ia64/xen-unstable

changeset 10832:f2eb2089c9eb

[qemu] Fix reads on unreported memory addresses.
The function cpu_physical_memory_rw() thinks that if an address is
not mmio-related, it is assumed to be a RAM case. This is improper.
When making the assumption, we should make sure the address is less
than the guest physical memory size ram_size.

From: Cui, Dexuan <dexuan.cui@intel.com>
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
author chris@kneesaa.uk.xensource.com
date Fri Jul 28 10:12:23 2006 +0100 (2006-07-28)
parents 5848356af8da
children 158db2446071
files tools/ioemu/patches/ioemu-ia64 tools/ioemu/patches/qemu-target-i386-dm tools/ioemu/target-i386-dm/exec-dm.c
line diff
     1.1 --- a/tools/ioemu/patches/ioemu-ia64	Thu Jul 27 14:06:15 2006 +0100
     1.2 +++ b/tools/ioemu/patches/ioemu-ia64	Fri Jul 28 10:12:23 2006 +0100
     1.3 @@ -1,7 +1,7 @@
     1.4  Index: ioemu/hw/iommu.c
     1.5  ===================================================================
     1.6 ---- ioemu.orig/hw/iommu.c	2006-07-27 11:16:53.470941290 +0100
     1.7 -+++ ioemu/hw/iommu.c	2006-07-27 11:16:58.611372243 +0100
     1.8 +--- ioemu.orig/hw/iommu.c	2006-07-28 09:56:58.571272016 +0100
     1.9 ++++ ioemu/hw/iommu.c	2006-07-28 10:02:10.171049510 +0100
    1.10  @@ -82,7 +82,11 @@
    1.11   #define IOPTE_VALID         0x00000002 /* IOPTE is valid */
    1.12   #define IOPTE_WAZ           0x00000001 /* Write as zeros */
    1.13 @@ -16,8 +16,8 @@ Index: ioemu/hw/iommu.c
    1.14   
    1.15  Index: ioemu/cpu-all.h
    1.16  ===================================================================
    1.17 ---- ioemu.orig/cpu-all.h	2006-07-27 11:16:57.986441423 +0100
    1.18 -+++ ioemu/cpu-all.h	2006-07-27 11:16:58.617371579 +0100
    1.19 +--- ioemu.orig/cpu-all.h	2006-07-28 09:58:38.815935452 +0100
    1.20 ++++ ioemu/cpu-all.h	2006-07-28 10:02:10.171049510 +0100
    1.21  @@ -835,6 +835,31 @@
    1.22                   :"=m" (*(volatile long *)addr)
    1.23                   :"dIr" (nr));
    1.24 @@ -52,8 +52,8 @@ Index: ioemu/cpu-all.h
    1.25   /* memory API */
    1.26  Index: ioemu/vl.c
    1.27  ===================================================================
    1.28 ---- ioemu.orig/vl.c	2006-07-27 11:16:58.450390064 +0100
    1.29 -+++ ioemu/vl.c	2006-07-27 11:16:58.619371357 +0100
    1.30 +--- ioemu.orig/vl.c	2006-07-28 09:58:59.672577418 +0100
    1.31 ++++ ioemu/vl.c	2006-07-28 10:02:10.174049171 +0100
    1.32  @@ -5578,6 +5578,7 @@
    1.33           exit(-1);
    1.34       }
    1.35 @@ -99,9 +99,9 @@ Index: ioemu/vl.c
    1.36   #ifdef CONFIG_SOFTMMU
    1.37  Index: ioemu/target-i386-dm/exec-dm.c
    1.38  ===================================================================
    1.39 ---- ioemu.orig/target-i386-dm/exec-dm.c	2006-07-27 11:16:57.527492229 +0100
    1.40 -+++ ioemu/target-i386-dm/exec-dm.c	2006-07-27 11:16:58.620371247 +0100
    1.41 -@@ -340,6 +340,23 @@
    1.42 +--- ioemu.orig/target-i386-dm/exec-dm.c	2006-07-28 09:58:22.882736989 +0100
    1.43 ++++ ioemu/target-i386-dm/exec-dm.c	2006-07-28 10:03:19.972165675 +0100
    1.44 +@@ -341,6 +341,23 @@
    1.45       return io_mem_read[io_index >> IO_MEM_SHIFT];
    1.46   }
    1.47   
    1.48 @@ -125,20 +125,20 @@ Index: ioemu/target-i386-dm/exec-dm.c
    1.49   /* physical memory access (slow version, mainly for debug) */
    1.50   #if defined(CONFIG_USER_ONLY)
    1.51   void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf, 
    1.52 -@@ -455,6 +472,9 @@
    1.53 +@@ -456,6 +473,9 @@
    1.54                   ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) + 
    1.55                       (addr & ~TARGET_PAGE_MASK);
    1.56                   memcpy(buf, ptr, l);
    1.57  +#ifdef __ia64__
    1.58  +                sync_icache((unsigned long)ptr, l);
    1.59  +#endif 
    1.60 -             }
    1.61 -         }
    1.62 -         len -= l;
    1.63 +             } else {
    1.64 +                 /* unreported MMIO space */
    1.65 +                 memset(buf, 0xff, len);
    1.66  Index: ioemu/exec-all.h
    1.67  ===================================================================
    1.68 ---- ioemu.orig/exec-all.h	2006-07-27 11:16:57.446501195 +0100
    1.69 -+++ ioemu/exec-all.h	2006-07-27 11:16:58.621371136 +0100
    1.70 +--- ioemu.orig/exec-all.h	2006-07-28 09:56:58.572271903 +0100
    1.71 ++++ ioemu/exec-all.h	2006-07-28 10:02:10.175049059 +0100
    1.72  @@ -462,12 +462,13 @@
    1.73   }
    1.74   #endif
    1.75 @@ -158,8 +158,8 @@ Index: ioemu/exec-all.h
    1.76   
    1.77  Index: ioemu/target-i386-dm/cpu.h
    1.78  ===================================================================
    1.79 ---- ioemu.orig/target-i386-dm/cpu.h	2006-07-27 11:16:57.526492340 +0100
    1.80 -+++ ioemu/target-i386-dm/cpu.h	2006-07-27 11:16:58.621371136 +0100
    1.81 +--- ioemu.orig/target-i386-dm/cpu.h	2006-07-28 09:56:58.572271903 +0100
    1.82 ++++ ioemu/target-i386-dm/cpu.h	2006-07-28 10:02:10.175049059 +0100
    1.83  @@ -80,7 +80,11 @@
    1.84   /* helper2.c */
    1.85   int main_loop(void);
    1.86 @@ -175,7 +175,7 @@ Index: ioemu/target-i386-dm/cpu.h
    1.87  Index: ioemu/ia64_intrinsic.h
    1.88  ===================================================================
    1.89  --- /dev/null	1970-01-01 00:00:00.000000000 +0000
    1.90 -+++ ioemu/ia64_intrinsic.h	2006-07-27 11:16:58.621371136 +0100
    1.91 ++++ ioemu/ia64_intrinsic.h	2006-07-28 10:02:10.176048946 +0100
    1.92  @@ -0,0 +1,276 @@
    1.93  +#ifndef IA64_INTRINSIC_H
    1.94  +#define IA64_INTRINSIC_H
     2.1 --- a/tools/ioemu/patches/qemu-target-i386-dm	Thu Jul 27 14:06:15 2006 +0100
     2.2 +++ b/tools/ioemu/patches/qemu-target-i386-dm	Fri Jul 28 10:12:23 2006 +0100
     2.3 @@ -1,7 +1,7 @@
     2.4  Index: ioemu/Makefile.target
     2.5  ===================================================================
     2.6 ---- ioemu.orig/Makefile.target	2006-07-26 11:45:57.572129351 +0100
     2.7 -+++ ioemu/Makefile.target	2006-07-26 11:45:57.589127569 +0100
     2.8 +--- ioemu.orig/Makefile.target	2006-07-28 09:56:49.468301708 +0100
     2.9 ++++ ioemu/Makefile.target	2006-07-28 09:56:58.486281629 +0100
    2.10  @@ -57,6 +57,8 @@
    2.11   QEMU_SYSTEM=qemu-fast
    2.12   endif
    2.13 @@ -32,8 +32,8 @@ Index: ioemu/Makefile.target
    2.14   endif
    2.15  Index: ioemu/configure
    2.16  ===================================================================
    2.17 ---- ioemu.orig/configure	2006-07-26 11:45:57.573129246 +0100
    2.18 -+++ ioemu/configure	2006-07-26 11:45:57.590127464 +0100
    2.19 +--- ioemu.orig/configure	2006-07-28 09:56:49.469301595 +0100
    2.20 ++++ ioemu/configure	2006-07-28 09:56:49.486299672 +0100
    2.21  @@ -359,6 +359,8 @@
    2.22       if [ "$user" = "yes" ] ; then
    2.23           target_list="i386-user arm-user armeb-user sparc-user ppc-user mips-user mipsel-user $target_list"
    2.24 @@ -45,8 +45,8 @@ Index: ioemu/configure
    2.25   fi
    2.26  Index: ioemu/monitor.c
    2.27  ===================================================================
    2.28 ---- ioemu.orig/monitor.c	2006-07-26 11:45:57.576128931 +0100
    2.29 -+++ ioemu/monitor.c	2006-07-26 11:45:57.591127359 +0100
    2.30 +--- ioemu.orig/monitor.c	2006-07-28 09:56:49.472301255 +0100
    2.31 ++++ ioemu/monitor.c	2006-07-28 09:56:58.720255164 +0100
    2.32  @@ -1142,6 +1142,10 @@
    2.33         "", "show host USB devices", },
    2.34       { "profile", "", do_info_profile,
    2.35 @@ -60,8 +60,8 @@ Index: ioemu/monitor.c
    2.36   
    2.37  Index: ioemu/vl.c
    2.38  ===================================================================
    2.39 ---- ioemu.orig/vl.c	2006-07-26 11:45:57.579128617 +0100
    2.40 -+++ ioemu/vl.c	2006-07-26 11:45:57.593127149 +0100
    2.41 +--- ioemu.orig/vl.c	2006-07-28 09:56:49.475300916 +0100
    2.42 ++++ ioemu/vl.c	2006-07-28 09:56:58.917232883 +0100
    2.43  @@ -87,7 +87,7 @@
    2.44   
    2.45   #include "exec-all.h"
    2.46 @@ -98,8 +98,8 @@ Index: ioemu/vl.c
    2.47   {
    2.48  Index: ioemu/vl.h
    2.49  ===================================================================
    2.50 ---- ioemu.orig/vl.h	2006-07-26 11:45:39.289045710 +0100
    2.51 -+++ ioemu/vl.h	2006-07-26 11:45:57.594127044 +0100
    2.52 +--- ioemu.orig/vl.h	2006-07-28 09:56:49.281322859 +0100
    2.53 ++++ ioemu/vl.h	2006-07-28 09:56:58.917232883 +0100
    2.54  @@ -38,6 +38,8 @@
    2.55   #include <fcntl.h>
    2.56   #include <sys/stat.h>
    2.57 @@ -132,7 +132,7 @@ Index: ioemu/vl.h
    2.58  Index: ioemu/target-i386-dm/cpu.h
    2.59  ===================================================================
    2.60  --- /dev/null	1970-01-01 00:00:00.000000000 +0000
    2.61 -+++ ioemu/target-i386-dm/cpu.h	2006-07-26 11:45:57.594127044 +0100
    2.62 ++++ ioemu/target-i386-dm/cpu.h	2006-07-28 09:56:58.572271903 +0100
    2.63  @@ -0,0 +1,86 @@
    2.64  +/*
    2.65  + * i386 virtual CPU header
    2.66 @@ -223,8 +223,8 @@ Index: ioemu/target-i386-dm/cpu.h
    2.67  Index: ioemu/target-i386-dm/exec-dm.c
    2.68  ===================================================================
    2.69  --- /dev/null	1970-01-01 00:00:00.000000000 +0000
    2.70 -+++ ioemu/target-i386-dm/exec-dm.c	2006-07-26 11:46:01.059763730 +0100
    2.71 -@@ -0,0 +1,512 @@
    2.72 ++++ ioemu/target-i386-dm/exec-dm.c	2006-07-28 09:58:22.882736989 +0100
    2.73 +@@ -0,0 +1,516 @@
    2.74  +/*
    2.75  + *  virtual page mapping and translated block handling
    2.76  + * 
    2.77 @@ -291,6 +291,7 @@ Index: ioemu/target-i386-dm/exec-dm.c
    2.78  +#endif /* !CONFIG_DM */
    2.79  +
    2.80  +uint64_t phys_ram_size;
    2.81 ++extern uint64_t ram_size;
    2.82  +int phys_ram_fd;
    2.83  +uint8_t *phys_ram_base;
    2.84  +uint8_t *phys_ram_dirty;
    2.85 @@ -632,7 +633,7 @@ Index: ioemu/target-i386-dm/exec-dm.c
    2.86  +            l = len;
    2.87  +	
    2.88  +        pd = page;
    2.89 -+        io_index = iomem_index(page);
    2.90 ++        io_index = iomem_index(addr);
    2.91  +        if (is_write) {
    2.92  +            if (io_index) {
    2.93  +                if (l >= 4 && ((addr & 3) == 0)) {
    2.94 @@ -677,11 +678,14 @@ Index: ioemu/target-i386-dm/exec-dm.c
    2.95  +                    stb_raw(buf, val);
    2.96  +                    l = 1;
    2.97  +                }
    2.98 -+            } else {
    2.99 ++            } else if (addr < ram_size) {
   2.100  +                /* RAM case */
   2.101  +                ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) + 
   2.102  +                    (addr & ~TARGET_PAGE_MASK);
   2.103  +                memcpy(buf, ptr, l);
   2.104 ++            } else {
   2.105 ++                /* unreported MMIO space */
   2.106 ++                memset(buf, 0xff, len);
   2.107  +            }
   2.108  +        }
   2.109  +        len -= l;
   2.110 @@ -740,7 +744,7 @@ Index: ioemu/target-i386-dm/exec-dm.c
   2.111  Index: ioemu/target-i386-dm/helper2.c
   2.112  ===================================================================
   2.113  --- /dev/null	1970-01-01 00:00:00.000000000 +0000
   2.114 -+++ ioemu/target-i386-dm/helper2.c	2006-07-26 11:45:57.596126835 +0100
   2.115 ++++ ioemu/target-i386-dm/helper2.c	2006-07-28 09:56:58.312301309 +0100
   2.116  @@ -0,0 +1,464 @@
   2.117  +/*
   2.118  + *  i386 helpers (without register variable usage)
   2.119 @@ -1209,7 +1213,7 @@ Index: ioemu/target-i386-dm/helper2.c
   2.120  Index: ioemu/target-i386-dm/i8259-dm.c
   2.121  ===================================================================
   2.122  --- /dev/null	1970-01-01 00:00:00.000000000 +0000
   2.123 -+++ ioemu/target-i386-dm/i8259-dm.c	2006-07-26 11:45:57.596126835 +0100
   2.124 ++++ ioemu/target-i386-dm/i8259-dm.c	2006-07-28 09:56:49.492298993 +0100
   2.125  @@ -0,0 +1,107 @@
   2.126  +/* Xen 8259 stub for interrupt controller emulation
   2.127  + * 
   2.128 @@ -1321,7 +1325,7 @@ Index: ioemu/target-i386-dm/i8259-dm.c
   2.129  Index: ioemu/target-i386-dm/qemu-dm.debug
   2.130  ===================================================================
   2.131  --- /dev/null	1970-01-01 00:00:00.000000000 +0000
   2.132 -+++ ioemu/target-i386-dm/qemu-dm.debug	2006-07-26 11:45:57.596126835 +0100
   2.133 ++++ ioemu/target-i386-dm/qemu-dm.debug	2006-07-28 09:56:49.493298880 +0100
   2.134  @@ -0,0 +1,5 @@
   2.135  +#!/bin/sh
   2.136  +
   2.137 @@ -1331,7 +1335,7 @@ Index: ioemu/target-i386-dm/qemu-dm.debu
   2.138  Index: ioemu/target-i386-dm/qemu-ifup
   2.139  ===================================================================
   2.140  --- /dev/null	1970-01-01 00:00:00.000000000 +0000
   2.141 -+++ ioemu/target-i386-dm/qemu-ifup	2006-07-26 11:45:57.597126730 +0100
   2.142 ++++ ioemu/target-i386-dm/qemu-ifup	2006-07-28 09:56:49.493298880 +0100
   2.143  @@ -0,0 +1,10 @@
   2.144  +#!/bin/sh
   2.145  +
     3.1 --- a/tools/ioemu/target-i386-dm/exec-dm.c	Thu Jul 27 14:06:15 2006 +0100
     3.2 +++ b/tools/ioemu/target-i386-dm/exec-dm.c	Fri Jul 28 10:12:23 2006 +0100
     3.3 @@ -64,6 +64,7 @@ uint8_t *code_gen_ptr;
     3.4  #endif /* !CONFIG_DM */
     3.5  
     3.6  uint64_t phys_ram_size;
     3.7 +extern uint64_t ram_size;
     3.8  int phys_ram_fd;
     3.9  uint8_t *phys_ram_base;
    3.10  uint8_t *phys_ram_dirty;
    3.11 @@ -422,7 +423,7 @@ void cpu_physical_memory_rw(target_phys_
    3.12              l = len;
    3.13  	
    3.14          pd = page;
    3.15 -        io_index = iomem_index(page);
    3.16 +        io_index = iomem_index(addr);
    3.17          if (is_write) {
    3.18              if (io_index) {
    3.19                  if (l >= 4 && ((addr & 3) == 0)) {
    3.20 @@ -467,7 +468,7 @@ void cpu_physical_memory_rw(target_phys_
    3.21                      stb_raw(buf, val);
    3.22                      l = 1;
    3.23                  }
    3.24 -            } else {
    3.25 +            } else if (addr < ram_size) {
    3.26                  /* RAM case */
    3.27                  ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) + 
    3.28                      (addr & ~TARGET_PAGE_MASK);
    3.29 @@ -475,6 +476,9 @@ void cpu_physical_memory_rw(target_phys_
    3.30  #ifdef __ia64__
    3.31                  sync_icache((unsigned long)ptr, l);
    3.32  #endif 
    3.33 +            } else {
    3.34 +                /* unreported MMIO space */
    3.35 +                memset(buf, 0xff, len);
    3.36              }
    3.37          }
    3.38          len -= l;