From: Paolo Bonzini <pbonzini@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: "Richard Henderson" <richard.henderson@linaro.org>,
"QEMU Developers" <qemu-devel@nongnu.org>,
"Philippe Mathieu-Daudé" <f4bug@amsat.org>
Subject: Re: [PULL 19/92] hw/char/serial: Assert serial_ioport_read/write offset fits 8 bytes
Date: Wed, 18 Nov 2020 18:08:03 +0100 [thread overview]
Message-ID: <4215d17b-e0fa-881a-0f22-d545905a3bd5@redhat.com> (raw)
In-Reply-To: <CAFEAcA9Utr2mCGyi7+8Yg16KSYhoP=3+hJa=wN6_AdG8TB0a8g@mail.gmail.com>
On 18/11/20 16:40, Peter Maydell wrote:
> On Thu, 24 Sep 2020 at 10:40, Paolo Bonzini <pbonzini@redhat.com> wrote:
>>
>> From: Philippe Mathieu-Daudé <f4bug@amsat.org>
>>
>> The serial device has 8 registers, each 8-bit. The MemoryRegionOps
>> 'serial_io_ops' is initialized with max_access_size=1, and all
>> memory_region_init_io() callers correctly set the region size to
>> 8 bytes:
>> - serial_io_realize
>> - serial_isa_realizefn
>> - serial_pci_realize
>> - multi_serial_pci_realize
>>
>> It is safe to assert the offset argument of serial_ioport_read()
>> and serial_ioport_write() is always less than 8.
>>
>> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
>> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
>> Message-Id: <20200907015535.827885-2-f4bug@amsat.org>
>> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
>> ---
>> hw/char/serial.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/hw/char/serial.c b/hw/char/serial.c
>> index fd80ae5592..840da89de7 100644
>> --- a/hw/char/serial.c
>> +++ b/hw/char/serial.c
>> @@ -344,7 +344,7 @@ static void serial_ioport_write(void *opaque, hwaddr addr, uint64_t val,
>> {
>> SerialState *s = opaque;
>>
>> - addr &= 7;
>> + assert(size == 1 && addr < 8);
>> trace_serial_ioport_write(addr, val);
>> switch(addr) {
>> default:
>
> Bug report https://bugs.launchpad.net/qemu/+bug/1904331
> points out that the addition of this assert() makes obvious
> that either the assert is wrong or some code later in the
> function which is looking at size must be dead:
> if (size == 1) {
> s->divider = (s->divider & 0xff00) | val;
> } else {
> s->divider = val;
> }
>
> Presumably it's the if() that should be fixed ?
It can be dropped, because serial_io_ops has
.impl = {
.min_access_size = 1,
.max_access_size = 1,
},
Therefore, a 16-bit write to addr==0 is automatically split into an
8-byte write to addr==0 and one to addr=1. Together, the two set the
full 16 bits of s->divider.
Thanks,
Paolo
next prev parent reply other threads:[~2020-11-18 17:09 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-24 9:21 [PULL 00/92] Misc patches for 2020-09-24 Paolo Bonzini
2020-09-24 9:21 ` [PULL 01/92] tests: add missing genh dependency Paolo Bonzini
2020-09-24 9:21 ` [PULL 02/92] meson: clean up build_by_default Paolo Bonzini
2020-09-24 9:21 ` [PULL 03/92] ninjatool: rebuild multi-output targets if outputs are missing Paolo Bonzini
2020-09-24 9:21 ` [PULL 04/92] meson: fix MSI rule Paolo Bonzini
2020-09-24 9:21 ` [PULL 05/92] meson: error out if qemu_suffix starts with / Paolo Bonzini
2020-09-24 9:21 ` [PULL 06/92] WHPX: vmware cpuid leaf for tsc and apic frequency Paolo Bonzini
2020-09-24 9:21 ` [PULL 07/92] configure: Do not intent to build WHPX on 32-bit host Paolo Bonzini
2020-09-24 9:21 ` [PULL 08/92] MAINTAINERS: add Paolo Bonzini as RCU maintainer Paolo Bonzini
2020-09-24 9:21 ` [PULL 09/92] target/i386: support KVM_FEATURE_ASYNC_PF_INT Paolo Bonzini
2020-09-24 9:21 ` [PULL 10/92] memory: Convert IOMMUMemoryRegionClass doc comment to kernel-doc Paolo Bonzini
2020-09-24 9:21 ` [PULL 11/92] vhost-scsi: support inflight io track Paolo Bonzini
2020-09-24 9:21 ` [PULL 12/92] acpi: i386: Move VMBus DSDT entry to SB Paolo Bonzini
2020-09-24 9:21 ` [PULL 13/92] numa: drop support for '-numa node' (without memory specified) Paolo Bonzini
2020-09-24 9:21 ` [PULL 14/92] doc: Cleanup "'-mem-path' fallback to RAM" deprecation text Paolo Bonzini
2020-09-24 9:21 ` [PULL 15/92] numa: remove fixup numa_state->num_nodes to MAX_NODES Paolo Bonzini
2020-09-24 9:21 ` [PULL 16/92] hw/mips/mipssim: Use MMIO serial device on fake ISA I/O Paolo Bonzini
2020-09-24 9:21 ` [PULL 17/92] hw/char/serial: Remove TYPE_SERIAL_IO Paolo Bonzini
2020-09-24 9:22 ` [PULL 18/92] configure: rename QEMU_GA_MSI_ENABLED to CONFIG_QGA_MSI Paolo Bonzini
2020-09-24 9:22 ` [PULL 19/92] hw/char/serial: Assert serial_ioport_read/write offset fits 8 bytes Paolo Bonzini
2020-11-18 15:40 ` Peter Maydell
2020-11-18 17:08 ` Paolo Bonzini [this message]
2020-11-18 18:37 ` Philippe Mathieu-Daudé
2020-09-24 9:22 ` [PULL 20/92] hw/char/serial: Replace commented DPRINTF() by trace event Paolo Bonzini
2020-09-24 9:22 ` [PULL 21/92] hw/char/serial: Remove old DEBUG_SERIAL commented code Paolo Bonzini
2020-09-24 9:22 ` [PULL 22/92] hw/char/serial: Rename I/O read/write trace events Paolo Bonzini
2020-09-24 9:22 ` [PULL 23/92] hw/char/serial: Make 'wakeup' property boolean Paolo Bonzini
2020-09-24 9:22 ` [PULL 24/92] hw/char/serial-{isa, pci}: Alias QDEV properties from generic serial object Paolo Bonzini
2020-09-24 9:22 ` [PULL 25/92] scsi-generic: Fix HM-zoned device scan Paolo Bonzini
2020-09-24 9:22 ` [PULL 26/92] hw: megasas: return -1 when 'megasas_map_sgl' fails Paolo Bonzini
2020-09-24 9:22 ` [PULL 27/92] hw: megasas: consider 'iov_count=0' is an error in megasas_map_sgl Paolo Bonzini
2020-09-24 9:22 ` [PULL 28/92] i386/cpu: Clear FEAT_XSAVE_COMP_{LO, HI} when XSAVE is not available Paolo Bonzini
2020-09-24 9:22 ` [PULL 29/92] meson: move libudev test Paolo Bonzini
2020-09-24 9:22 ` [PULL 30/92] meson: move libmpathpersist test Paolo Bonzini
2020-09-24 9:22 ` [PULL 31/92] meson: extend libmpathpersist test for static linking Paolo Bonzini
2020-09-24 9:22 ` [PULL 32/92] configure: move malloc_trim/tcmalloc/jemalloc to meson Paolo Bonzini
2020-09-24 9:22 ` [PULL 33/92] configure: fix --meson=/path/to/meson Paolo Bonzini
2020-09-24 9:22 ` [PULL 34/92] configure: move cocoa option to Meson Paolo Bonzini
2020-09-24 9:22 ` [PULL 35/92] configure: do not limit Hypervisor.framework test to Darwin Paolo Bonzini
2020-09-24 9:22 ` [PULL 36/92] meson: qtest: set "depends" correctly Paolo Bonzini
2020-09-24 9:22 ` [PULL 37/92] mtest2make: add support for introspected test dependencies Paolo Bonzini
2020-09-24 9:22 ` [PULL 38/92] meson: report accelerator support Paolo Bonzini
2020-09-24 9:22 ` [PULL 39/92] oslib: do not call g_strdup from qemu_get_exec_dir Paolo Bonzini
2020-09-24 9:22 ` [PULL 40/92] fuzz: use qemu_get_exec_dir Paolo Bonzini
2020-09-24 9:22 ` [PULL 41/92] oslib-posix: default exec_dir to bindir Paolo Bonzini
2020-09-24 9:22 ` [PULL 42/92] cutils: introduce get_relocated_path Paolo Bonzini
2020-11-02 18:05 ` Peter Maydell
2020-11-02 18:09 ` Peter Maydell
2020-09-24 9:22 ` [PULL 43/92] oslib-posix: relocate path to /var Paolo Bonzini
2020-09-24 9:22 ` [PULL 44/92] module: relocate path to modules Paolo Bonzini
2020-09-24 9:22 ` [PULL 45/92] net: relocate paths to helpers and scripts Paolo Bonzini
2020-09-24 9:22 ` [PULL 46/92] vl: relocate paths to data directories Paolo Bonzini
2020-09-24 9:22 ` [PULL 47/92] vl: relocate path to configuration file Paolo Bonzini
2020-09-24 9:22 ` [PULL 48/92] qemu-bridge-helper: relocate path to default ACL Paolo Bonzini
2020-09-24 9:22 ` [PULL 49/92] qga: relocate path to default configuration and hook Paolo Bonzini
2020-09-24 9:22 ` [PULL 50/92] ui: relocate paths to icons and translations Paolo Bonzini
2020-09-24 9:22 ` [PULL 51/92] configure: use a platform-neutral prefix Paolo Bonzini
2020-09-24 9:22 ` [PULL 52/92] hw/i386/q35: Remove unreachable Xen code on Q35 machine Paolo Bonzini
2020-09-24 9:22 ` [PULL 53/92] exec: Remove MemoryRegion::global_locking field Paolo Bonzini
2020-09-24 9:22 ` [PULL 54/92] checkpatch: avoid error on cover letter files Paolo Bonzini
2020-09-24 9:22 ` [PULL 55/92] meson: fix installation of keymaps Paolo Bonzini
2020-09-24 9:22 ` [PULL 56/92] configure: fix performance regression due to PIC objects Paolo Bonzini
2020-09-24 9:22 ` [PULL 57/92] oss-fuzz: move linker arg to fix coverage-build Paolo Bonzini
2020-09-24 9:22 ` [PULL 58/92] tests/tcg: reinstate or replace desired parts of rules.mak Paolo Bonzini
2020-09-24 9:22 ` [PULL 59/92] configure: cleanup invocation of submodule Make Paolo Bonzini
2020-09-24 9:22 ` [PULL 60/92] configure: cleanup CFLAGS and LDFLAGS for submodules Paolo Bonzini
2020-09-24 9:22 ` [PULL 61/92] configure: do not clobber environment CFLAGS/CXXFLAGS/LDFLAGS Paolo Bonzini
2020-09-24 9:22 ` [PULL 62/92] configure: consistently pass CFLAGS/CXXFLAGS/LDFLAGS to meson Paolo Bonzini
2020-09-24 9:22 ` [PULL 63/92] smp: drop support for deprecated (invalid topologies) Paolo Bonzini
2020-09-24 9:22 ` [PULL 64/92] cphp: remove deprecated cpu-add command(s) Paolo Bonzini
2020-09-24 9:22 ` [PULL 65/92] char: fix logging when chardev write fails Paolo Bonzini
2020-09-24 9:22 ` [PULL 66/92] qom: Document all function parameters in doc comments Paolo Bonzini
2020-09-24 9:22 ` [PULL 67/92] qom: Use kernel-doc private/public tags in structs Paolo Bonzini
2020-09-24 9:22 ` [PULL 68/92] qom: Use ``code`` Sphinx syntax where appropriate Paolo Bonzini
2020-09-24 9:22 ` [PULL 69/92] qom: Add kernel-doc markup to introduction doc comment Paolo Bonzini
2020-09-24 9:22 ` [PULL 70/92] qom: Reformat section titles using Sphinx syntax Paolo Bonzini
2020-09-24 9:22 ` [PULL 71/92] qom: Indent existing code examples Paolo Bonzini
2020-09-24 9:22 ` [PULL 72/92] qom: Add code block markup to all code blocks Paolo Bonzini
2020-09-24 9:22 ` [PULL 73/92] docs: Create docs/devel/qom.rst Paolo Bonzini
2020-09-24 9:22 ` [PULL 74/92] docs: Move object.h overview doc comment to qom.rst Paolo Bonzini
2020-09-24 9:22 ` [PULL 75/92] hw/i386/xen: Rename X86/PC specific function as xen_hvm_init_pc() Paolo Bonzini
2020-09-24 9:22 ` [PULL 76/92] sysemu/xen: Add missing 'exec/cpu-common.h' header for ram_addr_t type Paolo Bonzini
2020-09-24 9:22 ` [PULL 77/92] stubs: Split accelerator / hardware related stubs Paolo Bonzini
2020-09-24 9:23 ` [PULL 78/92] hw/xen: Split x86-specific declaration from generic hardware ones Paolo Bonzini
2020-09-24 9:23 ` [PULL 79/92] typedefs: Restrict PCMachineState to 'hw/i386/pc.h' Paolo Bonzini
2020-09-24 9:23 ` [PULL 80/92] checkpatch: Detect '%#' or '%0#' in printf-style format strings Paolo Bonzini
2020-09-24 9:23 ` [PULL 81/92] helper_syscall x86_64: clear exception_is_int Paolo Bonzini
2020-09-24 9:23 ` [PULL 82/92] target/i386: Fix VM migration when interrupt based APF is enabled Paolo Bonzini
2020-09-24 9:23 ` [PULL 83/92] target/i386: always create kvmclock device Paolo Bonzini
2020-09-24 9:23 ` [PULL 84/92] bios-tables-test: Remove kernel-irqchip=off option Paolo Bonzini
2020-09-24 9:23 ` [PULL 85/92] target/i386: kvm: do not use kvm_check_extension to find paravirtual capabilities Paolo Bonzini
2020-09-24 9:23 ` [PULL 86/92] net/can: Initial host SocketCan support for CAN FD Paolo Bonzini
2020-09-24 9:23 ` [PULL 87/92] hw/net/can: sja1000 ignore CAN FD frames Paolo Bonzini
2020-09-24 9:23 ` [PULL 88/92] net/can: Add can_dlc2len and can_len2dlc for CAN FD Paolo Bonzini
2020-09-24 9:23 ` [PULL 89/92] hw/net/can/ctucafd: Add CTU CAN FD core register definitions Paolo Bonzini
2020-09-24 9:23 ` [PULL 90/92] hw/net/can: CTU CAN FD IP open hardware core emulation Paolo Bonzini
2020-11-02 16:32 ` Peter Maydell
2020-09-24 9:23 ` [PULL 91/92] hw/net/can: Documentation for " Paolo Bonzini
2020-09-24 9:23 ` [PULL 92/92] hw/net/can: Correct Kconfig dependencies Paolo Bonzini
2020-09-24 11:16 ` [PULL 00/92] Misc patches for 2020-09-24 no-reply
2020-09-25 10:08 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4215d17b-e0fa-881a-0f22-d545905a3bd5@redhat.com \
--to=pbonzini@redhat.com \
--cc=f4bug@amsat.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).