From patchwork Tue May 13 15:31:39 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 30062
Return-Path: <patchwork-forward+bncBC6Z756YVMIBBKPWZCNQKGQETR2PA4I@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-vc0-f199.google.com (mail-vc0-f199.google.com
 [209.85.220.199])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id D17E620369
 for <linaro@patches.linaro.org>; Tue, 13 May 2014 15:32:57 +0000 (UTC)
Received: by mail-vc0-f199.google.com with SMTP id hr9sf1440898vcb.6
 for <linaro@patches.linaro.org>; Tue, 13 May 2014 08:32:57 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:delivered-to:from:to:date
 :message-id:in-reply-to:references:cc:subject:precedence:list-id
 :list-unsubscribe:list-archive:list-post:list-help:list-subscribe
 :errors-to:sender:x-original-sender
 :x-original-authentication-results:mailing-list;
 bh=Qovi+KAg5xnVM37OTIPwRh14wsQHPVrQNf/Fy5Wsncc=;
 b=AY4InYs8VFmn218zmIALo9eDcWIBdjjXWhwEGlGo3HTPMeP7DFIP894O9Lxqyq1paB
 zd2+VohMnCMbzBTb0F63hyBzFET0cuYysBdCKBDjd8zB2YUSopwTcWJvMrIQyJc2aIF7
 zjlRE68KCI/V7wr8FMbfUtVor+CVwdW7v1UHKs8HelIysbpZFlQK8m5G9LkuKwZ9j0EM
 kbKf/sLfi1H2ogm/bBNGuGDgIObf9WnBagZRCo66T236uZ++lLPN696lab3LQYNE2rQf
 5M5k+HY7oU6zvYXi214iQBUeNrhECjY97yDFFZ7pGVz4N3iMG5Y/OJKjHRbcjEjprcPW
 2UhA==
X-Gm-Message-State: ALoCoQnI52dGJFo5fF8pBsPUa55ICFax9cfo9xvqeTzpGppYrtSEOmda4PFGOGv7U7ZO5CFjjKWr
X-Received: by 10.236.142.212 with SMTP id i60mr14667403yhj.39.1399995177680; 
 Tue, 13 May 2014 08:32:57 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.140.95.84 with SMTP id h78ls1893855qge.54.gmail; Tue, 13 May
 2014 08:32:57 -0700 (PDT)
X-Received: by 10.52.249.76 with SMTP id ys12mr720564vdc.63.1399995177508;
 Tue, 13 May 2014 08:32:57 -0700 (PDT)
Received: from mail-ve0-f176.google.com (mail-ve0-f176.google.com
 [209.85.128.176]) by mx.google.com with ESMTPS id
 cm9si2712571vcb.46.2014.05.13.08.32.57
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 13 May 2014 08:32:57 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.128.176 as permitted sender) client-ip=209.85.128.176; 
Received: by mail-ve0-f176.google.com with SMTP id jz11so655958veb.35
 for <patchwork-forward@linaro.org>;
 Tue, 13 May 2014 08:32:57 -0700 (PDT)
X-Received: by 10.52.153.229 with SMTP id vj5mr6703941vdb.34.1399995177406; 
 Tue, 13 May 2014 08:32:57 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.220.221.72 with SMTP id ib8csp160451vcb;
 Tue, 13 May 2014 08:32:56 -0700 (PDT)
X-Received: by 10.180.94.226 with SMTP id df2mr21203467wib.1.1399995176045; 
 Tue, 13 May 2014 08:32:56 -0700 (PDT)
Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11])
 by mx.google.com with ESMTPS id
 a7si5764968wje.238.2014.05.13.08.32.55 for <patch@linaro.org>
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Tue, 13 May 2014 08:32:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 2001:4830:134:3::11 as permitted sender)
 client-ip=2001:4830:134:3::11; 
Received: from localhost ([::1]:45855 helo=lists.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1WkEhK-0000gc-6S
 for patch@linaro.org; Tue, 13 May 2014 11:32:54 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42102)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <pm215@archaic.org.uk>) id 1WkEgH-0007y9-EO
 for qemu-devel@nongnu.org; Tue, 13 May 2014 11:31:50 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <pm215@archaic.org.uk>) id 1WkEgG-00068r-9x
 for qemu-devel@nongnu.org; Tue, 13 May 2014 11:31:49 -0400
Received: from mnementh.archaic.org.uk ([2001:8b0:1d0::1]:48125)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <pm215@archaic.org.uk>) id 1WkEgG-00066p-4D
 for qemu-devel@nongnu.org; Tue, 13 May 2014 11:31:48 -0400
Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.80)
 (envelope-from <pm215@archaic.org.uk>)
 id 1WkEg8-0006xf-3j; Tue, 13 May 2014 16:31:40 +0100
From: Peter Maydell <peter.maydell@linaro.org>
To: Anthony Liguori <aliguori@amazon.com>
Date: Tue, 13 May 2014 16:31:39 +0100
Message-Id: <1399995099-26635-18-git-send-email-peter.maydell@linaro.org>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <1399995099-26635-1-git-send-email-peter.maydell@linaro.org>
References: <1399995099-26635-1-git-send-email-peter.maydell@linaro.org>
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
 (bad octet value).
X-Received-From: 2001:8b0:1d0::1
Cc: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 17/17] hw/arm/omap_gpmc: Avoid buffer overrun
 filling prefetch FIFO
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>, 
 <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: peter.maydell@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.128.176 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

In fill_prefetch_fifo(), if the device we are reading from is 16 bit,
then we must not try to transfer an odd number of bytes into the FIFO.
This could otherwise have resulted in our overrunning the prefetch.fifo
array by one byte.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
---
 hw/misc/omap_gpmc.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hw/misc/omap_gpmc.c b/hw/misc/omap_gpmc.c
index 2047274..cddea24 100644
--- a/hw/misc/omap_gpmc.c
+++ b/hw/misc/omap_gpmc.c
@@ -242,6 +242,10 @@ static void fill_prefetch_fifo(struct omap_gpmc_s *s)
     if (bytes > s->prefetch.count) {
         bytes = s->prefetch.count;
     }
+    if (is16bit) {
+        bytes &= ~1;
+    }
+
     s->prefetch.count -= bytes;
     s->prefetch.fifopointer += bytes;
     fptr = 64 - s->prefetch.fifopointer;