From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
quintela@redhat.com, qemu-devel@nongnu.org, dgilbert@redhat.com
Subject: Re: [Qemu-devel] [PATCH 2/4] exec: add wrapper for host pointer access
Date: Mon, 17 Nov 2014 10:58:53 +0000 [thread overview]
Message-ID: <20141117105852.GC2237@work-vm> (raw)
In-Reply-To: <1415785203-26938-3-git-send-email-mst@redhat.com>
* Michael S. Tsirkin (mst@redhat.com) wrote:
> host pointer accesses force pointer math, let's
> add a wrapper to make them safer.
>
> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> ---
> include/exec/cpu-all.h | 5 +++++
> exec.c | 10 +++++-----
> 2 files changed, 10 insertions(+), 5 deletions(-)
>
> diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
> index c085804..9d8d408 100644
> --- a/include/exec/cpu-all.h
> +++ b/include/exec/cpu-all.h
> @@ -313,6 +313,11 @@ typedef struct RAMBlock {
> int fd;
> } RAMBlock;
>
> +static inline void *ramblock_ptr(RAMBlock *block, ram_addr_t offset)
> +{
> + return (char *)block->host + offset;
> +}
I'm a bit surprised you don't need to pass a length to this to be able
to tell how much you can access.
> typedef struct RAMList {
> QemuMutex mutex;
> /* Protected by the iothread lock. */
> diff --git a/exec.c b/exec.c
> index ad5cf12..9648669 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -840,7 +840,7 @@ static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
>
> block = qemu_get_ram_block(start);
> assert(block == qemu_get_ram_block(end - 1));
> - start1 = (uintptr_t)block->host + (start - block->offset);
> + start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
> cpu_tlb_reset_dirty_all(start1, length);
> }
>
> @@ -1500,7 +1500,7 @@ void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
> QTAILQ_FOREACH(block, &ram_list.blocks, next) {
> offset = addr - block->offset;
> if (offset < block->length) {
> - vaddr = block->host + offset;
> + vaddr = ramblock_ptr(block, offset);
> if (block->flags & RAM_PREALLOC) {
> ;
> } else if (xen_enabled()) {
> @@ -1551,7 +1551,7 @@ void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
> {
> RAMBlock *block = qemu_get_ram_block(addr);
>
> - return block->host;
> + return ramblock_ptr(block, 0);
> }
>
> /* Return a host pointer to ram allocated with qemu_ram_alloc.
> @@ -1578,7 +1578,7 @@ void *qemu_get_ram_ptr(ram_addr_t addr)
> xen_map_cache(block->offset, block->length, 1);
> }
> }
> - return block->host + (addr - block->offset);
> + return ramblock_ptr(block, addr - block->offset);
> }
which then makes me wonder if all the uses of this are safe near the
end of the block.
> /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
> @@ -1597,7 +1597,7 @@ static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
> if (addr - block->offset < block->length) {
> if (addr - block->offset + *size > block->length)
> *size = block->length - addr + block->offset;
> - return block->host + (addr - block->offset);
> + return ramblock_ptr(block, addr - block->offset);
> }
but then this sounds like it's going to have partial duplication, it already looks
like it's only going to succeed if it finds itself a block that the access fits
in.
Dave
> }
>
> --
> MST
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2014-11-17 10:59 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-12 9:44 [Qemu-devel] [PATCH 0/4] migration: fix CVE-2014-7840 Michael S. Tsirkin
2014-11-12 9:44 ` [Qemu-devel] [PATCH 1/4] migration: fix parameter validation on ram load Michael S. Tsirkin
2014-11-12 9:49 ` Paolo Bonzini
2014-11-12 9:44 ` [Qemu-devel] [PATCH 2/4] exec: add wrapper for host pointer access Michael S. Tsirkin
2014-11-17 10:58 ` Dr. David Alan Gilbert [this message]
2014-11-17 11:36 ` Michael S. Tsirkin
2014-11-17 12:59 ` Dr. David Alan Gilbert
2014-11-17 16:16 ` Michael S. Tsirkin
2014-11-12 9:44 ` [Qemu-devel] [PATCH 3/4] cpu: assert host pointer offset within block Michael S. Tsirkin
2014-11-12 9:44 ` [Qemu-devel] [PATCH 4/4] cpu: verify that block->host is set Michael S. Tsirkin
2014-11-17 6:36 ` [Qemu-devel] [PATCH 0/4] migration: fix CVE-2014-7840 Amit Shah
2014-11-17 10:32 ` Michael S. Tsirkin
2014-11-17 10:38 ` Amit Shah
2014-11-17 10:52 ` Michael S. Tsirkin
2014-11-17 11:07 ` Amit Shah
2014-11-17 11:48 ` Michael S. Tsirkin
2014-11-17 12:20 ` Amit Shah
2014-11-17 12:36 ` Michael S. Tsirkin
2014-11-18 9:03 ` Amit Shah
2014-11-18 9:01 ` Amit Shah
2014-11-18 9:11 ` Dr. David Alan Gilbert
2014-11-18 9:27 ` Michael S. Tsirkin
2014-11-18 9:32 ` Dr. David Alan Gilbert
2014-12-08 23:32 ` Amos Kong
2014-12-10 2:55 ` Amit Shah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141117105852.GC2237@work-vm \
--to=dgilbert@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.