On Thu, 16 Mar 2023 at 14:12, Guenter Roeck <li...@roeck-us.net> wrote: > > Hi Peter, > > On 3/16/23 06:41, Peter Maydell wrote: > > On Fri, 13 Mar 2020 at 01:45, Guenter Roeck <li...@roeck-us.net> wrote: > >> > >> Add basic USB PHY support as implemented in i.MX23, i.MX28, i.MX6, > >> and i.MX7 SoCs. > >> > >> The only support really needed - at least to boot Linux - is support > >> for soft reset, which needs to reset various registers to their initial > >> value. Otherwise, just record register values. > >> > >> Reviewed-by: Peter Maydell <peter.mayd...@linaro.org> > >> Signed-off-by: Guenter Roeck <li...@roeck-us.net> > > > > Hi Guenter; we've had a fuzzer report that this device model > > accesses off the end of the usbphy[] array: > > https://gitlab.com/qemu-project/qemu/-/issues/1408 > > > > Good catch. And an obvious bug, sorry.
> > > Do you know what the device is supposed to do with these > > off-the-end acceses? We could either reduce the memory region > > size or bounds check and RAZ/WI the out-of-range accesses. > > > > I have no idea what the real hardware would do. The datasheets (at > least the ones I checked) don't say, only that the region size is 4k. > I would suggest a bounds check, ignore out-of-bounds writes (maybe > with a log message), and return 0 for reads (which I think is what > you suggest with RAZ/WI). > > Want me to send a patch ? If you have the time, that would be great. I expect you're better set up to test it than I am... thanks -- PMM
