aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRichard Henderson <richard.henderson@linaro.org>2023-05-26 07:13:27 -0700
committerRichard Henderson <richard.henderson@linaro.org>2023-05-26 07:13:27 -0700
commit9cb47a10564e35df421f9639b0d2cf9e7449544d (patch)
treeb264b48cab337c3168ea450930c1e0e718ec349b
parenta3cb6d5004ff638aefe686ecd540718a793bd1b1 (diff)
parentb987718bbb1d0eabf95499b976212dd5f0120d75 (diff)
downloadqemu-9cb47a10564e35df421f9639b0d2cf9e7449544d.zip
qemu-9cb47a10564e35df421f9639b0d2cf9e7449544d.tar.gz
qemu-9cb47a10564e35df421f9639b0d2cf9e7449544d.tar.bz2
Merge tag 'pull-request-2023-05-26' of https://gitlab.com/thuth/qemu into staging
* Use MachineClass->default_nic in more machines to allow running them without "--nodefaults" in builds that used "--without-default-devices" * Improve qtests for such builds * Add up-/downsampling qtest * Avoid crash if default RAM backend name has been stolen * Fix reentrant DMA problem in the lsi53c895a device (CVE-2023-0330) # -----BEGIN PGP SIGNATURE----- # # iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmRwdqsRHHRodXRoQHJl # ZGhhdC5jb20ACgkQLtnXdP5wLbXk6g//eQzVGv1Ep4ZusQXPDpFJLgBNq7JMOF6a # bWa6fTluzCn2ivnbgPEf0lV1TsCrUuQwqWlEozylltE6l4zbmIWBMO8F/6Wy0JZH # DuBrO9fio+nKhcEqeFLE+wTWUCiBqM66n8LL+rznO3RjXv2QU8zhk9owmsEKZUV0 # vXrMO5XdUO/dTrxyBdVjbok9L1UpkF+Sp9LEHNxIJZnAqhVmx13jnKq6WTrDR/fX # ZwGbwWxsnTZl5PuPsHePdTWhXigzZJYcI5TSfcdTVHbzIxVKzFIvTX7stKxySL3b # 3rXqmkmdozi28UPq7kXvLRoN8VscORgC3J+0izVxd1P0q+sh6p+hF/8T1r0UCqWa # cgPoqGP5fcqfQiQxdaPbm3Ar9qscZPqzpZWxzjFQsptxf69RIEg+8XZq/EP+6g+c # GxCh1cqugLdWvZPpBjoGIDlftxJZ99rMKnOZJEudaAIDzRWbNBuqzVo5osj8n5ht # m68Nanlil451+ySuTS7iiWyyKXF6hIfe5I6A72QdxMPeHsavcCk5D5AN76dFSTmN # XWWqlk9CNYbvaYSIqyxJpANiwA5Y0j7r6GVXdWFZ9YRt//+z2rMwOrZIqYyvoscE # 5p+ul/qgUq10XkNwI9t1pd9DX8g+5yuIY0chfC9G1B0AuiPHzvmszORBYY+8+7GT # 2Rwq/HqraC4= # =eab7 # -----END PGP SIGNATURE----- # gpg: Signature made Fri 26 May 2023 02:06:51 AM PDT # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [undefined] # gpg: aka "Thomas Huth <thuth@redhat.com>" [undefined] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * tag 'pull-request-2023-05-26' of https://gitlab.com/thuth/qemu: hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) lsi53c895a: disable reentrancy detection for MMIO region, too machine: do not crash if default RAM backend name has been stolen tests/qtest/ac97-test: add up-/downsampling tests tests/qtest/usb-hcd-ehci-test: Check for EHCI and UHCI HCDs before using them tests/qtest/rtl8139-test: Check whether the rtl8139 device is available tests/qtest: Check for virtio-blk before using -cdrom with the arm virt machine tests/qtest/usb-hcd-uhci-test: Check whether "usb-storage" is available hw/mips: Use MachineClass->default_nic in the virt machine hw/arm: Use MachineClass->default_nic in the sbsa-ref machine hw/xtensa: Use MachineClass->default_nic in the virt machine hw/loongarch64: Use MachineClass->default_nic in the virt machine hw/arm: Use MachineClass->default_nic in the virt machine hw/alpha: Use MachineClass->default_nic in the alpha machine hw/hppa: Use MachineClass->default_nic in the hppa machine Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Diffstat
-rw-r--r--hw/alpha/dp264.c4
-rw-r--r--hw/arm/sbsa-ref.c4
-rw-r--r--hw/arm/virt.c4
-rw-r--r--hw/core/machine.c8
-rw-r--r--hw/hppa/machine.c4
-rw-r--r--hw/loongarch/virt.c4
-rw-r--r--hw/mips/loongson3_virt.c4
-rw-r--r--hw/scsi/lsi53c895a.c24
-rw-r--r--hw/xtensa/virt.c9
-rw-r--r--tests/qtest/ac97-test.c40
-rw-r--r--tests/qtest/bios-tables-test.c2
-rw-r--r--tests/qtest/cdrom-test.c6
-rw-r--r--tests/qtest/fuzz-lsi53c895a-test.c33
-rw-r--r--tests/qtest/rtl8139-test.c4
-rw-r--r--tests/qtest/usb-hcd-ehci-test.c5
-rw-r--r--tests/qtest/usb-hcd-uhci-test.c4
16 files changed, 140 insertions, 19 deletions
diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c
index 4161f55..03495e1 100644
--- a/hw/alpha/dp264.c
+++ b/hw/alpha/dp264.c
@@ -49,6 +49,7 @@ static void clipper_init(MachineState *machine)
const char *kernel_filename = machine->kernel_filename;
const char *kernel_cmdline = machine->kernel_cmdline;
const char *initrd_filename = machine->initrd_filename;
+ MachineClass *mc = MACHINE_GET_CLASS(machine);
AlphaCPU *cpus[4];
PCIBus *pci_bus;
PCIDevice *pci_dev;
@@ -124,7 +125,7 @@ static void clipper_init(MachineState *machine)
/* Network setup. e1000 is good enough, failing Tulip support. */
for (i = 0; i < nb_nics; i++) {
- pci_nic_init_nofail(&nd_table[i], pci_bus, "e1000", NULL);
+ pci_nic_init_nofail(&nd_table[i], pci_bus, mc->default_nic, NULL);
}
/* Super I/O */
@@ -213,6 +214,7 @@ static void clipper_machine_init(MachineClass *mc)
mc->is_default = true;
mc->default_cpu_type = ALPHA_CPU_TYPE_NAME("ev67");
mc->default_ram_id = "ram";
+ mc->default_nic = "e1000";
}
DEFINE_MACHINE("clipper", clipper_machine_init)
diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
index 792371f..9c3e670 100644
--- a/hw/arm/sbsa-ref.c
+++ b/hw/arm/sbsa-ref.c
@@ -596,6 +596,7 @@ static void create_pcie(SBSAMachineState *sms)
hwaddr size_mmio_high = sbsa_ref_memmap[SBSA_PCIE_MMIO_HIGH].size;
hwaddr base_pio = sbsa_ref_memmap[SBSA_PCIE_PIO].base;
int irq = sbsa_ref_irqmap[SBSA_PCIE];
+ MachineClass *mc = MACHINE_GET_CLASS(sms);
MemoryRegion *mmio_alias, *mmio_alias_high, *mmio_reg;
MemoryRegion *ecam_alias, *ecam_reg;
DeviceState *dev;
@@ -641,7 +642,7 @@ static void create_pcie(SBSAMachineState *sms)
NICInfo *nd = &nd_table[i];
if (!nd->model) {
- nd->model = g_strdup("e1000e");
+ nd->model = g_strdup(mc->default_nic);
}
pci_nic_init_nofail(nd, pci->bus, nd->model, NULL);
@@ -858,6 +859,7 @@ static void sbsa_ref_class_init(ObjectClass *oc, void *data)
mc->minimum_page_bits = 12;
mc->block_default_type = IF_IDE;
mc->no_cdrom = 1;
+ mc->default_nic = "e1000e";
mc->default_ram_size = 1 * GiB;
mc->default_ram_id = "sbsa-ref.ram";
mc->default_cpus = 4;
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index b99ae18..9b9f7d9 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1426,6 +1426,7 @@ static void create_pcie(VirtMachineState *vms)
int i, ecam_id;
PCIHostState *pci;
MachineState *ms = MACHINE(vms);
+ MachineClass *mc = MACHINE_GET_CLASS(ms);
dev = qdev_new(TYPE_GPEX_HOST);
sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
@@ -1479,7 +1480,7 @@ static void create_pcie(VirtMachineState *vms)
NICInfo *nd = &nd_table[i];
if (!nd->model) {
- nd->model = g_strdup("virtio");
+ nd->model = g_strdup(mc->default_nic);
}
pci_nic_init_nofail(nd, pci->bus, nd->model, NULL);
@@ -3033,6 +3034,7 @@ static void virt_machine_class_init(ObjectClass *oc, void *data)
mc->auto_enable_numa_with_memhp = true;
mc->auto_enable_numa_with_memdev = true;
mc->default_ram_id = "mach-virt.ram";
+ mc->default_nic = "virtio-net-pci";
object_class_property_add(oc, "acpi", "OnOffAuto",
virt_get_acpi, virt_set_acpi,
diff --git a/hw/core/machine.c b/hw/core/machine.c
index 07f763e..1000406 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -1338,6 +1338,14 @@ void machine_run_board_init(MachineState *machine, const char *mem_path, Error *
}
} else if (machine_class->default_ram_id && machine->ram_size &&
numa_uses_legacy_mem()) {
+ if (object_property_find(object_get_objects_root(),
+ machine_class->default_ram_id)) {
+ error_setg(errp, "object name '%s' is reserved for the default"
+ " RAM backend, it can't be used for any other purposes."
+ " Change the object's 'id' to something else",
+ machine_class->default_ram_id);
+ return;
+ }
if (!create_default_memdev(current_machine, mem_path, errp)) {
return;
}
diff --git a/hw/hppa/machine.c b/hw/hppa/machine.c
index 8fea5fa..b00a91e 100644
--- a/hw/hppa/machine.c
+++ b/hw/hppa/machine.c
@@ -177,6 +177,7 @@ static void machine_hppa_init(MachineState *machine)
const char *kernel_filename = machine->kernel_filename;
const char *kernel_cmdline = machine->kernel_cmdline;
const char *initrd_filename = machine->initrd_filename;
+ MachineClass *mc = MACHINE_GET_CLASS(machine);
DeviceState *dev, *dino_dev, *lasi_dev;
PCIBus *pci_bus;
ISABus *isa_bus;
@@ -272,7 +273,7 @@ static void machine_hppa_init(MachineState *machine)
for (i = 0; i < nb_nics; i++) {
if (!enable_lasi_lan()) {
- pci_nic_init_nofail(&nd_table[i], pci_bus, "tulip", NULL);
+ pci_nic_init_nofail(&nd_table[i], pci_bus, mc->default_nic, NULL);
}
}
@@ -462,6 +463,7 @@ static void hppa_machine_init_class_init(ObjectClass *oc, void *data)
mc->default_ram_size = 512 * MiB;
mc->default_boot_order = "cd";
mc->default_ram_id = "ram";
+ mc->default_nic = "tulip";
nc->nmi_monitor_handler = hppa_nmi;
}
diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index 2b7588e..ceddec1 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -474,6 +474,7 @@ static DeviceState *create_platform_bus(DeviceState *pch_pic)
static void loongarch_devices_init(DeviceState *pch_pic, LoongArchMachineState *lams)
{
+ MachineClass *mc = MACHINE_GET_CLASS(lams);
DeviceState *gpex_dev;
SysBusDevice *d;
PCIBus *pci_bus;
@@ -528,7 +529,7 @@ static void loongarch_devices_init(DeviceState *pch_pic, LoongArchMachineState *
NICInfo *nd = &nd_table[i];
if (!nd->model) {
- nd->model = g_strdup("virtio");
+ nd->model = g_strdup(mc->default_nic);
}
pci_nic_init_nofail(nd, pci_bus, nd->model, NULL);
@@ -1038,6 +1039,7 @@ static void loongarch_class_init(ObjectClass *oc, void *data)
mc->default_boot_order = "c";
mc->no_cdrom = 1;
mc->get_hotplug_handler = virt_machine_get_hotplug_handler;
+ mc->default_nic = "virtio-net-pci";
hc->plug = loongarch_machine_device_plug_cb;
hc->pre_plug = virt_machine_device_pre_plug;
hc->unplug_request = virt_machine_device_unplug_request;
diff --git a/hw/mips/loongson3_virt.c b/hw/mips/loongson3_virt.c
index 2553428..216812f 100644
--- a/hw/mips/loongson3_virt.c
+++ b/hw/mips/loongson3_virt.c
@@ -406,6 +406,7 @@ static inline void loongson3_virt_devices_init(MachineState *machine,
PCIBus *pci_bus;
DeviceState *dev;
MemoryRegion *mmio_reg, *ecam_reg;
+ MachineClass *mc = MACHINE_GET_CLASS(machine);
LoongsonMachineState *s = LOONGSON_MACHINE(machine);
dev = qdev_new(TYPE_GPEX_HOST);
@@ -456,7 +457,7 @@ static inline void loongson3_virt_devices_init(MachineState *machine,
NICInfo *nd = &nd_table[i];
if (!nd->model) {
- nd->model = g_strdup("virtio");
+ nd->model = g_strdup(mc->default_nic);
}
pci_nic_init_nofail(nd, pci_bus, nd->model, NULL);
@@ -619,6 +620,7 @@ static void loongson3v_machine_class_init(ObjectClass *oc, void *data)
mc->default_ram_size = 1600 * MiB;
mc->kvm_type = mips_kvm_type;
mc->minimum_page_bits = 14;
+ mc->default_nic = "virtio-net-pci";
}
static const TypeInfo loongson3_machine_types[] = {
diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
index db27872..f7d45b0 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
@@ -1134,15 +1134,24 @@ static void lsi_execute_script(LSIState *s)
uint32_t addr, addr_high;
int opcode;
int insn_processed = 0;
+ static int reentrancy_level;
+
+ reentrancy_level++;
s->istat1 |= LSI_ISTAT1_SRUN;
again:
- if (++insn_processed > LSI_MAX_INSN) {
- /* Some windows drivers make the device spin waiting for a memory
- location to change. If we have been executed a lot of code then
- assume this is the case and force an unexpected device disconnect.
- This is apparently sufficient to beat the drivers into submission.
- */
+ /*
+ * Some windows drivers make the device spin waiting for a memory location
+ * to change. If we have executed more than LSI_MAX_INSN instructions then
+ * assume this is the case and force an unexpected device disconnect. This
+ * is apparently sufficient to beat the drivers into submission.
+ *
+ * Another issue (CVE-2023-0330) can occur if the script is programmed to
+ * trigger itself again and again. Avoid this problem by stopping after
+ * being called multiple times in a reentrant way (8 is an arbitrary value
+ * which should be enough for all valid use cases).
+ */
+ if (++insn_processed > LSI_MAX_INSN || reentrancy_level > 8) {
if (!(s->sien0 & LSI_SIST0_UDC)) {
qemu_log_mask(LOG_GUEST_ERROR,
"lsi_scsi: inf. loop with UDC masked");
@@ -1596,6 +1605,8 @@ again:
}
}
trace_lsi_execute_script_stop();
+
+ reentrancy_level--;
}
static uint8_t lsi_reg_readb(LSIState *s, int offset)
@@ -2307,6 +2318,7 @@ static void lsi_scsi_realize(PCIDevice *dev, Error **errp)
* re-entrancy guard.
*/
s->ram_io.disable_reentrancy_guard = true;
+ s->mmio_io.disable_reentrancy_guard = true;
address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io");
qdev_init_gpio_out(d, &s->ext_irq, 1);
diff --git a/hw/xtensa/virt.c b/hw/xtensa/virt.c
index a18e3fc..b87f842 100644
--- a/hw/xtensa/virt.c
+++ b/hw/xtensa/virt.c
@@ -38,7 +38,8 @@
#include "xtensa_memory.h"
#include "xtensa_sim.h"
-static void create_pcie(CPUXtensaState *env, int irq_base, hwaddr addr_base)
+static void create_pcie(MachineState *ms, CPUXtensaState *env, int irq_base,
+ hwaddr addr_base)
{
hwaddr base_ecam = addr_base + 0x00100000;
hwaddr size_ecam = 0x03f00000;
@@ -54,6 +55,7 @@ static void create_pcie(CPUXtensaState *env, int irq_base, hwaddr addr_base)
MemoryRegion *mmio_alias;
MemoryRegion *mmio_reg;
+ MachineClass *mc = MACHINE_GET_CLASS(ms);
DeviceState *dev;
PCIHostState *pci;
qemu_irq *extints;
@@ -104,7 +106,7 @@ static void create_pcie(CPUXtensaState *env, int irq_base, hwaddr addr_base)
NICInfo *nd = &nd_table[i];
if (!nd->model) {
- nd->model = g_strdup("virtio");
+ nd->model = g_strdup(mc->default_nic);
}
pci_nic_init_nofail(nd, pci->bus, nd->model, NULL);
@@ -117,7 +119,7 @@ static void xtensa_virt_init(MachineState *machine)
XtensaCPU *cpu = xtensa_sim_common_init(machine);
CPUXtensaState *env = &cpu->env;
- create_pcie(env, 0, 0xf0000000);
+ create_pcie(machine, env, 0, 0xf0000000);
xtensa_sim_load_kernel(cpu, machine);
}
@@ -127,6 +129,7 @@ static void xtensa_virt_machine_init(MachineClass *mc)
mc->init = xtensa_virt_init;
mc->max_cpus = 32;
mc->default_cpu_type = XTENSA_DEFAULT_CPU_TYPE;
+ mc->default_nic = "virtio-net-pci";
}
DEFINE_MACHINE("virt", xtensa_virt_machine_init)
diff --git a/tests/qtest/ac97-test.c b/tests/qtest/ac97-test.c
index 74103ef..b71bd60 100644
--- a/tests/qtest/ac97-test.c
+++ b/tests/qtest/ac97-test.c
@@ -42,16 +42,54 @@ static void *ac97_create(void *pci_bus, QGuestAllocator *alloc, void *addr)
return &ac97->obj;
}
+/*
+ * This is rather a test of the audio subsystem and not an AC97 test. Test if
+ * the audio subsystem can handle a 44100/1 upsample ratio. For some time this
+ * used to trigger QEMU aborts.
+ */
+static void ac97_playback_upsample(void *obj, void *data, QGuestAllocator *alloc)
+{
+ QAC97 *ac97 = obj;
+ QPCIDevice *dev = &ac97->dev;
+ QPCIBar bar0;
+
+ qpci_device_enable(dev);
+ bar0 = qpci_iomap(dev, 0, NULL);
+ /* IOBAR0 offset 0x2c: PCM Front DAC Rate */
+ qpci_io_writew(dev, bar0, 0x2c, 0x1);
+}
+
+/*
+ * This test is similar to the playback upsample test. QEMU shouldn't abort if
+ * asked for a 1/44100 downsample ratio.
+ */
+static void ac97_record_downsample(void *obj, void *data, QGuestAllocator *alloc)
+{
+ QAC97 *ac97 = obj;
+ QPCIDevice *dev = &ac97->dev;
+ QPCIBar bar0;
+
+ qpci_device_enable(dev);
+ bar0 = qpci_iomap(dev, 0, NULL);
+ /* IOBAR0 offset 0x32: PCM L/R ADC Rate */
+ qpci_io_writew(dev, bar0, 0x32, 0x1);
+}
+
static void ac97_register_nodes(void)
{
QOSGraphEdgeOptions opts = {
- .extra_device_opts = "addr=04.0",
+ .extra_device_opts = "addr=04.0,audiodev=snd0",
+ .after_cmd_line = "-audiodev none,id=snd0"
+ ",out.frequency=44100,in.frequency=44100",
};
add_qpci_address(&opts, &(QPCIAddress) { .devfn = QPCI_DEVFN(4, 0) });
qos_node_create_driver("AC97", ac97_create);
qos_node_produces("AC97", "pci-device");
qos_node_consumes("AC97", "pci-bus", &opts);
+
+ qos_add_test("playback_upsample", "AC97", ac97_playback_upsample, NULL);
+ qos_add_test("record_downsample", "AC97", ac97_record_downsample, NULL);
}
libqos_init(ac97_register_nodes);
diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c
index 159e4ed..ed1c69c 100644
--- a/tests/qtest/bios-tables-test.c
+++ b/tests/qtest/bios-tables-test.c
@@ -2164,7 +2164,7 @@ int main(int argc, char *argv[])
}
}
} else if (strcmp(arch, "aarch64") == 0) {
- if (has_tcg) {
+ if (has_tcg && qtest_has_device("virtio-blk-pci")) {
qtest_add_func("acpi/virt", test_acpi_virt_tcg);
qtest_add_func("acpi/virt/acpihmatvirt",
test_acpi_virt_tcg_acpi_hmat);
diff --git a/tests/qtest/cdrom-test.c b/tests/qtest/cdrom-test.c
index d1cc375..f2a8d91 100644
--- a/tests/qtest/cdrom-test.c
+++ b/tests/qtest/cdrom-test.c
@@ -264,9 +264,13 @@ int main(int argc, char **argv)
const char *armmachines[] = {
"realview-eb", "realview-eb-mpcore", "realview-pb-a8",
"realview-pbx-a9", "versatileab", "versatilepb", "vexpress-a15",
- "vexpress-a9", "virt", NULL
+ "vexpress-a9", NULL
};
add_cdrom_param_tests(armmachines);
+ if (qtest_has_device("virtio-blk-pci")) {
+ const char *virtmachine[] = { "virt", NULL };
+ add_cdrom_param_tests(virtmachine);
+ }
} else {
const char *nonemachine[] = { "none", NULL };
add_cdrom_param_tests(nonemachine);
diff --git a/tests/qtest/fuzz-lsi53c895a-test.c b/tests/qtest/fuzz-lsi53c895a-test.c
index 2012bd5..1b55928 100644
--- a/tests/qtest/fuzz-lsi53c895a-test.c
+++ b/tests/qtest/fuzz-lsi53c895a-test.c
@@ -9,6 +9,36 @@
#include "libqtest.h"
/*
+ * This used to trigger a DMA reentrancy issue
+ * leading to memory corruption bugs like stack
+ * overflow or use-after-free
+ * https://gitlab.com/qemu-project/qemu/-/issues/1563
+ */
+static void test_lsi_dma_reentrancy(void)
+{
+ QTestState *s;
+
+ s = qtest_init("-M q35 -m 512M -nodefaults "
+ "-blockdev driver=null-co,node-name=null0 "
+ "-device lsi53c810 -device scsi-cd,drive=null0");
+
+ qtest_outl(s, 0xcf8, 0x80000804); /* PCI Command Register */
+ qtest_outw(s, 0xcfc, 0x7); /* Enables accesses */
+ qtest_outl(s, 0xcf8, 0x80000814); /* Memory Bar 1 */
+ qtest_outl(s, 0xcfc, 0xff100000); /* Set MMIO Address*/
+ qtest_outl(s, 0xcf8, 0x80000818); /* Memory Bar 2 */
+ qtest_outl(s, 0xcfc, 0xff000000); /* Set RAM Address*/
+ qtest_writel(s, 0xff000000, 0xc0000024);
+ qtest_writel(s, 0xff000114, 0x00000080);
+ qtest_writel(s, 0xff00012c, 0xff000000);
+ qtest_writel(s, 0xff000004, 0xff000114);
+ qtest_writel(s, 0xff000008, 0xff100014);
+ qtest_writel(s, 0xff10002f, 0x000000ff);
+
+ qtest_quit(s);
+}
+
+/*
* This used to trigger a UAF in lsi_do_msgout()
* https://gitlab.com/qemu-project/qemu/-/issues/972
*/
@@ -124,5 +154,8 @@ int main(int argc, char **argv)
qtest_add_func("fuzz/lsi53c895a/lsi_do_msgout_cancel_req",
test_lsi_do_msgout_cancel_req);
+ qtest_add_func("fuzz/lsi53c895a/lsi_dma_reentrancy",
+ test_lsi_dma_reentrancy);
+
return g_test_run();
}
diff --git a/tests/qtest/rtl8139-test.c b/tests/qtest/rtl8139-test.c
index 4bd240e..4dc0a0d 100644
--- a/tests/qtest/rtl8139-test.c
+++ b/tests/qtest/rtl8139-test.c
@@ -209,6 +209,10 @@ int main(int argc, char **argv)
g_test_init(&argc, &argv, NULL);
+ if (!qtest_has_device("rtl8139")) {
+ return 0;
+ }
+
qtest_start("-device rtl8139");
qtest_add_func("/rtl8139/nop", nop);
diff --git a/tests/qtest/usb-hcd-ehci-test.c b/tests/qtest/usb-hcd-ehci-test.c
index c51e8bb..87e37cd 100644
--- a/tests/qtest/usb-hcd-ehci-test.c
+++ b/tests/qtest/usb-hcd-ehci-test.c
@@ -149,6 +149,11 @@ int main(int argc, char **argv)
g_test_init(&argc, &argv, NULL);
+ if (!qtest_has_device("ich9-usb-ehci1") ||
+ !qtest_has_device("ich9-usb-uhci1")) {
+ return 0;
+ }
+
qtest_add_func("/ehci/pci/uhci-port-1", pci_uhci_port_1);
qtest_add_func("/ehci/pci/ehci-port-1", pci_ehci_port_1);
qtest_add_func("/ehci/pci/ehci-config", pci_ehci_config);
diff --git a/tests/qtest/usb-hcd-uhci-test.c b/tests/qtest/usb-hcd-uhci-test.c
index 84ac2f3..28751f5 100644
--- a/tests/qtest/usb-hcd-uhci-test.c
+++ b/tests/qtest/usb-hcd-uhci-test.c
@@ -74,7 +74,9 @@ int main(int argc, char **argv)
qtest_add_func("/uhci/pci/init", test_uhci_init);
qtest_add_func("/uhci/pci/port1", test_port_1);
qtest_add_func("/uhci/pci/hotplug", test_uhci_hotplug);
- qtest_add_func("/uhci/pci/hotplug/usb-storage", test_usb_storage_hotplug);
+ if (qtest_has_device("usb-storage")) {
+ qtest_add_func("/uhci/pci/hotplug/usb-storage", test_usb_storage_hotplug);
+ }
if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
qs = qtest_pc_boot("%s", cmd);
generated by cgit v1.1 at 2025-02-19 12:04:24 +0000