From 69d71311d3d70282dec3d1f19f9e4b90c7b7c6b9 Mon Sep 17 00:00:00 2001 From: eperezma Date: Tue, 12 Jan 2021 14:36:33 -0500 Subject: [PATCH 09/17] hw/arm/smmuv3: Fix potential integer overflow (CID 1432363) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: eperezma Message-id: <20210112143638.374060-9-eperezma@redhat.com> Patchwork-id: 100601 O-Subject: [RHEL-8.4.0 qemu-kvm PATCH v2 08/13] hw/arm/smmuv3: Fix potential integer overflow (CID 1432363) Bugzilla: 1843852 RH-Acked-by: Xiao Wang RH-Acked-by: Peter Xu RH-Acked-by: Auger Eric From: Philippe Mathieu-Daudé Use the BIT_ULL() macro to ensure we use 64-bit arithmetic. This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN): CID 1432363 (#1 of 1): Unintentional integer overflow: overflow_before_widen: Potentially overflowing expression 1 << scale with type int (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type hwaddr (64 bits, unsigned). Signed-off-by: Philippe Mathieu-Daudé Acked-by: Eric Auger Message-id: 20201030144617.1535064-1-philmd@redhat.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell (cherry picked from commit 744a790ec01a30033309e6a2155df4d61061e184) Signed-off-by: Eugenio Pérez Signed-off-by: Danilo C. L. de Paula --- hw/arm/smmuv3.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index f4d5d9d8222..a418fab2aa6 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -17,6 +17,7 @@ */ #include "qemu/osdep.h" +#include "qemu/bitops.h" #include "hw/irq.h" #include "hw/sysbus.h" #include "migration/vmstate.h" @@ -847,7 +848,7 @@ static void smmuv3_s1_range_inval(SMMUState *s, Cmd *cmd) scale = CMD_SCALE(cmd); num = CMD_NUM(cmd); ttl = CMD_TTL(cmd); - num_pages = (num + 1) * (1 << (scale)); + num_pages = (num + 1) * BIT_ULL(scale); } if (type == SMMU_CMD_TLBI_NH_VA) { -- 2.27.0