From 10cd7878be0501be1e27b7b00c14958efcdb3d9b Mon Sep 17 00:00:00 2001 From: Cornelia Huck Date: Wed, 17 Apr 2019 13:57:22 +0100 Subject: [PATCH 05/24] s390x/cpumodel: fix segmentation fault when baselining models MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Cornelia Huck Message-id: <20190417135741.25297-6-cohuck@redhat.com> Patchwork-id: 85784 O-Subject: [RHEL-8.1.0 qemu-kvm PATCH v2 05/24] s390x/cpumodel: fix segmentation fault when baselining models Bugzilla: 1699070 RH-Acked-by: David Hildenbrand RH-Acked-by: Thomas Huth RH-Acked-by: Philippe Mathieu-Daudé RH-Acked-by: Jens Freimann From: David Hildenbrand Usually, when baselining two CPU models, whereby one of them has base CPU features disabled (e.g. z14-base,msa=off), we fallback to an older model that did not have these features in the base model. We always try to create a "sane" CPU model (as far as possible), and one part of it is that removing base features is no good and to be avoided. Now, if we disable base features that were part of a z900, we're out of luck. We won't find a CPU model and QEMU will segfault. This is a scenario that should never happen in real life, but it can be used to crash QEMU. So let's properly report an error if we baseline e.g.: { "execute": "query-cpu-model-baseline", "arguments" : { "modela": { "name": "z14-base", "props": {"esan3" : false}}, "modelb": { "name": "z14"}} } Instead of segfaulting. Signed-off-by: David Hildenbrand Message-Id: <20180718092330.19465-1-david@redhat.com> Acked-by: Christian Borntraeger Signed-off-by: Cornelia Huck (cherry picked from commit 677ff32db12bcd1bca3a3df733d2478896d6df96) Signed-off-by: Cornelia Huck Signed-off-by: Danilo C. L. de Paula --- target/s390x/cpu_models.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c index 5e9b716..d2c16b8 100644 --- a/target/s390x/cpu_models.c +++ b/target/s390x/cpu_models.c @@ -720,6 +720,14 @@ CpuModelBaselineInfo *arch_query_cpu_model_baseline(CpuModelInfo *infoa, model.def = s390_find_cpu_def(cpu_type, max_gen, max_gen_ga, model.features); + + /* models without early base features (esan3) are bad */ + if (!model.def) { + error_setg(errp, "No compatible CPU model could be created as" + " important base features are disabled"); + return NULL; + } + /* strip off features not part of the max model */ bitmap_and(model.features, model.features, model.def->full_feat, S390_FEAT_MAX); -- 1.8.3.1