summaryrefslogtreecommitdiff
path: root/exec.c
diff options
context:
space:
mode:
authorPaolo Bonzini <pbonzini@redhat.com>2013-07-17 13:17:41 +0200
committerPaolo Bonzini <pbonzini@redhat.com>2013-07-18 06:03:25 +0200
commite1622f4b15391bd44eb0f99a244fdf19a20fd981 (patch)
treeaffc7b9370b3743cd856510520818f495782e58c /exec.c
parent9b8c69243585a32d14b9bb9fcd52c37b0b5a1b71 (diff)
downloadqemu-e1622f4b15391bd44eb0f99a244fdf19a20fd981.tar.gz
qemu-e1622f4b15391bd44eb0f99a244fdf19a20fd981.tar.bz2
qemu-e1622f4b15391bd44eb0f99a244fdf19a20fd981.zip
exec: fix incorrect assumptions in memory_access_size
access_size_min can be 1 because erroneous accesses must not crash QEMU, they should trigger exceptions in the guest or just return garbage (depending on the CPU). I am not sure I understand the comment: placing a 4-byte field at the last byte of a region makes no sense (unless impl.unaligned is true), and that is why memory.c:access_with_adjusted_size does not bother with minimums larger than the remaining length. access_size_max can be mr->ops->valid.max_access_size because memory.c can and will still break accesses bigger than mr->ops->impl.max_access_size. Reported-by: Markus Armbruster <armbru@redhat.com> Tested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'exec.c')
-rw-r--r--exec.c9
1 files changed, 1 insertions, 8 deletions
diff --git a/exec.c b/exec.c
index d312bb4f3f..c8658c6f9d 100644
--- a/exec.c
+++ b/exec.c
@@ -1898,14 +1898,10 @@ static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
{
- unsigned access_size_min = mr->ops->impl.min_access_size;
- unsigned access_size_max = mr->ops->impl.max_access_size;
+ unsigned access_size_max = mr->ops->valid.max_access_size;
/* Regions are assumed to support 1-4 byte accesses unless
otherwise specified. */
- if (access_size_min == 0) {
- access_size_min = 1;
- }
if (access_size_max == 0) {
access_size_max = 4;
}
@@ -1922,9 +1918,6 @@ static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
if (l > access_size_max) {
l = access_size_max;
}
- /* ??? The users of this function are wrong, not supporting minimums larger
- than the remaining length. C.f. memory.c:access_with_adjusted_size. */
- assert(l >= access_size_min);
return l;
}