qemu-e2k/hw/gpio
Peter Delevoryas 87bd33e8b0 hw: aspeed_gpio: Fix GPIO array indexing
The gpio array is declared as a dense array:

  qemu_irq gpios[ASPEED_GPIO_NR_PINS];

(AST2500 has 228, AST2400 has 216, AST2600 has 208)

However, this array is used like a matrix of GPIO sets
(e.g. gpio[NR_SETS][NR_PINS_PER_SET] = gpio[8][32])

  size_t offset = set * GPIOS_PER_SET + gpio;
  qemu_set_irq(s->gpios[offset], !!(new & mask));

This can result in an out-of-bounds access to "s->gpios" because the
gpio sets do _not_ have the same length. Some of the groups (e.g.
GPIOAB) only have 4 pins. 228 != 8 * 32 == 256.

To fix this, I converted the gpio array from dense to sparse, to that
match both the hardware layout and this existing indexing code.

Fixes: 4b7f956862 ("hw/gpio: Add basic Aspeed GPIO model for AST2400 and AST2500")
Signed-off-by: Peter Delevoryas <pdel@fb.com>
Message-Id: <20211008033501.934729-2-pdel@fb.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-10-12 08:20:08 +02:00
..
aspeed_gpio.c hw: aspeed_gpio: Fix GPIO array indexing 2021-10-12 08:20:08 +02:00
bcm2835_gpio.c qbus: Rename qbus_create_inplace() to qbus_init() 2021-09-30 13:42:10 +01:00
gpio_key.c
gpio_pwr.c hw/gpio/gpio_pwr: use shutdown function for reboot 2021-07-02 11:48:36 +01:00
imx_gpio.c
Kconfig
max7310.c
meson.build Drop the deprecated unicore32 target 2021-05-12 18:20:52 +02:00
mpc8xxx.c
npcm7xx_gpio.c
nrf51_gpio.c
omap_gpio.c
pl061.c hw/gpio/pl061: Document a shortcoming in our implementation 2021-07-09 16:09:12 +01:00
sifive_gpio.c
trace-events hw/gpio/pl061: Convert to 3-phase reset and assert GPIO lines correctly on reset 2021-07-09 16:09:12 +01:00
trace.h
zaurus.c