scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952)
[qemu.git] / target-xtensa / gdbstub.c
1 /*
2 * Xtensa gdb server stub
3 *
4 * Copyright (c) 2003-2005 Fabrice Bellard
5 * Copyright (c) 2013 SUSE LINUX Products GmbH
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 */
20 #include "qemu/osdep.h"
21 #include "qemu-common.h"
22 #include "cpu.h"
23 #include "exec/gdbstub.h"
24 #include "qemu/log.h"
25
26 int xtensa_cpu_gdb_read_register(CPUState *cs, uint8_t *mem_buf, int n)
27 {
28 XtensaCPU *cpu = XTENSA_CPU(cs);
29 CPUXtensaState *env = &cpu->env;
30 const XtensaGdbReg *reg = env->config->gdb_regmap.reg + n;
31 unsigned i;
32
33 if (n < 0 || n >= env->config->gdb_regmap.num_regs) {
34 return 0;
35 }
36
37 switch (reg->type) {
38 case 9: /*pc*/
39 return gdb_get_reg32(mem_buf, env->pc);
40
41 case 1: /*ar*/
42 xtensa_sync_phys_from_window(env);
43 return gdb_get_reg32(mem_buf, env->phys_regs[(reg->targno & 0xff)
44 % env->config->nareg]);
45
46 case 2: /*SR*/
47 return gdb_get_reg32(mem_buf, env->sregs[reg->targno & 0xff]);
48
49 case 3: /*UR*/
50 return gdb_get_reg32(mem_buf, env->uregs[reg->targno & 0xff]);
51
52 case 4: /*f*/
53 i = reg->targno & 0x0f;
54 switch (reg->size) {
55 case 4:
56 return gdb_get_reg32(mem_buf,
57 float32_val(env->fregs[i].f32[FP_F32_LOW]));
58 case 8:
59 return gdb_get_reg64(mem_buf, float64_val(env->fregs[i].f64));
60 default:
61 return 0;
62 }
63
64 case 8: /*a*/
65 return gdb_get_reg32(mem_buf, env->regs[reg->targno & 0x0f]);
66
67 default:
68 qemu_log_mask(LOG_UNIMP, "%s from reg %d of unsupported type %d\n",
69 __func__, n, reg->type);
70 return 0;
71 }
72 }
73
74 int xtensa_cpu_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n)
75 {
76 XtensaCPU *cpu = XTENSA_CPU(cs);
77 CPUXtensaState *env = &cpu->env;
78 uint32_t tmp;
79 const XtensaGdbReg *reg = env->config->gdb_regmap.reg + n;
80
81 if (n < 0 || n >= env->config->gdb_regmap.num_regs) {
82 return 0;
83 }
84
85 tmp = ldl_p(mem_buf);
86
87 switch (reg->type) {
88 case 9: /*pc*/
89 env->pc = tmp;
90 break;
91
92 case 1: /*ar*/
93 env->phys_regs[(reg->targno & 0xff) % env->config->nareg] = tmp;
94 xtensa_sync_window_from_phys(env);
95 break;
96
97 case 2: /*SR*/
98 env->sregs[reg->targno & 0xff] = tmp;
99 break;
100
101 case 3: /*UR*/
102 env->uregs[reg->targno & 0xff] = tmp;
103 break;
104
105 case 4: /*f*/
106 switch (reg->size) {
107 case 4:
108 env->fregs[reg->targno & 0x0f].f32[FP_F32_LOW] = make_float32(tmp);
109 return 4;
110 case 8:
111 env->fregs[reg->targno & 0x0f].f64 = make_float64(tmp);
112 return 8;
113 default:
114 return 0;
115 }
116
117 case 8: /*a*/
118 env->regs[reg->targno & 0x0f] = tmp;
119 break;
120
121 default:
122 qemu_log_mask(LOG_UNIMP, "%s to reg %d of unsupported type %d\n",
123 __func__, n, reg->type);
124 return 0;
125 }
126
127 return 4;
128 }