On 210526 1624, Philippe Mathieu-Daudé wrote: > libFuzzer triggered the following assertion: > > cat << EOF | qemu-system-i386 -M pc-q35-5.0 \ > -nographic -monitor none -serial none \ > -qtest stdio -d guest_errors -trace pci\* > outl 0xcf8 0xf2000060 > outl 0xcfc 0x8400056e > EOF > pci_cfg_write mch 00:0 @0x60 <- 0x8400056e > Aborted (core dumped) > > This is because guest wrote MCH_HOST_BRIDGE_PCIEXBAR_LENGTH_RVD > (reserved value) to the PCIE XBAR register. > > There is no indication on the datasheet about what occurs when > this value is written. Simply ignore it on QEMU (and report an > guest error): > > pci_cfg_write mch 00:0 @0x60 <- 0x8400056e > Q35: Reserved PCIEXBAR LENGTH > pci_cfg_read mch 00:0 @0x0 -> 0x8086 > pci_cfg_read mch 00:0 @0x0 -> 0x29c08086 > ... > > Cc: qemu-sta...@nongnu.org > Reported-by: Alexander Bulekov <alx...@bu.edu> > BugLink: https://bugs.launchpad.net/qemu/+bug/1878641 > Fixes: df2d8b3ed4 ("q35: Introduce q35 pc based chipset emulator") > Reviewed-by: Richard Henderson <richard.hender...@linaro.org> > Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org> > ---
Reviewed-by: Alexander Bulekov <alx...@bu.edu>
