[Qemu-devel] [PATCH 0/2] fix segfaults caused by accessing CPU in empty machine

[Qemu-devel] [PATCH 0/2] fix segfaults caused by accessing CPU in empty machine

[Ziyue Yang]

From: Ziyue Yang <yzylivezh@hotmail.com>

Many QEMU monitor commands, like "info lapic", "info tlb" and so on
use mon_get_cpu or related wrappers to access CPU info without checking
whether the CPU exists.
This patch series fix the "info lapic" case, and is the base of the incoming
patch series aiming to eliminate segfaults caused by other QEMU commands
trying to access CPU that doesn't exist.

Ziyue Yang (2):
  monitor.c: make mon_get_cpu return NULL when there is no CPU
  target/i386/monitor.c: check return value of mon_get_cpu before using
    it

 monitor.c             | 10 +++++++---
 target/i386/monitor.c |  7 +++++--
 2 files changed, 12 insertions(+), 5 deletions(-)

--
2.11.0

[Qemu-devel] [PATCH 1/2] monitor.c: make mon_get_cpu return NULL when there is no CPU

[Ziyue Yang]

From: Ziyue Yang <yzylivezh@hotmail.com>

Currently mon_get_cpu always dereferences first_cpu without checking
whether it's a valid pointer. This commit adds check before dereferencing,
and reports "No CPU" info if there isn't any CPU then returns NULL.

Signed-off-by: Ziyue Yang <skiver.cloud.yzy@gmail.com>
---
 monitor.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/monitor.c b/monitor.c
index 3cd72a9bab..6b25cf7a2b 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1026,6 +1026,10 @@ int monitor_set_cpu(int cpu_index)
 CPUState *mon_get_cpu(void)
 {
     if (!cur_mon->mon_cpu) {
+        if (!first_cpu) {
+            monitor_printf(cur_mon, "No CPU available on this machine\n");
+            return NULL;
+        }
         monitor_set_cpu(first_cpu->cpu_index);
     }
     cpu_synchronize_state(cur_mon->mon_cpu);
@@ -2495,11 +2499,11 @@ static int default_fmt_size = 4;
 static int is_valid_option(const char *c, const char *typestr)
 {
     char option[3];
-  
+
     option[0] = '-';
     option[1] = *c;
     option[2] = '\0';
-  
+
     typestr = strstr(typestr, option);
     return (typestr != NULL);
 }
@@ -2864,7 +2868,7 @@ static QDict *monitor_parse_arguments(Monitor *mon,
                     p++;
                     if(c != *p) {
                         if(!is_valid_option(p, typestr)) {
-                  
+
                             monitor_printf(mon, "%s: unsupported option -%c\n",
                                            cmd->name, *p);
                             goto fail;
-- 
2.11.0

[Qemu-devel] [PATCH 2/2] target/i386/monitor.c: check return value of mon_get_cpu before using it

[Ziyue Yang]

From: Ziyue Yang <yzylivezh@hotmail.com>

This patch eliminates the segfault caused by accessing CPU that doesn't
exist in hmp command "info lapic", which can be reproduced by

$ qemu-system-x86_64 -nographic -M none -serial none -monitor stdio

and then type "info lapic" into qemu monitor.

Signed-off-by: Ziyue Yang <skiver.cloud.yzy@gmail.com>
---
 target/i386/monitor.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/target/i386/monitor.c b/target/i386/monitor.c
index 468aa073bc..7b96c74a24 100644
--- a/target/i386/monitor.c
+++ b/target/i386/monitor.c
@@ -624,8 +624,11 @@ const MonitorDef *target_monitor_defs(void)
 
 void hmp_info_local_apic(Monitor *mon, const QDict *qdict)
 {
-    x86_cpu_dump_local_apic_state(mon_get_cpu(), (FILE *)mon, monitor_fprintf,
-                                  CPU_DUMP_FPU);
+    CPUState *cs = mon_get_cpu();
+    if (cs) {
+        x86_cpu_dump_local_apic_state(cs, (FILE *)mon, monitor_fprintf,
+                                      CPU_DUMP_FPU);
+    }
 }
 
 void hmp_info_io_apic(Monitor *mon, const QDict *qdict)
-- 
2.11.0

Re: [Qemu-devel] [PATCH 1/2] monitor.c: make mon_get_cpu return NULL when there is no CPU

[Philippe Mathieu-Daudé]

On 02/17/2017 05:27 AM, Ziyue Yang wrote:
> From: Ziyue Yang <yzylivezh@hotmail.com>
>
> Currently mon_get_cpu always dereferences first_cpu without checking
> whether it's a valid pointer. This commit adds check before dereferencing,
> and reports "No CPU" info if there isn't any CPU then returns NULL.
>
> Signed-off-by: Ziyue Yang <skiver.cloud.yzy@gmail.com>

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

> ---
>  monitor.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/monitor.c b/monitor.c
> index 3cd72a9bab..6b25cf7a2b 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -1026,6 +1026,10 @@ int monitor_set_cpu(int cpu_index)
>  CPUState *mon_get_cpu(void)
>  {
>      if (!cur_mon->mon_cpu) {
> +        if (!first_cpu) {
> +            monitor_printf(cur_mon, "No CPU available on this machine\n");
> +            return NULL;
> +        }
>          monitor_set_cpu(first_cpu->cpu_index);
>      }
>      cpu_synchronize_state(cur_mon->mon_cpu);
> @@ -2495,11 +2499,11 @@ static int default_fmt_size = 4;
>  static int is_valid_option(const char *c, const char *typestr)
>  {
>      char option[3];
> -
> +
>      option[0] = '-';
>      option[1] = *c;
>      option[2] = '\0';
> -
> +
>      typestr = strstr(typestr, option);
>      return (typestr != NULL);
>  }
> @@ -2864,7 +2868,7 @@ static QDict *monitor_parse_arguments(Monitor *mon,
>                      p++;
>                      if(c != *p) {
>                          if(!is_valid_option(p, typestr)) {
> -
> +
>                              monitor_printf(mon, "%s: unsupported option -%c\n",
>                                             cmd->name, *p);
>                              goto fail;
>

Re: [Qemu-devel] [PATCH 2/2] target/i386/monitor.c: check return value of mon_get_cpu before using it

[Philippe Mathieu-Daudé]

On 02/17/2017 05:27 AM, Ziyue Yang wrote:
> From: Ziyue Yang <yzylivezh@hotmail.com>
>
> This patch eliminates the segfault caused by accessing CPU that doesn't
> exist in hmp command "info lapic", which can be reproduced by
>
> $ qemu-system-x86_64 -nographic -M none -serial none -monitor stdio
>
> and then type "info lapic" into qemu monitor.
>
> Signed-off-by: Ziyue Yang <skiver.cloud.yzy@gmail.com>

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

> ---
>  target/i386/monitor.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/target/i386/monitor.c b/target/i386/monitor.c
> index 468aa073bc..7b96c74a24 100644
> --- a/target/i386/monitor.c
> +++ b/target/i386/monitor.c
> @@ -624,8 +624,11 @@ const MonitorDef *target_monitor_defs(void)
>
>  void hmp_info_local_apic(Monitor *mon, const QDict *qdict)
>  {
> -    x86_cpu_dump_local_apic_state(mon_get_cpu(), (FILE *)mon, monitor_fprintf,
> -                                  CPU_DUMP_FPU);
> +    CPUState *cs = mon_get_cpu();
> +    if (cs) {
> +        x86_cpu_dump_local_apic_state(cs, (FILE *)mon, monitor_fprintf,
> +                                      CPU_DUMP_FPU);
> +    }
>  }
>
>  void hmp_info_io_apic(Monitor *mon, const QDict *qdict)
>

Re: [Qemu-devel] [PATCH 0/2] fix segfaults caused by accessing CPU in empty machine

[Thomas Huth]

On 17.02.2017 09:27, Ziyue Yang wrote:
> From: Ziyue Yang <yzylivezh@hotmail.com>
> 
> Many QEMU monitor commands, like "info lapic", "info tlb" and so on
> use mon_get_cpu or related wrappers to access CPU info without checking
> whether the CPU exists.
> This patch series fix the "info lapic" case, and is the base of the incoming
> patch series aiming to eliminate segfaults caused by other QEMU commands
> trying to access CPU that doesn't exist.

 Hi,

FYI, I've posted a patch for all of these monitor commands that crash
without CPU already last month:

https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg02602.html

 Thomas

Re: [Qemu-devel] [PATCH 1/2] monitor.c: make mon_get_cpu return NULL when there is no CPU

[Thomas Huth]

On 19.02.2017 04:55, Philippe Mathieu-Daudé wrote:
> On 02/17/2017 05:27 AM, Ziyue Yang wrote:
>> From: Ziyue Yang <yzylivezh@hotmail.com>
>>
>> Currently mon_get_cpu always dereferences first_cpu without checking
>> whether it's a valid pointer. This commit adds check before
>> dereferencing,
>> and reports "No CPU" info if there isn't any CPU then returns NULL.
>>
>> Signed-off-by: Ziyue Yang <skiver.cloud.yzy@gmail.com>
> 
> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> 
>> ---
>>  monitor.c | 10 +++++++---
>>  1 file changed, 7 insertions(+), 3 deletions(-)
>>
>> diff --git a/monitor.c b/monitor.c
>> index 3cd72a9bab..6b25cf7a2b 100644
>> --- a/monitor.c
>> +++ b/monitor.c
>> @@ -1026,6 +1026,10 @@ int monitor_set_cpu(int cpu_index)
>>  CPUState *mon_get_cpu(void)
>>  {
>>      if (!cur_mon->mon_cpu) {
>> +        if (!first_cpu) {
>> +            monitor_printf(cur_mon, "No CPU available on this
>> machine\n");
>> +            return NULL;
>> +        }
>>          monitor_set_cpu(first_cpu->cpu_index);
>>      }
>>      cpu_synchronize_state(cur_mon->mon_cpu);
>> @@ -2495,11 +2499,11 @@ static int default_fmt_size = 4;
>>  static int is_valid_option(const char *c, const char *typestr)
>>  {
>>      char option[3];
>> -
>> +
>>      option[0] = '-';
>>      option[1] = *c;
>>      option[2] = '\0';
>> -
>> +
>>      typestr = strstr(typestr, option);
>>      return (typestr != NULL);
>>  }
>> @@ -2864,7 +2868,7 @@ static QDict *monitor_parse_arguments(Monitor *mon,
>>                      p++;
>>                      if(c != *p) {
>>                          if(!is_valid_option(p, typestr)) {
>> -
>> +
>>                              monitor_printf(mon, "%s: unsupported
>> option -%c\n",
>>                                             cmd->name, *p);
>>                              goto fail;

Your patch contains some unnecessary white space changes, please try to
avoid that! (or send a separate "beautification" patch to fix these).

 Thomas

Re: [Qemu-devel] [PATCH 1/2] monitor.c: make mon_get_cpu return NULL when there is no CPU

[Yang Ziyue]

Sorry for forgetting the "no irrelevant change" rule...won't do that next time!

2017-02-20 14:09 GMT+08:00 Thomas Huth <thuth@redhat.com>:
> On 19.02.2017 04:55, Philippe Mathieu-Daudé wrote:
>> On 02/17/2017 05:27 AM, Ziyue Yang wrote:
>>> From: Ziyue Yang <yzylivezh@hotmail.com>
>>>
>>> Currently mon_get_cpu always dereferences first_cpu without checking
>>> whether it's a valid pointer. This commit adds check before
>>> dereferencing,
>>> and reports "No CPU" info if there isn't any CPU then returns NULL.
>>>
>>> Signed-off-by: Ziyue Yang <skiver.cloud.yzy@gmail.com>
>>
>> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
>>
>>> ---
>>>  monitor.c | 10 +++++++---
>>>  1 file changed, 7 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/monitor.c b/monitor.c
>>> index 3cd72a9bab..6b25cf7a2b 100644
>>> --- a/monitor.c
>>> +++ b/monitor.c
>>> @@ -1026,6 +1026,10 @@ int monitor_set_cpu(int cpu_index)
>>>  CPUState *mon_get_cpu(void)
>>>  {
>>>      if (!cur_mon->mon_cpu) {
>>> +        if (!first_cpu) {
>>> +            monitor_printf(cur_mon, "No CPU available on this
>>> machine\n");
>>> +            return NULL;
>>> +        }
>>>          monitor_set_cpu(first_cpu->cpu_index);
>>>      }
>>>      cpu_synchronize_state(cur_mon->mon_cpu);
>>> @@ -2495,11 +2499,11 @@ static int default_fmt_size = 4;
>>>  static int is_valid_option(const char *c, const char *typestr)
>>>  {
>>>      char option[3];
>>> -
>>> +
>>>      option[0] = '-';
>>>      option[1] = *c;
>>>      option[2] = '\0';
>>> -
>>> +
>>>      typestr = strstr(typestr, option);
>>>      return (typestr != NULL);
>>>  }
>>> @@ -2864,7 +2868,7 @@ static QDict *monitor_parse_arguments(Monitor *mon,
>>>                      p++;
>>>                      if(c != *p) {
>>>                          if(!is_valid_option(p, typestr)) {
>>> -
>>> +
>>>                              monitor_printf(mon, "%s: unsupported
>>> option -%c\n",
>>>                                             cmd->name, *p);
>>>                              goto fail;
>
> Your patch contains some unnecessary white space changes, please try to
> avoid that! (or send a separate "beautification" patch to fix these).
>
>  Thomas
>

Re: [Qemu-devel] [PATCH 0/2] fix segfaults caused by accessing CPU in empty machine

[Dr. David Alan Gilbert]

* Thomas Huth (thuth@redhat.com) wrote:
> On 17.02.2017 09:27, Ziyue Yang wrote:
> > From: Ziyue Yang <yzylivezh@hotmail.com>
> > 
> > Many QEMU monitor commands, like "info lapic", "info tlb" and so on
> > use mon_get_cpu or related wrappers to access CPU info without checking
> > whether the CPU exists.
> > This patch series fix the "info lapic" case, and is the base of the incoming
> > patch series aiming to eliminate segfaults caused by other QEMU commands
> > trying to access CPU that doesn't exist.
> 
>  Hi,
> 
> FYI, I've posted a patch for all of these monitor commands that crash
> without CPU already last month:
> 
> https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg02602.html

I've just sent that in my HMP pull:
https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg04939.html

Ziyue Yang: Perhaps it's best to compare with the things in that
pull and check to see if you have any items that were not in that pull.

Dave

>  Thomas
> 
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK