1. Patchew
  2. QEMU
  3. View series

[PATCH v2] target/loongarch: fix bad shift in check_ps()

Song Gao posted 1 patch 1 week, 4 days ago 
target/loongarch/internals.h      |  2 +-
target/loongarch/tcg/csr_helper.c |  2 +-
target/loongarch/tcg/tlb_helper.c | 10 +++++-----
3 files changed, 7 insertions(+), 7 deletions(-)
[PATCH v2] target/loongarch: fix bad shift in check_ps()
Posted by Song Gao 1 week, 4 days ago 
 In expression 1ULL << tlb_ps, left shifting by more than 63 bits has undefined behavior.
The shift amount, tlb_ps, is as much as 64. check "tlb_ps >=64" to fix.

Resolves: Coverity CID 1593475

Fixes: d882c284a3 ("target/loongarch: check tlb_ps")
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Song Gao <gaosong@loongson.cn>
---
v2:  define parameter tlb_ps as uint type

 target/loongarch/internals.h      |  2 +-
 target/loongarch/tcg/csr_helper.c |  2 +-
 target/loongarch/tcg/tlb_helper.c | 10 +++++-----
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/target/loongarch/internals.h b/target/loongarch/internals.h
index 1cd959a766..9fdc3059d8 100644
--- a/target/loongarch/internals.h
+++ b/target/loongarch/internals.h
@@ -43,7 +43,7 @@ enum {
     TLBRET_PE = 7,
 };
 
-bool check_ps(CPULoongArchState *ent, int ps);
+bool check_ps(CPULoongArchState *ent, uint8_t ps);
 
 extern const VMStateDescription vmstate_loongarch_cpu;
 
diff --git a/target/loongarch/tcg/csr_helper.c b/target/loongarch/tcg/csr_helper.c
index 379c71e741..6a7a65c860 100644
--- a/target/loongarch/tcg/csr_helper.c
+++ b/target/loongarch/tcg/csr_helper.c
@@ -115,7 +115,7 @@ target_ulong helper_csrwr_ticlr(CPULoongArchState *env, target_ulong val)
 
 target_ulong helper_csrwr_pwcl(CPULoongArchState *env, target_ulong val)
 {
-    int shift, ptbase;
+    uint8_t shift, ptbase;
     int64_t old_v = env->CSR_PWCL;
 
     /*
diff --git a/target/loongarch/tcg/tlb_helper.c b/target/loongarch/tcg/tlb_helper.c
index 646dbf59de..bd8081e886 100644
--- a/target/loongarch/tcg/tlb_helper.c
+++ b/target/loongarch/tcg/tlb_helper.c
@@ -19,12 +19,12 @@
 #include "exec/log.h"
 #include "cpu-csr.h"
 
-bool check_ps(CPULoongArchState *env, int tlb_ps)
+bool check_ps(CPULoongArchState *env, uint8_t tlb_ps)
 {
-     if (tlb_ps > 64) {
-         return false;
-     }
-     return BIT_ULL(tlb_ps) & (env->CSR_PRCFG2);
+    if (tlb_ps >= 64) {
+        return false;
+    }
+    return BIT_ULL(tlb_ps) & (env->CSR_PRCFG2);
 }
 
 void get_dir_base_width(CPULoongArchState *env, uint64_t *dir_base,
-- 
2.34.1
Re: [PATCH v2] target/loongarch: fix bad shift in check_ps()
Posted by bibo mao 1 week, 4 days ago 
On 2025/3/21 上午9:13, Song Gao wrote:
>   In expression 1ULL << tlb_ps, left shifting by more than 63 bits has undefined behavior.
> The shift amount, tlb_ps, is as much as 64. check "tlb_ps >=64" to fix.
> 
> Resolves: Coverity CID 1593475
> 
> Fixes: d882c284a3 ("target/loongarch: check tlb_ps")
> Suggested-by: Peter Maydell <peter.maydell@linaro.org>
> Signed-off-by: Song Gao <gaosong@loongson.cn>
> ---
> v2:  define parameter tlb_ps as uint type
> 
>   target/loongarch/internals.h      |  2 +-
>   target/loongarch/tcg/csr_helper.c |  2 +-
>   target/loongarch/tcg/tlb_helper.c | 10 +++++-----
>   3 files changed, 7 insertions(+), 7 deletions(-)
> 
> diff --git a/target/loongarch/internals.h b/target/loongarch/internals.h
> index 1cd959a766..9fdc3059d8 100644
> --- a/target/loongarch/internals.h
> +++ b/target/loongarch/internals.h
> @@ -43,7 +43,7 @@ enum {
>       TLBRET_PE = 7,
>   };
>   
> -bool check_ps(CPULoongArchState *ent, int ps);
> +bool check_ps(CPULoongArchState *ent, uint8_t ps);
>   
>   extern const VMStateDescription vmstate_loongarch_cpu;
>   
> diff --git a/target/loongarch/tcg/csr_helper.c b/target/loongarch/tcg/csr_helper.c
> index 379c71e741..6a7a65c860 100644
> --- a/target/loongarch/tcg/csr_helper.c
> +++ b/target/loongarch/tcg/csr_helper.c
> @@ -115,7 +115,7 @@ target_ulong helper_csrwr_ticlr(CPULoongArchState *env, target_ulong val)
>   
>   target_ulong helper_csrwr_pwcl(CPULoongArchState *env, target_ulong val)
>   {
> -    int shift, ptbase;
> +    uint8_t shift, ptbase;
>       int64_t old_v = env->CSR_PWCL;
>   
>       /*
> diff --git a/target/loongarch/tcg/tlb_helper.c b/target/loongarch/tcg/tlb_helper.c
> index 646dbf59de..bd8081e886 100644
> --- a/target/loongarch/tcg/tlb_helper.c
> +++ b/target/loongarch/tcg/tlb_helper.c
> @@ -19,12 +19,12 @@
>   #include "exec/log.h"
>   #include "cpu-csr.h"
>   
> -bool check_ps(CPULoongArchState *env, int tlb_ps)
> +bool check_ps(CPULoongArchState *env, uint8_t tlb_ps)
>   {
> -     if (tlb_ps > 64) {
> -         return false;
> -     }
> -     return BIT_ULL(tlb_ps) & (env->CSR_PRCFG2);
> +    if (tlb_ps >= 64) {
> +        return false;
> +    }
> +    return BIT_ULL(tlb_ps) & (env->CSR_PRCFG2);
>   }
>   
>   void get_dir_base_width(CPULoongArchState *env, uint64_t *dir_base,
> 

Reviewed-by: Bibo Mao <maobibo@loongson.cn>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.