From: "Philippe Mathieu-Daudé" <f4bug@amsat.org>
To: qemu-devel@nongnu.org
Cc: "Damien Hedde" <damien.hedde@greensocs.com>,
"Peter Maydell" <peter.maydell@linaro.org>,
"Mauro Matteo Cascella" <mcascell@redhat.com>,
"Edgar E . Iglesias" <edgar.iglesias@xilinx.com>,
"Gaoning Pan" <gaoning.pgn@antgroup.com>,
"Alistair Francis" <alistair@alistair23.me>,
"Philippe Mathieu-Daudé" <f4bug@amsat.org>,
qemu-arm@nongnu.org,
"Alistair Francis" <alistair.francis@wdc.com>,
"Edgar E. Iglesias" <edgar.iglesias@gmail.com>,
"Gaoning Pan" <pgn@zju.edu.cn>
Subject: [RFC PATCH] hw/misc/zynq_slcr: Avoid #DIV/0! error
Date: Thu, 10 Dec 2020 15:16:10 +0100 [thread overview]
Message-ID: <20201210141610.884600-1-f4bug@amsat.org> (raw)
Malicious user can set the feedback divisor for the PLLs
to zero, triggering a floating-point exception (SIGFPE).
As the datasheet [*] is not clear how hardware behaves
when these bits are zeroes, use the maximum divisor
possible (128) to avoid the software FPE.
[*] Zynq-7000 TRM, UG585 (v1.12.2)
B.28 System Level Control Registers (slcr)
-> "Register (slcr) ARM_PLL_CTRL"
25.10.4 PLLs
-> "Software-Controlled PLL Update"
Fixes: 38867cb7ec9 ("hw/misc/zynq_slcr: add clock generation for uarts")
Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
Cc: Damien Hedde <damien.hedde@greensocs.com>
Cc: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Cc: Alistair Francis <alistair.francis@wdc.com>
Cc: Gaoning Pan <gaoning.pgn@antgroup.com>
Cc: Mauro Matteo Cascella <mcascell@redhat.com>
Alternative is to threat that as PLL disabled and return 0...
---
hw/misc/zynq_slcr.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/misc/zynq_slcr.c b/hw/misc/zynq_slcr.c
index a2b28019e3c..66504a9d3ab 100644
--- a/hw/misc/zynq_slcr.c
+++ b/hw/misc/zynq_slcr.c
@@ -217,6 +217,11 @@ static uint64_t zynq_slcr_compute_pll(uint64_t input, uint32_t ctrl_reg)
return 0;
}
+ /* Consider zero feedback as maximum divide ratio possible */
+ if (!mult) {
+ mult = 1 << R_xxx_PLL_CTRL_PLL_FPDIV_LENGTH;
+ }
+
/* frequency multiplier -> period division */
return input / mult;
}
--
2.26.2
next reply other threads:[~2020-12-10 14:29 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-10 14:16 Philippe Mathieu-Daudé [this message]
2020-12-10 16:39 ` [RFC PATCH] hw/misc/zynq_slcr: Avoid #DIV/0! error Alistair Francis
2020-12-10 20:13 ` Edgar E. Iglesias
2020-12-11 15:26 ` Damien Hedde
2020-12-10 17:21 ` Mauro Matteo Cascella
2020-12-15 13:37 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201210141610.884600-1-f4bug@amsat.org \
--to=f4bug@amsat.org \
--cc=alistair.francis@wdc.com \
--cc=alistair@alistair23.me \
--cc=damien.hedde@greensocs.com \
--cc=edgar.iglesias@gmail.com \
--cc=edgar.iglesias@xilinx.com \
--cc=gaoning.pgn@antgroup.com \
--cc=mcascell@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=pgn@zju.edu.cn \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.