[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v2 4/7] tcg: Enforce single page access in probe_wri
|
From: |
David Hildenbrand |
|
Subject: |
[Qemu-devel] [PATCH v2 4/7] tcg: Enforce single page access in probe_write() |
|
Date: |
Mon, 26 Aug 2019 09:51:09 +0200 |
Let's enforce the interface restriction.
Signed-off-by: David Hildenbrand <address@hidden>
---
accel/tcg/cputlb.c | 2 ++
accel/tcg/user-exec.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index 7fc7aa9482..09fe4cdcc4 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1088,6 +1088,8 @@ void probe_write(CPUArchState *env, target_ulong addr,
int size, int mmu_idx,
CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
target_ulong tlb_addr = tlb_addr_write(entry);
+ g_assert(-(addr | TARGET_PAGE_MASK) >= size);
+
if (unlikely(!tlb_hit(tlb_addr, addr))) {
if (!VICTIM_TLB_HIT(addr_write, addr)) {
tlb_fill(env_cpu(env), addr, size, MMU_DATA_STORE,
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index 68f4425cbc..b25a342eaa 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -194,6 +194,8 @@ void probe_write(CPUArchState *env, target_ulong addr, int
size, int mmu_idx,
CPUState *cpu = env_cpu(env);
CPUClass *cc;
+ g_assert(-(addr | TARGET_PAGE_MASK) >= size);
+
if (!guest_addr_valid(addr) ||
page_check_range(addr, size, PAGE_WRITE) < 0) {
cc = CPU_GET_CLASS(cpu);
--
2.21.0
- [Qemu-devel] [PATCH v2 0/7] tcg: probe_write() refactorings, David Hildenbrand, 2019/08/26
- [Qemu-devel] [PATCH v2 1/7] s390x/tcg: Use guest_addr_valid() instead of h2g_valid() in probe_write_access(), David Hildenbrand, 2019/08/26
- [Qemu-devel] [PATCH v2 2/7] s390x/tcg: Fix length calculation in probe_write_access(), David Hildenbrand, 2019/08/26
- [Qemu-devel] [PATCH v2 3/7] tcg: Factor out CONFIG_USER_ONLY probe_write() from s390x code, David Hildenbrand, 2019/08/26
- [Qemu-devel] [PATCH v2 4/7] tcg: Enforce single page access in probe_write(),
David Hildenbrand <=
- [Qemu-devel] [PATCH v2 5/7] mips/tcg: Call probe_write() for CONFIG_USER_ONLY as well, David Hildenbrand, 2019/08/26
- [Qemu-devel] [PATCH v2 6/7] hppa/tcg: Call probe_write() also for CONFIG_USER_ONLY, David Hildenbrand, 2019/08/26
- [Qemu-devel] [PATCH v2 7/7] s390x/tcg: Pass a size to probe_write() in do_csst(), David Hildenbrand, 2019/08/26
- Re: [Qemu-devel] [qemu-s390x] [PATCH v2 0/7] tcg: probe_write() refactorings, David Hildenbrand, 2019/08/27