From: Avi Kivity <avi@redhat.com>
To: malc <av1474@comtv.ru>
Cc: Jan Kiszka <jan.kiszka@siemens.com>,
qemu-devel@nongnu.org, kvm@vger.kernel.org
Subject: Re: [Qemu-devel] [PATCH] memory: use signed arithmetic
Date: Wed, 03 Aug 2011 00:21:00 +0300 [thread overview]
Message-ID: <4E386A3C.1050601@redhat.com> (raw)
In-Reply-To: <alpine.LNX.2.00.1108030115040.3886@linmac>
On 08/03/2011 12:15 AM, malc wrote:
> On Tue, 2 Aug 2011, Avi Kivity wrote:
>
> > When trying to map an alias of a ram region, where the alias starts at
> > address A and we map it into address B, and A> B, we had an arithmetic
> > underflow. Because we use unsigned arithmetic, the underflow converted
> > into a large number which failed addrrange_intersects() tests.
> >
> > The concrete example which triggered this was cirrus vga mapping
> > the framebuffer at offsets 0xc0000-0xc7fff (relative to the start of
> > the framebuffer) into offsets 0xa0000 (relative to system addres space
> > start).
> >
> > With our favorite analogy of a windowing system, this is equivalent to
> > dragging a subwindow off the left edge of the screen, and failing to clip
> > it into its parent window which is on screen.
> >
> > Fix by switching to signed arithmetic.
>
> http://stackoverflow.com/questions/3679047/integer-overflow-in-c-standards-and-compilers
>
> In other words UB land
>
No UB land.
Previously, we did something like 0x1000U - 0x2000U = 0xFFFF0000U, later
checking that 0xFFFF0000U < 0U and failing.
Now, we do something like 0x1000 - 0x2000 = -0x1000, later checking that
-0x1000 < 0, and suceeding.
In no case was there undefined behaviour involved. Unsigned underflow
is defined (and produced bad results for this case), Signed underflow
isn't defined (but doesn't occur in this case).
--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.
next prev parent reply other threads:[~2011-08-02 21:21 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-02 20:50 [Qemu-devel] [PATCH] memory: use signed arithmetic Avi Kivity
2011-08-02 21:15 ` malc
2011-08-02 21:21 ` Avi Kivity [this message]
2011-08-02 21:59 ` Richard Henderson
2011-08-02 22:06 ` Avi Kivity
2011-08-02 22:15 ` Richard Henderson
2011-08-03 8:26 ` Avi Kivity
2011-08-03 11:48 ` Benjamin Herrenschmidt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E386A3C.1050601@redhat.com \
--to=avi@redhat.com \
--cc=av1474@comtv.ru \
--cc=jan.kiszka@siemens.com \
--cc=kvm@vger.kernel.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).