From: "Jiaxun Yang" <jiaxun.yang@flygoat.com>
To: "Huacai Chen" <chenhuacai@kernel.org>,
"BALATON Zoltan" <balaton@eik.bme.hu>
Cc: "Peter Maydell" <peter.maydell@linaro.org>,
"Philippe Mathieu-Daudé" <f4bug@amsat.org>,
"Aurelien Jarno" <aurelien@aurel32.net>,
"BALATON Zoltan via" <qemu-devel@nongnu.org>
Subject: Re: [PULL 23/35] hw/intc: Rework Loongson LIOINTC
Date: Mon, 11 Jan 2021 09:33:51 +0800 [thread overview]
Message-ID: <3f383a52-6583-4c60-8f24-a24e6b95c068@www.fastmail.com> (raw)
In-Reply-To: <CAAhV-H71-wrTfDWN9zH2gU4gdJkCpMk5EDfAi1W1d4jXA3OkZg@mail.gmail.com>
On Mon, Jan 11, 2021, at 8:36 AM, Huacai Chen wrote:
> I think R_END should be 0x60, Jiaxun, what do you think?
U r right.
The manual is misleading.
Thanks.
- Jiaxun
>
> Huacai
>
> On Mon, Jan 11, 2021 at 5:51 AM BALATON Zoltan <balaton@eik.bme.hu> wrote:
> >
> > On Sun, 10 Jan 2021, Philippe Mathieu-Daudé wrote:
> > > Hi Peter, Huacai,
> > >
> > > On 1/10/21 8:49 PM, Peter Maydell wrote:
> > >> On Sun, 3 Jan 2021 at 21:11, Philippe Mathieu-Daudé <f4bug@amsat.org> wrote:
> > >>>
> > >>> From: Huacai Chen <chenhuacai@kernel.org>
> > >>>
> > >>> As suggested by Philippe Mathieu-Daudé, rework Loongson's liointc:
> > >>> 1, Move macro definitions to loongson_liointc.h;
> > >>> 2, Remove magic values and use macros instead;
> > >>> 3, Replace dead D() code by trace events.
> > >>>
> > >>> Suggested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> > >>> Signed-off-by: Huacai Chen <chenhuacai@kernel.org>
> > >>> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> > >>> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> > >>> Message-Id: <20201221110538.3186646-2-chenhuacai@kernel.org>
> > >>> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> > >>> ---
> > >>> include/hw/intc/loongson_liointc.h | 22 ++++++++++++++++++
> > >>> hw/intc/loongson_liointc.c | 36 +++++++++++++-----------------
> > >>> 2 files changed, 38 insertions(+), 20 deletions(-)
> > >>> create mode 100644 include/hw/intc/loongson_liointc.h
> > >>
> > >> Hi; Coverity complains about a possible array overrun
> > >> in this commit:
> > >>
> > >>
> > >>> @@ -40,13 +39,10 @@
> > >>> #define R_IEN 0x24
> > >>> #define R_IEN_SET 0x28
> > >>> #define R_IEN_CLR 0x2c
> > >>> -#define R_PERCORE_ISR(x) (0x40 + 0x8 * x)
> > >>> +#define R_ISR_SIZE 0x8
> > >>> +#define R_START 0x40
> > >>> #define R_END 0x64
> > >>>
> > >>> -#define TYPE_LOONGSON_LIOINTC "loongson.liointc"
> > >>> -DECLARE_INSTANCE_CHECKER(struct loongson_liointc, LOONGSON_LIOINTC,
> > >>> - TYPE_LOONGSON_LIOINTC)
> > >>> -
> > >>> struct loongson_liointc {
> > >>> SysBusDevice parent_obj;
> > >>>
> > >>> @@ -123,14 +119,13 @@ liointc_read(void *opaque, hwaddr addr, unsigned int size)
> > >>> goto out;
> > >>> }
> > >>>
> > >>> - /* Rest is 4 byte */
> > >>> + /* Rest are 4 bytes */
> > >>> if (size != 4 || (addr % 4)) {
> > >>> goto out;
> > >>> }
> > >>>
> >
> > Expanding macros in the following:
> >
> > >>> - if (addr >= R_PERCORE_ISR(0) &&
> > >>> - addr < R_PERCORE_ISR(NUM_CORES)) {
> > >>> - int core = (addr - R_PERCORE_ISR(0)) / 8;
> >
> > if (addr >= (0x40 + 0x8 * 0) && addr < (0x40 + 0x8 * 4))
> > ->
> > if (addr >= 0x40 && addr < 0x60)
> > int core = (addr - 0x40) / 8;
> >
> >
> > >>> + if (addr >= R_START && addr < R_END) {
> > >>> + int core = (addr - R_START) / R_ISR_SIZE;
> >
> > if (addr >= 0x40 && addr < 0x64)
> > int core = (addr - 0x40) / 0x8;
> >
> > R_END seems to be off by 4 in the above. Should it be 0x60?
> >
> > Regards,
> > BALATON Zoltan
> >
> > >> R_END is 0x64 and R_START is 0x40, so if addr is 0x60
> > >> then addr - R_START is 0x32 and so core here is 4.
> > >> However p->per_core_isr[] only has 4 entries, so this will
> > >> be off the end of the array.
> > >>
> > >> This is CID 1438965.
> > >>
> > >>> r = p->per_core_isr[core];
> > >>> goto out;
> > >>> }
> > >>
> > >>> - if (addr >= R_PERCORE_ISR(0) &&
> > >>> - addr < R_PERCORE_ISR(NUM_CORES)) {
> > >>> - int core = (addr - R_PERCORE_ISR(0)) / 8;
> > >>> + if (addr >= R_START && addr < R_END) {
> > >>> + int core = (addr - R_START) / R_ISR_SIZE;
> > >>> p->per_core_isr[core] = value;
> > >>> goto out;
> > >>> }
> > >>
> > >> Same thing here, CID 1438967.
> > >
> > > Thanks Peter.
> > >
> > > Huacai, can you have a look please?
> > >
> > > Thanks,
> > >
> > > Phil.
> > >
> > >
>
--
- Jiaxun
next prev parent reply other threads:[~2021-01-11 1:36 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-03 20:49 [PULL 00/35] MIPS patches for 2021-01-03 Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 01/35] hw/pci-host: Use the PCI_BUILD_BDF() macro from 'hw/pci/pci.h' Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 02/35] hw/pci-host/uninorth: Use the PCI_FUNC() " Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 03/35] hw: Use the PCI_SLOT() " Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 04/35] hw: Use the PCI_DEVFN() " Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 05/35] hw/pci-host/bonito: Display hexadecimal value with '0x' prefix Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 06/35] hw/pci-host/bonito: Use pci_config_set_interrupt_pin() Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 07/35] vt82c686: Rename AC97/MC97 parts from VT82C686B to VIA Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 08/35] vt82c686: Remove unnecessary _DEVICE suffix from type macros Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 09/35] vt82c686: Rename VT82C686B to VT82C686B_ISA Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 10/35] vt82c686: Remove vt82c686b_[am]c97_init() functions Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 11/35] vt82c686: Split off via-[am]c97 into separate file in hw/audio Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 12/35] audio/via-ac97: Simplify code and set user_creatable to false Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 13/35] vt82c686: Remove legacy vt82c686b_isa_init() function Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 14/35] vt82c686: Remove legacy vt82c686b_pm_init() function Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 15/35] vt82c686: Convert debug printf to trace points Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 16/35] vt82c686: Remove unneeded includes and defines Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 17/35] vt82c686: Use shorter name for local variable holding object state Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 18/35] vt82c686: Rename superio config related parts Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 19/35] clock: Introduce clock_ticks_to_ns() Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 20/35] target/mips: Don't use clock_get_ns() in clock period calculation Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 21/35] clock: Remove clock_get_ns() Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 22/35] clock: Define and use new clock_display_freq() Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 23/35] hw/intc: Rework Loongson LIOINTC Philippe Mathieu-Daudé
2021-01-10 19:49 ` Peter Maydell
2021-01-10 21:34 ` Philippe Mathieu-Daudé
2021-01-10 21:51 ` BALATON Zoltan
2021-01-11 0:36 ` Huacai Chen
2021-01-11 1:33 ` Jiaxun Yang [this message]
2021-01-11 10:20 ` BALATON Zoltan
2021-01-11 10:35 ` Peter Maydell
2021-01-11 10:52 ` BALATON Zoltan
2021-01-12 0:35 ` Jiaxun Yang
2021-01-03 20:50 ` [PULL 24/35] hw/mips: Implement fw_cfg_arch_key_name() Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 25/35] hw/mips: Add Loongson-3 boot parameter helpers Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 26/35] hw/mips: Add Loongson-3 machine support Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 27/35] docs/system: Update MIPS machine documentation Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 28/35] hw/mips: Make bootloader addresses unsigned Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 29/35] hw/mips/malta: Use address translation helper to calculate bootloader_run_addr Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 30/35] hw/mips: Use address translation helper to handle ENVP_ADDR Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 31/35] hw/mips/fuloong2e: Remove define DEBUG_FULOONG2E_INIT Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 32/35] hw/mips/fuloong2e: Replace faulty documentation links Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 33/35] hw/mips/fuloong2e: Remove unused env entry Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 34/35] hw/mips/fuloong2e: Correct cpuclock in PROM environment Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 35/35] tests/acceptance: Test boot_linux_console for fuloong2e Philippe Mathieu-Daudé
2021-01-04 11:41 ` [PULL 00/35] MIPS patches for 2021-01-03 Peter Maydell
2021-01-04 11:50 ` Peter Maydell
2021-01-04 13:53 ` Philippe Mathieu-Daudé
2021-01-04 13:59 ` Philippe Mathieu-Daudé
2021-01-04 15:01 ` Peter Maydell
2021-01-04 17:39 ` Philippe Mathieu-Daudé
2021-01-04 18:24 ` Philippe Mathieu-Daudé
2021-01-04 18:30 ` Philippe Mathieu-Daudé
2021-01-05 1:53 ` Huacai Chen
2021-01-05 8:44 ` Philippe Mathieu-Daudé
2021-01-05 9:36 ` Philippe Mathieu-Daudé
2021-01-05 13:17 ` Peter Maydell
2021-01-05 15:14 ` Philippe Mathieu-Daudé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3f383a52-6583-4c60-8f24-a24e6b95c068@www.fastmail.com \
--to=jiaxun.yang@flygoat.com \
--cc=aurelien@aurel32.net \
--cc=balaton@eik.bme.hu \
--cc=chenhuacai@kernel.org \
--cc=f4bug@amsat.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).