hw/nvram/nrf51_nvm.c | 7 +++++++ hw/pci-host/designware.c | 9 +++++++++ hw/pci-host/prep.c | 8 ++++++++ hw/ppc/prep_systemio.c | 8 ++++++++ hw/ppc/spapr_pci.c | 9 ++++++++- hw/vfio/pci-quirks.c | 8 ++++++++ 6 files changed, 48 insertions(+), 1 deletion(-)
From: Prasad J Pandit <pjp@fedoraproject.org> Hello, This series adds various undefined MMIO read/write functions to avoid potential guest crash via a NULL pointer dereference. ex. -> https://git.qemu.org/?p=qemu.git;a=commit;h=bb15013ef34617eb1344f5276292cadd326c21b2 Thank you. -- Prasad J Pandit (6): hw/pci-host: add pci-intack write method pci-host: add pcie-msi read method vfio: add quirk device write method prep: add ppc-parity write method nvram: add nrf51_soc flash read method spapr_pci: add spapr msi read method hw/nvram/nrf51_nvm.c | 7 +++++++ hw/pci-host/designware.c | 9 +++++++++ hw/pci-host/prep.c | 8 ++++++++ hw/ppc/prep_systemio.c | 8 ++++++++ hw/ppc/spapr_pci.c | 9 ++++++++- hw/vfio/pci-quirks.c | 8 ++++++++ 6 files changed, 48 insertions(+), 1 deletion(-) -- 2.26.2
Patchew URL: https://patchew.org/QEMU/20200617053934.122642-1-ppandit@redhat.com/
Hi,
This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.
=== TEST SCRIPT BEGIN ===
#!/bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
=== TEST SCRIPT END ===
CC qga/guest-agent-command-state.o
CC qga/main.o
CC qga/commands-posix.o
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
CC qga/channel-posix.o
CC qga/qapi-generated/qga-qapi-types.o
CC qga/qapi-generated/qga-qapi-visit.o
---
GEN docs/interop/qemu-ga-ref.html
GEN docs/interop/qemu-ga-ref.txt
GEN docs/interop/qemu-ga-ref.7
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
LINK qemu-keymap
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
LINK ivshmem-client
LINK ivshmem-server
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
LINK qemu-nbd
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
LINK qemu-storage-daemon
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
AS pc-bios/optionrom/multiboot.o
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
LINK qemu-img
AS pc-bios/optionrom/linuxboot.o
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
CC pc-bios/optionrom/linuxboot_dma.o
AS pc-bios/optionrom/kvmvapic.o
AS pc-bios/optionrom/pvh.o
CC pc-bios/optionrom/pvh_main.o
BUILD pc-bios/optionrom/multiboot.img
LINK qemu-io
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
BUILD pc-bios/optionrom/linuxboot.img
BUILD pc-bios/optionrom/linuxboot_dma.img
BUILD pc-bios/optionrom/kvmvapic.img
---
LINK fsdev/virtfs-proxy-helper
BUILD pc-bios/optionrom/linuxboot.raw
BUILD pc-bios/optionrom/multiboot.raw
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
BUILD pc-bios/optionrom/kvmvapic.raw
SIGN pc-bios/optionrom/linuxboot.bin
LINK scsi/qemu-pr-helper
SIGN pc-bios/optionrom/linuxboot_dma.bin
SIGN pc-bios/optionrom/kvmvapic.bin
LINK qemu-bridge-helper
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
SIGN pc-bios/optionrom/multiboot.bin
LINK virtiofsd
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
LINK vhost-user-input
LINK qemu-ga
BUILD pc-bios/optionrom/pvh.img
BUILD pc-bios/optionrom/pvh.raw
SIGN pc-bios/optionrom/pvh.bin
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
/usr/bin/ld: /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors_vfork.S.o): warning: common of `__interception::real_vfork' overridden by definition from /usr/lib64/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.a(asan_interceptors.cpp.o)
GEN x86_64-softmmu/hmp-commands-info.h
GEN x86_64-softmmu/hmp-commands.h
GEN x86_64-softmmu/config-target.h
---
CC x86_64-softmmu/hw/scsi/virtio-scsi.o
CC x86_64-softmmu/hw/scsi/virtio-scsi-dataplane.o
CC x86_64-softmmu/hw/scsi/vhost-scsi-common.o
/tmp/qemu-test/src/migration/ram.c:919:45: error: implicit conversion from 'unsigned long' to 'double' changes value from 18446744073709551615 to 18446744073709551616 [-Werror,-Wimplicit-int-float-conversion]
xbzrle_counters.encoding_rate = UINT64_MAX;
~ ^~~~~~~~~~
/usr/include/stdint.h:130:23: note: expanded from macro 'UINT64_MAX'
---
18446744073709551615UL
^~~~~~~~~~~~~~~~~~~~~~
1 error generated.
/tmp/qemu-test/src/fpu/softfloat.c:3365:13: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
absZ &= ~ ( ( ( roundBits ^ 0x40 ) == 0 ) & roundNearestEven );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
!
/tmp/qemu-test/src/fpu/softfloat.c:3423:18: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
absZ0 &= ~ ( ( (uint64_t) ( absZ1<<1 ) == 0 ) & roundNearestEven );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
!
/tmp/qemu-test/src/fpu/softfloat.c:3483:18: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
absZ0 &= ~(((uint64_t)(absZ1<<1) == 0) & roundNearestEven);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
!
/tmp/qemu-test/src/fpu/softfloat.c:3606:13: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
zSig &= ~ ( ( ( roundBits ^ 0x40 ) == 0 ) & roundNearestEven );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
!
/tmp/qemu-test/src/fpu/softfloat.c:3760:13: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
zSig &= ~ ( ( ( roundBits ^ 0x200 ) == 0 ) & roundNearestEven );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
!
/tmp/qemu-test/src/fpu/softfloat.c:3987:21: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
~ ( ( (uint64_t) ( zSig1<<1 ) == 0 ) & roundNearestEven );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
!
/tmp/qemu-test/src/fpu/softfloat.c:4003:22: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
zSig0 &= ~ ( ( (uint64_t) ( zSig1<<1 ) == 0 ) & roundNearestEven );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
!
/tmp/qemu-test/src/fpu/softfloat.c:4273:18: error: bitwise negation of a boolean expression; did you mean logical negation? [-Werror,-Wbool-operation]
zSig1 &= ~ ( ( zSig2 + zSig2 == 0 ) & roundNearestEven );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
!
8 errors generated.
make[1]: *** [/tmp/qemu-test/src/rules.mak:69: migration/ram.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make[1]: *** [/tmp/qemu-test/src/rules.mak:69: fpu/softfloat.o] Error 1
make: *** [Makefile:527: x86_64-softmmu/all] Error 2
Traceback (most recent call last):
File "./tests/docker/docker.py", line 669, in <module>
sys.exit(main())
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', '--label', 'com.qemu.instance.uuid=01f020e1222945239d0a8e124f15f6c3', '-u', '1001', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=x86_64-softmmu', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', '/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', '/var/tmp/patchew-tester-tmp-3dfzrfgw/src/docker-src.2020-06-17-02.03.49.10100:/var/tmp/qemu:z,ro', 'qemu:fedora', '/var/tmp/qemu/run', 'test-debug']' returned non-zero exit status 2.
filter=--filter=label=com.qemu.instance.uuid=01f020e1222945239d0a8e124f15f6c3
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-3dfzrfgw/src'
make: *** [docker-run-test-debug@fedora] Error 2
real 3m44.998s
user 0m8.259s
The full log is available at
http://patchew.org/logs/20200617053934.122642-1-ppandit@redhat.com/testing.asan/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com
On Wed, Jun 17, 2020 at 11:09:27AM +0530, P J P wrote: > From: Prasad J Pandit <pjp@fedoraproject.org> > > Hello, > > This series adds various undefined MMIO read/write functions > to avoid potential guest crash via a NULL pointer dereference. Hrm. If this is such a common problem, maybe we should just add a NULL check in the common paths. > > ex. -> https://git.qemu.org/?p=qemu.git;a=commit;h=bb15013ef34617eb1344f5276292cadd326c21b2 > > Thank you. -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
On Wed, 17 Jun 2020 16:39:56 +1000 David Gibson <david@gibson.dropbear.id.au> wrote: > On Wed, Jun 17, 2020 at 11:09:27AM +0530, P J P wrote: > > From: Prasad J Pandit <pjp@fedoraproject.org> > > > > Hello, > > > > This series adds various undefined MMIO read/write functions > > to avoid potential guest crash via a NULL pointer dereference. > > Hrm. If this is such a common problem, maybe we should just add a > NULL check in the common paths. +1, clearly the behavior is already expected. Thanks, Alex
On 6/17/20 3:06 PM, Alex Williamson wrote:
> On Wed, 17 Jun 2020 16:39:56 +1000
> David Gibson <david@gibson.dropbear.id.au> wrote:
>
>> On Wed, Jun 17, 2020 at 11:09:27AM +0530, P J P wrote:
>>> From: Prasad J Pandit <pjp@fedoraproject.org>
>>>
>>> Hello,
>>>
>>> This series adds various undefined MMIO read/write functions
>>> to avoid potential guest crash via a NULL pointer dereference.
>>
>> Hrm. If this is such a common problem, maybe we should just add a
>> NULL check in the common paths.
>
> +1, clearly the behavior is already expected. Thanks,
20 months ago Peter suggested:
"assert that every MemoryRegionOps has pointers to callbacks
in it, when it is registered in memory_region_init_io() and
memory_region_init_rom_device_nomigrate()."
https://www.mail-archive.com/qemu-devel@nongnu.org/msg573310.html
Li Qiang refers to this post from Paolo:
> static const MemoryRegionOps notdirty_mem_ops = {
> + .read = notdirty_mem_read,
> .write = notdirty_mem_write,
> .valid.accepts = notdirty_mem_accepts,
> .endianness = DEVICE_NATIVE_ENDIAN,
"This cannot happen, since TLB_NOTDIRTY is only added
to the addr_write member (see accel/tcg/cputlb.c)."
https://www.mail-archive.com/qemu-devel@nongnu.org/msg561345.html
Philippe Mathieu-Daudé <philmd@redhat.com> writes:
> On 6/17/20 3:06 PM, Alex Williamson wrote:
>> On Wed, 17 Jun 2020 16:39:56 +1000
>> David Gibson <david@gibson.dropbear.id.au> wrote:
>>
>>> On Wed, Jun 17, 2020 at 11:09:27AM +0530, P J P wrote:
>>>> From: Prasad J Pandit <pjp@fedoraproject.org>
>>>>
>>>> Hello,
>>>>
>>>> This series adds various undefined MMIO read/write functions
>>>> to avoid potential guest crash via a NULL pointer dereference.
>>>
>>> Hrm. If this is such a common problem, maybe we should just add a
>>> NULL check in the common paths.
>>
>> +1, clearly the behavior is already expected. Thanks,
>
> 20 months ago Peter suggested:
>
> "assert that every MemoryRegionOps has pointers to callbacks
> in it, when it is registered in memory_region_init_io() and
> memory_region_init_rom_device_nomigrate()."
>
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg573310.html
>
> Li Qiang refers to this post from Paolo:
>
>> static const MemoryRegionOps notdirty_mem_ops = {
>> + .read = notdirty_mem_read,
>> .write = notdirty_mem_write,
>> .valid.accepts = notdirty_mem_accepts,
>> .endianness = DEVICE_NATIVE_ENDIAN,
>
> "This cannot happen, since TLB_NOTDIRTY is only added
> to the addr_write member (see accel/tcg/cputlb.c)."
>
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg561345.html
What about catching it in memory_region_dispatch_write:
if (mr->ops->write) {
return access_with_adjusted_size(addr, &data, size,
mr->ops->impl.min_access_size,
mr->ops->impl.max_access_size,
memory_region_write_accessor, mr,
attrs);
} else if (mr->ops->write_with_attrs) {
return
access_with_adjusted_size(addr, &data, size,
mr->ops->impl.min_access_size,
mr->ops->impl.max_access_size,
memory_region_write_with_attrs_accessor,
mr, attrs);
} else {
qemu_log_mask(LOG_UNIMP|LOG_GUEST_ERROR, "%s: %s un-handled write\n",
__func__, mr->name);
}
--
Alex Bennée
On 6/17/20 4:05 PM, Alex Bennée wrote:
>
> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>
>> On 6/17/20 3:06 PM, Alex Williamson wrote:
>>> On Wed, 17 Jun 2020 16:39:56 +1000
>>> David Gibson <david@gibson.dropbear.id.au> wrote:
>>>
>>>> On Wed, Jun 17, 2020 at 11:09:27AM +0530, P J P wrote:
>>>>> From: Prasad J Pandit <pjp@fedoraproject.org>
>>>>>
>>>>> Hello,
>>>>>
>>>>> This series adds various undefined MMIO read/write functions
>>>>> to avoid potential guest crash via a NULL pointer dereference.
>>>>
>>>> Hrm. If this is such a common problem, maybe we should just add a
>>>> NULL check in the common paths.
>>>
>>> +1, clearly the behavior is already expected. Thanks,
>>
>> 20 months ago Peter suggested:
>>
>> "assert that every MemoryRegionOps has pointers to callbacks
>> in it, when it is registered in memory_region_init_io() and
>> memory_region_init_rom_device_nomigrate()."
>>
>> https://www.mail-archive.com/qemu-devel@nongnu.org/msg573310.html
>>
>> Li Qiang refers to this post from Paolo:
>>
>>> static const MemoryRegionOps notdirty_mem_ops = {
>>> + .read = notdirty_mem_read,
>>> .write = notdirty_mem_write,
>>> .valid.accepts = notdirty_mem_accepts,
>>> .endianness = DEVICE_NATIVE_ENDIAN,
>>
>> "This cannot happen, since TLB_NOTDIRTY is only added
>> to the addr_write member (see accel/tcg/cputlb.c)."
>>
>> https://www.mail-archive.com/qemu-devel@nongnu.org/msg561345.html
>
> What about catching it in memory_region_dispatch_write:
>
> if (mr->ops->write) {
> return access_with_adjusted_size(addr, &data, size,
> mr->ops->impl.min_access_size,
> mr->ops->impl.max_access_size,
> memory_region_write_accessor, mr,
> attrs);
> } else if (mr->ops->write_with_attrs) {
> return
> access_with_adjusted_size(addr, &data, size,
> mr->ops->impl.min_access_size,
> mr->ops->impl.max_access_size,
> memory_region_write_with_attrs_accessor,
> mr, attrs);
> } else {
> qemu_log_mask(LOG_UNIMP|LOG_GUEST_ERROR, "%s: %s un-handled write\n",
> __func__, mr->name);
The problem is what return value to return...
MEMTX_OK/MEMTX_ERROR/MEMTX_DECODE_ERROR? This is very
device-specific and can't be decided here for all the
cases.
Better to abort() and fix each device?
> }
>
>
On 17/06/20 15:20, Philippe Mathieu-Daudé wrote:
> On 6/17/20 3:06 PM, Alex Williamson wrote:
>> On Wed, 17 Jun 2020 16:39:56 +1000
>> David Gibson <david@gibson.dropbear.id.au> wrote:
>>
>>> On Wed, Jun 17, 2020 at 11:09:27AM +0530, P J P wrote:
>>>> From: Prasad J Pandit <pjp@fedoraproject.org>
>>>>
>>>> Hello,
>>>>
>>>> This series adds various undefined MMIO read/write functions
>>>> to avoid potential guest crash via a NULL pointer dereference.
>>>
>>> Hrm. If this is such a common problem, maybe we should just add a
>>> NULL check in the common paths.
>>
>> +1, clearly the behavior is already expected. Thanks,
>
> 20 months ago Peter suggested:
>
> "assert that every MemoryRegionOps has pointers to callbacks
> in it, when it is registered in memory_region_init_io() and
> memory_region_init_rom_device_nomigrate()."
>
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg573310.html
>
> Li Qiang refers to this post from Paolo:
>
>> static const MemoryRegionOps notdirty_mem_ops = {
>> + .read = notdirty_mem_read,
>> .write = notdirty_mem_write,
>> .valid.accepts = notdirty_mem_accepts,
>> .endianness = DEVICE_NATIVE_ENDIAN,
>
> "This cannot happen, since TLB_NOTDIRTY is only added
> to the addr_write member (see accel/tcg/cputlb.c)."
I'm now okay with asserting it, as long as notdirty_mem_read abort()s.
Paolo
+-- On Wed, 17 Jun 2020, Paolo Bonzini wrote --+
| On 17/06/20 15:20, Philippe Mathieu-Daudé wrote:
| > On 6/17/20 3:06 PM, Alex Williamson wrote:
| >> On Wed, 17 Jun 2020 16:39:56 +1000
| >> David Gibson <david@gibson.dropbear.id.au> wrote:
| >>> Hrm. If this is such a common problem, maybe we should just add a NULL
| >>> check in the common paths.
| >>
| >> +1, clearly the behavior is already expected. Thanks,
| >
| > 20 months ago Peter suggested:
| >
| > "assert that every MemoryRegionOps has pointers to callbacks
| > in it, when it is registered in memory_region_init_io() and
| > memory_region_init_rom_device_nomigrate()."
| >
| > https://www.mail-archive.com/qemu-devel@nongnu.org/msg573310.html
| >
| > Li Qiang refers to this post from Paolo:
| >
| >> static const MemoryRegionOps notdirty_mem_ops = {
| >> + .read = notdirty_mem_read,
| >> .write = notdirty_mem_write,
| >> .valid.accepts = notdirty_mem_accepts,
| >> .endianness = DEVICE_NATIVE_ENDIAN,
| >
| > "This cannot happen, since TLB_NOTDIRTY is only added
| > to the addr_write member (see accel/tcg/cputlb.c)."
|
| I'm now okay with asserting it, as long as notdirty_mem_read abort()s.
Okay, I'm preparing a revised patch.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
© 2016 - 2026 Red Hat, Inc.