From 96adf9b404e51b9acdf9592595ad935905de1f4e Mon Sep 17 00:00:00 2001
From: Denis Rastyogin <gerben@altlinux.org>
Date: Fri, 24 Jan 2025 15:26:32 +0300
Subject: [PATCH] target/mips: Fix possible MSA int overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit
Fix possible overflow in 1 << (DF_BITS(df) - 2) when DF_BITS(df)
is 64 by using a 64-bit integer for the shift operation.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Reported-by: Dmitriy Fedin <d.fedin@fobos-nt.ru>
Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-ID: <20250124122707.54264-1-gerben@altlinux.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
target/mips/tcg/msa_helper.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/target/mips/tcg/msa_helper.c b/target/mips/tcg/msa_helper.c
index ec38d9fde5..74fb80cc25 100644
--- a/target/mips/tcg/msa_helper.c
+++ b/target/mips/tcg/msa_helper.c
@@ -5577,7 +5577,7 @@ static inline int64_t msa_mulr_q_df(uint32_t df, int64_t arg1, int64_t arg2)
{
int64_t q_min = DF_MIN_INT(df);
int64_t q_max = DF_MAX_INT(df);
- int64_t r_bit = 1 << (DF_BITS(df) - 2);
+ int64_t r_bit = 1LL << (DF_BITS(df) - 2);
if (arg1 == q_min && arg2 == q_min) {
return q_max;
@@ -5685,7 +5685,7 @@ static inline int64_t msa_maddr_q_df(uint32_t df, int64_t dest, int64_t arg1,
int64_t q_max = DF_MAX_INT(df);
int64_t q_min = DF_MIN_INT(df);
- int64_t r_bit = 1 << (DF_BITS(df) - 2);
+ int64_t r_bit = 1LL << (DF_BITS(df) - 2);
q_prod = arg1 * arg2;
q_ret = ((dest << (DF_BITS(df) - 1)) + q_prod + r_bit) >> (DF_BITS(df) - 1);
@@ -5700,7 +5700,7 @@ static inline int64_t msa_msubr_q_df(uint32_t df, int64_t dest, int64_t arg1,
int64_t q_max = DF_MAX_INT(df);
int64_t q_min = DF_MIN_INT(df);
- int64_t r_bit = 1 << (DF_BITS(df) - 2);
+ int64_t r_bit = 1LL << (DF_BITS(df) - 2);
q_prod = arg1 * arg2;
q_ret = ((dest << (DF_BITS(df) - 1)) - q_prod + r_bit) >> (DF_BITS(df) - 1);
--
2.30.2