From 6aa786b145f484ed6e2e8a1a5089ad6e150306a8 Mon Sep 17 00:00:00 2001 From: Sana Sharm Date: Fri, 3 Jan 2025 13:27:20 -0500 Subject: [PATCH 19/19] hw/char/pl011: Use correct masks for IBRD and FBRD MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: sansshar RH-MergeRequest: 310: hw/char/pl011: Use correct masks for IBRD and FBRD RH-Jira: RHEL-67107 RH-Acked-by: Miroslav Rezanina RH-Commit: [1/1] 4c7174da1dff8de3d7e2d88d84973eb69d6fc28a (sansshar/qemu-kvm-centos) Brew build id: 5098441 In commit b88cfee90268cad we defined masks for the IBRD and FBRD integer and fractional baud rate divider registers, to prevent the guest from writing invalid values which could cause division-by-zero. Unfortunately we got the mask values the wrong way around: the FBRD register is six bits and the IBRD register is 16 bits, not vice-versa. You would only run into this bug if you programmed the UART to a baud rate of less than 9600, because for 9600 baud and above the IBRD value will fit into 6 bits, as per the table in https://developer.arm.com/documentation/ddi0183/g/programmers-model/register-descriptions/fractional-baud-rate-register--uartfbrd The only visible effects would be that the value read back from the register by the guest would be truncated, and we would print an incorrect baud rate in the debug logs. Cc: qemu-stable@nongnu.org Fixes: b88cfee90268 ("hw/char/pl011: Avoid division-by-zero in pl011_get_baudrate()") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2610 Signed-off-by: Peter Maydell Reviewed-by: Alex Bennée Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Gavin Shan Message-id: 20241007144732.2491331-1-peter.maydell@linaro.org (cherry picked from commit cd247eae16ab1b9ce97fd34c000c1b883feeda45) Signed-off-by: Sana Sharma Changes to be committed: modified: hw/char/pl011.c --- hw/char/pl011.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/char/pl011.c b/hw/char/pl011.c index f8078aa216..949e9d0e0d 100644 --- a/hw/char/pl011.c +++ b/hw/char/pl011.c @@ -88,10 +88,10 @@ DeviceState *pl011_create(hwaddr addr, qemu_irq irq, Chardev *chr) #define CR_LBE (1 << 7) /* Integer Baud Rate Divider, UARTIBRD */ -#define IBRD_MASK 0x3f +#define IBRD_MASK 0xffff /* Fractional Baud Rate Divider, UARTFBRD */ -#define FBRD_MASK 0xffff +#define FBRD_MASK 0x3f static const unsigned char pl011_id_arm[8] = { 0x11, 0x10, 0x14, 0x00, 0x0d, 0xf0, 0x05, 0xb1 }; -- 2.39.3