diff options
| author | Richard Henderson <richard.henderson@linaro.org> | 2023-03-06 01:51:09 +0300 |
|---|---|---|
| committer | Richard Henderson <richard.henderson@linaro.org> | 2023-03-28 15:23:10 -0700 |
| commit | 49840a4a098149067789255bca6894645f411036 (patch) | |
| tree | 0b5cd9d9f8ef1770890352e9a58bc1e39aa89c6c /linux-user/mmap.c | |
| parent | 2f7828b5729337c61e6c58466d0d78af079db42d (diff) | |
| download | qemu-49840a4a098149067789255bca6894645f411036.zip qemu-49840a4a098149067789255bca6894645f411036.tar.gz qemu-49840a4a098149067789255bca6894645f411036.tar.bz2 | |
accel/tcg: Pass last not end to page_set_flags
Pass the address of the last byte to be changed, rather than
the first address past the last byte. This avoids overflow
when the last page of the address space is involved.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1528
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Diffstat (limited to 'linux-user/mmap.c')
| -rw-r--r-- | linux-user/mmap.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/linux-user/mmap.c b/linux-user/mmap.c index 28135c9..1d07ff5 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -181,7 +181,7 @@ int target_mprotect(abi_ulong start, abi_ulong len, int target_prot) } } - page_set_flags(start, start + len, page_flags); + page_set_flags(start, start + len - 1, page_flags); ret = 0; error: @@ -640,15 +640,15 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int target_prot, } page_flags |= PAGE_RESET; if (passthrough_start == passthrough_end) { - page_set_flags(start, start + len, page_flags); + page_set_flags(start, start + len - 1, page_flags); } else { if (start < passthrough_start) { - page_set_flags(start, passthrough_start, page_flags); + page_set_flags(start, passthrough_start - 1, page_flags); } - page_set_flags(passthrough_start, passthrough_end, + page_set_flags(passthrough_start, passthrough_end - 1, page_flags | PAGE_PASSTHROUGH); if (passthrough_end < start + len) { - page_set_flags(passthrough_end, start + len, page_flags); + page_set_flags(passthrough_end, start + len - 1, page_flags); } } the_end: @@ -763,7 +763,7 @@ int target_munmap(abi_ulong start, abi_ulong len) } if (ret == 0) { - page_set_flags(start, start + len, 0); + page_set_flags(start, start + len - 1, 0); } mmap_unlock(); return ret; @@ -849,8 +849,8 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size, } else { new_addr = h2g(host_addr); prot = page_get_flags(old_addr); - page_set_flags(old_addr, old_addr + old_size, 0); - page_set_flags(new_addr, new_addr + new_size, + page_set_flags(old_addr, old_addr + old_size - 1, 0); + page_set_flags(new_addr, new_addr + new_size - 1, prot | PAGE_VALID | PAGE_RESET); } mmap_unlock(); |