From: Peter Maydell <peter.maydell@linaro.org>
To: "Philippe Mathieu-Daudé" <f4bug@amsat.org>
Cc: Huacai Chen <chenhuacai@kernel.org>,
QEMU Developers <qemu-devel@nongnu.org>,
Aurelien Jarno <aurelien@aurel32.net>
Subject: Re: [PULL 23/35] hw/intc: Rework Loongson LIOINTC
Date: Sun, 10 Jan 2021 19:49:55 +0000 [thread overview]
Message-ID: <CAFEAcA_YqAiiLRY08-gACmKOCf2mat3AaBGnyRK0Jc+aK-iuOw@mail.gmail.com> (raw)
In-Reply-To: <20210103205021.2837760-24-f4bug@amsat.org>
On Sun, 3 Jan 2021 at 21:11, Philippe Mathieu-Daudé <f4bug@amsat.org> wrote:
>
> From: Huacai Chen <chenhuacai@kernel.org>
>
> As suggested by Philippe Mathieu-Daudé, rework Loongson's liointc:
> 1, Move macro definitions to loongson_liointc.h;
> 2, Remove magic values and use macros instead;
> 3, Replace dead D() code by trace events.
>
> Suggested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> Signed-off-by: Huacai Chen <chenhuacai@kernel.org>
> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> Message-Id: <20201221110538.3186646-2-chenhuacai@kernel.org>
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
> include/hw/intc/loongson_liointc.h | 22 ++++++++++++++++++
> hw/intc/loongson_liointc.c | 36 +++++++++++++-----------------
> 2 files changed, 38 insertions(+), 20 deletions(-)
> create mode 100644 include/hw/intc/loongson_liointc.h
Hi; Coverity complains about a possible array overrun
in this commit:
> @@ -40,13 +39,10 @@
> #define R_IEN 0x24
> #define R_IEN_SET 0x28
> #define R_IEN_CLR 0x2c
> -#define R_PERCORE_ISR(x) (0x40 + 0x8 * x)
> +#define R_ISR_SIZE 0x8
> +#define R_START 0x40
> #define R_END 0x64
>
> -#define TYPE_LOONGSON_LIOINTC "loongson.liointc"
> -DECLARE_INSTANCE_CHECKER(struct loongson_liointc, LOONGSON_LIOINTC,
> - TYPE_LOONGSON_LIOINTC)
> -
> struct loongson_liointc {
> SysBusDevice parent_obj;
>
> @@ -123,14 +119,13 @@ liointc_read(void *opaque, hwaddr addr, unsigned int size)
> goto out;
> }
>
> - /* Rest is 4 byte */
> + /* Rest are 4 bytes */
> if (size != 4 || (addr % 4)) {
> goto out;
> }
>
> - if (addr >= R_PERCORE_ISR(0) &&
> - addr < R_PERCORE_ISR(NUM_CORES)) {
> - int core = (addr - R_PERCORE_ISR(0)) / 8;
> + if (addr >= R_START && addr < R_END) {
> + int core = (addr - R_START) / R_ISR_SIZE;
R_END is 0x64 and R_START is 0x40, so if addr is 0x60
then addr - R_START is 0x32 and so core here is 4.
However p->per_core_isr[] only has 4 entries, so this will
be off the end of the array.
This is CID 1438965.
> r = p->per_core_isr[core];
> goto out;
> }
> - if (addr >= R_PERCORE_ISR(0) &&
> - addr < R_PERCORE_ISR(NUM_CORES)) {
> - int core = (addr - R_PERCORE_ISR(0)) / 8;
> + if (addr >= R_START && addr < R_END) {
> + int core = (addr - R_START) / R_ISR_SIZE;
> p->per_core_isr[core] = value;
> goto out;
> }
Same thing here, CID 1438967.
thanks
-- PMM
next prev parent reply other threads:[~2021-01-10 19:51 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-03 20:49 [PULL 00/35] MIPS patches for 2021-01-03 Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 01/35] hw/pci-host: Use the PCI_BUILD_BDF() macro from 'hw/pci/pci.h' Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 02/35] hw/pci-host/uninorth: Use the PCI_FUNC() " Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 03/35] hw: Use the PCI_SLOT() " Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 04/35] hw: Use the PCI_DEVFN() " Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 05/35] hw/pci-host/bonito: Display hexadecimal value with '0x' prefix Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 06/35] hw/pci-host/bonito: Use pci_config_set_interrupt_pin() Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 07/35] vt82c686: Rename AC97/MC97 parts from VT82C686B to VIA Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 08/35] vt82c686: Remove unnecessary _DEVICE suffix from type macros Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 09/35] vt82c686: Rename VT82C686B to VT82C686B_ISA Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 10/35] vt82c686: Remove vt82c686b_[am]c97_init() functions Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 11/35] vt82c686: Split off via-[am]c97 into separate file in hw/audio Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 12/35] audio/via-ac97: Simplify code and set user_creatable to false Philippe Mathieu-Daudé
2021-01-03 20:49 ` [PULL 13/35] vt82c686: Remove legacy vt82c686b_isa_init() function Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 14/35] vt82c686: Remove legacy vt82c686b_pm_init() function Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 15/35] vt82c686: Convert debug printf to trace points Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 16/35] vt82c686: Remove unneeded includes and defines Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 17/35] vt82c686: Use shorter name for local variable holding object state Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 18/35] vt82c686: Rename superio config related parts Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 19/35] clock: Introduce clock_ticks_to_ns() Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 20/35] target/mips: Don't use clock_get_ns() in clock period calculation Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 21/35] clock: Remove clock_get_ns() Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 22/35] clock: Define and use new clock_display_freq() Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 23/35] hw/intc: Rework Loongson LIOINTC Philippe Mathieu-Daudé
2021-01-10 19:49 ` Peter Maydell [this message]
2021-01-10 21:34 ` Philippe Mathieu-Daudé
2021-01-10 21:51 ` BALATON Zoltan
2021-01-11 0:36 ` Huacai Chen
2021-01-11 1:33 ` Jiaxun Yang
2021-01-11 10:20 ` BALATON Zoltan
2021-01-11 10:35 ` Peter Maydell
2021-01-11 10:52 ` BALATON Zoltan
2021-01-12 0:35 ` Jiaxun Yang
2021-01-03 20:50 ` [PULL 24/35] hw/mips: Implement fw_cfg_arch_key_name() Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 25/35] hw/mips: Add Loongson-3 boot parameter helpers Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 26/35] hw/mips: Add Loongson-3 machine support Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 27/35] docs/system: Update MIPS machine documentation Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 28/35] hw/mips: Make bootloader addresses unsigned Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 29/35] hw/mips/malta: Use address translation helper to calculate bootloader_run_addr Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 30/35] hw/mips: Use address translation helper to handle ENVP_ADDR Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 31/35] hw/mips/fuloong2e: Remove define DEBUG_FULOONG2E_INIT Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 32/35] hw/mips/fuloong2e: Replace faulty documentation links Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 33/35] hw/mips/fuloong2e: Remove unused env entry Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 34/35] hw/mips/fuloong2e: Correct cpuclock in PROM environment Philippe Mathieu-Daudé
2021-01-03 20:50 ` [PULL 35/35] tests/acceptance: Test boot_linux_console for fuloong2e Philippe Mathieu-Daudé
2021-01-04 11:41 ` [PULL 00/35] MIPS patches for 2021-01-03 Peter Maydell
2021-01-04 11:50 ` Peter Maydell
2021-01-04 13:53 ` Philippe Mathieu-Daudé
2021-01-04 13:59 ` Philippe Mathieu-Daudé
2021-01-04 15:01 ` Peter Maydell
2021-01-04 17:39 ` Philippe Mathieu-Daudé
2021-01-04 18:24 ` Philippe Mathieu-Daudé
2021-01-04 18:30 ` Philippe Mathieu-Daudé
2021-01-05 1:53 ` Huacai Chen
2021-01-05 8:44 ` Philippe Mathieu-Daudé
2021-01-05 9:36 ` Philippe Mathieu-Daudé
2021-01-05 13:17 ` Peter Maydell
2021-01-05 15:14 ` Philippe Mathieu-Daudé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFEAcA_YqAiiLRY08-gACmKOCf2mat3AaBGnyRK0Jc+aK-iuOw@mail.gmail.com \
--to=peter.maydell@linaro.org \
--cc=aurelien@aurel32.net \
--cc=chenhuacai@kernel.org \
--cc=f4bug@amsat.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).