Dev news

Commit 883cd84e82 for qemu.org

commit 883cd84e8211f7cd0a8a954e57044d23c707f004
Author: Peter Maydell <peter.maydell@linaro.org>
Date:   Tue May 12 10:38:53 2026 +0100

    target/arm: GICv5 cpuif: Fix overflow in left shift

    Coverity points out that we forgot the "ULL" suffix when shifting 1
    right by a bitcount in various places, so for bit counts above 31 we
    end up shifting off the end of the word.  Fix the three problems
    Coverity noticed and one more of the same kind that it didn't.

    CID: 1659588, 1659591, 1659559
    Fixes: ce245ac6957 ("target/arm: GICv5 cpuif: Calculate the highest priority PPI")
    Fixes: 3f79212abae ("target/arm: GICv5 cpuif: Implement GICR CDIA command")
    Fixes: 49f4c98648c ("target/arm: GICv5 cpuif: Implement GIC CDDI")
    Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
    Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
    Message-id: 20260512093856.3197700-2-peter.maydell@linaro.org

diff --git a/target/arm/tcg/gicv5-cpuif.c b/target/arm/tcg/gicv5-cpuif.c
index bc44a7fc11..98238ada19 100644
--- a/target/arm/tcg/gicv5-cpuif.c
+++ b/target/arm/tcg/gicv5-cpuif.c
@@ -275,7 +275,7 @@ static void gic_recalc_ppi_hppi(CPUARMState *env)
             int ppi;
             int bit = ctz64(en_pend_nact);

-            en_pend_nact &= ~(1 << bit);
+            en_pend_nact &= ~(1ULL << bit);

             ppi = i * 64 + bit;
             prio = extract64(env->gicv5_cpuif.ppi_priority[ppi / 8],
@@ -631,7 +631,7 @@ static uint64_t gicr_cdia_read(CPUARMState *env, const ARMCPRegInfo *ri)
      * gicv5_activate() cause a re-evaluation of HPPIs they use the
      * right (new) running priority.
      */
-    env->gicv5_cpuif.icc_apr[domain] |= (1 << hppi.prio);
+    env->gicv5_cpuif.icc_apr[domain] |= (1ULL << hppi.prio);
     switch (type) {
     case GICV5_PPI:
     {
@@ -639,7 +639,7 @@ static uint64_t gicr_cdia_read(CPUARMState *env, const ARMCPRegInfo *ri)

         assert(id < GICV5_NUM_PPIS);
         ppireg = id / 64;
-        ppibit = 1 << (id % 64);
+        ppibit = 1ULL << (id % 64);

         env->gicv5_cpuif.ppi_active[ppireg] |= ppibit;
         if (!(env->gicv5_cpuif.ppi_hm[ppireg] & ppibit)) {
@@ -707,7 +707,7 @@ static void gic_cddi_write(CPUARMState *env, const ARMCPRegInfo *ri,
         }

         ppireg = id / 64;
-        ppibit = 1 << (id % 64);
+        ppibit = 1ULL << (id % 64);

         env->gicv5_cpuif.ppi_active[ppireg] &= ~ppibit;
         gic_recalc_ppi_hppi(env);