mirror of
https://github.com/Motorhead1991/qemu.git
synced 2025-12-19 14:08:39 -07:00
64378d92df
The DMA descriptor structures for this device have a set of "address extension" fields which extend the 32 bit source addresses with an extra 16 bits to give a 48 bit address: https://docs.amd.com/r/en-US/ug1085-zynq-ultrascale-trm/ADDR_EXT-Field However, we misimplemented this address extension in several ways: * we only extracted 12 bits of the extension fields, not 16 * we didn't shift the extension field up far enough * we accidentally did the shift as 32-bit arithmetic, which meant that we would have an overflow instead of setting bits [47:32] of the resulting 64-bit address Add a type cast and use extract64() instead of extract32() to avoid integer overflow on addition. Fix bit fields extraction according to documentation. Found by Linux Verification Center (linuxtesting.org) with SVACE. Cc: qemu-stable@nongnu.org Fixes: |
||
|---|---|---|
| .. | ||
| bcm2835_dma.c | ||
| etraxfs_dma.c | ||
| i8257.c | ||
| i82374.c | ||
| Kconfig | ||
| meson.build | ||
| omap_dma.c | ||
| pl080.c | ||
| pl330.c | ||
| pxa2xx_dma.c | ||
| rc4030.c | ||
| sifive_pdma.c | ||
| soc_dma.c | ||
| sparc32_dma.c | ||
| trace-events | ||
| trace.h | ||
| xilinx_axidma.c | ||
| xlnx-zdma.c | ||
| xlnx-zynq-devcfg.c | ||
| xlnx_csu_dma.c | ||
| xlnx_dpdma.c | ||