Patchwork copy&paste error in serial.c causes a crash when attempting to read from UART (if there is no data to be read)

login
register
mail settings
Submitter Vladimir Senkov
Date June 17, 2013, 12:43 a.m.
Message ID <CAEgEybqrZ50JD5jmf9ge2g1VgNB5XE4wLkfxvB6qBe89vjP8Zw@mail.gmail.com>
Download mbox | patch
Permalink /patch/251753/
State New
Headers show

Comments

Vladimir Senkov - June 17, 2013, 12:43 a.m.
From 032bdc94c6369aa7b578182cdad8038ebb2b8cd1 Mon Sep 17 00:00:00 2001
From: Vladimir Senkov <hangup@gmail.com>
Date: Sun, 16 Jun 2013 20:30:52 -0400
Subject: [PATCH] fixed a copy&paste error in serial.c

Signed-off-by: Vladimir Senkov <hangup@gmail.com>

---
 hw/char/serial.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

                     s->lsr &= ~(UART_LSR_DR | UART_LSR_BI);
--
1.8.1.2
Andreas Färber - June 17, 2013, 12:57 a.m.
Am 17.06.2013 02:43, schrieb Vladimir Senkov:
> From 032bdc94c6369aa7b578182cdad8038ebb2b8cd1 Mon Sep 17 00:00:00 2001
> From: Vladimir Senkov <hangup@gmail.com <mailto:hangup@gmail.com>>
> Date: Sun, 16 Jun 2013 20:30:52 -0400
> Subject: [PATCH] fixed a copy&paste error in serial.c
> 
> Signed-off-by: Vladimir Senkov <hangup@gmail.com <mailto:hangup@gmail.com>>

Patch is HTML-damaged unfortunately, we recommend git-send-email:
http://wiki.qemu.org/Contribute/SubmitAPatch

But since the patch is so trivial, maybe Peter or Michael can fix it up?

Regards,
Andreas

> ---
>  hw/char/serial.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/char/serial.c b/hw/char/serial.c
> index b537e42..6382f98 100644
> --- a/hw/char/serial.c
> +++ b/hw/char/serial.c
> @@ -424,7 +424,7 @@ static uint64_t serial_ioport_read(void *opaque,
> hwaddr addr, unsigned size)
>              ret = s->divider & 0xff;
>          } else {
>              if(s->fcr & UART_FCR_FE) {
> -                ret = fifo8_is_full(&s->recv_fifo) ?
> +                ret = fifo8_is_empty(&s->recv_fifo) ?
>                              0 : fifo8_pop(&s->recv_fifo);
>                  if (s->recv_fifo.num == 0) {
>                      s->lsr &= ~(UART_LSR_DR | UART_LSR_BI);
> --
> 1.8.1.2
>
Paolo Bonzini - June 17, 2013, 7:03 a.m.
Il 17/06/2013 02:57, Andreas Färber ha scritto:
>> > From 032bdc94c6369aa7b578182cdad8038ebb2b8cd1 Mon Sep 17 00:00:00 2001
>> > From: Vladimir Senkov <hangup@gmail.com <mailto:hangup@gmail.com>>
>> > Date: Sun, 16 Jun 2013 20:30:52 -0400
>> > Subject: [PATCH] fixed a copy&paste error in serial.c
>> > 
>> > Signed-off-by: Vladimir Senkov <hangup@gmail.com <mailto:hangup@gmail.com>>
> Patch is HTML-damaged unfortunately, we recommend git-send-email:
> http://wiki.qemu.org/Contribute/SubmitAPatch
> 
> But since the patch is so trivial, maybe Peter or Michael can fix it up?

And also add Cc: qemu-stable.

Paolo
Andreas Färber - June 17, 2013, 7:16 a.m.
Am 17.06.2013 09:03, schrieb Paolo Bonzini:
> Il 17/06/2013 02:57, Andreas Färber ha scritto:
>>>> From 032bdc94c6369aa7b578182cdad8038ebb2b8cd1 Mon Sep 17 00:00:00 2001
>>>> From: Vladimir Senkov <hangup@gmail.com <mailto:hangup@gmail.com>>
>>>> Date: Sun, 16 Jun 2013 20:30:52 -0400
>>>> Subject: [PATCH] fixed a copy&paste error in serial.c
>>>>
>>>> Signed-off-by: Vladimir Senkov <hangup@gmail.com <mailto:hangup@gmail.com>>
>> Patch is HTML-damaged unfortunately, we recommend git-send-email:
>> http://wiki.qemu.org/Contribute/SubmitAPatch
>>
>> But since the patch is so trivial, maybe Peter or Michael can fix it up?
> 
> And also add Cc: qemu-stable.

I interpreted this as a regression through Peter's serial patches that
went in via trivial pull last week, but I may well be wrong. :)

Andreas
Peter Crosthwaite - June 17, 2013, 7:30 a.m.
Hi Andreas,

On Mon, Jun 17, 2013 at 10:57 AM, Andreas Färber <afaerber@suse.de> wrote:
> Am 17.06.2013 02:43, schrieb Vladimir Senkov:
>> From 032bdc94c6369aa7b578182cdad8038ebb2b8cd1 Mon Sep 17 00:00:00 2001
>> From: Vladimir Senkov <hangup@gmail.com <mailto:hangup@gmail.com>>
>> Date: Sun, 16 Jun 2013 20:30:52 -0400
>> Subject: [PATCH] fixed a copy&paste error in serial.c
>>
>> Signed-off-by: Vladimir Senkov <hangup@gmail.com <mailto:hangup@gmail.com>>
>
> Patch is HTML-damaged unfortunately, we recommend git-send-email:
> http://wiki.qemu.org/Contribute/SubmitAPatch
>
> But since the patch is so trivial, maybe Peter or Michael can fix it up?
>

Yes I can,

Sorry about the regression. I'll give Vladamir overnight to remake if
he wants, otherwise I will remake first thing tomorrow.

Regards,
Peter

> Regards,
> Andreas
>
>> ---
>>  hw/char/serial.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/hw/char/serial.c b/hw/char/serial.c
>> index b537e42..6382f98 100644
>> --- a/hw/char/serial.c
>> +++ b/hw/char/serial.c
>> @@ -424,7 +424,7 @@ static uint64_t serial_ioport_read(void *opaque,
>> hwaddr addr, unsigned size)
>>              ret = s->divider & 0xff;
>>          } else {
>>              if(s->fcr & UART_FCR_FE) {
>> -                ret = fifo8_is_full(&s->recv_fifo) ?
>> +                ret = fifo8_is_empty(&s->recv_fifo) ?
>>                              0 : fifo8_pop(&s->recv_fifo);
>>                  if (s->recv_fifo.num == 0) {
>>                      s->lsr &= ~(UART_LSR_DR | UART_LSR_BI);
>> --
>> 1.8.1.2
>>
>
>
> --
> SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
> GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
>
Peter Crosthwaite - June 17, 2013, 7:31 a.m.
On Mon, Jun 17, 2013 at 5:16 PM, Andreas Färber <afaerber@suse.de> wrote:
> Am 17.06.2013 09:03, schrieb Paolo Bonzini:
>> Il 17/06/2013 02:57, Andreas Färber ha scritto:
>>>>> From 032bdc94c6369aa7b578182cdad8038ebb2b8cd1 Mon Sep 17 00:00:00 2001
>>>>> From: Vladimir Senkov <hangup@gmail.com <mailto:hangup@gmail.com>>
>>>>> Date: Sun, 16 Jun 2013 20:30:52 -0400
>>>>> Subject: [PATCH] fixed a copy&paste error in serial.c
>>>>>
>>>>> Signed-off-by: Vladimir Senkov <hangup@gmail.com <mailto:hangup@gmail.com>>
>>> Patch is HTML-damaged unfortunately, we recommend git-send-email:
>>> http://wiki.qemu.org/Contribute/SubmitAPatch
>>>
>>> But since the patch is so trivial, maybe Peter or Michael can fix it up?
>>
>> And also add Cc: qemu-stable.
>
> I interpreted this as a regression through Peter's serial patches that
> went in via trivial pull last week, but I may well be wrong. :)
>

You are right. Regression introduced by me in serial cleanup series.

No need for stable as stable shouldn't have picked up that series.

Regards,
Peter

> Andreas
>
> --
> SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
> GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
>
Peter Crosthwaite - June 17, 2013, 7:33 a.m.
Patch is good, I think the issue is just in the sending as flagged by Andreas.

On Mon, Jun 17, 2013 at 10:43 AM, Vladimir Senkov <hangup@gmail.com> wrote:
> From 032bdc94c6369aa7b578182cdad8038ebb2b8cd1 Mon Sep 17 00:00:00 2001
> From: Vladimir Senkov <hangup@gmail.com>
> Date: Sun, 16 Jun 2013 20:30:52 -0400
> Subject: [PATCH] fixed a copy&paste error in serial.c
>
> Signed-off-by: Vladimir Senkov <hangup@gmail.com>

Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>

>
> ---
>  hw/char/serial.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/char/serial.c b/hw/char/serial.c
> index b537e42..6382f98 100644
> --- a/hw/char/serial.c
> +++ b/hw/char/serial.c
> @@ -424,7 +424,7 @@ static uint64_t serial_ioport_read(void *opaque, hwaddr
> addr, unsigned size)
>              ret = s->divider & 0xff;
>          } else {
>              if(s->fcr & UART_FCR_FE) {
> -                ret = fifo8_is_full(&s->recv_fifo) ?
> +                ret = fifo8_is_empty(&s->recv_fifo) ?
>                              0 : fifo8_pop(&s->recv_fifo);
>                  if (s->recv_fifo.num == 0) {
>                      s->lsr &= ~(UART_LSR_DR | UART_LSR_BI);
> --
> 1.8.1.2
>

Patch

diff --git a/hw/char/serial.c b/hw/char/serial.c
index b537e42..6382f98 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -424,7 +424,7 @@  static uint64_t serial_ioport_read(void *opaque, hwaddr
addr, unsigned size)
             ret = s->divider & 0xff;
         } else {
             if(s->fcr & UART_FCR_FE) {
-                ret = fifo8_is_full(&s->recv_fifo) ?
+                ret = fifo8_is_empty(&s->recv_fifo) ?
                             0 : fifo8_pop(&s->recv_fifo);
                 if (s->recv_fifo.num == 0) {