mirror of
https://github.com/Motorhead1991/qemu.git
synced 2025-12-11 16:00:50 -07:00
4b00855f0e
The DMA descriptor structures for this device have
a set of "address extension" fields which extend the 32
bit source addresses with an extra 16 bits to give a
48 bit address:
https://docs.amd.com/r/en-US/ug1085-zynq-ultrascale-trm/ADDR_EXT-Field
However, we misimplemented this address extension in several ways:
* we only extracted 12 bits of the extension fields, not 16
* we didn't shift the extension field up far enough
* we accidentally did the shift as 32-bit arithmetic, which
meant that we would have an overflow instead of setting
bits [47:32] of the resulting 64-bit address
Add a type cast and use extract64() instead of extract32()
to avoid integer overflow on addition. Fix bit fields
extraction according to documentation.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Cc: qemu-stable@nongnu.org
Fixes:
|
||
|---|---|---|
| .. | ||
| bcm2835_dma.c | ||
| etraxfs_dma.c | ||
| i8257.c | ||
| i82374.c | ||
| Kconfig | ||
| meson.build | ||
| omap_dma.c | ||
| pl080.c | ||
| pl330.c | ||
| pxa2xx_dma.c | ||
| rc4030.c | ||
| sifive_pdma.c | ||
| soc_dma.c | ||
| sparc32_dma.c | ||
| trace-events | ||
| trace.h | ||
| xilinx_axidma.c | ||
| xlnx-zdma.c | ||
| xlnx-zynq-devcfg.c | ||
| xlnx_csu_dma.c | ||
| xlnx_dpdma.c | ||