|
| From: | Song Gao |
| Subject: | Re: [PATCH 2/3] hw/intc: Add NULL pointer check on LoongArch ipi device |
| Date: | Fri, 12 May 2023 11:01:33 +0800 |
| User-agent: | Mozilla/5.0 (X11; Linux loongarch64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 |
Hi, Philippe 在 2023/5/12 上午3:03, Philippe Mathieu-Daudé 写道:
On 6/4/23 12:00, Song Gao wrote:When ipi mailbox is used, cpu index is decoded from iocsr register. cpu maybe does not exist. This patch adss NULL pointer check on ipi device.How can that happens from a guest vcpu context?
cpuid(cs->cpu_index) is decoded from iocsr register. cpuid = (val >> 16) & 0x3ff; // ipi_sned [25:16] The value maybe invalid. qemu only support 4 vcpu. you can find more about ipi_send registers at: https://github.com/loongson/LoongArch-Documentation/releases/download/2023.04.20/Loongson-3A5000-usermanual-v1.03-EN.pdf Table 63. Processor core inter-processor communication registers
Signed-off-by: Song Gao <gaosong@loongson.cn> --- hw/intc/loongarch_ipi.c | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/hw/intc/loongarch_ipi.c b/hw/intc/loongarch_ipi.c index 0563d83a35..39e899df46 100644 --- a/hw/intc/loongarch_ipi.c +++ b/hw/intc/loongarch_ipi.c @@ -86,11 +86,12 @@ static void ipi_send(uint64_t val) /* IPI status vector */ data = 1 << (val & 0x1f); cs = qemu_get_cpu(cpuid); - cpu = LOONGARCH_CPU(cs); - env = &cpu->env; - address_space_stl(&env->address_space_iocsr, 0x1008, - data, MEMTXATTRS_UNSPECIFIED, NULL); - + if (cs) { + cpu = LOONGARCH_CPU(cs); + env = &cpu->env; + address_space_stl(&env->address_space_iocsr, 0x1008, + data, MEMTXATTRS_UNSPECIFIED, NULL); + }Is that the hardware behavior?
Yes.
Could logging the invalid cpuid request be useful?
Sure. Thanks. Song Gao
| [Prev in Thread] | Current Thread | [Next in Thread] |