* [PATCH v2] target/loongarch: fix bad shift in check_ps()
@ 2025-03-21 1:13 Song Gao
2025-03-21 2:12 ` bibo mao
0 siblings, 1 reply; 2+ messages in thread
From: Song Gao @ 2025-03-21 1:13 UTC (permalink / raw)
To: qemu-devel, peter.maydell, maobibo; +Cc: richard.henderson, stefanha
In expression 1ULL << tlb_ps, left shifting by more than 63 bits has undefined behavior.
The shift amount, tlb_ps, is as much as 64. check "tlb_ps >=64" to fix.
Resolves: Coverity CID 1593475
Fixes: d882c284a3 ("target/loongarch: check tlb_ps")
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Song Gao <gaosong@loongson.cn>
---
v2: define parameter tlb_ps as uint type
target/loongarch/internals.h | 2 +-
target/loongarch/tcg/csr_helper.c | 2 +-
target/loongarch/tcg/tlb_helper.c | 10 +++++-----
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/target/loongarch/internals.h b/target/loongarch/internals.h
index 1cd959a766..9fdc3059d8 100644
--- a/target/loongarch/internals.h
+++ b/target/loongarch/internals.h
@@ -43,7 +43,7 @@ enum {
TLBRET_PE = 7,
};
-bool check_ps(CPULoongArchState *ent, int ps);
+bool check_ps(CPULoongArchState *ent, uint8_t ps);
extern const VMStateDescription vmstate_loongarch_cpu;
diff --git a/target/loongarch/tcg/csr_helper.c b/target/loongarch/tcg/csr_helper.c
index 379c71e741..6a7a65c860 100644
--- a/target/loongarch/tcg/csr_helper.c
+++ b/target/loongarch/tcg/csr_helper.c
@@ -115,7 +115,7 @@ target_ulong helper_csrwr_ticlr(CPULoongArchState *env, target_ulong val)
target_ulong helper_csrwr_pwcl(CPULoongArchState *env, target_ulong val)
{
- int shift, ptbase;
+ uint8_t shift, ptbase;
int64_t old_v = env->CSR_PWCL;
/*
diff --git a/target/loongarch/tcg/tlb_helper.c b/target/loongarch/tcg/tlb_helper.c
index 646dbf59de..bd8081e886 100644
--- a/target/loongarch/tcg/tlb_helper.c
+++ b/target/loongarch/tcg/tlb_helper.c
@@ -19,12 +19,12 @@
#include "exec/log.h"
#include "cpu-csr.h"
-bool check_ps(CPULoongArchState *env, int tlb_ps)
+bool check_ps(CPULoongArchState *env, uint8_t tlb_ps)
{
- if (tlb_ps > 64) {
- return false;
- }
- return BIT_ULL(tlb_ps) & (env->CSR_PRCFG2);
+ if (tlb_ps >= 64) {
+ return false;
+ }
+ return BIT_ULL(tlb_ps) & (env->CSR_PRCFG2);
}
void get_dir_base_width(CPULoongArchState *env, uint64_t *dir_base,
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v2] target/loongarch: fix bad shift in check_ps()
2025-03-21 1:13 [PATCH v2] target/loongarch: fix bad shift in check_ps() Song Gao
@ 2025-03-21 2:12 ` bibo mao
0 siblings, 0 replies; 2+ messages in thread
From: bibo mao @ 2025-03-21 2:12 UTC (permalink / raw)
To: Song Gao, qemu-devel, peter.maydell; +Cc: richard.henderson, stefanha
On 2025/3/21 上午9:13, Song Gao wrote:
> In expression 1ULL << tlb_ps, left shifting by more than 63 bits has undefined behavior.
> The shift amount, tlb_ps, is as much as 64. check "tlb_ps >=64" to fix.
>
> Resolves: Coverity CID 1593475
>
> Fixes: d882c284a3 ("target/loongarch: check tlb_ps")
> Suggested-by: Peter Maydell <peter.maydell@linaro.org>
> Signed-off-by: Song Gao <gaosong@loongson.cn>
> ---
> v2: define parameter tlb_ps as uint type
>
> target/loongarch/internals.h | 2 +-
> target/loongarch/tcg/csr_helper.c | 2 +-
> target/loongarch/tcg/tlb_helper.c | 10 +++++-----
> 3 files changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/target/loongarch/internals.h b/target/loongarch/internals.h
> index 1cd959a766..9fdc3059d8 100644
> --- a/target/loongarch/internals.h
> +++ b/target/loongarch/internals.h
> @@ -43,7 +43,7 @@ enum {
> TLBRET_PE = 7,
> };
>
> -bool check_ps(CPULoongArchState *ent, int ps);
> +bool check_ps(CPULoongArchState *ent, uint8_t ps);
>
> extern const VMStateDescription vmstate_loongarch_cpu;
>
> diff --git a/target/loongarch/tcg/csr_helper.c b/target/loongarch/tcg/csr_helper.c
> index 379c71e741..6a7a65c860 100644
> --- a/target/loongarch/tcg/csr_helper.c
> +++ b/target/loongarch/tcg/csr_helper.c
> @@ -115,7 +115,7 @@ target_ulong helper_csrwr_ticlr(CPULoongArchState *env, target_ulong val)
>
> target_ulong helper_csrwr_pwcl(CPULoongArchState *env, target_ulong val)
> {
> - int shift, ptbase;
> + uint8_t shift, ptbase;
> int64_t old_v = env->CSR_PWCL;
>
> /*
> diff --git a/target/loongarch/tcg/tlb_helper.c b/target/loongarch/tcg/tlb_helper.c
> index 646dbf59de..bd8081e886 100644
> --- a/target/loongarch/tcg/tlb_helper.c
> +++ b/target/loongarch/tcg/tlb_helper.c
> @@ -19,12 +19,12 @@
> #include "exec/log.h"
> #include "cpu-csr.h"
>
> -bool check_ps(CPULoongArchState *env, int tlb_ps)
> +bool check_ps(CPULoongArchState *env, uint8_t tlb_ps)
> {
> - if (tlb_ps > 64) {
> - return false;
> - }
> - return BIT_ULL(tlb_ps) & (env->CSR_PRCFG2);
> + if (tlb_ps >= 64) {
> + return false;
> + }
> + return BIT_ULL(tlb_ps) & (env->CSR_PRCFG2);
> }
>
> void get_dir_base_width(CPULoongArchState *env, uint64_t *dir_base,
>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-03-21 2:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-21 1:13 [PATCH v2] target/loongarch: fix bad shift in check_ps() Song Gao
2025-03-21 2:12 ` bibo mao
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).