All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Cédric Le Goater" <clg@kaod.org>
To: qemu-arm@nongnu.org, qemu-devel@nongnu.org
Cc: "Peter Maydell" <peter.maydell@linaro.org>,
	"Philippe Mathieu-Daudé" <philmd@linaro.org>,
	"Peter Delevoryas" <peter@pjd.dev>,
	"Cédric Le Goater" <clg@kaod.org>
Subject: [PULL 18/25] hw/misc/aspeed_hace: Do not crash if address_space_map() failed
Date: Tue,  7 Feb 2023 11:07:37 +0100	[thread overview]
Message-ID: <20230207100744.698694-19-clg@kaod.org> (raw)
In-Reply-To: <20230207100744.698694-1-clg@kaod.org>

From: Philippe Mathieu-Daudé <philmd@linaro.org>

address_space_map() can fail:

  uart:~$ hash test
  sha256_test
  tv[0]:
  Segmentation fault: 11
  Thread 3 "qemu-system-arm" received signal SIGSEGV, Segmentation fault.
  gen_acc_mode_iov (req_len=0x7ffff18b7778, id=<optimized out>, iov=0x7ffff18b7780, s=0x555556ce0bd0)
      at ../hw/misc/aspeed_hace.c:171
  171         if (has_padding(s, &iov[id], *req_len, &total_msg_len, &pad_offset)) {
  (gdb) bt
  #0  gen_acc_mode_iov (req_len=0x7ffff18b7778, id=<optimized out>, iov=0x7ffff18b7780, s=0x555556ce0bd0)
      at ../hw/misc/aspeed_hace.c:171
  #1  do_hash_operation (s=s@entry=0x555556ce0bd0, algo=3, sg_mode=sg_mode@entry=true, acc_mode=acc_mode@entry=true)
      at ../hw/misc/aspeed_hace.c:224
  #2  0x00005555559bdbb8 in aspeed_hace_write (opaque=<optimized out>, addr=12, data=262488, size=<optimized out>)
      at ../hw/misc/aspeed_hace.c:358

This change doesn't fix much, but at least the guest
can't crash QEMU anymore. Instead it is still usable:

  uart:~$ hash test
  sha256_test
  tv[0]:hash_final error
  sha384_test
  tv[0]:hash_final error
  sha512_test
  tv[0]:hash_final error
  [00:00:06.278,000] <err> hace_global: HACE poll timeout
  [00:00:09.324,000] <err> hace_global: HACE poll timeout
  [00:00:12.261,000] <err> hace_global: HACE poll timeout
  uart:~$

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Delevoryas <peter@pjd.dev>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
---
 hw/misc/aspeed_hace.c | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/hw/misc/aspeed_hace.c b/hw/misc/aspeed_hace.c
index ac21be306c..12a761f1f5 100644
--- a/hw/misc/aspeed_hace.c
+++ b/hw/misc/aspeed_hace.c
@@ -193,6 +193,7 @@ static void do_hash_operation(AspeedHACEState *s, int algo, bool sg_mode,
     size_t digest_len = 0;
     int niov = 0;
     int i;
+    void *haddr;
 
     if (sg_mode) {
         uint32_t len = 0;
@@ -217,9 +218,13 @@ static void do_hash_operation(AspeedHACEState *s, int algo, bool sg_mode,
             addr &= SG_LIST_ADDR_MASK;
 
             plen = len & SG_LIST_LEN_MASK;
-            iov[i].iov_base = address_space_map(&s->dram_as, addr, &plen, false,
-                                                MEMTXATTRS_UNSPECIFIED);
-
+            haddr = address_space_map(&s->dram_as, addr, &plen, false,
+                                      MEMTXATTRS_UNSPECIFIED);
+            if (haddr == NULL) {
+                qemu_log_mask(LOG_GUEST_ERROR, "%s: qcrypto failed\n", __func__);
+                return;
+            }
+            iov[i].iov_base = haddr;
             if (acc_mode) {
                 niov = gen_acc_mode_iov(s, iov, i, &plen);
 
@@ -230,10 +235,14 @@ static void do_hash_operation(AspeedHACEState *s, int algo, bool sg_mode,
     } else {
         hwaddr len = s->regs[R_HASH_SRC_LEN];
 
+        haddr = address_space_map(&s->dram_as, s->regs[R_HASH_SRC],
+                                  &len, false, MEMTXATTRS_UNSPECIFIED);
+        if (haddr == NULL) {
+            qemu_log_mask(LOG_GUEST_ERROR, "%s: qcrypto failed\n", __func__);
+            return;
+        }
+        iov[0].iov_base = haddr;
         iov[0].iov_len = len;
-        iov[0].iov_base = address_space_map(&s->dram_as, s->regs[R_HASH_SRC],
-                                            &len, false,
-                                            MEMTXATTRS_UNSPECIFIED);
         i = 1;
 
         if (s->iov_count) {
-- 
2.39.1



  parent reply	other threads:[~2023-02-07 10:10 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-07 10:07 [PULL 00/25] aspeed queue Cédric Le Goater
2023-02-07 10:07 ` [PULL 01/25] tests/avocado: Introduce file_truncate() Cédric Le Goater
2023-02-07 10:07 ` [PULL 02/25] tests/avocado: Truncate M2S-FG484 SOM SPI flash to 16MiB Cédric Le Goater
2023-02-07 10:07 ` [PULL 03/25] aspeed: Add Supermicro X11 SPI machine type Cédric Le Goater
2023-02-07 10:07 ` [PULL 04/25] hw/net: Fix read of uninitialized memory in ftgmac100 Cédric Le Goater
2023-02-07 10:07 ` [PULL 05/25] avocado/boot_linux_console.py: Update ast2600 test Cédric Le Goater
2023-02-07 10:07 ` [PULL 06/25] m25p80: Add the is25wp256 SFPD table Cédric Le Goater
2023-02-07 10:07 ` [PULL 07/25] tests/avocado/machine_aspeed.py: update buildroot tests Cédric Le Goater
2023-02-07 10:07 ` [PULL 08/25] tests/avocado/machine_aspeed.py: Mask systemd services to speed up SDK boot Cédric Le Goater
2023-02-07 10:07 ` [PULL 09/25] hw/core/loader: Remove declarations of option_rom_has_mr/rom_file_has_mr Cédric Le Goater
2023-02-07 10:07 ` [PULL 10/25] hw/arm: Extract at24c_eeprom_init helper from Aspeed and Nuvoton boards Cédric Le Goater
2023-02-07 10:07 ` [PULL 11/25] hw/arm/aspeed: Replace aspeed_eeprom_init with at24c_eeprom_init Cédric Le Goater
2023-02-07 10:07 ` [PULL 12/25] hw/nvram/eeprom_at24c: Add init_rom field and at24c_eeprom_init_rom helper Cédric Le Goater
2023-02-07 10:07 ` [PULL 13/25] hw/arm/aspeed: Add aspeed_eeprom.c Cédric Le Goater
2023-02-07 10:07 ` [PULL 14/25] hw/nvram/eeprom_at24c: Make reset behavior more like hardware Cédric Le Goater
2023-02-07 10:07 ` [PULL 15/25] hw/watchdog/wdt_aspeed: Rename MMIO region size as 'iosize' Cédric Le Goater
2023-02-07 10:07 ` [PULL 16/25] hw/watchdog/wdt_aspeed: Extend MMIO range to cover more registers Cédric Le Goater
2023-02-07 10:07 ` [PULL 17/25] hw/watchdog/wdt_aspeed: Log unimplemented registers as UNIMP level Cédric Le Goater
2023-02-07 10:07 ` Cédric Le Goater [this message]
2023-02-07 10:07 ` [PULL 19/25] hw/arm/aspeed_ast10x0: Add various unimplemented peripherals Cédric Le Goater
2023-02-07 10:07 ` [PULL 20/25] hw/arm/aspeed_ast10x0: Map I3C peripheral Cédric Le Goater
2023-02-07 10:07 ` [PULL 21/25] hw/arm/aspeed_ast10x0: Map the secure SRAM Cédric Le Goater
2023-02-07 10:07 ` [PULL 22/25] hw/arm/aspeed_ast10x0: Map HACE peripheral Cédric Le Goater
2023-02-07 10:07 ` [PULL 23/25] hw/arm/aspeed_ast10x0: Add TODO comment to use Cortex-M4F Cédric Le Goater
2023-02-07 10:07 ` [PULL 24/25] tests/avocado: Test Aspeed Zephyr SDK v00.01.08 on AST1030 board Cédric Le Goater
2023-02-07 10:07 ` [PULL 25/25] aspeed/sdmc: Drop unnecessary scu include Cédric Le Goater
2023-02-07 22:10 ` [PULL 00/25] aspeed queue Peter Maydell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230207100744.698694-19-clg@kaod.org \
    --to=clg@kaod.org \
    --cc=peter.maydell@linaro.org \
    --cc=peter@pjd.dev \
    --cc=philmd@linaro.org \
    --cc=qemu-arm@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.