[pve-qemu.git] / debian / patches / extra / 0022-exec-use-qemu_ram_ptr_length-to-access-guest-ram.patch

From d587bf95f1099fd253e6a7b768bf73d4e25de07c Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Wed, 12 Jul 2017 18:08:40 +0530
Subject: [PATCH 22/23] exec: use qemu_ram_ptr_length to access guest ram

When accessing guest's ram block during DMA operation, use
'qemu_ram_ptr_length' to get ram block pointer. It ensures
that DMA operation of given length is possible; And avoids
any OOB memory access situations.

Reported-by: Alex <broscutamaker@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20170712123840.29328-1-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 exec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/exec.c b/exec.c
index c97ef4a8da..72d636a4fb 100644
--- a/exec.c
+++ b/exec.c
@@ -2765,7 +2765,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
             }
         } else {
             /* RAM case */
-            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
+            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
             memcpy(ptr, buf, l);
             invalidate_and_set_dirty(mr, addr1, l);
         }
@@ -2856,7 +2856,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
             }
         } else {
             /* RAM case */
-            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
+            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
             memcpy(buf, ptr, l);
         }
 
-- 
2.11.0
Commit	Line	Data
e74c0f31 WB	1	From d587bf95f1099fd253e6a7b768bf73d4e25de07c Mon Sep 17 00:00:00 2001
	2	From: Prasad J Pandit <pjp@fedoraproject.org>
	3	Date: Wed, 12 Jul 2017 18:08:40 +0530
	4	Subject: [PATCH 22/23] exec: use qemu_ram_ptr_length to access guest ram
	5
	6	When accessing guest's ram block during DMA operation, use
	7	'qemu_ram_ptr_length' to get ram block pointer. It ensures
	8	that DMA operation of given length is possible; And avoids
	9	any OOB memory access situations.
	10
	11	Reported-by: Alex <broscutamaker@gmail.com>
	12	Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
	13	Message-Id: <20170712123840.29328-1-ppandit@redhat.com>
	14	Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
	15	---
	16	exec.c \| 4 ++--
	17	1 file changed, 2 insertions(+), 2 deletions(-)
	18
	19	diff --git a/exec.c b/exec.c
	20	index c97ef4a8da..72d636a4fb 100644
	21	--- a/exec.c
	22	+++ b/exec.c
	23	@@ -2765,7 +2765,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
	24	}
	25	} else {
	26	/* RAM case */
	27	- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
	28	+ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
	29	memcpy(ptr, buf, l);
	30	invalidate_and_set_dirty(mr, addr1, l);
	31	}
	32	@@ -2856,7 +2856,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
	33	}
	34	} else {
	35	/* RAM case */
	36	- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
	37	+ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
	38	memcpy(buf, ptr, l);
	39	}
	40
	41	--
	42	2.11.0
	43