* [PATCH 0/4] hw/hppa/dino: Fix Coverity 1419393 & 1419394
@ 2020-02-13 23:41 Philippe Mathieu-Daudé
2020-02-13 23:41 ` [PATCH 1/4] hw/hppa/dino: Add comments with register name Philippe Mathieu-Daudé
` (4 more replies)
0 siblings, 5 replies; 13+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-02-13 23:41 UTC (permalink / raw)
To: Sven Schnelle, qemu-devel, Helge Deller
Cc: Philippe Mathieu-Daudé, Richard Henderson
Easy fix for the overrun reported by Coverity.
Last 2 patches are RFC because I haven't tested them,
I simply took note while reviewing the datasheet (I
also checked the errata).
Philippe Mathieu-Daudé (4):
hw/hppa/dino: Add comments with register name
hw/hppa/dino: Fix reg800_keep_bits[] overrun (CID 1419393 & 1419394)
hw/hppa/dino: Fix bitmask for the PCIROR register
hw/hppa/dino: Do not accept accesses to registers 0x818 and 0x82c
hw/hppa/dino.c | 31 +++++++++++++++++--------------
1 file changed, 17 insertions(+), 14 deletions(-)
--
2.21.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 1/4] hw/hppa/dino: Add comments with register name
2020-02-13 23:41 [PATCH 0/4] hw/hppa/dino: Fix Coverity 1419393 & 1419394 Philippe Mathieu-Daudé
@ 2020-02-13 23:41 ` Philippe Mathieu-Daudé
2020-02-15 19:59 ` Helge Deller
2020-02-13 23:41 ` [PATCH 2/4] hw/hppa/dino: Fix reg800_keep_bits[] overrun (CID 1419393 & 1419394) Philippe Mathieu-Daudé
` (3 subsequent siblings)
4 siblings, 1 reply; 13+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-02-13 23:41 UTC (permalink / raw)
To: Sven Schnelle, qemu-devel, Helge Deller
Cc: Philippe Mathieu-Daudé, Richard Henderson
Add a comment with the name of each register in the 0x800-0x833 range.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
hw/hppa/dino.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c
index 9797a7f0d9..c237ad3b1b 100644
--- a/hw/hppa/dino.c
+++ b/hw/hppa/dino.c
@@ -85,18 +85,18 @@
#define DINO800_REGS ((DINO_TLTIM - DINO_GMASK) / 4)
static const uint32_t reg800_keep_bits[DINO800_REGS] = {
- MAKE_64BIT_MASK(0, 1),
- MAKE_64BIT_MASK(0, 7),
- MAKE_64BIT_MASK(0, 7),
- MAKE_64BIT_MASK(0, 8),
- MAKE_64BIT_MASK(0, 7),
- MAKE_64BIT_MASK(0, 9),
- MAKE_64BIT_MASK(0, 32),
- MAKE_64BIT_MASK(0, 8),
- MAKE_64BIT_MASK(0, 30),
- MAKE_64BIT_MASK(0, 25),
- MAKE_64BIT_MASK(0, 22),
- MAKE_64BIT_MASK(0, 9),
+ MAKE_64BIT_MASK(0, 1), /* GMASK */
+ MAKE_64BIT_MASK(0, 7), /* PAMR */
+ MAKE_64BIT_MASK(0, 7), /* PAPR */
+ MAKE_64BIT_MASK(0, 8), /* DAMODE */
+ MAKE_64BIT_MASK(0, 7), /* PCICMD */
+ MAKE_64BIT_MASK(0, 9), /* PCISTS */
+ MAKE_64BIT_MASK(0, 32), /* Undefined */
+ MAKE_64BIT_MASK(0, 8), /* MLTIM */
+ MAKE_64BIT_MASK(0, 30), /* BRDG_FEAT */
+ MAKE_64BIT_MASK(0, 25), /* PCIROR */
+ MAKE_64BIT_MASK(0, 22), /* PCIWOR */
+ MAKE_64BIT_MASK(0, 9), /* TLTIM */
};
typedef struct DinoState {
--
2.21.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 2/4] hw/hppa/dino: Fix reg800_keep_bits[] overrun (CID 1419393 & 1419394)
2020-02-13 23:41 [PATCH 0/4] hw/hppa/dino: Fix Coverity 1419393 & 1419394 Philippe Mathieu-Daudé
2020-02-13 23:41 ` [PATCH 1/4] hw/hppa/dino: Add comments with register name Philippe Mathieu-Daudé
@ 2020-02-13 23:41 ` Philippe Mathieu-Daudé
2020-02-15 20:08 ` Helge Deller
2020-02-17 17:37 ` Peter Maydell
2020-02-13 23:41 ` [RFC PATCH 3/4] hw/hppa/dino: Fix PCIROR register access bitmask Philippe Mathieu-Daudé
` (2 subsequent siblings)
4 siblings, 2 replies; 13+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-02-13 23:41 UTC (permalink / raw)
To: Sven Schnelle, qemu-devel, Helge Deller
Cc: Philippe Mathieu-Daudé, Richard Henderson
Coverity reports:
*** CID 1419393: Memory - corruptions (OVERRUN)
/hw/hppa/dino.c: 363 in dino_chip_write_with_attrs()
357 /* These registers are read-only. */
358 break;
359
360 case DINO_GMASK ... DINO_TLTIM:
361 i = (addr - DINO_GMASK) / 4;
362 val &= reg800_keep_bits[i];
>>> CID 1419393: Memory - corruptions (OVERRUN)
>>> Overrunning array "s->reg800" of 12 4-byte elements at element index 12 (byte offset 48) using index "i" (which evaluates to 12).
363 s->reg800[i] = val;
364 break;
365
366 default:
367 /* Controlled by dino_chip_mem_valid above. */
368 g_assert_not_reached();
and:
*** CID 1419394: Memory - illegal accesses (OVERRUN)
/hw/hppa/dino.c: 362 in dino_chip_write_with_attrs()
356 case DINO_IRR1:
357 /* These registers are read-only. */
358 break;
359
360 case DINO_GMASK ... DINO_TLTIM:
361 i = (addr - DINO_GMASK) / 4;
>>> CID 1419394: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "reg800_keep_bits" of 12 4-byte elements at element index 12 (byte offset 48) using index "i" (which evaluates to 12).
362 val &= reg800_keep_bits[i];
363 s->reg800[i] = val;
364 break;
365
366 default:
367 /* Controlled by dino_chip_mem_valid above. */
Indeed the array should contain 13 entries, the undocumented
register 0x82c is missing. Fix by increasing the array size
and adding the missing register.
CID 1419393 can be verified with:
$ echo x 0xfff80830 | hppa-softmmu/qemu-system-hppa -S -monitor stdio -display none
QEMU 4.2.50 monitor - type 'help' for more information
(qemu) x 0xfff80830
qemu/hw/hppa/dino.c:267:15: runtime error: index 12 out of bounds for type 'uint32_t [12]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/phil/source/qemu/hw/hppa/dino.c:267:15 in
00000000fff80830: 0x00000000
and CID 1419394 with:
$ echo writeb 0xfff80830 0x69 \
| hppa-softmmu/qemu-system-hppa -S -accel qtest -qtest stdio -display none
[I 1581634452.654113] OPENED
[R +4.105415] writeb 0xfff80830 0x69
qemu/hw/hppa/dino.c:362:16: runtime error: index 12 out of bounds for type 'const uint32_t [12]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior qemu/hw/hppa/dino.c:362:16 in
=================================================================
==29607==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5577dae32f30 at pc 0x5577d93f2463 bp 0x7ffd97ea11b0 sp 0x7ffd97ea11a8
READ of size 4 at 0x5577dae32f30 thread T0
#0 0x5577d93f2462 in dino_chip_write_with_attrs qemu/hw/hppa/dino.c:362:16
#1 0x5577d9025664 in memory_region_write_with_attrs_accessor qemu/memory.c:503:12
#2 0x5577d9024920 in access_with_adjusted_size qemu/memory.c:539:18
#3 0x5577d9023608 in memory_region_dispatch_write qemu/memory.c:1482:13
#4 0x5577d8e3177a in flatview_write_continue qemu/exec.c:3166:23
#5 0x5577d8e20357 in flatview_write qemu/exec.c:3206:14
#6 0x5577d8e1fef4 in address_space_write qemu/exec.c:3296:18
#7 0x5577d8e20693 in address_space_rw qemu/exec.c:3306:16
#8 0x5577d9011595 in qtest_process_command qemu/qtest.c:432:13
#9 0x5577d900d19f in qtest_process_inbuf qemu/qtest.c:705:9
#10 0x5577d900ca22 in qtest_read qemu/qtest.c:717:5
#11 0x5577da8c4254 in qemu_chr_be_write_impl qemu/chardev/char.c:183:9
#12 0x5577da8c430c in qemu_chr_be_write qemu/chardev/char.c:195:9
#13 0x5577da8cf587 in fd_chr_read qemu/chardev/char-fd.c:68:9
#14 0x5577da9836cd in qio_channel_fd_source_dispatch qemu/io/channel-watch.c:84:12
#15 0x7faf44509ecc in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x4fecc)
#16 0x5577dab75f96 in glib_pollfds_poll qemu/util/main-loop.c:219:9
#17 0x5577dab74797 in os_host_main_loop_wait qemu/util/main-loop.c:242:5
#18 0x5577dab7435a in main_loop_wait qemu/util/main-loop.c:518:11
#19 0x5577d9514eb3 in main_loop qemu/vl.c:1682:9
#20 0x5577d950699d in main qemu/vl.c:4450:5
#21 0x7faf41a87f42 in __libc_start_main (/lib64/libc.so.6+0x23f42)
#22 0x5577d8cd4d4d in _start (qemu/build/sanitizer/hppa-softmmu/qemu-system-hppa+0x1256d4d)
0x5577dae32f30 is located 0 bytes to the right of global variable 'reg800_keep_bits' defined in 'qemu/hw/hppa/dino.c:87:23' (0x5577dae32f00) of size 48
SUMMARY: AddressSanitizer: global-buffer-overflow qemu/hw/hppa/dino.c:362:16 in dino_chip_write_with_attrs
Shadow bytes around the buggy address:
0x0aaf7b5be590: 00 f9 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9
0x0aaf7b5be5a0: 07 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9
0x0aaf7b5be5b0: 07 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0aaf7b5be5c0: 00 00 00 02 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0aaf7b5be5d0: 00 00 00 00 00 00 00 00 00 00 00 03 f9 f9 f9 f9
=>0x0aaf7b5be5e0: 00 00 00 00 00 00[f9]f9 f9 f9 f9 f9 00 00 00 00
0x0aaf7b5be5f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0aaf7b5be600: 00 00 01 f9 f9 f9 f9 f9 00 00 00 00 07 f9 f9 f9
0x0aaf7b5be610: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x0aaf7b5be620: 00 00 00 05 f9 f9 f9 f9 00 00 00 00 07 f9 f9 f9
0x0aaf7b5be630: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 07 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==29607==ABORTING
Fixes: Covertiy CID 1419393 and 1419394 (commit 18092598a5)
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
hw/hppa/dino.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c
index c237ad3b1b..8868e31793 100644
--- a/hw/hppa/dino.c
+++ b/hw/hppa/dino.c
@@ -83,7 +83,7 @@
#define DINO_PCI_HOST_BRIDGE(obj) \
OBJECT_CHECK(DinoState, (obj), TYPE_DINO_PCI_HOST_BRIDGE)
-#define DINO800_REGS ((DINO_TLTIM - DINO_GMASK) / 4)
+#define DINO800_REGS (1 + (DINO_TLTIM - DINO_GMASK) / 4)
static const uint32_t reg800_keep_bits[DINO800_REGS] = {
MAKE_64BIT_MASK(0, 1), /* GMASK */
MAKE_64BIT_MASK(0, 7), /* PAMR */
@@ -96,6 +96,7 @@ static const uint32_t reg800_keep_bits[DINO800_REGS] = {
MAKE_64BIT_MASK(0, 30), /* BRDG_FEAT */
MAKE_64BIT_MASK(0, 25), /* PCIROR */
MAKE_64BIT_MASK(0, 22), /* PCIWOR */
+ MAKE_64BIT_MASK(0, 32), /* Undocumented */
MAKE_64BIT_MASK(0, 9), /* TLTIM */
};
--
2.21.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [RFC PATCH 3/4] hw/hppa/dino: Fix PCIROR register access bitmask
2020-02-13 23:41 [PATCH 0/4] hw/hppa/dino: Fix Coverity 1419393 & 1419394 Philippe Mathieu-Daudé
2020-02-13 23:41 ` [PATCH 1/4] hw/hppa/dino: Add comments with register name Philippe Mathieu-Daudé
2020-02-13 23:41 ` [PATCH 2/4] hw/hppa/dino: Fix reg800_keep_bits[] overrun (CID 1419393 & 1419394) Philippe Mathieu-Daudé
@ 2020-02-13 23:41 ` Philippe Mathieu-Daudé
2020-02-15 20:49 ` Helge Deller
2020-02-13 23:41 ` [RFC PATCH 4/4] hw/hppa/dino: Do not accept accesses to registers 0x818 and 0x82c Philippe Mathieu-Daudé
2020-02-16 1:44 ` [PATCH 0/4] hw/hppa/dino: Fix Coverity 1419393 & 1419394 Richard Henderson
4 siblings, 1 reply; 13+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-02-13 23:41 UTC (permalink / raw)
To: Sven Schnelle, qemu-devel, Helge Deller
Cc: Philippe Mathieu-Daudé, Richard Henderson
Only 24 bits of the PCIROR register are documented
(see pp. 37 of datasheet referenced in this file header).
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
hw/hppa/dino.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c
index 8868e31793..be799aad43 100644
--- a/hw/hppa/dino.c
+++ b/hw/hppa/dino.c
@@ -94,7 +94,7 @@ static const uint32_t reg800_keep_bits[DINO800_REGS] = {
MAKE_64BIT_MASK(0, 32), /* Undefined */
MAKE_64BIT_MASK(0, 8), /* MLTIM */
MAKE_64BIT_MASK(0, 30), /* BRDG_FEAT */
- MAKE_64BIT_MASK(0, 25), /* PCIROR */
+ MAKE_64BIT_MASK(0, 24), /* PCIROR */
MAKE_64BIT_MASK(0, 22), /* PCIWOR */
MAKE_64BIT_MASK(0, 32), /* Undocumented */
MAKE_64BIT_MASK(0, 9), /* TLTIM */
--
2.21.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [RFC PATCH 4/4] hw/hppa/dino: Do not accept accesses to registers 0x818 and 0x82c
2020-02-13 23:41 [PATCH 0/4] hw/hppa/dino: Fix Coverity 1419393 & 1419394 Philippe Mathieu-Daudé
` (2 preceding siblings ...)
2020-02-13 23:41 ` [RFC PATCH 3/4] hw/hppa/dino: Fix PCIROR register access bitmask Philippe Mathieu-Daudé
@ 2020-02-13 23:41 ` Philippe Mathieu-Daudé
2020-02-15 20:49 ` Helge Deller
2020-02-16 1:44 ` [PATCH 0/4] hw/hppa/dino: Fix Coverity 1419393 & 1419394 Richard Henderson
4 siblings, 1 reply; 13+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-02-13 23:41 UTC (permalink / raw)
To: Sven Schnelle, qemu-devel, Helge Deller
Cc: Philippe Mathieu-Daudé, Richard Henderson
Register 0x818 is documented as 'undefined', and register
0x82c is not documented. Refuse their access.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
hw/hppa/dino.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c
index be799aad43..2b1b38c58a 100644
--- a/hw/hppa/dino.c
+++ b/hw/hppa/dino.c
@@ -181,7 +181,9 @@ static bool dino_chip_mem_valid(void *opaque, hwaddr addr,
case DINO_IO_ADDR_EN:
case DINO_PCI_IO_DATA:
case DINO_TOC_ADDR:
- case DINO_GMASK ... DINO_TLTIM:
+ case DINO_GMASK ... DINO_PCISTS:
+ case DINO_MLTIM ... DINO_PCIWOR:
+ case DINO_TLTIM:
ret = true;
break;
case DINO_PCI_IO_DATA + 2:
--
2.21.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH 1/4] hw/hppa/dino: Add comments with register name
2020-02-13 23:41 ` [PATCH 1/4] hw/hppa/dino: Add comments with register name Philippe Mathieu-Daudé
@ 2020-02-15 19:59 ` Helge Deller
0 siblings, 0 replies; 13+ messages in thread
From: Helge Deller @ 2020-02-15 19:59 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, Sven Schnelle, qemu-devel; +Cc: Richard Henderson
On 14.02.20 00:41, Philippe Mathieu-Daudé wrote:
> Add a comment with the name of each register in the 0x800-0x833 range.
>
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Helge Deller <deller@gmx.de>
> ---
> hw/hppa/dino.c | 24 ++++++++++++------------
> 1 file changed, 12 insertions(+), 12 deletions(-)
>
> diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c
> index 9797a7f0d9..c237ad3b1b 100644
> --- a/hw/hppa/dino.c
> +++ b/hw/hppa/dino.c
> @@ -85,18 +85,18 @@
>
> #define DINO800_REGS ((DINO_TLTIM - DINO_GMASK) / 4)
> static const uint32_t reg800_keep_bits[DINO800_REGS] = {
> - MAKE_64BIT_MASK(0, 1),
> - MAKE_64BIT_MASK(0, 7),
> - MAKE_64BIT_MASK(0, 7),
> - MAKE_64BIT_MASK(0, 8),
> - MAKE_64BIT_MASK(0, 7),
> - MAKE_64BIT_MASK(0, 9),
> - MAKE_64BIT_MASK(0, 32),
> - MAKE_64BIT_MASK(0, 8),
> - MAKE_64BIT_MASK(0, 30),
> - MAKE_64BIT_MASK(0, 25),
> - MAKE_64BIT_MASK(0, 22),
> - MAKE_64BIT_MASK(0, 9),
> + MAKE_64BIT_MASK(0, 1), /* GMASK */
> + MAKE_64BIT_MASK(0, 7), /* PAMR */
> + MAKE_64BIT_MASK(0, 7), /* PAPR */
> + MAKE_64BIT_MASK(0, 8), /* DAMODE */
> + MAKE_64BIT_MASK(0, 7), /* PCICMD */
> + MAKE_64BIT_MASK(0, 9), /* PCISTS */
> + MAKE_64BIT_MASK(0, 32), /* Undefined */
> + MAKE_64BIT_MASK(0, 8), /* MLTIM */
> + MAKE_64BIT_MASK(0, 30), /* BRDG_FEAT */
> + MAKE_64BIT_MASK(0, 25), /* PCIROR */
> + MAKE_64BIT_MASK(0, 22), /* PCIWOR */
> + MAKE_64BIT_MASK(0, 9), /* TLTIM */
> };
>
> typedef struct DinoState {
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/4] hw/hppa/dino: Fix reg800_keep_bits[] overrun (CID 1419393 & 1419394)
2020-02-13 23:41 ` [PATCH 2/4] hw/hppa/dino: Fix reg800_keep_bits[] overrun (CID 1419393 & 1419394) Philippe Mathieu-Daudé
@ 2020-02-15 20:08 ` Helge Deller
2020-02-17 17:37 ` Peter Maydell
1 sibling, 0 replies; 13+ messages in thread
From: Helge Deller @ 2020-02-15 20:08 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, Sven Schnelle, qemu-devel; +Cc: Richard Henderson
On 14.02.20 00:41, Philippe Mathieu-Daudé wrote:
>
> Fixes: Covertiy CID 1419393 and 1419394 (commit 18092598a5)
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Helge Deller <deller@gmx.de>
> ---
> hw/hppa/dino.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c
> index c237ad3b1b..8868e31793 100644
> --- a/hw/hppa/dino.c
> +++ b/hw/hppa/dino.c
> @@ -83,7 +83,7 @@
> #define DINO_PCI_HOST_BRIDGE(obj) \
> OBJECT_CHECK(DinoState, (obj), TYPE_DINO_PCI_HOST_BRIDGE)
>
> -#define DINO800_REGS ((DINO_TLTIM - DINO_GMASK) / 4)
> +#define DINO800_REGS (1 + (DINO_TLTIM - DINO_GMASK) / 4)
> static const uint32_t reg800_keep_bits[DINO800_REGS] = {
> MAKE_64BIT_MASK(0, 1), /* GMASK */
> MAKE_64BIT_MASK(0, 7), /* PAMR */
> @@ -96,6 +96,7 @@ static const uint32_t reg800_keep_bits[DINO800_REGS] = {
> MAKE_64BIT_MASK(0, 30), /* BRDG_FEAT */
> MAKE_64BIT_MASK(0, 25), /* PCIROR */
> MAKE_64BIT_MASK(0, 22), /* PCIWOR */
> + MAKE_64BIT_MASK(0, 32), /* Undocumented */
> MAKE_64BIT_MASK(0, 9), /* TLTIM */
> };
>
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [RFC PATCH 3/4] hw/hppa/dino: Fix PCIROR register access bitmask
2020-02-13 23:41 ` [RFC PATCH 3/4] hw/hppa/dino: Fix PCIROR register access bitmask Philippe Mathieu-Daudé
@ 2020-02-15 20:49 ` Helge Deller
0 siblings, 0 replies; 13+ messages in thread
From: Helge Deller @ 2020-02-15 20:49 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, Sven Schnelle, qemu-devel; +Cc: Richard Henderson
On 14.02.20 00:41, Philippe Mathieu-Daudé wrote:
> Only 24 bits of the PCIROR register are documented
> (see pp. 37 of datasheet referenced in this file header).
>
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Helge Deller <deller@gmx.de>
> ---
> hw/hppa/dino.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c
> index 8868e31793..be799aad43 100644
> --- a/hw/hppa/dino.c
> +++ b/hw/hppa/dino.c
> @@ -94,7 +94,7 @@ static const uint32_t reg800_keep_bits[DINO800_REGS] = {
> MAKE_64BIT_MASK(0, 32), /* Undefined */
> MAKE_64BIT_MASK(0, 8), /* MLTIM */
> MAKE_64BIT_MASK(0, 30), /* BRDG_FEAT */
> - MAKE_64BIT_MASK(0, 25), /* PCIROR */
> + MAKE_64BIT_MASK(0, 24), /* PCIROR */
> MAKE_64BIT_MASK(0, 22), /* PCIWOR */
> MAKE_64BIT_MASK(0, 32), /* Undocumented */
> MAKE_64BIT_MASK(0, 9), /* TLTIM */
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [RFC PATCH 4/4] hw/hppa/dino: Do not accept accesses to registers 0x818 and 0x82c
2020-02-13 23:41 ` [RFC PATCH 4/4] hw/hppa/dino: Do not accept accesses to registers 0x818 and 0x82c Philippe Mathieu-Daudé
@ 2020-02-15 20:49 ` Helge Deller
0 siblings, 0 replies; 13+ messages in thread
From: Helge Deller @ 2020-02-15 20:49 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, Sven Schnelle, qemu-devel; +Cc: Richard Henderson
On 14.02.20 00:41, Philippe Mathieu-Daudé wrote:
> Register 0x818 is documented as 'undefined', and register
> 0x82c is not documented. Refuse their access.
>
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Helge Deller <deller@gmx.de>
> ---
> hw/hppa/dino.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c
> index be799aad43..2b1b38c58a 100644
> --- a/hw/hppa/dino.c
> +++ b/hw/hppa/dino.c
> @@ -181,7 +181,9 @@ static bool dino_chip_mem_valid(void *opaque, hwaddr addr,
> case DINO_IO_ADDR_EN:
> case DINO_PCI_IO_DATA:
> case DINO_TOC_ADDR:
> - case DINO_GMASK ... DINO_TLTIM:
> + case DINO_GMASK ... DINO_PCISTS:
> + case DINO_MLTIM ... DINO_PCIWOR:
> + case DINO_TLTIM:
> ret = true;
> break;
> case DINO_PCI_IO_DATA + 2:
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 0/4] hw/hppa/dino: Fix Coverity 1419393 & 1419394
2020-02-13 23:41 [PATCH 0/4] hw/hppa/dino: Fix Coverity 1419393 & 1419394 Philippe Mathieu-Daudé
` (3 preceding siblings ...)
2020-02-13 23:41 ` [RFC PATCH 4/4] hw/hppa/dino: Do not accept accesses to registers 0x818 and 0x82c Philippe Mathieu-Daudé
@ 2020-02-16 1:44 ` Richard Henderson
4 siblings, 0 replies; 13+ messages in thread
From: Richard Henderson @ 2020-02-16 1:44 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, Sven Schnelle, qemu-devel, Helge Deller
On 2/13/20 3:41 PM, Philippe Mathieu-Daudé wrote:
> Easy fix for the overrun reported by Coverity.
>
> Last 2 patches are RFC because I haven't tested them,
> I simply took note while reviewing the datasheet (I
> also checked the errata).
>
> Philippe Mathieu-Daudé (4):
> hw/hppa/dino: Add comments with register name
> hw/hppa/dino: Fix reg800_keep_bits[] overrun (CID 1419393 & 1419394)
> hw/hppa/dino: Fix bitmask for the PCIROR register
> hw/hppa/dino: Do not accept accesses to registers 0x818 and 0x82c
>
> hw/hppa/dino.c | 31 +++++++++++++++++--------------
> 1 file changed, 17 insertions(+), 14 deletions(-)
>
Queued to tgt-hppa.
r~
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/4] hw/hppa/dino: Fix reg800_keep_bits[] overrun (CID 1419393 & 1419394)
2020-02-13 23:41 ` [PATCH 2/4] hw/hppa/dino: Fix reg800_keep_bits[] overrun (CID 1419393 & 1419394) Philippe Mathieu-Daudé
2020-02-15 20:08 ` Helge Deller
@ 2020-02-17 17:37 ` Peter Maydell
2020-02-18 6:19 ` Philippe Mathieu-Daudé
1 sibling, 1 reply; 13+ messages in thread
From: Peter Maydell @ 2020-02-17 17:37 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: Helge Deller, Sven Schnelle, QEMU Developers, Richard Henderson
On Thu, 13 Feb 2020 at 23:44, Philippe Mathieu-Daudé <f4bug@amsat.org> wrote:
> Fixes: Covertiy CID 1419393 and 1419394 (commit 18092598a5)
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
I think this also fixes CID 1419387 ?
thanks
-- PMM
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/4] hw/hppa/dino: Fix reg800_keep_bits[] overrun (CID 1419393 & 1419394)
2020-02-17 17:37 ` Peter Maydell
@ 2020-02-18 6:19 ` Philippe Mathieu-Daudé
2020-02-18 6:28 ` Philippe Mathieu-Daudé
0 siblings, 1 reply; 13+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-02-18 6:19 UTC (permalink / raw)
To: Peter Maydell
Cc: Helge Deller, Sven Schnelle, QEMU Developers, Richard Henderson
On Mon, Feb 17, 2020 at 6:37 PM Peter Maydell <peter.maydell@linaro.org> wrote:
> On Thu, 13 Feb 2020 at 23:44, Philippe Mathieu-Daudé <f4bug@amsat.org> wrote:
>
>
> > Fixes: Covertiy CID 1419393 and 1419394 (commit 18092598a5)
> > Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
>
> I think this also fixes CID 1419387 ?
Ah I missed this one, indeed it does.
> thanks
> -- PMM
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/4] hw/hppa/dino: Fix reg800_keep_bits[] overrun (CID 1419393 & 1419394)
2020-02-18 6:19 ` Philippe Mathieu-Daudé
@ 2020-02-18 6:28 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 13+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-02-18 6:28 UTC (permalink / raw)
To: Peter Maydell
Cc: Helge Deller, Sven Schnelle, QEMU Developers, Richard Henderson
On Tue, Feb 18, 2020 at 7:19 AM Philippe Mathieu-Daudé <f4bug@amsat.org> wrote:
> On Mon, Feb 17, 2020 at 6:37 PM Peter Maydell <peter.maydell@linaro.org> wrote:
> > On Thu, 13 Feb 2020 at 23:44, Philippe Mathieu-Daudé <f4bug@amsat.org> wrote:
> >
> >
> > > Fixes: Covertiy CID 1419393 and 1419394 (commit 18092598a5)
> > > Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> >
> > I think this also fixes CID 1419387 ?
>
> Ah I missed this one, indeed it does.
The description is erroneous, I'll respin.
>
> > thanks
> > -- PMM
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2020-02-18 6:29 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-13 23:41 [PATCH 0/4] hw/hppa/dino: Fix Coverity 1419393 & 1419394 Philippe Mathieu-Daudé
2020-02-13 23:41 ` [PATCH 1/4] hw/hppa/dino: Add comments with register name Philippe Mathieu-Daudé
2020-02-15 19:59 ` Helge Deller
2020-02-13 23:41 ` [PATCH 2/4] hw/hppa/dino: Fix reg800_keep_bits[] overrun (CID 1419393 & 1419394) Philippe Mathieu-Daudé
2020-02-15 20:08 ` Helge Deller
2020-02-17 17:37 ` Peter Maydell
2020-02-18 6:19 ` Philippe Mathieu-Daudé
2020-02-18 6:28 ` Philippe Mathieu-Daudé
2020-02-13 23:41 ` [RFC PATCH 3/4] hw/hppa/dino: Fix PCIROR register access bitmask Philippe Mathieu-Daudé
2020-02-15 20:49 ` Helge Deller
2020-02-13 23:41 ` [RFC PATCH 4/4] hw/hppa/dino: Do not accept accesses to registers 0x818 and 0x82c Philippe Mathieu-Daudé
2020-02-15 20:49 ` Helge Deller
2020-02-16 1:44 ` [PATCH 0/4] hw/hppa/dino: Fix Coverity 1419393 & 1419394 Richard Henderson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.