summaryrefslogtreecommitdiff
path: root/accel/tcg
diff options
context:
space:
mode:
authorDavid Hildenbrand <david@redhat.com>2019-08-26 09:51:09 +0200
committerRichard Henderson <richard.henderson@linaro.org>2019-09-03 08:34:18 -0700
commitca86cf328ce216bb304bbf09a43614613f945d86 (patch)
tree31f4bc4fb7bcedc2d382148aaf9dde61073fd05a /accel/tcg
parent59e96ac6cb13951dd09afc70622858089abf3384 (diff)
downloadqemu-ca86cf328ce216bb304bbf09a43614613f945d86.zip
tcg: Enforce single page access in probe_write()
Let's enforce the interface restriction. Signed-off-by: David Hildenbrand <david@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20190826075112.25637-5-david@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Diffstat (limited to 'accel/tcg')
-rw-r--r--accel/tcg/cputlb.c2
-rw-r--r--accel/tcg/user-exec.c2
2 files changed, 4 insertions, 0 deletions
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index 010c4c6e3c..707adf7631 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1088,6 +1088,8 @@ void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx,
CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
target_ulong tlb_addr = tlb_addr_write(entry);
+ g_assert(-(addr | TARGET_PAGE_MASK) >= size);
+
if (unlikely(!tlb_hit(tlb_addr, addr))) {
if (!VICTIM_TLB_HIT(addr_write, addr)) {
tlb_fill(env_cpu(env), addr, size, MMU_DATA_STORE,
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index 86e6827201..625c33f893 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -191,6 +191,8 @@ static inline int handle_cpu_signal(uintptr_t pc, siginfo_t *info,
void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx,
uintptr_t retaddr)
{
+ g_assert(-(addr | TARGET_PAGE_MASK) >= size);
+
if (!guest_addr_valid(addr) ||
page_check_range(addr, size, PAGE_WRITE) < 0) {
CPUState *cpu = env_cpu(env);