qemu/hw/misc at 2cac20cbf7b01e9a4e404db2ff9bee09ee26f315 - motorhead/qemu

mirror of https://github.com/Motorhead1991/qemu.git synced 2026-02-07 00:30:43 -07:00

History

Pierrick Bouvier 2cac20cbf7 hw/misc/npcm_clk: fix buffer-overflow Regression introduced by cf76c4 (hw/misc: Add nr_regs and cold_reset_values to NPCM CLK) cold_reset_values has a different size, depending on device used (NPCM7xx vs NPCM8xx). However, s->regs has a fixed size, which matches NPCM8xx. Thus, when initializing a NPCM7xx, we go past cold_reset_values ending. Report by asan: ==2066==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55d68a3e97f0 at pc 0x7fcaf2b2d14b bp 0x7ffff0cc3890 sp 0x7ffff0cc3040 READ of size 196 at 0x55d68a3e97f0 thread T0 #0 0x7fcaf2b2d14a in __interceptor_memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 #1 0x55d688447e0d in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:29 #2 0x55d688447e0d in npcm_clk_enter_reset ../hw/misc/npcm_clk.c:968 #3 0x55d6899b7213 in resettable_phase_enter ../hw/core/resettable.c:136 #4 0x55d6899a1ef7 in bus_reset_child_foreach ../hw/core/bus.c:97 #5 0x55d6899b717d in resettable_child_foreach ../hw/core/resettable.c:92 #6 0x55d6899b717d in resettable_phase_enter ../hw/core/resettable.c:129 #7 0x55d6899b4ead in resettable_container_child_foreach ../hw/core/resetcontainer.c:54 #8 0x55d6899b717d in resettable_child_foreach ../hw/core/resettable.c:92 #9 0x55d6899b717d in resettable_phase_enter ../hw/core/resettable.c:129 #10 0x55d6899b7bfa in resettable_assert_reset ../hw/core/resettable.c:55 #11 0x55d6899b8666 in resettable_reset ../hw/core/resettable.c:45 #12 0x55d688d15cd2 in qemu_system_reset ../system/runstate.c:527 #13 0x55d687fc5edd in qdev_machine_creation_done ../hw/core/machine.c:1738 #14 0x55d688d209bd in qemu_machine_creation_done ../system/vl.c:2779 #15 0x55d688d209bd in qmp_x_exit_preconfig ../system/vl.c:2807 #16 0x55d688d281fb in qemu_init ../system/vl.c:3838 #17 0x55d687ceab12 in main ../system/main.c:68 #18 0x7fcaef006249 (/lib/x86_64-linux-gnu/libc.so.6+0x27249) #19 0x7fcaef006304 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x27304) #20 0x55d687cf0010 in _start (/home/runner/work/qemu-ci/qemu-ci/build/qemu-system-arm+0x371c010) 0x55d68a3e97f0 is located 0 bytes to the right of global variable 'npcm7xx_cold_reset_values' defined in '../hw/misc/npcm_clk.c:134:23' (0x55d68a3e9780) of size 112 Impacted tests: Summary of Failures: check: 2/747 qemu:qtest+qtest-aarch64 / qtest-aarch64/qom-test ERROR 9.28s killed by signal 6 SIGABRT 4/747 qemu:qtest+qtest-arm / qtest-arm/qom-test ERROR 7.82s killed by signal 6 SIGABRT 32/747 qemu:qtest+qtest-aarch64 / qtest-aarch64/device-introspect-test ERROR 10.91s killed by signal 6 SIGABRT 35/747 qemu:qtest+qtest-arm / qtest-arm/device-introspect-test ERROR 11.33s killed by signal 6 SIGABRT 114/747 qemu:qtest+qtest-arm / qtest-arm/npcm7xx_pwm-test ERROR 0.98s killed by signal 6 SIGABRT 115/747 qemu:qtest+qtest-aarch64 / qtest-aarch64/test-hmp ERROR 2.95s killed by signal 6 SIGABRT 117/747 qemu:qtest+qtest-arm / qtest-arm/test-hmp ERROR 2.54s killed by signal 6 SIGABRT 151/747 qemu:qtest+qtest-arm / qtest-arm/npcm7xx_watchdog_timer-test ERROR 0.96s killed by signal 6 SIGABRT 247/747 qemu:qtest+qtest-arm / qtest-arm/npcm7xx_adc-test ERROR 0.96s killed by signal 6 SIGABRT 248/747 qemu:qtest+qtest-arm / qtest-arm/npcm7xx_gpio-test ERROR 1.05s killed by signal 6 SIGABRT 249/747 qemu:qtest+qtest-arm / qtest-arm/npcm7xx_rng-test ERROR 0.97s killed by signal 6 SIGABRT 250/747 qemu:qtest+qtest-arm / qtest-arm/npcm7xx_sdhci-test ERROR 0.97s killed by signal 6 SIGABRT 251/747 qemu:qtest+qtest-arm / qtest-arm/npcm7xx_smbus-test ERROR 0.89s killed by signal 6 SIGABRT 252/747 qemu:qtest+qtest-arm / qtest-arm/npcm7xx_timer-test ERROR 1.09s killed by signal 6 SIGABRT 253/747 qemu:qtest+qtest-arm / qtest-arm/npcm_gmac-test ERROR 1.12s killed by signal 6 SIGABRT 255/747 qemu:qtest+qtest-arm / qtest-arm/npcm7xx_emc-test ERROR 1.05s killed by signal 6 SIGABRT check-functional: 22/203 qemu:func-thorough+func-arm-thorough+thorough / func-arm-arm_quanta_gsj ERROR 0.79s exit status 1 38/203 qemu:func-quick+func-aarch64 / func-aarch64-migration ERROR 1.97s exit status 1 45/203 qemu:func-quick+func-arm / func-arm-migration ERROR 1.90s exit status 1 Fixes: `cf76c4e174` ("hw/misc: Add nr_regs and cold_reset_values to NPCM CLK") Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Hao Wu <wuhaotsh@google.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>		2025-02-25 15:32:58 +00:00
..
macio	Accel & Exec patch queue	2024-12-21 11:07:00 -05:00
a9scu.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
allwinner-a10-ccm.c	hw/arm: Mark Allwinner Technology devices as little-endian	2025-02-16 14:41:46 +01:00
allwinner-a10-dramc.c	hw/arm: Mark Allwinner Technology devices as little-endian	2025-02-16 14:41:46 +01:00
allwinner-cpucfg.c	hw/arm: Mark Allwinner Technology devices as little-endian	2025-02-16 14:41:46 +01:00
allwinner-h3-ccu.c	hw/arm: Mark Allwinner Technology devices as little-endian	2025-02-16 14:41:46 +01:00
allwinner-h3-dramc.c	hw/arm: Mark Allwinner Technology devices as little-endian	2025-02-16 14:41:46 +01:00
allwinner-h3-sysctrl.c	hw/arm: Mark Allwinner Technology devices as little-endian	2025-02-16 14:41:46 +01:00
allwinner-r40-ccu.c	hw/arm: Mark Allwinner Technology devices as little-endian	2025-02-16 14:41:46 +01:00
allwinner-r40-dramc.c	hw/arm: Mark Allwinner Technology devices as little-endian	2025-02-16 14:41:46 +01:00
allwinner-sid.c	hw/arm: Mark Allwinner Technology devices as little-endian	2025-02-16 14:41:46 +01:00
allwinner-sramc.c	hw/arm: Mark Allwinner Technology devices as little-endian	2025-02-16 14:41:46 +01:00
applesmc.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
arm11scu.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
arm_integrator_debug.c	arm: Update infocenter.arm.com URLs	2021-02-11 11:50:14 +00:00
arm_l2x0.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
arm_sysctl.c	hw/arm_sysctl: fix extracting 31th bit of val	2025-01-13 12:35:32 +00:00
armsse-cpu-pwrctrl.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
armsse-cpuid.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
armsse-mhu.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
armv7m_ras.c	arm: Move M-profile RAS register block into its own device	2021-09-01 11:08:18 +01:00
aspeed_hace.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
aspeed_i3c.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
aspeed_lpc.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
aspeed_peci.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
aspeed_sbc.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
aspeed_scu.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
aspeed_sdmc.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
aspeed_sli.c	aspeed/sli: Add AST2700 support	2024-06-16 21:08:54 +02:00
aspeed_xdma.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
auxbus.c	bulk: Rename TARGET_FMT_plx -> HWADDR_FMT_plx	2023-01-18 11:14:34 +01:00
avr_power.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
axp2xx.c	hw/misc: Constify VMState	2023-12-30 07:38:06 +11:00
bcm2835_cprman.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
bcm2835_mbox.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
bcm2835_mphi.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
bcm2835_powermgt.c	include: Rename sysemu/ -> system/	2024-12-20 17:44:56 +01:00
bcm2835_property.c	Accel & Exec patch queue	2024-12-21 11:07:00 -05:00
bcm2835_rng.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
bcm2835_thermal.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
debugexit.c	Accel & Exec patch queue	2024-12-21 11:07:00 -05:00
djmemc.c	hw, target: Add ResetType argument to hold and exit phase methods	2024-04-25 10:21:06 +01:00
eccmemctl.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
edu.c	Remove inclusion of hw/hw.h from files that don't need it	2024-07-02 06:58:48 +02:00
empty_slot.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
exynos4210_clk.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
exynos4210_pmu.c	include: Rename sysemu/ -> system/	2024-12-20 17:44:56 +01:00
exynos4210_rng.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
grlib_ahb_apb_pnp.c	hw/misc/grlib_ahb_apb_pnp: Support 8 and 16 bit accesses	2022-08-08 23:43:11 +02:00
i2c-echo.c	hw/misc/i2c-echo: add tracing	2025-01-31 19:36:44 +01:00
imx6_ccm.c	hw/misc: remove break after g_assert_not_reached()	2024-09-13 20:12:16 +02:00
imx6_src.c	hw/misc/imx6_src: Convert DPRINTF() to trace events	2025-01-13 17:16:04 +01:00
imx6ul_ccm.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
imx7_ccm.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
imx7_gpr.c	Clean up inclusion of sysemu/sysemu.h	2019-08-16 13:31:53 +02:00
imx7_snvs.c	include: Rename sysemu/ -> system/	2024-12-20 17:44:56 +01:00
imx7_src.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
imx25_ccm.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
imx31_ccm.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
imx_ccm.c	hw: Do not include qemu/log.h if it is not necessary	2021-05-02 17:24:50 +02:00
imx_rngc.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
iosb.c	hw, target: Add ResetType argument to hold and exit phase methods	2024-04-25 10:21:06 +01:00
iotkit-secctl.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
iotkit-sysctl.c	Accel & Exec patch queue	2024-12-21 11:07:00 -05:00
iotkit-sysinfo.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
ivshmem-flat.c	licenses: Remove SPDX tags not being license identifier for Linaro	2025-01-30 13:01:22 +03:00
ivshmem-pci.c	hw/misc/ivshmem: Rename ivshmem to ivshmem-pci	2024-12-31 21:21:34 +01:00
Kconfig	hw/misc/ivshmem-flat: Add ivshmem-flat device	2024-12-31 21:21:27 +01:00
lasi.c	include: Rename sysemu/ -> system/	2024-12-20 17:44:56 +01:00
led.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
mac_via.c	Accel & Exec patch queue	2024-12-21 11:07:00 -05:00
mchp_pfsoc_dmc.c	hw: Remove superfluous includes of hw/hw.h	2021-05-02 17:24:50 +02:00
mchp_pfsoc_ioscb.c	hw/{misc, riscv}: pfsoc: add system controller as unimplemented	2023-01-06 10:42:55 +10:00
mchp_pfsoc_sysreg.c	hw/{misc, riscv}: pfsoc: add system controller as unimplemented	2023-01-06 10:42:55 +10:00
meson.build	hw/misc: Rename npcm7xx_clk to npcm_clk	2025-02-20 15:22:22 +00:00
mips_cmgcr.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
mips_cpc.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
mips_itu.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
mos6522.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
mps2-fpgaio.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
mps2-scc.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
msf2-sysreg.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
npcm7xx_mft.c	hw/misc: cast rpm to uint64_t	2025-01-13 12:35:32 +00:00
npcm7xx_pwm.c	hw, target: Add ResetType argument to hold and exit phase methods	2024-04-25 10:21:06 +01:00
npcm7xx_rng.c	hw/misc: Constify VMState	2023-12-30 07:38:06 +11:00
npcm_clk.c	hw/misc/npcm_clk: fix buffer-overflow	2025-02-25 15:32:58 +00:00
npcm_gcr.c	hw/misc: Add nr_regs and cold_reset_values to NPCM CLK	2025-02-20 15:22:22 +00:00
nrf51_rng.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
omap_clk.c	hw/misc/omap_clk: Remove OMAP2-specifics	2024-10-01 14:57:55 +01:00
pc-testdev.c	Use OBJECT_DECLARE_SIMPLE_TYPE when possible	2020-09-18 14:12:32 -04:00
pci-testdev.c	Accel & Exec patch queue	2024-12-21 11:07:00 -05:00
pvpanic-isa.c	Accel & Exec patch queue	2024-12-21 11:07:00 -05:00
pvpanic-pci.c	Accel & Exec patch queue	2024-12-21 11:07:00 -05:00
pvpanic.c	include: Rename sysemu/ -> system/	2024-12-20 17:44:56 +01:00
sbsa_ec.c	include: Rename sysemu/ -> system/	2024-12-20 17:44:56 +01:00
sifive_e_aon.c	Accel & Exec patch queue	2024-12-21 11:07:00 -05:00
sifive_e_prci.c	hw: Remove superfluous includes of hw/hw.h	2021-05-02 17:24:50 +02:00
sifive_test.c	include: Rename sysemu/ -> system/	2024-12-20 17:44:56 +01:00
sifive_u_otp.c	Accel & Exec patch queue	2024-12-21 11:07:00 -05:00
sifive_u_prci.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
slavio_misc.c	include: Rename sysemu/ -> system/	2024-12-20 17:44:56 +01:00
stm32_rcc.c	hw/misc/stm32_rcc: Implement RCC device for STM32F4 SoCs	2024-10-15 11:29:45 +01:00
stm32f2xx_syscfg.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
stm32f4xx_exti.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
stm32f4xx_syscfg.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00
stm32l4x5_exti.c	hw/misc: In STM32L4x5 EXTI, handle direct interrupts	2024-07-11 11:41:34 +01:00
stm32l4x5_rcc.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
stm32l4x5_syscfg.c	hw/misc: Create STM32L4x5 SYSCFG clock	2024-10-15 11:29:45 +01:00
trace-events	hw/misc: Move NPCM7XX CLK to NPCM CLK	2025-02-20 15:22:22 +00:00
trace.h	trace: switch position of headers to what Meson requires	2020-08-21 06:18:24 -04:00
tz-mpc.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
tz-msc.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
tz-ppc.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
unimp.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
virt_ctrl.c	include: Rename sysemu/ -> system/	2024-12-20 17:44:56 +01:00
vmcoreinfo.c	hw/misc/vmcoreinfo: Convert to three-phase reset interface	2025-01-13 17:16:04 +01:00
xlnx-cfi-if.c	hw/misc: Introduce the Xilinx CFI interface	2023-09-08 16:41:34 +01:00
xlnx-versal-cframe-reg.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
xlnx-versal-cfu.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
xlnx-versal-crl.c	hw, target: Add ResetType argument to hold and exit phase methods	2024-04-25 10:21:06 +01:00
xlnx-versal-pmc-iou-slcr.c	hw, target: Add ResetType argument to hold and exit phase methods	2024-04-25 10:21:06 +01:00
xlnx-versal-trng.c	Constify all opaque Property pointers	2024-12-19 19:36:37 +01:00
xlnx-versal-xramc.c	include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST	2024-12-19 19:36:37 +01:00
xlnx-zynqmp-apu-ctrl.c	hw, target: Add ResetType argument to hold and exit phase methods	2024-04-25 10:21:06 +01:00
xlnx-zynqmp-crf.c	hw, target: Add ResetType argument to hold and exit phase methods	2024-04-25 10:21:06 +01:00
zynq_slcr.c	Accel & Exec patch queue	2024-12-21 11:07:00 -05:00