Re: [PATCH 2/5] hw/intc/loongarch_pch_pic: Fix coverity errors in update

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/5] hw/intc/loongarch_pch_pic: Fix coverity errors in update

From:	Richard Henderson
Subject:	Re: [PATCH 2/5] hw/intc/loongarch_pch_pic: Fix coverity errors in update irq
Date:	Wed, 13 Jul 2022 21:38:03 +0530
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1

On 7/13/22 15:20, Xiaojuan Yang wrote:

Fix coverity errors:
1. In find_first_bit function, the 'size' argument need
'unsigned long' type, so we change the 'size' to unsigned
long type when use the function.
2. In expression 1ULL << irq, left shifting by more than
63 bits has undefined behavior. And out-of-bounds access
error occured when 'irq' >= 64. So we add a condition to
avoid this.
3. Use 'MAKE_64BIT_MASK(irq, 1)' to replace '1ULL << shift'.

Fix coverity CID: 1489761 1489764 1489765

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
---
  hw/intc/loongarch_pch_pic.c | 19 ++++++++++++-------
  1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/hw/intc/loongarch_pch_pic.c b/hw/intc/loongarch_pch_pic.c
index 3c9814a3b4..040b89861c 100644
--- a/hw/intc/loongarch_pch_pic.c
+++ b/hw/intc/loongarch_pch_pic.c
@@ -15,22 +15,27 @@

static void pch_pic_update_irq(LoongArchPCHPIC *s, uint64_t mask, int level)

  {
-    unsigned long val;
+    unsigned long val, max_irq;


You did not follow any of my direction from v1.

(1) val must be uint64_t.

(and, generally, any use of 'unsigned long' is probably a bug)

+            irq = find_first_bit(&val, max_irq);


Use ctz64().

+            if (irq < max_irq) {


This, really, should be a test of val != 0 before the ctz.

+                s->intisr |= MAKE_64BIT_MASK(irq, 1);
+                qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 1);
+            }
          }
      } else {
          val = mask & s->intisr;
          if (val) {
-            irq = find_first_bit(&val, 64);
-            s->intisr &= ~(0x1ULL << irq);
-            qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 0);
+            irq = find_first_bit(&val, max_irq);
+            if (irq < max_irq) {
+                s->intisr &= ~(MAKE_64BIT_MASK(irq, 1));
+                qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 0);


etc.


r~

+            }
          }
      }
  }

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2 0/5] Fix LoongArch coverity error and cpu name bug, Xiaojuan Yang, 2022/07/13
- [PATCH 2/5] hw/intc/loongarch_pch_pic: Fix coverity errors in update irq, Xiaojuan Yang, 2022/07/13
  - Re: [PATCH 2/5] hw/intc/loongarch_pch_pic: Fix coverity errors in update irq, Richard Henderson <=
- [PATCH 5/5] target/loongarch/op_helper: Fix coverity cond_at_most error, Xiaojuan Yang, 2022/07/13
  - Re: [PATCH 5/5] target/loongarch/op_helper: Fix coverity cond_at_most error, Richard Henderson, 2022/07/13
- [PATCH 3/5] target/loongarch/cpu: Fix coverity errors about excp_names, Xiaojuan Yang, 2022/07/13
  - Re: [PATCH 3/5] target/loongarch/cpu: Fix coverity errors about excp_names, Richard Henderson, 2022/07/13
- [PATCH 4/5] target/loongarch/tlb_helper: Fix coverity integer overflow error, Xiaojuan Yang, 2022/07/13
  - Re: [PATCH 4/5] target/loongarch/tlb_helper: Fix coverity integer overflow error, Richard Henderson, 2022/07/13
- [PATCH 1/5] target/loongarch/cpu: Fix cpu_class_by_name function, Xiaojuan Yang, 2022/07/13
  - Re: [PATCH 1/5] target/loongarch/cpu: Fix cpu_class_by_name function, Richard Henderson, 2022/07/13

Prev by Date: Re: [PATCH 5/5] target/loongarch/op_helper: Fix coverity cond_at_most error
Next by Date: Re: [PATCH 3/3] tests/tcg/s390x: test signed vfmin/vfmax
Previous by thread: [PATCH 2/5] hw/intc/loongarch_pch_pic: Fix coverity errors in update irq
Next by thread: [PATCH 5/5] target/loongarch/op_helper: Fix coverity cond_at_most error
Index(es):
- Date
- Thread