git.ipfire.org Git - thirdparty/qemu.git/commit

author	Alexandra Diupina <adiupina@astralinux.ru>
	Sun, 28 Apr 2024 18:11:31 +0000 (21:11 +0300)
committer	Peter Maydell <peter.maydell@linaro.org>
	Tue, 30 Apr 2024 14:39:54 +0000 (15:39 +0100)
commit	4b00855f0ee2e2eee8fd2500ffef27c108be6dc3
tree	4203dd2a9b8ab45760085e60bf22674fa70dfd88	tree \| snapshot
parent	f037f5b4b91a32bf8f1ec2c8ff92d2d14242adb4	commit \| diff

hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields

The DMA descriptor structures for this device have
a set of "address extension" fields which extend the 32
bit source addresses with an extra 16 bits to give a
48 bit address:
https://docs.amd.com/r/en-US/ug1085-zynq-ultrascale-trm/ADDR_EXT-Field

However, we misimplemented this address extension in several ways:
* we only extracted 12 bits of the extension fields, not 16
* we didn't shift the extension field up far enough
* we accidentally did the shift as 32-bit arithmetic, which
meant that we would have an overflow instead of setting
bits [47:32] of the resulting 64-bit address

Add a type cast and use extract64() instead of extract32()
to avoid integer overflow on addition. Fix bit fields
extraction according to documentation.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Cc: qemu-stable@nongnu.org
Fixes: d3c6369a96 ("introduce xlnx-dpdma")
Signed-off-by: Alexandra Diupina <adiupina@astralinux.ru>
Message-id: 20240428181131.23801-1-adiupina@astralinux.ru
[PMM: adjusted commit message]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>