From nobody Sun Sep 28 16:35:25 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1757923425390811.800871373233; Mon, 15 Sep 2025 01:03:45 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uy4A1-0007HJ-S7; Mon, 15 Sep 2025 04:02:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uy49s-0007GI-8b; Mon, 15 Sep 2025 04:01:56 -0400 Received: from air.basealt.ru ([193.43.8.18]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uy49h-00061J-2R; Mon, 15 Sep 2025 04:01:54 -0400 Received: from happy.malta.altlinux.ru (obninsk.basealt.ru [217.15.195.17]) (Authenticated sender: sergeevdv) by air.basealt.ru (Postfix) with ESMTPSA id 75E6123338; Mon, 15 Sep 2025 11:01:29 +0300 (MSK) From: Denis Sergeev To: qemu-devel@nongnu.org Cc: qemu-ppc@nongnu.org, npiggin@gmail.com, rathc@linux.ibm.com, zeff@altlinux.org Subject: [PATCH] target/ppc: use MAKE_64BIT_MASK for mcrfs exception clear mask Date: Mon, 15 Sep 2025 11:01:18 +0300 Message-ID: <20250915080118.29898-1-zeff@altlinux.org> X-Mailer: git-send-email 2.50.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=193.43.8.18; envelope-from=zeff@altlinux.org; helo=air.basealt.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1757923429602116600 Content-Type: text/plain; charset="utf-8" In gen_mcrfs() the FPSCR nibble mask is computed as: `~((0xF << shift) & FP_EX_CLEAR_BITS)` Here, 0xF is of type int, so the left shift is performed in 32-bit signed arithmetic. For bfa=3D0 we get shift=3D28, and (0xF << 28) =3D 0xF0000000, which is not representable as a 32-bit signed int. Static analyzers flag this as a potential integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Denis Sergeev Reviewed-by: Chinmay Rath --- target/ppc/translate/fp-impl.c.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/ppc/translate/fp-impl.c.inc b/target/ppc/translate/fp-i= mpl.c.inc index a66b83398b..d01c0b5aba 100644 --- a/target/ppc/translate/fp-impl.c.inc +++ b/target/ppc/translate/fp-impl.c.inc @@ -479,7 +479,7 @@ static void gen_mcrfs(DisasContext *ctx) tcg_gen_extu_tl_i64(tnew_fpscr, cpu_fpscr); /* Only the exception bits (including FX) should be cleared if read */ tcg_gen_andi_i64(tnew_fpscr, tnew_fpscr, - ~((0xF << shift) & FP_EX_CLEAR_BITS)); + ~(MAKE_64BIT_MASK(shift, 4) & FP_EX_CLEAR_BITS)); /* FEX and VX need to be updated, so don't set fpscr directly */ tmask =3D tcg_constant_i32(1 << nibble); gen_helper_store_fpscr(tcg_env, tnew_fpscr, tmask); --=20 2.50.1