* [PATCH v2] fix bit fields extraction and prevent overflow
@ 2024-04-28 18:11 Alexandra Diupina
2024-04-30 14:45 ` Peter Maydell
0 siblings, 1 reply; 2+ messages in thread
From: Alexandra Diupina @ 2024-04-28 18:11 UTC (permalink / raw)
To: Alistair Francis
Cc: Alexandra Diupina, Konrad, Frederic, Edgar E. Iglesias,
Peter Maydell, qemu-arm, qemu-devel, sdl.qemu
Add a type cast and use extract64() instead of extract32()
to avoid integer overflow on addition. Fix bit fields
extraction according to documentation.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: d3c6369a96 ("introduce xlnx-dpdma")
Signed-off-by: Alexandra Diupina <adiupina@astralinux.ru>
---
v2: fix typo
hw/dma/xlnx_dpdma.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/hw/dma/xlnx_dpdma.c b/hw/dma/xlnx_dpdma.c
index 1f5cd64ed1..530717d188 100644
--- a/hw/dma/xlnx_dpdma.c
+++ b/hw/dma/xlnx_dpdma.c
@@ -175,24 +175,24 @@ static uint64_t xlnx_dpdma_desc_get_source_address(DPDMADescriptor *desc,
switch (frag) {
case 0:
- addr = desc->source_address
- + (extract32(desc->address_extension, 16, 12) << 20);
+ addr = (uint64_t)desc->source_address
+ + (extract64(desc->address_extension, 16, 16) << 32);
break;
case 1:
- addr = desc->source_address2
- + (extract32(desc->address_extension_23, 0, 12) << 8);
+ addr = (uint64_t)desc->source_address2
+ + (extract64(desc->address_extension_23, 0, 16) << 32);
break;
case 2:
- addr = desc->source_address3
- + (extract32(desc->address_extension_23, 16, 12) << 20);
+ addr = (uint64_t)desc->source_address3
+ + (extract64(desc->address_extension_23, 16, 16) << 32);
break;
case 3:
- addr = desc->source_address4
- + (extract32(desc->address_extension_45, 0, 12) << 8);
+ addr = (uint64_t)desc->source_address4
+ + (extract64(desc->address_extension_45, 0, 16) << 32);
break;
case 4:
- addr = desc->source_address5
- + (extract32(desc->address_extension_45, 16, 12) << 20);
+ addr = (uint64_t)desc->source_address5
+ + (extract64(desc->address_extension_45, 16, 16) << 32);
break;
default:
addr = 0;
--
2.30.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v2] fix bit fields extraction and prevent overflow
2024-04-28 18:11 [PATCH v2] fix bit fields extraction and prevent overflow Alexandra Diupina
@ 2024-04-30 14:45 ` Peter Maydell
0 siblings, 0 replies; 2+ messages in thread
From: Peter Maydell @ 2024-04-30 14:45 UTC (permalink / raw)
To: Alexandra Diupina
Cc: Alistair Francis, Konrad, Frederic, Edgar E. Iglesias, qemu-arm,
qemu-devel, sdl.qemu
On Sun, 28 Apr 2024 at 19:11, Alexandra Diupina <adiupina@astralinux.ru> wrote:
>
> Add a type cast and use extract64() instead of extract32()
> to avoid integer overflow on addition. Fix bit fields
> extraction according to documentation.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: d3c6369a96 ("introduce xlnx-dpdma")
> Signed-off-by: Alexandra Diupina <adiupina@astralinux.ru>
Thanks; I've applied this to target-arm.next, and it'll go into
a pullreq sometime this week. (I tweaked the commit message to
add a bit of the context and the docs URL from the other
email thread.)
-- PMM
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-04-30 14:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-28 18:11 [PATCH v2] fix bit fields extraction and prevent overflow Alexandra Diupina
2024-04-30 14:45 ` Peter Maydell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.