[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-9.1.1 44/49] hw/char/pl011: Use correct masks for IBRD and FBRD
|
From: |
Michael Tokarev |
|
Subject: |
[Stable-9.1.1 44/49] hw/char/pl011: Use correct masks for IBRD and FBRD |
|
Date: |
Wed, 16 Oct 2024 23:10:03 +0300 |
From: Peter Maydell <peter.maydell@linaro.org>
In commit b88cfee90268cad we defined masks for the IBRD and FBRD
integer and fractional baud rate divider registers, to prevent the
guest from writing invalid values which could cause division-by-zero.
Unfortunately we got the mask values the wrong way around: the FBRD
register is six bits and the IBRD register is 16 bits, not
vice-versa.
You would only run into this bug if you programmed the UART to a baud
rate of less than 9600, because for 9600 baud and above the IBRD
value will fit into 6 bits, as per the table in
https://developer.arm.com/documentation/ddi0183/g/programmers-model/register-descriptions/fractional-baud-rate-register--uartfbrd
The only visible effects would be that the value read back from
the register by the guest would be truncated, and we would
print an incorrect baud rate in the debug logs.
Cc: qemu-stable@nongnu.org
Fixes: b88cfee90268 ("hw/char/pl011: Avoid division-by-zero in
pl011_get_baudrate()")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2610
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Gavin Shan <gshan@redhat.com>
Message-id: 20241007144732.2491331-1-peter.maydell@linaro.org
(cherry picked from commit cd247eae16ab1b9ce97fd34c000c1b883feeda45)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/char/pl011.c b/hw/char/pl011.c
index f8078aa216..949e9d0e0d 100644
--- a/hw/char/pl011.c
+++ b/hw/char/pl011.c
@@ -88,10 +88,10 @@ DeviceState *pl011_create(hwaddr addr, qemu_irq irq,
Chardev *chr)
#define CR_LBE (1 << 7)
/* Integer Baud Rate Divider, UARTIBRD */
-#define IBRD_MASK 0x3f
+#define IBRD_MASK 0xffff
/* Fractional Baud Rate Divider, UARTFBRD */
-#define FBRD_MASK 0xffff
+#define FBRD_MASK 0x3f
static const unsigned char pl011_id_arm[8] =
{ 0x11, 0x10, 0x14, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
--
2.39.5
- [Stable-9.1.1 34/49] linux-user: Fix parse_elf_properties GNU0_MAGIC check, (continued)
- [Stable-9.1.1 34/49] linux-user: Fix parse_elf_properties GNU0_MAGIC check, Michael Tokarev, 2024/10/16
- [Stable-9.1.1 35/49] tcg/ppc: Use TCG_REG_TMP2 for scratch tcg_out_qemu_st, Michael Tokarev, 2024/10/16
- [Stable-9.1.1 36/49] tcg/ppc: Use TCG_REG_TMP2 for scratch index in prepare_host_addr, Michael Tokarev, 2024/10/16
- [Stable-9.1.1 37/49] target/m68k: Always return a temporary from gen_lea_mode, Michael Tokarev, 2024/10/16
- [Stable-9.1.1 38/49] meson: fix machine option for x86_version, Michael Tokarev, 2024/10/16
- [Stable-9.1.1 39/49] meson: define qemu_isa_flags, Michael Tokarev, 2024/10/16
- [Stable-9.1.1 40/49] meson: ensure -mcx16 is passed when detecting ATOMIC128, Michael Tokarev, 2024/10/16
- [Stable-9.1.1 41/49] hw/intc/arm_gicv3: Add cast to match the documentation, Michael Tokarev, 2024/10/16
- [Stable-9.1.1 42/49] hw/intc/arm_gicv3: Add cast to match the documentation, Michael Tokarev, 2024/10/16
- [Stable-9.1.1 43/49] hw/intc/arm_gicv3_cpuif: Add cast to match the documentation, Michael Tokarev, 2024/10/16
- [Stable-9.1.1 44/49] hw/char/pl011: Use correct masks for IBRD and FBRD,
Michael Tokarev <=
- [Stable-9.1.1 45/49] hw/audio/hda: free timer on exit, Michael Tokarev, 2024/10/16
- [Stable-9.1.1 46/49] hw/audio/hda: fix memory leak on audio setup, Michael Tokarev, 2024/10/16
- [Stable-9.1.1 47/49] ui/dbus: fix leak on message filtering, Michael Tokarev, 2024/10/16
- [Stable-9.1.1 48/49] ui/win32: fix potential use-after-free with dbus shared memory, Michael Tokarev, 2024/10/16
- [Stable-9.1.1 49/49] ui/dbus: fix filtering all update messages, Michael Tokarev, 2024/10/16
- Re: [Stable-9.1.1 00/49] Patch Round-up for stable 9.1.1, freeze on 2024-10-16 (frozen), Paolo Bonzini, 2024/10/17