From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Subject: [Qemu-devel] [PULL 19/19] exec: Respect as_tranlsate_internal length clamp
Date: Wed, 18 Mar 2015 12:25:06 +0100 [thread overview]
Message-ID: <1426677906-51657-20-git-send-email-pbonzini@redhat.com> (raw)
In-Reply-To: <1426677906-51657-1-git-send-email-pbonzini@redhat.com>
From: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
address_space_translate_internal will clamp the *plen length argument
based on the size of the memory region being queried. The iommu walker
logic in addresss_space_translate was ignoring this by discarding the
post fn call value of *plen. Fix by just always using *plen as the
length argument throughout the fn, removing the len local variable.
This fixes a bootloader bug when a single elf section spans multiple
QEMU memory regions.
Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Message-Id: <1426570554-15940-1-git-send-email-peter.crosthwaite@xilinx.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
exec.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/exec.c b/exec.c
index e97071a..8b922db 100644
--- a/exec.c
+++ b/exec.c
@@ -380,7 +380,6 @@ MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
IOMMUTLBEntry iotlb;
MemoryRegionSection *section;
MemoryRegion *mr;
- hwaddr len = *plen;
rcu_read_lock();
for (;;) {
@@ -395,7 +394,7 @@ MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
iotlb = mr->iommu_ops->translate(mr, addr, is_write);
addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
| (addr & iotlb.addr_mask));
- len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
+ *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
if (!(iotlb.perm & (1 << is_write))) {
mr = &io_mem_unassigned;
break;
@@ -406,10 +405,9 @@ MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
- len = MIN(page, len);
+ *plen = MIN(page, *plen);
}
- *plen = len;
*xlat = addr;
rcu_read_unlock();
return mr;
--
2.3.0
next prev parent reply other threads:[~2015-03-18 11:26 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-18 11:24 [Qemu-devel] [PULL 00/19] Misc bugfixes for 2.3.0-rc1 Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 01/19] nbd: Fix overflow return value Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 02/19] util/uri: Add overflow check to rfc3986_parse_port Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 03/19] qemu-nbd: Detect unused partitions by system == 0 Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 04/19] nbd: Fix nbd_establish_connection()'s return value Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 05/19] nbd: Pass return value from nbd_handle_list() Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 06/19] nbd: Handle blk_getlength() failure Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 07/19] qemu-nbd: fork() can fail Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 08/19] nbd: Fix potential signed overflow issues Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 09/19] nbd: Set block size to BDRV_SECTOR_SIZE Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 10/19] nbd: Fix nbd_receive_options() Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 11/19] nbd: Fix interpretation of the export flags Paolo Bonzini
2015-03-18 11:24 ` [Qemu-devel] [PULL 12/19] nbd: Drop unexpected data for NBD_OPT_LIST Paolo Bonzini
2015-03-18 11:25 ` [Qemu-devel] [PULL 13/19] coroutine-io: Return -errno in case of error Paolo Bonzini
2015-03-18 11:25 ` [Qemu-devel] [PULL 14/19] build: pass .d file name to scripts/make_device_config.sh, fix makefile target Paolo Bonzini
2015-03-18 11:25 ` [Qemu-devel] [PULL 15/19] virtio-scsi: Fix assert in virtio_scsi_push_event Paolo Bonzini
2015-03-18 11:25 ` [Qemu-devel] [PULL 16/19] kvm: fix ioeventfd endianness on bi-endian architectures Paolo Bonzini
2015-03-23 8:50 ` Greg Kurz
2015-03-18 11:25 ` [Qemu-devel] [PULL 17/19] profiler: Reenable built-in profiler Paolo Bonzini
2015-03-18 11:25 ` [Qemu-devel] [PULL 18/19] virtio-scsi-dataplane: fix memory leak in virtio_scsi_vring_init Paolo Bonzini
2015-03-18 11:25 ` Paolo Bonzini [this message]
2015-03-19 11:12 ` [Qemu-devel] [PULL 00/19] Misc bugfixes for 2.3.0-rc1 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1426677906-51657-20-git-send-email-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=peter.crosthwaite@xilinx.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).