From nobody Fri May 10 16:38:32 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1613774072; cv=none; d=zohomail.com; s=zohoarc; b=FTMrseeieX6D/kOSojtGFk19thbTB3aiRez1GwxoEvm9fSNQ3NRlE/oRJwKpHJIpvL8GWu5JbgjA0VfbSZQlFHh1XE3Vx0lGbBo5IREQTA3TLzU2/J4zP0iBSdoMWWn+P03UJgCVRTpIAS/Z9gWHA37+Xf8heuFSNMQSriEJEgs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1613774072; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=xxgdPie+RvUTCfVCQTi2pXFqOkbO/zZNwTKdKRCc0hU=; b=hyzDRKflBpS7de4wFNe7M2jm76hHFCA/HaOS6/KDGyWy3/59WmmbSRs+vkl6c3Nh5g6C7FeutOqXJLiMkSBDDDXgev6L6G2y6XU06SR3AQ3024iO2icuVPaPaGT5pVHx8nbersca1gZWmj9cCCLw//uCz9s7STYOx9Vk/q/8nyI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 161377407182854.613128526016226; Fri, 19 Feb 2021 14:34:31 -0800 (PST) Received: from localhost ([::1]:56994 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lDEM2-0001Jd-RM for importer@patchew.org; Fri, 19 Feb 2021 17:34:30 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:49088) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lDEKM-0000S8-Tt for qemu-devel@nongnu.org; Fri, 19 Feb 2021 17:32:48 -0500 Received: from mail-wr1-x433.google.com ([2a00:1450:4864:20::433]:43193) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lDEKK-0002el-UU for qemu-devel@nongnu.org; Fri, 19 Feb 2021 17:32:46 -0500 Received: by mail-wr1-x433.google.com with SMTP id n8so10583859wrm.10 for ; Fri, 19 Feb 2021 14:32:44 -0800 (PST) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id t15sm13370654wmi.48.2021.02.19.14.32.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Feb 2021 14:32:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=xxgdPie+RvUTCfVCQTi2pXFqOkbO/zZNwTKdKRCc0hU=; b=jik1ALj6iSGRmktAn/ORa6p/FS0vdMhar2lVVUFdj786s2C8JrMhjLk3PP1oBIGHu2 pr8Ug6kRQWxpMtRwOdraMMntS2xblQnNirbWPjbDDNg5g6c8JDaNAkjEX+Fd6ynAnzlM 5Fa+U60TK54ls67xNPcZIFJyD4i6A8lwOsKR8RYtpbUSnhs/SlXqlh57deEKigNsThgs 3KUHLVjVjgQKGTgzeBT+tcS1pE1pzz7p8y670LSD0DoxDISs3TkYBGy4pP7sga7wumAf CUnDxtZoTFAKYba0aQefiowdg2Zyi9mwIHJBt1KE3DSrQNZn/ngu76i/qeIw3Dtl6qNr gg3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xxgdPie+RvUTCfVCQTi2pXFqOkbO/zZNwTKdKRCc0hU=; b=mJh7B1PTtpMZY9UjpLAbKL5MC1bwW07kWKCgSvrOtSYF65APG5Dqi+8Fen0nH2xgdq Q7bQmiOZOe7O2vez4RfbxcingfFl8Hmw2hIurLnA+kQ3mKyXF6iBo/Y1deEIBtqTCEDF 9eoQ82nyGIREnK0q2mT9i1kCeNYOIGcT96/Ne8pteFety7BJfUWWC0z+AeSzOrY8uCwc ZwML7lrH3bcVXXHLDMh0ghd8dM4RBl7h9Xu/JZfFMEiVG4EAdyhD0Oi+Pf68t+t4FmJe gT5fobEqPmx34TxV0Z4RZDfaLH37QYLyFQVFTmY429bMm9MllHFFnCySKJs2KmTZ8och Zqag== X-Gm-Message-State: AOAM533aY336cb0APfVfMNfnqOpifzHs8WHejQ6iAil2UKwA0/VTH+MO oCfegD16+/yUgIrQi7IBsuW8RHazBO+GIA== X-Google-Smtp-Source: ABdhPJzDpC0LSc2vy8nbDr7z4ZWI7wWIMHAuSP44nE32lN16nvWD/KFlj+FNFTNMHk9FC1XHTV7H6g== X-Received: by 2002:a5d:4d0f:: with SMTP id z15mr3189867wrt.41.1613773963551; Fri, 19 Feb 2021 14:32:43 -0800 (PST) From: Peter Maydell To: qemu-devel@nongnu.org Subject: [PATCH 1/2] hw/timer/renesas_tmr: Prefix constants for CSS values with CSS_ Date: Fri, 19 Feb 2021 22:32:39 +0000 Message-Id: <20210219223241.16344-2-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210219223241.16344-1-peter.maydell@linaro.org> References: <20210219223241.16344-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::433; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x433.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Magnus Damm , Yoshinori Sato Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" The #defines INTERNAL and CASCADING represent different possible values for the TCCR.CSS register field; prefix them with CSS_ to make this more obvious, before we add more defines to represent the other possible values of the field in the next commit. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- hw/timer/renesas_tmr.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/hw/timer/renesas_tmr.c b/hw/timer/renesas_tmr.c index e03a8155b2b..22260aaaba5 100644 --- a/hw/timer/renesas_tmr.c +++ b/hw/timer/renesas_tmr.c @@ -46,8 +46,8 @@ REG8(TCCR, 10) FIELD(TCCR, CSS, 3, 2) FIELD(TCCR, TMRIS, 7, 1) =20 -#define INTERNAL 0x01 -#define CASCADING 0x03 +#define CSS_INTERNAL 0x01 +#define CSS_CASCADING 0x03 #define CCLR_A 0x01 #define CCLR_B 0x02 =20 @@ -72,7 +72,7 @@ static void update_events(RTMRState *tmr, int ch) /* event not happened */ return ; } - if (FIELD_EX8(tmr->tccr[0], TCCR, CSS) =3D=3D CASCADING) { + if (FIELD_EX8(tmr->tccr[0], TCCR, CSS) =3D=3D CSS_CASCADING) { /* cascading mode */ if (ch =3D=3D 1) { tmr->next[ch] =3D none; @@ -130,7 +130,7 @@ static uint16_t read_tcnt(RTMRState *tmr, unsigned size= , int ch) if (delta > 0) { tmr->tick =3D now; =20 - if (FIELD_EX8(tmr->tccr[1], TCCR, CSS) =3D=3D INTERNAL) { + if (FIELD_EX8(tmr->tccr[1], TCCR, CSS) =3D=3D CSS_INTERNAL) { /* timer1 count update */ elapsed =3D elapsed_time(tmr, 1, delta); if (elapsed >=3D 0x100) { @@ -139,11 +139,11 @@ static uint16_t read_tcnt(RTMRState *tmr, unsigned si= ze, int ch) tcnt[1] =3D tmr->tcnt[1] + (elapsed & 0xff); } switch (FIELD_EX8(tmr->tccr[0], TCCR, CSS)) { - case INTERNAL: + case CSS_INTERNAL: elapsed =3D elapsed_time(tmr, 0, delta); tcnt[0] =3D tmr->tcnt[0] + elapsed; break; - case CASCADING: + case CSS_CASCADING: if (ovf > 0) { tcnt[0] =3D tmr->tcnt[0] + ovf; } @@ -330,7 +330,7 @@ static uint16_t issue_event(RTMRState *tmr, int ch, int= sz, qemu_irq_pulse(tmr->cmia[ch]); } if (sz =3D=3D 8 && ch =3D=3D 0 && - FIELD_EX8(tmr->tccr[1], TCCR, CSS) =3D=3D CASCADING) { + FIELD_EX8(tmr->tccr[1], TCCR, CSS) =3D=3D CSS_CASCADING) { tmr->tcnt[1]++; timer_events(tmr, 1); } @@ -362,7 +362,7 @@ static void timer_events(RTMRState *tmr, int ch) uint16_t tcnt; =20 tmr->tcnt[ch] =3D read_tcnt(tmr, 1, ch); - if (FIELD_EX8(tmr->tccr[0], TCCR, CSS) !=3D CASCADING) { + if (FIELD_EX8(tmr->tccr[0], TCCR, CSS) !=3D CSS_CASCADING) { tmr->tcnt[ch] =3D issue_event(tmr, ch, 8, tmr->tcnt[ch], tmr->tcora[ch], --=20 2.20.1 From nobody Fri May 10 16:38:32 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1613774238; cv=none; d=zohomail.com; s=zohoarc; b=Pgt+ZfBfLSPK8aztwXxK/73OInyiPy3HcmIARSl9SS33nT3qlrR5iB6f0I7QpWN43+cpriIzn59YJb8oCA20s+eGNyaIN97Ht8FXYs3AZrAnT3xM3AIoIpL1eadUUyeUEe3NYQRR5wYhwHMSGaRDEgOmm4wgHAI3DHKHyDoCx8Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1613774238; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=IS1BUR03jexDGbtzU+PSJD8D9h+/itcod+y02RRRBZc=; b=CUcBhQmG93RCaBQElgeVzuh/Z07x7cl1r9VS8YZdiHheP8y9KD30YeC1Luu4p9rWiErhXnnaanMW0aySmvJH+/mAwSysSOejUjQ6nJofxQMyASq325OHsXNG29gccNRZu+Ap66QkFQFwtNIjhmzdtynZo0tZsAo8w7yQp44odOY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 161377423814113.535516015787493; Fri, 19 Feb 2021 14:37:18 -0800 (PST) Received: from localhost ([::1]:35864 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lDEOj-0005Ya-3n for importer@patchew.org; Fri, 19 Feb 2021 17:37:17 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:49104) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lDEKQ-0000SU-Ib for qemu-devel@nongnu.org; Fri, 19 Feb 2021 17:32:52 -0500 Received: from mail-wm1-x336.google.com ([2a00:1450:4864:20::336]:38722) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lDEKL-0002et-M0 for qemu-devel@nongnu.org; Fri, 19 Feb 2021 17:32:50 -0500 Received: by mail-wm1-x336.google.com with SMTP id x4so8932626wmi.3 for ; Fri, 19 Feb 2021 14:32:45 -0800 (PST) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id t15sm13370654wmi.48.2021.02.19.14.32.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Feb 2021 14:32:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=IS1BUR03jexDGbtzU+PSJD8D9h+/itcod+y02RRRBZc=; b=UrBypUjOQx9NGmoTwXvglZsup94He22pr/o5rTCT9ADkesZ/UckebwWcJOFG5u4CDr lDykvbdkwzjN2bx0nAVtGQURj1Ic1zxWCiMLr0VHANs/6nyJ7uoVVgVbbImDcdhWs/tA smEE3WYXwrA5GPJadjvv7P7PPMEDBXF0n7eymAewhdBHFKRWYpTN/VfXBx2M2K2b/gAo 1RpDlWNTMqiuqOViT3COwga2qVPWqU53pdNrhVANDjaZywEZgKzubjdwDfdZttG/IgYk h8F2Zah2F4JiJknPgPNJ4vXPa9ydFyRLA6D0i8i60Mf9ladwsHkbS7kGHsRjpkJ0qZQX zSKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=IS1BUR03jexDGbtzU+PSJD8D9h+/itcod+y02RRRBZc=; b=RakcefuDjlkQy4r4jLqxClrXDiOML/vPL7G81KejplWatN5a4gU0BnZ0D4FAfzD4km 6DGIHetUk1bdLu1W3FV6loyu9l1UfNfi/y7oHwWIRT9COVabuzcszUb3YVPWKk+0ewYr KPsAqgiC2QK7y9qmnbr/bkD9F9+i85ILC/jwOyf6CVl9FW9i9OY+9cfVpB984JuWOUb4 u9EOOx37ltg1boow5EWXGijVoMgLJaimQR3KfWARNKLA/Olbh7vzZJwYBTBbP1BaHo+U 3Hr5hAnAcQDq3E+/5NvoQYpxbSJvBN9tas1/yhMf/6ZtmON7l00yMD8zAt1wnckIRnbp s/Hw== X-Gm-Message-State: AOAM532Wtx6Phgu/KYXpN/KD7Cxx5jbAp7nUgtYvkZLT+hjyUjhiApHq cBRxj6kFsnQOkVV904GO3VWwWIksEvxx2Q== X-Google-Smtp-Source: ABdhPJyaYgE0Apmr71Ce7prF2jilem8DVKWr81NMvDYE6jZ9GH1UBAY8NGMWbeYQA8Qfzukh/r+2cg== X-Received: by 2002:a1c:7d53:: with SMTP id y80mr10152056wmc.187.1613773964351; Fri, 19 Feb 2021 14:32:44 -0800 (PST) From: Peter Maydell To: qemu-devel@nongnu.org Subject: [PATCH 2/2] hw/timer/renesas_tmr: Fix use of uninitialized data in read_tcnt() Date: Fri, 19 Feb 2021 22:32:40 +0000 Message-Id: <20210219223241.16344-3-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210219223241.16344-1-peter.maydell@linaro.org> References: <20210219223241.16344-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::336; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x336.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Magnus Damm , Yoshinori Sato Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" The read_tcnt() function calculates the TCNT register values for the two channels of the timer module; it sets these up in the local tcnt[] array, and eventually returns either one or both of them, depending on whether the access is 8 or 16 bits. However, not all of the code paths through this function set both elements of this array: if the guest has programmed the TCCR.CSS register fields to values which are either documented as not to be used or which QEMU does not implement, then the function will return uninitialized data. (This was spotted by Coverity.) Add the missing CSS cases to this code, so that we return a consistent value instead of uninitialized data, and so the code structure indicates what's happening. Fixes: CID 1429976 Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- hw/timer/renesas_tmr.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/hw/timer/renesas_tmr.c b/hw/timer/renesas_tmr.c index 22260aaaba5..eed39917fec 100644 --- a/hw/timer/renesas_tmr.c +++ b/hw/timer/renesas_tmr.c @@ -46,7 +46,9 @@ REG8(TCCR, 10) FIELD(TCCR, CSS, 3, 2) FIELD(TCCR, TMRIS, 7, 1) =20 +#define CSS_EXTERNAL 0x00 #define CSS_INTERNAL 0x01 +#define CSS_INVALID 0x02 #define CSS_CASCADING 0x03 #define CCLR_A 0x01 #define CCLR_B 0x02 @@ -130,13 +132,20 @@ static uint16_t read_tcnt(RTMRState *tmr, unsigned si= ze, int ch) if (delta > 0) { tmr->tick =3D now; =20 - if (FIELD_EX8(tmr->tccr[1], TCCR, CSS) =3D=3D CSS_INTERNAL) { + switch (FIELD_EX8(tmr->tccr[1], TCCR, CSS)) { + case CSS_INTERNAL: /* timer1 count update */ elapsed =3D elapsed_time(tmr, 1, delta); if (elapsed >=3D 0x100) { ovf =3D elapsed >> 8; } tcnt[1] =3D tmr->tcnt[1] + (elapsed & 0xff); + break; + case CSS_INVALID: /* guest error to have set this */ + case CSS_EXTERNAL: /* QEMU doesn't implement these */ + case CSS_CASCADING: + tcnt[1] =3D tmr->tcnt[1]; + break; } switch (FIELD_EX8(tmr->tccr[0], TCCR, CSS)) { case CSS_INTERNAL: @@ -144,9 +153,11 @@ static uint16_t read_tcnt(RTMRState *tmr, unsigned siz= e, int ch) tcnt[0] =3D tmr->tcnt[0] + elapsed; break; case CSS_CASCADING: - if (ovf > 0) { - tcnt[0] =3D tmr->tcnt[0] + ovf; - } + tcnt[0] =3D tmr->tcnt[0] + ovf; + break; + case CSS_INVALID: /* guest error to have set this */ + case CSS_EXTERNAL: /* QEMU doesn't implement this */ + tcnt[0] =3D tmr->tcnt[0]; break; } } else { --=20 2.20.1