[PATCH v2 23/51] target/i386: Always completely initialize TranslateFaul

qemu-s390x

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 23/51] target/i386: Always completely initialize TranslateFaul

From:	Juan Quintela
Subject:	[PATCH v2 23/51] target/i386: Always completely initialize TranslateFault
Date:	Mon, 5 Dec 2022 10:52:00 +0100

From: Richard Henderson <richard.henderson@linaro.org>

In get_physical_address, the canonical address check failed to
set TranslateFault.stage2, which resulted in an uninitialized
read from the struct when reporting the fault in x86_cpu_tlb_fill.

Adjust all error paths to use structure assignment so that the
entire struct is always initialized.

Reported-by: Daniel Hoffman <dhoff749@gmail.com>
Fixes: 9bbcf372193a ("target/i386: Reorg GET_HPHYS")
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20221201074522.178498-1-richard.henderson@linaro.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1324
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target/i386/tcg/sysemu/excp_helper.c | 34 ++++++++++++++++------------
 1 file changed, 19 insertions(+), 15 deletions(-)

diff --git a/target/i386/tcg/sysemu/excp_helper.c 
b/target/i386/tcg/sysemu/excp_helper.c
index 405a5d414a..55bd1194d3 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -71,10 +71,11 @@ static bool ptw_translate(PTETranslate *inout, hwaddr addr)
         TranslateFault *err = inout->err;
 
         assert(inout->ptw_idx == MMU_NESTED_IDX);
-        err->exception_index = 0; /* unused */
-        err->error_code = inout->env->error_code;
-        err->cr2 = addr;
-        err->stage2 = S2_GPT;
+        *err = (TranslateFault){
+            .error_code = inout->env->error_code,
+            .cr2 = addr,
+            .stage2 = S2_GPT,
+        };
         return false;
     }
     return true;
@@ -431,10 +432,11 @@ do_check_protect_pse36:
                                   MMU_NESTED_IDX, true,
                                   &pte_trans.haddr, &full, 0);
         if (unlikely(flags & TLB_INVALID_MASK)) {
-            err->exception_index = 0; /* unused */
-            err->error_code = env->error_code;
-            err->cr2 = paddr;
-            err->stage2 = S2_GPA;
+            *err = (TranslateFault){
+                .error_code = env->error_code,
+                .cr2 = paddr,
+                .stage2 = S2_GPA,
+            };
             return false;
         }
 
@@ -494,10 +496,11 @@ do_check_protect_pse36:
         }
         break;
     }
-    err->exception_index = EXCP0E_PAGE;
-    err->error_code = error_code;
-    err->cr2 = addr;
-    err->stage2 = S2_NONE;
+    *err = (TranslateFault){
+        .exception_index = EXCP0E_PAGE,
+        .error_code = error_code,
+        .cr2 = addr,
+    };
     return false;
 }
 
@@ -564,9 +567,10 @@ static bool get_physical_address(CPUX86State *env, vaddr 
addr,
                 int shift = in.pg_mode & PG_MODE_LA57 ? 56 : 47;
                 int64_t sext = (int64_t)addr >> shift;
                 if (sext != 0 && sext != -1) {
-                    err->exception_index = EXCP0D_GPF;
-                    err->error_code = 0;
-                    err->cr2 = addr;
+                    *err = (TranslateFault){
+                        .exception_index = EXCP0D_GPF,
+                        .cr2 = addr,
+                    };
                     return false;
                 }
             }
-- 
2.38.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2 12/51] tests/qtests: override "force-legacy" for gpio virtio-mmio tests, (continued)
- [PATCH v2 12/51] tests/qtests: override "force-legacy" for gpio virtio-mmio tests, Juan Quintela, 2022/12/05
- [PATCH v2 13/51] vhost: enable vrings in vhost_dev_start() for vhost-user devices, Juan Quintela, 2022/12/05
- [PATCH v2 15/51] hw/virtio: generalise CHR_EVENT_CLOSED handling, Juan Quintela, 2022/12/05
- [PATCH v2 14/51] hw/virtio: add started_vu status field to vhost-user-gpio, Juan Quintela, 2022/12/05
- [PATCH v2 16/51] include/hw: VM state takes precedence in virtio_device_should_start, Juan Quintela, 2022/12/05
- [PATCH v2 17/51] hw/nvme: fix aio cancel in format, Juan Quintela, 2022/12/05
- [PATCH v2 18/51] hw/nvme: fix aio cancel in flush, Juan Quintela, 2022/12/05
- [PATCH v2 19/51] hw/nvme: fix aio cancel in zone reset, Juan Quintela, 2022/12/05
- [PATCH v2 20/51] hw/nvme: fix aio cancel in dsm, Juan Quintela, 2022/12/05
- [PATCH v2 21/51] hw/nvme: remove copy bh scheduling, Juan Quintela, 2022/12/05
- [PATCH v2 23/51] target/i386: Always completely initialize TranslateFault, Juan Quintela <=
- [PATCH v2 22/51] target/i386: allow MMX instructions with CR4.OSFXSR=0, Juan Quintela, 2022/12/05
- [PATCH v2 24/51] hw/loongarch/virt: Add cfi01 pflash device, Juan Quintela, 2022/12/05
- [PATCH v2 25/51] tests/qtest/migration-test: Fix unlink error and memory leaks, Juan Quintela, 2022/12/05
- [PATCH v2 26/51] target/s390x/tcg: Fix and improve the SACF instruction, Juan Quintela, 2022/12/05
- [PATCH v2 27/51] hw/display/next-fb: Fix comment typo, Juan Quintela, 2022/12/05
- [PATCH v2 28/51] multifd: Create page_size fields into both MultiFD{Recv, Send}Params, Juan Quintela, 2022/12/05
- [PATCH v2 29/51] multifd: Create page_count fields into both MultiFD{Recv, Send}Params, Juan Quintela, 2022/12/05
- [PATCH v2 30/51] migration: Export ram_transferred_ram(), Juan Quintela, 2022/12/05
- [PATCH v2 31/51] migration: Export ram_release_page(), Juan Quintela, 2022/12/05
- Re: [PATCH v2 00/51] migration patches for VFIO, Juan Quintela, 2022/12/05

Prev by Date: [PATCH v2 21/51] hw/nvme: remove copy bh scheduling
Next by Date: [PATCH v2 22/51] target/i386: allow MMX instructions with CR4.OSFXSR=0
Previous by thread: [PATCH v2 21/51] hw/nvme: remove copy bh scheduling
Next by thread: [PATCH v2 22/51] target/i386: allow MMX instructions with CR4.OSFXSR=0
Index(es):
- Date
- Thread