From: Tao Cui <cui.tao@linux.dev>
To: qemu-devel@nongnu.org
Cc: "Song Gao" <gaosong@loongson.cn>,
"Bibo Mao" <maobibo@loongson.cn>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@mailo.com>,
"Qiang Ma" <maqianga@uniontech.com>,
"Tao Cui" <cuitao@kylinos.cn>
Subject: [PATCH v2 1/4] target/loongarch/kvm: fix uninitialized val and unchecked GET in cpucfg2 check
Date: Fri, 26 Jun 2026 13:27:39 +0800 [thread overview]
Message-ID: <20260626052742.810726-2-cui.tao@linux.dev> (raw)
In-Reply-To: <20260626052742.810726-1-cui.tao@linux.dev>
From: Tao Cui <cuitao@kylinos.cn>
kvm_check_cpucfg2() discards the return value of KVM_GET_DEVICE_ATTR and
uses the local val (the host cpucfg2 mask) without checking whether the
read succeeded. val is also declared without an initializer, so on a GET
failure env->cpucfg[2] &= val reads an uninitialized value.
The &= mask is best-effort feature negotiation: if KVM_HAS_DEVICE_ATTR
succeeds, a GET failure is most likely a copy_{from,to}_user issue, not a
reason to fail the whole register sync. Check the GET return value, warn and
skip the mask on failure (the guest keeps the cpucfg2 it already has), and
initialize val to 0.
Signed-off-by: Tao Cui <cuitao@kylinos.cn>
---
target/loongarch/kvm/kvm.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/target/loongarch/kvm/kvm.c b/target/loongarch/kvm/kvm.c
index d6539c12ac..5bd5e268b9 100644
--- a/target/loongarch/kvm/kvm.c
+++ b/target/loongarch/kvm/kvm.c
@@ -725,7 +725,7 @@ static int kvm_loongarch_get_cpucfg(CPUState *cs)
static int kvm_check_cpucfg2(CPUState *cs)
{
int ret;
- uint64_t val;
+ uint64_t val = 0;
struct kvm_device_attr attr = {
.group = KVM_LOONGARCH_VCPU_CPUCFG,
.attr = 2,
@@ -736,8 +736,17 @@ static int kvm_check_cpucfg2(CPUState *cs)
ret = kvm_vcpu_ioctl(cs, KVM_HAS_DEVICE_ATTR, &attr);
if (!ret) {
- kvm_vcpu_ioctl(cs, KVM_GET_DEVICE_ATTR, &attr);
- env->cpucfg[2] &= val;
+ /*
+ * The &= mask is best-effort feature negotiation. If HAS succeeded,
+ * a GET failure is most likely a copy_{from,to}_user issue; warn and
+ * keep the cpucfg2 the guest already has rather than failing the sync.
+ */
+ int r = kvm_vcpu_ioctl(cs, KVM_GET_DEVICE_ATTR, &attr);
+ if (r) {
+ warn_report("CPUCFG2: KVM_GET_DEVICE_ATTR: %s", strerror(errno));
+ } else {
+ env->cpucfg[2] &= val;
+ }
if (FIELD_EX32(env->cpucfg[2], CPUCFG2, FP)) {
/* The FP minimal version is 1. */
--
2.43.0
next prev parent reply other threads:[~2026-06-26 5:28 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-26 5:27 [PATCH v2 0/4] target/loongarch/kvm: cpucfg and device attr fixes Tao Cui
2026-06-26 5:27 ` Tao Cui [this message]
2026-06-26 5:27 ` [PATCH v2 2/4] target/loongarch/kvm: pass device attr by reference to kvm_vcpu_ioctl Tao Cui
2026-06-26 5:27 ` [PATCH v2 3/4] target/loongarch/kvm: remove redundant cpucfg failure traces Tao Cui
2026-06-26 5:27 ` [PATCH v2 4/4] target/loongarch/kvm: fix cpucfg sync error handling Tao Cui
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260626052742.810726-2-cui.tao@linux.dev \
--to=cui.tao@linux.dev \
--cc=cuitao@kylinos.cn \
--cc=gaosong@loongson.cn \
--cc=maobibo@loongson.cn \
--cc=maqianga@uniontech.com \
--cc=pbonzini@redhat.com \
--cc=philmd@mailo.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.