* [PULL 00/12] Hppa updates qemu v11 patches
@ 2025-12-23 15:50 deller
2025-12-23 15:50 ` [PULL 02/12] scsi: ncr710: Add null pointer checks deller
` (11 more replies)
0 siblings, 12 replies; 18+ messages in thread
From: deller @ 2025-12-23 15:50 UTC (permalink / raw)
To: qemu-devel
Cc: Soumyajyotii Ssarkar, Paolo Bonzini, Helge Deller, Sven Schnelle,
Philippe Mathieu-Daudé, Richard Henderson, Fam Zheng
From: Helge Deller <deller@gmx.de>
The following changes since commit 8dd5bceb2f9cc58481e9d22355a8d998220896de:
Open 11.0 development tree (2025-12-23 14:45:38 +1100)
are available in the Git repository at:
https://github.com/hdeller/qemu-hppa.git tags/hppa-updates-qemu-v11-pull-request
for you to fetch changes up to b2c2d00f48cc5f4486cfba33b505ff86d79cb137:
target/hppa: add 64 bit support to gdbstub (2025-12-23 16:41:56 +0100)
----------------------------------------------------------------
Please pull fixes and updates for the parisc architecture:
- New SeaBIOS-hppa v21 mit fixes for 715 machine
- ncr710 fixes for NetBSD and HP-UX on 715 machine
- 64-bit gdb support
Thanks!
Helge
----------------------------------------------------------------
Helge Deller (1):
target/hppa: Update SeaBIOS-hppa to version 21
Soumyajyotii Ssarkar (10):
scsi: ncr710: Add null pointer checks
scsi: ncr710: Fix use after free in command_complete
scsi: ncr710: Fix interrupt related register handing
scsi: ncr710: Fix DMA State machine and flow control
scsi: ncr710: Fix table indirect addressing endianness
scsi: ncr710: Mark command complete in status phase and fix disconnect
scsi: ncr710: Add LUN scanning
scsi: ncr710: Simplify disconnect handling
scsi: ncr710: Fix DSA register
scsi: ncr710: Fix CTEST FIFO status
Sven Schnelle (1):
target/hppa: add 64 bit support to gdbstub
hw/scsi/ncr53c710.c | 93 +++++++++++++++++++++++++++---------
pc-bios/hppa-firmware.img | Bin 630644 -> 628952 bytes
pc-bios/hppa-firmware64.img | Bin 700304 -> 692032 bytes
roms/seabios-hppa | 2 +-
target/hppa/gdbstub.c | 62 ++++++++++++++++--------
5 files changed, 112 insertions(+), 45 deletions(-)
--
2.52.0
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PULL 02/12] scsi: ncr710: Add null pointer checks
2025-12-23 15:50 [PULL 00/12] Hppa updates qemu v11 patches deller
@ 2025-12-23 15:50 ` deller
2025-12-23 15:50 ` [PULL 03/12] scsi: ncr710: Fix use after free in command_complete deller
` (10 subsequent siblings)
11 siblings, 0 replies; 18+ messages in thread
From: deller @ 2025-12-23 15:50 UTC (permalink / raw)
To: qemu-devel
Cc: Soumyajyotii Ssarkar, Paolo Bonzini, Helge Deller, Sven Schnelle,
Philippe Mathieu-Daudé, Richard Henderson, Fam Zheng
From: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Add nullpointer safety checks in ncr710_request_free() and
ncr710_request_cancelled() to prevent crashed while handing invalid req
structures.
Added to preventing memory corruption, which occured during device
initialization.
Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---
hw/scsi/ncr53c710.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/hw/scsi/ncr53c710.c b/hw/scsi/ncr53c710.c
index 47a6983491..bab2ea7210 100644
--- a/hw/scsi/ncr53c710.c
+++ b/hw/scsi/ncr53c710.c
@@ -737,6 +737,12 @@ static void ncr710_add_msg_byte(NCR710State *s, uint8_t data)
static void ncr710_request_free(NCR710State *s, NCR710Request *p)
{
+ if (!p) {
+ return;
+ }
+ if (p->req && p->req->hba_private == p) {
+ p->req->hba_private = NULL;
+ }
if (p == s->current) {
s->current = NULL;
}
@@ -747,8 +753,11 @@ void ncr710_request_cancelled(SCSIRequest *req)
{
NCR710State *s = ncr710_from_scsi_bus(req->bus);
NCR710Request *p = (NCR710Request *)req->hba_private;
- req->hba_private = NULL;
- ncr710_request_free(s, p);
+ if (p) {
+ req->hba_private = NULL;
+ p->req = NULL;
+ ncr710_request_free(s, p);
+ }
scsi_req_unref(req);
}
--
2.52.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PULL 03/12] scsi: ncr710: Fix use after free in command_complete
2025-12-23 15:50 [PULL 00/12] Hppa updates qemu v11 patches deller
2025-12-23 15:50 ` [PULL 02/12] scsi: ncr710: Add null pointer checks deller
@ 2025-12-23 15:50 ` deller
2025-12-23 15:50 ` [PULL 04/12] scsi: ncr710: Fix interrupt related register handing deller
` (9 subsequent siblings)
11 siblings, 0 replies; 18+ messages in thread
From: deller @ 2025-12-23 15:50 UTC (permalink / raw)
To: qemu-devel
Cc: Soumyajyotii Ssarkar, Paolo Bonzini, Helge Deller, Sven Schnelle,
Philippe Mathieu-Daudé, Richard Henderson, Fam Zheng
From: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Add proper hba_private pointer cleanup in ncr710_command_complete.
This prevents use after free errors from occuring.
This was causing memory corruption in NetBSD device initialization
when commands complete and the request structures were freed while
still being referenced.
Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---
hw/scsi/ncr53c710.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/hw/scsi/ncr53c710.c b/hw/scsi/ncr53c710.c
index bab2ea7210..ac1ca4cef8 100644
--- a/hw/scsi/ncr53c710.c
+++ b/hw/scsi/ncr53c710.c
@@ -798,7 +798,13 @@ void ncr710_command_complete(SCSIRequest *req, size_t resid)
ncr710_set_phase(s, PHASE_ST);
- if (req->hba_private == s->current) {
+ if (p) {
+ req->hba_private = NULL;
+ if (p == s->current) {
+ p->req = NULL;
+ } else {
+ ncr710_request_free(s, p);
+ }
scsi_req_unref(req);
}
--
2.52.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PULL 04/12] scsi: ncr710: Fix interrupt related register handing
2025-12-23 15:50 [PULL 00/12] Hppa updates qemu v11 patches deller
2025-12-23 15:50 ` [PULL 02/12] scsi: ncr710: Add null pointer checks deller
2025-12-23 15:50 ` [PULL 03/12] scsi: ncr710: Fix use after free in command_complete deller
@ 2025-12-23 15:50 ` deller
2025-12-23 15:50 ` [PULL 05/12] scsi: ncr710: Fix DMA State machine and flow control deller
` (8 subsequent siblings)
11 siblings, 0 replies; 18+ messages in thread
From: deller @ 2025-12-23 15:50 UTC (permalink / raw)
To: qemu-devel
Cc: Soumyajyotii Ssarkar, Paolo Bonzini, Helge Deller, Sven Schnelle,
Philippe Mathieu-Daudé, Richard Henderson, Fam Zheng
From: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
These fixes ensure proper interrupt signaling and status
register behavior during SCSI operations:
- Mask DFE bit in ncr710_update_irq()
- Remove manual ISTAT_DIP clearing, let ncr710_update_irq()
handle it consistently
- Fix SSTAT0 read to clear unconditionally when non zero
- Fix SSTAT2 read was returning DSTAT instead
- Preserve DFE status bit when clearing DSTAT
Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Tested-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---
hw/scsi/ncr53c710.c | 15 +++------------
1 file changed, 3 insertions(+), 12 deletions(-)
diff --git a/hw/scsi/ncr53c710.c b/hw/scsi/ncr53c710.c
index ac1ca4cef8..0b7734a129 100644
--- a/hw/scsi/ncr53c710.c
+++ b/hw/scsi/ncr53c710.c
@@ -593,7 +593,7 @@ static void ncr710_update_irq(NCR710State *s)
{
int level = 0;
- if (s->dstat) {
+ if (s->dstat & ~NCR710_DSTAT_DFE) {
if (s->dstat & s->dien) {
level = 1;
}
@@ -1785,7 +1785,6 @@ static uint8_t ncr710_reg_readb(NCR710State *s, int offset)
}
s->dstat = 0; /* Clear all DMA interrupt status bits */
s->dstat |= NCR710_DSTAT_DFE;
- s->istat &= ~NCR710_ISTAT_DIP;
ncr710_update_irq(s);
if (s->waiting == NCR710_WAIT_RESELECT && s->current &&
@@ -1811,7 +1810,7 @@ static uint8_t ncr710_reg_readb(NCR710State *s, int offset)
return ret;
case NCR710_SSTAT0_REG: /* SSTAT0 */
ret = s->sstat0;
- if (s->sstat0 != 0 && !(s->sstat0 & NCR710_SSTAT0_STO)) {
+ if (s->sstat0 != 0) {
s->sstat0 = 0;
s->istat &= ~NCR710_ISTAT_SIP;
ncr710_update_irq(s);
@@ -1824,14 +1823,7 @@ static uint8_t ncr710_reg_readb(NCR710State *s, int offset)
ret = s->sstat0;
break;
case NCR710_SSTAT2_REG: /* SSTAT2 */
- ret = s->dstat;
-
- if (s->dstat & NCR710_DSTAT_SIR) {
- /* SIR bit processing */
- }
- s->dstat = 0;
- s->istat &= ~NCR710_ISTAT_DIP;
- ncr710_update_irq(s);
+ ret = s->sstat2;
break;
CASE_GET_REG32(dsa, NCR710_DSA_REG)
break;
@@ -1902,7 +1894,6 @@ static uint8_t ncr710_reg_readb(NCR710State *s, int offset)
if (s->dsps == GOOD_STATUS_AFTER_STATUS &&
(s->dstat & NCR710_DSTAT_SIR)) {
s->dstat &= ~NCR710_DSTAT_SIR;
- s->istat &= ~NCR710_ISTAT_DIP;
ncr710_update_irq(s);
}
break;
--
2.52.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PULL 05/12] scsi: ncr710: Fix DMA State machine and flow control
2025-12-23 15:50 [PULL 00/12] Hppa updates qemu v11 patches deller
` (2 preceding siblings ...)
2025-12-23 15:50 ` [PULL 04/12] scsi: ncr710: Fix interrupt related register handing deller
@ 2025-12-23 15:50 ` deller
2025-12-23 15:50 ` [PULL 06/12] scsi: ncr710: Fix table indirect addressing endianness deller
` (7 subsequent siblings)
11 siblings, 0 replies; 18+ messages in thread
From: deller @ 2025-12-23 15:50 UTC (permalink / raw)
To: qemu-devel
Cc: Soumyajyotii Ssarkar, Paolo Bonzini, Helge Deller, Sven Schnelle,
Philippe Mathieu-Daudé, Richard Henderson, Fam Zheng
From: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Set waiting state and return after scsi_req_continue() to prevent
re entrancy when DMA transfer completes.
Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---
hw/scsi/ncr53c710.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/scsi/ncr53c710.c b/hw/scsi/ncr53c710.c
index 0b7734a129..e17d1f3fb8 100644
--- a/hw/scsi/ncr53c710.c
+++ b/hw/scsi/ncr53c710.c
@@ -718,7 +718,9 @@ static void ncr710_do_dma(NCR710State *s, int out)
if (s->current->dma_len == 0) {
s->current->dma_buf = NULL;
s->current->pending = 0;
+ s->waiting = NCR710_WAIT_DMA;
scsi_req_continue(s->current->req);
+ return;
} else {
s->current->dma_buf += count;
s->waiting = NCR710_WAIT_NONE;
--
2.52.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PULL 06/12] scsi: ncr710: Fix table indirect addressing endianness
2025-12-23 15:50 [PULL 00/12] Hppa updates qemu v11 patches deller
` (3 preceding siblings ...)
2025-12-23 15:50 ` [PULL 05/12] scsi: ncr710: Fix DMA State machine and flow control deller
@ 2025-12-23 15:50 ` deller
2025-12-23 15:50 ` [PULL 07/12] scsi: ncr710: Mark command complete in status phase and fix disconnect deller
` (6 subsequent siblings)
11 siblings, 0 replies; 18+ messages in thread
From: deller @ 2025-12-23 15:50 UTC (permalink / raw)
To: qemu-devel
Cc: Soumyajyotii Ssarkar, Paolo Bonzini, Helge Deller, Sven Schnelle,
Philippe Mathieu-Daudé, Richard Henderson, Fam Zheng
From: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Correct the endianness conversion for table indirect addressing and
use be32_to_cpu() instead of cpu_to_le32().
This fix descriptor table parsing when using indirect addressing modes
in SCRIPTS.
Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---
hw/scsi/ncr53c710.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/scsi/ncr53c710.c b/hw/scsi/ncr53c710.c
index e17d1f3fb8..4b42fab754 100644
--- a/hw/scsi/ncr53c710.c
+++ b/hw/scsi/ncr53c710.c
@@ -1355,8 +1355,8 @@ again:
offset = sextract32(addr, 0, 24);
ncr710_dma_read(s, s->dsa + offset, buf, 8);
/* byte count is stored in bits 0:23 only */
- s->dbc = cpu_to_le32(buf[0]) & 0xffffff;
- addr = cpu_to_le32(buf[1]);
+ s->dbc = be32_to_cpu(buf[0]) & 0xffffff;
+ addr = be32_to_cpu(buf[1]);
}
/* Check phase match for block move instructions */
if ((s->sstat2 & PHASE_MASK) != ((insn >> 24) & 7)) {
--
2.52.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PULL 07/12] scsi: ncr710: Mark command complete in status phase and fix disconnect
2025-12-23 15:50 [PULL 00/12] Hppa updates qemu v11 patches deller
` (4 preceding siblings ...)
2025-12-23 15:50 ` [PULL 06/12] scsi: ncr710: Fix table indirect addressing endianness deller
@ 2025-12-23 15:50 ` deller
2025-12-23 15:50 ` [PULL 08/12] scsi: ncr710: Add LUN scanning deller
` (5 subsequent siblings)
11 siblings, 0 replies; 18+ messages in thread
From: deller @ 2025-12-23 15:50 UTC (permalink / raw)
To: qemu-devel
Cc: Soumyajyotii Ssarkar, Paolo Bonzini, Helge Deller, Sven Schnelle,
Philippe Mathieu-Daudé, Richard Henderson, Fam Zheng
From: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Set command_complete flag after status_phase and use_phase_clearing,
instead of full disconnect during message processing.
Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Reviewed-by: Helge Deller <deller@gmx.de>
Tested-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---
hw/scsi/ncr53c710.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/scsi/ncr53c710.c b/hw/scsi/ncr53c710.c
index 4b42fab754..3d7318c12e 100644
--- a/hw/scsi/ncr53c710.c
+++ b/hw/scsi/ncr53c710.c
@@ -997,6 +997,7 @@ static void ncr710_do_status(NCR710State *s)
ncr710_set_phase(s, PHASE_MI);
s->msg_action = NCR710_MSG_ACTION_DISCONNECT;
ncr710_add_msg_byte(s, 0); /* COMMAND COMPLETE */
+ s->command_complete = NCR710_CMD_COMPLETE;
}
static void ncr710_do_msgin(NCR710State *s)
@@ -1041,7 +1042,7 @@ static void ncr710_do_msgin(NCR710State *s)
ncr710_set_phase(s, PHASE_CO);
break;
case NCR710_MSG_ACTION_DISCONNECT:
- ncr710_disconnect(s);
+ s->sstat2 &= ~PHASE_MASK;
break;
case NCR710_MSG_ACTION_DATA_OUT:
ncr710_set_phase(s, PHASE_DO);
--
2.52.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PULL 08/12] scsi: ncr710: Add LUN scanning
2025-12-23 15:50 [PULL 00/12] Hppa updates qemu v11 patches deller
` (5 preceding siblings ...)
2025-12-23 15:50 ` [PULL 07/12] scsi: ncr710: Mark command complete in status phase and fix disconnect deller
@ 2025-12-23 15:50 ` deller
2025-12-23 15:50 ` [PULL 09/12] scsi: ncr710: Simplify disconnect handling deller
` (4 subsequent siblings)
11 siblings, 0 replies; 18+ messages in thread
From: deller @ 2025-12-23 15:50 UTC (permalink / raw)
To: qemu-devel
Cc: Soumyajyotii Ssarkar, Paolo Bonzini, Helge Deller, Sven Schnelle,
Philippe Mathieu-Daudé, Richard Henderson, Fam Zheng
From: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Add multi LUN support by scanning all 8 LUNs when ANT bit is set.
Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Tested-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---
hw/scsi/ncr53c710.c | 24 +++++++++++++++++++++++-
1 file changed, 23 insertions(+), 1 deletion(-)
diff --git a/hw/scsi/ncr53c710.c b/hw/scsi/ncr53c710.c
index 3d7318c12e..277aa2c3d3 100644
--- a/hw/scsi/ncr53c710.c
+++ b/hw/scsi/ncr53c710.c
@@ -1422,8 +1422,30 @@ again:
s->dsp = s->dnad;
break;
}
- } else if (!scsi_device_find(&s->bus, 0, idbitstonum(id), 0)) {
+ }
+ bool device_exists = false;
+ if (insn & (1 << 24)) {
+ /* ATN set - scan all LUNs for this target */
+ for (int lun = 0; lun < 8; lun++) {
+ SCSIDevice *dev = scsi_device_find(&s->bus, 0,
+ idbitstonum(id),
+ lun);
+ if (dev) {
+ device_exists = true;
+ break;
+ }
+ }
+ } else {
+ /* No ATN - check only LUN 0 */
+ SCSIDevice *dev = scsi_device_find(&s->bus, 0,
+ idbitstonum(id), 0);
+ device_exists = dev != NULL;
+ }
+ if (!device_exists) {
ncr710_bad_selection(s, id);
+ if (!(insn & (1 << 24)) && addr != 0) {
+ s->dsp = addr;
+ }
break;
} else {
/*
--
2.52.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PULL 09/12] scsi: ncr710: Simplify disconnect handling
2025-12-23 15:50 [PULL 00/12] Hppa updates qemu v11 patches deller
` (6 preceding siblings ...)
2025-12-23 15:50 ` [PULL 08/12] scsi: ncr710: Add LUN scanning deller
@ 2025-12-23 15:50 ` deller
2025-12-23 15:50 ` [PULL 10/12] scsi: ncr710: Fix DSA register deller
` (3 subsequent siblings)
11 siblings, 0 replies; 18+ messages in thread
From: deller @ 2025-12-23 15:50 UTC (permalink / raw)
To: qemu-devel
Cc: Soumyajyotii Ssarkar, Paolo Bonzini, Helge Deller, Sven Schnelle,
Philippe Mathieu-Daudé, Richard Henderson, Fam Zheng
From: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Simplify disconnect instruction by unconditionally clearing waiting
statements when command completes.
Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Tested-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---
hw/scsi/ncr53c710.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/hw/scsi/ncr53c710.c b/hw/scsi/ncr53c710.c
index 277aa2c3d3..dd453991e0 100644
--- a/hw/scsi/ncr53c710.c
+++ b/hw/scsi/ncr53c710.c
@@ -1469,9 +1469,7 @@ again:
if (s->command_complete != NCR710_CMD_PENDING) {
s->scntl1 &= ~NCR710_SCNTL1_CON;
s->istat &= ~NCR710_ISTAT_CON;
- if (s->waiting == NCR710_WAIT_RESELECT) {
- s->waiting = NCR710_WAIT_NONE;
- }
+ s->waiting = NCR710_WAIT_NONE;
} else {
if (s->current) {
s->current->resume_offset = s->dsp;
--
2.52.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PULL 10/12] scsi: ncr710: Fix DSA register
2025-12-23 15:50 [PULL 00/12] Hppa updates qemu v11 patches deller
` (7 preceding siblings ...)
2025-12-23 15:50 ` [PULL 09/12] scsi: ncr710: Simplify disconnect handling deller
@ 2025-12-23 15:50 ` deller
2025-12-23 15:50 ` [PULL 11/12] scsi: ncr710: Fix CTEST FIFO status deller
` (2 subsequent siblings)
11 siblings, 0 replies; 18+ messages in thread
From: deller @ 2025-12-23 15:50 UTC (permalink / raw)
To: qemu-devel
Cc: Soumyajyotii Ssarkar, Paolo Bonzini, Helge Deller, Sven Schnelle,
Philippe Mathieu-Daudé, Richard Henderson, Fam Zheng
From: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Implement bytewise write handling for DSA register instead of using
the macro, as NetBSD driver accesses it byte by byte.
Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Tested-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---
hw/scsi/ncr53c710.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/hw/scsi/ncr53c710.c b/hw/scsi/ncr53c710.c
index dd453991e0..0ea1fc43a3 100644
--- a/hw/scsi/ncr53c710.c
+++ b/hw/scsi/ncr53c710.c
@@ -2078,7 +2078,21 @@ static void ncr710_reg_writeb(NCR710State *s, int offset, uint8_t val)
/* Linux writes to these readonly registers on startup */
return;
- CASE_SET_REG32(dsa, NCR710_DSA_REG)
+ case NCR710_DSA_REG:
+ s->dsa &= 0xffffff00;
+ s->dsa |= val;
+ break;
+ case NCR710_DSA_REG + 1:
+ s->dsa &= 0xffff00ff;
+ s->dsa |= val << 8;
+ break;
+ case NCR710_DSA_REG + 2:
+ s->dsa &= 0xff00ffff;
+ s->dsa |= val << 16;
+ break;
+ case NCR710_DSA_REG + 3:
+ s->dsa &= 0x00ffffff;
+ s->dsa |= val << 24;
break;
case NCR710_CTEST0_REG: /* CTEST0 */
--
2.52.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PULL 11/12] scsi: ncr710: Fix CTEST FIFO status
2025-12-23 15:50 [PULL 00/12] Hppa updates qemu v11 patches deller
` (8 preceding siblings ...)
2025-12-23 15:50 ` [PULL 10/12] scsi: ncr710: Fix DSA register deller
@ 2025-12-23 15:50 ` deller
2025-12-23 15:50 ` [PULL 12/12] target/hppa: add 64 bit support to gdbstub deller
2025-12-28 22:08 ` [PULL 00/12] Hppa updates qemu v11 patches Richard Henderson
11 siblings, 0 replies; 18+ messages in thread
From: deller @ 2025-12-23 15:50 UTC (permalink / raw)
To: qemu-devel
Cc: Soumyajyotii Ssarkar, Paolo Bonzini, Helge Deller, Sven Schnelle,
Philippe Mathieu-Daudé, Richard Henderson, Fam Zheng
From: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Update CTEST1 FIFO status when CTEST8 is written, setting to 0xFF when
FIFO is flushed, otherwise clear to 0x00.
Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Tested-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---
hw/scsi/ncr53c710.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/scsi/ncr53c710.c b/hw/scsi/ncr53c710.c
index 0ea1fc43a3..cdc365478c 100644
--- a/hw/scsi/ncr53c710.c
+++ b/hw/scsi/ncr53c710.c
@@ -2161,7 +2161,11 @@ static void ncr710_reg_writeb(NCR710State *s, int offset, uint8_t val)
if (val & 0x04) {
ncr710_scsi_fifo_init(&s->scsi_fifo);
s->dstat |= NCR710_DSTAT_DFE;
+ s->ctest1 = 0xFF;
+ } else if (s->ctest8 & 0x04) {
+ s->ctest1 = 0x00;
}
+ s->ctest8 = val;
break;
case NCR710_LCRC_REG: /* LCRC */
s->lcrc = val;
--
2.52.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PULL 12/12] target/hppa: add 64 bit support to gdbstub
2025-12-23 15:50 [PULL 00/12] Hppa updates qemu v11 patches deller
` (9 preceding siblings ...)
2025-12-23 15:50 ` [PULL 11/12] scsi: ncr710: Fix CTEST FIFO status deller
@ 2025-12-23 15:50 ` deller
2026-03-10 6:15 ` Philippe Mathieu-Daudé
2025-12-28 22:08 ` [PULL 00/12] Hppa updates qemu v11 patches Richard Henderson
11 siblings, 1 reply; 18+ messages in thread
From: deller @ 2025-12-23 15:50 UTC (permalink / raw)
To: qemu-devel
Cc: Soumyajyotii Ssarkar, Paolo Bonzini, Helge Deller, Sven Schnelle,
Philippe Mathieu-Daudé, Richard Henderson, Fam Zheng
From: Sven Schnelle <svens@stackframe.org>
Signed-off-by: Sven Schnelle <svens@stackframe.org>
Reviewed-by: Helge Deller <deller@gmx.de>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Helge Deller <deller@gmx.de>
---
target/hppa/gdbstub.c | 62 ++++++++++++++++++++++++++++---------------
1 file changed, 41 insertions(+), 21 deletions(-)
diff --git a/target/hppa/gdbstub.c b/target/hppa/gdbstub.c
index 0daa52f7af..777f4a48b9 100644
--- a/target/hppa/gdbstub.c
+++ b/target/hppa/gdbstub.c
@@ -21,16 +21,25 @@
#include "cpu.h"
#include "gdbstub/helpers.h"
-/*
- * GDB 15 only supports PA1.0 via the remote protocol, and ignores
- * any provided xml. Which means that any attempt to provide more
- * data results in "Remote 'g' packet reply is too long".
- */
+static int hppa_num_regs(CPUHPPAState *env)
+{
+ return hppa_is_pa20(env) ? 96 : 128;
+}
+
+static int hppa_reg_size(CPUHPPAState *env)
+{
+ return hppa_is_pa20(env) ? 8 : 4;
+}
int hppa_cpu_gdb_read_register(CPUState *cs, GByteArray *mem_buf, int n)
{
- CPUHPPAState *env = cpu_env(cs);
- uint32_t val;
+ HPPACPU *cpu = HPPA_CPU(cs);
+ CPUHPPAState *env = &cpu->env;
+ target_ulong val;
+
+ if (n >= hppa_num_regs(env)) {
+ return 0;
+ }
switch (n) {
case 0:
@@ -133,24 +142,35 @@ int hppa_cpu_gdb_read_register(CPUState *cs, GByteArray *mem_buf, int n)
val = env->cr[30];
break;
case 64 ... 127:
- val = extract64(env->fr[(n - 64) / 2], (n & 1 ? 0 : 32), 32);
- break;
- default:
- if (n < 128) {
- val = 0;
+ if (hppa_is_pa20(env)) {
+ val = env->fr[n - 64];
} else {
- return 0;
+ val = extract64(env->fr[(n - 64) / 2], (n & 1 ? 0 : 32), 32);
}
break;
+ default:
+ val = 0;
+ break;
}
- return gdb_get_reg32(mem_buf, val);
+ if (hppa_is_pa20(env)) {
+ return gdb_get_reg64(mem_buf, val);
+ } else {
+ return gdb_get_reg32(mem_buf, val);
+ }
}
int hppa_cpu_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n)
{
- CPUHPPAState *env = cpu_env(cs);
- uint32_t val = ldl_p(mem_buf);
+ HPPACPU *cpu = HPPA_CPU(cs);
+ CPUHPPAState *env = &cpu->env;
+ target_ulong val;
+
+ if (n >= hppa_num_regs(env)) {
+ return 0;
+ }
+
+ val = ldn_p(mem_buf, hppa_reg_size(env));
switch (n) {
case 0:
@@ -267,16 +287,16 @@ int hppa_cpu_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n)
cpu_hppa_loaded_fr0(env);
break;
case 65 ... 127:
- {
+ if (hppa_is_pa20(env)) {
+ env->fr[n - 64] = val;
+ } else {
uint64_t *fr = &env->fr[(n - 64) / 2];
*fr = deposit64(*fr, (n & 1 ? 0 : 32), 32, val);
}
break;
default:
- if (n >= 128) {
- return 0;
- }
break;
}
- return 4;
+
+ return hppa_reg_size(env);
}
--
2.52.0
^ permalink raw reply related [flat|nested] 18+ messages in thread
* Re: [PULL 00/12] Hppa updates qemu v11 patches
2025-12-23 15:50 [PULL 00/12] Hppa updates qemu v11 patches deller
` (10 preceding siblings ...)
2025-12-23 15:50 ` [PULL 12/12] target/hppa: add 64 bit support to gdbstub deller
@ 2025-12-28 22:08 ` Richard Henderson
11 siblings, 0 replies; 18+ messages in thread
From: Richard Henderson @ 2025-12-28 22:08 UTC (permalink / raw)
To: deller, qemu-devel
Cc: Soumyajyotii Ssarkar, Paolo Bonzini, Helge Deller, Sven Schnelle,
Philippe Mathieu-Daudé, Fam Zheng
On 12/24/25 02:50, deller@kernel.org wrote:
> From: Helge Deller<deller@gmx.de>
>
> The following changes since commit 8dd5bceb2f9cc58481e9d22355a8d998220896de:
>
> Open 11.0 development tree (2025-12-23 14:45:38 +1100)
>
> are available in the Git repository at:
>
> https://github.com/hdeller/qemu-hppa.git tags/hppa-updates-qemu-v11-pull-request
>
> for you to fetch changes up to b2c2d00f48cc5f4486cfba33b505ff86d79cb137:
>
> target/hppa: add 64 bit support to gdbstub (2025-12-23 16:41:56 +0100)
>
> ----------------------------------------------------------------
> Please pull fixes and updates for the parisc architecture:
>
> - New SeaBIOS-hppa v21 mit fixes for 715 machine
> - ncr710 fixes for NetBSD and HP-UX on 715 machine
> - 64-bit gdb support
Applied, thanks. Please update https://wiki.qemu.org/ChangeLog/11.0 as appropriate.
r~
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PULL 12/12] target/hppa: add 64 bit support to gdbstub
2025-12-23 15:50 ` [PULL 12/12] target/hppa: add 64 bit support to gdbstub deller
@ 2026-03-10 6:15 ` Philippe Mathieu-Daudé
2026-03-10 6:45 ` Sven Schnelle
0 siblings, 1 reply; 18+ messages in thread
From: Philippe Mathieu-Daudé @ 2026-03-10 6:15 UTC (permalink / raw)
To: deller, qemu-devel
Cc: Soumyajyotii Ssarkar, Paolo Bonzini, Helge Deller, Sven Schnelle,
Richard Henderson, Fam Zheng
Hi,
(now merged as commit b2c2d00f48cc5f4486cfba33b505ff86d79cb137)
On 23/12/25 16:50, deller@kernel.org wrote:
> From: Sven Schnelle <svens@stackframe.org>
>
> Signed-off-by: Sven Schnelle <svens@stackframe.org>
> Reviewed-by: Helge Deller <deller@gmx.de>
> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> Signed-off-by: Helge Deller <deller@gmx.de>
> ---
> target/hppa/gdbstub.c | 62 ++++++++++++++++++++++++++++---------------
> 1 file changed, 41 insertions(+), 21 deletions(-)
>
> diff --git a/target/hppa/gdbstub.c b/target/hppa/gdbstub.c
> index 0daa52f7af..777f4a48b9 100644
> --- a/target/hppa/gdbstub.c
> +++ b/target/hppa/gdbstub.c
> @@ -21,16 +21,25 @@
> #include "cpu.h"
> #include "gdbstub/helpers.h"
>
> -/*
> - * GDB 15 only supports PA1.0 via the remote protocol, and ignores
> - * any provided xml. Which means that any attempt to provide more
> - * data results in "Remote 'g' packet reply is too long".
> - */
> +static int hppa_num_regs(CPUHPPAState *env)
> +{
> + return hppa_is_pa20(env) ? 96 : 128;
> +}
> +
> +static int hppa_reg_size(CPUHPPAState *env)
> +{
> + return hppa_is_pa20(env) ? 8 : 4;
> +}
>
> int hppa_cpu_gdb_read_register(CPUState *cs, GByteArray *mem_buf, int n)
> {
> - CPUHPPAState *env = cpu_env(cs);
> - uint32_t val;
> + HPPACPU *cpu = HPPA_CPU(cs);
> + CPUHPPAState *env = &cpu->env;
> + target_ulong val;
> +
> + if (n >= hppa_num_regs(env)) {
> + return 0;
> + }
>
> switch (n) {
> case 0:
> @@ -133,24 +142,35 @@ int hppa_cpu_gdb_read_register(CPUState *cs, GByteArray *mem_buf, int n)
> val = env->cr[30];
> break;
> case 64 ... 127:
> - val = extract64(env->fr[(n - 64) / 2], (n & 1 ? 0 : 32), 32);
> - break;
> - default:
> - if (n < 128) {
> - val = 0;
> + if (hppa_is_pa20(env)) {
> + val = env->fr[n - 64];
Coverity reports:
>>> CID 1645613: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "env->fr" of 32 8-byte elements at element
index 32 (byte offset 263) using index "n - 64" (which evaluates to 32).
> } else {
> - return 0;
> + val = extract64(env->fr[(n - 64) / 2], (n & 1 ? 0 : 32), 32);
> }
> break;
> + default:
> + val = 0;
> + break;
> }
>
> - return gdb_get_reg32(mem_buf, val);
> + if (hppa_is_pa20(env)) {
> + return gdb_get_reg64(mem_buf, val);
> + } else {
> + return gdb_get_reg32(mem_buf, val);
> + }
> }
>
> int hppa_cpu_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n)
> {
> - CPUHPPAState *env = cpu_env(cs);
> - uint32_t val = ldl_p(mem_buf);
> + HPPACPU *cpu = HPPA_CPU(cs);
> + CPUHPPAState *env = &cpu->env;
> + target_ulong val;
> +
> + if (n >= hppa_num_regs(env)) {
> + return 0;
> + }
> +
> + val = ldn_p(mem_buf, hppa_reg_size(env));
>
> switch (n) {
> case 0:
> @@ -267,16 +287,16 @@ int hppa_cpu_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n)
> cpu_hppa_loaded_fr0(env);
> break;
> case 65 ... 127:
> - {
> + if (hppa_is_pa20(env)) {
> + env->fr[n - 64] = val;
Ditto:
>>> CID 1645614: Memory - corruptions (OVERRUN)
>>> Overrunning array "env->fr" of 32 8-byte elements at element
index 32 (byte offset 263) using index "n - 64" (which evaluates to 32).
> + } else {
> uint64_t *fr = &env->fr[(n - 64) / 2];
> *fr = deposit64(*fr, (n & 1 ? 0 : 32), 32, val);
> }
> break;
> default:
> - if (n >= 128) {
> - return 0;
> - }
> break;
> }
> - return 4;
> +
> + return hppa_reg_size(env);
> }
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PULL 12/12] target/hppa: add 64 bit support to gdbstub
2026-03-10 6:15 ` Philippe Mathieu-Daudé
@ 2026-03-10 6:45 ` Sven Schnelle
2026-03-10 7:06 ` Sven Schnelle
0 siblings, 1 reply; 18+ messages in thread
From: Sven Schnelle @ 2026-03-10 6:45 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: deller, qemu-devel, Soumyajyotii Ssarkar, Paolo Bonzini,
Helge Deller, Richard Henderson, Fam Zheng
Philippe Mathieu-Daudé <philmd@linaro.org> writes:
> Hi,
>
> (now merged as commit b2c2d00f48cc5f4486cfba33b505ff86d79cb137)
>
> On 23/12/25 16:50, deller@kernel.org wrote:
>> From: Sven Schnelle <svens@stackframe.org>
>> Signed-off-by: Sven Schnelle <svens@stackframe.org>
>> Reviewed-by: Helge Deller <deller@gmx.de>
>> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
>> Signed-off-by: Helge Deller <deller@gmx.de>
>> ---
>> target/hppa/gdbstub.c | 62
> ++++++++++++++++++++++++++++---------------
>> 1 file changed, 41 insertions(+), 21 deletions(-)
>> diff --git a/target/hppa/gdbstub.c b/target/hppa/gdbstub.c
>> index 0daa52f7af..777f4a48b9 100644
>> --- a/target/hppa/gdbstub.c
>> +++ b/target/hppa/gdbstub.c
>> @@ -21,16 +21,25 @@
>> @@ -133,24 +142,35 @@ int hppa_cpu_gdb_read_register(CPUState *cs,
> GByteArray *mem_buf, int n)
>> val = env->cr[30];
>> break;
>> case 64 ... 127:
>> - val = extract64(env->fr[(n - 64) / 2], (n & 1 ? 0 : 32), 32);
>> - break;
>> - default:
>> - if (n < 128) {
>> - val = 0;
>> + if (hppa_is_pa20(env)) {
>> + val = env->fr[n - 64];
>
> Coverity reports:
>
>>>> CID 1645613: Memory - illegal accesses (OVERRUN)
>>>> Overrunning array "env->fr" of 32 8-byte elements at element
> index 32 (byte offset 263) using index "n - 64" (which
> evaluates to 32).
Yes, there's indeed a check missing wether n is < 96. I'll submit a patch later.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PULL 12/12] target/hppa: add 64 bit support to gdbstub
2026-03-10 6:45 ` Sven Schnelle
@ 2026-03-10 7:06 ` Sven Schnelle
2026-03-10 10:54 ` Philippe Mathieu-Daudé
0 siblings, 1 reply; 18+ messages in thread
From: Sven Schnelle @ 2026-03-10 7:06 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: deller, qemu-devel, Soumyajyotii Ssarkar, Paolo Bonzini,
Helge Deller, Richard Henderson, Fam Zheng
Sven Schnelle <svens@stackframe.org> writes:
> Philippe Mathieu-Daudé <philmd@linaro.org> writes:
>
>> Hi,
>>
>> (now merged as commit b2c2d00f48cc5f4486cfba33b505ff86d79cb137)
>>
>> On 23/12/25 16:50, deller@kernel.org wrote:
>>> From: Sven Schnelle <svens@stackframe.org>
>>> Signed-off-by: Sven Schnelle <svens@stackframe.org>
>>> Reviewed-by: Helge Deller <deller@gmx.de>
>>> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
>>> Signed-off-by: Helge Deller <deller@gmx.de>
>>> ---
>>> target/hppa/gdbstub.c | 62
>> ++++++++++++++++++++++++++++---------------
>>> 1 file changed, 41 insertions(+), 21 deletions(-)
>>> diff --git a/target/hppa/gdbstub.c b/target/hppa/gdbstub.c
>>> index 0daa52f7af..777f4a48b9 100644
>>> --- a/target/hppa/gdbstub.c
>>> +++ b/target/hppa/gdbstub.c
>>> @@ -21,16 +21,25 @@
>>> @@ -133,24 +142,35 @@ int hppa_cpu_gdb_read_register(CPUState *cs,
>> GByteArray *mem_buf, int n)
>>> val = env->cr[30];
>>> break;
>>> case 64 ... 127:
>>> - val = extract64(env->fr[(n - 64) / 2], (n & 1 ? 0 : 32), 32);
>>> - break;
>>> - default:
>>> - if (n < 128) {
>>> - val = 0;
>>> + if (hppa_is_pa20(env)) {
>>> + val = env->fr[n - 64];
>>
>> Coverity reports:
>>
>>>>> CID 1645613: Memory - illegal accesses (OVERRUN)
>>>>> Overrunning array "env->fr" of 32 8-byte elements at element
>> index 32 (byte offset 263) using index "n - 64" (which
>> evaluates to 32).
>
> Yes, there's indeed a check missing wether n is < 96. I'll submit a patch later.
Looking again there is
if (n >= hppa_num_regs(env)) {
return 0;
}
right at the beginning of both functions, which returns 96 for 64 bit
mode as the limit so n should have proper bounds already if I'm not mistaken.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PULL 12/12] target/hppa: add 64 bit support to gdbstub
2026-03-10 7:06 ` Sven Schnelle
@ 2026-03-10 10:54 ` Philippe Mathieu-Daudé
2026-03-10 16:49 ` Sven Schnelle
0 siblings, 1 reply; 18+ messages in thread
From: Philippe Mathieu-Daudé @ 2026-03-10 10:54 UTC (permalink / raw)
To: Sven Schnelle
Cc: deller, qemu-devel, Soumyajyotii Ssarkar, Paolo Bonzini,
Helge Deller, Richard Henderson, Fam Zheng
Hi Sven!
On 10/3/26 08:06, Sven Schnelle wrote:
> Sven Schnelle <svens@stackframe.org> writes:
>
>> Philippe Mathieu-Daudé <philmd@linaro.org> writes:
>>
>>> Hi,
>>>
>>> (now merged as commit b2c2d00f48cc5f4486cfba33b505ff86d79cb137)
>>>
>>> On 23/12/25 16:50, deller@kernel.org wrote:
>>>> From: Sven Schnelle <svens@stackframe.org>
>>>> Signed-off-by: Sven Schnelle <svens@stackframe.org>
>>>> Reviewed-by: Helge Deller <deller@gmx.de>
>>>> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
>>>> Signed-off-by: Helge Deller <deller@gmx.de>
>>>> ---
>>>> target/hppa/gdbstub.c | 62
>>> ++++++++++++++++++++++++++++---------------
>>>> 1 file changed, 41 insertions(+), 21 deletions(-)
>>>> diff --git a/target/hppa/gdbstub.c b/target/hppa/gdbstub.c
>>>> index 0daa52f7af..777f4a48b9 100644
>>>> --- a/target/hppa/gdbstub.c
>>>> +++ b/target/hppa/gdbstub.c
>>>> @@ -21,16 +21,25 @@
>>>> @@ -133,24 +142,35 @@ int hppa_cpu_gdb_read_register(CPUState *cs,
>>> GByteArray *mem_buf, int n)
>>>> val = env->cr[30];
>>>> break;
>>>> case 64 ... 127:
>>>> - val = extract64(env->fr[(n - 64) / 2], (n & 1 ? 0 : 32), 32);
>>>> - break;
>>>> - default:
>>>> - if (n < 128) {
>>>> - val = 0;
>>>> + if (hppa_is_pa20(env)) {
>>>> + val = env->fr[n - 64];
>>>
>>> Coverity reports:
>>>
>>>>>> CID 1645613: Memory - illegal accesses (OVERRUN)
>>>>>> Overrunning array "env->fr" of 32 8-byte elements at element
>>> index 32 (byte offset 263) using index "n - 64" (which
>>> evaluates to 32).
>>
>> Yes, there's indeed a check missing wether n is < 96. I'll submit a patch later.
>
> Looking again there is
>
> if (n >= hppa_num_regs(env)) {
> return 0;
> }
>
> right at the beginning of both functions, which returns 96 for 64 bit
> mode as the limit so n should have proper bounds already if I'm not mistaken.
I thought the same but wasn't sure. Maybe adding a pair of assert()
are sufficient to fell safe and make Coverity happy?
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PULL 12/12] target/hppa: add 64 bit support to gdbstub
2026-03-10 10:54 ` Philippe Mathieu-Daudé
@ 2026-03-10 16:49 ` Sven Schnelle
0 siblings, 0 replies; 18+ messages in thread
From: Sven Schnelle @ 2026-03-10 16:49 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: deller, qemu-devel, Soumyajyotii Ssarkar, Paolo Bonzini,
Helge Deller, Richard Henderson, Fam Zheng
Philippe Mathieu-Daudé <philmd@linaro.org> writes:
> Hi Sven!
>
> On 10/3/26 08:06, Sven Schnelle wrote:
>> Sven Schnelle <svens@stackframe.org> writes:
>>
>>> Philippe Mathieu-Daudé <philmd@linaro.org> writes:
>>>
>>>> Hi,
>>>>
>>>> (now merged as commit b2c2d00f48cc5f4486cfba33b505ff86d79cb137)
>>>>
>>>> On 23/12/25 16:50, deller@kernel.org wrote:
>>>>> From: Sven Schnelle <svens@stackframe.org>
>>>>> Signed-off-by: Sven Schnelle <svens@stackframe.org>
>>>>> Reviewed-by: Helge Deller <deller@gmx.de>
>>>>> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
>>>>> Signed-off-by: Helge Deller <deller@gmx.de>
>>>>> ---
>>>>> target/hppa/gdbstub.c | 62
>>>> ++++++++++++++++++++++++++++---------------
>>>>> 1 file changed, 41 insertions(+), 21 deletions(-)
>>>>> diff --git a/target/hppa/gdbstub.c b/target/hppa/gdbstub.c
>>>>> index 0daa52f7af..777f4a48b9 100644
>>>>> --- a/target/hppa/gdbstub.c
>>>>> +++ b/target/hppa/gdbstub.c
>>>>> @@ -21,16 +21,25 @@
>>>>> @@ -133,24 +142,35 @@ int hppa_cpu_gdb_read_register(CPUState *cs,
>>>> GByteArray *mem_buf, int n)
>>>>> val = env->cr[30];
>>>>> break;
>>>>> case 64 ... 127:
>>>>> - val = extract64(env->fr[(n - 64) / 2], (n & 1 ? 0 : 32), 32);
>>>>> - break;
>>>>> - default:
>>>>> - if (n < 128) {
>>>>> - val = 0;
>>>>> + if (hppa_is_pa20(env)) {
>>>>> + val = env->fr[n - 64];
>>>>
>>>> Coverity reports:
>>>>
>>>>>>> CID 1645613: Memory - illegal accesses (OVERRUN)
>>>>>>> Overrunning array "env->fr" of 32 8-byte elements at element
>>>> index 32 (byte offset 263) using index "n - 64" (which
>>>> evaluates to 32).
>>>
>>> Yes, there's indeed a check missing wether n is < 96. I'll submit a patch later.
>> Looking again there is
>> if (n >= hppa_num_regs(env)) {
>> return 0;
>> }
>> right at the beginning of both functions, which returns 96 for 64
>> bit
>> mode as the limit so n should have proper bounds already if I'm not mistaken.
>
> I thought the same but wasn't sure. Maybe adding a pair of assert()
> are sufficient to fell safe and make Coverity happy?
Feel free to do so, but I don't want to write code just to make some
code checker happy.
^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2026-03-10 16:50 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-12-23 15:50 [PULL 00/12] Hppa updates qemu v11 patches deller
2025-12-23 15:50 ` [PULL 02/12] scsi: ncr710: Add null pointer checks deller
2025-12-23 15:50 ` [PULL 03/12] scsi: ncr710: Fix use after free in command_complete deller
2025-12-23 15:50 ` [PULL 04/12] scsi: ncr710: Fix interrupt related register handing deller
2025-12-23 15:50 ` [PULL 05/12] scsi: ncr710: Fix DMA State machine and flow control deller
2025-12-23 15:50 ` [PULL 06/12] scsi: ncr710: Fix table indirect addressing endianness deller
2025-12-23 15:50 ` [PULL 07/12] scsi: ncr710: Mark command complete in status phase and fix disconnect deller
2025-12-23 15:50 ` [PULL 08/12] scsi: ncr710: Add LUN scanning deller
2025-12-23 15:50 ` [PULL 09/12] scsi: ncr710: Simplify disconnect handling deller
2025-12-23 15:50 ` [PULL 10/12] scsi: ncr710: Fix DSA register deller
2025-12-23 15:50 ` [PULL 11/12] scsi: ncr710: Fix CTEST FIFO status deller
2025-12-23 15:50 ` [PULL 12/12] target/hppa: add 64 bit support to gdbstub deller
2026-03-10 6:15 ` Philippe Mathieu-Daudé
2026-03-10 6:45 ` Sven Schnelle
2026-03-10 7:06 ` Sven Schnelle
2026-03-10 10:54 ` Philippe Mathieu-Daudé
2026-03-10 16:49 ` Sven Schnelle
2025-12-28 22:08 ` [PULL 00/12] Hppa updates qemu v11 patches Richard Henderson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox