The IOTLB that it returned didn't guarantee that page_mask is indeed a
so-called page mask. That won't affect current usage since now only
vhost is using it (vhost API allows arbitary IOTLB range). However we
have IOTLB scemantic and we should best follow it. This patch fixes this
issue to make sure the page_mask is always a valid page mask.
Fixes: a764040 ("exec: abstract address_space_do_translate()")
Signed-off-by: Peter Xu <pet...@redhat.com>
---
exec.c | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/exec.c b/exec.c
index ff16f04..7026c21 100644
--- a/exec.c
+++ b/exec.c
@@ -519,6 +519,15 @@ IOMMUTLBEntry address_space_get_iotlb_entry(AddressSpace
*as, hwaddr addr,
section = address_space_do_translate(as, addr, &xlat, &plen,
is_write, false);
+ if (plen == (hwaddr)-1) {
+ /* If not specified during translation, use default mask */
+ plen = TARGET_PAGE_MASK;
+ } else {
+ /* Make it a valid page mask */
+ assert(plen);
+ plen = (1ULL << (63 - clz64(plen))) - 1;
+ }
+
/* Illegal translation */
if (section.mr == &io_mem_unassigned) {
goto iotlb_fail;
@@ -528,17 +537,6 @@ IOMMUTLBEntry address_space_get_iotlb_entry(AddressSpace
*as, hwaddr addr,
xlat += section.offset_within_address_space -
section.offset_within_region;
- if (plen == (hwaddr)-1) {
- /*
- * We use default page size here. Logically it only happens
- * for identity mappings.
- */
- plen = TARGET_PAGE_SIZE;
- }
-
- /* Convert to address mask */
- plen -= 1;
-
return (IOMMUTLBEntry) {
.target_as = section.address_space,
.iova = addr & ~plen,
--
2.7.4
