From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:55277)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1QpNWl-0004AC-2E
	for qemu-devel@nongnu.org; Fri, 05 Aug 2011 12:45:40 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1QpNWj-0008Rx-H5
	for qemu-devel@nongnu.org; Fri, 05 Aug 2011 12:45:39 -0400
Received: from mail-yx0-f173.google.com ([209.85.213.173]:64650)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1QpNWj-0008Rm-Cz
	for qemu-devel@nongnu.org; Fri, 05 Aug 2011 12:45:37 -0400
Received: by yxt3 with SMTP id 3so2093487yxt.4
	for <qemu-devel@nongnu.org>; Fri, 05 Aug 2011 09:45:36 -0700 (PDT)
Message-ID: <4E3C1E2A.9030702@codemonkey.ws>
Date: Fri, 05 Aug 2011 11:45:30 -0500
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
References: <1312361774-29086-1-git-send-email-avi@redhat.com>
In-Reply-To: <1312361774-29086-1-git-send-email-avi@redhat.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v2] memory: use signed arithmetic
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Avi Kivity <avi@redhat.com>
Cc: Jan Kiszka <jan.kiszka@siemens.com>, qemu-devel@nongnu.org, kvm@vger.kernel.org, Richard Henderson <rth@twiddle.net>

On 08/03/2011 03:56 AM, Avi Kivity wrote:
> When trying to map an alias of a ram region, where the alias starts at
> address A and we map it into address B, and A>  B, we had an arithmetic
> underflow.  Because we use unsigned arithmetic, the underflow converted
> into a large number which failed addrrange_intersects() tests.
>
> The concrete example which triggered this was cirrus vga mapping
> the framebuffer at offsets 0xc0000-0xc7fff (relative to the start of
> the framebuffer) into offsets 0xa0000 (relative to system addres space
> start).
>
> With our favorite analogy of a windowing system, this is equivalent to
> dragging a subwindow off the left edge of the screen, and failing to clip
> it into its parent window which is on screen.
>
> Fix by switching to signed arithmetic.
>
> Signed-off-by: Avi Kivity<avi@redhat.com>

Applied.  Thanks.

Regards,

Anthony Liguori

> ---
>
> v2: add comment about physical address width limitation to 63 bits
>
>   exec.c   |    2 +-
>   memory.c |   23 ++++++++++++++---------
>   2 files changed, 15 insertions(+), 10 deletions(-)
>
> diff --git a/exec.c b/exec.c
> index 476b507..751fd89 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -3818,7 +3818,7 @@ static void io_mem_init(void)
>   static void memory_map_init(void)
>   {
>       system_memory = qemu_malloc(sizeof(*system_memory));
> -    memory_region_init(system_memory, "system", UINT64_MAX);
> +    memory_region_init(system_memory, "system", INT64_MAX);
>       set_system_memory_map(system_memory);
>   }
>
> diff --git a/memory.c b/memory.c
> index 5f20320..be891c6 100644
> --- a/memory.c
> +++ b/memory.c
> @@ -22,12 +22,17 @@ unsigned memory_region_transaction_depth = 0;
>
>   typedef struct AddrRange AddrRange;
>
> +/*
> + * Note using signed integers limits us to physical addresses at most
> + * 63 bits wide.  They are needed for negative offsetting in aliases
> + * (large MemoryRegion::alias_offset).
> + */
>   struct AddrRange {
> -    uint64_t start;
> -    uint64_t size;
> +    int64_t start;
> +    int64_t size;
>   };
>
> -static AddrRange addrrange_make(uint64_t start, uint64_t size)
> +static AddrRange addrrange_make(int64_t start, int64_t size)
>   {
>       return (AddrRange) { start, size };
>   }
> @@ -37,7 +42,7 @@ static bool addrrange_equal(AddrRange r1, AddrRange r2)
>       return r1.start == r2.start&&  r1.size == r2.size;
>   }
>
> -static uint64_t addrrange_end(AddrRange r)
> +static int64_t addrrange_end(AddrRange r)
>   {
>       return r.start + r.size;
>   }
> @@ -56,9 +61,9 @@ static bool addrrange_intersects(AddrRange r1, AddrRange r2)
>
>   static AddrRange addrrange_intersection(AddrRange r1, AddrRange r2)
>   {
> -    uint64_t start = MAX(r1.start, r2.start);
> +    int64_t start = MAX(r1.start, r2.start);
>       /* off-by-one arithmetic to prevent overflow */
> -    uint64_t end = MIN(addrrange_end(r1) - 1, addrrange_end(r2) - 1);
> +    int64_t end = MIN(addrrange_end(r1) - 1, addrrange_end(r2) - 1);
>       return addrrange_make(start, end - start + 1);
>   }
>
> @@ -411,8 +416,8 @@ static void render_memory_region(FlatView *view,
>       MemoryRegion *subregion;
>       unsigned i;
>       target_phys_addr_t offset_in_region;
> -    uint64_t remain;
> -    uint64_t now;
> +    int64_t remain;
> +    int64_t now;
>       FlatRange fr;
>       AddrRange tmp;
>
> @@ -486,7 +491,7 @@ static FlatView generate_memory_topology(MemoryRegion *mr)
>
>       flatview_init(&view);
>
> -    render_memory_region(&view, mr, 0, addrrange_make(0, UINT64_MAX));
> +    render_memory_region(&view, mr, 0, addrrange_make(0, INT64_MAX));
>       flatview_simplify(&view);
>
>       return view;