From: "Cédric Le Goater" <clg@kaod.org>
To: Steven Lee <steven_lee@aspeedtech.com>,
Peter Maydell <peter.maydell@linaro.org>,
Troy Lee <leetroy@gmail.com>,
Jamin Lin <jamin_lin@aspeedtech.com>,
Andrew Jeffery <andrew@codeconstruct.com.au>,
Joel Stanley <joel@jms.id.au>,
"open list:ASPEED BMCs" <qemu-arm@nongnu.org>,
"open list:All patches CC here" <qemu-devel@nongnu.org>
Cc: troy_lee@aspeedtech.com, longzl2@lenovo.com, yunlin.tang@aspeedtech.com
Subject: Re: [PATCH v1 1/3] hw/arm/aspeed_ast2700-fc: Fix null pointer dereference in ca35 init
Date: Mon, 12 May 2025 10:08:55 +0200 [thread overview]
Message-ID: <cfb3ec2f-b9f0-4016-892c-bcdad95f548e@kaod.org> (raw)
In-Reply-To: <20250507101005.1474823-2-steven_lee@aspeedtech.com>
On 5/7/25 12:10, Steven Lee wrote:
> Clang's sanitizer reports a runtime error when booting with
> '-net nic -net user', due to a null pointer being passed
> to memory_region_find(), which subsequently triggers a crash in
> flatview_lookup().
>
> The root cause is that CA35 memory region is not mapped to system
> memory. In addition, unconfigured NICs (due to missing peers)
> lead to a cascade of warnings and possibly misbehavior.
>
> Fix by:
> - Reduce ca35 ram size to 1GiB to match the ast2700a1-evb.
> - Map ca35_memory into system memory
> - Add nic configuration in ast2700fc's ca35 init function.
>
> Signed-off-by: Steven Lee <steven_lee@aspeedtech.com>
> Change-Id: Id9c0e6f16861c64a11f6299afb6ef02eb4086041
As said earlier, please try to remove these tags.
> ---
> hw/arm/aspeed_ast27x0-fc.c | 16 ++++++++++++++--
> 1 file changed, 14 insertions(+), 2 deletions(-)
>
> diff --git a/hw/arm/aspeed_ast27x0-fc.c b/hw/arm/aspeed_ast27x0-fc.c
> index 125a3ade40..ccba5fc8a1 100644
> --- a/hw/arm/aspeed_ast27x0-fc.c
> +++ b/hw/arm/aspeed_ast27x0-fc.c
> @@ -48,7 +48,7 @@ struct Ast2700FCState {
> bool mmio_exec;
> };
>
> -#define AST2700FC_BMC_RAM_SIZE (2 * GiB)
> +#define AST2700FC_BMC_RAM_SIZE (1 * GiB)
why ?
> #define AST2700FC_CM4_DRAM_SIZE (32 * MiB)
>
> #define AST2700FC_HW_STRAP1 0x000000C0
> @@ -59,6 +59,7 @@ struct Ast2700FCState {
> static void ast2700fc_ca35_init(MachineState *machine)
> {
> Ast2700FCState *s = AST2700A1FC(machine);
> + AspeedMachineClass *amc = ASPEED_MACHINE_GET_CLASS(machine);
> AspeedSoCState *soc;
> AspeedSoCClass *sc;
>
> @@ -68,6 +69,7 @@ static void ast2700fc_ca35_init(MachineState *machine)
>
> memory_region_init(&s->ca35_memory, OBJECT(&s->ca35), "ca35-memory",
> UINT64_MAX);
> + memory_region_add_subregion(get_system_memory(), 0, &s->ca35_memory);
I think this belongs to another patch. Please also modify the fby35
machine which suffers from the same problem regarding the global
system memory usage.
Thanks,
C.
> if (!memory_region_init_ram(&s->ca35_dram, OBJECT(&s->ca35), "ca35-dram",
> AST2700FC_BMC_RAM_SIZE, &error_abort)) {
> @@ -86,6 +88,14 @@ static void ast2700fc_ca35_init(MachineState *machine)
> AST2700FC_BMC_RAM_SIZE, &error_abort)) {
> return;
> }
> +
> + for (int i = 0; i < sc->macs_num; i++) {
> + if ((amc->macs_mask & (1 << i)) &&
> + !qemu_configure_nic_device(DEVICE(&soc->ftgmac100[i]),
> + true, NULL)) {
> + break;
> + }
> + }
> if (!object_property_set_int(OBJECT(&s->ca35), "hw-strap1",
> AST2700FC_HW_STRAP1, &error_abort)) {
> return;
> @@ -171,6 +181,7 @@ static void ast2700fc_init(MachineState *machine)
> static void ast2700fc_class_init(ObjectClass *oc, const void *data)
> {
> MachineClass *mc = MACHINE_CLASS(oc);
> + AspeedMachineClass *amc = ASPEED_MACHINE_CLASS(oc);
>
> mc->alias = "ast2700fc";
> mc->desc = "ast2700 full core support";
> @@ -178,12 +189,13 @@ static void ast2700fc_class_init(ObjectClass *oc, const void *data)
> mc->no_floppy = 1;
> mc->no_cdrom = 1;
> mc->min_cpus = mc->max_cpus = mc->default_cpus = 6;
> + amc->macs_mask = ASPEED_MAC0_ON | ASPEED_MAC1_ON | ASPEED_MAC2_ON;
> }
>
> static const TypeInfo ast2700fc_types[] = {
> {
> .name = MACHINE_TYPE_NAME("ast2700fc"),
> - .parent = TYPE_MACHINE,
> + .parent = TYPE_ASPEED_MACHINE,
> .class_init = ast2700fc_class_init,
> .instance_size = sizeof(Ast2700FCState),
> },
next prev parent reply other threads:[~2025-05-12 8:09 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-07 10:10 [PATCH v1 0/3] hw/arm/aspeed_ast2700-fc: Fix null pointer dereference Steven Lee via
2025-05-07 10:10 ` [PATCH v1 1/3] hw/arm/aspeed_ast2700-fc: Fix null pointer dereference in ca35 init Steven Lee via
2025-05-12 8:08 ` Cédric Le Goater [this message]
2025-05-12 10:00 ` Steven Lee
2025-05-07 10:10 ` [PATCH v1 2/3] hw/arm/aspeed_ast27x0: Fix unimplemented region overlap with vbootrom Steven Lee via
2025-05-12 13:18 ` Cédric Le Goater
2025-05-07 10:10 ` [PATCH v1 3/3] docs: Remove ast2700fc from Aspeed family boards Steven Lee via
2025-05-12 7:37 ` Cédric Le Goater
2025-05-12 9:42 ` Steven Lee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cfb3ec2f-b9f0-4016-892c-bcdad95f548e@kaod.org \
--to=clg@kaod.org \
--cc=andrew@codeconstruct.com.au \
--cc=jamin_lin@aspeedtech.com \
--cc=joel@jms.id.au \
--cc=leetroy@gmail.com \
--cc=longzl2@lenovo.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=steven_lee@aspeedtech.com \
--cc=troy_lee@aspeedtech.com \
--cc=yunlin.tang@aspeedtech.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).