From: Laurent Vivier <laurent@vivier.eu>
To: qemu-devel@nongnu.org
Cc: "Peter Maydell" <peter.maydell@linaro.org>,
"Stefano Stabellini" <sstabellini@kernel.org>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Eduardo Habkost" <ehabkost@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Paul Durrant" <paul@xen.org>,
qemu-trivial@nongnu.org,
"Claudio Fontana" <claudio.fontana@huawei.com>,
"Cleber Rosa" <crosa@redhat.com>,
"Michael Tokarev" <mjt@tls.msk.ru>,
"Laurent Vivier" <laurent@vivier.eu>,
"Fabien Chouteau" <chouteau@adacore.com>,
"KONRAD Frederic" <frederic.konrad@adacore.com>,
qemu-arm@nongnu.org, qemu-ppc@nongnu.org,
"Cédric Le Goater" <clg@kaod.org>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
"Anthony Perard" <anthony.perard@citrix.com>,
xen-devel@lists.xenproject.org,
"Philippe Mathieu-Daudé" <philmd@redhat.com>,
"David Gibson" <david@gibson.dropbear.id.au>
Subject: [PULL 1/4] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to PnP registers
Date: Tue, 5 Nov 2019 15:42:44 +0100 [thread overview]
Message-ID: <20191105144247.10301-2-laurent@vivier.eu> (raw)
In-Reply-To: <20191105144247.10301-1-laurent@vivier.eu>
From: Philippe Mathieu-Daudé <philmd@redhat.com>
Guests can crash QEMU when writting to PnP registers:
$ echo 'writeb 0x800ff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio
[I 1571938309.932255] OPENED
[R +0.063474] writeb 0x800ff042 69
Segmentation fault (core dumped)
(gdb) bt
#0 0x0000000000000000 in ()
#1 0x0000555f4bcdf0bc in memory_region_write_with_attrs_accessor (mr=0x555f4d7be8c0, addr=66, value=0x7fff07d00f08, size=1, shift=0, mask=255, attrs=...) at memory.c:503
#2 0x0000555f4bcdf185 in access_with_adjusted_size (addr=66, value=0x7fff07d00f08, size=1, access_size_min=1, access_size_max=4, access_fn=0x555f4bcdeff4 <memory_region_write_with_attrs_accessor>, mr=0x555f4d7be8c0, attrs=...) at memory.c:539
#3 0x0000555f4bce2243 in memory_region_dispatch_write (mr=0x555f4d7be8c0, addr=66, data=69, op=MO_8, attrs=...) at memory.c:1489
#4 0x0000555f4bc80b20 in flatview_write_continue (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, addr1=66, l=1, mr=0x555f4d7be8c0) at exec.c:3161
#5 0x0000555f4bc80c65 in flatview_write (fv=0x555f4d92c400, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3201
#6 0x0000555f4bc80fb0 in address_space_write (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1) at exec.c:3291
#7 0x0000555f4bc8101d in address_space_rw (as=0x555f4d7aa460, addr=2148528194, attrs=..., buf=0x7fff07d01120 "E", len=1, is_write=true) at exec.c:3301
#8 0x0000555f4bcdb388 in qtest_process_command (chr=0x555f4c2ed7e0 <qtest_chr>, words=0x555f4db0c5d0) at qtest.c:432
Instead of crashing, log the access as unimplemented.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Message-Id: <20191025110114.27091-2-philmd@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
hw/misc/grlib_ahb_apb_pnp.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c
index 7338461694c9..f3c015d2c35f 100644
--- a/hw/misc/grlib_ahb_apb_pnp.c
+++ b/hw/misc/grlib_ahb_apb_pnp.c
@@ -22,6 +22,7 @@
*/
#include "qemu/osdep.h"
+#include "qemu/log.h"
#include "hw/sysbus.h"
#include "hw/misc/grlib_ahb_apb_pnp.h"
@@ -231,8 +232,15 @@ static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size)
return apb_pnp->regs[offset >> 2];
}
+static void grlib_apb_pnp_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
+}
+
static const MemoryRegionOps grlib_apb_pnp_ops = {
.read = grlib_apb_pnp_read,
+ .write = grlib_apb_pnp_write,
.endianness = DEVICE_BIG_ENDIAN,
};
--
2.21.0
next prev parent reply other threads:[~2019-11-05 14:45 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-05 14:42 [PULL 0/4] Trivial branch patches Laurent Vivier
2019-11-05 14:42 ` Laurent Vivier [this message]
2019-11-05 14:42 ` [PULL 2/4] hw/misc/grlib_ahb_apb_pnp: Fix 8-bit accesses Laurent Vivier
2019-11-05 14:42 ` [PULL 3/4] qom: Fix error message in object_class_property_add() Laurent Vivier
2019-11-05 14:42 ` [PULL 4/4] global: Squash 'the the' Laurent Vivier
2019-11-05 15:48 ` [PULL 0/4] Trivial branch patches no-reply
2019-11-05 15:56 ` Laurent Vivier
2019-11-05 16:03 ` Dr. David Alan Gilbert
2019-11-05 16:18 ` Laurent Vivier
2019-11-06 8:07 ` Greg Kurz
2019-11-05 17:52 ` no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191105144247.10301-2-laurent@vivier.eu \
--to=laurent@vivier.eu \
--cc=anthony.perard@citrix.com \
--cc=berrange@redhat.com \
--cc=chouteau@adacore.com \
--cc=claudio.fontana@huawei.com \
--cc=clg@kaod.org \
--cc=crosa@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=ehabkost@redhat.com \
--cc=frederic.konrad@adacore.com \
--cc=marcandre.lureau@redhat.com \
--cc=mjt@tls.msk.ru \
--cc=paul@xen.org \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=philmd@redhat.com \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=qemu-trivial@nongnu.org \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).