All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] hw/intc: sifive_plic: fix out-of-bound access of source_priority array
@ 2022-11-27 16:57 Jim Shu
  2022-11-28 10:30 ` Bin Meng
  2022-12-07  2:59 ` Alistair Francis
  0 siblings, 2 replies; 3+ messages in thread
From: Jim Shu @ 2022-11-27 16:57 UTC (permalink / raw)
  To: qemu-devel, qemu-riscv
  Cc: Jim Shu, Alistair Francis, Bin Meng, Palmer Dabbelt

If the number of interrupt is not multiple of 32, PLIC will have
out-of-bound access to source_priority array. Compute the number of
interrupt in the last word to avoid this out-of-bound access of array.

Signed-off-by: Jim Shu <jim.shu@sifive.com>
---
 hw/intc/sifive_plic.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c
index c2dfacf028..1cf156cf85 100644
--- a/hw/intc/sifive_plic.c
+++ b/hw/intc/sifive_plic.c
@@ -78,6 +78,7 @@ static uint32_t sifive_plic_claimed(SiFivePLICState *plic, uint32_t addrid)
     uint32_t max_irq = 0;
     uint32_t max_prio = plic->target_priority[addrid];
     int i, j;
+    int num_irq_in_word = 32;
 
     for (i = 0; i < plic->bitfield_words; i++) {
         uint32_t pending_enabled_not_claimed =
@@ -88,7 +89,16 @@ static uint32_t sifive_plic_claimed(SiFivePLICState *plic, uint32_t addrid)
             continue;
         }
 
-        for (j = 0; j < 32; j++) {
+        if (i == (plic->bitfield_words - 1)) {
+            /*
+             * If plic->num_sources is not multiple of 32, num-of-irq in last
+             * word is not 32. Compute the num-of-irq of last word to avoid
+             * out-of-bound access of source_priority array.
+             */
+            num_irq_in_word = plic->num_sources - ((plic->bitfield_words - 1) << 5);
+        }
+
+        for (j = 0; j < num_irq_in_word; j++) {
             int irq = (i << 5) + j;
             uint32_t prio = plic->source_priority[irq];
             int enabled = pending_enabled_not_claimed & (1 << j);
-- 
2.17.1



^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] hw/intc: sifive_plic: fix out-of-bound access of source_priority array
  2022-11-27 16:57 [PATCH] hw/intc: sifive_plic: fix out-of-bound access of source_priority array Jim Shu
@ 2022-11-28 10:30 ` Bin Meng
  2022-12-07  2:59 ` Alistair Francis
  1 sibling, 0 replies; 3+ messages in thread
From: Bin Meng @ 2022-11-28 10:30 UTC (permalink / raw)
  To: Jim Shu
  Cc: qemu-devel, qemu-riscv, Alistair Francis, Bin Meng, Palmer Dabbelt

On Mon, Nov 28, 2022 at 12:59 AM Jim Shu <jim.shu@sifive.com> wrote:
>
> If the number of interrupt is not multiple of 32, PLIC will have
> out-of-bound access to source_priority array. Compute the number of
> interrupt in the last word to avoid this out-of-bound access of array.
>
> Signed-off-by: Jim Shu <jim.shu@sifive.com>
> ---
>  hw/intc/sifive_plic.c | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
>

Reviewed-by: Bin Meng <bmeng@tinylab.org>


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] hw/intc: sifive_plic: fix out-of-bound access of source_priority array
  2022-11-27 16:57 [PATCH] hw/intc: sifive_plic: fix out-of-bound access of source_priority array Jim Shu
  2022-11-28 10:30 ` Bin Meng
@ 2022-12-07  2:59 ` Alistair Francis
  1 sibling, 0 replies; 3+ messages in thread
From: Alistair Francis @ 2022-12-07  2:59 UTC (permalink / raw)
  To: Jim Shu
  Cc: qemu-devel, qemu-riscv, Alistair Francis, Bin Meng, Palmer Dabbelt

On Mon, Nov 28, 2022 at 2:59 AM Jim Shu <jim.shu@sifive.com> wrote:
>
> If the number of interrupt is not multiple of 32, PLIC will have
> out-of-bound access to source_priority array. Compute the number of
> interrupt in the last word to avoid this out-of-bound access of array.
>
> Signed-off-by: Jim Shu <jim.shu@sifive.com>

Thanks!

Applied to riscv-to-apply.next

Alistair

> ---
>  hw/intc/sifive_plic.c | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c
> index c2dfacf028..1cf156cf85 100644
> --- a/hw/intc/sifive_plic.c
> +++ b/hw/intc/sifive_plic.c
> @@ -78,6 +78,7 @@ static uint32_t sifive_plic_claimed(SiFivePLICState *plic, uint32_t addrid)
>      uint32_t max_irq = 0;
>      uint32_t max_prio = plic->target_priority[addrid];
>      int i, j;
> +    int num_irq_in_word = 32;
>
>      for (i = 0; i < plic->bitfield_words; i++) {
>          uint32_t pending_enabled_not_claimed =
> @@ -88,7 +89,16 @@ static uint32_t sifive_plic_claimed(SiFivePLICState *plic, uint32_t addrid)
>              continue;
>          }
>
> -        for (j = 0; j < 32; j++) {
> +        if (i == (plic->bitfield_words - 1)) {
> +            /*
> +             * If plic->num_sources is not multiple of 32, num-of-irq in last
> +             * word is not 32. Compute the num-of-irq of last word to avoid
> +             * out-of-bound access of source_priority array.
> +             */
> +            num_irq_in_word = plic->num_sources - ((plic->bitfield_words - 1) << 5);
> +        }
> +
> +        for (j = 0; j < num_irq_in_word; j++) {
>              int irq = (i << 5) + j;
>              uint32_t prio = plic->source_priority[irq];
>              int enabled = pending_enabled_not_claimed & (1 << j);
> --
> 2.17.1
>
>


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-12-07  3:00 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-27 16:57 [PATCH] hw/intc: sifive_plic: fix out-of-bound access of source_priority array Jim Shu
2022-11-28 10:30 ` Bin Meng
2022-12-07  2:59 ` Alistair Francis

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.