* [PATCH 0/2] hw/sparc/leon3: Fixes for the AHB/APB bridge @ 2019-10-25 11:01 Philippe Mathieu-Daudé 2019-10-25 11:01 ` [PATCH 1/2] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers Philippe Mathieu-Daudé 2019-10-25 11:01 ` [PATCH 2/2] hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses Philippe Mathieu-Daudé 0 siblings, 2 replies; 7+ messages in thread From: Philippe Mathieu-Daudé @ 2019-10-25 11:01 UTC (permalink / raw) To: Mark Cave-Ayland, Fabien Chouteau, Artyom Tarasenko, qemu-devel, KONRAD Frederic Cc: qemu-trivial, Philippe Mathieu-Daudé, Jiri Gaisler Two trivial fixes after reading Jiri comment: https://www.mail-archive.com/qemu-devel@nongnu.org/msg654994.html "The plug&play area must support byte accesses, which is used by the RTEMS grlib scanning functions..." Regards, Phil. Philippe Mathieu-Daudé (2): hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses hw/misc/grlib_ahb_apb_pnp.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) -- 2.21.0 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/2] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers 2019-10-25 11:01 [PATCH 0/2] hw/sparc/leon3: Fixes for the AHB/APB bridge Philippe Mathieu-Daudé @ 2019-10-25 11:01 ` Philippe Mathieu-Daudé 2019-10-25 11:53 ` KONRAD Frederic 2019-11-05 14:02 ` Laurent Vivier 2019-10-25 11:01 ` [PATCH 2/2] hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses Philippe Mathieu-Daudé 1 sibling, 2 replies; 7+ messages in thread From: Philippe Mathieu-Daudé @ 2019-10-25 11:01 UTC (permalink / raw) To: Mark Cave-Ayland, Fabien Chouteau, Artyom Tarasenko, qemu-devel, KONRAD Frederic Cc: qemu-trivial, Philippe Mathieu-Daudé, Jiri Gaisler Guests can crash QEMU when writting to PnP registers: $ echo 'writeb 0x800ff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio [I 1571938309.932255] OPENED [R +0.063474] writeb 0x800ff042 69 Segmentation fault (core dumped) (gdb) bt #0 0x0000000000000000 in () #1 0x0000555f4bcdf0bc in memory_region_write_with_attrs_accessor (mr=0x555f4d7be8c0, addr=66, value=0x7fff07d00f08, size=1, shift=0, mask=255, attrs=...) at memory.c:503 #2 0x0000555f4bcdf185 in access_with_adjusted_size (addr=66, value=0x7fff07d00f08, size=1, access_size_min=1, access_size_max=4, access_fn=0x555f4bcdeff4 <memory_region_write_with_attrs_accessor>, mr=0x555f4d7be8c0, attrs=...) at memory.c:539 #3 0x0000555f4bce2243 in memory_region_dispatch_write (mr=0x555f4d7be8c0, addr=66, data=69, op=MO_8, attrs=...) at memory.c:1489 #4 0x0000555f4bc80b20 in flatview_write_continue (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, addr1=66, l=1, mr=0x555f4d7be8c0) at exec.c:3161 #5 0x0000555f4bc80c65 in flatview_write (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3201 #6 0x0000555f4bc80fb0 in address_space_write (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3291 #7 0x0000555f4bc8101d in address_space_rw (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, is_write=true) at exec.c:3301 #8 0x0000555f4bcdb388 in qtest_process_command (chr=0x555f4c2ed7e0 <qtest_chr>, words=0x555f4db0c5d0) at qtest.c:432 Instead of crashing, log the access as unimplemented. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> --- hw/misc/grlib_ahb_apb_pnp.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c index 7338461694..f3c015d2c3 100644 --- a/hw/misc/grlib_ahb_apb_pnp.c +++ b/hw/misc/grlib_ahb_apb_pnp.c @@ -22,6 +22,7 @@ */ #include "qemu/osdep.h" +#include "qemu/log.h" #include "hw/sysbus.h" #include "hw/misc/grlib_ahb_apb_pnp.h" @@ -231,8 +232,15 @@ static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size) return apb_pnp->regs[offset >> 2]; } +static void grlib_apb_pnp_write(void *opaque, hwaddr addr, + uint64_t val, unsigned size) +{ + qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__); +} + static const MemoryRegionOps grlib_apb_pnp_ops = { .read = grlib_apb_pnp_read, + .write = grlib_apb_pnp_write, .endianness = DEVICE_BIG_ENDIAN, }; -- 2.21.0 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers 2019-10-25 11:01 ` [PATCH 1/2] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers Philippe Mathieu-Daudé @ 2019-10-25 11:53 ` KONRAD Frederic 2019-11-05 14:02 ` Laurent Vivier 1 sibling, 0 replies; 7+ messages in thread From: KONRAD Frederic @ 2019-10-25 11:53 UTC (permalink / raw) To: Philippe Mathieu-Daudé, Mark Cave-Ayland, Fabien Chouteau, Artyom Tarasenko, qemu-devel Cc: qemu-trivial, Jiri Gaisler Hi Philippe, Le 10/25/19 à 1:01 PM, Philippe Mathieu-Daudé a écrit : > Guests can crash QEMU when writting to PnP registers: > > $ echo 'writeb 0x800ff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio > [I 1571938309.932255] OPENED > [R +0.063474] writeb 0x800ff042 69 > Segmentation fault (core dumped) > > (gdb) bt > #0 0x0000000000000000 in () > #1 0x0000555f4bcdf0bc in memory_region_write_with_attrs_accessor (mr=0x555f4d7be8c0, addr=66, value=0x7fff07d00f08, size=1, shift=0, mask=255, attrs=...) at memory.c:503 > #2 0x0000555f4bcdf185 in access_with_adjusted_size (addr=66, value=0x7fff07d00f08, size=1, access_size_min=1, access_size_max=4, access_fn=0x555f4bcdeff4 <memory_region_write_with_attrs_accessor>, mr=0x555f4d7be8c0, attrs=...) at memory.c:539 > #3 0x0000555f4bce2243 in memory_region_dispatch_write (mr=0x555f4d7be8c0, addr=66, data=69, op=MO_8, attrs=...) at memory.c:1489 > #4 0x0000555f4bc80b20 in flatview_write_continue (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, addr1=66, l=1, mr=0x555f4d7be8c0) at exec.c:3161 > #5 0x0000555f4bc80c65 in flatview_write (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3201 > #6 0x0000555f4bc80fb0 in address_space_write (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3291 > #7 0x0000555f4bc8101d in address_space_rw (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, is_write=true) at exec.c:3301 > #8 0x0000555f4bcdb388 in qtest_process_command (chr=0x555f4c2ed7e0 <qtest_chr>, words=0x555f4db0c5d0) at qtest.c:432 > > Instead of crashing, log the access as unimplemented. > > Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> oops, thanks for that :). Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com> > --- > hw/misc/grlib_ahb_apb_pnp.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c > index 7338461694..f3c015d2c3 100644 > --- a/hw/misc/grlib_ahb_apb_pnp.c > +++ b/hw/misc/grlib_ahb_apb_pnp.c > @@ -22,6 +22,7 @@ > */ > > #include "qemu/osdep.h" > +#include "qemu/log.h" > #include "hw/sysbus.h" > #include "hw/misc/grlib_ahb_apb_pnp.h" > > @@ -231,8 +232,15 @@ static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size) > return apb_pnp->regs[offset >> 2]; > } > > +static void grlib_apb_pnp_write(void *opaque, hwaddr addr, > + uint64_t val, unsigned size) > +{ > + qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__); > +} > + > static const MemoryRegionOps grlib_apb_pnp_ops = { > .read = grlib_apb_pnp_read, > + .write = grlib_apb_pnp_write, > .endianness = DEVICE_BIG_ENDIAN, > }; > > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers 2019-10-25 11:01 ` [PATCH 1/2] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers Philippe Mathieu-Daudé 2019-10-25 11:53 ` KONRAD Frederic @ 2019-11-05 14:02 ` Laurent Vivier 1 sibling, 0 replies; 7+ messages in thread From: Laurent Vivier @ 2019-11-05 14:02 UTC (permalink / raw) To: Philippe Mathieu-Daudé, Mark Cave-Ayland, Fabien Chouteau, Artyom Tarasenko, qemu-devel, KONRAD Frederic Cc: qemu-trivial, Jiri Gaisler Le 25/10/2019 à 13:01, Philippe Mathieu-Daudé a écrit : > Guests can crash QEMU when writting to PnP registers: > > $ echo 'writeb 0x800ff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio > [I 1571938309.932255] OPENED > [R +0.063474] writeb 0x800ff042 69 > Segmentation fault (core dumped) > > (gdb) bt > #0 0x0000000000000000 in () > #1 0x0000555f4bcdf0bc in memory_region_write_with_attrs_accessor (mr=0x555f4d7be8c0, addr=66, value=0x7fff07d00f08, size=1, shift=0, mask=255, attrs=...) at memory.c:503 > #2 0x0000555f4bcdf185 in access_with_adjusted_size (addr=66, value=0x7fff07d00f08, size=1, access_size_min=1, access_size_max=4, access_fn=0x555f4bcdeff4 <memory_region_write_with_attrs_accessor>, mr=0x555f4d7be8c0, attrs=...) at memory.c:539 > #3 0x0000555f4bce2243 in memory_region_dispatch_write (mr=0x555f4d7be8c0, addr=66, data=69, op=MO_8, attrs=...) at memory.c:1489 > #4 0x0000555f4bc80b20 in flatview_write_continue (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, addr1=66, l=1, mr=0x555f4d7be8c0) at exec.c:3161 > #5 0x0000555f4bc80c65 in flatview_write (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3201 > #6 0x0000555f4bc80fb0 in address_space_write (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3291 > #7 0x0000555f4bc8101d in address_space_rw (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, is_write=true) at exec.c:3301 > #8 0x0000555f4bcdb388 in qtest_process_command (chr=0x555f4c2ed7e0 <qtest_chr>, words=0x555f4db0c5d0) at qtest.c:432 > > Instead of crashing, log the access as unimplemented. > > Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> > --- > hw/misc/grlib_ahb_apb_pnp.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c > index 7338461694..f3c015d2c3 100644 > --- a/hw/misc/grlib_ahb_apb_pnp.c > +++ b/hw/misc/grlib_ahb_apb_pnp.c > @@ -22,6 +22,7 @@ > */ > > #include "qemu/osdep.h" > +#include "qemu/log.h" > #include "hw/sysbus.h" > #include "hw/misc/grlib_ahb_apb_pnp.h" > > @@ -231,8 +232,15 @@ static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size) > return apb_pnp->regs[offset >> 2]; > } > > +static void grlib_apb_pnp_write(void *opaque, hwaddr addr, > + uint64_t val, unsigned size) > +{ > + qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__); > +} > + > static const MemoryRegionOps grlib_apb_pnp_ops = { > .read = grlib_apb_pnp_read, > + .write = grlib_apb_pnp_write, > .endianness = DEVICE_BIG_ENDIAN, > }; > > Applied to my trivial-patches branch. Thanks, Laurent ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 2/2] hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses 2019-10-25 11:01 [PATCH 0/2] hw/sparc/leon3: Fixes for the AHB/APB bridge Philippe Mathieu-Daudé 2019-10-25 11:01 ` [PATCH 1/2] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers Philippe Mathieu-Daudé @ 2019-10-25 11:01 ` Philippe Mathieu-Daudé 2019-10-25 11:54 ` KONRAD Frederic 2019-11-05 14:02 ` Laurent Vivier 1 sibling, 2 replies; 7+ messages in thread From: Philippe Mathieu-Daudé @ 2019-10-25 11:01 UTC (permalink / raw) To: Mark Cave-Ayland, Fabien Chouteau, Artyom Tarasenko, qemu-devel, KONRAD Frederic Cc: qemu-trivial, Philippe Mathieu-Daudé, Jiri Gaisler The Plug & Play region of the AHB/APB bridge can be accessed by various word size, however the implementation is clearly restricted to 32-bit: static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size) { APBPnp *apb_pnp = GRLIB_APB_PNP(opaque); return apb_pnp->regs[offset >> 2]; } Set the MemoryRegionOps::impl min/max fields to 32-bit, so memory.c::access_with_adjusted_size() can adjust when the access is not 32-bit. This is required to run RTEMS on leon3, the grlib scanning functions do byte accesses. Reported-by: Jiri Gaisler <jiri@gaisler.se> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> --- hw/misc/grlib_ahb_apb_pnp.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c index f3c015d2c3..e230e25363 100644 --- a/hw/misc/grlib_ahb_apb_pnp.c +++ b/hw/misc/grlib_ahb_apb_pnp.c @@ -242,6 +242,10 @@ static const MemoryRegionOps grlib_apb_pnp_ops = { .read = grlib_apb_pnp_read, .write = grlib_apb_pnp_write, .endianness = DEVICE_BIG_ENDIAN, + .impl = { + .min_access_size = 4, + .max_access_size = 4, + }, }; static void grlib_apb_pnp_realize(DeviceState *dev, Error **errp) -- 2.21.0 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses 2019-10-25 11:01 ` [PATCH 2/2] hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses Philippe Mathieu-Daudé @ 2019-10-25 11:54 ` KONRAD Frederic 2019-11-05 14:02 ` Laurent Vivier 1 sibling, 0 replies; 7+ messages in thread From: KONRAD Frederic @ 2019-10-25 11:54 UTC (permalink / raw) To: Philippe Mathieu-Daudé, Mark Cave-Ayland, Fabien Chouteau, Artyom Tarasenko, qemu-devel Cc: qemu-trivial, Jiri Gaisler Le 10/25/19 à 1:01 PM, Philippe Mathieu-Daudé a écrit : > The Plug & Play region of the AHB/APB bridge can be accessed > by various word size, however the implementation is clearly > restricted to 32-bit: > > static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size) > { > APBPnp *apb_pnp = GRLIB_APB_PNP(opaque); > > return apb_pnp->regs[offset >> 2]; > } > > Set the MemoryRegionOps::impl min/max fields to 32-bit, so > memory.c::access_with_adjusted_size() can adjust when the > access is not 32-bit. > > This is required to run RTEMS on leon3, the grlib scanning > functions do byte accesses. > > Reported-by: Jiri Gaisler <jiri@gaisler.se> > Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> > --- > hw/misc/grlib_ahb_apb_pnp.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c > index f3c015d2c3..e230e25363 100644 > --- a/hw/misc/grlib_ahb_apb_pnp.c > +++ b/hw/misc/grlib_ahb_apb_pnp.c > @@ -242,6 +242,10 @@ static const MemoryRegionOps grlib_apb_pnp_ops = { > .read = grlib_apb_pnp_read, > .write = grlib_apb_pnp_write, > .endianness = DEVICE_BIG_ENDIAN, > + .impl = { > + .min_access_size = 4, > + .max_access_size = 4, > + }, > }; > > static void grlib_apb_pnp_realize(DeviceState *dev, Error **errp) > Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com> Thanks ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses 2019-10-25 11:01 ` [PATCH 2/2] hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses Philippe Mathieu-Daudé 2019-10-25 11:54 ` KONRAD Frederic @ 2019-11-05 14:02 ` Laurent Vivier 1 sibling, 0 replies; 7+ messages in thread From: Laurent Vivier @ 2019-11-05 14:02 UTC (permalink / raw) To: Philippe Mathieu-Daudé, Mark Cave-Ayland, Fabien Chouteau, Artyom Tarasenko, qemu-devel, KONRAD Frederic Cc: qemu-trivial, Jiri Gaisler Le 25/10/2019 à 13:01, Philippe Mathieu-Daudé a écrit : > The Plug & Play region of the AHB/APB bridge can be accessed > by various word size, however the implementation is clearly > restricted to 32-bit: > > static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size) > { > APBPnp *apb_pnp = GRLIB_APB_PNP(opaque); > > return apb_pnp->regs[offset >> 2]; > } > > Set the MemoryRegionOps::impl min/max fields to 32-bit, so > memory.c::access_with_adjusted_size() can adjust when the > access is not 32-bit. > > This is required to run RTEMS on leon3, the grlib scanning > functions do byte accesses. > > Reported-by: Jiri Gaisler <jiri@gaisler.se> > Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> > --- > hw/misc/grlib_ahb_apb_pnp.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c > index f3c015d2c3..e230e25363 100644 > --- a/hw/misc/grlib_ahb_apb_pnp.c > +++ b/hw/misc/grlib_ahb_apb_pnp.c > @@ -242,6 +242,10 @@ static const MemoryRegionOps grlib_apb_pnp_ops = { > .read = grlib_apb_pnp_read, > .write = grlib_apb_pnp_write, > .endianness = DEVICE_BIG_ENDIAN, > + .impl = { > + .min_access_size = 4, > + .max_access_size = 4, > + }, > }; > > static void grlib_apb_pnp_realize(DeviceState *dev, Error **errp) > Applied to my trivial-patches branch. Thanks, Laurent ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-11-05 14:04 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-10-25 11:01 [PATCH 0/2] hw/sparc/leon3: Fixes for the AHB/APB bridge Philippe Mathieu-Daudé 2019-10-25 11:01 ` [PATCH 1/2] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers Philippe Mathieu-Daudé 2019-10-25 11:53 ` KONRAD Frederic 2019-11-05 14:02 ` Laurent Vivier 2019-10-25 11:01 ` [PATCH 2/2] hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses Philippe Mathieu-Daudé 2019-10-25 11:54 ` KONRAD Frederic 2019-11-05 14:02 ` Laurent Vivier
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).