From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54387)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1VAa66-0005Ze-5x
	for qemu-devel@nongnu.org; Sat, 17 Aug 2013 02:34:56 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1VAa61-0003Tr-4c
	for qemu-devel@nongnu.org; Sat, 17 Aug 2013 02:34:50 -0400
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <520F194F.1030501@redhat.com>
Date: Sat, 17 Aug 2013 08:33:51 +0200
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <20130816215706.23647.80992.stgit@bling.home>
In-Reply-To: <20130816215706.23647.80992.stgit@bling.home>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v4] exec: Fix non-power-of-2 sized accesses
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Alex Williamson <alex.williamson@redhat.com>
Cc: rth@twiddle.net, lersek@redhat.com, qemu-devel@nongnu.org, qemu-stable@nongnu.org

Il 16/08/2013 23:58, Alex Williamson ha scritto:
> Since commit 23326164 we align access sizes to match the alignment of
> the address, but we don't align the access size itself.  This means we
> let illegal access sizes (ex. 3) slip through if the address is
> sufficiently aligned (ex. 4).  This results in an abort which would be
> easy for a guest to trigger.  Account for aligning the access size.

Is it the same as this?

http://lists.gnu.org/archive/html/qemu-devel/2013-07/msg05398.html

(which perhaps is buggy as your v1/v2/v3 :))?

Paolo

> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
> Cc: qemu-stable@nongnu.org
> ---
> 
> v4: KISS
> v3: Highest power of 2, not lowest
> v2: Remove unnecessary loop condition
> 
>  exec.c |   18 +++++++++++++-----
>  1 file changed, 13 insertions(+), 5 deletions(-)
> 
> diff --git a/exec.c b/exec.c
> index 3ca9381..67a822c 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -1924,12 +1924,20 @@ static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
>          }
>      }
>  
> -    /* Don't attempt accesses larger than the maximum.  */
> -    if (l > access_size_max) {
> -        l = access_size_max;
> +    /* Don't attempt accesses larger than the maximum or unsupported sizes.  */
> +    if (l >= access_size_max) {
> +        return access_size_max;
> +    } else {
> +        if (l >= 8) {
> +            return 8;
> +        } else if (l >= 4) {
> +            return 4;
> +        } else if (l >= 2) {
> +            return 2;
> +        } else {
> +            return 1;
> +        }
>      }
> -
> -    return l;
>  }
>  
>  bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
> 
> 
>