From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1KaGhs-0008S7-Ry
	for qemu-devel@nongnu.org; Mon, 01 Sep 2008 17:13:04 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1KaGhr-0008Rv-Co
	for qemu-devel@nongnu.org; Mon, 01 Sep 2008 17:13:04 -0400
Received: from [199.232.76.173] (port=36452 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1KaGhr-0008Rp-4D
	for qemu-devel@nongnu.org; Mon, 01 Sep 2008 17:13:03 -0400
Received: from mx2.redhat.com ([66.187.237.31]:49838)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <glommer@redhat.com>) id 1KaGhq-0005NL-Pp
	for qemu-devel@nongnu.org; Mon, 01 Sep 2008 17:13:03 -0400
From: Glauber Costa <glommer@redhat.com>
Date: Mon,  1 Sep 2008 18:11:43 -0300
Message-Id: <1220303503-19413-1-git-send-email-glommer@redhat.com>
Subject: [Qemu-devel] [PATCH] Fix up pxe boot
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: aliguori@us.ibm.com, kvm@vger.kernel.org, apevec@redhat.com, Glauber Costa <glommer@redhat.com>, chrisw@sous-sol.org, Eduardo Habkost <ehabkost@redhat.com>

As discussed in
http://lists.gnu.org/archive/html/qemu-devel/2008-08/msg00667.html,
current pxe boot is broken for some use cases. The problem
goes away if we reduce the number of allowed bits in the address space
to 32 (which has the side effect of reducing guest max mem size to 4Gb).

After digging for a while, it turns out that it happens because pxelinux
tries to access address 0x10009e9a6, which does not fit a 32-bit address.
A closer look, however, reveals this access is totally valid: It's just
0x9e9a6 with an add carry.

To avoid this, this patch casts the address passed to the POPL macro to
a 32-bit value. This is also done, although just theorectically, for
PUSHL too.

Signed-off-by: Glauber Costa <glommer@redhat.com>
Reported-by: Chris Lalancette <clalance@redhat.com>
CC: Eduardo Habkost <ehabkost@redhat.com>
---
 target-i386/op_helper.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/target-i386/op_helper.c b/target-i386/op_helper.c
index 0b5fdc0..433aa3f 100644
--- a/target-i386/op_helper.c
+++ b/target-i386/op_helper.c
@@ -600,7 +600,7 @@ do {\
 #define PUSHL(ssp, sp, sp_mask, val)\
 {\
     sp -= 4;\
-    stl_kernel((ssp) + (sp & (sp_mask)), (val));\
+    stl_kernel((uint32_t)((ssp) + (sp & (sp_mask))), (uint32_t)(val));\
 }
 
 #define POPW(ssp, sp, sp_mask, val)\
@@ -611,7 +611,7 @@ do {\
 
 #define POPL(ssp, sp, sp_mask, val)\
 {\
-    val = (uint32_t)ldl_kernel((ssp) + (sp & (sp_mask)));\
+    val = (uint32_t)ldl_kernel((uint32_t)((ssp) + (sp & (sp_mask))));\
     sp += 4;\
 }
 
-- 
1.5.5.1