Re: [PATCH v2] hw/misc/bcm2835_thermal: Fix access size handling in bcm2835_thermal_ops

Tue, 02 Jul 2024 08:51:31 -0700 

On 2/7/24 17:40, Zheyu Ma wrote:

The current implementation of bcm2835_thermal_ops sets
impl.max_access_size and valid.min_access_size to 4, but leaves
impl.min_access_size and valid.max_access_size unset, defaulting to 1.
This causes issues when the memory system is presented with an access
of size 2 at an offset of 3, leading to an attempt to synthesize it as
a pair of byte accesses at offsets 3 and 4, which trips an assert.

Additionally, the lack of valid.max_access_size setting causes another
issue: the memory system tries to synthesize a read using a 4-byte
access at offset 3 even though the device doesn't allow unaligned
accesses.

This patch addresses these issues by explicitly setting both
impl.min_access_size and valid.max_access_size to 4, ensuring proper
handling of access sizes.

Error log:
ERROR:hw/misc/bcm2835_thermal.c:55:bcm2835_thermal_read: code should not be 
reached
Bail out! ERROR:hw/misc/bcm2835_thermal.c:55:bcm2835_thermal_read: code should 
not be reached
Aborted

Reproducer:
cat << EOF | qemu-system-aarch64 -display \
none -machine accel=qtest, -m 512M -machine raspi3b -m 1G -qtest stdio
readw 0x3f212003
EOF



Suggested-by: Peter Maydell <peter.mayd...@linaro.org>


Signed-off-by: Zheyu Ma <zheyum...@gmail.com>
---
Changes in v2:
- Added .valid.min_access_size and .valid.max_access_size settings
   to ensure proper handling of valid access sizes.
---
  hw/misc/bcm2835_thermal.c | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/hw/misc/bcm2835_thermal.c b/hw/misc/bcm2835_thermal.c
index ee7816b8a5..0c49c088a7 100644
--- a/hw/misc/bcm2835_thermal.c
+++ b/hw/misc/bcm2835_thermal.c
@@ -80,8 +80,10 @@ static void bcm2835_thermal_write(void *opaque, hwaddr addr,
  static const MemoryRegionOps bcm2835_thermal_ops = {
      .read = bcm2835_thermal_read,
      .write = bcm2835_thermal_write,
+    .impl.min_access_size = 4,


Personally I consider accepting access of

  .valid.min_access_size > .impl.min_access_size

as a bug in the memory core layer, whether being
unaligned or not.


      .impl.max_access_size = 4,
      .valid.min_access_size = 4,
+    .valid.max_access_size = 4,
      .endianness = DEVICE_NATIVE_ENDIAN,
  };

Reply via email to