From patchwork Fri Aug 16 21:58:49 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Williamson X-Patchwork-Id: 267772 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id B190D2C028F for ; Sat, 17 Aug 2013 07:59:17 +1000 (EST) Received: from localhost ([::1]:33267 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VAS38-0003nR-HP for incoming@patchwork.ozlabs.org; Fri, 16 Aug 2013 17:59:14 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33418) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VAS2q-0003nF-4A for qemu-devel@nongnu.org; Fri, 16 Aug 2013 17:59:01 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VAS2l-0008Pe-3Z for qemu-devel@nongnu.org; Fri, 16 Aug 2013 17:58:56 -0400 Received: from mx1.redhat.com ([209.132.183.28]:44010) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VAS2k-0008Ox-Ru; Fri, 16 Aug 2013 17:58:51 -0400 Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r7GLwnT8014539 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 16 Aug 2013 17:58:50 -0400 Received: from bling.home (ovpn-113-74.phx2.redhat.com [10.3.113.74]) by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id r7GLwnvb010317; Fri, 16 Aug 2013 17:58:49 -0400 To: qemu-devel@nongnu.org From: Alex Williamson Date: Fri, 16 Aug 2013 15:58:49 -0600 Message-ID: <20130816215706.23647.80992.stgit@bling.home> User-Agent: StGit/0.16 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 209.132.183.28 Cc: lersek@redhat.com, qemu-stable@nongnu.org, rth@twiddle.net Subject: [Qemu-devel] [PATCH v4] exec: Fix non-power-of-2 sized accesses X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Since commit 23326164 we align access sizes to match the alignment of the address, but we don't align the access size itself. This means we let illegal access sizes (ex. 3) slip through if the address is sufficiently aligned (ex. 4). This results in an abort which would be easy for a guest to trigger. Account for aligning the access size. Signed-off-by: Alex Williamson Cc: qemu-stable@nongnu.org Reviewed-by: Laszlo Ersek --- v4: KISS v3: Highest power of 2, not lowest v2: Remove unnecessary loop condition exec.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/exec.c b/exec.c index 3ca9381..67a822c 100644 --- a/exec.c +++ b/exec.c @@ -1924,12 +1924,20 @@ static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr) } } - /* Don't attempt accesses larger than the maximum. */ - if (l > access_size_max) { - l = access_size_max; + /* Don't attempt accesses larger than the maximum or unsupported sizes. */ + if (l >= access_size_max) { + return access_size_max; + } else { + if (l >= 8) { + return 8; + } else if (l >= 4) { + return 4; + } else if (l >= 2) { + return 2; + } else { + return 1; + } } - - return l; } bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,