From: Peter Maydell <peter.maydell@linaro.org>
To: Alexandra Diupina <adiupina@astralinux.ru>
Cc: Alistair Francis <alistair@alistair23.me>,
"Konrad, Frederic" <Frederic.Konrad@amd.com>,
"Edgar E. Iglesias" <edgar.iglesias@gmail.com>,
qemu-arm@nongnu.org, qemu-devel@nongnu.org,
sdl.qemu@linuxtesting.org
Subject: Re: [PATCH v4] fix endianness bug
Date: Tue, 30 Apr 2024 16:00:35 +0100 [thread overview]
Message-ID: <CAFEAcA9TBh8CnvW16hEu5sgLOd4VyKt8JGj0jGRTMw_6iTvP2g@mail.gmail.com> (raw)
In-Reply-To: <20240428181156.24071-1-adiupina@astralinux.ru>
On Sun, 28 Apr 2024 at 19:12, Alexandra Diupina <adiupina@astralinux.ru> wrote:
>
> Add xlnx_dpdma_read_descriptor() and
> xlnx_dpdma_write_descriptor() functions.
> xlnx_dpdma_read_descriptor() combines reading a
> descriptor from desc_addr by calling dma_memory_read()
> and swapping the desc fields from guest memory order
> to host memory order. xlnx_dpdma_write_descriptor()
> performs similar actions when writing a descriptor.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: d3c6369a96 ("introduce xlnx-dpdma")
> Signed-off-by: Alexandra Diupina <adiupina@astralinux.ru>
> ---
> v4: remove rewriting desc in place
> v3: add xlnx_dpdma_write_descriptor()
> v2: minor changes in xlnx_dpdma_read_descriptor()
> hw/dma/xlnx_dpdma.c | 63 ++++++++++++++++++++++++++++++++++++++++++---
> 1 file changed, 59 insertions(+), 4 deletions(-)
>
> diff --git a/hw/dma/xlnx_dpdma.c b/hw/dma/xlnx_dpdma.c
> index 1f5cd64ed1..e9133e9dcb 100644
> --- a/hw/dma/xlnx_dpdma.c
> +++ b/hw/dma/xlnx_dpdma.c
> @@ -614,6 +614,63 @@ static void xlnx_dpdma_register_types(void)
> type_register_static(&xlnx_dpdma_info);
> }
>
> +static MemTxResult xlnx_dpdma_read_descriptor(XlnxDPDMAState *s,
> + uint64_t desc_addr, DPDMADescriptor *desc)
> +{
> + if (dma_memory_read(&address_space_memory, desc_addr, &desc,
> + sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED)) {
> + return MEMTX_ERROR;
You should return the return value you got from dma_memory_read() here.
> + }
> +
> + /* Convert from LE into host endianness. */
> + desc->control = le32_to_cpu(desc->control);
> + desc->descriptor_id = le32_to_cpu(desc->descriptor_id);
> + desc->xfer_size = le32_to_cpu(desc->xfer_size);
> + desc->line_size_stride = le32_to_cpu(desc->line_size_stride);
> + desc->timestamp_lsb = le32_to_cpu(desc->timestamp_lsb);
> + desc->timestamp_msb = le32_to_cpu(desc->timestamp_msb);
> + desc->address_extension = le32_to_cpu(desc->address_extension);
> + desc->next_descriptor = le32_to_cpu(desc->next_descriptor);
> + desc->source_address = le32_to_cpu(desc->source_address);
> + desc->address_extension_23 = le32_to_cpu(desc->address_extension_23);
> + desc->address_extension_45 = le32_to_cpu(desc->address_extension_45);
> + desc->source_address2 = le32_to_cpu(desc->source_address2);
> + desc->source_address3 = le32_to_cpu(desc->source_address3);
> + desc->source_address4 = le32_to_cpu(desc->source_address4);
> + desc->source_address5 = le32_to_cpu(desc->source_address5);
> + desc->crc = le32_to_cpu(desc->crc);
> +
> + return MEMTX_OK;
> +}
> +
> +static void xlnx_dpdma_write_descriptor(uint64_t desc_addr,
> + DPDMADescriptor *desc)
> +{
> + DPDMADescriptor* tmp_desc = (DPDMADescriptor *)malloc(sizeof(DPDMADescriptor));
> + memcpy(tmp_desc, desc, sizeof(desc));
The descriptor structure is not very big, we don't need to malloc it.
So we can do:
DPDMADescriptor tmp_desc = *desc;
(adjusting the code below to match).
> +
> + /* Convert from host endianness into LE. */
> + tmp_desc->control = cpu_to_le32(tmp_desc->control);
> + tmp_desc->descriptor_id = cpu_to_le32(tmp_desc->descriptor_id);
> + tmp_desc->xfer_size = cpu_to_le32(tmp_desc->xfer_size);
> + tmp_desc->line_size_stride = cpu_to_le32(tmp_desc->line_size_stride);
> + tmp_desc->timestamp_lsb = cpu_to_le32(tmp_desc->timestamp_lsb);
> + tmp_desc->timestamp_msb = cpu_to_le32(tmp_desc->timestamp_msb);
> + tmp_desc->address_extension = cpu_to_le32(tmp_desc->address_extension);
> + tmp_desc->next_descriptor = cpu_to_le32(tmp_desc->next_descriptor);
> + tmp_desc->source_address = cpu_to_le32(tmp_desc->source_address);
> + tmp_desc->address_extension_23 = cpu_to_le32(tmp_desc->address_extension_23);
> + tmp_desc->address_extension_45 = cpu_to_le32(tmp_desc->address_extension_45);
> + tmp_desc->source_address2 = cpu_to_le32(tmp_desc->source_address2);
> + tmp_desc->source_address3 = cpu_to_le32(tmp_desc->source_address3);
> + tmp_desc->source_address4 = cpu_to_le32(tmp_desc->source_address4);
> + tmp_desc->source_address5 = cpu_to_le32(tmp_desc->source_address5);
> + tmp_desc->crc = cpu_to_le32(tmp_desc->crc);
> +
> + dma_memory_write(&address_space_memory, desc_addr, tmp_desc,
> + sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED);
I know we don't check the return value at the callsite, but we might
as well do "return dma_memory_write(...)" here.
> +}
> +
> size_t xlnx_dpdma_start_operation(XlnxDPDMAState *s, uint8_t channel,
> bool one_desc)
> {
> @@ -651,8 +708,7 @@ size_t xlnx_dpdma_start_operation(XlnxDPDMAState *s, uint8_t channel,
> desc_addr = xlnx_dpdma_descriptor_next_address(s, channel);
> }
>
> - if (dma_memory_read(&address_space_memory, desc_addr, &desc,
> - sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED)) {
> + if (xlnx_dpdma_read_descriptor(s, desc_addr, &desc)) {
> s->registers[DPDMA_EISR] |= ((1 << 1) << channel);
> xlnx_dpdma_update_irq(s);
> s->operation_finished[channel] = true;
> @@ -755,8 +811,7 @@ size_t xlnx_dpdma_start_operation(XlnxDPDMAState *s, uint8_t channel,
> /* The descriptor need to be updated when it's completed. */
> DPRINTF("update the descriptor with the done flag set.\n");
> xlnx_dpdma_desc_set_done(&desc);
> - dma_memory_write(&address_space_memory, desc_addr, &desc,
> - sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED);
> + xlnx_dpdma_write_descriptor(desc_addr, &desc);
> }
>
> if (xlnx_dpdma_desc_completion_interrupt(&desc)) {
> --
> 2.30.2
thanks
-- PMM
next prev parent reply other threads:[~2024-04-30 15:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-28 18:11 [PATCH v4] fix endianness bug Alexandra Diupina
2024-04-30 15:00 ` Peter Maydell [this message]
2024-04-30 17:08 ` Alex Bennée
2024-05-02 14:16 ` [PATCH v5] xlnx_dpdma: fix descriptor " Alexandra Diupina
2024-05-03 16:43 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFEAcA9TBh8CnvW16hEu5sgLOd4VyKt8JGj0jGRTMw_6iTvP2g@mail.gmail.com \
--to=peter.maydell@linaro.org \
--cc=Frederic.Konrad@amd.com \
--cc=adiupina@astralinux.ru \
--cc=alistair@alistair23.me \
--cc=edgar.iglesias@gmail.com \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=sdl.qemu@linuxtesting.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).