* [Qemu-devel] valgrind problem in sun4u_load_kernel() @ 2018-06-15 10:37 Thomas Huth 2018-06-17 10:22 ` Mark Cave-Ayland 0 siblings, 1 reply; 4+ messages in thread From: Thomas Huth @ 2018-06-15 10:37 UTC (permalink / raw) To: Mark Cave-Ayland, Artyom Tarasenko; +Cc: QEMU Developers Hi Mark, hi Artyom, while using valgrind to fix some issues with the rom_ptr() function today, I noticed that there is one more problem in sun4u_load_kernel(): The kernel_top variable can be used uninitialized in some cases: If load_elf() fails and the kernel is loaded via load_aout() or load_image_targphys(), the kernel_top variable is never set to a valid value. This could cause some trouble when loading the initrd later. When you've got some spare time, could you please have a look? Thanks, Thomas ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] valgrind problem in sun4u_load_kernel() 2018-06-15 10:37 [Qemu-devel] valgrind problem in sun4u_load_kernel() Thomas Huth @ 2018-06-17 10:22 ` Mark Cave-Ayland 2018-06-19 8:03 ` Artyom Tarasenko 0 siblings, 1 reply; 4+ messages in thread From: Mark Cave-Ayland @ 2018-06-17 10:22 UTC (permalink / raw) To: Thomas Huth, Artyom Tarasenko; +Cc: QEMU Developers On 15/06/18 11:37, Thomas Huth wrote: > Hi Mark, hi Artyom, > > while using valgrind to fix some issues with the rom_ptr() function > today, I noticed that there is one more problem in sun4u_load_kernel(): > The kernel_top variable can be used uninitialized in some cases: > If load_elf() fails and the kernel is loaded via load_aout() or > load_image_targphys(), the kernel_top variable is never set to a valid > value. This could cause some trouble when loading the initrd later. When > you've got some spare time, could you please have a look? Hmmm that's an interesting one - I'm not immediately aware of any 64-bit kernels that are a.out rather than ELF, so I wonder if this has been used to run a.out executables on startup? Any thoughts, Artyom? If this is the case then we can only have a valid kernel_top with an ELF kernel then maybe the following is a good enough solution: diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c index 3975a7b65a..35acf8c96e 100644 --- a/hw/sparc64/sun4u.c +++ b/hw/sparc64/sun4u.c @@ -139,7 +139,7 @@ static uint64_t sun4u_load_kernel(const char *kernel_filename, unsigned int i; long kernel_size; uint8_t *ptr; - uint64_t kernel_top; + uint64_t kernel_top = 0; linux_boot = (kernel_filename != NULL); @@ -172,7 +172,7 @@ static uint64_t sun4u_load_kernel(const char *kernel_filename, } /* load initrd above kernel */ *initrd_size = 0; - if (initrd_filename) { + if (initrd_filename && kernel_top) { *initrd_addr = TARGET_PAGE_ALIGN(kernel_top); *initrd_size = load_image_targphys(initrd_filename, ATB, Mark. ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] valgrind problem in sun4u_load_kernel() 2018-06-17 10:22 ` Mark Cave-Ayland @ 2018-06-19 8:03 ` Artyom Tarasenko 2018-08-08 8:48 ` Thomas Huth 0 siblings, 1 reply; 4+ messages in thread From: Artyom Tarasenko @ 2018-06-19 8:03 UTC (permalink / raw) To: Mark Cave-Ayland; +Cc: Thomas Huth, QEMU Developers On Sun, Jun 17, 2018 at 12:22 PM, Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> wrote: > On 15/06/18 11:37, Thomas Huth wrote: > >> Hi Mark, hi Artyom, >> >> while using valgrind to fix some issues with the rom_ptr() function >> today, I noticed that there is one more problem in sun4u_load_kernel(): >> The kernel_top variable can be used uninitialized in some cases: >> If load_elf() fails and the kernel is loaded via load_aout() or >> load_image_targphys(), the kernel_top variable is never set to a valid >> value. This could cause some trouble when loading the initrd later. When >> you've got some spare time, could you please have a look? > > > Hmmm that's an interesting one - I'm not immediately aware of any 64-bit > kernels that are a.out rather than ELF, so I wonder if this has been used to > run a.out executables on startup? Any thoughts, Artyom? I think there are no Linux/SPARC64 kernels in the a.out format. NetBSD should not be a problem either > If this is the case then we can only have a valid kernel_top with an ELF > kernel then maybe the following is a good enough solution: > > > diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c > index 3975a7b65a..35acf8c96e 100644 > --- a/hw/sparc64/sun4u.c > +++ b/hw/sparc64/sun4u.c > @@ -139,7 +139,7 @@ static uint64_t sun4u_load_kernel(const char > *kernel_filename, > unsigned int i; > long kernel_size; > uint8_t *ptr; > - uint64_t kernel_top; > + uint64_t kernel_top = 0; > > linux_boot = (kernel_filename != NULL); > > @@ -172,7 +172,7 @@ static uint64_t sun4u_load_kernel(const char > *kernel_filename, > } > /* load initrd above kernel */ > *initrd_size = 0; > - if (initrd_filename) { > + if (initrd_filename && kernel_top) { > *initrd_addr = TARGET_PAGE_ALIGN(kernel_top); > > *initrd_size = load_image_targphys(initrd_filename, > > Looks good to me. Acked-by: Artyom Tarasenko <atar4qemu@gmail.com> -- Regards, Artyom Tarasenko SPARC and PPC PReP under qemu blog: http://tyom.blogspot.com/search/label/qemu ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] valgrind problem in sun4u_load_kernel() 2018-06-19 8:03 ` Artyom Tarasenko @ 2018-08-08 8:48 ` Thomas Huth 0 siblings, 0 replies; 4+ messages in thread From: Thomas Huth @ 2018-08-08 8:48 UTC (permalink / raw) To: Mark Cave-Ayland; +Cc: Artyom Tarasenko, QEMU Developers On 06/19/2018 10:03 AM, Artyom Tarasenko wrote: > On Sun, Jun 17, 2018 at 12:22 PM, Mark Cave-Ayland > <mark.cave-ayland@ilande.co.uk> wrote: >> On 15/06/18 11:37, Thomas Huth wrote: >> >>> Hi Mark, hi Artyom, >>> >>> while using valgrind to fix some issues with the rom_ptr() function >>> today, I noticed that there is one more problem in sun4u_load_kernel(): >>> The kernel_top variable can be used uninitialized in some cases: >>> If load_elf() fails and the kernel is loaded via load_aout() or >>> load_image_targphys(), the kernel_top variable is never set to a valid >>> value. This could cause some trouble when loading the initrd later. When >>> you've got some spare time, could you please have a look? >> >> >> Hmmm that's an interesting one - I'm not immediately aware of any 64-bit >> kernels that are a.out rather than ELF, so I wonder if this has been used to >> run a.out executables on startup? Any thoughts, Artyom? > > I think there are no Linux/SPARC64 kernels in the a.out format. > NetBSD should not be a problem either > >> If this is the case then we can only have a valid kernel_top with an ELF >> kernel then maybe the following is a good enough solution: >> >> >> diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c >> index 3975a7b65a..35acf8c96e 100644 >> --- a/hw/sparc64/sun4u.c >> +++ b/hw/sparc64/sun4u.c >> @@ -139,7 +139,7 @@ static uint64_t sun4u_load_kernel(const char >> *kernel_filename, >> unsigned int i; >> long kernel_size; >> uint8_t *ptr; >> - uint64_t kernel_top; >> + uint64_t kernel_top = 0; >> >> linux_boot = (kernel_filename != NULL); >> >> @@ -172,7 +172,7 @@ static uint64_t sun4u_load_kernel(const char >> *kernel_filename, >> } >> /* load initrd above kernel */ >> *initrd_size = 0; >> - if (initrd_filename) { >> + if (initrd_filename && kernel_top) { >> *initrd_addr = TARGET_PAGE_ALIGN(kernel_top); >> >> *initrd_size = load_image_targphys(initrd_filename, >> >> > Looks good to me. > Acked-by: Artyom Tarasenko <atar4qemu@gmail.com> Hi Mark, that looked also fine to me. Could you post it as a proper patch, please? Thanks, Thomas ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-08-08 8:48 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2018-06-15 10:37 [Qemu-devel] valgrind problem in sun4u_load_kernel() Thomas Huth 2018-06-17 10:22 ` Mark Cave-Ayland 2018-06-19 8:03 ` Artyom Tarasenko 2018-08-08 8:48 ` Thomas Huth
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).