[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 29/36] s390x/tcg: Fix length calculation in probe_wr
|
From: |
Richard Henderson |
|
Subject: |
[Qemu-devel] [PATCH 29/36] s390x/tcg: Fix length calculation in probe_write_access() |
|
Date: |
Tue, 3 Sep 2019 09:08:51 -0700 |
From: David Hildenbrand <address@hidden>
Hm... how did that "-" slip in (-TAGRET_PAGE_SIZE would be correct). This
currently makes us exceed one page in a single probe_write() call,
essentially leaving some memory unchecked.
Fixes: c5a7392cfb96 ("s390x/tcg: Provide probe_write_access helper")
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: David Hildenbrand <address@hidden>
Reviewed-by: Cornelia Huck <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
---
target/s390x/mem_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 7819aca15d..4b43440e89 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -2623,7 +2623,7 @@ void probe_write_access(CPUS390XState *env, uint64_t
addr, uint64_t len,
#else
/* test the actual access, not just any access to the page due to LAP */
while (len) {
- const uint64_t pagelen = -(addr | -TARGET_PAGE_MASK);
+ const uint64_t pagelen = -(addr | TARGET_PAGE_MASK);
const uint64_t curlen = MIN(pagelen, len);
probe_write(env, addr, curlen, cpu_mmu_index(env, false), ra);
--
2.17.1
- [Qemu-devel] [PATCH 20/36] exec: Move user-only watchpoint stubs inline, (continued)
- [Qemu-devel] [PATCH 20/36] exec: Move user-only watchpoint stubs inline, Richard Henderson, 2019/09/03
- [Qemu-devel] [PATCH 21/36] exec: Factor out core logic of check_watchpoint(), Richard Henderson, 2019/09/03
- [Qemu-devel] [PATCH 17/36] cputlb: Byte swap memory transaction attribute, Richard Henderson, 2019/09/03
- [Qemu-devel] [PATCH 24/36] cputlb: Fix size operand for tlb_fill on unaligned store, Richard Henderson, 2019/09/03
- [Qemu-devel] [PATCH 23/36] exec: Factor out cpu_watchpoint_address_matches, Richard Henderson, 2019/09/03
- [Qemu-devel] [PATCH 22/36] cputlb: Fold TLB_RECHECK into TLB_INVALID_MASK, Richard Henderson, 2019/09/03
- [Qemu-devel] [PATCH 25/36] cputlb: Remove double-alignment in store_helper, Richard Henderson, 2019/09/03
- [Qemu-devel] [PATCH 27/36] tcg: Check for watchpoints in probe_write(), Richard Henderson, 2019/09/03
- [Qemu-devel] [PATCH 29/36] s390x/tcg: Fix length calculation in probe_write_access(),
Richard Henderson <=
- [Qemu-devel] [PATCH 26/36] cputlb: Handle watchpoints via TLB_WATCHPOINT, Richard Henderson, 2019/09/03
- [Qemu-devel] [PATCH 28/36] s390x/tcg: Use guest_addr_valid() instead of h2g_valid() in probe_write_access(), Richard Henderson, 2019/09/03
- [Qemu-devel] [PATCH 30/36] tcg: Factor out CONFIG_USER_ONLY probe_write() from s390x code, Richard Henderson, 2019/09/03
- [Qemu-devel] [PATCH 31/36] tcg: Enforce single page access in probe_write(), Richard Henderson, 2019/09/03
- [Qemu-devel] [PATCH 32/36] mips/tcg: Call probe_write() for CONFIG_USER_ONLY as well, Richard Henderson, 2019/09/03
- [Qemu-devel] [PATCH 33/36] hppa/tcg: Call probe_write() also for CONFIG_USER_ONLY, Richard Henderson, 2019/09/03
- [Qemu-devel] [PATCH 34/36] s390x/tcg: Pass a size to probe_write() in do_csst(), Richard Henderson, 2019/09/03
- [Qemu-devel] [PATCH 35/36] tcg: Make probe_write() return a pointer to the host page, Richard Henderson, 2019/09/03
- [Qemu-devel] [PATCH 36/36] tcg: Factor out probe_write() logic into probe_access(), Richard Henderson, 2019/09/03
- Re: [Qemu-devel] [PATCH 00/36] tcg patch queue, Mark Cave-Ayland, 2019/09/03