On Thu, Oct 27, 2016 at 12:24 PM, P J P <[email protected]> wrote: > From: Prasad J Pandit <[email protected]> > > The Cadence UART device emulator calculates speed by dividing the > baud rate by a 'baud rate generator' & 'baud rate divider' value. > The device specification defines these register values to be > non-zero and within certain limits. Add checks for these limits > to avoid errors like divide by zero. > > Reported-by: Huawei PSIRT <[email protected]> > Signed-off-by: Prasad J Pandit <[email protected]>
This looks good to me. I'll spin up a new patch for the migration fix next week (I won't have time today). Reviewed-by: Alistair Francis <[email protected]> Thanks, Alistair > --- > hw/char/cadence_uart.c | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > > Update: remove default reset value assignment. > -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg07206.html > > diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c > index e3bc52f..4a3c4c6 100644 > --- a/hw/char/cadence_uart.c > +++ b/hw/char/cadence_uart.c > @@ -1,6 +1,11 @@ > /* > * Device model for Cadence UART > * > + * Reference: Xilinx Zynq 7000 reference manual > + * - > http://www.xilinx.com/support/documentation/user_guides/ug585-Zynq-7000-TRM.pdf > + * - Chapter 19 UART Controller > + * - Appendix B for Register details > + * > * Copyright (c) 2010 Xilinx Inc. > * Copyright (c) 2012 Peter A.G. Crosthwaite > ([email protected]) > * Copyright (c) 2012 PetaLogix Pty Ltd. > @@ -410,6 +415,16 @@ static void uart_write(void *opaque, hwaddr offset, > break; > } > break; > + case R_BRGR: /* Baud rate generator */ > + if (value >= 0x01) { > + s->r[offset] = value & 0xFFFF; > + } > + break; > + case R_BDIV: /* Baud rate divider */ > + if (value >= 0x04) { > + s->r[offset] = value & 0xFF; > + } > + break; > default: > s->r[offset] = value; > } > -- > 2.7.4 > >
