From patchwork Sun Sep 8 13:11:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Huth X-Patchwork-Id: 13795459 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 041B0CD4F4C for ; Sun, 8 Sep 2024 13:12:38 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1snHht-0002uS-E5; Sun, 08 Sep 2024 09:11:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1snHho-0002pZ-Ij for qemu-devel@nongnu.org; Sun, 08 Sep 2024 09:11:52 -0400 Received: from mail-ed1-f46.google.com ([209.85.208.46]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1snHhm-0000fI-C1 for qemu-devel@nongnu.org; Sun, 08 Sep 2024 09:11:52 -0400 Received: by mail-ed1-f46.google.com with SMTP id 4fb4d7f45d1cf-5c3d20eed0bso3380775a12.0 for ; Sun, 08 Sep 2024 06:11:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725801109; x=1726405909; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QChWw5AXY/Eh/tPeZIzDezE86tfwMhZTwskv5OivgNc=; b=jQO6PMfTQPum76YKF1p8zuYAD0V0kddLE5tpKvh+dbBM3Hpppg74t9gxzbsFKQb0Ru wl1QvI2U+f5TWqYUevYbmOHqoI6hBcLBTf4O1oFDDZ9z9vp1v4yRYIoHabcauvANE1FD S9p+tBL4GU/w+iq8NIGQWQG4kRYEsT7ZNBI2P86Gsn2UjQwQbBe6fB0jZ4Lu675gDdBe X7xrhvLewO403a+73UO7ec3KO5OrxPwwqZnWyFwzr4iFg1Jz/vZZ6rEjGWWijJ5QJrOm bDAt2RY20mGR94WFLGZUaKS+dw6fQtw9b3Y93OOUf18LCoino/Vf4kx4s2Cs5VgrPjFE K3lQ== X-Gm-Message-State: AOJu0YyBkYUrWQp1ppnmdLmBdVKP15yh6zgcBNfaeH2ZBBdlBOOOo+9G bWjlWGDPCznuMT9Wcgm2mf3VOdENTft7IELmvH44dUE+i32eeHLINJz/Lw== X-Google-Smtp-Source: AGHT+IEW14NK54vrKJTAHbHmO5knB45raX2tnm0p2YVE4LYrIZy9el7V8N26AYLFKuwW4cpUut2zhw== X-Received: by 2002:a05:6402:13cc:b0:5c3:1089:ff23 with SMTP id 4fb4d7f45d1cf-5c3dc7c92bfmr5171376a12.35.1725801108417; Sun, 08 Sep 2024 06:11:48 -0700 (PDT) Received: from fedora.. (ip-109-43-115-52.web.vodafone.de. [109.43.115.52]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5c3ebd5212asm1842418a12.57.2024.09.08.06.11.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 Sep 2024 06:11:48 -0700 (PDT) From: Thomas Huth To: qemu-devel@nongnu.org Cc: Peter Maydell Subject: [PULL 1/3] hw/m68k/mcf5208: Avoid shifting off end of integer Date: Sun, 8 Sep 2024 15:11:26 +0200 Message-ID: <20240908131128.19384-2-huth@tuxfamily.org> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240908131128.19384-1-huth@tuxfamily.org> References: <20240908131128.19384-1-huth@tuxfamily.org> MIME-Version: 1.0 Received-SPF: pass client-ip=209.85.208.46; envelope-from=th.huth@gmail.com; helo=mail-ed1-f46.google.com X-Spam_score_int: -15 X-Spam_score: -1.6 X-Spam_bar: - X-Spam_report: (-1.6 / 5.0 requ) BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Peter Maydell In m5208_sys_read(), we have a loop of n from 0 to 31, and we calculate (2u << n). For the n == 31 iteration this will shift off the top of the unsigned 32 bit integer. This is harmless, because we're going to stop the loop with n == 31 anyway, but we can avoid the error by using 64-bit arithmetic here. (The SDCS0 register is documented at https://www.nxp.com/docs/en/reference-manual/MCF5208RM.pdf section 18.4.5; we want the lower 5 bits to indicate the RAM size, where 31 == 4GB, 30 == 2GB, and so on down. As it happens, the layout of the mcf5208evb board memory map means it doesn't make sense to have more than 1GB of RAM in any case.) Resolves: Coverity CID 1547727 Signed-off-by: Peter Maydell Reviewed-by: Thomas Huth Message-ID: <20240830173452.2086140-2-peter.maydell@linaro.org> Signed-off-by: Thomas Huth --- hw/m68k/mcf5208.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/m68k/mcf5208.c b/hw/m68k/mcf5208.c index ec14096aa4..0ad347dfa8 100644 --- a/hw/m68k/mcf5208.c +++ b/hw/m68k/mcf5208.c @@ -158,7 +158,7 @@ static uint64_t m5208_sys_read(void *opaque, hwaddr addr, { int n; for (n = 0; n < 32; n++) { - if (current_machine->ram_size < (2u << n)) { + if (current_machine->ram_size < (2ULL << n)) { break; } } From patchwork Sun Sep 8 13:11:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Huth X-Patchwork-Id: 13795457 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 434FEE6FE49 for ; Sun, 8 Sep 2024 13:12:34 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1snHhu-00030B-Od; Sun, 08 Sep 2024 09:11:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1snHhq-0002rA-78 for qemu-devel@nongnu.org; Sun, 08 Sep 2024 09:11:54 -0400 Received: from mail-lj1-f172.google.com ([209.85.208.172]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1snHhn-0000fL-AS for qemu-devel@nongnu.org; Sun, 08 Sep 2024 09:11:52 -0400 Received: by mail-lj1-f172.google.com with SMTP id 38308e7fff4ca-2f75f116d11so9580911fa.1 for ; Sun, 08 Sep 2024 06:11:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725801109; x=1726405909; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9q+YIIrgdQyzRQXNqBoVfQ3f8EP3T/uI3ZqwIVVnwUc=; b=Nvx9i2EtC6qYADQfF5JMcr9cPXabUjqq9Bu1bhVBpc8Jtfu+V/eUWkusgMQvPdLEqW 9pKtBWVx+07jPzlxEHrLHmrN37OWrkwA1H5JBkYDXIeK9f+7QeL8cQVmiqw5xcARx/Wq k2AyNebxF+wzYPni2xRCB2UsSn9ga2nTG4SF//sElaINaGqacY+0GIhIN853adHPtkKd dLLu0OV3dbsTLJbOK5QJtDJvEkWA53YrM0N+XQHLdsYTvy/8PDUCOXh2FNp0WPKoPG6u cDLwy+wWCzmwOiNpZUdn53+nyC9cJqH4QeAxrl6w552TPhdaQCl3MQ5I/LVIjczla0dV ybIg== X-Gm-Message-State: AOJu0YyfK/16aZd2n4tl82H4S6E5HT4BhEzsh5s0VWcIb0eSB746XHFS tp0ZMDwADLhDzYLG5P5P1JTWfIZ7xYFkMMRIrIET0YqgdqxTRidt7edSKA== X-Google-Smtp-Source: AGHT+IEnWQpRkO7PpBX8UuLXpifWodOKzN8nqCmseigjW5esqHPEIpAy7VXMTQerTW0CEspxMQ31yw== X-Received: by 2002:a05:651c:20c:b0:2f3:ee44:c6de with SMTP id 38308e7fff4ca-2f751f2b7ebmr47425381fa.27.1725801109323; Sun, 08 Sep 2024 06:11:49 -0700 (PDT) Received: from fedora.. (ip-109-43-115-52.web.vodafone.de. [109.43.115.52]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5c3ebd5212asm1842418a12.57.2024.09.08.06.11.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 Sep 2024 06:11:49 -0700 (PDT) From: Thomas Huth To: qemu-devel@nongnu.org Cc: Peter Maydell Subject: [PULL 2/3] hw/m68k/mcf5208: Add URLs for datasheets Date: Sun, 8 Sep 2024 15:11:27 +0200 Message-ID: <20240908131128.19384-3-huth@tuxfamily.org> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240908131128.19384-1-huth@tuxfamily.org> References: <20240908131128.19384-1-huth@tuxfamily.org> MIME-Version: 1.0 Received-SPF: pass client-ip=209.85.208.172; envelope-from=th.huth@gmail.com; helo=mail-lj1-f172.google.com X-Spam_score_int: -15 X-Spam_score: -1.6 X-Spam_bar: - X-Spam_report: (-1.6 / 5.0 requ) BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Peter Maydell The datasheets for the SoC and board we model here are still available from the NXP website; add their URLs and titles for future reference. Signed-off-by: Peter Maydell Reviewed-by: Thomas Huth Message-ID: <20240830173452.2086140-3-peter.maydell@linaro.org> Signed-off-by: Thomas Huth --- hw/m68k/mcf5208.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hw/m68k/mcf5208.c b/hw/m68k/mcf5208.c index 0ad347dfa8..b6677ad6bc 100644 --- a/hw/m68k/mcf5208.c +++ b/hw/m68k/mcf5208.c @@ -4,6 +4,14 @@ * Copyright (c) 2007 CodeSourcery. * * This code is licensed under the GPL + * + * This file models both the MCF5208 SoC, and the + * MCF5208EVB evaluation board. For details see + * + * "MCF5208 Reference Manual" + * https://www.nxp.com/docs/en/reference-manual/MCF5208RM.pdf + * "M5208EVB-RevB 32-bit Microcontroller User Manual" + * https://www.nxp.com/docs/en/reference-manual/M5208EVBUM.pdf */ #include "qemu/osdep.h" From patchwork Sun Sep 8 13:11:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Huth X-Patchwork-Id: 13795460 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4B0D1E6FE49 for ; Sun, 8 Sep 2024 13:12:39 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1snHhu-0002x2-2a; Sun, 08 Sep 2024 09:11:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1snHhp-0002qq-W3 for qemu-devel@nongnu.org; Sun, 08 Sep 2024 09:11:54 -0400 Received: from mail-ed1-f50.google.com ([209.85.208.50]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1snHho-0000fj-B2 for qemu-devel@nongnu.org; Sun, 08 Sep 2024 09:11:53 -0400 Received: by mail-ed1-f50.google.com with SMTP id 4fb4d7f45d1cf-5c3d209db94so3604846a12.3 for ; Sun, 08 Sep 2024 06:11:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725801111; x=1726405911; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ptL0ygfbb0Laz2aJR63ekKAa+9PX2hwP/FjTByTmNXI=; b=SGtVCfbCc0IelJvShjTpu/by4xCjUHsJ13ItZPEMvw2C5W7tived9+qro4f4l0FBji tQhzZIFIBuYlvUfB3pS5je30UXtR4QyxyLPFoMSGyrHF6Hjw3VIyAtyyhuzjcNnZIlsi +CB1/IAMNoUOS92L+h5Y6YczNA2s0Q/2X9nMpB6ktHaJ1VBg5ZRdGUZtimgOywzPzaJZ iUPFIYOuOQzIBVsOgqwZIc+4wn20hn8bLoso6Qz7qs8iLDIPKId10Dk99Pp5xEhMrMeM 7Kw9AD3Yff+nMwQhnYNmRB9NEU3dg2IBKo07U2q8qvkEHY1o/D6HN8BXbY5dbIO6UJm7 tpoA== X-Gm-Message-State: AOJu0Yyaiu+P9Jlih+TR9nbL+wwtxeqUGQtQIUjegfQ9lK3U+fJe2+HL yZSVZGEvuKVcgRr4CDmV/TJZv+ATi0otqEU0HH75LndlK6j2qS+58YOohO8q X-Google-Smtp-Source: AGHT+IE29iaW9jVzRL4gxAAlRo3vTYxwb2tHL9YGl/VYnjKOHDTz1P7dSsFKQRKJ6a66ubBxPhmh2g== X-Received: by 2002:a17:906:c14c:b0:a86:894e:cd09 with SMTP id a640c23a62f3a-a8d1bf75f35mr677789066b.9.1725801110787; Sun, 08 Sep 2024 06:11:50 -0700 (PDT) Received: from fedora.. (ip-109-43-115-52.web.vodafone.de. [109.43.115.52]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5c3ebd5212asm1842418a12.57.2024.09.08.06.11.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 Sep 2024 06:11:50 -0700 (PDT) From: Thomas Huth To: qemu-devel@nongnu.org Cc: Peter Maydell Subject: [PULL 3/3] hw/nubus/nubus-device: Range check 'slot' property Date: Sun, 8 Sep 2024 15:11:28 +0200 Message-ID: <20240908131128.19384-4-huth@tuxfamily.org> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240908131128.19384-1-huth@tuxfamily.org> References: <20240908131128.19384-1-huth@tuxfamily.org> MIME-Version: 1.0 Received-SPF: pass client-ip=209.85.208.50; envelope-from=th.huth@gmail.com; helo=mail-ed1-f50.google.com X-Spam_score_int: -15 X-Spam_score: -1.6 X-Spam_bar: - X-Spam_report: (-1.6 / 5.0 requ) BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Peter Maydell The TYPE_NUBUS_DEVICE class lets the user specify the nubus slot using an int32 "slot" QOM property. Its realize method doesn't do any range checking on this value, which Coverity notices by way of the possibility that 'nd->slot * NUBUS_SUPER_SLOT_SIZE' might overflow the 32-bit arithmetic it is using. Constrain the slot value to be less than NUBUS_SLOT_NB (16). Resolves: Coverity CID 1464070 Signed-off-by: Peter Maydell Message-ID: <20240830173452.2086140-4-peter.maydell@linaro.org> Reviewed-by: Thomas Huth Reviewed-by: Mark Cave-Ayland Signed-off-by: Thomas Huth --- hw/nubus/nubus-device.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hw/nubus/nubus-device.c b/hw/nubus/nubus-device.c index be4cb24696..26fbcf29a2 100644 --- a/hw/nubus/nubus-device.c +++ b/hw/nubus/nubus-device.c @@ -35,6 +35,13 @@ static void nubus_device_realize(DeviceState *dev, Error **errp) uint8_t *rom_ptr; int ret; + if (nd->slot < 0 || nd->slot >= NUBUS_SLOT_NB) { + error_setg(errp, + "'slot' value %d out of range (must be between 0 and %d)", + nd->slot, NUBUS_SLOT_NB - 1); + return; + } + /* Super */ slot_offset = nd->slot * NUBUS_SUPER_SLOT_SIZE;