Re: [PATCH 6/6] hw/i2c: Implement NPCM7XX SMBus Module FIFO Mode

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Corey Minyard <minyard@acm.org>
To: Hao Wu <wuhaotsh@google.com>
Cc: Peter Maydell <peter.maydell@linaro.org>,
	Patrick Venture <venture@google.com>,
	Havard Skinnemoen <hskinnemoen@google.com>,
	QEMU Developers <qemu-devel@nongnu.org>,
	CS20 KFTing <kfting@nuvoton.com>, qemu-arm <qemu-arm@nongnu.org>,
	IS20 Avi Fishman <Avi.Fishman@nuvoton.com>,
	Doug Evans <dje@google.com>
Subject: Re: [PATCH 6/6] hw/i2c: Implement NPCM7XX SMBus Module FIFO Mode
Date: Wed, 27 Jan 2021 15:42:51 -0600	[thread overview]
Message-ID: <20210127214251.GE2057975@minyard.net> (raw)
In-Reply-To: <CAGcCb12nJAMnZ+eaWC6n08hAFAVueCknSWzbEYFPp+GUApoRdg@mail.gmail.com>

On Wed, Jan 27, 2021 at 12:37:46PM -0800, wuhaotsh--- via wrote:
> On Tue, Jan 26, 2021 at 3:47 PM Corey Minyard <minyard@acm.org> wrote:
> 
> > On Tue, Jan 26, 2021 at 11:32:37AM -0800, wuhaotsh--- via wrote:
> > > +
> > > +static void npcm7xx_smbus_read_byte_fifo(NPCM7xxSMBusState *s)
> > > +{
> > > +    uint8_t received_bytes = NPCM7XX_SMBRXF_STS_RX_BYTES(s->rxf_sts);
> > > +
> > > +    if (received_bytes == 0) {
> > > +        npcm7xx_smbus_recv_fifo(s);
> > > +        return;
> > > +    }
> > > +
> > > +    s->sda = s->rx_fifo[s->rx_cur];
> > > +    s->rx_cur = (s->rx_cur + 1u) % NPCM7XX_SMBUS_FIFO_SIZE;
> > > +    --s->rxf_sts;
> >
> > This open-coded decrement seems a little risky.  Are you sure in every
> > case that s->rxf_sts > 0?  There's no way what's running in the VM can
> > game this and cause a buffer overrun?  One caller to this function seems
> > to protect against this, and another does not.
> >
> s->rxf_sts is uint8_t so it's guaranteed to be >=0.
> In the case s->rxf_sts == 0,  NPCM7XX_SMBRXF_STS_RX_BYTES(s->rxf_sts) is
> also 0, so it'll take the if-branch and return without running --s->rxf_sts.

That is true if called from the
NPCM7XX_SMBUS_STATUS_STOPPING_LAST_RECEIVE case.  There is no such check
in the NPCM7XX_SMBUS_STATUS_RECEIVING case.

> I'll probably add "g_assert(s->rxf_sts > 0)" to clarify.

You never want to do an assert if the hosted system can do something to
cause it.  If you add the check to the NPCM7XX_SMBUS_STATUS_RECEIVING
case, it would be ok, but really unnecessary.

If it's fine if s->rxf_sts wraps to 0xff, then this all doesn't matter,
but you want to add a comment to that effect if so.  These sorts of
things look dangerous.

There is also the question about who takes these patches in.  I'm the
I2C maintainer, but there's other code in this series.  Once everything
is ready, I can ack them if we take it through the ARM tree.  Or I can
take it through my tree with the proper acks.

-corey

> 
> >
> > Other than this, I didn't see any issues with this patch.
> >
> > -corey
> >

next prev parent reply	other threads:[~2021-01-27 21:47 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-26 19:32 [PATCH 0/6] hw/i2c: Add NPCM7XX SMBus Device wuhaotsh--- via
2021-01-26 19:32 ` [PATCH 1/6] hw/arm: Remove GPIO from unimplemented NPCM7XX wuhaotsh--- via
2021-01-26 19:32 ` [PATCH 2/6] hw/i2c: Implement NPCM7XX SMBus Module Single Mode wuhaotsh--- via
2021-01-26 23:00   ` Corey Minyard
2021-01-28 17:28   ` Peter Maydell
2021-01-26 19:32 ` [PATCH 3/6] hw/arm: Add I2C device tree for NPCM750 eval board wuhaotsh--- via
2021-01-28 17:32   ` Peter Maydell
2021-01-26 19:32 ` [PATCH 4/6] hw/arm: Add I2C device tree for Quanta GSJ wuhaotsh--- via
2021-01-26 23:05   ` Corey Minyard
2021-01-28 17:33   ` Peter Maydell
2021-01-26 19:32 ` [PATCH 5/6] hw/i2c: Add a QTest for NPCM7XX SMBus Device wuhaotsh--- via
2021-01-26 19:32 ` [PATCH 6/6] hw/i2c: Implement NPCM7XX SMBus Module FIFO Mode wuhaotsh--- via
2021-01-26 23:47   ` Corey Minyard
2021-01-27 20:37     ` wuhaotsh--- via
2021-01-27 21:42       ` Corey Minyard [this message]
2021-01-27 21:59         ` wuhaotsh--- via
2021-01-27 23:37           ` Corey Minyard
2021-01-28  5:36             ` Corey Minyard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210127214251.GE2057975@minyard.net \
    --to=minyard@acm.org \
    --cc=Avi.Fishman@nuvoton.com \
    --cc=dje@google.com \
    --cc=hskinnemoen@google.com \
    --cc=kfting@nuvoton.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-arm@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    --cc=venture@google.com \
    --cc=wuhaotsh@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).