From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50338) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZZClw-0005SZ-TJ for qemu-devel@nongnu.org; Tue, 08 Sep 2015 02:52:54 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZZClr-0003QN-9e for qemu-devel@nongnu.org; Tue, 08 Sep 2015 02:52:52 -0400 Received: from mail-oi0-f46.google.com ([209.85.218.46]:34258) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZZClr-0003Fd-4J for qemu-devel@nongnu.org; Tue, 08 Sep 2015 02:52:47 -0400 Received: by oiev17 with SMTP id v17so53446439oie.1 for ; Mon, 07 Sep 2015 23:51:40 -0700 (PDT) MIME-Version: 1.0 Sender: saoret.one@gmail.com In-Reply-To: <55ED66A4.7060108@redhat.com> References: <1441301843-7404-1-git-send-email-speirofr@gmail.com> <55ED66A4.7060108@redhat.com> From: =?UTF-8?B?U2FsdmEgUGVpcsOz?= Date: Tue, 8 Sep 2015 08:51:20 +0200 Message-ID: Content-Type: multipart/mixed; boundary=001a113cd41a51c726051f36cc7d Subject: Re: [Qemu-devel] [PATCH] memory: Add function pointers checks to memory_region_read/write() List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Paolo Bonzini Cc: qemu-devel@nongnu.org --001a113cd41a51c726051f36cc7d Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 9/7/15, Paolo Bonzini wrote: > > > On 03/09/2015 19:37, Salva Peir=C3=B3 wrote: >> The file memory.c directly calls the function pointers provided in >> the MemoryRegionOps to handle read and write operations for memory >> regions. >> The function pointers are called without checking if the function >> pointers are initialised, therefore, causing QEMU to SIGSEGV when >> accessing a memory address for which the operation is not defined (and n= ot >> initialised) >> >> The patch adds explicit checks to function pointers before issuing the >> calls. > > What device are you encountering this for? Perhaps this should be done > in memory_region_init_io instead, so that it is detected early. > > Paolo > Rigth, I should have started by providing the scenario where the fault occu= rs. The problem occurs performing a writeb to the BAR0 of device 1033:194. That is PCI_DEVICE_ID_NEC_UPD720200 0x0194 at hw/usb/hcd-xhci.c I've attached tests/nec-usb-xhci-test.c that reproduces the scenario. Best -- salva --001a113cd41a51c726051f36cc7d Content-Type: text/x-patch; charset=UTF-8; name="0001-tests-nec-usb-xhci-test.c.patch" Content-Disposition: attachment; filename="0001-tests-nec-usb-xhci-test.c.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: file0 RnJvbSBlNjZhYjljOWI5ODM2ZjM3ODY2NjA1YWNkMmUxZWZkYTQyMmIwZTMxIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/U2FsdmE9MjBQZWlyPUMzPUIzPz0gPHNwZWly b2ZyQGdtYWlsLmNvbT4KRGF0ZTogVHVlLCA4IFNlcCAyMDE1IDA4OjQwOjIwICswMjAwClN1Ympl Y3Q6IFtQQVRDSF0gdGVzdHMvbmVjLXVzYi14aGNpLXRlc3QuYwoKLS0tCiB0ZXN0cy9NYWtlZmls ZSAgICAgICAgICAgIHwgICAyICsKIHRlc3RzL25lYy11c2IteGhjaS10ZXN0LmMgfCAxMDIgKysr KysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKwogMiBmaWxlcyBjaGFu Z2VkLCAxMDQgaW5zZXJ0aW9ucygrKQogY3JlYXRlIG1vZGUgMTAwNjQ0IHRlc3RzL25lYy11c2It eGhjaS10ZXN0LmMKCmRpZmYgLS1naXQgYS90ZXN0cy9NYWtlZmlsZSBiL3Rlc3RzL01ha2VmaWxl CmluZGV4IDM0YzYxMzYuLjA4YWU1MDUgMTAwNjQ0Ci0tLSBhL3Rlc3RzL01ha2VmaWxlCisrKyBi L3Rlc3RzL01ha2VmaWxlCkBAIC00MTYsNiArNDE2LDggQEAgdGVzdHMvdmhvc3QtdXNlci10ZXN0 JChFWEVTVUYpOiB0ZXN0cy92aG9zdC11c2VyLXRlc3QubyBxZW11LWNoYXIubyBxZW11LXRpbWVy Lm8KIHRlc3RzL3FlbXUtaW90ZXN0cy9zb2NrZXRfc2NtX2hlbHBlciQoRVhFU1VGKTogdGVzdHMv cWVtdS1pb3Rlc3RzL3NvY2tldF9zY21faGVscGVyLm8KIHRlc3RzL3Rlc3QtcWVtdS1vcHRzJChF WEVTVUYpOiB0ZXN0cy90ZXN0LXFlbXUtb3B0cy5vIGxpYnFlbXV1dGlsLmEgbGlicWVtdXN0dWIu YQogdGVzdHMvdGVzdC13cml0ZS10aHJlc2hvbGQkKEVYRVNVRik6IHRlc3RzL3Rlc3Qtd3JpdGUt dGhyZXNob2xkLm8gJChibG9jay1vYmoteSkgbGlicWVtdXV0aWwuYSBsaWJxZW11c3R1Yi5hCit0 ZXN0cy9uZWMtdXNiLXhoY2ktdGVzdCQoRVhFU1VGKTogdGVzdHMvbmVjLXVzYi14aGNpLXRlc3Qu byAkKGxpYnFvcy1wYy1vYmoteSkgJChxdGVzdC1vYmoteSkgdGVzdHMvbGlicXRlc3QubyBsaWJx ZW11dXRpbC5hIGxpYnFlbXVzdHViLmEKKwogCiBpZmVxICgkKENPTkZJR19QT1NJWCkseSkKIExJ QlMgKz0gLWx1dGlsCmRpZmYgLS1naXQgYS90ZXN0cy9uZWMtdXNiLXhoY2ktdGVzdC5jIGIvdGVz dHMvbmVjLXVzYi14aGNpLXRlc3QuYwpuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAw Li5iN2IwOWYxCi0tLSAvZGV2L251bGwKKysrIGIvdGVzdHMvbmVjLXVzYi14aGNpLXRlc3QuYwpA QCAtMCwwICsxLDEwMiBAQAorLyoKKyAqIFFUZXN0IHRlc3RjYXNlIGZvciBuZWMtdXNiLXhoY2kg Y3Jhc2ggb24gd3JpdGViIHRvIGJhciAwCisgKgorICogQ29weXJpZ2h0IChjKSAyMDE1IFNhbHZh IFBlaXLDsyA8c3BlaXJvLmZyQGdtYWlsLmNvbT4KKyAqCisgKiBUaGlzIHdvcmsgaXMgbGljZW5z ZWQgdW5kZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR1BMLCB2ZXJzaW9uIDIgb3IgbGF0ZXIuCisg KiBTZWUgdGhlIENPUFlJTkcgZmlsZSBpbiB0aGUgdG9wLWxldmVsIGRpcmVjdG9yeS4KKyAqLwor CisvKgorICAgIFN0ZXBzIHRvIHJlcHJvZHVjZSB0aGUgc2NlbmFyaW86CisKKyAgICAxKSBDb21w aWxlIHdpdGg6CisgICAgbWFrZSB0ZXN0cy9uZWMtdXNiLXhoY2ktdGVzdCAKKworICAgIDIpIFJ1 biB3aXRoOgorICAgIFFURVNUX1FFTVVfQklOQVJZPWkzODYtc29mdG1tdS9xZW11LXN5c3RlbS1p Mzg2IHRlc3RzL25lYy11c2IteGhjaS10ZXN0IAorICAgIAorICAgIDMpIE91dHB1dDoKKyAgICAv aTM4Ni9uZWMtdXNiLXhoY2kvd3JpdGViOiAKKyAgICBkZXYgMTIzNDoxMTExIGJhciAyIFsweGUw MDAwMDAwLzQwOTZdCisgICAgZGV2IDEwMzM6MTk0IGJhciAwIFsweGUwMDAxMDAwLzE2Mzg0XQor ICAgIEJyb2tlbiBwaXBlCisKKyAgICBQcm9ncmFtIHJlY2VpdmVkIHNpZ25hbCBTSUdTRUdWLCBT ZWdtZW50YXRpb24gZmF1bHQuCisgICAgMHgwMDAwMDAwMDAwMDAwMDAwIGluID8/ICgpCisgICAg KGRiKSBidAorICAgICMwICAweDAwMDAwMDAwMDAwMDAwMDAgaW4gPz8gKCkKKyAgICAjMSAgMHgw MDAwN2Y0ZjI2NTFhZjgzIGluIG1lbW9yeV9yZWdpb25fb2xkbW1pb193cml0ZV9hY2Nlc3NvciAo YXR0cnM9Li4uLCBtYXNrPTxvcHRpbWl6ZWQgb3V0Piwgc2hpZnQ9MCwgc2l6ZT08b3B0aW1pemVk IG91dD4sIHZhbHVlPTxzeW50aGV0aWMgcG9pbnRlcj4sIGFkZHI9MywgCisgICAgICAgICAgICBt cj08b3B0aW1pemVkIG91dD4pIGF0IC9uL20vci9xZW11LmdpdC9tZW1vcnkuYzo0NTAKKyovCisK KyNpbmNsdWRlIDxzdGRpby5oPgorI2luY2x1ZGUgPHN0ZGxpYi5oPgorCisjaW5jbHVkZSA8Z2xp Yi5oPgorI2luY2x1ZGUgPHN0cmluZy5oPgorI2luY2x1ZGUgInFlbXUvb3NkZXAuaCIKKworI2lu Y2x1ZGUgImxpYnF0ZXN0LmgiCisjaW5jbHVkZSAibGlicW9zL3BjaS5oIgorI2luY2x1ZGUgImxp YnFvcy9wY2ktcGMuaCIKKyNpbmNsdWRlICJody9wY2kvcGNpX2lkcy5oIgorI2luY2x1ZGUgImh3 L3BjaS9wY2lfcmVncy5oIgorCitzdGF0aWMgdm9pZCBzYXZlX2ZuKFFQQ0lEZXZpY2UgKmRldiwg aW50IGRldmZuLCB2b2lkICpkYXRhKQoreworICAgIFFQQ0lEZXZpY2UgKipwZGV2ID0gKFFQQ0lE ZXZpY2UgKiopIGRhdGE7CisgICAgKnBkZXYgPSBkZXY7Cit9CisKK3N0YXRpYyB2b2lkIHRlc3Rf ZGV2aWNlKGdjb25zdHBvaW50ZXIgZGF0YSkKK3sKKyAgICBRVGVzdFN0YXRlICpzOworCisgICAg UVBDSUJ1cyAqcGNpYnVzOworICAgIFFQQ0lEZXZpY2UgKmRldjsKKyAgICB1aW50cHRyX3QgKmJh cjsKKyAgICB1aW50NjRfdCAgYmFyc2l6ZTsKKyAgICBpbnQgdmVuZG9yX2lkLCBkZXZpY2VfaWQs IGI9MDsKKworICAgIHByaW50ZigiXG4iKTsKKyAgICBzID0gcXRlc3Rfc3RhcnQoIi1NIHEzNSAt ZGV2aWNlIG5lYy11c2IteGhjaSIpOworICAgIGdfYXNzZXJ0KHMgIT0gTlVMTCk7CisKKyAgICBw Y2lidXMgPSBxcGNpX2luaXRfcGMoKTsKKworICAgIHZlbmRvcl9pZD0weDEyMzQ7IGRldmljZV9p ZD0weDExMTE7IGI9MjsKKyAgICBxcGNpX2RldmljZV9mb3JlYWNoKHBjaWJ1cywgdmVuZG9yX2lk LCBkZXZpY2VfaWQsIHNhdmVfZm4sICZkZXYpOworICAgIGdfYXNzZXJ0KGRldiAhPSBOVUxMKTsK KworICAgIHFwY2lfZGV2aWNlX2VuYWJsZShkZXYpOworICAgIGJhciA9ICh1aW50cHRyX3QqKSBx cGNpX2lvbWFwKGRldiwgYiwgJmJhcnNpemUpOworICAgIHByaW50ZigiZGV2ICUwMng6JTAyeCBi YXIgJWQgWyVwLyVkXVxuIiwgdmVuZG9yX2lkLCBkZXZpY2VfaWQsIGIsIGJhciwgKGludCliYXJz aXplKTsKKyAgICBxcGNpX2lvX3dyaXRlYihkZXYsICh2b2lkKiliYXIsIDB4MCk7CisKKyAgICB2 ZW5kb3JfaWQ9MHgxMDMzOyBkZXZpY2VfaWQ9MHgwMTk0OyBiPTA7CisgICAgcXBjaV9kZXZpY2Vf Zm9yZWFjaChwY2lidXMsIHZlbmRvcl9pZCwgZGV2aWNlX2lkLCBzYXZlX2ZuLCAmZGV2KTsKKyAg ICBnX2Fzc2VydChkZXYgIT0gTlVMTCk7CisgICAgCisgICAgcXBjaV9kZXZpY2VfZW5hYmxlKGRl dik7CisgICAgYmFyID0gKHVpbnRwdHJfdCopIHFwY2lfaW9tYXAoZGV2LCBiLCAmYmFyc2l6ZSk7 CisgICAgcHJpbnRmKCJkZXYgJTAyeDolMDJ4IGJhciAlZCBbJXAvJWRdXG4iLCB2ZW5kb3JfaWQs IGRldmljZV9pZCwgYiwgYmFyLCAoaW50KWJhcnNpemUpOworICAgIHVpbnRwdHJfdCBhZGRyID0g KHVpbnRwdHJfdCliYXIgKyAweGU4MDMgJSBiYXJzaXplOworICAgIHFwY2lfaW9fd3JpdGViKGRl diwgKHZvaWQqKWFkZHIsIDB4MCk7CisKKyAgICBpZiAocykgeworICAgICAgICBxdGVzdF9xdWl0 KHMpOworICAgIH0KK30KKworaW50IG1haW4oaW50IGFyZ2MsIGNoYXIgKiphcmd2KQoreworICAg IGNoYXIgKnBhdGg7CisKKyAgICBnX3Rlc3RfaW5pdCgmYXJnYywgJmFyZ3YsIE5VTEwpOworCisg ICAgcGF0aCA9IGdfc3RyZHVwX3ByaW50ZigibmVjLXVzYi14aGNpL3dyaXRlYiIpOworICAgIHF0 ZXN0X2FkZF9kYXRhX2Z1bmMocGF0aCwgTlVMTCwgdGVzdF9kZXZpY2UpOworCisgICAgcmV0dXJu IGdfdGVzdF9ydW4oKTsKK30KLS0gCjIuMS40Cgo= --001a113cd41a51c726051f36cc7d--