From: Alexandra Diupina <adiupina@astralinux.ru>
To: Alistair Francis <alistair@alistair23.me>
Cc: Alexandra Diupina <adiupina@astralinux.ru>,
"Konrad, Frederic" <Frederic.Konrad@amd.com>,
"Edgar E. Iglesias" <edgar.iglesias@gmail.com>,
Peter Maydell <peter.maydell@linaro.org>,
qemu-arm@nongnu.org, qemu-devel@nongnu.org,
sdl.qemu@linuxtesting.org
Subject: [PATCH v3] fix endianness bug
Date: Thu, 25 Apr 2024 16:41:15 +0300 [thread overview]
Message-ID: <20240425134115.32057-1-adiupina@astralinux.ru> (raw)
In-Reply-To: <074c9cbb-939e-4fb1-87a9-235626bf3a94@linaro.org>
Add xlnx_dpdma_read_descriptor() and
xlnx_dpdma_write_descriptor() functions.
xlnx_dpdma_read_descriptor() combines reading a
descriptor from desc_addr by calling dma_memory_read()
and swapping the desc fields from guest memory order
to host memory order. xlnx_dpdma_write_descriptor()
performs similar actions when writing a descriptor.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: d3c6369a96 ("introduce xlnx-dpdma")
Signed-off-by: Alexandra Diupina <adiupina@astralinux.ru>
---
v3: add xlnx_dpdma_write_descriptor()
v2: minor changes in xlnx_dpdma_read_descriptor()
hw/dma/xlnx_dpdma.c | 59 ++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 55 insertions(+), 4 deletions(-)
diff --git a/hw/dma/xlnx_dpdma.c b/hw/dma/xlnx_dpdma.c
index dd66be5265..7845f43221 100644
--- a/hw/dma/xlnx_dpdma.c
+++ b/hw/dma/xlnx_dpdma.c
@@ -614,6 +614,59 @@ static void xlnx_dpdma_register_types(void)
type_register_static(&xlnx_dpdma_info);
}
+static MemTxResult xlnx_dpdma_read_descriptor(XlnxDPDMAState *s,
+ uint64_t desc_addr, DPDMADescriptor *desc)
+{
+ if (dma_memory_read(&address_space_memory, desc_addr, &desc,
+ sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED))
+ return MEMTX_ERROR;
+
+ /* Convert from LE into host endianness. */
+ desc->control = le32_to_cpu(desc->control);
+ desc->descriptor_id = le32_to_cpu(desc->descriptor_id);
+ desc->xfer_size = le32_to_cpu(desc->xfer_size);
+ desc->line_size_stride = le32_to_cpu(desc->line_size_stride);
+ desc->timestamp_lsb = le32_to_cpu(desc->timestamp_lsb);
+ desc->timestamp_msb = le32_to_cpu(desc->timestamp_msb);
+ desc->address_extension = le32_to_cpu(desc->address_extension);
+ desc->next_descriptor = le32_to_cpu(desc->next_descriptor);
+ desc->source_address = le32_to_cpu(desc->source_address);
+ desc->address_extension_23 = le32_to_cpu(desc->address_extension_23);
+ desc->address_extension_45 = le32_to_cpu(desc->address_extension_45);
+ desc->source_address2 = le32_to_cpu(desc->source_address2);
+ desc->source_address3 = le32_to_cpu(desc->source_address3);
+ desc->source_address4 = le32_to_cpu(desc->source_address4);
+ desc->source_address5 = le32_to_cpu(desc->source_address5);
+ desc->crc = le32_to_cpu(desc->crc);
+
+ return MEMTX_OK;
+}
+
+static void xlnx_dpdma_write_descriptor(uint64_t desc_addr,
+ DPDMADescriptor *desc)
+{
+ /* Convert from host endianness into LE. */
+ desc->control = cpu_to_le32(desc->control);
+ desc->descriptor_id = cpu_to_le32(desc->descriptor_id);
+ desc->xfer_size = cpu_to_le32(desc->xfer_size);
+ desc->line_size_stride = cpu_to_le32(desc->line_size_stride);
+ desc->timestamp_lsb = cpu_to_le32(desc->timestamp_lsb);
+ desc->timestamp_msb = cpu_to_le32(desc->timestamp_msb);
+ desc->address_extension = cpu_to_le32(desc->address_extension);
+ desc->next_descriptor = cpu_to_le32(desc->next_descriptor);
+ desc->source_address = cpu_to_le32(desc->source_address);
+ desc->address_extension_23 = cpu_to_le32(desc->address_extension_23);
+ desc->address_extension_45 = cpu_to_le32(desc->address_extension_45);
+ desc->source_address2 = cpu_to_le32(desc->source_address2);
+ desc->source_address3 = cpu_to_le32(desc->source_address3);
+ desc->source_address4 = cpu_to_le32(desc->source_address4);
+ desc->source_address5 = cpu_to_le32(desc->source_address5);
+ desc->crc = cpu_to_le32(desc->crc);
+
+ dma_memory_write(&address_space_memory, desc_addr, &desc,
+ sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED);
+}
+
size_t xlnx_dpdma_start_operation(XlnxDPDMAState *s, uint8_t channel,
bool one_desc)
{
@@ -651,8 +704,7 @@ size_t xlnx_dpdma_start_operation(XlnxDPDMAState *s, uint8_t channel,
desc_addr = xlnx_dpdma_descriptor_next_address(s, channel);
}
- if (dma_memory_read(&address_space_memory, desc_addr, &desc,
- sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED)) {
+ if (xlnx_dpdma_read_descriptor(s, desc_addr, &desc)) {
s->registers[DPDMA_EISR] |= ((1 << 1) << channel);
xlnx_dpdma_update_irq(s);
s->operation_finished[channel] = true;
@@ -755,8 +807,7 @@ size_t xlnx_dpdma_start_operation(XlnxDPDMAState *s, uint8_t channel,
/* The descriptor need to be updated when it's completed. */
DPRINTF("update the descriptor with the done flag set.\n");
xlnx_dpdma_desc_set_done(&desc);
- dma_memory_write(&address_space_memory, desc_addr, &desc,
- sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED);
+ xlnx_dpdma_write_descriptor(desc_addr, &desc);
}
if (xlnx_dpdma_desc_completion_interrupt(&desc)) {
--
2.30.2
next prev parent reply other threads:[~2024-04-25 13:42 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-12 8:13 [PATCH RFC] prevent overflow in xlnx_dpdma_desc_get_source_address() Alexandra Diupina
2024-04-12 10:06 ` Peter Maydell
2024-04-16 17:56 ` Alexandra Diupina
2024-04-16 18:30 ` Edgar E. Iglesias
2024-04-17 10:05 ` Konrad, Frederic
2024-04-23 10:23 ` Alexandra Diupina
2024-04-23 10:51 ` Peter Maydell
2024-04-24 12:53 ` [PATCH v2 RFC] fix host-endianness bug and prevent overflow Alexandra Diupina
2024-04-24 16:04 ` Peter Maydell
2024-04-24 18:13 ` [PATCH] fix host-endianness bug Alexandra Diupina
2024-04-25 9:26 ` Peter Maydell
2024-04-25 10:07 ` [PATCH v2] " Alexandra Diupina
2024-04-25 10:42 ` Philippe Mathieu-Daudé
2024-04-25 13:41 ` Alexandra Diupina [this message]
2024-04-25 15:24 ` [PATCH v3] fix endianness bug Richard Henderson
2024-04-24 18:13 ` [PATCH] fix bit fields extraction and prevent overflow Alexandra Diupina
2024-04-25 19:25 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240425134115.32057-1-adiupina@astralinux.ru \
--to=adiupina@astralinux.ru \
--cc=Frederic.Konrad@amd.com \
--cc=alistair@alistair23.me \
--cc=edgar.iglesias@gmail.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=sdl.qemu@linuxtesting.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.