[Qemu-devel] [PULL 41/41] memory: don't sign-extend 32-bit writes

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: Ladi Prosek <lprosek@redhat.com>
Subject: [Qemu-devel] [PULL 41/41] memory: don't sign-extend 32-bit writes
Date: Fri, 27 Jan 2017 14:45:49 +0100	[thread overview]
Message-ID: <1485524749-118532-42-git-send-email-pbonzini@redhat.com> (raw)
In-Reply-To: <1485524749-118532-1-git-send-email-pbonzini@redhat.com>

From: Ladi Prosek <lprosek@redhat.com>

ldl_p has a signed return type so assigning it to uint64_t implicitly
sign-extends the value. This results in devices with min_access_size = 8
seeing unexpected values passed to their write handlers.

Example: guest performs a 32-bit write of 0x80000000 to an mmio region
and the handler receives 0xFFFFFFFF80000000 in its value argument.

Signed-off-by: Ladi Prosek <lprosek@redhat.com>
Message-Id: <1485440557-10384-1-git-send-email-lprosek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 exec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/exec.c b/exec.c
index f2bed92..b05c5d2 100644
--- a/exec.c
+++ b/exec.c
@@ -2630,7 +2630,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
                 break;
             case 4:
                 /* 32 bit write access */
-                val = ldl_p(buf);
+                val = (uint32_t)ldl_p(buf);
                 result |= memory_region_dispatch_write(mr, addr1, val, 4,
                                                        attrs);
                 break;
-- 
1.8.3.1

next prev parent reply	other threads:[~2017-01-27 13:46 UTC|newest]

Thread overview: 43+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-27 13:45 [Qemu-devel] [PULL 00/41] Misc changes for 2017-01-27 Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 01/41] icount: update instruction counter on apic patching Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 02/41] replay: improve interrupt handling Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 03/41] replay: don't use rtc clock on loadvm phase Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 04/41] savevm: add public save_vmstate function Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 05/41] replay: save/load initial state Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 06/41] replay: exception replay fix Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 07/41] apic: save apic_delivered flag Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 08/41] memory: tune mtree_print_mr() to dump mr type Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 09/41] memory: hmp: add "-f" for "info mtree" Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 10/41] hw/isa/lpc_ich9: add SMI feature negotiation via fw_cfg Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 11/41] hw/isa/lpc_ich9: add broadcast SMI feature Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 12/41] hw/isa/lpc_ich9: negotiate SMI broadcast on pc-q35-2.9+ machine types Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 13/41] block/iscsi: avoid data corruption with cache=writeback Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 14/41] Introduce DEVICE_CATEGORY_CPU for CPU devices Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 15/41] hw/scsi: Fix debug message of cdb structure in scsi-generic Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 16/41] block: Fix target variable of BLKSECTGET ioctl Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 17/41] block: get max_transfer limit for char (scsi-generic) devices Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 18/41] x86-KVM: Supply TSC and APIC clock rates to guest like VMWare Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 19/41] pc: Enable vmware-cpuid-freq CPU option for 2.9+ machine types Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 20/41] block/iscsi: statically link qemu_iscsi_opts Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 21/41] tests: fix linking test-char on win32 Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 22/41] qemu-options: stdio is available " Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 23/41] char: add qemu_chr_fe_add_watch() Returns description Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 24/41] doc: fix spelling Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 25/41] char: use a const CharDriver Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 26/41] char: use a static array for backends Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 27/41] char: move callbacks in CharDriver Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 28/41] char: fold single-user functions in caller Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 29/41] char: introduce generic qemu_chr_get_kind() Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 30/41] char: use a feature bit for replay Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 31/41] char: allocate CharDriverState as a single object Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 32/41] bt: use qemu_chr_alloc() Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 33/41] char: rename CharDriverState Chardev Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 34/41] char: rename TCPChardev and NetChardev Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 35/41] spice-char: improve error reporting Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 36/41] char: use error_report() Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 37/41] gtk: overwrite the console.c char driver Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 38/41] baum: use a common prefix for chr callbacks Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 39/41] vc: " Paolo Bonzini
2017-01-27 13:45 ` [Qemu-devel] [PULL 40/41] chardev: qom-ify Paolo Bonzini
2017-01-27 13:45 ` Paolo Bonzini [this message]
2017-01-27 16:58 ` [Qemu-devel] [PULL 00/41] Misc changes for 2017-01-27 Peter Maydell

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f2bed92 dfblob:b05c5d2 )
 OR (
bs:"[Qemu-devel] [PULL 41/41] memory: don't sign-extend 32-bit writes" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1485524749-118532-42-git-send-email-pbonzini@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=lprosek@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).