From: "Alex Bennée" <alex.bennee@linaro.org>
To: Michael Tokarev <mjt@tls.msk.ru>
Cc: qemu-devel@nongnu.org, qemu-stable@nongnu.org,
Richard Henderson <richard.henderson@linaro.org>
Subject: Re: [Stable-8.1.1 11/34] softmmu: Assert data in bounds in iotlb_to_section
Date: Wed, 20 Sep 2023 16:04:50 +0100 [thread overview]
Message-ID: <87ttrovnz1.fsf@linaro.org> (raw)
In-Reply-To: <5bd5a600-e7a5-fe37-1a2f-d00aa7e84428@tls.msk.ru>
Michael Tokarev <mjt@tls.msk.ru> writes:
> 18.09.2023 12:19, Michael Tokarev wrote:
>> 09.09.2023 13:27, Michael Tokarev wrote:
>>> From: Richard Henderson <richard.henderson@linaro.org>
>>>
>>> Acked-by: Alex Bennée <alex.bennee@linaro.org>
>>> Suggested-by: Alex Bennée <alex.bennee@linaro.org>
>>> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
>>> (cherry picked from commit 86e4f93d827d3c1efd00cd8a906e38a2c0f2b5bc)
>>> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
>>>
>>> diff --git a/softmmu/physmem.c b/softmmu/physmem.c
>>> index 3df73542e1..7597dc1c39 100644
>>> --- a/softmmu/physmem.c
>>> +++ b/softmmu/physmem.c
>>> @@ -2413,9 +2413,15 @@ MemoryRegionSection *iotlb_to_section(CPUState *cpu,
>>> int asidx = cpu_asidx_from_attrs(cpu, attrs);
>>> CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
>>> AddressSpaceDispatch *d = qatomic_rcu_read(&cpuas->memory_dispatch);
>>> - MemoryRegionSection *sections = d->map.sections;
>>> + int section_index = index & ~TARGET_PAGE_MASK;
>>> + MemoryRegionSection *ret;
>>> +
>>> + assert(section_index < d->map.sections_nb);
>> This assert now triggers on staging-8.1
>> https://ci.debian.net/data/autopkgtest/testing/amd64/d/dropbear/37993610/log.gz
>> https://ci.debian.net/data/autopkgtest/testing/amd64/c/cryptsetup/37993606/log.gz
>>
>>> + ret = d->map.sections + section_index;
>>> + assert(ret->mr);
>>> + assert(ret->mr->ops);
>>> - return §ions[index & ~TARGET_PAGE_MASK];
>>> + return ret;
>>> }
>>> static void io_mem_init(void)
>> In this upload I removed
>> softmmu-Use-async_run_on_cpu-in-tcg_commit.patch (0d58c660689f6da1),
>> and the test run uses tcg and -smp 4, which is the configuration which 0d58c6606
>> was supposed to fix.
>
> So, should this change not be in 8.1.1 too (together with 0d58c6606),
> or is it just the "messenger"?
Sorry my previous reply was eaten by my MUA.
The main purpose of the asserts is to catch corruption to the Memory
Regions early so we don't see weird failures later on (c.f. the 3
separate bugs for crashes in slightly different places).
IOW is we are crashing on the asserts in this patch but it's booting
without it we are just getting lucky.
>
> Or both should go?
>
> Today is the deadline day for 8.1.1.
>
> Thanks!
>
> /mjt
--
Alex Bennée
Virtualisation Tech Lead @ Linaro
next prev parent reply other threads:[~2023-09-20 20:44 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-09 10:26 [Stable-8.1.1 00/34] Patch Round-up for stable 8.1.1, freeze on 2023-09-19 Michael Tokarev
2023-09-09 10:26 ` [Stable-8.1.1 01/34] target/s390x: Fix the "ignored match" case in VSTRS Michael Tokarev
2023-09-09 10:26 ` [Stable-8.1.1 02/34] target/s390x: Use a 16-bit immediate in VREP Michael Tokarev
2023-09-09 10:26 ` [Stable-8.1.1 03/34] target/s390x: Fix VSTL with a large length Michael Tokarev
2023-09-09 10:26 ` [Stable-8.1.1 04/34] target/s390x: Check reserved bits of VFMIN/VFMAX's M5 Michael Tokarev
2023-09-09 10:26 ` [Stable-8.1.1 05/34] include/hw/virtio/virtio-gpu: Fix virtio-gpu with blob on big endian hosts Michael Tokarev
2023-09-09 10:26 ` [Stable-8.1.1 06/34] kvm: Introduce kvm_arch_get_default_type hook Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 07/34] accel/kvm: Specify default IPA size for arm64 Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 08/34] target/arm: Fix SME ST1Q Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 09/34] target/arm: Fix 64-bit SSRA Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 10/34] docs/about/license: Update LICENSE URL Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 11/34] softmmu: Assert data in bounds in iotlb_to_section Michael Tokarev
2023-09-18 9:19 ` Michael Tokarev
2023-09-19 7:23 ` Michael Tokarev
2023-09-20 15:04 ` Alex Bennée [this message]
2023-09-22 14:43 ` Michael Tokarev
2023-09-20 9:23 ` Alex Bennée
2023-09-22 20:21 ` Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 12/34] softmmu: Use async_run_on_cpu in tcg_commit Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 13/34] block-migration: Ensure we don't crash during migration cleanup Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 14/34] target/arm: properly document FEAT_CRC32 Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 15/34] linux-user: Adjust brk for load_bias Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 16/34] target/i386: raise FERR interrupt with iothread locked Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 17/34] ui/dbus: Properly dispose touch/mouse dbus objects Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 18/34] ppc/vof: Fix missed fields in VOF cleanup Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 19/34] hw/ppc/e500: fix broken snapshot replay Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 20/34] target/ppc: Flush inputs to zero with NJ in ppc_store_vscr Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 21/34] target/ppc: Fix LQ, STQ register-pair order for big-endian Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 22/34] hw/ide/core: set ERR_STAT in unsupported command completion Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 23/34] hw/ide/ahci: write D2H FIS when processing NCQ command Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 24/34] hw/ide/ahci: simplify and document PxCI handling Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 25/34] hw/ide/ahci: PxSACT and PxCI is cleared when PxCMD.ST is cleared Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 26/34] hw/ide/ahci: PxCI should not get cleared when ERR_STAT is set Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 27/34] hw/ide/ahci: fix ahci_write_fis_sdb() Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 28/34] hw/ide/ahci: fix broken SError handling Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 29/34] hw/i2c/aspeed: Fix Tx count and Rx size error in buffer pool mode Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 30/34] hw/i2c/aspeed: Fix TXBUF transmission start position error Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 31/34] qemu-options.hx: Rephrase the descriptions of the -hd* and -cdrom options Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 32/34] docs tests: Fix use of migrate_set_parameter Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 33/34] hw/net/vmxnet3: Fix guest-triggerable assert() Michael Tokarev
2023-09-09 10:27 ` [Stable-8.1.1 34/34] qxl: don't assert() if device isn't yet initialized Michael Tokarev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ttrovnz1.fsf@linaro.org \
--to=alex.bennee@linaro.org \
--cc=mjt@tls.msk.ru \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).