From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54581)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <benh@kernel.crashing.org>) id 1bUtG5-0007Do-KX
	for qemu-devel@nongnu.org; Wed, 03 Aug 2016 06:18:42 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <benh@kernel.crashing.org>) id 1bUtG2-0007Tz-Dr
	for qemu-devel@nongnu.org; Wed, 03 Aug 2016 06:18:41 -0400
Received: from gate.crashing.org ([63.228.1.57]:39090)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <benh@kernel.crashing.org>) id 1bUtG2-0007Tu-4Z
	for qemu-devel@nongnu.org; Wed, 03 Aug 2016 06:18:38 -0400
Message-ID: <1470219512.12584.78.camel@kernel.crashing.org>
From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Date: Wed, 03 Aug 2016 20:18:32 +1000
In-Reply-To: <1470217830.12584.70.camel@kernel.crashing.org>
References: <1470194119.12584.43.camel@kernel.crashing.org>
	<CAFEAcA9LK_Ew=oxmJM9qoF_Ar6YrPJvxdPgzrmpgFmmr-wBQ5A@mail.gmail.com>
	<1470217830.12584.70.camel@kernel.crashing.org>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PATCH 2/2] Fix g2h() for 32-bit targets on 64-bit
 hosts
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: QEMU Developers <qemu-devel@nongnu.org>

On Wed, 2016-08-03 at 19:50 +1000, Benjamin Herrenschmidt wrote:
>=C2=A0
> > I'm confused. Is this just swapping the order of the operands to
> > '+'?
> > I wouldn't expect that to make any difference because typecast has
> > higher precedence than '+'...
>=20
> The typecast to target_ulong which is 32-bits :-)

But you are right, this isn't the breakage. Patch 1/2 is sufficient
to fix it, though I didn't realize it at first.

"vaddr" is actually a typedef, so the whole tlb_vaddr_to_host() turned
into a cast of guest_base to vaddr...

The g2h part was just me being tired. It's true though that
target_ulong is going to be 32-bits which I don't like but
type promotion makes it work.

So drop that patch and stick to patch 1/2 which is the real fix.

As to why you don't hit the bug on ARM, well, maybe you don't=C2=A0
many helpers using=C2=A0tlb_vaddr_to_host ? Also address randomization ma=
kes
things hit or miss here ...

Cheers,
Ben.