From patchwork Tue Jul 23 13:10:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 813947 Delivered-To: patch@linaro.org Received: by 2002:adf:f288:0:b0:367:895a:4699 with SMTP id k8csp2308982wro; Tue, 23 Jul 2024 06:11:37 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXNDSoOK3vdtT9O6lPumQ1RlPzxZHdGwdPji2UQ8asi90pH7mBur88akf4kQaUMP3PX34K5xdyjMdv70A2YcB+u X-Google-Smtp-Source: AGHT+IF5j7hyZkmXmNkxPaK4jdlfeiDwgD4HgcfHBEKA+UJRFw/VRxOZJ2IrlmRJEL2T5A6S8GMQ X-Received: by 2002:a05:6830:6502:b0:703:79a2:9e01 with SMTP id 46e09a7af769-709008d3ff2mr14779333a34.11.1721740297789; Tue, 23 Jul 2024 06:11:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721740297; cv=none; d=google.com; s=arc-20160816; b=1CxWr9ai+OdhApCvWnVbnp2kaKEGuyXzPuGozOGu2nUwY7GhBtuFy9ZDvcU7uiQDjm 0HmCPPPnmfmNqvy4KAzOxnigSuWx+EzQ9vGWIVAPbFRWnlqGO53hb4nFubHlbDxIjpTf z0G/18UgYtq9Ms7Botkr8sR2g+oq4bDZOvA13p7rOpWd3pU8N+aMZiFCcU6BkERoUoCn ERkQq1wmb/+izSs//EyY5l32F8DBt+VNGRgutNie13x9G4CeYlRjaHYxNoohtOLUrJsd QU3w0gvYRKqbjp/aGGLUVFiaiXjNq0W1jrFpZC+jnIxmVh951bGzKuvb5cV8rRRQGNJR vkKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=W5/2nCZDxS1NroX7MRC4z7mOFdk6Q7iI8dAfdB9mODo=; fh=o90OUZEJHpOpJiY5kWpSPa194X2ePXPpQLYbBWQjYIs=; b=gOcpev6ZhF3Rn8DGVTJ6OebC/qBso27wswBbiNetrmaS66AK9nPLqh1cSn3yF5///K wBIAum3N+l/urBwmenIytDxezdfgPHWpKxksGGMA0GoL2DTbLpT7HaBFp1qlA2xtzd7F eTNy12nxTj20XJQyKgDWXIXJZeUzVunf2so+twDUZrD0IOwMYvDKaig7Qmf11qZHoyKt odMaNmdFiJFwjJ/FdVCbY4DYQ15uhsqgz9RJmwmsx1ytlgBt26AWenM5+sCQscfr3LPZ lmhgFlWoJTYxZRwuIWvojbisfwJaO4n1XCIw0ooicUT91xqNMJJoRnnlE2UEg0WtB8w6 Cxxw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="P/WUR4qm"; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id a1e0cc1a2514c-826dd4d33a0si1171232241.90.2024.07.23.06.11.37 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 23 Jul 2024 06:11:37 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="P/WUR4qm"; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sWFHt-0006Ai-Ss; Tue, 23 Jul 2024 09:10:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sWFHr-00062I-Up for qemu-devel@nongnu.org; Tue, 23 Jul 2024 09:10:39 -0400 Received: from mail-wr1-x42e.google.com ([2a00:1450:4864:20::42e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sWFHn-0000I1-8p for qemu-devel@nongnu.org; Tue, 23 Jul 2024 09:10:39 -0400 Received: by mail-wr1-x42e.google.com with SMTP id ffacd0b85a97d-367940c57ddso2873350f8f.3 for ; Tue, 23 Jul 2024 06:10:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721740232; x=1722345032; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=W5/2nCZDxS1NroX7MRC4z7mOFdk6Q7iI8dAfdB9mODo=; b=P/WUR4qm+m0EkC+N6rdpGohoCRsrOlnsKZKNYm0rudJ7NemCMtVEnnvcvSEyzHLqYt nv4slL99TDft0Qf2bexkuDepajoB4kFIc8wbqjDZVv88+lMVke43RXxD2BtHQoeNPgXb Ph7bYBz79QYwddQ1S9jtDnKhqa1AfBHFnumUX976Ik772u8iwEMhj8lvnjyy66FCntEq ETNjGCWd6ef4R2S3cr/LehcJlgBFbvUbgtglOQqjgXsjvdTP6TJNXK9O2WuTji+vNipz ge5aYPyBdc9e+R4/qJZ8zbjLdabsLUUNKoTudF4jFOjhhske8KQxJ7guuTw6oTmrAebR 0t+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721740232; x=1722345032; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=W5/2nCZDxS1NroX7MRC4z7mOFdk6Q7iI8dAfdB9mODo=; b=A5Z+jNBOpBigLnfu5V28YWkeuAEXYNh5f0HvAQfzE33zJ7ktaHv2x8sROSt7woRGyH rDHswr8mb8IgmNdon08LGJA2VRIRKmmQlCAWVgMDKg6NRXQarXIgNZvhs0uxwiPq8eyh smVLtpZmpVKHFoAHFBNFE7nN1U+69781ZJnQHw0THZwApQIwyN7fp0gOFWOaIVlwB+yV ruEzJkHQcRIPafX4sFmV3oAzmnzAJF7aRJcE4cIxYMB2uAq0/zSt1Kw8HBMc59V65IEl a4M9iHUDh4pFcqdiFkWHfioyc3HM0rVWJ4uh3ww3vPWlSxMU6bDQ3rWWCOwDTFzsGWRf E3tw== X-Forwarded-Encrypted: i=1; AJvYcCXrEicnbdq2wYQ9g/PdALZq9IFCx19inQs76sCYX0TJPvXRsY+aEyveBHQmZejOPjrIN0KWSFFKe1MMJDZd1T9Y/kvVyE0= X-Gm-Message-State: AOJu0YzE9vvJKZ1f4M17u4P9nclxo4Smpl8oSWK0OWO+kiuGjyKC2N8F 1gTraKtDCWeEQub59wKS7KkO9WuZGR2FLe0CWHRd0KdO76US+dNSM7Cpu3mLNVo= X-Received: by 2002:a05:6000:114f:b0:368:6911:6758 with SMTP id ffacd0b85a97d-369bae25123mr6857565f8f.40.1721740231928; Tue, 23 Jul 2024 06:10:31 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-36878684773sm11560157f8f.7.2024.07.23.06.10.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jul 2024 06:10:31 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , qemu-stable@nongnu.org Subject: [PATCH 1/4] hw/misc/bcm2835_property: Fix handling of FRAMEBUFFER_SET_PALETTE Date: Tue, 23 Jul 2024 14:10:26 +0100 Message-Id: <20240723131029.1159908-2-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240723131029.1159908-1-peter.maydell@linaro.org> References: <20240723131029.1159908-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::42e; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x42e.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org The documentation of the "Set palette" mailbox property at https://github.com/raspberrypi/firmware/wiki/Mailbox-property-interface#set-palette says it has the form: Length: 24..1032 Value: u32: offset: first palette index to set (0-255) u32: length: number of palette entries to set (1-256) u32...: RGBA palette values (offset to offset+length-1) We get this wrong in a couple of ways: * we aren't checking the offset and length are in range, so the guest can make us spin for a long time by providing a large length * the bounds check on our loop is wrong: we should iterate through 'length' palette entries, not 'length - offset' entries Fix the loop to implement the bounds checks and get the loop condition right. In the process, make the variables local to this switch case, rather than function-global, so it's clearer what type they are when reading the code. Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé --- hw/misc/bcm2835_property.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c index 63de3db6215..e28fdca9846 100644 --- a/hw/misc/bcm2835_property.c +++ b/hw/misc/bcm2835_property.c @@ -31,7 +31,6 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) size_t resplen; uint32_t tmp; int n; - uint32_t offset, length, color; uint32_t start_num, number, otp_row; /* @@ -274,19 +273,25 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) resplen = 16; break; case RPI_FWREQ_FRAMEBUFFER_SET_PALETTE: - offset = ldl_le_phys(&s->dma_as, value + 12); - length = ldl_le_phys(&s->dma_as, value + 16); - n = 0; - while (n < length - offset) { - color = ldl_le_phys(&s->dma_as, value + 20 + (n << 2)); - stl_le_phys(&s->dma_as, - s->fbdev->vcram_base + ((offset + n) << 2), color); - n++; + { + uint32_t offset = ldl_le_phys(&s->dma_as, value + 12); + uint32_t length = ldl_le_phys(&s->dma_as, value + 16); + int resp; + + if (offset > 255 || length < 1 || length > 256) { + resp = 1; /* invalid request */ + } else { + for (uint32_t e = 0; e < length; e++) { + uint32_t color = ldl_le_phys(&s->dma_as, value + 20 + (e << 2)); + stl_le_phys(&s->dma_as, + s->fbdev->vcram_base + ((offset + e) << 2), color); + } + resp = 0; } - stl_le_phys(&s->dma_as, value + 12, 0); + stl_le_phys(&s->dma_as, value + 12, resp); resplen = 4; break; - + } case RPI_FWREQ_FRAMEBUFFER_GET_NUM_DISPLAYS: stl_le_phys(&s->dma_as, value + 12, 1); resplen = 4; From patchwork Tue Jul 23 13:10:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 813950 Delivered-To: patch@linaro.org Received: by 2002:adf:f288:0:b0:367:895a:4699 with SMTP id k8csp2309301wro; Tue, 23 Jul 2024 06:12:16 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWwaYfqDaKBNr7Oj/BwqiyK8P9SGdgSj3JCdMR5M+85Rz8+otvpEpX/cVwCZiRjAFkMXtUilGDXNAQzB0Pb/2DL X-Google-Smtp-Source: AGHT+IEhWoQmL7Dg1LtDed6WyRB8JQV1hXajC0fwxgSlVDZtA4/04oELsYzKzKBgLexh0u7H5lNp X-Received: by 2002:a05:6359:5a81:b0:1aa:c492:1d34 with SMTP id e5c5f4694b2df-1acc5c0dc08mr1173416055d.23.1721740336288; Tue, 23 Jul 2024 06:12:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721740336; cv=none; d=google.com; s=arc-20160816; b=zqkgbV4hx9Hc5Sx22y6j+cMaLJW8Awplm2d5igyWsQE4LX010L8M40pQsOhT0kYxYC uEm/Z1IFSrfTPeirjKQ71cZ/gi0K80cCGz/0JEbKjQTxMzEE1BLyj1LUxh/WuAG9f5II a6Vn2e7BxE0SN94f7/XNaB1P4kYrIxVDOemdaJjodpaqziny30Po8QwyNuwqQRooKa+5 ZtE22t5snCMXXrOpQ4Nw2TQm+zQDZx+5eweYE9nTENx3h1Nnn0j9/zRXixhJb/VvyH0Z wsS6MsM8ozikGZcXIi08RokBIW3378mWkMpBJCbYKdzy+4PgQz5mi0IoYUvHIDUEY3te q64w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=GDjhGJy1uudDNK18CuZuB7KjPJkSAemQ7/iwEkdj0Zo=; fh=le3ZqmOmhgx1ZJs5I/i7KpYCkgJZo4XYTL5j9DJp65c=; b=OVjKuu9Ec1jbZATKwSKXJgxuMdpf/PUex9RhXKd9R7lNCjPUiQcwkDpise8XLWINUF ZsMq2/Tl4vnljLpx5mK+ilF6OncebCjgwNGn+Q750aJ2jmNpjRKZqVCXmIa4W6CVAhNb 0OPrdXtUdvrFQWwV26oqoSEoWvBPi0I4ikDbmsB2lCr8mGX3RHl2rfYTDaqzOmZj/jOj vXaQ7cQb6Ga/0y0p2X2s47zyPhrhr84s5SZjJfBCc064r/wO32CQrFJe8gj638CQ+Hwp OTskYCtD3HcOMEP+9qoBYb7tXs3FFMFykoZytS6lgA4zrWqW0mJaAEwzx1a+GJZQvyxi h3SQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=RrdPzu6+; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id 71dfb90a1353d-4f6a8a1db58si173166e0c.303.2024.07.23.06.12.16 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 23 Jul 2024 06:12:16 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=RrdPzu6+; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sWFHu-0006Cg-8q; Tue, 23 Jul 2024 09:10:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sWFHr-00061h-Pt for qemu-devel@nongnu.org; Tue, 23 Jul 2024 09:10:39 -0400 Received: from mail-wr1-x432.google.com ([2a00:1450:4864:20::432]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sWFHm-0000IU-Km for qemu-devel@nongnu.org; Tue, 23 Jul 2024 09:10:39 -0400 Received: by mail-wr1-x432.google.com with SMTP id ffacd0b85a97d-3683f56b9bdso2853560f8f.1 for ; Tue, 23 Jul 2024 06:10:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721740233; x=1722345033; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GDjhGJy1uudDNK18CuZuB7KjPJkSAemQ7/iwEkdj0Zo=; b=RrdPzu6+30zuIbQp484MFe5pJaqtTFWPHwaXfTnw1C+2Hn20rGby5L2eqDOtMF7O8G HRvWeyC2FMlRuH/g7dlcVdTNO2oHn25oilBXnnwAekgvm9gN9Tsoe5kVOK/SRoOJkQFq kuJ0MGlBSDKxuYfndb6slv2Mmv1itYPa5d8FJbOS66HUCr3cQcbsiZ7pcpYE1dBvngGZ CBE3DQ77DuLnsPnZeVNu2hY7yL75pIf7TVKWLqnr8o0rbdO9bNaESTe2tc5KQsow9Q3x ay9Ws4vGDQ0qioVod2CYj0YoqXFzXX3GYRWqHT4KN6Folw1oX8VsWCVCAxW0uPMF/fil P0ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721740233; x=1722345033; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GDjhGJy1uudDNK18CuZuB7KjPJkSAemQ7/iwEkdj0Zo=; b=L+d9bWlUDV80ycfh+zUy0hf2sBeZCcb4qQGXnirIUQAbdEtsJkTbV6jgdl+G5aNeAm XGP4IMcs+fVJmFS42z1XskwVXQZAXmRF8M4lGWGLFnxgGNIJYNPPQOFHatJZ2jcY073c scZKmGoeEoX8JslUthuAIqsrTqmm+ELD3ObbJvsmrNmvcQotq5yQpiWWRfHliXm7s8KP EP4vfnPewUYmTvG5thQGrD15nc48812YJizS4KljdW5Rwy4n6fQZEtDlLq3DnaixUdWI dYat9ZIonyv+zVgCMxZRuYVXVjL2l6/lJsbpp3aoKlHg+5aphAavu1uXb9gA/r3wwdLN UyXA== X-Forwarded-Encrypted: i=1; AJvYcCWkQq7g/xoZ7dqa3AdRad0nAHwnLvQiBPmEgRnSdjAH8iigHqOv/5i5IYnsUuIcJ2pXapd0Eg+lNLJr2XRdQiUGu25oHOo= X-Gm-Message-State: AOJu0Yxly8Y46FYIGgKzYxisprC7hghdaRmvrfjaxSSx4Hjmri1yL+46 2XNIxqS//RueVDrI1zQH4m3OnsHSvugNi7KPXlS8ND1Tac6CA7fltT9djBozB94= X-Received: by 2002:a05:6000:44:b0:369:b849:61b0 with SMTP id ffacd0b85a97d-369bbc69874mr6079499f8f.43.1721740232571; Tue, 23 Jul 2024 06:10:32 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-36878684773sm11560157f8f.7.2024.07.23.06.10.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jul 2024 06:10:32 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , qemu-stable@nongnu.org Subject: [PATCH 2/4] hw/misc/bcm2835_property: Avoid overflow in OTP access properties Date: Tue, 23 Jul 2024 14:10:27 +0100 Message-Id: <20240723131029.1159908-3-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240723131029.1159908-1-peter.maydell@linaro.org> References: <20240723131029.1159908-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::432; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x432.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org Coverity points out that in our handling of the property RPI_FWREQ_SET_CUSTOMER_OTP we have a potential overflow. This happens because we read start_num and number from the guest as unsigned 32 bit integers, but then the variable 'n' we use as a loop counter as we iterate from start_num to start_num + number is only an "int". That means that if the guest passes us a very large start_num we will interpret it as negative. This will result in an assertion failure inside bcm2835_otp_set_row(), which checks that we didn't pass it an invalid row number. A similar issue applies to all the properties for accessing OTP rows where we are iterating through with a start and length read from the guest. Use uint32_t for the loop counter to avoid this problem. Because in all cases 'n' is only used as a loop counter, we can do this as part of the for(), restricting its scope to exactly where we need it. Resolves: Coverity CID 1549401 Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé --- hw/misc/bcm2835_property.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c index e28fdca9846..7eb623b4e90 100644 --- a/hw/misc/bcm2835_property.c +++ b/hw/misc/bcm2835_property.c @@ -30,7 +30,6 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) uint32_t tot_len; size_t resplen; uint32_t tmp; - int n; uint32_t start_num, number, otp_row; /* @@ -337,7 +336,7 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) resplen = 8 + 4 * number; - for (n = start_num; n < start_num + number && + for (uint32_t n = start_num; n < start_num + number && n < BCM2835_OTP_CUSTOMER_OTP_LEN; n++) { otp_row = bcm2835_otp_get_row(s->otp, BCM2835_OTP_CUSTOMER_OTP + n); @@ -366,7 +365,7 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) break; } - for (n = start_num; n < start_num + number && + for (uint32_t n = start_num; n < start_num + number && n < BCM2835_OTP_CUSTOMER_OTP_LEN; n++) { otp_row = ldl_le_phys(&s->dma_as, value + 20 + ((n - start_num) << 2)); @@ -383,7 +382,7 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) resplen = 8 + 4 * number; - for (n = start_num; n < start_num + number && + for (uint32_t n = start_num; n < start_num + number && n < BCM2835_OTP_PRIVATE_KEY_LEN; n++) { otp_row = bcm2835_otp_get_row(s->otp, BCM2835_OTP_PRIVATE_KEY + n); @@ -403,7 +402,7 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) break; } - for (n = start_num; n < start_num + number && + for (uint32_t n = start_num; n < start_num + number && n < BCM2835_OTP_PRIVATE_KEY_LEN; n++) { otp_row = ldl_le_phys(&s->dma_as, value + 20 + ((n - start_num) << 2)); From patchwork Tue Jul 23 13:10:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 813949 Delivered-To: patch@linaro.org Received: by 2002:adf:f288:0:b0:367:895a:4699 with SMTP id k8csp2309300wro; Tue, 23 Jul 2024 06:12:16 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXQeO0RwSb7NSw+jgRwlvQppF+0D5gwemoct3PjRA7pOjiIbS8ippKjCTm1UgikdN/rHE5TADM6vJd+ttrSGuU6 X-Google-Smtp-Source: AGHT+IGKFyeHc0tH8GlxFX+kuvqyUN8Q4F8Ixt5q28gbXgOhmvb8H3LIenrNhGcYaTFaxJLTPxiO X-Received: by 2002:a05:6830:6784:b0:703:64ad:83e7 with SMTP id 46e09a7af769-709009e18famr12784545a34.30.1721740336254; Tue, 23 Jul 2024 06:12:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721740336; cv=none; d=google.com; s=arc-20160816; b=Dw6OnumpX8ZXccQvVdXjPQUGnX1ZDEv1su+GGjCFIT36DWBz59AN0uY66RumrUv4p1 nII6sPhrqgulgLuWtWErXAwTpVL0M9zntVZoeYC5jOA4iYAaPWtJGZjTWgmn/AtdwAqy ga01fEPgPj/fmCdrgxJ7a9j0NX74zF54UI1BFcr2kQej0yaCFHi+Af7Lh7UyxSYdCGm9 sTlZEgZPtInqkKJyy7G6di5igsmhL3mX7uN9mE4AtVHjY+fLNKDu9r/QJ7W9K5DPls/A ABl90icAfLX5BkUzoVRt5pL00DujjMYAXwD0cjJCf5ALmRizQglTS1B0WANJpbZxcdhn DFwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=9E2PaL3j+vd9cDXCmCuxFcqlpV5vqk14FssyzTSrOZg=; fh=E7xCcyEriYH+R7slwpFJEqLV8/ADpzTfVfPlRKbLzIo=; b=Ic12+IDTzdWyuD4xqRfUdaJNZKfCmf3K7wSEoGVqYzm/m2MkIXiBzjnOhaDBpi2Zcr 8vPYCa0dcdQlWo0Fb6xLaHnKbNSMeoBqGs7EAl45D0TEZbo4FAbI5+2Vpej1naLDW1hk LPJHI0Y9Q6n3MkeutdQDV1CAZTxgNTdrIIMSvye1LhMUdgqtIC/d55T1YZU7t0qydzXm v9yUYsGlxop7oPdrjraD3auGOSk0mJ+HPbK0NZtfjuWwVQf3n0ttDIe20Xe/TyVY3+EG JaSLa5XD2zDJB8bVln8VRo50cL2WJTId7FU7gtDmuO60qCX9seLYKh6+a76ymjfm+eRA CcMA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=kZGaOpVu; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id a1e0cc1a2514c-826e10927f9si1245186241.176.2024.07.23.06.12.16 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 23 Jul 2024 06:12:16 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=kZGaOpVu; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sWFHv-0006H3-Ai; Tue, 23 Jul 2024 09:10:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sWFHt-00068o-DT for qemu-devel@nongnu.org; Tue, 23 Jul 2024 09:10:41 -0400 Received: from mail-lf1-x135.google.com ([2a00:1450:4864:20::135]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sWFHp-0000JD-8i for qemu-devel@nongnu.org; Tue, 23 Jul 2024 09:10:41 -0400 Received: by mail-lf1-x135.google.com with SMTP id 2adb3069b0e04-52efc89dbedso2955585e87.3 for ; Tue, 23 Jul 2024 06:10:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721740234; x=1722345034; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9E2PaL3j+vd9cDXCmCuxFcqlpV5vqk14FssyzTSrOZg=; b=kZGaOpVuBAkbvhXWcHHAwlkKHgia25On/j2OTsM42IDzh7OUrikyYn8pFgdvOJgM/d ZZnb6k7UWVWYVaOgAV2aa6hNtoaQsmV+NvPXUb+x4wzyB6gvAYb0X/kcU5rjr6dcMauB HV/L4Fog5E52NrKsrAY0ZDGxL1+RIVggGHf8atbffek6vfFDbHpd+sQUPdgEn4gXaF9b bEtnDUuYhz6IxlO1NTqfMI2Q13HvDCzhC+8egr043WOOMX6vZVAhAMocw2cflybGS9bN mnERjNXZisIg8X4AOGWA5JRRtXfITynnYaCxI8gWx6P4ii7b5QFA/Ao+O47A+MO9sOp6 e9QA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721740234; x=1722345034; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9E2PaL3j+vd9cDXCmCuxFcqlpV5vqk14FssyzTSrOZg=; b=myc3aeA0dNdtTuoqeltTU7B0jd0Zl+YtdLafdBrXG2Be+bvnTRAK1b/DGkgkpbwQvx /LH1Yt3CkS7rUl6u3raVcK98R7KH0SXO68trR5ELglGxkJgnObdCeNxzduByapK7xnbp 3XB+VbEOQe0xmYAh+2IGZShg3qj1TC+nABVeS6aKd0pQdMqiGRu3MstMNEA6OWYCPe9/ 3mkvtI2ETaD60VXE12ITacvmyIjAO5qvW1ObMq09MI1Ty4oypuwJlOLCMmijeXAh/jNl eVBmdFs23HJ549vZ6Vcc+p3UL1ROFBm4pSkRzSRYwCLgyoSXYRWurvzlQXhYoEuaJ5ax PRSQ== X-Forwarded-Encrypted: i=1; AJvYcCW9l759e9vfs2fbL6BoKk7+oFvv7IiHzDLJ14qtj760cV4MAV6NFz8glomIkAFrOwOPxsVJJH+mz96uR36RPU+gK1Wnz+Y= X-Gm-Message-State: AOJu0YzjdtRssDQEBLWqbhW3Fb7Tvs/C6zsVZQpBocWJijFOBSOcT8v/ +aLji8dhVj16Ymmyb+Rr57g9h8m8Jo+ex28nGn6B6V44LFP4//1cdAsBdI6o+tE= X-Received: by 2002:a05:6512:31d5:b0:52e:97dd:327b with SMTP id 2adb3069b0e04-52fc4047a95mr2439492e87.23.1721740234156; Tue, 23 Jul 2024 06:10:34 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-36878684773sm11560157f8f.7.2024.07.23.06.10.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jul 2024 06:10:32 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , qemu-stable@nongnu.org Subject: [PATCH 3/4] hw/misc/bcm2835_property: Restrict scope of start_num, number, otp_row Date: Tue, 23 Jul 2024 14:10:28 +0100 Message-Id: <20240723131029.1159908-4-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240723131029.1159908-1-peter.maydell@linaro.org> References: <20240723131029.1159908-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::135; envelope-from=peter.maydell@linaro.org; helo=mail-lf1-x135.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org In the long function bcm2835_property_mbox_push(), the variables start_num, number and otp_row are used only in the four cases which access OTP data, and their uses don't overlap with each other. Make these variables have scope restricted to the cases where they're used, so it's easier to read each individual case without having to cross-refer up to the variable declaration at the top of the function and check whether the variable is also used later in the loop. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé --- hw/misc/bcm2835_property.c | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c index 7eb623b4e90..443d42a1824 100644 --- a/hw/misc/bcm2835_property.c +++ b/hw/misc/bcm2835_property.c @@ -30,7 +30,6 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) uint32_t tot_len; size_t resplen; uint32_t tmp; - uint32_t start_num, number, otp_row; /* * Copy the current state of the framebuffer config; we will update @@ -331,22 +330,25 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) /* Customer OTP */ case RPI_FWREQ_GET_CUSTOMER_OTP: - start_num = ldl_le_phys(&s->dma_as, value + 12); - number = ldl_le_phys(&s->dma_as, value + 16); + { + uint32_t start_num = ldl_le_phys(&s->dma_as, value + 12); + uint32_t number = ldl_le_phys(&s->dma_as, value + 16); resplen = 8 + 4 * number; for (uint32_t n = start_num; n < start_num + number && n < BCM2835_OTP_CUSTOMER_OTP_LEN; n++) { - otp_row = bcm2835_otp_get_row(s->otp, + uint32_t otp_row = bcm2835_otp_get_row(s->otp, BCM2835_OTP_CUSTOMER_OTP + n); stl_le_phys(&s->dma_as, value + 20 + ((n - start_num) << 2), otp_row); } break; + } case RPI_FWREQ_SET_CUSTOMER_OTP: - start_num = ldl_le_phys(&s->dma_as, value + 12); - number = ldl_le_phys(&s->dma_as, value + 16); + { + uint32_t start_num = ldl_le_phys(&s->dma_as, value + 12); + uint32_t number = ldl_le_phys(&s->dma_as, value + 16); resplen = 4; @@ -367,32 +369,35 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) for (uint32_t n = start_num; n < start_num + number && n < BCM2835_OTP_CUSTOMER_OTP_LEN; n++) { - otp_row = ldl_le_phys(&s->dma_as, + uint32_t otp_row = ldl_le_phys(&s->dma_as, value + 20 + ((n - start_num) << 2)); bcm2835_otp_set_row(s->otp, BCM2835_OTP_CUSTOMER_OTP + n, otp_row); } break; + } /* Device-specific private key */ - case RPI_FWREQ_GET_PRIVATE_KEY: - start_num = ldl_le_phys(&s->dma_as, value + 12); - number = ldl_le_phys(&s->dma_as, value + 16); + { + uint32_t start_num = ldl_le_phys(&s->dma_as, value + 12); + uint32_t number = ldl_le_phys(&s->dma_as, value + 16); resplen = 8 + 4 * number; for (uint32_t n = start_num; n < start_num + number && n < BCM2835_OTP_PRIVATE_KEY_LEN; n++) { - otp_row = bcm2835_otp_get_row(s->otp, + uint32_t otp_row = bcm2835_otp_get_row(s->otp, BCM2835_OTP_PRIVATE_KEY + n); stl_le_phys(&s->dma_as, value + 20 + ((n - start_num) << 2), otp_row); } break; + } case RPI_FWREQ_SET_PRIVATE_KEY: - start_num = ldl_le_phys(&s->dma_as, value + 12); - number = ldl_le_phys(&s->dma_as, value + 16); + { + uint32_t start_num = ldl_le_phys(&s->dma_as, value + 12); + uint32_t number = ldl_le_phys(&s->dma_as, value + 16); resplen = 4; @@ -404,12 +409,13 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) for (uint32_t n = start_num; n < start_num + number && n < BCM2835_OTP_PRIVATE_KEY_LEN; n++) { - otp_row = ldl_le_phys(&s->dma_as, + uint32_t otp_row = ldl_le_phys(&s->dma_as, value + 20 + ((n - start_num) << 2)); bcm2835_otp_set_row(s->otp, BCM2835_OTP_PRIVATE_KEY + n, otp_row); } break; + } default: qemu_log_mask(LOG_UNIMP, "bcm2835_property: unhandled tag 0x%08x\n", tag); From patchwork Tue Jul 23 13:10:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 813948 Delivered-To: patch@linaro.org Received: by 2002:adf:f288:0:b0:367:895a:4699 with SMTP id k8csp2309223wro; Tue, 23 Jul 2024 06:12:04 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWXnUs5PYwY4aV7o3QSQT6wE0XX+/Ddwt6g8v2L2L5C9H/ph++2x2XbaDXwDOGWdsozF78k33T4rrdhEx6qDMmB X-Google-Smtp-Source: AGHT+IEOOqKb2gRsP6PPvR1tw05xxPIQLKlhHB8MHgXGBymVv3Rk+1fI7KNsWApJz8WHkJNDc/xb X-Received: by 2002:a05:6122:d06:b0:4f5:130c:bef3 with SMTP id 71dfb90a1353d-4f5130cc55fmr9339028e0c.1.1721740324735; Tue, 23 Jul 2024 06:12:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721740324; cv=none; d=google.com; s=arc-20160816; b=E9zS/wCWJOa+o1t+UakkaSjqdoQFKN2DPidzd1UWAnOhDxSe0wUK2bL9MPXriQr8Z6 Llpxo50jZO5y+2BlQuCNtZj7prUQloBugnA9edXYq0+/rOkUuWTH6cIjW8LfaRp4U2pN fGd2R9tMWr2ymCXSZFKLh/xFdg2gKhHuQZznFF95rCAJ300sYvL00Jt2IOtYvOrvEV0j XWauWsrEcl2mzBimi810nSVtt0HGdySReFxHqriEDZCvLclUe9t/jnkpD7gn87cR4IY/ BOd8003L5/xLjbZ4+7MBIobSJpcRHn738mZqsOdNouMLUbIWJ/I86x7g6Ei04ONxv+IU qKYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=+9KvsvCHEGhZpad6dixP1T8PrskYUM3EAVWT0geUExQ=; fh=d6ISh+UXHKtgTEzAYzbaDgFEyq325M5bFfnAh5XfUso=; b=iySJZ4WrtS7M7jys94RziCAgDmPWdzgFLqsZD96Ma42gXn34Lu0mc264gQdbhjWArx jfSivLsAXzvgb/d134+IIkHWUic2iMXxw4TY9DBfjWKTRB4XnF4gNGY6bJpJBGEn4dJf VH6SXuz9LoHdDsE1RDCiTCl7pMAkVRSHRbWjnvaquxMiq1TiAVx3JG7/zCKoCfvUW024 G0H9g7GmEoX91fg+uVCTynfDGEg7AfmU9oK0Rwqm927zMnTOwx80dlEaERHciKE8Sl4V WPiMRmsWGipK9TlGDC9qCaviluLfEivz7KHqKQVt7UkS+5iMK7WfEWvvDn5ZfvM2wGWn Rrmg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ug0xCqAt; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id 71dfb90a1353d-4f6a8a1d00dsi169190e0c.287.2024.07.23.06.12.04 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 23 Jul 2024 06:12:04 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ug0xCqAt; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sWFHv-0006H1-B2; Tue, 23 Jul 2024 09:10:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sWFHt-000680-7T for qemu-devel@nongnu.org; Tue, 23 Jul 2024 09:10:41 -0400 Received: from mail-wr1-x42e.google.com ([2a00:1450:4864:20::42e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sWFHp-0000JM-9F for qemu-devel@nongnu.org; Tue, 23 Jul 2024 09:10:40 -0400 Received: by mail-wr1-x42e.google.com with SMTP id ffacd0b85a97d-3685afd0c56so1241480f8f.1 for ; Tue, 23 Jul 2024 06:10:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721740235; x=1722345035; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+9KvsvCHEGhZpad6dixP1T8PrskYUM3EAVWT0geUExQ=; b=ug0xCqAt8eSQNeZWAGoHnUNtpN68RNML7fAaZlCxHHxT7q+6n0Jhe+VsDV6IaYVgFf dHyNhy44zO5XMzYPYA7S9lWZTXFXk5OXxCcv+74aikdgknQfJ5FpNP/pWHb5qJQAwtri +soepWP7W5n3YS9gnM5vlB6xlCUP9MTPtTa4magj6kSzz1DTqEspe6Toy/vunxlGl1R5 qn0rlXWanCzFLdRgQkVPMevYl5QClWItq/8FcEQAJTSkRRyycsQfA4De7QApn3+VJ1NP tJqfVAs5WqaIWZYFVFSyhs6cMJzh5SsF7tE0L73ZdTXxGBghiQ8rii9/x5ST9DtGc80q cCww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721740235; x=1722345035; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+9KvsvCHEGhZpad6dixP1T8PrskYUM3EAVWT0geUExQ=; b=ORrZPxE/rmXFVkxYBhW5yz8M73dC60ZJfLbot/duI10NfZKW8BEB9FXgex241wxK29 Taq6//bjzFd8r33gQhBm4oRz/OVvCoyx57Lm0gdtdine9WL+/8OwwFpbPGqiLecoOPbp fRi5cYDkqzzeSGwu008zey8AWwXj6e8UcooqS+Zldtjp75xg5Yx05v/RUCp2qTJbe8dC yX86LWeriZ6E2K+lq2nSOjDiooteZb85YWCAw19MfMhtETa4/CzBwaQW76B41RNouwuG Rwwj1CqGPr2PzD/Zd0tCudDTTIenvhf+ksassVO6EF0bCM1g5ZUGNdv2WRh/NHdlbUoH Fr4A== X-Forwarded-Encrypted: i=1; AJvYcCX8XfzRoFDaTxyo5N7LzZDYGjEkKpzfZWswwQoUjQ5BSeFHqU8mRJPqpx4smb0Ul+NfjX3/JHP5K6ij/7is2H7PXNTvypc= X-Gm-Message-State: AOJu0YwEd0DEeFWwsBGROR9wQya9PjUwH9/RNtBfyl0hB3PvhYGBaiV+ /uQs41nmPTI6xc3SoOgJYqIZUypoX4i+N/445y0diQvohButZeGQC7i+amxCInA= X-Received: by 2002:a05:6000:1b08:b0:367:4e1a:240e with SMTP id ffacd0b85a97d-369bb2a1bc4mr5642881f8f.50.1721740234887; Tue, 23 Jul 2024 06:10:34 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-36878684773sm11560157f8f.7.2024.07.23.06.10.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jul 2024 06:10:34 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , qemu-stable@nongnu.org Subject: [PATCH 4/4] hw/misc/bcm2835_property: Reduce scope of variables in mbox push function Date: Tue, 23 Jul 2024 14:10:29 +0100 Message-Id: <20240723131029.1159908-5-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240723131029.1159908-1-peter.maydell@linaro.org> References: <20240723131029.1159908-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::42e; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x42e.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org In bcm2835_property_mbox_push(), some variables are defined at function scope but used only in a smaller scope of the function: * tag, bufsize, resplen are used only in the body of the while() loop * tmp is used only for RPI_FWREQ_SET_POWER_STATE (and is badly named) Declare these variables in the scope where they're needed, so the code is easier to read. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé --- hw/misc/bcm2835_property.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c index 443d42a1824..8ca3128f29b 100644 --- a/hw/misc/bcm2835_property.c +++ b/hw/misc/bcm2835_property.c @@ -25,11 +25,7 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) { - uint32_t tag; - uint32_t bufsize; uint32_t tot_len; - size_t resplen; - uint32_t tmp; /* * Copy the current state of the framebuffer config; we will update @@ -48,10 +44,10 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) /* @(addr + 4) : Buffer response code */ value = s->addr + 8; while (value + 8 <= s->addr + tot_len) { - tag = ldl_le_phys(&s->dma_as, value); - bufsize = ldl_le_phys(&s->dma_as, value + 4); + uint32_t tag = ldl_le_phys(&s->dma_as, value); + uint32_t bufsize = ldl_le_phys(&s->dma_as, value + 4); /* @(value + 8) : Request/response indicator */ - resplen = 0; + size_t resplen = 0; switch (tag) { case RPI_FWREQ_PROPERTY_END: break; @@ -95,13 +91,16 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) resplen = 8; break; case RPI_FWREQ_SET_POWER_STATE: - /* Assume that whatever device they asked for exists, - * and we'll just claim we set it to the desired state + { + /* + * Assume that whatever device they asked for exists, + * and we'll just claim we set it to the desired state. */ - tmp = ldl_le_phys(&s->dma_as, value + 16); - stl_le_phys(&s->dma_as, value + 16, (tmp & 1)); + uint32_t state = ldl_le_phys(&s->dma_as, value + 16); + stl_le_phys(&s->dma_as, value + 16, (state & 1)); resplen = 8; break; + } /* Clocks */