From nobody Wed Nov 12 16:28:34 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1572002031; cv=none; d=zoho.com; s=zohoarc; b=ck88NEo6ji+SV8qkxuEOAsodES/4oJNFZIGQ37F1SzrCIJ6USHOdtDFVyVXNa13cr6CPRP2Z5VbsaS6DqCGm41eiAM4/wDZWo3uB5wd6QmoXA9Qbg3kV5eFmCnA/q0Jzx/NqlTn3YchHVYEXl+ZG59tLQlwLwdDAjhWS0tNXTkw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1572002031; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=3P1I3Nco4z27R0NZyTpP2qFN34PGE+3Hhbm/jLCWWOI=; b=jMwRib98pBnd/tv5xHwVObeYul67pVx3ioOxSVSeeekIusCCKEo00jDzY46tO+AZeNUYOE1+ceqwj5CMKWzdggE/osrp6laW4eSMTdhK9c5BoyljAwP5tGkXFveRWzz+bJ/Svs1DSL1CrsKd7Sttbl4e98aS/xmflKwVJxq1Zsc= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1572002031306825.5411093324711; Fri, 25 Oct 2019 04:13:51 -0700 (PDT) Received: from localhost ([::1]:58712 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iNxXQ-00022R-2q for importer@patchew.org; Fri, 25 Oct 2019 07:13:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40347) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iNxLd-000269-LF for qemu-devel@nongnu.org; Fri, 25 Oct 2019 07:01:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iNxLb-0001Jb-QD for qemu-devel@nongnu.org; Fri, 25 Oct 2019 07:01:37 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:54680 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iNxLb-0001JB-Ge for qemu-devel@nongnu.org; Fri, 25 Oct 2019 07:01:35 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-32-DEPRfcQJOAGMc5rJoI8Q7Q-1; Fri, 25 Oct 2019 07:01:24 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BDDB6800D41; Fri, 25 Oct 2019 11:01:23 +0000 (UTC) Received: from x1w.redhat.com (unknown [10.40.205.177]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 91ED35D9CA; Fri, 25 Oct 2019 11:01:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1572001294; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3P1I3Nco4z27R0NZyTpP2qFN34PGE+3Hhbm/jLCWWOI=; b=ZC8s4c/uVbh+sTwwAg7003sB7DBoLDl696q1RyvNCkw9KVEZ1fEmC2lJxEzebJQd7h2/89 rMmjdQg66i3ZC9CZF3moWHBbwV/ZpjTrIvp5pgekDV43p4LsBtK3qtbzs3rV4Xd4BF+UhE ikUFYDqwCmB18Hf+ctuF3eeVmWYmoSI= From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: Mark Cave-Ayland , Fabien Chouteau , Artyom Tarasenko , qemu-devel@nongnu.org, KONRAD Frederic Subject: [PATCH 1/2] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers Date: Fri, 25 Oct 2019 13:01:13 +0200 Message-Id: <20191025110114.27091-2-philmd@redhat.com> In-Reply-To: <20191025110114.27091-1-philmd@redhat.com> References: <20191025110114.27091-1-philmd@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: DEPRfcQJOAGMc5rJoI8Q7Q-1 X-Mimecast-Spam-Score: 0 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 205.139.110.120 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-trivial@nongnu.org, =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Jiri Gaisler Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" Guests can crash QEMU when writting to PnP registers: $ echo 'writeb 0x800ff042 69' | qemu-system-sparc -M leon3_generic -S -bi= os /etc/magic -qtest stdio [I 1571938309.932255] OPENED [R +0.063474] writeb 0x800ff042 69 Segmentation fault (core dumped) (gdb) bt #0 0x0000000000000000 in () #1 0x0000555f4bcdf0bc in memory_region_write_with_attrs_accessor (mr=3D0= x555f4d7be8c0, addr=3D66, value=3D0x7fff07d00f08, size=3D1, shift=3D0, mask= =3D255, attrs=3D...) at memory.c:503 #2 0x0000555f4bcdf185 in access_with_adjusted_size (addr=3D66, value=3D0= x7fff07d00f08, size=3D1, access_size_min=3D1, access_size_max=3D4, access_f= n=3D0x555f4bcdeff4 , mr=3D0x555f4d= 7be8c0, attrs=3D...) at memory.c:539 #3 0x0000555f4bce2243 in memory_region_dispatch_write (mr=3D0x555f4d7be8= c0, addr=3D66, data=3D69, op=3DMO_8, attrs=3D...) at memory.c:1489 #4 0x0000555f4bc80b20 in flatview_write_continue (fv=3D0x555f4d92c400, a= ddr=3D2148528194, attrs=3D..., buf=3D0x7fff07d01120 "E", len=3D1, addr1=3D6= 6, l=3D1, mr=3D0x555f4d7be8c0) at exec.c:3161 #5 0x0000555f4bc80c65 in flatview_write (fv=3D0x555f4d92c400, addr=3D214= 8528194, attrs=3D..., buf=3D0x7fff07d01120 "E", len=3D1) at exec.c:3201 #6 0x0000555f4bc80fb0 in address_space_write (as=3D0x555f4d7aa460, addr= =3D2148528194, attrs=3D..., buf=3D0x7fff07d01120 "E", len=3D1) at exec.c:32= 91 #7 0x0000555f4bc8101d in address_space_rw (as=3D0x555f4d7aa460, addr=3D2= 148528194, attrs=3D..., buf=3D0x7fff07d01120 "E", len=3D1, is_write=3Dtrue)= at exec.c:3301 #8 0x0000555f4bcdb388 in qtest_process_command (chr=3D0x555f4c2ed7e0 , words=3D0x555f4db0c5d0) at qtest.c:432 Instead of crashing, log the access as unimplemented. Signed-off-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: KONRAD Frederic --- hw/misc/grlib_ahb_apb_pnp.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c index 7338461694..f3c015d2c3 100644 --- a/hw/misc/grlib_ahb_apb_pnp.c +++ b/hw/misc/grlib_ahb_apb_pnp.c @@ -22,6 +22,7 @@ */ =20 #include "qemu/osdep.h" +#include "qemu/log.h" #include "hw/sysbus.h" #include "hw/misc/grlib_ahb_apb_pnp.h" =20 @@ -231,8 +232,15 @@ static uint64_t grlib_apb_pnp_read(void *opaque, hwadd= r offset, unsigned size) return apb_pnp->regs[offset >> 2]; } =20 +static void grlib_apb_pnp_write(void *opaque, hwaddr addr, + uint64_t val, unsigned size) +{ + qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__); +} + static const MemoryRegionOps grlib_apb_pnp_ops =3D { .read =3D grlib_apb_pnp_read, + .write =3D grlib_apb_pnp_write, .endianness =3D DEVICE_BIG_ENDIAN, }; =20 --=20 2.21.0 From nobody Wed Nov 12 16:28:34 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1572001949; cv=none; d=zoho.com; s=zohoarc; b=FlTvJyN2WRI+l7wtR5/rKyQPZAHFpd3H04e7pZiJOkQayirrlfB1izUw9Ij9lxJr/VbpPezuWZk9xmnZZeTUnMTnoYQuTwh/IuCbdizEfrTN3wtICncOwRVQDlBDpm+mtgdZzXEP7WI4eVOeYNwHQj84p+x7DVUBVCZvBV9S+lM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1572001949; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ZCMZbY3BXuLAM/Zus+tvhIQnQM13usxdBSN4vCiZ85E=; b=PmNIcjbZiYGQivnOy5+TW5aaPWcSkExWzzqAPKBoN+g12yYJ9H6GhqahPh1cDUmgCm/gSWEYBrNKXTxlyEPPRshdO3YN0yRCpjObOK6rRDkt2eJP2E6Ja8AQDJY17eyRtr1YlHtKBwuyKU/I+YBw4exHmHg4aff0EFckHVfV7N4= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1572001949038261.09353579955166; Fri, 25 Oct 2019 04:12:29 -0700 (PDT) Received: from localhost ([::1]:58704 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iNxW4-0008Lo-N6 for importer@patchew.org; Fri, 25 Oct 2019 07:12:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40327) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iNxLb-00024O-IV for qemu-devel@nongnu.org; Fri, 25 Oct 2019 07:01:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iNxLZ-0001Iu-Nx for qemu-devel@nongnu.org; Fri, 25 Oct 2019 07:01:35 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:47071 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iNxLZ-0001Id-Dm for qemu-devel@nongnu.org; Fri, 25 Oct 2019 07:01:33 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-359-ssyFhbnKMDutZZ3z4SsUIw-1; Fri, 25 Oct 2019 07:01:27 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 684111005509; Fri, 25 Oct 2019 11:01:26 +0000 (UTC) Received: from x1w.redhat.com (unknown [10.40.205.177]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3E6745D9CA; Fri, 25 Oct 2019 11:01:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1572001291; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZCMZbY3BXuLAM/Zus+tvhIQnQM13usxdBSN4vCiZ85E=; b=DX1gI0VlSlpP97rW1p+q2CJG/FiWpbRmBRBJ7Z7wSpzpyhIAszvwIwa+OL4A3n1smbA7NH sZMimUU8fALFJErSjIcobI9RDObHffQi5Yeg8N1PdGB6lWrJg8TwTg7VPkaxltZog3G/ZX 3R4PCPktPHYDOZbHVuQdQj40hatRZoE= From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: Mark Cave-Ayland , Fabien Chouteau , Artyom Tarasenko , qemu-devel@nongnu.org, KONRAD Frederic Subject: [PATCH 2/2] hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses Date: Fri, 25 Oct 2019 13:01:14 +0200 Message-Id: <20191025110114.27091-3-philmd@redhat.com> In-Reply-To: <20191025110114.27091-1-philmd@redhat.com> References: <20191025110114.27091-1-philmd@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: ssyFhbnKMDutZZ3z4SsUIw-1 X-Mimecast-Spam-Score: 0 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 207.211.31.120 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-trivial@nongnu.org, =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Jiri Gaisler Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" The Plug & Play region of the AHB/APB bridge can be accessed by various word size, however the implementation is clearly restricted to 32-bit: static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned = size) { APBPnp *apb_pnp =3D GRLIB_APB_PNP(opaque); return apb_pnp->regs[offset >> 2]; } Set the MemoryRegionOps::impl min/max fields to 32-bit, so memory.c::access_with_adjusted_size() can adjust when the access is not 32-bit. This is required to run RTEMS on leon3, the grlib scanning functions do byte accesses. Reported-by: Jiri Gaisler Signed-off-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: KONRAD Frederic --- hw/misc/grlib_ahb_apb_pnp.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c index f3c015d2c3..e230e25363 100644 --- a/hw/misc/grlib_ahb_apb_pnp.c +++ b/hw/misc/grlib_ahb_apb_pnp.c @@ -242,6 +242,10 @@ static const MemoryRegionOps grlib_apb_pnp_ops =3D { .read =3D grlib_apb_pnp_read, .write =3D grlib_apb_pnp_write, .endianness =3D DEVICE_BIG_ENDIAN, + .impl =3D { + .min_access_size =3D 4, + .max_access_size =3D 4, + }, }; =20 static void grlib_apb_pnp_realize(DeviceState *dev, Error **errp) --=20 2.21.0