Message ID | 20201030144617.1535064-1-philmd@redhat.com |
---|---|
State | New |
Headers | show |
Series | [PATCH-for-5.2] hw/arm/smmuv3: Fix potential integer overflow (CID 1432363) | expand |
On 10/30/20 3:46 PM, Philippe Mathieu-Daudé wrote: > Use the BIT_ULL() macro to ensure we use 64-bit arithmetic. > This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN): > > CID 1432363 (#1 of 1): Unintentional integer overflow: > > overflow_before_widen: > Potentially overflowing expression 1 << scale with type int > (32 bits, signed) is evaluated using 32-bit arithmetic, and > then used in a context that expects an expression of type > hwaddr (64 bits, unsigned). > Fixes: d52915616c0 ("hw/arm/smmuv3: Get prepared for range invalidation") > Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> > --- > hw/arm/smmuv3.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c > index 2017ba7a5a7..22607c37841 100644 > --- a/hw/arm/smmuv3.c > +++ b/hw/arm/smmuv3.c > @@ -17,6 +17,7 @@ > */ > > #include "qemu/osdep.h" > +#include "qemu/bitops.h" > #include "hw/irq.h" > #include "hw/sysbus.h" > #include "migration/vmstate.h" > @@ -864,7 +865,7 @@ static void smmuv3_s1_range_inval(SMMUState *s, Cmd *cmd) > scale = CMD_SCALE(cmd); > num = CMD_NUM(cmd); > ttl = CMD_TTL(cmd); > - num_pages = (num + 1) * (1 << (scale)); > + num_pages = (num + 1) * BIT_ULL(scale); > } > > if (type == SMMU_CMD_TLBI_NH_VA) { >
Hi Philippe, On 10/30/20 3:46 PM, Philippe Mathieu-Daudé wrote: > Use the BIT_ULL() macro to ensure we use 64-bit arithmetic. > This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN): > > CID 1432363 (#1 of 1): Unintentional integer overflow: > > overflow_before_widen: > Potentially overflowing expression 1 << scale with type int > (32 bits, signed) is evaluated using 32-bit arithmetic, and > then used in a context that expects an expression of type > hwaddr (64 bits, unsigned). > > Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Eric Auger <eric.auger@redhat.com> Thanks! Eric > --- > hw/arm/smmuv3.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c > index 2017ba7a5a7..22607c37841 100644 > --- a/hw/arm/smmuv3.c > +++ b/hw/arm/smmuv3.c > @@ -17,6 +17,7 @@ > */ > > #include "qemu/osdep.h" > +#include "qemu/bitops.h" > #include "hw/irq.h" > #include "hw/sysbus.h" > #include "migration/vmstate.h" > @@ -864,7 +865,7 @@ static void smmuv3_s1_range_inval(SMMUState *s, Cmd *cmd) > scale = CMD_SCALE(cmd); > num = CMD_NUM(cmd); > ttl = CMD_TTL(cmd); > - num_pages = (num + 1) * (1 << (scale)); > + num_pages = (num + 1) * BIT_ULL(scale); > } > > if (type == SMMU_CMD_TLBI_NH_VA) { >
On Fri, 30 Oct 2020 at 14:46, Philippe Mathieu-Daudé <philmd@redhat.com> wrote: > > Use the BIT_ULL() macro to ensure we use 64-bit arithmetic. > This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN): > > CID 1432363 (#1 of 1): Unintentional integer overflow: > > overflow_before_widen: > Potentially overflowing expression 1 << scale with type int > (32 bits, signed) is evaluated using 32-bit arithmetic, and > then used in a context that expects an expression of type > hwaddr (64 bits, unsigned). > > Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> > --- > hw/arm/smmuv3.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) Applied to target-arm.next, thanks. -- PMM
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index 2017ba7a5a7..22607c37841 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -17,6 +17,7 @@ */ #include "qemu/osdep.h" +#include "qemu/bitops.h" #include "hw/irq.h" #include "hw/sysbus.h" #include "migration/vmstate.h" @@ -864,7 +865,7 @@ static void smmuv3_s1_range_inval(SMMUState *s, Cmd *cmd) scale = CMD_SCALE(cmd); num = CMD_NUM(cmd); ttl = CMD_TTL(cmd); - num_pages = (num + 1) * (1 << (scale)); + num_pages = (num + 1) * BIT_ULL(scale); } if (type == SMMU_CMD_TLBI_NH_VA) {
Use the BIT_ULL() macro to ensure we use 64-bit arithmetic. This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN): CID 1432363 (#1 of 1): Unintentional integer overflow: overflow_before_widen: Potentially overflowing expression 1 << scale with type int (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type hwaddr (64 bits, unsigned). Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> --- hw/arm/smmuv3.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)