[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 25/27] cadence_gem: Fix priority queue out of bounds
From: |
Peter Maydell |
Subject: |
[Qemu-devel] [PULL 25/27] cadence_gem: Fix priority queue out of bounds access |
Date: |
Tue, 4 Oct 2016 13:42:53 +0100 |
From: Alistair Francis <address@hidden>
There was an error with some of the register implementation assuming
there are 16 priority queues supported when the IP only supports 8. This
patch corrects the registers to only support 8 queues.
Signed-off-by: Alistair Francis <address@hidden>
Reported-by: Paolo Bonzini <address@hidden>
Message-id: address@hidden
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
---
hw/net/cadence_gem.c | 22 ++++------------------
1 file changed, 4 insertions(+), 18 deletions(-)
diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
index 8618e7a..7915732 100644
--- a/hw/net/cadence_gem.c
+++ b/hw/net/cadence_gem.c
@@ -147,25 +147,19 @@
#define GEM_INT_Q1_MASK (0x00000640 / 4)
#define GEM_TRANSMIT_Q1_PTR (0x00000440 / 4)
-#define GEM_TRANSMIT_Q15_PTR (GEM_TRANSMIT_Q1_PTR + 14)
+#define GEM_TRANSMIT_Q7_PTR (GEM_TRANSMIT_Q1_PTR + 6)
#define GEM_RECEIVE_Q1_PTR (0x00000480 / 4)
-#define GEM_RECEIVE_Q15_PTR (GEM_RECEIVE_Q1_PTR + 14)
+#define GEM_RECEIVE_Q7_PTR (GEM_RECEIVE_Q1_PTR + 6)
#define GEM_INT_Q1_ENABLE (0x00000600 / 4)
#define GEM_INT_Q7_ENABLE (GEM_INT_Q1_ENABLE + 6)
-#define GEM_INT_Q8_ENABLE (0x00000660 / 4)
-#define GEM_INT_Q15_ENABLE (GEM_INT_Q8_ENABLE + 7)
#define GEM_INT_Q1_DISABLE (0x00000620 / 4)
#define GEM_INT_Q7_DISABLE (GEM_INT_Q1_DISABLE + 6)
-#define GEM_INT_Q8_DISABLE (0x00000680 / 4)
-#define GEM_INT_Q15_DISABLE (GEM_INT_Q8_DISABLE + 7)
#define GEM_INT_Q1_MASK (0x00000640 / 4)
#define GEM_INT_Q7_MASK (GEM_INT_Q1_MASK + 6)
-#define GEM_INT_Q8_MASK (0x000006A0 / 4)
-#define GEM_INT_Q15_MASK (GEM_INT_Q8_MASK + 7)
#define GEM_SCREENING_TYPE1_REGISTER_0 (0x00000500 / 4)
@@ -1372,13 +1366,13 @@ static void gem_write(void *opaque, hwaddr offset,
uint64_t val,
case GEM_RXQBASE:
s->rx_desc_addr[0] = val;
break;
- case GEM_RECEIVE_Q1_PTR ... GEM_RECEIVE_Q15_PTR:
+ case GEM_RECEIVE_Q1_PTR ... GEM_RECEIVE_Q7_PTR:
s->rx_desc_addr[offset - GEM_RECEIVE_Q1_PTR + 1] = val;
break;
case GEM_TXQBASE:
s->tx_desc_addr[0] = val;
break;
- case GEM_TRANSMIT_Q1_PTR ... GEM_TRANSMIT_Q15_PTR:
+ case GEM_TRANSMIT_Q1_PTR ... GEM_TRANSMIT_Q7_PTR:
s->tx_desc_addr[offset - GEM_TRANSMIT_Q1_PTR + 1] = val;
break;
case GEM_RXSTATUS:
@@ -1392,10 +1386,6 @@ static void gem_write(void *opaque, hwaddr offset,
uint64_t val,
s->regs[GEM_INT_Q1_MASK + offset - GEM_INT_Q1_ENABLE] &= ~val;
gem_update_int_status(s);
break;
- case GEM_INT_Q8_ENABLE ... GEM_INT_Q15_ENABLE:
- s->regs[GEM_INT_Q8_MASK + offset - GEM_INT_Q8_ENABLE] &= ~val;
- gem_update_int_status(s);
- break;
case GEM_IDR:
s->regs[GEM_IMR] |= val;
gem_update_int_status(s);
@@ -1404,10 +1394,6 @@ static void gem_write(void *opaque, hwaddr offset,
uint64_t val,
s->regs[GEM_INT_Q1_MASK + offset - GEM_INT_Q1_DISABLE] |= val;
gem_update_int_status(s);
break;
- case GEM_INT_Q8_DISABLE ... GEM_INT_Q15_DISABLE:
- s->regs[GEM_INT_Q8_MASK + offset - GEM_INT_Q8_DISABLE] |= val;
- gem_update_int_status(s);
- break;
case GEM_SPADDR1LO:
case GEM_SPADDR2LO:
case GEM_SPADDR3LO:
--
2.7.4
- [Qemu-devel] [PULL 24/27] docs: Add a generic loader explanation document, (continued)
- [Qemu-devel] [PULL 24/27] docs: Add a generic loader explanation document, Peter Maydell, 2016/10/04
- [Qemu-devel] [PULL 03/27] STM32F2xx: Add the ADC device, Peter Maydell, 2016/10/04
- [Qemu-devel] [PULL 02/27] STM32F2xx: Display PWM duty cycle from timer, Peter Maydell, 2016/10/04
- [Qemu-devel] [PULL 19/27] hw/intc/arm_gicv3_its: Implement support for in-kernel ITS emulation, Peter Maydell, 2016/10/04
- [Qemu-devel] [PULL 07/27] STM32F205: Connect the SPI devices, Peter Maydell, 2016/10/04
- [Qemu-devel] [PULL 06/27] STM32F205: Connect the ADC devices, Peter Maydell, 2016/10/04
- [Qemu-devel] [PULL 27/27] target-arm: Correctly handle 'sub pc, pc, 1' for ARMv6, Peter Maydell, 2016/10/04
- [Qemu-devel] [PULL 10/27] mainstone: Add mapping for dot, slash and backspace., Peter Maydell, 2016/10/04
- [Qemu-devel] [PULL 25/27] cadence_gem: Fix priority queue out of bounds access,
Peter Maydell <=
- [Qemu-devel] [PULL 21/27] ACPI: Add GIC Interrupt Translation Service Structure definition, Peter Maydell, 2016/10/04
- [Qemu-devel] [PULL 11/27] hw/arm: Fix Integrator/CM initialization, Peter Maydell, 2016/10/04
- [Qemu-devel] [PULL 22/27] ARM: Virt: ACPI: Add GIC ITS description in ACPI MADT table, Peter Maydell, 2016/10/04
- [Qemu-devel] [PULL 04/27] STM32F2xx: Add the SPI device, Peter Maydell, 2016/10/04
- [Qemu-devel] [PULL 23/27] generic-loader: Add a generic loader, Peter Maydell, 2016/10/04
- [Qemu-devel] [PULL 12/27] vmstateify tsc2005, Peter Maydell, 2016/10/04
- [Qemu-devel] [PULL 05/27] irq: Add a new irq device that allows the ORing of lines, Peter Maydell, 2016/10/04
- [Qemu-devel] [PULL 01/27] STM32F205: Remove the individual device variables, Peter Maydell, 2016/10/04
- Re: [Qemu-devel] [PULL 00/27] target-arm queue, no-reply, 2016/10/04
- Re: [Qemu-devel] [PULL 00/27] target-arm queue, Peter Maydell, 2016/10/04