diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2020-12-11 12:16:33 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2020-12-11 12:16:33 +0000 |
| commit | 33744604d768e4281d425baa3ce7128b91319503 (patch) | |
| tree | 5e5a4aa377ac64d3701e9764db78d8c0b5057ed4 /monitor | |
| parent | 2ecfc0657afa5d29a373271b342f704a1a3c6737 (diff) | |
| parent | d1615ea575b08fc96aeeb2630c40c5e51364b95c (diff) | |
| download | qemu-33744604d768e4281d425baa3ce7128b91319503.zip qemu-33744604d768e4281d425baa3ce7128b91319503.tar.gz qemu-33744604d768e4281d425baa3ce7128b91319503.tar.bz2 | |
Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging
Machine queue, 2020-12-10
Some patches that were queued after 5.2 soft freeze.
# gpg: Signature made Thu 10 Dec 2020 22:41:29 GMT
# gpg: using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6
# gpg: issuer "ehabkost@redhat.com"
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/machine-next-pull-request:
i386/cpu: Make the Intel PT LIP feature configurable
sev: add sev-inject-launch-secret
qom: code hardening - have bound checking while looping with integer value
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'monitor')
| -rw-r--r-- | monitor/misc.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/monitor/misc.c b/monitor/misc.c index 7ffe6f7..fde6e36 100644 --- a/monitor/misc.c +++ b/monitor/misc.c @@ -667,10 +667,11 @@ static void hmp_physical_memory_dump(Monitor *mon, const QDict *qdict) memory_dump(mon, count, format, size, addr, 1); } -static void *gpa2hva(MemoryRegion **p_mr, hwaddr addr, Error **errp) +void *gpa2hva(MemoryRegion **p_mr, hwaddr addr, uint64_t size, Error **errp) { + Int128 gpa_region_size; MemoryRegionSection mrs = memory_region_find(get_system_memory(), - addr, 1); + addr, size); if (!mrs.mr) { error_setg(errp, "No memory is mapped at address 0x%" HWADDR_PRIx, addr); @@ -683,6 +684,14 @@ static void *gpa2hva(MemoryRegion **p_mr, hwaddr addr, Error **errp) return NULL; } + gpa_region_size = int128_make64(size); + if (int128_lt(mrs.size, gpa_region_size)) { + error_setg(errp, "Size of memory region at 0x%" HWADDR_PRIx + " exceeded.", addr); + memory_region_unref(mrs.mr); + return NULL; + } + *p_mr = mrs.mr; return qemu_map_ram_ptr(mrs.mr->ram_block, mrs.offset_within_region); } @@ -694,7 +703,7 @@ static void hmp_gpa2hva(Monitor *mon, const QDict *qdict) MemoryRegion *mr = NULL; void *ptr; - ptr = gpa2hva(&mr, addr, &local_err); + ptr = gpa2hva(&mr, addr, 1, &local_err); if (local_err) { error_report_err(local_err); return; @@ -770,7 +779,7 @@ static void hmp_gpa2hpa(Monitor *mon, const QDict *qdict) void *ptr; uint64_t physaddr; - ptr = gpa2hva(&mr, addr, &local_err); + ptr = gpa2hva(&mr, addr, 1, &local_err); if (local_err) { error_report_err(local_err); return; |