From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
quintela@redhat.com, qemu-devel@nongnu.org, dgilbert@redhat.com
Subject: Re: [Qemu-devel] [PATCH 2/4] exec: add wrapper for host pointer access
Date: Mon, 17 Nov 2014 10:58:53 +0000 [thread overview]
Message-ID: <20141117105852.GC2237@work-vm> (raw)
In-Reply-To: <1415785203-26938-3-git-send-email-mst@redhat.com>
* Michael S. Tsirkin (mst@redhat.com) wrote:
> host pointer accesses force pointer math, let's
> add a wrapper to make them safer.
>
> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> ---
> include/exec/cpu-all.h | 5 +++++
> exec.c | 10 +++++-----
> 2 files changed, 10 insertions(+), 5 deletions(-)
>
> diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
> index c085804..9d8d408 100644
> --- a/include/exec/cpu-all.h
> +++ b/include/exec/cpu-all.h
> @@ -313,6 +313,11 @@ typedef struct RAMBlock {
> int fd;
> } RAMBlock;
>
> +static inline void *ramblock_ptr(RAMBlock *block, ram_addr_t offset)
> +{
> + return (char *)block->host + offset;
> +}
I'm a bit surprised you don't need to pass a length to this to be able
to tell how much you can access.
> typedef struct RAMList {
> QemuMutex mutex;
> /* Protected by the iothread lock. */
> diff --git a/exec.c b/exec.c
> index ad5cf12..9648669 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -840,7 +840,7 @@ static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
>
> block = qemu_get_ram_block(start);
> assert(block == qemu_get_ram_block(end - 1));
> - start1 = (uintptr_t)block->host + (start - block->offset);
> + start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
> cpu_tlb_reset_dirty_all(start1, length);
> }
>
> @@ -1500,7 +1500,7 @@ void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
> QTAILQ_FOREACH(block, &ram_list.blocks, next) {
> offset = addr - block->offset;
> if (offset < block->length) {
> - vaddr = block->host + offset;
> + vaddr = ramblock_ptr(block, offset);
> if (block->flags & RAM_PREALLOC) {
> ;
> } else if (xen_enabled()) {
> @@ -1551,7 +1551,7 @@ void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
> {
> RAMBlock *block = qemu_get_ram_block(addr);
>
> - return block->host;
> + return ramblock_ptr(block, 0);
> }
>
> /* Return a host pointer to ram allocated with qemu_ram_alloc.
> @@ -1578,7 +1578,7 @@ void *qemu_get_ram_ptr(ram_addr_t addr)
> xen_map_cache(block->offset, block->length, 1);
> }
> }
> - return block->host + (addr - block->offset);
> + return ramblock_ptr(block, addr - block->offset);
> }
which then makes me wonder if all the uses of this are safe near the
end of the block.
> /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
> @@ -1597,7 +1597,7 @@ static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
> if (addr - block->offset < block->length) {
> if (addr - block->offset + *size > block->length)
> *size = block->length - addr + block->offset;
> - return block->host + (addr - block->offset);
> + return ramblock_ptr(block, addr - block->offset);
> }
but then this sounds like it's going to have partial duplication, it already looks
like it's only going to succeed if it finds itself a block that the access fits
in.
Dave
> }
>
> --
> MST
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2014-11-17 10:59 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-12 9:44 [Qemu-devel] [PATCH 0/4] migration: fix CVE-2014-7840 Michael S. Tsirkin
2014-11-12 9:44 ` [Qemu-devel] [PATCH 1/4] migration: fix parameter validation on ram load Michael S. Tsirkin
2014-11-12 9:49 ` Paolo Bonzini
2014-11-12 9:44 ` [Qemu-devel] [PATCH 2/4] exec: add wrapper for host pointer access Michael S. Tsirkin
2014-11-17 10:58 ` Dr. David Alan Gilbert [this message]
2014-11-17 11:36 ` Michael S. Tsirkin
2014-11-17 12:59 ` Dr. David Alan Gilbert
2014-11-17 16:16 ` Michael S. Tsirkin
2014-11-12 9:44 ` [Qemu-devel] [PATCH 3/4] cpu: assert host pointer offset within block Michael S. Tsirkin
2014-11-12 9:44 ` [Qemu-devel] [PATCH 4/4] cpu: verify that block->host is set Michael S. Tsirkin
2014-11-17 6:36 ` [Qemu-devel] [PATCH 0/4] migration: fix CVE-2014-7840 Amit Shah
2014-11-17 10:32 ` Michael S. Tsirkin
2014-11-17 10:38 ` Amit Shah
2014-11-17 10:52 ` Michael S. Tsirkin
2014-11-17 11:07 ` Amit Shah
2014-11-17 11:48 ` Michael S. Tsirkin
2014-11-17 12:20 ` Amit Shah
2014-11-17 12:36 ` Michael S. Tsirkin
2014-11-18 9:03 ` Amit Shah
2014-11-18 9:01 ` Amit Shah
2014-11-18 9:11 ` Dr. David Alan Gilbert
2014-11-18 9:27 ` Michael S. Tsirkin
2014-11-18 9:32 ` Dr. David Alan Gilbert
2014-12-08 23:32 ` Amos Kong
2014-12-10 2:55 ` Amit Shah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141117105852.GC2237@work-vm \
--to=dgilbert@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).