From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34670)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <agraf@suse.de>) id 1WwrAT-0005Be-So
	for qemu-devel@nongnu.org; Tue, 17 Jun 2014 07:03:16 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <agraf@suse.de>) id 1WwrAN-0008Ij-5F
	for qemu-devel@nongnu.org; Tue, 17 Jun 2014 07:03:09 -0400
Message-ID: <53A02064.8040804@suse.de>
Date: Tue, 17 Jun 2014 13:03:00 +0200
From: Alexander Graf <agraf@suse.de>
MIME-Version: 1.0
References: <1402988887-30418-1-git-send-email-Bharat.Bhushan@freescale.com>
	<1402988887-30418-4-git-send-email-Bharat.Bhushan@freescale.com>
	<539FF926.4020300@suse.de>
	<a8c47e2563474780b6c31b75b7b5bae7@DM2PR03MB574.namprd03.prod.outlook.com>
	<53A00F35.6000909@suse.de>
	<d7becf7d485e44f6ad73c629a1396ca4@DM2PR03MB574.namprd03.prod.outlook.com>
	<53A01BD9.50207@suse.de>
	<a147a33aa3e24ca597bc526c95190464@DM2PR03MB574.namprd03.prod.outlook.com>
In-Reply-To: <a147a33aa3e24ca597bc526c95190464@DM2PR03MB574.namprd03.prod.outlook.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 3/3 v2] ppc debug: Add debug stub support
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Bharat.Bhushan@freescale.com" <Bharat.Bhushan@freescale.com>, "qemu-ppc@nongnu.org" <qemu-ppc@nongnu.org>, "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>


On 17.06.14 13:01, Bharat.Bhushan@freescale.com wrote:
>>>>>>> +static void kvm_arch_e500_update_guest_debug(CPUState *cs,
>>>>>>> +                                             struct
>>>>>>> +kvm_guest_debug
>>>>>>> +*dbg) {
>>>>>>> +    int n;
>>>>>>> +
>>>>>>> +    if (nb_hw_breakpoint + nb_hw_watchpoint > 0) {
>>>>>>> +        dbg->control |= KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_HW_BP;
>>>>>>> +        memset(dbg->arch.bp, 0, sizeof(dbg->arch.bp));
>>>>>>> +        for (n = 0; n < nb_hw_breakpoint + nb_hw_watchpoint; n++)
>>>>>>> + {
>>>>>> Boundary check against dbg->arch.bp missing.
>>>>> Did not get, what you mean by " dbg->arch.bp missing" ?
>>>> dbg->arch.bp is an array of a certain size. If nb_hw_breakpoint +
>>>> nb_hw_watchpoint > ARRAY_SIZE(dbg->arch.bp) we might overwrite memory
>>>> we don't want to overwrite.
>>> Actually this will never overflow here because nb_hw_breakpoint and
>> nb_hw_watchpoint overflow in taken care in in hw_insert_breakpoint().
>>> Do you thing that to be double safe we can add a check?
>> We only check against an overflow of hw_breakpoint[], not dbg->arch.bp.
>> What if nb_hw_breakpoint becomes 17?
> nb_hw_breakpoint can never be more than max_hw_breakpoint, how nb_hw_breakpoint can be 17 ?

Someone comes along and bumps up max_hw_breakpoint to 17? Just add an 
assert() somewhere that makes sure we can't run over bp :).


Alex