RE: [PATCH v3 1/5] hw/arm/aspeed_ast2700-fc: Fix null pointer dereference in ca35 init

Thu, 22 May 2025 02:04:04 -0700 

Hi Cédric,

> -----Original Message-----
> From: Cédric Le Goater <c...@kaod.org>
> Sent: Thursday, May 22, 2025 3:52 PM
> To: Steven Lee <steven_...@aspeedtech.com>; Peter Maydell
> <peter.mayd...@linaro.org>; Troy Lee <leet...@gmail.com>; Jamin Lin
> <jamin_...@aspeedtech.com>; Andrew Jeffery
> <and...@codeconstruct.com.au>; Joel Stanley <j...@jms.id.au>; open
> list:ASPEED BMCs <qemu-...@nongnu.org>; open list:All patches CC here
> <qemu-devel@nongnu.org>
> Cc: Troy Lee <troy_...@aspeedtech.com>; long...@lenovo.com; Yunlin Tang
> <yunlin.t...@aspeedtech.com>
> Subject: Re: [PATCH v3 1/5] hw/arm/aspeed_ast2700-fc: Fix null pointer
> dereference in ca35 init
> 
> Hello Steven
> 
> On 5/22/25 05:36, Steven Lee wrote:
> > Clang's sanitizer reports a runtime error when booting with '-net nic
> > -net user', due to a null pointer being passed to
> > memory_region_find(), which subsequently triggers a crash in
> > flatview_lookup().
> >
> > Root cause:
> > - Missing NIC configuration in the CA35 initialization.
> >
> > Fix:
> > - Reduce ca35 ram size from 2GiB to 1GiB to align with ast2700a1-evb,
> >    where the ram-container is defined as 1GiB in its class.
> > - Add nic configuration in ast2700fc's ca35 init function.
> 
> 
> Please split in 2.

Will split in v4

Regards,
Steven

> 
> 
> > Signed-off-by: Steven Lee <steven_...@aspeedtech.com>
> > ---
> >   hw/arm/aspeed_ast27x0-fc.c | 9 ++++++++-
> >   1 file changed, 8 insertions(+), 1 deletion(-)
> >
> > diff --git a/hw/arm/aspeed_ast27x0-fc.c b/hw/arm/aspeed_ast27x0-fc.c
> > index 125a3ade40..f8cb632bca 100644
> > --- a/hw/arm/aspeed_ast27x0-fc.c
> > +++ b/hw/arm/aspeed_ast27x0-fc.c
> > @@ -48,7 +48,7 @@ struct Ast2700FCState {
> >       bool mmio_exec;
> >   };
> >
> > -#define AST2700FC_BMC_RAM_SIZE (2 * GiB)
> > +#define AST2700FC_BMC_RAM_SIZE (1 * GiB)
> >   #define AST2700FC_CM4_DRAM_SIZE (32 * MiB)
> >
> >   #define AST2700FC_HW_STRAP1 0x000000C0 @@ -86,6 +86,13 @@
> static
> > void ast2700fc_ca35_init(MachineState *machine)
> >                                    AST2700FC_BMC_RAM_SIZE,
> &error_abort)) {
> >           return;
> >       }
> > +
> > +    for (int i = 0; i < sc->macs_num; i++) {
> > +        if (!qemu_configure_nic_device(DEVICE(&soc->ftgmac100[i]),
> > +                                       true, NULL)) {
> > +            break;
> > +        }
> > +    }
> >       if (!object_property_set_int(OBJECT(&s->ca35), "hw-strap1",
> >                                    AST2700FC_HW_STRAP1,
> &error_abort)) {
> >           return;

Reply via email to