[Qemu-devel] [PATCH] nand: fix address overflow
The shifts of the address mask and value shift beyond 32 bits when there
are 5 address cycles.
Signed-off-by: Rabin Vincent
---
hw/block/nand.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/block/nand.c b/hw/block/nand.c
index 61d2cec..a68266f 100644
--- a/hw/block/nand.c
+++ b/hw/block/nand.c
@@ -522,8 +522,8 @@ void nand_setio(DeviceState *dev, uint32_t value)
if (s->ale) {
unsigned int shift = s->addrlen * 8;
-unsigned int mask = ~(0xff << shift);
-unsigned int v = value << shift;
+uint64_t mask = ~(0xffull << shift);
+uint64_t v = (uint64_t)value << shift;
s->addr = (s->addr & mask) | v;
s->addrlen ++;
--
1.7.10.4
Re: [Qemu-devel] [PATCH] nand: fix address overflow
On 10/11/2015 14:25, Rabin Vincent wrote:
> The shifts of the address mask and value shift beyond 32 bits when there
> are 5 address cycles.
>
> Signed-off-by: Rabin Vincent
> ---
> hw/block/nand.c |4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/hw/block/nand.c b/hw/block/nand.c
> index 61d2cec..a68266f 100644
> --- a/hw/block/nand.c
> +++ b/hw/block/nand.c
> @@ -522,8 +522,8 @@ void nand_setio(DeviceState *dev, uint32_t value)
>
> if (s->ale) {
> unsigned int shift = s->addrlen * 8;
> -unsigned int mask = ~(0xff << shift);
> -unsigned int v = value << shift;
> +uint64_t mask = ~(0xffull << shift);
> +uint64_t v = (uint64_t)value << shift;
>
> s->addr = (s->addr & mask) | v;
> s->addrlen ++;
>
Cc: qemu-triv...@nongnu.org
Reviewed-by: Paolo Bonzini
Re: [Qemu-devel] [PATCH] nand: fix address overflow
On Tue, Nov 10, 2015 at 7:09 AM, Paolo Bonzini wrote:
>
>
> On 10/11/2015 14:25, Rabin Vincent wrote:
>> The shifts of the address mask and value shift beyond 32 bits when there
>> are 5 address cycles.
>>
>> Signed-off-by: Rabin Vincent
>> ---
>> hw/block/nand.c |4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/hw/block/nand.c b/hw/block/nand.c
>> index 61d2cec..a68266f 100644
>> --- a/hw/block/nand.c
>> +++ b/hw/block/nand.c
>> @@ -522,8 +522,8 @@ void nand_setio(DeviceState *dev, uint32_t value)
>>
>> if (s->ale) {
>> unsigned int shift = s->addrlen * 8;
>> -unsigned int mask = ~(0xff << shift);
>> -unsigned int v = value << shift;
>> +uint64_t mask = ~(0xffull << shift);
>> +uint64_t v = (uint64_t)value << shift;
>>
>> s->addr = (s->addr & mask) | v;
>> s->addrlen ++;
>>
>
> Cc: qemu-triv...@nongnu.org
> Reviewed-by: Paolo Bonzini
Reviewed-by: Peter Crosthwaite
This is a bugfix right? IIUC This would not have worked for accesses
to devices above column address 255 at all. Should this go to
stable/2.5?
Regards,
Peter
>
Re: [Qemu-devel] [PATCH] nand: fix address overflow
> > On 10/11/2015 14:25, Rabin Vincent wrote:
> >> The shifts of the address mask and value shift beyond 32 bits when there
> >> are 5 address cycles.
> >>
> >> Signed-off-by: Rabin Vincent
> >> ---
> >> hw/block/nand.c |4 ++--
> >> 1 file changed, 2 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/hw/block/nand.c b/hw/block/nand.c
> >> index 61d2cec..a68266f 100644
> >> --- a/hw/block/nand.c
> >> +++ b/hw/block/nand.c
> >> @@ -522,8 +522,8 @@ void nand_setio(DeviceState *dev, uint32_t value)
> >>
> >> if (s->ale) {
> >> unsigned int shift = s->addrlen * 8;
> >> -unsigned int mask = ~(0xff << shift);
> >> -unsigned int v = value << shift;
> >> +uint64_t mask = ~(0xffull << shift);
> >> +uint64_t v = (uint64_t)value << shift;
> >>
> >> s->addr = (s->addr & mask) | v;
> >> s->addrlen ++;
> >>
> >
> > Cc: qemu-triv...@nongnu.org
> > Reviewed-by: Paolo Bonzini
>
> Reviewed-by: Peter Crosthwaite
>
> This is a bugfix right? IIUC This would not have worked for accesses
> to devices above column address 255 at all. Should this go to
> stable/2.5?
Yes, it should. Michael, are you planning to send another pull
request during hard freeze?
Paolo
Re: [Qemu-devel] [PATCH] nand: fix address overflow
Am 13.11.2015 um 10:32 hat Paolo Bonzini geschrieben:
> > > On 10/11/2015 14:25, Rabin Vincent wrote:
> > >> The shifts of the address mask and value shift beyond 32 bits when there
> > >> are 5 address cycles.
> > >>
> > >> Signed-off-by: Rabin Vincent
> > >> ---
> > >> hw/block/nand.c |4 ++--
> > >> 1 file changed, 2 insertions(+), 2 deletions(-)
> > >>
> > >> diff --git a/hw/block/nand.c b/hw/block/nand.c
> > >> index 61d2cec..a68266f 100644
> > >> --- a/hw/block/nand.c
> > >> +++ b/hw/block/nand.c
> > >> @@ -522,8 +522,8 @@ void nand_setio(DeviceState *dev, uint32_t value)
> > >>
> > >> if (s->ale) {
> > >> unsigned int shift = s->addrlen * 8;
> > >> -unsigned int mask = ~(0xff << shift);
> > >> -unsigned int v = value << shift;
> > >> +uint64_t mask = ~(0xffull << shift);
> > >> +uint64_t v = (uint64_t)value << shift;
> > >>
> > >> s->addr = (s->addr & mask) | v;
> > >> s->addrlen ++;
> > >>
> > >
> > > Cc: qemu-triv...@nongnu.org
> > > Reviewed-by: Paolo Bonzini
> >
> > Reviewed-by: Peter Crosthwaite
> >
> > This is a bugfix right? IIUC This would not have worked for accesses
> > to devices above column address 255 at all. Should this go to
> > stable/2.5?
>
> Yes, it should. Michael, are you planning to send another pull
> request during hard freeze?
The block layer catch-all entry in MAINTAINERS says that it's mine, so
I'll just take it through my block tree.
Kevin
