diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2022-01-11 17:10:39 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2022-01-20 16:04:57 +0000 |
| commit | f0b4b2a28c4ab26505f13f07da07190387f848a4 (patch) | |
| tree | fdd92e466dc5f99f0168dbaa23a2db84d0869b91 /hw | |
| parent | 7d62b2dcdb04fa625abb6600dbffd4464c3e4a85 (diff) | |
| download | qemu-f0b4b2a28c4ab26505f13f07da07190387f848a4.zip qemu-f0b4b2a28c4ab26505f13f07da07190387f848a4.tar.gz qemu-f0b4b2a28c4ab26505f13f07da07190387f848a4.tar.bz2 | |
hw/intc/arm_gicv3_its: Don't use data if reading command failed
In process_cmdq(), we read 64 bits of the command packet, which
contain the command identifier, which we then switch() on to dispatch
to an appropriate sub-function. However, if address_space_ldq_le()
reports a memory transaction failure, we still read the command
identifier out of the data and switch() on it. Restructure the code
so that we stop immediately (stalling the command queue) in this
case.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220111171048.3545974-5-peter.maydell@linaro.org
Diffstat (limited to 'hw')
| -rw-r--r-- | hw/intc/arm_gicv3_its.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/hw/intc/arm_gicv3_its.c b/hw/intc/arm_gicv3_its.c index a6c2299..c1f7668 100644 --- a/hw/intc/arm_gicv3_its.c +++ b/hw/intc/arm_gicv3_its.c @@ -672,8 +672,13 @@ static void process_cmdq(GICv3ITSState *s) data = address_space_ldq_le(as, s->cq.base_addr + cq_offset, MEMTXATTRS_UNSPECIFIED, &res); if (res != MEMTX_OK) { - result = false; + s->creadr = FIELD_DP64(s->creadr, GITS_CREADR, STALLED, 1); + qemu_log_mask(LOG_GUEST_ERROR, + "%s: could not read command at 0x%" PRIx64 "\n", + __func__, s->cq.base_addr + cq_offset); + break; } + cmd = (data & CMD_MASK); switch (cmd) { |