From: Cornelia Huck <cohuck@redhat.com>
To: David Hildenbrand <david@redhat.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>,
qemu-s390x@nongnu.org, Thomas Huth <thuth@redhat.com>,
Chris Venteicher <cventeic@redhat.com>,
Alexander Graf <agraf@suse.de>,
qemu-devel@nongnu.org, Collin Walling <walling@linux.ibm.com>,
Richard Henderson <rth@twiddle.net>
Subject: Re: [Qemu-devel] [qemu-s390x] [PATCH] s390x/cpumodel: fix segmentation fault when baselining models
Date: Wed, 18 Jul 2018 10:46:32 +0200 [thread overview]
Message-ID: <20180718104632.0b39275e.cohuck@redhat.com> (raw)
In-Reply-To: <873c35d4-5a5f-d095-9485-4fb7ec8b746f@redhat.com>
On Wed, 18 Jul 2018 10:40:18 +0200
David Hildenbrand <david@redhat.com> wrote:
> On 18.07.2018 10:39, Christian Borntraeger wrote:
> >
> >
> > On 07/18/2018 10:24 AM, David Hildenbrand wrote:
> >> Usually, when baselining two CPU models, whereby one of them has base
> >> CPU features disabled (e.g. z14-base,msa=off), we fallback to an older
> >> model that did not have these features in the base model. We always try to
> >> create a "sane" CPU model (as far as possible), and one part of it is that
> >> removing base features is no good and to be avoided.
> >>
> >> Now, if we disable base features that were part of a z900, we're out of
> >> luck. We won't find a CPU model and QEMU will segfault. This is a
> >> scenario that should never happen in real life, but it can be used to
> >> crash QEMU.
> >>
> >> So let's make something like this:
> >>
> >> { "execute": "query-cpu-model-baseline",
> >> "arguments" : { "modela": { "name": "z14-base", "props": {"esan3" : false}},
> >> "modelb": { "name": "z14"}} }
> >>
> >> Produce:
> >>
> >> {"return": {"model": {"name": "z900-base", "props": {"esan3": false}}}}
> >>
> >> Instead of segfaulting.
> >>
> >> This could of course be improved (e.g. to z14-base,esan3=false), however
> >> as this ususally won't happen, let's just avoid crashes.
> >>
> >> Signed-off-by: David Hildenbrand <david@redhat.com>
> >> ---
> >> target/s390x/cpu_models.c | 6 ++++++
> >> 1 file changed, 6 insertions(+)
> >>
> >> diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
> >> index cfdbccf46d..13a5d4f095 100644
> >> --- a/target/s390x/cpu_models.c
> >> +++ b/target/s390x/cpu_models.c
> >> @@ -716,6 +716,12 @@ CpuModelBaselineInfo *arch_query_cpu_model_baseline(CpuModelInfo *infoa,
> >>
> >> model.def = s390_find_cpu_def(cpu_type, max_gen, max_gen_ga,
> >> model.features);
> >> +
> >> + /* models without early base features (esan3) are bad - fallback to z900 */
> >> + if (!model.def) {
> >> + model.def = s390_find_cpu_def(0x2064, 7, 1, NULL);
> >> + }
> >> +
> >
> > Is there a way to not even return z900 but retuning an empty model (e.g. no model that
> > matches) ?
>
> An error would be an alternative.
>
>
An error looks a bit saner to me. As long as we avoid unexpected
segfaults :)
prev parent reply other threads:[~2018-07-18 8:46 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-18 8:24 [Qemu-devel] [PATCH] s390x/cpumodel: fix segmentation fault when baselining models David Hildenbrand
2018-07-18 8:39 ` [Qemu-devel] [qemu-s390x] " Christian Borntraeger
2018-07-18 8:40 ` David Hildenbrand
2018-07-18 8:44 ` Christian Borntraeger
2018-07-18 8:50 ` David Hildenbrand
2018-07-18 9:06 ` Cornelia Huck
2018-07-18 8:46 ` Cornelia Huck [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180718104632.0b39275e.cohuck@redhat.com \
--to=cohuck@redhat.com \
--cc=agraf@suse.de \
--cc=borntraeger@de.ibm.com \
--cc=cventeic@redhat.com \
--cc=david@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=rth@twiddle.net \
--cc=thuth@redhat.com \
--cc=walling@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.