rtl8139: fix regression in TxStatus/TxAddr read

Commit afe0a595356192 added byte reads for TxStatus/TxAddr, but
broke 32-bit reads; the mask generation

   (1 << (8 * size)) - 1

is unspecified in C for size >= sizeof(int), and in fact returns 0
on x86.

Fix by using a larger type.

Fixes (at least) Fedora 9 i386 with -machine kernel_irqchip=on.  I
didn't see it with the qemu APIC implementation; may be due to timing
or (more likely) a tester error.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

diff --git a/hw/rtl8139.c b/hw/rtl8139.c
index 4d0f5ba5183e866c4661edc74ae98bf8cc195843..eb22d04fad829e89ffdd71d2bf6ec6b7f909e08f 100644 (file)
--- a/hw/rtl8139.c
+++ b/hw/rtl8139.c
@@ -2500,7 +2500,7 @@ static uint32_t rtl8139_TxStatus_TxAddr_read(RTL8139State *s, uint32_t regs[],
     case 1: /* fall through */
     case 2: /* fall through */
     case 4:
-        ret = (regs[reg] >> offset * 8) & ((1 << (size * 8)) - 1);
+        ret = (regs[reg] >> offset * 8) & (((uint64_t)1 << (size * 8)) - 1);
         DPRINTF("TxStatus/TxAddr[%d] read addr=0x%x size=0x%x val=0x%08x\n",
                 reg, addr, size, ret);
         break;