From: Paolo Bonzini <pbonzini@redhat.com>
Date: Wed, 17 Jun 2015 08:36:54 +0000 (+0200)
Subject: exec: clamp accesses against the MemoryRegionSection
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=e4a511f8cc6f4a46d409fb5c9f72c38ba45f8d83;p=qemu.git

exec: clamp accesses against the MemoryRegionSection

Because the clamping was done against the MemoryRegion,
address_space_rw was effectively broken if a write spanned
multiple sections that are not linear in underlying memory
(with the memory not being under an IOMMU).

This is visible with the MIPS rc4030 IOMMU, which is implemented
as a series of alias memory regions that point to the actual RAM.

Tested-by: Hervé Poussineau <hpoussin@reactos.org>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---

diff --git a/exec.c b/exec.c
index d00e017e19..f7883d2246 100644
--- a/exec.c
+++ b/exec.c
@@ -353,7 +353,7 @@ address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *x
 
     mr = section->mr;
     if (memory_region_is_ram(mr)) {
-        diff = int128_sub(mr->size, int128_make64(addr));
+        diff = int128_sub(section->size, int128_make64(addr));
         *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
     }
     return section;