY0Xd5HCoAGvd/t29BwoXuL
 wZJ/5RUI9/ZJVvhrEND+7287ielMndf53X5OZVD8Qm2slXPKiZfYpdTNnbdWsdiUL6eb
 j+ZT/APb6htfdojtt5eWtM4+2j2addQG9tIqN8uT5hQUHoVj+ckp6xhmj9iI+v6sWAIx
 mSZw==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=DDOLs4fd;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 d75a77b69052e-44fe81fbdfesi123052551cf.298.2024.07.30.02.42.21
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:42:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=DDOLs4fd;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLP-0003sk-1S; Tue, 30 Jul 2024 05:40:35 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLN-0003mL-Er
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:33 -0400
Received: from mail-wr1-x42d.google.com ([2a00:1450:4864:20::42d])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLL-0000cT-IH
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:32 -0400
Received: by mail-wr1-x42d.google.com with SMTP id
 ffacd0b85a97d-368526b1333so1544766f8f.1
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332430; x=1722937230; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=bV8H5RVK0b+LxsupxZcm8cD3g3amlRE8yjf1z8/+Mwk=;
 b=DDOLs4fdM2IeNlbh6TtmsLdxaGCc84bXoFcunIZCXH8GLagfROfSmSAQHlgHcLObEQ
 cMcEv+UwP3oAkAynKdgIQ4DhKOc0gSeSEZfAeZj73PpREaViNfFnKwug/qYb4LX/Pbpd
 zAEKDuFV2ZQPXFevJBuD6fdspbyJ/c1YxhZbZ9pHzRevEzwC8eKrEpBdvkAg6OTaQg2Q
 OPPNGYsfVY5HR3ZK/qPXMGjgptac5aJggGbBu/0S7gQVXxZJlbaWzSez6p0INIb2IJy9
 fwgQZVURLAqi6Fp4DzK4luU/aN0bmSidzPOYZGUrWy6Epknkvi67raNk+mG8GQZBngQh
 2zig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332430; x=1722937230;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=bV8H5RVK0b+LxsupxZcm8cD3g3amlRE8yjf1z8/+Mwk=;
 b=gdIi5ryp26NT5IA9ZvAfpbQwIumZ9gN5yAdRAE7YlamjeCZAq5KHfKhtDRyobm26Ch
 GHa/pj5f1gi5d1rU7jtjprfoHEUZZOTvfKi5NlA5Mywin6toTWLsdXVI1CrK36TWdHhr
 aIrhHUQpdFjHh6txWpnCsVgkrgTqWXDf5Fmq5HaugcOLpOwLcu2C7BCrUrCtz8r4Q7Vc
 qTIlTMFB2qS52IO9ZTFtEvKXWQwNu/+tjNJhgCTCnBUy4x3++BDYvGR5DQJndl/GEF3f
 geLm9lIiojwfTer+XDVFqcEIAK11xekRrZTWAjS4IhHZVzTMOvt97Ca07lk71n3vy5mB
 /KcQ==
X-Gm-Message-State: AOJu0Yxl+Sd1sas6t7/72XicMpxlN9f1qwRsdb0B/ifC0wPHh4SdfEIg
 Kq8hbVQd4X6ERLCbMfeMVA564whglgorARpLrpSSZLq545WAxn2JeVKnQ6b7F1dCXjGiK+h68ms
 s
X-Received: by 2002:adf:f549:0:b0:367:8fd9:db6b with SMTP id
 ffacd0b85a97d-36b8c8df31fmr1081238f8f.9.1722332430071;
 Tue, 30 Jul 2024 02:40:30 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.29
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:29 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 14/21] target/arm: Avoid shifts by -1 in tszimm_shr() and
 tszimm_shl()
Date: Tue, 30 Jul 2024 10:40:13 +0100
Message-Id: <20240730094020.2758637-15-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::42d;
 envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x42d.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

The function tszimm_esz() returns a shift amount, or possibly -1 in
certain cases that correspond to unallocated encodings in the
instruction set.  We catch these later in the trans_ functions
(generally with an "a-esz < 0" check), but before we do the
decodetree-generated code will also call tszimm_shr() or tszimm_sl(),
which will use the tszimm_esz() return value as a shift count without
checking that it is not negative, which is undefined behaviour.

Avoid the UB by checking the return value in tszimm_shr() and
tszimm_shl().

Cc: qemu-stable@nongnu.org
Resolves: Coverity CID 1547617, 1547694
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240722172957.1041231-4-peter.maydell@linaro.org
---
 target/arm/tcg/translate-sve.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/target/arm/tcg/translate-sve.c b/target/arm/tcg/translate-sve.c
index 798ab2bfb13..a72c2620960 100644
--- a/target/arm/tcg/translate-sve.c
+++ b/target/arm/tcg/translate-sve.c
@@ -50,13 +50,27 @@ static int tszimm_esz(DisasContext *s, int x)
 
 static int tszimm_shr(DisasContext *s, int x)
 {
-    return (16 << tszimm_esz(s, x)) - x;
+    /*
+     * We won't use the tszimm_shr() value if tszimm_esz() returns -1 (the
+     * trans function will check for esz < 0), so we can return any
+     * value we like from here in that case as long as we avoid UB.
+     */
+    int esz = tszimm_esz(s, x);
+    if (esz < 0) {
+        return esz;
+    }
+    return (16 << esz) - x;
 }
 
 /* See e.g. LSL (immediate, predicated).  */
 static int tszimm_shl(DisasContext *s, int x)
 {
-    return x - (8 << tszimm_esz(s, x));
+    /* As with tszimm_shr(), value will be unused if esz < 0 */
+    int esz = tszimm_esz(s, x);
+    if (esz < 0) {
+        return esz;
+    }
+    return x - (8 << esz);
 }
 
 /* The SH bit is in bit 8.  Extract the low 8 and shift.  */

From patchwork Tue Jul 30 09:40:14 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815294
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp215817wrs;
 Tue, 30 Jul 2024 02:44:07 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCW676Zpi3d7Wax4umyjF30At3KsKYpTA8dW2/Md6yf0W/oTU4tI3VsMHptBEeLKcMJ/LPYwo/QROlU+0DXe/SbK
X-Google-Smtp-Source: AGHT+IGt2hRyoiLx6+UEHb463ZL4HBzbTLMESd91Se3mDqfpdVUx0sojrwFNdjHU9U2Kf1FQGi/+
X-Received: by 2002:a05:6214:2029:b0:6b0:68b6:4605 with SMTP id
 6a1803df08f44-6bb55a52a25mr159766166d6.23.1722332647710;
 Tue, 30 Jul 2024 02:44:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332647; cv=none;
 d=google.com; s=arc-20160816;
 b=WUIU5spjY493FWqYA6xdbGF08BWz4w/qfpFDN6qdnuOAPf81LtGeqSV2UU60UfFOnp
 7LUny+ATsHgAewqWKyob6HRFCR0AsEPxBQ4ZbM9W+DBTE4VE7FociQUIojt4HY2ah5Yn
 sdMpj8UcNScSkdRSZTf0ahXVvfgGqx5/Sov/ZQqrcNmzg0LjN02m2JI37DN3Bjgq5MW/
 fChjtSiorWHxPKDbHI8f4SRGs4kV2PCCvroaWXRL2Hdzi+Cs7fKw+7drR22zpeIUTJBV
 CM7jWbx9E57JAdAmDNYaQTGdukUn244dRQXcU+Jddja++MPOE1rRHdqZs2GVBM2e2Oox
 ZEhg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=06XQlRqaiDDlTS/bWwdh4Kb7Kl/gVH3uLLyO2TZuWqM=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=zT3Ta0GkDh329nCdE4X6ppeYFPwdXuy0DFRKxGHg4BPCxuC+0EZ1MO9QHfqrY5i6HE
 Q5+FUgMW9frNZVD2KJAgIhzTxpX36SC33NcbUYX/9IFrWAZWO6yjfVYPJ5D9mSRajCeq
 +HdK4pYvLOdNFKGtmgdVGfI7T64C8SPwv5R2Xcgf4DcP4gnhzuYBx2pyVEvyuKWoYO7Y
 EwF8C9kVJAgHPqmFBPUB8D22YjaPt07LfR4FDhyuzrSYTDSy+EMMCcREsiRE4LONMCXF
 OArFmQhXMzTbJ0id98aVncQNZiaVN/4lSJoNBCNjwUMrcaFQTS4kW1eL6jw7PwP0IdNq
 ztZA==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=BtIIc3aR;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 6a1803df08f44-6bb3f8cbacasi123763276d6.102.2024.07.30.02.44.07
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:44:07 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=BtIIc3aR;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLR-00044C-Ni; Tue, 30 Jul 2024 05:40:37 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLO-0003oo-2g
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:34 -0400
Received: from mail-wr1-x430.google.com ([2a00:1450:4864:20::430])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLL-0000cd-RR
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:33 -0400
Received: by mail-wr1-x430.google.com with SMTP id
 ffacd0b85a97d-3685afd0c56so2044926f8f.1
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332430; x=1722937230; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=06XQlRqaiDDlTS/bWwdh4Kb7Kl/gVH3uLLyO2TZuWqM=;
 b=BtIIc3aRF1ZS62sZDoM5oACm8M+d9FWOPGsBpczLqKS0wnEATg0zm6luq8Rm7yi/nJ
 z/xm6UsrxrhMSmxePSX/cSKbG4BChChWvGJ1oDkYq0ORK2iJfe3R19ay6qcEM1PLB3eg
 j+wxKbBax2Jv18HtG/JSu5RHNP7Ap16he5hiWmtNVDLSciaDoKWcB50wmKGVp3RUxFdo
 WWIlY6gK1ntPuo35L4polyl9VSqs/NCuD/nbtvfvbnMyZjj9doUJwNob8YNlWn8cAGP3
 +PNgSY5aY+2n0C4rRht7Gza8PeWs+ymNikHMLgTyq/fuL+GWALgS+diYkQ1YIMJS4BGX
 Nrog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332430; x=1722937230;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=06XQlRqaiDDlTS/bWwdh4Kb7Kl/gVH3uLLyO2TZuWqM=;
 b=Wwi9WuisV5xlyyUG2XpAFyIGRDMUlzEAVhj57oEpYFpg1SsXtIitrCtQazkJjx0JKE
 ChwyenjrgMZdjnAXP3TDiw4EwX2O0JQG65mGZqEMDbg6jMZXtBKIrbwi/AVeL0b3a2CT
 uQjx7EomnxVjujhyY5cYnp3w3qelfkPwxyuKJhrA2cwJ0U8lO0DTEV02BvLxMO+Tjh0B
 18aVm2VPiep8RRKp4zl6guwRDGX1I691Z8lI0Yn8QcpiKstkp1YXI6zTWZ7yTYMtq9QK
 I18RjoFSN0toaWiy2lSSCuX4bmFJC69BesbbgxgDY7icoqHq2aZ+UBNTXOl6uXmzlnsI
 Qe3Q==
X-Gm-Message-State: AOJu0Yw+lMaxcDG5Almge5RHubsyheMjXWcYgY6NMhJFOdjGcfHYokFo
 fBG/+u4YgtYTjXyY0kboGtdSWx9weRLgKrdlXSj07OYmgc7p2vkHsbuP/mUF2EIRy8VN4PFikzc
 k
X-Received: by 2002:a05:6000:186c:b0:368:4e28:47f7 with SMTP id
 ffacd0b85a97d-36b5cefd51dmr8858749f8f.6.1722332430466;
 Tue, 30 Jul 2024 02:40:30 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.30
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:30 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 15/21] target/arm: Ignore SMCR_EL2.LEN and SVCR_EL2.LEN if EL2
 is not enabled
Date: Tue, 30 Jul 2024 10:40:14 +0100
Message-Id: <20240730094020.2758637-16-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::430;
 envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x430.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

When determining the current vector length, the SMCR_EL2.LEN and
SVCR_EL2.LEN settings should only be considered if EL2 is enabled
(compare the pseudocode CurrentSVL and CurrentNSVL which call
EL2Enabled()).

We were checking against ARM_FEATURE_EL2 rather than calling
arm_is_el2_enabled(), which meant that we would look at
SMCR_EL2/SVCR_EL2 when in Secure EL1 or Secure EL0 even if Secure EL2
was not enabled.

Use the correct check in sve_vqm1_for_el_sm().

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240722172957.1041231-5-peter.maydell@linaro.org
---
 target/arm/helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index ce319572354..8fb4b474e83 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -7232,7 +7232,7 @@ uint32_t sve_vqm1_for_el_sm(CPUARMState *env, int el, bool sm)
     if (el <= 1 && !el_is_in_host(env, el)) {
         len = MIN(len, 0xf & (uint32_t)cr[1]);
     }
-    if (el <= 2 && arm_feature(env, ARM_FEATURE_EL2)) {
+    if (el <= 2 && arm_is_el2_enabled(env)) {
         len = MIN(len, 0xf & (uint32_t)cr[2]);
     }
     if (arm_feature(env, ARM_FEATURE_EL3)) {

From patchwork Tue Jul 30 09:40:15 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815293
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp215807wrs;
 Tue, 30 Jul 2024 02:44:05 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCXj+nyAcfIFbmj/yNIdl1Cnfuz63jAPTQMpG65+8HO0BESJAE2di15Cuf2FFHtdFhSnQGvDQDIB32NRcO/IosjJ
X-Google-Smtp-Source: AGHT+IFErlcSUJp/C3n3/suGXgfruryZy/+0/0QTVzSzjsXvQWNF8//XtWNQs9w+UUSDfRnHDsUs
X-Received: by 2002:a05:622a:19a0:b0:447:d7d8:1150 with SMTP id
 d75a77b69052e-45004f2dacfmr107565051cf.41.1722332645546;
 Tue, 30 Jul 2024 02:44:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332645; cv=none;
 d=google.com; s=arc-20160816;
 b=WH7ELOqcytG0cBZ9j2oT7Icw8kb2vkjyERmFQEyN8jTG9oeha2k2OzsPUyVWJQRQDl
 SCnCgZNw7Z3ytOooJdp6c+YqdbeZI5mdYUjrmu55Fqzhbcdu2J1IK4AgzYFQp4l/Zbr2
 QeKD3QgusXdkaibYO2KaBFyieNX6tQLJ0DjTRZ+RVwUCw7q1ndo9pnoMlp2l7Dg8Ygdj
 nrRCe2rpin9pNOMkdUaStuVaLyrUsgIGuwVd32V+GKuhk0ka7ZqhsJWmI2YnEyVduR4d
 WMLo/n4MrvVoDBuUz27kat72EOlFh5e4s43YFzeqOch53nOCXi14BLyy9v9YdsPmBB1Z
 qsoA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=Rm4cAgPkSZIkkBZ/4z1vocwRbdja/wzHAdJooiJoAB0=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=kypZBT6mxCmALyMrMOcWYAKQbxm1WbuG6A+N4bP1PZMRF5iTK9Z7wGNx7tXC8JBjbw
 54crbn6b9DTxj6Mho8a22pXBnmwZztyF8FlpsZnaj8/DlGW3UpeAY6Zaz8OnTZaKIm9O
 zoCC/EoLXKU/RGhlS8zpi1HXjwFngwyQf4IbAbikVEEFfYWUJOyeRQ7Lh6uUnZirda7A
 V6IY+Y3EDK8sDO9PNEbTgEVolBmVzPw8ksUGpmOQpScIIDjon/cPdhiwe5AvOn4K7xZJ
 6xY/qfW5+NAVm47l8NkXT+eaE3cGsw+JlhPIBTo2cpD1WID1j8KEdGuPs4rDyhrvsoJ6
 HDdQ==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b="Mg//dpd3";
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 d75a77b69052e-44fe813d49csi122208071cf.110.2024.07.30.02.44.05
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:44:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b="Mg//dpd3";
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLV-0004K5-IG; Tue, 30 Jul 2024 05:40:41 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLO-0003rG-L8
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:34 -0400
Received: from mail-wm1-x332.google.com ([2a00:1450:4864:20::332])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLM-0000cw-KL
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:34 -0400
Received: by mail-wm1-x332.google.com with SMTP id
 5b1f17b1804b1-42816ca797fso20884055e9.2
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332431; x=1722937231; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=Rm4cAgPkSZIkkBZ/4z1vocwRbdja/wzHAdJooiJoAB0=;
 b=Mg//dpd3EZ8cAA+pczh29wbZphM7sdJM8IoaQXqHGbQEXaLryji8D3RKOFzFUNt2mt
 6yyCGCtYhsA0DtRaTIVvK7KZT/PLlW92NEJPHF4WYtqSIxLEhKt/5x0MvK99CbB6D0D0
 /rLhEBY+ZxATtMuY8Zwjpqema43oOsKd/eR+xrIjZlA4uyl63Kw5/1Boga8BejNr30IZ
 5P2CFJ9ka3tMVfnaDewZHsbHdE5TwGv3PhQQYdrfSdeDd1Lx/6XW5Ibzqh815l5hoFUR
 vOAmgfGi35MTny1obxQ/tpjeloWbbfoF8IiTn/RN7MGOkRWVXLow71b3r12AjgAOJ5D+
 h6ZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332431; x=1722937231;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=Rm4cAgPkSZIkkBZ/4z1vocwRbdja/wzHAdJooiJoAB0=;
 b=ui9WKgCOzf5oZ7gKCxuuNpVgqXgLV4WGjFUO3Y7v2VLKFM998yfW9CxV/rrR708c0G
 v5X+0MCKMlzkpZztPDay7S4d4D916adFHRhzvCQsi5Uxi8PhrggADR0kZTqAICV2jIUQ
 pjhBdU+mHufgds8Ink1xXdIjvOUoYD32BKkIy2GxqXo8zqCX8t3DZ5tqNeKJoI7BLPx+
 OJB2ej2gC2pzvzvaLsg/VA4AZzXI0LM+Z/iEO1LAleFFtjoQzZDTT+iRo/TaHdbYKYho
 GiWeJF7NcJ+DIXa5xoBx1e+Mi+tYaq/0eHZp3YMJpd5NuRP39uIVit3tiq0ue8zQNWSw
 lz0g==
X-Gm-Message-State: AOJu0Yz9UlkooTJPL2eVWpgLGAhbwuHAvxdKUMLLsSkEdFfLLCsaBS+U
 n2+aoeYnpCDgtL8siz+D7XJ28/LNXCc13MN17SCbRvSLpli1ga1jXagqlPb0qB/jIuu0fTRyp2+
 W
X-Received: by 2002:a05:6000:4d1:b0:367:8847:5bf4 with SMTP id
 ffacd0b85a97d-36b5cee9bbbmr7710993f8f.10.1722332430904;
 Tue, 30 Jul 2024 02:40:30 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.30
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:30 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 16/21] target/tricore: Use unsigned types for bitops in
 helper_eq_b()
Date: Tue, 30 Jul 2024 10:40:15 +0100
Message-Id: <20240730094020.2758637-17-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::332;
 envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x332.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

Coverity points out that in helper_eq_b() we have an int32_t 'msk'
and we end up shifting into its sign bit. This is OK for QEMU because
we use -fwrapv to give this well defined semantics, but when you look
at what this function is doing it's doing bit operations, so we
should be using an unsigned variable anyway. This also matches the
return type of the function.

Make 'ret' and 'msk' uint32_t.

Resolves: Coverity CID 1547758
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240723151042.1396610-1-peter.maydell@linaro.org
---
 target/tricore/op_helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/tricore/op_helper.c b/target/tricore/op_helper.c
index ba9c4444b39..a0d5a0da1df 100644
--- a/target/tricore/op_helper.c
+++ b/target/tricore/op_helper.c
@@ -1505,8 +1505,8 @@ uint32_t helper_sub_h(CPUTriCoreState *env, target_ulong r1, target_ulong r2)
 
 uint32_t helper_eq_b(target_ulong r1, target_ulong r2)
 {
-    int32_t ret;
-    int32_t i, msk;
+    uint32_t ret, msk;
+    int32_t i;
 
     ret = 0;
     msk = 0xff;

From patchwork Tue Jul 30 09:40:16 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815296
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp215860wrs;
 Tue, 30 Jul 2024 02:44:17 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCXpa9K8E7XDWkF6HLfO6Ekd4saRcLzj3oqgC1TqJm/+rupBCHKvJADTy4GyH53JGYD/+31rEEQYdjY4epD4PmLx
X-Google-Smtp-Source: AGHT+IFilJhxYGnVzmEtS52gBHJxboF9op+nKs1ptWlfGr6qLQE+Xu99okDWKoApjbgTGDPoig/T
X-Received: by 2002:a05:6122:1e06:b0:4f5:261a:bdc7 with SMTP id
 71dfb90a1353d-4f6e68ea590mr10685214e0c.4.1722332656891;
 Tue, 30 Jul 2024 02:44:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332656; cv=none;
 d=google.com; s=arc-20160816;
 b=efjq+y+99ShFovA8PoU0FgsAd6DEj/GC89ZS7PzFbIrrvpNDJupk9TxDnLYGfG1v4S
 b25gOoRYDGt2BdHNXs9BJ0LBznmPWA7aCsBSsnUXxrqTl4VvMu12rdswWJ6u15WWcKID
 2cJjxvYnyCubJKnI+ppZxL9U/Q7G/dIa4rvGQwe48VBvJNAVQDmuf9ZZ+uezYj4p5rM5
 keFnYg+lGRFGB/M8WtfarjZ+D8gt8kkqRKMJWEuyKhH2Ch487ijSKto7Hn0JOSZPIXq1
 dIj1jp9SzIG4JnTMEZ08boC7QtZCMUZ0hXzyMV1FWiOrFsaUcuA0YAWVQZh7EgqVYAFz
 MzwA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=kU9D23p+W3yoB6z9qvYF5ze3lbw4IbqA/FP/4T6R+9k=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=awY7X1KiMzqt78Hb60RccOaBJ9uxszkPRQPrhaW8eQgU1UpjUe7GD+6Qd5sBFzGC6G
 4FPxkVmkrrh2uH7L4830f3RUPiC6IN4W7qrgAaVGbW0dThOCI8eGOkouFGHhASOmBK74
 BEk2GNXiLld+5ttyFt0fc8nwyEwvjybu4dc3qqEPx9o4URJXSVgJl68qKODx4TRElNDf
 yR3Ho5omIWn7sRgKrSNcyO14VHXz76oMjxMQ5D8gZGsbfIitk4/OYF9lT2nzp4jFm3f0
 pO7erVRw/IztkA4GkIJnzmtsD87+ZJjke+ZBbASIJeK03MpMOpRYKsU2uowbqFZFwjHT
 mnGg==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=mzn1ljL9;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 d75a77b69052e-44fe813728dsi120424421cf.72.2024.07.30.02.44.16
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:44:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=mzn1ljL9;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLR-00041z-4e; Tue, 30 Jul 2024 05:40:37 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLO-0003rn-Pv
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:34 -0400
Received: from mail-wr1-x434.google.com ([2a00:1450:4864:20::434])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLN-0000dA-5B
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:34 -0400
Received: by mail-wr1-x434.google.com with SMTP id
 ffacd0b85a97d-368663d7f80so2042983f8f.3
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332431; x=1722937231; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=kU9D23p+W3yoB6z9qvYF5ze3lbw4IbqA/FP/4T6R+9k=;
 b=mzn1ljL9ldqf2tn5wsodeTq+tXrBm8HuULVBDKqkxGZhq6uM77EQ9V/7PjXZrOzWCK
 eKigAHcQrIHm572u7/Z6ZEnIQE9iKbV45AmxMDZZtB1vrqWvRlzjTqlnG0Q89mUNywDG
 NFw6WEg9Ncng9jJZIu+1RIS9tf6VG40/S7UZ2S2qOi+lDnDQ2TX2zVSCfkYziq2wEtMa
 1U2UszD/o08olF4+/a4SlmIpTK3IYQh2iz9KaQQPu30MS+uJymLmeKkLCklAcUvGM2zH
 RSLagYNGBvCtu+BRrc/M7VYc2Jmd9cgl35XlmorjwZCd0VLxXhVz5CSJRTor/cH2/etT
 rUOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332431; x=1722937231;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=kU9D23p+W3yoB6z9qvYF5ze3lbw4IbqA/FP/4T6R+9k=;
 b=U14Jz07RmtAQEz5lXyuBvTH1cQyYGyuYxg0qqX8OP2O/Qlw0q6I8MBGDPEZDy//1nn
 AK207r7qexrtYmYQKsDpNvZyLgYxp2PS8ty9QrUVEaCV7vA+CI4y5bbTbBDOsZdxRp02
 NwW6zQ1YxVAxCbc0YEzNpfW7OG6a4nFWesVr/II3IjYOAlBwawdwJ2FS7M9HAvwqFcAb
 IUUG1cR19paUZNp7uOplCL5aXxeqWKEqsn4eEqqJjnKBHfOM+YCbQJZQjyS2Yb0rqiz8
 Oj5UgteGEaA+njoQeWPqNCcho/r7A7tsmMP425whHZf8hBLUsBMnWBJKy1Dbrug0bg5R
 i/dw==
X-Gm-Message-State: AOJu0YxI1Bt6aMakxP5NRLYQu+dEvuvSfv1WC7dFGYKFoz5CoL/fc/UO
 085A1XHPl6jXkndmyFbALq+MZTnnDaAvxz4NyuihyjJgvIT6FMNmwElkipxlS2Dom7/0oRoSREx
 J
X-Received: by 2002:a5d:4e0d:0:b0:360:79d4:b098 with SMTP id
 ffacd0b85a97d-36b5d03ce06mr5650520f8f.29.1722332431397;
 Tue, 30 Jul 2024 02:40:31 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.31
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:31 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 17/21] target/xtensa: Make use of 'segment' in pptlb helper
 less confusing
Date: Tue, 30 Jul 2024 10:40:16 +0100
Message-Id: <20240730094020.2758637-18-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::434;
 envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x434.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

Coverity gets confused about the use of the 'segment' variable in the
pptlb helper function: it thinks that we can take a code path where
we first initialize it:
  unsigned segment = XTENSA_MPU_PROBE_B;  // 0x40000000
and then use that value as a shift count:
  } else if (nhits == 1 && (env->sregs[MPUENB] & (1u << segment))) {

In fact this isn't possible, beacuse xtensa_mpu_lookup() is passed
'&segment', and it uses that as an output value, which it will always
set if it returns nonzero.  But the way the code is currently written
is confusing to a human reader as well as to Coverity.

Instead of initializing 'segment' at the top of the function with a
value that's only used in the "nhits == 0" code path, use the
constant value directly in that code path, and don't initialize
segment.  This matches the way we use xtensa_mpu_lookup() in its
other callsites in get_physical_addr_mpu().

Resolves: Coverity CID 1547589

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Message-id: 20240723151454.1396826-1-peter.maydell@linaro.org
---
 target/xtensa/mmu_helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/xtensa/mmu_helper.c b/target/xtensa/mmu_helper.c
index 997b21d3890..29b84d5dbf6 100644
--- a/target/xtensa/mmu_helper.c
+++ b/target/xtensa/mmu_helper.c
@@ -991,7 +991,7 @@ uint32_t HELPER(rptlb1)(CPUXtensaState *env, uint32_t s)
 uint32_t HELPER(pptlb)(CPUXtensaState *env, uint32_t v)
 {
     unsigned nhits;
-    unsigned segment = XTENSA_MPU_PROBE_B;
+    unsigned segment;
     unsigned bg_segment;
 
     nhits = xtensa_mpu_lookup(env->mpu_fg, env->config->n_mpu_fg_segments,
@@ -1005,7 +1005,7 @@ uint32_t HELPER(pptlb)(CPUXtensaState *env, uint32_t v)
         xtensa_mpu_lookup(env->config->mpu_bg,
                           env->config->n_mpu_bg_segments,
                           v, &bg_segment);
-        return env->config->mpu_bg[bg_segment].attr | segment;
+        return env->config->mpu_bg[bg_segment].attr | XTENSA_MPU_PROBE_B;
     }
 }
 

From patchwork Tue Jul 30 09:40:17 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815295
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp215835wrs;
 Tue, 30 Jul 2024 02:44:11 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCVr+lJQdEQcBxzkOPWCxF2ftxaz6X59srLaZh3Gtespdg3+sEZxqO97axwQbYwEQeN8rntHzNz+pjNaASAjLlqP
X-Google-Smtp-Source: AGHT+IF53f+g5wKRiZAFODpuAIN1ORCL5L1Oz4GYHwQVNCi8eLNC6EyQbjYjdqK92+gUMZN95SfS
X-Received: by 2002:a05:622a:1791:b0:446:3677:96a with SMTP id
 d75a77b69052e-45004dbc463mr143507921cf.31.1722332651712;
 Tue, 30 Jul 2024 02:44:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332651; cv=none;
 d=google.com; s=arc-20160816;
 b=QUkSEPf6kJ+zA5TLVzLzmJRZVd64C8yt3BHCITlXpx9VaRpjPOhus5MO4gQ4fyNe5B
 Z/i7bm2XkNdjtuV1JrlCLRS8nR9CnbdhBLBZNyWPp2Zk6yqsehAs9zJRirti0p6ASWRn
 fSFpVZnGjN9UvuPvY4knbmjFcJSQyuradsl2ugxqlf8zuFmfoSMQu3rDIg+QwjaKwAFW
 U198yw3WIs+crli4mXl+AoReF1YPxr03OSdm+jStSxikrVv73Dtdv/zgI7nsqtKrDXlB
 N9gUAonfq/KJiADh+x0kIXiDTBBl8O8F9MneDf7SCBO3xW+Ez2HHB7VoXRIt8RoJTAka
 Wi6g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=lVuR3ZLOLOt/AiMMURW3eUdzjUzZNpRvpqI9AHUBE2w=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=brhLXrPy3aEjH7PuwMAKzoOszd54mQw3MWLbAlB5mbi2bv98c0X6cEbIiRKP0YA46/
 sFUekeZflbHpCq+uXQWHBpezyNGmTtCm2NA7/7Jlh7cl6/Lu3w1dM4/4VnThcDraSovW
 rAvghllMUXrmc8Gk6ns8ZZhLuEEZ+WNpyKZt/mBMfsJze6usXqflezibccNQazFWBw2S
 jyEpwasxEX3+tK5eYb3mlGssxByKHqSX1R5tqVmBQ5bJJVg2JLFEgLCOoXhRwL4PIsLL
 VFsO932mMB97NHTkml6vde7J0ar78v93OXG9uxDJ4mQHQnWhADwYc6jg8l6eyCZpbjjQ
 mYEA==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=yPfzRwwX;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 d75a77b69052e-44fe8136fd1si120109791cf.101.2024.07.30.02.44.11
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:44:11 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=yPfzRwwX;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLR-00043q-Jv; Tue, 30 Jul 2024 05:40:37 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLP-0003tp-7B
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:35 -0400
Received: from mail-wr1-x42d.google.com ([2a00:1450:4864:20::42d])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLN-0000dQ-CR
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:34 -0400
Received: by mail-wr1-x42d.google.com with SMTP id
 ffacd0b85a97d-3687f8fcab5so1997966f8f.3
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332432; x=1722937232; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=lVuR3ZLOLOt/AiMMURW3eUdzjUzZNpRvpqI9AHUBE2w=;
 b=yPfzRwwXa0X/tc87ftEMJA0//2UCYz/gW8yn3/B+WvfCyAgsy2NlWx7JVUQqP6oUJo
 Il2VCLX3teA+sPEVriJj7/8Ixi5vU1kWLMPLxFpfrZBmwN2FRvmEo8LXMiSYjc+jTaR2
 zX2dFfbD4U8ms1ffXmcqeQuO4aGnDyI9V8TqJLHIvr4pP8VpzVv/a/IugHOOorIeUpiO
 3MZ5fFI6aLfCE97frjf+OODEBNnsrtixrzbHYEaDmLP0hXJ8ZW8tPJRMv+SbRGmgZwbP
 Zxc/hdBPfe1E9pXlHXtUHalx865R8QHHBsG0+XZskUawZjsNKSMSKyzFw+ZDNSdObQ96
 Ry5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332432; x=1722937232;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=lVuR3ZLOLOt/AiMMURW3eUdzjUzZNpRvpqI9AHUBE2w=;
 b=NmMOqms/IS4oolttJRuAzkXoZuhT/5H/9RWXYxVXz+vaab1Tis5mLw6oDELqZqPylK
 SzZkr8gOv1bs7gBflpdXl6zkkFKPdCWMrMErCBCfqgzbUavDHvrxaLjky9BTSxAR56vO
 JP+Dl8wfTxD6vNmPzIg6K6zm3tT50WQxWM71KnYVzmH6xZc6gZmrNs6ckxNI24HTujg2
 4Y5gVF72KG9KeuTGpT8Nf3c3UdjzPYgoIoWnD4MZOh+l+IhoDREmjipVGvzEMbSBwFtd
 E+pkar8QLBquQViKKI2dmwCY4vlye7wItv2m6h4cE2TZYFRQXqIOqY0cdqOC6g/LNkT5
 PbFQ==
X-Gm-Message-State: AOJu0YydkuiNaPySa0g6RfYZJWnPzubW/Z5nspE4+ldnDEie63+b6H/q
 Mc481ovOxleuq7GYsoJWnmtePa1Px1DnvpAV7joXxSi+KwdKpuclcFF15s8RJxxLpMxC1Rg6HjT
 k
X-Received: by 2002:a05:6000:120f:b0:367:4383:d9b4 with SMTP id
 ffacd0b85a97d-36b5d093e98mr6188697f8f.56.1722332431836;
 Tue, 30 Jul 2024 02:40:31 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.31
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:31 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 18/21] target/m68k: avoid shift into sign bit in
 dump_address_map()
Date: Tue, 30 Jul 2024 10:40:17 +0100
Message-Id: <20240730094020.2758637-19-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::42d;
 envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x42d.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

Coverity complains (CID 1547592) that in dump_address_map() we take a
value stored in a signed integer variable 'i' and shift it by enough
to shift into the sign bit when we construct the value 'logical'.
This isn't a bug for QEMU because we use -fwrapv semantics, but
we can make Coverity happy by using an unsigned type for the loop
variables i, j, k in this function.

While we're changing the declaration of the variables, put them
in the for() loops so their scope is the minimum required (a style
now permitted by our coding style guide).

Resolves: Coverity CID 1547592
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240723154207.1483665-1-peter.maydell@linaro.org
---
 target/m68k/helper.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index 7967ad13cbf..4c85badd5d3 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -479,7 +479,6 @@ static void print_address_zone(uint32_t logical, uint32_t physical,
 
 static void dump_address_map(CPUM68KState *env, uint32_t root_pointer)
 {
-    int i, j, k;
     int tic_size, tic_shift;
     uint32_t tib_mask;
     uint32_t tia, tib, tic;
@@ -502,19 +501,19 @@ static void dump_address_map(CPUM68KState *env, uint32_t root_pointer)
         tic_shift = 12;
         tib_mask = M68K_4K_PAGE_MASK;
     }
-    for (i = 0; i < M68K_ROOT_POINTER_ENTRIES; i++) {
+    for (unsigned i = 0; i < M68K_ROOT_POINTER_ENTRIES; i++) {
         tia = address_space_ldl(cs->as, M68K_POINTER_BASE(root_pointer) + i * 4,
                                 MEMTXATTRS_UNSPECIFIED, &txres);
         if (txres != MEMTX_OK || !M68K_UDT_VALID(tia)) {
             continue;
         }
-        for (j = 0; j < M68K_ROOT_POINTER_ENTRIES; j++) {
+        for (unsigned j = 0; j < M68K_ROOT_POINTER_ENTRIES; j++) {
             tib = address_space_ldl(cs->as, M68K_POINTER_BASE(tia) + j * 4,
                                     MEMTXATTRS_UNSPECIFIED, &txres);
             if (txres != MEMTX_OK || !M68K_UDT_VALID(tib)) {
                 continue;
             }
-            for (k = 0; k < tic_size; k++) {
+            for (unsigned k = 0; k < tic_size; k++) {
                 tic = address_space_ldl(cs->as, (tib & tib_mask) + k * 4,
                                         MEMTXATTRS_UNSPECIFIED, &txres);
                 if (txres != MEMTX_OK || !M68K_PDT_VALID(tic)) {

From patchwork Tue Jul 30 09:40:18 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815285
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp215405wrs;
 Tue, 30 Jul 2024 02:42:30 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCWJiI6w7FPdigd1AJZkdI1uGHETGRx9HNCS72NgI5x5MWcjlHG9vTAmQGF7RcNy9eqm9GTl5G2xS5HZa2x4uw9X
X-Google-Smtp-Source: AGHT+IHuAXQgRLDymwMvmW8lHqDIRRrcc2v2gsWLQlmrROSdMxOyAJmm9cgXMVlxoPUkKCOhUP6V
X-Received: by 2002:a05:6122:3683:b0:4f5:28e3:5a5a with SMTP id
 71dfb90a1353d-4f6e68e0d1emr12401863e0c.4.1722332550478;
 Tue, 30 Jul 2024 02:42:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332550; cv=none;
 d=google.com; s=arc-20160816;
 b=mxEK3Wpcng061C3i7zEcV2V/oakLdwBM6lTjD6l+DE6OUz6yqiBzhaia1Ypkxf0t+h
 mtIW/w+o50FUCSsub1ERIAft9qd9DKlM9x/QJRF5zbbsu9HrpubwOVaWFIV8ONPK+POF
 pwdMSx5XeaklWWkxtzedMAuVTuoIxyuhyG8QAV+YTTDCSDubUYFTP3brUMu3fDPFJDK2
 2HXSBIPllInFbpstE1iOPj58Aw5mCrECE6ilcWx+xm9ief1HVm/PZmuJqzVU6mCzmqg3
 gXot3OXD1l+bob2KMs03X6CRX3timGKGeuHjoQiVUG5fLUypmZ5fxVlmyyqOj6hLWnj4
 5qqg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=y9IjY/fhNilZFR1VTqsWrhWqxlwIIF2aeXKAohFdZZ8=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=AL8FJuguPh7nh1B5tLlIge21dY+f1oeUyR/FsKR+SHWHi6EuedpUNbLNuMGSc28fJD
 ZOOS3XKmTzBX3jw1A38b1Dupi2Fgn5Yvf6odaHyUxviP6Hv0STimJ8cln5gmYG+LlpFt
 fsEa1M3pKqK4rQlIbqKZ46WAelSn7XXM+Zf0ffaMuZGui4rLLnmTK9MEKC36915ODwNl
 vMEbDKvCvUD/2RCgwyNDhHnyJ7lb0vgV3IpZqUDsE7kGoW3+X1p7oMIh8UvY6QTpQb4V
 OLIOi0a30SnRbHz+rYvAvRT2KgDZD+suPEZDF3ualk6IUicaSevZDp08Aw2HpRjwujDn
 5h5A==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=DWnwCkv3;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 d75a77b69052e-44fe81fbddcsi122386871cf.350.2024.07.30.02.42.30
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:42:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=DWnwCkv3;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLT-00049h-0Y; Tue, 30 Jul 2024 05:40:39 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLP-0003vB-GL
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:35 -0400
Received: from mail-wr1-x434.google.com ([2a00:1450:4864:20::434])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLN-0000dZ-Ou
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:35 -0400
Received: by mail-wr1-x434.google.com with SMTP id
 ffacd0b85a97d-36887ca3da2so1923382f8f.2
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332432; x=1722937232; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=y9IjY/fhNilZFR1VTqsWrhWqxlwIIF2aeXKAohFdZZ8=;
 b=DWnwCkv3JRpt7N6/dYTLrTsCzywUp3qSCHFszcJ+Qvcaf6KNGZE7cil66PUL4dwB3w
 mGaztCpnqfhCdv90swb0PAJtcvCu8DLPa6+Y4lQGvU5hKeJSyShSsruGss5QsJQ0knIv
 5edUihVWhtlgJ31Vyh1iPH+Pp4SWUvp+A3wDhQPfOUgKnp/CidMEY0HmmvV3i4sBVsio
 IIjsB8uSWv/3trp9Jggm3bBu8oA7zNPSVmGjOekdQTeRIZqMI1le2Cv/ljykVWbK2Mnb
 egRgiyTMDpjK+CyQReGIL4A1c3HUJGlgJDc8kNlrUj9fCwNFxewzY1N04ynMb83RcnmF
 abJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332432; x=1722937232;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=y9IjY/fhNilZFR1VTqsWrhWqxlwIIF2aeXKAohFdZZ8=;
 b=aCUQG/xyinJcDP/YZxqXZwyykh1x3BDdUCE0zhippBE0umfMPr2mE2TyjayVfyhhkm
 w1Ig0kh3VFh4e5wLvxQSQcYqkfEHd9qqecorM2lXGbhVCo8T7pm8LJIG1pD8NzBjrUkn
 Ui9vn/vBnL2nUvQ13q6mN/Tv7UpWto3VuFj8N9MdzwXI6kI9oypu7Jp96g8pypOfjlp2
 /M0ggtpCci9InXkgzHQDXQYM8veaqA9Lf3wsU4yzwvWkkc1m3x4ti5HXdB9VG4ClM2yO
 VjjDCsmjIf1l0rY/eW6592O3GBjUK9txlEHlphtA93jjqO3s6zsqSpN79YScf1zY+GL0
 9F1A==
X-Gm-Message-State: AOJu0Yysx+n5yqb82T6a6hla/bhFh+gG+uW69g2asybWf0CLo78p7cEU
 /iNa+z7bcB3CQ3wZR3EWHIp5lpxx/D1P7MrIQrkhX2g8ntVufB8x/1wF/waDOiIEcxxAxaOj8lp
 c
X-Received: by 2002:a5d:6ac8:0:b0:35f:d70:6193 with SMTP id
 ffacd0b85a97d-36b5d08b2b8mr6428959f8f.41.1722332432253;
 Tue, 30 Jul 2024 02:40:32 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.31
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:32 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 19/21] target/i386: Remove dead assignment to ss in
 do_interrupt64()
Date: Tue, 30 Jul 2024 10:40:18 +0100
Message-Id: <20240730094020.2758637-20-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::434;
 envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x434.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

Coverity points out that in do_interrupt64() in the "to inner
privilege" codepath we set "ss = 0", but because we also set
"new_stack = 1" there, later in the function we will always override
that value of ss with "ss = 0 | dpl".

Remove the unnecessary initialization of ss, which allows us to
reduce the scope of the variable to only where it is used.  Borrow a
comment from helper_lcall_protected() that explains what "0 | dpl"
means here.

Resolves: Coverity CID 1527395
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240723162525.1585743-1-peter.maydell@linaro.org
---
 target/i386/tcg/seg_helper.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c
index aac092a356b..bab552cd535 100644
--- a/target/i386/tcg/seg_helper.c
+++ b/target/i386/tcg/seg_helper.c
@@ -926,7 +926,7 @@ static void do_interrupt64(CPUX86State *env, int intno, int is_int,
     target_ulong ptr;
     int type, dpl, selector, cpl, ist;
     int has_error_code, new_stack;
-    uint32_t e1, e2, e3, ss, eflags;
+    uint32_t e1, e2, e3, eflags;
     target_ulong old_eip, offset;
     bool set_rf;
     StackAccess sa;
@@ -1007,7 +1007,6 @@ static void do_interrupt64(CPUX86State *env, int intno, int is_int,
         /* to inner privilege */
         new_stack = 1;
         sa.sp = get_rsp_from_tss(env, ist != 0 ? ist + 3 : dpl);
-        ss = 0;
     } else {
         /* to same privilege */
         if (env->eflags & VM_MASK) {
@@ -1040,7 +1039,7 @@ static void do_interrupt64(CPUX86State *env, int intno, int is_int,
     env->eflags &= ~(TF_MASK | VM_MASK | RF_MASK | NT_MASK);
 
     if (new_stack) {
-        ss = 0 | dpl;
+        uint32_t ss = 0 | dpl; /* SS = NULL selector with RPL = new CPL */
         cpu_x86_load_seg_cache(env, R_SS, ss, 0, 0, dpl << DESC_DPL_SHIFT);
     }
     env->regs[R_ESP] = sa.sp;

From patchwork Tue Jul 30 09:40:19 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815287
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp215423wrs;
 Tue, 30 Jul 2024 02:42:33 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCUQYgIaW/lE/HGfNZ2/fh5TXMRdzzOHK/9dU/dzys3jDtAP2r9SFIWlSZ6WeV+H8VdEmZUmb2yBbMUZaSu+lmAI
X-Google-Smtp-Source: AGHT+IHOuNYvARpeYC6jcE5ivoppwDbeQT+zUq+jUBMA0IIM3yNtghZxqsHW4x5xETMJzcRaOYAW
X-Received: by 2002:a9d:7354:0:b0:703:6093:e289 with SMTP id
 46e09a7af769-70940c7072fmr10950061a34.21.1722332553120;
 Tue, 30 Jul 2024 02:42:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332553; cv=none;
 d=google.com; s=arc-20160816;
 b=FU9YJhAHWC1wtUmf/dMQh21haEYacZh796XPdkWRvOSuNYXt4cVO7Kh7gpoAHXhYbk
 aNfbslB5fAB/SPiSaF1SzFK2P60ClSNkX57koM/YxDa4Er9UPrjChVYS8AhRHc2tqz+O
 uIdxbxM48WOCHwkbolvAWj2/rZKrnsPZ/LAoxhM6Y+8P02Q19oDSh3Ilsmde/r97CnjA
 48bFz+6rg9BXWA/tR+LOmb+oX+LNuJV/tBbc0IguNmJ6/Lb/UpferfdjmoOW7ZuypsgO
 RRipJewfYkwIs8o+sdWu3NUozNt8QvXKsq5rSNPvV8zB8tnlgkV8ejiL5MGVO/TzC/E/
 yCmA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=/p7od16yWan/HDEkGj2xKqznwD/3Uyvk/bZAOed461U=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=NtcW1mTSsStNp7PfU+pULap0emJCepjmZgMFNYBmQlakAv2ntlDwyT53dCC3lNfOYo
 39q00thx7C4glJ8FJfl8tUtJOAYsgH6zvBXsXW4VBSg0kSNLfIuGN245vZmiSw/bUla2
 3wCALCLRgsH+l2O+xrHQfJ68uRyIYunAAhH/5tGHCtPkqVXz6Une5wjnHAgRkIcr/A6i
 LVJfnasBIWAZMWr0P2YnaNXZZ3dSA8fGNuUo6HUj1HncU6v81ItJjWmfTQHHvmTrZ0Oq
 Z/yznMH4jVOChioPlptSze4U++1INtlnw02bmFs4KERaBeN74lLg6lKxD4fImyiratIs
 AWbQ==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=aGWOjwOl;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 af79cd13be357-7a1d7462a90si1229989285a.482.2024.07.30.02.42.32
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:42:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=aGWOjwOl;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLS-000464-Ce; Tue, 30 Jul 2024 05:40:38 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLP-0003vj-LE
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:35 -0400
Received: from mail-wm1-x334.google.com ([2a00:1450:4864:20::334])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLO-0000df-3N
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:35 -0400
Received: by mail-wm1-x334.google.com with SMTP id
 5b1f17b1804b1-4280bca3960so25368305e9.3
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332433; x=1722937233; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=/p7od16yWan/HDEkGj2xKqznwD/3Uyvk/bZAOed461U=;
 b=aGWOjwOlSK8J+sC6ZJFJL5xn4uDPoP2r9y+PnjvTm4AiZrhZEdYkqUwA+Za0qNBgef
 WJ4bEqSlF8CEJlfaodpfX6k6MJj00QxMAt7q6NmXRAy/iBHts9Zh3EZ7kKvMQ1qNs4yy
 gfaNauvpvfljZcWLbWsSK4WhrJW1+TDVnX/RpYMw5qpYR++DHUjwC21EC63Nsv/jFr6l
 DjGrkxGYluRrJ/FJE5tabXp+pMvt9gJEv5REwdtgc3x/x2EzLVXftcksZVCm9UYBaTup
 G89y0viz8OOUgU75D0yU4PWhOND9MPEuYJ0gP0r6jsEFw5Nr1xoMB2uXsoz7ogdjuk4m
 n1hQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332433; x=1722937233;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=/p7od16yWan/HDEkGj2xKqznwD/3Uyvk/bZAOed461U=;
 b=RJn3A0AtQqd96/3C3V8kCfv3cIFWTK2/wD3CaHLlyW8+clAlS550NFKy4OxwBm5x6C
 070JuaVaKbVV9eKkIKcqAzXkp6O17puNpqyZgr8Qw3thq9YzBVKKp7h9xuscrklpaCoq
 hZ/JWtuw3aQ7y/SkX56Bf8RmSbISfNjbEXk1QAbDHFBoBXBCg1uf345Bgxy88TpEajW9
 RudyEVbaIBYwerDg5NuWv52nWYomfDHUQjaTHWLGgJDNMmEriba8+brpqre52pPuOy7m
 XaC+rZeA6tlZh6wu5/mLaXKagsHY/eDWURxxoIMGhp8wQJpulOm3LVPp7klO0U2xwWcj
 V17g==
X-Gm-Message-State: AOJu0YyDzzjo/QlqYcV/viywDfQJz5mjikfL34D7V8XoS8LGNn0ZOXsB
 yC6p6SgI1Dtghd3F22FmaEM0oKpGDiRgDPpLq1J4LItteCnxYbu5oYGvAu8uuZ7L/Cw6csMssjc
 V
X-Received: by 2002:a05:600c:6dce:b0:427:985b:178b with SMTP id
 5b1f17b1804b1-42811d871a4mr68531495e9.16.1722332432646;
 Tue, 30 Jul 2024 02:40:32 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.32
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:32 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 20/21] target/sh4: Avoid shift into sign bit in
 update_itlb_use()
Date: Tue, 30 Jul 2024 10:40:19 +0100
Message-Id: <20240730094020.2758637-21-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::334;
 envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x334.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

In update_itlb_use() the variables or_mask and and_mask are uint8_t,
which means that in expressions like "and_mask << 24" the usual C
arithmetic conversions will result in the shift being done as a
signed int type, and so we will shift into the sign bit. For QEMU
this isn't undefined behaviour because we use -fwrapv; but we can
avoid it anyway by using uint32_t types for or_mask and and_mask.

Resolves: Coverity CID 1547628
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-id: 20240723172431.1757296-1-peter.maydell@linaro.org
---
 target/sh4/helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/sh4/helper.c b/target/sh4/helper.c
index 67029106277..9659c695504 100644
--- a/target/sh4/helper.c
+++ b/target/sh4/helper.c
@@ -187,7 +187,7 @@ void superh_cpu_do_interrupt(CPUState *cs)
 
 static void update_itlb_use(CPUSH4State * env, int itlbnb)
 {
-    uint8_t or_mask = 0, and_mask = (uint8_t) - 1;
+    uint32_t or_mask = 0, and_mask = 0xff;
 
     switch (itlbnb) {
     case 0:

From patchwork Tue Jul 30 09:40:20 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 815297
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp215908wrs;
 Tue, 30 Jul 2024 02:44:29 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCVfR6NkMYiPkbSOjR3di9tboorTHedAvBFEAIudI6ynJD/iY0ktYoV1yQTPCUro3EqSb0kYnMdAaFkjgkSGkALr
X-Google-Smtp-Source: AGHT+IEfXCYLjCFR6GEWWvQYBRGkIvRRxTgBEoCvPqmW8XB0UK6it0ABuenzDs2WnMO6Q2YffiMf
X-Received: by 2002:a05:6359:7c1f:b0:1ad:1ab6:b7d7 with SMTP id
 e5c5f4694b2df-1addc15997cmr1169819555d.12.1722332669026;
 Tue, 30 Jul 2024 02:44:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722332668; cv=none;
 d=google.com; s=arc-20160816;
 b=s2m2AzfwqLrU0BhyCSmeJthKbmIDS+XrTCeX1n8LnWI1d4tszD69n8jdut+UHHTs0X
 7x4zTtDGVLaE2tY59ahOe9obVei9wqf9hUdOWY9BXObgnD+6MXrTcf67lbemPdiSEwOD
 gTj/Gwsvo7SgdVNItGy7MI4xZKfCoBhNju4zwndFbmLAkiJNvO7mAlzHHETQeA4jaB3g
 B89BtaZtqJHeyZSXGb99nx/8kJfp2vlENjY8jnUMmtcfnATq58190hGrhXdcd2+iDgEA
 fJ6uzvRj+bifKIv+X3nyMZCKIeNtpvaXbHj7eUVelDSv9BuPlFC1axs/+E7ZTqAX2B2t
 lbfA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=jfxWTbmPHfPItv3Jo669wf0TJh+oQpU/CHJm1l2IvZY=;
 fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=;
 b=JTOwlPsHISCWoTNOIQDD7JEkgJ4IOmuOfYH5iyXr2ilqZC3VTPEGoFT7eodEUa5SM0
 hVneDx6TNhF91p3w7k5MdMlkdKnWilK/cdPgBVnhB2CEIOKbKiUmkYw3qKFRMmJ9SUEk
 Nxdq/4UKt9fqO+a3QbU/MR7Bt9nsSzewxjgLKJ4bSfcIv8HVPbGQfljgob9BE19ORlak
 m0/jv9mCHEFL3bF6CQfz0P6316i6mYt8dsErigYx8HkOJFJmwWZXSwsYkaiw/icfHnVu
 bheLEJ/DHDPjgX3k2uW5SnYLfaJcHUW2a0YPmNZJLmmKZky9P26B7swbad6pYRQP/QgJ
 mgGA==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=f3x38ekk;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 6a1803df08f44-6bb3f8cbfa3si120217166d6.109.2024.07.30.02.44.28
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 30 Jul 2024 02:44:28 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=f3x38ekk;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sYjLR-00044e-RB; Tue, 30 Jul 2024 05:40:37 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLQ-0003y0-6Z
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:36 -0400
Received: from mail-wr1-x42e.google.com ([2a00:1450:4864:20::42e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <peter.maydell@linaro.org>)
 id 1sYjLO-0000eC-G1
 for qemu-devel@nongnu.org; Tue, 30 Jul 2024 05:40:35 -0400
Received: by mail-wr1-x42e.google.com with SMTP id
 ffacd0b85a97d-3684bea9728so2289809f8f.3
 for <qemu-devel@nongnu.org>; Tue, 30 Jul 2024 02:40:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1722332433; x=1722937233; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=jfxWTbmPHfPItv3Jo669wf0TJh+oQpU/CHJm1l2IvZY=;
 b=f3x38ekkwj/oKWFcFQEGzkUITXRcmlvJWTMZTO+sBE7c4qAZrvww9P86Np+PexAy7G
 /DivMIrFh9p/u4q+oXZYEVQ3dVX3Ajb/4bNz+ZNyd7uOZ1qr3Gv0obvHiLyzaQTZFCUJ
 KhtbWluwB3WeCp0k4/G7fc3H4umMuTTiWo83xN4k+RDcmGETZjIFYS3/+k9CLAUBf3PM
 uUsjPC6D3ktEMspJfYGvVAzL3XJD8SMo/U014sVylh9ngOpY6LYWauvVFYwLHljMDh8A
 YbCNXAW7PDuJnNrT7QOYO3XFusDWYFKrbCNBgeBDDy8Md8+po0VmDWttLAGJA6N9Lkkz
 +dfw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722332433; x=1722937233;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=jfxWTbmPHfPItv3Jo669wf0TJh+oQpU/CHJm1l2IvZY=;
 b=vbaD8wANyuFgSwXKHw9eEjdy49PxqbB52Xh+dZPpxmdJf88RDJrUJTah+GvsmaBYvq
 Au55G1OPt+Voe9U+1bQr587iyRnDrJWgFhcmSoZfT7j1HkbR7Wm6J/iF6nCKubmIeYpt
 LnBPcjLT5Ga+cxADnyJcwUwAhNgjWcXjxtRP7JP5e7OxplHlM0UDcfcL/Y/022hJ279a
 u0+WY67X4tnZAOk2LGhlDxeih+pCTfGMToJeOyU5l/zMHmPR/kgX8WE+2FX20sgyDYaA
 Npj6CyDnauHl6s6k7SpyKyu2Peb4WUXZDh352Yc7ZxblVGx9RPOLDsenP4vUpRr1szZ8
 QRTg==
X-Gm-Message-State: AOJu0YxK3/6PH0e6FUqiQ4FuDOAmRAuUlEV70IzPDz6I3LccLLBSvOVs
 qg2ViJBVBdUThyPV+TPP1aQ6akCggz4XuuoFldINx/eC3/E388re0G+mTJFgbQZfC54H5k0ZK/P
 B
X-Received: by 2002:a05:6000:1546:b0:368:420e:b790 with SMTP id
 ffacd0b85a97d-36b5cef8f76mr8545304f8f.14.1722332433088;
 Tue, 30 Jul 2024 02:40:33 -0700 (PDT)
Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-36b36862549sm14194974f8f.106.2024.07.30.02.40.32
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Jul 2024 02:40:32 -0700 (PDT)
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 21/21] system/physmem: Where we assume we have a RAM MR,
 assert it
Date: Tue, 30 Jul 2024 10:40:20 +0100
Message-Id: <20240730094020.2758637-22-peter.maydell@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240730094020.2758637-1-peter.maydell@linaro.org>
References: <20240730094020.2758637-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::42e;
 envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x42e.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

In the functions invalidate_and_set_dirty() and
cpu_physical_memory_snapshot_and_clear_dirty(), we assume that we
are dealing with RAM memory regions. In this case we know that
memory_region_get_ram_addr() will succeed. Assert this before we
use the returned ram_addr_t in arithmetic.

This makes Coverity happier about these functions: it otherwise
complains that we might have an arithmetic overflow that stems
from the possible -1 return from memory_region_get_ram_addr().

Resolves: Coverity CID 1547629, 1547715

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-id: 20240723170513.1676453-1-peter.maydell@linaro.org
---
 system/physmem.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/system/physmem.c b/system/physmem.c
index 0e19186e1b4..94600a33ec3 100644
--- a/system/physmem.c
+++ b/system/physmem.c
@@ -923,13 +923,19 @@ DirtyBitmapSnapshot *cpu_physical_memory_snapshot_and_clear_dirty
     (MemoryRegion *mr, hwaddr offset, hwaddr length, unsigned client)
 {
     DirtyMemoryBlocks *blocks;
-    ram_addr_t start = memory_region_get_ram_addr(mr) + offset;
+    ram_addr_t start, first, last;
     unsigned long align = 1UL << (TARGET_PAGE_BITS + BITS_PER_LEVEL);
-    ram_addr_t first = QEMU_ALIGN_DOWN(start, align);
-    ram_addr_t last  = QEMU_ALIGN_UP(start + length, align);
     DirtyBitmapSnapshot *snap;
     unsigned long page, end, dest;
 
+    start = memory_region_get_ram_addr(mr);
+    /* We know we're only called for RAM MemoryRegions */
+    assert(start != RAM_ADDR_INVALID);
+    start += offset;
+
+    first = QEMU_ALIGN_DOWN(start, align);
+    last  = QEMU_ALIGN_UP(start + length, align);
+
     snap = g_malloc0(sizeof(*snap) +
                      ((last - first) >> (TARGET_PAGE_BITS + 3)));
     snap->start = first;
@@ -2659,7 +2665,11 @@ static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
                                      hwaddr length)
 {
     uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
-    addr += memory_region_get_ram_addr(mr);
+    ram_addr_t ramaddr = memory_region_get_ram_addr(mr);
+
+    /* We know we're only called for RAM MemoryRegions */
+    assert(ramaddr != RAM_ADDR_INVALID);
+    addr += ramaddr;
 
     /* No early return if dirty_log_mask is or becomes 0, because
      * cpu_physical_memory_set_dirty_range will still call