* [PATCH] fix undefined bit shifting in mmio emulation path
@ 2007-03-23 10:05 He, Qing
0 siblings, 0 replies; only message in thread
From: He, Qing @ 2007-03-23 10:05 UTC (permalink / raw)
To: xen-devel
[-- Attachment #1: Type: text/plain, Size: 695 bytes --]
In functions set_eflags_* (xen/arch/x86/hvm/io.c), if the first argument
"size" equals sizeof(long), the following code will produce unintended
and invalid result:
unsigned long mask = (1 << (8 * size)) - 1;
In ANSI C, if the shift amount is greater or equal to the width of the
data type, the result is undefined. Specifically on x86, a bit mask is
applied to the shift amount, so that more significant bits are ignored.
So the above expression results 0x0 instead of the intended ~0UL.
This patch fixes this issue. Because size=0 is not a valid parameter,
rewriting the code using right shift avoids an additional condition
check.
Signed-off-by: Qing He <qing.he@intel.com>
[-- Attachment #2: mmio_instr_emu_safe_shift.patch --]
[-- Type: application/octet-stream, Size: 1998 bytes --]
diff -r 5c5d9692f559 xen/arch/x86/hvm/io.c
--- a/xen/arch/x86/hvm/io.c Wed Jan 10 15:05:00 2007 +0000
+++ b/xen/arch/x86/hvm/io.c Wed Mar 21 18:41:40 2007 +0800
@@ -290,7 +290,11 @@ static inline void set_eflags_CF(int siz
static inline void set_eflags_CF(int size, unsigned long v1,
unsigned long v2, struct cpu_user_regs *regs)
{
- unsigned long mask = (1 << (8 * size)) - 1;
+ unsigned long mask;
+
+ ASSERT((size <= sizeof(mask)) && (size > 0));
+
+ mask = ~0UL >> (8 * (sizeof(mask) - size));
if ((v1 & mask) > (v2 & mask))
regs->eflags |= X86_EFLAGS_CF;
@@ -301,7 +305,13 @@ static inline void set_eflags_OF(int siz
static inline void set_eflags_OF(int size, unsigned long v1,
unsigned long v2, unsigned long v3, struct cpu_user_regs *regs)
{
- if ((v3 ^ v2) & (v3 ^ v1) & (1 << ((8 * size) - 1)))
+ unsigned long mask;
+
+ ASSERT((size <= sizeof(mask)) && (size > 0));
+
+ mask = ~0UL >> (8 * (sizeof(mask) - size));
+
+ if ((v3 ^ v2) & (v3 ^ v1) & mask)
regs->eflags |= X86_EFLAGS_OF;
}
@@ -315,7 +325,11 @@ static inline void set_eflags_ZF(int siz
static inline void set_eflags_ZF(int size, unsigned long v1,
struct cpu_user_regs *regs)
{
- unsigned long mask = (1 << (8 * size)) - 1;
+ unsigned long mask;
+
+ ASSERT((size <= sizeof(mask)) && (size > 0));
+
+ mask = ~0UL >> (8 * (sizeof(mask) - size));
if ((v1 & mask) == 0)
regs->eflags |= X86_EFLAGS_ZF;
@@ -324,7 +338,13 @@ static inline void set_eflags_SF(int siz
static inline void set_eflags_SF(int size, unsigned long v1,
struct cpu_user_regs *regs)
{
- if (v1 & (1 << ((8 * size) - 1)))
+ unsigned long mask;
+
+ ASSERT((size <= sizeof(mask)) && (size > 0));
+
+ mask = ~0UL >> (8 * (sizeof(mask) - size));
+
+ if (v1 & mask)
regs->eflags |= X86_EFLAGS_SF;
}
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2007-03-23 10:05 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-03-23 10:05 [PATCH] fix undefined bit shifting in mmio emulation path He, Qing
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.