mirror of
https://github.com/qemu/qemu.git
synced 2024-12-13 13:53:42 +08:00
4b00855f0e
The DMA descriptor structures for this device have
a set of "address extension" fields which extend the 32
bit source addresses with an extra 16 bits to give a
48 bit address:
https://docs.amd.com/r/en-US/ug1085-zynq-ultrascale-trm/ADDR_EXT-Field
However, we misimplemented this address extension in several ways:
* we only extracted 12 bits of the extension fields, not 16
* we didn't shift the extension field up far enough
* we accidentally did the shift as 32-bit arithmetic, which
meant that we would have an overflow instead of setting
bits [47:32] of the resulting 64-bit address
Add a type cast and use extract64() instead of extract32()
to avoid integer overflow on addition. Fix bit fields
extraction according to documentation.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Cc: qemu-stable@nongnu.org
Fixes:
|
||
---|---|---|
.. | ||
bcm2835_dma.c | ||
etraxfs_dma.c | ||
i8257.c | ||
i82374.c | ||
Kconfig | ||
meson.build | ||
omap_dma.c | ||
pl080.c | ||
pl330.c | ||
pxa2xx_dma.c | ||
rc4030.c | ||
sifive_pdma.c | ||
soc_dma.c | ||
sparc32_dma.c | ||
trace-events | ||
trace.h | ||
xilinx_axidma.c | ||
xlnx_csu_dma.c | ||
xlnx_dpdma.c | ||
xlnx-zdma.c | ||
xlnx-zynq-devcfg.c |