From patchwork Mon Jul 30 14:17:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 143140 Delivered-To: patch@linaro.org Received: by 2002:a2e:9754:0:0:0:0:0 with SMTP id f20-v6csp4135053ljj; Mon, 30 Jul 2018 07:18:29 -0700 (PDT) X-Google-Smtp-Source: AAOMgpepdQNDDJdStCimjjNTQPWMql4H4+tmOKZCVObA0mXRgyppbHh/tXPDc3bGiJ5fEArs/t46 X-Received: by 2002:aed:3ae5:: with SMTP id o92-v6mr16799349qte.127.1532960308988; Mon, 30 Jul 2018 07:18:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532960308; cv=none; d=google.com; s=arc-20160816; b=ZvHI3SUBK1SCFXLPLa9Y2GUdcw2z+wDyJRecLFT/0ziV+NmEJCi632xfbfGUu31pmI zVMKIFkhekHMzMeFFbBDBY5ZnA/J3gcIFyfwA8v4xZauzPEk6G8wGBYhtNZtvrGIRyh9 BYoPRfJUKX6yLdwud69tPa973g5WP2wh9yRMzb9Zzsw5LB3HA+uIPvqoJpyOuILlBy2N 1MPMRkswaNL7gTZP+sisNuLkdLyVtZSQ2UpprBkfOT6rdxR+Wo9cGBactBwS27lH1lTH hFTO4kRI3iBXPikDj5B7xkKG7RNsbylzfhKKLC8RsatyaIccz1f7cHT0eMk7m78qfOHq /Zpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from:arc-authentication-results; bh=ZyIVhniFEBQhvEJ+DcKp5VQUmk1d7lGZtKyQUZwRWvM=; b=IRZ7sNM5nM3zZtwgkkUVpjhATQoQQozS5ScmGLS/VgsXLJxdh8gdnrI0xeK2/ffuW4 5SUigMOko6DA6gal+lr+DEBRQXEjCzEOgPMQyXYPUawHOU9k5eOyqzkQQv1WVq1x+TC8 mytgwOW2rlzNhpzsWlvB3CTp+knkF5qWt5MUQ8MxvLDrsAonue2WPqr/aMO/UQ6Jbopo mqyAPacfJmEYQugeXeujj9bUb38py1HVYT94/8Ybe3cAMjxZMzknp6/FVSYt+HizHHte 5h0BC+BsQTPg5InnJXSRL44oqFnZOgAdPHdp41ZL5L3OlTrY/Y2kTQ4YDjGb5PhaIum0 WSmQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id u14-v6si4011565qvb.195.2018.07.30.07.18.28 for (version=TLS1 cipher=AES128-SHA bits=128/128); Mon, 30 Jul 2018 07:18:28 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:52877 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fk90G-00012Z-9F for patch@linaro.org; Mon, 30 Jul 2018 10:18:28 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58129) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fk8zp-00011M-IU for qemu-devel@nongnu.org; Mon, 30 Jul 2018 10:18:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fk8zn-0002Nm-Q9 for qemu-devel@nongnu.org; Mon, 30 Jul 2018 10:18:00 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:43820) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fk8zn-00029y-Ha for qemu-devel@nongnu.org; Mon, 30 Jul 2018 10:17:59 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1fk8zh-0004Gs-Hr for qemu-devel@nongnu.org; Mon, 30 Jul 2018 15:17:53 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Mon, 30 Jul 2018 15:17:47 +0100 Message-Id: <20180730141748.430-6-peter.maydell@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180730141748.430-1-peter.maydell@linaro.org> References: <20180730141748.430-1-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PULL 5/6] hw/misc/tz-mpc: Zero the LUT on initialization, not just reset X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" In the tz-mpc device we allocate a data block for the LUT, which we then clear to zero in the device's reset method. This is conceptually fine, but unfortunately results in a valgrind complaint about use of uninitialized data on startup: ==30906== Conditional jump or move depends on uninitialised value(s) ==30906== at 0x503609: tz_mpc_translate (tz-mpc.c:439) ==30906== by 0x3F3D90: address_space_translate_iommu (exec.c:511) ==30906== by 0x3F3FF8: flatview_do_translate (exec.c:584) ==30906== by 0x3F4292: flatview_translate (exec.c:644) ==30906== by 0x3F2120: address_space_translate (memory.h:1962) ==30906== by 0x3FB753: address_space_ldl_internal (memory_ldst.inc.c:36) ==30906== by 0x3FB8A6: address_space_ldl (memory_ldst.inc.c:80) ==30906== by 0x619037: ldl_phys (memory_ldst_phys.inc.h:25) ==30906== by 0x61985D: arm_cpu_reset (cpu.c:255) ==30906== by 0x98791B: cpu_reset (cpu.c:249) ==30906== by 0x57FFDB: armv7m_reset (armv7m.c:265) ==30906== by 0x7B1775: qemu_devices_reset (reset.c:69) This is because of a reset ordering problem -- the TZ MPC resets after the CPU, but an M-profile CPU's reset function includes memory loads to get the initial PC and SP, which then go through an MPC that hasn't yet been reset. The simplest fix for this is to zero the LUT when we initialize the data, which will result in the MPC's translate function giving the right answers for these early memory accesses. Reported-by: Thomas Huth Signed-off-by: Peter Maydell Tested-by: Thomas Huth Message-id: 20180724153616.32352-1-peter.maydell@linaro.org --- hw/misc/tz-mpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.17.1 diff --git a/hw/misc/tz-mpc.c b/hw/misc/tz-mpc.c index 8316079b4bf..e0c58ba37ec 100644 --- a/hw/misc/tz-mpc.c +++ b/hw/misc/tz-mpc.c @@ -547,7 +547,7 @@ static void tz_mpc_realize(DeviceState *dev, Error **errp) address_space_init(&s->blocked_io_as, &s->blocked_io, "tz-mpc-blocked-io"); - s->blk_lut = g_new(uint32_t, s->blk_max); + s->blk_lut = g_new0(uint32_t, s->blk_max); } static int tz_mpc_post_load(void *opaque, int version_id)