From dd5d693ecf5aa97f50ece9862b2a4cbe67b7c71b Mon Sep 17 00:00:00 2001 From: Seth Kintigh Date: Mon, 19 Nov 2018 15:29:08 +0000 Subject: hw/arm/stm32f205: Fix the UART and Timer region size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The UART and timer devices for the stm32f205 were being created with memory regions that were too large. Use the size specified in the chip datasheet. The old sizes were so large that the devices would overlap with each other in the SoC memory map, so this fixes a bug that caused odd behavior and/or crashes when trying to set up multiple UARTs. Signed-off-by: Seth Kintigh Reviewed-by: Peter Maydell [PMM: rephrased commit message to follow our usual standard] Reviewed-by: Philippe Mathieu-Daudé Tested-by: Philippe Mathieu-Daudé Signed-off-by: Peter Maydell --- hw/char/stm32f2xx_usart.c | 2 +- hw/timer/stm32f2xx_timer.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'hw') diff --git a/hw/char/stm32f2xx_usart.c b/hw/char/stm32f2xx_usart.c index 032b5fd..f3363a2 100644 --- a/hw/char/stm32f2xx_usart.c +++ b/hw/char/stm32f2xx_usart.c @@ -202,7 +202,7 @@ static void stm32f2xx_usart_init(Object *obj) sysbus_init_irq(SYS_BUS_DEVICE(obj), &s->irq); memory_region_init_io(&s->mmio, obj, &stm32f2xx_usart_ops, s, - TYPE_STM32F2XX_USART, 0x2000); + TYPE_STM32F2XX_USART, 0x400); sysbus_init_mmio(SYS_BUS_DEVICE(obj), &s->mmio); } diff --git a/hw/timer/stm32f2xx_timer.c b/hw/timer/stm32f2xx_timer.c index 58fc7b1..ae744d1 100644 --- a/hw/timer/stm32f2xx_timer.c +++ b/hw/timer/stm32f2xx_timer.c @@ -308,7 +308,7 @@ static void stm32f2xx_timer_init(Object *obj) sysbus_init_irq(SYS_BUS_DEVICE(obj), &s->irq); memory_region_init_io(&s->iomem, obj, &stm32f2xx_timer_ops, s, - "stm32f2xx_timer", 0x4000); + "stm32f2xx_timer", 0x400); sysbus_init_mmio(SYS_BUS_DEVICE(obj), &s->iomem); s->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, stm32f2xx_timer_interrupt, s); -- cgit v1.1 From fcf5787c02f7f9ff9f314161631c347d6b69b904 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 19 Nov 2018 15:29:08 +0000 Subject: hw/block/onenand: Fix off-by-one error allowing out-of-bounds read MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit An off-by-one error in a switch case in onenand_read() allowed a misbehaving guest to read off the end of a block of memory. NB: the onenand device is used only by the "n800" and "n810" machines, which are usable only with TCG, not KVM, so this is not a security issue. Reported-by: Thomas Huth Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Signed-off-by: Peter Maydell Message-id: 20181115143535.5885-2-peter.maydell@linaro.org Suggested-by: Richard Henderson Signed-off-by: Peter Maydell --- hw/block/onenand.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'hw') diff --git a/hw/block/onenand.c b/hw/block/onenand.c index 0cb8d7f..49ef68c 100644 --- a/hw/block/onenand.c +++ b/hw/block/onenand.c @@ -608,7 +608,7 @@ static uint64_t onenand_read(void *opaque, hwaddr addr, int offset = addr >> s->shift; switch (offset) { - case 0x0000 ... 0xc000: + case 0x0000 ... 0xbffe: return lduw_le_p(s->boot[0] + addr); case 0xf000: /* Manufacturer ID */ -- cgit v1.1 From 9e6e9247a4cfc489b9c9f91b2f2d4a3dfa515446 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 19 Nov 2018 15:29:08 +0000 Subject: hw/block/onenand: use qemu_log_mask() for reporting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update the onenand device to use qemu_log_mask() for reporting guest errors and unimplemented features, rather than plain fprintf() and hw_error(). (We leave the hw_error() in onenand_reset(), as that is triggered by a failure to read the underlying block device for the bootRAM, not by guest action.) Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Reviewed-by: Thomas Huth Tested-by: Philippe Mathieu-Daudé Message-id: 20181115143535.5885-3-peter.maydell@linaro.org --- hw/block/onenand.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'hw') diff --git a/hw/block/onenand.c b/hw/block/onenand.c index 49ef68c..2b48609 100644 --- a/hw/block/onenand.c +++ b/hw/block/onenand.c @@ -28,6 +28,7 @@ #include "exec/memory.h" #include "hw/sysbus.h" #include "qemu/error-report.h" +#include "qemu/log.h" /* 11 for 2kB-page OneNAND ("2nd generation") and 10 for 1kB-page chips */ #define PAGE_SHIFT 11 @@ -594,8 +595,8 @@ static void onenand_command(OneNANDState *s) default: s->status |= ONEN_ERR_CMD; s->intstatus |= ONEN_INT; - fprintf(stderr, "%s: unknown OneNAND command %x\n", - __func__, s->command); + qemu_log_mask(LOG_GUEST_ERROR, "unknown OneNAND command %x\n", + s->command); } onenand_intr_update(s); @@ -657,12 +658,13 @@ static uint64_t onenand_read(void *opaque, hwaddr addr, case 0xff02: /* ECC Result of spare area data */ case 0xff03: /* ECC Result of main area data */ case 0xff04: /* ECC Result of spare area data */ - hw_error("%s: implement ECC\n", __func__); + qemu_log_mask(LOG_UNIMP, + "onenand: ECC result registers unimplemented\n"); return 0x0000; } - fprintf(stderr, "%s: unknown OneNAND register %x\n", - __func__, offset); + qemu_log_mask(LOG_GUEST_ERROR, "read of unknown OneNAND register 0x%x\n", + offset); return 0; } @@ -706,8 +708,9 @@ static void onenand_write(void *opaque, hwaddr addr, break; default: - fprintf(stderr, "%s: unknown OneNAND boot command %"PRIx64"\n", - __func__, value); + qemu_log_mask(LOG_GUEST_ERROR, + "unknown OneNAND boot command %" PRIx64 "\n", + value); } break; @@ -757,8 +760,9 @@ static void onenand_write(void *opaque, hwaddr addr, break; default: - fprintf(stderr, "%s: unknown OneNAND register %x\n", - __func__, offset); + qemu_log_mask(LOG_GUEST_ERROR, + "write to unknown OneNAND register 0x%x\n", + offset); } } -- cgit v1.1