| Message ID | 20241227104618.2526-1-tsogomonian@astralinux.ru (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] hw/misc: use extract64 instead of 1 << i | expand |
Tigran Sogomonian <tsogomonian@astralinux.ru> writes: > 1 << i is casted to uint64_t while bitwise and with val. > So this value may become 0xffffffff80000000 but only > 31th "start" bit is required. > Use the bitfield extract() API instead. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Tigran Sogomonian <tsogomonian@astralinux.ru> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
On 12/27/24 02:46, Tigran Sogomonian wrote: > 1 << i is casted to uint64_t while bitwise and with val. > So this value may become 0xffffffff80000000 but only > 31th "start" bit is required. > Use the bitfield extract() API instead. Again, I < 32. There is no overflow. The type of value is irrelevant. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Tigran Sogomonian <tsogomonian@astralinux.ru> > --- > hw/misc/mps2-fpgaio.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/misc/mps2-fpgaio.c b/hw/misc/mps2-fpgaio.c > index d07568248d..04a3da5db0 100644 > --- a/hw/misc/mps2-fpgaio.c > +++ b/hw/misc/mps2-fpgaio.c > @@ -198,7 +198,7 @@ static void mps2_fpgaio_write(void *opaque, hwaddr offset, uint64_t value, > > s->led0 = value & MAKE_64BIT_MASK(0, s->num_leds); > for (i = 0; i < s->num_leds; i++) { > - led_set_state(s->led[i], value & (1 << i)); > + led_set_state(s->led[i], extract64(value, i, 1)); > } > } > break;
diff --git a/hw/misc/mps2-fpgaio.c b/hw/misc/mps2-fpgaio.c index d07568248d..04a3da5db0 100644 --- a/hw/misc/mps2-fpgaio.c +++ b/hw/misc/mps2-fpgaio.c @@ -198,7 +198,7 @@ static void mps2_fpgaio_write(void *opaque, hwaddr offset, uint64_t value, s->led0 = value & MAKE_64BIT_MASK(0, s->num_leds); for (i = 0; i < s->num_leds; i++) { - led_set_state(s->led[i], value & (1 << i)); + led_set_state(s->led[i], extract64(value, i, 1)); } } break;
1 << i is casted to uint64_t while bitwise and with val. So this value may become 0xffffffff80000000 but only 31th "start" bit is required. Use the bitfield extract() API instead. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Tigran Sogomonian <tsogomonian@astralinux.ru> --- hw/misc/mps2-fpgaio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)