[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 04/10] hw/ssi/xilinx_spips: Avoid out-of-bound access
From: |
Peter Maydell |
Subject: |
[Qemu-devel] [PULL 04/10] hw/ssi/xilinx_spips: Avoid out-of-bound access to lqspi_buf[] |
Date: |
Mon, 15 Jul 2019 14:42:05 +0100 |
From: Philippe Mathieu-Daudé <address@hidden>
Both lqspi_read() and lqspi_load_cache() expect a 32-bit
aligned address.
>From UG1085 datasheet [*] chapter on 'Quad-SPI Controller':
Transfer Size Limitations
Because of the 32-bit wide TX, RX, and generic FIFO, all
APB/AXI transfers must be an integer multiple of 4-bytes.
Shorter transfers are not possible.
Set MemoryRegionOps.impl values to force 32-bit accesses,
this way we are sure we do not access the lqspi_buf[] array
out of bound.
[*]
https://www.xilinx.com/support/documentation/user_guides/ug1085-zynq-ultrascale-trm.pdf
Reviewed-by: Francisco Iglesias <address@hidden>
Tested-by: Francisco Iglesias <address@hidden>
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
---
hw/ssi/xilinx_spips.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index 3c4e8365ee1..b29e0a4a89e 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -1239,6 +1239,10 @@ static const MemoryRegionOps lqspi_ops = {
.read_with_attrs = lqspi_read,
.write_with_attrs = lqspi_write,
.endianness = DEVICE_NATIVE_ENDIAN,
+ .impl = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
.valid = {
.min_access_size = 1,
.max_access_size = 4
--
2.20.1
- [Qemu-devel] [PULL 00/10] target-arm queue, Peter Maydell, 2019/07/15
- [Qemu-devel] [PULL 02/10] hw/ssi/xilinx_spips: Convert lqspi_read() to read_with_attrs, Peter Maydell, 2019/07/15
- [Qemu-devel] [PULL 01/10] target/arm: report ARMv8-A FP support for AArch32 -cpu max, Peter Maydell, 2019/07/15
- [Qemu-devel] [PULL 03/10] hw/ssi/xilinx_spips: Avoid AXI writes to the LQSPI linear memory, Peter Maydell, 2019/07/15
- [Qemu-devel] [PULL 07/10] hw/arm/virt: Fix non-secure flash mode, Peter Maydell, 2019/07/15
- [Qemu-devel] [PULL 05/10] hw/ssi/mss-spi: Avoid crash when reading empty RX FIFO, Peter Maydell, 2019/07/15
- [Qemu-devel] [PULL 04/10] hw/ssi/xilinx_spips: Avoid out-of-bound access to lqspi_buf[],
Peter Maydell <=
- [Qemu-devel] [PULL 06/10] hw/display/xlnx_dp: Avoid crash when reading empty RX FIFO, Peter Maydell, 2019/07/15
- [Qemu-devel] [PULL 09/10] target/arm: Set VFP-related MVFR0 fields for arm926 and arm1026, Peter Maydell, 2019/07/15
- [Qemu-devel] [PULL 08/10] pl031: Correctly migrate state when using -rtc clock=host, Peter Maydell, 2019/07/15
- [Qemu-devel] [PULL 10/10] target/arm: NS BusFault on vector table fetch escalates to NS HardFault, Peter Maydell, 2019/07/15
- Re: [Qemu-devel] [PULL 00/10] target-arm queue, Peter Maydell, 2019/07/15
- Re: [Qemu-devel] [PULL 00/10] target-arm queue, no-reply, 2019/07/15
- Re: [Qemu-devel] [PULL 00/10] target-arm queue, no-reply, 2019/07/16