From: Cornelia Huck <cohuck@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>,
Alexander Graf <agraf@suse.de>,
Richard Henderson <rth@twiddle.net>,
David Hildenbrand <david@redhat.com>,
Thomas Huth <thuth@redhat.com>,
qemu-s390x@nongnu.org, qemu-devel@nongnu.org,
Cornelia Huck <cohuck@redhat.com>
Subject: [Qemu-devel] [PULL for-3.0 1/1] s390x/cpumodel: fix segmentation fault when baselining models
Date: Thu, 19 Jul 2018 13:42:04 +0200 [thread overview]
Message-ID: <20180719114204.13036-2-cohuck@redhat.com> (raw)
In-Reply-To: <20180719114204.13036-1-cohuck@redhat.com>
From: David Hildenbrand <david@redhat.com>
Usually, when baselining two CPU models, whereby one of them has base
CPU features disabled (e.g. z14-base,msa=off), we fallback to an older
model that did not have these features in the base model. We always try to
create a "sane" CPU model (as far as possible), and one part of it is that
removing base features is no good and to be avoided.
Now, if we disable base features that were part of a z900, we're out of
luck. We won't find a CPU model and QEMU will segfault. This is a
scenario that should never happen in real life, but it can be used to
crash QEMU.
So let's properly report an error if we baseline e.g.:
{ "execute": "query-cpu-model-baseline",
"arguments" : { "modela": { "name": "z14-base", "props": {"esan3" : false}},
"modelb": { "name": "z14"}} }
Instead of segfaulting.
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20180718092330.19465-1-david@redhat.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
---
target/s390x/cpu_models.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index cfdbccf46d..604898a882 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -716,6 +716,14 @@ CpuModelBaselineInfo *arch_query_cpu_model_baseline(CpuModelInfo *infoa,
model.def = s390_find_cpu_def(cpu_type, max_gen, max_gen_ga,
model.features);
+
+ /* models without early base features (esan3) are bad */
+ if (!model.def) {
+ error_setg(errp, "No compatible CPU model could be created as"
+ " important base features are disabled");
+ return NULL;
+ }
+
/* strip off features not part of the max model */
bitmap_and(model.features, model.features, model.def->full_feat,
S390_FEAT_MAX);
--
2.14.4
next prev parent reply other threads:[~2018-07-19 11:42 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-19 11:42 [Qemu-devel] [PULL for-3.0 0/1] s390x bugfix for rc2 Cornelia Huck
2018-07-19 11:42 ` Cornelia Huck [this message]
2018-07-19 13:47 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180719114204.13036-2-cohuck@redhat.com \
--to=cohuck@redhat.com \
--cc=agraf@suse.de \
--cc=borntraeger@de.ibm.com \
--cc=david@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=rth@twiddle.net \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).