Commit cbbb3041 authored Mar 25, 2019 by Andrew Jones Committed by Peter Maydell Mar 25, 2019

target/arm: fix crash on pmu register access



Fix a QEMU NULL derefence that occurs when the guest attempts to
enable PMU counters with a non-v8 cpu model or a v8 cpu model
which has not configured a PMU.

Fixes: 4e7beb0c ("target/arm: Add a timer to predict PMU counter overflow")
Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190322162333.17159-2-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

parent da77e0fa

target/arm/helper.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -1259,6 +1259,10 @@ static bool pmu_counter_enabled(CPUARMState *env, uint8_t counter)
		int el = arm_current_el(env);
		uint8_t hpmn = env->cp15.mdcr_el2 & MDCR_HPMN;

		if (!arm_feature(env, ARM_FEATURE_PMU)) {
		return false;
		}

		if (!arm_feature(env, ARM_FEATURE_EL2) \|\|
		(counter < hpmn \|\| counter == 31)) {
		e = env->cp15.c9_pmcr & PMCRE;