[src/trunk]: src/sys/arch/xen fix address overflow with 32bit PAE.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/arch/xen fix address overflow with 32bit PAE.
From: cegger <cegger%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 18:24:34 +0000

details:   https://anonhg.NetBSD.org/src/rev/1b04876692e6
branches:  trunk
changeset: 751071:1b04876692e6
user:      cegger <cegger%NetBSD.org@localhost>
date:      Sat Jan 23 22:32:42 2010 +0000

description:
fix address overflow with 32bit PAE.
Reported and tested by Mark Davies on port-xen@.

diffstat:

 sys/arch/xen/x86/xen_bus_dma.c       |  12 ++++++------
 sys/arch/xen/xen/xengnt.c            |  11 ++++++-----
 sys/arch/xen/xen/xennetback_xenbus.c |   4 ++--
 3 files changed, 14 insertions(+), 13 deletions(-)

diffs (110 lines):

diff -r 2853db21397d -r 1b04876692e6 sys/arch/xen/x86/xen_bus_dma.c
--- a/sys/arch/xen/x86/xen_bus_dma.c    Sat Jan 23 21:46:59 2010 +0000
+++ b/sys/arch/xen/x86/xen_bus_dma.c    Sat Jan 23 22:32:42 2010 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: xen_bus_dma.c,v 1.15 2009/07/29 12:02:08 cegger Exp $  */
+/*     $NetBSD: xen_bus_dma.c,v 1.16 2010/01/23 22:32:42 cegger Exp $  */
 /*     NetBSD bus_dma.c,v 1.21 2005/04/16 07:53:35 yamt Exp */
 
 /*-
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xen_bus_dma.c,v 1.15 2009/07/29 12:02:08 cegger Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xen_bus_dma.c,v 1.16 2010/01/23 22:32:42 cegger Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -82,8 +82,8 @@
        KASSERT(npages >= npagesreq);
 
        /* get npages from UWM, and give them back to the hypervisor */
-       error = uvm_pglistalloc(npages << PAGE_SHIFT, 0, avail_end, 0, 0,
-           mlistp, npages, (flags & BUS_DMA_NOWAIT) == 0);
+       error = uvm_pglistalloc(((psize_t)npages) << PAGE_SHIFT,
+            0, avail_end, 0, 0, mlistp, npages, (flags & BUS_DMA_NOWAIT) == 0);
        if (error)
                return (error);
 
@@ -133,7 +133,7 @@
                pa = VM_PAGE_TO_PHYS(pg);
                xpmap_phys_to_machine_mapping[
                    (pa - XPMAP_OFFSET) >> PAGE_SHIFT] = mfn+i;
-               xpq_queue_machphys_update((mfn+i) << PAGE_SHIFT, pa);
+               xpq_queue_machphys_update(((paddr_t)(mfn+i)) << PAGE_SHIFT, pa);
                /* while here, give extra pages back to UVM */
                if (i >= npagesreq) {
                        TAILQ_REMOVE(mlistp, pg, pageq.queue);
@@ -179,7 +179,7 @@
                pa = VM_PAGE_TO_PHYS(pg);
                xpmap_phys_to_machine_mapping[
                    (pa - XPMAP_OFFSET) >> PAGE_SHIFT] = mfn;
-               xpq_queue_machphys_update((mfn) << PAGE_SHIFT, pa);
+               xpq_queue_machphys_update(((paddr_t)mfn) << PAGE_SHIFT, pa);
                TAILQ_REMOVE(mlistp, pg, pageq.queue);
                uvm_pagefree(pg);
        }
diff -r 2853db21397d -r 1b04876692e6 sys/arch/xen/xen/xengnt.c
--- a/sys/arch/xen/xen/xengnt.c Sat Jan 23 21:46:59 2010 +0000
+++ b/sys/arch/xen/xen/xengnt.c Sat Jan 23 22:32:42 2010 +0000
@@ -1,4 +1,4 @@
-/*      $NetBSD: xengnt.c,v 1.16 2009/11/07 07:27:49 cegger Exp $      */
+/*      $NetBSD: xengnt.c,v 1.17 2010/01/23 22:32:42 cegger Exp $      */
 
 /*
  * Copyright (c) 2006 Manuel Bouyer.
@@ -26,7 +26,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xengnt.c,v 1.16 2009/11/07 07:27:49 cegger Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xengnt.c,v 1.17 2010/01/23 22:32:42 cegger Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -127,14 +127,14 @@
 xengnt_more_entries(void)
 {
        gnttab_setup_table_t setup;
-       unsigned long *pages;
+       u_long *pages;
        int nframes_new = gnt_nr_grant_frames + 1;
        int i;
 
        if (gnt_nr_grant_frames == gnt_max_grant_frames)
                return ENOMEM;
 
-       pages = malloc(nframes_new * sizeof(long), M_DEVBUF, M_NOWAIT);
+       pages = malloc(nframes_new * sizeof(u_long), M_DEVBUF, M_NOWAIT);
        if (pages == NULL)
                return ENOMEM;
 
@@ -165,7 +165,8 @@
         * the grant table frames
         */
        pmap_kenter_ma(((vaddr_t)grant_table) + gnt_nr_grant_frames * PAGE_SIZE,
-           pages[gnt_nr_grant_frames] << PAGE_SHIFT, VM_PROT_WRITE, 0);
+           ((paddr_t)pages[gnt_nr_grant_frames]) << PAGE_SHIFT,
+           VM_PROT_WRITE, 0);
 
        /*
         * add the grant entries associated to the last grant table frame
diff -r 2853db21397d -r 1b04876692e6 sys/arch/xen/xen/xennetback_xenbus.c
--- a/sys/arch/xen/xen/xennetback_xenbus.c      Sat Jan 23 21:46:59 2010 +0000
+++ b/sys/arch/xen/xen/xennetback_xenbus.c      Sat Jan 23 22:32:42 2010 +0000
@@ -1,4 +1,4 @@
-/*      $NetBSD: xennetback_xenbus.c,v 1.32 2010/01/19 22:06:23 pooka Exp $      */
+/*      $NetBSD: xennetback_xenbus.c,v 1.33 2010/01/23 22:32:42 cegger Exp $      */
 
 /*
  * Copyright (c) 2006 Manuel Bouyer.
@@ -591,7 +591,7 @@
                 */
                return -1;
 
-       *map = mcl_pages[mcl_pages_alloc] << PAGE_SHIFT;
+       *map = ((paddr_t)mcl_pages[mcl_pages_alloc]) << PAGE_SHIFT;
        mcl_pages_alloc--;
        return 0;

Prev by Date: [src/trunk]: src/sys/arch/sparc64/sparc64 remove CHKPT() macro and uses. it'...
Next by Date: [src/trunk]: src/sys/arch/sparc64/sparc64 remove most of the code that writes...
Previous by Thread: [src/trunk]: src/sys/arch/sparc64/sparc64 remove CHKPT() macro and uses. it'...
Next by Thread: [src/trunk]: src/sys/arch/sparc64/sparc64 remove most of the code that writes...
Indexes:

Home | Main Index | Thread Index | Old Index