On 3 August 2016 at 11:18, Benjamin Herrenschmidt <[email protected]> wrote: > On Wed, 2016-08-03 at 19:50 +1000, Benjamin Herrenschmidt wrote: >> >> > I'm confused. Is this just swapping the order of the operands to >> > '+'? >> > I wouldn't expect that to make any difference because typecast has >> > higher precedence than '+'... >> >> The typecast to target_ulong which is 32-bits :-) > > But you are right, this isn't the breakage. Patch 1/2 is sufficient > to fix it, though I didn't realize it at first. > > "vaddr" is actually a typedef, so the whole tlb_vaddr_to_host() turned > into a cast of guest_base to vaddr... > > The g2h part was just me being tired. It's true though that > target_ulong is going to be 32-bits which I don't like but > type promotion makes it work.
The cast to target_ulong is deliberate -- guest addresses should be that size and type, which is why we cast to it. Then we cast to unsigned long to zero-extend them to the size of a host address, before adding the guest_base. See commit 8d9dde9429d2b5b5 which added that cast to fix a problem where there was otherwise accidental sign extension in some uses of 32-bit-guest-on-64-bit-host. > So drop that patch and stick to patch 1/2 which is the real fix. > > As to why you don't hit the bug on ARM, well, maybe you don't > many helpers using tlb_vaddr_to_host ? Also address randomization makes > things hit or miss here ... The only uses of tlb_vaddr_to_host in the tree are (a) in a not-CONFIG_USER_ONLY codepath on target-arm (b) in target-s390x, which is a 64-bit guest thanks -- PMM
