diff mbox series

[PATCH-for-5.2] hw/arm/smmuv3: Fix potential integer overflow (CID 1432363)

Message ID 20201030144617.1535064-1-philmd@redhat.com
State New
Headers show
Series [PATCH-for-5.2] hw/arm/smmuv3: Fix potential integer overflow (CID 1432363) | expand

Commit Message

Philippe Mathieu-Daudé Oct. 30, 2020, 2:46 p.m. UTC
Use the BIT_ULL() macro to ensure we use 64-bit arithmetic.
This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN):

  CID 1432363 (#1 of 1): Unintentional integer overflow:

  overflow_before_widen:
    Potentially overflowing expression 1 << scale with type int
    (32 bits, signed) is evaluated using 32-bit arithmetic, and
    then used in a context that expects an expression of type
    hwaddr (64 bits, unsigned).

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/arm/smmuv3.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Philippe Mathieu-Daudé Oct. 30, 2020, 3:04 p.m. UTC | #1
On 10/30/20 3:46 PM, Philippe Mathieu-Daudé wrote:
> Use the BIT_ULL() macro to ensure we use 64-bit arithmetic.

> This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN):

> 

>   CID 1432363 (#1 of 1): Unintentional integer overflow:

> 

>   overflow_before_widen:

>     Potentially overflowing expression 1 << scale with type int

>     (32 bits, signed) is evaluated using 32-bit arithmetic, and

>     then used in a context that expects an expression of type

>     hwaddr (64 bits, unsigned).

> 


Fixes: d52915616c0 ("hw/arm/smmuv3: Get prepared for range invalidation")

> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

> ---

>  hw/arm/smmuv3.c | 3 ++-

>  1 file changed, 2 insertions(+), 1 deletion(-)

> 

> diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c

> index 2017ba7a5a7..22607c37841 100644

> --- a/hw/arm/smmuv3.c

> +++ b/hw/arm/smmuv3.c

> @@ -17,6 +17,7 @@

>   */

>  

>  #include "qemu/osdep.h"

> +#include "qemu/bitops.h"

>  #include "hw/irq.h"

>  #include "hw/sysbus.h"

>  #include "migration/vmstate.h"

> @@ -864,7 +865,7 @@ static void smmuv3_s1_range_inval(SMMUState *s, Cmd *cmd)

>          scale = CMD_SCALE(cmd);

>          num = CMD_NUM(cmd);

>          ttl = CMD_TTL(cmd);

> -        num_pages = (num + 1) * (1 << (scale));

> +        num_pages = (num + 1) * BIT_ULL(scale);

>      }

>  

>      if (type == SMMU_CMD_TLBI_NH_VA) {

>
Eric Auger Oct. 30, 2020, 3:19 p.m. UTC | #2
Hi Philippe,

On 10/30/20 3:46 PM, Philippe Mathieu-Daudé wrote:
> Use the BIT_ULL() macro to ensure we use 64-bit arithmetic.

> This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN):

> 

>   CID 1432363 (#1 of 1): Unintentional integer overflow:

> 

>   overflow_before_widen:

>     Potentially overflowing expression 1 << scale with type int

>     (32 bits, signed) is evaluated using 32-bit arithmetic, and

>     then used in a context that expects an expression of type

>     hwaddr (64 bits, unsigned).

> 

> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Acked-by: Eric Auger <eric.auger@redhat.com>


Thanks!

Eric
> ---

>  hw/arm/smmuv3.c | 3 ++-

>  1 file changed, 2 insertions(+), 1 deletion(-)

> 

> diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c

> index 2017ba7a5a7..22607c37841 100644

> --- a/hw/arm/smmuv3.c

> +++ b/hw/arm/smmuv3.c

> @@ -17,6 +17,7 @@

>   */

>  

>  #include "qemu/osdep.h"

> +#include "qemu/bitops.h"

>  #include "hw/irq.h"

>  #include "hw/sysbus.h"

>  #include "migration/vmstate.h"

> @@ -864,7 +865,7 @@ static void smmuv3_s1_range_inval(SMMUState *s, Cmd *cmd)

>          scale = CMD_SCALE(cmd);

>          num = CMD_NUM(cmd);

>          ttl = CMD_TTL(cmd);

> -        num_pages = (num + 1) * (1 << (scale));

> +        num_pages = (num + 1) * BIT_ULL(scale);

>      }

>  

>      if (type == SMMU_CMD_TLBI_NH_VA) {

>
Peter Maydell Nov. 2, 2020, 11:42 a.m. UTC | #3
On Fri, 30 Oct 2020 at 14:46, Philippe Mathieu-Daudé <philmd@redhat.com> wrote:
>

> Use the BIT_ULL() macro to ensure we use 64-bit arithmetic.

> This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN):

>

>   CID 1432363 (#1 of 1): Unintentional integer overflow:

>

>   overflow_before_widen:

>     Potentially overflowing expression 1 << scale with type int

>     (32 bits, signed) is evaluated using 32-bit arithmetic, and

>     then used in a context that expects an expression of type

>     hwaddr (64 bits, unsigned).

>

> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

> ---

>  hw/arm/smmuv3.c | 3 ++-

>  1 file changed, 2 insertions(+), 1 deletion(-)




Applied to target-arm.next, thanks.

-- PMM
diff mbox series

Patch

diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index 2017ba7a5a7..22607c37841 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -17,6 +17,7 @@ 
  */
 
 #include "qemu/osdep.h"
+#include "qemu/bitops.h"
 #include "hw/irq.h"
 #include "hw/sysbus.h"
 #include "migration/vmstate.h"
@@ -864,7 +865,7 @@  static void smmuv3_s1_range_inval(SMMUState *s, Cmd *cmd)
         scale = CMD_SCALE(cmd);
         num = CMD_NUM(cmd);
         ttl = CMD_TTL(cmd);
-        num_pages = (num + 1) * (1 << (scale));
+        num_pages = (num + 1) * BIT_ULL(scale);
     }
 
     if (type == SMMU_CMD_TLBI_NH_VA) {