On 7/31/19 6:53 PM, Bin Meng wrote: > I am not sure how (idx * ptesize) could overflow. It represents the > offset by a page table which is [0, 4096).
You're right, I mis-read what was going on there.
However, lower down, "target_ulong ppn" needs to be promoted to hwaddr, so that
ppn = pte >> PTE_PPN_SHIFT;
...
base = ppn << PGSHIFT;
does not overflow. (Which is the part of the page table walk that I thought I
had gleaned from the patch without actually reading the entire function.)
r~
