From: Peter Maydell <[email protected]> Currently cpu_memory_rw_debug() assumes page-granularity for translations, and it works in a loop where each iteration translates for the vaddr rounded down to a page boundary and then copies up to the end of the page boundary.
Rewrite it to use the new cpu_translate_for_debug(): we no longer want to round down the input address, and the boundary we copy up to is now determined by the lg_page_size it returns rather than being assumed to be page-sized. This, together with the implementation of translate_for_debug for Arm targets, fixes the bug where semihosting would incorrectly fail to access parameter blocks that were in memory where the start of the 4K region they were in was inaccessible due to MPU region settings, even if the parameter block itself was readable. Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3292 Signed-off-by: Peter Maydell <[email protected]> Message-id: [email protected] Acked-by: Peter Xu <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Message-ID: <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]> --- system/physmem.c | 38 ++++++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/system/physmem.c b/system/physmem.c index 652b03ad5f5..7bcbf875736 100644 --- a/system/physmem.c +++ b/system/physmem.c @@ -4030,28 +4030,38 @@ address_space_write_cached_slow(MemoryRegionCache *cache, hwaddr addr, int cpu_memory_rw_debug(CPUState *cpu, vaddr addr, void *ptr, size_t len, bool is_write) { - hwaddr phys_addr; - vaddr l, page; uint8_t *buf = ptr; cpu_synchronize_state(cpu); while (len > 0) { int asidx; - MemTxAttrs attrs; + TranslateForDebugResult tres; MemTxResult res; + hwaddr blk_base, blk_size, l; - page = addr & TARGET_PAGE_MASK; - phys_addr = cpu_get_phys_addr_attrs_debug(cpu, page, &attrs); - asidx = cpu_asidx_from_attrs(cpu, attrs); - /* if no physical page mapped, return an error */ - if (phys_addr == -1) + if (!cpu_translate_for_debug(cpu, addr, &tres)) { + /* Return error if no physical page mapped */ return -1; - l = (page + TARGET_PAGE_SIZE) - addr; - if (l > len) - l = len; - phys_addr += (addr & ~TARGET_PAGE_MASK); - res = address_space_rw(cpu->cpu_ases[asidx].as, phys_addr, attrs, buf, - l, is_write); + } + asidx = cpu_asidx_from_attrs(cpu, tres.attrs); + /* + * Clamp the amount we read to not go beyond a page even if + * the CPU returned a larger lg_page_size, in case this access + * is to a memory-mapped IO region. + */ + tres.lg_page_size = MIN(tres.lg_page_size, TARGET_PAGE_BITS); + /* + * Find the length in bytes from tres.physaddr to the end of the + * block whose size is 1 << tres.lg_page_size; we will access + * that much in one go. + */ + blk_size = 1ULL << tres.lg_page_size; + blk_base = ROUND_DOWN(tres.physaddr, blk_size); + l = blk_base + blk_size - tres.physaddr; + l = MIN(l, len); + + res = address_space_rw(cpu->cpu_ases[asidx].as, tres.physaddr, + tres.attrs, buf, l, is_write); if (res != MEMTX_OK) { return -1; } -- 2.53.0
