mirror of https://github.com/xemu-project/xemu.git
exec: fix incorrect assumptions in memory_access_size
access_size_min can be 1 because erroneous accesses must not crash QEMU, they should trigger exceptions in the guest or just return garbage (depending on the CPU). I am not sure I understand the comment: placing a 4-byte field at the last byte of a region makes no sense (unless impl.unaligned is true), and that is why memory.c:access_with_adjusted_size does not bother with minimums larger than the remaining length. access_size_max can be mr->ops->valid.max_access_size because memory.c can and will still break accesses bigger than mr->ops->impl.max_access_size. Reported-by: Markus Armbruster <armbru@redhat.com> Tested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
parent
9b8c692435
commit
e1622f4b15
9
exec.c
9
exec.c
|
@ -1898,14 +1898,10 @@ static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
|
|||
|
||||
static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
|
||||
{
|
||||
unsigned access_size_min = mr->ops->impl.min_access_size;
|
||||
unsigned access_size_max = mr->ops->impl.max_access_size;
|
||||
unsigned access_size_max = mr->ops->valid.max_access_size;
|
||||
|
||||
/* Regions are assumed to support 1-4 byte accesses unless
|
||||
otherwise specified. */
|
||||
if (access_size_min == 0) {
|
||||
access_size_min = 1;
|
||||
}
|
||||
if (access_size_max == 0) {
|
||||
access_size_max = 4;
|
||||
}
|
||||
|
@ -1922,9 +1918,6 @@ static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
|
|||
if (l > access_size_max) {
|
||||
l = access_size_max;
|
||||
}
|
||||
/* ??? The users of this function are wrong, not supporting minimums larger
|
||||
than the remaining length. C.f. memory.c:access_with_adjusted_size. */
|
||||
assert(l >= access_size_min);
|
||||
|
||||
return l;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue