diff options
author | Philippe Mathieu-Daudé | 2020-09-07 03:55:29 +0200 |
---|---|---|
committer | Paolo Bonzini | 2020-09-30 19:09:20 +0200 |
commit | 6ab9be1ec1267865c2f4c334668e05f5810b8836 (patch) | |
tree | 5155b78cfd8506b51fa6955c70e83ff0fea81ce9 /hw/char | |
parent | configure: rename QEMU_GA_MSI_ENABLED to CONFIG_QGA_MSI (diff) | |
download | qemu-6ab9be1ec1267865c2f4c334668e05f5810b8836.tar.gz qemu-6ab9be1ec1267865c2f4c334668e05f5810b8836.tar.xz qemu-6ab9be1ec1267865c2f4c334668e05f5810b8836.zip |
hw/char/serial: Assert serial_ioport_read/write offset fits 8 bytes
The serial device has 8 registers, each 8-bit. The MemoryRegionOps
'serial_io_ops' is initialized with max_access_size=1, and all
memory_region_init_io() callers correctly set the region size to
8 bytes:
- serial_io_realize
- serial_isa_realizefn
- serial_pci_realize
- multi_serial_pci_realize
It is safe to assert the offset argument of serial_ioport_read()
and serial_ioport_write() is always less than 8.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200907015535.827885-2-f4bug@amsat.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'hw/char')
-rw-r--r-- | hw/char/serial.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/hw/char/serial.c b/hw/char/serial.c index fd80ae5592..840da89de7 100644 --- a/hw/char/serial.c +++ b/hw/char/serial.c @@ -344,7 +344,7 @@ static void serial_ioport_write(void *opaque, hwaddr addr, uint64_t val, { SerialState *s = opaque; - addr &= 7; + assert(size == 1 && addr < 8); trace_serial_ioport_write(addr, val); switch(addr) { default: @@ -485,7 +485,7 @@ static uint64_t serial_ioport_read(void *opaque, hwaddr addr, unsigned size) SerialState *s = opaque; uint32_t ret; - addr &= 7; + assert(size == 1 && addr < 8); switch(addr) { default: case 0: |