VirtualBox

Changeset 103317 in vbox for trunk


Ignore:
Timestamp:
Feb 12, 2024 4:02:29 PM (12 months ago)
Author:
vboxsync
svn:sync-xref-src-repo-rev:
161614
Message:

DevEHCI: Cast bit-fields to RTGCPHYS before left shifting, otherwise some compilers may convert the type to int and sign extend, creating invalid physical addresses.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Devices/USB/DevEHCI.cpp

    r99739 r103317  
    16241624            break; /* detect if list item is self-cycled. */
    16251625
    1626         GCPhys = qtd.Next.Pointer << EHCI_TD_PTR_SHIFT;
     1626        GCPhys = (RTGCPHYS)qtd.Next.Pointer << EHCI_TD_PTR_SHIFT;
    16271627
    16281628        if (GCPhys == GCPhysHead)
     
    16601660            break; /* detect if list item is self-cycled. */
    16611661
    1662         GCPhys = qtd.AltNext.Pointer << EHCI_TD_PTR_SHIFT;
     1662        GCPhys = (RTGCPHYS)qtd.AltNext.Pointer << EHCI_TD_PTR_SHIFT;
    16631663
    16641664        if (GCPhys == GCPhysHead)
     
    17021702          ((RTGCPHYS)qhd.Overlay.OrgQTD.Next.Pointer << EHCI_TD_PTR_SHIFT), qhd.Overlay.OrgQTD.Next.Terminate,
    17031703          ((RTGCPHYS)qhd.Overlay.OrgQTD.AltNext.Pointer << EHCI_TD_PTR_SHIFT), qhd.Overlay.OrgQTD.AltNext.Terminate));
    1704     ehciR3DumpSingleQTD(qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT, &qhd.Overlay.OrgQTD, "");
    1705     ehciR3DumpQTD(pDevIns, qhd.Overlay.OrgQTD.Next.Pointer << EHCI_TD_PTR_SHIFT, true);
     1704    ehciR3DumpSingleQTD((RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT, &qhd.Overlay.OrgQTD, "");
     1705    ehciR3DumpQTD(pDevIns, (RTGCPHYS)qhd.Overlay.OrgQTD.Next.Pointer << EHCI_TD_PTR_SHIFT, true);
    17061706
    17071707    Assert(qhd.Next.Pointer || qhd.Next.Terminate);
     
    17281728            break;  /* Looping on itself. Bad guest! */
    17291729
    1730         GCPhys = ptr.Pointer << EHCI_TD_PTR_SHIFT;
     1730        GCPhys = (RTGCPHYS)ptr.Pointer << EHCI_TD_PTR_SHIFT;
    17311731        if (GCPhys == GCPhysHead)
    17321732            break;  /* break the loop */
     
    17681768            {
    17691769                Log2(("T%d Len=%x Offset=%x PG=%d IOC=%d Buffer=%x\n", i, pItd->Transaction[i].Length, pItd->Transaction[i].Offset, pItd->Transaction[i].PG, pItd->Transaction[i].IOC,
    1770                        pItd->Buffer.Buffer[pItd->Transaction[i].PG].Pointer << EHCI_BUFFER_PTR_SHIFT));
     1770                       (RTGCPHYS)pItd->Buffer.Buffer[pItd->Transaction[i].PG].Pointer << EHCI_BUFFER_PTR_SHIFT));
    17711771            }
    17721772        }
     
    17851785
    17861786        /* next */
    1787         GCPhys = pItd->Next.Pointer << EHCI_TD_PTR_SHIFT;
     1787        GCPhys = (RTGCPHYS)pItd->Next.Pointer << EHCI_TD_PTR_SHIFT;
    17881788    }
    17891789}
     
    23262326                               LogRelMax(10, ("EHCI: Crossing to undefined page %d in iTD at %RGp on completion.\n", pg + 1, pUrb->paTds[0].TdAddr));
    23272327
    2328                             GCPhysBuf = pItd->Buffer.Buffer[pg + 1].Pointer << EHCI_BUFFER_PTR_SHIFT;
     2328                            GCPhysBuf = (RTGCPHYS)pItd->Buffer.Buffer[pg + 1].Pointer << EHCI_BUFFER_PTR_SHIFT;
    23292329                            ehciPhysWrite(pDevIns, GCPhysBuf, pb + cb1, cb2);
    23302330                        }
     
    24102410              ("Out of order completion %RGp != %RGp Endpoint=%#x\n", pUrb->paTds[0].TdAddr,
    24112411               ((RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT), pUrb->EndPt));
    2412     ehciR3ReadQTD(pDevIns, qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT, &qtd);
     2412    ehciR3ReadQTD(pDevIns, (RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT, &qtd);
    24132413
    24142414    /*
     
    24612461            unsigned cbCurTransfer;
    24622462
    2463             GCPhysBuf = qtd.Buffer.Buffer[i].Pointer << EHCI_BUFFER_PTR_SHIFT;
     2463            GCPhysBuf = (RTGCPHYS)qtd.Buffer.Buffer[i].Pointer << EHCI_BUFFER_PTR_SHIFT;
    24642464            if (i == 0)
    24652465                GCPhysBuf += qtd.Buffer.Offset.Offset;
     
    26012601    ehciR3ReadQHD(pDevIns, pUrb->pHci->EdAddr, &qhd);
    26022602    Assert(pUrb->paTds[0].TdAddr == ((RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT));
    2603     ehciR3ReadQTD(pDevIns, qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT, &qtd);
     2603    ehciR3ReadQTD(pDevIns, (RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT, &qtd);
    26042604
    26052605    /*
     
    27382738            unsigned cbCurTransfer;
    27392739
    2740             GCPhysBuf = pQtd->Buffer.Buffer[i].Pointer << EHCI_BUFFER_PTR_SHIFT;
     2740            GCPhysBuf = (RTGCPHYS)pQtd->Buffer.Buffer[i].Pointer << EHCI_BUFFER_PTR_SHIFT;
    27412741            if (i == 0)
    27422742                GCPhysBuf += pQtd->Buffer.Offset.Offset;
     
    28632863                const unsigned  pg = pItd->Transaction[i].PG;
    28642864
    2865                 GCPhysBuf = pItd->Buffer.Buffer[pg].Pointer << EHCI_BUFFER_PTR_SHIFT;
     2865                GCPhysBuf = (RTGCPHYS)pItd->Buffer.Buffer[pg].Pointer << EHCI_BUFFER_PTR_SHIFT;
    28662866                GCPhysBuf += pItd->Transaction[i].Offset;
    28672867
     
    28782878                       LogRelMax(10, ("EHCI: Crossing to undefined page %d in iTD at %RGp on submit.\n", pg + 1, pUrb->paTds[0].TdAddr));
    28792879
    2880                     GCPhysBuf = pItd->Buffer.Buffer[pg + 1].Pointer << EHCI_BUFFER_PTR_SHIFT;
     2880                    GCPhysBuf = (RTGCPHYS)pItd->Buffer.Buffer[pg + 1].Pointer << EHCI_BUFFER_PTR_SHIFT;
    28812881                    ehciPhysRead(pDevIns, GCPhysBuf, &pUrb->abData[curOffset + cb1], cb2);
    28822882                }
     
    30253025    {
    30263026        EHCI_QTD qtdNext;
    3027         RTGCPHYS GCPhysNextQTD = pQhd->Overlay.OrgQTD.Next.Pointer << EHCI_TD_PTR_SHIFT;
     3027        RTGCPHYS GCPhysNextQTD = (RTGCPHYS)pQhd->Overlay.OrgQTD.Next.Pointer << EHCI_TD_PTR_SHIFT;
    30283028
    30293029        if (ehciR3IsTdInFlight(pThisCC, GCPhysNextQTD))
     
    30743074                ehciR3QHSetupOverlay(pDevIns, pQhd, GCPhysQHD, &qtd, GCPhysQTD);
    30753075            else
    3076                 Log2Func(("transfer %RGp in progress -> don't update the overlay\n", (RTGCPHYS)(pQhd->CurrQTD.Pointer << EHCI_TD_PTR_SHIFT)));
     3076                Log2Func(("transfer %RGp in progress -> don't update the overlay\n", (RTGCPHYS)pQhd->CurrQTD.Pointer << EHCI_TD_PTR_SHIFT));
    30773077
    30783078            ehciR3SubmitQTD(pDevIns, pThis, pThisCC, GCPhysQHD, pQhd, GCPhysQTD, &qtd, iFrame);
     
    31203120        Assert(qtd.AltNext.Pointer);
    31213121        Log2(("Taking alternate pointer %RGp\n", (RTGCPHYS)(qtd.AltNext.Pointer << EHCI_TD_PTR_SHIFT)));
    3122         return qtd.AltNext.Pointer << EHCI_TD_PTR_SHIFT;
     3122        return (RTGCPHYS)qtd.AltNext.Pointer << EHCI_TD_PTR_SHIFT;
    31233123    }
    31243124    else
     
    31273127        if (qtd.Next.Terminate || !qtd.Next.Pointer)
    31283128            return 0;
    3129         return qtd.Next.Pointer << EHCI_TD_PTR_SHIFT;
     3129        return (RTGCPHYS)qtd.Next.Pointer << EHCI_TD_PTR_SHIFT;
    31303130    }
    31313131}
     
    32073207    if (qhd.Overlay.OrgQTD.Token.Bits.Active)
    32083208    {
    3209         Assert(ehciR3IsTdInFlight(pThisCC, qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT));
    3210         GCPhysQTD = qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT;
     3209        Assert(ehciR3IsTdInFlight(pThisCC, (RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT));
     3210        GCPhysQTD = (RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT;
    32113211    }
    32123212    else
     
    32173217        {
    32183218            Assert(qhd.Overlay.OrgQTD.AltNext.Pointer);
    3219             Log2(("Taking alternate pointer %RGp\n", (RTGCPHYS)(qhd.Overlay.OrgQTD.AltNext.Pointer << EHCI_TD_PTR_SHIFT)));
    3220             GCPhysQTD = qhd.Overlay.OrgQTD.AltNext.Pointer << EHCI_TD_PTR_SHIFT;
     3219            Log2(("Taking alternate pointer %RGp\n", (RTGCPHYS)qhd.Overlay.OrgQTD.AltNext.Pointer << EHCI_TD_PTR_SHIFT));
     3220            GCPhysQTD = (RTGCPHYS)qhd.Overlay.OrgQTD.AltNext.Pointer << EHCI_TD_PTR_SHIFT;
    32213221        }
    32223222        else
     
    32263226                GCPhysQTD = 0;
    32273227            else
    3228                 GCPhysQTD = qhd.Overlay.OrgQTD.Next.Pointer << EHCI_TD_PTR_SHIFT;
     3228                GCPhysQTD = (RTGCPHYS)qhd.Overlay.OrgQTD.Next.Pointer << EHCI_TD_PTR_SHIFT;
    32293229        }
    32303230    }
     
    33093309
    33103310        /* next */
    3311         GCPhys = ptr.Pointer << EHCI_TD_PTR_SHIFT;
     3311        GCPhys = (RTGCPHYS)ptr.Pointer << EHCI_TD_PTR_SHIFT;
    33123312        Assert(!(GCPhys & 0x1f));
    33133313        if (   GCPhys == GCPhysHead
     
    33583358    while (!FramePtr.Terminate && (pThis->cmd & EHCI_CMD_RUN))
    33593359    {
    3360         GCPhys = FramePtr.FrameAddr << EHCI_FRAME_LIST_NEXTPTR_SHIFT;
     3360        GCPhys = (RTGCPHYS)FramePtr.FrameAddr << EHCI_FRAME_LIST_NEXTPTR_SHIFT;
    33613361        /* Process the descriptor based on its type. Note that on the periodic
    33623362         * list, HCDs may (and do) mix iTDs and qHDs more or less freely.
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette