From: Eduardo Habkost <ehabkost@redhat.com>
To: qemu-devel@nongnu.org
Cc: Paolo Bonzini <pbonzini@redhat.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Subject: [Qemu-devel] [PATCH] fixup! i386: Change X86CPUDefinition::model_id to const char*
Date: Tue, 9 Jan 2018 15:47:54 -0200 [thread overview]
Message-ID: <20180109174754.GR6646@localhost.localdomain> (raw)
In-Reply-To: <20180109154519.25634-2-ehabkost@redhat.com>
On Tue, Jan 09, 2018 at 01:45:13PM -0200, Eduardo Habkost wrote:
> It is valid to have a 48-character model ID on CPUID, however the
> definition of X86CPUDefinition::model_id is char[48], which can
> make the compiler drop the null terminator from the string.
>
> If a CPU model happens to have 48 bytes on model_id, "-cpu help"
> will print garbage and the object_property_set_str() call at
> x86_cpu_load_def() will read data outside the model_id array.
>
> We could increase the array size to 49, but this would mean the
> compiler would not issue a warning if a 49-char string is used by
> mistake for model_id.
>
> To make things simpler, simply change model_id to be const char*,
> and validate the string length using an assert() on
> x86_cpu_cpudef_class_init.
>
> Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Oops, this patch makes 486, pentium, pentium2, pentium3 and
athlon crash because they don't have model_id explicitly set.
Fixup:
* Set model_id to "" explicitly on 486, pentium* and athlon (fix crash)
* Change assert() to ensure model_id is not NULL
* Move assert() to x86_register_cpudef_type() (closer to existing
assert() that validates CPUID_EXT2_AMD_ALIASES)
---
target/i386/cpu.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index ad79fbb111..170c0ecd43 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -939,6 +939,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
.features[FEAT_1_EDX] =
I486_FEATURES,
.xlevel = 0,
+ .model_id = "",
},
{
.name = "pentium",
@@ -950,6 +951,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
.features[FEAT_1_EDX] =
PENTIUM_FEATURES,
.xlevel = 0,
+ .model_id = "",
},
{
.name = "pentium2",
@@ -961,6 +963,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
.features[FEAT_1_EDX] =
PENTIUM2_FEATURES,
.xlevel = 0,
+ .model_id = "",
},
{
.name = "pentium3",
@@ -972,6 +975,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
.features[FEAT_1_EDX] =
PENTIUM3_FEATURES,
.xlevel = 0,
+ .model_id = "",
},
{
.name = "athlon",
@@ -3160,9 +3164,6 @@ static void x86_cpu_cpudef_class_init(ObjectClass *oc, void *data)
X86CPUDefinition *cpudef = data;
X86CPUClass *xcc = X86_CPU_CLASS(oc);
- /* catch mistakes instead of silently truncating model_id when too long */
- assert(!cpudef->model_id || strlen(cpudef->model_id) <= 48);
-
xcc->cpu_def = cpudef;
xcc->migration_safe = true;
}
@@ -3181,6 +3182,9 @@ static void x86_register_cpudef_type(X86CPUDefinition *def)
* they shouldn't be set on the CPU model table.
*/
assert(!(def->features[FEAT_8000_0001_EDX] & CPUID_EXT2_AMD_ALIASES));
+ /* catch mistakes instead of silently truncating model_id when too long */
+ assert(def->model_id && strlen(def->model_id) <= 48);
+
type_register(&ti);
g_free(typename);
--
2.14.3
--
Eduardo
next prev parent reply other threads:[~2018-01-09 17:48 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-09 15:45 [Qemu-devel] [PATCH 0/7] CPU model updates for CVE-2017-5715 (Spectre variant #2) Eduardo Habkost
2018-01-09 15:45 ` [Qemu-devel] [PATCH 1/7] i386: Change X86CPUDefinition::model_id to const char* Eduardo Habkost
2018-01-09 17:47 ` Eduardo Habkost [this message]
2018-01-09 15:45 ` [Qemu-devel] [PATCH 2/7] i386: Add support for SPEC_CTRL MSR Eduardo Habkost
2018-01-09 15:45 ` [Qemu-devel] [PATCH 3/7] i386: Add spec-ctrl CPUID bit Eduardo Habkost
2018-01-13 3:04 ` Gonglei (Arei)
2018-01-15 12:23 ` Eduardo Habkost
2018-01-16 14:50 ` Gonglei (Arei)
2018-01-09 15:45 ` [Qemu-devel] [PATCH 4/7] i386: Add FEAT_8000_0008_EBX CPUID feature word Eduardo Habkost
2018-01-09 15:45 ` [Qemu-devel] [PATCH 5/7] i386: Add new -IBRS versions of Intel CPU models Eduardo Habkost
2018-01-09 15:45 ` [Qemu-devel] [PATCH 6/7] [RFC] i386: Add EPYC-IBPB CPU model Eduardo Habkost
2018-01-09 15:45 ` [Qemu-devel] [PATCH 7/7] [RFC] i386: Add PCID to {Westmere, SandyBridge, IvyBridge}-IBRS Eduardo Habkost
2018-01-09 16:01 ` [Qemu-devel] [PATCH 0/7] CPU model updates for CVE-2017-5715 (Spectre variant #2) no-reply
2018-01-12 19:50 ` Eduardo Habkost
2018-01-15 12:27 ` Eduardo Habkost
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180109174754.GR6646@localhost.localdomain \
--to=ehabkost@redhat.com \
--cc=dgilbert@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).