david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

memory: info mtree check mr range overflow

Browse Source 
The address of memory regions might overflow when something wrong
happened, like reported in:

https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg02043.html

For easier debugging, let's try to detect it.

Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1489496187-624-1-git-send-email-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Peter Xu 2017-03-14 20:56:27 +08:00 committed by Paolo Bonzini
parent 6b8f0187a4
commit b31f841262
1 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
memory.c
View File

@ -2494,6 +2494,7 @@ static void mtree_print_mr(fprintf_function mon_printf, void *f,
MemoryRegionListHead submr_print_queue; MemoryRegionListHead submr_print_queue;
const MemoryRegion *submr; const MemoryRegion *submr;
unsigned int i; unsigned int i;
hwaddr cur_start, cur_end;
if (!mr) { if (!mr) {
return; return;
@ -2503,6 +2504,18 @@ static void mtree_print_mr(fprintf_function mon_printf, void *f,
mon_printf(f, MTREE_INDENT); mon_printf(f, MTREE_INDENT);
} }
cur_start = base + mr->addr;
cur_end = cur_start + MR_SIZE(mr->size);
/*
* Try to detect overflow of memory region. This should never
* happen normally. When it happens, we dump something to warn the
* user who is observing this.
*/
if (cur_start < base || cur_end < cur_start) {
mon_printf(f, "[DETECTED OVERFLOW!] ");
}
if (mr->alias) { if (mr->alias) {
MemoryRegionList *ml; MemoryRegionList *ml;
bool found = false; bool found = false;
@ -2522,8 +2535,7 @@ static void mtree_print_mr(fprintf_function mon_printf, void *f,
mon_printf(f, TARGET_FMT_plx "-" TARGET_FMT_plx mon_printf(f, TARGET_FMT_plx "-" TARGET_FMT_plx
" (prio %d, %s): alias %s @%s " TARGET_FMT_plx " (prio %d, %s): alias %s @%s " TARGET_FMT_plx
"-" TARGET_FMT_plx "%s\n", "-" TARGET_FMT_plx "%s\n",
base + mr->addr, cur_start, cur_end,
base + mr->addr + MR_SIZE(mr->size),
mr->priority, mr->priority,
memory_region_type((MemoryRegion *)mr), memory_region_type((MemoryRegion *)mr),
memory_region_name(mr), memory_region_name(mr),
@ -2534,8 +2546,7 @@ static void mtree_print_mr(fprintf_function mon_printf, void *f,
} else { } else {
mon_printf(f, mon_printf(f,
TARGET_FMT_plx "-" TARGET_FMT_plx " (prio %d, %s): %s%s\n", TARGET_FMT_plx "-" TARGET_FMT_plx " (prio %d, %s): %s%s\n",
base + mr->addr, cur_start, cur_end,
base + mr->addr + MR_SIZE(mr->size),
mr->priority, mr->priority,
memory_region_type((MemoryRegion *)mr), memory_region_type((MemoryRegion *)mr),
memory_region_name(mr), memory_region_name(mr),
@ -2562,7 +2573,7 @@ static void mtree_print_mr(fprintf_function mon_printf, void *f,
} }
QTAILQ_FOREACH(ml, &submr_print_queue, queue) { QTAILQ_FOREACH(ml, &submr_print_queue, queue) {
mtree_print_mr(mon_printf, f, ml->mr, level + 1, base + mr->addr, mtree_print_mr(mon_printf, f, ml->mr, level + 1, cur_start,
alias_print_queue); alias_print_queue);
} }