diff options
author | Paolo Bonzini <pbonzini@redhat.com> | 2013-05-07 11:30:23 +0200 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2013-05-24 18:42:30 +0200 |
commit | 68f3f65b09a1ce8c82fac17911ffc3bb6031ebe4 (patch) | |
tree | 7aaf7de701db3a27c7439a0d4939fc7bdeece687 /exec.c | |
parent | 8b0d6711a276bdb9edcd9299b194c7c0d6b56a88 (diff) | |
download | qemu-68f3f65b09a1ce8c82fac17911ffc3bb6031ebe4.zip qemu-68f3f65b09a1ce8c82fac17911ffc3bb6031ebe4.tar.gz qemu-68f3f65b09a1ce8c82fac17911ffc3bb6031ebe4.tar.bz2 |
memory: assert that PhysPageEntry's ptr does not overflow
While sized to 15 bits in PhysPageEntry, the ptr field is ORed into the
iotlb entries together with a page-aligned pointer. The ptr field must
not overflow into this page-aligned value, assert that it is smaller than
the page size.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'exec.c')
-rw-r--r-- | exec.c | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -713,6 +713,12 @@ static void destroy_all_mappings(AddressSpaceDispatch *d) static uint16_t phys_section_add(MemoryRegionSection *section) { + /* The physical section number is ORed with a page-aligned + * pointer to produce the iotlb entries. Thus it should + * never overflow into the page-aligned value. + */ + assert(phys_sections_nb < TARGET_PAGE_SIZE); + if (phys_sections_nb == phys_sections_nb_alloc) { phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16); phys_sections = g_renew(MemoryRegionSection, phys_sections, |