unify len and addr type for memory/address APIs

Some address/memory APIs have different type between 'hwaddr/target_ulong addr' and 'int len'. It is very unsafe, especially some APIs will be passed a non-int len by caller which might cause overflow quietly. Below is an potential overflow case: dma_memory_read(uint32_t len) -> dma_memory_rw(uint32_t len) -> dma_memory_rw_relaxed(uint32_t len) -> address_space_rw(int len) # len overflow CC: Paolo Bonzini <pbonzini@redhat.com> CC: Peter Crosthwaite <crosthwaite.peter@gmail.com> CC: Richard Henderson <rth@twiddle.net> CC: Peter Maydell <peter.maydell@linaro.org> CC: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-08-02 23:33:54 -06:00 · 2019-01-17 20:49:01 +08:00 · 2019-01-17 20:49:01 +08:00 · 0c249ff71c
commit 0c249ff71c
parent b86d01ba47
4 changed files with 39 additions and 40 deletions
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@ -1791,7 +1791,7 @@ void address_space_destroy(AddressSpace *as);
 */
 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr,
                             MemTxAttrs attrs, uint8_t *buf,
-                             int len, bool is_write);
+                             hwaddr len, bool is_write);

 /**
 * address_space_write: write to address space.
@ -1808,7 +1808,7 @@ MemTxResult address_space_rw(AddressSpace *as, hwaddr addr,
 */
 MemTxResult address_space_write(AddressSpace *as, hwaddr addr,
                                MemTxAttrs attrs,
-                                const uint8_t *buf, int len);
+                                const uint8_t *buf, hwaddr len);

 /**
 * address_space_write_rom: write to address space, including ROM.
@ -1834,7 +1834,7 @@ MemTxResult address_space_write(AddressSpace *as, hwaddr addr,
 */
 MemTxResult address_space_write_rom(AddressSpace *as, hwaddr addr,
                                    MemTxAttrs attrs,
-                                    const uint8_t *buf, int len);
+                                    const uint8_t *buf, hwaddr len);

 /* address_space_ld*: load from an address space
 * address_space_st*: store to an address space
@ -2035,7 +2035,7 @@ static inline MemoryRegion *address_space_translate(AddressSpace *as,
 * @is_write: indicates the transfer direction
 * @attrs: memory attributes
 */
-bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len,
+bool address_space_access_valid(AddressSpace *as, hwaddr addr, hwaddr len,
                                bool is_write, MemTxAttrs attrs);

 /* address_space_map: map a physical memory region into a host virtual address
@ -2072,19 +2072,19 @@ void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,

 /* Internal functions, part of the implementation of address_space_read.  */
 MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
-                                    MemTxAttrs attrs, uint8_t *buf, int len);
+                                    MemTxAttrs attrs, uint8_t *buf, hwaddr len);
 MemTxResult flatview_read_continue(FlatView *fv, hwaddr addr,
                                   MemTxAttrs attrs, uint8_t *buf,
-                                   int len, hwaddr addr1, hwaddr l,
+                                   hwaddr len, hwaddr addr1, hwaddr l,
                                   MemoryRegion *mr);
 void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr);

 /* Internal functions, part of the implementation of address_space_read_cached
 * and address_space_write_cached.  */
 void address_space_read_cached_slow(MemoryRegionCache *cache,
-                                    hwaddr addr, void *buf, int len);
+                                    hwaddr addr, void *buf, hwaddr len);
 void address_space_write_cached_slow(MemoryRegionCache *cache,
-                                     hwaddr addr, const void *buf, int len);
+                                     hwaddr addr, const void *buf, hwaddr len);

 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
 {
@ -2112,7 +2112,7 @@ static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
 static inline __attribute__((__always_inline__))
 MemTxResult address_space_read(AddressSpace *as, hwaddr addr,
                               MemTxAttrs attrs, uint8_t *buf,
-                               int len)
+                               hwaddr len)
 {
    MemTxResult result = MEMTX_OK;
    hwaddr l, addr1;
@ -2151,7 +2151,7 @@ MemTxResult address_space_read(AddressSpace *as, hwaddr addr,
 */
 static inline void
 address_space_read_cached(MemoryRegionCache *cache, hwaddr addr,
-                          void *buf, int len)
+                          void *buf, hwaddr len)
 {
    assert(addr < cache->len && len <= cache->len - addr);
    if (likely(cache->ptr)) {
@ -2171,7 +2171,7 @@ address_space_read_cached(MemoryRegionCache *cache, hwaddr addr,
 */
 static inline void
 address_space_write_cached(MemoryRegionCache *cache, hwaddr addr,
-                           void *buf, int len)
+                           void *buf, hwaddr len)
 {
    assert(addr < cache->len && len <= cache->len - addr);
    if (likely(cache->ptr)) {