Commit 46750128 authored Aug 26, 2019 by David Hildenbrand Committed by Richard Henderson Sep 03, 2019

s390x/tcg: Fix length calculation in probe_write_access()



Hm... how did that "-" slip in (-TAGRET_PAGE_SIZE would be correct). This
currently makes us exceed one page in a single probe_write() call,
essentially leaving some memory unchecked.

Fixes: c5a7392c ("s390x/tcg: Provide probe_write_access helper")
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20190826075112.25637-3-david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

parent 9e5bef49

target/s390x/mem_helper.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -2623,7 +2623,7 @@ void probe_write_access(CPUS390XState *env, uint64_t addr, uint64_t len,
		#else
		/* test the actual access, not just any access to the page due to LAP */
		while (len) {
		const uint64_t pagelen = -(addr \| -TARGET_PAGE_MASK);
		const uint64_t pagelen = -(addr \| TARGET_PAGE_MASK);
		const uint64_t curlen = MIN(pagelen, len);

		probe_write(env, addr, curlen, cpu_mmu_index(env, false), ra);