2019-05-15 15:31:32 +03:00
|
|
|
/*
|
|
|
|
* GRLIB AHB APB PNP
|
|
|
|
*
|
|
|
|
* Copyright (C) 2019 AdaCore
|
|
|
|
*
|
|
|
|
* Developed by :
|
|
|
|
* Frederic Konrad <frederic.konrad@adacore.com>
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation, either version 2 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License along
|
|
|
|
* with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "qemu/osdep.h"
|
hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers
Guests can crash QEMU when writting to PnP registers:
$ echo 'writeb 0x800ff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio
[I 1571938309.932255] OPENED
[R +0.063474] writeb 0x800ff042 69
Segmentation fault (core dumped)
(gdb) bt
#0 0x0000000000000000 in ()
#1 0x0000555f4bcdf0bc in memory_region_write_with_attrs_accessor (mr=0x555f4d7be8c0, addr=66, value=0x7fff07d00f08, size=1, shift=0, mask=255, attrs=...) at memory.c:503
#2 0x0000555f4bcdf185 in access_with_adjusted_size (addr=66, value=0x7fff07d00f08, size=1, access_size_min=1, access_size_max=4, access_fn=0x555f4bcdeff4 <memory_region_write_with_attrs_accessor>, mr=0x555f4d7be8c0, attrs=...) at memory.c:539
#3 0x0000555f4bce2243 in memory_region_dispatch_write (mr=0x555f4d7be8c0, addr=66, data=69, op=MO_8, attrs=...) at memory.c:1489
#4 0x0000555f4bc80b20 in flatview_write_continue (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, addr1=66, l=1, mr=0x555f4d7be8c0) at exec.c:3161
#5 0x0000555f4bc80c65 in flatview_write (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3201
#6 0x0000555f4bc80fb0 in address_space_write (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3291
#7 0x0000555f4bc8101d in address_space_rw (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, is_write=true) at exec.c:3301
#8 0x0000555f4bcdb388 in qtest_process_command (chr=0x555f4c2ed7e0 <qtest_chr>, words=0x555f4db0c5d0) at qtest.c:432
Instead of crashing, log the access as unimplemented.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Message-Id: <20191025110114.27091-2-philmd@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-10-25 14:01:13 +03:00
|
|
|
#include "qemu/log.h"
|
2019-05-15 15:31:32 +03:00
|
|
|
#include "hw/sysbus.h"
|
|
|
|
#include "hw/misc/grlib_ahb_apb_pnp.h"
|
2020-03-31 13:02:47 +03:00
|
|
|
#include "trace.h"
|
2019-05-15 15:31:32 +03:00
|
|
|
|
|
|
|
#define GRLIB_PNP_VENDOR_SHIFT (24)
|
|
|
|
#define GRLIB_PNP_VENDOR_SIZE (8)
|
|
|
|
#define GRLIB_PNP_DEV_SHIFT (12)
|
|
|
|
#define GRLIB_PNP_DEV_SIZE (12)
|
|
|
|
#define GRLIB_PNP_VER_SHIFT (5)
|
|
|
|
#define GRLIB_PNP_VER_SIZE (5)
|
|
|
|
#define GRLIB_PNP_IRQ_SHIFT (0)
|
|
|
|
#define GRLIB_PNP_IRQ_SIZE (5)
|
|
|
|
#define GRLIB_PNP_ADDR_SHIFT (20)
|
|
|
|
#define GRLIB_PNP_ADDR_SIZE (12)
|
|
|
|
#define GRLIB_PNP_MASK_SHIFT (4)
|
|
|
|
#define GRLIB_PNP_MASK_SIZE (12)
|
|
|
|
|
|
|
|
#define GRLIB_AHB_DEV_ADDR_SHIFT (20)
|
|
|
|
#define GRLIB_AHB_DEV_ADDR_SIZE (12)
|
|
|
|
#define GRLIB_AHB_ENTRY_SIZE (0x20)
|
|
|
|
#define GRLIB_AHB_MAX_DEV (64)
|
|
|
|
#define GRLIB_AHB_SLAVE_OFFSET (0x800)
|
|
|
|
|
|
|
|
#define GRLIB_APB_DEV_ADDR_SHIFT (8)
|
|
|
|
#define GRLIB_APB_DEV_ADDR_SIZE (12)
|
|
|
|
#define GRLIB_APB_ENTRY_SIZE (0x08)
|
|
|
|
#define GRLIB_APB_MAX_DEV (512)
|
|
|
|
|
|
|
|
#define GRLIB_PNP_MAX_REGS (0x1000)
|
|
|
|
|
|
|
|
typedef struct AHBPnp {
|
|
|
|
SysBusDevice parent_obj;
|
|
|
|
MemoryRegion iomem;
|
|
|
|
|
|
|
|
uint32_t regs[GRLIB_PNP_MAX_REGS >> 2];
|
|
|
|
uint8_t master_count;
|
|
|
|
uint8_t slave_count;
|
|
|
|
} AHBPnp;
|
|
|
|
|
|
|
|
void grlib_ahb_pnp_add_entry(AHBPnp *dev, uint32_t address, uint32_t mask,
|
|
|
|
uint8_t vendor, uint16_t device, int slave,
|
|
|
|
int type)
|
|
|
|
{
|
|
|
|
unsigned int reg_start;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* AHB entries look like this:
|
|
|
|
*
|
|
|
|
* 31 -------- 23 -------- 11 ----- 9 -------- 4 --- 0
|
|
|
|
* | VENDOR ID | DEVICE ID | IRQ ? | VERSION | IRQ |
|
|
|
|
* --------------------------------------------------
|
|
|
|
* | USER |
|
|
|
|
* --------------------------------------------------
|
|
|
|
* | USER |
|
|
|
|
* --------------------------------------------------
|
|
|
|
* | USER |
|
|
|
|
* --------------------------------------------------
|
|
|
|
* | USER |
|
|
|
|
* --------------------------------------------------
|
|
|
|
* 31 ----------- 20 --- 15 ----------------- 3 ---- 0
|
|
|
|
* | ADDR[31..12] | 00PC | MASK | TYPE |
|
|
|
|
* --------------------------------------------------
|
|
|
|
* 31 ----------- 20 --- 15 ----------------- 3 ---- 0
|
|
|
|
* | ADDR[31..12] | 00PC | MASK | TYPE |
|
|
|
|
* --------------------------------------------------
|
|
|
|
* 31 ----------- 20 --- 15 ----------------- 3 ---- 0
|
|
|
|
* | ADDR[31..12] | 00PC | MASK | TYPE |
|
|
|
|
* --------------------------------------------------
|
|
|
|
* 31 ----------- 20 --- 15 ----------------- 3 ---- 0
|
|
|
|
* | ADDR[31..12] | 00PC | MASK | TYPE |
|
|
|
|
* --------------------------------------------------
|
|
|
|
*/
|
|
|
|
|
|
|
|
if (slave) {
|
|
|
|
assert(dev->slave_count < GRLIB_AHB_MAX_DEV);
|
|
|
|
reg_start = (GRLIB_AHB_SLAVE_OFFSET
|
|
|
|
+ (dev->slave_count * GRLIB_AHB_ENTRY_SIZE)) >> 2;
|
|
|
|
dev->slave_count++;
|
|
|
|
} else {
|
|
|
|
assert(dev->master_count < GRLIB_AHB_MAX_DEV);
|
|
|
|
reg_start = (dev->master_count * GRLIB_AHB_ENTRY_SIZE) >> 2;
|
|
|
|
dev->master_count++;
|
|
|
|
}
|
|
|
|
|
|
|
|
dev->regs[reg_start] = deposit32(dev->regs[reg_start],
|
|
|
|
GRLIB_PNP_VENDOR_SHIFT,
|
|
|
|
GRLIB_PNP_VENDOR_SIZE,
|
|
|
|
vendor);
|
|
|
|
dev->regs[reg_start] = deposit32(dev->regs[reg_start],
|
|
|
|
GRLIB_PNP_DEV_SHIFT,
|
|
|
|
GRLIB_PNP_DEV_SIZE,
|
|
|
|
device);
|
|
|
|
reg_start += 4;
|
|
|
|
/* AHB Memory Space */
|
|
|
|
dev->regs[reg_start] = type;
|
|
|
|
dev->regs[reg_start] = deposit32(dev->regs[reg_start],
|
|
|
|
GRLIB_PNP_ADDR_SHIFT,
|
|
|
|
GRLIB_PNP_ADDR_SIZE,
|
|
|
|
extract32(address,
|
|
|
|
GRLIB_AHB_DEV_ADDR_SHIFT,
|
|
|
|
GRLIB_AHB_DEV_ADDR_SIZE));
|
|
|
|
dev->regs[reg_start] = deposit32(dev->regs[reg_start],
|
|
|
|
GRLIB_PNP_MASK_SHIFT,
|
|
|
|
GRLIB_PNP_MASK_SIZE,
|
|
|
|
mask);
|
|
|
|
}
|
|
|
|
|
|
|
|
static uint64_t grlib_ahb_pnp_read(void *opaque, hwaddr offset, unsigned size)
|
|
|
|
{
|
|
|
|
AHBPnp *ahb_pnp = GRLIB_AHB_PNP(opaque);
|
2020-03-31 13:02:47 +03:00
|
|
|
uint32_t val;
|
2019-05-15 15:31:32 +03:00
|
|
|
|
2020-03-31 13:02:47 +03:00
|
|
|
val = ahb_pnp->regs[offset >> 2];
|
|
|
|
trace_grlib_ahb_pnp_read(offset, val);
|
|
|
|
|
|
|
|
return val;
|
2019-05-15 15:31:32 +03:00
|
|
|
}
|
|
|
|
|
hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to AHB PnP registers
Similarly to commit 158b659451 with the APB PnP registers, guests
can crash QEMU when writting to the AHB PnP registers:
$ echo 'writeb 0xfffff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio
[I 1571938309.932255] OPENED
[R +0.063474] writeb 0xfffff042 69
Segmentation fault (core dumped)
(gdb) bt
#0 0x0000000000000000 in ()
#1 0x0000562999110df4 in memory_region_write_with_attrs_accessor
(mr=mr@entry=0x56299aa28ea0, addr=66, value=value@entry=0x7fff6abe13b8, size=size@entry=1, shift=<optimized out>, mask=mask@entry=255, attrs=...) at memory.c:503
#2 0x000056299911095e in access_with_adjusted_size
(addr=addr@entry=66, value=value@entry=0x7fff6abe13b8, size=size@entry=1, access_size_min=<optimized out>, access_size_max=<optimized out>, access_fn=access_fn@entry=
0x562999110d70 <memory_region_write_with_attrs_accessor>, mr=0x56299aa28ea0, attrs=...) at memory.c:539
#3 0x0000562999114fba in memory_region_dispatch_write (mr=mr@entry=0x56299aa28ea0, addr=66, data=<optimized out>, op=<optimized out>, attrs=attrs@entry=...) at memory.c:1482
#4 0x00005629990c0860 in flatview_write_continue
(fv=fv@entry=0x56299aa7d8a0, addr=addr@entry=4294963266, attrs=..., ptr=ptr@entry=0x7fff6abe1540, len=len@entry=1, addr1=<optimized out>, l=<optimized out>, mr=0x56299aa28ea0)
at include/qemu/host-utils.h:164
#5 0x00005629990c0a76 in flatview_write (fv=0x56299aa7d8a0, addr=4294963266, attrs=..., buf=0x7fff6abe1540, len=1) at exec.c:3165
#6 0x00005629990c4c1b in address_space_write (as=<optimized out>, addr=<optimized out>, attrs=..., attrs@entry=..., buf=buf@entry=0x7fff6abe1540, len=len@entry=1) at exec.c:3256
#7 0x000056299910f807 in qtest_process_command (chr=chr@entry=0x5629995ee920 <qtest_chr>, words=words@entry=0x56299acfcfa0) at qtest.c:437
Instead of crashing, log the access as unimplemented.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Message-Id: <20200331105048.27989-3-f4bug@amsat.org>
2020-03-31 12:56:22 +03:00
|
|
|
static void grlib_ahb_pnp_write(void *opaque, hwaddr addr,
|
|
|
|
uint64_t val, unsigned size)
|
|
|
|
{
|
|
|
|
qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
|
|
|
|
}
|
|
|
|
|
2019-05-15 15:31:32 +03:00
|
|
|
static const MemoryRegionOps grlib_ahb_pnp_ops = {
|
|
|
|
.read = grlib_ahb_pnp_read,
|
hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to AHB PnP registers
Similarly to commit 158b659451 with the APB PnP registers, guests
can crash QEMU when writting to the AHB PnP registers:
$ echo 'writeb 0xfffff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio
[I 1571938309.932255] OPENED
[R +0.063474] writeb 0xfffff042 69
Segmentation fault (core dumped)
(gdb) bt
#0 0x0000000000000000 in ()
#1 0x0000562999110df4 in memory_region_write_with_attrs_accessor
(mr=mr@entry=0x56299aa28ea0, addr=66, value=value@entry=0x7fff6abe13b8, size=size@entry=1, shift=<optimized out>, mask=mask@entry=255, attrs=...) at memory.c:503
#2 0x000056299911095e in access_with_adjusted_size
(addr=addr@entry=66, value=value@entry=0x7fff6abe13b8, size=size@entry=1, access_size_min=<optimized out>, access_size_max=<optimized out>, access_fn=access_fn@entry=
0x562999110d70 <memory_region_write_with_attrs_accessor>, mr=0x56299aa28ea0, attrs=...) at memory.c:539
#3 0x0000562999114fba in memory_region_dispatch_write (mr=mr@entry=0x56299aa28ea0, addr=66, data=<optimized out>, op=<optimized out>, attrs=attrs@entry=...) at memory.c:1482
#4 0x00005629990c0860 in flatview_write_continue
(fv=fv@entry=0x56299aa7d8a0, addr=addr@entry=4294963266, attrs=..., ptr=ptr@entry=0x7fff6abe1540, len=len@entry=1, addr1=<optimized out>, l=<optimized out>, mr=0x56299aa28ea0)
at include/qemu/host-utils.h:164
#5 0x00005629990c0a76 in flatview_write (fv=0x56299aa7d8a0, addr=4294963266, attrs=..., buf=0x7fff6abe1540, len=1) at exec.c:3165
#6 0x00005629990c4c1b in address_space_write (as=<optimized out>, addr=<optimized out>, attrs=..., attrs@entry=..., buf=buf@entry=0x7fff6abe1540, len=len@entry=1) at exec.c:3256
#7 0x000056299910f807 in qtest_process_command (chr=chr@entry=0x5629995ee920 <qtest_chr>, words=words@entry=0x56299acfcfa0) at qtest.c:437
Instead of crashing, log the access as unimplemented.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Message-Id: <20200331105048.27989-3-f4bug@amsat.org>
2020-03-31 12:56:22 +03:00
|
|
|
.write = grlib_ahb_pnp_write,
|
2019-05-15 15:31:32 +03:00
|
|
|
.endianness = DEVICE_BIG_ENDIAN,
|
2020-03-31 12:59:49 +03:00
|
|
|
.impl = {
|
|
|
|
.min_access_size = 4,
|
|
|
|
.max_access_size = 4,
|
|
|
|
},
|
2019-05-15 15:31:32 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
static void grlib_ahb_pnp_realize(DeviceState *dev, Error **errp)
|
|
|
|
{
|
|
|
|
AHBPnp *ahb_pnp = GRLIB_AHB_PNP(dev);
|
|
|
|
SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
|
|
|
|
|
|
|
|
memory_region_init_io(&ahb_pnp->iomem, OBJECT(dev), &grlib_ahb_pnp_ops,
|
|
|
|
ahb_pnp, TYPE_GRLIB_AHB_PNP, GRLIB_PNP_MAX_REGS);
|
|
|
|
sysbus_init_mmio(sbd, &ahb_pnp->iomem);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void grlib_ahb_pnp_class_init(ObjectClass *klass, void *data)
|
|
|
|
{
|
|
|
|
DeviceClass *dc = DEVICE_CLASS(klass);
|
|
|
|
|
|
|
|
dc->realize = grlib_ahb_pnp_realize;
|
|
|
|
}
|
|
|
|
|
|
|
|
static const TypeInfo grlib_ahb_pnp_info = {
|
|
|
|
.name = TYPE_GRLIB_AHB_PNP,
|
|
|
|
.parent = TYPE_SYS_BUS_DEVICE,
|
|
|
|
.instance_size = sizeof(AHBPnp),
|
|
|
|
.class_init = grlib_ahb_pnp_class_init,
|
|
|
|
};
|
|
|
|
|
|
|
|
/* APBPnp */
|
|
|
|
|
|
|
|
typedef struct APBPnp {
|
|
|
|
SysBusDevice parent_obj;
|
|
|
|
MemoryRegion iomem;
|
|
|
|
|
|
|
|
uint32_t regs[GRLIB_PNP_MAX_REGS >> 2];
|
|
|
|
uint32_t entry_count;
|
|
|
|
} APBPnp;
|
|
|
|
|
|
|
|
void grlib_apb_pnp_add_entry(APBPnp *dev, uint32_t address, uint32_t mask,
|
|
|
|
uint8_t vendor, uint16_t device, uint8_t version,
|
|
|
|
uint8_t irq, int type)
|
|
|
|
{
|
|
|
|
unsigned int reg_start;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* APB entries look like this:
|
|
|
|
*
|
|
|
|
* 31 -------- 23 -------- 11 ----- 9 ------- 4 --- 0
|
|
|
|
* | VENDOR ID | DEVICE ID | IRQ ? | VERSION | IRQ |
|
|
|
|
*
|
|
|
|
* 31 ---------- 20 --- 15 ----------------- 3 ---- 0
|
|
|
|
* | ADDR[20..8] | 0000 | MASK | TYPE |
|
|
|
|
*/
|
|
|
|
|
|
|
|
assert(dev->entry_count < GRLIB_APB_MAX_DEV);
|
|
|
|
reg_start = (dev->entry_count * GRLIB_APB_ENTRY_SIZE) >> 2;
|
|
|
|
dev->entry_count++;
|
|
|
|
|
|
|
|
dev->regs[reg_start] = deposit32(dev->regs[reg_start],
|
|
|
|
GRLIB_PNP_VENDOR_SHIFT,
|
|
|
|
GRLIB_PNP_VENDOR_SIZE,
|
|
|
|
vendor);
|
|
|
|
dev->regs[reg_start] = deposit32(dev->regs[reg_start],
|
|
|
|
GRLIB_PNP_DEV_SHIFT,
|
|
|
|
GRLIB_PNP_DEV_SIZE,
|
|
|
|
device);
|
|
|
|
dev->regs[reg_start] = deposit32(dev->regs[reg_start],
|
|
|
|
GRLIB_PNP_VER_SHIFT,
|
|
|
|
GRLIB_PNP_VER_SIZE,
|
|
|
|
version);
|
|
|
|
dev->regs[reg_start] = deposit32(dev->regs[reg_start],
|
|
|
|
GRLIB_PNP_IRQ_SHIFT,
|
|
|
|
GRLIB_PNP_IRQ_SIZE,
|
|
|
|
irq);
|
|
|
|
reg_start += 1;
|
|
|
|
dev->regs[reg_start] = type;
|
|
|
|
dev->regs[reg_start] = deposit32(dev->regs[reg_start],
|
|
|
|
GRLIB_PNP_ADDR_SHIFT,
|
|
|
|
GRLIB_PNP_ADDR_SIZE,
|
|
|
|
extract32(address,
|
|
|
|
GRLIB_APB_DEV_ADDR_SHIFT,
|
|
|
|
GRLIB_APB_DEV_ADDR_SIZE));
|
|
|
|
dev->regs[reg_start] = deposit32(dev->regs[reg_start],
|
|
|
|
GRLIB_PNP_MASK_SHIFT,
|
|
|
|
GRLIB_PNP_MASK_SIZE,
|
|
|
|
mask);
|
|
|
|
}
|
|
|
|
|
|
|
|
static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size)
|
|
|
|
{
|
|
|
|
APBPnp *apb_pnp = GRLIB_APB_PNP(opaque);
|
2020-03-31 13:02:47 +03:00
|
|
|
uint32_t val;
|
|
|
|
|
|
|
|
val = apb_pnp->regs[offset >> 2];
|
|
|
|
trace_grlib_apb_pnp_read(offset, val);
|
2019-05-15 15:31:32 +03:00
|
|
|
|
2020-03-31 13:02:47 +03:00
|
|
|
return val;
|
2019-05-15 15:31:32 +03:00
|
|
|
}
|
|
|
|
|
hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers
Guests can crash QEMU when writting to PnP registers:
$ echo 'writeb 0x800ff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio
[I 1571938309.932255] OPENED
[R +0.063474] writeb 0x800ff042 69
Segmentation fault (core dumped)
(gdb) bt
#0 0x0000000000000000 in ()
#1 0x0000555f4bcdf0bc in memory_region_write_with_attrs_accessor (mr=0x555f4d7be8c0, addr=66, value=0x7fff07d00f08, size=1, shift=0, mask=255, attrs=...) at memory.c:503
#2 0x0000555f4bcdf185 in access_with_adjusted_size (addr=66, value=0x7fff07d00f08, size=1, access_size_min=1, access_size_max=4, access_fn=0x555f4bcdeff4 <memory_region_write_with_attrs_accessor>, mr=0x555f4d7be8c0, attrs=...) at memory.c:539
#3 0x0000555f4bce2243 in memory_region_dispatch_write (mr=0x555f4d7be8c0, addr=66, data=69, op=MO_8, attrs=...) at memory.c:1489
#4 0x0000555f4bc80b20 in flatview_write_continue (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, addr1=66, l=1, mr=0x555f4d7be8c0) at exec.c:3161
#5 0x0000555f4bc80c65 in flatview_write (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3201
#6 0x0000555f4bc80fb0 in address_space_write (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3291
#7 0x0000555f4bc8101d in address_space_rw (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, is_write=true) at exec.c:3301
#8 0x0000555f4bcdb388 in qtest_process_command (chr=0x555f4c2ed7e0 <qtest_chr>, words=0x555f4db0c5d0) at qtest.c:432
Instead of crashing, log the access as unimplemented.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Message-Id: <20191025110114.27091-2-philmd@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-10-25 14:01:13 +03:00
|
|
|
static void grlib_apb_pnp_write(void *opaque, hwaddr addr,
|
|
|
|
uint64_t val, unsigned size)
|
|
|
|
{
|
|
|
|
qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
|
|
|
|
}
|
|
|
|
|
2019-05-15 15:31:32 +03:00
|
|
|
static const MemoryRegionOps grlib_apb_pnp_ops = {
|
|
|
|
.read = grlib_apb_pnp_read,
|
hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers
Guests can crash QEMU when writting to PnP registers:
$ echo 'writeb 0x800ff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio
[I 1571938309.932255] OPENED
[R +0.063474] writeb 0x800ff042 69
Segmentation fault (core dumped)
(gdb) bt
#0 0x0000000000000000 in ()
#1 0x0000555f4bcdf0bc in memory_region_write_with_attrs_accessor (mr=0x555f4d7be8c0, addr=66, value=0x7fff07d00f08, size=1, shift=0, mask=255, attrs=...) at memory.c:503
#2 0x0000555f4bcdf185 in access_with_adjusted_size (addr=66, value=0x7fff07d00f08, size=1, access_size_min=1, access_size_max=4, access_fn=0x555f4bcdeff4 <memory_region_write_with_attrs_accessor>, mr=0x555f4d7be8c0, attrs=...) at memory.c:539
#3 0x0000555f4bce2243 in memory_region_dispatch_write (mr=0x555f4d7be8c0, addr=66, data=69, op=MO_8, attrs=...) at memory.c:1489
#4 0x0000555f4bc80b20 in flatview_write_continue (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, addr1=66, l=1, mr=0x555f4d7be8c0) at exec.c:3161
#5 0x0000555f4bc80c65 in flatview_write (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3201
#6 0x0000555f4bc80fb0 in address_space_write (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3291
#7 0x0000555f4bc8101d in address_space_rw (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, is_write=true) at exec.c:3301
#8 0x0000555f4bcdb388 in qtest_process_command (chr=0x555f4c2ed7e0 <qtest_chr>, words=0x555f4db0c5d0) at qtest.c:432
Instead of crashing, log the access as unimplemented.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Message-Id: <20191025110114.27091-2-philmd@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-10-25 14:01:13 +03:00
|
|
|
.write = grlib_apb_pnp_write,
|
2019-05-15 15:31:32 +03:00
|
|
|
.endianness = DEVICE_BIG_ENDIAN,
|
2019-10-25 14:01:14 +03:00
|
|
|
.impl = {
|
|
|
|
.min_access_size = 4,
|
|
|
|
.max_access_size = 4,
|
|
|
|
},
|
2019-05-15 15:31:32 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
static void grlib_apb_pnp_realize(DeviceState *dev, Error **errp)
|
|
|
|
{
|
|
|
|
APBPnp *apb_pnp = GRLIB_APB_PNP(dev);
|
|
|
|
SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
|
|
|
|
|
|
|
|
memory_region_init_io(&apb_pnp->iomem, OBJECT(dev), &grlib_apb_pnp_ops,
|
|
|
|
apb_pnp, TYPE_GRLIB_APB_PNP, GRLIB_PNP_MAX_REGS);
|
|
|
|
sysbus_init_mmio(sbd, &apb_pnp->iomem);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void grlib_apb_pnp_class_init(ObjectClass *klass, void *data)
|
|
|
|
{
|
|
|
|
DeviceClass *dc = DEVICE_CLASS(klass);
|
|
|
|
|
|
|
|
dc->realize = grlib_apb_pnp_realize;
|
|
|
|
}
|
|
|
|
|
|
|
|
static const TypeInfo grlib_apb_pnp_info = {
|
|
|
|
.name = TYPE_GRLIB_APB_PNP,
|
|
|
|
.parent = TYPE_SYS_BUS_DEVICE,
|
|
|
|
.instance_size = sizeof(APBPnp),
|
|
|
|
.class_init = grlib_apb_pnp_class_init,
|
|
|
|
};
|
|
|
|
|
|
|
|
static void grlib_ahb_apb_pnp_register_types(void)
|
|
|
|
{
|
|
|
|
type_register_static(&grlib_ahb_pnp_info);
|
|
|
|
type_register_static(&grlib_apb_pnp_info);
|
|
|
|
}
|
|
|
|
|
|
|
|
type_init(grlib_ahb_apb_pnp_register_types)
|