On Sun, 28 Apr 2024 at 19:12, Alexandra Diupina <adiup...@astralinux.ru> wrote:
>
> Add xlnx_dpdma_read_descriptor() and
> xlnx_dpdma_write_descriptor() functions.
> xlnx_dpdma_read_descriptor() combines reading a
> descriptor from desc_addr by calling dma_memory_read()
> and swapping the desc fields from guest memory order
> to host memory order. xlnx_dpdma_write_descriptor()
> performs similar actions when writing a descriptor.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: d3c6369a96 ("introduce xlnx-dpdma")
> Signed-off-by: Alexandra Diupina <adiup...@astralinux.ru>
> ---
> v4: remove rewriting desc in place
> v3: add xlnx_dpdma_write_descriptor()
> v2: minor changes in xlnx_dpdma_read_descriptor()
> hw/dma/xlnx_dpdma.c | 63 ++++++++++++++++++++++++++++++++++++++++++---
> 1 file changed, 59 insertions(+), 4 deletions(-)
>
> diff --git a/hw/dma/xlnx_dpdma.c b/hw/dma/xlnx_dpdma.c
> index 1f5cd64ed1..e9133e9dcb 100644
> --- a/hw/dma/xlnx_dpdma.c
> +++ b/hw/dma/xlnx_dpdma.c
> @@ -614,6 +614,63 @@ static void xlnx_dpdma_register_types(void)
> type_register_static(&xlnx_dpdma_info);
> }
>
> +static MemTxResult xlnx_dpdma_read_descriptor(XlnxDPDMAState *s,
> + uint64_t desc_addr, DPDMADescriptor
> *desc)
> +{
> + if (dma_memory_read(&address_space_memory, desc_addr, &desc,
> + sizeof(DPDMADescriptor),
> MEMTXATTRS_UNSPECIFIED)) {
> + return MEMTX_ERROR;
You should return the return value you got from dma_memory_read() here.
> + }
> +
> + /* Convert from LE into host endianness. */
> + desc->control = le32_to_cpu(desc->control);
> + desc->descriptor_id = le32_to_cpu(desc->descriptor_id);
> + desc->xfer_size = le32_to_cpu(desc->xfer_size);
> + desc->line_size_stride = le32_to_cpu(desc->line_size_stride);
> + desc->timestamp_lsb = le32_to_cpu(desc->timestamp_lsb);
> + desc->timestamp_msb = le32_to_cpu(desc->timestamp_msb);
> + desc->address_extension = le32_to_cpu(desc->address_extension);
> + desc->next_descriptor = le32_to_cpu(desc->next_descriptor);
> + desc->source_address = le32_to_cpu(desc->source_address);
> + desc->address_extension_23 = le32_to_cpu(desc->address_extension_23);
> + desc->address_extension_45 = le32_to_cpu(desc->address_extension_45);
> + desc->source_address2 = le32_to_cpu(desc->source_address2);
> + desc->source_address3 = le32_to_cpu(desc->source_address3);
> + desc->source_address4 = le32_to_cpu(desc->source_address4);
> + desc->source_address5 = le32_to_cpu(desc->source_address5);
> + desc->crc = le32_to_cpu(desc->crc);
> +
> + return MEMTX_OK;
> +}
> +
> +static void xlnx_dpdma_write_descriptor(uint64_t desc_addr,
> + DPDMADescriptor *desc)
> +{
> + DPDMADescriptor* tmp_desc = (DPDMADescriptor
> *)malloc(sizeof(DPDMADescriptor));
> + memcpy(tmp_desc, desc, sizeof(desc));
The descriptor structure is not very big, we don't need to malloc it.
So we can do:
DPDMADescriptor tmp_desc = *desc;
(adjusting the code below to match).
> +
> + /* Convert from host endianness into LE. */
> + tmp_desc->control = cpu_to_le32(tmp_desc->control);
> + tmp_desc->descriptor_id = cpu_to_le32(tmp_desc->descriptor_id);
> + tmp_desc->xfer_size = cpu_to_le32(tmp_desc->xfer_size);
> + tmp_desc->line_size_stride = cpu_to_le32(tmp_desc->line_size_stride);
> + tmp_desc->timestamp_lsb = cpu_to_le32(tmp_desc->timestamp_lsb);
> + tmp_desc->timestamp_msb = cpu_to_le32(tmp_desc->timestamp_msb);
> + tmp_desc->address_extension = cpu_to_le32(tmp_desc->address_extension);
> + tmp_desc->next_descriptor = cpu_to_le32(tmp_desc->next_descriptor);
> + tmp_desc->source_address = cpu_to_le32(tmp_desc->source_address);
> + tmp_desc->address_extension_23 =
> cpu_to_le32(tmp_desc->address_extension_23);
> + tmp_desc->address_extension_45 =
> cpu_to_le32(tmp_desc->address_extension_45);
> + tmp_desc->source_address2 = cpu_to_le32(tmp_desc->source_address2);
> + tmp_desc->source_address3 = cpu_to_le32(tmp_desc->source_address3);
> + tmp_desc->source_address4 = cpu_to_le32(tmp_desc->source_address4);
> + tmp_desc->source_address5 = cpu_to_le32(tmp_desc->source_address5);
> + tmp_desc->crc = cpu_to_le32(tmp_desc->crc);
> +
> + dma_memory_write(&address_space_memory, desc_addr, tmp_desc,
> + sizeof(DPDMADescriptor), MEMTXATTRS_UNSPECIFIED);
I know we don't check the return value at the callsite, but we might
as well do "return dma_memory_write(...)" here.
> +}
> +
> size_t xlnx_dpdma_start_operation(XlnxDPDMAState *s, uint8_t channel,
> bool one_desc)
> {
> @@ -651,8 +708,7 @@ size_t xlnx_dpdma_start_operation(XlnxDPDMAState *s,
> uint8_t channel,
> desc_addr = xlnx_dpdma_descriptor_next_address(s, channel);
> }
>
> - if (dma_memory_read(&address_space_memory, desc_addr, &desc,
> - sizeof(DPDMADescriptor),
> MEMTXATTRS_UNSPECIFIED)) {
> + if (xlnx_dpdma_read_descriptor(s, desc_addr, &desc)) {
> s->registers[DPDMA_EISR] |= ((1 << 1) << channel);
> xlnx_dpdma_update_irq(s);
> s->operation_finished[channel] = true;
> @@ -755,8 +811,7 @@ size_t xlnx_dpdma_start_operation(XlnxDPDMAState *s,
> uint8_t channel,
> /* The descriptor need to be updated when it's completed. */
> DPRINTF("update the descriptor with the done flag set.\n");
> xlnx_dpdma_desc_set_done(&desc);
> - dma_memory_write(&address_space_memory, desc_addr, &desc,
> - sizeof(DPDMADescriptor),
> MEMTXATTRS_UNSPECIFIED);
> + xlnx_dpdma_write_descriptor(desc_addr, &desc);
> }
>
> if (xlnx_dpdma_desc_completion_interrupt(&desc)) {
> --
> 2.30.2
thanks
-- PMM
