diff options
author | Jan Beulich <jbeulich@suse.com> | 2013-10-14 08:52:18 +0200 |
---|---|---|
committer | Jan Beulich <jbeulich@suse.com> | 2013-10-14 08:52:18 +0200 |
commit | 48830988a28b7fb1eed225354e25572aa955749a (patch) | |
tree | ebee9a7401eaf927075a28ec85debbf18627cd80 | |
parent | 1a510f3c447452006fa2a661b387fdc5410c41d5 (diff) | |
download | xen-48830988a28b7fb1eed225354e25572aa955749a.tar.gz xen-48830988a28b7fb1eed225354e25572aa955749a.tar.bz2 xen-48830988a28b7fb1eed225354e25572aa955749a.zip |
x86: fix bug_line()
Due to the packing into a bit field together with a relocated field,
the computation can overflow when the relocated field ends up getting a
negative value stored. Hence it isn't sufficient to correct the value
by 1 in this case, but we also need to mask the result to the width of
the original bit field.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
-rw-r--r-- | xen/include/asm-x86/bug.h | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/xen/include/asm-x86/bug.h b/xen/include/asm-x86/bug.h index 956bfd231f..cd862e31a2 100644 --- a/xen/include/asm-x86/bug.h +++ b/xen/include/asm-x86/bug.h @@ -15,9 +15,11 @@ struct bug_frame { #define bug_loc(b) ((const void *)(b) + (b)->loc_disp) #define bug_ptr(b) ((const void *)(b) + (b)->ptr_disp) -#define bug_line(b) ((((b)->line_hi + ((b)->loc_disp < 0)) << \ +#define bug_line(b) (((((b)->line_hi + ((b)->loc_disp < 0)) & \ + ((1 << BUG_LINE_HI_WIDTH) - 1)) << \ BUG_LINE_LO_WIDTH) + \ - (b)->line_lo + ((b)->ptr_disp < 0)) + (((b)->line_lo + ((b)->ptr_disp < 0)) & \ + ((1 << BUG_LINE_LO_WIDTH) - 1))) #define bug_msg(b) ((const char *)(b) + (b)->msg_disp[1]) #define BUGFRAME_run_fn 0 |