From patchwork Fri Oct 25 14:21:58 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Richard Henderson <richard.henderson@linaro.org>
X-Patchwork-Id: 177755
Delivered-To: patch@linaro.org
Received: by 2002:a92:409a:0:0:0:0:0 with SMTP id d26csp3802937ill;
 Fri, 25 Oct 2019 07:42:19 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxL3/PRTQmXIxV+dTBuynMey2bu1ua8jXZLIYd2rIkMpNtUF+ENyPMcWETj5VllzTfuREBw
X-Received: by 2002:ac8:28a3:: with SMTP id i32mr3346481qti.42.1572014539195; 
 Fri, 25 Oct 2019 07:42:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1572014539; cv=none;
 d=google.com; s=arc-20160816;
 b=XBfqY8zBCEvZ1QWe1xAePq/jzDRt2uC1MBJu1sgOs4Buv2NPRLwgClV2Zp129/EJ4q
 WqOrlm3abLauFi93kTfV3tL+UkShFPHAD2j7YWEHymKNEQX6rZIpvUR0lWjsPsOpezpM
 x0mDIB2KMRjLoJilTfLLgm5YZNXBcwaQRVOttTSfl6lLkiniPhklHDyNZIlsWdBFvrqv
 nRcMYZSOhiyZUA3AZh6QdOYtsAqdWdV0pQhbUPFtrtQD0STAdgwYuIU1wvOsY6Fzn6uh
 YBpPAIgEbLIp9rzf8ZQ3sdIkssB6PcbNXRo14L2W/LmVDXNoSSklMKpzep/Qs1CcC4d0
 8QIA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:references:in-reply-to
 :message-id:date:subject:to:from:dkim-signature;
 bh=jWCHT8imM+uT8t8z8pCnUo/8+221GMTt3GzK0VnZBfQ=;
 b=C/4Qi2zJ9P70JW5eucxVjOu/cqs96GgJrh+6UVOMApG5A+mFiRq7k8d1g2gDDXocjv
 N0EKq0Qy1/NlH99Y4pvNo/9LJR02Cs3QrdBOoZirQhh7WB/dmDUx7bedGcnI4VtmATQ8
 ptIsYeeJH8PmYlFba1p8A5rdl7IkgE+OXBWmVkrzkwAQgNqYAUDuPY71PaOFRRXpwfTy
 jQM/LZ8qto4Pywt/8rfT1KRtN5tVxSV1WvOmiVsqmysTLbsOuwkmQRhIp3a86xBX/jEo
 ASbRnQLZEfi5gsfuTQ53+3516eh5b67K2emXefv7t71E1JIhS+so+6PWqOmgm2eCStTg
 hZPQ==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=iHyjGqVB;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 27si1463792qtz.200.2019.10.25.07.42.19 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Fri, 25 Oct 2019 07:42:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=iHyjGqVB;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 209.51.188.17 as permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([::1]:33048 helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1iO0nC-0005lB-3c
 for patch@linaro.org; Fri, 25 Oct 2019 10:42:18 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:44410)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <richard.henderson@linaro.org>) id 1iO0To-0005FL-RV
 for qemu-devel@nongnu.org; Fri, 25 Oct 2019 10:22:17 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <richard.henderson@linaro.org>) id 1iO0Tn-0001h1-ND
 for qemu-devel@nongnu.org; Fri, 25 Oct 2019 10:22:16 -0400
Received: from mail-qt1-x829.google.com ([2607:f8b0:4864:20::829]:40736)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <richard.henderson@linaro.org>)
 id 1iO0Tn-0001gr-JN
 for qemu-devel@nongnu.org; Fri, 25 Oct 2019 10:22:15 -0400
Received: by mail-qt1-x829.google.com with SMTP id o49so3460174qta.7
 for <qemu-devel@nongnu.org>; Fri, 25 Oct 2019 07:22:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=jWCHT8imM+uT8t8z8pCnUo/8+221GMTt3GzK0VnZBfQ=;
 b=iHyjGqVBlWhRCyvOuTKND1TnfPp7qdekqymZ8omiqy0rOsD6qMW3tYMAt6QScTvhgw
 wVNZxFa2fM+X5Qc26r6qIBKAq5KUfPPNZKZIvlmka/ufr2Z0LNfLpVE+DsKh80tsOn37
 viq+35QicC57PHBPGNEoNldEOkm9PTqXONY+nJdd59cxXsCtQxWfbYRvT/4pAlGNMaHr
 A0bdkqDMMeEP6EKv4tBGzWIHLvC4jje46gUXEJZmmlp4x8G/hV2wxDzLkhC8reRBYePv
 LorXMl3iLMBYr01DSym+7R4EW3uKZMZYIOZnR+uDpO3yRv7w+WCv4l9JKQaFfUJHP6kI
 Vn9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=jWCHT8imM+uT8t8z8pCnUo/8+221GMTt3GzK0VnZBfQ=;
 b=CtfVSmisbaczH/9Ps4xOR0vjhVs94PNnNg/Bc69G+9GdGA6gCjDNDqOocJZk7CkD/C
 fiD0217hnkzNVgn5R8lYITL0rz6/B2r5j/L3yK9dU9F8WK4E8q8gZxGU4M/a+dWIwqld
 TTEkmqbFyJ7yh97H2ZxbxEN5Umnl08ehC/mKk/ulAQ6suRwjWHLSKvPW/P2+NTqZ1Vhj
 9BtaJYWqadgbr7UfH7UMWfUToSl5ew6uTDQZkX6Ez1NaNY4V1mFSAuA1J2CusE0i4yUo
 NgXVRAKqufLQeiF7GrT5d8P6XpH0kKz6AVOn9KnhWEWnHvQ33o9NKckvRnfBxXaqRYOA
 UvQA==
X-Gm-Message-State: APjAAAWIvAkaeBd9Mfw241XVAc6RcZbG5dYjFUusS2jmmSFKXYUlrYYc
 gsVlcDz50XlO3j6rMDhTG0CaIYz9L24=
X-Received: by 2002:a0c:85e4:: with SMTP id o91mr3472073qva.16.1572013334490; 
 Fri, 25 Oct 2019 07:22:14 -0700 (PDT)
Received: from localhost.localdomain (rrcs-172-254-253-50.nyc.biz.rr.com.
 [172.254.253.50]) by smtp.gmail.com with ESMTPSA id
 q17sm1137050qtq.58.2019.10.25.07.22.13
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 25 Oct 2019 07:22:13 -0700 (PDT)
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PULL 11/12] translate-all: fix uninitialized tb->orig_tb
Date: Fri, 25 Oct 2019 10:21:58 -0400
Message-Id: <20191025142159.12459-12-richard.henderson@linaro.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20191025142159.12459-1-richard.henderson@linaro.org>
References: <20191025142159.12459-1-richard.henderson@linaro.org>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::829
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org,
 Clement Deschamps <clement.deschamps@greensocs.com>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

From: Clement Deschamps <clement.deschamps@greensocs.com>

This fixes a segmentation fault in icount mode when executing
from an IO region.

TB is marked as CF_NOCACHE but tb->orig_tb is not initialized
(equals previous value in code_gen_buffer).

The issue happens in cpu_io_recompile() when it tries to invalidate orig_tb.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Clement Deschamps <clement.deschamps@greensocs.com>
Message-Id: <20191022140016.918371-1-clement.deschamps@greensocs.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/translate-all.c | 1 +
 1 file changed, 1 insertion(+)

-- 
2.17.1

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 66d4bc4341..f9b7ba159d 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -1722,6 +1722,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
     tb->cs_base = cs_base;
     tb->flags = flags;
     tb->cflags = cflags;
+    tb->orig_tb = NULL;
     tb->trace_vcpu_dstate = *cpu->trace_dstate;
     tcg_ctx->tb_cflags = cflags;
  tb_overflow: