From mboxrd@z Thu Jan 1 00:00:00 1970 From: Richard Henderson Subject: Re: [PATCH v2] memory: use signed arithmetic Date: Wed, 03 Aug 2011 07:59:27 -0700 Message-ID: <4E39624F.4020709@twiddle.net> References: <1312361774-29086-1-git-send-email-avi@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: Anthony Liguori , Jan Kiszka , qemu-devel@nongnu.org, kvm@vger.kernel.org To: Avi Kivity Return-path: Received: from mail-qy0-f174.google.com ([209.85.216.174]:57183 "EHLO mail-qy0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754579Ab1HCO7c (ORCPT ); Wed, 3 Aug 2011 10:59:32 -0400 Received: by qyk38 with SMTP id 38so209767qyk.19 for ; Wed, 03 Aug 2011 07:59:32 -0700 (PDT) In-Reply-To: <1312361774-29086-1-git-send-email-avi@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: On 08/03/2011 01:56 AM, Avi Kivity wrote: > When trying to map an alias of a ram region, where the alias starts at > address A and we map it into address B, and A > B, we had an arithmetic > underflow. Because we use unsigned arithmetic, the underflow converted > into a large number which failed addrrange_intersects() tests. > > The concrete example which triggered this was cirrus vga mapping > the framebuffer at offsets 0xc0000-0xc7fff (relative to the start of > the framebuffer) into offsets 0xa0000 (relative to system addres space > start). > > With our favorite analogy of a windowing system, this is equivalent to > dragging a subwindow off the left edge of the screen, and failing to clip > it into its parent window which is on screen. > > Fix by switching to signed arithmetic. > > Signed-off-by: Avi Kivity Signed-off-by: Richard Henderson r~ From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:36920) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Qocv0-0008VM-LH for qemu-devel@nongnu.org; Wed, 03 Aug 2011 10:59:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Qocuz-00022f-1z for qemu-devel@nongnu.org; Wed, 03 Aug 2011 10:59:34 -0400 Received: from mail-qy0-f173.google.com ([209.85.216.173]:38953) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Qocuy-00022Y-Vy for qemu-devel@nongnu.org; Wed, 03 Aug 2011 10:59:33 -0400 Received: by qyk10 with SMTP id 10so2415076qyk.4 for ; Wed, 03 Aug 2011 07:59:32 -0700 (PDT) Sender: Richard Henderson Message-ID: <4E39624F.4020709@twiddle.net> Date: Wed, 03 Aug 2011 07:59:27 -0700 From: Richard Henderson MIME-Version: 1.0 References: <1312361774-29086-1-git-send-email-avi@redhat.com> In-Reply-To: <1312361774-29086-1-git-send-email-avi@redhat.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH v2] memory: use signed arithmetic List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Avi Kivity Cc: Jan Kiszka , qemu-devel@nongnu.org, kvm@vger.kernel.org On 08/03/2011 01:56 AM, Avi Kivity wrote: > When trying to map an alias of a ram region, where the alias starts at > address A and we map it into address B, and A > B, we had an arithmetic > underflow. Because we use unsigned arithmetic, the underflow converted > into a large number which failed addrrange_intersects() tests. > > The concrete example which triggered this was cirrus vga mapping > the framebuffer at offsets 0xc0000-0xc7fff (relative to the start of > the framebuffer) into offsets 0xa0000 (relative to system addres space > start). > > With our favorite analogy of a windowing system, this is equivalent to > dragging a subwindow off the left edge of the screen, and failing to clip > it into its parent window which is on screen. > > Fix by switching to signed arithmetic. > > Signed-off-by: Avi Kivity Signed-off-by: Richard Henderson r~