When an I/O port is more than 1 byte long, ioport.c is currently
creating "short" regions, for example 0x1ce-0x1ce for the 16-bit
Bochs index port. When I/O ports are memory mapped, and thus
accessed via a subpage_ops memory region, subpage_accepts gets
confused because it finds a hole at 0x1cf and rejects the access.
In order to fix this, modify registration of the region to cover
the whole size of the I/O port. Attempts to access an invalid
port will be blocked by find_portio returning NULL.
This only affects the VBE DISPI regions. For all other cases,
the MemoryRegionPortio entries for 2- or 4-byte accesses overlap
an entry for 1-byte accesses, thus the size of the memory region
is not affected.
Reported-by: Zoltan Balaton <balaton@eik.bme.hu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
/* Handle the first entry specially. */
off_last = off_low = pio_start->offset;
- off_high = off_low + pio_start->len;
+ off_high = off_low + pio_start->len + pio_start->size - 1;
count = 1;
for (pio = pio_start + 1; pio->size != 0; pio++, count++) {
/* ... and start collecting anew. */
pio_start = pio;
off_low = off_last;
- off_high = off_low + pio->len;
+ off_high = off_low + pio->len + pio_start->size - 1;
count = 0;
} else if (off_last + pio->len > off_high) {
- off_high = off_last + pio->len;
+ off_high = off_last + pio->len + pio_start->size - 1;
}
}