memory: assert that PhysPageEntry's ptr does not overflow While sized to 15 bits in PhysPageEntry, the ptr field is ORed into the iotlb entries together with a page-aligned pointer. The ptr field must not overflow into this page-aligned value, assert that it is smaller than the page size. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

commit: 68f3f65b09a1ce8c82fac17911ffc3bb6031ebe4 [log] [tgz]
author: Paolo Bonzini <pbonzini@redhat.com> Tue May 07 11:30:23 2013 +0200
committer: Paolo Bonzini <pbonzini@redhat.com> Fri May 24 18:42:30 2013 +0200
tree: 7aaf7de701db3a27c7439a0d4939fc7bdeece687
parent: 8b0d6711a276bdb9edcd9299b194c7c0d6b56a88 [diff]
diff --git a/exec.c b/exec.c
index 1355661..8562fca 100644
--- a/exec.c
+++ b/exec.c

@@ -713,6 +713,12 @@
 
 static uint16_t phys_section_add(MemoryRegionSection *section)
 {
+    /* The physical section number is ORed with a page-aligned
+     * pointer to produce the iotlb entries.  Thus it should
+     * never overflow into the page-aligned value.
+     */
+    assert(phys_sections_nb < TARGET_PAGE_SIZE);
+
     if (phys_sections_nb == phys_sections_nb_alloc) {
         phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
         phys_sections = g_renew(MemoryRegionSection, phys_sections,
commit	68f3f65b09a1ce8c82fac17911ffc3bb6031ebe4	[log] [tgz]
author	Paolo Bonzini <pbonzini@redhat.com>	Tue May 07 11:30:23 2013 +0200
committer	Paolo Bonzini <pbonzini@redhat.com>	Fri May 24 18:42:30 2013 +0200
tree	7aaf7de701db3a27c7439a0d4939fc7bdeece687
parent	8b0d6711a276bdb9edcd9299b194c7c0d6b56a88 [diff]