From patchwork Sun Sep  8 13:11:26 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Thomas Huth <huth@tuxfamily.org>
X-Patchwork-Id: 826451
Delivered-To: patch@linaro.org
Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp1562954wrb;
 Sun, 8 Sep 2024 06:12:38 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCXdxqenuPyUCYyS+h+lzpkaQ2yTyAvh7qdDN5WP789mHiMTIBLpNiWsLs6kD8o9yOG/wKdDqQ==@linaro.org
X-Google-Smtp-Source: AGHT+IEZ0SCDbz76Ka0dtGLuE3gqZNPrwwX5jdRdXmtoN6m8BA4DxpfIzmBvfThiGdK++xmTojTz
X-Received: by 2002:a05:6214:590f:b0:6c3:7047:71f5 with SMTP id
 6a1803df08f44-6c52850e95cmr125522376d6.49.1725801157792;
 Sun, 08 Sep 2024 06:12:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1725801157; cv=none;
 d=google.com; s=arc-20240605;
 b=hbIfaZkwfVITc7VXuXaKMmt9L3avdbX7b5ptVrZpUHaeEiJhPETl/aeAbC3zpMYgp1
 NnDvELcHV4zRTaapj8ePOjYsxItZGS8y13+c4/eYawde2AEGR7jQxPf/7GplgUoamoDw
 98UXYG1OT9UJJaBL9UVeXy7aIEaRqpRk76Lxp+6t3PWHEdNGX4N2KfZHtL+y+0ncMeow
 1nD48qE2s3gBqlt2WhsUsQ769hN/1c7pCW7D0N5cK5HaLg4XQqo1odPAkEekZwnwSR8w
 su0TbW3u1J1yY1vjISziI5qW2mMCiu232iDLXguA+qG8pwcK7baz11nnWZlomCUDkynK
 UWNQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:cc:to
 :from; bh=QChWw5AXY/Eh/tPeZIzDezE86tfwMhZTwskv5OivgNc=;
 fh=tOREyZHlK9Diwyw/7bj5IUyLT4I5EVkj5DE8XDtMiTs=;
 b=A9ls3r4U48outBiPgCkmxjq6WhGWBfKJhEkfSwFy0GRQT95UB9/G4+oiyLiqFrWjC2
 tqCFac8LtOaxveVyXzM6BDgY7493X2YOixZ+pJ01EvfmHeOrGqSl1oR/zO1nob5xVFwO
 biNsMY4Xx1mhvlOl3v74APuH1ElBluplppoJmbUUk8TWejqW5Se+Kr2tiQCe+tZ5LYZ5
 BdZBHOITw9lbZTf7p32UmJWMqjKB1k0k8tvFVr7TgILSekSpAxJ/ka7sJ1qxZHpsrCwa
 TMcjTVjzS9A2/pPJdfmWzd0iaU0jOg3KeoCX5DDUdDnUDWPf4dad/45Fjvg5UsQH/+aF
 fOow==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 6a1803df08f44-6c53433dc86si31998726d6.159.2024.09.08.06.12.37
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Sun, 08 Sep 2024 06:12:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1snHht-0002uS-E5; Sun, 08 Sep 2024 09:11:57 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <th.huth@gmail.com>) id 1snHho-0002pZ-Ij
 for qemu-devel@nongnu.org; Sun, 08 Sep 2024 09:11:52 -0400
Received: from mail-ed1-f46.google.com ([209.85.208.46])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <th.huth@gmail.com>) id 1snHhm-0000fI-C1
 for qemu-devel@nongnu.org; Sun, 08 Sep 2024 09:11:52 -0400
Received: by mail-ed1-f46.google.com with SMTP id
 4fb4d7f45d1cf-5c3d20eed0bso3380775a12.0
 for <qemu-devel@nongnu.org>; Sun, 08 Sep 2024 06:11:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1725801109; x=1726405909;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=QChWw5AXY/Eh/tPeZIzDezE86tfwMhZTwskv5OivgNc=;
 b=jQO6PMfTQPum76YKF1p8zuYAD0V0kddLE5tpKvh+dbBM3Hpppg74t9gxzbsFKQb0Ru
 wl1QvI2U+f5TWqYUevYbmOHqoI6hBcLBTf4O1oFDDZ9z9vp1v4yRYIoHabcauvANE1FD
 S9p+tBL4GU/w+iq8NIGQWQG4kRYEsT7ZNBI2P86Gsn2UjQwQbBe6fB0jZ4Lu675gDdBe
 X7xrhvLewO403a+73UO7ec3KO5OrxPwwqZnWyFwzr4iFg1Jz/vZZ6rEjGWWijJ5QJrOm
 bDAt2RY20mGR94WFLGZUaKS+dw6fQtw9b3Y93OOUf18LCoino/Vf4kx4s2Cs5VgrPjFE
 K3lQ==
X-Gm-Message-State: AOJu0YyBkYUrWQp1ppnmdLmBdVKP15yh6zgcBNfaeH2ZBBdlBOOOo+9G
 bWjlWGDPCznuMT9Wcgm2mf3VOdENTft7IELmvH44dUE+i32eeHLINJz/Lw==
X-Received: by 2002:a05:6402:13cc:b0:5c3:1089:ff23 with SMTP id
 4fb4d7f45d1cf-5c3dc7c92bfmr5171376a12.35.1725801108417;
 Sun, 08 Sep 2024 06:11:48 -0700 (PDT)
Received: from fedora.. (ip-109-43-115-52.web.vodafone.de. [109.43.115.52])
 by smtp.gmail.com with ESMTPSA id
 4fb4d7f45d1cf-5c3ebd5212asm1842418a12.57.2024.09.08.06.11.47
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 08 Sep 2024 06:11:48 -0700 (PDT)
From: Thomas Huth <huth@tuxfamily.org>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>
Subject: [PULL 1/3] hw/m68k/mcf5208: Avoid shifting off end of integer
Date: Sun,  8 Sep 2024 15:11:26 +0200
Message-ID: <20240908131128.19384-2-huth@tuxfamily.org>
X-Mailer: git-send-email 2.46.0
In-Reply-To: <20240908131128.19384-1-huth@tuxfamily.org>
References: <20240908131128.19384-1-huth@tuxfamily.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=209.85.208.46; envelope-from=th.huth@gmail.com;
 helo=mail-ed1-f46.google.com
X-Spam_score_int: -15
X-Spam_score: -1.6
X-Spam_bar: -
X-Spam_report: (-1.6 / 5.0 requ) BAYES_00=-1.9,
 FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001,
 HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001,
 RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

From: Peter Maydell <peter.maydell@linaro.org>

In m5208_sys_read(), we have a loop of n from 0 to 31, and we
calculate (2u << n).  For the n == 31 iteration this will shift off
the top of the unsigned 32 bit integer.

This is harmless, because we're going to stop the loop with n == 31
anyway, but we can avoid the error by using 64-bit arithmetic here.

(The SDCS0 register is documented at
https://www.nxp.com/docs/en/reference-manual/MCF5208RM.pdf
section 18.4.5; we want the lower 5 bits to indicate the
RAM size, where 31 == 4GB, 30 == 2GB, and so on down.
As it happens, the layout of the mcf5208evb board memory map
means it doesn't make sense to have more than 1GB of RAM
in any case.)

Resolves: Coverity CID 1547727
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Message-ID: <20240830173452.2086140-2-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
---
 hw/m68k/mcf5208.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/m68k/mcf5208.c b/hw/m68k/mcf5208.c
index ec14096aa4..0ad347dfa8 100644
--- a/hw/m68k/mcf5208.c
+++ b/hw/m68k/mcf5208.c
@@ -158,7 +158,7 @@ static uint64_t m5208_sys_read(void *opaque, hwaddr addr,
         {
             int n;
             for (n = 0; n < 32; n++) {
-                if (current_machine->ram_size < (2u << n)) {
+                if (current_machine->ram_size < (2ULL << n)) {
                     break;
                 }
             }

From patchwork Sun Sep  8 13:11:27 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Thomas Huth <huth@tuxfamily.org>
X-Patchwork-Id: 826450
Delivered-To: patch@linaro.org
Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp1562933wrb;
 Sun, 8 Sep 2024 06:12:34 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCXiYJtcIEFCjHtttHX6QkM7FA2/x1N0jaAVGGN1EWTGqoeK9BB5PlcdjfLYYXZVorGOySLNhg==@linaro.org
X-Google-Smtp-Source: AGHT+IGDcva9QDaCk7wN5x79/Dxzg4UI2duXteywwLJIt/9eSr9Pm73QgbfEctTgMBmKN3qGbhey
X-Received: by 2002:a05:620a:46a9:b0:7a9:b250:d57b with SMTP id
 af79cd13be357-7a9b250d7ffmr277595985a.5.1725801154189;
 Sun, 08 Sep 2024 06:12:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1725801154; cv=none;
 d=google.com; s=arc-20240605;
 b=R5OafT3wpUKS6AT39L0RXj0dmBIFCc3bnlCwuNhC+VX8x02niz26bbf2Cv0qRq1/sN
 /YIPhhsFJGZwzOrzdaVIcLOkJLTUFF026aRdHLIhTYzyGXYYv3kT6CgbXEr1zF5hbnYu
 65SzTBrK5JzgJJV+A0zUYyFnKmk4+JCtT4LTu29nGWGUHMEf5ZSfpWL1XPS6wbFNUUyR
 Ro/sE8yUrnHoTvWb/s7tZZI0akm8vxKuIMK05+T+0tSZBwefxwWHOjBKPpEEhbb9OUph
 s03tTYUS0NoEp4+xkA22Cb47EE8JMNOphRZ1DI0XkHjuAiw+ZnLd2P6DOCtATJYSVo6L
 FMCw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:cc:to
 :from; bh=9q+YIIrgdQyzRQXNqBoVfQ3f8EP3T/uI3ZqwIVVnwUc=;
 fh=tOREyZHlK9Diwyw/7bj5IUyLT4I5EVkj5DE8XDtMiTs=;
 b=OFm7hsCyb3oHdYAQecYHr4CsOQHhuH8ers1jLlYpDUkqb3AOSl0uy1EOMw+A09erWq
 tHgfLnC84KkPamCMXCyNpcT4ZmlhKUXjBfGxXpJXEMjVG2zMw9js84l/78GbXnvXFRhO
 8rnqXWbzTyh4NGSCEqZtKVWgBOGv6+OO2GnfeBFoP4b5wyKLkxq45ANtvjaNX5pUbUsr
 b7OKLggaIyUsbfGfGZPDqhiBR2GTxtfXywoK91uhBMrVIAZYpL2tBq3c8FnoM2Z+VOXb
 Y3QOwN6+lJxpblzT8d7uNOdemzV1is4wzMCW0lUgeIAP13zrkdcg1YVMOg5f4cGhk4H4
 mFNA==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 af79cd13be357-7a9a9d12d71si288377985a.609.2024.09.08.06.12.34
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Sun, 08 Sep 2024 06:12:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1snHhu-00030B-Od; Sun, 08 Sep 2024 09:11:58 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <th.huth@gmail.com>) id 1snHhq-0002rA-78
 for qemu-devel@nongnu.org; Sun, 08 Sep 2024 09:11:54 -0400
Received: from mail-lj1-f172.google.com ([209.85.208.172])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <th.huth@gmail.com>) id 1snHhn-0000fL-AS
 for qemu-devel@nongnu.org; Sun, 08 Sep 2024 09:11:52 -0400
Received: by mail-lj1-f172.google.com with SMTP id
 38308e7fff4ca-2f75f116d11so9580911fa.1
 for <qemu-devel@nongnu.org>; Sun, 08 Sep 2024 06:11:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1725801109; x=1726405909;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=9q+YIIrgdQyzRQXNqBoVfQ3f8EP3T/uI3ZqwIVVnwUc=;
 b=Nvx9i2EtC6qYADQfF5JMcr9cPXabUjqq9Bu1bhVBpc8Jtfu+V/eUWkusgMQvPdLEqW
 9pKtBWVx+07jPzlxEHrLHmrN37OWrkwA1H5JBkYDXIeK9f+7QeL8cQVmiqw5xcARx/Wq
 k2AyNebxF+wzYPni2xRCB2UsSn9ga2nTG4SF//sElaINaGqacY+0GIhIN853adHPtkKd
 dLLu0OV3dbsTLJbOK5QJtDJvEkWA53YrM0N+XQHLdsYTvy/8PDUCOXh2FNp0WPKoPG6u
 cDLwy+wWCzmwOiNpZUdn53+nyC9cJqH4QeAxrl6w552TPhdaQCl3MQ5I/LVIjczla0dV
 ybIg==
X-Gm-Message-State: AOJu0YyfK/16aZd2n4tl82H4S6E5HT4BhEzsh5s0VWcIb0eSB746XHFS
 tp0ZMDwADLhDzYLG5P5P1JTWfIZ7xYFkMMRIrIET0YqgdqxTRidt7edSKA==
X-Received: by 2002:a05:651c:20c:b0:2f3:ee44:c6de with SMTP id
 38308e7fff4ca-2f751f2b7ebmr47425381fa.27.1725801109323;
 Sun, 08 Sep 2024 06:11:49 -0700 (PDT)
Received: from fedora.. (ip-109-43-115-52.web.vodafone.de. [109.43.115.52])
 by smtp.gmail.com with ESMTPSA id
 4fb4d7f45d1cf-5c3ebd5212asm1842418a12.57.2024.09.08.06.11.48
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 08 Sep 2024 06:11:49 -0700 (PDT)
From: Thomas Huth <huth@tuxfamily.org>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>
Subject: [PULL 2/3] hw/m68k/mcf5208: Add URLs for datasheets
Date: Sun,  8 Sep 2024 15:11:27 +0200
Message-ID: <20240908131128.19384-3-huth@tuxfamily.org>
X-Mailer: git-send-email 2.46.0
In-Reply-To: <20240908131128.19384-1-huth@tuxfamily.org>
References: <20240908131128.19384-1-huth@tuxfamily.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=209.85.208.172; envelope-from=th.huth@gmail.com; 
 helo=mail-lj1-f172.google.com
X-Spam_score_int: -15
X-Spam_score: -1.6
X-Spam_bar: -
X-Spam_report: (-1.6 / 5.0 requ) BAYES_00=-1.9,
 FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001,
 HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001,
 RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

From: Peter Maydell <peter.maydell@linaro.org>

The datasheets for the SoC and board we model here are still
available from the NXP website; add their URLs and titles for
future reference.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Message-ID: <20240830173452.2086140-3-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
---
 hw/m68k/mcf5208.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/hw/m68k/mcf5208.c b/hw/m68k/mcf5208.c
index 0ad347dfa8..b6677ad6bc 100644
--- a/hw/m68k/mcf5208.c
+++ b/hw/m68k/mcf5208.c
@@ -4,6 +4,14 @@
  * Copyright (c) 2007 CodeSourcery.
  *
  * This code is licensed under the GPL
+ *
+ * This file models both the MCF5208 SoC, and the
+ * MCF5208EVB evaluation board. For details see
+ *
+ * "MCF5208 Reference Manual"
+ * https://www.nxp.com/docs/en/reference-manual/MCF5208RM.pdf
+ * "M5208EVB-RevB 32-bit Microcontroller User Manual"
+ * https://www.nxp.com/docs/en/reference-manual/M5208EVBUM.pdf
  */
 
 #include "qemu/osdep.h"

From patchwork Sun Sep  8 13:11:28 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Thomas Huth <huth@tuxfamily.org>
X-Patchwork-Id: 826452
Delivered-To: patch@linaro.org
Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp1562963wrb;
 Sun, 8 Sep 2024 06:12:39 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCWrXIU2SMH5kWvz7veZfFtCh3tIk3H0u9BIgFJiJP1Rli9Tl7NcrL1cRo932JmZXEhjPYuZuQ==@linaro.org
X-Google-Smtp-Source: AGHT+IEVJk8Iot1WPkeFqlFj9QDfvoiAoNgxYd/GzIh/N0o9g6INNpGYZwwqaugOF8q9Vs+Aaier
X-Received: by 2002:ac8:5905:0:b0:456:7856:7a9f with SMTP id
 d75a77b69052e-4580c670928mr125732941cf.9.1725801159012;
 Sun, 08 Sep 2024 06:12:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1725801158; cv=none;
 d=google.com; s=arc-20240605;
 b=NAXS+Xc3fHO2CS6Is4PQjPWzAbPy0ZqgqMBd1As8g2zQNp4b/3xWydwVwlHH9ZDxR0
 3xhDFIVLa+/OsfA5DQaG1yil9LCY5Axz4m896sCYOXynbfF9sUjr6hssH7+ApMoyePDu
 g1PESX4IXyQBcKhtENZS2e+/adB6scQ0HanzPE4ImGpFRQqtVoTZboAqJ7CZcprd3pKh
 8AR9ytE2odZ0xmhMaMApw+PsHIIk0zRjfxRbZsp6krdhYUffjqK8x2mt0Z9tg/l/cEN/
 BxQVP5EqxZDgSiylsHHMdFa/ftZ4Byf7HhNU0Xz+ToHnMwQxkCNxsr1Rs9fPCSw+otux
 xxzw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:cc:to
 :from; bh=ptL0ygfbb0Laz2aJR63ekKAa+9PX2hwP/FjTByTmNXI=;
 fh=tOREyZHlK9Diwyw/7bj5IUyLT4I5EVkj5DE8XDtMiTs=;
 b=Ruu6GV/KA33nUQe4OIYL0yha7wS3OLLrcyODPCwixakWyOESL8Hg4ueXiHVoVjkBt1
 y5Y/G0JYTkPRGXyx4RDKop/6u2AoXp/Q5Jq122Bx984Tq+haMocUTlsiApM86Cmm4qb2
 0yxj80rIsIWZS2CIUFPapBYiAihQ0nXc23A9RNJpLBq5oqzDxypomFI7oEmL9uclnCk4
 HC8TrehVLzGuGcXdjFaqcJzTBzwkWLkZeB8PEBBQBKRaeL/+wkkw+tnK3AQQNeQVZ5Uo
 DxJ6fVrGeYvbxh+Ph6IUNYQt+/rWl661nwn56yUJbyyAvrlpamnN/fx2o7MoIVLOlPm1
 vAmw==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 d75a77b69052e-4583129c06asi2966831cf.98.2024.09.08.06.12.38
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Sun, 08 Sep 2024 06:12:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1snHhu-0002x2-2a; Sun, 08 Sep 2024 09:11:58 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <th.huth@gmail.com>) id 1snHhp-0002qq-W3
 for qemu-devel@nongnu.org; Sun, 08 Sep 2024 09:11:54 -0400
Received: from mail-ed1-f50.google.com ([209.85.208.50])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <th.huth@gmail.com>) id 1snHho-0000fj-B2
 for qemu-devel@nongnu.org; Sun, 08 Sep 2024 09:11:53 -0400
Received: by mail-ed1-f50.google.com with SMTP id
 4fb4d7f45d1cf-5c3d209db94so3604846a12.3
 for <qemu-devel@nongnu.org>; Sun, 08 Sep 2024 06:11:51 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1725801111; x=1726405911;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=ptL0ygfbb0Laz2aJR63ekKAa+9PX2hwP/FjTByTmNXI=;
 b=SGtVCfbCc0IelJvShjTpu/by4xCjUHsJ13ItZPEMvw2C5W7tived9+qro4f4l0FBji
 tQhzZIFIBuYlvUfB3pS5je30UXtR4QyxyLPFoMSGyrHF6Hjw3VIyAtyyhuzjcNnZIlsi
 +CB1/IAMNoUOS92L+h5Y6YczNA2s0Q/2X9nMpB6ktHaJ1VBg5ZRdGUZtimgOywzPzaJZ
 iUPFIYOuOQzIBVsOgqwZIc+4wn20hn8bLoso6Qz7qs8iLDIPKId10Dk99Pp5xEhMrMeM
 7Kw9AD3Yff+nMwQhnYNmRB9NEU3dg2IBKo07U2q8qvkEHY1o/D6HN8BXbY5dbIO6UJm7
 tpoA==
X-Gm-Message-State: AOJu0Yyaiu+P9Jlih+TR9nbL+wwtxeqUGQtQIUjegfQ9lK3U+fJe2+HL
 yZSVZGEvuKVcgRr4CDmV/TJZv+ATi0otqEU0HH75LndlK6j2qS+58YOohO8q
X-Received: by 2002:a17:906:c14c:b0:a86:894e:cd09 with SMTP id
 a640c23a62f3a-a8d1bf75f35mr677789066b.9.1725801110787;
 Sun, 08 Sep 2024 06:11:50 -0700 (PDT)
Received: from fedora.. (ip-109-43-115-52.web.vodafone.de. [109.43.115.52])
 by smtp.gmail.com with ESMTPSA id
 4fb4d7f45d1cf-5c3ebd5212asm1842418a12.57.2024.09.08.06.11.49
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 08 Sep 2024 06:11:50 -0700 (PDT)
From: Thomas Huth <huth@tuxfamily.org>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>
Subject: [PULL 3/3] hw/nubus/nubus-device: Range check 'slot' property
Date: Sun,  8 Sep 2024 15:11:28 +0200
Message-ID: <20240908131128.19384-4-huth@tuxfamily.org>
X-Mailer: git-send-email 2.46.0
In-Reply-To: <20240908131128.19384-1-huth@tuxfamily.org>
References: <20240908131128.19384-1-huth@tuxfamily.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=209.85.208.50; envelope-from=th.huth@gmail.com;
 helo=mail-ed1-f50.google.com
X-Spam_score_int: -15
X-Spam_score: -1.6
X-Spam_bar: -
X-Spam_report: (-1.6 / 5.0 requ) BAYES_00=-1.9,
 FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001,
 HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001,
 RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

From: Peter Maydell <peter.maydell@linaro.org>

The TYPE_NUBUS_DEVICE class lets the user specify the nubus slot
using an int32 "slot" QOM property.  Its realize method doesn't do
any range checking on this value, which Coverity notices by way of
the possibility that 'nd->slot * NUBUS_SUPER_SLOT_SIZE' might
overflow the 32-bit arithmetic it is using.

Constrain the slot value to be less than NUBUS_SLOT_NB (16).

Resolves: Coverity CID 1464070
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-ID: <20240830173452.2086140-4-peter.maydell@linaro.org>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Thomas Huth <huth@tuxfamily.org>
---
 hw/nubus/nubus-device.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/hw/nubus/nubus-device.c b/hw/nubus/nubus-device.c
index be4cb24696..26fbcf29a2 100644
--- a/hw/nubus/nubus-device.c
+++ b/hw/nubus/nubus-device.c
@@ -35,6 +35,13 @@ static void nubus_device_realize(DeviceState *dev, Error **errp)
     uint8_t *rom_ptr;
     int ret;
 
+    if (nd->slot < 0 || nd->slot >= NUBUS_SLOT_NB) {
+        error_setg(errp,
+                   "'slot' value %d out of range (must be between 0 and %d)",
+                   nd->slot, NUBUS_SLOT_NB - 1);
+        return;
+    }
+
     /* Super */
     slot_offset = nd->slot * NUBUS_SUPER_SLOT_SIZE;