On 5/3/19 2:04 PM, Peter Maydell wrote: > Currently the dc_zva helper function uses a variable length > array. In fact we know (as the comment above remarks) that > the length of this array is bounded because the architecture > limits the block size and QEMU limits the target page size. > Use a fixed array size and assert that we don't run off it. > > Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> > --- > Changes v1->v2: > * use ARRAY_SIZE() instead of sizeof()
Reviewed-by: Philippe Mathieu-Daudé <phi...@redhat.com> Tested-by: Philippe Mathieu-Daudé <phi...@redhat.com> > * add a comment to make it a bit clearer that the > expected size of hostaddr[] is only 2 entries > --- > target/arm/helper.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/target/arm/helper.c b/target/arm/helper.c > index 81a92ab4911..10444d12b18 100644 > --- a/target/arm/helper.c > +++ b/target/arm/helper.c > @@ -1,4 +1,5 @@ > #include "qemu/osdep.h" > +#include "qemu/units.h" > #include "target/arm/idau.h" > #include "trace.h" > #include "cpu.h" > @@ -13099,14 +13100,17 @@ void HELPER(dc_zva)(CPUARMState *env, uint64_t > vaddr_in) > * We know that in fact for any v8 CPU the page size is at least 4K > * and the block size must be 2K or less, but TARGET_PAGE_SIZE is > only > * 1K as an artefact of legacy v5 subpage support being present in > the > - * same QEMU executable. > + * same QEMU executable. So in practice the hostaddr[] array has > + * two entries, given the current setting of TARGET_PAGE_BITS_MIN. > */ > int maxidx = DIV_ROUND_UP(blocklen, TARGET_PAGE_SIZE); > - void *hostaddr[maxidx]; > + void *hostaddr[DIV_ROUND_UP(2 * KiB, 1 << TARGET_PAGE_BITS_MIN)]; > int try, i; > unsigned mmu_idx = cpu_mmu_index(env, false); > TCGMemOpIdx oi = make_memop_idx(MO_UB, mmu_idx); > > + assert(maxidx <= ARRAY_SIZE(hostaddr)); > + > for (try = 0; try < 2; try++) { > > for (i = 0; i < maxidx; i++) { >