From: Tao Cui <cui.tao@linux.dev>
To: qemu-devel@nongnu.org
Cc: "Song Gao" <gaosong@loongson.cn>,
"Bibo Mao" <maobibo@loongson.cn>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@mailo.com>,
"Qiang Ma" <maqianga@uniontech.com>,
"Tao Cui" <cuitao@kylinos.cn>
Subject: [PATCH 1/4] target/loongarch/kvm: fix uninitialized val and unchecked GET in cpucfg2 check
Date: Thu, 25 Jun 2026 09:58:31 +0800 [thread overview]
Message-ID: <20260625015835.678819-2-cui.tao@linux.dev> (raw)
In-Reply-To: <20260625015835.678819-1-cui.tao@linux.dev>
From: Tao Cui <cuitao@kylinos.cn>
kvm_check_cpucfg2() discards the return value of KVM_GET_DEVICE_ATTR and
then uses the local val (the host cpucfg2 mask) without checking whether
the read succeeded. val is also declared without an initializer.
If GET fails, env->cpucfg[2] &= val uses an uninitialized value and can
silently clear feature bits (FP / LLFTP / LSX / LASX), since bitwise-AND
can only turn bits off.
Check the GET return value, report the failure with error_report(), and
initialize val to 0.
Signed-off-by: Tao Cui <cuitao@kylinos.cn>
---
target/loongarch/kvm/kvm.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/target/loongarch/kvm/kvm.c b/target/loongarch/kvm/kvm.c
index d6539c12ac..b7176ce53a 100644
--- a/target/loongarch/kvm/kvm.c
+++ b/target/loongarch/kvm/kvm.c
@@ -725,7 +725,7 @@ static int kvm_loongarch_get_cpucfg(CPUState *cs)
static int kvm_check_cpucfg2(CPUState *cs)
{
int ret;
- uint64_t val;
+ uint64_t val = 0;
struct kvm_device_attr attr = {
.group = KVM_LOONGARCH_VCPU_CPUCFG,
.attr = 2,
@@ -736,7 +736,11 @@ static int kvm_check_cpucfg2(CPUState *cs)
ret = kvm_vcpu_ioctl(cs, KVM_HAS_DEVICE_ATTR, &attr);
if (!ret) {
- kvm_vcpu_ioctl(cs, KVM_GET_DEVICE_ATTR, &attr);
+ ret = kvm_vcpu_ioctl(cs, KVM_GET_DEVICE_ATTR, &attr);
+ if (ret) {
+ error_report("CPUCFG2: KVM_GET_DEVICE_ATTR: %s", strerror(errno));
+ return ret;
+ }
env->cpucfg[2] &= val;
if (FIELD_EX32(env->cpucfg[2], CPUCFG2, FP)) {
--
2.43.0
next prev parent reply other threads:[~2026-06-25 1:59 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-25 1:58 [PATCH 0/4] target/loongarch/kvm: cpucfg and device attr fixes Tao Cui
2026-06-25 1:58 ` Tao Cui [this message]
2026-06-25 2:48 ` [PATCH 1/4] target/loongarch/kvm: fix uninitialized val and unchecked GET in cpucfg2 check Bibo Mao
2026-06-25 3:24 ` Tao Cui
2026-06-25 1:58 ` [PATCH 2/4] target/loongarch/kvm: pass device attr by reference to kvm_vcpu_ioctl Tao Cui
2026-06-25 2:32 ` Bibo Mao
2026-06-25 1:58 ` [PATCH 3/4] target/loongarch/kvm: remove redundant cpucfg failure traces Tao Cui
2026-06-25 2:38 ` Bibo Mao
2026-06-25 3:33 ` Tao Cui
2026-06-25 3:58 ` Bibo Mao
2026-06-25 1:58 ` [PATCH 4/4] target/loongarch/kvm: fix cpucfg sync error handling Tao Cui
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260625015835.678819-2-cui.tao@linux.dev \
--to=cui.tao@linux.dev \
--cc=cuitao@kylinos.cn \
--cc=gaosong@loongson.cn \
--cc=maobibo@loongson.cn \
--cc=maqianga@uniontech.com \
--cc=pbonzini@redhat.com \
--cc=philmd@mailo.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.