From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=41302 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Oe8Jz-0003vJ-34
	for qemu-devel@nongnu.org; Wed, 28 Jul 2010 11:13:28 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <gleb@redhat.com>) id 1Oe8Jx-0005ei-Nh
	for qemu-devel@nongnu.org; Wed, 28 Jul 2010 11:13:26 -0400
Received: from mx1.redhat.com ([209.132.183.28]:24373)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <gleb@redhat.com>) id 1Oe8Jx-0005eR-GU
	for qemu-devel@nongnu.org; Wed, 28 Jul 2010 11:13:25 -0400
From: Gleb Natapov <gleb@redhat.com>
Date: Wed, 28 Jul 2010 18:13:23 +0300
Message-Id: <1280330003-1467-3-git-send-email-gleb@redhat.com>
In-Reply-To: <1280330003-1467-1-git-send-email-gleb@redhat.com>
References: <1280330003-1467-1-git-send-email-gleb@redhat.com>
Subject: [Qemu-devel] [PATCH 2/2] Remove guest triggerable abort()
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: kvm@vger.kernel.org

This abort() condition is easily triggerable by a guest if it configures
pci bar with unaligned address that overlaps main memory.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
---
 kvm-all.c |   16 ++++------------
 1 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/kvm-all.c b/kvm-all.c
index fec6d05..ad46b10 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -437,18 +437,10 @@ static void kvm_set_phys_mem(target_phys_addr_t start_addr,
     KVMSlot *mem, old;
     int err;
 
-    if (start_addr & ~TARGET_PAGE_MASK) {
-        if (flags >= IO_MEM_UNASSIGNED) {
-            if (!kvm_lookup_overlapping_slot(s, start_addr,
-                                             start_addr + size)) {
-                return;
-            }
-            fprintf(stderr, "Unaligned split of a KVM memory slot\n");
-        } else {
-            fprintf(stderr, "Only page-aligned memory slots supported\n");
-        }
-        abort();
-    }
+    /* kvm works in page size chunks, but the function may be called
+       with sub-page size and analigned start address. */
+    size = TARGET_PAGE_ALIGN(size);
+    start_addr = TARGET_PAGE_ALIGN(start_addr);
 
     /* KVM does not support read-only slots */
     phys_offset &= ~IO_MEM_ROM;
-- 
1.7.1