| Message ID | 20240428181156.24071-1-adiupina@astralinux.ru (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v4] fix endianness bug | expand |
On Sun, 28 Apr 2024 at 19:12, Alexandra Diupina <adiupina@astralinux.ru> wrote: > > Add xlnx_dpdma_read_descriptor() and > xlnx_dpdma_write_descriptor() functions. > xlnx_dpdma_read_descriptor() combines reading a > descriptor from desc_addr by calling dma_memory_read() > and swapping the desc fields from guest memory order > to host memory order. xlnx_dpdma_write_descriptor() > performs similar actions when writing a descriptor. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: d3c6369a96 ("introduce xlnx-dpdma") > Signed-off-by: Alexandra Diupina <adiupina@astralinux.ru> > --- > v4: remove rewriting desc in place > v3: add xlnx_dpdma_write_descriptor() > v2: minor changes in xlnx_dpdma_read_descriptor() > hw/dma/xlnx_dpdma.c | 63 ++++++++++++++++++++++++++++++++++++++++++--- > 1 file changed, 59 insertions(+), 4 deletions(-) > > diff --git a/hw/dma/xlnx_dpdma.c b/hw/dma/xlnx_dpdma.c > index 1f5cd64ed1..e9133e9dcb 100644 > --- a/hw/dma/xlnx_dpdma.c > +++ b/hw/dma/xlnx_dpdma.c > @@ -614,6 +614,63 @@ static void xlnx_dpdma_register_types(void) > type_register_static(&xlnx_dpdma_info); > } > > +static MemTxResult xlnx_dpdma_read_descriptor(XlnxDPDMAState *s, > + uint64_t desc_addr, DPDMADescriptor *desc) > +{ > + if (dma_memory_read(&address_space_memory, desc_addr, &desc, > + sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED)) { > + return MEMTX_ERROR; You should return the return value you got from dma_memory_read() here. > + } > + > + /* Convert from LE into host endianness. */ > + desc->control = le32_to_cpu(desc->control); > + desc->descriptor_id = le32_to_cpu(desc->descriptor_id); > + desc->xfer_size = le32_to_cpu(desc->xfer_size); > + desc->line_size_stride = le32_to_cpu(desc->line_size_stride); > + desc->timestamp_lsb = le32_to_cpu(desc->timestamp_lsb); > + desc->timestamp_msb = le32_to_cpu(desc->timestamp_msb); > + desc->address_extension = le32_to_cpu(desc->address_extension); > + desc->next_descriptor = le32_to_cpu(desc->next_descriptor); > + desc->source_address = le32_to_cpu(desc->source_address); > + desc->address_extension_23 = le32_to_cpu(desc->address_extension_23); > + desc->address_extension_45 = le32_to_cpu(desc->address_extension_45); > + desc->source_address2 = le32_to_cpu(desc->source_address2); > + desc->source_address3 = le32_to_cpu(desc->source_address3); > + desc->source_address4 = le32_to_cpu(desc->source_address4); > + desc->source_address5 = le32_to_cpu(desc->source_address5); > + desc->crc = le32_to_cpu(desc->crc); > + > + return MEMTX_OK; > +} > + > +static void xlnx_dpdma_write_descriptor(uint64_t desc_addr, > + DPDMADescriptor *desc) > +{ > + DPDMADescriptor* tmp_desc = (DPDMADescriptor *)malloc(sizeof(DPDMADescriptor)); > + memcpy(tmp_desc, desc, sizeof(desc)); The descriptor structure is not very big, we don't need to malloc it. So we can do: DPDMADescriptor tmp_desc = *desc; (adjusting the code below to match). > + > + /* Convert from host endianness into LE. */ > + tmp_desc->control = cpu_to_le32(tmp_desc->control); > + tmp_desc->descriptor_id = cpu_to_le32(tmp_desc->descriptor_id); > + tmp_desc->xfer_size = cpu_to_le32(tmp_desc->xfer_size); > + tmp_desc->line_size_stride = cpu_to_le32(tmp_desc->line_size_stride); > + tmp_desc->timestamp_lsb = cpu_to_le32(tmp_desc->timestamp_lsb); > + tmp_desc->timestamp_msb = cpu_to_le32(tmp_desc->timestamp_msb); > + tmp_desc->address_extension = cpu_to_le32(tmp_desc->address_extension); > + tmp_desc->next_descriptor = cpu_to_le32(tmp_desc->next_descriptor); > + tmp_desc->source_address = cpu_to_le32(tmp_desc->source_address); > + tmp_desc->address_extension_23 = cpu_to_le32(tmp_desc->address_extension_23); > + tmp_desc->address_extension_45 = cpu_to_le32(tmp_desc->address_extension_45); > + tmp_desc->source_address2 = cpu_to_le32(tmp_desc->source_address2); > + tmp_desc->source_address3 = cpu_to_le32(tmp_desc->source_address3); > + tmp_desc->source_address4 = cpu_to_le32(tmp_desc->source_address4); > + tmp_desc->source_address5 = cpu_to_le32(tmp_desc->source_address5); > + tmp_desc->crc = cpu_to_le32(tmp_desc->crc); > + > + dma_memory_write(&address_space_memory, desc_addr, tmp_desc, > + sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED); I know we don't check the return value at the callsite, but we might as well do "return dma_memory_write(...)" here. > +} > + > size_t xlnx_dpdma_start_operation(XlnxDPDMAState *s, uint8_t channel, > bool one_desc) > { > @@ -651,8 +708,7 @@ size_t xlnx_dpdma_start_operation(XlnxDPDMAState *s, uint8_t channel, > desc_addr = xlnx_dpdma_descriptor_next_address(s, channel); > } > > - if (dma_memory_read(&address_space_memory, desc_addr, &desc, > - sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED)) { > + if (xlnx_dpdma_read_descriptor(s, desc_addr, &desc)) { > s->registers[DPDMA_EISR] |= ((1 << 1) << channel); > xlnx_dpdma_update_irq(s); > s->operation_finished[channel] = true; > @@ -755,8 +811,7 @@ size_t xlnx_dpdma_start_operation(XlnxDPDMAState *s, uint8_t channel, > /* The descriptor need to be updated when it's completed. */ > DPRINTF("update the descriptor with the done flag set.\n"); > xlnx_dpdma_desc_set_done(&desc); > - dma_memory_write(&address_space_memory, desc_addr, &desc, > - sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED); > + xlnx_dpdma_write_descriptor(desc_addr, &desc); > } > > if (xlnx_dpdma_desc_completion_interrupt(&desc)) { > -- > 2.30.2 thanks -- PMM
Alexandra Diupina <adiupina@astralinux.ru> writes: As the subject is what ends up in the shortlog it is useful to prefix the subsystem to make it easier to see what was touched when reviewing log files. So maybe: xlnx_dpdma: fix endianness bug or even: xlnx_dpdma: fix descriptor endianness bug as we have space within the 60 or so chars recommended for subject lines ;-) <snip>
diff --git a/hw/dma/xlnx_dpdma.c b/hw/dma/xlnx_dpdma.c index 1f5cd64ed1..e9133e9dcb 100644 --- a/hw/dma/xlnx_dpdma.c +++ b/hw/dma/xlnx_dpdma.c @@ -614,6 +614,63 @@ static void xlnx_dpdma_register_types(void) type_register_static(&xlnx_dpdma_info); } +static MemTxResult xlnx_dpdma_read_descriptor(XlnxDPDMAState *s, + uint64_t desc_addr, DPDMADescriptor *desc) +{ + if (dma_memory_read(&address_space_memory, desc_addr, &desc, + sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED)) { + return MEMTX_ERROR; + } + + /* Convert from LE into host endianness. */ + desc->control = le32_to_cpu(desc->control); + desc->descriptor_id = le32_to_cpu(desc->descriptor_id); + desc->xfer_size = le32_to_cpu(desc->xfer_size); + desc->line_size_stride = le32_to_cpu(desc->line_size_stride); + desc->timestamp_lsb = le32_to_cpu(desc->timestamp_lsb); + desc->timestamp_msb = le32_to_cpu(desc->timestamp_msb); + desc->address_extension = le32_to_cpu(desc->address_extension); + desc->next_descriptor = le32_to_cpu(desc->next_descriptor); + desc->source_address = le32_to_cpu(desc->source_address); + desc->address_extension_23 = le32_to_cpu(desc->address_extension_23); + desc->address_extension_45 = le32_to_cpu(desc->address_extension_45); + desc->source_address2 = le32_to_cpu(desc->source_address2); + desc->source_address3 = le32_to_cpu(desc->source_address3); + desc->source_address4 = le32_to_cpu(desc->source_address4); + desc->source_address5 = le32_to_cpu(desc->source_address5); + desc->crc = le32_to_cpu(desc->crc); + + return MEMTX_OK; +} + +static void xlnx_dpdma_write_descriptor(uint64_t desc_addr, + DPDMADescriptor *desc) +{ + DPDMADescriptor* tmp_desc = (DPDMADescriptor *)malloc(sizeof(DPDMADescriptor)); + memcpy(tmp_desc, desc, sizeof(desc)); + + /* Convert from host endianness into LE. */ + tmp_desc->control = cpu_to_le32(tmp_desc->control); + tmp_desc->descriptor_id = cpu_to_le32(tmp_desc->descriptor_id); + tmp_desc->xfer_size = cpu_to_le32(tmp_desc->xfer_size); + tmp_desc->line_size_stride = cpu_to_le32(tmp_desc->line_size_stride); + tmp_desc->timestamp_lsb = cpu_to_le32(tmp_desc->timestamp_lsb); + tmp_desc->timestamp_msb = cpu_to_le32(tmp_desc->timestamp_msb); + tmp_desc->address_extension = cpu_to_le32(tmp_desc->address_extension); + tmp_desc->next_descriptor = cpu_to_le32(tmp_desc->next_descriptor); + tmp_desc->source_address = cpu_to_le32(tmp_desc->source_address); + tmp_desc->address_extension_23 = cpu_to_le32(tmp_desc->address_extension_23); + tmp_desc->address_extension_45 = cpu_to_le32(tmp_desc->address_extension_45); + tmp_desc->source_address2 = cpu_to_le32(tmp_desc->source_address2); + tmp_desc->source_address3 = cpu_to_le32(tmp_desc->source_address3); + tmp_desc->source_address4 = cpu_to_le32(tmp_desc->source_address4); + tmp_desc->source_address5 = cpu_to_le32(tmp_desc->source_address5); + tmp_desc->crc = cpu_to_le32(tmp_desc->crc); + + dma_memory_write(&address_space_memory, desc_addr, tmp_desc, + sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED); +} + size_t xlnx_dpdma_start_operation(XlnxDPDMAState *s, uint8_t channel, bool one_desc) { @@ -651,8 +708,7 @@ size_t xlnx_dpdma_start_operation(XlnxDPDMAState *s, uint8_t channel, desc_addr = xlnx_dpdma_descriptor_next_address(s, channel); } - if (dma_memory_read(&address_space_memory, desc_addr, &desc, - sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED)) { + if (xlnx_dpdma_read_descriptor(s, desc_addr, &desc)) { s->registers[DPDMA_EISR] |= ((1 << 1) << channel); xlnx_dpdma_update_irq(s); s->operation_finished[channel] = true; @@ -755,8 +811,7 @@ size_t xlnx_dpdma_start_operation(XlnxDPDMAState *s, uint8_t channel, /* The descriptor need to be updated when it's completed. */ DPRINTF("update the descriptor with the done flag set.\n"); xlnx_dpdma_desc_set_done(&desc); - dma_memory_write(&address_space_memory, desc_addr, &desc, - sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED); + xlnx_dpdma_write_descriptor(desc_addr, &desc); } if (xlnx_dpdma_desc_completion_interrupt(&desc)) {
Add xlnx_dpdma_read_descriptor() and xlnx_dpdma_write_descriptor() functions. xlnx_dpdma_read_descriptor() combines reading a descriptor from desc_addr by calling dma_memory_read() and swapping the desc fields from guest memory order to host memory order. xlnx_dpdma_write_descriptor() performs similar actions when writing a descriptor. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: d3c6369a96 ("introduce xlnx-dpdma") Signed-off-by: Alexandra Diupina <adiupina@astralinux.ru> --- v4: remove rewriting desc in place v3: add xlnx_dpdma_write_descriptor() v2: minor changes in xlnx_dpdma_read_descriptor() hw/dma/xlnx_dpdma.c | 63 ++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 59 insertions(+), 4 deletions(-)