diff options
author | Alex Horn <alex.horn@cs.ox.ac.uk> | 2012-11-26 17:32:54 +0100 |
---|---|---|
committer | Anthony Liguori <aliguori@us.ibm.com> | 2012-11-27 11:04:33 -0600 |
commit | 02c6ccc6dde90dcbf5975b1cfe2ab199e525ec11 (patch) | |
tree | 0a4286587fa357224cdaebe6c14ff2255b9b84ef /tests/rtc-test.c | |
parent | 03a36f17d7788e4a1e07b3341b18028aa0206845 (diff) | |
download | qemu-02c6ccc6dde90dcbf5975b1cfe2ab199e525ec11.zip |
rtc: Only call rtc_set_cmos when Register B SET flag is disabled.
This bug occurs when the SET flag of Register B is enabled. When an RTC
data register (i.e. any of the ten time/calender CMOS bytes) is set, the
data is (as expected) correctly stored in the cmos_data array. However,
since the SET flag is enabled, the function rtc_set_time is not invoked.
As a result, the field base_rtc in RTCState remains uninitialized. This
causes a problem on subsequent writes which can end up overwriting data.
To see this, consider writing data to Register A after having written
data to any of the RTC data registers; the following figure illustrates
the call stack for the Register A write operation:
+- cmos_io_port_write
+-- check_update_timer
+---- get_next_alarm
+------ rtc_update_time
In rtc_update_time, get_guest_rtc calculates the wrong time and
overwrites the previously written RTC data register values.
Signed-off-by: Alex Horn <alex.horn@cs.ox.ac.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'tests/rtc-test.c')
-rw-r--r-- | tests/rtc-test.c | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/tests/rtc-test.c b/tests/rtc-test.c index 7fdc94a3de..02edbf5727 100644 --- a/tests/rtc-test.c +++ b/tests/rtc-test.c @@ -327,6 +327,45 @@ static void fuzz_registers(void) } } +static void register_b_set_flag(void) +{ + /* Enable binary-coded decimal (BCD) mode and SET flag in Register B*/ + cmos_write(RTC_REG_B, (cmos_read(RTC_REG_B) & ~REG_B_DM) | REG_B_SET); + + cmos_write(RTC_REG_A, 0x76); + cmos_write(RTC_YEAR, 0x11); + cmos_write(RTC_CENTURY, 0x20); + cmos_write(RTC_MONTH, 0x02); + cmos_write(RTC_DAY_OF_MONTH, 0x02); + cmos_write(RTC_HOURS, 0x02); + cmos_write(RTC_MINUTES, 0x04); + cmos_write(RTC_SECONDS, 0x58); + cmos_write(RTC_REG_A, 0x26); + + /* Since SET flag is still enabled, these are equality checks. */ + g_assert_cmpint(cmos_read(RTC_HOURS), ==, 0x02); + g_assert_cmpint(cmos_read(RTC_MINUTES), ==, 0x04); + g_assert_cmpint(cmos_read(RTC_SECONDS), ==, 0x58); + g_assert_cmpint(cmos_read(RTC_DAY_OF_MONTH), ==, 0x02); + g_assert_cmpint(cmos_read(RTC_MONTH), ==, 0x02); + g_assert_cmpint(cmos_read(RTC_YEAR), ==, 0x11); + g_assert_cmpint(cmos_read(RTC_CENTURY), ==, 0x20); + + /* Disable SET flag in Register B */ + cmos_write(RTC_REG_B, cmos_read(RTC_REG_B) & ~REG_B_SET); + + g_assert_cmpint(cmos_read(RTC_HOURS), ==, 0x02); + g_assert_cmpint(cmos_read(RTC_MINUTES), ==, 0x04); + + /* Since SET flag is disabled, this is an inequality check. + * We (reasonably) assume that no (sexagesimal) overflow occurs. */ + g_assert_cmpint(cmos_read(RTC_SECONDS), >=, 0x58); + g_assert_cmpint(cmos_read(RTC_DAY_OF_MONTH), ==, 0x02); + g_assert_cmpint(cmos_read(RTC_MONTH), ==, 0x02); + g_assert_cmpint(cmos_read(RTC_YEAR), ==, 0x11); + g_assert_cmpint(cmos_read(RTC_CENTURY), ==, 0x20); +} + int main(int argc, char **argv) { QTestState *s = NULL; @@ -342,6 +381,7 @@ int main(int argc, char **argv) qtest_add_func("/rtc/alarm-time", alarm_time); qtest_add_func("/rtc/set-year/20xx", set_year_20xx); qtest_add_func("/rtc/set-year/1980", set_year_1980); + qtest_add_func("/rtc/register_b_set_flag", register_b_set_flag); qtest_add_func("/rtc/fuzz-registers", fuzz_registers); ret = g_test_run(); |