From nobody Thu May 2 01:50:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1584364597; cv=none; d=zohomail.com; s=zohoarc; b=kzegh82CXUAKuenfQSfYHwV2+8s7i7AUHvfnBXuBA9QDXULW5Ex7SXsc3dcLJBcoU+2ehIB6lOukkISgoJmyrxjNBBmVTThizYTaGS5Gb2AEPVEGZFJHj3W4w3Ee22clEZ/ekEreD4XdHcPPIR+sOsMs4k3Zuzmrx+R/v3U0HUA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1584364597; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=skyWE2GnHmKys6Aq127GgByscB1UlS1OBRJO9YYFl8A=; b=ePumPJYtGfZ/mUQqinHhnjvnte/mBQqgopGneNG6lSV1AL+1CppFrAfOhhCQeQS1UFfyyCs/UIuI4H7en/aa2c2Q7eykWG1oj66EO8R6d8r4bmTH1TgPseMzX2VzlXkvEjXWqLiIYn1xJ42NrOBB6MOrcdQs3C66ehhXr2TEq9U= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1584364597385747.2518530232536; Mon, 16 Mar 2020 06:16:37 -0700 (PDT) Received: from localhost ([::1]:38302 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jDpbf-0005D1-OB for importer@patchew.org; Mon, 16 Mar 2020 09:16:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42086) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jDo7j-00060Q-V8 for qemu-devel@nongnu.org; Mon, 16 Mar 2020 07:41:38 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jDo7i-0002EO-EX for qemu-devel@nongnu.org; Mon, 16 Mar 2020 07:41:35 -0400 Received: from szxga04-in.huawei.com ([45.249.212.190]:3205 helo=huawei.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jDo7h-00015Z-W8 for qemu-devel@nongnu.org; Mon, 16 Mar 2020 07:41:34 -0400 Received: from DGGEMS405-HUB.china.huawei.com (unknown [172.30.72.60]) by Forcepoint Email with ESMTP id 0A6A62163B4CE083E49F; Mon, 16 Mar 2020 19:41:26 +0800 (CST) Received: from huawei.com (10.133.201.158) by DGGEMS405-HUB.china.huawei.com (10.3.19.205) with Microsoft SMTP Server id 14.3.487.0; Mon, 16 Mar 2020 19:41:18 +0800 From: Yifei Jiang To: Subject: [PATCH 1/2] tcg: avoid integer overflow Date: Mon, 16 Mar 2020 19:40:49 +0800 Message-ID: <20200316114050.3167-2-jiangyifei@huawei.com> X-Mailer: git-send-email 2.23.0.windows.1 In-Reply-To: <20200316114050.3167-1-jiangyifei@huawei.com> References: <20200316114050.3167-1-jiangyifei@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.133.201.158] X-CFilter-Loop: Reflected Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 45.249.212.190 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: zhang.zhanghailiang@huawei.com, limingwang@huawei.com, victor.zhangxiaofeng@huawei.com, Yifei Jiang , Euler Robot , pbonzini@redhat.com, rth@twiddle.net, dengkai1@huawei.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" This fixes coverity issues 75234842, etc.,: 2221 tcg_gen_andi_i64(t, t, dup_const(vece, 1)); CID 75234842: (OVERFLOW_BEFORE_WIDEN) 2222. overflow_before_widen: Potentially overflowing expression "1 << n= bit" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic= , and then used in a context that expects an expression of type "int64_t" (= 64 bits, signed). 2222 tcg_gen_muli_i64(t, t, (1 << nbit) - 1); Signed-off-by: Yifei Jiang Signed-off-by: Mingwang Li Reported-by: Euler Robot --- tcg/tcg-op-gvec.c | 18 +++++++++--------- tcg/tcg-op-vec.c | 4 ++-- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/tcg/tcg-op-gvec.c b/tcg/tcg-op-gvec.c index 327d9588e0..3aeb049a46 100644 --- a/tcg/tcg-op-gvec.c +++ b/tcg/tcg-op-gvec.c @@ -2219,7 +2219,7 @@ static void gen_absv_mask(TCGv_i64 d, TCGv_i64 b, uns= igned vece) /* Create -1 for each negative element. */ tcg_gen_shri_i64(t, b, nbit - 1); tcg_gen_andi_i64(t, t, dup_const(vece, 1)); - tcg_gen_muli_i64(t, t, (1 << nbit) - 1); + tcg_gen_muli_i64(t, t, ((int64_t)1 << nbit) - 1); =20 /* * Invert (via xor -1) and add one (via sub -1). @@ -2528,7 +2528,7 @@ void tcg_gen_gvec_shli(unsigned vece, uint32_t dofs, = uint32_t aofs, }; =20 tcg_debug_assert(vece <=3D MO_64); - tcg_debug_assert(shift >=3D 0 && shift < (8 << vece)); + tcg_debug_assert(shift >=3D 0 && shift < ((int64_t)8 << vece)); if (shift =3D=3D 0) { tcg_gen_gvec_mov(vece, dofs, aofs, oprsz, maxsz); } else { @@ -2579,7 +2579,7 @@ void tcg_gen_gvec_shri(unsigned vece, uint32_t dofs, = uint32_t aofs, }; =20 tcg_debug_assert(vece <=3D MO_64); - tcg_debug_assert(shift >=3D 0 && shift < (8 << vece)); + tcg_debug_assert(shift >=3D 0 && shift < ((int64_t)8 << vece)); if (shift =3D=3D 0) { tcg_gen_gvec_mov(vece, dofs, aofs, oprsz, maxsz); } else { @@ -2595,7 +2595,7 @@ void tcg_gen_vec_sar8i_i64(TCGv_i64 d, TCGv_i64 a, in= t64_t c) =20 tcg_gen_shri_i64(d, a, c); tcg_gen_andi_i64(s, d, s_mask); /* isolate (shifted) sign bit */ - tcg_gen_muli_i64(s, s, (2 << c) - 2); /* replicate isolated signs */ + tcg_gen_muli_i64(s, s, ((int64_t)2 << c) - 2); /* replicate isolated s= igns */ tcg_gen_andi_i64(d, d, c_mask); /* clear out bits above sign */ tcg_gen_or_i64(d, d, s); /* include sign extension */ tcg_temp_free_i64(s); @@ -2610,7 +2610,7 @@ void tcg_gen_vec_sar16i_i64(TCGv_i64 d, TCGv_i64 a, i= nt64_t c) tcg_gen_shri_i64(d, a, c); tcg_gen_andi_i64(s, d, s_mask); /* isolate (shifted) sign bit */ tcg_gen_andi_i64(d, d, c_mask); /* clear out bits above sign */ - tcg_gen_muli_i64(s, s, (2 << c) - 2); /* replicate isolated signs */ + tcg_gen_muli_i64(s, s, ((int64_t)2 << c) - 2); /* replicate isolated s= igns */ tcg_gen_or_i64(d, d, s); /* include sign extension */ tcg_temp_free_i64(s); } @@ -2644,7 +2644,7 @@ void tcg_gen_gvec_sari(unsigned vece, uint32_t dofs, = uint32_t aofs, }; =20 tcg_debug_assert(vece <=3D MO_64); - tcg_debug_assert(shift >=3D 0 && shift < (8 << vece)); + tcg_debug_assert(shift >=3D 0 && shift < ((int64_t)8 << vece)); if (shift =3D=3D 0) { tcg_gen_gvec_mov(vece, dofs, aofs, oprsz, maxsz); } else { @@ -2881,7 +2881,7 @@ static void tcg_gen_shlv_mod_vec(unsigned vece, TCGv_= vec d, { TCGv_vec t =3D tcg_temp_new_vec_matching(d); =20 - tcg_gen_dupi_vec(vece, t, (8 << vece) - 1); + tcg_gen_dupi_vec(vece, t, ((uint64_t)8 << vece) - 1); tcg_gen_and_vec(vece, t, t, b); tcg_gen_shlv_vec(vece, d, a, t); tcg_temp_free_vec(t); @@ -2944,7 +2944,7 @@ static void tcg_gen_shrv_mod_vec(unsigned vece, TCGv_= vec d, { TCGv_vec t =3D tcg_temp_new_vec_matching(d); =20 - tcg_gen_dupi_vec(vece, t, (8 << vece) - 1); + tcg_gen_dupi_vec(vece, t, ((uint64_t)8 << vece) - 1); tcg_gen_and_vec(vece, t, t, b); tcg_gen_shrv_vec(vece, d, a, t); tcg_temp_free_vec(t); @@ -3007,7 +3007,7 @@ static void tcg_gen_sarv_mod_vec(unsigned vece, TCGv_= vec d, { TCGv_vec t =3D tcg_temp_new_vec_matching(d); =20 - tcg_gen_dupi_vec(vece, t, (8 << vece) - 1); + tcg_gen_dupi_vec(vece, t, ((uint64_t)8 << vece) - 1); tcg_gen_and_vec(vece, t, t, b); tcg_gen_sarv_vec(vece, d, a, t); tcg_temp_free_vec(t); diff --git a/tcg/tcg-op-vec.c b/tcg/tcg-op-vec.c index b6937e8d64..4cf1dc4e8e 100644 --- a/tcg/tcg-op-vec.c +++ b/tcg/tcg-op-vec.c @@ -483,7 +483,7 @@ void tcg_gen_abs_vec(unsigned vece, TCGv_vec r, TCGv_ve= c a) tcg_gen_smax_vec(vece, r, a, t); } else { if (tcg_can_emit_vec_op(INDEX_op_sari_vec, type, vece) > 0) { - tcg_gen_sari_vec(vece, t, a, (8 << vece) - 1); + tcg_gen_sari_vec(vece, t, a, ((int64_t)8 << vece) - 1); } else { do_dupi_vec(t, MO_REG, 0); tcg_gen_cmp_vec(TCG_COND_LT, vece, t, a, t); @@ -508,7 +508,7 @@ static void do_shifti(TCGOpcode opc, unsigned vece, int can; =20 tcg_debug_assert(at->base_type =3D=3D type); - tcg_debug_assert(i >=3D 0 && i < (8 << vece)); + tcg_debug_assert(i >=3D 0 && i < ((int64_t)8 << vece)); tcg_assert_listed_vecop(opc); =20 if (i =3D=3D 0) { --=20 2.19.1 From nobody Thu May 2 01:50:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1584360893; cv=none; d=zohomail.com; s=zohoarc; b=aef8toHKKcubQdrok4lknqpbylJgC/gSKQetsAvWFnVMZRkmY/0MX1VBNqz5T+o46Qle8LE9rLnAUhISbYAfgccrzuBRGSIcghrXVziaTSdsPEZabnAe7R7Q0TirJXROrr10PzHaU5sB1wlAPjZ9Hqqewbhw2f+l7F4xAu/2jO0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1584360893; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=z7vcT52MppbfhsPuyBC4cgABFjH8SJeUerTQ0yrH+vk=; b=dhw3BXqTXPa1hdANwGQ3SbuRUla3MDPzu3eUv/Wa9dxyrzRAZQtpmlmSpu4lYHbEEbbZiOFopTixalhXOyQpF2sdDQpsxlZ90s8ZL8k9TsheYqaA/YBe/6Dx0jZQ8bS7T2LwTK5hToSL9z+BVicXsDRSiaKLJas/b+VFDHPQppg= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1584360893710610.864378258398; Mon, 16 Mar 2020 05:14:53 -0700 (PDT) Received: from localhost ([::1]:37734 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jDodw-0000Us-4z for importer@patchew.org; Mon, 16 Mar 2020 08:14:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42016) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jDo7i-0005zy-R5 for qemu-devel@nongnu.org; Mon, 16 Mar 2020 07:41:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jDo7h-00021L-M3 for qemu-devel@nongnu.org; Mon, 16 Mar 2020 07:41:34 -0400 Received: from szxga04-in.huawei.com ([45.249.212.190]:3204 helo=huawei.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jDo7h-00015R-7p for qemu-devel@nongnu.org; Mon, 16 Mar 2020 07:41:33 -0400 Received: from DGGEMS405-HUB.china.huawei.com (unknown [172.30.72.60]) by Forcepoint Email with ESMTP id 0F1E3771176EB3E7AF93; Mon, 16 Mar 2020 19:41:26 +0800 (CST) Received: from huawei.com (10.133.201.158) by DGGEMS405-HUB.china.huawei.com (10.3.19.205) with Microsoft SMTP Server id 14.3.487.0; Mon, 16 Mar 2020 19:41:19 +0800 From: Yifei Jiang To: Subject: [PATCH 2/2] accel/tcg: avoid integer overflow Date: Mon, 16 Mar 2020 19:40:50 +0800 Message-ID: <20200316114050.3167-3-jiangyifei@huawei.com> X-Mailer: git-send-email 2.23.0.windows.1 In-Reply-To: <20200316114050.3167-1-jiangyifei@huawei.com> References: <20200316114050.3167-1-jiangyifei@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.133.201.158] X-CFilter-Loop: Reflected Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 45.249.212.190 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: zhang.zhanghailiang@huawei.com, limingwang@huawei.com, victor.zhangxiaofeng@huawei.com, Yifei Jiang , Euler Robot , pbonzini@redhat.com, rth@twiddle.net, dengkai1@huawei.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" This fixes coverity issues 75235919, etc., 1524 /* Handle CPU specific unaligned behaviour */ CID 75235919: (OVERFLOW_BEFORE_WIDEN) 1525. overflow_before_widen: Potentially overflowing expression "1 << a= _bits" with type "int" (32 bits, signed) is evaluated using 32-bit arithmet= ic, and then used in a context that expects an expression of type "target_u= long" (64 bits, unsigned). 1525 if (addr & ((1 << a_bits) - 1)) { Signed-off-by: Yifei Jiang Signed-off-by: Mingwang Li Reported-by: Euler Robot --- accel/tcg/cputlb.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c index e3b5750c3b..73b5e680be 100644 --- a/accel/tcg/cputlb.c +++ b/accel/tcg/cputlb.c @@ -1412,7 +1412,7 @@ static void *atomic_mmu_lookup(CPUArchState *env, tar= get_ulong addr, retaddr -=3D GETPC_ADJ; =20 /* Enforce guest required alignment. */ - if (unlikely(a_bits > 0 && (addr & ((1 << a_bits) - 1)))) { + if (unlikely(a_bits > 0 && (addr & (((target_ulong)1 << a_bits) - 1)))= ) { /* ??? Maybe indicate atomic op to cpu_unaligned_access */ cpu_unaligned_access(env_cpu(env), addr, MMU_DATA_STORE, mmu_idx, retaddr); @@ -1522,7 +1522,7 @@ load_helper(CPUArchState *env, target_ulong addr, TCG= MemOpIdx oi, size_t size =3D memop_size(op); =20 /* Handle CPU specific unaligned behaviour */ - if (addr & ((1 << a_bits) - 1)) { + if (addr & (((target_ulong)1 << a_bits) - 1)) { cpu_unaligned_access(env_cpu(env), addr, access_type, mmu_idx, retaddr); } @@ -1911,7 +1911,7 @@ store_helper(CPUArchState *env, target_ulong addr, ui= nt64_t val, size_t size =3D memop_size(op); =20 /* Handle CPU specific unaligned behaviour */ - if (addr & ((1 << a_bits) - 1)) { + if (addr & (((target_ulong)1 << a_bits) - 1)) { cpu_unaligned_access(env_cpu(env), addr, MMU_DATA_STORE, mmu_idx, retaddr); } --=20 2.19.1