From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1L8txV-0000kC-8Y for qemu-devel@nongnu.org; Sat, 06 Dec 2008 05:00:21 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1L8txT-0000jK-7f for qemu-devel@nongnu.org; Sat, 06 Dec 2008 05:00:20 -0500 Received: from [199.232.76.173] (port=52520 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1L8txS-0000j5-VP for qemu-devel@nongnu.org; Sat, 06 Dec 2008 05:00:19 -0500 Received: from moutng.kundenserver.de ([212.227.17.8]:55018) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1L8txR-0002Ac-Pk for qemu-devel@nongnu.org; Sat, 06 Dec 2008 05:00:18 -0500 Message-ID: <493A4D2D.4060300@mail.berlios.de> Date: Sat, 06 Dec 2008 11:00:13 +0100 From: Stefan Weil MIME-Version: 1.0 Subject: Re: [Qemu-devel][BUG][PATCH] Fix crash in kvm.c References: <4939A81E.4020301@mail.berlios.de> <4939AD2E.2080904@codemonkey.ws> <4939B25F.8030203@mail.berlios.de> <4939B2F3.5060307@codemonkey.ws> In-Reply-To: <4939B2F3.5060307@codemonkey.ws> Content-Type: multipart/mixed; boundary="------------010001010603080704070001" Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Anthony Liguori , QEMU Developers This is a multi-part message in MIME format. --------------010001010603080704070001 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Anthony Liguori schrieb: > Stefan Weil wrote: >> Anthony Liguori schrieb: >> >>> Stefan Weil wrote: >>> >>>> I got a crash (array access out of bounds results in access fault) >>>> with the current Qemu trunk when kvm is enabled: >>>> >>>> qemu -fda fd.img -cdrom cdrom.img -hda hda.img -hdb raw.img -m 256 >>>> -boot >>>> c -enable-kvm >>>> >>>> Host is Debian x86_64, the crash occurs before any code is emulated. >>>> >>> Is the patch incomplete, perhaps? It seems to just add asserts which >>> shouldn't fix anything. >>> >> >> The essential change was to replace "int i" by "unsigned i". >> i = 0x80000000 is negative, so the for loop went until there was an >> access fault. >> > > We should change limit too, right? > > Regards, > > Anthony Liguori > Right, and cpuid_i, too. "uint32_t" is even better than "unsigned". Here is a new patch, now without assertions, so it can be applied to Qemu trunk. Regards Stefan --------------010001010603080704070001 Content-Type: text/x-diff; name="kvm.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="kvm.patch" Fix crash with kvm enabled. Signed-off-by: Stefan Weil Index: target-i386/kvm.c =================================================================== --- target-i386/kvm.c (revision 5889) +++ target-i386/kvm.c (working copy) @@ -39,7 +39,7 @@ struct kvm_cpuid cpuid; struct kvm_cpuid_entry entries[100]; } __attribute__((packed)) cpuid_data; - int limit, i, cpuid_i; + uint32_t limit, i, cpuid_i; uint32_t eax, ebx, ecx, edx; cpuid_i = 0; --------------010001010603080704070001--