| Message ID | 4F5601BF.3070107@siemens.com |
|---|---|
| State | New |
| Headers | show |
On 03/06/2012 02:23 PM, Jan Kiszka wrote: > This was a long pending bug, now revealed by the assert in > phys_page_find that stumbled over the large page index returned by > cpu_get_phys_page_debug for NX-marked pages. > > Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> > --- > > Was easily triggerable by attaching gdb to the guest and doing some > backtraces that reached into stack addresses. > > target-i386/helper.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/target-i386/helper.c b/target-i386/helper.c > index af6bba2..40fe407 100644 > --- a/target-i386/helper.c > +++ b/target-i386/helper.c > @@ -947,7 +947,7 @@ target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr) > } > > page_offset = (addr & TARGET_PAGE_MASK) & (page_size - 1); > - paddr = (pte & TARGET_PAGE_MASK) + page_offset; > + paddr = (pte & TARGET_PAGE_MASK & ~PG_NX_MASK) + page_offset; > return paddr; > } > Should we not, in addition, mask the software available bits (53-62 IIRC)?
On 03/06/2012 02:56 PM, Avi Kivity wrote: > > diff --git a/target-i386/helper.c b/target-i386/helper.c > > index af6bba2..40fe407 100644 > > --- a/target-i386/helper.c > > +++ b/target-i386/helper.c > > @@ -947,7 +947,7 @@ target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr) > > } > > > > page_offset = (addr & TARGET_PAGE_MASK) & (page_size - 1); > > - paddr = (pte & TARGET_PAGE_MASK) + page_offset; > > + paddr = (pte & TARGET_PAGE_MASK & ~PG_NX_MASK) + page_offset; > > return paddr; > > } > > > > Should we not, in addition, mask the software available bits (53-62 IIRC)? > Also intermediate PTEs want this treatment, not just the last one.
diff --git a/target-i386/helper.c b/target-i386/helper.c index af6bba2..40fe407 100644 --- a/target-i386/helper.c +++ b/target-i386/helper.c @@ -947,7 +947,7 @@ target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr) } page_offset = (addr & TARGET_PAGE_MASK) & (page_size - 1); - paddr = (pte & TARGET_PAGE_MASK) + page_offset; + paddr = (pte & TARGET_PAGE_MASK & ~PG_NX_MASK) + page_offset; return paddr; }
This was a long pending bug, now revealed by the assert in phys_page_find that stumbled over the large page index returned by cpu_get_phys_page_debug for NX-marked pages. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> --- Was easily triggerable by attaching gdb to the guest and doing some backtraces that reached into stack addresses. target-i386/helper.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)