From: Thomas Huth <thuth@redhat.com>
To: qemu-devel@nongnu.org, Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-block@nongnu.org, "Bin Meng" <bin.meng@windriver.com>,
"Philippe Mathieu-Daudé" <f4bug@amsat.org>,
"Alexander Bulekov" <alxndr@bu.edu>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Stefan Hajnoczi" <stefanha@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>
Subject: [PULL 3/8] hw/audio/intel-hda: Do not ignore DMA overrun errors
Date: Mon, 21 Mar 2022 18:03:15 +0100 [thread overview]
Message-ID: <20220321170320.282496-4-thuth@redhat.com> (raw)
In-Reply-To: <20220321170320.282496-1-thuth@redhat.com>
From: Philippe Mathieu-Daudé <philmd@redhat.com>
Per the "High Definition Audio Specification" manual (rev. 1.0a),
section "3.3.30 Offset 5Dh: RIRBSTS - RIRB Status":
Response Overrun Interrupt Status (RIRBOIS):
Hardware sets this bit to a 1 when an overrun occurs in the RIRB.
An interrupt may be generated if the Response Overrun Interrupt
Control bit is set.
This bit will be set if the RIRB DMA engine is not able to write
the incoming responses to memory before additional incoming
responses overrun the internal FIFO.
When hardware detects an overrun, it will drop the responses which
overrun the buffer and set the RIRBOIS status bit to indicate the
error condition. Optionally, if the RIRBOIC is set, the hardware
will also generate an error to alert software to the problem.
QEMU emulates the DMA engine with the stl_le_pci_dma() calls. This
function returns a MemTxResult indicating whether the DMA access
was successful.
Handle any MemTxResult error as "DMA engine is not able to write the
incoming responses to memory" and raise the Overrun Interrupt flag
when this case occurs.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211218160912.1591633-2-philmd@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
hw/audio/intel-hda.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c
index 5f8a878f20..47a36acc71 100644
--- a/hw/audio/intel-hda.c
+++ b/hw/audio/intel-hda.c
@@ -350,6 +350,7 @@ static void intel_hda_response(HDACodecDevice *dev, bool solicited, uint32_t res
IntelHDAState *d = container_of(bus, IntelHDAState, codecs);
hwaddr addr;
uint32_t wp, ex;
+ MemTxResult res = MEMTX_OK;
if (d->ics & ICH6_IRS_BUSY) {
dprint(d, 2, "%s: [irr] response 0x%x, cad 0x%x\n",
@@ -368,8 +369,12 @@ static void intel_hda_response(HDACodecDevice *dev, bool solicited, uint32_t res
ex = (solicited ? 0 : (1 << 4)) | dev->cad;
wp = (d->rirb_wp + 1) & 0xff;
addr = intel_hda_addr(d->rirb_lbase, d->rirb_ubase);
- stl_le_pci_dma(&d->pci, addr + 8 * wp, response, attrs);
- stl_le_pci_dma(&d->pci, addr + 8 * wp + 4, ex, attrs);
+ res |= stl_le_pci_dma(&d->pci, addr + 8 * wp, response, attrs);
+ res |= stl_le_pci_dma(&d->pci, addr + 8 * wp + 4, ex, attrs);
+ if (res != MEMTX_OK && (d->rirb_ctl & ICH6_RBCTL_OVERRUN_EN)) {
+ d->rirb_sts |= ICH6_RBSTS_OVERRUN;
+ intel_hda_update_irq(d);
+ }
d->rirb_wp = wp;
dprint(d, 2, "%s: [wp 0x%x] response 0x%x, extra 0x%x\n",
--
2.27.0
next prev parent reply other threads:[~2022-03-21 17:06 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-21 17:03 [PULL 0/8] Fix CVE-2021-3611 and heap overflow in sdhci code Thomas Huth
2022-03-21 17:03 ` [PULL 1/8] softmmu/physmem: Simplify flatview_write and address_space_access_valid Thomas Huth
2022-03-21 17:03 ` [PULL 2/8] softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR Thomas Huth
2022-03-21 17:03 ` Thomas Huth [this message]
2022-03-21 17:03 ` [PULL 4/8] hw/audio/intel-hda: Restrict DMA engine to memories (not MMIO devices) Thomas Huth
2022-03-21 17:03 ` [PULL 5/8] tests/qtest/intel-hda-test: Add reproducer for issue #542 Thomas Huth
2022-03-21 17:03 ` [PULL 6/8] hw/sd/sdhci: Honor failed DMA transactions Thomas Huth
2022-03-21 17:03 ` [PULL 7/8] hw/sd/sdhci: Prohibit DMA accesses to devices Thomas Huth
2022-03-21 17:03 ` [PULL 8/8] tests/qtest/fuzz-sdcard-test: Add reproducer for OSS-Fuzz (Issue 29225) Thomas Huth
2022-03-22 22:58 ` [PULL 0/8] Fix CVE-2021-3611 and heap overflow in sdhci code Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220321170320.282496-4-thuth@redhat.com \
--to=thuth@redhat.com \
--cc=alxndr@bu.edu \
--cc=bin.meng@windriver.com \
--cc=f4bug@amsat.org \
--cc=kraxel@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).