From patchwork Wed Oct 16 20:10:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 835839 Delivered-To: patch@linaro.org Received: by 2002:a5d:6804:0:b0:37d:45d0:187 with SMTP id w4csp619145wru; Wed, 16 Oct 2024 13:14:50 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUDkW+mOndf/TNsdpr3KhOmOS4pZI3++mOJ3jR9knQQdTY5gGWKnhRJsXbJJzom0BrWkt+3og==@linaro.org X-Google-Smtp-Source: AGHT+IEAJ7998aykCEVQctrtamKkdiveafp3Wv1duimCePXEk3hpTtF3Y8Iy0KSSsIbTTmMSrFAB X-Received: by 2002:a05:620a:2453:b0:7b1:4823:fa84 with SMTP id af79cd13be357-7b14823fc67mr391785285a.16.1729109690034; Wed, 16 Oct 2024 13:14:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1729109690; cv=none; d=google.com; s=arc-20240605; b=E0nA3z92lbvB7F7MKHUM7Hpfhjm0kMQocuqmdyIGodLwY+7IMJQpdwqsbB/3GRQQDK K6XcVeJ2g2mvgmA6YoenuC3FQsJiEJitJIRtq4UvBSBorY/w162Y9Om4ADam0l2V3qu8 IfsmXM8nkbpWoP4Azn6JImOIHhN5zRiQDr42AwWuFccKqeN+WPWr/BXII/EqzT+khxP5 l91eEeZVz2Bd+8ReCQQ8WlocG4GjXgBVsSge6b/Jq2nze0IvxboYyzjNDtksm/1FrlI8 CR0JiZs4RIiZAN49YFSPOQChV1JoGWLFI/KRiH/dMKTNssIjeNc0OyFNHoxiYcNmziHO FM6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=klg8c78RobC5e0uhuAaMWdowdfYEGfTv6D9vxLih0jw=; fh=y/le4EldSTqzlVgVqeuX3gsPwkWjr7n6va7+csfsCRw=; b=YD2LRrQRp/7CPI8dO5iTFLy8PESHm7vTgbI4sJW+LmIpzO0r0pNsLdHYHuH6xIXPLZ hWvyBmo79UVWv11Yp6QBMVNWkOdKTyc+Oo7QefNkqzaJqqpAb0Ht/0BaTWOyBGuT2Ozk UIEukGWDXBs7fKBGoDklR7fgIyMIb9eOBWGUji1xCKvYOre2xUU0+s4AwTDGL48Vz+Dg D6fIuf1aN0tC9rUijqFtnH5KAWQL/ftqXl+WlclKkzaAzX9oHEYH61VzldvFOhmlcRNG njYkThClkt4m0Dj4kS91TYmOxOJQd8YwwAcE0ASQSbOaMmduJiY2HaeCdtotp9vjo5Ji C8Hg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id af79cd13be357-7b143c31d3csi276969785a.191.2024.10.16.13.14.49 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 16 Oct 2024 13:14:50 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1t1AMb-0004zY-BP; Wed, 16 Oct 2024 16:11:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t1AMY-0004yT-Gs; Wed, 16 Oct 2024 16:11:18 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t1AMW-0000il-Ro; Wed, 16 Oct 2024 16:11:18 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id C6B2198F9E; Wed, 16 Oct 2024 23:10:09 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id A002815637E; Wed, 16 Oct 2024 23:10:29 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , =?utf-8?q?Alex_Benn=C3=A9e?= , =?utf-8?q?Philippe_M?= =?utf-8?q?athieu-Daud=C3=A9?= , Gavin Shan , Michael Tokarev Subject: [Stable-9.1.1 44/49] hw/char/pl011: Use correct masks for IBRD and FBRD Date: Wed, 16 Oct 2024 23:10:03 +0300 Message-Id: <20241016201025.256294-12-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.5 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell In commit b88cfee90268cad we defined masks for the IBRD and FBRD integer and fractional baud rate divider registers, to prevent the guest from writing invalid values which could cause division-by-zero. Unfortunately we got the mask values the wrong way around: the FBRD register is six bits and the IBRD register is 16 bits, not vice-versa. You would only run into this bug if you programmed the UART to a baud rate of less than 9600, because for 9600 baud and above the IBRD value will fit into 6 bits, as per the table in https://developer.arm.com/documentation/ddi0183/g/programmers-model/register-descriptions/fractional-baud-rate-register--uartfbrd The only visible effects would be that the value read back from the register by the guest would be truncated, and we would print an incorrect baud rate in the debug logs. Cc: qemu-stable@nongnu.org Fixes: b88cfee90268 ("hw/char/pl011: Avoid division-by-zero in pl011_get_baudrate()") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2610 Signed-off-by: Peter Maydell Reviewed-by: Alex Bennée Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Gavin Shan Message-id: 20241007144732.2491331-1-peter.maydell@linaro.org (cherry picked from commit cd247eae16ab1b9ce97fd34c000c1b883feeda45) Signed-off-by: Michael Tokarev diff --git a/hw/char/pl011.c b/hw/char/pl011.c index f8078aa216..949e9d0e0d 100644 --- a/hw/char/pl011.c +++ b/hw/char/pl011.c @@ -88,10 +88,10 @@ DeviceState *pl011_create(hwaddr addr, qemu_irq irq, Chardev *chr) #define CR_LBE (1 << 7) /* Integer Baud Rate Divider, UARTIBRD */ -#define IBRD_MASK 0x3f +#define IBRD_MASK 0xffff /* Fractional Baud Rate Divider, UARTFBRD */ -#define FBRD_MASK 0xffff +#define FBRD_MASK 0x3f static const unsigned char pl011_id_arm[8] = { 0x11, 0x10, 0x14, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };