From nobody Tue May 7 18:11:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1489496264191698.0521865756041; Tue, 14 Mar 2017 05:57:44 -0700 (PDT) Received: from localhost ([::1]:58626 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cnm1F-0002Gp-Gw for importer@patchew.org; Tue, 14 Mar 2017 08:57:41 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49794) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cnm0M-0001fL-9n for qemu-devel@nongnu.org; Tue, 14 Mar 2017 08:56:47 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cnm0I-0006I8-1k for qemu-devel@nongnu.org; Tue, 14 Mar 2017 08:56:46 -0400 Received: from mx1.redhat.com ([209.132.183.28]:34524) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cnm0H-0006HJ-RO for qemu-devel@nongnu.org; Tue, 14 Mar 2017 08:56:41 -0400 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AD1AE81226; Tue, 14 Mar 2017 12:56:41 +0000 (UTC) Received: from pxdev.xzpeter.org.com (ovpn-8-39.pek2.redhat.com [10.72.8.39]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v2ECuajH008341; Tue, 14 Mar 2017 08:56:37 -0400 From: Peter Xu To: qemu-devel@nongnu.org Date: Tue, 14 Mar 2017 20:56:27 +0800 Message-Id: <1489496187-624-1-git-send-email-peterx@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 14 Mar 2017 12:56:41 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH] memory: info mtree check mr range overflow X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Paolo Bonzini , mark.cave-ayland@ilande.co.uk, peterx@redhat.com, "\\ Michael S . Tsirkin \\ " Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The address of memory regions might overflow when something wrong happened, like reported in: https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg02043.html For easier debugging, let's try to detect it. Reported-by: Mark Cave-Ayland Signed-off-by: Peter Xu --- memory.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/memory.c b/memory.c index 284894b..64b0a60 100644 --- a/memory.c +++ b/memory.c @@ -2494,6 +2494,7 @@ static void mtree_print_mr(fprintf_function mon_print= f, void *f, MemoryRegionListHead submr_print_queue; const MemoryRegion *submr; unsigned int i; + hwaddr cur_start, cur_end; =20 if (!mr) { return; @@ -2503,6 +2504,18 @@ static void mtree_print_mr(fprintf_function mon_prin= tf, void *f, mon_printf(f, MTREE_INDENT); } =20 + cur_start =3D base + mr->addr; + cur_end =3D cur_start + MR_SIZE(mr->size); + + /* + * Try to detect overflow of memory region. This should never + * happen normally. When it happens, we dump something to warn the + * user who is observing this. + */ + if (cur_start < base || cur_end < cur_start) { + mon_printf(f, "[DETECTED OVERFLOW!] "); + } + if (mr->alias) { MemoryRegionList *ml; bool found =3D false; @@ -2522,8 +2535,7 @@ static void mtree_print_mr(fprintf_function mon_print= f, void *f, mon_printf(f, TARGET_FMT_plx "-" TARGET_FMT_plx " (prio %d, %s): alias %s @%s " TARGET_FMT_plx "-" TARGET_FMT_plx "%s\n", - base + mr->addr, - base + mr->addr + MR_SIZE(mr->size), + cur_start, cur_end, mr->priority, memory_region_type((MemoryRegion *)mr), memory_region_name(mr), @@ -2534,8 +2546,7 @@ static void mtree_print_mr(fprintf_function mon_print= f, void *f, } else { mon_printf(f, TARGET_FMT_plx "-" TARGET_FMT_plx " (prio %d, %s): %s%s= \n", - base + mr->addr, - base + mr->addr + MR_SIZE(mr->size), + cur_start, cur_end, mr->priority, memory_region_type((MemoryRegion *)mr), memory_region_name(mr), @@ -2562,7 +2573,7 @@ static void mtree_print_mr(fprintf_function mon_print= f, void *f, } =20 QTAILQ_FOREACH(ml, &submr_print_queue, queue) { - mtree_print_mr(mon_printf, f, ml->mr, level + 1, base + mr->addr, + mtree_print_mr(mon_printf, f, ml->mr, level + 1, cur_start, alias_print_queue); } =20 --=20 2.7.4