From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 7 May 2013 09:30:23 +0000 (+0200)
Subject: memory: assert that PhysPageEntry's ptr does not overflow
X-Git-Tag: v1.6.0-rc0~290^2~10
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=68f3f65b09a1ce8c82fac17911ffc3bb6031ebe4;p=qemu.git

memory: assert that PhysPageEntry's ptr does not overflow

While sized to 15 bits in PhysPageEntry, the ptr field is ORed into the
iotlb entries together with a page-aligned pointer.  The ptr field must
not overflow into this page-aligned value, assert that it is smaller than
the page size.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---

diff --git a/exec.c b/exec.c
index 135566196..8562fcac9 100644
--- a/exec.c
+++ b/exec.c
@@ -713,6 +713,12 @@ static void destroy_all_mappings(AddressSpaceDispatch *d)
 
 static uint16_t phys_section_add(MemoryRegionSection *section)
 {
+    /* The physical section number is ORed with a page-aligned
+     * pointer to produce the iotlb entries.  Thus it should
+     * never overflow into the page-aligned value.
+     */
+    assert(phys_sections_nb < TARGET_PAGE_SIZE);
+
     if (phys_sections_nb == phys_sections_nb_alloc) {
         phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
         phys_sections = g_renew(MemoryRegionSection, phys_sections,