tcg: Enforce single page access in probe_write()

author David Hildenbrand <david@redhat.com>

Mon, 26 Aug 2019 07:51:09 +0000 (09:51 +0200)

committer Richard Henderson <richard.henderson@linaro.org>

Tue, 3 Sep 2019 15:34:18 +0000 (08:34 -0700)
author David Hildenbrand <david@redhat.com>
Mon, 26 Aug 2019 07:51:09 +0000 (09:51 +0200)
committer Richard Henderson <richard.henderson@linaro.org>
Tue, 3 Sep 2019 15:34:18 +0000 (08:34 -0700)
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c

index 010c4c6e3c6b91eb7a29d58a12f3ca805b14f3a9..707adf763151cc09f101b09b5dc01f2b7cbfce0a 100644 (file)
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1088,6 +1088,8 @@ void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx,
      CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
      target_ulong tlb_addr = tlb_addr_write(entry);
  
+    g_assert(-(addr | TARGET_PAGE_MASK) >= size);
+
      if (unlikely(!tlb_hit(tlb_addr, addr))) {
          if (!VICTIM_TLB_HIT(addr_write, addr)) {
              tlb_fill(env_cpu(env), addr, size, MMU_DATA_STORE,
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c

index 86e68272011b97d8a57077665929c692204a810f..625c33f893e8f1cf891de2f90c8128347c596daa 100644 (file)
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -191,6 +191,8 @@ static inline int handle_cpu_signal(uintptr_t pc, siginfo_t *info,
  void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx,
                   uintptr_t retaddr)
  {
+    g_assert(-(addr | TARGET_PAGE_MASK) >= size);
+
      if (!guest_addr_valid(addr) ||
          page_check_range(addr, size, PAGE_WRITE) < 0) {
          CPUState *cpu = env_cpu(env);
author	David Hildenbrand <david@redhat.com>
	Mon, 26 Aug 2019 07:51:09 +0000 (09:51 +0200)
committer	Richard Henderson <richard.henderson@linaro.org>
	Tue, 3 Sep 2019 15:34:18 +0000 (08:34 -0700)
accel/tcg/cputlb.c		patch \| blob \| blame \| history
accel/tcg/user-exec.c		patch \| blob \| blame \| history