Hi Gerd,
On Tue, Oct 13, 2020 at 12:04 AM Gerd Hoffmann <kra...@redhat.com> wrote:
>
> > > + if (mps == 0) {
> > > + qemu_log_mask(LOG_GUEST_ERROR,
> > > + "%s: Bad HCCHAR_MPS set to zero\n", __func__);
> > > + return;
> > > + }
>
> > I think it would be better to move this check earlier in the function,
> > just after 'mps' is read from the register. Otherwise it can get
> > assigned to 'tlen' and 'p->mps', and who knows what mischief an
> > invalid value there might cause.
>
> Makes sense. While being at it maybe handle len > DWC2_MAX_XFER_SIZE
> the same way, the assert looks like it can be triggered by the guest.
I sent you a patch to fix up several assert()s, including that one, about a
month ago. Did you miss it?
https://lore.kernel.org/qemu-devel/20200920021449.830-1-pauld...@gmail.com
> Also: What would be the effect of simply returning here? Would dwc2
> emulation simply stop processing queues? Should we maybe raise an
> error IRQ?
Not entirely sure, I imagine the emulation will just stop working. I can
test it tomorrow. Also, can you give me a hint what an error IRQ is?
Is that a Qemu thing, or do you mean we should emulate what the
real core does in this case?
> What will real dwc2 hardware do in this case?
No idea. I don't think it's mentioned in the manual.
-Paul
> take care,
> Gerd
>
