From nobody Thu May 16 05:21:41 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1658860326; cv=none; d=zohomail.com; s=zohoarc; b=Sjxge11vXZpmz8ZZfuVPi17iNxDSCXKYElVMYsM3VSjKqczCPofoiDuJ3u2+IXHZ7kSLoYy2TLiDhNrGlM5M3Cj2+NPK0OkLC74iWZTRnFB8NLYTQUjS8jO6Ol18ZtYdSjT5tdUxYKq9k1mawpj16mnNioagDSewBzd9tO6cQYs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1658860326; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=vy16z4ljJdbwe81vd9Sx+BZv55mLr+tRl2mig2DmfaQ=; b=ndYf7Oh6OnjtmHc1NVIaKurUj+0P4rXW6fFE1512jDwyL9uRD07t/8KURSRmxe/BzllJ668IYnRf8Uwf2qTj2TEIcbE0f3fDWuJfU0EfXHbPZfCciW/Q19TqBPgnbZpB4VNyHgWL+gYnSvQUax7BllN5+8DU+RgSBAkTTTbxIP0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1658860325957933.8625137756309; Tue, 26 Jul 2022 11:32:05 -0700 (PDT) Received: from localhost ([::1]:56738 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oGPLg-0008NU-TJ for importer@patchew.org; Tue, 26 Jul 2022 14:32:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37502) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oGPDv-0001cJ-CK for qemu-devel@nongnu.org; Tue, 26 Jul 2022 14:24:03 -0400 Received: from mail-wm1-x32b.google.com ([2a00:1450:4864:20::32b]:44553) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oGPDf-0001de-3N for qemu-devel@nongnu.org; Tue, 26 Jul 2022 14:24:03 -0400 Received: by mail-wm1-x32b.google.com with SMTP id b21-20020a05600c4e1500b003a32bc8612fso8618706wmq.3 for ; Tue, 26 Jul 2022 11:23:46 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id f5-20020adff445000000b0021e5f32ade7sm11725343wrp.68.2022.07.26.11.23.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Jul 2022 11:23:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=vy16z4ljJdbwe81vd9Sx+BZv55mLr+tRl2mig2DmfaQ=; b=KDQTm0FxKQ3uVMDcXWucyFcC32XBkuowajZtNCmiCeEgGjD1cCwC6TY/7xN0qLdw3E 6mfZ3tYYC5CZMgqNt3ATx6vNzEAshqafhtgMlSWk87SHdnge7sc2SLglga+FeWj/afOw 0wsYTkAffNiZ6RDizeG0941xIGEkFNAlNS3mky066HIkkHDqMeFfAENroau0rk7uPONW fiGAzYYH/oQuWRfungdpLnQ15HMBME+LQS1+5Mwfd2HwGM1oLzFdY97+kr5kcA1120na hRFFkxzD8CQFNuuzxCzWXAYln88eq3pGC3lj2j5aWFN3FpKHDuUf8Dsip0bw96WRdiAi 6hng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=vy16z4ljJdbwe81vd9Sx+BZv55mLr+tRl2mig2DmfaQ=; b=hu9/mbRdq+5p5iMUI2a4vd3SAlY4YS8pD/fblGjGd8KKm85tzCBvyEjUGfP6aqr4Sp RnLyGyH87ftwVQb65mWKeaLUv7vHv96eq0kaP99FPcp9vfO/bYGHTCdoUFP4K/tEN4nc iylsF4lPgEKpaEKdc/Bw1R5RjwS0p/T+t+GyDG5VtY7ROdjfEU6tVu+UWQpry4jPRGif pZow7NWoMTwGQsTF7WzPF2/eAqP2xuiVPLsR6qabs8aCyX23k0kqbF51ZvivlBOO6U0j QCigIy4rBjZKkeW0guq8xNrpq8P/QNJU3h+9X8bn0pGKbkj6v+hQTqNYtzCgFgKx3A6o uZSg== X-Gm-Message-State: AJIora+ncGM5/4dEbm1tYjKRlOD0EgQ2+xKr8HAdzmQ4FpZ6BsnIVEB3 3KQghamuQnFgaS4XBBRIxuItFfEmJYDNmw== X-Google-Smtp-Source: AGRyM1uKDzX3/hcD+XAOS5SyAX0cERT6c7yrdaeQ/7g+DoQPQMczR065oFxzssbuPn908eUgIRxqlQ== X-Received: by 2002:a05:600c:2044:b0:3a3:15a1:ddfd with SMTP id p4-20020a05600c204400b003a315a1ddfdmr332556wmg.3.1658859825611; Tue, 26 Jul 2022 11:23:45 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: qemu-ppc@nongnu.org, BALATON Zoltan , Daniel Henrique Barboza , =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= Subject: [RFC 1/2] hw/ppc/ppc440_uc: Initialize length passed to cpu_physical_memory_map() Date: Tue, 26 Jul 2022 19:23:40 +0100 Message-Id: <20220726182341.1888115-2-peter.maydell@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220726182341.1888115-1-peter.maydell@linaro.org> References: <20220726182341.1888115-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::32b; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x32b.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_TEMPERROR=0.01 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1658860328067100001 Content-Type: text/plain; charset="utf-8" In dcr_write_dma(), there is code that uses cpu_physical_memory_map() to implement a DMA transfer. That function takes a 'plen' argument, which points to a hwaddr which is used for both input and output: the caller must set it to the size of the range it wants to map, and on return it is updated to the actual length mapped. The dcr_write_dma() code fails to initialize rlen and wlen, so will end up mapping an unpredictable amount of memory. Initialize the length values correctly, and check that we managed to map the entire range before using the fast-path memmove(). This was spotted by Coverity, which points out that we never initialized the variables before using them. Fixes: Coverity CID 1487137 Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Tested-by: BALATON Zoltan --- This seems totally broken, so I presume we just don't have any guest code that actually exercises this... --- hw/ppc/ppc440_uc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hw/ppc/ppc440_uc.c b/hw/ppc/ppc440_uc.c index a1ecf6dd1c2..11fdb88c220 100644 --- a/hw/ppc/ppc440_uc.c +++ b/hw/ppc/ppc440_uc.c @@ -904,14 +904,17 @@ static void dcr_write_dma(void *opaque, int dcrn, uin= t32_t val) int width, i, sidx, didx; uint8_t *rptr, *wptr; hwaddr rlen, wlen; + hwaddr xferlen; =20 sidx =3D didx =3D 0; width =3D 1 << ((val & DMA0_CR_PW) >> 25); + xferlen =3D count * width; + wlen =3D rlen =3D xferlen; rptr =3D cpu_physical_memory_map(dma->ch[chnl].sa, &rl= en, false); wptr =3D cpu_physical_memory_map(dma->ch[chnl].da, &wl= en, true); - if (rptr && wptr) { + if (rptr && rlen =3D=3D xferlen && wptr && wlen =3D=3D= xferlen) { if (!(val & DMA0_CR_DEC) && val & DMA0_CR_SAI && val & DMA0_CR_DAI) { /* optimise common case */ --=20 2.25.1 From nobody Thu May 16 05:21:41 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1658860071; cv=none; d=zohomail.com; s=zohoarc; b=dA8dYwjxh2n67yGq1yRracZBSuDTlyUnmxF/2r/BTnoQxpLZuIlAFC1txKIfGiJeNncpiEZOxG1y2ukWRe38sjyLoCM4h4MUY7NFcP/g7g6Wf8qwpLyrfXrOfXLLRW2p50hFla8SVX2XE1TiDsDMwbwV3rNAerQ4Nw0zybMDp1U= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1658860071; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=QQROlt4QVdWy3PgKcMHnT+BgFWVY7Xfnt+DtI1eK/+U=; b=Doo1oD1di676TA8e0ZhIUANzjvrKK5E6wfef/Y1ITjgL17iuJ/TjUPUrMAJgt5F/TTJPo4aSBP5GIxwkrLq650f+75PsITaTfL6TRyrGmiwPhGq7Wd4lRPafbfhM7qD5/KAv1FI5C0YyePNPBqHhfHvUJx70mFZ/xIHYp5oo8HU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1658860071687700.8151951219263; Tue, 26 Jul 2022 11:27:51 -0700 (PDT) Received: from localhost ([::1]:50892 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oGPHZ-0004PS-Cw for importer@patchew.org; Tue, 26 Jul 2022 14:27:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37460) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oGPDi-000165-3z for qemu-devel@nongnu.org; Tue, 26 Jul 2022 14:23:50 -0400 Received: from mail-wm1-x329.google.com ([2a00:1450:4864:20::329]:39905) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oGPDg-0001dr-HB for qemu-devel@nongnu.org; Tue, 26 Jul 2022 14:23:49 -0400 Received: by mail-wm1-x329.google.com with SMTP id i205-20020a1c3bd6000000b003a2fa488efdso6059999wma.4 for ; Tue, 26 Jul 2022 11:23:47 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id f5-20020adff445000000b0021e5f32ade7sm11725343wrp.68.2022.07.26.11.23.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Jul 2022 11:23:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=QQROlt4QVdWy3PgKcMHnT+BgFWVY7Xfnt+DtI1eK/+U=; b=hI4I+aG+qseGvHhj+PS81gWaL9nnKgSOXj4UeBCyzZLT6zjGF4Iz/CDeN2a2SApiP1 MvsJ7Hcx2isugEbhZcG1auFe6TdX+rU/vCinwlQtKtOVJFZ8idc4pkMsqT5LXEXZwdqc cAjXMoI+0qbF8wEOET0hQcMMD3El9zdjABG0FN4RRJDD/l8wZdPkn8lzzYdDVIat/Erj tsnuH/5E1lF4ox/f8nxxDqnW6DMi8r8mW7eqYdc7XUt5kZKUDytr51WdBCHyHBuAqUv3 oLRgoRT4X6d57HG90Ra9Bu+5DVJ1+pC8DebkX4eGo019ZbZ/RLagGKthEc92OtDsgMsT 81Gg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=QQROlt4QVdWy3PgKcMHnT+BgFWVY7Xfnt+DtI1eK/+U=; b=HfkDuK0A0Kk1rpNOPRatOOscnvARtruuWfaOOW3PfeIeEvPmgF8bD5nmf7bS2Wxp57 NN5ttXFxNuqxA4iKnmvj6huxPErBkwNUDTMk9QJcNWGBWU25zOK3scgrg6iey99TZEgF kJCy8spn+VM0JEg79XnVTU/mdxI3h9QUEMs5UIwvmYTbl5o+6eLrvjQ4Lp+qWsEx/Gxh Gde7KDwNMVBm2eGNh63RcsyfTZ44LDDWiuHqpbw1/ubBzTb0TSAdNR/UxXUQlxBWrRJV 35z/IZOcM5uhmRVsSBAHZaijrc746nH++ak+jfRwvom8i4be+k/50XoPZbCgc1pE/OgL Y+Lg== X-Gm-Message-State: AJIora9b883WmdIix9//IeYuBmfzahfYl3v3fZqhDHOPqpvGiFVz4eFg F2aloxDx5wYXlXTz3Tuc9qFM3NezxeJaCg== X-Google-Smtp-Source: AGRyM1vw1/utAIIu2VyLJHJS0e7URGOWRjBeWBqs6y/drfWHCFn7wOsJ8N4WObmjiOhcsj6b4D/Cow== X-Received: by 2002:a05:600c:410c:b0:3a3:2d78:f07f with SMTP id j12-20020a05600c410c00b003a32d78f07fmr330621wmi.130.1658859826677; Tue, 26 Jul 2022 11:23:46 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: qemu-ppc@nongnu.org, BALATON Zoltan , Daniel Henrique Barboza , =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= Subject: [RFC 2/2] hw/ppc/ppc440_uc: Handle mapping failure in DMA engine Date: Tue, 26 Jul 2022 19:23:41 +0100 Message-Id: <20220726182341.1888115-3-peter.maydell@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220726182341.1888115-1-peter.maydell@linaro.org> References: <20220726182341.1888115-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::329; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x329.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1658860074069100001 Content-Type: text/plain; charset="utf-8" Currently the code for doing DMA in dcr_write_dma() has no fallback code for if its calls to cpu_physical_memory_map() fail. Add handling for this situation, by using address_space_read() and address_space_write() to do the data transfers. Signed-off-by: Peter Maydell Tested-by: BALATON Zoltan --- I believe this to be equivalent to the fastpath code. However, as the comments note, I don't know what the intended behaviour on a DMA memory access error is, because I couldn't find a datasheet for this hardware. I am also a bit suspicious that the current code does not seem to update any of the count, source or destination addresses after the memory transfer: is that really how the hardware behaves? --- hw/ppc/ppc440_uc.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/hw/ppc/ppc440_uc.c b/hw/ppc/ppc440_uc.c index 11fdb88c220..0879f180a14 100644 --- a/hw/ppc/ppc440_uc.c +++ b/hw/ppc/ppc440_uc.c @@ -905,6 +905,7 @@ static void dcr_write_dma(void *opaque, int dcrn, uint3= 2_t val) uint8_t *rptr, *wptr; hwaddr rlen, wlen; hwaddr xferlen; + bool fastpathed =3D false; =20 sidx =3D didx =3D 0; width =3D 1 << ((val & DMA0_CR_PW) >> 25); @@ -915,6 +916,7 @@ static void dcr_write_dma(void *opaque, int dcrn, uint3= 2_t val) wptr =3D cpu_physical_memory_map(dma->ch[chnl].da, &wl= en, true); if (rptr && rlen =3D=3D xferlen && wptr && wlen =3D=3D= xferlen) { + fastpathed =3D true; if (!(val & DMA0_CR_DEC) && val & DMA0_CR_SAI && val & DMA0_CR_DAI) { /* optimise common case */ @@ -940,6 +942,33 @@ static void dcr_write_dma(void *opaque, int dcrn, uint= 32_t val) if (rptr) { cpu_physical_memory_unmap(rptr, rlen, 0, sidx); } + if (!fastpathed) { + /* Fast-path failed, do each access one at a time = */ + for (sidx =3D didx =3D i =3D 0; i < count; i++) { + uint8_t buf[8]; + assert(width <=3D sizeof(buf)); + if (address_space_read(&address_space_memory, + dma->ch[chnl].sa + sidx, + MEMTXATTRS_UNSPECIFIED, + buf, width) !=3D MEMTX_= OK) { + /* FIXME: model correct behaviour on error= s */ + break; + } + if (address_space_write(&address_space_memory, + dma->ch[chnl].da + did= x, + MEMTXATTRS_UNSPECIFIED, + buf, width) !=3D MEMTX= _OK) { + /* FIXME: model correct behaviour on error= s */ + break; + } + if (val & DMA0_CR_SAI) { + sidx +=3D width; + } + if (val & DMA0_CR_DAI) { + didx +=3D width; + } + } + } } } break; --=20 2.25.1