[PULL 06/43] hw/intc/loongson_liointc: Fix per core ISR handling

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Philippe Mathieu-Daudé" <f4bug@amsat.org>
To: qemu-devel@nongnu.org
Cc: "Aleksandar Rikalo" <aleksandar.rikalo@syrmia.com>,
	"Paul Burton" <paulburton@kernel.org>,
	"Michael S. Tsirkin" <mst@redhat.com>,
	"Huacai Chen" <chenhuacai@kernel.org>,
	"Philippe Mathieu-Daudé" <f4bug@amsat.org>,
	"Wainer dos Santos Moschetta" <wainersm@redhat.com>,
	"Cleber Rosa" <crosa@redhat.com>,
	"Philippe Mathieu-Daudé" <philmd@redhat.com>,
	"Aurelien Jarno" <aurelien@aurel32.net>
Subject: [PULL 06/43] hw/intc/loongson_liointc: Fix per core ISR handling
Date: Sun, 21 Feb 2021 15:33:55 +0100	[thread overview]
Message-ID: <20210221143432.2468220-7-f4bug@amsat.org> (raw)
In-Reply-To: <20210221143432.2468220-1-f4bug@amsat.org>

From: Jiaxun Yang <jiaxun.yang@flygoat.com>

Per core ISR is a set of 32-bit registers spaced by 8 bytes.
This patch fixed calculation of it's size and also added check
of alignment at reading & writing.

Fixes: Coverity CID 1438965 and CID 1438967
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Huacai Chen <chenhuacai@kernel.org>
Message-Id: <20210112012527.28927-1-jiaxun.yang@flygoat.com>
[PMD: Added Coverity CID]
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
 hw/intc/loongson_liointc.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/hw/intc/loongson_liointc.c b/hw/intc/loongson_liointc.c
index f823d484e08..cc11b544cb4 100644
--- a/hw/intc/loongson_liointc.c
+++ b/hw/intc/loongson_liointc.c
@@ -41,7 +41,7 @@
 #define R_IEN_CLR               0x2c
 #define R_ISR_SIZE              0x8
 #define R_START                 0x40
-#define R_END                   0x64
+#define R_END                   (R_START + R_ISR_SIZE * NUM_CORES)
 
 struct loongson_liointc {
     SysBusDevice parent_obj;
@@ -125,7 +125,12 @@ liointc_read(void *opaque, hwaddr addr, unsigned int size)
     }
 
     if (addr >= R_START && addr < R_END) {
-        int core = (addr - R_START) / R_ISR_SIZE;
+        hwaddr offset = addr - R_START;
+        int core = offset / R_ISR_SIZE;
+
+        if (offset % R_ISR_SIZE) {
+            goto out;
+        }
         r = p->per_core_isr[core];
         goto out;
     }
@@ -169,7 +174,12 @@ liointc_write(void *opaque, hwaddr addr,
     }
 
     if (addr >= R_START && addr < R_END) {
-        int core = (addr - R_START) / R_ISR_SIZE;
+        hwaddr offset = addr - R_START;
+        int core = offset / R_ISR_SIZE;
+
+        if (offset % R_ISR_SIZE) {
+            goto out;
+        }
         p->per_core_isr[core] = value;
         goto out;
     }
-- 
2.26.2

next prev parent reply	other threads:[~2021-02-21 14:39 UTC|newest]

Thread overview: 59+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-21 14:33 [PULL 00/43] MIPS patches for 2021-02-21 Philippe Mathieu-Daudé
2021-02-21 14:33 ` [PULL 01/43] hw/mips: loongson3: Drop 'struct MemmapEntry' Philippe Mathieu-Daudé
2021-02-21 14:33 ` [PULL 02/43] hw/mips: Add a bootloader helper Philippe Mathieu-Daudé
2021-02-21 17:30   ` Philippe Mathieu-Daudé
2021-02-21 14:33 ` [PULL 03/43] hw/mips/fuloong2e: Use bl_gen_kernel_jump to generate bootloaders Philippe Mathieu-Daudé
2021-02-21 14:33 ` [PULL 04/43] hw/mips/boston: " Philippe Mathieu-Daudé
2021-02-21 14:33 ` [PULL 05/43] hw/mips/boston: Use bootloader helper to set GCRs Philippe Mathieu-Daudé
2021-02-21 14:33 ` Philippe Mathieu-Daudé [this message]
2021-02-21 14:33 ` [PULL 07/43] tests/acceptance: Test PMON with Loongson-3A1000 CPU Philippe Mathieu-Daudé
2021-02-21 14:33 ` [PULL 08/43] target/mips: fetch code with translator_ld Philippe Mathieu-Daudé
2021-02-21 14:33 ` [PULL 09/43] target/mips: Remove access_type argument from map_address() handler Philippe Mathieu-Daudé
2021-02-21 14:33 ` [PULL 10/43] target/mips: Remove access_type argument from get_seg_physical_address Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 11/43] target/mips: Remove access_type arg from get_segctl_physical_address() Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 12/43] target/mips: Remove access_type argument from get_physical_address() Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 13/43] target/mips: Remove unused MMU definitions Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 14/43] target/mips: Replace magic value by MMU_DATA_LOAD definition Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 15/43] target/mips: Let do_translate_address() take MMUAccessType argument Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 16/43] target/mips: Let cpu_mips_translate_address() take MMUAccessType arg Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 17/43] target/mips: Let raise_mmu_exception() take MMUAccessType argument Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 18/43] target/mips: Let get_physical_address() " Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 19/43] target/mips: Let get_seg*_physical_address() take MMUAccessType arg Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 20/43] target/mips: Let CPUMIPSTLBContext::map_address() take MMUAccessType Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 21/43] target/mips: Remove unused 'rw' argument from page_table_walk_refill() Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 22/43] target/mips: Include missing "tcg/tcg.h" header Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 23/43] target/mips: Make cpu_HI/LO registers public Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 24/43] target/mips: Promote 128-bit multimedia registers as global ones Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 25/43] target/mips: Rename 128-bit upper halve GPR registers Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 26/43] target/mips: Introduce gen_load_gpr_hi() / gen_store_gpr_hi() helpers Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 27/43] target/mips: Use GPR move functions in gen_HILO1_tx79() Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 28/43] vt82c686: Move superio memory region to SuperIOConfig struct Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 29/43] vt82c686: Reorganise code Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 30/43] vt82c686: Fix SMBus IO base and configuration registers Philippe Mathieu-Daudé
2021-06-24 15:46   ` Philippe Mathieu-Daudé
2021-06-24 16:01     ` Philippe Mathieu-Daudé
2021-06-24 16:16       ` Philippe Mathieu-Daudé
2021-06-24 16:46         ` Philippe Mathieu-Daudé
2021-06-24 17:00           ` BALATON Zoltan
2021-06-24 17:29             ` Philippe Mathieu-Daudé
2021-06-24 18:01               ` BALATON Zoltan
2021-06-24 18:29                 ` BALATON Zoltan
2021-06-24 19:29                   ` Philippe Mathieu-Daudé
2021-06-24 18:38                 ` Philippe Mathieu-Daudé
2021-06-24 17:18           ` Philippe Mathieu-Daudé
2021-06-24 16:22     ` BALATON Zoltan
2021-06-24 18:37     ` BALATON Zoltan
2021-02-21 14:34 ` [PULL 31/43] vt82c686: Make vt82c686-pm an I/O tracing region Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 32/43] vt82c686: Correct vt82c686-pm I/O size Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 33/43] vt82c686: Correctly reset all registers to default values on reset Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 34/43] vt82c686: Fix up power management io base and config Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 35/43] vt82c686: Set user_creatable=false for VT82C686B_PM Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 36/43] vt82c686: Make vt82c686b-pm an abstract base class and add vt8231-pm based on it Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 37/43] vt82c686: Simplify vt82c686b_realize() Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 38/43] vt82c686: Move creation of ISA devices to the ISA bridge Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 39/43] vt82c686: Remove index field of SuperIOConfig Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 40/43] vt82c686: Reduce indentation by returning early Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 41/43] vt82c686: Simplify by returning earlier Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 42/43] vt82c686: Log superio_cfg unimplemented accesses Philippe Mathieu-Daudé
2021-02-21 14:34 ` [PULL 43/43] vt82c686: Fix superio_cfg_{read,write}() functions Philippe Mathieu-Daudé
2021-02-21 17:34 ` [PULL 00/43] MIPS patches for 2021-02-21 Philippe Mathieu-Daudé

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f823d484e0 dfblob:cc11b544cb )
 OR (
bs:"[PULL 06/43] hw/intc/loongson_liointc: Fix per core ISR handling" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210221143432.2468220-7-f4bug@amsat.org \
    --to=f4bug@amsat.org \
    --cc=aleksandar.rikalo@syrmia.com \
    --cc=aurelien@aurel32.net \
    --cc=chenhuacai@kernel.org \
    --cc=crosa@redhat.com \
    --cc=mst@redhat.com \
    --cc=paulburton@kernel.org \
    --cc=philmd@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=wainersm@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).