| Message ID | 20191025110114.27091-2-philmd@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | hw/sparc/leon3: Fixes for the AHB/APB bridge | expand |
Hi Philippe, Le 10/25/19 à 1:01 PM, Philippe Mathieu-Daudé a écrit : > Guests can crash QEMU when writting to PnP registers: > > $ echo 'writeb 0x800ff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio > [I 1571938309.932255] OPENED > [R +0.063474] writeb 0x800ff042 69 > Segmentation fault (core dumped) > > (gdb) bt > #0 0x0000000000000000 in () > #1 0x0000555f4bcdf0bc in memory_region_write_with_attrs_accessor (mr=0x555f4d7be8c0, addr=66, value=0x7fff07d00f08, size=1, shift=0, mask=255, attrs=...) at memory.c:503 > #2 0x0000555f4bcdf185 in access_with_adjusted_size (addr=66, value=0x7fff07d00f08, size=1, access_size_min=1, access_size_max=4, access_fn=0x555f4bcdeff4 <memory_region_write_with_attrs_accessor>, mr=0x555f4d7be8c0, attrs=...) at memory.c:539 > #3 0x0000555f4bce2243 in memory_region_dispatch_write (mr=0x555f4d7be8c0, addr=66, data=69, op=MO_8, attrs=...) at memory.c:1489 > #4 0x0000555f4bc80b20 in flatview_write_continue (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, addr1=66, l=1, mr=0x555f4d7be8c0) at exec.c:3161 > #5 0x0000555f4bc80c65 in flatview_write (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3201 > #6 0x0000555f4bc80fb0 in address_space_write (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3291 > #7 0x0000555f4bc8101d in address_space_rw (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, is_write=true) at exec.c:3301 > #8 0x0000555f4bcdb388 in qtest_process_command (chr=0x555f4c2ed7e0 <qtest_chr>, words=0x555f4db0c5d0) at qtest.c:432 > > Instead of crashing, log the access as unimplemented. > > Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> oops, thanks for that :). Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com> > --- > hw/misc/grlib_ahb_apb_pnp.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c > index 7338461694..f3c015d2c3 100644 > --- a/hw/misc/grlib_ahb_apb_pnp.c > +++ b/hw/misc/grlib_ahb_apb_pnp.c > @@ -22,6 +22,7 @@ > */ > > #include "qemu/osdep.h" > +#include "qemu/log.h" > #include "hw/sysbus.h" > #include "hw/misc/grlib_ahb_apb_pnp.h" > > @@ -231,8 +232,15 @@ static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size) > return apb_pnp->regs[offset >> 2]; > } > > +static void grlib_apb_pnp_write(void *opaque, hwaddr addr, > + uint64_t val, unsigned size) > +{ > + qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__); > +} > + > static const MemoryRegionOps grlib_apb_pnp_ops = { > .read = grlib_apb_pnp_read, > + .write = grlib_apb_pnp_write, > .endianness = DEVICE_BIG_ENDIAN, > }; > >
Le 25/10/2019 à 13:01, Philippe Mathieu-Daudé a écrit : > Guests can crash QEMU when writting to PnP registers: > > $ echo 'writeb 0x800ff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio > [I 1571938309.932255] OPENED > [R +0.063474] writeb 0x800ff042 69 > Segmentation fault (core dumped) > > (gdb) bt > #0 0x0000000000000000 in () > #1 0x0000555f4bcdf0bc in memory_region_write_with_attrs_accessor (mr=0x555f4d7be8c0, addr=66, value=0x7fff07d00f08, size=1, shift=0, mask=255, attrs=...) at memory.c:503 > #2 0x0000555f4bcdf185 in access_with_adjusted_size (addr=66, value=0x7fff07d00f08, size=1, access_size_min=1, access_size_max=4, access_fn=0x555f4bcdeff4 <memory_region_write_with_attrs_accessor>, mr=0x555f4d7be8c0, attrs=...) at memory.c:539 > #3 0x0000555f4bce2243 in memory_region_dispatch_write (mr=0x555f4d7be8c0, addr=66, data=69, op=MO_8, attrs=...) at memory.c:1489 > #4 0x0000555f4bc80b20 in flatview_write_continue (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, addr1=66, l=1, mr=0x555f4d7be8c0) at exec.c:3161 > #5 0x0000555f4bc80c65 in flatview_write (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3201 > #6 0x0000555f4bc80fb0 in address_space_write (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3291 > #7 0x0000555f4bc8101d in address_space_rw (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, is_write=true) at exec.c:3301 > #8 0x0000555f4bcdb388 in qtest_process_command (chr=0x555f4c2ed7e0 <qtest_chr>, words=0x555f4db0c5d0) at qtest.c:432 > > Instead of crashing, log the access as unimplemented. > > Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> > --- > hw/misc/grlib_ahb_apb_pnp.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c > index 7338461694..f3c015d2c3 100644 > --- a/hw/misc/grlib_ahb_apb_pnp.c > +++ b/hw/misc/grlib_ahb_apb_pnp.c > @@ -22,6 +22,7 @@ > */ > > #include "qemu/osdep.h" > +#include "qemu/log.h" > #include "hw/sysbus.h" > #include "hw/misc/grlib_ahb_apb_pnp.h" > > @@ -231,8 +232,15 @@ static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size) > return apb_pnp->regs[offset >> 2]; > } > > +static void grlib_apb_pnp_write(void *opaque, hwaddr addr, > + uint64_t val, unsigned size) > +{ > + qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__); > +} > + > static const MemoryRegionOps grlib_apb_pnp_ops = { > .read = grlib_apb_pnp_read, > + .write = grlib_apb_pnp_write, > .endianness = DEVICE_BIG_ENDIAN, > }; > > Applied to my trivial-patches branch. Thanks, Laurent
diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c index 7338461694..f3c015d2c3 100644 --- a/hw/misc/grlib_ahb_apb_pnp.c +++ b/hw/misc/grlib_ahb_apb_pnp.c @@ -22,6 +22,7 @@ */ #include "qemu/osdep.h" +#include "qemu/log.h" #include "hw/sysbus.h" #include "hw/misc/grlib_ahb_apb_pnp.h" @@ -231,8 +232,15 @@ static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size) return apb_pnp->regs[offset >> 2]; } +static void grlib_apb_pnp_write(void *opaque, hwaddr addr, + uint64_t val, unsigned size) +{ + qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__); +} + static const MemoryRegionOps grlib_apb_pnp_ops = { .read = grlib_apb_pnp_read, + .write = grlib_apb_pnp_write, .endianness = DEVICE_BIG_ENDIAN, };
Guests can crash QEMU when writting to PnP registers: $ echo 'writeb 0x800ff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio [I 1571938309.932255] OPENED [R +0.063474] writeb 0x800ff042 69 Segmentation fault (core dumped) (gdb) bt #0 0x0000000000000000 in () #1 0x0000555f4bcdf0bc in memory_region_write_with_attrs_accessor (mr=0x555f4d7be8c0, addr=66, value=0x7fff07d00f08, size=1, shift=0, mask=255, attrs=...) at memory.c:503 #2 0x0000555f4bcdf185 in access_with_adjusted_size (addr=66, value=0x7fff07d00f08, size=1, access_size_min=1, access_size_max=4, access_fn=0x555f4bcdeff4 <memory_region_write_with_attrs_accessor>, mr=0x555f4d7be8c0, attrs=...) at memory.c:539 #3 0x0000555f4bce2243 in memory_region_dispatch_write (mr=0x555f4d7be8c0, addr=66, data=69, op=MO_8, attrs=...) at memory.c:1489 #4 0x0000555f4bc80b20 in flatview_write_continue (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, addr1=66, l=1, mr=0x555f4d7be8c0) at exec.c:3161 #5 0x0000555f4bc80c65 in flatview_write (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3201 #6 0x0000555f4bc80fb0 in address_space_write (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3291 #7 0x0000555f4bc8101d in address_space_rw (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, is_write=true) at exec.c:3301 #8 0x0000555f4bcdb388 in qtest_process_command (chr=0x555f4c2ed7e0 <qtest_chr>, words=0x555f4db0c5d0) at qtest.c:432 Instead of crashing, log the access as unimplemented. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> --- hw/misc/grlib_ahb_apb_pnp.c | 8 ++++++++ 1 file changed, 8 insertions(+)