aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Hildenbrand <david@redhat.com>2019-08-26 09:51:07 +0200
committerRichard Henderson <richard.henderson@linaro.org>2019-09-03 08:34:18 -0700
commit46750128631eaace54b69ddd8b63683edd4606cc (patch)
tree30d2582988ba04806cb204c639a2a3d9809e400c
parent9e5bef4920b85f30e6f1588b742abb10bc840c93 (diff)
downloadqemu-46750128631eaace54b69ddd8b63683edd4606cc.zip
qemu-46750128631eaace54b69ddd8b63683edd4606cc.tar.gz
qemu-46750128631eaace54b69ddd8b63683edd4606cc.tar.bz2
s390x/tcg: Fix length calculation in probe_write_access()
Hm... how did that "-" slip in (-TAGRET_PAGE_SIZE would be correct). This currently makes us exceed one page in a single probe_write() call, essentially leaving some memory unchecked. Fixes: c5a7392cfb96 ("s390x/tcg: Provide probe_write_access helper") Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Message-Id: <20190826075112.25637-3-david@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-rw-r--r--target/s390x/mem_helper.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 7819aca..4b43440 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -2623,7 +2623,7 @@ void probe_write_access(CPUS390XState *env, uint64_t addr, uint64_t len,
#else
/* test the actual access, not just any access to the page due to LAP */
while (len) {
- const uint64_t pagelen = -(addr | -TARGET_PAGE_MASK);
+ const uint64_t pagelen = -(addr | TARGET_PAGE_MASK);
const uint64_t curlen = MIN(pagelen, len);
probe_write(env, addr, curlen, cpu_mmu_index(env, false), ra);