Re: [Qemu-devel] [qemu-s390x] [PATCH 09/10] target/s390x: avoid integer overflow in next_page PC check

[Thomas Huth]

On 10.04.2018 18:19, Emilio G. Cota wrote:
> If the PC is in the last page of the address space, next_page_start
> overflows to 0. Fix it.
> 
> Cc: Cornelia Huck <address@hidden>
> Cc: Alexander Graf <address@hidden>
> Cc: David Hildenbrand <address@hidden>
> Cc: address@hidden
> Signed-off-by: Emilio G. Cota <address@hidden>
> ---
>  target/s390x/translate.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/target/s390x/translate.c b/target/s390x/translate.c
> index 7d39ab3..44449f1 100644
> --- a/target/s390x/translate.c
> +++ b/target/s390x/translate.c
> @@ -6163,7 +6163,7 @@ void gen_intermediate_code(CPUState *cs, struct 
> TranslationBlock *tb)
>      CPUS390XState *env = cs->env_ptr;
>      DisasContext dc;
>      target_ulong pc_start;
> -    uint64_t next_page_start;
> +    uint64_t page_start;
>      int num_insns, max_insns;
>      ExitStatus status;
>      bool do_debug;
> @@ -6181,7 +6181,7 @@ void gen_intermediate_code(CPUState *cs, struct 
> TranslationBlock *tb)
>      dc.ex_value = tb->cs_base;
>      do_debug = dc.singlestep_enabled = cs->singlestep_enabled;
>  
> -    next_page_start = (pc_start & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE;
> +    page_start = pc_start & TARGET_PAGE_MASK;
>  
>      num_insns = 0;
>      max_insns = tb_cflags(tb) & CF_COUNT_MASK;
> @@ -6218,7 +6218,7 @@ void gen_intermediate_code(CPUState *cs, struct 
> TranslationBlock *tb)
>          /* If we reach a page boundary, are single stepping,
>             or exhaust instruction count, stop generation.  */
>          if (status == NO_EXIT
> -            && (dc.pc >= next_page_start
> +            && (dc.pc - page_start >= TARGET_PAGE_SIZE
>                  || tcg_op_buf_full()
>                  || num_insns >= max_insns
>                  || singlestep
> 

Reviewed-by: Thomas Huth <address@hidden>