On Thu, Jul 23, 2020 at 08:44:27AM -0400, Michael S. Tsirkin wrote:
> On Fri, Jul 10, 2020 at 10:42:58AM +0100, Anthony PERARD wrote:
> > On Thu, Jul 02, 2020 at 07:12:08AM -0400, Michael S. Tsirkin wrote:
> > > memory: align to min access size
> > >
> > > If impl.min_access_size > valid.min_access_size access callbacks
> > > can get a misaligned access as size is increased.
> > > They don't expect that, let's fix it in the memory core.
> > >
> > > Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
> > >
> > > ---
> > >
> > >
> > > diff --git a/memory.c b/memory.c
> > > index 9200b20130..ea489ce405 100644
> > > --- a/memory.c
> > > +++ b/memory.c
> > > @@ -532,6 +532,7 @@ static MemTxResult access_with_adjusted_size(hwaddr
> > > addr,
> > > }
> > >
> > > /* FIXME: support unaligned access? */
> > > + addr &= ~(access_size_min - 1);
> > > access_size = MAX(MIN(size, access_size_max), access_size_min);
> > > access_mask = MAKE_64BIT_MASK(0, access_size * 8);
> > > if (memory_region_big_endian(mr)) {
> >
> > I've tried this (and .impl.min_access_size=2) but that wasn't enough.
> >
> > In the guest, I did `inb(base_addr + 1)`, but I've got back the value as
> > if `inb(base_addr)` was run.
> >
> > The device emulation read callbacks did get addr=0 width=2, so that's
> > fine, but the result returned to the guest wasn't shifted. Same thing
> > for write access, the write value isn't shifted, so a write to the
> > second byte would be written to the first.
> >
> > Thanks,
>
> So is there still an issue with my latest pull req?
> Or is everything fixed?
I can boot a guest with that pull req, it fixes the issue introduced by
the CVE fix.
Thanks!
--
Anthony PERARD
