From 1240be24357ee292f8d05aa2abfdba75dd0ca25d Mon Sep 17 00:00:00 2001
From: "Michael S. Tsirkin" <mst@redhat.com>
Date: Wed, 12 Nov 2014 11:44:41 +0200
Subject: exec: add wrapper for host pointer access

host pointer accesses force pointer math, let's
add a wrapper to make them safer.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
---
 include/exec/cpu-all.h | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'include')

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index c085804..9d8d408 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -313,6 +313,11 @@ typedef struct RAMBlock {
     int fd;
 } RAMBlock;
 
+static inline void *ramblock_ptr(RAMBlock *block, ram_addr_t offset)
+{
+    return (char *)block->host + offset;
+}
+
 typedef struct RAMList {
     QemuMutex mutex;
     /* Protected by the iothread lock.  */
-- 
cgit v1.1


From fd5f3b636788f79843d42188ed843c0416643326 Mon Sep 17 00:00:00 2001
From: "Michael S. Tsirkin" <mst@redhat.com>
Date: Wed, 12 Nov 2014 11:44:44 +0200
Subject: cpu: assert host pointer offset within block

Make accesses safer in case we missed some
check somewhere.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
---
 include/exec/cpu-all.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'include')

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 9d8d408..7c3a5e7 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -315,6 +315,7 @@ typedef struct RAMBlock {
 
 static inline void *ramblock_ptr(RAMBlock *block, ram_addr_t offset)
 {
+    assert(offset < block->length);
     return (char *)block->host + offset;
 }
 
-- 
cgit v1.1


From b78accf6147a87a3d9c1cd4287d7a1ff805f358e Mon Sep 17 00:00:00 2001
From: "Michael S. Tsirkin" <mst@redhat.com>
Date: Wed, 12 Nov 2014 11:44:47 +0200
Subject: cpu: verify that block->host is set

If it isn't, access at an offset will cause memory corruption.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Amos Kong <akong@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
---
 include/exec/cpu-all.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'include')

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 7c3a5e7..62f5581 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -316,6 +316,7 @@ typedef struct RAMBlock {
 static inline void *ramblock_ptr(RAMBlock *block, ram_addr_t offset)
 {
     assert(offset < block->length);
+    assert(block->host);
     return (char *)block->host + offset;
 }
 
-- 
cgit v1.1