|
| From: | Philippe Mathieu-Daudé |
| Subject: | Re: [PATCH-for-5.2] hw/arm/smmuv3: Fix potential integer overflow (CID 1432363) |
| Date: | Fri, 30 Oct 2020 16:04:47 +0100 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.3.1 |
On 10/30/20 3:46 PM, Philippe Mathieu-Daudé wrote:
> Use the BIT_ULL() macro to ensure we use 64-bit arithmetic.
> This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN):
>
> CID 1432363 (#1 of 1): Unintentional integer overflow:
>
> overflow_before_widen:
> Potentially overflowing expression 1 << scale with type int
> (32 bits, signed) is evaluated using 32-bit arithmetic, and
> then used in a context that expects an expression of type
> hwaddr (64 bits, unsigned).
>
Fixes: d52915616c0 ("hw/arm/smmuv3: Get prepared for range invalidation")
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
> hw/arm/smmuv3.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
> index 2017ba7a5a7..22607c37841 100644
> --- a/hw/arm/smmuv3.c
> +++ b/hw/arm/smmuv3.c
> @@ -17,6 +17,7 @@
> */
>
> #include "qemu/osdep.h"
> +#include "qemu/bitops.h"
> #include "hw/irq.h"
> #include "hw/sysbus.h"
> #include "migration/vmstate.h"
> @@ -864,7 +865,7 @@ static void smmuv3_s1_range_inval(SMMUState *s, Cmd *cmd)
> scale = CMD_SCALE(cmd);
> num = CMD_NUM(cmd);
> ttl = CMD_TTL(cmd);
> - num_pages = (num + 1) * (1 << (scale));
> + num_pages = (num + 1) * BIT_ULL(scale);
> }
>
> if (type == SMMU_CMD_TLBI_NH_VA) {
>
| [Prev in Thread] | Current Thread | [Next in Thread] |