[PATCH v1 0/3] hw/arm/aspeed_ast2700-fc: Fix null pointer dereference

[PATCH v1 0/3] hw/arm/aspeed_ast2700-fc: Fix null pointer dereference

[Steven Lee via]

Clang's sanitizer reports a runtime error when booting with
'-net nic -net user', due to a null pointer being passed
to memory_region_find(), which subsequently triggers a crash in
flatview_lookup().

The root cause is that CA35 memory region is not mapped to system
memory. In addition, unconfigured NICs (due to missing peers)
lead to a cascade of warnings and possibly misbehavior.

Fix by:
- Reduce ca35 ram size to 1GiB to match the ast2700a1-evb.
- Map ca35_memory into system memory
- Add nic configuration in ast2700fc's ca35 init function.

Steven Lee (3):
  hw/arm/aspeed_ast2700-fc: Fix null pointer dereference in ca35 init
  hw/arm/aspeed_ast27x0: Fix unimplemented region overlap with vbootrom
  docs: Remove ast2700fc from Aspeed family boards

 docs/system/arm/aspeed.rst |  2 +-
 hw/arm/aspeed_ast27x0-fc.c | 16 ++++++++++++++--
 hw/arm/aspeed_ast27x0.c    |  4 ++--
 3 files changed, 17 insertions(+), 5 deletions(-)

-- 
2.34.1

[PATCH v1 1/3] hw/arm/aspeed_ast2700-fc: Fix null pointer dereference in ca35 init

[Steven Lee via]

Clang's sanitizer reports a runtime error when booting with
'-net nic -net user', due to a null pointer being passed
to memory_region_find(), which subsequently triggers a crash in
flatview_lookup().

The root cause is that CA35 memory region is not mapped to system
memory. In addition, unconfigured NICs (due to missing peers)
lead to a cascade of warnings and possibly misbehavior.

Fix by:
- Reduce ca35 ram size to 1GiB to match the ast2700a1-evb.
- Map ca35_memory into system memory
- Add nic configuration in ast2700fc's ca35 init function.

Signed-off-by: Steven Lee <steven_lee@aspeedtech.com>
Change-Id: Id9c0e6f16861c64a11f6299afb6ef02eb4086041
---
 hw/arm/aspeed_ast27x0-fc.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/hw/arm/aspeed_ast27x0-fc.c b/hw/arm/aspeed_ast27x0-fc.c
index 125a3ade40..ccba5fc8a1 100644
--- a/hw/arm/aspeed_ast27x0-fc.c
+++ b/hw/arm/aspeed_ast27x0-fc.c
@@ -48,7 +48,7 @@ struct Ast2700FCState {
     bool mmio_exec;
 };
 
-#define AST2700FC_BMC_RAM_SIZE (2 * GiB)
+#define AST2700FC_BMC_RAM_SIZE (1 * GiB)
 #define AST2700FC_CM4_DRAM_SIZE (32 * MiB)
 
 #define AST2700FC_HW_STRAP1 0x000000C0
@@ -59,6 +59,7 @@ struct Ast2700FCState {
 static void ast2700fc_ca35_init(MachineState *machine)
 {
     Ast2700FCState *s = AST2700A1FC(machine);
+    AspeedMachineClass *amc = ASPEED_MACHINE_GET_CLASS(machine);
     AspeedSoCState *soc;
     AspeedSoCClass *sc;
 
@@ -68,6 +69,7 @@ static void ast2700fc_ca35_init(MachineState *machine)
 
     memory_region_init(&s->ca35_memory, OBJECT(&s->ca35), "ca35-memory",
                        UINT64_MAX);
+    memory_region_add_subregion(get_system_memory(), 0, &s->ca35_memory);
 
     if (!memory_region_init_ram(&s->ca35_dram, OBJECT(&s->ca35), "ca35-dram",
                                 AST2700FC_BMC_RAM_SIZE, &error_abort)) {
@@ -86,6 +88,14 @@ static void ast2700fc_ca35_init(MachineState *machine)
                                  AST2700FC_BMC_RAM_SIZE, &error_abort)) {
         return;
     }
+
+    for (int i = 0; i < sc->macs_num; i++) {
+        if ((amc->macs_mask & (1 << i)) &&
+            !qemu_configure_nic_device(DEVICE(&soc->ftgmac100[i]),
+                                       true, NULL)) {
+            break;
+        }
+    }
     if (!object_property_set_int(OBJECT(&s->ca35), "hw-strap1",
                                  AST2700FC_HW_STRAP1, &error_abort)) {
         return;
@@ -171,6 +181,7 @@ static void ast2700fc_init(MachineState *machine)
 static void ast2700fc_class_init(ObjectClass *oc, const void *data)
 {
     MachineClass *mc = MACHINE_CLASS(oc);
+    AspeedMachineClass *amc = ASPEED_MACHINE_CLASS(oc);
 
     mc->alias = "ast2700fc";
     mc->desc = "ast2700 full core support";
@@ -178,12 +189,13 @@ static void ast2700fc_class_init(ObjectClass *oc, const void *data)
     mc->no_floppy = 1;
     mc->no_cdrom = 1;
     mc->min_cpus = mc->max_cpus = mc->default_cpus = 6;
+    amc->macs_mask = ASPEED_MAC0_ON | ASPEED_MAC1_ON | ASPEED_MAC2_ON;
 }
 
 static const TypeInfo ast2700fc_types[] = {
     {
         .name           = MACHINE_TYPE_NAME("ast2700fc"),
-        .parent         = TYPE_MACHINE,
+        .parent         = TYPE_ASPEED_MACHINE,
         .class_init     = ast2700fc_class_init,
         .instance_size  = sizeof(Ast2700FCState),
     },
-- 
2.34.1

[PATCH v1 2/3] hw/arm/aspeed_ast27x0: Fix unimplemented region overlap with vbootrom

[Steven Lee via]

The unimplemented memory region overlaps with the VBootROM address
range, causing incorrect memory layout and potential behavior issues.

This patch adjusts the size and start address of the unimplemented
region to avoid collision. The IO memory region (ASPEED_DEV_IOMEM) is
now moved to 0x20000 to reserve space for VBootROM at 0x0.

Signed-off-by: Steven Lee <steven_lee@aspeedtech.com>
Change-Id: I1d775577816b1e93bb54c899ac3722eb6902c577
---
 hw/arm/aspeed_ast27x0.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/arm/aspeed_ast27x0.c b/hw/arm/aspeed_ast27x0.c
index 1974a25766..bb61c30cf4 100644
--- a/hw/arm/aspeed_ast27x0.c
+++ b/hw/arm/aspeed_ast27x0.c
@@ -23,14 +23,14 @@
 #include "qobject/qlist.h"
 #include "qemu/log.h"
 
-#define AST2700_SOC_IO_SIZE          0x01000000
+#define AST2700_SOC_IO_SIZE          0x00FE0000
 #define AST2700_SOC_IOMEM_SIZE       0x01000000
 #define AST2700_SOC_DPMCU_SIZE       0x00040000
 #define AST2700_SOC_LTPI_SIZE        0x01000000
 
 static const hwaddr aspeed_soc_ast2700_memmap[] = {
-    [ASPEED_DEV_IOMEM]     =  0x00000000,
     [ASPEED_DEV_VBOOTROM]  =  0x00000000,
+    [ASPEED_DEV_IOMEM]     =  0x00020000,
     [ASPEED_DEV_SRAM]      =  0x10000000,
     [ASPEED_DEV_DPMCU]     =  0x11000000,
     [ASPEED_DEV_IOMEM0]    =  0x12000000,
-- 
2.34.1

[PATCH v1 3/3] docs: Remove ast2700fc from Aspeed family boards

[Steven Lee via]

The ast2700fc machine is now covered in the dedicated ast2700-evb
section. Listing it in the general Aspeed board family list is
redundant.

Signed-off-by: Steven Lee <steven_lee@aspeedtech.com>
Change-Id: Ic2784d60ce4681f38059d684f477a2962ccf8bf8
---
 docs/system/arm/aspeed.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/system/arm/aspeed.rst b/docs/system/arm/aspeed.rst
index 58a8020eec..43d27d83cb 100644
--- a/docs/system/arm/aspeed.rst
+++ b/docs/system/arm/aspeed.rst
@@ -1,4 +1,4 @@
-Aspeed family boards (``ast2500-evb``, ``ast2600-evb``, ``ast2700-evb``, ``ast2700fc``, ``bletchley-bmc``, ``fuji-bmc``, ``fby35-bmc``, ``fp5280g2-bmc``, ``g220a-bmc``, ``palmetto-bmc``, ``qcom-dc-scm-v1-bmc``, ``qcom-firework-bmc``, ``quanta-q71l-bmc``, ``rainier-bmc``, ``romulus-bmc``, ``sonorapass-bmc``, ``supermicrox11-bmc``, ``supermicrox11spi-bmc``, ``tiogapass-bmc``, ``witherspoon-bmc``, ``yosemitev2-bmc``)
+Aspeed family boards (``ast2500-evb``, ``ast2600-evb``, ``ast2700-evb``, ``bletchley-bmc``, ``fuji-bmc``, ``fby35-bmc``, ``fp5280g2-bmc``, ``g220a-bmc``, ``palmetto-bmc``, ``qcom-dc-scm-v1-bmc``, ``qcom-firework-bmc``, ``quanta-q71l-bmc``, ``rainier-bmc``, ``romulus-bmc``, ``sonorapass-bmc``, ``supermicrox11-bmc``, ``supermicrox11spi-bmc``, ``tiogapass-bmc``, ``witherspoon-bmc``, ``yosemitev2-bmc``)
 =================================================================================================================================================================================================================================================================================================================================================================================================================================
 
 The QEMU Aspeed machines model BMCs of various OpenPOWER systems and
-- 
2.34.1

Re: [PATCH v1 3/3] docs: Remove ast2700fc from Aspeed family boards

[Cédric Le Goater]

Hello Steven,

On 5/7/25 12:10, Steven Lee wrote:
> The ast2700fc machine is now covered in the dedicated ast2700-evb
> section. Listing it in the general Aspeed board family list is
> redundant.
> 
> Signed-off-by: Steven Lee <steven_lee@aspeedtech.com>
> Change-Id: Ic2784d60ce4681f38059d684f477a2962ccf8bf8

The Change-Id tag is not useful information for the QEMU git tree.
Could you please try to remove them when sending a series ?

> ---
>   docs/system/arm/aspeed.rst | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)



Reviewed-by: Cédric Le Goater <clg@redhat.com>

Thanks,

C.


> diff --git a/docs/system/arm/aspeed.rst b/docs/system/arm/aspeed.rst
> index 58a8020eec..43d27d83cb 100644
> --- a/docs/system/arm/aspeed.rst
> +++ b/docs/system/arm/aspeed.rst
> @@ -1,4 +1,4 @@
> -Aspeed family boards (``ast2500-evb``, ``ast2600-evb``, ``ast2700-evb``, ``ast2700fc``, ``bletchley-bmc``, ``fuji-bmc``, ``fby35-bmc``, ``fp5280g2-bmc``, ``g220a-bmc``, ``palmetto-bmc``, ``qcom-dc-scm-v1-bmc``, ``qcom-firework-bmc``, ``quanta-q71l-bmc``, ``rainier-bmc``, ``romulus-bmc``, ``sonorapass-bmc``, ``supermicrox11-bmc``, ``supermicrox11spi-bmc``, ``tiogapass-bmc``, ``witherspoon-bmc``, ``yosemitev2-bmc``)
> +Aspeed family boards (``ast2500-evb``, ``ast2600-evb``, ``ast2700-evb``, ``bletchley-bmc``, ``fuji-bmc``, ``fby35-bmc``, ``fp5280g2-bmc``, ``g220a-bmc``, ``palmetto-bmc``, ``qcom-dc-scm-v1-bmc``, ``qcom-firework-bmc``, ``quanta-q71l-bmc``, ``rainier-bmc``, ``romulus-bmc``, ``sonorapass-bmc``, ``supermicrox11-bmc``, ``supermicrox11spi-bmc``, ``tiogapass-bmc``, ``witherspoon-bmc``, ``yosemitev2-bmc``)
>   =================================================================================================================================================================================================================================================================================================================================================================================================================================
>   
>   The QEMU Aspeed machines model BMCs of various OpenPOWER systems and

Re: [PATCH v1 1/3] hw/arm/aspeed_ast2700-fc: Fix null pointer dereference in ca35 init

[Cédric Le Goater]

On 5/7/25 12:10, Steven Lee wrote:
> Clang's sanitizer reports a runtime error when booting with
> '-net nic -net user', due to a null pointer being passed
> to memory_region_find(), which subsequently triggers a crash in
> flatview_lookup().
> 
> The root cause is that CA35 memory region is not mapped to system
> memory. In addition, unconfigured NICs (due to missing peers)
> lead to a cascade of warnings and possibly misbehavior.
> 
> Fix by:
> - Reduce ca35 ram size to 1GiB to match the ast2700a1-evb.
> - Map ca35_memory into system memory
> - Add nic configuration in ast2700fc's ca35 init function.
> 
> Signed-off-by: Steven Lee <steven_lee@aspeedtech.com>
> Change-Id: Id9c0e6f16861c64a11f6299afb6ef02eb4086041

As said earlier, please try to remove these tags.

> ---
>   hw/arm/aspeed_ast27x0-fc.c | 16 ++++++++++++++--
>   1 file changed, 14 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/arm/aspeed_ast27x0-fc.c b/hw/arm/aspeed_ast27x0-fc.c
> index 125a3ade40..ccba5fc8a1 100644
> --- a/hw/arm/aspeed_ast27x0-fc.c
> +++ b/hw/arm/aspeed_ast27x0-fc.c
> @@ -48,7 +48,7 @@ struct Ast2700FCState {
>       bool mmio_exec;
>   };
>   
> -#define AST2700FC_BMC_RAM_SIZE (2 * GiB)
> +#define AST2700FC_BMC_RAM_SIZE (1 * GiB)

why ?

>   #define AST2700FC_CM4_DRAM_SIZE (32 * MiB)
>   
>   #define AST2700FC_HW_STRAP1 0x000000C0
> @@ -59,6 +59,7 @@ struct Ast2700FCState {
>   static void ast2700fc_ca35_init(MachineState *machine)
>   {
>       Ast2700FCState *s = AST2700A1FC(machine);
> +    AspeedMachineClass *amc = ASPEED_MACHINE_GET_CLASS(machine);
>       AspeedSoCState *soc;
>       AspeedSoCClass *sc;
>   
> @@ -68,6 +69,7 @@ static void ast2700fc_ca35_init(MachineState *machine)
>   
>       memory_region_init(&s->ca35_memory, OBJECT(&s->ca35), "ca35-memory",
>                          UINT64_MAX);
> +    memory_region_add_subregion(get_system_memory(), 0, &s->ca35_memory);

I think this belongs to another patch. Please also modify the fby35
machine which suffers from the same problem regarding the global
system memory usage.


Thanks,

C.


    
>       if (!memory_region_init_ram(&s->ca35_dram, OBJECT(&s->ca35), "ca35-dram",
>                                   AST2700FC_BMC_RAM_SIZE, &error_abort)) {
> @@ -86,6 +88,14 @@ static void ast2700fc_ca35_init(MachineState *machine)
>                                    AST2700FC_BMC_RAM_SIZE, &error_abort)) {
>           return;
>       }
> +
> +    for (int i = 0; i < sc->macs_num; i++) {
> +        if ((amc->macs_mask & (1 << i)) &&
> +            !qemu_configure_nic_device(DEVICE(&soc->ftgmac100[i]),
> +                                       true, NULL)) {
> +            break;
> +        }
> +    }
>       if (!object_property_set_int(OBJECT(&s->ca35), "hw-strap1",
>                                    AST2700FC_HW_STRAP1, &error_abort)) {
>           return;
> @@ -171,6 +181,7 @@ static void ast2700fc_init(MachineState *machine)
>   static void ast2700fc_class_init(ObjectClass *oc, const void *data)
>   {
>       MachineClass *mc = MACHINE_CLASS(oc);
> +    AspeedMachineClass *amc = ASPEED_MACHINE_CLASS(oc);
>   
>       mc->alias = "ast2700fc";
>       mc->desc = "ast2700 full core support";
> @@ -178,12 +189,13 @@ static void ast2700fc_class_init(ObjectClass *oc, const void *data)
>       mc->no_floppy = 1;
>       mc->no_cdrom = 1;
>       mc->min_cpus = mc->max_cpus = mc->default_cpus = 6;
> +    amc->macs_mask = ASPEED_MAC0_ON | ASPEED_MAC1_ON | ASPEED_MAC2_ON;
>   }
>   
>   static const TypeInfo ast2700fc_types[] = {
>       {
>           .name           = MACHINE_TYPE_NAME("ast2700fc"),
> -        .parent         = TYPE_MACHINE,
> +        .parent         = TYPE_ASPEED_MACHINE,
>           .class_init     = ast2700fc_class_init,
>           .instance_size  = sizeof(Ast2700FCState),
>       },

RE: [PATCH v1 3/3] docs: Remove ast2700fc from Aspeed family boards

[Steven Lee]

Hi Cédric,

> -----Original Message-----
> From: Cédric Le Goater <clg@kaod.org>
> Sent: Monday, May 12, 2025 3:37 PM
> To: Steven Lee <steven_lee@aspeedtech.com>; Peter Maydell
> <peter.maydell@linaro.org>; Troy Lee <leetroy@gmail.com>; Jamin Lin
> <jamin_lin@aspeedtech.com>; Andrew Jeffery
> <andrew@codeconstruct.com.au>; Joel Stanley <joel@jms.id.au>; open
> list:ASPEED BMCs <qemu-arm@nongnu.org>; open list:All patches CC here
> <qemu-devel@nongnu.org>
> Cc: Troy Lee <troy_lee@aspeedtech.com>; longzl2@lenovo.com; Yunlin Tang
> <yunlin.tang@aspeedtech.com>
> Subject: Re: [PATCH v1 3/3] docs: Remove ast2700fc from Aspeed family boards
> 
> Hello Steven,
> 
> On 5/7/25 12:10, Steven Lee wrote:
> > The ast2700fc machine is now covered in the dedicated ast2700-evb
> > section. Listing it in the general Aspeed board family list is
> > redundant.
> >
> > Signed-off-by: Steven Lee <steven_lee@aspeedtech.com>
> > Change-Id: Ic2784d60ce4681f38059d684f477a2962ccf8bf8
> 
> The Change-Id tag is not useful information for the QEMU git tree.
> Could you please try to remove them when sending a series ?
> 

I will remove Change-Id in the v2 patch series.

Thanks,
Steven
 
> > diff --git a/docs/system/arm/aspeed.rst b/docs/system/arm/aspeed.rst
> > index 58a8020eec..43d27d83cb 100644
> > --- a/docs/system/arm/aspeed.rst
> > +++ b/docs/system/arm/aspeed.rst
> > @@ -1,4 +1,4 @@
> > -Aspeed family boards (``ast2500-evb``, ``ast2600-evb``,
> > ``ast2700-evb``, ``ast2700fc``, ``bletchley-bmc``, ``fuji-bmc``,
> > ``fby35-bmc``, ``fp5280g2-bmc``, ``g220a-bmc``, ``palmetto-bmc``,
> > ``qcom-dc-scm-v1-bmc``, ``qcom-firework-bmc``, ``quanta-q71l-bmc``,
> > ``rainier-bmc``, ``romulus-bmc``, ``sonorapass-bmc``,
> > ``supermicrox11-bmc``, ``supermicrox11spi-bmc``, ``tiogapass-bmc``,
> > ``witherspoon-bmc``, ``yosemitev2-bmc``)
> > +Aspeed family boards (``ast2500-evb``, ``ast2600-evb``,
> > +``ast2700-evb``, ``bletchley-bmc``, ``fuji-bmc``, ``fby35-bmc``,
> > +``fp5280g2-bmc``, ``g220a-bmc``, ``palmetto-bmc``,
> > +``qcom-dc-scm-v1-bmc``, ``qcom-firework-bmc``, ``quanta-q71l-bmc``,
> > +``rainier-bmc``, ``romulus-bmc``, ``sonorapass-bmc``,
> > +``supermicrox11-bmc``, ``supermicrox11spi-bmc``, ``tiogapass-bmc``,
> > +``witherspoon-bmc``, ``yosemitev2-bmc``)
> >
> >
> ================================================================
> ======
> >
> ================================================================
> ======
> >
> ================================================================
> ======
> >
> ================================================================
> ======
> >
> ================================================================
> ======
> >
> ================================================================
> ===
> >
> >   The QEMU Aspeed machines model BMCs of various OpenPOWER
> systems and

RE: [PATCH v1 1/3] hw/arm/aspeed_ast2700-fc: Fix null pointer dereference in ca35 init

[Steven Lee]

Hi Cédric,

> -----Original Message-----
> From: Cédric Le Goater <clg@kaod.org>
> Sent: Monday, May 12, 2025 4:09 PM
> To: Steven Lee <steven_lee@aspeedtech.com>; Peter Maydell
> <peter.maydell@linaro.org>; Troy Lee <leetroy@gmail.com>; Jamin Lin
> <jamin_lin@aspeedtech.com>; Andrew Jeffery
> <andrew@codeconstruct.com.au>; Joel Stanley <joel@jms.id.au>; open
> list:ASPEED BMCs <qemu-arm@nongnu.org>; open list:All patches CC here
> <qemu-devel@nongnu.org>
> Cc: Troy Lee <troy_lee@aspeedtech.com>; longzl2@lenovo.com; Yunlin Tang
> <yunlin.tang@aspeedtech.com>
> Subject: Re: [PATCH v1 1/3] hw/arm/aspeed_ast2700-fc: Fix null pointer
> dereference in ca35 init
> 
> On 5/7/25 12:10, Steven Lee wrote:
> > Clang's sanitizer reports a runtime error when booting with '-net nic
> > -net user', due to a null pointer being passed to
> > memory_region_find(), which subsequently triggers a crash in
> > flatview_lookup().
> >
> > The root cause is that CA35 memory region is not mapped to system
> > memory. In addition, unconfigured NICs (due to missing peers) lead to
> > a cascade of warnings and possibly misbehavior.
> >
> > Fix by:
> > - Reduce ca35 ram size to 1GiB to match the ast2700a1-evb.
> > - Map ca35_memory into system memory
> > - Add nic configuration in ast2700fc's ca35 init function.
> >
> > Signed-off-by: Steven Lee <steven_lee@aspeedtech.com>
> > Change-Id: Id9c0e6f16861c64a11f6299afb6ef02eb4086041
> 
> As said earlier, please try to remove these tags.
> 

Will remove it.

> > ---
> >   hw/arm/aspeed_ast27x0-fc.c | 16 ++++++++++++++--
> >   1 file changed, 14 insertions(+), 2 deletions(-)
> >
> > diff --git a/hw/arm/aspeed_ast27x0-fc.c b/hw/arm/aspeed_ast27x0-fc.c
> > index 125a3ade40..ccba5fc8a1 100644
> > --- a/hw/arm/aspeed_ast27x0-fc.c
> > +++ b/hw/arm/aspeed_ast27x0-fc.c
> > @@ -48,7 +48,7 @@ struct Ast2700FCState {
> >       bool mmio_exec;
> >   };
> >
> > -#define AST2700FC_BMC_RAM_SIZE (2 * GiB)
> > +#define AST2700FC_BMC_RAM_SIZE (1 * GiB)
> 
> why ?
> 

I noticed that the ast2700-a1 class sets the RAM size to 1 GiB.
To prevent ca35-dram from exceeding the bounds of the ram-container, I reduced the RAM size accordingly.

  0000000400000000-000000043fffffff (prio 0, i/o): ram-container
    0000000400000000-000000043fffffff (prio 0, ram): ca35-dram

> >   #define AST2700FC_CM4_DRAM_SIZE (32 * MiB)
> >
> >   #define AST2700FC_HW_STRAP1 0x000000C0 @@ -59,6 +59,7 @@ struct
> > Ast2700FCState {
> >   static void ast2700fc_ca35_init(MachineState *machine)
> >   {
> >       Ast2700FCState *s = AST2700A1FC(machine);
> > +    AspeedMachineClass *amc =
> ASPEED_MACHINE_GET_CLASS(machine);
> >       AspeedSoCState *soc;
> >       AspeedSoCClass *sc;
> >
> > @@ -68,6 +69,7 @@ static void ast2700fc_ca35_init(MachineState
> > *machine)
> >
> >       memory_region_init(&s->ca35_memory, OBJECT(&s->ca35),
> "ca35-memory",
> >                          UINT64_MAX);
> > +    memory_region_add_subregion(get_system_memory(), 0,
> > + &s->ca35_memory);
> 
> I think this belongs to another patch. Please also modify the fby35 machine
> which suffers from the same problem regarding the global system memory
> usage.
> 

I will split this into a separate patch, and prepare another patch to update the fby35 machine as well.

Thanks,
Steven

> 
> >       if (!memory_region_init_ram(&s->ca35_dram, OBJECT(&s->ca35),
> "ca35-dram",
> >                                   AST2700FC_BMC_RAM_SIZE,
> > &error_abort)) { @@ -86,6 +88,14 @@ static void
> ast2700fc_ca35_init(MachineState *machine)
> >                                    AST2700FC_BMC_RAM_SIZE,
> &error_abort)) {
> >           return;
> >       }
> > +
> > +    for (int i = 0; i < sc->macs_num; i++) {
> > +        if ((amc->macs_mask & (1 << i)) &&
> > +            !qemu_configure_nic_device(DEVICE(&soc->ftgmac100[i]),
> > +                                       true, NULL)) {
> > +            break;
> > +        }
> > +    }
> >       if (!object_property_set_int(OBJECT(&s->ca35), "hw-strap1",
> >                                    AST2700FC_HW_STRAP1,
> &error_abort)) {
> >           return;
> > @@ -171,6 +181,7 @@ static void ast2700fc_init(MachineState *machine)
> >   static void ast2700fc_class_init(ObjectClass *oc, const void *data)
> >   {
> >       MachineClass *mc = MACHINE_CLASS(oc);
> > +    AspeedMachineClass *amc = ASPEED_MACHINE_CLASS(oc);
> >
> >       mc->alias = "ast2700fc";
> >       mc->desc = "ast2700 full core support"; @@ -178,12 +189,13 @@
> > static void ast2700fc_class_init(ObjectClass *oc, const void *data)
> >       mc->no_floppy = 1;
> >       mc->no_cdrom = 1;
> >       mc->min_cpus = mc->max_cpus = mc->default_cpus = 6;
> > +    amc->macs_mask = ASPEED_MAC0_ON | ASPEED_MAC1_ON |
> > + ASPEED_MAC2_ON;
> >   }
> >
> >   static const TypeInfo ast2700fc_types[] = {
> >       {
> >           .name           = MACHINE_TYPE_NAME("ast2700fc"),
> > -        .parent         = TYPE_MACHINE,
> > +        .parent         = TYPE_ASPEED_MACHINE,
> >           .class_init     = ast2700fc_class_init,
> >           .instance_size  = sizeof(Ast2700FCState),
> >       },

Re: [PATCH v1 2/3] hw/arm/aspeed_ast27x0: Fix unimplemented region overlap with vbootrom

[Cédric Le Goater]

On 5/7/25 12:10, Steven Lee wrote:
> The unimplemented memory region overlaps with the VBootROM address
> range, causing incorrect memory layout and potential behavior issues.
> 
> This patch adjusts the size and start address of the unimplemented
> region to avoid collision. The IO memory region (ASPEED_DEV_IOMEM) is
> now moved to 0x20000 to reserve space for VBootROM at 0x0.
> 
> Signed-off-by: Steven Lee <steven_lee@aspeedtech.com>
> Change-Id: I1d775577816b1e93bb54c899ac3722eb6902c577
> ---
>   hw/arm/aspeed_ast27x0.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/arm/aspeed_ast27x0.c b/hw/arm/aspeed_ast27x0.c
> index 1974a25766..bb61c30cf4 100644
> --- a/hw/arm/aspeed_ast27x0.c
> +++ b/hw/arm/aspeed_ast27x0.c
> @@ -23,14 +23,14 @@
>   #include "qobject/qlist.h"
>   #include "qemu/log.h"
>   
> -#define AST2700_SOC_IO_SIZE          0x01000000
> +#define AST2700_SOC_IO_SIZE          0x00FE0000
>   #define AST2700_SOC_IOMEM_SIZE       0x01000000
>   #define AST2700_SOC_DPMCU_SIZE       0x00040000
>   #define AST2700_SOC_LTPI_SIZE        0x01000000
>   
>   static const hwaddr aspeed_soc_ast2700_memmap[] = {
> -    [ASPEED_DEV_IOMEM]     =  0x00000000,
>       [ASPEED_DEV_VBOOTROM]  =  0x00000000,
> +    [ASPEED_DEV_IOMEM]     =  0x00020000,

how useful is that region ? Are there any devices mapping registers
in this window ? If not, I would remove it since there are no missing
parts and invalid accesses should already be logged by QEMU.


Thanks,

C.




>       [ASPEED_DEV_SRAM]      =  0x10000000,
>       [ASPEED_DEV_DPMCU]     =  0x11000000,
>       [ASPEED_DEV_IOMEM0]    =  0x12000000,