From patchwork Sat Feb 16 09:20:07 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tommi Rantala X-Patchwork-Id: 221027 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 975482C008C for ; Sun, 17 Feb 2013 05:55:25 +1100 (EST) Received: from localhost ([::1]:58322 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1U6kGY-0001fX-Lf for incoming@patchwork.ozlabs.org; Sat, 16 Feb 2013 11:05:30 -0500 Received: from eggs.gnu.org ([208.118.235.92]:44627) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1U6dwQ-0005Sc-FV for qemu-devel@nongnu.org; Sat, 16 Feb 2013 04:20:19 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1U6dwP-0003Wi-69 for qemu-devel@nongnu.org; Sat, 16 Feb 2013 04:20:18 -0500 Received: from mail-lb0-f182.google.com ([209.85.217.182]:58698) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1U6dwO-0003WP-Q1 for qemu-devel@nongnu.org; Sat, 16 Feb 2013 04:20:17 -0500 Received: by mail-lb0-f182.google.com with SMTP id gg6so3217823lbb.13 for ; Sat, 16 Feb 2013 01:20:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:from:to:cc:subject:date:message-id:x-mailer; bh=76xZ7gUWqviJZjUHMqs8kpNkfvbPstO5N21TQs53s9g=; b=KyjMas1hNYKOerPetf+YPTge2+4pBjAadvAvx0kWauWxxWY33kIZH0vaIY3dE1VHn9 9i65jY9zDtv1GinxazHRrN4L1+Kpz0N3rpS45ii/MiUp9m5LrAbBLwlLKYXaoxV8p+5H q2PZvl3A1F44Hy9TCM6mcLwyZ/q2ieZgJpfISJYeovVTkKPfCmrdOlluG1tIgvEauCet Zf/gFPRkzcAFFBrHbzNIsIktd1d1bKPkJcjOm6bKVJPdwWYQ3qxkPqVb67Yubela1kTr zsYJ2mKiKcVqcrEJ1zkQ06iCp1iICTdXmxQIYnNq/wFGNewvLdI22HiD9it8wa8dTbyG mdiQ== X-Received: by 10.112.54.1 with SMTP id f1mr3154973lbp.85.1361006415432; Sat, 16 Feb 2013 01:20:15 -0800 (PST) Received: from laptop.Elisa (a88-113-224-75.elisa-laajakaista.fi. [88.113.224.75]) by mx.google.com with ESMTPS id b3sm18520642lbl.0.2013.02.16.01.20.13 (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Sat, 16 Feb 2013 01:20:14 -0800 (PST) From: Tommi Rantala To: qemu-devel@nongnu.org Date: Sat, 16 Feb 2013 11:20:07 +0200 Message-Id: <1361006407-12763-1-git-send-email-tt.rantala@gmail.com> X-Mailer: git-send-email 1.8.1 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-Received-From: 209.85.217.182 X-Mailman-Approved-At: Sat, 16 Feb 2013 11:04:40 -0500 Cc: Anthony Liguori , Jan Kiszka , Tommi Rantala , Blue Swirl , Avi Kivity , davej@redhat.com, afaerber@suse.de Subject: [Qemu-devel] [PATCH] kvmvapic: add read operation to the MemoryRegionOps to fix segfault X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org QEMU would occasionally segfault when fuzzing the linux kernel with Trinity. Add a read op (copied from hw/kvm/apic.c) to vapic_ops to prevent the crash. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffeddcc700 (LWP 15999)] 0x0000000000000000 in ?? () (gdb) bt #0 0x0000000000000000 in ?? () #1 0x00005555557bbd2d in memory_region_read_accessor (opaque=0x555556be77c8, addr=, value=0x7fffeddcbaf0, size=1, shift=0, mask=255) at /home/ttrantal/git/qemu/memory.c:316 #2 0x00005555557bb612 in access_with_adjusted_size (addr=addr@entry=0, value=value@entry=0x7fffeddcbaf0, size=1, access_size_min=, access_size_max=, access=access@entry= 0x5555557bbcd0 , opaque=opaque@entry=0x555556be77c8) at /home/ttrantal/git/qemu/memory.c:364 #3 0x00005555557bcde8 in memory_region_iorange_read (iorange=0x555556874d90, offset=0, width=1, data=0x7fffeddcbaf0) at /home/ttrantal/git/qemu/memory.c:409 #4 0x00005555557b6c37 in ioport_readb_thunk (opaque=, addr=) at /home/ttrantal/git/qemu/ioport.c:186 #5 0x00005555557b74ee in ioport_read (address=0, index=0) at /home/ttrantal/git/qemu/ioport.c:70 #6 cpu_inb (addr=addr@entry=126) at /home/ttrantal/git/qemu/ioport.c:309 #7 0x00005555557b98a3 in kvm_handle_io (count=1, size=1, direction=0, data=, port=126) at /home/ttrantal/git/qemu/kvm-all.c:1414 #8 kvm_cpu_exec (env=env@entry=0x555556bcc870) at /home/ttrantal/git/qemu/kvm-all.c:1581 #9 0x0000555555763bb1 in qemu_kvm_cpu_thread_fn (arg=0x555556bcc870) at /home/ttrantal/git/qemu/cpus.c:759 #10 0x00007ffff6487d15 in start_thread (arg=0x7fffeddcc700) at pthread_create.c:308 #11 0x00007ffff297946d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:114 (gdb) Signed-off-by: Tommi Rantala --- hw/kvmvapic.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hw/kvmvapic.c b/hw/kvmvapic.c index 1b5f416..d4420fe 100644 --- a/hw/kvmvapic.c +++ b/hw/kvmvapic.c @@ -615,6 +615,12 @@ static int vapic_prepare(VAPICROMState *s) return 0; } +static uint64_t vapic_read(void *opaque, hwaddr addr, + unsigned int size) +{ + return ~(uint64_t)0; +} + static void vapic_write(void *opaque, hwaddr addr, uint64_t data, unsigned int size) { @@ -683,6 +689,7 @@ static void vapic_write(void *opaque, hwaddr addr, uint64_t data, } static const MemoryRegionOps vapic_ops = { + .read = vapic_read, .write = vapic_write, .endianness = DEVICE_NATIVE_ENDIAN, };