WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] [qemu] Fix reads on unreported memory add

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] [qemu] Fix reads on unreported memory addresses.
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 28 Jul 2006 10:20:15 +0000
Delivery-date: Fri, 28 Jul 2006 03:22:55 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User chris@xxxxxxxxxxxxxxxxxxxxxxxx
# Node ID f2eb2089c9eb8e18ccc2eaca9060a37d7f124cb0
# Parent  5848356af8da250becd856b244a33c9391b9ab1c
[qemu] Fix reads on unreported memory addresses.
The function cpu_physical_memory_rw() thinks that if an address is
not mmio-related, it is assumed to be a RAM case. This is improper.
When making the assumption, we should make sure the address is less
than the guest physical memory size ram_size.  

From: Cui, Dexuan <dexuan.cui@xxxxxxxxx>
Signed-off-by: Christian Limpach <Christian.Limpach@xxxxxxxxxxxxx>
---
 tools/ioemu/patches/ioemu-ia64          |   23 +++++++++++------------
 tools/ioemu/patches/qemu-target-i386-dm |   20 ++++++--------------
 tools/ioemu/target-i386-dm/exec-dm.c    |    8 ++++++--
 3 files changed, 23 insertions(+), 28 deletions(-)

diff -r 5848356af8da -r f2eb2089c9eb tools/ioemu/patches/ioemu-ia64
--- a/tools/ioemu/patches/ioemu-ia64    Thu Jul 27 14:06:15 2006 +0100
+++ b/tools/ioemu/patches/ioemu-ia64    Fri Jul 28 10:12:23 2006 +0100
@@ -1,7 +1,7 @@ Index: ioemu/hw/iommu.c
 Index: ioemu/hw/iommu.c
 ===================================================================
---- ioemu.orig/hw/iommu.c      2006-07-27 11:16:53.470941290 +0100
-+++ ioemu/hw/iommu.c   2006-07-27 11:16:58.611372243 +0100
+--- ioemu.orig/hw/iommu.c      2006-07-28 09:56:58.571272016 +0100
++++ ioemu/hw/iommu.c   2006-07-28 10:02:10.171049510 +0100
 @@ -82,7 +82,11 @@
  #define IOPTE_VALID         0x00000002 /* IOPTE is valid */
  #define IOPTE_WAZ           0x00000001 /* Write as zeros */
@@ -16,8 +16,8 @@ Index: ioemu/hw/iommu.c
  
 Index: ioemu/cpu-all.h
 ===================================================================
---- ioemu.orig/cpu-all.h       2006-07-27 11:16:57.986441423 +0100
-+++ ioemu/cpu-all.h    2006-07-27 11:16:58.617371579 +0100
+--- ioemu.orig/cpu-all.h       2006-07-28 09:58:38.815935452 +0100
++++ ioemu/cpu-all.h    2006-07-28 10:02:10.171049510 +0100
 @@ -835,6 +835,31 @@
                  :"=m" (*(volatile long *)addr)
                  :"dIr" (nr));
@@ -52,8 +52,8 @@ Index: ioemu/cpu-all.h
  /* memory API */
 Index: ioemu/vl.c
 ===================================================================
---- ioemu.orig/vl.c    2006-07-27 11:16:58.450390064 +0100
-+++ ioemu/vl.c 2006-07-27 11:16:58.619371357 +0100
+--- ioemu.orig/vl.c    2006-07-28 09:58:59.672577418 +0100
++++ ioemu/vl.c 2006-07-28 10:02:10.174049171 +0100
 @@ -5578,6 +5578,7 @@
          exit(-1);
      }
@@ -99,9 +99,9 @@ Index: ioemu/vl.c
  #ifdef CONFIG_SOFTMMU
 Index: ioemu/target-i386-dm/exec-dm.c
 ===================================================================
---- ioemu.orig/target-i386-dm/exec-dm.c        2006-07-27 11:16:57.527492229 
+0100
-+++ ioemu/target-i386-dm/exec-dm.c     2006-07-27 11:16:58.620371247 +0100
-@@ -340,6 +340,23 @@
+--- ioemu.orig/target-i386-dm/exec-dm.c        2006-07-28 09:58:22.882736989 
+0100
++++ ioemu/target-i386-dm/exec-dm.c     2006-07-28 10:03:19.972165675 +0100
+@@ -341,6 +341,23 @@
      return io_mem_read[io_index >> IO_MEM_SHIFT];
  }
  
@@ -125,20 +125,20 @@ Index: ioemu/target-i386-dm/exec-dm.c
  /* physical memory access (slow version, mainly for debug) */
  #if defined(CONFIG_USER_ONLY)
  void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf, 
-@@ -455,6 +472,9 @@
+@@ -456,6 +473,9 @@
                  ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) + 
                      (addr & ~TARGET_PAGE_MASK);
                  memcpy(buf, ptr, l);
 +#ifdef __ia64__
 +                sync_icache((unsigned long)ptr, l);
 +#endif 
-             }
-         }
-         len -= l;
+             } else {
+                 /* unreported MMIO space */
+                 memset(buf, 0xff, len);
 Index: ioemu/exec-all.h
 ===================================================================
---- ioemu.orig/exec-all.h      2006-07-27 11:16:57.446501195 +0100
-+++ ioemu/exec-all.h   2006-07-27 11:16:58.621371136 +0100
+--- ioemu.orig/exec-all.h      2006-07-28 09:56:58.572271903 +0100
++++ ioemu/exec-all.h   2006-07-28 10:02:10.175049059 +0100
 @@ -462,12 +462,13 @@
  }
  #endif
@@ -158,8 +158,8 @@ Index: ioemu/exec-all.h
  
 Index: ioemu/target-i386-dm/cpu.h
 ===================================================================
---- ioemu.orig/target-i386-dm/cpu.h    2006-07-27 11:16:57.526492340 +0100
-+++ ioemu/target-i386-dm/cpu.h 2006-07-27 11:16:58.621371136 +0100
+--- ioemu.orig/target-i386-dm/cpu.h    2006-07-28 09:56:58.572271903 +0100
++++ ioemu/target-i386-dm/cpu.h 2006-07-28 10:02:10.175049059 +0100
 @@ -80,7 +80,11 @@
  /* helper2.c */
  int main_loop(void);
@@ -175,7 +175,7 @@ Index: ioemu/ia64_intrinsic.h
 Index: ioemu/ia64_intrinsic.h
 ===================================================================
 --- /dev/null  1970-01-01 00:00:00.000000000 +0000
-+++ ioemu/ia64_intrinsic.h     2006-07-27 11:16:58.621371136 +0100
++++ ioemu/ia64_intrinsic.h     2006-07-28 10:02:10.176048946 +0100
 @@ -0,0 +1,276 @@
 +#ifndef IA64_INTRINSIC_H
 +#define IA64_INTRINSIC_H
diff -r 5848356af8da -r f2eb2089c9eb tools/ioemu/patches/qemu-target-i386-dm
--- a/tools/ioemu/patches/qemu-target-i386-dm   Thu Jul 27 14:06:15 2006 +0100
+++ b/tools/ioemu/patches/qemu-target-i386-dm   Fri Jul 28 10:12:23 2006 +0100
@@ -1,7 +1,7 @@ Index: ioemu/Makefile.target
 Index: ioemu/Makefile.target
 ===================================================================
---- ioemu.orig/Makefile.target 2006-07-26 11:45:57.572129351 +0100
-+++ ioemu/Makefile.target      2006-07-26 11:45:57.589127569 +0100
+--- ioemu.orig/Makefile.target 2006-07-28 09:56:49.468301708 +0100
++++ ioemu/Makefile.target      2006-07-28 09:56:58.486281629 +0100
 @@ -57,6 +57,8 @@
  QEMU_SYSTEM=qemu-fast
  endif
@@ -32,8 +32,8 @@ Index: ioemu/Makefile.target
  endif
 Index: ioemu/configure
 ===================================================================
---- ioemu.orig/configure       2006-07-26 11:45:57.573129246 +0100
-+++ ioemu/configure    2006-07-26 11:45:57.590127464 +0100
+--- ioemu.orig/configure       2006-07-28 09:56:49.469301595 +0100
++++ ioemu/configure    2006-07-28 09:56:49.486299672 +0100
 @@ -359,6 +359,8 @@
      if [ "$user" = "yes" ] ; then
          target_list="i386-user arm-user armeb-user sparc-user ppc-user 
mips-user mipsel-user $target_list"
@@ -45,8 +45,8 @@ Index: ioemu/configure
  fi
 Index: ioemu/monitor.c
 ===================================================================
---- ioemu.orig/monitor.c       2006-07-26 11:45:57.576128931 +0100
-+++ ioemu/monitor.c    2006-07-26 11:45:57.591127359 +0100
+--- ioemu.orig/monitor.c       2006-07-28 09:56:49.472301255 +0100
++++ ioemu/monitor.c    2006-07-28 09:56:58.720255164 +0100
 @@ -1142,6 +1142,10 @@
        "", "show host USB devices", },
      { "profile", "", do_info_profile,
@@ -60,8 +60,8 @@ Index: ioemu/monitor.c
  
 Index: ioemu/vl.c
 ===================================================================
---- ioemu.orig/vl.c    2006-07-26 11:45:57.579128617 +0100
-+++ ioemu/vl.c 2006-07-26 11:45:57.593127149 +0100
+--- ioemu.orig/vl.c    2006-07-28 09:56:49.475300916 +0100
++++ ioemu/vl.c 2006-07-28 09:56:58.917232883 +0100
 @@ -87,7 +87,7 @@
  
  #include "exec-all.h"
@@ -98,8 +98,8 @@ Index: ioemu/vl.c
  {
 Index: ioemu/vl.h
 ===================================================================
---- ioemu.orig/vl.h    2006-07-26 11:45:39.289045710 +0100
-+++ ioemu/vl.h 2006-07-26 11:45:57.594127044 +0100
+--- ioemu.orig/vl.h    2006-07-28 09:56:49.281322859 +0100
++++ ioemu/vl.h 2006-07-28 09:56:58.917232883 +0100
 @@ -38,6 +38,8 @@
  #include <fcntl.h>
  #include <sys/stat.h>
@@ -132,7 +132,7 @@ Index: ioemu/target-i386-dm/cpu.h
 Index: ioemu/target-i386-dm/cpu.h
 ===================================================================
 --- /dev/null  1970-01-01 00:00:00.000000000 +0000
-+++ ioemu/target-i386-dm/cpu.h 2006-07-26 11:45:57.594127044 +0100
++++ ioemu/target-i386-dm/cpu.h 2006-07-28 09:56:58.572271903 +0100
 @@ -0,0 +1,86 @@
 +/*
 + * i386 virtual CPU header
@@ -223,8 +223,8 @@ Index: ioemu/target-i386-dm/exec-dm.c
 Index: ioemu/target-i386-dm/exec-dm.c
 ===================================================================
 --- /dev/null  1970-01-01 00:00:00.000000000 +0000
-+++ ioemu/target-i386-dm/exec-dm.c     2006-07-26 11:46:01.059763730 +0100
-@@ -0,0 +1,512 @@
++++ ioemu/target-i386-dm/exec-dm.c     2006-07-28 09:58:22.882736989 +0100
+@@ -0,0 +1,516 @@
 +/*
 + *  virtual page mapping and translated block handling
 + * 
@@ -291,6 +291,7 @@ Index: ioemu/target-i386-dm/exec-dm.c
 +#endif /* !CONFIG_DM */
 +
 +uint64_t phys_ram_size;
++extern uint64_t ram_size;
 +int phys_ram_fd;
 +uint8_t *phys_ram_base;
 +uint8_t *phys_ram_dirty;
@@ -632,7 +633,7 @@ Index: ioemu/target-i386-dm/exec-dm.c
 +            l = len;
 +      
 +        pd = page;
-+        io_index = iomem_index(page);
++        io_index = iomem_index(addr);
 +        if (is_write) {
 +            if (io_index) {
 +                if (l >= 4 && ((addr & 3) == 0)) {
@@ -677,11 +678,14 @@ Index: ioemu/target-i386-dm/exec-dm.c
 +                    stb_raw(buf, val);
 +                    l = 1;
 +                }
-+            } else {
++            } else if (addr < ram_size) {
 +                /* RAM case */
 +                ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) + 
 +                    (addr & ~TARGET_PAGE_MASK);
 +                memcpy(buf, ptr, l);
++            } else {
++                /* unreported MMIO space */
++                memset(buf, 0xff, len);
 +            }
 +        }
 +        len -= l;
@@ -740,7 +744,7 @@ Index: ioemu/target-i386-dm/helper2.c
 Index: ioemu/target-i386-dm/helper2.c
 ===================================================================
 --- /dev/null  1970-01-01 00:00:00.000000000 +0000
-+++ ioemu/target-i386-dm/helper2.c     2006-07-26 11:45:57.596126835 +0100
++++ ioemu/target-i386-dm/helper2.c     2006-07-28 09:56:58.312301309 +0100
 @@ -0,0 +1,464 @@
 +/*
 + *  i386 helpers (without register variable usage)
@@ -1209,7 +1213,7 @@ Index: ioemu/target-i386-dm/i8259-dm.c
 Index: ioemu/target-i386-dm/i8259-dm.c
 ===================================================================
 --- /dev/null  1970-01-01 00:00:00.000000000 +0000
-+++ ioemu/target-i386-dm/i8259-dm.c    2006-07-26 11:45:57.596126835 +0100
++++ ioemu/target-i386-dm/i8259-dm.c    2006-07-28 09:56:49.492298993 +0100
 @@ -0,0 +1,107 @@
 +/* Xen 8259 stub for interrupt controller emulation
 + * 
@@ -1321,7 +1325,7 @@ Index: ioemu/target-i386-dm/qemu-dm.debu
 Index: ioemu/target-i386-dm/qemu-dm.debug
 ===================================================================
 --- /dev/null  1970-01-01 00:00:00.000000000 +0000
-+++ ioemu/target-i386-dm/qemu-dm.debug 2006-07-26 11:45:57.596126835 +0100
++++ ioemu/target-i386-dm/qemu-dm.debug 2006-07-28 09:56:49.493298880 +0100
 @@ -0,0 +1,5 @@
 +#!/bin/sh
 +
@@ -1331,7 +1335,7 @@ Index: ioemu/target-i386-dm/qemu-ifup
 Index: ioemu/target-i386-dm/qemu-ifup
 ===================================================================
 --- /dev/null  1970-01-01 00:00:00.000000000 +0000
-+++ ioemu/target-i386-dm/qemu-ifup     2006-07-26 11:45:57.597126730 +0100
++++ ioemu/target-i386-dm/qemu-ifup     2006-07-28 09:56:49.493298880 +0100
 @@ -0,0 +1,10 @@
 +#!/bin/sh
 +
diff -r 5848356af8da -r f2eb2089c9eb tools/ioemu/target-i386-dm/exec-dm.c
--- a/tools/ioemu/target-i386-dm/exec-dm.c      Thu Jul 27 14:06:15 2006 +0100
+++ b/tools/ioemu/target-i386-dm/exec-dm.c      Fri Jul 28 10:12:23 2006 +0100
@@ -64,6 +64,7 @@ uint8_t *code_gen_ptr;
 #endif /* !CONFIG_DM */
 
 uint64_t phys_ram_size;
+extern uint64_t ram_size;
 int phys_ram_fd;
 uint8_t *phys_ram_base;
 uint8_t *phys_ram_dirty;
@@ -422,7 +423,7 @@ void cpu_physical_memory_rw(target_phys_
             l = len;
        
         pd = page;
-        io_index = iomem_index(page);
+        io_index = iomem_index(addr);
         if (is_write) {
             if (io_index) {
                 if (l >= 4 && ((addr & 3) == 0)) {
@@ -467,7 +468,7 @@ void cpu_physical_memory_rw(target_phys_
                     stb_raw(buf, val);
                     l = 1;
                 }
-            } else {
+            } else if (addr < ram_size) {
                 /* RAM case */
                 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) + 
                     (addr & ~TARGET_PAGE_MASK);
@@ -475,6 +476,9 @@ void cpu_physical_memory_rw(target_phys_
 #ifdef __ia64__
                 sync_icache((unsigned long)ptr, l);
 #endif 
+            } else {
+                /* unreported MMIO space */
+                memset(buf, 0xff, len);
             }
         }
         len -= l;

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] [qemu] Fix reads on unreported memory addresses., Xen patchbot-unstable <=