qemu/hw/char
Zheyu Ma b88cfee902 hw/char/pl011: Avoid division-by-zero in pl011_get_baudrate()
In pl011_get_baudrate(), when we calculate the baudrate we can
accidentally divide by zero. This happens because although (as the
specification requires) we treat UARTIBRD = 0 as invalid, we aren't
correctly limiting UARTIBRD and UARTFBRD values to the 16-bit and 6-bit
ranges the hardware allows, and so some non-zero values of UARTIBRD can
result in a zero divisor.

Enforce the correct register field widths on guest writes and on inbound
migration to avoid the division by zero.

ASAN log:
==2973125==ERROR: AddressSanitizer: FPE on unknown address 0x55f72629b348
(pc 0x55f72629b348 bp 0x7fffa24d0e00 sp 0x7fffa24d0d60 T0)
     #0 0x55f72629b348 in pl011_get_baudrate hw/char/pl011.c:255:17
     #1 0x55f726298d94 in pl011_trace_baudrate_change hw/char/pl011.c:260:33
     #2 0x55f726296fc8 in pl011_write hw/char/pl011.c:378:9

Reproducer:
cat << EOF | qemu-system-aarch64 -display \
none -machine accel=qtest, -m 512M -machine realview-pb-a8 -qtest stdio
writeq 0x1000b024 0xf8000000
EOF

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240702155752.3022007-1-zheyuma97@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-07-11 11:41:33 +01:00
..
avr_usart.c qdev: Move softmmu properties to qdev-properties-system.h 2020-12-18 15:20:17 -05:00
bcm2835_aux.c hw/char: Constify VMState 2023-12-29 11:17:30 +11:00
cadence_uart.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
cmsdk-apb-uart.c hw/char: Constify VMState 2023-12-29 11:17:30 +11:00
debugcon.c qdev: Move softmmu properties to qdev-properties-system.h 2020-12-18 15:20:17 -05:00
digic-uart.c hw/char: Constify VMState 2023-12-29 11:17:30 +11:00
escc.c hw/char: Constify VMState 2023-12-29 11:17:30 +11:00
etraxfs_ser.c bulk: Rename TARGET_FMT_plx -> HWADDR_FMT_plx 2023-01-18 11:14:34 +01:00
exynos4210_uart.c hw/char: Constify VMState 2023-12-29 11:17:30 +11:00
goldfish_tty.c hw/char: Constify VMState 2023-12-29 11:17:30 +11:00
grlib_apbuart.c hw/sparc/grlib: split out the headers for each peripherals 2024-02-15 16:58:46 +01:00
ibex_uart.c hw/char: Constify VMState 2023-12-29 11:17:30 +11:00
imx_serial.c hw/char/imx_serial: Implement receive FIFO and ageing timer 2024-01-26 11:34:21 +00:00
ipoctal232.c hw/char: Constify VMState 2023-12-29 11:17:30 +11:00
Kconfig hw/char: Implement STM32L4x5 USART skeleton 2024-04-25 10:21:59 +01:00
mcf_uart.c hw/char/mcf_uart: Have mcf_uart_create() return DeviceState 2023-11-01 07:31:05 +01:00
mchp_pfsoc_mmuart.c hw/char: Constify VMState 2023-12-29 11:17:30 +11:00
meson.build hw/char: Implement STM32L4x5 USART skeleton 2024-04-25 10:21:59 +01:00
nrf51_uart.c hw/char: Constify VMState 2023-12-29 11:17:30 +11:00
omap_uart.c hw: arm: Remove use of tabs in some source files 2024-05-28 14:20:48 +01:00
parallel-isa.c hw/char/parallel-isa: Implement relocation and enabling/disabling for TYPE_ISA_PARALLEL 2024-02-14 06:09:32 -05:00
parallel.c hw/char/parallel: Move portio_list from ParallelState to ISAParallelState 2024-02-14 06:09:32 -05:00
pl011.c hw/char/pl011: Avoid division-by-zero in pl011_get_baudrate() 2024-07-11 11:41:33 +01:00
renesas_sci.c hw/char: Constify VMState 2023-12-29 11:17:30 +11:00
riscv_htif.c hw/char: riscv_htif: replace exit calls with proper shutdown 2023-10-12 12:35:36 +10:00
sclpconsole-lm.c hw/char: Constify VMState 2023-12-29 11:17:30 +11:00
sclpconsole.c hw/char: Constify VMState 2023-12-29 11:17:30 +11:00
serial-isa.c hw/char/serial-isa: Implement relocation and enabling/disabling for TYPE_ISA_SERIAL 2024-02-14 06:09:32 -05:00
serial-pci-multi.c hw/char: Constify VMState 2023-12-29 11:17:30 +11:00
serial-pci.c hw/char: Constify VMState 2023-12-29 11:17:30 +11:00
serial.c hw/char: Constify VMState 2023-12-29 11:17:30 +11:00
sh_serial.c hw/char/sh_serial: Add device id to trace output 2021-10-30 18:39:37 +02:00
shakti_uart.c hw/char: shakti_uart: Register device in 'input' category 2021-10-07 08:41:33 +10:00
sifive_uart.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
spapr_vty.c hw/char: Constify VMState 2023-12-29 11:17:30 +11:00
stm32f2xx_usart.c hw/char/stm32f2xx_usart: Update IRQ when DR is written 2023-11-02 13:36:45 +00:00
stm32l4x5_usart.c hw/char: Correct STM32L4x5 usart register CR2 field ADD_0 size 2024-05-28 14:20:48 +01:00
terminal3270.c s390x: css: report errors from ccw_dstream_read/write 2021-04-09 10:52:13 +02:00
trace-events hw/char/stm32l4x5_usart: Add options for serial parameters setting 2024-04-25 10:21:59 +01:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
virtio-console.c hw/char: Have FEWatchFunc handlers return G_SOURCE_CONTINUE/REMOVE 2023-08-31 19:47:43 +02:00
virtio-serial-bus.c hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs 2024-04-10 09:09:33 +02:00
xen_console.c hw/char/xen_console: Fix missing ERRP_GUARD() for error_prepend() 2024-03-09 18:51:45 +01:00
xilinx_uartlite.c hw/char/xilinx_uartlite: Expose XILINX_UARTLITE QOM type 2023-02-27 13:27:05 +00:00