5636aff5b1
- target/i386: csv: Support inject secret for CSV3 guest only if the extension is enabled
- target/i386: csv: Support load kernel hashes for CSV3 guest only if the extension is enabled
- target/i386: csv: Request to set private memory of CSV3 guest if the extension is enabled
- target/i386: kvm: Support to get and enable extensions for Hygon CoCo guest
- qapi/qom,target/i386: csv-guest: Introduce secret-header-file=str and secret-file=str options
- bakcend: VirtCCA:resolve hugepage memory waste issue in vhost-user scenario
- parallels: fix ext_off assertion failure due to overflow
- backends/cryptodev-vhost-user: Fix local_error leaks
- hw/usb/hcd-ehci: Fix debug printf format string
- target/riscv/vector_helper.c: fix 'vmvr_v' memcpy endianess
- target/riscv/vector_helper.c: optimize loops in ldst helpers
- target/riscv/vector_helper.c: set vstart = 0 in GEN_VEXT_VSLIDEUP_VX()
- target/hexagon: don't look for static glib
- virtio-net: Fix network stall at the host side waiting for kick
- Add if condition to avoid assertion failed error in blockdev_init
- target/arm: Use float_status copy in sme_fmopa_s
- target/arm: take HSTR traps of cp15 accesses to EL2, not EL1
- target/arm: Reinstate "vfp" property on AArch32 CPUs
- target/i386/cpu: Fix notes for CPU models
- target/arm: LDAPR should honour SCTLR_ELx.nAA
- target/riscv: Avoid bad shift in riscv_cpu_do_interrupt()
- hvf: remove unused but set variable
- hw/misc/nrf51_rng: Don't use BIT_MASK() when we mean BIT()
- Avoid taking address of out-of-bounds array index
- target/arm: Fix VCMLA Dd, Dn, Dm[idx]
- target/arm: Fix UMOPA/UMOPS of 16-bit values
- target/arm: Fix SVE/SME gross MTE suppression checks
- target/arm: Fix nregs computation in do_{ld,st}_zpa
- crypto: fix error check on gcry_md_open
- Change vmstate_cpuhp_sts vmstateDescription version_id
- hw/pci: Remove unused pci_irq_pulse() method
- hw/intc: Don't clear pending bits on IRQ lowering
- target/arm: Drop user-only special case in sve_stN_r
- migration: Ensure vmstate_save() sets errp
- target/i386: fix hang when using slow path for ptw_setl
- contrib/plugins: add compat for g_memdup2
- hw/audio/hda: fix memory leak on audio setup
- crypto: perform runtime check for hash/hmac support in gcrypt
- target/arm: Fix incorrect aa64_tidcp1 feature check
- target/arm: fix exception syndrome for AArch32 bkpt insn
- target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU
- linux-user: Print tid not pid with strace
- target/arm: Fix A64 scalar SQSHRN and SQRSHRN
- target/arm: Don't assert for 128-bit tile accesses when SVL is 128
- hw/timer/exynos4210_mct: fix possible int overflow
- target/arm: Avoid shifts by -1 in tszimm_shr() and tszimm_shl()
- hw/audio/virtio-snd: Always use little endian audio format
- target/riscv: Fix vcompress with rvv_ta_all_1s
- usb-hub: Fix handling port power control messages
Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
(cherry picked from commit d4a20b24ff377fd07fcbf2b72eecaf07a3ac4cc0)
63 lines
3.0 KiB
Diff
63 lines
3.0 KiB
Diff
From e52a2122cb1574723c7c8181ba751cc0ff37648e Mon Sep 17 00:00:00 2001
|
|
From: Zhang Jiao <zhangjiao2_yewu@cmss.chinamobile.com>
|
|
Date: Thu, 12 Dec 2024 09:46:18 +0800
|
|
Subject: [PATCH] target/riscv: Avoid bad shift in riscv_cpu_do_interrupt()
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
cheery-pick from 5311599cdc48337f2f27b1b51a80d46d75b05ed0
|
|
|
|
In riscv_cpu_do_interrupt() we use the 'cause' value we got out of
|
|
cs->exception as a shift value. However this value can be larger
|
|
than 31, which means that "1 << cause" is undefined behaviour,
|
|
because we do the shift on an 'int' type.
|
|
|
|
This causes the undefined behaviour sanitizer to complain
|
|
on one of the check-tcg tests:
|
|
|
|
$ UBSAN_OPTIONS=print_stacktrace=1:abort_on_error=1:halt_on_error=1 ./build/clang/qemu-system-riscv64 -M virt -semihosting -display none -device loader,file=build/clang/tests/tcg/riscv64-softmmu/issue1060
|
|
../../target/riscv/cpu_helper.c:1805:38: runtime error: shift exponent 63 is too large for 32-bit type 'int'
|
|
#0 0x55f2dc026703 in riscv_cpu_do_interrupt /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/clang/../../target/riscv/cpu_helper.c:1805:38
|
|
#1 0x55f2dc3d170e in cpu_handle_exception /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/clang/../../accel/tcg/cpu-exec.c:752:9
|
|
|
|
In this case cause is RISCV_EXCP_SEMIHOST, which is 0x3f.
|
|
|
|
Use 1ULL instead to ensure that the shift is in range.
|
|
|
|
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Fixes: 1697837ed9 ("target/riscv: Add M-mode virtual interrupt and IRQ filtering support.")
|
|
Fixes: 40336d5b1d ("target/riscv: Add HS-mode virtual interrupt and IRQ filtering support.")
|
|
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
|
|
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
|
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
|
|
Message-ID: <20241128103831.3452572-1-peter.maydell@linaro.org>
|
|
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
|
|
Signed-off-by: Zhang Jiao <zhangjiao2_yewu@cmss.chinamobile.com>
|
|
---
|
|
target/riscv/cpu_helper.c | 8 ++++----
|
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
|
|
index e7e23b34f4..4d8f1248dd 100644
|
|
--- a/target/riscv/cpu_helper.c
|
|
+++ b/target/riscv/cpu_helper.c
|
|
@@ -1644,10 +1644,10 @@ void riscv_cpu_do_interrupt(CPUState *cs)
|
|
bool async = !!(cs->exception_index & RISCV_EXCP_INT_FLAG);
|
|
target_ulong cause = cs->exception_index & RISCV_EXCP_INT_MASK;
|
|
uint64_t deleg = async ? env->mideleg : env->medeleg;
|
|
- bool s_injected = env->mvip & (1 << cause) & env->mvien &&
|
|
- !(env->mip & (1 << cause));
|
|
- bool vs_injected = env->hvip & (1 << cause) & env->hvien &&
|
|
- !(env->mip & (1 << cause));
|
|
+ bool s_injected = env->mvip & (1ULL << cause) & env->mvien &&
|
|
+ !(env->mip & (1ULL << cause));
|
|
+ bool vs_injected = env->hvip & (1ULL << cause) & env->hvien &&
|
|
+ !(env->mip & (1ULL << cause));
|
|
target_ulong tval = 0;
|
|
target_ulong tinst = 0;
|
|
target_ulong htval = 0;
|
|
--
|
|
2.41.0.windows.1
|
|
|