|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] [qemu] Fix reads on unreported memory addresses.
# HG changeset patch
# User chris@xxxxxxxxxxxxxxxxxxxxxxxx
# Node ID f2eb2089c9eb8e18ccc2eaca9060a37d7f124cb0
# Parent 5848356af8da250becd856b244a33c9391b9ab1c
[qemu] Fix reads on unreported memory addresses.
The function cpu_physical_memory_rw() thinks that if an address is
not mmio-related, it is assumed to be a RAM case. This is improper.
When making the assumption, we should make sure the address is less
than the guest physical memory size ram_size.
From: Cui, Dexuan <dexuan.cui@xxxxxxxxx>
Signed-off-by: Christian Limpach <Christian.Limpach@xxxxxxxxxxxxx>
---
tools/ioemu/patches/ioemu-ia64 | 23 +++++++++++------------
tools/ioemu/patches/qemu-target-i386-dm | 20 ++++++--------------
tools/ioemu/target-i386-dm/exec-dm.c | 8 ++++++--
3 files changed, 23 insertions(+), 28 deletions(-)
diff -r 5848356af8da -r f2eb2089c9eb tools/ioemu/patches/ioemu-ia64
--- a/tools/ioemu/patches/ioemu-ia64 Thu Jul 27 14:06:15 2006 +0100
+++ b/tools/ioemu/patches/ioemu-ia64 Fri Jul 28 10:12:23 2006 +0100
@@ -1,7 +1,7 @@ Index: ioemu/hw/iommu.c
Index: ioemu/hw/iommu.c
===================================================================
---- ioemu.orig/hw/iommu.c 2006-07-27 11:16:53.470941290 +0100
-+++ ioemu/hw/iommu.c 2006-07-27 11:16:58.611372243 +0100
+--- ioemu.orig/hw/iommu.c 2006-07-28 09:56:58.571272016 +0100
++++ ioemu/hw/iommu.c 2006-07-28 10:02:10.171049510 +0100
@@ -82,7 +82,11 @@
#define IOPTE_VALID 0x00000002 /* IOPTE is valid */
#define IOPTE_WAZ 0x00000001 /* Write as zeros */
@@ -16,8 +16,8 @@ Index: ioemu/hw/iommu.c
Index: ioemu/cpu-all.h
===================================================================
---- ioemu.orig/cpu-all.h 2006-07-27 11:16:57.986441423 +0100
-+++ ioemu/cpu-all.h 2006-07-27 11:16:58.617371579 +0100
+--- ioemu.orig/cpu-all.h 2006-07-28 09:58:38.815935452 +0100
++++ ioemu/cpu-all.h 2006-07-28 10:02:10.171049510 +0100
@@ -835,6 +835,31 @@
:"=m" (*(volatile long *)addr)
:"dIr" (nr));
@@ -52,8 +52,8 @@ Index: ioemu/cpu-all.h
/* memory API */
Index: ioemu/vl.c
===================================================================
---- ioemu.orig/vl.c 2006-07-27 11:16:58.450390064 +0100
-+++ ioemu/vl.c 2006-07-27 11:16:58.619371357 +0100
+--- ioemu.orig/vl.c 2006-07-28 09:58:59.672577418 +0100
++++ ioemu/vl.c 2006-07-28 10:02:10.174049171 +0100
@@ -5578,6 +5578,7 @@
exit(-1);
}
@@ -99,9 +99,9 @@ Index: ioemu/vl.c
#ifdef CONFIG_SOFTMMU
Index: ioemu/target-i386-dm/exec-dm.c
===================================================================
---- ioemu.orig/target-i386-dm/exec-dm.c 2006-07-27 11:16:57.527492229
+0100
-+++ ioemu/target-i386-dm/exec-dm.c 2006-07-27 11:16:58.620371247 +0100
-@@ -340,6 +340,23 @@
+--- ioemu.orig/target-i386-dm/exec-dm.c 2006-07-28 09:58:22.882736989
+0100
++++ ioemu/target-i386-dm/exec-dm.c 2006-07-28 10:03:19.972165675 +0100
+@@ -341,6 +341,23 @@
return io_mem_read[io_index >> IO_MEM_SHIFT];
}
@@ -125,20 +125,20 @@ Index: ioemu/target-i386-dm/exec-dm.c
/* physical memory access (slow version, mainly for debug) */
#if defined(CONFIG_USER_ONLY)
void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
-@@ -455,6 +472,9 @@
+@@ -456,6 +473,9 @@
ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
(addr & ~TARGET_PAGE_MASK);
memcpy(buf, ptr, l);
+#ifdef __ia64__
+ sync_icache((unsigned long)ptr, l);
+#endif
- }
- }
- len -= l;
+ } else {
+ /* unreported MMIO space */
+ memset(buf, 0xff, len);
Index: ioemu/exec-all.h
===================================================================
---- ioemu.orig/exec-all.h 2006-07-27 11:16:57.446501195 +0100
-+++ ioemu/exec-all.h 2006-07-27 11:16:58.621371136 +0100
+--- ioemu.orig/exec-all.h 2006-07-28 09:56:58.572271903 +0100
++++ ioemu/exec-all.h 2006-07-28 10:02:10.175049059 +0100
@@ -462,12 +462,13 @@
}
#endif
@@ -158,8 +158,8 @@ Index: ioemu/exec-all.h
Index: ioemu/target-i386-dm/cpu.h
===================================================================
---- ioemu.orig/target-i386-dm/cpu.h 2006-07-27 11:16:57.526492340 +0100
-+++ ioemu/target-i386-dm/cpu.h 2006-07-27 11:16:58.621371136 +0100
+--- ioemu.orig/target-i386-dm/cpu.h 2006-07-28 09:56:58.572271903 +0100
++++ ioemu/target-i386-dm/cpu.h 2006-07-28 10:02:10.175049059 +0100
@@ -80,7 +80,11 @@
/* helper2.c */
int main_loop(void);
@@ -175,7 +175,7 @@ Index: ioemu/ia64_intrinsic.h
Index: ioemu/ia64_intrinsic.h
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ ioemu/ia64_intrinsic.h 2006-07-27 11:16:58.621371136 +0100
++++ ioemu/ia64_intrinsic.h 2006-07-28 10:02:10.176048946 +0100
@@ -0,0 +1,276 @@
+#ifndef IA64_INTRINSIC_H
+#define IA64_INTRINSIC_H
diff -r 5848356af8da -r f2eb2089c9eb tools/ioemu/patches/qemu-target-i386-dm
--- a/tools/ioemu/patches/qemu-target-i386-dm Thu Jul 27 14:06:15 2006 +0100
+++ b/tools/ioemu/patches/qemu-target-i386-dm Fri Jul 28 10:12:23 2006 +0100
@@ -1,7 +1,7 @@ Index: ioemu/Makefile.target
Index: ioemu/Makefile.target
===================================================================
---- ioemu.orig/Makefile.target 2006-07-26 11:45:57.572129351 +0100
-+++ ioemu/Makefile.target 2006-07-26 11:45:57.589127569 +0100
+--- ioemu.orig/Makefile.target 2006-07-28 09:56:49.468301708 +0100
++++ ioemu/Makefile.target 2006-07-28 09:56:58.486281629 +0100
@@ -57,6 +57,8 @@
QEMU_SYSTEM=qemu-fast
endif
@@ -32,8 +32,8 @@ Index: ioemu/Makefile.target
endif
Index: ioemu/configure
===================================================================
---- ioemu.orig/configure 2006-07-26 11:45:57.573129246 +0100
-+++ ioemu/configure 2006-07-26 11:45:57.590127464 +0100
+--- ioemu.orig/configure 2006-07-28 09:56:49.469301595 +0100
++++ ioemu/configure 2006-07-28 09:56:49.486299672 +0100
@@ -359,6 +359,8 @@
if [ "$user" = "yes" ] ; then
target_list="i386-user arm-user armeb-user sparc-user ppc-user
mips-user mipsel-user $target_list"
@@ -45,8 +45,8 @@ Index: ioemu/configure
fi
Index: ioemu/monitor.c
===================================================================
---- ioemu.orig/monitor.c 2006-07-26 11:45:57.576128931 +0100
-+++ ioemu/monitor.c 2006-07-26 11:45:57.591127359 +0100
+--- ioemu.orig/monitor.c 2006-07-28 09:56:49.472301255 +0100
++++ ioemu/monitor.c 2006-07-28 09:56:58.720255164 +0100
@@ -1142,6 +1142,10 @@
"", "show host USB devices", },
{ "profile", "", do_info_profile,
@@ -60,8 +60,8 @@ Index: ioemu/monitor.c
Index: ioemu/vl.c
===================================================================
---- ioemu.orig/vl.c 2006-07-26 11:45:57.579128617 +0100
-+++ ioemu/vl.c 2006-07-26 11:45:57.593127149 +0100
+--- ioemu.orig/vl.c 2006-07-28 09:56:49.475300916 +0100
++++ ioemu/vl.c 2006-07-28 09:56:58.917232883 +0100
@@ -87,7 +87,7 @@
#include "exec-all.h"
@@ -98,8 +98,8 @@ Index: ioemu/vl.c
{
Index: ioemu/vl.h
===================================================================
---- ioemu.orig/vl.h 2006-07-26 11:45:39.289045710 +0100
-+++ ioemu/vl.h 2006-07-26 11:45:57.594127044 +0100
+--- ioemu.orig/vl.h 2006-07-28 09:56:49.281322859 +0100
++++ ioemu/vl.h 2006-07-28 09:56:58.917232883 +0100
@@ -38,6 +38,8 @@
#include <fcntl.h>
#include <sys/stat.h>
@@ -132,7 +132,7 @@ Index: ioemu/target-i386-dm/cpu.h
Index: ioemu/target-i386-dm/cpu.h
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ ioemu/target-i386-dm/cpu.h 2006-07-26 11:45:57.594127044 +0100
++++ ioemu/target-i386-dm/cpu.h 2006-07-28 09:56:58.572271903 +0100
@@ -0,0 +1,86 @@
+/*
+ * i386 virtual CPU header
@@ -223,8 +223,8 @@ Index: ioemu/target-i386-dm/exec-dm.c
Index: ioemu/target-i386-dm/exec-dm.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ ioemu/target-i386-dm/exec-dm.c 2006-07-26 11:46:01.059763730 +0100
-@@ -0,0 +1,512 @@
++++ ioemu/target-i386-dm/exec-dm.c 2006-07-28 09:58:22.882736989 +0100
+@@ -0,0 +1,516 @@
+/*
+ * virtual page mapping and translated block handling
+ *
@@ -291,6 +291,7 @@ Index: ioemu/target-i386-dm/exec-dm.c
+#endif /* !CONFIG_DM */
+
+uint64_t phys_ram_size;
++extern uint64_t ram_size;
+int phys_ram_fd;
+uint8_t *phys_ram_base;
+uint8_t *phys_ram_dirty;
@@ -632,7 +633,7 @@ Index: ioemu/target-i386-dm/exec-dm.c
+ l = len;
+
+ pd = page;
-+ io_index = iomem_index(page);
++ io_index = iomem_index(addr);
+ if (is_write) {
+ if (io_index) {
+ if (l >= 4 && ((addr & 3) == 0)) {
@@ -677,11 +678,14 @@ Index: ioemu/target-i386-dm/exec-dm.c
+ stb_raw(buf, val);
+ l = 1;
+ }
-+ } else {
++ } else if (addr < ram_size) {
+ /* RAM case */
+ ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
+ (addr & ~TARGET_PAGE_MASK);
+ memcpy(buf, ptr, l);
++ } else {
++ /* unreported MMIO space */
++ memset(buf, 0xff, len);
+ }
+ }
+ len -= l;
@@ -740,7 +744,7 @@ Index: ioemu/target-i386-dm/helper2.c
Index: ioemu/target-i386-dm/helper2.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ ioemu/target-i386-dm/helper2.c 2006-07-26 11:45:57.596126835 +0100
++++ ioemu/target-i386-dm/helper2.c 2006-07-28 09:56:58.312301309 +0100
@@ -0,0 +1,464 @@
+/*
+ * i386 helpers (without register variable usage)
@@ -1209,7 +1213,7 @@ Index: ioemu/target-i386-dm/i8259-dm.c
Index: ioemu/target-i386-dm/i8259-dm.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ ioemu/target-i386-dm/i8259-dm.c 2006-07-26 11:45:57.596126835 +0100
++++ ioemu/target-i386-dm/i8259-dm.c 2006-07-28 09:56:49.492298993 +0100
@@ -0,0 +1,107 @@
+/* Xen 8259 stub for interrupt controller emulation
+ *
@@ -1321,7 +1325,7 @@ Index: ioemu/target-i386-dm/qemu-dm.debu
Index: ioemu/target-i386-dm/qemu-dm.debug
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ ioemu/target-i386-dm/qemu-dm.debug 2006-07-26 11:45:57.596126835 +0100
++++ ioemu/target-i386-dm/qemu-dm.debug 2006-07-28 09:56:49.493298880 +0100
@@ -0,0 +1,5 @@
+#!/bin/sh
+
@@ -1331,7 +1335,7 @@ Index: ioemu/target-i386-dm/qemu-ifup
Index: ioemu/target-i386-dm/qemu-ifup
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ ioemu/target-i386-dm/qemu-ifup 2006-07-26 11:45:57.597126730 +0100
++++ ioemu/target-i386-dm/qemu-ifup 2006-07-28 09:56:49.493298880 +0100
@@ -0,0 +1,10 @@
+#!/bin/sh
+
diff -r 5848356af8da -r f2eb2089c9eb tools/ioemu/target-i386-dm/exec-dm.c
--- a/tools/ioemu/target-i386-dm/exec-dm.c Thu Jul 27 14:06:15 2006 +0100
+++ b/tools/ioemu/target-i386-dm/exec-dm.c Fri Jul 28 10:12:23 2006 +0100
@@ -64,6 +64,7 @@ uint8_t *code_gen_ptr;
#endif /* !CONFIG_DM */
uint64_t phys_ram_size;
+extern uint64_t ram_size;
int phys_ram_fd;
uint8_t *phys_ram_base;
uint8_t *phys_ram_dirty;
@@ -422,7 +423,7 @@ void cpu_physical_memory_rw(target_phys_
l = len;
pd = page;
- io_index = iomem_index(page);
+ io_index = iomem_index(addr);
if (is_write) {
if (io_index) {
if (l >= 4 && ((addr & 3) == 0)) {
@@ -467,7 +468,7 @@ void cpu_physical_memory_rw(target_phys_
stb_raw(buf, val);
l = 1;
}
- } else {
+ } else if (addr < ram_size) {
/* RAM case */
ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
(addr & ~TARGET_PAGE_MASK);
@@ -475,6 +476,9 @@ void cpu_physical_memory_rw(target_phys_
#ifdef __ia64__
sync_icache((unsigned long)ptr, l);
#endif
+ } else {
+ /* unreported MMIO space */
+ memset(buf, 0xff, len);
}
}
len -= l;
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |