From nobody Mon Feb 9 20:12:46 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1670235525; cv=none; d=zohomail.com; s=zohoarc; b=SNlCxLeB7T9QQHRMGALbS3zBTDFabAV71IELGJTiDV7oU1vd6zVi27ZVxrJQszxtdbAWHcmuyIzXbBvt0xaAkBOsasQQ/VSjjSdNGDiadPMckyNepg9UNXFFWGRNh+wmBSwe3k/6tBIuK0Odz4sobPLs4JAzXcji7yW6fbyKgr0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1670235525; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=dnkYOrTgO+HGLMQelFOS97QjJMRgo81PYH7NJKA+HKk=; b=jOPUE0pZEW1+T5CVLzADmXbiInBU8sQwCGy/m/bU7H6hICm/dXDiFSYilyXB9NCN/ZLgAwBpWw/hZjmQGOr5WqlO/zhKhcXZ3cxwIzdKcaoPPRhMUrRCOYCjbKHvUU7u7od7YX7BZEoGzIathTkI3DrhhQxSMIlP77ADiW9uHYc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1670235525934207.85224472055984; Mon, 5 Dec 2022 02:18:45 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1p28Cg-0003QP-J9; Mon, 05 Dec 2022 04:56:02 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p28CS-00034Q-Ff for qemu-devel@nongnu.org; Mon, 05 Dec 2022 04:55:51 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p28CN-0007QX-DS for qemu-devel@nongnu.org; Mon, 05 Dec 2022 04:55:48 -0500 Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-5-8t4q3dc7PkiPR_2Ty-aeZg-1; Mon, 05 Dec 2022 04:55:40 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5829B185A794; Mon, 5 Dec 2022 09:55:39 +0000 (UTC) Received: from secure.mitica (unknown [10.39.194.135]) by smtp.corp.redhat.com (Postfix) with ESMTP id F35CF2166B29; Mon, 5 Dec 2022 09:55:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1670234142; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dnkYOrTgO+HGLMQelFOS97QjJMRgo81PYH7NJKA+HKk=; b=R1oPZn5waUm1MpNohvAiQEYBFMFNVxuLCpleOEKpiZK8z57kPlUmIXcZRmsk4rjItsqeQ5 da8TbB5/1l8zb132/Gdm5XTge+UqlLFi6rD/IYQp9fs0t/WSgxT6eTiqMiOzjRrUwMIsUu bzjHqI//SsF4wOFcMgyimQS2g5b3yo8= X-MC-Unique: 8t4q3dc7PkiPR_2Ty-aeZg-1 From: Juan Quintela To: qemu-devel@nongnu.org Cc: Fam Zheng , Thomas Huth , Viresh Kumar , Kevin Wolf , Mathieu Poirier , Laurent Vivier , Eric Blake , Richard Henderson , Raphael Norwitz , Stefan Hajnoczi , Juan Quintela , virtio-fs@redhat.com, =?UTF-8?q?Alex=20Benn=C3=A9e?= , Christian Borntraeger , "Gonglei (Arei)" , qemu-block@nongnu.org, Xiaojuan Yang , Thomas Huth , Ilya Leoshkevich , Eduardo Habkost , Gerd Hoffmann , "Dr. David Alan Gilbert" , Alex Williamson , Eric Farman , Halil Pasic , Peter Maydell , Vladimir Sementsov-Ogievskiy , Jason Wang , Laurent Vivier , Song Gao , qemu-s390x@nongnu.org, Pavel Dovgalyuk , Klaus Jensen , John Snow , Michael Tokarev , qemu-arm@nongnu.org, Paolo Bonzini , "Michael S. Tsirkin" , Keith Busch , David Hildenbrand , qemu-trivial@nongnu.org, Hanna Reitz , Daniel Hoffman Subject: [PATCH v2 23/51] target/i386: Always completely initialize TranslateFault Date: Mon, 5 Dec 2022 10:52:00 +0100 Message-Id: <20221205095228.1314-24-quintela@redhat.com> In-Reply-To: <20221205095228.1314-1-quintela@redhat.com> References: <20221205095228.1314-1-quintela@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=quintela@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1670235526536100001 Content-Type: text/plain; charset="utf-8" From: Richard Henderson In get_physical_address, the canonical address check failed to set TranslateFault.stage2, which resulted in an uninitialized read from the struct when reporting the fault in x86_cpu_tlb_fill. Adjust all error paths to use structure assignment so that the entire struct is always initialized. Reported-by: Daniel Hoffman Fixes: 9bbcf372193a ("target/i386: Reorg GET_HPHYS") Signed-off-by: Richard Henderson Message-Id: <20221201074522.178498-1-richard.henderson@linaro.org> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1324 Signed-off-by: Paolo Bonzini --- target/i386/tcg/sysemu/excp_helper.c | 34 ++++++++++++++++------------ 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/= excp_helper.c index 405a5d414a..55bd1194d3 100644 --- a/target/i386/tcg/sysemu/excp_helper.c +++ b/target/i386/tcg/sysemu/excp_helper.c @@ -71,10 +71,11 @@ static bool ptw_translate(PTETranslate *inout, hwaddr a= ddr) TranslateFault *err =3D inout->err; =20 assert(inout->ptw_idx =3D=3D MMU_NESTED_IDX); - err->exception_index =3D 0; /* unused */ - err->error_code =3D inout->env->error_code; - err->cr2 =3D addr; - err->stage2 =3D S2_GPT; + *err =3D (TranslateFault){ + .error_code =3D inout->env->error_code, + .cr2 =3D addr, + .stage2 =3D S2_GPT, + }; return false; } return true; @@ -431,10 +432,11 @@ do_check_protect_pse36: MMU_NESTED_IDX, true, &pte_trans.haddr, &full, 0); if (unlikely(flags & TLB_INVALID_MASK)) { - err->exception_index =3D 0; /* unused */ - err->error_code =3D env->error_code; - err->cr2 =3D paddr; - err->stage2 =3D S2_GPA; + *err =3D (TranslateFault){ + .error_code =3D env->error_code, + .cr2 =3D paddr, + .stage2 =3D S2_GPA, + }; return false; } =20 @@ -494,10 +496,11 @@ do_check_protect_pse36: } break; } - err->exception_index =3D EXCP0E_PAGE; - err->error_code =3D error_code; - err->cr2 =3D addr; - err->stage2 =3D S2_NONE; + *err =3D (TranslateFault){ + .exception_index =3D EXCP0E_PAGE, + .error_code =3D error_code, + .cr2 =3D addr, + }; return false; } =20 @@ -564,9 +567,10 @@ static bool get_physical_address(CPUX86State *env, vad= dr addr, int shift =3D in.pg_mode & PG_MODE_LA57 ? 56 : 47; int64_t sext =3D (int64_t)addr >> shift; if (sext !=3D 0 && sext !=3D -1) { - err->exception_index =3D EXCP0D_GPF; - err->error_code =3D 0; - err->cr2 =3D addr; + *err =3D (TranslateFault){ + .exception_index =3D EXCP0D_GPF, + .cr2 =3D addr, + }; return false; } } --=20 2.38.1