From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 13/28] hw/char/pl011: Use correct masks for IBRD and FBRD
Date: Tue, 15 Oct 2024 11:37:53 +0100 [thread overview]
Message-ID: <20241015103808.133024-14-peter.maydell@linaro.org> (raw)
In-Reply-To: <20241015103808.133024-1-peter.maydell@linaro.org>
In commit b88cfee90268cad we defined masks for the IBRD and FBRD
integer and fractional baud rate divider registers, to prevent the
guest from writing invalid values which could cause division-by-zero.
Unfortunately we got the mask values the wrong way around: the FBRD
register is six bits and the IBRD register is 16 bits, not
vice-versa.
You would only run into this bug if you programmed the UART to a baud
rate of less than 9600, because for 9600 baud and above the IBRD
value will fit into 6 bits, as per the table in
https://developer.arm.com/documentation/ddi0183/g/programmers-model/register-descriptions/fractional-baud-rate-register--uartfbrd
The only visible effects would be that the value read back from
the register by the guest would be truncated, and we would
print an incorrect baud rate in the debug logs.
Cc: qemu-stable@nongnu.org
Fixes: b88cfee90268 ("hw/char/pl011: Avoid division-by-zero in pl011_get_baudrate()")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2610
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Gavin Shan <gshan@redhat.com>
Message-id: 20241007144732.2491331-1-peter.maydell@linaro.org
---
hw/char/pl011.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/char/pl011.c b/hw/char/pl011.c
index 15df7c1e1ca..0fd1334fab4 100644
--- a/hw/char/pl011.c
+++ b/hw/char/pl011.c
@@ -90,10 +90,10 @@ DeviceState *pl011_create(hwaddr addr, qemu_irq irq, Chardev *chr)
#define CR_UARTEN (1 << 0)
/* Integer Baud Rate Divider, UARTIBRD */
-#define IBRD_MASK 0x3f
+#define IBRD_MASK 0xffff
/* Fractional Baud Rate Divider, UARTFBRD */
-#define FBRD_MASK 0xffff
+#define FBRD_MASK 0x3f
static const unsigned char pl011_id_arm[8] =
{ 0x11, 0x10, 0x14, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
--
2.34.1
next prev parent reply other threads:[~2024-10-15 10:39 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-15 10:37 [PULL 00/28] target-arm queue Peter Maydell
2024-10-15 10:37 ` [PULL 01/28] hw/arm/omap1: Remove unused omap_uwire_attach() method Peter Maydell
2024-10-15 10:37 ` [PULL 02/28] hw/misc/stm32_rcc: Implement RCC device for STM32F4 SoCs Peter Maydell
2024-10-15 10:37 ` [PULL 03/28] hw/arm/stm32f405: Add RCC device to stm32f405 SoC Peter Maydell
2024-10-15 10:37 ` [PULL 04/28] hw/intc/arm_gicv3: Add cast to match the documentation Peter Maydell
2024-10-15 10:37 ` [PULL 05/28] " Peter Maydell
2024-10-15 10:37 ` [PULL 06/28] hw/intc/arm_gicv3_cpuif: " Peter Maydell
2024-10-15 10:37 ` [PULL 07/28] hw/misc: Create STM32L4x5 SYSCFG clock Peter Maydell
2024-10-15 10:37 ` [PULL 08/28] hw/clock: Expose 'qtest-clock-period' QOM property for QTests Peter Maydell
2024-10-15 10:37 ` [PULL 09/28] tests/qtest: Check STM32L4x5 clock connections Peter Maydell
2024-10-15 10:37 ` [PULL 10/28] hw/ssi: Allwinner A10 SPI emulation Peter Maydell
2024-10-15 10:37 ` [PULL 11/28] hw/arm: Add SPI to Allwinner A10 Peter Maydell
2024-10-15 10:37 ` [PULL 12/28] hw/intc/omap_intc: Remove now-unnecessary abstract base class Peter Maydell
2024-10-15 10:37 ` Peter Maydell [this message]
2024-10-15 10:37 ` [PULL 14/28] docs/devel/blkdebug: Convert to rST format Peter Maydell
2024-10-15 10:37 ` [PULL 15/28] docs/devel/blkverify: " Peter Maydell
2024-10-15 10:37 ` [PULL 16/28] docs/devel/lockcnt: " Peter Maydell
2024-10-15 10:37 ` [PULL 17/28] docs/devel/multiple-iothreads: " Peter Maydell
2024-10-15 10:37 ` [PULL 18/28] docs/devel/rcu: " Peter Maydell
2024-10-15 10:37 ` [PULL 19/28] include: Move QemuLockCnt APIs to their own header Peter Maydell
2024-10-15 10:38 ` [PULL 20/28] docs/devel/lockcnt: Include kernel-doc API documentation Peter Maydell
2024-10-15 10:38 ` [PULL 21/28] hw/adc: Remove MAX111X device Peter Maydell
2024-10-15 10:38 ` [PULL 22/28] hw/gpio: Remove MAX7310 device Peter Maydell
2024-10-15 10:38 ` [PULL 23/28] hw/ide: Remove DSCM-1XXXX microdrive device model Peter Maydell
2024-10-15 10:38 ` [PULL 24/28] hw: Remove PCMCIA subsystem Peter Maydell
2024-10-15 10:38 ` [PULL 25/28] hw/block: Remove ecc Peter Maydell
2024-10-15 10:38 ` [PULL 26/28] vl.c: Remove pxa2xx-specific -portrait and -rotate options Peter Maydell
2024-10-15 10:38 ` [PULL 27/28] dma: Fix function names in documentation Peter Maydell
2024-10-15 10:38 ` [PULL 28/28] hw/arm/xilinx_zynq: Add various missing unimplemented devices Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241015103808.133024-14-peter.maydell@linaro.org \
--to=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).