[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v2 2/7] s390x/tcg: Fix length calculation in probe_w
From: |
David Hildenbrand |
Subject: |
[Qemu-devel] [PATCH v2 2/7] s390x/tcg: Fix length calculation in probe_write_access() |
Date: |
Mon, 26 Aug 2019 09:51:07 +0200 |
Hm... how did that "-" slip in (-TAGRET_PAGE_SIZE would be correct). This
currently makes us exceed one page in a single probe_write() call,
essentially leaving some memory unchecked.
Fixes: c5a7392cfb96 ("s390x/tcg: Provide probe_write_access helper")
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: David Hildenbrand <address@hidden>
---
target/s390x/mem_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 7819aca15d..4b43440e89 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -2623,7 +2623,7 @@ void probe_write_access(CPUS390XState *env, uint64_t
addr, uint64_t len,
#else
/* test the actual access, not just any access to the page due to LAP */
while (len) {
- const uint64_t pagelen = -(addr | -TARGET_PAGE_MASK);
+ const uint64_t pagelen = -(addr | TARGET_PAGE_MASK);
const uint64_t curlen = MIN(pagelen, len);
probe_write(env, addr, curlen, cpu_mmu_index(env, false), ra);
--
2.21.0
- [Qemu-devel] [PATCH v2 0/7] tcg: probe_write() refactorings, David Hildenbrand, 2019/08/26
- [Qemu-devel] [PATCH v2 1/7] s390x/tcg: Use guest_addr_valid() instead of h2g_valid() in probe_write_access(), David Hildenbrand, 2019/08/26
- [Qemu-devel] [PATCH v2 2/7] s390x/tcg: Fix length calculation in probe_write_access(),
David Hildenbrand <=
- [Qemu-devel] [PATCH v2 3/7] tcg: Factor out CONFIG_USER_ONLY probe_write() from s390x code, David Hildenbrand, 2019/08/26
- [Qemu-devel] [PATCH v2 4/7] tcg: Enforce single page access in probe_write(), David Hildenbrand, 2019/08/26
- [Qemu-devel] [PATCH v2 5/7] mips/tcg: Call probe_write() for CONFIG_USER_ONLY as well, David Hildenbrand, 2019/08/26
- [Qemu-devel] [PATCH v2 6/7] hppa/tcg: Call probe_write() also for CONFIG_USER_ONLY, David Hildenbrand, 2019/08/26
- [Qemu-devel] [PATCH v2 7/7] s390x/tcg: Pass a size to probe_write() in do_csst(), David Hildenbrand, 2019/08/26