[v3,10/21] linux-user: Fix guest_addr_valid vs reserved_va

Message ID	20210115224645.1196742-11-richard.henderson@linaro.org
State	Superseded
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; From: Richard Henderson <richard.henderson@linaro.org> To: qemu-devel@nongnu.org Subject: [PATCH v3 10/21] linux-user: Fix guest_addr_valid vs reserved_va Date: Fri, 15 Jan 2021 12:46:34 -1000 Message-Id: <20210115224645.1196742-11-richard.henderson@linaro.org> In-Reply-To: <20210115224645.1196742-1-richard.henderson@linaro.org> References: <20210115224645.1196742-1-richard.henderson@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:f8b0:4864:20::52b; envelope-from=richard.henderson@linaro.org; helo=mail-pg1-x52b.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action Precedence: list Cc: peter.maydell@linaro.org, qemu-arm@nongnu.org Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Series	target-arm: Implement ARMv8.5-MemTag, user mode \| expand [v3,00/21] target-arm: Implement ARMv8.5-MemTag, user mode [v3,01/21] tcg: Introduce target-specific page data for user-only [v3,02/21] linux-user: Introduce PAGE_ANON [v3,03/21] exec: Use uintptr_t for guest_base [v3,04/21] exec: Use uintptr_t in cpu_ldst.h [v3,05/21] exec: Improve types for guest_addr_valid [v3,06/21] linux-user: Check for overflow in access_ok [v3,07/21] linux-user: Tidy VERIFY_READ/VERIFY_WRITE [v3,08/21] bsd-user: Tidy VERIFY_READ/VERIFY_WRITE [v3,09/21] linux-user: Do not use guest_addr_valid for h2g_valid [v3,10/21] linux-user: Fix guest_addr_valid vs reserved_va [v3,11/21] exec: Add support for TARGET_TAGGED_ADDRESSES [v3,12/21] linux-user/aarch64: Implement PR_TAGGED_ADDR_ENABLE [v3,13/21] linux-user/aarch64: Implement PR_MTE_TCF and PR_MTE_TAG [v3,14/21] linux-user/aarch64: Implement PROT_MTE [v3,15/21] target/arm: Split out syndrome.h from internals.h [v3,16/21] linux-user/aarch64: Pass syndrome to EXC_*_ABORT [v3,17/21] linux-user/aarch64: Signal SEGV_MTESERR for sync tag check fault [v3,18/21] linux-user/aarch64: Signal SEGV_MTEAERR for async tag check error [v3,19/21] target/arm: Add allocation tag storage for user mode [v3,20/21] target/arm: Enable MTE for user-only [v3,21/21] tests/tcg/aarch64: Add mte smoke tests

Message ID

20210115224645.1196742-11-richard.henderson@linaro.org

State

Superseded

Headers

Received-SPF: pass (google.com: domain of
	qemu-devel-bounces+patch=linaro.org@nongnu.org designates
	209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PATCH v3 10/21] linux-user: Fix guest_addr_valid vs reserved_va
Date: Fri, 15 Jan 2021 12:46:34 -1000
Message-Id: <20210115224645.1196742-11-richard.henderson@linaro.org>
In-Reply-To: <20210115224645.1196742-1-richard.henderson@linaro.org>
References: <20210115224645.1196742-1-richard.henderson@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2607:f8b0:4864:20::52b;
	envelope-from=richard.henderson@linaro.org;
	helo=mail-pg1-x52b.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
	DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
	RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
	SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: peter.maydell@linaro.org, qemu-arm@nongnu.org
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

Series

target-arm: Implement ARMv8.5-MemTag, user mode | expand

Commit Message

Richard Henderson Jan. 15, 2021, 10:46 p.m. UTC

We must always use GUEST_ADDR_MAX, because even 32-bit hosts can
use -R <reserved_va> to restrict the memory address of the guest.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

---
 include/exec/cpu_ldst.h | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

-- 
2.25.1

Comments

Peter Maydell Jan. 19, 2021, 5:03 p.m. UTC | #1

On Fri, 15 Jan 2021 at 22:47, Richard Henderson
<richard.henderson@linaro.org> wrote:
>

> We must always use GUEST_ADDR_MAX, because even 32-bit hosts can

> use -R <reserved_va> to restrict the memory address of the guest.

>

> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

> ---

>  include/exec/cpu_ldst.h | 9 ++++-----

>  1 file changed, 4 insertions(+), 5 deletions(-)

>

> diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h

> index 4e6ef3d542..e62f4fba00 100644

> --- a/include/exec/cpu_ldst.h

> +++ b/include/exec/cpu_ldst.h

> @@ -72,11 +72,10 @@ typedef uint64_t abi_ptr;

>  /* All direct uses of g2h and h2g need to go away for usermode softmmu.  */

>  #define g2h(x) ((void *)((uintptr_t)(abi_ptr)(x) + guest_base))

>

> -#if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS

> -#define guest_addr_valid(x) (1)

> -#else

> -#define guest_addr_valid(x) ((x) <= GUEST_ADDR_MAX)

> -#endif

> +static inline bool guest_addr_valid(abi_ulong x)

> +{

> +    return x <= GUEST_ADDR_MAX;

> +}


Reviewed-by: Peter Maydell <peter.maydell@linaro.org>


Looking back at patch 9 -- if we always check against
GUEST_ADDR_MAX here, should we also do that for h2g_valid(),
or are the two uses different ?
(The v2->v3 changes list for patch 9 suggests we may have
had this discussion previously, but I forget the details...)

thanks
-- PMM

Richard Henderson Jan. 19, 2021, 5:41 p.m. UTC | #2

On 1/19/21 7:03 AM, Peter Maydell wrote:
> On Fri, 15 Jan 2021 at 22:47, Richard Henderson

> <richard.henderson@linaro.org> wrote:

>>

>> We must always use GUEST_ADDR_MAX, because even 32-bit hosts can

>> use -R <reserved_va> to restrict the memory address of the guest.

>>

>> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

>> ---

>>  include/exec/cpu_ldst.h | 9 ++++-----

>>  1 file changed, 4 insertions(+), 5 deletions(-)

>>

>> diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h

>> index 4e6ef3d542..e62f4fba00 100644

>> --- a/include/exec/cpu_ldst.h

>> +++ b/include/exec/cpu_ldst.h

>> @@ -72,11 +72,10 @@ typedef uint64_t abi_ptr;

>>  /* All direct uses of g2h and h2g need to go away for usermode softmmu.  */

>>  #define g2h(x) ((void *)((uintptr_t)(abi_ptr)(x) + guest_base))

>>

>> -#if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS

>> -#define guest_addr_valid(x) (1)

>> -#else

>> -#define guest_addr_valid(x) ((x) <= GUEST_ADDR_MAX)

>> -#endif

>> +static inline bool guest_addr_valid(abi_ulong x)

>> +{

>> +    return x <= GUEST_ADDR_MAX;

>> +}

> 

> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

> 

> Looking back at patch 9 -- if we always check against

> GUEST_ADDR_MAX here, should we also do that for h2g_valid(),

> or are the two uses different ?

> (The v2->v3 changes list for patch 9 suggests we may have

> had this discussion previously, but I forget the details...)


I had thought we should always check GUEST_ADDR_MAX.

If something is outside G_A_M, then it doesn't fit
into the reserved_va that either (1) the user requested
via the command-line or (2) for which the guest has
constraints (e.g. TARGET_VIRT_ADDR_SPACE_BITS for sh4
or mips, requiring 31-bit addresses).


r~

diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index 4e6ef3d542..e62f4fba00 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -72,11 +72,10 @@  typedef uint64_t abi_ptr;
 /* All direct uses of g2h and h2g need to go away for usermode softmmu.  */
 #define g2h(x) ((void *)((uintptr_t)(abi_ptr)(x) + guest_base))
 
-#if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS
-#define guest_addr_valid(x) (1)
-#else
-#define guest_addr_valid(x) ((x) <= GUEST_ADDR_MAX)
-#endif
+static inline bool guest_addr_valid(abi_ulong x)
+{
+    return x <= GUEST_ADDR_MAX;
+}
 
 static inline bool guest_range_valid(abi_ulong start, abi_ulong len)
 {

[v3,10/21] linux-user: Fix guest_addr_valid vs reserved_va

Commit Message

Comments

Patch