On 30 May 2013 22:03, Paolo Bonzini <pbonz...@redhat.com> wrote:
> +MemoryRegionSection *address_space_translate(AddressSpace *as, hwaddr addr,
> + hwaddr *xlat, hwaddr *plen,
> + bool is_write)
> +{
> + MemoryRegionSection *section;
> + Int128 diff;
> +
> + section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
> + /* Compute offset within MemoryRegionSection */
> + addr -= section->offset_within_address_space;
> +
> + /* Compute offset within MemoryRegion */
> + *xlat = addr + section->offset_within_region;
> +
> + diff = int128_sub(section->mr->size, int128_make64(addr));
> + *plen = MIN(int128_get64(diff), *plen);
I've just run into a situation where the assertion in
int128_get64() that the value fits into a 64 bit integer
fires. This happened to me for an access to address zero
in the 'unassigned' region:
* io_mem_init() sets the size of these to UINT64_MAX
* memory_region_init() special-cases that size as meaning
2^64, ie {hi=1,lo=0}
* since the addr is zero diff is also {hi=1,lo=0}, and
then int128_get64() asserts.
There are other places in memory.c which do an int128_get64()
on mr->size, which also look suspicious...
-- PMM
