From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:43625) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UaTzn-0005xp-1z for qemu-devel@nongnu.org; Thu, 09 May 2013 12:47:11 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1UaTzl-0008FH-Fy for qemu-devel@nongnu.org; Thu, 09 May 2013 12:47:06 -0400 Received: from mx1.redhat.com ([209.132.183.28]:11086) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UaTzl-0008EC-8M for qemu-devel@nongnu.org; Thu, 09 May 2013 12:47:05 -0400 Message-ID: <518BD2FB.5040509@redhat.com> Date: Thu, 09 May 2013 18:46:51 +0200 From: Paolo Bonzini MIME-Version: 1.0 References: <1367936238-12196-1-git-send-email-pbonzini@redhat.com> <1367936238-12196-2-git-send-email-pbonzini@redhat.com> <26394976.7333823.1367942913958.JavaMail.root@redhat.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [PATCH 01/40] memory: assert that PhysPageEntry's ptr does not overflow List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: liu ping fan Cc: Peter Maydell , aik@ozlabs.ru, jan kiszka , qemu-devel@nongnu.org, stefanha@redhat.com, david@gibson.dropbear.id.au Il 09/05/2013 05:41, liu ping fan ha scritto: > On Wed, May 8, 2013 at 12:08 AM, Paolo Bonzini wr= ote: >> >> >> ----- Messaggio originale ----- >>> Da: "Peter Maydell" >>> A: "Paolo Bonzini" >>> Cc: qemu-devel@nongnu.org, aik@ozlabs.ru, "jan kiszka" , qemulist@gmail.com, >>> stefanha@redhat.com, david@gibson.dropbear.id.au >>> Inviato: Marted=EC, 7 maggio 2013 17:44:59 >>> Oggetto: Re: [Qemu-devel] [PATCH 01/40] memory: assert that PhysPageE= ntry's ptr does not overflow >>> >>> On 7 May 2013 15:16, Paolo Bonzini wrote: >>>> Signed-off-by: Paolo Bonzini >>>> --- >>>> exec.c | 2 ++ >>>> 1 files changed, 2 insertions(+), 0 deletions(-) >>>> >>>> diff --git a/exec.c b/exec.c >>>> index 19725db..2e5b89a 100644 >>>> --- a/exec.c >>>> +++ b/exec.c >>>> @@ -719,6 +719,8 @@ static void destroy_all_mappings(AddressSpaceDis= patch >>>> *d) >>>> >>>> static uint16_t phys_section_add(MemoryRegionSection *section) >>>> { >>>> + assert(phys_sections_nb < TARGET_PAGE_SIZE); >>>> + >>>> if (phys_sections_nb =3D=3D phys_sections_nb_alloc) { >>>> phys_sections_nb_alloc =3D MAX(phys_sections_nb_alloc * 2, = 16); >>>> phys_sections =3D g_renew(MemoryRegionSection, phys_section= s, >>> >>> Why is the limit we're asserting not the same as the maximum >>> size that we pass to g_renew() below? >> >> That's a minimum size, isn't it? >> >> I'm asserting that the physical section number doesn't overflow into >> the page, since the TLB entries are stored as a combination of the two. >> > Could you explain more detail? Why < TARGET_PAGE_SIZE, not 2^15? Because the TLB entry is the "or" of the page address and the phys_section. Look here: hwaddr memory_region_section_get_iotlb(CPUArchState *env, MemoryRegionSection *s= ection, target_ulong vaddr, hwaddr paddr, int prot, target_ulong *address) { hwaddr iotlb; CPUWatchpoint *wp; if (memory_region_is_ram(section->mr)) { /* Normal RAM. */ iotlb =3D (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_= MASK) + memory_region_section_addr(section, paddr); if (!section->readonly) { iotlb |=3D phys_section_notdirty; } else { iotlb |=3D phys_section_rom; } } else { iotlb =3D section - phys_sections; iotlb +=3D memory_region_section_addr(section, paddr); } where the else could be written better as: iotlb =3D memory_region_section_addr(section, paddr); iotlb |=3D section - phys_sections; memory_region_section_addr will return a page-aligned value. Paolo