Commit 2741d2cc39 for qemu.org

commit 2741d2cc39033929485b50792a85b5c794b1c903
Author: Sergei Heifetz <heifetz@yandex-team.com>
Date:   Thu Mar 5 11:04:31 2026 +0500

    target/i386: fix NULL pointer dereference in legacy-cache=off handling

    The check that xcc->model is not NULL occurs after it is dereferenced
    inside x86_cpu_get_versioned_cache_info(), so something like
    `-cpu host,legacy-cache=off` leads to a segfault rather than an error.
    This patch fixes that.

    Fixes: cca0a000d06f897411a8a ("target/i386: allow versioned CPUs to specify new cache_info")
    Signed-off-by: Sergei Heifetz <heifetz@yandex-team.com>
    Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
    Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
    Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
    [Mjt: simplify the following condition too]
    Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 5b9ae79f16..b5e483e8cd 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -10107,10 +10107,11 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)

     /* Cache information initialization */
     if (!cpu->legacy_cache) {
-        const CPUCaches *cache_info =
-            x86_cpu_get_versioned_cache_info(cpu, xcc->model);
+        const CPUCaches *cache_info = xcc->model
+            ? x86_cpu_get_versioned_cache_info(cpu, xcc->model)
+            : NULL;

-        if (!xcc->model || !cache_info) {
+        if (!cache_info) {
             g_autofree char *name = x86_cpu_class_get_model_name(xcc);
             error_setg(errp,
                        "CPU model '%s' doesn't support legacy-cache=off", name);