From patchwork Tue Dec 3 11:31:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 846960 Delivered-To: patch@linaro.org Received: by 2002:a5d:44cd:0:b0:385:e875:8a9e with SMTP id z13csp425165wrr; Tue, 3 Dec 2024 03:34:27 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVgKULQA4NEEAWynfqOJLjdDuB8CXt9qDNcLmChi808x/LqFs4nPyuckipEFeeBN+PN172THg==@linaro.org X-Google-Smtp-Source: AGHT+IEBlsjPiHQjvC8DLuM3eWcQosplH8g2hrKVvEIuj0T/nsLDdsQW2SqoFQvzcjJn3Hw6lhRI X-Received: by 2002:a05:6122:886:b0:50d:bfb2:4f2f with SMTP id 71dfb90a1353d-515bf3b9936mr3217795e0c.2.1733225666832; Tue, 03 Dec 2024 03:34:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1733225666; cv=none; d=google.com; s=arc-20240605; b=AMDSAY3Db81H81qvoaiW1fmE4bWEd2WyDwZZkpjq7C5YzTbIG6CPQ+EPvqZmjDu+Hk JxXNzXEiw/xsjGy9nz/PKikDSXv8htsQAFs0Quh4fZPp7wfW5Sdia5+KAk/s0Cy/I7qF IHjvuty1KLQ4OBXgiq7Xz0JfkMz6BlQOIiSRV7VL3dPsKqWpjYRsQ+b/AOPczusFjJm/ NborgZmg+sqXcWh41BQYg9iVSfdz0AZ9nFBpBpxd62cZrU0t7d/9L3MSnkDqVKEBCeap dl/NiBQzAOuaypGF2gb4H075cUAmTGPq60TCH4W1qY416m28B90S88JVekdlf5mF26RA tR6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=KV+7GY90q7nCs2B4ZjKF0flW7Qs4QTHZjk/KQDAdUzg=; fh=JfTxFKF5fnPA8c1/9UvbL1264zWtl0PpzA71QzhRUY0=; b=Z7Oy5mWyyXhV0lHlLmYB878XTGhaMSP220XYzHS8RHs3QxreS7QAuBaVzpwxlQaKlt GL+5J+68B6wZRvmGVlOSKSg44sh9zES44wC5ynybd3WX5cy0iSz3T+En/TLo6c7w1KrD Wr/PKZ3BDSEpwiZeg8Egc5xG/a89HayaaQdTZL0J2q9oGy0UDozIKj623Re2J68tsUjo JAc0at1QWOqglAARUDoyfwEPBD1gvFbbGk5hx+3mGXfD4DAJ+zIDE3+eUjAjJmPFzUtJ 5io39v6nR7ncPzDdo6wqdPWi3MORov7EaKl8FSlXnS05cV7UVnX1kn6L/BJ9oE+tFSWe nAkA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DKWTq6Je; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id 6a1803df08f44-6d8a285c9a4si66614866d6.540.2024.12.03.03.34.26 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Tue, 03 Dec 2024 03:34:26 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=DKWTq6Je; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tIR8n-0000gF-Kg; Tue, 03 Dec 2024 06:32:29 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tIR8l-0000eB-MG for qemu-devel@nongnu.org; Tue, 03 Dec 2024 06:32:27 -0500 Received: from mail-wr1-x42f.google.com ([2a00:1450:4864:20::42f]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tIR8k-0000as-23 for qemu-devel@nongnu.org; Tue, 03 Dec 2024 06:32:27 -0500 Received: by mail-wr1-x42f.google.com with SMTP id ffacd0b85a97d-385f06d0c8eso1462623f8f.0 for ; Tue, 03 Dec 2024 03:32:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1733225544; x=1733830344; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KV+7GY90q7nCs2B4ZjKF0flW7Qs4QTHZjk/KQDAdUzg=; b=DKWTq6Je5KjJX+h801XNTMLG845h780GM/1HQHatx/sA5w/4POvIUBzFTqwqKKMduL jr0gWATevUTqYkK4DsLx8mpZh6VKjxqj0YeQaVs4LzpyFBGCJWiWTvyAyGNKi/4MGAW9 eQ+bKpUqo2q/w9W3jevfcaiBCO7FZ7SfCYZHirsCpokzDYKasD7NDuCnE6OLHCWOcxhO JSXTfH+ccc+C1FztBuqKRFjz286PxPDuDVHZQM8/7FuK+JUr7S1ccf4kqyR6IPdPcyqs IhjCjiH6I51UJiYIqIfF5auC/f5gcVjjFf0sjqg3Tfs034H+sKw/WrHEEO0qsXcBbVui KdrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733225544; x=1733830344; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KV+7GY90q7nCs2B4ZjKF0flW7Qs4QTHZjk/KQDAdUzg=; b=KRCRnVoS+YrNmwiu+kGqwNt9Tda8vH8hfJsnz2DDznnxcSoKtEPQMWwwEnaQSIMHfw mgzc21MaFW76jSTHnm8mI54Fa/DGy9zuUktd6BI3gtRTSihaOsgfM8pCZGBx3rnO5xVE 91rYBruFkoK9pWutDPPSfSf9zKGjqhSV4SMc3CnUjiGivXXjhFDgrq/aunj4f/EPJqNx FANM77S1huQrOv6hOdos9uNpVMAh26/yX77Nk0T1HI2ame9LWmxBWfkeTj8RIVZfm5W2 qMB91io3nh9i74pkQ607uD1Zd7IlvS3Mq6i0ccJLIATvbx6sxICvLa97c/Ggbq81WwMM ugAQ== X-Gm-Message-State: AOJu0YzHBourDcEwjUn0HYYroy8i93ARVxy0H/8dMbvPiRTFmd9qqtFb vnYzpdOR38YAjRUqawdbeo1lcviXHTB1uriXE6yFn+lcZNVhIggQW4p5c2ZMhZU6z3L3YrmRnje OBu8= X-Gm-Gg: ASbGncuC6UEmTv80msHzRjWsiCcHsSX1IIvgNmoy7jRGh0vh47T6ZG1CgcXJKNv7llL 8xalZmEaWDX8Vxsjp37tp/Z3nXu0mN6YmuLmdki8PCKf8n0mqMSUdDdK9jRiIIqq6AD7NJxbybx 0lCXIHtQYAPuXbvGQ85Xj/Kry1fCZlDflswJAG+1U1jGRM8Np53qkH9EQQj1gegSjWYew2UIdHk v1EWDlT7gUIW4QG90ghiwQUym2jdZtAampDO+5Kh/2xcXyyAbrKl5bYg844XY3URHtU0yoM X-Received: by 2002:a05:6000:156c:b0:382:4eef:270 with SMTP id ffacd0b85a97d-385fd3e9678mr1913180f8f.16.1733225544264; Tue, 03 Dec 2024 03:32:24 -0800 (PST) Received: from localhost.localdomain ([176.187.209.146]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-385ee60549dsm6885508f8f.34.2024.12.03.03.32.23 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Tue, 03 Dec 2024 03:32:23 -0800 (PST) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: Peter Maydell , Daniel Henrique Barboza , Richard Henderson , Alistair Francis , =?utf-8?q?Philippe_Mathieu-Dau?= =?utf-8?q?d=C3=A9?= Subject: [PULL 08/13] target/riscv: Avoid bad shift in riscv_cpu_do_interrupt() Date: Tue, 3 Dec 2024 12:31:35 +0100 Message-ID: <20241203113140.63513-9-philmd@linaro.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241203113140.63513-1-philmd@linaro.org> References: <20241203113140.63513-1-philmd@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::42f; envelope-from=philmd@linaro.org; helo=mail-wr1-x42f.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell In riscv_cpu_do_interrupt() we use the 'cause' value we got out of cs->exception as a shift value. However this value can be larger than 31, which means that "1 << cause" is undefined behaviour, because we do the shift on an 'int' type. This causes the undefined behaviour sanitizer to complain on one of the check-tcg tests: $ UBSAN_OPTIONS=print_stacktrace=1:abort_on_error=1:halt_on_error=1 ./build/clang/qemu-system-riscv64 -M virt -semihosting -display none -device loader,file=build/clang/tests/tcg/riscv64-softmmu/issue1060 ../../target/riscv/cpu_helper.c:1805:38: runtime error: shift exponent 63 is too large for 32-bit type 'int' #0 0x55f2dc026703 in riscv_cpu_do_interrupt /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/clang/../../target/riscv/cpu_helper.c:1805:38 #1 0x55f2dc3d170e in cpu_handle_exception /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/clang/../../accel/tcg/cpu-exec.c:752:9 In this case cause is RISCV_EXCP_SEMIHOST, which is 0x3f. Use 1ULL instead to ensure that the shift is in range. Signed-off-by: Peter Maydell Fixes: 1697837ed9 ("target/riscv: Add M-mode virtual interrupt and IRQ filtering support.") Fixes: 40336d5b1d ("target/riscv: Add HS-mode virtual interrupt and IRQ filtering support.") Reviewed-by: Daniel Henrique Barboza Reviewed-by: Richard Henderson Reviewed-by: Alistair Francis Message-ID: <20241128103831.3452572-1-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé --- target/riscv/cpu_helper.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index 0a3ead69eab..45806f5ab0f 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -1802,10 +1802,10 @@ void riscv_cpu_do_interrupt(CPUState *cs) bool async = !!(cs->exception_index & RISCV_EXCP_INT_FLAG); target_ulong cause = cs->exception_index & RISCV_EXCP_INT_MASK; uint64_t deleg = async ? env->mideleg : env->medeleg; - bool s_injected = env->mvip & (1 << cause) & env->mvien && - !(env->mip & (1 << cause)); - bool vs_injected = env->hvip & (1 << cause) & env->hvien && - !(env->mip & (1 << cause)); + bool s_injected = env->mvip & (1ULL << cause) & env->mvien && + !(env->mip & (1ULL << cause)); + bool vs_injected = env->hvip & (1ULL << cause) & env->hvien && + !(env->mip & (1ULL << cause)); target_ulong tval = 0; target_ulong tinst = 0; target_ulong htval = 0;