[Qemu-devel] [PATCH] sh4: r2d fix no ide/net case

[Qemu-devel] [PATCH] sh4: r2d fix no ide/net case

[takasi-y]

Fix invalid access/crash when there is no IDE device or NET device.

Signed-off-by: Takashi YOSHII <takasi-y@ops.dti.ne.jp>
---
Current code doesn't check if IDE and NIC is present.
When no IDE is enabled, it accesses invalid adddress (drives_table[-1]).
When no NIC is enabled, it accesses NULL pointer and is killed by SEGV.

SEGV case is easily be seen like below (by -net none)
 $ sh4-softmmu/qemu-system-sh4 -M r2d -kernel kernel.kawa -net none
 Segmentation fault

This changes default model of 2nd NIC from ne2k-pci to rtl8139.
2nd NIC on-board really was rtl8139.

If you depends on old behavior use -net option, for example
  -net nic -net nic,model=ne2k_pci
makes 2nd NIC to be ne2k_pci.
/yoshii

---
 hw/r2d.c |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/r2d.c b/hw/r2d.c
index 7dcb723..5360b4b 100644
--- a/hw/r2d.c
+++ b/hw/r2d.c
@@ -224,13 +224,13 @@ static void r2d_init(ram_addr_t ram_size, int vga_ram_size,
 	       serial_hds[2]);
 
     /* onboard CF (True IDE mode, Master only). */
-    mmio_ide_init(0x14001000, 0x1400080c, irq[CF_IDE], 1,
-        drives_table[drive_get_index(IF_IDE, 0, 0)].bdrv, NULL);
+    if ((i = drive_get_index(IF_IDE, 0, 0)) != -1)
+	mmio_ide_init(0x14001000, 0x1400080c, irq[CF_IDE], 1,
+		      drives_table[i].bdrv, NULL);
 
     /* NIC: rtl8139 on-board, and 2 slots. */
-    pci_nic_init(pci, &nd_table[0], 2 << 3, "rtl8139");
-    for (i = 1; i < nb_nics; i++)
-        pci_nic_init(pci, &nd_table[i], -1, "ne2k_pci");
+    for (i = 0; i < nb_nics; i++)
+        pci_nic_init(pci, &nd_table[i], (i==0)? 2<<3: -1, "rtl8139");
 
     /* Todo: register on board registers */
     if (kernel_filename) {
-- 
1.5.6.3



-- 
/yoshii

Re: [Qemu-devel] [PATCH] sh4: r2d fix no ide/net case

[Shin-ichiro KAWASAKI]

takasi-y@ops.dti.ne.jp wrote:
> Fix invalid access/crash when there is no IDE device or NET device.

I tested this patch and got sure about these two points.
- Access to drives_table[-1] avoided.
- SEGV on '-net none' avoided.
It's worth to apply.

Tested-by: Shin-ichiro KAWASAKI <kawasaki@juno.dti.ne.jp>

> Signed-off-by: Takashi YOSHII <takasi-y@ops.dti.ne.jp>
> ---
> Current code doesn't check if IDE and NIC is present.
> When no IDE is enabled, it accesses invalid adddress (drives_table[-1]).
> When no NIC is enabled, it accesses NULL pointer and is killed by SEGV.
> 
> SEGV case is easily be seen like below (by -net none)
>  $ sh4-softmmu/qemu-system-sh4 -M r2d -kernel kernel.kawa -net none
>  Segmentation fault
> 
> This changes default model of 2nd NIC from ne2k-pci to rtl8139.
> 2nd NIC on-board really was rtl8139.
> 
> If you depends on old behavior use -net option, for example
>   -net nic -net nic,model=ne2k_pci
> makes 2nd NIC to be ne2k_pci.
> /yoshii
> 
> ---
>  hw/r2d.c |   10 +++++-----
>  1 files changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/hw/r2d.c b/hw/r2d.c
> index 7dcb723..5360b4b 100644
> --- a/hw/r2d.c
> +++ b/hw/r2d.c
> @@ -224,13 +224,13 @@ static void r2d_init(ram_addr_t ram_size, int vga_ram_size,
>  	       serial_hds[2]);
>  
(snip)


Regards,
Shin-ichiro KAWASAKI

Re: [Qemu-devel] [PATCH] sh4: r2d fix no ide/net case

[Aurelien Jarno]

On Thu, Feb 12, 2009 at 12:45:37AM +0900, takasi-y@ops.dti.ne.jp wrote:
> Fix invalid access/crash when there is no IDE device or NET device.
> 
> Signed-off-by: Takashi YOSHII <takasi-y@ops.dti.ne.jp>

Thanks, applied.

> ---
> Current code doesn't check if IDE and NIC is present.
> When no IDE is enabled, it accesses invalid adddress (drives_table[-1]).
> When no NIC is enabled, it accesses NULL pointer and is killed by SEGV.
> 
> SEGV case is easily be seen like below (by -net none)
>  $ sh4-softmmu/qemu-system-sh4 -M r2d -kernel kernel.kawa -net none
>  Segmentation fault
> 
> This changes default model of 2nd NIC from ne2k-pci to rtl8139.
> 2nd NIC on-board really was rtl8139.
> 
> If you depends on old behavior use -net option, for example
>   -net nic -net nic,model=ne2k_pci
> makes 2nd NIC to be ne2k_pci.
> /yoshii
> 
> ---
>  hw/r2d.c |   10 +++++-----
>  1 files changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/hw/r2d.c b/hw/r2d.c
> index 7dcb723..5360b4b 100644
> --- a/hw/r2d.c
> +++ b/hw/r2d.c
> @@ -224,13 +224,13 @@ static void r2d_init(ram_addr_t ram_size, int vga_ram_size,
>  	       serial_hds[2]);
>  
>      /* onboard CF (True IDE mode, Master only). */
> -    mmio_ide_init(0x14001000, 0x1400080c, irq[CF_IDE], 1,
> -        drives_table[drive_get_index(IF_IDE, 0, 0)].bdrv, NULL);
> +    if ((i = drive_get_index(IF_IDE, 0, 0)) != -1)
> +	mmio_ide_init(0x14001000, 0x1400080c, irq[CF_IDE], 1,
> +		      drives_table[i].bdrv, NULL);
>  
>      /* NIC: rtl8139 on-board, and 2 slots. */
> -    pci_nic_init(pci, &nd_table[0], 2 << 3, "rtl8139");
> -    for (i = 1; i < nb_nics; i++)
> -        pci_nic_init(pci, &nd_table[i], -1, "ne2k_pci");
> +    for (i = 0; i < nb_nics; i++)
> +        pci_nic_init(pci, &nd_table[i], (i==0)? 2<<3: -1, "rtl8139");
>  
>      /* Todo: register on board registers */
>      if (kernel_filename) {
> -- 
> 1.5.6.3
> 
> 
> 
> -- 
> /yoshii
> 
> 
> 

-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net