From: David Hildenbrand <david@redhat.com>
To: qemu-s390x@nongnu.org
Cc: qemu-devel@nongnu.org, Richard Henderson <rth@twiddle.net>,
Alexander Graf <agraf@suse.de>, Cornelia Huck <cohuck@redhat.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Thomas Huth <thuth@redhat.com>,
Chris Venteicher <cventeic@redhat.com>,
Collin Walling <walling@linux.ibm.com>,
David Hildenbrand <david@redhat.com>
Subject: [Qemu-devel] [PATCH] s390x/cpumodel: fix segmentation fault when baselining models
Date: Wed, 18 Jul 2018 10:24:25 +0200 [thread overview]
Message-ID: <20180718082425.14834-1-david@redhat.com> (raw)
Usually, when baselining two CPU models, whereby one of them has base
CPU features disabled (e.g. z14-base,msa=off), we fallback to an older
model that did not have these features in the base model. We always try to
create a "sane" CPU model (as far as possible), and one part of it is that
removing base features is no good and to be avoided.
Now, if we disable base features that were part of a z900, we're out of
luck. We won't find a CPU model and QEMU will segfault. This is a
scenario that should never happen in real life, but it can be used to
crash QEMU.
So let's make something like this:
{ "execute": "query-cpu-model-baseline",
"arguments" : { "modela": { "name": "z14-base", "props": {"esan3" : false}},
"modelb": { "name": "z14"}} }
Produce:
{"return": {"model": {"name": "z900-base", "props": {"esan3": false}}}}
Instead of segfaulting.
This could of course be improved (e.g. to z14-base,esan3=false), however
as this ususally won't happen, let's just avoid crashes.
Signed-off-by: David Hildenbrand <david@redhat.com>
---
target/s390x/cpu_models.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index cfdbccf46d..13a5d4f095 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -716,6 +716,12 @@ CpuModelBaselineInfo *arch_query_cpu_model_baseline(CpuModelInfo *infoa,
model.def = s390_find_cpu_def(cpu_type, max_gen, max_gen_ga,
model.features);
+
+ /* models without early base features (esan3) are bad - fallback to z900 */
+ if (!model.def) {
+ model.def = s390_find_cpu_def(0x2064, 7, 1, NULL);
+ }
+
/* strip off features not part of the max model */
bitmap_and(model.features, model.features, model.def->full_feat,
S390_FEAT_MAX);
--
2.17.1
next reply other threads:[~2018-07-18 8:24 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-18 8:24 David Hildenbrand [this message]
2018-07-18 8:39 ` [Qemu-devel] [qemu-s390x] [PATCH] s390x/cpumodel: fix segmentation fault when baselining models Christian Borntraeger
2018-07-18 8:40 ` David Hildenbrand
2018-07-18 8:44 ` Christian Borntraeger
2018-07-18 8:50 ` David Hildenbrand
2018-07-18 9:06 ` Cornelia Huck
2018-07-18 8:46 ` Cornelia Huck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180718082425.14834-1-david@redhat.com \
--to=david@redhat.com \
--cc=agraf@suse.de \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=cventeic@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=rth@twiddle.net \
--cc=thuth@redhat.com \
--cc=walling@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).