[Qemu-devel] [PATCH for-2.3 6/6] ioport: reserve the whole range of an I/O port in the AddressSpace

[Paolo Bonzini]

When an I/O port is more than 1 byte long, ioport.c is currently
creating "short" regions, for example 0x1ce-0x1ce for the 16-bit
Bochs index port.  When I/O ports are memory mapped, and thus
accessed via a subpage_ops memory region, subpage_accepts gets
confused because it finds a hole at 0x1cf and rejects the access.

In order to fix this, modify registration of the region to cover
the whole size of the I/O port.  Attempts to access an invalid
port will be blocked by find_portio returning NULL.

This only affects the VBE DISPI regions.  For all other cases,
the MemoryRegionPortio entries for 2- or 4-byte accesses overlap
an entry for 1-byte accesses, thus the size of the memory region
is not affected.

Reported-by: Zoltan Balaton <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
---
 ioport.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ioport.c b/ioport.c
index 090c262..304d5d6 100644
--- a/ioport.c
+++ b/ioport.c
@@ -269,7 +269,7 @@ void portio_list_add(PortioList *piolist,
 
     /* Handle the first entry specially.  */
     off_last = off_low = pio_start->offset;
-    off_high = off_low + pio_start->len;
+    off_high = off_low + pio_start->len + pio_start->size - 1;
     count = 1;
 
     for (pio = pio_start + 1; pio->size != 0; pio++, count++) {
@@ -284,10 +284,10 @@ void portio_list_add(PortioList *piolist,
             /* ... and start collecting anew.  */
             pio_start = pio;
             off_low = off_last;
-            off_high = off_low + pio->len;
+            off_high = off_low + pio->len + pio_start->size - 1;
             count = 0;
         } else if (off_last + pio->len > off_high) {
-            off_high = off_last + pio->len;
+            off_high = off_last + pio->len + pio_start->size - 1;
         }
     }
 
-- 
2.3.4