From: Kevin Wolf <kwolf@redhat.com>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com, lichun@ruijie.com.cn, dgilbert@redhat.com,
armbru@redhat.com
Subject: [PATCH for-5.2 3/3] hmp: Pass monitor to mon_get_cpu_env()
Date: Fri, 13 Nov 2020 12:43:26 +0100 [thread overview]
Message-ID: <20201113114326.97663-4-kwolf@redhat.com> (raw)
In-Reply-To: <20201113114326.97663-1-kwolf@redhat.com>
mon_get_cpu_env() is indirectly called monitor_parse_arguments() where
the current monitor isn't set yet. Instead of using monitor_cur_env(),
explicitly pass the Monitor pointer to the function.
Without this fix, an HMP command like "x $pc" crashes like this:
#0 0x0000555555caa01f in mon_get_cpu_sync (mon=0x0, synchronize=true) at ../monitor/misc.c:270
#1 0x0000555555caa141 in mon_get_cpu (mon=0x0) at ../monitor/misc.c:294
#2 0x0000555555caa158 in mon_get_cpu_env () at ../monitor/misc.c:299
#3 0x0000555555b19739 in monitor_get_pc (mon=0x555556ad2de0, md=0x5555565d2d40 <monitor_defs+1152>, val=0) at ../target/i386/monitor.c:607
#4 0x0000555555cadbec in get_monitor_def (mon=0x555556ad2de0, pval=0x7fffffffc208, name=0x7fffffffc220 "pc") at ../monitor/misc.c:1681
#5 0x000055555582ec4f in expr_unary (mon=0x555556ad2de0) at ../monitor/hmp.c:387
#6 0x000055555582edbb in expr_prod (mon=0x555556ad2de0) at ../monitor/hmp.c:421
#7 0x000055555582ee79 in expr_logic (mon=0x555556ad2de0) at ../monitor/hmp.c:455
#8 0x000055555582eefe in expr_sum (mon=0x555556ad2de0) at ../monitor/hmp.c:484
#9 0x000055555582efe8 in get_expr (mon=0x555556ad2de0, pval=0x7fffffffc418, pp=0x7fffffffc408) at ../monitor/hmp.c:511
#10 0x000055555582fcd4 in monitor_parse_arguments (mon=0x555556ad2de0, endp=0x7fffffffc890, cmd=0x555556675b50 <hmp_cmds+7920>) at ../monitor/hmp.c:876
#11 0x00005555558306a8 in handle_hmp_command (mon=0x555556ad2de0, cmdline=0x555556ada452 "$pc") at ../monitor/hmp.c:1087
#12 0x000055555582df14 in monitor_command_cb (opaque=0x555556ad2de0, cmdline=0x555556ada450 "x $pc", readline_opaque=0x0) at ../monitor/hmp.c:47
After this fix, nothing is left in monitor_parse_arguments() that can
indirectly call monitor_cur(), so the fix is complete.
Fixes: ff04108a0e36e822519c517bd3bddbc1c7747c18
Reported-by: lichun <lichun@ruijie.com.cn>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
include/monitor/hmp-target.h | 2 +-
monitor/misc.c | 6 +++---
target/i386/monitor.c | 6 +++---
target/m68k/monitor.c | 2 +-
target/nios2/monitor.c | 2 +-
target/ppc/monitor.c | 10 +++++-----
target/riscv/monitor.c | 2 +-
target/sh4/monitor.c | 2 +-
target/sparc/monitor.c | 6 +++---
target/xtensa/monitor.c | 2 +-
10 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/include/monitor/hmp-target.h b/include/monitor/hmp-target.h
index 385fb18664..60fc92722a 100644
--- a/include/monitor/hmp-target.h
+++ b/include/monitor/hmp-target.h
@@ -41,7 +41,7 @@ struct MonitorDef {
const MonitorDef *target_monitor_defs(void);
int target_get_monitor_def(CPUState *cs, const char *name, uint64_t *pval);
-CPUArchState *mon_get_cpu_env(void);
+CPUArchState *mon_get_cpu_env(Monitor *mon);
CPUState *mon_get_cpu(Monitor *mon);
void hmp_info_mem(Monitor *mon, const QDict *qdict);
diff --git a/monitor/misc.c b/monitor/misc.c
index f566e28174..398211a034 100644
--- a/monitor/misc.c
+++ b/monitor/misc.c
@@ -294,9 +294,9 @@ CPUState *mon_get_cpu(Monitor *mon)
return mon_get_cpu_sync(mon, true);
}
-CPUArchState *mon_get_cpu_env(void)
+CPUArchState *mon_get_cpu_env(Monitor *mon)
{
- CPUState *cs = mon_get_cpu(monitor_cur());
+ CPUState *cs = mon_get_cpu(mon);
return cs ? cs->env_ptr : NULL;
}
@@ -1680,7 +1680,7 @@ int get_monitor_def(Monitor *mon, int64_t *pval, const char *name)
if (md->get_value) {
*pval = md->get_value(mon, md, md->offset);
} else {
- CPUArchState *env = mon_get_cpu_env();
+ CPUArchState *env = mon_get_cpu_env(mon);
ptr = (uint8_t *)env + md->offset;
switch(md->type) {
case MD_I32:
diff --git a/target/i386/monitor.c b/target/i386/monitor.c
index fed4606aeb..9f9e1c42f4 100644
--- a/target/i386/monitor.c
+++ b/target/i386/monitor.c
@@ -222,7 +222,7 @@ void hmp_info_tlb(Monitor *mon, const QDict *qdict)
{
CPUArchState *env;
- env = mon_get_cpu_env();
+ env = mon_get_cpu_env(mon);
if (!env) {
monitor_printf(mon, "No CPU available\n");
return;
@@ -550,7 +550,7 @@ void hmp_info_mem(Monitor *mon, const QDict *qdict)
{
CPUArchState *env;
- env = mon_get_cpu_env();
+ env = mon_get_cpu_env(mon);
if (!env) {
monitor_printf(mon, "No CPU available\n");
return;
@@ -604,7 +604,7 @@ void hmp_mce(Monitor *mon, const QDict *qdict)
static target_long monitor_get_pc(Monitor *mon, const struct MonitorDef *md,
int val)
{
- CPUArchState *env = mon_get_cpu_env();
+ CPUArchState *env = mon_get_cpu_env(mon);
return env->eip + env->segs[R_CS].base;
}
diff --git a/target/m68k/monitor.c b/target/m68k/monitor.c
index 2055fe8a00..2bdf6acae0 100644
--- a/target/m68k/monitor.c
+++ b/target/m68k/monitor.c
@@ -12,7 +12,7 @@
void hmp_info_tlb(Monitor *mon, const QDict *qdict)
{
- CPUArchState *env1 = mon_get_cpu_env();
+ CPUArchState *env1 = mon_get_cpu_env(mon);
if (!env1) {
monitor_printf(mon, "No CPU available\n");
diff --git a/target/nios2/monitor.c b/target/nios2/monitor.c
index 6646836df5..0152dec3fa 100644
--- a/target/nios2/monitor.c
+++ b/target/nios2/monitor.c
@@ -29,7 +29,7 @@
void hmp_info_tlb(Monitor *mon, const QDict *qdict)
{
- CPUArchState *env1 = mon_get_cpu_env();
+ CPUArchState *env1 = mon_get_cpu_env(mon);
dump_mmu(env1);
}
diff --git a/target/ppc/monitor.c b/target/ppc/monitor.c
index 9c0fc2b8c3..a475108b2d 100644
--- a/target/ppc/monitor.c
+++ b/target/ppc/monitor.c
@@ -32,7 +32,7 @@
static target_long monitor_get_ccr(Monitor *mon, const struct MonitorDef *md,
int val)
{
- CPUArchState *env = mon_get_cpu_env();
+ CPUArchState *env = mon_get_cpu_env(mon);
unsigned int u;
int i;
@@ -47,27 +47,27 @@ static target_long monitor_get_ccr(Monitor *mon, const struct MonitorDef *md,
static target_long monitor_get_decr(Monitor *mon, const struct MonitorDef *md,
int val)
{
- CPUArchState *env = mon_get_cpu_env();
+ CPUArchState *env = mon_get_cpu_env(mon);
return cpu_ppc_load_decr(env);
}
static target_long monitor_get_tbu(Monitor *mon, const struct MonitorDef *md,
int val)
{
- CPUArchState *env = mon_get_cpu_env();
+ CPUArchState *env = mon_get_cpu_env(mon);
return cpu_ppc_load_tbu(env);
}
static target_long monitor_get_tbl(Monitor *mon, const struct MonitorDef *md,
int val)
{
- CPUArchState *env = mon_get_cpu_env();
+ CPUArchState *env = mon_get_cpu_env(mon);
return cpu_ppc_load_tbl(env);
}
void hmp_info_tlb(Monitor *mon, const QDict *qdict)
{
- CPUArchState *env1 = mon_get_cpu_env();
+ CPUArchState *env1 = mon_get_cpu_env(mon);
if (!env1) {
monitor_printf(mon, "No CPU available\n");
diff --git a/target/riscv/monitor.c b/target/riscv/monitor.c
index b569f08387..e51188f919 100644
--- a/target/riscv/monitor.c
+++ b/target/riscv/monitor.c
@@ -204,7 +204,7 @@ void hmp_info_mem(Monitor *mon, const QDict *qdict)
{
CPUArchState *env;
- env = mon_get_cpu_env();
+ env = mon_get_cpu_env(mon);
if (!env) {
monitor_printf(mon, "No CPU available\n");
return;
diff --git a/target/sh4/monitor.c b/target/sh4/monitor.c
index 918a5ccfc6..2da6a5426e 100644
--- a/target/sh4/monitor.c
+++ b/target/sh4/monitor.c
@@ -41,7 +41,7 @@ static void print_tlb(Monitor *mon, int idx, tlb_t *tlb)
void hmp_info_tlb(Monitor *mon, const QDict *qdict)
{
- CPUArchState *env = mon_get_cpu_env();
+ CPUArchState *env = mon_get_cpu_env(mon);
int i;
if (!env) {
diff --git a/target/sparc/monitor.c b/target/sparc/monitor.c
index bf979d6520..318413686a 100644
--- a/target/sparc/monitor.c
+++ b/target/sparc/monitor.c
@@ -30,7 +30,7 @@
void hmp_info_tlb(Monitor *mon, const QDict *qdict)
{
- CPUArchState *env1 = mon_get_cpu_env();
+ CPUArchState *env1 = mon_get_cpu_env(mon);
if (!env1) {
monitor_printf(mon, "No CPU available\n");
@@ -43,7 +43,7 @@ void hmp_info_tlb(Monitor *mon, const QDict *qdict)
static target_long monitor_get_psr(Monitor *mon, const struct MonitorDef *md,
int val)
{
- CPUArchState *env = mon_get_cpu_env();
+ CPUArchState *env = mon_get_cpu_env(mon);
return cpu_get_psr(env);
}
@@ -52,7 +52,7 @@ static target_long monitor_get_psr(Monitor *mon, const struct MonitorDef *md,
static target_long monitor_get_reg(Monitor *mon, const struct MonitorDef *md,
int val)
{
- CPUArchState *env = mon_get_cpu_env();
+ CPUArchState *env = mon_get_cpu_env(mon);
return env->regwptr[val];
}
diff --git a/target/xtensa/monitor.c b/target/xtensa/monitor.c
index 608173c238..fbf60d5553 100644
--- a/target/xtensa/monitor.c
+++ b/target/xtensa/monitor.c
@@ -29,7 +29,7 @@
void hmp_info_tlb(Monitor *mon, const QDict *qdict)
{
- CPUArchState *env1 = mon_get_cpu_env();
+ CPUArchState *env1 = mon_get_cpu_env(mon);
if (!env1) {
monitor_printf(mon, "No CPU available\n");
--
2.28.0
next prev parent reply other threads:[~2020-11-13 11:47 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-13 11:43 [PATCH for-5.2 0/3] hmp: Fix arg evaluation crash (regression) Kevin Wolf
2020-11-13 11:43 ` [PATCH for-5.2 1/3] hmp: Pass monitor to mon_get_cpu() Kevin Wolf
2020-11-13 11:43 ` [PATCH for-5.2 2/3] hmp: Pass monitor to MonitorDef.get_value() Kevin Wolf
2020-11-13 11:43 ` Kevin Wolf [this message]
2020-11-13 12:13 ` [PATCH for-5.2 0/3] hmp: Fix arg evaluation crash (regression) Dr. David Alan Gilbert
2020-11-13 12:43 ` Kevin Wolf
2020-11-13 12:44 ` Dr. David Alan Gilbert
2020-11-13 12:46 ` Dr. David Alan Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201113114326.97663-4-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=armbru@redhat.com \
--cc=dgilbert@redhat.com \
--cc=lichun@ruijie.com.cn \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.