From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:38291)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1Rj6OH-0006pg-Ji
	for qemu-devel@nongnu.org; Fri, 06 Jan 2012 04:47:14 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1Rj6OF-0005uI-CN
	for qemu-devel@nongnu.org; Fri, 06 Jan 2012 04:47:13 -0500
Received: from mx1.redhat.com ([209.132.183.28]:44165)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1Rj6OF-0005u6-51
	for qemu-devel@nongnu.org; Fri, 06 Jan 2012 04:47:11 -0500
Message-ID: <4F06C31A.90700@redhat.com>
Date: Fri, 06 Jan 2012 10:47:06 +0100
From: Gerd Hoffmann <kraxel@redhat.com>
MIME-Version: 1.0
References: <4EF2F9A6.3020601@FreeBSD.org>
In-Reply-To: <4EF2F9A6.3020601@FreeBSD.org>
Content-Type: text/plain; charset=x-viet-vps
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] usb-ohci: td.cbp incorrectly updated near page end
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Andriy Gapon <avg@FreeBSD.org>
Cc: qemu-devel@nongnu.org

On 12/22/11 10:34, Andriy Gapon wrote:
> The current code that updates the cbp value after a transfer looks like this:
> td.cbp += ret;
> if ((td.cbp & 0xfff) + ret > 0xfff) {
> 	<handle page overflow>
> because the 'ret' value is effectively added twice the check may fire too early
> when the overflow hasn't happened yet.

Patch added to usb patch queue.

thanks,
  Gerd