From mboxrd@z Thu Jan 1 00:00:00 1970 From: Keir Fraser Subject: Re: [PATCH] x86: fix bug_line() Date: Fri, 11 Oct 2013 18:17:20 +0100 Message-ID: References: <5258349A02000078000FAA6E@nat28.tlf.novell.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VUgLJ-0000wb-GZ for xen-devel@lists.xenproject.org; Fri, 11 Oct 2013 17:17:37 +0000 Received: by mail-pb0-f44.google.com with SMTP id xa7so4499363pbc.17 for ; Fri, 11 Oct 2013 10:17:34 -0700 (PDT) In-Reply-To: <5258349A02000078000FAA6E@nat28.tlf.novell.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Jan Beulich , xen-devel List-Id: xen-devel@lists.xenproject.org On 11/10/2013 16:25, "Jan Beulich" wrote: > Due to the packing into a bit field together with a relocated field, > the computation can overflow when the relocated field ends up getting a > negative value stored. Hence it isn't sufficient to correct the value > by 1 in this case, but we also need to mask the result to the width of > the original bit field. > > Signed-off-by: Jan Beulich Acked-by: Keir Fraser > --- a/xen/include/asm-x86/bug.h > +++ b/xen/include/asm-x86/bug.h > @@ -15,9 +15,11 @@ struct bug_frame { > > #define bug_loc(b) ((const void *)(b) + (b)->loc_disp) > #define bug_ptr(b) ((const void *)(b) + (b)->ptr_disp) > -#define bug_line(b) ((((b)->line_hi + ((b)->loc_disp < 0)) << > \ > +#define bug_line(b) (((((b)->line_hi + ((b)->loc_disp < 0)) & > \ > + ((1 << BUG_LINE_HI_WIDTH) - 1)) << > \ > BUG_LINE_LO_WIDTH) + > \ > - (b)->line_lo + ((b)->ptr_disp < 0)) > + (((b)->line_lo + ((b)->ptr_disp < 0)) & > \ > + ((1 << BUG_LINE_LO_WIDTH) - 1))) > #define bug_msg(b) ((const char *)(b) + (b)->msg_disp[1]) > > #define BUGFRAME_run_fn 0 > > >