From: Andrew Jones <drjones@redhat.com>
Date: Mon, 25 Mar 2019 14:16:47 +0000 (+0000)
Subject: target/arm: fix crash on pmu register access
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=cbbb3041fe2f57a475cef5d6b0ef836118aad106;p=qemu.git

target/arm: fix crash on pmu register access

Fix a QEMU NULL derefence that occurs when the guest attempts to
enable PMU counters with a non-v8 cpu model or a v8 cpu model
which has not configured a PMU.

Fixes: 4e7beb0cc0f3 ("target/arm: Add a timer to predict PMU counter overflow")
Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190322162333.17159-2-drjones@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---

diff --git a/target/arm/helper.c b/target/arm/helper.c
index c8d3c213b6..fc73488f6c 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1259,6 +1259,10 @@ static bool pmu_counter_enabled(CPUARMState *env, uint8_t counter)
     int el = arm_current_el(env);
     uint8_t hpmn = env->cp15.mdcr_el2 & MDCR_HPMN;
 
+    if (!arm_feature(env, ARM_FEATURE_PMU)) {
+        return false;
+    }
+
     if (!arm_feature(env, ARM_FEATURE_EL2) ||
             (counter < hpmn || counter == 31)) {
         e = env->cp15.c9_pmcr & PMCRE;