On 15/10/20 16:37, to...@linux.ibm.com wrote:
> -static void *gpa2hva(MemoryRegion **p_mr, hwaddr addr, Error **errp)
> +void *gpa2hva(MemoryRegion **p_mr, hwaddr addr, uint64_t size, Error **errp)
> {
> MemoryRegionSection mrs = memory_region_find(get_system_memory(),
> - addr, 1);
> + addr, size);You need to check size against mrs.size and fail if mrs.size is smaller. Otherwise, the ioctl can access memory out of range. Sorry Eduardo for the late review. Paolo
