From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: lcapitulino@redhat.com
Subject: [Qemu-devel] [PATCH 4/4] exec: fix incorrect assumptions in memory_access_size
Date: Fri, 19 Jul 2013 22:07:58 +0200 [thread overview]
Message-ID: <1374264478-23913-5-git-send-email-pbonzini@redhat.com> (raw)
In-Reply-To: <1374264478-23913-1-git-send-email-pbonzini@redhat.com>
access_size_min can be 1 because erroneous accesses must not crash
QEMU, they should trigger exceptions in the guest or just return
garbage (depending on the CPU). I am not sure I understand the
comment: placing a 4-byte field at the last byte of a region
makes no sense (unless impl.unaligned is true), and that is
why memory.c:access_with_adjusted_size does not bother with
minimums larger than the remaining length.
access_size_max can be mr->ops->valid.max_access_size because memory.c
can and will still break accesses bigger than
mr->ops->impl.max_access_size.
Reported-by: Markus Armbruster <armbru@redhat.com>
Tested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
exec.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/exec.c b/exec.c
index d312bb4..c8658c6 100644
--- a/exec.c
+++ b/exec.c
@@ -1898,14 +1898,10 @@ static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
{
- unsigned access_size_min = mr->ops->impl.min_access_size;
- unsigned access_size_max = mr->ops->impl.max_access_size;
+ unsigned access_size_max = mr->ops->valid.max_access_size;
/* Regions are assumed to support 1-4 byte accesses unless
otherwise specified. */
- if (access_size_min == 0) {
- access_size_min = 1;
- }
if (access_size_max == 0) {
access_size_max = 4;
}
@@ -1922,9 +1918,6 @@ static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
if (l > access_size_max) {
l = access_size_max;
}
- /* ??? The users of this function are wrong, not supporting minimums larger
- than the remaining length. C.f. memory.c:access_with_adjusted_size. */
- assert(l >= access_size_min);
return l;
}
--
1.8.1.4
next prev parent reply other threads:[~2013-07-19 20:08 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-19 20:07 [Qemu-devel] [PULL 0/4] Memory API fixes for soft freeze Paolo Bonzini
2013-07-19 20:07 ` [Qemu-devel] [PATCH 1/4] exec.c: Pass correct pointer type to qemu_ram_ptr_length Paolo Bonzini
2013-07-19 20:07 ` [Qemu-devel] [PATCH 2/4] memory: actually set the owner Paolo Bonzini
2013-07-19 20:07 ` [Qemu-devel] [PATCH 3/4] memory: Return -1 again on reads from unsigned regions Paolo Bonzini
2013-07-19 20:07 ` Paolo Bonzini [this message]
2013-07-20 2:07 ` [Qemu-devel] [PATCH 4/4] exec: fix incorrect assumptions in memory_access_size Luiz Capitulino
2013-07-22 16:08 ` [Qemu-devel] [PULL 0/4] Memory API fixes for soft freeze Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1374264478-23913-5-git-send-email-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=lcapitulino@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).