* [PULL 0/2] hw/ufs: fixes
@ 2023-10-12 6:31 Jeuk Kim
2023-10-12 6:31 ` [PULL 1/2] hw/ufs: Fix code coverity issues Jeuk Kim
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Jeuk Kim @ 2023-10-12 6:31 UTC (permalink / raw)
To: stefanha, qemu-devel; +Cc: pbonzini, qemu-block, jeuk20.kim, bmeng.cn
From: Jeuk Kim <jeuk20.kim@samsung.com>
The following changes since commit a51e5124a655b3dad80b36b18547cb1eca2c5eb2:
Merge tag 'pull-omnibus-111023-1' of https://gitlab.com/stsquad/qemu into staging (2023-10-11 09:43:10 -0400)
are available in the Git repository at:
https://gitlab.com/jeuk20.kim/qemu.git tags/pull-ufs-20231012
for you to fetch changes up to 8466aa53d623377e114895c6563face25370d7da:
hw/ufs: Fix incorrect register fields (2023-10-12 14:29:20 +0900)
----------------------------------------------------------------
hw/ufs: fixes
----------------------------------------------------------------
Jeuk Kim (2):
hw/ufs: Fix code coverity issues
hw/ufs: Fix incorrect register fields
hw/ufs/lu.c | 16 +++++++---------
hw/ufs/ufs.c | 10 +++++-----
include/block/ufs.h | 4 ++--
tests/qtest/ufs-test.c | 2 +-
4 files changed, 15 insertions(+), 17 deletions(-)
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PULL 1/2] hw/ufs: Fix code coverity issues
2023-10-12 6:31 [PULL 0/2] hw/ufs: fixes Jeuk Kim
@ 2023-10-12 6:31 ` Jeuk Kim
2023-10-12 6:31 ` [PULL 2/2] hw/ufs: Fix incorrect register fields Jeuk Kim
2023-10-12 17:22 ` [PULL 0/2] hw/ufs: fixes Stefan Hajnoczi
2 siblings, 0 replies; 4+ messages in thread
From: Jeuk Kim @ 2023-10-12 6:31 UTC (permalink / raw)
To: stefanha, qemu-devel; +Cc: pbonzini, qemu-block, jeuk20.kim, bmeng.cn
From: Jeuk Kim <jeuk20.kim@samsung.com>
Fixed four ufs-related coverity issues.
The coverity issues and fixes are as follows
1. CID 1519042: Security issue with the rand() function
Changed to use a fixed value (0xab) instead of rand() as
the value for testing
2. CID 1519043: Dereference after null check
Removed useless (redundant) null checks
3. CID 1519050: Out-of-bounds access issue
Fix to pass an array type variable to find_first_bit and
find_next_bit using DECLARE_BITMAP()
4. CID 1519051: Out-of-bounds read issue
Fix incorrect range check for lun
Fix coverity CID: 1519042 1519043 1519050 1519051
Signed-off-by: Jeuk Kim <jeuk20.kim@samsung.com>
---
hw/ufs/lu.c | 16 +++++++---------
hw/ufs/ufs.c | 10 +++++-----
tests/qtest/ufs-test.c | 2 +-
3 files changed, 13 insertions(+), 15 deletions(-)
diff --git a/hw/ufs/lu.c b/hw/ufs/lu.c
index e1c46bddb1..13b5e37b53 100644
--- a/hw/ufs/lu.c
+++ b/hw/ufs/lu.c
@@ -1345,13 +1345,12 @@ static void ufs_lu_realize(SCSIDevice *dev, Error **errp)
return;
}
- if (lu->qdev.conf.blk) {
- ctx = blk_get_aio_context(lu->qdev.conf.blk);
- aio_context_acquire(ctx);
- if (!blkconf_blocksizes(&lu->qdev.conf, errp)) {
- goto out;
- }
+ ctx = blk_get_aio_context(lu->qdev.conf.blk);
+ aio_context_acquire(ctx);
+ if (!blkconf_blocksizes(&lu->qdev.conf, errp)) {
+ goto out;
}
+
lu->qdev.blocksize = UFS_BLOCK_SIZE;
blk_get_geometry(lu->qdev.conf.blk, &nb_sectors);
nb_blocks = nb_sectors / (lu->qdev.blocksize / BDRV_SECTOR_SIZE);
@@ -1367,10 +1366,9 @@ static void ufs_lu_realize(SCSIDevice *dev, Error **errp)
}
ufs_lu_brdv_init(lu, errp);
+
out:
- if (ctx) {
- aio_context_release(ctx);
- }
+ aio_context_release(ctx);
}
static void ufs_lu_unrealize(SCSIDevice *dev)
diff --git a/hw/ufs/ufs.c b/hw/ufs/ufs.c
index 0ecedb9aed..b73eb3deaf 100644
--- a/hw/ufs/ufs.c
+++ b/hw/ufs/ufs.c
@@ -258,7 +258,7 @@ static void ufs_irq_check(UfsHc *u)
static void ufs_process_db(UfsHc *u, uint32_t val)
{
- unsigned long doorbell;
+ DECLARE_BITMAP(doorbell, UFS_MAX_NUTRS);
uint32_t slot;
uint32_t nutrs = u->params.nutrs;
UfsRequest *req;
@@ -268,8 +268,8 @@ static void ufs_process_db(UfsHc *u, uint32_t val)
return;
}
- doorbell = val;
- slot = find_first_bit(&doorbell, nutrs);
+ memcpy(doorbell, &val, sizeof(val));
+ slot = find_first_bit(doorbell, nutrs);
while (slot < nutrs) {
req = &u->req_list[slot];
@@ -285,7 +285,7 @@ static void ufs_process_db(UfsHc *u, uint32_t val)
trace_ufs_process_db(slot);
req->state = UFS_REQUEST_READY;
- slot = find_next_bit(&doorbell, nutrs, slot + 1);
+ slot = find_next_bit(doorbell, nutrs, slot + 1);
}
qemu_bh_schedule(u->doorbell_bh);
@@ -838,7 +838,7 @@ static QueryRespCode ufs_read_unit_desc(UfsRequest *req)
uint8_t lun = req->req_upiu.qr.index;
if (lun != UFS_UPIU_RPMB_WLUN &&
- (lun > UFS_MAX_LUS || u->lus[lun] == NULL)) {
+ (lun >= UFS_MAX_LUS || u->lus[lun] == NULL)) {
trace_ufs_err_query_invalid_index(req->req_upiu.qr.opcode, lun);
return UFS_QUERY_RESULT_INVALID_INDEX;
}
diff --git a/tests/qtest/ufs-test.c b/tests/qtest/ufs-test.c
index ed3dbca154..15d467630c 100644
--- a/tests/qtest/ufs-test.c
+++ b/tests/qtest/ufs-test.c
@@ -497,7 +497,7 @@ static void ufstest_read_write(void *obj, void *data, QGuestAllocator *alloc)
g_assert_cmpuint(block_size, ==, 4096);
/* Write data */
- memset(write_buf, rand() % 255 + 1, block_size);
+ memset(write_buf, 0xab, block_size);
ufs_send_scsi_command(ufs, 0, 1, write_cdb, write_buf, block_size, NULL, 0,
&utrd, &rsp_upiu);
g_assert_cmpuint(le32_to_cpu(utrd.header.dword_2), ==, UFS_OCS_SUCCESS);
--
2.34.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PULL 2/2] hw/ufs: Fix incorrect register fields
2023-10-12 6:31 [PULL 0/2] hw/ufs: fixes Jeuk Kim
2023-10-12 6:31 ` [PULL 1/2] hw/ufs: Fix code coverity issues Jeuk Kim
@ 2023-10-12 6:31 ` Jeuk Kim
2023-10-12 17:22 ` [PULL 0/2] hw/ufs: fixes Stefan Hajnoczi
2 siblings, 0 replies; 4+ messages in thread
From: Jeuk Kim @ 2023-10-12 6:31 UTC (permalink / raw)
To: stefanha, qemu-devel; +Cc: pbonzini, qemu-block, jeuk20.kim, bmeng.cn, Bin Meng
From: Jeuk Kim <jeuk20.kim@samsung.com>
This patch fixes invalid ufs register fields.
This fixes an issue reported by Bin Meng that
caused ufs to fail over riscv.
Fixes: bc4e68d362ec ("hw/ufs: Initial commit for emulated Universal-Flash-Storage")
Signed-off-by: Jeuk Kim <jeuk20.kim@samsung.com>
Reported-by: Bin Meng <bmeng@tinylab.org>
Reviewed-by: Bin Meng <bmeng@tinylab.org>
Tested-by: Bin Meng <bmeng@tinylab.org>
---
include/block/ufs.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/block/ufs.h b/include/block/ufs.h
index fd884eb8ce..7631a5af10 100644
--- a/include/block/ufs.h
+++ b/include/block/ufs.h
@@ -111,14 +111,14 @@ REG32(UECT, offsetof(UfsReg, uect))
REG32(UECDME, offsetof(UfsReg, uecdme))
REG32(UTRIACR, offsetof(UfsReg, utriacr))
REG32(UTRLBA, offsetof(UfsReg, utrlba))
- FIELD(UTRLBA, UTRLBA, 9, 22)
+ FIELD(UTRLBA, UTRLBA, 10, 22)
REG32(UTRLBAU, offsetof(UfsReg, utrlbau))
REG32(UTRLDBR, offsetof(UfsReg, utrldbr))
REG32(UTRLCLR, offsetof(UfsReg, utrlclr))
REG32(UTRLRSR, offsetof(UfsReg, utrlrsr))
REG32(UTRLCNR, offsetof(UfsReg, utrlcnr))
REG32(UTMRLBA, offsetof(UfsReg, utmrlba))
- FIELD(UTMRLBA, UTMRLBA, 9, 22)
+ FIELD(UTMRLBA, UTMRLBA, 10, 22)
REG32(UTMRLBAU, offsetof(UfsReg, utmrlbau))
REG32(UTMRLDBR, offsetof(UfsReg, utmrldbr))
REG32(UTMRLCLR, offsetof(UfsReg, utmrlclr))
--
2.34.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PULL 0/2] hw/ufs: fixes
2023-10-12 6:31 [PULL 0/2] hw/ufs: fixes Jeuk Kim
2023-10-12 6:31 ` [PULL 1/2] hw/ufs: Fix code coverity issues Jeuk Kim
2023-10-12 6:31 ` [PULL 2/2] hw/ufs: Fix incorrect register fields Jeuk Kim
@ 2023-10-12 17:22 ` Stefan Hajnoczi
2 siblings, 0 replies; 4+ messages in thread
From: Stefan Hajnoczi @ 2023-10-12 17:22 UTC (permalink / raw)
To: Jeuk Kim; +Cc: stefanha, qemu-devel, pbonzini, qemu-block, jeuk20.kim, bmeng.cn
On Thu, 12 Oct 2023 at 02:33, Jeuk Kim <jeuk20.kim@gmail.com> wrote:
>
> From: Jeuk Kim <jeuk20.kim@samsung.com>
>
> The following changes since commit a51e5124a655b3dad80b36b18547cb1eca2c5eb2:
>
> Merge tag 'pull-omnibus-111023-1' of https://gitlab.com/stsquad/qemu into staging (2023-10-11 09:43:10 -0400)
>
> are available in the Git repository at:
>
> https://gitlab.com/jeuk20.kim/qemu.git tags/pull-ufs-20231012
>
> for you to fetch changes up to 8466aa53d623377e114895c6563face25370d7da:
>
> hw/ufs: Fix incorrect register fields (2023-10-12 14:29:20 +0900)
>
> ----------------------------------------------------------------
> hw/ufs: fixes
The following CI failure has occurred:
>>> QTEST_QEMU_STORAGE_DAEMON_BINARY=./storage-daemon/qemu-storage-daemon G_TEST_DBUS_DAEMON=/home/gitlab-runner/builds/-LCfcJ2T/0/qemu-project/qemu/tests/dbus-vmstate-daemon.sh QTEST_QEMU_IMG=./qemu-img QTEST_QEMU_BINARY=./qemu-system-aarch64 MALLOC_PERTURB_=72 /home/gitlab-runner/builds/-LCfcJ2T/0/qemu-project/qemu/build/tests/qtest/qos-test --tap -k
――――――――――――――――――――――――――――――――――――― ✀ ―――――――――――――――――――――――――――――――――――――
stderr:
**
ERROR:../tests/qtest/ufs-test.c:113:ufs_send_nop_out:
'FIELD_EX32(ufs_rreg(ufs, A_IS), IS, UTRCS)' should be TRUE
(test program exited with status code -6)
https://gitlab.com/qemu-project/qemu/-/jobs/5281094630
Please take a look and send a v2 pull request once it has been fixed. Thanks!
Stefan
>
> ----------------------------------------------------------------
> Jeuk Kim (2):
> hw/ufs: Fix code coverity issues
> hw/ufs: Fix incorrect register fields
>
> hw/ufs/lu.c | 16 +++++++---------
> hw/ufs/ufs.c | 10 +++++-----
> include/block/ufs.h | 4 ++--
> tests/qtest/ufs-test.c | 2 +-
> 4 files changed, 15 insertions(+), 17 deletions(-)
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-10-12 17:23 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-12 6:31 [PULL 0/2] hw/ufs: fixes Jeuk Kim
2023-10-12 6:31 ` [PULL 1/2] hw/ufs: Fix code coverity issues Jeuk Kim
2023-10-12 6:31 ` [PULL 2/2] hw/ufs: Fix incorrect register fields Jeuk Kim
2023-10-12 17:22 ` [PULL 0/2] hw/ufs: fixes Stefan Hajnoczi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).