]>
Commit | Line | Data |
---|---|---|
e74c0f31 WB |
1 | From d587bf95f1099fd253e6a7b768bf73d4e25de07c Mon Sep 17 00:00:00 2001 |
2 | From: Prasad J Pandit <pjp@fedoraproject.org> | |
3 | Date: Wed, 12 Jul 2017 18:08:40 +0530 | |
4 | Subject: [PATCH 22/23] exec: use qemu_ram_ptr_length to access guest ram | |
5 | ||
6 | When accessing guest's ram block during DMA operation, use | |
7 | 'qemu_ram_ptr_length' to get ram block pointer. It ensures | |
8 | that DMA operation of given length is possible; And avoids | |
9 | any OOB memory access situations. | |
10 | ||
11 | Reported-by: Alex <broscutamaker@gmail.com> | |
12 | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | |
13 | Message-Id: <20170712123840.29328-1-ppandit@redhat.com> | |
14 | Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> | |
15 | --- | |
16 | exec.c | 4 ++-- | |
17 | 1 file changed, 2 insertions(+), 2 deletions(-) | |
18 | ||
19 | diff --git a/exec.c b/exec.c | |
20 | index c97ef4a8da..72d636a4fb 100644 | |
21 | --- a/exec.c | |
22 | +++ b/exec.c | |
23 | @@ -2765,7 +2765,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr, | |
24 | } | |
25 | } else { | |
26 | /* RAM case */ | |
27 | - ptr = qemu_map_ram_ptr(mr->ram_block, addr1); | |
28 | + ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l); | |
29 | memcpy(ptr, buf, l); | |
30 | invalidate_and_set_dirty(mr, addr1, l); | |
31 | } | |
32 | @@ -2856,7 +2856,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr, | |
33 | } | |
34 | } else { | |
35 | /* RAM case */ | |
36 | - ptr = qemu_map_ram_ptr(mr->ram_block, addr1); | |
37 | + ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l); | |
38 | memcpy(buf, ptr, l); | |
39 | } | |
40 | ||
41 | -- | |
42 | 2.11.0 | |
43 |