diff options
| author | Anastasia Belova <abelova@astralinux.ru> | 2025-01-13 12:35:32 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2025-01-13 12:35:32 +0000 |
| commit | 906853e1427a1ff89c64c0ebb6faa9c68f0a5d74 (patch) | |
| tree | 0cd7c3d2cc403a96a069247458ba6812db879ff1 /hw/misc/arm_sysctl.c | |
| parent | 3214bec13d8d4c40f707d21d8350d04e4123ae97 (diff) | |
| download | qemu-906853e1427a1ff89c64c0ebb6faa9c68f0a5d74.zip qemu-906853e1427a1ff89c64c0ebb6faa9c68f0a5d74.tar.gz qemu-906853e1427a1ff89c64c0ebb6faa9c68f0a5d74.tar.bz2 | |
hw/arm_sysctl: fix extracting 31th bit of val
1 << 31 is casted to uint64_t while bitwise and with val.
So this value may become 0xffffffff80000000 but only
31th "start" bit is required.
This is not possible in practice because the MemoryRegionOps
uses the default max access size of 4 bytes and so none
of the upper bytes of val will be set, but the bitfield
extract API is clearer anyway.
Use the bitfield extract() API instead.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Anastasia Belova <abelova@astralinux.ru>
Message-id: 20241220125429.7552-1-abelova@astralinux.ru
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: add clarification to commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw/misc/arm_sysctl.c')
| -rw-r--r-- | hw/misc/arm_sysctl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/misc/arm_sysctl.c b/hw/misc/arm_sysctl.c index 016a302..0166340 100644 --- a/hw/misc/arm_sysctl.c +++ b/hw/misc/arm_sysctl.c @@ -520,7 +520,7 @@ static void arm_sysctl_write(void *opaque, hwaddr offset, * as zero. */ s->sys_cfgctrl = val & ~((3 << 18) | (1 << 31)); - if (val & (1 << 31)) { + if (extract64(val, 31, 1)) { /* Start bit set -- actually do something */ unsigned int dcc = extract32(s->sys_cfgctrl, 26, 4); unsigned int function = extract32(s->sys_cfgctrl, 20, 6); |