From: Percival Foss
This test utilizes pegasos2 to show the cross page overflow bug on 32 bit
systems. We patch the firmware
image to cause the overflow. The instructions to do this are as follows:
li r3, 0
li r4, -1
lwz r5, 0x0(r4)
lwz r5, 0x0(r3)
This test will add an invalid translation when
Since v1:
-Updated git commits to have proper signed off by tags/messages
Our company found and fixed a bug in TCG that caused 32 bit guests
running on 64 bit hosts to crash. If a 32 bit host has a page
translation that crosses beyond the last page. This causes a invalid
translation to be added to
From: Percival Foss
The bug being resolved is that the current code in mmu_lookup() assumes
a valid 64-bit address space. If a guest has a 32-bit address space, a
page translation that crosses beyond the last page in the address space
will overflow out of the allocated guest virtual memory space
From: f...@percivaleng.com
---
accel/tcg/cputlb.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index fb22048876..457b3f8ec7 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1767,6 +1767,13 @@ static bool mmu_lookup(CPUState *cpu,
The bug being resolved is that the current code in mmu_lookup() assumes
a valid 64-bit address space. If a guest has a 32-bit address space, a
page translation that crosses beyond the last page in the address space
will overflow out of the allocated guest virtual memory space in the
QEMU applicatio
From: f...@percivaleng.com
---
tests/functional/meson.build | 1 +
tests/functional/test_ppc_pegasos2.py | 69 +++
2 files changed, 70 insertions(+)
create mode 100755 tests/functional/test_ppc_pegasos2.py
diff --git a/tests/functional/meson.build b/tests/func
