From 5646bca36efe97a072550b783f62c7a164fe6ceb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Fri, 14 Feb 2020 01:12:58 +0100 Subject: [PATCH 1/9] hw/display/artist: Move trace event to draw_line() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of emitting the trace event before each call to draw_line(), call it once at draw_line() entrance. Signed-off-by: Philippe Mathieu-Daudé Acked-by: Sven Schnelle Message-Id: <20200214001303.12873-2-f4bug@amsat.org> Signed-off-by: Richard Henderson --- hw/display/artist.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/hw/display/artist.c b/hw/display/artist.c index 65be9e3554..abacb0e27d 100644 --- a/hw/display/artist.c +++ b/hw/display/artist.c @@ -563,6 +563,7 @@ static void draw_line(ARTISTState *s, int x1, int y1, int x2, int y2, bool c1; uint8_t *p; + trace_artist_draw_line(x1, y1, x2, y2); if (update_start) { s->vram_start = (x2 << 16) | y2; @@ -654,7 +655,6 @@ static void draw_line_pattern_start(ARTISTState *s) int endy = artist_get_y(s->blockmove_size); int pstart = s->line_pattern_start >> 16; - trace_artist_draw_line(startx, starty, endx, endy); draw_line(s, startx, starty, endx, endy, false, -1, pstart); s->line_pattern_skip = pstart; } @@ -668,7 +668,6 @@ static void draw_line_pattern_next(ARTISTState *s) int endy = artist_get_y(s->blockmove_size); int line_xy = s->line_xy >> 16; - trace_artist_draw_line(startx, starty, endx, endy); draw_line(s, startx, starty, endx, endy, false, s->line_pattern_skip, s->line_pattern_skip + line_xy); s->line_pattern_skip += line_xy; @@ -683,7 +682,6 @@ static void draw_line_size(ARTISTState *s, bool update_start) int endx = artist_get_x(s->line_size); int endy = artist_get_y(s->line_size); - trace_artist_draw_line(startx, starty, endx, endy); draw_line(s, startx, starty, endx, endy, update_start, -1, -1); } @@ -743,7 +741,6 @@ static void draw_line_xy(ARTISTState *s, bool update_start) return; } - trace_artist_draw_line(startx, starty, endx, endy); draw_line(s, startx, starty, endx, endy, false, -1, -1); } @@ -755,7 +752,6 @@ static void draw_line_end(ARTISTState *s, bool update_start) int endx = artist_get_x(s->line_end); int endy = artist_get_y(s->line_end); - trace_artist_draw_line(startx, starty, endx, endy); draw_line(s, startx, starty, endx, endy, update_start, -1, -1); } From 6c69f9c48e29376f16965f6e8ea9e1d01f368950 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Fri, 14 Feb 2020 01:12:59 +0100 Subject: [PATCH 2/9] hw/display/artist: Remove pointless initialization MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We are initializating incy inconditionally: if (y1 <= y2) { incy = 1; } else { incy = -1; } Signed-off-by: Philippe Mathieu-Daudé Acked-by: Sven Schnelle Message-Id: <20200214001303.12873-3-f4bug@amsat.org> Signed-off-by: Richard Henderson --- hw/display/artist.c | 1 - 1 file changed, 1 deletion(-) diff --git a/hw/display/artist.c b/hw/display/artist.c index abacb0e27d..47f0e9f0bc 100644 --- a/hw/display/artist.c +++ b/hw/display/artist.c @@ -572,7 +572,6 @@ static void draw_line(ARTISTState *s, int x1, int y1, int x2, int y2, buf = &s->vram_buffer[ARTIST_BUFFER_AP]; c1 = false; - incy = 1; if (x2 > x1) { dx = x2 - x1; From 0814343ce294b4dff780f6e8b6baa1acb1dc7ef8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Fri, 14 Feb 2020 01:13:00 +0100 Subject: [PATCH 3/9] hw/display/artist: Delay some variables initialization MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We want to have an early exit path. Delay some initializations before the variables are used. Signed-off-by: Philippe Mathieu-Daudé Acked-by: Sven Schnelle Message-Id: <20200214001303.12873-4-f4bug@amsat.org> Signed-off-by: Richard Henderson --- hw/display/artist.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/hw/display/artist.c b/hw/display/artist.c index 47f0e9f0bc..97c811b35e 100644 --- a/hw/display/artist.c +++ b/hw/display/artist.c @@ -558,7 +558,7 @@ static void draw_line(ARTISTState *s, int x1, int y1, int x2, int y2, bool update_start, int skip_pix, int max_pix) { struct vram_buffer *buf; - uint8_t color = artist_get_color(s); + uint8_t color; int dx, dy, t, e, x, y, incy, diago, horiz; bool c1; uint8_t *p; @@ -569,10 +569,6 @@ static void draw_line(ARTISTState *s, int x1, int y1, int x2, int y2, s->vram_start = (x2 << 16) | y2; } - buf = &s->vram_buffer[ARTIST_BUFFER_AP]; - - c1 = false; - if (x2 > x1) { dx = x2 - x1; } else { @@ -583,6 +579,8 @@ static void draw_line(ARTISTState *s, int x1, int y1, int x2, int y2, } else { dy = y1 - y2; } + + c1 = false; if (dy > dx) { t = y2; y2 = x2; @@ -620,6 +618,8 @@ static void draw_line(ARTISTState *s, int x1, int y1, int x2, int y2, } x = x1; y = y1; + color = artist_get_color(s); + buf = &s->vram_buffer[ARTIST_BUFFER_AP]; do { if (c1) { From b0f6455feac97e41045ee394e11c24d92c370f6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Fri, 14 Feb 2020 01:13:01 +0100 Subject: [PATCH 4/9] hw/display/artist: Avoid drawing line when nothing to display MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20200214001303.12873-5-f4bug@amsat.org> Signed-off-by: Richard Henderson --- hw/display/artist.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/display/artist.c b/hw/display/artist.c index 97c811b35e..5492079116 100644 --- a/hw/display/artist.c +++ b/hw/display/artist.c @@ -579,6 +579,9 @@ static void draw_line(ARTISTState *s, int x1, int y1, int x2, int y2, } else { dy = y1 - y2; } + if (!dx || !dy) { + return; + } c1 = false; if (dy > dx) { From eb9b2ee8f68e1cb1f6b7cb6dee0c86492fae2f30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Fri, 14 Feb 2020 01:13:02 +0100 Subject: [PATCH 5/9] hw/display/artist: Remove dead code (CID 1419388 & 1419389) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Coverity reports: *** CID 1419388: Control flow issues (DEADCODE) /hw/display/artist.c: 739 in draw_line_xy() 733 if (endy < 0) { 734 endy = 0; 735 } 736 737 738 if (endx < 0) { >>> CID 1419388: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "return;". 739 return; 740 } 741 742 if (endy < 0) { 743 return; 744 } *** CID 1419389: Control flow issues (DEADCODE) /hw/display/artist.c: 743 in draw_line_xy() 737 738 if (endx < 0) { 739 return; 740 } 741 742 if (endy < 0) { >>> CID 1419389: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "return;". 743 return; 744 } 745 746 trace_artist_draw_line(startx, starty, endx, endy); 747 draw_line(s, startx, starty, endx, endy, false, -1, -1); 748 } Fixes: Covertiy CID 1419388 and 1419389 (commit 4765384ce33) Signed-off-by: Philippe Mathieu-Daudé Acked-by: Sven Schnelle Message-Id: <20200214001303.12873-6-f4bug@amsat.org> Signed-off-by: Richard Henderson --- hw/display/artist.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/hw/display/artist.c b/hw/display/artist.c index 5492079116..753dbb9a77 100644 --- a/hw/display/artist.c +++ b/hw/display/artist.c @@ -734,15 +734,6 @@ static void draw_line_xy(ARTISTState *s, bool update_start) endy = 0; } - - if (endx < 0) { - return; - } - - if (endy < 0) { - return; - } - draw_line(s, startx, starty, endx, endy, false, -1, -1); } From 422a26489e6b7371ad7ef615252340f7b4992933 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 18 Feb 2020 07:33:52 +0100 Subject: [PATCH 6/9] hw/hppa/dino: Add comments with register name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a comment with the name of each register in the 0x800-0x8ff range. Acked-by: Helge Deller Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20200218063355.18577-2-f4bug@amsat.org> Signed-off-by: Richard Henderson --- hw/hppa/dino.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c index 9797a7f0d9..c237ad3b1b 100644 --- a/hw/hppa/dino.c +++ b/hw/hppa/dino.c @@ -85,18 +85,18 @@ #define DINO800_REGS ((DINO_TLTIM - DINO_GMASK) / 4) static const uint32_t reg800_keep_bits[DINO800_REGS] = { - MAKE_64BIT_MASK(0, 1), - MAKE_64BIT_MASK(0, 7), - MAKE_64BIT_MASK(0, 7), - MAKE_64BIT_MASK(0, 8), - MAKE_64BIT_MASK(0, 7), - MAKE_64BIT_MASK(0, 9), - MAKE_64BIT_MASK(0, 32), - MAKE_64BIT_MASK(0, 8), - MAKE_64BIT_MASK(0, 30), - MAKE_64BIT_MASK(0, 25), - MAKE_64BIT_MASK(0, 22), - MAKE_64BIT_MASK(0, 9), + MAKE_64BIT_MASK(0, 1), /* GMASK */ + MAKE_64BIT_MASK(0, 7), /* PAMR */ + MAKE_64BIT_MASK(0, 7), /* PAPR */ + MAKE_64BIT_MASK(0, 8), /* DAMODE */ + MAKE_64BIT_MASK(0, 7), /* PCICMD */ + MAKE_64BIT_MASK(0, 9), /* PCISTS */ + MAKE_64BIT_MASK(0, 32), /* Undefined */ + MAKE_64BIT_MASK(0, 8), /* MLTIM */ + MAKE_64BIT_MASK(0, 30), /* BRDG_FEAT */ + MAKE_64BIT_MASK(0, 25), /* PCIROR */ + MAKE_64BIT_MASK(0, 22), /* PCIWOR */ + MAKE_64BIT_MASK(0, 9), /* TLTIM */ }; typedef struct DinoState { From 6e4ed42397ff24521c1e6fb810d66fc40b190f4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 18 Feb 2020 07:33:53 +0100 Subject: [PATCH 7/9] hw/hppa/dino: Fix reg800_keep_bits overrun (CID 1419387 1419393 1419394) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Coverity reports: *** CID 1419387: Memory - illegal accesses (OVERRUN) /hw/hppa/dino.c: 267 in dino_chip_read_with_attrs() 261 val = s->ilr & s->imr & s->icr; 262 break; 263 case DINO_TOC_ADDR: 264 val = s->toc_addr; 265 break; 266 case DINO_GMASK ... DINO_TLTIM: >>> CID 1419387: Memory - illegal accesses (OVERRUN) >>> Overrunning array "s->reg800" of 12 4-byte elements at element index 12 (byte offset 48) using index "(addr - 2048UL) / 4UL" (which evaluates to 12). 267 val = s->reg800[(addr - DINO_GMASK) / 4]; 268 if (addr == DINO_PAMR) { 269 val &= ~0x01; /* LSB is hardwired to 0 */ 270 } 271 if (addr == DINO_MLTIM) { 272 val &= ~0x07; /* 3 LSB are hardwired to 0 */ *** CID 1419393: Memory - corruptions (OVERRUN) /hw/hppa/dino.c: 363 in dino_chip_write_with_attrs() 357 /* These registers are read-only. */ 358 break; 359 360 case DINO_GMASK ... DINO_TLTIM: 361 i = (addr - DINO_GMASK) / 4; 362 val &= reg800_keep_bits[i]; >>> CID 1419393: Memory - corruptions (OVERRUN) >>> Overrunning array "s->reg800" of 12 4-byte elements at element index 12 (byte offset 48) using index "i" (which evaluates to 12). 363 s->reg800[i] = val; 364 break; 365 366 default: 367 /* Controlled by dino_chip_mem_valid above. */ 368 g_assert_not_reached(); *** CID 1419394: Memory - illegal accesses (OVERRUN) /hw/hppa/dino.c: 362 in dino_chip_write_with_attrs() 356 case DINO_IRR1: 357 /* These registers are read-only. */ 358 break; 359 360 case DINO_GMASK ... DINO_TLTIM: 361 i = (addr - DINO_GMASK) / 4; >>> CID 1419394: Memory - illegal accesses (OVERRUN) >>> Overrunning array "reg800_keep_bits" of 12 4-byte elements at element index 12 (byte offset 48) using index "i" (which evaluates to 12). 362 val &= reg800_keep_bits[i]; 363 s->reg800[i] = val; 364 break; 365 366 default: 367 /* Controlled by dino_chip_mem_valid above. */ Indeed the array should contain 13 entries, the undocumented register 0x82c is missing. Fix by increasing the array size and adding the missing register. CID 1419387 can be verified with: $ echo x 0xfff80830 | hppa-softmmu/qemu-system-hppa -S -monitor stdio -display none QEMU 4.2.50 monitor - type 'help' for more information (qemu) x 0xfff80830 qemu/hw/hppa/dino.c:267:15: runtime error: index 12 out of bounds for type 'uint32_t [12]' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/phil/source/qemu/hw/hppa/dino.c:267:15 in 00000000fff80830: 0x00000000 and CID 1419393/1419394 with: $ echo writeb 0xfff80830 0x69 \ | hppa-softmmu/qemu-system-hppa -S -accel qtest -qtest stdio -display none [I 1581634452.654113] OPENED [R +4.105415] writeb 0xfff80830 0x69 qemu/hw/hppa/dino.c:362:16: runtime error: index 12 out of bounds for type 'const uint32_t [12]' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior qemu/hw/hppa/dino.c:362:16 in ================================================================= ==29607==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5577dae32f30 at pc 0x5577d93f2463 bp 0x7ffd97ea11b0 sp 0x7ffd97ea11a8 READ of size 4 at 0x5577dae32f30 thread T0 #0 0x5577d93f2462 in dino_chip_write_with_attrs qemu/hw/hppa/dino.c:362:16 #1 0x5577d9025664 in memory_region_write_with_attrs_accessor qemu/memory.c:503:12 #2 0x5577d9024920 in access_with_adjusted_size qemu/memory.c:539:18 #3 0x5577d9023608 in memory_region_dispatch_write qemu/memory.c:1482:13 #4 0x5577d8e3177a in flatview_write_continue qemu/exec.c:3166:23 #5 0x5577d8e20357 in flatview_write qemu/exec.c:3206:14 #6 0x5577d8e1fef4 in address_space_write qemu/exec.c:3296:18 #7 0x5577d8e20693 in address_space_rw qemu/exec.c:3306:16 #8 0x5577d9011595 in qtest_process_command qemu/qtest.c:432:13 #9 0x5577d900d19f in qtest_process_inbuf qemu/qtest.c:705:9 #10 0x5577d900ca22 in qtest_read qemu/qtest.c:717:5 #11 0x5577da8c4254 in qemu_chr_be_write_impl qemu/chardev/char.c:183:9 #12 0x5577da8c430c in qemu_chr_be_write qemu/chardev/char.c:195:9 #13 0x5577da8cf587 in fd_chr_read qemu/chardev/char-fd.c:68:9 #14 0x5577da9836cd in qio_channel_fd_source_dispatch qemu/io/channel-watch.c:84:12 #15 0x7faf44509ecc in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x4fecc) #16 0x5577dab75f96 in glib_pollfds_poll qemu/util/main-loop.c:219:9 #17 0x5577dab74797 in os_host_main_loop_wait qemu/util/main-loop.c:242:5 #18 0x5577dab7435a in main_loop_wait qemu/util/main-loop.c:518:11 #19 0x5577d9514eb3 in main_loop qemu/vl.c:1682:9 #20 0x5577d950699d in main qemu/vl.c:4450:5 #21 0x7faf41a87f42 in __libc_start_main (/lib64/libc.so.6+0x23f42) #22 0x5577d8cd4d4d in _start (qemu/build/sanitizer/hppa-softmmu/qemu-system-hppa+0x1256d4d) 0x5577dae32f30 is located 0 bytes to the right of global variable 'reg800_keep_bits' defined in 'qemu/hw/hppa/dino.c:87:23' (0x5577dae32f00) of size 48 SUMMARY: AddressSanitizer: global-buffer-overflow qemu/hw/hppa/dino.c:362:16 in dino_chip_write_with_attrs Shadow bytes around the buggy address: 0x0aaf7b5be590: 00 f9 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 0x0aaf7b5be5a0: 07 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9 0x0aaf7b5be5b0: 07 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x0aaf7b5be5c0: 00 00 00 02 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x0aaf7b5be5d0: 00 00 00 00 00 00 00 00 00 00 00 03 f9 f9 f9 f9 =>0x0aaf7b5be5e0: 00 00 00 00 00 00[f9]f9 f9 f9 f9 f9 00 00 00 00 0x0aaf7b5be5f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0aaf7b5be600: 00 00 01 f9 f9 f9 f9 f9 00 00 00 00 07 f9 f9 f9 0x0aaf7b5be610: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 0x0aaf7b5be620: 00 00 00 05 f9 f9 f9 f9 00 00 00 00 07 f9 f9 f9 0x0aaf7b5be630: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==29607==ABORTING Fixes: Covertiy CID 1419387 / 1419393 / 1419394 (commit 18092598a5) Acked-by: Helge Deller Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20200218063355.18577-3-f4bug@amsat.org> Signed-off-by: Richard Henderson --- hw/hppa/dino.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c index c237ad3b1b..8868e31793 100644 --- a/hw/hppa/dino.c +++ b/hw/hppa/dino.c @@ -83,7 +83,7 @@ #define DINO_PCI_HOST_BRIDGE(obj) \ OBJECT_CHECK(DinoState, (obj), TYPE_DINO_PCI_HOST_BRIDGE) -#define DINO800_REGS ((DINO_TLTIM - DINO_GMASK) / 4) +#define DINO800_REGS (1 + (DINO_TLTIM - DINO_GMASK) / 4) static const uint32_t reg800_keep_bits[DINO800_REGS] = { MAKE_64BIT_MASK(0, 1), /* GMASK */ MAKE_64BIT_MASK(0, 7), /* PAMR */ @@ -96,6 +96,7 @@ static const uint32_t reg800_keep_bits[DINO800_REGS] = { MAKE_64BIT_MASK(0, 30), /* BRDG_FEAT */ MAKE_64BIT_MASK(0, 25), /* PCIROR */ MAKE_64BIT_MASK(0, 22), /* PCIWOR */ + MAKE_64BIT_MASK(0, 32), /* Undocumented */ MAKE_64BIT_MASK(0, 9), /* TLTIM */ }; From c9cbfebfd08acb34ec2a22b9b971fcca856d44e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 18 Feb 2020 07:33:54 +0100 Subject: [PATCH 8/9] hw/hppa/dino: Fix bitmask for the PCIROR register MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Only 24 bits of the PCIROR register are documented (see pp. 37 of datasheet referenced in this file header). Acked-by: Helge Deller Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20200218063355.18577-4-f4bug@amsat.org> Signed-off-by: Richard Henderson --- hw/hppa/dino.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c index 8868e31793..be799aad43 100644 --- a/hw/hppa/dino.c +++ b/hw/hppa/dino.c @@ -94,7 +94,7 @@ static const uint32_t reg800_keep_bits[DINO800_REGS] = { MAKE_64BIT_MASK(0, 32), /* Undefined */ MAKE_64BIT_MASK(0, 8), /* MLTIM */ MAKE_64BIT_MASK(0, 30), /* BRDG_FEAT */ - MAKE_64BIT_MASK(0, 25), /* PCIROR */ + MAKE_64BIT_MASK(0, 24), /* PCIROR */ MAKE_64BIT_MASK(0, 22), /* PCIWOR */ MAKE_64BIT_MASK(0, 32), /* Undocumented */ MAKE_64BIT_MASK(0, 9), /* TLTIM */ From 90e94c0591687f7f788fc40ac86b5583f30d9513 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 18 Feb 2020 07:33:55 +0100 Subject: [PATCH 9/9] hw/hppa/dino: Do not accept accesses to registers 0x818 and 0x82c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Register 0x818 is documented as 'undefined', and register 0x82c is not documented. Refuse their access. Acked-by: Helge Deller Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20200218063355.18577-5-f4bug@amsat.org> Signed-off-by: Richard Henderson --- hw/hppa/dino.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hw/hppa/dino.c b/hw/hppa/dino.c index be799aad43..2b1b38c58a 100644 --- a/hw/hppa/dino.c +++ b/hw/hppa/dino.c @@ -181,7 +181,9 @@ static bool dino_chip_mem_valid(void *opaque, hwaddr addr, case DINO_IO_ADDR_EN: case DINO_PCI_IO_DATA: case DINO_TOC_ADDR: - case DINO_GMASK ... DINO_TLTIM: + case DINO_GMASK ... DINO_PCISTS: + case DINO_MLTIM ... DINO_PCIWOR: + case DINO_TLTIM: ret = true; break; case DINO_PCI_IO_DATA + 2: