From nobody Mon Feb 9 00:19:35 2026 Delivered-To: importer@patchew.org Received-SPF: temperror (zoho.com: Error in retrieving data from DNS) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=temperror (zoho.com: Error in retrieving data from DNS) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 15532723589611009.0967009313889; Fri, 22 Mar 2019 09:32:38 -0700 (PDT) Received: from localhost ([127.0.0.1]:59885 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h7N5s-00029B-Ez for importer@patchew.org; Fri, 22 Mar 2019 12:32:32 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42425) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h7N3T-0000DV-7p for qemu-devel@nongnu.org; Fri, 22 Mar 2019 12:30:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h7N3C-00047W-IF for qemu-devel@nongnu.org; Fri, 22 Mar 2019 12:29:47 -0400 Received: from mx1.redhat.com ([209.132.183.28]:34687) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h7N3B-0003yI-8y; Fri, 22 Mar 2019 12:29:45 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 905A4C049E23; Fri, 22 Mar 2019 16:23:37 +0000 (UTC) Received: from kamzik.brq.redhat.com (unknown [10.43.2.160]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6BFFA5D9CC; Fri, 22 Mar 2019 16:23:36 +0000 (UTC) From: Andrew Jones To: qemu-devel@nongnu.org, qemu-arm@nongnu.org Date: Fri, 22 Mar 2019 17:23:31 +0100 Message-Id: <20190322162333.17159-2-drjones@redhat.com> In-Reply-To: <20190322162333.17159-1-drjones@redhat.com> References: <20190322162333.17159-1-drjones@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Fri, 22 Mar 2019 16:23:37 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 1/3] target/arm: fix crash on pmu register access X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, aaron@os.amperecomputing.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Fix a QEMU NULL derefence that occurs when the guest attempts to enable PMU counters with a non-v8 cpu model or a v8 cpu model which has not configured a PMU. Fixes: 4e7beb0cc0f3 ("target/arm: Add a timer to predict PMU counter overfl= ow") Signed-off-by: Andrew Jones Reviewed-by: Aaron Lindsay --- target/arm/helper.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/target/arm/helper.c b/target/arm/helper.c index c8d3c213b6b7..fc73488f6cc0 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -1259,6 +1259,10 @@ static bool pmu_counter_enabled(CPUARMState *env, ui= nt8_t counter) int el =3D arm_current_el(env); uint8_t hpmn =3D env->cp15.mdcr_el2 & MDCR_HPMN; =20 + if (!arm_feature(env, ARM_FEATURE_PMU)) { + return false; + } + if (!arm_feature(env, ARM_FEATURE_EL2) || (counter < hpmn || counter =3D=3D 31)) { e =3D env->cp15.c9_pmcr & PMCRE; --=20 2.17.2