From: Wei Huang <wei@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: QEMU Trivial <qemu-trivial@nongnu.org>,
Igor Mammedov <imammedo@redhat.com>,
Shannon Zhao <zhaoshenglong@huawei.com>,
QEMU Developers <qemu-devel@nongnu.org>,
Shannon Zhao <shannon.zhao@linaro.org>
Subject: Re: [Qemu-trivial] [PATCH V2 1/2] ARM: PL061: Clear PL061 device state after reset
Date: Wed, 17 Feb 2016 11:34:05 -0600 [thread overview]
Message-ID: <56C4AF0D.9070803@redhat.com> (raw)
In-Reply-To: <CAFEAcA8oUBe+mZ+2Lq0RO2eq_-H+atamp=gBCnxS2OWdkyza0w@mail.gmail.com>
On 02/16/2016 08:39 AM, Peter Maydell wrote:
> On 16 February 2016 at 14:35, Peter Maydell <peter.maydell@linaro.org> wrote:
>> On 1 February 2016 at 20:49, Wei Huang <wei@redhat.com> wrote:
>>> Current QEMU doesn't clear PL061 state after reset. This causes a
>>> weird issue with guest reboot via GPIO. Here is the device state
>>> description with two reboot requests:
>
>>
>> These reset values are all OK...
>>
>>> +
>>> +static void pl061_state_reset(DeviceState *dev)
>>> +{
>>> + PL061State *s = PL061(dev);
>>> +
>>> + pl061_reset(s);
>>> }
>>
>> ...but you don't need to have this wrapper function.
>> You can just do the reset in a function called pl061_reset()
>> with the function signature we need for dc->reset.
>> The only place that currently calls the existing pl061_reset()
>> is the device's init function, and you can delete that call
>> because the Device framework automatically calls the dc->reset
>> function after device initialization.
>
> I know this patch doesn't (by itself) fix the issues with guest
> reboot, but I think it is worth having anyway because not resetting
> the PL061 state is a genuine bug. Can you do a v3 and resend, please?
>
> PS: please could you include a cover letter email next time round,
> since this is a multi patch series?
Done, please review.
>
> Side note: half our "PL061" behaviour is actually specific
> to the TI variant in the Luminary, and for our plain old PL061
> we ought to restrict access to the registers that are Stellaris
> only. But that's a different bug and not a very major one.
Thanks for your suggestion. I was trying to fix it. The plan was to add
a new field rsvd_addr in "struct PL061State". Then in pl061_read() and
pl061_write(), we can check offset against [rsvd_addr, 0xfcc] (ignored
if inside).
While I was working on it, I realized that this is a benign issue. It is
true that PL061 device can access Luminary registers in the reserved
memory area. However QEMU doesn't use these Luminary registers anywhere
else other than pl061_read() and pl061_write(). It basically passes the
read/write requests through. I don't see a malicious driver can damage
device state. Thoughts?
Thanks,
-Wei
>
> thanks
> -- PMM
>
WARNING: multiple messages have this Message-ID (diff)
From: Wei Huang <wei@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: QEMU Trivial <qemu-trivial@nongnu.org>,
Igor Mammedov <imammedo@redhat.com>,
Shannon Zhao <zhaoshenglong@huawei.com>,
QEMU Developers <qemu-devel@nongnu.org>,
Shannon Zhao <shannon.zhao@linaro.org>
Subject: Re: [Qemu-devel] [PATCH V2 1/2] ARM: PL061: Clear PL061 device state after reset
Date: Wed, 17 Feb 2016 11:34:05 -0600 [thread overview]
Message-ID: <56C4AF0D.9070803@redhat.com> (raw)
In-Reply-To: <CAFEAcA8oUBe+mZ+2Lq0RO2eq_-H+atamp=gBCnxS2OWdkyza0w@mail.gmail.com>
On 02/16/2016 08:39 AM, Peter Maydell wrote:
> On 16 February 2016 at 14:35, Peter Maydell <peter.maydell@linaro.org> wrote:
>> On 1 February 2016 at 20:49, Wei Huang <wei@redhat.com> wrote:
>>> Current QEMU doesn't clear PL061 state after reset. This causes a
>>> weird issue with guest reboot via GPIO. Here is the device state
>>> description with two reboot requests:
>
>>
>> These reset values are all OK...
>>
>>> +
>>> +static void pl061_state_reset(DeviceState *dev)
>>> +{
>>> + PL061State *s = PL061(dev);
>>> +
>>> + pl061_reset(s);
>>> }
>>
>> ...but you don't need to have this wrapper function.
>> You can just do the reset in a function called pl061_reset()
>> with the function signature we need for dc->reset.
>> The only place that currently calls the existing pl061_reset()
>> is the device's init function, and you can delete that call
>> because the Device framework automatically calls the dc->reset
>> function after device initialization.
>
> I know this patch doesn't (by itself) fix the issues with guest
> reboot, but I think it is worth having anyway because not resetting
> the PL061 state is a genuine bug. Can you do a v3 and resend, please?
>
> PS: please could you include a cover letter email next time round,
> since this is a multi patch series?
Done, please review.
>
> Side note: half our "PL061" behaviour is actually specific
> to the TI variant in the Luminary, and for our plain old PL061
> we ought to restrict access to the registers that are Stellaris
> only. But that's a different bug and not a very major one.
Thanks for your suggestion. I was trying to fix it. The plan was to add
a new field rsvd_addr in "struct PL061State". Then in pl061_read() and
pl061_write(), we can check offset against [rsvd_addr, 0xfcc] (ignored
if inside).
While I was working on it, I realized that this is a benign issue. It is
true that PL061 device can access Luminary registers in the reserved
memory area. However QEMU doesn't use these Luminary registers anywhere
else other than pl061_read() and pl061_write(). It basically passes the
read/write requests through. I don't see a malicious driver can damage
device state. Thoughts?
Thanks,
-Wei
>
> thanks
> -- PMM
>
next prev parent reply other threads:[~2016-02-17 17:34 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-01 20:49 [Qemu-trivial] [PATCH V2 1/2] ARM: PL061: Clear PL061 device state after reset Wei Huang
2016-02-01 20:49 ` [Qemu-devel] " Wei Huang
2016-02-01 20:49 ` [Qemu-trivial] [PATCH V2 2/2] ARM: PL061: Cleaning field of PL061 device state Wei Huang
2016-02-01 20:49 ` [Qemu-devel] " Wei Huang
2016-02-16 14:36 ` [Qemu-trivial] " Peter Maydell
2016-02-16 14:36 ` [Qemu-devel] " Peter Maydell
2016-02-03 12:46 ` [Qemu-trivial] [PATCH V2 1/2] ARM: PL061: Clear PL061 device state after reset Shannon Zhao
2016-02-03 12:46 ` [Qemu-devel] " Shannon Zhao
2016-02-16 14:35 ` [Qemu-trivial] " Peter Maydell
2016-02-16 14:35 ` [Qemu-devel] " Peter Maydell
2016-02-16 14:39 ` [Qemu-trivial] " Peter Maydell
2016-02-16 14:39 ` [Qemu-devel] " Peter Maydell
2016-02-17 17:34 ` Wei Huang [this message]
2016-02-17 17:34 ` Wei Huang
2016-02-17 17:53 ` [Qemu-trivial] " Peter Maydell
2016-02-17 17:53 ` [Qemu-devel] " Peter Maydell
2016-02-17 19:09 ` [Qemu-trivial] " Wei Huang
2016-02-17 19:09 ` [Qemu-devel] " Wei Huang
2016-02-17 19:23 ` [Qemu-trivial] " Peter Maydell
2016-02-17 19:23 ` [Qemu-devel] " Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56C4AF0D.9070803@redhat.com \
--to=wei@redhat.com \
--cc=imammedo@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-trivial@nongnu.org \
--cc=shannon.zhao@linaro.org \
--cc=zhaoshenglong@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.