[PULL,19/25] gdbstub: Replace gdb_regs with an array

Message ID	20231011103329.670525-20-alex.bennee@linaro.org
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; From: =?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org> To: qemu-devel@nongnu.org Cc: Akihiko Odaki <akihiko.odaki@daynix.com>, Alistair Francis <alistair.francis@wdc.com>, =?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>, =?utf-8?q?Philippe_M?= =?utf-8?q?athieu-Daud=C3=A9?= <philmd@linaro.org>, Eduardo Habkost <eduardo@habkost.net>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, Yanan Wang <wangyanan55@huawei.com> Subject: [PULL 19/25] gdbstub: Replace gdb_regs with an array Date: Wed, 11 Oct 2023 11:33:23 +0100 Message-Id: <20231011103329.670525-20-alex.bennee@linaro.org> In-Reply-To: <20231011103329.670525-1-alex.bennee@linaro.org> References: <20231011103329.670525-1-alex.bennee@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::131; envelope-from=alex.bennee@linaro.org; helo=mail-lf1-x131.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org
Series	[PULL,01/25] tests/avocado: update firmware to enable OpenBSD test on sbsa-ref \| expand [PULL,01/25] tests/avocado: update firmware to enable OpenBSD test on sbsa-ref [PULL,02/25] tests/avocado: remove flaky test marking for test_sbsaref_edk2_firmware [PULL,03/25] tests/lcitool: add swtpm to the package list [PULL,04/25] gitlab: shuffle some targets and reduce avocado noise [PULL,05/25] tests/docker: make docker engine choice entirely configure driven [PULL,06/25] configure: allow user to override docker engine [PULL,07/25] configure: remove gcc version suffixes [PULL,08/25] gdbstub: Fix target_xml initialization [PULL,09/25] gdbstub: Fix target.xml response [PULL,10/25] plugins: Check if vCPU is realized [PULL,11/25] contrib/plugins: Use GRWLock in execlog [PULL,12/25] gdbstub: Introduce GDBFeature structure [PULL,13/25] target/arm: Move the reference to arm-core.xml [PULL,14/25] hw/core/cpu: Return static value with gdb_arch_name() [PULL,15/25] gdbstub: Use g_markup_printf_escaped() [PULL,16/25] target/arm: Remove references to gdb_has_xml [PULL,17/25] target/ppc: Remove references to gdb_has_xml [PULL,18/25] gdbstub: Remove gdb_has_xml variable [PULL,19/25] gdbstub: Replace gdb_regs with an array [PULL,20/25] accel/tcg: Add plugin_enabled to DisasContextBase [PULL,21/25] target/sh4: Disable decode_gusa when plugins enabled [PULL,22/25] plugins: Set final instruction count in plugin_gen_tb_end [PULL,23/25] contrib/plugins: fix coverity warning in cache [PULL,24/25] contrib/plugins: fix coverity warning in lockstep [PULL,25/25] contrib/plugins: fix coverity warning in hotblocks

Message ID

20231011103329.670525-20-alex.bennee@linaro.org

State

New

Headers

Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
From: =?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>
To: qemu-devel@nongnu.org
Cc: Akihiko Odaki <akihiko.odaki@daynix.com>,
 Alistair Francis <alistair.francis@wdc.com>,
 =?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>, =?utf-8?q?Philippe_M?=
	=?utf-8?q?athieu-Daud=C3=A9?= <philmd@linaro.org>,
 Eduardo Habkost <eduardo@habkost.net>,
 Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
 Yanan Wang <wangyanan55@huawei.com>
Subject: [PULL 19/25] gdbstub: Replace gdb_regs with an array
Date: Wed, 11 Oct 2023 11:33:23 +0100
Message-Id: <20231011103329.670525-20-alex.bennee@linaro.org>
In-Reply-To: <20231011103329.670525-1-alex.bennee@linaro.org>
References: <20231011103329.670525-1-alex.bennee@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2a00:1450:4864:20::131;
 envelope-from=alex.bennee@linaro.org; helo=mail-lf1-x131.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

Series

[PULL,01/25] tests/avocado: update firmware to enable OpenBSD test on sbsa-ref | expand

Commit Message

Alex Bennée Oct. 11, 2023, 10:33 a.m. UTC

From: Akihiko Odaki <akihiko.odaki@daynix.com>

An array is a more appropriate data structure than a list for gdb_regs
since it is initialized only with append operation and read-only after
initialization.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20230912224107.29669-13-akihiko.odaki@daynix.com>
[AJB: fixed a checkpatch violation]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231009164104.369749-20-alex.bennee@linaro.org>

Comments

Fabiano Rosas Oct. 17, 2023, 2:05 p.m. UTC | #1

Alex Bennée <alex.bennee@linaro.org> writes:

> From: Akihiko Odaki <akihiko.odaki@daynix.com>
>
> An array is a more appropriate data structure than a list for gdb_regs
> since it is initialized only with append operation and read-only after
> initialization.
>
> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
> Message-Id: <20230912224107.29669-13-akihiko.odaki@daynix.com>
> [AJB: fixed a checkpatch violation]
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> Message-Id: <20231009164104.369749-20-alex.bennee@linaro.org>
>
> diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
> index 7b8347ed5a..3968369554 100644
> --- a/include/hw/core/cpu.h
> +++ b/include/hw/core/cpu.h
> @@ -502,7 +502,7 @@ struct CPUState {
>  
>      CPUJumpCache *tb_jmp_cache;
>  
> -    struct GDBRegisterState *gdb_regs;
> +    GArray *gdb_regs;
>      int gdb_num_regs;
>      int gdb_num_g_regs;
>      QTAILQ_ENTRY(CPUState) node;
> diff --git a/gdbstub/gdbstub.c b/gdbstub/gdbstub.c
> index 62608a5389..b1532118d1 100644
> --- a/gdbstub/gdbstub.c
> +++ b/gdbstub/gdbstub.c
> @@ -51,7 +51,6 @@ typedef struct GDBRegisterState {
>      gdb_get_reg_cb get_reg;
>      gdb_set_reg_cb set_reg;
>      const char *xml;
> -    struct GDBRegisterState *next;
>  } GDBRegisterState;
>  
>  GDBState gdbserver_state;
> @@ -386,7 +385,8 @@ static const char *get_feature_xml(const char *p, const char **newp,
>                  xml,
>                  g_markup_printf_escaped("<xi:include href=\"%s\"/>",
>                                          cc->gdb_core_xml_file));
> -            for (r = cpu->gdb_regs; r; r = r->next) {
> +            for (guint i = 0; i < cpu->gdb_regs->len; i++) {

It seems we can reach here before having initialized gdb_regs at
gdb_register_coprocessor():

Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
0x0000555555e5310b in get_feature_xml (p=0x555556a99118
<gdbserver_state+56> "target.xml:0,ffb", newp=0x7fffffffc6b0,
process=0x555557a21dd0) at ../gdbstub/gdbstub.c:388

(gdb) p/x cpu->gdb_regs
$1 = 0x0


Using:
qemu-system-x86 ... -s -s

just connect GDB and it crashes.

Akihiko Odaki Oct. 17, 2023, 7:40 p.m. UTC | #2

On 2023/10/17 23:05, Fabiano Rosas wrote:
> Alex Bennée <alex.bennee@linaro.org> writes:
> 
>> From: Akihiko Odaki <akihiko.odaki@daynix.com>
>>
>> An array is a more appropriate data structure than a list for gdb_regs
>> since it is initialized only with append operation and read-only after
>> initialization.
>>
>> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
>> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
>> Message-Id: <20230912224107.29669-13-akihiko.odaki@daynix.com>
>> [AJB: fixed a checkpatch violation]
>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>> Message-Id: <20231009164104.369749-20-alex.bennee@linaro.org>
>>
>> diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
>> index 7b8347ed5a..3968369554 100644
>> --- a/include/hw/core/cpu.h
>> +++ b/include/hw/core/cpu.h
>> @@ -502,7 +502,7 @@ struct CPUState {
>>   
>>       CPUJumpCache *tb_jmp_cache;
>>   
>> -    struct GDBRegisterState *gdb_regs;
>> +    GArray *gdb_regs;
>>       int gdb_num_regs;
>>       int gdb_num_g_regs;
>>       QTAILQ_ENTRY(CPUState) node;
>> diff --git a/gdbstub/gdbstub.c b/gdbstub/gdbstub.c
>> index 62608a5389..b1532118d1 100644
>> --- a/gdbstub/gdbstub.c
>> +++ b/gdbstub/gdbstub.c
>> @@ -51,7 +51,6 @@ typedef struct GDBRegisterState {
>>       gdb_get_reg_cb get_reg;
>>       gdb_set_reg_cb set_reg;
>>       const char *xml;
>> -    struct GDBRegisterState *next;
>>   } GDBRegisterState;
>>   
>>   GDBState gdbserver_state;
>> @@ -386,7 +385,8 @@ static const char *get_feature_xml(const char *p, const char **newp,
>>                   xml,
>>                   g_markup_printf_escaped("<xi:include href=\"%s\"/>",
>>                                           cc->gdb_core_xml_file));
>> -            for (r = cpu->gdb_regs; r; r = r->next) {
>> +            for (guint i = 0; i < cpu->gdb_regs->len; i++) {
> 
> It seems we can reach here before having initialized gdb_regs at
> gdb_register_coprocessor():
> 
> Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
> 0x0000555555e5310b in get_feature_xml (p=0x555556a99118
> <gdbserver_state+56> "target.xml:0,ffb", newp=0x7fffffffc6b0,
> process=0x555557a21dd0) at ../gdbstub/gdbstub.c:388
> 
> (gdb) p/x cpu->gdb_regs
> $1 = 0x0
> 
> 
> Using:
> qemu-system-x86 ... -s -s
> 
> just connect GDB and it crashes.

Hi,

Sorry for trouble and thank you for reporting.

I have just posted a fix "[PATCH v4 1/5] gdbstub: Check if gdb_regs is 
NULL" as part of series "[PATCH v4 0/5] gdbstub and TCG plugin 
improvements". Please test it if possible.

Alex, you may pick the patch early since the bug is quite a serious. 
Please add "Reported-by: Fabiano Rosas <farosas@suse.de>" when you do so 
since I forgot it. You may skip applying target/riscv patches though 
since the maintainers may still have something to comment.

Regards,
Akihiko Odaki

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 7b8347ed5a..3968369554 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -502,7 +502,7 @@  struct CPUState {
 
     CPUJumpCache *tb_jmp_cache;
 
-    struct GDBRegisterState *gdb_regs;
+    GArray *gdb_regs;
     int gdb_num_regs;
     int gdb_num_g_regs;
     QTAILQ_ENTRY(CPUState) node;
diff --git a/gdbstub/gdbstub.c b/gdbstub/gdbstub.c
index 62608a5389..b1532118d1 100644
--- a/gdbstub/gdbstub.c
+++ b/gdbstub/gdbstub.c
@@ -51,7 +51,6 @@  typedef struct GDBRegisterState {
     gdb_get_reg_cb get_reg;
     gdb_set_reg_cb set_reg;
     const char *xml;
-    struct GDBRegisterState *next;
 } GDBRegisterState;
 
 GDBState gdbserver_state;
@@ -386,7 +385,8 @@  static const char *get_feature_xml(const char *p, const char **newp,
                 xml,
                 g_markup_printf_escaped("<xi:include href=\"%s\"/>",
                                         cc->gdb_core_xml_file));
-            for (r = cpu->gdb_regs; r; r = r->next) {
+            for (guint i = 0; i < cpu->gdb_regs->len; i++) {
+                r = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
                 g_ptr_array_add(
                     xml,
                     g_markup_printf_escaped("<xi:include href=\"%s\"/>",
@@ -430,7 +430,8 @@  static int gdb_read_register(CPUState *cpu, GByteArray *buf, int reg)
         return cc->gdb_read_register(cpu, buf, reg);
     }
 
-    for (r = cpu->gdb_regs; r; r = r->next) {
+    for (guint i = 0; i < cpu->gdb_regs->len; i++) {
+        r = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
         if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
             return r->get_reg(env, buf, reg - r->base_reg);
         }
@@ -448,7 +449,8 @@  static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
         return cc->gdb_write_register(cpu, mem_buf, reg);
     }
 
-    for (r = cpu->gdb_regs; r; r = r->next) {
+    for (guint i = 0; i < cpu->gdb_regs->len; i++) {
+        r =  &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
         if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
             return r->set_reg(env, mem_buf, reg - r->base_reg);
         }
@@ -461,17 +463,23 @@  void gdb_register_coprocessor(CPUState *cpu,
                               int num_regs, const char *xml, int g_pos)
 {
     GDBRegisterState *s;
-    GDBRegisterState **p;
-
-    p = &cpu->gdb_regs;
-    while (*p) {
-        /* Check for duplicates.  */
-        if (strcmp((*p)->xml, xml) == 0)
-            return;
-        p = &(*p)->next;
+    guint i;
+
+    if (cpu->gdb_regs) {
+        for (i = 0; i < cpu->gdb_regs->len; i++) {
+            /* Check for duplicates.  */
+            s = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
+            if (strcmp(s->xml, xml) == 0) {
+                return;
+            }
+        }
+    } else {
+        cpu->gdb_regs = g_array_new(false, false, sizeof(GDBRegisterState));
+        i = 0;
     }
 
-    s = g_new0(GDBRegisterState, 1);
+    g_array_set_size(cpu->gdb_regs, i + 1);
+    s = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
     s->base_reg = cpu->gdb_num_regs;
     s->num_regs = num_regs;
     s->get_reg = get_reg;
@@ -480,7 +488,6 @@  void gdb_register_coprocessor(CPUState *cpu,
 
     /* Add to end of list.  */
     cpu->gdb_num_regs += num_regs;
-    *p = s;
     if (g_pos) {
         if (g_pos != s->base_reg) {
             error_report("Error: Bad gdb register numbering for '%s', "

[PULL,19/25] gdbstub: Replace gdb_regs with an array

Commit Message

Comments

Patch