From patchwork Tue May 21 10:57:14 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 245273 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 679922C00BE for ; Tue, 21 May 2013 21:04:52 +1000 (EST) Received: from localhost ([::1]:53821 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UekN8-0005gR-3c for incoming@patchwork.ozlabs.org; Tue, 21 May 2013 07:04:50 -0400 Received: from eggs.gnu.org ([208.118.235.92]:44974) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UekGf-0004LS-9o for qemu-devel@nongnu.org; Tue, 21 May 2013 06:58:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1UekGd-0005Es-TV for qemu-devel@nongnu.org; Tue, 21 May 2013 06:58:09 -0400 Received: from mail-ee0-f44.google.com ([74.125.83.44]:62728) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UekGd-0005DC-LK for qemu-devel@nongnu.org; Tue, 21 May 2013 06:58:07 -0400 Received: by mail-ee0-f44.google.com with SMTP id b57so310735eek.3 for ; Tue, 21 May 2013 03:58:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:date:message-id:x-mailer:in-reply-to :references; bh=ZF5y1id11gzZlHyowfCld2WmkI0TVo7GtTvdyJqfPwY=; b=VHXcrlRDt3TlF2me5mTMcjqmEgi4Pp+Mkn3+ccstpPlS0QHC63OUyHN0DiTB7BLzCf GFBK65DoWnTyIA+Gg9b7DwNwn0B+VyXPjdI+MAXdF4uMWTAU+gWsH6N0ze7kTSDZNUhv WaGFUEI8fGzHmJ/uxAMLawM/42W8dNyFusMszkGA/ws+qaI4etkBO/3ynMNzuiSpBHYB iP0JM5DxoyNPmyV9vOGh1e5P7Nx9+taQNZ4zkr62xDivmWtim6TaLxlZqsYQcaIgijge OZa/K9oDUtvS28PToQkWA4+0w2nZTPBptauN40M4MzAbSIoE/a39oxP8DEr2Ytx9A1ln 38ZQ== X-Received: by 10.14.246.137 with SMTP id q9mr5098561eer.39.1369133886639; Tue, 21 May 2013 03:58:06 -0700 (PDT) Received: from playground.lan (net-37-116-223-193.cust.dsl.vodafone.it. [37.116.223.193]) by mx.google.com with ESMTPSA id a5sm2754398ees.6.2013.05.21.03.58.04 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Tue, 21 May 2013 03:58:05 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Tue, 21 May 2013 12:57:14 +0200 Message-Id: <1369133851-1894-14-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.1.4 In-Reply-To: <1369133851-1894-1-git-send-email-pbonzini@redhat.com> References: <1369133851-1894-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 74.125.83.44 Cc: peter.maydell@linaro.org, jan.kiszka@gmail.com, Avi Kivity , David Gibson Subject: [Qemu-devel] [PATCH 13/30] memory: limit sections in the radix tree to the actual address space size X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org From: Avi Kivity The radix tree is statically sized to fit TARGET_PHYS_ADDR_SPACE_BITS. If a larger memory region is registered, it will overflow. Fix by limiting any section in the radix tree to the supported size. This problem was not observed earlier since artificial regions (containers and aliases) are eliminated by the memory core, leaving only device regions which have reasonable sizes. An IOMMU however cannot be eliminated by the memory core, and may have an artificial size. Signed-off-by: Avi Kivity [ Fail the build if TARGET_PHYS_ADDR_SPACE_BITS is too large - Paolo ] Signed-off-by: Paolo Bonzini Reviewed-by: Peter Maydell --- exec.c | 13 ++++++++++++- include/exec/memory.h | 3 +++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/exec.c b/exec.c index 380245f..8d91221 100644 --- a/exec.c +++ b/exec.c @@ -771,10 +771,21 @@ static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *sec section_index); } +QEMU_BUILD_BUG_ON(TARGET_PHYS_ADDR_SPACE_BITS > MAX_PHYS_ADDR_SPACE_BITS) + +static MemoryRegionSection limit(MemoryRegionSection section) +{ + section.size = MIN(section.offset_within_address_space + section.size, + MAX_PHYS_ADDR + 1) + - section.offset_within_address_space; + + return section; +} + static void mem_add(MemoryListener *listener, MemoryRegionSection *section) { AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener); - MemoryRegionSection now = *section, remain = *section; + MemoryRegionSection now = limit(*section), remain = limit(*section); if ((now.offset_within_address_space & ~TARGET_PAGE_MASK) || (now.size < TARGET_PAGE_SIZE)) { diff --git a/include/exec/memory.h b/include/exec/memory.h index 9fae89b..6ed593c 100644 --- a/include/exec/memory.h +++ b/include/exec/memory.h @@ -26,6 +26,9 @@ #include "exec/ioport.h" #include "qemu/int128.h" +#define MAX_PHYS_ADDR_SPACE_BITS 62 +#define MAX_PHYS_ADDR (((hwaddr)1 << MAX_PHYS_ADDR_SPACE_BITS) - 1) + typedef struct MemoryRegionOps MemoryRegionOps; typedef struct MemoryRegionPortio MemoryRegionPortio; typedef struct MemoryRegionMmio MemoryRegionMmio;