hw/nvram/nrf51_nvm.c | 7 +++++++ hw/pci-host/designware.c | 9 +++++++++ hw/pci-host/prep.c | 8 ++++++++ hw/ppc/prep_systemio.c | 8 ++++++++ hw/ppc/spapr_pci.c | 9 ++++++++- hw/vfio/pci-quirks.c | 8 ++++++++ 6 files changed, 48 insertions(+), 1 deletion(-)
From: Prasad J Pandit <pjp@fedoraproject.org> Hello, This series adds various undefined MMIO read/write functions to avoid potential guest crash via a NULL pointer dereference. ex. -> https://git.qemu.org/?p=qemu.git;a=commit;h=bb15013ef34617eb1344f5276292cadd326c21b2 Thank you. -- Prasad J Pandit (6): hw/pci-host: add pci-intack write method pci-host: add pcie-msi read method vfio: add quirk device write method prep: add ppc-parity write method nvram: add nrf51_soc flash read method spapr_pci: add spapr msi read method hw/nvram/nrf51_nvm.c | 7 +++++++ hw/pci-host/designware.c | 9 +++++++++ hw/pci-host/prep.c | 8 ++++++++ hw/ppc/prep_systemio.c | 8 ++++++++ hw/ppc/spapr_pci.c | 9 ++++++++- hw/vfio/pci-quirks.c | 8 ++++++++ 6 files changed, 48 insertions(+), 1 deletion(-) -- 2.26.2
Patchew URL: https://patchew.org/QEMU/20200617053934.122642-1-ppandit@redhat.com/ Hi, This series failed the asan build test. Please find the testing commands and their output below. If you have Docker installed, you can probably reproduce it locally. === TEST SCRIPT BEGIN === #!/bin/bash export ARCH=x86_64 make docker-image-fedora V=1 NETWORK=1 time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1 === TEST SCRIPT END === CC qga/guest-agent-command-state.o CC qga/main.o CC qga/commands-posix.o /usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o) CC qga/channel-posix.o CC qga/qapi-generated/qga-qapi-types.o CC qga/qapi-generated/qga-qapi-visit.o --- GEN docs/interop/qemu-ga-ref.html GEN docs/interop/qemu-ga-ref.txt GEN docs/interop/qemu-ga-ref.7 /usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o) LINK qemu-keymap /usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o) LINK ivshmem-client LINK ivshmem-server /usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o) LINK qemu-nbd /usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o) LINK qemu-storage-daemon /usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o) AS pc-bios/optionrom/multiboot.o /usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o) LINK qemu-img AS pc-bios/optionrom/linuxboot.o /usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o) CC pc-bios/optionrom/linuxboot_dma.o AS pc-bios/optionrom/kvmvapic.o AS pc-bios/optionrom/pvh.o CC pc-bios/optionrom/pvh_main.o BUILD pc-bios/optionrom/multiboot.img LINK qemu-io /usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o) BUILD pc-bios/optionrom/linuxboot.img BUILD pc-bios/optionrom/linuxboot_dma.img BUILD pc-bios/optionrom/kvmvapic.img --- LINK fsdev/virtfs-proxy-helper BUILD pc-bios/optionrom/linuxboot.raw BUILD pc-bios/optionrom/multiboot.raw /usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o) BUILD pc-bios/optionrom/kvmvapic.raw SIGN pc-bios/optionrom/linuxboot.bin LINK scsi/qemu-pr-helper SIGN pc-bios/optionrom/linuxboot_dma.bin SIGN pc-bios/optionrom/kvmvapic.bin LINK qemu-bridge-helper /usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o) SIGN pc-bios/optionrom/multiboot.bin LINK virtiofsd /usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o) /usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o) LINK vhost-user-input LINK qemu-ga BUILD pc-bios/optionrom/pvh.img BUILD pc-bios/optionrom/pvh.raw SIGN pc-bios/optionrom/pvh.bin /usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o) /usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o) /usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o) GEN x86_64-softmmu/hmp-commands-info.h GEN x86_64-softmmu/hmp-commands.h GEN x86_64-softmmu/config-target.h --- CC x86_64-softmmu/hw/scsi/virtio-scsi.o CC x86_64-softmmu/hw/scsi/virtio-scsi-dataplane.o CC x86_64-softmmu/hw/scsi/vhost-scsi-common.o /tmp/qemu-test/src/migration/ram.c:919:45: error: implicit conversion from 'unsigned long' to 'double' changes value from 18446744073709551615 to 18446744073709551616 [-Werror,-Wimplicit-int-float-conversion] xbzrle_counters.encoding_rate = UINT64_MAX; ~ ^~~~~~~~~~ /usr/include/stdint.h:130:23: note: expanded from macro 'UINT64_MAX' --- 18446744073709551615UL ^~~~~~~~~~~~~~~~~~~~~~ 1 error generated. /tmp/qemu-test/src/fpu/softfloat.c:3365:13: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation] absZ &= ~ ( ( ( roundBits ^ 0x40 ) == 0 ) & roundNearestEven ); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ! /tmp/qemu-test/src/fpu/softfloat.c:3423:18: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation] absZ0 &= ~ ( ( (uint64_t) ( absZ1<<1 ) == 0 ) & roundNearestEven ); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ! /tmp/qemu-test/src/fpu/softfloat.c:3483:18: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation] absZ0 &= ~(((uint64_t)(absZ1<<1) == 0) & roundNearestEven); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ! /tmp/qemu-test/src/fpu/softfloat.c:3606:13: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation] zSig &= ~ ( ( ( roundBits ^ 0x40 ) == 0 ) & roundNearestEven ); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ! /tmp/qemu-test/src/fpu/softfloat.c:3760:13: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation] zSig &= ~ ( ( ( roundBits ^ 0x200 ) == 0 ) & roundNearestEven ); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ! /tmp/qemu-test/src/fpu/softfloat.c:3987:21: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation] ~ ( ( (uint64_t) ( zSig1<<1 ) == 0 ) & roundNearestEven ); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ! /tmp/qemu-test/src/fpu/softfloat.c:4003:22: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation] zSig0 &= ~ ( ( (uint64_t) ( zSig1<<1 ) == 0 ) & roundNearestEven ); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ! /tmp/qemu-test/src/fpu/softfloat.c:4273:18: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation] zSig1 &= ~ ( ( zSig2 + zSig2 == 0 ) & roundNearestEven ); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ! 8 errors generated. make[1]: *** [/tmp/qemu-test/src/rules.mak:69: migration/ram.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: *** [/tmp/qemu-test/src/rules.mak:69: fpu/softfloat.o] Error 1 make: *** [Makefile:527: x86_64-softmmu/all] Error 2 Traceback (most recent call last): File "./tests/docker/docker.py", line 669, in <module> sys.exit(main()) --- raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', '--label', 'com.qemu.instance.uuid=01f020e1222945239d0a8e124f15f6c3', '-u', '1001', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=x86_64-softmmu', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', '/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', '/var/tmp/patchew-tester-tmp-3dfzrfgw/src/docker-src.2020-06-17-02.03.49.10100:/var/tmp/qemu:z,ro', 'qemu:fedora', '/var/tmp/qemu/run', 'test-debug']' returned non-zero exit status 2. filter=--filter=label=com.qemu.instance.uuid=01f020e1222945239d0a8e124f15f6c3 make[1]: *** [docker-run] Error 1 make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-3dfzrfgw/src' make: *** [docker-run-test-debug@fedora] Error 2 real 3m44.998s user 0m8.259s The full log is available at http://patchew.org/logs/20200617053934.122642-1-ppandit@redhat.com/testing.asan/?type=message. --- Email generated automatically by Patchew [https://patchew.org/]. Please send your feedback to patchew-devel@redhat.com
On Wed, Jun 17, 2020 at 11:09:27AM +0530, P J P wrote: > From: Prasad J Pandit <pjp@fedoraproject.org> > > Hello, > > This series adds various undefined MMIO read/write functions > to avoid potential guest crash via a NULL pointer dereference. Hrm. If this is such a common problem, maybe we should just add a NULL check in the common paths. > > ex. -> https://git.qemu.org/?p=qemu.git;a=commit;h=bb15013ef34617eb1344f5276292cadd326c21b2 > > Thank you. -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
On Wed, 17 Jun 2020 16:39:56 +1000 David Gibson <david@gibson.dropbear.id.au> wrote: > On Wed, Jun 17, 2020 at 11:09:27AM +0530, P J P wrote: > > From: Prasad J Pandit <pjp@fedoraproject.org> > > > > Hello, > > > > This series adds various undefined MMIO read/write functions > > to avoid potential guest crash via a NULL pointer dereference. > > Hrm. If this is such a common problem, maybe we should just add a > NULL check in the common paths. +1, clearly the behavior is already expected. Thanks, Alex
On 6/17/20 3:06 PM, Alex Williamson wrote: > On Wed, 17 Jun 2020 16:39:56 +1000 > David Gibson <david@gibson.dropbear.id.au> wrote: > >> On Wed, Jun 17, 2020 at 11:09:27AM +0530, P J P wrote: >>> From: Prasad J Pandit <pjp@fedoraproject.org> >>> >>> Hello, >>> >>> This series adds various undefined MMIO read/write functions >>> to avoid potential guest crash via a NULL pointer dereference. >> >> Hrm. If this is such a common problem, maybe we should just add a >> NULL check in the common paths. > > +1, clearly the behavior is already expected. Thanks, 20 months ago Peter suggested: "assert that every MemoryRegionOps has pointers to callbacks in it, when it is registered in memory_region_init_io() and memory_region_init_rom_device_nomigrate()." https://www.mail-archive.com/qemu-devel@nongnu.org/msg573310.html Li Qiang refers to this post from Paolo: > static const MemoryRegionOps notdirty_mem_ops = { > + .read = notdirty_mem_read, > .write = notdirty_mem_write, > .valid.accepts = notdirty_mem_accepts, > .endianness = DEVICE_NATIVE_ENDIAN, "This cannot happen, since TLB_NOTDIRTY is only added to the addr_write member (see accel/tcg/cputlb.c)." https://www.mail-archive.com/qemu-devel@nongnu.org/msg561345.html
Philippe Mathieu-Daudé <philmd@redhat.com> writes: > On 6/17/20 3:06 PM, Alex Williamson wrote: >> On Wed, 17 Jun 2020 16:39:56 +1000 >> David Gibson <david@gibson.dropbear.id.au> wrote: >> >>> On Wed, Jun 17, 2020 at 11:09:27AM +0530, P J P wrote: >>>> From: Prasad J Pandit <pjp@fedoraproject.org> >>>> >>>> Hello, >>>> >>>> This series adds various undefined MMIO read/write functions >>>> to avoid potential guest crash via a NULL pointer dereference. >>> >>> Hrm. If this is such a common problem, maybe we should just add a >>> NULL check in the common paths. >> >> +1, clearly the behavior is already expected. Thanks, > > 20 months ago Peter suggested: > > "assert that every MemoryRegionOps has pointers to callbacks > in it, when it is registered in memory_region_init_io() and > memory_region_init_rom_device_nomigrate()." > > https://www.mail-archive.com/qemu-devel@nongnu.org/msg573310.html > > Li Qiang refers to this post from Paolo: > >> static const MemoryRegionOps notdirty_mem_ops = { >> + .read = notdirty_mem_read, >> .write = notdirty_mem_write, >> .valid.accepts = notdirty_mem_accepts, >> .endianness = DEVICE_NATIVE_ENDIAN, > > "This cannot happen, since TLB_NOTDIRTY is only added > to the addr_write member (see accel/tcg/cputlb.c)." > > https://www.mail-archive.com/qemu-devel@nongnu.org/msg561345.html What about catching it in memory_region_dispatch_write: if (mr->ops->write) { return access_with_adjusted_size(addr, &data, size, mr->ops->impl.min_access_size, mr->ops->impl.max_access_size, memory_region_write_accessor, mr, attrs); } else if (mr->ops->write_with_attrs) { return access_with_adjusted_size(addr, &data, size, mr->ops->impl.min_access_size, mr->ops->impl.max_access_size, memory_region_write_with_attrs_accessor, mr, attrs); } else { qemu_log_mask(LOG_UNIMP|LOG_GUEST_ERROR, "%s: %s un-handled write\n", __func__, mr->name); } -- Alex Bennée
On 6/17/20 4:05 PM, Alex Bennée wrote: > > Philippe Mathieu-Daudé <philmd@redhat.com> writes: > >> On 6/17/20 3:06 PM, Alex Williamson wrote: >>> On Wed, 17 Jun 2020 16:39:56 +1000 >>> David Gibson <david@gibson.dropbear.id.au> wrote: >>> >>>> On Wed, Jun 17, 2020 at 11:09:27AM +0530, P J P wrote: >>>>> From: Prasad J Pandit <pjp@fedoraproject.org> >>>>> >>>>> Hello, >>>>> >>>>> This series adds various undefined MMIO read/write functions >>>>> to avoid potential guest crash via a NULL pointer dereference. >>>> >>>> Hrm. If this is such a common problem, maybe we should just add a >>>> NULL check in the common paths. >>> >>> +1, clearly the behavior is already expected. Thanks, >> >> 20 months ago Peter suggested: >> >> "assert that every MemoryRegionOps has pointers to callbacks >> in it, when it is registered in memory_region_init_io() and >> memory_region_init_rom_device_nomigrate()." >> >> https://www.mail-archive.com/qemu-devel@nongnu.org/msg573310.html >> >> Li Qiang refers to this post from Paolo: >> >>> static const MemoryRegionOps notdirty_mem_ops = { >>> + .read = notdirty_mem_read, >>> .write = notdirty_mem_write, >>> .valid.accepts = notdirty_mem_accepts, >>> .endianness = DEVICE_NATIVE_ENDIAN, >> >> "This cannot happen, since TLB_NOTDIRTY is only added >> to the addr_write member (see accel/tcg/cputlb.c)." >> >> https://www.mail-archive.com/qemu-devel@nongnu.org/msg561345.html > > What about catching it in memory_region_dispatch_write: > > if (mr->ops->write) { > return access_with_adjusted_size(addr, &data, size, > mr->ops->impl.min_access_size, > mr->ops->impl.max_access_size, > memory_region_write_accessor, mr, > attrs); > } else if (mr->ops->write_with_attrs) { > return > access_with_adjusted_size(addr, &data, size, > mr->ops->impl.min_access_size, > mr->ops->impl.max_access_size, > memory_region_write_with_attrs_accessor, > mr, attrs); > } else { > qemu_log_mask(LOG_UNIMP|LOG_GUEST_ERROR, "%s: %s un-handled write\n", > __func__, mr->name); The problem is what return value to return... MEMTX_OK/MEMTX_ERROR/MEMTX_DECODE_ERROR? This is very device-specific and can't be decided here for all the cases. Better to abort() and fix each device? > } > >
On 17/06/20 15:20, Philippe Mathieu-Daudé wrote: > On 6/17/20 3:06 PM, Alex Williamson wrote: >> On Wed, 17 Jun 2020 16:39:56 +1000 >> David Gibson <david@gibson.dropbear.id.au> wrote: >> >>> On Wed, Jun 17, 2020 at 11:09:27AM +0530, P J P wrote: >>>> From: Prasad J Pandit <pjp@fedoraproject.org> >>>> >>>> Hello, >>>> >>>> This series adds various undefined MMIO read/write functions >>>> to avoid potential guest crash via a NULL pointer dereference. >>> >>> Hrm. If this is such a common problem, maybe we should just add a >>> NULL check in the common paths. >> >> +1, clearly the behavior is already expected. Thanks, > > 20 months ago Peter suggested: > > "assert that every MemoryRegionOps has pointers to callbacks > in it, when it is registered in memory_region_init_io() and > memory_region_init_rom_device_nomigrate()." > > https://www.mail-archive.com/qemu-devel@nongnu.org/msg573310.html > > Li Qiang refers to this post from Paolo: > >> static const MemoryRegionOps notdirty_mem_ops = { >> + .read = notdirty_mem_read, >> .write = notdirty_mem_write, >> .valid.accepts = notdirty_mem_accepts, >> .endianness = DEVICE_NATIVE_ENDIAN, > > "This cannot happen, since TLB_NOTDIRTY is only added > to the addr_write member (see accel/tcg/cputlb.c)." I'm now okay with asserting it, as long as notdirty_mem_read abort()s. Paolo
+-- On Wed, 17 Jun 2020, Paolo Bonzini wrote --+ | On 17/06/20 15:20, Philippe Mathieu-Daudé wrote: | > On 6/17/20 3:06 PM, Alex Williamson wrote: | >> On Wed, 17 Jun 2020 16:39:56 +1000 | >> David Gibson <david@gibson.dropbear.id.au> wrote: | >>> Hrm. If this is such a common problem, maybe we should just add a NULL | >>> check in the common paths. | >> | >> +1, clearly the behavior is already expected. Thanks, | > | > 20 months ago Peter suggested: | > | > "assert that every MemoryRegionOps has pointers to callbacks | > in it, when it is registered in memory_region_init_io() and | > memory_region_init_rom_device_nomigrate()." | > | > https://www.mail-archive.com/qemu-devel@nongnu.org/msg573310.html | > | > Li Qiang refers to this post from Paolo: | > | >> static const MemoryRegionOps notdirty_mem_ops = { | >> + .read = notdirty_mem_read, | >> .write = notdirty_mem_write, | >> .valid.accepts = notdirty_mem_accepts, | >> .endianness = DEVICE_NATIVE_ENDIAN, | > | > "This cannot happen, since TLB_NOTDIRTY is only added | > to the addr_write member (see accel/tcg/cputlb.c)." | | I'm now okay with asserting it, as long as notdirty_mem_read abort()s. Okay, I'm preparing a revised patch. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
© 2016 - 2024 Red Hat, Inc.