summaryrefslogtreecommitdiffstats
path: root/hw/intc/arm_gicv3_its.c
diff options
context:
space:
mode:
authorPeter Maydell2022-02-01 20:32:07 +0100
committerPeter Maydell2022-02-08 11:56:29 +0100
commitd7d359c4ac1cafd1051c5f6f7ff8349aba579718 (patch)
treed186dc86d4313218df16be91cf9b49fdeb2d4eec /hw/intc/arm_gicv3_its.c
parenthw/intc/arm_gicv3_its: Don't allow intid 1023 in MAPI/MAPTI (diff)
downloadqemu-d7d359c4ac1cafd1051c5f6f7ff8349aba579718.tar.gz
qemu-d7d359c4ac1cafd1051c5f6f7ff8349aba579718.tar.xz
qemu-d7d359c4ac1cafd1051c5f6f7ff8349aba579718.zip
hw/intc/arm_gicv3_its: Split error checks
In most of the ITS command processing, we check different error possibilities one at a time and log them appropriately. In process_mapti() and process_mapd() we have code which checks multiple error cases at once, which means the logging is less specific than it could be. Split those cases up. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220201193207.2771604-14-peter.maydell@linaro.org
Diffstat (limited to 'hw/intc/arm_gicv3_its.c')
-rw-r--r--hw/intc/arm_gicv3_its.c52
1 files changed, 31 insertions, 21 deletions
diff --git a/hw/intc/arm_gicv3_its.c b/hw/intc/arm_gicv3_its.c
index 8dade9440a..4f598d3c14 100644
--- a/hw/intc/arm_gicv3_its.c
+++ b/hw/intc/arm_gicv3_its.c
@@ -404,19 +404,29 @@ static ItsCmdResult process_mapti(GICv3ITSState *s, const uint64_t *cmdpkt,
num_eventids = 1ULL << (dte.size + 1);
num_intids = 1ULL << (GICD_TYPER_IDBITS + 1);
- if ((icid >= s->ct.num_entries)
- || !dte.valid || (eventid >= num_eventids) ||
- (((pIntid < GICV3_LPI_INTID_START) || (pIntid >= num_intids)))) {
+ if (icid >= s->ct.num_entries) {
qemu_log_mask(LOG_GUEST_ERROR,
- "%s: invalid command attributes "
- "icid %d or eventid %d or pIntid %d or"
- "unmapped dte %d\n", __func__, icid, eventid,
- pIntid, dte.valid);
- /*
- * in this implementation, in case of error
- * we ignore this command and move onto the next
- * command in the queue
- */
+ "%s: invalid ICID 0x%x >= 0x%x\n",
+ __func__, icid, s->ct.num_entries);
+ return CMD_CONTINUE;
+ }
+
+ if (!dte.valid) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: no valid DTE for devid 0x%x\n", __func__, devid);
+ return CMD_CONTINUE;
+ }
+
+ if (eventid >= num_eventids) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: invalid event ID 0x%x >= 0x%" PRIx64 "\n",
+ __func__, eventid, num_eventids);
+ return CMD_CONTINUE;
+ }
+
+ if (pIntid < GICV3_LPI_INTID_START || pIntid >= num_intids) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: invalid interrupt ID 0x%x\n", __func__, pIntid);
return CMD_CONTINUE;
}
@@ -529,16 +539,16 @@ static ItsCmdResult process_mapd(GICv3ITSState *s, const uint64_t *cmdpkt)
dte.ittaddr = (cmdpkt[2] & ITTADDR_MASK) >> ITTADDR_SHIFT;
dte.valid = cmdpkt[2] & CMD_FIELD_VALID_MASK;
- if ((devid >= s->dt.num_entries) ||
- (dte.size > FIELD_EX64(s->typer, GITS_TYPER, IDBITS))) {
+ if (devid >= s->dt.num_entries) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "ITS MAPD: invalid device ID field 0x%x >= 0x%x\n",
+ devid, s->dt.num_entries);
+ return CMD_CONTINUE;
+ }
+
+ if (dte.size > FIELD_EX64(s->typer, GITS_TYPER, IDBITS)) {
qemu_log_mask(LOG_GUEST_ERROR,
- "ITS MAPD: invalid device table attributes "
- "devid %d or size %d\n", devid, dte.size);
- /*
- * in this implementation, in case of error
- * we ignore this command and move onto the next
- * command in the queue
- */
+ "ITS MAPD: invalid size %d\n", dte.size);
return CMD_CONTINUE;
}