From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46108)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <marcel.a@redhat.com>) id 1VeN4Y-0001i0-R5
	for qemu-devel@nongnu.org; Thu, 07 Nov 2013 05:44:28 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <marcel.a@redhat.com>) id 1VeN4R-0007uL-Jj
	for qemu-devel@nongnu.org; Thu, 07 Nov 2013 05:44:22 -0500
Received: from mx1.redhat.com ([209.132.183.28]:44559)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <marcel.a@redhat.com>) id 1VeN4R-0007u3-Ac
	for qemu-devel@nongnu.org; Thu, 07 Nov 2013 05:44:15 -0500
From: Marcel Apfelbaum <marcel.a@redhat.com>
Date: Thu,  7 Nov 2013 12:41:16 +0200
Message-Id: <1383820884-29596-1-git-send-email-marcel.a@redhat.com>
Subject: [Qemu-devel]  [PATCH for-1.7 v2 0/8] fix address space size issue
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: peter.maydell@linaro.org, ehabkost@redhat.com, mst@redhat.com, jan.kiszka@siemens.com, agraf@suse.de, lcapitulino@redhat.com, aliguori@amazon.com, pbonzini@redhat.com, afaerber@suse.de

A bug reported by Luiz Capitulino let us to find
several bugs in memory address space setup.

One issue is that gdb stub can give us arbitrary addresses
and we'll try to access them.
Since our lookup ignored high bits in the address,
we hit a wrong section and got a crash.
In fact, PCI devices can access arbitrary addresses too,
so we should just make lookup robust against this case.

Another issue has to do with size of regions.
memory API uses UINT64_MAX so say "all 64 bit" but
some devices mistakenly used INT64_MAX.

It should not affect most systems in practice as
everything should be limited by address space size,
but it's an API misuse that we should not keep around,
and it will become a problem if a system with 64 bit
target address hits this path.

Patch 1 introduces TARGET_PHYS_ADDR_SPACE_MAX that is
        the max size for memory regions rendered by exec. 
Patches 2-3 limits the size of memory regions used by exec.c.
Patch 4 fixes an actual bug.
The rest of patches make code cleaner and more robust.


Marcel Apfelbaum (3):
  exec: declare TARGET_PHYS_ADDR_SPACE_MAX to limit memory regions
    rendered by exec
  hw/alpha: limit iommu-typhoon memory size
  hw/ppc: limit iommu-spapr memory size

Michael S. Tsirkin (4):
  exec: don't ignore high address bits on lookup
  pci: fix address space size for bridge
  exec: don't ignore high address bits on set
  spapr_pci: s/INT64_MAX/UINT64_MAX/

Paolo Bonzini (1):
  pc: s/INT64_MAX/UINT64_MAX/

 exec.c                        | 18 ++++++++++++++++++
 hw/alpha/typhoon.c            |  2 +-
 hw/i386/pc_piix.c             |  2 +-
 hw/i386/pc_q35.c              |  2 +-
 hw/pci/pci_bridge.c           |  2 +-
 hw/ppc/spapr_iommu.c          |  2 +-
 hw/ppc/spapr_pci.c            |  2 +-
 include/exec/address-spaces.h |  4 ++++
 8 files changed, 28 insertions(+), 6 deletions(-)

-- 
1.8.3.1