riscv
/
qemu
mirror of https://gitea.goldendeliverer.com/riscv/qemu.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

hw/intc/loongarch_pch_pic: Fix ubsan warning and endianness issue 

When booting the Linux kernel from tests/functional/test_loongarch64_virt.py
with a QEMU that has been compiled with --enable-ubsan, there is
a warning like this:

 .../hw/intc/loongarch_pch_pic.c:171:46: runtime error: index 512 out of
  bounds for type 'uint8_t[64]' (aka 'unsigned char[64]')
 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
  .../hw/intc/loongarch_pch_pic.c:171:46
 .../hw/intc/loongarch_pch_pic.c:175:45: runtime error: index 256 out of
  bounds for type 'uint8_t[64]' (aka 'unsigned char[64]')
 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
  .../hw/intc/loongarch_pch_pic.c:175:45

It happens because "addr" is added first before substracting the base
(PCH_PIC_HTMSI_VEC or PCH_PIC_ROUTE_ENTRY).
Additionally, this code looks like it is not endianness safe, since
it uses a 64-bit pointer to write values into an array of 8-bit values.

Thus rework the code to use the stq_le_p / ldq_le_p helpers here
and make sure that we do not create pointers with undefined behavior
by accident.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: Song Gao <gaosong@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
pull/298/head
Thomas Huth 8 months ago
committed by Song Gao
parent
96e7448c1f
commit
86bca40402
1 changed files with 8 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      hw/intc/loongarch_pch_pic.c

15
hw/intc/loongarch_pch_pic.c
View File

@ -110,10 +110,10 @@ static uint64_t pch_pic_read(void *opaque, hwaddr addr, uint64_t field_mask)
val = s->int_polarity;
break;
case PCH_PIC_HTMSI_VEC ... PCH_PIC_HTMSI_VEC_END:
val = *(uint64_t *)(s->htmsi_vector + addr - PCH_PIC_HTMSI_VEC);
val = ldq_le_p(&s->htmsi_vector[addr - PCH_PIC_HTMSI_VEC]);
break;
case PCH_PIC_ROUTE_ENTRY ... PCH_PIC_ROUTE_ENTRY_END:
val = *(uint64_t *)(s->route_entry + addr - PCH_PIC_ROUTE_ENTRY);
val = ldq_le_p(&s->route_entry[addr - PCH_PIC_ROUTE_ENTRY]);
break;
default:
qemu_log_mask(LOG_GUEST_ERROR,
@ -129,7 +129,8 @@ static void pch_pic_write(void *opaque, hwaddr addr, uint64_t value,
{
LoongArchPICCommonState *s = LOONGARCH_PIC_COMMON(opaque);
uint32_t offset;
uint64_t old, mask, data, *ptemp;
uint64_t old, mask, data;
void *ptemp;
offset = addr & 7;
addr -= offset;
@ -168,12 +169,12 @@ static void pch_pic_write(void *opaque, hwaddr addr, uint64_t value,
s->int_polarity = (s->int_polarity & ~mask) | data;
break;
case PCH_PIC_HTMSI_VEC ... PCH_PIC_HTMSI_VEC_END:
ptemp = (uint64_t *)(s->htmsi_vector + addr - PCH_PIC_HTMSI_VEC);
*ptemp = (*ptemp & ~mask) | data;
ptemp = &s->htmsi_vector[addr - PCH_PIC_HTMSI_VEC];
stq_le_p(ptemp, (ldq_le_p(ptemp) & ~mask) | data);
break;
case PCH_PIC_ROUTE_ENTRY ... PCH_PIC_ROUTE_ENTRY_END:
ptemp = (uint64_t *)(s->route_entry + addr - PCH_PIC_ROUTE_ENTRY);
*ptemp = (*ptemp & ~mask) | data;
ptemp = (uint64_t *)&s->route_entry[addr - PCH_PIC_ROUTE_ENTRY];
stq_le_p(ptemp, (ldq_le_p(ptemp) & ~mask) | data);
break;
default:
qemu_log_mask(LOG_GUEST_ERROR,

Write Preview
Loading…
Cancel
Save