[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2] fix host-endianness bug
From: |
Alexandra Diupina |
Subject: |
[PATCH v2] fix host-endianness bug |
Date: |
Thu, 25 Apr 2024 13:07:18 +0300 |
Add a function xlnx_dpdma_read_descriptor() that
combines reading the descriptor from desc_addr
by calling dma_memory_read() and swapping desc
fields from guest memory order to host memory order.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: d3c6369a96 ("introduce xlnx-dpdma")
Signed-off-by: Alexandra Diupina <adiupina@astralinux.ru>
---
v2:minor changes in xlnx_dpdma_read_descriptor()
hw/dma/xlnx_dpdma.c | 31 +++++++++++++++++++++++++++++--
1 file changed, 29 insertions(+), 2 deletions(-)
diff --git a/hw/dma/xlnx_dpdma.c b/hw/dma/xlnx_dpdma.c
index dd66be5265..62a0952377 100644
--- a/hw/dma/xlnx_dpdma.c
+++ b/hw/dma/xlnx_dpdma.c
@@ -614,6 +614,34 @@ static void xlnx_dpdma_register_types(void)
type_register_static(&xlnx_dpdma_info);
}
+static MemTxResult xlnx_dpdma_read_descriptor(XlnxDPDMAState *s,
+ uint64_t desc_addr, DPDMADescriptor *desc)
+{
+ if (dma_memory_read(&address_space_memory, desc_addr, &desc,
+ sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED))
+ return MEMTX_ERROR;
+
+ /* Convert from LE into host endianness. */
+ desc->control = le32_to_cpu(desc->control);
+ desc->descriptor_id = le32_to_cpu(desc->descriptor_id);
+ desc->xfer_size = le32_to_cpu(desc->xfer_size);
+ desc->line_size_stride = le32_to_cpu(desc->line_size_stride);
+ desc->timestamp_lsb = le32_to_cpu(desc->timestamp_lsb);
+ desc->timestamp_msb = le32_to_cpu(desc->timestamp_msb);
+ desc->address_extension = le32_to_cpu(desc->address_extension);
+ desc->next_descriptor = le32_to_cpu(desc->next_descriptor);
+ desc->source_address = le32_to_cpu(desc->source_address);
+ desc->address_extension_23 = le32_to_cpu(desc->address_extension_23);
+ desc->address_extension_45 = le32_to_cpu(desc->address_extension_45);
+ desc->source_address2 = le32_to_cpu(desc->source_address2);
+ desc->source_address3 = le32_to_cpu(desc->source_address3);
+ desc->source_address4 = le32_to_cpu(desc->source_address4);
+ desc->source_address5 = le32_to_cpu(desc->source_address5);
+ desc->crc = le32_to_cpu(desc->crc);
+
+ return MEMTX_OK;
+}
+
size_t xlnx_dpdma_start_operation(XlnxDPDMAState *s, uint8_t channel,
bool one_desc)
{
@@ -651,8 +679,7 @@ size_t xlnx_dpdma_start_operation(XlnxDPDMAState *s,
uint8_t channel,
desc_addr = xlnx_dpdma_descriptor_next_address(s, channel);
}
- if (dma_memory_read(&address_space_memory, desc_addr, &desc,
- sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED)) {
+ if (xlnx_dpdma_read_descriptor(s, desc_addr, &desc)) {
s->registers[DPDMA_EISR] |= ((1 << 1) << channel);
xlnx_dpdma_update_irq(s);
s->operation_finished[channel] = true;
--
2.30.2
- Re: [PATCH RFC] prevent overflow in xlnx_dpdma_desc_get_source_address(), (continued)
- Re: [PATCH RFC] prevent overflow in xlnx_dpdma_desc_get_source_address(), Peter Maydell, 2024/04/12
- Re: [PATCH RFC] prevent overflow in xlnx_dpdma_desc_get_source_address(), Alexandra Diupina, 2024/04/16
- RE: [PATCH RFC] prevent overflow in xlnx_dpdma_desc_get_source_address(), Konrad, Frederic, 2024/04/17
- Re: [PATCH RFC] prevent overflow in xlnx_dpdma_desc_get_source_address(), Alexandra Diupina, 2024/04/23
- Re: [PATCH RFC] prevent overflow in xlnx_dpdma_desc_get_source_address(), Peter Maydell, 2024/04/23
- [PATCH v2 RFC] fix host-endianness bug and prevent overflow, Alexandra Diupina, 2024/04/24
- Re: [PATCH v2 RFC] fix host-endianness bug and prevent overflow, Peter Maydell, 2024/04/24
- [PATCH] fix host-endianness bug, Alexandra Diupina, 2024/04/24
- Re: [PATCH] fix host-endianness bug, Peter Maydell, 2024/04/25
- [PATCH v2] fix host-endianness bug,
Alexandra Diupina <=
- Re: [PATCH v2] fix host-endianness bug, Philippe Mathieu-Daudé, 2024/04/25
- [PATCH v3] fix endianness bug, Alexandra Diupina, 2024/04/25
- Re: [PATCH v3] fix endianness bug, Richard Henderson, 2024/04/25
- [PATCH] fix bit fields extraction and prevent overflow, Alexandra Diupina, 2024/04/24
- Re: [PATCH] fix bit fields extraction and prevent overflow, Peter Maydell, 2024/04/25