From patchwork Tue Apr 14 13:30:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 284380 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63836C2BA19 for ; Tue, 14 Apr 2020 16:51:15 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 28BD9206E9 for ; Tue, 14 Apr 2020 16:51:15 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="HzO8STMD" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 28BD9206E9 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:34942 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOOmI-0006PA-6p for qemu-devel@archiver.kernel.org; Tue, 14 Apr 2020 12:51:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57590) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOOdZ-0000wF-N1 for qemu-devel@nongnu.org; Tue, 14 Apr 2020 12:42:14 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jOOdY-0006Mo-A0 for qemu-devel@nongnu.org; Tue, 14 Apr 2020 12:42:13 -0400 Received: from us-smtp-1.mimecast.com ([207.211.31.81]:23900 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jOLec-0008CQ-Im for qemu-devel@nongnu.org; Tue, 14 Apr 2020 09:31:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1586871066; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=42lVAfyseGz1VGufIzij+GuSVkOjvcpSK4kWq6V6gmk=; b=HzO8STMDDgZl5dL2Y9vXGJvm/TKx/4/4TO97T/alIxOK00ACgBuNHKJub7/T6sGouLPqEP TxT7h1cJdTZyxmAI2+8fLtqwCds+qSAjIm5JBTEynbB1OVidlwUKxNDrPPOfq2WYFGpu/O pPoxn0+AVNAuXnAPro6Z9wytXk9bY6Q= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-333-8hi55XSEM5WwVFPGRdm9Nw-1; Tue, 14 Apr 2020 09:31:02 -0400 X-MC-Unique: 8hi55XSEM5WwVFPGRdm9Nw-1 Received: by mail-wr1-f72.google.com with SMTP id m5so5560435wru.15 for ; Tue, 14 Apr 2020 06:31:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kGKRmnKwmRxlOxdVqgxjmKtx9Q2hpJOt1NAPPmcNK0Y=; b=ikeU5bX9d8W19zyu85KnMn4Mx0PIIIq0HdRZ/qY3lYAabXGsJJknR/uZ+RsXd/1knY AxYvcloxgA8u9kM0kotDQ/nAQG0G19w2GRb7mw50YUvo2aNBlOp7QgMt7KA3mOvJdcg8 ouhDBs8pKfTH5d3UkZTjg6+uwhPeIxxO/GF28vSgDzDpxqkOhmC3yZf1OdFQUYzr6vN1 CW2qnu7v9KyLJmn3x291Fog1ptwnQfa7oLMcyAURitg6jq08wQRTrgDOiJDhwUlOuvvp AOxfQHK0rJid3VUsGtrMepoZYJWLIFpWNZ74B/oE9vbFalmF+xMWkFXjzqw7rg3T6slJ mGBg== X-Gm-Message-State: AGi0PubfwuUNQCAj5bnz/QcenVYL2CdDPyBo5m3a9aGTrUPH1gKhdbAd 1N/iJ2DR2qA/gBAwUdSwNG/EWmt6HHmI0KN6u2ht9wsxK17INGcNrHf3wqiBrL1H+voOr/uJ5Go upsEdV1BfGb6M7n8= X-Received: by 2002:a1c:ed1a:: with SMTP id l26mr23523422wmh.175.1586871060655; Tue, 14 Apr 2020 06:31:00 -0700 (PDT) X-Google-Smtp-Source: APiQypLviEloVTS1cRcyC6vYEbzQ4KMafGY7ljn+PIpkM/EA0pUQsfi5Ks+nCt7hSSsjIbmhL666ZQ== X-Received: by 2002:a1c:ed1a:: with SMTP id l26mr23523395wmh.175.1586871060392; Tue, 14 Apr 2020 06:31:00 -0700 (PDT) Received: from x1w.redhat.com (116.red-83-42-57.dynamicip.rima-tde.net. [83.42.57.116]) by smtp.gmail.com with ESMTPSA id q8sm18307453wmg.22.2020.04.14.06.30.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Apr 2020 06:30:59 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH-for-5.0 01/12] Revert "prevent crash when executing guest-file-read with large count" Date: Tue, 14 Apr 2020 15:30:41 +0200 Message-Id: <20200414133052.13712-2-philmd@redhat.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200414133052.13712-1-philmd@redhat.com> References: <20200414133052.13712-1-philmd@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 207.211.31.81 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Peter Maydell , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , qemu-block@nongnu.org, "Michael S. Tsirkin" , Michael Roth , Fabien Chouteau , Max Filippov , KONRAD Frederic , qemu-arm@nongnu.org, qemu-ppc@nongnu.org, Gerd Hoffmann , =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , Stafford Horne , Max Reitz , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Aurelien Jarno Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" As noted by Daniel Berrangé in [*], the fix from commit 807e2b6fce which replaced malloc() by try_malloc() is not enough, the process can still run out of memory a few line later: 346 buf = g_try_malloc0(count + 1); 347 if (!buf) { 348 error_setg(errp, 349 "failed to allocate sufficient memory " 350 "to complete the requested service"); 351 return NULL; 352 } 353 is_ok = ReadFile(fh, buf, count, &read_count, NULL); 354 if (!is_ok) { 355 error_setg_win32(errp, GetLastError(), "failed to read file"); 356 slog("guest-file-read failed, handle %" PRId64, handle); 357 } else { 358 buf[read_count] = 0; 359 read_data = g_new0(GuestFileRead, 1); ^^^^^^ Instead we are going to put a low hard limit on 'count' in the next commits. This reverts commit 807e2b6fce022707418bc8f61c069d91c613b3d2. [*] https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03471.html Suggested-by: Daniel P. Berrangé Signed-off-by: Philippe Mathieu-Daudé --- qga/commands-win32.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/qga/commands-win32.c b/qga/commands-win32.c index b49920e201..46cea7d1d9 100644 --- a/qga/commands-win32.c +++ b/qga/commands-win32.c @@ -343,13 +343,7 @@ GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count, } fh = gfh->fh; - buf = g_try_malloc0(count + 1); - if (!buf) { - error_setg(errp, - "failed to allocate sufficient memory " - "to complete the requested service"); - return NULL; - } + buf = g_malloc0(count + 1); is_ok = ReadFile(fh, buf, count, &read_count, NULL); if (!is_ok) { error_setg_win32(errp, GetLastError(), "failed to read file"); From patchwork Tue Apr 14 13:30:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 284373 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57BEAC2BA19 for ; Tue, 14 Apr 2020 17:25:26 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 218A2206A2 for ; Tue, 14 Apr 2020 17:25:26 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="D+z8zGhI" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 218A2206A2 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:36054 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOPJN-0001dk-8s for qemu-devel@archiver.kernel.org; Tue, 14 Apr 2020 13:25:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42781) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOP1e-0008FZ-JF for qemu-devel@nongnu.org; Tue, 14 Apr 2020 13:07:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jOP1d-00076A-91 for qemu-devel@nongnu.org; Tue, 14 Apr 2020 13:07:06 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:49145 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jOLej-0008ED-Qk for qemu-devel@nongnu.org; Tue, 14 Apr 2020 09:31:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1586871073; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fu0f7k/a61zvNy9hTYFT7tcEyV8paFWKyShaFKjjtn0=; b=D+z8zGhIrmamczMqNdV/rE21HF4Y0sok3V6GrenWazy7hsU3m92aqUM50up6ou9pVFOP0x 7i7dEvur8rn0XpYvRP7UVFOl28EfXDBmjADzPZnXY/Guj7kpm/LKo1U3R4Lreg+c1YdyTp XWhqlGy/YHcOIH1NVgnqnYuLDCDqwvk= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-407-f6PJAjffOq-Itmu9i8do_Q-1; Tue, 14 Apr 2020 09:31:12 -0400 X-MC-Unique: f6PJAjffOq-Itmu9i8do_Q-1 Received: by mail-wr1-f69.google.com with SMTP id q10so2142193wrv.10 for ; Tue, 14 Apr 2020 06:31:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=eFub0oIWRGuMfBgpHGkeKThVa6ZfWPB3Vt4l4sK5QOw=; b=mfT7AEsB9x/MRUAo/w1tttsi6Jmuv/8+nKrjlhuMmc0bi8vWie6eLYur5QTVbpvERy haiCsaKuwg7eXMU6PlVxDfllWLsyfZyCtf4lXox7qQVMqZSuizhnND8IS32d6Dfkrfz3 tsQWfly+fiaiF+8yxNBdI7KBBAz9uIPBsGqZLIEUHhw/tqoH6eJqaMtsVm2pw+OLqzcK 7AlndTpDqZAOLTSAdSAV+xmrSgCQzQ+fr4azfz2sQYiXLh908aWhcLWW8OV+kNmRFxEj DvxrG8yfqfzib8mT/38O2jGyqBPpaBuUlUp8EkyPuulV3HFeo1VKwIJFqM0ofCIwqY91 qVwg== X-Gm-Message-State: AGi0PuYCcZCmQN6W3yZdcLMgDamo1eXk4RMErXcag21PuKSCzFgTjWi1 MElk6f/F9HfLqoZm6W+psbF6MfdGLCyWCUv/oUWrXk76isK0Bp3JfWmaHbFmixXJbXkk8/xcegB r/87wT37kgG8o+b4= X-Received: by 2002:a05:600c:2645:: with SMTP id 5mr23428262wmy.168.1586871070896; Tue, 14 Apr 2020 06:31:10 -0700 (PDT) X-Google-Smtp-Source: APiQypJUj1wcW67mAnc4eU4lfYsdaLbjNF0Qypi6FeeefagAzYyw4C2DE9SKNXLI4ZaMY1tuRtaf6A== X-Received: by 2002:a05:600c:2645:: with SMTP id 5mr23428234wmy.168.1586871070661; Tue, 14 Apr 2020 06:31:10 -0700 (PDT) Received: from x1w.redhat.com (116.red-83-42-57.dynamicip.rima-tde.net. [83.42.57.116]) by smtp.gmail.com with ESMTPSA id g186sm19354552wme.7.2020.04.14.06.31.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Apr 2020 06:31:10 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH-for-5.0 03/12] qga: Extract qmp_guest_file_read() to common commands.c Date: Tue, 14 Apr 2020 15:30:43 +0200 Message-Id: <20200414133052.13712-4-philmd@redhat.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200414133052.13712-1-philmd@redhat.com> References: <20200414133052.13712-1-philmd@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 207.211.31.120 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Peter Maydell , qemu-block@nongnu.org, "Michael S. Tsirkin" , Michael Roth , Fabien Chouteau , Max Filippov , KONRAD Frederic , qemu-arm@nongnu.org, qemu-ppc@nongnu.org, Gerd Hoffmann , =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , Stafford Horne , Max Reitz , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Aurelien Jarno Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Extract the common code shared by both POSIX/Win32 implementations. Signed-off-by: Philippe Mathieu-Daudé --- qga/commands-common.h | 3 +++ qga/commands-posix.c | 22 +++------------------- qga/commands-win32.c | 20 +++----------------- qga/commands.c | 26 ++++++++++++++++++++++++++ 4 files changed, 35 insertions(+), 36 deletions(-) diff --git a/qga/commands-common.h b/qga/commands-common.h index af90e5481e..90785ed4bb 100644 --- a/qga/commands-common.h +++ b/qga/commands-common.h @@ -15,4 +15,7 @@ typedef struct GuestFileHandle GuestFileHandle; GuestFileHandle *guest_file_handle_find(int64_t id, Error **errp); +GuestFileRead *guest_file_read_unsafe(GuestFileHandle *gfh, + int64_t count, Error **errp); + #endif diff --git a/qga/commands-posix.c b/qga/commands-posix.c index c59c32185c..a52af0315f 100644 --- a/qga/commands-posix.c +++ b/qga/commands-posix.c @@ -461,29 +461,14 @@ void qmp_guest_file_close(int64_t handle, Error **errp) g_free(gfh); } -struct GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count, - int64_t count, Error **errp) +GuestFileRead *guest_file_read_unsafe(GuestFileHandle *gfh, + int64_t count, Error **errp) { - GuestFileHandle *gfh = guest_file_handle_find(handle, errp); GuestFileRead *read_data = NULL; guchar *buf; - FILE *fh; + FILE *fh = gfh->fh; size_t read_count; - if (!gfh) { - return NULL; - } - - if (!has_count) { - count = QGA_READ_COUNT_DEFAULT; - } else if (count < 0 || count >= UINT32_MAX) { - error_setg(errp, "value '%" PRId64 "' is invalid for argument count", - count); - return NULL; - } - - fh = gfh->fh; - /* explicitly flush when switching from writing to reading */ if (gfh->state == RW_STATE_WRITING) { int ret = fflush(fh); @@ -498,7 +483,6 @@ struct GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count, read_count = fread(buf, 1, count, fh); if (ferror(fh)) { error_setg_errno(errp, errno, "failed to read file"); - slog("guest-file-read failed, handle: %" PRId64, handle); } else { buf[read_count] = 0; read_data = g_new0(GuestFileRead, 1); diff --git a/qga/commands-win32.c b/qga/commands-win32.c index cfaf6b84b8..9717a8d52d 100644 --- a/qga/commands-win32.c +++ b/qga/commands-win32.c @@ -322,33 +322,19 @@ void qmp_guest_shutdown(bool has_mode, const char *mode, Error **errp) } } -GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count, - int64_t count, Error **errp) +GuestFileRead *guest_file_read_unsafe(GuestFileHandle *gfh, + int64_t count, Error **errp) { GuestFileRead *read_data = NULL; guchar *buf; - HANDLE fh; + HANDLE fh = gfh->fh; bool is_ok; DWORD read_count; - GuestFileHandle *gfh = guest_file_handle_find(handle, errp); - if (!gfh) { - return NULL; - } - if (!has_count) { - count = QGA_READ_COUNT_DEFAULT; - } else if (count < 0 || count >= UINT32_MAX) { - error_setg(errp, "value '%" PRId64 - "' is invalid for argument count", count); - return NULL; - } - - fh = gfh->fh; buf = g_malloc0(count + 1); is_ok = ReadFile(fh, buf, count, &read_count, NULL); if (!is_ok) { error_setg_win32(errp, GetLastError(), "failed to read file"); - slog("guest-file-read failed, handle %" PRId64, handle); } else { buf[read_count] = 0; read_data = g_new0(GuestFileRead, 1); diff --git a/qga/commands.c b/qga/commands.c index 4471a9f08d..5611117372 100644 --- a/qga/commands.c +++ b/qga/commands.c @@ -18,6 +18,7 @@ #include "qemu/base64.h" #include "qemu/cutils.h" #include "qemu/atomic.h" +#include "commands-common.h" /* Maximum captured guest-exec out_data/err_data - 16MB */ #define GUEST_EXEC_MAX_OUTPUT (16*1024*1024) @@ -547,3 +548,28 @@ error: g_free(info); return NULL; } + +GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count, + int64_t count, Error **errp) +{ + GuestFileHandle *gfh = guest_file_handle_find(handle, errp); + GuestFileRead *read_data; + + if (!gfh) { + return NULL; + } + if (!has_count) { + count = QGA_READ_COUNT_DEFAULT; + } else if (count < 0 || count >= UINT32_MAX) { + error_setg(errp, "value '%" PRId64 "' is invalid for argument count", + count); + return NULL; + } + + read_data = guest_file_read_unsafe(gfh, count, errp); + if (!read_data) { + slog("guest-file-write failed, handle: %" PRId64, handle); + } + + return read_data; +} From patchwork Tue Apr 14 13:30:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 284394 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0972DC2BA19 for ; Tue, 14 Apr 2020 16:26:10 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C6E2E2075E for ; Tue, 14 Apr 2020 16:26:09 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Qmeltb+p" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C6E2E2075E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:33884 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOOO0-0004ZZ-Sf for qemu-devel@archiver.kernel.org; Tue, 14 Apr 2020 12:26:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51407) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOON7-0003rh-EX for qemu-devel@nongnu.org; Tue, 14 Apr 2020 12:25:19 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jOON1-0006iF-8b for qemu-devel@nongnu.org; Tue, 14 Apr 2020 12:25:13 -0400 Received: from us-smtp-1.mimecast.com ([207.211.31.81]:36205 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jOLeq-0008Ff-Dm for qemu-devel@nongnu.org; Tue, 14 Apr 2020 09:31:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1586871080; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Y/rgFY7WNEMopOTmHlFa39Xjz5jZHofpKGPcxFb/Lr8=; b=Qmeltb+pv+hSwqGqUeblQePyK/3g6YyiuxOOH7hGw/bOlF09gqpZhM7lpSEOnTtDYbkLWR irXG/MLGKX9CakEN7eVhc2GLqNuD/xZq43DlAy4qAY1rXazK3xwywCvBdckASrY+3wBJYC HG9KRdK4ejWbwoScXmbloBcUL4otm04= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-121-kBqa8BUDMSKoST0di2BHZw-1; Tue, 14 Apr 2020 09:31:17 -0400 X-MC-Unique: kBqa8BUDMSKoST0di2BHZw-1 Received: by mail-wr1-f69.google.com with SMTP id y1so8684609wrp.5 for ; Tue, 14 Apr 2020 06:31:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=aBqRmHSNFWw2QuttdTKpWx4Ao+NBp9FCppR6Q9xcm8c=; b=sJqvrGQENkwAg2Eaz/fev5S3ZLBMUXeer5fwwbTdX/RiY2EpwXyAgisC1KHzr7EljK 8K908bA67tBh4bmj9E9hWi8wAdsBXjZYx70zRVqCsznLCbKh8y8EgPvHVMjh0uCMolWo d4v33iudgzoPZlMsvI+3Pqhsynr0158IVz4Sbk1QztOw632lUD/CfE0nvk9yb9L4aBOW OKRHaGSUuH/tUS+x6e69jZjJam3EUgjM82L4B8H94zRUGTQ/wLletLSHEBRGLCOLOvI6 OE+6SL9PnXL61wh2eDRrn85K+HvIOp1XE7A0X+cTvi3ZqeTbPikd/uv6JUkInBv21tOM Ftpg== X-Gm-Message-State: AGi0PuY9NHY+gJ/4C/0vM+0eXmKSd+Rj1T/oZWTnv3gmcoNKQggHhurB 6pd/OVtw7eZucGjbQ9H12o8eJYzF70Vk/+mK/iRHoLfIIV4PLx8mVjxJt1T47yQW2dPxwF7gyLr 1oxDEB9ycEJdTUY8= X-Received: by 2002:adf:fe41:: with SMTP id m1mr23553728wrs.52.1586871075983; Tue, 14 Apr 2020 06:31:15 -0700 (PDT) X-Google-Smtp-Source: APiQypIpehqpNEU6kwMReFPq4nrfgvGDWucnK9DKLGum5HcpqgVW1nq5J7UsN36PVSBkRAQUC1G70Q== X-Received: by 2002:adf:fe41:: with SMTP id m1mr23553695wrs.52.1586871075712; Tue, 14 Apr 2020 06:31:15 -0700 (PDT) Received: from x1w.redhat.com (116.red-83-42-57.dynamicip.rima-tde.net. [83.42.57.116]) by smtp.gmail.com with ESMTPSA id n124sm19188823wma.11.2020.04.14.06.31.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Apr 2020 06:31:15 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH-for-5.0 04/12] qga: Restrict guest-file-read count to 48 MB to avoid crashes Date: Tue, 14 Apr 2020 15:30:44 +0200 Message-Id: <20200414133052.13712-5-philmd@redhat.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200414133052.13712-1-philmd@redhat.com> References: <20200414133052.13712-1-philmd@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 207.211.31.81 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Peter Maydell , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , qemu-block@nongnu.org, "Michael S. Tsirkin" , Fakhri Zulkifli , Michael Roth , Fabien Chouteau , Max Filippov , KONRAD Frederic , qemu-arm@nongnu.org, qemu-ppc@nongnu.org, Gerd Hoffmann , =?utf-8?q?Mar?= =?utf-8?q?c-Andr=C3=A9_Lureau?= , Stafford Horne , Max Reitz , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Aurelien Jarno Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" On [*] Daniel Berrangé commented: The QEMU guest agent protocol is not sensible way to access huge files inside the guest. It requires the inefficient process of reading the entire data into memory than duplicating it again in base64 format, and then copying it again in the JSON serializer / monitor code. For arbitrary general purpose file access, especially for large files, use a real file transfer program or use a network block device, not the QEMU guest agent. To avoid bug reports as BZ#1594054 (CVE-2018-12617), follow his suggestion to put a low, hard limit on "count" in the guest agent QAPI schema, and don't allow count to be larger than 48 MB. [*] https://www.mail-archive.com/qemu-devel@nongnu.org/msg693176.html Fixes: CVE-2018-12617 Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1594054 Reported-by: Fakhri Zulkifli Suggested-by: Daniel P. Berrangé Signed-off-by: Philippe Mathieu-Daudé --- qga/qapi-schema.json | 6 ++++-- qga/commands.c | 9 ++++++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json index f6fcb59f34..7758d9daf8 100644 --- a/qga/qapi-schema.json +++ b/qga/qapi-schema.json @@ -266,11 +266,13 @@ ## # @guest-file-read: # -# Read from an open file in the guest. Data will be base64-encoded +# Read from an open file in the guest. Data will be base64-encoded. +# As this command is just for limited, ad-hoc debugging, such as log +# file access, the number of bytes to read is limited to 10 MB. # # @handle: filehandle returned by guest-file-open # -# @count: maximum number of bytes to read (default is 4KB) +# @count: maximum number of bytes to read (default is 4KB, maximum is 10MB) # # Returns: @GuestFileRead on success. # diff --git a/qga/commands.c b/qga/commands.c index 5611117372..efc8b90281 100644 --- a/qga/commands.c +++ b/qga/commands.c @@ -11,6 +11,7 @@ */ #include "qemu/osdep.h" +#include "qemu/units.h" #include "guest-agent-core.h" #include "qga-qapi-commands.h" #include "qapi/error.h" @@ -24,6 +25,12 @@ #define GUEST_EXEC_MAX_OUTPUT (16*1024*1024) /* Allocation and I/O buffer for reading guest-exec out_data/err_data - 4KB */ #define GUEST_EXEC_IO_SIZE (4*1024) +/* + * Maximum file size to read - 48MB + * + * (48MB + Base64 3:4 overhead = JSON parser 64 MB limit) + */ +#define GUEST_FILE_READ_COUNT_MAX (48 * MiB) /* Note: in some situations, like with the fsfreeze, logging may be * temporarilly disabled. if it is necessary that a command be able @@ -560,7 +567,7 @@ GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count, } if (!has_count) { count = QGA_READ_COUNT_DEFAULT; - } else if (count < 0 || count >= UINT32_MAX) { + } else if (count < 0 || count > GUEST_FILE_READ_COUNT_MAX) { error_setg(errp, "value '%" PRId64 "' is invalid for argument count", count); return NULL; From patchwork Tue Apr 14 13:30:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 284376 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A8553C2BA19 for ; Tue, 14 Apr 2020 17:00:51 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7156120678 for ; Tue, 14 Apr 2020 17:00:51 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="OlBgHsdw" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7156120678 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:35348 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOOva-0005uJ-Fc for qemu-devel@archiver.kernel.org; Tue, 14 Apr 2020 13:00:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58948) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOOfb-0004Ph-2x for qemu-devel@nongnu.org; Tue, 14 Apr 2020 12:44:20 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jOOfa-0007Td-1Z for qemu-devel@nongnu.org; Tue, 14 Apr 2020 12:44:19 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:43407 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jOLez-0008IG-Ic for qemu-devel@nongnu.org; Tue, 14 Apr 2020 09:31:29 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1586871089; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=P044dvCGY+OjnhTCca21kcGYqk6pkGT1ZkSmX3AzxY4=; b=OlBgHsdw1akwjcLTR2pJx7+X/wxCHp/25lludZ4nyzvc0aOSdd0UEKW1TWgm9Xmr5lWa5s HsSj9HR0f9OGem7MCjf3XSz+pM5tZZsnpGGsnrBklhPPXoEn1h+qiYihZ6MGZkuErMyIA5 z6kx4hiKHABrwhjq4qE9lwfXUzYcqAA= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-320-EXeZjF_pOMy7z_-6C77rdw-1; Tue, 14 Apr 2020 09:31:27 -0400 X-MC-Unique: EXeZjF_pOMy7z_-6C77rdw-1 Received: by mail-wr1-f71.google.com with SMTP id 11so2362487wrc.3 for ; Tue, 14 Apr 2020 06:31:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xOsd+sUVGYzNkkVeZbzr6M338X1UIcZTXkjxKBvcId0=; b=N1qOVKQgTzXB1+gv2FjaeQZJ8WJSxkOy/n20jj72WnsY+17DzpF7RcKHzZfHUmuaFQ AqelZKIj4j7LH4U1yL6+PP8g4NVAedEuGl8Pji5dXgds1cLRxmHL5s8pAlxepPnRo3kg SR07sRkRWpi/FBG6Ke601ILOFhlSBm574OaG0qxYMp4yxYS0QWfH4qmvhpcu3kYnVp81 CzpH/+9WQSSIcjJXlPB5XlpUh7R9R2DCvXRcEuqQ+FrCL1vf63CwFQs8xiLw+BU0vxQY Lqv9NSJmZiJYD4IrxeRlKFq2B87Vq2d93vrCCJL+KPlPqK5IkLIHZkXKZgi9YX3qgs42 vOjg== X-Gm-Message-State: AGi0Pub8iXQhW2W/tCSSJ5pGWT2HDGtS58uwQ8CkJaVlfcZElIV3MTec /qs+GxcwxTag7XhNDx66i2Lg1t5sjrBKQ/UVZJNOK0uxEXfYDQZAcJ/kNLPUdpRjuBZ7nvcaJTj lZ6ATYuQ6wqzOsH8= X-Received: by 2002:a1c:9dd1:: with SMTP id g200mr25248736wme.82.1586871086013; Tue, 14 Apr 2020 06:31:26 -0700 (PDT) X-Google-Smtp-Source: APiQypKYpggjSDgsYUwYvwjJsdDbyn4hOLFjHZrOLIrKXq+2ftERkt+CSot485qp6+APjGWdVvuG4A== X-Received: by 2002:a1c:9dd1:: with SMTP id g200mr25248707wme.82.1586871085864; Tue, 14 Apr 2020 06:31:25 -0700 (PDT) Received: from x1w.redhat.com (116.red-83-42-57.dynamicip.rima-tde.net. [83.42.57.116]) by smtp.gmail.com with ESMTPSA id 145sm19761961wma.1.2020.04.14.06.31.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Apr 2020 06:31:25 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH-for-5.0 06/12] hw/openrisc/pic_cpu: Use qdev gpio rather than qemu_allocate_irqs() Date: Tue, 14 Apr 2020 15:30:46 +0200 Message-Id: <20200414133052.13712-7-philmd@redhat.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200414133052.13712-1-philmd@redhat.com> References: <20200414133052.13712-1-philmd@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 205.139.110.120 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Peter Maydell , qemu-block@nongnu.org, "Michael S. Tsirkin" , Michael Roth , Fabien Chouteau , Max Filippov , KONRAD Frederic , qemu-arm@nongnu.org, qemu-ppc@nongnu.org, Gerd Hoffmann , =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , Stafford Horne , Max Reitz , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Aurelien Jarno , =?utf-8?q?Philippe_Mathieu-Dau?= =?utf-8?b?ZMOp?= Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Philippe Mathieu-Daudé Coverity points out (CID 1421934) that we are leaking the memory returned by qemu_allocate_irqs(). We can avoid this leak by switching to using qdev_init_gpio_in(); the base class finalize will free the irqs that this allocates under the hood. Patch created mechanically using spatch with this script inspired from commit d6ef883d9d7: @@ typedef qemu_irq; identifier irqs, handler; expression opaque, count, i; @@ - qemu_irq *irqs; ... - irqs = qemu_allocate_irqs(handler, opaque, count); + qdev_init_gpio_in(DEVICE(opaque), handler, count); <+... - irqs[i] + qdev_get_gpio_in(DEVICE(opaque), i) ...+> ?- g_free(irqs); Reported-by: Coverity (CID 1421934 Resource leak) Inspired-by: Peter Maydell Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20200412212943.4117-4-f4bug@amsat.org> Signed-off-by: Philippe Mathieu-Daudé --- hw/openrisc/pic_cpu.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/hw/openrisc/pic_cpu.c b/hw/openrisc/pic_cpu.c index 36f9350830..4b0c92f842 100644 --- a/hw/openrisc/pic_cpu.c +++ b/hw/openrisc/pic_cpu.c @@ -52,10 +52,9 @@ static void openrisc_pic_cpu_handler(void *opaque, int irq, int level) void cpu_openrisc_pic_init(OpenRISCCPU *cpu) { int i; - qemu_irq *qi; - qi = qemu_allocate_irqs(openrisc_pic_cpu_handler, cpu, NR_IRQS); + qdev_init_gpio_in(DEVICE(cpu), openrisc_pic_cpu_handler, NR_IRQS); for (i = 0; i < NR_IRQS; i++) { - cpu->env.irq[i] = qi[i]; + cpu->env.irq[i] = qdev_get_gpio_in(DEVICE(cpu), i); } } From patchwork Tue Apr 14 13:30:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 284387 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41FE4C2BA19 for ; Tue, 14 Apr 2020 16:35:17 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0901220678 for ; Tue, 14 Apr 2020 16:35:17 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="T4MethA7" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0901220678 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:34266 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOOWq-0003iE-6i for qemu-devel@archiver.kernel.org; Tue, 14 Apr 2020 12:35:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52726) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOOS6-0005Gu-Mk for qemu-devel@nongnu.org; Tue, 14 Apr 2020 12:30:23 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jOOS4-0000dX-Ex for qemu-devel@nongnu.org; Tue, 14 Apr 2020 12:30:21 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:37296 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jOLf4-0008JT-In for qemu-devel@nongnu.org; Tue, 14 Apr 2020 09:31:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1586871094; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YAfEGA4pShKXRTklWkYx1xXMbd4XoGQUU9RSc9eismw=; b=T4MethA7voJWKGjKKYvNPmXRgHLi+tJZ8tSDIvQ4IRKhp6qwvmoBL8dQ/XUL7TGzIivUOS aoie3BKTXd9A31DezrNxGYKBmiMyr32nA+pq9dLat11N7PGahgWvMGDV+j5cH2JQUto0wP Ns2X408AXii0E/QyMt0/iOGLcrg6KcY= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-328-EgdhwhkWOzyD8oAqmnu0OA-1; Tue, 14 Apr 2020 09:31:32 -0400 X-MC-Unique: EgdhwhkWOzyD8oAqmnu0OA-1 Received: by mail-wr1-f69.google.com with SMTP id m5so5561897wru.15 for ; Tue, 14 Apr 2020 06:31:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=R16ilq50Jn1I1kGv3Dmicd9P1j+Zk5asckFlP1ZiX90=; b=BBX2+9wwK7a+doBbpBbwWeT+jZaqV/XZlobUYEqV9wWcqBj87wvM/MpqXxfK4QFdAy sy2gnmGYMp22XBNWnkN3tC7m2eMzynAMwFMn4c/HqGmc+tqjdez1BWRB7fawcBiw46EA cWB3lN9pEFXG1wL5lpldbjkD9fCpG6FJvczFyz5SANMFIECi8ib5MU8YjEqBFi+qnv+J JbGNgbSYSo6WkavhNG4262p5GlPvaAZIwFDokeP7TzxYD96hOOTNzee8er0Okm+PFoba 5jaSHwMfxh1wsQbBfqPfI4JQHI3QvMzDNTlTW9Odj+jRPsgAnshwpNxGvx3am13zU26L 3h5Q== X-Gm-Message-State: AGi0PuYxCQfcoq/DnNRQw8Vzgdxr5EL3wzlCAkdyYGUc+kbIQCXRZHLd b/w540cSIpmCZDtxMgqNBwB0kOk4Xj6L6GldkjPQbBIegwUuiIewAEBUBzQV2g2xcgYl2lC24uG RLgjAam3YrOpPf90= X-Received: by 2002:a1c:2b06:: with SMTP id r6mr25127865wmr.25.1586871091259; Tue, 14 Apr 2020 06:31:31 -0700 (PDT) X-Google-Smtp-Source: APiQypIKxHy3Uzk8jeWwU9k6qAkmvuC/6JDPqfgkBrtZcfvHkg3qCEUxYyJmOMaSLkPh1mCkZWM9Ww== X-Received: by 2002:a1c:2b06:: with SMTP id r6mr25127835wmr.25.1586871091004; Tue, 14 Apr 2020 06:31:31 -0700 (PDT) Received: from x1w.redhat.com (116.red-83-42-57.dynamicip.rima-tde.net. [83.42.57.116]) by smtp.gmail.com with ESMTPSA id b11sm19174133wrq.26.2020.04.14.06.31.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Apr 2020 06:31:30 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH-for-5.0 07/12] hw/misc/grlib_ahb_apb_pnp: Avoid crash when writing to AHB PnP registers Date: Tue, 14 Apr 2020 15:30:47 +0200 Message-Id: <20200414133052.13712-8-philmd@redhat.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200414133052.13712-1-philmd@redhat.com> References: <20200414133052.13712-1-philmd@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 205.139.110.120 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Peter Maydell , qemu-block@nongnu.org, "Michael S. Tsirkin" , Michael Roth , Fabien Chouteau , Max Filippov , KONRAD Frederic , qemu-arm@nongnu.org, qemu-ppc@nongnu.org, Gerd Hoffmann , =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , Stafford Horne , Max Reitz , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Aurelien Jarno , =?utf-8?q?Philippe_Mathieu-Dau?= =?utf-8?b?ZMOp?= Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Philippe Mathieu-Daudé Similarly to commit 158b659451 with the APB PnP registers, guests can crash QEMU when writting to the AHB PnP registers: $ echo 'writeb 0xfffff042 69' | qemu-system-sparc -M leon3_generic -S -bios /etc/magic -qtest stdio [I 1571938309.932255] OPENED [R +0.063474] writeb 0xfffff042 69 Segmentation fault (core dumped) (gdb) bt #0 0x0000000000000000 in () #1 0x0000562999110df4 in memory_region_write_with_attrs_accessor (mr=mr@entry=0x56299aa28ea0, addr=66, value=value@entry=0x7fff6abe13b8, size=size@entry=1, shift=, mask=mask@entry=255, attrs=...) at memory.c:503 #2 0x000056299911095e in access_with_adjusted_size (addr=addr@entry=66, value=value@entry=0x7fff6abe13b8, size=size@entry=1, access_size_min=, access_size_max=, access_fn=access_fn@entry= 0x562999110d70 , mr=0x56299aa28ea0, attrs=...) at memory.c:539 #3 0x0000562999114fba in memory_region_dispatch_write (mr=mr@entry=0x56299aa28ea0, addr=66, data=, op=, attrs=attrs@entry=...) at memory.c:1482 #4 0x00005629990c0860 in flatview_write_continue (fv=fv@entry=0x56299aa7d8a0, addr=addr@entry=4294963266, attrs=..., ptr=ptr@entry=0x7fff6abe1540, len=len@entry=1, addr1=, l=, mr=0x56299aa28ea0) at include/qemu/host-utils.h:164 #5 0x00005629990c0a76 in flatview_write (fv=0x56299aa7d8a0, addr=4294963266, attrs=..., buf=0x7fff6abe1540, len=1) at exec.c:3165 #6 0x00005629990c4c1b in address_space_write (as=, addr=, attrs=..., attrs@entry=..., buf=buf@entry=0x7fff6abe1540, len=len@entry=1) at exec.c:3256 #7 0x000056299910f807 in qtest_process_command (chr=chr@entry=0x5629995ee920 , words=words@entry=0x56299acfcfa0) at qtest.c:437 Instead of crashing, log the access as unimplemented. Reviewed-by: KONRAD Frederic Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20200331105048.27989-3-f4bug@amsat.org> Signed-off-by: Philippe Mathieu-Daudé --- hw/misc/grlib_ahb_apb_pnp.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c index e230e25363..72a8764776 100644 --- a/hw/misc/grlib_ahb_apb_pnp.c +++ b/hw/misc/grlib_ahb_apb_pnp.c @@ -136,8 +136,15 @@ static uint64_t grlib_ahb_pnp_read(void *opaque, hwaddr offset, unsigned size) return ahb_pnp->regs[offset >> 2]; } +static void grlib_ahb_pnp_write(void *opaque, hwaddr addr, + uint64_t val, unsigned size) +{ + qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__); +} + static const MemoryRegionOps grlib_ahb_pnp_ops = { .read = grlib_ahb_pnp_read, + .write = grlib_ahb_pnp_write, .endianness = DEVICE_BIG_ENDIAN, }; From patchwork Tue Apr 14 13:30:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 284374 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A23FC352BE for ; Tue, 14 Apr 2020 17:21:28 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D41D620678 for ; Tue, 14 Apr 2020 17:21:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="N+Vob9kr" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D41D620678 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:35996 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOPFW-0005Zv-Tt for qemu-devel@archiver.kernel.org; Tue, 14 Apr 2020 13:21:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42513) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOP1L-0007a6-GC for qemu-devel@nongnu.org; Tue, 14 Apr 2020 13:06:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jOP1K-0006o1-BK for qemu-devel@nongnu.org; Tue, 14 Apr 2020 13:06:47 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:40598 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jOLfA-0008Kd-Bi for qemu-devel@nongnu.org; Tue, 14 Apr 2020 09:31:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1586871100; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sp8SzHLCDmolhv1WuiLlsIvFgsrHTJti0rZsOPUJPyM=; b=N+Vob9krwCKOimUmtELkT+ceW5juhZCEe8tn455q7ofep3e5aMGFaa5lkcuC2T0ryRNfFs Bc2w6yMUNoUPTDawAWNP3RA3/BtPBKHR2LozuwXDZgNV/jFzxLdwShDT+O/OdWXvPw+w1E bKy/s0iqSx/albh89N7lolzlt/Wv4o8= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-352-lhnjZcTPPweyx_9poJXKgA-1; Tue, 14 Apr 2020 09:31:37 -0400 X-MC-Unique: lhnjZcTPPweyx_9poJXKgA-1 Received: by mail-wr1-f70.google.com with SMTP id o12so5624730wra.14 for ; Tue, 14 Apr 2020 06:31:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=tNX3//qXDnRxcPpWRn8QtDnslzojVakNKy5THztVse4=; b=uiy49fAn5d7RVhgC1iZY76apypPNmQ31qu317/C3iMTAXq1DZRHlgWDaW8HpfrOlAC tg/n7n2a6q07mP7vXiIX4PYOFi3OaRiEUH3MUnFHXrR838u8tMMxmr7iDXWtDaUVkGDM EqJB3X2mHXcoEBwU8QBlgCTal20TXEu7Q/Zued1xe6sOgYaskHr672UftS1JwcgwUe/m F5tFAkgQ5TBq/8y/JoLWh7vcgV4dc2xIrQXb1fE63/chfoljrYJuLzJFTFHkcFzeZPsB S26lNvfkLihceBY9PPzs64XGgjGGWN1/kUZHOdCBRVD0dxsHGKci6x7kHzbanscoantq UjbQ== X-Gm-Message-State: AGi0PuYaEzYvU7YuLJCEvBYtbPwCx/nPNBGLzI88uSaWNlWs3TUy8wwT t5IZx+XR802w0qZMf+iYtO/9WG9vY0Rtmlbeu9cmXi2/0QDieiUx+/bM5pOvgUq+jmBfj0+4Li4 mJ1g3Ons/qxKjT4I= X-Received: by 2002:a5d:460b:: with SMTP id t11mr21176976wrq.319.1586871096166; Tue, 14 Apr 2020 06:31:36 -0700 (PDT) X-Google-Smtp-Source: APiQypIv9RBVDEd3xw1GEDZI6IhmUZJUQ1PGjXeX5+q1aweflnJmMAgLsdEz4/QVZsnGZyoClpC5sg== X-Received: by 2002:a5d:460b:: with SMTP id t11mr21176965wrq.319.1586871095937; Tue, 14 Apr 2020 06:31:35 -0700 (PDT) Received: from x1w.redhat.com (116.red-83-42-57.dynamicip.rima-tde.net. [83.42.57.116]) by smtp.gmail.com with ESMTPSA id t13sm2952131wre.70.2020.04.14.06.31.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Apr 2020 06:31:35 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH-for-5.0 08/12] hw/misc/grlib_ahb_apb_pnp: Fix AHB PnP 8-bit accesses Date: Tue, 14 Apr 2020 15:30:48 +0200 Message-Id: <20200414133052.13712-9-philmd@redhat.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200414133052.13712-1-philmd@redhat.com> References: <20200414133052.13712-1-philmd@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 205.139.110.61 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Peter Maydell , qemu-block@nongnu.org, "Michael S. Tsirkin" , Michael Roth , Fabien Chouteau , Max Filippov , KONRAD Frederic , qemu-arm@nongnu.org, qemu-ppc@nongnu.org, Gerd Hoffmann , =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , Stafford Horne , Max Reitz , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Aurelien Jarno , =?utf-8?q?Philippe_Mathieu-Dau?= =?utf-8?b?ZMOp?= Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Philippe Mathieu-Daudé The Plug & Play region of the AHB/APB bridge can be accessed by various word size, however the implementation is clearly restricted to 32-bit: static uint64_t grlib_ahb_pnp_read(void *opaque, hwaddr offset, unsigned size) { AHBPnp *ahb_pnp = GRLIB_AHB_PNP(opaque); return ahb_pnp->regs[offset >> 2]; } Similarly to commit 0fbe394a64 with the APB PnP registers, set the MemoryRegionOps::impl min/max fields to 32-bit, so memory.c::access_with_adjusted_size() can adjust when the access is not 32-bit. Reviewed-by: KONRAD Frederic Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20200331105048.27989-4-f4bug@amsat.org> Signed-off-by: Philippe Mathieu-Daudé --- hw/misc/grlib_ahb_apb_pnp.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c index 72a8764776..d22ed00206 100644 --- a/hw/misc/grlib_ahb_apb_pnp.c +++ b/hw/misc/grlib_ahb_apb_pnp.c @@ -146,6 +146,10 @@ static const MemoryRegionOps grlib_ahb_pnp_ops = { .read = grlib_ahb_pnp_read, .write = grlib_ahb_pnp_write, .endianness = DEVICE_BIG_ENDIAN, + .impl = { + .min_access_size = 4, + .max_access_size = 4, + }, }; static void grlib_ahb_pnp_realize(DeviceState *dev, Error **errp) From patchwork Tue Apr 14 13:30:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 284375 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B3BDC2BA19 for ; Tue, 14 Apr 2020 17:03:11 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D6F1A20678 for ; Tue, 14 Apr 2020 17:03:10 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="gRuTmzrl" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D6F1A20678 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:35458 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOOxp-0000Wn-Tn for qemu-devel@archiver.kernel.org; Tue, 14 Apr 2020 13:03:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39092) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOOvy-0006yU-7d for qemu-devel@nongnu.org; Tue, 14 Apr 2020 13:01:17 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jOOvt-0002KY-GO for qemu-devel@nongnu.org; Tue, 14 Apr 2020 13:01:13 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:43066 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jOLfK-0008MU-3t for qemu-devel@nongnu.org; Tue, 14 Apr 2020 09:31:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1586871109; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5F5VGUrhvJ/6dwp4oORH6NykPEQT94CUfCEwFf8jKAI=; b=gRuTmzrlipJ+G0VE/i9jILhxh4/WUuefnDmrs1cg4WJosgegZGxzsarSwjJGSclsYu6Vab U6TL1mx4a1kViSdS2eQDQ0FiI4wR1S3EP7eJsm1u0Lgi0VKreK3JMzPb5sGfcWeZqsxKr/ DcCKc6jy7QL2iKUzgnO2Qc8cY7RC6RY= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-337-j-iFQrp8NIuLMlyoDjyX-A-1; Tue, 14 Apr 2020 09:31:44 -0400 X-MC-Unique: j-iFQrp8NIuLMlyoDjyX-A-1 Received: by mail-wm1-f69.google.com with SMTP id n127so3769576wme.4 for ; Tue, 14 Apr 2020 06:31:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=TyZlA8S5K4aOaRBq4xW9gDApmrrmteGX4XubxYmsTLk=; b=L+4DzkCE+sYx2MXMIBFQPPWYx5DNX81I6uTbu8U2RzoLIGpOOwMYn6S19TpWp6di/2 N0dl9RY3Dibm1r0YS2ZxyqfE18OFXrlv8osX8spXdc/QsqVFsy45dHj9mCnT04Yayu2G 7YdqxD4Ho1MWCIhCo9mkb5FIM+Hm8DJQ/F+fHoT7HWBM8oRhWhdajEXQviPr8MiO3a20 kVEMGdM9s4tRvQthc4dl7w2UbKmOOqsg7R9p5Fen7yZfhg85LK/ETbJjvpUmJM7bNsmY Hz6RegsMYAbQDl00mgOMhs/AEI7RdpGotQUSURAvXQ3ZaOubDBYgj7uqwpjVO5lBnzj6 bXuw== X-Gm-Message-State: AGi0PuZtO6YSssKFGKQ9+xPpi6Y5nY7/H/qCONYIJ2aGxqBENAiiPuMB DH+WIpvRVPpi+7aYZFlsiulDyOc0PBQg61I2IGc3J5BLnW3eptJtQVXhhSdiqUHYF1QUVJuCijh JhHbMUxliip62bxI= X-Received: by 2002:adf:f1c2:: with SMTP id z2mr25296875wro.40.1586871101510; Tue, 14 Apr 2020 06:31:41 -0700 (PDT) X-Google-Smtp-Source: APiQypJP6fHl4xNW7Nqa11UFZNTCw4vVRGUyy4CcjNllaD1Gvcu9E5d3AraZgLgF6aFxBzGxafB78g== X-Received: by 2002:adf:f1c2:: with SMTP id z2mr25296846wro.40.1586871101209; Tue, 14 Apr 2020 06:31:41 -0700 (PDT) Received: from x1w.redhat.com (116.red-83-42-57.dynamicip.rima-tde.net. [83.42.57.116]) by smtp.gmail.com with ESMTPSA id j68sm19680265wrj.32.2020.04.14.06.31.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Apr 2020 06:31:40 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH-for-5.0 09/12] hw/display/sm501: Avoid heap overflow in sm501_2d_operation() Date: Tue, 14 Apr 2020 15:30:49 +0200 Message-Id: <20200414133052.13712-10-philmd@redhat.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200414133052.13712-1-philmd@redhat.com> References: <20200414133052.13712-1-philmd@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 207.211.31.120 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Peter Maydell , qemu-block@nongnu.org, "Michael S. Tsirkin" , qemu-stable@nongnu.org, Michael Roth , Fabien Chouteau , Zhang Zi Ming <1015138407@qq.com>, Max Filippov , KONRAD Frederic , qemu-arm@nongnu.org, qemu-ppc@nongnu.org, Gerd Hoffmann , =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , Stafford Horne , Max Reitz , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Aurelien Jarno , =?utf-8?q?Philippe_Mathieu-Dau?= =?utf-8?b?ZMOp?= Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: Philippe Mathieu-Daudé Zhang Zi Ming reported a heap overflow in the Drawing Engine of the SM501 companion chip model, in particular in the COPY_AREA() macro in sm501_2d_operation(). Add a simple check to avoid the heap overflow. This fixes: ================================================================= ==20518==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f6f4c3fffff at pc 0x55b1e1d358f0 bp 0x7ffce464dfb0 sp 0x7ffce464dfa8 READ of size 1 at 0x7f6f4c3fffff thread T0 #0 0x55b1e1d358ef in sm501_2d_operation hw/display/sm501.c:788:13 #1 0x55b1e1d32c38 in sm501_2d_engine_write hw/display/sm501.c:1466:13 #2 0x55b1e0cd19d8 in memory_region_write_accessor memory.c:483:5 #3 0x55b1e0cd1404 in access_with_adjusted_size memory.c:544:18 #4 0x55b1e0ccfb9d in memory_region_dispatch_write memory.c:1476:16 #5 0x55b1e0ae55a8 in flatview_write_continue exec.c:3125:23 #6 0x55b1e0ad3e87 in flatview_write exec.c:3165:14 #7 0x55b1e0ad3a24 in address_space_write exec.c:3256:18 0x7f6f4c3fffff is located 4194303 bytes to the right of 4194304-byte region [0x7f6f4bc00000,0x7f6f4c000000) allocated by thread T0 here: #0 0x55b1e0a6e715 in __interceptor_posix_memalign (ppc64-softmmu/qemu-system-ppc64+0x19c0715) #1 0x55b1e31c1482 in qemu_try_memalign util/oslib-posix.c:189:11 #2 0x55b1e31c168c in qemu_memalign util/oslib-posix.c:205:27 #3 0x55b1e11a00b3 in spapr_reallocate_hpt hw/ppc/spapr.c:1560:23 #4 0x55b1e11a0ce4 in spapr_setup_hpt hw/ppc/spapr.c:1593:5 #5 0x55b1e11c2fba in spapr_machine_reset hw/ppc/spapr.c:1644:9 #6 0x55b1e1368b01 in qemu_system_reset softmmu/vl.c:1391:9 #7 0x55b1e1375af3 in qemu_init softmmu/vl.c:4436:5 #8 0x55b1e2fc8a59 in main softmmu/main.c:48:5 #9 0x7f6f8150bf42 in __libc_start_main (/lib64/libc.so.6+0x23f42) SUMMARY: AddressSanitizer: heap-buffer-overflow hw/display/sm501.c:788:13 in sm501_2d_operation Shadow bytes around the buggy address: 0x0fee69877fa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0fee69877fb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0fee69877fc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0fee69877fd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0fee69877fe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0fee69877ff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa] 0x0fee69878000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fee69878010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fee69878020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fee69878030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fee69878040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Poisoned by user: f7 ASan internal: fe ==20518==ABORTING Cc: qemu-stable@nongnu.org Fixes: 07d8a50cb0e ("sm501: add 2D engine copyrect support") Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1786026 Reported-by: Zhang Zi Ming <1015138407@qq.com> Acked-by: BALATON Zoltan Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20200413220100.18628-1-f4bug@amsat.org> Signed-off-by: Philippe Mathieu-Daudé --- hw/display/sm501.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/display/sm501.c b/hw/display/sm501.c index de0ab9d977..902acb3875 100644 --- a/hw/display/sm501.c +++ b/hw/display/sm501.c @@ -726,6 +726,12 @@ static void sm501_2d_operation(SM501State *s) int crt = (s->dc_crt_control & SM501_DC_CRT_CONTROL_SEL) ? 1 : 0; int fb_len = get_width(s, crt) * get_height(s, crt) * get_bpp(s, crt); + if (rtl && (src_x < operation_width || src_y < operation_height)) { + qemu_log_mask(LOG_GUEST_ERROR, "sm501: Illegal RTL address (%i, %i)\n", + src_x, src_y); + return; + } + if (addressing != 0x0) { printf("%s: only XY addressing is supported.\n", __func__); abort(); From patchwork Tue Apr 14 13:30:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 284386 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BFA8AC2BA19 for ; Tue, 14 Apr 2020 16:36:17 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8C64A20678 for ; Tue, 14 Apr 2020 16:36:17 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="fCVIrjvA" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8C64A20678 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:34336 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOOXo-0005L3-Iv for qemu-devel@archiver.kernel.org; Tue, 14 Apr 2020 12:36:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52026) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOOPN-0007Jd-Lx for qemu-devel@nongnu.org; Tue, 14 Apr 2020 12:27:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jOOPM-0007Zo-8B for qemu-devel@nongnu.org; Tue, 14 Apr 2020 12:27:33 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:26198 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jOLfQ-0008P6-5J for qemu-devel@nongnu.org; Tue, 14 Apr 2020 09:31:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1586871115; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Fjs4yVSzX/t7eIZ4BMJCeGD5o8nvdl+6NyWwA/aHCM0=; b=fCVIrjvANftPw/cpB8vc7GG2NPioQJ7Z3AUnVzDsLd8yUWu7dH9dsNYx8A0nZhEdBe12PQ KPrIaEvm8vF3a66ADEwLEkKpNUMql4RkKMRx3V5TEp0iJ1foSypHn3UKxC9XfWj2Al/nVN +zVlOZ3jTXgrxaPT8PJdoTH2q4ZJfJY= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-453-_fImy4kmMVWZ7V47WhgILQ-1; Tue, 14 Apr 2020 09:31:54 -0400 X-MC-Unique: _fImy4kmMVWZ7V47WhgILQ-1 Received: by mail-wr1-f70.google.com with SMTP id j16so8003354wrw.20 for ; Tue, 14 Apr 2020 06:31:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=RxFffFGRSs8+HS+rlE7EgcZ1aLnSCjkXM0Jmxf700XU=; b=jwEuGYIg8w5PKRqVQyATdwRSZpDQrtUFoSe9rRl7b4v9uhkSkYy0+wYjFA1yjQ4MAR oPBc/Uh3+JLW/k1F+SYT42PlOmFQ1Kzu5BJg17Asjz7L8d5eNAeifYLW1yf4BEgfv4UF hpf6UTZTTRNyRrANFKyF12LyHI6alu8Ds6RbF3At+zMnr0IY9Y9rNEJleZulhBTNLd0R QBZNcfNhhgVRWFShVSFFqf753az6QI8T7DSon3WnYbx95cEwiqqX3aFvlzNkb5e/HU4P Dp6vCKmYzEP6UuyluElc06kIwn/eMVkcPSzvpFa6EJ/pdyioZ3v3EIeGpWX0Tf2P7MZs KUQQ== X-Gm-Message-State: AGi0PuZJfhvKWw9iJjdFRsWn4uCGm7VByDRQD9Nd+zAMeaL/MaJOwoTR lP4pRzOLzHJKQmwWKRxgLnXaw2DKot3kPbkvSRdoNtMAob+qz8Al57/s2r4ffyXhEsegp5EqWlk +QFqdgFIw2KwQmdU= X-Received: by 2002:a1c:2e0a:: with SMTP id u10mr23597880wmu.146.1586871112676; Tue, 14 Apr 2020 06:31:52 -0700 (PDT) X-Google-Smtp-Source: APiQypJRJH2vy/dj6LD4fLL4gnrOHkxWz7ywj/Mxkgl91RzwfuK8MqCUULM6H1h+c2ndOXnhvXAG4g== X-Received: by 2002:a1c:2e0a:: with SMTP id u10mr23597795wmu.146.1586871111491; Tue, 14 Apr 2020 06:31:51 -0700 (PDT) Received: from x1w.redhat.com (116.red-83-42-57.dynamicip.rima-tde.net. [83.42.57.116]) by smtp.gmail.com with ESMTPSA id s14sm19592651wme.33.2020.04.14.06.31.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Apr 2020 06:31:51 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH-for-5.0 11/12] gdbstub: Do not use memset() on GByteArray Date: Tue, 14 Apr 2020 15:30:51 +0200 Message-Id: <20200414133052.13712-12-philmd@redhat.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200414133052.13712-1-philmd@redhat.com> References: <20200414133052.13712-1-philmd@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 207.211.31.120 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Peter Maydell , qemu-block@nongnu.org, "Michael S. Tsirkin" , Michael Roth , Fabien Chouteau , Max Filippov , KONRAD Frederic , qemu-arm@nongnu.org, qemu-ppc@nongnu.org, Gerd Hoffmann , =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , Stafford Horne , Max Reitz , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Aurelien Jarno Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Introduce gdb_get_zeroes() to fill a GByteArray with zeroes. Fixes: a010bdbe719 ("extend GByteArray to read register helpers") Suggested-by: Peter Maydell Signed-off-by: Philippe Mathieu-Daudé --- Since v1: Use memset (pm215) --- include/exec/gdbstub.h | 10 ++++++++++ target/arm/gdbstub.c | 3 +-- target/xtensa/gdbstub.c | 6 ++---- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/include/exec/gdbstub.h b/include/exec/gdbstub.h index 30b909ebd2..f44bdd2270 100644 --- a/include/exec/gdbstub.h +++ b/include/exec/gdbstub.h @@ -125,6 +125,16 @@ static inline int gdb_get_reg128(GByteArray *buf, uint64_t val_hi, return 16; } +static inline int gdb_get_zeroes(GByteArray *array, size_t len) +{ + guint oldlen = array->len; + + g_byte_array_set_size(array, oldlen + len); + memset(array->data + oldlen, 0, len); + + return len; +} + /** * gdb_get_reg_ptr: get pointer to start of last element * @len: length of element diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c index 8efc535f2a..063551df23 100644 --- a/target/arm/gdbstub.c +++ b/target/arm/gdbstub.c @@ -47,8 +47,7 @@ int arm_cpu_gdb_read_register(CPUState *cs, GByteArray *mem_buf, int n) if (gdb_has_xml) { return 0; } - memset(mem_buf, 0, 12); - return 12; + return gdb_get_zeroes(mem_buf, 12); } switch (n) { case 24: diff --git a/target/xtensa/gdbstub.c b/target/xtensa/gdbstub.c index 0ee3feabe5..4d43f1340a 100644 --- a/target/xtensa/gdbstub.c +++ b/target/xtensa/gdbstub.c @@ -105,8 +105,7 @@ int xtensa_cpu_gdb_read_register(CPUState *cs, GByteArray *mem_buf, int n) default: qemu_log_mask(LOG_UNIMP, "%s from reg %d of unsupported size %d\n", __func__, n, reg->size); - memset(mem_buf, 0, reg->size); - return reg->size; + return gdb_get_zeroes(mem_buf, reg->size); } case xtRegisterTypeWindow: /*a*/ @@ -115,8 +114,7 @@ int xtensa_cpu_gdb_read_register(CPUState *cs, GByteArray *mem_buf, int n) default: qemu_log_mask(LOG_UNIMP, "%s from reg %d of unsupported type %d\n", __func__, n, reg->type); - memset(mem_buf, 0, reg->size); - return reg->size; + return gdb_get_zeroes(mem_buf, reg->size); } } From patchwork Tue Apr 14 13:30:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 284372 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 33192C2BA19 for ; Tue, 14 Apr 2020 17:27:03 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id F194D20678 for ; Tue, 14 Apr 2020 17:27:02 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="LsUdJIZx" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org F194D20678 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:36116 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOPKw-0004hy-7M for qemu-devel@archiver.kernel.org; Tue, 14 Apr 2020 13:27:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43295) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOP2e-0001Pp-Bp for qemu-devel@nongnu.org; Tue, 14 Apr 2020 13:08:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jOP2c-0007mY-VD for qemu-devel@nongnu.org; Tue, 14 Apr 2020 13:08:08 -0400 Received: from us-smtp-1.mimecast.com ([207.211.31.81]:52723 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jOLfW-0008QO-FJ for qemu-devel@nongnu.org; Tue, 14 Apr 2020 09:32:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1586871122; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=n59eKf+0oDoamY0gLsMDzHfLMPXzKnb/MCgiWXZhTz8=; b=LsUdJIZx68+f13Io4YQ8CITy7P4w1N6jtm9wWOKxt9BeTERKa5H6mfgCVJ4sAl9pjcmccy F541cxSUiDVhZStOZxp16uEV9jr6a4pt1ogZR+DERvE8sKjZza4CfOCOY4hNBORCfU5hxY gOLcq2lev21zPant6A5za6hjFP8lmYc= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-419-Yf7dFgbKNairJ9qPhXYCfQ-1; Tue, 14 Apr 2020 09:32:00 -0400 X-MC-Unique: Yf7dFgbKNairJ9qPhXYCfQ-1 Received: by mail-wr1-f72.google.com with SMTP id v14so8693450wrq.13 for ; Tue, 14 Apr 2020 06:31:59 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=KS4zH+Aytjp2L30CAb1LBJ5X0HgAg1y2VGWQ+0RaCBU=; b=LGHxbv14d8TpJ/ls/5ozP+llI1kQ1rtygC0Vym6MjBjqtzTv2NvIcytHGRqlAWv0h/ M5kwbiuUQd0EDQXat4baRKl6uo0C/ucB6D647quKpz8B3NSYTAkquVIkFQIqXupsf8X2 zFjDf37V0KfBs80tJ3QCG0MJJ3RhEXbhpcUY3b8cE5Xh5zRH6O6Ec4kn8JiIlgMJAi9r Fvu7ENFNk9T/+VP6NEcxQNZCmDWY77aMbILJTG3ulhhtvj0CqB7OxW1q3G+WKJTOvhhf jpfd/IrpibvfUIWj+1cZde5Lh38Puz5VsSHZ3h2L65u05txiVhoKGBCErbDMTZGpmcQL ++5g== X-Gm-Message-State: AGi0PuY5zgkCJSlkAIKOZz1Y+OwMxvKo5zxdEbM0iLsVJ8akrSzqkwJM 3iPoyancjvyjAvzZWSZu8Ckxkw9qBS05B12WQmSqUBxSk0/jh6oTBr7CjbflqLVKOWvSaoVIRNg XOxJk5FpiO9WmukY= X-Received: by 2002:a05:600c:a:: with SMTP id g10mr24285279wmc.153.1586871116613; Tue, 14 Apr 2020 06:31:56 -0700 (PDT) X-Google-Smtp-Source: APiQypL3uroLMeRg90QZWpGZ1WUFQokPTl6qoFHzPiMBF81f8x+sVHwBkls+HCO4GqUUhj2AY5KJiw== X-Received: by 2002:a05:600c:a:: with SMTP id g10mr24285254wmc.153.1586871116450; Tue, 14 Apr 2020 06:31:56 -0700 (PDT) Received: from x1w.redhat.com (116.red-83-42-57.dynamicip.rima-tde.net. [83.42.57.116]) by smtp.gmail.com with ESMTPSA id a7sm2414016wrs.61.2020.04.14.06.31.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Apr 2020 06:31:55 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH-for-5.0 12/12] gdbstub: Introduce gdb_get_freg32() to get float32 registers Date: Tue, 14 Apr 2020 15:30:52 +0200 Message-Id: <20200414133052.13712-13-philmd@redhat.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200414133052.13712-1-philmd@redhat.com> References: <20200414133052.13712-1-philmd@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 207.211.31.81 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Peter Maydell , qemu-block@nongnu.org, "Michael S. Tsirkin" , Michael Roth , Fabien Chouteau , Max Filippov , KONRAD Frederic , qemu-arm@nongnu.org, qemu-ppc@nongnu.org, Gerd Hoffmann , =?utf-8?q?Marc-Andr=C3=A9_Lureau?= , Stafford Horne , Max Reitz , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Aurelien Jarno Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Since we now use a GByteArray, we can not use stfl_p() directly. Introduce the gdb_get_freg32() helper to load a float32 register. Fixes: a010bdbe719 ("extend GByteArray to read register helpers") Signed-off-by: Philippe Mathieu-Daudé --- include/exec/gdbstub.h | 12 ++++++++++++ target/sh4/gdbstub.c | 6 ++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/include/exec/gdbstub.h b/include/exec/gdbstub.h index f44bdd2270..6d41234071 100644 --- a/include/exec/gdbstub.h +++ b/include/exec/gdbstub.h @@ -125,6 +125,18 @@ static inline int gdb_get_reg128(GByteArray *buf, uint64_t val_hi, return 16; } +static inline int gdb_get_freg32(GByteArray *array, float32 val) +{ + uint8_t buf[4]; + + QEMU_BUILD_BUG_ON(sizeof(CPU_FloatU) != sizeof(buf)); + + stfl_p(buf, val); + g_byte_array_append(array, buf, sizeof(buf)); + + return sizeof(buf); +} + static inline int gdb_get_zeroes(GByteArray *array, size_t len) { guint oldlen = array->len; diff --git a/target/sh4/gdbstub.c b/target/sh4/gdbstub.c index 49fc4a0cc6..da95205889 100644 --- a/target/sh4/gdbstub.c +++ b/target/sh4/gdbstub.c @@ -58,11 +58,9 @@ int superh_cpu_gdb_read_register(CPUState *cs, GByteArray *mem_buf, int n) return gdb_get_regl(mem_buf, env->fpscr); case 25 ... 40: if (env->fpscr & FPSCR_FR) { - stfl_p(mem_buf, env->fregs[n - 9]); - } else { - stfl_p(mem_buf, env->fregs[n - 25]); + return gdb_get_freg32(mem_buf, env->fregs[n - 9]); } - return 4; + return gdb_get_freg32(mem_buf, env->fregs[n - 25]); case 41: return gdb_get_regl(mem_buf, env->ssr); case 42: