On Thu, Aug 1, 2019 at 10:16 PM Richard Henderson <richard.hender...@linaro.org> wrote: > > On 7/31/19 6:53 PM, Bin Meng wrote: > > I am not sure how (idx * ptesize) could overflow. It represents the > > offset by a page table which is [0, 4096). > > You're right, I mis-read what was going on there. > > However, lower down, "target_ulong ppn" needs to be promoted to hwaddr, so > that > > ppn = pte >> PTE_PPN_SHIFT; > ... > base = ppn << PGSHIFT; > > does not overflow. (Which is the part of the page table walk that I thought I > had gleaned from the patch without actually reading the entire function.)
Ah, yes. ppn should be promoted. Thanks for the review! Regards, Bin
