From patchwork Tue Apr 9 13:59:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 787217 Delivered-To: patch@linaro.org Received: by 2002:adf:fdd2:0:b0:346:15ad:a2a with SMTP id i18csp231025wrs; Tue, 9 Apr 2024 07:01:26 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWVHg946RrQCk5iOGhUtNG1KX9EwJfiUkg7/yfPj4QqiEgmqYhnXYLFXPPa3KwIYqzbH143tzId6GNm7bu7x+bT X-Google-Smtp-Source: AGHT+IHP43CcxvemKLA3I+P5uabXDj/8cmaBAWB8d76UDN0PXa4mRjpGJBS5v64BSLYEYVtvattY X-Received: by 2002:a05:6122:e64:b0:4ca:80c5:7544 with SMTP id bj36-20020a0561220e6400b004ca80c57544mr7324313vkb.4.1712671286397; Tue, 09 Apr 2024 07:01:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1712671286; cv=none; d=google.com; s=arc-20160816; b=USrcZo+hd+BWqrQegzkiifcJms+FuhCJBEbRjlH6ampdGyo3b5Ppst7RiYZrKheu2M LSWYwwvVpuDWeIwOVOF0ndzJQNz8PSJyO3jd0Zpt+B/9lODF4FaeCq6pO9gEXCnyDeay ant8GWpZdQ7sX5ZQ4pDLKWhx0+NFDmu0mPYQXJwQOdLD/DfT7xxa+/bM5WdEJ7x1nZCg HmJifZgamqMLrC9Dq1j+XatZjF6FLBZoJGN7GkJ6btaR/zUzCZGbU84TBLaXq9B536ce jwRrM+xStqA4PEC4QFvwaB1E6SoTzYaiKL9yrHJ9v3uEsYU5awj+TbtwzMkc3YLaZRMV VR7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=3d4Pf+e5xlZoPOTwBIco4FU0UwZBSRn1p8fSkttjbGE=; fh=EbTXCzhZyWMi99XjBGEJxbrHbHiMpVnkFWCwhwmTNvY=; b=KEuOvpeah39xjYZ7sSeYeqS0Wv1JEaIgAg2oILHAjPgwUguds0CMpUn+kj0EigyEaG TVq8ChP9uxSHKA1PeZ7tdbHwfiZM4/8OHXBYFmWUHh18K4JDtJD4XK8bbBZNiyDNXWk2 xAxfBiZQ1YIircVSje5qQccJJ5BVZV0GQpfy95CtEROlb//w6v7G2wuJPMbXavWnwOQP oL7qXKQ2yWC9LAqprMqe0UeXV3G3DbIzRmDvIHx5u7JtnSW4SiAZetLjqmdC4DwkVg+P 7gH8xoulWKoBNVA5mw6adFeLCP203q0h/nIM01UtnKOWk+iUyW3XtNn+GjLmLMNQg41h e+lg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=GVKufjhm; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id g29-20020a056122099d00b004b7305215b8si1346862vkd.294.2024.04.09.07.01.25 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 09 Apr 2024 07:01:26 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=GVKufjhm; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ruC10-0006mk-0h; Tue, 09 Apr 2024 09:59:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ruC0y-0006mJ-Vg for qemu-devel@nongnu.org; Tue, 09 Apr 2024 09:59:56 -0400 Received: from mail-ej1-x62c.google.com ([2a00:1450:4864:20::62c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ruC0x-0004LZ-Ea for qemu-devel@nongnu.org; Tue, 09 Apr 2024 09:59:56 -0400 Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-a51a7d4466bso500384566b.2 for ; Tue, 09 Apr 2024 06:59:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1712671193; x=1713275993; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3d4Pf+e5xlZoPOTwBIco4FU0UwZBSRn1p8fSkttjbGE=; b=GVKufjhmH+own+ZgS0uYhLknGR5rjVAaKTk/Np23ilpZg9eAURExMHvSD9enx0nWbz ETpXIN12StbFD4vsIAp6jEgL6wlsYMZr5RXMTZX1uBzZMtd2BHf9/p9TlbsfYDYT07ys eB/RptfwcGnIMFhflW5rXVskxKtE+UCRonhME16I13UsNcroV034PHd8xJSdGdWmWuXy cbwqPC7h2eaWVAg56zK5RKpRS+4eWFKrJEjV5UXSqYwqw2elxCtYUq8oNgQwOeYmH2zf y5gvbVD7gU829g1tteaodN9ep9VI0ra0X4RL6vTzzlk0Jy6ZV7f1dxs0g+T50orPvZuy jLWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712671193; x=1713275993; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3d4Pf+e5xlZoPOTwBIco4FU0UwZBSRn1p8fSkttjbGE=; b=CEM4BHqpTOor5JqOzDZSZmrcWB2yMnSk3eaMfpn38+dssJRm+gqTzOsWOkLIvT8Mtl 9K5xQ5uZHhzQZtBCc8AI9DgCLLwP9F7vSL9tddKIwQ1NCcVPsAnzVYZ28lC9a2dMwU+W P+khUEzzPJf7YkIB68+2voARxXRaDgb0graiVnaUMuMM3lqW/tLJm8WJUN4PP0yNWJuV OCpF69xYUAwP6Rdw4fM8Uz66aIGH8/VXdZJ/YAiW0w8GXOk2Nate9gzq9laSlBtbmj6m /dDSOWL3/dWNXQSrghtqsemrT/8LC23OnMcJpR2SiSZnv44x9aJYA/Ykjcjwj2BPjDha dq2A== X-Gm-Message-State: AOJu0Yxre1pSYRNo05DhHhQqZ/PbGfjWqh+n2QnQ4QRLStKFdJYuXxv5 RX5CwFvA6aq470ATdcZ3VKHuWH5EkSbEqoIYNOd5mNr/3mPI5jg4QOjh+WuAu3g0brg6SgORwJs U X-Received: by 2002:a17:907:84b:b0:a51:df52:5a65 with SMTP id ww11-20020a170907084b00b00a51df525a65mr3604970ejb.2.1712671193421; Tue, 09 Apr 2024 06:59:53 -0700 (PDT) Received: from m1x-phil.lan ([176.176.160.134]) by smtp.gmail.com with ESMTPSA id ld11-20020a170906f94b00b00a51d8a3a632sm2345694ejb.168.2024.04.09.06.59.51 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Tue, 09 Apr 2024 06:59:52 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org, Kevin Wolf Cc: Qiang Liu , qemu-block@nongnu.org, Alexander Bulekov , Hanna Reitz , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Richard Henderson Subject: [PATCH-for-9.0 v2 1/3] hw/block/nand: Factor nand_load_iolen() method out Date: Tue, 9 Apr 2024 15:59:41 +0200 Message-ID: <20240409135944.24997-2-philmd@linaro.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240409135944.24997-1-philmd@linaro.org> References: <20240409135944.24997-1-philmd@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::62c; envelope-from=philmd@linaro.org; helo=mail-ej1-x62c.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org Reviewed-by: Richard Henderson Reviewed-by: Kevin Wolf Signed-off-by: Philippe Mathieu-Daudé --- hw/block/nand.c | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/hw/block/nand.c b/hw/block/nand.c index d1435f2207..f33eb2d552 100644 --- a/hw/block/nand.c +++ b/hw/block/nand.c @@ -243,9 +243,28 @@ static inline void nand_pushio_byte(NANDFlashState *s, uint8_t value) } } +/* + * nand_load_block: Load block containing (s->addr + @offset). + * Returns length of data available at @offset in this block. + */ +static unsigned nand_load_block(NANDFlashState *s, unsigned offset) +{ + unsigned iolen; + + s->blk_load(s, s->addr, offset); + + iolen = (1 << s->page_shift); + if (s->gnd) { + iolen += 1 << s->oob_shift; + } + assert(offset <= iolen); + iolen -= offset; + + return iolen; +} + static void nand_command(NANDFlashState *s) { - unsigned int offset; switch (s->cmd) { case NAND_CMD_READ0: s->iolen = 0; @@ -271,12 +290,7 @@ static void nand_command(NANDFlashState *s) case NAND_CMD_NOSERIALREAD2: if (!(nand_flash_ids[s->chip_id].options & NAND_SAMSUNG_LP)) break; - offset = s->addr & ((1 << s->addr_shift) - 1); - s->blk_load(s, s->addr, offset); - if (s->gnd) - s->iolen = (1 << s->page_shift) - offset; - else - s->iolen = (1 << s->page_shift) + (1 << s->oob_shift) - offset; + s->iolen = nand_load_block(s, s->addr & ((1 << s->addr_shift) - 1)); break; case NAND_CMD_RESET: @@ -597,12 +611,7 @@ uint32_t nand_getio(DeviceState *dev) if (!s->iolen && s->cmd == NAND_CMD_READ0) { offset = (int) (s->addr & ((1 << s->addr_shift) - 1)) + s->offset; s->offset = 0; - - s->blk_load(s, s->addr, offset); - if (s->gnd) - s->iolen = (1 << s->page_shift) - offset; - else - s->iolen = (1 << s->page_shift) + (1 << s->oob_shift) - offset; + s->iolen = nand_load_block(s, offset); } if (s->ce || s->iolen <= 0) { From patchwork Tue Apr 9 13:59:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 787216 Delivered-To: patch@linaro.org Received: by 2002:adf:fdd2:0:b0:346:15ad:a2a with SMTP id i18csp230610wrs; Tue, 9 Apr 2024 07:00:50 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWVAPsfJdpbNBFVu2ojL+QQz8HiLE2w4H77teFj7oghM2Im/nLTwe87Gy5nWfEQ2OLcuJ7pJJQz1HHZPJ+SS5ft X-Google-Smtp-Source: AGHT+IF24aI+OBoFsxeFicuEDK2yS0h7bGQmNXIomoD1vS0NVEducA5zXEKkStwANZuR0juF77Kz X-Received: by 2002:a05:6830:1e45:b0:6ea:1a2f:915 with SMTP id e5-20020a0568301e4500b006ea1a2f0915mr5080706otj.12.1712671250381; Tue, 09 Apr 2024 07:00:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1712671250; cv=none; d=google.com; s=arc-20160816; b=UgfeX97zh/pl6n5V/Q7L/pINf4kFzAXC4hS0m7zzaJ0t8bLNIwUUb31ZnbUaRdQiWc uG/2KKJ2/eMhPLHcOZcKXapPSkeI/Y7oWtZ0ModlCzHKzHeNGrvs8n8drB4tCXJhpPuA 73nxWsUwjJKx8TWwHLj4wQ9uCfyD3Fp8M6qfCrb5JcHsEsul6GR++NCKbHLZcR+f80UN slG7xjFHg2SS9BsPUZEP3S8RvrOowuBtoDeU3VYlwiFPUYOGWkW17Zy8OuUCc80v38UE WwBTgXaoWklfNMM/xcVfxbaR5aQPtjgTfD5FmhvM3n2TtQQxiqmJ56PRGCulQzFj8rns zckw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=nJFermYqSA0aosSWDCha0MrZRxQ2GyvzS1k30TW2krI=; fh=EbTXCzhZyWMi99XjBGEJxbrHbHiMpVnkFWCwhwmTNvY=; b=PSHFJJ3DqFdu4Dj0Ppi0a32exQbOaNLFlp7qPZGVFBFczVBnamXovfSdzlfReQNKgW URIbEVQ1M/T67LMPfRSixkkkmwUYEiQoLns/2B84gAYshBYpt7sM35sx0mvhos3KrOrH K57n/z2BEinT44pGxKYQZDXfQXq9cgr/qmhCMJZ8w2VmAea2LRYocaaJa8AJy3VCOBdU xgxGQhc3mi3xbPoMymo7nXZRGcLKMyoMuP9jwo9cs5vSLaYNu3GmqvWca7SQSbVONptv 9CgTr2v2BCg6QbKv6JuR5W154NCDfz2RTFPpzxokdbwgDV/5cpeZGMqBEl9u4zYmRN33 9xPw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=RgfmlaE0; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id j11-20020a05621419cb00b0069b1f0bcf6asi4034640qvc.443.2024.04.09.07.00.50 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 09 Apr 2024 07:00:50 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=RgfmlaE0; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ruC18-0006pl-CE; Tue, 09 Apr 2024 10:00:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ruC15-0006of-Ih for qemu-devel@nongnu.org; Tue, 09 Apr 2024 10:00:03 -0400 Received: from mail-ej1-x631.google.com ([2a00:1450:4864:20::631]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ruC13-0004MJ-LK for qemu-devel@nongnu.org; Tue, 09 Apr 2024 10:00:03 -0400 Received: by mail-ej1-x631.google.com with SMTP id a640c23a62f3a-a5200afe39eso50871366b.1 for ; Tue, 09 Apr 2024 07:00:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1712671200; x=1713276000; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nJFermYqSA0aosSWDCha0MrZRxQ2GyvzS1k30TW2krI=; b=RgfmlaE0NmZ+/7DfXO1l1cdRaDBeviPpgP928t11AF2jSVUksiljDr1UnDP3ArCliS NES0qIoeU5h8qG3ZlLCoM+O1lmqlmJ8cNzMF7F0SROV7uj/Y5ZYaXLPD66qn+juCNjLV Jc8EuOV9hizg4HaO/eMtgBwTbgX/SUGVfZ1WYxUfEvgh3MiL4ClRh5Qr8wnL77Xvk296 d5RCq2egSK7TUntn+93NUd+TcBjTsBFAfiWpxLFT7n5yEAXpRZQ0X999R3YO2Frde1h8 CZYn1nTQ+ML4AhvKC22X+rFbaDskBLF+Qshf0Nu8qQ3CggWh6Dstv7Cd4A9HGPuKcNzW nrNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712671200; x=1713276000; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nJFermYqSA0aosSWDCha0MrZRxQ2GyvzS1k30TW2krI=; b=pU3HjZeOuhVQnDvaimVR2YH2uj9Aeefwg59z+v9n3K7Tpmt2LxgBBhSmoToVnt4Yvo Bi3XGALoZCDX1eG4227/QqvchFoYeSNRI+3LR0jy7DuE0U/k8CC47/qvtXkd7bnerl9G uCsXJlcRJpVRvFurOHpBIpBtHbl+rCSfn1zZ6k+1mvxC+tDgNg/KeehEfaDhZwjugW23 4Nd5B/35Bef+fyCeMhEgX/NTsomqfaq3sHxpee0Lq4S0O4vR9SjM1/4GNX/6BMfLAp3d 3pCtkd7sziO4qPaLbcwtHCy/P4fRZA5friw2T0twtsEAVWZRUMryzi+XwJ21Vqrv8HDL UO4Q== X-Gm-Message-State: AOJu0YwtVzxq3WpyoypOSpSNJ4GlsaEHzyZL9ioRbeDES57/bOd3uFnn oafIyqWw3Q7ExlXb1Rm3I2EVjAm888CIOuPYDaLsaJ2HE0vJjWLVs51eEcQMUeXTS2o2Kg23FKT U X-Received: by 2002:a17:906:4a81:b0:a4a:3663:2f51 with SMTP id x1-20020a1709064a8100b00a4a36632f51mr9269938eju.2.1712671199712; Tue, 09 Apr 2024 06:59:59 -0700 (PDT) Received: from m1x-phil.lan ([176.176.160.134]) by smtp.gmail.com with ESMTPSA id h22-20020a1709067cd600b00a4739efd7cesm5772517ejp.60.2024.04.09.06.59.58 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Tue, 09 Apr 2024 06:59:59 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org, Kevin Wolf Cc: Qiang Liu , qemu-block@nongnu.org, Alexander Bulekov , Hanna Reitz , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Richard Henderson Subject: [PATCH-for-9.0 v2 2/3] hw/block/nand: Have blk_load() take unsigned offset and return boolean Date: Tue, 9 Apr 2024 15:59:42 +0200 Message-ID: <20240409135944.24997-3-philmd@linaro.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240409135944.24997-1-philmd@linaro.org> References: <20240409135944.24997-1-philmd@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::631; envelope-from=philmd@linaro.org; helo=mail-ej1-x631.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org Negative offset is meaningless, use unsigned type. Return a boolean value indicating success. Reviewed-by: Richard Henderson Reviewed-by: Kevin Wolf Signed-off-by: Philippe Mathieu-Daudé --- hw/block/nand.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/hw/block/nand.c b/hw/block/nand.c index f33eb2d552..5a31d78b6b 100644 --- a/hw/block/nand.c +++ b/hw/block/nand.c @@ -84,7 +84,11 @@ struct NANDFlashState { void (*blk_write)(NANDFlashState *s); void (*blk_erase)(NANDFlashState *s); - void (*blk_load)(NANDFlashState *s, uint64_t addr, int offset); + /* + * Returns %true when block containing (@addr + @offset) is + * successfully loaded, otherwise %false. + */ + bool (*blk_load)(NANDFlashState *s, uint64_t addr, unsigned offset); uint32_t ioaddr_vmstate; }; @@ -772,11 +776,11 @@ static void glue(nand_blk_erase_, NAND_PAGE_SIZE)(NANDFlashState *s) } } -static void glue(nand_blk_load_, NAND_PAGE_SIZE)(NANDFlashState *s, - uint64_t addr, int offset) +static bool glue(nand_blk_load_, NAND_PAGE_SIZE)(NANDFlashState *s, + uint64_t addr, unsigned offset) { if (PAGE(addr) >= s->pages) { - return; + return false; } if (s->blk) { @@ -804,6 +808,8 @@ static void glue(nand_blk_load_, NAND_PAGE_SIZE)(NANDFlashState *s, offset, NAND_PAGE_SIZE + OOB_SIZE - offset); s->ioaddr = s->io; } + + return true; } static void glue(nand_init_, NAND_PAGE_SIZE)(NANDFlashState *s) From patchwork Tue Apr 9 13:59:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 787218 Delivered-To: patch@linaro.org Received: by 2002:adf:fdd2:0:b0:346:15ad:a2a with SMTP id i18csp231081wrs; Tue, 9 Apr 2024 07:01:30 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWqpmCv9ZoEtupvIwQjVLwao8h61QNYnE5c6c1tfKeSXw5qFbRPMzCcFnbsgxKUv8/oMxUV7L+drcnXaui80kOe X-Google-Smtp-Source: AGHT+IHno/3JEIHr1h2vlpMeywN62mATeLAFfwDOXP6Op3OjYdTsP98wrVz9mwKHpr/nXMK15bAb X-Received: by 2002:a05:6358:1397:b0:183:ddb0:eb03 with SMTP id n23-20020a056358139700b00183ddb0eb03mr14106834rwi.21.1712671290317; Tue, 09 Apr 2024 07:01:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1712671290; cv=none; d=google.com; s=arc-20160816; b=d03l0nSuVLsPvGhq0CJm9p+GrQY7u+BENvrWl27+lCJ4vbc9C2lKXp7NclFsBsxpFp nL2R0pn2V1FIQi66g1fcxfzh+j6tqjB2vRNzdo1ej8f35+ryuwDKII/6J/CdFYu79QMU vrWPHYlL3qy+h8RQMrnZ+i06ZIiEYJoY9pmKdzR1erZve17GnKtElO09Tm9G3l15ajOv CJy0oM11uzCVNpKoAsKO0BzgBnboJhIqsTPaXeGUqWRbAX05DGgzTnX2Gkpwpdc7rFww 94nM2nGLy22VvKn64Ljzri9XpuN59b1AgWAzQUmlqOSSOA3uTtEFo3IW9JbEc6LwfPzz YR1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=WfMBOauA459nShKhJ+IhMN/TKNm/7Ix1O3QX4s59dBI=; fh=EbTXCzhZyWMi99XjBGEJxbrHbHiMpVnkFWCwhwmTNvY=; b=OW2lAbo2jFvPDbgfnOG1aM7nS7WFyBqx1R0OGsdMLlAsYkgw4GU9bteVteEeNzde27 TMCyxLpzJDi9pWc82EOs0KWAHchpazDw0uL33LS85k8Zih7KQ2/GkVYuFaPJ/Qzy4YJa rJ+oI14h9l2HGcwjvfQVhYr+ImCDGgrqYcs4h8ETQnYOCnKsK5Dai9RSD8fnQvNyIpt9 y7+OFIwMSYUDjsyuPHuUoWvJeCAw41wm7wrWMX93zMtdsvLu5N/gANH3vySzkUAWuQG1 S/OXEFmO41jiU+e8A5gbtr6xm4lek4aNx5jY4hZrEQpLNRTAkhRBrxBQX8e6qT7WEIVH 7WTQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=YlqH1jTc; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id r3-20020a1fda03000000b004da61bd8039si1207905vkg.35.2024.04.09.07.01.30 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 09 Apr 2024 07:01:30 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=YlqH1jTc; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ruC1X-00070b-Ll; Tue, 09 Apr 2024 10:00:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ruC1H-0006tB-TL for qemu-devel@nongnu.org; Tue, 09 Apr 2024 10:00:16 -0400 Received: from mail-ed1-x530.google.com ([2a00:1450:4864:20::530]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ruC1D-0004OF-PZ for qemu-devel@nongnu.org; Tue, 09 Apr 2024 10:00:15 -0400 Received: by mail-ed1-x530.google.com with SMTP id 4fb4d7f45d1cf-56e78970853so481614a12.0 for ; Tue, 09 Apr 2024 07:00:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1712671206; x=1713276006; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=WfMBOauA459nShKhJ+IhMN/TKNm/7Ix1O3QX4s59dBI=; b=YlqH1jTcBoFlUzQ4hoNlWUWaXRxxqLGk75/3783OtPLqmWWUwkG995H/L15MiEz6RC 74NYLrzQA1KXQuowiMtRgKRKDthJwn3BWGBuub1JHJTr1QZQJUFk6XjYcDVHoct24c4H CXMAg+E/GbvOws14HMOeq1B/ICiVTlyFLNVcSqjFXB9UjkqsoL2PwHPYriqhZgEiCIsC lE4owzMYT8jKPVpLDG6jhCb04g3gKG1/dhJU0P/W8qNpPkkyEiVFYtIWi4CeczatcA1c ivlsBgpH1Ya7xHoFrHNZ3R+BxgU1592C12oAysqJKbQ+JaAfY1+wRUBQ4Y4jTYmn774B Pzbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712671206; x=1713276006; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WfMBOauA459nShKhJ+IhMN/TKNm/7Ix1O3QX4s59dBI=; b=Lnz37/xWlhUOb5B/Y8ROdM9N127lb3/TwNNoPQbc18iJfmjI2bBTxojj0H5+HIiD19 zT38g4aP6Z3Go+mqrkrcIa6AkhQwCcMKHh+w0Ax3P23ochGrqlBD7XZC1fS5s8+E/WxO gkWnOygN2g1n6OFKUJRzEQKZn3LG2/edLPhh1WvPxR4igPMt1HdRlOb9Qbd9lkXQPlsw sQjw2s17Yi93a/ftKgKAe110DyFFlnCaN0gpiqWTfooSj7QwxE97AoXLYAf6o1A/AH2P 9Lfc6rdjhm+8tIwr40FcFpJ1qqCQhNl+WFsJZhS07zIN+o6tV2Wdvz0Fn/a92m5srBY+ 866Q== X-Gm-Message-State: AOJu0YyyRshqDHMzl+3DwAeUmxzuMJFSwts7he3qqAUWNqSR3aF9+XdE H/5nxOQEuKR6nkQljzXCBHnsTitYyoLVxxXNeiXUTEivphzGus+ITw85beRXB/Y/VM9nfVdKCOQ y X-Received: by 2002:a17:906:a850:b0:a51:8672:66e4 with SMTP id dx16-20020a170906a85000b00a51867266e4mr2732576ejb.22.1712671205969; Tue, 09 Apr 2024 07:00:05 -0700 (PDT) Received: from m1x-phil.lan ([176.176.160.134]) by smtp.gmail.com with ESMTPSA id m8-20020a1709061ec800b00a46d2e9fd73sm5715303ejj.222.2024.04.09.07.00.04 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Tue, 09 Apr 2024 07:00:05 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org, Kevin Wolf Cc: Qiang Liu , qemu-block@nongnu.org, Alexander Bulekov , Hanna Reitz , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Richard Henderson Subject: [PATCH-for-9.0 v2 3/3] hw/block/nand: Fix out-of-bound access in NAND block buffer Date: Tue, 9 Apr 2024 15:59:43 +0200 Message-ID: <20240409135944.24997-4-philmd@linaro.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240409135944.24997-1-philmd@linaro.org> References: <20240409135944.24997-1-philmd@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::530; envelope-from=philmd@linaro.org; helo=mail-ed1-x530.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org nand_command() and nand_getio() don't check @offset points into the block, nor the available data length (s->iolen) is not negative. In order to fix: - check the offset is in range in nand_blk_load_NAND_PAGE_SIZE(), - do not set @iolen if blk_load() failed. Reproducer: $ cat << EOF | qemu-system-arm -machine tosa \ -monitor none -serial none \ -display none -qtest stdio write 0x10000111 0x1 0xca write 0x10000104 0x1 0x47 write 0x1000ca04 0x1 0xd7 write 0x1000ca01 0x1 0xe0 write 0x1000ca04 0x1 0x71 write 0x1000ca00 0x1 0x50 write 0x1000ca04 0x1 0xd7 read 0x1000ca02 0x1 write 0x1000ca01 0x1 0x10 EOF ================================================================= ==15750==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61f000000de0 at pc 0x560e61557210 bp 0x7ffcfc4a59f0 sp 0x7ffcfc4a59e8 READ of size 1 at 0x61f000000de0 thread T0 #0 0x560e6155720f in mem_and hw/block/nand.c:101:20 #1 0x560e6155ac9c in nand_blk_write_512 hw/block/nand.c:663:9 #2 0x560e61544200 in nand_command hw/block/nand.c:293:13 #3 0x560e6153cc83 in nand_setio hw/block/nand.c:520:13 #4 0x560e61a0a69e in tc6393xb_nand_writeb hw/display/tc6393xb.c:380:13 #5 0x560e619f9bf7 in tc6393xb_writeb hw/display/tc6393xb.c:524:9 #6 0x560e647c7d03 in memory_region_write_accessor softmmu/memory.c:492:5 #7 0x560e647c7641 in access_with_adjusted_size softmmu/memory.c:554:18 #8 0x560e647c5f66 in memory_region_dispatch_write softmmu/memory.c:1514:16 #9 0x560e6485409e in flatview_write_continue softmmu/physmem.c:2825:23 #10 0x560e648421eb in flatview_write softmmu/physmem.c:2867:12 #11 0x560e64841ca8 in address_space_write softmmu/physmem.c:2963:18 #12 0x560e61170162 in qemu_writeb tests/qtest/videzzo/videzzo_qemu.c:1080:5 #13 0x560e6116eef7 in dispatch_mmio_write tests/qtest/videzzo/videzzo_qemu.c:1227:28 0x61f000000de0 is located 0 bytes to the right of 3424-byte region [0x61f000000080,0x61f000000de0) allocated by thread T0 here: #0 0x560e611276cf in malloc /root/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3 #1 0x7f7959a87e98 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x57e98) #2 0x560e64b98871 in object_new qom/object.c:749:12 #3 0x560e64b5d1a1 in qdev_new hw/core/qdev.c:153:19 #4 0x560e61547ea5 in nand_init hw/block/nand.c:639:11 #5 0x560e619f8772 in tc6393xb_init hw/display/tc6393xb.c:558:16 #6 0x560e6390bad2 in tosa_init hw/arm/tosa.c:250:12 SUMMARY: AddressSanitizer: heap-buffer-overflow hw/block/nand.c:101:20 in mem_and ==15750==ABORTING Broken since introduction in commit 3e3d5815cb ("NAND Flash memory emulation and ECC calculation helpers for use by NAND controllers"). Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1445 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1446 Reported-by: Qiang Liu Reviewed-by: Richard Henderson Reviewed-by: Kevin Wolf Signed-off-by: Philippe Mathieu-Daudé --- hw/block/nand.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/hw/block/nand.c b/hw/block/nand.c index 5a31d78b6b..e2433c25bd 100644 --- a/hw/block/nand.c +++ b/hw/block/nand.c @@ -255,7 +255,9 @@ static unsigned nand_load_block(NANDFlashState *s, unsigned offset) { unsigned iolen; - s->blk_load(s, s->addr, offset); + if (!s->blk_load(s, s->addr, offset)) { + return 0; + } iolen = (1 << s->page_shift); if (s->gnd) { @@ -783,6 +785,10 @@ static bool glue(nand_blk_load_, NAND_PAGE_SIZE)(NANDFlashState *s, return false; } + if (offset > NAND_PAGE_SIZE + OOB_SIZE) { + return false; + } + if (s->blk) { if (s->mem_oob) { if (blk_pread(s->blk, SECTOR(addr) << BDRV_SECTOR_BITS,