* [PATCH] target/s390x: Fix the accumulation of ccm in op_icm
@ 2022-04-01 19:36 Richard Henderson
2022-04-02 8:38 ` Thomas Huth
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Richard Henderson @ 2022-04-01 19:36 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-s390x, cohuck, thuth, david
Coverity rightly reports that 0xff << pos can overflow.
This would affect the ICMH instruction.
Fixes: Coverity CID 1487161
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/s390x/tcg/translate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index 5acfc0ff9b..ea7baf0832 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -2622,7 +2622,7 @@ static DisasJumpType op_icm(DisasContext *s, DisasOps *o)
tcg_gen_qemu_ld8u(tmp, o->in2, get_mem_index(s));
tcg_gen_addi_i64(o->in2, o->in2, 1);
tcg_gen_deposit_i64(o->out, o->out, tmp, pos, 8);
- ccm |= 0xff << pos;
+ ccm |= 0xffull << pos;
}
m3 = (m3 << 1) & 0xf;
pos -= 8;
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] target/s390x: Fix the accumulation of ccm in op_icm
2022-04-01 19:36 [PATCH] target/s390x: Fix the accumulation of ccm in op_icm Richard Henderson
@ 2022-04-02 8:38 ` Thomas Huth
2022-04-02 15:30 ` Richard Henderson
2022-04-04 8:36 ` David Hildenbrand
2022-04-27 3:00 ` Richard Henderson
2 siblings, 1 reply; 5+ messages in thread
From: Thomas Huth @ 2022-04-02 8:38 UTC (permalink / raw)
To: Richard Henderson, qemu-devel; +Cc: qemu-s390x, cohuck, david
On 01/04/2022 21.36, Richard Henderson wrote:
> Coverity rightly reports that 0xff << pos can overflow.
> This would affect the ICMH instruction.
>
> Fixes: Coverity CID 1487161
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/s390x/tcg/translate.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
> index 5acfc0ff9b..ea7baf0832 100644
> --- a/target/s390x/tcg/translate.c
> +++ b/target/s390x/tcg/translate.c
> @@ -2622,7 +2622,7 @@ static DisasJumpType op_icm(DisasContext *s, DisasOps *o)
> tcg_gen_qemu_ld8u(tmp, o->in2, get_mem_index(s));
> tcg_gen_addi_i64(o->in2, o->in2, 1);
> tcg_gen_deposit_i64(o->out, o->out, tmp, pos, 8);
> - ccm |= 0xff << pos;
> + ccm |= 0xffull << pos;
> }
> m3 = (m3 << 1) & 0xf;
> pos -= 8;
Reviewed-by: Thomas Huth <thuth@redhat.com>
Is this still something for 7.0, or can it wait for the 7.1 cycle?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] target/s390x: Fix the accumulation of ccm in op_icm
2022-04-02 8:38 ` Thomas Huth
@ 2022-04-02 15:30 ` Richard Henderson
0 siblings, 0 replies; 5+ messages in thread
From: Richard Henderson @ 2022-04-02 15:30 UTC (permalink / raw)
To: Thomas Huth, qemu-devel; +Cc: qemu-s390x, cohuck, david
On 4/2/22 02:38, Thomas Huth wrote:
> On 01/04/2022 21.36, Richard Henderson wrote:
>> Coverity rightly reports that 0xff << pos can overflow.
>> This would affect the ICMH instruction.
>>
>> Fixes: Coverity CID 1487161
>> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
>> ---
>> target/s390x/tcg/translate.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
>> index 5acfc0ff9b..ea7baf0832 100644
>> --- a/target/s390x/tcg/translate.c
>> +++ b/target/s390x/tcg/translate.c
>> @@ -2622,7 +2622,7 @@ static DisasJumpType op_icm(DisasContext *s, DisasOps *o)
>> tcg_gen_qemu_ld8u(tmp, o->in2, get_mem_index(s));
>> tcg_gen_addi_i64(o->in2, o->in2, 1);
>> tcg_gen_deposit_i64(o->out, o->out, tmp, pos, 8);
>> - ccm |= 0xff << pos;
>> + ccm |= 0xffull << pos;
>> }
>> m3 = (m3 << 1) & 0xf;
>> pos -= 8;
>
> Reviewed-by: Thomas Huth <thuth@redhat.com>
>
> Is this still something for 7.0, or can it wait for the 7.1 cycle?
The bug has been present since 2012, affecting only the cc value of icmh. It could wait
for 7.1.
r~
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] target/s390x: Fix the accumulation of ccm in op_icm
2022-04-01 19:36 [PATCH] target/s390x: Fix the accumulation of ccm in op_icm Richard Henderson
2022-04-02 8:38 ` Thomas Huth
@ 2022-04-04 8:36 ` David Hildenbrand
2022-04-27 3:00 ` Richard Henderson
2 siblings, 0 replies; 5+ messages in thread
From: David Hildenbrand @ 2022-04-04 8:36 UTC (permalink / raw)
To: Richard Henderson, qemu-devel; +Cc: qemu-s390x, cohuck, thuth
On 01.04.22 21:36, Richard Henderson wrote:
> Coverity rightly reports that 0xff << pos can overflow.
> This would affect the ICMH instruction.
>
> Fixes: Coverity CID 1487161
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/s390x/tcg/translate.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
> index 5acfc0ff9b..ea7baf0832 100644
> --- a/target/s390x/tcg/translate.c
> +++ b/target/s390x/tcg/translate.c
> @@ -2622,7 +2622,7 @@ static DisasJumpType op_icm(DisasContext *s, DisasOps *o)
> tcg_gen_qemu_ld8u(tmp, o->in2, get_mem_index(s));
> tcg_gen_addi_i64(o->in2, o->in2, 1);
> tcg_gen_deposit_i64(o->out, o->out, tmp, pos, 8);
> - ccm |= 0xff << pos;
> + ccm |= 0xffull << pos;
> }
> m3 = (m3 << 1) & 0xf;
> pos -= 8;
Reviewed-by: David Hildenbrand <david@redhat.com>
--
Thanks,
David / dhildenb
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] target/s390x: Fix the accumulation of ccm in op_icm
2022-04-01 19:36 [PATCH] target/s390x: Fix the accumulation of ccm in op_icm Richard Henderson
2022-04-02 8:38 ` Thomas Huth
2022-04-04 8:36 ` David Hildenbrand
@ 2022-04-27 3:00 ` Richard Henderson
2 siblings, 0 replies; 5+ messages in thread
From: Richard Henderson @ 2022-04-27 3:00 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-s390x, cohuck, thuth, david
On 4/1/22 12:36, Richard Henderson wrote:
> Coverity rightly reports that 0xff << pos can overflow.
> This would affect the ICMH instruction.
>
> Fixes: Coverity CID 1487161
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> target/s390x/tcg/translate.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
> index 5acfc0ff9b..ea7baf0832 100644
> --- a/target/s390x/tcg/translate.c
> +++ b/target/s390x/tcg/translate.c
> @@ -2622,7 +2622,7 @@ static DisasJumpType op_icm(DisasContext *s, DisasOps *o)
> tcg_gen_qemu_ld8u(tmp, o->in2, get_mem_index(s));
> tcg_gen_addi_i64(o->in2, o->in2, 1);
> tcg_gen_deposit_i64(o->out, o->out, tmp, pos, 8);
> - ccm |= 0xff << pos;
> + ccm |= 0xffull << pos;
> }
> m3 = (m3 << 1) & 0xf;
> pos -= 8;
Queuing to tcg-next.
r~
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-04-27 3:02 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-01 19:36 [PATCH] target/s390x: Fix the accumulation of ccm in op_icm Richard Henderson
2022-04-02 8:38 ` Thomas Huth
2022-04-02 15:30 ` Richard Henderson
2022-04-04 8:36 ` David Hildenbrand
2022-04-27 3:00 ` Richard Henderson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).