From: Jim MacArthur <jim.macarthur@linaro.org>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: "Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Alex Bennée" <alex.bennee@linaro.org>,
qemu-devel@nongnu.org
Subject: Re: [PATCH] hw/dma/omap_dma.c: Use 64 bit maths for omap_dma_transfer_setup
Date: Fri, 5 Dec 2025 16:36:31 +0000 [thread overview]
Message-ID: <e51b8d31-9f13-488f-9021-cdcf3f662e6b@linaro.org> (raw)
In-Reply-To: <CAFEAcA8rj4oFV57QSiMmtz4WF8zRu04O6nF0auZv8m4tLiATyg@mail.gmail.com>
On 12/5/25 16:20, Peter Maydell wrote:
> On Fri, 5 Dec 2025 at 16:11, Jim MacArthur <jim.macarthur@linaro.org> wrote:
>>
>> On 12/5/25 15:57, Philippe Mathieu-Daudé wrote:
>>> On 4/12/25 22:33, Alex Bennée wrote:
>>>> Jim MacArthur <jim.macarthur@linaro.org> writes:
>>>>
>>>>> If both frame and element count are 65535, which appears valid from my
>>>>> reading of the OMAP5912 documentation, then some of the calculations
>>>>> will overflow the 32-bit signed integer range and produce a negative
>>>>> min_elems value.
>>>>>
>>>>> Raised by #3204 (https://gitlab.com/qemu-project/qemu/-/issues/3204).
>>>>>
>>>> nit:
>>>>
>>>> Fixes: https://gitlab.com/qemu-project/qemu/-/issues/3204
>>> Format is:
>>>
>>> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3204
>>> Fixes: afbb5194d43 ("Handle on-chip DMA controllers in one place")
>>>
>> I'm unclear on whether this actually resolves or fixes the issue, so I
>> just said 'Raised by'. The bug only includes a test case, not a text
>> description of the problem. The test case will give a different error if
>> this patch is applied, but still doesn't pass. I've mentioned this on
>> the bug page.
> Generally for this kind of fuzzer-generated bug report, the
> bug is "it is possible to make QEMU assert/crash/etc". They
> don't come with textual analysis of why exactly we ended up
> crashing, because the crash was auto-generated. So the
> "what actually happened here" is one of the things you have
> to figure out as part of fixing the bug.
By that criterion, this patch doesn't fix the bug as it will still throw
a different address sanitizer error. The test case identified at least
two problems, one of which is fixed by this patch (when I address your
comments about u64/u32 math) and the other which I haven't figured out
how to address yet. I can leave this without the Resolves: tag, or add
an extra issue to Gitlab with the specific problem, or we can leave it
until we have a patch for the other problems.
Jim
next prev parent reply other threads:[~2025-12-05 16:37 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-04 19:33 [PATCH] hw/dma/omap_dma.c: Use 64 bit maths for omap_dma_transfer_setup Jim MacArthur
2025-12-04 21:33 ` Alex Bennée
2025-12-05 15:57 ` Philippe Mathieu-Daudé
2025-12-05 16:10 ` Jim MacArthur
2025-12-05 16:20 ` Peter Maydell
2025-12-05 16:36 ` Jim MacArthur [this message]
2025-12-05 10:33 ` Peter Maydell
2025-12-05 15:10 ` Jim MacArthur
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e51b8d31-9f13-488f-9021-cdcf3f662e6b@linaro.org \
--to=jim.macarthur@linaro.org \
--cc=alex.bennee@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).