Re: [Qemu-devel] [PATCH 1/3] target/arm: fix crash on pmu register access
On Mar 22 17:23, Andrew Jones wrote:
> Fix a QEMU NULL derefence that occurs when the guest attempts to
> enable PMU counters with a non-v8 cpu model or a v8 cpu model
> which has not configured a PMU.
>
> Fixes: 4e7beb0cc0f3 ("target/arm: Add a timer to predict PMU counter
> overflow")
> Signed-off-by: Andrew Jones
Reviewed-by: Aaron Lindsay
> ---
> target/arm/helper.c | 4
> 1 file changed, 4 insertions(+)
>
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index c8d3c213b6b7..fc73488f6cc0 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -1259,6 +1259,10 @@ static bool pmu_counter_enabled(CPUARMState *env,
> uint8_t counter)
> int el = arm_current_el(env);
> uint8_t hpmn = env->cp15.mdcr_el2 & MDCR_HPMN;
>
> +if (!arm_feature(env, ARM_FEATURE_PMU)) {
> +return false;
> +}
> +
> if (!arm_feature(env, ARM_FEATURE_EL2) ||
> (counter < hpmn || counter == 31)) {
> e = env->cp15.c9_pmcr & PMCRE;
> --
> 2.17.2
>
[Qemu-devel] [PATCH 1/3] target/arm: fix crash on pmu register access
Fix a QEMU NULL derefence that occurs when the guest attempts to
enable PMU counters with a non-v8 cpu model or a v8 cpu model
which has not configured a PMU.
Fixes: 4e7beb0cc0f3 ("target/arm: Add a timer to predict PMU counter overflow")
Signed-off-by: Andrew Jones
---
target/arm/helper.c | 4
1 file changed, 4 insertions(+)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index c8d3c213b6b7..fc73488f6cc0 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1259,6 +1259,10 @@ static bool pmu_counter_enabled(CPUARMState *env,
uint8_t counter)
int el = arm_current_el(env);
uint8_t hpmn = env->cp15.mdcr_el2 & MDCR_HPMN;
+if (!arm_feature(env, ARM_FEATURE_PMU)) {
+return false;
+}
+
if (!arm_feature(env, ARM_FEATURE_EL2) ||
(counter < hpmn || counter == 31)) {
e = env->cp15.c9_pmcr & PMCRE;
--
2.17.2
