From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1cReUm-0002Xc-Qa for mharc-qemu-trivial@gnu.org; Thu, 12 Jan 2017 07:28:44 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44967) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cReUh-0002Sx-0s for qemu-trivial@nongnu.org; Thu, 12 Jan 2017 07:28:43 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cReUc-0006i8-0w for qemu-trivial@nongnu.org; Thu, 12 Jan 2017 07:28:39 -0500 Received: from mx1.redhat.com ([209.132.183.28]:41202) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cReUT-0006bk-8y; Thu, 12 Jan 2017 07:28:25 -0500 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 338D137E64; Thu, 12 Jan 2017 12:28:25 +0000 (UTC) Received: from [10.36.116.62] (ovpn-116-62.ams2.redhat.com [10.36.116.62]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v0CCSM9a014526 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 12 Jan 2017 07:28:23 -0500 To: "Dr. David Alan Gilbert" References: <1484216631-30723-1-git-send-email-thuth@redhat.com> <20170112121933.GB2513@work-vm> Cc: qemu-devel@nongnu.org, qemu-trivial@nongnu.org, Markus Armbruster , Daniel P Berrange From: Thomas Huth Message-ID: Date: Thu, 12 Jan 2017 13:28:21 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 In-Reply-To: <20170112121933.GB2513@work-vm> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Thu, 12 Jan 2017 12:28:25 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: Re: [Qemu-trivial] [PATCH v2] monitor: Fix crashes when using HMP commands without CPU X-BeenThere: qemu-trivial@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jan 2017 12:28:43 -0000 On 12.01.2017 13:19, Dr. David Alan Gilbert wrote: > * Thomas Huth (thuth@redhat.com) wrote: >> When running certain HMP commands ("info registers", "info cpustats", >> "nmi", "memsave" or dumping virtual memory) with the "none" machine, >> QEMU crashes with a segmentation fault. This happens because the "none" >> machine does not have any CPUs by default, but these HMP commands did >> not check for a valid CPU pointer yet. Add such checks now, so we get >> an error message about the missing CPU instead. >> >> Signed-off-by: Thomas Huth >> --- >> v2: >> - Added more checks to cover "nmi" and "memsave", too >> >> hmp.c | 8 +++++++- >> monitor.c | 37 +++++++++++++++++++++++++++++++------ >> 2 files changed, 38 insertions(+), 7 deletions(-) >> >> diff --git a/hmp.c b/hmp.c >> index b869617..b1c503a 100644 >> --- a/hmp.c >> +++ b/hmp.c >> @@ -1013,8 +1013,14 @@ void hmp_memsave(Monitor *mon, const QDict *qdict) >> const char *filename = qdict_get_str(qdict, "filename"); >> uint64_t addr = qdict_get_int(qdict, "val"); >> Error *err = NULL; >> + int cpu_index = monitor_get_cpu_index(); >> >> - qmp_memsave(addr, size, filename, true, monitor_get_cpu_index(), &err); >> + if (cpu_index < 0) { >> + monitor_printf(mon, "No CPU available\n"); >> + return; >> + } > > OK, that includes UNASSIGNED_CPU_INDEX. > >> + >> + qmp_memsave(addr, size, filename, true, cpu_index, &err); >> hmp_handle_error(mon, &err); >> } >> >> diff --git a/monitor.c b/monitor.c >> index 0841d43..74843eb 100644 >> --- a/monitor.c >> +++ b/monitor.c >> @@ -1025,6 +1025,9 @@ int monitor_set_cpu(int cpu_index) >> CPUState *mon_get_cpu(void) >> { >> if (!cur_mon->mon_cpu) { >> + if (!first_cpu) { >> + return NULL; >> + } >> monitor_set_cpu(first_cpu->cpu_index); >> } >> cpu_synchronize_state(cur_mon->mon_cpu); >> @@ -1033,17 +1036,27 @@ CPUState *mon_get_cpu(void) >> >> CPUArchState *mon_get_cpu_env(void) >> { >> - return mon_get_cpu()->env_ptr; >> + CPUState *cs = mon_get_cpu(); >> + >> + return cs ? cs->env_ptr : NULL; >> } >> >> int monitor_get_cpu_index(void) >> { >> - return mon_get_cpu()->cpu_index; >> + CPUState *cs = mon_get_cpu(); >> + >> + return cs ? cs->cpu_index : -1; >> } > > OK, do you think that should use UNASSIGNED_CPU_INDEX > explicitly rather than -1 ? I wasn't aware of the fact that we've even got a macro for this ... I'll send a v3 with that change. > Reviewed-by: Dr. David Alan Gilbert Thanks for the review! > I'm sure we'll find loads more similar cases where -M none breaks stuff. I've added two more cases (migration and gdbstub) to the "Potentially easy bugs" section on http://qemu-project.org/BiteSizedTasks now. I think these are simple and easy tasks to get started with QEMU hacking... Thomas From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44852) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cReUW-0002Nw-Mw for qemu-devel@nongnu.org; Thu, 12 Jan 2017 07:28:33 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cReUT-0006cf-HG for qemu-devel@nongnu.org; Thu, 12 Jan 2017 07:28:28 -0500 References: <1484216631-30723-1-git-send-email-thuth@redhat.com> <20170112121933.GB2513@work-vm> From: Thomas Huth Message-ID: Date: Thu, 12 Jan 2017 13:28:21 +0100 MIME-Version: 1.0 In-Reply-To: <20170112121933.GB2513@work-vm> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH v2] monitor: Fix crashes when using HMP commands without CPU List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Dr. David Alan Gilbert" Cc: qemu-devel@nongnu.org, qemu-trivial@nongnu.org, Markus Armbruster , Daniel P Berrange On 12.01.2017 13:19, Dr. David Alan Gilbert wrote: > * Thomas Huth (thuth@redhat.com) wrote: >> When running certain HMP commands ("info registers", "info cpustats", >> "nmi", "memsave" or dumping virtual memory) with the "none" machine, >> QEMU crashes with a segmentation fault. This happens because the "none" >> machine does not have any CPUs by default, but these HMP commands did >> not check for a valid CPU pointer yet. Add such checks now, so we get >> an error message about the missing CPU instead. >> >> Signed-off-by: Thomas Huth >> --- >> v2: >> - Added more checks to cover "nmi" and "memsave", too >> >> hmp.c | 8 +++++++- >> monitor.c | 37 +++++++++++++++++++++++++++++++------ >> 2 files changed, 38 insertions(+), 7 deletions(-) >> >> diff --git a/hmp.c b/hmp.c >> index b869617..b1c503a 100644 >> --- a/hmp.c >> +++ b/hmp.c >> @@ -1013,8 +1013,14 @@ void hmp_memsave(Monitor *mon, const QDict *qdict) >> const char *filename = qdict_get_str(qdict, "filename"); >> uint64_t addr = qdict_get_int(qdict, "val"); >> Error *err = NULL; >> + int cpu_index = monitor_get_cpu_index(); >> >> - qmp_memsave(addr, size, filename, true, monitor_get_cpu_index(), &err); >> + if (cpu_index < 0) { >> + monitor_printf(mon, "No CPU available\n"); >> + return; >> + } > > OK, that includes UNASSIGNED_CPU_INDEX. > >> + >> + qmp_memsave(addr, size, filename, true, cpu_index, &err); >> hmp_handle_error(mon, &err); >> } >> >> diff --git a/monitor.c b/monitor.c >> index 0841d43..74843eb 100644 >> --- a/monitor.c >> +++ b/monitor.c >> @@ -1025,6 +1025,9 @@ int monitor_set_cpu(int cpu_index) >> CPUState *mon_get_cpu(void) >> { >> if (!cur_mon->mon_cpu) { >> + if (!first_cpu) { >> + return NULL; >> + } >> monitor_set_cpu(first_cpu->cpu_index); >> } >> cpu_synchronize_state(cur_mon->mon_cpu); >> @@ -1033,17 +1036,27 @@ CPUState *mon_get_cpu(void) >> >> CPUArchState *mon_get_cpu_env(void) >> { >> - return mon_get_cpu()->env_ptr; >> + CPUState *cs = mon_get_cpu(); >> + >> + return cs ? cs->env_ptr : NULL; >> } >> >> int monitor_get_cpu_index(void) >> { >> - return mon_get_cpu()->cpu_index; >> + CPUState *cs = mon_get_cpu(); >> + >> + return cs ? cs->cpu_index : -1; >> } > > OK, do you think that should use UNASSIGNED_CPU_INDEX > explicitly rather than -1 ? I wasn't aware of the fact that we've even got a macro for this ... I'll send a v3 with that change. > Reviewed-by: Dr. David Alan Gilbert Thanks for the review! > I'm sure we'll find loads more similar cases where -M none breaks stuff. I've added two more cases (migration and gdbstub) to the "Potentially easy bugs" section on http://qemu-project.org/BiteSizedTasks now. I think these are simple and easy tasks to get started with QEMU hacking... Thomas