diff options
| author | Li Zhijian <lizhijian@cn.fujitsu.com> | 2019-01-17 20:49:01 +0800 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2019-02-05 16:50:18 +0100 |
| commit | 0c249ff71c094c0e009e2ccaef5237af3610b0fb (patch) | |
| tree | 855e1f40abe9e930f66749b83ab3a2831992c546 /include/exec/cpu-common.h | |
| parent | b86d01ba47cfe3fc7505924ca2804f370383ad97 (diff) | |
| download | focaccia-qemu-0c249ff71c094c0e009e2ccaef5237af3610b0fb.tar.gz focaccia-qemu-0c249ff71c094c0e009e2ccaef5237af3610b0fb.zip | |
unify len and addr type for memory/address APIs
Some address/memory APIs have different type between
'hwaddr/target_ulong addr' and 'int len'. It is very unsafe, especially
some APIs will be passed a non-int len by caller which might cause
overflow quietly.
Below is an potential overflow case:
dma_memory_read(uint32_t len)
-> dma_memory_rw(uint32_t len)
-> dma_memory_rw_relaxed(uint32_t len)
-> address_space_rw(int len) # len overflow
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Peter Crosthwaite <crosthwaite.peter@gmail.com>
CC: Richard Henderson <rth@twiddle.net>
CC: Peter Maydell <peter.maydell@linaro.org>
CC: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'include/exec/cpu-common.h')
| -rw-r--r-- | include/exec/cpu-common.h | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h index 2ad2d6d86b..63ec1f9b37 100644 --- a/include/exec/cpu-common.h +++ b/include/exec/cpu-common.h @@ -83,14 +83,14 @@ size_t qemu_ram_pagesize(RAMBlock *block); size_t qemu_ram_pagesize_largest(void); void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf, - int len, int is_write); + hwaddr len, int is_write); static inline void cpu_physical_memory_read(hwaddr addr, - void *buf, int len) + void *buf, hwaddr len) { cpu_physical_memory_rw(addr, buf, len, 0); } static inline void cpu_physical_memory_write(hwaddr addr, - const void *buf, int len) + const void *buf, hwaddr len) { cpu_physical_memory_rw(addr, (void *)buf, len, 1); } @@ -111,7 +111,7 @@ bool cpu_physical_memory_is_io(hwaddr phys_addr); */ void qemu_flush_coalesced_mmio_buffer(void); -void cpu_flush_icache_range(hwaddr start, int len); +void cpu_flush_icache_range(hwaddr start, hwaddr len); extern struct MemoryRegion io_mem_rom; extern struct MemoryRegion io_mem_notdirty; |