From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1K8Zyd-0005RK-Iy for qemu-devel@nongnu.org; Tue, 17 Jun 2008 08:07:55 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1K8Zyc-0005R5-Nk for qemu-devel@nongnu.org; Tue, 17 Jun 2008 08:07:55 -0400 Received: from [199.232.76.173] (port=38202 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1K8Zyc-0005R2-Km for qemu-devel@nongnu.org; Tue, 17 Jun 2008 08:07:54 -0400 Received: from kurt.tools.de ([192.76.135.70]:62285) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1K8Zyc-0007J3-3g for qemu-devel@nongnu.org; Tue, 17 Jun 2008 08:07:54 -0400 Received: from imap.tools.intra (homes.tools.intra [172.20.0.4]) by kurt.TooLs.DE (Postfix) with ESMTP id B816645814 for ; Tue, 17 Jun 2008 14:07:49 +0200 (MEST) Received: from tiger2.tools.intra (tiger2.tools.intra [172.20.0.11]) by imap.tools.intra (Postfix) with SMTP id 8EA514B2EB for ; Tue, 17 Jun 2008 14:07:49 +0200 (CEST) Date: Tue, 17 Jun 2008 14:07:49 +0200 (CEST) From: Juergen Keil MIME-Version: 1.0 Content-Type: MULTIPART/mixed; BOUNDARY=Drift_of_Hogs_331_000 Message-Id: <20080617120749.8EA514B2EB@imap.tools.intra> Subject: [Qemu-devel] [PATCH] kqemu.c should check return value for ioctl(KQEMU_EXEC) Reply-To: Juergen Keil , qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org --Drift_of_Hogs_331_000 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: p8nsWstDDsb5dhyU8VUlMA== When kqemu is enabled, the ioctl(KQEMU_EXEC) could fail for several reasons (e.g. with Linux kqemu-1.4.0pre1 it can fail with EIO or FAULT; and on OpenSolaris I just have a case where it's failing with EINVAL). Problem is that in qemu's file kqemu.c function kqemu_cpu_exec() the return value from the ioctl(KQEMU_EXEC) is ignored and the code continues with the uninitialized kenv->retval. Depending on the uninitialized kenv->retval, you may or may not get a Qemu abort with a register dump and an "Unsupported return value" error message. And there is no indication that the root cause was a failed ioctl. Like this: % qemu -m 512 -localtime -hda /files2/qemu/sol10u4.img -cdrom /files2/media/sol-10-u4-ga-x86-dvd.iso -boot d EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000000 ESI=00000000 EDI=00000000 EBP=00000000 ESP=08047f58 EIP=d27cb7b6 EFL=00000202 [-------] CPL=3 II=0 A20=1 SMM=0 HLT=0 ES =0173 00000000 ffffffff 00cff300 CS =016b 00000000 ffffffff 00cffb00 SS =0173 00000000 ffffffff 00cff300 DS =0173 00000000 ffffffff 00cff300 FS =0000 00000000 00000000 00000000 GS =01c3 d27fb400 ffffffff d2cff37f LDT=0000 00000000 00000000 00008200 TR =0150 fec21a50 00000067 00008900 GDT= fec01000 000002cf IDT= fec20da0 000007ff CR0=8005003b CR2=00000000 CR3=1e0d8000 CR4=00000698 Unsupported return value: 0xfffffd7f kqemu_cpu_exec() should check the return value from ioctl(KQEMU_EXEC) and report some error when the ioctl failed. And it should stop execution in some deterministic way. Patch is attached. --Drift_of_Hogs_331_000 Content-Type: TEXT/plain; name="kqemu_exec_ioctl_rval.patch"; charset=us-ascii; x-unix-mode=0644 Content-Description: kqemu_exec_ioctl_rval.patch Content-MD5: Yqv4ZXf6sKq5Rf6b3xqjyQ== Index: kqemu.c =================================================================== --- kqemu.c (revision 4734) +++ kqemu.c (working copy) @@ -771,8 +771,12 @@ ret = -1; } #else - ioctl(kqemu_fd, KQEMU_EXEC, kenv); - ret = kenv->retval; + if (ioctl(kqemu_fd, KQEMU_EXEC, kenv) < 0) { + fprintf(stderr, "Error while running code in QEMU acceleration layer: %s\n", strerror(errno)); + ret = -1; + } else { + ret = kenv->retval; + } #endif if (env->cpuid_features & CPUID_FXSR) save_native_fp_fxsave(env); --Drift_of_Hogs_331_000--