* [PATCH 0/6] Add various undefined MMIO r/w functions
@ 2020-06-17 5:39 P J P
2020-06-17 5:39 ` [PATCH 1/6] hw/pci-host: add pci-intack write method P J P
` (7 more replies)
0 siblings, 8 replies; 19+ messages in thread
From: P J P @ 2020-06-17 5:39 UTC (permalink / raw)
To: Peter Maydell
Cc: Prasad J Pandit, QEMU Developers, Lei Sun, Alex Williamson,
Hervé Poussineau, Joel Stanley, Philippe Mathieu-Daudé,
David Gibson
From: Prasad J Pandit <pjp@fedoraproject.org>
Hello,
This series adds various undefined MMIO read/write functions
to avoid potential guest crash via a NULL pointer dereference.
ex. -> https://git.qemu.org/?p=qemu.git;a=commit;h=bb15013ef34617eb1344f5276292cadd326c21b2
Thank you.
--
Prasad J Pandit (6):
hw/pci-host: add pci-intack write method
pci-host: add pcie-msi read method
vfio: add quirk device write method
prep: add ppc-parity write method
nvram: add nrf51_soc flash read method
spapr_pci: add spapr msi read method
hw/nvram/nrf51_nvm.c | 7 +++++++
hw/pci-host/designware.c | 9 +++++++++
hw/pci-host/prep.c | 8 ++++++++
hw/ppc/prep_systemio.c | 8 ++++++++
hw/ppc/spapr_pci.c | 9 ++++++++-
hw/vfio/pci-quirks.c | 8 ++++++++
6 files changed, 48 insertions(+), 1 deletion(-)
--
2.26.2
^ permalink raw reply [flat|nested] 19+ messages in thread
* [PATCH 1/6] hw/pci-host: add pci-intack write method
2020-06-17 5:39 [PATCH 0/6] Add various undefined MMIO r/w functions P J P
@ 2020-06-17 5:39 ` P J P
2020-06-17 5:39 ` [PATCH 2/6] pci-host: add pcie-msi read method P J P
` (6 subsequent siblings)
7 siblings, 0 replies; 19+ messages in thread
From: P J P @ 2020-06-17 5:39 UTC (permalink / raw)
To: Peter Maydell
Cc: Prasad J Pandit, QEMU Developers, Lei Sun, Alex Williamson,
Hervé Poussineau, Joel Stanley, Philippe Mathieu-Daudé,
David Gibson
From: Prasad J Pandit <pjp@fedoraproject.org>
Add pci-intack mmio write method to avoid NULL pointer dereference
issue.
Reported-by: Lei Sun <slei.casper@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
hw/pci-host/prep.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/hw/pci-host/prep.c b/hw/pci-host/prep.c
index 1a02e9a670..41befee203 100644
--- a/hw/pci-host/prep.c
+++ b/hw/pci-host/prep.c
@@ -27,6 +27,7 @@
#include "qemu-common.h"
#include "qemu/units.h"
#include "qapi/error.h"
+#include "qemu/log.h"
#include "hw/pci/pci.h"
#include "hw/pci/pci_bus.h"
#include "hw/pci/pci_host.h"
@@ -119,8 +120,15 @@ static uint64_t raven_intack_read(void *opaque, hwaddr addr,
return pic_read_irq(isa_pic);
}
+static void raven_intack_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
+}
+
static const MemoryRegionOps raven_intack_ops = {
.read = raven_intack_read,
+ .write = raven_intack_write,
.valid = {
.max_access_size = 1,
},
--
2.26.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 2/6] pci-host: add pcie-msi read method
2020-06-17 5:39 [PATCH 0/6] Add various undefined MMIO r/w functions P J P
2020-06-17 5:39 ` [PATCH 1/6] hw/pci-host: add pci-intack write method P J P
@ 2020-06-17 5:39 ` P J P
2020-06-17 5:39 ` [PATCH 3/6] vfio: add quirk device write method P J P
` (5 subsequent siblings)
7 siblings, 0 replies; 19+ messages in thread
From: P J P @ 2020-06-17 5:39 UTC (permalink / raw)
To: Peter Maydell
Cc: Prasad J Pandit, QEMU Developers, Lei Sun, Alex Williamson,
Hervé Poussineau, Joel Stanley, Philippe Mathieu-Daudé,
David Gibson
From: Prasad J Pandit <pjp@fedoraproject.org>
Add pcie-msi mmio read method to avoid NULL pointer dereference
issue.
Reported-by: Lei Sun <slei.casper@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
hw/pci-host/designware.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/hw/pci-host/designware.c b/hw/pci-host/designware.c
index dd245516dd..c34c366f36 100644
--- a/hw/pci-host/designware.c
+++ b/hw/pci-host/designware.c
@@ -21,6 +21,7 @@
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "qemu/module.h"
+#include "qemu/log.h"
#include "hw/pci/msi.h"
#include "hw/pci/pci_bridge.h"
#include "hw/pci/pci_host.h"
@@ -63,6 +64,13 @@ designware_pcie_root_to_host(DesignwarePCIERoot *root)
return DESIGNWARE_PCIE_HOST(bus->parent);
}
+static uint64_t designware_pcie_root_msi_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
+ return 0;
+}
+
static void designware_pcie_root_msi_write(void *opaque, hwaddr addr,
uint64_t val, unsigned len)
{
@@ -77,6 +85,7 @@ static void designware_pcie_root_msi_write(void *opaque, hwaddr addr,
}
static const MemoryRegionOps designware_pci_host_msi_ops = {
+ .read = designware_pcie_root_msi_read,
.write = designware_pcie_root_msi_write,
.endianness = DEVICE_LITTLE_ENDIAN,
.valid = {
--
2.26.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 3/6] vfio: add quirk device write method
2020-06-17 5:39 [PATCH 0/6] Add various undefined MMIO r/w functions P J P
2020-06-17 5:39 ` [PATCH 1/6] hw/pci-host: add pci-intack write method P J P
2020-06-17 5:39 ` [PATCH 2/6] pci-host: add pcie-msi read method P J P
@ 2020-06-17 5:39 ` P J P
2020-06-17 7:33 ` Philippe Mathieu-Daudé
2020-06-17 5:39 ` [PATCH 4/6] prep: add ppc-parity " P J P
` (4 subsequent siblings)
7 siblings, 1 reply; 19+ messages in thread
From: P J P @ 2020-06-17 5:39 UTC (permalink / raw)
To: Peter Maydell
Cc: Prasad J Pandit, QEMU Developers, Lei Sun, Alex Williamson,
Hervé Poussineau, Joel Stanley, Philippe Mathieu-Daudé,
David Gibson
From: Prasad J Pandit <pjp@fedoraproject.org>
Add vfio quirk device mmio write method to avoid NULL pointer
dereference issue.
Reported-by: Lei Sun <slei.casper@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
hw/vfio/pci-quirks.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c
index f2155ddb1d..5bd98885d5 100644
--- a/hw/vfio/pci-quirks.c
+++ b/hw/vfio/pci-quirks.c
@@ -13,6 +13,7 @@
#include "qemu/osdep.h"
#include "exec/memop.h"
#include "qemu/units.h"
+#include "qemu/log.h"
#include "qemu/error-report.h"
#include "qemu/main-loop.h"
#include "qemu/module.h"
@@ -263,8 +264,15 @@ static uint64_t vfio_ati_3c3_quirk_read(void *opaque,
return data;
}
+static void vfio_ati_3c3_quirk_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
+}
+
static const MemoryRegionOps vfio_ati_3c3_quirk = {
.read = vfio_ati_3c3_quirk_read,
+ .write = vfio_ati_3c3_quirk_write,
.endianness = DEVICE_LITTLE_ENDIAN,
};
--
2.26.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 4/6] prep: add ppc-parity write method
2020-06-17 5:39 [PATCH 0/6] Add various undefined MMIO r/w functions P J P
` (2 preceding siblings ...)
2020-06-17 5:39 ` [PATCH 3/6] vfio: add quirk device write method P J P
@ 2020-06-17 5:39 ` P J P
2020-06-17 7:47 ` Philippe Mathieu-Daudé
2020-06-17 5:39 ` [PATCH 5/6] nvram: add nrf51_soc flash read method P J P
` (3 subsequent siblings)
7 siblings, 1 reply; 19+ messages in thread
From: P J P @ 2020-06-17 5:39 UTC (permalink / raw)
To: Peter Maydell
Cc: Prasad J Pandit, QEMU Developers, Lei Sun, Alex Williamson,
Hervé Poussineau, Joel Stanley, Philippe Mathieu-Daudé,
David Gibson
From: Prasad J Pandit <pjp@fedoraproject.org>
Add ppc-parity mmio write method to avoid NULL pointer dereference
issue.
Reported-by: Lei Sun <slei.casper@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
hw/ppc/prep_systemio.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/hw/ppc/prep_systemio.c b/hw/ppc/prep_systemio.c
index bbc51b6e9a..aacd7831fd 100644
--- a/hw/ppc/prep_systemio.c
+++ b/hw/ppc/prep_systemio.c
@@ -23,6 +23,7 @@
*/
#include "qemu/osdep.h"
+#include "qemu/log.h"
#include "hw/irq.h"
#include "hw/isa/isa.h"
#include "hw/qdev-properties.h"
@@ -235,8 +236,15 @@ static uint64_t ppc_parity_error_readl(void *opaque, hwaddr addr,
return val;
}
+static void ppc_parity_error_writel(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size)
+{
+ qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
+}
+
static const MemoryRegionOps ppc_parity_error_ops = {
.read = ppc_parity_error_readl,
+ .write = ppc_parity_error_writel,
.valid = {
.min_access_size = 4,
.max_access_size = 4,
--
2.26.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 5/6] nvram: add nrf51_soc flash read method
2020-06-17 5:39 [PATCH 0/6] Add various undefined MMIO r/w functions P J P
` (3 preceding siblings ...)
2020-06-17 5:39 ` [PATCH 4/6] prep: add ppc-parity " P J P
@ 2020-06-17 5:39 ` P J P
2020-06-17 7:42 ` Philippe Mathieu-Daudé
2020-06-17 5:39 ` [PATCH 6/6] spapr_pci: add spapr msi " P J P
` (2 subsequent siblings)
7 siblings, 1 reply; 19+ messages in thread
From: P J P @ 2020-06-17 5:39 UTC (permalink / raw)
To: Peter Maydell
Cc: Prasad J Pandit, QEMU Developers, Lei Sun, Alex Williamson,
Hervé Poussineau, Joel Stanley, Philippe Mathieu-Daudé,
David Gibson
From: Prasad J Pandit <pjp@fedoraproject.org>
Add nrf51_soc mmio read method to avoid NULL pointer dereference
issue.
Reported-by: Lei Sun <slei.casper@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
hw/nvram/nrf51_nvm.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/hw/nvram/nrf51_nvm.c b/hw/nvram/nrf51_nvm.c
index f2283c1a8d..e813c7ec72 100644
--- a/hw/nvram/nrf51_nvm.c
+++ b/hw/nvram/nrf51_nvm.c
@@ -274,6 +274,12 @@ static const MemoryRegionOps io_ops = {
};
+static uint64_t flash_read(void *opaque, hwaddr addr, unsigned size)
+{
+ qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
+ return 0;
+}
+
static void flash_write(void *opaque, hwaddr offset, uint64_t value,
unsigned int size)
{
@@ -300,6 +306,7 @@ static void flash_write(void *opaque, hwaddr offset, uint64_t value,
static const MemoryRegionOps flash_ops = {
+ .read = flash_read,
.write = flash_write,
.valid.min_access_size = 4,
.valid.max_access_size = 4,
--
2.26.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH 6/6] spapr_pci: add spapr msi read method
2020-06-17 5:39 [PATCH 0/6] Add various undefined MMIO r/w functions P J P
` (4 preceding siblings ...)
2020-06-17 5:39 ` [PATCH 5/6] nvram: add nrf51_soc flash read method P J P
@ 2020-06-17 5:39 ` P J P
2020-06-17 7:45 ` Philippe Mathieu-Daudé
2020-06-17 6:07 ` [PATCH 0/6] Add various undefined MMIO r/w functions no-reply
2020-06-17 6:39 ` David Gibson
7 siblings, 1 reply; 19+ messages in thread
From: P J P @ 2020-06-17 5:39 UTC (permalink / raw)
To: Peter Maydell
Cc: Prasad J Pandit, QEMU Developers, Lei Sun, Alex Williamson,
Hervé Poussineau, Joel Stanley, Philippe Mathieu-Daudé,
David Gibson
From: Prasad J Pandit <pjp@fedoraproject.org>
Add spapr msi mmio read method to avoid NULL pointer dereference
issue.
Reported-by: Lei Sun <slei.casper@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
hw/ppc/spapr_pci.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 83f1453096..d4193be205 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -52,6 +52,7 @@
#include "sysemu/kvm.h"
#include "sysemu/hostmem.h"
#include "sysemu/numa.h"
+#include "qemu/log.h"
/* Copied from the kernel arch/powerpc/platforms/pseries/msi.c */
#define RTAS_QUERY_FN 0
@@ -738,6 +739,12 @@ static PCIINTxRoute spapr_route_intx_pin_to_irq(void *opaque, int pin)
return route;
}
+static uint64_t spapr_msi_read(void *opaque, hwaddr addr, unsigned size)
+{
+ qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
+ return 0;
+}
+
/*
* MSI/MSIX memory region implementation.
* The handler handles both MSI and MSIX.
@@ -756,7 +763,7 @@ static void spapr_msi_write(void *opaque, hwaddr addr,
static const MemoryRegionOps spapr_msi_ops = {
/* There is no .read as the read result is undefined by PCI spec */
- .read = NULL,
+ .read = spapr_msi_read,
.write = spapr_msi_write,
.endianness = DEVICE_LITTLE_ENDIAN
};
--
2.26.2
^ permalink raw reply related [flat|nested] 19+ messages in thread
* Re: [PATCH 0/6] Add various undefined MMIO r/w functions
2020-06-17 5:39 [PATCH 0/6] Add various undefined MMIO r/w functions P J P
` (5 preceding siblings ...)
2020-06-17 5:39 ` [PATCH 6/6] spapr_pci: add spapr msi " P J P
@ 2020-06-17 6:07 ` no-reply
2020-06-17 6:39 ` David Gibson
7 siblings, 0 replies; 19+ messages in thread
From: no-reply @ 2020-06-17 6:07 UTC (permalink / raw)
To: ppandit
Cc: peter.maydell, pjp, qemu-devel, slei.casper, alex.williamson,
hpoussin, joel, philmd, david
Patchew URL: https://patchew.org/QEMU/20200617053934.122642-1-ppandit@redhat.com/
Hi,
This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.
=== TEST SCRIPT BEGIN ===
#!/bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
=== TEST SCRIPT END ===
CC qga/guest-agent-command-state.o
CC qga/main.o
CC qga/commands-posix.o
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
CC qga/channel-posix.o
CC qga/qapi-generated/qga-qapi-types.o
CC qga/qapi-generated/qga-qapi-visit.o
---
GEN docs/interop/qemu-ga-ref.html
GEN docs/interop/qemu-ga-ref.txt
GEN docs/interop/qemu-ga-ref.7
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
LINK qemu-keymap
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
LINK ivshmem-client
LINK ivshmem-server
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
LINK qemu-nbd
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
LINK qemu-storage-daemon
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
AS pc-bios/optionrom/multiboot.o
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
LINK qemu-img
AS pc-bios/optionrom/linuxboot.o
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
CC pc-bios/optionrom/linuxboot_dma.o
AS pc-bios/optionrom/kvmvapic.o
AS pc-bios/optionrom/pvh.o
CC pc-bios/optionrom/pvh_main.o
BUILD pc-bios/optionrom/multiboot.img
LINK qemu-io
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
BUILD pc-bios/optionrom/linuxboot.img
BUILD pc-bios/optionrom/linuxboot_dma.img
BUILD pc-bios/optionrom/kvmvapic.img
---
LINK fsdev/virtfs-proxy-helper
BUILD pc-bios/optionrom/linuxboot.raw
BUILD pc-bios/optionrom/multiboot.raw
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
BUILD pc-bios/optionrom/kvmvapic.raw
SIGN pc-bios/optionrom/linuxboot.bin
LINK scsi/qemu-pr-helper
SIGN pc-bios/optionrom/linuxboot_dma.bin
SIGN pc-bios/optionrom/kvmvapic.bin
LINK qemu-bridge-helper
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
SIGN pc-bios/optionrom/multiboot.bin
LINK virtiofsd
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
LINK vhost-user-input
LINK qemu-ga
BUILD pc-bios/optionrom/pvh.img
BUILD pc-bios/optionrom/pvh.raw
SIGN pc-bios/optionrom/pvh.bin
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
GEN x86_64-softmmu/hmp-commands-info.h
GEN x86_64-softmmu/hmp-commands.h
GEN x86_64-softmmu/config-target.h
---
CC x86_64-softmmu/hw/scsi/virtio-scsi.o
CC x86_64-softmmu/hw/scsi/virtio-scsi-dataplane.o
CC x86_64-softmmu/hw/scsi/vhost-scsi-common.o
/tmp/qemu-test/src/migration/ram.c:919:45: error: implicit conversion from 'unsigned long' to 'double' changes value from 18446744073709551615 to 18446744073709551616 [-Werror,-Wimplicit-int-float-conversion]
xbzrle_counters.encoding_rate = UINT64_MAX;
~ ^~~~~~~~~~
/usr/include/stdint.h:130:23: note: expanded from macro 'UINT64_MAX'
---
18446744073709551615UL
^~~~~~~~~~~~~~~~~~~~~~
1 error generated.
/tmp/qemu-test/src/fpu/softfloat.c:3365:13: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
absZ &= ~ ( ( ( roundBits ^ 0x40 ) == 0 ) & roundNearestEven );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
!
/tmp/qemu-test/src/fpu/softfloat.c:3423:18: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
absZ0 &= ~ ( ( (uint64_t) ( absZ1<<1 ) == 0 ) & roundNearestEven );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
!
/tmp/qemu-test/src/fpu/softfloat.c:3483:18: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
absZ0 &= ~(((uint64_t)(absZ1<<1) == 0) & roundNearestEven);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
!
/tmp/qemu-test/src/fpu/softfloat.c:3606:13: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
zSig &= ~ ( ( ( roundBits ^ 0x40 ) == 0 ) & roundNearestEven );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
!
/tmp/qemu-test/src/fpu/softfloat.c:3760:13: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
zSig &= ~ ( ( ( roundBits ^ 0x200 ) == 0 ) & roundNearestEven );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
!
/tmp/qemu-test/src/fpu/softfloat.c:3987:21: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
~ ( ( (uint64_t) ( zSig1<<1 ) == 0 ) & roundNearestEven );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
!
/tmp/qemu-test/src/fpu/softfloat.c:4003:22: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
zSig0 &= ~ ( ( (uint64_t) ( zSig1<<1 ) == 0 ) & roundNearestEven );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
!
/tmp/qemu-test/src/fpu/softfloat.c:4273:18: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
zSig1 &= ~ ( ( zSig2 + zSig2 == 0 ) & roundNearestEven );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
!
8 errors generated.
make[1]: *** [/tmp/qemu-test/src/rules.mak:69: migration/ram.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make[1]: *** [/tmp/qemu-test/src/rules.mak:69: fpu/softfloat.o] Error 1
make: *** [Makefile:527: x86_64-softmmu/all] Error 2
Traceback (most recent call last):
File "./tests/docker/docker.py", line 669, in <module>
sys.exit(main())
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', '--label', 'com.qemu.instance.uuid=01f020e1222945239d0a8e124f15f6c3', '-u', '1001', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=x86_64-softmmu', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', '/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', '/var/tmp/patchew-tester-tmp-3dfzrfgw/src/docker-src.2020-06-17-02.03.49.10100:/var/tmp/qemu:z,ro', 'qemu:fedora', '/var/tmp/qemu/run', 'test-debug']' returned non-zero exit status 2.
filter=--filter=label=com.qemu.instance.uuid=01f020e1222945239d0a8e124f15f6c3
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-3dfzrfgw/src'
make: *** [docker-run-test-debug@fedora] Error 2
real 3m44.998s
user 0m8.259s
The full log is available at
http://patchew.org/logs/20200617053934.122642-1-ppandit@redhat.com/testing.asan/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 0/6] Add various undefined MMIO r/w functions
2020-06-17 5:39 [PATCH 0/6] Add various undefined MMIO r/w functions P J P
` (6 preceding siblings ...)
2020-06-17 6:07 ` [PATCH 0/6] Add various undefined MMIO r/w functions no-reply
@ 2020-06-17 6:39 ` David Gibson
2020-06-17 13:06 ` Alex Williamson
7 siblings, 1 reply; 19+ messages in thread
From: David Gibson @ 2020-06-17 6:39 UTC (permalink / raw)
To: P J P
Cc: Peter Maydell, Prasad J Pandit, QEMU Developers, Lei Sun,
Alex Williamson, Hervé Poussineau, Joel Stanley,
Philippe Mathieu-Daudé
[-- Attachment #1: Type: text/plain, Size: 671 bytes --]
On Wed, Jun 17, 2020 at 11:09:27AM +0530, P J P wrote:
> From: Prasad J Pandit <pjp@fedoraproject.org>
>
> Hello,
>
> This series adds various undefined MMIO read/write functions
> to avoid potential guest crash via a NULL pointer dereference.
Hrm. If this is such a common problem, maybe we should just add a
NULL check in the common paths.
>
> ex. -> https://git.qemu.org/?p=qemu.git;a=commit;h=bb15013ef34617eb1344f5276292cadd326c21b2
>
> Thank you.
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 3/6] vfio: add quirk device write method
2020-06-17 5:39 ` [PATCH 3/6] vfio: add quirk device write method P J P
@ 2020-06-17 7:33 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 19+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-06-17 7:33 UTC (permalink / raw)
To: P J P, Peter Maydell
Cc: Prasad J Pandit, QEMU Developers, Lei Sun, Alex Williamson,
Hervé Poussineau, Joel Stanley, David Gibson
On 6/17/20 7:39 AM, P J P wrote:
> From: Prasad J Pandit <pjp@fedoraproject.org>
>
> Add vfio quirk device mmio write method to avoid NULL pointer
> dereference issue.
>
> Reported-by: Lei Sun <slei.casper@gmail.com>
> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> ---
> hw/vfio/pci-quirks.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c
> index f2155ddb1d..5bd98885d5 100644
> --- a/hw/vfio/pci-quirks.c
> +++ b/hw/vfio/pci-quirks.c
> @@ -13,6 +13,7 @@
> #include "qemu/osdep.h"
> #include "exec/memop.h"
> #include "qemu/units.h"
> +#include "qemu/log.h"
> #include "qemu/error-report.h"
> #include "qemu/main-loop.h"
> #include "qemu/module.h"
> @@ -263,8 +264,15 @@ static uint64_t vfio_ati_3c3_quirk_read(void *opaque,
> return data;
> }
>
> +static void vfio_ati_3c3_quirk_write(void *opaque, hwaddr addr,
> + uint64_t data, unsigned size)
> +{
> + qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
Shouldn't this be LOG_GUEST_ERROR?
> +}
> +
> static const MemoryRegionOps vfio_ati_3c3_quirk = {
> .read = vfio_ati_3c3_quirk_read,
> + .write = vfio_ati_3c3_quirk_write,
> .endianness = DEVICE_LITTLE_ENDIAN,
> };
>
>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 5/6] nvram: add nrf51_soc flash read method
2020-06-17 5:39 ` [PATCH 5/6] nvram: add nrf51_soc flash read method P J P
@ 2020-06-17 7:42 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 19+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-06-17 7:42 UTC (permalink / raw)
To: P J P, Peter Maydell
Cc: Prasad J Pandit, QEMU Developers, Lei Sun, Alex Williamson,
Hervé Poussineau, Joel Stanley, David Gibson
On 6/17/20 7:39 AM, P J P wrote:
> From: Prasad J Pandit <pjp@fedoraproject.org>
>
> Add nrf51_soc mmio read method to avoid NULL pointer dereference
> issue.
>
> Reported-by: Lei Sun <slei.casper@gmail.com>
> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> ---
> hw/nvram/nrf51_nvm.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/hw/nvram/nrf51_nvm.c b/hw/nvram/nrf51_nvm.c
> index f2283c1a8d..e813c7ec72 100644
> --- a/hw/nvram/nrf51_nvm.c
> +++ b/hw/nvram/nrf51_nvm.c
> @@ -274,6 +274,12 @@ static const MemoryRegionOps io_ops = {
> };
>
>
> +static uint64_t flash_read(void *opaque, hwaddr addr, unsigned size)
> +{
> + qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
> + return 0;
This is a ROM device, shouldn't we return this instead?
return ldl_le_p(s->storage + offset);
> +}
> +
> static void flash_write(void *opaque, hwaddr offset, uint64_t value,
> unsigned int size)
> {
> @@ -300,6 +306,7 @@ static void flash_write(void *opaque, hwaddr offset, uint64_t value,
>
>
> static const MemoryRegionOps flash_ops = {
> + .read = flash_read,
> .write = flash_write,
> .valid.min_access_size = 4,
> .valid.max_access_size = 4,
>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 6/6] spapr_pci: add spapr msi read method
2020-06-17 5:39 ` [PATCH 6/6] spapr_pci: add spapr msi " P J P
@ 2020-06-17 7:45 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 19+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-06-17 7:45 UTC (permalink / raw)
To: P J P, Peter Maydell
Cc: Prasad J Pandit, QEMU Developers, Lei Sun, Alex Williamson,
Hervé Poussineau, Joel Stanley, David Gibson
On 6/17/20 7:39 AM, P J P wrote:
> From: Prasad J Pandit <pjp@fedoraproject.org>
>
> Add spapr msi mmio read method to avoid NULL pointer dereference
> issue.
>
> Reported-by: Lei Sun <slei.casper@gmail.com>
> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> ---
> hw/ppc/spapr_pci.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
> index 83f1453096..d4193be205 100644
> --- a/hw/ppc/spapr_pci.c
> +++ b/hw/ppc/spapr_pci.c
> @@ -52,6 +52,7 @@
> #include "sysemu/kvm.h"
> #include "sysemu/hostmem.h"
> #include "sysemu/numa.h"
> +#include "qemu/log.h"
>
> /* Copied from the kernel arch/powerpc/platforms/pseries/msi.c */
> #define RTAS_QUERY_FN 0
> @@ -738,6 +739,12 @@ static PCIINTxRoute spapr_route_intx_pin_to_irq(void *opaque, int pin)
> return route;
> }
>
> +static uint64_t spapr_msi_read(void *opaque, hwaddr addr, unsigned size)
> +{
> + qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
> + return 0;
> +}
> +
> /*
> * MSI/MSIX memory region implementation.
> * The handler handles both MSI and MSIX.
> @@ -756,7 +763,7 @@ static void spapr_msi_write(void *opaque, hwaddr addr,
>
> static const MemoryRegionOps spapr_msi_ops = {
> /* There is no .read as the read result is undefined by PCI spec */
We probably want to implement .accepts handler instead.
> - .read = NULL,
> + .read = spapr_msi_read,
> .write = spapr_msi_write,
> .endianness = DEVICE_LITTLE_ENDIAN
> };
>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 4/6] prep: add ppc-parity write method
2020-06-17 5:39 ` [PATCH 4/6] prep: add ppc-parity " P J P
@ 2020-06-17 7:47 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 19+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-06-17 7:47 UTC (permalink / raw)
To: P J P, Peter Maydell
Cc: Prasad J Pandit, QEMU Developers, Lei Sun, Alex Williamson,
Hervé Poussineau, Joel Stanley, David Gibson
On 6/17/20 7:39 AM, P J P wrote:
> From: Prasad J Pandit <pjp@fedoraproject.org>
>
> Add ppc-parity mmio write method to avoid NULL pointer dereference
> issue.
>
> Reported-by: Lei Sun <slei.casper@gmail.com>
> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> ---
> hw/ppc/prep_systemio.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/hw/ppc/prep_systemio.c b/hw/ppc/prep_systemio.c
> index bbc51b6e9a..aacd7831fd 100644
> --- a/hw/ppc/prep_systemio.c
> +++ b/hw/ppc/prep_systemio.c
> @@ -23,6 +23,7 @@
> */
>
> #include "qemu/osdep.h"
> +#include "qemu/log.h"
> #include "hw/irq.h"
> #include "hw/isa/isa.h"
> #include "hw/qdev-properties.h"
> @@ -235,8 +236,15 @@ static uint64_t ppc_parity_error_readl(void *opaque, hwaddr addr,
> return val;
> }
>
> +static void ppc_parity_error_writel(void *opaque, hwaddr addr,
> + uint64_t data, unsigned size)
> +{
> + qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__);
I understand the parity bits are calculated by the hardware, I doubt we
can write them. So probably LOG_GUEST_ERROR or a transaction failure here.
> +}
> +
> static const MemoryRegionOps ppc_parity_error_ops = {
> .read = ppc_parity_error_readl,
> + .write = ppc_parity_error_writel,
> .valid = {
> .min_access_size = 4,
> .max_access_size = 4,
>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 0/6] Add various undefined MMIO r/w functions
2020-06-17 6:39 ` David Gibson
@ 2020-06-17 13:06 ` Alex Williamson
2020-06-17 13:20 ` Philippe Mathieu-Daudé
0 siblings, 1 reply; 19+ messages in thread
From: Alex Williamson @ 2020-06-17 13:06 UTC (permalink / raw)
To: David Gibson
Cc: Peter Maydell, Prasad J Pandit, QEMU Developers, P J P, Lei Sun,
Hervé Poussineau, Joel Stanley, Philippe Mathieu-Daudé
On Wed, 17 Jun 2020 16:39:56 +1000
David Gibson <david@gibson.dropbear.id.au> wrote:
> On Wed, Jun 17, 2020 at 11:09:27AM +0530, P J P wrote:
> > From: Prasad J Pandit <pjp@fedoraproject.org>
> >
> > Hello,
> >
> > This series adds various undefined MMIO read/write functions
> > to avoid potential guest crash via a NULL pointer dereference.
>
> Hrm. If this is such a common problem, maybe we should just add a
> NULL check in the common paths.
+1, clearly the behavior is already expected. Thanks,
Alex
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 0/6] Add various undefined MMIO r/w functions
2020-06-17 13:06 ` Alex Williamson
@ 2020-06-17 13:20 ` Philippe Mathieu-Daudé
2020-06-17 14:05 ` Alex Bennée
2020-06-17 15:08 ` Paolo Bonzini
0 siblings, 2 replies; 19+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-06-17 13:20 UTC (permalink / raw)
To: Alex Williamson, David Gibson
Cc: Peter Maydell, Prasad J Pandit, Li Qiang, Li Qiang,
QEMU Developers, P J P, Lei Sun, Hervé Poussineau,
Joel Stanley, Paolo Bonzini, Li Qiang
On 6/17/20 3:06 PM, Alex Williamson wrote:
> On Wed, 17 Jun 2020 16:39:56 +1000
> David Gibson <david@gibson.dropbear.id.au> wrote:
>
>> On Wed, Jun 17, 2020 at 11:09:27AM +0530, P J P wrote:
>>> From: Prasad J Pandit <pjp@fedoraproject.org>
>>>
>>> Hello,
>>>
>>> This series adds various undefined MMIO read/write functions
>>> to avoid potential guest crash via a NULL pointer dereference.
>>
>> Hrm. If this is such a common problem, maybe we should just add a
>> NULL check in the common paths.
>
> +1, clearly the behavior is already expected. Thanks,
20 months ago Peter suggested:
"assert that every MemoryRegionOps has pointers to callbacks
in it, when it is registered in memory_region_init_io() and
memory_region_init_rom_device_nomigrate()."
https://www.mail-archive.com/qemu-devel@nongnu.org/msg573310.html
Li Qiang refers to this post from Paolo:
> static const MemoryRegionOps notdirty_mem_ops = {
> + .read = notdirty_mem_read,
> .write = notdirty_mem_write,
> .valid.accepts = notdirty_mem_accepts,
> .endianness = DEVICE_NATIVE_ENDIAN,
"This cannot happen, since TLB_NOTDIRTY is only added
to the addr_write member (see accel/tcg/cputlb.c)."
https://www.mail-archive.com/qemu-devel@nongnu.org/msg561345.html
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 0/6] Add various undefined MMIO r/w functions
2020-06-17 13:20 ` Philippe Mathieu-Daudé
@ 2020-06-17 14:05 ` Alex Bennée
2020-06-17 14:42 ` Philippe Mathieu-Daudé
2020-06-17 15:08 ` Paolo Bonzini
1 sibling, 1 reply; 19+ messages in thread
From: Alex Bennée @ 2020-06-17 14:05 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: Peter Maydell, Prasad J Pandit, Li Qiang, Li Qiang, qemu-devel,
P J P, Lei Sun, Alex Williamson, Hervé Poussineau,
Joel Stanley, Li Qiang, Paolo Bonzini, David Gibson
Philippe Mathieu-Daudé <philmd@redhat.com> writes:
> On 6/17/20 3:06 PM, Alex Williamson wrote:
>> On Wed, 17 Jun 2020 16:39:56 +1000
>> David Gibson <david@gibson.dropbear.id.au> wrote:
>>
>>> On Wed, Jun 17, 2020 at 11:09:27AM +0530, P J P wrote:
>>>> From: Prasad J Pandit <pjp@fedoraproject.org>
>>>>
>>>> Hello,
>>>>
>>>> This series adds various undefined MMIO read/write functions
>>>> to avoid potential guest crash via a NULL pointer dereference.
>>>
>>> Hrm. If this is such a common problem, maybe we should just add a
>>> NULL check in the common paths.
>>
>> +1, clearly the behavior is already expected. Thanks,
>
> 20 months ago Peter suggested:
>
> "assert that every MemoryRegionOps has pointers to callbacks
> in it, when it is registered in memory_region_init_io() and
> memory_region_init_rom_device_nomigrate()."
>
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg573310.html
>
> Li Qiang refers to this post from Paolo:
>
>> static const MemoryRegionOps notdirty_mem_ops = {
>> + .read = notdirty_mem_read,
>> .write = notdirty_mem_write,
>> .valid.accepts = notdirty_mem_accepts,
>> .endianness = DEVICE_NATIVE_ENDIAN,
>
> "This cannot happen, since TLB_NOTDIRTY is only added
> to the addr_write member (see accel/tcg/cputlb.c)."
>
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg561345.html
What about catching it in memory_region_dispatch_write:
if (mr->ops->write) {
return access_with_adjusted_size(addr, &data, size,
mr->ops->impl.min_access_size,
mr->ops->impl.max_access_size,
memory_region_write_accessor, mr,
attrs);
} else if (mr->ops->write_with_attrs) {
return
access_with_adjusted_size(addr, &data, size,
mr->ops->impl.min_access_size,
mr->ops->impl.max_access_size,
memory_region_write_with_attrs_accessor,
mr, attrs);
} else {
qemu_log_mask(LOG_UNIMP|LOG_GUEST_ERROR, "%s: %s un-handled write\n",
__func__, mr->name);
}
--
Alex Bennée
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 0/6] Add various undefined MMIO r/w functions
2020-06-17 14:05 ` Alex Bennée
@ 2020-06-17 14:42 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 19+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-06-17 14:42 UTC (permalink / raw)
To: Alex Bennée
Cc: Peter Maydell, Prasad J Pandit, Li Qiang, Li Qiang, qemu-devel,
P J P, Lei Sun, Alex Williamson, Hervé Poussineau,
Joel Stanley, Li Qiang, Paolo Bonzini, David Gibson
On 6/17/20 4:05 PM, Alex Bennée wrote:
>
> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>
>> On 6/17/20 3:06 PM, Alex Williamson wrote:
>>> On Wed, 17 Jun 2020 16:39:56 +1000
>>> David Gibson <david@gibson.dropbear.id.au> wrote:
>>>
>>>> On Wed, Jun 17, 2020 at 11:09:27AM +0530, P J P wrote:
>>>>> From: Prasad J Pandit <pjp@fedoraproject.org>
>>>>>
>>>>> Hello,
>>>>>
>>>>> This series adds various undefined MMIO read/write functions
>>>>> to avoid potential guest crash via a NULL pointer dereference.
>>>>
>>>> Hrm. If this is such a common problem, maybe we should just add a
>>>> NULL check in the common paths.
>>>
>>> +1, clearly the behavior is already expected. Thanks,
>>
>> 20 months ago Peter suggested:
>>
>> "assert that every MemoryRegionOps has pointers to callbacks
>> in it, when it is registered in memory_region_init_io() and
>> memory_region_init_rom_device_nomigrate()."
>>
>> https://www.mail-archive.com/qemu-devel@nongnu.org/msg573310.html
>>
>> Li Qiang refers to this post from Paolo:
>>
>>> static const MemoryRegionOps notdirty_mem_ops = {
>>> + .read = notdirty_mem_read,
>>> .write = notdirty_mem_write,
>>> .valid.accepts = notdirty_mem_accepts,
>>> .endianness = DEVICE_NATIVE_ENDIAN,
>>
>> "This cannot happen, since TLB_NOTDIRTY is only added
>> to the addr_write member (see accel/tcg/cputlb.c)."
>>
>> https://www.mail-archive.com/qemu-devel@nongnu.org/msg561345.html
>
> What about catching it in memory_region_dispatch_write:
>
> if (mr->ops->write) {
> return access_with_adjusted_size(addr, &data, size,
> mr->ops->impl.min_access_size,
> mr->ops->impl.max_access_size,
> memory_region_write_accessor, mr,
> attrs);
> } else if (mr->ops->write_with_attrs) {
> return
> access_with_adjusted_size(addr, &data, size,
> mr->ops->impl.min_access_size,
> mr->ops->impl.max_access_size,
> memory_region_write_with_attrs_accessor,
> mr, attrs);
> } else {
> qemu_log_mask(LOG_UNIMP|LOG_GUEST_ERROR, "%s: %s un-handled write\n",
> __func__, mr->name);
The problem is what return value to return...
MEMTX_OK/MEMTX_ERROR/MEMTX_DECODE_ERROR? This is very
device-specific and can't be decided here for all the
cases.
Better to abort() and fix each device?
> }
>
>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 0/6] Add various undefined MMIO r/w functions
2020-06-17 13:20 ` Philippe Mathieu-Daudé
2020-06-17 14:05 ` Alex Bennée
@ 2020-06-17 15:08 ` Paolo Bonzini
2020-06-17 17:57 ` P J P
1 sibling, 1 reply; 19+ messages in thread
From: Paolo Bonzini @ 2020-06-17 15:08 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, Alex Williamson, David Gibson
Cc: Peter Maydell, Prasad J Pandit, Li Qiang, Li Qiang,
QEMU Developers, P J P, Lei Sun, Hervé Poussineau,
Joel Stanley, Li Qiang
On 17/06/20 15:20, Philippe Mathieu-Daudé wrote:
> On 6/17/20 3:06 PM, Alex Williamson wrote:
>> On Wed, 17 Jun 2020 16:39:56 +1000
>> David Gibson <david@gibson.dropbear.id.au> wrote:
>>
>>> On Wed, Jun 17, 2020 at 11:09:27AM +0530, P J P wrote:
>>>> From: Prasad J Pandit <pjp@fedoraproject.org>
>>>>
>>>> Hello,
>>>>
>>>> This series adds various undefined MMIO read/write functions
>>>> to avoid potential guest crash via a NULL pointer dereference.
>>>
>>> Hrm. If this is such a common problem, maybe we should just add a
>>> NULL check in the common paths.
>>
>> +1, clearly the behavior is already expected. Thanks,
>
> 20 months ago Peter suggested:
>
> "assert that every MemoryRegionOps has pointers to callbacks
> in it, when it is registered in memory_region_init_io() and
> memory_region_init_rom_device_nomigrate()."
>
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg573310.html
>
> Li Qiang refers to this post from Paolo:
>
>> static const MemoryRegionOps notdirty_mem_ops = {
>> + .read = notdirty_mem_read,
>> .write = notdirty_mem_write,
>> .valid.accepts = notdirty_mem_accepts,
>> .endianness = DEVICE_NATIVE_ENDIAN,
>
> "This cannot happen, since TLB_NOTDIRTY is only added
> to the addr_write member (see accel/tcg/cputlb.c)."
I'm now okay with asserting it, as long as notdirty_mem_read abort()s.
Paolo
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH 0/6] Add various undefined MMIO r/w functions
2020-06-17 15:08 ` Paolo Bonzini
@ 2020-06-17 17:57 ` P J P
0 siblings, 0 replies; 19+ messages in thread
From: P J P @ 2020-06-17 17:57 UTC (permalink / raw)
To: Paolo Bonzini
Cc: Peter Maydell, Li Qiang, QEMU Developers, Lei Sun,
Alex Williamson, Hervé Poussineau, Joel Stanley,
Philippe Mathieu-Daudé,
David Gibson
[-- Attachment #1: Type: text/plain, Size: 1346 bytes --]
+-- On Wed, 17 Jun 2020, Paolo Bonzini wrote --+
| On 17/06/20 15:20, Philippe Mathieu-Daudé wrote:
| > On 6/17/20 3:06 PM, Alex Williamson wrote:
| >> On Wed, 17 Jun 2020 16:39:56 +1000
| >> David Gibson <david@gibson.dropbear.id.au> wrote:
| >>> Hrm. If this is such a common problem, maybe we should just add a NULL
| >>> check in the common paths.
| >>
| >> +1, clearly the behavior is already expected. Thanks,
| >
| > 20 months ago Peter suggested:
| >
| > "assert that every MemoryRegionOps has pointers to callbacks
| > in it, when it is registered in memory_region_init_io() and
| > memory_region_init_rom_device_nomigrate()."
| >
| > https://www.mail-archive.com/qemu-devel@nongnu.org/msg573310.html
| >
| > Li Qiang refers to this post from Paolo:
| >
| >> static const MemoryRegionOps notdirty_mem_ops = {
| >> + .read = notdirty_mem_read,
| >> .write = notdirty_mem_write,
| >> .valid.accepts = notdirty_mem_accepts,
| >> .endianness = DEVICE_NATIVE_ENDIAN,
| >
| > "This cannot happen, since TLB_NOTDIRTY is only added
| > to the addr_write member (see accel/tcg/cputlb.c)."
|
| I'm now okay with asserting it, as long as notdirty_mem_read abort()s.
Okay, I'm preparing a revised patch.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
^ permalink raw reply [flat|nested] 19+ messages in thread
end of thread, other threads:[~2020-06-17 17:58 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-17 5:39 [PATCH 0/6] Add various undefined MMIO r/w functions P J P
2020-06-17 5:39 ` [PATCH 1/6] hw/pci-host: add pci-intack write method P J P
2020-06-17 5:39 ` [PATCH 2/6] pci-host: add pcie-msi read method P J P
2020-06-17 5:39 ` [PATCH 3/6] vfio: add quirk device write method P J P
2020-06-17 7:33 ` Philippe Mathieu-Daudé
2020-06-17 5:39 ` [PATCH 4/6] prep: add ppc-parity " P J P
2020-06-17 7:47 ` Philippe Mathieu-Daudé
2020-06-17 5:39 ` [PATCH 5/6] nvram: add nrf51_soc flash read method P J P
2020-06-17 7:42 ` Philippe Mathieu-Daudé
2020-06-17 5:39 ` [PATCH 6/6] spapr_pci: add spapr msi " P J P
2020-06-17 7:45 ` Philippe Mathieu-Daudé
2020-06-17 6:07 ` [PATCH 0/6] Add various undefined MMIO r/w functions no-reply
2020-06-17 6:39 ` David Gibson
2020-06-17 13:06 ` Alex Williamson
2020-06-17 13:20 ` Philippe Mathieu-Daudé
2020-06-17 14:05 ` Alex Bennée
2020-06-17 14:42 ` Philippe Mathieu-Daudé
2020-06-17 15:08 ` Paolo Bonzini
2020-06-17 17:57 ` P J P
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).