* [PATCH 0/2] hw/sparc/leon3: Fixes for the AHB/APB bridge
@ 2019-10-25 11:01 Philippe Mathieu-Daudé
2019-10-25 11:01 ` [PATCH 1/2] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers Philippe Mathieu-Daudé
2019-10-25 11:01 ` [PATCH 2/2] hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses Philippe Mathieu-Daudé
0 siblings, 2 replies; 7+ messages in thread
From: Philippe Mathieu-Daudé @ 2019-10-25 11:01 UTC (permalink / raw)
To: Mark Cave-Ayland, Fabien Chouteau, Artyom Tarasenko, qemu-devel,
KONRAD Frederic
Cc: qemu-trivial, Philippe Mathieu-Daudé, Jiri Gaisler
Two trivial fixes after reading Jiri comment:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg654994.html
"The plug&play area must support byte accesses,
which is used by the RTEMS grlib scanning functions..."
Regards,
Phil.
Philippe Mathieu-Daudé (2):
hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers
hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses
hw/misc/grlib_ahb_apb_pnp.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--
2.21.0
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/2] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers
2019-10-25 11:01 [PATCH 0/2] hw/sparc/leon3: Fixes for the AHB/APB bridge Philippe Mathieu-Daudé
@ 2019-10-25 11:01 ` Philippe Mathieu-Daudé
2019-10-25 11:53 ` KONRAD Frederic
2019-11-05 14:02 ` Laurent Vivier
2019-10-25 11:01 ` [PATCH 2/2] hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses Philippe Mathieu-Daudé
1 sibling, 2 replies; 7+ messages in thread
From: Philippe Mathieu-Daudé @ 2019-10-25 11:01 UTC (permalink / raw)
To: Mark Cave-Ayland, Fabien Chouteau, Artyom Tarasenko, qemu-devel,
KONRAD Frederic
Cc: qemu-trivial, Philippe Mathieu-Daudé, Jiri Gaisler
Guests can crash QEMU when writting to PnP registers:
$ echo 'writeb 0x800ff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio
[I 1571938309.932255] OPENED
[R +0.063474] writeb 0x800ff042 69
Segmentation fault (core dumped)
(gdb) bt
#0 0x0000000000000000 in ()
#1 0x0000555f4bcdf0bc in memory_region_write_with_attrs_accessor (mr=0x555f4d7be8c0, addr=66, value=0x7fff07d00f08, size=1, shift=0, mask=255, attrs=...) at memory.c:503
#2 0x0000555f4bcdf185 in access_with_adjusted_size (addr=66, value=0x7fff07d00f08, size=1, access_size_min=1, access_size_max=4, access_fn=0x555f4bcdeff4 <memory_region_write_with_attrs_accessor>, mr=0x555f4d7be8c0, attrs=...) at memory.c:539
#3 0x0000555f4bce2243 in memory_region_dispatch_write (mr=0x555f4d7be8c0, addr=66, data=69, op=MO_8, attrs=...) at memory.c:1489
#4 0x0000555f4bc80b20 in flatview_write_continue (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, addr1=66, l=1, mr=0x555f4d7be8c0) at exec.c:3161
#5 0x0000555f4bc80c65 in flatview_write (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3201
#6 0x0000555f4bc80fb0 in address_space_write (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3291
#7 0x0000555f4bc8101d in address_space_rw (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, is_write=true) at exec.c:3301
#8 0x0000555f4bcdb388 in qtest_process_command (chr=0x555f4c2ed7e0 <qtest_chr>, words=0x555f4db0c5d0) at qtest.c:432
Instead of crashing, log the access as unimplemented.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
hw/misc/grlib_ahb_apb_pnp.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c
index 7338461694..f3c015d2c3 100644
--- a/hw/misc/grlib_ahb_apb_pnp.c
+++ b/hw/misc/grlib_ahb_apb_pnp.c
@@ -22,6 +22,7 @@
*/
#include "qemu/osdep.h"
+#include "qemu/log.h"
#include "hw/sysbus.h"
#include "hw/misc/grlib_ahb_apb_pnp.h"
@@ -231,8 +232,15 @@ static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size)
return apb_pnp->regs[offset >> 2];
}
+static void grlib_apb_pnp_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
+}
+
static const MemoryRegionOps grlib_apb_pnp_ops = {
.read = grlib_apb_pnp_read,
+ .write = grlib_apb_pnp_write,
.endianness = DEVICE_BIG_ENDIAN,
};
--
2.21.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 2/2] hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses
2019-10-25 11:01 [PATCH 0/2] hw/sparc/leon3: Fixes for the AHB/APB bridge Philippe Mathieu-Daudé
2019-10-25 11:01 ` [PATCH 1/2] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers Philippe Mathieu-Daudé
@ 2019-10-25 11:01 ` Philippe Mathieu-Daudé
2019-10-25 11:54 ` KONRAD Frederic
2019-11-05 14:02 ` Laurent Vivier
1 sibling, 2 replies; 7+ messages in thread
From: Philippe Mathieu-Daudé @ 2019-10-25 11:01 UTC (permalink / raw)
To: Mark Cave-Ayland, Fabien Chouteau, Artyom Tarasenko, qemu-devel,
KONRAD Frederic
Cc: qemu-trivial, Philippe Mathieu-Daudé, Jiri Gaisler
The Plug & Play region of the AHB/APB bridge can be accessed
by various word size, however the implementation is clearly
restricted to 32-bit:
static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size)
{
APBPnp *apb_pnp = GRLIB_APB_PNP(opaque);
return apb_pnp->regs[offset >> 2];
}
Set the MemoryRegionOps::impl min/max fields to 32-bit, so
memory.c::access_with_adjusted_size() can adjust when the
access is not 32-bit.
This is required to run RTEMS on leon3, the grlib scanning
functions do byte accesses.
Reported-by: Jiri Gaisler <jiri@gaisler.se>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
hw/misc/grlib_ahb_apb_pnp.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c
index f3c015d2c3..e230e25363 100644
--- a/hw/misc/grlib_ahb_apb_pnp.c
+++ b/hw/misc/grlib_ahb_apb_pnp.c
@@ -242,6 +242,10 @@ static const MemoryRegionOps grlib_apb_pnp_ops = {
.read = grlib_apb_pnp_read,
.write = grlib_apb_pnp_write,
.endianness = DEVICE_BIG_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
};
static void grlib_apb_pnp_realize(DeviceState *dev, Error **errp)
--
2.21.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers
2019-10-25 11:01 ` [PATCH 1/2] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers Philippe Mathieu-Daudé
@ 2019-10-25 11:53 ` KONRAD Frederic
2019-11-05 14:02 ` Laurent Vivier
1 sibling, 0 replies; 7+ messages in thread
From: KONRAD Frederic @ 2019-10-25 11:53 UTC (permalink / raw)
To: Philippe Mathieu-Daudé,
Mark Cave-Ayland, Fabien Chouteau, Artyom Tarasenko, qemu-devel
Cc: qemu-trivial, Jiri Gaisler
Hi Philippe,
Le 10/25/19 à 1:01 PM, Philippe Mathieu-Daudé a écrit :
> Guests can crash QEMU when writting to PnP registers:
>
> $ echo 'writeb 0x800ff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio
> [I 1571938309.932255] OPENED
> [R +0.063474] writeb 0x800ff042 69
> Segmentation fault (core dumped)
>
> (gdb) bt
> #0 0x0000000000000000 in ()
> #1 0x0000555f4bcdf0bc in memory_region_write_with_attrs_accessor (mr=0x555f4d7be8c0, addr=66, value=0x7fff07d00f08, size=1, shift=0, mask=255, attrs=...) at memory.c:503
> #2 0x0000555f4bcdf185 in access_with_adjusted_size (addr=66, value=0x7fff07d00f08, size=1, access_size_min=1, access_size_max=4, access_fn=0x555f4bcdeff4 <memory_region_write_with_attrs_accessor>, mr=0x555f4d7be8c0, attrs=...) at memory.c:539
> #3 0x0000555f4bce2243 in memory_region_dispatch_write (mr=0x555f4d7be8c0, addr=66, data=69, op=MO_8, attrs=...) at memory.c:1489
> #4 0x0000555f4bc80b20 in flatview_write_continue (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, addr1=66, l=1, mr=0x555f4d7be8c0) at exec.c:3161
> #5 0x0000555f4bc80c65 in flatview_write (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3201
> #6 0x0000555f4bc80fb0 in address_space_write (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3291
> #7 0x0000555f4bc8101d in address_space_rw (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, is_write=true) at exec.c:3301
> #8 0x0000555f4bcdb388 in qtest_process_command (chr=0x555f4c2ed7e0 <qtest_chr>, words=0x555f4db0c5d0) at qtest.c:432
>
> Instead of crashing, log the access as unimplemented.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
oops, thanks for that :).
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
> ---
> hw/misc/grlib_ahb_apb_pnp.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c
> index 7338461694..f3c015d2c3 100644
> --- a/hw/misc/grlib_ahb_apb_pnp.c
> +++ b/hw/misc/grlib_ahb_apb_pnp.c
> @@ -22,6 +22,7 @@
> */
>
> #include "qemu/osdep.h"
> +#include "qemu/log.h"
> #include "hw/sysbus.h"
> #include "hw/misc/grlib_ahb_apb_pnp.h"
>
> @@ -231,8 +232,15 @@ static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size)
> return apb_pnp->regs[offset >> 2];
> }
>
> +static void grlib_apb_pnp_write(void *opaque, hwaddr addr,
> + uint64_t val, unsigned size)
> +{
> + qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
> +}
> +
> static const MemoryRegionOps grlib_apb_pnp_ops = {
> .read = grlib_apb_pnp_read,
> + .write = grlib_apb_pnp_write,
> .endianness = DEVICE_BIG_ENDIAN,
> };
>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses
2019-10-25 11:01 ` [PATCH 2/2] hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses Philippe Mathieu-Daudé
@ 2019-10-25 11:54 ` KONRAD Frederic
2019-11-05 14:02 ` Laurent Vivier
1 sibling, 0 replies; 7+ messages in thread
From: KONRAD Frederic @ 2019-10-25 11:54 UTC (permalink / raw)
To: Philippe Mathieu-Daudé,
Mark Cave-Ayland, Fabien Chouteau, Artyom Tarasenko, qemu-devel
Cc: qemu-trivial, Jiri Gaisler
Le 10/25/19 à 1:01 PM, Philippe Mathieu-Daudé a écrit :
> The Plug & Play region of the AHB/APB bridge can be accessed
> by various word size, however the implementation is clearly
> restricted to 32-bit:
>
> static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size)
> {
> APBPnp *apb_pnp = GRLIB_APB_PNP(opaque);
>
> return apb_pnp->regs[offset >> 2];
> }
>
> Set the MemoryRegionOps::impl min/max fields to 32-bit, so
> memory.c::access_with_adjusted_size() can adjust when the
> access is not 32-bit.
>
> This is required to run RTEMS on leon3, the grlib scanning
> functions do byte accesses.
>
> Reported-by: Jiri Gaisler <jiri@gaisler.se>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
> hw/misc/grlib_ahb_apb_pnp.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c
> index f3c015d2c3..e230e25363 100644
> --- a/hw/misc/grlib_ahb_apb_pnp.c
> +++ b/hw/misc/grlib_ahb_apb_pnp.c
> @@ -242,6 +242,10 @@ static const MemoryRegionOps grlib_apb_pnp_ops = {
> .read = grlib_apb_pnp_read,
> .write = grlib_apb_pnp_write,
> .endianness = DEVICE_BIG_ENDIAN,
> + .impl = {
> + .min_access_size = 4,
> + .max_access_size = 4,
> + },
> };
>
> static void grlib_apb_pnp_realize(DeviceState *dev, Error **errp)
>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Thanks
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers
2019-10-25 11:01 ` [PATCH 1/2] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers Philippe Mathieu-Daudé
2019-10-25 11:53 ` KONRAD Frederic
@ 2019-11-05 14:02 ` Laurent Vivier
1 sibling, 0 replies; 7+ messages in thread
From: Laurent Vivier @ 2019-11-05 14:02 UTC (permalink / raw)
To: Philippe Mathieu-Daudé,
Mark Cave-Ayland, Fabien Chouteau, Artyom Tarasenko, qemu-devel,
KONRAD Frederic
Cc: qemu-trivial, Jiri Gaisler
Le 25/10/2019 à 13:01, Philippe Mathieu-Daudé a écrit :
> Guests can crash QEMU when writting to PnP registers:
>
> $ echo 'writeb 0x800ff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio
> [I 1571938309.932255] OPENED
> [R +0.063474] writeb 0x800ff042 69
> Segmentation fault (core dumped)
>
> (gdb) bt
> #0 0x0000000000000000 in ()
> #1 0x0000555f4bcdf0bc in memory_region_write_with_attrs_accessor (mr=0x555f4d7be8c0, addr=66, value=0x7fff07d00f08, size=1, shift=0, mask=255, attrs=...) at memory.c:503
> #2 0x0000555f4bcdf185 in access_with_adjusted_size (addr=66, value=0x7fff07d00f08, size=1, access_size_min=1, access_size_max=4, access_fn=0x555f4bcdeff4 <memory_region_write_with_attrs_accessor>, mr=0x555f4d7be8c0, attrs=...) at memory.c:539
> #3 0x0000555f4bce2243 in memory_region_dispatch_write (mr=0x555f4d7be8c0, addr=66, data=69, op=MO_8, attrs=...) at memory.c:1489
> #4 0x0000555f4bc80b20 in flatview_write_continue (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, addr1=66, l=1, mr=0x555f4d7be8c0) at exec.c:3161
> #5 0x0000555f4bc80c65 in flatview_write (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3201
> #6 0x0000555f4bc80fb0 in address_space_write (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3291
> #7 0x0000555f4bc8101d in address_space_rw (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, is_write=true) at exec.c:3301
> #8 0x0000555f4bcdb388 in qtest_process_command (chr=0x555f4c2ed7e0 <qtest_chr>, words=0x555f4db0c5d0) at qtest.c:432
>
> Instead of crashing, log the access as unimplemented.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
> hw/misc/grlib_ahb_apb_pnp.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c
> index 7338461694..f3c015d2c3 100644
> --- a/hw/misc/grlib_ahb_apb_pnp.c
> +++ b/hw/misc/grlib_ahb_apb_pnp.c
> @@ -22,6 +22,7 @@
> */
>
> #include "qemu/osdep.h"
> +#include "qemu/log.h"
> #include "hw/sysbus.h"
> #include "hw/misc/grlib_ahb_apb_pnp.h"
>
> @@ -231,8 +232,15 @@ static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size)
> return apb_pnp->regs[offset >> 2];
> }
>
> +static void grlib_apb_pnp_write(void *opaque, hwaddr addr,
> + uint64_t val, unsigned size)
> +{
> + qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
> +}
> +
> static const MemoryRegionOps grlib_apb_pnp_ops = {
> .read = grlib_apb_pnp_read,
> + .write = grlib_apb_pnp_write,
> .endianness = DEVICE_BIG_ENDIAN,
> };
>
>
Applied to my trivial-patches branch.
Thanks,
Laurent
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses
2019-10-25 11:01 ` [PATCH 2/2] hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses Philippe Mathieu-Daudé
2019-10-25 11:54 ` KONRAD Frederic
@ 2019-11-05 14:02 ` Laurent Vivier
1 sibling, 0 replies; 7+ messages in thread
From: Laurent Vivier @ 2019-11-05 14:02 UTC (permalink / raw)
To: Philippe Mathieu-Daudé,
Mark Cave-Ayland, Fabien Chouteau, Artyom Tarasenko, qemu-devel,
KONRAD Frederic
Cc: qemu-trivial, Jiri Gaisler
Le 25/10/2019 à 13:01, Philippe Mathieu-Daudé a écrit :
> The Plug & Play region of the AHB/APB bridge can be accessed
> by various word size, however the implementation is clearly
> restricted to 32-bit:
>
> static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size)
> {
> APBPnp *apb_pnp = GRLIB_APB_PNP(opaque);
>
> return apb_pnp->regs[offset >> 2];
> }
>
> Set the MemoryRegionOps::impl min/max fields to 32-bit, so
> memory.c::access_with_adjusted_size() can adjust when the
> access is not 32-bit.
>
> This is required to run RTEMS on leon3, the grlib scanning
> functions do byte accesses.
>
> Reported-by: Jiri Gaisler <jiri@gaisler.se>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
> hw/misc/grlib_ahb_apb_pnp.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c
> index f3c015d2c3..e230e25363 100644
> --- a/hw/misc/grlib_ahb_apb_pnp.c
> +++ b/hw/misc/grlib_ahb_apb_pnp.c
> @@ -242,6 +242,10 @@ static const MemoryRegionOps grlib_apb_pnp_ops = {
> .read = grlib_apb_pnp_read,
> .write = grlib_apb_pnp_write,
> .endianness = DEVICE_BIG_ENDIAN,
> + .impl = {
> + .min_access_size = 4,
> + .max_access_size = 4,
> + },
> };
>
> static void grlib_apb_pnp_realize(DeviceState *dev, Error **errp)
>
Applied to my trivial-patches branch.
Thanks,
Laurent
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-11-05 14:04 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-25 11:01 [PATCH 0/2] hw/sparc/leon3: Fixes for the AHB/APB bridge Philippe Mathieu-Daudé
2019-10-25 11:01 ` [PATCH 1/2] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers Philippe Mathieu-Daudé
2019-10-25 11:53 ` KONRAD Frederic
2019-11-05 14:02 ` Laurent Vivier
2019-10-25 11:01 ` [PATCH 2/2] hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses Philippe Mathieu-Daudé
2019-10-25 11:54 ` KONRAD Frederic
2019-11-05 14:02 ` Laurent Vivier
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).