From ca86cf328ce216bb304bbf09a43614613f945d86 Mon Sep 17 00:00:00 2001 From: David Hildenbrand Date: Mon, 26 Aug 2019 09:51:09 +0200 Subject: tcg: Enforce single page access in probe_write() Let's enforce the interface restriction. Signed-off-by: David Hildenbrand Reviewed-by: Richard Henderson Message-Id: <20190826075112.25637-5-david@redhat.com> Signed-off-by: Richard Henderson --- accel/tcg/cputlb.c | 2 ++ accel/tcg/user-exec.c | 2 ++ 2 files changed, 4 insertions(+) (limited to 'accel/tcg') diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c index 010c4c6e3c..707adf7631 100644 --- a/accel/tcg/cputlb.c +++ b/accel/tcg/cputlb.c @@ -1088,6 +1088,8 @@ void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx, CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr); target_ulong tlb_addr = tlb_addr_write(entry); + g_assert(-(addr | TARGET_PAGE_MASK) >= size); + if (unlikely(!tlb_hit(tlb_addr, addr))) { if (!VICTIM_TLB_HIT(addr_write, addr)) { tlb_fill(env_cpu(env), addr, size, MMU_DATA_STORE, diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c index 86e6827201..625c33f893 100644 --- a/accel/tcg/user-exec.c +++ b/accel/tcg/user-exec.c @@ -191,6 +191,8 @@ static inline int handle_cpu_signal(uintptr_t pc, siginfo_t *info, void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx, uintptr_t retaddr) { + g_assert(-(addr | TARGET_PAGE_MASK) >= size); + if (!guest_addr_valid(addr) || page_check_range(addr, size, PAGE_WRITE) < 0) { CPUState *cpu = env_cpu(env); -- cgit v1.2.3