blob: ac6c6e00a8a3f0413fa09cac74a3b35f5666f248 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
TCG: 0.982
ppc: 0.952
device: 0.886
graphic: 0.829
architecture: 0.785
permissions: 0.723
network: 0.720
register: 0.626
risc-v: 0.600
debug: 0.512
vnc: 0.511
performance: 0.428
socket: 0.422
kernel: 0.381
mistranslation: 0.369
x86: 0.361
files: 0.350
i386: 0.342
boot: 0.329
arm: 0.325
semantic: 0.313
PID: 0.302
VMM: 0.237
assembly: 0.156
virtual: 0.113
user-level: 0.103
peripherals: 0.065
hypervisor: 0.064
KVM: 0.059
--------------------
TCG: 0.975
debug: 0.856
kernel: 0.853
register: 0.107
hypervisor: 0.060
assembly: 0.050
virtual: 0.036
performance: 0.036
files: 0.028
architecture: 0.027
PID: 0.024
permissions: 0.019
semantic: 0.015
device: 0.012
x86: 0.011
user-level: 0.010
i386: 0.007
risc-v: 0.006
VMM: 0.004
network: 0.004
mistranslation: 0.003
peripherals: 0.003
boot: 0.003
arm: 0.003
socket: 0.002
KVM: 0.002
graphic: 0.002
vnc: 0.002
ppc: 0.001
cputlb: uninitialized local variable in tlb_set_page_with_attrs cause SIGSEGV when a CPU access an unmapped IOMMU page
Description of problem:
When a TCG cpu accesses an unmapped page within an IOMMU region that causes a translation fault, QEMU SIGSEGVs in `io_readx`.
The reason was that in `address_space_translate_for_iotlb`, `xlat` is not set on a permission fault.
As a result, `xlat` in `tlb_set_page_with_attr` is uninitialized. This in turn causes various mis-calculation and eventually crashes in `io_readx`.
|