From nobody Mon Feb 9 23:01:53 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1585651974; cv=none; d=zohomail.com; s=zohoarc; b=Cifbc+V9TvxiZmT6HsCp6EE/o20Owsy4TCxgw6Mjoyr0BfQAWn+v5foq3toPIZZnP9SJlXFUNGHNTuTNJqNwlxjIUjwl8JVJXxXfxGqcd7x/v02Fos2X9tX3WXLDJNxSuJqggQ40PF8H9K5kPLNIcYXOqNgVQyGFb21MAV4/mQw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585651974; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=NTEVMDbO4wtPzpWjDeuq384PlojGr8aCfjPexjiQfbw=; b=S7oIhvlfXif3hCj6eBQDx5Ci5nNhYe5iiZwvT5l4TcHodZrozGZ6vjGjCkZWN7viYntvTyVLyyb9YOEYVGZ2FHIBmdy6ofJtBEu9jK72W+XDrN3qsHgqULcJnkPKjmDWcMVBvkRfiwiAf2uSXZ9AV6ucCWgF33AutTAc2Vb0kDM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1585651974965456.45354241290875; Tue, 31 Mar 2020 03:52:54 -0700 (PDT) Received: from localhost ([::1]:35856 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jJEVq-00049J-5r for importer@patchew.org; Tue, 31 Mar 2020 06:52:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52953) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jJEU1-0002OA-U2 for qemu-devel@nongnu.org; Tue, 31 Mar 2020 06:51:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jJEU0-0006I1-Or for qemu-devel@nongnu.org; Tue, 31 Mar 2020 06:51:01 -0400 Received: from mail-wm1-x343.google.com ([2a00:1450:4864:20::343]:40476) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jJEU0-0006HD-Ih for qemu-devel@nongnu.org; Tue, 31 Mar 2020 06:51:00 -0400 Received: by mail-wm1-x343.google.com with SMTP id a81so2023465wmf.5 for ; Tue, 31 Mar 2020 03:51:00 -0700 (PDT) Received: from localhost.localdomain (116.red-83-42-57.dynamicip.rima-tde.net. [83.42.57.116]) by smtp.gmail.com with ESMTPSA id w3sm26042830wrn.31.2020.03.31.03.50.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 31 Mar 2020 03:50:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=NTEVMDbO4wtPzpWjDeuq384PlojGr8aCfjPexjiQfbw=; b=gyepPOW6Hg+OHkFgwwNud5yofv8/3l8kv1+v59ajcufK2uFMCXl8ENXu3Y46SVaxGG v/Oun7ncY4HuqVNFPN6lj7hZSLiz8i+DUPridgNa7vb+JD5XN3x3MdDzu74ZisAO0kcF 27a8nD8xBgXY3Id3d7Bvy8BmRwMHULU4AgX4u7mWs4JbQCK2SjUihPEOM0CupEM9VVF0 Tc6GHkEyV0Km0F318LybAt/ACE+kmIzP7VSCFhdtqltn0qnsvLbAuOx7x0Lc7yeglTUu 8Kr4cecnNAiWQiRgf6CXXNNPHpWjlvxynjG6icsQoJ4F3qeyeyTS2PbJDWRuiZsXaima S99A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=NTEVMDbO4wtPzpWjDeuq384PlojGr8aCfjPexjiQfbw=; b=I2lXzP4lWfx/b7PxL6uj4SusDhj4rrB8rHrcQdxLWOI8lzVMZ8gnlJxxZv+86KUFnQ CQCa0WPdiq267hOMuaHXedgEoa9Li5e7fCnr2r5HmO7a2rLBAILHxgWND0Jd5ux/KWld vmGHHv7JnRUe1enitegYC6OldSYPN7rP/UUk8mYH9cosbvaNQOdGRogspgCvNhWPwnjR oP9q05/uXgoq3gawqH6XPa8tDr0awb2STICUAaLl15CrPsJytvG0JvyqVi1RZwxTY3AE N1p4rdjdmaIimsAR1E3P+vz7DOIOMdLIl5rLs3No9xmqaBVzZVobgUOsz2rBypiAC/xF PSWw== X-Gm-Message-State: ANhLgQ3y8dze577852UIOUpK8w0MJS9wCnk8uLvhKyYHwCJWmjOkslee 1eWMz8hKmitn2O2axfWsr/qFDCaiNbc= X-Google-Smtp-Source: ADFU+vvNTqEIj0dE/ch21tINs+V7stnqZ8Q4J/YxzejW1IUiTyBHm1hi5RwHBDC5n27BUAhENpb3ug== X-Received: by 2002:a1c:4c1a:: with SMTP id z26mr2785273wmf.94.1585651859326; Tue, 31 Mar 2020 03:50:59 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH-for-5.0 2/7] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to AHB PnP registers Date: Tue, 31 Mar 2020 12:50:43 +0200 Message-Id: <20200331105048.27989-3-f4bug@amsat.org> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200331105048.27989-1-f4bug@amsat.org> References: <20200331105048.27989-1-f4bug@amsat.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::343 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Cave-Ayland , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Fabien Chouteau , KONRAD Frederic , Jiri Gaisler , Artyom Tarasenko , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Similarly to commit 158b659451 with the APB PnP registers, guests can crash QEMU when writting to the AHB PnP registers: $ echo 'writeb 0xfffff042 69' | qemu-system-sparc -M leon3_generic -S -bi= os /etc/magic -qtest stdio [I 1571938309.932255] OPENED [R +0.063474] writeb 0xfffff042 69 Segmentation fault (core dumped) (gdb) bt #0 0x0000000000000000 in () #1 0x0000562999110df4 in memory_region_write_with_attrs_accessor (mr=3Dmr@entry=3D0x56299aa28ea0, addr=3D66, value=3Dvalue@entry=3D0x7= fff6abe13b8, size=3Dsize@entry=3D1, shift=3D, mask=3Dmask@en= try=3D255, attrs=3D...) at memory.c:503 #2 0x000056299911095e in access_with_adjusted_size (addr=3Daddr@entry=3D66, value=3Dvalue@entry=3D0x7fff6abe13b8, size= =3Dsize@entry=3D1, access_size_min=3D, access_size_max=3D, access_fn=3Daccess_fn@entry=3D 0x562999110d70 , mr=3D0x5629= 9aa28ea0, attrs=3D...) at memory.c:539 #3 0x0000562999114fba in memory_region_dispatch_write (mr=3Dmr@entry=3D0= x56299aa28ea0, addr=3D66, data=3D, op=3D, att= rs=3Dattrs@entry=3D...) at memory.c:1482 #4 0x00005629990c0860 in flatview_write_continue (fv=3Dfv@entry=3D0x56299aa7d8a0, addr=3Daddr@entry=3D4294963266, attr= s=3D..., ptr=3Dptr@entry=3D0x7fff6abe1540, len=3Dlen@entry=3D1, addr1=3D, l=3D, mr=3D0x56299aa28ea0) at include/qemu/host-utils.h:164 #5 0x00005629990c0a76 in flatview_write (fv=3D0x56299aa7d8a0, addr=3D429= 4963266, attrs=3D..., buf=3D0x7fff6abe1540, len=3D1) at exec.c:3165 #6 0x00005629990c4c1b in address_space_write (as=3D, addr= =3D, attrs=3D..., attrs@entry=3D..., buf=3Dbuf@entry=3D0x7ff= f6abe1540, len=3Dlen@entry=3D1) at exec.c:3256 #7 0x000056299910f807 in qtest_process_command (chr=3Dchr@entry=3D0x5629= 995ee920 , words=3Dwords@entry=3D0x56299acfcfa0) at qtest.c:437 Instead of crashing, log the access as unimplemented. Signed-off-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: KONRAD Frederic --- hw/misc/grlib_ahb_apb_pnp.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c index e230e25363..72a8764776 100644 --- a/hw/misc/grlib_ahb_apb_pnp.c +++ b/hw/misc/grlib_ahb_apb_pnp.c @@ -136,8 +136,15 @@ static uint64_t grlib_ahb_pnp_read(void *opaque, hwadd= r offset, unsigned size) return ahb_pnp->regs[offset >> 2]; } =20 +static void grlib_ahb_pnp_write(void *opaque, hwaddr addr, + uint64_t val, unsigned size) +{ + qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__); +} + static const MemoryRegionOps grlib_ahb_pnp_ops =3D { .read =3D grlib_ahb_pnp_read, + .write =3D grlib_ahb_pnp_write, .endianness =3D DEVICE_BIG_ENDIAN, }; =20 --=20 2.21.1