| Message ID | 20250321011358.463630-1-gaosong@loongson.cn (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] target/loongarch: fix bad shift in check_ps() | expand |
On 2025/3/21 上午9:13, Song Gao wrote: > In expression 1ULL << tlb_ps, left shifting by more than 63 bits has undefined behavior. > The shift amount, tlb_ps, is as much as 64. check "tlb_ps >=64" to fix. > > Resolves: Coverity CID 1593475 > > Fixes: d882c284a3 ("target/loongarch: check tlb_ps") > Suggested-by: Peter Maydell <peter.maydell@linaro.org> > Signed-off-by: Song Gao <gaosong@loongson.cn> > --- > v2: define parameter tlb_ps as uint type > > target/loongarch/internals.h | 2 +- > target/loongarch/tcg/csr_helper.c | 2 +- > target/loongarch/tcg/tlb_helper.c | 10 +++++----- > 3 files changed, 7 insertions(+), 7 deletions(-) > > diff --git a/target/loongarch/internals.h b/target/loongarch/internals.h > index 1cd959a766..9fdc3059d8 100644 > --- a/target/loongarch/internals.h > +++ b/target/loongarch/internals.h > @@ -43,7 +43,7 @@ enum { > TLBRET_PE = 7, > }; > > -bool check_ps(CPULoongArchState *ent, int ps); > +bool check_ps(CPULoongArchState *ent, uint8_t ps); > > extern const VMStateDescription vmstate_loongarch_cpu; > > diff --git a/target/loongarch/tcg/csr_helper.c b/target/loongarch/tcg/csr_helper.c > index 379c71e741..6a7a65c860 100644 > --- a/target/loongarch/tcg/csr_helper.c > +++ b/target/loongarch/tcg/csr_helper.c > @@ -115,7 +115,7 @@ target_ulong helper_csrwr_ticlr(CPULoongArchState *env, target_ulong val) > > target_ulong helper_csrwr_pwcl(CPULoongArchState *env, target_ulong val) > { > - int shift, ptbase; > + uint8_t shift, ptbase; > int64_t old_v = env->CSR_PWCL; > > /* > diff --git a/target/loongarch/tcg/tlb_helper.c b/target/loongarch/tcg/tlb_helper.c > index 646dbf59de..bd8081e886 100644 > --- a/target/loongarch/tcg/tlb_helper.c > +++ b/target/loongarch/tcg/tlb_helper.c > @@ -19,12 +19,12 @@ > #include "exec/log.h" > #include "cpu-csr.h" > > -bool check_ps(CPULoongArchState *env, int tlb_ps) > +bool check_ps(CPULoongArchState *env, uint8_t tlb_ps) > { > - if (tlb_ps > 64) { > - return false; > - } > - return BIT_ULL(tlb_ps) & (env->CSR_PRCFG2); > + if (tlb_ps >= 64) { > + return false; > + } > + return BIT_ULL(tlb_ps) & (env->CSR_PRCFG2); > } > > void get_dir_base_width(CPULoongArchState *env, uint64_t *dir_base, > Reviewed-by: Bibo Mao <maobibo@loongson.cn>
diff --git a/target/loongarch/internals.h b/target/loongarch/internals.h index 1cd959a766..9fdc3059d8 100644 --- a/target/loongarch/internals.h +++ b/target/loongarch/internals.h @@ -43,7 +43,7 @@ enum { TLBRET_PE = 7, }; -bool check_ps(CPULoongArchState *ent, int ps); +bool check_ps(CPULoongArchState *ent, uint8_t ps); extern const VMStateDescription vmstate_loongarch_cpu; diff --git a/target/loongarch/tcg/csr_helper.c b/target/loongarch/tcg/csr_helper.c index 379c71e741..6a7a65c860 100644 --- a/target/loongarch/tcg/csr_helper.c +++ b/target/loongarch/tcg/csr_helper.c @@ -115,7 +115,7 @@ target_ulong helper_csrwr_ticlr(CPULoongArchState *env, target_ulong val) target_ulong helper_csrwr_pwcl(CPULoongArchState *env, target_ulong val) { - int shift, ptbase; + uint8_t shift, ptbase; int64_t old_v = env->CSR_PWCL; /* diff --git a/target/loongarch/tcg/tlb_helper.c b/target/loongarch/tcg/tlb_helper.c index 646dbf59de..bd8081e886 100644 --- a/target/loongarch/tcg/tlb_helper.c +++ b/target/loongarch/tcg/tlb_helper.c @@ -19,12 +19,12 @@ #include "exec/log.h" #include "cpu-csr.h" -bool check_ps(CPULoongArchState *env, int tlb_ps) +bool check_ps(CPULoongArchState *env, uint8_t tlb_ps) { - if (tlb_ps > 64) { - return false; - } - return BIT_ULL(tlb_ps) & (env->CSR_PRCFG2); + if (tlb_ps >= 64) { + return false; + } + return BIT_ULL(tlb_ps) & (env->CSR_PRCFG2); } void get_dir_base_width(CPULoongArchState *env, uint64_t *dir_base,
In expression 1ULL << tlb_ps, left shifting by more than 63 bits has undefined behavior. The shift amount, tlb_ps, is as much as 64. check "tlb_ps >=64" to fix. Resolves: Coverity CID 1593475 Fixes: d882c284a3 ("target/loongarch: check tlb_ps") Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Song Gao <gaosong@loongson.cn> --- v2: define parameter tlb_ps as uint type target/loongarch/internals.h | 2 +- target/loongarch/tcg/csr_helper.c | 2 +- target/loongarch/tcg/tlb_helper.c | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-)