From 3c50e72c4064bfb417f434680d763c8ec1a0d3b4 Mon Sep 17 00:00:00 2001 From: Andrew Jones Date: Tue, 26 Mar 2019 20:32:41 -0400 Subject: [PATCH] target/arm: fix crash on pmu register access Fix a QEMU NULL derefence that occurs when the guest attempts to enable PMU counters with a non-v8 cpu model or a v8 cpu model which has not configured a PMU. Backports commit cbbb3041fe2f57a475cef5d6b0ef836118aad106 from qemu --- qemu/target/arm/helper.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/qemu/target/arm/helper.c b/qemu/target/arm/helper.c index 62ac92ad..79285e32 100644 --- a/qemu/target/arm/helper.c +++ b/qemu/target/arm/helper.c @@ -1117,6 +1117,10 @@ static bool pmu_counter_enabled(CPUARMState *env, uint8_t counter) int el = arm_current_el(env); uint8_t hpmn = env->cp15.mdcr_el2 & MDCR_HPMN; + if (!arm_feature(env, ARM_FEATURE_PMU)) { + return false; + } + if (!arm_feature(env, ARM_FEATURE_EL2) || (counter < hpmn || counter == 31)) { e = env->cp15.c9_pmcr & PMCRE;