From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59652) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1V0MZi-0006Bw-D8 for qemu-devel@nongnu.org; Fri, 19 Jul 2013 22:07:11 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1V0MZh-0000Ca-FP for qemu-devel@nongnu.org; Fri, 19 Jul 2013 22:07:10 -0400 Received: from mx1.redhat.com ([209.132.183.28]:44580) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1V0MZh-0000CV-72 for qemu-devel@nongnu.org; Fri, 19 Jul 2013 22:07:09 -0400 Received: from int-mx02.intmail.prod.int.phx2.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r6K2785d022690 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 19 Jul 2013 22:07:08 -0400 Date: Fri, 19 Jul 2013 22:07:07 -0400 From: Luiz Capitulino Message-ID: <20130719220707.37506ad7@redhat.com> In-Reply-To: <1374264478-23913-5-git-send-email-pbonzini@redhat.com> References: <1374264478-23913-1-git-send-email-pbonzini@redhat.com> <1374264478-23913-5-git-send-email-pbonzini@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH 4/4] exec: fix incorrect assumptions in memory_access_size List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Paolo Bonzini Cc: qemu-devel@nongnu.org On Fri, 19 Jul 2013 22:07:58 +0200 Paolo Bonzini wrote: > access_size_min can be 1 because erroneous accesses must not crash > QEMU, they should trigger exceptions in the guest or just return > garbage (depending on the CPU). I am not sure I understand the > comment: placing a 4-byte field at the last byte of a region > makes no sense (unless impl.unaligned is true), and that is > why memory.c:access_with_adjusted_size does not bother with > minimums larger than the remaining length. > > access_size_max can be mr->ops->valid.max_access_size because memory.c > can and will still break accesses bigger than > mr->ops->impl.max_access_size. > > Reported-by: Markus Armbruster > Tested-by: Markus Armbruster > Signed-off-by: Paolo Bonzini Yeah, works for me now: Tested-by: Luiz Capitulino > --- > exec.c | 9 +-------- > 1 file changed, 1 insertion(+), 8 deletions(-) > > diff --git a/exec.c b/exec.c > index d312bb4..c8658c6 100644 > --- a/exec.c > +++ b/exec.c > @@ -1898,14 +1898,10 @@ static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write) > > static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr) > { > - unsigned access_size_min = mr->ops->impl.min_access_size; > - unsigned access_size_max = mr->ops->impl.max_access_size; > + unsigned access_size_max = mr->ops->valid.max_access_size; > > /* Regions are assumed to support 1-4 byte accesses unless > otherwise specified. */ > - if (access_size_min == 0) { > - access_size_min = 1; > - } > if (access_size_max == 0) { > access_size_max = 4; > } > @@ -1922,9 +1918,6 @@ static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr) > if (l > access_size_max) { > l = access_size_max; > } > - /* ??? The users of this function are wrong, not supporting minimums larger > - than the remaining length. C.f. memory.c:access_with_adjusted_size. */ > - assert(l >= access_size_min); > > return l; > }