On Thu, Mar 16, 2023 at 02:51:23PM +0000, Peter Maydell wrote: > On Thu, 16 Mar 2023 at 14:12, Guenter Roeck <li...@roeck-us.net> wrote: > > > > Hi Peter, > > > > On 3/16/23 06:41, Peter Maydell wrote: > > > On Fri, 13 Mar 2020 at 01:45, Guenter Roeck <li...@roeck-us.net> wrote: > > >> > > >> Add basic USB PHY support as implemented in i.MX23, i.MX28, i.MX6, > > >> and i.MX7 SoCs. > > >> > > >> The only support really needed - at least to boot Linux - is support > > >> for soft reset, which needs to reset various registers to their initial > > >> value. Otherwise, just record register values. > > >> > > >> Reviewed-by: Peter Maydell <peter.mayd...@linaro.org> > > >> Signed-off-by: Guenter Roeck <li...@roeck-us.net> > > > > > > Hi Guenter; we've had a fuzzer report that this device model > > > accesses off the end of the usbphy[] array: > > > https://gitlab.com/qemu-project/qemu/-/issues/1408 > > > > > > > Good catch. And an obvious bug, sorry. > > > > > > > Do you know what the device is supposed to do with these > > > off-the-end acceses? We could either reduce the memory region > > > size or bounds check and RAZ/WI the out-of-range accesses. > > > > > > > I have no idea what the real hardware would do. The datasheets (at > > least the ones I checked) don't say, only that the region size is 4k. > > I would suggest a bounds check, ignore out-of-bounds writes (maybe > > with a log message), and return 0 for reads (which I think is what > > you suggest with RAZ/WI). > > > > Want me to send a patch ? > > If you have the time, that would be great. I expect you're > better set up to test it than I am... >
I prepared a patch. Currently testing. Guenter
