diff mbox series

[2/5] hw/intc/loongarch_pch_pic: Fix coverity errors in update irq

Message ID 20220713095036.705102-3-yangxiaojuan@loongson.cn (mailing list archive)
State New, archived
Headers show
Series Fix LoongArch coverity error and cpu name bug | expand

Commit Message

Xiaojuan Yang July 13, 2022, 9:50 a.m. UTC
Fix coverity errors:
1. In find_first_bit function, the 'size' argument need
'unsigned long' type, so we change the 'size' to unsigned
long type when use the function.
2. In expression 1ULL << irq, left shifting by more than
63 bits has undefined behavior. And out-of-bounds access
error occured when 'irq' >= 64. So we add a condition to
avoid this.
3. Use 'MAKE_64BIT_MASK(irq, 1)' to replace '1ULL << shift'.

Fix coverity CID: 1489761 1489764 1489765

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
---
 hw/intc/loongarch_pch_pic.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

Comments

Richard Henderson July 13, 2022, 4:08 p.m. UTC | #1
On 7/13/22 15:20, Xiaojuan Yang wrote:
> Fix coverity errors:
> 1. In find_first_bit function, the 'size' argument need
> 'unsigned long' type, so we change the 'size' to unsigned
> long type when use the function.
> 2. In expression 1ULL << irq, left shifting by more than
> 63 bits has undefined behavior. And out-of-bounds access
> error occured when 'irq' >= 64. So we add a condition to
> avoid this.
> 3. Use 'MAKE_64BIT_MASK(irq, 1)' to replace '1ULL << shift'.
> 
> Fix coverity CID: 1489761 1489764 1489765
> 
> Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
> ---
>   hw/intc/loongarch_pch_pic.c | 19 ++++++++++++-------
>   1 file changed, 12 insertions(+), 7 deletions(-)
> 
> diff --git a/hw/intc/loongarch_pch_pic.c b/hw/intc/loongarch_pch_pic.c
> index 3c9814a3b4..040b89861c 100644
> --- a/hw/intc/loongarch_pch_pic.c
> +++ b/hw/intc/loongarch_pch_pic.c
> @@ -15,22 +15,27 @@
>   
>   static void pch_pic_update_irq(LoongArchPCHPIC *s, uint64_t mask, int level)
>   {
> -    unsigned long val;
> +    unsigned long val, max_irq;

You did not follow any of my direction from v1.

(1) val must be uint64_t.

(and, generally, any use of 'unsigned long' is probably a bug)

> +            irq = find_first_bit(&val, max_irq);

Use ctz64().

> +            if (irq < max_irq) {

This, really, should be a test of val != 0 before the ctz.


> +                s->intisr |= MAKE_64BIT_MASK(irq, 1);
> +                qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 1);
> +            }
>           }
>       } else {
>           val = mask & s->intisr;
>           if (val) {
> -            irq = find_first_bit(&val, 64);
> -            s->intisr &= ~(0x1ULL << irq);
> -            qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 0);
> +            irq = find_first_bit(&val, max_irq);
> +            if (irq < max_irq) {
> +                s->intisr &= ~(MAKE_64BIT_MASK(irq, 1));
> +                qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 0);

etc.


r~

> +            }
>           }
>       }
>   }
diff mbox series

Patch

diff --git a/hw/intc/loongarch_pch_pic.c b/hw/intc/loongarch_pch_pic.c
index 3c9814a3b4..040b89861c 100644
--- a/hw/intc/loongarch_pch_pic.c
+++ b/hw/intc/loongarch_pch_pic.c
@@ -15,22 +15,27 @@ 
 
 static void pch_pic_update_irq(LoongArchPCHPIC *s, uint64_t mask, int level)
 {
-    unsigned long val;
+    unsigned long val, max_irq;
     int irq;
 
+    max_irq = 64;
     if (level) {
         val = mask & s->intirr & ~s->int_mask;
         if (val) {
-            irq = find_first_bit(&val, 64);
-            s->intisr |= 0x1ULL << irq;
-            qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 1);
+            irq = find_first_bit(&val, max_irq);
+            if (irq < max_irq) {
+                s->intisr |= MAKE_64BIT_MASK(irq, 1);
+                qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 1);
+            }
         }
     } else {
         val = mask & s->intisr;
         if (val) {
-            irq = find_first_bit(&val, 64);
-            s->intisr &= ~(0x1ULL << irq);
-            qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 0);
+            irq = find_first_bit(&val, max_irq);
+            if (irq < max_irq) {
+                s->intisr &= ~(MAKE_64BIT_MASK(irq, 1));
+                qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 0);
+            }
         }
     }
 }