From patchwork Tue Nov 10 21:52:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Pisa X-Patchwork-Id: 322890 Delivered-To: patch@linaro.org Received: by 2002:a05:6e02:5ce:0:0:0:0 with SMTP id l14csp593561ils; Tue, 10 Nov 2020 13:57:35 -0800 (PST) X-Google-Smtp-Source: ABdhPJxLZJmYYFXCI7sbJJu1x4RabU45OXkx6DE02S/Np7Ph6CLM1HqkZMGGPehEOmcclOwh8vaL X-Received: by 2002:a25:aaa1:: with SMTP id t30mr6329006ybi.265.1605045455514; Tue, 10 Nov 2020 13:57:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605045455; cv=none; d=google.com; s=arc-20160816; b=W+Xp4brBKfPrkFLP0gOaikE0CCjOsoZtw/80PSbsnpQ04dnVeDvTw+jxkfqmVJI27b fHrIGBzH+JcdfdQ8mf1KQF+uR4v4dT0xrePjLyQ8pO6llmmjgGhi4VpizJJ0C0Lef53t ibcmW5AubnrI4oYGxWGCLmlYmcVYFngtN6nwF5SAci+LuVahpgBSwtYyXLD/nap2EFyr qP4d+xOGBLEtscApkeW+hsFi2Ggz1iyyFvA/qe8gaiGf7coTaiMZTkq+4x+ERztwrGO5 NPXSe2mQWfWGfm9ouwTr40Uv1WM2SEF7YflSVcNymidO1vgYLhu/GRnyVJqeGH19q9UX LaJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from; bh=aED4sVBi+/AhSfzRw8X3kV2Pb3OlPTZ8fzgg3AYmxJ0=; b=uSBfx/hxFHKRGNfOEGTwZSfeznDsbVOkiP21Bi129OJecjwJEohi0hp3++5JlwdlCV 646NJIm1ZcZw25OjzKWvw6Qjk2mMM04EVmHYfAlBZfVax5MIrjEDUMDrQSjrrb9MWiIW Tr/pzsgGXwdno5kFGCX1H+MTXLLqhkCz6iVzzl84usRzFIwBCH0RVOL83UbOhfQTrtww AIHBGyyuQgjuU3c4c0+aRI1DkMM0PP3RLRmf8+PRGC09DMlsJmsVxru9U6BjhvKf/gAp f3wreHXWUIQXEjunOe9rsyd02bDvIlMj83lllwVHjIBoCksk9UQWwhymKn0uCy8/t6bi i08A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id q2si77395ybc.21.2020.11.10.13.57.35 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 10 Nov 2020 13:57:35 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1]:57034 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kcbdu-0007dz-VE for patch@linaro.org; Tue, 10 Nov 2020 16:57:35 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:34512) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kcbb6-0007bj-Pe for qemu-devel@nongnu.org; Tue, 10 Nov 2020 16:54:40 -0500 Received: from relay.felk.cvut.cz ([2001:718:2:1611:0:1:0:70]:14116) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kcbb5-0002cS-1L for qemu-devel@nongnu.org; Tue, 10 Nov 2020 16:54:40 -0500 Received: from cmp.felk.cvut.cz (haar.felk.cvut.cz [147.32.84.19]) by relay.felk.cvut.cz (8.15.2/8.15.2) with ESMTP id 0AALrZM2095294; Tue, 10 Nov 2020 22:53:35 +0100 (CET) (envelope-from pisa@cmp.felk.cvut.cz) Received: from haar.felk.cvut.cz (localhost [127.0.0.1]) by cmp.felk.cvut.cz (8.14.0/8.12.3/SuSE Linux 0.6) with ESMTP id 0AALrYqA028054; Tue, 10 Nov 2020 22:53:34 +0100 Received: (from pisa@localhost) by haar.felk.cvut.cz (8.14.0/8.13.7/Submit) id 0AALrYHZ028053; Tue, 10 Nov 2020 22:53:34 +0100 From: Pavel Pisa To: qemu-devel@nongnu.org, Peter Maydell Subject: [PATCH for-5.2 v3 1/4] hw/net/can/ctucan: Don't allow guest to write off end of tx_buffer Date: Tue, 10 Nov 2020 22:52:47 +0100 Message-Id: <94d4236dee6973978398e6e2a3a321b65a7d35be.1605044619.git.pisa@cmp.felk.cvut.cz> X-Mailer: git-send-email 2.20.1 In-Reply-To: References: MIME-Version: 1.0 X-FELK-MailScanner-Information: X-MailScanner-ID: 0AALrZM2095294 X-FELK-MailScanner: Found to be clean X-FELK-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-0.099, required 6, BAYES_00 -0.50, KHOP_HELO_FCRDNS 0.40, SPF_HELO_NONE 0.00, SPF_NONE 0.00) X-FELK-MailScanner-From: pisa@cmp.felk.cvut.cz X-FELK-MailScanner-Watermark: 1605650019.03741@U0Ja59RiVa3UlzW+OwSn8Q Received-SPF: none client-ip=2001:718:2:1611:0:1:0:70; envelope-from=pisa@cmp.felk.cvut.cz; helo=relay.felk.cvut.cz X-detected-operating-system: by eggs.gnu.org: First seen = 2020/11/10 16:54:16 X-ACL-Warn: Detected OS = ??? X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Pavel Pisa , Jason Wang , Vikram Garhwal , Ondrej Ille , =?utf-8?q?Jan_Charv=C3=A1t?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Peter Maydell The ctucan device has 4 CAN bus cores, each of which has a set of 20 32-bit registers for writing the transmitted data. The registers are however not contiguous; each core's buffers is 0x100 bytes after the last. We got the checks on the address wrong in the ctucan_mem_write() function: * the first "is addr in range at all" check allowed addr == CTUCAN_CORE_MEM_SIZE, which is actually the first byte off the end of the range * the decode of addresses into core-number plus offset in the tx buffer for that core failed to check that the offset was in range, so the guest could write off the end of the tx_buffer[] array NB: currently the values of CTUCAN_CORE_MEM_SIZE, CTUCAN_CORE_TXBUF_NUM, etc, make "buff_num >= CTUCAN_CORE_TXBUF_NUM" impossible, but we retain this as a runtime check rather than an assertion to permit those values to be changed in future (in hardware they are configurable synthesis parameters). Fix the top level check, and check the offset is within the buffer. Fixes: Coverity CID 1432874 Signed-off-by: Peter Maydell Signed-off-by: Pavel Pisa Tested-by: Pavel Pisa --- hw/net/can/ctucan_core.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) -- 2.20.1 diff --git a/hw/net/can/ctucan_core.c b/hw/net/can/ctucan_core.c index d20835cd7e..8486f429d7 100644 --- a/hw/net/can/ctucan_core.c +++ b/hw/net/can/ctucan_core.c @@ -303,7 +303,7 @@ void ctucan_mem_write(CtuCanCoreState *s, hwaddr addr, uint64_t val, DPRINTF("write 0x%02llx addr 0x%02x\n", (unsigned long long)val, (unsigned int)addr); - if (addr > CTUCAN_CORE_MEM_SIZE) { + if (addr >= CTUCAN_CORE_MEM_SIZE) { return; } @@ -312,7 +312,9 @@ void ctucan_mem_write(CtuCanCoreState *s, hwaddr addr, uint64_t val, addr -= CTU_CAN_FD_TXTB1_DATA_1; buff_num = addr / CTUCAN_CORE_TXBUFF_SPAN; addr %= CTUCAN_CORE_TXBUFF_SPAN; - if (buff_num < CTUCAN_CORE_TXBUF_NUM) { + addr &= ~3; + if ((buff_num < CTUCAN_CORE_TXBUF_NUM) && + (addr < sizeof(s->tx_buffer[buff_num].data))) { uint32_t *bufp = (uint32_t *)(s->tx_buffer[buff_num].data + addr); *bufp = cpu_to_le32(val); } From patchwork Tue Nov 10 21:52:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Pisa X-Patchwork-Id: 322891 Delivered-To: patch@linaro.org Received: by 2002:a05:6e02:5ce:0:0:0:0 with SMTP id l14csp593818ils; Tue, 10 Nov 2020 13:58:05 -0800 (PST) X-Google-Smtp-Source: ABdhPJwQNX8la5dW+YAJFYb9HFHzwL127qwozyirohulIBIW8aZueD9n15IStJ0REPGvKPVZIz4I X-Received: by 2002:a25:c6d5:: with SMTP id k204mr13524307ybf.363.1605045485598; Tue, 10 Nov 2020 13:58:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605045485; cv=none; d=google.com; s=arc-20160816; b=qkDl/6fVbUr/aPDgqeAR19yFOp8hoIsZkZQNE+mpObKB4uQiyGv64wozM3yPZSbc8h 0a49YSh4hdctngoupZi2ca0A29dvRcBUx/D9GVF/mzH3LmPj+HLrzGyLHJ5t1huQWD/q NAGfvWb6o5FtlqqOQ90XVuHfPpWh7Bz5rcIm1z0Hx+gCHSvFW14KYl3JAX4NKtB181Lp eBM5Rf3yjKWfcJapolHYaS04ODCuy0tgYrZv+FSTvwO7aVZNrwJl3Qbb1DH01AB3RUWc 5WFwDU0DrP0HSoQNHm1BfF2Y4HBrdosNrNhnQa6eWUTv1LbQlL4WRjzCer6wiGf1oT/I TDpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from; bh=Idr2nK2RVq6MdGHXHJTt1bPBmEmi7zAbi4pKIQ/C3CE=; b=HLYm4P0YhQVUPQXNES6eGyDUK0p0ViU1MRmojuRHjNRrSGkUy3a4C9si8p/nj3EvNi S3lydyTxCG9jBYU4AWBO3DsCjSRJC+0CI311Pwj7g2DSANx7bb7Nrmtxs2laV9riol3t sFC6Zp/kGLS63VKpQGuwwzaKwZZ6meLUlz5aOv5OPFBfNMQ/pg8e1YKiAzzEg8plCvhu 6B+iJ7OSbCF31r0BlTp2qWRn4Kv0ufsGHMEVtUFk1rEgn/soE593GuHuLSE0an1zdSOx p9Flbk6Od2BaeGcxFUCXKUzKAbOJLbfgMO/z8diwSPfeTua3UFNXXkgsublRfLODKPUO Q5NQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id d31si48463ybi.184.2020.11.10.13.58.05 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 10 Nov 2020 13:58:05 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1]:57258 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kcbeO-0007kA-8X for patch@linaro.org; Tue, 10 Nov 2020 16:58:04 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:34534) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kcbbG-0007im-9u for qemu-devel@nongnu.org; Tue, 10 Nov 2020 16:54:50 -0500 Received: from relay.felk.cvut.cz ([2001:718:2:1611:0:1:0:70]:14116) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kcbbB-0002cS-7N for qemu-devel@nongnu.org; Tue, 10 Nov 2020 16:54:50 -0500 Received: from cmp.felk.cvut.cz (haar.felk.cvut.cz [147.32.84.19]) by relay.felk.cvut.cz (8.15.2/8.15.2) with ESMTP id 0AALrblo095295; Tue, 10 Nov 2020 22:53:37 +0100 (CET) (envelope-from pisa@cmp.felk.cvut.cz) Received: from haar.felk.cvut.cz (localhost [127.0.0.1]) by cmp.felk.cvut.cz (8.14.0/8.12.3/SuSE Linux 0.6) with ESMTP id 0AALrbxs028066; Tue, 10 Nov 2020 22:53:37 +0100 Received: (from pisa@localhost) by haar.felk.cvut.cz (8.14.0/8.13.7/Submit) id 0AALraeB028065; Tue, 10 Nov 2020 22:53:36 +0100 From: Pavel Pisa To: qemu-devel@nongnu.org, Peter Maydell Subject: [PATCH for-5.2 v3 2/4] hw/net/can/ctucan: Avoid unused value in ctucan_send_ready_buffers() Date: Tue, 10 Nov 2020 22:52:48 +0100 Message-Id: <96562ba01919479f7f311050e914419ed3c2f194.1605044619.git.pisa@cmp.felk.cvut.cz> X-Mailer: git-send-email 2.20.1 In-Reply-To: References: MIME-Version: 1.0 X-FELK-MailScanner-Information: X-MailScanner-ID: 0AALrblo095295 X-FELK-MailScanner: Found to be clean X-FELK-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-0.099, required 6, BAYES_00 -0.50, KHOP_HELO_FCRDNS 0.40, SPF_HELO_NONE 0.00, SPF_NONE 0.00) X-FELK-MailScanner-From: pisa@cmp.felk.cvut.cz X-FELK-MailScanner-Watermark: 1605650019.10731@7y1gp9Ofs2U+1lucnbn/Qg Received-SPF: none client-ip=2001:718:2:1611:0:1:0:70; envelope-from=pisa@cmp.felk.cvut.cz; helo=relay.felk.cvut.cz X-detected-operating-system: by eggs.gnu.org: First seen = 2020/11/10 16:54:16 X-ACL-Warn: Detected OS = ??? X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Pavel Pisa , Jason Wang , Vikram Garhwal , Ondrej Ille , =?utf-8?q?Jan_Charv=C3=A1t?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Peter Maydell Coverity points out that in ctucan_send_ready_buffers() we set buff_st_mask = 0xf << (i * 4) inside the loop, but then we never use it before overwriting it later. The only thing we use the mask for is as part of the code that is inserting the new buff_st field into tx_status. That is more comprehensibly written using deposit32(), so do that and drop the mask variable entirely. We also update the buff_st local variable at multiple points during this function, but nothing can ever see these intermediate values, so just drop those, write the final TXT_TOK as a fixed constant value, and collapse the only remaining set/use of buff_st down into an extract32(). Fixes: Coverity CID 1432869 Signed-off-by: Peter Maydell Acked-by: Pavel Pisa Tested-by: Pavel Pisa --- hw/net/can/ctucan_core.c | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) -- 2.20.1 diff --git a/hw/net/can/ctucan_core.c b/hw/net/can/ctucan_core.c index 8486f429d7..f49c76261c 100644 --- a/hw/net/can/ctucan_core.c +++ b/hw/net/can/ctucan_core.c @@ -240,8 +240,6 @@ static void ctucan_send_ready_buffers(CtuCanCoreState *s) uint8_t *pf; int buff2tx_idx; uint32_t tx_prio_max; - unsigned int buff_st; - uint32_t buff_st_mask; if (!s->mode_settings.s.ena) { return; @@ -256,10 +254,7 @@ static void ctucan_send_ready_buffers(CtuCanCoreState *s) for (i = 0; i < CTUCAN_CORE_TXBUF_NUM; i++) { uint32_t prio; - buff_st_mask = 0xf << (i * 4); - buff_st = (s->tx_status.u32 >> (i * 4)) & 0xf; - - if (buff_st != TXT_RDY) { + if (extract32(s->tx_status.u32, i * 4, 4) != TXT_RDY) { continue; } prio = (s->tx_priority.u32 >> (i * 4)) & 0x7; @@ -271,10 +266,7 @@ static void ctucan_send_ready_buffers(CtuCanCoreState *s) if (buff2tx_idx == -1) { break; } - buff_st_mask = 0xf << (buff2tx_idx * 4); - buff_st = (s->tx_status.u32 >> (buff2tx_idx * 4)) & 0xf; int_stat.u32 = 0; - buff_st = TXT_RDY; pf = s->tx_buffer[buff2tx_idx].data; ctucan_buff2frame(pf, &frame); s->status.s.idle = 0; @@ -283,12 +275,11 @@ static void ctucan_send_ready_buffers(CtuCanCoreState *s) s->status.s.idle = 1; s->status.s.txs = 0; s->tx_fr_ctr.s.tx_fr_ctr_val++; - buff_st = TXT_TOK; int_stat.s.txi = 1; int_stat.s.txbhci = 1; s->int_stat.u32 |= int_stat.u32 & ~s->int_mask.u32; - s->tx_status.u32 = (s->tx_status.u32 & ~buff_st_mask) | - (buff_st << (buff2tx_idx * 4)); + s->tx_status.u32 = deposit32(s->tx_status.u32, + buff2tx_idx * 4, 4, TXT_TOK); } while (1); } From patchwork Tue Nov 10 21:52:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Pavel Pisa X-Patchwork-Id: 322900 Delivered-To: patch@linaro.org Received: by 2002:a05:6e02:5ce:0:0:0:0 with SMTP id l14csp598808ils; Tue, 10 Nov 2020 14:05:30 -0800 (PST) X-Google-Smtp-Source: ABdhPJzYaDMSn99qv2+hEPKaZJckrlVyp5pVtnCsAUwctAnYeidRoDFs0RWID0/1ddbGz/7uZnRu X-Received: by 2002:a25:d416:: with SMTP id m22mr1939253ybf.318.1605045930762; Tue, 10 Nov 2020 14:05:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605045930; cv=none; d=google.com; s=arc-20160816; b=QNPr2TaXl0E3WPcQqzPn9R29pXJsSxWWP/hn78+XwxTlI9qmn4HPTgkOXl72WzpkQN IB2Uu5O2GlkJi3PD3W1CFusfxNEytTKAmc3rJQsHuQG2Hz3kE6Usg18qHY9grNJgmzE5 Y3es78/+69Nshedgon/xjiRkPPgEMZsSXYWl8/qHr1INm2x/2E8nipl4XtqVnJmOi16+ nPf6LDgoiptVcwC94QlDOsTv1e3FamqEHciTPxqHAx4eIBmHkGAfrZRpT3mAxub0tw71 K8W5lR2fDUzOLeuiif/JAo2lKwpMu/JE+rBkkfQ2lHZ0M23Cy6dvRestRErFX8IKvYRP 7oRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from; bh=t7CFjQ2WNsxy4YsJ/b8Uun9h9CHZO0BrwTSz66Z+Jt4=; b=uSYY2x27WSXSkMDw71QX2DTJumI1xfRfh2oXTyCjpcJMKG7fVB8E9jKCd5b2u/I1gy SJLoeEa90Dg2rG0ysUi4oz0xrUooNnWhspjhTqTPo05RfILPC0iCqyrgehgfH9fXri1a K+GSTFG08ymJKCAsIyjCO5i/FM5L8NNU55EQmg/LQAg2URjKGaiG3oDi8U+GlHslzqbe V5C/lhvWwcpeJXbZH4JQ1fvqRXj1lthfYrEQ1AvAV12nqWLZyDleXWXDq4mqmrwpeRxg VjXGw/ALlgjkHQycX78D48O5Ga8DizygrInf0z9zqc2XxDUdsjCDWD5hcr14cioFGL9X on3Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id w14si60811ybl.233.2020.11.10.14.05.30 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 10 Nov 2020 14:05:30 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1]:37166 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kcbla-00032N-68 for patch@linaro.org; Tue, 10 Nov 2020 17:05:30 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:34554) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kcbbO-0007rs-5y for qemu-devel@nongnu.org; Tue, 10 Nov 2020 16:54:58 -0500 Received: from relay.felk.cvut.cz ([2001:718:2:1611:0:1:0:70]:13424) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kcbbM-0002ce-Fl for qemu-devel@nongnu.org; Tue, 10 Nov 2020 16:54:57 -0500 Received: from cmp.felk.cvut.cz (haar.felk.cvut.cz [147.32.84.19]) by relay.felk.cvut.cz (8.15.2/8.15.2) with ESMTP id 0AALrejj095303; Tue, 10 Nov 2020 22:53:40 +0100 (CET) (envelope-from pisa@cmp.felk.cvut.cz) Received: from haar.felk.cvut.cz (localhost [127.0.0.1]) by cmp.felk.cvut.cz (8.14.0/8.12.3/SuSE Linux 0.6) with ESMTP id 0AALreW1028082; Tue, 10 Nov 2020 22:53:40 +0100 Received: (from pisa@localhost) by haar.felk.cvut.cz (8.14.0/8.13.7/Submit) id 0AALret1028081; Tue, 10 Nov 2020 22:53:40 +0100 From: Pavel Pisa To: qemu-devel@nongnu.org, Peter Maydell Subject: [PATCH for-5.2 v3 3/4] hw/net/can/ctucan_core: Handle big-endian hosts Date: Tue, 10 Nov 2020 22:52:49 +0100 Message-Id: <61096a9130b50e74e03914fcbfbb7bc759f5b6b5.1605044619.git.pisa@cmp.felk.cvut.cz> X-Mailer: git-send-email 2.20.1 In-Reply-To: References: MIME-Version: 1.0 X-FELK-MailScanner-Information: X-MailScanner-ID: 0AALrejj095303 X-FELK-MailScanner: Found to be clean X-FELK-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-0.099, required 6, BAYES_00 -0.50, KHOP_HELO_FCRDNS 0.40, SPF_HELO_NONE 0.00, SPF_NONE 0.00) X-FELK-MailScanner-From: pisa@cmp.felk.cvut.cz X-FELK-MailScanner-Watermark: 1605650023.95102@awhc3FVjGoDauf5+3cGHtg Received-SPF: none client-ip=2001:718:2:1611:0:1:0:70; envelope-from=pisa@cmp.felk.cvut.cz; helo=relay.felk.cvut.cz X-detected-operating-system: by eggs.gnu.org: First seen = 2020/11/10 16:54:16 X-ACL-Warn: Detected OS = ??? X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Vikram Garhwal , Jason Wang , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Ondrej Ille , =?utf-8?q?Jan_Charv=C3=A1t?= , Pavel Pisa Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Peter Maydell The ctucan driver defines types for its registers which are a union of a uint32_t with a struct with bitfields for the individual fields within that register. This is a bad idea, because bitfields aren't portable. The ctu_can_fd_regs.h header works around the most glaring of the portability issues by defining the fields in two different orders depending on the setting of the __LITTLE_ENDIAN_BITFIELD define. However, in ctucan_core.h this is unconditionally set to 1, which is wrong for big-endian hosts. Set it only if HOST_WORDS_BIGENDIAN is not set. There is no need for a "have we defined it already" guard, because the only place that should set it is ctucan_core.h, which has the usual double-inclusion guard. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Acked-by: Pavel Pisa Tested-by: Pavel Pisa --- hw/net/can/ctucan_core.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) -- 2.20.1 diff --git a/hw/net/can/ctucan_core.h b/hw/net/can/ctucan_core.h index f21cb1c5ec..bbc09ae067 100644 --- a/hw/net/can/ctucan_core.h +++ b/hw/net/can/ctucan_core.h @@ -31,8 +31,7 @@ #include "exec/hwaddr.h" #include "net/can_emu.h" - -#ifndef __LITTLE_ENDIAN_BITFIELD +#ifndef HOST_WORDS_BIGENDIAN #define __LITTLE_ENDIAN_BITFIELD 1 #endif From patchwork Tue Nov 10 21:52:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Pavel Pisa X-Patchwork-Id: 322899 Delivered-To: patch@linaro.org Received: by 2002:a05:6e02:5ce:0:0:0:0 with SMTP id l14csp596882ils; Tue, 10 Nov 2020 14:02:52 -0800 (PST) X-Google-Smtp-Source: ABdhPJwGb9RuRjdvd1BQUH2z8W+kTFihWiRUYui0LxJ9owj6VXMpKy5S4GeyqHslOZ8/zVwTv2s7 X-Received: by 2002:a25:16c4:: with SMTP id 187mr27654374ybw.281.1605045772261; Tue, 10 Nov 2020 14:02:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605045772; cv=none; d=google.com; s=arc-20160816; b=BX7TGA6QMbD2R6+5fI8QGU+LBmwmuV7R4TTC0NDzTB5ppjntXiYD1rluwowrmSa6Lv ytwILOxnaxc9cztD8AArv5BJ3ccEoVwNJrJnoGDiFWczyulI96LHYzoAMMyARfxKbbQc yzIOPs6zK1rChFz7kDmGl/x6WKWc0gC0RFRyFMPIg4bdMlxho4jRtpEM8UxcNWND+3s/ WjrkUT769n7oc4Ox5OKq6Jv7siG1gvndeYkc1oe2XrRCgixcW7p83EWhnysGzfbCp5Ij Zjk/XNoYUDmM2L7mMcmNsjw83qNBkYgC0PBdamiXWZFql2CU29FJAw5cZUmroIknXBO0 EEcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from; bh=RzupqbRAp9xZXyU0pb3Y8asV8zVRgn9GaQopBXem0ZY=; b=siVLBUhmBJKCPbzCHeLxjQBIkHY8jm80o6F0U+JtbKeyRoIuI4wVXOwWIdEeAJp8k4 x00aQjNNU54Lc8vJMYtuoBS0309hBizI28o87jKsGoPbmN9jxTMHnIwE85PE7ezuTXOr Lrrg7yHc00heE06wwXqSZiWfijwoxBuE29j3pzHurfncOLHAum8Y6W9P5MPLV1gfvMbN 2/O0PQgihv5YzsE6ZFmz8eCMw5AXLqGtLJJ72hCWo8P0jPvVm3w/XKVICHNikEwCaW/U 97p0cXCE+kNjvs/EFlg7sqBJUYtk8gtm4KD6HHEchbFDpVTuNNIovTPFPTTKdyaESEtD 1XQg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id g34si82961ybj.72.2020.11.10.14.02.52 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 10 Nov 2020 14:02:52 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1]:36810 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kcbj1-0002sz-Kd for patch@linaro.org; Tue, 10 Nov 2020 17:02:51 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:34538) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kcbbH-0007jS-0S for qemu-devel@nongnu.org; Tue, 10 Nov 2020 16:54:51 -0500 Received: from relay.felk.cvut.cz ([2001:718:2:1611:0:1:0:70]:13424) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kcbbB-0002ce-8c for qemu-devel@nongnu.org; Tue, 10 Nov 2020 16:54:50 -0500 Received: from cmp.felk.cvut.cz (haar.felk.cvut.cz [147.32.84.19]) by relay.felk.cvut.cz (8.15.2/8.15.2) with ESMTP id 0AALrgwF095304; Tue, 10 Nov 2020 22:53:42 +0100 (CET) (envelope-from pisa@cmp.felk.cvut.cz) Received: from haar.felk.cvut.cz (localhost [127.0.0.1]) by cmp.felk.cvut.cz (8.14.0/8.12.3/SuSE Linux 0.6) with ESMTP id 0AALrgeh028093; Tue, 10 Nov 2020 22:53:42 +0100 Received: (from pisa@localhost) by haar.felk.cvut.cz (8.14.0/8.13.7/Submit) id 0AALrgb7028092; Tue, 10 Nov 2020 22:53:42 +0100 From: Pavel Pisa To: qemu-devel@nongnu.org, Peter Maydell Subject: [PATCH for-5.2 v3 4/4] hw/net/can/ctucan_core: Use stl_le_p to write to tx_buffers Date: Tue, 10 Nov 2020 22:52:50 +0100 Message-Id: <7951c8ad9a0ad6b5faf7ec7569f255fa45259590.1605044619.git.pisa@cmp.felk.cvut.cz> X-Mailer: git-send-email 2.20.1 In-Reply-To: References: MIME-Version: 1.0 X-FELK-MailScanner-Information: X-MailScanner-ID: 0AALrgwF095304 X-FELK-MailScanner: Found to be clean X-FELK-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-0.099, required 6, BAYES_00 -0.50, KHOP_HELO_FCRDNS 0.40, SPF_HELO_NONE 0.00, SPF_NONE 0.00) X-FELK-MailScanner-From: pisa@cmp.felk.cvut.cz X-FELK-MailScanner-Watermark: 1605650023.99277@snFSPGKgF+gWI/ke73RDgg Received-SPF: none client-ip=2001:718:2:1611:0:1:0:70; envelope-from=pisa@cmp.felk.cvut.cz; helo=relay.felk.cvut.cz X-detected-operating-system: by eggs.gnu.org: First seen = 2020/11/10 16:54:16 X-ACL-Warn: Detected OS = ??? X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Vikram Garhwal , Jason Wang , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Ondrej Ille , =?utf-8?q?Jan_Charv=C3=A1t?= , Pavel Pisa Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Peter Maydell Instead of casting an address within a uint8_t array to a uint32_t*, use stl_le_p(). This handles possibly misaligned addresses which would otherwise crash on some hosts. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Pavel Pisa Tested-by: Pavel Pisa --- hw/net/can/ctucan_core.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) -- 2.20.1 diff --git a/hw/net/can/ctucan_core.c b/hw/net/can/ctucan_core.c index f49c76261c..d171c372e0 100644 --- a/hw/net/can/ctucan_core.c +++ b/hw/net/can/ctucan_core.c @@ -303,11 +303,9 @@ void ctucan_mem_write(CtuCanCoreState *s, hwaddr addr, uint64_t val, addr -= CTU_CAN_FD_TXTB1_DATA_1; buff_num = addr / CTUCAN_CORE_TXBUFF_SPAN; addr %= CTUCAN_CORE_TXBUFF_SPAN; - addr &= ~3; if ((buff_num < CTUCAN_CORE_TXBUF_NUM) && - (addr < sizeof(s->tx_buffer[buff_num].data))) { - uint32_t *bufp = (uint32_t *)(s->tx_buffer[buff_num].data + addr); - *bufp = cpu_to_le32(val); + ((addr + size) <= sizeof(s->tx_buffer[buff_num].data))) { + stn_le_p(s->tx_buffer[buff_num].data + addr, size, val); } } else { switch (addr & ~3) {