mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7d31776d7f
qemu/hw/dma
History
Alexandra Diupina a004dfabea hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields 
The DMA descriptor structures for this device have
a set of "address extension" fields which extend the 32
bit source addresses with an extra 16 bits to give a
48 bit address:
 https://docs.amd.com/r/en-US/ug1085-zynq-ultrascale-trm/ADDR_EXT-Field

However, we misimplemented this address extension in several ways:
 * we only extracted 12 bits of the extension fields, not 16
 * we didn't shift the extension field up far enough
 * we accidentally did the shift as 32-bit arithmetic, which
   meant that we would have an overflow instead of setting
   bits [47:32] of the resulting 64-bit address

Add a type cast and use extract64() instead of extract32()
to avoid integer overflow on addition. Fix bit fields
extraction according to documentation.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Cc: qemu-stable@nongnu.org
Fixes: d3c6369a96 ("introduce xlnx-dpdma")
Signed-off-by: Alexandra Diupina <adiupina@astralinux.ru>
Message-id: 20240428181131.23801-1-adiupina@astralinux.ru
[PMM: adjusted commit message]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 4b00855f0e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2024-05-02 13:16:29 +03:00
..
bcm2835_dma.c Mark remaining global TypeInfo instances as const 2022-02-21 13:30:20 +00:00
etraxfs_dma.c Remove unnecessary cast when using the cpu_[physical]_memory API 2020-02-20 14:47:08 +01:00
i8257.c i8257: Move QOM macro to header 2020-08-27 14:04:54 -04:00
i82374.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
Kconfig hw/dma: Implement a Xilinx CSU DMA model 2021-03-08 17:20:04 +00:00
meson.build Drop the deprecated unicore32 target 2021-05-12 18:20:52 +02:00
omap_dma.c hw/dma/omap_dma: Move switch 'fall through' comment to correct place 2019-08-21 10:55:23 +02:00
pl080.c Do not include exec/address-spaces.h if it's not really necessary 2021-05-02 17:24:51 +02:00
pl330.c treewide: Remove the unnecessary space before semicolon 2022-10-24 13:41:10 +02:00
pxa2xx_dma.c hw/arm: Constify VMStateDescription 2021-05-02 17:24:50 +02:00
rc4030.c Use g_new() & friends where that makes obvious sense 2022-03-21 15:44:44 +01:00
sifive_pdma.c hw/dma: sifive_pdma: permit 4/8-byte access size of PDMA registers 2022-01-08 15:46:09 +10:00
soc_dma.c misc: Replace zero-length arrays with flexible array member (automatic) 2020-03-16 22:07:42 +01:00
sparc32_dma.c dma: Let dma_memory_read/write() take MemTxAttrs argument 2021-12-30 17:16:32 +01:00
trace-events docs: fix references to docs/devel/tracing.rst 2021-06-02 06:51:09 +02:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
xilinx_axidma.c hw/dma/xilinx_axidma: Check DMASR.HALTED to prevent infinite loop. 2023-05-31 09:43:56 +03:00
xlnx_csu_dma.c ptimer: Rename PTIMER_POLICY_DEFAULT to PTIMER_POLICY_LEGACY 2022-05-19 16:19:03 +01:00
xlnx_dpdma.c hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields 2024-05-02 13:16:29 +03:00
xlnx-zdma.c Remove unnecessary minimum_version_id_old fields 2022-01-28 15:38:23 +01:00
xlnx-zynq-devcfg.c dma: Let dma_memory_read/write() take MemTxAttrs argument 2021-12-30 17:16:32 +01:00