From 0acd4ab849827bbc20402e01c9da088207c0d236 Mon Sep 17 00:00:00 2001
From: Rémi Denis-Courmont
Date: Thu, 4 Jul 2019 10:41:15 +0200
Subject: linux-user: check valid address in access_ok()

Fix a crash with LTP testsuite and aarch64:

  tst_test.c:1015: INFO: Timeout per run is 0h 05m 00s
  qemu-aarch64: .../qemu/accel/tcg/translate-all.c:2522: page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed.
  qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x60001554

page_check_range() should never be called with address outside the guest
address space. This patch adds a guest_addr_valid() check in access_ok()
to only call page_check_range() with a valid address.

Fixes: f6768aa1b4c6 ("target/arm: fix AArch64 virtual address space size")
Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20190704084115.24713-1-lvivier@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
 linux-user/qemu.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'linux-user')

diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index fab287b7ec..4258e4162d 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -456,7 +456,9 @@ extern unsigned long guest_stack_size;
 
 static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
 {
-    return page_check_range((target_ulong)addr, size,
+    return guest_addr_valid(addr) &&
+           (size == 0 || guest_addr_valid(addr + size - 1)) &&
+           page_check_range((target_ulong)addr, size,
                             (type == VERIFY_READ) ? PAGE_READ : (PAGE_READ | PAGE_WRITE)) == 0;
 }
 
-- 
cgit v1.2.3-55-g7522