qemu/target/mips/tcg
Peter Maydell 0fe4cac5dd target/mips: Avoid shift by negative number in page_table_walk_refill()
Coverity points out that in page_table_walk_refill() we can
shift by a negative number, which is undefined behaviour
(CID 1452918, 1452920, 1452922).  We already catch the
negative directory_shift and leaf_shift as being a "bail
out early" case, but not until we've already used them to
calculated some offset values.

The shifts can be negative only if ptew > 1, so make the
bail-out-early check look directly at that, and only
calculate the shift amounts and the offsets based on them
after we have done that check. This allows
us to simplify the expressions used to calculate the
shift amounts, use an unsigned type, and avoids the
undefined behaviour.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
[PMD: Check for ptew > 1, use unsigned type]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230717213504.24777-3-philmd@linaro.org>
2023-07-25 14:41:16 +02:00
..
sysemu target/mips: Avoid shift by negative number in page_table_walk_refill() 2023-07-25 14:41:16 +02:00
dsp_helper.c cleanup: Tweak and re-run return_directly.cocci 2022-12-14 16:19:35 +01:00
exception.c target/mips: Replace tb_pc() with tb->pc 2023-03-01 07:33:17 -10:00
fpu_helper.c
lcsr_translate.c target/mips: Implement Loongson CSR instructions 2023-07-10 23:33:37 +02:00
lcsr.decode target/mips: Implement Loongson CSR instructions 2023-07-10 23:33:37 +02:00
ldst_helper.c target/mips: Fix SWM32 handling for microMIPS 2023-03-08 00:37:41 +01:00
lmmi_helper.c
meson.build target/mips: Implement Loongson CSR instructions 2023-07-10 23:33:37 +02:00
micromips_translate.c.inc target/mips: Add missing default_tcg_memop_mask 2023-05-11 09:53:41 +01:00
mips16e_translate.c.inc target/mips: Add missing default_tcg_memop_mask 2023-05-11 09:53:41 +01:00
msa_helper.c target/mips: Replace [g_]assert(0) -> g_assert_not_reached() 2023-03-07 18:08:12 +01:00
msa_helper.h.inc
msa_translate.c target/mips: Tidy helpers for translation 2023-06-05 12:04:29 -07:00
msa.decode
mxu_translate.c target/mips/mxu: Avoid overrun in gen_mxu_q8adde() 2023-07-25 14:40:49 +02:00
nanomips_translate.c.inc target/mips: Use MO_ALIGN instead of 0 2023-05-11 09:53:41 +01:00
octeon_translate.c target/mips: Tidy helpers for translation 2023-06-05 12:04:29 -07:00
octeon.decode target/mips: Cast offset field of Octeon BBIT to int16_t 2022-11-08 01:04:25 +01:00
op_helper.c target/mips: Implement Loongson CSR instructions 2023-07-10 23:33:37 +02:00
rel6_translate.c target/mips: Tidy helpers for translation 2023-06-05 12:04:29 -07:00
rel6.decode
sysemu_helper.h.inc target/mips: Implement Loongson CSR instructions 2023-07-10 23:33:37 +02:00
tcg-internal.h target/mips: Convert to tcg_ops restore_state_to_opc 2022-10-26 11:11:28 +10:00
trace-events
trace.h
translate_addr_const.c target/mips: Tidy helpers for translation 2023-06-05 12:04:29 -07:00
translate.c target/mips/mxu: Add S32MADD/MADDU/MSUB/MSUBU instructions 2023-07-10 23:33:38 +02:00
translate.h target/mips: Implement Loongson CSR instructions 2023-07-10 23:33:37 +02:00
tx79_translate.c target/mips: Tidy helpers for translation 2023-06-05 12:04:29 -07:00
tx79.decode
txx9_translate.c
vr54xx_helper.c
vr54xx_helper.h.inc
vr54xx_translate.c target/mips: Tidy helpers for translation 2023-06-05 12:04:29 -07:00
vr54xx.decode