[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 04/15] accel/tcg: Pass last not end to page_set_flags
From: |
Richard Henderson |
Subject: |
[PULL 04/15] accel/tcg: Pass last not end to page_set_flags |
Date: |
Tue, 28 Mar 2023 15:57:55 -0700 |
Pass the address of the last byte to be changed, rather than
the first address past the last byte. This avoids overflow
when the last page of the address space is involved.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1528
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
include/exec/cpu-all.h | 2 +-
accel/tcg/user-exec.c | 16 +++++++---------
bsd-user/mmap.c | 6 +++---
linux-user/elfload.c | 11 ++++++-----
linux-user/mmap.c | 16 ++++++++--------
linux-user/syscall.c | 4 ++--
6 files changed, 27 insertions(+), 28 deletions(-)
diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 548be9c8ea..a2662b1e83 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -276,7 +276,7 @@ typedef int (*walk_memory_regions_fn)(void *, target_ulong,
int walk_memory_regions(void *, walk_memory_regions_fn);
int page_get_flags(target_ulong address);
-void page_set_flags(target_ulong start, target_ulong end, int flags);
+void page_set_flags(target_ulong start, target_ulong last, int flags);
void page_reset_target_data(target_ulong start, target_ulong end);
int page_check_range(target_ulong start, target_ulong len, int flags);
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index 7b37fd229e..035f8096b2 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -480,24 +480,22 @@ static bool pageflags_set_clear(target_ulong start,
target_ulong last,
* The flag PAGE_WRITE_ORG is positioned automatically depending
* on PAGE_WRITE. The mmap_lock should already be held.
*/
-void page_set_flags(target_ulong start, target_ulong end, int flags)
+void page_set_flags(target_ulong start, target_ulong last, int flags)
{
- target_ulong last;
bool reset = false;
bool inval_tb = false;
/* This function should never be called with addresses outside the
guest address space. If this assert fires, it probably indicates
a missing call to h2g_valid. */
- assert(start < end);
- assert(end - 1 <= GUEST_ADDR_MAX);
+ assert(start <= last);
+ assert(last <= GUEST_ADDR_MAX);
/* Only set PAGE_ANON with new mappings. */
assert(!(flags & PAGE_ANON) || (flags & PAGE_RESET));
assert_memory_lock();
- start = start & TARGET_PAGE_MASK;
- end = TARGET_PAGE_ALIGN(end);
- last = end - 1;
+ start &= TARGET_PAGE_MASK;
+ last |= ~TARGET_PAGE_MASK;
if (!(flags & PAGE_VALID)) {
flags = 0;
@@ -510,7 +508,7 @@ void page_set_flags(target_ulong start, target_ulong end,
int flags)
}
if (!flags || reset) {
- page_reset_target_data(start, end);
+ page_reset_target_data(start, last + 1);
inval_tb |= pageflags_unset(start, last);
}
if (flags) {
@@ -518,7 +516,7 @@ void page_set_flags(target_ulong start, target_ulong end,
int flags)
~(reset ? 0 : PAGE_STICKY));
}
if (inval_tb) {
- tb_invalidate_phys_range(start, end);
+ tb_invalidate_phys_range(start, last + 1);
}
}
diff --git a/bsd-user/mmap.c b/bsd-user/mmap.c
index d6c5a344c9..696057551a 100644
--- a/bsd-user/mmap.c
+++ b/bsd-user/mmap.c
@@ -118,7 +118,7 @@ int target_mprotect(abi_ulong start, abi_ulong len, int
prot)
if (ret != 0)
goto error;
}
- page_set_flags(start, start + len, prot | PAGE_VALID);
+ page_set_flags(start, start + len - 1, prot | PAGE_VALID);
mmap_unlock();
return 0;
error:
@@ -656,7 +656,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int
prot,
}
}
the_end1:
- page_set_flags(start, start + len, prot | PAGE_VALID);
+ page_set_flags(start, start + len - 1, prot | PAGE_VALID);
the_end:
#ifdef DEBUG_MMAP
printf("ret=0x" TARGET_ABI_FMT_lx "\n", start);
@@ -767,7 +767,7 @@ int target_munmap(abi_ulong start, abi_ulong len)
}
if (ret == 0) {
- page_set_flags(start, start + len, 0);
+ page_set_flags(start, start + len - 1, 0);
}
mmap_unlock();
return ret;
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 1dbc1f0f9b..fa4cc41567 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -213,7 +213,7 @@ static bool init_guest_commpage(void)
exit(EXIT_FAILURE);
}
page_set_flags(TARGET_VSYSCALL_PAGE,
- TARGET_VSYSCALL_PAGE + TARGET_PAGE_SIZE,
+ TARGET_VSYSCALL_PAGE | ~TARGET_PAGE_MASK,
PAGE_EXEC | PAGE_VALID);
return true;
}
@@ -444,7 +444,7 @@ static bool init_guest_commpage(void)
exit(EXIT_FAILURE);
}
- page_set_flags(commpage, commpage + qemu_host_page_size,
+ page_set_flags(commpage, commpage | ~qemu_host_page_mask,
PAGE_READ | PAGE_EXEC | PAGE_VALID);
return true;
}
@@ -1316,7 +1316,7 @@ static bool init_guest_commpage(void)
exit(EXIT_FAILURE);
}
- page_set_flags(LO_COMMPAGE, LO_COMMPAGE + TARGET_PAGE_SIZE,
+ page_set_flags(LO_COMMPAGE, LO_COMMPAGE | ~TARGET_PAGE_MASK,
PAGE_READ | PAGE_EXEC | PAGE_VALID);
return true;
}
@@ -1728,7 +1728,7 @@ static bool init_guest_commpage(void)
* and implement syscalls. Here, simply mark the page executable.
* Special case the entry points during translation (see do_page_zero).
*/
- page_set_flags(LO_COMMPAGE, LO_COMMPAGE + TARGET_PAGE_SIZE,
+ page_set_flags(LO_COMMPAGE, LO_COMMPAGE | ~TARGET_PAGE_MASK,
PAGE_EXEC | PAGE_VALID);
return true;
}
@@ -2209,7 +2209,8 @@ static void zero_bss(abi_ulong elf_bss, abi_ulong
last_bss, int prot)
/* Ensure that the bss page(s) are valid */
if ((page_get_flags(last_bss-1) & prot) != prot) {
- page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss, prot |
PAGE_VALID);
+ page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss - 1,
+ prot | PAGE_VALID);
}
if (host_start < host_map_start) {
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 28135c9e6a..1d07ff5d2c 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -181,7 +181,7 @@ int target_mprotect(abi_ulong start, abi_ulong len, int
target_prot)
}
}
- page_set_flags(start, start + len, page_flags);
+ page_set_flags(start, start + len - 1, page_flags);
ret = 0;
error:
@@ -640,15 +640,15 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int
target_prot,
}
page_flags |= PAGE_RESET;
if (passthrough_start == passthrough_end) {
- page_set_flags(start, start + len, page_flags);
+ page_set_flags(start, start + len - 1, page_flags);
} else {
if (start < passthrough_start) {
- page_set_flags(start, passthrough_start, page_flags);
+ page_set_flags(start, passthrough_start - 1, page_flags);
}
- page_set_flags(passthrough_start, passthrough_end,
+ page_set_flags(passthrough_start, passthrough_end - 1,
page_flags | PAGE_PASSTHROUGH);
if (passthrough_end < start + len) {
- page_set_flags(passthrough_end, start + len, page_flags);
+ page_set_flags(passthrough_end, start + len - 1, page_flags);
}
}
the_end:
@@ -763,7 +763,7 @@ int target_munmap(abi_ulong start, abi_ulong len)
}
if (ret == 0) {
- page_set_flags(start, start + len, 0);
+ page_set_flags(start, start + len - 1, 0);
}
mmap_unlock();
return ret;
@@ -849,8 +849,8 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong
old_size,
} else {
new_addr = h2g(host_addr);
prot = page_get_flags(old_addr);
- page_set_flags(old_addr, old_addr + old_size, 0);
- page_set_flags(new_addr, new_addr + new_size,
+ page_set_flags(old_addr, old_addr + old_size - 1, 0);
+ page_set_flags(new_addr, new_addr + new_size - 1,
prot | PAGE_VALID | PAGE_RESET);
}
mmap_unlock();
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 27871641f4..69f740ff98 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4595,7 +4595,7 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env,
}
raddr=h2g((unsigned long)host_raddr);
- page_set_flags(raddr, raddr + shm_info.shm_segsz,
+ page_set_flags(raddr, raddr + shm_info.shm_segsz - 1,
PAGE_VALID | PAGE_RESET | PAGE_READ |
(shmflg & SHM_RDONLY ? 0 : PAGE_WRITE));
@@ -4625,7 +4625,7 @@ static inline abi_long do_shmdt(abi_ulong shmaddr)
for (i = 0; i < N_SHM_REGIONS; ++i) {
if (shm_regions[i].in_use && shm_regions[i].start == shmaddr) {
shm_regions[i].in_use = false;
- page_set_flags(shmaddr, shmaddr + shm_regions[i].size, 0);
+ page_set_flags(shmaddr, shmaddr + shm_regions[i].size - 1, 0);
break;
}
}
--
2.34.1
- [PULL 00/15] tcg patch queue, Richard Henderson, 2023/03/28
- [PULL 02/15] tcg: use QTree instead of GTree, Richard Henderson, 2023/03/28
- [PULL 03/15] linux-user: Diagnose misaligned -R size, Richard Henderson, 2023/03/28
- [PULL 06/15] accel/tcg: Pass last not end to PAGE_FOR_EACH_TB, Richard Henderson, 2023/03/28
- [PULL 01/15] util: import GTree as QTree, Richard Henderson, 2023/03/28
- [PULL 04/15] accel/tcg: Pass last not end to page_set_flags,
Richard Henderson <=
- [PULL 05/15] accel/tcg: Pass last not end to page_reset_target_data, Richard Henderson, 2023/03/28
- [PULL 07/15] accel/tcg: Pass last not end to page_collection_lock, Richard Henderson, 2023/03/28
- [PULL 08/15] accel/tcg: Pass last not end to tb_invalidate_phys_page_range__locked, Richard Henderson, 2023/03/28
- [PULL 10/15] linux-user: Pass last not end to probe_guest_base, Richard Henderson, 2023/03/28
- [PULL 09/15] accel/tcg: Pass last not end to tb_invalidate_phys_range, Richard Henderson, 2023/03/28
- [PULL 11/15] include/exec: Change reserved_va semantics to last byte, Richard Henderson, 2023/03/28
- [PULL 13/15] softmmu: Restrict cpu_check_watchpoint / address_matches to TCG accel, Richard Henderson, 2023/03/28
- [PULL 15/15] softmmu: Restore use of CPU watchpoint for all accelerators, Richard Henderson, 2023/03/28
- [PULL 12/15] linux-user/arm: Take more care allocating commpage, Richard Henderson, 2023/03/28
- [PULL 14/15] softmmu/watchpoint: Add missing 'qemu/error-report.h' include, Richard Henderson, 2023/03/28