From: Eduardo Habkost <ehabkost@redhat.com>
To: qemu-devel@nongnu.org
Cc: Paolo Bonzini <pbonzini@redhat.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Subject: [Qemu-devel] [PATCH] fixup! i386: Change X86CPUDefinition::model_id to const char*
Date: Tue, 9 Jan 2018 15:47:54 -0200 [thread overview]
Message-ID: <20180109174754.GR6646@localhost.localdomain> (raw)
In-Reply-To: <20180109154519.25634-2-ehabkost@redhat.com>
On Tue, Jan 09, 2018 at 01:45:13PM -0200, Eduardo Habkost wrote:
> It is valid to have a 48-character model ID on CPUID, however the
> definition of X86CPUDefinition::model_id is char[48], which can
> make the compiler drop the null terminator from the string.
>
> If a CPU model happens to have 48 bytes on model_id, "-cpu help"
> will print garbage and the object_property_set_str() call at
> x86_cpu_load_def() will read data outside the model_id array.
>
> We could increase the array size to 49, but this would mean the
> compiler would not issue a warning if a 49-char string is used by
> mistake for model_id.
>
> To make things simpler, simply change model_id to be const char*,
> and validate the string length using an assert() on
> x86_cpu_cpudef_class_init.
>
> Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Oops, this patch makes 486, pentium, pentium2, pentium3 and
athlon crash because they don't have model_id explicitly set.
Fixup:
* Set model_id to "" explicitly on 486, pentium* and athlon (fix crash)
* Change assert() to ensure model_id is not NULL
* Move assert() to x86_register_cpudef_type() (closer to existing
assert() that validates CPUID_EXT2_AMD_ALIASES)
---
target/i386/cpu.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index ad79fbb111..170c0ecd43 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -939,6 +939,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
.features[FEAT_1_EDX] =
I486_FEATURES,
.xlevel = 0,
+ .model_id = "",
},
{
.name = "pentium",
@@ -950,6 +951,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
.features[FEAT_1_EDX] =
PENTIUM_FEATURES,
.xlevel = 0,
+ .model_id = "",
},
{
.name = "pentium2",
@@ -961,6 +963,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
.features[FEAT_1_EDX] =
PENTIUM2_FEATURES,
.xlevel = 0,
+ .model_id = "",
},
{
.name = "pentium3",
@@ -972,6 +975,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
.features[FEAT_1_EDX] =
PENTIUM3_FEATURES,
.xlevel = 0,
+ .model_id = "",
},
{
.name = "athlon",
@@ -3160,9 +3164,6 @@ static void x86_cpu_cpudef_class_init(ObjectClass *oc, void *data)
X86CPUDefinition *cpudef = data;
X86CPUClass *xcc = X86_CPU_CLASS(oc);
- /* catch mistakes instead of silently truncating model_id when too long */
- assert(!cpudef->model_id || strlen(cpudef->model_id) <= 48);
-
xcc->cpu_def = cpudef;
xcc->migration_safe = true;
}
@@ -3181,6 +3182,9 @@ static void x86_register_cpudef_type(X86CPUDefinition *def)
* they shouldn't be set on the CPU model table.
*/
assert(!(def->features[FEAT_8000_0001_EDX] & CPUID_EXT2_AMD_ALIASES));
+ /* catch mistakes instead of silently truncating model_id when too long */
+ assert(def->model_id && strlen(def->model_id) <= 48);
+
type_register(&ti);
g_free(typename);
--
2.14.3
--
Eduardo
next prev parent reply other threads:[~2018-01-09 17:48 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-09 15:45 [Qemu-devel] [PATCH 0/7] CPU model updates for CVE-2017-5715 (Spectre variant #2) Eduardo Habkost
2018-01-09 15:45 ` [Qemu-devel] [PATCH 1/7] i386: Change X86CPUDefinition::model_id to const char* Eduardo Habkost
2018-01-09 17:47 ` Eduardo Habkost [this message]
2018-01-09 15:45 ` [Qemu-devel] [PATCH 2/7] i386: Add support for SPEC_CTRL MSR Eduardo Habkost
2018-01-09 15:45 ` [Qemu-devel] [PATCH 3/7] i386: Add spec-ctrl CPUID bit Eduardo Habkost
2018-01-13 3:04 ` Gonglei (Arei)
2018-01-15 12:23 ` Eduardo Habkost
2018-01-16 14:50 ` Gonglei (Arei)
2018-01-09 15:45 ` [Qemu-devel] [PATCH 4/7] i386: Add FEAT_8000_0008_EBX CPUID feature word Eduardo Habkost
2018-01-09 15:45 ` [Qemu-devel] [PATCH 5/7] i386: Add new -IBRS versions of Intel CPU models Eduardo Habkost
2018-01-09 15:45 ` [Qemu-devel] [PATCH 6/7] [RFC] i386: Add EPYC-IBPB CPU model Eduardo Habkost
2018-01-09 15:45 ` [Qemu-devel] [PATCH 7/7] [RFC] i386: Add PCID to {Westmere, SandyBridge, IvyBridge}-IBRS Eduardo Habkost
2018-01-09 16:01 ` [Qemu-devel] [PATCH 0/7] CPU model updates for CVE-2017-5715 (Spectre variant #2) no-reply
2018-01-12 19:50 ` Eduardo Habkost
2018-01-15 12:27 ` Eduardo Habkost
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180109174754.GR6646@localhost.localdomain \
--to=ehabkost@redhat.com \
--cc=dgilbert@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.