From: "Cédric Le Goater" <clg@kaod.org>
To: <pdel@fb.com>
Cc: patrick@stwcx.xyz, rashmica.g@gmail.com, f4bug@amsat.org,
joel@jms.id.au, qemu-devel@nongnu.org
Subject: Re: [PATCH 1/1] hw: aspeed_gpio: Fix GPIO array indexing
Date: Mon, 4 Oct 2021 13:43:44 +0200 [thread overview]
Message-ID: <74fefbb4-af1c-a95e-a747-74866a8ad44c@kaod.org> (raw)
In-Reply-To: <c1d2a714-1073-310b-e75c-2f6b5b5a025f@kaod.org>
On 10/4/21 11:07, Cédric Le Goater wrote:
> On 9/28/21 05:43, pdel@fb.com wrote:
>> From: Peter Delevoryas <pdel@fb.com>
>>
>> The gpio array is declared as a dense array:
>>
>> qemu_irq gpios[ASPEED_GPIO_NR_PINS];
>>
>> (AST2500 has 228, AST2400 has 216, AST2600 has 208)
>>
>> However, this array is used like a matrix of GPIO sets
>> (e.g. gpio[NR_SETS][NR_PINS_PER_SET] = gpio[8][32])
>>
>> size_t offset = set * GPIOS_PER_SET + gpio;
>> qemu_set_irq(s->gpios[offset], !!(new & mask));
>>
>> This can result in an out-of-bounds access to "s->gpios" because the
>> gpio sets do _not_ have the same length. Some of the groups (e.g.
>> GPIOAB) only have 4 pins. 228 != 8 * 32 == 256.
>>
>> To fix this, I converted the gpio array from dense to sparse, to match
>> both the hardware layout and this existing indexing code.
>>
>> Fixes: 4b7f956862dc2db4c5c ("hw/gpio: Add basic Aspeed GPIO model for AST2400 and AST2500")
>> Signed-off-by: Peter Delevoryas <pdel@fb.com>
>
>
> This patch is raising an error in qtest-arm/qom-test when compiled
> with clang :
>
> Running test qtest-arm/qom-test
> Unexpected error in object_property_try_add() at ../qom/object.c:1224:
> qemu-system-arm: attempt to add duplicate property 'gpio0' to object (type 'aspeed.gpio-ast2600-1_8v')
> Broken pipe
> ERROR qtest-arm/qom-test - too few tests run (expected 78, got 0)
> make: *** [Makefile.mtest:24: run-test-1] Error 1
The GPIOSetProperties arrary is smaller for the ast2600_1_8v model :
static GPIOSetProperties ast2600_1_8v_set_props[] = {
[0] = {0xffffffff, 0xffffffff, {"18A", "18B", "18C", "18D"} },
[1] = {0x0000000f, 0x0000000f, {"18E"} },
};
and in aspeed_gpio_init() :
for (int i = 0; i < ASPEED_GPIO_MAX_NR_SETS; i++) {
we loop beyond.
To configure compilation with clang, use the configure option :
--cc=clang
and simply run 'make check-qtest-arm'
Thanks
C.
next prev parent reply other threads:[~2021-10-04 11:46 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-28 3:43 [PATCH 0/1] hw: aspeed_gpio: Fix GPIO array indexing pdel
2021-09-28 3:43 ` [PATCH 1/1] " pdel
2021-10-04 9:07 ` Cédric Le Goater
2021-10-04 11:43 ` Cédric Le Goater [this message]
2021-10-08 3:19 ` Peter Delevoryas
2021-09-30 0:46 ` [PATCH 0/1] " Peter Delevoryas
-- strict thread matches above, loose matches on Subject: below --
2021-09-24 6:19 pdel
2021-09-24 6:19 ` [PATCH 1/1] " pdel
2021-09-25 11:02 ` Philippe Mathieu-Daudé
2021-09-25 14:28 ` Peter Delevoryas
2021-09-27 10:05 ` Cédric Le Goater
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=74fefbb4-af1c-a95e-a747-74866a8ad44c@kaod.org \
--to=clg@kaod.org \
--cc=f4bug@amsat.org \
--cc=joel@jms.id.au \
--cc=patrick@stwcx.xyz \
--cc=pdel@fb.com \
--cc=qemu-devel@nongnu.org \
--cc=rashmica.g@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).