* [PATCH v2 0/5] Fix LoongArch coverity error and cpu name bug
@ 2022-07-13 9:50 Xiaojuan Yang
2022-07-13 9:50 ` [PATCH 1/5] target/loongarch/cpu: Fix cpu_class_by_name function Xiaojuan Yang
` (4 more replies)
0 siblings, 5 replies; 13+ messages in thread
From: Xiaojuan Yang @ 2022-07-13 9:50 UTC (permalink / raw)
To: qemu-devel
Cc: richard.henderson, gaosong, maobibo, mark.cave-ayland, mst,
imammedo, ani, f4bug, peter.maydell
Make some changes following Richard's advice based on version v1. And the
v1 patches fix some coverity errors and loongarch_cpu_class_by_name function
for LoongArch virt machine.
1. Use MAKE_64BIT_MASK(shift, len) to replace 'xxx << shift'.
2. Use ARRAY_SIZE(arrqy) to get the array size.
3. Add the assertion that 'cpu_model' resolve to a class of the
appropriate type.
Xiaojuan Yang (5):
target/loongarch/cpu: Fix cpu_class_by_name function
hw/intc/loongarch_pch_pic: Fix coverity errors in update irq
target/loongarch/cpu: Fix coverity errors about excp_names
target/loongarch/tlb_helper: Fix coverity integer overflow error
target/loongarch/op_helper: Fix coverity cond_at_most error
hw/intc/loongarch_pch_pic.c | 19 ++++++++++++-------
target/loongarch/cpu.c | 15 ++++++++-------
target/loongarch/op_helper.c | 2 +-
target/loongarch/tlb_helper.c | 4 ++--
4 files changed, 23 insertions(+), 17 deletions(-)
--
2.31.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 1/5] target/loongarch/cpu: Fix cpu_class_by_name function
2022-07-13 9:50 [PATCH v2 0/5] Fix LoongArch coverity error and cpu name bug Xiaojuan Yang
@ 2022-07-13 9:50 ` Xiaojuan Yang
2022-07-13 16:02 ` Richard Henderson
2022-07-13 9:50 ` [PATCH 2/5] hw/intc/loongarch_pch_pic: Fix coverity errors in update irq Xiaojuan Yang
` (3 subsequent siblings)
4 siblings, 1 reply; 13+ messages in thread
From: Xiaojuan Yang @ 2022-07-13 9:50 UTC (permalink / raw)
To: qemu-devel
Cc: richard.henderson, gaosong, maobibo, mark.cave-ayland, mst,
imammedo, ani, f4bug, peter.maydell
In loongarch_cpu_class_by_name(char *cpu_model) function,
the argument cpu_model already has the suffix '-loongarch-cpu',
so we should remove the LOONGARCH_CPU_TYPE_NAME(cpu_model) macro.
And add the assertion that 'cpu_model' resolves to a class of the
appropriate type.
Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
---
target/loongarch/cpu.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
index e21715592a..ed26f9beed 100644
--- a/target/loongarch/cpu.c
+++ b/target/loongarch/cpu.c
@@ -571,11 +571,12 @@ static void loongarch_cpu_init(Object *obj)
static ObjectClass *loongarch_cpu_class_by_name(const char *cpu_model)
{
ObjectClass *oc;
- char *typename;
- typename = g_strdup_printf(LOONGARCH_CPU_TYPE_NAME("%s"), cpu_model);
- oc = object_class_by_name(typename);
- g_free(typename);
+ oc = object_class_by_name(cpu_model);
+ if (!oc || !object_class_dynamic_cast(oc, TYPE_LOONGARCH_CPU) ||
+ object_class_is_abstract(oc)) {
+ return NULL;
+ }
return oc;
}
--
2.31.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 2/5] hw/intc/loongarch_pch_pic: Fix coverity errors in update irq
2022-07-13 9:50 [PATCH v2 0/5] Fix LoongArch coverity error and cpu name bug Xiaojuan Yang
2022-07-13 9:50 ` [PATCH 1/5] target/loongarch/cpu: Fix cpu_class_by_name function Xiaojuan Yang
@ 2022-07-13 9:50 ` Xiaojuan Yang
2022-07-13 16:08 ` Richard Henderson
2022-07-13 9:50 ` [PATCH 3/5] target/loongarch/cpu: Fix coverity errors about excp_names Xiaojuan Yang
` (2 subsequent siblings)
4 siblings, 1 reply; 13+ messages in thread
From: Xiaojuan Yang @ 2022-07-13 9:50 UTC (permalink / raw)
To: qemu-devel
Cc: richard.henderson, gaosong, maobibo, mark.cave-ayland, mst,
imammedo, ani, f4bug, peter.maydell
Fix coverity errors:
1. In find_first_bit function, the 'size' argument need
'unsigned long' type, so we change the 'size' to unsigned
long type when use the function.
2. In expression 1ULL << irq, left shifting by more than
63 bits has undefined behavior. And out-of-bounds access
error occured when 'irq' >= 64. So we add a condition to
avoid this.
3. Use 'MAKE_64BIT_MASK(irq, 1)' to replace '1ULL << shift'.
Fix coverity CID: 1489761 1489764 1489765
Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
---
hw/intc/loongarch_pch_pic.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/hw/intc/loongarch_pch_pic.c b/hw/intc/loongarch_pch_pic.c
index 3c9814a3b4..040b89861c 100644
--- a/hw/intc/loongarch_pch_pic.c
+++ b/hw/intc/loongarch_pch_pic.c
@@ -15,22 +15,27 @@
static void pch_pic_update_irq(LoongArchPCHPIC *s, uint64_t mask, int level)
{
- unsigned long val;
+ unsigned long val, max_irq;
int irq;
+ max_irq = 64;
if (level) {
val = mask & s->intirr & ~s->int_mask;
if (val) {
- irq = find_first_bit(&val, 64);
- s->intisr |= 0x1ULL << irq;
- qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 1);
+ irq = find_first_bit(&val, max_irq);
+ if (irq < max_irq) {
+ s->intisr |= MAKE_64BIT_MASK(irq, 1);
+ qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 1);
+ }
}
} else {
val = mask & s->intisr;
if (val) {
- irq = find_first_bit(&val, 64);
- s->intisr &= ~(0x1ULL << irq);
- qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 0);
+ irq = find_first_bit(&val, max_irq);
+ if (irq < max_irq) {
+ s->intisr &= ~(MAKE_64BIT_MASK(irq, 1));
+ qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 0);
+ }
}
}
}
--
2.31.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 3/5] target/loongarch/cpu: Fix coverity errors about excp_names
2022-07-13 9:50 [PATCH v2 0/5] Fix LoongArch coverity error and cpu name bug Xiaojuan Yang
2022-07-13 9:50 ` [PATCH 1/5] target/loongarch/cpu: Fix cpu_class_by_name function Xiaojuan Yang
2022-07-13 9:50 ` [PATCH 2/5] hw/intc/loongarch_pch_pic: Fix coverity errors in update irq Xiaojuan Yang
@ 2022-07-13 9:50 ` Xiaojuan Yang
2022-07-13 16:04 ` Richard Henderson
2022-07-13 9:50 ` [PATCH 4/5] target/loongarch/tlb_helper: Fix coverity integer overflow error Xiaojuan Yang
2022-07-13 9:50 ` [PATCH 5/5] target/loongarch/op_helper: Fix coverity cond_at_most error Xiaojuan Yang
4 siblings, 1 reply; 13+ messages in thread
From: Xiaojuan Yang @ 2022-07-13 9:50 UTC (permalink / raw)
To: qemu-devel
Cc: richard.henderson, gaosong, maobibo, mark.cave-ayland, mst,
imammedo, ani, f4bug, peter.maydell
Fix out-of-bounds errors when access excp_names[] array. the valid
boundary size of excp_names should be 0 to ARRAY_SIZE(excp_names)-1.
However, the general code do not consider the max boundary.
Fix coverity CID: 1489758
Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
---
target/loongarch/cpu.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
index ed26f9beed..89ea971cde 100644
--- a/target/loongarch/cpu.c
+++ b/target/loongarch/cpu.c
@@ -140,7 +140,7 @@ static void loongarch_cpu_do_interrupt(CPUState *cs)
if (cs->exception_index != EXCCODE_INT) {
if (cs->exception_index < 0 ||
- cs->exception_index > ARRAY_SIZE(excp_names)) {
+ cs->exception_index >= ARRAY_SIZE(excp_names)) {
name = "unknown";
} else {
name = excp_names[cs->exception_index];
@@ -190,8 +190,8 @@ static void loongarch_cpu_do_interrupt(CPUState *cs)
cause = cs->exception_index;
break;
default:
- qemu_log("Error: exception(%d) '%s' has not been supported\n",
- cs->exception_index, excp_names[cs->exception_index]);
+ qemu_log("Error: exception(%d) has not been supported\n",
+ cs->exception_index);
abort();
}
--
2.31.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 4/5] target/loongarch/tlb_helper: Fix coverity integer overflow error
2022-07-13 9:50 [PATCH v2 0/5] Fix LoongArch coverity error and cpu name bug Xiaojuan Yang
` (2 preceding siblings ...)
2022-07-13 9:50 ` [PATCH 3/5] target/loongarch/cpu: Fix coverity errors about excp_names Xiaojuan Yang
@ 2022-07-13 9:50 ` Xiaojuan Yang
2022-07-13 16:04 ` Richard Henderson
2022-07-13 9:50 ` [PATCH 5/5] target/loongarch/op_helper: Fix coverity cond_at_most error Xiaojuan Yang
4 siblings, 1 reply; 13+ messages in thread
From: Xiaojuan Yang @ 2022-07-13 9:50 UTC (permalink / raw)
To: qemu-devel
Cc: richard.henderson, gaosong, maobibo, mark.cave-ayland, mst,
imammedo, ani, f4bug, peter.maydell
Replace '1 << shift' with 'MAKE_64BIT_MASK(shift, 1)' to fix
unintentional integer overflow errors in tlb_helper file.
Fix coverity CID: 1489759 1489762
Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
---
target/loongarch/tlb_helper.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/loongarch/tlb_helper.c b/target/loongarch/tlb_helper.c
index bab19c7e05..610b6d123c 100644
--- a/target/loongarch/tlb_helper.c
+++ b/target/loongarch/tlb_helper.c
@@ -298,7 +298,7 @@ static void invalidate_tlb_entry(CPULoongArchState *env, int index)
} else {
tlb_ps = FIELD_EX64(env->CSR_STLBPS, CSR_STLBPS, PS);
}
- pagesize = 1 << tlb_ps;
+ pagesize = MAKE_64BIT_MASK(tlb_ps, 1);
mask = MAKE_64BIT_MASK(0, tlb_ps + 1);
if (tlb_v0) {
@@ -736,7 +736,7 @@ void helper_ldpte(CPULoongArchState *env, target_ulong base, target_ulong odd,
(tmp0 & (~(1 << R_TLBENTRY_G_SHIFT)));
ps = ptbase + ptwidth - 1;
if (odd) {
- tmp0 += (1 << ps);
+ tmp0 += MAKE_64BIT_MASK(ps, 1);
}
} else {
/* 0:64bit, 1:128bit, 2:192bit, 3:256bit */
--
2.31.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 5/5] target/loongarch/op_helper: Fix coverity cond_at_most error
2022-07-13 9:50 [PATCH v2 0/5] Fix LoongArch coverity error and cpu name bug Xiaojuan Yang
` (3 preceding siblings ...)
2022-07-13 9:50 ` [PATCH 4/5] target/loongarch/tlb_helper: Fix coverity integer overflow error Xiaojuan Yang
@ 2022-07-13 9:50 ` Xiaojuan Yang
2022-07-13 16:05 ` Richard Henderson
4 siblings, 1 reply; 13+ messages in thread
From: Xiaojuan Yang @ 2022-07-13 9:50 UTC (permalink / raw)
To: qemu-devel
Cc: richard.henderson, gaosong, maobibo, mark.cave-ayland, mst,
imammedo, ani, f4bug, peter.maydell
The boundary size of cpucfg array should be 0 to 20. So,
using index bigger than 20 to access cpucfg[] must be forbidden.
Fix coverity CID: 1489760
Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
---
target/loongarch/op_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/loongarch/op_helper.c b/target/loongarch/op_helper.c
index 4b429b6699..568c071601 100644
--- a/target/loongarch/op_helper.c
+++ b/target/loongarch/op_helper.c
@@ -81,7 +81,7 @@ target_ulong helper_crc32c(target_ulong val, target_ulong m, uint64_t sz)
target_ulong helper_cpucfg(CPULoongArchState *env, target_ulong rj)
{
- return rj > 21 ? 0 : env->cpucfg[rj];
+ return rj >= ARRAY_SIZE(env->cpucfg) ? 0 : env->cpucfg[rj];
}
uint64_t helper_rdtime_d(CPULoongArchState *env)
--
2.31.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH 1/5] target/loongarch/cpu: Fix cpu_class_by_name function
2022-07-13 9:50 ` [PATCH 1/5] target/loongarch/cpu: Fix cpu_class_by_name function Xiaojuan Yang
@ 2022-07-13 16:02 ` Richard Henderson
0 siblings, 0 replies; 13+ messages in thread
From: Richard Henderson @ 2022-07-13 16:02 UTC (permalink / raw)
To: Xiaojuan Yang, qemu-devel
Cc: gaosong, maobibo, mark.cave-ayland, mst, imammedo, ani, f4bug,
peter.maydell
On 7/13/22 15:20, Xiaojuan Yang wrote:
> In loongarch_cpu_class_by_name(char *cpu_model) function,
> the argument cpu_model already has the suffix '-loongarch-cpu',
> so we should remove the LOONGARCH_CPU_TYPE_NAME(cpu_model) macro.
> And add the assertion that 'cpu_model' resolves to a class of the
> appropriate type.
>
> Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
> ---
> target/loongarch/cpu.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
>
> diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
> index e21715592a..ed26f9beed 100644
> --- a/target/loongarch/cpu.c
> +++ b/target/loongarch/cpu.c
> @@ -571,11 +571,12 @@ static void loongarch_cpu_init(Object *obj)
> static ObjectClass *loongarch_cpu_class_by_name(const char *cpu_model)
> {
> ObjectClass *oc;
> - char *typename;
>
> - typename = g_strdup_printf(LOONGARCH_CPU_TYPE_NAME("%s"), cpu_model);
> - oc = object_class_by_name(typename);
> - g_free(typename);
> + oc = object_class_by_name(cpu_model);
> + if (!oc || !object_class_dynamic_cast(oc, TYPE_LOONGARCH_CPU) ||
> + object_class_is_abstract(oc)) {
> + return NULL;
> + }
> return oc;
> }
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 3/5] target/loongarch/cpu: Fix coverity errors about excp_names
2022-07-13 9:50 ` [PATCH 3/5] target/loongarch/cpu: Fix coverity errors about excp_names Xiaojuan Yang
@ 2022-07-13 16:04 ` Richard Henderson
0 siblings, 0 replies; 13+ messages in thread
From: Richard Henderson @ 2022-07-13 16:04 UTC (permalink / raw)
To: Xiaojuan Yang, qemu-devel
Cc: gaosong, maobibo, mark.cave-ayland, mst, imammedo, ani, f4bug,
peter.maydell
On 7/13/22 15:20, Xiaojuan Yang wrote:
> Fix out-of-bounds errors when access excp_names[] array. the valid
> boundary size of excp_names should be 0 to ARRAY_SIZE(excp_names)-1.
> However, the general code do not consider the max boundary.
>
> Fix coverity CID: 1489758
>
> Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
> ---
> target/loongarch/cpu.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
I gave you a reviewed-by for this patch in v1.
You must copy those into v2 so that I don't have to do it again.
r~
>
> diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
> index ed26f9beed..89ea971cde 100644
> --- a/target/loongarch/cpu.c
> +++ b/target/loongarch/cpu.c
> @@ -140,7 +140,7 @@ static void loongarch_cpu_do_interrupt(CPUState *cs)
>
> if (cs->exception_index != EXCCODE_INT) {
> if (cs->exception_index < 0 ||
> - cs->exception_index > ARRAY_SIZE(excp_names)) {
> + cs->exception_index >= ARRAY_SIZE(excp_names)) {
> name = "unknown";
> } else {
> name = excp_names[cs->exception_index];
> @@ -190,8 +190,8 @@ static void loongarch_cpu_do_interrupt(CPUState *cs)
> cause = cs->exception_index;
> break;
> default:
> - qemu_log("Error: exception(%d) '%s' has not been supported\n",
> - cs->exception_index, excp_names[cs->exception_index]);
> + qemu_log("Error: exception(%d) has not been supported\n",
> + cs->exception_index);
> abort();
> }
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 4/5] target/loongarch/tlb_helper: Fix coverity integer overflow error
2022-07-13 9:50 ` [PATCH 4/5] target/loongarch/tlb_helper: Fix coverity integer overflow error Xiaojuan Yang
@ 2022-07-13 16:04 ` Richard Henderson
0 siblings, 0 replies; 13+ messages in thread
From: Richard Henderson @ 2022-07-13 16:04 UTC (permalink / raw)
To: Xiaojuan Yang, qemu-devel
Cc: gaosong, maobibo, mark.cave-ayland, mst, imammedo, ani, f4bug,
peter.maydell
On 7/13/22 15:20, Xiaojuan Yang wrote:
> Replace '1 << shift' with 'MAKE_64BIT_MASK(shift, 1)' to fix
> unintentional integer overflow errors in tlb_helper file.
>
> Fix coverity CID: 1489759 1489762
>
> Signed-off-by: Xiaojuan Yang<yangxiaojuan@loongson.cn>
> ---
> target/loongarch/tlb_helper.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 5/5] target/loongarch/op_helper: Fix coverity cond_at_most error
2022-07-13 9:50 ` [PATCH 5/5] target/loongarch/op_helper: Fix coverity cond_at_most error Xiaojuan Yang
@ 2022-07-13 16:05 ` Richard Henderson
0 siblings, 0 replies; 13+ messages in thread
From: Richard Henderson @ 2022-07-13 16:05 UTC (permalink / raw)
To: Xiaojuan Yang, qemu-devel
Cc: gaosong, maobibo, mark.cave-ayland, mst, imammedo, ani, f4bug,
peter.maydell
On 7/13/22 15:20, Xiaojuan Yang wrote:
> The boundary size of cpucfg array should be 0 to 20. So,
> using index bigger than 20 to access cpucfg[] must be forbidden.
You must update the comment to match the code,
which no longer mentions "20" at all. With that change,
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
>
> Fix coverity CID: 1489760
>
> Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
> ---
> target/loongarch/op_helper.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/loongarch/op_helper.c b/target/loongarch/op_helper.c
> index 4b429b6699..568c071601 100644
> --- a/target/loongarch/op_helper.c
> +++ b/target/loongarch/op_helper.c
> @@ -81,7 +81,7 @@ target_ulong helper_crc32c(target_ulong val, target_ulong m, uint64_t sz)
>
> target_ulong helper_cpucfg(CPULoongArchState *env, target_ulong rj)
> {
> - return rj > 21 ? 0 : env->cpucfg[rj];
> + return rj >= ARRAY_SIZE(env->cpucfg) ? 0 : env->cpucfg[rj];
> }
>
> uint64_t helper_rdtime_d(CPULoongArchState *env)
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/5] hw/intc/loongarch_pch_pic: Fix coverity errors in update irq
2022-07-13 9:50 ` [PATCH 2/5] hw/intc/loongarch_pch_pic: Fix coverity errors in update irq Xiaojuan Yang
@ 2022-07-13 16:08 ` Richard Henderson
0 siblings, 0 replies; 13+ messages in thread
From: Richard Henderson @ 2022-07-13 16:08 UTC (permalink / raw)
To: Xiaojuan Yang, qemu-devel
Cc: gaosong, maobibo, mark.cave-ayland, mst, imammedo, ani, f4bug,
peter.maydell
On 7/13/22 15:20, Xiaojuan Yang wrote:
> Fix coverity errors:
> 1. In find_first_bit function, the 'size' argument need
> 'unsigned long' type, so we change the 'size' to unsigned
> long type when use the function.
> 2. In expression 1ULL << irq, left shifting by more than
> 63 bits has undefined behavior. And out-of-bounds access
> error occured when 'irq' >= 64. So we add a condition to
> avoid this.
> 3. Use 'MAKE_64BIT_MASK(irq, 1)' to replace '1ULL << shift'.
>
> Fix coverity CID: 1489761 1489764 1489765
>
> Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
> ---
> hw/intc/loongarch_pch_pic.c | 19 ++++++++++++-------
> 1 file changed, 12 insertions(+), 7 deletions(-)
>
> diff --git a/hw/intc/loongarch_pch_pic.c b/hw/intc/loongarch_pch_pic.c
> index 3c9814a3b4..040b89861c 100644
> --- a/hw/intc/loongarch_pch_pic.c
> +++ b/hw/intc/loongarch_pch_pic.c
> @@ -15,22 +15,27 @@
>
> static void pch_pic_update_irq(LoongArchPCHPIC *s, uint64_t mask, int level)
> {
> - unsigned long val;
> + unsigned long val, max_irq;
You did not follow any of my direction from v1.
(1) val must be uint64_t.
(and, generally, any use of 'unsigned long' is probably a bug)
> + irq = find_first_bit(&val, max_irq);
Use ctz64().
> + if (irq < max_irq) {
This, really, should be a test of val != 0 before the ctz.
> + s->intisr |= MAKE_64BIT_MASK(irq, 1);
> + qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 1);
> + }
> }
> } else {
> val = mask & s->intisr;
> if (val) {
> - irq = find_first_bit(&val, 64);
> - s->intisr &= ~(0x1ULL << irq);
> - qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 0);
> + irq = find_first_bit(&val, max_irq);
> + if (irq < max_irq) {
> + s->intisr &= ~(MAKE_64BIT_MASK(irq, 1));
> + qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 0);
etc.
r~
> + }
> }
> }
> }
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 4/5] target/loongarch/tlb_helper: Fix coverity integer overflow error
2022-07-12 8:01 ` [PATCH 4/5] target/loongarch/tlb_helper: Fix coverity integer overflow error Xiaojuan Yang
@ 2022-07-12 10:17 ` Richard Henderson
0 siblings, 0 replies; 13+ messages in thread
From: Richard Henderson @ 2022-07-12 10:17 UTC (permalink / raw)
To: Xiaojuan Yang, qemu-devel
Cc: gaosong, maobibo, mark.cave-ayland, mst, imammedo, ani, f4bug,
peter.maydell
On 7/12/22 13:31, Xiaojuan Yang wrote:
> Replace '1' with '1UL' to fix unintentional integer overflow errors
> in tlb_helper file.
>
> Fix coverity CID: 1489759 1489762
>
> Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
> ---
> target/loongarch/tlb_helper.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/target/loongarch/tlb_helper.c b/target/loongarch/tlb_helper.c
> index bab19c7e05..b300230588 100644
> --- a/target/loongarch/tlb_helper.c
> +++ b/target/loongarch/tlb_helper.c
> @@ -298,7 +298,7 @@ static void invalidate_tlb_entry(CPULoongArchState *env, int index)
> } else {
> tlb_ps = FIELD_EX64(env->CSR_STLBPS, CSR_STLBPS, PS);
> }
> - pagesize = 1 << tlb_ps;
> + pagesize = 1UL << tlb_ps;
> mask = MAKE_64BIT_MASK(0, tlb_ps + 1);
This is incorrect, because 1ul is still 32 bits on some hosts, including windows64.
More generally, 'ul' is *always* incorrect for qemu.
Much better here to use
pagesize = MAKE_64BIT_MASK(tlb_ps, 1);
> - tmp0 += (1 << ps);
> + tmp0 += (1UL << ps);
Likewise.
r~
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 4/5] target/loongarch/tlb_helper: Fix coverity integer overflow error
2022-07-12 8:01 [PATCH v1 0/5] Fix LoongArch coverity error and cpu name bug Xiaojuan Yang
@ 2022-07-12 8:01 ` Xiaojuan Yang
2022-07-12 10:17 ` Richard Henderson
0 siblings, 1 reply; 13+ messages in thread
From: Xiaojuan Yang @ 2022-07-12 8:01 UTC (permalink / raw)
To: qemu-devel
Cc: richard.henderson, gaosong, maobibo, mark.cave-ayland, mst,
imammedo, ani, f4bug, peter.maydell
Replace '1' with '1UL' to fix unintentional integer overflow errors
in tlb_helper file.
Fix coverity CID: 1489759 1489762
Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
---
target/loongarch/tlb_helper.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/loongarch/tlb_helper.c b/target/loongarch/tlb_helper.c
index bab19c7e05..b300230588 100644
--- a/target/loongarch/tlb_helper.c
+++ b/target/loongarch/tlb_helper.c
@@ -298,7 +298,7 @@ static void invalidate_tlb_entry(CPULoongArchState *env, int index)
} else {
tlb_ps = FIELD_EX64(env->CSR_STLBPS, CSR_STLBPS, PS);
}
- pagesize = 1 << tlb_ps;
+ pagesize = 1UL << tlb_ps;
mask = MAKE_64BIT_MASK(0, tlb_ps + 1);
if (tlb_v0) {
@@ -736,7 +736,7 @@ void helper_ldpte(CPULoongArchState *env, target_ulong base, target_ulong odd,
(tmp0 & (~(1 << R_TLBENTRY_G_SHIFT)));
ps = ptbase + ptwidth - 1;
if (odd) {
- tmp0 += (1 << ps);
+ tmp0 += (1UL << ps);
}
} else {
/* 0:64bit, 1:128bit, 2:192bit, 3:256bit */
--
2.31.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
end of thread, other threads:[~2022-07-13 16:21 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-13 9:50 [PATCH v2 0/5] Fix LoongArch coverity error and cpu name bug Xiaojuan Yang
2022-07-13 9:50 ` [PATCH 1/5] target/loongarch/cpu: Fix cpu_class_by_name function Xiaojuan Yang
2022-07-13 16:02 ` Richard Henderson
2022-07-13 9:50 ` [PATCH 2/5] hw/intc/loongarch_pch_pic: Fix coverity errors in update irq Xiaojuan Yang
2022-07-13 16:08 ` Richard Henderson
2022-07-13 9:50 ` [PATCH 3/5] target/loongarch/cpu: Fix coverity errors about excp_names Xiaojuan Yang
2022-07-13 16:04 ` Richard Henderson
2022-07-13 9:50 ` [PATCH 4/5] target/loongarch/tlb_helper: Fix coverity integer overflow error Xiaojuan Yang
2022-07-13 16:04 ` Richard Henderson
2022-07-13 9:50 ` [PATCH 5/5] target/loongarch/op_helper: Fix coverity cond_at_most error Xiaojuan Yang
2022-07-13 16:05 ` Richard Henderson
-- strict thread matches above, loose matches on Subject: below --
2022-07-12 8:01 [PATCH v1 0/5] Fix LoongArch coverity error and cpu name bug Xiaojuan Yang
2022-07-12 8:01 ` [PATCH 4/5] target/loongarch/tlb_helper: Fix coverity integer overflow error Xiaojuan Yang
2022-07-12 10:17 ` Richard Henderson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.