qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] [M25P80] Make sure not to overrun the internal


From: Jean-Christophe DUBOIS
Subject: Re: [Qemu-devel] [PATCH] [M25P80] Make sure not to overrun the internal data buffer.
Date: Sat, 24 Dec 2016 19:12:08 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1

Le 24/12/2016 à 19:04, mar.krzeminski a écrit :


W dniu 24.12.2016 o 18:41, Jean-Christophe DUBOIS pisze:
Le 24/12/2016 à 18:18, mar.krzeminski a écrit :
Hello,

W dniu 24.12.2016 o 16:11, Jean-Christophe Dubois pisze:
It did happen that the internal data buffer was overrun leading to a Qemu
crash (in particular while emulating the i.MX6 sabrelite board).

This patch makes sure the data array would not be overrun and allow the
sabrelite emulation to run without crash.

Signed-off-by: Jean-Christophe Dubois <address@hidden>
---
  hw/block/m25p80.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index d29ff4c..a1c4e5d 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -1117,7 +1117,7 @@ static uint32_t m25p80_transfer8(SSISlave *ss, uint32_t tx)
          s->data[s->len] = (uint8_t)tx;
          s->len++;
  -        if (s->len == s->needed_bytes) {
+ if ((s->len >= s->needed_bytes) || (s->len >= sizeof(s->data))) {
              complete_collecting_data(s);
          }
          break;
Do you have exact scenario that caused the problem?

When booting Xvisor (http://xhypervisor.org/) on top of Qemu emulated Sabrelite.

During the boot Qemu would segfault while writing to the SPI flash.
Thanks, I'll try to take I look.

Once you have built Xvisor for "generic ARMv7" you can run the following command.

qemu-system-arm -M sabrelite -display none -serial null -serial stdio -kernel ./build/vmm.bin -initrd ./build/vmm.bin -dtb ./build/arch/arm/board/generic/dts/imx6/sabrelite-a9/one_guest_sabrelite-a9.dtb

You can also run Qemu  under valgrind that will pinpoint the problem.

JC


Generally it should not happen.

The fact is that there is no protection to make sure the data array is not overrun.
Yes. IMHO it could be nice to log some error here and reset state machine instead
of going to next state.

May be it should not happen but it did happen in this case ....
Yeap, but this mean m25p80's state machine goes nuts. Overflow is just a symptom
that something wrong is going on.

Thanks,
Marcin

JC



Thanks,
Marcin










reply via email to

[Prev in Thread] Current Thread [Next in Thread]