[PATCH] hw/intc/loongarch_pch_pic: Fix ubsan warning and endianness issue

qemu-trivial.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] hw/intc/loongarch_pch_pic: Fix ubsan warning and endianness issue
@ 2025-08-01  6:01 Thomas Huth
  2025-08-01  6:41 ` Bibo Mao
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Thomas Huth @ 2025-08-01  6:01 UTC (permalink / raw)
  To: Song Gao, Bibo Mao, qemu-devel; +Cc: Jiaxun Yang, qemu-trivial

From: Thomas Huth <thuth@redhat.com>

When booting the Linux kernel from tests/functional/test_loongarch64_virt.py
with a QEMU that has been compiled with --enable-ubsan, there is
a warning like this:

 .../hw/intc/loongarch_pch_pic.c:171:46: runtime error: index 512 out of
  bounds for type 'uint8_t[64]' (aka 'unsigned char[64]')
 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
  .../hw/intc/loongarch_pch_pic.c:171:46
 .../hw/intc/loongarch_pch_pic.c:175:45: runtime error: index 256 out of
  bounds for type 'uint8_t[64]' (aka 'unsigned char[64]')
 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
  .../hw/intc/loongarch_pch_pic.c:175:45

It happens because "addr" is added first before substracting the base
(PCH_PIC_HTMSI_VEC or PCH_PIC_ROUTE_ENTRY).
Additionally, this code looks like it is not endianness safe, since
it uses a 64-bit pointer to write values into an array of 8-bit values.

Thus rework the code to use the stq_le_p / ldq_le_p helpers here
and make sure that we do not create pointers with undefined behavior
by accident.

Signed-off-by: Thomas Huth <thuth@redhat.com>
---
 hw/intc/loongarch_pch_pic.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/hw/intc/loongarch_pch_pic.c b/hw/intc/loongarch_pch_pic.c
index c4b242dbf41..32f01aabf0e 100644
--- a/hw/intc/loongarch_pch_pic.c
+++ b/hw/intc/loongarch_pch_pic.c
@@ -110,10 +110,10 @@ static uint64_t pch_pic_read(void *opaque, hwaddr addr, uint64_t field_mask)
         val = s->int_polarity;
         break;
     case PCH_PIC_HTMSI_VEC ... PCH_PIC_HTMSI_VEC_END:
-        val = *(uint64_t *)(s->htmsi_vector + addr - PCH_PIC_HTMSI_VEC);
+        val = ldq_le_p(&s->htmsi_vector[addr - PCH_PIC_HTMSI_VEC]);
         break;
     case PCH_PIC_ROUTE_ENTRY ... PCH_PIC_ROUTE_ENTRY_END:
-        val = *(uint64_t *)(s->route_entry + addr - PCH_PIC_ROUTE_ENTRY);
+        val = ldq_le_p(&s->route_entry[addr - PCH_PIC_ROUTE_ENTRY]);
         break;
     default:
         qemu_log_mask(LOG_GUEST_ERROR,
@@ -129,7 +129,8 @@ static void pch_pic_write(void *opaque, hwaddr addr, uint64_t value,
 {
     LoongArchPICCommonState *s = LOONGARCH_PIC_COMMON(opaque);
     uint32_t offset;
-    uint64_t old, mask, data, *ptemp;
+    uint64_t old, mask, data;
+    void *ptemp;
 
     offset = addr & 7;
     addr -= offset;
@@ -168,12 +169,12 @@ static void pch_pic_write(void *opaque, hwaddr addr, uint64_t value,
         s->int_polarity = (s->int_polarity & ~mask) | data;
         break;
     case PCH_PIC_HTMSI_VEC ... PCH_PIC_HTMSI_VEC_END:
-        ptemp = (uint64_t *)(s->htmsi_vector + addr - PCH_PIC_HTMSI_VEC);
-        *ptemp = (*ptemp & ~mask) | data;
+        ptemp = &s->htmsi_vector[addr - PCH_PIC_HTMSI_VEC];
+        stq_le_p(ptemp, (ldq_le_p(ptemp) & ~mask) | data);
         break;
     case PCH_PIC_ROUTE_ENTRY ... PCH_PIC_ROUTE_ENTRY_END:
-        ptemp = (uint64_t *)(s->route_entry + addr - PCH_PIC_ROUTE_ENTRY);
-        *ptemp = (*ptemp & ~mask) | data;
+        ptemp = (uint64_t *)&s->route_entry[addr - PCH_PIC_ROUTE_ENTRY];
+        stq_le_p(ptemp, (ldq_le_p(ptemp) & ~mask) | data);
         break;
     default:
         qemu_log_mask(LOG_GUEST_ERROR,
-- 
2.50.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] hw/intc/loongarch_pch_pic: Fix ubsan warning and endianness issue
  2025-08-01  6:01 [PATCH] hw/intc/loongarch_pch_pic: Fix ubsan warning and endianness issue Thomas Huth
@ 2025-08-01  6:41 ` Bibo Mao
  2025-08-01  8:18 ` gaosong
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Bibo Mao @ 2025-08-01  6:41 UTC (permalink / raw)
  To: Thomas Huth, Song Gao, qemu-devel; +Cc: Jiaxun Yang, qemu-trivial



On 2025/8/1 下午2:01, Thomas Huth wrote:
> From: Thomas Huth <thuth@redhat.com>
> 
> When booting the Linux kernel from tests/functional/test_loongarch64_virt.py
> with a QEMU that has been compiled with --enable-ubsan, there is
> a warning like this:
> 
>   .../hw/intc/loongarch_pch_pic.c:171:46: runtime error: index 512 out of
>    bounds for type 'uint8_t[64]' (aka 'unsigned char[64]')
>   SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
>    .../hw/intc/loongarch_pch_pic.c:171:46
>   .../hw/intc/loongarch_pch_pic.c:175:45: runtime error: index 256 out of
>    bounds for type 'uint8_t[64]' (aka 'unsigned char[64]')
>   SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
>    .../hw/intc/loongarch_pch_pic.c:175:45
> 
> It happens because "addr" is added first before substracting the base
> (PCH_PIC_HTMSI_VEC or PCH_PIC_ROUTE_ENTRY).
> Additionally, this code looks like it is not endianness safe, since
> it uses a 64-bit pointer to write values into an array of 8-bit values.
> 
> Thus rework the code to use the stq_le_p / ldq_le_p helpers here
> and make sure that we do not create pointers with undefined behavior
> by accident.
> 
> Signed-off-by: Thomas Huth <thuth@redhat.com>
> ---
>   hw/intc/loongarch_pch_pic.c | 15 ++++++++-------
>   1 file changed, 8 insertions(+), 7 deletions(-)
> 
> diff --git a/hw/intc/loongarch_pch_pic.c b/hw/intc/loongarch_pch_pic.c
> index c4b242dbf41..32f01aabf0e 100644
> --- a/hw/intc/loongarch_pch_pic.c
> +++ b/hw/intc/loongarch_pch_pic.c
> @@ -110,10 +110,10 @@ static uint64_t pch_pic_read(void *opaque, hwaddr addr, uint64_t field_mask)
>           val = s->int_polarity;
>           break;
>       case PCH_PIC_HTMSI_VEC ... PCH_PIC_HTMSI_VEC_END:
> -        val = *(uint64_t *)(s->htmsi_vector + addr - PCH_PIC_HTMSI_VEC);
> +        val = ldq_le_p(&s->htmsi_vector[addr - PCH_PIC_HTMSI_VEC]);
>           break;
>       case PCH_PIC_ROUTE_ENTRY ... PCH_PIC_ROUTE_ENTRY_END:
> -        val = *(uint64_t *)(s->route_entry + addr - PCH_PIC_ROUTE_ENTRY);
> +        val = ldq_le_p(&s->route_entry[addr - PCH_PIC_ROUTE_ENTRY]);
>           break;
>       default:
>           qemu_log_mask(LOG_GUEST_ERROR,
> @@ -129,7 +129,8 @@ static void pch_pic_write(void *opaque, hwaddr addr, uint64_t value,
>   {
>       LoongArchPICCommonState *s = LOONGARCH_PIC_COMMON(opaque);
>       uint32_t offset;
> -    uint64_t old, mask, data, *ptemp;
> +    uint64_t old, mask, data;
> +    void *ptemp;
>   
>       offset = addr & 7;
>       addr -= offset;
> @@ -168,12 +169,12 @@ static void pch_pic_write(void *opaque, hwaddr addr, uint64_t value,
>           s->int_polarity = (s->int_polarity & ~mask) | data;
>           break;
>       case PCH_PIC_HTMSI_VEC ... PCH_PIC_HTMSI_VEC_END:
> -        ptemp = (uint64_t *)(s->htmsi_vector + addr - PCH_PIC_HTMSI_VEC);
> -        *ptemp = (*ptemp & ~mask) | data;
> +        ptemp = &s->htmsi_vector[addr - PCH_PIC_HTMSI_VEC];
> +        stq_le_p(ptemp, (ldq_le_p(ptemp) & ~mask) | data);
>           break;
>       case PCH_PIC_ROUTE_ENTRY ... PCH_PIC_ROUTE_ENTRY_END:
> -        ptemp = (uint64_t *)(s->route_entry + addr - PCH_PIC_ROUTE_ENTRY);
> -        *ptemp = (*ptemp & ~mask) | data;
> +        ptemp = (uint64_t *)&s->route_entry[addr - PCH_PIC_ROUTE_ENTRY];
> +        stq_le_p(ptemp, (ldq_le_p(ptemp) & ~mask) | data);
>           break;
>       default:
>           qemu_log_mask(LOG_GUEST_ERROR,
> 
Reviewed-by: Bibo Mao <maobibo@loongson.cn>



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] hw/intc/loongarch_pch_pic: Fix ubsan warning and endianness issue
  2025-08-01  6:01 [PATCH] hw/intc/loongarch_pch_pic: Fix ubsan warning and endianness issue Thomas Huth
  2025-08-01  6:41 ` Bibo Mao
@ 2025-08-01  8:18 ` gaosong
  2025-08-05 18:26 ` Michael Tokarev
  2025-08-06  6:41 ` Philippe Mathieu-Daudé
  3 siblings, 0 replies; 5+ messages in thread
From: gaosong @ 2025-08-01  8:18 UTC (permalink / raw)
  To: Thomas Huth, Bibo Mao, qemu-devel; +Cc: Jiaxun Yang, qemu-trivial

在 2025/8/1 下午2:01, Thomas Huth 写道:
> From: Thomas Huth <thuth@redhat.com>
>
> When booting the Linux kernel from tests/functional/test_loongarch64_virt.py
> with a QEMU that has been compiled with --enable-ubsan, there is
> a warning like this:
>
>   .../hw/intc/loongarch_pch_pic.c:171:46: runtime error: index 512 out of
>    bounds for type 'uint8_t[64]' (aka 'unsigned char[64]')
>   SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
>    .../hw/intc/loongarch_pch_pic.c:171:46
>   .../hw/intc/loongarch_pch_pic.c:175:45: runtime error: index 256 out of
>    bounds for type 'uint8_t[64]' (aka 'unsigned char[64]')
>   SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
>    .../hw/intc/loongarch_pch_pic.c:175:45
>
> It happens because "addr" is added first before substracting the base
> (PCH_PIC_HTMSI_VEC or PCH_PIC_ROUTE_ENTRY).
> Additionally, this code looks like it is not endianness safe, since
> it uses a 64-bit pointer to write values into an array of 8-bit values.
>
> Thus rework the code to use the stq_le_p / ldq_le_p helpers here
> and make sure that we do not create pointers with undefined behavior
> by accident.
>
> Signed-off-by: Thomas Huth <thuth@redhat.com>
> ---
>   hw/intc/loongarch_pch_pic.c | 15 ++++++++-------
>   1 file changed, 8 insertions(+), 7 deletions(-)
Tested-by: Song Gao <gaosong@loongson.cn>

Thanks.
Song Gao
> diff --git a/hw/intc/loongarch_pch_pic.c b/hw/intc/loongarch_pch_pic.c
> index c4b242dbf41..32f01aabf0e 100644
> --- a/hw/intc/loongarch_pch_pic.c
> +++ b/hw/intc/loongarch_pch_pic.c
> @@ -110,10 +110,10 @@ static uint64_t pch_pic_read(void *opaque, hwaddr addr, uint64_t field_mask)
>           val = s->int_polarity;
>           break;
>       case PCH_PIC_HTMSI_VEC ... PCH_PIC_HTMSI_VEC_END:
> -        val = *(uint64_t *)(s->htmsi_vector + addr - PCH_PIC_HTMSI_VEC);
> +        val = ldq_le_p(&s->htmsi_vector[addr - PCH_PIC_HTMSI_VEC]);
>           break;
>       case PCH_PIC_ROUTE_ENTRY ... PCH_PIC_ROUTE_ENTRY_END:
> -        val = *(uint64_t *)(s->route_entry + addr - PCH_PIC_ROUTE_ENTRY);
> +        val = ldq_le_p(&s->route_entry[addr - PCH_PIC_ROUTE_ENTRY]);
>           break;
>       default:
>           qemu_log_mask(LOG_GUEST_ERROR,
> @@ -129,7 +129,8 @@ static void pch_pic_write(void *opaque, hwaddr addr, uint64_t value,
>   {
>       LoongArchPICCommonState *s = LOONGARCH_PIC_COMMON(opaque);
>       uint32_t offset;
> -    uint64_t old, mask, data, *ptemp;
> +    uint64_t old, mask, data;
> +    void *ptemp;
>   
>       offset = addr & 7;
>       addr -= offset;
> @@ -168,12 +169,12 @@ static void pch_pic_write(void *opaque, hwaddr addr, uint64_t value,
>           s->int_polarity = (s->int_polarity & ~mask) | data;
>           break;
>       case PCH_PIC_HTMSI_VEC ... PCH_PIC_HTMSI_VEC_END:
> -        ptemp = (uint64_t *)(s->htmsi_vector + addr - PCH_PIC_HTMSI_VEC);
> -        *ptemp = (*ptemp & ~mask) | data;
> +        ptemp = &s->htmsi_vector[addr - PCH_PIC_HTMSI_VEC];
> +        stq_le_p(ptemp, (ldq_le_p(ptemp) & ~mask) | data);
>           break;
>       case PCH_PIC_ROUTE_ENTRY ... PCH_PIC_ROUTE_ENTRY_END:
> -        ptemp = (uint64_t *)(s->route_entry + addr - PCH_PIC_ROUTE_ENTRY);
> -        *ptemp = (*ptemp & ~mask) | data;
> +        ptemp = (uint64_t *)&s->route_entry[addr - PCH_PIC_ROUTE_ENTRY];
> +        stq_le_p(ptemp, (ldq_le_p(ptemp) & ~mask) | data);
>           break;
>       default:
>           qemu_log_mask(LOG_GUEST_ERROR,



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] hw/intc/loongarch_pch_pic: Fix ubsan warning and endianness issue
  2025-08-01  6:01 [PATCH] hw/intc/loongarch_pch_pic: Fix ubsan warning and endianness issue Thomas Huth
  2025-08-01  6:41 ` Bibo Mao
  2025-08-01  8:18 ` gaosong
@ 2025-08-05 18:26 ` Michael Tokarev
  2025-08-06  6:41 ` Philippe Mathieu-Daudé
  3 siblings, 0 replies; 5+ messages in thread
From: Michael Tokarev @ 2025-08-05 18:26 UTC (permalink / raw)
  To: Thomas Huth, Song Gao, Bibo Mao, qemu-devel; +Cc: Jiaxun Yang, qemu-trivial

On 01.08.2025 09:01, Thomas Huth wrote:
> From: Thomas Huth <thuth@redhat.com>
> 
> When booting the Linux kernel from tests/functional/test_loongarch64_virt.py
> with a QEMU that has been compiled with --enable-ubsan, there is
> a warning like this:
> 
>   .../hw/intc/loongarch_pch_pic.c:171:46: runtime error: index 512 out of
>    bounds for type 'uint8_t[64]' (aka 'unsigned char[64]')
>   SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
>    .../hw/intc/loongarch_pch_pic.c:171:46
>   .../hw/intc/loongarch_pch_pic.c:175:45: runtime error: index 256 out of
>    bounds for type 'uint8_t[64]' (aka 'unsigned char[64]')
>   SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
>    .../hw/intc/loongarch_pch_pic.c:175:45
> 
> It happens because "addr" is added first before substracting the base
> (PCH_PIC_HTMSI_VEC or PCH_PIC_ROUTE_ENTRY).
> Additionally, this code looks like it is not endianness safe, since
> it uses a 64-bit pointer to write values into an array of 8-bit values.
> 
> Thus rework the code to use the stq_le_p / ldq_le_p helpers here
> and make sure that we do not create pointers with undefined behavior
> by accident.
> 
> Signed-off-by: Thomas Huth <thuth@redhat.com>

Queued to trivial-patches, thank you!

/mjt


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] hw/intc/loongarch_pch_pic: Fix ubsan warning and endianness issue
  2025-08-01  6:01 [PATCH] hw/intc/loongarch_pch_pic: Fix ubsan warning and endianness issue Thomas Huth
                   ` (2 preceding siblings ...)
  2025-08-05 18:26 ` Michael Tokarev
@ 2025-08-06  6:41 ` Philippe Mathieu-Daudé
  3 siblings, 0 replies; 5+ messages in thread
From: Philippe Mathieu-Daudé @ 2025-08-06  6:41 UTC (permalink / raw)
  To: Thomas Huth, Song Gao, Bibo Mao, qemu-devel; +Cc: Jiaxun Yang, qemu-trivial

On 1/8/25 08:01, Thomas Huth wrote:
> From: Thomas Huth <thuth@redhat.com>
> 
> When booting the Linux kernel from tests/functional/test_loongarch64_virt.py
> with a QEMU that has been compiled with --enable-ubsan, there is
> a warning like this:
> 
>   .../hw/intc/loongarch_pch_pic.c:171:46: runtime error: index 512 out of
>    bounds for type 'uint8_t[64]' (aka 'unsigned char[64]')
>   SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
>    .../hw/intc/loongarch_pch_pic.c:171:46
>   .../hw/intc/loongarch_pch_pic.c:175:45: runtime error: index 256 out of
>    bounds for type 'uint8_t[64]' (aka 'unsigned char[64]')
>   SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
>    .../hw/intc/loongarch_pch_pic.c:175:45
> 
> It happens because "addr" is added first before substracting the base
> (PCH_PIC_HTMSI_VEC or PCH_PIC_ROUTE_ENTRY).
> Additionally, this code looks like it is not endianness safe, since
> it uses a 64-bit pointer to write values into an array of 8-bit values.
> 
> Thus rework the code to use the stq_le_p / ldq_le_p helpers here
> and make sure that we do not create pointers with undefined behavior
> by accident.
> 
> Signed-off-by: Thomas Huth <thuth@redhat.com>
> ---
>   hw/intc/loongarch_pch_pic.c | 15 ++++++++-------
>   1 file changed, 8 insertions(+), 7 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2025-08-06  6:41 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-01  6:01 [PATCH] hw/intc/loongarch_pch_pic: Fix ubsan warning and endianness issue Thomas Huth
2025-08-01  6:41 ` Bibo Mao
2025-08-01  8:18 ` gaosong
2025-08-05 18:26 ` Michael Tokarev
2025-08-06  6:41 ` Philippe Mathieu-Daudé

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).