Re: [PATCH] edu: fix DMA range upper bound check

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] edu: fix DMA range upper bound check

From:	Michael Tokarev
Subject:	Re: [PATCH] edu: fix DMA range upper bound check
Date:	Wed, 3 Jan 2024 14:51:04 +0300
User-agent:	Mozilla Thunderbird

26.12.2023 02:44, Max Erenberg:

The edu_check_range function checks that start <= end1 < end2, where
end1 is the upper bound (exclusive) of the guest-supplied DMA range and
end2 is the upper bound (exclusive) of the device's allowed DMA range.
When the guest tries to transfer exactly DMA_SIZE (4096) bytes, end1
will be equal to end2, so the check fails and QEMU aborts with this
puzzling error message (newlines added for formatting):

   qemu: hardware error: EDU: DMA range
     0x0000000000040000-0x0000000000040fff out of bounds
    (0x0000000000040000-0x0000000000040fff)!

By checking end1 <= end2 instead, guests will be allowed to transfer
exactly 4096 bytes. It is not necessary to explicitly check for
start <= end1 because the previous two checks (within(addr, start, end2)
and end1 > addr) imply start < end1.


Fixes: b30934cb52a7 ("hw: misc, add educational driver", 2015-01-21)

Applied to trivial-patches tree, and queued for -stable.

Thanks,

/mjt

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH] edu: fix DMA range upper bound check, Michael Tokarev <=

Prev by Date: Re: [PATCH for 8.2.1] hw/net: cadence_gem: Fix MDIO_OP_xxx values
Next by Date: Re: chacha20-s390 broken in 8.2.0 in TCG on s390x
Previous by thread: [PATCH trivial] chardev/char.c: fix "abstract device type" error message
Next by thread: Re: [PATCH v3 1/2] ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs.
Index(es):
- Date
- Thread