From patchwork Thu Jun 20 14:44:29 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paolo Bonzini <pbonzini@redhat.com>
X-Patchwork-Id: 253001
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 970062C00A1
	for <incoming@patchwork.ozlabs.org>;
	Fri, 21 Jun 2013 01:21:27 +1000 (EST)
Received: from localhost ([::1]:58864 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1Upg8W-0008Lu-PY
	for incoming@patchwork.ozlabs.org; Thu, 20 Jun 2013 10:46:56 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:36983)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1Upg6l-00069i-Cr
	for qemu-devel@nongnu.org; Thu, 20 Jun 2013 10:45:12 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1Upg6g-0006v6-7i
	for qemu-devel@nongnu.org; Thu, 20 Jun 2013 10:45:07 -0400
Received: from mail-ee0-x22a.google.com ([2a00:1450:4013:c00::22a]:50383)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1Upg6f-0006q5-NB
	for qemu-devel@nongnu.org; Thu, 20 Jun 2013 10:45:02 -0400
Received: by mail-ee0-f42.google.com with SMTP id c4so4039405eek.1
	for <qemu-devel@nongnu.org>; Thu, 20 Jun 2013 07:45:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=sender:from:to:cc:subject:date:message-id:x-mailer:in-reply-to
	:references; bh=aFfBcbWiS3s4wkkM2ossAw3aOOO34cwsQavVFh+fK6Q=;
	b=UZP9jC6G/CzJz7Bt/xKmjKbaX6RF53ZSOimyNnSvjgz24s3J/CjHK26w/tYgzgbEAl
	1c0EJC1PczQXuP9Bpl62ly2spbxuneMUU6kNDq6v7uCNrWAh+DOqCfO1tgUGd1fADxWr
	NgvLeZzSTtcGi7ZMk5g0kzk7tXz7/N4kmqaeRO4nZSd9THHh2cDPMzGGoKCAxg8Z5zDj
	D3lhM7cVv0EFblWo+an6YpiDZjvsEqtCMJBkHMudFKmLjjjT+NI2FBJCCHX6SBfVYrhi
	usWkb8pt7kjqT6erbFBUpYaBMuj89FgHEyeNwds6wplSK/a9prsTerfhNu9EzZswvd0T
	nBQQ==
X-Received: by 10.14.184.4 with SMTP id r4mr7988447eem.100.1371739501001;
	Thu, 20 Jun 2013 07:45:01 -0700 (PDT)
Received: from playground.lan (net-37-116-217-184.cust.dsl.vodafone.it.
	[37.116.217.184])
	by mx.google.com with ESMTPSA id y10sm973958eev.3.2013.06.20.07.44.58
	for <multiple recipients>
	(version=TLSv1.2 cipher=RC4-SHA bits=128/128);
	Thu, 20 Jun 2013 07:44:59 -0700 (PDT)
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Date: Thu, 20 Jun 2013 16:44:29 +0200
Message-Id: <1371739493-10187-2-git-send-email-pbonzini@redhat.com>
X-Mailer: git-send-email 1.8.1.4
In-Reply-To: <1371739493-10187-1-git-send-email-pbonzini@redhat.com>
References: <1371739493-10187-1-git-send-email-pbonzini@redhat.com>
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2a00:1450:4013:c00::22a
Cc: Peter Maydell <peter.maydell@linaro.org>
Subject: [Qemu-devel] [PATCH 01/25] exec.c: address_space_translate: handle
	access to addr 0 of 2^64 sized region
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

From: Peter Maydell <peter.maydell@linaro.org>

The memory API allows a MemoryRegion's size to be 2^64, as a special
case (otherwise the size always fits in a 64 bit integer). This meant
that attempts to access address zero in a 2^64 sized region would
assert in address_space_translate():

  #3  0x00007ffff3e4d192 in __GI___assert_fail#(assertion=0x555555a43f32
    "!a.hi", file=0x555555a43ef0 "include/qemu/int128.h", line=18,
    function=0x555555a4439f "int128_get64") at assert.c:103
  #4  0x0000555555877642 in int128_get64 (a=...)
    at include/qemu/int128.h:18
  #5  0x00005555558782f2 in address_space_translate (as=0x55555668d140,
   /addr=0, xlat=0x7fffafac9918, plen=0x7fffafac9920, is_write=false)
    at exec.c:221

Fix this by doing the 'min' operation in 128 bit arithmetic
rather than 64 bit arithmetic (we know the result of the 'min'
definitely fits in 64 bits because one of the inputs did).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 exec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/exec.c b/exec.c
index 5b8b40d..eb200d0 100644
--- a/exec.c
+++ b/exec.c
@@ -218,7 +218,7 @@ MemoryRegionSection *address_space_translate(AddressSpace *as, hwaddr addr,
     *xlat = addr + section->offset_within_region;
 
     diff = int128_sub(section->mr->size, int128_make64(addr));
-    *plen = MIN(int128_get64(diff), *plen);
+    *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
     return section;
 }
 #endif