[Qemu-devel] [PATCH] linux-user: Safety belt for h2g

[Kirill A. Shutemov]

From: Jan Kiszka <address@hidden>

h2g can only work on 64-bit hosts if the provided address is mappable to
the guest range. Neglecting this was already the source for several
bugs. Instrument the macro so that it will trigger earlier in the
future (at least as long as we have this kind of mapping mechanism).

Signed-off-by: Jan Kiszka <address@hidden>
Signed-off-by: Kirill A. Shutemov <address@hidden>
---
 cpu-all.h |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/cpu-all.h b/cpu-all.h
index 73c7b4c..526ace2 100644
--- a/cpu-all.h
+++ b/cpu-all.h
@@ -621,6 +621,9 @@ static inline void stfq_be_p(void *ptr, float64 v)
 /* MMU memory access macros */
 
 #if defined(CONFIG_USER_ONLY)
+#include <assert.h>
+#include "qemu-types.h"
+
 /* On some host systems the guest address space is reserved on the host.
  * This allows the guest address space to be offset to a convenient location.
  */
@@ -629,7 +632,12 @@ static inline void stfq_be_p(void *ptr, float64 v)
 
 /* All direct uses of g2h and h2g need to go away for usermode softmmu.  */
 #define g2h(x) ((void *)((unsigned long)(x) + GUEST_BASE))
-#define h2g(x) ((target_ulong)((unsigned long)(x) - GUEST_BASE))
+#define h2g(x) ({ \
+    unsigned long __ret = (unsigned long)(x) - GUEST_BASE; \
+    /* Check if given address fits target address space */ \
+    assert(__ret == (abi_ulong)__ret); \
+    (abi_ulong)__ret; \
+})
 
 #define saddr(x) g2h(x)
 #define laddr(x) g2h(x)
-- 
1.6.0.2.GIT