From fd4e62bc1d764fd09c1a03ffe4fe3f09a006df6f Mon Sep 17 00:00:00 2001 From: Peter Crosthwaite Date: Sun, 18 Feb 2018 22:03:56 -0500 Subject: [PATCH] exec: Respect as_translate_internal length clamp address_space_translate_internal will clamp the *plen length argument based on the size of the memory region being queried. The iommu walker logic in addresss_space_translate was ignoring this by discarding the post fn call value of *plen. Fix by just always using *plen as the length argument throughout the fn, removing the len local variable. This fixes a bootloader bug when a single elf section spans multiple QEMU memory regions. Backports commit 23820dbfc79d1c9dce090b4c555994f2bb6a69b3 from qemu --- qemu/exec.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/qemu/exec.c b/qemu/exec.c index e914e1ee..715e502d 100644 --- a/qemu/exec.c +++ b/qemu/exec.c @@ -349,7 +349,6 @@ MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr, IOMMUTLBEntry iotlb; MemoryRegionSection *section; MemoryRegion *mr; - hwaddr len = *plen; for (;;) { section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true); @@ -364,7 +363,7 @@ MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr, iotlb = mr->iommu_ops->translate(mr, addr, is_write); addr = ((iotlb.translated_addr & ~iotlb.addr_mask) | (addr & iotlb.addr_mask)); - len = MIN(len, (addr | iotlb.addr_mask) - addr + 1); + *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1); if (!(iotlb.perm & (1 << is_write))) { mr = &as->uc->io_mem_unassigned; break; @@ -373,7 +372,6 @@ MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr, as = iotlb.target_as; } - *plen = len; *xlat = addr; return mr; }