[{"id":3675559,"web_url":"http://patchwork.ozlabs.org/comment/3675559/","msgid":"<5076BC48-D356-45E5-8431-B660F2C22059@unpredictable.fr>","list_archive_url":null,"date":"2026-04-09T23:38:32","subject":"Re: [PATCH 1/1] target/i386/mshv: fix read/write memory across the\n page boundary","submitter":{"id":91318,"url":"http://patchwork.ozlabs.org/api/people/91318/","name":"Mohamed Mediouni","email":"mohamed@unpredictable.fr"},"content":"> On 9. Apr 2026, at 19:53, Doru Blânzeanu wrote:\n> \n> Previously, read_memory and write_memory performed a single GVA-to-GPA\n> translation for the entire buffer. If the buffer spanned a page\n> boundary, the translated GPA was only valid for the first page, causing\n> incorrect reads/writes for the remainder.\n> \n> Fix both functions to loop over pages, translating and accessing each\n> page-aligned chunk separately.\n> \n> Signed-off-by: Doru Blânzeanu \n\nHi,\n\nReviewed-by: Mohamed Mediouni \n\n> ---\n> target/i386/mshv/mshv-cpu.c | 71 +++++++++++++++++++++++++++----------\n> 1 file changed, 52 insertions(+), 19 deletions(-)\n> \n> diff --git a/target/i386/mshv/mshv-cpu.c b/target/i386/mshv/mshv-cpu.c\n> index 2bc978deb2..afdb6b6e29 100644\n> --- a/target/i386/mshv/mshv-cpu.c\n> +++ b/target/i386/mshv/mshv-cpu.c\n> @@ -1316,21 +1316,38 @@ static int read_memory(const CPUState *cpu, uint64_t initial_gva,\n> {\n> int ret;\n> uint64_t gpa, flags;\n> -\n> - if (gva == initial_gva) {\n> - gpa = initial_gpa;\n> - } else {\n> - flags = HV_TRANSLATE_GVA_VALIDATE_READ;\n> - ret = translate_gva(cpu, gva, &gpa, flags);\n> - if (ret < 0) {\n> - return -1;\n> + uint64_t cur_gva = gva;\n> + size_t page_left, chunk;\n> + uint8_t *cur_data = data;\n> +\n> + /*\n> + * If the read spans multiple pages,\n> + * we need to translate and read each page separately\n> + */\n> + while (len > 0) {\n> + page_left = HV_HYP_PAGE_SIZE - (cur_gva & (HV_HYP_PAGE_SIZE - 1));\n> + chunk = MIN(len, page_left);\n> +\n> + if (cur_gva == initial_gva) {\n> + gpa = initial_gpa;\n> + } else {\n> + flags = HV_TRANSLATE_GVA_VALIDATE_READ;\n> + ret = translate_gva(cpu, cur_gva, &gpa, flags);\n> + if (ret < 0) {\n> + return -1;\n> + }\n> }\n> \n> - ret = mshv_guest_mem_read(gpa, data, len, false, false);\n> + ret = mshv_guest_mem_read(gpa, cur_data, chunk,\n> + false, false);\n> if (ret < 0) {\n> error_report(\"failed to read guest mem\");\n> return -1;\n> }\n> +\n> + cur_gva += chunk;\n> + cur_data += chunk;\n> + len -= chunk;\n> }\n> \n> return 0;\n> @@ -1341,18 +1358,34 @@ static int write_memory(const CPUState *cpu, uint64_t gva, const uint8_t *data,\n> {\n> int ret;\n> uint64_t gpa, flags;\n> + uint64_t cur_gva = gva;\n> + size_t page_left, chunk;\n> + const uint8_t *cur_data = data;\n> +\n> + /*\n> + * If the write spans multiple pages,\n> + * we need to translate and write each page separately\n> + */\n> + while (len > 0) {\n> + page_left = HV_HYP_PAGE_SIZE - (cur_gva & (HV_HYP_PAGE_SIZE - 1));\n> + chunk = MIN(len, page_left);\n> +\n> + flags = HV_TRANSLATE_GVA_VALIDATE_WRITE;\n> + ret = translate_gva(cpu, cur_gva, &gpa, flags);\n> + if (ret < 0) {\n> + error_report(\"failed to translate gva to gpa\");\n> + return -1;\n> + }\n> \n> - flags = HV_TRANSLATE_GVA_VALIDATE_WRITE;\n> - ret = translate_gva(cpu, gva, &gpa, flags);\n> - if (ret < 0) {\n> - error_report(\"failed to translate gva to gpa\");\n> - return -1;\n> - }\n> + ret = mshv_guest_mem_write(gpa, cur_data, chunk, false);\n> + if (ret != MEMTX_OK) {\n> + error_report(\"failed to write to mmio\");\n> + return -1;\n> + }\n> \n> - ret = mshv_guest_mem_write(gpa, data, len, false);\n> - if (ret != MEMTX_OK) {\n> - error_report(\"failed to write to mmio\");\n> - return -1;\n> + cur_gva += chunk;\n> + cur_data += chunk;\n> + len -= chunk;\n> }\n> \n> return 0;\n> -- \n> 2.53.0\n> \n>","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=unpredictable.fr header.i=@unpredictable.fr\n header.a=rsa-sha256 header.s=sig1 header.b=DsFA4F3T;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fsGcd3W1Fz1yCv\n\tfor ; Fri, 10 Apr 2026 09:39:43 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from )\n\tid 1wAyxa-0000wI-28; Thu, 09 Apr 2026 19:38:54 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wAyxY-0000w9-HJ\n for qemu-devel@nongnu.org; Thu, 09 Apr 2026 19:38:52 -0400","from qs-2001i-snip4-7.eps.apple.com ([57.103.87.90]\n helo=outbound.qs.icloud.com)\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wAyxU-0000v8-UW\n for qemu-devel@nongnu.org; Thu, 09 Apr 2026 19:38:52 -0400","from outbound.qs.icloud.com (unknown [127.0.0.2])\n by p00-icloudmta-asmtp-us-east-2d-100-percent-10 (Postfix) with ESMTPS id\n B1BC9180012F; Thu, 09 Apr 2026 23:38:45 +0000 (UTC)","from smtpclient.apple (unknown [17.57.155.37])\n by p00-icloudmta-asmtp-us-east-2d-100-percent-10 (Postfix) with ESMTPSA id\n 40E5F18000AB; Thu, 09 Apr 2026 23:38:44 +0000 (UTC)"],"Dkim-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=unpredictable.fr;\n s=sig1; t=1775777926; x=1778369926;\n bh=sYzgcaxgnfSQ7nePGqekNNZhBZIcTyPKqzV35Bjs2LQ=;\n h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To:x-icloud-hme;\n b=DsFA4F3T8Xeqy/gLipdZO++XfW/7ov1s+ZwVW508Rc4NNt0em20m3Od6L3jkU0cPmqjy53Ub+zeTyBk1lvVArcb+fNTTsG9eP6gcUcgetZpgH/2MniHrAW+VXqbSDWekBbnkdjVAbkcn0ms1V+Ol7Jgj8T410QAf/Dl120fRyhd2TsnXTP9ZmODj0Q2GtdZbzCU21iu2fYVY90fICkCuLPwS59OqMn2T+wvVGW8/zZQEc7bdZMufySmGYkjptC6Lqa84OU7wp0hkREZd/l1UBlwQoYd5PibYTlRYokluUnH79C3aVR6dq158YU4yx8rG33eh2dBXM3FMLShSuj95eg==","mail-alias-created-date":"1752046281608","Content-Type":"text/plain;\n\tcharset=utf-8","Mime-Version":"1.0 (Mac OS X Mail 16.0 \\(3864.500.181\\))","Subject":"Re: [PATCH 1/1] target/i386/mshv: fix read/write memory across the\n page boundary","From":"Mohamed Mediouni ","In-Reply-To":"<20260409175334.181249-2-dblanzeanu@linux.microsoft.com>","Date":"Fri, 10 Apr 2026 01:38:32 +0200","Cc":"qemu-devel@nongnu.org, Wei Liu ,\n Magnus Kulke ","Content-Transfer-Encoding":"quoted-printable","Message-Id":"<5076BC48-D356-45E5-8431-B660F2C22059@unpredictable.fr>","References":"<20260409175334.181249-1-dblanzeanu@linux.microsoft.com>\n <20260409175334.181249-2-dblanzeanu@linux.microsoft.com>","To":"=?utf-8?q?Doru_Bl=C3=A2nzeanu?= ","X-Mailer":"Apple Mail (2.3864.500.181)","X-Proofpoint-Spam-Details-Enc":"AW1haW4tMjYwNDA5MDIxOCBTYWx0ZWRfXwRfkLy54/Sy0\n Or0VB8yBnQeeNd80d5AghiFR6sbDj5uC7/P+jpjhosr1erx31DMwe/BAfFzJ2FB4z1rx3h43hqO\n X6MZ5xfaI4sEJB5L6eGOPknqZ+gRwphctPf2vxQ8hmY+IpcU9eei1LYhjdpNtR3gp0Uo9mWdXFb\n mSxFcPKJ9TMuxCNfGMmZ0ff4rzDkqxQYvDcd4MAmKJvjYNj1ssZc0eOQWFomTrpcRWEU+0Yt8yh\n 0g2UZqxgBvHJj19kxMCcaUWbSXWE6zS1eoeP1d3Hb/vz2X0wOx47gI0rnRPrddM0o7t0gaLyiPh\n xO5vV39jQgAzRDlKnXgusCV5ZCGYQB4AUdRk/ml+5L3l+u+eJcifsuLdO861Gk=","X-Authority-Info-Out":"v=2.4 cv=cODtc1eN c=1 sm=1 tr=0 ts=69d83886\n cx=c_apl:c_pps:t_out a=bsP7O+dXZ5uKcj+dsLqiMw==:117\n a=bsP7O+dXZ5uKcj+dsLqiMw==:17 a=IkcTkHD0fZMA:10 a=A5OVakUREuEA:10\n a=VkNPw1HP01LnGYTKEx00:22 a=yMhMjlubAAAA:8 a=dCQT-B8v4ZhGZR95z3cA:9\n a=QEXdDO2ut3YA:10","X-Proofpoint-GUID":"mGeSjGiUchr2ZQvupV026MbcTlCLOCtv","X-Proofpoint-ORIG-GUID":"mGeSjGiUchr2ZQvupV026MbcTlCLOCtv","X-Proofpoint-Virus-Version":"vendor=baseguard\n engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49\n definitions=2026-04-09_05,2026-04-09_02,2025-10-01_01","X-Proofpoint-Spam-Details":"rule=notspam policy=default score=0 clxscore=1030\n adultscore=0 mlxlogscore=999 lowpriorityscore=0 bulkscore=0 phishscore=0\n mlxscore=0 suspectscore=0 malwarescore=0 spamscore=0 classifier=spam\n authscore=0 adjust=0 reason=mlx scancount=1 engine=8.22.0-2601150000\n definitions=main-2604090218","Received-SPF":"pass client-ip=57.103.87.90;\n envelope-from=mohamed@unpredictable.fr; helo=outbound.qs.icloud.com","X-Spam_score_int":"-20","X-Spam_score":"-2.1","X-Spam_bar":"--","X-Spam_report":"(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,\n SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"}}]