[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 2/7] hw/misc/aspeed_sdmc: Fix incorrect memory size
From: |
Peter Maydell |
Subject: |
[PULL 2/7] hw/misc/aspeed_sdmc: Fix incorrect memory size |
Date: |
Mon, 27 Jul 2020 16:19:15 +0100 |
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
The SDRAM Memory Controller has a 32-bit address bus, thus
supports up to 4 GiB of DRAM. There is a signed to unsigned
conversion error with the AST2600 maximum memory size:
(uint64_t)(2048 << 20) = (uint64_t)(-2147483648)
= 0xffffffff40000000
= 16 EiB - 2 GiB
Fix by using the IEC suffixes which are usually safer, and add
an assertion check to verify the memory is valid. This would have
caught this bug:
$ qemu-system-arm -M ast2600-evb
qemu-system-arm: hw/misc/aspeed_sdmc.c:258: aspeed_sdmc_realize: Assertion
`asc->max_ram_size < 4 * GiB' failed.
Aborted (core dumped)
Fixes: 1550d72679 ("aspeed/sdmc: Add AST2600 support")
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/misc/aspeed_sdmc.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/hw/misc/aspeed_sdmc.c b/hw/misc/aspeed_sdmc.c
index 0737d8de81d..855848b7d23 100644
--- a/hw/misc/aspeed_sdmc.c
+++ b/hw/misc/aspeed_sdmc.c
@@ -255,6 +255,7 @@ static void aspeed_sdmc_realize(DeviceState *dev, Error
**errp)
AspeedSDMCState *s = ASPEED_SDMC(dev);
AspeedSDMCClass *asc = ASPEED_SDMC_GET_CLASS(s);
+ assert(asc->max_ram_size < 4 * GiB); /* 32-bit address bus */
s->max_ram_size = asc->max_ram_size;
memory_region_init_io(&s->iomem, OBJECT(s), &aspeed_sdmc_ops, s,
@@ -341,7 +342,7 @@ static void aspeed_2400_sdmc_class_init(ObjectClass *klass,
void *data)
AspeedSDMCClass *asc = ASPEED_SDMC_CLASS(klass);
dc->desc = "ASPEED 2400 SDRAM Memory Controller";
- asc->max_ram_size = 512 << 20;
+ asc->max_ram_size = 512 * MiB;
asc->compute_conf = aspeed_2400_sdmc_compute_conf;
asc->write = aspeed_2400_sdmc_write;
asc->valid_ram_sizes = aspeed_2400_ram_sizes;
@@ -408,7 +409,7 @@ static void aspeed_2500_sdmc_class_init(ObjectClass *klass,
void *data)
AspeedSDMCClass *asc = ASPEED_SDMC_CLASS(klass);
dc->desc = "ASPEED 2500 SDRAM Memory Controller";
- asc->max_ram_size = 1024 << 20;
+ asc->max_ram_size = 1 * GiB;
asc->compute_conf = aspeed_2500_sdmc_compute_conf;
asc->write = aspeed_2500_sdmc_write;
asc->valid_ram_sizes = aspeed_2500_ram_sizes;
@@ -485,7 +486,7 @@ static void aspeed_2600_sdmc_class_init(ObjectClass *klass,
void *data)
AspeedSDMCClass *asc = ASPEED_SDMC_CLASS(klass);
dc->desc = "ASPEED 2600 SDRAM Memory Controller";
- asc->max_ram_size = 2048 << 20;
+ asc->max_ram_size = 2 * GiB;
asc->compute_conf = aspeed_2600_sdmc_compute_conf;
asc->write = aspeed_2600_sdmc_write;
asc->valid_ram_sizes = aspeed_2600_ram_sizes;
--
2.20.1
- [PULL 0/7] target-arm queue, Peter Maydell, 2020/07/27
- [PULL 2/7] hw/misc/aspeed_sdmc: Fix incorrect memory size,
Peter Maydell <=
- [PULL 3/7] target/arm: Always pass cacheattr in S1_ptw_translate, Peter Maydell, 2020/07/27
- [PULL 1/7] ACPI: Assert that we don't run out of the preallocated memory, Peter Maydell, 2020/07/27
- [PULL 4/7] docs/system/arm/virt: Document 'mte' machine option, Peter Maydell, 2020/07/27
- [PULL 5/7] hw/arm/boot: Fix PAUTH for EL3 direct kernel boot, Peter Maydell, 2020/07/27
- [PULL 6/7] hw/arm/boot: Fix MTE for EL3 direct kernel boot, Peter Maydell, 2020/07/27
- [PULL 7/7] target/arm: Improve IMPDEF algorithm for IRG, Peter Maydell, 2020/07/27
- Re: [PULL 0/7] target-arm queue, Peter Maydell, 2020/07/28