From patchwork Tue Jul 23 13:10:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 13739982 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 05ABBC3DA63 for ; Tue, 23 Jul 2024 13:11:38 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sWFHt-0006Ai-Ss; Tue, 23 Jul 2024 09:10:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sWFHr-00062I-Up for qemu-devel@nongnu.org; Tue, 23 Jul 2024 09:10:39 -0400 Received: from mail-wr1-x42e.google.com ([2a00:1450:4864:20::42e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sWFHn-0000I1-8p for qemu-devel@nongnu.org; Tue, 23 Jul 2024 09:10:39 -0400 Received: by mail-wr1-x42e.google.com with SMTP id ffacd0b85a97d-367940c57ddso2873350f8f.3 for ; Tue, 23 Jul 2024 06:10:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721740232; x=1722345032; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=W5/2nCZDxS1NroX7MRC4z7mOFdk6Q7iI8dAfdB9mODo=; b=P/WUR4qm+m0EkC+N6rdpGohoCRsrOlnsKZKNYm0rudJ7NemCMtVEnnvcvSEyzHLqYt nv4slL99TDft0Qf2bexkuDepajoB4kFIc8wbqjDZVv88+lMVke43RXxD2BtHQoeNPgXb Ph7bYBz79QYwddQ1S9jtDnKhqa1AfBHFnumUX976Ik772u8iwEMhj8lvnjyy66FCntEq ETNjGCWd6ef4R2S3cr/LehcJlgBFbvUbgtglOQqjgXsjvdTP6TJNXK9O2WuTji+vNipz ge5aYPyBdc9e+R4/qJZ8zbjLdabsLUUNKoTudF4jFOjhhske8KQxJ7guuTw6oTmrAebR 0t+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721740232; x=1722345032; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=W5/2nCZDxS1NroX7MRC4z7mOFdk6Q7iI8dAfdB9mODo=; b=A5Z+jNBOpBigLnfu5V28YWkeuAEXYNh5f0HvAQfzE33zJ7ktaHv2x8sROSt7woRGyH rDHswr8mb8IgmNdon08LGJA2VRIRKmmQlCAWVgMDKg6NRXQarXIgNZvhs0uxwiPq8eyh smVLtpZmpVKHFoAHFBNFE7nN1U+69781ZJnQHw0THZwApQIwyN7fp0gOFWOaIVlwB+yV ruEzJkHQcRIPafX4sFmV3oAzmnzAJF7aRJcE4cIxYMB2uAq0/zSt1Kw8HBMc59V65IEl a4M9iHUDh4pFcqdiFkWHfioyc3HM0rVWJ4uh3ww3vPWlSxMU6bDQ3rWWCOwDTFzsGWRf E3tw== X-Forwarded-Encrypted: i=1; AJvYcCXrEicnbdq2wYQ9g/PdALZq9IFCx19inQs76sCYX0TJPvXRsY+aEyveBHQmZejOPjrIN0KWSFFKe1MMJDZd1T9Y/kvVyE0= X-Gm-Message-State: AOJu0YzE9vvJKZ1f4M17u4P9nclxo4Smpl8oSWK0OWO+kiuGjyKC2N8F 1gTraKtDCWeEQub59wKS7KkO9WuZGR2FLe0CWHRd0KdO76US+dNSM7Cpu3mLNVo= X-Google-Smtp-Source: AGHT+IHV51C2yixg0ReZM1mT0U6xpxPtF15tJcc6kgrv77EMF3QrwhowO4fprc2RwYcNKWW5bG3Ydw== X-Received: by 2002:a05:6000:114f:b0:368:6911:6758 with SMTP id ffacd0b85a97d-369bae25123mr6857565f8f.40.1721740231928; Tue, 23 Jul 2024 06:10:31 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-36878684773sm11560157f8f.7.2024.07.23.06.10.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jul 2024 06:10:31 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , qemu-stable@nongnu.org Subject: [PATCH 1/4] hw/misc/bcm2835_property: Fix handling of FRAMEBUFFER_SET_PALETTE Date: Tue, 23 Jul 2024 14:10:26 +0100 Message-Id: <20240723131029.1159908-2-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240723131029.1159908-1-peter.maydell@linaro.org> References: <20240723131029.1159908-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::42e; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x42e.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org The documentation of the "Set palette" mailbox property at https://github.com/raspberrypi/firmware/wiki/Mailbox-property-interface#set-palette says it has the form: Length: 24..1032 Value: u32: offset: first palette index to set (0-255) u32: length: number of palette entries to set (1-256) u32...: RGBA palette values (offset to offset+length-1) We get this wrong in a couple of ways: * we aren't checking the offset and length are in range, so the guest can make us spin for a long time by providing a large length * the bounds check on our loop is wrong: we should iterate through 'length' palette entries, not 'length - offset' entries Fix the loop to implement the bounds checks and get the loop condition right. In the process, make the variables local to this switch case, rather than function-global, so it's clearer what type they are when reading the code. Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé --- hw/misc/bcm2835_property.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c index 63de3db6215..e28fdca9846 100644 --- a/hw/misc/bcm2835_property.c +++ b/hw/misc/bcm2835_property.c @@ -31,7 +31,6 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) size_t resplen; uint32_t tmp; int n; - uint32_t offset, length, color; uint32_t start_num, number, otp_row; /* @@ -274,19 +273,25 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) resplen = 16; break; case RPI_FWREQ_FRAMEBUFFER_SET_PALETTE: - offset = ldl_le_phys(&s->dma_as, value + 12); - length = ldl_le_phys(&s->dma_as, value + 16); - n = 0; - while (n < length - offset) { - color = ldl_le_phys(&s->dma_as, value + 20 + (n << 2)); - stl_le_phys(&s->dma_as, - s->fbdev->vcram_base + ((offset + n) << 2), color); - n++; + { + uint32_t offset = ldl_le_phys(&s->dma_as, value + 12); + uint32_t length = ldl_le_phys(&s->dma_as, value + 16); + int resp; + + if (offset > 255 || length < 1 || length > 256) { + resp = 1; /* invalid request */ + } else { + for (uint32_t e = 0; e < length; e++) { + uint32_t color = ldl_le_phys(&s->dma_as, value + 20 + (e << 2)); + stl_le_phys(&s->dma_as, + s->fbdev->vcram_base + ((offset + e) << 2), color); + } + resp = 0; } - stl_le_phys(&s->dma_as, value + 12, 0); + stl_le_phys(&s->dma_as, value + 12, resp); resplen = 4; break; - + } case RPI_FWREQ_FRAMEBUFFER_GET_NUM_DISPLAYS: stl_le_phys(&s->dma_as, value + 12, 1); resplen = 4; From patchwork Tue Jul 23 13:10:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 13739985 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 50A7DC3DA63 for ; Tue, 23 Jul 2024 13:12:16 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sWFHu-0006Cg-8q; Tue, 23 Jul 2024 09:10:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sWFHr-00061h-Pt for qemu-devel@nongnu.org; Tue, 23 Jul 2024 09:10:39 -0400 Received: from mail-wr1-x432.google.com ([2a00:1450:4864:20::432]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sWFHm-0000IU-Km for qemu-devel@nongnu.org; Tue, 23 Jul 2024 09:10:39 -0400 Received: by mail-wr1-x432.google.com with SMTP id ffacd0b85a97d-3683f56b9bdso2853560f8f.1 for ; Tue, 23 Jul 2024 06:10:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721740233; x=1722345033; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GDjhGJy1uudDNK18CuZuB7KjPJkSAemQ7/iwEkdj0Zo=; b=RrdPzu6+30zuIbQp484MFe5pJaqtTFWPHwaXfTnw1C+2Hn20rGby5L2eqDOtMF7O8G HRvWeyC2FMlRuH/g7dlcVdTNO2oHn25oilBXnnwAekgvm9gN9Tsoe5kVOK/SRoOJkQFq kuJ0MGlBSDKxuYfndb6slv2Mmv1itYPa5d8FJbOS66HUCr3cQcbsiZ7pcpYE1dBvngGZ CBE3DQ77DuLnsPnZeVNu2hY7yL75pIf7TVKWLqnr8o0rbdO9bNaESTe2tc5KQsow9Q3x ay9Ws4vGDQ0qioVod2CYj0YoqXFzXX3GYRWqHT4KN6Folw1oX8VsWCVCAxW0uPMF/fil P0ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721740233; x=1722345033; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GDjhGJy1uudDNK18CuZuB7KjPJkSAemQ7/iwEkdj0Zo=; b=L+d9bWlUDV80ycfh+zUy0hf2sBeZCcb4qQGXnirIUQAbdEtsJkTbV6jgdl+G5aNeAm XGP4IMcs+fVJmFS42z1XskwVXQZAXmRF8M4lGWGLFnxgGNIJYNPPQOFHatJZ2jcY073c scZKmGoeEoX8JslUthuAIqsrTqmm+ELD3ObbJvsmrNmvcQotq5yQpiWWRfHliXm7s8KP EP4vfnPewUYmTvG5thQGrD15nc48812YJizS4KljdW5Rwy4n6fQZEtDlLq3DnaixUdWI dYat9ZIonyv+zVgCMxZRuYVXVjL2l6/lJsbpp3aoKlHg+5aphAavu1uXb9gA/r3wwdLN UyXA== X-Forwarded-Encrypted: i=1; AJvYcCWkQq7g/xoZ7dqa3AdRad0nAHwnLvQiBPmEgRnSdjAH8iigHqOv/5i5IYnsUuIcJ2pXapd0Eg+lNLJr2XRdQiUGu25oHOo= X-Gm-Message-State: AOJu0Yxly8Y46FYIGgKzYxisprC7hghdaRmvrfjaxSSx4Hjmri1yL+46 2XNIxqS//RueVDrI1zQH4m3OnsHSvugNi7KPXlS8ND1Tac6CA7fltT9djBozB94= X-Google-Smtp-Source: AGHT+IEAfENa1RvpqhWOb4/+XNcHH9raZ152OHoY68lNbEjmwiQBJsPG68tqnK5n228J0dthsPFLbw== X-Received: by 2002:a05:6000:44:b0:369:b849:61b0 with SMTP id ffacd0b85a97d-369bbc69874mr6079499f8f.43.1721740232571; Tue, 23 Jul 2024 06:10:32 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-36878684773sm11560157f8f.7.2024.07.23.06.10.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jul 2024 06:10:32 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , qemu-stable@nongnu.org Subject: [PATCH 2/4] hw/misc/bcm2835_property: Avoid overflow in OTP access properties Date: Tue, 23 Jul 2024 14:10:27 +0100 Message-Id: <20240723131029.1159908-3-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240723131029.1159908-1-peter.maydell@linaro.org> References: <20240723131029.1159908-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::432; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x432.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Coverity points out that in our handling of the property RPI_FWREQ_SET_CUSTOMER_OTP we have a potential overflow. This happens because we read start_num and number from the guest as unsigned 32 bit integers, but then the variable 'n' we use as a loop counter as we iterate from start_num to start_num + number is only an "int". That means that if the guest passes us a very large start_num we will interpret it as negative. This will result in an assertion failure inside bcm2835_otp_set_row(), which checks that we didn't pass it an invalid row number. A similar issue applies to all the properties for accessing OTP rows where we are iterating through with a start and length read from the guest. Use uint32_t for the loop counter to avoid this problem. Because in all cases 'n' is only used as a loop counter, we can do this as part of the for(), restricting its scope to exactly where we need it. Resolves: Coverity CID 1549401 Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé --- hw/misc/bcm2835_property.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c index e28fdca9846..7eb623b4e90 100644 --- a/hw/misc/bcm2835_property.c +++ b/hw/misc/bcm2835_property.c @@ -30,7 +30,6 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) uint32_t tot_len; size_t resplen; uint32_t tmp; - int n; uint32_t start_num, number, otp_row; /* @@ -337,7 +336,7 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) resplen = 8 + 4 * number; - for (n = start_num; n < start_num + number && + for (uint32_t n = start_num; n < start_num + number && n < BCM2835_OTP_CUSTOMER_OTP_LEN; n++) { otp_row = bcm2835_otp_get_row(s->otp, BCM2835_OTP_CUSTOMER_OTP + n); @@ -366,7 +365,7 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) break; } - for (n = start_num; n < start_num + number && + for (uint32_t n = start_num; n < start_num + number && n < BCM2835_OTP_CUSTOMER_OTP_LEN; n++) { otp_row = ldl_le_phys(&s->dma_as, value + 20 + ((n - start_num) << 2)); @@ -383,7 +382,7 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) resplen = 8 + 4 * number; - for (n = start_num; n < start_num + number && + for (uint32_t n = start_num; n < start_num + number && n < BCM2835_OTP_PRIVATE_KEY_LEN; n++) { otp_row = bcm2835_otp_get_row(s->otp, BCM2835_OTP_PRIVATE_KEY + n); @@ -403,7 +402,7 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) break; } - for (n = start_num; n < start_num + number && + for (uint32_t n = start_num; n < start_num + number && n < BCM2835_OTP_PRIVATE_KEY_LEN; n++) { otp_row = ldl_le_phys(&s->dma_as, value + 20 + ((n - start_num) << 2)); From patchwork Tue Jul 23 13:10:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 13739984 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 614A6C3DA70 for ; Tue, 23 Jul 2024 13:12:16 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sWFHv-0006H3-Ai; Tue, 23 Jul 2024 09:10:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sWFHt-00068o-DT for qemu-devel@nongnu.org; Tue, 23 Jul 2024 09:10:41 -0400 Received: from mail-lf1-x135.google.com ([2a00:1450:4864:20::135]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sWFHp-0000JD-8i for qemu-devel@nongnu.org; Tue, 23 Jul 2024 09:10:41 -0400 Received: by mail-lf1-x135.google.com with SMTP id 2adb3069b0e04-52efc89dbedso2955585e87.3 for ; Tue, 23 Jul 2024 06:10:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721740234; x=1722345034; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9E2PaL3j+vd9cDXCmCuxFcqlpV5vqk14FssyzTSrOZg=; b=kZGaOpVuBAkbvhXWcHHAwlkKHgia25On/j2OTsM42IDzh7OUrikyYn8pFgdvOJgM/d ZZnb6k7UWVWYVaOgAV2aa6hNtoaQsmV+NvPXUb+x4wzyB6gvAYb0X/kcU5rjr6dcMauB HV/L4Fog5E52NrKsrAY0ZDGxL1+RIVggGHf8atbffek6vfFDbHpd+sQUPdgEn4gXaF9b bEtnDUuYhz6IxlO1NTqfMI2Q13HvDCzhC+8egr043WOOMX6vZVAhAMocw2cflybGS9bN mnERjNXZisIg8X4AOGWA5JRRtXfITynnYaCxI8gWx6P4ii7b5QFA/Ao+O47A+MO9sOp6 e9QA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721740234; x=1722345034; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9E2PaL3j+vd9cDXCmCuxFcqlpV5vqk14FssyzTSrOZg=; b=myc3aeA0dNdtTuoqeltTU7B0jd0Zl+YtdLafdBrXG2Be+bvnTRAK1b/DGkgkpbwQvx /LH1Yt3CkS7rUl6u3raVcK98R7KH0SXO68trR5ELglGxkJgnObdCeNxzduByapK7xnbp 3XB+VbEOQe0xmYAh+2IGZShg3qj1TC+nABVeS6aKd0pQdMqiGRu3MstMNEA6OWYCPe9/ 3mkvtI2ETaD60VXE12ITacvmyIjAO5qvW1ObMq09MI1Ty4oypuwJlOLCMmijeXAh/jNl eVBmdFs23HJ549vZ6Vcc+p3UL1ROFBm4pSkRzSRYwCLgyoSXYRWurvzlQXhYoEuaJ5ax PRSQ== X-Forwarded-Encrypted: i=1; AJvYcCW9l759e9vfs2fbL6BoKk7+oFvv7IiHzDLJ14qtj760cV4MAV6NFz8glomIkAFrOwOPxsVJJH+mz96uR36RPU+gK1Wnz+Y= X-Gm-Message-State: AOJu0YzjdtRssDQEBLWqbhW3Fb7Tvs/C6zsVZQpBocWJijFOBSOcT8v/ +aLji8dhVj16Ymmyb+Rr57g9h8m8Jo+ex28nGn6B6V44LFP4//1cdAsBdI6o+tE= X-Google-Smtp-Source: AGHT+IFcizaRioyjYgfnqVrCriDr+aSHUXDXa34JUzYsPpDj19b/s4b22ofkAXjUJ5J4hhhGGSjHIw== X-Received: by 2002:a05:6512:31d5:b0:52e:97dd:327b with SMTP id 2adb3069b0e04-52fc4047a95mr2439492e87.23.1721740234156; Tue, 23 Jul 2024 06:10:34 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-36878684773sm11560157f8f.7.2024.07.23.06.10.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jul 2024 06:10:32 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , qemu-stable@nongnu.org Subject: [PATCH 3/4] hw/misc/bcm2835_property: Restrict scope of start_num, number, otp_row Date: Tue, 23 Jul 2024 14:10:28 +0100 Message-Id: <20240723131029.1159908-4-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240723131029.1159908-1-peter.maydell@linaro.org> References: <20240723131029.1159908-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::135; envelope-from=peter.maydell@linaro.org; helo=mail-lf1-x135.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org In the long function bcm2835_property_mbox_push(), the variables start_num, number and otp_row are used only in the four cases which access OTP data, and their uses don't overlap with each other. Make these variables have scope restricted to the cases where they're used, so it's easier to read each individual case without having to cross-refer up to the variable declaration at the top of the function and check whether the variable is also used later in the loop. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé --- hw/misc/bcm2835_property.c | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c index 7eb623b4e90..443d42a1824 100644 --- a/hw/misc/bcm2835_property.c +++ b/hw/misc/bcm2835_property.c @@ -30,7 +30,6 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) uint32_t tot_len; size_t resplen; uint32_t tmp; - uint32_t start_num, number, otp_row; /* * Copy the current state of the framebuffer config; we will update @@ -331,22 +330,25 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) /* Customer OTP */ case RPI_FWREQ_GET_CUSTOMER_OTP: - start_num = ldl_le_phys(&s->dma_as, value + 12); - number = ldl_le_phys(&s->dma_as, value + 16); + { + uint32_t start_num = ldl_le_phys(&s->dma_as, value + 12); + uint32_t number = ldl_le_phys(&s->dma_as, value + 16); resplen = 8 + 4 * number; for (uint32_t n = start_num; n < start_num + number && n < BCM2835_OTP_CUSTOMER_OTP_LEN; n++) { - otp_row = bcm2835_otp_get_row(s->otp, + uint32_t otp_row = bcm2835_otp_get_row(s->otp, BCM2835_OTP_CUSTOMER_OTP + n); stl_le_phys(&s->dma_as, value + 20 + ((n - start_num) << 2), otp_row); } break; + } case RPI_FWREQ_SET_CUSTOMER_OTP: - start_num = ldl_le_phys(&s->dma_as, value + 12); - number = ldl_le_phys(&s->dma_as, value + 16); + { + uint32_t start_num = ldl_le_phys(&s->dma_as, value + 12); + uint32_t number = ldl_le_phys(&s->dma_as, value + 16); resplen = 4; @@ -367,32 +369,35 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) for (uint32_t n = start_num; n < start_num + number && n < BCM2835_OTP_CUSTOMER_OTP_LEN; n++) { - otp_row = ldl_le_phys(&s->dma_as, + uint32_t otp_row = ldl_le_phys(&s->dma_as, value + 20 + ((n - start_num) << 2)); bcm2835_otp_set_row(s->otp, BCM2835_OTP_CUSTOMER_OTP + n, otp_row); } break; + } /* Device-specific private key */ - case RPI_FWREQ_GET_PRIVATE_KEY: - start_num = ldl_le_phys(&s->dma_as, value + 12); - number = ldl_le_phys(&s->dma_as, value + 16); + { + uint32_t start_num = ldl_le_phys(&s->dma_as, value + 12); + uint32_t number = ldl_le_phys(&s->dma_as, value + 16); resplen = 8 + 4 * number; for (uint32_t n = start_num; n < start_num + number && n < BCM2835_OTP_PRIVATE_KEY_LEN; n++) { - otp_row = bcm2835_otp_get_row(s->otp, + uint32_t otp_row = bcm2835_otp_get_row(s->otp, BCM2835_OTP_PRIVATE_KEY + n); stl_le_phys(&s->dma_as, value + 20 + ((n - start_num) << 2), otp_row); } break; + } case RPI_FWREQ_SET_PRIVATE_KEY: - start_num = ldl_le_phys(&s->dma_as, value + 12); - number = ldl_le_phys(&s->dma_as, value + 16); + { + uint32_t start_num = ldl_le_phys(&s->dma_as, value + 12); + uint32_t number = ldl_le_phys(&s->dma_as, value + 16); resplen = 4; @@ -404,12 +409,13 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) for (uint32_t n = start_num; n < start_num + number && n < BCM2835_OTP_PRIVATE_KEY_LEN; n++) { - otp_row = ldl_le_phys(&s->dma_as, + uint32_t otp_row = ldl_le_phys(&s->dma_as, value + 20 + ((n - start_num) << 2)); bcm2835_otp_set_row(s->otp, BCM2835_OTP_PRIVATE_KEY + n, otp_row); } break; + } default: qemu_log_mask(LOG_UNIMP, "bcm2835_property: unhandled tag 0x%08x\n", tag); From patchwork Tue Jul 23 13:10:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 13739983 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E7247C3DA49 for ; Tue, 23 Jul 2024 13:12:04 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sWFHv-0006H1-B2; Tue, 23 Jul 2024 09:10:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sWFHt-000680-7T for qemu-devel@nongnu.org; Tue, 23 Jul 2024 09:10:41 -0400 Received: from mail-wr1-x42e.google.com ([2a00:1450:4864:20::42e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sWFHp-0000JM-9F for qemu-devel@nongnu.org; Tue, 23 Jul 2024 09:10:40 -0400 Received: by mail-wr1-x42e.google.com with SMTP id ffacd0b85a97d-3685afd0c56so1241480f8f.1 for ; Tue, 23 Jul 2024 06:10:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1721740235; x=1722345035; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+9KvsvCHEGhZpad6dixP1T8PrskYUM3EAVWT0geUExQ=; b=ug0xCqAt8eSQNeZWAGoHnUNtpN68RNML7fAaZlCxHHxT7q+6n0Jhe+VsDV6IaYVgFf dHyNhy44zO5XMzYPYA7S9lWZTXFXk5OXxCcv+74aikdgknQfJ5FpNP/pWHb5qJQAwtri +soepWP7W5n3YS9gnM5vlB6xlCUP9MTPtTa4magj6kSzz1DTqEspe6Toy/vunxlGl1R5 qn0rlXWanCzFLdRgQkVPMevYl5QClWItq/8FcEQAJTSkRRyycsQfA4De7QApn3+VJ1NP tJqfVAs5WqaIWZYFVFSyhs6cMJzh5SsF7tE0L73ZdTXxGBghiQ8rii9/x5ST9DtGc80q cCww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721740235; x=1722345035; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+9KvsvCHEGhZpad6dixP1T8PrskYUM3EAVWT0geUExQ=; b=ORrZPxE/rmXFVkxYBhW5yz8M73dC60ZJfLbot/duI10NfZKW8BEB9FXgex241wxK29 Taq6//bjzFd8r33gQhBm4oRz/OVvCoyx57Lm0gdtdine9WL+/8OwwFpbPGqiLecoOPbp fRi5cYDkqzzeSGwu008zey8AWwXj6e8UcooqS+Zldtjp75xg5Yx05v/RUCp2qTJbe8dC yX86LWeriZ6E2K+lq2nSOjDiooteZb85YWCAw19MfMhtETa4/CzBwaQW76B41RNouwuG Rwwj1CqGPr2PzD/Zd0tCudDTTIenvhf+ksassVO6EF0bCM1g5ZUGNdv2WRh/NHdlbUoH Fr4A== X-Forwarded-Encrypted: i=1; AJvYcCX8XfzRoFDaTxyo5N7LzZDYGjEkKpzfZWswwQoUjQ5BSeFHqU8mRJPqpx4smb0Ul+NfjX3/JHP5K6ij/7is2H7PXNTvypc= X-Gm-Message-State: AOJu0YwEd0DEeFWwsBGROR9wQya9PjUwH9/RNtBfyl0hB3PvhYGBaiV+ /uQs41nmPTI6xc3SoOgJYqIZUypoX4i+N/445y0diQvohButZeGQC7i+amxCInA= X-Google-Smtp-Source: AGHT+IHnneHMJzfHbnhqLtrMriByvPyY9qDHzF0wXdcCnfRUWJOL9+T2+LYVdsVAbfUxlF/nGnOi4w== X-Received: by 2002:a05:6000:1b08:b0:367:4e1a:240e with SMTP id ffacd0b85a97d-369bb2a1bc4mr5642881f8f.50.1721740234887; Tue, 23 Jul 2024 06:10:34 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-36878684773sm11560157f8f.7.2024.07.23.06.10.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jul 2024 06:10:34 -0700 (PDT) From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , qemu-stable@nongnu.org Subject: [PATCH 4/4] hw/misc/bcm2835_property: Reduce scope of variables in mbox push function Date: Tue, 23 Jul 2024 14:10:29 +0100 Message-Id: <20240723131029.1159908-5-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240723131029.1159908-1-peter.maydell@linaro.org> References: <20240723131029.1159908-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::42e; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x42e.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org In bcm2835_property_mbox_push(), some variables are defined at function scope but used only in a smaller scope of the function: * tag, bufsize, resplen are used only in the body of the while() loop * tmp is used only for RPI_FWREQ_SET_POWER_STATE (and is badly named) Declare these variables in the scope where they're needed, so the code is easier to read. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé --- hw/misc/bcm2835_property.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c index 443d42a1824..8ca3128f29b 100644 --- a/hw/misc/bcm2835_property.c +++ b/hw/misc/bcm2835_property.c @@ -25,11 +25,7 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) { - uint32_t tag; - uint32_t bufsize; uint32_t tot_len; - size_t resplen; - uint32_t tmp; /* * Copy the current state of the framebuffer config; we will update @@ -48,10 +44,10 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) /* @(addr + 4) : Buffer response code */ value = s->addr + 8; while (value + 8 <= s->addr + tot_len) { - tag = ldl_le_phys(&s->dma_as, value); - bufsize = ldl_le_phys(&s->dma_as, value + 4); + uint32_t tag = ldl_le_phys(&s->dma_as, value); + uint32_t bufsize = ldl_le_phys(&s->dma_as, value + 4); /* @(value + 8) : Request/response indicator */ - resplen = 0; + size_t resplen = 0; switch (tag) { case RPI_FWREQ_PROPERTY_END: break; @@ -95,13 +91,16 @@ static void bcm2835_property_mbox_push(BCM2835PropertyState *s, uint32_t value) resplen = 8; break; case RPI_FWREQ_SET_POWER_STATE: - /* Assume that whatever device they asked for exists, - * and we'll just claim we set it to the desired state + { + /* + * Assume that whatever device they asked for exists, + * and we'll just claim we set it to the desired state. */ - tmp = ldl_le_phys(&s->dma_as, value + 16); - stl_le_phys(&s->dma_as, value + 16, (tmp & 1)); + uint32_t state = ldl_le_phys(&s->dma_as, value + 16); + stl_le_phys(&s->dma_as, value + 16, (state & 1)); resplen = 8; break; + } /* Clocks */