summary refs log tree commit diff stats
path: root/hw/arm/smmu-common.c
diff options
context:
space:
mode:
authorEric Auger <eric.auger@redhat.com>2018-05-18 17:48:07 +0100
committerPeter Maydell <peter.maydell@linaro.org>2018-05-18 17:48:07 +0100
commit118eee6ceeaa2b6dd007115ec65ae486e4dee4ed (patch)
tree3d77164788e4c5d67ec65587018845bc7c624422 /hw/arm/smmu-common.c
parent24af32e049684827286e24114a066e09d0dcdaaf (diff)
downloadfocaccia-qemu-118eee6ceeaa2b6dd007115ec65ae486e4dee4ed.tar.gz
focaccia-qemu-118eee6ceeaa2b6dd007115ec65ae486e4dee4ed.zip
hw/arm/smmu-common: Fix coverity issue in get_block_pte_address
Coverity points out that this can overflow if n > 31,
because it's only doing 32-bit arithmetic. Let's use 1ULL instead
of 1. Also the formulae used to compute n can be replaced by
the level_shift() macro.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 1526493784-25328-3-git-send-email-eric.auger@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw/arm/smmu-common.c')
-rw-r--r--hw/arm/smmu-common.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
index 01c7be82b6..3c5f7245b5 100644
--- a/hw/arm/smmu-common.c
+++ b/hw/arm/smmu-common.c
@@ -83,9 +83,9 @@ static inline hwaddr get_table_pte_address(uint64_t pte, int granule_sz)
 static inline hwaddr get_block_pte_address(uint64_t pte, int level,
                                            int granule_sz, uint64_t *bsz)
 {
-    int n = (granule_sz - 3) * (4 - level) + 3;
+    int n = level_shift(level, granule_sz);
 
-    *bsz = 1 << n;
+    *bsz = 1ULL << n;
     return PTE_ADDRESS(pte, n);
 }