From patchwork Wed Aug  7 16:02:36 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>
X-Patchwork-Id: 817407
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4e11:0:b0:367:895a:4699 with SMTP id p17csp460120wrt;
 Wed, 7 Aug 2024 09:03:30 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCVsRMVQQjNgtqvghbPsxNx8qK1nGf7gqr6vfIir9GUNcbMdj94kULAFis7B9FrSuHE/Y1VzRA==@linaro.org
X-Google-Smtp-Source: AGHT+IHHoE80c3DpZIAcF9B+OsNpPkrO1Y9iDEFiz3BDvPy4uWzywa90/WX6ugAADgbhZNtLoBYD
X-Received: by 2002:a05:622a:1315:b0:447:bfb2:f9fc with SMTP id
 d75a77b69052e-45189276790mr295071061cf.12.1723046610157;
 Wed, 07 Aug 2024 09:03:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1723046610; cv=none;
 d=google.com; s=arc-20160816;
 b=Zo7t/aIDbWsxgN10E+fV+k5vxBwGpNQIlvN+txwiLr98kMBMrampjbQaumPElTqzVe
 rDCA3qZCQZcEenuvKX5DTq5NxNIwZxa07BGzhf6xPFe1DiCrhz5vAGH46sU5/nWGuHtz
 RhRqyiv0rXsFCPlM5carrsDiPk5MObNii4CufLJ+NLve4BHc8rILTK2gxyb1rfh/0/6G
 VWCoIjgDAh5u1iOPkECXkOHRreSrmQuIi2MWpqsXmV9b6neru3eGQEuQHkDF99BrSzL0
 ywRw5rFBB8LZPJNHSab2cAdabPC3t9Ffzomc86rgAvQ8H/cWOQ+pJbLDiVtENQ2kNplT
 0prA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:message-id:date:subject:cc:to:from:dkim-signature;
 bh=29HveLnaeU2oOZ9np2drPOdcZohlm2mSI+oDIf9MMDo=;
 fh=LMOXbnOpKx0lcvSq8X+VJWx2Kjdi8MDpUQ3aRHSkkj4=;
 b=tz+lBWhkhDD9Nz6lMdOcvMs2NwDaGqX3vY3iOKLG7iJY44e5/+Zsx+O12TZmFv+SRs
 69rB87PMCU5rRWPDVBC/CJ4MLHztNKUTI3xsoTOfQ0Sk6vYpERYwOw+SGlL0pU6MWSCf
 gY8voWMi3hadVfCQHxihLRM3/V/o29JQ+n6Q5mrQI+qVQfxdeGOMsWmzh9QrMycdYBZt
 nPGvinxxFzsjfvjvUfJj4bxlSWxVs+S1q9K4eg4AZcE0VIV/5MmZysEkPV7imxSYQyBc
 Lg9Y9y0wb7BGjmEArq54C1alODccOiP8YXlcP5uNaS2b60EUMN/QHjBOzP+b1Fm2Atqz
 2LWg==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=mqPyoaz7;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 6a1803df08f44-6bbbb90be66si21694806d6.448.2024.08.07.09.03.29
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Wed, 07 Aug 2024 09:03:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=mqPyoaz7;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org;
 dara=neutral header.i=@linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sbj7i-0005n6-OK; Wed, 07 Aug 2024 12:02:50 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <alex.bennee@linaro.org>)
 id 1sbj7f-0005fh-PC
 for qemu-devel@nongnu.org; Wed, 07 Aug 2024 12:02:47 -0400
Received: from mail-lf1-x12a.google.com ([2a00:1450:4864:20::12a])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <alex.bennee@linaro.org>)
 id 1sbj7c-0000om-V9
 for qemu-devel@nongnu.org; Wed, 07 Aug 2024 12:02:46 -0400
Received: by mail-lf1-x12a.google.com with SMTP id
 2adb3069b0e04-52f04150796so2989289e87.3
 for <qemu-devel@nongnu.org>; Wed, 07 Aug 2024 09:02:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1723046562; x=1723651362; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=29HveLnaeU2oOZ9np2drPOdcZohlm2mSI+oDIf9MMDo=;
 b=mqPyoaz7PgO2sim6gPuN8Um+91oRtAYYKJHb861v8tSHwc4doa7OfkujydWZ5tWRj5
 KpJm9Pdkodf8EqvZmB+lKfXsRfxuPGHzyMJm1p5RlA5dTSCyPGmWiw7UxGwXs9YHdb48
 pvJxBV+Q2l9hGuASxhqX2JXncMlcFggD5La/z3dJsr45xSPaX2Z5bPBUia6yn5qgzLW3
 KVuROu4p2MvZPT/JV9IPl1om11JoXMycfBm2Yp4jQmYfJ1fZG7q/bheMtFKA70Yp/tBD
 kTD3sQW2CWzsiHNXJYGPPTsgVfpkzyRU9bTXTJWULXPvquBo5W9k6ODtQjTYg1H6SOYu
 MetA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1723046562; x=1723651362;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=29HveLnaeU2oOZ9np2drPOdcZohlm2mSI+oDIf9MMDo=;
 b=T7aTBvf59b5Ex2lJ5E7BGVFeSq64o9sIDISkPClB9AEegIh3p0eCn+VeemEYFu7r85
 3Fm8yFdvOU8UtLg/dLn7511w0iWIC0X8sKpfQanbPeUAIHy2NXDKrc164Z1s/YkZpGkm
 Ps1XFjmfruruG8RonV4kiAHV1uprRbJdDClkcnJSFr38B2vN54o13Xt4galUivFHu9t6
 M74MwDV/ac8jCSr/AZbJAa34Jd4JRoRAYNPhyuc/FJBLw0PttYzNt7WG4ORc/A7WxJpb
 cEFR0z2q1kpJpSFfRf91WCnhZ6jT5hMzJkiohiqop2kQ94evW9AeLB2rprFpQHcqhZla
 YCKA==
X-Gm-Message-State: AOJu0YwgkvrzKw4oCOqtM5S3/y0dxDejwFkrvgg++vTP0ATho7W7cXG+
 FZoLGXG3MoTIK/LfzN5Y1ZzYOlOQCA2piBhTGLLzzDGbmgQFjwiT4qwqZb7K7bvZlZTE8Dm84bg
 A
X-Received: by 2002:a05:6512:ba7:b0:52b:c0b1:ab9e with SMTP id
 2adb3069b0e04-530bb367101mr12760532e87.5.1723046561341;
 Wed, 07 Aug 2024 09:02:41 -0700 (PDT)
Received: from draig.lan ([85.9.250.243]) by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-a7dc9d8a483sm648838966b.157.2024.08.07.09.02.40
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 07 Aug 2024 09:02:40 -0700 (PDT)
Received: from draig.lan (localhost [IPv6:::1])
 by draig.lan (Postfix) with ESMTP id 5777D5F713;
 Wed,  7 Aug 2024 17:02:39 +0100 (BST)
From: =?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>
To: qemu-devel@nongnu.org
Cc: =?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>,
 Paolo Bonzini <pbonzini@redhat.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Eduardo Habkost <eduardo@habkost.net>
Subject: [RFC PATCH] target/i386: allow access_ptr to force slow path on
 failed probe
Date: Wed,  7 Aug 2024 17:02:36 +0100
Message-Id: <20240807160236.2478459-1-alex.bennee@linaro.org>
X-Mailer: git-send-email 2.39.2
MIME-Version: 1.0
Received-SPF: pass client-ip=2a00:1450:4864:20::12a;
 envelope-from=alex.bennee@linaro.org; helo=mail-lf1-x12a.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

When we are using TCG plugin memory callbacks probe_access_internal
will return TLB_MMIO to force the slow path for memory access. This
results in probe_access returning NULL but the x86 access_ptr function
happily accepts an empty haddr resulting in segfault hilarity.

Check for an empty haddr to prevent the segfault and enable plugins to
track all the memory operations for the x86 save/restore helpers.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2489
Fixes: 6d03226b42 (plugins: force slow path when plugins instrument memory ops)
Reviewed-by: Alexandre Iooss <erdnaxe@crans.org>
---
 target/i386/tcg/access.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/target/i386/tcg/access.c b/target/i386/tcg/access.c
index 56a1181ea5..8ea5c453a0 100644
--- a/target/i386/tcg/access.c
+++ b/target/i386/tcg/access.c
@@ -58,6 +58,10 @@ static void *access_ptr(X86Access *ac, vaddr addr, unsigned len)
 
     assert(addr >= ac->vaddr);
 
+    if (!ac->haddr1) {
+        return NULL;
+    }
+
 #ifdef CONFIG_USER_ONLY
     assert(offset <= ac->size1 - len);
     return ac->haddr1 + offset;