|
From: | Philippe Mathieu-Daudé |
Subject: | Re: [PATCH 2/3] m25p80: Improve command handling for Jedec and unsupported commands |
Date: | Tue, 4 Feb 2020 13:27:59 +0100 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 |
On 2/4/20 9:53 AM, Cédric Le Goater wrote:
On 2/3/20 7:09 PM, Guenter Roeck wrote:Always report 6 bytes of JEDEC data. Fill remaining data with 0. For unsupported commands, keep sending a value of 0 until the chip is deselected. Both changes avoid attempts to decode random commands. Up to now this happened if the reported Jedec data was shorter than 6 bytes but the host read 6 bytes, and with all unsupported commands.Do you have a concrete example for that ? machine and flash model.Signed-off-by: Guenter Roeck <address@hidden> --- hw/block/m25p80.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c index 63e050d7d3..aca75edcc1 100644 --- a/hw/block/m25p80.c +++ b/hw/block/m25p80.c @@ -1040,8 +1040,11 @@ static void decode_new_cmd(Flash *s, uint32_t value) for (i = 0; i < s->pi->id_len; i++) { s->data[i] = s->pi->id[i]; } + for (; i < SPI_NOR_MAX_ID_LEN; i++) { + s->data[i] = 0; + }It seems that data should be reseted in m25p80_cs() also.
I am not sure, since a guest can queue various requests in a single frame. Guenter patch seems correct to me.
All the others uses in decode_new_cmd() fill data[] up to the correct length, so are safe.
In complete_collecting_data() the access to data[] should be protected by STATE_COLLECTING_VAR_LEN_DATA (state only changes when enough data).
- s->len = s->pi->id_len;+ s->len = SPI_NOR_MAX_ID_LEN; s->pos = 0; s->state = STATE_READING_DATA; break; @@ -1158,6 +1161,11 @@ static void decode_new_cmd(Flash *s, uint32_t value) s->quad_enable = false; break; default: + s->pos = 0; + s->len = 1; + s->state = STATE_READING_DATA; + s->data_read_loop = true; + s->data[0] = 0; qemu_log_mask(LOG_GUEST_ERROR, "M25P80: Unknown cmd %x\n", value); break; }
[Prev in Thread] | Current Thread | [Next in Thread] |