mirror of https://github.com/xemu-project/xemu.git
target/i386: Always completely initialize TranslateFault
In get_physical_address, the canonical address check failed to
set TranslateFault.stage2, which resulted in an uninitialized
read from the struct when reporting the fault in x86_cpu_tlb_fill.
Adjust all error paths to use structure assignment so that the
entire struct is always initialized.
Reported-by: Daniel Hoffman <dhoff749@gmail.com>
Fixes: 9bbcf37219 ("target/i386: Reorg GET_HPHYS")
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20221201074522.178498-1-richard.henderson@linaro.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1324
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Richard Henderson
Paolo Bonzini
parent
38e65936a8
commit
8218c048be
|
|
@ -71,10 +71,11 @@ static bool ptw_translate(PTETranslate *inout, hwaddr addr)
|
||||||
TranslateFault *err = inout->err;
|
TranslateFault *err = inout->err;
|
||||||
|
|
||||||
assert(inout->ptw_idx == MMU_NESTED_IDX);
|
assert(inout->ptw_idx == MMU_NESTED_IDX);
|
||||||
err->exception_index = 0; /* unused */
|
*err = (TranslateFault){
|
||||||
err->error_code = inout->env->error_code;
|
.error_code = inout->env->error_code,
|
||||||
err->cr2 = addr;
|
.cr2 = addr,
|
||||||
err->stage2 = S2_GPT;
|
.stage2 = S2_GPT,
|
||||||
|
};
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
|
|
@ -431,10 +432,11 @@ do_check_protect_pse36:
|
||||||
MMU_NESTED_IDX, true,
|
MMU_NESTED_IDX, true,
|
||||||
&pte_trans.haddr, &full, 0);
|
&pte_trans.haddr, &full, 0);
|
||||||
if (unlikely(flags & TLB_INVALID_MASK)) {
|
if (unlikely(flags & TLB_INVALID_MASK)) {
|
||||||
err->exception_index = 0; /* unused */
|
*err = (TranslateFault){
|
||||||
err->error_code = env->error_code;
|
.error_code = env->error_code,
|
||||||
err->cr2 = paddr;
|
.cr2 = paddr,
|
||||||
err->stage2 = S2_GPA;
|
.stage2 = S2_GPA,
|
||||||
|
};
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -494,10 +496,11 @@ do_check_protect_pse36:
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
err->exception_index = EXCP0E_PAGE;
|
*err = (TranslateFault){
|
||||||
err->error_code = error_code;
|
.exception_index = EXCP0E_PAGE,
|
||||||
err->cr2 = addr;
|
.error_code = error_code,
|
||||||
err->stage2 = S2_NONE;
|
.cr2 = addr,
|
||||||
|
};
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -564,9 +567,10 @@ static bool get_physical_address(CPUX86State *env, vaddr addr,
|
||||||
int shift = in.pg_mode & PG_MODE_LA57 ? 56 : 47;
|
int shift = in.pg_mode & PG_MODE_LA57 ? 56 : 47;
|
||||||
int64_t sext = (int64_t)addr >> shift;
|
int64_t sext = (int64_t)addr >> shift;
|
||||||
if (sext != 0 && sext != -1) {
|
if (sext != 0 && sext != -1) {
|
||||||
err->exception_index = EXCP0D_GPF;
|
*err = (TranslateFault){
|
||||||
err->error_code = 0;
|
.exception_index = EXCP0D_GPF,
|
||||||
err->cr2 = addr;
|
.cr2 = addr,
|
||||||
|
};
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue