Similarly to commit 158b659451 with the APB PnP registers, guests
can crash QEMU when writting to the AHB PnP registers:
$ echo 'writeb 0xfffff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio
[I 1571938309.932255] OPENED
[R +0.063474] writeb 0xfffff042 69
Segmentation fault (core dumped)
(gdb) bt
#0 0x0000000000000000 in ()
#1 0x0000562999110df4 in memory_region_write_with_attrs_accessor
(mr=mr@entry=0x56299aa28ea0, addr=66, value=value@entry=0x7fff6abe13b8, size=size@entry=1, shift=<optimized out>, mask=mask@entry=255, attrs=...) at memory.c:503
#2 0x000056299911095e in access_with_adjusted_size
(addr=addr@entry=66, value=value@entry=0x7fff6abe13b8, size=size@entry=1, access_size_min=<optimized out>, access_size_max=<optimized out>, access_fn=access_fn@entry=
0x562999110d70 <memory_region_write_with_attrs_accessor>, mr=0x56299aa28ea0, attrs=...) at memory.c:539
#3 0x0000562999114fba in memory_region_dispatch_write (mr=mr@entry=0x56299aa28ea0, addr=66, data=<optimized out>, op=<optimized out>, attrs=attrs@entry=...) at memory.c:1482
#4 0x00005629990c0860 in flatview_write_continue
(fv=fv@entry=0x56299aa7d8a0, addr=addr@entry=4294963266, attrs=..., ptr=ptr@entry=0x7fff6abe1540, len=len@entry=1, addr1=<optimized out>, l=<optimized out>, mr=0x56299aa28ea0)
at include/qemu/host-utils.h:164
#5 0x00005629990c0a76 in flatview_write (fv=0x56299aa7d8a0, addr=4294963266, attrs=..., buf=0x7fff6abe1540, len=1) at exec.c:3165
#6 0x00005629990c4c1b in address_space_write (as=<optimized out>, addr=<optimized out>, attrs=..., attrs@entry=..., buf=buf@entry=0x7fff6abe1540, len=len@entry=1) at exec.c:3256
#7 0x000056299910f807 in qtest_process_command (chr=chr@entry=0x5629995ee920 <qtest_chr>, words=words@entry=0x56299acfcfa0) at qtest.c:437
Instead of crashing, log the access as unimplemented.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
hw/misc/grlib_ahb_apb_pnp.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c
index e230e25363..72a8764776 100644
--- a/hw/misc/grlib_ahb_apb_pnp.c
+++ b/hw/misc/grlib_ahb_apb_pnp.c
@@ -136,8 +136,15 @@ static uint64_t grlib_ahb_pnp_read(void *opaque, hwaddr offset, unsigned size)
return ahb_pnp->regs[offset >> 2];
}
+static void grlib_ahb_pnp_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
+}
+
static const MemoryRegionOps grlib_ahb_pnp_ops = {
.read = grlib_ahb_pnp_read,
+ .write = grlib_ahb_pnp_write,
.endianness = DEVICE_BIG_ENDIAN,
};
--
2.21.1
Le 3/31/20 à 12:50 PM, Philippe Mathieu-Daudé a écrit :
> Similarly to commit 158b659451 with the APB PnP registers, guests
> can crash QEMU when writting to the AHB PnP registers:
>
> $ echo 'writeb 0xfffff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio
> [I 1571938309.932255] OPENED
> [R +0.063474] writeb 0xfffff042 69
> Segmentation fault (core dumped)
>
> (gdb) bt
> #0 0x0000000000000000 in ()
> #1 0x0000562999110df4 in memory_region_write_with_attrs_accessor
> (mr=mr@entry=0x56299aa28ea0, addr=66, value=value@entry=0x7fff6abe13b8, size=size@entry=1, shift=<optimized out>, mask=mask@entry=255, attrs=...) at memory.c:503
> #2 0x000056299911095e in access_with_adjusted_size
> (addr=addr@entry=66, value=value@entry=0x7fff6abe13b8, size=size@entry=1, access_size_min=<optimized out>, access_size_max=<optimized out>, access_fn=access_fn@entry=
> 0x562999110d70 <memory_region_write_with_attrs_accessor>, mr=0x56299aa28ea0, attrs=...) at memory.c:539
> #3 0x0000562999114fba in memory_region_dispatch_write (mr=mr@entry=0x56299aa28ea0, addr=66, data=<optimized out>, op=<optimized out>, attrs=attrs@entry=...) at memory.c:1482
> #4 0x00005629990c0860 in flatview_write_continue
> (fv=fv@entry=0x56299aa7d8a0, addr=addr@entry=4294963266, attrs=..., ptr=ptr@entry=0x7fff6abe1540, len=len@entry=1, addr1=<optimized out>, l=<optimized out>, mr=0x56299aa28ea0)
> at include/qemu/host-utils.h:164
> #5 0x00005629990c0a76 in flatview_write (fv=0x56299aa7d8a0, addr=4294963266, attrs=..., buf=0x7fff6abe1540, len=1) at exec.c:3165
> #6 0x00005629990c4c1b in address_space_write (as=<optimized out>, addr=<optimized out>, attrs=..., attrs@entry=..., buf=buf@entry=0x7fff6abe1540, len=len@entry=1) at exec.c:3256
> #7 0x000056299910f807 in qtest_process_command (chr=chr@entry=0x5629995ee920 <qtest_chr>, words=words@entry=0x56299acfcfa0) at qtest.c:437
>
> Instead of crashing, log the access as unimplemented.
>
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
> hw/misc/grlib_ahb_apb_pnp.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c
> index e230e25363..72a8764776 100644
> --- a/hw/misc/grlib_ahb_apb_pnp.c
> +++ b/hw/misc/grlib_ahb_apb_pnp.c
> @@ -136,8 +136,15 @@ static uint64_t grlib_ahb_pnp_read(void *opaque, hwaddr offset, unsigned size)
> return ahb_pnp->regs[offset >> 2];
> }
>
> +static void grlib_ahb_pnp_write(void *opaque, hwaddr addr,
> + uint64_t val, unsigned size)
> +{
> + qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
> +}
> +
> static const MemoryRegionOps grlib_ahb_pnp_ops = {
> .read = grlib_ahb_pnp_read,
> + .write = grlib_ahb_pnp_write,
> .endianness = DEVICE_BIG_ENDIAN,
> };
>
>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
© 2016 - 2026 Red Hat, Inc.