Mailing List Archive

Hi, found by coverty: port is uint16_t. Shifting promotes to signed 32bit integer. When assigning to uint64_t sw_exitinfo1 the value gets sign extended. Thus when "port << 16" is greater than 0x7fffffff the upper bits of sw_exitinfo1 will be all 1. Therefore cast to uint64_t before shifting. ok? HJ. ----------------------------------------------------------------------- commit 0bdf00d115852dabeb9078497d91e19d8667898f Author: Hans-Joerg Hoexer <hshoexer@genua.de> Date: Sat Aug 2 23:04:22 2025 +0200 Avoid implicit sign extension in vctrap() port is uint16_t. Shifting promotes to signed 32bit integer. When assigning to uint64_t sw_exitinfo1 the value gets sign extended. Thus when "port << 16" is greater than 0x7fffffff the upper bits of sw_exitinfo1 will be all 1. Therefore apply cast to uint64_t before shifting. Coverity CID 1648416. diff --git a/sys/arch/amd64/amd64/trap.c b/sys/arch/amd64/amd64/trap.c index cb152600dca..dcdfd98c909 100644 --- a/sys/arch/amd64/amd64/trap.c +++ b/sys/arch/amd64/amd64/trap.c @@ -367,14 +367,14 @@ vctrap(struct trapframe *frame, int user) case 0xef: /* out %ax,(%dx) */ ghcb_sync_val(GHCB_RAX, GHCB_SZ16, &syncout); port = (uint16_t)frame->tf_rdx; - sw_exitinfo1 = (port << 16) | + sw_exitinfo1 = ((uint64_t)port << 16) | (1ULL << 5); frame->tf_rip += 2; break; case 0xed: /* in (%dx),%ax */ ghcb_sync_val(GHCB_RAX, GHCB_SZ16, &syncin); port = (uint16_t)frame->tf_rdx; - sw_exitinfo1 = (port << 16) | + sw_exitinfo1 = ((uint64_t)port << 16) | (1ULL << 5) | (1ULL << 0); frame->tf_rip += 2; break; @@ -386,40 +386,40 @@ vctrap(struct trapframe *frame, int user) case 0xe4: /* in $port,%al */ ghcb_sync_val(GHCB_RAX, GHCB_SZ8, &syncin); port = *(rip + 1); - sw_exitinfo1 = (port << 16) | (1ULL << 4) | + sw_exitinfo1 = ((uint64_t)port << 16) | (1ULL << 4) | (1ULL << 0); frame->tf_rip += 2; break; case 0xe6: /* outb %al,$port */ ghcb_sync_val(GHCB_RAX, GHCB_SZ8, &syncout); port = *(rip + 1); - sw_exitinfo1 = (port << 16) | (1ULL << 4); + sw_exitinfo1 = ((uint64_t)port << 16) | (1ULL << 4); frame->tf_rip += 2; break; case 0xec: /* in (%dx),%al */ ghcb_sync_val(GHCB_RAX, GHCB_SZ8, &syncin); port = (uint16_t)frame->tf_rdx; - sw_exitinfo1 = (port << 16) | (1ULL << 4) | + sw_exitinfo1 = ((uint64_t)port << 16) | (1ULL << 4) | (1ULL << 0); frame->tf_rip += 1; break; case 0xed: /* in (%dx),%eax */ ghcb_sync_val(GHCB_RAX, GHCB_SZ32, &syncin); port = (uint16_t)frame->tf_rdx; - sw_exitinfo1 = (port << 16) | (1ULL << 6) | + sw_exitinfo1 = ((uint64_t)port << 16) | (1ULL << 6) | (1ULL << 0); frame->tf_rip += 1; break; case 0xee: /* out %al,(%dx) */ ghcb_sync_val(GHCB_RAX, GHCB_SZ8, &syncout); port = (uint16_t)frame->tf_rdx; - sw_exitinfo1 = (port << 16) | (1ULL << 4); + sw_exitinfo1 = ((uint64_t)port << 16) | (1ULL << 4); frame->tf_rip += 1; break; case 0xef: /* out %eax,(%dx) */ ghcb_sync_val(GHCB_RAX, GHCB_SZ32, &syncout); port = (uint16_t)frame->tf_rdx; - sw_exitinfo1 = (port << 16) | (1ULL << 6); + sw_exitinfo1 = ((uint64_t)port << 16) | (1ULL << 6); frame->tf_rip += 1; break; default:

2025-08-02 21:24 Hans-Jörg Höxer:
Avoid implicit sign extension in vctrap()
- 2025-08-02 23:37 Jonathan Gray:
  Avoid implicit sign extension in vctrap()
- - 2025-08-03 00:34 Alexander Bluhm:
    Avoid implicit sign extension in vctrap()