scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952)
[qemu.git] / target-xtensa / cpu.c
1 /*
2 * QEMU Xtensa CPU
3 *
4 * Copyright (c) 2011, Max Filippov, Open Source and Linux Lab.
5 * Copyright (c) 2012 SUSE LINUX Products GmbH
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
10 * * Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * * Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * * Neither the name of the Open Source and Linux Lab nor the
16 * names of its contributors may be used to endorse or promote products
17 * derived from this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
23 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 #include "qemu/osdep.h"
32 #include "qapi/error.h"
33 #include "cpu.h"
34 #include "qemu-common.h"
35 #include "migration/vmstate.h"
36 #include "exec/exec-all.h"
37
38
39 static void xtensa_cpu_set_pc(CPUState *cs, vaddr value)
40 {
41 XtensaCPU *cpu = XTENSA_CPU(cs);
42
43 cpu->env.pc = value;
44 }
45
46 static bool xtensa_cpu_has_work(CPUState *cs)
47 {
48 XtensaCPU *cpu = XTENSA_CPU(cs);
49
50 return cpu->env.pending_irq_level;
51 }
52
53 /* CPUClass::reset() */
54 static void xtensa_cpu_reset(CPUState *s)
55 {
56 XtensaCPU *cpu = XTENSA_CPU(s);
57 XtensaCPUClass *xcc = XTENSA_CPU_GET_CLASS(cpu);
58 CPUXtensaState *env = &cpu->env;
59
60 xcc->parent_reset(s);
61
62 env->exception_taken = 0;
63 env->pc = env->config->exception_vector[EXC_RESET];
64 env->sregs[LITBASE] &= ~1;
65 env->sregs[PS] = xtensa_option_enabled(env->config,
66 XTENSA_OPTION_INTERRUPT) ? 0x1f : 0x10;
67 env->sregs[VECBASE] = env->config->vecbase;
68 env->sregs[IBREAKENABLE] = 0;
69 env->sregs[CACHEATTR] = 0x22222222;
70 env->sregs[ATOMCTL] = xtensa_option_enabled(env->config,
71 XTENSA_OPTION_ATOMCTL) ? 0x28 : 0x15;
72 env->sregs[CONFIGID0] = env->config->configid[0];
73 env->sregs[CONFIGID1] = env->config->configid[1];
74
75 env->pending_irq_level = 0;
76 reset_mmu(env);
77 }
78
79 static ObjectClass *xtensa_cpu_class_by_name(const char *cpu_model)
80 {
81 ObjectClass *oc;
82 char *typename;
83
84 if (cpu_model == NULL) {
85 return NULL;
86 }
87
88 typename = g_strdup_printf("%s-" TYPE_XTENSA_CPU, cpu_model);
89 oc = object_class_by_name(typename);
90 g_free(typename);
91 if (oc == NULL || !object_class_dynamic_cast(oc, TYPE_XTENSA_CPU) ||
92 object_class_is_abstract(oc)) {
93 return NULL;
94 }
95 return oc;
96 }
97
98 static void xtensa_cpu_realizefn(DeviceState *dev, Error **errp)
99 {
100 CPUState *cs = CPU(dev);
101 XtensaCPUClass *xcc = XTENSA_CPU_GET_CLASS(dev);
102
103 cs->gdb_num_regs = xcc->config->gdb_regmap.num_regs;
104
105 qemu_init_vcpu(cs);
106
107 xcc->parent_realize(dev, errp);
108 }
109
110 static void xtensa_cpu_initfn(Object *obj)
111 {
112 CPUState *cs = CPU(obj);
113 XtensaCPU *cpu = XTENSA_CPU(obj);
114 XtensaCPUClass *xcc = XTENSA_CPU_GET_CLASS(obj);
115 CPUXtensaState *env = &cpu->env;
116 static bool tcg_inited;
117
118 cs->env_ptr = env;
119 env->config = xcc->config;
120 cpu_exec_init(cs, &error_abort);
121
122 if (tcg_enabled() && !tcg_inited) {
123 tcg_inited = true;
124 xtensa_translate_init();
125 }
126 }
127
128 static const VMStateDescription vmstate_xtensa_cpu = {
129 .name = "cpu",
130 .unmigratable = 1,
131 };
132
133 static void xtensa_cpu_class_init(ObjectClass *oc, void *data)
134 {
135 DeviceClass *dc = DEVICE_CLASS(oc);
136 CPUClass *cc = CPU_CLASS(oc);
137 XtensaCPUClass *xcc = XTENSA_CPU_CLASS(cc);
138
139 xcc->parent_realize = dc->realize;
140 dc->realize = xtensa_cpu_realizefn;
141
142 xcc->parent_reset = cc->reset;
143 cc->reset = xtensa_cpu_reset;
144
145 cc->class_by_name = xtensa_cpu_class_by_name;
146 cc->has_work = xtensa_cpu_has_work;
147 cc->do_interrupt = xtensa_cpu_do_interrupt;
148 cc->cpu_exec_interrupt = xtensa_cpu_exec_interrupt;
149 cc->dump_state = xtensa_cpu_dump_state;
150 cc->set_pc = xtensa_cpu_set_pc;
151 cc->gdb_read_register = xtensa_cpu_gdb_read_register;
152 cc->gdb_write_register = xtensa_cpu_gdb_write_register;
153 cc->gdb_stop_before_watchpoint = true;
154 #ifndef CONFIG_USER_ONLY
155 cc->do_unaligned_access = xtensa_cpu_do_unaligned_access;
156 cc->get_phys_page_debug = xtensa_cpu_get_phys_page_debug;
157 cc->do_unassigned_access = xtensa_cpu_do_unassigned_access;
158 #endif
159 cc->debug_excp_handler = xtensa_breakpoint_handler;
160 dc->vmsd = &vmstate_xtensa_cpu;
161
162 /*
163 * Reason: xtensa_cpu_initfn() calls cpu_exec_init(), which saves
164 * the object in cpus -> dangling pointer after final
165 * object_unref().
166 */
167 dc->cannot_destroy_with_object_finalize_yet = true;
168 }
169
170 static const TypeInfo xtensa_cpu_type_info = {
171 .name = TYPE_XTENSA_CPU,
172 .parent = TYPE_CPU,
173 .instance_size = sizeof(XtensaCPU),
174 .instance_init = xtensa_cpu_initfn,
175 .abstract = true,
176 .class_size = sizeof(XtensaCPUClass),
177 .class_init = xtensa_cpu_class_init,
178 };
179
180 static void xtensa_cpu_register_types(void)
181 {
182 type_register_static(&xtensa_cpu_type_info);
183 }
184
185 type_init(xtensa_cpu_register_types)