aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaolo Bonzini <pbonzini@redhat.com>2015-06-17 10:36:54 +0200
committerPaolo Bonzini <pbonzini@redhat.com>2015-06-19 12:27:14 +0200
commite4a511f8cc6f4a46d409fb5c9f72c38ba45f8d83 (patch)
tree0d3a18cf62f3079370d7c412b378aef00fdece8c
parent965eb2fcdfe919ecced6c34803535ad32dc1249c (diff)
downloadqemu-e4a511f8cc6f4a46d409fb5c9f72c38ba45f8d83.zip
qemu-e4a511f8cc6f4a46d409fb5c9f72c38ba45f8d83.tar.gz
qemu-e4a511f8cc6f4a46d409fb5c9f72c38ba45f8d83.tar.bz2
exec: clamp accesses against the MemoryRegionSection
Because the clamping was done against the MemoryRegion, address_space_rw was effectively broken if a write spanned multiple sections that are not linear in underlying memory (with the memory not being under an IOMMU). This is visible with the MIPS rc4030 IOMMU, which is implemented as a series of alias memory regions that point to the actual RAM. Tested-by: Hervé Poussineau <hpoussin@reactos.org> Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-rw-r--r--exec.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/exec.c b/exec.c
index d00e017..f7883d2 100644
--- a/exec.c
+++ b/exec.c
@@ -353,7 +353,7 @@ address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *x
mr = section->mr;
if (memory_region_is_ram(mr)) {
- diff = int128_sub(mr->size, int128_make64(addr));
+ diff = int128_sub(section->size, int128_make64(addr));
*plen = int128_get64(int128_min(diff, int128_make64(*plen)));
}
return section;