From patchwork Mon Dec 5 09:52:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Juan Quintela X-Patchwork-Id: 631053 Delivered-To: patch@linaro.org Received: by 2002:a17:522:c983:b0:460:3032:e3c4 with SMTP id kr3csp2432011pvb; Mon, 5 Dec 2022 02:18:45 -0800 (PST) X-Google-Smtp-Source: AA0mqf62HdoDhIkYF/tZDqQBXBsQPgxSh8ckiJv0Us//Px9aqa+n0z38VMuO5BNFNHKV2BU5fL1F X-Received: by 2002:ac8:1383:0:b0:3a7:e50f:69bc with SMTP id h3-20020ac81383000000b003a7e50f69bcmr2463569qtj.53.1670235525554; Mon, 05 Dec 2022 02:18:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670235525; cv=none; d=google.com; s=arc-20160816; b=A4VFVXtU3up8BcZkLhc+NWbMeM/iF8370KlGswQMGTwJLX1AnvsSoVBsdhbnJBiRxX Nf28RYVWs4k7QfPAmZE8DhrRDu0ypc/FfJUNQW6TmPC05I36z79wRIEIranpT1gUh1mt yBIO6Fs+Xpd/m3iDERN2jSIdSKU5Q9Hc/3BSRPwb4s/HaF3S5I4Mtt41CrnxOQyMxHYT v0zj5srsVq4DSFJg+xJQKHL5a/NFaVg3isRdnuqHc1dxfHwjGNBVUK1wtA6tgsIMB4IE oPOHU9CYBP+5hZm9zBQCMTYibMpXKorXmR7feyXpl1R3y6F0x+QEJ4xILzLisL7Xl4gd +xGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=dnkYOrTgO+HGLMQelFOS97QjJMRgo81PYH7NJKA+HKk=; b=HCrj76BJDiLROJsTMf9otBL7kb5pRzwG+BV3trqIChbbdECZZ8MNVye9KS0Bp079Yx rPnEtmWvFceyVYdkAboUmGAA5KnzSCxLutmORxfkrW23/Od6169/5Jla4eFc+QehbBrp x+cVK47dWRdQ1f+0IMEuJQLIYdmRe5jcr8cViyWB/hHikC6wq0Gevze2qpQ0d+e+qVyK 6RoUvuzzCGgbp/bGPwKBS9xy2mX5VXlDclq2YG2Xd5g1tv/K79uFaKrM5qo5N13ck1cB lSeEOqA4p9GnsIqe+q9Toni622u+numE1vIglbJUDQPW+DUzSY0qG/GoWxWFysMTkccI Gcug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=R1oPZn5w; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id bk42-20020a05620a1a2a00b006fb1bf042ddsi8074730qkb.360.2022.12.05.02.18.45 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Mon, 05 Dec 2022 02:18:45 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=R1oPZn5w; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1p28Cg-0003QP-J9; Mon, 05 Dec 2022 04:56:02 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p28CS-00034Q-Ff for qemu-devel@nongnu.org; Mon, 05 Dec 2022 04:55:51 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p28CN-0007QX-DS for qemu-devel@nongnu.org; Mon, 05 Dec 2022 04:55:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670234142; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dnkYOrTgO+HGLMQelFOS97QjJMRgo81PYH7NJKA+HKk=; b=R1oPZn5waUm1MpNohvAiQEYBFMFNVxuLCpleOEKpiZK8z57kPlUmIXcZRmsk4rjItsqeQ5 da8TbB5/1l8zb132/Gdm5XTge+UqlLFi6rD/IYQp9fs0t/WSgxT6eTiqMiOzjRrUwMIsUu bzjHqI//SsF4wOFcMgyimQS2g5b3yo8= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-5-8t4q3dc7PkiPR_2Ty-aeZg-1; Mon, 05 Dec 2022 04:55:40 -0500 X-MC-Unique: 8t4q3dc7PkiPR_2Ty-aeZg-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5829B185A794; Mon, 5 Dec 2022 09:55:39 +0000 (UTC) Received: from secure.mitica (unknown [10.39.194.135]) by smtp.corp.redhat.com (Postfix) with ESMTP id F35CF2166B29; Mon, 5 Dec 2022 09:55:31 +0000 (UTC) From: Juan Quintela To: qemu-devel@nongnu.org Cc: Fam Zheng , Thomas Huth , Viresh Kumar , Kevin Wolf , Mathieu Poirier , Laurent Vivier , Eric Blake , Richard Henderson , Raphael Norwitz , Stefan Hajnoczi , Juan Quintela , virtio-fs@redhat.com, =?utf-8?q?Alex_Benn=C3=A9e?= , Christian Borntraeger , "Gonglei (Arei)" , qemu-block@nongnu.org, Xiaojuan Yang , Thomas Huth , Ilya Leoshkevich , Eduardo Habkost , Gerd Hoffmann , "Dr. David Alan Gilbert" , Alex Williamson , Eric Farman , Halil Pasic , Peter Maydell , Vladimir Sementsov-Ogievskiy , Jason Wang , Laurent Vivier , Song Gao , qemu-s390x@nongnu.org, Pavel Dovgalyuk , Klaus Jensen , John Snow , Michael Tokarev , qemu-arm@nongnu.org, Paolo Bonzini , "Michael S. Tsirkin" , Keith Busch , David Hildenbrand , qemu-trivial@nongnu.org, Hanna Reitz , Daniel Hoffman Subject: [PATCH v2 23/51] target/i386: Always completely initialize TranslateFault Date: Mon, 5 Dec 2022 10:52:00 +0100 Message-Id: <20221205095228.1314-24-quintela@redhat.com> In-Reply-To: <20221205095228.1314-1-quintela@redhat.com> References: <20221205095228.1314-1-quintela@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 Received-SPF: pass client-ip=170.10.129.124; envelope-from=quintela@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Richard Henderson In get_physical_address, the canonical address check failed to set TranslateFault.stage2, which resulted in an uninitialized read from the struct when reporting the fault in x86_cpu_tlb_fill. Adjust all error paths to use structure assignment so that the entire struct is always initialized. Reported-by: Daniel Hoffman Fixes: 9bbcf372193a ("target/i386: Reorg GET_HPHYS") Signed-off-by: Richard Henderson Message-Id: <20221201074522.178498-1-richard.henderson@linaro.org> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1324 Signed-off-by: Paolo Bonzini --- target/i386/tcg/sysemu/excp_helper.c | 34 ++++++++++++++++------------ 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/excp_helper.c index 405a5d414a..55bd1194d3 100644 --- a/target/i386/tcg/sysemu/excp_helper.c +++ b/target/i386/tcg/sysemu/excp_helper.c @@ -71,10 +71,11 @@ static bool ptw_translate(PTETranslate *inout, hwaddr addr) TranslateFault *err = inout->err; assert(inout->ptw_idx == MMU_NESTED_IDX); - err->exception_index = 0; /* unused */ - err->error_code = inout->env->error_code; - err->cr2 = addr; - err->stage2 = S2_GPT; + *err = (TranslateFault){ + .error_code = inout->env->error_code, + .cr2 = addr, + .stage2 = S2_GPT, + }; return false; } return true; @@ -431,10 +432,11 @@ do_check_protect_pse36: MMU_NESTED_IDX, true, &pte_trans.haddr, &full, 0); if (unlikely(flags & TLB_INVALID_MASK)) { - err->exception_index = 0; /* unused */ - err->error_code = env->error_code; - err->cr2 = paddr; - err->stage2 = S2_GPA; + *err = (TranslateFault){ + .error_code = env->error_code, + .cr2 = paddr, + .stage2 = S2_GPA, + }; return false; } @@ -494,10 +496,11 @@ do_check_protect_pse36: } break; } - err->exception_index = EXCP0E_PAGE; - err->error_code = error_code; - err->cr2 = addr; - err->stage2 = S2_NONE; + *err = (TranslateFault){ + .exception_index = EXCP0E_PAGE, + .error_code = error_code, + .cr2 = addr, + }; return false; } @@ -564,9 +567,10 @@ static bool get_physical_address(CPUX86State *env, vaddr addr, int shift = in.pg_mode & PG_MODE_LA57 ? 56 : 47; int64_t sext = (int64_t)addr >> shift; if (sext != 0 && sext != -1) { - err->exception_index = EXCP0D_GPF; - err->error_code = 0; - err->cr2 = addr; + *err = (TranslateFault){ + .exception_index = EXCP0D_GPF, + .cr2 = addr, + }; return false; } }